1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/arch/parisc/traps.c
4  *
5  *  Copyright (C) 1991, 1992  Linus Torvalds
6  *  Copyright (C) 1999, 2000  Philipp Rumpf <prumpf@tux.org>
7  */
8 
9 /*
10  * 'Traps.c' handles hardware traps and faults after we have saved some
11  * state in 'asm.s'.
12  */
13 
14 #include <linux/sched.h>
15 #include <linux/sched/debug.h>
16 #include <linux/kernel.h>
17 #include <linux/string.h>
18 #include <linux/errno.h>
19 #include <linux/ptrace.h>
20 #include <linux/timer.h>
21 #include <linux/delay.h>
22 #include <linux/mm.h>
23 #include <linux/module.h>
24 #include <linux/smp.h>
25 #include <linux/spinlock.h>
26 #include <linux/init.h>
27 #include <linux/interrupt.h>
28 #include <linux/console.h>
29 #include <linux/bug.h>
30 #include <linux/ratelimit.h>
31 #include <linux/uaccess.h>
32 #include <linux/kdebug.h>
33 #include <linux/kfence.h>
34 
35 #include <asm/assembly.h>
36 #include <asm/io.h>
37 #include <asm/irq.h>
38 #include <asm/traps.h>
39 #include <asm/unaligned.h>
40 #include <linux/atomic.h>
41 #include <asm/smp.h>
42 #include <asm/pdc.h>
43 #include <asm/pdc_chassis.h>
44 #include <asm/unwind.h>
45 #include <asm/tlbflush.h>
46 #include <asm/cacheflush.h>
47 #include <linux/kgdb.h>
48 #include <linux/kprobes.h>
49 
50 #include "../math-emu/math-emu.h"	/* for handle_fpe() */
51 
52 static void parisc_show_stack(struct task_struct *task,
53 	struct pt_regs *regs, const char *loglvl);
54 
printbinary(char * buf,unsigned long x,int nbits)55 static int printbinary(char *buf, unsigned long x, int nbits)
56 {
57 	unsigned long mask = 1UL << (nbits - 1);
58 	while (mask != 0) {
59 		*buf++ = (mask & x ? '1' : '0');
60 		mask >>= 1;
61 	}
62 	*buf = '\0';
63 
64 	return nbits;
65 }
66 
67 #ifdef CONFIG_64BIT
68 #define RFMT "%016lx"
69 #else
70 #define RFMT "%08lx"
71 #endif
72 #define FFMT "%016llx"	/* fpregs are 64-bit always */
73 
74 #define PRINTREGS(lvl,r,f,fmt,x)	\
75 	printk("%s%s%02d-%02d  " fmt " " fmt " " fmt " " fmt "\n",	\
76 		lvl, f, (x), (x+3), (r)[(x)+0], (r)[(x)+1],		\
77 		(r)[(x)+2], (r)[(x)+3])
78 
print_gr(const char * level,struct pt_regs * regs)79 static void print_gr(const char *level, struct pt_regs *regs)
80 {
81 	int i;
82 	char buf[64];
83 
84 	printk("%s\n", level);
85 	printk("%s     YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level);
86 	printbinary(buf, regs->gr[0], 32);
87 	printk("%sPSW: %s %s\n", level, buf, print_tainted());
88 
89 	for (i = 0; i < 32; i += 4)
90 		PRINTREGS(level, regs->gr, "r", RFMT, i);
91 }
92 
print_fr(const char * level,struct pt_regs * regs)93 static void print_fr(const char *level, struct pt_regs *regs)
94 {
95 	int i;
96 	char buf[64];
97 	struct { u32 sw[2]; } s;
98 
99 	/* FR are 64bit everywhere. Need to use asm to get the content
100 	 * of fpsr/fper1, and we assume that we won't have a FP Identify
101 	 * in our way, otherwise we're screwed.
102 	 * The fldd is used to restore the T-bit if there was one, as the
103 	 * store clears it anyway.
