]> git.saurik.com Git - apple/xnu.git/blob - osfmk/ppc/model_dep.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1228.9.59.tar.gz
[apple/xnu.git] / osfmk / ppc / model_dep.c
1 /*
2 * Copyright (c) 2000-2008 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * @OSF_COPYRIGHT@
30 */
31 /*
32 * @APPLE_FREE_COPYRIGHT@
33 */
34 /*
35 * (c) Copyright 1988 HEWLETT-PACKARD COMPANY
36 *
37 * To anyone who acknowledges that this file is provided "AS IS"
38 * without any express or implied warranty:
39 * permission to use, copy, modify, and distribute this file
40 * for any purpose is hereby granted without fee, provided that
41 * the above copyright notice and this notice appears in all
42 * copies, and that the name of Hewlett-Packard Company not be
43 * used in advertising or publicity pertaining to distribution
44 * of the software without specific, written prior permission.
45 * Hewlett-Packard Company makes no representations about the
46 * suitability of this software for any purpose.
47 */
48 /*
49 * Copyright (c) 1990,1991,1992,1994 The University of Utah and
50 * the Computer Systems Laboratory (CSL). All rights reserved.
51 *
52 * THE UNIVERSITY OF UTAH AND CSL PROVIDE THIS SOFTWARE IN ITS "AS IS"
53 * CONDITION, AND DISCLAIM ANY LIABILITY OF ANY KIND FOR ANY DAMAGES
54 * WHATSOEVER RESULTING FROM ITS USE.
55 *
56 * CSL requests users of this software to return to csl-dist@cs.utah.edu any
57 * improvements that they make and grant CSL redistribution rights.
58 *
59 * Utah $Hdr: model_dep.c 1.34 94/12/14$
60 */
61 /*
62 * NOTICE: This file was modified by McAfee Research in 2004 to introduce
63 * support for mandatory and extensible security protections. This notice
64 * is included in support of clause 2.2 (b) of the Apple Public License,
65 * Version 2.0.
66 */
67
68 #include <debug.h>
69 #include <mach_kdb.h>
70 #include <mach_kdp.h>
71 #include <db_machine_commands.h>
72
73 #include <kern/thread.h>
74 #include <machine/pmap.h>
75 #include <device/device_types.h>
76
77 #include <mach/vm_param.h>
78 #include <mach/clock_types.h>
79 #include <mach/machine.h>
80 #include <mach/kmod.h>
81 #include <ppc/boot.h>
82
83 #include <kern/misc_protos.h>
84 #include <kern/startup.h>
85 #include <ppc/misc_protos.h>
86 #include <ppc/proc_reg.h>
87 #include <ppc/thread.h>
88 #include <ppc/asm.h>
89 #include <ppc/mem.h>
90 #include <ppc/Firmware.h>
91 #include <ppc/low_trace.h>
92 #include <ppc/mappings.h>
93 #include <ppc/FirmwareCalls.h>
94 #include <ppc/cpu_internal.h>
95 #include <ppc/exception.h>
96 #include <ppc/hw_perfmon.h>
97 #include <ppc/lowglobals.h>
98 #include <ppc/machine_cpu.h>
99 #include <ppc/db_machdep.h>
100
101 #include <kern/clock.h>
102 #include <kern/debug.h>
103 #include <machine/trap.h>
104 #include <kern/spl.h>
105 #include <pexpert/pexpert.h>
106 #include <kern/sched.h>
107 #include <kern/task.h>
108 #include <kern/machine.h>
109 #include <vm/vm_map.h>
110
111 #include <IOKit/IOPlatformExpert.h>
112
113 #include <mach/vm_prot.h>
114 #include <vm/pmap.h>
115 #include <mach/time_value.h>
116 #include <mach/mach_types.h>
117 #include <mach/mach_vm.h>
118 #include <machine/machparam.h> /* for btop */
119
120 #if MACH_KDB
121 #include <ddb/db_aout.h>
122 #include <ddb/db_output.h>
123 #include <ddb/db_command.h>
124 #include <machine/db_machdep.h>
125
126 extern struct db_command ppc_db_commands[];
127 #endif /* MACH_KDB */
128
129 char kernel_args_buf[256] = "/mach_kernel";
130 char boot_args_buf[256] = "/mach_servers/bootstrap";
131 char env_buf[256];
132
133 #define TRAP_DEBUGGER __asm__ volatile("tw 4,r3,r3");
134 #define TRAP_DEBUGGER_INST 0x7c831808
135 #define TRAP_DIRECT __asm__ volatile("tw 4,r4,r4");
136 #define TRAP_DIRECT_INST 0x7c842008
137 #define TRAP_INST_SIZE 4
138 #define BREAK_TO_KDP0 0x7fe00008
139 #define BREAK_TO_KDP1 0x7c800008
140 #define BREAK_TO_KDB0 0x7c810808
141
142 /*
143 * Code used to synchronize debuggers among all cpus, one active at a time, switch
144 * from on to another using kdb_on! #cpu or cpu #cpu
145 */
146
147 hw_lock_data_t debugger_lock; /* debugger lock */
148 hw_lock_data_t pbtlock; /* backtrace print lock */
149
150 unsigned int debugger_cpu = (unsigned)-1; /* current cpu running debugger */
151 int debugger_debug = 0; /* Debug debugger */
152 int db_run_mode; /* Debugger run mode */
153 unsigned int debugger_sync = 0; /* Cross processor debugger entry sync */
