2 * Copyright (C) 1994, David Greenman
3 * Copyright (c) 1990, 1993
4 * The Regents of the University of California. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * the University of Utah, and William Jolitz.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by the University of
20 * California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91
40 #include <sys/cdefs.h>
41 __FBSDID("$FreeBSD$");
44 * 386 Trap and System call handling
47 #include "opt_clock.h"
49 #include "opt_hwpmc_hooks.h"
55 #include <sys/param.h>
57 #include <sys/systm.h>
59 #include <sys/pioctl.h>
60 #include <sys/ptrace.h>
62 #include <sys/kernel.h>
65 #include <sys/mutex.h>
66 #include <sys/resourcevar.h>
67 #include <sys/signalvar.h>
68 #include <sys/syscall.h>
69 #include <sys/sysctl.h>
70 #include <sys/sysent.h>
72 #include <sys/vmmeter.h>
74 #include <sys/pmckern.h>
75 PMC_SOFT_DEFINE( , , page_fault, all);
76 PMC_SOFT_DEFINE( , , page_fault, read);
77 PMC_SOFT_DEFINE( , , page_fault, write);
79 #include <security/audit/audit.h>
82 #include <vm/vm_param.h>
84 #include <vm/vm_kern.h>
85 #include <vm/vm_map.h>
86 #include <vm/vm_page.h>
87 #include <vm/vm_extern.h>
89 #include <machine/cpu.h>
90 #include <machine/intr_machdep.h>
92 #include <machine/md_var.h>
93 #include <machine/pcb.h>
95 #include <machine/smp.h>
97 #include <machine/tss.h>
98 #include <machine/vm86.h>
101 #include <sys/syslog.h>
102 #include <machine/clock.h>
106 #include <sys/dtrace_bsd.h>
109 extern void trap(struct trapframe *frame);
110 extern void syscall(struct trapframe *frame);
112 static int trap_pfault(struct trapframe *, int, vm_offset_t);
113 static void trap_fatal(struct trapframe *, vm_offset_t);
114 void dblfault_handler(void);
116 extern inthand_t IDTVEC(lcall_syscall);
118 #define MAX_TRAP_MSG 32
119 static char *trap_msg[] = {
121 "privileged instruction fault", /* 1 T_PRIVINFLT */
123 "breakpoint instruction fault", /* 3 T_BPTFLT */
126 "arithmetic trap", /* 6 T_ARITHTRAP */
129 "general protection fault", /* 9 T_PROTFLT */
130 "trace trap", /* 10 T_TRCTRAP */
132 "page fault", /* 12 T_PAGEFLT */
134 "alignment fault", /* 14 T_ALIGNFLT */
138 "integer divide fault", /* 18 T_DIVIDE */
139 "non-maskable interrupt trap", /* 19 T_NMI */
140 "overflow trap", /* 20 T_OFLOW */
141 "FPU bounds check fault", /* 21 T_BOUND */
142 "FPU device not available", /* 22 T_DNA */
143 "double fault", /* 23 T_DOUBLEFLT */
144 "FPU operand fetch fault", /* 24 T_FPOPFLT */
145 "invalid TSS fault", /* 25 T_TSSFLT */
146 "segment not present fault", /* 26 T_SEGNPFLT */
147 "stack fault", /* 27 T_STKFLT */
148 "machine check trap", /* 28 T_MCHK */
149 "SIMD floating-point exception", /* 29 T_XMMFLT */
150 "reserved (unknown) fault", /* 30 T_RESERVED */
151 "", /* 31 unused (reserved) */
152 "DTrace pid return trap", /* 32 T_DTRACE_RET */
155 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
156 int has_f00f_bug = 0; /* Initialized so that it can be patched. */
160 static int kdb_on_nmi = 1;
161 SYSCTL_INT(_machdep, OID_AUTO, kdb_on_nmi, CTLFLAG_RWTUN,
162 &kdb_on_nmi, 0, "Go to KDB on NMI");
164 static int panic_on_nmi = 1;
165 SYSCTL_INT(_machdep, OID_AUTO, panic_on_nmi, CTLFLAG_RWTUN,
166 &panic_on_nmi, 0, "Panic on NMI");
167 static int prot_fault_translation = 0;
168 SYSCTL_INT(_machdep, OID_AUTO, prot_fault_translation, CTLFLAG_RW,
169 &prot_fault_translation, 0, "Select signal to deliver on protection fault");
170 static int uprintf_signal;
171 SYSCTL_INT(_machdep, OID_AUTO, uprintf_signal, CTLFLAG_RW,
173 "Print debugging information on trap signal to ctty");
176 * Exception, fault, and trap interface to the FreeBSD kernel.
