xref: /titanic_44/usr/src/uts/sun4/os/trap.c (revision 2e107de79998f3036decec2454002940afb9a6ff)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 #include <sys/mmu.h>
29 #include <sys/systm.h>
30 #include <sys/trap.h>
31 #include <sys/machtrap.h>
32 #include <sys/vtrace.h>
33 #include <sys/prsystm.h>
34 #include <sys/archsystm.h>
35 #include <sys/machsystm.h>
36 #include <sys/fpu/fpusystm.h>
37 #include <sys/tnf.h>
38 #include <sys/tnf_probe.h>
39 #include <sys/simulate.h>
40 #include <sys/ftrace.h>
41 #include <sys/ontrap.h>
42 #include <sys/kcpc.h>
43 #include <sys/kobj.h>
44 #include <sys/procfs.h>
45 #include <sys/sun4asi.h>
46 #include <sys/sdt.h>
47 #include <sys/fpras.h>
48 
49 #ifdef  TRAPTRACE
50 #include <sys/traptrace.h>
51 #endif
52 
53 int tudebug = 0;
54 static int tudebugbpt = 0;
55 static int tudebugfpe = 0;
56 
57 static int alignfaults = 0;
58 
59 #if defined(TRAPDEBUG) || defined(lint)
60 static int lodebug = 0;
61 #else
62 #define	lodebug	0
63 #endif /* defined(TRAPDEBUG) || defined(lint) */
64 
65 
66 int vis1_partial_support(struct regs *rp, k_siginfo_t *siginfo, uint_t *fault);
67 #pragma weak vis1_partial_support
68 
69 void showregs(unsigned, struct regs *, caddr_t, uint_t);
70 #pragma weak showregs
71 
72 void trap_async_hwerr(void);
73 #pragma weak trap_async_hwerr
74 
75 void trap_async_berr_bto(int, struct regs *);
76 #pragma weak trap_async_berr_bto
77 
78 static enum seg_rw get_accesstype(struct regs *);
79 static int nfload(struct regs *, int *);
80 static int swap_nc(struct regs *, int);
81 static int ldstub_nc(struct regs *, int);
82 void	trap_cleanup(struct regs *, uint_t, k_siginfo_t *, int);
83 void	trap_rtt(void);
84 
85 static int
86 die(unsigned type, struct regs *rp, caddr_t addr, uint_t mmu_fsr)
87 {
88 	struct panic_trap_info ti;
89 
90 #ifdef TRAPTRACE
91 	TRAPTRACE_FREEZE;
92 #endif
93 
94 	ti.trap_regs = rp;
95 	ti.trap_type = type;
96 	ti.trap_addr = addr;
97 	ti.trap_mmu_fsr = mmu_fsr;
98 
99 	curthread->t_panic_trap = &ti;
100 
101 	if (type == T_DATA_MMU_MISS && addr < (caddr_t)KERNELBASE) {
102 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x "
103 		    "occurred in module \"%s\" due to %s",
104 		    type, (void *)rp, (void *)addr, mmu_fsr,
105 		    mod_containing_pc((caddr_t)rp->r_pc),
106 		    addr < (caddr_t)PAGESIZE ?
107 		    "a NULL pointer dereference" :
108 		    "an illegal access to a user address");
109 	} else {
110 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x",
111 		    type, (void *)rp, (void *)addr, mmu_fsr);
112 	}
113 
114 	return (0);	/* avoid optimization of restore in call's delay slot */
115 }
116 
117 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
118 int	ill_calls;
119 #endif
120 
121 /*
122  * Currently, the only PREFETCH/PREFETCHA instructions which cause traps
123  * are the "strong" prefetches (fcn=20-23).  But we check for all flavors of
124  * PREFETCH, in case some future variant also causes a DATA_MMU_MISS.
125  */
126 #define	IS_PREFETCH(i)	(((i) & 0xc1780000) == 0xc1680000)
127 
128 #define	IS_FLUSH(i)	(((i) & 0xc1f80000) == 0x81d80000)
129 #define	IS_SWAP(i)	(((i) & 0xc1f80000) == 0xc0780000)
130 #define	IS_LDSTUB(i)	(((i) & 0xc1f80000) == 0xc0680000)
131 #define	IS_FLOAT(i)	(((i) & 0x1000000) != 0)
132 #define	IS_STORE(i)	(((i) >> 21) & 1)
133 
134 /*
135  * Called from the trap handler when a processor trap occurs.
136  */
137 /*VARARGS2*/
138 void
139 trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t mmu_fsr)
140 {
141 	proc_t *p = ttoproc(curthread);
142 	klwp_id_t lwp = ttolwp(curthread);
143 	struct machpcb *mpcb = NULL;
144 	k_siginfo_t siginfo;
145 	uint_t op3, fault = 0;
146 	int stepped = 0;
147 	greg_t oldpc;
148 	int mstate;
149 	char *badaddr;
150 	faultcode_t res;
151 	enum fault_type fault_type;
152 	enum seg_rw rw;
153 	uintptr_t lofault;
154 	int instr;
155 	int iskernel;
156 	int watchcode;
157 	int watchpage;
158 	extern faultcode_t pagefault(caddr_t, enum fault_type,
159 	    enum seg_rw, int);
160 
161 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
162 
163 #ifdef SF_ERRATA_23 /* call causes illegal-insn */
164 	ASSERT((curthread->t_schedflag & TS_DONT_SWAP) ||
165 	    (type == T_UNIMP_INSTR));
166 #else
167 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
168 #endif /* SF_ERRATA_23 */
169 
170 	if (USERMODE(rp->r_tstate) || (type & T_USER)) {
171 		/*
172 		 * Set lwp_state before trying to acquire any
173 		 * adaptive lock
174 		 */
175 		ASSERT(lwp != NULL);
176 		lwp->lwp_state = LWP_SYS;
177 		/*
178 		 * Set up the current cred to use during this trap. u_cred
179 		 * no longer exists.  t_cred is used instead.
180 		 * The current process credential applies to the thread for
181 		 * the entire trap.  If trapping from the kernel, this
182 		 * should already be set up.
183 		 */
184 		if (curthread->t_cred != p->p_cred) {
185 			cred_t *oldcred = curthread->t_cred;
186 			/*
187 			 * DTrace accesses t_cred in probe context.  t_cred
188 			 * must always be either NULL, or point to a valid,
189 			 * allocated cred structure.
190 			 */
191 			curthread->t_cred = crgetcred();
192 			crfree(oldcred);
193 		}
194 		type |= T_USER;
195 		ASSERT((type == (T_SYS_RTT_PAGE | T_USER)) ||
196 		    (type == (T_SYS_RTT_ALIGN | T_USER)) ||
197 		    lwp->lwp_regs == rp);
198 		mpcb = lwptompcb(lwp);
199 		switch (type) {
200 		case T_WIN_OVERFLOW + T_USER:
201 		case T_WIN_UNDERFLOW + T_USER:
202 		case T_SYS_RTT_PAGE + T_USER:
203 		case T_DATA_MMU_MISS + T_USER:
204 			mstate = LMS_DFAULT;
205 			break;
206 		case T_INSTR_MMU_MISS + T_USER:
207 			mstate = LMS_TFAULT;
208 			break;
209 		default:
210 			mstate = LMS_TRAP;
211 			break;
212 		}
213 		/* Kernel probe */
214 		TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
215 		    tnf_microstate, state, (char)mstate);
216 		mstate = new_mstate(curthread, mstate);
217 		siginfo.si_signo = 0;
218 		stepped =
219 		    lwp->lwp_pcb.pcb_step != STEP_NONE &&
220 		    ((oldpc = rp->r_pc), prundostep()) &&
221 		    mmu_btop((uintptr_t)addr) == mmu_btop((uintptr_t)oldpc);
222 		/* this assignment must not precede call to prundostep() */
223 		oldpc = rp->r_pc;
224 	}
225 
226 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
227 	    "C_trap_handler_enter:type %x", type);
228 
229 #ifdef	F_DEFERRED
230 	/*
231 	 * Take any pending floating point exceptions now.
232 	 * If the floating point unit has an exception to handle,
233 	 * just return to user-level to let the signal handler run.
234 	 * The instruction that got us to trap() will be reexecuted on
235 	 * return from the signal handler and we will trap to here again.
236 	 * This is necessary to disambiguate simultaneous traps which
237 	 * happen when a floating-point exception is pending and a
238 	 * machine fault is incurred.
239 	 */
240 	if (type & USER) {
241 		/*
242 		 * FP_TRAPPED is set only by sendsig() when it copies
243 		 * out the floating-point queue for the signal handler.
244 		 * It is set there so we can test it here and in syscall().
245 		 */
246 		mpcb->mpcb_flags &= ~FP_TRAPPED;
247 		syncfpu();
248 		if (mpcb->mpcb_flags & FP_TRAPPED) {
249 			/*
250 			 * trap() has have been called recursively and may
251 			 * have stopped the process, so do single step
252 			 * support for /proc.
