2 * Copyright (C) 1994, David Greenman
3 * Copyright (c) 1990, 1993
4 * The Regents of the University of California. All rights reserved.
6 * This code is derived from software contributed to Berkeley by
7 * the University of Utah, and William Jolitz.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by the University of
20 * California, Berkeley and its contributors.
21 * 4. Neither the name of the University nor the names of its contributors
22 * may be used to endorse or promote products derived from this software
23 * without specific prior written permission.
25 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * from: @(#)trap.c 7.4 (Berkeley) 5/13/91
40 #include <sys/cdefs.h>
41 __FBSDID("$FreeBSD$");
44 * 386 Trap and System call handling
47 #include "opt_clock.h"
49 #include "opt_hwpmc_hooks.h"
53 #include "opt_stack.h"
56 #include <sys/param.h>
58 #include <sys/systm.h>
60 #include <sys/pioctl.h>
61 #include <sys/ptrace.h>
63 #include <sys/kernel.h>
66 #include <sys/mutex.h>
67 #include <sys/resourcevar.h>
68 #include <sys/signalvar.h>
69 #include <sys/syscall.h>
70 #include <sys/sysctl.h>
71 #include <sys/sysent.h>
73 #include <sys/vmmeter.h>
75 #include <sys/pmckern.h>
76 PMC_SOFT_DEFINE( , , page_fault, all);
77 PMC_SOFT_DEFINE( , , page_fault, read);
78 PMC_SOFT_DEFINE( , , page_fault, write);
80 #include <security/audit/audit.h>
83 #include <vm/vm_param.h>
85 #include <vm/vm_kern.h>
86 #include <vm/vm_map.h>
87 #include <vm/vm_page.h>
88 #include <vm/vm_extern.h>
90 #include <machine/cpu.h>
91 #include <machine/intr_machdep.h>
93 #include <machine/md_var.h>
94 #include <machine/pcb.h>
96 #include <machine/smp.h>
98 #include <machine/stack.h>
99 #include <machine/tss.h>
100 #include <machine/vm86.h>
103 #include <sys/syslog.h>
104 #include <machine/clock.h>
108 #include <sys/dtrace_bsd.h>
111 extern void trap(struct trapframe *frame);
112 extern void syscall(struct trapframe *frame);
114 static int trap_pfault(struct trapframe *, int, vm_offset_t);
115 static void trap_fatal(struct trapframe *, vm_offset_t);
116 void dblfault_handler(void);
118 extern inthand_t IDTVEC(lcall_syscall);
120 #define MAX_TRAP_MSG 32
121 static char *trap_msg[] = {
123 "privileged instruction fault", /* 1 T_PRIVINFLT */
125 "breakpoint instruction fault", /* 3 T_BPTFLT */
128 "arithmetic trap", /* 6 T_ARITHTRAP */
131 "general protection fault", /* 9 T_PROTFLT */
132 "trace trap", /* 10 T_TRCTRAP */
134 "page fault", /* 12 T_PAGEFLT */
136 "alignment fault", /* 14 T_ALIGNFLT */
140 "integer divide fault", /* 18 T_DIVIDE */
141 "non-maskable interrupt trap", /* 19 T_NMI */
142 "overflow trap", /* 20 T_OFLOW */
143 "FPU bounds check fault", /* 21 T_BOUND */
144 "FPU device not available", /* 22 T_DNA */
145 "double fault", /* 23 T_DOUBLEFLT */
146 "FPU operand fetch fault", /* 24 T_FPOPFLT */
147 "invalid TSS fault", /* 25 T_TSSFLT */
148 "segment not present fault", /* 26 T_SEGNPFLT */
149 "stack fault", /* 27 T_STKFLT */
150 "machine check trap", /* 28 T_MCHK */
151 "SIMD floating-point exception", /* 29 T_XMMFLT */
152 "reserved (unknown) fault", /* 30 T_RESERVED */
153 "", /* 31 unused (reserved) */
154 "DTrace pid return trap", /* 32 T_DTRACE_RET */
157 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
158 int has_f00f_bug = 0; /* Initialized so that it can be patched. */
162 static int kdb_on_nmi = 1;
163 SYSCTL_INT(_machdep, OID_AUTO, kdb_on_nmi, CTLFLAG_RWTUN,
164 &kdb_on_nmi, 0, "Go to KDB on NMI");
166 static int panic_on_nmi = 1;
167 SYSCTL_INT(_machdep, OID_AUTO, panic_on_nmi, CTLFLAG_RWTUN,
168 &panic_on_nmi, 0, "Panic on NMI");
169 static int prot_fault_translation = 0;
170 SYSCTL_INT(_machdep, OID_AUTO, prot_fault_translation, CTLFLAG_RW,
171 &prot_fault_translation, 0, "Select signal to deliver on protection fault");
172 static int uprintf_signal;
173 SYSCTL_INT(_machdep, OID_AUTO, uprintf_signal, CTLFLAG_RW,
175 "Print debugging information on trap signal to ctty");
178 * Exception, fault, and trap interface to the FreeBSD kernel.
