trap.c revision 266084
1/* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */ 2 3/*- 4 * Copyright 2004 Olivier Houchard 5 * Copyright 2003 Wasabi Systems, Inc. 6 * All rights reserved. 7 * 8 * Written by Steve C. Woodford for Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed for the NetBSD Project by 21 * Wasabi Systems, Inc. 22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 23 * or promote products derived from this software without specific prior 24 * written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38/*- 39 * Copyright (c) 1994-1997 Mark Brinicombe. 40 * Copyright (c) 1994 Brini. 41 * All rights reserved. 42 * 43 * This code is derived from software written for Brini by Mark Brinicombe 44 * 45 * Redistribution and use in source and binary forms, with or without 46 * modification, are permitted provided that the following conditions 47 * are met: 48 * 1. Redistributions of source code must retain the above copyright 49 * notice, this list of conditions and the following disclaimer. 50 * 2. Redistributions in binary form must reproduce the above copyright 51 * notice, this list of conditions and the following disclaimer in the 52 * documentation and/or other materials provided with the distribution. 53 * 3. All advertising materials mentioning features or use of this software 54 * must display the following acknowledgement: 55 * This product includes software developed by Brini. 56 * 4. The name of the company nor the name of the author may be used to 57 * endorse or promote products derived from this software without specific 58 * prior written permission. 59 * 60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED 61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 70 * SUCH DAMAGE. 71 * 72 * RiscBSD kernel project 73 * 74 * fault.c 75 * 76 * Fault handlers 77 * 78 * Created : 28/11/94 79 */ 80 81 82#include "opt_ktrace.h" 83 84#include <sys/cdefs.h> 85__FBSDID("$FreeBSD: stable/10/sys/arm/arm/trap.c 266084 2014-05-14 19:18:58Z ian $"); 86 87#include <sys/param.h> 88#include <sys/bus.h> 89#include <sys/systm.h> 90#include <sys/proc.h> 91#include <sys/kernel.h> 92#include <sys/lock.h> 93#include <sys/mutex.h> 94#include <sys/syscall.h> 95#include <sys/sysent.h> 96#include <sys/signalvar.h> 97#include <sys/ktr.h> 98#ifdef KTRACE 99#include <sys/uio.h> 100#include <sys/ktrace.h> 101#endif 102#include <sys/ptrace.h> 103#include <sys/pioctl.h> 104 105#include <vm/vm.h> 106#include <vm/pmap.h> 107#include <vm/vm_kern.h> 108#include <vm/vm_map.h> 109#include <vm/vm_extern.h> 110 111#include <machine/cpuconf.h> 112#include <machine/vmparam.h> 113#include <machine/frame.h> 114#include <machine/cpu.h> 115#include <machine/intr.h> 116#include <machine/pcb.h> 117#include <machine/proc.h> 118#include <machine/swi.h> 119 120#include <security/audit/audit.h> 121 122#ifdef KDB 123#include <sys/kdb.h> 124#endif 125 126 127void swi_handler(struct trapframe *); 128void undefinedinstruction(struct trapframe *); 129 130#include <machine/disassem.h> 131#include <machine/machdep.h> 132 133extern char fusubailout[]; 134 135#ifdef DEBUG 136int last_fault_code; /* For the benefit of pmap_fault_fixup() */ 137#endif 138 139#if defined(CPU_ARM7TDMI) 140/* These CPUs may need data/prefetch abort fixups */ 141#define CPU_ABORT_FIXUP_REQUIRED 142#endif 143 144struct ksig { 145 int signb; 146 u_long code; 147}; 148struct data_abort { 149 int (*func)(struct trapframe *, u_int, u_int, struct thread *, 150 struct ksig *); 151 const char *desc; 152}; 153 154static int dab_fatal(struct trapframe *, u_int, u_int, struct thread *, 155 struct ksig *); 156static int dab_align(struct trapframe *, u_int, u_int, struct thread *, 157 struct ksig *); 158static int dab_buserr(struct trapframe *, u_int, u_int, struct thread *, 159 struct ksig *); 160 161static const struct data_abort data_aborts[] = { 162 {dab_fatal, "Vector Exception"}, 163 {dab_align, "Alignment Fault 1"}, 164 {dab_fatal, "Terminal Exception"}, 165 {dab_align, "Alignment Fault 3"}, 166 {dab_buserr, "External Linefetch Abort (S)"}, 167 {NULL, "Translation Fault (S)"}, 168#if (ARM_MMU_V6 + ARM_MMU_V7) != 0 169 {NULL, "Translation Flag Fault"}, 170#else 171 {dab_buserr, "External Linefetch Abort (P)"}, 172#endif 173 {NULL, "Translation Fault (P)"}, 174 {dab_buserr, "External Non-Linefetch Abort (S)"}, 175 {NULL, "Domain Fault (S)"}, 176 {dab_buserr, "External Non-Linefetch Abort (P)"}, 177 {NULL, "Domain Fault (P)"}, 178 {dab_buserr, "External Translation Abort (L1)"}, 179 {NULL, "Permission Fault (S)"}, 180 {dab_buserr, "External Translation Abort (L2)"}, 181 {NULL, "Permission Fault (P)"} 182}; 183 184/* Determine if a fault came from user mode */ 185#define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE) 186 187/* Determine if 'x' is a permission fault */ 188#define IS_PERMISSION_FAULT(x) \ 189 (((1 << ((x) & FAULT_TYPE_MASK)) & \ 190 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0) 191 192static __inline void 193call_trapsignal(struct thread *td, int sig, u_long code) 194{ 195 ksiginfo_t ksi; 196 197 ksiginfo_init_trap(&ksi); 198 ksi.ksi_signo = sig; 199 ksi.ksi_code = (int)code; 200 trapsignal(td, &ksi); 201} 202 203static __inline int 204data_abort_fixup(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 205 struct ksig *ksig) 206{ 207#ifdef CPU_ABORT_FIXUP_REQUIRED 208 int error; 209 210 /* Call the cpu specific data abort fixup routine */ 211 error = cpu_dataabt_fixup(tf); 212 if (__predict_true(error != ABORT_FIXUP_FAILED)) 213 return (error); 214 215 /* 216 * Oops, couldn't fix up the instruction 217 */ 218 printf("data_abort_fixup: fixup for %s mode data abort failed.\n", 219 TRAP_USERMODE(tf) ? "user" : "kernel"); 220 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 221 *((u_int *)tf->tf_pc)); 222 disassemble(tf->tf_pc); 223 224 /* Die now if this happened in kernel mode */ 225 if (!TRAP_USERMODE(tf)) 226 dab_fatal(tf, fsr, far, td, NULL, ksig); 227 228 return (error); 229#else 230 return (ABORT_FIXUP_OK); 231#endif /* CPU_ABORT_FIXUP_REQUIRED */ 232} 233 234void 235data_abort_handler(struct trapframe *tf) 236{ 237 struct vm_map *map; 238 struct pcb *pcb; 239 struct thread *td; 240 u_int user, far, fsr; 241 vm_prot_t ftype; 242 void *onfault; 243 vm_offset_t va; 244 int error = 0; 245 struct ksig ksig; 246 struct proc *p; 247 248 249 /* Grab FAR/FSR before enabling interrupts */ 250 far = cpu_faultaddress(); 251 fsr = cpu_faultstatus(); 252#if 0 253 printf("data abort: fault address=%p (from pc=%p lr=%p)\n", 254 (void*)far, (void*)tf->tf_pc, (void*)tf->tf_svc_lr); 255#endif 256 257 /* Update vmmeter statistics */ 258#if 0 259 vmexp.traps++; 260#endif 261 262 td = curthread; 263 p = td->td_proc; 264 265 PCPU_INC(cnt.v_trap); 266 /* Data abort came from user mode? */ 267 user = TRAP_USERMODE(tf); 268 269 if (user) { 270 td->td_pticks = 0; 271 td->td_frame = tf; 272 if (td->td_ucred != td->td_proc->p_ucred) 273 cred_update_thread(td); 274 275 } 276 /* Grab the current pcb */ 277 pcb = td->td_pcb; 278 /* Re-enable interrupts if they were enabled previously */ 279 if (td->td_md.md_spinlock_count == 0) { 280 if (__predict_true(tf->tf_spsr & I32_bit) == 0) 281 enable_interrupts(I32_bit); 282 if (__predict_true(tf->tf_spsr & F32_bit) == 0) 283 enable_interrupts(F32_bit); 284 } 285 286 287 /* Invoke the appropriate handler, if necessary */ 288 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) { 289 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far, 290 td, &ksig)) { 291 goto do_trapsignal; 292 } 293 goto out; 294 } 295 296 /* 297 * At this point, we're dealing with one