trap.c revision 1.118
1 /* $NetBSD: trap.c,v 1.118 2022/06/07 06:06:46 skrll Exp $ */ 2 3 /*- 4 * Copyright (c) 2001, 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Matthew Fredette. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* $OpenBSD: trap.c,v 1.30 2001/09/19 20:50:56 mickey Exp $ */ 33 34 /* 35 * Copyright (c) 1998-2004 Michael Shalayeff 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 48 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 49 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 50 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 51 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 52 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 53 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 56 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 57 * THE POSSIBILITY OF SUCH DAMAGE. 58 */ 59 60 #include <sys/cdefs.h> 61 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.118 2022/06/07 06:06:46 skrll Exp $"); 62 63 /* #define INTRDEBUG */ 64 /* #define TRAPDEBUG */ 65 /* #define USERTRACE */ 66 67 #include "opt_kgdb.h" 68 #include "opt_ptrace.h" 69 70 #include <sys/param.h> 71 #include <sys/systm.h> 72 #include <sys/kernel.h> 73 #include <sys/syscall.h> 74 #include <sys/syscallvar.h> 75 #include <sys/mutex.h> 76 #include <sys/ktrace.h> 77 #include <sys/proc.h> 78 #include <sys/signalvar.h> 79 #include <sys/acct.h> 80 #include <sys/signal.h> 81 #include <sys/device.h> 82 #include <sys/kauth.h> 83 #include <sys/kmem.h> 84 #include <sys/userret.h> 85 86 #include <net/netisr.h> 87 88 #ifdef KGDB 89 #include <sys/kgdb.h> 90 #endif 91 92 #include <uvm/uvm.h> 93 94 #include <machine/iomod.h> 95 #include <machine/cpufunc.h> 96 #include <machine/reg.h> 97 #include <machine/autoconf.h> 98 99 #include <machine/db_machdep.h> 100 101 #include <hppa/hppa/machdep.h> 102 103 #include <ddb/db_output.h> 104 #include <ddb/db_interface.h> 105 106 #ifdef PTRACE 107 void ss_clear_breakpoints(struct lwp *l); 108 int ss_put_value(struct lwp *, vaddr_t, u_int); 109 int ss_get_value(struct lwp *, vaddr_t, u_int *); 110 111 /* single-step breakpoint */ 112 #define SSBREAKPOINT (HPPA_BREAK_KERNEL | (HPPA_BREAK_SS << 13)) 113 114 #endif 115 116 #if defined(DEBUG) || defined(DIAGNOSTIC) 117 /* 118 * 0x6fc1000 is a stwm r1, d(sr0, sp), which is the last 119 * instruction in the function prologue that gcc -O0 uses. 120 * When we have this instruction we know the relationship 121 * between the stack pointer and the gcc -O0 frame pointer 122 * (in r3, loaded with the initial sp) for the body of a 123 * function. 124 * 125 * If the given instruction is a stwm r1, d(sr0, sp) where 126 * d > 0, we evaluate to d, else we evaluate to zero. 127 */ 128 #define STWM_R1_D_SR0_SP(inst) \ 129 (((inst) & 0xffffc001) == 0x6fc10000 ? (((inst) & 0x00003ff) >> 1) : 0) 130 #endif /* DEBUG || DIAGNOSTIC */ 131 132 const char *trap_type[] = { 133 "invalid", 134 "HPMC", 135 "power failure", 136 "recovery counter", 137 "external interrupt", 138 "LPMC", 139 "ITLB miss fault", 140 "instruction protection", 141 "Illegal instruction", 142 "break instruction", 143 "privileged operation", 144 "privileged register", 145 "overflow", 146 "conditional", 147 "assist exception", 148 "DTLB miss", 149 "ITLB non-access miss", 150 "DTLB non-access miss", 151 "data protection/rights/alignment", 152 "data break", 153 "TLB dirty", 154 "page reference", 155 "assist emulation", 156 "higher-priv transfer", 157 "lower-priv transfer", 158 "taken branch", 159 "data access rights", 160 "data protection", 161 "unaligned data ref", 162 }; 163 int trap_types = __arraycount(trap_type); 164 165 uint8_t fpopmap[] = { 166 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 167 0x00, 0x0c, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 174 }; 175 176 void pmap_hptdump(void); 177 void syscall(struct trapframe *, int *); 178 179 #if defined(DEBUG) 180 struct trapframe *sanity_frame; 181 struct lwp *sanity_lwp; 182 const char *sanity_string; 183 void frame_sanity_check(const char *, int, int, struct trapframe *, 184 struct lwp *); 185 #endif 186 187 188 #ifdef USERTRACE 189 /* 190 * USERTRACE is a crude facility that traces the PC of a single user process. 