/*
* softintr_dispatch:
*
* Process pending software interrupts.
*/
void
softintr_dispatch(int which)
{
struct i386_soft_intr *si = &i386_soft_intrs[which];
struct i386_soft_intrhand *sih;
KERNEL_LOCK();
for (;;) {
mtx_enter(&si->softintr_lock);
sih = TAILQ_FIRST(&si->softintr_q);
if (sih == NULL) {
mtx_leave(&si->softintr_lock);
break;
}
TAILQ_REMOVE(&si->softintr_q, sih, sih_q);
sih->sih_pending = 0;
uvmexp.softs++;
mtx_leave(&si->softintr_lock);
(*sih->sih_fn)(sih->sih_arg);
}
KERNEL_UNLOCK();
}
void
child_return(void *arg)
{
struct proc *p = arg;
struct trapframe *trapframe;
trapframe = p->p_md.md_regs;
trapframe->v0 = 0;
trapframe->v1 = 1;
trapframe->a3 = 0;
KERNEL_UNLOCK();
mi_child_return(p);
}
/*lint --e{533 } */
STATUS osl_waitqueue_wakeup
(
wait_queue_head_t semId /* semaphore ID to give */
)
{
#ifndef _WRS_CONFIG_SMP
int level;
#endif /* !_WRS_CONFIG_SMP */
Q_NODE * pQNode = NULL;
#ifdef _WRS_CONFIG_SMP
/* lock has been taken in the case of ISR before here */
if (!_WRS_INT_CONTEXT ())
#endif /* _WRS_CONFIG_SMP */
OBJ_LOCK (semClassId, level);
if (OBJ_VERIFY (semId, semClassId) != OK)
{
OBJ_UNLOCK (semClassId, level);
return (ERROR);
}
pQNode = Q_EACH(&semId->qHead, semQueueEventCheck, TRUE);
if (pQNode == NULL)
{
OBJ_UNLOCK (semClassId, level);/*lint !e2 */
return (OK);
}
else
{
/*lint -save -e10*/
KERNEL_LOCK_OBJ_UNLOCK (semClassId, level);/*lint !e2 */
/*lint -restore +e10*/
/*lint -save -e722*/
#ifdef _WRS_CONFIG_SV_INSTRUMENTATION
/* system viewer - level 2 event logging */
EVT_TASK_1 (EVENT_OBJ_SEMGIVE, semId);/*lint !e681 */
#endif /* _WRS_CONFIG_SV_INSTRUMENTATION */
/*lint -restore +e722*/
semQueuePendQGet(&semId->qHead, pQNode); /* unblock a task */
KERNEL_UNLOCK ();
return (OK);
}
}
void
vnet_link_state(struct vnet_softc *sc)
{
struct ifnet *ifp = &sc->sc_ac.ac_if;
int link_state = LINK_STATE_DOWN;
KERNEL_LOCK();
if (ISSET(sc->sc_vio_state, VIO_RCV_RDX) &&
ISSET(sc->sc_vio_state, VIO_ACK_RDX))
link_state = LINK_STATE_FULL_DUPLEX;
if (ifp->if_link_state != link_state) {
ifp->if_link_state = link_state;
if_link_state_change(ifp);
}
KERNEL_UNLOCK();
}
/*
* Handle asynchronous software traps.
*/
void
ast(struct trapframe *frame)
{
struct cpu_info *ci = curcpu();
struct proc *p = ci->ci_curproc;
uvmexp.softs++;
p->p_md.md_astpending = 0;
if (p->p_flag & P_OWEUPC) {
KERNEL_LOCK();
ADDUPROF(p);
KERNEL_UNLOCK();
}
if (ci->ci_want_resched)
preempt(NULL);
userret(p);
}
void
vnet_rx_vio_rdx(struct vnet_softc *sc, struct vio_msg_tag *tag)
{
struct ifnet *ifp = &sc->sc_ac.ac_if;
switch(tag->stype) {
case VIO_SUBTYPE_INFO:
DPRINTF(("CTRL/INFO/RDX\n"));
tag->stype = VIO_SUBTYPE_ACK;
tag->sid = sc->sc_local_sid;
vnet_sendmsg(sc, tag, sizeof(*tag));
sc->sc_vio_state |= VIO_RCV_RDX;
break;
case VIO_SUBTYPE_ACK:
DPRINTF(("CTRL/ACK/RDX\n"));
if (!ISSET(sc->sc_vio_state, VIO_SND_RDX)) {
ldc_reset(&sc->sc_lc);
break;
}
sc->sc_vio_state |= VIO_ACK_RDX;
break;
default:
DPRINTF(("CTRL/0x%02x/RDX (VIO)\n", tag->stype));
break;
}
if (ISSET(sc->sc_vio_state, VIO_RCV_RDX) &&
ISSET(sc->sc_vio_state, VIO_ACK_RDX)) {
/* Link is up! */
vnet_link_state(sc);
/* Configure multicast now that we can. */
vnet_setmulti(sc, 1);
KERNEL_LOCK();
ifp->if_flags &= ~IFF_OACTIVE;
vnet_start(ifp);
KERNEL_UNLOCK();
}
}
void
vnet_setmulti(struct vnet_softc *sc, int set)
{
struct arpcom *ac = &sc->sc_ac;
struct ether_multi *enm;
struct ether_multistep step;
struct vnet_mcast_info mi;
int count = 0;
if (!ISSET(sc->sc_vio_state, VIO_RCV_RDX) ||
!ISSET(sc->sc_vio_state, VIO_ACK_RDX))
return;
bzero(&mi, sizeof(mi));
mi.tag.type = VIO_TYPE_CTRL;
mi.tag.stype = VIO_SUBTYPE_INFO;
mi.tag.stype_env = VNET_MCAST_INFO;
mi.tag.sid = sc->sc_local_sid;
mi.set = set ? 1 : 0;
KERNEL_LOCK();
ETHER_FIRST_MULTI(step, ac, enm);
while (enm != NULL) {
/* XXX What about multicast ranges? */
bcopy(enm->enm_addrlo, mi.mcast_addr[count], ETHER_ADDR_LEN);
ETHER_NEXT_MULTI(step, enm);
count++;
if (count < VNET_NUM_MCAST)
continue;
mi.count = VNET_NUM_MCAST;
vnet_sendmsg(sc, &mi, sizeof(mi));
count = 0;
}
if (count > 0) {
mi.count = count;
vnet_sendmsg(sc, &mi, sizeof(mi));
}
KERNEL_UNLOCK();
}
/*
* Interrupt handler.
*/
int
virtio_pci_intr(void *arg)
{
struct virtio_pci_softc *sc = arg;
struct virtio_softc *vsc = &sc->sc_sc;
int isr, r = 0;
/* check and ack the interrupt */
isr = bus_space_read_1(sc->sc_iot, sc->sc_ioh,
VIRTIO_CONFIG_ISR_STATUS);
if (isr == 0)
return 0;
KERNEL_LOCK();
if ((isr & VIRTIO_CONFIG_ISR_CONFIG_CHANGE) &&
(vsc->sc_config_change != NULL))
r = (vsc->sc_config_change)(vsc);
if (vsc->sc_intrhand != NULL)
r |= (vsc->sc_intrhand)(vsc);
KERNEL_UNLOCK();
return r;
}
void
dosoftint(int pcpl)
{
struct cpu_info *ci = curcpu();
int sir, q, mask;
ppc_intr_enable(1);
KERNEL_LOCK();
while ((sir = (ci->ci_ipending & ppc_smask[pcpl])) != 0) {
atomic_clearbits_int(&ci->ci_ipending, sir);
for (q = SI_NQUEUES - 1; q >= 0; q--) {
mask = SI_TO_IRQBIT(q);
if (sir & mask)
softintr_dispatch(q);
}
}
KERNEL_UNLOCK();
(void)ppc_intr_disable();
}
void
taskq_thread(void *xtq)
{
sleepfn tqsleep = msleep;
struct taskq *tq = xtq;
struct task work;
int last;
if (ISSET(tq->tq_flags, TASKQ_MPSAFE))
KERNEL_UNLOCK();
if (ISSET(tq->tq_flags, TASKQ_CANTSLEEP)) {
tqsleep = taskq_sleep;
atomic_setbits_int(&curproc->p_flag, P_CANTSLEEP);
}
while (taskq_next_work(tq, &work, tqsleep)) {
(*work.t_func)(work.t_arg);
sched_pause();
}
mtx_enter(&tq->tq_mtx);
last = (--tq->tq_running == 0);
mtx_leave(&tq->tq_mtx);
if (ISSET(tq->tq_flags, TASKQ_MPSAFE))
KERNEL_LOCK();
if (ISSET(tq->tq_flags, TASKQ_CANTSLEEP))
atomic_clearbits_int(&curproc->p_flag, P_CANTSLEEP);
if (last)
wakeup_one(&tq->tq_running);
kthread_exit(0);
}
/*ARGSUSED*/
void
trap(struct trapframe *frame)
{
struct proc *p = curproc;
int type = (int)frame->tf_trapno;
struct pcb *pcb;
extern char doreti_iret[], resume_iret[];
caddr_t onfault;
int error;
uint64_t cr2;
union sigval sv;
uvmexp.traps++;
pcb = (p != NULL && p->p_addr != NULL) ? &p->p_addr->u_pcb : NULL;
#ifdef DEBUG
if (trapdebug) {
printf("trap %d code %lx rip %lx cs %lx rflags %lx cr2 %lx "
"cpl %x\n",
type, frame->tf_err, frame->tf_rip, frame->tf_cs,
frame->tf_rflags, rcr2(), curcpu()->ci_ilevel);
printf("curproc %p\n", curproc);
if (curproc)
printf("pid %d\n", p->p_pid);
}
#endif
if (!KERNELMODE(frame->tf_cs, frame->tf_rflags)) {
type |= T_USER;
p->p_md.md_regs = frame;
}
switch (type) {
default:
we_re_toast:
#ifdef KGDB
if (kgdb_trap(type, frame))
return;
else {
/*
* If this is a breakpoint, don't panic
* if we're not connected.
