2 * Copyright (C) 1994, David Greenman
3 * Copyright (c) 1990, 1993
4 * The Regents of the University of California. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * the University of Utah, and William Jolitz.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by the University of
20 * California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91
40 #include <sys/cdefs.h>
41 __FBSDID("$FreeBSD$");
44 * 386 Trap and System call handling
47 #include "opt_clock.h"
49 #include "opt_hwpmc_hooks.h"
52 #include "opt_kdtrace.h"
56 #include <sys/param.h>
58 #include <sys/systm.h>
60 #include <sys/pioctl.h>
61 #include <sys/ptrace.h>
63 #include <sys/kernel.h>
66 #include <sys/mutex.h>
67 #include <sys/resourcevar.h>
68 #include <sys/signalvar.h>
69 #include <sys/syscall.h>
70 #include <sys/sysctl.h>
71 #include <sys/sysent.h>
73 #include <sys/vmmeter.h>
75 #include <sys/pmckern.h>
76 PMC_SOFT_DEFINE( , , page_fault, all);
77 PMC_SOFT_DEFINE( , , page_fault, read);
78 PMC_SOFT_DEFINE( , , page_fault, write);
80 #include <security/audit/audit.h>
83 #include <vm/vm_param.h>
85 #include <vm/vm_kern.h>
86 #include <vm/vm_map.h>
87 #include <vm/vm_page.h>
88 #include <vm/vm_extern.h>
90 #include <machine/cpu.h>
91 #include <machine/intr_machdep.h>
93 #include <machine/md_var.h>
94 #include <machine/pcb.h>
96 #include <machine/smp.h>
98 #include <machine/tss.h>
99 #include <machine/vm86.h>
102 #include <sys/syslog.h>
103 #include <machine/clock.h>
107 #include <sys/dtrace_bsd.h>
110 * This is a hook which is initialised by the dtrace module
111 * to handle traps which might occur during DTrace probe
114 dtrace_trap_func_t dtrace_trap_func;
116 dtrace_doubletrap_func_t dtrace_doubletrap_func;
119 * This is a hook which is initialised by the systrace module
120 * when it is loaded. This keeps the DTrace syscall provider
121 * implementation opaque.
123 systrace_probe_func_t systrace_probe_func;
126 * These hooks are necessary for the pid and usdt providers.
128 dtrace_pid_probe_ptr_t dtrace_pid_probe_ptr;
129 dtrace_return_probe_ptr_t dtrace_return_probe_ptr;
132 extern void trap(struct trapframe *frame);
133 extern void syscall(struct trapframe *frame);
135 static int trap_pfault(struct trapframe *, int, vm_offset_t);
136 static void trap_fatal(struct trapframe *, vm_offset_t);
137 void dblfault_handler(void);
139 extern inthand_t IDTVEC(lcall_syscall);
141 #define MAX_TRAP_MSG 32
142 static char *trap_msg[] = {
144 "privileged instruction fault", /* 1 T_PRIVINFLT */
146 "breakpoint instruction fault", /* 3 T_BPTFLT */
149 "arithmetic trap", /* 6 T_ARITHTRAP */
152 "general protection fault", /* 9 T_PROTFLT */
153 "trace trap", /* 10 T_TRCTRAP */
155 "page fault", /* 12 T_PAGEFLT */
157 "alignment fault", /* 14 T_ALIGNFLT */
161 "integer divide fault", /* 18 T_DIVIDE */
162 "non-maskable interrupt trap", /* 19 T_NMI */
163 "overflow trap", /* 20 T_OFLOW */
164 "FPU bounds check fault", /* 21 T_BOUND */
165 "FPU device not available", /* 22 T_DNA */
166 "double fault", /* 23 T_DOUBLEFLT */
167 "FPU operand fetch fault", /* 24 T_FPOPFLT */
168 "invalid TSS fault", /* 25 T_TSSFLT */
169 "segment not present fault", /* 26 T_SEGNPFLT */
170 "stack fault", /* 27 T_STKFLT */
171 "machine check trap", /* 28 T_MCHK */
172 "SIMD floating-point exception", /* 29 T_XMMFLT */
173 "reserved (unknown) fault", /* 30 T_RESERVED */
174 "", /* 31 unused (reserved) */
175 "DTrace pid return trap", /* 32 T_DTRACE_RET */
178 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
179 extern int has_f00f_bug;
183 static int kdb_on_nmi = 1;
184 SYSCTL_INT(_machdep, OID_AUTO, kdb_on_nmi, CTLFLAG_RW,
185 &kdb_on_nmi, 0, "Go to KDB on NMI");
186 TUNABLE_INT("machdep.kdb_on_nmi", &kdb_on_nmi);
188 static int panic_on_nmi = 1;
189 SYSCTL_INT(_machdep, OID_AUTO, panic_on_nmi, CTLFLAG_RW,
190 &panic_on_nmi, 0, "Panic on NMI");
191 TUNABLE_INT("machdep.panic_on_nmi", &panic_on_nmi);
192 static int prot_fault_translation = 0;
193 SYSCTL_INT(_machdep, OID_AUTO, prot_fault_translation, CTLFLAG_RW,
194 &prot_fault_translation, 0, "Select signal to deliver on protection fault");
195 static int uprintf_signal;
196 SYSCTL_INT(_machdep, OID_AUTO, uprintf_signal, CTLFLAG_RW,
198 "Print debugging information on trap signal to ctty");
201 * Exception, fault, and trap interface to the FreeBSD kernel.
