1 /* $NetBSD: trap.c,v 1.195 2015/12/13 19:49:34 christos Exp $ */
2
3 /*
4 * Copyright (c) 1996
5 * The President and Fellows of Harvard College. All rights reserved.
6 * Copyright (c) 1992, 1993
7 * The Regents of the University of California. All rights reserved.
8 *
9 * This software was developed by the Computer Systems Engineering group
10 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
11 * contributed to Berkeley.
12 *
13 * All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Lawrence Berkeley Laboratory.
17 * This product includes software developed by Harvard University.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 * 3. All advertising materials mentioning features or use of this software
28 * must display the following acknowledgement:
29 * This product includes software developed by the University of
30 * California, Berkeley and its contributors.
31 * This product includes software developed by Harvard University.
32 * 4. Neither the name of the University nor the names of its contributors
33 * may be used to endorse or promote products derived from this software
34 * without specific prior written permission.
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
37 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
39 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
40 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
41 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
42 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
44 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
45 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 * SUCH DAMAGE.
47 *
48 * @(#)trap.c 8.4 (Berkeley) 9/23/93
49 */
50
51 #include <sys/cdefs.h>
52 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.195 2015/12/13 19:49:34 christos Exp $");
53
54 #include "opt_ddb.h"
55 #include "opt_compat_svr4.h"
56 #include "opt_compat_sunos.h"
57 #include "opt_sparc_arch.h"
58 #include "opt_multiprocessor.h"
59
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/proc.h>
63 #include <sys/kernel.h>
64 #include <sys/kmem.h>
65 #include <sys/resource.h>
66 #include <sys/signal.h>
67 #include <sys/wait.h>
68 #include <sys/syscall.h>
69 #include <sys/syslog.h>
70 #include <sys/kauth.h>
71
72 #include <uvm/uvm_extern.h>
73
74 #include <sparc/sparc/asm.h>
75 #include <machine/cpu.h>
76 #include <machine/ctlreg.h>
77 #include <machine/trap.h>
78 #include <machine/instr.h>
79 #include <machine/pcb.h>
80 #include <machine/pmap.h>
81 #include <machine/userret.h>
82
83 #ifdef DDB
84 #include <machine/db_machdep.h>
85 #else
86 #include <machine/frame.h>
87 #endif
88 #ifdef COMPAT_SVR4
89 #include <machine/svr4_machdep.h>
90 #endif
91 #ifdef COMPAT_SUNOS
92 extern struct emul emul_sunos;
93 #define SUNOS_MAXSADDR_SLOP (32 * 1024)
94 #endif
95
96 #include <sparc/fpu/fpu_extern.h>
97 #include <sparc/sparc/memreg.h>
98 #include <sparc/sparc/cpuvar.h>
99
100 #ifdef DEBUG
101 int rwindow_debug = 0;
102 #endif
103
104 /*
105 * Initial FPU state is all registers == all 1s, everything else == all 0s.
106 * This makes every floating point register a signalling NaN, with sign bit
107 * set, no matter how it is interpreted. Appendix N of the Sparc V8 document
108 * seems to imply that we should do this, and it does make sense.
109 */
110 struct fpstate initfpstate = {
111 { ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0,
112 ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0 },
113 0, 0,
114 };
115
116 /*
117 * There are more than 100 trap types, but most are unused.
118 *
119 * Trap type 0 is taken over as an `Asynchronous System Trap'.
120 * This is left-over Vax emulation crap that should be fixed.
121 */
122 static const char T[] = "trap";
123 const char *trap_type[] = {
124 /* non-user vectors */
125 "ast", /* 0 */
126 "text fault", /* 1 */
127 "illegal instruction", /* 2 */
128 "privileged instruction",/*3 */
129 "fp disabled", /* 4 */
130 "window overflow", /* 5 */
131 "window underflow", /* 6 */
132 "alignment fault", /* 7 */
133 "fp exception", /* 8 */
134 "data fault", /* 9 */
135 "tag overflow", /* 0a */
136 "watchpoint", /* 0b */
137 T, T, T, T, T, /* 0c..10 */
138 "level 1 int", /* 11 */
139 "level 2 int", /* 12 */
140 "level 3 int", /* 13 */
141 "level 4 int", /* 14 */
142 "level 5 int", /* 15 */
143 "level 6 int", /* 16 */
144 "level 7 int", /* 17 */
145 "level 8 int", /* 18 */
146 "level 9 int", /* 19 */
147 "level 10 int", /* 1a */
148 "level 11 int", /* 1b */
149 "level 12 int", /* 1c */
150 "level 13 int", /* 1d */
151 "level 14 int", /* 1e */
152 "level 15 int", /* 1f */
153 "register access error",/* 20 */
154 "instruction access error",/* 21 */
155 T, T, /* 22..23 */
156 "cp disabled", /* 24 */
157 "unimplemented flush", /* 25 */
158 T, T, /* 26..27 */
159 "cp exception", /* 28 */
160 "data access error", /* 29 */
161 "hw zero divide", /* 2a */
162 "data store error", /* 2b */
163 "data access MMU miss", /* 2c */
164 T, T, T, /* 2d..2f */
165 T, T, T, T, T, T, T, T, /* 30..37 */
166 T, T, T, T, /* 38..3b */
167 "insn access MMU miss", /* 3c */
168 T, T, T, /* 3d..3f */
169 T, T, T, T, T, T, T, T, /* 40..47 */
170 T, T, T, T, T, T, T, T, /* 48..4f */
171 T, T, T, T, T, T, T, T, /* 50..57 */
172 T, T, T, T, T, T, T, T, /* 58..5f */
173 T, T, T, T, T, T, T, T, /* 60..67 */
174 T, T, T, T, T, T, T, T, /* 68..6f */
175 T, T, T, T, T, T, T, T, /* 70..77 */
176 T, T, T, T, T, T, T, T, /* 78..7f */
177
178 /* user (software trap) vectors */
179 "syscall", /* 80 */
180 "breakpoint", /* 81 */
181 "zero divide", /* 82 */
182 "flush windows", /* 83 */
183 "clean windows", /* 84 */
184 "range check", /* 85 */
185 "fix align", /* 86 */
186 "integer overflow", /* 87 */
187 "svr4 syscall", /* 88 */
188 "4.4 syscall", /* 89 */
189 "kgdb exec", /* 8a */
190 T, T, T, T, T, /* 8b..8f */
191 T, T, T, T, T, T, T, T, /* 9a..97 */
192 T, T, T, T, T, T, T, T, /* 98..9f */
193 "svr4 getcc", /* a0 */
194 "svr4 setcc", /* a1 */
195 "svr4 getpsr", /* a2 */
196 "svr4 setpsr", /* a3 */
197 "svr4 gethrtime", /* a4 */
198 "svr4 gethrvtime", /* a5 */
199 T, /* a6 */
200 "svr4 gethrestime", /* a7 */
201 };
202
203 #define N_TRAP_TYPES (sizeof trap_type / sizeof *trap_type)
204
205 void trap(unsigned, int, int, struct trapframe *);
206 void mem_access_fault(unsigned, int, u_int, int, int, struct trapframe *);
207 void mem_access_fault4m(unsigned, u_int, u_int, struct trapframe *);
208
209 int ignore_bogus_traps = 1;
210
211 /*
212 * Called from locore.s trap handling, for non-MMU-related traps.