179 * This common code is called from assembly language IDT gate entry
180 * routines that prepare a suitable stack frame, and restore this
181 * frame after the exception has been processed.
185 trap(struct trapframe *frame)
190 struct thread *td = curthread;
191 struct proc *p = td->td_proc;
192 int i = 0, ucode = 0, code;
198 static int lastalert = 0;
201 PCPU_INC(cnt.v_trap);
202 type = frame->tf_trapno;
205 /* Handler for NMI IPIs used for stopping CPUs. */
207 if (ipi_nmi_handler() == 0)
219 if (type == T_RESERVED) {
220 trap_fatal(frame, 0);
227 * CPU PMCs interrupt using an NMI so we check for that first.
228 * If the HWPMC module is active, 'pmc_hook' will point to
229 * the function to be called. A non-zero return value from the
230 * hook means that the NMI was consumed by it and that we can
231 * return immediately.
233 if (pmc_intr != NULL &&
234 (*pmc_intr)(PCPU_GET(cpuid), frame) != 0)
239 if (stack_nmi_handler(frame) != 0)
244 if (type == T_MCHK) {
251 * A trap can occur while DTrace executes a probe. Before
252 * executing the probe, DTrace blocks re-scheduling and sets
253 * a flag in its per-cpu flags to indicate that it doesn't
254 * want to fault. On returning from the probe, the no-fault
255 * flag is cleared and finally re-scheduling is enabled.
257 if ((type == T_PROTFLT || type == T_PAGEFLT) &&
258 dtrace_trap_func != NULL && (*dtrace_trap_func)(frame, type))
262 if ((frame->tf_eflags & PSL_I) == 0) {
264 * Buggy application or kernel code has disabled
265 * interrupts and then trapped. Enabling interrupts
266 * now is wrong, but it is better than running with
267 * interrupts disabled until they are accidentally
270 if (ISPL(frame->tf_cs) == SEL_UPL || (frame->tf_eflags & PSL_VM))
272 "pid %ld (%s): trap %d with interrupts disabled\n",
273 (long)curproc->p_pid, curthread->td_name, type);
274 else if (type != T_NMI && type != T_BPTFLT &&
276 frame->tf_eip != (int)cpu_switch_load_gs) {
278 * XXX not quite right, since this may be for a
279 * multiple fault in user mode.
281 printf("kernel trap %d with interrupts disabled\n",
284 * Page faults need interrupts disabled until later,
285 * and we shouldn't enable interrupts while holding
288 if (type != T_PAGEFLT &&
289 td->td_md.md_spinlock_count == 0)
294 code = frame->tf_err;
295 if (type == T_PAGEFLT) {
297 * For some Cyrix CPUs, %cr2 is clobbered by
298 * interrupts. This problem is worked around by using
299 * an interrupt gate for the pagefault handler. We
300 * are finally ready to read %cr2 and conditionally
301 * reenable interrupts. If we hold a spin lock, then
302 * we must not reenable interrupts. This might be a
303 * spurious page fault.
