1/* $NetBSD: trap.c,v 1.201 2023/10/05 19:41:05 ad Exp $ */ 2 3/* 4 * Copyright (c) 1996 5 * The President and Fellows of Harvard College. All rights reserved. 6 * Copyright (c) 1992, 1993 7 * The Regents of the University of California. All rights reserved. 8 * 9 * This software was developed by the Computer Systems Engineering group 10 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and 11 * contributed to Berkeley. 12 * 13 * All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Lawrence Berkeley Laboratory. 17 * This product includes software developed by Harvard University. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 3. All advertising materials mentioning features or use of this software 28 * must display the following acknowledgement: 29 * This product includes software developed by the University of 30 * California, Berkeley and its contributors. 31 * This product includes software developed by Harvard University. 32 * 4. Neither the name of the University nor the names of its contributors 33 * may be used to endorse or promote products derived from this software 34 * without specific prior written permission. 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 37 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 39 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 40 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 41 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 42 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 44 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 45 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 46 * SUCH DAMAGE. 47 * 48 * @(#)trap.c 8.4 (Berkeley) 9/23/93 49 */ 50 51#include <sys/cdefs.h> 52__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.201 2023/10/05 19:41:05 ad Exp $"); 53 54#include "opt_ddb.h" 55#include "opt_compat_sunos.h" 56#include "opt_sparc_arch.h" 57#include "opt_multiprocessor.h" 58 59#include <sys/param.h> 60#include <sys/systm.h> 61#include <sys/proc.h> 62#include <sys/kernel.h> 63#include <sys/kmem.h> 64#include <sys/resource.h> 65#include <sys/signal.h> 66#include <sys/wait.h> 67#include <sys/syscall.h> 68#include <sys/syslog.h> 69#include <sys/kauth.h> 70 71#include <uvm/uvm_extern.h> 72 73#include <sparc/sparc/asm.h> 74#include <machine/cpu.h> 75#include <machine/ctlreg.h> 76#include <machine/trap.h> 77#include <machine/instr.h> 78#include <machine/pcb.h> 79#include <machine/pmap.h> 80#include <machine/userret.h> 81#include <machine/locore.h> 82 83#ifdef DDB 84#include <machine/db_machdep.h> 85#else 86#include <machine/frame.h> 87#endif 88#ifdef COMPAT_SUNOS 89#include <compat/sunos/sunos_exec.h> 90#define SUNOS_MAXSADDR_SLOP (32 * 1024) 91#endif 92 93#include <sparc/fpu/fpu_extern.h> 94#include <sparc/sparc/memreg.h> 95#include <sparc/sparc/cpuvar.h> 96 97#ifdef DEBUG 98int rwindow_debug = 0; 99#endif 100 101/* 102 * Initial FPU state is all registers == all 1s, everything else == all 0s. 103 * This makes every floating point register a signalling NaN, with sign bit 104 * set, no matter how it is interpreted. Appendix N of the Sparc V8 document 105 * seems to imply that we should do this, and it does make sense. 106 */ 107struct fpstate initfpstate = { 108 .fs_reg = { 109 .fr_regs = { 110 ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, 111 ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, 112 }, 113 .fr_fsr = 0, 114 }, 115 .fs_qsize = 0, 116 .fs_queue = { { 117 .fq_addr = NULL, 118 .fq_instr = 0, 119 }, }, 120}; 121 122/* 123 * There are more than 100 trap types, but most are unused. 124 * 125 * Trap type 0 is taken over as an `Asynchronous System Trap'. 126 * This is left-over Vax emulation crap that should be fixed. 127 */ 128static const char T[] = "trap"; 129const char *trap_type[] = { 130 /* non-user vectors */ 131 "ast", /* 0 */ 132 "text fault", /* 1 */ 133 "illegal instruction", /* 2 */ 134 "privileged instruction",/*3 */ 135 "fp disabled", /* 4 */ 136 "window overflow", /* 5 */ 137 "window underflow", /* 6 */ 138 "alignment fault", /* 7 */ 139 "fp exception", /* 8 */ 140 "data fault", /* 9 */ 141 "tag overflow", /* 0a */ 142 "watchpoint", /* 0b */ 143 T, T, T, T, T, /* 0c..10 */ 144 "level 1 int", /* 11 */ 145 "level 2 int", /* 12 */ 146 "level 3 int", /* 13 */ 147 "level 4 int", /* 14 */ 148 "level 5 int", /* 15 */ 149 "level 6 int", /* 16 */ 150 "level 7 int", /* 17 */ 151 "level 8 int", /* 18 */ 152 "level 9 int", /* 19 */ 153 "level 10 int", /* 1a */ 154 "level 11 int", /* 1b */ 155 "level 12 int", /* 1c */ 156 "level 13 int", /* 1d */ 157 "level 14 int", /* 1e */ 158 "level 15 int", /* 1f */ 159 "register access error",/* 20 */ 160 "instruction access error",/* 21 */ 161 T, T, /* 22..23 */ 162 "cp disabled", /* 24 */ 163 "unimplemented flush", /* 25 */ 164 T, T, /* 26..27 */ 165 "cp exception", /* 28 */ 166 "data access error", /* 29 */ 167 "hw zero divide", /* 2a */ 168 "data store error", /* 2b */ 169 "data access MMU miss", /* 2c */ 170 T, T, T, /* 2d..2f */ 171 T, T, T, T, T, T, T, T, /* 30..37 */ 172 T, T, T, T, /* 38..3b */ 173 "insn access MMU miss", /* 3c */ 174 T, T, T, /* 3d..3f */ 175 T, T, T, T, T, T, T, T, /* 40..47 */ 176 T, T, T, T, T, T, T, T, /* 48..4f */ 177 T, T, T, T, T, T, T, T, /* 50..57 */ 178 T, T, T, T, T, T, T, T, /* 58..5f */ 179 T, T, T, T, T, T, T, T, /* 60..67 */ 180 T, T, T, T, T, T, T, T, /* 68..6f */ 181 T, T, T, T, T, T, T, T, /* 70..77 */ 182 T, T, T, T, T, T, T, T, /* 78..7f */ 183 184 /* user (software trap) vectors */ 185 "syscall", /* 80 */ 186 "breakpoint", /* 81 */ 187 "zero divide", /* 82 */ 188 "flush windows", /* 83 */ 189 "clean windows", /* 84 */ 190 "range check", /* 85 */ 191 "fix align", /* 86 */ 192 "integer overflow", /* 87 */ 193 "svr4 syscall", /* 88 */ 194 "4.4 syscall", /* 89 */ 195 "kgdb exec", /* 8a */ 196 T, T, T, T, T, /* 8b..8f */ 197 T, T, T, T, T, T, T, T, /* 9a..97 */ 198 T, T, T, T, T, T, T, T, /* 98..9f */ 199 "svr4 getcc", /* a0 */ 200 "svr4 setcc", /* a1 */ 201 "svr4 getpsr", /* a2 */ 202 "svr4 setpsr", /* a3 */ 203 "svr4 gethrtime", /* a4 */ 204 "svr4 gethrvtime", /* a5 */ 205 T, /* a6 */ 206 "svr4 gethrestime", /* a7 */ 207}; 208 209#define N_TRAP_TYPES (sizeof trap_type / sizeof *trap_type) 210 211void trap(unsigned, int, int, struct trapframe *); 212void mem_access_fault(unsigned, int, u_int, int, int, struct trapframe *); 213void mem_access_fault4m(unsigned, u_int, u_int, struct trapframe *); 214 215int ignore_bogus_traps = 1; 216 217/* 218 * Called from locore.s trap handling, for non-MMU-related traps. 219 * (MMU-related traps go through mem_access_fault, below.) 220 */ 221void 222trap(unsigned type, int psr, int pc, struct trapframe *tf) 223{ 224 struct proc *p; 225 struct lwp *l; 226 struct pcb *pcb; 227 int n, s; 228 char bits[64]; 229 u_quad_t sticks; 230 ksiginfo_t ksi; 231 int code, sig; 232 233 /* This steps the PC over the trap. */ 234#define ADVANCE (n = tf->tf_npc, tf->tf_pc = n, tf->tf_npc = n + 4) 235 236 curcpu()->ci_data.cpu_ntrap++; 237 /* 238 * Generally, kernel traps cause a panic. Any exceptions are 239 * handled early here. 240 */ 241 if (psr & PSR_PS) { 242#ifdef DDB 243 if (type == T_BREAKPOINT) { 244 write_all_windows(); 245 if (kdb_trap(type, tf)) { 246 return; 247 } 248 } 249#if defined(MULTIPROCESSOR) 250 if (type == T_DBPAUSE) { 251 /* XXX - deal with kgdb too */ 252 write_all_windows(); 253 ddb_suspend(tf); 254 ADVANCE; 255 return; 256 } 257#endif 258#endif 259#ifdef DIAGNOSTIC 260 /* 261 * Currently, we allow DIAGNOSTIC kernel code to 262 * flush the windows to record stack traces. 263 */ 264 if (type == T_FLUSHWIN) { 265 write_all_windows(); 266 ADVANCE; 267 return; 268 } 269#endif 270 if (type == T_UNIMPLFLUSH) { 271 /* 272 * This should happen only on hypersparc. 273 * It also is a rare event to get this trap 274 * from kernel space. For now, just flush the 275 * entire I-cache. 276 */ 277#if defined(MULTIPROCESSOR) 278 /* Broadcast to all CPUs */ 279 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL); 280#else 281 (*cpuinfo.pure_vcache_flush)(); 282#endif 283 ADVANCE; 284 return; 285 } 286 287 /* 288 * Storing %fsr in cpu_attach will cause this trap 289 * even though the fpu has been enabled, if and only 290 * if there is no FPU. 291 */ 292 if (type == T_FPDISABLED && cold) { 293 ADVANCE; 294 return; 295 } 296 dopanic: 297 snprintb(bits, sizeof(bits), PSR_BITS, psr); 298 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n", 299 type, pc, tf->tf_npc, bits); 300#ifdef DDB 301 write_all_windows(); 302 (void) kdb_trap(type, tf); 303#endif 304 panic("%s", type < N_TRAP_TYPES ? trap_type[type] : T); 305 /* NOTREACHED */ 306 } 307 if ((l = curlwp) == NULL) 308 l = &lwp0; 309 p = l->l_proc; 310 sticks = p->p_sticks; 311 pcb = lwp_getpcb(l); 312 l->l_md.md_tf = tf; /* for ptrace/signals */ 313 314#ifdef FPU_DEBUG 