1 /* $NetBSD: trap.c,v 1.201 2023/10/05 19:41:05 ad Exp $ */
2
3 /*
4 * Copyright (c) 1996
5 * The President and Fellows of Harvard College. All rights reserved.
6 * Copyright (c) 1992, 1993
7 * The Regents of the University of California. All rights reserved.
8 *
9 * This software was developed by the Computer Systems Engineering group
10 * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and
11 * contributed to Berkeley.
12 *
13 * All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Lawrence Berkeley Laboratory.
17 * This product includes software developed by Harvard University.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 * 1. Redistributions of source code must retain the above copyright
23 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in the
26 * documentation and/or other materials provided with the distribution.
27 * 3. All advertising materials mentioning features or use of this software
28 * must display the following acknowledgement:
29 * This product includes software developed by the University of
30 * California, Berkeley and its contributors.
31 * This product includes software developed by Harvard University.
32 * 4. Neither the name of the University nor the names of its contributors
33 * may be used to endorse or promote products derived from this software
34 * without specific prior written permission.
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
37 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
39 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
40 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
41 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
42 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
44 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
45 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 * SUCH DAMAGE.
47 *
48 * @(#)trap.c 8.4 (Berkeley) 9/23/93
49 */
50
51 #include <sys/cdefs.h>
52 __KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.201 2023/10/05 19:41:05 ad Exp $");
53
54 #include "opt_ddb.h"
55 #include "opt_compat_sunos.h"
56 #include "opt_sparc_arch.h"
57 #include "opt_multiprocessor.h"
58
59 #include <sys/param.h>
60 #include <sys/systm.h>
61 #include <sys/proc.h>
62 #include <sys/kernel.h>
63 #include <sys/kmem.h>
64 #include <sys/resource.h>
65 #include <sys/signal.h>
66 #include <sys/wait.h>
67 #include <sys/syscall.h>
68 #include <sys/syslog.h>
69 #include <sys/kauth.h>
70
71 #include <uvm/uvm_extern.h>
72
73 #include <sparc/sparc/asm.h>
74 #include <machine/cpu.h>
75 #include <machine/ctlreg.h>
76 #include <machine/trap.h>
77 #include <machine/instr.h>
78 #include <machine/pcb.h>
79 #include <machine/pmap.h>
80 #include <machine/userret.h>
81 #include <machine/locore.h>
82
83 #ifdef DDB
84 #include <machine/db_machdep.h>
85 #else
86 #include <machine/frame.h>
87 #endif
88 #ifdef COMPAT_SUNOS
89 #include <compat/sunos/sunos_exec.h>
90 #define SUNOS_MAXSADDR_SLOP (32 * 1024)
91 #endif
92
93 #include <sparc/fpu/fpu_extern.h>
94 #include <sparc/sparc/memreg.h>
95 #include <sparc/sparc/cpuvar.h>
96
97 #ifdef DEBUG
98 int rwindow_debug = 0;
99 #endif
100
101 /*
102 * Initial FPU state is all registers == all 1s, everything else == all 0s.
103 * This makes every floating point register a signalling NaN, with sign bit
104 * set, no matter how it is interpreted. Appendix N of the Sparc V8 document
105 * seems to imply that we should do this, and it does make sense.
106 */
107 struct fpstate initfpstate = {
108 .fs_reg = {
109 .fr_regs = {
110 ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0,
111 ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0, ~0,
112 },
113 .fr_fsr = 0,
114 },
115 .fs_qsize = 0,
116 .fs_queue = { {
117 .fq_addr = NULL,
118 .fq_instr = 0,
119 }, },
120 };
121
122 /*
123 * There are more than 100 trap types, but most are unused.
124 *
125 * Trap type 0 is taken over as an `Asynchronous System Trap'.
126 * This is left-over Vax emulation crap that should be fixed.
127 */
128 static const char T[] = "trap";
129 const char *trap_type[] = {
130 /* non-user vectors */
131 "ast", /* 0 */
132 "text fault", /* 1 */
133 "illegal instruction", /* 2 */
134 "privileged instruction",/*3 */
135 "fp disabled", /* 4 */
136 "window overflow", /* 5 */
137 "window underflow", /* 6 */
138 "alignment fault", /* 7 */
139 "fp exception", /* 8 */
140 "data fault", /* 9 */
141 "tag overflow", /* 0a */
142 "watchpoint", /* 0b */
143 T, T, T, T, T, /* 0c..10 */
144 "level 1 int", /* 11 */
145 "level 2 int", /* 12 */
146 "level 3 int", /* 13 */
147 "level 4 int", /* 14 */