of the following data aborts: 298 * 299 * FAULT_TRANS_S - Translation -- Section 300 * FAULT_TRANS_P - Translation -- Page 301 * FAULT_DOMAIN_S - Domain -- Section 302 * FAULT_DOMAIN_P - Domain -- Page 303 * FAULT_PERM_S - Permission -- Section 304 * FAULT_PERM_P - Permission -- Page 305 * 306 * These are the main virtual memory-related faults signalled by 307 * the MMU. 308 */ 309 310 /* fusubailout is used by [fs]uswintr to avoid page faulting */ 311 if (__predict_false(pcb->pcb_onfault == fusubailout)) { 312 tf->tf_r0 = EFAULT; 313 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 314 return; 315 } 316 317 /* 318 * Make sure the Program Counter is sane. We could fall foul of 319 * someone executing Thumb code, in which case the PC might not 320 * be word-aligned. This would cause a kernel alignment fault 321 * further down if we have to decode the current instruction. 322 * XXX: It would be nice to be able to support Thumb at some point. 323 */ 324 if (__predict_false((tf->tf_pc & 3) != 0)) { 325 if (user) { 326 /* 327 * Give the user an illegal instruction signal. 328 */ 329 /* Deliver a SIGILL to the process */ 330 ksig.signb = SIGILL; 331 ksig.code = 0; 332 goto do_trapsignal; 333 } 334 335 /* 336 * The kernel never executes Thumb code. 337 */ 338 printf("\ndata_abort_fault: Misaligned Kernel-mode " 339 "Program Counter\n"); 340 dab_fatal(tf, fsr, far, td, &ksig); 341 } 342 343 /* See if the cpu state needs to be fixed up */ 344 switch (data_abort_fixup(tf, fsr, far, td, &ksig)) { 345 case ABORT_FIXUP_RETURN: 346 return; 347 case ABORT_FIXUP_FAILED: 348 /* Deliver a SIGILL to the process */ 349 ksig.signb = SIGILL; 350 ksig.code = 0; 351 goto do_trapsignal; 352 default: 353 break; 354 } 355 356 va = trunc_page((vm_offset_t)far); 357 358 /* 359 * It is only a kernel address space fault iff: 360 * 1. user == 0 and 361 * 2. pcb_onfault not set or 362 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction. 363 */ 364 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS || 365 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) && 366 __predict_true((pcb->pcb_onfault == NULL || 367 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) { 368 map = kernel_map; 369 370 /* Was the fault due to the FPE/IPKDB ? */ 371 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) { 372 373 /* 374 * Force exit via userret() 375 * This is necessary as the FPE is an extension to 376 * userland that actually runs in a priveledged mode 377 * but uses USR mode permissions for its accesses. 378 */ 379 user = 1; 380 ksig.signb = SIGSEGV; 381 ksig.code = 0; 382 goto do_trapsignal; 383 } 384 } else { 385 map = &td->td_proc->p_vmspace->vm_map; 386 } 387 388 /* 389 * We need to know whether the page should be mapped 390 * as R or R/W. The MMU does not give us the info as 391 * to whether the fault was caused by a read or a write. 392 * 393 * However, we know that a permission fault can only be 394 * the result of a write to a read-only location, so 395 * we can deal with those quickly. 396 * 397 * Otherwise we need to disassemble the instruction 398 * responsible to determine if it was a write. 399 */ 400 if (IS_PERMISSION_FAULT(fsr)) 401 ftype = VM_PROT_WRITE; 402 else { 403 u_int insn = ReadWord(tf->tf_pc); 404 405 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */ 406 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */ 407 ((insn & 0x0a100000) == 0x08000000)) { /* STM/CDT */ 408 ftype = VM_PROT_WRITE; 409 } else { 410 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */ 411 ftype = VM_PROT_READ | VM_PROT_WRITE; 412 else 413 ftype = VM_PROT_READ; 414 } 415 } 416 417 /* 418 * See if the fault is as a result of ref/mod emulation, 419 * or domain mismatch. 