1 /*- 2 * Copyright (c) 1990 William Jolitz. 3 * Copyright (c) 1991 The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by the University of 17 * California, Berkeley and its contributors. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * from: @(#)npx.c 7.2 (Berkeley) 5/12/91 35 * $Id: npx.c,v 1.39 1997/02/22 09:36:57 peter Exp $ 36 */ 37 38 #include "npx.h" 39 #if NNPX > 0 40 41 #include "opt_cpu.h" 42 #include "opt_math_emulate.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/sysctl.h> 48 #include <sys/conf.h> 49 #include <sys/file.h> 50 #include <sys/proc.h> 51 #ifdef NPX_DEBUG 52 #include <sys/syslog.h> 53 #endif 54 #include <sys/signalvar.h> 55 56 #include <machine/cpu.h> 57 #include <machine/pcb.h> 58 #include <machine/md_var.h> 59 #include <machine/trap.h> 60 #include <machine/clock.h> 61 #include <machine/specialreg.h> 62 63 #include <i386/isa/icu.h> 64 #include <i386/isa/isa_device.h> 65 #include <i386/isa/isa.h> 66 67 /* 68 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver. 69 */ 70 71 /* Configuration flags. */ 72 #define NPX_DISABLE_I586_OPTIMIZED_BCOPY (1 << 0) 73 #define NPX_DISABLE_I586_OPTIMIZED_BZERO (1 << 1) 74 #define NPX_DISABLE_I586_OPTIMIZED_COPYIO (1 << 2) 75 76 /* XXX - should be in header file. */ 77 extern void (*bcopy_vector) __P((const void *from, void *to, size_t len)); 78 extern void (*ovbcopy_vector) __P((const void *from, void *to, size_t len)); 79 extern int (*copyin_vector) __P((const void *udaddr, void *kaddr, size_t len)); 80 extern int (*copyout_vector) __P((const void *kaddr, void *udaddr, size_t len)); 81 82 void i586_bcopy __P((const void *from, void *to, size_t len)); 83 void i586_bzero __P((void *buf, size_t len)); 84 int i586_copyin __P((const void *udaddr, void *kaddr, size_t len)); 85 int i586_copyout __P((const void *kaddr, void *udaddr, size_t len)); 86 87 #ifdef __GNUC__ 88 89 #define fldcw(addr) __asm("fldcw %0" : : "m" (*(addr))) 90 #define fnclex() __asm("fnclex") 91 #define fninit() __asm("fninit") 92 #define fnop() __asm("fnop") 93 #define fnsave(addr) __asm("fnsave %0" : "=m" (*(addr))) 94 #define fnstcw(addr) __asm("fnstcw %0" : "=m" (*(addr))) 95 #define fnstsw(addr) __asm("fnstsw %0" : "=m" (*(addr))) 96 #define fp_divide_by_0() __asm("fldz; fld1; fdiv %st,%st(1); fnop") 97 #define frstor(addr) __asm("frstor %0" : : "m" (*(addr))) 98 #define start_emulating() __asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \ 99 : : "n" (CR0_TS) : "ax") 100 #define stop_emulating() __asm("clts") 101 102 #else /* not __GNUC__ */ 103 104 void fldcw __P((caddr_t addr)); 105 void fnclex __P((void)); 106 void fninit __P((void)); 107 void fnop __P((void)); 108 void fnsave __P((caddr_t addr)); 109 void fnstcw __P((caddr_t addr)); 110 void fnstsw __P((caddr_t addr)); 111 void fp_divide_by_0 __P((void)); 112 void frstor __P((caddr_t addr)); 113 void start_emulating __P((void)); 114 void stop_emulating __P((void)); 115 116 #endif /* __GNUC__ */ 117 118 typedef u_char bool_t; 119 120 static int npxattach __P((struct isa_device *dvp)); 121 static int npxprobe __P((struct isa_device *dvp)); 122 static int npxprobe1 __P((struct isa_device *dvp)); 123 124 struct isa_driver npxdriver = { 125 npxprobe, npxattach, "npx", 126 }; 127 128 int hw_float; /* XXX currently just alias for npx_exists */ 129 130 SYSCTL_INT(_hw,HW_FLOATINGPT, floatingpoint, 131 CTLFLAG_RD, &hw_float, 0, 132 "Floatingpoint instructions executed in hardware"); 133 134 static u_int npx0_imask = SWI_CLOCK_MASK; 135 struct proc *npxproc; 136 137 static bool_t npx_ex16; 138 static bool_t npx_exists; 139 static struct gate_descriptor npx_idt_probeintr; 140 static int npx_intrno; 141 static volatile u_int npx_intrs_while_probing; 142 static bool_t npx_irq13; 143 static volatile u_int npx_traps_while_probing; 144 145 /* 146 * Special interrupt handlers. Someday intr0-intr15 will be used to count 147 * interrupts. We'll still need a special exception 16 handler. The busy 148 * latch stuff in probeintr() can be moved to npxprobe(). 