Adrian Bunk | 88278ca | 2008-05-19 16:53:02 -0700 | [diff] [blame] | 1 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 2 | * wof.S: Sparc window overflow handler. |
| 3 | * |
| 4 | * Copyright (C) 1995 David S. Miller (davem@caip.rutgers.edu) |
| 5 | */ |
| 6 | |
| 7 | #include <asm/contregs.h> |
| 8 | #include <asm/page.h> |
| 9 | #include <asm/ptrace.h> |
| 10 | #include <asm/psr.h> |
| 11 | #include <asm/smp.h> |
| 12 | #include <asm/asi.h> |
| 13 | #include <asm/winmacro.h> |
| 14 | #include <asm/asmmacro.h> |
| 15 | #include <asm/thread_info.h> |
| 16 | |
| 17 | /* WARNING: This routine is hairy and _very_ complicated, but it |
| 18 | * must be as fast as possible as it handles the allocation |
| 19 | * of register windows to the user and kernel. If you touch |
| 20 | * this code be _very_ careful as many other pieces of the |
| 21 | * kernel depend upon how this code behaves. You have been |
| 22 | * duly warned... |
| 23 | */ |
| 24 | |
| 25 | /* We define macro's for registers which have a fixed |
| 26 | * meaning throughout this entire routine. The 'T' in |
| 27 | * the comments mean that the register can only be |
| 28 | * accessed when in the 'trap' window, 'G' means |
| 29 | * accessible in any window. Do not change these registers |
| 30 | * after they have been set, until you are ready to return |
| 31 | * from the trap. |
| 32 | */ |
| 33 | #define t_psr l0 /* %psr at trap time T */ |
| 34 | #define t_pc l1 /* PC for trap return T */ |
| 35 | #define t_npc l2 /* NPC for trap return T */ |
| 36 | #define t_wim l3 /* %wim at trap time T */ |
| 37 | #define saved_g5 l5 /* Global save register T */ |
| 38 | #define saved_g6 l6 /* Global save register T */ |
| 39 | #define curptr g6 /* Gets set to 'current' then stays G */ |
| 40 | |
| 41 | /* Now registers whose values can change within the handler. */ |
| 42 | #define twin_tmp l4 /* Temp reg, only usable in trap window T */ |
| 43 | #define glob_tmp g5 /* Global temporary reg, usable anywhere G */ |
| 44 | |
| 45 | .text |
| 46 | .align 4 |
| 47 | /* BEGINNING OF PATCH INSTRUCTIONS */ |
| 48 | /* On a 7-window Sparc the boot code patches spnwin_* |
| 49 | * instructions with the following ones. |
| 50 | */ |
| 51 | .globl spnwin_patch1_7win, spnwin_patch2_7win, spnwin_patch3_7win |
| 52 | spnwin_patch1_7win: sll %t_wim, 6, %glob_tmp |
| 53 | spnwin_patch2_7win: and %glob_tmp, 0x7f, %glob_tmp |
| 54 | spnwin_patch3_7win: and %twin_tmp, 0x7f, %twin_tmp |
| 55 | /* END OF PATCH INSTRUCTIONS */ |
| 56 | |
| 57 | /* The trap entry point has done the following: |
| 58 | * |
| 59 | * rd %psr, %l0 |
| 60 | * rd %wim, %l3 |
| 61 | * b spill_window_entry |
| 62 | * andcc %l0, PSR_PS, %g0 |
| 63 | */ |
| 64 | |
| 65 | /* Datum current_thread_info->uwinmask contains at all times a bitmask |
| 66 | * where if any user windows are active, at least one bit will |
| 67 | * be set in to mask. If no user windows are active, the bitmask |
| 68 | * will be all zeroes. |
| 69 | */ |
| 70 | .globl spill_window_entry |
| 71 | .globl spnwin_patch1, spnwin_patch2, spnwin_patch3 |
| 72 | spill_window_entry: |
| 73 | /* LOCATION: Trap Window */ |
| 74 | |
| 75 | mov %g5, %saved_g5 ! save away global temp register |
| 76 | mov %g6, %saved_g6 ! save away 'current' ptr register |
| 77 | |
| 78 | /* Compute what the new %wim will be if we save the |
