trap.c revision 1.109
1 /* $NetBSD: trap.c,v 1.109 2019/04/06 03:06:25 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 2001, 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Matthew Fredette. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* $OpenBSD: trap.c,v 1.30 2001/09/19 20:50:56 mickey Exp $ */ 33 34 /* 35 * Copyright (c) 1998-2004 Michael Shalayeff 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 48 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 49 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 50 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 51 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 52 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 53 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 56 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 57 * THE POSSIBILITY OF SUCH DAMAGE. 58 */ 59 60 #include <sys/cdefs.h> 61 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.109 2019/04/06 03:06:25 thorpej Exp $"); 62 63 /* #define INTRDEBUG */ 64 /* #define TRAPDEBUG */ 65 /* #define USERTRACE */ 66 67 #include "opt_kgdb.h" 68 #include "opt_ptrace.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/kernel.h> 73 #include <sys/syscall.h> 74 #include <sys/syscallvar.h> 75 #include <sys/mutex.h> 76 #include <sys/ktrace.h> 77 #include <sys/proc.h> 78 #include <sys/signalvar.h> 79 #include <sys/acct.h> 80 #include <sys/signal.h> 81 #include <sys/device.h> 82 #include <sys/kauth.h> 83 #include <sys/kmem.h> 84 #include <sys/userret.h> 85 86 #include <net/netisr.h> 87 88 #ifdef KGDB 89 #include <sys/kgdb.h> 90 #endif 91 92 #include <uvm/uvm.h> 93 94 #include <machine/iomod.h> 95 #include <machine/cpufunc.h> 96 #include <machine/reg.h> 97 #include <machine/autoconf.h> 98 99 #include <machine/db_machdep.h> 100 101 #include <hppa/hppa/machdep.h> 102 103 #include <ddb/db_output.h> 104 #include <ddb/db_interface.h> 105 106 #ifdef PTRACE 107 void ss_clear_breakpoints(struct lwp *l); 108 int ss_put_value(struct lwp *, vaddr_t, u_int); 109 int ss_get_value(struct lwp *, vaddr_t, u_int *); 110 111 /* single-step breakpoint */ 112 #define SSBREAKPOINT (HPPA_BREAK_KERNEL | (HPPA_BREAK_SS << 13)) 113 114 #endif 115 116 #if defined(DEBUG) || defined(DIAGNOSTIC) 117 /* 118 * 0x6fc1000 is a stwm r1, d(sr0, sp), which is the last 119 * instruction in the function prologue that gcc -O0 uses. 120 * When we have this instruction we know the relationship 121 * between the stack pointer and the gcc -O0 frame pointer 122 * (in r3, loaded with the initial sp) for the body of a 123 * function. 124 * 125 * If the given instruction is a stwm r1, d(sr0, sp) where 126 * d > 0, we evaluate to d, else we evaluate to zero. 127 */ 128 #define STWM_R1_D_SR0_SP(inst) \ 129 (((inst) & 0xffffc001) == 0x6fc10000 ? (((inst) & 0x00003ff) >> 1) : 0) 130 #endif /* DEBUG || DIAGNOSTIC */ 131 132 const char *trap_type[] = { 133 "invalid", 134 "HPMC", 135 "power failure", 136 "recovery counter", 137 "external interrupt", 138 "LPMC", 139 "ITLB miss fault", 140 "instruction protection", 141 "Illegal instruction", 142 "break instruction", 143 "privileged operation", 144 "privileged register", 145 "overflow", 146 "conditional", 147 "assist exception", 148 "DTLB miss", 149 "ITLB non-access miss", 150 "DTLB non-access miss", 151 "data protection/rights/alignment", 152 "data break", 153 "TLB dirty", 154 "page reference", 155 "assist emulation", 156 "higher-priv transfer", 157 "lower-priv transfer", 158 "taken branch", 159 "data access rights", 160 "data protection", 161 "unaligned data ref", 162 }; 163 int trap_types = __arraycount(trap_type); 164 165 uint8_t fpopmap[] = { 166 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 167 0x00, 0x0c, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 174 }; 175 176 void pmap_hptdump(void); 177 void syscall(struct trapframe *, int *); 178 179 #if defined(DEBUG) 180 struct trapframe *sanity_frame; 181 struct lwp *sanity_lwp; 182 const char *sanity_string; 183 void frame_sanity_check(const char *, int, int, struct trapframe *, 184 struct lwp *); 185 #endif 186 187 188 #ifdef USERTRACE 189 /* 190 * USERTRACE is a crude facility that traces the PC of a single user process. 