fault.c revision 1.25.2.2
1 /* $NetBSD: fault.c,v 1.25.2.2 2002/10/24 21:23:57 bjh21 Exp $ */ 2 3 /* 4 * Copyright (c) 1994-1997 Mark Brinicombe. 5 * Copyright (c) 1994 Brini. 6 * All rights reserved. 7 * 8 * This code is derived from software written for Brini by Mark Brinicombe 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by Brini. 21 * 4. The name of the company nor the name of the author may be used to 22 * endorse or promote products derived from this software without specific 23 * prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED 26 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 27 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 29 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 30 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 31 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * RiscBSD kernel project 38 * 39 * fault.c 40 * 41 * Fault handlers 42 * 43 * Created : 28/11/94 44 */ 45 46 #include "opt_ddb.h" 47 #include "opt_pmap_debug.h" 48 49 #include <sys/types.h> 50 __KERNEL_RCSID(0, "$NetBSD: fault.c,v 1.25.2.2 2002/10/24 21:23:57 bjh21 Exp $"); 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/proc.h> 55 #include <sys/user.h> 56 #include <sys/kernel.h> 57 58 #include <uvm/uvm_extern.h> 59 60 #include <arm/cpuconf.h> 61 62 #include <machine/frame.h> 63 #include <arm/arm32/katelib.h> 64 #include <machine/cpu.h> 65 #include <machine/intr.h> 66 #ifdef DDB 67 #include <machine/db_machdep.h> 68 #endif 69 70 #include <arch/arm/arm/disassem.h> 71 #include <arm/arm32/machdep.h> 72 73 extern char fusubailout[]; 74 75 static void report_abort __P((const char *, u_int, u_int, u_int)); 76 77 /* Abort code */ 78 79 /* Define text descriptions of the different aborts */ 80 81 static const char *aborts[16] = { 82 "Write buffer fault", 83 "Alignment fault", 84 "Write buffer fault", 85 "Alignment fault", 86 "Bus error (LF section)", 87 "Translation fault (section)", 88 "Bus error (page)", 89 "Translation fault (page)", 90 "Bus error (section)", 91 "Domain error (section)", 92 "Bus error (page)", 93 "Domain error (page)", 94 "Bus error trans (L1)", 95 "Permission error (section)", 96 "Bus error trans (L2)", 97 "Permission error (page)" 98 }; 99 100 static void 101 report_abort(prefix, fault_status, fault_address, fault_pc) 102 const char *prefix; 103 u_int fault_status; 104 u_int fault_address; 105 u_int fault_pc; 106 { 107 #ifndef DEBUG 108 if (prefix == NULL) { 109 #endif 110 if (prefix) 111 printf("%s ", prefix); 112 printf("Data abort: '%s' status=%03x address=%08x PC=%08x\n", 113 aborts[fault_status & FAULT_TYPE_MASK], 114 fault_status & 0xfff, fault_address, fault_pc); 115 #ifndef DEBUG 116 } 117 #endif 118 } 119 120 static __volatile int data_abort_expected; 121 static __volatile int data_abort_received; 122 123 int 124 badaddr_read(void *addr, size_t size, void *rptr) 125 { 126 u_long rcpt; 127 int rv; 128 129 /* Tell the Data Abort handler that we're expecting one. */ 130 data_abort_received = 0; 131 data_abort_expected = 1; 132 133 cpu_drain_writebuf(); 134 135 /* Read from the test address. */ 136 switch (size) { 137 