xref: /titanic_50/usr/src/cmd/mdb/sparc/kmdb/kaif.c (revision f18fc2780f13712904943c9253c24cab2e41e92b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * The debugger/PROM interface
31  */
32 
33 #include <sys/types.h>
34 #include <sys/mmu.h>
35 
36 #ifndef	sun4v
37 #include <sys/spitregs.h>
38 #endif	/* sun4v */
39 
40 #include <sys/machasi.h>
41 #include <sys/machtrap.h>
42 #include <sys/trap.h>
43 #include <sys/privregs.h>
44 
45 #include <kmdb/kaif.h>
46 #include <kmdb/kaif_regs.h>
47 #include <kmdb/kmdb_asmutil.h>
48 #include <kmdb/kmdb_kdi.h>
49 #include <kmdb/kmdb_promif_isadep.h>
50 #include <kmdb/kmdb_dpi_impl.h>
51 #include <mdb/mdb_debug.h>
52 #include <mdb/mdb_err.h>
53 #include <mdb/mdb_modapi.h>
54 #include <mdb/mdb_nv.h>
55 #include <mdb/mdb_kreg_impl.h>
56 #include <mdb/mdb_v9util.h>
57 #include <mdb/mdb.h>
58 
59 #define	KAIF_PREGNO_PSTATE	0x6		/* %pstate is priv reg 6 */
60 #define	KAIF_BRKPT_INSTR	0x91d0207e	/* ta 0x7e */
61 
62 
63 #define	OP(x)		((x) >> 30)
64 #define	OP2(x)		(((x) >> 22) & 0x07)
65 #define	OP3(x)		(((x) >> 19) & 0x3f)
66 #define	COND(x)		(((x) >> 25) & 0x0f)
67 #define	RD(x)		(((x) >> 25) & 0x1f)
68 #define	RS1(x)		(((x) >> 14) & 0x1f)
69 #define	RS2(x)		((x) & 0x1f)
70 
71 #define	OP_BRANCH	0x0
72 #define	OP_ARITH	0x2
73 
74 #define	OP2_BPcc	0x1
75 #define	OP2_Bicc	0x2
76 #define	OP2_BPr		0x3
77 #define	OP2_FBPfcc	0x5
78 #define	OP2_FBfcc	0x6
79 
80 #define	OP3_RDPR	0x2a
81 #define	OP3_WRPR	0x32
82 
83 #define	A(x)		(((x) >> 29) & 0x01)
84 #define	I(x)		(((x) >> 13) & 0x01)
85 #define	DISP16(x)	((((x) >> 6) & 0xc000) | ((x) & 0x3fff))
86 #define	DISP22(x)	((x) & 0x3fffff)
87 #define	DISP19(x)	((x) & 0x7ffff)
88 #define	SIMM13(x)	((x) & 0x1fff)
89 
90 static uint64_t		kaif_vwapt_addr;
91 static uint64_t		kaif_pwapt_addr;
92 
93 #ifndef	sun4v
94 static uint64_t		kaif_lsuctl;
95 #endif	/* sun4v */
96 
97 kaif_cpusave_t		*kaif_cpusave;
98 int			kaif_ncpusave;
99 caddr_t			kaif_dseg;
100 caddr_t			kaif_dseg_lim;
101 caddr_t			kaif_tba;		/* table currently in use */
102 caddr_t			kaif_tba_obp;		/* obp's trap table */
103 caddr_t			kaif_tba_native;	/* our table; needs khat */
104 #ifdef	sun4v
105 caddr_t			kaif_tba_kernel;	/* kernel's trap table */
106 #endif	/* sun4v */
107 size_t			kaif_tba_native_sz;
108 int			*kaif_promexitarmp;
109 int			kaif_trap_switch;
110 
111 void (*kaif_modchg_cb)(struct modctl *, int);
112 void (*kaif_ktrap_install)(int, void (*)(void));
113 void (*kaif_ktrap_restore)(void);
114 
115 static int
116 kaif_get_master_cpuid(void)
117 {
118 	return (kaif_master_cpuid);
119 }
