1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * wuf.S: Window underflow trap handler for the Sparc.
4  *
5  * Copyright (C) 1995 David S. Miller
6  */
7 
8 #include <asm/contregs.h>
9 #include <asm/page.h>
10 #include <asm/ptrace.h>
11 #include <asm/psr.h>
12 #include <asm/smp.h>
13 #include <asm/asi.h>
14 #include <asm/winmacro.h>
15 #include <asm/asmmacro.h>
16 #include <asm/thread_info.h>
17 
18 /* Just like the overflow handler we define macros for registers
19  * with fixed meanings in this routine.
20  */
21 #define t_psr       l0
22 #define t_pc        l1
23 #define t_npc       l2
24 #define t_wim       l3
25 /* Don't touch the above registers or else you die horribly... */
26 
27 /* Now macros for the available scratch registers in this routine. */
28 #define twin_tmp1    l4
29 #define twin_tmp2    l5
30 
31 #define curptr       g6
32 
33 	.text
34 	.align	4
35 
36 	/* The trap entry point has executed the following:
37 	 *
38 	 * rd    %psr, %l0
39 	 * rd    %wim, %l3
40 	 * b     fill_window_entry
41 	 * andcc %l0, PSR_PS, %g0
42 	 */
43 
44 	/* Datum current_thread_info->uwinmask contains at all times a bitmask
45 	 * where if any user windows are active, at least one bit will
46 	 * be set in to mask.  If no user windows are active, the bitmask
47 	 * will be all zeroes.
48 	 */
49 
50 	/* To get an idea of what has just happened to cause this
51 	 * trap take a look at this diagram:
52 	 *
53 	 *      1  2  3  4     <--  Window number
54 	 *      ----------
55 	 *      T  O  W  I     <--  Symbolic name
56 	 *
57 	 *      O == the window that execution was in when
58 	 *           the restore was attempted
59 	 *
60 	 *      T == the trap itself has save'd us into this
61 	 *           window
62 	 *
63 	 *      W == this window is the one which is now invalid
64 	 *           and must be made valid plus loaded from the
65 	 *           stack
66 	 *
67 	 *      I == this window will be the invalid one when we
68 	 *           are done and return from trap if successful
69 	 */
70 
71 	/* BEGINNING OF PATCH INSTRUCTIONS */
72 
73 	/* On 7-window Sparc the boot code patches fnwin_patch1
74 	 * with the following instruction.
75 	 */
76 	.globl	fnwin_patch1_7win, fnwin_patch2_7win
77 fnwin_patch1_7win:	srl	%t_wim, 6, %twin_tmp2
78 fnwin_patch2_7win:	and	%twin_tmp1, 0x7f, %twin_tmp1
79 	/* END OF PATCH INSTRUCTIONS */
80 
81 	.globl	fill_window_entry, fnwin_patch1, fnwin_patch2
82 fill_window_entry:
83 	/* LOCATION: Window 'T' */
84 
85 	/* Compute what the new %wim is going to be if we retrieve
86 	 * the proper window off of the stack.
87 	 */
88 		sll	%t_wim, 1, %twin_tmp1
89 fnwin_patch1:	srl	%t_wim, 7, %twin_tmp2
90 		or	%twin_tmp1, %twin_tmp2, %twin_tmp1
91 fnwin_patch2:	and	%twin_tmp1, 0xff, %twin_tmp1
92 
93 	wr	%twin_tmp1, 0x0, %wim	/* Make window 'I' invalid */
94 
95 	andcc	%t_psr, PSR_PS, %g0
96 	be	fwin_from_user
97 	 restore	%g0, %g0, %g0		/* Restore to window 'O' */
98 
99 	/* Trapped from kernel, we trust that the kernel does not
100 	 * 'over restore' sorta speak and just grab the window
101 	 * from the stack and return.  Easy enough.
102 	 */
103 fwin_from_kernel:
104 	/* LOCATION: Window 'O' */
105 
106 	restore %g0, %g0, %g0
107 
108 	/* LOCATION: Window 'W' */
109 
110 	LOAD_WINDOW(sp)	                /* Load it up */
111 
112 	/* Spin the wheel... */
113 	save	%g0, %g0, %g0
114 	save	%g0, %g0, %g0
115 	/* I'd like to buy a vowel please... */
116 
117 	/* LOCATION: Window 'T' */
118 
119 	/* Now preserve the condition codes in %psr, pause, and
120 	 * return from trap.  This is the simplest case of all.