case sizeof(uint8_t): 138 __asm __volatile("ldrb %0, [%1]" 139 : "=r" (rcpt) 140 : "r" (addr)); 141 break; 142 143 case sizeof(uint16_t): 144 __asm __volatile("ldrh %0, [%1]" 145 : "=r" (rcpt) 146 : "r" (addr)); 147 break; 148 149 case sizeof(uint32_t): 150 __asm __volatile("ldr %0, [%1]" 151 : "=r" (rcpt) 152 : "r" (addr)); 153 break; 154 155 default: 156 data_abort_expected = 0; 157 panic("badaddr: invalid size (%lu)", (u_long) size); 158 } 159 160 /* Disallow further Data Aborts. */ 161 data_abort_expected = 0; 162 163 rv = data_abort_received; 164 data_abort_received = 0; 165 166 /* Copy the data back if no fault occurred. */ 167 if (rptr != NULL && rv == 0) { 168 switch (size) { 169 case sizeof(uint8_t): 170 *(uint8_t *) rptr = rcpt; 171 break; 172 173 case sizeof(uint16_t): 174 *(uint16_t *) rptr = rcpt; 175 break; 176 177 case sizeof(uint32_t): 178 *(uint32_t *) rptr = rcpt; 179 break; 180 } 181 } 182 183 /* Return true if the address was invalid. */ 184 return (rv); 185 } 186 187 /* 188 * void data_abort_handler(trapframe_t *frame) 189 * 190 * Abort handler called when read/write occurs at an address of 191 * a non existent or restricted (access permissions) memory page. 192 * We first need to identify the type of page fault. 193 */ 194 195 #define TRAP_CODE ((fault_status & 0x0f) | (fault_address & 0xfffffff0)) 196 197 void 198 data_abort_handler(frame) 199 trapframe_t *frame; 200 { 201 struct proc *p; 202 struct pcb *pcb; 203 u_int fault_address; 204 u_int fault_status; 205 u_int fault_pc; 206 u_int fault_instruction; 207 int fault_code; 208 int user; 209 int error; 210 void *onfault; 211 212 /* 213 * If we were expecting a Data Abort, signal that we got 214 * one, adjust the PC to skip the faulting insn, and 215 * return. 216 */ 217 if (data_abort_expected) { 218 data_abort_received = 1; 219 frame->tf_pc += INSN_SIZE; 220 return; 221 } 222 223 /* 224 * Must get fault address and status from the CPU before 225 * re-enabling interrupts. (Interrupt handlers may take 226 * R/M emulation faults.) 227 */ 228 fault_address = cpu_faultaddress(); 229 fault_status = cpu_faultstatus(); 230 fault_pc = frame->tf_pc; 231 232 /* 233 * Enable IRQ's (disabled by CPU on abort) if trapframe 234 * shows they were enabled. 235 */ 236 if (!(frame->tf_spsr & I32_bit)) 237 enable_interrupts(I32_bit); 238 239 #ifdef DEBUG 240 if ((GetCPSR() & PSR_MODE) != PSR_SVC32_MODE) 241 panic("data_abort_handler: not in SVC32 mode"); 242 #endif 243 244 /* Update vmmeter statistics */ 245 uvmexp.traps++; 246 247 /* Extract the fault code from the fault status */ 248 fault_code = fault_status & FAULT_TYPE_MASK; 249 250 /* Get the current proc structure or proc0 if there is none */ 251 if ((p = curproc) == NULL) 252 p = &proc0; 253 254 /* 255 * can't use curpcb, as it might be NULL; and we have p in 256 * a register anyway 257 */ 258 pcb = &p->p_addr->u_pcb; 259 260 /* fusubailout is used by [fs]uswintr to avoid page faulting */ 261 if (pcb->pcb_onfault 262 && ((fault_code != FAULT_TRANS_S && fault_code != FAULT_TRANS_P && 263 fault_code != FAULT_PERM_S && fault_code != FAULT_PERM_P) 264 || pcb->pcb_onfault == fusubailout)) { 265 266 frame->tf_r0 = EFAULT; 267 copyfault: 268 #ifdef DEBUG 269 printf("Using pcb_onfault=%p addr=%08x st=%08x p=%p\n", 270 pcb->pcb_onfault, fault_address, fault_status, p); 271 #endif 272 frame->tf_pc = (u_int)pcb->pcb_onfault; 273 if ((frame->tf_spsr & PSR_MODE) == PSR_USR32_MODE) 274 panic("Yikes pcb_onfault=%p during USR mode fault", 275 pcb->pcb_onfault); 276 return; 277 } 278 279 /* More debug stuff */ 280 281 fault_instruction = ReadWord(fault_pc); 282 283 #ifdef PMAP_DEBUG 284 if (pmap_debug_level >= 0) { 285 report_abort(NULL, fault_status, fault_address, fault_pc); 286 printf("Instruction @V%08x = %08x\n", 287 fault_pc, fault_instruction); 288 } 289 #endif 290 291 /* Call the cpu specific abort fixup routine */ 292 error = cpu_dataabt_fixup(frame); 293 if (error == ABORT_FIXUP_RETURN) 294 return; 295 if (error == ABORT_FIXUP_FAILED) { 296 printf("pc = 0x%08x, opcode 0x%08x, insn = ", fault_pc, *((u_int *)fault_pc)); 297 disassemble(fault_pc); 298 printf("data abort handler: fixup failed for this instruction\n"); 299 } 300 301 #ifdef PMAP_DEBUG 302 if (pmap_debug_level >= 0) 303 printf("fault in process %p\n", p); 304 #endif 305 306 /* Were we in user mode when the abort occurred ? */ 307 if ((frame->tf_spsr & PSR_MODE) == PSR_USR32_MODE) { 308 /* 309 * Note that the fault was from USR mode. 310 */ 311 user = 1; 312 p->p_addr->u_pcb.pcb_tf = frame; 313 KERNEL_PROC_LOCK(p); 314 } else { 315 user = 0; 316 KERNEL_LOCK(LK_CANRECURSE|LK_EXCLUSIVE); 317 } 318 319 /* check if this was a failed fixup */ 320 if (error == ABORT_FIXUP_FAILED) { 321 if (user) { 322 trapsignal(p, SIGSEGV, TRAP_CODE); 323 KERNEL_PROC_UNLOCK(p); 324 userret(p); 325 return; 326 }; 327 panic("Data abort fixup failed in kernel - we're dead"); 328 }; 329 330 /* Now act on the fault type */ 331 switch (fault_code) { 332 case FAULT_WRTBUF_0: /* Write Buffer Fault */ 333 case FAULT_WRTBUF_1: /* Write Buffer Fault */ 334 /* If this happens forget it no point in continuing */ 335 336 /* FALLTHROUGH */ 337 338 case FAULT_ALIGN_0: /* Alignment Fault */ 339 case FAULT_ALIGN_1: /* Alignment Fault */ 340 /* 341 * Really this should just kill the process. 342 * Alignment faults are turned off in the kernel 343 * in order to get better performance from shorts with 344 * GCC so an alignment fault means somebody has played 345 * with the control register in the CPU. Might as well 346 * panic as the kernel was not compiled for aligned accesses. 347 */ 348 349 /* FALLTHROUGH */ 350 351 case FAULT_BUSERR_0: /* Bus Error LF Section */ 352 case FAULT_BUSERR_1: /* Bus Error Page */ 353 case FAULT_BUSERR_2: /* Bus Error Section */ 354 case FAULT_BUSERR_3: /* Bus Error Page */ 355 /* What will accutally cause a bus error ? */ 356 /* Real bus errors are not a process problem but hardware */ 357 358 /* FALLTHROUGH */ 359 360 case FAULT_DOMAIN_S: /* Section Domain Error Fault */ 361 case FAULT_DOMAIN_P: /* Page Domain Error Fault*/ 362 /* 363 * Right well we dont use domains, everything is 364 * always a client and thus subject to access permissions. 