test: trapc.c Source File

00001 /*++ 00002 00003 Copyright (c) 1990 Microsoft Corporation 00004 00005 Module Name: 00006 00007 trapc.c 00008 00009 Abstract: 00010 00011 This module implements the specific exception handlers for EM 00012 exceptions. Called by the KiGenericExceptionHandler. 00013 00014 Author: 00015 00016 Bernard Lint 4-Apr-96 00017 00018 Environment: 00019 00020 Kernel mode only. 00021 00022 Revision History: 00023 00024 --*/ 00025 00026 #include "ki.h" 00027 #include "ps.h" 00028 #include "..\..\mm\mi.h" 00029 #include <inbv.h> 00030 00031 extern BOOLEAN PsWatchEnabled; 00032 extern VOID ExpInterlockedPopEntrySListResume(); 00033 00034 #if DBG 00035 00036 typedef struct _MMFAULT_HISTORY { 00037 ULONGLONG Iip; 00038 ULONGLONG Ifa; 00039 ULONGLONG Iipa; 00040 ULONGLONG TrapFrame; 00041 } MMFAULT_HISTORY; 00042 00043 ULONG MmHistoryIndx = 0; 00044 00045 MMFAULT_HISTORY MmFaultHistory[8]; 00046 00047 ULONGLONG MmUserInstMemoryFaultCount = 0; 00048 ULONGLONG MmUserDataMemoryFaultCount = 0; 00049 ULONGLONG MmKernInstMemoryFaultCount = 0; 00050 ULONGLONG MmKernDataMemoryFaultCount = 0; 00051 00052 #endif 00053 00054 00055 BOOLEAN 00056 KiMemoryFault ( 00057 IN PKTRAP_FRAME TrapFrame 00058 ) 00059 00060 /*++ 00061 00062 Routine Description: 00063 00064 Arguments: 00065 00066 TrapFrame - Pointer to the trap frame. 00067 00068 Return Value: 00069 00070 None 00071 00072 --*/ 00073 00074 { 00075 PEXCEPTION_RECORD ExceptionRecord; 00076 BOOLEAN StoreInstruction; 00077 PVOID VirtualAddress; 00078 NTSTATUS Status; 00079 00080 // 00081 // Indicate store or not 00082 // 00083 00084 if (TrapFrame->StISR & (1i64 << ISR_W)) { 00085 StoreInstruction = TRUE; 00086 } else { 00087 StoreInstruction = FALSE; 00088 } 00089 00090 VirtualAddress = (PVOID)TrapFrame->StIFA; 00091 00092 if (TrapFrame->StISR & (1i64 << ISR_X)) { 00093 00094 #if _MERCED_A0_ 00095 if ((TrapFrame->StIPSR & (1i64 << PSR_IS)) == 0) { 00096 VirtualAddress = (PVOID)TrapFrame->StIIP; 00097 } 00098 #endif 00099 // 00100 // Indicate execution fault or not 00101 // 00102 00103 StoreInstruction = 2; 00104 } 00105 00106 00107 #if DBG 00108 00109 _disable(); 00110 00111 if (MmHistoryIndx < 8) { 00112 MmFaultHistory[MmHistoryIndx].Iip = TrapFrame->StIIP; 00113 MmFaultHistory[MmHistoryIndx].Ifa = TrapFrame->StIFA; 00114 MmFaultHistory[MmHistoryIndx].Iipa = TrapFrame->StIIPA; 00115 MmFaultHistory[MmHistoryIndx].TrapFrame = (ULONGLONG)TrapFrame; 00116 MmHistoryIndx += 1; 00117 } else if (MmHistoryIndx == 8) { 00118 MmHistoryIndx = 0; 00119 } else { 00120 KeBugCheck(MmHistoryIndx); 00121 } 00122 00123 if (VirtualAddress < MM_SYSTEM_RANGE_START) { 00124 00125 if (StoreInstruction == 2) { 00126 MmUserInstMemoryFaultCount += 1; 00127 } else { 00128 MmUserDataMemoryFaultCount += 1; 00129 } 00130 00131 } else { 00132 00133 if (StoreInstruction == 2) { 00134 MmKernInstMemoryFaultCount += 1; 00135 } else { 00136 MmKernDataMemoryFaultCount += 1; 00137 } 00138 } 00139 00140 _enable(); 00141 00142 #endif 00143 00144 #if defined(_MIALT4K_) 00145 if (((ULONG_PTR)VirtualAddress <= _MAX_WOW64_ADDRESS) && 00146 (PsGetCurrentProcess()->Wow64Process != NULL)) { 00147 00148 Status = MmX86Fault(StoreInstruction, VirtualAddress, 00149 (KPROCESSOR_MODE)TrapFrame->PreviousMode, TrapFrame); 00150 00151 } else 00152 #endif 00153 { 00154 00155 Status = MmAccessFault(StoreInstruction, VirtualAddress, 00156 (KPROCESSOR_MODE)TrapFrame->PreviousMode, TrapFrame); 00157 } 00158 00159 // 00160 // MmAccessFault() returns positive numbers if it is successful; returns 00161 // negative numbers if it fails. 00162 // 00163 // Check if working set watch is enabled. 00164 // 00165 00166 if (Status >= 0) { 00167 00168 if (PsWatchEnabled) { 00169 PsWatchWorkingSet(Status, 00170 (PVOID)TrapFrame->StIIP, 00171 (PVOID)VirtualAddress); 00172 } 00173 00174 // 00175 // Check if debugger has any breakpoints that should be inserted 00176 // 00177 00178 KdSetOwedBreakpoints(); 00179 00180 return FALSE; 00181 00182 } else if (KeInvalidAccessAllowed(TrapFrame)) { 00183 00184 TrapFrame->StIIP = ((PPLABEL_DESCRIPTOR)ExpInterlockedPopEntrySListResume)->EntryPoint; 00185 00186 } else if (TrapFrame->StISR & (1i64 << ISR_SP)) { 00187 00188 // 00189 // Set IPSR.ed bit if it was a fault on a speculative load. 00190 // 00191 00192 TrapFrame->StIPSR |= (1i64 << PSR_ED); 00193 00194 return FALSE; 00195 00196 } 00197 00198 // 00199 // Failure returned from MmAccessFault. 