static int
gdb_trapper(u_int addr, u_int insn, struct trapframe *frame, int code)
{
struct thread *td;
ksiginfo_t ksi;
td = (curthread == NULL) ? &thread0 : curthread;
if (insn == GDB_BREAKPOINT || insn == GDB5_BREAKPOINT) {
if (code == FAULT_USER) {
ksiginfo_init_trap(&ksi);
ksi.ksi_signo = SIGTRAP;
ksi.ksi_code = TRAP_BRKPT;
ksi.ksi_addr = (u_int32_t *)addr;
trapsignal(td, &ksi);
return 0;
}
#if 0
#ifdef KGDB
return !kgdb_trap(T_BREAKPOINT, frame);
#endif
#endif
}
return 1;
}
static int
gdb_trapper(u_int addr, u_int insn, struct trapframe *tf, int code)
{
struct lwp * const l = curlwp;
#ifdef THUMB_CODE
if (tf->tf_spsr & PSR_T_bit) {
if (insn == GDB_THUMB_BREAKPOINT)
goto bkpt;
}
else
#endif
{
if (insn == GDB_BREAKPOINT || insn == GDB5_BREAKPOINT) {
#ifdef THUMB_CODE
bkpt:
#endif
if (code == FAULT_USER) {
ksiginfo_t ksi;
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGTRAP;
ksi.ksi_code = TRAP_BRKPT;
ksi.ksi_addr = (uint32_t *)addr;
ksi.ksi_trap = 0;
trapsignal(l, &ksi);
return 0;
}
#ifdef KGDB
return !kgdb_trap(T_BREAKPOINT, tf);
#endif
}
}
return 1;
}
void
db_kgdb_cmd(db_expr_t addr, bool haddr,
db_expr_t count, const char *modif)
{
kgdb_active++;
kgdb_trap(db_trap_type, DDB_REGS);
kgdb_active--;
}
static int udef_handler(struct trapframe *tf)
{
// print_trapframe(tf);
uint32_t inst = *(uint32_t *) (tf->tf_epc - 4);
if (inst == KGDB_BP_INSTR) {
return kgdb_trap(tf);
} else {
print_trapframe(tf);
if (trap_in_kernel(tf)) {
panic("undefined instruction\n");
} else {
killed_by_kernel();
}
}
return 0;
}
void kgdb_enter(struct pt_regs *regs, kgdb_data *kdp)
{
/* disable interrupts */
disable_interrupts();
/* reply to host that an exception has occurred */
kdp->sigval = kgdb_trap(regs);
/* send the PC and the Stack Pointer */
kdp->nregs = 2;
kdp->regs[0].num = BFIN_PC;
kdp->regs[0].val = regs->pc;
kdp->regs[1].num = BFIN_SP;
kdp->regs[1].val = (unsigned long)regs;
}
/*
* This is called by locore for supervisor-mode trace and
* breakpoint traps. This is separate from trap() above
* so that breakpoints in trap() will work.
*
* If we have both DDB and KGDB, let KGDB see it first,
* because KGDB will just return 0 if not connected.
*/
void
trap_kdebug(int type, struct trapframe tf)
{
#ifdef KGDB
/* Let KGDB handle it (if connected) */
if (kgdb_trap(type, &tf))
return;
#endif
#ifdef DDB
/* Let DDB handle it. */
if (kdb_trap(type, &tf))
return;
#endif
/* Drop into the PROM temporarily... */
(void)_nodb_trap(type, &tf);
}
static int
gdb_trapper(u_int addr, u_int insn, struct trapframe *frame, int code)
{
union sigval sv;
struct proc *p;
p = (curproc == NULL) ? &proc0 : curproc;
if (insn == GDB_BREAKPOINT || insn == GDB5_BREAKPOINT) {
if (code == FAULT_USER) {
sv.sival_int = addr;
trapsignal(p, SIGTRAP, 0, TRAP_BRKPT, sv);
return 0;
}
#ifdef KGDB
return !kgdb_trap(T_BREAKPOINT, frame);
#endif
}
return 1;
}
/*
* Called by locore.s for an unexpected interrupt.
* XXX - Almost identical to trap_kdebug...
*/
void
straytrap(struct trapframe tf)
{
int type = -1;
printf("unexpected trap; vector=0x%x at pc=0x%x\n",
tf.tf_vector, tf.tf_pc);
#ifdef KGDB
/* Let KGDB handle it (if connected) */
if (kgdb_trap(type, &tf))
return;
#endif
#ifdef DDB
/* Let DDB handle it. */
if (kdb_trap(type, &tf))
return;
#endif
/* Drop into the PROM temporarily... */
(void)_nodb_trap(type, &tf);
}
/*
* This function does all command processing for interfacing to gdb.
*/
static int
handle_exception (struct pt_regs *regs)
{
int addr;
int length;
char *ptr;
kgdb_data kd;
int i;
if (!initialized) {
printf("kgdb: exception before kgdb is initialized! huh?\n");
return (0);
}
/* probably should check which exception occured as well */
if (longjmp_on_fault) {
longjmp_on_fault = 0;
kgdb_longjmp(error_jmp_buf, KGDBERR_MEMFAULT);
panic("kgdb longjump failed!\n");
}
if (kgdb_active) {
printf("kgdb: unexpected exception from within kgdb\n");
return (0);
}
kgdb_active = 1;
kgdb_interruptible(0);
printf("kgdb: handle_exception; trap [0x%x]\n", kgdb_trap(regs));
if (kgdb_setjmp(error_jmp_buf) != 0)
panic("kgdb: error or fault in entry init!\n");
kgdb_enter(regs, &kd);
if (first_entry) {
/*
* the first time we enter kgdb, we save the processor
* state so that we can return to the monitor if the
* remote end quits gdb (or at least, tells us to quit
* with the 'k' packet)
*/
entry_regs = *regs;
first_entry = 0;
}
ptr = remcomOutBuffer;
*ptr++ = 'T';
*ptr++ = hexchars[kd.sigval >> 4];
*ptr++ = hexchars[kd.sigval & 0xf];
for (i = 0; i < kd.nregs; i++) {
kgdb_reg *rp = &kd.regs[i];
*ptr++ = hexchars[rp->num >> 4];
*ptr++ = hexchars[rp->num & 0xf];
*ptr++ = ':';
ptr = (char *)mem2hex((char *)&rp->val, ptr, 4);
*ptr++ = ';';
}
*ptr = 0;
#ifdef KGDB_DEBUG
if (kdebug)
printf("kgdb: remcomOutBuffer: %s\n", remcomOutBuffer);
#endif
putpacket((unsigned char *)&remcomOutBuffer);
while (1) {
volatile int errnum;
remcomOutBuffer[0] = 0;
getpacket(remcomInBuffer);
ptr = &remcomInBuffer[1];
#ifdef KGDB_DEBUG
if (kdebug)
printf("kgdb: remcomInBuffer: %s\n", remcomInBuffer);
#endif
errnum = kgdb_setjmp(error_jmp_buf);
if (errnum == 0) switch (remcomInBuffer[0]) {
case '?': /* report most recent signal */
remcomOutBuffer[0] = 'S';
remcomOutBuffer[1] = hexchars[kd.sigval >> 4];
remcomOutBuffer[2] = hexchars[kd.sigval & 0xf];
remcomOutBuffer[3] = 0;
break;
#ifdef KGDB_DEBUG
case 'd':
/* toggle debug flag */
kdebug ^= 1;
break;
#endif
case 'g': /* return the value of the CPU registers. */
length = kgdb_getregs(regs, remcomRegBuffer, BUFMAX);
mem2hex(remcomRegBuffer, remcomOutBuffer, length);
break;
case 'G': /* set the value of the CPU registers */
length = strlen(ptr);
if ((length & 1) != 0) kgdb_error(KGDBERR_BADPARAMS);
hex2mem(ptr, remcomRegBuffer, length/2);
kgdb_putregs(regs, remcomRegBuffer, length/2);
strcpy(remcomOutBuffer,"OK");
break;
case 'm': /* mAA..AA,LLLL Read LLLL bytes at address AA..AA */
/* Try to read %x,%x. */
if (hexToInt(&ptr, &addr)
&& *ptr++ == ','
&& hexToInt(&ptr, &length)) {
mem2hex((char *)addr, remcomOutBuffer, length);
} else {
kgdb_error(KGDBERR_BADPARAMS);
}
break;
case 'M': /* MAA..AA,LLLL: Write LLLL bytes at address AA.AA return OK */
/* Try to read '%x,%x:'. */
if (hexToInt(&ptr, &addr)
&& *ptr++ == ','
&& hexToInt(&ptr, &length)
&& *ptr++ == ':') {
hex2mem(ptr, (char *)addr, length);
strcpy(remcomOutBuffer, "OK");
} else {
kgdb_error(KGDBERR_BADPARAMS);
}
break;
case 'k': /* kill the program, actually return to monitor */
kd.extype = KGDBEXIT_KILL;
*regs = entry_regs;
first_entry = 1;
goto doexit;
case 'C': /* CSS continue with signal SS */
*ptr = '\0'; /* ignore the signal number for now */
/* fall through */
case 'c': /* cAA..AA Continue; address AA..AA optional */
/* try to read optional parameter, pc unchanged if no parm */
kd.extype = KGDBEXIT_CONTINUE;
if (hexToInt(&ptr, &addr)) {
kd.exaddr = addr;
kd.extype |= KGDBEXIT_WITHADDR;
}
goto doexit;
case 'S': /* SSS single step with signal SS */
*ptr = '\0'; /* ignore the signal number for now */
/* fall through */
case 's':
kd.extype = KGDBEXIT_SINGLE;
if (hexToInt(&ptr, &addr)) {
kd.exaddr = addr;
kd.extype |= KGDBEXIT_WITHADDR;
}
doexit:
/* Need to flush the instruction cache here, as we may have deposited a
* breakpoint, and the icache probably has no way of knowing that a data ref to
* some location may have changed something that is in the instruction cache.