148 "level 5 int", /* 15 */
149 "level 6 int", /* 16 */
150 "level 7 int", /* 17 */
151 "level 8 int", /* 18 */
152 "level 9 int", /* 19 */
153 "level 10 int", /* 1a */
154 "level 11 int", /* 1b */
155 "level 12 int", /* 1c */
156 "level 13 int", /* 1d */
157 "level 14 int", /* 1e */
158 "level 15 int", /* 1f */
159 "register access error",/* 20 */
160 "instruction access error",/* 21 */
161 T, T, /* 22..23 */
162 "cp disabled", /* 24 */
163 "unimplemented flush", /* 25 */
164 T, T, /* 26..27 */
165 "cp exception", /* 28 */
166 "data access error", /* 29 */
167 "hw zero divide", /* 2a */
168 "data store error", /* 2b */
169 "data access MMU miss", /* 2c */
170 T, T, T, /* 2d..2f */
171 T, T, T, T, T, T, T, T, /* 30..37 */
172 T, T, T, T, /* 38..3b */
173 "insn access MMU miss", /* 3c */
174 T, T, T, /* 3d..3f */
175 T, T, T, T, T, T, T, T, /* 40..47 */
176 T, T, T, T, T, T, T, T, /* 48..4f */
177 T, T, T, T, T, T, T, T, /* 50..57 */
178 T, T, T, T, T, T, T, T, /* 58..5f */
179 T, T, T, T, T, T, T, T, /* 60..67 */
180 T, T, T, T, T, T, T, T, /* 68..6f */
181 T, T, T, T, T, T, T, T, /* 70..77 */
182 T, T, T, T, T, T, T, T, /* 78..7f */
183
184 /* user (software trap) vectors */
185 "syscall", /* 80 */
186 "breakpoint", /* 81 */
187 "zero divide", /* 82 */
188 "flush windows", /* 83 */
189 "clean windows", /* 84 */
190 "range check", /* 85 */
191 "fix align", /* 86 */
192 "integer overflow", /* 87 */
193 "svr4 syscall", /* 88 */
194 "4.4 syscall", /* 89 */
195 "kgdb exec", /* 8a */
196 T, T, T, T, T, /* 8b..8f */
197 T, T, T, T, T, T, T, T, /* 9a..97 */
198 T, T, T, T, T, T, T, T, /* 98..9f */
199 "svr4 getcc", /* a0 */
200 "svr4 setcc", /* a1 */
201 "svr4 getpsr", /* a2 */
202 "svr4 setpsr", /* a3 */
203 "svr4 gethrtime", /* a4 */
204 "svr4 gethrvtime", /* a5 */
205 T, /* a6 */
206 "svr4 gethrestime", /* a7 */
207 };
208
209 #define N_TRAP_TYPES (sizeof trap_type / sizeof *trap_type)
210
211 void trap(unsigned, int, int, struct trapframe *);
212 void mem_access_fault(unsigned, int, u_int, int, int, struct trapframe *);
213 void mem_access_fault4m(unsigned, u_int, u_int, struct trapframe *);
214
215 int ignore_bogus_traps = 1;
216
217 /*
218 * Called from locore.s trap handling, for non-MMU-related traps.
219 * (MMU-related traps go through mem_access_fault, below.)
220 */
221 void
trap(unsigned type,int psr,int pc,struct trapframe * tf)222 trap(unsigned type, int psr, int pc, struct trapframe *tf)
223 {
224 struct proc *p;
225 struct lwp *l;
226 struct pcb *pcb;
227 int n, s;
228 char bits[64];
229 u_quad_t sticks;
230 ksiginfo_t ksi;
231 int code, sig;
232
233 /* This steps the PC over the trap. */
234 #define ADVANCE (n = tf->tf_npc, tf->tf_pc = n, tf->tf_npc = n + 4)
235
236 curcpu()->ci_data.cpu_ntrap++;
237 /*
238 * Generally, kernel traps cause a panic. Any exceptions are
239 * handled early here.
240 */
241 if (psr & PSR_PS) {
242 #ifdef DDB
243 if (type == T_BREAKPOINT) {
244 write_all_windows();
245 if (kdb_trap(type, tf)) {
246 return;
247 }
248 }
249 #if defined(MULTIPROCESSOR)
250 if (type == T_DBPAUSE) {
251 /* XXX - deal with kgdb too */
252 write_all_windows();
253 ddb_suspend(tf);
254 ADVANCE;
255 return;
256 }
257 #endif
258 #endif
259 #ifdef DIAGNOSTIC
260 /*
261 * Currently, we allow DIAGNOSTIC kernel code to
262 * flush the windows to record stack traces.
263 */
264 if (type == T_FLUSHWIN) {
265 write_all_windows();
266 ADVANCE;
267 return;
268 }
269 #endif
270 if (type == T_UNIMPLFLUSH) {
271 /*
272 * This should happen only on hypersparc.
273 * It also is a rare event to get this trap
274 * from kernel space. For now, just flush the
275 * entire I-cache.
276 */
277 #if defined(MULTIPROCESSOR)
278 /* Broadcast to all CPUs */
279 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL);
280 #else
281 (*cpuinfo.pure_vcache_flush)();
282 #endif
283 ADVANCE;
284 return;
285 }
286
287 /*
288 * Storing %fsr in cpu_attach will cause this trap
289 * even though the fpu has been enabled, if and only
290 * if there is no FPU.
291 */
292 if (type == T_FPDISABLED && cold) {
293 ADVANCE;
294 return;
295 }
296 dopanic:
297 snprintb(bits, sizeof(bits), PSR_BITS, psr);
298 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n",
299 type, pc, tf->tf_npc, bits);
300 #ifdef DDB
301 write_all_windows();
302 (void) kdb_trap(type, tf);
303 #endif
304 panic("%s", type < N_TRAP_TYPES ? trap_type[type] : T);
305 /* NOTREACHED */
306 }
307 if ((l = curlwp) == NULL)
308 l = &lwp0;
309 p = l->l_proc;
310 sticks = p->p_sticks;
311 pcb = lwp_getpcb(l);
312 l->l_md.md_tf = tf; /* for ptrace/signals */
313
