1 /*- 2 * Copyright (c) 1990 William Jolitz. 3 * Copyright (c) 1991 The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by the University of 17 * California, Berkeley and its contributors. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * from: @(#)npx.c 7.2 (Berkeley) 5/12/91 35 * $Id: npx.c,v 1.9 1994/06/11 05:17:15 davidg Exp $ 36 */ 37 38 #include "npx.h" 39 #if NNPX > 0 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/conf.h> 44 #include <sys/file.h> 45 #include <sys/proc.h> 46 #include <machine/cpu.h> 47 #include <machine/pcb.h> 48 #include <machine/trap.h> 49 #include <sys/ioctl.h> 50 #include <machine/specialreg.h> 51 #include <i386/isa/icu.h> 52 #include <i386/isa/isa_device.h> 53 #include <i386/isa/isa.h> 54 55 /* 56 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver. 57 */ 58 59 #ifdef __GNUC__ 60 61 #define disable_intr() __asm("cli") 62 #define enable_intr() __asm("sti") 63 #define fldcw(addr) __asm("fldcw %0" : : "m" (*addr)) 64 #define fnclex() __asm("fnclex") 65 #define fninit() __asm("fninit") 66 #define fnsave(addr) __asm("fnsave %0" : "=m" (*addr) : "0" (*addr)) 67 #define fnstcw(addr) __asm("fnstcw %0" : "=m" (*addr) : "0" (*addr)) 68 #define fnstsw(addr) __asm("fnstsw %0" : "=m" (*addr) : "0" (*addr)) 69 #define fp_divide_by_0() __asm("fldz; fld1; fdiv %st,%st(1); fwait") 70 #define frstor(addr) __asm("frstor %0" : : "m" (*addr)) 71 #define fwait() __asm("fwait") 72 #define read_eflags() ({u_long ef; \ 73 __asm("pushf; popl %0" : "=a" (ef)); \ 74 ef; }) 75 #define start_emulating() __asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \ 76 : : "n" (CR0_TS) : "ax") 77 #define stop_emulating() __asm("clts") 78 #define write_eflags(ef) __asm("pushl %0; popf" : : "a" ((u_long) ef)) 79 80 #else /* not __GNUC__ */ 81 82 void disable_intr __P((void)); 83 void enable_intr __P((void)); 84 void fldcw __P((caddr_t addr)); 85 void fnclex __P((void)); 86 void fninit __P((void)); 87 void fnsave __P((caddr_t addr)); 88 void fnstcw __P((caddr_t addr)); 89 void fnstsw __P((caddr_t addr)); 90 void fp_divide_by_0 __P((void)); 91 void frstor __P((caddr_t addr)); 92 void fwait __P((void)); 93 u_long read_eflags __P((void)); 94 void start_emulating __P((void)); 95 void stop_emulating __P((void)); 96 void write_eflags __P((u_long ef)); 97 98 #endif /* __GNUC__ */ 99 100 typedef u_char bool_t; 101 102 extern struct gate_descriptor idt[]; 103 104 int npxdna __P((void)); 105 void npxexit __P((struct proc *p)); 106 void npxinit __P((u_int control)); 107 void npxintr __P((struct intrframe frame)); 108 void npxsave __P((struct save87 *addr)); 109 static int npxattach __P((struct isa_device *dvp)); 110 static int npxprobe __P((struct isa_device *dvp)); 111 static int npxprobe1 __P((struct isa_device *dvp)); 112 113 struct isa_driver npxdriver = { 114 npxprobe, npxattach, "npx", 115 }; 116 117 u_int npx0_imask; 118 struct proc *npxproc; 119 120 static bool_t npx_ex16; 121 static bool_t npx_exists; 122 static struct gate_descriptor npx_idt_probeintr; 123 static int npx_intrno; 124 static volatile u_int npx_intrs_while_probing; 125 static bool_t npx_irq13; 126 static volatile u_int npx_traps_while_probing; 127 128 /* 129 * Special interrupt handlers. Someday intr0-intr15 will be used to count 130 * interrupts. We'll still need a special exception 16 handler. The busy 131 * latch stuff in probintr() can be moved to npxprobe(). 