2
* wuf.S: Window underflow trap handler for the Sparc.
4
* Copyright (C) 1995 David S. Miller
7
#include <asm/contregs.h>
9
#include <asm/ptrace.h>
13
#include <asm/winmacro.h>
14
#include <asm/asmmacro.h>
15
#include <asm/thread_info.h>
17
/* Just like the overflow handler we define macros for registers
18
* with fixed meanings in this routine.
24
/* Don't touch the above registers or else you die horribly... */
26
/* Now macros for the available scratch registers in this routine. */
35
/* The trap entry point has executed the following:
40
* andcc %l0, PSR_PS, %g0
43
/* Datum current_thread_info->uwinmask contains at all times a bitmask
44
* where if any user windows are active, at least one bit will
45
* be set in to mask. If no user windows are active, the bitmask
49
/* To get an idea of what has just happened to cause this
50
* trap take a look at this diagram:
52
* 1 2 3 4 <-- Window number
54
* T O W I <-- Symbolic name
56
* O == the window that execution was in when
57
* the restore was attempted
59
* T == the trap itself has save'd us into this
62
* W == this window is the one which is now invalid
63
* and must be made valid plus loaded from the
66
* I == this window will be the invalid one when we
67
* are done and return from trap if successful
70
/* BEGINNING OF PATCH INSTRUCTIONS */
72
/* On 7-window Sparc the boot code patches fnwin_patch1
73
* with the following instruction.
75
.globl fnwin_patch1_7win, fnwin_patch2_7win
76
fnwin_patch1_7win: srl %t_wim, 6, %twin_tmp2
77
fnwin_patch2_7win: and %twin_tmp1, 0x7f, %twin_tmp1
78
/* END OF PATCH INSTRUCTIONS */
80
.globl fill_window_entry, fnwin_patch1, fnwin_patch2
82
/* LOCATION: Window 'T' */
84
/* Compute what the new %wim is going to be if we retrieve
85
* the proper window off of the stack.
87
sll %t_wim, 1, %twin_tmp1
88
fnwin_patch1: srl %t_wim, 7, %twin_tmp2
89
or %twin_tmp1, %twin_tmp2, %twin_tmp1
90
fnwin_patch2: and %twin_tmp1, 0xff, %twin_tmp1
92
wr %twin_tmp1, 0x0, %wim /* Make window 'I' invalid */
94
andcc %t_psr, PSR_PS, %g0
96
restore %g0, %g0, %g0 /* Restore to window 'O' */
98
/* Trapped from kernel, we trust that the kernel does not
99
* 'over restore' sorta speak and just grab the window
100
* from the stack and return. Easy enough.
103
/* LOCATION: Window 'O' */
105
restore %g0, %g0, %g0
107
/* LOCATION: Window 'W' */
109
LOAD_WINDOW(sp) /* Load it up */
111
/* Spin the wheel... */
114
/* I'd like to buy a vowel please... */
116
/* LOCATION: Window 'T' */
118
/* Now preserve the condition codes in %psr, pause, and
119
* return from trap. This is the simplest case of all.
128
/* LOCATION: Window 'O' */
130
restore %g0, %g0, %g0 /* Restore to window 'W' */
132
/* LOCATION: Window 'W' */
134
/* Branch to the architecture specific stack validation
135
* routine. They can be found below...
137
.globl fwin_mmu_patchme
138
fwin_mmu_patchme: b sun4c_fwin_stackchk
141
#define STACK_OFFSET (THREAD_SIZE - TRACEREG_SZ - STACKFRAME_SZ)
143
fwin_user_stack_is_bolixed:
144
/* LOCATION: Window 'W' */
146
/* Place a pt_regs frame on the kernel stack, save back
147
* to the trap window and call c-code to deal with this.
151
sethi %hi(STACK_OFFSET), %l5
152
or %l5, %lo(STACK_OFFSET), %l5
155
/* Store globals into pt_regs frame. */
157
STORE_PT_YREG(l5, g3)
159
/* Save current in a global while we change windows. */
164
/* LOCATION: Window 'O' */
166
rd %psr, %g3 /* Read %psr in live user window */
167
mov %fp, %g4 /* Save bogus frame pointer. */
171
/* LOCATION: Window 'T' */
173
sethi %hi(STACK_OFFSET), %l5
174
or %l5, %lo(STACK_OFFSET), %l5
175
add %curptr, %l5, %sp
177
/* Build rest of pt_regs. */
179
STORE_PT_PRIV(sp, t_psr, t_pc, t_npc)
181
/* re-set trap time %wim value */
184
/* Fix users window mask and buffer save count. */
187
st %g5, [%curptr + TI_UWINMASK] ! one live user window still
188
st %g0, [%curptr + TI_W_SAVED] ! no windows in the buffer
190
wr %t_psr, PSR_ET, %psr ! enable traps
192
call window_underflow_fault
198
fwin_user_stack_is_ok:
199
/* LOCATION: Window 'W' */
201
/* The users stack area is kosher and mapped, load the
202
* window and fall through to the finish up routine.
