2 * linux/arch/parisc/traps.c
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 * Copyright (C) 1999, 2000 Philipp Rumpf <prumpf@tux.org>
9 * 'Traps.c' handles hardware traps and faults after we have saved some
13 #include <linux/sched.h>
14 #include <linux/kernel.h>
15 #include <linux/string.h>
16 #include <linux/errno.h>
17 #include <linux/ptrace.h>
18 #include <linux/timer.h>
19 #include <linux/delay.h>
21 #include <linux/module.h>
22 #include <linux/smp.h>
23 #include <linux/spinlock.h>
24 #include <linux/init.h>
25 #include <linux/interrupt.h>
26 #include <linux/console.h>
27 #include <linux/bug.h>
29 #include <asm/assembly.h>
30 #include <asm/uaccess.h>
33 #include <asm/traps.h>
34 #include <asm/unaligned.h>
35 #include <linux/atomic.h>
38 #include <asm/pdc_chassis.h>
39 #include <asm/unwind.h>
40 #include <asm/tlbflush.h>
41 #include <asm/cacheflush.h>
43 #include "../math-emu/math-emu.h" /* for handle_fpe() */
45 #define PRINT_USER_FAULTS /* (turn this on if you want user faults to be */
46 /* dumped to the console via printk) */
48 #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)
49 DEFINE_SPINLOCK(pa_dbit_lock
);
52 static void parisc_show_stack(struct task_struct
*task
, unsigned long *sp
,
53 struct pt_regs
*regs
);
55 static int printbinary(char *buf
, unsigned long x
, int nbits
)
57 unsigned long mask
= 1UL << (nbits
- 1);
59 *buf
++ = (mask
& x
? '1' : '0');
72 #define FFMT "%016llx" /* fpregs are 64-bit always */
74 #define PRINTREGS(lvl,r,f,fmt,x) \
75 printk("%s%s%02d-%02d " fmt " " fmt " " fmt " " fmt "\n", \
76 lvl, f, (x), (x+3), (r)[(x)+0], (r)[(x)+1], \
77 (r)[(x)+2], (r)[(x)+3])
79 static void print_gr(char *level
, struct pt_regs
*regs
)
84 printk("%s\n", level
);
85 printk("%s YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n", level
);
86 printbinary(buf
, regs
->gr
[0], 32);
87 printk("%sPSW: %s %s\n", level
, buf
, print_tainted());
89 for (i
= 0; i
< 32; i
+= 4)
90 PRINTREGS(level
, regs
->gr
, "r", RFMT
, i
);
93 static void print_fr(char *level
, struct pt_regs
*regs
)
97 struct { u32 sw
[2]; } s
;
99 /* FR are 64bit everywhere. Need to use asm to get the content
100 * of fpsr/fper1, and we assume that we won't have a FP Identify
101 * in our way, otherwise we're screwed.
102 * The fldd is used to restore the T-bit if there was one, as the
103 * store clears it anyway.
104 * PA2.0 book says "thou shall not use fstw on FPSR/FPERs" - T-Bone */
105 asm volatile ("fstd %%fr0,0(%1) \n\t"
106 "fldd 0(%1),%%fr0 \n\t"
107 : "=m" (s
) : "r" (&s
) : "r0");
109 printk("%s\n", level
);
110 printk("%s VZOUICununcqcqcqcqcqcrmunTDVZOUI\n", level
);
111 printbinary(buf
, s
.sw
[0], 32);
112 printk("%sFPSR: %s\n", level
, buf
);
113 printk("%sFPER1: %08x\n", level
, s
.sw
[1]);
115 /* here we'll print fr0 again, tho it'll be meaningless */
116 for (i
= 0; i
< 32; i
+= 4)
117 PRINTREGS(level
, regs
->fr
, "fr", FFMT
, i
);
120 void show_regs(struct pt_regs
*regs
)
124 unsigned long cr30
, cr31
;
126 user
= user_mode(regs
);
127 level
= user
? KERN_DEBUG
: KERN_CRIT
;
129 print_gr(level
, regs
);
131 for (i
= 0; i
< 8; i
+= 4)
132 PRINTREGS(level
, regs
->sr
, "sr", RFMT
, i
);
135 print_fr(level
, regs
);
139 printk("%s\n", level
);
