syscall.c revision 137275
1/* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */ 2 3/* 4 * Copyright 2004 Olivier Houchard 5 * Copyright 2003 Wasabi Systems, Inc. 6 * All rights reserved. 7 * 8 * Written by Steve C. Woodford for Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed for the NetBSD Project by 21 * Wasabi Systems, Inc. 22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 23 * or promote products derived from this software without specific prior 24 * written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38/* 39 * Copyright (c) 1994-1997 Mark Brinicombe. 40 * Copyright (c) 1994 Brini. 41 * All rights reserved. 42 * 43 * This code is derived from software written for Brini by Mark Brinicombe 44 * 45 * Redistribution and use in source and binary forms, with or without 46 * modification, are permitted provided that the following conditions 47 * are met: 48 * 1. Redistributions of source code must retain the above copyright 49 * notice, this list of conditions and the following disclaimer. 50 * 2. Redistributions in binary form must reproduce the above copyright 51 * notice, this list of conditions and the following disclaimer in the 52 * documentation and/or other materials provided with the distribution. 53 * 3. All advertising materials mentioning features or use of this software 54 * must display the following acknowledgement: 55 * This product includes software developed by Brini. 56 * 4. The name of the company nor the name of the author may be used to 57 * endorse or promote products derived from this software without specific 58 * prior written permission. 59 * 60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED 61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 70 * SUCH DAMAGE. 71 * 72 * RiscBSD kernel project 73 * 74 * fault.c 75 * 76 * Fault handlers 77 * 78 * Created : 28/11/94 79 */ 80 81 82#include "opt_ktrace.h" 83 84#include <sys/cdefs.h> 85__FBSDID("$FreeBSD: head/sys/arm/arm/trap.c 137275 2004-11-05 19:57:10Z cognet $"); 86 87#include <sys/types.h> 88 89#include <sys/param.h> 90#include <sys/systm.h> 91#include <sys/proc.h> 92#include <sys/user.h> 93#include <sys/kernel.h> 94#include <sys/lock.h> 95#include <sys/mutex.h> 96#include <sys/syscall.h> 97#include <sys/sysent.h> 98#ifdef KTRACE 99#include <sys/uio.h> 100#include <sys/ktrace.h> 101#endif 102 103#include <vm/vm.h> 104#include <vm/pmap.h> 105#include <vm/vm_kern.h> 106#include <vm/vm_map.h> 107#include <vm/vm_extern.h> 108 109#include <machine/cpuconf.h> 110#include <machine/vmparam.h> 111#include <machine/frame.h> 112#include <machine/katelib.h> 113#include <machine/cpu.h> 114#include <machine/intr.h> 115#include <machine/proc.h> 116#include <machine/swi.h> 117#if !defined(DDB) 118#define kdb_trap kgdb_trap 119#endif 120 121 122 123void swi_handler(trapframe_t *); 124void undefinedinstruction(trapframe_t *); 125 126#include <machine/disassem.h> 127#include <machine/machdep.h> 128 129extern char fusubailout[]; 130 131#ifdef DEBUG 132int last_fault_code; /* For the benefit of pmap_fault_fixup() */ 133#endif 134 135#if defined(CPU_ARM3) || defined(CPU_ARM6) || \ 136 defined(CPU_ARM7) || defined(CPU_ARM7TDMI) 137/* These CPUs may need data/prefetch abort fixups */ 138#define CPU_ABORT_FIXUP_REQUIRED 139#endif 140 141struct ksig { 142 int signb; 143 u_long code; 144}; 145struct data_abort { 146 int (*func)(trapframe_t *, u_int, u_int, struct thread *, struct ksig *); 147 const char *desc; 148}; 149 150static int dab_fatal(trapframe_t *, u_int, u_int, struct thread *, struct ksig *); 151static int dab_align(trapframe_t *, u_int, u_int, struct thread *, struct ksig *); 152static int dab_buserr(trapframe_t *, u_int, u_int, struct thread *, struct ksig *); 153 154static const struct data_abort data_aborts[] = { 155 {dab_fatal, "Vector Exception"}, 156 {dab_align, "Alignment Fault 1"}, 157 {dab_fatal, "Terminal Exception"}, 158 {dab_align, "Alignment Fault 3"}, 159 {dab_buserr, "External Linefetch Abort (S)"}, 160 {NULL, "Translation Fault (S)"}, 161 {dab_buserr, "External Linefetch Abort (P)"}, 162 {NULL, "Translation Fault (P)"}, 163 {dab_buserr, "External Non-Linefetch Abort (S)"}, 164 {NULL, "Domain Fault (S)"}, 165 {dab_buserr, "External Non-Linefetch Abort (P)"}, 166 {NULL, "Domain Fault (P)"}, 167 {dab_buserr, "External Translation Abort (L1)"}, 168 {NULL, "Permission Fault (S)"}, 169 {dab_buserr, "External Translation Abort (L2)"}, 170 {NULL, "Permission Fault (P)"} 171}; 172 173/* Determine if a fault came from user mode */ 174#define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE) 175 176/* Determine if 'x' is a permission fault */ 177#define IS_PERMISSION_FAULT(x) \ 178 (((1 << ((x) & FAULT_TYPE_MASK)) & \ 179 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0) 180 181static __inline void 182call_trapsignal(struct thread *td, int sig, u_long code) 183{ 184 185 trapsignal(td, sig, code); 186} 187 188static __inline int 189data_abort_fixup(trapframe_t *tf, u_int fsr, u_int far, struct thread *td, struct ksig *ksig) 190{ 191#ifdef CPU_ABORT_FIXUP_REQUIRED 192 int error; 193 194 /* Call the cpu specific data abort fixup routine */ 195 error = cpu_dataabt_fixup(tf); 196 if (__predict_true(error != ABORT_FIXUP_FAILED)) 197 return (error); 198 199 /* 200 * Oops, couldn't fix up the instruction 201 */ 202 printf("data_abort_fixup: fixup for %s mode data abort failed.\n", 203 TRAP_USERMODE(tf) ? "user" : "kernel"); 204 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 205 *((u_int *)tf->tf_pc)); 206 disassemble(tf->tf_pc); 207 208 /* Die now if this happened in kernel mode */ 209 if (!TRAP_USERMODE(tf)) 210 dab_fatal(tf, fsr, far, td, NULL, ksig); 211 212 return (error); 213#else 214 return (ABORT_FIXUP_OK); 215#endif /* CPU_ABORT_FIXUP_REQUIRED */ 216} 217 218void 219data_abort_handler(trapframe_t *tf) 220{ 221 struct vm_map *map; 222 struct pcb *pcb; 223 struct thread *td; 224 u_int user, far, fsr; 225 vm_prot_t ftype; 226 void *onfault; 227 vm_offset_t va; 228 u_int sticks = 0; 229 int error = 0; 230 struct ksig ksig; 231 struct proc *p; 232 233 234 /* Grab FAR/FSR before enabling interrupts */ 235 far = cpu_faultaddress(); 236 fsr = cpu_faultstatus(); 237#if 0 238 printf("data abort: %p (from %p %p)\n", (void*)far, (void*)tf->tf_pc, 239 (void*)tf->tf_svc_lr); 240#endif 241 242 /* Update vmmeter statistics */ 243#if 0 244 vmexp.traps++; 245#endif 246 247 td = curthread; 248 p = td->td_proc; 249 250 /* Data abort came from user mode? */ 251 user = TRAP_USERMODE(tf); 252 253 if (user) { 254 sticks = td->td_sticks; td->td_frame = tf; 255 if (td->td_ucred != td->td_proc->p_ucred) 256 cred_update_thread(td); 257 if (td->td_pflags & TDP_SA) 258 thread_user_enter(td); 259 260 } 261 /* Grab the