trap.c revision 1.70
1 /* $NetBSD: trap.c,v 1.70 2010/01/16 13:29:47 skrll Exp $ */ 2 3 /*- 4 * Copyright (c) 2001, 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Matthew Fredette. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* $OpenBSD: trap.c,v 1.30 2001/09/19 20:50:56 mickey Exp $ */ 33 34 /* 35 * Copyright (c) 1998-2004 Michael Shalayeff 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 47 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 48 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 49 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 50 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 51 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 52 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 53 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 55 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 56 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 57 * THE POSSIBILITY OF SUCH DAMAGE. 58 */ 59 60 #include <sys/cdefs.h> 61 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.70 2010/01/16 13:29:47 skrll Exp $"); 62 63 /* #define INTRDEBUG */ 64 /* #define TRAPDEBUG */ 65 /* #define USERTRACE */ 66 67 #include "opt_kgdb.h" 68 #include "opt_ptrace.h" 69 #include "opt_sa.h" 70 71 #include <sys/param.h> 72 #include <sys/systm.h> 73 #include <sys/kernel.h> 74 #include <sys/syscall.h> 75 #include <sys/syscallvar.h> 76 #include <sys/sa.h> 77 #include <sys/savar.h> 78 #include <sys/mutex.h> 79 #include <sys/ktrace.h> 80 #include <sys/proc.h> 81 #include <sys/signalvar.h> 82 #include <sys/acct.h> 83 #include <sys/signal.h> 84 #include <sys/device.h> 85 #include <sys/pool.h> 86 #include <sys/userret.h> 87 88 #include <net/netisr.h> 89 90 #ifdef KGDB 91 #include <sys/kgdb.h> 92 #endif 93 94 #include <uvm/uvm.h> 95 96 #include <machine/iomod.h> 97 #include <machine/cpufunc.h> 98 #include <machine/reg.h> 99 #include <machine/autoconf.h> 100 101 #include <machine/db_machdep.h> 102 103 #include <hppa/hppa/machdep.h> 104 105 #include <ddb/db_output.h> 106 #include <ddb/db_interface.h> 107 108 #ifdef PTRACE 109 void ss_clear_breakpoints(struct lwp *l); 110 int ss_put_value(struct lwp *, vaddr_t, u_int); 111 int ss_get_value(struct lwp *, vaddr_t, u_int *); 112 #endif 113 114 /* single-step breakpoint */ 115 #define SSBREAKPOINT (HPPA_BREAK_KERNEL | (HPPA_BREAK_SS << 13)) 116 117 #if defined(DEBUG) || defined(DIAGNOSTIC) 118 /* 119 * 0x6fc1000 is a stwm r1, d(sr0, sp), which is the last 120 * instruction in the function prologue that gcc -O0 uses. 121 * When we have this instruction we know the relationship 122 * between the stack pointer and the gcc -O0 frame pointer 123 * (in r3, loaded with the initial sp) for the body of a 124 * function. 125 * 126 * If the given instruction is a stwm r1, d(sr0, sp) where 127 * d > 0, we evaluate to d, else we evaluate to zero. 128 */ 129 #define STWM_R1_D_SR0_SP(inst) \ 130 (((inst) & 0xffffc001) == 0x6fc10000 ? (((inst) & 0x00003ff) >> 1) : 0) 131 #endif /* DEBUG || DIAGNOSTIC */ 132 133 const char *trap_type[] = { 134 "invalid", 135 "HPMC", 136 "power failure", 137 "recovery counter", 138 "external interrupt", 139 "LPMC", 140 "ITLB miss fault", 141 "instruction protection", 142 "Illegal instruction", 143 "break instruction", 144 "privileged operation", 145 "privileged register", 146 "overflow", 147 "conditional", 148 "assist exception", 149 "DTLB miss", 150 "ITLB non-access miss", 151 "DTLB non-access miss", 152 "data protection/rights/alignment", 153 "data break", 154 "TLB dirty", 155 "page reference", 156 "assist emulation", 157 "higher-priv transfer", 158 "lower-priv transfer", 159 "taken branch", 160 "data access rights", 161 "data protection", 162 "unaligned data ref", 163 }; 164 int trap_types = sizeof(trap_type)/sizeof(trap_type[0]); 165 166 uint8_t fpopmap[] = { 167 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 168 0x00, 0x0c, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 171 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x00, 172 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 173 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 174 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 175 }; 176 177 volatile int astpending; 178 179 void pmap_hptdump(void); 180 void syscall(struct trapframe *, int *); 181 182 #if defined(DEBUG) 183 struct trapframe *sanity_frame; 184 struct lwp *sanity_lwp; 185 int sanity_checked = 0; 186 void frame_sanity_check(int, int, struct trapframe *, struct lwp *); 187 #endif 188 189 190 #ifdef USERTRACE 191 /* 192 * USERTRACE is a crude facility that traces the PC of 193 * a single user process. This tracing is normally 194 * activated by the dispatching of a certain syscall 195 * with certain arguments - see the activation code in 196 * syscall(). 