191 * This tracing is normally activated by the dispatching of a certain syscall 192 * with certain arguments - see the activation code in syscall(). 193 */ 194 static void user_backtrace(struct trapframe *, struct lwp *, int); 195 static void user_backtrace_raw(u_int, u_int); 196 197 u_int rctr_next_iioq; 198 #endif 199 200 static inline void 201 userret(struct lwp *l, struct trapframe *tf) 202 { 203 struct proc *p = l->l_proc; 204 int oticks = 0; /* XXX why zero? */ 205 206 do { 207 l->l_md.md_astpending = 0; 208 //curcpu()->ci_data.cpu_nast++; 209 mi_userret(l); 210 } while (l->l_md.md_astpending); 211 212 /* 213 * If profiling, charge recent system time to the trapped pc. 214 */ 215 if (p->p_stflag & PST_PROFIL) { 216 extern int psratio; 217 218 addupc_task(l, tf->tf_iioq_head, 219 (int)(p->p_sticks - oticks) * psratio); 220 } 221 } 222 223 /* 224 * This handles some messy kernel debugger details. 225 * It dispatches into either kgdb or DDB, and knows 226 * about some special things to do, like skipping over 227 * break instructions and how to really set up for 228 * a single-step. 229 */ 230 #if defined(KGDB) || defined(DDB) 231 static int 232 trap_kdebug(int type, int code, struct trapframe *frame) 233 { 234 int handled; 235 u_int tf_iioq_head_old; 236 u_int tf_iioq_tail_old; 237 238 for (;;) { 239 240 /* This trap has not been handled. */ 241 handled = 0; 242 243 /* Remember the instruction offset queue. */ 244 tf_iioq_head_old = frame->tf_iioq_head; 245 tf_iioq_tail_old = frame->tf_iioq_tail; 246 247 #ifdef KGDB 248 /* Let KGDB handle it (if connected) */ 249 if (!handled) 250 handled = kgdb_trap(type, frame); 251 #endif 252 #ifdef DDB 253 /* Let DDB handle it. */ 254 if (!handled) 255 handled = kdb_trap(type, code, frame); 256 #endif 257 258 /* If this trap wasn't handled, return now. */ 259 if (!handled) 260 return(0); 261 262 /* 263 * If the instruction offset queue head changed, but the offset 264 * queue tail didn't, assume that the user wants to jump to the 265 * head offset, and adjust the tail accordingly. This should 266 * fix the kgdb `jump' command, and can help DDB users who `set' 267 * the offset head but forget the tail. 268 */ 269 if (frame->tf_iioq_head != tf_iioq_head_old && 270 frame->tf_iioq_tail == tf_iioq_tail_old) 271 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 272 273 /* 274 * This is some single-stepping support. If we're trying to 275 * step through a nullified instruction, just advance by hand 276 * and trap again. Otherwise, load the recovery counter with 277 * zero. 278 */ 279 if (frame->tf_ipsw & PSW_R) { 280 #ifdef TRAPDEBUG 281 printf("(single stepping at head 0x%x tail 0x%x)\n", 282 frame->tf_iioq_head, frame->tf_iioq_tail); 283 #endif 284 if (frame->tf_ipsw & PSW_N) { 285 #ifdef TRAPDEBUG 286 printf("(single stepping past nullified)\n"); 287 #endif 288 289 /* Advance the program counter. */ 290 frame->tf_iioq_head = frame->tf_iioq_tail; 291 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 292 293 /* Clear flags. */ 294 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 295 296 /* Simulate another trap. */ 297 type = T_RECOVERY; 298 continue; 299 } 300 frame->tf_rctr = 0; 301 } 302 303 /* We handled this trap. */ 304 return (1); 305 } 306 /* NOTREACHED */ 307 } 308 #else /* !KGDB && !DDB */ 309 #define trap_kdebug(t, c, f) (0) 310 #endif /* !KGDB && !DDB */ 311 312 #if defined(DEBUG) || defined(USERTRACE) 313 /* 314 * These functions give a crude usermode backtrace. They really only work when 315 * code has been compiled without optimization, as they assume a certain func- 316 * tion prologue sets up a frame pointer and stores the return pointer and arg- 317 * uments in it. 318 */ 319 static void 320 user_backtrace_raw(u_int pc, u_int fp) 321 { 322 int frame_number; 323 int arg_number; 324 uint32_t val; 325 326 for (frame_number = 0; 327 frame_number < 100 && pc > HPPA_PC_PRIV_MASK && fp; 328 frame_number++) { 329 330 printf("%3d: pc=%08x%s fp=0x%08x", frame_number, 331 pc & ~HPPA_PC_PRIV_MASK, USERMODE(pc) ? " " : "**", fp); 332 for (arg_number = 0; arg_number < 4; arg_number++) { 333 if (ufetch_32(HPPA_FRAME_CARG(arg_number, fp), 334 &val) == 0) { 335 printf(" arg%d=0x%08x", arg_number, val); 336 } else { 337 printf(" arg%d=<bad address>", arg_number); 338 } 