2 * Copyright (C) 1994, David Greenman
3 * Copyright (c) 1990, 1993
4 * The Regents of the University of California. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * the University of Utah, and William Jolitz.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by the University of
20 * California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91
40 #include <sys/cdefs.h>
41 __FBSDID("$FreeBSD$");
44 * AMD64 Trap and System call handling
47 #include "opt_clock.h"
49 #include "opt_hwpmc_hooks.h"
52 #include "opt_ktrace.h"
54 #include <sys/param.h>
56 #include <sys/systm.h>
58 #include <sys/pioctl.h>
59 #include <sys/ptrace.h>
61 #include <sys/kernel.h>
64 #include <sys/mutex.h>
65 #include <sys/resourcevar.h>
66 #include <sys/signalvar.h>
67 #include <sys/syscall.h>
68 #include <sys/sysctl.h>
69 #include <sys/sysent.h>
71 #include <sys/vmmeter.h>
73 #include <sys/ktrace.h>
76 #include <sys/pmckern.h>
80 #include <vm/vm_param.h>
82 #include <vm/vm_kern.h>
83 #include <vm/vm_map.h>
84 #include <vm/vm_page.h>
85 #include <vm/vm_extern.h>
87 #include <machine/cpu.h>
88 #include <machine/intr_machdep.h>
89 #include <machine/md_var.h>
90 #include <machine/pcb.h>
92 #include <machine/smp.h>
94 #include <machine/tss.h>
95 #include <security/audit/audit.h>
97 extern void trap(struct trapframe frame);
98 extern void syscall(struct trapframe frame);
99 void dblfault_handler(struct trapframe frame);
101 static int trap_pfault(struct trapframe *, int);
102 static void trap_fatal(struct trapframe *, vm_offset_t);
104 #define MAX_TRAP_MSG 30
105 static char *trap_msg[] = {
107 "privileged instruction fault", /* 1 T_PRIVINFLT */
109 "breakpoint instruction fault", /* 3 T_BPTFLT */
112 "arithmetic trap", /* 6 T_ARITHTRAP */
115 "general protection fault", /* 9 T_PROTFLT */
116 "trace trap", /* 10 T_TRCTRAP */
118 "page fault", /* 12 T_PAGEFLT */
120 "alignment fault", /* 14 T_ALIGNFLT */
124 "integer divide fault", /* 18 T_DIVIDE */
125 "non-maskable interrupt trap", /* 19 T_NMI */
126 "overflow trap", /* 20 T_OFLOW */
127 "FPU bounds check fault", /* 21 T_BOUND */
128 "FPU device not available", /* 22 T_DNA */
129 "double fault", /* 23 T_DOUBLEFLT */
130 "FPU operand fetch fault", /* 24 T_FPOPFLT */
131 "invalid TSS fault", /* 25 T_TSSFLT */
132 "segment not present fault", /* 26 T_SEGNPFLT */
133 "stack fault", /* 27 T_STKFLT */
134 "machine check trap", /* 28 T_MCHK */
135 "SIMD floating-point exception", /* 29 T_XMMFLT */
136 "reserved (unknown) fault", /* 30 T_RESERVED */
140 static int kdb_on_nmi = 1;
141 SYSCTL_INT(_machdep, OID_AUTO, kdb_on_nmi, CTLFLAG_RW,
142 &kdb_on_nmi, 0, "Go to KDB on NMI");
144 static int panic_on_nmi = 1;
145 SYSCTL_INT(_machdep, OID_AUTO, panic_on_nmi, CTLFLAG_RW,
146 &panic_on_nmi, 0, "Panic on NMI");
149 extern char *syscallnames[];
153 * Exception, fault, and trap interface to the FreeBSD kernel.
154 * This common code is called from assembly language IDT gate entry
155 * routines that prepare a suitable stack frame, and restore this
156 * frame after the exception has been processed.
161 struct trapframe frame;
163 struct thread *td = curthread;
164 struct proc *p = td->td_proc;
165 u_int sticks = 0, type;
166 int i = 0, ucode = 0, code;
168 PCPU_LAZY_INC(cnt.v_trap);
169 type = frame.tf_trapno;
172 /* Handler for NMI IPIs used for debugging */
174 if (ipi_nmi_handler() == 0)
177 #endif /* KDB_STOP_NMI */
188 * CPU PMCs interrupt using an NMI. If the PMC module is
189 * active, pass the 'rip' value to the PMC module's interrupt
190 * handler. A return value of '1' from the handler means that
191 * the NMI was handled by it and we can return immediately.