253 			 */
254 			mpcb->mpcb_flags &= ~FP_TRAPPED;
255 			goto out;
256 		}
257 	}
258 #endif
259 	switch (type) {
260 		case T_DATA_MMU_MISS:
261 		case T_INSTR_MMU_MISS + T_USER:
262 		case T_DATA_MMU_MISS + T_USER:
263 		case T_DATA_PROT + T_USER:
264 		case T_AST + T_USER:
265 		case T_SYS_RTT_PAGE + T_USER:
266 		case T_FLUSH_PCB + T_USER:
267 		case T_FLUSHW + T_USER:
268 			break;
269 
270 		default:
271 			FTRACE_3("trap(): type=0x%lx, regs=0x%lx, addr=0x%lx",
272 			    (ulong_t)type, (ulong_t)rp, (ulong_t)addr);
273 			break;
274 	}
275 
276 	switch (type) {
277 
278 	default:
279 		/*
280 		 * Check for user software trap.
281 		 */
282 		if (type & T_USER) {
283 			if (tudebug)
284 				showregs(type, rp, (caddr_t)0, 0);
285 			if ((type & ~T_USER) >= T_SOFTWARE_TRAP) {
286 				bzero(&siginfo, sizeof (siginfo));
287 				siginfo.si_signo = SIGILL;
288 				siginfo.si_code  = ILL_ILLTRP;
289 				siginfo.si_addr  = (caddr_t)rp->r_pc;
290 				siginfo.si_trapno = type &~ T_USER;
291 				fault = FLTILL;
292 				break;
293 			}
294 		}
295 		addr = (caddr_t)rp->r_pc;
296 		(void) die(type, rp, addr, 0);
297 		/*NOTREACHED*/
298 
299 	case T_ALIGNMENT:	/* supv alignment error */
300 		if (nfload(rp, NULL))
301 			goto cleanup;
302 
303 		if (curthread->t_lofault) {
304 			if (lodebug) {
305 				showregs(type, rp, addr, 0);
306 				traceback((caddr_t)rp->r_sp);
307 			}
308 			rp->r_g1 = EFAULT;
309 			rp->r_pc = curthread->t_lofault;
310 			rp->r_npc = rp->r_pc + 4;
311 			goto cleanup;
312 		}
313 		(void) die(type, rp, addr, 0);
314 		/*NOTREACHED*/
315 
316 	case T_INSTR_EXCEPTION:		/* sys instruction access exception */
317 		addr = (caddr_t)rp->r_pc;
318 		(void) die(type, rp, addr, mmu_fsr);
319 		/*NOTREACHED*/
320 
321 	case T_INSTR_MMU_MISS:		/* sys instruction mmu miss */
322 		addr = (caddr_t)rp->r_pc;
323 		(void) die(type, rp, addr, 0);
324 		/*NOTREACHED*/
325 
326 	case T_DATA_EXCEPTION:		/* system data access exception */
327 		switch (X_FAULT_TYPE(mmu_fsr)) {
328 		case FT_RANGE:
329 			/*
330 			 * This happens when we attempt to dereference an
331 			 * address in the address hole.  If t_ontrap is set,
332 			 * then break and fall through to T_DATA_MMU_MISS /
333 			 * T_DATA_PROT case below.  If lofault is set, then
334 			 * honour it (perhaps the user gave us a bogus
335 			 * address in the hole to copyin from or copyout to?)
336 			 */
337 
338 			if (curthread->t_ontrap != NULL)
339 				break;
340 
341 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
342 			if (curthread->t_lofault) {
343 				if (lodebug) {
344 					showregs(type, rp, addr, 0);
345 					traceback((caddr_t)rp->r_sp);
346 				}
347 				rp->r_g1 = EFAULT;
348 				rp->r_pc = curthread->t_lofault;
349 				rp->r_npc = rp->r_pc + 4;
350 				goto cleanup;
351 			}
352 			(void) die(type, rp, addr, mmu_fsr);
353 			/*NOTREACHED*/
354 
355 		case FT_PRIV:
356 			/*
357 			 * This can happen if we access ASI_USER from a kernel
358 			 * thread.  To support pxfs, we need to honor lofault if
359 			 * we're doing a copyin/copyout from a kernel thread.
360 			 */
361 
362 			if (nfload(rp, NULL))
363 				goto cleanup;
364 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
365 			if (curthread->t_lofault) {
366 				if (lodebug) {
367 					showregs(type, rp, addr, 0);
368 					traceback((caddr_t)rp->r_sp);
369 				}
370 				rp->r_g1 = EFAULT;
371 				rp->r_pc = curthread->t_lofault;
372 				rp->r_npc = rp->r_pc + 4;
373 				goto cleanup;
374 			}
375 			(void) die(type, rp, addr, mmu_fsr);
376 			/*NOTREACHED*/
377 
378 		default:
379 			if (nfload(rp, NULL))
380 				goto cleanup;
381 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
382 			(void) die(type, rp, addr, mmu_fsr);
383 			/*NOTREACHED*/
384 
385 		case FT_NFO:
386 			break;
387 		}
388 		/* fall into ... */
389 
390 	case T_DATA_MMU_MISS:		/* system data mmu miss */
391 	case T_DATA_PROT:		/* system data protection fault */
392 		if (nfload(rp, &instr))
393 			goto cleanup;
394 
395 		/*
396 		 * If we're under on_trap() protection (see <sys/ontrap.h>),
397 		 * set ot_trap and return from the trap to the trampoline.
398 		 */
399 		if (curthread->t_ontrap != NULL) {
400 			on_trap_data_t *otp = curthread->t_ontrap;
401 
402 			TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT,
403 			    "C_trap_handler_exit");
404 			TRACE_0(TR_FAC_TRAP, TR_TRAP_END, "trap_end");
405 
406 			if (otp->ot_prot & OT_DATA_ACCESS) {
407 				otp->ot_trap |= OT_DATA_ACCESS;
408 				rp->r_pc = otp->ot_trampoline;
409 				rp->r_npc = rp->r_pc + 4;
410 				goto cleanup;
411 			}
412 		}
413 		lofault = curthread->t_lofault;
414 		curthread->t_lofault = 0;
415 
416 		mstate = new_mstate(curthread, LMS_KFAULT);
417 
418 		switch (type) {
419 		case T_DATA_PROT:
420 			fault_type = F_PROT;
421 			rw = S_WRITE;
422 			break;
423 		case T_INSTR_MMU_MISS:
424 			fault_type = F_INVAL;
425 			rw = S_EXEC;
426 			break;
427 		case T_DATA_MMU_MISS:
428 		case T_DATA_EXCEPTION:
429 			/*
430 			 * The hardware doesn't update the sfsr on mmu
431 			 * misses so it is not easy to find out whether
432 			 * the access was a read or a write so we need
433 			 * to decode the actual instruction.
434 			 */
435 			fault_type = F_INVAL;
436 			rw = get_accesstype(rp);
437 			break;
438 		default:
439 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
440 			break;
441 		}
442 		/*
443 		 * We determine if access was done to kernel or user
444 		 * address space.  The addr passed into trap is really the
445 		 * tag access register.
446 		 */
447 		iskernel = (((uintptr_t)addr & TAGACC_CTX_MASK) == KCONTEXT);
448 		addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
449 
450 		res = pagefault(addr, fault_type, rw, iskernel);
451 		if (!iskernel && res == FC_NOMAP &&
452 		    addr < p->p_usrstack && grow(addr))
453 			res = 0;
454 
455 		(void) new_mstate(curthread, mstate);
456 
457 		/*
458 		 * Restore lofault.  If we resolved the fault, exit.
459 		 * If we didn't and lofault wasn't set, die.
460 		 */
461 		curthread->t_lofault = lofault;
462 
463 		if (res == 0)
464 			goto cleanup;
465 
466 		if (IS_PREFETCH(instr)) {
467 			/* skip prefetch instructions in kernel-land */
468 			rp->r_pc = rp->r_npc;
469 			rp->r_npc += 4;
470 			goto cleanup;
471 		}
472 
473 		if ((lofault == 0 || lodebug) &&
474 		    (calc_memaddr(rp, &badaddr) == SIMU_SUCCESS))
475 			addr = badaddr;
476 		if (lofault == 0)
477 			(void) die(type, rp, addr, 0);
478 		/*
479 		 * Cannot resolve fault.  Return to lofault.
480 		 */
481 		if (lodebug) {
482 			showregs(type, rp, addr, 0);
483 			traceback((caddr_t)rp->r_sp);
484 		}
485 		if (FC_CODE(res) == FC_OBJERR)
486 			res = FC_ERRNO(res);
487 		else
488 			res = EFAULT;
489 		rp->r_g1 = res;
490 		rp->r_pc = curthread->t_lofault;
491 		rp->r_npc = curthread->t_lofault + 4;
492 		goto cleanup;
493 
494 	case T_INSTR_EXCEPTION + T_USER: /* user insn access exception */
495 		bzero(&siginfo, sizeof (siginfo));
496 		siginfo.si_addr = (caddr_t)rp->r_pc;
497 		siginfo.si_signo = SIGSEGV;
498 		siginfo.si_code = X_FAULT_TYPE(mmu_fsr) == FT_PRIV ?
