trap.c revision 199135
1/*- 2 * Copyright (c) 2001, Jake Burkholder 3 * Copyright (C) 1994, David Greenman 4 * Copyright (c) 1990, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * the University of Utah, and William Jolitz. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91 39 * from: FreeBSD: src/sys/i386/i386/trap.c,v 1.197 2001/07/19 40 */ 41 42#include <sys/cdefs.h> 43__FBSDID("$FreeBSD: head/sys/sparc64/sparc64/trap.c 199135 2009-11-10 11:43:07Z kib $"); 44 45#include "opt_ddb.h" 46#include "opt_ktr.h" 47#include "opt_ktrace.h" 48 49#include <sys/param.h> 50#include <sys/kdb.h> 51#include <sys/kernel.h> 52#include <sys/bus.h> 53#include <sys/interrupt.h> 54#include <sys/ktr.h> 55#include <sys/lock.h> 56#include <sys/mutex.h> 57#include <sys/systm.h> 58#include <sys/pioctl.h> 59#include <sys/ptrace.h> 60#include <sys/proc.h> 61#include <sys/smp.h> 62#include <sys/signalvar.h> 63#include <sys/syscall.h> 64#include <sys/sysctl.h> 65#include <sys/sysent.h> 66#include <sys/vmmeter.h> 67#ifdef KTRACE 68#include <sys/uio.h> 69#include <sys/ktrace.h> 70#endif 71#include <security/audit/audit.h> 72 73#include <dev/ofw/openfirm.h> 74 75#include <vm/vm.h> 76#include <vm/pmap.h> 77#include <vm/vm_extern.h> 78#include <vm/vm_param.h> 79#include <vm/vm_kern.h> 80#include <vm/vm_map.h> 81#include <vm/vm_page.h> 82 83#include <machine/cpu.h> 84#include <machine/frame.h> 85#include <machine/intr_machdep.h> 86#include <machine/ofw_machdep.h> 87#include <machine/smp.h> 88#include <machine/trap.h> 89#include <machine/tstate.h> 90#include <machine/tte.h> 91#include <machine/tlb.h> 92#include <machine/tsb.h> 93#include <machine/watch.h> 94 95void trap(struct trapframe *tf); 96void syscall(struct trapframe *tf); 97 98static int trap_pfault(struct thread *td, struct trapframe *tf); 99 100extern char copy_fault[]; 101extern char copy_nofault_begin[]; 102extern char copy_nofault_end[]; 103 104extern char fs_fault[]; 105extern char fs_nofault_begin[]; 106extern char fs_nofault_end[]; 107extern char fs_nofault_intr_begin[]; 108extern char fs_nofault_intr_end[]; 109 110extern char fas_fault[]; 111extern char fas_nofault_begin[]; 112extern char fas_nofault_end[]; 113 114extern char *syscallnames[]; 115 116const char *const trap_msg[] = { 117 "reserved", 118 "instruction access exception", 119 "instruction access error", 120 "instruction access protection", 121 "illtrap instruction", 122 "illegal instruction", 123 "privileged opcode", 124 "floating point disabled", 125 "floating point exception ieee 754", 126 "floating point exception other", 127 "tag overflow", 128 "division by zero", 129 "data access exception", 130 "data access error", 131 "data access protection", 132 "memory address not aligned", 133 "privileged action", 134 "async data error", 135 "trap instruction 16", 136 "trap instruction 17", 137 "trap instruction 18", 138 "trap instruction 19", 139 "trap instruction 20", 140 "trap instruction 21", 141 "trap instruction 22", 142 "trap instruction 23", 143 "trap instruction 24", 144 "trap instruction 25", 145 "trap instruction 26", 146 "trap instruction 27", 147 "trap instruction 28", 148 "trap instruction 29", 149 "trap instruction 30", 150 "trap instruction 31", 151 "fast instruction access mmu miss", 152 "fast data access mmu miss", 153 "interrupt", 154 "physical address watchpoint", 155 "virtual address watchpoint", 156 "corrected