213 * (MMU-related traps go through mem_access_fault, below.)
214 */
215 void
trap(unsigned type,int psr,int pc,struct trapframe * tf)216 trap(unsigned type, int psr, int pc, struct trapframe *tf)
217 {
218 struct proc *p;
219 struct lwp *l;
220 struct pcb *pcb;
221 int n, s;
222 char bits[64];
223 u_quad_t sticks;
224 ksiginfo_t ksi;
225 int code, sig;
226
227 /* This steps the PC over the trap. */
228 #define ADVANCE (n = tf->tf_npc, tf->tf_pc = n, tf->tf_npc = n + 4)
229
230 curcpu()->ci_data.cpu_ntrap++;
231 /*
232 * Generally, kernel traps cause a panic. Any exceptions are
233 * handled early here.
234 */
235 if (psr & PSR_PS) {
236 #ifdef DDB
237 if (type == T_BREAKPOINT) {
238 write_all_windows();
239 if (kdb_trap(type, tf)) {
240 return;
241 }
242 }
243 #if defined(MULTIPROCESSOR)
244 if (type == T_DBPAUSE) {
245 /* XXX - deal with kgdb too */
246 extern void ddb_suspend(struct trapframe *);
247 write_all_windows();
248 ddb_suspend(tf);
249 ADVANCE;
250 return;
251 }
252 #endif
253 #endif
254 #ifdef DIAGNOSTIC
255 /*
256 * Currently, we allow DIAGNOSTIC kernel code to
257 * flush the windows to record stack traces.
258 */
259 if (type == T_FLUSHWIN) {
260 write_all_windows();
261 ADVANCE;
262 return;
263 }
264 #endif
265 if (type == T_UNIMPLFLUSH) {
266 /*
267 * This should happen only on hypersparc.
268 * It also is a rare event to get this trap
269 * from kernel space. For now, just flush the
270 * entire I-cache.
271 */
272 #if defined(MULTIPROCESSOR)
273 /* Broadcast to all CPUs */
274 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL);
275 #else
276 (*cpuinfo.pure_vcache_flush)();
277 #endif
278 ADVANCE;
279 return;
280 }
281
282 /*
283 * Storing %fsr in cpu_attach will cause this trap
284 * even though the fpu has been enabled, if and only
285 * if there is no FPU.
286 */
287 if (type == T_FPDISABLED && cold) {
288 ADVANCE;
289 return;
290 }
291 dopanic:
292 snprintb(bits, sizeof(bits), PSR_BITS, psr);
293 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n",
294 type, pc, tf->tf_npc, bits);
295 #ifdef DDB
296 write_all_windows();
297 (void) kdb_trap(type, tf);
298 #endif
299 panic("%s", type < N_TRAP_TYPES ? trap_type[type] : T);
300 /* NOTREACHED */
301 }
302 if ((l = curlwp) == NULL)
303 l = &lwp0;
304 p = l->l_proc;
305 LWP_CACHE_CREDS(l, p);
306 sticks = p->p_sticks;
307 pcb = lwp_getpcb(l);
308 l->l_md.md_tf = tf; /* for ptrace/signals */
309
310 #ifdef FPU_DEBUG
311 if (type != T_FPDISABLED && (tf->tf_psr & PSR_EF) != 0) {
312 if (cpuinfo.fplwp != l)
313 panic("FPU enabled but wrong proc (0) [l=%p, fwlp=%p]",
314 l, cpuinfo.fplwp);
315 savefpstate(l->l_md.md_fpstate);
316 l->l_md.md_fpu = NULL;
317 cpuinfo.fplwp = NULL;
318 tf->tf_psr &= ~PSR_EF;
319 setpsr(getpsr() & ~PSR_EF);
320 }
321 #endif
322
323 sig = 0;
324
325 switch (type) {
326
327 default:
328 if (type < 0x80) {
329 if (!ignore_bogus_traps)
330 goto dopanic;
331 snprintb(bits, sizeof(bits), PSR_BITS, psr);
332 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n",
333 type, pc, tf->tf_npc, bits);
334 sig = SIGILL;
335 KSI_INIT_TRAP(&ksi);
336 ksi.ksi_trap = type;
337 ksi.ksi_code = ILL_ILLTRP;
338 ksi.ksi_addr = (void *)pc;
339 break;
340 }
341 #if defined(COMPAT_SVR4)
342 badtrap:
343 #endif
344 #ifdef DIAGNOSTIC
345 if (type < 0x90 || type > 0x9f) {
346 /* the following message is gratuitous */
347 /* ... but leave it in until we find anything */
348 uprintf("%s[%d]: unimplemented software trap 0x%x\n",
349 p->p_comm, p->p_pid, type);
350 }
351 #endif
352 sig = SIGILL;
353 KSI_INIT_TRAP(&ksi);
354 ksi.ksi_trap = type;
355 ksi.ksi_code = ILL_ILLTRP;
356 ksi.ksi_addr = (void *)pc;
357 break;
358
359 #ifdef COMPAT_SVR4