149 */ 150 inthand_t probeintr; 151 asm 152 (" 153 .text 154 _probeintr: 155 ss 156 incl _npx_intrs_while_probing 157 pushl %eax 158 movb $0x20,%al # EOI (asm in strings loses cpp features) 159 outb %al,$0xa0 # IO_ICU2 160 outb %al,$0x20 # IO_ICU1 161 movb $0,%al 162 outb %al,$0xf0 # clear BUSY# latch 163 popl %eax 164 iret 165 "); 166 167 inthand_t probetrap; 168 asm 169 (" 170 .text 171 _probetrap: 172 ss 173 incl _npx_traps_while_probing 174 fnclex 175 iret 176 "); 177 178 /* 179 * Probe routine. Initialize cr0 to give correct behaviour for [f]wait 180 * whether the device exists or not (XXX should be elsewhere). Set flags 181 * to tell npxattach() what to do. Modify device struct if npx doesn't 182 * need to use interrupts. Return 1 if device exists. 183 */ 184 static int 185 npxprobe(dvp) 186 struct isa_device *dvp; 187 { 188 int result; 189 u_long save_eflags; 190 u_char save_icu1_mask; 191 u_char save_icu2_mask; 192 struct gate_descriptor save_idt_npxintr; 193 struct gate_descriptor save_idt_npxtrap; 194 /* 195 * This routine is now just a wrapper for npxprobe1(), to install 196 * special npx interrupt and trap handlers, to enable npx interrupts 197 * and to disable other interrupts. Someday isa_configure() will 198 * install suitable handlers and run with interrupts enabled so we 199 * won't need to do so much here. 200 */ 201 npx_intrno = NRSVIDT + ffs(dvp->id_irq) - 1; 202 save_eflags = read_eflags(); 203 disable_intr(); 204 save_icu1_mask = inb(IO_ICU1 + 1); 205 save_icu2_mask = inb(IO_ICU2 + 1); 206 save_idt_npxintr = idt[npx_intrno]; 207 save_idt_npxtrap = idt[16]; 208 outb(IO_ICU1 + 1, ~(IRQ_SLAVE | dvp->id_irq)); 209 outb(IO_ICU2 + 1, ~(dvp->id_irq >> 8)); 210 setidt(16, probetrap, SDT_SYS386TGT, SEL_KPL, GSEL(GCODE_SEL, SEL_KPL)); 211 setidt(npx_intrno, probeintr, SDT_SYS386IGT, SEL_KPL, GSEL(GCODE_SEL, SEL_KPL)); 212 npx_idt_probeintr = idt[npx_intrno]; 213 enable_intr(); 214 result = npxprobe1(dvp); 215 disable_intr(); 216 outb(IO_ICU1 + 1, save_icu1_mask); 217 outb(IO_ICU2 + 1, save_icu2_mask); 218 idt[npx_intrno] = save_idt_npxintr; 219 idt[16] = save_idt_npxtrap; 220 write_eflags(save_eflags); 221 return (result); 222 } 223 224 static int 225 npxprobe1(dvp) 226 struct isa_device *dvp; 227 { 228 u_short control; 229 u_short status; 230 231 /* 232 * Partially reset the coprocessor, if any. Some BIOS's don't reset 233 * it after a warm boot. 234 */ 235 outb(0xf1, 0); /* full reset on some systems, NOP on others */ 236 outb(0xf0, 0); /* clear BUSY# latch */ 237 /* 238 * Prepare to trap all ESC (i.e., NPX) instructions and all WAIT 239 * instructions. We must set the CR0_MP bit and use the CR0_TS 240 * bit to control the trap, because setting the CR0_EM bit does 241 * not cause WAIT instructions to trap. It's important to trap 242 * WAIT instructions - otherwise the "wait" variants of no-wait 243 * control instructions would degenerate to the "no-wait" variants 244 * after FP context switches but work correctly otherwise. It's 245 * particularly important to trap WAITs when there is no NPX - 246 * otherwise the "wait" variants would always degenerate. 