365 * If we get a domain error then we have corrupts PTE's 366 * so we might as well die ! 367 * I suppose eventually this should just kill the process 368 * who owns the PTE's but if this happens it implies a 369 * kernel problem. 370 */ 371 372 /* FALLTHROUGH */ 373 374 case FAULT_BUSTRNL1: /* Bus Error Trans L1 Fault */ 375 case FAULT_BUSTRNL2: /* Bus Error Trans L2 Fault */ 376 /* 377 * These faults imply that the PTE is corrupt. 378 * Likely to be a kernel fault so we had better stop. 379 */ 380 381 /* FALLTHROUGH */ 382 383 default : 384 /* Are there any combinations I have missed ? */ 385 report_abort(NULL, fault_status, fault_address, fault_pc); 386 387 we_re_toast: 388 /* 389 * Were are dead, try and provide some debug 390 * information before dying. 391 */ 392 #ifdef DDB 393 printf("Unhandled trap (frame = %p)\n", frame); 394 report_abort(NULL, fault_status, fault_address, fault_pc); 395 kdb_trap(-1, frame); 396 return; 397 #else 398 panic("Unhandled trap (frame = %p)", frame); 399 #endif /* DDB */ 400 401 case FAULT_TRANS_P: /* Page Translation Fault */ 402 case FAULT_PERM_P: /* Page Permission Fault */ 403 case FAULT_TRANS_S: /* Section Translation Fault */ 404 case FAULT_PERM_S: /* Section Permission Fault */ 405 /* 406 * Page/section translation/permission fault -- need to fault in 407 * the page and possibly the page table page. 408 */ 409 { 410 register vaddr_t va; 411 register struct vmspace *vm = p->p_vmspace; 412 register struct vm_map *map; 413 int rv; 414 vm_prot_t ftype; 415 extern struct vm_map *kernel_map; 416 417 va = trunc_page((vaddr_t)fault_address); 418 419 #ifdef PMAP_DEBUG 420 if (pmap_debug_level >= 0) 421 printf("page fault: addr=V%08lx ", va); 422 #endif 423 424 /* 425 * It is only a kernel address space fault iff: 426 * 1. user == 0 and 427 * 2. pcb_onfault not set or 428 * 3. pcb_onfault set but supervisor space fault 429 * The last can occur during an exec() copyin where the 430 * argument space is lazy-allocated. 431 */ 432 if (!user && 433 (va >= VM_MIN_KERNEL_ADDRESS || va < VM_MIN_ADDRESS)) { 434 /* Was the fault due to the FPE/IPKDB ? */ 435 if ((frame->tf_spsr & PSR_MODE) == PSR_UND32_MODE) { 436 report_abort("UND32", fault_status, 437 fault_address, fault_pc); 438 trapsignal(p, SIGSEGV, TRAP_CODE); 439 440 KERNEL_PROC_UNLOCK(p); 441 /* 442 * Force exit via userret() 443 * This is necessary as the FPE is an extension 444 * to userland that actually runs in a 445 * priveledged mode but uses USR mode 446 * permissions for its accesses. 447 */ 448 userret(p); 449 return; 450 } 451 map = kernel_map; 452 } else 453 map = &vm->vm_map; 454 455 #ifdef PMAP_DEBUG 456 if (pmap_debug_level >= 0) 457 printf("vmmap=%p ", map); 458 #endif 459 460 if (map == NULL) 461 panic("No map for fault address va = 0x%08lx", va); 462 463 /* 464 * We need to know whether the page should be mapped 465 * as R or R/W. The MMU does not give us the info as 466 * to whether the fault was caused by a read or a write. 467 * This means we need to disassemble the instruction 468 * responsible and determine if it was a read or write 469 * instruction. 