00200 // Initialize Exception record. 00201 // 00202 00203 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00204 ExceptionRecord->ExceptionCode = Status; 00205 ExceptionRecord->ExceptionAddress = 00206 (PVOID)RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00207 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00208 00209 ExceptionRecord->ExceptionFlags = 0; 00210 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00211 00212 ExceptionRecord->NumberParameters = 5; 00213 ExceptionRecord->ExceptionInformation[0] = (ULONG_PTR)StoreInstruction; 00214 ExceptionRecord->ExceptionInformation[1] = (ULONG_PTR)VirtualAddress; 00215 ExceptionRecord->ExceptionInformation[2] = (ULONG_PTR)Status; 00216 ExceptionRecord->ExceptionInformation[3] = (ULONG_PTR)TrapFrame->StIIPA; 00217 ExceptionRecord->ExceptionInformation[4] = (ULONG_PTR)TrapFrame->StISR; 00218 00219 // 00220 // Status = STATUS_IN_PAGE_ERROR | 0x10000000 00221 // is a special status that indicates a page fault at Irql > APC 00222 // 00223 // The following statuses can be forwarded: 00224 // STATUS_ACCESS_VIOLATION 00225 // STATUS_GUARD_PAGE_VIOLATION 00226 // STATUS_STACK_OVERFLOW 00227 // 00228 // All other status will be set to: 00229 // STATUS_IN_PAGE_ERROR 00230 // 00231 00232 switch (Status) { 00233 00234 case STATUS_ACCESS_VIOLATION: 00235 case STATUS_GUARD_PAGE_VIOLATION: 00236 case STATUS_STACK_OVERFLOW: 00237 case STATUS_IN_PAGE_ERROR: 00238 00239 break; 00240 00241 default: 00242 00243 ExceptionRecord->ExceptionCode = STATUS_IN_PAGE_ERROR; 00244 break; 00245 00246 case STATUS_IN_PAGE_ERROR | 0x10000000: 00247 00248 // 00249 // Handle the special case status returned from MmAccessFault, 00250 // we have taken a page fault at Irql > APC_LEVEL. 00251 // 00252 00253 KeBugCheckEx(IRQL_NOT_LESS_OR_EQUAL, 00254 (ULONG_PTR)VirtualAddress, 00255 (ULONG_PTR)KeGetCurrentIrql(), 00256 (ULONG_PTR)StoreInstruction, 00257 (ULONG_PTR)TrapFrame->StIIP); 00258 // 00259 // should not get here 00260 // 00261 00262 break; 00263 } 00264 00265 return TRUE; 00266 } 00267 00268 typedef struct _BREAK_INST { 00269 union { 00270 struct { 00271 ULONGLONG qp: 6; 00272 ULONGLONG imm20: 20; 00273 ULONGLONG x: 1; 00274 ULONGLONG x6: 6; 00275 ULONGLONG x3: 3; 00276 ULONGLONG i: 1; 00277 ULONGLONG Op: 4; 00278 ULONGLONG Rsv: 23; 00279 } i_field; 00280 ULONGLONG Ulong64; 00281 } u; 00282 } BREAK_INST; 00283 00284 00285 ULONG 00286 KiExtractImmediate ( 00287 IN ULONGLONG Iip, 00288 IN ULONG SlotNumber 00289 ) 00290 00291 /*++ 00292 00293 Routine Description: 00294 00295 Extract immediate operand from break instruction. 00296 00297 Arguments: 00298 00299 Iip - Bundle address of instruction 00300 00301 SlotNumber - Slot of break instruction within bundle 00302 00303 Return Value: 00304 00305 Value of immediate operand. 00306 00307 --*/ 00308 00309 { 00310 PULONGLONG BundleAddress; 00311 ULONGLONG BundleLow; 00312 ULONGLONG BundleHigh; 00313 BREAK_INST BreakInst; 00314 ULONG Imm21; 00315 00316 BundleAddress = (PULONGLONG)Iip; 00317 00318 BundleLow = *BundleAddress; 00319 BundleHigh = *(BundleAddress+1); 00320 00321 // 00322 // Align instruction 00323 // 00324 00325 switch (SlotNumber) { 00326 case 0: 00327 BreakInst.u.Ulong64 = BundleLow >> 5; 00328 break; 00329 00330 case 1: 00331 BreakInst.u.Ulong64 = (BundleLow >> 46) | (BundleHigh << 18); 00332 break; 00333 00334 case 2: 00335 BreakInst.u.Ulong64 = (BundleHigh >> 23); 00336 break; 00337 } 00338 00339 // 00340 // Extract immediate value 00341 // 00342 00343 Imm21 = (ULONG)(BreakInst.u.i_field.i<<20) | (ULONG)(BreakInst.u.i_field.imm20); 00344 00345 return Imm21; 00346 } 00347 00348 BOOLEAN 00349 KiOtherBreakException ( 00350 IN PKTRAP_FRAME TrapFrame 00351 ) 00352 00353 /*++ 00354 00355 Routine Description: 00356 00357 Handler for break exception other than the ones for fast and 00358 normal system calls. This includes debug break points. 