*/
kgdb_flush_cache_all();
kgdb_exit(regs, &kd);
kgdb_active = 0;
kgdb_interruptible(1);
return (1);
case 'r': /* Reset (if user process..exit ???)*/
panic("kgdb reset.");
break;
case 'P': /* Pr=v set reg r to value v (r and v are hex) */
if (hexToInt(&ptr, &addr)
&& *ptr++ == '='
&& ((length = strlen(ptr)) & 1) == 0) {
hex2mem(ptr, remcomRegBuffer, length/2);
kgdb_putreg(regs, addr,
remcomRegBuffer, length/2);
strcpy(remcomOutBuffer,"OK");
} else {
kgdb_error(KGDBERR_BADPARAMS);
}
break;
} /* switch */
if (errnum != 0)
sprintf(remcomOutBuffer, "E%02d", errnum);
#ifdef KGDB_DEBUG
if (kdebug)
printf("kgdb: remcomOutBuffer: %s\n", remcomOutBuffer);
#endif
/* reply to the request */
putpacket((unsigned char *)&remcomOutBuffer);
} /* while(1) */
}
/*ARGSUSED*/
void
trap(struct trapframe *frame)
{
struct proc *p = curproc;
int type = (int)frame->tf_trapno;
struct pcb *pcb;
extern char doreti_iret[], resume_iret[];
caddr_t onfault;
int error;
uint64_t cr2;
union sigval sv;
uvmexp.traps++;
pcb = (p != NULL && p->p_addr != NULL) ? &p->p_addr->u_pcb : NULL;
#ifdef DEBUG
if (trapdebug) {
printf("trap %d code %lx rip %lx cs %lx rflags %lx cr2 %lx "
"cpl %x\n",
type, frame->tf_err, frame->tf_rip, frame->tf_cs,
frame->tf_rflags, rcr2(), curcpu()->ci_ilevel);
printf("curproc %p\n", curproc);
if (curproc)
printf("pid %d\n", p->p_pid);
}
#endif
if (!KERNELMODE(frame->tf_cs, frame->tf_rflags)) {
type |= T_USER;
p->p_md.md_regs = frame;
}
switch (type) {
default:
we_re_toast:
#ifdef KGDB
if (kgdb_trap(type, frame))
return;
else {
/*
* If this is a breakpoint, don't panic
* if we're not connected.
*/
if (type == T_BPTFLT) {
printf("kgdb: ignored %s\n", trap_type[type]);
return;
}
}
#endif
#ifdef DDB
if (kdb_trap(type, 0, frame))
return;
#endif
if (frame->tf_trapno < trap_types)
printf("fatal %s", trap_type[frame->tf_trapno]);
else
printf("unknown trap %ld", (u_long)frame->tf_trapno);
printf(" in %s mode\n", (type & T_USER) ? "user" : "supervisor");
printf("trap type %d code %lx rip %lx cs %lx rflags %lx cr2 "
" %lx cpl %x rsp %lx\n",
type, frame->tf_err, (u_long)frame->tf_rip, frame->tf_cs,
frame->tf_rflags, rcr2(), curcpu()->ci_ilevel, frame->tf_rsp);
panic("trap type %d, code=%lx, pc=%lx",
type, frame->tf_err, frame->tf_rip);
/*NOTREACHED*/
case T_PROTFLT:
case T_SEGNPFLT:
case T_ALIGNFLT:
case T_TSSFLT:
if (p == NULL)
goto we_re_toast;
/* Check for copyin/copyout fault. */
if (pcb->pcb_onfault != 0) {
error = EFAULT;
copyfault:
frame->tf_rip = (u_int64_t)pcb->pcb_onfault;
frame->tf_rax = error;
return;
}
/*
* Check for failure during return to user mode.
* We do this by looking at the address of the
* instruction that faulted.
*/
if (frame->tf_rip == (u_int64_t)doreti_iret) {
frame->tf_rip = (u_int64_t)resume_iret;
return;
}
goto we_re_toast;
case T_PROTFLT|T_USER: /* protection fault */
case T_TSSFLT|T_USER:
case T_SEGNPFLT|T_USER:
case T_STKFLT|T_USER:
case T_NMI|T_USER:
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): BUS at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGBUS, type & ~T_USER, BUS_OBJERR, sv);
KERNEL_UNLOCK();
goto out;
case T_ALIGNFLT|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGBUS, type & ~T_USER, BUS_ADRALN, sv);
KERNEL_UNLOCK();
goto out;
case T_PRIVINFLT|T_USER: /* privileged instruction fault */
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGILL, type & ~T_USER, ILL_PRVOPC, sv);
KERNEL_UNLOCK();
goto out;
case T_FPOPFLT|T_USER: /* coprocessor operand fault */
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): ILL at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGILL, type & ~T_USER, ILL_COPROC, sv);
KERNEL_UNLOCK();
goto out;
case T_ASTFLT|T_USER: /* Allow process switch */
uvmexp.softs++;
if (p->p_flag & P_OWEUPC) {
KERNEL_LOCK();
ADDUPROF(p);
KERNEL_UNLOCK();
}
/* Allow a forced task switch. */
if (curcpu()->ci_want_resched)
preempt(NULL);
goto out;
case T_BOUND|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_FLTSUB, sv);
KERNEL_UNLOCK();
goto out;
case T_OFLOW|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_INTOVF, sv);
KERNEL_UNLOCK();
goto out;
case T_DIVIDE|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_INTDIV, sv);
KERNEL_UNLOCK();
goto out;
case T_ARITHTRAP|T_USER:
case T_XMM|T_USER:
fputrap(frame);
goto out;
case T_PAGEFLT: /* allow page faults in kernel mode */
if (p == NULL)
goto we_re_toast;
cr2 = rcr2();
KERNEL_LOCK();
goto faultcommon;
case T_PAGEFLT|T_USER: { /* page fault */
vaddr_t va, fa;
struct vmspace *vm;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
cr2 = rcr2();
KERNEL_LOCK();
faultcommon:
vm = p->p_vmspace;
if (vm == NULL)
goto we_re_toast;
fa = cr2;
va = trunc_page((vaddr_t)cr2);
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if (type == T_PAGEFLT && va >= VM_MIN_KERNEL_ADDRESS)
map = kernel_map;
else
map = &vm->vm_map;
if (frame->tf_err & PGEX_W)
ftype = VM_PROT_WRITE;
else if (frame->tf_err & PGEX_I)
ftype = VM_PROT_EXECUTE;
else
ftype = VM_PROT_READ;
#ifdef DIAGNOSTIC
if (map == kernel_map && va == 0) {
printf("trap: bad kernel access at %lx\n", va);
goto we_re_toast;
}
#endif
/* Fault the original page in. */
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = NULL;
error = uvm_fault(map, va, frame->tf_err & PGEX_P?