315 if (type != T_FPDISABLED && (tf->tf_psr & PSR_EF) != 0) { 316 if (cpuinfo.fplwp != l) 317 panic("FPU enabled but wrong proc (0) [l=%p, fwlp=%p]", 318 l, cpuinfo.fplwp); 319 savefpstate(l->l_md.md_fpstate); 320 l->l_md.md_fpu = NULL; 321 cpuinfo.fplwp = NULL; 322 tf->tf_psr &= ~PSR_EF; 323 setpsr(getpsr() & ~PSR_EF); 324 } 325#endif 326 327 sig = 0; 328 329 switch (type) { 330 331 default: 332 if (type < 0x80) { 333 if (!ignore_bogus_traps) 334 goto dopanic; 335 snprintb(bits, sizeof(bits), PSR_BITS, psr); 336 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n", 337 type, pc, tf->tf_npc, bits); 338 sig = SIGILL; 339 KSI_INIT_TRAP(&ksi); 340 ksi.ksi_trap = type; 341 ksi.ksi_code = ILL_ILLTRP; 342 ksi.ksi_addr = (void *)pc; 343 break; 344 } 345 346#ifdef DIAGNOSTIC 347 if (type < 0x90 || type > 0x9f) { 348 /* the following message is gratuitous */ 349 /* ... but leave it in until we find anything */ 350 uprintf("%s[%d]: unimplemented software trap 0x%x\n", 351 p->p_comm, p->p_pid, type); 352 } 353#endif 354 sig = SIGILL; 355 KSI_INIT_TRAP(&ksi); 356 ksi.ksi_trap = type; 357 ksi.ksi_code = ILL_ILLTRP; 358 ksi.ksi_addr = (void *)pc; 359 break; 360 361 case T_AST: 362 break; /* the work is all in userret() */ 363 364 case T_UNIMPLFLUSH: 365 /* Invalidate the entire I-cache */ 366#if defined(MULTIPROCESSOR) 367 /* Broadcast to all CPUs */ 368 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL); 369#else 370 (*cpuinfo.pure_vcache_flush)(); 371#endif 372 ADVANCE; 373 break; 374 375 case T_ILLINST: 376 /* Note: Cypress generates a T_ILLINST on FLUSH instructions */ 377 if ((sig = emulinstr(pc, tf)) == 0) { 378 ADVANCE; 379 break; 380 } 381 KSI_INIT_TRAP(&ksi); 382 ksi.ksi_trap = type; 383 ksi.ksi_code = ILL_ILLOPC; 384 ksi.ksi_addr = (void *)pc; 385 break; 386 387 case T_PRIVINST: 388 sig = SIGILL; 389 KSI_INIT_TRAP(&ksi); 390 ksi.ksi_trap = type; 391 ksi.ksi_code = ILL_PRVOPC; 392 ksi.ksi_addr = (void *)pc; 393 break; 394 395 case T_FPDISABLED: { 396 struct fpstate *fs = l->l_md.md_fpstate; 397 398#ifdef FPU_DEBUG 399 if ((tf->tf_psr & PSR_PS) != 0) { 400 printf("FPU fault from kernel mode, pc=%x\n", pc); 401#ifdef DDB 402 Debugger(); 403#endif 404 } 405#endif 406 407 if (fs == NULL) { 408 fs = kmem_alloc(sizeof(struct fpstate), KM_SLEEP); 409 *fs = initfpstate; 410 l->l_md.md_fpstate = fs; 411 } 412 /* 413 * If we have not found an FPU, we have to emulate it. 414 */ 415 if (!cpuinfo.fpupresent) { 416#ifdef notyet 417 fpu_emulate(l, tf, fs); 418#else 419 sig = SIGFPE; 420 KSI_INIT_TRAP(&ksi); 421 ksi.ksi_trap = type; 422 ksi.ksi_code = SI_NOINFO; 423 ksi.ksi_addr = (void *)pc; 424#endif 425 break; 426 } 427 /* 428 * We may have more FPEs stored up and/or ops queued. 429 * If they exist, handle them and get out. Otherwise, 430 * resolve the FPU state, turn it on, and try again. 431 */ 432 if (fs->fs_qsize) { 433 if ((code = fpu_cleanup(l, fs)) != 0) { 434 sig = SIGFPE; 435 KSI_INIT_TRAP(&ksi); 436 ksi.ksi_trap = type; 437 ksi.ksi_code = code; 438 ksi.ksi_addr = (void *)pc; 439 } 440 break; 441 } 442 443 /* 444 * If we do not own the FPU state on this CPU, we must 445 * now acquire it. 446 */ 447 if (cpuinfo.fplwp != l) { 448 struct cpu_info *cpi; 449 450 FPU_LOCK(s); 451 if (cpuinfo.fplwp != NULL) { 452 /* someone else had it*/ 453 savefpstate(cpuinfo.fplwp->l_md.md_fpstate); 454 cpuinfo.fplwp->l_md.md_fpu = NULL; 455 } 456 457 /* 458 * On MP machines, some of the other FPUs might 459 * still have our state. Tell the owning processor 460 * to save the process' FPU state. 461 */ 462 if ((cpi = l->l_md.md_fpu) != NULL) { 463 if (cpi->ci_cpuid == cpuinfo.ci_cpuid) 464 panic("FPU(%d): state for %p", 465 cpi->ci_cpuid, l); 466#if defined(MULTIPROCESSOR) 467 XCALL1(ipi_savefpstate, fs, 1 << cpi->ci_cpuid); 468#endif 469 cpi->fplwp = NULL; 470 } 471 loadfpstate(fs); 472 473 /* now we do have it */ 474 cpuinfo.fplwp = l; 475 l->l_md.md_fpu = curcpu(); 476 FPU_UNLOCK(s); 477 } 478 479 tf->tf_psr |= PSR_EF; 480 break; 481 } 482 483 case T_WINOF: 484 if (rwindow_save(l)) { 485 mutex_enter(p->p_lock); 486 sigexit(l, SIGILL); 487 } 488 break; 489 490#define read_rw(src, dst) \ 491 copyin((void *)(src), (void *)(dst), sizeof(struct rwindow)) 492 493 case T_RWRET: 494 /* 495 * T_RWRET is a window load needed in order to rett. 496 * It simply needs the window to which tf->tf_out[6] 497 * (%sp) points. There are no user or saved windows now. 498 * Copy the one from %sp into pcb->pcb_rw[0] and set 499 * nsaved to -1. If we decide to deliver a signal on 500 * our way out, we will clear nsaved. 