void
frame_sanity_check(struct trapframe *tf, struct lwp *l)
{
extern int kernel_text;
extern int etext;
extern register_t kpsw;
extern vaddr_t hpt_base;
extern vsize_t hpt_mask;
vsize_t uspace_size;
#define SANITY(e) \
do { \
if (sanity_frame == NULL && !(e)) { \
sanity_frame = tf; \
sanity_lwp = l; \
sanity_checked = __LINE__; \
} \
} while (/* CONSTCOND */ 0)
SANITY((tf->tf_ipsw & kpsw) == kpsw);
SANITY(tf->tf_hptm == hpt_mask && tf->tf_vtop == hpt_base);
SANITY((kpsw & PSW_I) == 0 || tf->tf_eiem != 0);
if (tf->tf_iisq_head == HPPA_SID_KERNEL) {
/*
* If the trap happened in the gateway
* page, we take the easy way out and
* assume that the trapframe is okay.
*/
if ((tf->tf_iioq_head & ~PAGE_MASK) != SYSCALLGATE) {
SANITY(!USERMODE(tf->tf_iioq_head));
SANITY(!USERMODE(tf->tf_iioq_tail));
SANITY(tf->tf_iioq_head >= (u_int) &kernel_text);
SANITY(tf->tf_iioq_head < (u_int) &etext);
SANITY(tf->tf_iioq_tail >= (u_int) &kernel_text);
SANITY(tf->tf_iioq_tail < (u_int) &etext);
#ifdef HPPA_REDZONE
uspace_size = HPPA_REDZONE;
#else
uspace_size = USPACE;
#endif
SANITY(l == NULL ||
((tf->tf_sp >= (u_int)(l->l_addr) + PAGE_SIZE &&
tf->tf_sp < (u_int)(l->l_addr) + uspace_size)));
}
} else {
SANITY(USERMODE(tf->tf_iioq_head));
SANITY(USERMODE(tf->tf_iioq_tail));
SANITY(l != NULL && tf->tf_cr30 == kvtop((caddr_t)l->l_addr));
}
#undef SANITY
if (sanity_frame == tf) {
(void) trap_kdebug(T_IBREAK, 0, tf);
sanity_frame = NULL;
sanity_lwp = NULL;
sanity_checked = 0;
}
}
static void
user_backtrace_raw(u_int pc, u_int fp)
{
int frame_number;
int arg_number;
for (frame_number = 0;
frame_number < 100 && pc > HPPA_PC_PRIV_MASK && fp;
frame_number++) {
printf("%3d: pc=%08x%s fp=0x%08x", frame_number,
pc & ~HPPA_PC_PRIV_MASK, USERMODE(pc) ? "" : "**", fp);
for(arg_number = 0; arg_number < 4; arg_number++)
printf(" arg%d=0x%08x", arg_number,
(int) fuword(HPPA_FRAME_CARG(arg_number, fp)));
printf("\n");
pc = fuword(((register_t *) fp) - 5); /* fetch rp */
if (pc == -1) {
printf(" fuword for pc failed\n");
break;
}
fp = fuword(((register_t *) fp) + 0); /* fetch previous fp */
if (fp == -1) {
printf(" fuword for fp failed\n");
break;
}
}
printf(" backtrace stopped with pc %08x fp 0x%08x\n", pc, fp);
}
/*
* Process a system call.
*/
void
syscall(register_t code, struct frame frame)
{
struct lwp *l;
struct proc *p;
u_quad_t sticks;
uvmexp.syscalls++;
if (!USERMODE(frame.f_sr))
panic("syscall");
l = curlwp;
p = l->l_proc;
sticks = p->p_sticks;
l->l_md.md_regs = frame.f_regs;
LWP_CACHE_CREDS(l, p);
#ifdef KERN_SA
if (__predict_false((l->l_savp)
&& (l->l_savp->savp_pflags & SAVP_FLAG_DELIVERING)))
l->l_savp->savp_pflags &= ~SAVP_FLAG_DELIVERING;
#endif
(p->p_md.md_syscall)(code, l, &frame);
machine_userret(l, &frame, sticks);
}
/*
* Reads integer unit's register n.
*/
enum ftt_type
read_iureg(
fp_simd_type *pfpsd, /* Pointer to fpu simulator data */
uint_t n, /* IU register n */
struct regs *pregs, /* Pointer to PCB image of registers. */
void *prw, /* Pointer to locals and ins. */
uint64_t *pvalue) /* Place for extended word value. */
{
enum ftt_type ftt;
if (n == 0) {
*pvalue = 0;
return (ftt_none); /* Read global register 0. */
} else if (n < 16) {
long long *preg;
preg = &pregs->r_ps; /* globals and outs */
*pvalue = preg[n];
return (ftt_none);
} else if (USERMODE(pregs->r_tstate)) { /* locals and ins */
if (lwp_getdatamodel(curthread->t_lwp) == DATAMODEL_ILP32) {
uint32_t res, *addr, *rw;
caddr32_t rw32;
/*
* If this is a 32-bit program, chop the address
* accordingly. The intermediate uintptr_t casts
* prevent warnings under a certain compiler, and the
* temporary 32 bit storage is intended to force proper
* code generation and break up what would otherwise be
* a quadruple cast.
*/
rw32 = (caddr32_t)(uintptr_t)prw;
rw = (uint32_t *)(uintptr_t)rw32;
addr = (uint32_t *)&rw[n - 16];
ftt = _fp_read_word(addr, &res, pfpsd);
*pvalue = (uint64_t)res;
} else {
uint64_t res, *addr, *rw = (uint64_t *)
((uintptr_t)prw + STACK_BIAS);
addr = (uint64_t *)&rw[n - 16];
ftt = _fp_read_extword(addr, &res, pfpsd);
*pvalue = res;
}
return (ftt);
} else {
ulong_t *addr, *rw = (ulong_t *)((uintptr_t)prw + STACK_BIAS);
ulong_t res;
addr = (ulong_t *)&rw[n - 16];
res = *addr;
*pvalue = res;
return (ftt_none);
}
}
void
mips1_fpu_intr(vaddr_t pc, uint32_t status, uint32_t pending)
{
if (!USERMODE(status))
panic("kernel used FPU: PC 0x%08x, SR 0x%08x",
pc, status);
#if !defined(NOFPU) && !defined(FPEMUL)
mips_fpu_intr(pc, curlwp->l_md.md_utf);
#endif
}
int
process_write_regs(struct lwp *l, const struct reg *regs)
{
struct trapframe *tf = process_frame(l);
#ifdef VM86
if (regs->r_eflags & PSL_VM) {
void syscall_vm86(struct trapframe *);
tf->tf_vm86_gs = regs->r_gs;
tf->tf_vm86_fs = regs->r_fs;
tf->tf_vm86_es = regs->r_es;
tf->tf_vm86_ds = regs->r_ds;
set_vflags(l, regs->r_eflags);
/*
* Make sure that attempts at system calls from vm86
* mode die horribly.
*/
l->l_proc->p_md.md_syscall = syscall_vm86;
} else
#endif
{
/*
* Check for security violations.
*/
if (((regs->r_eflags ^ tf->tf_eflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(regs->r_cs, regs->r_eflags))
return (EINVAL);
tf->tf_gs = regs->r_gs;
tf->tf_fs = regs->r_fs;
tf->tf_es = regs->r_es;
tf->tf_ds = regs->r_ds;
#ifdef VM86
/* Restore normal syscall handler */
if (tf->tf_eflags & PSL_VM)
(*l->l_proc->p_emul->e_syscall_intern)(l->l_proc);
#endif
tf->tf_eflags = regs->r_eflags;
}
tf->tf_edi = regs->r_edi;
tf->tf_esi = regs->r_esi;
tf->tf_ebp = regs->r_ebp;
tf->tf_ebx = regs->r_ebx;
tf->tf_edx = regs->r_edx;
tf->tf_ecx = regs->r_ecx;
tf->tf_eax = regs->r_eax;
tf->tf_eip = regs->r_eip;
tf->tf_cs = regs->r_cs;
tf->tf_esp = regs->r_esp;
tf->tf_ss = regs->r_ss;
return (0);
}
/*
* System call to cleanup state after a signal
* has been taken. Reset signal mask and
* stack state from context left by sendsig (above).
* Return to previous pc and psl as specified by
* context left by sendsig. Check carefully to
* make sure that the user has not modified the
* psl to gain improper privileges or to cause
* a machine fault.
*/
int
sys_sigreturn(struct proc *p, void *v, register_t *retval)
{
struct sys_sigreturn_args /* {
syscallarg(struct sigcontext *) sigcntxp;
} */ *uap = v;
struct sigcontext *scp, ksc;
struct trapframe *tf = p->p_md.md_regs;
int error;
scp = SCARG(uap, sigcntxp);
#ifdef DEBUG
if ((sigdebug & SDB_FOLLOW) && (!sigpid || p->p_pid == sigpid))
printf("sigreturn: pid %d, scp %p\n", p->p_pid, scp);
#endif
if ((error = copyin((caddr_t)scp, &ksc, sizeof ksc)))
return (error);
if (((ksc.sc_rflags ^ tf->tf_rflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(ksc.sc_cs, ksc.sc_eflags))
return (EINVAL);
if (p->p_md.md_flags & MDP_USEDFPU)
fpusave_proc(p, 0);
if (ksc.sc_fpstate && (error = copyin(ksc.sc_fpstate,
&p->p_addr->u_pcb.pcb_savefpu.fp_fxsave, sizeof (struct fxsave64))))
return (error);
ksc.sc_trapno = tf->tf_trapno;
ksc.sc_err = tf->tf_err;
bcopy(&ksc, tf, sizeof(*tf));
/* Restore signal stack. */
if (ksc.sc_onstack)
p->p_sigacts->ps_sigstk.ss_flags |= SS_ONSTACK;
else
p->p_sigacts->ps_sigstk.ss_flags &= ~SS_ONSTACK;
p->p_sigmask = ksc.sc_mask & ~sigcantmask;
return (EJUSTRETURN);
}
/*
* Process a system call.
*/
void
syscall(register_t code, struct frame frame)
{
struct lwp *l;
struct proc *p;
u_quad_t sticks;
curcpu()->ci_data.cpu_nsyscall++;
if (!USERMODE(frame.f_sr))
panic("syscall");
l = curlwp;
p = l->l_proc;
sticks = p->p_sticks;
l->l_md.md_regs = frame.f_regs;
LWP_CACHE_CREDS(l, p);
(p->p_md.md_syscall)(code, l, &frame);
machine_userret(l, &frame, sticks);
}
/*
* System call to cleanup state after a signal
* has been taken. Reset signal mask and
* stack state from context left by sendsig (above).
* Return to previous pc and psl as specified by
* context left by sendsig. Check carefully to
* make sure that the user has not modified the
* psl to gain improper privileges or to cause
* a machine fault.
*/
int
linux_sys_sigreturn(struct proc *p, void *v, register_t *retval)
{
struct linux_sys_sigreturn_args /* {
syscallarg(struct linux_sigcontext *) scp;
} */ *uap = v;
struct linux_sigcontext *scp, context;
struct trapframe *tf;
tf = p->p_md.md_regs;
/*
* The trampoline code hands us the context.
* It is unsafe to keep track of it ourselves, in the event that a
* program jumps out of a signal handler.
*/
scp = SCARG(uap, scp);
if (copyin((caddr_t)scp, &context, sizeof(*scp)) != 0)
return (EFAULT);
/*
* Restore signal context.
*/
#ifdef VM86
if (context.sc_eflags & PSL_VM) {
tf->tf_vm86_gs = context.sc_gs;
tf->tf_vm86_fs = context.sc_fs;
tf->tf_vm86_es = context.sc_es;
tf->tf_vm86_ds = context.sc_ds;
set_vflags(p, context.sc_eflags);
} else
#endif
{
/*
* Check for security violations. If we're returning to
* protected mode, the CPU will validate the segment registers
* automatically and generate a trap on violations. We handle
* the trap, rather than doing all of the checking here.
*/
if (((context.sc_eflags ^ tf->tf_eflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(context.sc_cs, context.sc_eflags))
return (EINVAL);
tf->tf_fs = context.sc_fs;
tf->tf_gs = context.sc_gs;
tf->tf_es = context.sc_es;
tf->tf_ds = context.sc_ds;
tf->tf_eflags = context.sc_eflags;
}
tf->tf_edi = context.sc_edi;
tf->tf_esi = context.sc_esi;
tf->tf_ebp = context.sc_ebp;
tf->tf_ebx = context.sc_ebx;
tf->tf_edx = context.sc_edx;
tf->tf_ecx = context.sc_ecx;
tf->tf_eax = context.sc_eax;
tf->tf_eip = context.sc_eip;
tf->tf_cs = context.sc_cs;
tf->tf_esp = context.sc_esp_at_signal;
tf->tf_ss = context.sc_ss;
p->p_sigstk.ss_flags &= ~SS_ONSTACK;
p->p_sigmask = context.sc_mask & ~sigcantmask;
return (EJUSTRETURN);
}
static int
linux32_restore_sigcontext(struct lwp *l, struct linux32_sigcontext *scp,
register_t *retval)
{
struct trapframe *tf;
struct proc *p = l->l_proc;
struct sigaltstack *sas = &l->l_sigstk;
struct pcb *pcb;
sigset_t mask;
ssize_t ss_gap;
register_t fssel, gssel;
/* Restore register context. */
tf = l->l_md.md_regs;
pcb = lwp_getpcb(l);
DPRINTF(("sigreturn enter rsp=0x%lx rip=0x%lx\n", tf->tf_rsp,
tf->tf_rip));
/*
* Check for security violations.
