1 /* $NetBSD: fault.c,v 1.45 2003/11/20 14:44:36 scw Exp $ */
2
3 /*-
4 * Copyright 2004 Olivier Houchard
5 * Copyright 2003 Wasabi Systems, Inc.
6 * All rights reserved.
7 *
8 * Written by Steve C. Woodford for Wasabi Systems, Inc.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed for the NetBSD Project by
21 * Wasabi Systems, Inc.
22 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
23 * or promote products derived from this software without specific prior
24 * written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
37 */
38 /*-
39 * Copyright (c) 1994-1997 Mark Brinicombe.
40 * Copyright (c) 1994 Brini.
41 * All rights reserved.
42 *
43 * This code is derived from software written for Brini by Mark Brinicombe
44 *
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
47 * are met:
48 * 1. Redistributions of source code must retain the above copyright
49 * notice, this list of conditions and the following disclaimer.
50 * 2. Redistributions in binary form must reproduce the above copyright
51 * notice, this list of conditions and the following disclaimer in the
52 * documentation and/or other materials provided with the distribution.
53 * 3. All advertising materials mentioning features or use of this software
54 * must display the following acknowledgement:
55 * This product includes software developed by Brini.
56 * 4. The name of the company nor the name of the author may be used to
57 * endorse or promote products derived from this software without specific
58 * prior written permission.
59 *
60 * THIS SOFTWARE IS PROVIDED BY BRINI ``AS IS'' AND ANY EXPRESS OR IMPLIED
61 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
62 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
63 * IN NO EVENT SHALL BRINI OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
64 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
65 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
66 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
67 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
68 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
69 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
70 * SUCH DAMAGE.
71 *
72 * RiscBSD kernel project
73 *
74 * fault.c
75 *
76 * Fault handlers
77 *
78 * Created : 28/11/94
79 */
80
81 #include <sys/cdefs.h>
82 __FBSDID("$FreeBSD$");
83
84 #include <sys/param.h>
85 #include <sys/systm.h>
86 #include <sys/proc.h>
87 #include <sys/lock.h>
88 #include <sys/mutex.h>
89 #include <sys/signalvar.h>
90
91 #include <vm/vm.h>
92 #include <vm/pmap.h>
93 #include <vm/vm_kern.h>
94 #include <vm/vm_map.h>
95 #include <vm/vm_extern.h>
96
97 #include <machine/acle-compat.h>
98 #include <machine/cpu.h>
99 #include <machine/frame.h>
100 #include <machine/machdep.h>
101 #include <machine/pcb.h>
102 #include <machine/vmparam.h>
103
104 #ifdef KDB
105 #include <sys/kdb.h>
106 #endif
107
108 #ifdef KDTRACE_HOOKS
109 #include <sys/dtrace_bsd.h>
110 #endif
111
112 #define ReadWord(a) (*((volatile unsigned int *)(a)))
113
114 extern char fusubailout[];
115
116 #ifdef DEBUG
117 int last_fault_code; /* For the benefit of pmap_fault_fixup() */
118 #endif
119
120 struct ksig {
121 int signb;
122 u_long code;
123 };
124 struct data_abort {
125 int (*func)(struct trapframe *, u_int, u_int, struct thread *,
126 struct ksig *);
127 const char *desc;
128 };
129
130 static int dab_fatal(struct trapframe *, u_int, u_int, struct thread *,
131 struct ksig *);
132 static int dab_align(struct trapframe *, u_int, u_int, struct thread *,
133 struct ksig *);
134 static int dab_buserr(struct trapframe *, u_int, u_int, struct thread *,