501 */ 502 if (pcb->pcb_uw || pcb->pcb_nsaved) 503 panic("trap T_RWRET 1"); 504#ifdef DEBUG 505 if (rwindow_debug) 506 printf("cpu%d:%s[%d]: rwindow: pcb<-stack: 0x%x\n", 507 cpuinfo.ci_cpuid, p->p_comm, p->p_pid, 508 tf->tf_out[6]); 509#endif 510 if (read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) { 511 mutex_enter(p->p_lock); 512 sigexit(l, SIGILL); 513 } 514 if (pcb->pcb_nsaved) 515 panic("trap T_RWRET 2"); 516 pcb->pcb_nsaved = -1; /* mark success */ 517 break; 518 519 case T_WINUF: 520 /* 521 * T_WINUF is a real window underflow, from a restore 522 * instruction. It needs to have the contents of two 523 * windows---the one belonging to the restore instruction 524 * itself, which is at its %sp, and the one belonging to 525 * the window above, which is at its %fp or %i6---both 526 * in the pcb. The restore's window may still be in 527 * the CPU; we need to force it out to the stack. 528 */ 529#ifdef DEBUG 530 if (rwindow_debug) 531 printf("cpu%d:%s[%d]: rwindow: T_WINUF 0: pcb<-stack: 0x%x\n", 532 cpuinfo.ci_cpuid, p->p_comm, p->p_pid, 533 tf->tf_out[6]); 534#endif 535 write_user_windows(); 536 if (rwindow_save(l) || read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) { 537 mutex_enter(p->p_lock); 538 sigexit(l, SIGILL); 539 } 540#ifdef DEBUG 541 if (rwindow_debug) 542 printf("cpu%d:%s[%d]: rwindow: T_WINUF 1: pcb<-stack: 0x%x\n", 543 cpuinfo.ci_cpuid, p->p_comm, p->p_pid, 544 pcb->pcb_rw[0].rw_in[6]); 545#endif 546 if (read_rw(pcb->pcb_rw[0].rw_in[6], &pcb->pcb_rw[1])) { 547 mutex_enter(p->p_lock); 548 sigexit(l, SIGILL); 549 } 550 if (pcb->pcb_nsaved) 551 panic("trap T_WINUF"); 552 pcb->pcb_nsaved = -1; /* mark success */ 553 break; 554 555 case T_ALIGN: 556 if ((p->p_md.md_flags & MDP_FIXALIGN) != 0) { 557 n = fixalign(l, tf, NULL); 558 if (n == 0) { 559 ADVANCE; 560 break; 561 } 562 } 563 sig = SIGBUS; 564 KSI_INIT_TRAP(&ksi); 565 ksi.ksi_trap = type; 566 ksi.ksi_code = BUS_ADRALN; 567 fixalign(l, tf, &ksi.ksi_addr); 568 break; 569 570 case T_FPE: 571 /* 572 * Clean up after a floating point exception. 573 * fpu_cleanup can (and usually does) modify the 574 * state we save here, so we must `give up' the FPU 575 * chip context. (The software and hardware states 576 * will not match once fpu_cleanup does its job, so 577 * we must not save again later.) 578 */ 579 if (l != cpuinfo.fplwp) 580 panic("fpe without being the FP user"); 581 FPU_LOCK(s); 582 savefpstate(l->l_md.md_fpstate); 583 cpuinfo.fplwp = NULL; 584 l->l_md.md_fpu = NULL; 585 FPU_UNLOCK(s); 586 /* tf->tf_psr &= ~PSR_EF; */ /* share_fpu will do this */ 587 if ((code = fpu_cleanup(l, l->l_md.md_fpstate)) != 0) { 588 sig = SIGFPE; 589 KSI_INIT_TRAP(&ksi); 590 ksi.ksi_trap = type; 591 ksi.ksi_code = code; 592 ksi.ksi_addr = (void *)pc; 593 } 594#if 0 /* ??? really never??? */ 595 ADVANCE; 596#endif 597 break; 598 599 case T_TAGOF: 600 sig = SIGEMT; 601 KSI_INIT_TRAP(&ksi); 602 ksi.ksi_trap = type; 603 ksi.ksi_code = SI_NOINFO; 604 ksi.ksi_addr = (void *)pc; 605 break; 606 607 case T_CPDISABLED: 608 sig = SIGILL; 609 KSI_INIT_TRAP(&ksi); 610 ksi.ksi_trap = type; 611 ksi.ksi_code = ILL_COPROC; 612 ksi.ksi_addr = (void *)pc; 613 break; 614 615 case T_BREAKPOINT: 616 sig = SIGTRAP; 617 KSI_INIT_TRAP(&ksi); 618 ksi.ksi_trap = type; 619 ksi.ksi_code = TRAP_BRKPT; 620 ksi.ksi_addr = (void *)pc; 621 break; 622 623 case T_DIV0: 624 case T_IDIV0: 625 ADVANCE; 626 sig = SIGFPE; 627 KSI_INIT_TRAP(&ksi); 628 ksi.ksi_trap = type; 629 ksi.ksi_code = FPE_INTDIV; 630 ksi.ksi_addr = (void *)pc; 631 break; 632 633 case T_FLUSHWIN: 634 write_user_windows(); 635#ifdef probably_slower_since_this_is_usually_false 636 if (pcb->pcb_nsaved && rwindow_save(p)) { 637 mutex_enter(p->p_lock); 638 sigexit(l, SIGILL); 639 } 640#endif 641 ADVANCE; 642 break; 643 644 case T_CLEANWIN: 645 uprintf("T_CLEANWIN\n"); /* XXX */ 646 ADVANCE; 647 break; 648 649 case T_RANGECHECK: 650 uprintf("T_RANGECHECK\n"); /* XXX */ 651 ADVANCE; 652 sig = SIGILL; 653 KSI_INIT_TRAP(&ksi); 654 ksi.ksi_trap = type; 655 ksi.ksi_code = ILL_ILLOPN; 656 ksi.ksi_addr = (void *)pc; 657 break; 658 659 case T_FIXALIGN: 660#ifdef DEBUG_ALIGN 661 uprintf("T_FIXALIGN\n"); 662#endif 663 /* User wants us to fix alignment faults */ 664 p->p_md.md_flags |= MDP_FIXALIGN; 665 ADVANCE; 666 break; 667 668 case T_INTOF: 669 uprintf("T_INTOF\n"); /* XXX */ 670 ADVANCE; 671 sig = SIGFPE; 672 KSI_INIT_TRAP(&ksi); 673 ksi.ksi_trap = type; 674 ksi.ksi_code = FPE_INTOVF; 675 ksi.ksi_addr = (void *)pc; 676 break; 677 } 678 if (sig != 0) { 679 ksi.ksi_signo = sig; 680 trapsignal(l, &ksi); 681 } 682 userret(l, pc, sticks); 683 share_fpu(l, tf); 684#undef ADVANCE 685} 686 687/* 688 * Save windows from PCB into user stack, and return 0. This is used on 689 * window overflow pseudo-traps (from locore.s, just before returning to 690 * user mode) and when ptrace or sendsig needs a consistent state. 