339 } 340 printf("\n"); 341 if (ufetch_int((((uint32_t *) fp) - 5), &pc) != 0) { 342 printf(" ufetch for pc failed\n"); 343 break; 344 } 345 if (ufetch_int((((uint32_t *) fp) + 0), &fp) != 0) { 346 printf(" ufetch for fp failed\n"); 347 break; 348 } 349 } 350 printf(" backtrace stopped with pc %08x fp 0x%08x\n", pc, fp); 351 } 352 353 static void 354 user_backtrace(struct trapframe *tf, struct lwp *l, int type) 355 { 356 struct proc *p = l->l_proc; 357 u_int pc, fp, inst; 358 359 /* 360 * Display any trap type that we have. 361 */ 362 if (type >= 0) 363 printf("pid %d (%s) trap #%d\n", 364 p->p_pid, p->p_comm, type & ~T_USER); 365 366 /* 367 * Assuming that the frame pointer in r3 is valid, 368 * dump out a stack trace. 369 */ 370 fp = tf->tf_r3; 371 printf("pid %d (%s) backtrace, starting with fp 0x%08x\n", 372 p->p_pid, p->p_comm, fp); 373 user_backtrace_raw(tf->tf_iioq_head, fp); 374 375 /* 376 * In case the frame pointer in r3 is not valid, assuming the stack 377 * pointer is valid and the faulting function is a non-leaf, if we can 378 * find its prologue we can recover its frame pointer. 379 */ 380 pc = tf->tf_iioq_head; 381 fp = tf->tf_sp - HPPA_FRAME_SIZE; 382 printf("pid %d (%s) backtrace, starting with sp 0x%08x pc 0x%08x\n", 383 p->p_pid, p->p_comm, tf->tf_sp, pc); 384 for (pc &= ~HPPA_PC_PRIV_MASK; pc > 0; pc -= sizeof(inst)) { 385 if (ufetch_int((u_int *) pc, &inst) != 0) { 386 printf(" ufetch for inst at pc %08x failed\n", pc); 387 break; 388 } 389 /* Check for the prologue instruction that sets sp. */ 390 if (STWM_R1_D_SR0_SP(inst)) { 391 fp = tf->tf_sp - STWM_R1_D_SR0_SP(inst); 392 printf(" sp from fp at pc %08x: %08x\n", pc, inst); 393 break; 394 } 395 } 396 user_backtrace_raw(tf->tf_iioq_head, fp); 397 } 398 #endif /* DEBUG || USERTRACE */ 399 400 #ifdef DEBUG 401 /* 402 * This sanity-checks a trapframe. It is full of various assumptions about 403 * what a healthy CPU state should be, with some documented elsewhere, some not. 404 */ 405 void 406 frame_sanity_check(const char *func, int line, int type, struct trapframe *tf, 407 struct lwp *l) 408 { 409 #if 0 410 extern int kernel_text; 411 extern int etext; 412 #endif 413 struct cpu_info *ci = curcpu(); 414 415 #define SANITY(e) \ 416 do { \ 417 if (sanity_frame == NULL && !(e)) { \ 418 sanity_frame = tf; \ 419 sanity_lwp = l; \ 420 sanity_string = #e; \ 421 } \ 422 } while (/* CONSTCOND */ 0) 423 424 KASSERT(l != NULL); 425 SANITY((tf->tf_ipsw & ci->ci_psw) == ci->ci_psw); 426 SANITY((ci->ci_psw & PSW_I) == 0 || tf->tf_eiem != 0); 427 if (tf->tf_iisq_head == HPPA_SID_KERNEL) { 428 vaddr_t minsp, maxsp, uv; 429 430 uv = uvm_lwp_getuarea(l); 431 432 /* 433 * If the trap happened in the gateway page, we take the easy 434 * way out and assume that the trapframe is okay. 435 */ 436 if ((tf->tf_iioq_head & ~PAGE_MASK) == SYSCALLGATE) 437 goto out; 438 439 SANITY(!USERMODE(tf->tf_iioq_head)); 440 SANITY(!USERMODE(tf->tf_iioq_tail)); 441 442 /* 443 * Don't check the instruction queues or stack on interrupts 444 * as we could be in the sti code (outside normal kernel 445 * text) or switching LWPs (curlwp and sp are not in sync) 446 */ 447 if ((type & ~T_USER) == T_INTERRUPT) 448 goto out; 449 #if 0 450 SANITY(tf->tf_iioq_head >= (u_int) &kernel_text); 451 SANITY(tf->tf_iioq_head < (u_int) &etext); 452 SANITY(tf->tf_iioq_tail >= (u_int) &kernel_text); 453 SANITY(tf->tf_iioq_tail < (u_int) &etext); 454 #endif 455 456 maxsp = uv + USPACE + PAGE_SIZE; 457 minsp = uv + PAGE_SIZE; 458 459 SANITY(tf->tf_sp >= minsp && tf->tf_sp < maxsp); 460 } else { 461 struct pcb *pcb = lwp_getpcb(l); 462 463 SANITY(USERMODE(tf->tf_iioq_head)); 464 SANITY(USERMODE(tf->tf_iioq_tail)); 465 SANITY(tf->tf_cr30 == (u_int)pcb->pcb_fpregs); 466 } 467 #undef SANITY 468 out: 469 if (sanity_frame == tf) { 470 printf("insanity: '%s' at %s:%d type 0x%x tf %p lwp %p " 471 "sp 0x%x pc 0x%x\n", 472 sanity_string, func, line, type, sanity_frame, sanity_lwp, 473 tf->tf_sp, tf->tf_iioq_head); 474 (void) trap_kdebug(T_IBREAK, 0, tf); 475 sanity_frame = NULL; 476 sanity_lwp = NULL; 477 } 478 } 479 #endif /* DEBUG */ 480 481 void 482 trap(int type, struct trapframe *frame) 483 { 484 struct lwp *l; 485 struct proc *p; 486 struct pcb *pcb; 487 vaddr_t va; 488 