*/
if (((scp->sc_eflags ^ tf->tf_rflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(scp->sc_cs, scp->sc_eflags))
return EINVAL;
if (scp->sc_fs != 0 && !VALID_USER_DSEL32(scp->sc_fs) &&
!(VALID_USER_FSEL32(scp->sc_fs) && pcb->pcb_fs != 0))
return EINVAL;
if (scp->sc_gs != 0 && !VALID_USER_DSEL32(scp->sc_gs) &&
!(VALID_USER_GSEL32(scp->sc_gs) && pcb->pcb_gs != 0))
return EINVAL;
if (scp->sc_es != 0 && !VALID_USER_DSEL32(scp->sc_es))
return EINVAL;
if (!VALID_USER_DSEL32(scp->sc_ds) ||
!VALID_USER_DSEL32(scp->sc_ss))
return EINVAL;
if (scp->sc_eip >= VM_MAXUSER_ADDRESS32)
return EINVAL;
gssel = (register_t)scp->sc_gs & 0xffff;
fssel = (register_t)scp->sc_fs & 0xffff;
cpu_fsgs_reload(l, fssel, gssel);
tf->tf_es = (register_t)scp->sc_es & 0xffff;
tf->tf_ds = (register_t)scp->sc_ds & 0xffff;
tf->tf_rflags &= ~PSL_USER;
tf->tf_rflags |= ((register_t)scp->sc_eflags & PSL_USER);
tf->tf_rdi = (register_t)scp->sc_edi & 0xffffffff;
tf->tf_rsi = (register_t)scp->sc_esi & 0xffffffff;
tf->tf_rbp = (register_t)scp->sc_ebp & 0xffffffff;
tf->tf_rbx = (register_t)scp->sc_ebx & 0xffffffff;
tf->tf_rdx = (register_t)scp->sc_edx & 0xffffffff;
tf->tf_rcx = (register_t)scp->sc_ecx & 0xffffffff;
tf->tf_rax = (register_t)scp->sc_eax & 0xffffffff;
tf->tf_rip = (register_t)scp->sc_eip & 0xffffffff;
tf->tf_cs = (register_t)scp->sc_cs & 0xffff;
tf->tf_rsp = (register_t)scp->sc_esp_at_signal & 0xffffffff;
tf->tf_ss = (register_t)scp->sc_ss & 0xffff;
mutex_enter(p->p_lock);
/* Restore signal stack. */
ss_gap = (ssize_t)
((char *)NETBSD32IPTR64(scp->sc_esp_at_signal)
- (char *)sas->ss_sp);
if (ss_gap >= 0 && ss_gap < sas->ss_size)
sas->ss_flags |= SS_ONSTACK;
else
sas->ss_flags &= ~SS_ONSTACK;
/* Restore signal mask. */
linux32_old_to_native_sigset(&mask, &scp->sc_mask);
(void) sigprocmask1(l, SIG_SETMASK, &mask, 0);
mutex_exit(p->p_lock);
DPRINTF(("linux32_sigreturn: rip = 0x%lx, rsp = 0x%lx, flags = 0x%lx\n",
tf->tf_rip, tf->tf_rsp, tf->tf_rflags));
return EJUSTRETURN;
}
void
m88110_trap(unsigned type, struct trapframe *frame)
{
struct proc *p;
u_quad_t sticks = 0;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type;
u_long fault_code;
unsigned nss, fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
#endif
int sig = 0;
pt_entry_t *pte;
extern struct vm_map *kernel_map;
extern unsigned guarded_access_start;
extern unsigned guarded_access_end;
extern unsigned guarded_access_bad;
extern pt_entry_t *pmap_pte(pmap_t, vaddr_t);
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
if (USERMODE(frame->tf_epsr)) {
sticks = p->p_sticks;
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
fault_type = 0;
fault_code = 0;
fault_addr = frame->tf_exip & XIP_ADDR;
switch (type) {
default:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_197_READ+T_USER:
case T_197_READ:
printf("DMMU read miss: Hardware Table Searches should be enabled!\n");
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_197_WRITE+T_USER:
case T_197_WRITE:
printf("DMMU write miss: Hardware Table Searches should be enabled!\n");
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_197_INST+T_USER:
case T_197_INST:
printf("IMMU miss: Hardware Table Searches should be enabled!\n");
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#ifdef DDB
case T_KDB_TRACE:
s = splhigh();
db_enable_interrupt();
ddb_break_trap(T_KDB_TRACE, (db_regs_t*)frame);
db_disable_interrupt();
splx(s);
return;
case T_KDB_BREAK:
s = splhigh();
db_enable_interrupt();
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
db_disable_interrupt();
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
db_enable_interrupt();
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
db_disable_interrupt();
/* skip one instruction */
if (frame->tf_exip & 1)
frame->tf_exip = frame->tf_enip;
else
frame->tf_exip += 4;
splx(s);
return;
#if 0
case T_ILLFLT:
s = splhigh();
db_enable_interrupt();
ddb_error_trap(type == T_ILLFLT ? "unimplemented opcode" :
"error fault", (db_regs_t*)frame);
db_disable_interrupt();
splx(s);
return;
#endif /* 0 */
#endif /* DDB */
case T_ILLFLT:
printf("Unimplemented opcode!\n");
panictrap(frame->tf_vector, frame);
break;
case T_NON_MASK:
case T_NON_MASK+T_USER:
(*md.interrupt_func)(T_NON_MASK, frame);
return;
case T_INT:
case T_INT+T_USER:
(*md.interrupt_func)(T_INT, frame);
return;
case T_MISALGNFLT:
printf("kernel mode misaligned access exception @ 0x%08x\n",
frame->tf_exip);
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
printf("Kernel Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dsr & CMMU_DSR_SU) == 0) {
type = T_DATAFLT + T_USER;
goto m88110_user_fault;
}
#ifdef TRAPDEBUG
printf("Kernel Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
va = trunc_page((vaddr_t)fault_addr);
if (va == 0) {
panic("trap: bad kernel access at %x", fault_addr);
}
vm = p->p_vmspace;
map = kernel_map;
if (frame->tf_dsr & CMMU_DSR_BE) {
/*
* If it is a guarded access, bus error is OK.
*/
if ((frame->tf_exip & XIP_ADDR) >=
(unsigned)&guarded_access_start &&
(frame->tf_exip & XIP_ADDR) <=
(unsigned)&guarded_access_end) {
frame->tf_exip = (unsigned)&guarded_access_bad;
return;
}
}
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
frame->tf_dsr &= ~CMMU_DSR_WE; /* undefined */
/*
* On a segment or a page fault, call uvm_fault() to
* resolve the fault.
*/
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0)
return;
}
if (frame->tf_dsr & CMMU_DSR_WE) { /* write fault */
/*
* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write error,
* then we already have a pte entry that faulted
* in from a previous seg fault or page fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
pte = pmap_pte(map->pmap, va);
#ifdef DEBUG
if (pte == PT_ENTRY_NULL)
panic("NULL pte on write fault??");
#endif
if (!(*pte & PG_M) && !(*pte & PG_RO)) {
/* Set modified bit and try the write again. */
#ifdef TRAPDEBUG
printf("Corrected kernel write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
*pte |= PG_M;
return;
#if 1 /* shouldn't happen */
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected kernel write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0)
return;
#endif
}
}
panictrap(frame->tf_vector, frame);
/* NOTREACHED */
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
m88110_user_fault:
if (type == T_INSTFLT+T_USER) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
#ifdef TRAPDEBUG
printf("User Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
} else {
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
#ifdef TRAPDEBUG
printf("User Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
}
va = trunc_page((vaddr_t)fault_addr);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/*
* Call uvm_fault() to resolve non-bus error faults
* whenever possible.
*/
if (type == T_DATAFLT+T_USER) {
/* data faults */
if (frame->tf_dsr & CMMU_DSR_BE) {
/* bus error */
result = EACCES;
} else
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == EACCES)
result = EFAULT;
} else
if (frame->tf_dsr & (CMMU_DSR_CP | CMMU_DSR_WA)) {
/* copyback or write allocate error */
result = EACCES;
} else
if (frame->tf_dsr & CMMU_DSR_WE) {
/* write fault */
/* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write
* error, then we already have a pte entry that
* faulted in from a previous seg fault or page
* fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
pte = pmap_pte(vm_map_pmap(map), va);
#ifdef DEBUG
if (pte == PT_ENTRY_NULL)
panic("NULL pte on write fault??");
#endif
if (!(*pte & PG_M) && !(*pte & PG_RO)) {
/*
* Set modified bit and try the
* write again.
*/
#ifdef TRAPDEBUG
printf("Corrected userland write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
*pte |= PG_M;
/*
* invalidate ATCs to force
* table search
*/
set_dcmd(CMMU_DCMD_INV_UATC);
return;
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected userland write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == EACCES)
result = EFAULT;
}
} else {
#ifdef TRAPDEBUG
printf("Unexpected Data access fault dsr %x\n",
frame->tf_dsr);
#endif
panictrap(frame->tf_vector, frame);
}
} else {
/* instruction faults */
if (frame->tf_isr &
(CMMU_ISR_BE | CMMU_ISR_SP | CMMU_ISR_TBE)) {
/* bus error, supervisor protection */
result = EACCES;
} else
if (frame->tf_isr & (CMMU_ISR_SI | CMMU_ISR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == EACCES)
result = EFAULT;
} else {
#ifdef TRAPDEBUG
printf("Unexpected Instruction fault isr %x\n",
frame->tf_isr);
#endif
panictrap(frame->tf_vector, frame);
}
}
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0) {
nss = btoc(USRSTACK - va);/* XXX check this */
if (nss > vm->vm_ssize)
vm->vm_ssize = nss;
}
}
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result != 0) {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
break;
case T_PRIVINFLT+T_USER:
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
case T_KDB_TRACE:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
break;
case T_FPEPFLT+T_USER:
case T_FPEIFLT+T_USER:
sig = SIGFPE;
break;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_SIGTRAP+T_USER:
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
unsigned instr;
unsigned pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(unsigned));
#if 0
printf("trap: %s (%d) breakpoint %x at %x: (adr %x ins %x)\n",
p->p_comm, p->p_pid, instr, pc,
p->p_md.md_ss_addr, p->p_md.md_ss_instr); /* XXX */
#endif
/* check and see if we got here by accident */
#ifdef notyet
if (p->p_md.md_ss_addr != pc || instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
#endif
/* restore original instruction and clear BP */
instr = p->p_md.md_ss_instr;
if (instr != 0)
ss_put_value(p, pc, instr, sizeof(instr));
p->p_md.md_ss_addr = 0;
p->p_md.md_ss_instr = 0;
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
case T_ASTFLT+T_USER:
uvmexp.softs++;
want_ast = 0;
if (p->p_flag & P_OWEUPC) {
p->p_flag &= ~P_OWEUPC;
ADDUPROF(p);
}
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
sv.sival_int = fault_addr;
trapsignal(p, sig, fault_code, fault_type, sv);
}
userret(p, frame, sticks);
}
void
m88100_trap(unsigned type, struct trapframe *frame)
{
struct proc *p;
u_quad_t sticks = 0;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type, pbus_type;
u_long fault_code;
unsigned nss, fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
#endif
int sig = 0;
extern struct vm_map *kernel_map;
extern caddr_t guarded_access_start;
extern caddr_t guarded_access_end;
extern caddr_t guarded_access_bad;
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
if (USERMODE(frame->tf_epsr)) {
sticks = p->p_sticks;
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
fault_type = 0;
fault_code = 0;
fault_addr = frame->tf_sxip & XIP_ADDR;
switch (type) {
default:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#if defined(DDB)
case T_KDB_BREAK:
s = splhigh();
db_enable_interrupt();
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
db_disable_interrupt();
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
db_enable_interrupt();
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
db_disable_interrupt();
splx(s);
return;
#endif /* DDB */
case T_ILLFLT:
printf("Unimplemented opcode!\n");
panictrap(frame->tf_vector, frame);
break;
case T_INT:
case T_INT+T_USER:
/* This function pointer is set in machdep.c
It calls m188_ext_int or sbc_ext_int depending
on the value of brdtyp - smurph */
(*md.interrupt_func)(T_INT, frame);
return;
case T_MISALGNFLT:
printf("kernel misaligned access exception @ 0x%08x\n",
frame->tf_sxip);
panictrap(frame->tf_vector, frame);
break;
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
printf("Kernel Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %d\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
panictrap(frame->tf_vector, frame);
break;
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dmt0 & DMT_DAS) == 0) {
type = T_DATAFLT + T_USER;
goto user_fault;
}
fault_addr = frame->tf_dma0;
if (frame->tf_dmt0 & (DMT_WRITE|DMT_LOCKBAR)) {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
if (va == 0) {
panic("trap: bad kernel access at %x", fault_addr);
}
vm = p->p_vmspace;
map = kernel_map;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("Kernel Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %d\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
switch (pbus_type) {
case CMMU_PFSR_BERROR:
/*
* If it is a guarded access, bus error is OK.
*/
if ((frame->tf_sxip & XIP_ADDR) >=
(unsigned)&guarded_access_start &&
(frame->tf_sxip & XIP_ADDR) <=
(unsigned)&guarded_access_end) {
frame->tf_snip =
((unsigned)&guarded_access_bad ) | NIP_V;
frame->tf_sfip =
((unsigned)&guarded_access_bad + 4) | FIP_V;
frame->tf_sxip = 0;
/* We sort of resolved the fault ourselves
* because we know where it came from
* [guarded_access()]. But we must still think
* about the other possible transactions in
* dmt1 & dmt2. Mark dmt0 so that
* data_access_emulation skips it. XXX smurph
*/
frame->tf_dmt0 |= DMT_SKIP;
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
return;
}
break;
case CMMU_PFSR_SUCCESS:
/*
* The fault was resolved. Call data_access_emulation
* to drain the data unit pipe line and reset dmt0
* so that trap won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
return;
case CMMU_PFSR_SFAULT:
case CMMU_PFSR_PFAULT:
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data
* unit pipe line and reset dmt0 so that trap
* won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
return;
}
break;
}
#ifdef TRAPDEBUG
printf("PBUS Fault %d (%s) va = 0x%x\n", pbus_type,
pbus_exception_type[pbus_type], va);
#endif
panictrap(frame->tf_vector, frame);
/* NOTREACHED */
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
user_fault:
if (type == T_INSTFLT + T_USER) {
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
#ifdef TRAPDEBUG
printf("User Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %d\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
} else {
fault_addr = frame->tf_dma0;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("User Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %d\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
}
if (frame->tf_dmt0 & (DMT_WRITE | DMT_LOCKBAR)) {
ftype = VM_PROT_READ | VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/* Call uvm_fault() to resolve non-bus error faults */
switch (pbus_type) {
case CMMU_PFSR_SUCCESS:
result = 0;
break;
case CMMU_PFSR_BERROR:
result = EACCES;
break;
default:
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
if (result == EACCES)
result = EFAULT;
break;
}
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0) {
nss = btoc(USRSTACK - va);/* XXX check this */
if (nss > vm->vm_ssize)
vm->vm_ssize = nss;
}
}
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_snip = pcb_onfault | NIP_V;
frame->tf_sfip = (pcb_onfault + 4) | FIP_V;
frame->tf_sxip = 0;
/*
* Continue as if the fault had been resolved, but
* do not try to complete the faulting access.
*/
frame->tf_dmt0 |= DMT_SKIP;
result = 0;
}
if (result == 0) {
if (type == T_DATAFLT+T_USER) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data unit
* pipe line and reset dmt0 so that trap won't
* get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
} else {
/*
* back up SXIP, SNIP,
* clearing the Error bit
*/
frame->tf_sfip = frame->tf_snip & ~FIP_E;
frame->tf_snip = frame->tf_sxip & ~NIP_E;
frame->tf_ipfsr = 0;
}
} else {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
break;
case T_PRIVINFLT+T_USER:
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
break;
case T_FPEPFLT+T_USER:
case T_FPEIFLT+T_USER:
sig = SIGFPE;
break;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_SIGTRAP+T_USER:
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
unsigned va;
unsigned instr;
unsigned pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(unsigned));
#if 0
printf("trap: %s (%d) breakpoint %x at %x: (adr %x ins %x)\n",
p->p_comm, p->p_pid, instr, pc,
p->p_md.md_ss_addr, p->p_md.md_ss_instr); /* XXX */
#endif
/* check and see if we got here by accident */
if ((p->p_md.md_ss_addr != pc &&
p->p_md.md_ss_taken_addr != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear BP */
va = p->p_md.md_ss_addr;
if (va != 0) {
instr = p->p_md.md_ss_instr;
ss_put_value(p, va, instr, sizeof(instr));
}
/* branch taken instruction */
instr = p->p_md.md_ss_taken_instr;
if (instr != 0) {
va = p->p_md.md_ss_taken_addr;
ss_put_value(p, va, instr, sizeof(instr));
}
#if 1
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = pc | NIP_V;
#endif
p->p_md.md_ss_addr = 0;
p->p_md.md_ss_instr = 0;
p->p_md.md_ss_taken_addr = 0;
p->p_md.md_ss_taken_instr = 0;
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = frame->tf_sxip;
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
case T_ASTFLT+T_USER:
uvmexp.softs++;
want_ast = 0;
if (p->p_flag & P_OWEUPC) {
p->p_flag &= ~P_OWEUPC;
ADDUPROF(p);
}
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
sv.sival_int = fault_addr;
trapsignal(p, sig, fault_code, fault_type, sv);
/*
* don't want multiple faults - we are going to
* deliver signal.
*/
frame->tf_dmt0 = 0;
frame->tf_ipfsr = frame->tf_dpfsr = 0;
}
userret(p, frame, sticks);
}
/*
* Set to ucontext specified.
* has been taken. Reset signal mask and
* stack state from context.
* Return to previous pc and psl as specified by
* context left by sendsig. Check carefully to
* make sure that the user has not modified the
* psl to gain improper privileges or to cause
* a machine fault.
*/
int
svr4_setcontext(struct proc *p, struct svr4_ucontext *uc)
{
struct sigacts *psp = p->p_sigacts;
struct trapframe *tf;
svr4_greg_t *r = uc->uc_mcontext.greg;
struct svr4_sigaltstack *s = &uc->uc_stack;
struct sigaltstack *sf = &psp->ps_sigstk;
int mask;
/*
* XXX:
* Should we check the value of flags to determine what to restore?
* What to do with uc_link?
* What to do with floating point stuff?
* Should we bother with the rest of the registers that we
* set to 0 right now?
*/
tf = p->p_md.md_regs;
/*
* Restore register context.
*/
#ifdef VM86
if (r[SVR4_X86_EFL] & PSL_VM) {
tf->tf_vm86_gs = r[SVR4_X86_GS];
tf->tf_vm86_fs = r[SVR4_X86_FS];
tf->tf_vm86_es = r[SVR4_X86_ES];
tf->tf_vm86_ds = r[SVR4_X86_DS];
set_vflags(p, r[SVR4_X86_EFL]);
} else
#endif
{
/*
* Check for security violations. If we're returning to
* protected mode, the CPU will validate the segment registers
* automatically and generate a trap on violations. We handle
* the trap, rather than doing all of the checking here.
