trap.c revision 1.111
1 /* $NetBSD: trap.c,v 1.111 2019/04/15 20:45:08 skrll Exp $ */ 2 3 /*- 4 * Copyright (c) 2001, 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Matthew Fredette. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* $OpenBSD: trap.c,v 1.30 2001/09/19 20:50:56 mickey Exp $ */ 33 34 /* 35 * Copyright (c) 1998-2004 Michael Shalayeff 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 48 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 49 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 50 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 51 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 52 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 53 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 56 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 57 * THE POSSIBILITY OF SUCH DAMAGE. 58 */ 59 60 #include <sys/cdefs.h> 61 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.111 2019/04/15 20:45:08 skrll Exp $"); 62 63 /* #define INTRDEBUG */ 64 /* #define TRAPDEBUG */ 65 /* #define USERTRACE */ 66 67 #include "opt_kgdb.h" 68 #include "opt_ptrace.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/kernel.h> 73 #include <sys/syscall.h> 74 #include <sys/syscallvar.h> 75 #include <sys/mutex.h> 76 #include <sys/ktrace.h> 77 #include <sys/proc.h> 78 #include <sys/signalvar.h> 79 #include <sys/acct.h> 80 #include <sys/signal.h> 81 #include <sys/device.h> 82 #include <sys/kauth.h> 83 #include <sys/kmem.h> 84 #include <sys/userret.h> 85 86 #include <net/netisr.h> 87 88 #ifdef KGDB 89 #include <sys/kgdb.h> 90 #endif 91 92 #include <uvm/uvm.h> 93 94 #include <machine/iomod.h> 95 #include <machine/cpufunc.h> 96 #include <machine/reg.h> 97 #include <machine/autoconf.h> 98 99 #include <machine/db_machdep.h> 100 101 #include <hppa/hppa/machdep.h> 102 103 #include <ddb/db_output.h> 104 #include <ddb/db_interface.h> 105 106 #ifdef PTRACE 107 void ss_clear_breakpoints(struct lwp *l); 108 int ss_put_value(struct lwp *, vaddr_t, u_int); 109 int ss_get_value(struct lwp *, vaddr_t, u_int *); 110 111 /* single-step breakpoint */ 112 #define SSBREAKPOINT (HPPA_BREAK_KERNEL | (HPPA_BREAK_SS << 13)) 113 114 #endif 115 116 #if defined(DEBUG) || defined(DIAGNOSTIC) 117 /* 118 * 0x6fc1000 is a stwm r1, d(sr0, sp), which is the last 119 * instruction in the function prologue that gcc -O0 uses. 120 * When we have this instruction we know the relationship 121 * between the stack pointer and the gcc -O0 frame pointer 122 * (in r3, loaded with the initial sp) for the body of a 123 * function. 124 * 125 * If the given instruction is a stwm r1, d(sr0, sp) where 126 * d > 0, we evaluate to d, else we evaluate to zero. 127 */ 128 #define STWM_R1_D_SR0_SP(inst) \ 129 (((inst) & 0xffffc001) == 0x6fc10000 ? (((inst) & 0x00003ff) >> 1) : 0) 130 #endif /* DEBUG || DIAGNOSTIC */ 131 132 const char *trap_type[] = { 133 "invalid", 134 "HPMC", 135 "power failure", 136 "recovery counter", 137 "external interrupt", 138 "LPMC", 139 "ITLB miss fault", 140 "instruction protection", 141 "Illegal instruction", 142 "break instruction", 143 "privileged operation", 144 "privileged register", 145 "overflow", 146 "conditional", 147 "assist exception", 148 "DTLB miss", 149 "ITLB non-access miss", 150 "DTLB non-access miss", 151 "data protection/rights/alignment", 152 "data break", 153 "TLB dirty", 154 "page reference", 155 "assist emulation", 156 "higher-priv transfer", 157 "lower-priv transfer", 158 "taken branch", 159 "data access rights", 160 "data protection", 161 "unaligned data ref", 162 }; 163 int trap_types = __arraycount(trap_type); 164 165 uint8_t fpopmap[] = { 166 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 167 0x00, 0x0c, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 174 }; 175 176 void pmap_hptdump(void); 177 void syscall(struct trapframe *, int *); 178 179 #if defined(DEBUG) 180 struct trapframe *sanity_frame; 181 struct lwp *sanity_lwp; 182 const char *sanity_string; 183 void frame_sanity_check(const char *, int, int, struct trapframe *, 184 struct lwp *); 185 #endif 186 187 188 #ifdef USERTRACE 189 /* 190 * USERTRACE is a crude facility that traces the PC of a single user process. 