314 #ifdef FPU_DEBUG
315 if (type != T_FPDISABLED && (tf->tf_psr & PSR_EF) != 0) {
316 if (cpuinfo.fplwp != l)
317 panic("FPU enabled but wrong proc (0) [l=%p, fwlp=%p]",
318 l, cpuinfo.fplwp);
319 savefpstate(l->l_md.md_fpstate);
320 l->l_md.md_fpu = NULL;
321 cpuinfo.fplwp = NULL;
322 tf->tf_psr &= ~PSR_EF;
323 setpsr(getpsr() & ~PSR_EF);
324 }
325 #endif
326
327 sig = 0;
328
329 switch (type) {
330
331 default:
332 if (type < 0x80) {
333 if (!ignore_bogus_traps)
334 goto dopanic;
335 snprintb(bits, sizeof(bits), PSR_BITS, psr);
336 printf("trap type 0x%x: pc=0x%x npc=0x%x psr=%s\n",
337 type, pc, tf->tf_npc, bits);
338 sig = SIGILL;
339 KSI_INIT_TRAP(&ksi);
340 ksi.ksi_trap = type;
341 ksi.ksi_code = ILL_ILLTRP;
342 ksi.ksi_addr = (void *)pc;
343 break;
344 }
345
346 #ifdef DIAGNOSTIC
347 if (type < 0x90 || type > 0x9f) {
348 /* the following message is gratuitous */
349 /* ... but leave it in until we find anything */
350 uprintf("%s[%d]: unimplemented software trap 0x%x\n",
351 p->p_comm, p->p_pid, type);
352 }
353 #endif
354 sig = SIGILL;
355 KSI_INIT_TRAP(&ksi);
356 ksi.ksi_trap = type;
357 ksi.ksi_code = ILL_ILLTRP;
358 ksi.ksi_addr = (void *)pc;
359 break;
360
361 case T_AST:
362 break; /* the work is all in userret() */
363
364 case T_UNIMPLFLUSH:
365 /* Invalidate the entire I-cache */
366 #if defined(MULTIPROCESSOR)
367 /* Broadcast to all CPUs */
368 XCALL0(*cpuinfo.pure_vcache_flush, CPUSET_ALL);
369 #else
370 (*cpuinfo.pure_vcache_flush)();
371 #endif
372 ADVANCE;
373 break;
374
375 case T_ILLINST:
376 /* Note: Cypress generates a T_ILLINST on FLUSH instructions */
377 if ((sig = emulinstr(pc, tf)) == 0) {
378 ADVANCE;
379 break;
380 }
381 KSI_INIT_TRAP(&ksi);
382 ksi.ksi_trap = type;
383 ksi.ksi_code = ILL_ILLOPC;
384 ksi.ksi_addr = (void *)pc;
385 break;
386
387 case T_PRIVINST:
388 sig = SIGILL;
389 KSI_INIT_TRAP(&ksi);
390 ksi.ksi_trap = type;
391 ksi.ksi_code = ILL_PRVOPC;
392 ksi.ksi_addr = (void *)pc;
393 break;
394
395 case T_FPDISABLED: {
396 struct fpstate *fs = l->l_md.md_fpstate;
397
398 #ifdef FPU_DEBUG
399 if ((tf->tf_psr & PSR_PS) != 0) {
400 printf("FPU fault from kernel mode, pc=%x\n", pc);
401 #ifdef DDB
402 Debugger();
403 #endif
404 }
405 #endif
406
407 if (fs == NULL) {
408 fs = kmem_alloc(sizeof(struct fpstate), KM_SLEEP);
409 *fs = initfpstate;
410 l->l_md.md_fpstate = fs;
411 }
412 /*
413 * If we have not found an FPU, we have to emulate it.
414 */
415 if (!cpuinfo.fpupresent) {
416 #ifdef notyet
417 fpu_emulate(l, tf, fs);
418 #else
419 sig = SIGFPE;
420 KSI_INIT_TRAP(&ksi);
421 ksi.ksi_trap = type;
422 ksi.ksi_code = SI_NOINFO;
423 ksi.ksi_addr = (void *)pc;
424 #endif
425 break;
426 }
427 /*
428 * We may have more FPEs stored up and/or ops queued.
429 * If they exist, handle them and get out. Otherwise,
430 * resolve the FPU state, turn it on, and try again.
431 */
432 if (fs->fs_qsize) {
433 if ((code = fpu_cleanup(l, fs)) != 0) {
434 sig = SIGFPE;
435 KSI_INIT_TRAP(&ksi);
436 ksi.ksi_trap = type;
437 ksi.ksi_code = code;
438 ksi.ksi_addr = (void *)pc;
439 }
440 break;
441 }
442
443 /*
444 * If we do not own the FPU state on this CPU, we must
445 * now acquire it.
446 */
447 if (cpuinfo.fplwp != l) {
448 struct cpu_info *cpi;
449
450 FPU_LOCK(s);
451 if (cpuinfo.fplwp != NULL) {
452 /* someone else had it*/
453 savefpstate(cpuinfo.fplwp->l_md.md_fpstate);
454 cpuinfo.fplwp->l_md.md_fpu = NULL;
455 }
456
457 /*
458 * On MP machines, some of the other FPUs might
459 * still have our state. Tell the owning processor
460 * to save the process' FPU state.
461 */
462 if ((cpi = l->l_md.md_fpu) != NULL) {
463 if (cpi->ci_cpuid == cpuinfo.ci_cpuid)
464 panic("FPU(%d): state for %p",
465 cpi->ci_cpuid, l);
466 #if defined(MULTIPROCESSOR)
467 XCALL1(ipi_savefpstate, fs, 1 << cpi->ci_cpuid);
468 #endif
469 cpi->fplwp = NULL;
470 }
471 loadfpstate(fs);
472
473 /* now we do have it */
474 cpuinfo.fplwp = l;
475 l->l_md.md_fpu = curcpu();
476 FPU_UNLOCK(s);
477 }
478
479 tf->tf_psr |= PSR_EF;
480 break;
481 }
482
483 case T_WINOF:
484 if (rwindow_save(l)) {
485 mutex_enter(p->p_lock);
486 sigexit(l, SIGILL);
487 }
488 break;
489
490 #define read_rw(src, dst) \
491 copyin((void *)(src), (void *)(dst), sizeof(struct rwindow))
492
493 case T_RWRET:
494 /*
495 * T_RWRET is a window load needed in order to rett.
496 * It simply needs the window to which tf->tf_out[6]
497 * (%sp) points. There are no user or saved windows now.
498 * Copy the one from %sp into pcb->pcb_rw[0] and set
499 * nsaved to -1. If we decide to deliver a signal on
500 * our way out, we will clear nsaved.