104 	 * PA2.0 book says "thou shall not use fstw on FPSR/FPERs" - T-Bone */
105 	asm volatile ("fstd %%fr0,0(%1)	\n\t"
106 		      "fldd 0(%1),%%fr0	\n\t"
107 		      : "=m" (s) : "r" (&s) : "r0");
108 
109 	printk("%s\n", level);
110 	printk("%s      VZOUICununcqcqcqcqcqcrmunTDVZOUI\n", level);
111 	printbinary(buf, s.sw[0], 32);
112 	printk("%sFPSR: %s\n", level, buf);
113 	printk("%sFPER1: %08x\n", level, s.sw[1]);
114 
115 	/* here we'll print fr0 again, tho it'll be meaningless */
116 	for (i = 0; i < 32; i += 4)
117 		PRINTREGS(level, regs->fr, "fr", FFMT, i);
118 }
119 
show_regs(struct pt_regs * regs)120 void show_regs(struct pt_regs *regs)
121 {
122 	int i, user;
123 	const char *level;
124 	unsigned long cr30, cr31;
125 
126 	user = user_mode(regs);
127 	level = user ? KERN_DEBUG : KERN_CRIT;
128 
129 	show_regs_print_info(level);
130 
131 	print_gr(level, regs);
132 
133 	for (i = 0; i < 8; i += 4)
134 		PRINTREGS(level, regs->sr, "sr", RFMT, i);
135 
136 	if (user)
137 		print_fr(level, regs);
138 
139 	cr30 = mfctl(30);
140 	cr31 = mfctl(31);
141 	printk("%s\n", level);
142 	printk("%sIASQ: " RFMT " " RFMT " IAOQ: " RFMT " " RFMT "\n",
143 	       level, regs->iasq[0], regs->iasq[1], regs->iaoq[0], regs->iaoq[1]);
144 	printk("%s IIR: %08lx    ISR: " RFMT "  IOR: " RFMT "\n",
145 	       level, regs->iir, regs->isr, regs->ior);
146 	printk("%s CPU: %8d   CR30: " RFMT " CR31: " RFMT "\n",
147 	       level, task_cpu(current), cr30, cr31);
148 	printk("%s ORIG_R28: " RFMT "\n", level, regs->orig_r28);
149 
150 	if (user) {
151 		printk("%s IAOQ[0]: " RFMT "\n", level, regs->iaoq[0]);
152 		printk("%s IAOQ[1]: " RFMT "\n", level, regs->iaoq[1]);
153 		printk("%s RP(r2): " RFMT "\n", level, regs->gr[2]);
154 	} else {
155 		printk("%s IAOQ[0]: %pS\n", level, (void *) regs->iaoq[0]);
156 		printk("%s IAOQ[1]: %pS\n", level, (void *) regs->iaoq[1]);
157 		printk("%s RP(r2): %pS\n", level, (void *) regs->gr[2]);
158 
159 		parisc_show_stack(current, regs, KERN_DEFAULT);
160 	}
161 }
162 
163 static DEFINE_RATELIMIT_STATE(_hppa_rs,
164 	DEFAULT_RATELIMIT_INTERVAL, DEFAULT_RATELIMIT_BURST);
165 
166 #define parisc_printk_ratelimited(critical, regs, fmt, ...)	{	      \
167 	if ((critical || show_unhandled_signals) && __ratelimit(&_hppa_rs)) { \
168 		printk(fmt, ##__VA_ARGS__);				      \
169 		show_regs(regs);					      \
170 	}								      \
171 }
172 
173 
do_show_stack(struct unwind_frame_info * info,const char * loglvl)174 static void do_show_stack(struct unwind_frame_info *info, const char *loglvl)
175 {
176 	int i = 1;
177 
178 	printk("%sBacktrace:\n", loglvl);
179 	while (i <= MAX_UNWIND_ENTRIES) {
180 		if (unwind_once(info) < 0 || info->ip == 0)
181 			break;
182 
183 		if (__kernel_text_address(info->ip)) {
184 			printk("%s [<" RFMT ">] %pS\n",
185 				loglvl, info->ip, (void *) info->ip);
186 			i++;
187 		}
188 	}
189 	printk("%s\n", loglvl);
190 }
191 
parisc_show_stack(struct task_struct * task,struct pt_regs * regs,const char * loglvl)192 static void parisc_show_stack(struct task_struct *task,