420 */ 421#ifdef DEBUG 422 last_fault_code = fsr; 423#endif 424 if (pmap_fault_fixup(vmspace_pmap(td->td_proc->p_vmspace), va, ftype, 425 user)) { 426 goto out; 427 } 428 429 onfault = pcb->pcb_onfault; 430 pcb->pcb_onfault = NULL; 431 if (map != kernel_map) { 432 PROC_LOCK(p); 433 p->p_lock++; 434 PROC_UNLOCK(p); 435 } 436 error = vm_fault(map, va, ftype, VM_FAULT_NORMAL); 437 pcb->pcb_onfault = onfault; 438 439 if (map != kernel_map) { 440 PROC_LOCK(p); 441 p->p_lock--; 442 PROC_UNLOCK(p); 443 } 444 if (__predict_true(error == 0)) 445 goto out; 446 if (user == 0) { 447 if (pcb->pcb_onfault) { 448 tf->tf_r0 = error; 449 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 450 return; 451 } 452 453 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype, 454 error); 455 dab_fatal(tf, fsr, far, td, &ksig); 456 } 457 458 459 if (error == ENOMEM) { 460 printf("VM: pid %d (%s), uid %d killed: " 461 "out of swap\n", td->td_proc->p_pid, td->td_name, 462 (td->td_proc->p_ucred) ? 463 td->td_proc->p_ucred->cr_uid : -1); 464 ksig.signb = SIGKILL; 465 } else { 466 ksig.signb = SIGSEGV; 467 } 468 ksig.code = 0; 469do_trapsignal: 470 call_trapsignal(td, ksig.signb, ksig.code); 471out: 472 /* If returning to user mode, make sure to invoke userret() */ 473 if (user) 474 userret(td, tf); 475} 476 477/* 478 * dab_fatal() handles the following data aborts: 479 * 480 * FAULT_WRTBUF_0 - Vector Exception 481 * FAULT_WRTBUF_1 - Terminal Exception 482 * 483 * We should never see these on a properly functioning system. 484 * 485 * This function is also called by the other handlers if they 486 * detect a fatal problem. 487 * 488 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort. 489 */ 490static int 491dab_fatal(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 492 struct ksig *ksig) 493{ 494 const char *mode; 495 496 mode = TRAP_USERMODE(tf) ? "user" : "kernel"; 497 498 disable_interrupts(I32_bit|F32_bit); 499 if (td != NULL) { 500 printf("Fatal %s mode data abort: '%s'\n", mode, 501 data_aborts[fsr & FAULT_TYPE_MASK].desc); 502 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr); 503 if ((fsr & FAULT_IMPRECISE) == 0) 504 printf("%08x, ", far); 505 else 506 printf("Invalid, "); 507 printf("spsr=%08x\n", tf->tf_spsr); 508 } else { 509 printf("Fatal %s mode prefetch abort at 0x%08x\n", 510 mode, tf->tf_pc); 511 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr); 512 } 513 514 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n", 515 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3); 516 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n", 517 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7); 518 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n", 519 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11); 520 printf("r12=%08x, ", tf->tf_r12); 521 522 if (TRAP_USERMODE(tf)) 523 printf("usp=%08x, ulr=%08x", 524 tf->tf_usr_sp, tf->tf_usr_lr); 525 else 526 printf("ssp=%08x, slr=%08x", 527 tf->tf_svc_sp, tf->tf_svc_lr); 528 printf(", pc =%08x\n\n", tf->tf_pc); 529 530#ifdef KDB 531 if (debugger_on_panic || kdb_active) 532 if (kdb_trap(fsr, 0, tf)) 533 return (0); 534#endif 535 panic("Fatal abort"); 536 /*NOTREACHED*/ 537} 538 539/* 540 * dab_align() handles the following data aborts: 541 * 542 * FAULT_ALIGN_0 - Alignment fault 543 * FAULT_ALIGN_1 - Alignment fault 544 * 545 * These faults are fatal if they happen in kernel mode. Otherwise, we 546 * deliver a bus error to the process. 