1 files changed, 0 insertions, 333 deletions
diff --git a/arch/ppc64/mm/fault.c b/arch/ppc64/mm/fault.c
deleted file mode 100644
index be3f25cf3e9f..000000000000
--- a/arch/ppc64/mm/fault.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- *  arch/ppc/mm/fault.c
- *
- *  PowerPC version 
- *    Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
- *
- *  Derived from "arch/i386/mm/fault.c"
- *    Copyright (C) 1991, 1992, 1993, 1994  Linus Torvalds
- *
- *  Modified by Cort Dougan and Paul Mackerras.
- *
- *  Modified for PPC64 by Dave Engebretsen (engebret@ibm.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version
- *  2 of the License, or (at your option) any later version.
- */
-#include <linux/config.h>
-#include <linux/signal.h>
-#include <linux/sched.h>
-#include <linux/kernel.h>
-#include <linux/errno.h>
-#include <linux/string.h>
-#include <linux/types.h>
-#include <linux/mman.h>
-#include <linux/mm.h>
-#include <linux/interrupt.h>
-#include <linux/smp_lock.h>
-#include <linux/module.h>
-#include <linux/kprobes.h>
-#include <asm/page.h>
-#include <asm/pgtable.h>
-#include <asm/mmu.h>
-#include <asm/mmu_context.h>
-#include <asm/system.h>
-#include <asm/uaccess.h>
-#include <asm/kdebug.h>
-#include <asm/siginfo.h>
-/*
- * Check whether the instruction at regs->nip is a store using
- * an update addressing form which will update r1.
- */
-static int store_updates_sp(struct pt_regs *regs)
-{
-        unsigned int inst;
-        if (get_user(inst, (unsigned int __user *)regs->nip))
-                return 0;
-        /* check for 1 in the rA field */
-        if (((inst >> 16) & 0x1f) != 1)
-                return 0;
-        /* check major opcode */
-        switch (inst >> 26) {
-        case 37:        /* stwu */
-        case 39:        /* stbu */
-        case 45:        /* sthu */
-        case 53:        /* stfsu */
-        case 55:        /* stfdu */
-                return 1;
-        case 62:        /* std or stdu */
-                return (inst & 3) == 1;
-        case 31:
-                /* check minor opcode */
-                switch ((inst >> 1) & 0x3ff) {
-                case 181:       /* stdux */
-                case 183:       /* stwux */
-                case 247:       /* stbux */
-                case 439:       /* sthux */
-                case 695:       /* stfsux */
-                case 759:       /* stfdux */
-                        return 1;
-                }
-        }
-        return 0;
-}
-static void do_dabr(struct pt_regs *regs, unsigned long error_code)
-{
-        siginfo_t info;
-        if (notify_die(DIE_DABR_MATCH, "dabr_match", regs, error_code,
-                        11, SIGSEGV) == NOTIFY_STOP)
-                return;
-        if (debugger_dabr_match(regs))
-                return;
-        /* Clear the DABR */
-        set_dabr(0);
-        /* Deliver the signal to userspace */
-        info.si_signo = SIGTRAP;
-        info.si_errno = 0;
-        info.si_code = TRAP_HWBKPT;
-        info.si_addr = (void __user *)regs->nip;
-        force_sig_info(SIGTRAP, &info, current);
-}
-/*
- * The error_code parameter is
- *  - DSISR for a non-SLB data access fault,
- *  - SRR1 & 0x08000000 for a non-SLB instruction access fault
- *  - 0 any SLB fault.
- * The return value is 0 if the fault was handled, or the signal
- * number if this is a kernel fault that can't be handled here.