202 * This common code is called from assembly language IDT gate entry
203 * routines that prepare a suitable stack frame, and restore this
204 * frame after the exception has been processed.
208 trap(struct trapframe *frame)
213 struct thread *td = curthread;
214 struct proc *p = td->td_proc;
215 int i = 0, ucode = 0, code;
221 static int lastalert = 0;
224 PCPU_INC(cnt.v_trap);
225 type = frame->tf_trapno;
228 /* Handler for NMI IPIs used for stopping CPUs. */
230 if (ipi_nmi_handler() == 0)
242 if (type == T_RESERVED) {
243 trap_fatal(frame, 0);
249 * CPU PMCs interrupt using an NMI so we check for that first.
250 * If the HWPMC module is active, 'pmc_hook' will point to
251 * the function to be called. A return value of '1' from the
252 * hook means that the NMI was handled by it and that we can
253 * return immediately.
255 if (type == T_NMI && pmc_intr &&
256 (*pmc_intr)(PCPU_GET(cpuid), frame))
260 if (type == T_MCHK) {
267 * A trap can occur while DTrace executes a probe. Before
268 * executing the probe, DTrace blocks re-scheduling and sets
269 * a flag in its per-cpu flags to indicate that it doesn't
270 * want to fault. On returning from the probe, the no-fault
271 * flag is cleared and finally re-scheduling is enabled.
273 if ((type == T_PROTFLT || type == T_PAGEFLT) &&
274 dtrace_trap_func != NULL && (*dtrace_trap_func)(frame, type))
278 if ((frame->tf_eflags & PSL_I) == 0) {
280 * Buggy application or kernel code has disabled
281 * interrupts and then trapped. Enabling interrupts
282 * now is wrong, but it is better than running with
283 * interrupts disabled until they are accidentally
286 if (ISPL(frame->tf_cs) == SEL_UPL || (frame->tf_eflags & PSL_VM))
288 "pid %ld (%s): trap %d with interrupts disabled\n",
289 (long)curproc->p_pid, curthread->td_name, type);
290 else if (type != T_BPTFLT && type != T_TRCTRAP &&
291 frame->tf_eip != (int)cpu_switch_load_gs) {
293 * XXX not quite right, since this may be for a
294 * multiple fault in user mode.
296 printf("kernel trap %d with interrupts disabled\n",
299 * Page faults need interrupts disabled until later,
300 * and we shouldn't enable interrupts while holding
301 * a spin lock or if servicing an NMI.
303 if (type != T_NMI && type != T_PAGEFLT &&
304 td->td_md.md_spinlock_count == 0)
309 code = frame->tf_err;
310 if (type == T_PAGEFLT) {
312 * For some Cyrix CPUs, %cr2 is clobbered by
313 * interrupts. This problem is worked around by using
314 * an interrupt gate for the pagefault handler. We
315 * are finally ready to read %cr2 and conditionally
316 * reenable interrupts. If we hold a spin lock, then
317 * we must not reenable interrupts. This might be a
318 * spurious page fault.