177 * This common code is called from assembly language IDT gate entry
178 * routines that prepare a suitable stack frame, and restore this
179 * frame after the exception has been processed.
183 trap(struct trapframe *frame)
188 struct thread *td = curthread;
189 struct proc *p = td->td_proc;
190 int i = 0, ucode = 0, code;
196 static int lastalert = 0;
199 PCPU_INC(cnt.v_trap);
200 type = frame->tf_trapno;
203 /* Handler for NMI IPIs used for stopping CPUs. */
205 if (ipi_nmi_handler() == 0)
217 if (type == T_RESERVED) {
218 trap_fatal(frame, 0);
224 * CPU PMCs interrupt using an NMI so we check for that first.
225 * If the HWPMC module is active, 'pmc_hook' will point to
226 * the function to be called. A return value of '1' from the
227 * hook means that the NMI was handled by it and that we can
228 * return immediately.
230 if (type == T_NMI && pmc_intr &&
231 (*pmc_intr)(PCPU_GET(cpuid), frame))
235 if (type == T_MCHK) {
242 * A trap can occur while DTrace executes a probe. Before
243 * executing the probe, DTrace blocks re-scheduling and sets
244 * a flag in its per-cpu flags to indicate that it doesn't
245 * want to fault. On returning from the probe, the no-fault
246 * flag is cleared and finally re-scheduling is enabled.
248 if ((type == T_PROTFLT || type == T_PAGEFLT) &&
249 dtrace_trap_func != NULL && (*dtrace_trap_func)(frame, type))
253 if ((frame->tf_eflags & PSL_I) == 0) {
255 * Buggy application or kernel code has disabled
256 * interrupts and then trapped. Enabling interrupts
257 * now is wrong, but it is better than running with
258 * interrupts disabled until they are accidentally
261 if (ISPL(frame->tf_cs) == SEL_UPL || (frame->tf_eflags & PSL_VM))
263 "pid %ld (%s): trap %d with interrupts disabled\n",
264 (long)curproc->p_pid, curthread->td_name, type);
265 else if (type != T_NMI && type != T_BPTFLT &&
267 frame->tf_eip != (int)cpu_switch_load_gs) {
269 * XXX not quite right, since this may be for a
270 * multiple fault in user mode.
272 printf("kernel trap %d with interrupts disabled\n",
275 * Page faults need interrupts disabled until later,
276 * and we shouldn't enable interrupts while holding
279 if (type != T_PAGEFLT &&
280 td->td_md.md_spinlock_count == 0)
285 code = frame->tf_err;
286 if (type == T_PAGEFLT) {
288 * For some Cyrix CPUs, %cr2 is clobbered by
289 * interrupts. This problem is worked around by using
290 * an interrupt gate for the pagefault handler. We
291 * are finally ready to read %cr2 and conditionally
292 * reenable interrupts. If we hold a spin lock, then
293 * we must not reenable interrupts. This might be a
294 * spurious page fault.