197 */ 198 static void user_backtrace(struct trapframe *, struct lwp *, int); 199 static void user_backtrace_raw(u_int, u_int); 200 201 u_int rctr_next_iioq; 202 #endif 203 204 static inline void 205 userret(struct lwp *l, register_t pc, u_quad_t oticks) 206 { 207 struct proc *p = l->l_proc; 208 209 if (astpending) { 210 astpending = 0; 211 if (curcpu()->ci_want_resched) { 212 preempt(); 213 } 214 } 215 216 mi_userret(l); 217 218 /* 219 * If profiling, charge recent system time to the trapped pc. 220 */ 221 if (p->p_stflag & PST_PROFIL) { 222 extern int psratio; 223 224 addupc_task(l, pc, (int)(p->p_sticks - oticks) * psratio); 225 } 226 } 227 228 /* 229 * This handles some messy kernel debugger details. 230 * It dispatches into either kgdb or DDB, and knows 231 * about some special things to do, like skipping over 232 * break instructions and how to really set up for 233 * a single-step. 234 */ 235 #if defined(KGDB) || defined(DDB) 236 static int 237 trap_kdebug(int type, int code, struct trapframe *frame) 238 { 239 int handled; 240 u_int tf_iioq_head_old; 241 u_int tf_iioq_tail_old; 242 243 for(;;) { 244 245 /* This trap has not been handled. */ 246 handled = 0; 247 248 /* Remember the instruction offset queue. */ 249 tf_iioq_head_old = frame->tf_iioq_head; 250 tf_iioq_tail_old = frame->tf_iioq_tail; 251 252 #ifdef KGDB 253 /* Let KGDB handle it (if connected) */ 254 if (!handled) 255 handled = kgdb_trap(type, frame); 256 #endif 257 #ifdef DDB 258 /* Let DDB handle it. */ 259 if (!handled) 260 handled = kdb_trap(type, code, frame); 261 #endif 262 263 /* If this trap wasn't handled, return now. */ 264 if (!handled) 265 return(0); 266 267 /* 268 * If the instruction offset queue head changed, 269 * but the offset queue tail didn't, assume that 270 * the user wants to jump to the head offset, and 271 * adjust the tail accordingly. This should fix 272 * the kgdb `jump' command, and can help DDB users 273 * who `set' the offset head but forget the tail. 274 */ 275 if (frame->tf_iioq_head != tf_iioq_head_old && 276 frame->tf_iioq_tail == tf_iioq_tail_old) 277 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 278 279 /* 280 * This is some single-stepping support. 281 * If we're trying to step through a nullified 282 * instruction, just advance by hand and trap 283 * again. Otherwise, load the recovery counter 284 * with zero. 285 */ 286 if (frame->tf_ipsw & PSW_R) { 287 #ifdef TRAPDEBUG 288 printf("(single stepping at head 0x%x tail 0x%x)\n", 289 frame->tf_iioq_head, frame->tf_iioq_tail); 290 #endif 291 if (frame->tf_ipsw & PSW_N) { 292 #ifdef TRAPDEBUG 293 printf("(single stepping past nullified)\n"); 294 #endif 295 296 /* Advance the program counter. */ 297 frame->tf_iioq_head = frame->tf_iioq_tail; 298 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 299 300 /* Clear flags. */ 301 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 302 303 /* Simulate another trap. */ 304 type = T_RECOVERY; 305 continue; 306 } 307 frame->tf_rctr = 0; 308 } 309 310 /* We handled this trap. */ 311 return (1); 312 } 313 /* NOTREACHED */ 314 } 315 #else /* !KGDB && !DDB */ 316 #define trap_kdebug(t, c, f) (0) 317 #endif /* !KGDB && !DDB */ 318 319 #if defined(DEBUG) || defined(USERTRACE) 320 /* 321 * These functions give a crude usermode backtrace. They 322 * really only work when code has been compiled without 323 * optimization, as they assume a certain function prologue 324 * sets up a frame pointer and stores the return pointer 325 * and arguments in it. 326 */ 327 static void 328 user_backtrace_raw(u_int pc, u_int fp) 329 { 330 int frame_number; 331 int arg_number; 332 333 for (frame_number = 0; 334 frame_number < 100 && pc > HPPA_PC_PRIV_MASK && fp; 335 frame_number++) { 336 337 printf("%3d: pc=%08x%s fp=0x%08x", frame_number, 338 pc & ~HPPA_PC_PRIV_MASK, USERMODE(pc) ? " " : "**", fp); 