2 * Copyright 2014 Olivier Houchard <cognet@FreeBSD.org>
3 * Copyright 2014 Svatopluk Kraus <onwahe@gmail.com>
4 * Copyright 2014 Michal Meloun <meloun@miracle.cz>
5 * Copyright 2014 Andrew Turner <andrew@FreeBSD.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include "opt_ktrace.h"
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
37 #include <sys/systm.h>
39 #include <sys/kernel.h>
41 #include <sys/mutex.h>
42 #include <sys/signalvar.h>
44 #include <sys/vmmeter.h>
47 #include <sys/ktrace.h>
52 #include <vm/vm_kern.h>
53 #include <vm/vm_map.h>
54 #include <vm/vm_extern.h>
55 #include <vm/vm_param.h>
57 #include <machine/cpu.h>
58 #include <machine/frame.h>
59 #include <machine/machdep.h>
60 #include <machine/pcb.h>
64 #include <machine/db_machdep.h>
68 #include <sys/dtrace_bsd.h>
71 extern char cachebailout[];
74 int last_fault_code; /* For the benefit of pmap_fault_fixup() */
83 typedef int abort_func_t(struct trapframe *, u_int, u_int, u_int, u_int,
84 struct thread *, struct ksig *);
86 static abort_func_t abort_fatal;
87 static abort_func_t abort_align;
88 static abort_func_t abort_icache;
96 * How are the aborts handled?
99 * - Always fatal as we do not know what does it mean.
100 * Imprecise External Abort:
101 * - Always fatal, but can be handled somehow in the future.
102 * Now, due to PCIe buggy hardware, ignored.
103 * Precise External Abort:
104 * - Always fatal, but who knows in the future???
106 * - Special handling.
107 * External Translation Abort (L1 & L2)
108 * - Always fatal as something is screwed up in page tables or hardware.
109 * Domain Fault (L1 & L2):
110 * - Always fatal as we do not play game with domains.
112 * - Everything should be aligned in kernel with exception of user to kernel
113 * and vice versa data copying, so if pcb_onfault is not set, it's fatal.
114 * We generate signal in case of abort from user mode.
115 * Instruction cache maintenance:
116 * - According to manual, this is translation fault during cache maintenance
117 * operation. So, it could be really complex in SMP case and fuzzy too
118 * for cache operations working on virtual addresses. For now, we will
119 * consider this abort as fatal. In fact, no cache maintenance on
120 * not mapped virtual addresses should be called. As cache maintenance
121 * operation (except DMB, DSB, and Flush Prefetch Buffer) are priviledged,
122 * the abort is fatal for user mode as well for now. (This is good place to
123 * note that cache maintenance on virtual address fill TLB.)
124 * Acces Bit (L1 & L2):
125 * - Fast hardware emulation for kernel and user mode.
126 * Translation Fault (L1 & L2):
127 * - Standard fault mechanism is held including vm_fault().
128 * Permission Fault (L1 & L2):
129 * - Fast hardware emulation of modify bits and in other cases, standard
130 * fault mechanism is held including vm_fault().
133 static const struct abort aborts[] = {
134 {abort_fatal, "Undefined Code (0x000)"},
135 {abort_align, "Alignment Fault"},
136 {abort_fatal, "Debug Event"},
137 {NULL, "Access Bit (L1)"},
138 {NULL, "Instruction cache maintenance"},
139 {NULL, "Translation Fault (L1)"},
140 {NULL, "Access Bit (L2)"},
141 {NULL, "Translation Fault (L2)"},
143 {abort_fatal, "External Abort"},
144 {abort_fatal, "Domain Fault (L1)"},
145 {abort_fatal, "Undefined Code (0x00A)"},
146 {abort_fatal, "Domain Fault (L2)"},
147 {abort_fatal, "External Translation Abort (L1)"},
148 {NULL, "Permission Fault (L1)"},
149 {abort_fatal, "External Translation Abort (L2)"},
150 {NULL, "Permission Fault (L2)"},
152 {abort_fatal, "TLB Conflict Abort"},
153 {abort_fatal, "Undefined Code (0x401)"},
154 {abort_fatal, "Undefined Code (0x402)"},
155 {abort_fatal, "Undefined Code (0x403)"},
156 {abort_fatal, "Undefined Code (0x404)"},
157 {abort_fatal, "Undefined Code (0x405)"},
158 {abort_fatal, "Asynchronous External Abort"},
159 {abort_fatal, "Undefined Code (0x407)"},
161 {abort_fatal, "Asynchronous Parity Error on Memory Access"},
162 {abort_fatal, "Parity Error on Memory Access"},
163 {abort_fatal, "Undefined Code (0x40A)"},
164 {abort_fatal, "Undefined Code (0x40B)"},
165 {abort_fatal, "Parity Error on Translation (L1)"},
166 {abort_fatal, "Undefined Code (0x40D)"},
167 {abort_fatal, "Parity Error on Translation (L2)"},
168 {abort_fatal, "Undefined Code (0x40F)"}
172 call_trapsignal(struct thread *td, int sig, int code, vm_offset_t addr,
177 CTR4(KTR_TRAP, "%s: addr: %#x, sig: %d, code: %d",
178 __func__, addr, sig, code);
181 * TODO: some info would be nice to know
182 * if we are serving data or prefetch abort.