VM_FAULT_PROTECT : VM_FAULT_INVALID, ftype);
pcb->pcb_onfault = onfault;
if (error == 0) {
if (map != kernel_map)
uvm_grow(p, va);
if (type == T_PAGEFLT) {
KERNEL_UNLOCK();
return;
}
KERNEL_UNLOCK();
goto out;
}
if (error == EACCES) {
error = EFAULT;
}
if (type == T_PAGEFLT) {
if (pcb->pcb_onfault != 0) {
KERNEL_UNLOCK();
goto copyfault;
}
printf("uvm_fault(%p, 0x%lx, 0, %d) -> %x\n",
map, va, ftype, error);
goto we_re_toast;
}
if (error == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
p->p_cred && p->p_ucred ?
(int)p->p_ucred->cr_uid : -1);
sv.sival_ptr = (void *)fa;
trapsignal(p, SIGKILL, T_PAGEFLT, SEGV_MAPERR, sv);
} else {
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): SEGV at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, va);
frame_dump(frame);
#endif
sv.sival_ptr = (void *)fa;
trapsignal(p, SIGSEGV, T_PAGEFLT, SEGV_MAPERR, sv);
}
KERNEL_UNLOCK();
break;
}
case T_TRCTRAP:
goto we_re_toast;
case T_BPTFLT|T_USER: /* bpt instruction fault */
case T_TRCTRAP|T_USER: /* trace trap */
#ifdef MATH_EMULATE
trace:
#endif
KERNEL_LOCK();
trapsignal(p, SIGTRAP, type &~ T_USER, TRAP_BRKPT, sv);
KERNEL_UNLOCK();
break;
#if NISA > 0
case T_NMI:
#if defined(KGDB) || defined(DDB)
/* NMI can be hooked up to a pushbutton for debugging */
printf ("NMI ... going to debugger\n");
#ifdef KGDB
if (kgdb_trap(type, frame))
return;
#endif
#ifdef DDB
if (kdb_trap(type, 0, frame))
return;
#endif
#endif /* KGDB || DDB */
/* machine/parity/power fail/"kitchen sink" faults */
if (x86_nmi() != 0)
goto we_re_toast;
else
return;
#endif /* NISA > 0 */
}
if ((type & T_USER) == 0)
return;
out:
userret(p);
}
/*
* trap(frame): exception, fault, and trap interface to BSD kernel.
*
* This common code is called from assembly language IDT gate entry routines
* that prepare a suitable stack frame, and restore this frame after the
* exception has been processed. Note that the effect is as if the arguments
* were passed call by reference.
*/
void
trap(struct trapframe *frame)
{
struct lwp *l = curlwp;
struct proc *p;
struct pcb *pcb;
extern char fusubail[], kcopy_fault[], return_address_fault[],
IDTVEC(osyscall)[];
struct trapframe *vframe;
ksiginfo_t ksi;
void *onfault;
int type, error;
uint32_t cr2;
bool pfail;
if (__predict_true(l != NULL)) {
pcb = lwp_getpcb(l);
p = l->l_proc;
} else {
/*
* this can happen eg. on break points in early on boot.
*/
pcb = NULL;
p = NULL;
}
type = frame->tf_trapno;
#ifdef DEBUG
if (trapdebug) {
trap_print(frame, l);
}
#endif
if (type != T_NMI &&
!KERNELMODE(frame->tf_cs, frame->tf_eflags)) {
type |= T_USER;
l->l_md.md_regs = frame;
pcb->pcb_cr2 = 0;
LWP_CACHE_CREDS(l, p);
}
#ifdef KDTRACE_HOOKS
/*
* A trap can occur while DTrace executes a probe. Before
* executing the probe, DTrace blocks re-scheduling and sets
* a flag in its per-cpu flags to indicate that it doesn't
* want to fault. On returning from the the probe, the no-fault
* flag is cleared and finally re-scheduling is enabled.
*
* If the DTrace kernel module has registered a trap handler,
* call it and if it returns non-zero, assume that it has
* handled the trap and modified the trap frame so that this
* function can return normally.
*/
if ((type == T_PROTFLT || type == T_PAGEFLT) &&
dtrace_trap_func != NULL) {
if ((*dtrace_trap_func)(frame, type)) {
return;
}
}
#endif
switch (type) {
case T_ASTFLT:
/*FALLTHROUGH*/
default:
we_re_toast:
if (type == T_TRCTRAP)
check_dr0();
else
trap_print(frame, l);
if (kdb_trap(type, 0, frame))
return;
if (kgdb_trap(type, frame))
return;
/*
* If this is a breakpoint, don't panic if we're not connected.
*/
if (type == T_BPTFLT && kgdb_disconnected()) {
printf("kgdb: ignored %s\n", trap_type[type]);
return;
}
panic("trap");
/*NOTREACHED*/
case T_PROTFLT:
case T_SEGNPFLT:
case T_ALIGNFLT:
case T_TSSFLT:
if (p == NULL)
goto we_re_toast;
/* Check for copyin/copyout fault. */
onfault = onfault_handler(pcb, frame);
if (onfault != NULL) {
copyefault:
error = EFAULT;
copyfault:
frame->tf_eip = (uintptr_t)onfault;
frame->tf_eax = error;
return;
}
/*
* Check for failure during return to user mode.
* This can happen loading invalid values into the segment
* registers, or during the 'iret' itself.
*
* We do this by looking at the instruction we faulted on.
* The specific instructions we recognize only happen when
* returning from a trap, syscall, or interrupt.
*/
kernelfault:
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
ksi.ksi_trap = type;
switch (*(u_char *)frame->tf_eip) {
case 0xcf: /* iret */
/*
* The 'iret' instruction faulted, so we have the
* 'user' registers saved after the kernel %eip:%cs:%fl
* of the 'iret' and below that the user %eip:%cs:%fl
* the 'iret' was processing.
* We must delete the 3 words of kernel return address
* from the stack to generate a normal stack frame
* (eg for sending a SIGSEGV).
*/
vframe = (void *)((int *)frame + 3);
if (KERNELMODE(vframe->tf_cs, vframe->tf_eflags))
goto we_re_toast;
memmove(vframe, frame,
offsetof(struct trapframe, tf_eip));
/* Set the faulting address to the user %eip */
ksi.ksi_addr = (void *)vframe->tf_eip;
break;
case 0x8e:
switch (*(uint32_t *)frame->tf_eip) {
case 0x8e242c8e: /* mov (%esp,%gs), then */
case 0x0424648e: /* mov 0x4(%esp),%fs */
case 0x0824448e: /* mov 0x8(%esp),%es */
case 0x0c245c8e: /* mov 0xc(%esp),%ds */
break;
default:
goto we_re_toast;
}
/*
* We faulted loading one if the user segment registers.
* The stack frame containing the user registers is
* still valid and is just below the %eip:%cs:%fl of
* the kernel fault frame.
*/
vframe = (void *)(&frame->tf_eflags + 1);
if (KERNELMODE(vframe->tf_cs, vframe->tf_eflags))
goto we_re_toast;
/* There is no valid address for the fault */
break;
default:
goto we_re_toast;
}
/*
* We might have faulted trying to execute the
* trampoline for a local (nested) signal handler.
* Only generate SIGSEGV if the user %cs isn't changed.
* (This is only strictly necessary in the 'iret' case.)
*/
if (!pmap_exec_fixup(&p->p_vmspace->vm_map, vframe, pcb)) {
/* Save outer frame for any signal return */
l->l_md.md_regs = vframe;
(*p->p_emul->e_trapsignal)(l, &ksi);
}
/* Return to user by reloading the user frame */
trap_return_fault_return(vframe);
/* NOTREACHED */
case T_PROTFLT|T_USER: /* protection fault */
case T_TSSFLT|T_USER:
case T_SEGNPFLT|T_USER:
case T_STKFLT|T_USER:
case T_ALIGNFLT|T_USER:
KSI_INIT_TRAP(&ksi);
ksi.ksi_addr = (void *)rcr2();
switch (type) {
case T_SEGNPFLT|T_USER:
case T_STKFLT|T_USER:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case T_TSSFLT|T_USER:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_OBJERR;
break;
case T_ALIGNFLT|T_USER:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRALN;
break;
case T_PROTFLT|T_USER:
#ifdef VM86
if (frame->tf_eflags & PSL_VM) {
vm86_gpfault(l, type & ~T_USER);
goto out;
}
#endif
/*
* If pmap_exec_fixup does something,
* let's retry the trap.