*/
if (((r[SVR4_X86_EFL] ^ tf->tf_eflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(r[SVR4_X86_CS], r[SVR4_X86_EFL]))
return (EINVAL);
tf->tf_fs = r[SVR4_X86_FS];
tf->tf_gs = r[SVR4_X86_GS];
tf->tf_es = r[SVR4_X86_ES];
tf->tf_ds = r[SVR4_X86_DS];
tf->tf_eflags = r[SVR4_X86_EFL];
}
tf->tf_edi = r[SVR4_X86_EDI];
tf->tf_esi = r[SVR4_X86_ESI];
tf->tf_ebp = r[SVR4_X86_EBP];
tf->tf_ebx = r[SVR4_X86_EBX];
tf->tf_edx = r[SVR4_X86_EDX];
tf->tf_ecx = r[SVR4_X86_ECX];
tf->tf_eax = r[SVR4_X86_EAX];
tf->tf_eip = r[SVR4_X86_EIP];
tf->tf_cs = r[SVR4_X86_CS];
tf->tf_ss = r[SVR4_X86_SS];
tf->tf_esp = r[SVR4_X86_ESP];
/*
* restore signal stack
*/
svr4_to_bsd_sigaltstack(s, sf);
/*
* restore signal mask
*/
svr4_to_bsd_sigset(&uc->uc_sigmask, &mask);
p->p_sigmask = mask & ~sigcantmask;
return EJUSTRETURN;
}
/*
* fp_disabled normally occurs when the first floating point in a non-threaded
* program causes an fp_disabled trap. For threaded programs, the ILP32 threads
* library calls the .setpsr fasttrap, which has been modified to also set the
* appropriate bits in fpu_en and fpu_fprs, as well as to enable the %fprs,
* as before. The LP64 threads library will write to the %fprs directly,
* so fpu_en will never get updated for LP64 threaded programs,
* although fpu_fprs will, via resume.
*/
void
fp_disabled(struct regs *rp)
{
klwp_id_t lwp;
kfpu_t *fp;
int ftt;
#ifdef SF_ERRATA_30 /* call causes fp-disabled */
/*
* This code is here because sometimes the call instruction
* generates an fp_disabled trap when the call offset is large.
*/
if (spitfire_call_bug) {
uint_t instr = 0;
extern void trap(struct regs *rp, caddr_t addr, uint32_t type,
uint32_t mmu_fsr);
if (USERMODE(rp->r_tstate)) {
(void) fuword32((void *)rp->r_pc, &instr);
} else {
instr = *(uint_t *)(rp->r_pc);
}
if ((instr & 0xc0000000) == 0x40000000) {
ill_fpcalls++;
trap(rp, NULL, T_UNIMP_INSTR, 0);
return;
}
}
#endif /* SF_ERRATA_30 - call causes fp-disabled */
#ifdef CHEETAH_ERRATUM_109 /* interrupts not taken during fpops */
/*
* UltraSPARC III will report spurious fp-disabled exceptions when
* the pipe is full of fpops and an interrupt is triggered. By the
* time we get here the interrupt has been taken and we just need
* to return to where we came from and try again.
*/
if (fpu_exists && _fp_read_fprs() & FPRS_FEF)
return;
#endif /* CHEETAH_ERRATUM_109 */
lwp = ttolwp(curthread);
ASSERT(lwp != NULL);
fp = lwptofpu(lwp);
if (fpu_exists) {
kpreempt_disable();
if (fp->fpu_en) {
#ifdef DEBUG
if (fpdispr)
cmn_err(CE_NOTE,
"fpu disabled, but already enabled\n");
#endif
if ((fp->fpu_fprs & FPRS_FEF) != FPRS_FEF) {
fp->fpu_fprs = FPRS_FEF;
#ifdef DEBUG
if (fpdispr)
cmn_err(CE_NOTE,
"fpu disabled, saved fprs disabled\n");
#endif
}
_fp_write_fprs(FPRS_FEF);
fp_restore(fp);
} else {
fp->fpu_en = 1;
fp->fpu_fsr = 0;
fp->fpu_fprs = FPRS_FEF;
_fp_write_fprs(FPRS_FEF);
fp_clearregs(fp);
}
kpreempt_enable();
} else {
fp_simd_type fpsd;
int i;
(void) flush_user_windows_to_stack(NULL);
if (!fp->fpu_en) {
fp->fpu_en = 1;
fp->fpu_fsr = 0;
for (i = 0; i < 32; i++)
fp->fpu_fr.fpu_regs[i] = (uint_t)-1; /* NaN */
for (i = 16; i < 32; i++) /* NaN */
fp->fpu_fr.fpu_dregs[i] = (uint64_t)-1;
}
if (ftt = fp_emulator(&fpsd, (fp_inst_type *)rp->r_pc,
rp, (ulong_t *)rp->r_sp, fp)) {
fp->fpu_q_entrysize = sizeof (struct _fpq);
fp_traps(&fpsd, ftt, rp);
}
}
}
/*ARGSUSED*/
void
trap(struct frame *fp, int type, unsigned code, unsigned v)
{
extern char fubail[], subail[];
struct lwp *l;
struct proc *p;
struct pcb *pcb;
void *onfault;
ksiginfo_t ksi;
int s;
int rv;
u_quad_t sticks = 0 /* XXX initialiser works around compiler bug */;
static int panicking __diagused;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
if (USERMODE(fp->f_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = fp->f_regs;
LWP_CACHE_CREDS(l, p);
}
switch (type) {
default:
dopanic:
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
s = splhigh();
panicking = 1;
printf("trap type %d, code = 0x%x, v = 0x%x\n", type, code, v);
printf("%s program counter = 0x%x\n",
(type & T_USER) ? "user" : "kernel", fp->f_pc);
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, (db_regs_t *)fp))
goto kgdb_cont;
#endif
#ifdef DDB
(void)kdb_trap(type, (db_regs_t *)fp);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(s);
if (panicstr) {
printf("trap during panic!\n");
#ifdef DEBUG
/* XXX should be a machine-dependent hook */
printf("(press a key)\n"); (void)cngetc();
#endif
}
regdump((struct trapframe *)fp, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap");
case T_BUSERR: /* kernel bus error */
onfault = pcb->pcb_onfault;
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/* FALLTHROUGH */
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
fp->f_stackadj = exframesize[fp->f_format];
fp->f_format = fp->f_vector = 0;
fp->f_pc = (int)onfault;
fp->f_regs[D0] = rv;
return;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_RESAD_FAULT */
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
#ifdef M68040
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
/* XXX need to FSAVE */
printf("pid %d(%s): unimplemented FP %s at %x (EA %x)\n",
p->p_pid, p->p_comm,
fp->f_format == 2 ? "instruction" : "data type",
fp->f_pc, fp->f_fmt2.f_iaddr);
/* XXX need to FRESTORE */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
#endif
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was ILL_PRIVIN_FAULT */
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTDIV_TRAP */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTDIV;
break;
case T_CHKINST|T_USER: /* CHK instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_SUBRNG_TRAP */
ksi.ksi_signo = SIGFPE;
break;
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)fp->f_format;
/* XXX was FPE_INTOVF_TRAP */
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
#ifdef DEBUG
printf("unexpected kernel trace trap, type = %d\n", type);
printf("program counter = 0x%x\n", fp->f_pc);
#endif
fp->f_sr &= ~PSL_T;
return;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush".
* Just flush the on-chip caches and return.
*/
if (p->p_emul == &emul_sunos) {
ICIA();
DCIU();
return;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
fp->f_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/*
* We check for software interrupts first. This is because
* they are at a higher level than ASTs, and on a VAX would
* interrupt the AST. We assume that if we are processing
* an AST that we must be at IPL0 so we don't bother to
* check. Note that we ensure that we are at least at SIR
* IPL while processing the SIR.
*/
spl1();
/* fall into... */
case T_SSIR: /* software interrupt */
case T_SSIR|T_USER:
/*
* If this was not an AST trap, we are all done.
*/
if (type != (T_ASTFLT|T_USER)) {
curcpu()->ci_data.cpu_ntrap--;
return;
}
spl0();
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto out;
case T_MMUFLT: /* kernel mode page fault */
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
onfault = pcb->pcb_onfault;
if (onfault == fubail || onfault == subail) {
rv = EFAULT;
goto copyfault;
}
/* fall into ... */
case T_MMUFLT|T_USER: /* page fault */
{
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
onfault = pcb->pcb_onfault;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=%x, v=%x, pc=%x, sr=%x\n",
p->p_pid, code, v, fp->f_pc, fp->f_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if ((type & T_USER) == 0 && (onfault == NULL || KDFAULT(code)))
map = kernel_map;
else {
map = vm ? &vm->vm_map : kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = trunc_page((vaddr_t)v);
if (map == kernel_map && va == 0) {
printf("trap: bad kernel %s access at 0x%x\n",
(ftype & VM_PROT_WRITE) ? "read/write" :
"read", v);
goto dopanic;
}
#ifdef DIAGNOSTIC
if (interrupt_depth && !panicking) {
printf("trap: calling uvm_fault() from interrupt!\n");
goto dopanic;
}
#endif
pcb->pcb_onfault = NULL;
rv = uvm_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid))
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
#endif
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if (type == T_MMUFLT) {
if (ucas_ras_check(&fp->F_t)) {
return;
}
#ifdef M68040
if (cputype == CPU_68040)
(void) writeback(fp, 1);
#endif
return;
}
goto out;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if (type == T_MMUFLT) {
if (onfault)
goto copyfault;
printf("uvm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
printf(" type %x, code [mmu,,ssw]: %x\n",
type, code);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
}
}
trapsignal(l, &ksi);
if ((type & T_USER) == 0)
return;
out:
userret(l, fp, sticks, v, 1);
}
static int
apix_hilevel_intr_prolog(struct cpu *cpu, uint_t pil, uint_t oldpil,
struct regs *rp)
{
struct machcpu *mcpu = &cpu->cpu_m;
hrtime_t intrtime;
hrtime_t now = tsc_read();
apix_impl_t *apixp = apixs[cpu->cpu_id];
uint_t mask;
ASSERT(pil > mcpu->mcpu_pri && pil > cpu->cpu_base_spl);
if (pil == CBE_HIGH_PIL) { /* 14 */
cpu->cpu_profile_pil = oldpil;
if (USERMODE(rp->r_cs)) {
cpu->cpu_profile_pc = 0;
cpu->cpu_profile_upc = rp->r_pc;
cpu->cpu_cpcprofile_pc = 0;
cpu->cpu_cpcprofile_upc = rp->r_pc;
} else {
cpu->cpu_profile_pc = rp->r_pc;
cpu->cpu_profile_upc = 0;
cpu->cpu_cpcprofile_pc = rp->r_pc;
cpu->cpu_cpcprofile_upc = 0;
}
}
mcpu->mcpu_pri = pil;
mask = cpu->cpu_intr_actv & CPU_INTR_ACTV_HIGH_LEVEL_MASK;
if (mask != 0) {
int nestpil;
/*
* We have interrupted another high-level interrupt.
* Load starting timestamp, compute interval, update
* cumulative counter.
*/
nestpil = bsrw_insn((uint16_t)mask);
intrtime = now -
mcpu->pil_high_start[nestpil - (LOCK_LEVEL + 1)];
mcpu->intrstat[nestpil][0] += intrtime;
cpu->cpu_intracct[cpu->cpu_mstate] += intrtime;
} else {
kthread_t *t = cpu->cpu_thread;
/*
* See if we are interrupting a low-level interrupt thread.
* If so, account for its time slice only if its time stamp
* is non-zero.
*/
if ((t->t_flag & T_INTR_THREAD) != 0 && t->t_intr_start != 0) {
intrtime = now - t->t_intr_start;
mcpu->intrstat[t->t_pil][0] += intrtime;
cpu->cpu_intracct[cpu->cpu_mstate] += intrtime;
t->t_intr_start = 0;
}
}
/* store starting timestamp in CPu structure for this IPL */
mcpu->pil_high_start[pil - (LOCK_LEVEL + 1)] = now;
if (pil == 15) {
/*
* To support reentrant level 15 interrupts, we maintain a
* recursion count in the top half of cpu_intr_actv. Only
* when this count hits zero do we clear the PIL 15 bit from
* the lower half of cpu_intr_actv.
*/
uint16_t *refcntp = (uint16_t *)&cpu->cpu_intr_actv + 1;
(*refcntp)++;
}
cpu->cpu_intr_actv |= (1 << pil);
/* clear pending ipl level bit */
apixp->x_intr_pending &= ~(1 << pil);
return (mask);
}
/*
* Handle an exception.
* In the case of a kernel trap, we return the pc where to resume if
* pcb_onfault is set, otherwise, return old pc.
*/
void
trap(struct trap_frame *trapframe)
{
struct cpu_info *ci = curcpu();
struct proc *p = ci->ci_curproc;
int type;
type = (trapframe->cause & CR_EXC_CODE) >> CR_EXC_CODE_SHIFT;
#if defined(CPU_R8000) && !defined(DEBUG_INTERRUPT)
if (type != T_INT)
#endif
trapdebug_enter(ci, trapframe, -1);
#ifdef CPU_R8000
if (type != T_INT && type != T_SYSCALL)
#else
if (type != T_SYSCALL)
#endif
atomic_add_int(&uvmexp.traps, 1);
if (USERMODE(trapframe->sr)) {
type |= T_USER;
refreshcreds(p);
}
/*
* Enable hardware interrupts if they were on before the trap;
* enable IPI interrupts only otherwise.
*/
switch (type) {
#ifdef CPU_R8000
case T_INT:
case T_INT | T_USER:
#endif
case T_BREAK:
break;
default:
if (ISSET(trapframe->sr, SR_INT_ENAB))
enableintr();
else {
#ifdef MULTIPROCESSOR
ENABLEIPI();
#endif
}
break;
}
#ifdef CPU_R8000
/*
* Some exception causes on R8000 are actually detected by external
* circuitry, and as such are reported as external interrupts.
* On R8000 kernels, external interrupts vector to trap() instead of
* interrupt(), so that we can process these particular exceptions
* as if they were triggered as regular exceptions.
*/
if ((type & ~T_USER) == T_INT) {
/*
* Similar reality check as done in interrupt(), in case
* an interrupt occured between a write to COP_0_STATUS_REG
* and it taking effect.
*/
if (!ISSET(trapframe->sr, SR_INT_ENAB))
return;
if (trapframe->cause & CR_VCE) {
#ifndef DEBUG_INTERRUPT
trapdebug_enter(ci, trapframe, -1);
#endif
panic("VCE or TLBX");
}
if (trapframe->cause & CR_FPE) {
#ifndef DEBUG_INTERRUPT
trapdebug_enter(ci, trapframe, -1);
#endif
itsa(trapframe, ci, p, T_FPE | (type & T_USER));
cp0_reset_cause(CR_FPE);
}
if (trapframe->cause & CR_INT_MASK)
interrupt(trapframe);
return; /* no userret */
} else
#endif
itsa(trapframe, ci, p, type);
if (type & T_USER)
userret(p);
}
int
compat_13_sys_sigreturn(struct lwp *l, const struct compat_13_sys_sigreturn_args *uap, register_t *retval)
{
/* {
syscallarg(struct sigcontext13 *) sigcntxp;
} */
struct proc *p = l->l_proc;
struct sigcontext13 *scp, context;
struct trapframe *tf;
sigset_t mask;
/*
* The trampoline code hands us the context.
* It is unsafe to keep track of it ourselves, in the event that a
* program jumps out of a signal handler.
*/
scp = SCARG(uap, sigcntxp);
if (copyin((void *)scp, &context, sizeof(*scp)) != 0)
return (EFAULT);
/* Restore register context. */
tf = l->l_md.md_regs;
#ifdef VM86
if (context.sc_eflags & PSL_VM) {
void syscall_vm86(struct trapframe *);
tf->tf_vm86_gs = context.sc_gs;
tf->tf_vm86_fs = context.sc_fs;
tf->tf_vm86_es = context.sc_es;
tf->tf_vm86_ds = context.sc_ds;
set_vflags(l, context.sc_eflags);
p->p_md.md_syscall = syscall_vm86;
} else
#endif
{
/*
* Check for security violations. If we're returning to
* protected mode, the CPU will validate the segment registers
* automatically and generate a trap on violations. We handle
* the trap, rather than doing all of the checking here.