| 79 | * window properly in this trap handler. |
| 80 | * |
| 81 | * newwim = ((%wim>>1) | (%wim<<(nwindows - 1))); |
| 82 | */ |
| 83 | srl %t_wim, 0x1, %twin_tmp |
| 84 | spnwin_patch1: sll %t_wim, 7, %glob_tmp |
| 85 | or %glob_tmp, %twin_tmp, %glob_tmp |
| 86 | spnwin_patch2: and %glob_tmp, 0xff, %glob_tmp |
| 87 | |
| 88 | /* The trap entry point has set the condition codes |
| 89 | * up for us to see if this is from user or kernel. |
| 90 | * Get the load of 'curptr' out of the way. |
| 91 | */ |
| 92 | LOAD_CURRENT(curptr, twin_tmp) |
| 93 | |
| 94 | andcc %t_psr, PSR_PS, %g0 |
| 95 | be,a spwin_fromuser ! all user wins, branch |
| 96 | save %g0, %g0, %g0 ! Go where saving will occur |
| 97 | |
| 98 | /* See if any user windows are active in the set. */ |
| 99 | ld [%curptr + TI_UWINMASK], %twin_tmp ! grab win mask |
| 100 | orcc %g0, %twin_tmp, %g0 ! check for set bits |
| 101 | bne spwin_exist_uwins ! yep, there are some |
| 102 | andn %twin_tmp, %glob_tmp, %twin_tmp ! compute new uwinmask |
| 103 | |
| 104 | /* Save into the window which must be saved and do it. |
| 105 | * Basically if we are here, this means that we trapped |
| 106 | * from kernel mode with only kernel windows in the register |
| 107 | * file. |
| 108 | */ |
| 109 | save %g0, %g0, %g0 ! save into the window to stash away |
| 110 | wr %glob_tmp, 0x0, %wim ! set new %wim, this is safe now |
| 111 | |
| 112 | spwin_no_userwins_from_kernel: |
| 113 | /* LOCATION: Window to be saved */ |
| 114 | |
| 115 | STORE_WINDOW(sp) ! stash the window |
| 116 | restore %g0, %g0, %g0 ! go back into trap window |
| 117 | |
| 118 | /* LOCATION: Trap window */ |
| 119 | mov %saved_g5, %g5 ! restore %glob_tmp |
| 120 | mov %saved_g6, %g6 ! restore %curptr |
| 121 | wr %t_psr, 0x0, %psr ! restore condition codes in %psr |
| 122 | WRITE_PAUSE ! waste some time |
| 123 | jmp %t_pc ! Return from trap |
| 124 | rett %t_npc ! we are done |
| 125 | |
| 126 | spwin_exist_uwins: |
| 127 | /* LOCATION: Trap window */ |
| 128 | |
| 129 | /* Wow, user windows have to be dealt with, this is dirty |
| 130 | * and messy as all hell. And difficult to follow if you |
| 131 | * are approaching the infamous register window trap handling |
| 132 | * problem for the first time. DON'T LOOK! |
| 133 | * |
| 134 | * Note that how the execution path works out, the new %wim |
| 135 | * will be left for us in the global temporary register, |
| 136 | * %glob_tmp. We cannot set the new %wim first because we |
| 137 | * need to save into the appropriate window without inducing |
| 138 | * a trap (traps are off, we'd get a watchdog wheee)... |
| 139 | * But first, store the new user window mask calculated |
| 140 | * above. |
| 141 | */ |
| 142 | st %twin_tmp, [%curptr + TI_UWINMASK] |
| 143 | save %g0, %g0, %g0 ! Go to where the saving will occur |
| 144 | |
| 145 | spwin_fromuser: |
| 146 | /* LOCATION: Window to be saved */ |
| 147 | wr %glob_tmp, 0x0, %wim ! Now it is safe to set new %wim |
| 148 | |
| 149 | /* LOCATION: Window to be saved */ |
| 150 | |
| 151 | /* This instruction branches to a routine which will check |
| 152 | * to validity of the users stack pointer by whatever means |
| 153 | * are necessary. This means that this is architecture |
| 154 | * specific and thus this branch instruction will need to |