499 		    SEGV_ACCERR : SEGV_MAPERR;
500 		fault = FLTBOUNDS;
501 		break;
502 
503 	case T_WIN_OVERFLOW + T_USER:	/* window overflow in ??? */
504 	case T_WIN_UNDERFLOW + T_USER:	/* window underflow in ??? */
505 	case T_SYS_RTT_PAGE + T_USER:	/* window underflow in user_rtt */
506 	case T_INSTR_MMU_MISS + T_USER:	/* user instruction mmu miss */
507 	case T_DATA_MMU_MISS + T_USER:	/* user data mmu miss */
508 	case T_DATA_PROT + T_USER:	/* user data protection fault */
509 		switch (type) {
510 		case T_INSTR_MMU_MISS + T_USER:
511 			addr = (caddr_t)rp->r_pc;
512 			fault_type = F_INVAL;
513 			rw = S_EXEC;
514 			break;
515 
516 		case T_DATA_MMU_MISS + T_USER:
517 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
518 			fault_type = F_INVAL;
519 			/*
520 			 * The hardware doesn't update the sfsr on mmu misses
521 			 * so it is not easy to find out whether the access
522 			 * was a read or a write so we need to decode the
523 			 * actual instruction.  XXX BUGLY HW
524 			 */
525 			rw = get_accesstype(rp);
526 			break;
527 
528 		case T_DATA_PROT + T_USER:
529 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
530 			fault_type = F_PROT;
531 			rw = S_WRITE;
532 			break;
533 
534 		case T_WIN_OVERFLOW + T_USER:
535 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
536 			fault_type = F_INVAL;
537 			rw = S_WRITE;
538 			break;
539 
540 		case T_WIN_UNDERFLOW + T_USER:
541 		case T_SYS_RTT_PAGE + T_USER:
542 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
543 			fault_type = F_INVAL;
544 			rw = S_READ;
545 			break;
546 
547 		default:
548 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
549 			break;
550 		}
551 
552 		/*
553 		 * If we are single stepping do not call pagefault
554 		 */
555 		if (stepped) {
556 			res = FC_NOMAP;
557 		} else {
558 			caddr_t vaddr = addr;
559 			size_t sz;
560 			int ta;
561 
562 			ASSERT(!(curthread->t_flag & T_WATCHPT));
563 			watchpage = (pr_watch_active(p) &&
564 			    type != T_WIN_OVERFLOW + T_USER &&
565 			    type != T_WIN_UNDERFLOW + T_USER &&
566 			    type != T_SYS_RTT_PAGE + T_USER &&
567 			    pr_is_watchpage(addr, rw));
568 
569 			if (!watchpage ||
570 			    (sz = instr_size(rp, &vaddr, rw)) <= 0)
571 				/* EMPTY */;
572 			else if ((watchcode = pr_is_watchpoint(&vaddr, &ta,
573 			    sz, NULL, rw)) != 0) {
574 				if (ta) {
575 					do_watch_step(vaddr, sz, rw,
576 					    watchcode, rp->r_pc);
577 					fault_type = F_INVAL;
578 				} else {
579 					bzero(&siginfo,	sizeof (siginfo));
580 					siginfo.si_signo = SIGTRAP;
581 					siginfo.si_code = watchcode;
582 					siginfo.si_addr = vaddr;
583 					siginfo.si_trapafter = 0;
584 					siginfo.si_pc = (caddr_t)rp->r_pc;
585 					fault = FLTWATCH;
586 					break;
587 				}
588 			} else {
589 				if (rw != S_EXEC &&
590 				    pr_watch_emul(rp, vaddr, rw))
591 					goto out;
592 				do_watch_step(vaddr, sz, rw, 0, 0);
593 				fault_type = F_INVAL;
594 			}
595 
596 			if (pr_watch_active(p) &&
597 			    (type == T_WIN_OVERFLOW + T_USER ||
598 			    type == T_WIN_UNDERFLOW + T_USER ||
599 			    type == T_SYS_RTT_PAGE + T_USER)) {
600 				int dotwo = (type == T_WIN_UNDERFLOW + T_USER);
601 				if (copy_return_window(dotwo))
602 					goto out;
603 				fault_type = F_INVAL;
604 			}
605 
606 			res = pagefault(addr, fault_type, rw, 0);
607 
608 			/*
609 			 * If pagefault succeed, ok.
610 			 * Otherwise grow the stack automatically.
611 			 */
612 			if (res == 0 ||
613 			    (res == FC_NOMAP &&
614 			    type != T_INSTR_MMU_MISS + T_USER &&
615 			    addr < p->p_usrstack &&
616 			    grow(addr))) {
617 				int ismem = prismember(&p->p_fltmask, FLTPAGE);
618 
619 				/*
620 				 * instr_size() is used to get the exact
621 				 * address of the fault, instead of the
622 				 * page of the fault. Unfortunately it is
623 				 * very slow, and this is an important
624 				 * code path. Don't call it unless
625 				 * correctness is needed. ie. if FLTPAGE
626 				 * is set, or we're profiling.
627 				 */
628 
629 				if (curthread->t_rprof != NULL || ismem)
630 					(void) instr_size(rp, &addr, rw);
631 
632 				lwp->lwp_lastfault = FLTPAGE;
633 				lwp->lwp_lastfaddr = addr;
634 
635 				if (ismem) {
636 					bzero(&siginfo, sizeof (siginfo));
637 					siginfo.si_addr = addr;
638 					(void) stop_on_fault(FLTPAGE, &siginfo);
639 				}
640 				goto out;
641 			}
642 
643 			if (type != (T_INSTR_MMU_MISS + T_USER)) {
644 				/*
645 				 * check for non-faulting loads, also
646 				 * fetch the instruction to check for
647 				 * flush
648 				 */
649 				if (nfload(rp, &instr))
650 					goto out;
651 
652 				/* skip userland prefetch instructions */
653 				if (IS_PREFETCH(instr)) {
654 					rp->r_pc = rp->r_npc;
655 					rp->r_npc += 4;
656 					goto out;
657 					/*NOTREACHED*/
658 				}
659 
660 				/*
661 				 * check if the instruction was a
662 				 * flush.  ABI allows users to specify
663 				 * an illegal address on the flush
664 				 * instruction so we simply return in
665 				 * this case.
666 				 *
667 				 * NB: the hardware should set a bit
668 				 * indicating this trap was caused by
669 				 * a flush instruction.  Instruction
670 				 * decoding is bugly!
671 				 */
672 				if (IS_FLUSH(instr)) {
673 					/* skip the flush instruction */
674 					rp->r_pc = rp->r_npc;
675 					rp->r_npc += 4;
676 					goto out;
677 					/*NOTREACHED*/
678 				}
679 			} else if (res == FC_PROT) {
680 				report_stack_exec(p, addr);
681 			}
682 
683 			if (tudebug)
684 				showregs(type, rp, addr, 0);
685 		}
686 
687 		/*
688 		 * In the case where both pagefault and grow fail,
689 		 * set the code to the value provided by pagefault.
690 		 */
691 		(void) instr_size(rp, &addr, rw);
692 		bzero(&siginfo, sizeof (siginfo));
693 		siginfo.si_addr = addr;
694 		if (FC_CODE(res) == FC_OBJERR) {
695 			siginfo.si_errno = FC_ERRNO(res);
696 			if (siginfo.si_errno != EINTR) {
697 				siginfo.si_signo = SIGBUS;
698 				siginfo.si_code = BUS_OBJERR;
699 				fault = FLTACCESS;
700 			}
701 		} else { /* FC_NOMAP || FC_PROT */
702 			siginfo.si_signo = SIGSEGV;
703 			siginfo.si_code = (res == FC_NOMAP) ?
704 			    SEGV_MAPERR : SEGV_ACCERR;
705 			fault = FLTBOUNDS;
706 		}
707 		/*
708 		 * If this is the culmination of a single-step,
709 		 * reset the addr, code, signal and fault to
710 		 * indicate a hardware trace trap.
711 		 */
712 		if (stepped) {
713 			pcb_t *pcb = &lwp->lwp_pcb;
714 
715 			siginfo.si_signo = 0;
716 			fault = 0;
717 			if (pcb->pcb_step == STEP_WASACTIVE) {
718 				pcb->pcb_step = STEP_NONE;
719 				pcb->pcb_tracepc = NULL;
720 				oldpc = rp->r_pc - 4;
721 			}
722 			/*
723 			 * If both NORMAL_STEP and WATCH_STEP are in
724 			 * effect, give precedence to WATCH_STEP.
725 			 * One or the other must be set at this point.