*/
if (((context.sc_eflags ^ tf->tf_eflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(context.sc_cs, context.sc_eflags))
return (EINVAL);
tf->tf_gs = context.sc_gs;
tf->tf_fs = context.sc_fs;
tf->tf_es = context.sc_es;
tf->tf_ds = context.sc_ds;
tf->tf_eflags &= ~PSL_USER;
tf->tf_eflags |= context.sc_eflags & PSL_USER;
}
tf->tf_edi = context.sc_edi;
tf->tf_esi = context.sc_esi;
tf->tf_ebp = context.sc_ebp;
tf->tf_ebx = context.sc_ebx;
tf->tf_edx = context.sc_edx;
tf->tf_ecx = context.sc_ecx;
tf->tf_eax = context.sc_eax;
tf->tf_eip = context.sc_eip;
tf->tf_cs = context.sc_cs;
tf->tf_esp = context.sc_esp;
tf->tf_ss = context.sc_ss;
mutex_enter(p->p_lock);
/* Restore signal stack. */
if (context.sc_onstack & SS_ONSTACK)
l->l_sigstk.ss_flags |= SS_ONSTACK;
else
l->l_sigstk.ss_flags &= ~SS_ONSTACK;
/* Restore signal mask. */
native_sigset13_to_sigset(&context.sc_mask, &mask);
(void) sigprocmask1(l, SIG_SETMASK, &mask, 0);
mutex_exit(p->p_lock);
return (EJUSTRETURN);
}
/*ARGSUSED*/
void
trap(struct trapframe *tf, int type, u_int code, u_int v)
{
struct lwp *l;
struct proc *p;
struct pcb *pcb;
ksiginfo_t ksi;
int tmp;
int rv;
u_quad_t sticks;
void *onfault;
curcpu()->ci_data.cpu_ntrap++;
l = curlwp;
p = l->l_proc;
pcb = lwp_getpcb(l);
onfault = pcb->pcb_onfault;
KSI_INIT_TRAP(&ksi);
ksi.ksi_trap = type & ~T_USER;
KASSERT(pcb != NULL);
if (USERMODE(tf->tf_sr)) {
type |= T_USER;
sticks = p->p_sticks;
l->l_md.md_regs = tf->tf_regs;
LWP_CACHE_CREDS(l, p);
} else {
sticks = 0;
/* XXX: Detect trap recursion? */
}
switch (type) {
default:
dopanic:
printf("trap type=0x%x, code=0x%x, v=0x%x\n", type, code, v);
/*
* Let the kernel debugger see the trap frame that
* caused us to panic. This is a convenience so
* one can see registers at the point of failure.
*/
tmp = splhigh();
#ifdef KGDB
/* If connected, step or cont returns 1 */
if (kgdb_trap(type, tf))
goto kgdb_cont;
#endif
#ifdef DDB
(void) kdb_trap(type, (db_regs_t *) tf);
#endif
#ifdef KGDB
kgdb_cont:
#endif
splx(tmp);
if (panicstr) {
/*
* Note: panic is smart enough to do:
* boot(RB_AUTOBOOT | RB_NOSYNC, NULL)
* if we call it again.
*/
panic("trap during panic!");
}
regdump(tf, 128);
type &= ~T_USER;
if ((u_int)type < trap_types)
panic(trap_type[type]);
panic("trap type 0x%x", type);
case T_BUSERR: /* kernel bus error */
if (onfault == NULL)
goto dopanic;
rv = EFAULT;
/*FALLTHROUGH*/
copyfault:
/*
* If we have arranged to catch this fault in any of the
* copy to/from user space routines, set PC to return to
* indicated location and set flag informing buserror code
* that it may need to clean up stack frame.
*/
tf->tf_stackadj = exframesize[tf->tf_format];
tf->tf_format = tf->tf_vector = 0;
tf->tf_pc = (int)onfault;
tf->tf_regs[D0] = rv;
goto done;
case T_BUSERR|T_USER: /* bus error */
case T_ADDRERR|T_USER: /* address error */
ksi.ksi_addr = (void *)v;
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = (type == (T_BUSERR|T_USER)) ?
BUS_OBJERR : BUS_ADRERR;
break;
case T_COPERR: /* kernel coprocessor violation */
case T_FMTERR|T_USER: /* do all RTE errors come in as T_USER? */
case T_FMTERR: /* ...just in case... */
/*
* The user has most likely trashed the RTE or FP state info
* in the stack frame of a signal handler.
*/
printf("pid %d: kernel %s exception\n", p->p_pid,
type==T_COPERR ? "coprocessor" : "format");
type |= T_USER;
mutex_enter(p->p_lock);
SIGACTION(p, SIGILL).sa_handler = SIG_DFL;
sigdelset(&p->p_sigctx.ps_sigignore, SIGILL);
sigdelset(&p->p_sigctx.ps_sigcatch, SIGILL);
sigdelset(&l->l_sigmask, SIGILL);
mutex_exit(p->p_lock);
ksi.ksi_signo = SIGILL;
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_code = (type == T_COPERR) ?
ILL_COPROC : ILL_ILLOPC;
break;
case T_COPERR|T_USER: /* user coprocessor violation */
/* What is a proper response here? */
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = FPE_FLTINV;
break;
case T_FPERR|T_USER: /* 68881 exceptions */
/*
* We pass along the 68881 status register which locore stashed
* in code for us.
*/
ksi.ksi_signo = SIGFPE;
ksi.ksi_code = fpsr2siginfocode(code);
break;
case T_FPEMULI: /* FPU faults in supervisor mode */
case T_FPEMULD:
if (nofault) /* Doing FPU probe? */
longjmp(nofault);
goto dopanic;
case T_FPEMULI|T_USER: /* unimplemented FP instruction */
case T_FPEMULD|T_USER: /* unimplemented FP data type */
#ifdef FPU_EMULATE
if (fpu_emulate(tf, &pcb->pcb_fpregs, &ksi) == 0)
; /* XXX - Deal with tracing? (tf->tf_sr & PSL_T) */
#else
uprintf("pid %d killed: no floating point support\n", p->p_pid);
ksi.ksi_signo = SIGILL;
ksi.ksi_code = ILL_ILLOPC;
#endif
break;
case T_ILLINST|T_USER: /* illegal instruction fault */
case T_PRIVINST|T_USER: /* privileged instruction fault */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGILL;
ksi.ksi_code = (type == (T_PRIVINST|T_USER)) ?
ILL_PRVOPC : ILL_ILLOPC;
break;
case T_ZERODIV|T_USER: /* Divide by zero */
ksi.ksi_code = FPE_FLTDIV;
case T_CHKINST|T_USER: /* CHK instruction trap */
case T_TRAPVINST|T_USER: /* TRAPV instruction trap */
ksi.ksi_addr = (void *)(int)tf->tf_format;
ksi.ksi_signo = SIGFPE;
break;
/*
* XXX: Trace traps are a nightmare.
*
* HP-UX uses trap #1 for breakpoints,
* NetBSD/m68k uses trap #2,
* SUN 3.x uses trap #15,
* DDB and KGDB uses trap #15 (for kernel breakpoints;
* handled elsewhere).
*
* NetBSD and HP-UX traps both get mapped by locore.s into T_TRACE.
* SUN 3.x traps get passed through as T_TRAP15 and are not really
* supported yet.
*
* XXX: We should never get kernel-mode T_TRAP15
* XXX: because locore.s now gives them special treatment.
*/
case T_TRAP15: /* kernel breakpoint */
tf->tf_sr &= ~PSL_T;
goto done;
case T_TRACE|T_USER: /* user trace trap */
#ifdef COMPAT_SUNOS
/*
* SunOS uses Trap #2 for a "CPU cache flush"
* Just flush the on-chip caches and return.
* XXX - Too bad NetBSD uses trap 2...
*/
if (p->p_emul == &emul_sunos) {
/* get out fast */
goto done;
}
#endif
/* FALLTHROUGH */
case T_TRACE: /* tracing a trap instruction */
case T_TRAP15|T_USER: /* SUN user trace trap */
tf->tf_sr &= ~PSL_T;
ksi.ksi_signo = SIGTRAP;
break;
case T_ASTFLT: /* system async trap, cannot happen */
goto dopanic;
case T_ASTFLT|T_USER: /* user async trap */
astpending = 0;
/* T_SSIR is not used on a Sun2. */
if (l->l_pflag & LP_OWEUPC) {
l->l_pflag &= ~LP_OWEUPC;
ADDUPROF(l);
}
if (curcpu()->ci_want_resched)
preempt();
goto douret;
case T_MMUFLT: /* kernel mode page fault */
/* Hacks to avoid calling VM code from debugger. */
#ifdef DDB
if (db_recover != 0)
goto dopanic;
#endif
#ifdef KGDB
if (kgdb_recover != 0)
goto dopanic;
#endif
/*
* If we were doing profiling ticks or other user mode
* stuff from interrupt code, Just Say No.
*/
if (onfault == (void *)fubail || onfault == (void *)subail) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault fu/su bail\n");
Debugger();
}
#endif
rv = EFAULT;
goto copyfault;
}
/*FALLTHROUGH*/
case T_MMUFLT|T_USER: { /* page fault */
vaddr_t va;
struct vmspace *vm = p->p_vmspace;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
#ifdef DEBUG
if ((mmudebug & MDB_WBFOLLOW) || MDB_ISPID(p->p_pid))
printf("trap: T_MMUFLT pid=%d, code=0x%x, v=0x%x, pc=0x%x, sr=0x%x\n",
p->p_pid, code, v, tf->tf_pc, tf->tf_sr);
#endif
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and: (2 or 3)
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space data fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
map = &vm->vm_map;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault == NULL || KDFAULT(code))
map = kernel_map;
}
if (WRFAULT(code))
ftype = VM_PROT_WRITE;
else
ftype = VM_PROT_READ;
va = m68k_trunc_page((vaddr_t)v);
/*
* Need to resolve the fault.
*
* We give the pmap code a chance to resolve faults by
* reloading translations that it was forced to unload.
* This function does that, and calls vm_fault if it
* could not resolve the fault by reloading the MMU.
* This function may also, for example, disallow any
* faults in the kernel text segment, etc.
*/
pcb->pcb_onfault = NULL;
rv = _pmap_fault(map, va, ftype);
pcb->pcb_onfault = onfault;
#ifdef DEBUG
if (rv && MDB_ISPID(p->p_pid)) {
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
if (mmudebug & MDB_WBFAILED)
Debugger();
}
#endif /* DEBUG */
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if (rv == 0) {
if (map != kernel_map && (void *)va >= vm->vm_maxsaddr)
uvm_grow(p, va);
if ((type & T_USER) == 0 && ucas_ras_check(tf)) {
return;
}
goto finish;
}
if (rv == EACCES) {
ksi.ksi_code = SEGV_ACCERR;
rv = EFAULT;
} else
ksi.ksi_code = SEGV_MAPERR;
if ((type & T_USER) == 0) {
/* supervisor mode fault */
if (onfault) {
#ifdef DEBUG
if (mmudebug & MDB_CPFAULT) {
printf("trap: copyfault pcb_onfault\n");
Debugger();
}
#endif
goto copyfault;
}
printf("vm_fault(%p, 0x%lx, 0x%x) -> 0x%x\n",
map, va, ftype, rv);
goto dopanic;
}
ksi.ksi_addr = (void *)v;
switch (rv) {
case ENOMEM:
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : -1);
ksi.ksi_signo = SIGKILL;
break;
case EINVAL:
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_ADRERR;
break;
case EACCES:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
break;
default:
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
break;
}
break;
} /* T_MMUFLT */
} /* switch */
finish:
/* If trap was from supervisor mode, just return. */
if ((type & T_USER) == 0)
goto done;
/* Post a signal if necessary. */
if (ksi.ksi_signo)
trapsignal(l, &ksi);
douret:
userret(l, tf, sticks);
done:;
/* XXX: Detect trap recursion? */
}
void
m88100_trap(unsigned type, struct trapframe *frame)
{
struct proc *p;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type, pbus_type;
u_long fault_code;
unsigned fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
u_int psr;
#endif
int sig = 0;
extern struct vm_map *kernel_map;
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
if (USERMODE(frame->tf_epsr)) {
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
fault_type = 0;
fault_code = 0;
fault_addr = frame->tf_sxip & XIP_ADDR;
switch (type) {
default:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#if defined(DDB)
case T_KDB_BREAK:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
#endif /* DDB */
case T_ILLFLT:
printf("Unimplemented opcode!\n");
panictrap(frame->tf_vector, frame);
break;
case T_INT:
case T_INT+T_USER:
curcpu()->ci_intrdepth++;
md_interrupt_func(T_INT, frame);
curcpu()->ci_intrdepth--;
return;
case T_MISALGNFLT:
printf("kernel misaligned access exception @ 0x%08x\n",
frame->tf_sxip);
panictrap(frame->tf_vector, frame);
break;
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
printf("Kernel Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
panictrap(frame->tf_vector, frame);
break;
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dmt0 & DMT_DAS) == 0) {
type = T_DATAFLT + T_USER;
goto user_fault;
}
fault_addr = frame->tf_dma0;
if (frame->tf_dmt0 & (DMT_WRITE|DMT_LOCKBAR)) {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
if (va == 0) {
panic("trap: bad kernel access at %x", fault_addr);
}
KERNEL_LOCK(LK_CANRECURSE | LK_EXCLUSIVE);
vm = p->p_vmspace;
map = kernel_map;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("Kernel Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
switch (pbus_type) {
case CMMU_PFSR_SUCCESS:
/*
* The fault was resolved. Call data_access_emulation
* to drain the data unit pipe line and reset dmt0
* so that trap won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
KERNEL_UNLOCK();
return;
case CMMU_PFSR_SFAULT:
case CMMU_PFSR_PFAULT:
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data
* unit pipe line and reset dmt0 so that trap
* won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
KERNEL_UNLOCK();
return;
}
break;
}
#ifdef TRAPDEBUG
printf("PBUS Fault %d (%s) va = 0x%x\n", pbus_type,
pbus_exception_type[pbus_type], va);
#endif
KERNEL_UNLOCK();
panictrap(frame->tf_vector, frame);
/* NOTREACHED */
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
user_fault:
if (type == T_INSTFLT + T_USER) {
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
#ifdef TRAPDEBUG
printf("User Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
} else {
fault_addr = frame->tf_dma0;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("User Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
}
if (frame->tf_dmt0 & (DMT_WRITE | DMT_LOCKBAR)) {
ftype = VM_PROT_READ | VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
KERNEL_PROC_LOCK(p);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/* Call uvm_fault() to resolve non-bus error faults */
switch (pbus_type) {
case CMMU_PFSR_SUCCESS:
result = 0;
break;
case CMMU_PFSR_BERROR:
result = EACCES;
break;
default:
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
break;
}
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0)
uvm_grow(p, va);
else if (result == EACCES)
result = EFAULT;
}
KERNEL_PROC_UNLOCK(p);
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_snip = pcb_onfault | NIP_V;
frame->tf_sfip = (pcb_onfault + 4) | FIP_V;
frame->tf_sxip = 0;
/*
* Continue as if the fault had been resolved, but
* do not try to complete the faulting access.
*/
frame->tf_dmt0 |= DMT_SKIP;
result = 0;
}
if (result == 0) {
if (type == T_DATAFLT+T_USER) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data unit
* pipe line and reset dmt0 so that trap won't
* get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
} else {
/*
* back up SXIP, SNIP,
* clearing the Error bit
*/
frame->tf_sfip = frame->tf_snip & ~FIP_E;
frame->tf_snip = frame->tf_sxip & ~NIP_E;
frame->tf_ipfsr = 0;
}
} else {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
break;
case T_PRIVINFLT+T_USER:
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
break;
case T_FPEPFLT+T_USER:
sig = SIGFPE;
break;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
u_int instr;
vaddr_t pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(u_int));
/* check and see if we got here by accident */
if ((p->p_md.md_bp0va != pc &&
p->p_md.md_bp1va != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear breakpoint */
if (p->p_md.md_bp0va == pc) {
ss_put_value(p, pc, p->p_md.md_bp0save);
p->p_md.md_bp0va = 0;
}
if (p->p_md.md_bp1va == pc) {
ss_put_value(p, pc, p->p_md.md_bp1save);
p->p_md.md_bp1va = 0;
}
#if 1
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = pc | NIP_V;
#endif
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = frame->tf_sxip;
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
case T_ASTFLT+T_USER:
uvmexp.softs++;
p->p_md.md_astpending = 0;
if (p->p_flag & P_OWEUPC) {
KERNEL_PROC_LOCK(p);
ADDUPROF(p);
KERNEL_PROC_UNLOCK(p);
}
if (curcpu()->ci_want_resched)
preempt(NULL);
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
sv.sival_int = fault_addr;
KERNEL_PROC_LOCK(p);
trapsignal(p, sig, fault_code, fault_type, sv);
KERNEL_PROC_UNLOCK(p);
/*
* don't want multiple faults - we are going to
* deliver signal.