132 */ 133 void probeintr(void); 134 asm 135 (" 136 .text 137 _probeintr: 138 ss 139 incl _npx_intrs_while_probing 140 pushl %eax 141 movb $0x20,%al # EOI (asm in strings loses cpp features) 142 outb %al,$0xa0 # IO_ICU2 143 outb %al,$0x20 #IO_ICU1 144 movb $0,%al 145 outb %al,$0xf0 # clear BUSY# latch 146 popl %eax 147 iret 148 "); 149 150 void probetrap(void); 151 asm 152 (" 153 .text 154 _probetrap: 155 ss 156 incl _npx_traps_while_probing 157 fnclex 158 iret 159 "); 160 161 /* 162 * Probe routine. Initialize cr0 to give correct behaviour for [f]wait 163 * whether the device exists or not (XXX should be elsewhere). Set flags 164 * to tell npxattach() what to do. Modify device struct if npx doesn't 165 * need to use interrupts. Return 1 if device exists. 166 */ 167 static int 168 npxprobe(dvp) 169 struct isa_device *dvp; 170 { 171 int result; 172 u_long save_eflags; 173 u_char save_icu1_mask; 174 u_char save_icu2_mask; 175 struct gate_descriptor save_idt_npxintr; 176 struct gate_descriptor save_idt_npxtrap; 177 /* 178 * This routine is now just a wrapper for npxprobe1(), to install 179 * special npx interrupt and trap handlers, to enable npx interrupts 180 * and to disable other interrupts. Someday isa_configure() will 181 * install suitable handlers and run with interrupts enabled so we 182 * won't need to do so much here. 183 */ 184 npx_intrno = NRSVIDT + ffs(dvp->id_irq) - 1; 185 save_eflags = read_eflags(); 186 disable_intr(); 187 save_icu1_mask = inb(IO_ICU1 + 1); 188 save_icu2_mask = inb(IO_ICU2 + 1); 189 save_idt_npxintr = idt[npx_intrno]; 190 save_idt_npxtrap = idt[16]; 191 outb(IO_ICU1 + 1, ~(IRQ_SLAVE | dvp->id_irq)); 192 outb(IO_ICU2 + 1, ~(dvp->id_irq >> 8)); 193 setidt(16, probetrap, SDT_SYS386TGT, SEL_KPL); 194 setidt(npx_intrno, probeintr, SDT_SYS386IGT, SEL_KPL); 195 npx_idt_probeintr = idt[npx_intrno]; 196 enable_intr(); 197 result = npxprobe1(dvp); 198 disable_intr(); 199 outb(IO_ICU1 + 1, save_icu1_mask); 200 outb(IO_ICU2 + 1, save_icu2_mask); 201 idt[npx_intrno] = save_idt_npxintr; 202 idt[16] = save_idt_npxtrap; 203 write_eflags(save_eflags); 204 return (result); 205 } 206 207 static int 208 npxprobe1(dvp) 209 struct isa_device *dvp; 210 { 211 int control; 212 int status; 213 #ifdef lint 214 npxintr(); 215 #endif 216 /* 217 * Partially reset the coprocessor, if any. Some BIOS's don't reset 218 * it after a warm boot. 219 */ 220 outb(0xf1, 0); /* full reset on some systems, NOP on others */ 221 outb(0xf0, 0); /* clear BUSY# latch */ 222 /* 223 * Prepare to trap all ESC (i.e., NPX) instructions and all WAIT 224 * instructions. We must set the CR0_MP bit and use the CR0_TS 225 * bit to control the trap, because setting the CR0_EM bit does 226 * not cause WAIT instructions to trap. It's important to trap 227 * WAIT instructions - otherwise the "wait" variants of no-wait 228 * control instructions would degenerate to the "no-wait" variants 229 * after FP context switches but work correctly otherwise. It's 230 * particularly important to trap WAITs when there is no NPX - 231 * otherwise the "wait" variants would always degenerate. 