| 155 | * be patched at boot time once the machine type is known. |
| 156 | * This routine _shall not_ touch %curptr under any |
| 157 | * circumstances whatsoever! It will branch back to the |
| 158 | * label 'spwin_good_ustack' if the stack is ok but still |
| 159 | * needs to be dumped (SRMMU for instance will not need to |
| 160 | * do this) or 'spwin_finish_up' if the stack is ok and the |
| 161 | * registers have already been saved. If the stack is found |
| 162 | * to be bogus for some reason the routine shall branch to |
| 163 | * the label 'spwin_user_stack_is_bolixed' which will take |
| 164 | * care of things at that point. |
| 165 | */ |
| 166 | .globl spwin_mmu_patchme |
| 167 | spwin_mmu_patchme: b spwin_sun4c_stackchk |
| 168 | andcc %sp, 0x7, %g0 |
| 169 | |
| 170 | spwin_good_ustack: |
| 171 | /* LOCATION: Window to be saved */ |
| 172 | |
| 173 | /* The users stack is ok and we can safely save it at |
| 174 | * %sp. |
| 175 | */ |
| 176 | STORE_WINDOW(sp) |
| 177 | |
| 178 | spwin_finish_up: |
| 179 | restore %g0, %g0, %g0 /* Back to trap window. */ |
| 180 | |
| 181 | /* LOCATION: Trap window */ |
| 182 | |
| 183 | /* We have spilled successfully, and we have properly stored |
| 184 | * the appropriate window onto the stack. |
| 185 | */ |
| 186 | |
| 187 | /* Restore saved globals */ |
| 188 | mov %saved_g5, %g5 |
| 189 | mov %saved_g6, %g6 |
| 190 | |
| 191 | wr %t_psr, 0x0, %psr |
| 192 | WRITE_PAUSE |
| 193 | jmp %t_pc |
| 194 | rett %t_npc |
| 195 | |
| 196 | spwin_user_stack_is_bolixed: |
| 197 | /* LOCATION: Window to be saved */ |
| 198 | |
| 199 | /* Wheee, user has trashed his/her stack. We have to decide |
| 200 | * how to proceed based upon whether we came from kernel mode |
| 201 | * or not. If we came from kernel mode, toss the window into |
| 202 | * a special buffer and proceed, the kernel _needs_ a window |
| 203 | * and we could be in an interrupt handler so timing is crucial. |
| 204 | * If we came from user land we build a full stack frame and call |
| 205 | * c-code to gun down the process. |
| 206 | */ |
| 207 | rd %psr, %glob_tmp |
| 208 | andcc %glob_tmp, PSR_PS, %g0 |
| 209 | bne spwin_bad_ustack_from_kernel |
| 210 | nop |
| 211 | |
| 212 | /* Oh well, throw this one window into the per-task window |
| 213 | * buffer, the first one. |
| 214 | */ |
| 215 | st %sp, [%curptr + TI_RWIN_SPTRS] |
| 216 | STORE_WINDOW(curptr + TI_REG_WINDOW) |
| 217 | restore %g0, %g0, %g0 |
| 218 | |
| 219 | /* LOCATION: Trap Window */ |
| 220 | |
| 221 | /* Back in the trap window, update winbuffer save count. */ |
| 222 | mov 1, %twin_tmp |
| 223 | st %twin_tmp, [%curptr + TI_W_SAVED] |
| 224 | |
| 225 | /* Compute new user window mask. What we are basically |
| 226 | * doing is taking two windows, the invalid one at trap |
| 227 | * time and the one we attempted to throw onto the users |
| 228 | * stack, and saying that everything else is an ok user |
| 229 | * window. umask = ((~(%t_wim | %wim)) & valid_wim_bits) |
| 230 | */ |
| 231 | rd %wim, %twin_tmp |
| 232 | or %twin_tmp, %t_wim, %twin_tmp |
| 233 | not %twin_tmp |
| 234 | spnwin_patch3: and %twin_tmp, 0xff, %twin_tmp ! patched on 7win Sparcs |
| 235 | st %twin_tmp, [%curptr + TI_UWINMASK] |
| 236 | |
| 237 | #define STACK_OFFSET (THREAD_SIZE - TRACEREG_SZ - STACKFRAME_SZ) |
| 238 | |