121 	 */
122 	wr	%t_psr, 0x0, %psr
123 	WRITE_PAUSE
124 
125 	jmp	%t_pc
126 	rett	%t_npc
127 
128 fwin_from_user:
129 	/* LOCATION: Window 'O' */
130 
131 	restore	%g0, %g0, %g0		/* Restore to window 'W' */
132 
133 	/* LOCATION: Window 'W' */
134 
135 	/* Branch to the stack validation routine */
136 	b	srmmu_fwin_stackchk
137 	 andcc	%sp, 0x7, %g0
138 
139 #define STACK_OFFSET (THREAD_SIZE - TRACEREG_SZ - STACKFRAME_SZ)
140 
141 fwin_user_stack_is_bolixed:
142 	/* LOCATION: Window 'W' */
143 
144 	/* Place a pt_regs frame on the kernel stack, save back
145 	 * to the trap window and call c-code to deal with this.
146 	 */
147 	LOAD_CURRENT(l4, l5)
148 
149 	sethi	%hi(STACK_OFFSET), %l5
150 	or	%l5, %lo(STACK_OFFSET), %l5
151 	add	%l4, %l5, %l5
152 
153 	/* Store globals into pt_regs frame. */
154 	STORE_PT_GLOBALS(l5)
155 	STORE_PT_YREG(l5, g3)
156 
157 	/* Save current in a global while we change windows. */
158 	mov	%l4, %curptr
159 
160 	save	%g0, %g0, %g0
161 
162 	/* LOCATION: Window 'O' */
163 
164 	rd	%psr, %g3		/* Read %psr in live user window */
165 	mov	%fp, %g4		/* Save bogus frame pointer. */
166 
167 	save	%g0, %g0, %g0
168 
169 	/* LOCATION: Window 'T' */
170 
171 	sethi	%hi(STACK_OFFSET), %l5
172 	or	%l5, %lo(STACK_OFFSET), %l5
173 	add	%curptr, %l5, %sp
174 
175 	/* Build rest of pt_regs. */
176 	STORE_PT_INS(sp)
177 	STORE_PT_PRIV(sp, t_psr, t_pc, t_npc)
178 
179 	/* re-set trap time %wim value */
180 	wr	%t_wim, 0x0, %wim
181 
182 	/* Fix users window mask and buffer save count. */
183 	mov	0x1, %g5
184 	sll	%g5, %g3, %g5
185 	st	%g5, [%curptr + TI_UWINMASK]		! one live user window still
186 	st	%g0, [%curptr + TI_W_SAVED]		! no windows in the buffer
187 
188 	wr	%t_psr, PSR_ET, %psr			! enable traps
189 	nop
190 	call	window_underflow_fault
191 	 mov	%g4, %o0
192 
193 	b	ret_trap_entry
194 	 clr	%l6
195 
196 fwin_user_stack_is_ok:
197 	/* LOCATION: Window 'W' */
198 
199 	/* The users stack area is kosher and mapped, load the
200 	 * window and fall through to the finish up routine.
201 	 */
202 	LOAD_WINDOW(sp)
203 
204 	/* Round and round she goes... */
205 	save	%g0, %g0, %g0		/* Save to window 'O' */
206 	save	%g0, %g0, %g0		/* Save to window 'T' */
207 	/* Where she'll trap nobody knows... */
208 
209 	/* LOCATION: Window 'T' */
210 
211 fwin_user_finish_up:
212 	/* LOCATION: Window 'T' */
213 
214 	wr	%t_psr, 0x0, %psr
215 	WRITE_PAUSE
216 
217 	jmp	%t_pc
218 	rett	%t_npc
219 
220 	/* Here come the architecture specific checks for stack.
221 	 * mappings.  Note that unlike the window overflow handler
222 	 * we only need to check whether the user can read from
223 	 * the appropriate addresses.  Also note that we are in
224 	 * an invalid window which will be loaded, and this means
225 	 * that until we actually load the window up we are free
226 	 * to use any of the local registers contained within.
227 	 *
228 	 * On success these routine branch to fwin_user_stack_is_ok
229 	 * if the area at %sp is user readable and the window still
230 	 * needs to be loaded, else fwin_user_finish_up if the
231 	 * routine has done the loading itself.  On failure (bogus
232 	 * user stack) the routine shall branch to the label called
233 	 * fwin_user_stack_is_bolixed.