360 case T_SVR4_GETCC:
361 case T_SVR4_SETCC:
362 case T_SVR4_GETPSR:
363 case T_SVR4_SETPSR:
364 case T_SVR4_GETHRTIME:
365 case T_SVR4_GETHRVTIME:
366 case T_SVR4_GETHRESTIME:
367 if (!svr4_trap(type, l))
368 goto badtrap;
369 break;
370 #endif
371
372 case T_AST:
373 break; /* the work is all in userret() */
374
375 case T_UNIMPLFLUSH:
376 /* Invalidate the entire I-cache */
377 #if defined(MULTIPROCESSOR)
378 /* Broadcast to all CPUs */
379 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL);
380 #else
381 (*cpuinfo.pure_vcache_flush)();
382 #endif
383 ADVANCE;
384 break;
385
386 case T_ILLINST:
387 /* Note: Cypress generates a T_ILLINST on FLUSH instructions */
388 if ((sig = emulinstr(pc, tf)) == 0) {
389 ADVANCE;
390 break;
391 }
392 KSI_INIT_TRAP(&ksi);
393 ksi.ksi_trap = type;
394 ksi.ksi_code = ILL_ILLOPC;
395 ksi.ksi_addr = (void *)pc;
396 break;
397
398 case T_PRIVINST:
399 sig = SIGILL;
400 KSI_INIT_TRAP(&ksi);
401 ksi.ksi_trap = type;
402 ksi.ksi_code = ILL_PRVOPC;
403 ksi.ksi_addr = (void *)pc;
404 break;
405
406 case T_FPDISABLED: {
407 struct fpstate *fs = l->l_md.md_fpstate;
408
409 #ifdef FPU_DEBUG
410 if ((tf->tf_psr & PSR_PS) != 0) {
411 printf("FPU fault from kernel mode, pc=%x\n", pc);
412 #ifdef DDB
413 Debugger();
414 #endif
415 }
416 #endif
417
418 if (fs == NULL) {
419 fs = kmem_alloc(sizeof(struct fpstate), KM_SLEEP);
420 *fs = initfpstate;
421 l->l_md.md_fpstate = fs;
422 }
423 /*
424 * If we have not found an FPU, we have to emulate it.
425 */
426 if (!cpuinfo.fpupresent) {
427 #ifdef notyet
428 fpu_emulate(l, tf, fs);
429 #else
430 sig = SIGFPE;
431 KSI_INIT_TRAP(&ksi);
432 ksi.ksi_trap = type;
433 ksi.ksi_code = SI_NOINFO;
434 ksi.ksi_addr = (void *)pc;
435 #endif
436 break;
437 }
438 /*
439 * We may have more FPEs stored up and/or ops queued.
440 * If they exist, handle them and get out. Otherwise,
441 * resolve the FPU state, turn it on, and try again.
442 */
443 if (fs->fs_qsize) {
444 if ((code = fpu_cleanup(l, fs)) != 0) {
445 sig = SIGFPE;
446 KSI_INIT_TRAP(&ksi);
447 ksi.ksi_trap = type;
448 ksi.ksi_code = code;
449 ksi.ksi_addr = (void *)pc;
450 }
451 break;
452 }
453
454 /*
455 * If we do not own the FPU state on this CPU, we must
456 * now acquire it.
457 */
458 if (cpuinfo.fplwp != l) {
459 struct cpu_info *cpi;
460
461 FPU_LOCK(s);
462 if (cpuinfo.fplwp != NULL) {
463 /* someone else had it*/
464 savefpstate(cpuinfo.fplwp->l_md.md_fpstate);
465 cpuinfo.fplwp->l_md.md_fpu = NULL;
466 }
467
468 /*
469 * On MP machines, some of the other FPUs might
470 * still have our state. Tell the owning processor
471 * to save the process' FPU state.
472 */
473 if ((cpi = l->l_md.md_fpu) != NULL) {
474 if (cpi->ci_cpuid == cpuinfo.ci_cpuid)
475 panic("FPU(%d): state for %p",
476 cpi->ci_cpuid, l);
477 #if defined(MULTIPROCESSOR)
478 XCALL1(ipi_savefpstate, fs, 1 << cpi->ci_cpuid);
479 #endif
480 cpi->fplwp = NULL;
481 }
482 loadfpstate(fs);
483
484 /* now we do have it */
485 cpuinfo.fplwp = l;
486 l->l_md.md_fpu = curcpu();
487 FPU_UNLOCK(s);
488 }
489
490 tf->tf_psr |= PSR_EF;
491 break;
492 }
493
494 case T_WINOF:
495 if (rwindow_save(l)) {
496 mutex_enter(p->p_lock);
497 sigexit(l, SIGILL);
498 }
499 break;
500
501 #define read_rw(src, dst) \
502 copyin((void *)(src), (void *)(dst), sizeof(struct rwindow))
503
504 case T_RWRET:
505 /*
506 * T_RWRET is a window load needed in order to rett.
507 * It simply needs the window to which tf->tf_out[6]
508 * (%sp) points. There are no user or saved windows now.
509 * Copy the one from %sp into pcb->pcb_rw[0] and set
510 * nsaved to -1. If we decide to deliver a signal on
511 * our way out, we will clear nsaved.