135 struct ksig *);
136 static void prefetch_abort_handler(struct trapframe *);
137
138 static const struct data_abort data_aborts[] = {
139 {dab_fatal, "Vector Exception"},
140 {dab_align, "Alignment Fault 1"},
141 {dab_fatal, "Terminal Exception"},
142 {dab_align, "Alignment Fault 3"},
143 {dab_buserr, "External Linefetch Abort (S)"},
144 {NULL, "Translation Fault (S)"},
145 #if (ARM_MMU_V6 + ARM_MMU_V7) != 0
146 {NULL, "Translation Flag Fault"},
147 #else
148 {dab_buserr, "External Linefetch Abort (P)"},
149 #endif
150 {NULL, "Translation Fault (P)"},
151 {dab_buserr, "External Non-Linefetch Abort (S)"},
152 {NULL, "Domain Fault (S)"},
153 {dab_buserr, "External Non-Linefetch Abort (P)"},
154 {NULL, "Domain Fault (P)"},
155 {dab_buserr, "External Translation Abort (L1)"},
156 {NULL, "Permission Fault (S)"},
157 {dab_buserr, "External Translation Abort (L2)"},
158 {NULL, "Permission Fault (P)"}
159 };
160
161 /* Determine if a fault came from user mode */
162 #define TRAP_USERMODE(tf) ((tf->tf_spsr & PSR_MODE) == PSR_USR32_MODE)
163
164 /* Determine if 'x' is a permission fault */
165 #define IS_PERMISSION_FAULT(x) \
166 (((1 << ((x) & FAULT_TYPE_MASK)) & \
167 ((1 << FAULT_PERM_P) | (1 << FAULT_PERM_S))) != 0)
168
169 static __inline void
call_trapsignal(struct thread * td,int sig,u_long code)170 call_trapsignal(struct thread *td, int sig, u_long code)
171 {
172 ksiginfo_t ksi;
173
174 ksiginfo_init_trap(&ksi);
175 ksi.ksi_signo = sig;
176 ksi.ksi_code = (int)code;
177 trapsignal(td, &ksi);
178 }
179
180 void
abort_handler(struct trapframe * tf,int type)181 abort_handler(struct trapframe *tf, int type)
182 {
183 struct vm_map *map;
184 struct pcb *pcb;
185 struct thread *td;
186 u_int user, far, fsr;
187 vm_prot_t ftype;
188 void *onfault;
189 vm_offset_t va;
190 int error = 0;
191 struct ksig ksig;
192 struct proc *p;
193
194 if (type == 1)
195 return (prefetch_abort_handler(tf));
196
197 /* Grab FAR/FSR before enabling interrupts */
198 far = cpu_faultaddress();
199 fsr = cpu_faultstatus();
200 #if 0
201 printf("data abort: fault address=%p (from pc=%p lr=%p)\n",
202 (void*)far, (void*)tf->tf_pc, (void*)tf->tf_svc_lr);
203 #endif
204
205 /* Update vmmeter statistics */
206 #if 0
207 vmexp.traps++;
208 #endif
209
210 td = curthread;
211 p = td->td_proc;
212
213 PCPU_INC(cnt.v_trap);
214 /* Data abort came from user mode? */
215 user = TRAP_USERMODE(tf);
216
217 if (user) {
218 td->td_pticks = 0;
219 td->td_frame = tf;
220 if (td->td_cowgen != td->td_proc->p_cowgen)
221 thread_cow_update(td);
222
223 }
224 /* Grab the current pcb */
225 pcb = td->td_pcb;
226 /* Re-enable interrupts if they were enabled previously */
227 if (td->td_md.md_spinlock_count == 0) {
228 if (__predict_true(tf->tf_spsr & PSR_I) == 0)
229 enable_interrupts(PSR_I);
230 if (__predict_true(tf->tf_spsr & PSR_F) == 0)
231 enable_interrupts(PSR_F);
232 }
233
234
235 /* Invoke the appropriate handler, if necessary */
236 if (__predict_false(data_aborts[fsr & FAULT_TYPE_MASK].func != NULL)) {
237 if ((data_aborts[fsr & FAULT_TYPE_MASK].func)(tf, fsr, far,
238 td, &ksig)) {
239 goto do_trapsignal;
240 }
241 goto out;
242 }
243
244 /*
245 * At this point, we're dealing with one of the following data aborts:
246 *
247 * FAULT_TRANS_S - Translation -- Section
248 * FAULT_TRANS_P - Translation -- Page
249 * FAULT_DOMAIN_S - Domain -- Section
250 * FAULT_DOMAIN_P - Domain -- Page
251 * FAULT_PERM_S - Permission -- Section
252 * FAULT_PERM_P - Permission -- Page
253 *
254 * These are the main virtual memory-related faults signalled by
255 * the MMU.