120 
121 /*ARGSUSED*/
122 static int
123 kaif_get_nwin(int cpuid)
124 {
125 	return (get_nwin());
126 }
127 
128 static kaif_cpusave_t *
129 kaif_cpuid2save(int cpuid)
130 {
131 	kaif_cpusave_t *save;
132 
133 	if (cpuid == DPI_MASTER_CPUID)
134 		return (&kaif_cpusave[kaif_master_cpuid]);
135 
136 	if (cpuid < 0 || cpuid >= kaif_ncpusave) {
137 		(void) set_errno(EINVAL);
138 		return (NULL);
139 	}
140 
141 	save = &kaif_cpusave[cpuid];
142 
143 	if (save->krs_cpu_state != KAIF_CPU_STATE_MASTER &&
144 	    save->krs_cpu_state != KAIF_CPU_STATE_SLAVE) {
145 		(void) set_errno(EINVAL);
146 		return (NULL);
147 	}
148 
149 	return (save);
150 }
151 
152 static int
153 kaif_get_cpu_state(int cpuid)
154 {
155 	kaif_cpusave_t *save;
156 
157 	if ((save = kaif_cpuid2save(cpuid)) == NULL)
158 		return (-1); /* errno is set for us */
159 
160 	switch (save->krs_cpu_state) {
161 	case KAIF_CPU_STATE_MASTER:
162 		return (DPI_CPU_STATE_MASTER);
163 	case KAIF_CPU_STATE_SLAVE:
164 		return (DPI_CPU_STATE_SLAVE);
165 	default:
166 		return (set_errno(EINVAL));
167 	}
168 }
169 
170 static const mdb_tgt_gregset_t *
171 kaif_get_gregs(int cpuid)
172 {
173 	kaif_cpusave_t *save;
174 	mdb_tgt_gregset_t *gregs;
175 	int wp, i;
176 
177 	if ((save = kaif_cpuid2save(cpuid)) == NULL)
178 		return (NULL); /* errno is set for us */
179 
180 	gregs = &save->krs_gregs;
181 
182 	/*
183 	 * The DPI startup routine populates the register window portions of
184 	 * the kaif_cpusave_t.  We copy the current set of ins, outs, and
185 	 * locals to the gregs.  We also extract %pstate from %tstate.
186 	 */
187 	wp = gregs->kregs[KREG_CWP];
188 	for (i = 0; i < 8; i++) {
189 		gregs->kregs[KREG_L0 + i] = save->krs_rwins[wp].rw_local[i];
190 		gregs->kregs[KREG_I0 + i] = save->krs_rwins[wp].rw_in[i];
191 	}
192 
193 	gregs->kregs[KREG_PSTATE] = KREG_TSTATE_PSTATE(save->krs_tstate);
194 
195 	if (++wp == kaif_get_nwin(cpuid))
196 		wp = 0;
197 
198 	for (i = 0; i < 8; i++)
199 		gregs->kregs[KREG_O0 + i] = save->krs_rwins[wp].rw_in[i];
200 
201 	return (gregs);
202 }
203 
204 static kreg_t *
205 kaif_find_regp(kaif_cpusave_t *save, const char *regname)
206 {
207 	mdb_tgt_gregset_t *gregs;
208 	int nwin, i;
209 	int win;
210 
211 	nwin = kaif_get_nwin(DPI_MASTER_CPUID);
212 
213 	gregs = &save->krs_gregs;
214 
215 	win = gregs->kregs[KREG_CWP];
216 
217 	if (strcmp(regname, "sp") == 0)
218 		regname = "o6";
219 	else if (strcmp(regname, "fp") == 0)
220 		regname = "i6";
221 
222 	if (strlen(regname) == 2 && regname[1] >= '0' && regname[1] <= '7') {
223 		int idx = regname[1] - '0';
