1 /* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */
4 * Copyright 2004 Olivier Houchard
5 * Copyright 2003 Wasabi Systems, Inc.
8 * Written by Steve C. Woodford for Wasabi Systems, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed for the NetBSD Project by
21 * Wasabi Systems, Inc.
22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
23 * or promote products derived from this software without specific prior
26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1994-1997 Mark Brinicombe.
40 * Copyright (c) 1994 Brini.
41 * All rights reserved.
43 * This code is derived from software written for Brini by Mark Brinicombe
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
48 * 1. Redistributions of source code must retain the above copyright
49 * notice, this list of conditions and the following disclaimer.
50 * 2. Redistributions in binary form must reproduce the above copyright
51 * notice, this list of conditions and the following disclaimer in the
52 * documentation and/or other materials provided with the distribution.
53 * 3. All advertising materials mentioning features or use of this software
54 * must display the following acknowledgement:
55 * This product includes software developed by Brini.
56 * 4. The name of the company nor the name of the author may be used to
57 * endorse or promote products derived from this software without specific
58 * prior written permission.
60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED
61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
72 * RiscBSD kernel project
82 #include "opt_ktrace.h"
84 #include <sys/cdefs.h>
85 __FBSDID("$FreeBSD$");
87 #include <sys/param.h>
89 #include <sys/systm.h>
91 #include <sys/kernel.h>
93 #include <sys/mutex.h>
94 #include <sys/syscall.h>
95 #include <sys/sysent.h>
96 #include <sys/signalvar.h>
100 #include <sys/ktrace.h>
102 #include <sys/ptrace.h>
103 #include <sys/pioctl.h>
107 #include <vm/vm_kern.h>
108 #include <vm/vm_map.h>
109 #include <vm/vm_extern.h>
111 #include <machine/cpuconf.h>
112 #include <machine/vmparam.h>
113 #include <machine/frame.h>
114 #include <machine/cpu.h>
115 #include <machine/intr.h>
116 #include <machine/pcb.h>
117 #include <machine/proc.h>
118 #include <machine/swi.h>
120 #include <security/audit/audit.h>
127 void swi_handler(struct trapframe *);
128 void undefinedinstruction(struct trapframe *);
130 #include <machine/disassem.h>
131 #include <machine/machdep.h>
133 extern char fusubailout[];
136 int last_fault_code; /* For the benefit of pmap_fault_fixup() */
139 #if defined(CPU_ARM7TDMI)
140 /* These CPUs may need data/prefetch abort fixups */
141 #define CPU_ABORT_FIXUP_REQUIRED
149 int (*func)(struct trapframe *, u_int, u_int, struct thread *,
154 static int dab_fatal(struct trapframe *, u_int, u_int, struct thread *,
156 static int dab_align(struct trapframe *, u_int, u_int, struct thread *,
158 static int dab_buserr(struct trapframe *, u_int, u_int, struct thread *,
161 static const struct data_abort data_aborts[] = {
162 {dab_fatal, "Vector Exception"},
163 {dab_align, "Alignment Fault 1"},
164 {dab_fatal, "Terminal Exception"},
165 {dab_align, "Alignment Fault 3"},
166 {dab_buserr, "External Linefetch Abort (S)"},
167 {NULL, "Translation Fault (S)"},
168 #if (ARM_MMU_V6 + ARM_MMU_V7) != 0
169 {NULL, "Translation Flag Fault"},
171 {dab_buserr, "External Linefetch Abort (P)"},
173 {NULL, "Translation Fault (P)"},
174 {dab_buserr, "External Non-Linefetch Abort (S)"},
175 {NULL, "Domain Fault (S)"},
176 {dab_buserr, "External Non-Linefetch Abort (P)"},
177 {NULL, "Domain Fault (P)"},
178 {dab_buserr, "External Translation Abort (L1)"},
179 {NULL, "Permission Fault (S)"},
180 {dab_buserr, "External Translation Abort (L2)"},
181 {NULL, "Permission Fault (P)"}
184 /* Determine if a fault came from user mode */
185 #define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE)
187 /* Determine if 'x' is a permission fault */
188 #define IS_PERMISSION_FAULT(x) \
189 (((1 << ((x) & FAULT_TYPE_MASK)) & \
190 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0)
193 call_trapsignal(struct thread *td, int sig, u_long code)
197 ksiginfo_init_trap(&ksi);
199 ksi.ksi_code = (int)code;
200 trapsignal(td, &ksi);
204 data_abort_fixup(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