512 */
513 if (pcb->pcb_uw || pcb->pcb_nsaved)
514 panic("trap T_RWRET 1");
515 #ifdef DEBUG
516 if (rwindow_debug)
517 printf("cpu%d:%s[%d]: rwindow: pcb<-stack: 0x%x\n",
518 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
519 tf->tf_out[6]);
520 #endif
521 if (read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) {
522 mutex_enter(p->p_lock);
523 sigexit(l, SIGILL);
524 }
525 if (pcb->pcb_nsaved)
526 panic("trap T_RWRET 2");
527 pcb->pcb_nsaved = -1; /* mark success */
528 break;
529
530 case T_WINUF:
531 /*
532 * T_WINUF is a real window underflow, from a restore
533 * instruction. It needs to have the contents of two
534 * windows---the one belonging to the restore instruction
535 * itself, which is at its %sp, and the one belonging to
536 * the window above, which is at its %fp or %i6---both
537 * in the pcb. The restore's window may still be in
538 * the CPU; we need to force it out to the stack.
539 */
540 #ifdef DEBUG
541 if (rwindow_debug)
542 printf("cpu%d:%s[%d]: rwindow: T_WINUF 0: pcb<-stack: 0x%x\n",
543 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
544 tf->tf_out[6]);
545 #endif
546 write_user_windows();
547 if (rwindow_save(l) || read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) {
548 mutex_enter(p->p_lock);
549 sigexit(l, SIGILL);
550 }
551 #ifdef DEBUG
552 if (rwindow_debug)
553 printf("cpu%d:%s[%d]: rwindow: T_WINUF 1: pcb<-stack: 0x%x\n",
554 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
555 pcb->pcb_rw[0].rw_in[6]);
556 #endif
557 if (read_rw(pcb->pcb_rw[0].rw_in[6], &pcb->pcb_rw[1])) {
558 mutex_enter(p->p_lock);
559 sigexit(l, SIGILL);
560 }
561 if (pcb->pcb_nsaved)
562 panic("trap T_WINUF");
563 pcb->pcb_nsaved = -1; /* mark success */
564 break;
565
566 case T_ALIGN:
567 if ((p->p_md.md_flags & MDP_FIXALIGN) != 0) {
568 n = fixalign(l, tf, NULL);
569 if (n == 0) {
570 ADVANCE;
571 break;
572 }
573 }
574 sig = SIGBUS;
575 KSI_INIT_TRAP(&ksi);
576 ksi.ksi_trap = type;
577 ksi.ksi_code = BUS_ADRALN;
578 fixalign(l, tf, &ksi.ksi_addr);
579 break;
580
581 case T_FPE:
582 /*
583 * Clean up after a floating point exception.
584 * fpu_cleanup can (and usually does) modify the
585 * state we save here, so we must `give up' the FPU
586 * chip context. (The software and hardware states
587 * will not match once fpu_cleanup does its job, so
588 * we must not save again later.)
589 */
590 if (l != cpuinfo.fplwp)
591 panic("fpe without being the FP user");
592 FPU_LOCK(s);
593 savefpstate(l->l_md.md_fpstate);
594 cpuinfo.fplwp = NULL;
595 l->l_md.md_fpu = NULL;
596 FPU_UNLOCK(s);
597 /* tf->tf_psr &= ~PSR_EF; */ /* share_fpu will do this */
598 if ((code = fpu_cleanup(l, l->l_md.md_fpstate)) != 0) {
599 sig = SIGFPE;
600 KSI_INIT_TRAP(&ksi);
601 ksi.ksi_trap = type;
602 ksi.ksi_code = code;
603 ksi.ksi_addr = (void *)pc;
604 }
605 #if 0 /* ??? really never??? */
606 ADVANCE;
607 #endif
608 break;
609
610 case T_TAGOF:
611 sig = SIGEMT;
612 KSI_INIT_TRAP(&ksi);
613 ksi.ksi_trap = type;
614 ksi.ksi_code = SI_NOINFO;
615 ksi.ksi_addr = (void *)pc;
616 break;
617
618 case T_CPDISABLED:
619 uprintf("coprocessor instruction\n"); /* XXX */
620 sig = SIGILL;
621 KSI_INIT_TRAP(&ksi);
622 ksi.ksi_trap = type;
623 ksi.ksi_code = ILL_COPROC;
624 ksi.ksi_addr = (void *)pc;
625 break;
626
627 case T_BREAKPOINT:
628 sig = SIGTRAP;
629 KSI_INIT_TRAP(&ksi);
630 ksi.ksi_trap = type;
631 ksi.ksi_code = TRAP_BRKPT;
632 ksi.ksi_addr = (void *)pc;
633 break;
634
635 case T_DIV0:
636 case T_IDIV0:
637 ADVANCE;
638 sig = SIGFPE;
639 KSI_INIT_TRAP(&ksi);
640 ksi.ksi_trap = type;
641 ksi.ksi_code = FPE_INTDIV;
642 ksi.ksi_addr = (void *)pc;
643 break;
644
645 case T_FLUSHWIN:
646 write_user_windows();
647 #ifdef probably_slower_since_this_is_usually_false
648 if (pcb->pcb_nsaved && rwindow_save(p)) {
649 mutex_enter(p->p_lock);
650 sigexit(l, SIGILL);
651 }
652 #endif
653 ADVANCE;
654 break;
655
656 case T_CLEANWIN:
657 uprintf("T_CLEANWIN\n"); /* XXX */
658 ADVANCE;
659 break;
660
661 case T_RANGECHECK:
662 uprintf("T_RANGECHECK\n"); /* XXX */
663 ADVANCE;
664 sig = SIGILL;
665 KSI_INIT_TRAP(&ksi);
666 ksi.ksi_trap = type;
667 ksi.ksi_code = ILL_ILLOPN;
668 ksi.ksi_addr = (void *)pc;
669 break;
670
671 case T_FIXALIGN:
672 #ifdef DEBUG_ALIGN
673 uprintf("T_FIXALIGN\n");
674 #endif
675 /* User wants us to fix alignment faults */
676 p->p_md.md_flags |= MDP_FIXALIGN;
677 ADVANCE;
678 break;
679
680 case T_INTOF:
681 uprintf("T_INTOF\n"); /* XXX */
682 ADVANCE;
683 sig = SIGFPE;
684 KSI_INIT_TRAP(&ksi);
685 ksi.ksi_trap = type;
686 ksi.ksi_code = FPE_INTOVF;
687 ksi.ksi_addr = (void *)pc;
688 break;
689 }
690 if (sig != 0) {
691 ksi.ksi_signo = sig;
692 trapsignal(l, &ksi);
693 }
694 userret(l, pc, sticks);
695 share_fpu(l, tf);
696 #undef ADVANCE
697 }
698
699 /*
700 * Save windows from PCB into user stack, and return 0. This is used on
701 * window overflow pseudo-traps (from locore.s, just before returning to
702 * user mode) and when ptrace or sendsig needs a consistent state.
