xref: /illumos-gate/usr/src/uts/sun4/os/trap.c (revision 3299f39fdcbdab4be7a9c70daa3873f2b78a398d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * Copyright (c) 2012 Joyent, Inc.  All rights reserved.
29  */
30 
31 #include <sys/mmu.h>
32 #include <sys/systm.h>
33 #include <sys/trap.h>
34 #include <sys/machtrap.h>
35 #include <sys/vtrace.h>
36 #include <sys/prsystm.h>
37 #include <sys/archsystm.h>
38 #include <sys/machsystm.h>
39 #include <sys/fpu/fpusystm.h>
40 #include <sys/tnf.h>
41 #include <sys/tnf_probe.h>
42 #include <sys/simulate.h>
43 #include <sys/ftrace.h>
44 #include <sys/ontrap.h>
45 #include <sys/kcpc.h>
46 #include <sys/kobj.h>
47 #include <sys/procfs.h>
48 #include <sys/sun4asi.h>
49 #include <sys/sdt.h>
50 #include <sys/fpras.h>
51 #include <sys/contract/process_impl.h>
52 
53 #ifdef  TRAPTRACE
54 #include <sys/traptrace.h>
55 #endif
56 
57 int tudebug = 0;
58 static int tudebugbpt = 0;
59 static int tudebugfpe = 0;
60 
61 static int alignfaults = 0;
62 
63 #if defined(TRAPDEBUG) || defined(lint)
64 static int lodebug = 0;
65 #else
66 #define	lodebug	0
67 #endif /* defined(TRAPDEBUG) || defined(lint) */
68 
69 
70 int vis1_partial_support(struct regs *rp, k_siginfo_t *siginfo, uint_t *fault);
71 #pragma weak vis1_partial_support
72 
73 void showregs(unsigned, struct regs *, caddr_t, uint_t);
74 #pragma weak showregs
75 
76 void trap_async_hwerr(void);
77 #pragma weak trap_async_hwerr
78 
79 void trap_async_berr_bto(int, struct regs *);
80 #pragma weak trap_async_berr_bto
81 
82 static enum seg_rw get_accesstype(struct regs *);
83 static int nfload(struct regs *, int *);
84 static int swap_nc(struct regs *, int);
85 static int ldstub_nc(struct regs *, int);
86 void	trap_cleanup(struct regs *, uint_t, k_siginfo_t *, int);
87 void	trap_rtt(void);
88 
89 static int
90 die(unsigned type, struct regs *rp, caddr_t addr, uint_t mmu_fsr)
91 {
92 	struct panic_trap_info ti;
93 
94 #ifdef TRAPTRACE
95 	TRAPTRACE_FREEZE;
96 #endif
97 
98 	ti.trap_regs = rp;
99 	ti.trap_type = type;
100 	ti.trap_addr = addr;
101 	ti.trap_mmu_fsr = mmu_fsr;
102 
103 	curthread->t_panic_trap = &ti;
104 
105 	if (type == T_DATA_MMU_MISS && addr < (caddr_t)KERNELBASE) {
106 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x "
107 		    "occurred in module \"%s\" due to %s",
108 		    type, (void *)rp, (void *)addr, mmu_fsr,
109 		    mod_containing_pc((caddr_t)rp->r_pc),
110 		    addr < (caddr_t)PAGESIZE ?
111 		    "a NULL pointer dereference" :
112 		    "an illegal access to a user address");
113 	} else {
114 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x",
115 		    type, (void *)rp, (void *)addr, mmu_fsr);
116 	}
117 
118 	return (0);	/* avoid optimization of restore in call's delay slot */
119 }
120 
121 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
122 int	ill_calls;
123 #endif
124 
125 /*
126  * Currently, the only PREFETCH/PREFETCHA instructions which cause traps
127  * are the "strong" prefetches (fcn=20-23).  But we check for all flavors of
128  * PREFETCH, in case some future variant also causes a DATA_MMU_MISS.
129  */
130 #define	IS_PREFETCH(i)	(((i) & 0xc1780000) == 0xc1680000)
131 
132 #define	IS_FLUSH(i)	(((i) & 0xc1f80000) == 0x81d80000)
133 #define	IS_SWAP(i)	(((i) & 0xc1f80000) == 0xc0780000)
134 #define	IS_LDSTUB(i)	(((i) & 0xc1f80000) == 0xc0680000)
135 #define	IS_FLOAT(i)	(((i) & 0x1000000) != 0)
136 #define	IS_STORE(i)	(((i) >> 21) & 1)
137 
138 /*
139  * Called from the trap handler when a processor trap occurs.
140  */
141 /*VARARGS2*/
142 void
143 trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t mmu_fsr)
144 {
145 	proc_t *p = ttoproc(curthread);
146 	klwp_id_t lwp = ttolwp(curthread);
147 	struct machpcb *mpcb = NULL;
148 	k_siginfo_t siginfo;
149 	uint_t op3, fault = 0;
150 	int stepped = 0;
151 	greg_t oldpc;
152 	int mstate;
153 	char *badaddr;
154 	faultcode_t res;
155 	enum fault_type fault_type;
156 	enum seg_rw rw;
157 	uintptr_t lofault;
158 	label_t *onfault;
159 	int instr;
160 	int iskernel;
161 	int watchcode;
162 	int watchpage;
163 	extern faultcode_t pagefault(caddr_t, enum fault_type,
164 	    enum seg_rw, int);
165 #ifdef sun4v
166 	extern boolean_t tick_stick_emulation_active;
167 #endif	/* sun4v */
168 
169 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
170 
171 #ifdef SF_ERRATA_23 /* call causes illegal-insn */
172 	ASSERT((curthread->t_schedflag & TS_DONT_SWAP) ||
173 	    (type == T_UNIMP_INSTR));
174 #else
175 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
176 #endif /* SF_ERRATA_23 */
177 
178 	if (USERMODE(rp->r_tstate) || (type & T_USER)) {
179 		/*
180 		 * Set lwp_state before trying to acquire any
181 		 * adaptive lock
182 		 */
183 		ASSERT(lwp != NULL);
184 		lwp->lwp_state = LWP_SYS;
185 		/*
186 		 * Set up the current cred to use during this trap. u_cred
187 		 * no longer exists.  t_cred is used instead.
188 		 * The current process credential applies to the thread for
189 		 * the entire trap.  If trapping from the kernel, this
190 		 * should already be set up.
191 		 */
192 		if (curthread->t_cred != p->p_cred) {
193 			cred_t *oldcred = curthread->t_cred;
194 			/*
195 			 * DTrace accesses t_cred in probe context.  t_cred
196 			 * must always be either NULL, or point to a valid,
197 			 * allocated cred structure.
198 			 */
199 			curthread->t_cred = crgetcred();
200 			crfree(oldcred);
201 		}
202 		type |= T_USER;
203 		ASSERT((type == (T_SYS_RTT_PAGE | T_USER)) ||
204 		    (type == (T_SYS_RTT_ALIGN | T_USER)) ||
205 		    lwp->lwp_regs == rp);
206 		mpcb = lwptompcb(lwp);
207 		switch (type) {
208 		case T_WIN_OVERFLOW + T_USER:
209 		case T_WIN_UNDERFLOW + T_USER:
210 		case T_SYS_RTT_PAGE + T_USER:
211 		case T_DATA_MMU_MISS + T_USER:
212 			mstate = LMS_DFAULT;
213 			break;
214 		case T_INSTR_MMU_MISS + T_USER:
215 			mstate = LMS_TFAULT;
216 			break;
217 		default:
218 			mstate = LMS_TRAP;
219 			break;
220 		}
221 		/* Kernel probe */
222 		TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
223 		    tnf_microstate, state, (char)mstate);
224 		mstate = new_mstate(curthread, mstate);
225 		siginfo.si_signo = 0;
226 		stepped =
227 		    lwp->lwp_pcb.pcb_step != STEP_NONE &&
228 		    ((oldpc = rp->r_pc), prundostep()) &&
229 		    mmu_btop((uintptr_t)addr) == mmu_btop((uintptr_t)oldpc);
230 		/* this assignment must not precede call to prundostep() */
231 		oldpc = rp->r_pc;
232 	}
233 
234 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
235 	    "C_trap_handler_enter:type %x", type);
236 
237 #ifdef	F_DEFERRED
238 	/*
239 	 * Take any pending floating point exceptions now.
240 	 * If the floating point unit has an exception to handle,
241 	 * just return to user-level to let the signal handler run.
242 	 * The instruction that got us to trap() will be reexecuted on
243 	 * return from the signal handler and we will trap to here again.
244 	 * This is necessary to disambiguate simultaneous traps which
245 	 * happen when a floating-point exception is pending and a
246 	 * machine fault is incurred.
247 	 */
248 	if (type & USER) {
249 		/*
250 		 * FP_TRAPPED is set only by sendsig() when it copies
251 		 * out the floating-point queue for the signal handler.
252 		 * It is set there so we can test it here and in syscall().
253 		 */
254 		mpcb->mpcb_flags &= ~FP_TRAPPED;
255 		syncfpu();
256 		if (mpcb->mpcb_flags & FP_TRAPPED) {
257 			/*
258 			 * trap() has have been called recursively and may
259 			 * have stopped the process, so do single step
260 			 * support for /proc.