193 	struct pt_regs *regs, const char *loglvl)
194 {
195 	struct unwind_frame_info info;
196 
197 	unwind_frame_init_task(&info, task, regs);
198 
199 	do_show_stack(&info, loglvl);
200 }
201 
show_stack(struct task_struct * t,unsigned long * sp,const char * loglvl)202 void show_stack(struct task_struct *t, unsigned long *sp, const char *loglvl)
203 {
204 	parisc_show_stack(t, NULL, loglvl);
205 }
206 
is_valid_bugaddr(unsigned long iaoq)207 int is_valid_bugaddr(unsigned long iaoq)
208 {
209 	return 1;
210 }
211 
die_if_kernel(char * str,struct pt_regs * regs,long err)212 void die_if_kernel(char *str, struct pt_regs *regs, long err)
213 {
214 	if (user_mode(regs)) {
215 		if (err == 0)
216 			return; /* STFU */
217 
218 		parisc_printk_ratelimited(1, regs,
219 			KERN_CRIT "%s (pid %d): %s (code %ld) at " RFMT "\n",
220 			current->comm, task_pid_nr(current), str, err, regs->iaoq[0]);
221 
222 		return;
223 	}
224 
225 	bust_spinlocks(1);
226 
227 	oops_enter();
228 
229 	/* Amuse the user in a SPARC fashion */
230 	if (err) printk(KERN_CRIT
231 			"      _______________________________ \n"
232 			"     < Your System ate a SPARC! Gah! >\n"
233 			"      ------------------------------- \n"
234 			"             \\   ^__^\n"
235 			"                 (__)\\       )\\/\\\n"
236 			"                  U  ||----w |\n"
237 			"                     ||     ||\n");
238 
239 	/* unlock the pdc lock if necessary */
240 	pdc_emergency_unlock();
241 
242 	if (err)
243 		printk(KERN_CRIT "%s (pid %d): %s (code %ld)\n",
244 			current->comm, task_pid_nr(current), str, err);
245 
246 	/* Wot's wrong wif bein' racy? */
247 	if (current->thread.flags & PARISC_KERNEL_DEATH) {
248 		printk(KERN_CRIT "%s() recursion detected.\n", __func__);
249 		local_irq_enable();
250 		while (1);
251 	}
252 	current->thread.flags |= PARISC_KERNEL_DEATH;
253 
254 	show_regs(regs);
255 	dump_stack();
256 	add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
257 
258 	if (in_interrupt())
259 		panic("Fatal exception in interrupt");
260 
261 	if (panic_on_oops)
262 		panic("Fatal exception");
263 
264 	oops_exit();
265 	make_task_dead(SIGSEGV);
266 }
267 
268 /* gdb uses break 4,8 */
269 #define GDB_BREAK_INSN 0x10004
handle_gdb_break(struct pt_regs * regs,int wot)270 static void handle_gdb_break(struct pt_regs *regs, int wot)
271 {
272 	force_sig_fault(SIGTRAP, wot,
273 			(void __user *) (regs->iaoq[0] & ~3));
274 }
275 
handle_break(struct pt_regs * regs)276 static void handle_break(struct pt_regs *regs)
277 {
278 	unsigned iir = regs->iir;
279 
280 	if (unlikely(iir == PARISC_BUG_BREAK_INSN && !user_mode(regs))) {
281 		/* check if a BUG() or WARN() trapped here.  */
282 		enum bug_trap_type tt;
283 		tt = report_bug(regs->iaoq[0] & ~3, regs);
284 		if (tt == BUG_TRAP_TYPE_WARN) {
285 			regs->iaoq[0] += 4;
286 			regs->iaoq[1] += 4;
287 			return; /* return to next instruction when WARN_ON().  */
288 		}
289 		die_if_kernel("Unknown kernel breakpoint", regs,
290 			(tt == BUG_TRAP_TYPE_NONE) ? 9 : 0);
291 	}
292 
293 #ifdef CONFIG_KPROBES
294 	if (unlikely(iir == PARISC_KPROBES_BREAK_INSN)) {