703 * As a side effect, rwindow_save() always sets pcb_nsaved to 0,
704 * clobbering the `underflow restore' indicator if it was -1.
705 *
706 * If the windows cannot be saved, pcb_nsaved is restored and we return -1.
707 */
708 int
rwindow_save(struct lwp * l)709 rwindow_save(struct lwp *l)
710 {
711 struct pcb *pcb = lwp_getpcb(l);
712 struct rwindow *rw = &pcb->pcb_rw[0];
713 int i;
714
715 i = pcb->pcb_nsaved;
716 if (i < 0) {
717 pcb->pcb_nsaved = 0;
718 return (0);
719 }
720 if (i == 0)
721 return (0);
722 #ifdef DEBUG
723 if (rwindow_debug)
724 printf("cpu%d:%s[%d]: rwindow: pcb->stack:",
725 cpuinfo.ci_cpuid, l->l_proc->p_comm, l->l_proc->p_pid);
726 #endif
727 do {
728 #ifdef DEBUG
729 if (rwindow_debug)
730 printf(" [%d]0x%x", cpuinfo.ci_cpuid, rw[1].rw_in[6]);
731 #endif
732 if (copyout((void *)rw, (void *)rw[1].rw_in[6],
733 sizeof *rw))
734 return (-1);
735 rw++;
736 } while (--i > 0);
737 #ifdef DEBUG
738 if (rwindow_debug)
739 printf("\n");
740 #endif
741 pcb->pcb_nsaved = 0;
742 return (0);
743 }
744
745 /*
746 * Kill user windows (before exec) by writing back to stack or pcb
747 * and then erasing any pcb tracks. Otherwise we might try to write
748 * the registers into the new process after the exec.
749 */
750 void
cpu_vmspace_exec(struct lwp * l,vaddr_t start,vaddr_t end)751 cpu_vmspace_exec(struct lwp *l, vaddr_t start, vaddr_t end)
752 {
753 struct pcb *pcb = lwp_getpcb(l);
754
755 write_user_windows();
756 pcb->pcb_nsaved = 0;
757 }
758
759 /*
760 * Called from locore.s trap handling, for synchronous memory faults.
761 *
762 * This duplicates a lot of logic in trap() and perhaps should be
763 * moved there; but the bus-error-register parameters are unique to
764 * this routine.
765 *
766 * Since synchronous errors accumulate during prefetch, we can have
767 * more than one `cause'. But we do not care what the cause, here;
768 * we just want to page in the page and try again.
769 */
770 void
mem_access_fault(unsigned type,int ser,u_int v,int pc,int psr,struct trapframe * tf)771 mem_access_fault(unsigned type, int ser, u_int v, int pc, int psr,
772 struct trapframe *tf)
773 {
774 #if defined(SUN4) || defined(SUN4C)
775 struct proc *p;
776 struct lwp *l;
777 struct pcb *pcb;
778 struct vmspace *vm;
779 vaddr_t va;
780 int rv;
781 vm_prot_t atype;
782 vaddr_t onfault;
783 u_quad_t sticks;
784 char bits[64];
785 ksiginfo_t ksi;
786
787 curcpu()->ci_data.cpu_ntrap++;
788 l = curlwp;
789 p = l->l_proc;
790 pcb = lwp_getpcb(l);
791 onfault = (vaddr_t)pcb->pcb_onfault;
792
793 LWP_CACHE_CREDS(l, p);
794 sticks = p->p_sticks;
795
796 #ifdef FPU_DEBUG
797 if ((tf->tf_psr & PSR_EF) != 0) {
798 if (cpuinfo.fplwp != l)
799 panic("FPU enabled but wrong proc (1) [l=%p, fwlp=%p]",
800 l, cpuinfo.fplwp);
801 savefpstate(l->l_md.md_fpstate);
802 l->l_md.md_fpu = NULL;
803 cpuinfo.fplwp = NULL;
804 tf->tf_psr &= ~PSR_EF;
805 setpsr(getpsr() & ~PSR_EF);
806 }
807 #endif
808
809 /*
810 * Figure out what to pass the VM code, and ignore the sva register
811 * value in v on text faults (text faults are always at pc).
812 * Kernel faults are somewhat different: text faults are always
813 * illegal, and data faults are extra complex. User faults must
814 * set p->p_md.md_tf, in case we decide to deliver a signal. Check
815 * for illegal virtual addresses early since those can induce more
816 * faults.
817 */
818 if (type == T_TEXTFAULT)
819 v = pc;
820 if (VA_INHOLE(v)) {
821 rv = EACCES;
822 goto fault;
823 }
824 atype = ser & SER_WRITE ? VM_PROT_WRITE : VM_PROT_READ;
825 if ((ser & SER_PROT) && atype == VM_PROT_READ && type != T_TEXTFAULT) {
826
827 /*
828 * The hardware reports faults by the atomic load/store
829 * instructions as read faults, so if the faulting instruction
830 * is one of those, relabel this fault as both read and write.