339 for(arg_number = 0; arg_number < 4; arg_number++) 340 printf(" arg%d=0x%08x", arg_number, 341 (int) fuword(HPPA_FRAME_CARG(arg_number, fp))); 342 printf("\n"); 343 pc = fuword(((register_t *) fp) - 5); /* fetch rp */ 344 if (pc == -1) { 345 printf(" fuword for pc failed\n"); 346 break; 347 } 348 fp = fuword(((register_t *) fp) + 0); /* fetch previous fp */ 349 if (fp == -1) { 350 printf(" fuword for fp failed\n"); 351 break; 352 } 353 } 354 printf(" backtrace stopped with pc %08x fp 0x%08x\n", pc, fp); 355 } 356 357 static void 358 user_backtrace(struct trapframe *tf, struct lwp *l, int type) 359 { 360 struct proc *p = l->l_proc; 361 u_int pc, fp, inst; 362 363 /* 364 * Display any trap type that we have. 365 */ 366 if (type >= 0) 367 printf("pid %d (%s) trap #%d\n", 368 p->p_pid, p->p_comm, type & ~T_USER); 369 370 /* 371 * Assuming that the frame pointer in r3 is valid, 372 * dump out a stack trace. 373 */ 374 fp = tf->tf_r3; 375 printf("pid %d (%s) backtrace, starting with fp 0x%08x\n", 376 p->p_pid, p->p_comm, fp); 377 user_backtrace_raw(tf->tf_iioq_head, fp); 378 379 /* 380 * In case the frame pointer in r3 is not valid, 381 * assuming the stack pointer is valid and the 382 * faulting function is a non-leaf, if we can 383 * find its prologue we can recover its frame 384 * pointer. 385 */ 386 pc = tf->tf_iioq_head; 387 fp = tf->tf_sp - HPPA_FRAME_SIZE; 388 printf("pid %d (%s) backtrace, starting with sp 0x%08x pc 0x%08x\n", 389 p->p_pid, p->p_comm, tf->tf_sp, pc); 390 for (pc &= ~HPPA_PC_PRIV_MASK; pc > 0; pc -= sizeof(inst)) { 391 inst = fuword((register_t *) pc); 392 if (inst == -1) { 393 printf(" fuword for inst at pc %08x failed\n", pc); 394 break; 395 } 396 /* Check for the prologue instruction that sets sp. */ 397 if (STWM_R1_D_SR0_SP(inst)) { 398 fp = tf->tf_sp - STWM_R1_D_SR0_SP(inst); 399 printf(" sp from fp at pc %08x: %08x\n", pc, inst); 400 break; 401 } 402 } 403 user_backtrace_raw(tf->tf_iioq_head, fp); 404 } 405 #endif /* DEBUG || USERTRACE */ 406 407 #ifdef DEBUG 408 /* 409 * This sanity-checks a trapframe. It is full of various 410 * assumptions about what a healthy CPU state should be, 411 * with some documented elsewhere, some not. 412 */ 413 void 414 frame_sanity_check(int where, int type, struct trapframe *tf, struct lwp *l) 415 { 416 extern int kernel_text; 417 extern int etext; 418 extern register_t kpsw; 419 420 #define SANITY(e) \ 421 do { \ 422 if (sanity_frame == NULL && !(e)) { \ 423 sanity_frame = tf; \ 424 sanity_lwp = l; \ 425 sanity_checked = __LINE__; \ 426 } \ 427 } while (/* CONSTCOND */ 0) 428 429 SANITY((tf->tf_ipsw & kpsw) == kpsw); 430 SANITY((kpsw & PSW_I) == 0 || tf->tf_eiem != 0); 431 if (tf->tf_iisq_head == HPPA_SID_KERNEL) { 432 vaddr_t minsp, maxsp, uv; 433 434 uv = uvm_lwp_getuarea(l); 435 436 /* 437 * If the trap happened in the gateway 438 * page, we take the easy way out and 439 * assume that the trapframe is okay. 440 */ 441 if ((tf->tf_iioq_head & ~PAGE_MASK) == SYSCALLGATE) 442 goto out; 443 444 SANITY(!USERMODE(tf->tf_iioq_head)); 445 SANITY(!USERMODE(tf->tf_iioq_tail)); 446 447 /* 448 * Don't check the instruction queues or stack on interrupts 449 * as we could be be in the sti code (outside normal kernel 450 * text) or switching LWPs (curlwp and sp are not in sync) 451 */ 452 if ((type & ~T_USER) == T_INTERRUPT) 453 goto out; 454 455 SANITY(tf->tf_iioq_head >= (u_int) &kernel_text); 456 SANITY(tf->tf_iioq_head < (u_int) &etext); 457 SANITY(tf->tf_iioq_tail >= (u_int) &kernel_text); 458 SANITY(tf->tf_iioq_tail < (u_int) &etext); 459 460 maxsp = uv + USPACE + PAGE_SIZE; 461 minsp = uv + PAGE_SIZE; 462 463 SANITY(l != NULL || (tf->tf_sp >= minsp && tf->tf_sp < maxsp)); 464 } else { 465 SANITY(USERMODE(tf->tf_iioq_head)); 466 SANITY(USERMODE(tf->tf_iioq_tail)); 467 SANITY(l != NULL && 468 tf->tf_cr30 == kvtop((void *)uvm_lwp_getuarea(l))); 469 } 470 #undef SANITY 471 out: 472 if (sanity_frame == tf) { 473 printf("insanity: where 0x%x type 0x%x tf %p lwp %p line %d " 474 "sp 0x%x pc 0x%x\n", 475 where, type, sanity_frame, sanity_lwp, sanity_checked, 476 tf->tf_sp, tf->tf_iioq_head); 477 (void) trap_kdebug(T_IBREAK, 0, tf); 478 sanity_frame = NULL; 479 sanity_lwp = NULL; 480 sanity_checked = 0; 481 } 482 } 483 #endif /* DEBUG */ 484 485 void 486 trap(int type, struct