2008-05-20 03:52:27 +04:00
/ *
2005-04-17 02:20:36 +04:00
* rtrap. S : P r e p a r i n g f o r r e t u r n f r o m t r a p o n S p a r c V 9 .
*
* Copyright ( C ) 1 9 9 7 ,1 9 9 8 J a k u b J e l i n e k ( j j @sunsite.mff.cuni.cz)
* Copyright ( C ) 1 9 9 7 D a v i d S . M i l l e r ( d a v e m @caip.rutgers.edu)
* /
# include < a s m / a s i . h >
# include < a s m / p s t a t e . h >
# include < a s m / p t r a c e . h >
# include < a s m / s p i t f i r e . h >
# include < a s m / h e a d . h >
# include < a s m / v i s a s m . h >
# include < a s m / p r o c e s s o r . h >
2013-09-14 16:02:11 +04:00
# ifdef C O N F I G _ C O N T E X T _ T R A C K I N G
# define S C H E D U L E _ U S E R s c h e d u l e _ u s e r
# else
# define S C H E D U L E _ U S E R s c h e d u l e
# endif
2005-04-17 02:20:36 +04:00
.text
.align 32
__handle_preemption :
2013-09-14 16:02:11 +04:00
call S C H E D U L E _ U S E R
2005-04-17 02:20:36 +04:00
wrpr % g 0 , R T R A P _ P S T A T E , % p s t a t e
ba,p t % x c c , _ _ h a n d l e _ p r e e m p t i o n _ c o n t i n u e
wrpr % g 0 , R T R A P _ P S T A T E _ I R Q O F F , % p s t a t e
__handle_user_windows :
call f a u l t _ i n _ u s e r _ w i n d o w s
wrpr % g 0 , R T R A P _ P S T A T E , % p s t a t e
2010-09-24 08:52:52 +04:00
ba,p t % x c c , _ _ h a n d l e _ p r e e m p t i o n _ c o n t i n u e
wrpr % g 0 , R T R A P _ P S T A T E _ I R Q O F F , % p s t a t e
2005-04-17 02:20:36 +04:00
__handle_userfpu :
rd % f p r s , % l 5
andcc % l 5 , F P R S _ F E F , % g 0
sethi % h i ( T S T A T E _ P E F ) , % o 0
be,a ,p n % i c c , _ _ h a n d l e _ u s e r f p u _ c o n t i n u e
andn % l 1 , % o 0 , % l 1
ba,a ,p t % x c c , _ _ h a n d l e _ u s e r f p u _ c o n t i n u e
__handle_signal :
2006-01-19 13:42:49 +03:00
mov % l 5 , % o 1
add % s p , P T R E G S _ O F F , % o 0
2008-04-24 14:15:22 +04:00
mov % l 0 , % o 2
2005-04-17 02:20:36 +04:00
call d o _ n o t i f y _ r e s u m e
wrpr % g 0 , R T R A P _ P S T A T E , % p s t a t e
wrpr % g 0 , R T R A P _ P S T A T E _ I R Q O F F , % p s t a t e
/ * Signal d e l i v e r y c a n m o d i f y p t _ r e g s t s t a t e , s o w e m u s t
* reload i t .
* /
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ T S T A T E ] , % l 1
sethi % h i ( 0 x f < < 2 0 ) , % l 4
and % l 1 , % l 4 , % l 4
2010-09-24 08:52:52 +04:00
ba,p t % x c c , _ _ h a n d l e _ p r e e m p t i o n _ c o n t i n u e
2005-04-17 02:20:36 +04:00
andn % l 1 , % l 4 , % l 1
2008-11-26 09:24:59 +03:00
/ * When r e t u r n i n g f r o m a N M I ( % p i l = =15 ) i n t e r r u p t w e w a n t t o
* avoid r u n n i n g s o f t i r q s , d o i n g I R Q t r a c i n g , p r e e m p t i n g , e t c .
* /
.globl rtrap_nmi
rtrap_nmi : ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ T S T A T E ] , % l 1
sethi % h i ( 0 x f < < 2 0 ) , % l 4
and % l 1 , % l 4 , % l 4
andn % l 1 , % l 4 , % l 1
srl % l 4 , 2 0 , % l 4
ba,p t % x c c , r t r a p _ n o _ i r q _ e n a b l e
2015-12-22 07:48:03 +03:00
nop
/ * Do n o t a c t u a l l y s e t t h e % p i l h e r e . W e w i l l d o t h a t
* below a f t e r w e c l e a r P S T A T E _ I E i n t h e % p s t a t e r e g i s t e r .
* If w e r e - e n a b l e i n t e r r u p t s h e r e , w e c a n r e c u r s e d o w n
* the h a r d i r q s t a c k p o t e n t i a l l y e n d l e s s l y , c a u s i n g a
* stack o v e r f l o w .