224 
225 		switch (regname[0]) {
226 		case 'o':
227 			if (++win == nwin)
228 				win = 0;
229 			/*FALLTHROUGH*/
230 		case 'i':
231 			return ((kreg_t *)&save->krs_rwins[win].rw_in[idx]);
232 		case 'l':
233 			return ((kreg_t *)&save->krs_rwins[win].rw_local[idx]);
234 		}
235 	}
236 
237 	for (i = 0; mdb_sparcv9_kregs[i].rd_name != NULL; i++) {
238 		const mdb_tgt_regdesc_t *rd = &mdb_sparcv9_kregs[i];
239 
240 		if (strcmp(rd->rd_name, regname) == 0)
241 			return (&gregs->kregs[rd->rd_num]);
242 	}
243 
244 	(void) set_errno(ENOENT);
245 	return (NULL);
246 }
247 
248 static int
249 kaif_get_register(const char *regname, kreg_t *valp)
250 {
251 	kaif_cpusave_t *save;
252 	kreg_t *regp;
253 
254 	save = kaif_cpuid2save(DPI_MASTER_CPUID);
255 
256 	if (strcmp(regname, "pstate") == 0) {
257 		*valp = KREG_TSTATE_PSTATE(save->krs_tstate);
258 		return (0);
259 	}
260 
261 	if ((regp = kaif_find_regp(save, regname)) == NULL)
262 		return (-1);
263 
264 	*valp = *regp;
265 
266 	return (0);
267 }
268 
269 static int
270 kaif_set_register(const char *regname, kreg_t val)
271 {
272 	kaif_cpusave_t *save;
273 	kreg_t *regp;
274 
275 	save = kaif_cpuid2save(DPI_MASTER_CPUID);
276 
277 	if (strcmp(regname, "g0") == 0) {
278 		return (0);
279 
280 	} else if (strcmp(regname, "pstate") == 0) {
281 		save->krs_tstate &= ~KREG_TSTATE_PSTATE_MASK;
282 		save->krs_tstate |= (val & KREG_PSTATE_MASK) <<
283 		    KREG_TSTATE_PSTATE_SHIFT;
284 		return (0);
285 	}
286 
287 	if ((regp = kaif_find_regp(save, regname)) == NULL)
288 		return (-1);
289 
290 	*regp = val;
291 
292 	return (0);
293 }
294 
295 static int
296 kaif_brkpt_arm(uintptr_t addr, mdb_instr_t *instrp)
297 {
298 	mdb_instr_t bkpt = KAIF_BRKPT_INSTR;
299 
300 	if (mdb_tgt_vread(mdb.m_target, instrp, sizeof (mdb_instr_t), addr) !=
301 	    sizeof (mdb_instr_t))
302 		return (-1); /* errno is set for us */
303 
304 	if (mdb_tgt_vwrite(mdb.m_target, &bkpt, sizeof (mdb_instr_t), addr) !=
305 	    sizeof (mdb_instr_t))
306 		return (-1); /* errno is set for us */
307 
308 	return (0);
309 }
310 
311 static int
312 kaif_brkpt_disarm(uintptr_t addr, mdb_instr_t instrp)
313 {
314 	if (mdb_tgt_vwrite(mdb.m_target, &instrp, sizeof (mdb_instr_t), addr) !=
315 	    sizeof (mdb_instr_t))
316 		return (-1); /* errno is set for us */
317 
318 	return (0);
319 }
320 
321 /*
322  * Calculate the watchpoint mask byte (VM or PM, as appropriate).  A 1 bit in
323  * the mask indicates that the corresponding byte in the watchpoint address
324  * should be used for activation comparison.
