linux/arch/sparc/kernel
David S. Miller 7cafc0b8bf sparc64: Fix return from trap window fill crashes.
We must handle data access exception as well as memory address unaligned
exceptions from return from trap window fill faults, not just normal
TLB misses.

Otherwise we can get an OOPS that looks like this:

ld-linux.so.2(36808): Kernel bad sw trap 5 [#1]
CPU: 1 PID: 36808 Comm: ld-linux.so.2 Not tainted 4.6.0 #34
task: fff8000303be5c60 ti: fff8000301344000 task.ti: fff8000301344000
TSTATE: 0000004410001601 TPC: 0000000000a1a784 TNPC: 0000000000a1a788 Y: 00000002    Not tainted
TPC: <do_sparc64_fault+0x5c4/0x700>
g0: fff8000024fc8248 g1: 0000000000db04dc g2: 0000000000000000 g3: 0000000000000001
g4: fff8000303be5c60 g5: fff800030e672000 g6: fff8000301344000 g7: 0000000000000001
o0: 0000000000b95ee8 o1: 000000000000012b o2: 0000000000000000 o3: 0000000200b9b358
o4: 0000000000000000 o5: fff8000301344040 sp: fff80003013475c1 ret_pc: 0000000000a1a77c
RPC: <do_sparc64_fault+0x5bc/0x700>
l0: 00000000000007ff l1: 0000000000000000 l2: 000000000000005f l3: 0000000000000000
l4: fff8000301347e98 l5: fff8000024ff3060 l6: 0000000000000000 l7: 0000000000000000
i0: fff8000301347f60 i1: 0000000000102400 i2: 0000000000000000 i3: 0000000000000000
i4: 0000000000000000 i5: 0000000000000000 i6: fff80003013476a1 i7: 0000000000404d4c
I7: <user_rtt_fill_fixup+0x6c/0x7c>
Call Trace:
 [0000000000404d4c] user_rtt_fill_fixup+0x6c/0x7c

The window trap handlers are slightly clever, the trap table entries for them are
composed of two pieces of code.  First comes the code that actually performs
the window fill or spill trap handling, and then there are three instructions at
the end which are for exception processing.

The userland register window fill handler is:

	add	%sp, STACK_BIAS + 0x00, %g1;		\
	ldxa	[%g1 + %g0] ASI, %l0;			\
	mov	0x08, %g2;				\
	mov	0x10, %g3;				\
	ldxa	[%g1 + %g2] ASI, %l1;			\
	mov	0x18, %g5;				\
	ldxa	[%g1 + %g3] ASI, %l2;			\
	ldxa	[%g1 + %g5] ASI, %l3;			\
	add	%g1, 0x20, %g1;				\
	ldxa	[%g1 + %g0] ASI, %l4;			\
	ldxa	[%g1 + %g2] ASI, %l5;			\
	ldxa	[%g1 + %g3] ASI, %l6;			\
	ldxa	[%g1 + %g5] ASI, %l7;			\
	add	%g1, 0x20, %g1;				\
	ldxa	[%g1 + %g0] ASI, %i0;			\
	ldxa	[%g1 + %g2] ASI, %i1;			\
	ldxa	[%g1 + %g3] ASI, %i2;			\
	ldxa	[%g1 + %g5] ASI, %i3;			\
	add	%g1, 0x20, %g1;				\
	ldxa	[%g1 + %g0] ASI, %i4;			\
	ldxa	[%g1 + %g2] ASI, %i5;			\
	ldxa	[%g1 + %g3] ASI, %i6;			\
	ldxa	[%g1 + %g5] ASI, %i7;			\
	restored;					\
	retry; nop; nop; nop; nop;			\
	b,a,pt	%xcc, fill_fixup_dax;			\
	b,a,pt	%xcc, fill_fixup_mna;			\
	b,a,pt	%xcc, fill_fixup;

And the way this works is that if any of those memory accesses
generate an exception, the exception handler can revector to one of
those final three branch instructions depending upon which kind of
exception the memory access took.  In this way, the fault handler
doesn't have to know if it was a spill or a fill that it's handling
the fault for.  It just always branches to the last instruction in
the parent trap's handler.

For example, for a regular fault, the code goes:

winfix_trampoline:
	rdpr	%tpc, %g3
	or	%g3, 0x7c, %g3
	wrpr	%g3, %tnpc
	done

All window trap handlers are 0x80 aligned, so if we "or" 0x7c into the
trap time program counter, we'll get that final instruction in the
trap handler.