*/
if (type == T_BPTFLT) {
printf("kgdb: ignored %s\n", trap_type[type]);
return;
}
}
#endif
#ifdef DDB
if (kdb_trap(type, 0, frame))
return;
#endif
if (frame->tf_trapno < trap_types)
printf("fatal %s", trap_type[frame->tf_trapno]);
else
printf("unknown trap %ld", (u_long)frame->tf_trapno);
printf(" in %s mode\n", (type & T_USER) ? "user" : "supervisor");
printf("trap type %d code %lx rip %lx cs %lx rflags %lx cr2 "
" %lx cpl %x rsp %lx\n",
type, frame->tf_err, (u_long)frame->tf_rip, frame->tf_cs,
frame->tf_rflags, rcr2(), curcpu()->ci_ilevel, frame->tf_rsp);
panic("trap type %d, code=%lx, pc=%lx",
type, frame->tf_err, frame->tf_rip);
/*NOTREACHED*/
case T_PROTFLT:
case T_SEGNPFLT:
case T_ALIGNFLT:
case T_TSSFLT:
if (p == NULL)
goto we_re_toast;
/* Check for copyin/copyout fault. */
if (pcb->pcb_onfault != 0) {
error = EFAULT;
copyfault:
frame->tf_rip = (u_int64_t)pcb->pcb_onfault;
frame->tf_rax = error;
return;
}
/*
* Check for failure during return to user mode.
* We do this by looking at the address of the
* instruction that faulted.
*/
if (frame->tf_rip == (u_int64_t)doreti_iret) {
frame->tf_rip = (u_int64_t)resume_iret;
return;
}
goto we_re_toast;
case T_PROTFLT|T_USER: /* protection fault */
case T_TSSFLT|T_USER:
case T_SEGNPFLT|T_USER:
case T_STKFLT|T_USER:
case T_NMI|T_USER:
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): BUS at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGBUS, type & ~T_USER, BUS_OBJERR, sv);
KERNEL_UNLOCK();
goto out;
case T_ALIGNFLT|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGBUS, type & ~T_USER, BUS_ADRALN, sv);
KERNEL_UNLOCK();
goto out;
case T_PRIVINFLT|T_USER: /* privileged instruction fault */
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGILL, type & ~T_USER, ILL_PRVOPC, sv);
KERNEL_UNLOCK();
goto out;
case T_FPOPFLT|T_USER: /* coprocessor operand fault */
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): ILL at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, rcr2());
frame_dump(frame);
#endif
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGILL, type & ~T_USER, ILL_COPROC, sv);
KERNEL_UNLOCK();
goto out;
case T_ASTFLT|T_USER: /* Allow process switch */
uvmexp.softs++;
if (p->p_flag & P_OWEUPC) {
KERNEL_LOCK();
ADDUPROF(p);
KERNEL_UNLOCK();
}
/* Allow a forced task switch. */
if (curcpu()->ci_want_resched)
preempt(NULL);
goto out;
case T_BOUND|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_FLTSUB, sv);
KERNEL_UNLOCK();
goto out;
case T_OFLOW|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_INTOVF, sv);
KERNEL_UNLOCK();
goto out;
case T_DIVIDE|T_USER:
sv.sival_ptr = (void *)frame->tf_rip;
KERNEL_LOCK();
trapsignal(p, SIGFPE, type &~ T_USER, FPE_INTDIV, sv);
KERNEL_UNLOCK();
goto out;
case T_ARITHTRAP|T_USER:
case T_XMM|T_USER:
fputrap(frame);
goto out;
case T_PAGEFLT: /* allow page faults in kernel mode */
if (p == NULL)
goto we_re_toast;
cr2 = rcr2();
KERNEL_LOCK();
goto faultcommon;
case T_PAGEFLT|T_USER: { /* page fault */
vaddr_t va, fa;
struct vmspace *vm;
struct vm_map *map;
vm_prot_t ftype;
extern struct vm_map *kernel_map;
cr2 = rcr2();
KERNEL_LOCK();
faultcommon:
vm = p->p_vmspace;
if (vm == NULL)
goto we_re_toast;
fa = cr2;
va = trunc_page((vaddr_t)cr2);
/*
* It is only a kernel address space fault iff:
* 1. (type & T_USER) == 0 and
* 2. pcb_onfault not set or
* 3. pcb_onfault set but supervisor space fault
* The last can occur during an exec() copyin where the
* argument space is lazy-allocated.
*/
if (type == T_PAGEFLT && va >= VM_MIN_KERNEL_ADDRESS)
map = kernel_map;
else
map = &vm->vm_map;
if (frame->tf_err & PGEX_W)
ftype = VM_PROT_WRITE;
else if (frame->tf_err & PGEX_I)
ftype = VM_PROT_EXECUTE;
else
ftype = VM_PROT_READ;
#ifdef DIAGNOSTIC
if (map == kernel_map && va == 0) {
printf("trap: bad kernel access at %lx\n", va);
goto we_re_toast;
}
#endif
/* Fault the original page in. */
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = NULL;
error = uvm_fault(map, va, frame->tf_err & PGEX_P?
VM_FAULT_PROTECT : VM_FAULT_INVALID, ftype);
pcb->pcb_onfault = onfault;
if (error == 0) {
if (map != kernel_map)
uvm_grow(p, va);
if (type == T_PAGEFLT) {
KERNEL_UNLOCK();
return;
}
KERNEL_UNLOCK();
goto out;
}
if (error == EACCES) {
error = EFAULT;
}
if (type == T_PAGEFLT) {
if (pcb->pcb_onfault != 0) {
KERNEL_UNLOCK();
goto copyfault;
}
printf("uvm_fault(%p, 0x%lx, 0, %d) -> %x\n",
map, va, ftype, error);
goto we_re_toast;
}
if (error == ENOMEM) {
printf("UVM: pid %d (%s), uid %d killed: out of swap\n",
p->p_pid, p->p_comm,
p->p_cred && p->p_ucred ?
(int)p->p_ucred->cr_uid : -1);
sv.sival_ptr = (void *)fa;
trapsignal(p, SIGKILL, T_PAGEFLT, SEGV_MAPERR, sv);
} else {
#ifdef TRAP_SIGDEBUG
printf("pid %d (%s): SEGV at rip %lx addr %lx\n",
p->p_pid, p->p_comm, frame->tf_rip, va);
frame_dump(frame);
#endif
sv.sival_ptr = (void *)fa;
trapsignal(p, SIGSEGV, T_PAGEFLT, SEGV_MAPERR, sv);
}
KERNEL_UNLOCK();
break;
}
case T_TRCTRAP:
goto we_re_toast;
case T_BPTFLT|T_USER: /* bpt instruction fault */
case T_TRCTRAP|T_USER: /* trace trap */
#ifdef MATH_EMULATE
trace:
#endif
KERNEL_LOCK();
trapsignal(p, SIGTRAP, type &~ T_USER, TRAP_BRKPT, sv);
KERNEL_UNLOCK();
break;
#if NISA > 0
case T_NMI:
#if defined(KGDB) || defined(DDB)
/* NMI can be hooked up to a pushbutton for debugging */
printf ("NMI ... going to debugger\n");
#ifdef KGDB
if (kgdb_trap(type, frame))
return;
#endif
#ifdef DDB
if (kdb_trap(type, 0, frame))
return;
#endif
#endif /* KGDB || DDB */
/* machine/parity/power fail/"kitchen sink" faults */
if (x86_nmi() != 0)
goto we_re_toast;
else
return;
#endif /* NISA > 0 */
}
if ((type & T_USER) == 0)
return;
out:
userret(p);
}
void
m88110_trap(unsigned type, struct trapframe *frame)
{
struct proc *p;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type;
u_long fault_code;
unsigned fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
u_int psr;
#endif
int sig = 0;
pt_entry_t *pte;
extern struct vm_map *kernel_map;
extern pt_entry_t *pmap_pte(pmap_t, vaddr_t);
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
if (USERMODE(frame->tf_epsr)) {
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
fault_type = 0;
fault_code = 0;
fault_addr = frame->tf_exip & XIP_ADDR;
switch (type) {
default:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_110_DRM+T_USER:
case T_110_DRM:
#ifdef DEBUG
printf("DMMU read miss: Hardware Table Searches should be enabled!\n");
#endif
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_110_DWM+T_USER:
case T_110_DWM:
#ifdef DEBUG
printf("DMMU write miss: Hardware Table Searches should be enabled!\n");
#endif
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_110_IAM+T_USER:
case T_110_IAM:
#ifdef DEBUG
printf("IMMU miss: Hardware Table Searches should be enabled!\n");
#endif
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#ifdef DDB
case T_KDB_TRACE:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_TRACE, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_BREAK:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
set_psr(psr);
/* skip one instruction */
if (frame->tf_exip & 1)
frame->tf_exip = frame->tf_enip;
else
frame->tf_exip += 4;
splx(s);
return;
#if 0
case T_ILLFLT:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_error_trap(type == T_ILLFLT ? "unimplemented opcode" :
"error fault", (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
#endif /* 0 */
#endif /* DDB */
case T_ILLFLT:
printf("Unimplemented opcode!\n");
panictrap(frame->tf_vector, frame);
break;
case T_NON_MASK:
case T_NON_MASK+T_USER:
curcpu()->ci_intrdepth++;
md_interrupt_func(T_NON_MASK, frame);
curcpu()->ci_intrdepth--;
return;
case T_INT:
case T_INT+T_USER:
curcpu()->ci_intrdepth++;
md_interrupt_func(T_INT, frame);
curcpu()->ci_intrdepth--;
return;
case T_MISALGNFLT:
printf("kernel mode misaligned access exception @ 0x%08x\n",
frame->tf_exip);
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
printf("Kernel Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dsr & CMMU_DSR_SU) == 0) {
type = T_DATAFLT + T_USER;
goto m88110_user_fault;
}
#ifdef TRAPDEBUG
printf("Kernel Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
va = trunc_page((vaddr_t)fault_addr);
if (va == 0) {
panic("trap: bad kernel access at %x", fault_addr);
}
KERNEL_LOCK(LK_CANRECURSE | LK_EXCLUSIVE);
vm = p->p_vmspace;
map = kernel_map;
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
frame->tf_dsr &= ~CMMU_DSR_WE; /* undefined */
/*
* On a segment or a page fault, call uvm_fault() to
* resolve the fault.