current pcb */ 262 pcb = td->td_pcb; 263 /* Re-enable interrupts if they were enabled previously */ 264 if (td->td_critnest == 0 && __predict_true(tf->tf_spsr & I32_bit) == 0) 265 enable_interrupts(I32_bit); 266 267 /* Invoke the appropriate handler, if necessary */ 268 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) { 269 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far, 270 td, &ksig)) { 271 goto do_trapsignal; 272 } 273 goto out; 274 } 275 276 /* 277 * At this point, we're dealing with one of the following data aborts: 278 * 279 * FAULT_TRANS_S - Translation -- Section 280 * FAULT_TRANS_P - Translation -- Page 281 * FAULT_DOMAIN_S - Domain -- Section 282 * FAULT_DOMAIN_P - Domain -- Page 283 * FAULT_PERM_S - Permission -- Section 284 * FAULT_PERM_P - Permission -- Page 285 * 286 * These are the main virtual memory-related faults signalled by 287 * the MMU. 288 */ 289 290 /* fusubailout is used by [fs]uswintr to avoid page faulting */ 291 if (__predict_false(pcb->pcb_onfault == fusubailout)) { 292 tf->tf_r0 = EFAULT; 293 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 294 return; 295 } 296 297 /* 298 * Make sure the Program Counter is sane. We could fall foul of 299 * someone executing Thumb code, in which case the PC might not 300 * be word-aligned. This would cause a kernel alignment fault 301 * further down if we have to decode the current instruction. 302 * XXX: It would be nice to be able to support Thumb at some point. 303 */ 304 if (__predict_false((tf->tf_pc & 3) != 0)) { 305 if (user) { 306 /* 307 * Give the user an illegal instruction signal. 308 */ 309 /* Deliver a SIGILL to the process */ 310 ksig.signb = SIGILL; 311 ksig.code = 0; 312 goto do_trapsignal; 313 } 314 315 /* 316 * The kernel never executes Thumb code. 317 */ 318 printf("\ndata_abort_fault: Misaligned Kernel-mode " 319 "Program Counter\n"); 320 dab_fatal(tf, fsr, far, td, &ksig); 321 } 322 323 /* See if the cpu state needs to be fixed up */ 324 switch (data_abort_fixup(tf, fsr, far, td, &ksig)) { 325 case ABORT_FIXUP_RETURN: 326 return; 327 case ABORT_FIXUP_FAILED: 328 /* Deliver a SIGILL to the process */ 329 ksig.signb = SIGILL; 330 ksig.code = 0; 331 goto do_trapsignal; 332 default: 333 break; 334 } 335 336 va = trunc_page((vm_offset_t)far); 337 338 /* 339 * It is only a kernel address space fault iff: 340 * 1. user == 0 and 341 * 2. pcb_onfault not set or 342 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction. 343 */ 344 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS || 345 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) && 346 __predict_true((pcb->pcb_onfault == NULL || 347 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) { 348 map = kernel_map; 349 350 /* Was the fault due to the FPE/IPKDB ? */ 351 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) { 352 353 /* 354 * Force exit via userret() 355 * This is necessary as the FPE is an extension to 356 * userland that actually runs in a priveledged mode 357 * but uses USR mode permissions for its accesses. 358 */ 359 user = 1; 360 ksig.signb = SIGSEGV; 361 ksig.code = 0; 362 goto do_trapsignal; 363 } 364 } else { 365 map = &td->td_proc->p_vmspace->vm_map; 366 } 367 368 /* 369 * We need to know whether the page should be mapped 370 * as R or R/W. The MMU does not give us the info as 371 * to whether the fault was caused by a read or a write. 