140 printk("%sIASQ: " RFMT
" " RFMT
" IAOQ: " RFMT
" " RFMT
"\n",
141 level
, regs
->iasq
[0], regs
->iasq
[1], regs
->iaoq
[0], regs
->iaoq
[1]);
142 printk("%s IIR: %08lx ISR: " RFMT
" IOR: " RFMT
"\n",
143 level
, regs
->iir
, regs
->isr
, regs
->ior
);
144 printk("%s CPU: %8d CR30: " RFMT
" CR31: " RFMT
"\n",
145 level
, current_thread_info()->cpu
, cr30
, cr31
);
146 printk("%s ORIG_R28: " RFMT
"\n", level
, regs
->orig_r28
);
149 printk("%s IAOQ[0]: " RFMT
"\n", level
, regs
->iaoq
[0]);
150 printk("%s IAOQ[1]: " RFMT
"\n", level
, regs
->iaoq
[1]);
151 printk("%s RP(r2): " RFMT
"\n", level
, regs
->gr
[2]);
153 printk("%s IAOQ[0]: %pS\n", level
, (void *) regs
->iaoq
[0]);
154 printk("%s IAOQ[1]: %pS\n", level
, (void *) regs
->iaoq
[1]);
155 printk("%s RP(r2): %pS\n", level
, (void *) regs
->gr
[2]);
157 parisc_show_stack(current
, NULL
, regs
);
161 static void do_show_stack(struct unwind_frame_info
*info
)
165 printk(KERN_CRIT
"Backtrace:\n");
167 if (unwind_once(info
) < 0 || info
->ip
== 0)
170 if (__kernel_text_address(info
->ip
)) {
171 printk(KERN_CRIT
" [<" RFMT
">] %pS\n",
172 info
->ip
, (void *) info
->ip
);
176 printk(KERN_CRIT
"\n");
179 static void parisc_show_stack(struct task_struct
*task
, unsigned long *sp
,
180 struct pt_regs
*regs
)
182 struct unwind_frame_info info
;
183 struct task_struct
*t
;
185 t
= task
? task
: current
;
187 unwind_frame_init(&info
, t
, regs
);
195 asm volatile ("copy %%r30, %0" : "=r"(sp
));
199 memset(&r
, 0, sizeof(struct pt_regs
));
200 r
.iaoq
[0] = (unsigned long)&&HERE
;
201 r
.gr
[2] = (unsigned long)__builtin_return_address(0);
204 unwind_frame_init(&info
, current
, &r
);
207 unwind_frame_init_from_blocked_task(&info
, t
);
211 do_show_stack(&info
);
214 void show_stack(struct task_struct
*t
, unsigned long *sp
)
216 return parisc_show_stack(t
, sp
, NULL
);
219 int is_valid_bugaddr(unsigned long iaoq
)
224 void die_if_kernel(char *str
, struct pt_regs
*regs
, long err
)
226 if (user_mode(regs
)) {
230 printk(KERN_CRIT
"%s (pid %d): %s (code %ld) at " RFMT
"\n",
231 current
->comm
, task_pid_nr(current
), str
, err
, regs
->iaoq
[0]);
232 #ifdef PRINT_USER_FAULTS
233 /* XXX for debugging only */
239 oops_in_progress
= 1;
243 /* Amuse the user in a SPARC fashion */
244 if (err
) printk(KERN_CRIT
245 " _______________________________ \n"
246 " < Your System ate a SPARC! Gah! >\n"
247 " ------------------------------- \n"
253 /* unlock the pdc lock if necessary */
254 pdc_emergency_unlock();
256 /* maybe the kernel hasn't booted very far yet and hasn't been able
257 * to initialize the serial or STI console. In that case we should
258 * re-enable the pdc console, so that the user will be able to
259 * identify the problem. */
260 if (!console_drivers
)
261 pdc_console_restart();
264 printk(KERN_CRIT
"%s (pid %d): %s (code %ld)\n",
265 current
->comm
, task_pid_nr(current
), str
, err
);
267 /* Wot's wrong wif bein' racy? */
268 if (current
->thread
.flags
& PARISC_KERNEL_DEATH
) {
269 printk(KERN_CRIT
"%s() recursion detected.\n", __func__
);
273 current
->thread
.flags
|= PARISC_KERNEL_DEATH
;
277 add_taint(TAINT_DIE
, LOCKDEP_NOW_UNRELIABLE
);
280 panic("Fatal exception in interrupt");
283 printk(KERN_EMERG
