trap.c revision 266198
1/* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */ 2 3/*- 4 * Copyright 2004 Olivier Houchard 5 * Copyright 2003 Wasabi Systems, Inc. 6 * All rights reserved. 7 * 8 * Written by Steve C. Woodford for Wasabi Systems, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed for the NetBSD Project by 21 * Wasabi Systems, Inc. 22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse 23 * or promote products derived from this software without specific prior 24 * written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38/*- 39 * Copyright (c) 1994-1997 Mark Brinicombe. 40 * Copyright (c) 1994 Brini. 41 * All rights reserved. 42 * 43 * This code is derived from software written for Brini by Mark Brinicombe 44 * 45 * Redistribution and use in source and binary forms, with or without 46 * modification, are permitted provided that the following conditions 47 * are met: 48 * 1. Redistributions of source code must retain the above copyright 49 * notice, this list of conditions and the following disclaimer. 50 * 2. Redistributions in binary form must reproduce the above copyright 51 * notice, this list of conditions and the following disclaimer in the 52 * documentation and/or other materials provided with the distribution. 53 * 3. All advertising materials mentioning features or use of this software 54 * must display the following acknowledgement: 55 * This product includes software developed by Brini. 56 * 4. The name of the company nor the name of the author may be used to 57 * endorse or promote products derived from this software without specific 58 * prior written permission. 59 * 60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED 61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 70 * SUCH DAMAGE. 71 * 72 * RiscBSD kernel project 73 * 74 * fault.c 75 * 76 * Fault handlers 77 * 78 * Created : 28/11/94 79 */ 80 81 82#include "opt_ktrace.h" 83 84#include <sys/cdefs.h> 85__FBSDID("$FreeBSD: stable/10/sys/arm/arm/trap.c 266198 2014-05-15 22:03:24Z ian $"); 86 87#include <sys/param.h> 88#include <sys/bus.h> 89#include <sys/systm.h> 90#include <sys/proc.h> 91#include <sys/kernel.h> 92#include <sys/lock.h> 93#include <sys/mutex.h> 94#include <sys/syscall.h> 95#include <sys/sysent.h> 96#include <sys/signalvar.h> 97#include <sys/ktr.h> 98#ifdef KTRACE 99#include <sys/uio.h> 100#include <sys/ktrace.h> 101#endif 102#include <sys/ptrace.h> 103#include <sys/pioctl.h> 104 105#include <vm/vm.h> 106#include <vm/pmap.h> 107#include <vm/vm_kern.h> 108#include <vm/vm_map.h> 109#include <vm/vm_extern.h> 110 111#include <machine/armreg.h> 112#include <machine/cpuconf.h> 113#include <machine/vmparam.h> 114#include <machine/frame.h> 115#include <machine/cpu.h> 116#include <machine/intr.h> 117#include <machine/pcb.h> 118#include <machine/proc.h> 119#include <machine/swi.h> 120 121#include <security/audit/audit.h> 122 123#ifdef KDB 124#include <sys/kdb.h> 125#endif 126 127 128void swi_handler(struct trapframe *); 129void undefinedinstruction(struct trapframe *); 130 131#include <machine/disassem.h> 132#include <machine/machdep.h> 133 134extern char fusubailout[]; 135 136#ifdef DEBUG 137int last_fault_code; /* For the benefit of pmap_fault_fixup() */ 138#endif 139 140#if defined(CPU_ARM7TDMI) 141/* These CPUs may need data/prefetch abort fixups */ 142#define CPU_ABORT_FIXUP_REQUIRED 