On return from trap, we have to pull the register window in but we do
this by hand instead of just executing a "restore" instruction for
several reasons.  The largest being that from Niagara and onward we
simply don't have enough levels in the trap stack to fully resolve all
possible exception cases of a window fault when we are already at
trap level 1 (which we enter to get ready to return from the original
trap).

This is executed inline via the FILL_*_RTRAP handlers.  rtrap_64.S's
code branches directly to these to do the window fill by hand if
necessary.  Now if you look at them, we'll see at the end:

	    ba,a,pt    %xcc, user_rtt_fill_fixup;
	    ba,a,pt    %xcc, user_rtt_fill_fixup;
	    ba,a,pt    %xcc, user_rtt_fill_fixup;

And oops, all three cases are handled like a fault.

This doesn't work because each of these trap types (data access
exception, memory address unaligned, and faults) store their auxiliary
info in different registers to pass on to the C handler which does the
real work.

So in the case where the stack was unaligned, the unaligned trap
handler sets up the arg registers one way, and then we branched to
the fault handler which expects them setup another way.

So the FAULT_TYPE_* value ends up basically being garbage, and
randomly would generate the backtrace seen above.

Reported-by: Nick Alcock <nix@esperi.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-29 18:55:54 -07:00
..
.gitignore
apc.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
asm-offsets.c
audit.c sparc: Convert naked unsigned uses to unsigned int 2016-03-20 21:28:58 -07:00
auxio_32.c sparc32: fix sparse warning in auxio_32.c 2014-05-18 19:01:27 -07:00
auxio_64.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
btext.c sparc64: fix sparse warning in btext.c 2014-05-18 19:01:30 -07:00
central.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
cherrs.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
chmc.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
compat_audit.c sparc: Convert naked unsigned uses to unsigned int 2016-03-20 21:28:58 -07:00
cpu.c sparc64: recognize and support Sonoma CPU type 2016-04-21 16:43:47 -04:00
cpumap.c sparc64: recognize and support Sonoma CPU type 2016-04-21 16:43:47 -04:00
cpumap.h sparc: drop use of extern for prototypes in arch/sparc/* 2014-05-18 19:01:29 -07:00
devices.c sparc32: drop tadpole specific code 2014-05-18 19:01:29 -07:00
dma.c
ds.c sparc64: Move request_irq() from ldc_bind() to ldc_alloc() 2014-09-16 18:31:31 -07:00
dtlb_miss.S
dtlb_prot.S sparc64: Fix corrupted thread fault code. 2014-10-18 23:03:09 -04:00
ebus.c sparc: delete non-required instances of include <linux/init.h> 2014-01-28 23:38:23 -08:00
entry.h sparc: Resolve conflict between sparc v9 and M7 on usage of bit 9 of TTE 2015-05-31 22:15:01 -07:00
entry.S sparc32: drop hardcoding trap_level in kgdb_trap 2016-05-20 17:55:41 -07:00
etrap_32.S
etrap_64.S
fpu_traps.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
ftrace.c ftrace: Do not pass data to ftrace_dyn_arch_init 2014-03-07 10:06:14 -05:00
getsetcc.S
head_32.S
head_64.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
helpers.S
hvapi.c sparc: perf: Add support M7 processor 2015-03-19 18:54:49 -07:00
hvcalls.S Add sun4v_wdt watchdog driver 2016-01-31 11:06:24 -08:00
hvtramp.S sparc64: Fix register corruption in top-most kernel stack frame during boot. 2014-10-24 09:52:49 -07:00
idprom.c net: Add eth_platform_get_mac_address() helper. 2016-01-06 16:31:56 -05:00
iommu_common.h remove <asm/scatterlist.h> 2015-05-05 13:35:39 -06:00
iommu.c iommu-common: Fix error code used in iommu_tbl_range_{alloc,free}(). 2015-11-04 11:30:57 -08:00
ioport.c sparc: Fix misspellings in comments. 2016-03-20 21:28:58 -07:00
irq_32.c sparc32: fix sparse warnings in irq_32.c 2014-04-29 01:12:25 -04:00