831 */
832 if ((fuword((void *)pc) & 0xc1680000) == 0xc0680000) {
833 atype = VM_PROT_READ | VM_PROT_WRITE;
834 }
835 }
836 va = trunc_page(v);
837 if (psr & PSR_PS) {
838 extern char Lfsbail[];
839
840 if (type == T_TEXTFAULT) {
841 (void) splhigh();
842 snprintb(bits, sizeof(bits), SER_BITS, ser);
843 printf("cpu%d: text fault: pc=0x%x ser=%s\n",
844 cpu_number(), pc, bits);
845 panic("kernel fault");
846 /* NOTREACHED */
847 }
848 /*
849 * If this was an access that we shouldn't try to page in,
850 * resume at the fault handler without any action.
851 */
852 if (onfault == (vaddr_t)Lfsbail) {
853 rv = EFAULT;
854 goto kfault;
855 }
856
857 /*
858 * During autoconfiguration, faults are never OK unless
859 * pcb_onfault is set. Once running normally we must allow
860 * exec() to cause copy-on-write faults to kernel addresses.
861 */
862 if (cold) {
863 rv = EFAULT;
864 goto kfault;
865 }
866 if (va >= KERNBASE) {
867 rv = mmu_pagein(pmap_kernel(), va, atype);
868 if (rv < 0) {
869 rv = EACCES;
870 goto kfault;
871 }
872 if (rv > 0)
873 return;
874 pcb->pcb_onfault = NULL;
875 rv = uvm_fault(kernel_map, va, atype);
876 pcb->pcb_onfault = (void *)onfault;
877 if (rv == 0)
878 return;
879 goto kfault;
880 }
881 } else {
882 l->l_md.md_tf = tf;
883 }
884
885 /*
886 * mmu_pagein returns -1 if the page is already valid, in which
887 * case we have a hard fault; it returns 1 if it loads a segment
888 * that got bumped out via LRU replacement.
889 */
890 vm = p->p_vmspace;
891 rv = mmu_pagein(vm->vm_map.pmap, va, atype);
892 if (rv < 0) {
893 rv = EACCES;
894 goto fault;
895 }
896 if (rv > 0)
897 goto out;
898
899 /* alas! must call the horrible vm code */
900 pcb->pcb_onfault = NULL;
901 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype);
902 pcb->pcb_onfault = (void *)onfault;
903
904 /*
905 * If this was a stack access we keep track of the maximum
906 * accessed stack size. Also, if vm_fault gets a protection
907 * failure it is due to accessing the stack region outside
908 * the current limit and we need to reflect that as an access
909 * error.
910 */
911 if ((void *)va >= vm->vm_maxsaddr
912 #ifdef COMPAT_SUNOS
913 && !(p->p_emul == &emul_sunos && va < USRSTACK -
914 (vaddr_t)p->p_limit->pl_rlimit[RLIMIT_STACK].rlim_cur +
915 SUNOS_MAXSADDR_SLOP)
916 #endif
917 && rv == 0)
918 uvm_grow(p, va);
919
920 if (rv == 0) {
921 /*
922 * pmap_enter() does not enter all requests made from
923 * vm_fault into the MMU (as that causes unnecessary
924 * entries for `wired' pages). Instead, we call
925 * mmu_pagein here to make sure the new PTE gets installed.
926 */
927 (void) mmu_pagein(vm->vm_map.pmap, va, VM_PROT_NONE);
928 } else {
929 /*
930 * Pagein failed. If doing copyin/out, return to onfault
931 * address. Any other page fault in kernel, die; if user
932 * fault, deliver SIGSEGV.
933 */
934 fault:
935 if (psr & PSR_PS) {
936 kfault:
937 if (!onfault) {
938 (void) splhigh();
939 snprintb(bits, sizeof(bits), SER_BITS, ser);
940 printf("cpu%d: data fault: pc=0x%x "
941 "addr=0x%x ser=%s\n",
942 cpu_number(), pc, v, bits);
943 panic("kernel fault");
944 /* NOTREACHED */
945 }
946 tf->tf_pc = onfault;
947 tf->tf_npc = onfault + 4;
948 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv;
949 return;
950 }
951 KSI_INIT_TRAP(&ksi);
952 switch (rv) {
953 case ENOMEM:
954 printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
955 p->p_pid, p->p_comm,
956 l->l_cred ?
957 kauth_cred_geteuid(l->l_cred) : -1);
958 ksi.ksi_signo = SIGKILL;
959 break;
960 case EINVAL:
961 ksi.ksi_signo = SIGBUS;
962 ksi.ksi_code = BUS_ADRERR;
963 break;
964 case EACCES:
965 ksi.ksi_signo = SIGSEGV;
966 ksi.ksi_code = SEGV_ACCERR;
967 break;
968 default:
969 ksi.ksi_signo = SIGSEGV;
970 ksi.ksi_code = SEGV_MAPERR;
971 break;
972 }
973 ksi.ksi_trap = type;
974 ksi.ksi_addr = (void *)v;
975 trapsignal(l, &ksi);
976 }
977 out:
978 if ((psr & PSR_PS) == 0) {
979 userret(l, pc, sticks);
980 share_fpu(l, tf);
981 }
982 #endif /* SUN4 || SUN4C */
983 }
984
985 #if defined(SUN4M) /* 4m version of mem_access_fault() follows */
986 static int tfaultaddr = (int) 0xdeadbeef;
987
988 void
mem_access_fault4m(unsigned type,u_int sfsr,u_int sfva,struct trapframe * tf)989 mem_access_fault4m(unsigned type, u_int sfsr, u_int sfva, struct trapframe *tf)
990 {
991 int pc, psr;
992 struct proc *p;
993 struct lwp *l;
994 struct pcb *pcb;
995 struct vmspace *vm;
996 vaddr_t va;
997 int rv;
998 vm_prot_t atype;
999 int onfault;
1000 u_quad_t sticks;
1001 char bits[64];
1002 ksiginfo_t ksi;
1003
1004 curcpu()->ci_data.cpu_ntrap++;
1005
1006 l = curlwp;
1007 p = l->l_proc;
1008 LWP_CACHE_CREDS(l, p);
1009 sticks = p->p_sticks;
1010 pcb = lwp_getpcb(l);
1011 onfault = (vaddr_t)pcb->pcb_onfault;
1012
1013 #ifdef FPU_DEBUG
1014 if ((tf->tf_psr & PSR_EF) != 0) {
1015 if (cpuinfo.fplwp != l)
1016 panic("FPU enabled but wrong proc (2) [l=%p, fwlp=%p]",
1017 l, cpuinfo.fplwp);
1018 savefpstate(l->l_md.md_fpstate);
1019 l->l_md.md_fpu = NULL;
1020 cpuinfo.fplwp = NULL;
1021 tf->tf_psr &= ~PSR_EF;
1022 setpsr(getpsr() & ~PSR_EF);
1023 }
1024 #endif
1025
1026 pc = tf->tf_pc; /* These are needed below */
1027 psr = tf->tf_psr;
1028
1029 #if /*DIAGNOSTICS*/1
1030 if (type == T_DATAERROR || type == T_TEXTERROR)
1031 printf("%s[%d]: trap 0x%x: pc=0x%x sfsr=0x%x sfva=0x%x\n",
1032 p->p_comm, p->p_pid, type, pc, sfsr, sfva);
1033 #endif
1034
1035 /*
1036 * Our first priority is handling serious faults, such as
1037 * parity errors or async faults that might have come through here.