143#endif 144 145struct ksig { 146 int signb; 147 u_long code; 148}; 149struct data_abort { 150 int (*func)(struct trapframe *, u_int, u_int, struct thread *, 151 struct ksig *); 152 const char *desc; 153}; 154 155static int dab_fatal(struct trapframe *, u_int, u_int, struct thread *, 156 struct ksig *); 157static int dab_align(struct trapframe *, u_int, u_int, struct thread *, 158 struct ksig *); 159static int dab_buserr(struct trapframe *, u_int, u_int, struct thread *, 160 struct ksig *); 161 162static const struct data_abort data_aborts[] = { 163 {dab_fatal, "Vector Exception"}, 164 {dab_align, "Alignment Fault 1"}, 165 {dab_fatal, "Terminal Exception"}, 166 {dab_align, "Alignment Fault 3"}, 167 {dab_buserr, "External Linefetch Abort (S)"}, 168 {NULL, "Translation Fault (S)"}, 169#if (ARM_MMU_V6 + ARM_MMU_V7) != 0 170 {NULL, "Translation Flag Fault"}, 171#else 172 {dab_buserr, "External Linefetch Abort (P)"}, 173#endif 174 {NULL, "Translation Fault (P)"}, 175 {dab_buserr, "External Non-Linefetch Abort (S)"}, 176 {NULL, "Domain Fault (S)"}, 177 {dab_buserr, "External Non-Linefetch Abort (P)"}, 178 {NULL, "Domain Fault (P)"}, 179 {dab_buserr, "External Translation Abort (L1)"}, 180 {NULL, "Permission Fault (S)"}, 181 {dab_buserr, "External Translation Abort (L2)"}, 182 {NULL, "Permission Fault (P)"} 183}; 184 185/* Determine if a fault came from user mode */ 186#define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE) 187 188/* Determine if 'x' is a permission fault */ 189#define IS_PERMISSION_FAULT(x) \ 190 (((1 << ((x) & FAULT_TYPE_MASK)) & \ 191 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0) 192 193static __inline void 194call_trapsignal(struct thread *td, int sig, u_long code) 195{ 196 ksiginfo_t ksi; 197 198 ksiginfo_init_trap(&ksi); 199 ksi.ksi_signo = sig; 200 ksi.ksi_code = (int)code; 201 trapsignal(td, &ksi); 202} 203 204static __inline int 205data_abort_fixup(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 206 struct ksig *ksig) 207{ 208#ifdef CPU_ABORT_FIXUP_REQUIRED 209 int error; 210 211 /* Call the cpu specific data abort fixup routine */ 212 error = cpu_dataabt_fixup(tf); 213 if (__predict_true(error != ABORT_FIXUP_FAILED)) 214 return (error); 215 216 /* 217 * Oops, couldn't fix up the instruction 218 */ 219 printf("data_abort_fixup: fixup for %s mode data abort failed.\n", 220 TRAP_USERMODE(tf) ? "user" : "kernel"); 221 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 222 *((u_int *)tf->tf_pc)); 223 disassemble(tf->tf_pc); 224 225 /* Die now if this happened in kernel mode */ 226 if (!TRAP_USERMODE(tf)) 227 dab_fatal(tf, fsr, far, td, NULL, ksig); 228 229 return (error); 230#else 231 return (ABORT_FIXUP_OK); 232#endif /* CPU_ABORT_FIXUP_REQUIRED */ 233} 234 235void 236data_abort_handler(struct trapframe *tf) 237{ 238 struct vm_map *map; 239 struct pcb *pcb; 240 struct thread *td; 241 u_int user, far, fsr; 242 vm_prot_t ftype; 243 void *onfault; 244 vm_offset_t va; 245 int error = 0; 246 struct ksig ksig; 247 struct proc *p; 248 249 250 /* Grab FAR/FSR before enabling interrupts */ 251 far = cpu_faultaddress(); 252 fsr = cpu_faultstatus(); 253#if 0 254 printf("data abort: fault address=%p (from pc=%p lr=%p)\n", 255 (void*)far, (void*)tf->tf_pc, (void*)tf->tf_svc_lr); 256#endif 257 258 /* Update vmmeter statistics */ 259#if 0 260 vmexp.traps++; 