*/
if (pmap_exec_fixup(&p->p_vmspace->vm_map, frame, pcb)){
goto out;
}
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
KASSERT(0);
break;
}
goto trapsignal;
case T_PRIVINFLT|T_USER: /* privileged instruction fault */
case T_FPOPFLT|T_USER: /* coprocessor operand fault */
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *) frame->tf_eip;
switch (type) {
case T_PRIVINFLT|T_USER:
ksi.ksi_code = ILL_PRVOPC;
break;
case T_FPOPFLT|T_USER:
ksi.ksi_code = ILL_COPROC;
break;
default:
ksi.ksi_code = 0;
break;
}
goto trapsignal;
case T_ASTFLT|T_USER:
/* Allow process switch. */
//curcpu()->ci_data.cpu_nast++;
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
/* Allow a forced task switch. */
if (curcpu()->ci_want_resched) {
preempt();
}
goto out;
case T_BOUND|T_USER:
case T_OFLOW|T_USER:
case T_DIVIDE|T_USER:
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGFPE;
ksi.ksi_addr = (void *)frame->tf_eip;
switch (type) {
case T_BOUND|T_USER:
ksi.ksi_code = FPE_FLTSUB;
break;
case T_OFLOW|T_USER:
ksi.ksi_code = FPE_INTOVF;
break;
case T_DIVIDE|T_USER:
ksi.ksi_code = FPE_INTDIV;
break;
default:
ksi.ksi_code = 0;
break;
}
goto trapsignal;
case T_PAGEFLT:
/* Allow page faults in kernel mode. */
if (__predict_false(l == NULL))
goto we_re_toast;
/*
* fusubail is used by [fs]uswintr() to prevent page faulting
* from inside the profiling interrupt.
*/
onfault = pcb->pcb_onfault;
if (onfault == fusubail || onfault == return_address_fault) {
goto copyefault;
}
if (cpu_intr_p() || (l->l_pflag & LP_INTR) != 0) {
goto we_re_toast;
}
cr2 = rcr2();
goto faultcommon;
case T_PAGEFLT|T_USER: { /* page fault */
register vaddr_t va;
register struct vmspace *vm;
register struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
cr2 = rcr2();
faultcommon:
vm = p->p_vmspace;
if (__predict_false(vm == NULL)) {
goto we_re_toast;
}
pcb->pcb_cr2 = cr2;
va = trunc_page((vaddr_t)cr2);
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if (type == T_PAGEFLT && va >= KERNBASE)
map = kernel_map;
else
map = &vm->vm_map;
if (frame->tf_err & PGEX_W)
ftype = VM_PROT_WRITE;
else if (frame->tf_err & PGEX_X)
ftype = VM_PROT_EXECUTE;
else
ftype = VM_PROT_READ;
#ifdef DIAGNOSTIC
if (map == kernel_map && va == 0) {
printf("trap: bad kernel access at %lx\n", va);
goto we_re_toast;
}
#endif
/* Fault the original page in. */
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = NULL;
error = uvm_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
if (error == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
pfail = false;
while (type == T_PAGEFLT) {
/*
* we need to switch pmap now if we're in
* the middle of copyin/out.
*
* but we don't need to do so for kcopy as
* it never touch userspace.
*/
kpreempt_disable();
if (curcpu()->ci_want_pmapload) {
onfault = onfault_handler(pcb, frame);
if (onfault != kcopy_fault) {
pmap_load();
}
}
/*
* We need to keep the pmap loaded and
* so avoid being preempted until back
* into the copy functions. Disable
* interrupts at the hardware level before
* re-enabling preemption. Interrupts
* will be re-enabled by 'iret' when
* returning back out of the trap stub.
* They'll only be re-enabled when the
* program counter is once again in
* the copy functions, and so visible
* to cpu_kpreempt_exit().
*/
#ifndef XEN
x86_disable_intr();
#endif
l->l_nopreempt--;
if (l->l_nopreempt > 0 || !l->l_dopreempt ||
pfail) {
return;
}
#ifndef XEN
x86_enable_intr();
#endif
/*
* If preemption fails for some reason,
* don't retry it. The conditions won't
* change under our nose.
*/
pfail = kpreempt(0);
}
goto out;
}
if (type == T_PAGEFLT) {
onfault = onfault_handler(pcb, frame);
if (onfault != NULL)
goto copyfault;
printf("uvm_fault(%p, %#lx, %d) -> %#x\n",
map, va, ftype, error);
goto kernelfault;
}
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_addr = (void *)cr2;
switch (error) {
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
error = EFAULT;
break;
case ENOMEM:
ksi.ksi_signo = SIGKILL;
printf("UVM: pid %d.%d (%s), uid %d killed: "
"out of swap\n", p->p_pid, l->l_lid, p->p_comm,
l->l_cred ? kauth_cred_geteuid(l->l_cred) : -1);
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
#ifdef TRAP_SIGDEBUG
printf("pid %d.%d (%s): signal %d at eip %x addr %lx "
"error %d\n", p->p_pid, l->l_lid, p->p_comm, ksi.ksi_signo,
frame->tf_eip, va, error);
#endif
(*p->p_emul->e_trapsignal)(l, &ksi);
break;
}
case T_TRCTRAP:
/* Check whether they single-stepped into a lcall. */
if (frame->tf_eip == (int)IDTVEC(osyscall))
return;
if (frame->tf_eip == (int)IDTVEC(osyscall) + 1) {
frame->tf_eflags &= ~PSL_T;
return;
}
goto we_re_toast;
case T_BPTFLT|T_USER: /* bpt instruction fault */
case T_TRCTRAP|T_USER: /* trace trap */
/*
* Don't go single-stepping into a RAS.
*/
if (p->p_raslist == NULL ||
(ras_lookup(p, (void *)frame->tf_eip) == (void *)-1)) {
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGTRAP;
ksi.ksi_trap = type & ~T_USER;
if (type == (T_BPTFLT|T_USER))
ksi.ksi_code = TRAP_BRKPT;
else
ksi.ksi_code = TRAP_TRACE;
ksi.ksi_addr = (void *)frame->tf_eip;
(*p->p_emul->e_trapsignal)(l, &ksi);
}
break;
case T_NMI:
if (nmi_dispatch(frame))
return;
/* NMI can be hooked up to a pushbutton for debugging */
if (kgdb_trap(type, frame))
return;
if (kdb_trap(type, 0, frame))
return;
/* machine/parity/power fail/"kitchen sink" faults */
#if NMCA > 0
mca_nmi();
#endif
x86_nmi();
}
if ((type & T_USER) == 0)
return;
out:
userret(l);
return;
trapsignal:
ksi.ksi_trap = type & ~T_USER;
(*p->p_emul->e_trapsignal)(l, &ksi);
userret(l);
}
static int
trap_kdebug(int type, int code, struct trapframe *frame)
{
int handled;
u_int tf_iioq_head_old;
u_int tf_iioq_tail_old;
for(;;) {
/* This trap has not been handled. */
handled = 0;
/* Remember the instruction offset queue. */
tf_iioq_head_old = frame->tf_iioq_head;
tf_iioq_tail_old = frame->tf_iioq_tail;
#ifdef KGDB
/* Let KGDB handle it (if connected) */
if (!handled)
handled = kgdb_trap(type, frame);
#endif
#ifdef DDB
/* Let DDB handle it. */
if (!handled)
handled = kdb_trap(type, code, frame);
#endif
/* If this trap wasn't handled, return now. */
if (!handled)
return(0);
/*
* If the instruction offset queue head changed,
* but the offset queue tail didn't, assume that
* the user wants to jump to the head offset, and
* adjust the tail accordingly. This should fix
* the kgdb `jump' command, and can help DDB users
* who `set' the offset head but forget the tail.
*/
if (frame->tf_iioq_head != tf_iioq_head_old &&
frame->tf_iioq_tail == tf_iioq_tail_old)
frame->tf_iioq_tail = frame->tf_iioq_head + 4;
/*
* This is some single-stepping support.