"Fatal exception: panic in 5 seconds\n");
285 panic("Fatal exception");
292 int syscall_ipi(int (*syscall
) (struct pt_regs
*), struct pt_regs
*regs
)
294 return syscall(regs
);
297 /* gdb uses break 4,8 */
298 #define GDB_BREAK_INSN 0x10004
299 static void handle_gdb_break(struct pt_regs
*regs
, int wot
)
303 si
.si_signo
= SIGTRAP
;
306 si
.si_addr
= (void __user
*) (regs
->iaoq
[0] & ~3);
307 force_sig_info(SIGTRAP
, &si
, current
);
310 static void handle_break(struct pt_regs
*regs
)
312 unsigned iir
= regs
->iir
;
314 if (unlikely(iir
== PARISC_BUG_BREAK_INSN
&& !user_mode(regs
))) {
315 /* check if a BUG() or WARN() trapped here. */
316 enum bug_trap_type tt
;
317 tt
= report_bug(regs
->iaoq
[0] & ~3, regs
);
318 if (tt
== BUG_TRAP_TYPE_WARN
) {
321 return; /* return to next instruction when WARN_ON(). */
323 die_if_kernel("Unknown kernel breakpoint", regs
,
324 (tt
== BUG_TRAP_TYPE_NONE
) ? 9 : 0);
327 #ifdef PRINT_USER_FAULTS
328 if (unlikely(iir
!= GDB_BREAK_INSN
)) {
329 printk(KERN_DEBUG
"break %d,%d: pid=%d command='%s'\n",
330 iir
& 31, (iir
>>13) & ((1<<13)-1),
331 task_pid_nr(current
), current
->comm
);
336 /* send standard GDB signal */
337 handle_gdb_break(regs
, TRAP_BRKPT
);
340 static void default_trap(int code
, struct pt_regs
*regs
)
342 printk(KERN_ERR
"Trap %d on CPU %d\n", code
, smp_processor_id());
346 void (*cpu_lpmc
) (int code
, struct pt_regs
*regs
) __read_mostly
= default_trap
;
349 void transfer_pim_to_trap_frame(struct pt_regs
*regs
)
352 extern unsigned int hpmc_pim_data
[];
353 struct pdc_hpmc_pim_11
*pim_narrow
;
354 struct pdc_hpmc_pim_20
*pim_wide
;
356 if (boot_cpu_data
.cpu_type
>= pcxu
) {
358 pim_wide
= (struct pdc_hpmc_pim_20
*)hpmc_pim_data
;
361 * Note: The following code will probably generate a
362 * bunch of truncation error warnings from the compiler.
363 * Could be handled with an ifdef, but perhaps there
367 regs
->gr
[0] = pim_wide
->cr
[22];
369 for (i
= 1; i
< 32; i
++)
370 regs
->gr
[i
] = pim_wide
->gr
[i
];
372 for (i
= 0; i
< 32; i
++)
373 regs
->fr
[i
] = pim_wide
->fr
[i
];
375 for (i
= 0; i
< 8; i
++)
376 regs
->sr
[i
] = pim_wide
->sr
[i
];
378 regs
->iasq
[0] = pim_wide
->cr
[17];
379 regs
->iasq
[1] = pim_wide
->iasq_back
;
380 regs
->iaoq
[0] = pim_wide
->cr
[18];
381 regs
->iaoq
[1] = pim_wide
->iaoq_back
;
383 regs
->sar
= pim_wide
->cr
[11];
384 regs
->iir
= pim_wide
->cr
[19];
385 regs
->isr
= pim_wide
->cr
[20];
386 regs
->ior
= pim_wide
->cr
[21];
389 pim_narrow
= (struct pdc_hpmc_pim_11
*)hpmc_pim_data
;
391 regs
->gr
[0] = pim_narrow
->cr
[22];
393 for (i
= 1; i
< 32; i
++)
394 regs
->gr
[i
] = pim_narrow
->gr
[i
];
396 for (i
= 0; i
< 32; i
++)
397 regs
->fr
[i
] = pim_narrow
->fr
[i
];
399 for (i
= 0; i
< 8; i
++)
400 regs
->sr
[i
] = pim_narrow
->sr
[i
];
402 regs
->iasq
[0] = pim_narrow
->cr
[17];
403 regs
->iasq
[1] = pim_narrow
->iasq_back
;
404 regs
->iaoq
[0] = pim_narrow
->cr
[18];
405 regs
->iaoq
[1] = pim_narrow
->iaoq_back
;
407 regs
->sar
= pim_narrow
->cr
[11];
408 regs
->iir
= pim_narrow
->cr
[19];
409 regs
->isr
= pim_narrow
->cr
[20];
410 regs
->ior
= pim_narrow
->cr
[21];
414 * The following fields only have meaning if we came through
415 * another path. So just zero them here.