501 */
502 if (pcb->pcb_uw || pcb->pcb_nsaved)
503 panic("trap T_RWRET 1");
504 #ifdef DEBUG
505 if (rwindow_debug)
506 printf("cpu%d:%s[%d]: rwindow: pcb<-stack: 0x%x\n",
507 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
508 tf->tf_out[6]);
509 #endif
510 if (read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) {
511 mutex_enter(p->p_lock);
512 sigexit(l, SIGILL);
513 }
514 if (pcb->pcb_nsaved)
515 panic("trap T_RWRET 2");
516 pcb->pcb_nsaved = -1; /* mark success */
517 break;
518
519 case T_WINUF:
520 /*
521 * T_WINUF is a real window underflow, from a restore
522 * instruction. It needs to have the contents of two
523 * windows---the one belonging to the restore instruction
524 * itself, which is at its %sp, and the one belonging to
525 * the window above, which is at its %fp or %i6---both
526 * in the pcb. The restore's window may still be in
527 * the CPU; we need to force it out to the stack.
528 */
529 #ifdef DEBUG
530 if (rwindow_debug)
531 printf("cpu%d:%s[%d]: rwindow: T_WINUF 0: pcb<-stack: 0x%x\n",
532 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
533 tf->tf_out[6]);
534 #endif
535 write_user_windows();
536 if (rwindow_save(l) || read_rw(tf->tf_out[6], &pcb->pcb_rw[0])) {
537 mutex_enter(p->p_lock);
538 sigexit(l, SIGILL);
539 }
540 #ifdef DEBUG
541 if (rwindow_debug)
542 printf("cpu%d:%s[%d]: rwindow: T_WINUF 1: pcb<-stack: 0x%x\n",
543 cpuinfo.ci_cpuid, p->p_comm, p->p_pid,
544 pcb->pcb_rw[0].rw_in[6]);
545 #endif
546 if (read_rw(pcb->pcb_rw[0].rw_in[6], &pcb->pcb_rw[1])) {
547 mutex_enter(p->p_lock);
548 sigexit(l, SIGILL);
549 }
550 if (pcb->pcb_nsaved)
551 panic("trap T_WINUF");
552 pcb->pcb_nsaved = -1; /* mark success */
553 break;
554
555 case T_ALIGN:
556 if ((p->p_md.md_flags & MDP_FIXALIGN) != 0) {
557 n = fixalign(l, tf, NULL);
558 if (n == 0) {
559 ADVANCE;
560 break;
561 }
562 }
563 sig = SIGBUS;
564 KSI_INIT_TRAP(&ksi);
565 ksi.ksi_trap = type;
566 ksi.ksi_code = BUS_ADRALN;
567 fixalign(l, tf, &ksi.ksi_addr);
568 break;
569
570 case T_FPE:
571 /*
572 * Clean up after a floating point exception.
573 * fpu_cleanup can (and usually does) modify the
574 * state we save here, so we must `give up' the FPU
575 * chip context. (The software and hardware states
576 * will not match once fpu_cleanup does its job, so
577 * we must not save again later.)
578 */
579 if (l != cpuinfo.fplwp)
580 panic("fpe without being the FP user");
581 FPU_LOCK(s);
582 savefpstate(l->l_md.md_fpstate);
583 cpuinfo.fplwp = NULL;
584 l->l_md.md_fpu = NULL;
585 FPU_UNLOCK(s);
586 /* tf->tf_psr &= ~PSR_EF; */ /* share_fpu will do this */
587 if ((code = fpu_cleanup(l, l->l_md.md_fpstate)) != 0) {
588 sig = SIGFPE;
589 KSI_INIT_TRAP(&ksi);
590 ksi.ksi_trap = type;
591 ksi.ksi_code = code;
592 ksi.ksi_addr = (void *)pc;
593 }
594 #if 0 /* ??? really never??? */
595 ADVANCE;
596 #endif
597 break;
598
599 case T_TAGOF:
600 sig = SIGEMT;
601 KSI_INIT_TRAP(&ksi);
602 ksi.ksi_trap = type;
603 ksi.ksi_code = SI_NOINFO;
604 ksi.ksi_addr = (void *)pc;
605 break;
606
607 case T_CPDISABLED:
608 sig = SIGILL;
609 KSI_INIT_TRAP(&ksi);
610 ksi.ksi_trap = type;
611 ksi.ksi_code = ILL_COPROC;
612 ksi.ksi_addr = (void *)pc;
613 break;
614
615 case T_BREAKPOINT:
616 sig = SIGTRAP;
617 KSI_INIT_TRAP(&ksi);
618 ksi.ksi_trap = type;
619 ksi.ksi_code = TRAP_BRKPT;
620 ksi.ksi_addr = (void *)pc;
621 break;
622
623 case T_DIV0:
624 case T_IDIV0:
625 ADVANCE;
626 sig = SIGFPE;
627 KSI_INIT_TRAP(&ksi);
628 ksi.ksi_trap = type;
629 ksi.ksi_code = FPE_INTDIV;
630 ksi.ksi_addr = (void *)pc;
631 break;
632
633 case T_FLUSHWIN:
634 write_user_windows();
635 #ifdef probably_slower_since_this_is_usually_false
636 if (pcb->pcb_nsaved && rwindow_save(p)) {
637 mutex_enter(p->p_lock);
638 sigexit(l, SIGILL);
639 }
640 #endif
641 ADVANCE;
642 break;
643
644 case T_CLEANWIN:
645 uprintf("T_CLEANWIN\n"); /* XXX */
646 ADVANCE;
647 break;
648
649 case T_RANGECHECK:
650 uprintf("T_RANGECHECK\n"); /* XXX */
651 ADVANCE;
652 sig = SIGILL;
653 KSI_INIT_TRAP(&ksi);
654 ksi.ksi_trap = type;
655 ksi.ksi_code = ILL_ILLOPN;
656 ksi.ksi_addr = (void *)pc;
657 break;
658
659 case T_FIXALIGN:
660 #ifdef DEBUG_ALIGN
661 uprintf("T_FIXALIGN\n");
662 #endif
663 /* User wants us to fix alignment faults */
664 p->p_md.md_flags |= MDP_FIXALIGN;
665 ADVANCE;
666 break;
667
668 case T_INTOF:
669 uprintf("T_INTOF\n"); /* XXX */
670 ADVANCE;
671 sig = SIGFPE;
672 KSI_INIT_TRAP(&ksi);
673 ksi.ksi_trap = type;
674 ksi.ksi_code = FPE_INTOVF;
675 ksi.ksi_addr = (void *)pc;
676 break;
677 }
678 if (sig != 0) {
679 ksi.ksi_signo = sig;
680 trapsignal(l, &ksi);
681 }
682 userret(l, pc, sticks);
683 share_fpu(l, tf);
684 #undef ADVANCE
685 }
686
687 /*
688 * Save windows from PCB into user stack, and return 0. This is used on
689 * window overflow pseudo-traps (from locore.s, just before returning to
690 * user mode) and when ptrace or sendsig needs a consistent state.