306 if (td->td_md.md_spinlock_count == 0)
310 if ((ISPL(frame->tf_cs) == SEL_UPL) ||
311 ((frame->tf_eflags & PSL_VM) &&
312 !(curpcb->pcb_flags & PCB_VM86CALL))) {
316 td->td_frame = frame;
317 addr = frame->tf_eip;
318 if (td->td_cowgen != p->p_cowgen)
319 thread_cow_update(td);
322 case T_PRIVINFLT: /* privileged instruction fault */
327 case T_BPTFLT: /* bpt instruction fault */
328 case T_TRCTRAP: /* trace trap */
331 if (type == T_BPTFLT) {
332 fill_frame_regs(frame, ®s);
333 if (dtrace_pid_probe_ptr != NULL &&
334 dtrace_pid_probe_ptr(®s) == 0)
338 frame->tf_eflags &= ~PSL_T;
340 ucode = (type == T_TRCTRAP ? TRAP_TRACE : TRAP_BRKPT);
343 case T_ARITHTRAP: /* arithmetic trap */
345 ucode = npxtrap_x87();
355 * The following two traps can happen in
356 * vm86 mode, and, if so, we want to handle
359 case T_PROTFLT: /* general protection fault */
360 case T_STKFLT: /* stack fault */
361 if (frame->tf_eflags & PSL_VM) {
362 i = vm86_emulate((struct vm86frame *)frame);
368 ucode = (type == T_PROTFLT) ? BUS_OBJERR : BUS_ADRERR;
370 case T_SEGNPFLT: /* segment not present fault */
374 case T_TSSFLT: /* invalid TSS fault */
382 case T_DOUBLEFLT: /* double fault */
388 case T_PAGEFLT: /* page fault */
390 i = trap_pfault(frame, TRUE, eva);
391 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
394 * The f00f hack workaround has triggered, so
395 * treat the fault as an illegal instruction
396 * (T_PRIVINFLT) instead of a page fault.
398 type = frame->tf_trapno = T_PRIVINFLT;
400 /* Proceed as in that case. */
414 if (prot_fault_translation == 0) {
417 * This check also covers the images
418 * without the ABI-tag ELF note.
420 if (SV_CURPROC_ABI() == SV_ABI_FREEBSD
421 && p->p_osrel >= P_OSREL_SIGSEGV) {
426 ucode = BUS_PAGE_FAULT;
428 } else if (prot_fault_translation == 1) {
430 * Always compat mode.
433 ucode = BUS_PAGE_FAULT;
436 * Always SIGSEGV mode.
445 case T_DIVIDE: /* integer divide fault */
454 # define TIMER_FREQ 1193182
456 if (time_second - lastalert > 10) {
457 log(LOG_WARNING, "NMI: power fail\n");
459 lastalert = time_second;
462 #else /* !POWERFAIL_NMI */
463 /* machine/parity/power fail/"kitchen sink" faults */
464 if (isa_nmi(code) == 0) {
467 * NMI can be hooked up to a pushbutton
471 printf ("NMI ... going to debugger\n");
472 kdb_trap(type, 0, frame);
476 } else if (panic_on_nmi)
477 panic("NMI indicates hardware failure");
479 #endif /* POWERFAIL_NMI */
482 case T_OFLOW: /* integer overflow fault */
487 case T_BOUND: /* bounds check fault */
494 KASSERT(PCB_USER_FPU(td->td_pcb),
495 ("kernel FPU ctx has leaked"));
496 /* transparent fault (due to context switch "late") */
500 uprintf("pid %d killed due to lack of floating point\n",
506 case T_FPOPFLT: /* FPU operand fetch fault */
511 case T_XMMFLT: /* SIMD floating-point exception */
512 #if defined(DEV_NPX) && !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
513 ucode = npxtrap_sse();
524 fill_frame_regs(frame, ®s);
525 if (dtrace_return_probe_ptr != NULL &&
526 dtrace_return_probe_ptr(®s) == 0)
534 KASSERT(cold || td->td_ucred != NULL,
535 ("kernel trap doesn't have ucred"));
537 case T_PAGEFLT: /* page fault */
538 (void) trap_pfault(frame, FALSE, eva);
543 if (PCB_USER_FPU(td->td_pcb))
544 panic("Unregistered use of FPU in kernel");
550 case T_ARITHTRAP: /* arithmetic trap */
551 case T_XMMFLT: /* SIMD floating-point exception */
552 case T_FPOPFLT: /* FPU operand fetch fault */
554 * XXXKIB for now disable any FPU traps in kernel
555 * handler registration seems to be overkill
557 trap_fatal(frame, 0);
561 * The following two traps can happen in
562 * vm86 mode, and, if so, we want to handle
565 case T_PROTFLT: /* general protection fault */
566 case T_STKFLT: /* stack fault */
567 if (frame->tf_eflags & PSL_VM) {
568 i = vm86_emulate((struct vm86frame *)frame);
571 * returns to original process
573 vm86_trap((struct vm86frame *)frame);
576 if (type == T_STKFLT)
581 case T_SEGNPFLT: /* segment not present fault */
582 if (curpcb->pcb_flags & PCB_VM86CALL)
586 * Invalid %fs's and %gs's can be created using
587 * procfs or PT_SETREGS or by invalidating the
588 * underlying LDT entry. This causes a fault
589 * in kernel mode when the kernel attempts to
590 * switch contexts. Lose the bad context
591 * (XXX) so that we can continue, and generate
594 if (frame->tf_eip == (int)cpu_switch_load_gs) {
598 kern_psignal(p, SIGBUS);
604 if (td->td_intr_nesting_level != 0)
608 * Invalid segment selectors and out of bounds
609 * %eip's and %esp's can be set up in user mode.