191 * This tracing is normally activated by the dispatching of a certain syscall 192 * with certain arguments - see the activation code in syscall(). 193 */ 194 static void user_backtrace(struct trapframe *, struct lwp *, int); 195 static void user_backtrace_raw(u_int, u_int); 196 197 u_int rctr_next_iioq; 198 #endif 199 200 static inline void 201 userret(struct lwp *l, register_t pc, u_quad_t oticks) 202 { 203 struct proc *p = l->l_proc; 204 205 if (l->l_md.md_astpending) { 206 l->l_md.md_astpending = 0; 207 //curcpu()->ci_data.cpu_nast++; 208 209 if (curcpu()->ci_want_resched) 210 preempt(); 211 } 212 213 mi_userret(l); 214 215 /* 216 * If profiling, charge recent system time to the trapped pc. 217 */ 218 if (p->p_stflag & PST_PROFIL) { 219 extern int psratio; 220 221 addupc_task(l, pc, (int)(p->p_sticks - oticks) * psratio); 222 } 223 } 224 225 /* 226 * This handles some messy kernel debugger details. 227 * It dispatches into either kgdb or DDB, and knows 228 * about some special things to do, like skipping over 229 * break instructions and how to really set up for 230 * a single-step. 231 */ 232 #if defined(KGDB) || defined(DDB) 233 static int 234 trap_kdebug(int type, int code, struct trapframe *frame) 235 { 236 int handled; 237 u_int tf_iioq_head_old; 238 u_int tf_iioq_tail_old; 239 240 for (;;) { 241 242 /* This trap has not been handled. */ 243 handled = 0; 244 245 /* Remember the instruction offset queue. */ 246 tf_iioq_head_old = frame->tf_iioq_head; 247 tf_iioq_tail_old = frame->tf_iioq_tail; 248 249 #ifdef KGDB 250 /* Let KGDB handle it (if connected) */ 251 if (!handled) 252 handled = kgdb_trap(type, frame); 253 #endif 254 #ifdef DDB 255 /* Let DDB handle it. */ 256 if (!handled) 257 handled = kdb_trap(type, code, frame); 258 #endif 259 260 /* If this trap wasn't handled, return now. */ 261 if (!handled) 262 return(0); 263 264 /* 265 * If the instruction offset queue head changed, but the offset 266 * queue tail didn't, assume that the user wants to jump to the 267 * head offset, and adjust the tail accordingly. This should 268 * fix the kgdb `jump' command, and can help DDB users who `set' 269 * the offset head but forget the tail. 270 */ 271 if (frame->tf_iioq_head != tf_iioq_head_old && 272 frame->tf_iioq_tail == tf_iioq_tail_old) 273 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 274 275 /* 276 * This is some single-stepping support. If we're trying to 277 * step through a nullified instruction, just advance by hand 278 * and trap again. Otherwise, load the recovery counter with 279 * zero. 280 */ 281 if (frame->tf_ipsw & PSW_R) { 282 #ifdef TRAPDEBUG 283 printf("(single stepping at head 0x%x tail 0x%x)\n", 284 frame->tf_iioq_head, frame->tf_iioq_tail); 285 #endif 286 if (frame->tf_ipsw & PSW_N) { 287 #ifdef TRAPDEBUG 288 printf("(single stepping past nullified)\n"); 289 #endif 290 291 /* Advance the program counter. */ 292 frame->tf_iioq_head = frame->tf_iioq_tail; 293 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 294 295 /* Clear flags. */ 296 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 297 298 /* Simulate another trap. */ 299 type = T_RECOVERY; 300 continue; 301 } 302 frame->tf_rctr = 0; 303 } 304 305 /* We handled this trap. */ 306 return (1); 307 } 308 /* NOTREACHED */ 309 } 310 #else /* !KGDB && !DDB */ 311 #define trap_kdebug(t, c, f) (0) 312 #endif /* !KGDB && !DDB */ 313 314 #if defined(DEBUG) || defined(USERTRACE) 315 /* 316 * These functions give a crude usermode backtrace. They really only work when 317 * code has been compiled without optimization, as they assume a certain func- 318 * tion prologue sets up a frame pointer and stores the return pointer and arg- 319 * uments in it. 320 */ 321 static void 322 user_backtrace_raw(u_int pc, u_int fp) 323 { 324 int frame_number; 325 int arg_number; 326 uint32_t val; 327 328 for (frame_number = 0; 329 frame_number < 100 && pc > HPPA_PC_PRIV_MASK && fp; 330 frame_number++) { 331 332 printf("%3d: pc=%08x%s fp=0x%08x", frame_number, 333 pc & ~HPPA_PC_PRIV_MASK, USERMODE(pc) ? " " : "**", fp); 334 for (arg_number = 0; arg_number < 4; arg_number++) { 335 if (ufetch_32(HPPA_FRAME_CARG(arg_number, fp), 336 &val) == 0) { 337 printf(" arg%d=0x%08x", arg_number, val); 338 } else { 339 printf(" arg%d=<bad address>", arg_number); 340 } 341 } 342 printf("\n"); 343 if (ufetch_int((((uint32_t *) fp) - 5), &pc) != 0) { 344 printf(" ufetch for pc failed\n"); 345 break; 346 } 347 if (ufetch_int((((uint32_t *) fp) + 0), &fp) != 0) { 348 printf(" ufetch for fp failed\n"); 349 break; 350 } 351 } 352 printf(" backtrace stopped with pc %08x fp 0x%08x\n", pc, fp); 353 } 354 355 static void 356 user_backtrace(struct trapframe *tf, struct lwp *l, int type) 357 { 358 struct proc *p = l->l_proc; 359 u_int pc, fp, inst; 360 361 /* 362 * Display any trap type that we have. 363 */ 364 if (type >= 0) 365 printf("pid %d (%s) trap #%d\n", 366 p->p_pid, p->p_comm, type & ~T_USER); 367 368 /* 369 * Assuming that the frame pointer in r3 is valid, 370 * dump out a stack trace. 371 */ 372 fp = tf->tf_r3; 373 printf("pid %d (%s) backtrace, starting with fp 0x%08x\n", 374 p->p_pid, p->p_comm, fp); 375 user_backtrace_raw(tf->tf_iioq_head, fp); 376 377 /* 378 * In case the frame pointer in r3 is not valid, assuming the stack 379 * pointer is valid and the faulting function is a non-leaf, if we can 380 * find its prologue we can recover its frame pointer. 381 */ 382 pc = tf->tf_iioq_head; 383 fp = tf->tf_sp - HPPA_FRAME_SIZE; 384 printf("pid %d (%s) backtrace, starting with sp 0x%08x pc 0x%08x\n", 385 p->p_pid, p->p_comm, tf->tf_sp, pc); 386 for (pc &= ~HPPA_PC_PRIV_MASK; pc > 0; pc -= sizeof(inst)) { 387 if (ufetch_int((u_int *) pc, &inst) != 0) { 388 printf(" ufetch for inst at pc %08x failed\n", pc); 389 break; 390 } 391 /* Check for the prologue instruction that sets sp. */ 392 if (STWM_R1_D_SR0_SP(inst)) { 393 fp = tf->tf_sp - STWM_R1_D_SR0_SP(inst); 394 printf(" sp from fp at pc %08x: %08x\n", pc, inst); 395 break; 396 } 397 } 398 user_backtrace_raw(tf->tf_iioq_head, fp); 399 } 400 #endif /* DEBUG || USERTRACE */ 401 402 #ifdef DEBUG 403 /* 404 * This sanity-checks a trapframe. It is full of various assumptions about 405 * what a healthy CPU state should be, with some documented elsewhere, some not. 406 */ 407 void 408 frame_sanity_check(const char *func, int line, int type, struct trapframe *tf, 409 struct lwp *l) 410 { 411 #if 0 412 extern int kernel_text; 413 extern int etext; 414 #endif 415 struct cpu_info *ci = curcpu(); 416 417 #define SANITY(e) \ 418 do { \ 419 if (sanity_frame == NULL && !(e)) { \ 420 sanity_frame = tf; \ 421 sanity_lwp = l; \ 422 sanity_string = #e; \ 423 } \ 424 } while (/* CONSTCOND */ 0) 425 426 KASSERT(l != NULL); 427 SANITY((tf->tf_ipsw & ci->ci_psw) == ci->ci_psw); 428 SANITY((ci->ci_psw & PSW_I) == 0 || tf->tf_eiem != 0); 429 if (tf->tf_iisq_head == HPPA_SID_KERNEL) { 430 vaddr_t minsp, maxsp, uv; 431 432 uv = uvm_lwp_getuarea(l); 433 434 /* 435 * If the trap happened in the gateway page, we take the easy 436 * way out and assume that the trapframe is okay. 437 */ 438 if ((tf->tf_iioq_head & ~PAGE_MASK) == SYSCALLGATE) 439 goto out; 440 441 SANITY(!USERMODE(tf->tf_iioq_head)); 442 SANITY(!USERMODE(tf->tf_iioq_tail)); 443 444 /* 445 * Don't check the instruction queues or stack on interrupts 446 * as we could be be in the sti code (outside normal kernel 447 * text) or switching LWPs (curlwp and sp are not in sync) 448 */ 449 if ((type & ~T_USER) == T_INTERRUPT) 450 goto out; 451 #if 0 452 SANITY(tf->tf_iioq_head >= (u_int) &kernel_text); 453 SANITY(tf->tf_iioq_head < (u_int) &etext); 454 SANITY(tf->tf_iioq_tail >= (u_int) &kernel_text); 455 SANITY(tf->tf_iioq_tail < (u_int) &etext); 456 #endif 457 458 maxsp = uv + USPACE + PAGE_SIZE; 459 minsp = uv + PAGE_SIZE; 460 461 SANITY(tf->tf_sp >= minsp && tf->tf_sp < maxsp); 462 } else { 463 struct pcb *pcb = lwp_getpcb(l); 464 465 SANITY(USERMODE(tf->tf_iioq_head)); 466 SANITY(USERMODE(tf->tf_iioq_tail)); 467 SANITY(tf->tf_cr30 == (u_int)pcb->pcb_fpregs); 468 } 469 #undef SANITY 470 out: 471 if (sanity_frame == tf) { 472 printf("insanity: '%s' at %s:%d type 0x%x tf %p lwp %p " 473 "sp 0x%x pc 0x%x\n", 474 sanity_string, func, line, type, sanity_frame, sanity_lwp, 475 tf->tf_sp, tf->tf_iioq_head); 476 (void) trap_kdebug(T_IBREAK, 0, tf); 477 sanity_frame = NULL; 478 sanity_lwp = NULL; 479 } 480 } 481 #endif /* DEBUG */ 482 483 void 484 trap(int type, struct trapframe *frame) 485 { 486 struct lwp *l; 487 struct proc *p; 488 struct pcb *pcb; 489 vaddr_t va; 490 struct vm_map *map; 491 struct vmspace *vm; 492 