/*ARGSUSED*/
void
trap(struct frame *fp, int type, unsigned code, unsigned v)
{
extern char fubail[], subail[];
struct lwp *l;
struct proc *p;
struct pcb *pcb;
void *onfault;
ksiginfo_t ksi;
int s;
int rv;
u_quad_t sticks = 0 /* XXX initialiser works around compiler bug */;
static int panicking __diagused;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
if (USERMODE(fp->f_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = fp->f_regs;
LWP_CACHE_CREDS(l, p);
}
switch (type) {
default:
dopanic:
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
s = splhigh();
panicking = 1;
printf("trap type %d, code = 0x%x, v = 0x%x\n", type, code, v);
printf("%s program counter = 0x%x\n",
(type & T_USER) ? "user" : "kernel", fp->f_pc);
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, (db_regs_t *)fp))
goto kgdb_cont;
#endif
#ifdef DDB
(void)kdb_trap(type, (db_regs_t *)fp);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(s);
if (panicstr) {
printf("trap during panic!\n");
#ifdef DEBUG
/* XXX should be a machine-dependent hook */
printf("(press a key)\n"); (void)cngetc();
#endif
}
regdump((struct trapframe *)fp, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap");
case T_BUSERR: /* kernel bus error */
onfault = pcb->pcb_onfault;
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/* FALLTHROUGH */
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
fp->f_stackadj = exframesize[fp->f_format];
fp->f_format = fp->f_vector = 0;
fp->f_pc = (int)onfault;
fp->f_regs[D0] = rv;
return;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_RESAD_FAULT */
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
#ifdef M68040
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
/* XXX need to FSAVE */
printf("pid %d(%s): unimplemented FP %s at %x (EA %x)\n",
p->p_pid, p->p_comm,
fp->f_format == 2 ? "instruction" : "data type",
fp->f_pc, fp->f_fmt2.f_iaddr);
/* XXX need to FRESTORE */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
#endif
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_PRIVIN_FAULT */
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTDIV_TRAP */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTDIV;
break;
case T_CHKINST|T_USER: /* CHK instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_SUBRNG_TRAP */
ksi.ksi_signo = SIGFPE;
break;
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTOVF_TRAP */
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
#ifdef DEBUG
printf("unexpected kernel trace trap, type = %d\n", type);
printf("program counter = 0x%x\n", fp->f_pc);
#endif
fp->f_sr &= ~PSL_T;
return;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush".
* Just flush the on-chip caches and return.
*/
if (p->p_emul == &emul_sunos) {
ICIA();
DCIU();
return;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
fp->f_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/*
* We check for software interrupts first. This is because
* they are at a higher level than ASTs, and on a VAX would
* interrupt the AST. We assume that if we are processing
* an AST that we must be at IPL0 so we don't bother to
* check. Note that we ensure that we are at least at SIR
* IPL while processing the SIR.
*/
spl1();
/* fall into... */
case T_SSIR: /* software interrupt */
case T_SSIR|T_USER:
/*
* If this was not an AST trap, we are all done.