247 * 248 * Try setting CR0_NE to get correct error reporting on 486DX's. 249 * Setting it should fail or do nothing on lesser processors. 250 */ 251 load_cr0(rcr0() | CR0_MP | CR0_NE); 252 /* 253 * But don't trap while we're probing. 254 */ 255 stop_emulating(); 256 /* 257 * Finish resetting the coprocessor, if any. If there is an error 258 * pending, then we may get a bogus IRQ13, but probeintr() will handle 259 * it OK. Bogus halts have never been observed, but we enabled 260 * IRQ13 and cleared the BUSY# latch early to handle them anyway. 261 */ 262 fninit(); 263 /* 264 * Don't use fwait here because it might hang. 265 * Don't use fnop here because it usually hangs if there is no FPU. 266 */ 267 DELAY(1000); /* wait for any IRQ13 */ 268 #ifdef DIAGNOSTIC 269 if (npx_intrs_while_probing != 0) 270 printf("fninit caused %u bogus npx interrupt(s)\n", 271 npx_intrs_while_probing); 272 if (npx_traps_while_probing != 0) 273 printf("fninit caused %u bogus npx trap(s)\n", 274 npx_traps_while_probing); 275 #endif 276 /* 277 * Check for a status of mostly zero. 278 */ 279 status = 0x5a5a; 280 fnstsw(&status); 281 if ((status & 0xb8ff) == 0) { 282 /* 283 * Good, now check for a proper control word. 284 */ 285 control = 0x5a5a; 286 fnstcw(&control); 287 if ((control & 0x1f3f) == 0x033f) { 288 hw_float = npx_exists = 1; 289 /* 290 * We have an npx, now divide by 0 to see if exception 291 * 16 works. 292 */ 293 control &= ~(1 << 2); /* enable divide by 0 trap */ 294 fldcw(&control); 295 npx_traps_while_probing = npx_intrs_while_probing = 0; 296 fp_divide_by_0(); 297 if (npx_traps_while_probing != 0) { 298 /* 299 * Good, exception 16 works. 300 */ 301 npx_ex16 = 1; 302 dvp->id_irq = 0; /* zap the interrupt */ 303 /* 304 * special return value to flag that we do not 305 * actually use any I/O registers 306 */ 307 return (-1); 308 } 309 if (npx_intrs_while_probing != 0) { 310 /* 311 * Bad, we are stuck with IRQ13. 312 */ 313 npx_irq13 = 1; 314 /* 315 * npxattach would be too late to set npx0_imask. 316 */ 317 npx0_imask |= dvp->id_irq; 318 return (IO_NPXSIZE); 319 } 320 /* 321 * Worse, even IRQ13 is broken. Use emulator. 322 */ 323 } 324 } 325 /* 326 * Probe failed, but we want to get to npxattach to initialize the 327 * emulator and say that it has been installed. XXX handle devices 328 * that aren't really devices better. 329 */ 330 dvp->id_irq = 0; 331 /* 332 * special return value to flag that we do not 333 * actually use any I/O registers 334 */ 335 return (-1); 336 } 337 338 /* 339 * Attach routine - announce which it is, and wire into system 340 */ 341 int 342 npxattach(dvp) 343 struct isa_device *dvp; 344 { 345 /* The caller has printed "irq 13" for the npx_irq13 case. */ 346 if (!npx_irq13) { 347 printf("npx%d: ", dvp->id_unit); 348 if (npx_ex16) 349 printf("INT 16 interface\n"); 350 #if defined(MATH_EMULATE) || defined(GPL_MATH_EMULATE) 351 else if (npx_exists) { 352 printf("error reporting broken; using 387 emulator\n"); 353 hw_float = npx_exists = 0; 354 } else 355 printf("387 emulator\n"); 356 #else 357 else 358 printf("no 387 emulator in kernel!