*/
frame->tf_dmt0 = 0;
frame->tf_ipfsr = frame->tf_dpfsr = 0;
}
userret(p);
}
/*
* Do all the work necessary to set up the cpu and thread structures
* to dispatch a high-level interrupt.
*
* Returns 0 if we're -not- already on the high-level interrupt stack,
* (and *must* switch to it), non-zero if we are already on that stack.
*
* Called with interrupts masked.
* The 'pil' is already set to the appropriate level for rp->r_trapno.
*/
static int
hilevel_intr_prolog(struct cpu *cpu, uint_t pil, uint_t oldpil, struct regs *rp)
{
struct machcpu *mcpu = &cpu->cpu_m;
uint_t mask;
hrtime_t intrtime;
hrtime_t now = tsc_read();
ASSERT(pil > LOCK_LEVEL);
if (pil == CBE_HIGH_PIL) {
cpu->cpu_profile_pil = oldpil;
if (USERMODE(rp->r_cs)) {
cpu->cpu_profile_pc = 0;
cpu->cpu_profile_upc = rp->r_pc;
cpu->cpu_cpcprofile_pc = 0;
cpu->cpu_cpcprofile_upc = rp->r_pc;
} else {
cpu->cpu_profile_pc = rp->r_pc;
cpu->cpu_profile_upc = 0;
cpu->cpu_cpcprofile_pc = rp->r_pc;
cpu->cpu_cpcprofile_upc = 0;
}
}
mask = cpu->cpu_intr_actv & CPU_INTR_ACTV_HIGH_LEVEL_MASK;
if (mask != 0) {
int nestpil;
/*
* We have interrupted another high-level interrupt.
* Load starting timestamp, compute interval, update
* cumulative counter.
*/
nestpil = bsrw_insn((uint16_t)mask);
ASSERT(nestpil < pil);
intrtime = now -
mcpu->pil_high_start[nestpil - (LOCK_LEVEL + 1)];
mcpu->intrstat[nestpil][0] += intrtime;
cpu->cpu_intracct[cpu->cpu_mstate] += intrtime;
/*
* Another high-level interrupt is active below this one, so
* there is no need to check for an interrupt thread. That
* will be done by the lowest priority high-level interrupt
* active.
*/
} else {
kthread_t *t = cpu->cpu_thread;
/*
* See if we are interrupting a low-level interrupt thread.
* If so, account for its time slice only if its time stamp
* is non-zero.
*/
if ((t->t_flag & T_INTR_THREAD) != 0 && t->t_intr_start != 0) {
intrtime = now - t->t_intr_start;
mcpu->intrstat[t->t_pil][0] += intrtime;
cpu->cpu_intracct[cpu->cpu_mstate] += intrtime;
t->t_intr_start = 0;
}
}
/*
* Store starting timestamp in CPU structure for this PIL.
*/
mcpu->pil_high_start[pil - (LOCK_LEVEL + 1)] = now;
ASSERT((cpu->cpu_intr_actv & (1 << pil)) == 0);
if (pil == 15) {
/*
* To support reentrant level 15 interrupts, we maintain a
* recursion count in the top half of cpu_intr_actv. Only
* when this count hits zero do we clear the PIL 15 bit from
* the lower half of cpu_intr_actv.
*/
uint16_t *refcntp = (uint16_t *)&cpu->cpu_intr_actv + 1;
(*refcntp)++;
}
mask = cpu->cpu_intr_actv;
cpu->cpu_intr_actv |= (1 << pil);
return (mask & CPU_INTR_ACTV_HIGH_LEVEL_MASK);
}
/*
* Common tasks always done by _sys_rtt, called with interrupts disabled.
* Returns 1 if returning to userland, 0 if returning to system mode.
*/
int
sys_rtt_common(struct regs *rp)
{
kthread_t *tp;
extern void mutex_exit_critical_start();
extern long mutex_exit_critical_size;
extern void mutex_owner_running_critical_start();
extern long mutex_owner_running_critical_size;
loop:
/*
* Check if returning to user
*/
tp = CPU->cpu_thread;
if (USERMODE(rp->r_cs)) {
/*
* Check if AST pending.
*/
if (tp->t_astflag) {
/*
* Let trap() handle the AST
*/
sti();
rp->r_trapno = T_AST;
trap(rp, (caddr_t)0, CPU->cpu_id);
cli();
goto loop;
}
#if defined(__amd64)
/*
* We are done if segment registers do not need updating.
*/
if (tp->t_lwp->lwp_pcb.pcb_rupdate == 0)
return (1);
if (update_sregs(rp, tp->t_lwp)) {
/*
* 1 or more of the selectors is bad.
* Deliver a SIGSEGV.
*/
proc_t *p = ttoproc(tp);
sti();
mutex_enter(&p->p_lock);
tp->t_lwp->lwp_cursig = SIGSEGV;
mutex_exit(&p->p_lock);
psig();
tp->t_sig_check = 1;
cli();
}
tp->t_lwp->lwp_pcb.pcb_rupdate = 0;
#endif /* __amd64 */
return (1);
}
/*
* Here if we are returning to supervisor mode.
* Check for a kernel preemption request.
*/
if (CPU->cpu_kprunrun && (rp->r_ps & PS_IE)) {
/*
* Do nothing if already in kpreempt
*/
if (!tp->t_preempt_lk) {
tp->t_preempt_lk = 1;
sti();
kpreempt(1); /* asynchronous kpreempt call */
cli();
tp->t_preempt_lk = 0;
}
}
/*
* If we interrupted the mutex_exit() critical region we must
* reset the PC back to the beginning to prevent missed wakeups
* See the comments in mutex_exit() for details.
*/
if ((uintptr_t)rp->r_pc - (uintptr_t)mutex_exit_critical_start <
mutex_exit_critical_size) {
rp->r_pc = (greg_t)mutex_exit_critical_start;
}
/*
* If we interrupted the mutex_owner_running() critical region we
* must reset the PC back to the beginning to prevent dereferencing
* of a freed thread pointer. See the comments in mutex_owner_running
* for details.
*/
if ((uintptr_t)rp->r_pc -
(uintptr_t)mutex_owner_running_critical_start <
mutex_owner_running_critical_size) {
rp->r_pc = (greg_t)mutex_owner_running_critical_start;
}
return (0);
}
/*
* Handle a single exception.
*/
void
itsa(struct trap_frame *trapframe, struct cpu_info *ci, struct proc *p,
int type)
{
int i;
unsigned ucode = 0;
vm_prot_t ftype;
extern vaddr_t onfault_table[];
int onfault;
int typ = 0;
union sigval sv;
struct pcb *pcb;
switch (type) {
case T_TLB_MOD:
/* check for kernel address */
if (trapframe->badvaddr < 0) {
pt_entry_t *pte, entry;
paddr_t pa;
vm_page_t pg;
pte = kvtopte(trapframe->badvaddr);
entry = *pte;
#ifdef DIAGNOSTIC
if (!(entry & PG_V) || (entry & PG_M))
panic("trap: ktlbmod: invalid pte");
#endif
if (pmap_is_page_ro(pmap_kernel(),
trunc_page(trapframe->badvaddr), entry)) {
/* write to read only page in the kernel */
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
goto kernel_fault;
}
entry |= PG_M;
*pte = entry;
KERNEL_LOCK();
pmap_update_kernel_page(trapframe->badvaddr & ~PGOFSET,
entry);
pa = pfn_to_pad(entry);
pg = PHYS_TO_VM_PAGE(pa);
if (pg == NULL)
panic("trap: ktlbmod: unmanaged page");
pmap_set_modify(pg);
KERNEL_UNLOCK();
return;
}
/* FALLTHROUGH */
case T_TLB_MOD+T_USER:
{
pt_entry_t *pte, entry;
paddr_t pa;
vm_page_t pg;
pmap_t pmap = p->p_vmspace->vm_map.pmap;
if (!(pte = pmap_segmap(pmap, trapframe->badvaddr)))
panic("trap: utlbmod: invalid segmap");
pte += uvtopte(trapframe->badvaddr);
entry = *pte;
#ifdef DIAGNOSTIC
if (!(entry & PG_V) || (entry & PG_M))
panic("trap: utlbmod: invalid pte");
#endif
if (pmap_is_page_ro(pmap,
trunc_page(trapframe->badvaddr), entry)) {
/* write to read only page */
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
goto fault_common_no_miss;
}
entry |= PG_M;
*pte = entry;
KERNEL_LOCK();
pmap_update_user_page(pmap, (trapframe->badvaddr & ~PGOFSET),
entry);
pa = pfn_to_pad(entry);
pg = PHYS_TO_VM_PAGE(pa);
if (pg == NULL)
panic("trap: utlbmod: unmanaged page");
pmap_set_modify(pg);
KERNEL_UNLOCK();
return;
}
case T_TLB_LD_MISS:
case T_TLB_ST_MISS:
ftype = (type == T_TLB_ST_MISS) ? VM_PROT_WRITE : VM_PROT_READ;
pcb = &p->p_addr->u_pcb;
/* check for kernel address */
if (trapframe->badvaddr < 0) {
vaddr_t va;
int rv;
kernel_fault:
va = trunc_page((vaddr_t)trapframe->badvaddr);
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = 0;
KERNEL_LOCK();
rv = uvm_fault(kernel_map, trunc_page(va), 0, ftype);
KERNEL_UNLOCK();
pcb->pcb_onfault = onfault;
if (rv == 0)
return;
if (onfault != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
}
/*
* It is an error for the kernel to access user space except
* through the copyin/copyout routines.
*/
if (pcb->pcb_onfault != 0) {
/*
* We want to resolve the TLB fault before invoking
* pcb_onfault if necessary.
*/
goto fault_common;
} else {
goto err;
}
case T_TLB_LD_MISS+T_USER:
ftype = VM_PROT_READ;
pcb = &p->p_addr->u_pcb;
goto fault_common;
case T_TLB_ST_MISS+T_USER:
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
fault_common:
#ifdef CPU_R4000
if (r4000_errata != 0) {
if (eop_tlb_miss_handler(trapframe, ci, p) != 0)
return;
}
#endif
fault_common_no_miss:
#ifdef CPU_R4000
if (r4000_errata != 0) {
eop_cleanup(trapframe, p);
}
#endif
{
vaddr_t va;
struct vmspace *vm;
vm_map_t map;
int rv;
vm = p->p_vmspace;
map = &vm->vm_map;
va = trunc_page((vaddr_t)trapframe->badvaddr);
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = 0;
KERNEL_LOCK();
rv = uvm_fault(map, va, 0, ftype);
pcb->pcb_onfault = onfault;
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (rv == 0)
uvm_grow(p, va);
else if (rv == EACCES)
rv = EFAULT;
}
KERNEL_UNLOCK();
if (rv == 0)
return;
if (!USERMODE(trapframe->sr)) {
if (onfault != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
}
ucode = ftype;
i = SIGSEGV;
typ = SEGV_MAPERR;
break;
}
case T_ADDR_ERR_LD+T_USER: /* misaligned or kseg access */
case T_ADDR_ERR_ST+T_USER: /* misaligned or kseg access */
ucode = 0; /* XXX should be VM_PROT_something */
i = SIGBUS;
typ = BUS_ADRALN;
break;
case T_BUS_ERR_IFETCH+T_USER: /* BERR asserted to cpu */
case T_BUS_ERR_LD_ST+T_USER: /* BERR asserted to cpu */
ucode = 0; /* XXX should be VM_PROT_something */
i = SIGBUS;
typ = BUS_OBJERR;
break;
case T_SYSCALL+T_USER:
{
struct trap_frame *locr0 = p->p_md.md_regs;
struct sysent *callp;
unsigned int code;
register_t tpc;
int numsys, error;
struct args {
register_t i[8];
} args;
register_t rval[2];
atomic_add_int(&uvmexp.syscalls, 1);
/* compute next PC after syscall instruction */
tpc = trapframe->pc; /* Remember if restart */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
callp = p->p_p->ps_emul->e_sysent;
numsys = p->p_p->ps_emul->e_nsysent;
code = locr0->v0;
switch (code) {
case SYS_syscall:
case SYS___syscall:
/*
* Code is first argument, followed by actual args.
* __syscall provides the code as a quad to maintain
* proper alignment of 64-bit arguments on 32-bit
* platforms, which doesn't change anything here.
*/
code = locr0->a0;
if (code >= numsys)
callp += p->p_p->ps_emul->e_nosys; /* (illegal) */
else
callp += code;
i = callp->sy_argsize / sizeof(register_t);
args.i[0] = locr0->a1;
args.i[1] = locr0->a2;
args.i[2] = locr0->a3;
if (i > 3) {
args.i[3] = locr0->a4;
args.i[4] = locr0->a5;
args.i[5] = locr0->a6;
args.i[6] = locr0->a7;
if (i > 7)
if ((error = copyin((void *)locr0->sp,
&args.i[7], sizeof(register_t))))
goto bad;
}
break;
default:
if (code >= numsys)
callp += p->p_p->ps_emul->e_nosys; /* (illegal) */
else
callp += code;
i = callp->sy_narg;
args.i[0] = locr0->a0;
args.i[1] = locr0->a1;
args.i[2] = locr0->a2;
args.i[3] = locr0->a3;
if (i > 4) {
args.i[4] = locr0->a4;
args.i[5] = locr0->a5;
args.i[6] = locr0->a6;
args.i[7] = locr0->a7;
}
}
rval[0] = 0;
rval[1] = locr0->v1;
#if defined(DDB) || defined(DEBUG)
trapdebug[TRAPSIZE * ci->ci_cpuid + (trppos[ci->ci_cpuid] == 0 ?
TRAPSIZE : trppos[ci->ci_cpuid]) - 1].code = code;
#endif
error = mi_syscall(p, code, callp, args.i, rval);
switch (error) {
case 0:
locr0->v0 = rval[0];
locr0->v1 = rval[1];
locr0->a3 = 0;
break;
case ERESTART:
locr0->pc = tpc;
break;
case EJUSTRETURN:
break; /* nothing to do */
default:
bad:
locr0->v0 = error;
locr0->a3 = 1;
}
mi_syscall_return(p, code, error, rval);
return;
}
case T_BREAK:
#ifdef DDB
kdb_trap(type, trapframe);
#endif
/* Reenable interrupts if necessary */
if (trapframe->sr & SR_INT_ENAB) {
enableintr();
}
return;
case T_BREAK+T_USER:
{
caddr_t va;
u_int32_t instr;
struct trap_frame *locr0 = p->p_md.md_regs;
/* compute address of break instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
/* read break instruction */
copyin(va, &instr, sizeof(int32_t));
switch ((instr & BREAK_VAL_MASK) >> BREAK_VAL_SHIFT) {
case 6: /* gcc range error */
i = SIGFPE;
typ = FPE_FLTSUB;
/* skip instruction */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
break;
case 7: /* gcc3 divide by zero */
i = SIGFPE;
typ = FPE_INTDIV;
/* skip instruction */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
break;
#ifdef PTRACE
case BREAK_SSTEP_VAL:
if (p->p_md.md_ss_addr == (long)va) {
#ifdef DEBUG
printf("trap: %s (%d): breakpoint at %p "
"(insn %08x)\n",
p->p_comm, p->p_pid,
(void *)p->p_md.md_ss_addr,
p->p_md.md_ss_instr);
#endif
/* Restore original instruction and clear BP */
process_sstep(p, 0);
typ = TRAP_BRKPT;
} else {
typ = TRAP_TRACE;
}
i = SIGTRAP;
break;
#endif
#ifdef FPUEMUL
case BREAK_FPUEMUL_VAL:
/*
* If this is a genuine FP emulation break,
* resume execution to our branch destination.