193 if (type == T_NMI && pmc_intr &&
194 (*pmc_intr)(PCPU_GET(cpuid), (uintptr_t) frame.tf_rip,
195 TRAPF_USERMODE(&frame)))
199 if ((frame.tf_rflags & PSL_I) == 0) {
201 * Buggy application or kernel code has disabled
202 * interrupts and then trapped. Enabling interrupts
203 * now is wrong, but it is better than running with
204 * interrupts disabled until they are accidentally
207 if (ISPL(frame.tf_cs) == SEL_UPL)
209 "pid %ld (%s): trap %d with interrupts disabled\n",
210 (long)curproc->p_pid, curproc->p_comm, type);
211 else if (type != T_NMI && type != T_BPTFLT &&
214 * XXX not quite right, since this may be for a
215 * multiple fault in user mode.
217 printf("kernel trap %d with interrupts disabled\n",
220 * We shouldn't enable interrupts while in a critical
223 if (td->td_critnest == 0)
229 if (type == T_PAGEFLT) {
231 * If we get a page fault while in a critical section, then
232 * it is most likely a fatal kernel page fault. The kernel
233 * is already going to panic trying to get a sleep lock to
234 * do the VM lookup, so just consider it a fatal trap so the
235 * kernel can print out a useful trap message and even get
238 if (td->td_critnest != 0)
239 trap_fatal(&frame, frame.tf_addr);
242 if (ISPL(frame.tf_cs) == SEL_UPL) {
245 sticks = td->td_sticks;
246 td->td_frame = &frame;
247 if (td->td_ucred != p->p_ucred)
248 cred_update_thread(td);
251 case T_PRIVINFLT: /* privileged instruction fault */
256 case T_BPTFLT: /* bpt instruction fault */
257 case T_TRCTRAP: /* trace trap */
259 frame.tf_rflags &= ~PSL_T;
263 case T_ARITHTRAP: /* arithmetic trap */
270 case T_PROTFLT: /* general protection fault */
271 case T_STKFLT: /* stack fault */
272 case T_SEGNPFLT: /* segment not present fault */
273 case T_TSSFLT: /* invalid TSS fault */
274 case T_DOUBLEFLT: /* double fault */
276 ucode = code + BUS_SEGM_FAULT ;
280 case T_PAGEFLT: /* page fault */
281 if (td->td_pflags & TDP_SA)
282 thread_user_enter(td);
283 i = trap_pfault(&frame, TRUE);
292 case T_DIVIDE: /* integer divide fault */
299 /* machine/parity/power fail/"kitchen sink" faults */
301 if (isa_nmi(code) == 0) {
304 * NMI can be hooked up to a pushbutton
308 printf ("NMI ... going to debugger\n");
309 kdb_trap(type, 0, &frame);
313 } else if (panic_on_nmi)
314 panic("NMI indicates hardware failure");
318 case T_OFLOW: /* integer overflow fault */
323 case T_BOUND: /* bounds check fault */
329 /* transparent fault (due to context switch "late") */
333 ucode = FPE_FPU_NP_TRAP;
336 case T_FPOPFLT: /* FPU operand fetch fault */
341 case T_XMMFLT: /* SIMD floating-point exception */
349 KASSERT(cold || td->td_ucred != NULL,
350 ("kernel trap doesn't have ucred"));
352 case T_PAGEFLT: /* page fault */
353 (void) trap_pfault(&frame, FALSE);
358 * The kernel is apparently using fpu for copying.
359 * XXX this should be fatal unless the kernel has
360 * registered such use.
363 printf("fpudna in kernel mode!\n");
368 case T_STKFLT: /* stack fault */
371 case T_PROTFLT: /* general protection fault */
372 case T_SEGNPFLT: /* segment not present fault */
373 if (td->td_intr_nesting_level != 0)
377 * Invalid segment selectors and out of bounds
378 * %rip's and %rsp's can be set up in user mode.