261#endif 262 263 td = curthread; 264 p = td->td_proc; 265 266 PCPU_INC(cnt.v_trap); 267 /* Data abort came from user mode? */ 268 user = TRAP_USERMODE(tf); 269 270 if (user) { 271 td->td_pticks = 0; 272 td->td_frame = tf; 273 if (td->td_ucred != td->td_proc->p_ucred) 274 cred_update_thread(td); 275 276 } 277 /* Grab the current pcb */ 278 pcb = td->td_pcb; 279 /* Re-enable interrupts if they were enabled previously */ 280 if (td->td_md.md_spinlock_count == 0) { 281 if (__predict_true(tf->tf_spsr & I32_bit) == 0) 282 enable_interrupts(I32_bit); 283 if (__predict_true(tf->tf_spsr & F32_bit) == 0) 284 enable_interrupts(F32_bit); 285 } 286 287 288 /* Invoke the appropriate handler, if necessary */ 289 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) { 290 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far, 291 td, &ksig)) { 292 goto do_trapsignal; 293 } 294 goto out; 295 } 296 297 /* 298 * At this point, we're dealing with one of the following data aborts: 299 * 300 * FAULT_TRANS_S - Translation -- Section 301 * FAULT_TRANS_P - Translation -- Page 302 * FAULT_DOMAIN_S - Domain -- Section 303 * FAULT_DOMAIN_P - Domain -- Page 304 * FAULT_PERM_S - Permission -- Section 305 * FAULT_PERM_P - Permission -- Page 306 * 307 * These are the main virtual memory-related faults signalled by 308 * the MMU. 309 */ 310 311 /* fusubailout is used by [fs]uswintr to avoid page faulting */ 312 if (__predict_false(pcb->pcb_onfault == fusubailout)) { 313 tf->tf_r0 = EFAULT; 314 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 315 return; 316 } 317 318 /* 319 * Make sure the Program Counter is sane. We could fall foul of 320 * someone executing Thumb code, in which case the PC might not 321 * be word-aligned. This would cause a kernel alignment fault 322 * further down if we have to decode the current instruction. 323 * XXX: It would be nice to be able to support Thumb at some point. 324 */ 325 if (__predict_false((tf->tf_pc & 3) != 0)) { 326 if (user) { 327 /* 328 * Give the user an illegal instruction signal. 329 */ 330 /* Deliver a SIGILL to the process */ 331 ksig.signb = SIGILL; 332 ksig.code = 0; 333 goto do_trapsignal; 334 } 335 336 /* 337 * The kernel never executes Thumb code. 338 */ 339 printf("\ndata_abort_fault: Misaligned Kernel-mode " 340 "Program Counter\n"); 341 dab_fatal(tf, fsr, far, td, &ksig); 342 } 343 344 /* See if the cpu state needs to be fixed up */ 345 switch (data_abort_fixup(tf, fsr, far, td, &ksig)) { 346 case ABORT_FIXUP_RETURN: 347 return; 348 case ABORT_FIXUP_FAILED: 349 /* Deliver a SIGILL to the process */ 350 ksig.signb = SIGILL; 351 ksig.code = 0; 352 goto do_trapsignal; 353 default: 354 break; 355 } 356 357 va = trunc_page((vm_offset_t)far); 358 359 /* 360 * It is only a kernel address space fault iff: 361 * 1. user == 0 and 362 * 2. pcb_onfault not set or 363 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction. 364 */ 365 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS || 366 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) && 367 __predict_true((pcb->pcb_onfault == NULL || 368 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) { 369 map = kernel_map; 370 371 /* Was the fault due to the FPE/IPKDB ? */ 372 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) { 373 374 /* 375 * Force exit via userret() 376 * This is necessary as the FPE is an extension to 377 * userland that actually runs in a priveledged mode 378 * but uses USR mode permissions for its accesses. 