691 * As a side effect, rwindow_save() always sets pcb_nsaved to 0,
692 * clobbering the `underflow restore' indicator if it was -1.
693 *
694 * If the windows cannot be saved, pcb_nsaved is restored and we return -1.
695 */
696 int
rwindow_save(struct lwp * l)697 rwindow_save(struct lwp *l)
698 {
699 struct pcb *pcb = lwp_getpcb(l);
700 struct rwindow *rw = &pcb->pcb_rw[0];
701 int i;
702
703 i = pcb->pcb_nsaved;
704 if (i < 0) {
705 pcb->pcb_nsaved = 0;
706 return (0);
707 }
708 if (i == 0)
709 return (0);
710 #ifdef DEBUG
711 if (rwindow_debug)
712 printf("cpu%d:%s[%d]: rwindow: pcb->stack:",
713 cpuinfo.ci_cpuid, l->l_proc->p_comm, l->l_proc->p_pid);
714 #endif
715 do {
716 #ifdef DEBUG
717 if (rwindow_debug)
718 printf(" [%d]0x%x", cpuinfo.ci_cpuid, rw[1].rw_in[6]);
719 #endif
720 if (copyout((void *)rw, (void *)rw[1].rw_in[6],
721 sizeof *rw))
722 return (-1);
723 rw++;
724 } while (--i > 0);
725 #ifdef DEBUG
726 if (rwindow_debug)
727 printf("\n");
728 #endif
729 pcb->pcb_nsaved = 0;
730 return (0);
731 }
732
733 /*
734 * Kill user windows (before exec) by writing back to stack or pcb
735 * and then erasing any pcb tracks. Otherwise we might try to write
736 * the registers into the new process after the exec.
737 */
738 void
cpu_vmspace_exec(struct lwp * l,vaddr_t vstart,vaddr_t vend)739 cpu_vmspace_exec(struct lwp *l, vaddr_t vstart, vaddr_t vend)
740 {
741 struct pcb *pcb = lwp_getpcb(l);
742
743 write_user_windows();
744 pcb->pcb_nsaved = 0;
745 }
746
747 /*
748 * Called from locore.s trap handling, for synchronous memory faults.
749 *
750 * This duplicates a lot of logic in trap() and perhaps should be
751 * moved there; but the bus-error-register parameters are unique to
752 * this routine.
753 *
754 * Since synchronous errors accumulate during prefetch, we can have
755 * more than one `cause'. But we do not care what the cause, here;
756 * we just want to page in the page and try again.
757 */
758 void
mem_access_fault(unsigned type,int ser,u_int v,int pc,int psr,struct trapframe * tf)759 mem_access_fault(unsigned type, int ser, u_int v, int pc, int psr,
760 struct trapframe *tf)
761 {
762 #if defined(SUN4) || defined(SUN4C)
763 struct proc *p;
764 struct lwp *l;
765 struct pcb *pcb;
766 struct vmspace *vm;
767 vaddr_t va;
768 int rv;
769 vm_prot_t atype;
770 vaddr_t onfault;
771 u_quad_t sticks;
772 char bits[64];
773 ksiginfo_t ksi;
774
775 curcpu()->ci_data.cpu_ntrap++;
776 l = curlwp;
777 p = l->l_proc;
778 pcb = lwp_getpcb(l);
779 onfault = (vaddr_t)pcb->pcb_onfault;
780
781 sticks = p->p_sticks;
782
783 #ifdef FPU_DEBUG
784 if ((tf->tf_psr & PSR_EF) != 0) {
785 if (cpuinfo.fplwp != l)
786 panic("FPU enabled but wrong proc (1) [l=%p, fwlp=%p]",
787 l, cpuinfo.fplwp);
788 savefpstate(l->l_md.md_fpstate);
789 l->l_md.md_fpu = NULL;
790 cpuinfo.fplwp = NULL;
791 tf->tf_psr &= ~PSR_EF;
792 setpsr(getpsr() & ~PSR_EF);
793 }
794 #endif
795
796 /*
797 * Figure out what to pass the VM code, and ignore the sva register
798 * value in v on text faults (text faults are always at pc).
799 * Kernel faults are somewhat different: text faults are always
800 * illegal, and data faults are extra complex. User faults must
801 * set p->p_md.md_tf, in case we decide to deliver a signal. Check
802 * for illegal virtual addresses early since those can induce more
803 * faults.
804 */
805 if (type == T_TEXTFAULT)
806 v = pc;
807 if (VA_INHOLE(v)) {
808 rv = EACCES;
809 goto fault;
810 }
811 atype = ser & SER_WRITE ? VM_PROT_WRITE : VM_PROT_READ;
812 if ((ser & SER_PROT) && atype == VM_PROT_READ && type != T_TEXTFAULT) {
813
814 /*
815 * The hardware reports faults by the atomic load/store
816 * instructions as read faults, so if the faulting instruction
817 * is one of those, relabel this fault as both read and write.