261 			 */
262 			mpcb->mpcb_flags &= ~FP_TRAPPED;
263 			goto out;
264 		}
265 	}
266 #endif
267 	switch (type) {
268 		case T_DATA_MMU_MISS:
269 		case T_INSTR_MMU_MISS + T_USER:
270 		case T_DATA_MMU_MISS + T_USER:
271 		case T_DATA_PROT + T_USER:
272 		case T_AST + T_USER:
273 		case T_SYS_RTT_PAGE + T_USER:
274 		case T_FLUSH_PCB + T_USER:
275 		case T_FLUSHW + T_USER:
276 			break;
277 
278 		default:
279 			FTRACE_3("trap(): type=0x%lx, regs=0x%lx, addr=0x%lx",
280 			    (ulong_t)type, (ulong_t)rp, (ulong_t)addr);
281 			break;
282 	}
283 
284 	switch (type) {
285 
286 	default:
287 		/*
288 		 * Check for user software trap.
289 		 */
290 		if (type & T_USER) {
291 			if (tudebug)
292 				showregs(type, rp, (caddr_t)0, 0);
293 			if ((type & ~T_USER) >= T_SOFTWARE_TRAP) {
294 				bzero(&siginfo, sizeof (siginfo));
295 				siginfo.si_signo = SIGILL;
296 				siginfo.si_code  = ILL_ILLTRP;
297 				siginfo.si_addr  = (caddr_t)rp->r_pc;
298 				siginfo.si_trapno = type &~ T_USER;
299 				fault = FLTILL;
300 				break;
301 			}
302 		}
303 		addr = (caddr_t)rp->r_pc;
304 		(void) die(type, rp, addr, 0);
305 		/*NOTREACHED*/
306 
307 	case T_ALIGNMENT:	/* supv alignment error */
308 		if (nfload(rp, NULL))
309 			goto cleanup;
310 
311 		if (curthread->t_lofault) {
312 			if (lodebug) {
313 				showregs(type, rp, addr, 0);
314 				traceback((caddr_t)rp->r_sp);
315 			}
316 			rp->r_g1 = EFAULT;
317 			rp->r_pc = curthread->t_lofault;
318 			rp->r_npc = rp->r_pc + 4;
319 			goto cleanup;
320 		}
321 		(void) die(type, rp, addr, 0);
322 		/*NOTREACHED*/
323 
324 	case T_INSTR_EXCEPTION:		/* sys instruction access exception */
325 		addr = (caddr_t)rp->r_pc;
326 		(void) die(type, rp, addr, mmu_fsr);
327 		/*NOTREACHED*/
328 
329 	case T_INSTR_MMU_MISS:		/* sys instruction mmu miss */
330 		addr = (caddr_t)rp->r_pc;
331 		(void) die(type, rp, addr, 0);
332 		/*NOTREACHED*/
333 
334 	case T_DATA_EXCEPTION:		/* system data access exception */
335 		switch (X_FAULT_TYPE(mmu_fsr)) {
336 		case FT_RANGE:
337 			/*
338 			 * This happens when we attempt to dereference an
339 			 * address in the address hole.  If t_ontrap is set,
340 			 * then break and fall through to T_DATA_MMU_MISS /
341 			 * T_DATA_PROT case below.  If lofault is set, then
342 			 * honour it (perhaps the user gave us a bogus
343 			 * address in the hole to copyin from or copyout to?)
344 			 */
345 
346 			if (curthread->t_ontrap != NULL)
347 				break;
348 
349 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
350 			if (curthread->t_lofault) {
351 				if (lodebug) {
352 					showregs(type, rp, addr, 0);
353 					traceback((caddr_t)rp->r_sp);
354 				}
355 				rp->r_g1 = EFAULT;
356 				rp->r_pc = curthread->t_lofault;
357 				rp->r_npc = rp->r_pc + 4;
358 				goto cleanup;
359 			}
360 			(void) die(type, rp, addr, mmu_fsr);
361 			/*NOTREACHED*/
362 
363 		case FT_PRIV:
364 			/*
365 			 * This can happen if we access ASI_USER from a kernel
366 			 * thread.  To support pxfs, we need to honor lofault if
367 			 * we're doing a copyin/copyout from a kernel thread.
368 			 */
369 
370 			if (nfload(rp, NULL))
371 				goto cleanup;
372 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
373 			if (curthread->t_lofault) {
374 				if (lodebug) {
375 					showregs(type, rp, addr, 0);
376 					traceback((caddr_t)rp->r_sp);
377 				}
378 				rp->r_g1 = EFAULT;
379 				rp->r_pc = curthread->t_lofault;
380 				rp->r_npc = rp->r_pc + 4;
381 				goto cleanup;
382 			}
383 			(void) die(type, rp, addr, mmu_fsr);
384 			/*NOTREACHED*/
385 
386 		default:
387 			if (nfload(rp, NULL))
388 				goto cleanup;
389 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
390 			(void) die(type, rp, addr, mmu_fsr);
391 			/*NOTREACHED*/
392 
393 		case FT_NFO:
394 			break;
395 		}
396 		/* fall into ... */
397 
398 	case T_DATA_MMU_MISS:		/* system data mmu miss */
399 	case T_DATA_PROT:		/* system data protection fault */
400 		if (nfload(rp, &instr))
401 			goto cleanup;
402 
403 		/*
404 		 * If we're under on_trap() protection (see <sys/ontrap.h>),
405 		 * set ot_trap and return from the trap to the trampoline.
406 		 */
407 		if (curthread->t_ontrap != NULL) {
408 			on_trap_data_t *otp = curthread->t_ontrap;
409 
410 			TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT,
411 			    "C_trap_handler_exit");
412 			TRACE_0(TR_FAC_TRAP, TR_TRAP_END, "trap_end");
413 
414 			if (otp->ot_prot & OT_DATA_ACCESS) {
415 				otp->ot_trap |= OT_DATA_ACCESS;
416 				rp->r_pc = otp->ot_trampoline;
417 				rp->r_npc = rp->r_pc + 4;
418 				goto cleanup;
419 			}
420 		}
421 		lofault = curthread->t_lofault;
422 		onfault = curthread->t_onfault;
423 		curthread->t_lofault = 0;
424 
425 		mstate = new_mstate(curthread, LMS_KFAULT);
426 
427 		switch (type) {
428 		case T_DATA_PROT:
429 			fault_type = F_PROT;
430 			rw = S_WRITE;
431 			break;
432 		case T_INSTR_MMU_MISS:
433 			fault_type = F_INVAL;
434 			rw = S_EXEC;
435 			break;
436 		case T_DATA_MMU_MISS:
437 		case T_DATA_EXCEPTION:
438 			/*
439 			 * The hardware doesn't update the sfsr on mmu
440 			 * misses so it is not easy to find out whether
441 			 * the access was a read or a write so we need
442 			 * to decode the actual instruction.
443 			 */
444 			fault_type = F_INVAL;
445 			rw = get_accesstype(rp);
446 			break;
447 		default:
448 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
449 			break;
450 		}
451 		/*
452 		 * We determine if access was done to kernel or user
453 		 * address space.  The addr passed into trap is really the
454 		 * tag access register.
455 		 */
456 		iskernel = (((uintptr_t)addr & TAGACC_CTX_MASK) == KCONTEXT);
457 		addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
458 
459 		res = pagefault(addr, fault_type, rw, iskernel);
460 		if (!iskernel && res == FC_NOMAP &&
461 		    addr < p->p_usrstack && grow(addr))
462 			res = 0;
463 
464 		(void) new_mstate(curthread, mstate);
465 
466 		/*
467 		 * Restore lofault and onfault.  If we resolved the fault, exit.
468 		 * If we didn't and lofault wasn't set, die.
469 		 */
470 		curthread->t_lofault = lofault;
471 		curthread->t_onfault = onfault;
472 
473 		if (res == 0)
474 			goto cleanup;
475 
476 		if (IS_PREFETCH(instr)) {
477 			/* skip prefetch instructions in kernel-land */
478 			rp->r_pc = rp->r_npc;
479 			rp->r_npc += 4;
480 			goto cleanup;
481 		}
482 
483 		if ((lofault == 0 || lodebug) &&
484 		    (calc_memaddr(rp, &badaddr) == SIMU_SUCCESS))
485 			addr = badaddr;
486 		if (lofault == 0)
487 			(void) die(type, rp, addr, 0);
488 		/*
489 		 * Cannot resolve fault.  Return to lofault.
490 		 */
491 		if (lodebug) {
492 			showregs(type, rp, addr, 0);
493 			traceback((caddr_t)rp->r_sp);
494 		}
495 		if (FC_CODE(res) == FC_OBJERR)
496 			res = FC_ERRNO(res);
497 		else
498 			res = EFAULT;
499 		rp->r_g1 = res;
500 		rp->r_pc = curthread->t_lofault;
501 		rp->r_npc = curthread->t_lofault + 4;
502 		goto cleanup;
503 
504 	case T_INSTR_EXCEPTION + T_USER: /* user insn access exception */
505 		bzero(&siginfo, sizeof (siginfo));
506 		siginfo.si_addr = (caddr_t)rp->r_pc;
507 		siginfo.si_signo = SIGSEGV;
508 		siginfo.si_code = X_FAULT_TYPE(mmu_fsr) == FT_PRIV ?
