1 /*- 2 * Copyright (C) 1994, David Greenman 3 * Copyright (c) 1990, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * This code is derived from software contributed to Berkeley by 7 * the University of Utah, and William Jolitz. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. All advertising materials mentioning features or use of this software 18 * must display the following acknowledgement: 19 * This product includes software developed by the University of 20 * California, Berkeley and its contributors. 21 * 4. Neither the name of the University nor the names of its contributors 22 * may be used to endorse or promote products derived from this software 23 * without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 35 * SUCH DAMAGE. 36 * 37 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91 38 */ 39 40 #include <sys/cdefs.h> 41 __FBSDID("$FreeBSD$"); 42 43 /* 44 * AMD64 Trap and System call handling 45 */ 46 47 #include "opt_clock.h" 48 #include "opt_cpu.h" 49 #include "opt_hwpmc_hooks.h" 50 #include "opt_isa.h" 51 #include "opt_kdb.h" 52 #include "opt_kdtrace.h" 53 54 #include <sys/param.h> 55 #include <sys/bus.h> 56 #include <sys/systm.h> 57 #include <sys/proc.h> 58 #include <sys/pioctl.h> 59 #include <sys/ptrace.h> 60 #include <sys/kdb.h> 61 #include <sys/kernel.h> 62 #include <sys/ktr.h> 63 #include <sys/lock.h> 64 #include <sys/mutex.h> 65 #include <sys/resourcevar.h> 66 #include <sys/signalvar.h> 67 #include <sys/syscall.h> 68 #include <sys/sysctl.h> 69 #include <sys/sysent.h> 70 #include <sys/uio.h> 71 #include <sys/vmmeter.h> 72 #ifdef HWPMC_HOOKS 73 #include <sys/pmckern.h> 74 #endif 75 76 #include <vm/vm.h> 77 #include <vm/vm_param.h> 78 #include <vm/pmap.h> 79 #include <vm/vm_kern.h> 80 #include <vm/vm_map.h> 81 #include <vm/vm_page.h> 82 #include <vm/vm_extern.h> 83 84 #include <machine/cpu.h> 85 #include <machine/intr_machdep.h> 86 #include <x86/mca.h> 87 #include <machine/md_var.h> 88 #include <machine/pcb.h> 89 #ifdef SMP 90 #include <machine/smp.h> 91 #endif 92 #include <machine/tss.h> 93 94 #ifdef KDTRACE_HOOKS 95 #include <sys/dtrace_bsd.h> 96 97 /* 98 * This is a hook which is initialised by the dtrace module 99 * to handle traps which might occur during DTrace probe 100 * execution. 101 */ 102 dtrace_trap_func_t dtrace_trap_func; 103 104 dtrace_doubletrap_func_t dtrace_doubletrap_func; 105 106 /* 107 * This is a hook which is initialised by the systrace module 108 * when it is loaded. This keeps the DTrace syscall provider 109 * implementation opaque. 110 */ 111 systrace_probe_func_t systrace_probe_func; 112 113 /* 114 * These hooks are necessary for the pid, usdt and fasttrap providers. 