vm_prot_t vftype; 493 pa_space_t space; 494 ksiginfo_t ksi; 495 u_int opcode, onfault; 496 int ret; 497 const char *tts = "reserved"; 498 int trapnum; 499 #ifdef DIAGNOSTIC 500 extern int emergency_stack_start, emergency_stack_end; 501 struct cpu_info *ci = curcpu(); 502 int oldcpl = ci->ci_cpl; 503 #endif 504 505 trapnum = type & ~T_USER; 506 opcode = frame->tf_iir; 507 508 if (trapnum <= T_EXCEPTION || trapnum == T_HIGHERPL || 509 trapnum == T_LOWERPL || trapnum == T_TAKENBR || 510 trapnum == T_IDEBUG || trapnum == T_PERFMON) { 511 va = frame->tf_iioq_head; 512 space = frame->tf_iisq_head; 513 vftype = VM_PROT_EXECUTE; 514 } else { 515 va = frame->tf_ior; 516 space = frame->tf_isr; 517 vftype = inst_store(opcode) ? VM_PROT_WRITE : VM_PROT_READ; 518 } 519 520 KASSERT(curlwp != NULL); 521 l = curlwp; 522 p = l->l_proc; 523 if ((type & T_USER) != 0) 524 LWP_CACHE_CREDS(l, p); 525 526 #ifdef DIAGNOSTIC 527 /* 528 * If we are on the emergency stack, then we either got 529 * a fault on the kernel stack, or we're just handling 530 * a trap for the machine check handler (which also 531 * runs on the emergency stack). 532 * 533 * We *very crudely* differentiate between the two cases 534 * by checking the faulting instruction: if it is the 535 * function prologue instruction that stores the old 536 * frame pointer and updates the stack pointer, we assume 537 * that we faulted on the kernel stack. 538 * 539 * In this case, not completing that instruction will 540 * probably confuse backtraces in kgdb/ddb. Completing 541 * it would be difficult, because we already faulted on 542 * that part of the stack, so instead we fix up the 543 * frame as if the function called has just returned. 544 * This has peculiar knowledge about what values are in 545 * what registers during the "normal gcc -g" prologue. 546 */ 547 if (&type >= &emergency_stack_start && 548 &type < &emergency_stack_end && 549 type != T_IBREAK && STWM_R1_D_SR0_SP(opcode)) { 550 /* Restore the caller's frame pointer. */ 551 frame->tf_r3 = frame->tf_r1; 552 /* Restore the caller's instruction offsets. */ 553 frame->tf_iioq_head = frame->tf_rp; 554 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 555 goto dead_end; 556 } 557 #endif /* DIAGNOSTIC */ 558 559 #ifdef DEBUG 560 frame_sanity_check(__func__, __LINE__, type, frame, l); 561 #endif /* DEBUG */ 562 563 if (frame->tf_flags & TFF_LAST) 564 l->l_md.md_regs = frame; 565 566 if (trapnum <= trap_types) 567 tts = trap_type[trapnum]; 568 569 #ifdef TRAPDEBUG 570 if (trapnum != T_INTERRUPT && trapnum != T_IBREAK) 571 printf("trap: %d, %s for %x:%lx at %x:%x, fp=%p, rp=%x\n", 572 type, tts, space, va, frame->tf_iisq_head, 573 frame->tf_iioq_head, frame, frame->tf_rp); 574 else if (trapnum == T_IBREAK) 575 printf("trap: break instruction %x:%x at %x:%x, fp=%p\n", 576 break5(opcode), break13(opcode), 577 frame->tf_iisq_head, frame->tf_iioq_head, frame); 578 579 { 580 extern int etext; 581 if (frame < (struct trapframe *)&etext) { 582 printf("trap: bogus frame ptr %p\n", frame); 583 goto dead_end; 584 } 585 } 586 #endif 587 588 pcb = lwp_getpcb(l); 589 590 /* If this is a trap, not an interrupt, reenable interrupts. */ 591 if (trapnum != T_INTERRUPT) { 592 curcpu()->ci_data.cpu_ntrap++; 593 mtctl(frame->tf_eiem, CR_EIEM); 594 } 595 596 switch (type) { 597 case T_NONEXIST: 598 case T_NONEXIST|T_USER: 599 #if !defined(DDB) && !defined(KGDB) 600 /* we've got screwed up by the central scrutinizer */ 601 panic ("trap: elvis has just left the building!"); 602 break; 603 #else 604 goto dead_end; 605 #endif 606 case T_RECOVERY|T_USER: 607 #ifdef USERTRACE 608 for (;;) { 609 if (frame->tf_iioq_head != rctr_next_iioq) 610 printf("-%08x\nr %08x", 611 rctr_next_iioq - 4, 612 frame->tf_iioq_head); 613 rctr_next_iioq = frame->tf_iioq_head + 4; 614 if (frame->tf_ipsw & PSW_N) { 615 /* Advance the program counter. */ 616 frame->tf_iioq_head = frame->tf_iioq_tail; 617 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 618 /* Clear flags. */ 619 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 620 /* Simulate another trap. */ 621 continue; 622 } 623 break; 624 } 625 frame->tf_rctr = 0; 626 break; 627 #endif /* USERTRACE */ 628 case T_RECOVERY: 629 #if !defined(DDB) && !defined(KGDB) 630 /* XXX will implement