154 extern unsigned int NMIss; /* NMI debounce switch */
155
156 extern volatile int panicwait;
157 volatile unsigned int pbtcnt = 0;
158 volatile unsigned int pbtcpu = -1;
159
160 unsigned int lastTrace; /* Value of low-level exception trace controls */
161
162
163 volatile unsigned int cpus_holding_bkpts; /* counter for number of cpus holding
164 breakpoints (ie: cpus that did not
165 insert back breakpoints) */
166 void unlock_debugger(void);
167 void lock_debugger(void);
168 void dump_backtrace(struct savearea *sv,
169 unsigned int stackptr,
170 unsigned int fence);
171 void dump_savearea(struct savearea *sv,
172 unsigned int fence);
173
174 #if !MACH_KDB
175 boolean_t db_breakpoints_inserted = TRUE;
176 jmp_buf_t *db_recover;
177 #endif
178
179 #if MACH_KDB
180 #include <ddb/db_run.h>
181 int kdb_flag=0;
182 extern boolean_t db_breakpoints_inserted;
183 extern jmp_buf_t *db_recover;
184 #define KDB_READY 0x1
185 #endif
186
187 #if MACH_KDP
188 extern int kdp_flag;
189 #define KDP_READY 0x1
190 #endif
191
192 unsigned int db_im_stepping = 0xFFFFFFFF; /* Remember if we were stepping */
193
194
195 const char *failNames[] = {
196 "Debugging trap", /* failDebug */
197 "Corrupt stack", /* failStack */
198 "Corrupt mapping tables", /* failMapping */
199 "Corrupt context", /* failContext */
200 "No saveareas", /* failNoSavearea */
201 "Savearea corruption", /* failSaveareaCorr */
202 "Invalid live context", /* failBadLiveContext */
203 "Corrupt skip lists", /* failSkipLists */
204 "Unaligned stack", /* failUnalignedStk */
205 "Invalid pmap", /* failPmap */
206 "Lock timeout", /* failTimeout */
207 "Unknown failure code" /* Unknown failure code - must always be last */
208 };
209
210 const char *invxcption = "Unknown code";
211
212 static unsigned commit_paniclog_to_nvram;
213
214 #if !MACH_KDB
215 void kdb_trap(__unused int type, __unused struct savearea *regs) {}
216 #endif /* !MACH_KDB */
217
218 #if !MACH_KDP
219 void kdp_trap(__unused int type, __unused struct savearea *regs) {}
220 #endif /* !MACH_KDP */
221
222 extern int default_preemption_rate;
223 extern int max_unsafe_quanta;
224 extern int max_poll_quanta;
225
226 void
227 machine_startup(void)
228 {
229 int boot_arg;
230 unsigned int wncpu;
231
232 if (PE_parse_boot_argn("cpus", &wncpu, sizeof (wncpu))) {
233 if ((wncpu > 0) && (wncpu < MAX_CPUS))
234 max_ncpus = wncpu;
235 }
236
237 if( PE_get_hotkey( kPEControlKey ))
238 halt_in_debugger = halt_in_debugger ? 0 : 1;
239
240 if (PE_parse_boot_argn("debug", &boot_arg, sizeof (boot_arg))) {
241 if (boot_arg & DB_HALT) halt_in_debugger=1;
242 if (boot_arg & DB_PRT) disable_debug_output=FALSE;
243 if (boot_arg & DB_SLOG) systemLogDiags=TRUE;
244 if (boot_arg & DB_NMI) panicDebugging=TRUE;
245 if (boot_arg & DB_LOG_PI_SCRN) logPanicDataToScreen=TRUE;
246 }
247
248 if (!PE_parse_boot_argn("nvram_paniclog", &commit_paniclog_to_nvram, sizeof (commit_paniclog_to_nvram)))
249 commit_paniclog_to_nvram = 1;
250
251 PE_parse_boot_argn("vmmforce", &lowGlo.lgVMMforcedFeats, sizeof (lowGlo.lgVMMforcedFeats));
252
253 hw_lock_init(&debugger_lock); /* initialize debugger lock */
254 hw_lock_init(&pbtlock); /* initialize print backtrace lock */
255
256 #if MACH_KDB
257 /*
258 * Initialize KDB
259 */
260 #if DB_MACHINE_COMMANDS
261 db_machine_commands_install(ppc_db_commands);
262 #endif /* DB_MACHINE_COMMANDS */
263 ddb_init();
264
265 if (boot_arg & DB_KDB)
266 current_debugger = KDB_CUR_DB;
267
268 /*
269 * Cause a breakpoint trap to the debugger before proceeding
270 * any further if the proper option bit was specified in
271 * the boot flags.
272 */
273 if (halt_in_debugger && (current_debugger == KDB_CUR_DB)) {
274 Debugger("inline call to debugger(machine_startup)");
275 halt_in_debugger = 0;
276 active_debugger =1;
277 }
278 #endif /* MACH_KDB */
279 if (PE_parse_boot_argn("preempt", &boot_arg, sizeof (boot_arg))) {
280 default_preemption_rate = boot_arg;
281 }
282 if (PE_parse_boot_argn("unsafe", &boot_arg, sizeof (boot_arg))) {
283 max_unsafe_quanta = boot_arg;
284 }
285 if (PE_parse_boot_argn("poll", &boot_arg, sizeof (boot_arg))) {
286 max_poll_quanta = boot_arg;
287 }
288 if (PE_parse_boot_argn("yield", &boot_arg, sizeof (boot_arg))) {
289 sched_poll_yield_shift = boot_arg;
290 }
291
292 machine_conf();
293
294 /*
295 * Kick off the kernel bootstrap.
