1 /*- 2 * Copyright (c) 1990 William Jolitz. 3 * Copyright (c) 1991 The Regents of the University of California. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. All advertising materials mentioning features or use of this software 15 * must display the following acknowledgement: 16 * This product includes software developed by the University of 17 * California, Berkeley and its contributors. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * from: @(#)npx.c 7.2 (Berkeley) 5/12/91 35 * $Id: npx.c,v 1.6 1994/01/03 07:55:43 davidg Exp $ 36 */ 37 38 #include "npx.h" 39 #if NNPX > 0 40 41 #include "param.h" 42 #include "systm.h" 43 #include "conf.h" 44 #include "file.h" 45 #include "proc.h" 46 #include "machine/cpu.h" 47 #include "machine/pcb.h" 48 #include "machine/trap.h" 49 #include "ioctl.h" 50 #include "machine/specialreg.h" 51 #include "i386/isa/icu.h" 52 #include "i386/isa/isa_device.h" 53 #include "i386/isa/isa.h" 54 55 /* 56 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver. 57 */ 58 59 #ifdef __GNUC__ 60 61 #define disable_intr() __asm("cli") 62 #define enable_intr() __asm("sti") 63 #define fldcw(addr) __asm("fldcw %0" : : "m" (*addr)) 64 #define fnclex() __asm("fnclex") 65 #define fninit() __asm("fninit") 66 #define fnsave(addr) __asm("fnsave %0" : "=m" (*addr) : "0" (*addr)) 67 #define fnstcw(addr) __asm("fnstcw %0" : "=m" (*addr) : "0" (*addr)) 68 #define fnstsw(addr) __asm("fnstsw %0" : "=m" (*addr) : "0" (*addr)) 69 #define fp_divide_by_0() __asm("fldz; fld1; fdiv %st,%st(1); fwait") 70 #define frstor(addr) __asm("frstor %0" : : "m" (*addr)) 71 #define fwait() __asm("fwait") 72 #define read_eflags() ({u_long ef; \ 73 __asm("pushf; popl %0" : "=a" (ef)); \ 74 ef; }) 75 #define start_emulating() __asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \ 76 : : "n" (CR0_TS) : "ax") 77 #define stop_emulating() __asm("clts") 78 #define write_eflags(ef) __asm("pushl %0; popf" : : "a" ((u_long) ef)) 79 80 #else /* not __GNUC__ */ 81 82 void disable_intr __P((void)); 83 void enable_intr __P((void)); 84 void fldcw __P((caddr_t addr)); 85 void fnclex __P((void)); 86 void fninit __P((void)); 87 void fnsave __P((caddr_t addr)); 88 void fnstcw __P((caddr_t addr)); 89 void fnstsw __P((caddr_t addr)); 90 void fp_divide_by_0 __P((void)); 91 void frstor __P((caddr_t addr)); 92 void fwait __P((void)); 93 u_long read_eflags __P((void)); 94 void start_emulating __P((void)); 95 void stop_emulating __P((void)); 96 void write_eflags __P((u_long ef)); 97 98 #endif /* __GNUC__ */ 99 100 typedef u_char bool_t; 101 102 extern struct gate_descriptor idt[]; 103 104 int npxdna __P((void)); 105 void npxexit __P((struct proc *p)); 106 void npxinit __P((u_int control)); 107 void npxintr __P((struct intrframe frame)); 108 void npxsave __P((struct save87 *addr)); 109 static int npxattach __P((struct isa_device *dvp)); 110 static int npxprobe __P((struct isa_device *dvp)); 111 static int npxprobe1 __P((struct isa_device *dvp)); 112 113 struct isa_driver npxdriver = { 114 npxprobe, npxattach, "npx", 115 }; 116 117 u_int npx0_imask; 118 struct proc *npxproc; 119 120 static bool_t npx_ex16; 121 static bool_t npx_exists; 122 static struct gate_descriptor npx_idt_probeintr; 123 static int npx_intrno; 124 static volatile u_int npx_intrs_while_probing; 125 static bool_t npx_irq13; 126 static volatile u_int npx_traps_while_probing; 127 128 /* 129 * Special interrupt handlers. Someday intr0-intr15 will be used to count 130 * interrupts. We'll still need a special exception 16 handler. The busy 131 * latch stuff in probintr() can be moved to npxprobe(). 