379 * This causes a fault in kernel mode when the
380 * kernel tries to return to user mode. We want
381 * to get this fault so that we can fix the
382 * problem here and not have to check all the
383 * selectors and pointers when the user changes
386 if (frame.tf_rip == (long)doreti_iret) {
387 frame.tf_rip = (long)doreti_iret_fault;
390 if (PCPU_GET(curpcb)->pcb_onfault != NULL) {
392 (long)PCPU_GET(curpcb)->pcb_onfault;
399 * PSL_NT can be set in user mode and isn't cleared
400 * automatically when the kernel is entered. This
401 * causes a TSS fault when the kernel attempts to
402 * `iret' because the TSS link is uninitialized. We
403 * want to get this fault so that we can fix the
404 * problem here and not every time the kernel is
407 if (frame.tf_rflags & PSL_NT) {
408 frame.tf_rflags &= ~PSL_NT;
413 case T_TRCTRAP: /* trace trap */
415 * Ignore debug register trace traps due to
416 * accesses in the user's address space, which
417 * can happen under several conditions such as
418 * if a user sets a watchpoint on a buffer and
419 * then passes that buffer to a system call.
420 * We still want to get TRCTRAPS for addresses
421 * in kernel space because that is useful when
422 * debugging the kernel.
424 if (user_dbreg_trap()) {
426 * Reset breakpoint bits because the
429 /* XXX check upper bits here */
430 load_dr6(rdr6() & 0xfffffff0);
434 * FALLTHROUGH (TRCTRAP kernel mode, kernel address)
438 * If KDB is enabled, let it handle the debugger trap.
439 * Otherwise, debugger traps "can't happen".
443 if (kdb_trap(type, 0, &frame))
451 /* machine/parity/power fail/"kitchen sink" faults */
452 if (isa_nmi(code) == 0) {
455 * NMI can be hooked up to a pushbutton
459 printf ("NMI ... going to debugger\n");
460 kdb_trap(type, 0, &frame);
464 } else if (panic_on_nmi == 0)
470 trap_fatal(&frame, 0);
474 /* Translate fault for emulators (e.g. Linux) */
475 if (*p->p_sysent->sv_transtrap)
476 i = (*p->p_sysent->sv_transtrap)(i, type);
478 trapsignal(td, i, ucode);
481 if (type <= MAX_TRAP_MSG) {
482 uprintf("fatal process exception: %s",
484 if ((type == T_PAGEFLT) || (type == T_PROTFLT))
485 uprintf(", fault VA = 0x%lx", frame.tf_addr);
491 userret(td, &frame, sticks);
492 mtx_assert(&Giant, MA_NOTOWNED);
499 trap_pfault(frame, usermode)
500 struct trapframe *frame;
504 struct vmspace *vm = NULL;
508 struct thread *td = curthread;
509 struct proc *p = td->td_proc;
510 vm_offset_t eva = frame->tf_addr;
512 va = trunc_page(eva);
513 if (va >= KERNBASE) {
515 * Don't allow user-mode faults in kernel address space.
523 * This is a fault on non-kernel virtual memory.
524 * vm is initialized above to NULL. If curproc is NULL
525 * or curproc->p_vmspace is NULL the fault is fatal.
537 * PGEX_I is defined only if the execute disable bit capability is
538 * supported and enabled.