296 */
297 kernel_bootstrap();
298 /*NOTREACHED*/
299 }
300
301 char *
302 machine_boot_info(__unused char *buf, __unused vm_size_t size)
303 {
304 return(PE_boot_args());
305 }
306
307 void
308 machine_conf(void)
309 {
310 machine_info.memory_size = mem_size; /* Note that this will be 2 GB for >= 2 GB machines */
311 }
312
313 void
314 machine_init(void)
315 {
316 debug_log_init();
317 clock_config();
318 /* Note that we must initialize the stepper tables AFTER the clock is configured!!!!! */
319 if(pmsExperimental & 1) pmsCPUConf(); /* (EXPERIMENTAL) Initialize the stepper tables */
320 perfmon_init();
321 return;
322
323 }
324
325 void
326 slave_machine_init(__unused void *param)
327 {
328 cpu_machine_init(); /* Initialize the processor */
329 clock_init(); /* Init the clock */
330 }
331
332 void
333 halt_all_cpus(boolean_t reboot)
334 {
335 if(reboot)
336 {
337 printf("MACH Reboot\n");
338 PEHaltRestart(kPERestartCPU);
339 }
340 else
341 {
342 printf("CPU halted\n");
343 PEHaltRestart(kPEHaltCPU);
344 }
345 while(1);
346 }
347
348 void
349 halt_cpu(void)
350 {
351 halt_all_cpus(FALSE);
352 }
353
354 #if MACH_ASSERT
355 /*
356 * Machine-dependent routine to fill in an array with up to callstack_max
357 * levels of return pc information.
358 */
359 void
360 machine_callstack(__unused natural_t *buf, __unused vm_size_t callstack_max)
361 {
362 }
363 #endif /* MACH_ASSERT */
364
365 void
366 print_backtrace(struct savearea *ssp)
367 {
368 unsigned int stackptr, fence;
369 struct savearea *sv, *svssp, *psv;
370 unsigned int cpu;
371
372 /*
373 * We need this lock to make sure we don't hang up when we double panic on an MP.
374 */
375
376 cpu = cpu_number(); /* Just who are we anyways? */
377 if(pbtcpu != cpu) { /* Allow recursion */
378 (void)hw_atomic_add(&pbtcnt, 1); /* Remember we are trying */
379 while(!hw_lock_try(&pbtlock)); /* Spin here until we can get in. If we never do, well, we're crashing anyhow... */
380 pbtcpu = cpu; /* Mark it as us */
381 }
382
383 svssp = (struct savearea *)ssp; /* Make this easier */
384 sv = NULL;
385 if(current_thread())
386 sv = (struct savearea *)current_thread()->machine.pcb; /* Find most current savearea if system has started */
387
388 fence = 0xFFFFFFFF; /* Show we go all the way */
389 if(sv) fence = (unsigned int)sv->save_r1; /* Stop at previous exception point */
390
391 if(!svssp) { /* Should we start from stack? */
392 kdb_printf("Latest stack backtrace for cpu %d:\n", cpu_number());
393 __asm__ volatile("mr %0,r1" : "=r" (stackptr)); /* Get current stack */
394 dump_backtrace((struct savearea *)0,stackptr, fence); /* Dump the backtrace */
395 if(!sv) { /* Leave if no saveareas */
396 hw_lock_unlock(&pbtlock); /* Allow another back trace to happen */
397 goto pbt_exit;
398 }
399 }
400 else { /* Were we passed an exception? */
401 fence = 0xFFFFFFFF; /* Show we go all the way */
402 if(svssp->save_hdr.save_prev) {
403 if((svssp->save_hdr.save_prev <= vm_last_addr) && ((unsigned int)pmap_find_phys(kernel_pmap, (addr64_t)svssp->save_hdr.save_prev))) { /* Valid address? */
404 psv = (struct savearea *)((unsigned int)svssp->save_hdr.save_prev); /* Get the 64-bit back chain converted to a regualr pointer */
405 fence = (unsigned int)psv->save_r1; /* Stop at previous exception point */
406 }
407 }
408
409 kdb_printf("Latest crash info for cpu %d:\n", cpu_number());
410 kdb_printf(" Exception state (sv=%p)\n", svssp);
411 dump_savearea(svssp, fence); /* Dump this savearea */
412 }
413
414 if(!sv) { /* Leave if no saveareas */
415 hw_lock_unlock(&pbtlock); /* Allow another back trace to happen */
416 goto pbt_exit;
417 }
418
419 kdb_printf("Proceeding back via exception chain:\n");
420
421 while(sv) { /* Do them all... */
422 if(!(((addr64_t)((uintptr_t)sv) <= vm_last_addr) &&
423 (unsigned int)pmap_find_phys(kernel_pmap, (addr64_t)((uintptr_t)sv)))) { /* Valid address? */
424 kdb_printf(" Exception state (sv=%p) Not mapped or invalid. stopping...\n", sv);
425 break;
426 }
427
428 kdb_printf(" Exception state (sv=%p)\n", sv);
429 if(sv == svssp) { /* Did we dump it already? */
430 kdb_printf(" previously dumped as \"Latest\" state. skipping...\n");
431 }
432 else {