115 */ 116 dtrace_fasttrap_probe_ptr_t dtrace_fasttrap_probe_ptr; 117 dtrace_pid_probe_ptr_t dtrace_pid_probe_ptr; 118 dtrace_return_probe_ptr_t dtrace_return_probe_ptr; 119 #endif 120 121 extern void trap(struct trapframe *frame); 122 extern void syscall(struct trapframe *frame); 123 void dblfault_handler(struct trapframe *frame); 124 125 static int trap_pfault(struct trapframe *, int); 126 static void trap_fatal(struct trapframe *, vm_offset_t); 127 128 #define MAX_TRAP_MSG 30 129 static char *trap_msg[] = { 130 "", /* 0 unused */ 131 "privileged instruction fault", /* 1 T_PRIVINFLT */ 132 "", /* 2 unused */ 133 "breakpoint instruction fault", /* 3 T_BPTFLT */ 134 "", /* 4 unused */ 135 "", /* 5 unused */ 136 "arithmetic trap", /* 6 T_ARITHTRAP */ 137 "", /* 7 unused */ 138 "", /* 8 unused */ 139 "general protection fault", /* 9 T_PROTFLT */ 140 "trace trap", /* 10 T_TRCTRAP */ 141 "", /* 11 unused */ 142 "page fault", /* 12 T_PAGEFLT */ 143 "", /* 13 unused */ 144 "alignment fault", /* 14 T_ALIGNFLT */ 145 "", /* 15 unused */ 146 "", /* 16 unused */ 147 "", /* 17 unused */ 148 "integer divide fault", /* 18 T_DIVIDE */ 149 "non-maskable interrupt trap", /* 19 T_NMI */ 150 "overflow trap", /* 20 T_OFLOW */ 151 "FPU bounds check fault", /* 21 T_BOUND */ 152 "FPU device not available", /* 22 T_DNA */ 153 "double fault", /* 23 T_DOUBLEFLT */ 154 "FPU operand fetch fault", /* 24 T_FPOPFLT */ 155 "invalid TSS fault", /* 25 T_TSSFLT */ 156 "segment not present fault", /* 26 T_SEGNPFLT */ 157 "stack fault", /* 27 T_STKFLT */ 158 "machine check trap", /* 28 T_MCHK */ 159 "SIMD floating-point exception", /* 29 T_XMMFLT */ 160 "reserved (unknown) fault", /* 30 T_RESERVED */ 161 }; 162 163 #ifdef KDB 164 static int kdb_on_nmi = 1; 165 SYSCTL_INT(_machdep, OID_AUTO, kdb_on_nmi, CTLFLAG_RW, 166 &kdb_on_nmi, 0, "Go to KDB on NMI"); 167 #endif 168 static int panic_on_nmi = 1; 169 SYSCTL_INT(_machdep, OID_AUTO, panic_on_nmi, CTLFLAG_RW, 170 &panic_on_nmi, 0, "Panic on NMI"); 171 static int prot_fault_translation = 0; 172 SYSCTL_INT(_machdep, OID_AUTO, prot_fault_translation, CTLFLAG_RW, 173 &prot_fault_translation, 0, "Select signal to deliver on protection fault"); 174 175 /* 176 * Exception, fault, and trap interface to the FreeBSD kernel. 177 * This common code is called from assembly language IDT gate entry 178 * routines that prepare a suitable stack frame, and restore this 179 * frame after the exception has been processed. 180 */ 181 182 void 183 trap(struct trapframe *frame) 184 { 185 struct thread *td = curthread; 186 struct proc *p = td->td_proc; 187 int i = 0, ucode = 0, code; 188 u_int type; 189 register_t addr = 0; 190 ksiginfo_t ksi; 191 192 PCPU_INC(cnt.v_trap); 193 type = frame->tf_trapno; 194 195 #ifdef SMP 196 /* Handler for NMI IPIs used for stopping CPUs. */ 197 if (type == T_NMI) { 198 if (ipi_nmi_handler() == 0) 199 goto out; 200 } 201 #endif /* SMP */ 202 203 #ifdef KDB 204 if (kdb_active) { 205 kdb_reenter(); 206 goto out; 207 } 208 #endif 209 210 if (type == T_RESERVED) { 211 trap_fatal(frame, 0); 212 goto out; 213 } 214 215 #ifdef HWPMC_HOOKS 216 /* 217 * CPU PMCs interrupt using an NMI. If the PMC module is 218 * active, pass the 'rip' value to the PMC module's interrupt 219 * handler. A return value of '1' from the handler means that 220 * the NMI was handled by it and we can return immediately. 