379 */ 380 user = 1; 381 ksig.signb = SIGSEGV; 382 ksig.code = 0; 383 goto do_trapsignal; 384 } 385 } else { 386 map = &td->td_proc->p_vmspace->vm_map; 387 } 388 389 /* 390 * We need to know whether the page should be mapped as R or R/W. On 391 * armv6 and later the fault status register indicates whether the 392 * access was a read or write. Prior to armv6, we know that a 393 * permission fault can only be the result of a write to a read-only 394 * location, so we can deal with those quickly. Otherwise we need to 395 * disassemble the faulting instruction to determine if it was a write. 396 */ 397#if ARM_ARCH_6 || ARM_ARCH_7A 398 ftype = (fsr & FAULT_WNR) ? VM_PROT_READ | VM_PROT_WRITE : VM_PROT_READ; 399#else 400 if (IS_PERMISSION_FAULT(fsr)) 401 ftype = VM_PROT_WRITE; 402 else { 403 u_int insn = ReadWord(tf->tf_pc); 404 405 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */ 406 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */ 407 ((insn & 0x0a100000) == 0x08000000)) { /* STM/CDT */ 408 ftype = VM_PROT_WRITE; 409 } else { 410 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */ 411 ftype = VM_PROT_READ | VM_PROT_WRITE; 412 else 413 ftype = VM_PROT_READ; 414 } 415 } 416#endif 417 418 /* 419 * See if the fault is as a result of ref/mod emulation, 420 * or domain mismatch. 421 */ 422#ifdef DEBUG 423 last_fault_code = fsr; 424#endif 425 if (pmap_fault_fixup(vmspace_pmap(td->td_proc->p_vmspace), va, ftype, 426 user)) { 427 goto out; 428 } 429 430 onfault = pcb->pcb_onfault; 431 pcb->pcb_onfault = NULL; 432 if (map != kernel_map) { 433 PROC_LOCK(p); 434 p->p_lock++; 435 PROC_UNLOCK(p); 436 } 437 error = vm_fault(map, va, ftype, VM_FAULT_NORMAL); 438 pcb->pcb_onfault = onfault; 439 440 if (map != kernel_map) { 441 PROC_LOCK(p); 442 p->p_lock--; 443 PROC_UNLOCK(p); 444 } 445 if (__predict_true(error == 0)) 446 goto out; 447 if (user == 0) { 448 if (pcb->pcb_onfault) { 449 tf->tf_r0 = error; 450 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 451 return; 452 } 453 454 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype, 455 error); 456 dab_fatal(tf, fsr, far, td, &ksig); 457 } 458 459 460 if (error == ENOMEM) { 461 printf("VM: pid %d (%s), uid %d killed: " 462 "out of swap\n", td->td_proc->p_pid, td->td_name, 463 (td->td_proc->p_ucred) ? 464 td->td_proc->p_ucred->cr_uid : -1); 465 ksig.signb = SIGKILL; 466 } else { 467 ksig.signb = SIGSEGV; 468 } 469 ksig.code = 0; 470do_trapsignal: 471 call_trapsignal(td, ksig.signb, ksig.code); 472out: 473 /* If returning to user mode, make sure to invoke userret() */ 474 if (user) 475 userret(td, tf); 476} 477 478/* 479 * dab_fatal() handles the following data aborts: 480 * 481 * FAULT_WRTBUF_0 - Vector Exception 482 * FAULT_WRTBUF_1 - Terminal Exception 483 * 484 * We should never see these on a properly functioning system. 485 * 486 * This function is also called by the other handlers if they 487 * detect a fatal problem. 