325  */
326 /*
327  * Sun4v doesn't have watchpoint regs
328  */
329 #ifndef	sun4v
330 static uchar_t
331 kaif_wapt_calc_mask(size_t len)
332 {
333 	int pow;
334 
335 	if (len == 8)
336 		return (0xff);
337 
338 	for (pow = 0; len > 1; len /= 256, pow++);
339 
340 	return (~((1 << pow) - 1));
341 }
342 #endif
343 
344 /*
345  * UltraSPARC processors have one physical and one virtual watchpoint.  These
346  * watchpoints are specified by setting the address in a register, and by
347  * setting a selector byte in another register to determine which bytes of the
348  * address are to be used for comparison.  For simplicity, we only support
349  * selector byte values whose bit patterns match the regexp "1+0*".  Watchpoint
350  * addresses must be 8-byte aligned on these chips, so a selector byte of 0xff
351  * indicates an 8-byte watchpoint.  Successive valid sizes are powers of 256,
352  * starting with 256.
353  */
354 static int
355 kaif_wapt_validate(kmdb_wapt_t *wp)
356 {
357 	if (wp->wp_wflags & MDB_TGT_WA_X) {
358 		warn("execute watchpoints are not supported on this "
359 		    "platform\n");
360 		return (set_errno(EMDB_TGTNOTSUP));
361 	}
362 
363 	if (wp->wp_size % 0xff != 0 && wp->wp_size != 8) {
364 		warn("watchpoint size must be 8 or a power of 256 bytes\n");
365 		return (set_errno(EINVAL));
366 	}
367 
368 	if (wp->wp_addr & (wp->wp_size - 1)) {
369 		warn("%lu-byte watchpoints must be %lu-byte aligned\n",
370 		    wp->wp_size, wp->wp_size);
371 		return (set_errno(EINVAL));
372 	}
373 
374 	if (wp->wp_type != DPI_WAPT_TYPE_PHYS &&
375 	    wp->wp_type != DPI_WAPT_TYPE_VIRT) {
376 		warn("requested watchpoint type not supported on this "
377 		    "platform\n");
378 		return (set_errno(EMDB_TGTHWNOTSUP));
379 	}
380 
381 	return (0);
382 }
383 
384 static int
385 kaif_wapt_reserve(kmdb_wapt_t *wp)
386 {
387 #ifdef	sun4v
388 #ifdef	lint
389 	ASSERT(wp == (kmdb_wapt_t *)wp);
390 #endif	/* !lint */
391 	/* Watchpoints not supported */
392 	return (set_errno(EMDB_TGTHWNOTSUP));
393 #else
394 	uint64_t *addrp;
395 
396 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS)
397 		addrp = &kaif_pwapt_addr;
398 	else
399 		addrp = &kaif_vwapt_addr;
400 
401 	if (*addrp != NULL)
402 		return (set_errno(EMDB_WPTOOMANY));
403 
404 	*addrp = wp->wp_addr;
405 
406 	return (0);
407 #endif
408 }
409 
410 static void
411 kaif_wapt_release(kmdb_wapt_t *wp)
412 {
413 	uint64_t *addrp = (wp->wp_type == DPI_WAPT_TYPE_PHYS ?