547 */ 548static int 549dab_align(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 550 struct ksig *ksig) 551{ 552 553 /* Alignment faults are always fatal if they occur in kernel mode */ 554 if (!TRAP_USERMODE(tf)) { 555 if (!td || !td->td_pcb->pcb_onfault) 556 dab_fatal(tf, fsr, far, td, ksig); 557 tf->tf_r0 = EFAULT; 558 tf->tf_pc = (int)td->td_pcb->pcb_onfault; 559 return (0); 560 } 561 562 /* pcb_onfault *must* be NULL at this point */ 563 564 /* See if the cpu state needs to be fixed up */ 565 (void) data_abort_fixup(tf, fsr, far, td, ksig); 566 567 /* Deliver a bus error signal to the process */ 568 ksig->code = 0; 569 ksig->signb = SIGBUS; 570 td->td_frame = tf; 571 572 return (1); 573} 574 575/* 576 * dab_buserr() handles the following data aborts: 577 * 578 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section 579 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page 580 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section 581 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page 582 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1 583 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2 584 * 585 * If pcb_onfault is set, flag the fault and return to the handler. 586 * If the fault occurred in user mode, give the process a SIGBUS. 587 * 588 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2 589 * can be flagged as imprecise in the FSR. This causes a real headache 590 * since some of the machine state is lost. In this case, tf->tf_pc 591 * may not actually point to the offending instruction. In fact, if 592 * we've taken a double abort fault, it generally points somewhere near 593 * the top of "data_abort_entry" in exception.S. 594 * 595 * In all other cases, these data aborts are considered fatal. 596 */ 597static int 598dab_buserr(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 599 struct ksig *ksig) 600{ 601 struct pcb *pcb = td->td_pcb; 602 603#ifdef __XSCALE__ 604 if ((fsr & FAULT_IMPRECISE) != 0 && 605 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) { 606 /* 607 * Oops, an imprecise, double abort fault. We've lost the 608 * r14_abt/spsr_abt values corresponding to the original 609 * abort, and the spsr saved in the trapframe indicates 610 * ABT mode. 611 */ 612 tf->tf_spsr &= ~PSR_MODE; 613 614 /* 615 * We use a simple heuristic to determine if the double abort 616 * happened as a result of a kernel or user mode access. 617 * If the current trapframe is at the top of the kernel stack, 618 * the fault _must_ have come from user mode. 619 */ 620 if (tf != ((struct trapframe *)pcb->un_32.pcb32_sp) - 1) { 621 /* 622 * Kernel mode. We're either about to die a 623 * spectacular death, or pcb_onfault will come 624 * to our rescue. Either way, the current value 625 * of tf->tf_pc is irrelevant. 626 */ 627 tf->tf_spsr |= PSR_SVC32_MODE; 628 if (pcb->pcb_onfault == NULL) 629 printf("\nKernel mode double abort!\n"); 630 } else { 631 /* 632 * User mode. We've lost the program counter at the 633 * time of the fault (not that it was accurate anyway; 634 * it's not called an imprecise fault for nothing). 635 * About all we can do is copy r14_usr to tf_pc and 636 * hope for the best. The process is about to get a 637 * SIGBUS, so it's probably history anyway. 638 */ 639 tf->tf_spsr |= PSR_USR32_MODE; 640 tf->tf_pc = tf->tf_usr_lr; 641 } 642 } 643 644 /* FAR is invalid for imprecise exceptions */ 645 if ((fsr & FAULT_IMPRECISE) != 0) 646 far = 0; 647#endif /* __XSCALE__ */ 648 649 if (pcb->pcb_onfault) { 650 tf->tf_r0 = EFAULT; 651 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 652 return (0); 653 } 654 655 /* See if the cpu state needs to be fixed up */ 656 (void) data_abort_fixup(tf, fsr, far, td, ksig); 657 658 /* 659 * At this point, if the fault happened in kernel mode, we're toast 660 */ 661 if (!TRAP_USERMODE(tf)) 662 dab_fatal(tf, fsr, far, td, ksig); 663 664 /* Deliver a bus error signal to the process */ 665 ksig->signb = SIGBUS; 666 ksig->code = 0; 667 td->td_frame = tf; 668 669 return (1); 670} 671 672static __inline int 673prefetch_abort_fixup(struct trapframe *tf, struct ksig *ksig) 674{ 675#ifdef CPU_ABORT_FIXUP_REQUIRED 676 int error; 677 678 /* Call the cpu specific prefetch abort fixup routine */ 679 error = cpu_prefetchabt_fixup(tf); 680 if (__predict_true(error != ABORT_FIXUP_FAILED)) 681 return (error); 682 683 /* 684 * Oops, couldn't fix up the instruction 685 */ 686 printf( 687 "prefetch_abort_fixup: fixup for %s mode prefetch abort failed.