207 #ifdef CPU_ABORT_FIXUP_REQUIRED
210 /* Call the cpu specific data abort fixup routine */
211 error = cpu_dataabt_fixup(tf);
212 if (__predict_true(error != ABORT_FIXUP_FAILED))
216 * Oops, couldn't fix up the instruction
218 printf("data_abort_fixup: fixup for %s mode data abort failed.\n",
219 TRAP_USERMODE(tf) ? "user" : "kernel");
220 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc,
221 *((u_int *)tf->tf_pc));
222 disassemble(tf->tf_pc);
224 /* Die now if this happened in kernel mode */
225 if (!TRAP_USERMODE(tf))
226 dab_fatal(tf, fsr, far, td, NULL, ksig);
230 return (ABORT_FIXUP_OK);
231 #endif /* CPU_ABORT_FIXUP_REQUIRED */
235 data_abort_handler(struct trapframe *tf)
240 u_int user, far, fsr;
249 /* Grab FAR/FSR before enabling interrupts */
250 far = cpu_faultaddress();
251 fsr = cpu_faultstatus();
253 printf("data abort: fault address=%p (from pc=%p lr=%p)\n",
254 (void*)far, (void*)tf->tf_pc, (void*)tf->tf_svc_lr);
257 /* Update vmmeter statistics */
265 PCPU_INC(cnt.v_trap);
266 /* Data abort came from user mode? */
267 user = TRAP_USERMODE(tf);
272 if (td->td_ucred != td->td_proc->p_ucred)
273 cred_update_thread(td);
276 /* Grab the current pcb */
278 /* Re-enable interrupts if they were enabled previously */
279 if (td->td_md.md_spinlock_count == 0) {
280 if (__predict_true(tf->tf_spsr & I32_bit) == 0)
281 enable_interrupts(I32_bit);
282 if (__predict_true(tf->tf_spsr & F32_bit) == 0)
283 enable_interrupts(F32_bit);
287 /* Invoke the appropriate handler, if necessary */
288 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) {
289 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far,
297 * At this point, we're dealing with one of the following data aborts:
299 * FAULT_TRANS_S - Translation -- Section
300 * FAULT_TRANS_P - Translation -- Page
301 * FAULT_DOMAIN_S - Domain -- Section
302 * FAULT_DOMAIN_P - Domain -- Page
303 * FAULT_PERM_S - Permission -- Section
304 * FAULT_PERM_P - Permission -- Page
306 * These are the main virtual memory-related faults signalled by
310 /* fusubailout is used by [fs]uswintr to avoid page faulting */
311 if (__predict_false(pcb->pcb_onfault == fusubailout)) {
313 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
318 * Make sure the Program Counter is sane. We could fall foul of
319 * someone executing Thumb code, in which case the PC might not
320 * be word-aligned. This would cause a kernel alignment fault
321 * further down if we have to decode the current instruction.
322 * XXX: It would be nice to be able to support Thumb at some point.
324 if (__predict_false((tf->tf_pc & 3) != 0)) {
327 * Give the user an illegal instruction signal.
329 /* Deliver a SIGILL to the process */
336 * The kernel never executes Thumb code.
338 printf("\ndata_abort_fault: Misaligned Kernel-mode "
339 "Program Counter\n");
340 dab_fatal(tf, fsr, far, td, &ksig);
343 /* See if the cpu state needs to be fixed up */
344 switch (data_abort_fixup(tf, fsr, far, td, &ksig)) {
345 case ABORT_FIXUP_RETURN:
347 case ABORT_FIXUP_FAILED:
348 /* Deliver a SIGILL to the process */
356 va = trunc_page((vm_offset_t)far);
359 * It is only a kernel address space fault iff:
361 * 2. pcb_onfault not set or
362 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction.
364 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS ||
365 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) &&
366 __predict_true((pcb->pcb_onfault == NULL ||
367 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) {
370 /* Was the fault due to the FPE/IPKDB ? */
371 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) {
374 * Force exit via userret()
375 * This is necessary as the FPE is an extension to
376 * userland that actually runs in a priveledged mode
377 * but uses USR mode permissions for its accesses.
380 ksig.signb = SIGSEGV;
385 map = &td->td_proc->p_vmspace->vm_map;
389 * We need to know whether the page should be mapped
390 * as R or R/W. The MMU does not give us the info as
391 * to whether the fault was caused by a read or a write.
393 * However, we know that a permission fault can only be
394 * the result of a write to a read-only location, so
395 * we can deal with those quickly.
397 * Otherwise we need to disassemble the instruction
398 * responsible to determine if it was a write.