509 		    SEGV_ACCERR : SEGV_MAPERR;
510 		fault = FLTBOUNDS;
511 		break;
512 
513 	case T_WIN_OVERFLOW + T_USER:	/* window overflow in ??? */
514 	case T_WIN_UNDERFLOW + T_USER:	/* window underflow in ??? */
515 	case T_SYS_RTT_PAGE + T_USER:	/* window underflow in user_rtt */
516 	case T_INSTR_MMU_MISS + T_USER:	/* user instruction mmu miss */
517 	case T_DATA_MMU_MISS + T_USER:	/* user data mmu miss */
518 	case T_DATA_PROT + T_USER:	/* user data protection fault */
519 		switch (type) {
520 		case T_INSTR_MMU_MISS + T_USER:
521 			addr = (caddr_t)rp->r_pc;
522 			fault_type = F_INVAL;
523 			rw = S_EXEC;
524 			break;
525 
526 		case T_DATA_MMU_MISS + T_USER:
527 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
528 			fault_type = F_INVAL;
529 			/*
530 			 * The hardware doesn't update the sfsr on mmu misses
531 			 * so it is not easy to find out whether the access
532 			 * was a read or a write so we need to decode the
533 			 * actual instruction.  XXX BUGLY HW
534 			 */
535 			rw = get_accesstype(rp);
536 			break;
537 
538 		case T_DATA_PROT + T_USER:
539 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
540 			fault_type = F_PROT;
541 			rw = S_WRITE;
542 			break;
543 
544 		case T_WIN_OVERFLOW + T_USER:
545 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
546 			fault_type = F_INVAL;
547 			rw = S_WRITE;
548 			break;
549 
550 		case T_WIN_UNDERFLOW + T_USER:
551 		case T_SYS_RTT_PAGE + T_USER:
552 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
553 			fault_type = F_INVAL;
554 			rw = S_READ;
555 			break;
556 
557 		default:
558 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
559 			break;
560 		}
561 
562 		/*
563 		 * If we are single stepping do not call pagefault
564 		 */
565 		if (stepped) {
566 			res = FC_NOMAP;
567 		} else {
568 			caddr_t vaddr = addr;
569 			size_t sz;
570 			int ta;
571 
572 			ASSERT(!(curthread->t_flag & T_WATCHPT));
573 			watchpage = (pr_watch_active(p) &&
574 			    type != T_WIN_OVERFLOW + T_USER &&
575 			    type != T_WIN_UNDERFLOW + T_USER &&
576 			    type != T_SYS_RTT_PAGE + T_USER &&
577 			    pr_is_watchpage(addr, rw));
578 
579 			if (!watchpage ||
580 			    (sz = instr_size(rp, &vaddr, rw)) <= 0)
581 				/* EMPTY */;
582 			else if ((watchcode = pr_is_watchpoint(&vaddr, &ta,
583 			    sz, NULL, rw)) != 0) {
584 				if (ta) {
585 					do_watch_step(vaddr, sz, rw,
586 					    watchcode, rp->r_pc);
587 					fault_type = F_INVAL;
588 				} else {
589 					bzero(&siginfo,	sizeof (siginfo));
590 					siginfo.si_signo = SIGTRAP;
591 					siginfo.si_code = watchcode;
592 					siginfo.si_addr = vaddr;
593 					siginfo.si_trapafter = 0;
594 					siginfo.si_pc = (caddr_t)rp->r_pc;
595 					fault = FLTWATCH;
596 					break;
597 				}
598 			} else {
599 				if (rw != S_EXEC &&
600 				    pr_watch_emul(rp, vaddr, rw))
601 					goto out;
602 				do_watch_step(vaddr, sz, rw, 0, 0);
603 				fault_type = F_INVAL;
604 			}
605 
606 			if (pr_watch_active(p) &&
607 			    (type == T_WIN_OVERFLOW + T_USER ||
608 			    type == T_WIN_UNDERFLOW + T_USER ||
609 			    type == T_SYS_RTT_PAGE + T_USER)) {
610 				int dotwo = (type == T_WIN_UNDERFLOW + T_USER);
611 				if (copy_return_window(dotwo))
612 					goto out;
613 				fault_type = F_INVAL;
614 			}
615 
616 			res = pagefault(addr, fault_type, rw, 0);
617 
618 			/*
619 			 * If pagefault succeed, ok.
620 			 * Otherwise grow the stack automatically.
621 			 */
622 			if (res == 0 ||
623 			    (res == FC_NOMAP &&
624 			    type != T_INSTR_MMU_MISS + T_USER &&
625 			    addr < p->p_usrstack &&
626 			    grow(addr))) {
627 				int ismem = prismember(&p->p_fltmask, FLTPAGE);
628 
629 				/*
630 				 * instr_size() is used to get the exact
631 				 * address of the fault, instead of the
632 				 * page of the fault. Unfortunately it is
633 				 * very slow, and this is an important
634 				 * code path. Don't call it unless
635 				 * correctness is needed. ie. if FLTPAGE
636 				 * is set, or we're profiling.
637 				 */
638 
639 				if (curthread->t_rprof != NULL || ismem)
640 					(void) instr_size(rp, &addr, rw);
641 
642 				lwp->lwp_lastfault = FLTPAGE;
643 				lwp->lwp_lastfaddr = addr;
644 
645 				if (ismem) {
646 					bzero(&siginfo, sizeof (siginfo));
647 					siginfo.si_addr = addr;
648 					(void) stop_on_fault(FLTPAGE, &siginfo);
649 				}
650 				goto out;
651 			}
652 
653 			if (type != (T_INSTR_MMU_MISS + T_USER)) {
654 				/*
655 				 * check for non-faulting loads, also
656 				 * fetch the instruction to check for
657 				 * flush
658 				 */
659 				if (nfload(rp, &instr))
660 					goto out;
661 
662 				/* skip userland prefetch instructions */
663 				if (IS_PREFETCH(instr)) {
664 					rp->r_pc = rp->r_npc;
665 					rp->r_npc += 4;
666 					goto out;
667 					/*NOTREACHED*/
668 				}
669 
670 				/*
671 				 * check if the instruction was a
672 				 * flush.  ABI allows users to specify
673 				 * an illegal address on the flush
674 				 * instruction so we simply return in
675 				 * this case.
676 				 *
677 				 * NB: the hardware should set a bit
678 				 * indicating this trap was caused by
679 				 * a flush instruction.  Instruction
680 				 * decoding is bugly!
681 				 */
682 				if (IS_FLUSH(instr)) {
683 					/* skip the flush instruction */
684 					rp->r_pc = rp->r_npc;
685 					rp->r_npc += 4;
686 					goto out;
687 					/*NOTREACHED*/
688 				}
689 			} else if (res == FC_PROT) {
690 				report_stack_exec(p, addr);
691 			}
692 
693 			if (tudebug)
694 				showregs(type, rp, addr, 0);
695 		}
696 
697 		/*
698 		 * In the case where both pagefault and grow fail,
699 		 * set the code to the value provided by pagefault.
700 		 */
701 		(void) instr_size(rp, &addr, rw);
702 		bzero(&siginfo, sizeof (siginfo));
703 		siginfo.si_addr = addr;
704 		if (FC_CODE(res) == FC_OBJERR) {
705 			siginfo.si_errno = FC_ERRNO(res);
706 			if (siginfo.si_errno != EINTR) {
707 				siginfo.si_signo = SIGBUS;
708 				siginfo.si_code = BUS_OBJERR;
709 				fault = FLTACCESS;
710 			}
711 		} else { /* FC_NOMAP || FC_PROT */
712 			siginfo.si_signo = SIGSEGV;
713 			siginfo.si_code = (res == FC_NOMAP) ?
714 			    SEGV_MAPERR : SEGV_ACCERR;
715 			fault = FLTBOUNDS;
716 		}
717 		/*
718 		 * If this is the culmination of a single-step,
719 		 * reset the addr, code, signal and fault to
720 		 * indicate a hardware trace trap.
721 		 */
722 		if (stepped) {
723 			pcb_t *pcb = &lwp->lwp_pcb;
724 
725 			siginfo.si_signo = 0;
726 			fault = 0;
727 			if (pcb->pcb_step == STEP_WASACTIVE) {
728 				pcb->pcb_step = STEP_NONE;
729 				pcb->pcb_tracepc = NULL;
730 				oldpc = rp->r_pc - 4;
731 			}
732 			/*
733 			 * If both NORMAL_STEP and WATCH_STEP are in
734 			 * effect, give precedence to WATCH_STEP.
735 			 * One or the other must be set at this point.
736 			 */
737 			ASSERT(pcb->pcb_flags & (NORMAL_STEP|WATCH_STEP));
738 			if ((fault = undo_watch_step(&siginfo)) == 0 &&
739 			    (pcb->pcb_flags & NORMAL_STEP)) {
740 				siginfo.si_signo = SIGTRAP;
741 				siginfo.si_code = TRAP_TRACE;
742 				siginfo.si_addr = (caddr_t)rp->r_pc;
743 				fault = FLTTRACE;
744 			}
745 			pcb->pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
746 		}
747 		break;
748 
749 	case T_DATA_EXCEPTION + T_USER:	/* user data access exception */
750 
751 		if (&vis1_partial_support != NULL) {
752 			bzero(&siginfo, sizeof (siginfo));
753 			if (vis1_partial_support(rp,
754 			    &siginfo, &fault) == 0)
755 				goto out;
756 		}
757 
758 		if (nfload(rp, &instr))
759 			goto out;
760 		if (IS_FLUSH(instr)) {
761 			/* skip the flush instruction */
762 			rp->r_pc = rp->r_npc;
763 			rp->r_npc += 4;
764 			goto out;
765 			/*NOTREACHED*/
766 		}
767 		bzero(&siginfo, sizeof (siginfo));
768 		siginfo.si_addr = addr;
769 		switch (X_FAULT_TYPE(mmu_fsr)) {
770 		case FT_ATOMIC_NC:
771 			if ((IS_SWAP(instr) && swap_nc(rp, instr)) ||
772 			    (IS_LDSTUB(instr) && ldstub_nc(rp, instr))) {
773 				/* skip the atomic */
774 				rp->r_pc = rp->r_npc;
775 				rp->r_npc += 4;
776 				goto out;
777 			}
778 			/* fall into ... */
779 		case FT_PRIV:
780 			siginfo.si_signo = SIGSEGV;
781 			siginfo.si_code = SEGV_ACCERR;
782 			fault = FLTBOUNDS;
783 			break;
784 		case FT_SPEC_LD:
785 		case FT_ILL_ALT:
786 			siginfo.si_signo = SIGILL;
787 			siginfo.si_code = ILL_ILLADR;
788 			fault = FLTILL;
789 			break;
790 		default:
791 			siginfo.si_signo = SIGSEGV;
792 			siginfo.si_code = SEGV_MAPERR;
793 			fault = FLTBOUNDS;
794 			break;
795 		}
796 		break;
797 
798 	case T_SYS_RTT_ALIGN + T_USER:	/* user alignment error */
799 	case T_ALIGNMENT + T_USER:	/* user alignment error */
800 		if (tudebug)
801 			showregs(type, rp, addr, 0);
802 		/*
803 		 * If the user has to do unaligned references
804 		 * the ugly stuff gets done here.