\n", 688 TRAP_USERMODE(tf) ? "user" : "kernel"); 689 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 690 *((u_int *)tf->tf_pc)); 691 disassemble(tf->tf_pc); 692 693 /* Die now if this happened in kernel mode */ 694 if (!TRAP_USERMODE(tf)) 695 dab_fatal(tf, 0, tf->tf_pc, NULL, ksig); 696 697 return (error); 698#else 699 return (ABORT_FIXUP_OK); 700#endif /* CPU_ABORT_FIXUP_REQUIRED */ 701} 702 703/* 704 * void prefetch_abort_handler(struct trapframe *tf) 705 * 706 * Abort handler called when instruction execution occurs at 707 * a non existent or restricted (access permissions) memory page. 708 * If the address is invalid and we were in SVC mode then panic as 709 * the kernel should never prefetch abort. 710 * If the address is invalid and the page is mapped then the user process 711 * does no have read permission so send it a signal. 712 * Otherwise fault the page in and try again. 713 */ 714void 715prefetch_abort_handler(struct trapframe *tf) 716{ 717 struct thread *td; 718 struct proc * p; 719 struct vm_map *map; 720 vm_offset_t fault_pc, va; 721 int error = 0; 722 struct ksig ksig; 723 724 725#if 0 726 /* Update vmmeter statistics */ 727 uvmexp.traps++; 728#endif 729#if 0 730 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc, 731 (void*)tf->tf_usr_lr); 732#endif 733 734 td = curthread; 735 p = td->td_proc; 736 PCPU_INC(cnt.v_trap); 737 738 if (TRAP_USERMODE(tf)) { 739 td->td_frame = tf; 740 if (td->td_ucred != td->td_proc->p_ucred) 741 cred_update_thread(td); 742 } 743 fault_pc = tf->tf_pc; 744 if (td->td_md.md_spinlock_count == 0) { 745 if (__predict_true(tf->tf_spsr & I32_bit) == 0) 746 enable_interrupts(I32_bit); 747 if (__predict_true(tf->tf_spsr & F32_bit) == 0) 748 enable_interrupts(F32_bit); 749 } 750 751 /* See if the cpu state needs to be fixed up */ 752 switch (prefetch_abort_fixup(tf, &ksig)) { 753 case ABORT_FIXUP_RETURN: 754 return; 755 case ABORT_FIXUP_FAILED: 756 /* Deliver a SIGILL to the process */ 757 ksig.signb = SIGILL; 758 ksig.code = 0; 759 td->td_frame = tf; 760 goto do_trapsignal; 761 default: 762 break; 763 } 764 765 /* Prefetch aborts cannot happen in kernel mode */ 766 if (__predict_false(!TRAP_USERMODE(tf))) 767 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig); 768 td->td_pticks = 0; 769 770 771 /* Ok validate the address, can only execute in USER space */ 772 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS || 773 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) { 774 ksig.signb = SIGSEGV; 775 ksig.code = 0; 776 goto do_trapsignal; 777 } 778 779 map = &td->td_proc->p_vmspace->vm_map; 780 va = trunc_page(fault_pc); 781 782 /* 783 * See if the pmap can handle this fault on its own... 784 */ 785#ifdef DEBUG 786 last_fault_code = -1; 787#endif 788 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1)) 789 goto out; 790 791 if (map != kernel_map) { 792 PROC_LOCK(p); 793 p->p_lock++; 794 PROC_UNLOCK(p); 795 } 796 797 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE, 798 VM_FAULT_NORMAL); 799 if (map != kernel_map) { 800 PROC_LOCK(p); 801 p->p_lock--; 802 PROC_UNLOCK(p); 803 } 804 805 if (__predict_true(error == 0)) 806 goto out; 807 808 if (error == ENOMEM) { 809 printf("VM: pid %d (%s), uid %d killed: " 810 "out of swap\n", td->td_proc->p_pid, td->td_name, 811 (td->td_proc->p_ucred) ? 