- */
-int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
-                            unsigned long error_code)
-{
-        struct vm_area_struct * vma;
-        struct mm_struct *mm = current->mm;
-        siginfo_t info;
-        unsigned long code = SEGV_MAPERR;
-        unsigned long is_write = error_code & DSISR_ISSTORE;
-        unsigned long trap = TRAP(regs);
-        unsigned long is_exec = trap == 0x400;
-        BUG_ON((trap == 0x380) || (trap == 0x480));
-        if (notify_die(DIE_PAGE_FAULT, "page_fault", regs, error_code,
-                                11, SIGSEGV) == NOTIFY_STOP)
-                return 0;
-        if (trap == 0x300) {
-                if (debugger_fault_handler(regs))
-                        return 0;
-        }
-        /* On a kernel SLB miss we can only check for a valid exception entry */
-        if (!user_mode(regs) && (address >= TASK_SIZE))
-                return SIGSEGV;
-        if (error_code & DSISR_DABRMATCH) {
-                do_dabr(regs, error_code);
-                return 0;
-        }
-        if (in_atomic() || mm == NULL) {
-                if (!user_mode(regs))
-                        return SIGSEGV;
-                /* in_atomic() in user mode is really bad,
-                   as is current->mm == NULL. */
-                printk(KERN_EMERG "Page fault in user mode with"
-                       "in_atomic() = %d mm = %p\n", in_atomic(), mm);
-                printk(KERN_EMERG "NIP = %lx  MSR = %lx\n",
-                       regs->nip, regs->msr);
-                die("Weird page fault", regs, SIGSEGV);
-        }
-        /* When running in the kernel we expect faults to occur only to
-         * addresses in user space.  All other faults represent errors in the
-         * kernel and should generate an OOPS.  Unfortunatly, in the case of an
-         * erroneous fault occuring in a code path which already holds mmap_sem
-         * we will deadlock attempting to validate the fault against the
-         * address space.  Luckily the kernel only validly references user
-         * space from well defined areas of code, which are listed in the
-         * exceptions table.
-         *
-         * As the vast majority of faults will be valid we will only perform
-         * the source reference check when there is a possibilty of a deadlock.
-         * Attempt to lock the address space, if we cannot we then validate the
-         * source.  If this is invalid we can skip the address space check,
-         * thus avoiding the deadlock.
-         */
-        if (!down_read_trylock(&mm->mmap_sem)) {
-                if (!user_mode(regs) && !search_exception_tables(regs->nip))
-                        goto bad_area_nosemaphore;
-                down_read(&mm->mmap_sem);
-        }
-        vma = find_vma(mm, address);
-        if (!vma)
-                goto bad_area;
-        if (vma->vm_start <= address) {
-                goto good_area;
-        }
-        if (!(vma->vm_flags & VM_GROWSDOWN))
-                goto bad_area;
-        /*
-         * N.B. The POWER/Open ABI allows programs to access up to
-         * 288 bytes below the stack pointer.
-         * The kernel signal delivery code writes up to about 1.5kB
-         * below the stack pointer (r1) before decrementing it.
-         * The exec code can write slightly over 640kB to the stack
-         * before setting the user r1.  Thus we allow the stack to
-         * expand to 1MB without further checks.
-         */
-        if (address + 0x100000 < vma->vm_end) {
-                /* get user regs even if this fault is in kernel mode */
-                struct pt_regs *uregs = current->thread.regs;
-                if (uregs == NULL)
-                        goto bad_area;
-                /*
-                 * A user-mode access to an address a long way below
-                 * the stack pointer is only valid if the instruction
-                 * is one which would update the stack pointer to the
-                 * address accessed if the instruction completed,
-                 * i.e. either stwu rs,n(r1) or stwux rs,r1,rb
-                 * (or the byte, halfword, float or double forms).
-                 *
-                 * If we don't check this then any write to the area
-                 * between the last mapped region and the stack will
-                 * expand the stack rather than segfaulting.
-                 */
-                if (address + 2048 < uregs->gpr[1]
-                    && (!user_mode(regs) || !store_updates_sp(regs)))
-                        goto bad_area;
-        }
-        if (expand_stack(vma, address))
-                goto bad_area;
-good_area:
-        code = SEGV_ACCERR;
-        if (is_exec) {
-                /* protection fault */
-                if (error_code & DSISR_PROTFAULT)
-                        goto bad_area;
-                if (!(vma->vm_flags & VM_EXEC))
-                        goto bad_area;
-        /* a write */
-        } else if (is_write) {
-                if (!(vma->vm_flags & VM_WRITE))
-                        goto bad_area;
-        /* a read */
-        } else {
-                if (!(vma->vm_flags & VM_READ))
-                        goto bad_area;
-        }
- survive:
-        /*
-         * If for any reason at all we couldn't handle the fault,
-         * make sure we exit gracefully rather than endlessly redo
-         * the fault.