400 if (IS_PERMISSION_FAULT(fsr))
401 ftype = VM_PROT_WRITE;
403 u_int insn = ReadWord(tf->tf_pc);
405 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */
406 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */
407 ((insn & 0x0a100000) == 0x08000000)) { /* STM/CDT */
408 ftype = VM_PROT_WRITE;
410 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */
411 ftype = VM_PROT_READ | VM_PROT_WRITE;
413 ftype = VM_PROT_READ;
418 * See if the fault is as a result of ref/mod emulation,
419 * or domain mismatch.
422 last_fault_code = fsr;
424 if (pmap_fault_fixup(vmspace_pmap(td->td_proc->p_vmspace), va, ftype,
429 onfault = pcb->pcb_onfault;
430 pcb->pcb_onfault = NULL;
431 if (map != kernel_map) {
436 error = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
437 pcb->pcb_onfault = onfault;
439 if (map != kernel_map) {
444 if (__predict_true(error == 0))
447 if (pcb->pcb_onfault) {
449 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
453 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype,
455 dab_fatal(tf, fsr, far, td, &ksig);
459 if (error == ENOMEM) {
460 printf("VM: pid %d (%s), uid %d killed: "
461 "out of swap\n", td->td_proc->p_pid, td->td_name,
462 (td->td_proc->p_ucred) ?
463 td->td_proc->p_ucred->cr_uid : -1);
464 ksig.signb = SIGKILL;
466 ksig.signb = SIGSEGV;
470 call_trapsignal(td, ksig.signb, ksig.code);
472 /* If returning to user mode, make sure to invoke userret() */
478 * dab_fatal() handles the following data aborts:
480 * FAULT_WRTBUF_0 - Vector Exception
481 * FAULT_WRTBUF_1 - Terminal Exception
483 * We should never see these on a properly functioning system.
485 * This function is also called by the other handlers if they
486 * detect a fatal problem.
488 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort.
491 dab_fatal(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
496 mode = TRAP_USERMODE(tf) ? "user" : "kernel";
498 disable_interrupts(I32_bit|F32_bit);
500 printf("Fatal %s mode data abort: '%s'\n", mode,
501 data_aborts[fsr & FAULT_TYPE_MASK].desc);
502 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr);
503 if ((fsr & FAULT_IMPRECISE) == 0)
504 printf("%08x, ", far);
507 printf("spsr=%08x\n", tf->tf_spsr);
509 printf("Fatal %s mode prefetch abort at 0x%08x\n",
511 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr);
514 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n",
515 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3);
516 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n",
517 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7);
518 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n",
519 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11);
520 printf("r12=%08x, ", tf->tf_r12);
522 if (TRAP_USERMODE(tf))
523 printf("usp=%08x, ulr=%08x",
524 tf->tf_usr_sp, tf->tf_usr_lr);
526 printf("ssp=%08x, slr=%08x",
527 tf->tf_svc_sp, tf->tf_svc_lr);
528 printf(", pc =%08x\n\n", tf->tf_pc);
531 if (debugger_on_panic || kdb_active)
532 if (kdb_trap(fsr, 0, tf))
535 panic("Fatal abort");
540 * dab_align() handles the following data aborts:
542 * FAULT_ALIGN_0 - Alignment fault
543 * FAULT_ALIGN_1 - Alignment fault
545 * These faults are fatal if they happen in kernel mode. Otherwise, we
546 * deliver a bus error to the process.
549 dab_align(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
553 /* Alignment faults are always fatal if they occur in kernel mode */
554 if (!TRAP_USERMODE(tf)) {
555 if (!td || !td->td_pcb->pcb_onfault)
556 dab_fatal(tf, fsr, far, td, ksig);
558 tf->tf_pc = (int)td->td_pcb->pcb_onfault;
562 /* pcb_onfault *must* be NULL at this point */
564 /* See if the cpu state needs to be fixed up */
565 (void) data_abort_fixup(tf, fsr, far, td, ksig);
567 /* Deliver a bus error signal to the process */
569 ksig->signb = SIGBUS;
576 * dab_buserr() handles the following data aborts:
578 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section
579 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page
580 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section
581 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page
582 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1
583 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2
585 * If pcb_onfault is set, flag the fault and return to the handler.
586 * If the fault occurred in user mode, give the process a SIGBUS.
588 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2
589 * can be flagged as imprecise in the FSR. This causes a real headache
590 * since some of the machine state is lost. In this case, tf->tf_pc
591 * may not actually point to the offending instruction. In fact, if
592 * we've taken a double abort fault, it generally points somewhere near
593 * the top of "data_abort_entry" in exception.S.
595 * In all other cases, these data aborts are considered fatal.