488 * 489 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort. 490 */ 491static int 492dab_fatal(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 493 struct ksig *ksig) 494{ 495 const char *mode; 496 497 mode = TRAP_USERMODE(tf) ? "user" : "kernel"; 498 499 disable_interrupts(I32_bit|F32_bit); 500 if (td != NULL) { 501 printf("Fatal %s mode data abort: '%s'\n", mode, 502 data_aborts[fsr & FAULT_TYPE_MASK].desc); 503 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr); 504 if ((fsr & FAULT_IMPRECISE) == 0) 505 printf("%08x, ", far); 506 else 507 printf("Invalid, "); 508 printf("spsr=%08x\n", tf->tf_spsr); 509 } else { 510 printf("Fatal %s mode prefetch abort at 0x%08x\n", 511 mode, tf->tf_pc); 512 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr); 513 } 514 515 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n", 516 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3); 517 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n", 518 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7); 519 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n", 520 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11); 521 printf("r12=%08x, ", tf->tf_r12); 522 523 if (TRAP_USERMODE(tf)) 524 printf("usp=%08x, ulr=%08x", 525 tf->tf_usr_sp, tf->tf_usr_lr); 526 else 527 printf("ssp=%08x, slr=%08x", 528 tf->tf_svc_sp, tf->tf_svc_lr); 529 printf(", pc =%08x\n\n", tf->tf_pc); 530 531#ifdef KDB 532 if (debugger_on_panic || kdb_active) 533 if (kdb_trap(fsr, 0, tf)) 534 return (0); 535#endif 536 panic("Fatal abort"); 537 /*NOTREACHED*/ 538} 539 540/* 541 * dab_align() handles the following data aborts: 542 * 543 * FAULT_ALIGN_0 - Alignment fault 544 * FAULT_ALIGN_1 - Alignment fault 545 * 546 * These faults are fatal if they happen in kernel mode. Otherwise, we 547 * deliver a bus error to the process. 548 */ 549static int 550dab_align(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 551 struct ksig *ksig) 552{ 553 554 /* Alignment faults are always fatal if they occur in kernel mode */ 555 if (!TRAP_USERMODE(tf)) { 556 if (!td || !td->td_pcb->pcb_onfault) 557 dab_fatal(tf, fsr, far, td, ksig); 558 tf->tf_r0 = EFAULT; 559 tf->tf_pc = (int)td->td_pcb->pcb_onfault; 560 return (0); 561 } 562 563 /* pcb_onfault *must* be NULL at this point */ 564 565 /* See if the cpu state needs to be fixed up */ 566 (void) data_abort_fixup(tf, fsr, far, td, ksig); 567 568 /* Deliver a bus error signal to the process */ 569 ksig->code = 0; 570 ksig->signb = SIGBUS; 571 td->td_frame = tf; 572 573 return (1); 574} 575 576/* 577 * dab_buserr() handles the following data aborts: 578 * 579 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section 580 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page 581 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section 582 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page 583 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1 584 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2 585 * 586 * If pcb_onfault is set, flag the fault and return to the handler. 587 * If the fault occurred in user mode, give the process a SIGBUS. 588 * 589 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2 590 * can be flagged as imprecise in the FSR. This causes a real headache 591 * since some of the machine state is lost. In this case, tf->tf_pc 592 * may not actually point to the offending instruction. In fact, if 593 * we've taken a double abort fault, it generally points somewhere near 594 * the top of "data_abort_entry" in exception.S. 595 * 596 * In all other cases, these data aborts are considered fatal. 