From 483a2de9971eb31a3a48b475b1e349292e593c41 Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Sat, 18 Oct 2025 23:10:17 -0400
Subject: kernel/amd64: Gracefully handle usermode faults

Instead of bringing the whole kernel down with the process, we now
gracefully kill the offending process

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 src/sys/arch/amd64/cpu/trap.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/sys/arch/amd64/cpu/trap.c b/src/sys/arch/amd64/cpu/trap.c
index ae3a0cc..94c6e83 100644
--- a/src/sys/arch/amd64/cpu/trap.c
+++ b/src/sys/arch/amd64/cpu/trap.c
@@ -34,6 +34,7 @@
 
 #include <sys/param.h>
 #include <sys/cdefs.h>
+#include <sys/errno.h>
 #include <sys/panic.h>
 #include <sys/cpuvar.h>
 #include <sys/syslog.h>
@@ -148,6 +149,26 @@ trapframe_dump(struct trapframe *tf)
         tf->rbp, tf->rsp, tf->rip);
 }
 
+/*
+ * Handle user faults
+ */
+static void
+handle_ufault(void)
+{
+    struct proc *self = proc_self();
+
+    if (__unlikely(self == NULL)) {
+        panic("could not get self on fault\n");
+    }
+
+    syslog_toggle(true);
+    printf("** hardware violation **\n");
+    syslog_toggle(false);
+
+    proc_kill(self, -EFAULT);
+    __builtin_unreachable();
+}
+
 void
 trap_syscall(struct trapframe *tf)
 {
@@ -194,7 +215,8 @@ trap_handler(struct trapframe *tf)
 {
     trapframe_dump(tf);
     if (ISSET(tf->cs, 3)) {
-        panic("fatal user trap\n");
+        handle_ufault();
+        __builtin_unreachable();
     }
 
     panic("fatal trap\n");
-- 
cgit v1.2.3