726 			 */
727 			ASSERT(pcb->pcb_flags & (NORMAL_STEP|WATCH_STEP));
728 			if ((fault = undo_watch_step(&siginfo)) == 0 &&
729 			    (pcb->pcb_flags & NORMAL_STEP)) {
730 				siginfo.si_signo = SIGTRAP;
731 				siginfo.si_code = TRAP_TRACE;
732 				siginfo.si_addr = (caddr_t)rp->r_pc;
733 				fault = FLTTRACE;
734 			}
735 			pcb->pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
736 		}
737 		break;
738 
739 	case T_DATA_EXCEPTION + T_USER:	/* user data access exception */
740 
741 		if (&vis1_partial_support != NULL) {
742 			bzero(&siginfo, sizeof (siginfo));
743 			if (vis1_partial_support(rp,
744 			    &siginfo, &fault) == 0)
745 				goto out;
746 		}
747 
748 		if (nfload(rp, &instr))
749 			goto out;
750 		if (IS_FLUSH(instr)) {
751 			/* skip the flush instruction */
752 			rp->r_pc = rp->r_npc;
753 			rp->r_npc += 4;
754 			goto out;
755 			/*NOTREACHED*/
756 		}
757 		bzero(&siginfo, sizeof (siginfo));
758 		siginfo.si_addr = addr;
759 		switch (X_FAULT_TYPE(mmu_fsr)) {
760 		case FT_ATOMIC_NC:
761 			if ((IS_SWAP(instr) && swap_nc(rp, instr)) ||
762 			    (IS_LDSTUB(instr) && ldstub_nc(rp, instr))) {
763 				/* skip the atomic */
764 				rp->r_pc = rp->r_npc;
765 				rp->r_npc += 4;
766 				goto out;
767 			}
768 			/* fall into ... */
769 		case FT_PRIV:
770 			siginfo.si_signo = SIGSEGV;
771 			siginfo.si_code = SEGV_ACCERR;
772 			fault = FLTBOUNDS;
773 			break;
774 		case FT_SPEC_LD:
775 		case FT_ILL_ALT:
776 			siginfo.si_signo = SIGILL;
777 			siginfo.si_code = ILL_ILLADR;
778 			fault = FLTILL;
779 			break;
780 		default:
781 			siginfo.si_signo = SIGSEGV;
782 			siginfo.si_code = SEGV_MAPERR;
783 			fault = FLTBOUNDS;
784 			break;
785 		}
786 		break;
787 
788 	case T_SYS_RTT_ALIGN + T_USER:	/* user alignment error */
789 	case T_ALIGNMENT + T_USER:	/* user alignment error */
790 		if (tudebug)
791 			showregs(type, rp, addr, 0);
792 		/*
793 		 * If the user has to do unaligned references
794 		 * the ugly stuff gets done here.
795 		 */
796 		alignfaults++;
797 		if (&vis1_partial_support != NULL) {
798 			bzero(&siginfo, sizeof (siginfo));
799 			if (vis1_partial_support(rp,
800 			    &siginfo, &fault) == 0)
801 				goto out;
802 		}
803 
804 		bzero(&siginfo, sizeof (siginfo));
805 		if (type == T_SYS_RTT_ALIGN + T_USER) {
806 			if (nfload(rp, NULL))
807 				goto out;
808 			/*
809 			 * Can't do unaligned stack access
810 			 */
811 			siginfo.si_signo = SIGBUS;
812 			siginfo.si_code = BUS_ADRALN;
813 			siginfo.si_addr = addr;
814 			fault = FLTACCESS;
815 			break;
816 		}
817 
818 		/*
819 		 * Try to fix alignment before non-faulting load test.
820 		 */
821 		if (p->p_fixalignment) {
822 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
823 				rp->r_pc = rp->r_npc;
824 				rp->r_npc += 4;
825 				goto out;
826 			}
827 			if (nfload(rp, NULL))
828 				goto out;
829 			siginfo.si_signo = SIGSEGV;
830 			siginfo.si_code = SEGV_MAPERR;
831 			siginfo.si_addr = badaddr;
832 			fault = FLTBOUNDS;
833 		} else {
834 			if (nfload(rp, NULL))
835 				goto out;
836 			siginfo.si_signo = SIGBUS;
837 			siginfo.si_code = BUS_ADRALN;
838 			if (rp->r_pc & 3) {	/* offending address, if pc */
839 				siginfo.si_addr = (caddr_t)rp->r_pc;
840 			} else {
841 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
842 					siginfo.si_addr = badaddr;
843 				else
844 					siginfo.si_addr = (caddr_t)rp->r_pc;
845 			}
846 			fault = FLTACCESS;
847 		}
848 		break;
849 
850 	case T_PRIV_INSTR + T_USER:	/* privileged instruction fault */
851 		if (tudebug)
852 			showregs(type, rp, (caddr_t)0, 0);
853 		bzero(&siginfo, sizeof (siginfo));
854 		siginfo.si_signo = SIGILL;
855 		siginfo.si_code = ILL_PRVOPC;
856 		siginfo.si_addr = (caddr_t)rp->r_pc;
857 		fault = FLTILL;
858 		break;
859 
860 	case T_UNIMP_INSTR:		/* priv illegal instruction fault */
861 		if (fpras_implemented) {
862 			/*
863 			 * Call fpras_chktrap indicating that
864 			 * we've come from a trap handler and pass
865 			 * the regs.  That function may choose to panic
866 			 * (in which case it won't return) or it may
867 			 * determine that a reboot is desired.  In the
868 			 * latter case it must alter pc/npc to skip
869 			 * the illegal instruction and continue at
870 			 * a controlled address.
871 			 */
872 			if (&fpras_chktrap) {
873 				if (fpras_chktrap(rp))
874 					goto cleanup;
875 			}
876 		}
877 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
878 		instr = *(int *)rp->r_pc;
879 		if ((instr & 0xc0000000) == 0x40000000) {
880 			long pc;
881 
882 			rp->r_o7 = (long long)rp->r_pc;
883 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
884 			rp->r_pc = rp->r_npc;
885 			rp->r_npc = pc;
886 			ill_calls++;
887 			goto cleanup;
888 		}
889 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
890 		/*
891 		 * It's not an fpras failure and it's not SF_ERRATA_23 - die
892 		 */
893 		addr = (caddr_t)rp->r_pc;
894 		(void) die(type, rp, addr, 0);
895 		/*NOTREACHED*/
896 
897 	case T_UNIMP_INSTR + T_USER:	/* illegal instruction fault */
898 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
899 		instr = fetch_user_instr((caddr_t)rp->r_pc);
900 		if ((instr & 0xc0000000) == 0x40000000) {
901 			long pc;
902 
903 			rp->r_o7 = (long long)rp->r_pc;
904 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
905 			rp->r_pc = rp->r_npc;
906 			rp->r_npc = pc;
907 			ill_calls++;
908 			goto out;
909 		}
910 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
911 		if (tudebug)
912 			showregs(type, rp, (caddr_t)0, 0);
913 		bzero(&siginfo, sizeof (siginfo));
914 		/*
915 		 * Try to simulate the instruction.
916 		 */
917 		switch (simulate_unimp(rp, &badaddr)) {
918 		case SIMU_RETRY:
919 			goto out;	/* regs are already set up */
920 			/*NOTREACHED*/
921 
922 		case SIMU_SUCCESS:
923 			/* skip the successfully simulated instruction */
924 			rp->r_pc = rp->r_npc;
925 			rp->r_npc += 4;
926 			goto out;
927 			/*NOTREACHED*/
928 
929 		case SIMU_FAULT:
930 			siginfo.si_signo = SIGSEGV;
931 			siginfo.si_code = SEGV_MAPERR;
932 			siginfo.si_addr = badaddr;
933 			fault = FLTBOUNDS;
934 			break;
935 
936 		case SIMU_DZERO:
937 			siginfo.si_signo = SIGFPE;
938 			siginfo.si_code = FPE_INTDIV;
939 			siginfo.si_addr = (caddr_t)rp->r_pc;
940 			fault = FLTIZDIV;
941 			break;
942 
943 		case SIMU_UNALIGN:
944 			siginfo.si_signo = SIGBUS;
945 			siginfo.si_code = BUS_ADRALN;
946 			siginfo.si_addr = badaddr;
947 			fault = FLTACCESS;
948 			break;
949 
950 		case SIMU_ILLEGAL:
951 		default:
952 			siginfo.si_signo = SIGILL;
953 			op3 = (instr >> 19) & 0x3F;
954 			if ((IS_FLOAT(instr) && (op3 == IOP_V8_STQFA) ||
955 			    (op3 == IOP_V8_STDFA)))
956 				siginfo.si_code = ILL_ILLADR;
957 			else
958 				siginfo.si_code = ILL_ILLOPC;
959 			siginfo.si_addr = (caddr_t)rp->r_pc;
960 			fault = FLTILL;
961 			break;
962 		}
963 		break;
964 
965 	case T_UNIMP_LDD + T_USER:
966 	case T_UNIMP_STD + T_USER:
967 		if (tudebug)
968 			showregs(type, rp, (caddr_t)0, 0);
969 		switch (simulate_lddstd(rp, &badaddr)) {
970 		case SIMU_SUCCESS:
971 			/* skip the successfully simulated instruction */
972 			rp->r_pc = rp->r_npc;
973 			rp->r_npc += 4;
974 			goto out;
975 			/*NOTREACHED*/
976 
977 		case SIMU_FAULT:
978 			if (nfload(rp, NULL))
979 				goto out;
980 			siginfo.si_signo = SIGSEGV;
981 			siginfo.si_code = SEGV_MAPERR;
982 			siginfo.si_addr = badaddr;
983 			fault = FLTBOUNDS;
984 			break;
985 
986 		case SIMU_UNALIGN:
987 			if (nfload(rp, NULL))
988 				goto out;
989 			siginfo.si_signo = SIGBUS;
990 			siginfo.si_code = BUS_ADRALN;
991 			siginfo.si_addr = badaddr;
992 			fault = FLTACCESS;
993 			break;
994 
995 		case SIMU_ILLEGAL:
996 		default:
997 			siginfo.si_signo = SIGILL;
998 			siginfo.si_code = ILL_ILLOPC;
999 			siginfo.si_addr = (caddr_t)rp->r_pc;
1000 			fault = FLTILL;
1001 			break;
1002 		}
1003 		break;
1004 
1005 	case T_UNIMP_LDD:
1006 	case T_UNIMP_STD:
1007 		if (simulate_lddstd(rp, &badaddr) == SIMU_SUCCESS) {
1008 			/* skip the successfully simulated instruction */
1009 			rp->r_pc = rp->r_npc;
1010 			rp->r_npc += 4;
1011 			goto cleanup;
1012 			/*NOTREACHED*/
1013 		}
1014 		/*
1015 		 * A third party driver executed an {LDD,STD,LDDA,STDA}
1016 		 * that we couldn't simulate.