818 */
819 u_int insn;
820 if (ufetch_int((void *)pc, &insn) == 0 &&
821 (insn & 0xc1680000) == 0xc0680000) {
822 atype = VM_PROT_READ | VM_PROT_WRITE;
823 }
824 }
825 va = trunc_page(v);
826 if (psr & PSR_PS) {
827 if (type == T_TEXTFAULT) {
828 (void) splhigh();
829 snprintb(bits, sizeof(bits), SER_BITS, ser);
830 printf("cpu%d: text fault: pc=0x%x ser=%s\n",
831 cpu_number(), pc, bits);
832 panic("kernel fault");
833 /* NOTREACHED */
834 }
835 /*
836 * If this was an access that we shouldn't try to page in,
837 * resume at the fault handler without any action.
838 */
839 if (onfault == (vaddr_t)sparc_fsbail) {
840 rv = EFAULT;
841 goto kfault;
842 }
843
844 /*
845 * During autoconfiguration, faults are never OK unless
846 * pcb_onfault is set. Once running normally we must allow
847 * exec() to cause copy-on-write faults to kernel addresses.
848 */
849 if (cold) {
850 rv = EFAULT;
851 goto kfault;
852 }
853 if (va >= KERNBASE) {
854 rv = mmu_pagein(pmap_kernel(), va, atype);
855 if (rv < 0) {
856 rv = EACCES;
857 goto kfault;
858 }
859 if (rv > 0)
860 return;
861 pcb->pcb_onfault = NULL;
862 rv = uvm_fault(kernel_map, va, atype);
863 pcb->pcb_onfault = (void *)onfault;
864 if (rv == 0)
865 return;
866 goto kfault;
867 }
868 } else {
869 l->l_md.md_tf = tf;
870 }
871
872 /*
873 * mmu_pagein returns -1 if the page is already valid, in which
874 * case we have a hard fault; it returns 1 if it loads a segment
875 * that got bumped out via LRU replacement.
876 */
877 vm = p->p_vmspace;
878 rv = mmu_pagein(vm->vm_map.pmap, va, atype);
879 if (rv < 0) {
880 rv = EACCES;
881 goto fault;
882 }
883 if (rv > 0)
884 goto out;
885
886 /* alas! must call the horrible vm code */
887 pcb->pcb_onfault = NULL;
888 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype);
889 pcb->pcb_onfault = (void *)onfault;
890
891 /*
892 * If this was a stack access we keep track of the maximum
893 * accessed stack size. Also, if vm_fault gets a protection
894 * failure it is due to accessing the stack region outside
895 * the current limit and we need to reflect that as an access
896 * error.
897 */
898 if ((void *)va >= vm->vm_maxsaddr
899 #ifdef COMPAT_SUNOS
900 && !(p->p_emul == &emul_sunos && va < USRSTACK -
901 (vaddr_t)p->p_limit->pl_rlimit[RLIMIT_STACK].rlim_cur +
902 SUNOS_MAXSADDR_SLOP)
903 #endif
904 && rv == 0)
905 uvm_grow(p, va);
906
907 if (rv == 0) {
908 /*
909 * pmap_enter() does not enter all requests made from
910 * vm_fault into the MMU (as that causes unnecessary
911 * entries for `wired' pages). Instead, we call
912 * mmu_pagein here to make sure the new PTE gets installed.
913 */
914 (void) mmu_pagein(vm->vm_map.pmap, va, VM_PROT_NONE);
915 } else {
916 /*
917 * Pagein failed. If doing copyin/out, return to onfault
918 * address. Any other page fault in kernel, die; if user
919 * fault, deliver SIGSEGV.
920 */
921 fault:
922 if (psr & PSR_PS) {
923 kfault:
924 if (!onfault) {
925 (void) splhigh();
926 snprintb(bits, sizeof(bits), SER_BITS, ser);
927 printf("cpu%d: data fault: pc=0x%x "
928 "addr=0x%x ser=%s\n",
929 cpu_number(), pc, v, bits);
930 panic("kernel fault");
931 /* NOTREACHED */
932 }
933 tf->tf_pc = onfault;
934 tf->tf_npc = onfault + 4;
935 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv;
936 return;
937 }
938 KSI_INIT_TRAP(&ksi);
939 switch (rv) {
940 case ENOMEM:
941 printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
942 p->p_pid, p->p_comm,
943 l->l_cred ?
944 kauth_cred_geteuid(l->l_cred) : -1);
945 ksi.ksi_signo = SIGKILL;
946 break;
947 case EINVAL:
948 ksi.ksi_signo = SIGBUS;
949 ksi.ksi_code = BUS_ADRERR;
950 break;
951 case EACCES:
952 ksi.ksi_signo = SIGSEGV;
953 ksi.ksi_code = SEGV_ACCERR;
954 break;
955 default:
956 ksi.ksi_signo = SIGSEGV;
957 ksi.ksi_code = SEGV_MAPERR;
958 break;
959 }
960 ksi.ksi_trap = type;
961 ksi.ksi_addr = (void *)v;
962 trapsignal(l, &ksi);
963 }
964 out:
965 if ((psr & PSR_PS) == 0) {
966 userret(l, pc, sticks);
967 share_fpu(l, tf);
968 }
969 #endif /* SUN4 || SUN4C */
970 }
971
972 #if defined(SUN4M) /* 4m version of mem_access_fault() follows */
973 static int tfaultaddr = (int) 0xdeadbeef;
974
975 void
mem_access_fault4m(unsigned type,u_int sfsr,u_int sfva,struct trapframe * tf)976 mem_access_fault4m(unsigned type, u_int sfsr, u_int sfva, struct trapframe *tf)
977 {
978 int pc, psr;
979 struct proc *p;
980 struct lwp *l;
981 struct pcb *pcb;
982 struct vmspace *vm;
983 vaddr_t va;
984 int rv;
985 vm_prot_t atype;
986 int onfault;
987 u_quad_t sticks;
988 char bits[64];
989 ksiginfo_t ksi;
990
991 curcpu()->ci_data.cpu_ntrap++;
992
993 l = curlwp;
994 p = l->l_proc;
995 sticks = p->p_sticks;
996 pcb = lwp_getpcb(l);
997 onfault = (vaddr_t)pcb->pcb_onfault;
998
999 #ifdef FPU_DEBUG
1000 if ((tf->tf_psr & PSR_EF) != 0) {
1001 if (cpuinfo.fplwp != l)
1002 panic("FPU enabled but wrong proc (2) [l=%p, fwlp=%p]",
1003 l, cpuinfo.fplwp);
1004 savefpstate(l->l_md.md_fpstate);
1005 l->l_md.md_fpu = NULL;
1006 cpuinfo.fplwp = NULL;
1007 tf->tf_psr &= ~PSR_EF;
1008 setpsr(getpsr() & ~PSR_EF);
1009 }
1010 #endif
1011
1012 pc = tf->tf_pc; /* These are needed below */
1013 psr = tf->tf_psr;
1014
1015 #if /*DIAGNOSTICS*/1
1016 if (type == T_DATAERROR || type == T_TEXTERROR)
1017 printf("%s[%d]: trap 0x%x: pc=0x%x sfsr=0x%x sfva=0x%x\n",
1018 p->p_comm, p->p_pid, type, pc, sfsr, sfva);
1019 #endif
1020
1021 /*
1022 * Our first priority is handling serious faults, such as
1023 * parity errors or async faults that might have come through here.