221 */ 222 if (type == T_NMI && pmc_intr && 223 (*pmc_intr)(PCPU_GET(cpuid), frame)) 224 goto out; 225 #endif 226 227 if (type == T_MCHK) { 228 if (!mca_intr()) 229 trap_fatal(frame, 0); 230 goto out; 231 } 232 233 #ifdef KDTRACE_HOOKS 234 /* 235 * A trap can occur while DTrace executes a probe. Before 236 * executing the probe, DTrace blocks re-scheduling and sets 237 * a flag in it's per-cpu flags to indicate that it doesn't 238 * want to fault. On returning from the probe, the no-fault 239 * flag is cleared and finally re-scheduling is enabled. 240 * 241 * If the DTrace kernel module has registered a trap handler, 242 * call it and if it returns non-zero, assume that it has 243 * handled the trap and modified the trap frame so that this 244 * function can return normally. 245 */ 246 if (dtrace_trap_func != NULL) 247 if ((*dtrace_trap_func)(frame, type)) 248 goto out; 249 if (type == T_DTRACE_PROBE || type == T_DTRACE_RET || 250 type == T_BPTFLT) { 251 struct reg regs; 252 253 fill_frame_regs(frame, ®s); 254 if (type == T_DTRACE_PROBE && 255 dtrace_fasttrap_probe_ptr != NULL && 256 dtrace_fasttrap_probe_ptr(®s) == 0) 257 goto out; 258 if (type == T_BPTFLT && 259 dtrace_pid_probe_ptr != NULL && 260 dtrace_pid_probe_ptr(®s) == 0) 261 goto out; 262 if (type == T_DTRACE_RET && 263 dtrace_return_probe_ptr != NULL && 264 dtrace_return_probe_ptr(®s) == 0) 265 goto out; 266 267 } 268 #endif 269 270 if ((frame->tf_rflags & PSL_I) == 0) { 271 /* 272 * Buggy application or kernel code has disabled 273 * interrupts and then trapped. Enabling interrupts 274 * now is wrong, but it is better than running with 275 * interrupts disabled until they are accidentally 276 * enabled later. 277 */ 278 if (ISPL(frame->tf_cs) == SEL_UPL) 279 uprintf( 280 "pid %ld (%s): trap %d with interrupts disabled\n", 281 (long)curproc->p_pid, curthread->td_name, type); 282 else if (type != T_NMI && type != T_BPTFLT && 283 type != T_TRCTRAP) { 284 /* 285 * XXX not quite right, since this may be for a 286 * multiple fault in user mode. 287 */ 288 printf("kernel trap %d with interrupts disabled\n", 289 type); 290 291 /* 292 * We shouldn't enable interrupts while holding a 293 * spin lock. 294 */ 295 if (td->td_md.md_spinlock_count == 0) 296 enable_intr(); 297 } 298 } 299 300 code = frame->tf_err; 301 if (type == T_PAGEFLT) { 302 /* 303 * If we get a page fault while in a critical section, then 304 * it is most likely a fatal kernel page fault. The kernel 305 * is already going to panic trying to get a sleep lock to 306 * do the VM lookup, so just consider it a fatal trap so the 307 * kernel can print out a useful trap message and even get 308 * to the debugger. 309 * 310 * If we get a page fault while holding a non-sleepable 311 * lock, then it is most likely a fatal kernel page fault. 312 * If WITNESS is enabled, then it's going to whine about 313 * bogus LORs with various VM locks, so just skip to the 314 * fatal trap handling directly. 