185 ksiginfo_init_trap(&ksi);
188 ksi.ksi_addr = (void *)addr;
189 ksi.ksi_trapno = trapno;
190 trapsignal(td, &ksi);
194 * abort_imprecise() handles the following abort:
196 * FAULT_EA_IMPREC - Imprecise External Abort
198 * The imprecise means that we don't know where the abort happened,
199 * thus FAR is undefined. The abort should not never fire, but hot
200 * plugging or accidental hardware failure can be the cause of it.
201 * If the abort happens, it can even be on different (thread) context.
202 * Without any additional support, the abort is fatal, as we do not
203 * know what really happened.
205 * QQQ: Some additional functionality, like pcb_onfault but global,
206 * can be implemented. Imprecise handlers could be registered
207 * which tell us if the abort is caused by something they know
208 * about. They should return one of three codes like:
212 * The handlers should be called until some of them returns
213 * FAULT_IS_MINE value or all was called. If all handlers return
214 * FAULT_IS_NOT_MINE value, then the abort is fatal.
217 abort_imprecise(struct trapframe *tf, u_int fsr, u_int prefetch, bool usermode)
221 * XXX - We can got imprecise abort as result of access
222 * to not-present PCI/PCIe configuration space.
227 abort_fatal(tf, FAULT_EA_IMPREC, fsr, 0, prefetch, curthread, NULL);
230 * Returning from this function means that we ignore
231 * the abort for good reason. Note that imprecise abort
232 * could fire any time even in user mode.
238 userret(curthread, tf);
243 * abort_debug() handles the following abort:
245 * FAULT_DEBUG - Debug Event
249 abort_debug(struct trapframe *tf, u_int fsr, u_int prefetch, bool usermode,
257 call_trapsignal(td, SIGTRAP, TRAP_BRKPT, far, FAULT_DEBUG);
261 kdb_trap((prefetch) ? T_BREAKPOINT : T_WATCHPOINT, 0, tf);
263 printf("No debugger in kernel.\n");
271 * FAR, FSR, and everything what can be lost after enabling
272 * interrupts must be grabbed before the interrupts will be
273 * enabled. Note that when interrupts will be enabled, we
274 * could even migrate to another CPU ...
276 * TODO: move quick cases to ASM
279 abort_handler(struct trapframe *tf, int prefetch)
292 int bp_harden, ucode;
300 fsr = (prefetch) ? cp15_ifsr_get(): cp15_dfsr_get();
302 far = (prefetch) ? cp15_ifar_get() : cp15_dfar_get();
304 far = (prefetch) ? TRAPF_PC(tf) : cp15_dfar_get();
307 idx = FSR_TO_FAULT(fsr);
308 usermode = TRAPF_USERMODE(tf); /* Abort came from user mode? */
311 * Apply BP hardening by flushing the branch prediction cache
312 * for prefaults on kernel addresses.
314 if (__predict_false(prefetch && far > VM_MAXUSER_ADDRESS &&
315 (idx == FAULT_TRAN_L2 || idx == FAULT_PERM_L2))) {
316 bp_harden = PCPU_GET(bp_harden_kind);
317 if (bp_harden == PCPU_BP_HARDEN_KIND_BPIALL)
319 else if (bp_harden == PCPU_BP_HARDEN_KIND_ICIALLU)
326 CTR6(KTR_TRAP, "%s: fsr %#x (idx %u) far %#x prefetch %u usermode %d",
327 __func__, fsr, idx, far, prefetch, usermode);
330 * Firstly, handle aborts that are not directly related to mapping.
332 if (__predict_false(idx == FAULT_EA_IMPREC)) {
333 abort_imprecise(tf, fsr, prefetch, usermode);
337 if (__predict_false(idx == FAULT_DEBUG)) {
338 abort_debug(tf, fsr, prefetch, usermode, far);
343 * ARM has a set of unprivileged load and store instructions
344 * (LDRT/LDRBT/STRT/STRBT ...) which are supposed to be used in other
345 * than user mode and OS should recognize their aborts and behave
346 * appropriately. However, there is no way how to do that reasonably
347 * in general unless we restrict the handling somehow.