*/
if (type != (T_ASTFLT|T_USER)) {
curcpu()->ci_data.cpu_ntrap--;
return;
}
spl0();
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto out;
case T_MMUFLT: /* kernel mode page fault */
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
onfault = pcb->pcb_onfault;
if (onfault == fubail || onfault == subail) {
rv = EFAULT;
goto copyfault;
}
/* fall into ... */
case T_MMUFLT|T_USER: /* page fault */
{
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
onfault = pcb->pcb_onfault;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=%x, v=%x, pc=%x, sr=%x\n",
p->p_pid, code, v, fp->f_pc, fp->f_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if ((type & T_USER) == 0 && (onfault == NULL || KDFAULT(code)))
map = kernel_map;
else {
map = vm ? &vm->vm_map : kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = trunc_page((vaddr_t)v);
if (map == kernel_map && va == 0) {
printf("trap: bad kernel %s access at 0x%x\n",
(ftype & VM_PROT_WRITE) ? "read/write" :
"read", v);
goto dopanic;
}
#ifdef DIAGNOSTIC
if (interrupt_depth && !panicking) {
printf("trap: calling uvm_fault() from interrupt!\n");
goto dopanic;
}
#endif
pcb->pcb_onfault = NULL;
rv = uvm_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid))
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
#endif
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if (type == T_MMUFLT) {
if (ucas_ras_check(&fp->F_t)) {
return;
}
#ifdef M68040
if (cputype == CPU_68040)
(void) writeback(fp, 1);
#endif
return;
}
goto out;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if (type == T_MMUFLT) {
if (onfault)
goto copyfault;
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
printf(" type %x, code [mmu,,ssw]: %x\n",
type, code);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
}
}
trapsignal(l, &ksi);
if ((type & T_USER) == 0)
return;
out:
userret(l, fp, sticks, v, 1);
}
/*ARGSUSED*/
void
trap(struct trapframe *tf, int type, u_int code, u_int v)
{
struct lwp *l;
struct proc *p;
struct pcb *pcb;
ksiginfo_t ksi;
int tmp;
int rv;
u_quad_t sticks;
void *onfault;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
onfault = pcb->pcb_onfault;
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
KASSERT(pcb != NULL);
if (USERMODE(tf->tf_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = tf->tf_regs;
LWP_CACHE_CREDS(l, p);
} else {
sticks = 0;
/* XXX: Detect trap recursion? */
}
switch (type) {
default:
dopanic:
printf("trap type=0x%x, code=0x%x, v=0x%x\n", type, code, v);
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
tmp = splhigh();
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, tf))
goto kgdb_cont;
#endif
#ifdef DDB
(void) kdb_trap(type, (db_regs_t *) tf);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(tmp);
if (panicstr) {
/*
* Note: panic is smart enough to do:
* boot(RB_AUTOBOOT | RB_NOSYNC, NULL)
* if we call it again.
*/
panic("trap during panic!");
}
regdump(tf, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap type 0x%x", type);
case T_BUSERR: /* kernel bus error */
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/*FALLTHROUGH*/
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
tf->tf_stackadj = exframesize[tf->tf_format];
tf->tf_format = tf->tf_vector = 0;
tf->tf_pc = (int)onfault;
tf->tf_regs[D0] = rv;
goto done;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
case T_FPEMULI: /* FPU faults in supervisor mode */
case T_FPEMULD:
if (nofault) /* Doing FPU probe? */
longjmp(nofault);
goto dopanic;
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
#ifdef FPU_EMULATE
if (fpu_emulate(tf, &pcb->pcb_fpregs, &ksi) == 0)
; /* XXX - Deal with tracing? (tf->tf_sr & PSL_T) */
#else
uprintf("pid %d killed: no floating point support\n", p->p_pid);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
#endif
break;
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_code = FPE_FLTDIV;
case T_CHKINST|T_USER: /* CHK instruction trap */
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
tf->tf_sr &= ~PSL_T;
goto done;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush"
* Just flush the on-chip caches and return.
* XXX - Too bad NetBSD uses trap 2...
*/
if (p->p_emul == &emul_sunos) {
/* get out fast */
goto done;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
tf->tf_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/* T_SSIR is not used on a Sun2. */
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto douret;
case T_MMUFLT: /* kernel mode page fault */
/* Hacks to avoid calling VM code from debugger. */
#ifdef DDB
if (db_recover != 0)
goto dopanic;
#endif
#ifdef KGDB
if (kgdb_recover != 0)
goto dopanic;
#endif
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
if (onfault == (void *)fubail || onfault == (void *)subail) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault fu/su bail\n");
Debugger();
}
#endif
rv = EFAULT;
goto copyfault;
}
/*FALLTHROUGH*/
case T_MMUFLT|T_USER: { /* page fault */
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=0x%x, v=0x%x, pc=0x%x, sr=0x%x\n",
p->p_pid, code, v, tf->tf_pc, tf->tf_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and: (2 or 3)
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
map = &vm->vm_map;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault == NULL || KDFAULT(code))
map = kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = m68k_trunc_page((vaddr_t)v);
/*
* Need to resolve the fault.