805 		 */
806 		alignfaults++;
807 		if (&vis1_partial_support != NULL) {
808 			bzero(&siginfo, sizeof (siginfo));
809 			if (vis1_partial_support(rp,
810 			    &siginfo, &fault) == 0)
811 				goto out;
812 		}
813 
814 		bzero(&siginfo, sizeof (siginfo));
815 		if (type == T_SYS_RTT_ALIGN + T_USER) {
816 			if (nfload(rp, NULL))
817 				goto out;
818 			/*
819 			 * Can't do unaligned stack access
820 			 */
821 			siginfo.si_signo = SIGBUS;
822 			siginfo.si_code = BUS_ADRALN;
823 			siginfo.si_addr = addr;
824 			fault = FLTACCESS;
825 			break;
826 		}
827 
828 		/*
829 		 * Try to fix alignment before non-faulting load test.
830 		 */
831 		if (p->p_fixalignment) {
832 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
833 				rp->r_pc = rp->r_npc;
834 				rp->r_npc += 4;
835 				goto out;
836 			}
837 			if (nfload(rp, NULL))
838 				goto out;
839 			siginfo.si_signo = SIGSEGV;
840 			siginfo.si_code = SEGV_MAPERR;
841 			siginfo.si_addr = badaddr;
842 			fault = FLTBOUNDS;
843 		} else {
844 			if (nfload(rp, NULL))
845 				goto out;
846 			siginfo.si_signo = SIGBUS;
847 			siginfo.si_code = BUS_ADRALN;
848 			if (rp->r_pc & 3) {	/* offending address, if pc */
849 				siginfo.si_addr = (caddr_t)rp->r_pc;
850 			} else {
851 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
852 					siginfo.si_addr = badaddr;
853 				else
854 					siginfo.si_addr = (caddr_t)rp->r_pc;
855 			}
856 			fault = FLTACCESS;
857 		}
858 		break;
859 
860 	case T_PRIV_INSTR + T_USER:	/* privileged instruction fault */
861 		if (tudebug)
862 			showregs(type, rp, (caddr_t)0, 0);
863 
864 		bzero(&siginfo, sizeof (siginfo));
865 #ifdef	sun4v
866 		/*
867 		 * If this instruction fault is a non-privileged %tick
868 		 * or %stick trap, and %tick/%stick user emulation is
869 		 * enabled as a result of an OS suspend, then simulate
870 		 * the register read. We rely on simulate_rdtick to fail
871 		 * if the instruction is not a %tick or %stick read,
872 		 * causing us to fall through to the normal privileged
873 		 * instruction handling.
874 		 */
875 		if (tick_stick_emulation_active &&
876 		    (X_FAULT_TYPE(mmu_fsr) == FT_NEW_PRVACT) &&
877 		    simulate_rdtick(rp) == SIMU_SUCCESS) {
878 			/* skip the successfully simulated instruction */
879 			rp->r_pc = rp->r_npc;
880 			rp->r_npc += 4;
881 			goto out;
882 		}
883 #endif
884 		siginfo.si_signo = SIGILL;
885 		siginfo.si_code = ILL_PRVOPC;
886 		siginfo.si_addr = (caddr_t)rp->r_pc;
887 		fault = FLTILL;
888 		break;
889 
890 	case T_UNIMP_INSTR:		/* priv illegal instruction fault */
891 		if (fpras_implemented) {
892 			/*
893 			 * Call fpras_chktrap indicating that
894 			 * we've come from a trap handler and pass
895 			 * the regs.  That function may choose to panic
896 			 * (in which case it won't return) or it may
897 			 * determine that a reboot is desired.  In the
898 			 * latter case it must alter pc/npc to skip
899 			 * the illegal instruction and continue at
900 			 * a controlled address.
901 			 */
902 			if (&fpras_chktrap) {
903 				if (fpras_chktrap(rp))
904 					goto cleanup;
905 			}
906 		}
907 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
908 		instr = *(int *)rp->r_pc;
909 		if ((instr & 0xc0000000) == 0x40000000) {
910 			long pc;
911 
912 			rp->r_o7 = (long long)rp->r_pc;
913 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
914 			rp->r_pc = rp->r_npc;
915 			rp->r_npc = pc;
916 			ill_calls++;
917 			goto cleanup;
918 		}
919 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
920 		/*
921 		 * It's not an fpras failure and it's not SF_ERRATA_23 - die
922 		 */
923 		addr = (caddr_t)rp->r_pc;
924 		(void) die(type, rp, addr, 0);
925 		/*NOTREACHED*/
926 
927 	case T_UNIMP_INSTR + T_USER:	/* illegal instruction fault */
928 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
929 		instr = fetch_user_instr((caddr_t)rp->r_pc);
930 		if ((instr & 0xc0000000) == 0x40000000) {
931 			long pc;
932 
933 			rp->r_o7 = (long long)rp->r_pc;
934 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
935 			rp->r_pc = rp->r_npc;
936 			rp->r_npc = pc;
937 			ill_calls++;
938 			goto out;
939 		}
940 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
941 		if (tudebug)
942 			showregs(type, rp, (caddr_t)0, 0);
943 		bzero(&siginfo, sizeof (siginfo));
944 		/*
945 		 * Try to simulate the instruction.
946 		 */
947 		switch (simulate_unimp(rp, &badaddr)) {
948 		case SIMU_RETRY:
949 			goto out;	/* regs are already set up */
950 			/*NOTREACHED*/
951 
952 		case SIMU_SUCCESS:
953 			/* skip the successfully simulated instruction */
954 			rp->r_pc = rp->r_npc;
955 			rp->r_npc += 4;
956 			goto out;
957 			/*NOTREACHED*/
958 
959 		case SIMU_FAULT:
960 			siginfo.si_signo = SIGSEGV;
961 			siginfo.si_code = SEGV_MAPERR;
962 			siginfo.si_addr = badaddr;
963 			fault = FLTBOUNDS;
964 			break;
965 
966 		case SIMU_DZERO:
967 			siginfo.si_signo = SIGFPE;
968 			siginfo.si_code = FPE_INTDIV;
969 			siginfo.si_addr = (caddr_t)rp->r_pc;
970 			fault = FLTIZDIV;
971 			break;
972 
973 		case SIMU_UNALIGN:
974 			siginfo.si_signo = SIGBUS;
975 			siginfo.si_code = BUS_ADRALN;
976 			siginfo.si_addr = badaddr;
977 			fault = FLTACCESS;
978 			break;
979 
980 		case SIMU_ILLEGAL:
981 		default:
982 			siginfo.si_signo = SIGILL;
983 			op3 = (instr >> 19) & 0x3F;
984 			if ((IS_FLOAT(instr) && (op3 == IOP_V8_STQFA) ||
985 			    (op3 == IOP_V8_STDFA)))
986 				siginfo.si_code = ILL_ILLADR;
987 			else
988 				siginfo.si_code = ILL_ILLOPC;
989 			siginfo.si_addr = (caddr_t)rp->r_pc;
990 			fault = FLTILL;
991 			break;
992 		}
993 		break;
994 
995 	case T_UNIMP_LDD + T_USER:
996 	case T_UNIMP_STD + T_USER:
997 		if (tudebug)
998 			showregs(type, rp, (caddr_t)0, 0);
999 		switch (simulate_lddstd(rp, &badaddr)) {
1000 		case SIMU_SUCCESS:
1001 			/* skip the successfully simulated instruction */
1002 			rp->r_pc = rp->r_npc;
1003 			rp->r_npc += 4;
1004 			goto out;
1005 			/*NOTREACHED*/
1006 
1007 		case SIMU_FAULT:
1008 			if (nfload(rp, NULL))
1009 				goto out;
1010 			siginfo.si_signo = SIGSEGV;
1011 			siginfo.si_code = SEGV_MAPERR;
1012 			siginfo.si_addr = badaddr;
1013 			fault = FLTBOUNDS;
1014 			break;
1015 
1016 		case SIMU_UNALIGN:
1017 			if (nfload(rp, NULL))
1018 				goto out;
1019 			siginfo.si_signo = SIGBUS;
1020 			siginfo.si_code = BUS_ADRALN;
1021 			siginfo.si_addr = badaddr;
1022 			fault = FLTACCESS;
1023 			break;
1024 
1025 		case SIMU_ILLEGAL:
1026 		default:
1027 			siginfo.si_signo = SIGILL;
1028 			siginfo.si_code = ILL_ILLOPC;
1029 			siginfo.si_addr = (caddr_t)rp->r_pc;
1030 			fault = FLTILL;
1031 			break;
1032 		}
1033 		break;
1034 
1035 	case T_UNIMP_LDD:
1036 	case T_UNIMP_STD:
1037 		if (simulate_lddstd(rp, &badaddr) == SIMU_SUCCESS) {
1038 			/* skip the successfully simulated instruction */
1039 			rp->r_pc = rp->r_npc;
1040 			rp->r_npc += 4;
1041 			goto cleanup;
1042 			/*NOTREACHED*/
1043 		}
1044 		/*
1045 		 * A third party driver executed an {LDD,STD,LDDA,STDA}
1046 		 * that we couldn't simulate.