540 if (frame->tf_err & PGEX_W)
541 ftype = VM_PROT_WRITE;
542 else if ((frame->tf_err & PGEX_I) && pg_nx != 0)
543 ftype = VM_PROT_EXECUTE;
545 ftype = VM_PROT_READ;
547 if (map != kernel_map) {
549 * Keep swapout from messing with us during this
556 /* Fault in the user page: */
557 rv = vm_fault(map, va, ftype,
558 (ftype & VM_PROT_WRITE) ? VM_FAULT_DIRTY
566 * Don't have to worry about process locking or stacks in the
569 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
571 if (rv == KERN_SUCCESS)
575 if (td->td_intr_nesting_level == 0 &&
576 PCPU_GET(curpcb)->pcb_onfault != NULL) {
577 frame->tf_rip = (long)PCPU_GET(curpcb)->pcb_onfault;
580 trap_fatal(frame, eva);
584 return((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV);
588 trap_fatal(frame, eva)
589 struct trapframe *frame;
595 struct soft_segment_descriptor softseg;
598 code = frame->tf_err;
599 type = frame->tf_trapno;
600 sdtossd(&gdt[IDXSEL(frame->tf_cs & 0xffff)], &softseg);
602 if (type <= MAX_TRAP_MSG)
603 msg = trap_msg[type];
606 printf("\n\nFatal trap %d: %s while in %s mode\n", type, msg,
607 ISPL(frame->tf_cs) == SEL_UPL ? "user" : "kernel");
609 /* two separate prints in case of a trap on an unmapped page */
610 printf("cpuid = %d; ", PCPU_GET(cpuid));
611 printf("apic id = %02x\n", PCPU_GET(apic_id));
613 if (type == T_PAGEFLT) {
614 printf("fault virtual address = 0x%lx\n", eva);
615 printf("fault code = %s %s %s, %s\n",
616 code & PGEX_U ? "user" : "supervisor",
617 code & PGEX_W ? "write" : "read",
618 code & PGEX_I ? "instruction" : "data",
619 code & PGEX_P ? "protection violation" : "page not present");
621 printf("instruction pointer = 0x%lx:0x%lx\n",
622 frame->tf_cs & 0xffff, frame->tf_rip);
623 if (ISPL(frame->tf_cs) == SEL_UPL) {
624 ss = frame->tf_ss & 0xffff;
627 ss = GSEL(GDATA_SEL, SEL_KPL);
628 esp = (long)&frame->tf_rsp;
630 printf("stack pointer = 0x%x:0x%lx\n", ss, esp);
631 printf("frame pointer = 0x%x:0x%lx\n", ss, frame->tf_rbp);
632 printf("code segment = base 0x%lx, limit 0x%lx, type 0x%x\n",
633 softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type);
634 printf(" = DPL %d, pres %d, long %d, def32 %d, gran %d\n",
635 softseg.ssd_dpl, softseg.ssd_p, softseg.ssd_long, softseg.ssd_def32,
637 printf("processor eflags = ");
638 if (frame->tf_rflags & PSL_T)
639 printf("trace trap, ");
640 if (frame->tf_rflags & PSL_I)
641 printf("interrupt enabled, ");
642 if (frame->tf_rflags & PSL_NT)
643 printf("nested task, ");
644 if (frame->tf_rflags & PSL_RF)
646 printf("IOPL = %ld\n", (frame->tf_rflags & PSL_IOPL) >> 12);
647 printf("current process = ");
650 (u_long)curproc->p_pid, curproc->p_comm ?
651 curproc->p_comm : "");
657 if (debugger_on_panic || kdb_active) {
659 rflags = intr_disable();
660 if (kdb_trap(type, 0, frame)) {
661 intr_restore(rflags);
664 intr_restore(rflags);
667 printf("trap number = %d\n", type);
668 if (type <= MAX_TRAP_MSG)
669 panic("%s", trap_msg[type]);
671 panic("unknown/reserved trap");
675 * Double fault handler. Called when a fault occurs while writing
676 * a frame for a trap/exception onto the stack. This usually occurs
677 * when the stack overflows (such is the case with infinite recursion,
681 dblfault_handler(struct trapframe frame)
683 printf("\nFatal double fault\n");
684 printf("rip = 0x%lx\n", frame.tf_rip);
685 printf("rsp = 0x%lx\n", frame.tf_rsp);
686 printf("rbp = 0x%lx\n", frame.tf_rbp);
688 /* two separate prints in case of a trap on an unmapped page */
689 printf("cpuid = %d; ", PCPU_GET(cpuid));
690 printf("apic id = %02x\n", PCPU_GET(apic_id));
692 panic("double fault");
696 * syscall - system call request C handler
698 * A system call is essentially treated as a trap.
702 struct trapframe frame;
705 struct sysent *callp;
706 struct thread *td = curthread;
707 struct proc *p = td->td_proc;
708 register_t orig_tf_rflags;
718 * note: PCPU_LAZY_INC() can only be used if we can afford
719 * occassional inaccuracy in the count.
721 PCPU_LAZY_INC(cnt.v_syscall);
724 if (ISPL(frame.tf_cs) != SEL_UPL) {
725 mtx_lock(&Giant); /* try to stabilize the system XXX */
734 sticks = td->td_sticks;
735 td->td_frame = &frame;
736 if (td->td_ucred != p->p_ucred)
737 cred_update_thread(td);
738 if (p->p_flag & P_SA)
739 thread_user_enter(td);
740 params = (caddr_t)frame.tf_rsp + sizeof(register_t);
742 orig_tf_rflags = frame.tf_rflags;
744 if (p->p_sysent->sv_prepsyscall) {
746 * The prep code is MP aware.