*/
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0) {
KERNEL_UNLOCK();
return;
}
}
if (frame->tf_dsr & CMMU_DSR_WE) { /* write fault */
/*
* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write error,
* then we already have a pte entry that faulted
* in from a previous seg fault or page fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
pte = pmap_pte(map->pmap, va);
#ifdef DEBUG
if (pte == NULL) {
KERNEL_UNLOCK();
panic("NULL pte on write fault??");
}
#endif
if (!(*pte & PG_M) && !(*pte & PG_RO)) {
/* Set modified bit and try the write again. */
#ifdef TRAPDEBUG
printf("Corrected kernel write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
*pte |= PG_M;
KERNEL_UNLOCK();
return;
#if 1 /* shouldn't happen */
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected kernel write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0) {
KERNEL_UNLOCK();
return;
}
#endif
}
}
KERNEL_UNLOCK();
panictrap(frame->tf_vector, frame);
/* NOTREACHED */
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
m88110_user_fault:
if (type == T_INSTFLT+T_USER) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
#ifdef TRAPDEBUG
printf("User Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
} else {
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
#ifdef TRAPDEBUG
printf("User Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
}
va = trunc_page((vaddr_t)fault_addr);
KERNEL_PROC_LOCK(p);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/*
* Call uvm_fault() to resolve non-bus error faults
* whenever possible.
*/
if (type == T_DATAFLT+T_USER) {
/* data faults */
if (frame->tf_dsr & CMMU_DSR_BE) {
/* bus error */
result = EACCES;
} else
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
} else
if (frame->tf_dsr & (CMMU_DSR_CP | CMMU_DSR_WA)) {
/* copyback or write allocate error */
result = EACCES;
} else
if (frame->tf_dsr & CMMU_DSR_WE) {
/* write fault */
/* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write
* error, then we already have a pte entry that
* faulted in from a previous seg fault or page
* fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
pte = pmap_pte(vm_map_pmap(map), va);
#ifdef DEBUG
if (pte == NULL) {
KERNEL_PROC_UNLOCK(p);
panic("NULL pte on write fault??");
}
#endif
if (!(*pte & PG_M) && !(*pte & PG_RO)) {
/*
* Set modified bit and try the
* write again.
*/
#ifdef TRAPDEBUG
printf("Corrected userland write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
*pte |= PG_M;
/*
* invalidate ATCs to force
* table search
*/
set_dcmd(CMMU_DCMD_INV_UATC);
KERNEL_PROC_UNLOCK(p);
return;
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected userland write fault, map %x pte %x\n",
map->pmap, *pte);
#endif
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
}
} else {
#ifdef TRAPDEBUG
printf("Unexpected Data access fault dsr %x\n",
frame->tf_dsr);
#endif
KERNEL_PROC_UNLOCK(p);
panictrap(frame->tf_vector, frame);
}
} else {
/* instruction faults */
if (frame->tf_isr &
(CMMU_ISR_BE | CMMU_ISR_SP | CMMU_ISR_TBE)) {
/* bus error, supervisor protection */
result = EACCES;
} else
if (frame->tf_isr & (CMMU_ISR_SI | CMMU_ISR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
} else {
#ifdef TRAPDEBUG
printf("Unexpected Instruction fault isr %x\n",
frame->tf_isr);
#endif
KERNEL_PROC_UNLOCK(p);
panictrap(frame->tf_vector, frame);
}
}
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0)
uvm_grow(p, va);
else if (result == EACCES)
result = EFAULT;
}
KERNEL_PROC_UNLOCK(p);
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result != 0) {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
break;
case T_PRIVINFLT+T_USER:
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
case T_KDB_TRACE:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
break;
case T_FPEPFLT+T_USER:
sig = SIGFPE;
break;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
u_int instr;
vaddr_t pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(u_int));
/* check and see if we got here by accident */
if ((p->p_md.md_bp0va != pc &&
p->p_md.md_bp1va != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear breakpoint */
if (p->p_md.md_bp0va == pc) {
ss_put_value(p, pc, p->p_md.md_bp0save);
p->p_md.md_bp0va = 0;
}
if (p->p_md.md_bp1va == pc) {
ss_put_value(p, pc, p->p_md.md_bp1save);
p->p_md.md_bp1va = 0;
}
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
case T_ASTFLT+T_USER:
uvmexp.softs++;
p->p_md.md_astpending = 0;
if (p->p_flag & P_OWEUPC) {
KERNEL_PROC_LOCK(p);
ADDUPROF(p);
KERNEL_PROC_UNLOCK(p);
}
if (curcpu()->ci_want_resched)
preempt(NULL);
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
sv.sival_int = fault_addr;
KERNEL_PROC_LOCK(p);
trapsignal(p, sig, fault_code, fault_type, sv);
KERNEL_PROC_UNLOCK(p);
}
userret(p);
}
void
vdsp_read_desc(struct vdsp_softc *sc, struct vdsk_desc_msg *dm)
{
struct ldc_conn *lc = &sc->sc_lc;
struct proc *p = curproc;
struct iovec iov;
struct uio uio;
caddr_t buf;
vaddr_t va;
paddr_t pa;
uint64_t size, off;
psize_t nbytes;
int err, i;
if (sc->sc_vp == NULL)
return;
buf = malloc(dm->size, M_DEVBUF, M_WAITOK);
iov.iov_base = buf;
iov.iov_len = dm->size;
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = dm->offset * DEV_BSIZE;
uio.uio_resid = dm->size;
uio.uio_segflg = UIO_SYSSPACE;
uio.uio_rw = UIO_READ;
uio.uio_procp = p;
vn_lock(sc->sc_vp, LK_EXCLUSIVE | LK_RETRY, p);
dm->status = VOP_READ(sc->sc_vp, &uio, 0, p->p_ucred);
VOP_UNLOCK(sc->sc_vp, 0, p);
KERNEL_UNLOCK();
if (dm->status == 0) {
i = 0;
va = (vaddr_t)buf;
size = dm->size;
off = 0;
while (size > 0 && i < dm->ncookies) {
pmap_extract(pmap_kernel(), va, &pa);
nbytes = MIN(size, dm->cookie[i].size - off);
nbytes = MIN(nbytes, PAGE_SIZE - (off & PAGE_MASK));
err = hv_ldc_copy(lc->lc_id, LDC_COPY_OUT,
dm->cookie[i].addr + off, pa, nbytes, &nbytes);
if (err != H_EOK) {
printf("%s: hv_ldc_copy: %d\n", __func__, err);
dm->status = EIO;
KERNEL_LOCK();
goto fail;
}
va += nbytes;
size -= nbytes;
off += nbytes;
if (off >= dm->cookie[i].size) {
off = 0;
i++;
}
}
}
KERNEL_LOCK();
fail:
free(buf, M_DEVBUF, 0);
/* ACK the descriptor. */
dm->tag.stype = VIO_SUBTYPE_ACK;
dm->tag.sid = sc->sc_local_sid;
vdsp_sendmsg(sc, dm, sizeof(*dm) +
(dm->ncookies - 1) * sizeof(struct ldc_cookie), 1);
}
STATUS osl_waitqueue_wait
(
wait_queue_head_t semId, /* semaphore ID to take */
int timeout, /* timeout in ticks */
struct osl_wait_data* entry
)
{
int level;
int status;
#ifdef _WRS_CONFIG_SMP
int cpuid;
level = KERNEL_INT_CPU_LOCK();
cpuid = _WRS_CPU_INDEX_GET ();
if (_WRS_KERNEL_CPU_GLOBAL_GET (cpuid, intCnt) != 0)
{
_WRS_KERNEL_CPU_GLOBAL_SET (cpuid, errno, S_intLib_NOT_ISR_CALLABLE);
KERNEL_INT_CPU_UNLOCK(level);
return (ERROR);
}
KERNEL_INT_CPU_UNLOCK(level);
#else
if (_WRS_INT_CONTEXT())
{
/* coverity[NULL_RETURNS] */
errno = S_intLib_NOT_ISR_CALLABLE;
return (ERROR);
}
#endif /* _WRS_CONFIG_SMP */
again:
OBJ_LOCK (semClassId, level);
if (OBJ_VERIFY (semId, semClassId) != OK)
{
OBJ_UNLOCK (semClassId, level);
return (ERROR);
}
if (entry->func)
{
if ( entry->func(entry->data) )
{
OBJ_UNLOCK (semClassId, level);
return (OK);
}
}
if (timeout == NO_WAIT) /* NO_WAIT = no block */
{
OBJ_UNLOCK (semClassId, level);
errnoSet (S_objLib_OBJ_UNAVAILABLE);
return (ERROR);
}
/*lint -save -e10*/
KERNEL_LOCK_OBJ_UNLOCK (semClassId, level);/*lint !e2 */
/*lint -restore +e10*/
/*lint -save -e722*/
#ifdef _WRS_CONFIG_SV_INSTRUMENTATION
/* system viewer - level 2 event logging */
EVT_TASK_1 (EVENT_OBJ_SEMTAKE, semId);/*lint !e681 */
#endif /* _WRS_CONFIG_SV_INSTRUMENTATION */
/*lint -restore +e722*/
if (semQueuePendQPut (&semId->qHead, timeout, entry) != OK)
{
KERNEL_UNLOCK ();
return (ERROR);
}
/*lint -save -e144*/
if ((status = KERNEL_UNLOCK ()) == RESTART)
{
/*
* If SIG_TIMEOUT_RECALC returns NO_WAIT, we want to return an errno of
* S_objlib_OBJ_TIMEOUT. If we don't return now, it will go try again,
* check to see if timeout equals NO_WAIT and set an errno of
* S_objlib_OBJ_UNAVAILABLE.