trapframe *frame) 487 { 488 struct lwp *l; 489 struct proc *p; 490 struct pcb *pcb; 491 vaddr_t va; 492 struct vm_map *map; 493 struct vmspace *vm; 494 vm_prot_t vftype; 495 pa_space_t space; 496 ksiginfo_t ksi; 497 u_int opcode, onfault; 498 int ret; 499 const char *tts; 500 int trapnum; 501 #ifdef DIAGNOSTIC 502 extern int emergency_stack_start, emergency_stack_end; 503 int oldcpl = cpl; 504 #endif 505 506 trapnum = type & ~T_USER; 507 opcode = frame->tf_iir; 508 if (trapnum == T_ITLBMISS || trapnum == T_ITLBMISSNA || 509 trapnum == T_IBREAK || trapnum == T_TAKENBR) { 510 va = frame->tf_iioq_head; 511 space = frame->tf_iisq_head; 512 vftype = VM_PROT_EXECUTE; 513 } else { 514 va = frame->tf_ior; 515 space = frame->tf_isr; 516 vftype = inst_store(opcode) ? VM_PROT_WRITE : VM_PROT_READ; 517 } 518 519 KASSERT(curlwp != NULL); 520 l = curlwp; 521 p = l->l_proc; 522 if ((type & T_USER) != 0) 523 LWP_CACHE_CREDS(l, p); 524 525 tts = (trapnum > trap_types) ? "reserved" : trap_type[trapnum]; 526 527 #ifdef DIAGNOSTIC 528 /* 529 * If we are on the emergency stack, then we either got 530 * a fault on the kernel stack, or we're just handling 531 * a trap for the machine check handler (which also 532 * runs on the emergency stack). 533 * 534 * We *very crudely* differentiate between the two cases 535 * by checking the faulting instruction: if it is the 536 * function prologue instruction that stores the old 537 * frame pointer and updates the stack pointer, we assume 538 * that we faulted on the kernel stack. 539 * 540 * In this case, not completing that instruction will 541 * probably confuse backtraces in kgdb/ddb. Completing 542 * it would be difficult, because we already faulted on 543 * that part of the stack, so instead we fix up the 544 * frame as if the function called has just returned. 545 * This has peculiar knowledge about what values are in 546 * what registers during the "normal gcc -g" prologue. 547 */ 548 if (&type >= &emergency_stack_start && 549 &type < &emergency_stack_end && 550 type != T_IBREAK && STWM_R1_D_SR0_SP(opcode)) { 551 /* Restore the caller's frame pointer. */ 552 frame->tf_r3 = frame->tf_r1; 553 /* Restore the caller's instruction offsets. */ 554 frame->tf_iioq_head = frame->tf_rp; 555 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 556 goto dead_end; 557 } 558 #endif /* DIAGNOSTIC */ 559 560 #ifdef DEBUG 561 frame_sanity_check(0xdead01, type, frame, l); 562 #endif /* DEBUG */ 563 564 if (frame->tf_flags & TFF_LAST) 565 l->l_md.md_regs = frame; 566 567 #ifdef TRAPDEBUG 568 if (trapnum != T_INTERRUPT && trapnum != T_IBREAK) 569 printf("trap: %d, %s for %x:%x at %x:%x, fp=%p, rp=%x\n", 570 type, tts, space, (u_int)va, frame->tf_iisq_head, 571 frame->tf_iioq_head, frame, frame->tf_rp); 572 else if (trapnum == T_IBREAK) 573 printf("trap: break instruction %x:%x at %x:%x, fp=%p\n", 574 break5(opcode), break13(opcode), 575 frame->tf_iisq_head, frame->tf_iioq_head, frame); 576 577 { 578 extern int etext; 579 if (frame < (struct trapframe *)&etext) { 580 printf("trap: bogus frame ptr %p\n", frame); 581 goto dead_end; 582 } 583 } 584 #endif 585 pcb = lwp_getpcb(l); 586 587 /* If this is a trap, not an interrupt, reenable interrupts. */ 588 if (trapnum != T_INTERRUPT) { 589 uvmexp.traps++; 590 mtctl(frame->tf_eiem, CR_EIEM); 591 } 592 593 switch (type) { 594 case T_NONEXIST: 595 case T_NONEXIST|T_USER: 596 #if !defined(DDB) && !defined(KGDB) 597 /* we've got screwed up by the central scrutinizer */ 598 panic ("trap: elvis has just left the building!"); 599 break; 600 #else 601 goto dead_end; 602 #endif 603 case T_RECOVERY|T_USER: 604 #ifdef USERTRACE 605 for(;;) { 606 if (frame->tf_iioq_head != rctr_next_iioq) 607 printf("-%08x\nr %08x", 608 rctr_next_iioq - 4, 609 frame->tf_iioq_head); 610 rctr_next_iioq = frame->tf_iioq_head + 4; 611 if (frame->tf_ipsw & PSW_N) { 612 /* Advance the program counter. */ 613 frame->tf_iioq_head = frame->tf_iioq_tail; 614 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 615 /* Clear flags. */ 616 frame->tf_ipsw &= ~(PSW_N|PSW_X|PSW_Y|PSW_Z|PSW_B|PSW_T|PSW_H|PSW_L); 617 /* Simulate another trap. */ 618 continue; 619 } 620 break; 621 } 622 frame->tf_rctr = 0; 623 break; 624 #endif /* USERTRACE */ 625 case T_RECOVERY: 626 #if !defined(DDB) && !defined(KGDB) 627 /* XXX will implement later */ 628 printf ("trap: handicapped"); 629 break; 630 #else 631 goto dead_end; 632 #endif 633 634 case T_EMULATION | T_USER: 635 #ifdef FPEMUL 636 hppa_fpu_emulate(frame, l, opcode); 637 #else /* !FPEMUL */ 638 /* 639 * We don't have FPU emulation, so signal the 640 * process with a SIGFPE. 