*/
if ((p->p_md.md_flags & MDP_FPUSED) != 0 &&
p->p_md.md_fppgva + 4 == (vaddr_t)va) {
struct vm_map *map = &p->p_vmspace->vm_map;
p->p_md.md_flags &= ~MDP_FPUSED;
locr0->pc = p->p_md.md_fpbranchva;
/*
* Prevent access to the relocation page.
* XXX needs to be fixed to work with rthreads
*/
uvm_fault_unwire(map, p->p_md.md_fppgva,
p->p_md.md_fppgva + PAGE_SIZE);
(void)uvm_map_protect(map, p->p_md.md_fppgva,
p->p_md.md_fppgva + PAGE_SIZE,
UVM_PROT_NONE, FALSE);
return;
}
/* FALLTHROUGH */
#endif
default:
typ = TRAP_TRACE;
i = SIGTRAP;
break;
}
break;
}
case T_IWATCH+T_USER:
case T_DWATCH+T_USER:
{
caddr_t va;
/* compute address of trapped instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
printf("watch exception @ %p\n", va);
#ifdef RM7K_PERFCNTR
if (rm7k_watchintr(trapframe)) {
/* Return to user, don't add any more overhead */
return;
}
#endif
i = SIGTRAP;
typ = TRAP_BRKPT;
break;
}
case T_TRAP+T_USER:
{
caddr_t va;
u_int32_t instr;
struct trap_frame *locr0 = p->p_md.md_regs;
/* compute address of trap instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
/* read break instruction */
copyin(va, &instr, sizeof(int32_t));
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
#ifdef RM7K_PERFCNTR
if (instr == 0x040c0000) { /* Performance cntr trap */
int result;
result = rm7k_perfcntr(trapframe->a0, trapframe->a1,
trapframe->a2, trapframe->a3);
locr0->v0 = -result;
/* Return to user, don't add any more overhead */
return;
} else
#endif
/*
* GCC 4 uses teq with code 7 to signal divide by
* zero at runtime. This is one instruction shorter
* than the BEQ + BREAK combination used by gcc 3.
*/
if ((instr & 0xfc00003f) == 0x00000034 /* teq */ &&
(instr & 0x001fffc0) == ((ZERO << 16) | (7 << 6))) {
i = SIGFPE;
typ = FPE_INTDIV;
} else {
i = SIGEMT; /* Stuff it with something for now */
typ = 0;
}
break;
}
case T_RES_INST+T_USER:
i = SIGILL;
typ = ILL_ILLOPC;
break;
case T_COP_UNUSABLE+T_USER:
/*
* Note MIPS IV COP1X instructions issued with FPU
* disabled correctly report coprocessor 1 as the
* unusable coprocessor number.
*/
if ((trapframe->cause & CR_COP_ERR) != CR_COP1_ERR) {
i = SIGILL; /* only FPU instructions allowed */
typ = ILL_ILLOPC;
break;
}
#ifdef FPUEMUL
MipsFPTrap(trapframe);
#else
enable_fpu(p);
#endif
return;
case T_FPE:
printf("FPU Trap: PC %lx CR %lx SR %lx\n",
trapframe->pc, trapframe->cause, trapframe->sr);
goto err;
case T_FPE+T_USER:
MipsFPTrap(trapframe);
return;
case T_OVFLOW+T_USER:
i = SIGFPE;
typ = FPE_FLTOVF;
break;
case T_ADDR_ERR_LD: /* misaligned access */
case T_ADDR_ERR_ST: /* misaligned access */
case T_BUS_ERR_LD_ST: /* BERR asserted to cpu */
pcb = &p->p_addr->u_pcb;
if ((onfault = pcb->pcb_onfault) != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
default:
err:
disableintr();
#if !defined(DDB) && defined(DEBUG)
trapDump("trap", printf);
#endif
printf("\nTrap cause = %d Frame %p\n", type, trapframe);
printf("Trap PC %p RA %p fault %p\n",
(void *)trapframe->pc, (void *)trapframe->ra,
(void *)trapframe->badvaddr);
#ifdef DDB
stacktrace(!USERMODE(trapframe->sr) ? trapframe : p->p_md.md_regs);
kdb_trap(type, trapframe);
#endif
panic("trap");
}
#ifdef FPUEMUL
/*
* If a relocated delay slot causes an exception, blame the
* original delay slot address - userland is not supposed to
* know anything about emulation bowels.
*/
if ((p->p_md.md_flags & MDP_FPUSED) != 0 &&
trapframe->badvaddr == p->p_md.md_fppgva)
trapframe->badvaddr = p->p_md.md_fpslotva;
#endif
p->p_md.md_regs->pc = trapframe->pc;
p->p_md.md_regs->cause = trapframe->cause;
p->p_md.md_regs->badvaddr = trapframe->badvaddr;
sv.sival_ptr = (void *)trapframe->badvaddr;
KERNEL_LOCK();
trapsignal(p, i, ucode, typ, sv);
KERNEL_UNLOCK();
}
/*
* call actual syscall routine
* from the low-level syscall handler:
* - all HPPA_FRAME_NARGS syscall's arguments supposed to be copied onto
* our stack, this wins compared to copyin just needed amount anyway
* - register args are copied onto stack too
*/
void
syscall(struct trapframe *frame, int *args)
{
struct lwp *l;
struct proc *p;
const struct sysent *callp;
int nsys, code, argsize, error;
int tmp;
int rval[2];
uvmexp.syscalls++;
#ifdef DEBUG
frame_sanity_check(frame, curlwp);
#endif /* DEBUG */
if (!USERMODE(frame->tf_iioq_head))
panic("syscall");
l = curlwp;
p = l->l_proc;
l->l_md.md_regs = frame;
nsys = p->p_emul->e_nsysent;
callp = p->p_emul->e_sysent;
code = frame->tf_t1;
/*
* Restarting a system call is touchy on the HPPA,
* because syscall arguments are passed in registers
* and the program counter of the syscall "point"
* isn't easily divined.
*
* We handle the first problem by assuming that we
* will have to restart this system call, so we
* stuff the first four words of the original arguments
* back into the frame as arg0...arg3, which is where
* we found them in the first place. Any further
* arguments are (still) on the user's stack and the
* syscall code will fetch them from there (again).
*
* The program counter problem is addressed below.
*/
frame->tf_arg0 = args[0];
frame->tf_arg1 = args[1];
frame->tf_arg2 = args[2];
frame->tf_arg3 = args[3];
/*
* Some special handling for the syscall(2) and
* __syscall(2) system calls.
*/
switch (code) {
case SYS_syscall:
code = *args;
args += 1;
break;
case SYS___syscall:
if (callp != sysent)
break;
/*
* NB: even though __syscall(2) takes a quad_t
* containing the system call number, because
* our argument copying word-swaps 64-bit arguments,
* the least significant word of that quad_t
* is the first word in the argument array.
*/
code = *args;
args += 2;
}
/*
* Stacks growing from lower addresses to higher
* addresses are not really such a good idea, because
* it makes it impossible to overlay a struct on top
* of C stack arguments (the arguments appear in
* reversed order).
*
* You can do the obvious thing (as locore.S does) and
* copy argument words one by one, laying them out in
* the "right" order in the destination buffer, but this
* ends up word-swapping multi-word arguments (like off_t).
*
* To compensate, we have some automatically-generated
* code that word-swaps these multi-word arguments.
* Right now the script that generates this code is
* in Perl, because I don't know awk.
*
* FIXME - this works only on native binaries and
* will probably screw up any and all emulation.
*/
switch (code) {
/*
* BEGIN automatically generated
* by /home/fredette/project/hppa/makescargfix.pl
* do not edit!
*/
case SYS_pread:
/*
* syscallarg(int) fd;
* syscallarg(void *) buf;
* syscallarg(size_t) nbyte;
* syscallarg(int) pad;
* syscallarg(off_t) offset;
*/
tmp = args[4];
args[4] = args[4 + 1];
args[4 + 1] = tmp;
break;
case SYS_pwrite:
/*
* syscallarg(int) fd;
* syscallarg(const void *) buf;
* syscallarg(size_t) nbyte;
* syscallarg(int) pad;
* syscallarg(off_t) offset;
*/
tmp = args[4];
args[4] = args[4 + 1];
args[4 + 1] = tmp;
break;
case SYS_mmap:
/*
* syscallarg(void *) addr;
* syscallarg(size_t) len;
* syscallarg(int) prot;
* syscallarg(int) flags;
* syscallarg(int) fd;
* syscallarg(long) pad;
* syscallarg(off_t) pos;
*/
tmp = args[6];
args[6] = args[6 + 1];
args[6 + 1] = tmp;
break;
case SYS_lseek:
/*
* syscallarg(int) fd;
* syscallarg(int) pad;
* syscallarg(off_t) offset;
*/
tmp = args[2];
args[2] = args[2 + 1];
args[2 + 1] = tmp;
break;
case SYS_truncate:
/*
* syscallarg(const char *) path;
* syscallarg(int) pad;
* syscallarg(off_t) length;
*/
tmp = args[2];
args[2] = args[2 + 1];
args[2 + 1] = tmp;
break;
case SYS_ftruncate:
/*
* syscallarg(int) fd;
* syscallarg(int) pad;
* syscallarg(off_t) length;
*/
tmp = args[2];
args[2] = args[2 + 1];
args[2 + 1] = tmp;
break;
case SYS_preadv:
/*
* syscallarg(int) fd;
* syscallarg(const struct iovec *) iovp;
* syscallarg(int) iovcnt;
* syscallarg(int) pad;
* syscallarg(off_t) offset;
*/
tmp = args[4];
args[4] = args[4 + 1];
args[4 + 1] = tmp;
break;
case SYS_pwritev:
/*
* syscallarg(int) fd;
* syscallarg(const struct iovec *) iovp;
* syscallarg(int) iovcnt;
* syscallarg(int) pad;
* syscallarg(off_t) offset;
*/
tmp = args[4];
args[4] = args[4 + 1];
args[4 + 1] = tmp;
break;
default:
break;
/*
* END automatically generated
* by /home/fredette/project/hppa/makescargfix.pl
* do not edit!
*/
}
#ifdef USERTRACE
if (0) {
user_backtrace(frame, p, -1);
frame->tf_ipsw |= PSW_R;
frame->tf_rctr = 0;
printf("r %08x", frame->tf_iioq_head);
rctr_next_iioq = frame->tf_iioq_head + 4;
}
#endif
if (code < 0 || code >= nsys)
callp += p->p_emul->e_nosys; /* bad syscall # */
else
callp += code;
argsize = callp->sy_argsize;
if ((error = trace_enter(l, code, code, NULL, args)) != 0)
goto bad;
rval[0] = 0;
rval[1] = 0;
switch (error = (*callp->sy_call)(l, args, rval)) {
case 0:
l = curlwp; /* changes on exec() */
frame = l->l_md.md_regs;
frame->tf_ret0 = rval[0];
frame->tf_ret1 = rval[1];
frame->tf_t1 = 0;
break;
case ERESTART:
/*
* Now we have to wind back the instruction
* offset queue to the point where the system
* call will be made again. This is inherently
* tied to the SYSCALL macro.
*
* Currently, the part of the SYSCALL macro
* that we want to rerun reads as:
*
* ldil L%SYSCALLGATE, r1
* ble 4(sr7, r1)
* ldi __CONCAT(SYS_,x), t1
* ldw HPPA_FRAME_ERP(sr0,sp), rp
*
* And our offset queue head points to the
* final ldw instruction. So we need to
* subtract twelve to reach the ldil.
*/
frame->tf_iioq_head -= 12;
frame->tf_iioq_tail = frame->tf_iioq_head + 4;
break;
case EJUSTRETURN:
p = curproc;
break;
default:
bad:
if (p->p_emul->e_errno)
error = p->p_emul->e_errno[error];
frame->tf_t1 = error;
break;
}
trace_exit(l, code, args, rval, error);
userret(l, frame->tf_iioq_head, 0);
#ifdef DEBUG
frame_sanity_check(frame, l);
#endif /* DEBUG */
}
void
fp_precise(struct regs *rp)
{
fp_simd_type fpsd;
int inst_ftt;
union {
uint_t i;
fp_inst_type inst;
} kluge;
klwp_t *lwp = ttolwp(curthread);
kfpu_t *fp = lwptofpu(lwp);
uint64_t gsr;
int mstate;
if (fpu_exists)
save_gsr(fp);
gsr = get_gsr(fp);
/*
* Get the instruction to be emulated from the pc saved by the trap.
* Note that the kernel is NOT prepared to handle a kernel fp
* exception if it can't pass successfully through the fp simulator.
*
* If the trap occurred in user mode, set lwp_state to LWP_SYS for the
* purposes of clock accounting and switch to the LMS_TRAP microstate.
*/
if (USERMODE(rp->r_tstate)) {
inst_ftt = _fp_read_inst((uint32_t *)rp->r_pc, &kluge.i, &fpsd);
mstate = new_mstate(curthread, LMS_TRAP);
lwp->lwp_state = LWP_SYS;
} else {
kluge.i = *(uint_t *)rp->r_pc;
inst_ftt = ftt_none;
}
if (inst_ftt != ftt_none) {
/*
* Save the bad address and post the signal.
* It can only be an ftt_alignment or ftt_fault trap.
* XXX - How can this work w/mainsail and do_unaligned?
*/
fpsd.fp_trapaddr = (caddr_t)rp->r_pc;
fp_traps(&fpsd, inst_ftt, rp);
} else {
/*
* Conjure up a floating point queue and advance the pc/npc
* to fake a deferred fp trap. We now run the fp simulator
* in fp_precise, while allowing setfpregs to call fp_runq,
* because this allows us to do the ugly machinations to
* inc/dec the pc depending on the trap type, as per
* bugid 1210159. fp_runq is still going to have the
* generic "how do I connect the "fp queue to the pc/npc"
* problem alluded to in bugid 1192883, which is only a
* problem for a restorecontext of a v8 fp queue on a
* v9 system, which seems like the .000000001% case (on v9)!
*/
struct _fpq *pfpq = &fp->fpu_q->FQu.fpq;
fp_simd_type fpsd;
int fptrap;
pfpq->fpq_addr = (uint_t *)rp->r_pc;
pfpq->fpq_instr = kluge.i;
fp->fpu_qcnt = 1;
fp->fpu_q_entrysize = sizeof (struct _fpq);
kpreempt_disable();
(void) flush_user_windows_to_stack(NULL);
fptrap = fpu_vis_sim((fp_simd_type *)&fpsd,
(fp_inst_type *)pfpq->fpq_addr, rp,
(fsr_type *)&fp->fpu_fsr, gsr, kluge.i);
/* update the hardware fp fsr state for sake of ucontext */
if (fpu_exists)
_fp_write_pfsr(&fp->fpu_fsr);
if (fptrap) {
/* back up the pc if the signal needs to be precise */
if (fptrap != ftt_ieee) {
fp->fpu_qcnt = 0;
}
/* post signal */
fp_traps(&fpsd, fptrap, rp);
/* decrement queue count for ieee exceptions */
if (fptrap == ftt_ieee) {
fp->fpu_qcnt = 0;
}
} else {
fp->fpu_qcnt = 0;
}
/* update the software pcb copies of hardware fp registers */
if (fpu_exists) {
fp_save(fp);
}
kpreempt_enable();
}
/*
* Reset lwp_state to LWP_USER for the purposes of clock accounting,
* and restore the previously saved microstate.
*/
if (USERMODE(rp->r_tstate)) {
(void) new_mstate(curthread, mstate);
lwp->lwp_state = LWP_USER;
}
}
/*
* Trap is called from locore to handle most types of processor traps.