321 if (td->td_md.md_spinlock_count == 0)
325 if ((ISPL(frame->tf_cs) == SEL_UPL) ||
326 ((frame->tf_eflags & PSL_VM) &&
327 !(curpcb->pcb_flags & PCB_VM86CALL))) {
331 td->td_frame = frame;
332 addr = frame->tf_eip;
333 if (td->td_ucred != p->p_ucred)
334 cred_update_thread(td);
337 case T_PRIVINFLT: /* privileged instruction fault */
342 case T_BPTFLT: /* bpt instruction fault */
343 case T_TRCTRAP: /* trace trap */
346 if (type == T_BPTFLT) {
347 fill_frame_regs(frame, ®s);
348 if (dtrace_pid_probe_ptr != NULL &&
349 dtrace_pid_probe_ptr(®s) == 0)
353 frame->tf_eflags &= ~PSL_T;
355 ucode = (type == T_TRCTRAP ? TRAP_TRACE : TRAP_BRKPT);
358 case T_ARITHTRAP: /* arithmetic trap */
360 ucode = npxtrap_x87();
370 * The following two traps can happen in
371 * vm86 mode, and, if so, we want to handle
374 case T_PROTFLT: /* general protection fault */
375 case T_STKFLT: /* stack fault */
376 if (frame->tf_eflags & PSL_VM) {
377 i = vm86_emulate((struct vm86frame *)frame);
383 ucode = (type == T_PROTFLT) ? BUS_OBJERR : BUS_ADRERR;
385 case T_SEGNPFLT: /* segment not present fault */
389 case T_TSSFLT: /* invalid TSS fault */
397 case T_DOUBLEFLT: /* double fault */
403 case T_PAGEFLT: /* page fault */
405 i = trap_pfault(frame, TRUE, eva);
406 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
409 * The f00f hack workaround has triggered, so
410 * treat the fault as an illegal instruction
411 * (T_PRIVINFLT) instead of a page fault.
413 type = frame->tf_trapno = T_PRIVINFLT;
415 /* Proceed as in that case. */
429 if (prot_fault_translation == 0) {
432 * This check also covers the images
433 * without the ABI-tag ELF note.
435 if (SV_CURPROC_ABI() == SV_ABI_FREEBSD
436 && p->p_osrel >= P_OSREL_SIGSEGV) {
441 ucode = BUS_PAGE_FAULT;
443 } else if (prot_fault_translation == 1) {
445 * Always compat mode.
448 ucode = BUS_PAGE_FAULT;
451 * Always SIGSEGV mode.
460 case T_DIVIDE: /* integer divide fault */
469 # define TIMER_FREQ 1193182
471 if (time_second - lastalert > 10) {
472 log(LOG_WARNING, "NMI: power fail\n");
474 lastalert = time_second;
477 #else /* !POWERFAIL_NMI */
478 /* machine/parity/power fail/"kitchen sink" faults */
479 if (isa_nmi(code) == 0) {
482 * NMI can be hooked up to a pushbutton
486 printf ("NMI ... going to debugger\n");
487 kdb_trap(type, 0, frame);
491 } else if (panic_on_nmi)
492 panic("NMI indicates hardware failure");
494 #endif /* POWERFAIL_NMI */
497 case T_OFLOW: /* integer overflow fault */
502 case T_BOUND: /* bounds check fault */
509 KASSERT(PCB_USER_FPU(td->td_pcb),
510 ("kernel FPU ctx has leaked"));
511 /* transparent fault (due to context switch "late") */
515 uprintf("pid %d killed due to lack of floating point\n",
521 case T_FPOPFLT: /* FPU operand fetch fault */
526 case T_XMMFLT: /* SIMD floating-point exception */
527 #if defined(DEV_NPX) && !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
528 ucode = npxtrap_sse();
539 fill_frame_regs(frame, ®s);
540 if (dtrace_return_probe_ptr != NULL &&
541 dtrace_return_probe_ptr(®s) == 0)
549 KASSERT(cold || td->td_ucred != NULL,
550 ("kernel trap doesn't have ucred"));
552 case T_PAGEFLT: /* page fault */
553 (void) trap_pfault(frame, FALSE, eva);
558 KASSERT(!PCB_USER_FPU(td->td_pcb),
559 ("Unregistered use of FPU in kernel"));
565 case T_ARITHTRAP: /* arithmetic trap */