597 */ 598static int 599dab_buserr(struct trapframe *tf, u_int fsr, u_int far, struct thread *td, 600 struct ksig *ksig) 601{ 602 struct pcb *pcb = td->td_pcb; 603 604#ifdef __XSCALE__ 605 if ((fsr & FAULT_IMPRECISE) != 0 && 606 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) { 607 /* 608 * Oops, an imprecise, double abort fault. We've lost the 609 * r14_abt/spsr_abt values corresponding to the original 610 * abort, and the spsr saved in the trapframe indicates 611 * ABT mode. 612 */ 613 tf->tf_spsr &= ~PSR_MODE; 614 615 /* 616 * We use a simple heuristic to determine if the double abort 617 * happened as a result of a kernel or user mode access. 618 * If the current trapframe is at the top of the kernel stack, 619 * the fault _must_ have come from user mode. 620 */ 621 if (tf != ((struct trapframe *)pcb->un_32.pcb32_sp) - 1) { 622 /* 623 * Kernel mode. We're either about to die a 624 * spectacular death, or pcb_onfault will come 625 * to our rescue. Either way, the current value 626 * of tf->tf_pc is irrelevant. 627 */ 628 tf->tf_spsr |= PSR_SVC32_MODE; 629 if (pcb->pcb_onfault == NULL) 630 printf("\nKernel mode double abort!\n"); 631 } else { 632 /* 633 * User mode. We've lost the program counter at the 634 * time of the fault (not that it was accurate anyway; 635 * it's not called an imprecise fault for nothing). 636 * About all we can do is copy r14_usr to tf_pc and 637 * hope for the best. The process is about to get a 638 * SIGBUS, so it's probably history anyway. 639 */ 640 tf->tf_spsr |= PSR_USR32_MODE; 641 tf->tf_pc = tf->tf_usr_lr; 642 } 643 } 644 645 /* FAR is invalid for imprecise exceptions */ 646 if ((fsr & FAULT_IMPRECISE) != 0) 647 far = 0; 648#endif /* __XSCALE__ */ 649 650 if (pcb->pcb_onfault) { 651 tf->tf_r0 = EFAULT; 652 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault; 653 return (0); 654 } 655 656 /* See if the cpu state needs to be fixed up */ 657 (void) data_abort_fixup(tf, fsr, far, td, ksig); 658 659 /* 660 * At this point, if the fault happened in kernel mode, we're toast 661 */ 662 if (!TRAP_USERMODE(tf)) 663 dab_fatal(tf, fsr, far, td, ksig); 664 665 /* Deliver a bus error signal to the process */ 666 ksig->signb = SIGBUS; 667 ksig->code = 0; 668 td->td_frame = tf; 669 670 return (1); 671} 672 673static __inline int 674prefetch_abort_fixup(struct trapframe *tf, struct ksig *ksig) 675{ 676#ifdef CPU_ABORT_FIXUP_REQUIRED 677 int error; 678 679 /* Call the cpu specific prefetch abort fixup routine */ 680 error = cpu_prefetchabt_fixup(tf); 681 if (__predict_true(error != ABORT_FIXUP_FAILED)) 682 return (error); 683 684 /* 685 * Oops, couldn't fix up the instruction 686 */ 687 printf( 688 "prefetch_abort_fixup: fixup for %s mode prefetch abort failed.\n", 689 TRAP_USERMODE(tf) ? "user" : "kernel"); 690 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc, 691 *((u_int *)tf->tf_pc)); 692 disassemble(tf->tf_pc); 693 694 /* Die now if this happened in kernel mode */ 695 if (!TRAP_USERMODE(tf)) 696 dab_fatal(tf, 0, tf->tf_pc, NULL, ksig); 697 698 return (error); 699#else 700 return (ABORT_FIXUP_OK); 701#endif /* CPU_ABORT_FIXUP_REQUIRED */ 702} 703 704/* 705 * void prefetch_abort_handler(struct trapframe *tf) 706 * 707 * Abort handler called when instruction execution occurs at 708 * a non existent or restricted (access permissions) memory page. 709 * If the address is invalid and we were in SVC mode then panic as 710 * the kernel should never prefetch abort. 