00359 00360 Arguments: 00361 00362 TrapFrame - Pointer to the trap frame. 00363 00364 Return Value: 00365 00366 NT status code. 00367 00368 --*/ 00369 00370 { 00371 PEXCEPTION_RECORD ExceptionRecord; 00372 ULONG BreakImmediate; 00373 ISR Isr; 00374 00375 BreakImmediate = (ULONG)(TrapFrame->StIIM); 00376 00377 // 00378 // Handle break.b case 00379 // 00380 if (BreakImmediate == 0) { 00381 Isr.ull = TrapFrame->StISR; 00382 BreakImmediate = KiExtractImmediate(TrapFrame->StIIP, 00383 (ULONG)Isr.sb.isr_ei); 00384 TrapFrame->StIIM = BreakImmediate; 00385 } 00386 00387 // 00388 // Initialize exception record 00389 // 00390 00391 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00392 ExceptionRecord->ExceptionAddress = 00393 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00394 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00395 00396 ExceptionRecord->ExceptionFlags = 0; 00397 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00398 00399 ExceptionRecord->NumberParameters = 5; 00400 ExceptionRecord->ExceptionInformation[0] = 0; 00401 ExceptionRecord->ExceptionInformation[1] = 0; 00402 ExceptionRecord->ExceptionInformation[2] = 0; 00403 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00404 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00405 00406 switch (BreakImmediate) { 00407 00408 case KERNEL_BREAKPOINT: 00409 case USER_BREAKPOINT: 00410 case INTEGER_OVERFLOW_BREAKPOINT: 00411 case DIVIDE_OVERFLOW_BREAKPOINT: 00412 case DIVIDE_BY_ZERO_BREAKPOINT: 00413 case RANGE_CHECK_BREAKPOINT: 00414 case STACK_OVERFLOW_BREAKPOINT: 00415 case MULTIPLY_OVERFLOW_BREAKPOINT: 00416 case DEBUG_PRINT_BREAKPOINT: 00417 case DEBUG_PROMPT_BREAKPOINT: 00418 case DEBUG_STOP_BREAKPOINT: 00419 case DEBUG_LOAD_SYMBOLS_BREAKPOINT: 00420 case DEBUG_UNLOAD_SYMBOLS_BREAKPOINT: 00421 case BREAKIN_BREAKPOINT: 00422 ExceptionRecord->ExceptionCode = STATUS_BREAKPOINT; 00423 ExceptionRecord->ExceptionInformation[0] = BreakImmediate; 00424 break; 00425 00426 default: 00427 #if DBG 00428 InbvDisplayString ("KiOtherBreakException: Unknown break code.\n"); 00429 #endif // DBG 00430 ExceptionRecord->ExceptionCode = STATUS_ILLEGAL_INSTRUCTION; 00431 break; 00432 } 00433 00434 return TRUE; 00435 } 00436 00437 BOOLEAN 00438 KiGeneralExceptions ( 00439 IN PKTRAP_FRAME TrapFrame 00440 ) 00441 00442 /*++ 00443 00444 Routine Description: 00445 00446 Handler for general exception faults: attempt to execute an illegal 00447 operation, privileged instruction, access a privileged register, 00448 unimplemented field, unimplemented register, or take an inter-ISA 00449 branch when disabled. 00450 00451 Arguments: 00452 00453 TrapFrame - Pointer to the trap frame. 00454 00455 Return Value: 00456 00457 None. 00458 00459 Notes: 00460 00461 ISR.ei bits indicate which instruction caused the exception. 00462 00463 ISR.code{3:0} Non-access instruction (ISR.na = 1) 00464 = 0 tpa 00465 = 1 fc 00466 = 2 probe 00467 = 3 tak 00468 = 4 lfetch 00469 00470 ISR.code{7:4} = 0: Illegal operation fault: All reported as STATUS_ILLEGAL_INSTRUCTION. 00471 00472 ISR.rs = 0: An attempt to execute an illegal operation: 00473 -- unassigned major opcodes 00474 -- unassigned sub-opcodes 00475 -- reserved instruction fields 00476 -- writing a read-only register 00477 -- accessing a reserved register 00478 00479 ISR.rs = 1: 00480 -- attempt to write outside the current register stack frame 00481 -- INVALRS operation with RCS.en = 1 00482 -- write to BSP with RCS.en = 1 00483 -- write to RNATRC with RCS.en = 1 00484 -- read from RNATRC with RCS.en = 1 00485 00486 ISR.code{7:4} = 1: Privileged operation fault: Reported as STATUS_PRIVILEGED_INSTRUCTION. 00487 ISR.code{7:4} = 2: Privileged register fault: Reported as STATUS_PRIVILEGED_INSTRUCTION. 00488 ISR.code{7:4} = 3: Reserved register fault: Reported as STATUS_ILLEGAL_INSTRUCTION. 00489 ISR.code{7:4} = 4: Illegal ISA transition fault: Reported as STATUS_ILLEGAL_INSTRUCTION. 