132 */ 133 void probeintr(void); 134 asm 135 (" 136 .text 137 _probeintr: 138 ss 139 incl _npx_intrs_while_probing 140 pushl %eax 141 movb $0x20,%al # EOI (asm in strings loses cpp features) 142 outb %al,$0xa0 # IO_ICU2 143 outb %al,$0x20 #IO_ICU1 144 movb $0,%al 145 outb %al,$0xf0 # clear BUSY# latch 146 popl %eax 147 iret 148 "); 149 150 void probetrap(void); 151 asm 152 (" 153 .text 154 _probetrap: 155 ss 156 incl _npx_traps_while_probing 157 fnclex 158 iret 159 "); 160 161 /* 162 * Probe routine. Initialize cr0 to give correct behaviour for [f]wait 163 * whether the device exists or not (XXX should be elsewhere). Set flags 164 * to tell npxattach() what to do. Modify device struct if npx doesn't 165 * need to use interrupts. Return 1 if device exists. 166 */ 167 static int 168 npxprobe(dvp) 169 struct isa_device *dvp; 170 { 171 int result; 172 u_long save_eflags; 173 u_char save_icu1_mask; 174 u_char save_icu2_mask; 175 struct gate_descriptor save_idt_npxintr; 176 struct gate_descriptor save_idt_npxtrap; 177 /* 178 * This routine is now just a wrapper for npxprobe1(), to install 179 * special npx interrupt and trap handlers, to enable npx interrupts 180 * and to disable other interrupts. Someday isa_configure() will 181 * install suitable handlers and run with interrupts enabled so we 182 * won't need to do so much here. 183 */ 184 npx_intrno = NRSVIDT + ffs(dvp->id_irq) - 1; 185 save_eflags = read_eflags(); 186 disable_intr(); 187 save_icu1_mask = inb(IO_ICU1 + 1); 188 save_icu2_mask = inb(IO_ICU2 + 1); 189 save_idt_npxintr = idt[npx_intrno]; 190 save_idt_npxtrap = idt[16]; 191 outb(IO_ICU1 + 1, ~(IRQ_SLAVE | dvp->id_irq)); 192 outb(IO_ICU2 + 1, ~(dvp->id_irq >> 8)); 193 setidt(16, probetrap, SDT_SYS386TGT, SEL_KPL); 194 setidt(npx_intrno, probeintr, SDT_SYS386IGT, SEL_KPL); 195 npx_idt_probeintr = idt[npx_intrno]; 196 enable_intr(); 197 result = npxprobe1(dvp); 198 disable_intr(); 199 outb(IO_ICU1 + 1, save_icu1_mask); 200 outb(IO_ICU2 + 1, save_icu2_mask); 201 idt[npx_intrno] = save_idt_npxintr; 202 idt[16] = save_idt_npxtrap; 203 write_eflags(save_eflags); 204 return (result); 205 } 206 207 static int 208 npxprobe1(dvp) 209 struct isa_device *dvp; 210 { 211 int control; 212 int status; 213 #ifdef lint 214 npxintr(); 215 #endif 216 /* 217 * Partially reset the coprocessor, if any. Some BIOS's don't reset 218 * it after a warm boot. 219 */ 220 outb(0xf1, 0); /* full reset on some systems, NOP on others */ 221 outb(0xf0, 0); /* clear BUSY# latch */ 222 /* 223 * Prepare to trap all ESC (i.e., NPX) instructions and all WAIT 224 * instructions. We must set the CR0_MP bit and use the CR0_TS 225 * bit to control the trap, because setting the CR0_EM bit does 226 * not cause WAIT instructions to trap. It's important to trap 227 * WAIT instructions - otherwise the "wait" variants of no-wait 228 * control instructions would degenerate to the "no-wait" variants 229 * after FP context switches but work correctly otherwise. It's 230 * particularly important to trap WAITs when there is no NPX - 231 * otherwise the "wait" variants would always degenerate. 