641 */ 642 643 KSI_INIT_TRAP(&ksi); 644 ksi.ksi_signo = SIGFPE; 645 ksi.ksi_code = SI_NOINFO; 646 ksi.ksi_trap = type; 647 ksi.ksi_addr = (void *)frame->tf_iioq_head; 648 trapsignal(l, &ksi); 649 #endif /* !FPEMUL */ 650 break; 651 652 case T_DATALIGN: 653 if (pcb->pcb_onfault) { 654 do_onfault: 655 frame->tf_iioq_head = pcb->pcb_onfault; 656 frame->tf_iioq_tail = 4 + frame->tf_iioq_head; 657 pcb->pcb_onfault = 0; 658 break; 659 } 660 /*FALLTHROUGH*/ 661 662 #ifdef DIAGNOSTIC 663 /* these just can't happen ever */ 664 case T_PRIV_OP: 665 case T_PRIV_REG: 666 /* these just can't make it to the trap() ever */ 667 case T_HPMC: 668 case T_HPMC | T_USER: 669 case T_EMULATION: 670 case T_EXCEPTION: 671 #endif 672 case T_IBREAK: 673 case T_DBREAK: 674 dead_end: 675 if (type & T_USER) { 676 #ifdef DEBUG 677 user_backtrace(frame, l, type); 678 #endif 679 KSI_INIT_TRAP(&ksi); 680 ksi.ksi_signo = SIGILL; 681 ksi.ksi_code = ILL_ILLTRP; 682 ksi.ksi_trap = type; 683 ksi.ksi_addr = (void *)frame->tf_iioq_head; 684 trapsignal(l, &ksi); 685 break; 686 } 687 if (trap_kdebug(type, va, frame)) 688 return; 689 else if (type == T_DATALIGN) 690 panic ("trap: %s at 0x%x", tts, (u_int) va); 691 else 692 panic ("trap: no debugger for \"%s\" (%d)", tts, type); 693 break; 694 695 case T_IBREAK | T_USER: 696 case T_DBREAK | T_USER: 697 KSI_INIT_TRAP(&ksi); 698 ksi.ksi_signo = SIGTRAP; 699 ksi.ksi_code = TRAP_TRACE; 700 ksi.ksi_trap = trapnum; 701 ksi.ksi_addr = (void *)frame->tf_iioq_head; 702 #ifdef PTRACE 703 ss_clear_breakpoints(l); 704 if (opcode == SSBREAKPOINT) 705 ksi.ksi_code = TRAP_BRKPT; 706 #endif 707 /* pass to user debugger */ 708 trapsignal(l, &ksi); 709 710 break; 711 712 #ifdef PTRACE 713 case T_TAKENBR | T_USER: 714 ss_clear_breakpoints(l); 715 716 KSI_INIT_TRAP(&ksi); 717 ksi.ksi_signo = SIGTRAP; 718 ksi.ksi_code = TRAP_TRACE; 719 ksi.ksi_trap = trapnum; 720 ksi.ksi_addr = (void *)frame->tf_iioq_head; 721 722 /* pass to user debugger */ 723 trapsignal(l, &ksi); 724 break; 725 #endif 726 727 case T_EXCEPTION | T_USER: { /* co-proc assist trap */ 728 uint64_t *fpp; 729 uint32_t *pex, ex, inst; 730 int i; 731 732 hppa_fpu_flush(l); 733 fpp = pcb->pcb_fpregs; 734 pex = (uint32_t *)&fpp[1]; 735 for (i = 1; i < 8 && !*pex; i++, pex++) 736 ; 737 KASSERT(i < 8); 738 ex = *pex; 739 *pex = 0; 740 741 /* reset the trap flag, as if there was none */ 742 fpp[0] &= ~(((uint64_t)HPPA_FPU_T) << 32); 743 744 /* emulate the instruction */ 745 inst = ((uint32_t)fpopmap[ex >> 26] << 26) | (ex & 0x03ffffff); 746 hppa_fpu_emulate(frame, l, inst); 747 } 748 break; 749 750 case T_OVERFLOW | T_USER: 751 KSI_INIT_TRAP(&ksi); 752 ksi.ksi_signo = SIGFPE; 753 ksi.ksi_code = SI_NOINFO; 754 ksi.ksi_trap = type; 755 ksi.ksi_addr = (void *)va; 756 trapsignal(l, &ksi); 757 break; 758 759 case T_CONDITION | T_USER: 760 KSI_INIT_TRAP(&ksi); 761 ksi.ksi_signo = SIGFPE; 762 ksi.ksi_code = FPE_INTDIV; 763 ksi.ksi_trap = type; 764 ksi.ksi_addr = (void *)va; 765 trapsignal(l, &ksi); 766 break; 767 768 case T_ILLEGAL | T_USER: 769 #ifdef DEBUG 770 user_backtrace(frame, l, type); 771 #endif 772 KSI_INIT_TRAP(&ksi); 773 ksi.ksi_signo = SIGILL; 774 ksi.ksi_code = ILL_ILLOPC; 775 ksi.ksi_trap = type; 776 ksi.ksi_addr = (void *)va; 777 trapsignal(l, &ksi); 778 break; 779 780 case T_PRIV_OP | T_USER: 781 #ifdef DEBUG 782 user_backtrace(frame, l, type); 783 #endif 784 KSI_INIT_TRAP(&ksi); 785 ksi.ksi_signo = SIGILL; 786 ksi.ksi_code = ILL_PRVOPC; 787 ksi.ksi_trap = type; 788 ksi.ksi_addr = (void *)va; 789 trapsignal(l, &ksi); 790 break; 791 792 case T_PRIV_REG | T_USER: 793 #ifdef DEBUG 794 user_backtrace(frame, l, type); 795 #endif 796 KSI_INIT_TRAP(&ksi); 797 ksi.ksi_signo = SIGILL; 798 ksi.ksi_code = ILL_PRVREG; 799 ksi.ksi_trap = type; 800 ksi.ksi_addr = (void *)va; 801 trapsignal(l, &ksi); 802 break; 803 804 /* these should never got here */ 805 case T_HIGHERPL | T_USER: 806 case T_LOWERPL | T_USER: 807 KSI_INIT_TRAP(&ksi); 808 ksi.ksi_signo = SIGSEGV; 809 ksi.ksi_code = SEGV_ACCERR; 810 ksi.ksi_trap = type; 