232 * 233 * Try setting CR0_NE to get correct error reporting on 486DX's. 234 * Setting it should fail or do nothing on lesser processors. 235 */ 236 load_cr0(rcr0() | CR0_MP | CR0_NE); 237 /* 238 * But don't trap while we're probing. 239 */ 240 stop_emulating(); 241 /* 242 * Finish resetting the coprocessor, if any. If there is an error 243 * pending, then we may get a bogus IRQ13, but probeintr() will handle 244 * it OK. Bogus halts have never been observed, but we enabled 245 * IRQ13 and cleared the BUSY# latch early to handle them anyway. 246 */ 247 fninit(); 248 DELAY(1000); /* wait for any IRQ13 (fwait might hang) */ 249 #ifdef DIAGNOSTIC 250 if (npx_intrs_while_probing != 0) 251 printf("fninit caused %u bogus npx interrupt(s)\n", 252 npx_intrs_while_probing); 253 if (npx_traps_while_probing != 0) 254 printf("fninit caused %u bogus npx trap(s)\n", 255 npx_traps_while_probing); 256 #endif 257 /* 258 * Check for a status of mostly zero. 259 */ 260 status = 0x5a5a; 261 fnstsw(&status); 262 if ((status & 0xb8ff) == 0) { 263 /* 264 * Good, now check for a proper control word. 265 */ 266 control = 0x5a5a; 267 fnstcw(&control); 268 if ((control & 0x1f3f) == 0x033f) { 269 npx_exists = 1; 270 /* 271 * We have an npx, now divide by 0 to see if exception 272 * 16 works. 273 */ 274 control &= ~(1 << 2); /* enable divide by 0 trap */ 275 fldcw(&control); 276 npx_traps_while_probing = npx_intrs_while_probing = 0; 277 fp_divide_by_0(); 278 if (npx_traps_while_probing != 0) { 279 /* 280 * Good, exception 16 works. 281 */ 282 npx_ex16 = 1; 283 dvp->id_irq = 0; /* zap the interrupt */ 284 /* 285 * special return value to flag that we do not 286 * actually use any I/O registers 287 */ 288 return (-1); 289 } 290 if (npx_intrs_while_probing != 0) { 291 /* 292 * Bad, we are stuck with IRQ13. 293 */ 294 npx_irq13 = 1; 295 npx0_imask = dvp->id_irq; /* npxattach too late */ 296 return (IO_NPXSIZE); 297 } 298 /* 299 * Worse, even IRQ13 is broken. Use emulator. 300 */ 301 } 302 } 303 /* 304 * Probe failed, but we want to get to npxattach to initialize the 305 * emulator and say that it has been installed. XXX handle devices 306 * that aren't really devices better. 307 */ 308 dvp->id_irq = 0; 309 /* 310 * special return value to flag that we do not 311 * actually use any I/O registers 312 */ 313 return (-1); 314 } 315 316 /* 317 * Attach routine - announce which it is, and wire into system 318 */ 319 int 320 npxattach(dvp) 321 struct isa_device *dvp; 322 { 323 if (!npx_ex16 && !npx_irq13) { 324 if (npx_exists) { 325 printf("npx%d: Error reporting broken, using 387 emulator\n",dvp->id_unit); 326 npx_exists = 0; 327 } else { 328 printf("npx%d: 387 Emulator\n",dvp->id_unit); 329 } 330 } 331 npxinit(__INITIAL_NPXCW__); 332 return (1); /* XXX unused */ 333 } 334 335 /* 336 * Initialize floating point unit. 337 */ 338 void 339 npxinit(control) 340 u_int control; 341 { 342 struct save87 dummy; 343 344 if (!npx_exists) 345 return; 346 /* 347 * fninit has the same h/w bugs as fnsave. Use the detoxified 348 * fnsave to throw away any junk in the fpu. fnsave initializes 349 * the fpu and sets npxproc = NULL as important side effects. 350 */ 351 npxsave(&dummy); 352 stop_emulating(); 353 fldcw(&control); 354 if (curpcb != NULL) 355 fnsave(&curpcb->pcb_savefpu); 356 start_emulating(); 357 } 358 359 /* 360 * Free coprocessor (if we have it). 