711 * If the address is invalid and the page is mapped then the user process 712 * does no have read permission so send it a signal. 713 * Otherwise fault the page in and try again. 714 */ 715void 716prefetch_abort_handler(struct trapframe *tf) 717{ 718 struct thread *td; 719 struct proc * p; 720 struct vm_map *map; 721 vm_offset_t fault_pc, va; 722 int error = 0; 723 struct ksig ksig; 724 725 726#if 0 727 /* Update vmmeter statistics */ 728 uvmexp.traps++; 729#endif 730#if 0 731 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc, 732 (void*)tf->tf_usr_lr); 733#endif 734 735 td = curthread; 736 p = td->td_proc; 737 PCPU_INC(cnt.v_trap); 738 739 if (TRAP_USERMODE(tf)) { 740 td->td_frame = tf; 741 if (td->td_ucred != td->td_proc->p_ucred) 742 cred_update_thread(td); 743 } 744 fault_pc = tf->tf_pc; 745 if (td->td_md.md_spinlock_count == 0) { 746 if (__predict_true(tf->tf_spsr & I32_bit) == 0) 747 enable_interrupts(I32_bit); 748 if (__predict_true(tf->tf_spsr & F32_bit) == 0) 749 enable_interrupts(F32_bit); 750 } 751 752 /* See if the cpu state needs to be fixed up */ 753 switch (prefetch_abort_fixup(tf, &ksig)) { 754 case ABORT_FIXUP_RETURN: 755 return; 756 case ABORT_FIXUP_FAILED: 757 /* Deliver a SIGILL to the process */ 758 ksig.signb = SIGILL; 759 ksig.code = 0; 760 td->td_frame = tf; 761 goto do_trapsignal; 762 default: 763 break; 764 } 765 766 /* Prefetch aborts cannot happen in kernel mode */ 767 if (__predict_false(!TRAP_USERMODE(tf))) 768 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig); 769 td->td_pticks = 0; 770 771 772 /* Ok validate the address, can only execute in USER space */ 773 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS || 774 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) { 775 ksig.signb = SIGSEGV; 776 ksig.code = 0; 777 goto do_trapsignal; 778 } 779 780 map = &td->td_proc->p_vmspace->vm_map; 781 va = trunc_page(fault_pc); 782 783 /* 784 * See if the pmap can handle this fault on its own... 785 */ 786#ifdef DEBUG 787 last_fault_code = -1; 788#endif 789 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1)) 790 goto out; 791 792 if (map != kernel_map) { 793 PROC_LOCK(p); 794 p->p_lock++; 795 PROC_UNLOCK(p); 796 } 797 798 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE, 799 VM_FAULT_NORMAL); 800 if (map != kernel_map) { 801 PROC_LOCK(p); 802 p->p_lock--; 803 PROC_UNLOCK(p); 804 } 805 806 if (__predict_true(error == 0)) 807 goto out; 808 809 if (error == ENOMEM) { 810 printf("VM: pid %d (%s), uid %d killed: " 811 "out of swap\n", td->td_proc->p_pid, td->td_name, 812 (td->td_proc->p_ucred) ? 813 td->td_proc->p_ucred->cr_uid : -1); 814 ksig.signb = SIGKILL; 815 } else { 816 ksig.signb = SIGSEGV; 817 } 818 ksig.code = 0; 819 820do_trapsignal: 821 call_trapsignal(td, ksig.signb, ksig.code); 822 823out: 824 userret(td, tf); 825 826} 827 828extern int badaddr_read_1(const uint8_t *, uint8_t *); 829extern int badaddr_read_2(const uint16_t *, uint16_t *); 830extern int badaddr_read_4(const uint32_t *, uint32_t *); 831/* 832 * Tentatively read an 8, 16, or 32-bit value from 'addr'. 833 * If the read succeeds, the value is written to 'rptr' and zero is returned. 834 * Else, return EFAULT. 