297 if (td->td_md.md_spinlock_count == 0)
301 if ((ISPL(frame->tf_cs) == SEL_UPL) ||
302 ((frame->tf_eflags & PSL_VM) &&
303 !(curpcb->pcb_flags & PCB_VM86CALL))) {
307 td->td_frame = frame;
308 addr = frame->tf_eip;
309 if (td->td_ucred != p->p_ucred)
310 cred_update_thread(td);
313 case T_PRIVINFLT: /* privileged instruction fault */
318 case T_BPTFLT: /* bpt instruction fault */
319 case T_TRCTRAP: /* trace trap */
322 if (type == T_BPTFLT) {
323 fill_frame_regs(frame, ®s);
324 if (dtrace_pid_probe_ptr != NULL &&
325 dtrace_pid_probe_ptr(®s) == 0)
329 frame->tf_eflags &= ~PSL_T;
331 ucode = (type == T_TRCTRAP ? TRAP_TRACE : TRAP_BRKPT);
334 case T_ARITHTRAP: /* arithmetic trap */
336 ucode = npxtrap_x87();
346 * The following two traps can happen in
347 * vm86 mode, and, if so, we want to handle
350 case T_PROTFLT: /* general protection fault */
351 case T_STKFLT: /* stack fault */
352 if (frame->tf_eflags & PSL_VM) {
353 i = vm86_emulate((struct vm86frame *)frame);
359 ucode = (type == T_PROTFLT) ? BUS_OBJERR : BUS_ADRERR;
361 case T_SEGNPFLT: /* segment not present fault */
365 case T_TSSFLT: /* invalid TSS fault */
373 case T_DOUBLEFLT: /* double fault */
379 case T_PAGEFLT: /* page fault */
381 i = trap_pfault(frame, TRUE, eva);
382 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
385 * The f00f hack workaround has triggered, so
386 * treat the fault as an illegal instruction
387 * (T_PRIVINFLT) instead of a page fault.
389 type = frame->tf_trapno = T_PRIVINFLT;
391 /* Proceed as in that case. */
405 if (prot_fault_translation == 0) {
408 * This check also covers the images
409 * without the ABI-tag ELF note.
411 if (SV_CURPROC_ABI() == SV_ABI_FREEBSD
412 && p->p_osrel >= P_OSREL_SIGSEGV) {
417 ucode = BUS_PAGE_FAULT;
419 } else if (prot_fault_translation == 1) {
421 * Always compat mode.
424 ucode = BUS_PAGE_FAULT;
427 * Always SIGSEGV mode.
436 case T_DIVIDE: /* integer divide fault */
445 # define TIMER_FREQ 1193182
447 if (time_second - lastalert > 10) {
448 log(LOG_WARNING, "NMI: power fail\n");
450 lastalert = time_second;
453 #else /* !POWERFAIL_NMI */
454 /* machine/parity/power fail/"kitchen sink" faults */
455 if (isa_nmi(code) == 0) {
458 * NMI can be hooked up to a pushbutton
462 printf ("NMI ... going to debugger\n");
463 kdb_trap(type, 0, frame);
467 } else if (panic_on_nmi)
468 panic("NMI indicates hardware failure");
470 #endif /* POWERFAIL_NMI */
473 case T_OFLOW: /* integer overflow fault */
478 case T_BOUND: /* bounds check fault */
485 KASSERT(PCB_USER_FPU(td->td_pcb),
486 ("kernel FPU ctx has leaked"));
487 /* transparent fault (due to context switch "late") */
491 uprintf("pid %d killed due to lack of floating point\n",
497 case T_FPOPFLT: /* FPU operand fetch fault */
502 case T_XMMFLT: /* SIMD floating-point exception */
503 #if defined(DEV_NPX) && !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
504 ucode = npxtrap_sse();
515 fill_frame_regs(frame, ®s);
516 if (dtrace_return_probe_ptr != NULL &&
517 dtrace_return_probe_ptr(®s) == 0)
525 KASSERT(cold || td->td_ucred != NULL,
526 ("kernel trap doesn't have ucred"));
528 case T_PAGEFLT: /* page fault */
529 (void) trap_pfault(frame, FALSE, eva);
534 KASSERT(!PCB_USER_FPU(td->td_pcb),
535 ("Unregistered use of FPU in kernel"));
541 case T_ARITHTRAP: /* arithmetic trap */
542 case T_XMMFLT: /* SIMD floating-point exception */
543 case T_FPOPFLT: /* FPU operand fetch fault */
545 * XXXKIB for now disable any FPU traps in kernel
546 * handler registration seems to be overkill
548 trap_fatal(frame, 0);
552 * The following two traps can happen in
553 * vm86 mode, and, if so, we want to handle
556 case T_PROTFLT: /* general protection fault */
557 case T_STKFLT: /* stack fault */
558 if (frame->tf_eflags & PSL_VM) {
559 i = vm86_emulate((struct vm86frame *)frame);
562 * returns to original process
564 vm86_trap((struct vm86frame *)frame);
567 if (type == T_STKFLT)
572 case T_SEGNPFLT: /* segment not present fault */
573 if (curpcb->pcb_flags & PCB_VM86CALL)
577 * Invalid %fs's and %gs's can be created using
578 * procfs or PT_SETREGS or by invalidating the
579 * underlying LDT entry. This causes a fault
580 * in kernel mode when the kernel attempts to
581 * switch contexts. Lose the bad context
582 * (XXX) so that we can continue, and generate
585 if (frame->tf_eip == (int)cpu_switch_load_gs) {
589 kern_psignal(p, SIGBUS);
595 if (td->td_intr_nesting_level != 0)
599 * Invalid segment selectors and out of bounds
600 * %eip's and %esp's can be set up in user mode.