566 case T_XMMFLT: /* SIMD floating-point exception */
567 case T_FPOPFLT: /* FPU operand fetch fault */
569 * XXXKIB for now disable any FPU traps in kernel
570 * handler registration seems to be overkill
572 trap_fatal(frame, 0);
576 * The following two traps can happen in
577 * vm86 mode, and, if so, we want to handle
580 case T_PROTFLT: /* general protection fault */
581 case T_STKFLT: /* stack fault */
582 if (frame->tf_eflags & PSL_VM) {
583 i = vm86_emulate((struct vm86frame *)frame);
586 * returns to original process
588 vm86_trap((struct vm86frame *)frame);
591 if (type == T_STKFLT)
596 case T_SEGNPFLT: /* segment not present fault */
597 if (curpcb->pcb_flags & PCB_VM86CALL)
601 * Invalid %fs's and %gs's can be created using
602 * procfs or PT_SETREGS or by invalidating the
603 * underlying LDT entry. This causes a fault
604 * in kernel mode when the kernel attempts to
605 * switch contexts. Lose the bad context
606 * (XXX) so that we can continue, and generate
609 if (frame->tf_eip == (int)cpu_switch_load_gs) {
613 kern_psignal(p, SIGBUS);
619 if (td->td_intr_nesting_level != 0)
623 * Invalid segment selectors and out of bounds
624 * %eip's and %esp's can be set up in user mode.
625 * This causes a fault in kernel mode when the
626 * kernel tries to return to user mode. We want
627 * to get this fault so that we can fix the
628 * problem here and not have to check all the
629 * selectors and pointers when the user changes
632 if (frame->tf_eip == (int)doreti_iret) {
633 frame->tf_eip = (int)doreti_iret_fault;
636 if (frame->tf_eip == (int)doreti_popl_ds) {
637 frame->tf_eip = (int)doreti_popl_ds_fault;
640 if (frame->tf_eip == (int)doreti_popl_es) {
641 frame->tf_eip = (int)doreti_popl_es_fault;
644 if (frame->tf_eip == (int)doreti_popl_fs) {
645 frame->tf_eip = (int)doreti_popl_fs_fault;
648 if (curpcb->pcb_onfault != NULL) {
650 (int)curpcb->pcb_onfault;
657 * PSL_NT can be set in user mode and isn't cleared
658 * automatically when the kernel is entered. This
659 * causes a TSS fault when the kernel attempts to
660 * `iret' because the TSS link is uninitialized. We
661 * want to get this fault so that we can fix the
662 * problem here and not every time the kernel is
665 if (frame->tf_eflags & PSL_NT) {
666 frame->tf_eflags &= ~PSL_NT;
671 case T_TRCTRAP: /* trace trap */
672 if (frame->tf_eip == (int)IDTVEC(lcall_syscall)) {
674 * We've just entered system mode via the
675 * syscall lcall. Continue single stepping
676 * silently until the syscall handler has
681 if (frame->tf_eip == (int)IDTVEC(lcall_syscall) + 1) {
683 * The syscall handler has now saved the
684 * flags. Stop single stepping it.
686 frame->tf_eflags &= ~PSL_T;
690 * Ignore debug register trace traps due to
691 * accesses in the user's address space, which
692 * can happen under several conditions such as
693 * if a user sets a watchpoint on a buffer and
694 * then passes that buffer to a system call.
695 * We still want to get TRCTRAPS for addresses
696 * in kernel space because that is useful when
697 * debugging the kernel.
699 if (user_dbreg_trap() &&
700 !(curpcb->pcb_flags & PCB_VM86CALL)) {
702 * Reset breakpoint bits because the
705 load_dr6(rdr6() & 0xfffffff0);
709 * FALLTHROUGH (TRCTRAP kernel mode, kernel address)
713 * If KDB is enabled, let it handle the debugger trap.
714 * Otherwise, debugger traps "can't happen".