* /
2008-11-26 09:24:59 +03:00
2005-04-17 02:20:36 +04:00
.align 64
2008-04-24 14:15:22 +04:00
.globl rtrap_ i r q , r t r a p , i r q s z _ p a t c h m e , r t r a p _ x c a l l
2005-04-17 02:20:36 +04:00
rtrap_irq :
rtrap :
/* mm/ultra.S:xcall_report_regs KNOWS about this load. */
2012-04-14 00:56:46 +04:00
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ T S T A T E ] , % l 1
2005-04-17 02:20:36 +04:00
rtrap_xcall :
sethi % h i ( 0 x f < < 2 0 ) , % l 4
and % l 1 , % l 4 , % l 4
2006-11-17 00:38:57 +03:00
andn % l 1 , % l 4 , % l 1
srl % l 4 , 2 0 , % l 4
# ifdef C O N F I G _ T R A C E _ I R Q F L A G S
brnz,p n % l 4 , r t r a p _ n o _ i r q _ e n a b l e
nop
call t r a c e _ h a r d i r q s _ o n
nop
2010-04-20 11:48:37 +04:00
/ * Do n o t a c t u a l l y s e t t h e % p i l h e r e . W e w i l l d o t h a t
* below a f t e r w e c l e a r P S T A T E _ I E i n t h e % p s t a t e r e g i s t e r .
* If w e r e - e n a b l e i n t e r r u p t s h e r e , w e c a n r e c u r s e d o w n
* the h a r d i r q s t a c k p o t e n t i a l l y e n d l e s s l y , c a u s i n g a
* stack o v e r f l o w .
*
* It i s t e m p t i n g t o p u t t h i s t e s t a n d t r a c e _ h a r d i r q s _ o n
* call a t t h e ' r t _ c o n t i n u e ' l a b e l , b u t t h a t w i l l n o t w o r k
* as t h a t p a t h h i t s u n c o n d i t i o n a l l y a n d w e d o n o t w a n t t o
* execute t h i s i n N M I r e t u r n p a t h s , f o r e x a m p l e .
* /
2006-11-17 00:38:57 +03:00
# endif
2008-11-26 09:24:59 +03:00
rtrap_no_irq_enable :
2006-11-17 00:38:57 +03:00
andcc % l 1 , T S T A T E _ P R I V , % l 3
2005-04-17 02:20:36 +04:00
bne,p n % i c c , t o _ k e r n e l
2006-11-17 00:38:57 +03:00
nop
2005-04-17 02:20:36 +04:00
/ * We m u s t h o l d I R Q s o f f a n d a t o m i c a l l y t e s t s c h e d u l e + s i g n a l
* state, t h e n h o l d t h e m o f f a l l t h e w a y b a c k t o u s e r s p a c e .
2006-11-17 00:38:57 +03:00
* If w e a r e r e t u r n i n g t o k e r n e l , n o n e o f t h i s m a t t e r s . N o t e
* that w e a r e d i s a b l i n g i n t e r r u p t s v i a P S T A T E _ I E , n o t u s i n g
* % pil.
2005-04-17 02:20:36 +04:00
*
* If w e d o n o t d o t h i s , t h e r e i s a w i n d o w w h e r e w e w o u l d d o
* the t e s t s , l a t e r t h e s i g n a l / r e s c h e d e v e n t a r r i v e s b u t w e d o
* not p r o c e s s i t s i n c e w e a r e s t i l l i n k e r n e l m o d e . I t w o u l d
* take u n t i l t h e n e x t l o c a l I R Q b e f o r e t h e s i g n a l / r e s c h e d
* event w o u l d b e h a n d l e d .
*
2010-03-03 19:08:49 +03:00
* This a l s o m e a n s t h a t i f w e h a v e t o d e a l w i t h u s e r
* windows, w e h a v e t o r e d o a l l o f t h e s e s c h e d + s i g n a l c h e c k s
* with I R Q s d i s a b l e d .