256 */
257
258 /* fusubailout is used by [fs]uswintr to avoid page faulting */
259 if (__predict_false(pcb->pcb_onfault == fusubailout)) {
260 tf->tf_r0 = EFAULT;
261 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
262 return;
263 }
264
265 /*
266 * Make sure the Program Counter is sane. We could fall foul of
267 * someone executing Thumb code, in which case the PC might not
268 * be word-aligned. This would cause a kernel alignment fault
269 * further down if we have to decode the current instruction.
270 * XXX: It would be nice to be able to support Thumb at some point.
271 */
272 if (__predict_false((tf->tf_pc & 3) != 0)) {
273 if (user) {
274 /*
275 * Give the user an illegal instruction signal.
276 */
277 /* Deliver a SIGILL to the process */
278 ksig.signb = SIGILL;
279 ksig.code = 0;
280 goto do_trapsignal;
281 }
282
283 /*
284 * The kernel never executes Thumb code.
285 */
286 printf("\ndata_abort_fault: Misaligned Kernel-mode "
287 "Program Counter\n");
288 dab_fatal(tf, fsr, far, td, &ksig);
289 }
290
291 va = trunc_page((vm_offset_t)far);
292
293 /*
294 * It is only a kernel address space fault iff:
295 * 1. user == 0 and
296 * 2. pcb_onfault not set or
297 * 3. pcb_onfault set and not LDRT/LDRBT/STRT/STRBT instruction.
298 */
299 if (user == 0 && (va >= VM_MIN_KERNEL_ADDRESS ||
300 (va < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW)) &&
301 __predict_true((pcb->pcb_onfault == NULL ||
302 (ReadWord(tf->tf_pc) & 0x05200000) != 0x04200000))) {
303 map = kernel_map;
304
305 /* Was the fault due to the FPE/IPKDB ? */
306 if (__predict_false((tf->tf_spsr & PSR_MODE)==PSR_UND32_MODE)) {
307
308 /*
309 * Force exit via userret()
310 * This is necessary as the FPE is an extension to
311 * userland that actually runs in a priveledged mode
312 * but uses USR mode permissions for its accesses.
313 */
314 user = 1;
315 ksig.signb = SIGSEGV;
316 ksig.code = 0;
317 goto do_trapsignal;
318 }
319 } else {
320 map = &td->td_proc->p_vmspace->vm_map;
321 }
322
323 /*
324 * We need to know whether the page should be mapped as R or R/W. On
325 * armv6 and later the fault status register indicates whether the
326 * access was a read or write. Prior to armv6, we know that a
327 * permission fault can only be the result of a write to a read-only
328 * location, so we can deal with those quickly. Otherwise we need to
329 * disassemble the faulting instruction to determine if it was a write.
330 */
331 #if __ARM_ARCH >= 6
332 ftype = (fsr & FAULT_WNR) ? VM_PROT_READ | VM_PROT_WRITE : VM_PROT_READ;
333 #else
334 if (IS_PERMISSION_FAULT(fsr))
335 ftype = VM_PROT_WRITE;
336 else {
337 u_int insn = ReadWord(tf->tf_pc);
338
339 if (((insn & 0x0c100000) == 0x04000000) || /* STR/STRB */
340 ((insn & 0x0e1000b0) == 0x000000b0) || /* STRH/STRD */
341 ((insn & 0x0a100000) == 0x08000000)) { /* STM/CDT */
342 ftype = VM_PROT_WRITE;
343 } else {
344 if ((insn & 0x0fb00ff0) == 0x01000090) /* SWP */
345 ftype = VM_PROT_READ | VM_PROT_WRITE;
346 else
347 ftype = VM_PROT_READ;
348 }
349 }
350 #endif
351
352 /*
353 * See if the fault is as a result of ref/mod emulation,
354 * or domain mismatch.