-         */
-        switch (handle_mm_fault(mm, vma, address, is_write)) {
-        case VM_FAULT_MINOR:
-                current->min_flt++;
-                break;
-        case VM_FAULT_MAJOR:
-                current->maj_flt++;
-                break;
-        case VM_FAULT_SIGBUS:
-                goto do_sigbus;
-        case VM_FAULT_OOM:
-                goto out_of_memory;
-        default:
-                BUG();
-        }
-        up_read(&mm->mmap_sem);
-        return 0;
-bad_area:
-        up_read(&mm->mmap_sem);
-bad_area_nosemaphore:
-        /* User mode accesses cause a SIGSEGV */
-        if (user_mode(regs)) {
-                info.si_signo = SIGSEGV;
-                info.si_errno = 0;
-                info.si_code = code;
-                info.si_addr = (void __user *) address;
-                force_sig_info(SIGSEGV, &info, current);
-                return 0;
-        }
-        if (trap == 0x400 && (error_code & DSISR_PROTFAULT)
-            && printk_ratelimit())
-                printk(KERN_CRIT "kernel tried to execute NX-protected"
-                       " page (%lx) - exploit attempt? (uid: %d)\n",
-                       address, current->uid);
-        return SIGSEGV;
-/*
- * We ran out of memory, or some other thing happened to us that made
- * us unable to handle the page fault gracefully.
- */
-out_of_memory:
-        up_read(&mm->mmap_sem);
-        if (current->pid == 1) {
-                yield();
-                down_read(&mm->mmap_sem);
-                goto survive;
-        }
-        printk("VM: killing process %s\n", current->comm);
-        if (user_mode(regs))
-                do_exit(SIGKILL);
-        return SIGKILL;
-do_sigbus:
-        up_read(&mm->mmap_sem);
-        if (user_mode(regs)) {
-                info.si_signo = SIGBUS;
-                info.si_errno = 0;
-                info.si_code = BUS_ADRERR;
-                info.si_addr = (void __user *)address;
-                force_sig_info(SIGBUS, &info, current);
-                return 0;
-        }
-        return SIGBUS;
-}
-/*
- * bad_page_fault is called when we have a bad access from the kernel.
- * It is called from do_page_fault above and from some of the procedures
- * in traps.c.
- */
-void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
-{
-        const struct exception_table_entry *entry;
-        /* Are we prepared to handle this fault?  */
-        if ((entry = search_exception_tables(regs->nip)) != NULL) {
-                regs->nip = entry->fixup;
-                return;
-        }
-        /* kernel has accessed a bad area */
-        die("Kernel access of bad area", regs, sig);
-}

diff --git a/arch/ppc64/mm/fault.c b/arch/ppc64/mm/fault.c deleted file mode 100644 index be3f25cf3e9f..000000000000 --- a/arch/ppc64/mm/fault.c +++ /dev/null
@@ -1,333 +0,0 @@
1	/*
2	* arch/ppc/mm/fault.c
3	*
4	* PowerPC version
5	* Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
6	*
7	* Derived from "arch/i386/mm/fault.c"
8	* Copyright (C) 1991, 1992, 1993, 1994 Linus Torvalds
9	*
10	* Modified by Cort Dougan and Paul Mackerras.
11	*
12	* Modified for PPC64 by Dave Engebretsen (engebret@ibm.com)
13	*
14	* This program is free software; you can redistribute it and/or
15	* modify it under the terms of the GNU General Public License
16	* as published by the Free Software Foundation; either version
17	* 2 of the License, or (at your option) any later version.
18	*/
19
20	#include <linux/config.h>
21	#include <linux/signal.h>
22	#include <linux/sched.h>
23	#include <linux/kernel.h>
24	#include <linux/errno.h>
25	#include <linux/string.h>
26	#include <linux/types.h>
27	#include <linux/mman.h>
28	#include <linux/mm.h>
29	#include <linux/interrupt.h>
30	#include <linux/smp_lock.h>
31	#include <linux/module.h>
32	#include <linux/kprobes.h>
33
34	#include <asm/page.h>
35	#include <asm/pgtable.h>
36	#include <asm/mmu.h>
37	#include <asm/mmu_context.h>
38	#include <asm/system.h>
39	#include <asm/uaccess.h>
40	#include <asm/kdebug.h>
41	#include <asm/siginfo.h>
42
43	/*
44	* Check whether the instruction at regs->nip is a store using
45	* an update addressing form which will update r1.