234 	 *
235 	 * Contrary to the arch-specific window overflow stack
236 	 * check routines in wof.S, these routines are free to use
237 	 * any of the local registers they want to as this window
238 	 * does not belong to anyone at this point, however the
239 	 * outs and ins are still verboten as they are part of
240 	 * 'someone elses' window possibly.
241 	 */
242 
243 	.globl	srmmu_fwin_stackchk
244 srmmu_fwin_stackchk:
245 	/* LOCATION: Window 'W' */
246 
247 	/* Caller did 'andcc %sp, 0x7, %g0' */
248 	bne	fwin_user_stack_is_bolixed
249 	 sethi   %hi(PAGE_OFFSET), %l5
250 
251 	/* Check if the users stack is in kernel vma, then our
252 	 * trial and error technique below would succeed for
253 	 * the 'wrong' reason.
254 	 */
255 	mov	AC_M_SFSR, %l4
256 	cmp	%l5, %sp
257 	bleu	fwin_user_stack_is_bolixed
258 LEON_PI( lda	[%l4] ASI_LEON_MMUREGS, %g0)	! clear fault status
259 SUN_PI_( lda	[%l4] ASI_M_MMUREGS, %g0)	! clear fault status
260 
261 	/* The technique is, turn off faults on this processor,
262 	 * just let the load rip, then check the sfsr to see if
263 	 * a fault did occur.  Then we turn on fault traps again
264 	 * and branch conditionally based upon what happened.
265 	 */
266 LEON_PI(lda	[%g0] ASI_LEON_MMUREGS, %l5)	! read mmu-ctrl reg
267 SUN_PI_(lda	[%g0] ASI_M_MMUREGS, %l5)	! read mmu-ctrl reg
268 	or	%l5, 0x2, %l5			! turn on no-fault bit
269 LEON_PI(sta	%l5, [%g0] ASI_LEON_MMUREGS)	! store it
270 SUN_PI_(sta	%l5, [%g0] ASI_M_MMUREGS)	! store it
271 
272 	/* Cross fingers and go for it. */
273 	LOAD_WINDOW(sp)
274 
275 	/* A penny 'saved'... */
276 	save	%g0, %g0, %g0
277 	save	%g0, %g0, %g0
278 	/* Is a BADTRAP earned... */
279 
280 	/* LOCATION: Window 'T' */
281 
282 LEON_PI(lda	[%g0] ASI_LEON_MMUREGS, %twin_tmp1)	! load mmu-ctrl again
283 SUN_PI_(lda	[%g0] ASI_M_MMUREGS, %twin_tmp1)	! load mmu-ctrl again
284 	andn	%twin_tmp1, 0x2, %twin_tmp1		! clear no-fault bit
285 LEON_PI(sta	%twin_tmp1, [%g0] ASI_LEON_MMUREGS)	! store it
286 SUN_PI_(sta	%twin_tmp1, [%g0] ASI_M_MMUREGS)	! store it
287 
288 	mov	AC_M_SFAR, %twin_tmp2
289 LEON_PI(lda	[%twin_tmp2] ASI_LEON_MMUREGS, %g0)	! read fault address
290 SUN_PI_(lda	[%twin_tmp2] ASI_M_MMUREGS, %g0)	! read fault address
291 
292 	mov	AC_M_SFSR, %twin_tmp2
293 LEON_PI(lda	[%twin_tmp2] ASI_LEON_MMUREGS, %twin_tmp2) ! read fault status
294 SUN_PI_(lda	[%twin_tmp2] ASI_M_MMUREGS, %twin_tmp2)	   ! read fault status
295 	andcc	%twin_tmp2, 0x2, %g0			   ! did fault occur?
296 
297 	bne	1f					   ! yep, cleanup
298 	 nop
299 
300 	wr	%t_psr, 0x0, %psr
301 	nop
302 	b	fwin_user_finish_up + 0x4
303 	 nop
304 
305 	/* Did I ever tell you about my window lobotomy?
306 	 * anyways... fwin_user_stack_is_bolixed expects
307 	 * to be in window 'W' so make it happy or else
308 	 * we watchdog badly.
309 	 */
310 1:
311 	restore	%g0, %g0, %g0
312 	b	fwin_user_stack_is_bolixed	! oh well
313 	 restore	%g0, %g0, %g0
314