355 */
356 #ifdef DEBUG
357 last_fault_code = fsr;
358 #endif
359 if (td->td_critnest != 0 || WITNESS_CHECK(WARN_SLEEPOK | WARN_GIANTOK,
360 NULL, "Kernel page fault") != 0)
361 goto fatal_pagefault;
362
363 if (pmap_fault_fixup(vmspace_pmap(td->td_proc->p_vmspace), va, ftype,
364 user)) {
365 goto out;
366 }
367
368 onfault = pcb->pcb_onfault;
369 pcb->pcb_onfault = NULL;
370 error = vm_fault(map, va, ftype, VM_FAULT_NORMAL);
371 pcb->pcb_onfault = onfault;
372 if (__predict_true(error == 0))
373 goto out;
374 fatal_pagefault:
375 if (user == 0) {
376 if (pcb->pcb_onfault) {
377 tf->tf_r0 = error;
378 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
379 return;
380 }
381
382 printf("\nvm_fault(%p, %x, %x, 0) -> %x\n", map, va, ftype,
383 error);
384 dab_fatal(tf, fsr, far, td, &ksig);
385 }
386
387
388 if (error == ENOMEM) {
389 printf("VM: pid %d (%s), uid %d killed: "
390 "out of swap\n", td->td_proc->p_pid, td->td_name,
391 (td->td_proc->p_ucred) ?
392 td->td_proc->p_ucred->cr_uid : -1);
393 ksig.signb = SIGKILL;
394 } else {
395 ksig.signb = SIGSEGV;
396 }
397 ksig.code = 0;
398 do_trapsignal:
399 call_trapsignal(td, ksig.signb, ksig.code);
400 out:
401 /* If returning to user mode, make sure to invoke userret() */
402 if (user)
403 userret(td, tf);
404 }
405
406 /*
407 * dab_fatal() handles the following data aborts:
408 *
409 * FAULT_WRTBUF_0 - Vector Exception
410 * FAULT_WRTBUF_1 - Terminal Exception
411 *
412 * We should never see these on a properly functioning system.
413 *
414 * This function is also called by the other handlers if they
415 * detect a fatal problem.
416 *
417 * Note: If 'l' is NULL, we assume we're dealing with a prefetch abort.
418 */
419 static int
dab_fatal(struct trapframe * tf,u_int fsr,u_int far,struct thread * td,struct ksig * ksig)420 dab_fatal(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
421 struct ksig *ksig)
422 {
423 const char *mode;
424
425 #ifdef KDTRACE_HOOKS
426 if (!TRAP_USERMODE(tf)) {
427 if (dtrace_trap_func != NULL && (*dtrace_trap_func)(tf, far & FAULT_TYPE_MASK))
428 return (0);
429 }
430 #endif
431
432 mode = TRAP_USERMODE(tf) ? "user" : "kernel";
433
434 disable_interrupts(PSR_I|PSR_F);
435 if (td != NULL) {
436 printf("Fatal %s mode data abort: '%s'\n", mode,
437 data_aborts[fsr & FAULT_TYPE_MASK].desc);
438 printf("trapframe: %p\nFSR=%08x, FAR=", tf, fsr);
439 if ((fsr & FAULT_IMPRECISE) == 0)
440 printf("%08x, ", far);
441 else
442 printf("Invalid, ");
443 printf("spsr=%08x\n", tf->tf_spsr);
444 } else {
445 printf("Fatal %s mode prefetch abort at 0x%08x\n",
446 mode, tf->tf_pc);
447 printf("trapframe: %p, spsr=%08x\n", tf, tf->tf_spsr);
448 }
449
450 printf("r0 =%08x, r1 =%08x, r2 =%08x, r3 =%08x\n",