2005-04-17 02:20:36 +04:00
* /
to_user : wrpr % g 0 , R T R A P _ P S T A T E _ I R Q O F F , % p s t a t e
wrpr 0 , % p i l
__handle_preemption_continue :
ldx [ % g 6 + T I _ F L A G S ] , % l 0
sethi % h i ( _ T I F _ U S E R _ W O R K _ M A S K ) , % o 0
or % o 0 , % l o ( _ T I F _ U S E R _ W O R K _ M A S K ) , % o 0
andcc % l 0 , % o 0 , % g 0
sethi % h i ( T S T A T E _ P E F ) , % o 0
be,p t % x c c , u s e r _ n o w o r k
andcc % l 1 , % o 0 , % g 0
andcc % l 0 , _ T I F _ N E E D _ R E S C H E D , % g 0
bne,p n % x c c , _ _ h a n d l e _ p r e e m p t i o n
2008-04-21 02:06:49 +04:00
andcc % l 0 , _ T I F _ D O _ N O T I F Y _ R E S U M E _ M A S K , % g 0
2005-04-17 02:20:36 +04:00
bne,p n % x c c , _ _ h a n d l e _ s i g n a l
ldub [ % g 6 + T I _ W S A V E D ] , % o 2
brnz,p n % o 2 , _ _ h a n d l e _ u s e r _ w i n d o w s
nop
sethi % h i ( T S T A T E _ P E F ) , % o 0
2010-03-03 19:08:49 +03:00
andcc % l 1 , % o 0 , % g 0
2005-04-17 02:20:36 +04:00
/* This fpdepth clear is necessary for non-syscall rtraps only */
user_nowork :
bne,p n % x c c , _ _ h a n d l e _ u s e r f p u
stb % g 0 , [ % g 6 + T I _ F P D E P T H ]
__handle_userfpu_continue :
rt_continue : ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 1 ] , % g 1
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 2 ] , % g 2
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 3 ] , % g 3
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 4 ] , % g 4
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 5 ] , % g 5
2006-02-27 10:24:22 +03:00
brz,p t % l 3 , 1 f
2006-02-06 08:59:03 +03:00
mov % g 6 , % l 2
2006-02-27 10:24:22 +03:00
/* Must do this before thread reg is clobbered below. */
2006-02-03 08:55:10 +03:00
LOAD_ P E R _ C P U _ B A S E ( % g 5 , % g 6 , % i 0 , % i 1 , % i 2 )
2006-02-01 05:29:18 +03:00
1 :
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 6 ] , % g 6
2005-04-17 02:20:36 +04:00
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ G 7 ] , % g 7
2006-02-06 08:29:28 +03:00
/* Normal globals are restored, go to trap globals. */
661 : wrpr % g 0 , R T R A P _ P S T A T E _ A G _ I R Q O F F , % p s t a t e
2006-02-17 03:23:45 +03:00
nop
.section .sun4v_2insn_patch , " ax"
2006-02-06 08:29:28 +03:00
.word 661b
2006-02-17 03:23:45 +03:00
wrpr % g 0 , R T R A P _ P S T A T E _ I R Q O F F , % p s t a t e
2006-02-06 08:29:28 +03:00
SET_ G L ( 1 )
.previous
2006-02-06 08:59:03 +03:00
mov % l 2 , % g 6
2005-04-17 02:20:36 +04:00
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 0 ] , % i 0
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 1 ] , % i 1
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 2 ] , % i 2
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 3 ] , % i 3
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 4 ] , % i 4
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 5 ] , % i 5
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 6 ] , % i 6
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ I 7 ] , % i 7
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ T P C ] , % l 2
ldx [ % s p + P T R E G S _ O F F + P T _ V 9 _ T N P C ] , % o 2
ld [ % s p + P T R E G S _ O F F + P T _ V 9 _ Y ] , % o 3
wr % o 3 , % g 0 , % y
wrpr % l 4 , 0 x0 , % p i l
wrpr % g 0 , 0 x1 , % t l
sparc: Fix debugger syscall restart interactions.
So, forever, we've had this ptrace_signal_deliver implementation
which tries to handle all of the nasties that can occur when the
debugger looks at a process about to take a signal. It's meant
to address all of these issues inside of the kernel so that the
debugger need not be mindful of such things.
Problem is, this doesn't work.
The idea was that we should do the syscall restart business first, so
that the debugger captures that state. Otherwise, if the debugger for
example saves the child's state, makes the child execute something
else, then restores the saved state, we won't handle the syscall
restart properly because we lose the "we're in a syscall" state.
The code here worked for most cases, but if the debugger actually
passes the signal through to the child unaltered, it's possible that
we would do a syscall restart when we shouldn't have.
In particular this breaks the case of debugging a process under a gdb
which is being debugged by yet another gdb. gdb uses sigsuspend
to wait for SIGCHLD of the inferior, but if gdb itself is being
debugged by a top-level gdb we get a ptrace_stop(). The top-level gdb
does a PTRACE_CONT with SIGCHLD to let the inferior gdb see the
signal. But ptrace_signal_deliver() assumed the debugger would cancel
out the signal and therefore did a syscall restart, because the return
error was ERESTARTNOHAND.
Fix this by simply making ptrace_signal_deliver() a nop, and providing
a way for the debugger to control system call restarting properly:
1) Report a "in syscall" software bit in regs->{tstate,psr}.
It is set early on in trap entry to a system call and is fully
visible to the debugger via ptrace() and regsets.
2) Test this bit right before doing a syscall restart. We have
to do a final recheck right after get_signal_to_deliver() in
case the debugger cleared the bit during ptrace_stop().
3) Clear the bit in trap return so we don't accidently try to set
that bit in the real register.
As a result we also get a ptrace_{is,clear}_syscall() for sparc32 just
like sparc64 has.
M68K has this same exact bug, and is now the only other user of the
ptrace_signal_deliver hook. It needs to be fixed in the same exact
way as sparc.