\n"); 359 #endif 360 } 361 npxinit(__INITIAL_NPXCW__); 362 363 #ifdef I586_CPU 364 if (cpu_class == CPUCLASS_586 && npx_ex16) { 365 if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_BCOPY)) { 366 bcopy_vector = i586_bcopy; 367 ovbcopy_vector = i586_bcopy; 368 } 369 if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_BZERO)) 370 bzero = i586_bzero; 371 if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_COPYIO)) { 372 copyin_vector = i586_copyin; 373 copyout_vector = i586_copyout; 374 } 375 } 376 #endif 377 378 return (1); /* XXX unused */ 379 } 380 381 /* 382 * Initialize floating point unit. 383 */ 384 void 385 npxinit(control) 386 u_short control; 387 { 388 struct save87 dummy; 389 390 if (!npx_exists) 391 return; 392 /* 393 * fninit has the same h/w bugs as fnsave. Use the detoxified 394 * fnsave to throw away any junk in the fpu. npxsave() initializes 395 * the fpu and sets npxproc = NULL as important side effects. 396 */ 397 npxsave(&dummy); 398 stop_emulating(); 399 fldcw(&control); 400 if (curpcb != NULL) 401 fnsave(&curpcb->pcb_savefpu); 402 start_emulating(); 403 } 404 405 /* 406 * Free coprocessor (if we have it). 407 */ 408 void 409 npxexit(p) 410 struct proc *p; 411 { 412 413 if (p == npxproc) 414 npxsave(&curpcb->pcb_savefpu); 415 #ifdef NPX_DEBUG 416 if (npx_exists) { 417 u_int masked_exceptions; 418 419 masked_exceptions = curpcb->pcb_savefpu.sv_env.en_cw 420 & curpcb->pcb_savefpu.sv_env.en_sw & 0x7f; 421 /* 422 * Log exceptions that would have trapped with the old 423 * control word (overflow, divide by 0, and invalid operand). 424 */ 425 if (masked_exceptions & 0x0d) 426 log(LOG_ERR, 427 "pid %d (%s) exited with masked floating point exceptions 0x%02x\n", 428 p->p_pid, p->p_comm, masked_exceptions); 429 } 430 #endif 431 } 432 433 /* 434 * Preserve the FP status word, clear FP exceptions, then generate a SIGFPE. 435 * 436 * Clearing exceptions is necessary mainly to avoid IRQ13 bugs. We now 437 * depend on longjmp() restoring a usable state. Restoring the state 438 * or examining it might fail if we didn't clear exceptions. 439 * 440 * XXX there is no standard way to tell SIGFPE handlers about the error 441 * state. The old interface: 442 * 443 * void handler(int sig, int code, struct sigcontext *scp); 444 * 445 * is broken because it is non-ANSI and because the FP state is not in 446 * struct sigcontext. 447 * 448 * XXX the FP state is not preserved across signal handlers. So signal 449 * handlers cannot afford to do FP unless they preserve the state or 450 * longjmp() out. Both preserving the state and longjmp()ing may be 451 * destroyed by IRQ13 bugs. Clearing FP exceptions is not an acceptable 452 * solution for signals other than SIGFPE. 453 */ 454 void 455 npxintr(unit) 456 int unit; 457 { 458 int code; 459 struct intrframe *frame; 460 461 if (npxproc == NULL || !npx_exists) { 462 printf("npxintr: npxproc = %p, curproc = %p, npx_exists = %d\n", 463 npxproc, curproc, npx_exists); 464 panic("npxintr from nowhere"); 465 } 466 if (npxproc != curproc) { 467 printf("npxintr: npxproc = %p, curproc = %p, npx_exists = %d\n", 468 npxproc, curproc, npx_exists); 469 panic("npxintr from non-current process"); 470 } 471 472 outb(0xf0, 0); 473 fnstsw(&curpcb->pcb_savefpu.sv_ex_sw); 474 fnclex(); 475 fnop(); 476 477 /* 478 * Pass exception to process. 479 */ 480 frame = (struct intrframe *)&unit; /* XXX */ 481 if (ISPL(frame->if_cs) == SEL_UPL) { 482 /* 483 * Interrupt is essentially a trap, so we can afford to call 484 * the SIGFPE handler (if any) as soon as the interrupt 485 * returns. 486 * 487 * XXX little or nothing is gained from this, and plenty is 488 * lost - the interrupt frame has to contain the trap frame 489 * (this is otherwise only necessary for the rescheduling trap 490 * in doreti, and the frame for that could easily be set up 491 * just before it is used). 492 */ 493 curproc->p_md.md_regs = &frame->if_es; 494 #ifdef notyet 495 /* 496 * Encode the appropriate code for detailed information on 497 * this exception. 