601 * This causes a fault in kernel mode when the
602 * kernel tries to return to user mode. We want
603 * to get this fault so that we can fix the
604 * problem here and not have to check all the
605 * selectors and pointers when the user changes
608 if (frame->tf_eip == (int)doreti_iret) {
609 frame->tf_eip = (int)doreti_iret_fault;
612 if (frame->tf_eip == (int)doreti_popl_ds) {
613 frame->tf_eip = (int)doreti_popl_ds_fault;
616 if (frame->tf_eip == (int)doreti_popl_es) {
617 frame->tf_eip = (int)doreti_popl_es_fault;
620 if (frame->tf_eip == (int)doreti_popl_fs) {
621 frame->tf_eip = (int)doreti_popl_fs_fault;
624 if (curpcb->pcb_onfault != NULL) {
626 (int)curpcb->pcb_onfault;
633 * PSL_NT can be set in user mode and isn't cleared
634 * automatically when the kernel is entered. This
635 * causes a TSS fault when the kernel attempts to
636 * `iret' because the TSS link is uninitialized. We
637 * want to get this fault so that we can fix the
638 * problem here and not every time the kernel is
641 if (frame->tf_eflags & PSL_NT) {
642 frame->tf_eflags &= ~PSL_NT;
647 case T_TRCTRAP: /* trace trap */
648 if (frame->tf_eip == (int)IDTVEC(lcall_syscall)) {
650 * We've just entered system mode via the
651 * syscall lcall. Continue single stepping
652 * silently until the syscall handler has
657 if (frame->tf_eip == (int)IDTVEC(lcall_syscall) + 1) {
659 * The syscall handler has now saved the
660 * flags. Stop single stepping it.
662 frame->tf_eflags &= ~PSL_T;
666 * Ignore debug register trace traps due to
667 * accesses in the user's address space, which
668 * can happen under several conditions such as
669 * if a user sets a watchpoint on a buffer and
670 * then passes that buffer to a system call.
671 * We still want to get TRCTRAPS for addresses
672 * in kernel space because that is useful when
673 * debugging the kernel.
675 if (user_dbreg_trap() &&
676 !(curpcb->pcb_flags & PCB_VM86CALL)) {
678 * Reset breakpoint bits because the
681 load_dr6(rdr6() & 0xfffffff0);
685 * FALLTHROUGH (TRCTRAP kernel mode, kernel address)
689 * If KDB is enabled, let it handle the debugger trap.
690 * Otherwise, debugger traps "can't happen".