* If we're trying to step through a nullified
* instruction, just advance by hand and trap
* again. Otherwise, load the recovery counter
* with zero.
*/
if (frame->tf_ipsw & PSW_R) {
#ifdef TRAPDEBUG
printf("(single stepping at head 0x%x tail 0x%x)\n", frame->tf_iioq_head, frame->tf_iioq_tail);
#endif
if (frame->tf_ipsw & PSW_N) {
#ifdef TRAPDEBUG
printf("(single stepping past nullified)\n");
#endif
/* Advance the program counter. */
frame->tf_iioq_head = frame->tf_iioq_tail;
frame->tf_iioq_tail = frame->tf_iioq_head + 4;
/* Clear flags. */
frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L);
/* Simulate another trap. */
type = T_RECOVERY;
continue;
}
frame->tf_rctr = 0;
}
/* We handled this trap. */
return (1);
}
/* NOTREACHED */
}
/*
* Trap is called from locore to handle most types of processor traps.
*/
void
trap(unsigned int status, unsigned int cause, vaddr_t vaddr, vaddr_t opc,
struct trapframe *frame)
{
int type;
struct lwp *l = curlwp;
struct proc *p = curproc;
vm_prot_t ftype;
ksiginfo_t ksi;
struct frame *fp;
extern void fswintrberr(void);
KSI_INIT_TRAP(&ksi);
uvmexp.traps++;
if ((type = TRAPTYPE(cause)) >= LENGTH(trap_type))
panic("trap: unknown trap type %d", type);
if (USERMODE(status)) {
type |= T_USER;
LWP_CACHE_CREDS(l, p);
}
/* Enable interrupts just at it was before the trap. */
_splset(status & AVR32_STATUS_IMx);
switch (type) {
default:
dopanic:
(void)splhigh();
printf("trap: %s in %s mode\n",
trap_type[TRAPTYPE(cause)],
USERMODE(status) ? "user" : "kernel");
printf("status=0x%x, cause=0x%x, epc=%#lx, vaddr=%#lx\n",
status, cause, opc, vaddr);
if (curlwp != NULL) {
fp = (struct frame *)l->l_md.md_regs;
printf("pid=%d cmd=%s usp=0x%x ",
p->p_pid, p->p_comm, (int)fp->f_regs[_R_SP]);
} else
printf("curlwp == NULL ");
printf("ksp=%p\n", &status);
#if defined(DDB)
kdb_trap(type, (mips_reg_t *) frame);
/* XXX force halt XXX */
#elif defined(KGDB)
{
struct frame *f = (struct frame *)&ddb_regs;
extern mips_reg_t kgdb_cause, kgdb_vaddr;
kgdb_cause = cause;
kgdb_vaddr = vaddr;
/*
* init global ddb_regs, used in db_interface.c routines
* shared between ddb and gdb. Send ddb_regs to gdb so
* that db_machdep.h macros will work with it, and
* allow gdb to alter the PC.
*/
db_set_ddb_regs(type, (mips_reg_t *) frame);
PC_BREAK_ADVANCE(f);
if (kgdb_trap(type, &ddb_regs)) {
((mips_reg_t *)frame)[21] = f->f_regs[_R_PC];
return;
}
}
#else
panic("trap: dopanic: notyet");
#endif
/*NOTREACHED*/
case T_TLB_MOD:
panic("trap: T_TLB_MOD: notyet");
#if notyet
if (KERNLAND(vaddr)) {
pt_entry_t *pte;
unsigned entry;
paddr_t pa;
pte = kvtopte(vaddr);
entry = pte->pt_entry;
if (!avr32_pte_v(entry) /*|| (entry & mips_pg_m_bit())*/) {
panic("ktlbmod: invalid pte");
}
if (entry & avr32_pte_ropage_bit()) {
/* write to read only page in the kernel */
ftype = VM_PROT_WRITE;
goto kernelfault;
}
entry |= mips_pg_m_bit(); /* XXXAVR32 Do it on tlbarlo/ tlbarhi? */
pte->pt_entry = entry;
vaddr &= ~PGOFSET;
MachTLBUpdate(vaddr, entry);
pa = avr32_tlbpfn_to_paddr(entry);
if (!IS_VM_PHYSADDR(pa)) {
printf("ktlbmod: va %#lx pa %#llx\n",
vaddr, (long long)pa);
panic("ktlbmod: unmanaged page");
}
pmap_set_modified(pa);
return; /* KERN */
}
/*FALLTHROUGH*/
#endif
case T_TLB_MOD+T_USER:
panic("trap: T_TLB_MOD+T_USER: notyet");
#if notyet
{
pt_entry_t *pte;
unsigned entry;
paddr_t pa;
pmap_t pmap;
pmap = p->p_vmspace->vm_map.pmap;
if (!(pte = pmap_segmap(pmap, vaddr)))
panic("utlbmod: invalid segmap");
pte += (vaddr >> PGSHIFT) & (NPTEPG - 1);
entry = pte->pt_entry;
if (!avr32_pte_v(entry))
panic("utlbmod: invalid pte");
if (entry & avr32_pte_ropage_bit()) {
/* write to read only page */
ftype = VM_PROT_WRITE;
goto pagefault;
}
/* entry |= mips_pg_m_bit(); XXXAVR32 Do it on tlbarlo/ tlbarhi? */
pte->pt_entry = entry;
vaddr = (vaddr & ~PGOFSET) |
(pmap->pm_asid << AVR32_TLB_PID_SHIFT);
MachTLBUpdate(vaddr, entry);
pa = avr32_tlbpfn_to_paddr(entry);
if (!IS_VM_PHYSADDR(pa)) {
printf("utlbmod: va %#lx pa %#llx\n",
vaddr, (long long)pa);
panic("utlbmod: unmanaged page");
}
pmap_set_modified(pa);
if (type & T_USER)
userret(l);
return; /* GEN */
}
#endif
case T_TLB_LD_MISS:
panic("trap: T_TLB_LD_MISS: notyet");
case T_TLB_ST_MISS:
ftype = (type == T_TLB_LD_MISS) ? VM_PROT_READ : VM_PROT_WRITE;
if (KERNLAND(vaddr))
goto kernelfault;
panic("trap: T_TLB_ST_MISS: notyet");
#if notyet
/*
* It is an error for the kernel to access user space except
* through the copyin/copyout routines.