1017 		 */
1018 		if (nfload(rp, NULL))
1019 			goto cleanup;
1020 
1021 		if (curthread->t_lofault) {
1022 			if (lodebug) {
1023 				showregs(type, rp, addr, 0);
1024 				traceback((caddr_t)rp->r_sp);
1025 			}
1026 			rp->r_g1 = EFAULT;
1027 			rp->r_pc = curthread->t_lofault;
1028 			rp->r_npc = rp->r_pc + 4;
1029 			goto cleanup;
1030 		}
1031 		(void) die(type, rp, addr, 0);
1032 		/*NOTREACHED*/
1033 
1034 	case T_IDIV0 + T_USER:		/* integer divide by zero */
1035 	case T_DIV0 + T_USER:		/* integer divide by zero */
1036 		if (tudebug && tudebugfpe)
1037 			showregs(type, rp, (caddr_t)0, 0);
1038 		bzero(&siginfo, sizeof (siginfo));
1039 		siginfo.si_signo = SIGFPE;
1040 		siginfo.si_code = FPE_INTDIV;
1041 		siginfo.si_addr = (caddr_t)rp->r_pc;
1042 		fault = FLTIZDIV;
1043 		break;
1044 
1045 	case T_INT_OVERFLOW + T_USER:	/* integer overflow */
1046 		if (tudebug && tudebugfpe)
1047 			showregs(type, rp, (caddr_t)0, 0);
1048 		bzero(&siginfo, sizeof (siginfo));
1049 		siginfo.si_signo = SIGFPE;
1050 		siginfo.si_code  = FPE_INTOVF;
1051 		siginfo.si_addr  = (caddr_t)rp->r_pc;
1052 		fault = FLTIOVF;
1053 		break;
1054 
1055 	case T_BREAKPOINT + T_USER:	/* breakpoint trap (t 1) */
1056 		if (tudebug && tudebugbpt)
1057 			showregs(type, rp, (caddr_t)0, 0);
1058 		bzero(&siginfo, sizeof (siginfo));
1059 		siginfo.si_signo = SIGTRAP;
1060 		siginfo.si_code = TRAP_BRKPT;
1061 		siginfo.si_addr = (caddr_t)rp->r_pc;
1062 		fault = FLTBPT;
1063 		break;
1064 
1065 	case T_TAG_OVERFLOW + T_USER:	/* tag overflow (taddcctv, tsubcctv) */
1066 		if (tudebug)
1067 			showregs(type, rp, (caddr_t)0, 0);
1068 		bzero(&siginfo, sizeof (siginfo));
1069 		siginfo.si_signo = SIGEMT;
1070 		siginfo.si_code = EMT_TAGOVF;
1071 		siginfo.si_addr = (caddr_t)rp->r_pc;
1072 		fault = FLTACCESS;
1073 		break;
1074 
1075 	case T_FLUSH_PCB + T_USER:	/* finish user window overflow */
1076 	case T_FLUSHW + T_USER:		/* finish user window flush */
1077 		/*
1078 		 * This trap is entered from sys_rtt in locore.s when,
1079 		 * upon return to user is is found that there are user
1080 		 * windows in pcb_wbuf.  This happens because they could
1081 		 * not be saved on the user stack, either because it
1082 		 * wasn't resident or because it was misaligned.
1083 		 */
1084 	{
1085 		int error;
1086 		caddr_t sp;
1087 
1088 		error = flush_user_windows_to_stack(&sp);
1089 		/*
1090 		 * Possible errors:
1091 		 *	error copying out
1092 		 *	unaligned stack pointer
1093 		 * The first is given to us as the return value
1094 		 * from flush_user_windows_to_stack().  The second
1095 		 * results in residual windows in the pcb.
1096 		 */
1097 		if (error != 0) {
1098 			/*
1099 			 * EINTR comes from a signal during copyout;
1100 			 * we should not post another signal.
1101 			 */
1102 			if (error != EINTR) {
1103 				/*
1104 				 * Zap the process with a SIGSEGV - process
1105 				 * may be managing its own stack growth by
1106 				 * taking SIGSEGVs on a different signal stack.
1107 				 */
1108 				bzero(&siginfo, sizeof (siginfo));
1109 				siginfo.si_signo = SIGSEGV;
1110 				siginfo.si_code  = SEGV_MAPERR;
1111 				siginfo.si_addr  = sp;
1112 				fault = FLTBOUNDS;
1113 			}
1114 			break;
1115 		} else if (mpcb->mpcb_wbcnt) {
1116 			bzero(&siginfo, sizeof (siginfo));
1117 			siginfo.si_signo = SIGILL;
1118 			siginfo.si_code  = ILL_BADSTK;
1119 			siginfo.si_addr  = (caddr_t)rp->r_pc;
1120 			fault = FLTILL;
1121 			break;
1122 		}
1123 	}
1124 
1125 		/*
1126 		 * T_FLUSHW is used when handling a ta 0x3 -- the old flush
1127 		 * window trap -- which is implemented by executing the
1128 		 * flushw instruction. The flushw can trap if any of the
1129 		 * stack pages are not writable for whatever reason. In this
1130 		 * case only, we advance the pc to the next instruction so
1131 		 * that the user thread doesn't needlessly execute the trap
1132 		 * again. Normally this wouldn't be a problem -- we'll
1133 		 * usually only end up here if this is the first touch to a
1134 		 * stack page -- since the second execution won't trap, but
1135 		 * if there's a watchpoint on the stack page the user thread
1136 		 * would spin, continuously executing the trap instruction.
1137 		 */
1138 		if (type == T_FLUSHW + T_USER) {
1139 			rp->r_pc = rp->r_npc;
1140 			rp->r_npc += 4;
1141 		}
1142 		goto out;
1143 
1144 	case T_AST + T_USER:		/* profiling or resched pseudo trap */
1145 		if (lwp->lwp_pcb.pcb_flags & CPC_OVERFLOW) {
1146 			lwp->lwp_pcb.pcb_flags &= ~CPC_OVERFLOW;
1147 			if (kcpc_overflow_ast()) {
1148 				/*
1149 				 * Signal performance counter overflow
1150 				 */
1151 				if (tudebug)
1152 					showregs(type, rp, (caddr_t)0, 0);
1153 				bzero(&siginfo, sizeof (siginfo));
1154 				siginfo.si_signo = SIGEMT;
1155 				siginfo.si_code = EMT_CPCOVF;
1156 				siginfo.si_addr = (caddr_t)rp->r_pc;
1157 				/* for trap_cleanup(), below */
1158 				oldpc = rp->r_pc - 4;
1159 				fault = FLTCPCOVF;
1160 			}
1161 		}
1162 
1163 		/*
1164 		 * The CPC_OVERFLOW check above may already have populated
1165 		 * siginfo and set fault, so the checks below must not
1166 		 * touch these and the functions they call must use
1167 		 * trapsig() directly.
1168 		 */
1169 
1170 		if (lwp->lwp_pcb.pcb_flags & ASYNC_HWERR) {
1171 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_HWERR;
1172 			trap_async_hwerr();
1173 		}
1174 
1175 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BERR) {
1176 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BERR;
1177 			trap_async_berr_bto(ASYNC_BERR, rp);
1178 		}
1179 
1180 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BTO) {
1181 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BTO;
1182 			trap_async_berr_bto(ASYNC_BTO, rp);
1183 		}
1184 
1185 		break;
1186 	}
1187 
1188 	if (fault) {
1189 		/* We took a fault so abort single step. */
1190 		lwp->lwp_pcb.pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
1191 	}
1192 	trap_cleanup(rp, fault, &siginfo, oldpc == rp->r_pc);
1193 
1194 out:	/* We can't get here from a system trap */
1195 	ASSERT(type & T_USER);
1196 	trap_rtt();
1197 	(void) new_mstate(curthread, mstate);
1198 	/* Kernel probe */
1199 	TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
1200 		tnf_microstate, state, LMS_USER);
1201 
1202 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1203 	return;
1204 
1205 cleanup:	/* system traps end up here */
1206 	ASSERT(!(type & T_USER));
1207 
1208 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1209 }
1210 
1211 void
1212 trap_cleanup(
1213 	struct regs *rp,
1214 	uint_t fault,
1215 	k_siginfo_t *sip,
1216 	int restartable)
1217 {
1218 	extern void aio_cleanup();
1219 	proc_t *p = ttoproc(curthread);
1220 	klwp_id_t lwp = ttolwp(curthread);
1221 
1222 	if (fault) {
1223 		/*
1224 		 * Remember the fault and fault address
1225 		 * for real-time (SIGPROF) profiling.