irq_64.c sparc/irq: Use access helper irq_data_get_affinity_mask() 2015-07-31 22:20:05 +02:00
irq.h sparc: drop use of extern for prototypes in arch/sparc/* 2014-05-18 19:01:29 -07:00
itlb_miss.S
ivec.S
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kernel.h sparc32: use proper prototype for trapbase 2016-05-20 17:55:41 -07:00
kgdb_32.c sparc32: use proper prototype for trapbase 2016-05-20 17:55:41 -07:00
kgdb_64.c sparc64: fix sparse warning in kgdb_64.c 2014-05-18 19:01:34 -07:00
kprobes.c sparc: Replace __get_cpu_var uses 2014-08-26 13:45:55 -04:00
kstack.h
ktlb.S sparc64: Adjust vmalloc region size based upon available virtual address bits. 2014-10-05 16:53:40 -07:00
ldc.c iommu-common: Fix error code used in iommu_tbl_range_{alloc,free}(). 2015-11-04 11:30:57 -08:00
led.c
leon_kernel.c sparc: Fix misspellings in comments. 2016-03-20 21:28:58 -07:00
leon_pci_grpci1.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
leon_pci_grpci2.c genirq: Remove irq argument from irq flow handlers 2015-09-16 15:47:51 +02:00
leon_pci.c PCI: Cleanup control flow 2015-03-19 10:17:22 -05:00
leon_pmc.c sparc32: fix sparse warnings in leon_pmc.c 2014-04-29 01:12:27 -04:00
leon_smp.c sparc32, leon: Align ccall_info to prevent unaligned traps on crosscall 2014-12-11 18:51:56 -08:00
Makefile sparc64: Fix return from trap window fill crashes. 2016-05-29 18:55:54 -07:00
mdesc.c new helpers: no_seek_end_llseek{,_size}() 2015-12-23 10:41:31 -05:00
misctrap.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
module.c mm: vmalloc: pass additional vm_flags to __vmalloc_node_range() 2015-02-13 21:21:42 -08:00
nmi.c sparc: Replace __get_cpu_var uses 2014-08-26 13:45:55 -04:00
of_device_32.c
of_device_64.c
of_device_common.c sparc: fix sparse warnings in of_device_common.c 2014-04-29 01:12:27 -04:00
of_device_common.h
pci_common.c sparc/PCI: Add mem64 resource parsing for root bus 2015-10-29 17:35:46 -05:00
pci_fire.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
pci_impl.h sparc/PCI: Add mem64 resource parsing for root bus 2015-10-29 17:35:46 -05:00
pci_msi.c PCI/MSI: Rename mask/unmask_msi_irq treewide 2014-11-23 13:01:45 +01:00
pci_psycho.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
pci_sabre.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
pci_schizo.c Driver core patches for 3.19-rc1 2014-12-14 16:10:09 -08:00
pci_sun4v_asm.S
pci_sun4v.c iommu-common: Fix error code used in iommu_tbl_range_{alloc,free}(). 2015-11-04 11:30:57 -08:00
pci_sun4v.h sparc: drop use of extern for prototypes in arch/sparc/* 2014-05-18 19:01:29 -07:00
pci.c sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata 2016-04-21 16:43:45 -04:00
pcic.c PCI: Assign resources before drivers claim devices (pci_scan_bus()) 2015-03-12 15:04:01 -05:00
pcr.c sparc: perf: Add support M7 processor 2015-03-19 18:54:49 -07:00
perf_event.c perf core: Allow setting up max frame stack depth via sysctl 2016-04-27 10:20:39 -03:00
pmc.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
power.c sparc: kernel: drop owner assignment from platform_drivers 2014-10-20 16:20:15 +02:00
process_32.c exit_thread: accept a task parameter to be exited 2016-05-20 17:58:30 -07:00
process_64.c exit_thread: accept a task parameter to be exited 2016-05-20 17:58:30 -07:00
prom_32.c
prom_64.c sparc64: fix sparse warning in prom_64.c 2014-05-18 19:01:31 -07:00
prom_common.c
prom_irqtrans.c
prom.h sparc: drop use of extern for prototypes in arch/sparc/* 2014-05-18 19:01:29 -07:00
psycho_common.c
psycho_common.h sparc: drop use of extern for prototypes in arch/sparc/* 2014-05-18 19:01:29 -07:00
ptrace_32.c sparc32: fix sparse warning in ptrace_32.c 2014-04-29 01:12:26 -04:00
ptrace_64.c ARCH: AUDIT: audit_syscall_entry() should not require the arch 2014-09-23 16:21:26 -04:00
reboot.c
rtrap_32.S