1047 		 */
1048 		if (nfload(rp, NULL))
1049 			goto cleanup;
1050 
1051 		if (curthread->t_lofault) {
1052 			if (lodebug) {
1053 				showregs(type, rp, addr, 0);
1054 				traceback((caddr_t)rp->r_sp);
1055 			}
1056 			rp->r_g1 = EFAULT;
1057 			rp->r_pc = curthread->t_lofault;
1058 			rp->r_npc = rp->r_pc + 4;
1059 			goto cleanup;
1060 		}
1061 		(void) die(type, rp, addr, 0);
1062 		/*NOTREACHED*/
1063 
1064 	case T_IDIV0 + T_USER:		/* integer divide by zero */
1065 	case T_DIV0 + T_USER:		/* integer divide by zero */
1066 		if (tudebug && tudebugfpe)
1067 			showregs(type, rp, (caddr_t)0, 0);
1068 		bzero(&siginfo, sizeof (siginfo));
1069 		siginfo.si_signo = SIGFPE;
1070 		siginfo.si_code = FPE_INTDIV;
1071 		siginfo.si_addr = (caddr_t)rp->r_pc;
1072 		fault = FLTIZDIV;
1073 		break;
1074 
1075 	case T_INT_OVERFLOW + T_USER:	/* integer overflow */
1076 		if (tudebug && tudebugfpe)
1077 			showregs(type, rp, (caddr_t)0, 0);
1078 		bzero(&siginfo, sizeof (siginfo));
1079 		siginfo.si_signo = SIGFPE;
1080 		siginfo.si_code  = FPE_INTOVF;
1081 		siginfo.si_addr  = (caddr_t)rp->r_pc;
1082 		fault = FLTIOVF;
1083 		break;
1084 
1085 	case T_BREAKPOINT + T_USER:	/* breakpoint trap (t 1) */
1086 		if (tudebug && tudebugbpt)
1087 			showregs(type, rp, (caddr_t)0, 0);
1088 		bzero(&siginfo, sizeof (siginfo));
1089 		siginfo.si_signo = SIGTRAP;
1090 		siginfo.si_code = TRAP_BRKPT;
1091 		siginfo.si_addr = (caddr_t)rp->r_pc;
1092 		fault = FLTBPT;
1093 		break;
1094 
1095 	case T_TAG_OVERFLOW + T_USER:	/* tag overflow (taddcctv, tsubcctv) */
1096 		if (tudebug)
1097 			showregs(type, rp, (caddr_t)0, 0);
1098 		bzero(&siginfo, sizeof (siginfo));
1099 		siginfo.si_signo = SIGEMT;
1100 		siginfo.si_code = EMT_TAGOVF;
1101 		siginfo.si_addr = (caddr_t)rp->r_pc;
1102 		fault = FLTACCESS;
1103 		break;
1104 
1105 	case T_FLUSH_PCB + T_USER:	/* finish user window overflow */
1106 	case T_FLUSHW + T_USER:		/* finish user window flush */
1107 		/*
1108 		 * This trap is entered from sys_rtt in locore.s when,
1109 		 * upon return to user is is found that there are user
1110 		 * windows in pcb_wbuf.  This happens because they could
1111 		 * not be saved on the user stack, either because it
1112 		 * wasn't resident or because it was misaligned.
1113 		 */
1114 	{
1115 		int error;
1116 		caddr_t sp;
1117 
1118 		error = flush_user_windows_to_stack(&sp);
1119 		/*
1120 		 * Possible errors:
1121 		 *	error copying out
1122 		 *	unaligned stack pointer
1123 		 * The first is given to us as the return value
1124 		 * from flush_user_windows_to_stack().  The second
1125 		 * results in residual windows in the pcb.
1126 		 */
1127 		if (error != 0) {
1128 			/*
1129 			 * EINTR comes from a signal during copyout;
1130 			 * we should not post another signal.
1131 			 */
1132 			if (error != EINTR) {
1133 				/*
1134 				 * Zap the process with a SIGSEGV - process
1135 				 * may be managing its own stack growth by
1136 				 * taking SIGSEGVs on a different signal stack.
1137 				 */
1138 				bzero(&siginfo, sizeof (siginfo));
1139 				siginfo.si_signo = SIGSEGV;
1140 				siginfo.si_code  = SEGV_MAPERR;
1141 				siginfo.si_addr  = sp;
1142 				fault = FLTBOUNDS;
1143 			}
1144 			break;
1145 		} else if (mpcb->mpcb_wbcnt) {
1146 			bzero(&siginfo, sizeof (siginfo));
1147 			siginfo.si_signo = SIGILL;
1148 			siginfo.si_code  = ILL_BADSTK;
1149 			siginfo.si_addr  = (caddr_t)rp->r_pc;
1150 			fault = FLTILL;
1151 			break;
1152 		}
1153 	}
1154 
1155 		/*
1156 		 * T_FLUSHW is used when handling a ta 0x3 -- the old flush
1157 		 * window trap -- which is implemented by executing the
1158 		 * flushw instruction. The flushw can trap if any of the
1159 		 * stack pages are not writable for whatever reason. In this
1160 		 * case only, we advance the pc to the next instruction so
1161 		 * that the user thread doesn't needlessly execute the trap
1162 		 * again. Normally this wouldn't be a problem -- we'll
1163 		 * usually only end up here if this is the first touch to a
1164 		 * stack page -- since the second execution won't trap, but
1165 		 * if there's a watchpoint on the stack page the user thread
1166 		 * would spin, continuously executing the trap instruction.
1167 		 */
1168 		if (type == T_FLUSHW + T_USER) {
1169 			rp->r_pc = rp->r_npc;
1170 			rp->r_npc += 4;
1171 		}
1172 		goto out;
1173 
1174 	case T_AST + T_USER:		/* profiling or resched pseudo trap */
1175 		if (lwp->lwp_pcb.pcb_flags & CPC_OVERFLOW) {
1176 			lwp->lwp_pcb.pcb_flags &= ~CPC_OVERFLOW;
1177 			if (kcpc_overflow_ast()) {
1178 				/*
1179 				 * Signal performance counter overflow
1180 				 */
1181 				if (tudebug)
1182 					showregs(type, rp, (caddr_t)0, 0);
1183 				bzero(&siginfo, sizeof (siginfo));
1184 				siginfo.si_signo = SIGEMT;
1185 				siginfo.si_code = EMT_CPCOVF;
1186 				siginfo.si_addr = (caddr_t)rp->r_pc;
1187 				/* for trap_cleanup(), below */
1188 				oldpc = rp->r_pc - 4;
1189 				fault = FLTCPCOVF;
1190 			}
1191 		}
1192 
1193 		/*
1194 		 * The CPC_OVERFLOW check above may already have populated
1195 		 * siginfo and set fault, so the checks below must not
1196 		 * touch these and the functions they call must use
1197 		 * trapsig() directly.
1198 		 */
1199 
1200 		if (lwp->lwp_pcb.pcb_flags & ASYNC_HWERR) {
1201 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_HWERR;
1202 			trap_async_hwerr();
1203 		}
1204 
1205 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BERR) {
1206 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BERR;
1207 			trap_async_berr_bto(ASYNC_BERR, rp);
1208 		}
1209 
1210 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BTO) {
1211 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BTO;
1212 			trap_async_berr_bto(ASYNC_BTO, rp);
1213 		}
1214 
1215 		break;
1216 	}
1217 
1218 	if (fault) {
1219 		/* We took a fault so abort single step. */
1220 		lwp->lwp_pcb.pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
1221 	}
1222 	trap_cleanup(rp, fault, &siginfo, oldpc == rp->r_pc);
1223 
1224 out:	/* We can't get here from a system trap */
1225 	ASSERT(type & T_USER);
1226 	trap_rtt();
1227 	(void) new_mstate(curthread, mstate);
1228 	/* Kernel probe */
1229 	TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
1230 		tnf_microstate, state, LMS_USER);
1231 
1232 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1233 	return;
1234 
1235 cleanup:	/* system traps end up here */
1236 	ASSERT(!(type & T_USER));
1237 
1238 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1239 }
1240 
1241 void
1242 trap_cleanup(
1243 	struct regs *rp,
1244 	uint_t fault,
1245 	k_siginfo_t *sip,
1246 	int restartable)
1247 {
1248 	extern void aio_cleanup();
1249 	proc_t *p = ttoproc(curthread);
1250 	klwp_id_t lwp = ttolwp(curthread);
1251 
1252 	if (fault) {
1253 		/*
1254 		 * Remember the fault and fault address
1255 		 * for real-time (SIGPROF) profiling.
1256 		 */
1257 		lwp->lwp_lastfault = fault;
1258 		lwp->lwp_lastfaddr = sip->si_addr;
1259 
1260 		DTRACE_PROC2(fault, int, fault, ksiginfo_t *, sip);
1261 
1262 		/*
1263 		 * If a debugger has declared this fault to be an
1264 		 * event of interest, stop the lwp.  Otherwise just
1265 		 * deliver the associated signal.