232 * 233 * Try setting CR0_NE to get correct error reporting on 486DX's. 234 * Setting it should fail or do nothing on lesser processors. 235 */ 236 load_cr0(rcr0() | CR0_MP | CR0_NE); 237 /* 238 * But don't trap while we're probing. 239 */ 240 stop_emulating(); 241 /* 242 * Finish resetting the coprocessor, if any. If there is an error 243 * pending, then we may get a bogus IRQ13, but probeintr() will handle 244 * it OK. Bogus halts have never been observed, but we enabled 245 * IRQ13 and cleared the BUSY# latch early to handle them anyway. 246 */ 247 fninit(); 248 DELAY(1000); /* wait for any IRQ13 (fwait might hang) */ 249 #ifdef DIAGNOSTIC 250 if (npx_intrs_while_probing != 0) 251 printf("fninit caused %u bogus npx interrupt(s)\n", 252 npx_intrs_while_probing); 253 if (npx_traps_while_probing != 0) 254 printf("fninit caused %u bogus npx trap(s)\n", 255 npx_traps_while_probing); 256 #endif 257 /* 258 * Check for a status of mostly zero. 259 */ 260 status = 0x5a5a; 261 fnstsw(&status); 262 if ((status & 0xb8ff) == 0) { 263 /* 264 * Good, now check for a proper control word. 265 */ 266 control = 0x5a5a; 267 fnstcw(&control); 268 if ((control & 0x1f3f) == 0x033f) { 269 npx_exists = 1; 270 /* 271 * We have an npx, now divide by 0 to see if exception 272 * 16 works. 273 */ 274 control &= ~(1 << 2); /* enable divide by 0 trap */ 275 fldcw(&control); 276 npx_traps_while_probing = npx_intrs_while_probing = 0; 277 fp_divide_by_0(); 278 if (npx_traps_while_probing != 0) { 279 /* 280 * Good, exception 16 works. 281 */ 282 npx_ex16 = 1; 283 dvp->id_irq = 0; /* zap the interrupt */ 284 /* 285 * special return value to flag that we do not 286 * actually use any I/O registers 287 */ 288 return (-1); 289 } 290 if (npx_intrs_while_probing != 0) { 291 /* 292 * Bad, we are stuck with IRQ13. 293 */ 294 npx_irq13 = 1; 295 npx0_imask = dvp->id_irq; /* npxattach too late */ 296 return (IO_NPXSIZE); 297 } 298 /* 299 * Worse, even IRQ13 is broken. Use emulator. 300 */ 301 } 302 } 303 /* 304 * Probe failed, but we want to get to npxattach to initialize the 305 * emulator and say that it has been installed. XXX handle devices 306 * that aren't really devices better. 307 */ 308 dvp->id_irq = 0; 309 /* 310 * special return value to flag that we do not 311 * actually use any I/O registers 312 */ 313 return (-1); 314 } 315 316 /* 317 * Attach routine - announce which it is, and wire into system 318 */ 319 int 320 npxattach(dvp) 321 struct isa_device *dvp; 322 { 323 if (!npx_ex16 && !npx_irq13) { 324 if (npx_exists) 325 printf("npx%d: Error reporting broken, using 387 emulator\n",dvp->id_unit); 326 else 327 printf("npx%d: 387 Emulator\n",dvp->id_unit); 328 } 329 npxinit(__INITIAL_NPXCW__); 330 return (1); /* XXX unused */ 331 } 332 333 /* 334 * Initialize floating point unit. 335 */ 336 void 337 npxinit(control) 338 u_int control; 339 { 340 struct save87 dummy; 341 342 if (!npx_exists) 343 return; 344 /* 345 * fninit has the same h/w bugs as fnsave. Use the detoxified 346 * fnsave to throw away any junk in the fpu. fnsave initializes 347 * the fpu and sets npxproc = NULL as important side effects. 348 */ 349 npxsave(&dummy); 350 stop_emulating(); 351 fldcw(&control); 352 if (curpcb != NULL) 353 fnsave(&curpcb->pcb_savefpu); 354 start_emulating(); 355 } 356 357 /* 358 * Free coprocessor (if we have it). 