00490 00491 --*/ 00492 00493 { 00494 BOOLEAN StoreInstruction = FALSE; 00495 ULONG IsrCode; 00496 PEXCEPTION_RECORD ExceptionRecord; 00497 00498 // 00499 // Initialize the exception record 00500 // 00501 00502 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00503 ExceptionRecord->ExceptionAddress = 00504 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00505 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00506 00507 ExceptionRecord->ExceptionFlags = 0; 00508 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00509 00510 ExceptionRecord->NumberParameters = 5; 00511 ExceptionRecord->ExceptionInformation[0] = 0; 00512 ExceptionRecord->ExceptionInformation[1] = 0; 00513 ExceptionRecord->ExceptionInformation[2] = 0; 00514 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00515 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00516 00517 IsrCode = (LONG)((TrapFrame->StISR >> ISR_CODE) & ISR_CODE_MASK); 00518 00519 // 00520 // Look at ISR code bits {7:4} 00521 // 00522 00523 switch (IsrCode >> 4) { 00524 00525 case ISR_PRIV_OP: 00526 case ISR_PRIV_REG: 00527 00528 ExceptionRecord->ExceptionCode = STATUS_PRIVILEGED_INSTRUCTION; 00529 break; 00530 00531 case ISR_RESVD_REG: 00532 00533 // 00534 // Indicate store or not 00535 // 00536 00537 if (TrapFrame->StISR & (1i64 << ISR_W)) { 00538 00539 StoreInstruction = TRUE; 00540 00541 } else if (TrapFrame->StISR & (1i64 << ISR_X)) { 00542 00543 // 00544 // Indicate execution fault or not 00545 // 00546 00547 StoreInstruction = 2; 00548 } 00549 00550 ExceptionRecord->ExceptionCode = STATUS_ACCESS_VIOLATION; 00551 ExceptionRecord->ExceptionInformation[0] = (ULONG_PTR)StoreInstruction; 00552 ExceptionRecord->ExceptionInformation[1] = (ULONG_PTR)TrapFrame->StIFA; 00553 ExceptionRecord->ExceptionInformation[2] = (ULONG_PTR)STATUS_ACCESS_VIOLATION; 00554 break; 00555 00556 case ISR_ILLEGAL_OP: 00557 case ISR_ILLEGAL_ISA: 00558 00559 ExceptionRecord->ExceptionCode = STATUS_ILLEGAL_INSTRUCTION; 00560 break; 00561 00562 case ISR_ILLEGAL_HAZARD: 00563 00564 // 00565 // a new status code will be introduced for hazard faults. 00566 // 00567 00568 ExceptionRecord->ExceptionCode = STATUS_ILLEGAL_INSTRUCTION; 00569 break; 00570 00571 default: 00572 00573 if (TrapFrame->PreviousMode == KernelMode) { 00574 KeBugCheckEx(0xFFFFFFFF, 00575 (ULONG_PTR)TrapFrame->StISR, 00576 (ULONG_PTR)TrapFrame->StIIP, 00577 (ULONG_PTR)TrapFrame, 00578 0 00579 ); 00580 } 00581 00582 break; 00583 } 00584 00585 return TRUE; 00586 } 00587 00588 00589 BOOLEAN 00590 KiNatExceptions ( 00591 IN PKTRAP_FRAME TrapFrame 00592 ) 00593 00594 /*++ 00595 00596 Routine Description: 00597 00598 Handler for NaT consumption exception faults 00599 00600 Arguments: 00601 00602 TrapFrame - Pointer to the trap frame. 00603 00604 Return Value: 00605 00606 None. 00607 00608 Notes: 00609 00610 ISR.ei bits indicate which instruction caused the exception. 00611 00612 ISR.code{3:0} Non-access instruction (ISR.na = 1) 00613 = 0 tpa 00614 = 1 fc 00615 = 2 probe 00616 = 3 tak 00617 = 4 lfetch 00618 00619 ISR.code{7:4} = 1: Register NaT consumption fault 00620 ISR.code{7:4} = 2: NaT page consumption fault 00621 00622 --*/ 00623 00624 { 00625 BOOLEAN StoreInstruction = FALSE; 00626 ULONG IsrCode; 00627 PEXCEPTION_RECORD ExceptionRecord; 00628 00629 // 00630 // Initialize the exception record 00631 // 00632 00633 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00634 ExceptionRecord->ExceptionAddress = 00635 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00636 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00637 00638 ExceptionRecord->ExceptionFlags = 0; 00639 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00640 00641 ExceptionRecord->NumberParameters = 5; 00642 ExceptionRecord->ExceptionInformation[0] = 0; 00643 ExceptionRecord->ExceptionInformation[1] = 0; 00644 ExceptionRecord->ExceptionInformation[2] = 0; 00645 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00646 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00647 00648 IsrCode = (LONG)((TrapFrame->StISR >> ISR_CODE) & ISR_CODE_MASK); 00649 00650 // 00651 // Look at ISR code bits {7:4} 00652 // 00653 00654 switch (IsrCode >> 4) { 00655 00656 case ISR_NAT_REG: 00657 00658 #if 0 00659 if (TrapFrame->PreviousMode == KernelMode) { 00660 00661 DbgPrint("FATAL ERROR: Kernel hit a Nat Consumpation Fault!