425 * This routine is called as a last resort when everything else
426 * has gone clearly wrong. We get called for faults in kernel space,
429 void parisc_terminate(char *msg
, struct pt_regs
*regs
, int code
, unsigned long offset
)
431 static DEFINE_SPINLOCK(terminate_lock
);
433 oops_in_progress
= 1;
437 spin_lock(&terminate_lock
);
439 /* unlock the pdc lock if necessary */
440 pdc_emergency_unlock();
442 /* restart pdc console if necessary */
443 if (!console_drivers
)
444 pdc_console_restart();
446 /* Not all paths will gutter the processor... */
450 transfer_pim_to_trap_frame(regs
);
460 /* show_stack(NULL, (unsigned long *)regs->gr[30]); */
461 struct unwind_frame_info info
;
462 unwind_frame_init(&info
, current
, regs
);
463 do_show_stack(&info
);
467 printk(KERN_CRIT
"%s: Code=%d regs=%p (Addr=" RFMT
")\n",
468 msg
, code
, regs
, offset
);
471 spin_unlock(&terminate_lock
);
473 /* put soft power button back under hardware control;
474 * if the user had pressed it once at any time, the
475 * system will shut down immediately right here. */
476 pdc_soft_power_button(0);
478 /* Call kernel panic() so reboot timeouts work properly
479 * FIXME: This function should be on the list of
480 * panic notifiers, and we should call panic
481 * directly from the location that we wish.
482 * e.g. We should not call panic from
483 * parisc_terminate, but rather the oter way around.
484 * This hack works, prints the panic message twice,
485 * and it enables reboot timers!
490 void notrace
handle_interruption(int code
, struct pt_regs
*regs
)
492 unsigned long fault_address
= 0;
493 unsigned long fault_space
= 0;
497 pdc_console_restart(); /* switch back to pdc if HPMC */
502 * If the priority level is still user, and the
503 * faulting space is not equal to the active space
504 * then the user is attempting something in a space
505 * that does not belong to them. Kill the process.
507 * This is normally the situation when the user
508 * attempts to jump into the kernel space at the
509 * wrong offset, be it at the gateway page or a
512 * We cannot normally signal the process because it
513 * could *be* on the gateway page, and processes
514 * executing on the gateway page can't have signals
517 * We merely readjust the address into the users
518 * space, at a destination address of zero, and
519 * allow processing to continue.