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-11 13:07:19 +04:00
andn % l 1 , T S T A T E _ S Y S C A L L , % l 1
2005-04-17 02:20:36 +04:00
wrpr % l 1 , % g 0 , % t s t a t e
wrpr % l 2 , % g 0 , % t p c
wrpr % o 2 , % g 0 , % t n p c
brnz,p n % l 3 , k e r n _ r t t
mov P R I M A R Y _ C O N T E X T , % l 7
2006-02-08 09:13:05 +03:00
661 : ldxa [ % l 7 + % l 7 ] A S I _ D M M U , % l 0
.section .sun4v_1insn_patch , " ax"
.word 661b
ldxa [ % l 7 + % l 7 ] A S I _ M M U , % l 0
.previous
2005-10-05 02:23:20 +04:00
sethi % h i ( s p a r c64 _ k e r n _ p r i _ n u c _ b i t s ) , % l 1
ldx [ % l 1 + % l o ( s p a r c64 _ k e r n _ p r i _ n u c _ b i t s ) ] , % l 1
2005-04-17 02:20:36 +04:00
or % l 0 , % l 1 , % l 0
2006-02-08 09:13:05 +03:00
661 : stxa % l 0 , [ % l 7 ] A S I _ D M M U
.section .sun4v_1insn_patch , " ax"
.word 661b
stxa % l 0 , [ % l 7 ] A S I _ M M U
.previous
2006-02-01 05:33:00 +03:00
sethi % h i ( K E R N B A S E ) , % l 7
flush % l 7
2005-04-17 02:20:36 +04:00
rdpr % w s t a t e , % l 1
rdpr % o t h e r w i n , % l 2
srl % l 1 , 3 , % l 1
wrpr % l 2 , % g 0 , % c a n r e s t o r e
wrpr % l 1 , % g 0 , % w s t a t e
2006-02-04 11:10:01 +03:00
brnz,p t % l 2 , u s e r _ r t t _ r e s t o r e
wrpr % g 0 , % g 0 , % o t h e r w i n
ldx [ % g 6 + T I _ F L A G S ] , % g 3
wr % g 0 , A S I _ A I U P , % a s i
rdpr % c w p , % g 1
andcc % g 3 , _ T I F _ 3 2 B I T , % g 0
sub % g 1 , 1 , % g 1
bne,p t % x c c , u s e r _ r t t _ f i l l _ 3 2 b i t
wrpr % g 1 , % c w p
ba,a ,p t % x c c , u s e r _ r t t _ f i l l _ 6 4 b i t
arch/sparc: Avoid DCTI Couples
Avoid un-intended DCTI Couples. Use of DCTI couples is deprecated.
Also address the "Programming Note" for optimal performance.
Here is the complete text from Oracle SPARC Architecture Specs.
6.3.4.7 DCTI Couples
"A delayed control transfer instruction (DCTI) in the delay slot of
another DCTI is referred to as a “DCTI couple”. The use of DCTI couples
is deprecated in the Oracle SPARC Architecture; no new software should
place a DCTI in the delay slot of another DCTI, because on future Oracle
SPARC Architecture implementations DCTI couples may execute either
slowly or differently than the programmer assumes it will.
SPARC V8 and SPARC V9 Compatibility Note
The SPARC V8 architecture left behavior undefined for a DCTI couple. The
SPARC V9 architecture defined behavior in that case, but as of
UltraSPARC Architecture 2005, use of DCTI couples was deprecated.
Software should not expect high performance from DCTI couples, and
performance of DCTI couples should be expected to decline further in
future processors.
Programming Note
As noted in TABLE 6-5 on page 115, an annulled branch-always
(branch-always with a = 1) instruction is not architecturally a DCTI.
However, since not all implementations make that distinction, for
optimal performance, a DCTI should not be placed in the instruction word
immediately following an annulled branch-always instruction (BA,A or
BPA,A)."
Signed-off-by: Babu Moger <babu.moger@oracle.com>
Reviewed-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-17 23:52:21 +03:00
nop
2006-02-04 11:10:01 +03:00
sparc64: Fix return from trap window fill crashes.
We must handle data access exception as well as memory address unaligned
exceptions from return from trap window fill faults, not just normal
TLB misses.