610 * This causes a fault in kernel mode when the
611 * kernel tries to return to user mode. We want
612 * to get this fault so that we can fix the
613 * problem here and not have to check all the
614 * selectors and pointers when the user changes
617 if (frame->tf_eip == (int)doreti_iret) {
618 frame->tf_eip = (int)doreti_iret_fault;
621 if (frame->tf_eip == (int)doreti_popl_ds) {
622 frame->tf_eip = (int)doreti_popl_ds_fault;
625 if (frame->tf_eip == (int)doreti_popl_es) {
626 frame->tf_eip = (int)doreti_popl_es_fault;
629 if (frame->tf_eip == (int)doreti_popl_fs) {
630 frame->tf_eip = (int)doreti_popl_fs_fault;
633 if (curpcb->pcb_onfault != NULL) {
635 (int)curpcb->pcb_onfault;
642 * PSL_NT can be set in user mode and isn't cleared
643 * automatically when the kernel is entered. This
644 * causes a TSS fault when the kernel attempts to
645 * `iret' because the TSS link is uninitialized. We
646 * want to get this fault so that we can fix the
647 * problem here and not every time the kernel is
650 if (frame->tf_eflags & PSL_NT) {
651 frame->tf_eflags &= ~PSL_NT;
656 case T_TRCTRAP: /* trace trap */
657 if (frame->tf_eip == (int)IDTVEC(lcall_syscall)) {
659 * We've just entered system mode via the
660 * syscall lcall. Continue single stepping
661 * silently until the syscall handler has
666 if (frame->tf_eip == (int)IDTVEC(lcall_syscall) + 1) {
668 * The syscall handler has now saved the
669 * flags. Stop single stepping it.
671 frame->tf_eflags &= ~PSL_T;
675 * Ignore debug register trace traps due to
676 * accesses in the user's address space, which
677 * can happen under several conditions such as
678 * if a user sets a watchpoint on a buffer and
679 * then passes that buffer to a system call.
680 * We still want to get TRCTRAPS for addresses
681 * in kernel space because that is useful when
682 * debugging the kernel.
684 if (user_dbreg_trap() &&
685 !(curpcb->pcb_flags & PCB_VM86CALL)) {
687 * Reset breakpoint bits because the
690 load_dr6(rdr6() & 0xfffffff0);
694 * FALLTHROUGH (TRCTRAP kernel mode, kernel address)
698 * If KDB is enabled, let it handle the debugger trap.
699 * Otherwise, debugger traps "can't happen".