191 * This tracing is normally activated by the dispatching of a certain syscall 192 * with certain arguments - see the activation code in syscall(). 193 */ 194 static void user_backtrace(struct trapframe *, struct lwp *, int); 195 static void user_backtrace_raw(u_int, u_int); 196 197 u_int rctr_next_iioq; 198 #endif 199 200 static inline void 201 userret(struct lwp *l, register_t pc, u_quad_t oticks) 202 { 203 struct proc *p = l->l_proc; 204 205 if (l->l_md.md_astpending) { 206 l->l_md.md_astpending = 0; 207 //curcpu()->ci_data.cpu_nast++; 208 209 if (curcpu()->ci_want_resched) 210 preempt(); 211 } 212 213 mi_userret(l); 214 215 /* 216 * If profiling, charge recent system time to the trapped pc. 217 */ 218 if (p->p_stflag & PST_PROFIL) { 219 extern int psratio; 220 221 addupc_task(l, pc, (int)(p->p_sticks - oticks) * psratio); 222 } 223 } 224 225 /* 226 * This handles some messy kernel debugger details. 227 * It dispatches into either kgdb or DDB, and knows 228 * about some special things to do, like skipping over 229 * break instructions and how to really set up for 230 * a single-step. 231 */ 232 #if defined(KGDB) || defined(DDB) 233 static int 234 trap_kdebug(int type, int code, struct trapframe *frame) 235 { 236 int handled; 237 u_int tf_iioq_head_old; 238 u_int tf_iioq_tail_old; 239 240 for (;;) { 241 242 /* This trap has not been handled. */ 243 handled = 0; 244 245 /* Remember the instruction offset queue. */ 246 tf_iioq_head_old = frame->tf_iioq_head; 247 tf_iioq_tail_old = frame->tf_iioq_tail; 248 249 #ifdef KGDB 250 /* Let KGDB handle it (if connected) */ 251 if (!handled) 252 handled = kgdb_trap(type, frame); 253 #endif 254 #ifdef DDB 255 /* Let DDB handle it. */ 256 if (!handled) 257 handled = kdb_trap(type, code, frame); 258 #endif 259 260 /* If this trap wasn't handled, return now. */ 261 if (!handled) 262 return(0); 263 264 /* 265 * If the instruction offset queue head changed, but the offset 266 * queue tail didn't, assume that the user wants to jump to the 267 * head offset, and adjust the tail accordingly. This should 268 * fix the kgdb `jump' command, and can help DDB users who `set' 269 * the offset head but forget the tail. 270 */ 271 if (frame->tf_iioq_head != tf_iioq_head_old && 272 frame->tf_iioq_tail == tf_iioq_tail_old) 273 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 274 275 /* 276 * This is some single-stepping support. If we're trying to 277 * step through a nullified instruction, just advance by hand 278 * and trap again. Otherwise, load the recovery counter with 279 * zero. 280 */ 281 if (frame->tf_ipsw & PSW_R) { 282 #ifdef TRAPDEBUG 283 printf("(single stepping at head 0x%x tail 0x%x)\n", 284 frame->tf_iioq_head, frame->tf_iioq_tail); 285 #endif 286 if (frame->tf_ipsw & PSW_N) { 287 #ifdef TRAPDEBUG 288 printf("(single stepping past nullified)\n"); 289 #endif 290 291 /* Advance the program counter. */ 292 frame->tf_iioq_head = frame->tf_iioq_tail; 293 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 294 295 /* Clear flags. */ 296 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 297 298 /* Simulate another trap. */ 299 type = T_RECOVERY; 300 continue; 301 } 302 frame->tf_rctr = 0; 303 } 304 305 /* We handled this trap. */ 306 return (1); 307 } 308 /* NOTREACHED */ 309 } 310 #else /* !KGDB && !DDB */ 311 #define trap_kdebug(t, c, f) (0) 312 #endif /* !KGDB && !DDB */ 313 314 #if defined(DEBUG) || defined(USERTRACE) 315 /* 316 * These functions give a crude usermode backtrace. They really only work when 317 * code has been compiled without optimization, as they assume a certain func- 318 * tion prologue sets up a frame pointer and stores the return pointer and arg- 319 * uments in it. 320 */ 321 static void 322 user_backtrace_raw(u_int pc, u_int fp) 323 { 324 int frame_number; 325 int arg_number; 326 uint32_t val; 327 328 for (frame_number = 0; 329 frame_number < 100 && pc > HPPA_PC_PRIV_MASK && fp; 330 frame_number++) { 331 332 printf("%3d: pc=%08x%s fp=0x%08x", frame_number, 333 pc & ~HPPA_PC_PRIV_MASK, USERMODE(pc) ? " " : "**", fp); 334 for (arg_number = 0; arg_number < 4; arg_number++) { 335 if (ufetch_32(HPPA_FRAME_CARG(arg_number, fp), 336 &val) == 0) { 337 printf(" arg%d=0x%08x", arg_number, val); 338 } else { 339 printf(" arg%d=<bad address>", arg_number); 340 } 341 } 342 printf("\n"); 343 if (ufetch_int((((uint32_t *) fp) - 5), &pc) != 0) { 344 printf(" ufetch for pc failed\n"); 345 break; 346 } 347 if (ufetch_int((((uint32_t *) fp) + 0), &fp) != 0) { 348 printf(" ufetch for fp failed\n"); 349 break; 350 } 351 } 352 printf(" backtrace stopped with pc %08x fp 0x%08x\n", pc, fp); 353 } 354 355 static void 356 user_backtrace(struct trapframe *tf, struct lwp *l, int type) 357 { 358 struct proc *p = l->l_proc; 359 u_int pc, fp, inst; 360 361 /* 362 * Display any trap type that we have. 363 */ 364 if (type >= 0) 365 printf("pid %d (%s) trap #%d\n", 366 p->p_pid, p->p_comm, type & ~T_USER); 367 368 /* 369 * Assuming that the frame pointer in r3 is valid, 370 * dump out a stack trace. 371 */ 372 fp = tf->tf_r3; 373 printf("pid %d (%s) backtrace, starting with fp 0x%08x\n", 374 p->p_pid, p->p_comm, fp); 375 user_backtrace_raw(tf->tf_iioq_head, fp); 376 377 /* 378 * In case the frame pointer in r3 is not valid, assuming the stack 379 * pointer is valid and the faulting function is a non-leaf, if we can 380 * find its prologue we can recover its frame pointer. 381 */ 382 pc = tf->tf_iioq_head; 383 fp = tf->tf_sp - HPPA_FRAME_SIZE; 384 printf("pid %d (%s) backtrace, starting with sp 0x%08x pc 0x%08x\n", 385 p->p_pid, p->p_comm, tf->tf_sp, pc); 386 for (pc &= ~HPPA_PC_PRIV_MASK; pc > 0; pc -= sizeof(inst)) { 387 if (ufetch_int((u_int *) pc, &inst) != 0) { 388 printf(" ufetch for inst at pc %08x failed\n", pc); 389 break; 390 } 391 /* Check for the prologue instruction that sets sp. */ 392 if (STWM_R1_D_SR0_SP(inst)) { 393 fp = tf->tf_sp - STWM_R1_D_SR0_SP(inst); 394 printf(" sp from fp at pc %08x: %08x\n", pc, inst); 395 break; 396 } 397 } 398 user_backtrace_raw(tf->tf_iioq_head, fp); 399 } 400 #endif /* DEBUG || USERTRACE */ 401 402 #ifdef DEBUG 403 /* 404 * This sanity-checks a trapframe. It is full of various assumptions about 405 * what a healthy CPU state should be, with some documented elsewhere, some not. 406 */ 407 void 408 frame_sanity_check(const char *func, int line, int type, struct trapframe *tf, 409 struct lwp *l) 410 { 411 #if 0 412 extern int kernel_text; 413 extern int etext; 414 #endif 415 struct cpu_info *ci = curcpu(); 416 417 #define SANITY(e) \ 418 do { \ 419 if (sanity_frame == NULL && !(e)) { \ 420 sanity_frame = tf; \ 421 sanity_lwp = l; \ 422 sanity_string = #e; \ 423 } \ 424 } while (/* CONSTCOND */ 0) 425 426 KASSERT(l != NULL); 427 SANITY((tf->tf_ipsw & ci->ci_psw) == ci->ci_psw); 428 SANITY((ci->ci_psw & PSW_I) == 0 || tf->tf_eiem != 0); 429 if (tf->tf_iisq_head == HPPA_SID_KERNEL) { 430 vaddr_t minsp, maxsp, uv; 431 432 uv = uvm_lwp_getuarea(l); 433 434 /* 435 * If the trap happened in the gateway page, we take the easy 436 * way out and assume that the trapframe is okay. 437 */ 438 if ((tf->tf_iioq_head & ~PAGE_MASK) == SYSCALLGATE) 439 goto out; 440 441 SANITY(!USERMODE(tf->tf_iioq_head)); 442 SANITY(!USERMODE(tf->tf_iioq_tail)); 443 444 /* 445 * Don't check the instruction queues or stack on interrupts 446 * as we could be be in the sti code (outside normal kernel 447 * text) or switching LWPs (curlwp and sp are not in sync) 448 */ 449 if ((type & ~T_USER) == T_INTERRUPT) 450 goto out; 451 #if 0 452 SANITY(tf->tf_iioq_head >= (u_int) &kernel_text); 453 SANITY(tf->tf_iioq_head < (u_int) &etext); 454 SANITY(tf->tf_iioq_tail >= (u_int) &kernel_text); 455 SANITY(tf->tf_iioq_tail < (u_int) &etext); 456 #endif 457 458 maxsp = uv + USPACE + PAGE_SIZE; 459 minsp = uv + PAGE_SIZE; 460 461 SANITY(tf->tf_sp >= minsp && tf->tf_sp < maxsp); 462 } else { 463 struct pcb *pcb = lwp_getpcb(l); 464 465 SANITY(USERMODE(tf->tf_iioq_head)); 466 SANITY(USERMODE(tf->tf_iioq_tail)); 467 SANITY(tf->tf_cr30 == (u_int)pcb->pcb_fpregs); 468 } 469 #undef SANITY 470 out: 471 if (sanity_frame == tf) { 472 printf("insanity: '%s' at %s:%d type 0x%x tf %p lwp %p " 473 "sp 0x%x pc 0x%x\n", 474 sanity_string, func, line, type, sanity_frame, sanity_lwp, 475 tf->tf_sp, tf->tf_iioq_head); 476 (void) trap_kdebug(T_IBREAK, 0, tf); 477 sanity_frame = NULL; 478 sanity_lwp = NULL; 479 } 480 } 481 #endif /* DEBUG */ 482 483 void 484 trap(int type, struct trapframe *frame) 485 { 486 struct lwp *l; 487 struct proc *p; 488 struct pcb *pcb; 489 vaddr_t va; 490 struct vm_map *map; 491 struct vmspace *vm; 492 vm_prot_t vftype; 493 pa_space_t space; 494 ksiginfo_t ksi; 495 u_int opcode, onfault; 496 int ret; 497 const char *tts = "reserved"; 498 int trapnum; 499 #ifdef DIAGNOSTIC 500 extern int emergency_stack_start, emergency_stack_end; 501 struct cpu_info *ci = curcpu(); 502 int oldcpl = ci->ci_cpl; 503 #endif 504 505 trapnum = type & ~T_USER; 506 opcode = frame->tf_iir; 507 508 if (trapnum <= T_EXCEPTION || trapnum == T_HIGHERPL || 509 trapnum == T_LOWERPL || trapnum == T_TAKENBR || 510 trapnum == T_IDEBUG || trapnum == T_PERFMON) { 511 va = frame->tf_iioq_head; 512 space = frame->tf_iisq_head; 513 vftype = VM_PROT_EXECUTE; 514 } else { 515 va = frame->tf_ior; 516 space = frame->tf_isr; 517 vftype = inst_store(opcode) ? VM_PROT_WRITE : VM_PROT_READ; 518 } 519 520 KASSERT(curlwp != NULL); 521 l = curlwp; 522 p = l->l_proc; 523 if ((type & T_USER) != 0) 524 LWP_CACHE_CREDS(l, p); 525 526 #ifdef DIAGNOSTIC 527 /* 528 * If we are on the emergency stack, then we either got 529 * a fault on the kernel stack, or we're just handling 530 * a trap for the machine check handler (which also 531 * runs on the emergency stack). 532 * 533 * We *very crudely* differentiate between the two cases 534 * by checking the faulting instruction: if it is the 535 * function prologue instruction that stores the old 536 * frame pointer and updates the stack pointer, we assume 537 * that we faulted on the kernel stack. 538 * 539 * In this case, not completing that instruction will 540 * probably confuse backtraces in kgdb/ddb. Completing 541 * it would be difficult, because we already faulted on 542 * that part of the stack, so instead we fix up the 543 * frame as if the function called has just returned. 544 * This has peculiar knowledge about what values are in 545 * what registers during the "normal gcc -g" prologue. 546 */ 547 if (&type >= &emergency_stack_start && 548 &type < &emergency_stack_end && 549 type != T_IBREAK && STWM_R1_D_SR0_SP(opcode)) { 550 /* Restore the caller's frame pointer. */ 551 frame->tf_r3 = frame->tf_r1; 552 /* Restore the caller's instruction offsets. */ 553 frame->tf_iioq_head = frame->tf_rp; 554 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 555 goto dead_end; 556 } 557 #endif /* DIAGNOSTIC */ 558 559 #ifdef DEBUG 560 frame_sanity_check(__func__, __LINE__, type, frame, l); 561 #endif /* DEBUG */ 562 563 if (frame->tf_flags & TFF_LAST) 564 l->l_md.md_regs = frame; 565 566 if (trapnum <= trap_types) 567 tts = trap_type[trapnum]; 568 569 #ifdef TRAPDEBUG 570 if (trapnum != T_INTERRUPT && trapnum != T_IBREAK) 571 printf("trap: %d, %s for %x:%lx at %x:%x, fp=%p, rp=%x\n", 572 type, tts, space, va, frame->tf_iisq_head, 573 frame->tf_iioq_head, frame, frame->tf_rp); 574 else if (trapnum == T_IBREAK) 575 printf("trap: break instruction %x:%x at %x:%x, fp=%p\n", 576 break5(opcode), break13(opcode), 577 frame->tf_iisq_head, frame->tf_iioq_head, frame); 578 579 { 580 extern int etext; 581 if (frame < (struct trapframe *)&etext) { 582 printf("trap: bogus frame ptr %p\n", frame); 583 goto dead_end; 584 } 585 } 586 #endif 587 588 pcb = lwp_getpcb(l); 589 590 /* If this is a trap, not an interrupt, reenable interrupts. */ 591 if (trapnum != T_INTERRUPT) { 592 curcpu()->ci_data.cpu_ntrap++; 593 mtctl(frame->tf_eiem, CR_EIEM); 594 } 595 596 switch (type) { 597 case T_NONEXIST: 598 case T_NONEXIST|T_USER: 599 #if !defined(DDB) && !defined(KGDB) 600 /* we've got screwed up by the central scrutinizer */ 601 panic ("trap: elvis has just left the building!"); 602 break; 603 #else 604 goto dead_end; 605 #endif 606 case T_RECOVERY|T_USER: 607 #ifdef USERTRACE 608 for (;;) { 609 if (frame->tf_iioq_head != rctr_next_iioq) 610 printf("-%08x\nr %08x", 611 rctr_next_iioq - 4, 612 frame->tf_iioq_head); 613 rctr_next_iioq = frame->tf_iioq_head + 4; 614 if (frame->tf_ipsw & PSW_N) { 615 /* Advance the program counter. */ 616 frame->tf_iioq_head = frame->tf_iioq_tail; 617 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 618 /* Clear flags. */ 619 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 620 /* Simulate another trap. */ 621 continue; 622 } 623 break; 624 } 625 frame->tf_rctr = 0; 626 break; 627 #endif /* USERTRACE */ 628 case T_RECOVERY: 629 #if !defined(DDB) && !defined(KGDB) 630 /* XXX will implement later */ 631 printf ("trap: handicapped"); 632 break; 633 #else 634 goto dead_end; 635 #endif 636 637 case T_EMULATION | T_USER: 638 hppa_fpu_emulate(frame, l, opcode); 639 break; 640 641 case T_DATALIGN: 642 onfault = pcb->pcb_onfault; 643 if (onfault) { 644 ret = EFAULT; 645 do_onfault: 646 frame->tf_iioq_head = onfault; 647 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 648 frame->tf_ret0 = ret; 649 break; 650 } 651 /*FALLTHROUGH*/ 652 653 #ifdef DIAGNOSTIC 654 /* these just can't happen ever */ 655 case T_PRIV_OP: 656 case T_PRIV_REG: 657 /* these just can't make it to the trap() ever */ 658 case T_HPMC: 659 case T_HPMC | T_USER: 660 case T_EMULATION: 661 case T_EXCEPTION: 662 #endif 663 case T_IBREAK: 664 case T_DBREAK: 665 dead_end: 666 if (type & T_USER) { 667 #ifdef DEBUG 668 user_backtrace(frame, l, type); 669 #endif 670 KSI_INIT_TRAP(&ksi); 671 ksi.ksi_signo = SIGILL; 672 ksi.ksi_code = ILL_ILLTRP; 673 ksi.ksi_trap = type; 674 ksi.ksi_addr = (void *)frame->tf_iioq_head; 675 trapsignal(l, &ksi); 676 break; 677 } 678 if (trap_kdebug(type, va, frame)) 679 return; 680 else if (type == T_DATALIGN) 681 panic ("trap: %s at 0x%x", tts, (u_int) va); 682 else 683 panic ("trap: no debugger for \"%s\" (%d)", tts, type); 684 break; 685 686 case T_IBREAK | T_USER: 687 case T_DBREAK | T_USER: 688 KSI_INIT_TRAP(&ksi); 689 ksi.ksi_signo = SIGTRAP; 690 ksi.ksi_code = TRAP_TRACE; 691 ksi.ksi_trap = trapnum; 692 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 693 #ifdef PTRACE 694 ss_clear_breakpoints(l); 695 if (opcode == SSBREAKPOINT) 696 ksi.ksi_code = TRAP_BRKPT; 697 #endif 698 /* pass to user debugger */ 699 trapsignal(l, &ksi); 700 break; 701 702 #ifdef PTRACE 703 case T_TAKENBR | T_USER: 704 ss_clear_breakpoints(l); 705 706 KSI_INIT_TRAP(&ksi); 707 ksi.ksi_signo = SIGTRAP; 708 ksi.ksi_code = TRAP_TRACE; 709 ksi.ksi_trap = trapnum; 710 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 711 712 /* pass to user debugger */ 713 trapsignal(l, &ksi); 714 break; 715 #endif 716 717 case T_EXCEPTION | T_USER: { /* co-proc assist trap */ 718 uint64_t *fpp; 719 uint32_t *pex, ex, inst; 720 int i; 721 722 hppa_fpu_flush(l); 723 fpp = (uint64_t *)pcb->pcb_fpregs; 724 725 /* skip the status register */ 726 pex = (uint32_t *)&fpp[0]; 727 pex++; 728 729 /* loop through the exception registers */ 730 for (i = 1; i < 8 && !*pex; i++, pex++) 731 ; 732 KASSERT(i < 8); 733 ex = *pex; 734 *pex = 0; 735 736 /* reset the trap flag, as if there was none */ 737 fpp[0] &= ~(((uint64_t)HPPA_FPU_T) << 32); 738 739 /* emulate the instruction */ 740 inst = ((uint32_t)fpopmap[ex >> 26] << 26) | (ex & 0x03ffffff); 741 hppa_fpu_emulate(frame, l, inst); 742 } 743 break; 744 745 case T_OVERFLOW | T_USER: 746 KSI_INIT_TRAP(&ksi); 747 ksi.ksi_signo = SIGFPE; 748 ksi.ksi_code = SI_NOINFO; 749 ksi.ksi_trap = type; 750 ksi.ksi_addr = (void *)va; 751 trapsignal(l, &ksi); 752 break; 753 754 case T_CONDITION | T_USER: 755 KSI_INIT_TRAP(&ksi); 756 ksi.ksi_signo = SIGFPE; 757 ksi.ksi_code = FPE_INTDIV; 758 ksi.ksi_trap = type; 759 ksi.ksi_addr = (void *)va; 760 trapsignal(l, &ksi); 761 break; 762 763 case T_ILLEGAL | T_USER: 764 #ifdef DEBUG 765 user_backtrace(frame, l, type); 766 #endif 767 KSI_INIT_TRAP(&ksi); 768 ksi.ksi_signo = SIGILL; 769 ksi.ksi_code = ILL_ILLOPC; 770 ksi.ksi_trap = type; 771 ksi.ksi_addr = (void *)va; 772 trapsignal(l, &ksi); 773 break; 774 775 case T_PRIV_OP | T_USER: 776 #ifdef DEBUG 777 user_backtrace(frame, l, type); 778 #endif 779 KSI_INIT_TRAP(&ksi); 780 ksi.ksi_signo = SIGILL; 781 ksi.ksi_code = ILL_PRVOPC; 782 ksi.ksi_trap = type; 783 ksi.ksi_addr = (void *)va; 784 trapsignal(l, &ksi); 785 break; 786 787 case T_PRIV_REG | T_USER: 788 #ifdef DEBUG 789 user_backtrace(frame, l, type); 790 #endif 791 KSI_INIT_TRAP(&ksi); 792 ksi.ksi_signo = SIGILL; 793 ksi.ksi_code = ILL_PRVREG; 794 ksi.ksi_trap = type; 795 ksi.ksi_addr = (void *)va; 796 trapsignal(l, &ksi); 797 break; 798 799 /* these should never got here */ 800 case T_HIGHERPL | T_USER: 801 case T_LOWERPL | T_USER: 802 KSI_INIT_TRAP(&ksi); 803 ksi.ksi_signo = SIGSEGV; 804 ksi.ksi_code = SEGV_ACCERR; 805 ksi.ksi_trap = type; 806 ksi.ksi_addr = (void *)va; 807 trapsignal(l, &ksi); 808 break; 809 810 case T_IPROT | T_USER: 811 case T_DPROT | T_USER: 812 KSI_INIT_TRAP(&ksi); 813 ksi.ksi_signo = SIGSEGV; 814 ksi.ksi_code = SEGV_ACCERR; 815 ksi.ksi_trap = type; 816 ksi.ksi_addr = (void *)va; 817 trapsignal(l, &ksi); 818 break; 819 820 case T_DATACC: case T_USER | T_DATACC: 821 case T_ITLBMISS: case T_USER | T_ITLBMISS: 822 case T_DTLBMISS: case T_USER | T_DTLBMISS: 823 case T_ITLBMISSNA: case T_USER | T_ITLBMISSNA: 824 case T_DTLBMISSNA: case T_USER | T_DTLBMISSNA: 825 case T_TLB_DIRTY: case T_USER | T_TLB_DIRTY: 826 vm = p->p_vmspace; 827 828 if (!vm) { 829 #ifdef TRAPDEBUG 830 printf("trap: no vm, p=%p\n", p); 831 #endif 832 goto dead_end; 833 } 834 835 /* 836 * it could be a kernel map for exec_map faults 837 */ 838 if (!(type & T_USER) && space == HPPA_SID_KERNEL) 839 map = kernel_map; 840 else { 841 map = &vm->vm_map; 842 } 843 844 va = trunc_page(va); 845 846 if (map->pmap->pm_space != space) { 847 #ifdef TRAPDEBUG 848 printf("trap: space mismatch %d != %d\n", 849 space, map->pmap->pm_space); 850 #endif 851 /* actually dump the user, crap the kernel */ 852 goto dead_end; 853 } 854 855 /* Never call uvm_fault in interrupt context. */ 856 KASSERT(curcpu()->ci_cpl == 0); 857 858 onfault = pcb->pcb_onfault; 859 pcb->pcb_onfault = 0; 860 ret = uvm_fault(map, va, vftype); 861 pcb->pcb_onfault = onfault; 862 863 #ifdef TRAPDEBUG 864 printf("uvm_fault(%p, %x, %d)=%d\n", 865 map, (u_int)va, vftype, ret); 866 #endif 867 868 /* 869 * If this was a stack access we keep track of the maximum 870 * accessed stack size. Also, if uvm_fault gets a protection 871 * failure it is due to accessing the stack region outside 872 * the current limit and we need to reflect that as an access 873 * error. 874 */ 875 if (map != kernel_map && va >= (vaddr_t)vm->vm_minsaddr) { 876 if (ret == 0) 877 uvm_grow(l->l_proc, va); 878 else if (ret == EACCES) 879 ret = EFAULT; 880 } 881 882 if (ret != 0) { 883 if (type & T_USER) { 884 #ifdef DEBUG 885 user_backtrace(frame, l, type); 886 #endif 887 KSI_INIT_TRAP(&ksi); 888 switch (ret) { 889 case EACCES: 890 ksi.ksi_signo = SIGSEGV; 891 ksi.ksi_code = SEGV_ACCERR; 892 break; 893 case ENOMEM: 894 ksi.ksi_signo = SIGKILL; 895 printf("UVM: pid %d (%s), uid %d " 896 "killed: out of swap\n", 897 p->p_pid, p->p_comm, 898 l->l_cred ? 899 kauth_cred_geteuid(l->l_cred) 900 : -1); 901 break; 902 case EINVAL: 903 ksi.ksi_signo = SIGBUS; 904 ksi.ksi_code = BUS_ADRERR; 905 break; 906 default: 907 ksi.ksi_signo = SIGSEGV; 908 ksi.ksi_code = SEGV_MAPERR; 909 break; 910 } 911 ksi.ksi_trap = type; 912 ksi.ksi_addr = (void *)va; 913 trapsignal(l, &ksi); 914 } else { 915 if (onfault) { 916 goto do_onfault; 917 } 918 panic("trap: uvm_fault(%p, %lx, %d): %d", 919 map, va, vftype, ret); 920 } 921 } 922 break; 923 924 case T_DATALIGN | T_USER: 925 #ifdef DEBUG 926 user_backtrace(frame, l, type); 927 #endif 928 KSI_INIT_TRAP(&ksi); 929 ksi.ksi_signo = SIGBUS; 930 ksi.ksi_code = BUS_ADRALN; 931 ksi.ksi_trap = type; 932 ksi.ksi_addr = (void *)va; 933 trapsignal(l, &ksi); 934 break; 935 936 case T_INTERRUPT: 937 case T_INTERRUPT|T_USER: 938 hppa_intr(frame); 939 mtctl(frame->tf_eiem, CR_EIEM); 940 break; 941 942 case T_LOWERPL: 943 case T_DPROT: 944 case T_IPROT: 945 case T_OVERFLOW: 946 case T_CONDITION: 947 case T_ILLEGAL: 948 case T_HIGHERPL: 949 case T_TAKENBR: 950 case T_POWERFAIL: 951 case T_LPMC: 952 case T_PAGEREF: 953 case T_DATAPID: case T_DATAPID | T_USER: 954 if (0 /* T-chip */) { 955 break; 956 } 957 /* FALLTHROUGH to unimplemented */ 958 default: 959 panic ("trap: unimplemented \'%s\' (%d)", tts, type); 960 } 961 962 #ifdef DIAGNOSTIC 963 if (ci->ci_cpl != oldcpl) 964 printf("WARNING: SPL (%d) NOT LOWERED ON TRAP (%d) EXIT\n", 965 ci->ci_cpl, trapnum); 966 #endif 967 968 if (type & T_USER) 969 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 970 971 #ifdef DEBUG 972 frame_sanity_check(__func__, __LINE__, type, frame, l); 973 if (frame->tf_flags & TFF_LAST && (curlwp->l_flag & LW_IDLE) == 0) 974 frame_sanity_check(__func__, __LINE__, type, 975 curlwp->l_md.md_regs, curlwp); 976 #endif /* DEBUG */ 977 } 978 979 void 980 md_child_return(struct lwp *l) 981 { 982 /* 983 * Return values in the frame set by cpu_lwp_fork(). 