\n"); 00662 KeBugCheckEx(0xFFFFFFFF, 00663 (ULONG_PTR)TrapFrame->StISR, 00664 (ULONG_PTR)TrapFrame->StIIP, 00665 (ULONG_PTR)TrapFrame, 00666 0 00667 ); 00668 00669 // Do not return from KeBugCheckEx 00670 } 00671 #endif // 0 00672 00673 ExceptionRecord->ExceptionCode = STATUS_REG_NAT_CONSUMPTION; 00674 break; 00675 00676 case ISR_NAT_PAGE: 00677 00678 // 00679 // If we start using a NaT page, we should treat this as a page fault and 00680 // should call KiMemoryFault(). 00681 // 00682 00683 ExceptionRecord->ExceptionCode = STATUS_ACCESS_VIOLATION; 00684 break; 00685 00686 default: 00687 00688 if (TrapFrame->PreviousMode == KernelMode) { 00689 KeBugCheckEx(0xFFFFFFFF, 00690 (ULONG_PTR)TrapFrame->StISR, 00691 (ULONG_PTR)TrapFrame->StIIP, 00692 (ULONG_PTR)TrapFrame, 00693 0 00694 ); 00695 } 00696 00697 break; 00698 } 00699 00700 return TRUE; 00701 } 00702 00703 00704 BOOLEAN 00705 KiSingleStep ( 00706 IN PKTRAP_FRAME TrapFrame 00707 ) 00708 00709 /*++ 00710 00711 Routine Description: 00712 00713 Handler for single step trap. An instruction was successfully 00714 executed and the PSR.ss bit is 1. 00715 00716 Arguments: 00717 00718 TrapFrame - Pointer to the trap frame. 00719 00720 Return Value: 00721 00722 None. 00723 00724 Notes: 00725 00726 ISR.ei bits indicate which instruction caused the exception. 00727 00728 ISR.code{3:0} = 1000 00729 00730 --*/ 00731 00732 { 00733 PEXCEPTION_RECORD ExceptionRecord; 00734 ULONG IpsrRi; 00735 00736 // 00737 // Initialize the exception record 00738 // 00739 00740 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00741 00742 // 00743 // We only want the low order 2 bits so typecast to ULONG 00744 // 00745 IpsrRi = (ULONG)(TrapFrame->StIPSR >> PSR_RI) & 0x3; 00746 00747 ExceptionRecord->ExceptionAddress = 00748 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, IpsrRi); 00749 00750 ExceptionRecord->ExceptionFlags = 0; 00751 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00752 00753 ExceptionRecord->NumberParameters = 5; 00754 ExceptionRecord->ExceptionInformation[0] = 0; 00755 ExceptionRecord->ExceptionInformation[1] = 0; // 0 for traps 00756 ExceptionRecord->ExceptionInformation[2] = 0; 00757 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00758 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00759 00760 ExceptionRecord->ExceptionCode = STATUS_SINGLE_STEP; 00761 00762 return TRUE; 00763 } 00764 00765 BOOLEAN 00766 KiFloatFault ( 00767 IN PKTRAP_FRAME TrapFrame 00768 ) 00769 00770 /*++ 00771 00772 Routine Description: 00773 00774 Handler for EM floating point fault. 00775 00776 Arguments: 00777 00778 TrapFrame - Pointer to the trap frame. 00779 00780 Return Value: 00781 00782 None. 00783 00784 Notes: 00785 00786 IIP contains address of bundle causing the fault. 00787 00788 ISR.ei bits indicate which instruction caused the exception. 00789 00790 ISR.code{7:0} = 00791 00792 ISR.code{0} = 1: IEEE V (invalid) exception (Normal or SIMD-HI) 00793 ISR.code{1} = 1: Denormal/Unnormal operand exception (Normal or SIMD-HI) 00794 ISR.code{2} = 1: IEEE Z (divide by zero) exception (Normal or SIMD-HI) 00795 ISR.code{3} = 1: Software assist (Normal or SIMD-HI) 00796 ISR.code{4} = 1: IEEE V (invalid) exception (SIMD-LO) 00797 ISR.code{5} = 1: Denormal/Unnormal operand exception (SIMD-LO) 00798 ISR.code{6} = 1: IEEE Z (divide by zero) exception (SIMD-LO) 00799 ISR.code{7} = 1: Software assist (SIMD-LO) 00800 00801 --*/ 00802 00803 { 00804 PEXCEPTION_RECORD ExceptionRecord; 00805 00806 // 00807 // Initialize the exception record 00808 // 00809 00810 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00811 ExceptionRecord->ExceptionAddress = 00812 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00813 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00814 00815 ExceptionRecord->ExceptionFlags = 0; 00816 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00817 00818 ExceptionRecord->NumberParameters = 5; 00819 ExceptionRecord->ExceptionInformation[0] = 0; 00820 ExceptionRecord->ExceptionInformation[1] = 0; 00821 ExceptionRecord->ExceptionInformation[2] = 0; 00822 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00823 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00824 00825 ExceptionRecord->ExceptionCode = STATUS_FLOAT_MULTIPLE_FAULTS; 00826 00827 return TRUE; 00828 } 00829 00830 BOOLEAN 00831 KiFloatTrap ( 00832 IN PKTRAP_FRAME TrapFrame 00833 ) 00834 00835 /*++ 00836 00837 Routine Description: 00838 00839 Handler for EM floating point trap. 00840 00841 Arguments: 00842 00843 TrapFrame - Pointer to the trap frame. 