372 * 373 * However, we know that a permission fault can only be 374 * the result of a write to a read-only location, so 375 * we can deal with those quickly. 376 * 377 * Otherwise we need to disassemble the instruction 378 * responsible to determine if it was a write. 379 */ 380 if (IS_PERMISSION_FAULT(fsr)) { 381 ftype = VM_PROT_WRITE; 382 } else { 383 u_int insn = ReadWord(tf->tf_pc); 384 385 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */ 386 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */ 387 ((insn & 0x0a100000) == 0x08000000)) /* STM/CDT */ 388 { 389 ftype = VM_PROT_WRITE; 390 } 391 else 392 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */ 393 ftype = VM_PROT_READ | VM_PROT_WRITE; 394 else 395 ftype = VM_PROT_READ; 396 } 397 398 /* 399 * See if the fault is as a result of ref/mod emulation, 400 * or domain mismatch. 401 */ 402#ifdef DEBUG 403 last_fault_code = fsr; 404#endif 405 if (pmap_fault_fixup(user ? vmspace_pmap(td->td_proc->p_vmspace) : 406 kernel_pmap, va, ftype, user)) { 407 goto out; 408 } 409 410 onfault = pcb->pcb_onfault; 411 pcb->pcb_onfault = NULL; 412 if (map != kernel_map) { 413 PROC_LOCK(p); 414 p->p_lock++; 415 PROC_UNLOCK(p); 416 } 417 error = vm_fault(map, va, ftype, (ftype & VM_PROT_WRITE) ? 418 VM_FAULT_DIRTY : VM_FAULT_NORMAL); 419 pcb->pcb_onfault = onfault; 420 if (__predict_true(error == 0)) { 421 goto out; 422 } 423 424 if (map != kernel_map) { 425 PROC_LOCK(p); 426 p->p_lock++; 427 PROC_UNLOCK(p); 428 } 429 if (user == 0) { 430 if (pcb->pcb_onfault) { 431 tf->tf_r0 = error; 432 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 433 return; 434 } 435 436 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype, 437 error); 438 dab_fatal(tf, fsr, far, td, &ksig); 439 } 440 441 442 if (error == ENOMEM) { 443 printf("VM: pid %d (%s), uid %d killed: " 444 "out of swap\n", td->td_proc->p_pid, td->td_proc->p_comm, 445 (td->td_proc->p_ucred) ? 446 td->td_proc->p_ucred->cr_uid : -1); 447 ksig.signb = SIGKILL; 448 } else { 449 ksig.signb = SIGSEGV; 450 } 451 ksig.code = 0; 452do_trapsignal: 453 call_trapsignal(td, ksig.signb, ksig.code); 454out: 455 /* If returning to user mode, make sure to invoke userret() */ 456 if (user) 457 userret(td, tf, sticks); 458} 459 460/* 461 * dab_fatal() handles the following data aborts: 462 * 463 * FAULT_WRTBUF_0 - Vector Exception 464 * FAULT_WRTBUF_1 - Terminal Exception 465 * 466 * We should never see these on a properly functioning system. 467 * 468 * This function is also called by the other handlers if they 469 * detect a fatal problem. 470 * 471 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort. 472 */ 473static int 474dab_fatal(trapframe_t *tf, u_int fsr, u_int far, struct thread *td, struct ksig *ksig) 475{ 476 const char *mode; 477 478 mode = TRAP_USERMODE(tf) ? "user" : "kernel"; 479 480 if (td != NULL) { 481 printf("Fatal %s mode data abort: '%s'\n", mode, 482 data_aborts[fsr & FAULT_TYPE_MASK].desc); 483 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr); 484 if ((fsr & FAULT_IMPRECISE) == 0) 485 printf("%08x, ", far); 486 else 487 printf("Invalid, "); 488 printf("spsr=%08x\n", tf->tf_spsr); 489 } else { 490 printf("Fatal %s mode prefetch abort at 0x%08x\n", 491 mode, tf->tf_pc); 492 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr); 493 } 494 495 