Otherwise we can get an OOPS that looks like this:
ld-linux.so.2(36808): Kernel bad sw trap 5 [#1]
CPU: 1 PID: 36808 Comm: ld-linux.so.2 Not tainted 4.6.0 #34
task: fff8000303be5c60 ti: fff8000301344000 task.ti: fff8000301344000
TSTATE: 0000004410001601 TPC: 0000000000a1a784 TNPC: 0000000000a1a788 Y: 00000002 Not tainted
TPC: <do_sparc64_fault+0x5c4/0x700>
g0: fff8000024fc8248 g1: 0000000000db04dc g2: 0000000000000000 g3: 0000000000000001
g4: fff8000303be5c60 g5: fff800030e672000 g6: fff8000301344000 g7: 0000000000000001
o0: 0000000000b95ee8 o1: 000000000000012b o2: 0000000000000000 o3: 0000000200b9b358
o4: 0000000000000000 o5: fff8000301344040 sp: fff80003013475c1 ret_pc: 0000000000a1a77c
RPC: <do_sparc64_fault+0x5bc/0x700>
l0: 00000000000007ff l1: 0000000000000000 l2: 000000000000005f l3: 0000000000000000
l4: fff8000301347e98 l5: fff8000024ff3060 l6: 0000000000000000 l7: 0000000000000000
i0: fff8000301347f60 i1: 0000000000102400 i2: 0000000000000000 i3: 0000000000000000
i4: 0000000000000000 i5: 0000000000000000 i6: fff80003013476a1 i7: 0000000000404d4c
I7: <user_rtt_fill_fixup+0x6c/0x7c>
Call Trace:
[0000000000404d4c] user_rtt_fill_fixup+0x6c/0x7c
The window trap handlers are slightly clever, the trap table entries for them are
composed of two pieces of code. First comes the code that actually performs
the window fill or spill trap handling, and then there are three instructions at
the end which are for exception processing.
The userland register window fill handler is:
add %sp, STACK_BIAS + 0x00, %g1; \
ldxa [%g1 + %g0] ASI, %l0; \
mov 0x08, %g2; \
mov 0x10, %g3; \
ldxa [%g1 + %g2] ASI, %l1; \
mov 0x18, %g5; \
ldxa [%g1 + %g3] ASI, %l2; \
ldxa [%g1 + %g5] ASI, %l3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %l4; \
ldxa [%g1 + %g2] ASI, %l5; \
ldxa [%g1 + %g3] ASI, %l6; \
ldxa [%g1 + %g5] ASI, %l7; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i0; \
ldxa [%g1 + %g2] ASI, %i1; \
ldxa [%g1 + %g3] ASI, %i2; \
ldxa [%g1 + %g5] ASI, %i3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i4; \
ldxa [%g1 + %g2] ASI, %i5; \
ldxa [%g1 + %g3] ASI, %i6; \
ldxa [%g1 + %g5] ASI, %i7; \
restored; \
retry; nop; nop; nop; nop; \
b,a,pt %xcc, fill_fixup_dax; \
b,a,pt %xcc, fill_fixup_mna; \
b,a,pt %xcc, fill_fixup;
And the way this works is that if any of those memory accesses
generate an exception, the exception handler can revector to one of
those final three branch instructions depending upon which kind of
exception the memory access took. In this way, the fault handler
doesn't have to know if it was a spill or a fill that it's handling
the fault for. It just always branches to the last instruction in
the parent trap's handler.
For example, for a regular fault, the code goes:
winfix_trampoline:
rdpr %tpc, %g3
or %g3, 0x7c, %g3
wrpr %g3, %tnpc
done
All window trap handlers are 0x80 aligned, so if we "or" 0x7c into the
trap time program counter, we'll get that final instruction in the
trap handler.
On return from trap, we have to pull the register window in but we do
this by hand instead of just executing a "restore" instruction for
several reasons. The largest being that from Niagara and onward we
simply don't have enough levels in the trap stack to fully resolve all
possible exception cases of a window fault when we are already at
trap level 1 (which we enter to get ready to return from the original
trap).
This is executed inline via the FILL_*_RTRAP handlers. rtrap_64.S's
code branches directly to these to do the window fill by hand if
necessary. Now if you look at them, we'll see at the end:
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
And oops, all three cases are handled like a fault.
This doesn't work because each of these trap types (data access
exception, memory address unaligned, and faults) store their auxiliary
info in different registers to pass on to the C handler which does the
real work.
So in the case where the stack was unaligned, the unaligned trap
handler sets up the arg registers one way, and then we branched to
the fault handler which expects them setup another way.
So the FAULT_TYPE_* value ends up basically being garbage, and
randomly would generate the backtrace seen above.
Reported-by: Nick Alcock <nix@esperi.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-29 06:41:12 +03:00
user_rtt_fill_fixup_dax :
ba,p t % x c c , u s e r _ r t t _ f i l l _ f i x u p _ c o m m o n
mov 1 , % g 3
2006-02-04 11:10:01 +03:00
sparc64: Fix return from trap window fill crashes.
We must handle data access exception as well as memory address unaligned
exceptions from return from trap window fill faults, not just normal
TLB misses.