1226 		 */
1227 		lwp->lwp_lastfault = fault;
1228 		lwp->lwp_lastfaddr = sip->si_addr;
1229 
1230 		DTRACE_PROC2(fault, int, fault, ksiginfo_t *, sip);
1231 
1232 		/*
1233 		 * If a debugger has declared this fault to be an
1234 		 * event of interest, stop the lwp.  Otherwise just
1235 		 * deliver the associated signal.
1236 		 */
1237 		if (sip->si_signo != SIGKILL &&
1238 		    prismember(&p->p_fltmask, fault) &&
1239 		    stop_on_fault(fault, sip) == 0)
1240 			sip->si_signo = 0;
1241 	}
1242 
1243 	if (sip->si_signo)
1244 		trapsig(sip, restartable);
1245 
1246 	if (lwp->lwp_oweupc)
1247 		profil_tick(rp->r_pc);
1248 
1249 	if (curthread->t_astflag | curthread->t_sig_check) {
1250 		/*
1251 		 * Turn off the AST flag before checking all the conditions that
1252 		 * may have caused an AST.  This flag is on whenever a signal or
1253 		 * unusual condition should be handled after the next trap or
1254 		 * syscall.
1255 		 */
1256 		astoff(curthread);
1257 		curthread->t_sig_check = 0;
1258 
1259 		/*
1260 		 * The following check is legal for the following reasons:
1261 		 *	1) The thread we are checking, is ourselves, so there is
1262 		 *	   no way the proc can go away.
1263 		 *	2) The only time we need to be protected by the
1264 		 *	   lock is if the binding is changed.
1265 		 *
1266 		 *	Note we will still take the lock and check the binding
1267 		 *	if the condition was true without the lock held.  This
1268 		 *	prevents lock contention among threads owned by the
1269 		 *	same proc.
1270 		 */
1271 
1272 		if (curthread->t_proc_flag & TP_CHANGEBIND) {
1273 			mutex_enter(&p->p_lock);
1274 			if (curthread->t_proc_flag & TP_CHANGEBIND) {
1275 				timer_lwpbind();
1276 				curthread->t_proc_flag &= ~TP_CHANGEBIND;
1277 			}
1278 			mutex_exit(&p->p_lock);
1279 		}
1280 
1281 		/*
1282 		 * for kaio requests that are on the per-process poll queue,
1283 		 * aiop->aio_pollq, they're AIO_POLL bit is set, the kernel
1284 		 * should copyout their result_t to user memory. by copying
1285 		 * out the result_t, the user can poll on memory waiting
1286 		 * for the kaio request to complete.
1287 		 */
1288 		if (p->p_aio)
1289 			aio_cleanup(0);
1290 
1291 		/*
1292 		 * If this LWP was asked to hold, call holdlwp(), which will
1293 		 * stop.  holdlwps() sets this up and calls pokelwps() which
1294 		 * sets the AST flag.
1295 		 *
1296 		 * Also check TP_EXITLWP, since this is used by fresh new LWPs
1297 		 * through lwp_rtt().  That flag is set if the lwp_create(2)
1298 		 * syscall failed after creating the LWP.
1299 		 */
1300 		if (ISHOLD(p))
1301 			holdlwp();
1302 
1303 		/*
1304 		 * All code that sets signals and makes ISSIG evaluate true must
1305 		 * set t_astflag afterwards.
1306 		 */
1307 		if (ISSIG_PENDING(curthread, lwp, p)) {
1308 			if (issig(FORREAL))
1309 				psig();
1310 			curthread->t_sig_check = 1;
1311 		}
1312 
1313 		if (curthread->t_rprof != NULL) {
1314 			realsigprof(0, 0);
1315 			curthread->t_sig_check = 1;
1316 		}
1317 	}
1318 }
1319 
1320 /*
1321  * Called from fp_traps when a floating point trap occurs.
1322  * Note that the T_DATA_EXCEPTION case does not use X_FAULT_TYPE(mmu_fsr),
1323  * because mmu_fsr (now changed to code) is always 0.
1324  * Note that the T_UNIMP_INSTR case does not call simulate_unimp(),
1325  * because the simulator only simulates multiply and divide instructions,
1326  * which would not cause floating point traps in the first place.
1327  * XXX - Supervisor mode floating point traps?
1328  */
1329 void
1330 fpu_trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t code)
1331 {
1332 	proc_t *p = ttoproc(curthread);
1333 	klwp_id_t lwp = ttolwp(curthread);
1334 	k_siginfo_t siginfo;
1335 	uint_t op3, fault = 0;
1336 	int mstate;
1337 	char *badaddr;
1338 	kfpu_t *fp;
1339 	struct fpq *pfpq;
1340 	uint32_t inst;
1341 	utrap_handler_t *utrapp;
1342 
1343 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
1344 
1345 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
1346 
1347 	if (USERMODE(rp->r_tstate)) {
1348 		/*
1349 		 * Set lwp_state before trying to acquire any
1350 		 * adaptive lock
1351 		 */
1352 		ASSERT(lwp != NULL);
1353 		lwp->lwp_state = LWP_SYS;
1354 		/*
1355 		 * Set up the current cred to use during this trap. u_cred
1356 		 * no longer exists.  t_cred is used instead.
1357 		 * The current process credential applies to the thread for
1358 		 * the entire trap.  If trapping from the kernel, this
1359 		 * should already be set up.
1360 		 */
1361 		if (curthread->t_cred != p->p_cred) {
1362 			cred_t *oldcred = curthread->t_cred;
1363 			/*
1364 			 * DTrace accesses t_cred in probe context.  t_cred
1365 			 * must always be either NULL, or point to a valid,
1366 			 * allocated cred structure.
1367 			 */
1368 			curthread->t_cred = crgetcred();
1369 			crfree(oldcred);
1370 		}
1371 		ASSERT(lwp->lwp_regs == rp);
1372 		mstate = new_mstate(curthread, LMS_TRAP);
1373 		siginfo.si_signo = 0;
1374 		type |= T_USER;
1375 	}
1376 
1377 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
1378 	    "C_fpu_trap_handler_enter:type %x", type);
1379 
1380 	if (tudebug && tudebugfpe)
1381 		showregs(type, rp, addr, 0);
1382 
1383 	bzero(&siginfo, sizeof (siginfo));
1384 	siginfo.si_code = code;
1385 	siginfo.si_addr = addr;
1386 
1387 	switch (type) {
1388 
1389 	case T_FP_EXCEPTION_IEEE + T_USER:	/* FPU arithmetic exception */
1390 		/*
1391 		 * FPU arithmetic exception - fake up a fpq if we
1392 		 *	came here directly from _fp_ieee_exception,
1393 		 *	which is indicated by a zero fpu_qcnt.
1394 		 */
1395 		fp = lwptofpu(curthread->t_lwp);
1396 		utrapp = curthread->t_procp->p_utraps;
1397 		if (fp->fpu_qcnt == 0) {
1398 			inst = fetch_user_instr((caddr_t)rp->r_pc);
1399 			lwp->lwp_state = LWP_SYS;
1400 			pfpq = &fp->fpu_q->FQu.fpq;
1401 			pfpq->fpq_addr = (uint32_t *)rp->r_pc;
1402 			pfpq->fpq_instr = inst;
1403 			fp->fpu_qcnt = 1;
1404 			fp->fpu_q_entrysize = sizeof (struct fpq);
1405 #ifdef SF_V9_TABLE_28
1406 			/*
1407 			 * Spitfire and blackbird followed the SPARC V9 manual
1408 			 * paragraph 3 of section 5.1.7.9 FSR_current_exception
1409 			 * (cexc) for setting fsr.cexc bits on underflow and
1410 			 * overflow traps when the fsr.tem.inexact bit is set,
1411 			 * instead of following Table 28. Bugid 1263234.
1412 			 */
1413 			{
1414 				extern int spitfire_bb_fsr_bug;
1415 
1416 				if (spitfire_bb_fsr_bug &&
1417 				    (fp->fpu_fsr & FSR_TEM_NX)) {
1418 					if (((fp->fpu_fsr & FSR_TEM_OF) == 0) &&
1419 					    (fp->fpu_fsr & FSR_CEXC_OF)) {
1420 						fp->fpu_fsr &= ~FSR_CEXC_OF;
1421 						fp->fpu_fsr |= FSR_CEXC_NX;
1422 						_fp_write_pfsr(&fp->fpu_fsr);
1423 						siginfo.si_code = FPE_FLTRES;
1424 					}
1425 					if (((fp->fpu_fsr & FSR_TEM_UF) == 0) &&
1426 					    (fp->fpu_fsr & FSR_CEXC_UF)) {
1427 						fp->fpu_fsr &= ~FSR_CEXC_UF;
1428 						fp->fpu_fsr |= FSR_CEXC_NX;
1429 						_fp_write_pfsr(&fp->fpu_fsr);
1430 						siginfo.si_code = FPE_FLTRES;
1431 					}
1432 				}
1433 			}
1434 #endif /* SF_V9_TABLE_28 */
1435 			rp->r_pc = rp->r_npc;
1436 			rp->r_npc += 4;
1437 		} else if (utrapp && utrapp[UT_FP_EXCEPTION_IEEE_754]) {
1438 			/*
1439 			 * The user had a trap handler installed.  Jump to
1440 			 * the trap handler instead of signalling the process.