451 tf->tf_r0, tf->tf_r1, tf->tf_r2, tf->tf_r3);
452 printf("r4 =%08x, r5 =%08x, r6 =%08x, r7 =%08x\n",
453 tf->tf_r4, tf->tf_r5, tf->tf_r6, tf->tf_r7);
454 printf("r8 =%08x, r9 =%08x, r10=%08x, r11=%08x\n",
455 tf->tf_r8, tf->tf_r9, tf->tf_r10, tf->tf_r11);
456 printf("r12=%08x, ", tf->tf_r12);
457
458 if (TRAP_USERMODE(tf))
459 printf("usp=%08x, ulr=%08x",
460 tf->tf_usr_sp, tf->tf_usr_lr);
461 else
462 printf("ssp=%08x, slr=%08x",
463 tf->tf_svc_sp, tf->tf_svc_lr);
464 printf(", pc =%08x\n\n", tf->tf_pc);
465
466 #ifdef KDB
467 if (debugger_on_panic || kdb_active)
468 if (kdb_trap(fsr, 0, tf))
469 return (0);
470 #endif
471 panic("Fatal abort");
472 /*NOTREACHED*/
473 }
474
475 /*
476 * dab_align() handles the following data aborts:
477 *
478 * FAULT_ALIGN_0 - Alignment fault
479 * FAULT_ALIGN_1 - Alignment fault
480 *
481 * These faults are fatal if they happen in kernel mode. Otherwise, we
482 * deliver a bus error to the process.
483 */
484 static int
dab_align(struct trapframe * tf,u_int fsr,u_int far,struct thread * td,struct ksig * ksig)485 dab_align(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
486 struct ksig *ksig)
487 {
488
489 /* Alignment faults are always fatal if they occur in kernel mode */
490 if (!TRAP_USERMODE(tf)) {
491 if (!td || !td->td_pcb->pcb_onfault)
492 dab_fatal(tf, fsr, far, td, ksig);
493 tf->tf_r0 = EFAULT;
494 tf->tf_pc = (int)td->td_pcb->pcb_onfault;
495 return (0);
496 }
497
498 /* pcb_onfault *must* be NULL at this point */
499
500 /* Deliver a bus error signal to the process */
501 ksig->code = 0;
502 ksig->signb = SIGBUS;
503 td->td_frame = tf;
504
505 return (1);
506 }
507
508 /*
509 * dab_buserr() handles the following data aborts:
510 *
511 * FAULT_BUSERR_0 - External Abort on Linefetch -- Section
512 * FAULT_BUSERR_1 - External Abort on Linefetch -- Page
513 * FAULT_BUSERR_2 - External Abort on Non-linefetch -- Section
514 * FAULT_BUSERR_3 - External Abort on Non-linefetch -- Page
515 * FAULT_BUSTRNL1 - External abort on Translation -- Level 1
516 * FAULT_BUSTRNL2 - External abort on Translation -- Level 2
517 *
518 * If pcb_onfault is set, flag the fault and return to the handler.
519 * If the fault occurred in user mode, give the process a SIGBUS.
520 *
521 * Note: On XScale, FAULT_BUSERR_0, FAULT_BUSERR_1, and FAULT_BUSERR_2
522 * can be flagged as imprecise in the FSR. This causes a real headache
523 * since some of the machine state is lost. In this case, tf->tf_pc
524 * may not actually point to the offending instruction. In fact, if
525 * we've taken a double abort fault, it generally points somewhere near
526 * the top of "data_abort_entry" in exception.S.
527 *
528 * In all other cases, these data aborts are considered fatal.