Otherwise we can get an OOPS that looks like this:
ld-linux.so.2(36808): Kernel bad sw trap 5 [#1]
CPU: 1 PID: 36808 Comm: ld-linux.so.2 Not tainted 4.6.0 #34
task: fff8000303be5c60 ti: fff8000301344000 task.ti: fff8000301344000
TSTATE: 0000004410001601 TPC: 0000000000a1a784 TNPC: 0000000000a1a788 Y: 00000002 Not tainted
TPC: <do_sparc64_fault+0x5c4/0x700>
g0: fff8000024fc8248 g1: 0000000000db04dc g2: 0000000000000000 g3: 0000000000000001
g4: fff8000303be5c60 g5: fff800030e672000 g6: fff8000301344000 g7: 0000000000000001
o0: 0000000000b95ee8 o1: 000000000000012b o2: 0000000000000000 o3: 0000000200b9b358
o4: 0000000000000000 o5: fff8000301344040 sp: fff80003013475c1 ret_pc: 0000000000a1a77c
RPC: <do_sparc64_fault+0x5bc/0x700>
l0: 00000000000007ff l1: 0000000000000000 l2: 000000000000005f l3: 0000000000000000
l4: fff8000301347e98 l5: fff8000024ff3060 l6: 0000000000000000 l7: 0000000000000000
i0: fff8000301347f60 i1: 0000000000102400 i2: 0000000000000000 i3: 0000000000000000
i4: 0000000000000000 i5: 0000000000000000 i6: fff80003013476a1 i7: 0000000000404d4c
I7: <user_rtt_fill_fixup+0x6c/0x7c>
Call Trace:
[0000000000404d4c] user_rtt_fill_fixup+0x6c/0x7c
The window trap handlers are slightly clever, the trap table entries for them are
composed of two pieces of code. First comes the code that actually performs
the window fill or spill trap handling, and then there are three instructions at
the end which are for exception processing.
The userland register window fill handler is:
add %sp, STACK_BIAS + 0x00, %g1; \
ldxa [%g1 + %g0] ASI, %l0; \
mov 0x08, %g2; \
mov 0x10, %g3; \
ldxa [%g1 + %g2] ASI, %l1; \
mov 0x18, %g5; \
ldxa [%g1 + %g3] ASI, %l2; \
ldxa [%g1 + %g5] ASI, %l3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %l4; \
ldxa [%g1 + %g2] ASI, %l5; \
ldxa [%g1 + %g3] ASI, %l6; \
ldxa [%g1 + %g5] ASI, %l7; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i0; \
ldxa [%g1 + %g2] ASI, %i1; \
ldxa [%g1 + %g3] ASI, %i2; \
ldxa [%g1 + %g5] ASI, %i3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i4; \
ldxa [%g1 + %g2] ASI, %i5; \
ldxa [%g1 + %g3] ASI, %i6; \
ldxa [%g1 + %g5] ASI, %i7; \
restored; \
retry; nop; nop; nop; nop; \
b,a,pt %xcc, fill_fixup_dax; \
b,a,pt %xcc, fill_fixup_mna; \
b,a,pt %xcc, fill_fixup;
And the way this works is that if any of those memory accesses
generate an exception, the exception handler can revector to one of
those final three branch instructions depending upon which kind of
exception the memory access took. In this way, the fault handler
doesn't have to know if it was a spill or a fill that it's handling
the fault for. It just always branches to the last instruction in
the parent trap's handler.
For example, for a regular fault, the code goes:
winfix_trampoline:
rdpr %tpc, %g3
or %g3, 0x7c, %g3
wrpr %g3, %tnpc
done
All window trap handlers are 0x80 aligned, so if we "or" 0x7c into the
trap time program counter, we'll get that final instruction in the
trap handler.
On return from trap, we have to pull the register window in but we do
this by hand instead of just executing a "restore" instruction for
several reasons. The largest being that from Niagara and onward we
simply don't have enough levels in the trap stack to fully resolve all
possible exception cases of a window fault when we are already at
trap level 1 (which we enter to get ready to return from the original
trap).
This is executed inline via the FILL_*_RTRAP handlers. rtrap_64.S's
code branches directly to these to do the window fill by hand if
necessary. Now if you look at them, we'll see at the end:
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
And oops, all three cases are handled like a fault.
This doesn't work because each of these trap types (data access
exception, memory address unaligned, and faults) store their auxiliary
info in different registers to pass on to the C handler which does the
real work.
So in the case where the stack was unaligned, the unaligned trap
handler sets up the arg registers one way, and then we branched to
the fault handler which expects them setup another way.
So the FAULT_TYPE_* value ends up basically being garbage, and
randomly would generate the backtrace seen above.
Reported-by: Nick Alcock <nix@esperi.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-29 06:41:12 +03:00
user_rtt_fill_fixup_mna :
ba,p t % x c c , u s e r _ r t t _ f i l l _ f i x u p _ c o m m o n
mov 2 , % g 3
2006-02-04 11:10:01 +03:00
sparc64: Fix return from trap window fill crashes.
We must handle data access exception as well as memory address unaligned
exceptions from return from trap window fill faults, not just normal
TLB misses.