295 		parisc_kprobe_break_handler(regs);
296 		return;
297 	}
298 	if (unlikely(iir == PARISC_KPROBES_BREAK_INSN2)) {
299 		parisc_kprobe_ss_handler(regs);
300 		return;
301 	}
302 #endif
303 
304 #ifdef CONFIG_KGDB
305 	if (unlikely(iir == PARISC_KGDB_COMPILED_BREAK_INSN ||
306 		iir == PARISC_KGDB_BREAK_INSN)) {
307 		kgdb_handle_exception(9, SIGTRAP, 0, regs);
308 		return;
309 	}
310 #endif
311 
312 	if (unlikely(iir != GDB_BREAK_INSN))
313 		parisc_printk_ratelimited(0, regs,
314 			KERN_DEBUG "break %d,%d: pid=%d command='%s'\n",
315 			iir & 31, (iir>>13) & ((1<<13)-1),
316 			task_pid_nr(current), current->comm);
317 
318 	/* send standard GDB signal */
319 	handle_gdb_break(regs, TRAP_BRKPT);
320 }
321 
default_trap(int code,struct pt_regs * regs)322 static void default_trap(int code, struct pt_regs *regs)
323 {
324 	printk(KERN_ERR "Trap %d on CPU %d\n", code, smp_processor_id());
325 	show_regs(regs);
326 }
327 
328 void (*cpu_lpmc) (int code, struct pt_regs *regs) __read_mostly = default_trap;
329 
330 
transfer_pim_to_trap_frame(struct pt_regs * regs)331 void transfer_pim_to_trap_frame(struct pt_regs *regs)
332 {
333     register int i;
334     extern unsigned int hpmc_pim_data[];
335     struct pdc_hpmc_pim_11 *pim_narrow;
336     struct pdc_hpmc_pim_20 *pim_wide;
337 
338     if (boot_cpu_data.cpu_type >= pcxu) {
339 
340 	pim_wide = (struct pdc_hpmc_pim_20 *)hpmc_pim_data;
341 
342 	/*
343 	 * Note: The following code will probably generate a
344 	 * bunch of truncation error warnings from the compiler.
345 	 * Could be handled with an ifdef, but perhaps there
346 	 * is a better way.
347 	 */
348 
349 	regs->gr[0] = pim_wide->cr[22];
350 
351 	for (i = 1; i < 32; i++)
352 	    regs->gr[i] = pim_wide->gr[i];
353 
354 	for (i = 0; i < 32; i++)
355 	    regs->fr[i] = pim_wide->fr[i];
356 
357 	for (i = 0; i < 8; i++)
358 	    regs->sr[i] = pim_wide->sr[i];
359 
360 	regs->iasq[0] = pim_wide->cr[17];
361 	regs->iasq[1] = pim_wide->iasq_back;
362 	regs->iaoq[0] = pim_wide->cr[18];
363 	regs->iaoq[1] = pim_wide->iaoq_back;
364 
365 	regs->sar  = pim_wide->cr[11];
366 	regs->iir  = pim_wide->cr[19];
367 	regs->isr  = pim_wide->cr[20];
368 	regs->ior  = pim_wide->cr[21];
369     }
370     else {
371 	pim_narrow = (struct pdc_hpmc_pim_11 *)hpmc_pim_data;
372 
373 	regs->gr[0] = pim_narrow->cr[22];
374 
375 	for (i = 1; i < 32; i++)
376 	    regs->gr[i] = pim_narrow->gr[i];
377 
378 	for (i = 0; i < 32; i++)
379 	    regs->fr[i] = pim_narrow->fr[i];
380 
381 	for (i = 0; i < 8; i++)
382 	    regs->sr[i] = pim_narrow->sr[i];
383 
384 	regs->iasq[0] = pim_narrow->cr[17];
385 	regs->iasq[1] = pim_narrow->iasq_back;
386 	regs->iaoq[0] = pim_narrow->cr[18];
387 	regs->iaoq[1] = pim_narrow->iaoq_back;
388 
389 	regs->sar  = pim_narrow->cr[11];
390 	regs->iir  = pim_narrow->cr[19];
391 	regs->isr  = pim_narrow->cr[20];
392 	regs->ior  = pim_narrow->cr[21];
393     }
394 
395     /*
396      * The following fields only have meaning if we came through
397      * another path. So just zero them here.