*/
if (l == NULL || l->l_addr->u_pcb.pcb_onfault == NULL)
goto dopanic;
/* check for fuswintr() or suswintr() getting a page fault */
if (l->l_addr->u_pcb.pcb_onfault == (void *)fswintrberr) {
frame->tf_regs[TF_EPC] = (int)fswintrberr;
return; /* KERN */
}
goto pagefault;
#endif
case T_TLB_LD_MISS+T_USER:
panic("trap: T_TLB_LD_MISS+T_USER: notyet");
#if notyet
ftype = VM_PROT_READ;
goto pagefault;
#endif
case T_TLB_ST_MISS+T_USER:
panic("trap: T_TLB_ST_MISS+T_USER: notyet");
#if notyet
ftype = VM_PROT_WRITE;
#endif
pagefault: ;
{
vaddr_t va;
struct vmspace *vm;
struct vm_map *map;
int rv;
vm = p->p_vmspace;
map = &vm->vm_map;
va = trunc_page(vaddr);
if ((l->l_flag & LW_SA) && (~l->l_pflag & LP_SA_NOBLOCK)) {
l->l_savp->savp_faultaddr = (vaddr_t)vaddr;
l->l_pflag |= LP_SA_PAGEFAULT;
}
if (p->p_emul->e_fault)
rv = (*p->p_emul->e_fault)(p, va, ftype);
else
rv = uvm_fault(map, va, ftype);
#ifdef VMFAULT_TRACE
printf(
"uvm_fault(%p (pmap %p), %lx (0x%x), %d) -> %d at pc %p\n",
map, vm->vm_map.pmap, va, vaddr, ftype, rv, (void*)opc);
#endif
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if ((void *)va >= vm->vm_maxsaddr) {
if (rv == 0){
uvm_grow(p, va);
}
else if (rv == EACCES)
rv = EFAULT;
}
l->l_pflag &= ~LP_SA_PAGEFAULT;
if (rv == 0) {
if (type & T_USER) {
userret(l);
}
return; /* GEN */
}
if ((type & T_USER) == 0)
goto copyfault;
if (rv == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : (uid_t) -1);
ksi.ksi_signo = SIGKILL;
ksi.ksi_code = 0;
} else {
if (rv == EACCES) {
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_OBJERR;
} else {
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
}
}
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_addr = (void *)vaddr;
break; /* SIGNAL */
}
kernelfault: ;
{
vaddr_t va;
int rv;
va = trunc_page(vaddr);
rv = uvm_fault(kernel_map, va, ftype);
if (rv == 0)
return; /* KERN */
/*FALLTHROUGH*/
}
case T_ADDR_ERR_LD: /* misaligned access */
case T_ADDR_ERR_ST: /* misaligned access */
case T_BUS_ERR_LD_ST: /* BERR asserted to CPU */
copyfault:
panic("trap: copyfault: notyet");
#if notyet
if (l == NULL || l->l_addr->u_pcb.pcb_onfault == NULL)
goto dopanic;
frame->tf_regs[TF_EPC] = (intptr_t)l->l_addr->u_pcb.pcb_onfault;
return; /* KERN */
#endif
#if notyet
case T_ADDR_ERR_LD+T_USER: /* misaligned or kseg access */
case T_ADDR_ERR_ST+T_USER: /* misaligned or kseg access */
case T_BUS_ERR_IFETCH+T_USER: /* BERR asserted to CPU */
case T_BUS_ERR_LD_ST+T_USER: /* BERR asserted to CPU */
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGSEGV; /* XXX */
ksi.ksi_addr = (void *)vaddr;
ksi.ksi_code = SEGV_MAPERR; /* XXX */
break; /* SIGNAL */
case T_BREAK:
panic("trap: T_BREAK: notyet");
#if defined(DDB)
kdb_trap(type, (avr32_reg_t *) frame);
return; /* KERN */
#elif defined(KGDB)
{
struct frame *f = (struct frame *)&ddb_regs;
extern avr32_reg_t kgdb_cause, kgdb_vaddr;
kgdb_cause = cause;
kgdb_vaddr = vaddr;
/*
* init global ddb_regs, used in db_interface.c routines
* shared between ddb and gdb. Send ddb_regs to gdb so
* that db_machdep.h macros will work with it, and
* allow gdb to alter the PC.
*/
db_set_ddb_regs(type, (avr32_reg_t *) frame);
PC_BREAK_ADVANCE(f);
if (!kgdb_trap(type, &ddb_regs))
printf("kgdb: ignored %s\n",
trap_type[TRAPTYPE(cause)]);
else
((avr32_reg_t *)frame)[21] = f->f_regs[_R_PC];
return;
}
#else
goto dopanic;
#endif
case T_BREAK+T_USER:
{
vaddr_t va;
uint32_t instr;
int rv;
/* compute address of break instruction */
va = (DELAYBRANCH(cause)) ? opc + sizeof(int) : opc;
/* read break instruction */
instr = fuiword((void *)va);
if (l->l_md.md_ss_addr != va || instr != MIPS_BREAK_SSTEP) {
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGTRAP;
ksi.ksi_addr = (void *)va;
ksi.ksi_code = TRAP_TRACE;
break;
}
/*
* Restore original instruction and clear BP
*/
rv = suiword((void *)va, l->l_md.md_ss_instr);
if (rv < 0) {
vaddr_t sa, ea;
sa = trunc_page(va);
ea = round_page(va + sizeof(int) - 1);
rv = uvm_map_protect(&p->p_vmspace->vm_map,
sa, ea, VM_PROT_ALL, false);
if (rv == 0) {
rv = suiword((void *)va, l->l_md.md_ss_instr);
(void)uvm_map_protect(&p->p_vmspace->vm_map,
sa, ea, VM_PROT_READ|VM_PROT_EXECUTE, false);
}
}
mips_icache_sync_all(); /* XXXJRT -- necessary? */
mips_dcache_wbinv_all(); /* XXXJRT -- necessary? */
if (rv < 0)
printf("Warning: can't restore instruction at 0x%lx: 0x%x\n",
l->l_md.md_ss_addr, l->l_md.md_ss_instr);
l->l_md.md_ss_addr = 0;
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGTRAP;
ksi.ksi_addr = (void *)va;
ksi.ksi_code = TRAP_BRKPT;
break; /* SIGNAL */
}
case T_RES_INST+T_USER:
case T_COP_UNUSABLE+T_USER:
#if !defined(SOFTFLOAT) && !defined(NOFPU)
if ((cause & MIPS_CR_COP_ERR) == 0x10000000) {
struct frame *f;
f = (struct frame *)l->l_md.md_regs;
savefpregs(fpcurlwp); /* yield FPA */
loadfpregs(l); /* load FPA */
fpcurlwp = l;
l->l_md.md_flags |= MDP_FPUSED;
f->f_regs[_R_SR] |= MIPS_SR_COP_1_BIT;
} else
#endif
{
MachEmulateInst(status, cause, opc, l->l_md.md_regs);
}
userret(l);
return; /* GEN */
case T_FPE+T_USER:
panic ("trap: T_FPE+T_USER: notyet");
#if defined(SOFTFLOAT)
MachEmulateInst(status, cause, opc, l->l_md.md_regs);
#elif !defined(NOFPU)
MachFPTrap(status, cause, opc, l->l_md.md_regs);
#endif
userret(l);
return; /* GEN */
case T_OVFLOW+T_USER:
case T_TRAP+T_USER:
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGFPE;
fp = (struct frame *)l->l_md.md_regs;
ksi.ksi_addr = (void *)fp->f_regs[_R_PC];
ksi.ksi_code = FPE_FLTOVF; /* XXX */
break; /* SIGNAL */
#endif
}
panic("trap: post-switch: notyet");
#if notyet
fp = (struct frame *)l->l_md.md_regs;
fp->f_regs[_R_CAUSE] = cause;
fp->f_regs[_R_BADVADDR] = vaddr;
(*p->p_emul->e_trapsignal)(l, &ksi);
if ((type & T_USER) == 0)
panic("trapsignal");
userret(l);
#endif
return;
}
/*ARGSUSED*/
void
trap(struct trapframe *tf, int type, u_int code, u_int v)
{
struct lwp *l;
struct proc *p;
struct pcb *pcb;
ksiginfo_t ksi;
int tmp;
int rv;
u_quad_t sticks;
void *onfault;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
onfault = pcb->pcb_onfault;
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
KASSERT(pcb != NULL);
if (USERMODE(tf->tf_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = tf->tf_regs;
LWP_CACHE_CREDS(l, p);
} else {
sticks = 0;
/* XXX: Detect trap recursion? */
}
switch (type) {
default:
dopanic:
printf("trap type=0x%x, code=0x%x, v=0x%x\n", type, code, v);
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
tmp = splhigh();
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, tf))
goto kgdb_cont;
#endif
#ifdef DDB
(void) kdb_trap(type, (db_regs_t *) tf);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(tmp);
if (panicstr) {
/*
* Note: panic is smart enough to do:
* boot(RB_AUTOBOOT | RB_NOSYNC, NULL)
* if we call it again.
*/
panic("trap during panic!");
}
regdump(tf, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap type 0x%x", type);
case T_BUSERR: /* kernel bus error */
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/*FALLTHROUGH*/
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
tf->tf_stackadj = exframesize[tf->tf_format];
tf->tf_format = tf->tf_vector = 0;
tf->tf_pc = (int)onfault;
tf->tf_regs[D0] = rv;
goto done;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
case T_FPEMULI: /* FPU faults in supervisor mode */
case T_FPEMULD:
if (nofault) /* Doing FPU probe? */
longjmp(nofault);
goto dopanic;
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
#ifdef FPU_EMULATE
if (fpu_emulate(tf, &pcb->pcb_fpregs, &ksi) == 0)
; /* XXX - Deal with tracing? (tf->tf_sr & PSL_T) */
#else
uprintf("pid %d killed: no floating point support\n", p->p_pid);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
#endif
break;
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_code = FPE_FLTDIV;
case T_CHKINST|T_USER: /* CHK instruction trap */
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
tf->tf_sr &= ~PSL_T;
goto done;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush"
* Just flush the on-chip caches and return.