470 */ 471 /* STR instruction ? */ 472 if ((fault_instruction & 0x0c100000) == 0x04000000) 473 ftype = VM_PROT_WRITE; 474 /* STM or CDT instruction ? */ 475 else if ((fault_instruction & 0x0a100000) == 0x08000000) 476 ftype = VM_PROT_WRITE; 477 /* STRH, STRSH or STRSB instruction ? */ 478 else if ((fault_instruction & 0x0e100090) == 0x00000090) 479 ftype = VM_PROT_WRITE; 480 /* SWP instruction ? */ 481 else if ((fault_instruction & 0x0fb00ff0) == 0x01000090) 482 ftype = VM_PROT_READ | VM_PROT_WRITE; 483 else 484 ftype = VM_PROT_READ; 485 486 #ifdef PMAP_DEBUG 487 if (pmap_debug_level >= 0) 488 printf("fault protection = %d\n", ftype); 489 #endif 490 491 if ((ftype & VM_PROT_WRITE) ? 492 pmap_modified_emulation(map->pmap, va) : 493 pmap_handled_emulation(map->pmap, va)) 494 goto out; 495 496 if (current_intr_depth > 0) { 497 #ifdef DDB 498 printf("Non-emulated page fault with intr_depth > 0\n"); 499 report_abort(NULL, fault_status, fault_address, fault_pc); 500 kdb_trap(-1, frame); 501 return; 502 #else 503 panic("Fault with intr_depth > 0"); 504 #endif /* DDB */ 505 } 506 507 onfault = pcb->pcb_onfault; 508 pcb->pcb_onfault = NULL; 509 rv = uvm_fault(map, va, 0, ftype); 510 pcb->pcb_onfault = onfault; 511 if (rv == 0) { 512 if (user != 0) /* Record any stack growth... */ 513 uvm_grow(p, trunc_page(va)); 514 goto out; 515 } 516 if (user == 0) { 517 if (pcb->pcb_onfault) { 518 frame->tf_r0 = rv; 519 goto copyfault; 520 } 521 printf("[u]vm_fault(%p, %lx, %x, 0) -> %x\n", 522 map, va, ftype, rv); 523 goto we_re_toast; 524 } 525 526 report_abort("", fault_status, fault_address, fault_pc); 527 if (rv == ENOMEM) { 528 printf("UVM: pid %d (%s), uid %d killed: " 529 "out of swap\n", p->p_pid, p->p_comm, 530 p->p_cred && p->p_ucred ? 531 p->p_ucred->cr_uid : -1); 532 trapsignal(p, SIGKILL, TRAP_CODE); 533 } else 534 trapsignal(p, SIGSEGV, TRAP_CODE); 535 break; 536 } 537 } 538 539 out: 540 /* Call userret() if it was a USR mode fault */ 541 if (user) { 542 KERNEL_PROC_UNLOCK(p); 543 userret(p); 544 } else 545 KERNEL_UNLOCK(); 546 } 547 548 549 /* 550 * void prefetch_abort_handler(trapframe_t *frame) 551 * 552 * Abort handler called when instruction execution occurs at 553 * a non existent or restricted (access permissions) memory page. 554 * If the address is invalid and we were in SVC mode then panic as 555 * the kernel should never prefetch abort. 556 * If the address is invalid and the page is mapped then the user process 557 * does no have read permission so send it a signal. 558 * Otherwise fault the page in and try again. 559 */ 560 561 extern int kernel_debug; 562 563 void 564 prefetch_abort_handler(frame) 565 trapframe_t *frame; 566 { 567 struct proc *p; 568 struct vm_map *map; 569 vaddr_t fault_pc, va; 570 int error; 571 572 /* 573 * Enable IRQ's (disabled by the abort) This always comes 574 * from user mode so we know interrupts were not disabled. 575 * But we check anyway. 576 */ 577 if (!