ecc error", 157 "spill", 158 "fill", 159 "fill", 160 "breakpoint", 161 "clean window", 162 "range check", 163 "fix alignment", 164 "integer overflow", 165 "syscall", 166 "restore physical watchpoint", 167 "restore virtual watchpoint", 168 "kernel stack fault", 169}; 170 171static const int trap_sig[] = { 172 SIGILL, /* reserved */ 173 SIGILL, /* instruction access exception */ 174 SIGILL, /* instruction access error */ 175 SIGILL, /* instruction access protection */ 176 SIGILL, /* illtrap instruction */ 177 SIGILL, /* illegal instruction */ 178 SIGBUS, /* privileged opcode */ 179 SIGFPE, /* floating point disabled */ 180 SIGFPE, /* floating point exception ieee 754 */ 181 SIGFPE, /* floating point exception other */ 182 SIGEMT, /* tag overflow */ 183 SIGFPE, /* division by zero */ 184 SIGILL, /* data access exception */ 185 SIGILL, /* data access error */ 186 SIGBUS, /* data access protection */ 187 SIGBUS, /* memory address not aligned */ 188 SIGBUS, /* privileged action */ 189 SIGBUS, /* async data error */ 190 SIGILL, /* trap instruction 16 */ 191 SIGILL, /* trap instruction 17 */ 192 SIGILL, /* trap instruction 18 */ 193 SIGILL, /* trap instruction 19 */ 194 SIGILL, /* trap instruction 20 */ 195 SIGILL, /* trap instruction 21 */ 196 SIGILL, /* trap instruction 22 */ 197 SIGILL, /* trap instruction 23 */ 198 SIGILL, /* trap instruction 24 */ 199 SIGILL, /* trap instruction 25 */ 200 SIGILL, /* trap instruction 26 */ 201 SIGILL, /* trap instruction 27 */ 202 SIGILL, /* trap instruction 28 */ 203 SIGILL, /* trap instruction 29 */ 204 SIGILL, /* trap instruction 30 */ 205 SIGILL, /* trap instruction 31 */ 206 SIGSEGV, /* fast instruction access mmu miss */ 207 SIGSEGV, /* fast data access mmu miss */ 208 -1, /* interrupt */ 209 -1, /* physical address watchpoint */ 210 -1, /* virtual address watchpoint */ 211 -1, /* corrected ecc error */ 212 SIGILL, /* spill */ 213 SIGILL, /* fill */ 214 SIGILL, /* fill */ 215 SIGTRAP, /* breakpoint */ 216 SIGILL, /* clean window */ 217 SIGILL, /* range check */ 218 SIGILL, /* fix alignment */ 219 SIGILL, /* integer overflow */ 220 SIGSYS, /* syscall */ 221 -1, /* restore physical watchpoint */ 222 -1, /* restore virtual watchpoint */ 223 -1, /* kernel stack fault */ 224}; 225 226CTASSERT(sizeof(struct trapframe) == 256); 227 228int debugger_on_signal = 0; 229SYSCTL_INT(_debug, OID_AUTO, debugger_on_signal, CTLFLAG_RW, 230 &debugger_on_signal, 0, ""); 231 232/* 233 * SUNW,set-trap-table allows to take over %tba from the PROM, which 234 * will turn off interrupts and handle outstanding ones while doing so, 235 * in a safe way. 236 */ 237void 238sun4u_set_traptable(void *tba_addr) 239{ 240 static struct { 241 cell_t name; 242 cell_t nargs; 243 cell_t nreturns; 244 cell_t tba_addr; 245 } args = { 246 (cell_t)"SUNW,set-trap-table", 247 2, 248 }; 249 250 args.tba_addr = (cell_t)tba_addr; 251 ofw_entry(&args); 252} 253 254void 255trap(struct trapframe *tf) 256{ 257 struct thread *td; 258 struct proc *p; 259 int error; 260 int sig; 261 register_t addr; 262 ksiginfo_t ksi; 263 264 td = curthread; 265 266 CTR4(KTR_TRAP, "trap: %p type=%s (%s) pil=%#lx", td, 267 trap_msg[tf->tf_type & ~T_KERNEL], 268 (TRAPF_USERMODE(tf) ? "user" : "kernel"), rdpr(pil)); 269 270 PCPU_INC(cnt.v_trap); 271 272 if ((tf->tf_tstate & TSTATE_PRIV) == 0) { 273 KASSERT(td != NULL, ("trap: curthread NULL")); 274 