521 if (((unsigned long)regs
->iaoq
[0] & 3) &&
522 ((unsigned long)regs
->iasq
[0] != (unsigned long)regs
->sr
[7])) {
523 /* Kill the user process later */
524 regs
->iaoq
[0] = 0 | 3;
525 regs
->iaoq
[1] = regs
->iaoq
[0] + 4;
526 regs
->iasq
[0] = regs
->iasq
[1] = regs
->sr
[7];
527 regs
->gr
[0] &= ~PSW_B
;
532 printk(KERN_CRIT
"Interruption # %d\n", code
);
538 /* High-priority machine check (HPMC) */
540 /* set up a new led state on systems shipped with a LED State panel */
541 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_HPMC
);
543 parisc_terminate("High Priority Machine Check (HPMC)",
548 /* Power failure interrupt */
549 printk(KERN_CRIT
"Power failure interrupt !\n");
553 /* Recovery counter trap */
554 regs
->gr
[0] &= ~PSW_R
;
555 if (user_space(regs
))
556 handle_gdb_break(regs
, TRAP_TRACE
);
557 /* else this must be the start of a syscall - just let it run */
561 /* Low-priority machine check */
562 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_LPMC
);
570 /* Instruction TLB miss fault/Instruction page fault */
571 fault_address
= regs
->iaoq
[0];
572 fault_space
= regs
->iasq
[0];
576 /* Illegal instruction trap */
577 die_if_kernel("Illegal instruction", regs
, code
);
578 si
.si_code
= ILL_ILLOPC
;
582 /* Break instruction trap */
587 /* Privileged operation trap */
588 die_if_kernel("Privileged operation", regs
, code
);
589 si
.si_code
= ILL_PRVOPC
;
593 /* Privileged register trap */
594 if ((regs
->iir
& 0xffdfffe0) == 0x034008a0) {
596 /* This is a MFCTL cr26/cr27 to gr instruction.
597 * PCXS traps on this, so we need to emulate it.
600 if (regs
->iir
& 0x00200000)
601 regs
->gr
[regs
->iir
& 0x1f] = mfctl(27);
603 regs
->gr
[regs
->iir
& 0x1f] = mfctl(26);
605 regs
->iaoq
[0] = regs
->iaoq
[1];
607 regs
->iasq
[0] = regs
->iasq
[1];
611 die_if_kernel("Privileged register usage", regs
, code
);
612 si
.si_code
= ILL_PRVREG
;
614 si
.si_signo
= SIGILL
;
616 si
.si_addr
= (void __user
*) regs
->iaoq
[0];
617 force_sig_info(SIGILL
, &si
, current
);
621 /* Overflow Trap, let the userland signal handler do the cleanup */
622 si
.si_signo
= SIGFPE
;
623 si
.si_code
= FPE_INTOVF
;
624 si
.si_addr
= (void __user
*) regs
->iaoq
[0];
625 force_sig_info(SIGFPE
, &si
, current
);
630 The condition succeeds in an instruction which traps
633 si
.si_signo
= SIGFPE
;
634 /* Set to zero, and let the userspace app figure it out from
635 the insn pointed to by si_addr */
637 si
.si_addr
= (void __user
*) regs
->iaoq
[0];
638 force_sig_info(SIGFPE
, &si
, current
);
641 /* The kernel doesn't want to handle condition codes */
645 /* Assist Exception Trap, i.e. floating point exception. */
646 die_if_kernel("Floating point exception", regs
, 0); /* quiet */
651 /* Data TLB miss fault/Data page fault */
654 /* Non-access instruction TLB miss fault */
655 /* The instruction TLB entry needed for the target address of the FIC
656 is absent, and hardware can't find it, so we get to cleanup */
659 /* Non-access data TLB miss fault/Non-access data page fault */
661 Still need to add slow path emulation code here!
662 If the insn used a non-shadow register, then the tlb
663 handlers could not have their side-effect (e.g. probe
664 writing to a target register) emulated since rfir would
665 erase the changes to said register. Instead we have to
666 setup everything, call this function we are in, and emulate
667 by hand. Technically we need to emulate:
668 fdc,fdce,pdc,"fic,4f",prober,probeir,probew, probeiw
670 fault_address
= regs
->ior
;
671 fault_space
= regs
->isr
;
675 /* PCXS only -- later cpu's split this into types 26,27 & 28 */
676 /* Check for unaligned access */
677 if (check_unaligned(regs
)) {
678 handle_unaligned(regs
);
683 /* PCXL: Data memory access rights trap */
684 fault_address
= regs
->ior
;
685 fault_space
= regs
->isr
;
689 /* Data memory break trap */
690 regs
->gr
[0] |= PSW_X
; /* So we can single-step over the trap */
693 /* Page reference trap */
694 handle_gdb_break(regs
, TRAP_HWBKPT
);
698 /* Taken branch trap */
699 regs
->gr
[0] &= ~PSW_T
;
700 if (user_space(regs
))
701 handle_gdb_break(regs
, TRAP_BRANCH
);
702 /* else this must be the start of a syscall - just let it
708 /* Instruction access rights */
709 /* PCXL: Instruction memory protection trap */
712 * This could be caused by either: 1) a process attempting
713 * to execute within a vma that does not have execute
714 * permission, or 2) an access rights violation caused by a
715 * flush only translation set up by ptep_get_and_clear().