414 	    &kaif_pwapt_addr : &kaif_vwapt_addr);
415 
416 	ASSERT(*addrp != NULL);
417 	*addrp = NULL;
418 }
419 
420 /*ARGSUSED*/
421 static void
422 kaif_wapt_arm(kmdb_wapt_t *wp)
423 {
424 	/*
425 	 * Sun4v doesn't have watch point regs
426 	 */
427 #ifndef	sun4v
428 	uint64_t mask = kaif_wapt_calc_mask(wp->wp_size);
429 
430 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS) {
431 		kaif_lsuctl &= ~KAIF_LSUCTL_PWAPT_MASK;
432 
433 		if (wp->wp_wflags & MDB_TGT_WA_R)
434 			kaif_lsuctl |= LSU_PR;
435 		if (wp->wp_wflags & MDB_TGT_WA_W)
436 			kaif_lsuctl |= LSU_PW;
437 		kaif_lsuctl |= ((mask << LSU_PM_SHIFT) & LSU_PM);
438 
439 	} else if (wp->wp_type == DPI_WAPT_TYPE_VIRT) {
440 		kaif_lsuctl &= ~KAIF_LSUCTL_VWAPT_MASK;
441 
442 		if (wp->wp_wflags & MDB_TGT_WA_R)
443 			kaif_lsuctl |= LSU_VR;
444 		if (wp->wp_wflags & MDB_TGT_WA_W)
445 			kaif_lsuctl |= LSU_VW;
446 		kaif_lsuctl |= ((mask << LSU_VM_SHIFT) & LSU_VM);
447 	}
448 #endif	/* sun4v */
449 }
450 
451 /*ARGSUSED*/
452 static void
453 kaif_wapt_disarm(kmdb_wapt_t *wp)
454 {
455 	/*
456 	 * Sun4v doesn't have watch point regs
457 	 */
458 #ifndef	sun4v
459 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS) {
460 		ASSERT(kaif_pwapt_addr != NULL);
461 		kaif_lsuctl &= ~(LSU_PR|LSU_PW);
462 	} else {
463 		ASSERT(kaif_vwapt_addr != NULL);
464 		kaif_lsuctl &= ~(LSU_VR|LSU_VW);
465 	}
466 #endif
467 }
468 
469 /*
470  * `kaif_wapt_arm' and `kaif_wapt_disarm' modify the global state we keep that
471  * indicates what the values of the wapt control registers should be.  These
472  * values must be individually set and cleared on each active CPU, a task which
473  * is performed by `kaif_wapt_clear_regs' and `kaif_wapt_set_regs', invoked as
474  * the world is stopped and resumed, respectively.  `kaif_wapt_set_regs' is also
475  * used for CPU initialization.
476  */
477 void
478 kaif_wapt_set_regs(void)
479 {
480 	/*
481 	 * Sun4v doesn't have watch point regs
482 	 */
483 #ifndef sun4v
484 	uint64_t lsu;
485 
486 	wrasi(ASI_DMMU, MMU_VAW, kaif_vwapt_addr);
487 	wrasi(ASI_DMMU, MMU_PAW, kaif_pwapt_addr);
488 
489 	ASSERT((kaif_lsuctl & ~KAIF_LSUCTL_WAPT_MASK) == NULL);
490 
491 	lsu = rdasi(ASI_LSU, NULL);
492 	lsu &= ~KAIF_LSUCTL_WAPT_MASK;
493 	lsu |= kaif_lsuctl;
494 	wrasi(ASI_LSU, NULL, lsu);
495 #endif /* sun4v */
496 }
497 
498 void
499 kaif_wapt_clear_regs(void)
500 {
501 	/*
502 	 * Sun4v doesn't have watch point regs
503 	 */
504 #ifndef sun4v
505 	uint64_t lsu = rdasi(ASI_LSU, NULL);
506 	lsu &= ~KAIF_LSUCTL_WAPT_MASK;
507 	wrasi(ASI_LSU, NULL, lsu);
508 #endif /* sun4v */
509 }
510 
511 /*
512  * UltraSPARC has one PA watchpoint and one VA watchpoint.  The trap we get will
513  * tell us which one we hit, but it won't tell us where.  We could attempt to
514  * dissect the instruction at %pc to see where it was reading from or writing
515  * to, but that gets messy in a hurry.  We can, however, make a couple of
516  * assumptions:
517  *
518  * - kaif_set_watchpoint and kaif_delete_watchpoint will enforce the limits as
519  *   to the number of watch points.  As such, at most one VA watchpoint and one
520  *   PA watchpoint will be on the active list.
521  *
522  * - We'll only be called on watchpoints that are on the active list.