717 if (kdb_trap(type, 0, frame))
725 if (time_second - lastalert > 10) {
726 log(LOG_WARNING, "NMI: power fail\n");
728 lastalert = time_second;
731 #else /* !POWERFAIL_NMI */
732 /* machine/parity/power fail/"kitchen sink" faults */
733 if (isa_nmi(code) == 0) {
736 * NMI can be hooked up to a pushbutton
740 printf ("NMI ... going to debugger\n");
741 kdb_trap(type, 0, frame);
745 } else if (panic_on_nmi == 0)
748 #endif /* POWERFAIL_NMI */
752 trap_fatal(frame, eva);
756 /* Translate fault for emulators (e.g. Linux) */
757 if (*p->p_sysent->sv_transtrap)
758 i = (*p->p_sysent->sv_transtrap)(i, type);
760 ksiginfo_init_trap(&ksi);
762 ksi.ksi_code = ucode;
763 ksi.ksi_addr = (void *)addr;
764 ksi.ksi_trapno = type;
765 if (uprintf_signal) {
766 uprintf("pid %d comm %s: signal %d err %x code %d type %d "
767 "addr 0x%x esp 0x%08x eip 0x%08x "
768 "<%02x %02x %02x %02x %02x %02x %02x %02x>\n",
769 p->p_pid, p->p_comm, i, frame->tf_err, ucode, type, addr,
770 frame->tf_esp, frame->tf_eip,
771 fubyte((void *)(frame->tf_eip + 0)),
772 fubyte((void *)(frame->tf_eip + 1)),
773 fubyte((void *)(frame->tf_eip + 2)),
774 fubyte((void *)(frame->tf_eip + 3)),
775 fubyte((void *)(frame->tf_eip + 4)),
776 fubyte((void *)(frame->tf_eip + 5)),
777 fubyte((void *)(frame->tf_eip + 6)),
778 fubyte((void *)(frame->tf_eip + 7)));
780 KASSERT((read_eflags() & PSL_I) != 0, ("interrupts disabled"));
781 trapsignal(td, &ksi);
784 if (type <= MAX_TRAP_MSG) {
785 uprintf("fatal process exception: %s",
787 if ((type == T_PAGEFLT) || (type == T_PROTFLT))
788 uprintf(", fault VA = 0x%lx", (u_long)eva);
795 mtx_assert(&Giant, MA_NOTOWNED);
796 KASSERT(PCB_USER_FPU(td->td_pcb),
797 ("Return from trap with kernel FPU ctx leaked"));
804 trap_pfault(frame, usermode, eva)
805 struct trapframe *frame;
810 struct vmspace *vm = NULL;
814 struct thread *td = curthread;
815 struct proc *p = td->td_proc;
817 if (__predict_false((td->td_pflags & TDP_NOFAULTING) != 0)) {
819 * Due to both processor errata and lazy TLB invalidation when
820 * access restrictions are removed from virtual pages, memory
821 * accesses that are allowed by the physical mapping layer may
822 * nonetheless cause one spurious page fault per virtual page.
823 * When the thread is executing a "no faulting" section that
824 * is bracketed by vm_fault_{disable,enable}_pagefaults(),
825 * every page fault is treated as a spurious page fault,
826 * unless it accesses the same virtual address as the most
827 * recent page fault within the same "no faulting" section.
829 if (td->td_md.md_spurflt_addr != eva ||
830 (td->td_pflags & TDP_RESETSPUR) != 0) {
832 * Do nothing to the TLB. A stale TLB entry is
833 * flushed automatically by a page fault.
835 td->td_md.md_spurflt_addr = eva;
836 td->td_pflags &= ~TDP_RESETSPUR;
841 * If we get a page fault while in a critical section, then
842 * it is most likely a fatal kernel page fault. The kernel
843 * is already going to panic trying to get a sleep lock to
844 * do the VM lookup, so just consider it a fatal trap so the
845 * kernel can print out a useful trap message and even get
848 * If we get a page fault while holding a non-sleepable
849 * lock, then it is most likely a fatal kernel page fault.
850 * If WITNESS is enabled, then it's going to whine about
851 * bogus LORs with various VM locks, so just skip to the
852 * fatal trap handling directly.
854 if (td->td_critnest != 0 ||
855 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL,
856 "Kernel page fault") != 0) {
857 trap_fatal(frame, eva);
861 va = trunc_page(eva);
862 if (va >= KERNBASE) {
864 * Don't allow user-mode faults in kernel address space.
865 * An exception: if the faulting address is the invalid
866 * instruction entry in the IDT, then the Intel Pentium
867 * F00F bug workaround was triggered, and we need to
868 * treat it is as an illegal instruction, and not a page
871 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
872 if ((eva == (unsigned int)&idt[6]) && has_f00f_bug)
881 * This is a fault on non-kernel virtual memory.