433 fence = 0xFFFFFFFF; /* Show we go all the way */
434 if(sv->save_hdr.save_prev) {
435 if((sv->save_hdr.save_prev <= vm_last_addr) && ((unsigned int)pmap_find_phys(kernel_pmap, (addr64_t)sv->save_hdr.save_prev))) { /* Valid address? */
436 psv = (struct savearea *)((unsigned int)sv->save_hdr.save_prev); /* Get the 64-bit back chain converted to a regualr pointer */
437 fence = (unsigned int)psv->save_r1; /* Stop at previous exception point */
438 }
439 }
440 dump_savearea(sv, fence); /* Dump this savearea */
441 }
442
443 sv = CAST_DOWN(struct savearea *, sv->save_hdr.save_prev); /* Back chain */
444 }
445
446
447 pbtcpu = -1; /* Mark as unowned */
448 hw_lock_unlock(&pbtlock); /* Allow another back trace to happen */
449 (void)hw_atomic_sub(&pbtcnt, 1); /* Show we are done */
450
451 while(pbtcnt); /* Wait for completion */
452 pbt_exit:
453 panic_display_system_configuration();
454
455 return;
456 }
457
458 void
459 dump_savearea(struct savearea *sv, unsigned int fence)
460 {
461 const char *xcode;
462
463 if(sv->save_exception > T_MAX)
464 xcode = invxcption; /* Too big for table */
465 else
466 xcode = trap_type[sv->save_exception / 4]; /* Point to the type */
467
468 kdb_printf(" PC=0x%08X; MSR=0x%08X; DAR=0x%08X; DSISR=0x%08X; LR=0x%08X; R1=0x%08X; XCP=0x%08X (%s)\n",
469 (unsigned int)sv->save_srr0, (unsigned int)sv->save_srr1, (unsigned int)sv->save_dar, sv->save_dsisr,
470 (unsigned int)sv->save_lr, (unsigned int)sv->save_r1, sv->save_exception, xcode);
471
472 if(!(sv->save_srr1 & MASK(MSR_PR))) { /* Are we in the kernel? */
473 dump_backtrace(sv, (unsigned int)sv->save_r1, fence); /* Dump the stack back trace from here if not user state */
474 }
475
476 return;
477 }
478
479 #define DUMPFRAMES 34
480 #define LRindex 2
481
482 void dump_backtrace(struct savearea *sv, unsigned int stackptr, unsigned int fence) {
483
484 unsigned int bframes[DUMPFRAMES];
485 unsigned int sframe[8], raddr, dumbo;
486 int i, index=0;
487 // char syminfo[80];
488
489 kdb_printf(" Backtrace:\n");
490 if (sv != (struct savearea *)0) {
491 bframes[0] = (unsigned int)sv->save_srr0;
492 bframes[1] = (unsigned int)sv->save_lr;
493 index = 2;
494 }
495 for(i = index; i < DUMPFRAMES; i++) { /* Dump up to max frames */
496
497 if(!stackptr || (stackptr == fence)) break; /* Hit stop point or end... */
498
499 if(stackptr & 0x0000000F) { /* Is stack pointer valid? */
500 kdb_printf("\n backtrace terminated - unaligned frame address: 0x%08X\n", stackptr); /* No, tell 'em */
501 break;
502 }
503
504 raddr = (unsigned int)pmap_find_phys(kernel_pmap, (addr64_t)stackptr); /* Get physical frame address */
505 if(!raddr || (stackptr > vm_last_addr)) { /* Is it mapped? */
506 kdb_printf("\n backtrace terminated - frame not mapped or invalid: 0x%08X\n", stackptr); /* No, tell 'em */
507 break;
508 }
509
510 if(!mapping_phys_lookup(raddr, &dumbo)) { /* Is it within physical RAM? */
511 kdb_printf("\n backtrace terminated - frame outside of RAM: v=0x%08X, p=%08X\n", stackptr, raddr); /* No, tell 'em */
512 break;
513 }
514
515 ReadReal((addr64_t)((raddr << 12) | (stackptr & 4095)), &sframe[0]); /* Fetch the stack frame */
516
517 bframes[i] = sframe[LRindex]; /* Save the link register */
518
519 // syms_formataddr((vm_offset_t)bframes[i], syminfo, sizeof (syminfo));
520 // kdb_printf(" %s\n", syminfo);
521 if(!i) kdb_printf(" "); /* Indent first time */
522 else if(!(i & 7)) kdb_printf("\n "); /* Skip to new line every 8 */
523 kdb_printf("0x%08X ", bframes[i]); /* Dump the link register */
524
525 stackptr = sframe[0]; /* Chain back */
526 }
527 kdb_printf("\n");
528 if(i >= DUMPFRAMES) kdb_printf(" backtrace continues...\n"); /* Say we terminated early */
529 if(i) kmod_dump((vm_offset_t *)&bframes[0], i); /* Show what kmods are in trace */
530
531 }
532
533 void commit_paniclog(void) {
534 unsigned long pi_size = 0;
535
536 if (debug_buf_size > 0) {
537 if (commit_paniclog_to_nvram) {
538 unsigned int bufpos;
539
540 /* XXX Consider using the WKdm compressor in the
541 * future, rather than just packing - would need to
542 * be co-ordinated with crashreporter, which decodes
543 * this post-restart. The compressor should be
544 * capable of in-place compression.