716 * So we check the vma permissions to differentiate the two.
717 * If the vma indicates we have execute permission, then
718 * the cause is the latter one. In this case, we need to
719 * call do_page_fault() to fix the problem.
722 if (user_mode(regs
)) {
723 struct vm_area_struct
*vma
;
725 down_read(¤t
->mm
->mmap_sem
);
726 vma
= find_vma(current
->mm
,regs
->iaoq
[0]);
727 if (vma
&& (regs
->iaoq
[0] >= vma
->vm_start
)
728 && (vma
->vm_flags
& VM_EXEC
)) {
730 fault_address
= regs
->iaoq
[0];
731 fault_space
= regs
->iasq
[0];
733 up_read(¤t
->mm
->mmap_sem
);
734 break; /* call do_page_fault() */
736 up_read(¤t
->mm
->mmap_sem
);
740 /* Data memory protection ID trap */
741 if (code
== 27 && !user_mode(regs
) &&
742 fixup_exception(regs
))
745 die_if_kernel("Protection id trap", regs
, code
);
746 si
.si_code
= SEGV_MAPERR
;
747 si
.si_signo
= SIGSEGV
;
750 si
.si_addr
= (void __user
*) regs
->iaoq
[0];
752 si
.si_addr
= (void __user
*) regs
->ior
;
753 force_sig_info(SIGSEGV
, &si
, current
);
757 /* Unaligned data reference trap */
758 handle_unaligned(regs
);
762 if (user_mode(regs
)) {
763 #ifdef PRINT_USER_FAULTS
764 printk(KERN_DEBUG
"\nhandle_interruption() pid=%d command='%s'\n",
765 task_pid_nr(current
), current
->comm
);
768 /* SIGBUS, for lack of a better one. */
769 si
.si_signo
= SIGBUS
;
770 si
.si_code
= BUS_OBJERR
;
772 si
.si_addr
= (void __user
*) regs
->ior
;
773 force_sig_info(SIGBUS
, &si
, current
);
776 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC
);
778 parisc_terminate("Unexpected interruption", regs
, code
, 0);
782 if (user_mode(regs
)) {
783 if ((fault_space
>> SPACEID_SHIFT
) != (regs
->sr
[7] >> SPACEID_SHIFT
)) {
784 #ifdef PRINT_USER_FAULTS
785 if (fault_space
== 0)
786 printk(KERN_DEBUG
"User Fault on Kernel Space ");
788 printk(KERN_DEBUG
"User Fault (long pointer) (fault %d) ",
790 printk(KERN_CONT
"pid=%d command='%s'\n",
791 task_pid_nr(current
), current
->comm
);
794 si
.si_signo
= SIGSEGV
;
796 si
.si_code
= SEGV_MAPERR
;
797 si
.si_addr
= (void __user
*) regs
->ior
;
798 force_sig_info(SIGSEGV
, &si
, current
);
805 * The kernel should never fault on its own address space.
808 if (fault_space
== 0)
810 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC
);
811 parisc_terminate("Kernel Fault", regs
, code
, fault_address
);
816 do_page_fault(regs
, code
, fault_address
);
820 int __init
check_ivt(void *iva
)
822 extern u32 os_hpmc_size
;
823 extern const u32 os_hpmc
[];
831 if (strcmp((char *)iva
, "cows can fly"))
836 for (i
= 0; i
< 8; i
++)
839 /* Compute Checksum for HPMC handler */
840 length
= os_hpmc_size
;
843 hpmcp
= (u32
*)os_hpmc
;
845 for (i
=0; i
<length
/4; i
++)
857 extern const void fault_vector_11
;
859 extern const void fault_vector_20
;
861 void __init
trap_init(void)
865 if (boot_cpu_data
.cpu_type
>= pcxu
)
866 iva
= (void *) &fault_vector_20
;
869 panic("Can't boot 64-bit OS on PA1.1 processor!");
871 iva
= (void *) &fault_vector_11
;
875 panic("IVT invalid");