882 * vm is initialized above to NULL. If curproc is NULL
883 * or curproc->p_vmspace is NULL the fault is fatal.
892 if (!usermode && (td->td_intr_nesting_level != 0 ||
893 curpcb->pcb_onfault == NULL)) {
894 trap_fatal(frame, eva);
900 * PGEX_I is defined only if the execute disable bit capability is
901 * supported and enabled.
903 if (frame->tf_err & PGEX_W)
904 ftype = VM_PROT_WRITE;
906 else if ((frame->tf_err & PGEX_I) && pg_nx != 0)
907 ftype = VM_PROT_EXECUTE;
910 ftype = VM_PROT_READ;
912 if (map != kernel_map) {
914 * Keep swapout from messing with us during this
921 /* Fault in the user page: */
922 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
929 * Don't have to worry about process locking or stacks in the
932 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
934 if (rv == KERN_SUCCESS) {
936 if (ftype == VM_PROT_READ || ftype == VM_PROT_WRITE) {
937 PMC_SOFT_CALL_TF( , , page_fault, all, frame);
938 if (ftype == VM_PROT_READ)
939 PMC_SOFT_CALL_TF( , , page_fault, read,
942 PMC_SOFT_CALL_TF( , , page_fault, write,
950 if (td->td_intr_nesting_level == 0 &&
951 curpcb->pcb_onfault != NULL) {
952 frame->tf_eip = (int)curpcb->pcb_onfault;
955 trap_fatal(frame, eva);
959 return((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV);
963 trap_fatal(frame, eva)
964 struct trapframe *frame;
969 struct soft_segment_descriptor softseg;
972 code = frame->tf_err;
973 type = frame->tf_trapno;
974 sdtossd(&gdt[IDXSEL(frame->tf_cs & 0xffff)].sd, &softseg);
976 if (type <= MAX_TRAP_MSG)
977 msg = trap_msg[type];
980 printf("\n\nFatal trap %d: %s while in %s mode\n", type, msg,
981 frame->tf_eflags & PSL_VM ? "vm86" :
982 ISPL(frame->tf_cs) == SEL_UPL ? "user" : "kernel");
984 /* two separate prints in case of a trap on an unmapped page */
985 printf("cpuid = %d; ", PCPU_GET(cpuid));
986 printf("apic id = %02x\n", PCPU_GET(apic_id));
988 if (type == T_PAGEFLT) {
989 printf("fault virtual address = 0x%x\n", eva);
990 printf("fault code = %s %s, %s\n",
991 code & PGEX_U ? "user" : "supervisor",
992 code & PGEX_W ? "write" : "read",
993 code & PGEX_P ? "protection violation" : "page not present");
995 printf("instruction pointer = 0x%x:0x%x\n",
996 frame->tf_cs & 0xffff, frame->tf_eip);
997 if ((ISPL(frame->tf_cs) == SEL_UPL) || (frame->tf_eflags & PSL_VM)) {
998 ss = frame->tf_ss & 0xffff;
1001 ss = GSEL(GDATA_SEL, SEL_KPL);
1002 esp = (int)&frame->tf_esp;
1004 printf("stack pointer = 0x%x:0x%x\n", ss, esp);
1005 printf("frame pointer = 0x%x:0x%x\n", ss, frame->tf_ebp);
1006 printf("code segment = base 0x%x, limit 0x%x, type 0x%x\n",
1007 softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type);
1008 printf(" = DPL %d, pres %d, def32 %d, gran %d\n",
1009 softseg.ssd_dpl, softseg.ssd_p, softseg.ssd_def32,
1011 printf("processor eflags = ");
1012 if (frame->tf_eflags & PSL_T)
1013 printf("trace trap, ");
1014 if (frame->tf_eflags & PSL_I)
1015 printf("interrupt enabled, ");
1016 if (frame->tf_eflags & PSL_NT)
1017 printf("nested task, ");
1018 if (frame->tf_eflags & PSL_RF)
1020 if (frame->tf_eflags & PSL_VM)
1022 printf("IOPL = %d\n", (frame->tf_eflags & PSL_IOPL) >> 12);
1023 printf("current process = %d (%s)\n",
1024 curproc->p_pid, curthread->td_name);
1027 if (debugger_on_panic || kdb_active) {
1028 frame->tf_err = eva; /* smuggle fault address to ddb */
1029 if (kdb_trap(type, 0, frame)) {
1030 frame->tf_err = code; /* restore error code */
1033 frame->tf_err = code; /* restore error code */
1036 printf("trap number = %d\n", type);
1037 if (type <= MAX_TRAP_MSG)
1038 panic("%s", trap_msg[type]);
1040 panic("unknown/reserved trap");
1044 * Double fault handler. Called when a fault occurs while writing
1045 * a frame for a trap/exception onto the stack. This usually occurs
1046 * when the stack overflows (such is the case with infinite recursion,
1049 * XXX Note that the current PTD gets replaced by IdlePTD when the
1050 * task switch occurs. This means that the stack that was active at
1051 * the time of the double fault is not available at <kstack> unless
1052 * the machine was idle when the double fault occurred. The downside
1053 * of this is that "trace <ebp>" in ddb won't work.