1441 			 */
1442 			rp->r_pc = (long)utrapp[UT_FP_EXCEPTION_IEEE_754];
1443 			rp->r_npc = rp->r_pc + 4;
1444 			break;
1445 		}
1446 		siginfo.si_signo = SIGFPE;
1447 		fault = FLTFPE;
1448 		break;
1449 
1450 	case T_DATA_EXCEPTION + T_USER:		/* user data access exception */
1451 		siginfo.si_signo = SIGSEGV;
1452 		fault = FLTBOUNDS;
1453 		break;
1454 
1455 	case T_LDDF_ALIGN + T_USER: /* 64 bit user lddfa alignment error */
1456 	case T_STDF_ALIGN + T_USER: /* 64 bit user stdfa alignment error */
1457 		alignfaults++;
1458 		lwp->lwp_state = LWP_SYS;
1459 		if (&vis1_partial_support != NULL) {
1460 			bzero(&siginfo, sizeof (siginfo));
1461 			if (vis1_partial_support(rp,
1462 			    &siginfo, &fault) == 0)
1463 				goto out;
1464 		}
1465 		if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1466 			rp->r_pc = rp->r_npc;
1467 			rp->r_npc += 4;
1468 			goto out;
1469 		}
1470 		fp = lwptofpu(curthread->t_lwp);
1471 		fp->fpu_qcnt = 0;
1472 		siginfo.si_signo = SIGSEGV;
1473 		siginfo.si_code = SEGV_MAPERR;
1474 		siginfo.si_addr = badaddr;
1475 		fault = FLTBOUNDS;
1476 		break;
1477 
1478 	case T_ALIGNMENT + T_USER:		/* user alignment error */
1479 		/*
1480 		 * If the user has to do unaligned references
1481 		 * the ugly stuff gets done here.
1482 		 * Only handles vanilla loads and stores.
1483 		 */
1484 		alignfaults++;
1485 		if (p->p_fixalignment) {
1486 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1487 				rp->r_pc = rp->r_npc;
1488 				rp->r_npc += 4;
1489 				goto out;
1490 			}
1491 			siginfo.si_signo = SIGSEGV;
1492 			siginfo.si_code = SEGV_MAPERR;
1493 			siginfo.si_addr = badaddr;
1494 			fault = FLTBOUNDS;
1495 		} else {
1496 			siginfo.si_signo = SIGBUS;
1497 			siginfo.si_code = BUS_ADRALN;
1498 			if (rp->r_pc & 3) {	/* offending address, if pc */
1499 				siginfo.si_addr = (caddr_t)rp->r_pc;
1500 			} else {
1501 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
1502 					siginfo.si_addr = badaddr;
1503 				else
1504 					siginfo.si_addr = (caddr_t)rp->r_pc;
1505 			}
1506 			fault = FLTACCESS;
1507 		}
1508 		break;
1509 
1510 	case T_UNIMP_INSTR + T_USER:		/* illegal instruction fault */
1511 		siginfo.si_signo = SIGILL;
1512 		inst = fetch_user_instr((caddr_t)rp->r_pc);
1513 		op3 = (inst >> 19) & 0x3F;
1514 		if ((op3 == IOP_V8_STQFA) || (op3 == IOP_V8_STDFA))
1515 			siginfo.si_code = ILL_ILLADR;
1516 		else
1517 			siginfo.si_code = ILL_ILLTRP;
1518 		fault = FLTILL;
1519 		break;
1520 
1521 	default:
1522 		(void) die(type, rp, addr, 0);
1523 		/*NOTREACHED*/
1524 	}
1525 
1526 	/*
1527 	 * We can't get here from a system trap
1528 	 * Never restart any instruction which got here from an fp trap.
1529 	 */
1530 	ASSERT(type & T_USER);
1531 
1532 	trap_cleanup(rp, fault, &siginfo, 0);
1533 out:
1534 	trap_rtt();
1535 	(void) new_mstate(curthread, mstate);
1536 }
1537 
1538 void
1539 trap_rtt(void)
1540 {
1541 	klwp_id_t lwp = ttolwp(curthread);
1542 
1543 	/*
1544 	 * Restore register window if a debugger modified it.
1545 	 * Set up to perform a single-step if a debugger requested it.
1546 	 */
1547 	if (lwp->lwp_pcb.pcb_xregstat != XREGNONE)
1548 		xregrestore(lwp, 0);
1549 
1550 	/*
1551 	 * Set state to LWP_USER here so preempt won't give us a kernel
1552 	 * priority if it occurs after this point.  Call CL_TRAPRET() to
1553 	 * restore the user-level priority.
1554 	 *
1555 	 * It is important that no locks (other than spinlocks) be entered
1556 	 * after this point before returning to user mode (unless lwp_state
1557 	 * is set back to LWP_SYS).
1558 	 */
1559 	lwp->lwp_state = LWP_USER;
1560 	if (curthread->t_trapret) {
1561 		curthread->t_trapret = 0;
1562 		thread_lock(curthread);
1563 		CL_TRAPRET(curthread);
1564 		thread_unlock(curthread);
1565 	}
1566 	if (CPU->cpu_runrun || curthread->t_schedflag & TS_ANYWAITQ)
1567 		preempt();
1568 	if (lwp->lwp_pcb.pcb_step != STEP_NONE)
1569 		prdostep();
1570 
1571 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1572 }
1573 
1574 #define	IS_LDASI(o)	\
1575 	((o) == (uint32_t)0xC0C00000 || (o) == (uint32_t)0xC0800000 ||	\
1576 	(o) == (uint32_t)0xC1800000)
1577 #define	IS_IMM_ASI(i)	(((i) & 0x2000) == 0)
1578 #define	IS_ASINF(a)	(((a) & 0xF6) == 0x82)
1579 #define	IS_LDDA(i)	(((i) & 0xC1F80000) == 0xC0980000)
1580 
1581 static int
1582 nfload(struct regs *rp, int *instrp)
1583 {
1584 	uint_t	instr, asi, op3, rd;
1585 	size_t	len;
1586 	struct as *as;
1587 	caddr_t addr;
1588 	FPU_DREGS_TYPE zero;
1589 	extern int segnf_create();
1590 
1591 	if (USERMODE(rp->r_tstate))
1592 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1593 	else
1594 		instr = *(int *)rp->r_pc;
1595 
1596 	if (instrp)
1597 		*instrp = instr;
1598 
1599 	op3 = (uint_t)(instr & 0xC1E00000);
1600 	if (!IS_LDASI(op3))
1601 		return (0);
1602 	if (IS_IMM_ASI(instr))
1603 		asi = (instr & 0x1FE0) >> 5;
1604 	else
1605 		asi = (uint_t)((rp->r_tstate >> TSTATE_ASI_SHIFT) &
1606 		    TSTATE_ASI_MASK);
1607 	if (!IS_ASINF(asi))
1608 		return (0);
1609 	if (calc_memaddr(rp, &addr) == SIMU_SUCCESS) {
1610 		len = 1;
1611 		as = USERMODE(rp->r_tstate) ? ttoproc(curthread)->p_as : &kas;
1612 		as_rangelock(as);
1613 		if (as_gap(as, len, &addr, &len, 0, addr) == 0)
1614 			(void) as_map(as, addr, len, segnf_create, NULL);
1615 		as_rangeunlock(as);
1616 	}
1617 	zero = 0;
1618 	rd = (instr >> 25) & 0x1f;
1619 	if (IS_FLOAT(instr)) {
1620 		uint_t dbflg = ((instr >> 19) & 3) == 3;
1621 
1622 		if (dbflg) {		/* clever v9 reg encoding */
1623 			if (rd & 1)
1624 				rd = (rd & 0x1e) | 0x20;
1625 			rd >>= 1;
1626 		}
1627 		if (fpu_exists) {
1628 			if (!(_fp_read_fprs() & FPRS_FEF))
1629 				fp_enable();
1630 
1631 			if (dbflg)
1632 				_fp_write_pdreg(&zero, rd);
1633 			else
1634 				_fp_write_pfreg((uint_t *)&zero, rd);
1635 		} else {
1636 			kfpu_t *fp = lwptofpu(curthread->t_lwp);
1637 
1638 			if (!fp->fpu_en)
1639 				fp_enable();
1640 
1641 			if (dbflg)
1642 				fp->fpu_fr.fpu_dregs[rd] = zero;
1643 			else
1644 				fp->fpu_fr.fpu_regs[rd] = 0;
1645 		}
1646 	} else {
1647 		(void) putreg(&zero, rp, rd, &addr);
1648 		if (IS_LDDA(instr))
1649 			(void) putreg(&zero, rp, rd + 1, &addr);
1650 	}
1651 	rp->r_pc = rp->r_npc;
1652 	rp->r_npc += 4;
1653 	return (1);
1654 }
1655 
1656 kmutex_t atomic_nc_mutex;
1657 
1658 /*
1659  * The following couple of routines are for userland drivers which
1660  * do atomics to noncached addresses.  This sort of worked on previous
1661  * platforms -- the operation really wasn't atomic, but it didn't generate
1662  * a trap as sun4u systems do.