206
/* Round and round she goes... */
207
save %g0, %g0, %g0 /* Save to window 'O' */
208
save %g0, %g0, %g0 /* Save to window 'T' */
209
/* Where she'll trap nobody knows... */
211
/* LOCATION: Window 'T' */
214
/* LOCATION: Window 'T' */
222
/* Here come the architecture specific checks for stack.
223
* mappings. Note that unlike the window overflow handler
224
* we only need to check whether the user can read from
225
* the appropriate addresses. Also note that we are in
226
* an invalid window which will be loaded, and this means
227
* that until we actually load the window up we are free
228
* to use any of the local registers contained within.
230
* On success these routine branch to fwin_user_stack_is_ok
231
* if the area at %sp is user readable and the window still
232
* needs to be loaded, else fwin_user_finish_up if the
233
* routine has done the loading itself. On failure (bogus
234
* user stack) the routine shall branch to the label called
235
* fwin_user_stack_is_bolixed.
237
* Contrary to the arch-specific window overflow stack
238
* check routines in wof.S, these routines are free to use
239
* any of the local registers they want to as this window
240
* does not belong to anyone at this point, however the
241
* outs and ins are still verboten as they are part of
242
* 'someone elses' window possibly.
247
/* LOCATION: Window 'W' */
249
/* Caller did 'andcc %sp, 0x7, %g0' */
251
and %sp, 0xfff, %l0 ! delay slot
253
b,a fwin_user_stack_is_bolixed
255
/* See if we have to check the sanity of one page or two */
262
andncc %l0, 0xff8, %g0
264
b,a fwin_user_stack_is_bolixed /* %sp is in vma hole, yuck */
267
be sun4c_fwin_onepage /* Only one page to check */
268
lda [%sp] ASI_PTE, %l1
275
lda [%l0] ASI_PTE, %l1
277
b,a fwin_user_stack_is_bolixed /* Second page in vma hole */
282
bne sun4c_fwin_onepage
283
lda [%sp] ASI_PTE, %l1
285
b,a fwin_user_stack_is_bolixed /* Second page has bad perms */
290
bne fwin_user_stack_is_ok
293
/* A page had bad page permissions, losing... */
294
b,a fwin_user_stack_is_bolixed
296
.globl srmmu_fwin_stackchk
298
/* LOCATION: Window 'W' */
300
/* Caller did 'andcc %sp, 0x7, %g0' */
301
bne fwin_user_stack_is_bolixed
302
sethi %hi(PAGE_OFFSET), %l5
304
/* Check if the users stack is in kernel vma, then our
305
* trial and error technique below would succeed for
306
* the 'wrong' reason.
310
bleu fwin_user_stack_is_bolixed
311
lda [%l4] ASI_M_MMUREGS, %g0 ! clear fault status
313
/* The technique is, turn off faults on this processor,
314
* just let the load rip, then check the sfsr to see if
315
* a fault did occur. Then we turn on fault traps again
316
* and branch conditionally based upon what happened.
318
lda [%g0] ASI_M_MMUREGS, %l5 ! read mmu-ctrl reg
319
or %l5, 0x2, %l5 ! turn on no-fault bit
320
sta %l5, [%g0] ASI_M_MMUREGS ! store it
322
/* Cross fingers and go for it. */
325
/* A penny 'saved'... */
328
/* Is a BADTRAP earned... */
330
/* LOCATION: Window 'T' */
332
lda [%g0] ASI_M_MMUREGS, %twin_tmp1 ! load mmu-ctrl again
333
andn %twin_tmp1, 0x2, %twin_tmp1 ! clear no-fault bit
334
sta %twin_tmp1, [%g0] ASI_M_MMUREGS ! store it
336
mov AC_M_SFAR, %twin_tmp2
337
lda [%twin_tmp2] ASI_M_MMUREGS, %g0 ! read fault address
339
mov AC_M_SFSR, %twin_tmp2
340
lda [%twin_tmp2] ASI_M_MMUREGS, %twin_tmp2 ! read fault status
341
andcc %twin_tmp2, 0x2, %g0 ! did fault occur?
343
bne 1f ! yep, cleanup
348
b fwin_user_finish_up + 0x4
351
/* Did I ever tell you about my window lobotomy?
352
* anyways... fwin_user_stack_is_bolixed expects
353
* to be in window 'W' so make it happy or else
357
restore %g0, %g0, %g0
358
b fwin_user_stack_is_bolixed ! oh well
359
restore %g0, %g0, %g0