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n", 496 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3); 497 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n", 498 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7); 499 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n", 500 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11); 501 printf("r12=%08x, ", tf->tf_r12); 502 503 if (TRAP_USERMODE(tf)) 504 printf("usp=%08x, ulr=%08x", 505 tf->tf_usr_sp, tf->tf_usr_lr); 506 else 507 printf("ssp=%08x, slr=%08x", 508 tf->tf_svc_sp, tf->tf_svc_lr); 509 printf(", pc =%08x\n\n", tf->tf_pc); 510 511#if defined(DDB) || defined(KGDB) 512 kdb_trap(T_FAULT, tf); 513#endif 514 panic("Fatal abort"); 515 /*NOTREACHED*/ 516} 517 518/* 519 * dab_align() handles the following data aborts: 520 * 521 * FAULT_ALIGN_0 - Alignment fault 522 * FAULT_ALIGN_0 - Alignment fault 523 * 524 * These faults are fatal if they happen in kernel mode. Otherwise, we 525 * deliver a bus error to the process. 526 */ 527static int 528dab_align(trapframe_t *tf, u_int fsr, u_int far, struct thread *td, struct ksig *ksig) 529{ 530 531 /* Alignment faults are always fatal if they occur in kernel mode */ 532 if (!TRAP_USERMODE(tf)) { 533 if (!td || !td->td_pcb->pcb_onfault) 534 dab_fatal(tf, fsr, far, td, ksig); 535 tf->tf_r0 = EFAULT; 536 tf->tf_pc = (int)td->td_pcb->pcb_onfault; 537 return (0); 538 } 539 540 /* pcb_onfault *must* be NULL at this point */ 541 542 /* See if the cpu state needs to be fixed up */ 543 (void) data_abort_fixup(tf, fsr, far, td, ksig); 544 545 /* Deliver a bus error signal to the process */ 546 ksig->code = 0; 547 ksig->signb = SIGBUS; 548 td->td_frame = tf; 549 550 return (1); 551} 552 553/* 554 * dab_buserr() handles the following data aborts: 555 * 556 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section 557 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page 558 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section 559 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page 560 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1 561 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2 562 * 563 * If pcb_onfault is set, flag the fault and return to the handler. 564 * If the fault occurred in user mode, give the process a SIGBUS. 565 * 566 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2 567 * can be flagged as imprecise in the FSR. This causes a real headache 568 * since some of the machine state is lost. In this case, tf->tf_pc 569 * may not actually point to the offending instruction. In fact, if 570 * we've taken a double abort fault, it generally points somewhere near 571 * the top of "data_abort_entry" in exception.S. 572 * 573 * In all other cases, these data aborts are considered fatal. 574 */ 575static int 576dab_buserr(trapframe_t *tf, u_int fsr, u_int far, struct thread *td, struct ksig *ksig) 577{ 578 struct pcb *pcb = td->td_pcb; 579 580#ifdef __XSCALE__ 581 if ((fsr & FAULT_IMPRECISE) != 0 && 582 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) { 583 /* 584 * Oops, an imprecise, double abort fault. We've lost the 585 * r14_abt/spsr_abt values corresponding to the original 586 * abort, and the spsr saved in the trapframe indicates 587 * ABT mode. 588 */ 589 tf->tf_spsr &= ~PSR_MODE; 590 591 /* 592 * We use a simple heuristic to determine if the double abort 593 * happened as a result of a kernel or user mode access. 