691 * As a side effect, rwindow_save() always sets pcb_nsaved to 0, 692 * clobbering the `underflow restore' indicator if it was -1. 693 * 694 * If the windows cannot be saved, pcb_nsaved is restored and we return -1. 695 */ 696int 697rwindow_save(struct lwp *l) 698{ 699 struct pcb *pcb = lwp_getpcb(l); 700 struct rwindow *rw = &pcb->pcb_rw[0]; 701 int i; 702 703 i = pcb->pcb_nsaved; 704 if (i < 0) { 705 pcb->pcb_nsaved = 0; 706 return (0); 707 } 708 if (i == 0) 709 return (0); 710#ifdef DEBUG 711 if (rwindow_debug) 712 printf("cpu%d:%s[%d]: rwindow: pcb->stack:", 713 cpuinfo.ci_cpuid, l->l_proc->p_comm, l->l_proc->p_pid); 714#endif 715 do { 716#ifdef DEBUG 717 if (rwindow_debug) 718 printf(" [%d]0x%x", cpuinfo.ci_cpuid, rw[1].rw_in[6]); 719#endif 720 if (copyout((void *)rw, (void *)rw[1].rw_in[6], 721 sizeof *rw)) 722 return (-1); 723 rw++; 724 } while (--i > 0); 725#ifdef DEBUG 726 if (rwindow_debug) 727 printf("\n"); 728#endif 729 pcb->pcb_nsaved = 0; 730 return (0); 731} 732 733/* 734 * Kill user windows (before exec) by writing back to stack or pcb 735 * and then erasing any pcb tracks. Otherwise we might try to write 736 * the registers into the new process after the exec. 737 */ 738void 739cpu_vmspace_exec(struct lwp *l, vaddr_t vstart, vaddr_t vend) 740{ 741 struct pcb *pcb = lwp_getpcb(l); 742 743 write_user_windows(); 744 pcb->pcb_nsaved = 0; 745} 746 747/* 748 * Called from locore.s trap handling, for synchronous memory faults. 749 * 750 * This duplicates a lot of logic in trap() and perhaps should be 751 * moved there; but the bus-error-register parameters are unique to 752 * this routine. 753 * 754 * Since synchronous errors accumulate during prefetch, we can have 755 * more than one `cause'. But we do not care what the cause, here; 756 * we just want to page in the page and try again. 757 */ 758void 759mem_access_fault(unsigned type, int ser, u_int v, int pc, int psr, 760 struct trapframe *tf) 761{ 762#if defined(SUN4) || defined(SUN4C) 763 struct proc *p; 764 struct lwp *l; 765 struct pcb *pcb; 766 struct vmspace *vm; 767 vaddr_t va; 768 int rv; 769 vm_prot_t atype; 770 vaddr_t onfault; 771 u_quad_t sticks; 772 char bits[64]; 773 ksiginfo_t ksi; 774 775 curcpu()->ci_data.cpu_ntrap++; 776 l = curlwp; 777 p = l->l_proc; 778 pcb = lwp_getpcb(l); 779 onfault = (vaddr_t)pcb->pcb_onfault; 780 781 sticks = p->p_sticks; 782 783#ifdef FPU_DEBUG 784 if ((tf->tf_psr & PSR_EF) != 0) { 785 if (cpuinfo.fplwp != l) 786 panic("FPU enabled but wrong proc (1) [l=%p, fwlp=%p]", 787 l, cpuinfo.fplwp); 788 savefpstate(l->l_md.md_fpstate); 789 l->l_md.md_fpu = NULL; 790 cpuinfo.fplwp = NULL; 791 tf->tf_psr &= ~PSR_EF; 792 setpsr(getpsr() & ~PSR_EF); 793 } 794#endif 795 796 /* 797 * Figure out what to pass the VM code, and ignore the sva register 798 * value in v on text faults (text faults are always at pc). 799 * Kernel faults are somewhat different: text faults are always 800 * illegal, and data faults are extra complex. User faults must 801 * set p->p_md.md_tf, in case we decide to deliver a signal. Check 802 * for illegal virtual addresses early since those can induce more 803 * faults. 804 */ 805 if (type == T_TEXTFAULT) 806 v = pc; 807 if (VA_INHOLE(v)) { 808 rv = EACCES; 809 goto fault; 810 } 811 atype = ser & SER_WRITE ? VM_PROT_WRITE : VM_PROT_READ; 812 if ((ser & SER_PROT) && atype == VM_PROT_READ && type != T_TEXTFAULT) { 813 814 /* 815 * The hardware reports faults by the atomic load/store 816 * instructions as read faults, so if the faulting instruction 817 * is one of those, relabel this fault as both read and write. 