rtrap_64.S sparc64: Fix return from trap window fill crashes. 2016-05-29 18:55:54 -07:00
sbus.c
setup_32.c sparc32: use proper prototype for trapbase 2016-05-20 17:55:41 -07:00
setup_64.c sparc64: recognize and support Sonoma CPU type 2016-04-21 16:43:47 -04:00
signal32.c sparc: Harden signal return frame checks. 2016-05-29 11:24:05 -07:00
signal_32.c sparc: Harden signal return frame checks. 2016-05-29 11:24:05 -07:00
signal_64.c sparc: Harden signal return frame checks. 2016-05-29 11:24:05 -07:00
sigutil_32.c sparc: Harden signal return frame checks. 2016-05-29 11:24:05 -07:00
sigutil_64.c sparc: Harden signal return frame checks. 2016-05-29 11:24:05 -07:00
sigutil.h
smp_32.c arch/hotplug: Call into idle with a proper state 2016-03-01 20:36:57 +01:00
smp_64.c arch/hotplug: Call into idle with a proper state 2016-03-01 20:36:57 +01:00
sparc_ksyms_32.c sparc: delete non-required instances of include <linux/init.h> 2014-01-28 23:38:23 -08:00
sparc_ksyms_64.c Add sun4v_wdt watchdog driver 2016-01-31 11:06:24 -08:00
spiterrs.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
sstate.c
stacktrace.c
starfire.c arch: sparc: kernel: starfire.c: Remove unused function 2015-03-01 21:33:58 -08:00
sun4d_irq.c sparc/irq: Use helper irq_data_get_irq_handler_data() 2015-07-31 22:20:05 +02:00
sun4d_smp.c sparc: Replace __get_cpu_var uses 2014-08-26 13:45:55 -04:00
sun4m_irq.c sparc/irq: Use helper irq_data_get_irq_handler_data() 2015-07-31 22:20:05 +02:00
sun4m_smp.c sparc/time: Migrate to new 'set-state' interface 2015-08-10 11:41:05 +02:00
sun4v_ivec.S
sun4v_tlb_miss.S sparc64: sun4v TLB error power off events 2014-09-16 17:46:44 -07:00
sys32.S sparc: Hook up renameat2 syscall. 2014-07-21 22:27:56 -07:00
sys_sparc32.c sparc64: fix sparse warnings in sys_sparc32.c 2014-05-18 19:01:31 -07:00
sys_sparc_32.c sparc32: fix sparse warnings in sys_sparc_32.c 2014-05-18 19:01:28 -07:00
sys_sparc_64.c sparc: Convert naked unsigned uses to unsigned int 2016-03-20 21:28:58 -07:00
syscalls.S sparc: Fix system call tracing register handling. 2016-01-21 16:06:00 -08:00
sysfs.c sparc: Fix misspellings in comments. 2016-03-20 21:28:58 -07:00
systbls_32.S sparc: Write up preadv2/pwritev2 syscalls. 2016-03-29 18:39:26 -07:00
systbls_64.S sparc: Write up preadv2/pwritev2 syscalls. 2016-03-29 18:39:26 -07:00
systbls.h sparc64: fix sparse warnings in sys_sparc32.c 2014-05-18 19:01:31 -07:00
time_32.c sparc/time: Migrate to new 'set-state' interface 2015-08-10 11:41:05 +02:00
time_64.c sparc/time: Migrate to new 'set-state' interface 2015-08-10 11:41:05 +02:00
trampoline_32.S sparc: delete non-required instances of include <linux/init.h> 2014-01-28 23:38:23 -08:00
trampoline_64.S sparc64: Fix register corruption in top-most kernel stack frame during boot. 2014-10-24 09:52:49 -07:00
traps_32.c sparc: Remove signal translation and exec_domain 2015-04-12 21:03:21 +02:00
traps_64.c sparc: Remove signal translation and exec_domain 2015-04-12 21:03:21 +02:00
tsb.S sparc64: Fix corrupted thread fault code. 2014-10-18 23:03:09 -04:00
ttable_32.S
ttable_64.S
una_asm_32.S
una_asm_64.S
unaligned_32.c sparc: use %s for unaligned panic 2014-07-21 21:37:06 -07:00
unaligned_64.c sparc: Convert naked unsigned uses to unsigned int 2016-03-20 21:28:58 -07:00
urtt_fill.S sparc64: Fix return from trap window fill crashes. 2016-05-29 18:55:54 -07:00
utrap.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
vio.c sparc: Implement and wire up vio_hotplug for vio. 2016-04-21 16:43:46 -04:00
viohs.c sparc: VIO protocol version 1.6 2014-09-30 14:17:08 -07:00
visemul.c
vmlinux.lds.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
windows.c sparc32: fix sparse warnings in windows.c 2014-04-29 01:12:25 -04:00
winfixup.S sparc64: Fix bootup regressions on some Kconfig combinations. 2016-04-27 17:27:37 -04:00
wof.S
wuf.S