984 */ 985 986 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 987 #ifdef DEBUG 988 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 989 #endif /* DEBUG */ 990 } 991 992 /* 993 * Process the tail end of a posix_spawn() for the child. 994 */ 995 void 996 cpu_spawn_return(struct lwp *l) 997 { 998 999 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1000 #ifdef DEBUG 1001 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 1002 #endif /* DEBUG */ 1003 } 1004 1005 #ifdef PTRACE 1006 1007 #include <sys/ptrace.h> 1008 1009 int 1010 ss_get_value(struct lwp *l, vaddr_t addr, u_int *value) 1011 { 1012 struct uio uio; 1013 struct iovec iov; 1014 1015 iov.iov_base = (void *)value; 1016 iov.iov_len = sizeof(u_int); 1017 uio.uio_iov = &iov; 1018 uio.uio_iovcnt = 1; 1019 uio.uio_offset = (off_t)addr; 1020 uio.uio_resid = sizeof(u_int); 1021 uio.uio_rw = UIO_READ; 1022 UIO_SETUP_SYSSPACE(&uio); 1023 1024 return (process_domem(curlwp, l, &uio)); 1025 } 1026 1027 int 1028 ss_put_value(struct lwp *l, vaddr_t addr, u_int value) 1029 { 1030 struct uio uio; 1031 struct iovec iov; 1032 1033 iov.iov_base = (void *)&value; 1034 iov.iov_len = sizeof(u_int); 1035 uio.uio_iov = &iov; 1036 uio.uio_iovcnt = 1; 1037 uio.uio_offset = (off_t)addr; 1038 uio.uio_resid = sizeof(u_int); 1039 uio.uio_rw = UIO_WRITE; 1040 UIO_SETUP_SYSSPACE(&uio); 1041 1042 return (process_domem(curlwp, l, &uio)); 1043 } 1044 1045 void 1046 ss_clear_breakpoints(struct lwp *l) 1047 { 1048 /* Restore origional instructions. */ 1049 if (l->l_md.md_bpva != 0) { 1050 ss_put_value(l, l->l_md.md_bpva, l->l_md.md_bpsave[0]); 1051 ss_put_value(l, l->l_md.md_bpva + 4, l->l_md.md_bpsave[1]); 1052 l->l_md.md_bpva = 0; 1053 } 1054 } 1055 1056 1057 int 1058 process_sstep(struct lwp *l, int sstep) 1059 { 1060 struct trapframe *tf = l->l_md.md_regs; 1061 int error; 1062 1063 ss_clear_breakpoints(l); 1064 1065 /* We're continuing... */ 1066 if (sstep == 0) { 1067 tf->tf_ipsw &= ~PSW_T; 1068 return 0; 1069 } 1070 1071 /* 1072 * Don't touch the syscall gateway page. Instead, insert a 1073 * breakpoint where we're supposed to return. 1074 */ 1075 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1076 l->l_md.md_bpva = tf->tf_r31 & ~HPPA_PC_PRIV_MASK; 1077 else 1078 l->l_md.md_bpva = tf->tf_iioq_tail & ~HPPA_PC_PRIV_MASK; 1079 1080 error = ss_get_value(l, l->l_md.md_bpva, &l->l_md.md_bpsave[0]); 1081 if (error) 1082 return error; 1083 error = ss_get_value(l, l->l_md.md_bpva + 4, &l->l_md.md_bpsave[1]); 1084 if (error) 1085 return error; 1086 1087 error = ss_put_value(l, l->l_md.md_bpva, SSBREAKPOINT); 1088 if (error) 1089 return error; 1090 error = ss_put_value(l, l->l_md.md_bpva + 4, SSBREAKPOINT); 1091 if (error) 1092 return error; 1093 1094 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1095 tf->tf_ipsw &= ~PSW_T; 1096 else 1097 tf->tf_ipsw |= PSW_T; 1098 1099 return 0; 1100 } 1101 #endif 1102 1103 1104 /* 1105 * call actual syscall routine 1106 * from the low-level syscall handler: 1107 * - all HPPA_FRAME_NARGS syscall's arguments supposed to be copied onto 1108 * our stack, this wins compared to copyin just needed amount anyway 1109 * - register args are copied onto stack too 1110 */ 1111 void 1112 syscall(struct trapframe *frame, int *args) 1113 { 1114 struct lwp *l; 1115 struct proc *p; 1116 const struct sysent *callp; 1117 size_t nargs64; 1118 int nsys, code, error; 1119 int tmp; 1120 int rval[2]; 1121 #ifdef DIAGNOSTIC 1122 struct cpu_info *ci = curcpu(); 1123 int oldcpl = ci->ci_cpl; 1124 #endif 1125 1126 curcpu()->ci_data.cpu_nsyscall++; 1127 1128 #ifdef DEBUG 1129 frame_sanity_check(__func__, __LINE__, 0, frame, curlwp); 1130 #endif /* DEBUG */ 1131 1132 if (!USERMODE(frame->tf_iioq_head)) 1133 panic("syscall"); 1134 1135 KASSERT(curlwp != NULL); 1136 l = curlwp; 1137 p = l->l_proc; 1138 l->l_md.md_regs = frame; 1139 nsys = p->p_emul->e_nsysent; 1140 callp = p->p_emul->e_sysent; 1141 code = frame->tf_t1; 1142 LWP_CACHE_CREDS(l, p); 1143 1144 /* 1145 * Restarting a system call is touchy on the HPPA, because syscall 1146 * arguments are passed in registers and the program counter of the 1147 * syscall "point" isn't easily divined. 