702 if (kdb_trap(type, 0, frame))
710 if (time_second - lastalert > 10) {
711 log(LOG_WARNING, "NMI: power fail\n");
713 lastalert = time_second;
716 #else /* !POWERFAIL_NMI */
717 /* machine/parity/power fail/"kitchen sink" faults */
718 if (isa_nmi(code) == 0) {
721 * NMI can be hooked up to a pushbutton
725 printf ("NMI ... going to debugger\n");
726 kdb_trap(type, 0, frame);
730 } else if (panic_on_nmi == 0)
733 #endif /* POWERFAIL_NMI */
737 trap_fatal(frame, eva);
741 /* Translate fault for emulators (e.g. Linux) */
742 if (*p->p_sysent->sv_transtrap)
743 i = (*p->p_sysent->sv_transtrap)(i, type);
745 ksiginfo_init_trap(&ksi);
747 ksi.ksi_code = ucode;
748 ksi.ksi_addr = (void *)addr;
749 ksi.ksi_trapno = type;
750 if (uprintf_signal) {
751 uprintf("pid %d comm %s: signal %d err %x code %d type %d "
752 "addr 0x%x esp 0x%08x eip 0x%08x "
753 "<%02x %02x %02x %02x %02x %02x %02x %02x>\n",
754 p->p_pid, p->p_comm, i, frame->tf_err, ucode, type, addr,
755 frame->tf_esp, frame->tf_eip,
756 fubyte((void *)(frame->tf_eip + 0)),
757 fubyte((void *)(frame->tf_eip + 1)),
758 fubyte((void *)(frame->tf_eip + 2)),
759 fubyte((void *)(frame->tf_eip + 3)),
760 fubyte((void *)(frame->tf_eip + 4)),
761 fubyte((void *)(frame->tf_eip + 5)),
762 fubyte((void *)(frame->tf_eip + 6)),
763 fubyte((void *)(frame->tf_eip + 7)));
765 KASSERT((read_eflags() & PSL_I) != 0, ("interrupts disabled"));
766 trapsignal(td, &ksi);
769 if (type <= MAX_TRAP_MSG) {
770 uprintf("fatal process exception: %s",
772 if ((type == T_PAGEFLT) || (type == T_PROTFLT))
773 uprintf(", fault VA = 0x%lx", (u_long)eva);
780 KASSERT(PCB_USER_FPU(td->td_pcb),
781 ("Return from trap with kernel FPU ctx leaked"));
788 trap_pfault(frame, usermode, eva)
789 struct trapframe *frame;
797 struct thread *td = curthread;
798 struct proc *p = td->td_proc;
800 if (__predict_false((td->td_pflags & TDP_NOFAULTING) != 0)) {
802 * Due to both processor errata and lazy TLB invalidation when
803 * access restrictions are removed from virtual pages, memory
804 * accesses that are allowed by the physical mapping layer may
805 * nonetheless cause one spurious page fault per virtual page.
806 * When the thread is executing a "no faulting" section that
807 * is bracketed by vm_fault_{disable,enable}_pagefaults(),
808 * every page fault is treated as a spurious page fault,
809 * unless it accesses the same virtual address as the most
810 * recent page fault within the same "no faulting" section.
812 if (td->td_md.md_spurflt_addr != eva ||
813 (td->td_pflags & TDP_RESETSPUR) != 0) {
815 * Do nothing to the TLB. A stale TLB entry is
816 * flushed automatically by a page fault.
818 td->td_md.md_spurflt_addr = eva;
819 td->td_pflags &= ~TDP_RESETSPUR;
824 * If we get a page fault while in a critical section, then
825 * it is most likely a fatal kernel page fault. The kernel
826 * is already going to panic trying to get a sleep lock to
827 * do the VM lookup, so just consider it a fatal trap so the
828 * kernel can print out a useful trap message and even get
831 * If we get a page fault while holding a non-sleepable
832 * lock, then it is most likely a fatal kernel page fault.
833 * If WITNESS is enabled, then it's going to whine about
834 * bogus LORs with various VM locks, so just skip to the
835 * fatal trap handling directly.
837 if (td->td_critnest != 0 ||
838 WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK, NULL,
839 "Kernel page fault") != 0) {
840 trap_fatal(frame, eva);
844 va = trunc_page(eva);
845 if (va >= KERNBASE) {
847 * Don't allow user-mode faults in kernel address space.
848 * An exception: if the faulting address is the invalid
849 * instruction entry in the IDT, then the Intel Pentium
850 * F00F bug workaround was triggered, and we need to
851 * treat it is as an illegal instruction, and not a page
854 #if defined(I586_CPU) && !defined(NO_F00F_HACK)
855 if ((eva == (unsigned int)&idt[6]) && has_f00f_bug)
863 map = &p->p_vmspace->vm_map;
866 * When accessing a user-space address, kernel must be
867 * ready to accept the page fault, and provide a
868 * handling routine. Since accessing the address
869 * without the handler is a bug, do not try to handle
870 * it normally, and panic immediately.