748 (*p->p_sysent->sv_prepsyscall)(&frame, (int *)args, &code, ¶ms);
750 if (code == SYS_syscall || code == SYS___syscall) {
757 if (p->p_sysent->sv_mask)
758 code &= p->p_sysent->sv_mask;
760 if (code >= p->p_sysent->sv_size)
761 callp = &p->p_sysent->sv_table[0];
763 callp = &p->p_sysent->sv_table[code];
765 narg = callp->sy_narg & SYF_ARGMASK;
768 * copyin and the ktrsyscall()/ktrsysret() code is MP-aware
770 KASSERT(narg <= sizeof(args) / sizeof(args[0]),
771 ("Too many syscall arguments!"));
773 argp = &frame.tf_rdi;
775 bcopy(argp, args, sizeof(args[0]) * regcnt);
777 KASSERT(params != NULL, ("copyin args with no params!"));
778 error = copyin(params, &args[regcnt],
779 (narg - regcnt) * sizeof(args[0]));
784 if (KTRPOINT(td, KTR_SYSCALL))
785 ktrsyscall(code, narg, argp);
788 CTR4(KTR_SYSC, "syscall enter thread %p pid %d proc %s code %d", td,
789 td->td_proc->p_pid, td->td_proc->p_comm, code);
792 td->td_retval[0] = 0;
793 td->td_retval[1] = frame.tf_rdx;
795 STOPEVENT(p, S_SCE, narg);
797 PTRACESTOP_SC(p, td, S_PT_SCE);
799 if ((callp->sy_narg & SYF_MPSAFE) == 0) {
801 AUDIT_SYSCALL_ENTER(code, td);
802 error = (*callp->sy_call)(td, argp);
803 AUDIT_SYSCALL_EXIT(error, td);
806 AUDIT_SYSCALL_ENTER(code, td);
807 error = (*callp->sy_call)(td, argp);
808 AUDIT_SYSCALL_EXIT(error, td);
814 frame.tf_rax = td->td_retval[0];
815 frame.tf_rdx = td->td_retval[1];
816 frame.tf_rflags &= ~PSL_C;
821 * Reconstruct pc, we know that 'syscall' is 2 bytes.
822 * We have to do a full context restore so that %r10
823 * (which was holding the value of %rcx) is restored for
824 * the next iteration.
826 frame.tf_rip -= frame.tf_err;
827 frame.tf_r10 = frame.tf_rcx;
828 td->td_pcb->pcb_flags |= PCB_FULLCTX;
835 if (p->p_sysent->sv_errsize) {
836 if (error >= p->p_sysent->sv_errsize)
837 error = -1; /* XXX */
839 error = p->p_sysent->sv_errtbl[error];
841 frame.tf_rax = error;
842 frame.tf_rflags |= PSL_C;
849 if (orig_tf_rflags & PSL_T) {
850 frame.tf_rflags &= ~PSL_T;
851 trapsignal(td, SIGTRAP, 0);
855 * Handle reschedule and other end-of-syscall issues
857 userret(td, &frame, sticks);
859 CTR4(KTR_SYSC, "syscall exit thread %p pid %d proc %s code %d", td,
860 td->td_proc->p_pid, td->td_proc->p_comm, code);
863 if (KTRPOINT(td, KTR_SYSRET))
864 ktrsysret(code, error, td->td_retval[0]);
868 * This works because errno is findable through the
869 * register set. If we ever support an emulation where this
870 * is not the case, this code will need to be revisited.
872 STOPEVENT(p, S_SCX, code);
874 PTRACESTOP_SC(p, td, S_PT_SCX);
876 WITNESS_WARN(WARN_PANIC, NULL, "System call %s returning",
877 (code >= 0 && code < SYS_MAXSYSCALL) ? syscallnames[code] : "???");
878 mtx_assert(&sched_lock, MA_NOTOWNED);
879 mtx_assert(&Giant, MA_NOTOWNED);
projects / FreeBSD / FreeBSD.git / blob