later */ 631 printf ("trap: handicapped"); 632 break; 633 #else 634 goto dead_end; 635 #endif 636 637 case T_EMULATION | T_USER: 638 hppa_fpu_emulate(frame, l, opcode); 639 break; 640 641 case T_DATALIGN: 642 onfault = pcb->pcb_onfault; 643 if (onfault) { 644 ret = EFAULT; 645 do_onfault: 646 frame->tf_iioq_head = onfault; 647 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 648 frame->tf_ret0 = ret; 649 break; 650 } 651 /*FALLTHROUGH*/ 652 653 #ifdef DIAGNOSTIC 654 /* these just can't happen ever */ 655 case T_PRIV_OP: 656 case T_PRIV_REG: 657 /* these just can't make it to the trap() ever */ 658 case T_HPMC: 659 case T_HPMC | T_USER: 660 case T_EMULATION: 661 case T_EXCEPTION: 662 #endif 663 case T_IBREAK: 664 case T_DBREAK: 665 dead_end: 666 if (type & T_USER) { 667 #ifdef DEBUG 668 user_backtrace(frame, l, type); 669 #endif 670 KSI_INIT_TRAP(&ksi); 671 ksi.ksi_signo = SIGILL; 672 ksi.ksi_code = ILL_ILLTRP; 673 ksi.ksi_trap = type; 674 ksi.ksi_addr = (void *)frame->tf_iioq_head; 675 trapsignal(l, &ksi); 676 break; 677 } 678 if (trap_kdebug(type, va, frame)) 679 return; 680 else if (type == T_DATALIGN) 681 panic ("trap: %s at 0x%x", tts, (u_int) va); 682 else 683 panic ("trap: no debugger for \"%s\" (%d)", tts, type); 684 break; 685 686 case T_IBREAK | T_USER: 687 case T_DBREAK | T_USER: 688 KSI_INIT_TRAP(&ksi); 689 ksi.ksi_signo = SIGTRAP; 690 ksi.ksi_code = TRAP_TRACE; 691 ksi.ksi_trap = trapnum; 692 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 693 #ifdef PTRACE 694 ss_clear_breakpoints(l); 695 if (opcode == SSBREAKPOINT) 696 ksi.ksi_code = TRAP_BRKPT; 697 #endif 698 /* pass to user debugger */ 699 trapsignal(l, &ksi); 700 break; 701 702 #ifdef PTRACE 703 case T_TAKENBR | T_USER: 704 ss_clear_breakpoints(l); 705 706 KSI_INIT_TRAP(&ksi); 707 ksi.ksi_signo = SIGTRAP; 708 ksi.ksi_code = TRAP_TRACE; 709 ksi.ksi_trap = trapnum; 710 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 711 712 /* pass to user debugger */ 713 trapsignal(l, &ksi); 714 break; 715 #endif 716 717 case T_EXCEPTION | T_USER: { /* co-proc assist trap */ 718 uint64_t *fpp; 719 uint32_t *pex, ex, inst; 720 int i; 721 722 hppa_fpu_flush(l); 723 fpp = (uint64_t *)pcb->pcb_fpregs; 724 725 /* skip the status register */ 726 pex = (uint32_t *)&fpp[0]; 727 pex++; 728 729 /* loop through the exception registers */ 730 for (i = 1; i < 8 && !*pex; i++, pex++) 731 ; 732 KASSERT(i < 8); 733 ex = *pex; 734 *pex = 0; 735 736 /* reset the trap flag, as if there was none */ 737 fpp[0] &= ~(((uint64_t)HPPA_FPU_T) << 32); 738 739 /* emulate the instruction */ 740 inst = ((uint32_t)fpopmap[ex >> 26] << 26) | (ex & 0x03ffffff); 741 hppa_fpu_emulate(frame, l, inst); 742 } 743 break; 744 745 case T_OVERFLOW | T_USER: 746 KSI_INIT_TRAP(&ksi); 747 ksi.ksi_signo = SIGFPE; 748 ksi.ksi_code = SI_NOINFO; 749 ksi.ksi_trap = type; 750 ksi.ksi_addr = (void *)va; 751 trapsignal(l, &ksi); 752 break; 753 754 case T_CONDITION | T_USER: 755 KSI_INIT_TRAP(&ksi); 756 ksi.ksi_signo = SIGFPE; 757 ksi.ksi_code = FPE_INTDIV; 758 ksi.ksi_trap = type; 759 ksi.ksi_addr = (void *)va; 760 trapsignal(l, &ksi); 761 break; 762 763 case T_ILLEGAL | T_USER: 764 #ifdef DEBUG 765 user_backtrace(frame, l, type); 766 #endif 767 KSI_INIT_TRAP(&ksi); 768 ksi.ksi_signo = SIGILL; 769 ksi.ksi_code = ILL_ILLOPC; 770 ksi.ksi_trap = type; 771 ksi.ksi_addr = (void *)va; 772 trapsignal(l, &ksi); 773 break; 774 775 case T_PRIV_OP | T_USER: 776 #ifdef DEBUG 777 user_backtrace(frame, l, type); 778 #endif 779 KSI_INIT_TRAP(&ksi); 780 ksi.ksi_signo = SIGILL; 781 ksi.ksi_code = ILL_PRVOPC; 782 ksi.ksi_trap = type; 783 ksi.ksi_addr = (void *)va; 784 trapsignal(l, &ksi); 785 break; 786 787 case T_PRIV_REG | T_USER: 788 #ifdef DEBUG 789 user_backtrace(frame, l, type); 790 #endif 791 KSI_INIT_TRAP(&ksi); 792 ksi.ksi_signo = SIGILL; 793 ksi.ksi_code = ILL_PRVREG; 794 ksi.ksi_trap = type; 795 ksi.ksi_addr = (void *)va; 796 trapsignal(l, &ksi); 797 break; 798 799 /* these should never got here */ 800 case T_HIGHERPL | T_USER: 801 case T_LOWERPL | T_USER: 802 KSI_INIT_TRAP(&ksi); 803 ksi.ksi_signo = SIGSEGV; 804 ksi.ksi_code = SEGV_ACCERR; 805 ksi.ksi_trap = type; 806 ksi.ksi_addr = (void *)va; 807 trapsignal(l, &ksi); 808 break; 809 810 case T_IPROT | T_USER: 811 case T_DPROT | T_USER: 