| 239 | sethi %hi(STACK_OFFSET), %sp |
| 240 | or %sp, %lo(STACK_OFFSET), %sp |
| 241 | add %curptr, %sp, %sp |
| 242 | |
| 243 | /* Restore the saved globals and build a pt_regs frame. */ |
| 244 | mov %saved_g5, %g5 |
| 245 | mov %saved_g6, %g6 |
| 246 | STORE_PT_ALL(sp, t_psr, t_pc, t_npc, g1) |
| 247 | |
| 248 | sethi %hi(STACK_OFFSET), %g6 |
| 249 | or %g6, %lo(STACK_OFFSET), %g6 |
| 250 | sub %sp, %g6, %g6 ! curptr |
| 251 | |
| 252 | /* Turn on traps and call c-code to deal with it. */ |
| 253 | wr %t_psr, PSR_ET, %psr |
| 254 | nop |
| 255 | call window_overflow_fault |
| 256 | nop |
| 257 | |
| 258 | /* Return from trap if C-code actually fixes things, if it |
| 259 | * doesn't then we never get this far as the process will |
| 260 | * be given the look of death from Commander Peanut. |
| 261 | */ |
| 262 | b ret_trap_entry |
| 263 | clr %l6 |
| 264 | |
| 265 | spwin_bad_ustack_from_kernel: |
| 266 | /* LOCATION: Window to be saved */ |
| 267 | |
| 268 | /* The kernel provoked a spill window trap, but the window we |
| 269 | * need to save is a user one and the process has trashed its |
| 270 | * stack pointer. We need to be quick, so we throw it into |
| 271 | * a per-process window buffer until we can properly handle |
| 272 | * this later on. |
| 273 | */ |
| 274 | SAVE_BOLIXED_USER_STACK(curptr, glob_tmp) |
| 275 | restore %g0, %g0, %g0 |
| 276 | |
| 277 | /* LOCATION: Trap window */ |
| 278 | |
| 279 | /* Restore globals, condition codes in the %psr and |
| 280 | * return from trap. Note, restoring %g6 when returning |
| 281 | * to kernel mode is not necessarily these days. ;-) |
| 282 | */ |
| 283 | mov %saved_g5, %g5 |
| 284 | mov %saved_g6, %g6 |
| 285 | |
| 286 | wr %t_psr, 0x0, %psr |
| 287 | WRITE_PAUSE |
| 288 | |
| 289 | jmp %t_pc |
| 290 | rett %t_npc |
| 291 | |
| 292 | /* Undefine the register macros which would only cause trouble |
| 293 | * if used below. This helps find 'stupid' coding errors that |
| 294 | * produce 'odd' behavior. The routines below are allowed to |
| 295 | * make usage of glob_tmp and t_psr so we leave them defined. |
| 296 | */ |
| 297 | #undef twin_tmp |
| 298 | #undef curptr |
| 299 | #undef t_pc |
| 300 | #undef t_npc |
| 301 | #undef t_wim |
| 302 | #undef saved_g5 |
| 303 | #undef saved_g6 |
| 304 | |
| 305 | /* Now come the per-architecture window overflow stack checking routines. |
| 306 | * As noted above %curptr cannot be touched by this routine at all. |
| 307 | */ |
| 308 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 309 | spwin_sun4c_stackchk: |
| 310 | /* LOCATION: Window to be saved on the stack */ |
| 311 | |
| 312 | /* See if the stack is in the address space hole but first, |
| 313 | * check results of callers andcc %sp, 0x7, %g0 |
| 314 | */ |
| 315 | be 1f |
| 316 | sra %sp, 29, %glob_tmp |
| 317 | |
| 318 | rd %psr, %glob_tmp |
| 319 | b spwin_user_stack_is_bolixed + 0x4 |
| 320 | nop |
| 321 | |
| 322 | 1: |
| 323 | add %glob_tmp, 0x1, %glob_tmp |
| 324 | andncc %glob_tmp, 0x1, %g0 |
| 325 | be 1f |
| 326 | and %sp, 0xfff, %glob_tmp ! delay slot |
| 327 | |
| 328 | rd %psr, %glob_tmp |
| 329 | b spwin_user_stack_is_bolixed + 0x4 |
| 330 | nop |
| 331 | |
| 332 | /* See if our dump area will be on more than one |
| 333 | * page. |
| 334 | */ |
| 335 | 1: |
| 336 | add %glob_tmp, 0x38, %glob_tmp |