811 ksi.ksi_addr = (void *)va; 812 trapsignal(l, &ksi); 813 break; 814 815 case T_IPROT | T_USER: 816 case T_DPROT | T_USER: 817 KSI_INIT_TRAP(&ksi); 818 ksi.ksi_signo = SIGSEGV; 819 ksi.ksi_code = SEGV_ACCERR; 820 ksi.ksi_trap = type; 821 ksi.ksi_addr = (void *)va; 822 trapsignal(l, &ksi); 823 break; 824 825 case T_DATACC: case T_USER | T_DATACC: 826 case T_ITLBMISS: case T_USER | T_ITLBMISS: 827 case T_DTLBMISS: case T_USER | T_DTLBMISS: 828 case T_ITLBMISSNA: case T_USER | T_ITLBMISSNA: 829 case T_DTLBMISSNA: case T_USER | T_DTLBMISSNA: 830 case T_TLB_DIRTY: case T_USER | T_TLB_DIRTY: 831 vm = p->p_vmspace; 832 833 if (!vm) { 834 #ifdef TRAPDEBUG 835 printf("trap: no vm, p=%p\n", p); 836 #endif 837 goto dead_end; 838 } 839 840 /* 841 * it could be a kernel map for exec_map faults 842 */ 843 if (!(type & T_USER) && space == HPPA_SID_KERNEL) 844 map = kernel_map; 845 else { 846 map = &vm->vm_map; 847 if ((l->l_flag & LW_SA) 848 && (~l->l_pflag & LP_SA_NOBLOCK)) { 849 l->l_savp->savp_faultaddr = va; 850 l->l_pflag |= LP_SA_PAGEFAULT; 851 } 852 } 853 854 va = trunc_page(va); 855 856 if (map->pmap->pm_space != space) { 857 #ifdef TRAPDEBUG 858 printf("trap: space mismatch %d != %d\n", 859 space, map->pmap->pm_space); 860 #endif 861 /* actually dump the user, crap the kernel */ 862 goto dead_end; 863 } 864 865 /* Never call uvm_fault in interrupt context. */ 866 KASSERT(hppa_intr_depth == 0); 867 868 onfault = pcb->pcb_onfault; 869 pcb->pcb_onfault = 0; 870 ret = uvm_fault(map, va, vftype); 871 pcb->pcb_onfault = onfault; 872 873 #ifdef TRAPDEBUG 874 printf("uvm_fault(%p, %x, %d)=%d\n", 875 map, (u_int)va, vftype, ret); 876 #endif 877 878 if (map != kernel_map) 879 l->l_pflag &= ~LP_SA_PAGEFAULT; 880 881 /* 882 * If this was a stack access we keep track of the maximum 883 * accessed stack size. Also, if uvm_fault gets a protection 884 * failure it is due to accessing the stack region outside 885 * the current limit and we need to reflect that as an access 886 * error. 887 */ 888 if (map != kernel_map && va >= (vaddr_t)vm->vm_minsaddr) { 889 if (ret == 0) 890 uvm_grow(l->l_proc, va); 891 else if (ret == EACCES) 892 ret = EFAULT; 893 } 894 895 if (ret != 0) { 896 if (type & T_USER) { 897 #ifdef DEBUG 898 user_backtrace(frame, l, type); 899 #endif 900 KSI_INIT_TRAP(&ksi); 901 ksi.ksi_signo = SIGSEGV; 902 ksi.ksi_code = (ret == EACCES ? 903 SEGV_ACCERR : SEGV_MAPERR); 904 ksi.ksi_trap = type; 905 ksi.ksi_addr = (void *)va; 906 trapsignal(l, &ksi); 907 } else { 908 if (pcb->pcb_onfault) { 909 goto do_onfault; 910 } 911 panic("trap: uvm_fault(%p, %lx, %d): %d", 912 map, va, vftype, ret); 913 } 914 } 915 break; 916 917 case T_DATALIGN | T_USER: 918 #ifdef DEBUG 919 user_backtrace(frame, l, type); 920 #endif 921 KSI_INIT_TRAP(&ksi); 922 ksi.ksi_signo = SIGBUS; 923 ksi.ksi_code = BUS_ADRALN; 924 ksi.ksi_trap = type; 925 ksi.ksi_addr = (void *)va; 926 trapsignal(l, &ksi); 927 break; 928 929 case T_INTERRUPT: 930 case T_INTERRUPT|T_USER: 931 hppa_intr(frame); 932 mtctl(frame->tf_eiem, CR_EIEM); 933 break; 934 935 case T_LOWERPL: 936 case T_DPROT: 937 case T_IPROT: 938 case T_OVERFLOW: 939 case T_CONDITION: 940 case T_ILLEGAL: 941 case T_HIGHERPL: 942 case T_TAKENBR: 943 case T_POWERFAIL: 944 case T_LPMC: 945 case T_PAGEREF: 946 case T_DATAPID: case T_DATAPID | T_USER: 947 if (0 /* T-chip */) { 948 break; 949 } 950 /* FALLTHROUGH to unimplemented */ 951 default: 952 panic ("trap: unimplemented \'%s\' (%d)", tts, type); 953 } 954 955 #ifdef DIAGNOSTIC 956 if (cpl != oldcpl) 957 printf("WARNING: SPL (%d) NOT LOWERED ON TRAP (%d) EXIT\n", 958 cpl, trapnum); 959 #endif 960 961 if (type & T_USER) 962 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 963 964 #ifdef DEBUG 965 frame_sanity_check(0xdead02, type, frame, l); 966 if (frame->tf_flags & TFF_LAST && (curlwp->l_flag & LW_IDLE) == 0) 967 frame_sanity_check(0xdead03, type, curlwp->l_md.md_regs, 968 curlwp); 969 #endif /* DEBUG */ 970 } 971 972 void 973 child_return(void *arg) 974 { 975 struct lwp *l = arg; 976 977 /* 978 * Return values in the frame set by cpu_lwp_fork(). 