*/
/*lint -restore +e144*/
if ((timeout = SIG_TIMEOUT_RECALC (timeout)) == NO_WAIT)
{
errnoSet (S_objLib_OBJ_TIMEOUT);
return (ERROR);
}
goto again;
}
return (status);
}
void
vnet_rx_vio_dring_data(struct vnet_softc *sc, struct vio_msg_tag *tag)
{
struct vio_dring_msg *dm = (struct vio_dring_msg *)tag;
struct ldc_conn *lc = &sc->sc_lc;
struct ifnet *ifp = &sc->sc_ac.ac_if;
struct mbuf *m;
paddr_t pa;
psize_t nbytes;
int err;
switch(tag->stype) {
case VIO_SUBTYPE_INFO:
{
struct vnet_desc desc;
uint64_t cookie;
paddr_t desc_pa;
int idx, ack_end_idx = -1;
struct mbuf_list ml = MBUF_LIST_INITIALIZER();
idx = dm->start_idx;
for (;;) {
cookie = sc->sc_peer_dring_cookie.addr;
cookie += idx * sc->sc_peer_desc_size;
nbytes = sc->sc_peer_desc_size;
pmap_extract(pmap_kernel(), (vaddr_t)&desc, &desc_pa);
err = hv_ldc_copy(lc->lc_id, LDC_COPY_IN, cookie,
desc_pa, nbytes, &nbytes);
if (err != H_EOK) {
printf("hv_ldc_copy_in %d\n", err);
break;
}
if (desc.hdr.dstate != VIO_DESC_READY)
break;
if (desc.nbytes > (ETHER_MAX_LEN - ETHER_CRC_LEN)) {
ifp->if_ierrors++;
goto skip;
}
m = MCLGETI(NULL, M_DONTWAIT, NULL, desc.nbytes);
if (!m)
break;
m->m_len = m->m_pkthdr.len = desc.nbytes;
nbytes = roundup(desc.nbytes + VNET_ETHER_ALIGN, 8);
pmap_extract(pmap_kernel(), (vaddr_t)m->m_data, &pa);
err = hv_ldc_copy(lc->lc_id, LDC_COPY_IN,
desc.cookie[0].addr, pa, nbytes, &nbytes);
if (err != H_EOK) {
m_freem(m);
goto skip;
}
m->m_data += VNET_ETHER_ALIGN;
ml_enqueue(&ml, m);
skip:
desc.hdr.dstate = VIO_DESC_DONE;
nbytes = sc->sc_peer_desc_size;
err = hv_ldc_copy(lc->lc_id, LDC_COPY_OUT, cookie,
desc_pa, nbytes, &nbytes);
if (err != H_EOK)
printf("hv_ldc_copy_out %d\n", err);
ack_end_idx = idx;
if (++idx == sc->sc_peer_dring_nentries)
idx = 0;
}
if_input(ifp, &ml);
if (ack_end_idx == -1) {
dm->tag.stype = VIO_SUBTYPE_NACK;
} else {
dm->tag.stype = VIO_SUBTYPE_ACK;
dm->end_idx = ack_end_idx;
}
dm->tag.sid = sc->sc_local_sid;
dm->proc_state = VIO_DP_STOPPED;
vnet_sendmsg(sc, dm, sizeof(*dm));
break;
}
case VIO_SUBTYPE_ACK:
{
struct ldc_map *map = sc->sc_lm;
u_int cons, count;
sc->sc_peer_state = dm->proc_state;
cons = sc->sc_tx_cons & (sc->sc_vd->vd_nentries - 1);
while (sc->sc_vd->vd_desc[cons].hdr.dstate == VIO_DESC_DONE) {
map->lm_slot[sc->sc_vsd[cons].vsd_map_idx].entry = 0;
atomic_dec_int(&map->lm_count);
pool_put(&sc->sc_pool, sc->sc_vsd[cons].vsd_buf);
ifp->if_opackets++;
sc->sc_vd->vd_desc[cons].hdr.dstate = VIO_DESC_FREE;
sc->sc_tx_cons++;
cons = sc->sc_tx_cons & (sc->sc_vd->vd_nentries - 1);
}
count = sc->sc_tx_prod - sc->sc_tx_cons;
if (count > 0 && sc->sc_peer_state != VIO_DP_ACTIVE)
vnet_send_dring_data(sc, cons);
KERNEL_LOCK();
if (count < (sc->sc_vd->vd_nentries - 1))
ifp->if_flags &= ~IFF_OACTIVE;
if (count == 0)
ifp->if_timer = 0;
vnet_start(ifp);
KERNEL_UNLOCK();
break;
}
case VIO_SUBTYPE_NACK:
DPRINTF(("DATA/NACK/DRING_DATA\n"));
sc->sc_peer_state = VIO_DP_STOPPED;
break;
default:
DPRINTF(("DATA/0x%02x/DRING_DATA\n", tag->stype));
break;
}
}
/*
* Handle a single exception.
*/
void
itsa(struct trap_frame *trapframe, struct cpu_info *ci, struct proc *p,
int type)
{
int i;
unsigned ucode = 0;
vm_prot_t ftype;
extern vaddr_t onfault_table[];
int onfault;
int typ = 0;
union sigval sv;
struct pcb *pcb;
switch (type) {
case T_TLB_MOD:
/* check for kernel address */
if (trapframe->badvaddr < 0) {
pt_entry_t *pte, entry;
paddr_t pa;
vm_page_t pg;
pte = kvtopte(trapframe->badvaddr);
entry = *pte;
#ifdef DIAGNOSTIC
if (!(entry & PG_V) || (entry & PG_M))
panic("trap: ktlbmod: invalid pte");
#endif
if (pmap_is_page_ro(pmap_kernel(),
trunc_page(trapframe->badvaddr), entry)) {
/* write to read only page in the kernel */
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
goto kernel_fault;
}
entry |= PG_M;
*pte = entry;
KERNEL_LOCK();
pmap_update_kernel_page(trapframe->badvaddr & ~PGOFSET,
entry);
pa = pfn_to_pad(entry);
pg = PHYS_TO_VM_PAGE(pa);
if (pg == NULL)
panic("trap: ktlbmod: unmanaged page");
pmap_set_modify(pg);
KERNEL_UNLOCK();
return;
}
/* FALLTHROUGH */
case T_TLB_MOD+T_USER:
{
pt_entry_t *pte, entry;
paddr_t pa;
vm_page_t pg;
pmap_t pmap = p->p_vmspace->vm_map.pmap;
if (!(pte = pmap_segmap(pmap, trapframe->badvaddr)))
panic("trap: utlbmod: invalid segmap");
pte += uvtopte(trapframe->badvaddr);
entry = *pte;
#ifdef DIAGNOSTIC
if (!(entry & PG_V) || (entry & PG_M))
panic("trap: utlbmod: invalid pte");
#endif
if (pmap_is_page_ro(pmap,
trunc_page(trapframe->badvaddr), entry)) {
/* write to read only page */
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
goto fault_common_no_miss;
}
entry |= PG_M;
*pte = entry;
KERNEL_LOCK();
pmap_update_user_page(pmap, (trapframe->badvaddr & ~PGOFSET),
entry);
pa = pfn_to_pad(entry);
pg = PHYS_TO_VM_PAGE(pa);
if (pg == NULL)
panic("trap: utlbmod: unmanaged page");
pmap_set_modify(pg);
KERNEL_UNLOCK();
return;
}
case T_TLB_LD_MISS:
case T_TLB_ST_MISS:
ftype = (type == T_TLB_ST_MISS) ? VM_PROT_WRITE : VM_PROT_READ;
pcb = &p->p_addr->u_pcb;
/* check for kernel address */
if (trapframe->badvaddr < 0) {
vaddr_t va;
int rv;
kernel_fault:
va = trunc_page((vaddr_t)trapframe->badvaddr);
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = 0;
KERNEL_LOCK();
rv = uvm_fault(kernel_map, trunc_page(va), 0, ftype);
KERNEL_UNLOCK();
pcb->pcb_onfault = onfault;
if (rv == 0)
return;
if (onfault != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
}
/*
* It is an error for the kernel to access user space except
* through the copyin/copyout routines.
*/
if (pcb->pcb_onfault != 0) {
/*
* We want to resolve the TLB fault before invoking
* pcb_onfault if necessary.
*/
goto fault_common;
} else {
goto err;
}
case T_TLB_LD_MISS+T_USER:
ftype = VM_PROT_READ;
pcb = &p->p_addr->u_pcb;
goto fault_common;
case T_TLB_ST_MISS+T_USER:
ftype = VM_PROT_WRITE;
pcb = &p->p_addr->u_pcb;
fault_common:
#ifdef CPU_R4000
if (r4000_errata != 0) {
if (eop_tlb_miss_handler(trapframe, ci, p) != 0)
return;
}
#endif
fault_common_no_miss:
#ifdef CPU_R4000
if (r4000_errata != 0) {
eop_cleanup(trapframe, p);
}
#endif
{
vaddr_t va;
struct vmspace *vm;
vm_map_t map;
int rv;
vm = p->p_vmspace;
map = &vm->vm_map;
va = trunc_page((vaddr_t)trapframe->badvaddr);
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = 0;
KERNEL_LOCK();
rv = uvm_fault(map, va, 0, ftype);
pcb->pcb_onfault = onfault;
/*
* If this was a stack access we keep track of the maximum
* accessed stack size. Also, if vm_fault gets a protection
* failure it is due to accessing the stack region outside
* the current limit and we need to reflect that as an access
* error.