693 if (kdb_trap(type, 0, frame))
701 if (time_second - lastalert > 10) {
702 log(LOG_WARNING, "NMI: power fail\n");
704 lastalert = time_second;
707 #else /* !POWERFAIL_NMI */
708 /* machine/parity/power fail/"kitchen sink" faults */
709 if (isa_nmi(code) == 0) {
712 * NMI can be hooked up to a pushbutton
716 printf ("NMI ... going to debugger\n");
717 kdb_trap(type, 0, frame);
721 } else if (panic_on_nmi == 0)
724 #endif /* POWERFAIL_NMI */
728 trap_fatal(frame, eva);
732 /* Translate fault for emulators (e.g. Linux) */
733 if (*p->p_sysent->sv_transtrap)
734 i = (*p->p_sysent->sv_transtrap)(i, type);
736 ksiginfo_init_trap(&ksi);
738 ksi.ksi_code = ucode;
739 ksi.ksi_addr = (void *)addr;
740 ksi.ksi_trapno = type;
741 if (uprintf_signal) {
742 uprintf("pid %d comm %s: signal %d err %x code %d type %d "
743 "addr 0x%x esp 0x%08x eip 0x%08x "
744 "<%02x %02x %02x %02x %02x %02x %02x %02x>\n",
745 p->p_pid, p->p_comm, i, frame->tf_err, ucode, type, addr,
746 frame->tf_esp, frame->tf_eip,
747 fubyte((void *)(frame->tf_eip + 0)),
748 fubyte((void *)(frame->tf_eip + 1)),
749 fubyte((void *)(frame->tf_eip + 2)),
750 fubyte((void *)(frame->tf_eip + 3)),
751 fubyte((void *)(frame->tf_eip + 4)),
752 fubyte((void *)(frame->tf_eip + 5)),
753 fubyte((void *)(frame->tf_eip + 6)),
754 fubyte((void *)(frame->tf_eip + 7)));
756 KASSERT((read_eflags() & PSL_I) != 0, ("interrupts disabled"));
757 trapsignal(td, &ksi);
760 if (type <= MAX_TRAP_MSG) {
761 uprintf("fatal process exception: %s",
763 if ((type == T_PAGEFLT) || (type == T_PROTFLT))
764 uprintf(", fault VA = 0x%lx", (u_long)eva);
771 KASSERT(PCB_USER_FPU(td->td_pcb),
772 ("Return from trap with kernel FPU ctx leaked"));
779 trap_pfault(frame, usermode, eva)
780 struct trapframe *frame;
789 struct thread *td = curthread;
790 struct proc *p = td->td_proc;
792 if (__predict_false((td->td_pflags & TDP_NOFAULTING) != 0)) {
794 * Due to both processor errata and lazy TLB invalidation when
795 * access restrictions are removed from virtual pages, memory
796 * accesses that are allowed by the physical mapping layer may
797 * nonetheless cause one spurious page fault per virtual page.
798 * When the thread is executing a "no faulting" section that
799 * is bracketed by vm_fault_{disable,enable}_pagefaults(),
800 * every page fault is treated as a spurious page fault,
801 * unless it accesses the same virtual address as the most
802 * recent page fault within the same "no faulting" section.
804 if (td->td_md.md_spurflt_addr != eva ||
805 (td->td_pflags & TDP_RESETSPUR) != 0) {
807 * Do nothing to the TLB. A stale TLB entry is
808 * flushed automatically by a page fault.
810 td->td_md.md_spurflt_addr = eva;
811 td->td_pflags &= ~TDP_RESETSPUR;
816 * If we get a page fault while in a critical section, then
817 * it is most likely a fatal kernel page fault. The kernel
818 * is already going to panic trying to get a sleep lock to
819 * do the VM lookup, so just consider it a fatal trap so the
820 * kernel can print out a useful trap message and even get
823 * If we get a page fault while holding a non-sleepable
824 * lock, then it is most likely a fatal kernel page fault.
825 * If WITNESS is enabled, then it's going to whine about
826 * bogus LORs with various VM locks, so just skip to the
827 * fatal trap handling directly.
829 if (td->td_critnest != 0 ||
830 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL,
831 "Kernel page fault") != 0) {
832 trap_fatal(frame, eva);
836 va = trunc_page(eva);
837 if (va >= KERNBASE) {
839 * Don't allow user-mode faults in kernel address space.
840 * An exception: if the faulting address is the invalid
841 * instruction entry in the IDT, then the Intel Pentium
842 * F00F bug workaround was triggered, and we need to
843 * treat it is as an illegal instruction, and not a page
846 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
847 if ((eva == (unsigned int)&idt[6]) && has_f00f_bug)
856 * This is a fault on non-kernel virtual memory. If either
857 * p or p->p_vmspace is NULL, then the fault is fatal.
859 if (p == NULL || (vm = p->p_vmspace) == NULL)
865 * When accessing a user-space address, kernel must be
866 * ready to accept the page fault, and provide a
867 * handling routine. Since accessing the address
868 * without the handler is a bug, do not try to handle
869 * it normally, and panic immediately.