1038 * If afsr & AFSR_AFO != 0, then we're on a HyperSPARC and we
1039 * got an async fault. We pass it on to memerr4m. Similarly, if
1040 * the trap was T_STOREBUFFAULT, we pass it on to memerr4m.
1041 * If we have a data fault, but SFSR_FAV is not set in the sfsr,
1042 * then things are really bizarre, and we treat it as a hard
1043 * error and pass it on to memerr4m. See section 8.12.4 in the
1044 * SuperSPARC user's guide for more info, and for a possible
1045 * solution which we don't implement here.
1046 * Note: store buffer faults may also lead to a level 15 interrupt
1047 * being posted to the module (see sun4m system architecture,
1048 * section B.I.9).
1049 */
1050 if (type == T_STOREBUFFAULT ||
1051 (type == T_DATAFAULT && (sfsr & SFSR_FAV) == 0)) {
1052 (*cpuinfo.memerr)(type, sfsr, sfva, tf);
1053 /*
1054 * If we get here, exit the trap handler and wait for the
1055 * trap to re-occur.
1056 */
1057 goto out_nounlock;
1058 }
1059
1060 /*
1061 * Figure out what to pass the VM code. We cannot ignore the sfva
1062 * register on text faults, since this might be a trap on an
1063 * alternate-ASI access to code space. However, if we're on a
1064 * supersparc, we can't help using PC, since we don't get a VA in
1065 * sfva.
1066 * Kernel faults are somewhat different: text faults are always
1067 * illegal, and data faults are extra complex. User faults must
1068 * set p->p_md.md_tf, in case we decide to deliver a signal. Check
1069 * for illegal virtual addresses early since those can induce more
1070 * faults.
1071 * All translation faults are illegal, and result in a SIGSEGV
1072 * being delivered to the running process (or a kernel panic, for
1073 * a kernel fault). We check the translation first to make sure
1074 * it is not spurious.
1075 * Also, note that in the case where we have an overwritten
1076 * text fault (OW==1, AT==2,3), we attempt to service the
1077 * second (overwriting) fault, then restart the instruction
1078 * (which is from the first fault) and allow the first trap
1079 * to reappear. XXX is this right? It will probably change...
1080 */
1081 if ((sfsr & SFSR_FT) == SFSR_FT_NONE)
1082 goto out; /* No fault. Why were we called? */
1083
1084 /*
1085 * NOTE: the per-CPU fault status register readers (in locore)
1086 * may already have decided to pass `pc' in `sfva', so we avoid
1087 * testing CPU types here.
1088 * Q: test SFSR_FAV in the locore stubs too?
1089 */
1090 if ((sfsr & SFSR_FAV) == 0) {
1091 /* note: T_TEXTERROR == T_TEXTFAULT | 0x20 */
1092 if ((type & ~0x20) == T_TEXTFAULT)
1093 sfva = pc;
1094 else {
1095 rv = EACCES;
1096 goto fault;
1097 }
1098 }
1099
1100 if ((sfsr & SFSR_FT) == SFSR_FT_TRANSERR) {
1101 /*
1102 * Translation errors are always fatal, as they indicate
1103 * a corrupt translation (page) table hierarchy.
1104 */
1105 rv = EACCES;
1106
1107 /* XXXSMP - why bother with this anyway? */
1108 if (tfaultaddr == sfva) /* Prevent infinite loops w/a static */
1109 goto fault;
1110 tfaultaddr = sfva;
1111 if ((lda((sfva & 0xFFFFF000) | ASI_SRMMUFP_LN, ASI_SRMMUFP) &
1112 SRMMU_TETYPE) != SRMMU_TEPTE)
1113 goto fault; /* Translation bad */
1114 lda(SRMMU_SFSR, ASI_SRMMU);
1115 #ifdef DEBUG
1116 printf("mem_access_fault4m: SFSR_FT_TRANSERR: "
1117 "pid %d, va 0x%x: retrying\n", p->p_pid, sfva);
1118 #endif
1119 goto out; /* Translation OK, retry operation */
1120 }
1121
1122 va = trunc_page(sfva);
1123
1124 if (((sfsr & SFSR_AT_TEXT) || type == T_TEXTFAULT) &&
1125 !(sfsr & SFSR_AT_STORE) && (sfsr & SFSR_OW)) {
1126 if (psr & PSR_PS) { /* never allow in kernel */
1127 rv = EFAULT;
1128 goto kfault;
1129 }
1130 #if 0
1131 /*
1132 * Double text fault. The evil "case 5" from the HS manual...