struct vm_map *map; 489 struct vmspace *vm; 490 vm_prot_t vftype; 491 pa_space_t space; 492 ksiginfo_t ksi; 493 u_int opcode, onfault; 494 int ret; 495 const char *tts = "reserved"; 496 int trapnum; 497 #ifdef DIAGNOSTIC 498 extern int emergency_stack_start, emergency_stack_end; 499 struct cpu_info *ci = curcpu(); 500 int oldcpl = ci->ci_cpl; 501 #endif 502 503 trapnum = type & ~T_USER; 504 opcode = frame->tf_iir; 505 506 if (trapnum <= T_EXCEPTION || trapnum == T_HIGHERPL || 507 trapnum == T_LOWERPL || trapnum == T_TAKENBR || 508 trapnum == T_IDEBUG || trapnum == T_PERFMON) { 509 va = frame->tf_iioq_head; 510 space = frame->tf_iisq_head; 511 vftype = VM_PROT_EXECUTE; 512 } else { 513 va = frame->tf_ior; 514 space = frame->tf_isr; 515 vftype = inst_store(opcode) ? VM_PROT_WRITE : VM_PROT_READ; 516 } 517 518 KASSERT(curlwp != NULL); 519 l = curlwp; 520 p = l->l_proc; 521 if ((type & T_USER) != 0) 522 LWP_CACHE_CREDS(l, p); 523 524 #ifdef DIAGNOSTIC 525 /* 526 * If we are on the emergency stack, then we either got 527 * a fault on the kernel stack, or we're just handling 528 * a trap for the machine check handler (which also 529 * runs on the emergency stack). 530 * 531 * We *very crudely* differentiate between the two cases 532 * by checking the faulting instruction: if it is the 533 * function prologue instruction that stores the old 534 * frame pointer and updates the stack pointer, we assume 535 * that we faulted on the kernel stack. 536 * 537 * In this case, not completing that instruction will 538 * probably confuse backtraces in kgdb/ddb. Completing 539 * it would be difficult, because we already faulted on 540 * that part of the stack, so instead we fix up the 541 * frame as if the function called has just returned. 542 * This has peculiar knowledge about what values are in 543 * what registers during the "normal gcc -g" prologue. 544 */ 545 if (&type >= &emergency_stack_start && 546 &type < &emergency_stack_end && 547 type != T_IBREAK && STWM_R1_D_SR0_SP(opcode)) { 548 /* Restore the caller's frame pointer. */ 549 frame->tf_r3 = frame->tf_r1; 550 /* Restore the caller's instruction offsets. */ 551 frame->tf_iioq_head = frame->tf_rp; 552 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 553 goto dead_end; 554 } 555 #endif /* DIAGNOSTIC */ 556 557 #ifdef DEBUG 558 frame_sanity_check(__func__, __LINE__, type, frame, l); 559 #endif /* DEBUG */ 560 561 if (frame->tf_flags & TFF_LAST) 562 l->l_md.md_regs = frame; 563 564 if (trapnum <= trap_types) 565 tts = trap_type[trapnum]; 566 567 #ifdef TRAPDEBUG 568 if (trapnum != T_INTERRUPT && trapnum != T_IBREAK) 569 printf("trap: %d, %s for %x:%lx at %x:%x, fp=%p, rp=%x\n", 570 type, tts, space, va, frame->tf_iisq_head, 571 frame->tf_iioq_head, frame, frame->tf_rp); 572 else if (trapnum == T_IBREAK) 573 printf("trap: break instruction %x:%x at %x:%x, fp=%p\n", 574 break5(opcode), break13(opcode), 575 frame->tf_iisq_head, frame->tf_iioq_head, frame); 576 577 { 578 extern int etext; 579 if (frame < (struct trapframe *)&etext) { 580 printf("trap: bogus frame ptr %p\n", frame); 581 goto dead_end; 582 } 583 } 584 #endif 585 586 pcb = lwp_getpcb(l); 587 588 /* If this is a trap, not an interrupt, reenable interrupts. */ 589 if (trapnum != T_INTERRUPT) { 590 curcpu()->ci_data.cpu_ntrap++; 591 mtctl(frame->tf_eiem, CR_EIEM); 592 } 593 594 switch (type) { 595 case T_NONEXIST: 596 case T_NONEXIST | T_USER: 597 #if !defined(DDB) && !defined(KGDB) 598 /* we've got screwed up by the central scrutinizer */ 599 panic ("trap: elvis has just left the building!"); 600 break; 601 #else 602 goto dead_end; 603 #endif 604 case T_RECOVERY | T_USER: 605 #ifdef USERTRACE 606 for (;;) { 607 if (frame->tf_iioq_head != rctr_next_iioq) 608 printf("-%08x\nr %08x", 609 rctr_next_iioq - 4, 610 frame->tf_iioq_head); 611 rctr_next_iioq = frame->tf_iioq_head + 4; 612 if (frame->tf_ipsw & PSW_N) { 613 /* Advance the program counter. */ 614 frame->tf_iioq_head = frame->tf_iioq_tail; 615 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 616 /* Clear flags. */ 617 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 618 /* Simulate another trap. */ 619 continue; 620 } 621 break; 622 } 623 frame->tf_rctr = 0; 624 break; 625 #endif /* USERTRACE */ 626 case T_RECOVERY: 