1 /* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */
4 * Copyright 2004 Olivier Houchard
5 * Copyright 2003 Wasabi Systems, Inc.
8 * Written by Steve C. Woodford for Wasabi Systems, Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed for the NetBSD Project by
21 * Wasabi Systems, Inc.
22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
23 * or promote products derived from this software without specific prior
26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
39 * Copyright (c) 1994-1997 Mark Brinicombe.
40 * Copyright (c) 1994 Brini.
41 * All rights reserved.
43 * This code is derived from software written for Brini by Mark Brinicombe
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
48 * 1. Redistributions of source code must retain the above copyright
49 * notice, this list of conditions and the following disclaimer.
50 * 2. Redistributions in binary form must reproduce the above copyright
51 * notice, this list of conditions and the following disclaimer in the
52 * documentation and/or other materials provided with the distribution.
53 * 3. All advertising materials mentioning features or use of this software
54 * must display the following acknowledgement:
55 * This product includes software developed by Brini.
56 * 4. The name of the company nor the name of the author may be used to
57 * endorse or promote products derived from this software without specific
58 * prior written permission.
60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED
61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
72 * RiscBSD kernel project
82 #include <sys/cdefs.h>
83 __FBSDID("$FreeBSD$");
85 #include <sys/param.h>
86 #include <sys/systm.h>
89 #include <sys/mutex.h>
90 #include <sys/signalvar.h>
94 #include <vm/vm_kern.h>
95 #include <vm/vm_map.h>
96 #include <vm/vm_extern.h>
98 #include <machine/cpu.h>
99 #include <machine/frame.h>
100 #include <machine/machdep.h>
101 #include <machine/pcb.h>
102 #include <machine/vmparam.h>
108 extern char fusubailout[];
111 int last_fault_code; /* For the benefit of pmap_fault_fixup() */
119 int (*func)(struct trapframe *, u_int, u_int, struct thread *,
124 static int dab_fatal(struct trapframe *, u_int, u_int, struct thread *,
126 static int dab_align(struct trapframe *, u_int, u_int, struct thread *,
128 static int dab_buserr(struct trapframe *, u_int, u_int, struct thread *,
131 static const struct data_abort data_aborts[] = {
132 {dab_fatal, "Vector Exception"},
133 {dab_align, "Alignment Fault 1"},
134 {dab_fatal, "Terminal Exception"},
135 {dab_align, "Alignment Fault 3"},
136 {dab_buserr, "External Linefetch Abort (S)"},
137 {NULL, "Translation Fault (S)"},
138 #if (ARM_MMU_V6 + ARM_MMU_V7) != 0
139 {NULL, "Translation Flag Fault"},
141 {dab_buserr, "External Linefetch Abort (P)"},
143 {NULL, "Translation Fault (P)"},
144 {dab_buserr, "External Non-Linefetch Abort (S)"},
145 {NULL, "Domain Fault (S)"},
146 {dab_buserr, "External Non-Linefetch Abort (P)"},
147 {NULL, "Domain Fault (P)"},
148 {dab_buserr, "External Translation Abort (L1)"},
149 {NULL, "Permission Fault (S)"},
150 {dab_buserr, "External Translation Abort (L2)"},
151 {NULL, "Permission Fault (P)"}
154 /* Determine if a fault came from user mode */
155 #define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE)
157 /* Determine if 'x' is a permission fault */
158 #define IS_PERMISSION_FAULT(x) \
159 (((1 << ((x) & FAULT_TYPE_MASK)) & \
160 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0)
163 call_trapsignal(struct thread *td, int sig, u_long code)
167 ksiginfo_init_trap(&ksi);
169 ksi.ksi_code = (int)code;
170 trapsignal(td, &ksi);
174 data_abort_handler(struct trapframe *tf)
179 u_int user, far, fsr;
188 /* Grab FAR/FSR before enabling interrupts */
189 far = cpu_faultaddress();
190 fsr = cpu_faultstatus();
192 printf("data abort: fault address=%p (from pc=%p lr=%p)\n",
193 (void*)far, (void*)tf->tf_pc, (void*)tf->tf_svc_lr);
196 /* Update vmmeter statistics */
204 PCPU_INC(cnt.v_trap);
205 /* Data abort came from user mode? */
206 user = TRAP_USERMODE(tf);
211 if (td->td_ucred != td->td_proc->p_ucred)
212 cred_update_thread(td);
215 /* Grab the current pcb */
217 /* Re-enable interrupts if they were enabled previously */
218 if (td->td_md.md_spinlock_count == 0) {