46	*/
47	static int store_updates_sp(struct pt_regs *regs)
48	{
49	unsigned int inst;
50
51	if (get_user(inst, (unsigned int __user *)regs->nip))
52	return 0;
53	/* check for 1 in the rA field */
54	if (((inst >> 16) & 0x1f) != 1)
55	return 0;
56	/* check major opcode */
57	switch (inst >> 26) {
58	case 37: /* stwu */
59	case 39: /* stbu */
60	case 45: /* sthu */
61	case 53: /* stfsu */
62	case 55: /* stfdu */
63	return 1;
64	case 62: /* std or stdu */
65	return (inst & 3) == 1;
66	case 31:
67	/* check minor opcode */
68	switch ((inst >> 1) & 0x3ff) {
69	case 181: /* stdux */
70	case 183: /* stwux */
71	case 247: /* stbux */
72	case 439: /* sthux */
73	case 695: /* stfsux */
74	case 759: /* stfdux */
75	return 1;
76	}
77	}
78	return 0;
79	}
80
81	static void do_dabr(struct pt_regs *regs, unsigned long error_code)
82	{
83	siginfo_t info;
84
85	if (notify_die(DIE_DABR_MATCH, "dabr_match", regs, error_code,
86	11, SIGSEGV) == NOTIFY_STOP)
87	return;
88
89	if (debugger_dabr_match(regs))
90	return;
91
92	/* Clear the DABR */
93	set_dabr(0);
94
95	/* Deliver the signal to userspace */
96	info.si_signo = SIGTRAP;
97	info.si_errno = 0;
98	info.si_code = TRAP_HWBKPT;
99	info.si_addr = (void __user *)regs->nip;
100	force_sig_info(SIGTRAP, &info, current);
101	}
102
103	/*
104	* The error_code parameter is
105	* - DSISR for a non-SLB data access fault,
106	* - SRR1 & 0x08000000 for a non-SLB instruction access fault
107	* - 0 any SLB fault.
108	* The return value is 0 if the fault was handled, or the signal
109	* number if this is a kernel fault that can't be handled here.
110	*/
111	int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
112	unsigned long error_code)
113	{
114	struct vm_area_struct * vma;
115	struct mm_struct *mm = current->mm;
116	siginfo_t info;
117	unsigned long code = SEGV_MAPERR;
118	unsigned long is_write = error_code & DSISR_ISSTORE;
119	unsigned long trap = TRAP(regs);
120	unsigned long is_exec = trap == 0x400;
121
122	BUG_ON((trap == 0x380) \|\| (trap == 0x480));
123
124	if (notify_die(DIE_PAGE_FAULT, "page_fault", regs, error_code,
125	11, SIGSEGV) == NOTIFY_STOP)
126	return 0;
127
128	if (trap == 0x300) {
129	if (debugger_fault_handler(regs))
130	return 0;
131	}
132
133	/* On a kernel SLB miss we can only check for a valid exception entry */
134	if (!user_mode(regs) && (address >= TASK_SIZE))
135	return SIGSEGV;
136
137	if (error_code & DSISR_DABRMATCH) {
138	do_dabr(regs, error_code);
139	return 0;
140	}
141
142	if (in_atomic() \|\| mm == NULL) {
143	if (!user_mode(regs))
144	return SIGSEGV;
145	/* in_atomic() in user mode is really bad,
146	as is current->mm == NULL. */
147	printk(KERN_EMERG "Page fault in user mode with"
148	"in_atomic() = %d mm = %p\n", in_atomic(), mm);
149	printk(KERN_EMERG "NIP = %lx MSR = %lx\n",
150	regs->nip, regs->msr);
151	die("Weird page fault", regs, SIGSEGV);
152	}
153
154	/* When running in the kernel we expect faults to occur only to
155	* addresses in user space. All other faults represent errors in the
156	* kernel and should generate an OOPS. Unfortunatly, in the case of an
157	* erroneous fault occuring in a code path which already holds mmap_sem
158	* we will deadlock attempting to validate the fault against the
159	* address space. Luckily the kernel only validly references user
160	* space from well defined areas of code, which are listed in the
161	* exceptions table.
162	*
163	* As the vast majority of faults will be valid we will only perform
164	* the source reference check when there is a possibilty of a deadlock.
165	* Attempt to lock the address space, if we cannot we then validate the
166	* source. If this is invalid we can skip the address space check,
167	* thus avoiding the deadlock.
168	*/
169	if (!down_read_trylock(&mm->mmap_sem)) {
170	if (!user_mode(regs) && !search_exception_tables(regs->nip))
171	goto bad_area_nosemaphore;
172
173	down_read(&mm->mmap_sem);
174	}
175
176	vma = find_vma(mm, address);
177	if (!vma)
178	goto bad_area;
179
180	if (vma->vm_start <= address) {
181	goto good_area;
182	}
183	if (!(vma->vm_flags & VM_GROWSDOWN))
184	goto bad_area;
185
186	/*
187	* N.B. The POWER/Open ABI allows programs to access up to
188	* 288 bytes below the stack pointer.
189	* The kernel signal delivery code writes up to about 1.5kB
190	* below the stack pointer (r1) before decrementing it.