818 */ 819 u_int insn; 820 if (ufetch_int((void *)pc, &insn) == 0 && 821 (insn & 0xc1680000) == 0xc0680000) { 822 atype = VM_PROT_READ | VM_PROT_WRITE; 823 } 824 } 825 va = trunc_page(v); 826 if (psr & PSR_PS) { 827 if (type == T_TEXTFAULT) { 828 (void) splhigh(); 829 snprintb(bits, sizeof(bits), SER_BITS, ser); 830 printf("cpu%d: text fault: pc=0x%x ser=%s\n", 831 cpu_number(), pc, bits); 832 panic("kernel fault"); 833 /* NOTREACHED */ 834 } 835 /* 836 * If this was an access that we shouldn't try to page in, 837 * resume at the fault handler without any action. 838 */ 839 if (onfault == (vaddr_t)sparc_fsbail) { 840 rv = EFAULT; 841 goto kfault; 842 } 843 844 /* 845 * During autoconfiguration, faults are never OK unless 846 * pcb_onfault is set. Once running normally we must allow 847 * exec() to cause copy-on-write faults to kernel addresses. 848 */ 849 if (cold) { 850 rv = EFAULT; 851 goto kfault; 852 } 853 if (va >= KERNBASE) { 854 rv = mmu_pagein(pmap_kernel(), va, atype); 855 if (rv < 0) { 856 rv = EACCES; 857 goto kfault; 858 } 859 if (rv > 0) 860 return; 861 pcb->pcb_onfault = NULL; 862 rv = uvm_fault(kernel_map, va, atype); 863 pcb->pcb_onfault = (void *)onfault; 864 if (rv == 0) 865 return; 866 goto kfault; 867 } 868 } else { 869 l->l_md.md_tf = tf; 870 } 871 872 /* 873 * mmu_pagein returns -1 if the page is already valid, in which 874 * case we have a hard fault; it returns 1 if it loads a segment 875 * that got bumped out via LRU replacement. 876 */ 877 vm = p->p_vmspace; 878 rv = mmu_pagein(vm->vm_map.pmap, va, atype); 879 if (rv < 0) { 880 rv = EACCES; 881 goto fault; 882 } 883 if (rv > 0) 884 goto out; 885 886 /* alas! must call the horrible vm code */ 887 pcb->pcb_onfault = NULL; 888 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype); 889 pcb->pcb_onfault = (void *)onfault; 890 891 /* 892 * If this was a stack access we keep track of the maximum 893 * accessed stack size. Also, if vm_fault gets a protection 894 * failure it is due to accessing the stack region outside 895 * the current limit and we need to reflect that as an access 896 * error. 897 */ 898 if ((void *)va >= vm->vm_maxsaddr 899#ifdef COMPAT_SUNOS 900 && !(p->p_emul == &emul_sunos && va < USRSTACK - 901 (vaddr_t)p->p_limit->pl_rlimit[RLIMIT_STACK].rlim_cur + 902 SUNOS_MAXSADDR_SLOP) 903#endif 904 && rv == 0) 905 uvm_grow(p, va); 906 907 if (rv == 0) { 908 /* 909 * pmap_enter() does not enter all requests made from 910 * vm_fault into the MMU (as that causes unnecessary 911 * entries for `wired' pages). Instead, we call 912 * mmu_pagein here to make sure the new PTE gets installed. 913 */ 914 (void) mmu_pagein(vm->vm_map.pmap, va, VM_PROT_NONE); 915 } else { 916 /* 917 * Pagein failed. If doing copyin/out, return to onfault 918 * address. Any other page fault in kernel, die; if user 919 * fault, deliver SIGSEGV. 920 */ 921fault: 922 if (psr & PSR_PS) { 923kfault: 924 if (!onfault) { 925 (void) splhigh(); 926 snprintb(bits, sizeof(bits), SER_BITS, ser); 927 printf("cpu%d: data fault: pc=0x%x " 928 "addr=0x%x ser=%s\n", 929 cpu_number(), pc, v, bits); 930 panic("kernel fault"); 931 /* NOTREACHED */ 932 } 933 tf->tf_pc = onfault; 934 tf->tf_npc = onfault + 4; 935 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv; 936 return; 937 } 938 KSI_INIT_TRAP(&ksi); 939 switch (rv) { 940 case ENOMEM: 941 printf("UVM: pid %d (%s), uid %d killed: out of swap\n", 942 p->p_pid, p->p_comm, 943 l->l_cred ? 944 kauth_cred_geteuid(l->l_cred) : -1); 945 ksi.ksi_signo = SIGKILL; 946 break; 947 case EINVAL: 948 ksi.ksi_signo = SIGBUS; 949 ksi.ksi_code = BUS_ADRERR; 950 break; 951 case EACCES: 952 ksi.ksi_signo = SIGSEGV; 953 ksi.ksi_code = SEGV_ACCERR; 954 break; 955 default: 956 ksi.ksi_signo = SIGSEGV; 957 ksi.ksi_code = SEGV_MAPERR; 958 break; 959 } 960 ksi.ksi_trap = type; 961 ksi.ksi_addr = (void *)v; 962 trapsignal(l, &ksi); 963 } 964out: 965 if ((psr & PSR_PS) == 0) { 966 userret(l, pc, sticks); 967 share_fpu(l, tf); 968 } 969#endif /* SUN4 || SUN4C */ 970} 971 972#if defined(SUN4M) /* 4m version of mem_access_fault() follows */ 973static int tfaultaddr = (int) 0xdeadbeef; 974 975void 976mem_access_fault4m(unsigned type, u_int sfsr, u_int sfva, struct trapframe *tf) 977{ 978 int pc, psr; 979 struct proc *p; 980 struct lwp *l; 981 struct pcb *pcb; 982 struct vmspace *vm; 983 vaddr_t va; 984 int rv; 985 vm_prot_t atype; 986 int onfault; 987 u_quad_t sticks; 988 char bits[64]; 989 ksiginfo_t ksi; 990 991 curcpu()->ci_data.cpu_ntrap++; 992 993 l = curlwp; 994 p = l->l_proc; 995 sticks = p->p_sticks; 996 pcb = lwp_getpcb(l); 997 onfault = (vaddr_t)pcb->pcb_onfault; 998 999#ifdef FPU_DEBUG 1000 if ((tf->tf_psr & PSR_EF) != 0) { 1001 if (cpuinfo.fplwp != l) 1002 panic("FPU enabled but wrong proc (2) [l=%p, fwlp=%p]", 1003 l, cpuinfo.fplwp); 1004 savefpstate(l->l_md.md_fpstate); 1005 l->l_md.md_fpu = NULL; 1006 cpuinfo.fplwp = NULL; 1007 tf->tf_psr &= ~PSR_EF; 1008 setpsr(getpsr() & ~PSR_EF); 1009 } 1010#endif 1011 1012 pc = tf->tf_pc; /* These are needed below */ 1013 psr = tf->tf_psr; 1014 1015#if /*DIAGNOSTICS*/1 1016 if (type == T_DATAERROR || type == T_TEXTERROR) 1017 printf("%s[%d]: trap 0x%x: pc=0x%x sfsr=0x%x sfva=0x%x\n", 1018 p->p_comm, p->p_pid, type, pc, sfsr, sfva); 1019#endif 1020 1021 /* 1022 * Our first priority is handling serious faults, such as 1023 * parity errors or async faults that might have come through here. 1024 * If afsr & AFSR_AFO != 0, then we're on a HyperSPARC and we 1025 * got an async fault. We pass it on to memerr4m. Similarly, if 1026 * the trap was T_STOREBUFFAULT, we pass it on to memerr4m. 1027 * If we have a data fault, but SFSR_FAV is not set in the sfsr, 1028 * then things are really bizarre, and we treat it as a hard 1029 * error and pass it on to memerr4m. See section 8.12.4 in the 1030 * SuperSPARC user's guide for more info, and for a possible 1031 * solution which we don't implement here. 1032 * Note: store buffer faults may also lead to a level 15 interrupt 1033 * being posted to the module (see sun4m system architecture, 1034 * section B.I.9). 1035 */ 1036 if (type == T_STOREBUFFAULT || 1037 (type == T_DATAFAULT && (sfsr & SFSR_FAV) == 0)) { 1038 (*cpuinfo.memerr)(type, sfsr, sfva, tf); 1039 /* 1040 * If we get here, exit the trap handler and wait for the 1041 * trap to re-occur. 1042 */ 1043 goto out_nounlock; 1044 } 1045 1046 /* 1047 * Figure out what to pass the VM code. We cannot ignore the sfva 1048 * register on text faults, since this might be a trap on an 1049 * alternate-ASI access to code space. However, if we're on a 1050 * supersparc, we can't help using PC, since we don't get a VA in 1051 * sfva. 1052 * Kernel faults are somewhat different: text faults are always 1053 * illegal, and data faults are extra complex. User faults must 1054 * set p->p_md.md_tf, in case we decide to deliver a signal. Check 1055 * for illegal virtual addresses early since those can induce more 1056 * faults. 1057 * All translation faults are illegal, and result in a SIGSEGV 1058 * being delivered to the running process (or a kernel panic, for 1059 * a kernel fault). We check the translation first to make sure 1060 * it is not spurious. 1061 * Also, note that in the case where we have an overwritten 1062 * text fault (OW==1, AT==2,3), we attempt to service the 1063 * second (overwriting) fault, then restart the instruction 1064 * (which is from the first fault) and allow the first trap 1065 * to reappear. XXX is this right? It will probably change... 1066 */ 1067 if ((sfsr & SFSR_FT) == SFSR_FT_NONE) 1068 goto out; /* No fault. Why were we called? */ 1069 1070 /* 1071 * NOTE: the per-CPU fault status register readers (in locore) 1072 * may already have decided to pass `pc' in `sfva', so we avoid 1073 * testing CPU types here. 1074 * Q: test SFSR_FAV in the locore stubs too? 1075 */ 1076 if ((sfsr & SFSR_FAV) == 0) { 1077 /* note: T_TEXTERROR == T_TEXTFAULT | 0x20 */ 1078 if ((type & ~0x20) == T_TEXTFAULT) 1079 sfva = pc; 1080 else { 1081 rv = EACCES; 1082 goto fault; 1083 } 1084 } 1085 1086 if ((sfsr & SFSR_FT) == SFSR_FT_TRANSERR) { 1087 /* 1088 * Translation errors are always fatal, as they indicate 1089 * a corrupt translation (page) table hierarchy. 1090 */ 1091 rv = EACCES; 1092 1093 /* XXXSMP - why bother with this anyway? */ 1094 if (tfaultaddr == sfva) /* Prevent infinite loops w/a static */ 1095 goto fault; 1096 tfaultaddr = sfva; 1097 if ((lda((sfva & 0xFFFFF000) | ASI_SRMMUFP_LN, ASI_SRMMUFP) & 1098 SRMMU_TETYPE) != SRMMU_TEPTE) 1099 goto fault; /* Translation bad */ 1100 lda(SRMMU_SFSR, ASI_SRMMU); 1101#ifdef DEBUG 1102 printf("mem_access_fault4m: SFSR_FT_TRANSERR: " 1103 "pid %d, va 0x%x: retrying\n", p->p_pid, sfva); 1104#endif 1105 goto out; /* Translation OK, retry operation */ 1106 } 1107 1108 va = trunc_page(sfva); 1109 1110 if (((sfsr & SFSR_AT_TEXT) || type == T_TEXTFAULT) && 1111 !(sfsr & SFSR_AT_STORE) && (sfsr & SFSR_OW)) { 1112 if (psr & PSR_PS) { /* never allow in kernel */ 1113 rv = EFAULT; 1114 goto kfault; 1115 } 1116#if 0 1117 /* 1118 * Double text fault. The evil "case 5" from the HS manual... 