1058 #ifdef KDTRACE_HOOKS
1059 if (dtrace_doubletrap_func != NULL)
1060 (*dtrace_doubletrap_func)();
1062 printf("\nFatal double fault:\n");
1063 printf("eip = 0x%x\n", PCPU_GET(common_tss.tss_eip));
1064 printf("esp = 0x%x\n", PCPU_GET(common_tss.tss_esp));
1065 printf("ebp = 0x%x\n", PCPU_GET(common_tss.tss_ebp));
1067 /* two separate prints in case of a trap on an unmapped page */
1068 printf("cpuid = %d; ", PCPU_GET(cpuid));
1069 printf("apic id = %02x\n", PCPU_GET(apic_id));
1071 panic("double fault");
1075 cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
1078 struct trapframe *frame;
1083 frame = td->td_frame;
1085 params = (caddr_t)frame->tf_esp + sizeof(int);
1086 sa->code = frame->tf_eax;
1089 * Need to check if this is a 32 bit or 64 bit syscall.
1091 if (sa->code == SYS_syscall) {
1093 * Code is first argument, followed by actual args.
1095 sa->code = fuword(params);
1096 params += sizeof(int);
1097 } else if (sa->code == SYS___syscall) {
1099 * Like syscall, but code is a quad, so as to maintain
1100 * quad alignment for the rest of the arguments.
1102 sa->code = fuword(params);
1103 params += sizeof(quad_t);
1106 if (p->p_sysent->sv_mask)
1107 sa->code &= p->p_sysent->sv_mask;
1108 if (sa->code >= p->p_sysent->sv_size)
1109 sa->callp = &p->p_sysent->sv_table[0];
1111 sa->callp = &p->p_sysent->sv_table[sa->code];
1112 sa->narg = sa->callp->sy_narg;
1114 if (params != NULL && sa->narg != 0)
1115 error = copyin(params, (caddr_t)sa->args,
1116 (u_int)(sa->narg * sizeof(int)));
1121 td->td_retval[0] = 0;
1122 td->td_retval[1] = frame->tf_edx;
1128 #include "../../kern/subr_syscall.c"
1131 * syscall - system call request C handler. A system call is
1132 * essentially treated as a trap by reusing the frame layout.
1135 syscall(struct trapframe *frame)
1138 struct syscall_args sa;
1139 register_t orig_tf_eflags;
1144 if (ISPL(frame->tf_cs) != SEL_UPL) {
1149 orig_tf_eflags = frame->tf_eflags;
1152 td->td_frame = frame;
1154 error = syscallenter(td, &sa);
1159 if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
1160 frame->tf_eflags &= ~PSL_T;
1161 ksiginfo_init_trap(&ksi);
1162 ksi.ksi_signo = SIGTRAP;
1163 ksi.ksi_code = TRAP_TRACE;
1164 ksi.ksi_addr = (void *)frame->tf_eip;
1165 trapsignal(td, &ksi);
1168 KASSERT(PCB_USER_FPU(td->td_pcb),
1169 ("System call %s returning with kernel FPU ctx leaked",
1170 syscallname(td->td_proc, sa.code)));
1171 KASSERT(td->td_pcb->pcb_save == &td->td_pcb->pcb_user_save,
1172 ("System call %s returning with mangled pcb_save",
1173 syscallname(td->td_proc, sa.code)));
1175 syscallret(td, error, &sa);
projects / FreeBSD / stable / 9.git / blob