812 KSI_INIT_TRAP(&ksi); 813 ksi.ksi_signo = SIGSEGV; 814 ksi.ksi_code = SEGV_ACCERR; 815 ksi.ksi_trap = type; 816 ksi.ksi_addr = (void *)va; 817 trapsignal(l, &ksi); 818 break; 819 820 case T_DATACC: case T_USER | T_DATACC: 821 case T_ITLBMISS: case T_USER | T_ITLBMISS: 822 case T_DTLBMISS: case T_USER | T_DTLBMISS: 823 case T_ITLBMISSNA: case T_USER | T_ITLBMISSNA: 824 case T_DTLBMISSNA: case T_USER | T_DTLBMISSNA: 825 case T_TLB_DIRTY: case T_USER | T_TLB_DIRTY: 826 vm = p->p_vmspace; 827 828 if (!vm) { 829 #ifdef TRAPDEBUG 830 printf("trap: no vm, p=%p\n", p); 831 #endif 832 goto dead_end; 833 } 834 835 /* 836 * it could be a kernel map for exec_map faults 837 */ 838 if (!(type & T_USER) && space == HPPA_SID_KERNEL) 839 map = kernel_map; 840 else { 841 map = &vm->vm_map; 842 } 843 844 va = trunc_page(va); 845 846 if (map->pmap->pm_space != space) { 847 #ifdef TRAPDEBUG 848 printf("trap: space mismatch %d != %d\n", 849 space, map->pmap->pm_space); 850 #endif 851 /* actually dump the user, crap the kernel */ 852 goto dead_end; 853 } 854 855 /* Never call uvm_fault in interrupt context. */ 856 KASSERT(curcpu()->ci_cpl == 0); 857 858 onfault = pcb->pcb_onfault; 859 pcb->pcb_onfault = 0; 860 ret = uvm_fault(map, va, vftype); 861 pcb->pcb_onfault = onfault; 862 863 #ifdef TRAPDEBUG 864 printf("uvm_fault(%p, %x, %d)=%d\n", 865 map, (u_int)va, vftype, ret); 866 #endif 867 868 /* 869 * If this was a stack access we keep track of the maximum 870 * accessed stack size. Also, if uvm_fault gets a protection 871 * failure it is due to accessing the stack region outside 872 * the current limit and we need to reflect that as an access 873 * error. 874 */ 875 if (map != kernel_map && va >= (vaddr_t)vm->vm_minsaddr) { 876 if (ret == 0) 877 uvm_grow(l->l_proc, va); 878 else if (ret == EACCES) 879 ret = EFAULT; 880 } 881 882 if (ret != 0) { 883 if (type & T_USER) { 884 #ifdef DEBUG 885 user_backtrace(frame, l, type); 886 #endif 887 KSI_INIT_TRAP(&ksi); 888 switch (ret) { 889 case EACCES: 890 ksi.ksi_signo = SIGSEGV; 891 ksi.ksi_code = SEGV_ACCERR; 892 break; 893 case ENOMEM: 894 ksi.ksi_signo = SIGKILL; 895 printf("UVM: pid %d (%s), uid %d " 896 "killed: out of swap\n", 897 p->p_pid, p->p_comm, 898 l->l_cred ? 899 kauth_cred_geteuid(l->l_cred) 900 : -1); 901 break; 902 case EINVAL: 903 ksi.ksi_signo = SIGBUS; 904 ksi.ksi_code = BUS_ADRERR; 905 break; 906 default: 907 ksi.ksi_signo = SIGSEGV; 908 ksi.ksi_code = SEGV_MAPERR; 909 break; 910 } 911 ksi.ksi_trap = type; 912 ksi.ksi_addr = (void *)va; 913 trapsignal(l, &ksi); 914 } else { 915 if (onfault) { 916 goto do_onfault; 917 } 918 panic("trap: uvm_fault(%p, %lx, %d): %d", 919 map, va, vftype, ret); 920 } 921 } 922 break; 923 924 case T_DATALIGN | T_USER: 925 #ifdef DEBUG 926 user_backtrace(frame, l, type); 927 #endif 928 KSI_INIT_TRAP(&ksi); 929 ksi.ksi_signo = SIGBUS; 930 ksi.ksi_code = BUS_ADRALN; 931 ksi.ksi_trap = type; 932 ksi.ksi_addr = (void *)va; 933 trapsignal(l, &ksi); 934 break; 935 936 case T_INTERRUPT: 937 case T_INTERRUPT|T_USER: 938 hppa_intr(frame); 939 mtctl(frame->tf_eiem, CR_EIEM); 940 break; 941 942 case T_LOWERPL: 943 case T_DPROT: 944 case T_IPROT: 945 case T_OVERFLOW: 946 case T_CONDITION: 947 case T_ILLEGAL: 948 case T_HIGHERPL: 949 case T_TAKENBR: 950 case T_POWERFAIL: 951 case T_LPMC: 952 case T_PAGEREF: 953 case T_DATAPID: case T_DATAPID | T_USER: 954 if (0 /* T-chip */) { 955 break; 956 } 957 /* FALLTHROUGH to unimplemented */ 958 default: 959 panic ("trap: unimplemented \'%s\' (%d)", tts, type); 960 } 961 962 #ifdef DIAGNOSTIC 963 if (ci->ci_cpl != oldcpl) 964 printf("WARNING: SPL (%d) NOT LOWERED ON TRAP (%d) EXIT\n", 965 ci->ci_cpl, trapnum); 966 #endif 967 968 if (type & T_USER) 969 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 970 971 #ifdef DEBUG 972 frame_sanity_check(__func__, __LINE__, type, frame, l); 973 if (frame->tf_flags & TFF_LAST && (curlwp->l_flag & LW_IDLE) == 0) 974 frame_sanity_check(__func__, __LINE__, type, 975 curlwp->l_md.md_regs, curlwp); 976 #endif /* DEBUG */ 977 } 978 979 void 980 child_return(void *arg) 981 { 982 struct lwp *l = arg; 983 984 /* 985 * Return values in the frame set by cpu_lwp_fork(). 