1663  */
1664 static int
1665 swap_nc(struct regs *rp, int instr)
1666 {
1667 	uint64_t rdata, mdata;
1668 	caddr_t addr, badaddr;
1669 	uint_t tmp, rd;
1670 
1671 	(void) flush_user_windows_to_stack(NULL);
1672 	rd = (instr >> 25) & 0x1f;
1673 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1674 		return (0);
1675 	if (getreg(rp, rd, &rdata, &badaddr))
1676 		return (0);
1677 	mutex_enter(&atomic_nc_mutex);
1678 	if (fuword32(addr, &tmp) == -1) {
1679 		mutex_exit(&atomic_nc_mutex);
1680 		return (0);
1681 	}
1682 	mdata = (u_longlong_t)tmp;
1683 	if (suword32(addr, (uint32_t)rdata) == -1) {
1684 		mutex_exit(&atomic_nc_mutex);
1685 		return (0);
1686 	}
1687 	(void) putreg(&mdata, rp, rd, &badaddr);
1688 	mutex_exit(&atomic_nc_mutex);
1689 	return (1);
1690 }
1691 
1692 static int
1693 ldstub_nc(struct regs *rp, int instr)
1694 {
1695 	uint64_t mdata;
1696 	caddr_t addr, badaddr;
1697 	uint_t rd;
1698 	uint8_t tmp;
1699 
1700 	(void) flush_user_windows_to_stack(NULL);
1701 	rd = (instr >> 25) & 0x1f;
1702 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1703 		return (0);
1704 	mutex_enter(&atomic_nc_mutex);
1705 	if (fuword8(addr, &tmp) == -1) {
1706 		mutex_exit(&atomic_nc_mutex);
1707 		return (0);
1708 	}
1709 	mdata = (u_longlong_t)tmp;
1710 	if (suword8(addr, (uint8_t)0xff) == -1) {
1711 		mutex_exit(&atomic_nc_mutex);
1712 		return (0);
1713 	}
1714 	(void) putreg(&mdata, rp, rd, &badaddr);
1715 	mutex_exit(&atomic_nc_mutex);
1716 	return (1);
1717 }
1718 
1719 /*
1720  * This function helps instr_size() determine the operand size.
1721  * It is called for the extended ldda/stda asi's.
1722  */
1723 int
1724 extended_asi_size(int asi)
1725 {
1726 	switch (asi) {
1727 	case ASI_PST8_P:
1728 	case ASI_PST8_S:
1729 	case ASI_PST16_P:
1730 	case ASI_PST16_S:
1731 	case ASI_PST32_P:
1732 	case ASI_PST32_S:
1733 	case ASI_PST8_PL:
1734 	case ASI_PST8_SL:
1735 	case ASI_PST16_PL:
1736 	case ASI_PST16_SL:
1737 	case ASI_PST32_PL:
1738 	case ASI_PST32_SL:
1739 		return (8);
1740 	case ASI_FL8_P:
1741 	case ASI_FL8_S:
1742 	case ASI_FL8_PL:
1743 	case ASI_FL8_SL:
1744 		return (1);
1745 	case ASI_FL16_P:
1746 	case ASI_FL16_S:
1747 	case ASI_FL16_PL:
1748 	case ASI_FL16_SL:
1749 		return (2);
1750 	case ASI_BLK_P:
1751 	case ASI_BLK_S:
1752 	case ASI_BLK_PL:
1753 	case ASI_BLK_SL:
1754 	case ASI_BLK_COMMIT_P:
1755 	case ASI_BLK_COMMIT_S:
1756 		return (64);
1757 	}
1758 
1759 	return (0);
1760 }
1761 
1762 /*
1763  * Patch non-zero to disable preemption of threads in the kernel.
1764  */
1765 int IGNORE_KERNEL_PREEMPTION = 0;	/* XXX - delete this someday */
1766 
1767 struct kpreempt_cnts {	/* kernel preemption statistics */
1768 	int	kpc_idle;	/* executing idle thread */
1769 	int	kpc_intr;	/* executing interrupt thread */
1770 	int	kpc_clock;	/* executing clock thread */
1771 	int	kpc_blocked;	/* thread has blocked preemption (t_preempt) */
1772 	int	kpc_notonproc;	/* thread is surrendering processor */
1773 	int	kpc_inswtch;	/* thread has ratified scheduling decision */
1774 	int	kpc_prilevel;	/* processor interrupt level is too high */
1775 	int	kpc_apreempt;	/* asynchronous preemption */
1776 	int	kpc_spreempt;	/* synchronous preemption */
1777 }	kpreempt_cnts;
1778 
1779 /*
1780  * kernel preemption: forced rescheduling
1781  *	preempt the running kernel thread.
1782  */
1783 void
1784 kpreempt(int asyncspl)
1785 {
1786 	if (IGNORE_KERNEL_PREEMPTION) {
1787 		aston(CPU->cpu_dispthread);
1788 		return;
1789 	}
1790 	/*
1791 	 * Check that conditions are right for kernel preemption
1792 	 */
1793 	do {
1794 		if (curthread->t_preempt) {
1795 			/*
1796 			 * either a privileged thread (idle, panic, interrupt)
1797 			 * or will check when t_preempt is lowered
1798 			 * We need to specifically handle the case where
1799 			 * the thread is in the middle of swtch (resume has
1800 			 * been called) and has its t_preempt set
1801 			 * [idle thread and a thread which is in kpreempt
1802 			 * already] and then a high priority thread is
1803 			 * available in the local dispatch queue.
1804 			 * In this case the resumed thread needs to take a
1805 			 * trap so that it can call kpreempt. We achieve
1806 			 * this by using siron().
1807 			 * How do we detect this condition:
1808 			 * idle thread is running and is in the midst of
1809 			 * resume: curthread->t_pri == -1 && CPU->dispthread
1810 			 * != CPU->thread
1811 			 * Need to ensure that this happens only at high pil
1812 			 * resume is called at high pil
1813 			 * Only in resume_from_idle is the pil changed.
1814 			 */
1815 			if (curthread->t_pri < 0) {
1816 				kpreempt_cnts.kpc_idle++;
1817 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1818 					siron();
1819 			} else if (curthread->t_flag & T_INTR_THREAD) {
1820 				kpreempt_cnts.kpc_intr++;
1821 				if (curthread->t_pil == CLOCK_LEVEL)
1822 					kpreempt_cnts.kpc_clock++;
1823 			} else {
1824 				kpreempt_cnts.kpc_blocked++;
1825 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1826 					siron();
1827 			}
1828 			aston(CPU->cpu_dispthread);
1829 			return;
1830 		}
1831 		if (curthread->t_state != TS_ONPROC ||
1832 		    curthread->t_disp_queue != CPU->cpu_disp) {
1833 			/* this thread will be calling swtch() shortly */
1834 			kpreempt_cnts.kpc_notonproc++;
1835 			if (CPU->cpu_thread != CPU->cpu_dispthread) {
1836 				/* already in swtch(), force another */
1837 				kpreempt_cnts.kpc_inswtch++;
1838 				siron();
1839 			}
1840 			return;
1841 		}
1842 
1843 		if (((asyncspl != KPREEMPT_SYNC) ? spltoipl(asyncspl) :
1844 		    getpil()) >= DISP_LEVEL) {
1845 			/*
1846 			 * We can't preempt this thread if it is at
1847 			 * a PIL >= DISP_LEVEL since it may be holding
1848 			 * a spin lock (like sched_lock).
1849 			 */
1850 			siron();	/* check back later */
1851 			kpreempt_cnts.kpc_prilevel++;
1852 			return;
1853 		}
1854 
1855 		/*
1856 		 * block preemption so we don't have multiple preemptions
1857 		 * pending on the interrupt stack
1858 		 */
1859 		curthread->t_preempt++;
1860 		if (asyncspl != KPREEMPT_SYNC) {
1861 			splx(asyncspl);
1862 			kpreempt_cnts.kpc_apreempt++;
1863 		} else
1864 			kpreempt_cnts.kpc_spreempt++;
1865 
1866 		preempt();
1867 		curthread->t_preempt--;
1868 	} while (CPU->cpu_kprunrun);
1869 }
1870 
1871 static enum seg_rw
1872 get_accesstype(struct regs *rp)
1873 {
1874 	uint32_t instr;
1875 
1876 	if (USERMODE(rp->r_tstate))
1877 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1878 	else
1879 		instr = *(uint32_t *)rp->r_pc;
1880 
1881 	if (IS_FLUSH(instr))
1882 		return (S_OTHER);
1883 
1884 	if (IS_STORE(instr))
1885 		return (S_WRITE);
1886 	else
1887 		return (S_READ);
1888 }
1889