*/
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (rv == 0)
uvm_grow(p, va);
else if (rv == EACCES)
rv = EFAULT;
}
KERNEL_UNLOCK();
if (rv == 0)
return;
if (!USERMODE(trapframe->sr)) {
if (onfault != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
}
ucode = ftype;
i = SIGSEGV;
typ = SEGV_MAPERR;
break;
}
case T_ADDR_ERR_LD+T_USER: /* misaligned or kseg access */
case T_ADDR_ERR_ST+T_USER: /* misaligned or kseg access */
ucode = 0; /* XXX should be VM_PROT_something */
i = SIGBUS;
typ = BUS_ADRALN;
break;
case T_BUS_ERR_IFETCH+T_USER: /* BERR asserted to cpu */
case T_BUS_ERR_LD_ST+T_USER: /* BERR asserted to cpu */
ucode = 0; /* XXX should be VM_PROT_something */
i = SIGBUS;
typ = BUS_OBJERR;
break;
case T_SYSCALL+T_USER:
{
struct trap_frame *locr0 = p->p_md.md_regs;
struct sysent *callp;
unsigned int code;
register_t tpc;
int numsys, error;
struct args {
register_t i[8];
} args;
register_t rval[2];
atomic_add_int(&uvmexp.syscalls, 1);
/* compute next PC after syscall instruction */
tpc = trapframe->pc; /* Remember if restart */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
callp = p->p_p->ps_emul->e_sysent;
numsys = p->p_p->ps_emul->e_nsysent;
code = locr0->v0;
switch (code) {
case SYS_syscall:
case SYS___syscall:
/*
* Code is first argument, followed by actual args.
* __syscall provides the code as a quad to maintain
* proper alignment of 64-bit arguments on 32-bit
* platforms, which doesn't change anything here.
*/
code = locr0->a0;
if (code >= numsys)
callp += p->p_p->ps_emul->e_nosys; /* (illegal) */
else
callp += code;
i = callp->sy_argsize / sizeof(register_t);
args.i[0] = locr0->a1;
args.i[1] = locr0->a2;
args.i[2] = locr0->a3;
if (i > 3) {
args.i[3] = locr0->a4;
args.i[4] = locr0->a5;
args.i[5] = locr0->a6;
args.i[6] = locr0->a7;
if (i > 7)
if ((error = copyin((void *)locr0->sp,
&args.i[7], sizeof(register_t))))
goto bad;
}
break;
default:
if (code >= numsys)
callp += p->p_p->ps_emul->e_nosys; /* (illegal) */
else
callp += code;
i = callp->sy_narg;
args.i[0] = locr0->a0;
args.i[1] = locr0->a1;
args.i[2] = locr0->a2;
args.i[3] = locr0->a3;
if (i > 4) {
args.i[4] = locr0->a4;
args.i[5] = locr0->a5;
args.i[6] = locr0->a6;
args.i[7] = locr0->a7;
}
}
rval[0] = 0;
rval[1] = locr0->v1;
#if defined(DDB) || defined(DEBUG)
trapdebug[TRAPSIZE * ci->ci_cpuid + (trppos[ci->ci_cpuid] == 0 ?
TRAPSIZE : trppos[ci->ci_cpuid]) - 1].code = code;
#endif
error = mi_syscall(p, code, callp, args.i, rval);
switch (error) {
case 0:
locr0->v0 = rval[0];
locr0->v1 = rval[1];
locr0->a3 = 0;
break;
case ERESTART:
locr0->pc = tpc;
break;
case EJUSTRETURN:
break; /* nothing to do */
default:
bad:
locr0->v0 = error;
locr0->a3 = 1;
}
mi_syscall_return(p, code, error, rval);
return;
}
case T_BREAK:
#ifdef DDB
kdb_trap(type, trapframe);
#endif
/* Reenable interrupts if necessary */
if (trapframe->sr & SR_INT_ENAB) {
enableintr();
}
return;
case T_BREAK+T_USER:
{
caddr_t va;
u_int32_t instr;
struct trap_frame *locr0 = p->p_md.md_regs;
/* compute address of break instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
/* read break instruction */
copyin(va, &instr, sizeof(int32_t));
switch ((instr & BREAK_VAL_MASK) >> BREAK_VAL_SHIFT) {
case 6: /* gcc range error */
i = SIGFPE;
typ = FPE_FLTSUB;
/* skip instruction */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
break;
case 7: /* gcc3 divide by zero */
i = SIGFPE;
typ = FPE_INTDIV;
/* skip instruction */
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
break;
#ifdef PTRACE
case BREAK_SSTEP_VAL:
if (p->p_md.md_ss_addr == (long)va) {
#ifdef DEBUG
printf("trap: %s (%d): breakpoint at %p "
"(insn %08x)\n",
p->p_comm, p->p_pid,
(void *)p->p_md.md_ss_addr,
p->p_md.md_ss_instr);
#endif
/* Restore original instruction and clear BP */
process_sstep(p, 0);
typ = TRAP_BRKPT;
} else {
typ = TRAP_TRACE;
}
i = SIGTRAP;
break;
#endif
#ifdef FPUEMUL
case BREAK_FPUEMUL_VAL:
/*
* If this is a genuine FP emulation break,
* resume execution to our branch destination.
*/
if ((p->p_md.md_flags & MDP_FPUSED) != 0 &&
p->p_md.md_fppgva + 4 == (vaddr_t)va) {
struct vm_map *map = &p->p_vmspace->vm_map;
p->p_md.md_flags &= ~MDP_FPUSED;
locr0->pc = p->p_md.md_fpbranchva;
/*
* Prevent access to the relocation page.
* XXX needs to be fixed to work with rthreads
*/
uvm_fault_unwire(map, p->p_md.md_fppgva,
p->p_md.md_fppgva + PAGE_SIZE);
(void)uvm_map_protect(map, p->p_md.md_fppgva,
p->p_md.md_fppgva + PAGE_SIZE,
UVM_PROT_NONE, FALSE);
return;
}
/* FALLTHROUGH */
#endif
default:
typ = TRAP_TRACE;
i = SIGTRAP;
break;
}
break;
}
case T_IWATCH+T_USER:
case T_DWATCH+T_USER:
{
caddr_t va;
/* compute address of trapped instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
printf("watch exception @ %p\n", va);
#ifdef RM7K_PERFCNTR
if (rm7k_watchintr(trapframe)) {
/* Return to user, don't add any more overhead */
return;
}
#endif
i = SIGTRAP;
typ = TRAP_BRKPT;
break;
}
case T_TRAP+T_USER:
{
caddr_t va;
u_int32_t instr;
struct trap_frame *locr0 = p->p_md.md_regs;
/* compute address of trap instruction */
va = (caddr_t)trapframe->pc;
if (trapframe->cause & CR_BR_DELAY)
va += 4;
/* read break instruction */
copyin(va, &instr, sizeof(int32_t));
if (trapframe->cause & CR_BR_DELAY)
locr0->pc = MipsEmulateBranch(locr0,
trapframe->pc, 0, 0);
else
locr0->pc += 4;
#ifdef RM7K_PERFCNTR
if (instr == 0x040c0000) { /* Performance cntr trap */
int result;
result = rm7k_perfcntr(trapframe->a0, trapframe->a1,
trapframe->a2, trapframe->a3);
locr0->v0 = -result;
/* Return to user, don't add any more overhead */
return;
} else
#endif
/*
* GCC 4 uses teq with code 7 to signal divide by
* zero at runtime. This is one instruction shorter
* than the BEQ + BREAK combination used by gcc 3.
*/
if ((instr & 0xfc00003f) == 0x00000034 /* teq */ &&
(instr & 0x001fffc0) == ((ZERO << 16) | (7 << 6))) {
i = SIGFPE;
typ = FPE_INTDIV;
} else {
i = SIGEMT; /* Stuff it with something for now */
typ = 0;
}
break;
}
case T_RES_INST+T_USER:
i = SIGILL;
typ = ILL_ILLOPC;
break;
case T_COP_UNUSABLE+T_USER:
/*
* Note MIPS IV COP1X instructions issued with FPU
* disabled correctly report coprocessor 1 as the
* unusable coprocessor number.
*/
if ((trapframe->cause & CR_COP_ERR) != CR_COP1_ERR) {
i = SIGILL; /* only FPU instructions allowed */
typ = ILL_ILLOPC;
break;
}
#ifdef FPUEMUL
MipsFPTrap(trapframe);
#else
enable_fpu(p);
#endif
return;
case T_FPE:
printf("FPU Trap: PC %lx CR %lx SR %lx\n",
trapframe->pc, trapframe->cause, trapframe->sr);
goto err;
case T_FPE+T_USER:
MipsFPTrap(trapframe);
return;
case T_OVFLOW+T_USER:
i = SIGFPE;
typ = FPE_FLTOVF;
break;
case T_ADDR_ERR_LD: /* misaligned access */
case T_ADDR_ERR_ST: /* misaligned access */
case T_BUS_ERR_LD_ST: /* BERR asserted to cpu */
pcb = &p->p_addr->u_pcb;
if ((onfault = pcb->pcb_onfault) != 0) {
pcb->pcb_onfault = 0;
trapframe->pc = onfault_table[onfault];
return;
}
goto err;
default:
err:
disableintr();
#if !defined(DDB) && defined(DEBUG)
trapDump("trap", printf);
#endif
printf("\nTrap cause = %d Frame %p\n", type, trapframe);
printf("Trap PC %p RA %p fault %p\n",
(void *)trapframe->pc, (void *)trapframe->ra,
(void *)trapframe->badvaddr);
#ifdef DDB
stacktrace(!USERMODE(trapframe->sr) ? trapframe : p->p_md.md_regs);
kdb_trap(type, trapframe);
#endif
panic("trap");
}
#ifdef FPUEMUL
/*
* If a relocated delay slot causes an exception, blame the
* original delay slot address - userland is not supposed to
* know anything about emulation bowels.