349 * For now, these instructions are used only in copyin()/copyout()
350 * like functions where usermode buffers are checked in advance that
351 * they are not from KVA space. Thus, no action is needed here.
355 * (1) Handle access and R/W hardware emulation aborts.
356 * (2) Check that abort is not on pmap essential address ranges.
357 * There is no way how to fix it, so we don't even try.
359 rv = pmap_fault(PCPU_GET(curpmap), far, fsr, idx, usermode);
360 if (rv == KERN_SUCCESS)
368 if (rv == KERN_INVALID_ADDRESS)
371 if (__predict_false((td->td_pflags & TDP_NOFAULTING) != 0)) {
373 * Due to both processor errata and lazy TLB invalidation when
374 * access restrictions are removed from virtual pages, memory
375 * accesses that are allowed by the physical mapping layer may
376 * nonetheless cause one spurious page fault per virtual page.
377 * When the thread is executing a "no faulting" section that
378 * is bracketed by vm_fault_{disable,enable}_pagefaults(),
379 * every page fault is treated as a spurious page fault,
380 * unless it accesses the same virtual address as the most
381 * recent page fault within the same "no faulting" section.
383 if (td->td_md.md_spurflt_addr != far ||
384 (td->td_pflags & TDP_RESETSPUR) != 0) {
385 td->td_md.md_spurflt_addr = far;
386 td->td_pflags &= ~TDP_RESETSPUR;
388 tlb_flush_local(far & ~PAGE_MASK);
393 * If we get a page fault while in a critical section, then
394 * it is most likely a fatal kernel page fault. The kernel
395 * is already going to panic trying to get a sleep lock to
396 * do the VM lookup, so just consider it a fatal trap so the
397 * kernel can print out a useful trap message and even get
400 * If we get a page fault while holding a non-sleepable
401 * lock, then it is most likely a fatal kernel page fault.
402 * If WITNESS is enabled, then it's going to whine about
403 * bogus LORs with various VM locks, so just skip to the
404 * fatal trap handling directly.
406 if (td->td_critnest != 0 ||
407 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL,
408 "Kernel page fault") != 0) {
409 abort_fatal(tf, idx, fsr, far, prefetch, td, &ksig);
414 /* Re-enable interrupts if they were enabled previously. */
415 if (td->td_md.md_spinlock_count == 0) {
416 if (__predict_true(tf->tf_spsr & PSR_I) == 0)
417 enable_interrupts(PSR_I);
418 if (__predict_true(tf->tf_spsr & PSR_F) == 0)
419 enable_interrupts(PSR_F);
425 if (td->td_cowgen != p->p_cowgen)
426 thread_cow_update(td);
429 /* Invoke the appropriate handler, if necessary. */
430 if (__predict_false(aborts[idx].func != NULL)) {
431 if ((aborts[idx].func)(tf, idx, fsr, far, prefetch, td, &ksig))
437 * At this point, we're dealing with one of the following aborts:
439 * FAULT_ICACHE - I-cache maintenance
440 * FAULT_TRAN_xx - Translation
441 * FAULT_PERM_xx - Permission
445 * Don't pass faulting cache operation to vm_fault(). We don't want
446 * to handle all vm stuff at this moment.
449 if (__predict_false(pcb->pcb_onfault == cachebailout)) {
450 tf->tf_r0 = far; /* return failing address */
451 tf->tf_pc = (register_t)pcb->pcb_onfault;
455 /* Handle remaining I-cache aborts. */
456 if (idx == FAULT_ICACHE) {
457 if (abort_icache(tf, idx, fsr, far, prefetch, td, &ksig))
462 va = trunc_page(far);
463 if (va >= KERNBASE) {
465 * Don't allow user-mode faults in kernel address space.
473 * This is a fault on non-kernel virtual memory. If curproc
474 * is NULL or curproc->p_vmspace is NULL the fault is fatal.