KASSERT(td->td_proc != NULL, ("trap: curproc NULL")); 275 276 p = td->td_proc; 277 td->td_pticks = 0; 278 td->td_frame = tf; 279 addr = tf->tf_tpc; 280 if (td->td_ucred != p->p_ucred) 281 cred_update_thread(td); 282 283 switch (tf->tf_type) { 284 case T_DATA_MISS: 285 case T_DATA_PROTECTION: 286 addr = tf->tf_sfar; 287 /* FALLTHROUGH */ 288 case T_INSTRUCTION_MISS: 289 sig = trap_pfault(td, tf); 290 break; 291 case T_FILL: 292 sig = rwindow_load(td, tf, 2); 293 break; 294 case T_FILL_RET: 295 sig = rwindow_load(td, tf, 1); 296 break; 297 case T_SPILL: 298 sig = rwindow_save(td); 299 break; 300 default: 301 if (tf->tf_type < 0 || tf->tf_type >= T_MAX || 302 trap_sig[tf->tf_type] == -1) 303 panic("trap: bad trap type"); 304 sig = trap_sig[tf->tf_type]; 305 break; 306 } 307 308 if (sig != 0) { 309 /* Translate fault for emulators. */ 310 if (p->p_sysent->sv_transtrap != NULL) { 311 sig = p->p_sysent->sv_transtrap(sig, 312 tf->tf_type); 313 } 314 if (debugger_on_signal && 315 (sig == 4 || sig == 10 || sig == 11)) 316 kdb_enter(KDB_WHY_TRAPSIG, "trapsig"); 317 ksiginfo_init_trap(&ksi); 318 ksi.ksi_signo = sig; 319 ksi.ksi_code = (int)tf->tf_type; /* XXX not POSIX */ 320 ksi.ksi_addr = (void *)addr; 321 ksi.ksi_trapno = (int)tf->tf_type; 322 trapsignal(td, &ksi); 323 } 324 325 userret(td, tf); 326 mtx_assert(&Giant, MA_NOTOWNED); 327 } else { 328 KASSERT((tf->tf_type & T_KERNEL) != 0, 329 ("trap: kernel trap isn't")); 330 331 if (kdb_active) { 332 kdb_reenter(); 333 return; 334 } 335 336 switch (tf->tf_type & ~T_KERNEL) { 337 case T_BREAKPOINT: 338 case T_KSTACK_FAULT: 339 error = (kdb_trap(tf->tf_type, 0, tf) == 0); 340 TF_DONE(tf); 341 break; 342#ifdef notyet 343 case T_PA_WATCHPOINT: 344 case T_VA_WATCHPOINT: 345 error = db_watch_trap(tf); 346 break; 347#endif 348 case T_DATA_MISS: 349 case T_DATA_PROTECTION: 350 case T_INSTRUCTION_MISS: 351 error = trap_pfault(td, tf); 352 break; 353 case T_DATA_EXCEPTION: 354 case T_MEM_ADDRESS_NOT_ALIGNED: 355 if ((tf->tf_sfsr & MMU_SFSR_FV) != 0 && 356 MMU_SFSR_GET_ASI(tf->tf_sfsr) == ASI_AIUP) { 357 if (tf->tf_tpc >= (u_long)copy_nofault_begin && 358 tf->tf_tpc <= (u_long)copy_nofault_end) { 359 tf->tf_tpc = (u_long)copy_fault; 360 tf->tf_tnpc = tf->tf_tpc + 4; 361 error = 0; 362 break; 363 } 364 if (tf->tf_tpc >= (u_long)fs_nofault_begin && 365 tf->tf_tpc <= (u_long)fs_nofault_end) { 366 tf->tf_tpc = (u_long)fs_fault; 367 tf->tf_tnpc = tf->tf_tpc + 4; 368 error = 0; 369 break; 370 } 371 } 372 error = 1; 373 break; 374 case T_DATA_ERROR: 375 /* 376 * Handle PCI poke/peek as per UltraSPARC IIi 377 * User's Manual 16.2.1, modulo checking the 378 * TPC as USIII CPUs generate a precise trap 379 * instead of a special deferred one. 380 */ 381 if (tf->tf_tpc > (u_long)fas_nofault_begin && 382 tf->tf_tpc < (u_long)fas_nofault_end) { 383 cache_flush(); 384 cache_enable(); 385 tf->tf_tpc = (u_long)fas_fault; 386 tf->tf_tnpc = tf->tf_tpc + 4; 387 error = 0; 388 break; 389 } 390 error = 1; 391 break; 392 default: 393 error = 1; 394 break; 395 } 396 397 if (error != 0) 398 panic("trap: %s", trap_msg[tf->tf_type & ~T_KERNEL]); 399 } 400 CTR1(KTR_TRAP, "trap: td=%p return", td); 401} 402 403static int 404trap_pfault(struct thread *td, struct trapframe *tf) 405{ 406 struct vmspace *vm; 407 struct proc *p; 408 vm_offset_t va; 409 vm_prot_t prot; 410 vm_map_entry_t entry; 411 u_long ctx; 412 int flags; 413 int