398      */
399 
400     regs->ksp = 0;
401     regs->kpc = 0;
402     regs->orig_r28 = 0;
403 }
404 
405 
406 /*
407  * This routine is called as a last resort when everything else
408  * has gone clearly wrong. We get called for faults in kernel space,
409  * and HPMC's.
410  */
parisc_terminate(char * msg,struct pt_regs * regs,int code,unsigned long offset)411 void parisc_terminate(char *msg, struct pt_regs *regs, int code, unsigned long offset)
412 {
413 	static DEFINE_SPINLOCK(terminate_lock);
414 
415 	(void)notify_die(DIE_OOPS, msg, regs, 0, code, SIGTRAP);
416 	bust_spinlocks(1);
417 
418 	set_eiem(0);
419 	local_irq_disable();
420 	spin_lock(&terminate_lock);
421 
422 	/* unlock the pdc lock if necessary */
423 	pdc_emergency_unlock();
424 
425 	/* Not all paths will gutter the processor... */
426 	switch(code){
427 
428 	case 1:
429 		transfer_pim_to_trap_frame(regs);
430 		break;
431 
432 	default:
433 		break;
434 
435 	}
436 
437 	{
438 		/* show_stack(NULL, (unsigned long *)regs->gr[30]); */
439 		struct unwind_frame_info info;
440 		unwind_frame_init(&info, current, regs);
441 		do_show_stack(&info, KERN_CRIT);
442 	}
443 
444 	printk("\n");
445 	pr_crit("%s: Code=%d (%s) at addr " RFMT "\n",
446 		msg, code, trap_name(code), offset);
447 	show_regs(regs);
448 
449 	spin_unlock(&terminate_lock);
450 
451 	/* put soft power button back under hardware control;
452 	 * if the user had pressed it once at any time, the
453 	 * system will shut down immediately right here. */
454 	pdc_soft_power_button(0);
455 
456 	/* Call kernel panic() so reboot timeouts work properly
457 	 * FIXME: This function should be on the list of
458 	 * panic notifiers, and we should call panic
459 	 * directly from the location that we wish.
460 	 * e.g. We should not call panic from
461 	 * parisc_terminate, but rather the other way around.
462 	 * This hack works, prints the panic message twice,
463 	 * and it enables reboot timers!
464 	 */
465 	panic(msg);
466 }
467 
handle_interruption(int code,struct pt_regs * regs)468 void notrace handle_interruption(int code, struct pt_regs *regs)
469 {
470 	unsigned long fault_address = 0;
471 	unsigned long fault_space = 0;
472 	int si_code;
473 
474 	if (!irqs_disabled_flags(regs->gr[0]))
475 	    local_irq_enable();
476 
477 	/* Security check:
478 	 * If the priority level is still user, and the
479 	 * faulting space is not equal to the active space
480 	 * then the user is attempting something in a space
481 	 * that does not belong to them. Kill the process.
482 	 *
483 	 * This is normally the situation when the user
484 	 * attempts to jump into the kernel space at the
485 	 * wrong offset, be it at the gateway page or a
486 	 * random location.
487 	 *
488 	 * We cannot normally signal the process because it
489 	 * could *be* on the gateway page, and processes
490 	 * executing on the gateway page can't have signals
491 	 * delivered.
492 	 *
493 	 * We merely readjust the address into the users
494 	 * space, at a destination address of zero, and
495 	 * allow processing to continue.