476 vm = (p != NULL) ? p->p_vmspace : NULL;
481 if (!usermode && (td->td_intr_nesting_level != 0 ||
482 pcb->pcb_onfault == NULL)) {
483 abort_fatal(tf, idx, fsr, far, prefetch, td, &ksig);
488 ftype = (fsr & FSR_WNR) ? VM_PROT_WRITE : VM_PROT_READ;
490 ftype |= VM_PROT_EXECUTE;
493 last_fault_code = fsr;
497 onfault = pcb->pcb_onfault;
498 pcb->pcb_onfault = NULL;
501 /* Fault in the page. */
502 rv = vm_fault_trap(map, va, ftype, VM_FAULT_NORMAL, &ksig.sig,
507 pcb->pcb_onfault = onfault;
510 if (__predict_true(rv == KERN_SUCCESS))
514 if (td->td_intr_nesting_level == 0 &&
515 pcb->pcb_onfault != NULL) {
517 tf->tf_pc = (int)pcb->pcb_onfault;
520 CTR2(KTR_TRAP, "%s: vm_fault() failed with %d", __func__, rv);
521 abort_fatal(tf, idx, fsr, far, prefetch, td, &ksig);
528 call_trapsignal(td, ksig.sig, ksig.code, ksig.addr, idx);
535 * abort_fatal() handles the following data aborts:
537 * FAULT_DEBUG - Debug Event
538 * FAULT_ACCESS_xx - Acces Bit
539 * FAULT_EA_PREC - Precise External Abort
540 * FAULT_DOMAIN_xx - Domain Fault
541 * FAULT_EA_TRAN_xx - External Translation Abort
542 * FAULT_EA_IMPREC - Imprecise External Abort
543 * + all undefined codes for ABORT
545 * We should never see these on a properly functioning system.
547 * This function is also called by the other handlers if they
548 * detect a fatal problem.
550 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort.
553 abort_fatal(struct trapframe *tf, u_int idx, u_int fsr, u_int far,
554 u_int prefetch, struct thread *td, struct ksig *ksig)
560 usermode = TRAPF_USERMODE(tf);
563 if (dtrace_trap_func != NULL && (*dtrace_trap_func)(tf, far))
568 mode = usermode ? "user" : "kernel";
569 rw_mode = fsr & FSR_WNR ? "write" : "read";
570 disable_interrupts(PSR_I|PSR_F);
573 printf("Fatal %s mode data abort: '%s' on %s\n", mode,
574 aborts[idx].desc, rw_mode);
575 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr);
576 if (idx != FAULT_EA_IMPREC)
577 printf("%08x, ", far);
580 printf("spsr=%08x\n", tf->tf_spsr);
582 printf("Fatal %s mode prefetch abort at 0x%08x\n",
584 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr);
587 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n",
588 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3);
589 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n",
590 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7);
591 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n",
592 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11);
593 printf("r12=%08x, ", tf->tf_r12);
596 printf("usp=%08x, ulr=%08x",
597 tf->tf_usr_sp, tf->tf_usr_lr);
599 printf("ssp=%08x, slr=%08x",
600 tf->tf_svc_sp, tf->tf_svc_lr);
601 printf(", pc =%08x\n\n", tf->tf_pc);
604 if (debugger_on_trap) {
605 kdb_why = KDB_WHY_TRAP;
606 kdb_trap(fsr, 0, tf);
607 kdb_why = KDB_WHY_UNSET;
610 panic("Fatal abort");
615 * abort_align() handles the following data abort:
617 * FAULT_ALIGN - Alignment fault
619 * Everything should be aligned in kernel with exception of user to kernel
620 * and vice versa data copying, so if pcb_onfault is not set, it's fatal.
621 * We generate signal in case of abort from user mode.
624 abort_align(struct trapframe *tf, u_int idx, u_int fsr, u_int far,
625 u_int prefetch, struct thread *td, struct ksig *ksig)
629 usermode = TRAPF_USERMODE(tf);
631 if (td->td_intr_nesting_level == 0 && td != NULL &&
632 td->td_pcb->pcb_onfault != NULL) {
634 tf->tf_pc = (int)td->td_pcb->pcb_onfault;
637 abort_fatal(tf, idx, fsr, far, prefetch, td, ksig);
639 /* Deliver a bus error signal to the process */
640 ksig->code = BUS_ADRALN;
647 * abort_icache() handles the following data abort:
649 * FAULT_ICACHE - Instruction cache maintenance
651 * According to manual, FAULT_ICACHE is translation fault during cache
652 * maintenance operation. In fact, no cache maintenance operation on
653 * not mapped virtual addresses should be called. As cache maintenance
654 * operation (except DMB, DSB, and Flush Prefetch Buffer) are priviledged,
655 * the abort is concider as fatal for now. However, all the matter with
656 * cache maintenance operation on virtual addresses could be really complex
657 * and fuzzy in SMP case, so maybe in future standard fault mechanism
658 * should be held here including vm_fault() calling.
661 abort_icache(struct trapframe *tf, u_int idx, u_int fsr, u_int far,
662 u_int prefetch, struct thread *td, struct ksig *ksig)
665 abort_fatal(tf, idx, fsr, far, prefetch, td, ksig);
projects / FreeBSD / FreeBSD.git / blob