627 #if !defined(DDB) && !defined(KGDB) 628 /* XXX will implement later */ 629 printf ("trap: handicapped"); 630 break; 631 #else 632 goto dead_end; 633 #endif 634 635 case T_EMULATION | T_USER: 636 hppa_fpu_emulate(frame, l, opcode); 637 break; 638 639 case T_DATALIGN: 640 onfault = pcb->pcb_onfault; 641 if (onfault) { 642 ret = EFAULT; 643 do_onfault: 644 frame->tf_iioq_head = onfault; 645 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 646 frame->tf_ret0 = ret; 647 break; 648 } 649 /*FALLTHROUGH*/ 650 651 #ifdef DIAGNOSTIC 652 /* these just can't happen ever */ 653 case T_PRIV_OP: 654 case T_PRIV_REG: 655 /* these just can't make it to the trap() ever */ 656 case T_HPMC: 657 case T_HPMC | T_USER: 658 case T_EMULATION: 659 case T_EXCEPTION: 660 #endif 661 case T_IBREAK: 662 case T_DBREAK: 663 dead_end: 664 if (type & T_USER) { 665 #ifdef DEBUG 666 user_backtrace(frame, l, type); 667 #endif 668 KSI_INIT_TRAP(&ksi); 669 ksi.ksi_signo = SIGILL; 670 ksi.ksi_code = ILL_ILLTRP; 671 ksi.ksi_trap = type; 672 ksi.ksi_addr = (void *)frame->tf_iioq_head; 673 trapsignal(l, &ksi); 674 break; 675 } 676 if (trap_kdebug(type, va, frame)) 677 return; 678 else if (type == T_DATALIGN) 679 panic ("trap: %s at 0x%x", tts, (u_int) va); 680 else 681 panic ("trap: no debugger for \"%s\" (%d)", tts, type); 682 break; 683 684 case T_IBREAK | T_USER: 685 case T_DBREAK | T_USER: 686 KSI_INIT_TRAP(&ksi); 687 ksi.ksi_signo = SIGTRAP; 688 ksi.ksi_code = TRAP_TRACE; 689 ksi.ksi_trap = trapnum; 690 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 691 #ifdef PTRACE 692 ss_clear_breakpoints(l); 693 if (opcode == SSBREAKPOINT) 694 ksi.ksi_code = TRAP_BRKPT; 695 #endif 696 /* pass to user debugger */ 697 trapsignal(l, &ksi); 698 break; 699 700 #ifdef PTRACE 701 case T_TAKENBR | T_USER: 702 ss_clear_breakpoints(l); 703 704 KSI_INIT_TRAP(&ksi); 705 ksi.ksi_signo = SIGTRAP; 706 ksi.ksi_code = TRAP_TRACE; 707 ksi.ksi_trap = trapnum; 708 ksi.ksi_addr = (void *)(frame->tf_iioq_head & ~HPPA_PC_PRIV_MASK); 709 710 /* pass to user debugger */ 711 trapsignal(l, &ksi); 712 break; 713 #endif 714 715 case T_EXCEPTION | T_USER: { /* co-proc assist trap */ 716 uint64_t *fpp; 717 uint32_t *pex, ex, inst; 718 int i; 719 720 hppa_fpu_flush(l); 721 fpp = (uint64_t *)pcb->pcb_fpregs; 722 723 /* skip the status register */ 724 pex = (uint32_t *)&fpp[0]; 725 pex++; 726 727 /* loop through the exception registers */ 728 for (i = 1; i < 8 && !*pex; i++, pex++) 729 ; 730 KASSERT(i < 8); 731 ex = *pex; 732 *pex = 0; 733 734 /* reset the trap flag, as if there was none */ 735 fpp[0] &= ~(((uint64_t)HPPA_FPU_T) << 32); 736 737 /* emulate the instruction */ 738 inst = ((uint32_t)fpopmap[ex >> 26] << 26) | (ex & 0x03ffffff); 739 hppa_fpu_emulate(frame, l, inst); 740 } 741 break; 742 743 case T_OVERFLOW | T_USER: 744 KSI_INIT_TRAP(&ksi); 745 ksi.ksi_signo = SIGFPE; 746 ksi.ksi_code = SI_NOINFO; 747 ksi.ksi_trap = type; 748 ksi.ksi_addr = (void *)va; 749 trapsignal(l, &ksi); 750 break; 751 752 case T_CONDITION | T_USER: 753 KSI_INIT_TRAP(&ksi); 754 ksi.ksi_signo = SIGFPE; 755 ksi.ksi_code = FPE_INTDIV; 756 ksi.ksi_trap = type; 757 ksi.ksi_addr = (void *)va; 758 trapsignal(l, &ksi); 759 break; 760 761 case T_ILLEGAL | T_USER: 762 #ifdef DEBUG 763 user_backtrace(frame, l, type); 764 #endif 765 KSI_INIT_TRAP(&ksi); 766 ksi.ksi_signo = SIGILL; 767 ksi.ksi_code = ILL_ILLOPC; 768 ksi.ksi_trap = type; 769 ksi.ksi_addr = (void *)va; 770 trapsignal(l, &ksi); 771 break; 772 773 case T_PRIV_OP | T_USER: 774 #ifdef DEBUG 775 user_backtrace(frame, l, type); 776 #endif 777 KSI_INIT_TRAP(&ksi); 778 ksi.ksi_signo = SIGILL; 779 ksi.ksi_code = ILL_PRVOPC; 780 ksi.ksi_trap = type; 781 ksi.ksi_addr = (void *)va; 782 trapsignal(l, &ksi); 783 break; 784 785 case T_PRIV_REG | T_USER: 786 #ifdef DEBUG 787 user_backtrace(frame, l, type); 788 #endif 789 KSI_INIT_TRAP(&ksi); 790 ksi.ksi_signo = SIGILL; 791 ksi.ksi_code = ILL_PRVREG; 792 ksi.ksi_trap = type; 793 ksi.ksi_addr = (void *)va; 794 trapsignal(l, &ksi); 795 break; 796 797 /* these should never got here */ 798 case T_HIGHERPL | T_USER: 799 case T_LOWERPL | T_USER: 800 KSI_INIT_TRAP(&ksi); 801 ksi.ksi_signo = SIGSEGV; 802 ksi.ksi_code = SEGV_ACCERR; 803 ksi.ksi_trap = type; 804 ksi.ksi_addr = (void *)va; 805 trapsignal(l, &ksi); 806 break; 807 808 case T_IPROT | T_USER: 809 case T_DPROT | T_USER: 810 KSI_INIT_TRAP(&ksi); 811 ksi.ksi_signo = SIGSEGV; 812 ksi.ksi_code = SEGV_ACCERR; 813 ksi.ksi_trap = type; 814 ksi.ksi_addr = (void *)va; 815 trapsignal(l, &ksi); 816 break; 817 818 case T_DATACC: case T_USER | T_DATACC: 819 case T_ITLBMISS: case T_USER | T_ITLBMISS: 820 case T_DTLBMISS: case T_USER | T_DTLBMISS: 821 case T_ITLBMISSNA: case T_USER | T_ITLBMISSNA: 822 case T_DTLBMISSNA: case T_USER | T_DTLBMISSNA: 823 case T_TLB_DIRTY: case T_USER | T_TLB_DIRTY: 824 vm = p->p_vmspace; 825 826 if (!vm) { 827 #ifdef TRAPDEBUG 828 printf("trap: no vm, p=%p\n", p); 829 #endif 830 goto dead_end; 831 } 832 833 /* 834 * it could be a kernel map for exec_map faults 835 */ 836 if (!(type & T_USER) && space == HPPA_SID_KERNEL) 837 map = kernel_map; 838 else { 839 map = &vm->vm_map; 840 } 841 842 va = trunc_page(va); 843 844 if (map->pmap->pm_space != space) { 845 #ifdef TRAPDEBUG 846 printf("trap: space mismatch %d != %d\n", 847 space, map->pmap->pm_space); 848 #endif 849 /* actually dump the user, crap the kernel */ 850 goto dead_end; 851 } 852 853 /* Never call uvm_fault in interrupt context. */ 854 KASSERT(curcpu()->ci_intr_depth == 0); 855 856 onfault = pcb->pcb_onfault; 857 pcb->pcb_onfault = 0; 858 ret = uvm_fault(map, va, vftype); 859 pcb->pcb_onfault = onfault; 860 861 #ifdef TRAPDEBUG 862 printf("uvm_fault(%p, %x, %d)=%d\n", 863 map, (u_int)va, vftype, ret); 864 #endif 865 866 /* 867 * If this was a stack access we keep track of the maximum 868 * accessed stack size. Also, if uvm_fault gets a protection 869 * failure it is due to accessing the stack region outside 870 * the current limit and we need to reflect that as an access 871 * error. 872 */ 873 if (map != kernel_map && va >= (vaddr_t)vm->vm_minsaddr) { 874 if (ret == 0) 875 uvm_grow(l->l_proc, va); 876 else if (ret == EACCES) 877 ret = EFAULT; 878 } 879 880 if (ret != 0) { 881 if (type & T_USER) { 882 #ifdef DEBUG 883 user_backtrace(frame, l, type); 884 #endif 885 KSI_INIT_TRAP(&ksi); 886 switch (ret) { 887 case EACCES: 888 ksi.ksi_signo = SIGSEGV; 889 ksi.ksi_code = SEGV_ACCERR; 890 break; 891 case ENOMEM: 892 ksi.ksi_signo = SIGKILL; 893 printf("UVM: pid %d (%s), uid %d " 894 "killed: out of swap\n", 895 p->p_pid, p->p_comm, 896 l->l_cred ? 897 kauth_cred_geteuid(l->l_cred) 898 : -1); 899 break; 900 case EINVAL: 901 ksi.ksi_signo = SIGBUS; 902 ksi.ksi_code = BUS_ADRERR; 903 break; 904 default: 905 ksi.ksi_signo = SIGSEGV; 906 ksi.ksi_code = SEGV_MAPERR; 907 break; 908 } 909 ksi.ksi_trap = type; 910 ksi.ksi_addr = (void *)va; 911 trapsignal(l, &ksi); 912 } else { 913 if (onfault) { 914 goto do_onfault; 915 } 916 panic("trap: uvm_fault(%p, %lx, %d): %d", 917 map, va, vftype, ret); 918 } 919 } 920 break; 921 922 case T_DATALIGN | T_USER: 923 #ifdef DEBUG 924 user_backtrace(frame, l, type); 925 #endif 926 KSI_INIT_TRAP(&ksi); 927 ksi.ksi_signo = SIGBUS; 928 ksi.ksi_code = BUS_ADRALN; 929 ksi.ksi_trap = type; 930 ksi.ksi_addr = (void *)va; 931 trapsignal(l, &ksi); 932 break; 933 934 case T_INTERRUPT: 935 case T_INTERRUPT | T_USER: 936 hppa_intr(frame); 937 mtctl(frame->tf_eiem, CR_EIEM); 938 break; 939 940 case T_LOWERPL: 941 case T_DPROT: 942 case T_IPROT: 943 case T_OVERFLOW: 944 case T_CONDITION: 945 case T_ILLEGAL: 946 case T_HIGHERPL: 947 case T_TAKENBR: 948 case T_POWERFAIL: 949 case T_LPMC: 950 case T_PAGEREF: 951 case T_DATAPID: case T_DATAPID | T_USER: 952 if (0 /* T-chip */) { 953 break; 954 } 955 /* FALLTHROUGH to unimplemented */ 956 default: 957 panic ("trap: unimplemented \'%s\' (%d)", tts, type); 958 } 959 960 #ifdef DIAGNOSTIC 961 if (ci->ci_cpl != oldcpl) 962 printf("WARNING: SPL (%d) NOT LOWERED ON TRAP (%d) EXIT\n", 963 ci->ci_cpl, trapnum); 964 #endif 965 966 if (type & T_USER) 967 userret(l, l->l_md.md_regs); 968 969 #ifdef DEBUG 970 frame_sanity_check(__func__, __LINE__, type, frame, l); 971 if (frame->tf_flags & TFF_LAST && (curlwp->l_flag & LW_IDLE) == 0) 972 frame_sanity_check(__func__, __LINE__, type, 973 curlwp->l_md.md_regs, curlwp); 974 #endif /* DEBUG */ 975 } 976 977 void 978 md_child_return(struct lwp *l) 979 { 980 /* 981 * Return values in the frame set by cpu_lwp_fork(). 