835 */ 836int 837badaddr_read(void *addr, size_t size, void *rptr) 838{ 839 union { 840 uint8_t v1; 841 uint16_t v2; 842 uint32_t v4; 843 } u; 844 int rv; 845 846 cpu_drain_writebuf(); 847 848 /* Read from the test address. */ 849 switch (size) { 850 case sizeof(uint8_t): 851 rv = badaddr_read_1(addr, &u.v1); 852 if (rv == 0 && rptr) 853 *(uint8_t *) rptr = u.v1; 854 break; 855 856 case sizeof(uint16_t): 857 rv = badaddr_read_2(addr, &u.v2); 858 if (rv == 0 && rptr) 859 *(uint16_t *) rptr = u.v2; 860 break; 861 862 case sizeof(uint32_t): 863 rv = badaddr_read_4(addr, &u.v4); 864 if (rv == 0 && rptr) 865 *(uint32_t *) rptr = u.v4; 866 break; 867 868 default: 869 panic("badaddr: invalid size (%lu)", (u_long) size); 870 } 871 872 /* Return EFAULT if the address was invalid, else zero */ 873 return (rv); 874} 875 876int 877cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa) 878{ 879 struct proc *p; 880 register_t *ap; 881 int error; 882 883#ifdef __ARM_EABI__ 884 sa->code = td->td_frame->tf_r7; 885#else 886 sa->code = sa->insn & 0x000fffff; 887#endif 888 ap = &td->td_frame->tf_r0; 889 if (sa->code == SYS_syscall) { 890 sa->code = *ap++; 891 sa->nap--; 892 } else if (sa->code == SYS___syscall) { 893 sa->code = ap[_QUAD_LOWWORD]; 894 sa->nap -= 2; 895 ap += 2; 896 } 897 p = td->td_proc; 898 if (p->p_sysent->sv_mask) 899 sa->code &= p->p_sysent->sv_mask; 900 if (sa->code >= p->p_sysent->sv_size) 901 sa->callp = &p->p_sysent->sv_table[0]; 902 else 903 sa->callp = &p->p_sysent->sv_table[sa->code]; 904 sa->narg = sa->callp->sy_narg; 905 error = 0; 906 memcpy(sa->args, ap, sa->nap * sizeof(register_t)); 907 if (sa->narg > sa->nap) { 908 error = copyin((void *)td->td_frame->tf_usr_sp, sa->args + 909 sa->nap, (sa->narg - sa->nap) * sizeof(register_t)); 910 } 911 if (error == 0) { 912 td->td_retval[0] = 0; 913 td->td_retval[1] = 0; 914 } 915 return (error); 916} 917 918#include "../../kern/subr_syscall.c" 919 920static void 921syscall(struct thread *td, struct trapframe *frame) 922{ 923 struct syscall_args sa; 924 int error; 925 926#ifndef __ARM_EABI__ 927 sa.insn = *(uint32_t *)(frame->tf_pc - INSN_SIZE); 928 switch (sa.insn & SWI_OS_MASK) { 929 case 0: /* XXX: we need our own one. */ 930 break; 931 default: 932 call_trapsignal(td, SIGILL, 0); 933 userret(td, frame); 934 return; 935 } 936#endif 937 sa.nap = 4; 938 939 error = syscallenter(td, &sa); 940 KASSERT(error != 0 || td->td_ar == NULL, 941 ("returning from syscall with td_ar set!")); 942 syscallret(td, error, &sa); 943} 944 945void 946swi_handler(struct trapframe *frame) 947{ 948 struct thread *td = curthread; 949 950 td->td_frame = frame; 951 952 td->td_pticks = 0; 953 /* 954 * Make sure the program counter is correctly aligned so we 955 * don't take an alignment fault trying to read the opcode. 956 */ 957 if (__predict_false(((frame->tf_pc - INSN_SIZE) & 3) != 0)) { 958 call_trapsignal(td, SIGILL, 0); 959 userret(td, frame); 960 return; 961 } 962 /* 963 * Enable interrupts if they were enabled before the exception. 964 * Since all syscalls *should* come from user mode it will always 965 * be safe to enable them, but check anyway. 966 */ 967 if (td->td_md.md_spinlock_count == 0) { 968 if (__predict_true(frame->tf_spsr & I32_bit) == 0) 969 enable_interrupts(I32_bit); 970 if (__predict_true(frame->tf_spsr & F32_bit) == 0) 971 enable_interrupts(F32_bit); 972 } 973 974 syscall(td, frame); 975} 976 977