1024 * If afsr & AFSR_AFO != 0, then we're on a HyperSPARC and we
1025 * got an async fault. We pass it on to memerr4m. Similarly, if
1026 * the trap was T_STOREBUFFAULT, we pass it on to memerr4m.
1027 * If we have a data fault, but SFSR_FAV is not set in the sfsr,
1028 * then things are really bizarre, and we treat it as a hard
1029 * error and pass it on to memerr4m. See section 8.12.4 in the
1030 * SuperSPARC user's guide for more info, and for a possible
1031 * solution which we don't implement here.
1032 * Note: store buffer faults may also lead to a level 15 interrupt
1033 * being posted to the module (see sun4m system architecture,
1034 * section B.I.9).
1035 */
1036 if (type == T_STOREBUFFAULT ||
1037 (type == T_DATAFAULT && (sfsr & SFSR_FAV) == 0)) {
1038 (*cpuinfo.memerr)(type, sfsr, sfva, tf);
1039 /*
1040 * If we get here, exit the trap handler and wait for the
1041 * trap to re-occur.
1042 */
1043 goto out_nounlock;
1044 }
1045
1046 /*
1047 * Figure out what to pass the VM code. We cannot ignore the sfva
1048 * register on text faults, since this might be a trap on an
1049 * alternate-ASI access to code space. However, if we're on a
1050 * supersparc, we can't help using PC, since we don't get a VA in
1051 * sfva.
1052 * Kernel faults are somewhat different: text faults are always
1053 * illegal, and data faults are extra complex. User faults must
1054 * set p->p_md.md_tf, in case we decide to deliver a signal. Check
1055 * for illegal virtual addresses early since those can induce more
1056 * faults.
1057 * All translation faults are illegal, and result in a SIGSEGV
1058 * being delivered to the running process (or a kernel panic, for
1059 * a kernel fault). We check the translation first to make sure
1060 * it is not spurious.
1061 * Also, note that in the case where we have an overwritten
1062 * text fault (OW==1, AT==2,3), we attempt to service the
1063 * second (overwriting) fault, then restart the instruction
1064 * (which is from the first fault) and allow the first trap
1065 * to reappear. XXX is this right? It will probably change...
1066 */
1067 if ((sfsr & SFSR_FT) == SFSR_FT_NONE)
1068 goto out; /* No fault. Why were we called? */
1069
1070 /*
1071 * NOTE: the per-CPU fault status register readers (in locore)
1072 * may already have decided to pass `pc' in `sfva', so we avoid
1073 * testing CPU types here.
1074 * Q: test SFSR_FAV in the locore stubs too?
1075 */
1076 if ((sfsr & SFSR_FAV) == 0) {
1077 /* note: T_TEXTERROR == T_TEXTFAULT | 0x20 */
1078 if ((type & ~0x20) == T_TEXTFAULT)
1079 sfva = pc;
1080 else {
1081 rv = EACCES;
1082 goto fault;
1083 }
1084 }
1085
1086 if ((sfsr & SFSR_FT) == SFSR_FT_TRANSERR) {
1087 /*
1088 * Translation errors are always fatal, as they indicate
1089 * a corrupt translation (page) table hierarchy.
1090 */
1091 rv = EACCES;
1092
1093 /* XXXSMP - why bother with this anyway? */
1094 if (tfaultaddr == sfva) /* Prevent infinite loops w/a static */
1095 goto fault;
1096 tfaultaddr = sfva;
1097 if ((lda((sfva & 0xFFFFF000) | ASI_SRMMUFP_LN, ASI_SRMMUFP) &
1098 SRMMU_TETYPE) != SRMMU_TEPTE)
1099 goto fault; /* Translation bad */
1100 lda(SRMMU_SFSR, ASI_SRMMU);
1101 #ifdef DEBUG
1102 printf("mem_access_fault4m: SFSR_FT_TRANSERR: "
1103 "pid %d, va 0x%x: retrying\n", p->p_pid, sfva);
1104 #endif
1105 goto out; /* Translation OK, retry operation */
1106 }
1107
1108 va = trunc_page(sfva);
1109
1110 if (((sfsr & SFSR_AT_TEXT) || type == T_TEXTFAULT) &&
1111 !(sfsr & SFSR_AT_STORE) && (sfsr & SFSR_OW)) {
1112 if (psr & PSR_PS) { /* never allow in kernel */
1113 rv = EFAULT;
1114 goto kfault;
1115 }
1116 #if 0
1117 /*
1118 * Double text fault. The evil "case 5" from the HS manual...
1119 * Attempt to handle early fault. Ignores ASI 8,9 issue...may
1120 * do a useless VM read.
1121 * XXX: Is this really necessary?