598 dab_buserr(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
601 struct pcb *pcb = td->td_pcb;
604 if ((fsr & FAULT_IMPRECISE) != 0 &&
605 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) {
607 * Oops, an imprecise, double abort fault. We've lost the
608 * r14_abt/spsr_abt values corresponding to the original
609 * abort, and the spsr saved in the trapframe indicates
612 tf->tf_spsr &= ~PSR_MODE;
615 * We use a simple heuristic to determine if the double abort
616 * happened as a result of a kernel or user mode access.
617 * If the current trapframe is at the top of the kernel stack,
618 * the fault _must_ have come from user mode.
620 if (tf != ((struct trapframe *)pcb->un_32.pcb32_sp) - 1) {
622 * Kernel mode. We're either about to die a
623 * spectacular death, or pcb_onfault will come
624 * to our rescue. Either way, the current value
625 * of tf->tf_pc is irrelevant.
627 tf->tf_spsr |= PSR_SVC32_MODE;
628 if (pcb->pcb_onfault == NULL)
629 printf("\nKernel mode double abort!\n");
632 * User mode. We've lost the program counter at the
633 * time of the fault (not that it was accurate anyway;
634 * it's not called an imprecise fault for nothing).
635 * About all we can do is copy r14_usr to tf_pc and
636 * hope for the best. The process is about to get a
637 * SIGBUS, so it's probably history anyway.
639 tf->tf_spsr |= PSR_USR32_MODE;
640 tf->tf_pc = tf->tf_usr_lr;
644 /* FAR is invalid for imprecise exceptions */
645 if ((fsr & FAULT_IMPRECISE) != 0)
647 #endif /* __XSCALE__ */
649 if (pcb->pcb_onfault) {
651 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
655 /* See if the cpu state needs to be fixed up */
656 (void) data_abort_fixup(tf, fsr, far, td, ksig);
659 * At this point, if the fault happened in kernel mode, we're toast
661 if (!TRAP_USERMODE(tf))
662 dab_fatal(tf, fsr, far, td, ksig);
664 /* Deliver a bus error signal to the process */
665 ksig->signb = SIGBUS;
673 prefetch_abort_fixup(struct trapframe *tf, struct ksig *ksig)
675 #ifdef CPU_ABORT_FIXUP_REQUIRED
678 /* Call the cpu specific prefetch abort fixup routine */
679 error = cpu_prefetchabt_fixup(tf);
680 if (__predict_true(error != ABORT_FIXUP_FAILED))
684 * Oops, couldn't fix up the instruction
687 "prefetch_abort_fixup: fixup for %s mode prefetch abort failed.\n",
688 TRAP_USERMODE(tf) ? "user" : "kernel");
689 printf("pc = 0x%08x, opcode 0x%08x, insn = ", tf->tf_pc,
690 *((u_int *)tf->tf_pc));
691 disassemble(tf->tf_pc);
693 /* Die now if this happened in kernel mode */
694 if (!TRAP_USERMODE(tf))
695 dab_fatal(tf, 0, tf->tf_pc, NULL, ksig);
699 return (ABORT_FIXUP_OK);
700 #endif /* CPU_ABORT_FIXUP_REQUIRED */
704 * void prefetch_abort_handler(struct trapframe *tf)
706 * Abort handler called when instruction execution occurs at
707 * a non existent or restricted (access permissions) memory page.
708 * If the address is invalid and we were in SVC mode then panic as
709 * the kernel should never prefetch abort.
710 * If the address is invalid and the page is mapped then the user process
711 * does no have read permission so send it a signal.
712 * Otherwise fault the page in and try again.
715 prefetch_abort_handler(struct trapframe *tf)
720 vm_offset_t fault_pc, va;
726 /* Update vmmeter statistics */
730 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc,
731 (void*)tf->tf_usr_lr);
736 PCPU_INC(cnt.v_trap);
738 if (TRAP_USERMODE(tf)) {
740 if (td->td_ucred != td->td_proc->p_ucred)
741 cred_update_thread(td);
743 fault_pc = tf->tf_pc;
744 if (td->td_md.md_spinlock_count == 0) {
745 if (__predict_true(tf->tf_spsr & I32_bit) == 0)
746 enable_interrupts(I32_bit);
747 if (__predict_true(tf->tf_spsr & F32_bit) == 0)
748 enable_interrupts(F32_bit);
751 /* See if the cpu state needs to be fixed up */
752 switch (prefetch_abort_fixup(tf, &ksig)) {
753 case ABORT_FIXUP_RETURN:
755 case ABORT_FIXUP_FAILED:
756 /* Deliver a SIGILL to the process */
765 /* Prefetch aborts cannot happen in kernel mode */
766 if (__predict_false(!TRAP_USERMODE(tf)))
767 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig);
771 /* Ok validate the address, can only execute in USER space */
772 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS ||
773 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) {
774 ksig.signb = SIGSEGV;
779 map = &td->td_proc->p_vmspace->vm_map;
780 va = trunc_page(fault_pc);
783 * See if the pmap can handle this fault on its own...