191	* The exec code can write slightly over 640kB to the stack
192	* before setting the user r1. Thus we allow the stack to
193	* expand to 1MB without further checks.
194	*/
195	if (address + 0x100000 < vma->vm_end) {
196	/* get user regs even if this fault is in kernel mode */
197	struct pt_regs *uregs = current->thread.regs;
198	if (uregs == NULL)
199	goto bad_area;
200
201	/*
202	* A user-mode access to an address a long way below
203	* the stack pointer is only valid if the instruction
204	* is one which would update the stack pointer to the
205	* address accessed if the instruction completed,
206	* i.e. either stwu rs,n(r1) or stwux rs,r1,rb
207	* (or the byte, halfword, float or double forms).
208	*
209	* If we don't check this then any write to the area
210	* between the last mapped region and the stack will
211	* expand the stack rather than segfaulting.
212	*/
213	if (address + 2048 < uregs->gpr[1]
214	&& (!user_mode(regs) \|\| !store_updates_sp(regs)))
215	goto bad_area;
216	}
217
218	if (expand_stack(vma, address))
219	goto bad_area;
220
221	good_area:
222	code = SEGV_ACCERR;
223
224	if (is_exec) {
225	/* protection fault */
226	if (error_code & DSISR_PROTFAULT)
227	goto bad_area;
228	if (!(vma->vm_flags & VM_EXEC))
229	goto bad_area;
230	/* a write */
231	} else if (is_write) {
232	if (!(vma->vm_flags & VM_WRITE))
233	goto bad_area;
234	/* a read */
235	} else {
236	if (!(vma->vm_flags & VM_READ))
237	goto bad_area;
238	}
239
240	survive:
241	/*
242	* If for any reason at all we couldn't handle the fault,
243	* make sure we exit gracefully rather than endlessly redo
244	* the fault.
245	*/
246	switch (handle_mm_fault(mm, vma, address, is_write)) {
247
248	case VM_FAULT_MINOR:
249	current->min_flt++;
250	break;
251	case VM_FAULT_MAJOR:
252	current->maj_flt++;
253	break;
254	case VM_FAULT_SIGBUS:
255	goto do_sigbus;
256	case VM_FAULT_OOM:
257	goto out_of_memory;
258	default:
259	BUG();
260	}
261
262	up_read(&mm->mmap_sem);
263	return 0;
264
265	bad_area:
266	up_read(&mm->mmap_sem);
267
268	bad_area_nosemaphore:
269	/* User mode accesses cause a SIGSEGV */
270	if (user_mode(regs)) {
271	info.si_signo = SIGSEGV;
272	info.si_errno = 0;
273	info.si_code = code;
274	info.si_addr = (void __user *) address;
275	force_sig_info(SIGSEGV, &info, current);
276	return 0;
277	}
278
279	if (trap == 0x400 && (error_code & DSISR_PROTFAULT)
280	&& printk_ratelimit())
281	printk(KERN_CRIT "kernel tried to execute NX-protected"
282	" page (%lx) - exploit attempt? (uid: %d)\n",
283	address, current->uid);
284
285	return SIGSEGV;
286
287	/*
288	* We ran out of memory, or some other thing happened to us that made
289	* us unable to handle the page fault gracefully.
290	*/
291	out_of_memory:
292	up_read(&mm->mmap_sem);
293	if (current->pid == 1) {
294	yield();
295	down_read(&mm->mmap_sem);
296	goto survive;
297	}
298	printk("VM: killing process %s\n", current->comm);
299	if (user_mode(regs))
300	do_exit(SIGKILL);
301	return SIGKILL;
302
303	do_sigbus:
304	up_read(&mm->mmap_sem);
305	if (user_mode(regs)) {
306	info.si_signo = SIGBUS;
307	info.si_errno = 0;
308	info.si_code = BUS_ADRERR;
309	info.si_addr = (void __user *)address;
310	force_sig_info(SIGBUS, &info, current);
311	return 0;
312	}
313	return SIGBUS;
314	}
315
316	/*
317	* bad_page_fault is called when we have a bad access from the kernel.
318	* It is called from do_page_fault above and from some of the procedures
319	* in traps.c.
320	*/
321	void bad_page_fault(struct pt_regs *regs, unsigned long address, int sig)
322	{
323	const struct exception_table_entry *entry;
324
325	/* Are we prepared to handle this fault? */
326	if ((entry = search_exception_tables(regs->nip)) != NULL) {
327	regs->nip = entry->fixup;
328	return;
329	}
330
331	/* kernel has accessed a bad area */
332	die("Kernel access of bad area", regs, sig);
333	}