872 if (!usermode && (td->td_intr_nesting_level != 0 ||
873 curpcb->pcb_onfault == NULL)) {
874 trap_fatal(frame, eva);
880 * PGEX_I is defined only if the execute disable bit capability is
881 * supported and enabled.
883 if (frame->tf_err & PGEX_W)
884 ftype = VM_PROT_WRITE;
885 #if defined(PAE) || defined(PAE_TABLES)
886 else if ((frame->tf_err & PGEX_I) && pg_nx != 0)
887 ftype = VM_PROT_EXECUTE;
890 ftype = VM_PROT_READ;
892 /* Fault in the page. */
893 rv = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
894 if (rv == KERN_SUCCESS) {
896 if (ftype == VM_PROT_READ || ftype == VM_PROT_WRITE) {
897 PMC_SOFT_CALL_TF( , , page_fault, all, frame);
898 if (ftype == VM_PROT_READ)
899 PMC_SOFT_CALL_TF( , , page_fault, read,
902 PMC_SOFT_CALL_TF( , , page_fault, write,
910 if (td->td_intr_nesting_level == 0 &&
911 curpcb->pcb_onfault != NULL) {
912 frame->tf_eip = (int)curpcb->pcb_onfault;
915 trap_fatal(frame, eva);
918 return ((rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV);
922 trap_fatal(frame, eva)
923 struct trapframe *frame;
928 struct soft_segment_descriptor softseg;
931 code = frame->tf_err;
932 type = frame->tf_trapno;
933 sdtossd(&gdt[IDXSEL(frame->tf_cs & 0xffff)].sd, &softseg);
935 if (type <= MAX_TRAP_MSG)
936 msg = trap_msg[type];
939 printf("\n\nFatal trap %d: %s while in %s mode\n", type, msg,
940 frame->tf_eflags & PSL_VM ? "vm86" :
941 ISPL(frame->tf_cs) == SEL_UPL ? "user" : "kernel");
943 /* two separate prints in case of a trap on an unmapped page */
944 printf("cpuid = %d; ", PCPU_GET(cpuid));
945 printf("apic id = %02x\n", PCPU_GET(apic_id));
947 if (type == T_PAGEFLT) {
948 printf("fault virtual address = 0x%x\n", eva);
949 printf("fault code = %s %s, %s\n",
950 code & PGEX_U ? "user" : "supervisor",
951 code & PGEX_W ? "write" : "read",
952 code & PGEX_P ? "protection violation" : "page not present");
954 printf("instruction pointer = 0x%x:0x%x\n",
955 frame->tf_cs & 0xffff, frame->tf_eip);
956 if ((ISPL(frame->tf_cs) == SEL_UPL) || (frame->tf_eflags & PSL_VM)) {
957 ss = frame->tf_ss & 0xffff;
960 ss = GSEL(GDATA_SEL, SEL_KPL);
961 esp = (int)&frame->tf_esp;
963 printf("stack pointer = 0x%x:0x%x\n", ss, esp);
964 printf("frame pointer = 0x%x:0x%x\n", ss, frame->tf_ebp);
965 printf("code segment = base 0x%x, limit 0x%x, type 0x%x\n",
966 softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type);
967 printf(" = DPL %d, pres %d, def32 %d, gran %d\n",
968 softseg.ssd_dpl, softseg.ssd_p, softseg.ssd_def32,
970 printf("processor eflags = ");
971 if (frame->tf_eflags & PSL_T)
972 printf("trace trap, ");
973 if (frame->tf_eflags & PSL_I)
974 printf("interrupt enabled, ");
975 if (frame->tf_eflags & PSL_NT)
976 printf("nested task, ");
977 if (frame->tf_eflags & PSL_RF)
979 if (frame->tf_eflags & PSL_VM)
981 printf("IOPL = %d\n", (frame->tf_eflags & PSL_IOPL) >> 12);
982 printf("current process = %d (%s)\n",
983 curproc->p_pid, curthread->td_name);
986 if (debugger_on_panic || kdb_active) {
987 frame->tf_err = eva; /* smuggle fault address to ddb */
988 if (kdb_trap(type, 0, frame)) {
989 frame->tf_err = code; /* restore error code */
992 frame->tf_err = code; /* restore error code */
995 printf("trap number = %d\n", type);
996 if (type <= MAX_TRAP_MSG)
997 panic("%s", trap_msg[type]);
999 panic("unknown/reserved trap");
1003 * Double fault handler. Called when a fault occurs while writing
1004 * a frame for a trap/exception onto the stack. This usually occurs
1005 * when the stack overflows (such is the case with infinite recursion,
1008 * XXX Note that the current PTD gets replaced by IdlePTD when the
1009 * task switch occurs. This means that the stack that was active at
1010 * the time of the double fault is not available at <kstack> unless
1011 * the machine was idle when the double fault occurred. The downside
1012 * of this is that "trace <ebp>" in ddb won't work.