*/
if ((p->p_md.md_flags & MDP_FPUSED) != 0 &&
trapframe->badvaddr == p->p_md.md_fppgva)
trapframe->badvaddr = p->p_md.md_fpslotva;
#endif
p->p_md.md_regs->pc = trapframe->pc;
p->p_md.md_regs->cause = trapframe->cause;
p->p_md.md_regs->badvaddr = trapframe->badvaddr;
sv.sival_ptr = (void *)trapframe->badvaddr;
KERNEL_LOCK();
trapsignal(p, i, ucode, typ, sv);
KERNEL_UNLOCK();
}
void
vdsp_write_dring(void *arg1, void *arg2)
{
struct vdsp_softc *sc = arg1;
struct ldc_conn *lc = &sc->sc_lc;
struct vd_desc *vd = arg2;
struct proc *p = curproc;
struct iovec iov;
struct uio uio;
caddr_t buf;
vaddr_t va;
paddr_t pa;
uint64_t size, off;
psize_t nbytes;
int err, i;
if (sc->sc_vp == NULL)
return;
buf = malloc(vd->size, M_DEVBUF, M_WAITOK);
KERNEL_UNLOCK();
i = 0;
va = (vaddr_t)buf;
size = vd->size;
off = 0;
while (size > 0 && i < vd->ncookies) {
pmap_extract(pmap_kernel(), va, &pa);
nbytes = MIN(size, vd->cookie[i].size - off);
nbytes = MIN(nbytes, PAGE_SIZE - (off & PAGE_MASK));
err = hv_ldc_copy(lc->lc_id, LDC_COPY_IN,
vd->cookie[i].addr + off, pa, nbytes, &nbytes);
if (err != H_EOK) {
printf("%s: hv_ldc_copy: %d\n", __func__, err);
vd->status = EIO;
KERNEL_LOCK();
goto fail;
}
va += nbytes;
size -= nbytes;
off += nbytes;
if (off >= vd->cookie[i].size) {
off = 0;
i++;
}
}
KERNEL_LOCK();
iov.iov_base = buf;
iov.iov_len = vd->size;
uio.uio_iov = &iov;
uio.uio_iovcnt = 1;
uio.uio_offset = vd->offset * DEV_BSIZE;
uio.uio_resid = vd->size;
uio.uio_segflg = UIO_SYSSPACE;
uio.uio_rw = UIO_WRITE;
uio.uio_procp = p;
vn_lock(sc->sc_vp, LK_EXCLUSIVE | LK_RETRY, p);
vd->status = VOP_WRITE(sc->sc_vp, &uio, 0, p->p_ucred);
VOP_UNLOCK(sc->sc_vp, 0, p);
fail:
free(buf, M_DEVBUF, 0);
/* ACK the descriptor. */
vd->hdr.dstate = VIO_DESC_DONE;
vdsp_ack_desc(sc, vd);
}
/* Instruction pointers operate differently on mc88110 */
void
m88110_syscall(register_t code, struct trapframe *tf)
{
int i, nsys, nap;
struct sysent *callp;
struct proc *p = curproc;
int error;
register_t args[8], rval[2], *ap;
int nolock;
uvmexp.syscalls++;
callp = p->p_emul->e_sysent;
nsys = p->p_emul->e_nsysent;
p->p_md.md_tf = tf;
/*
* For 88k, all the arguments are passed in the registers (r2-r9),
* and further arguments (if any) on stack.
* For syscall (and __syscall), r2 (and r3) has the actual code.
* __syscall takes a quad syscall number, so that other
* arguments are at their natural alignments.
*/
ap = &tf->tf_r[2];
nap = 8; /* r2-r9 */
switch (code) {
case SYS_syscall:
code = *ap++;
nap--;
break;
case SYS___syscall:
if (callp != sysent)
break;
code = ap[_QUAD_LOWWORD];
ap += 2;
nap -= 2;
break;
}
if (code < 0 || code >= nsys)
callp += p->p_emul->e_nosys;
else
callp += code;
i = callp->sy_argsize / sizeof(register_t);
if (i > sizeof(args) / sizeof(register_t))
panic("syscall nargs");
if (i > nap) {
bcopy((caddr_t)ap, (caddr_t)args, nap * sizeof(register_t));
error = copyin((caddr_t)tf->tf_r[31], (caddr_t)(args + nap),
(i - nap) * sizeof(register_t));
} else {
bcopy((caddr_t)ap, (caddr_t)args, i * sizeof(register_t));
error = 0;
}
if (error != 0)
goto bad;
#ifdef SYSCALL_DEBUG
KERNEL_LOCK();
scdebug_call(p, code, args);
KERNEL_UNLOCK();
#endif
#ifdef KTRACE
if (KTRPOINT(p, KTR_SYSCALL)) {
KERNEL_LOCK();
ktrsyscall(p, code, callp->sy_argsize, args);
KERNEL_UNLOCK();
}
#endif
rval[0] = 0;
rval[1] = tf->tf_r[3];
#if NSYSTRACE > 0
if (ISSET(p->p_flag, P_SYSTRACE)) {
KERNEL_LOCK();
error = systrace_redirect(code, p, args, rval);
KERNEL_UNLOCK();
} else
#endif
{
nolock = (callp->sy_flags & SY_NOLOCK);
if (!nolock)
KERNEL_LOCK();
error = (*callp->sy_call)(p, args, rval);
if (!nolock)
KERNEL_UNLOCK();
}
/*
* system call will look like:
* or r13, r0, <code>
* tb0 0, r0, <128> <- exip
* br err <- enip
* jmp r1
* err: or.u r3, r0, hi16(errno)
* st r2, r3, lo16(errno)
* subu r2, r0, 1
* jmp r1
*
* So, when we take syscall trap, exip/enip will be as
* shown above.
* Given this,
* 1. If the system call returned 0, need to jmp r1.
* exip += 8
* 2. If the system call returned an errno > 0, increment
* exip += 4 and plug the value in r2. This will have us
* executing "br err" on return to user space.
* 3. If the system call code returned ERESTART,
* we need to rexecute the trap instruction. leave exip as is.
* 4. If the system call returned EJUSTRETURN, just return.
* exip += 4
*/
switch (error) {
case 0:
tf->tf_r[2] = rval[0];
tf->tf_r[3] = rval[1];
tf->tf_epsr &= ~PSR_C;
/* skip two instructions */
m88110_skip_insn(tf);
m88110_skip_insn(tf);
break;
case ERESTART:
/*
* Reexecute the trap.
* exip is already at the trap instruction, so
* there is nothing to do.
*/
tf->tf_epsr &= ~PSR_C;
break;
case EJUSTRETURN:
tf->tf_epsr &= ~PSR_C;
/* skip one instruction */
m88110_skip_insn(tf);
break;
default:
bad:
if (p->p_emul->e_errno)
error = p->p_emul->e_errno[error];
tf->tf_r[2] = error;
tf->tf_epsr |= PSR_C; /* fail */
/* skip one instruction */
m88110_skip_insn(tf);
break;
}
#ifdef SYSCALL_DEBUG
KERNEL_LOCK();
scdebug_ret(p, code, error, rval);
KERNEL_UNLOCK();
#endif
userret(p);
#ifdef KTRACE
if (KTRPOINT(p, KTR_SYSRET)) {
KERNEL_LOCK();
ktrsysret(p, code, error, rval[0]);
KERNEL_UNLOCK();
}
#endif
}
void
m88110_trap(u_int type, struct trapframe *frame)
{
struct proc *p;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type;
u_long fault_code;
vaddr_t fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
u_int psr;
#endif
int sig = 0;
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
fault_type = SI_NOINFO;
fault_code = 0;
fault_addr = frame->tf_exip & XIP_ADDR;
/*
* 88110 errata #16 (4.2) or #3 (5.1.1):
* ``bsr, br, bcnd, jsr and jmp instructions with the .n extension
* can cause the enip value to be incremented by 4 incorrectly
* if the instruction in the delay slot is the first word of a
* page which misses in the mmu and results in a hardware
* tablewalk which encounters an exception or an invalid
* descriptor. The exip value in this case will point to the
* first word of the page, and the D bit will be set.
*
* Note: if the instruction is a jsr.n r1, r1 will be overwritten
* with erroneous data. Therefore, no recovery is possible. Do
* not allow this instruction to occupy the last word of a page.
*
* Suggested fix: recover in general by backing up the exip by 4
* and clearing the delay bit before an rte when the lower 3 hex
* digits of the exip are 001.''
*/
if ((frame->tf_exip & PAGE_MASK) == 0x00000001 && type == T_INSTFLT) {
u_int instr;
/*
* Note that we have initialized fault_addr above, so that
* signals provide the correct address if necessary.
*/
frame->tf_exip = (frame->tf_exip & ~1) - 4;
/*
* Check the instruction at the (backed up) exip.
* If it is a jsr.n, abort.
*/
if (!USERMODE(frame->tf_epsr)) {
instr = *(u_int *)fault_addr;
if (instr == 0xf400cc01)
panic("mc88110 errata #16, exip %p enip %p",
(frame->tf_exip + 4) | 1, frame->tf_enip);
} else {
/* copyin here should not fail */
if (copyin((const void *)frame->tf_exip, &instr,
sizeof instr) == 0 &&
instr == 0xf400cc01) {
uprintf("mc88110 errata #16, exip %p enip %p",
(frame->tf_exip + 4) | 1, frame->tf_enip);
sig = SIGILL;
}
}
}
if (USERMODE(frame->tf_epsr)) {
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
if (sig != 0)
goto deliver;
switch (type) {
default:
lose:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#ifdef DEBUG
case T_110_DRM+T_USER:
case T_110_DRM:
printf("DMMU read miss: Hardware Table Searches should be enabled!\n");
goto lose;
case T_110_DWM+T_USER:
case T_110_DWM:
printf("DMMU write miss: Hardware Table Searches should be enabled!\n");
goto lose;
case T_110_IAM+T_USER:
case T_110_IAM:
printf("IMMU miss: Hardware Table Searches should be enabled!\n");
goto lose;
#endif
#ifdef DDB
case T_KDB_TRACE:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_TRACE, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_BREAK:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
set_psr(psr);
/* skip trap instruction */
m88110_skip_insn(frame);
splx(s);
return;
#endif /* DDB */
case T_ILLFLT:
/*
* The 88110 seems to trigger an instruction fault in
* supervisor mode when running the following sequence:
*
* bcnd.n cond, reg, 1f
* arithmetic insn
* ...