Otherwise we can get an OOPS that looks like this:
ld-linux.so.2(36808): Kernel bad sw trap 5 [#1]
CPU: 1 PID: 36808 Comm: ld-linux.so.2 Not tainted 4.6.0 #34
task: fff8000303be5c60 ti: fff8000301344000 task.ti: fff8000301344000
TSTATE: 0000004410001601 TPC: 0000000000a1a784 TNPC: 0000000000a1a788 Y: 00000002 Not tainted
TPC: <do_sparc64_fault+0x5c4/0x700>
g0: fff8000024fc8248 g1: 0000000000db04dc g2: 0000000000000000 g3: 0000000000000001
g4: fff8000303be5c60 g5: fff800030e672000 g6: fff8000301344000 g7: 0000000000000001
o0: 0000000000b95ee8 o1: 000000000000012b o2: 0000000000000000 o3: 0000000200b9b358
o4: 0000000000000000 o5: fff8000301344040 sp: fff80003013475c1 ret_pc: 0000000000a1a77c
RPC: <do_sparc64_fault+0x5bc/0x700>
l0: 00000000000007ff l1: 0000000000000000 l2: 000000000000005f l3: 0000000000000000
l4: fff8000301347e98 l5: fff8000024ff3060 l6: 0000000000000000 l7: 0000000000000000
i0: fff8000301347f60 i1: 0000000000102400 i2: 0000000000000000 i3: 0000000000000000
i4: 0000000000000000 i5: 0000000000000000 i6: fff80003013476a1 i7: 0000000000404d4c
I7: <user_rtt_fill_fixup+0x6c/0x7c>
Call Trace:
[0000000000404d4c] user_rtt_fill_fixup+0x6c/0x7c
The window trap handlers are slightly clever, the trap table entries for them are
composed of two pieces of code. First comes the code that actually performs
the window fill or spill trap handling, and then there are three instructions at
the end which are for exception processing.
The userland register window fill handler is:
add %sp, STACK_BIAS + 0x00, %g1; \
ldxa [%g1 + %g0] ASI, %l0; \
mov 0x08, %g2; \
mov 0x10, %g3; \
ldxa [%g1 + %g2] ASI, %l1; \
mov 0x18, %g5; \
ldxa [%g1 + %g3] ASI, %l2; \
ldxa [%g1 + %g5] ASI, %l3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %l4; \
ldxa [%g1 + %g2] ASI, %l5; \
ldxa [%g1 + %g3] ASI, %l6; \
ldxa [%g1 + %g5] ASI, %l7; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i0; \
ldxa [%g1 + %g2] ASI, %i1; \
ldxa [%g1 + %g3] ASI, %i2; \
ldxa [%g1 + %g5] ASI, %i3; \
add %g1, 0x20, %g1; \
ldxa [%g1 + %g0] ASI, %i4; \
ldxa [%g1 + %g2] ASI, %i5; \
ldxa [%g1 + %g3] ASI, %i6; \
ldxa [%g1 + %g5] ASI, %i7; \
restored; \
retry; nop; nop; nop; nop; \
b,a,pt %xcc, fill_fixup_dax; \
b,a,pt %xcc, fill_fixup_mna; \
b,a,pt %xcc, fill_fixup;
And the way this works is that if any of those memory accesses
generate an exception, the exception handler can revector to one of
those final three branch instructions depending upon which kind of
exception the memory access took. In this way, the fault handler
doesn't have to know if it was a spill or a fill that it's handling
the fault for. It just always branches to the last instruction in
the parent trap's handler.
For example, for a regular fault, the code goes:
winfix_trampoline:
rdpr %tpc, %g3
or %g3, 0x7c, %g3
wrpr %g3, %tnpc
done
All window trap handlers are 0x80 aligned, so if we "or" 0x7c into the
trap time program counter, we'll get that final instruction in the
trap handler.
On return from trap, we have to pull the register window in but we do
this by hand instead of just executing a "restore" instruction for
several reasons. The largest being that from Niagara and onward we
simply don't have enough levels in the trap stack to fully resolve all
possible exception cases of a window fault when we are already at
trap level 1 (which we enter to get ready to return from the original
trap).
This is executed inline via the FILL_*_RTRAP handlers. rtrap_64.S's
code branches directly to these to do the window fill by hand if
necessary. Now if you look at them, we'll see at the end:
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
ba,a,pt %xcc, user_rtt_fill_fixup;
And oops, all three cases are handled like a fault.
This doesn't work because each of these trap types (data access
exception, memory address unaligned, and faults) store their auxiliary
info in different registers to pass on to the C handler which does the
real work.
So in the case where the stack was unaligned, the unaligned trap
handler sets up the arg registers one way, and then we branched to
the fault handler which expects them setup another way.
So the FAULT_TYPE_* value ends up basically being garbage, and
randomly would generate the backtrace seen above.