1017 #ifdef KDTRACE_HOOKS
1018 if (dtrace_doubletrap_func != NULL)
1019 (*dtrace_doubletrap_func)();
1021 printf("\nFatal double fault:\n");
1022 printf("eip = 0x%x\n", PCPU_GET(common_tss.tss_eip));
1023 printf("esp = 0x%x\n", PCPU_GET(common_tss.tss_esp));
1024 printf("ebp = 0x%x\n", PCPU_GET(common_tss.tss_ebp));
1026 /* two separate prints in case of a trap on an unmapped page */
1027 printf("cpuid = %d; ", PCPU_GET(cpuid));
1028 printf("apic id = %02x\n", PCPU_GET(apic_id));
1030 panic("double fault");
1034 cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa)
1037 struct trapframe *frame;
1043 frame = td->td_frame;
1045 params = (caddr_t)frame->tf_esp + sizeof(int);
1046 sa->code = frame->tf_eax;
1049 * Need to check if this is a 32 bit or 64 bit syscall.
1051 if (sa->code == SYS_syscall) {
1053 * Code is first argument, followed by actual args.
1055 error = fueword(params, &tmp);
1059 params += sizeof(int);
1060 } else if (sa->code == SYS___syscall) {
1062 * Like syscall, but code is a quad, so as to maintain
1063 * quad alignment for the rest of the arguments.
1065 error = fueword(params, &tmp);
1069 params += sizeof(quad_t);
1072 if (p->p_sysent->sv_mask)
1073 sa->code &= p->p_sysent->sv_mask;
1074 if (sa->code >= p->p_sysent->sv_size)
1075 sa->callp = &p->p_sysent->sv_table[0];
1077 sa->callp = &p->p_sysent->sv_table[sa->code];
1078 sa->narg = sa->callp->sy_narg;
1080 if (params != NULL && sa->narg != 0)
1081 error = copyin(params, (caddr_t)sa->args,
1082 (u_int)(sa->narg * sizeof(int)));
1087 td->td_retval[0] = 0;
1088 td->td_retval[1] = frame->tf_edx;
1094 #include "../../kern/subr_syscall.c"
1097 * syscall - system call request C handler. A system call is
1098 * essentially treated as a trap by reusing the frame layout.
1101 syscall(struct trapframe *frame)
1104 struct syscall_args sa;
1105 register_t orig_tf_eflags;
1110 if (ISPL(frame->tf_cs) != SEL_UPL) {
1115 orig_tf_eflags = frame->tf_eflags;
1118 td->td_frame = frame;
1120 error = syscallenter(td, &sa);
1125 if ((orig_tf_eflags & PSL_T) && !(orig_tf_eflags & PSL_VM)) {
1126 frame->tf_eflags &= ~PSL_T;
1127 ksiginfo_init_trap(&ksi);
1128 ksi.ksi_signo = SIGTRAP;
1129 ksi.ksi_code = TRAP_TRACE;
1130 ksi.ksi_addr = (void *)frame->tf_eip;
1131 trapsignal(td, &ksi);
1134 KASSERT(PCB_USER_FPU(td->td_pcb),
1135 ("System call %s returning with kernel FPU ctx leaked",
1136 syscallname(td->td_proc, sa.code)));
1137 KASSERT(td->td_pcb->pcb_save == get_pcb_user_save_td(td),
1138 ("System call %s returning with mangled pcb_save",
1139 syscallname(td->td_proc, sa.code)));
1141 syscallret(td, error, &sa);
projects / FreeBSD / FreeBSD.git / blob