*
* We give the pmap code a chance to resolve faults by
* reloading translations that it was forced to unload.
* This function does that, and calls vm_fault if it
* could not resolve the fault by reloading the MMU.
* This function may also, for example, disallow any
* faults in the kernel text segment, etc.
*/
pcb->pcb_onfault = NULL;
rv = _pmap_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid)) {
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
if (mmudebug & MDB_WBFAILED)
Debugger();
}
#endif /* DEBUG */
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if ((type & T_USER) == 0 && ucas_ras_check(tf)) {
return;
}
goto finish;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault pcb_onfault\n");
Debugger();
}
#endif
goto copyfault;
}
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
} /* T_MMUFLT */
} /* switch */
finish:
/* If trap was from supervisor mode, just return. */
if ((type & T_USER) == 0)
goto done;
/* Post a signal if necessary. */
if (ksi.ksi_signo)
trapsignal(l, &ksi);
douret:
userret(l, tf, sticks);
done:;
/* XXX: Detect trap recursion? */
}
void
data_abort_handler(trapframe_t *tf)
{
struct vm_map *map;
struct lwp * const l = curlwp;
struct cpu_info * const ci = curcpu();
u_int far, fsr;
vm_prot_t ftype;
void *onfault;
vaddr_t va;
int error;
ksiginfo_t ksi;
UVMHIST_FUNC(__func__);
UVMHIST_CALLED(maphist);
/* Grab FAR/FSR before enabling interrupts */
far = cpu_faultaddress();
fsr = cpu_faultstatus();
/* Update vmmeter statistics */
ci->ci_data.cpu_ntrap++;
/* Re-enable interrupts if they were enabled previously */
KASSERT(!TRAP_USERMODE(tf) || (tf->tf_spsr & IF32_bits) == 0);
if (__predict_true((tf->tf_spsr & IF32_bits) != IF32_bits))
restore_interrupts(tf->tf_spsr & IF32_bits);
/* Get the current lwp structure */
UVMHIST_LOG(maphist, " (l=%#x, far=%#x, fsr=%#x",
l, far, fsr, 0);
UVMHIST_LOG(maphist, " tf=%#x, pc=%#x)",
tf, tf->tf_pc, 0, 0);
/* Data abort came from user mode? */
bool user = (TRAP_USERMODE(tf) != 0);
if (user)
LWP_CACHE_CREDS(l, l->l_proc);
/* Grab the current pcb */
struct pcb * const pcb = lwp_getpcb(l);
curcpu()->ci_abt_evs[fsr & FAULT_TYPE_MASK].ev_count++;
/* Invoke the appropriate handler, if necessary */
if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) {
#ifdef DIAGNOSTIC
printf("%s: data_aborts fsr=0x%x far=0x%x\n",
__func__, fsr, far);
#endif
if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far,
l, &ksi))
goto do_trapsignal;
goto out;
}
/*
* At this point, we're dealing with one of the following data aborts:
*
* FAULT_TRANS_S - Translation -- Section
* FAULT_TRANS_P - Translation -- Page
* FAULT_DOMAIN_S - Domain -- Section
* FAULT_DOMAIN_P - Domain -- Page
* FAULT_PERM_S - Permission -- Section
* FAULT_PERM_P - Permission -- Page
*
* These are the main virtual memory-related faults signalled by
* the MMU.
*/
/* fusubailout is used by [fs]uswintr to avoid page faulting */
if (__predict_false(pcb->pcb_onfault == fusubailout)) {
tf->tf_r0 = EFAULT;
tf->tf_pc = (intptr_t) pcb->pcb_onfault;
return;
}
if (user) {
lwp_settrapframe(l, tf);
}
/*
* Make sure the Program Counter is sane. We could fall foul of
* someone executing Thumb code, in which case the PC might not
* be word-aligned. This would cause a kernel alignment fault
* further down if we have to decode the current instruction.