359 */ 360 void 361 npxexit(p) 362 struct proc *p; 363 { 364 365 if (p == npxproc) { 366 start_emulating(); 367 npxproc = NULL; 368 } 369 } 370 371 /* 372 * Record the FPU state and reinitialize it all except for the control word. 373 * Then generate a SIGFPE. 374 * 375 * Reinitializing the state allows naive SIGFPE handlers to longjmp without 376 * doing any fixups. 377 * 378 * XXX there is currently no way to pass the full error state to signal 379 * handlers, and if this is a nested interrupt there is no way to pass even 380 * a status code! So there is no way to have a non-naive SIGFPE handler. At 381 * best a handler could do an fninit followed by an fldcw of a static value. 382 * fnclex would be of little use because it would leave junk on the FPU stack. 383 * Returning from the handler would be even less safe than usual because 384 * IRQ13 exception handling makes exceptions even less precise than usual. 385 */ 386 void 387 npxintr(frame) 388 struct intrframe frame; 389 { 390 int code; 391 392 if (npxproc == NULL || !npx_exists) { 393 /* XXX no %p in stand/printf.c. Cast to quiet gcc -Wall. */ 394 printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n", 395 (u_long) npxproc, (u_long) curproc, npx_exists); 396 panic("npxintr from nowhere"); 397 } 398 if (npxproc != curproc) { 399 printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n", 400 (u_long) npxproc, (u_long) curproc, npx_exists); 401 panic("npxintr from non-current process"); 402 } 403 /* 404 * Save state. This does an implied fninit. It had better not halt 405 * the cpu or we'll hang. 406 */ 407 outb(0xf0, 0); 408 fnsave(&curpcb->pcb_savefpu); 409 fwait(); 410 /* 411 * Restore control word (was clobbered by fnsave). 412 */ 413 fldcw(&curpcb->pcb_savefpu.sv_env.en_cw); 414 fwait(); 415 /* 416 * Remember the exception status word and tag word. The current 417 * (almost fninit'ed) fpu state is in the fpu and the exception 418 * state just saved will soon be junk. However, the implied fninit 419 * doesn't change the error pointers or register contents, and we 420 * preserved the control word and will copy the status and tag 421 * words, so the complete exception state can be recovered. 422 */ 423 curpcb->pcb_savefpu.sv_ex_sw = curpcb->pcb_savefpu.sv_env.en_sw; 424 curpcb->pcb_savefpu.sv_ex_tw = curpcb->pcb_savefpu.sv_env.en_tw; 425 426 /* 427 * Pass exception to process. 428 */ 429 if (ISPL(frame.if_cs) == SEL_UPL) { 430 /* 431 * Interrupt is essentially a trap, so we can afford to call 432 * the SIGFPE handler (if any) as soon as the interrupt 433 * returns. 434 * 435 * XXX little or nothing is gained from this, and plenty is 436 * lost - the interrupt frame has to contain the trap frame 437 * (this is otherwise only necessary for the rescheduling trap 438 * in doreti, and the frame for that could easily be set up 439 * just before it is used). 440 */ 441 curproc->p_md.md_regs = (int *)&frame.if_es; 442 #ifdef notyet 443 /* 444 * Encode the appropriate code for detailed information on 445 * this exception. 446 */ 447 code = XXX_ENCODE(curpcb->pcb_savefpu.sv_ex_sw); 448 #else 449 code = 0; /* XXX */ 450 #endif 451 trapsignal(curproc, SIGFPE, code); 452 } else { 453 /* 454 * Nested interrupt. These losers occur when: 455 * o an IRQ13 is bogusly generated at a bogus time, e.g.: 456 * o immediately after an fnsave or frstor of an 457 * error state. 