786 last_fault_code = -1;
788 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1))
791 if (map != kernel_map) {
797 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE,
799 if (map != kernel_map) {
805 if (__predict_true(error == 0))
808 if (error == ENOMEM) {
809 printf("VM: pid %d (%s), uid %d killed: "
810 "out of swap\n", td->td_proc->p_pid, td->td_name,
811 (td->td_proc->p_ucred) ?
812 td->td_proc->p_ucred->cr_uid : -1);
813 ksig.signb = SIGKILL;
815 ksig.signb = SIGSEGV;
820 call_trapsignal(td, ksig.signb, ksig.code);
827 extern int badaddr_read_1(const uint8_t *, uint8_t *);
828 extern int badaddr_read_2(const uint16_t *, uint16_t *);
829 extern int badaddr_read_4(const uint32_t *, uint32_t *);
831 * Tentatively read an 8, 16, or 32-bit value from 'addr'.
832 * If the read succeeds, the value is written to 'rptr' and zero is returned.
833 * Else, return EFAULT.
836 badaddr_read(void *addr, size_t size, void *rptr)
845 cpu_drain_writebuf();
847 /* Read from the test address. */
849 case sizeof(uint8_t):
850 rv = badaddr_read_1(addr, &u.v1);
852 *(uint8_t *) rptr = u.v1;
855 case sizeof(uint16_t):
856 rv = badaddr_read_2(addr, &u.v2);
858 *(uint16_t *) rptr = u.v2;
861 case sizeof(uint32_t):
862 rv = badaddr_read_4(addr, &u.v4);
864 *(uint32_t *) rptr = u.v4;
868 panic("badaddr: invalid size (%lu)", (u_long) size);
871 /* Return EFAULT if the address was invalid, else zero */
876 cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
883 sa->code = td->td_frame->tf_r7;
885 sa->code = sa->insn & 0x000fffff;
887 ap = &td->td_frame->tf_r0;
888 if (sa->code == SYS_syscall) {
891 } else if (sa->code == SYS___syscall) {
892 sa->code = ap[_QUAD_LOWWORD];
897 if (p->p_sysent->sv_mask)
898 sa->code &= p->p_sysent->sv_mask;
899 if (sa->code >= p->p_sysent->sv_size)
900 sa->callp = &p->p_sysent->sv_table[0];
902 sa->callp = &p->p_sysent->sv_table[sa->code];
903 sa->narg = sa->callp->sy_narg;
905 memcpy(sa->args, ap, sa->nap * sizeof(register_t));
906 if (sa->narg > sa->nap) {
907 error = copyin((void *)td->td_frame->tf_usr_sp, sa->args +
908 sa->nap, (sa->narg - sa->nap) * sizeof(register_t));
911 td->td_retval[0] = 0;
912 td->td_retval[1] = 0;
917 #include "../../kern/subr_syscall.c"
920 syscall(struct thread *td, struct trapframe *frame)
922 struct syscall_args sa;
926 sa.insn = *(uint32_t *)(frame->tf_pc - INSN_SIZE);
927 switch (sa.insn & SWI_OS_MASK) {
928 case 0: /* XXX: we need our own one. */
931 call_trapsignal(td, SIGILL, 0);
938 error = syscallenter(td, &sa);
939 KASSERT(error != 0 || td->td_ar == NULL,
940 ("returning from syscall with td_ar set!"));
941 syscallret(td, error, &sa);
945 swi_handler(struct trapframe *frame)
947 struct thread *td = curthread;
949 td->td_frame = frame;
953 * Make sure the program counter is correctly aligned so we
954 * don't take an alignment fault trying to read the opcode.
956 if (__predict_false(((frame->tf_pc - INSN_SIZE) & 3) != 0)) {
957 call_trapsignal(td, SIGILL, 0);
962 * Enable interrupts if they were enabled before the exception.
963 * Since all syscalls *should* come from user mode it will always
964 * be safe to enable them, but check anyway.
966 if (td->td_md.md_spinlock_count == 0) {
967 if (__predict_true(frame->tf_spsr & I32_bit) == 0)
968 enable_interrupts(I32_bit);
969 if (__predict_true(frame->tf_spsr & F32_bit) == 0)
970 enable_interrupts(F32_bit);
projects / FreeBSD / stable / 10.git / blob