*/
void
trap(unsigned int status, unsigned int cause, vaddr_t vaddr, vaddr_t opc,
struct trapframe *frame)
{
int type;
struct lwp *l = curlwp;
struct proc *p = curproc;
vm_prot_t ftype;
ksiginfo_t ksi;
struct frame *fp;
extern void fswintrberr(void);
KSI_INIT_TRAP(&ksi);
uvmexp.traps++;
if ((type = TRAPTYPE(cause)) >= LENGTH(trap_type))
panic("trap: unknown trap type %d", type);
if (USERMODE(status)) {
type |= T_USER;
LWP_CACHE_CREDS(l, p);
}
/* Enable interrupts just at it was before the trap. */
_splset(status & AVR32_STATUS_IMx);
switch (type) {
default:
dopanic:
(void)splhigh();
printf("trap: %s in %s mode\n",
trap_type[TRAPTYPE(cause)],
USERMODE(status) ? "user" : "kernel");
printf("status=0x%x, cause=0x%x, epc=%#lx, vaddr=%#lx\n",
status, cause, opc, vaddr);
if (curlwp != NULL) {
fp = (struct frame *)l->l_md.md_regs;
printf("pid=%d cmd=%s usp=0x%x ",
p->p_pid, p->p_comm, (int)fp->f_regs[_R_SP]);
} else
printf("curlwp == NULL ");
printf("ksp=%p\n", &status);
#if defined(DDB)
kdb_trap(type, (mips_reg_t *) frame);
/* XXX force halt XXX */
#elif defined(KGDB)
{
struct frame *f = (struct frame *)&ddb_regs;
extern mips_reg_t kgdb_cause, kgdb_vaddr;
kgdb_cause = cause;
kgdb_vaddr = vaddr;
/*
* init global ddb_regs, used in db_interface.c routines
* shared between ddb and gdb. Send ddb_regs to gdb so
* that db_machdep.h macros will work with it, and
* allow gdb to alter the PC.
*/
db_set_ddb_regs(type, (mips_reg_t *) frame);
PC_BREAK_ADVANCE(f);
if (kgdb_trap(type, &ddb_regs)) {
((mips_reg_t *)frame)[21] = f->f_regs[_R_PC];
return;
}
}
#else
panic("trap: dopanic: notyet");
#endif
/*NOTREACHED*/
case T_TLB_MOD:
panic("trap: T_TLB_MOD: notyet");
#if notyet
if (KERNLAND(vaddr)) {
pt_entry_t *pte;
unsigned entry;
paddr_t pa;
pte = kvtopte(vaddr);
entry = pte->pt_entry;
if (!avr32_pte_v(entry) /*|| (entry & mips_pg_m_bit())*/) {
panic("ktlbmod: invalid pte");
}
if (entry & avr32_pte_ropage_bit()) {
/* write to read only page in the kernel */
ftype = VM_PROT_WRITE;
goto kernelfault;
}
entry |= mips_pg_m_bit(); /* XXXAVR32 Do it on tlbarlo/ tlbarhi? */
pte->pt_entry = entry;
vaddr &= ~PGOFSET;
MachTLBUpdate(vaddr, entry);
pa = avr32_tlbpfn_to_paddr(entry);
if (!IS_VM_PHYSADDR(pa)) {
printf("ktlbmod: va %#lx pa %#llx\n",
vaddr, (long long)pa);
panic("ktlbmod: unmanaged page");
}
pmap_set_modified(pa);
return; /* KERN */
}
/*FALLTHROUGH*/
#endif
case T_TLB_MOD+T_USER:
panic("trap: T_TLB_MOD+T_USER: notyet");
#if notyet
{
pt_entry_t *pte;
unsigned entry;
paddr_t pa;
pmap_t pmap;
pmap = p->p_vmspace->vm_map.pmap;
if (!(pte = pmap_segmap(pmap, vaddr)))
panic("utlbmod: invalid segmap");
pte += (vaddr >> PGSHIFT) & (NPTEPG - 1);
entry = pte->pt_entry;
if (!avr32_pte_v(entry))
panic("utlbmod: invalid pte");
if (entry & avr32_pte_ropage_bit()) {
/* write to read only page */
ftype = VM_PROT_WRITE;
goto pagefault;
}
/* entry |= mips_pg_m_bit(); XXXAVR32 Do it on tlbarlo/ tlbarhi? */
pte->pt_entry = entry;
vaddr = (vaddr & ~PGOFSET) |
(pmap->pm_asid << AVR32_TLB_PID_SHIFT);
MachTLBUpdate(vaddr, entry);
pa = avr32_tlbpfn_to_paddr(entry);
if (!IS_VM_PHYSADDR(pa)) {
printf("utlbmod: va %#lx pa %#llx\n",
vaddr, (long long)pa);
panic("utlbmod: unmanaged page");
}
pmap_set_modified(pa);
if (type & T_USER)
userret(l);
return; /* GEN */
}
#endif
case T_TLB_LD_MISS:
panic("trap: T_TLB_LD_MISS: notyet");
case T_TLB_ST_MISS:
ftype = (type == T_TLB_LD_MISS) ? VM_PROT_READ : VM_PROT_WRITE;
if (KERNLAND(vaddr))
goto kernelfault;
panic("trap: T_TLB_ST_MISS: notyet");
#if notyet
/*
* It is an error for the kernel to access user space except
* through the copyin/copyout routines.
*/
if (l == NULL || l->l_addr->u_pcb.pcb_onfault == NULL)
goto dopanic;
/* check for fuswintr() or suswintr() getting a page fault */
if (l->l_addr->u_pcb.pcb_onfault == (void *)fswintrberr) {
frame->tf_regs[TF_EPC] = (int)fswintrberr;
return; /* KERN */
}
goto pagefault;
#endif
case T_TLB_LD_MISS+T_USER:
panic("trap: T_TLB_LD_MISS+T_USER: notyet");
#if notyet
ftype = VM_PROT_READ;
goto pagefault;
#endif
case T_TLB_ST_MISS+T_USER:
panic("trap: T_TLB_ST_MISS+T_USER: notyet");
#if notyet
ftype = VM_PROT_WRITE;
#endif
pagefault: ;
{
vaddr_t va;
struct vmspace *vm;
struct vm_map *map;
int rv;
vm = p->p_vmspace;
map = &vm->vm_map;
va = trunc_page(vaddr);
if ((l->l_flag & LW_SA) && (~l->l_pflag & LP_SA_NOBLOCK)) {
l->l_savp->savp_faultaddr = (vaddr_t)vaddr;
l->l_pflag |= LP_SA_PAGEFAULT;
}
if (p->p_emul->e_fault)
rv = (*p->p_emul->e_fault)(p, va, ftype);
else
rv = uvm_fault(map, va, ftype);
#ifdef VMFAULT_TRACE
printf(
"uvm_fault(%p (pmap %p), %lx (0x%x), %d) -> %d at pc %p\n",
map, vm->vm_map.pmap, va, vaddr, ftype, rv, (void*)opc);
#endif
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if ((void *)va >= vm->vm_maxsaddr) {
if (rv == 0){
uvm_grow(p, va);
}
else if (rv == EACCES)
rv = EFAULT;
}
l->l_pflag &= ~LP_SA_PAGEFAULT;
if (rv == 0) {
if (type & T_USER) {
userret(l);
}
return; /* GEN */
}
if ((type & T_USER) == 0)
goto copyfault;
if (rv == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
l->l_cred ?
kauth_cred_geteuid(l->l_cred) : (uid_t) -1);
ksi.ksi_signo = SIGKILL;
ksi.ksi_code = 0;
} else {
if (rv == EACCES) {
ksi.ksi_signo = SIGBUS;
ksi.ksi_code = BUS_OBJERR;
} else {
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_MAPERR;
}
}
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_addr = (void *)vaddr;
break; /* SIGNAL */
}
kernelfault: ;
{
vaddr_t va;
int rv;
va = trunc_page(vaddr);
rv = uvm_fault(kernel_map, va, ftype);
if (rv == 0)
return; /* KERN */
/*FALLTHROUGH*/
}
case T_ADDR_ERR_LD: /* misaligned access */
case T_ADDR_ERR_ST: /* misaligned access */
case T_BUS_ERR_LD_ST: /* BERR asserted to CPU */
copyfault:
panic("trap: copyfault: notyet");
#if notyet
if (l == NULL || l->l_addr->u_pcb.pcb_onfault == NULL)
goto dopanic;
frame->tf_regs[TF_EPC] = (intptr_t)l->l_addr->u_pcb.pcb_onfault;
return; /* KERN */
#endif
#if notyet
case T_ADDR_ERR_LD+T_USER: /* misaligned or kseg access */
case T_ADDR_ERR_ST+T_USER: /* misaligned or kseg access */
case T_BUS_ERR_IFETCH+T_USER: /* BERR asserted to CPU */
case T_BUS_ERR_LD_ST+T_USER: /* BERR asserted to CPU */
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGSEGV; /* XXX */
ksi.ksi_addr = (void *)vaddr;
ksi.ksi_code = SEGV_MAPERR; /* XXX */
break; /* SIGNAL */
case T_BREAK:
panic("trap: T_BREAK: notyet");
#if defined(DDB)
kdb_trap(type, (avr32_reg_t *) frame);
return; /* KERN */
#elif defined(KGDB)
{
struct frame *f = (struct frame *)&ddb_regs;
extern avr32_reg_t kgdb_cause, kgdb_vaddr;
kgdb_cause = cause;
kgdb_vaddr = vaddr;
/*
* init global ddb_regs, used in db_interface.c routines
* shared between ddb and gdb. Send ddb_regs to gdb so
* that db_machdep.h macros will work with it, and
* allow gdb to alter the PC.
*/
db_set_ddb_regs(type, (avr32_reg_t *) frame);
PC_BREAK_ADVANCE(f);
if (!kgdb_trap(type, &ddb_regs))
printf("kgdb: ignored %s\n",
trap_type[TRAPTYPE(cause)]);
else
((avr32_reg_t *)frame)[21] = f->f_regs[_R_PC];
return;
}
#else
goto dopanic;
#endif
case T_BREAK+T_USER:
{
vaddr_t va;
uint32_t instr;
int rv;
/* compute address of break instruction */
va = (DELAYBRANCH(cause)) ? opc + sizeof(int) : opc;
/* read break instruction */
instr = fuiword((void *)va);
if (l->l_md.md_ss_addr != va || instr != MIPS_BREAK_SSTEP) {
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGTRAP;
ksi.ksi_addr = (void *)va;
ksi.ksi_code = TRAP_TRACE;
break;
}
/*
* Restore original instruction and clear BP
*/
rv = suiword((void *)va, l->l_md.md_ss_instr);
if (rv < 0) {
vaddr_t sa, ea;
sa = trunc_page(va);
ea = round_page(va + sizeof(int) - 1);
rv = uvm_map_protect(&p->p_vmspace->vm_map,
sa, ea, VM_PROT_ALL, false);
if (rv == 0) {
rv = suiword((void *)va, l->l_md.md_ss_instr);
(void)uvm_map_protect(&p->p_vmspace->vm_map,
sa, ea, VM_PROT_READ|VM_PROT_EXECUTE, false);
}
}
mips_icache_sync_all(); /* XXXJRT -- necessary? */
mips_dcache_wbinv_all(); /* XXXJRT -- necessary? */
if (rv < 0)
printf("Warning: can't restore instruction at 0x%lx: 0x%x\n",
l->l_md.md_ss_addr, l->l_md.md_ss_instr);
l->l_md.md_ss_addr = 0;
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGTRAP;
ksi.ksi_addr = (void *)va;
ksi.ksi_code = TRAP_BRKPT;
break; /* SIGNAL */
}
case T_RES_INST+T_USER:
case T_COP_UNUSABLE+T_USER:
#if !defined(SOFTFLOAT) && !defined(NOFPU)
if ((cause & MIPS_CR_COP_ERR) == 0x10000000) {
struct frame *f;
f = (struct frame *)l->l_md.md_regs;
savefpregs(fpcurlwp); /* yield FPA */
loadfpregs(l); /* load FPA */
fpcurlwp = l;
l->l_md.md_flags |= MDP_FPUSED;
f->f_regs[_R_SR] |= MIPS_SR_COP_1_BIT;
} else
#endif
{
MachEmulateInst(status, cause, opc, l->l_md.md_regs);
}
userret(l);
return; /* GEN */
case T_FPE+T_USER:
panic ("trap: T_FPE+T_USER: notyet");
#if defined(SOFTFLOAT)
MachEmulateInst(status, cause, opc, l->l_md.md_regs);
#elif !defined(NOFPU)
MachFPTrap(status, cause, opc, l->l_md.md_regs);
#endif
userret(l);
return; /* GEN */
case T_OVFLOW+T_USER:
case T_TRAP+T_USER:
ksi.ksi_trap = type & ~T_USER;
ksi.ksi_signo = SIGFPE;
fp = (struct frame *)l->l_md.md_regs;
ksi.ksi_addr = (void *)fp->f_regs[_R_PC];
ksi.ksi_code = FPE_FLTOVF; /* XXX */
break; /* SIGNAL */
#endif
}
panic("trap: post-switch: notyet");
#if notyet
fp = (struct frame *)l->l_md.md_regs;
fp->f_regs[_R_CAUSE] = cause;
fp->f_regs[_R_BADVADDR] = vaddr;
(*p->p_emul->e_trapsignal)(l, &ksi);
if ((type & T_USER) == 0)
panic("trapsignal");
userret(l);
#endif
return;
}
static int
linux_restore_sigcontext(struct lwp *l, struct linux_sigcontext *scp,
register_t *retval)
{
struct proc *p = l->l_proc;
struct sigaltstack *sas = &l->l_sigstk;
struct trapframe *tf;
sigset_t mask;
ssize_t ss_gap;
/* Restore register context. */
tf = l->l_md.md_regs;
DPRINTF(("sigreturn enter esp=0x%x eip=0x%x\n", tf->tf_esp, tf->tf_eip));
#ifdef VM86
if (scp->sc_eflags & PSL_VM) {
void syscall_vm86(struct trapframe *);
tf->tf_vm86_gs = scp->sc_gs;
tf->tf_vm86_fs = scp->sc_fs;
tf->tf_vm86_es = scp->sc_es;
tf->tf_vm86_ds = scp->sc_ds;
set_vflags(l, scp->sc_eflags);
p->p_md.md_syscall = syscall_vm86;
} else
#endif
{
/*
* Check for security violations. If we're returning to
* protected mode, the CPU will validate the segment registers
* automatically and generate a trap on violations. We handle
* the trap, rather than doing all of the checking here.
*/
if (((scp->sc_eflags ^ tf->tf_eflags) & PSL_USERSTATIC) != 0 ||
!USERMODE(scp->sc_cs, scp->sc_eflags))
return EINVAL;
tf->tf_gs = scp->sc_gs;
tf->tf_fs = scp->sc_fs;
tf->tf_es = scp->sc_es;
tf->tf_ds = scp->sc_ds;
#ifdef VM86
if (tf->tf_eflags & PSL_VM)
(*p->p_emul->e_syscall_intern)(p);
#endif
tf->tf_eflags = scp->sc_eflags;
}
tf->tf_edi = scp->sc_edi;
tf->tf_esi = scp->sc_esi;
tf->tf_ebp = scp->sc_ebp;
tf->tf_ebx = scp->sc_ebx;
tf->tf_edx = scp->sc_edx;
tf->tf_ecx = scp->sc_ecx;
tf->tf_eax = scp->sc_eax;
tf->tf_eip = scp->sc_eip;
tf->tf_cs = scp->sc_cs;
tf->tf_esp = scp->sc_esp_at_signal;
tf->tf_ss = scp->sc_ss;
/* Restore signal stack. */
/*
* Linux really does it this way; it doesn't have space in sigframe
* to save the onstack flag.
*/
mutex_enter(p->p_lock);
ss_gap = (ssize_t)((char *)scp->sc_esp_at_signal - (char *)sas->ss_sp);
if (ss_gap >= 0 && ss_gap < sas->ss_size)
sas->ss_flags |= SS_ONSTACK;
else
sas->ss_flags &= ~SS_ONSTACK;
/* Restore signal mask. */
linux_old_to_native_sigset(&mask, &scp->sc_mask);
(void) sigprocmask1(l, SIG_SETMASK, &mask, 0);
mutex_exit(p->p_lock);
DPRINTF(("sigreturn exit esp=0x%x eip=0x%x\n", tf->tf_esp, tf->tf_eip));
return EJUSTRETURN;
}
/* Instruction pointers operate differently on mc88110 */
void
m88110_syscall(register_t code, struct trapframe *tf)
{
int i, nsys, nap;
struct sysent *callp;
struct proc *p;
int error;
register_t args[11], rval[2], *ap;
u_quad_t sticks;
#ifdef DIAGNOSTIC
extern struct pcb *curpcb;
#endif
uvmexp.syscalls++;
p = curproc;
callp = p->p_emul->e_sysent;
nsys = p->p_emul->e_nsysent;
#ifdef DIAGNOSTIC
if (USERMODE(tf->tf_epsr) == 0)
panic("syscall");
if (curpcb != &p->p_addr->u_pcb)
panic("syscall curpcb/ppcb");
if (tf != (struct trapframe *)&curpcb->user_state)
panic("syscall trapframe");
#endif
sticks = p->p_sticks;
p->p_md.md_tf = tf;
/*
* For 88k, all the arguments are passed in the registers (r2-r12)
* For syscall (and __syscall), r2 (and r3) has the actual code.