219 if (__predict_true(tf->tf_spsr & PSR_I) == 0)
220 enable_interrupts(PSR_I);
221 if (__predict_true(tf->tf_spsr & PSR_F) == 0)
222 enable_interrupts(PSR_F);
226 /* Invoke the appropriate handler, if necessary */
227 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) {
228 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far,
236 * At this point, we're dealing with one of the following data aborts:
238 * FAULT_TRANS_S - Translation -- Section
239 * FAULT_TRANS_P - Translation -- Page
240 * FAULT_DOMAIN_S - Domain -- Section
241 * FAULT_DOMAIN_P - Domain -- Page
242 * FAULT_PERM_S - Permission -- Section
243 * FAULT_PERM_P - Permission -- Page
245 * These are the main virtual memory-related faults signalled by
249 /* fusubailout is used by [fs]uswintr to avoid page faulting */
250 if (__predict_false(pcb->pcb_onfault == fusubailout)) {
252 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
257 * Make sure the Program Counter is sane. We could fall foul of
258 * someone executing Thumb code, in which case the PC might not
259 * be word-aligned. This would cause a kernel alignment fault
260 * further down if we have to decode the current instruction.
261 * XXX: It would be nice to be able to support Thumb at some point.
263 if (__predict_false((tf->tf_pc & 3) != 0)) {
266 * Give the user an illegal instruction signal.
268 /* Deliver a SIGILL to the process */
275 * The kernel never executes Thumb code.
277 printf("\ndata_abort_fault: Misaligned Kernel-mode "
278 "Program Counter\n");
279 dab_fatal(tf, fsr, far, td, &ksig);
282 va = trunc_page((vm_offset_t)far);
285 * It is only a kernel address space fault iff:
287 * 2. pcb_onfault not set or
288 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction.
290 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS ||
291 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) &&
292 __predict_true((pcb->pcb_onfault == NULL ||
293 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) {
296 /* Was the fault due to the FPE/IPKDB ? */
297 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) {
300 * Force exit via userret()
301 * This is necessary as the FPE is an extension to
302 * userland that actually runs in a priveledged mode
303 * but uses USR mode permissions for its accesses.
306 ksig.signb = SIGSEGV;
311 map = &td->td_proc->p_vmspace->vm_map;
315 * We need to know whether the page should be mapped as R or R/W. On
316 * armv6 and later the fault status register indicates whether the
317 * access was a read or write. Prior to armv6, we know that a
318 * permission fault can only be the result of a write to a read-only
319 * location, so we can deal with those quickly. Otherwise we need to
320 * disassemble the faulting instruction to determine if it was a write.
322 #if ARM_ARCH_6 || ARM_ARCH_7A
323 ftype = (fsr & FAULT_WNR) ? VM_PROT_READ | VM_PROT_WRITE : VM_PROT_READ;
325 if (IS_PERMISSION_FAULT(fsr))
326 ftype = VM_PROT_WRITE;
328 u_int insn = ReadWord(tf->tf_pc);
330 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */
331 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */
332 ((insn & 0x0a100000) == 0x08000000)) { /* STM/CDT */
333 ftype = VM_PROT_WRITE;
335 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */
336 ftype = VM_PROT_READ | VM_PROT_WRITE;
338 ftype = VM_PROT_READ;
344 * See if the fault is as a result of ref/mod emulation,
345 * or domain mismatch.
348 last_fault_code = fsr;
350 if (td->td_critnest != 0 || WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK,
351 NULL, "Kernel page fault") != 0)
352 goto fatal_pagefault;
354 if (pmap_fault_fixup(vmspace_pmap(td->td_proc->p_vmspace), va, ftype,
359 onfault = pcb->pcb_onfault;
360 pcb->pcb_onfault = NULL;
361 if (map != kernel_map) {
366 error = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
367 pcb->pcb_onfault = onfault;
369 if (map != kernel_map) {
374 if (__predict_true(error == 0))
378 if (pcb->pcb_onfault) {
380 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
384 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype,
386 dab_fatal(tf, fsr, far, td, &ksig);
390 if (error == ENOMEM) {
391 printf("VM: pid %d (%s), uid %d killed: "
392 "out of swap\n", td->td_proc->p_pid, td->td_name,
393 (td->td_proc->p_ucred) ?