1133 * Attempt to handle early fault. Ignores ASI 8,9 issue...may
1134 * do a useless VM read.
1135 * XXX: Is this really necessary?
1136 * XXX: If it's necessary, add SA_PAGEFAULT handling
1137 */
1138 if (cpuinfo.cpu_type == CPUTYP_HS_MBUS) {
1139 /* On HS, we have va for both */
1140 vm = p->p_vmspace;
1141 pcb->pcb_onfault = NULL;
1142 rv = uvm_fault(&vm->vm_map, trunc_page(pc),
1143 VM_PROT_READ);
1144 pcb->pcb_onfault = onfault;
1145 if (rv != 0)
1146 #ifdef DEBUG
1147 printf("mem_access_fault: "
1148 "can't pagein 1st text fault.\n")
1149 #endif
1150 ;
1151 }
1152 #endif
1153 }
1154
1155 /* Now munch on protections... */
1156 if (sfsr & SFSR_AT_STORE) {
1157 /* stores are never text faults. */
1158 atype = VM_PROT_WRITE;
1159 } else {
1160 if ((sfsr & SFSR_AT_TEXT) || (type & ~0x20) == T_TEXTFAULT) {
1161 atype = VM_PROT_EXECUTE;
1162 } else {
1163 atype = VM_PROT_READ;
1164 }
1165 }
1166
1167 if (psr & PSR_PS) {
1168 extern char Lfsbail[];
1169 if (sfsr & SFSR_AT_TEXT || type == T_TEXTFAULT) {
1170 (void) splhigh();
1171 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr);
1172 printf("cpu%d text fault: pc=0x%x sfsr=%s sfva=0x%x\n",
1173 cpu_number(), pc, bits, sfva);
1174 panic("kernel fault");
1175 /* NOTREACHED */
1176 }
1177 /*
1178 * If this was an access that we shouldn't try to page in,
1179 * resume at the fault handler without any action.
1180 */
1181 if (onfault == (vaddr_t)Lfsbail) {
1182 rv = EFAULT;
1183 goto kfault;
1184 }
1185
1186 /*
1187 * During autoconfiguration, faults are never OK unless
1188 * pcb_onfault is set. Once running normally we must allow
1189 * exec() to cause copy-on-write faults to kernel addresses.
1190 */
1191 if (cold) {
1192 rv = EFAULT;
1193 goto kfault;
1194 }
1195 if (va >= KERNBASE) {
1196 pcb->pcb_onfault = NULL;
1197 rv = uvm_fault(kernel_map, va, atype);
1198 pcb->pcb_onfault = (void *)onfault;
1199 if (rv == 0) {
1200 return;
1201 }
1202 goto kfault;
1203 }
1204 } else {
1205 l->l_md.md_tf = tf;
1206 }
1207
1208 vm = p->p_vmspace;
1209
1210 /* alas! must call the horrible vm code */
1211 pcb->pcb_onfault = NULL;
1212 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype);
1213 pcb->pcb_onfault = (void *)onfault;
1214
1215 /*
1216 * If this was a stack access we keep track of the maximum
1217 * accessed stack size. Also, if vm_fault gets a protection
1218 * failure it is due to accessing the stack region outside
1219 * the current limit and we need to reflect that as an access
1220 * error.
1221 */
1222 if (rv == 0 && (void *)va >= vm->vm_maxsaddr)
1223 uvm_grow(p, va);
1224 if (rv != 0) {
1225 /*
1226 * Pagein failed. If doing copyin/out, return to onfault
1227 * address. Any other page fault in kernel, die; if user
1228 * fault, deliver SIGSEGV.
1229 */
1230 fault:
1231 if (psr & PSR_PS) {
1232 kfault:
1233 if (!onfault) {
1234 (void) splhigh();
1235 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr);
1236 printf("cpu%d: data fault: pc=0x%x "
1237 "addr=0x%x sfsr=%s\n",
1238 cpu_number(), pc, sfva, bits);
1239 panic("kernel fault");
1240 /* NOTREACHED */
1241 }
1242 tf->tf_pc = onfault;
1243 tf->tf_npc = onfault + 4;
1244 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv;
1245 return;
1246 }
1247 KSI_INIT_TRAP(&ksi);
1248 switch (rv) {
1249 case ENOMEM:
1250 printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
1251 p->p_pid, p->p_comm,
1252 l->l_cred ?
1253 kauth_cred_geteuid(l->l_cred) : -1);
1254 ksi.ksi_signo = SIGKILL;
1255 break;
1256 case EINVAL:
1257 ksi.ksi_signo = SIGBUS;
1258 ksi.ksi_code = BUS_ADRERR;
1259 break;
1260 case EACCES:
1261 ksi.ksi_signo = SIGSEGV;
1262 ksi.ksi_code = SEGV_ACCERR;
1263 break;
1264 default:
1265 ksi.ksi_signo = SIGSEGV;
1266 ksi.ksi_code = SEGV_MAPERR;
1267 break;
1268 }
1269 ksi.ksi_trap = type;
1270 ksi.ksi_addr = (void *)sfva;
1271 trapsignal(l, &ksi);
1272 }
1273 out:
1274 if ((psr & PSR_PS) == 0) {
1275 out_nounlock:
1276 userret(l, pc, sticks);
1277 share_fpu(l, tf);
1278 }
1279 }
1280 #endif /* SUN4M */
1281
1282 /*
1283 * Start a new LWP
1284 */
1285 void
startlwp(void * arg)1286 startlwp(void *arg)
1287 {
1288 ucontext_t *uc = arg;
1289 lwp_t *l = curlwp;
1290 int error __diagused;
1291
1292 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags);
1293 KASSERT(error == 0);
1294
1295 kmem_free(uc, sizeof(ucontext_t));
1296 userret(l, l->l_md.md_tf->tf_pc, 0);
1297 }
1298
1299