* the same exact arithmetic insn
* 1: another arithmetic insn stalled by the previous one
* ...
*
* The exception is reported with exip pointing to the
* branch address. I don't know, at this point, if there
* is any better workaround than the aggressive one
* implemented below; I don't see how this could relate to
* any of the 88110 errata (although it might be related to
* branch prediction).
*
* For the record, the exact sequence triggering the
* spurious exception is:
*
* bcnd.n eq0, r2, 1f
* or r25, r0, r22
* bsr somewhere
* or r25, r0, r22
* 1: cmp r13, r25, r20
*
* within the same cache line.
*
* Simply ignoring the exception and returning does not
* cause the exception to disappear. Clearing the
* instruction cache works, but on 88110+88410 systems,
* the 88410 needs to be invalidated as well. (note that
* the size passed to the flush routines does not matter
* since there is no way to flush a subset of the 88110
* I$ anyway)
*/
{
extern void *kernel_text, *etext;
if (fault_addr >= (vaddr_t)&kernel_text &&
fault_addr < (vaddr_t)&etext) {
cmmu_icache_inv(curcpu()->ci_cpuid,
trunc_page(fault_addr), PAGE_SIZE);
cmmu_cache_wbinv(curcpu()->ci_cpuid,
trunc_page(fault_addr), PAGE_SIZE);
return;
}
}
goto lose;
case T_MISALGNFLT:
printf("kernel misaligned access exception @%p\n",
frame->tf_exip);
goto lose;
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
printf("Kernel Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
goto lose;
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dsr & CMMU_DSR_SU) == 0) {
KERNEL_LOCK();
goto m88110_user_fault;
}
#ifdef TRAPDEBUG
printf("Kernel Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
va = trunc_page((vaddr_t)fault_addr);
KERNEL_LOCK();
vm = p->p_vmspace;
map = kernel_map;
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/*
* On a segment or a page fault, call uvm_fault() to
* resolve the fault.
*/
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
/*
* This could be a fault caused in copyout*()
* while accessing kernel space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result == 0) {
KERNEL_UNLOCK();
return;
}
}
KERNEL_UNLOCK();
goto lose;
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
KERNEL_LOCK();
m88110_user_fault:
if (type == T_INSTFLT+T_USER) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
#ifdef TRAPDEBUG
printf("User Instruction fault exip %x isr %x ilar %x\n",
frame->tf_exip, frame->tf_isr, frame->tf_ilar);
#endif
} else {
fault_addr = frame->tf_dlar;
if (frame->tf_dsr & CMMU_DSR_RW) {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
} else {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
}
#ifdef TRAPDEBUG
printf("User Data access fault exip %x dsr %x dlar %x\n",
frame->tf_exip, frame->tf_dsr, frame->tf_dlar);
#endif
}
va = trunc_page((vaddr_t)fault_addr);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/*
* Call uvm_fault() to resolve non-bus error faults
* whenever possible.
*/
if (type == T_INSTFLT+T_USER) {
/* instruction faults */
if (frame->tf_isr &
(CMMU_ISR_BE | CMMU_ISR_SP | CMMU_ISR_TBE)) {
/* bus error, supervisor protection */
result = EACCES;
} else
if (frame->tf_isr & (CMMU_ISR_SI | CMMU_ISR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
} else {
#ifdef TRAPDEBUG
printf("Unexpected Instruction fault isr %x\n",
frame->tf_isr);
#endif
KERNEL_UNLOCK();
goto lose;
}
} else {
/* data faults */
if (frame->tf_dsr & CMMU_DSR_BE) {
/* bus error */
result = EACCES;
} else
if (frame->tf_dsr & (CMMU_DSR_SI | CMMU_DSR_PI)) {
/* segment or page fault */
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
} else
if (frame->tf_dsr & (CMMU_DSR_CP | CMMU_DSR_WA)) {
/* copyback or write allocate error */
result = EACCES;
} else
if (frame->tf_dsr & CMMU_DSR_WE) {
/* write fault */
/* This could be a write protection fault or an
* exception to set the used and modified bits
* in the pte. Basically, if we got a write
* error, then we already have a pte entry that
* faulted in from a previous seg fault or page
* fault.
* Get the pte and check the status of the
* modified and valid bits to determine if this
* indeed a real write fault. XXX smurph
*/
if (pmap_set_modify(map->pmap, va)) {
#ifdef TRAPDEBUG
printf("Corrected userland write fault, pmap %p va %p\n",
map->pmap, va);
#endif
result = 0;
} else {
/* must be a real wp fault */
#ifdef TRAPDEBUG
printf("Uncorrected userland write fault, pmap %p va %p\n",
map->pmap, va);
#endif
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
}
} else {
#ifdef TRAPDEBUG
printf("Unexpected Data access fault dsr %x\n",
frame->tf_dsr);
#endif
KERNEL_UNLOCK();
goto lose;
}
}
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0)
uvm_grow(p, va);
else if (result == EACCES)
result = EFAULT;
}
KERNEL_UNLOCK();
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_exip = pcb_onfault;
/*
* Continue as if the fault had been resolved.
*/
result = 0;
}
if (result != 0) {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
if (sig == 0) {
/* skip recovered instruction */
m88110_skip_insn(frame);
goto userexit;
}
break;
case T_PRIVINFLT+T_USER:
fault_type = ILL_PRVREG;
/* FALLTHROUGH */
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
case T_KDB_TRACE:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
/* skip trap instruction */
m88110_skip_insn(frame);
break;
case T_FPEPFLT+T_USER:
m88110_fpu_exception(frame);
goto userexit;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
u_int instr;
vaddr_t pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(u_int));
/* check and see if we got here by accident */
if ((p->p_md.md_bp0va != pc &&
p->p_md.md_bp1va != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear breakpoint */
if (p->p_md.md_bp0va == pc) {
ss_put_value(p, pc, p->p_md.md_bp0save);
p->p_md.md_bp0va = 0;
}
if (p->p_md.md_bp1va == pc) {
ss_put_value(p, pc, p->p_md.md_bp1save);
p->p_md.md_bp1va = 0;
}
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
deliver:
sv.sival_ptr = (void *)fault_addr;
KERNEL_LOCK();
trapsignal(p, sig, fault_code, fault_type, sv);
KERNEL_UNLOCK();
}
userexit:
userret(p);
}
/*
* Handle a TLB miss exception for a page marked as able to trigger the
* end-of-page errata.
* Returns nonzero if the exception has been completely serviced, and no
* further processing in the trap handler is necessary.
*/
int
eop_tlb_miss_handler(struct trap_frame *trapframe, struct cpu_info *ci,
struct proc *p)
{
struct pcb *pcb;
vaddr_t va, faultva;
struct vmspace *vm;
vm_map_t map;
pmap_t pmap;
pt_entry_t *pte, entry;
int onfault;
u_long asid;
uint i, npairs;
int64_t tlbidx;
/*
* Check for a valid pte with the `special' bit set (PG_SP)
* in order to apply the end-of-page errata workaround.
*/
vm = p->p_vmspace;
map = &vm->vm_map;
faultva = trunc_page((vaddr_t)trapframe->badvaddr);
pmap = map->pmap;
pte = pmap_segmap(pmap, faultva);
if (pte == NULL)
return 0;
pte += uvtopte(faultva);
entry = *pte;
if ((entry & PG_SP) == 0)
return 0;
pcb = &p->p_addr->u_pcb;
asid = pmap->pm_asid[ci->ci_cpuid].pma_asid << PG_ASID_SHIFT;
/*
* For now, only allow one EOP vulnerable page to get a wired TLB
* entry. We will aggressively attempt to recycle the wired TLB
* entries created for that purpose, as soon as we are no longer
* needing the EOP page resident in the TLB.
*/
/*
* Figure out how many pages to wire in the TLB.
*/
if ((faultva & PG_ODDPG) != 0) {
/* odd page: need two pairs */
npairs = 2;
} else {
/* even page: only need one pair */
npairs = 1;
}
/*
* Fault-in the next page.
*/
va = faultva + PAGE_SIZE;
pte = pmap_segmap(pmap, va);
if (pte != NULL)
pte += uvtopte(va);
if (pte == NULL || (*pte & PG_V) == 0) {
onfault = pcb->pcb_onfault;
pcb->pcb_onfault = 0;
KERNEL_LOCK();
(void)uvm_fault(map, va, 0, PROT_READ | PROT_EXEC);
KERNEL_UNLOCK();
pcb->pcb_onfault = onfault;
}
/*
* Clear possible TLB entries for the pages we're about to wire.
*/
for (i = npairs, va = faultva & PG_HVPN; i != 0;
i--, va += 2 * PAGE_SIZE) {
tlbidx = tlb_probe(va | asid);
if (tlbidx >= 0)
tlb_update_indexed(CKSEG0_BASE, PG_NV, PG_NV, tlbidx);
}
/*
* Reserve the extra wired TLB, and fill them with the existing ptes.
*/
tlb_set_wired((UPAGES / 2) + npairs);
for (i = 0, va = faultva & PG_HVPN; i != npairs;
i++, va += 2 * PAGE_SIZE) {
pte = pmap_segmap(pmap, va);
if (pte == NULL)
tlb_update_indexed(va | asid,
PG_NV, PG_NV, (UPAGES / 2) + i);
else {
pte += uvtopte(va);
tlb_update_indexed(va | asid,
pte[0], pte[1], (UPAGES / 2) + i);
}
}
/*
* Save the base address of the EOP vulnerable page, to be able to
* figure out when the wired entry is no longer necessary.