529 */
530 static int
dab_buserr(struct trapframe * tf,u_int fsr,u_int far,struct thread * td,struct ksig * ksig)531 dab_buserr(struct trapframe *tf, u_int fsr, u_int far, struct thread *td,
532 struct ksig *ksig)
533 {
534 struct pcb *pcb = td->td_pcb;
535
536 #ifdef __XSCALE__
537 if ((fsr & FAULT_IMPRECISE) != 0 &&
538 (tf->tf_spsr & PSR_MODE) == PSR_ABT32_MODE) {
539 /*
540 * Oops, an imprecise, double abort fault. We've lost the
541 * r14_abt/spsr_abt values corresponding to the original
542 * abort, and the spsr saved in the trapframe indicates
543 * ABT mode.
544 */
545 tf->tf_spsr &= ~PSR_MODE;
546
547 /*
548 * We use a simple heuristic to determine if the double abort
549 * happened as a result of a kernel or user mode access.
550 * If the current trapframe is at the top of the kernel stack,
551 * the fault _must_ have come from user mode.
552 */
553 if (tf != ((struct trapframe *)pcb->pcb_regs.sf_sp) - 1) {
554 /*
555 * Kernel mode. We're either about to die a
556 * spectacular death, or pcb_onfault will come
557 * to our rescue. Either way, the current value
558 * of tf->tf_pc is irrelevant.
559 */
560 tf->tf_spsr |= PSR_SVC32_MODE;
561 if (pcb->pcb_onfault == NULL)
562 printf("\nKernel mode double abort!\n");
563 } else {
564 /*
565 * User mode. We've lost the program counter at the
566 * time of the fault (not that it was accurate anyway;
567 * it's not called an imprecise fault for nothing).
568 * About all we can do is copy r14_usr to tf_pc and
569 * hope for the best. The process is about to get a
570 * SIGBUS, so it's probably history anyway.
571 */
572 tf->tf_spsr |= PSR_USR32_MODE;
573 tf->tf_pc = tf->tf_usr_lr;
574 }
575 }
576
577 /* FAR is invalid for imprecise exceptions */
578 if ((fsr & FAULT_IMPRECISE) != 0)
579 far = 0;
580 #endif /* __XSCALE__ */
581
582 if (pcb->pcb_onfault) {
583 tf->tf_r0 = EFAULT;
584 tf->tf_pc = (register_t)(intptr_t) pcb->pcb_onfault;
585 return (0);
586 }
587
588 /*
589 * At this point, if the fault happened in kernel mode, we're toast
590 */
591 if (!TRAP_USERMODE(tf))
592 dab_fatal(tf, fsr, far, td, ksig);
593
594 /* Deliver a bus error signal to the process */
595 ksig->signb = SIGBUS;
596 ksig->code = 0;
597 td->td_frame = tf;
598
599 return (1);
600 }
601
602 /*
603 * void prefetch_abort_handler(struct trapframe *tf)
604 *
605 * Abort handler called when instruction execution occurs at
606 * a non existent or restricted (access permissions) memory page.
607 * If the address is invalid and we were in SVC mode then panic as
608 * the kernel should never prefetch abort.
609 * If the address is invalid and the page is mapped then the user process
610 * does no have read permission so send it a signal.
611 * Otherwise fault the page in and try again.