982 */ 983 984 userret(l, l->l_md.md_regs); 985 #ifdef DEBUG 986 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 987 #endif /* DEBUG */ 988 } 989 990 /* 991 * Process the tail end of a posix_spawn() for the child. 992 */ 993 void 994 cpu_spawn_return(struct lwp *l) 995 { 996 997 userret(l, l->l_md.md_regs); 998 #ifdef DEBUG 999 frame_sanity_check(__func__, __LINE__, 0, l->l_md.md_regs, l); 1000 #endif /* DEBUG */ 1001 } 1002 1003 #ifdef PTRACE 1004 1005 #include <sys/ptrace.h> 1006 1007 int 1008 ss_get_value(struct lwp *l, vaddr_t addr, u_int *value) 1009 { 1010 struct uio uio; 1011 struct iovec iov; 1012 1013 iov.iov_base = (void *)value; 1014 iov.iov_len = sizeof(u_int); 1015 uio.uio_iov = &iov; 1016 uio.uio_iovcnt = 1; 1017 uio.uio_offset = (off_t)addr; 1018 uio.uio_resid = sizeof(u_int); 1019 uio.uio_rw = UIO_READ; 1020 UIO_SETUP_SYSSPACE(&uio); 1021 1022 return (process_domem(curlwp, l, &uio)); 1023 } 1024 1025 int 1026 ss_put_value(struct lwp *l, vaddr_t addr, u_int value) 1027 { 1028 struct uio uio; 1029 struct iovec iov; 1030 1031 iov.iov_base = (void *)&value; 1032 iov.iov_len = sizeof(u_int); 1033 uio.uio_iov = &iov; 1034 uio.uio_iovcnt = 1; 1035 uio.uio_offset = (off_t)addr; 1036 uio.uio_resid = sizeof(u_int); 1037 uio.uio_rw = UIO_WRITE; 1038 UIO_SETUP_SYSSPACE(&uio); 1039 1040 return (process_domem(curlwp, l, &uio)); 1041 } 1042 1043 void 1044 ss_clear_breakpoints(struct lwp *l) 1045 { 1046 /* Restore original instructions. */ 1047 if (l->l_md.md_bpva != 0) { 1048 ss_put_value(l, l->l_md.md_bpva, l->l_md.md_bpsave[0]); 1049 ss_put_value(l, l->l_md.md_bpva + 4, l->l_md.md_bpsave[1]); 1050 l->l_md.md_bpva = 0; 1051 } 1052 } 1053 1054 1055 int 1056 process_sstep(struct lwp *l, int sstep) 1057 { 1058 struct trapframe *tf = l->l_md.md_regs; 1059 int error; 1060 1061 ss_clear_breakpoints(l); 1062 1063 /* We're continuing... */ 1064 if (sstep == 0) { 1065 tf->tf_ipsw &= ~PSW_T; 1066 return 0; 1067 } 1068 1069 /* 1070 * Don't touch the syscall gateway page. Instead, insert a 1071 * breakpoint where we're supposed to return. 1072 */ 1073 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1074 l->l_md.md_bpva = tf->tf_r31 & ~HPPA_PC_PRIV_MASK; 1075 else 1076 l->l_md.md_bpva = tf->tf_iioq_tail & ~HPPA_PC_PRIV_MASK; 1077 1078 error = ss_get_value(l, l->l_md.md_bpva, &l->l_md.md_bpsave[0]); 1079 if (error) 1080 return error; 1081 error = ss_get_value(l, l->l_md.md_bpva + 4, &l->l_md.md_bpsave[1]); 1082 if (error) 1083 return error; 1084 1085 error = ss_put_value(l, l->l_md.md_bpva, SSBREAKPOINT); 1086 if (error) 1087 return error; 1088 error = ss_put_value(l, l->l_md.md_bpva + 4, SSBREAKPOINT); 1089 if (error) 1090 return error; 1091 1092 if ((tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) 1093 tf->tf_ipsw &= ~PSW_T; 1094 else 1095 tf->tf_ipsw |= PSW_T; 1096 1097 return 0; 1098 } 1099 #endif 1100 1101 1102 /* 1103 * call actual syscall routine 1104 * from the low-level syscall handler: 1105 * - all HPPA_FRAME_NARGS syscall's arguments supposed to be copied onto 1106 * our stack, this wins compared to copyin just needed amount anyway 1107 * - register args are copied onto stack too 1108 */ 1109 void 1110 syscall(struct trapframe *frame, int *args) 1111 { 1112 struct lwp *l; 1113 struct proc *p; 1114 const struct sysent *callp; 1115 size_t nargs64; 1116 int nsys, code, error; 1117 int tmp; 1118 int rval[2]; 1119 #ifdef DIAGNOSTIC 1120 struct cpu_info *ci = curcpu(); 1121 int oldcpl = ci->ci_cpl; 1122 #endif 1123 1124 curcpu()->ci_data.cpu_nsyscall++; 1125 1126 #ifdef DEBUG 1127 frame_sanity_check(__func__, __LINE__, 0, frame, curlwp); 1128 #endif /* DEBUG */ 1129 1130 if (!USERMODE(frame->tf_iioq_head)) 1131 panic("syscall"); 1132 1133 KASSERT(curlwp != NULL); 1134 l = curlwp; 1135 p = l->l_proc; 1136 l->l_md.md_regs = frame; 1137 nsys = p->p_emul->e_nsysent; 1138 callp = p->p_emul->e_sysent; 1139 code = frame->tf_t1; 1140 LWP_CACHE_CREDS(l, p); 1141 1142 /* 1143 * Restarting a system call is touchy on the HPPA, because syscall 1144 * arguments are passed in registers and the program counter of the 1145 * syscall "point" isn't easily divined. 