1266 		 */
1267 		if (sip->si_signo != SIGKILL &&
1268 		    prismember(&p->p_fltmask, fault) &&
1269 		    stop_on_fault(fault, sip) == 0)
1270 			sip->si_signo = 0;
1271 	}
1272 
1273 	if (sip->si_signo)
1274 		trapsig(sip, restartable);
1275 
1276 	if (lwp->lwp_oweupc)
1277 		profil_tick(rp->r_pc);
1278 
1279 	if (curthread->t_astflag | curthread->t_sig_check) {
1280 		/*
1281 		 * Turn off the AST flag before checking all the conditions that
1282 		 * may have caused an AST.  This flag is on whenever a signal or
1283 		 * unusual condition should be handled after the next trap or
1284 		 * syscall.
1285 		 */
1286 		astoff(curthread);
1287 		curthread->t_sig_check = 0;
1288 
1289 		/*
1290 		 * The following check is legal for the following reasons:
1291 		 *	1) The thread we are checking, is ourselves, so there is
1292 		 *	   no way the proc can go away.
1293 		 *	2) The only time we need to be protected by the
1294 		 *	   lock is if the binding is changed.
1295 		 *
1296 		 *	Note we will still take the lock and check the binding
1297 		 *	if the condition was true without the lock held.  This
1298 		 *	prevents lock contention among threads owned by the
1299 		 *	same proc.
1300 		 */
1301 
1302 		if (curthread->t_proc_flag & TP_CHANGEBIND) {
1303 			mutex_enter(&p->p_lock);
1304 			if (curthread->t_proc_flag & TP_CHANGEBIND) {
1305 				timer_lwpbind();
1306 				curthread->t_proc_flag &= ~TP_CHANGEBIND;
1307 			}
1308 			mutex_exit(&p->p_lock);
1309 		}
1310 
1311 		/*
1312 		 * for kaio requests that are on the per-process poll queue,
1313 		 * aiop->aio_pollq, they're AIO_POLL bit is set, the kernel
1314 		 * should copyout their result_t to user memory. by copying
1315 		 * out the result_t, the user can poll on memory waiting
1316 		 * for the kaio request to complete.
1317 		 */
1318 		if (p->p_aio)
1319 			aio_cleanup(0);
1320 
1321 		/*
1322 		 * If this LWP was asked to hold, call holdlwp(), which will
1323 		 * stop.  holdlwps() sets this up and calls pokelwps() which
1324 		 * sets the AST flag.
1325 		 *
1326 		 * Also check TP_EXITLWP, since this is used by fresh new LWPs
1327 		 * through lwp_rtt().  That flag is set if the lwp_create(2)
1328 		 * syscall failed after creating the LWP.
1329 		 */
1330 		if (ISHOLD(p))
1331 			holdlwp();
1332 
1333 		/*
1334 		 * All code that sets signals and makes ISSIG evaluate true must
1335 		 * set t_astflag afterwards.
1336 		 */
1337 		if (ISSIG_PENDING(curthread, lwp, p)) {
1338 			if (issig(FORREAL))
1339 				psig();
1340 			curthread->t_sig_check = 1;
1341 		}
1342 
1343 		if (curthread->t_rprof != NULL) {
1344 			realsigprof(0, 0, 0);
1345 			curthread->t_sig_check = 1;
1346 		}
1347 	}
1348 }
1349 
1350 /*
1351  * Called from fp_traps when a floating point trap occurs.
1352  * Note that the T_DATA_EXCEPTION case does not use X_FAULT_TYPE(mmu_fsr),
1353  * because mmu_fsr (now changed to code) is always 0.
1354  * Note that the T_UNIMP_INSTR case does not call simulate_unimp(),
1355  * because the simulator only simulates multiply and divide instructions,
1356  * which would not cause floating point traps in the first place.
1357  * XXX - Supervisor mode floating point traps?
1358  */
1359 void
1360 fpu_trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t code)
1361 {
1362 	proc_t *p = ttoproc(curthread);
1363 	klwp_id_t lwp = ttolwp(curthread);
1364 	k_siginfo_t siginfo;
1365 	uint_t op3, fault = 0;
1366 	int mstate;
1367 	char *badaddr;
1368 	kfpu_t *fp;
1369 	struct _fpq *pfpq;
1370 	uint32_t inst;
1371 	utrap_handler_t *utrapp;
1372 
1373 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
1374 
1375 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
1376 
1377 	if (USERMODE(rp->r_tstate)) {
1378 		/*
1379 		 * Set lwp_state before trying to acquire any
1380 		 * adaptive lock
1381 		 */
1382 		ASSERT(lwp != NULL);
1383 		lwp->lwp_state = LWP_SYS;
1384 		/*
1385 		 * Set up the current cred to use during this trap. u_cred
1386 		 * no longer exists.  t_cred is used instead.
1387 		 * The current process credential applies to the thread for
1388 		 * the entire trap.  If trapping from the kernel, this
1389 		 * should already be set up.
1390 		 */
1391 		if (curthread->t_cred != p->p_cred) {
1392 			cred_t *oldcred = curthread->t_cred;
1393 			/*
1394 			 * DTrace accesses t_cred in probe context.  t_cred
1395 			 * must always be either NULL, or point to a valid,
1396 			 * allocated cred structure.
1397 			 */
1398 			curthread->t_cred = crgetcred();
1399 			crfree(oldcred);
1400 		}
1401 		ASSERT(lwp->lwp_regs == rp);
1402 		mstate = new_mstate(curthread, LMS_TRAP);
1403 		siginfo.si_signo = 0;
1404 		type |= T_USER;
1405 	}
1406 
1407 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
1408 	    "C_fpu_trap_handler_enter:type %x", type);
1409 
1410 	if (tudebug && tudebugfpe)
1411 		showregs(type, rp, addr, 0);
1412 
1413 	bzero(&siginfo, sizeof (siginfo));
1414 	siginfo.si_code = code;
1415 	siginfo.si_addr = addr;
1416 
1417 	switch (type) {
1418 
1419 	case T_FP_EXCEPTION_IEEE + T_USER:	/* FPU arithmetic exception */
1420 		/*
1421 		 * FPU arithmetic exception - fake up a fpq if we
1422 		 *	came here directly from _fp_ieee_exception,
1423 		 *	which is indicated by a zero fpu_qcnt.
1424 		 */
1425 		fp = lwptofpu(curthread->t_lwp);
1426 		utrapp = curthread->t_procp->p_utraps;
1427 		if (fp->fpu_qcnt == 0) {
1428 			inst = fetch_user_instr((caddr_t)rp->r_pc);
1429 			lwp->lwp_state = LWP_SYS;
1430 			pfpq = &fp->fpu_q->FQu.fpq;
1431 			pfpq->fpq_addr = (uint32_t *)rp->r_pc;
1432 			pfpq->fpq_instr = inst;
1433 			fp->fpu_qcnt = 1;
1434 			fp->fpu_q_entrysize = sizeof (struct _fpq);
1435 #ifdef SF_V9_TABLE_28
1436 			/*
1437 			 * Spitfire and blackbird followed the SPARC V9 manual
1438 			 * paragraph 3 of section 5.1.7.9 FSR_current_exception
1439 			 * (cexc) for setting fsr.cexc bits on underflow and
1440 			 * overflow traps when the fsr.tem.inexact bit is set,
1441 			 * instead of following Table 28. Bugid 1263234.
1442 			 */
1443 			{
1444 				extern int spitfire_bb_fsr_bug;
1445 
1446 				if (spitfire_bb_fsr_bug &&
1447 				    (fp->fpu_fsr & FSR_TEM_NX)) {
1448 					if (((fp->fpu_fsr & FSR_TEM_OF) == 0) &&
1449 					    (fp->fpu_fsr & FSR_CEXC_OF)) {
1450 						fp->fpu_fsr &= ~FSR_CEXC_OF;
1451 						fp->fpu_fsr |= FSR_CEXC_NX;
1452 						_fp_write_pfsr(&fp->fpu_fsr);
1453 						siginfo.si_code = FPE_FLTRES;
1454 					}
1455 					if (((fp->fpu_fsr & FSR_TEM_UF) == 0) &&
1456 					    (fp->fpu_fsr & FSR_CEXC_UF)) {
1457 						fp->fpu_fsr &= ~FSR_CEXC_UF;
1458 						fp->fpu_fsr |= FSR_CEXC_NX;
1459 						_fp_write_pfsr(&fp->fpu_fsr);
1460 						siginfo.si_code = FPE_FLTRES;
1461 					}
1462 				}
1463 			}
1464 #endif /* SF_V9_TABLE_28 */
1465 			rp->r_pc = rp->r_npc;
1466 			rp->r_npc += 4;
1467 		} else if (utrapp && utrapp[UT_FP_EXCEPTION_IEEE_754]) {
1468 			/*
1469 			 * The user had a trap handler installed.  Jump to
1470 			 * the trap handler instead of signalling the process.