1122 * XXX: If it's necessary, add SA_PAGEFAULT handling
1123 */
1124 if (cpuinfo.cpu_type == CPUTYP_HS_MBUS) {
1125 /* On HS, we have va for both */
1126 vm = p->p_vmspace;
1127 pcb->pcb_onfault = NULL;
1128 rv = uvm_fault(&vm->vm_map, trunc_page(pc),
1129 VM_PROT_READ);
1130 pcb->pcb_onfault = onfault;
1131 if (rv != 0)
1132 #ifdef DEBUG
1133 printf("mem_access_fault: "
1134 "can't pagein 1st text fault.\n")
1135 #endif
1136 ;
1137 }
1138 #endif
1139 }
1140
1141 /* Now munch on protections... */
1142 if (sfsr & SFSR_AT_STORE) {
1143 /* stores are never text faults. */
1144 atype = VM_PROT_WRITE;
1145 } else {
1146 if ((sfsr & SFSR_AT_TEXT) || (type & ~0x20) == T_TEXTFAULT) {
1147 atype = VM_PROT_EXECUTE;
1148 } else {
1149 atype = VM_PROT_READ;
1150 }
1151 }
1152
1153 if (psr & PSR_PS) {
1154 if (sfsr & SFSR_AT_TEXT || type == T_TEXTFAULT) {
1155 (void) splhigh();
1156 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr);
1157 printf("cpu%d text fault: pc=0x%x sfsr=%s sfva=0x%x\n",
1158 cpu_number(), pc, bits, sfva);
1159 panic("kernel fault");
1160 /* NOTREACHED */
1161 }
1162 /*
1163 * If this was an access that we shouldn't try to page in,
1164 * resume at the fault handler without any action.
1165 */
1166 if (onfault == (vaddr_t)sparc_fsbail) {
1167 rv = EFAULT;
1168 goto kfault;
1169 }
1170
1171 /*
1172 * During autoconfiguration, faults are never OK unless
1173 * pcb_onfault is set. Once running normally we must allow
1174 * exec() to cause copy-on-write faults to kernel addresses.
1175 */
1176 if (cold) {
1177 rv = EFAULT;
1178 goto kfault;
1179 }
1180 if (va >= KERNBASE) {
1181 pcb->pcb_onfault = NULL;
1182 rv = uvm_fault(kernel_map, va, atype);
1183 pcb->pcb_onfault = (void *)onfault;
1184 if (rv == 0) {
1185 return;
1186 }
1187 goto kfault;
1188 }
1189 } else {
1190 l->l_md.md_tf = tf;
1191 }
1192
1193 vm = p->p_vmspace;
1194
1195 /* alas! must call the horrible vm code */
1196 pcb->pcb_onfault = NULL;
1197 rv = uvm_fault(&vm->vm_map, (vaddr_t)va, atype);
1198 pcb->pcb_onfault = (void *)onfault;
1199
1200 /*
1201 * If this was a stack access we keep track of the maximum
1202 * accessed stack size. Also, if vm_fault gets a protection
1203 * failure it is due to accessing the stack region outside
1204 * the current limit and we need to reflect that as an access
1205 * error.
1206 */
1207 if (rv == 0 && (void *)va >= vm->vm_maxsaddr)
1208 uvm_grow(p, va);
1209 if (rv != 0) {
1210 /*
1211 * Pagein failed. If doing copyin/out, return to onfault
1212 * address. Any other page fault in kernel, die; if user
1213 * fault, deliver SIGSEGV.
1214 */
1215 fault:
1216 if (psr & PSR_PS) {
1217 kfault:
1218 if (!onfault) {
1219 (void) splhigh();
1220 snprintb(bits, sizeof(bits), SFSR_BITS, sfsr);
1221 printf("cpu%d: data fault: pc=0x%x "
1222 "addr=0x%x sfsr=%s\n",
1223 cpu_number(), pc, sfva, bits);
1224 panic("kernel fault");
1225 /* NOTREACHED */
1226 }
1227 tf->tf_pc = onfault;
1228 tf->tf_npc = onfault + 4;
1229 tf->tf_out[0] = (rv == EACCES) ? EFAULT : rv;
1230 return;
1231 }
1232 KSI_INIT_TRAP(&ksi);
1233 switch (rv) {
1234 case ENOMEM:
1235 printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
1236 p->p_pid, p->p_comm,
1237 l->l_cred ?
1238 kauth_cred_geteuid(l->l_cred) : -1);
1239 ksi.ksi_signo = SIGKILL;
1240 break;
1241 case EINVAL:
1242 ksi.ksi_signo = SIGBUS;
1243 ksi.ksi_code = BUS_ADRERR;
1244 break;
1245 case EACCES:
1246 ksi.ksi_signo = SIGSEGV;
1247 ksi.ksi_code = SEGV_ACCERR;
1248 break;
1249 default:
1250 ksi.ksi_signo = SIGSEGV;
1251 ksi.ksi_code = SEGV_MAPERR;
1252 break;
1253 }
1254 ksi.ksi_trap = type;
1255 ksi.ksi_addr = (void *)sfva;
1256 trapsignal(l, &ksi);
1257 }
1258 out:
1259 if ((psr & PSR_PS) == 0) {
1260 out_nounlock:
1261 userret(l, pc, sticks);
1262 share_fpu(l, tf);
1263 }
1264 }
1265 #endif /* SUN4M */
1266
1267 /*
1268 * Start a new LWP
1269 */
1270 void
startlwp(void * arg)1271 startlwp(void *arg)
1272 {
1273 ucontext_t *uc = arg;
1274 lwp_t *l = curlwp;
1275 int error __diagused;
1276
1277 error = cpu_setmcontext(l, &uc->uc_mcontext, uc->uc_flags);
1278 KASSERT(error == 0);
1279
1280 kmem_free(uc, sizeof(ucontext_t));
1281 userret(l, l->l_md.md_tf->tf_pc, 0);
1282 }
1283
1284