361 */ 362 void 363 npxexit(p) 364 struct proc *p; 365 { 366 367 if (p == npxproc) { 368 start_emulating(); 369 npxproc = NULL; 370 } 371 } 372 373 /* 374 * Record the FPU state and reinitialize it all except for the control word. 375 * Then generate a SIGFPE. 376 * 377 * Reinitializing the state allows naive SIGFPE handlers to longjmp without 378 * doing any fixups. 379 * 380 * XXX there is currently no way to pass the full error state to signal 381 * handlers, and if this is a nested interrupt there is no way to pass even 382 * a status code! So there is no way to have a non-naive SIGFPE handler. At 383 * best a handler could do an fninit followed by an fldcw of a static value. 384 * fnclex would be of little use because it would leave junk on the FPU stack. 385 * Returning from the handler would be even less safe than usual because 386 * IRQ13 exception handling makes exceptions even less precise than usual. 387 */ 388 void 389 npxintr(frame) 390 struct intrframe frame; 391 { 392 int code; 393 394 if (npxproc == NULL || !npx_exists) { 395 /* XXX no %p in stand/printf.c. Cast to quiet gcc -Wall. */ 396 printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n", 397 (u_long) npxproc, (u_long) curproc, npx_exists); 398 panic("npxintr from nowhere"); 399 } 400 if (npxproc != curproc) { 401 printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n", 402 (u_long) npxproc, (u_long) curproc, npx_exists); 403 panic("npxintr from non-current process"); 404 } 405 /* 406 * Save state. This does an implied fninit. It had better not halt 407 * the cpu or we'll hang. 408 */ 409 outb(0xf0, 0); 410 fnsave(&curpcb->pcb_savefpu); 411 fwait(); 412 /* 413 * Restore control word (was clobbered by fnsave). 414 */ 415 fldcw(&curpcb->pcb_savefpu.sv_env.en_cw); 416 fwait(); 417 /* 418 * Remember the exception status word and tag word. The current 419 * (almost fninit'ed) fpu state is in the fpu and the exception 420 * state just saved will soon be junk. However, the implied fninit 421 * doesn't change the error pointers or register contents, and we 422 * preserved the control word and will copy the status and tag 423 * words, so the complete exception state can be recovered. 424 */ 425 curpcb->pcb_savefpu.sv_ex_sw = curpcb->pcb_savefpu.sv_env.en_sw; 426 curpcb->pcb_savefpu.sv_ex_tw = curpcb->pcb_savefpu.sv_env.en_tw; 427 428 /* 429 * Pass exception to process. 430 */ 431 if (ISPL(frame.if_cs) == SEL_UPL) { 432 /* 433 * Interrupt is essentially a trap, so we can afford to call 434 * the SIGFPE handler (if any) as soon as the interrupt 435 * returns. 436 * 437 * XXX little or nothing is gained from this, and plenty is 438 * lost - the interrupt frame has to contain the trap frame 439 * (this is otherwise only necessary for the rescheduling trap 440 * in doreti, and the frame for that could easily be set up 441 * just before it is used). 442 */ 443 curproc->p_md.md_regs = (int *)&frame.if_es; 444 #ifdef notyet 445 /* 446 * Encode the appropriate code for detailed information on 447 * this exception. 448 */ 449 code = XXX_ENCODE(curpcb->pcb_savefpu.sv_ex_sw); 450 #else 451 code = 0; /* XXX */ 452 #endif 453 trapsignal(curproc, SIGFPE, code); 454 } else { 455 /* 456 * Nested interrupt. These losers occur when: 457 * o an IRQ13 is bogusly generated at a bogus time, e.g.: 458 * o immediately after an fnsave or frstor of an 459 * error state. 