* __syscall takes a quad syscall number, so that other
* arguments are at their natural alignments.
*/
ap = &tf->tf_r[2];
nap = 11; /* r2-r12 */
switch (code) {
case SYS_syscall:
code = *ap++;
nap--;
break;
case SYS___syscall:
if (callp != sysent)
break;
code = ap[_QUAD_LOWWORD];
ap += 2;
nap -= 2;
break;
}
/* Callp currently points to syscall, which returns ENOSYS. */
if (code < 0 || code >= nsys)
callp += p->p_emul->e_nosys;
else {
callp += code;
i = callp->sy_argsize / sizeof(register_t);
if (i > nap)
panic("syscall nargs");
/*
* just copy them; syscall stub made sure all the
* args are moved from user stack to registers.
*/
bcopy((caddr_t)ap, (caddr_t)args, i * sizeof(register_t));
}
#ifdef SYSCALL_DEBUG
scdebug_call(p, code, args);
#endif
#ifdef KTRACE
if (KTRPOINT(p, KTR_SYSCALL))
ktrsyscall(p, code, callp->sy_argsize, args);
#endif
rval[0] = 0;
rval[1] = tf->tf_r[3];
#if NSYSTRACE > 0
if (ISSET(p->p_flag, P_SYSTRACE))
error = systrace_redirect(code, p, args, rval);
else
#endif
error = (*callp->sy_call)(p, args, rval);
/*
* system call will look like:
* ld r10, r31, 32; r10,r11,r12 might be garbage.
* ld r11, r31, 36
* ld r12, r31, 40
* or r13, r0, <code>
* tb0 0, r0, <128> <- exip
* br err <- enip
* jmp r1
* err: or.u r3, r0, hi16(errno)
* st r2, r3, lo16(errno)
* subu r2, r0, 1
* jmp r1
*
* So, when we take syscall trap, exip/enip will be as
* shown above.
* Given this,
* 1. If the system call returned 0, need to jmp r1.
* exip += 8
* 2. If the system call returned an errno > 0, increment
* exip += 4 and plug the value in r2. This will have us
* executing "br err" on return to user space.
* 3. If the system call code returned ERESTART,
* we need to rexecute the trap instruction. leave exip as is.
* 4. If the system call returned EJUSTRETURN, just return.
* exip += 4
*/
switch (error) {
case 0:
/*
* If fork succeeded and we are the child, our stack
* has moved and the pointer tf is no longer valid,
* and p is wrong. Compute the new trapframe pointer.
* (The trap frame invariably resides at the
* tippity-top of the u. area.)
*/
p = curproc;
tf = (struct trapframe *)USER_REGS(p);
tf->tf_r[2] = rval[0];
tf->tf_r[3] = rval[1];
tf->tf_epsr &= ~PSR_C;
/* skip two instructions */
if (tf->tf_exip & 1)
tf->tf_exip = tf->tf_enip + 4;
else
tf->tf_exip += 4 + 4;
break;
case ERESTART:
/*
* Reexecute the trap.
* exip is already at the trap instruction, so
* there is nothing to do.
*/
tf->tf_epsr &= ~PSR_C;
break;
case EJUSTRETURN:
tf->tf_epsr &= ~PSR_C;
/* skip one instruction */
if (tf->tf_exip & 1)
tf->tf_exip = tf->tf_enip;
else
tf->tf_exip += 4;
break;
default:
if (p->p_emul->e_errno)
error = p->p_emul->e_errno[error];
tf->tf_r[2] = error;
tf->tf_epsr |= PSR_C; /* fail */
/* skip one instruction */
if (tf->tf_exip & 1)
tf->tf_exip = tf->tf_enip;
else
tf->tf_exip += 4;
break;
}
#ifdef SYSCALL_DEBUG
scdebug_ret(p, code, error, rval);
#endif
userret(p, tf, sticks);
#ifdef KTRACE
if (KTRPOINT(p, KTR_SYSRET))
ktrsysret(p, code, error, rval[0]);
#endif
}
void
db_stack_trace_print(db_expr_t addr, bool have_addr, db_expr_t count,
const char *modif, void (*pr)(const char *, ...))
{
register_t *fp, pc, rp;
bool kernel_only = true;
bool trace_thread = false;
bool lwpaddr = false;
db_sym_t sym;
db_expr_t off;
const char *name;
const char *cp = modif;
char c;
if (count < 0)
count = 65536;
while ((c = *cp++) != 0) {
if (c == 'a') {
lwpaddr = true;
trace_thread = true;
}
if (c == 't')
trace_thread = true;
if (c == 'u')
kernel_only = false;
}
if (!have_addr) {
fp = (register_t *)ddb_regs.tf_r3;
pc = ddb_regs.tf_iioq_head;
rp = ddb_regs.tf_rp;
} else {
if (trace_thread) {
struct proc *p;
struct user *u;
struct lwp *l;
if (lwpaddr) {
l = (struct lwp *)addr;
p = l->l_proc;
(*pr)("trace: pid %d ", p->p_pid);
} else {
(*pr)("trace: pid %d ", (int)addr);
p = p_find(addr, PFIND_LOCKED);
if (p == NULL) {
(*pr)("not found\n");
return;
}
l = LIST_FIRST(&p->p_lwps);
KASSERT(l != NULL);
}
(*pr)("lid %d ", l->l_lid);
if (!(l->l_flag & LW_INMEM)) {
(*pr)("swapped out\n");
return;
}
u = l->l_addr;
if (p == curproc && l == curlwp) {
fp = (int *)ddb_regs.tf_r3;
pc = ddb_regs.tf_iioq_head;
rp = ddb_regs.tf_rp;
} else {
/* cpu_switchto fp, and return point */
fp = (int *)(u->u_pcb.pcb_ksp -
(HPPA_FRAME_SIZE + 16*4));
pc = 0;
rp = fp[-5];
}
(*pr)("at %p\n", fp);
} else {
pc = 0;
fp = (register_t *)addr;
rp = fp[-5];
}
}
while (fp && count--) {
#ifdef DDB_DEBUG
pr(">> %08x %08x %08x\t", fp, pc, rp);
#endif
if (USERMODE(pc))
return;
sym = db_search_symbol(pc, DB_STGY_ANY, &off);
db_symbol_values (sym, &name, NULL);
pr("%s() at ", name);
db_printsym(pc, DB_STGY_PROC, pr);
pr("\n");
/* XXX NH - unwind info here */
/* aue = ue_find(pc); */
/*
* get rp?
* fp -= ue_total_frame_size(aue)
*/
/*
* if a terminal frame then report the trapframe
* and continue after it (if not the last one).
*/
if (!fp[0]) {
register_t *scargs;
struct trapframe *tf;
int scoff;
/* Stack space for syscall args */
scoff = HPPA_FRAME_ROUND(HPPA_FRAME_SIZE + HPPA_FRAME_MAXARGS);
scargs = (register_t *)((char *)fp - scoff);
tf = (struct trapframe *)((char *)scargs - sizeof(*tf));
if (tf->tf_flags & TFF_SYS)
pr("-- syscall #%d(%x, %x, %x, %x, ...)\n",
tf->tf_t1, scargs[1], scargs[2],
scargs[3], scargs[4]);
else
pr("-- trap #%d%s\n", tf->tf_flags & 0x3f,
(tf->tf_flags & T_USER)? " from user" : "");
if (!(tf->tf_flags & TFF_LAST)) {
fp = (register_t *)tf->tf_r3;
pc = tf->tf_iioq_head;
rp = tf->tf_rp;
} else {
pc = 0;
fp = 0;
}
} else {
/* next frame */
fp = (register_t *)fp[0];
pc = rp;
rp = fp[-5];
}
}
if (count && pc) {
db_printsym(pc, DB_STGY_XTRN, pr);
pr(":\n");
}
}
void
m88110_trap(u_int type, struct trapframe *frame)
{
struct proc *p;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type;
u_long fault_code;
vaddr_t fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
u_int psr;
#endif
int sig = 0;
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
fault_type = SI_NOINFO;
fault_code = 0;
fault_addr = frame->tf_exip & XIP_ADDR;
/*
* 88110 errata #16 (4.2) or #3 (5.1.1):
* ``bsr, br, bcnd, jsr and jmp instructions with the .n extension
* can cause the enip value to be incremented by 4 incorrectly
* if the instruction in the delay slot is the first word of a
* page which misses in the mmu and results in a hardware
* tablewalk which encounters an exception or an invalid
* descriptor. The exip value in this case will point to the
* first word of the page, and the D bit will be set.
*
* Note: if the instruction is a jsr.n r1, r1 will be overwritten
* with erroneous data. Therefore, no recovery is possible. Do
* not allow this instruction to occupy the last word of a page.
*
* Suggested fix: recover in general by backing up the exip by 4
* and clearing the delay bit before an rte when the lower 3 hex
* digits of the exip are 001.''
*/
if ((frame->tf_exip & PAGE_MASK) == 0x00000001 && type == T_INSTFLT) {
u_int instr;
/*
* Note that we have initialized fault_addr above, so that
* signals provide the correct address if necessary.
*/
frame->tf_exip = (frame->tf_exip & ~1) - 4;
/*
* Check the instruction at the (backed up) exip.
* If it is a jsr.n, abort.
*/
if (!USERMODE(frame->tf_epsr)) {
instr = *(u_int *)fault_addr;
if (instr == 0xf400cc01)
panic("mc88110 errata #16, exip %p enip %p",
(frame->tf_exip + 4) | 1, frame->tf_enip);
} else {
/* copyin here should not fail */
if (copyin((const void *)frame->tf_exip, &instr,
sizeof instr) == 0 &&
instr == 0xf400cc01) {
uprintf("mc88110 errata #16, exip %p enip %p",
(frame->tf_exip + 4) | 1, frame->tf_enip);
sig = SIGILL;
}
}
}
if (USERMODE(frame->tf_epsr)) {
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
if (sig != 0)
goto deliver;
switch (type) {
default:
lose:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#ifdef DEBUG
case T_110_DRM+T_USER:
case T_110_DRM:
printf("DMMU read miss: Hardware Table Searches should be enabled!\n");
goto lose;
case T_110_DWM+T_USER:
case T_110_DWM:
printf("DMMU write miss: Hardware Table Searches should be enabled!\n");
goto lose;
case T_110_IAM+T_USER:
case T_110_IAM:
printf("IMMU miss: Hardware Table Searches should be enabled!\n");
goto lose;
#endif
#ifdef DDB
case T_KDB_TRACE:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_TRACE, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_BREAK:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
set_psr(psr);
/* skip trap instruction */
m88110_skip_insn(frame);
splx(s);
return;
#endif /* DDB */
case T_ILLFLT:
/*
* The 88110 seems to trigger an instruction fault in
* supervisor mode when running the following sequence:
*
* bcnd.n cond, reg, 1f
* arithmetic insn
* ...
* the same exact arithmetic insn
* 1: another arithmetic insn stalled by the previous one
* ...
*
* The exception is reported with exip pointing to the
* branch address. I don't know, at this point, if there
* is any better workaround than the aggressive one
* implemented below; I don't see how this could relate to
* any of the 88110 errata (although it might be related to
* branch prediction).
*
* For the record, the exact sequence triggering the
* spurious exception is:
*
* bcnd.n eq0, r2, 1f
* or r25, r0, r22
* bsr somewhere
* or r25, r0, r22
* 1: cmp r13, r25, r20
*
* within the same cache line.
*
* Simply ignoring the exception and returning does not
* cause the exception to disappear. Clearing the
* instruction cache works, but on 88110+88410 systems,
* the 88410 needs to be invalidated as well. (note that
* the size passed to the flush routines does not matter
* since there is no way to flush a subset of the 88110
* I$ anyway)
*/
{
extern void *kernel_text, *etext;
if (fault_addr >= (vaddr_t)&kernel_text &&
fault_addr < (vaddr_t)&etext) {
cmmu_icache_inv(curcpu()->ci_cpuid,
trunc_page(fault_addr), PAGE_SIZE);
cmmu_cache_wbinv(curcpu()->ci_cpuid,
trunc_page(fault_addr), PAGE_SIZE);
return;
}
}
goto lose;
case T_MISALGNFLT:
printf("kernel misaligned access exception @%p\n",
frame->tf_exip);
goto lose;
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
printf("Kernel Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
goto lose;
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dsr & CMMU_DSR_SU) == 0) {
KERNEL_LOCK();
goto m88110_user_fault;
}
#ifdef TRAPDEBUG
printf("Kernel Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
va = trunc_page((vaddr_t)fault_addr);
KERNEL_LOCK();
vm = p->p_vmspace;
map = kernel_map;
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/*
* On a segment or a page fault, call uvm_fault() to
* resolve the fault.
*/
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
/*
* This could be a fault caused in copyout*()
* while accessing kernel space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result == 0) {
KERNEL_UNLOCK();
return;
}
}
KERNEL_UNLOCK();
goto lose;
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
KERNEL_LOCK();
m88110_user_fault:
if (type == T_INSTFLT+T_USER) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
#ifdef TRAPDEBUG
printf("User Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
} else {
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
#ifdef TRAPDEBUG
printf("User Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
}
va = trunc_page((vaddr_t)fault_addr);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/*
* Call uvm_fault() to resolve non-bus error faults
* whenever possible.
*/
if (type == T_INSTFLT+T_USER) {
/* instruction faults */
if (frame->tf_isr &
(CMMU_ISR_BE | CMMU_ISR_SP | CMMU_ISR_TBE)) {
/* bus error, supervisor protection */
result = EACCES;
} else
if (frame->tf_isr & (CMMU_ISR_SI | CMMU_ISR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
} else {
#ifdef TRAPDEBUG
printf("Unexpected Instruction fault isr %x\n",
frame->tf_isr);
#endif
KERNEL_UNLOCK();
goto lose;
}
} else {
/* data faults */
if (frame->tf_dsr & CMMU_DSR_BE) {
/* bus error */
result = EACCES;
} else
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
} else
if (frame->tf_dsr & (CMMU_DSR_CP | CMMU_DSR_WA)) {
/* copyback or write allocate error */
result = EACCES;
} else
if (frame->tf_dsr & CMMU_DSR_WE) {
/* write fault */
/* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write
* error, then we already have a pte entry that
* faulted in from a previous seg fault or page
* fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
if (pmap_set_modify(map->pmap, va)) {
#ifdef TRAPDEBUG
printf("Corrected userland write fault, pmap %p va %p\n",
map->pmap, va);
#endif
result = 0;
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected userland write fault, pmap %p va %p\n",
map->pmap, va);
#endif
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
}
} else {
#ifdef TRAPDEBUG
printf("Unexpected Data access fault dsr %x\n",
frame->tf_dsr);
#endif
KERNEL_UNLOCK();
goto lose;
}
}
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0)
uvm_grow(p, va);
else if (result == EACCES)
result = EFAULT;
}
KERNEL_UNLOCK();
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result != 0) {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
if (sig == 0) {
/* skip recovered instruction */
m88110_skip_insn(frame);
goto userexit;
}
break;
case T_PRIVINFLT+T_USER:
fault_type = ILL_PRVREG;
/* FALLTHROUGH */
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
case T_KDB_TRACE:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_FPEPFLT+T_USER:
m88110_fpu_exception(frame);
goto userexit;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
u_int instr;
vaddr_t pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(u_int));
/* check and see if we got here by accident */
if ((p->p_md.md_bp0va != pc &&
p->p_md.md_bp1va != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear breakpoint */
if (p->p_md.md_bp0va == pc) {
ss_put_value(p, pc, p->p_md.md_bp0save);
p->p_md.md_bp0va = 0;
}
if (p->p_md.md_bp1va == pc) {
ss_put_value(p, pc, p->p_md.md_bp1save);
p->p_md.md_bp1va = 0;
}
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
deliver:
sv.sival_ptr = (void *)fault_addr;
KERNEL_LOCK();
trapsignal(p, sig, fault_code, fault_type, sv);
KERNEL_UNLOCK();
}
userexit:
userret(p);
}