00844 00845 Return Value: 00846 00847 None. 00848 00849 Notes: 00850 00851 IIP contains address of bundle with the instruction to be 00852 executed next. 00853 00854 ISR.ei bits indicate which instruction caused the exception. 00855 00856 The fp trap may occur simultaneously with single-step traps. The 00857 fp trap is reported by the hardware. The singel step trap must 00858 be detected by software. 00859 00860 ISR.code{3:0} = ss 0 0 1 (ss = single step) 00861 00862 ISR{15:7} = fp trap code. 00863 00864 --*/ 00865 00866 { 00867 PEXCEPTION_RECORD ExceptionRecord; 00868 ULONGLONG SavedISR = TrapFrame->StISR; 00869 00870 // 00871 // Initialize the exception record 00872 // 00873 00874 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 00875 ExceptionRecord->ExceptionAddress = 00876 (PVOID) RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 00877 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 00878 00879 ExceptionRecord->ExceptionFlags = 0; 00880 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 00881 00882 ExceptionRecord->NumberParameters = 5; 00883 ExceptionRecord->ExceptionInformation[0] = 0; 00884 ExceptionRecord->ExceptionInformation[1] = 0; 00885 ExceptionRecord->ExceptionInformation[2] = 0; 00886 ExceptionRecord->ExceptionInformation[3] = TrapFrame->StIIPA; 00887 ExceptionRecord->ExceptionInformation[4] = TrapFrame->StISR; 00888 00889 ExceptionRecord->ExceptionCode = STATUS_FLOAT_MULTIPLE_TRAPS; 00890 00891 // 00892 // check for single-step trap 00893 // 00894 00895 if (SavedISR & (1i64 << ISR_SS_TRAP)) { 00896 return KiSingleStep(TrapFrame); 00897 } 00898 00899 return TRUE; 00900 } 00901 00902 00903 #pragma warning( disable : 4715 ) // not all control paths return a value 00904 00905 EXCEPTION_DISPOSITION 00906 KiSystemServiceHandler ( 00907 IN PEXCEPTION_RECORD ExceptionRecord, 00908 IN FRAME_POINTERS EstablisherFrame, 00909 IN OUT PCONTEXT ContextRecord, 00910 IN OUT PDISPATCHER_CONTEXT DispatcherContext 00911 ) 00912 00913 /*++ 00914 00915 Routine Description: 00916 00917 Control reaches here when a exception is raised in a system service 00918 or the system service dispatcher, and for an unwind during a kernel 00919 exception. 00920 00921 If an unwind is being performed and the system service dispatcher is 00922 the target of the unwind, then an exception occured while attempting 00923 to copy the user's in-memory argument list. Control is transfered to 00924 the system service exit by return a continue execution disposition 00925 value. 00926 00927 If an unwind is being performed and the previous mode is user, then 00928 bug check is called to crash the system. It is not valid to unwind 00929 out of a system service into user mode. 00930 00931 If an unwind is being performed, the previous mode is kernel, the 00932 system service dispatcher is not the target of the unwind, and the 00933 thread does not own any mutexes, then the previous mode field from 00934 the trap frame is restored to the thread object. Otherwise, bug 00935 check is called to crash the system. It is invalid to unwind out of 00936 a system service while owning a mutex. 00937 00938 If an exception is being raised and the exception PC is within the 00939 range of the system service dispatcher in-memory argument copy code, 00940 then an unwind to the system service exit code is initiated. 