1471 			 */
1472 			rp->r_pc = (long)utrapp[UT_FP_EXCEPTION_IEEE_754];
1473 			rp->r_npc = rp->r_pc + 4;
1474 			break;
1475 		}
1476 		siginfo.si_signo = SIGFPE;
1477 		fault = FLTFPE;
1478 		break;
1479 
1480 	case T_DATA_EXCEPTION + T_USER:		/* user data access exception */
1481 		siginfo.si_signo = SIGSEGV;
1482 		fault = FLTBOUNDS;
1483 		break;
1484 
1485 	case T_LDDF_ALIGN + T_USER: /* 64 bit user lddfa alignment error */
1486 	case T_STDF_ALIGN + T_USER: /* 64 bit user stdfa alignment error */
1487 		alignfaults++;
1488 		lwp->lwp_state = LWP_SYS;
1489 		if (&vis1_partial_support != NULL) {
1490 			bzero(&siginfo, sizeof (siginfo));
1491 			if (vis1_partial_support(rp,
1492 			    &siginfo, &fault) == 0)
1493 				goto out;
1494 		}
1495 		if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1496 			rp->r_pc = rp->r_npc;
1497 			rp->r_npc += 4;
1498 			goto out;
1499 		}
1500 		fp = lwptofpu(curthread->t_lwp);
1501 		fp->fpu_qcnt = 0;
1502 		siginfo.si_signo = SIGSEGV;
1503 		siginfo.si_code = SEGV_MAPERR;
1504 		siginfo.si_addr = badaddr;
1505 		fault = FLTBOUNDS;
1506 		break;
1507 
1508 	case T_ALIGNMENT + T_USER:		/* user alignment error */
1509 		/*
1510 		 * If the user has to do unaligned references
1511 		 * the ugly stuff gets done here.
1512 		 * Only handles vanilla loads and stores.
1513 		 */
1514 		alignfaults++;
1515 		if (p->p_fixalignment) {
1516 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1517 				rp->r_pc = rp->r_npc;
1518 				rp->r_npc += 4;
1519 				goto out;
1520 			}
1521 			siginfo.si_signo = SIGSEGV;
1522 			siginfo.si_code = SEGV_MAPERR;
1523 			siginfo.si_addr = badaddr;
1524 			fault = FLTBOUNDS;
1525 		} else {
1526 			siginfo.si_signo = SIGBUS;
1527 			siginfo.si_code = BUS_ADRALN;
1528 			if (rp->r_pc & 3) {	/* offending address, if pc */
1529 				siginfo.si_addr = (caddr_t)rp->r_pc;
1530 			} else {
1531 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
1532 					siginfo.si_addr = badaddr;
1533 				else
1534 					siginfo.si_addr = (caddr_t)rp->r_pc;
1535 			}
1536 			fault = FLTACCESS;
1537 		}
1538 		break;
1539 
1540 	case T_UNIMP_INSTR + T_USER:		/* illegal instruction fault */
1541 		siginfo.si_signo = SIGILL;
1542 		inst = fetch_user_instr((caddr_t)rp->r_pc);
1543 		op3 = (inst >> 19) & 0x3F;
1544 		if ((op3 == IOP_V8_STQFA) || (op3 == IOP_V8_STDFA))
1545 			siginfo.si_code = ILL_ILLADR;
1546 		else
1547 			siginfo.si_code = ILL_ILLTRP;
1548 		fault = FLTILL;
1549 		break;
1550 
1551 	default:
1552 		(void) die(type, rp, addr, 0);
1553 		/*NOTREACHED*/
1554 	}
1555 
1556 	/*
1557 	 * We can't get here from a system trap
1558 	 * Never restart any instruction which got here from an fp trap.
1559 	 */
1560 	ASSERT(type & T_USER);
1561 
1562 	trap_cleanup(rp, fault, &siginfo, 0);
1563 out:
1564 	trap_rtt();
1565 	(void) new_mstate(curthread, mstate);
1566 }
1567 
1568 void
1569 trap_rtt(void)
1570 {
1571 	klwp_id_t lwp = ttolwp(curthread);
1572 
1573 	/*
1574 	 * Restore register window if a debugger modified it.
1575 	 * Set up to perform a single-step if a debugger requested it.
1576 	 */
1577 	if (lwp->lwp_pcb.pcb_xregstat != XREGNONE)
1578 		xregrestore(lwp, 0);
1579 
1580 	/*
1581 	 * Set state to LWP_USER here so preempt won't give us a kernel
1582 	 * priority if it occurs after this point.  Call CL_TRAPRET() to
1583 	 * restore the user-level priority.
1584 	 *
1585 	 * It is important that no locks (other than spinlocks) be entered
1586 	 * after this point before returning to user mode (unless lwp_state
1587 	 * is set back to LWP_SYS).
1588 	 */
1589 	lwp->lwp_state = LWP_USER;
1590 	if (curthread->t_trapret) {
1591 		curthread->t_trapret = 0;
1592 		thread_lock(curthread);
1593 		CL_TRAPRET(curthread);
1594 		thread_unlock(curthread);
1595 	}
1596 	if (CPU->cpu_runrun || curthread->t_schedflag & TS_ANYWAITQ)
1597 		preempt();
1598 	prunstop();
1599 	if (lwp->lwp_pcb.pcb_step != STEP_NONE)
1600 		prdostep();
1601 
1602 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1603 }
1604 
1605 #define	IS_LDASI(o)	\
1606 	((o) == (uint32_t)0xC0C00000 || (o) == (uint32_t)0xC0800000 ||	\
1607 	(o) == (uint32_t)0xC1800000)
1608 #define	IS_IMM_ASI(i)	(((i) & 0x2000) == 0)
1609 #define	IS_ASINF(a)	(((a) & 0xF6) == 0x82)
1610 #define	IS_LDDA(i)	(((i) & 0xC1F80000) == 0xC0980000)
1611 
1612 static int
1613 nfload(struct regs *rp, int *instrp)
1614 {
1615 	uint_t	instr, asi, op3, rd;
1616 	size_t	len;
1617 	struct as *as;
1618 	caddr_t addr;
1619 	FPU_DREGS_TYPE zero;
1620 	extern int segnf_create();
1621 
1622 	if (USERMODE(rp->r_tstate))
1623 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1624 	else
1625 		instr = *(int *)rp->r_pc;
1626 
1627 	if (instrp)
1628 		*instrp = instr;
1629 
1630 	op3 = (uint_t)(instr & 0xC1E00000);
1631 	if (!IS_LDASI(op3))
1632 		return (0);
1633 	if (IS_IMM_ASI(instr))
1634 		asi = (instr & 0x1FE0) >> 5;
1635 	else
1636 		asi = (uint_t)((rp->r_tstate >> TSTATE_ASI_SHIFT) &
1637 		    TSTATE_ASI_MASK);
1638 	if (!IS_ASINF(asi))
1639 		return (0);
1640 	if (calc_memaddr(rp, &addr) == SIMU_SUCCESS) {
1641 		len = 1;
1642 		as = USERMODE(rp->r_tstate) ? ttoproc(curthread)->p_as : &kas;
1643 		as_rangelock(as);
1644 		if (as_gap(as, len, &addr, &len, 0, addr) == 0)
1645 			(void) as_map(as, addr, len, segnf_create, NULL);
1646 		as_rangeunlock(as);
1647 	}
1648 	zero = 0;
1649 	rd = (instr >> 25) & 0x1f;
1650 	if (IS_FLOAT(instr)) {
1651 		uint_t dbflg = ((instr >> 19) & 3) == 3;
1652 
1653 		if (dbflg) {		/* clever v9 reg encoding */
1654 			if (rd & 1)
1655 				rd = (rd & 0x1e) | 0x20;
1656 			rd >>= 1;
1657 		}
1658 		if (fpu_exists) {
1659 			if (!(_fp_read_fprs() & FPRS_FEF))
1660 				fp_enable();
1661 
1662 			if (dbflg)
1663 				_fp_write_pdreg(&zero, rd);
1664 			else
1665 				_fp_write_pfreg((uint_t *)&zero, rd);
1666 		} else {
1667 			kfpu_t *fp = lwptofpu(curthread->t_lwp);
1668 
1669 			if (!fp->fpu_en)
1670 				fp_enable();
1671 
1672 			if (dbflg)
1673 				fp->fpu_fr.fpu_dregs[rd] = zero;
1674 			else
1675 				fp->fpu_fr.fpu_regs[rd] = 0;
1676 		}
1677 	} else {
1678 		(void) putreg(&zero, rp, rd, &addr);
1679 		if (IS_LDDA(instr))
1680 			(void) putreg(&zero, rp, rd + 1, &addr);
1681 	}
1682 	rp->r_pc = rp->r_npc;
1683 	rp->r_npc += 4;
1684 	return (1);
1685 }
1686 
1687 kmutex_t atomic_nc_mutex;
1688 
1689 /*
1690  * The following couple of routines are for userland drivers which
1691  * do atomics to noncached addresses.  This sort of worked on previous
1692  * platforms -- the operation really wasn't atomic, but it didn't generate
1693  * a trap as sun4u systems do.