979 */ 980 981 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 982 ktrsysret(SYS_fork, 0, 0); 983 #ifdef DEBUG 984 frame_sanity_check(0xdead04, 0, l->l_md.md_regs, l); 985 #endif /* DEBUG */ 986 } 987 988 #ifdef PTRACE 989 990 #include <sys/ptrace.h> 991 992 int 993 ss_get_value(struct lwp *l, vaddr_t addr, u_int *value) 994 { 995 struct uio uio; 996 struct iovec iov; 997 998 iov.iov_base = (void *)value; 999 iov.iov_len = sizeof(u_int); 1000 uio.uio_iov = &iov; 1001 uio.uio_iovcnt = 1; 1002 uio.uio_offset = (off_t)addr; 1003 uio.uio_resid = sizeof(u_int); 1004 uio.uio_rw = UIO_READ; 1005 UIO_SETUP_SYSSPACE(&uio); 1006 1007 return (process_domem(curlwp, l, &uio)); 1008 } 1009 1010 int 1011 ss_put_value(struct lwp *l, vaddr_t addr, u_int value) 1012 { 1013 struct uio uio; 1014 struct iovec iov; 1015 1016 iov.iov_base = (void *)&value; 1017 iov.iov_len = sizeof(u_int); 1018 uio.uio_iov = &iov; 1019 uio.uio_iovcnt = 1; 1020 uio.uio_offset = (off_t)addr; 1021 uio.uio_resid = sizeof(u_int); 1022 uio.uio_rw = UIO_WRITE; 1023 UIO_SETUP_SYSSPACE(&uio); 1024 1025 return (process_domem(curlwp, l, &uio)); 1026 } 1027 1028 void 1029 ss_clear_breakpoints(struct lwp *l) 1030 { 1031 /* Restore origional instructions. */ 1032 if (l->l_md.md_bpva != 0) { 1033 ss_put_value(l, l->l_md.md_bpva, l->l_md.md_bpsave[0]); 1034 ss_put_value(l, l->l_md.md_bpva + 4, l->l_md.md_bpsave[1]); 1035 l->l_md.md_bpva = 0; 1036 } 1037 } 1038 1039 1040 int 1041 process_sstep(struct lwp *l, int sstep) 1042 { 1043 struct trapframe *tf = l->l_md.md_regs; 1044 int error; 1045 1046 ss_clear_breakpoints(l); 1047 1048 /* We're continuing... */ 1049 /* Don't touch the syscall gateway page. */ 1050 /* XXX head */ 1051 if (sstep == 0 || 1052 (tf->tf_iioq_tail & ~PAGE_MASK) == SYSCALLGATE) { 1053 tf->tf_ipsw &= ~PSW_T; 1054 return 0; 1055 } 1056 1057 l->l_md.md_bpva = tf->tf_iioq_tail & ~HPPA_PC_PRIV_MASK; 1058 1059 /* 1060 * Insert two breakpoint instructions; the first one might be 1061 * nullified. Of course we need to save two instruction 1062 * first. 1063 */ 1064 1065 error = ss_get_value(l, l->l_md.md_bpva, &l->l_md.md_bpsave[0]); 1066 if (error) 1067 return (error); 1068 error = ss_get_value(l, l->l_md.md_bpva + 4, &l->l_md.md_bpsave[1]); 1069 if (error) 1070 return (error); 1071 1072 error = ss_put_value(l, l->l_md.md_bpva, SSBREAKPOINT); 1073 if (error) 1074 return error; 1075 error = ss_put_value(l, l->l_md.md_bpva + 4, SSBREAKPOINT); 1076 if (error) 1077 return error; 1078 1079 tf->tf_ipsw |= PSW_T; 1080 1081 return 0; 1082 } 1083 #endif 1084 1085 1086 /* 1087 * call actual syscall routine 1088 * from the low-level syscall handler: 1089 * - all HPPA_FRAME_NARGS syscall's arguments supposed to be copied onto 1090 * our stack, this wins compared to copyin just needed amount anyway 1091 * - register args are copied onto stack too 1092 */ 1093 void 1094 syscall(struct trapframe *frame, int *args) 1095 { 1096 struct lwp *l; 1097 struct proc *p; 1098 const struct sysent *callp; 1099 size_t nargs64; 1100 int nsys, code, error; 1101 int tmp; 1102 int rval[2]; 1103 #ifdef DIAGNOSTIC 1104 int oldcpl = cpl; 1105 #endif 1106 1107 uvmexp.syscalls++; 1108 1109 #ifdef DEBUG 1110 frame_sanity_check(0xdead04, 0, frame, curlwp); 1111 #endif /* DEBUG */ 1112 1113 if (!USERMODE(frame->tf_iioq_head)) 1114 panic("syscall"); 1115 1116 KASSERT(curlwp != NULL); 1117 l = curlwp; 1118 p = l->l_proc; 1119 l->l_md.md_regs = frame; 1120 nsys = p->p_emul->e_nsysent; 1121 callp = p->p_emul->e_sysent; 1122 code = frame->tf_t1; 1123 LWP_CACHE_CREDS(l, p); 1124 1125 #ifdef KERN_SA 1126 if (__predict_false((l->l_savp) 1127 && (l->l_savp->savp_pflags & SAVP_FLAG_DELIVERING))) 1128 l->l_savp->savp_pflags &= ~SAVP_FLAG_DELIVERING; 1129 #endif 1130 1131 /* 1132 * Restarting a system call is touchy on the HPPA, because syscall 1133 * arguments are passed in registers and the program counter of the 1134 * syscall "point" isn't easily divined. 1135 * 1136 * We handle the first problem by assuming that we will have to restart 1137 * this system call, so we stuff the first four words of the original 1138 * arguments back into the frame as arg0...arg3, which is where we 1139 * found them in the first place. Any further arguments are (still) on 1140 * the user's stack and the syscall code will fetch them from there 1141 * (again). 1142 * 1143 * The program counter problem is addressed below. 1144 */ 1145 frame->tf_arg0 = args[0]; 1146 frame->tf_arg1 = args[1]; 1147 frame->tf_arg2 = args[2]; 1148 frame->tf_arg3 = args[3]; 1149 1150 /* 1151 * Some special handling for the syscall(2) and 1152 * __syscall(2) system calls. 