(frame->tf_spsr & I32_bit)) 578 enable_interrupts(I32_bit); 579 580 #ifdef DEBUG 581 if ((GetCPSR() & PSR_MODE) != PSR_SVC32_MODE) 582 panic("prefetch_abort_handler: not in SVC32 mode"); 583 #endif 584 585 /* Update vmmeter statistics */ 586 uvmexp.traps++; 587 588 /* Call the cpu specific abort fixup routine */ 589 error = cpu_prefetchabt_fixup(frame); 590 if (error == ABORT_FIXUP_RETURN) 591 return; 592 if (error == ABORT_FIXUP_FAILED) 593 panic("prefetch abort fixup failed"); 594 595 /* Get the current proc structure or proc0 if there is none */ 596 if ((p = curproc) == 0) { 597 p = &proc0; 598 #ifdef DEBUG 599 printf("Prefetch abort with curproc == 0\n"); 600 #endif 601 } 602 603 #ifdef PMAP_DEBUG 604 if (pmap_debug_level >= 0) 605 printf("prefetch fault in process %p %s\n", p, p->p_comm); 606 #endif 607 608 /* Get fault address */ 609 fault_pc = frame->tf_pc; 610 va = trunc_page(fault_pc); 611 612 /* Was the prefectch abort from USR32 mode ? */ 613 if ((frame->tf_spsr & PSR_MODE) == PSR_USR32_MODE) { 614 p->p_addr->u_pcb.pcb_tf = frame; 615 } else { 616 /* 617 * All the kernel code pages are loaded at boot time 618 * and do not get paged 619 */ 620 panic("Prefetch abort in non-USR mode (frame=%p PC=0x%08lx)", 621 frame, fault_pc); 622 } 623 624 map = &p->p_vmspace->vm_map; 625 626 #ifdef PMAP_DEBUG 627 if (pmap_debug_level >= 0) 628 printf("prefetch_abort: PC = %08lx\n", fault_pc); 629 #endif 630 /* Ok validate the address, can only execute in USER space */ 631 if (fault_pc < VM_MIN_ADDRESS || fault_pc >= VM_MAXUSER_ADDRESS) { 632 #ifdef DEBUG 633 printf("prefetch: pc (%08lx) not in user process space\n", 634 fault_pc); 635 #endif 636 trapsignal(p, SIGSEGV, fault_pc); 637 userret(p); 638 return; 639 } 640 641 #ifdef CPU_SA110 642 /* 643 * There are bugs in the rev K SA110. This is a check for one 644 * of them. 645 */ 646 if (curcpu()->ci_arm_cputype == CPU_ID_SA110 && 647 curcpu()->ci_arm_cpurev < 3) { 648 /* Always current pmap */ 649 pt_entry_t *pte = vtopte((vaddr_t) fault_pc); 650 struct pmap *pmap = p->p_vmspace->vm_map.pmap; 651 652 if (pmap_pde_v(pmap_pde(pmap, (vaddr_t) fault_pc)) && 653 pmap_pte_v(pte)) { 654 if (kernel_debug & 1) { 655 printf("prefetch_abort: page is already " 656 "mapped - pte=%p *pte=%08x\n", pte, *pte); 657 printf("prefetch_abort: pc=%08lx proc=%p " 658 "process=%s\n", fault_pc, p, p->p_comm); 659 printf("prefetch_abort: far=%08x fs=%x\n", 660 cpu_faultaddress(), cpu_faultstatus()); 661 printf("prefetch_abort: trapframe=%08x\n", 662 (u_int)frame); 663 } 664 #ifdef DDB 665 if (kernel_debug & 2) 666 Debugger(); 667 #endif 668 } 669 } 670 #endif /* CPU_SA110 */ 671 672 if (pmap_handled_emulation(map->pmap, va)) 673 goto out; 674 675 if (current_intr_depth > 0) { 676 #ifdef DDB 677 printf("Non-emulated prefetch abort with intr_depth > 0\n"); 678 kdb_trap(-1, frame); 679 return; 680 #else 681 panic("Prefetch Abort with intr_depth > 0"); 682 #endif 683 } 684 685 error = uvm_fault(map, va, 0, VM_PROT_READ); 686 if (error == 0) 687 goto out; 688 689 if (error == ENOMEM) { 690 printf("UVM: pid %d (%s), uid %d killed: " 691 "out of swap\n", p->p_pid, p->p_comm, 692 p->p_cred && p->p_ucred ? 693 p->p_ucred->cr_uid : -1); 694 trapsignal(p, SIGKILL, fault_pc); 695 } else 696 trapsignal(p, SIGSEGV, fault_pc); 697 out: 698 userret(p); 699 } 700
Indexes created Thu Oct 02 14:10:14 GMT 2025