type; 414 int rv; 415 416 if (td == NULL) 417 return (-1); 418 KASSERT(td->td_pcb != NULL, ("trap_pfault: pcb NULL")); 419 KASSERT(td->td_proc != NULL, ("trap_pfault: curproc NULL")); 420 KASSERT(td->td_proc->p_vmspace != NULL, ("trap_pfault: vmspace NULL")); 421 422 p = td->td_proc; 423 424 rv = KERN_SUCCESS; 425 ctx = TLB_TAR_CTX(tf->tf_tar); 426 type = tf->tf_type & ~T_KERNEL; 427 va = TLB_TAR_VA(tf->tf_tar); 428 429 CTR4(KTR_TRAP, "trap_pfault: td=%p pm_ctx=%#lx va=%#lx ctx=%#lx", 430 td, p->p_vmspace->vm_pmap.pm_context[curcpu], va, ctx); 431 432 if (type == T_DATA_PROTECTION) { 433 prot = VM_PROT_WRITE; 434 flags = VM_FAULT_DIRTY; 435 } else { 436 if (type == T_DATA_MISS) 437 prot = VM_PROT_READ; 438 else 439 prot = VM_PROT_READ | VM_PROT_EXECUTE; 440 flags = VM_FAULT_NORMAL; 441 } 442 443 if (ctx != TLB_CTX_KERNEL) { 444 if ((tf->tf_tstate & TSTATE_PRIV) != 0 && 445 (tf->tf_tpc >= (u_long)fs_nofault_intr_begin && 446 tf->tf_tpc <= (u_long)fs_nofault_intr_end)) { 447 tf->tf_tpc = (u_long)fs_fault; 448 tf->tf_tnpc = tf->tf_tpc + 4; 449 return (0); 450 } 451 452 /* 453 * This is a fault on non-kernel virtual memory. 454 */ 455 vm = p->p_vmspace; 456 457 /* 458 * Keep swapout from messing with us during this 459 * critical time. 460 */ 461 PROC_LOCK(p); 462 ++p->p_lock; 463 PROC_UNLOCK(p); 464 465 /* Fault in the user page. */ 466 rv = vm_fault(&vm->vm_map, va, prot, flags); 467 468 /* 469 * Now the process can be swapped again. 470 */ 471 PROC_LOCK(p); 472 --p->p_lock; 473 PROC_UNLOCK(p); 474 } else { 475 /* 476 * This is a fault on kernel virtual memory. Attempts to 477 * access kernel memory from user mode cause privileged 478 * action traps, not page fault. 479 */ 480 KASSERT(tf->tf_tstate & TSTATE_PRIV, 481 ("trap_pfault: fault on nucleus context from user mode")); 482 483 if (tf->tf_tpc >= (u_long)copy_nofault_begin && 484 tf->tf_tpc <= (u_long)copy_nofault_end) { 485 vm_map_lock_read(kernel_map); 486 if (vm_map_lookup_entry(kernel_map, va, &entry) && 487 (entry->eflags & MAP_ENTRY_NOFAULT) != 0) { 488 tf->tf_tpc = (u_long)copy_fault; 489 tf->tf_tnpc = tf->tf_tpc + 4; 490 vm_map_unlock_read(kernel_map); 491 return (0); 492 } 493 vm_map_unlock_read(kernel_map); 494 } 495 496 /* 497 * We don't have to worry about process locking or stacks in 498 * the kernel. 499 */ 500 rv = vm_fault(kernel_map, va, prot, VM_FAULT_NORMAL); 501 } 502 503 CTR3(KTR_TRAP, "trap_pfault: return td=%p va=%#lx rv=%d", 504 td, va, rv); 505 if (rv == KERN_SUCCESS) 506 return (0); 507 if (ctx != TLB_CTX_KERNEL && (tf->tf_tstate & TSTATE_PRIV) != 0) { 508 if (tf->tf_tpc >= (u_long)fs_nofault_begin && 509 tf->tf_tpc <= (u_long)fs_nofault_end) { 510 tf->tf_tpc = (u_long)fs_fault; 511 tf->tf_tnpc = tf->tf_tpc + 4; 512 return (0); 513 } 514 if (tf->tf_tpc >= (u_long)copy_nofault_begin && 515 tf->tf_tpc <= (u_long)copy_nofault_end) { 516 tf->tf_tpc = (u_long)copy_fault; 517 tf->tf_tnpc = tf->tf_tpc + 4; 518 return (0); 519 } 520 } 521 return ((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV); 522} 523 524/* Maximum number of arguments that can be passed via the out registers. */ 525#define REG_MAXARGS 6 526 527/* 528 * Syscall handler. The arguments to the syscall are passed in the o registers 529 * by the caller, and are saved in the trap frame. The syscall number is passed 530 * in %g1 (and also saved in the trap frame). 