812 td->td_proc->p_ucred->cr_uid : -1); 813 ksig.signb = SIGKILL; 814 } else { 815 ksig.signb = SIGSEGV; 816 } 817 ksig.code = 0; 818 819do_trapsignal: 820 call_trapsignal(td, ksig.signb, ksig.code); 821 822out: 823 userret(td, tf); 824 825} 826 827extern int badaddr_read_1(const uint8_t *, uint8_t *); 828extern int badaddr_read_2(const uint16_t *, uint16_t *); 829extern int badaddr_read_4(const uint32_t *, uint32_t *); 830/* 831 * Tentatively read an 8, 16, or 32-bit value from 'addr'. 832 * If the read succeeds, the value is written to 'rptr' and zero is returned. 833 * Else, return EFAULT. 834 */ 835int 836badaddr_read(void *addr, size_t size, void *rptr) 837{ 838 union { 839 uint8_t v1; 840 uint16_t v2; 841 uint32_t v4; 842 } u; 843 int rv; 844 845 cpu_drain_writebuf(); 846 847 /* Read from the test address. */ 848 switch (size) { 849 case sizeof(uint8_t): 850 rv = badaddr_read_1(addr, &u.v1); 851 if (rv == 0 && rptr) 852 *(uint8_t *) rptr = u.v1; 853 break; 854 855 case sizeof(uint16_t): 856 rv = badaddr_read_2(addr, &u.v2); 857 if (rv == 0 && rptr) 858 *(uint16_t *) rptr = u.v2; 859 break; 860 861 case sizeof(uint32_t): 862 rv = badaddr_read_4(addr, &u.v4); 863 if (rv == 0 && rptr) 864 *(uint32_t *) rptr = u.v4; 865 break; 866 867 default: 868 panic("badaddr: invalid size (%lu)", (u_long) size); 869 } 870 871 /* Return EFAULT if the address was invalid, else zero */ 872 return (rv); 873} 874 875int 876cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa) 877{ 878 struct proc *p; 879 register_t *ap; 880 int error; 881 882#ifdef __ARM_EABI__ 883 sa->code = td->td_frame->tf_r7; 884#else 885 sa->code = sa->insn & 0x000fffff; 886#endif 887 ap = &td->td_frame->tf_r0; 888 if (sa->code == SYS_syscall) { 889 sa->code = *ap++; 890 sa->nap--; 891 } else if (sa->code == SYS___syscall) { 892 sa->code = ap[_QUAD_LOWWORD]; 893 sa->nap -= 2; 894 ap += 2; 895 } 896 p = td->td_proc; 897 if (p->p_sysent->sv_mask) 898 sa->code &= p->p_sysent->sv_mask; 899 if (sa->code >= p->p_sysent->sv_size) 900 sa->callp = &p->p_sysent->sv_table[0]; 901 else 902 sa->callp = &p->p_sysent->sv_table[sa->code]; 903 sa->narg = sa->callp->sy_narg; 904 error = 0; 905 memcpy(sa->args, ap, sa->nap * sizeof(register_t)); 906 if (sa->narg > sa->nap) { 907 error = copyin((void *)td->td_frame->tf_usr_sp, sa->args + 908 sa->nap, (sa->narg - sa->nap) * sizeof(register_t)); 909 } 910 if (error == 0) { 911 td->td_retval[0] = 0; 912 td->td_retval[1] = 0; 913 } 914 return (error); 915} 916 917#include "../../kern/subr_syscall.c" 918 919static void 920syscall(struct thread *td, struct trapframe *frame) 921{ 922 struct syscall_args sa; 923 int error; 924 925#ifndef __ARM_EABI__ 926 sa.insn = *(uint32_t *)(frame->tf_pc - INSN_SIZE); 927 switch (sa.insn & SWI_OS_MASK) { 928 case 0: /* XXX: we need our own one. */ 929 break; 930 default: 931 call_trapsignal(td, SIGILL, 0); 932 userret(td, frame); 933 return; 934 } 935#endif 936 sa.nap = 4; 937 938 error = syscallenter(td, &sa); 939 KASSERT(error != 0 || td->td_ar == NULL, 940 ("returning from syscall with td_ar set!")); 941 syscallret(td, error, &sa); 942} 943 944void 945swi_handler(struct trapframe *frame) 946{ 947 struct thread *td = curthread; 948 949 td->td_frame = frame; 950 951 td->td_pticks = 0; 952 /* 953 * Make sure the program counter is correctly aligned so we 954 * don't take an alignment fault trying to read the opcode. 955 */ 956 if (__predict_false(((frame->tf_pc - INSN_SIZE) & 3) != 0)) { 957 call_trapsignal(td, SIGILL, 0); 958 userret(td, frame); 959 return; 960 } 961 /* 962 * Enable interrupts if they were enabled before the exception. 963 * Since all syscalls *should* come from user mode it will always 964 * be safe to enable them, but check anyway. 965 */ 966 if (td->td_md.md_spinlock_count == 0) { 967 if (__predict_true(frame->tf_spsr & I32_bit) == 0) 968 enable_interrupts(I32_bit); 969 if (__predict_true(frame->tf_spsr & F32_bit) == 0) 970 enable_interrupts(F32_bit); 971 } 972 973 syscall(td, frame); 974} 975 976