1146 * 1147 * We handle the first problem by assuming that we will have to restart 1148 * this system call, so we stuff the first four words of the original 1149 * arguments back into the frame as arg0...arg3, which is where we 1150 * found them in the first place. Any further arguments are (still) on 1151 * the user's stack and the syscall code will fetch them from there 1152 * (again). 1153 * 1154 * The program counter problem is addressed below. 1155 */ 1156 frame->tf_arg0 = args[0]; 1157 frame->tf_arg1 = args[1]; 1158 frame->tf_arg2 = args[2]; 1159 frame->tf_arg3 = args[3]; 1160 1161 /* 1162 * Some special handling for the syscall(2) and 1163 * __syscall(2) system calls. 1164 */ 1165 switch (code) { 1166 case SYS_syscall: 1167 code = *args; 1168 args += 1; 1169 break; 1170 case SYS___syscall: 1171 if (callp != sysent) 1172 break; 1173 /* 1174 * NB: even though __syscall(2) takes a quad_t containing the 1175 * system call number, because our argument copying word-swaps 1176 * 64-bit arguments, the least significant word of that quad_t 1177 * is the first word in the argument array. 1178 */ 1179 code = *args; 1180 args += 2; 1181 } 1182 1183 /* 1184 * Stacks growing from lower addresses to higher addresses are not 1185 * really such a good idea, because it makes it impossible to overlay a 1186 * struct on top of C stack arguments (the arguments appear in 1187 * reversed order). 1188 * 1189 * You can do the obvious thing (as locore.S does) and copy argument 1190 * words one by one, laying them out in the "right" order in the dest- 1191 * ination buffer, but this ends up word-swapping multi-word arguments 1192 * (like off_t). 1193 * 1194 * FIXME - this works only on native binaries and 1195 * will probably screw up any and all emulation. 1196 * 1197 */ 1198 1199 if (code < 0 || code >= nsys) 1200 callp += p->p_emul->e_nosys; /* bad syscall # */ 1201 else 1202 callp += code; 1203 1204 nargs64 = SYCALL_NARGS64(callp); 1205 if (nargs64 != 0) { 1206 size_t nargs = callp->sy_narg; 1207 1208 for (size_t i = 0; i < nargs + nargs64;) { 1209 if (SYCALL_ARG_64_P(callp, i)) { 1210 tmp = args[i]; 1211 args[i] = args[i + 1]; 1212 args[i + 1] = tmp; 1213 i += 2; 1214 } else 1215 i++; 1216 } 1217 } 1218 1219 #ifdef USERTRACE 1220 if (0) { 1221 user_backtrace(frame, l, -1); 1222 frame->tf_ipsw |= PSW_R; 1223 frame->tf_rctr = 0; 1224 printf("r %08x", frame->tf_iioq_head); 1225 rctr_next_iioq = frame->tf_iioq_head + 4; 1226 } 1227 #endif 1228 1229 error = sy_invoke(callp, l, args, rval, code); 1230 1231 switch (error) { 1232 case 0: 1233 l = curlwp; /* changes on exec() */ 1234 frame = l->l_md.md_regs; 1235 frame->tf_ret0 = rval[0]; 1236 frame->tf_ret1 = rval[1]; 1237 frame->tf_t1 = 0; 1238 break; 1239 case ERESTART: 1240 /* 1241 * Now we have to wind back the instruction offset queue to the 1242 * point where the system call will be made again. This is 1243 * inherently tied to the SYSCALL macro. 1244 * 1245 * Currently, the part of the SYSCALL macro that we want to re- 1246 * run reads as: 1247 * 1248 * ldil L%SYSCALLGATE, r1 1249 * ble 4(srX, r1) 1250 * ldi __CONCAT(SYS_,x), t1 1251 * comb,<> %r0, %t1, __cerror 1252 * 1253 * And our offset queue head points to the comb instruction. 1254 * So we need to subtract twelve to reach the ldil. 1255 */ 1256 frame->tf_iioq_head -= 12; 1257 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 1258 break; 1259 case EJUSTRETURN: 1260 p = curproc; 1261 break; 1262 default: 1263 if (p->p_emul->e_errno) 1264 error = p->p_emul->e_errno[error]; 1265 frame->tf_t1 = error; 1266 break; 1267 } 1268 1269 userret(l, frame); 1270 1271 #ifdef DIAGNOSTIC 1272 if (ci->ci_cpl != oldcpl) { 1273 printf("WARNING: SPL (0x%x) NOT LOWERED ON " 1274 "syscall(0x%x, 0x%x, 0x%x, 0x%x...) EXIT, PID %d\n", 1275 ci->ci_cpl, code, args[0], args[1], args[2], p->p_pid); 1276 ci->ci_cpl = oldcpl; 1277 } 1278 #endif 1279 1280 #ifdef DEBUG 1281 frame_sanity_check(__func__, __LINE__, 0, frame, l); 1282 #endif /* DEBUG */ 1283 } 1284 1285 /* 1286 * Start a new LWP 1287 */ 1288 void 1289 startlwp(void *arg) 1290 { 1291 ucontext_t *uc = arg; 1292 lwp_t *l = curlwp; 1293 int error __diagused; 1294 1295 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags); 1296 KASSERT(error == 0); 1297 1298 kmem_free(uc, sizeof(ucontext_t)); 1299 userret(l, l->l_md.md_regs); 1300 } 1301
Indexes created Tue Sep 30 11:09:46 GMT 2025