496 	 */
497 	if (((unsigned long)regs->iaoq[0] & 3) &&
498 	    ((unsigned long)regs->iasq[0] != (unsigned long)regs->sr[7])) {
499 		/* Kill the user process later */
500 		regs->iaoq[0] = 0 | 3;
501 		regs->iaoq[1] = regs->iaoq[0] + 4;
502 		regs->iasq[0] = regs->iasq[1] = regs->sr[7];
503 		regs->gr[0] &= ~PSW_B;
504 		return;
505 	}
506 
507 #if 0
508 	printk(KERN_CRIT "Interruption # %d\n", code);
509 #endif
510 
511 	switch(code) {
512 
513 	case  1:
514 		/* High-priority machine check (HPMC) */
515 
516 		/* set up a new led state on systems shipped with a LED State panel */
517 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_HPMC);
518 
519 		parisc_terminate("High Priority Machine Check (HPMC)",
520 				regs, code, 0);
521 		/* NOT REACHED */
522 
523 	case  2:
524 		/* Power failure interrupt */
525 		printk(KERN_CRIT "Power failure interrupt !\n");
526 		return;
527 
528 	case  3:
529 		/* Recovery counter trap */
530 		regs->gr[0] &= ~PSW_R;
531 
532 #ifdef CONFIG_KGDB
533 		if (kgdb_single_step) {
534 			kgdb_handle_exception(0, SIGTRAP, 0, regs);
535 			return;
536 		}
537 #endif
538 
539 		if (user_space(regs))
540 			handle_gdb_break(regs, TRAP_TRACE);
541 		/* else this must be the start of a syscall - just let it run */
542 		return;
543 
544 	case  5:
545 		/* Low-priority machine check */
546 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_LPMC);
547 
548 		flush_cache_all();
549 		flush_tlb_all();
550 		cpu_lpmc(5, regs);
551 		return;
552 
553 	case  PARISC_ITLB_TRAP:
554 		/* Instruction TLB miss fault/Instruction page fault */
555 		fault_address = regs->iaoq[0];
556 		fault_space   = regs->iasq[0];
557 		break;
558 
559 	case  8:
560 		/* Illegal instruction trap */
561 		die_if_kernel("Illegal instruction", regs, code);
562 		si_code = ILL_ILLOPC;
563 		goto give_sigill;
564 
565 	case  9:
566 		/* Break instruction trap */
567 		handle_break(regs);
568 		return;
569 
570 	case 10:
571 		/* Privileged operation trap */
572 		die_if_kernel("Privileged operation", regs, code);
573 		si_code = ILL_PRVOPC;
574 		goto give_sigill;
575 
576 	case 11:
577 		/* Privileged register trap */
578 		if ((regs->iir & 0xffdfffe0) == 0x034008a0) {
579 
580 			/* This is a MFCTL cr26/cr27 to gr instruction.
581 			 * PCXS traps on this, so we need to emulate it.
582 			 */
583 
584 			if (regs->iir & 0x00200000)
585 				regs->gr[regs->iir & 0x1f] = mfctl(27);
586 			else
587 				regs->gr[regs->iir & 0x1f] = mfctl(26);
588 
589 			regs->iaoq[0] = regs->iaoq[1];
590 			regs->iaoq[1] += 4;
591 			regs->iasq[0] = regs->iasq[1];
592 			return;
593 		}
594 
595 		die_if_kernel("Privileged register usage", regs, code);
596 		si_code = ILL_PRVREG;
597 	give_sigill:
598 		force_sig_fault(SIGILL, si_code,
599 				(void __user *) regs->iaoq[0]);
600 		return;
601 
602 	case 12:
603 		/* Overflow Trap, let the userland signal handler do the cleanup */
604 		force_sig_fault(SIGFPE, FPE_INTOVF,
605 				(void __user *) regs->iaoq[0]);
606 		return;
607 
608 	case 13:
609 		/* Conditional Trap
610 		   The condition succeeds in an instruction which traps
611 		   on condition  */
612 		if(user_mode(regs)){
613 			/* Let userspace app figure it out from the insn pointed
614 			 * to by si_addr.