460 * o a couple of 386 instructions after 461 * "fstpl _memvar" causes a stack overflow. 462 * These are especially nasty when combined with a 463 * trace trap. 464 * o an IRQ13 occurs at the same time as another higher- 465 * priority interrupt. 466 * 467 * Treat them like a true async interrupt. 468 */ 469 psignal(npxproc, SIGFPE); 470 } 471 } 472 473 /* 474 * Implement device not available (DNA) exception 475 * 476 * It would be better to switch FP context here (only). This would require 477 * saving the state in the proc table instead of in the pcb. 478 */ 479 int 480 npxdna() 481 { 482 if (!npx_exists) 483 return (0); 484 if (npxproc != NULL) { 485 printf("npxdna: npxproc = %lx, curproc = %lx\n", 486 (u_long) npxproc, (u_long) curproc); 487 panic("npxdna"); 488 } 489 stop_emulating(); 490 /* 491 * Record new context early in case frstor causes an IRQ13. 492 */ 493 npxproc = curproc; 494 /* 495 * The following frstor may cause an IRQ13 when the state being 496 * restored has a pending error. The error will appear to have been 497 * triggered by the current (npx) user instruction even when that 498 * instruction is a no-wait instruction that should not trigger an 499 * error (e.g., fnclex). On at least one 486 system all of the 500 * no-wait instructions are broken the same as frstor, so our 501 * treatment does not amplify the breakage. On at least one 502 * 386/Cyrix 387 system, fnclex works correctly while frstor and 503 * fnsave are broken, so our treatment breaks fnclex if it is the 504 * first FPU instruction after a context switch. 505 */ 506 frstor(&curpcb->pcb_savefpu); 507 508 return (1); 509 } 510 511 /* 512 * Wrapper for fnsave instruction to handle h/w bugs. If there is an error 513 * pending, then fnsave generates a bogus IRQ13 on some systems. Force 514 * any IRQ13 to be handled immediately, and then ignore it. This routine is 515 * often called at splhigh so it must not use many system services. In 516 * particular, it's much easier to install a special handler than to 517 * guarantee that it's safe to use npxintr() and its supporting code. 518 */ 519 void 520 npxsave(addr) 521 struct save87 *addr; 522 { 523 u_char icu1_mask; 524 u_char icu2_mask; 525 u_char old_icu1_mask; 526 u_char old_icu2_mask; 527 struct gate_descriptor save_idt_npxintr; 528 529 disable_intr(); 530 old_icu1_mask = inb(IO_ICU1 + 1); 531 old_icu2_mask = inb(IO_ICU2 + 1); 532 save_idt_npxintr = idt[npx_intrno]; 533 outb(IO_ICU1 + 1, old_icu1_mask & ~(IRQ_SLAVE | npx0_imask)); 534 outb(IO_ICU2 + 1, old_icu2_mask & ~(npx0_imask >> 8)); 535 idt[npx_intrno] = npx_idt_probeintr; 536 enable_intr(); 537 stop_emulating(); 538 fnsave(addr); 539 fwait(); 540 start_emulating(); 541 npxproc = NULL; 542 disable_intr(); 543 icu1_mask = inb(IO_ICU1 + 1); /* masks may have changed */ 544 icu2_mask = inb(IO_ICU2 + 1); 545 outb(IO_ICU1 + 1, 546 (icu1_mask & ~npx0_imask) | (old_icu1_mask & npx0_imask)); 547 outb(IO_ICU2 + 1, 548 (icu2_mask & ~(npx0_imask >> 8)) 549 | (old_icu2_mask & (npx0_imask >> 8))); 550 idt[npx_intrno] = save_idt_npxintr; 551 enable_intr(); /* back to usual state */ 552 } 553 554 #endif /* NNPX > 0 */ 555