Reported-by: Nick Alcock <nix@esperi.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-29 06:41:12 +03:00
user_rtt_fill_fixup :
ba,p t % x c c , u s e r _ r t t _ f i l l _ f i x u p _ c o m m o n
clr % g 3
2006-02-04 11:10:01 +03:00
user_rtt_pre_restore :
add % g 1 , 1 , % g 1
wrpr % g 1 , 0 x0 , % c w p
user_rtt_restore :
2005-04-17 02:20:36 +04:00
restore
rdpr % c a n r e s t o r e , % g 1
wrpr % g 1 , 0 x0 , % c l e a n w i n
retry
nop
2006-02-04 11:10:01 +03:00
kern_rtt : rdpr % c a n r e s t o r e , % g 1
brz,p n % g 1 , k e r n _ r t t _ f i l l
nop
kern_rtt_restore :
2008-05-22 08:50:01 +04:00
stw % g 0 , [ % s p + P T R E G S _ O F F + P T _ V 9 _ M A G I C ]
2006-02-04 11:10:01 +03:00
restore
2005-04-17 02:20:36 +04:00
retry
2006-02-04 11:10:01 +03:00
2005-04-17 02:20:36 +04:00
to_kernel :
# ifdef C O N F I G _ P R E E M P T
ldsw [ % g 6 + T I _ P R E _ C O U N T ] , % l 5
brnz % l 5 , k e r n _ f p u c h e c k
ldx [ % g 6 + T I _ F L A G S ] , % l 5
andcc % l 5 , _ T I F _ N E E D _ R E S C H E D , % g 0
be,p t % x c c , k e r n _ f p u c h e c k
2006-11-17 00:38:57 +03:00
nop
cmp % l 4 , 0
2005-04-17 02:20:36 +04:00
bne,p n % x c c , k e r n _ f p u c h e c k
2013-09-17 22:53:08 +04:00
nop
call p r e e m p t _ s c h e d u l e _ i r q
2005-04-17 02:20:36 +04:00
nop
ba,p t % x c c , r t r a p
# endif
kern_fpucheck : ldub [ % g 6 + T I _ F P D E P T H ] , % l 5
brz,p t % l 5 , r t _ c o n t i n u e
srl % l 5 , 1 , % o 0
add % g 6 , T I _ F P S A V E D , % l 6
ldub [ % l 6 + % o 0 ] , % l 2
sub % l 5 , 2 , % l 5
add % g 6 , T I _ G S R , % o 1
andcc % l 2 , ( F P R S _ F E F | F P R S _ D U ) , % g 0
be,p t % i c c , 2 f
and % l 2 , F P R S _ D L , % l 6
andcc % l 2 , F P R S _ F E F , % g 0
be,p n % i c c , 5 f
sll % o 0 , 3 , % o 5
rd % f p r s , % g 1
wr % g 1 , F P R S _ F E F , % f p r s
ldx [ % o 1 + % o 5 ] , % g 1
add % g 6 , T I _ X F S R , % o 1
sll % o 0 , 8 , % o 2
add % g 6 , T I _ F P R E G S , % o 3
brz,p n % l 6 , 1 f
add % g 6 , T I _ F P R E G S + 0 x40 , % o 4
2005-10-08 00:30:49 +04:00
membar #S y n c
2005-04-17 02:20:36 +04:00
ldda [ % o 3 + % o 2 ] A S I _ B L K _ P , % f0
ldda [ % o 4 + % o 2 ] A S I _ B L K _ P , % f16
2005-10-08 00:30:49 +04:00
membar #S y n c
2005-04-17 02:20:36 +04:00
1 : andcc % l 2 , F P R S _ D U , % g 0
be,p n % i c c , 1 f
wr % g 1 , 0 , % g s r
add % o 2 , 0 x80 , % o 2
2005-10-08 00:30:49 +04:00
membar #S y n c
2005-04-17 02:20:36 +04:00
ldda [ % o 3 + % o 2 ] A S I _ B L K _ P , % f32
ldda [ % o 4 + % o 2 ] A S I _ B L K _ P , % f48
1 : membar #S y n c
ldx [ % o 1 + % o 5 ] , % f s r
2 : stb % l 5 , [ % g 6 + T I _ F P D E P T H ]
ba,p t % x c c , r t _ c o n t i n u e
nop
5 : wr % g 0 , F P R S _ F E F , % f p r s
sll % o 0 , 8 , % o 2
add % g 6 , T I _ F P R E G S + 0 x80 , % o 3
add % g 6 , T I _ F P R E G S + 0 x c0 , % o 4
2005-10-08 00:30:49 +04:00
membar #S y n c
2005-04-17 02:20:36 +04:00
ldda [ % o 3 + % o 2 ] A S I _ B L K _ P , % f32
ldda [ % o 4 + % o 2 ] A S I _ B L K _ P , % f48
membar #S y n c
wr % g 0 , F P R S _ D U , % f p r s
ba,p t % x c c , r t _ c o n t i n u e
stb % l 5 , [ % g 6 + T I _ F P D E P T H ]