615 			 */
616 			force_sig_fault(SIGFPE, FPE_CONDTRAP,
617 					(void __user *) regs->iaoq[0]);
618 			return;
619 		}
620 		/* The kernel doesn't want to handle condition codes */
621 		break;
622 
623 	case 14:
624 		/* Assist Exception Trap, i.e. floating point exception. */
625 		die_if_kernel("Floating point exception", regs, 0); /* quiet */
626 		__inc_irq_stat(irq_fpassist_count);
627 		handle_fpe(regs);
628 		return;
629 
630 	case 15:
631 		/* Data TLB miss fault/Data page fault */
632 		fallthrough;
633 	case 16:
634 		/* Non-access instruction TLB miss fault */
635 		/* The instruction TLB entry needed for the target address of the FIC
636 		   is absent, and hardware can't find it, so we get to cleanup */
637 		fallthrough;
638 	case 17:
639 		/* Non-access data TLB miss fault/Non-access data page fault */
640 		/* FIXME:
641 			 Still need to add slow path emulation code here!
642 			 If the insn used a non-shadow register, then the tlb
643 			 handlers could not have their side-effect (e.g. probe
644 			 writing to a target register) emulated since rfir would
645 			 erase the changes to said register. Instead we have to
646 			 setup everything, call this function we are in, and emulate
647 			 by hand. Technically we need to emulate:
648 			 fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw
649 		*/
650 		if (code == 17 && handle_nadtlb_fault(regs))
651 			return;
652 		fault_address = regs->ior;
653 		fault_space = regs->isr;
654 		break;
655 
656 	case 18:
657 		/* PCXS only -- later cpu's split this into types 26,27 & 28 */
658 		/* Check for unaligned access */
659 		if (check_unaligned(regs)) {
660 			handle_unaligned(regs);
661 			return;
662 		}
663 		fallthrough;
664 	case 26:
665 		/* PCXL: Data memory access rights trap */
666 		fault_address = regs->ior;
667 		fault_space   = regs->isr;
668 		break;
669 
670 	case 19:
671 		/* Data memory break trap */
672 		regs->gr[0] |= PSW_X; /* So we can single-step over the trap */
673 		fallthrough;
674 	case 21:
675 		/* Page reference trap */
676 		handle_gdb_break(regs, TRAP_HWBKPT);
677 		return;
678 
679 	case 25:
680 		/* Taken branch trap */
681 		regs->gr[0] &= ~PSW_T;
682 		if (user_space(regs))
683 			handle_gdb_break(regs, TRAP_BRANCH);
684 		/* else this must be the start of a syscall - just let it
685 		 * run.
686 		 */
687 		return;
688 
689 	case  7:
690 		/* Instruction access rights */
691 		/* PCXL: Instruction memory protection trap */
692 
693 		/*
694 		 * This could be caused by either: 1) a process attempting
695 		 * to execute within a vma that does not have execute
696 		 * permission, or 2) an access rights violation caused by a
697 		 * flush only translation set up by ptep_get_and_clear().
698 		 * So we check the vma permissions to differentiate the two.
699 		 * If the vma indicates we have execute permission, then
700 		 * the cause is the latter one. In this case, we need to
701 		 * call do_page_fault() to fix the problem.
702 		 */
703 
704 		if (user_mode(regs)) {
705 			struct vm_area_struct *vma;
706 
707 			mmap_read_lock(current->mm);
708 			vma = find_vma(current->mm,regs->iaoq[0]);
709 			if (vma && (regs->iaoq[0] >= vma->vm_start)
710 				&& (vma->vm_flags & VM_EXEC)) {
711 
712 				fault_address = regs->iaoq[0];
713 				fault_space = regs->iasq[0];
714 
715 				mmap_read_unlock(current->mm);
716 				break; /* call do_page_fault() */
717 			}
718 			mmap_read_unlock(current->mm);
719 		}
720 		/* CPU could not fetch instruction, so clear stale IIR value. */
721 		regs->iir = 0xbaadf00d;
722 		fallthrough;
723 	case 27:
724 		/* Data memory protection ID trap */
725 		if (code == 27 && !user_mode(regs) &&
726 			fixup_exception(regs))
727 			return;
728 
729 		die_if_kernel("Protection id trap", regs, code);
730 		force_sig_fault(SIGSEGV, SEGV_MAPERR,
731 				(code == 7)?