315 */ 316 if (td->td_critnest != 0 || 317 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL, 318 "Kernel page fault") != 0) 319 trap_fatal(frame, frame->tf_addr); 320 } 321 322 if (ISPL(frame->tf_cs) == SEL_UPL) { 323 /* user trap */ 324 325 td->td_pticks = 0; 326 td->td_frame = frame; 327 addr = frame->tf_rip; 328 if (td->td_ucred != p->p_ucred) 329 cred_update_thread(td); 330 331 switch (type) { 332 case T_PRIVINFLT: /* privileged instruction fault */ 333 i = SIGILL; 334 ucode = ILL_PRVOPC; 335 break; 336 337 case T_BPTFLT: /* bpt instruction fault */ 338 case T_TRCTRAP: /* trace trap */ 339 enable_intr(); 340 frame->tf_rflags &= ~PSL_T; 341 i = SIGTRAP; 342 ucode = (type == T_TRCTRAP ? TRAP_TRACE : TRAP_BRKPT); 343 break; 344 345 case T_ARITHTRAP: /* arithmetic trap */ 346 ucode = fputrap(); 347 if (ucode == -1) 348 goto userout; 349 i = SIGFPE; 350 break; 351 352 case T_PROTFLT: /* general protection fault */ 353 i = SIGBUS; 354 ucode = BUS_OBJERR; 355 break; 356 case T_STKFLT: /* stack fault */ 357 case T_SEGNPFLT: /* segment not present fault */ 358 i = SIGBUS; 359 ucode = BUS_ADRERR; 360 break; 361 case T_TSSFLT: /* invalid TSS fault */ 362 i = SIGBUS; 363 ucode = BUS_OBJERR; 364 break; 365 case T_DOUBLEFLT: /* double fault */ 366 default: 367 i = SIGBUS; 368 ucode = BUS_OBJERR; 369 break; 370 371 case T_PAGEFLT: /* page fault */ 372 addr = frame->tf_addr; 373 i = trap_pfault(frame, TRUE); 374 if (i == -1) 375 goto userout; 376 if (i == 0) 377 goto user; 378 379 if (i == SIGSEGV) 380 ucode = SEGV_MAPERR; 381 else { 382 if (prot_fault_translation == 0) { 383 /* 384 * Autodetect. 385 * This check also covers the images 386 * without the ABI-tag ELF note. 387 */ 388 if (SV_CURPROC_ABI() == SV_ABI_FREEBSD 389 && p->p_osrel >= P_OSREL_SIGSEGV) { 390 i = SIGSEGV; 391 ucode = SEGV_ACCERR; 392 } else { 393 i = SIGBUS; 394 ucode = BUS_PAGE_FAULT; 395 } 396 } else if (prot_fault_translation == 1) { 397 /* 398 * Always compat mode. 399 */ 400 i = SIGBUS; 401 ucode = BUS_PAGE_FAULT; 402 } else { 403 /* 404 * Always SIGSEGV mode. 405 */ 406 i = SIGSEGV; 407 ucode = SEGV_ACCERR; 408 } 409 } 410 break; 411 412 case T_DIVIDE: /* integer divide fault */ 413 ucode = FPE_INTDIV; 414 i = SIGFPE; 415 break; 416 417 #ifdef DEV_ISA 418 case T_NMI: 419 /* machine/parity/power fail/"kitchen sink" faults */ 420 if (isa_nmi(code) == 0) { 421 #ifdef KDB 422 /* 423 * NMI can be hooked up to a pushbutton 424 * for debugging. 425 */ 426 if (kdb_on_nmi) { 427 printf ("NMI ... going to debugger\n"); 428 kdb_trap(type, 0, frame); 429 } 430 #endif /* KDB */ 431 goto userout; 432 } else if (panic_on_nmi) 433 panic("NMI indicates hardware failure"); 434 break; 435 #endif /* DEV_ISA */ 436 437 case T_OFLOW: /* integer overflow fault */ 438 ucode = FPE_INTOVF; 439 i = SIGFPE; 440 break; 441 442 case T_BOUND: /* bounds check fault */ 443 ucode = FPE_FLTSUB; 444 i = SIGFPE; 445 break; 446 447 case T_DNA: 448 /* transparent fault (due to context switch "late") */ 449 KASSERT(PCB_USER_FPU(td->td_pcb), 450 ("kernel FPU ctx has leaked")); 451 fpudna(); 452 goto userout; 453 454 case T_FPOPFLT: /* FPU operand fetch fault */ 455 ucode = ILL_COPROC; 456 i = SIGILL; 457 break; 458 459 case T_XMMFLT: /* SIMD floating-point exception */ 460 ucode = 0; /* XXX */ 461 i = SIGFPE; 462 break; 463 } 464 } else { 465 /* kernel trap */ 466 467 