1148 * 1149 * We handle the first problem by assuming that we will have to restart 1150 * this system call, so we stuff the first four words of the original 1151 * arguments back into the frame as arg0...arg3, which is where we 1152 * found them in the first place. Any further arguments are (still) on 1153 * the user's stack and the syscall code will fetch them from there 1154 * (again). 1155 * 1156 * The program counter problem is addressed below. 1157 */ 1158 frame->tf_arg0 = args[0]; 1159 frame->tf_arg1 = args[1]; 1160 frame->tf_arg2 = args[2]; 1161 frame->tf_arg3 = args[3]; 1162 1163 /* 1164 * Some special handling for the syscall(2) and 1165 * __syscall(2) system calls. 1166 */ 1167 switch (code) { 1168 case SYS_syscall: 1169 code = *args; 1170 args += 1; 1171 break; 1172 case SYS___syscall: 1173 if (callp != sysent) 1174 break; 1175 /* 1176 * NB: even though __syscall(2) takes a quad_t containing the 1177 * system call number, because our argument copying word-swaps 1178 * 64-bit arguments, the least significant word of that quad_t 1179 * is the first word in the argument array. 1180 */ 1181 code = *args; 1182 args += 2; 1183 } 1184 1185 /* 1186 * Stacks growing from lower addresses to higher addresses are not 1187 * really such a good idea, because it makes it impossible to overlay a 1188 * struct on top of C stack arguments (the arguments appear in 1189 * reversed order). 1190 * 1191 * You can do the obvious thing (as locore.S does) and copy argument 1192 * words one by one, laying them out in the "right" order in the dest- 1193 * ination buffer, but this ends up word-swapping multi-word arguments 1194 * (like off_t). 1195 * 1196 * FIXME - this works only on native binaries and 1197 * will probably screw up any and all emulation. 1198 * 1199 */ 1200 1201 if (code < 0 || code >= nsys) 1202 callp += p->p_emul->e_nosys; /* bad syscall # */ 1203 else 1204 callp += code; 1205 1206 nargs64 = SYCALL_NARGS64(callp); 1207 if (nargs64 != 0) { 1208 size_t nargs = callp->sy_narg; 1209 1210 for (size_t i = 0; i < nargs + nargs64;) { 1211 if (SYCALL_ARG_64_P(callp, i)) { 1212 tmp = args[i]; 1213 args[i] = args[i + 1]; 1214 args[i + 1] = tmp; 1215 i += 2; 1216 } else 1217 i++; 1218 } 1219 } 1220 1221 #ifdef USERTRACE 1222 if (0) { 1223 user_backtrace(frame, l, -1); 1224 frame->tf_ipsw |= PSW_R; 1225 frame->tf_rctr = 0; 1226 printf("r %08x", frame->tf_iioq_head); 1227 rctr_next_iioq = frame->tf_iioq_head + 4; 1228 } 1229 #endif 1230 1231 error = sy_invoke(callp, l, args, rval, code); 1232 1233 switch (error) { 1234 case 0: 1235 l = curlwp; /* changes on exec() */ 1236 frame = l->l_md.md_regs; 1237 frame->tf_ret0 = rval[0]; 1238 frame->tf_ret1 = rval[1]; 1239 frame->tf_t1 = 0; 1240 break; 1241 case ERESTART: 1242 /* 1243 * Now we have to wind back the instruction offset queue to the 1244 * point where the system call will be made again. This is 1245 * inherently tied to the SYSCALL macro. 1246 * 1247 * Currently, the part of the SYSCALL macro that we want to re- 1248 * run reads as: 1249 * 1250 * ldil L%SYSCALLGATE, r1 1251 * ble 4(srX, r1) 1252 * ldi __CONCAT(SYS_,x), t1 1253 * comb,<> %r0, %t1, __cerror 1254 * 1255 * And our offset queue head points to the comb instruction. 1256 * So we need to subtract twelve to reach the ldil. 1257 */ 1258 frame->tf_iioq_head -= 12; 1259 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 1260 break; 1261 case EJUSTRETURN: 1262 p = curproc; 1263 break; 1264 default: 1265 if (p->p_emul->e_errno) 1266 error = p->p_emul->e_errno[error]; 1267 frame->tf_t1 = error; 1268 break; 1269 } 1270 1271 userret(l, frame->tf_iioq_head, 0); 1272 1273 #ifdef DIAGNOSTIC 1274 if (ci->ci_cpl != oldcpl) { 1275 printf("WARNING: SPL (0x%x) NOT LOWERED ON " 1276 "syscall(0x%x, 0x%x, 0x%x, 0x%x...) EXIT, PID %d\n", 1277 ci->ci_cpl, code, args[0], args[1], args[2], p->p_pid); 1278 ci->ci_cpl = oldcpl; 1279 } 1280 #endif 1281 1282 #ifdef DEBUG 1283 frame_sanity_check(__func__, __LINE__, 0, frame, l); 1284 #endif /* DEBUG */ 1285 } 1286 1287 /* 1288 * Start a new LWP 1289 */ 1290 void 1291 startlwp(void *arg) 1292 { 1293 ucontext_t *uc = arg; 1294 lwp_t *l = curlwp; 1295 int error __diagused; 1296 1297 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags); 1298 KASSERT(error == 0); 1299 1300 kmem_free(uc, sizeof(ucontext_t)); 1301 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1302 } 1303
Indexes created Mon Sep 29 21:09:56 GMT 2025