00941 00942 If an exception is being raised and the exception PC is not within 00943 the range of the system service dispatcher, and the previous mode is 00944 not user, then a continue searh disposition value is returned. Otherwise, 00945 a system service has failed to handle an exception and bug check is 00946 called. It is invalid for a system service not to handle all exceptions 00947 that can be raised in the service. 00948 00949 Arguments: 00950 00951 ExceptionRecord - Supplies a pointer to an exception record. 00952 00953 EstablisherFrame - Supplies the frame pointer of the establisher 00954 of this exception handler. 00955 00956 N.B. This is not actually the frame pointer of the establisher of 00957 this handler. It is actually the stack pointer of the caller 00958 of the system service. Therefore, the establisher frame pointer 00959 is not used and the address of the trap frame is determined by 00960 examining the saved s8 register in the context record. 00961 00962 ContextRecord - Supplies a pointer to a context record. 00963 00964 DispatcherContext - Supplies a pointer to the dispatcher context 00965 record. 00966 00967 Return Value: 00968 00969 If bug check is called, there is no return from this routine and the 00970 system is crashed. If an exception occured while attempting to copy 00971 the user in-memory argument list, then there is no return from this 00972 routine, and unwind is called. Otherwise, ExceptionContinueSearch is 00973 returned as the function value. 00974 00975 --*/ 00976 { 00977 CONTEXT Context; 00978 PKTHREAD Thread; 00979 PKTRAP_FRAME TrapFrame; 00980 ULONG_PTR ExceptionAddress; 00981 00982 extern ULONG KiSystemServiceStartOffset; 00983 extern ULONG KiSystemServiceEndOffset; 00984 extern ULONG KiSystemServiceExitOffset; 00985 00986 if (IS_UNWINDING(ExceptionRecord->ExceptionFlags)) { 00987 00988 // 00989 // An unwind is in progress. 00990 // If a target unwind is being performed, then continue execution 00991 // is returned to transfer control to the system service exit 00992 // code. Otherwise, restore the previous mode if the previous 00993 // mode is not user and there is no mutex owned by the current 00994 // thread. 00995 // 00996 00997 if (ExceptionRecord->ExceptionFlags & EXCEPTION_TARGET_UNWIND) { 00998 return ExceptionContinueSearch; 00999 } else { 01000 01001 Thread = KeGetCurrentThread(); 01002 if (Thread->PreviousMode == KernelMode) { 01003 01004 // 01005 // Previous mode is kernel and no mutex owned. 01006 // 01007 // N.B. System convention: unwinder puts the trap frame 01008 // address in IntT0 field of 01009 // context record when it 01010 // encounters an interrupt region. 01011 // 01012 01013 TrapFrame = (PKTRAP_FRAME) ContextRecord->IntT0; 01014 Thread->PreviousMode = (KPROCESSOR_MODE)TrapFrame->PreviousMode; 01015 return ExceptionContinueSearch; 01016 01017 } else { 01018 01019 // 01020 // Previous mode is user, call bug check. 01021 // 01022 01023 KeBugCheck(SYSTEM_UNWIND_PREVIOUS_USER); 01024 } 01025 } 01026 } else { 01027 01028 ULONG IsrCode; 01029 01030 // 01031 // An exception dispatching is in progress. 01032 // If the exception PC is within the in-memory argument copy code 01033 // of the system service dispatcher, then call unwind to transfer 01034 // control to the system service exit code. Otherwise, check if 01035 // the previous mode is user or kernel mode. 01036 // 01037 01038 ExceptionAddress = (ULONG_PTR)ExceptionRecord->ExceptionAddress; 01039 if ((ExceptionAddress < MM_EPC_VA+KiSystemServiceStartOffset) || 01040 (ExceptionAddress >= MM_EPC_VA+KiSystemServiceEndOffset)) 01041 { 01042 if (KeGetCurrentThread()->PreviousMode == UserMode) { 01043 01044 // 01045 // Previous mode is user, call bug check. 