545 */
546 bufpos = packA(debug_buf, (unsigned) (debug_buf_ptr - debug_buf), debug_buf_size);
547 /* If compression was successful,
548 * use the compressed length
549 */
550 pi_size = bufpos ? bufpos : (unsigned) (debug_buf_ptr - debug_buf);
551
552 /* Truncate if the buffer is larger than a
553 * certain magic size - this really ought to
554 * be some appropriate fraction of the NVRAM
555 * image buffer, and is best done in the
556 * savePanicInfo() or PESavePanicInfo() calls
557 * This call must save data synchronously,
558 * since we can subsequently halt the system.
559 */
560 kprintf("Attempting to commit panic log to NVRAM\n");
561 /* N.B.: This routine (currently an IOKit wrapper that
562 * calls through to the appropriate platform NVRAM
563 * driver, must be panic context safe, i.e.
564 * acquire no locks or require kernel services.
565 * This does not appear to be the case currently
566 * on some platforms, unfortunately (the driver
567 * on command gate serialization).
568 */
569 pi_size = PESavePanicInfo((unsigned char *)debug_buf,
570 ((pi_size > 2040) ? 2040 : pi_size));
571 /* Uncompress in-place, to allow debuggers to examine
572 * the panic log.
573 */
574 if (bufpos)
575 unpackA(debug_buf, bufpos);
576 }
577 }
578 }
579
580 void
581 Debugger(const char *message) {
582
583 spl_t spl;
584
585 spl = splhigh(); /* No interruptions from here on */
586
587 /*
588 * backtrace for Debugger() call from panic() if no current debugger
589 * backtrace and return for double panic() call
590 */
591 if ((panicstr != (char *)0) &&
592 (((nestedpanic != 0) && (current_debugger == 1)) || (active_debugger == 0))) {
593 print_backtrace(NULL);
594 if (nestedpanic != 0) {
595 splx(spl);
596 return; /* Yeah, don't enter again... */
597 }
598 }
599
600 if (debug_mode && getPerProc()->debugger_active) { /* Are we already on debugger on this processor? */
601 splx(spl);
602 return; /* Yeah, don't do it again... */
603 }
604
605
606 /*
607 * The above stuff catches the double panic case so we shouldn't have to worry about that here.
608 */
609 if ( panicstr != (char *)0 )
610 {
611 disable_preemption();
612 /* Commit the panic log buffer to NVRAM, unless otherwise
613 * specified via a boot-arg.
614 */
615 commit_paniclog();
616 if(!panicDebugging) {
617 unsigned int my_cpu, tcpu;
618
619 my_cpu = cpu_number();
620 debugger_cpu = my_cpu;
621
622 (void)hw_atomic_add(&debug_mode, 1);
623 PerProcTable[my_cpu].ppe_vaddr->debugger_active++;
624 lock_debugger();
625
626 for(tcpu = 0; tcpu < real_ncpus; tcpu++) {
627 if(tcpu == my_cpu) continue;
628 (void)hw_atomic_add(&debugger_sync, 1);
629 (void)cpu_signal(tcpu, SIGPdebug, 0 ,0);
630 }
631 (void)hw_cpu_sync(&debugger_sync, LockTimeOut);
632 debugger_sync = 0;
633 }
634
635 draw_panic_dialog();
636
637 if(!panicDebugging) {
638 #if CONFIG_EMBEDDED
639 PEHaltRestart(kPEPanicRestartCPU);
640 #else
641 PEHaltRestart( kPEHangCPU );
642 #endif
643 }
644
645 enable_preemption();
646 }
647
648 if ((current_debugger != NO_CUR_DB)) { /* If there is a debugger configured, enter it */
649 printf("Debugger(%s)\n", message);
650 TRAP_DEBUGGER;
651 splx(spl);
652 return; /* Done debugging for a while */
653 }
654
655 printf("\nNo debugger configured - dumping debug information\n");
656 printf("MSR=%08X\n",mfmsr());
657 print_backtrace(NULL);
658 splx(spl);
659 return;
660 }
661
662 /*
663 * Here's where we attempt to get some diagnostic information dumped out
664 * when the system is really confused. We will try to get into the
665 * debugger as well.
666 *
667 * We are here with interrupts disabled and on the debug stack. The savearea
668 * that was passed in is NOT chained to the activation.
669 *
670 * save_r3 contains the failure reason code.
671 */
672
673 void
674 SysChoked(unsigned int type, struct savearea *sv)
675 {
676 unsigned int failcode;
677 const char * const pmsg = "System Failure: cpu=%d; code=%08X (%s)\n";
678 mp_disable_preemption();
679 disable_debug_output = FALSE;
680 debug_mode = TRUE;
681
682 failcode = (unsigned int)sv->save_r3; /* Get the failure code */
683 if(failcode > failUnknown) failcode = failUnknown; /* Set unknown code code */
684
685 kprintf(pmsg, cpu_number(), (unsigned int)sv->save_r3, failNames[failcode]);
686 kdb_printf(pmsg, cpu_number(), (unsigned int)sv->save_r3, failNames[failcode]);
687
688 print_backtrace(sv); /* Attempt to print backtrace */
689
690 /* Commit the panic log buffer to NVRAM, unless otherwise
691 * specified via a boot-arg. For certain types of panics
692 * which result in a "choke" exception, this may well
693 * be inadvisable, and setting the nvram_paniclog=0
694 * boot-arg may be useful.