594 * If the current trapframe is at the top of the kernel stack, 595 * the fault _must_ have come from user mode. 596 */ 597 if (tf != ((trapframe_t *)pcb->un_32.pcb32_sp) - 1) { 598 /* 599 * Kernel mode. We're either about to die a 600 * spectacular death, or pcb_onfault will come 601 * to our rescue. Either way, the current value 602 * of tf->tf_pc is irrelevant. 603 */ 604 tf->tf_spsr |= PSR_SVC32_MODE; 605 if (pcb->pcb_onfault == NULL) 606 printf("\nKernel mode double abort!\n"); 607 } else { 608 /* 609 * User mode. We've lost the program counter at the 610 * time of the fault (not that it was accurate anyway; 611 * it's not called an imprecise fault for nothing). 612 * About all we can do is copy r14_usr to tf_pc and 613 * hope for the best. The process is about to get a 614 * SIGBUS, so it's probably history anyway. 615 */ 616 tf->tf_spsr |= PSR_USR32_MODE; 617 tf->tf_pc = tf->tf_usr_lr; 618 } 619 } 620 621 /* FAR is invalid for imprecise exceptions */ 622 if ((fsr & FAULT_IMPRECISE) != 0) 623 far = 0; 624#endif /* __XSCALE__ */ 625 626 if (pcb->pcb_onfault) { 627 tf->tf_r0 = EFAULT; 628 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 629 return (0); 630 } 631 632 /* See if the cpu state needs to be fixed up */ 633 (void) data_abort_fixup(tf, fsr, far, td, ksig); 634 635 /* 636 * At this point, if the fault happened in kernel mode, we're toast 637 */ 638 if (!TRAP_USERMODE(tf)) 639 dab_fatal(tf, fsr, far, td, ksig); 640 641 /* Deliver a bus error signal to the process */ 642 ksig->signb = SIGBUS; 643 ksig->code = 0; 644 td->td_frame = tf; 645 646 return (1); 647} 648 649static __inline int 650prefetch_abort_fixup(trapframe_t *tf, struct ksig *ksig) 651{ 652#ifdef CPU_ABORT_FIXUP_REQUIRED 653 int error; 654 655 /* Call the cpu specific prefetch abort fixup routine */ 656 error = cpu_prefetchabt_fixup(tf); 657 if (__predict_true(error != ABORT_FIXUP_FAILED)) 658 return (error); 659 660 /* 661 * Oops, couldn't fix up the instruction 662 */ 663 printf( 664 "prefetch_abort_fixup: fixup for %s mode prefetch abort failed.\n", 665 TRAP_USERMODE(tf) ? "user" : "kernel"); 666 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 667 *((u_int *)tf->tf_pc)); 668 disassemble(tf->tf_pc); 669 670 /* Die now if this happened in kernel mode */ 671 if (!TRAP_USERMODE(tf)) 672 dab_fatal(tf, 0, tf->tf_pc, NULL, ksig); 673 674 return (error); 675#else 676 return (ABORT_FIXUP_OK); 677#endif /* CPU_ABORT_FIXUP_REQUIRED */ 678} 679 680/* 681 * void prefetch_abort_handler(trapframe_t *tf) 682 * 683 * Abort handler called when instruction execution occurs at 684 * a non existent or restricted (access permissions) memory page. 685 * If the address is invalid and we were in SVC mode then panic as 686 * the kernel should never prefetch abort. 687 * If the address is invalid and the page is mapped then the user process 688 * does no have read permission so send it a signal. 689 * Otherwise fault the page in and try again. 