612 */
613 static void
prefetch_abort_handler(struct trapframe * tf)614 prefetch_abort_handler(struct trapframe *tf)
615 {
616 struct thread *td;
617 struct proc * p;
618 struct vm_map *map;
619 vm_offset_t fault_pc, va;
620 int error = 0;
621 struct ksig ksig;
622
623
624 #if 0
625 /* Update vmmeter statistics */
626 uvmexp.traps++;
627 #endif
628 #if 0
629 printf("prefetch abort handler: %p %p\n", (void*)tf->tf_pc,
630 (void*)tf->tf_usr_lr);
631 #endif
632
633 td = curthread;
634 p = td->td_proc;
635 PCPU_INC(cnt.v_trap);
636
637 if (TRAP_USERMODE(tf)) {
638 td->td_frame = tf;
639 if (td->td_cowgen != td->td_proc->p_cowgen)
640 thread_cow_update(td);
641 }
642 fault_pc = tf->tf_pc;
643 if (td->td_md.md_spinlock_count == 0) {
644 if (__predict_true(tf->tf_spsr & PSR_I) == 0)
645 enable_interrupts(PSR_I);
646 if (__predict_true(tf->tf_spsr & PSR_F) == 0)
647 enable_interrupts(PSR_F);
648 }
649
650 /* Prefetch aborts cannot happen in kernel mode */
651 if (__predict_false(!TRAP_USERMODE(tf)))
652 dab_fatal(tf, 0, tf->tf_pc, NULL, &ksig);
653 td->td_pticks = 0;
654
655
656 /* Ok validate the address, can only execute in USER space */
657 if (__predict_false(fault_pc >= VM_MAXUSER_ADDRESS ||
658 (fault_pc < VM_MIN_ADDRESS && vector_page == ARM_VECTORS_LOW))) {
659 ksig.signb = SIGSEGV;
660 ksig.code = 0;
661 goto do_trapsignal;
662 }
663
664 map = &td->td_proc->p_vmspace->vm_map;
665 va = trunc_page(fault_pc);
666
667 /*
668 * See if the pmap can handle this fault on its own...
669 */
670 #ifdef DEBUG
671 last_fault_code = -1;
672 #endif
673 if (pmap_fault_fixup(map->pmap, va, VM_PROT_READ, 1))
674 goto out;
675
676 error = vm_fault(map, va, VM_PROT_READ | VM_PROT_EXECUTE,
677 VM_FAULT_NORMAL);
678 if (__predict_true(error == 0))
679 goto out;
680
681 if (error == ENOMEM) {
682 printf("VM: pid %d (%s), uid %d killed: "
683 "out of swap\n", td->td_proc->p_pid, td->td_name,
684 (td->td_proc->p_ucred) ?
685 td->td_proc->p_ucred->cr_uid : -1);
686 ksig.signb = SIGKILL;
687 } else {
688 ksig.signb = SIGSEGV;
689 }
690 ksig.code = 0;
691
692 do_trapsignal:
693 call_trapsignal(td, ksig.signb, ksig.code);
694
695 out:
696 userret(td, tf);
697
698 }
699
700 extern int badaddr_read_1(const uint8_t *, uint8_t *);
701 extern int badaddr_read_2(const uint16_t *, uint16_t *);
702 extern int badaddr_read_4(const uint32_t *, uint32_t *);
703 /*
704 * Tentatively read an 8, 16, or 32-bit value from 'addr'.
705 * If the read succeeds, the value is written to 'rptr' and zero is returned.
706 * Else, return EFAULT.
707 */
708 int
badaddr_read(void * addr,size_t size,void * rptr)709 badaddr_read(void *addr, size_t size, void *rptr)
710 {
711 union {
712 uint8_t v1;
713 uint16_t v2;
714 uint32_t v4;
715 } u;
716 int rv;
717
718 cpu_drain_writebuf();
719
720 /* Read from the test address. */
721 switch (size) {
722 case sizeof(uint8_t):
723 rv = badaddr_read_1(addr, &u.v1);
724 if (rv == 0 && rptr)
725 *(uint8_t *) rptr = u.v1;
726 break;
727
728 case sizeof(uint16_t):
729 rv = badaddr_read_2(addr, &u.v2);
730 if (rv == 0 && rptr)
731 *(uint16_t *) rptr = u.v2;
732 break;
733
734 case sizeof(uint32_t):
735 rv = badaddr_read_4(addr, &u.v4);
736 if (rv == 0 && rptr)
737 *(uint32_t *) rptr = u.v4;
738 break;
739
740 default:
741 panic("badaddr: invalid size (%lu)", (u_long) size);
742 }
743
744 /* Return EFAULT if the address was invalid, else zero */
745 return (rv);
746 }
747