KASSERT(cold || td->td_ucred != NULL, 468 ("kernel trap doesn't have ucred")); 469 switch (type) { 470 case T_PAGEFLT: /* page fault */ 471 (void) trap_pfault(frame, FALSE); 472 goto out; 473 474 case T_DNA: 475 KASSERT(!PCB_USER_FPU(td->td_pcb), 476 ("Unregistered use of FPU in kernel")); 477 fpudna(); 478 goto out; 479 480 case T_ARITHTRAP: /* arithmetic trap */ 481 case T_XMMFLT: /* SIMD floating-point exception */ 482 case T_FPOPFLT: /* FPU operand fetch fault */ 483 /* 484 * XXXKIB for now disable any FPU traps in kernel 485 * handler registration seems to be overkill 486 */ 487 trap_fatal(frame, 0); 488 goto out; 489 490 case T_STKFLT: /* stack fault */ 491 break; 492 493 case T_PROTFLT: /* general protection fault */ 494 case T_SEGNPFLT: /* segment not present fault */ 495 if (td->td_intr_nesting_level != 0) 496 break; 497 498 /* 499 * Invalid segment selectors and out of bounds 500 * %rip's and %rsp's can be set up in user mode. 501 * This causes a fault in kernel mode when the 502 * kernel tries to return to user mode. We want 503 * to get this fault so that we can fix the 504 * problem here and not have to check all the 505 * selectors and pointers when the user changes 506 * them. 507 */ 508 if (frame->tf_rip == (long)doreti_iret) { 509 frame->tf_rip = (long)doreti_iret_fault; 510 goto out; 511 } 512 if (frame->tf_rip == (long)ld_ds) { 513 frame->tf_rip = (long)ds_load_fault; 514 goto out; 515 } 516 if (frame->tf_rip == (long)ld_es) { 517 frame->tf_rip = (long)es_load_fault; 518 goto out; 519 } 520 if (frame->tf_rip == (long)ld_fs) { 521 frame->tf_rip = (long)fs_load_fault; 522 goto out; 523 } 524 if (frame->tf_rip == (long)ld_gs) { 525 frame->tf_rip = (long)gs_load_fault; 526 goto out; 527 } 528 if (frame->tf_rip == (long)ld_gsbase) { 529 frame->tf_rip = (long)gsbase_load_fault; 530 goto out; 531 } 532 if (frame->tf_rip == (long)ld_fsbase) { 533 frame->tf_rip = (long)fsbase_load_fault; 534 goto out; 535 } 536 if (PCPU_GET(curpcb)->pcb_onfault != NULL) { 537 frame->tf_rip = 538 (long)PCPU_GET(curpcb)->pcb_onfault; 539 goto out; 540 } 541 break; 542 543 case T_TSSFLT: 544 /* 545 * PSL_NT can be set in user mode and isn't cleared 546 * automatically when the kernel is entered. This 547 * causes a TSS fault when the kernel attempts to 548 * `iret' because the TSS link is uninitialized. We 549 * want to get this fault so that we can fix the 550 * problem here and not every time the kernel is 551 * entered. 552 */ 553 if (frame->tf_rflags & PSL_NT) { 554 frame->tf_rflags &= ~PSL_NT; 555 goto out; 556 } 557 break; 558 559 case T_TRCTRAP: /* trace trap */ 560 /* 561 * Ignore debug register trace traps due to 562 * accesses in the user's address space, which 563 * can happen under several conditions such as 564 * if a user sets a watchpoint on a buffer and 565 * then passes that buffer to a system call. 566 * We still want to get TRCTRAPS for addresses 567 * in kernel space because that is useful when 568 * debugging the kernel. 