871 if (!usermode && (td->td_intr_nesting_level != 0 ||
872 curpcb->pcb_onfault == NULL)) {
873 trap_fatal(frame, eva);
879 * PGEX_I is defined only if the execute disable bit capability is
880 * supported and enabled.
882 if (frame->tf_err & PGEX_W)
883 ftype = VM_PROT_WRITE;
885 else if ((frame->tf_err & PGEX_I) && pg_nx != 0)
886 ftype = VM_PROT_EXECUTE;
889 ftype = VM_PROT_READ;
891 if (map != kernel_map) {
893 * Keep swapout from messing with us during this
900 /* Fault in the user page: */
901 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
908 * Don't have to worry about process locking or stacks in the
911 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
913 if (rv == KERN_SUCCESS) {
915 if (ftype == VM_PROT_READ || ftype == VM_PROT_WRITE) {
916 PMC_SOFT_CALL_TF( , , page_fault, all, frame);
917 if (ftype == VM_PROT_READ)
918 PMC_SOFT_CALL_TF( , , page_fault, read,
921 PMC_SOFT_CALL_TF( , , page_fault, write,
929 if (td->td_intr_nesting_level == 0 &&
930 curpcb->pcb_onfault != NULL) {
931 frame->tf_eip = (int)curpcb->pcb_onfault;
934 trap_fatal(frame, eva);
937 return ((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV);
941 trap_fatal(frame, eva)
942 struct trapframe *frame;
947 struct soft_segment_descriptor softseg;
950 code = frame->tf_err;
951 type = frame->tf_trapno;
952 sdtossd(&gdt[IDXSEL(frame->tf_cs & 0xffff)].sd, &softseg);
954 if (type <= MAX_TRAP_MSG)
955 msg = trap_msg[type];
958 printf("\n\nFatal trap %d: %s while in %s mode\n", type, msg,
959 frame->tf_eflags & PSL_VM ? "vm86" :
960 ISPL(frame->tf_cs) == SEL_UPL ? "user" : "kernel");
962 /* two separate prints in case of a trap on an unmapped page */
963 printf("cpuid = %d; ", PCPU_GET(cpuid));
964 printf("apic id = %02x\n", PCPU_GET(apic_id));
966 if (type == T_PAGEFLT) {
967 printf("fault virtual address = 0x%x\n", eva);
968 printf("fault code = %s %s, %s\n",
969 code & PGEX_U ? "user" : "supervisor",
970 code & PGEX_W ? "write" : "read",
971 code & PGEX_P ? "protection violation" : "page not present");
973 printf("instruction pointer = 0x%x:0x%x\n",
974 frame->tf_cs & 0xffff, frame->tf_eip);
975 if ((ISPL(frame->tf_cs) == SEL_UPL) || (frame->tf_eflags & PSL_VM)) {
976 ss = frame->tf_ss & 0xffff;
979 ss = GSEL(GDATA_SEL, SEL_KPL);
980 esp = (int)&frame->tf_esp;
982 printf("stack pointer = 0x%x:0x%x\n", ss, esp);
983 printf("frame pointer = 0x%x:0x%x\n", ss, frame->tf_ebp);
984 printf("code segment = base 0x%x, limit 0x%x, type 0x%x\n",
985 softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type);
986 printf(" = DPL %d, pres %d, def32 %d, gran %d\n",
987 softseg.ssd_dpl, softseg.ssd_p, softseg.ssd_def32,
989 printf("processor eflags = ");
990 if (frame->tf_eflags & PSL_T)
991 printf("trace trap, ");
992 if (frame->tf_eflags & PSL_I)
993 printf("interrupt enabled, ");
994 if (frame->tf_eflags & PSL_NT)
995 printf("nested task, ");
996 if (frame->tf_eflags & PSL_RF)
998 if (frame->tf_eflags & PSL_VM)
1000 printf("IOPL = %d\n", (frame->tf_eflags & PSL_IOPL) >> 12);
1001 printf("current process = ");
1003 printf("%lu (%s)\n", (u_long)curproc->p_pid, curthread->td_name);
1009 if (debugger_on_panic || kdb_active) {
1010 frame->tf_err = eva; /* smuggle fault address to ddb */
1011 if (kdb_trap(type, 0, frame)) {
1012 frame->tf_err = code; /* restore error code */
1015 frame->tf_err = code; /* restore error code */
1018 printf("trap number = %d\n", type);
1019 if (type <= MAX_TRAP_MSG)
1020 panic("%s", trap_msg[type]);
1022 panic("unknown/reserved trap");
1026 * Double fault handler. Called when a fault occurs while writing
1027 * a frame for a trap/exception onto the stack. This usually occurs
1028 * when the stack overflows (such is the case with infinite recursion,
1031 * XXX Note that the current PTD gets replaced by IdlePTD when the
1032 * task switch occurs. This means that the stack that was active at
1033 * the time of the double fault is not available at <kstack> unless
1034 * the machine was idle when the double fault occurred. The downside
1035 * of this is that "trace <ebp>" in ddb won't work.