394 td->td_proc->p_ucred->cr_uid : -1);
395 ksig.signb = SIGKILL;
397 ksig.signb = SIGSEGV;
401 call_trapsignal(td, ksig.signb, ksig.code);
403 /* If returning to user mode, make sure to invoke userret() */
409 * dab_fatal() handles the following data aborts:
411 * FAULT_WRTBUF_0 - Vector Exception
412 * FAULT_WRTBUF_1 - Terminal Exception
414 * We should never see these on a properly functioning system.
416 * This function is also called by the other handlers if they
417 * detect a fatal problem.
419 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort.
422 dab_fatal(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
427 mode = TRAP_USERMODE(tf) ? "user" : "kernel";
429 disable_interrupts(PSR_I|PSR_F);
431 printf("Fatal %s mode data abort: '%s'\n", mode,
432 data_aborts[fsr & FAULT_TYPE_MASK].desc);
433 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr);
434 if ((fsr & FAULT_IMPRECISE) == 0)
435 printf("%08x, ", far);
438 printf("spsr=%08x\n", tf->tf_spsr);
440 printf("Fatal %s mode prefetch abort at 0x%08x\n",
442 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr);
445 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n",
446 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3);
447 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n",
448 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7);
449 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n",
450 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11);
451 printf("r12=%08x, ", tf->tf_r12);
453 if (TRAP_USERMODE(tf))
454 printf("usp=%08x, ulr=%08x",
455 tf->tf_usr_sp, tf->tf_usr_lr);
457 printf("ssp=%08x, slr=%08x",
458 tf->tf_svc_sp, tf->tf_svc_lr);
459 printf(", pc =%08x\n\n", tf->tf_pc);
462 if (debugger_on_panic || kdb_active)
463 if (kdb_trap(fsr, 0, tf))
466 panic("Fatal abort");
471 * dab_align() handles the following data aborts:
473 * FAULT_ALIGN_0 - Alignment fault
474 * FAULT_ALIGN_1 - Alignment fault
476 * These faults are fatal if they happen in kernel mode. Otherwise, we
477 * deliver a bus error to the process.
480 dab_align(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
484 /* Alignment faults are always fatal if they occur in kernel mode */
485 if (!TRAP_USERMODE(tf)) {
486 if (!td || !td->td_pcb->pcb_onfault)
487 dab_fatal(tf, fsr, far, td, ksig);
489 tf->tf_pc = (int)td->td_pcb->pcb_onfault;
493 /* pcb_onfault *must* be NULL at this point */
495 /* Deliver a bus error signal to the process */
497 ksig->signb = SIGBUS;
504 * dab_buserr() handles the following data aborts:
506 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section
507 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page
508 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section
509 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page
510 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1
511 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2
513 * If pcb_onfault is set, flag the fault and return to the handler.
514 * If the fault occurred in user mode, give the process a SIGBUS.
516 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2
517 * can be flagged as imprecise in the FSR. This causes a real headache
518 * since some of the machine state is lost. In this case, tf->tf_pc
519 * may not actually point to the offending instruction. In fact, if
520 * we've taken a double abort fault, it generally points somewhere near
521 * the top of "data_abort_entry" in exception.S.
523 * In all other cases, these data aborts are considered fatal.
526 dab_buserr(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
529 struct pcb *pcb = td->td_pcb;
532 if ((fsr & FAULT_IMPRECISE) != 0 &&
533 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) {
535 * Oops, an imprecise, double abort fault. We've lost the
536 * r14_abt/spsr_abt values corresponding to the original
537 * abort, and the spsr saved in the trapframe indicates
540 tf->tf_spsr &= ~PSR_MODE;
543 * We use a simple heuristic to determine if the double abort
544 * happened as a result of a kernel or user mode access.
545 * If the current trapframe is at the top of the kernel stack,
546 * the fault _must_ have come from user mode.
548 if (tf != ((struct trapframe *)pcb->un_32.pcb32_sp) - 1) {
550 * Kernel mode. We're either about to die a
551 * spectacular death, or pcb_onfault will come
552 * to our rescue. Either way, the current value
553 * of tf->tf_pc is irrelevant.