569 */ 570 if (user_dbreg_trap()) { 571 /* 572 * Reset breakpoint bits because the 573 * processor doesn't 574 */ 575 /* XXX check upper bits here */ 576 load_dr6(rdr6() & 0xfffffff0); 577 goto out; 578 } 579 /* 580 * FALLTHROUGH (TRCTRAP kernel mode, kernel address) 581 */ 582 case T_BPTFLT: 583 /* 584 * If KDB is enabled, let it handle the debugger trap. 585 * Otherwise, debugger traps "can't happen". 586 */ 587 #ifdef KDB 588 if (kdb_trap(type, 0, frame)) 589 goto out; 590 #endif 591 break; 592 593 #ifdef DEV_ISA 594 case T_NMI: 595 /* machine/parity/power fail/"kitchen sink" faults */ 596 if (isa_nmi(code) == 0) { 597 #ifdef KDB 598 /* 599 * NMI can be hooked up to a pushbutton 600 * for debugging. 601 */ 602 if (kdb_on_nmi) { 603 printf ("NMI ... going to debugger\n"); 604 kdb_trap(type, 0, frame); 605 } 606 #endif /* KDB */ 607 goto out; 608 } else if (panic_on_nmi == 0) 609 goto out; 610 /* FALLTHROUGH */ 611 #endif /* DEV_ISA */ 612 } 613 614 trap_fatal(frame, 0); 615 goto out; 616 } 617 618 /* Translate fault for emulators (e.g. Linux) */ 619 if (*p->p_sysent->sv_transtrap) 620 i = (*p->p_sysent->sv_transtrap)(i, type); 621 622 ksiginfo_init_trap(&ksi); 623 ksi.ksi_signo = i; 624 ksi.ksi_code = ucode; 625 ksi.ksi_trapno = type; 626 ksi.ksi_addr = (void *)addr; 627 trapsignal(td, &ksi); 628 629 user: 630 userret(td, frame); 631 mtx_assert(&Giant, MA_NOTOWNED); 632 KASSERT(PCB_USER_FPU(td->td_pcb), 633 ("Return from trap with kernel FPU ctx leaked")); 634 userout: 635 out: 636 return; 637 } 638 639 static int 640 trap_pfault(frame, usermode) 641 struct trapframe *frame; 642 int usermode; 643 { 644 vm_offset_t va; 645 struct vmspace *vm = NULL; 646 vm_map_t map; 647 int rv = 0; 648 vm_prot_t ftype; 649 struct thread *td = curthread; 650 struct proc *p = td->td_proc; 651 vm_offset_t eva = frame->tf_addr; 652 653 va = trunc_page(eva); 654 if (va >= VM_MIN_KERNEL_ADDRESS) { 655 /* 656 * Don't allow user-mode faults in kernel address space. 657 */ 658 if (usermode) 659 goto nogo; 660 661 map = kernel_map; 662 } else { 663 /* 664 * This is a fault on non-kernel virtual memory. 665 * vm is initialized above to NULL. If curproc is NULL 666 * or curproc->p_vmspace is NULL the fault is fatal. 667 */ 668 if (p != NULL) 669 vm = p->p_vmspace; 670 671 if (vm == NULL) 672 goto nogo; 673 674 map = &vm->vm_map; 675 } 676 677 /* 678 * PGEX_I is defined only if the execute disable bit capability is 679 * supported and enabled. 680 */ 681 if (frame->tf_err & PGEX_W) 682 ftype = VM_PROT_WRITE; 683 else if ((frame->tf_err & PGEX_I) && pg_nx != 0) 684 ftype = VM_PROT_EXECUTE; 685 else 686 ftype = VM_PROT_READ; 687 688 if (map != kernel_map) { 689 /* 690 * Keep swapout from messing with us during this 691 * critical time. 692 */ 693 PROC_LOCK(p); 694 ++p->p_lock; 695 PROC_UNLOCK(p); 696 697 /* Fault in the user page: */ 698 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL); 699 700 PROC_LOCK(p); 701 --p->p_lock; 702 PROC_UNLOCK(p); 703 } else { 704 /* 705 * Don't have to worry about process locking or stacks in the 706 * kernel. 