1153 */ 1154 switch (code) { 1155 case SYS_syscall: 1156 code = *args; 1157 args += 1; 1158 break; 1159 case SYS___syscall: 1160 if (callp != sysent) 1161 break; 1162 /* 1163 * NB: even though __syscall(2) takes a quad_t containing the 1164 * system call number, because our argument copying word-swaps 1165 * 64-bit arguments, the least significant word of that quad_t 1166 * is the first word in the argument array. 1167 */ 1168 code = *args; 1169 args += 2; 1170 } 1171 1172 /* 1173 * Stacks growing from lower addresses to higher addresses are not 1174 * really such a good idea, because it makes it impossible to overlay a 1175 * struct on top of C stack arguments (the arguments appear in 1176 * reversed order). 1177 * 1178 * You can do the obvious thing (as locore.S does) and copy argument 1179 * words one by one, laying them out in the "right" order in the dest- 1180 * ination buffer, but this ends up word-swapping multi-word arguments 1181 * (like off_t). 1182 * 1183 * FIXME - this works only on native binaries and 1184 * will probably screw up any and all emulation. 1185 * 1186 */ 1187 1188 if (code < 0 || code >= nsys) 1189 callp += p->p_emul->e_nosys; /* bad syscall # */ 1190 else 1191 callp += code; 1192 1193 nargs64 = SYCALL_NARGS64(callp); 1194 if (nargs64 != 0) { 1195 size_t nargs = callp->sy_narg; 1196 1197 for (size_t i = 0; i < nargs + nargs64;) { 1198 if (SYCALL_ARG_64_P(callp, i)) { 1199 tmp = args[i]; 1200 args[i] = args[i + 1]; 1201 args[i + 1] = tmp; 1202 i += 2; 1203 } else 1204 i++; 1205 } 1206 } 1207 1208 #ifdef USERTRACE 1209 if (0) { 1210 user_backtrace(frame, l, -1); 1211 frame->tf_ipsw |= PSW_R; 1212 frame->tf_rctr = 0; 1213 printf("r %08x", frame->tf_iioq_head); 1214 rctr_next_iioq = frame->tf_iioq_head + 4; 1215 } 1216 #endif 1217 1218 error = 0; 1219 if (__predict_false(p->p_trace_enabled)) { 1220 error = trace_enter(code, args, callp->sy_narg); 1221 if (error) 1222 goto out; 1223 } 1224 1225 rval[0] = 0; 1226 rval[1] = 0; 1227 error = sy_call(callp, l, args, rval); 1228 out: 1229 switch (error) { 1230 case 0: 1231 l = curlwp; /* changes on exec() */ 1232 frame = l->l_md.md_regs; 1233 frame->tf_ret0 = rval[0]; 1234 frame->tf_ret1 = rval[1]; 1235 frame->tf_t1 = 0; 1236 break; 1237 case ERESTART: 1238 /* 1239 * Now we have to wind back the instruction 1240 * offset queue to the point where the system 1241 * call will be made again. This is inherently 1242 * tied to the SYSCALL macro. 1243 * 1244 * Currently, the part of the SYSCALL macro 1245 * that we want to rerun reads as: 1246 * 1247 * ldil L%SYSCALLGATE, r1 1248 * ble 4(sr7, r1) 1249 * ldi __CONCAT(SYS_,x), t1 1250 * comb,<> %r0, %t1, __cerror 1251 * 1252 * And our offset queue head points to the 1253 * comb instruction. So we need to 1254 * subtract twelve to reach the ldil. 1255 */ 1256 frame->tf_iioq_head -= 12; 1257 frame->tf_iioq_tail = frame->tf_iioq_head + 4; 1258 break; 1259 case EJUSTRETURN: 1260 p = curproc; 1261 break; 1262 default: 1263 if (p->p_emul->e_errno) 1264 error = p->p_emul->e_errno[error]; 1265 frame->tf_t1 = error; 1266 break; 1267 } 1268 1269 if (__predict_false(p->p_trace_enabled)) 1270 trace_exit(code, rval, error); 1271 1272 userret(l, frame->tf_iioq_head, 0); 1273 1274 #ifdef DIAGNOSTIC 1275 if (cpl != oldcpl) { 1276 printf("WARNING: SPL (0x%x) NOT LOWERED ON " 1277 "syscall(0x%x, 0x%x, 0x%x, 0x%x...) EXIT, PID %d\n", 1278 cpl, code, args[0], args[1], args[2], p->p_pid); 1279 cpl = oldcpl; 1280 } 1281 #endif 1282 1283 #ifdef DEBUG 1284 frame_sanity_check(0xdead05, 0, frame, l); 1285 #endif /* DEBUG */ 1286 } 1287 1288 /* 1289 * Start a new LWP 1290 */ 1291 void 1292 startlwp(void *arg) 1293 { 1294 int err; 1295 ucontext_t *uc = arg; 1296 struct lwp *l = curlwp; 1297 1298 err = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags); 1299 #if DIAGNOSTIC 1300 if (err) { 1301 printf("Error %d from cpu_setmcontext.", err); 1302 } 1303 #endif 1304 pool_put(&lwp_uc_pool, uc); 1305 1306 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1307 } 1308 1309 /* 1310 * XXX This is a terrible name. 1311 */ 1312 void 1313 upcallret(struct lwp *l) 1314 { 1315 userret(l, l->l_md.md_regs->tf_iioq_head, 0); 1316 } 1317
Indexes created Mon Sep 29 21:09:56 GMT 2025