* XXX - Too bad NetBSD uses trap 2...
*/
if (p->p_emul == &emul_sunos) {
/* get out fast */
goto done;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
tf->tf_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/* T_SSIR is not used on a Sun2. */
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto douret;
case T_MMUFLT: /* kernel mode page fault */
/* Hacks to avoid calling VM code from debugger. */
#ifdef DDB
if (db_recover != 0)
goto dopanic;
#endif
#ifdef KGDB
if (kgdb_recover != 0)
goto dopanic;
#endif
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
if (onfault == (void *)fubail || onfault == (void *)subail) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault fu/su bail\n");
Debugger();
}
#endif
rv = EFAULT;
goto copyfault;
}
/*FALLTHROUGH*/
case T_MMUFLT|T_USER: { /* page fault */
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=0x%x, v=0x%x, pc=0x%x, sr=0x%x\n",
p->p_pid, code, v, tf->tf_pc, tf->tf_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and: (2 or 3)
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
map = &vm->vm_map;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault == NULL || KDFAULT(code))
map = kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = m68k_trunc_page((vaddr_t)v);
/*
* Need to resolve the fault.
*
* We give the pmap code a chance to resolve faults by
* reloading translations that it was forced to unload.
* This function does that, and calls vm_fault if it
* could not resolve the fault by reloading the MMU.
* This function may also, for example, disallow any
* faults in the kernel text segment, etc.
*/
pcb->pcb_onfault = NULL;
rv = _pmap_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid)) {
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
if (mmudebug & MDB_WBFAILED)
Debugger();
}
#endif /* DEBUG */
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if ((type & T_USER) == 0 && ucas_ras_check(tf)) {
return;
}
goto finish;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault pcb_onfault\n");
Debugger();
}
#endif
goto copyfault;
}
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
} /* T_MMUFLT */
} /* switch */
finish:
/* If trap was from supervisor mode, just return. */
if ((type & T_USER) == 0)
goto done;
/* Post a signal if necessary. */
if (ksi.ksi_signo)
trapsignal(l, &ksi);
douret:
userret(l, tf, sticks);
done:;
/* XXX: Detect trap recursion? */
}
void kgdb_enter(struct pt_regs *regs, kgdb_data *kdp)
{
kdp->sigval = kgdb_trap(regs);
kdp->nregs = 0;
}
/*ARGSUSED*/
void
trap(struct frame *fp, int type, unsigned code, unsigned v)
{
extern char fubail[], subail[];
struct lwp *l;
struct proc *p;
struct pcb *pcb;
void *onfault;
ksiginfo_t ksi;
int s;
int rv;
u_quad_t sticks = 0 /* XXX initialiser works around compiler bug */;
static int panicking __diagused;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
if (USERMODE(fp->f_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = fp->f_regs;
LWP_CACHE_CREDS(l, p);
}
switch (type) {
default:
dopanic:
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
s = splhigh();
panicking = 1;
printf("trap type %d, code = 0x%x, v = 0x%x\n", type, code, v);
printf("%s program counter = 0x%x\n",
(type & T_USER) ? "user" : "kernel", fp->f_pc);
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, (db_regs_t *)fp))
goto kgdb_cont;
#endif
#ifdef DDB
(void)kdb_trap(type, (db_regs_t *)fp);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(s);
if (panicstr) {
printf("trap during panic!\n");
#ifdef DEBUG
/* XXX should be a machine-dependent hook */
printf("(press a key)\n"); (void)cngetc();
#endif
}
regdump((struct trapframe *)fp, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap");
case T_BUSERR: /* kernel bus error */
onfault = pcb->pcb_onfault;
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/* FALLTHROUGH */
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
fp->f_stackadj = exframesize[fp->f_format];
fp->f_format = fp->f_vector = 0;
fp->f_pc = (int)onfault;
fp->f_regs[D0] = rv;
return;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_RESAD_FAULT */
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
#ifdef M68040
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
/* XXX need to FSAVE */
printf("pid %d(%s): unimplemented FP %s at %x (EA %x)\n",
p->p_pid, p->p_comm,
fp->f_format == 2 ? "instruction" : "data type",
fp->f_pc, fp->f_fmt2.f_iaddr);
/* XXX need to FRESTORE */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
#endif
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_PRIVIN_FAULT */
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTDIV_TRAP */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTDIV;
break;
case T_CHKINST|T_USER: /* CHK instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_SUBRNG_TRAP */
ksi.ksi_signo = SIGFPE;
break;
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTOVF_TRAP */
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
#ifdef DEBUG
printf("unexpected kernel trace trap, type = %d\n", type);
printf("program counter = 0x%x\n", fp->f_pc);
#endif
fp->f_sr &= ~PSL_T;
return;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush".
* Just flush the on-chip caches and return.
*/
if (p->p_emul == &emul_sunos) {
ICIA();
DCIU();
return;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
fp->f_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/*
* We check for software interrupts first. This is because
* they are at a higher level than ASTs, and on a VAX would
* interrupt the AST. We assume that if we are processing
* an AST that we must be at IPL0 so we don't bother to
* check. Note that we ensure that we are at least at SIR
* IPL while processing the SIR.
*/
spl1();
/* fall into... */
case T_SSIR: /* software interrupt */
case T_SSIR|T_USER:
/*
* If this was not an AST trap, we are all done.
*/
if (type != (T_ASTFLT|T_USER)) {
curcpu()->ci_data.cpu_ntrap--;
return;
}
spl0();
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto out;
case T_MMUFLT: /* kernel mode page fault */
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
onfault = pcb->pcb_onfault;
if (onfault == fubail || onfault == subail) {
rv = EFAULT;
goto copyfault;
}
/* fall into ... */
case T_MMUFLT|T_USER: /* page fault */
{
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
onfault = pcb->pcb_onfault;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=%x, v=%x, pc=%x, sr=%x\n",
p->p_pid, code, v, fp->f_pc, fp->f_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if ((type & T_USER) == 0 && (onfault == NULL || KDFAULT(code)))
map = kernel_map;
else {
map = vm ? &vm->vm_map : kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = trunc_page((vaddr_t)v);
if (map == kernel_map && va == 0) {
printf("trap: bad kernel %s access at 0x%x\n",
(ftype & VM_PROT_WRITE) ? "read/write" :
"read", v);
goto dopanic;
}
#ifdef DIAGNOSTIC
if (interrupt_depth && !panicking) {
printf("trap: calling uvm_fault() from interrupt!\n");
goto dopanic;
}
#endif
pcb->pcb_onfault = NULL;
rv = uvm_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid))
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
#endif
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if (type == T_MMUFLT) {
if (ucas_ras_check(&fp->F_t)) {
return;
}
#ifdef M68040
if (cputype == CPU_68040)
(void) writeback(fp, 1);
#endif
return;
}
goto out;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if (type == T_MMUFLT) {
if (onfault)
goto copyfault;
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
printf(" type %x, code [mmu,,ssw]: %x\n",
type, code);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
}
}
trapsignal(l, &ksi);
if ((type & T_USER) == 0)
return;
out:
userret(l, fp, sticks, v, 1);
}
int
kdb_trap(int type, void *v)
{
struct trapframe *frame = v;
#ifdef DDB
if (db_recover != 0 && (type != -1 && type != T_BREAKPOINT)) {
db_error("Faulted in DDB; continuing...\n");
/* NOTREACHED */
}
#endif
/* XXX Should switch to kdb's own stack here. */
memcpy(DDB_REGS->r, frame->fixreg, 32 * sizeof(u_int32_t));
DDB_REGS->iar = frame->srr0;
DDB_REGS->msr = frame->srr1;
DDB_REGS->lr = frame->lr;
DDB_REGS->ctr = frame->ctr;
DDB_REGS->cr = frame->cr;
DDB_REGS->xer = frame->xer;
#ifdef PPC_OEA
DDB_REGS->mq = frame->tf_xtra[TF_MQ];
#endif
#ifdef PPC_IBM4XX
DDB_REGS->dear = frame->dar;
DDB_REGS->esr = frame->tf_xtra[TF_ESR];
DDB_REGS->pid = frame->tf_xtra[TF_PID];
#endif
#ifdef DDB
db_active++;
cnpollc(1);
db_trap(type, 0);
cnpollc(0);
db_active--;
#elif defined(KGDB)
if (!kgdb_trap(type, DDB_REGS))
return 0;
#endif
/* KGDB isn't smart about advancing PC if we
* take a breakpoint trap after kgdb_active is set.