707 */ 708 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL); 709 } 710 if (rv == KERN_SUCCESS) 711 return (0); 712 nogo: 713 if (!usermode) { 714 if (td->td_intr_nesting_level == 0 && 715 PCPU_GET(curpcb)->pcb_onfault != NULL) { 716 frame->tf_rip = (long)PCPU_GET(curpcb)->pcb_onfault; 717 return (0); 718 } 719 trap_fatal(frame, eva); 720 return (-1); 721 } 722 723 return((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV); 724 } 725 726 static void 727 trap_fatal(frame, eva) 728 struct trapframe *frame; 729 vm_offset_t eva; 730 { 731 int code, ss; 732 u_int type; 733 long esp; 734 struct soft_segment_descriptor softseg; 735 char *msg; 736 737 code = frame->tf_err; 738 type = frame->tf_trapno; 739 sdtossd(&gdt[NGDT * PCPU_GET(cpuid) + IDXSEL(frame->tf_cs & 0xffff)], 740 &softseg); 741 742 if (type <= MAX_TRAP_MSG) 743 msg = trap_msg[type]; 744 else 745 msg = "UNKNOWN"; 746 printf("\n\nFatal trap %d: %s while in %s mode\n", type, msg, 747 ISPL(frame->tf_cs) == SEL_UPL ? "user" : "kernel"); 748 #ifdef SMP 749 /* two separate prints in case of a trap on an unmapped page */ 750 printf("cpuid = %d; ", PCPU_GET(cpuid)); 751 printf("apic id = %02x\n", PCPU_GET(apic_id)); 752 #endif 753 if (type == T_PAGEFLT) { 754 printf("fault virtual address = 0x%lx\n", eva); 755 printf("fault code = %s %s %s, %s\n", 756 code & PGEX_U ? "user" : "supervisor", 757 code & PGEX_W ? "write" : "read", 758 code & PGEX_I ? "instruction" : "data", 759 code & PGEX_P ? "protection violation" : "page not present"); 760 } 761 printf("instruction pointer = 0x%lx:0x%lx\n", 762 frame->tf_cs & 0xffff, frame->tf_rip); 763 if (ISPL(frame->tf_cs) == SEL_UPL) { 764 ss = frame->tf_ss & 0xffff; 765 esp = frame->tf_rsp; 766 } else { 767 ss = GSEL(GDATA_SEL, SEL_KPL); 768 esp = (long)&frame->tf_rsp; 769 } 770 printf("stack pointer = 0x%x:0x%lx\n", ss, esp); 771 printf("frame pointer = 0x%x:0x%lx\n", ss, frame->tf_rbp); 772 printf("code segment = base 0x%lx, limit 0x%lx, type 0x%x\n", 773 softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type); 774 printf(" = DPL %d, pres %d, long %d, def32 %d, gran %d\n", 775 softseg.ssd_dpl, softseg.ssd_p, softseg.ssd_long, softseg.ssd_def32, 776 softseg.ssd_gran); 777 printf("processor eflags = "); 778 if (frame->tf_rflags & PSL_T) 779 printf("trace trap, "); 780 if (frame->tf_rflags & PSL_I) 781 printf("interrupt enabled, "); 782 if (frame->tf_rflags & PSL_NT) 783 printf("nested task, "); 784 if (frame->tf_rflags & PSL_RF) 785 printf("resume, "); 786 printf("IOPL = %ld\n", (frame->tf_rflags & PSL_IOPL) >> 12); 787 printf("current process = "); 788 if (curproc) { 789 printf("%lu (%s)\n", 790 (u_long)curproc->p_pid, curthread->td_name ? 791 curthread->td_name : ""); 792 } else { 793 printf("Idle\n"); 794 } 795 796 #ifdef KDB 797 if (debugger_on_panic || kdb_active) 798 if (kdb_trap(type, 0, frame)) 799 return; 800 #endif 801 printf("trap number = %d\n", type); 802 if (type <= MAX_TRAP_MSG) 803 panic("%s", trap_msg[type]); 804 else 805 panic("unknown/reserved trap"); 806 } 807 808 /* 809 * Double fault handler. Called when a fault occurs while writing 810 * a frame for a trap/exception onto the stack. This usually occurs 811 * when the stack overflows (such is the case with infinite recursion, 812 * for example). 