986 */ 987 988 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 989 ktrsysret(SYS_fork, 0, 0); 990 #ifdef DEBUG 991 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 992 #endif /* DEBUG */ 993 } 994 995 /* 996 * Process the tail end of a posix_spawn() for the child. 997 */ 998 void 999 cpu_spawn_return(struct lwp *l) 1000 { 1001 1002 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1003 #ifdef DEBUG 1004 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 1005 #endif /* DEBUG */ 1006 } 1007 1008 #ifdef PTRACE 1009 1010 #include <sys/ptrace.h> 1011 1012 int 1013 ss_get_value(struct lwp *l, vaddr_t addr, u_int *value) 1014 { 1015 struct uio uio; 1016 struct iovec iov; 1017 1018 iov.iov_base = (void *)value; 1019 iov.iov_len = sizeof(u_int); 1020 uio.uio_iov = &iov; 1021 uio.uio_iovcnt = 1; 1022 uio.uio_offset = (off_t)addr; 1023 uio.uio_resid = sizeof(u_int); 1024 uio.uio_rw = UIO_READ; 1025 UIO_SETUP_SYSSPACE(&uio); 1026 1027 return (process_domem(curlwp, l, &uio)); 1028 } 1029 1030 int 1031 ss_put_value(struct lwp *l, vaddr_t addr, u_int value) 1032 { 1033 struct uio uio; 1034 struct iovec iov; 1035 1036 iov.iov_base = (void *)&value; 1037 iov.iov_len = sizeof(u_int); 1038 uio.uio_iov = &iov; 1039 uio.uio_iovcnt = 1; 1040 uio.uio_offset = (off_t)addr; 1041 uio.uio_resid = sizeof(u_int); 1042 uio.uio_rw = UIO_WRITE; 1043 UIO_SETUP_SYSSPACE(&uio); 1044 1045 return (process_domem(curlwp, l, &uio)); 1046 } 1047 1048 void 1049 ss_clear_breakpoints(struct lwp *l) 1050 { 1051 /* Restore origional instructions. */ 1052 if (l->l_md.md_bpva != 0) { 1053 ss_put_value(l, l->l_md.md_bpva, l->l_md.md_bpsave[0]); 1054 ss_put_value(l, l->l_md.md_bpva + 4, l->l_md.md_bpsave[1]); 1055 l->l_md.md_bpva = 0; 1056 } 1057 } 1058 1059 1060 int 1061 process_sstep(struct lwp *l, int sstep) 1062 { 1063 struct trapframe *tf = l->l_md.md_regs; 1064 int error; 1065 1066 ss_clear_breakpoints(l); 1067 1068 /* We're continuing... */ 1069 if (sstep == 0) { 1070 tf->tf_ipsw &= ~PSW_T; 1071 return 0; 1072 } 1073 1074 /* 1075 * Don't touch the syscall gateway page. Instead, insert a 1076 * breakpoint where we're supposed to return. 1077 */ 1078 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1079 l->l_md.md_bpva = tf->tf_r31 & ~HPPA_PC_PRIV_MASK; 1080 else 1081 l->l_md.md_bpva = tf->tf_iioq_tail & ~HPPA_PC_PRIV_MASK; 1082 1083 error = ss_get_value(l, l->l_md.md_bpva, &l->l_md.md_bpsave[0]); 1084 if (error) 1085 return error; 1086 error = ss_get_value(l, l->l_md.md_bpva + 4, &l->l_md.md_bpsave[1]); 1087 if (error) 1088 return error; 1089 1090 error = ss_put_value(l, l->l_md.md_bpva, SSBREAKPOINT); 1091 if (error) 1092 return error; 1093 error = ss_put_value(l, l->l_md.md_bpva + 4, SSBREAKPOINT); 1094 if (error) 1095 return error; 1096 1097 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1098 tf->tf_ipsw &= ~PSW_T; 1099 else 1100 tf->tf_ipsw |= PSW_T; 1101 1102 return 0; 1103 } 1104 #endif 1105 1106 1107 /* 1108 * call actual syscall routine 1109 * from the low-level syscall handler: 1110 * - all HPPA_FRAME_NARGS syscall's arguments supposed to be copied onto 1111 * our stack, this wins compared to copyin just needed amount anyway 1112 * - register args are copied onto stack too 1113 */ 1114 void 1115 syscall(struct trapframe *frame, int *args) 1116 { 1117 struct lwp *l; 1118 struct proc *p; 1119 const struct sysent *callp; 1120 size_t nargs64; 1121 int nsys, code, error; 1122 int tmp; 1123 int rval[2]; 1124 #ifdef DIAGNOSTIC 1125 struct cpu_info *ci = curcpu(); 1126 int oldcpl = ci->ci_cpl; 1127 #endif 1128 1129 curcpu()->ci_data.cpu_nsyscall++; 1130 1131 #ifdef DEBUG 1132 frame_sanity_check(__func__, __LINE__, 0, frame, curlwp); 1133 #endif /* DEBUG */ 1134 1135 if (!USERMODE(frame->tf_iioq_head)) 1136 panic("syscall"); 1137 1138 KASSERT(curlwp != NULL); 1139 l = curlwp; 1140 p = l->l_proc; 1141 l->l_md.md_regs = frame; 1142 nsys = p->p_emul->e_nsysent; 1143 callp = p->p_emul->e_sysent; 1144 code = frame->tf_t1; 1145 LWP_CACHE_CREDS(l, p); 1146 1147 /* 1148 * Restarting a system call is touchy on the HPPA, because syscall 1149 * arguments are passed in registers and the program counter of the 1150 * syscall "point" isn't easily divined. 