498 */ 499 code = XXX_ENCODE(curpcb->pcb_savefpu.sv_ex_sw); 500 #else 501 code = 0; /* XXX */ 502 #endif 503 trapsignal(curproc, SIGFPE, code); 504 } else { 505 /* 506 * Nested interrupt. These losers occur when: 507 * o an IRQ13 is bogusly generated at a bogus time, e.g.: 508 * o immediately after an fnsave or frstor of an 509 * error state. 510 * o a couple of 386 instructions after 511 * "fstpl _memvar" causes a stack overflow. 512 * These are especially nasty when combined with a 513 * trace trap. 514 * o an IRQ13 occurs at the same time as another higher- 515 * priority interrupt. 516 * 517 * Treat them like a true async interrupt. 518 */ 519 psignal(curproc, SIGFPE); 520 } 521 } 522 523 /* 524 * Implement device not available (DNA) exception 525 * 526 * It would be better to switch FP context here (if curproc != npxproc) 527 * and not necessarily for every context switch, but it is too hard to 528 * access foreign pcb's. 529 */ 530 int 531 npxdna() 532 { 533 if (!npx_exists) 534 return (0); 535 if (npxproc != NULL) { 536 printf("npxdna: npxproc = %p, curproc = %p\n", 537 npxproc, curproc); 538 panic("npxdna"); 539 } 540 stop_emulating(); 541 /* 542 * Record new context early in case frstor causes an IRQ13. 543 */ 544 npxproc = curproc; 545 curpcb->pcb_savefpu.sv_ex_sw = 0; 546 /* 547 * The following frstor may cause an IRQ13 when the state being 548 * restored has a pending error. The error will appear to have been 549 * triggered by the current (npx) user instruction even when that 550 * instruction is a no-wait instruction that should not trigger an 551 * error (e.g., fnclex). On at least one 486 system all of the 552 * no-wait instructions are broken the same as frstor, so our 553 * treatment does not amplify the breakage. On at least one 554 * 386/Cyrix 387 system, fnclex works correctly while frstor and 555 * fnsave are broken, so our treatment breaks fnclex if it is the 556 * first FPU instruction after a context switch. 557 */ 558 frstor(&curpcb->pcb_savefpu); 559 560 return (1); 561 } 562 563 /* 564 * Wrapper for fnsave instruction to handle h/w bugs. If there is an error 565 * pending, then fnsave generates a bogus IRQ13 on some systems. Force 566 * any IRQ13 to be handled immediately, and then ignore it. This routine is 567 * often called at splhigh so it must not use many system services. In 568 * particular, it's much easier to install a special handler than to 569 * guarantee that it's safe to use npxintr() and its supporting code. 570 */ 571 void 572 npxsave(addr) 573 struct save87 *addr; 574 { 575 u_char icu1_mask; 576 u_char icu2_mask; 577 u_char old_icu1_mask; 578 u_char old_icu2_mask; 579 struct gate_descriptor save_idt_npxintr; 580 581 disable_intr(); 582 old_icu1_mask = inb(IO_ICU1 + 1); 583 old_icu2_mask = inb(IO_ICU2 + 1); 584 save_idt_npxintr = idt[npx_intrno]; 585 outb(IO_ICU1 + 1, old_icu1_mask & ~(IRQ_SLAVE | npx0_imask)); 586 outb(IO_ICU2 + 1, old_icu2_mask & ~(npx0_imask >> 8)); 587 idt[npx_intrno] = npx_idt_probeintr; 588 enable_intr(); 589 stop_emulating(); 590 fnsave(addr); 591 fnop(); 592 start_emulating(); 593 npxproc = NULL; 594 disable_intr(); 595 icu1_mask = inb(IO_ICU1 + 1); /* masks may have changed */ 596 icu2_mask = inb(IO_ICU2 + 1); 597 outb(IO_ICU1 + 1, 598 (icu1_mask & ~npx0_imask) | (old_icu1_mask & npx0_imask)); 599 outb(IO_ICU2 + 1, 600 (icu2_mask & ~(npx0_imask >> 8)) 601 | (old_icu2_mask & (npx0_imask >> 8))); 602 idt[npx_intrno] = save_idt_npxintr; 603 enable_intr(); /* back to usual state */ 604 } 605 606 #endif /* NNPX > 0 */ 607