695 */
696
697 if (panicDebugging)
698 commit_paniclog();
699
700 Call_DebuggerC(type, sv); /* Attempt to get into debugger */
701
702 if ((current_debugger != NO_CUR_DB))
703 Call_DebuggerC(type, sv); /* Attempt to get into debugger */
704 panic_plain(pmsg, cpu_number(), (unsigned int)sv->save_r3, failNames[failcode]);
705 }
706
707
708
709 /*
710 * When we get here, interruptions are disabled and we are on the debugger stack
711 * Never, ever, ever, ever enable interruptions from here on
712 */
713
714 int
715 Call_DebuggerC(unsigned int type, struct savearea *saved_state)
716 {
717 int directcall, wait;
718 addr64_t instr_ptr = 0ULL;
719 ppnum_t instr_pp;
720 unsigned int instr, tcpu, my_cpu;
721 int wasdebugger;
722
723 my_cpu = cpu_number(); /* Get our CPU */
724
725 #if MACH_KDB
726 if((debugger_cpu == my_cpu) && /* Do we already own debugger? */
727 PerProcTable[my_cpu].ppe_vaddr->debugger_active && /* and are we really active? */
728 db_recover && /* and have we set up recovery? */
729 (current_debugger == KDB_CUR_DB)) { /* and are we in KDB (only it handles recovery) */
730 kdb_trap(type, saved_state); /* Then reenter it... */
731 }
732 #endif
733
734 (void)hw_atomic_add(&debug_mode, 1); /* Indicate we are in debugger */
735 PerProcTable[my_cpu].ppe_vaddr->debugger_active++; /* Show active on our CPU */
736
737 lock_debugger(); /* Insure that only one CPU is in debugger */
738
739 if(db_im_stepping == my_cpu) { /* Are we just back from a step? */
740 enable_preemption_no_check(); /* Enable preemption now */
741 db_im_stepping = 0xFFFFFFFF; /* Nobody stepping right now */
742 }
743
744 if (debugger_debug) {
745 #if 0
746 kprintf("Call_DebuggerC(%d): %08X %08X, debact = %d\n", my_cpu, type, (uint32_t)saved_state, debug_mode); /* (TEST/DEBUG) */
747 #endif
748 printf("Call_Debugger: enter - cpu %d, is_slave %d, debugger_cpu %d, pc %08llX\n",
749 my_cpu, PerProcTable[my_cpu].ppe_vaddr->debugger_is_slave, debugger_cpu, saved_state->save_srr0);
750 }
751
752 instr_pp = (vm_offset_t)pmap_find_phys(kernel_pmap, (addr64_t)(saved_state->save_srr0));
753
754 if (instr_pp) {
755 instr_ptr = (addr64_t)(((addr64_t)instr_pp << 12) | (saved_state->save_srr0 & 0xFFF)); /* Make physical address */
756 instr = ml_phys_read_64(instr_ptr); /* Get the trap that caused entry */
757 }
758 else instr = 0;
759
760 #if 0
761 if (debugger_debug) kprintf("Call_DebuggerC(%d): instr_pp = %08X, instr_ptr = %016llX, instr = %08X\n", my_cpu, instr_pp, instr_ptr, instr); /* (TEST/DEBUG) */
762 #endif
763
764 if (db_breakpoints_inserted) cpus_holding_bkpts++; /* Bump up the holding count */
765 if ((debugger_cpu == (unsigned)-1) &&
766 !PerProcTable[my_cpu].ppe_vaddr->debugger_is_slave) {
767 #if 0
768 if (debugger_debug) kprintf("Call_DebuggerC(%d): lasttrace = %08X\n", my_cpu, lastTrace); /* (TEST/DEBUG) */
769 #endif
770 debugger_cpu = my_cpu; /* Show that we are debugger */
771
772
773 lastTrace = LLTraceSet(0); /* Disable low-level tracing */
774
775 for(tcpu = 0; tcpu < real_ncpus; tcpu++) { /* Stop all the other guys */
776 if(tcpu == my_cpu) continue; /* Don't diddle ourselves */
777 (void)hw_atomic_add(&debugger_sync, 1); /* Count signal sent */
778 (void)cpu_signal(tcpu, SIGPdebug, 0 ,0); /* Tell 'em to enter debugger */
779 }
780 (void)hw_cpu_sync(&debugger_sync, LockTimeOut); /* Wait for the other processors to enter debug */
781 debugger_sync = 0; /* We're done with it */
782 }
783 else if (debugger_cpu != my_cpu) goto debugger_exit; /* We are not debugger, don't continue... */
784
785
786 if (instr == TRAP_DIRECT_INST) {
787 disable_debug_output = FALSE;
788 print_backtrace(saved_state);
789 }
790
791 switch_debugger = 0; /* Make sure switch request is off */
792 directcall = 1; /* Assume direct call */
793
794 if (saved_state->save_srr1 & MASK(SRR1_PRG_TRAP)) { /* Trap instruction? */
795
796 directcall = 0; /* We had a trap not a direct call */
797
798 switch (instr) { /* Select trap type */
799
800 #if MACH_KDP
801 case BREAK_TO_KDP0: /* Breakpoint into KDP? */
802 case BREAK_TO_KDP1: /* Breakpoint into KDP? */
803 current_debugger = KDP_CUR_DB; /* Yes, set KDP */
804 kdp_trap(type, saved_state); /* Enter it */
805 break;
806 #endif
807
808 #if MACH_KDB
809 case BREAK_TO_KDB0: /* Breakpoint to KDB (the "good" debugger)? */
810 current_debugger = KDB_CUR_DB; /* Yes, set it */
811 kdb_trap(type, saved_state); /* Enter it */
812 break;
813 #endif
814
815 case TRAP_DEBUGGER_INST: /* Should we enter the current debugger? */
816 case TRAP_DIRECT_INST: /* Should we enter the current debugger? */
817 if (current_debugger == KDP_CUR_DB) /* Is current KDP? */
818 kdp_trap(type, saved_state); /* Yes, enter it */
819 else if (current_debugger == KDB_CUR_DB) /* Is this KDB? */
820 kdb_trap(type, saved_state); /* Yes, go ahead and enter */
821 else goto debugger_error; /* No debugger active */
822 break;
823
824 default: /* Unknown/bogus trap type */
825 goto debugger_error;
826 }
827 }
828
829 while(1) { /* We are here to handle debugger switches */
830
831 if(!directcall) { /* Was this a direct call? */
832 if(!switch_debugger) break; /* No, then leave if no switch requested... */
833
834 /*
835 * Note: we can only switch to a debugger we have. Ignore bogus switch requests.