*/
#ifdef THUMB_CODE
/*
* XXX: It would be nice to be able to support Thumb in the kernel
* at some point.
*/
if (__predict_false(!user && (tf->tf_pc & 3) != 0)) {
printf("\n%s: Misaligned Kernel-mode Program Counter\n",
__func__);
dab_fatal(tf, fsr, far, l, NULL);
}
#else
if (__predict_false((tf->tf_pc & 3) != 0)) {
if (user) {
/*
* Give the user an illegal instruction signal.
*/
/* Deliver a SIGILL to the process */
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
ksi.ksi_addr = (uint32_t *)(intptr_t) far;
ksi.ksi_trap = fsr;
goto do_trapsignal;
}
/*
* The kernel never executes Thumb code.
*/
printf("\n%s: Misaligned Kernel-mode Program Counter\n",
__func__);
dab_fatal(tf, fsr, far, l, NULL);
}
#endif
/* See if the CPU state needs to be fixed up */
switch (data_abort_fixup(tf, fsr, far, l)) {
case ABORT_FIXUP_RETURN:
return;
case ABORT_FIXUP_FAILED:
/* Deliver a SIGILL to the process */
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
ksi.ksi_addr = (uint32_t *)(intptr_t) far;
ksi.ksi_trap = fsr;
goto do_trapsignal;
default:
break;
}
va = trunc_page((vaddr_t)far);
/*
* It is only a kernel address space fault iff:
* 1. user == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction.
*/
if (!user && (va >= VM_MIN_KERNEL_ADDRESS ||
(va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) &&
__predict_true((pcb->pcb_onfault == NULL ||
(read_insn(tf->tf_pc, false) & 0x05200000) != 0x04200000))) {
map = kernel_map;
/* Was the fault due to the FPE/IPKDB ? */
if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) {
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
ksi.ksi_addr = (uint32_t *)(intptr_t) far;
ksi.ksi_trap = fsr;
/*
* Force exit via userret()
* This is necessary as the FPE is an extension to
* userland that actually runs in a priveledged mode
* but uses USR mode permissions for its accesses.
*/
user = true;
goto do_trapsignal;
}
} else {
map = &l->l_proc->p_vmspace->vm_map;
}
/*
* We need to know whether the page should be mapped as R or R/W.
* Before ARMv6, the MMU did not give us the info as to whether the
* fault was caused by a read or a write.
*
* However, we know that a permission fault can only be the result of
* a write to a read-only location, so we can deal with those quickly.
*
* Otherwise we need to disassemble the instruction responsible to
* determine if it was a write.
*/
if (CPU_IS_ARMV6_P() || CPU_IS_ARMV7_P()) {
ftype = (fsr & FAULT_WRITE) ? VM_PROT_WRITE : VM_PROT_READ;
} else if (IS_PERMISSION_FAULT(fsr)) {
ftype = VM_PROT_WRITE;
} else {
#ifdef THUMB_CODE
/* Fast track the ARM case. */
if (__predict_false(tf->tf_spsr & PSR_T_bit)) {
u_int insn = read_thumb_insn(tf->tf_pc, user);
u_int insn_f8 = insn & 0xf800;
u_int insn_fe = insn & 0xfe00;
if (insn_f8 == 0x6000 || /* STR(1) */
insn_f8 == 0x7000 || /* STRB(1) */
insn_f8 == 0x8000 || /* STRH(1) */
insn_f8 == 0x9000 || /* STR(3) */
insn_f8 == 0xc000 || /* STM */
insn_fe == 0x5000 || /* STR(2) */
insn_fe == 0x5200 || /* STRH(2) */
insn_fe == 0x5400) /* STRB(2) */
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
}
else
#endif
{
u_int insn = read_insn(tf->tf_pc, user);
if (((insn & 0x0c100000) == 0x04000000) || /* STR[B] */
((insn & 0x0e1000b0) == 0x000000b0) || /* STR[HD]*/
((insn & 0x0a100000) == 0x08000000) || /* STM/CDT*/
((insn & 0x0f9000f0) == 0x01800090)) /* STREX[BDH] */
ftype = VM_PROT_WRITE;
else if ((insn & 0x0fb00ff0) == 0x01000090)/* SWP */
ftype = VM_PROT_READ | VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
}
}
/*
* See if the fault is as a result of ref/mod emulation,
* or domain mismatch.