1151 * 1152 * We handle the first problem by assuming that we will have to restart 1153 * this system call, so we stuff the first four words of the original 1154 * arguments back into the frame as arg0...arg3, which is where we 1155 * found them in the first place. Any further arguments are (still) on 1156 * the user's stack and the syscall code will fetch them from there 1157 * (again). 1158 * 1159 * The program counter problem is addressed below. 1160 */ 1161 frame->tf_arg0 = args[0]; 1162 frame->tf_arg1 = args[1]; 1163 frame->tf_arg2 = args[2]; 1164 frame->tf_arg3 = args[3]; 1165 1166 /* 1167 * Some special handling for the syscall(2) and 1168 * __syscall(2) system calls. 1169 */ 1170 switch (code) { 1171 case SYS_syscall: 1172 code = *args; 1173 args += 1; 1174 break; 1175 case SYS___syscall: 1176 if (callp != sysent) 1177 break; 1178 /* 1179 * NB: even though __syscall(2) takes a quad_t containing the 1180 * system call number, because our argument copying word-swaps 1181 * 64-bit arguments, the least significant word of that quad_t 1182 * is the first word in the argument array. 1183 */ 1184 code = *args; 1185 args += 2; 1186 } 1187 1188 /* 1189 * Stacks growing from lower addresses to higher addresses are not 1190 * really such a good idea, because it makes it impossible to overlay a 1191 * struct on top of C stack arguments (the arguments appear in 1192 * reversed order). 1193 * 1194 * You can do the obvious thing (as locore.S does) and copy argument 1195 * words one by one, laying them out in the "right" order in the dest- 1196 * ination buffer, but this ends up word-swapping multi-word arguments 1197 * (like off_t). 1198 * 1199 * FIXME - this works only on native binaries and 1200 * will probably screw up any and all emulation. 1201 * 1202 */ 1203 1204 if (code < 0 || code >= nsys) 1205 callp += p->p_emul->e_nosys; /* bad syscall # */ 1206 else 1207 callp += code; 1208 1209 nargs64 = SYCALL_NARGS64(callp); 1210 if (nargs64 != 0) { 1211 size_t nargs = callp->sy_narg; 1212 1213 for (size_t i = 0; i < nargs + nargs64;) { 1214 if (SYCALL_ARG_64_P(callp, i)) { 1215 tmp = args[i]; 1216 args[i] = args[i + 1]; 1217 args[i + 1] = tmp; 1218 i += 2; 1219 } else 1220 i++; 1221 } 1222 } 1223 1224 #ifdef USERTRACE 1225 if (0) { 1226 user_backtrace(frame, l, -1); 1227 frame->tf_ipsw |= PSW_R; 1228 frame->tf_rctr = 0; 1229 printf("r %08x", frame->tf_iioq_head); 1230 rctr_next_iioq = frame->tf_iioq_head + 4; 1231 } 1232 #endif 1233 1234 error = sy_invoke(callp, l, args, rval, code); 1235 1236 switch (error) { 1237 case 0: 1238 l = curlwp; /* changes on exec() */ 1239 frame = l->l_md.md_regs; 1240 frame->tf_ret0 = rval[0]; 1241 frame->tf_ret1 = rval[1]; 1242 frame->tf_t1 = 0; 1243 break; 1244 case ERESTART: 1245 /* 1246 * Now we have to wind back the instruction offset queue to the 1247 * point where the system call will be made again. This is 1248 * inherently tied to the SYSCALL macro. 1249 * 1250 * Currently, the part of the SYSCALL macro that we want to re- 1251 * run reads as: 1252 * 1253 * ldil L%SYSCALLGATE, r1 1254 * ble 4(srX, r1) 1255 * ldi __CONCAT(SYS_,x), t1 1256 * comb,<> %r0, %t1, __cerror 1257 * 1258 * And our offset queue head points to the comb instruction. 1259 * So we need to subtract twelve to reach the ldil. 1260 */ 1261 frame->tf_iioq_head -= 12; 1262 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 1263 break; 1264 case EJUSTRETURN: 1265 p = curproc; 1266 break; 1267 default: 1268 if (p->p_emul->e_errno) 1269 error = p->p_emul->e_errno[error]; 1270 frame->tf_t1 = error; 1271 break; 1272 } 1273 1274 userret(l, frame->tf_iioq_head, 0); 1275 1276 #ifdef DIAGNOSTIC 1277 if (ci->ci_cpl != oldcpl) { 1278 printf("WARNING: SPL (0x%x) NOT LOWERED ON " 1279 "syscall(0x%x, 0x%x, 0x%x, 0x%x...) EXIT, PID %d\n", 1280 ci->ci_cpl, code, args[0], args[1], args[2], p->p_pid); 1281 ci->ci_cpl = oldcpl; 1282 } 1283 #endif 1284 1285 #ifdef DEBUG 1286 frame_sanity_check(__func__, __LINE__, 0, frame, l); 1287 #endif /* DEBUG */ 1288 } 1289 1290 /* 1291 * Start a new LWP 1292 */ 1293 void 1294 startlwp(void *arg) 1295 { 1296 ucontext_t *uc = arg; 1297 lwp_t *l = curlwp; 1298 int error __diagused; 1299 1300 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags); 1301 KASSERT(error == 0); 1302 1303 kmem_free(uc, sizeof(ucontext_t)); 1304 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1305 } 1306
Indexes created Tue Sep 30 20:09:53 GMT 2025