836 */
837 #if 0
838 if (debugger_debug) kprintf("Call_DebuggerC(%d): switching debuggers\n", my_cpu); /* (TEST/DEBUG) */
839 #endif
840 #if MACH_KDB
841 if(current_debugger == KDP_CUR_DB) current_debugger = KDB_CUR_DB; /* Switch to KDB */
842 #if MACH_KDP
843 else
844 #endif
845 #endif
846 #if MACH_KDP
847 if(current_debugger == KDB_CUR_DB) current_debugger = KDP_CUR_DB; /* Switch to KDP */
848 #endif
849 }
850
851 switch_debugger = 0; /* Clear request */
852 directcall = 0; /* Clear first-time direct call indication */
853
854 switch (current_debugger) { /* Enter correct debugger */
855
856 case KDP_CUR_DB: /* Enter KDP */
857 kdp_trap(type, saved_state);
858 break;
859
860 case KDB_CUR_DB: /* Enter KDB */
861 kdb_trap(type, saved_state);
862 break;
863
864 default: /* No debugger installed */
865 goto debugger_error;
866 break;
867 }
868 }
869
870 debugger_exit:
871 #if 0
872 if (debugger_debug) kprintf("Call_DebuggerC(%d): exit - inst = %08X, cpu=%d(%d), run=%d\n", my_cpu,
873 instr, my_cpu, debugger_cpu, db_run_mode); /* (TEST/DEBUG) */
874 #endif
875 if ((instr == TRAP_DEBUGGER_INST) || /* Did we trap to enter debugger? */
876 (instr == TRAP_DIRECT_INST)) saved_state->save_srr0 += TRAP_INST_SIZE; /* Yes, point past trap */
877
878 wasdebugger = 0; /* Assume not debugger */
879 if(debugger_cpu == my_cpu) { /* Are the debugger processor? */
880 wasdebugger = 1; /* Remember that we were the debugger */
881 LLTraceSet(lastTrace); /* Enable tracing on the way out if we are debugger */
882 }
883
884 wait = FALSE; /* Assume we are not going to wait */
885 if (db_run_mode == STEP_CONTINUE) { /* Are we going to run? */
886 wait = TRUE; /* Yeah, remember to wait for breakpoints to clear */
887 debugger_cpu = -1; /* Release other processor's debuggers */
888 for(tcpu = 0; tcpu < real_ncpus; tcpu++)
889 PerProcTable[tcpu].ppe_vaddr->debugger_pending = 0; /* Release request (this is a HACK) */
890 NMIss = 0; /* Let NMI bounce */
891 }
892
893 if(db_run_mode == STEP_ONCE) { /* Are we about to step? */
894 disable_preemption(); /* Disable preemption for the step */
895 db_im_stepping = my_cpu; /* Remember that I am about to step */
896 }
897
898 if (db_breakpoints_inserted) cpus_holding_bkpts--; /* If any breakpoints, back off count */
899 if (PerProcTable[my_cpu].ppe_vaddr->debugger_is_slave) PerProcTable[my_cpu].ppe_vaddr->debugger_is_slave--; /* If we were a slove, uncount us */
900 if (debugger_debug)
901 printf("Call_Debugger: exit - cpu %d, debugger_cpu %d, run_mode %d holds %d\n",
902 my_cpu, debugger_cpu, db_run_mode,
903 cpus_holding_bkpts);
904
905 unlock_debugger(); /* Release the lock */
906 PerProcTable[my_cpu].ppe_vaddr->debugger_active--; /* Say we aren't active anymore */
907
908 if (wait) while(cpus_holding_bkpts); /* Wait for breakpoints to clear */
909
910
911 (void)hw_atomic_sub(&debug_mode, 1); /* Set out of debug now */
912
913 return(1); /* Exit debugger normally */
914
915 debugger_error:
916 if(db_run_mode != STEP_ONCE) enable_preemption_no_check(); /* Enable preemption, but don't preempt here */
917 (void)hw_atomic_sub(&debug_mode, 1); /* Set out of debug now */
918 return(0); /* Return in shame... */
919
920 }
921
922 void
923 lock_debugger(void)
924 {
925 unsigned int my_cpu;
926
927 my_cpu = cpu_number(); /* Get our CPU number */
928
929 while(1) { /* Check until we get it */
930 if (debugger_cpu != (unsigned)-1 && debugger_cpu != my_cpu)
931 continue; /* Someone, not us, is debugger... */
932 if (hw_lock_try(&debugger_lock)) { /* Get the debug lock */
933 if (debugger_cpu == (unsigned)-1 || debugger_cpu == my_cpu)
934 break; /* Is it us? */
935 hw_lock_unlock(&debugger_lock); /* Not us, release lock */
936 }
937 }
938 }
939