*/
pcb->pcb_nwired = npairs;
pcb->pcb_wiredva = faultva & PG_HVPN;
pcb->pcb_wiredpc = faultva;
return 1;
}
void
m88100_trap(unsigned type, struct trapframe *frame)
{
struct proc *p;
struct vm_map *map;
vaddr_t va, pcb_onfault;
vm_prot_t ftype;
int fault_type, pbus_type;
u_long fault_code;
unsigned fault_addr;
struct vmspace *vm;
union sigval sv;
int result;
#ifdef DDB
int s;
u_int psr;
#endif
int sig = 0;
extern struct vm_map *kernel_map;
uvmexp.traps++;
if ((p = curproc) == NULL)
p = &proc0;
if (USERMODE(frame->tf_epsr)) {
type += T_USER;
p->p_md.md_tf = frame; /* for ptrace/signals */
}
fault_type = 0;
fault_code = 0;
fault_addr = frame->tf_sxip & XIP_ADDR;
switch (type) {
default:
panictrap(frame->tf_vector, frame);
break;
/*NOTREACHED*/
#if defined(DDB)
case T_KDB_BREAK:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_break_trap(T_KDB_BREAK, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
case T_KDB_ENTRY:
s = splhigh();
set_psr((psr = get_psr()) & ~PSR_IND);
ddb_entry_trap(T_KDB_ENTRY, (db_regs_t*)frame);
set_psr(psr);
splx(s);
return;
#endif /* DDB */
case T_ILLFLT:
printf("Unimplemented opcode!\n");
panictrap(frame->tf_vector, frame);
break;
case T_INT:
case T_INT+T_USER:
curcpu()->ci_intrdepth++;
md_interrupt_func(T_INT, frame);
curcpu()->ci_intrdepth--;
return;
case T_MISALGNFLT:
printf("kernel misaligned access exception @ 0x%08x\n",
frame->tf_sxip);
panictrap(frame->tf_vector, frame);
break;
case T_INSTFLT:
/* kernel mode instruction access fault.
* Should never, never happen for a non-paged kernel.
*/
#ifdef TRAPDEBUG
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
printf("Kernel Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
panictrap(frame->tf_vector, frame);
break;
case T_DATAFLT:
/* kernel mode data fault */
/* data fault on the user address? */
if ((frame->tf_dmt0 & DMT_DAS) == 0) {
type = T_DATAFLT + T_USER;
goto user_fault;
}
fault_addr = frame->tf_dma0;
if (frame->tf_dmt0 & (DMT_WRITE|DMT_LOCKBAR)) {
ftype = VM_PROT_READ|VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
if (va == 0) {
panic("trap: bad kernel access at %x", fault_addr);
}
KERNEL_LOCK(LK_CANRECURSE | LK_EXCLUSIVE);
vm = p->p_vmspace;
map = kernel_map;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("Kernel Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
switch (pbus_type) {
case CMMU_PFSR_SUCCESS:
/*
* The fault was resolved. Call data_access_emulation
* to drain the data unit pipe line and reset dmt0
* so that trap won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
KERNEL_UNLOCK();
return;
case CMMU_PFSR_SFAULT:
case CMMU_PFSR_PFAULT:
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if (result == 0) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data
* unit pipe line and reset dmt0 so that trap
* won't get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
KERNEL_UNLOCK();
return;
}
break;
}
#ifdef TRAPDEBUG
printf("PBUS Fault %d (%s) va = 0x%x\n", pbus_type,
pbus_exception_type[pbus_type], va);
#endif
KERNEL_UNLOCK();
panictrap(frame->tf_vector, frame);
/* NOTREACHED */
case T_INSTFLT+T_USER:
/* User mode instruction access fault */
/* FALLTHROUGH */
case T_DATAFLT+T_USER:
user_fault:
if (type == T_INSTFLT + T_USER) {
pbus_type = CMMU_PFSR_FAULT(frame->tf_ipfsr);
#ifdef TRAPDEBUG
printf("User Instruction fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
} else {
fault_addr = frame->tf_dma0;
pbus_type = CMMU_PFSR_FAULT(frame->tf_dpfsr);
#ifdef TRAPDEBUG
printf("User Data access fault #%d (%s) v = 0x%x, frame 0x%x cpu %p\n",
pbus_type, pbus_exception_type[pbus_type],
fault_addr, frame, frame->tf_cpu);
#endif
}
if (frame->tf_dmt0 & (DMT_WRITE | DMT_LOCKBAR)) {
ftype = VM_PROT_READ | VM_PROT_WRITE;
fault_code = VM_PROT_WRITE;
} else {
ftype = VM_PROT_READ;
fault_code = VM_PROT_READ;
}
va = trunc_page((vaddr_t)fault_addr);
KERNEL_PROC_LOCK(p);
vm = p->p_vmspace;
map = &vm->vm_map;
if ((pcb_onfault = p->p_addr->u_pcb.pcb_onfault) != 0)
p->p_addr->u_pcb.pcb_onfault = 0;
/* Call uvm_fault() to resolve non-bus error faults */
switch (pbus_type) {
case CMMU_PFSR_SUCCESS:
result = 0;
break;
case CMMU_PFSR_BERROR:
result = EACCES;
break;
default:
result = uvm_fault(map, va, VM_FAULT_INVALID, ftype);
break;
}
p->p_addr->u_pcb.pcb_onfault = pcb_onfault;
if ((caddr_t)va >= vm->vm_maxsaddr) {
if (result == 0)
uvm_grow(p, va);
else if (result == EACCES)
result = EFAULT;
}
KERNEL_PROC_UNLOCK(p);
/*
* This could be a fault caused in copyin*()
* while accessing user space.
*/
if (result != 0 && pcb_onfault != 0) {
frame->tf_snip = pcb_onfault | NIP_V;
frame->tf_sfip = (pcb_onfault + 4) | FIP_V;
frame->tf_sxip = 0;
/*
* Continue as if the fault had been resolved, but
* do not try to complete the faulting access.
*/
frame->tf_dmt0 |= DMT_SKIP;
result = 0;
}
if (result == 0) {
if (type == T_DATAFLT+T_USER) {
/*
* We could resolve the fault. Call
* data_access_emulation to drain the data unit
* pipe line and reset dmt0 so that trap won't
* get called again.
*/
data_access_emulation((unsigned *)frame);
frame->tf_dpfsr = 0;
frame->tf_dmt0 = 0;
} else {
/*
* back up SXIP, SNIP,
* clearing the Error bit
*/
frame->tf_sfip = frame->tf_snip & ~FIP_E;
frame->tf_snip = frame->tf_sxip & ~NIP_E;
frame->tf_ipfsr = 0;
}
} else {
sig = result == EACCES ? SIGBUS : SIGSEGV;
fault_type = result == EACCES ?
BUS_ADRERR : SEGV_MAPERR;
}
break;
case T_MISALGNFLT+T_USER:
/* Fix any misaligned ld.d or st.d instructions */
sig = double_reg_fixup(frame);
fault_type = BUS_ADRALN;
break;
case T_PRIVINFLT+T_USER:
case T_ILLFLT+T_USER:
#ifndef DDB
case T_KDB_BREAK:
case T_KDB_ENTRY:
#endif
case T_KDB_BREAK+T_USER:
case T_KDB_ENTRY+T_USER:
case T_KDB_TRACE:
case T_KDB_TRACE+T_USER:
sig = SIGILL;
break;
case T_BNDFLT+T_USER:
sig = SIGFPE;
break;
case T_ZERODIV+T_USER:
sig = SIGFPE;
fault_type = FPE_INTDIV;
break;
case T_OVFFLT+T_USER:
sig = SIGFPE;
fault_type = FPE_INTOVF;
break;
case T_FPEPFLT+T_USER:
sig = SIGFPE;
break;
case T_SIGSYS+T_USER:
sig = SIGSYS;
break;
case T_STEPBPT+T_USER:
#ifdef PTRACE
/*
* This trap is used by the kernel to support single-step
* debugging (although any user could generate this trap
* which should probably be handled differently). When a
* process is continued by a debugger with the PT_STEP
* function of ptrace (single step), the kernel inserts
* one or two breakpoints in the user process so that only
* one instruction (or two in the case of a delayed branch)
* is executed. When this breakpoint is hit, we get the
* T_STEPBPT trap.
*/
{
u_int instr;
vaddr_t pc = PC_REGS(&frame->tf_regs);
/* read break instruction */
copyin((caddr_t)pc, &instr, sizeof(u_int));
/* check and see if we got here by accident */
if ((p->p_md.md_bp0va != pc &&
p->p_md.md_bp1va != pc) ||
instr != SSBREAKPOINT) {
sig = SIGTRAP;
fault_type = TRAP_TRACE;
break;
}
/* restore original instruction and clear breakpoint */
if (p->p_md.md_bp0va == pc) {
ss_put_value(p, pc, p->p_md.md_bp0save);
p->p_md.md_bp0va = 0;
}
if (p->p_md.md_bp1va == pc) {
ss_put_value(p, pc, p->p_md.md_bp1save);
p->p_md.md_bp1va = 0;
}
#if 1
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = pc | NIP_V;
#endif
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
}
#else
sig = SIGTRAP;
fault_type = TRAP_TRACE;
#endif
break;
case T_USERBPT+T_USER:
/*
* This trap is meant to be used by debuggers to implement
* breakpoint debugging. When we get this trap, we just
* return a signal which gets caught by the debugger.
*/
frame->tf_sfip = frame->tf_snip;
frame->tf_snip = frame->tf_sxip;
sig = SIGTRAP;
fault_type = TRAP_BRKPT;
break;
case T_ASTFLT+T_USER:
uvmexp.softs++;
p->p_md.md_astpending = 0;
if (p->p_flag & P_OWEUPC) {
KERNEL_PROC_LOCK(p);
ADDUPROF(p);
KERNEL_PROC_UNLOCK(p);
}
if (curcpu()->ci_want_resched)
preempt(NULL);
break;
}
/*
* If trap from supervisor mode, just return
*/
if (type < T_USER)
return;
if (sig) {
sv.sival_int = fault_addr;
KERNEL_PROC_LOCK(p);
trapsignal(p, sig, fault_code, fault_type, sv);
KERNEL_PROC_UNLOCK(p);
/*
* don't want multiple faults - we are going to
* deliver signal.
*/
frame->tf_dmt0 = 0;
frame->tf_ipfsr = frame->tf_dpfsr = 0;
}
userret(p);
}