*/
#ifdef DEBUG
last_fault_code = fsr;
#endif
if (pmap_fault_fixup(map->pmap, va, ftype, user)) {
UVMHIST_LOG(maphist, " <- ref/mod emul", 0, 0, 0, 0);
goto out;
}
if (__predict_false(curcpu()->ci_intr_depth > 0)) {
if (pcb->pcb_onfault) {
tf->tf_r0 = EINVAL;
tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
return;
}
printf("\nNon-emulated page fault with intr_depth > 0\n");
dab_fatal(tf, fsr, far, l, NULL);
}
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = NULL;
error = uvm_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
if (__predict_true(error == 0)) {
if (user)
uvm_grow(l->l_proc, va); /* Record any stack growth */
else
ucas_ras_check(tf);
UVMHIST_LOG(maphist, " <- uvm", 0, 0, 0, 0);
goto out;
}
if (user == 0) {
if (pcb->pcb_onfault) {
tf->tf_r0 = error;
tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
return;
}
printf("\nuvm_fault(%p, %lx, %x) -> %x\n", map, va, ftype,
error);
dab_fatal(tf, fsr, far, l, NULL);
}
KSI_INIT_TRAP(&ksi);
if (error == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: "
"out of swap\n", l->l_proc->p_pid, l->l_proc->p_comm,
l->l_cred ? kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
} else
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = (error == EACCES) ? SEGV_ACCERR : SEGV_MAPERR;
ksi.ksi_addr = (uint32_t *)(intptr_t) far;
ksi.ksi_trap = fsr;
UVMHIST_LOG(maphist, " <- error (%d)", error, 0, 0, 0);
do_trapsignal:
call_trapsignal(l, tf, &ksi);
out:
/* If returning to user mode, make sure to invoke userret() */
if (user)
userret(l);
}
/*
* General page fault handler.
*/
void
do_fault(struct trapframe *tf, struct lwp *l,
struct vm_map *map, vaddr_t va, vm_prot_t atype)
{
int error;
if (pmap_fault(map->pmap, va, atype))
return;
struct pcb * const pcb = lwp_getpcb(l);
void * const onfault = pcb->pcb_onfault;
const bool user = TRAP_USERMODE(tf);
if (cpu_intr_p()) {
KASSERT(!user);
error = EFAULT;
} else {
pcb->pcb_onfault = NULL;
error = uvm_fault(map, va, atype);
pcb->pcb_onfault = onfault;
}
if (error != 0) {
ksiginfo_t ksi;
if (onfault != NULL) {
tf->tf_r0 = error;
tf->tf_r15 = (tf->tf_r15 & ~R15_PC) |
(register_t)onfault;
return;
}
#ifdef DDB
if (db_validating) {
db_faulted = true;
tf->tf_r15 += INSN_SIZE;
return;
}
#endif
if (!user) {
#ifdef DDB
db_printf("Unhandled data abort in kernel mode\n");
kdb_trap(T_FAULT, tf);
#else
#ifdef DEBUG
printf("Unhandled data abort:\n");
printregs(tf);
#endif
panic("unhandled data abort in kernel mode");
#endif
}
KSI_INIT_TRAP(&ksi);
if (error == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: "
"out of swap\n",
l->l_proc->p_pid, l->l_proc->p_comm,
l->l_cred ? kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
} else
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = (error == EPERM) ? SEGV_ACCERR : SEGV_MAPERR;
ksi.ksi_addr = (void *) va;
trapsignal(l, &ksi);
} else if (!user) {
ucas_ras_check(tf);
}
}