458 * o a couple of 386 instructions after 459 * "fstpl _memvar" causes a stack overflow. 460 * These are especially nasty when combined with a 461 * trace trap. 462 * o an IRQ13 occurs at the same time as another higher- 463 * priority interrupt. 464 * 465 * Treat them like a true async interrupt. 466 */ 467 psignal(npxproc, SIGFPE); 468 } 469 } 470 471 /* 472 * Implement device not available (DNA) exception 473 * 474 * It would be better to switch FP context here (only). This would require 475 * saving the state in the proc table instead of in the pcb. 476 */ 477 int 478 npxdna() 479 { 480 if (!npx_exists) 481 return (0); 482 if (npxproc != NULL) { 483 printf("npxdna: npxproc = %lx, curproc = %lx\n", 484 (u_long) npxproc, (u_long) curproc); 485 panic("npxdna"); 486 } 487 stop_emulating(); 488 /* 489 * Record new context early in case frstor causes an IRQ13. 490 */ 491 npxproc = curproc; 492 /* 493 * The following frstor may cause an IRQ13 when the state being 494 * restored has a pending error. The error will appear to have been 495 * triggered by the current (npx) user instruction even when that 496 * instruction is a no-wait instruction that should not trigger an 497 * error (e.g., fnclex). On at least one 486 system all of the 498 * no-wait instructions are broken the same as frstor, so our 499 * treatment does not amplify the breakage. On at least one 500 * 386/Cyrix 387 system, fnclex works correctly while frstor and 501 * fnsave are broken, so our treatment breaks fnclex if it is the 502 * first FPU instruction after a context switch. 503 */ 504 frstor(&curpcb->pcb_savefpu); 505 506 return (1); 507 } 508 509 /* 510 * Wrapper for fnsave instruction to handle h/w bugs. If there is an error 511 * pending, then fnsave generates a bogus IRQ13 on some systems. Force 512 * any IRQ13 to be handled immediately, and then ignore it. This routine is 513 * often called at splhigh so it must not use many system services. In 514 * particular, it's much easier to install a special handler than to 515 * guarantee that it's safe to use npxintr() and its supporting code. 516 */ 517 void 518 npxsave(addr) 519 struct save87 *addr; 520 { 521 u_char icu1_mask; 522 u_char icu2_mask; 523 u_char old_icu1_mask; 524 u_char old_icu2_mask; 525 struct gate_descriptor save_idt_npxintr; 526 527 disable_intr(); 528 old_icu1_mask = inb(IO_ICU1 + 1); 529 old_icu2_mask = inb(IO_ICU2 + 1); 530 save_idt_npxintr = idt[npx_intrno]; 531 outb(IO_ICU1 + 1, old_icu1_mask & ~(IRQ_SLAVE | npx0_imask)); 532 outb(IO_ICU2 + 1, old_icu2_mask & ~(npx0_imask >> 8)); 533 idt[npx_intrno] = npx_idt_probeintr; 534 enable_intr(); 535 stop_emulating(); 536 fnsave(addr); 537 fwait(); 538 start_emulating(); 539 npxproc = NULL; 540 disable_intr(); 541 icu1_mask = inb(IO_ICU1 + 1); /* masks may have changed */ 542 icu2_mask = inb(IO_ICU2 + 1); 543 outb(IO_ICU1 + 1, 544 (icu1_mask & ~npx0_imask) | (old_icu1_mask & npx0_imask)); 545 outb(IO_ICU2 + 1, 546 (icu2_mask & ~(npx0_imask >> 8)) 547 | (old_icu2_mask & (npx0_imask >> 8))); 548 idt[npx_intrno] = save_idt_npxintr; 549 enable_intr(); /* back to usual state */ 550 } 551 552 #endif /* NNPX > 0 */ 553