940 void unlock_debugger(void) {
941
942 hw_lock_unlock(&debugger_lock);
943
944 }
945
946 int patchInst(task_t task, addr64_t vaddr, uint32_t inst);
947 int patchInst(task_t task, addr64_t vaddr, uint32_t inst)
948 {
949 vm_map_t map;
950 addr64_t paddr;
951 uint32_t instr, nestingDepth;
952 kern_return_t ret;
953 vm_region_submap_short_info_data_64_t info;
954 mach_msg_type_number_t count;
955 mach_vm_address_t address;
956 mach_vm_size_t sizeOfRegion;
957 vm_prot_t reprotect;
958
959 if(task == TASK_NULL) return -1; /* Leave if task is bogus... */
960
961 task_lock(task); /* Make sure the task doesn't go anywhaere */
962 if (!task->active) { /* Is is alive? */
963 task_unlock(task); /* Nope, unlock */
964 return -1; /* Not a active task, fail... */
965 }
966 map = task->map; /* Get his map */
967 vm_map_reference_swap(map); /* Don't let it go away */
968 task_unlock(task); /* Unleash the task */
969
970 /* Find the memory permissions. */
971 nestingDepth=999999; /* Limit recursion */
972
973 count = VM_REGION_SUBMAP_SHORT_INFO_COUNT_64;
974 address = (mach_vm_address_t)vaddr;
975 sizeOfRegion = (mach_vm_size_t)4;
976
977 ret = mach_vm_region_recurse(map, &address, &sizeOfRegion, &nestingDepth, (vm_region_recurse_info_t)&info, &count);
978 if (ret != KERN_SUCCESS) { /* Leave if it didn't work */
979 vm_map_deallocate(map); /* Drop reference on map */
980 return (-1);
981 }
982
983 /*
984 * We need to check if there could be a problem if the dtrace probes are being removed and the code is being
985 * executed at the same time. This sequence may leave us with no-execute turned on temporarily when we execute
986 * through it.
987 */
988
989 if (!(info.protection & VM_PROT_WRITE)) {
990 /* Save the original protection values for restoration later */
991 reprotect = info.protection;
992
993 if (info.max_protection & VM_PROT_WRITE) {
994 /* The memory is not currently writable, but can be made writable. */
995 ret = mach_vm_protect(map, (mach_vm_offset_t)vaddr, (mach_vm_size_t)4, 0, reprotect | VM_PROT_WRITE);
996 }
997 else {
998 /*
999 * The memory is not currently writable, and cannot be made writable. We need to COW this memory.
1000 *
1001 * Strange, we can't just say "reprotect | VM_PROT_COPY", that fails.
1002 */
1003 ret = mach_vm_protect(map, (mach_vm_offset_t)vaddr, (mach_vm_size_t)4, 0, VM_PROT_COPY | VM_PROT_READ | VM_PROT_WRITE);
1004 }
1005
1006 if (ret != KERN_SUCCESS) {
1007 vm_map_deallocate(map); /* Drop reference on map */
1008 return (-1);
1009 }
1010
1011 }
1012 else {
1013 /* The memory was already writable. */
1014 reprotect = VM_PROT_NONE;
1015 }
1016
1017 instr = inst; /* Place instruction in local memory */
1018 ret = vm_map_write_user(map, &inst, (vm_map_address_t)vaddr, (vm_size_t)4); /* Write the instruction */
1019 if (ret != KERN_SUCCESS) { /* Leave if it didn't work */
1020
1021 if (reprotect != VM_PROT_NONE) {
1022 ret = mach_vm_protect (map, (mach_vm_offset_t)vaddr, (mach_vm_size_t)4, 0, reprotect);
1023 }
1024
1025 vm_map_deallocate(map); /* Drop reference on map */
1026 return (-1);
1027 }
1028
1029 paddr = (addr64_t)pmap_find_phys(map->pmap, vaddr) << 12; /* Find the physical address of the patched address */
1030 if(!paddr) { /* Is address mapped now? */
1031 vm_map_deallocate(map); /* Drop reference on map */
1032 return 0; /* Leave... */
1033 }
1034 paddr = paddr | (vaddr & 4095); /* Construct physical address */
1035 invalidate_icache64(paddr, 4, 1); /* Flush out the instruction cache here */
1036
1037 if (reprotect != VM_PROT_NONE) {
1038 ret = mach_vm_protect(map, (mach_vm_offset_t)vaddr, (mach_vm_size_t)4, 0, reprotect);
1039 }
1040
1041 vm_map_deallocate(map);
1042
1043 return (0);
1044 }
mirror of XNU