1694  */
1695 static int
1696 swap_nc(struct regs *rp, int instr)
1697 {
1698 	uint64_t rdata, mdata;
1699 	caddr_t addr, badaddr;
1700 	uint_t tmp, rd;
1701 
1702 	(void) flush_user_windows_to_stack(NULL);
1703 	rd = (instr >> 25) & 0x1f;
1704 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1705 		return (0);
1706 	if (getreg(rp, rd, &rdata, &badaddr))
1707 		return (0);
1708 	mutex_enter(&atomic_nc_mutex);
1709 	if (fuword32(addr, &tmp) == -1) {
1710 		mutex_exit(&atomic_nc_mutex);
1711 		return (0);
1712 	}
1713 	mdata = (u_longlong_t)tmp;
1714 	if (suword32(addr, (uint32_t)rdata) == -1) {
1715 		mutex_exit(&atomic_nc_mutex);
1716 		return (0);
1717 	}
1718 	(void) putreg(&mdata, rp, rd, &badaddr);
1719 	mutex_exit(&atomic_nc_mutex);
1720 	return (1);
1721 }
1722 
1723 static int
1724 ldstub_nc(struct regs *rp, int instr)
1725 {
1726 	uint64_t mdata;
1727 	caddr_t addr, badaddr;
1728 	uint_t rd;
1729 	uint8_t tmp;
1730 
1731 	(void) flush_user_windows_to_stack(NULL);
1732 	rd = (instr >> 25) & 0x1f;
1733 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1734 		return (0);
1735 	mutex_enter(&atomic_nc_mutex);
1736 	if (fuword8(addr, &tmp) == -1) {
1737 		mutex_exit(&atomic_nc_mutex);
1738 		return (0);
1739 	}
1740 	mdata = (u_longlong_t)tmp;
1741 	if (suword8(addr, (uint8_t)0xff) == -1) {
1742 		mutex_exit(&atomic_nc_mutex);
1743 		return (0);
1744 	}
1745 	(void) putreg(&mdata, rp, rd, &badaddr);
1746 	mutex_exit(&atomic_nc_mutex);
1747 	return (1);
1748 }
1749 
1750 /*
1751  * This function helps instr_size() determine the operand size.
1752  * It is called for the extended ldda/stda asi's.
1753  */
1754 int
1755 extended_asi_size(int asi)
1756 {
1757 	switch (asi) {
1758 	case ASI_PST8_P:
1759 	case ASI_PST8_S:
1760 	case ASI_PST16_P:
1761 	case ASI_PST16_S:
1762 	case ASI_PST32_P:
1763 	case ASI_PST32_S:
1764 	case ASI_PST8_PL:
1765 	case ASI_PST8_SL:
1766 	case ASI_PST16_PL:
1767 	case ASI_PST16_SL:
1768 	case ASI_PST32_PL:
1769 	case ASI_PST32_SL:
1770 		return (8);
1771 	case ASI_FL8_P:
1772 	case ASI_FL8_S:
1773 	case ASI_FL8_PL:
1774 	case ASI_FL8_SL:
1775 		return (1);
1776 	case ASI_FL16_P:
1777 	case ASI_FL16_S:
1778 	case ASI_FL16_PL:
1779 	case ASI_FL16_SL:
1780 		return (2);
1781 	case ASI_BLK_P:
1782 	case ASI_BLK_S:
1783 	case ASI_BLK_PL:
1784 	case ASI_BLK_SL:
1785 	case ASI_BLK_COMMIT_P:
1786 	case ASI_BLK_COMMIT_S:
1787 		return (64);
1788 	}
1789 
1790 	return (0);
1791 }
1792 
1793 /*
1794  * Patch non-zero to disable preemption of threads in the kernel.
1795  */
1796 int IGNORE_KERNEL_PREEMPTION = 0;	/* XXX - delete this someday */
1797 
1798 struct kpreempt_cnts {	/* kernel preemption statistics */
1799 	int	kpc_idle;	/* executing idle thread */
1800 	int	kpc_intr;	/* executing interrupt thread */
1801 	int	kpc_clock;	/* executing clock thread */
1802 	int	kpc_blocked;	/* thread has blocked preemption (t_preempt) */
1803 	int	kpc_notonproc;	/* thread is surrendering processor */
1804 	int	kpc_inswtch;	/* thread has ratified scheduling decision */
1805 	int	kpc_prilevel;	/* processor interrupt level is too high */
1806 	int	kpc_apreempt;	/* asynchronous preemption */
1807 	int	kpc_spreempt;	/* synchronous preemption */
1808 }	kpreempt_cnts;
1809 
1810 /*
1811  * kernel preemption: forced rescheduling
1812  *	preempt the running kernel thread.
1813  */
1814 void
1815 kpreempt(int asyncspl)
1816 {
1817 	if (IGNORE_KERNEL_PREEMPTION) {
1818 		aston(CPU->cpu_dispthread);
1819 		return;
1820 	}
1821 	/*
1822 	 * Check that conditions are right for kernel preemption
1823 	 */
1824 	do {
1825 		if (curthread->t_preempt) {
1826 			/*
1827 			 * either a privileged thread (idle, panic, interrupt)
1828 			 * or will check when t_preempt is lowered
1829 			 * We need to specifically handle the case where
1830 			 * the thread is in the middle of swtch (resume has
1831 			 * been called) and has its t_preempt set
1832 			 * [idle thread and a thread which is in kpreempt
1833 			 * already] and then a high priority thread is
1834 			 * available in the local dispatch queue.
1835 			 * In this case the resumed thread needs to take a
1836 			 * trap so that it can call kpreempt. We achieve
1837 			 * this by using siron().
1838 			 * How do we detect this condition:
1839 			 * idle thread is running and is in the midst of
1840 			 * resume: curthread->t_pri == -1 && CPU->dispthread
1841 			 * != CPU->thread
1842 			 * Need to ensure that this happens only at high pil
1843 			 * resume is called at high pil
1844 			 * Only in resume_from_idle is the pil changed.
1845 			 */
1846 			if (curthread->t_pri < 0) {
1847 				kpreempt_cnts.kpc_idle++;
1848 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1849 					siron();
1850 			} else if (curthread->t_flag & T_INTR_THREAD) {
1851 				kpreempt_cnts.kpc_intr++;
1852 				if (curthread->t_pil == CLOCK_LEVEL)
1853 					kpreempt_cnts.kpc_clock++;
1854 			} else {
1855 				kpreempt_cnts.kpc_blocked++;
1856 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1857 					siron();
1858 			}
1859 			aston(CPU->cpu_dispthread);
1860 			return;
1861 		}
1862 		if (curthread->t_state != TS_ONPROC ||
1863 		    curthread->t_disp_queue != CPU->cpu_disp) {
1864 			/* this thread will be calling swtch() shortly */
1865 			kpreempt_cnts.kpc_notonproc++;
1866 			if (CPU->cpu_thread != CPU->cpu_dispthread) {
1867 				/* already in swtch(), force another */
1868 				kpreempt_cnts.kpc_inswtch++;
1869 				siron();
1870 			}
1871 			return;
1872 		}
1873 
1874 		if (((asyncspl != KPREEMPT_SYNC) ? spltoipl(asyncspl) :
1875 		    getpil()) >= DISP_LEVEL) {
1876 			/*
1877 			 * We can't preempt this thread if it is at
1878 			 * a PIL >= DISP_LEVEL since it may be holding
1879 			 * a spin lock (like sched_lock).
1880 			 */
1881 			siron();	/* check back later */
1882 			kpreempt_cnts.kpc_prilevel++;
1883 			return;
1884 		}
1885 
1886 		/*
1887 		 * block preemption so we don't have multiple preemptions
1888 		 * pending on the interrupt stack
1889 		 */
1890 		curthread->t_preempt++;
1891 		if (asyncspl != KPREEMPT_SYNC) {
1892 			splx(asyncspl);
1893 			kpreempt_cnts.kpc_apreempt++;
1894 		} else
1895 			kpreempt_cnts.kpc_spreempt++;
1896 
1897 		preempt();
1898 		curthread->t_preempt--;
1899 	} while (CPU->cpu_kprunrun);
1900 }
1901 
1902 static enum seg_rw
1903 get_accesstype(struct regs *rp)
1904 {
1905 	uint32_t instr;
1906 
1907 	if (USERMODE(rp->r_tstate))
1908 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1909 	else
1910 		instr = *(uint32_t *)rp->r_pc;
1911 
1912 	if (IS_FLUSH(instr))
1913 		return (S_OTHER);
1914 
1915 	if (IS_STORE(instr))
1916 		return (S_WRITE);
1917 	else
1918 		return (S_READ);
1919 }
1920 
1921 /*
1922  * Handle an asynchronous hardware error.
1923  * The policy is currently to send a hardware error contract event to
1924  * the process's process contract and to kill the process.  Eventually
1925  * we may want to instead send a special signal whose default
1926  * disposition is to generate the contract event.
1927  */
1928 void
1929 trap_async_hwerr(void)
1930 {
1931 	k_siginfo_t si;
1932 	proc_t *p = ttoproc(curthread);
1933 	extern void print_msg_hwerr(ctid_t ct_id, proc_t *p);
1934 
1935 	errorq_drain(ue_queue); /* flush pending async error messages */
1936 
1937 	print_msg_hwerr(p->p_ct_process->conp_contract.ct_id, p);
1938 
1939 	contract_process_hwerr(p->p_ct_process, p);
1940 
1941 	bzero(&si, sizeof (k_siginfo_t));
1942 	si.si_signo = SIGKILL;
1943 	si.si_code = SI_NOINFO;
1944 	trapsig(&si, 1);
1945 }
1946 
1947 /*
1948  * Handle bus error and bus timeout for a user process by sending SIGBUS
1949  * The type is either ASYNC_BERR or ASYNC_BTO.
1950  */
1951 void
1952 trap_async_berr_bto(int type, struct regs *rp)
1953 {
1954 	k_siginfo_t si;
1955 
1956 	errorq_drain(ue_queue); /* flush pending async error messages */
1957 	bzero(&si, sizeof (k_siginfo_t));
1958 
1959 	si.si_signo = SIGBUS;
1960 	si.si_code = (type == ASYNC_BERR ? BUS_OBJERR : BUS_ADRERR);
1961 	si.si_addr = (caddr_t)rp->r_pc; /* AFAR unavailable - future RFE */
1962 	si.si_errno = ENXIO;
1963 
1964 	trapsig(&si, 1);
1965 }
1966