690 */ 691void 692prefetch_abort_handler(trapframe_t *tf) 693{ 694 struct thread *td; 695 struct proc * p; 696 struct vm_map *map; 697 vm_offset_t fault_pc, va; 698 int error = 0; 699 u_int sticks = 0; 700 struct ksig ksig; 701 702 703#if 0 704 /* Update vmmeter statistics */ 705 uvmexp.traps++; 706#endif 707#if 0 708 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc, 709 (void*)tf->tf_usr_lr); 710#endif 711 712 td = curthread; 713 p = td->td_proc; 714 715 if (TRAP_USERMODE(tf)) { 716 td->td_frame = tf; 717 if (td->td_ucred != td->td_proc->p_ucred) 718 cred_update_thread(td); 719 if (td->td_proc->p_flag & P_SA) 720 thread_user_enter(td); 721 } 722 fault_pc = tf->tf_pc; 723 if (td->td_critnest == 0 && 724 __predict_true((tf->tf_spsr & I32_bit) == 0)) 725 enable_interrupts(I32_bit); 726 727 728 /* See if the cpu state needs to be fixed up */ 729 switch (prefetch_abort_fixup(tf, &ksig)) { 730 case ABORT_FIXUP_RETURN: 731 return; 732 case ABORT_FIXUP_FAILED: 733 /* Deliver a SIGILL to the process */ 734 ksig.signb = SIGILL; 735 ksig.code = 0; 736 td->td_frame = tf; 737 goto do_trapsignal; 738 default: 739 break; 740 } 741 742 /* Prefetch aborts cannot happen in kernel mode */ 743 if (__predict_false(!TRAP_USERMODE(tf))) 744 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig); 745 sticks = td->td_sticks; 746 747 748 /* Ok validate the address, can only execute in USER space */ 749 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS || 750 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) { 751 ksig.signb = SIGSEGV; 752 ksig.code = 0; 753 goto do_trapsignal; 754 } 755 756 map = &td->td_proc->p_vmspace->vm_map; 757 va = trunc_page(fault_pc); 758 759 /* 760 * See if the pmap can handle this fault on its own... 761 */ 762#ifdef DEBUG 763 last_fault_code = -1; 764#endif 765 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1)) 766 goto out; 767 768 if (map != kernel_map) { 769 PROC_LOCK(p); 770 p->p_lock++; 771 PROC_UNLOCK(p); 772 } 773 774 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE, 775 VM_FAULT_NORMAL); 776 if (map != kernel_map) { 777 PROC_LOCK(p); 778 p->p_lock--; 779 PROC_UNLOCK(p); 780 } 781 782 if (__predict_true(error == 0)) 783 goto out; 784 785 if (error == ENOMEM) { 786 printf("VM: pid %d (%s), uid %d killed: " 787 "out of swap\n", td->td_proc->p_pid, td->td_proc->p_comm, 788 (td->td_proc->p_ucred) ? 789 td->td_proc->p_ucred->cr_uid : -1); 790 ksig.signb = SIGKILL; 791 } else { 792 ksig.signb = SIGSEGV; 793 } 794 ksig.code = 0; 795 796do_trapsignal: 797 call_trapsignal(td, ksig.signb, ksig.code); 798 799out: 800 userret(td, tf, sticks); 801 802} 803 804extern int badaddr_read_1(const uint8_t *, uint8_t *); 805extern int badaddr_read_2(const uint16_t *, uint16_t *); 806extern int badaddr_read_4(const uint32_t *, uint32_t *); 807/* 808 * Tentatively read an 8, 16, or 32-bit value from 'addr'. 809 * If the read succeeds, the value is written to 'rptr' and zero is returned. 810 * Else, return EFAULT. 811 */ 812int 813badaddr_read(void *addr, size_t size, void *rptr) 814{ 815 union { 816 uint8_t v1; 817 uint16_t v2; 818 uint32_t v4; 819 } u; 820 int rv; 821 822 cpu_drain_writebuf(); 823 824 /* Read from the test address. */ 825 switch (size) { 826 case sizeof(uint8_t): 827 rv = badaddr_read_1(addr, &u.v1); 828 if (rv == 0 && rptr) 829 *(uint8_t *) rptr = u.v1; 830 break; 831 832 case sizeof(uint16_t): 833 rv = badaddr_read_2(addr, &u.v2); 834 if (rv == 0 && rptr) 835 *(uint16_t *) rptr = u.v2; 836 break; 837 838 case sizeof(uint32_t): 839 rv = badaddr_read_4(addr, &u.v4); 840 if (rv == 0 && rptr) 841 *(uint32_t *) rptr = u.v4; 842 break; 843 844 default: 845 panic("badaddr: invalid size (%lu)", (u_long) size); 846 } 847 848 /* Return