01046 // 01047 01048 KeBugCheck(SYSTEM_SERVICE_EXCEPTION); 01049 01050 } else { 01051 01052 // 01053 // Previous mode is kernel, continue to search 01054 // 01055 01056 return ExceptionContinueSearch; 01057 } 01058 } else { 01059 IsrCode = (ULONG)((ExceptionRecord->ExceptionInformation[4] >> ISR_CODE) & ISR_CODE_MASK) >> 4; 01060 if ( (IsrCode == ISR_NAT_REG) || (IsrCode == ISR_NAT_PAGE) ) { 01061 DbgPrint("WARNING: Kernel hit a Nat Consumpation Fault\n"); 01062 DbgPrint("WARNING: At %p\n", ExceptionRecord->ExceptionAddress); 01063 } 01064 #pragma warning( disable : 4312 ) // disabling warning on PVOID casting for the ExceptionCode 01065 RtlUnwind2(EstablisherFrame, 01066 (PVOID)(MM_EPC_VA+KiSystemServiceExitOffset), 01067 NULL, (PVOID)ExceptionRecord->ExceptionCode, &Context); 01068 #pragma warning ( default: 4312 ) 01069 } 01070 } 01071 01072 01073 } // KiSystemServiceHandler( ) 01074 01075 #pragma warning( default : 4715 ) 01076 01077 01078 BOOLEAN 01079 KiUnalignedFault ( 01080 IN PKTRAP_FRAME TrapFrame 01081 ) 01082 /*++ 01083 01084 Routine Description: 01085 01086 Handler for unaligned data reference. 01087 01088 Arguments: 01089 01090 TrapFrame - Pointer to the trap frame. 01091 01092 Return Value: 01093 01094 None. 01095 01096 Notes: 01097 01098 ISR.ei bits indicate which instruction caused the exception. 01099 01100 --*/ 01101 01102 { 01103 PEXCEPTION_RECORD ExceptionRecord; 01104 PVOID VirtualAddress; 01105 01106 VirtualAddress = (PVOID)TrapFrame->StIFA; 01107 01108 ExceptionRecord = (PEXCEPTION_RECORD)&TrapFrame->ExceptionRecord; 01109 ExceptionRecord->ExceptionAddress = 01110 (PVOID)RtlIa64InsertIPSlotNumber(TrapFrame->StIIP, 01111 ((TrapFrame->StISR & ISR_EI_MASK) >> ISR_EI)); 01112 01113 ExceptionRecord->ExceptionFlags = 0; 01114 ExceptionRecord->ExceptionRecord = (PEXCEPTION_RECORD)NULL; 01115 01116 ExceptionRecord->NumberParameters = 5; 01117 ExceptionRecord->ExceptionInformation[0] = (ULONG_PTR)0; 01118 ExceptionRecord->ExceptionInformation[1] = (ULONG_PTR)VirtualAddress; 01119 ExceptionRecord->ExceptionInformation[2] = (ULONG_PTR)0; 01120 ExceptionRecord->ExceptionInformation[3] = (ULONG_PTR)TrapFrame->StIIPA; 01121 ExceptionRecord->ExceptionInformation[4] = (ULONG_PTR)TrapFrame->StISR; 01122 01123 ExceptionRecord->ExceptionCode = STATUS_DATATYPE_MISALIGNMENT; 01124 01125 return TRUE; 01126 } 01127 01128 01129 VOID 01130 KiAdvanceInstPointer( 01131 IN PKTRAP_FRAME TrapFrame 01132 ) 01133 01134 /*++ 01135 01136 Routine Description: 01137 01138 This function is called to advance the instruction pointer in the trap frame. 01139 01140 Arguments: 01141 01142 TrapFrame - Supplies a pointer to a trap frame. 01143 01144 Return Value: 01145 01146 The intruction pointer in the trap frame has been advanced. 01147 01148 --*/ 01149 01150 { 01151 01152 ULONGLONG PsrRi; 01153 01154 PsrRi = ((TrapFrame->StIPSR >> PSR_RI) & 3i64) + 1; 01155 01156 if (PsrRi == 3) { 01157 01158 PsrRi = 0; 01159 TrapFrame->StIIP += 16; 01160 01161 } 01162 01163 TrapFrame->StIPSR &= ~(3i64 << PSR_RI); 01164 TrapFrame->StIPSR |= (PsrRi << PSR_RI); 01165 01166 return; 01167 } 01168 01169 #if _MERCED_A0_ 01170 01171 typedef struct _CHECK_INST { 01172 union { 01173 struct { 01174 ULONGLONG qp: 6; 01175 ULONGLONG imm7: 7; 01176 ULONGLONG r2: 7; 01177 ULONGLONG imm13:13; 01178 ULONGLONG x3: 3; 01179 ULONGLONG s: 1; 01180 ULONGLONG Op: 4; 01181 ULONGLONG Rsv: 23; 01182 } i; 01183 ULONGLONG Ulong64; 01184 } u; 01185 } CHECK_INST; 01186 01187 BOOLEAN 01188 KiEmulateSpeculationFault( 01189 IN PKTRAP_FRAME TrapFrame 01190 ) 01191 { 01192 PULONGLONG BundleAddress; 01193 ULONGLONG BundleLow; 01194 ULONGLONG BundleHigh; 01195 ULONG SlotNumber; 01196 CHECK_INST CheckInst; 01197 ISR Isr; 01198 ULONGLONG Imm24; 01199 01200 BundleAddress = (PULONGLONG)TrapFrame->StIIP; 01201 01202 BundleLow = *BundleAddress; 01203 BundleHigh = *(BundleAddress+1); 01204 01205 Isr.ull = TrapFrame->StISR; 01206 SlotNumber = (ULONG)Isr.sb.isr_ei; 01207 01208 // 01209 // Align instruction 01210 // 01211 01212 switch (SlotNumber) { 01213 case 0: 01214 CheckInst.u.Ulong64 = BundleLow >> 5; 01215 break; 01216 01217 case 1: 01218 CheckInst.u.Ulong64 = (BundleLow >> 46) | (BundleHigh << 18); 01219 break; 01220 01221 case 2: 01222 CheckInst.u.Ulong64 = (BundleHigh >> 23); 01223 break; 01224 } 01225 01226 // 01227 // Extract immediate value 01228 // 01229 01230 Imm24 = ((CheckInst.u.i.imm13 << 7)|(CheckInst.u.i.imm7)) << 4; 01231 01232 if (CheckInst.u.i.s == 1) { 01233 01234 Imm24 = 0xFFFFFFFFFF000000|Imm24; 01235 01236 } 01237 01238 TrapFrame->StIIP += Imm24; 01239 01240 TrapFrame->StIPSR &= ~(3i64 << PSR_RI); 01241 01242 return FALSE; 01243 } 01244 #endif