| 337 | andncc %glob_tmp, 0xff8, %g0 |
| 338 | be spwin_sun4c_onepage ! only one page to check |
| 339 | lda [%sp] ASI_PTE, %glob_tmp ! have to check first page anyways |
| 340 | |
| 341 | spwin_sun4c_twopages: |
| 342 | /* Is first page ok permission wise? */ |
| 343 | srl %glob_tmp, 29, %glob_tmp |
| 344 | cmp %glob_tmp, 0x6 |
| 345 | be 1f |
| 346 | add %sp, 0x38, %glob_tmp /* Is second page in vma hole? */ |
| 347 | |
| 348 | rd %psr, %glob_tmp |
| 349 | b spwin_user_stack_is_bolixed + 0x4 |
| 350 | nop |
| 351 | |
| 352 | 1: |
| 353 | sra %glob_tmp, 29, %glob_tmp |
| 354 | add %glob_tmp, 0x1, %glob_tmp |
| 355 | andncc %glob_tmp, 0x1, %g0 |
| 356 | be 1f |
| 357 | add %sp, 0x38, %glob_tmp |
| 358 | |
| 359 | rd %psr, %glob_tmp |
| 360 | b spwin_user_stack_is_bolixed + 0x4 |
| 361 | nop |
| 362 | |
| 363 | 1: |
| 364 | lda [%glob_tmp] ASI_PTE, %glob_tmp |
| 365 | |
| 366 | spwin_sun4c_onepage: |
| 367 | srl %glob_tmp, 29, %glob_tmp |
| 368 | cmp %glob_tmp, 0x6 ! can user write to it? |
| 369 | be spwin_good_ustack ! success |
| 370 | nop |
| 371 | |
| 372 | rd %psr, %glob_tmp |
| 373 | b spwin_user_stack_is_bolixed + 0x4 |
| 374 | nop |
| 375 | |
| 376 | /* This is a generic SRMMU routine. As far as I know this |
| 377 | * works for all current v8/srmmu implementations, we'll |
| 378 | * see... |
| 379 | */ |
| 380 | .globl spwin_srmmu_stackchk |
| 381 | spwin_srmmu_stackchk: |
| 382 | /* LOCATION: Window to be saved on the stack */ |
| 383 | |
| 384 | /* Because of SMP concerns and speed we play a trick. |
| 385 | * We disable fault traps in the MMU control register, |
| 386 | * Execute the stores, then check the fault registers |
| 387 | * to see what happens. I can hear Linus now |
| 388 | * "disgusting... broken hardware...". |
| 389 | * |
| 390 | * But first, check to see if the users stack has ended |
| 391 | * up in kernel vma, then we would succeed for the 'wrong' |
| 392 | * reason... ;( Note that the 'sethi' below assumes the |
| 393 | * kernel is page aligned, which should always be the case. |
| 394 | */ |
| 395 | /* Check results of callers andcc %sp, 0x7, %g0 */ |
| 396 | bne spwin_user_stack_is_bolixed |
| 397 | sethi %hi(PAGE_OFFSET), %glob_tmp |
| 398 | cmp %glob_tmp, %sp |
| 399 | bleu spwin_user_stack_is_bolixed |
| 400 | mov AC_M_SFSR, %glob_tmp |
| 401 | |
| 402 | /* Clear the fault status and turn on the no_fault bit. */ |
| 403 | lda [%glob_tmp] ASI_M_MMUREGS, %g0 ! eat SFSR |
| 404 | |
| 405 | lda [%g0] ASI_M_MMUREGS, %glob_tmp ! read MMU control |
| 406 | or %glob_tmp, 0x2, %glob_tmp ! or in no_fault bit |
| 407 | sta %glob_tmp, [%g0] ASI_M_MMUREGS ! set it |
| 408 | |
| 409 | /* Dump the registers and cross fingers. */ |
| 410 | STORE_WINDOW(sp) |
| 411 | |
| 412 | /* Clear the no_fault bit and check the status. */ |
| 413 | andn %glob_tmp, 0x2, %glob_tmp |
| 414 | sta %glob_tmp, [%g0] ASI_M_MMUREGS |
| 415 | |
| 416 | mov AC_M_SFAR, %glob_tmp |
| 417 | lda [%glob_tmp] ASI_M_MMUREGS, %g0 |
| 418 | |
| 419 | mov AC_M_SFSR, %glob_tmp |
| 420 | lda [%glob_tmp] ASI_M_MMUREGS, %glob_tmp |
| 421 | andcc %glob_tmp, 0x2, %g0 ! did we fault? |
| 422 | be,a spwin_finish_up + 0x4 ! cool beans, success |
| 423 | restore %g0, %g0, %g0 |
| 424 | |
| 425 | rd %psr, %glob_tmp |
| 426 | b spwin_user_stack_is_bolixed + 0x4 ! we faulted, ugh |
| 427 | nop |