* Therefore, we help out here.
*/
if (IS_BREAKPOINT_TRAP(type, 0)) {
int bkpt;
db_read_bytes(PC_REGS(DDB_REGS),BKPT_SIZE,(void *)&bkpt);
if (bkpt== BKPT_INST) {
PC_REGS(DDB_REGS) += BKPT_SIZE;
}
}
memcpy(frame->fixreg, DDB_REGS->r, 32 * sizeof(u_int32_t));
frame->srr0 = DDB_REGS->iar;
frame->srr1 = DDB_REGS->msr;
frame->lr = DDB_REGS->lr;
frame->ctr = DDB_REGS->ctr;
frame->cr = DDB_REGS->cr;
frame->xer = DDB_REGS->xer;
#ifdef PPC_OEA
frame->tf_xtra[TF_MQ] = DDB_REGS->mq;
#endif
#ifdef PPC_IBM4XX
frame->dar = DDB_REGS->dear;
frame->tf_xtra[TF_ESR] = DDB_REGS->esr;
frame->tf_xtra[TF_PID] = DDB_REGS->pid;
#endif
return 1;
}
/*ARGSUSED*/
void
trap(struct frame *fp, int type, u_int code, u_int v)
{
extern char fubail[], subail[];
struct lwp *l;
struct proc *p;
ksiginfo_t ksi;
int s;
u_quad_t sticks;
uvmexp.traps++;
l = curlwp;
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
p = l->l_proc;
if (USERMODE(fp->f_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = fp->f_regs;
LWP_CACHE_CREDS(l, p);
} else
sticks = 0;
#ifdef DIAGNOSTIC
if (l->l_addr == NULL)
panic("trap: type 0x%x, code 0x%x, v 0x%x -- no pcb",
type, code, v);
#endif
switch (type) {
default:
dopanic:
printf("trap type %d, code = 0x%x, v = 0x%x\n", type, code, v);
printf("%s program counter = 0x%x\n",
(type & T_USER) ? "user" : "kernel", fp->f_pc);
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
s = splhigh();
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, (db_regs_t *)fp))
goto kgdb_cont;
#endif
#ifdef DDB
(void)kdb_trap(type, (db_regs_t *)fp);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(s);
if (panicstr) {
printf("trap during panic!\n");
#ifdef DEBUG
/* XXX should be a machine-dependent hook */
printf("(press a key)\n"); (void)cngetc();
#endif
}
regdump((struct trapframe *)fp, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap");
case T_BUSERR: /* Kernel bus error */
if (!l->l_addr->u_pcb.pcb_onfault)
goto dopanic;
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
copyfault:
fp->f_stackadj = exframesize[fp->f_format];
fp->f_format = fp->f_vector = 0;
fp->f_pc = (int)l->l_addr->u_pcb.pcb_onfault;
return;
case T_BUSERR|T_USER: /* Bus error */
case T_ADDRERR|T_USER: /* Address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_ILLINST|T_USER: /* Illegal instruction fault */
case T_PRIVINST|T_USER: /* Privileged instruction fault */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_PRIVIN_FAULT */
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
/*
* divde by zero, CHK/TRAPV inst
*/
case T_ZERODIV|T_USER: /* Divide by zero trap */
ksi.ksi_code = FPE_FLTDIV;
case T_CHKINST|T_USER: /* CHK instruction trap */
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
ksi.ksi_signo = SIGFPE;
break;
/*
* User coprocessor violation
*/
case T_COPERR|T_USER:
/* XXX What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
/*
* 6888x exceptions
*/
case T_FPERR|T_USER:
/*
* We pass along the 68881 status register which locore
* stashed in code for us. Note that there is a
* possibility that the bit pattern of this register
* will conflict with one of the FPE_* codes defined
* in signal.h. Fortunately for us, the only such
* codes we use are all in the range 1-7 and the low
* 3 bits of the status register are defined as 0 so
* there is no clash.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_addr = (void *)code;
break;
/*
* FPU faults in supervisor mode.
*/
case T_ILLINST: /* fnop generates this, apparently. */
case T_FPEMULI:
case T_FPEMULD: {
extern label_t *nofault;
if (nofault) /* If we're probing. */
longjmp(nofault);
if (type == T_ILLINST)
printf("Kernel Illegal Instruction trap.\n");
else
printf("Kernel FPU trap.\n");
goto dopanic;
}
/*
* Unimplemented FPU instructions/datatypes.
*/
case T_FPEMULI|T_USER:
case T_FPEMULD|T_USER:
#ifdef FPU_EMULATE
if (fpu_emulate(fp, &l->l_addr->u_pcb.pcb_fpregs,
&ksi) == 0)
; /* XXX - Deal with tracing? (fp->f_sr & PSL_T) */
#else
uprintf("pid %d killed: no floating point support.\n",
p->p_pid);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
#endif
break;
case T_COPERR: /* Kernel coprocessor violation */
case T_FMTERR: /* Kernel format error */
case T_FMTERR|T_USER: /* User format error */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_RESAD_FAULT */
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15 because
* XXX: locore.s now gives it special treatment.
*/
case T_TRAP15: /* SUN trace trap */
#ifdef DEBUG
printf("unexpected kernel trace trap, type = %d\n", type);
printf("program counter = 0x%x\n", fp->f_pc);
#endif
fp->f_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush".
* Just flush the on-chip caches and return.
*/
if (p->p_emul == &emul_sunos) {
ICIA();
DCIU();
return;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
fp->f_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* System async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* User async trap. */
astpending = 0;
/*
* We check for software interrupts first. This is because
* they are at a higher level than ASTs, and on a VAX would
* interrupt the AST. We assume that if we are processing
* an AST that we must be at IPL0 so we don't bother to
* check. Note that we ensure that we are at least at SIR
* IPL while processing the SIR.
*/
spl1();
/* fall into... */
case T_SSIR: /* Software interrupt */
case T_SSIR|T_USER:
/*
* If this was not an AST trap, we are all done.
*/
if (type != (T_ASTFLT|T_USER)) {
uvmexp.traps--;
return;
}
spl0();
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto out;
case T_MMUFLT: /* Kernel mode page fault */
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
if (l->l_addr->u_pcb.pcb_onfault == fubail ||
l->l_addr->u_pcb.pcb_onfault == subail)
goto copyfault;
/* fall into... */
case T_MMUFLT|T_USER: /* page fault */
{
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
int rv;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=%x, v=%x, pc=%x, sr=%x\n",
p->p_pid, code, v, fp->f_pc, fp->f_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if (type == T_MMUFLT &&
(!l->l_addr->u_pcb.pcb_onfault || KDFAULT(code)))
map = kernel_map;
else {
map = vm ? &vm->vm_map : kernel_map;
if ((l->l_flag & LW_SA)
&& (~l->l_pflag & LP_SA_NOBLOCK)) {
l->l_savp->savp_faultaddr = (vaddr_t)v;
l->l_pflag |= LP_SA_PAGEFAULT;
}
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = trunc_page((vaddr_t)v);
#ifdef DEBUG
if (map == kernel_map && va == 0) {
printf("trap: bad kernel access at %x\n", v);
goto dopanic;
}
#endif
rv = uvm_fault(map, va, ftype);
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid))
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
#endif
/*
* If this was a stack access, we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure, it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if (type == T_MMUFLT) {
#if defined(M68040)
if (mmutype == MMU_68040)
(void)writeback(fp, 1);
#endif
return;
}
l->l_pflag &= ~LP_SA_PAGEFAULT;
goto out;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if (type == T_MMUFLT) {
if (l->l_addr->u_pcb.pcb_onfault)
goto copyfault;
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
printf(" type %x, code [mmu,,ssw]: %x\n",
type, code);
goto dopanic;
}
l->l_pflag &= ~LP_SA_PAGEFAULT;
ksi.ksi_addr = (void *)v;
if (rv == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
} else {
ksi.ksi_signo = SIGSEGV;
}
break;
}
}
if (ksi.ksi_signo)
trapsignal(l, &ksi);
if ((type & T_USER) == 0)
return;
out:
userret(l, fp, sticks, v, 1);
}