EFAULT if the address was invalid, else zero */ 849 return (rv); 850} 851 852#define MAXARGS 8 853static void 854syscall(struct thread *td, trapframe_t *frame, u_int32_t insn) 855{ 856 struct proc *p = td->td_proc; 857 int code, error; 858 u_int nap, nargs; 859 register_t *ap, *args, copyargs[MAXARGS]; 860 struct sysent *callp; 861 int locked = 0; 862 u_int sticks = 0; 863 864 sticks = td->td_sticks; 865 if (td->td_ucred != td->td_proc->p_ucred) 866 cred_update_thread(td); 867 switch (insn & SWI_OS_MASK) { 868 case 0: /* XXX: we need our own one. */ 869 nap = 4; 870 break; 871 default: 872 trapsignal(td, SIGILL, 0); 873 userret(td, frame, td->td_sticks); 874 return; 875 } 876 code = insn & 0x000fffff; 877 sticks = td->td_sticks; 878 ap = &frame->tf_r0; 879 if (code == SYS_syscall) { 880 code = *ap++; 881 882 nap--; 883 } else if (code == SYS___syscall) { 884 code = *ap++; 885 nap -= 2; 886 ap++; 887 } 888 if (p->p_sysent->sv_mask) 889 code &= p->p_sysent->sv_mask; 890 if (code >= p->p_sysent->sv_size) 891 callp = &p->p_sysent->sv_table[0]; 892 else 893 callp = &p->p_sysent->sv_table[code]; 894 nargs = callp->sy_narg & SYF_ARGMASK; 895 memcpy(copyargs, ap, nap * sizeof(register_t)); 896 if (nargs > nap) { 897 error = copyin((void *)frame->tf_usr_sp, copyargs + nap, 898 (nargs - nap) * sizeof(register_t)); 899 if (error) 900 goto bad; 901 } 902 args = copyargs; 903 error = 0; 904#ifdef KTRACE 905 if (KTRPOINT(td, KTR_SYSCALL)) 906 ktrsyscall(code, nargs, args); 907#endif 908 909 if ((callp->sy_narg & SYF_MPSAFE) == 0) 910 mtx_lock(&Giant); 911 locked = 1; 912 if (error == 0) { 913 td->td_retval[0] = 0; 914 td->td_retval[1] = 0; 915 error = (*callp->sy_call)(td, args); 916 } 917 switch (error) { 918 case 0: 919 frame->tf_r0 = td->td_retval[0]; 920 frame->tf_r1 = td->td_retval[1]; 921 922 frame->tf_spsr &= ~PSR_C_bit; /* carry bit */ 923 break; 924 925 case ERESTART: 926 /* 927 * Reconstruct the pc to point at the swi. 928 */ 929 frame->tf_pc -= INSN_SIZE; 930 break; 931 case EJUSTRETURN: 932 /* nothing to do */ 933 break; 934 default: 935bad: 936 frame->tf_r0 = error; 937 frame->tf_spsr |= PSR_C_bit; /* carry bit */ 938 break; 939 } 940 if (locked && (callp->sy_narg & SYF_MPSAFE) == 0) 941 mtx_unlock(&Giant); 942 943 944 userret(td, frame, sticks); 945#ifdef KTRACE 946 if (KTRPOINT(td, KTR_SYSRET)) 947 ktrsysret(code, error, td->td_retval[0]); 948#endif 949 mtx_assert(&sched_lock, MA_NOTOWNED); 950 mtx_assert(&Giant, MA_NOTOWNED); 951} 952 953void 954swi_handler(trapframe_t *frame) 955{ 956 struct thread *td = curthread; 957 uint32_t insn; 958 959 td->td_frame = frame; 960 961 if (td->td_proc->p_flag & P_SA) 962 thread_user_enter(td); 963 /* 964 * Make sure the program counter is correctly aligned so we 965 * don't take an alignment fault trying to read the opcode. 966 */ 967 if (__predict_false(((frame->tf_pc - INSN_SIZE) & 3) != 0)) { 968 trapsignal(td, SIGILL, 0); 969 userret(td, frame, td->td_sticks); 970 return; 971 } 972 insn = *(u_int32_t *)(frame->tf_pc - INSN_SIZE); 973 /* 974 * Enable interrupts if they were enabled before the exception. 975 * Since all syscalls *should* come from user mode it will always 976 * be safe to enable them, but check anyway. 977 */ 978 if (td->td_critnest == 0 && !(frame->tf_spsr & I32_bit)) 979 enable_interrupts(I32_bit); 980 981 syscall(td, frame, insn); 982} 983 984