531 */ 532void 533syscall(struct trapframe *tf) 534{ 535 struct sysent *callp; 536 struct thread *td; 537 register_t args[8]; 538 register_t *argp; 539 struct proc *p; 540 u_long code; 541 int reg; 542 int regcnt; 543 int narg; 544 int error; 545 546 td = curthread; 547 KASSERT(td != NULL, ("trap: curthread NULL")); 548 KASSERT(td->td_proc != NULL, ("trap: curproc NULL")); 549 550 p = td->td_proc; 551 552 PCPU_INC(cnt.v_syscall); 553 554 td->td_pticks = 0; 555 td->td_frame = tf; 556 if (td->td_ucred != p->p_ucred) 557 cred_update_thread(td); 558 code = tf->tf_global[1]; 559 560 /* 561 * For syscalls, we don't want to retry the faulting instruction 562 * (usually), instead we need to advance one instruction. 563 */ 564 td->td_pcb->pcb_tpc = tf->tf_tpc; 565 TF_DONE(tf); 566 567 reg = 0; 568 regcnt = REG_MAXARGS; 569 if (p->p_sysent->sv_prepsyscall) { 570 /* 571 * The prep code is MP aware. 572 */ 573#if 0 574 (*p->p_sysent->sv_prepsyscall)(tf, args, &code, ¶ms); 575#endif 576 } else if (code == SYS_syscall || code == SYS___syscall) { 577 code = tf->tf_out[reg++]; 578 regcnt--; 579 } 580 581 if (p->p_sysent->sv_mask) 582 code &= p->p_sysent->sv_mask; 583 584 if (code >= p->p_sysent->sv_size) 585 callp = &p->p_sysent->sv_table[0]; 586 else 587 callp = &p->p_sysent->sv_table[code]; 588 589 narg = callp->sy_narg; 590 591 KASSERT(narg <= sizeof(args) / sizeof(args[0]), 592 ("Too many syscall arguments!")); 593 error = 0; 594 argp = args; 595 bcopy(&tf->tf_out[reg], args, sizeof(args[0]) * regcnt); 596 if (narg > regcnt) 597 error = copyin((void *)(tf->tf_out[6] + SPOFF + 598 offsetof(struct frame, fr_pad[6])), 599 &args[regcnt], (narg - regcnt) * sizeof(args[0])); 600 601 CTR5(KTR_SYSC, "syscall: td=%p %s(%#lx, %#lx, %#lx)", td, 602 syscallnames[code], argp[0], argp[1], argp[2]); 603 604#ifdef KTRACE 605 if (KTRPOINT(td, KTR_SYSCALL)) 606 ktrsyscall(code, narg, argp); 607#endif 608 609 td->td_syscalls++; 610 611 if (error == 0) { 612 td->td_retval[0] = 0; 613 td->td_retval[1] = 0; 614 615 STOPEVENT(p, S_SCE, narg); /* MP aware */ 616 617 PTRACESTOP_SC(p, td, S_PT_SCE); 618 619 AUDIT_SYSCALL_ENTER(code, td); 620 error = (*callp->sy_call)(td, argp); 621 AUDIT_SYSCALL_EXIT(error, td); 622 623 CTR5(KTR_SYSC, "syscall: p=%p error=%d %s return %#lx %#lx ", p, 624 error, syscallnames[code], td->td_retval[0], 625 td->td_retval[1]); 626 } 627 628 cpu_set_syscall_retval(td, error); 629 630 /* 631 * Check for misbehavior. 632 */ 633 WITNESS_WARN(WARN_PANIC, NULL, "System call %s returning", 634 (code >= 0 && code < SYS_MAXSYSCALL) ? syscallnames[code] : "???"); 635 KASSERT(td->td_critnest == 0, 636 ("System call %s returning in a critical section", 637 (code >= 0 && code < SYS_MAXSYSCALL) ? syscallnames[code] : "???")); 638 KASSERT(td->td_locks == 0, 639 ("System call %s returning with %d locks held", 640 (code >= 0 && code < SYS_MAXSYSCALL) ? syscallnames[code] : "???", 641 td->td_locks)); 642 643 /* 644 * Handle reschedule and other end-of-syscall issues 645 */ 646 userret(td, tf); 647 648#ifdef KTRACE 649 if (KTRPOINT(td, KTR_SYSRET)) 650 ktrsysret(code, error, td->td_retval[0]); 651#endif 652 /* 653 * This works because errno is findable through the 654 * register set. If we ever support an emulation where this 655 * is not the case, this code will need to be revisited. 656 */ 657 STOPEVENT(p, S_SCX, code); 658 659 PTRACESTOP_SC(p, td, S_PT_SCX); 660} 661