732 				((void __user *) regs->iaoq[0]) :
733 				((void __user *) regs->ior));
734 		return;
735 
736 	case 28:
737 		/* Unaligned data reference trap */
738 		handle_unaligned(regs);
739 		return;
740 
741 	default:
742 		if (user_mode(regs)) {
743 			parisc_printk_ratelimited(0, regs, KERN_DEBUG
744 				"handle_interruption() pid=%d command='%s'\n",
745 				task_pid_nr(current), current->comm);
746 			/* SIGBUS, for lack of a better one. */
747 			force_sig_fault(SIGBUS, BUS_OBJERR,
748 					(void __user *)regs->ior);
749 			return;
750 		}
751 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
752 
753 		parisc_terminate("Unexpected interruption", regs, code, 0);
754 		/* NOT REACHED */
755 	}
756 
757 	if (user_mode(regs)) {
758 	    if ((fault_space >> SPACEID_SHIFT) != (regs->sr[7] >> SPACEID_SHIFT)) {
759 		parisc_printk_ratelimited(0, regs, KERN_DEBUG
760 				"User fault %d on space 0x%08lx, pid=%d command='%s'\n",
761 				code, fault_space,
762 				task_pid_nr(current), current->comm);
763 		force_sig_fault(SIGSEGV, SEGV_MAPERR,
764 				(void __user *)regs->ior);
765 		return;
766 	    }
767 	}
768 	else {
769 
770 	    /*
771 	     * The kernel should never fault on its own address space,
772 	     * unless pagefault_disable() was called before.
773 	     */
774 
775 	    if (faulthandler_disabled() || fault_space == 0)
776 	    {
777 		/* Clean up and return if in exception table. */
778 		if (fixup_exception(regs))
779 			return;
780 		/* Clean up and return if handled by kfence. */
781 		if (kfence_handle_page_fault(fault_address,
782 			parisc_acctyp(code, regs->iir) == VM_WRITE, regs))
783 			return;
784 		pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
785 		parisc_terminate("Kernel Fault", regs, code, fault_address);
786 	    }
787 	}
788 
789 	do_page_fault(regs, code, fault_address);
790 }
791 
792 
initialize_ivt(const void * iva)793 void __init initialize_ivt(const void *iva)
794 {
795 	extern const u32 os_hpmc[];
796 
797 	int i;
798 	u32 check = 0;
799 	u32 *ivap;
800 	u32 *hpmcp;
801 	u32 instr;
802 
803 	if (strcmp((const char *)iva, "cows can fly"))
804 		panic("IVT invalid");
805 
806 	ivap = (u32 *)iva;
807 
808 	for (i = 0; i < 8; i++)
809 	    *ivap++ = 0;
810 
811 	/*
812 	 * Use PDC_INSTR firmware function to get instruction that invokes
813 	 * PDCE_CHECK in HPMC handler.  See programming note at page 1-31 of
814 	 * the PA 1.1 Firmware Architecture document.
815 	 */
816 	if (pdc_instr(&instr) == PDC_OK)
817 		ivap[0] = instr;
818 
819 	/*
820 	 * Rules for the checksum of the HPMC handler:
821 	 * 1. The IVA does not point to PDC/PDH space (ie: the OS has installed
822 	 *    its own IVA).
823 	 * 2. The word at IVA + 32 is nonzero.
824 	 * 3. If Length (IVA + 60) is not zero, then Length (IVA + 60) and
825 	 *    Address (IVA + 56) are word-aligned.
826 	 * 4. The checksum of the 8 words starting at IVA + 32 plus the sum of
827 	 *    the Length/4 words starting at Address is zero.
828 	 */
829 
830 	/* Setup IVA and compute checksum for HPMC handler */
831 	ivap[6] = (u32)__pa(os_hpmc);
832 
833 	hpmcp = (u32 *)os_hpmc;
834 
835 	for (i=0; i<8; i++)
836 	    check += ivap[i];
837 
838 	ivap[5] = -check;
839 	pr_debug("initialize_ivt: IVA[6] = 0x%08x\n", ivap[6]);
840 }
841 
842 
843 /* early_trap_init() is called before we set up kernel mappings and
844  * write-protect the kernel */
early_trap_init(void)845 void  __init early_trap_init(void)
846 {
847 	extern const void fault_vector_20;
848 
849 #ifndef CONFIG_64BIT
850 	extern const void fault_vector_11;
851 	initialize_ivt(&fault_vector_11);
852 #endif
853 
854 	initialize_ivt(&fault_vector_20);
855 }
856