555 tf->tf_spsr |= PSR_SVC32_MODE;
556 if (pcb->pcb_onfault == NULL)
557 printf("\nKernel mode double abort!\n");
560 * User mode. We've lost the program counter at the
561 * time of the fault (not that it was accurate anyway;
562 * it's not called an imprecise fault for nothing).
563 * About all we can do is copy r14_usr to tf_pc and
564 * hope for the best. The process is about to get a
565 * SIGBUS, so it's probably history anyway.
567 tf->tf_spsr |= PSR_USR32_MODE;
568 tf->tf_pc = tf->tf_usr_lr;
572 /* FAR is invalid for imprecise exceptions */
573 if ((fsr & FAULT_IMPRECISE) != 0)
575 #endif /* __XSCALE__ */
577 if (pcb->pcb_onfault) {
579 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
584 * At this point, if the fault happened in kernel mode, we're toast
586 if (!TRAP_USERMODE(tf))
587 dab_fatal(tf, fsr, far, td, ksig);
589 /* Deliver a bus error signal to the process */
590 ksig->signb = SIGBUS;
598 * void prefetch_abort_handler(struct trapframe *tf)
600 * Abort handler called when instruction execution occurs at
601 * a non existent or restricted (access permissions) memory page.
602 * If the address is invalid and we were in SVC mode then panic as
603 * the kernel should never prefetch abort.
604 * If the address is invalid and the page is mapped then the user process
605 * does no have read permission so send it a signal.
606 * Otherwise fault the page in and try again.
609 prefetch_abort_handler(struct trapframe *tf)
614 vm_offset_t fault_pc, va;
620 /* Update vmmeter statistics */
624 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc,
625 (void*)tf->tf_usr_lr);
630 PCPU_INC(cnt.v_trap);
632 if (TRAP_USERMODE(tf)) {
634 if (td->td_ucred != td->td_proc->p_ucred)
635 cred_update_thread(td);
637 fault_pc = tf->tf_pc;
638 if (td->td_md.md_spinlock_count == 0) {
639 if (__predict_true(tf->tf_spsr & PSR_I) == 0)
640 enable_interrupts(PSR_I);
641 if (__predict_true(tf->tf_spsr & PSR_F) == 0)
642 enable_interrupts(PSR_F);
645 /* Prefetch aborts cannot happen in kernel mode */
646 if (__predict_false(!TRAP_USERMODE(tf)))
647 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig);
651 /* Ok validate the address, can only execute in USER space */
652 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS ||
653 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) {
654 ksig.signb = SIGSEGV;
659 map = &td->td_proc->p_vmspace->vm_map;
660 va = trunc_page(fault_pc);
663 * See if the pmap can handle this fault on its own...
666 last_fault_code = -1;
668 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1))
671 if (map != kernel_map) {
677 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE,
679 if (map != kernel_map) {
685 if (__predict_true(error == 0))
688 if (error == ENOMEM) {
689 printf("VM: pid %d (%s), uid %d killed: "
690 "out of swap\n", td->td_proc->p_pid, td->td_name,
691 (td->td_proc->p_ucred) ?
692 td->td_proc->p_ucred->cr_uid : -1);
693 ksig.signb = SIGKILL;
695 ksig.signb = SIGSEGV;
700 call_trapsignal(td, ksig.signb, ksig.code);
707 extern int badaddr_read_1(const uint8_t *, uint8_t *);
708 extern int badaddr_read_2(const uint16_t *, uint16_t *);
709 extern int badaddr_read_4(const uint32_t *, uint32_t *);
711 * Tentatively read an 8, 16, or 32-bit value from 'addr'.
712 * If the read succeeds, the value is written to 'rptr' and zero is returned.
713 * Else, return EFAULT.
716 badaddr_read(void *addr, size_t size, void *rptr)
725 cpu_drain_writebuf();
727 /* Read from the test address. */
729 case sizeof(uint8_t):
730 rv = badaddr_read_1(addr, &u.v1);
732 *(uint8_t *) rptr = u.v1;
735 case sizeof(uint16_t):
736 rv = badaddr_read_2(addr, &u.v2);
738 *(uint16_t *) rptr = u.v2;
741 case sizeof(uint32_t):
742 rv = badaddr_read_4(addr, &u.v4);
744 *(uint32_t *) rptr = u.v4;
748 panic("badaddr: invalid size (%lu)", (u_long) size);
751 /* Return EFAULT if the address was invalid, else zero */
projects / FreeBSD / FreeBSD.git / blob