1040 #ifdef KDTRACE_HOOKS
1041 if (dtrace_doubletrap_func != NULL)
1042 (*dtrace_doubletrap_func)();
1044 printf("\nFatal double fault:\n");
1045 printf("eip = 0x%x\n", PCPU_GET(common_tss.tss_eip));
1046 printf("esp = 0x%x\n", PCPU_GET(common_tss.tss_esp));
1047 printf("ebp = 0x%x\n", PCPU_GET(common_tss.tss_ebp));
1049 /* two separate prints in case of a trap on an unmapped page */
1050 printf("cpuid = %d; ", PCPU_GET(cpuid));
1051 printf("apic id = %02x\n", PCPU_GET(apic_id));
1053 panic("double fault");
1057 cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
1060 struct trapframe *frame;
1066 frame = td->td_frame;
1068 params = (caddr_t)frame->tf_esp + sizeof(int);
1069 sa->code = frame->tf_eax;
1072 * Need to check if this is a 32 bit or 64 bit syscall.
1074 if (sa->code == SYS_syscall) {
1076 * Code is first argument, followed by actual args.
1078 error = fueword(params, &tmp);
1082 params += sizeof(int);
1083 } else if (sa->code == SYS___syscall) {
1085 * Like syscall, but code is a quad, so as to maintain
1086 * quad alignment for the rest of the arguments.
1088 error = fueword(params, &tmp);
1092 params += sizeof(quad_t);
1095 if (p->p_sysent->sv_mask)
1096 sa->code &= p->p_sysent->sv_mask;
1097 if (sa->code >= p->p_sysent->sv_size)
1098 sa->callp = &p->p_sysent->sv_table[0];
1100 sa->callp = &p->p_sysent->sv_table[sa->code];
1101 sa->narg = sa->callp->sy_narg;
1103 if (params != NULL && sa->narg != 0)
1104 error = copyin(params, (caddr_t)sa->args,
1105 (u_int)(sa->narg * sizeof(int)));
1110 td->td_retval[0] = 0;
1111 td->td_retval[1] = frame->tf_edx;
1117 #include "../../kern/subr_syscall.c"
1120 * syscall - system call request C handler. A system call is
1121 * essentially treated as a trap by reusing the frame layout.
1124 syscall(struct trapframe *frame)
1127 struct syscall_args sa;
1128 register_t orig_tf_eflags;
1133 if (ISPL(frame->tf_cs) != SEL_UPL) {
1138 orig_tf_eflags = frame->tf_eflags;
1141 td->td_frame = frame;
1143 error = syscallenter(td, &sa);
1148 if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
1149 frame->tf_eflags &= ~PSL_T;
1150 ksiginfo_init_trap(&ksi);
1151 ksi.ksi_signo = SIGTRAP;
1152 ksi.ksi_code = TRAP_TRACE;
1153 ksi.ksi_addr = (void *)frame->tf_eip;
1154 trapsignal(td, &ksi);
1157 KASSERT(PCB_USER_FPU(td->td_pcb),
1158 ("System call %s returning with kernel FPU ctx leaked",
1159 syscallname(td->td_proc, sa.code)));
1160 KASSERT(td->td_pcb->pcb_save == get_pcb_user_save_td(td),
1161 ("System call %s returning with mangled pcb_save",
1162 syscallname(td->td_proc, sa.code)));
1164 syscallret(td, error, &sa);
projects / FreeBSD / FreeBSD.git / blob