1119 * Attempt to handle early fault. Ignores ASI 8,9 issue...may 1120 * do a useless VM read. 1121 * XXX: Is this really necessary? 1122 * XXX: If it's necessary, add SA_PAGEFAULT handling 1123 */ 1124 if (cpuinfo.cpu_type == CPUTYP_HS_MBUS) { 1125 /* On HS, we have va for both */ 1126 vm = p->p_vmspace; 1127 pcb->pcb_onfault = NULL; 1128 rv = uvm_fault(&vm->vm_map, trunc_page(pc), 1129 VM_PROT_READ); 1130 pcb->pcb_onfault = onfault; 1131 if (rv != 0) 1132#ifdef DEBUG 1133 printf("mem_access_fault: " 1134 "can't pagein 1st text fault.\n") 1135#endif 1136 ; 1137 } 1138#endif 1139 } 1140 1141 /* Now munch on protections... */ 1142 if (sfsr & SFSR_AT_STORE) { 1143 /* stores are never text faults. */ 1144 atype = VM_PROT_WRITE; 1145 } else { 1146 if ((sfsr & SFSR_AT_TEXT) || (type & ~0x20) == T_TEXTFAULT) { 1147 atype = VM_PROT_EXECUTE; 1148 } else { 1149 atype = VM_PROT_READ; 1150 } 1151 } 1152 1153 if (psr & PSR_PS) { 1154 if (sfsr & SFSR_AT_TEXT || type == T_TEXTFAULT) { 1155 (void) splhigh(); 1156 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr); 1157 printf("cpu%d text fault: pc=0x%x sfsr=%s sfva=0x%x\n", 1158 cpu_number(), pc, bits, sfva); 1159 panic("kernel fault"); 1160 /* NOTREACHED */ 1161 } 1162 /* 1163 * If this was an access that we shouldn't try to page in, 1164 * resume at the fault handler without any action. 1165 */ 1166 if (onfault == (vaddr_t)sparc_fsbail) { 1167 rv = EFAULT; 1168 goto kfault; 1169 } 1170 1171 /* 1172 * During autoconfiguration, faults are never OK unless 1173 * pcb_onfault is set. Once running normally we must allow 1174 * exec() to cause copy-on-write faults to kernel addresses. 1175 */ 1176 if (cold) { 1177 rv = EFAULT; 1178 goto kfault; 1179 } 1180 if (va >= KERNBASE) { 1181 pcb->pcb_onfault = NULL; 1182 rv = uvm_fault(kernel_map, va, atype); 1183 pcb->pcb_onfault = (void *)onfault; 1184 if (rv == 0) { 1185 return; 1186 } 1187 goto kfault; 1188 } 1189 } else { 1190 l->l_md.md_tf = tf; 1191 } 1192 1193 vm = p->p_vmspace; 1194 1195 /* alas! must call the horrible vm code */ 1196 pcb->pcb_onfault = NULL; 1197 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype); 1198 pcb->pcb_onfault = (void *)onfault; 1199 1200 /* 1201 * If this was a stack access we keep track of the maximum 1202 * accessed stack size. Also, if vm_fault gets a protection 1203 * failure it is due to accessing the stack region outside 1204 * the current limit and we need to reflect that as an access 1205 * error. 1206 */ 1207 if (rv == 0 && (void *)va >= vm->vm_maxsaddr) 1208 uvm_grow(p, va); 1209 if (rv != 0) { 1210 /* 1211 * Pagein failed. If doing copyin/out, return to onfault 1212 * address. Any other page fault in kernel, die; if user 1213 * fault, deliver SIGSEGV. 1214 */ 1215fault: 1216 if (psr & PSR_PS) { 1217kfault: 1218 if (!onfault) { 1219 (void) splhigh(); 1220 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr); 1221 printf("cpu%d: data fault: pc=0x%x " 1222 "addr=0x%x sfsr=%s\n", 1223 cpu_number(), pc, sfva, bits); 1224 panic("kernel fault"); 1225 /* NOTREACHED */ 1226 } 1227 tf->tf_pc = onfault; 1228 tf->tf_npc = onfault + 4; 1229 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv; 1230 return; 1231 } 1232 KSI_INIT_TRAP(&ksi); 1233 switch (rv) { 1234 case ENOMEM: 1235 printf("UVM: pid %d (%s), uid %d killed: out of swap\n", 1236 p->p_pid, p->p_comm, 1237 l->l_cred ? 1238 kauth_cred_geteuid(l->l_cred) : -1); 1239 ksi.ksi_signo = SIGKILL; 1240 break; 1241 case EINVAL: 1242 ksi.ksi_signo = SIGBUS; 1243 ksi.ksi_code = BUS_ADRERR; 1244 break; 1245 case EACCES: 1246 ksi.ksi_signo = SIGSEGV; 1247 ksi.ksi_code = SEGV_ACCERR; 1248 break; 1249 default: 1250 ksi.ksi_signo = SIGSEGV; 1251 ksi.ksi_code = SEGV_MAPERR; 1252 break; 1253 } 1254 ksi.ksi_trap = type; 1255 ksi.ksi_addr = (void *)sfva; 1256 trapsignal(l, &ksi); 1257 } 1258out: 1259 if ((psr & PSR_PS) == 0) { 1260out_nounlock: 1261 userret(l, pc, sticks); 1262 share_fpu(l, tf); 1263 } 1264} 1265#endif /* SUN4M */ 1266 1267/* 1268 * Start a new LWP 1269 */ 1270void 1271startlwp(void *arg) 1272{ 1273 ucontext_t *uc = arg; 1274 lwp_t *l = curlwp; 1275 int error __diagused; 1276 1277 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags); 1278 KASSERT(error == 0); 1279 1280 kmem_free(uc, sizeof(ucontext_t)); 1281 userret(l, l->l_md.md_tf->tf_pc, 0); 1282} 1283 1284