813 */ 814 void 815 dblfault_handler(struct trapframe *frame) 816 { 817 #ifdef KDTRACE_HOOKS 818 if (dtrace_doubletrap_func != NULL) 819 (*dtrace_doubletrap_func)(); 820 #endif 821 printf("\nFatal double fault\n"); 822 printf("rip = 0x%lx\n", frame->tf_rip); 823 printf("rsp = 0x%lx\n", frame->tf_rsp); 824 printf("rbp = 0x%lx\n", frame->tf_rbp); 825 #ifdef SMP 826 /* two separate prints in case of a trap on an unmapped page */ 827 printf("cpuid = %d; ", PCPU_GET(cpuid)); 828 printf("apic id = %02x\n", PCPU_GET(apic_id)); 829 #endif 830 panic("double fault"); 831 } 832 833 int 834 cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa) 835 { 836 struct proc *p; 837 struct trapframe *frame; 838 register_t *argp; 839 caddr_t params; 840 int reg, regcnt, error; 841 842 p = td->td_proc; 843 frame = td->td_frame; 844 reg = 0; 845 regcnt = 6; 846 847 params = (caddr_t)frame->tf_rsp + sizeof(register_t); 848 sa->code = frame->tf_rax; 849 850 if (sa->code == SYS_syscall || sa->code == SYS___syscall) { 851 sa->code = frame->tf_rdi; 852 reg++; 853 regcnt--; 854 } 855 if (p->p_sysent->sv_mask) 856 sa->code &= p->p_sysent->sv_mask; 857 858 if (sa->code >= p->p_sysent->sv_size) 859 sa->callp = &p->p_sysent->sv_table[0]; 860 else 861 sa->callp = &p->p_sysent->sv_table[sa->code]; 862 863 sa->narg = sa->callp->sy_narg; 864 KASSERT(sa->narg <= sizeof(sa->args) / sizeof(sa->args[0]), 865 ("Too many syscall arguments!")); 866 error = 0; 867 argp = &frame->tf_rdi; 868 argp += reg; 869 bcopy(argp, sa->args, sizeof(sa->args[0]) * regcnt); 870 if (sa->narg > regcnt) { 871 KASSERT(params != NULL, ("copyin args with no params!")); 872 error = copyin(params, &sa->args[regcnt], 873 (sa->narg - regcnt) * sizeof(sa->args[0])); 874 } 875 876 if (error == 0) { 877 td->td_retval[0] = 0; 878 td->td_retval[1] = frame->tf_rdx; 879 } 880 881 return (error); 882 } 883 884 /* 885 * syscall - system call request C handler 886 * 887 * A system call is essentially treated as a trap. 888 */ 889 void 890 syscall(struct trapframe *frame) 891 { 892 struct thread *td; 893 struct syscall_args sa; 894 register_t orig_tf_rflags; 895 int error; 896 ksiginfo_t ksi; 897 898 #ifdef DIAGNOSTIC 899 if (ISPL(frame->tf_cs) != SEL_UPL) { 900 panic("syscall"); 901 /* NOT REACHED */ 902 } 903 #endif 904 orig_tf_rflags = frame->tf_rflags; 905 td = curthread; 906 td->td_frame = frame; 907 908 error = syscallenter(td, &sa); 909 910 /* 911 * Traced syscall. 912 */ 913 if (orig_tf_rflags & PSL_T) { 914 frame->tf_rflags &= ~PSL_T; 915 ksiginfo_init_trap(&ksi); 916 ksi.ksi_signo = SIGTRAP; 917 ksi.ksi_code = TRAP_TRACE; 918 ksi.ksi_addr = (void *)frame->tf_rip; 919 trapsignal(td, &ksi); 920 } 921 922 KASSERT(PCB_USER_FPU(td->td_pcb), 923 ("System call %s returing with kernel FPU ctx leaked", 924 syscallname(td->td_proc, sa.code))); 925 KASSERT(td->td_pcb->pcb_save == &td->td_pcb->pcb_user_save, 926 ("System call %s returning with mangled pcb_save", 927 syscallname(td->td_proc, sa.code))); 928 929 syscallret(td, error, &sa); 930 } 931