523  *
524  * Taking these two assumptions, we can conclude that, if we're stopped due to
525  * a watchpoint and we're asked to match against a watchpoint, we must have
526  * stopped due to the watchpoint.  This is all very terrifying, but the
527  * alternative (taking instructions apart) is worse.
528  */
529 /*ARGSUSED*/
530 static int
531 kaif_wapt_match(kmdb_wapt_t *wp)
532 {
533 	int state, why, deswhy;
534 
535 	state = kmdb_dpi_get_state(&why);
536 
537 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS)
538 		deswhy = DPI_STATE_WHY_P_WAPT;
539 	else
540 		deswhy = DPI_STATE_WHY_V_WAPT;
541 
542 	return (state == DPI_STATE_FAULTED && why == deswhy);
543 }
544 
545 static const char *
546 regno2name(int idx)
547 {
548 	const mdb_tgt_regdesc_t *rd;
549 
550 	for (rd = mdb_sparcv9_kregs; rd->rd_name != NULL; rd++) {
551 		if (idx == rd->rd_num)
552 			return (rd->rd_name);
553 	}
554 
555 	ASSERT(rd->rd_name != NULL);
556 
557 	return ("unknown");
558 }
559 
560 /*
561  * UltraSPARC doesn't support single-step natively, so we have to do it
562  * ourselves, by placing breakpoints at the instruction after the current one.
563  * Note that "after" will be %npc in the simple case, but can be one of
564  * several places if %pc is a branch.
565  *
566  * If %pc is an unconditional annulled branch, we put a breakpoint at the branch
567  * target.  If it is a conditional annulled branch, we put breakpoints at %pc +
568  * 8 and the branch target.  For all other branches, %npc will be set correctly
569  * as determined by the branch condition, and thus we can step through the
570  * branch by putting a breakpoint at %npc.  If %pc contains a non-branch
571  * instruction (with the exception of certain rdpr and wrpr instructions,
572  * described more below), we step over it by placing a breakpoint at %npc.
573  */
574 static int
575 kaif_step(void)
576 {
577 	kreg_t pc, npc, brtgt, pstate, tt;
578 	int bptgt = 0, bpnpc = 0, bppc8 = 0;
579 	mdb_instr_t svtgt = 0, svnpc = 0, svpc8 = 0;
580 	mdb_instr_t instr;
581 	int ie, err;
582 
583 	(void) kmdb_dpi_get_register("pc", &pc);
584 	(void) kmdb_dpi_get_register("npc", &npc);
585 
586 	if (mdb_tgt_vread(mdb.m_target, &instr, sizeof (instr), pc) !=
587 	    sizeof (instr)) {
588 		warn("failed to read %%pc at %p for step", (void *)pc);
589 		return (-1);
590 	}
591 
592 	/*
593 	 * If the current instruction is a read or write of PSTATE we need
594 	 * to emulate it because we've taken over management of PSTATE and
595 	 * we need keep interrupts disabled. If it's a branch, we may need
596 	 * to set two breakpoints -- one at the target and one at the
597 	 * subsequent instruction.
598 	 */
599 	if (OP(instr) == OP_ARITH) {
600 		if (OP3(instr) == OP3_RDPR &&
601 		    RS1(instr) == KAIF_PREGNO_PSTATE) {
602 			const char *tgtreg =
603 			    mdb_sparcv9_kregs[RD(instr)].rd_name;
604 			kreg_t pstate;
605 
606 			(void) kmdb_dpi_get_register("pstate", &pstate);
607 			(void) kmdb_dpi_set_register(tgtreg, pstate);
608 
609 			(void) kmdb_dpi_set_register("pc", npc);
610 			(void) kmdb_dpi_set_register("npc", npc + 4);
611 			return (0);
612 
613 		} else if (OP3(instr) == OP3_WRPR &&
614 		    RD(instr) == KAIF_PREGNO_PSTATE) {
615 			kreg_t rs1, rs2, val;
616 
617 			(void) kmdb_dpi_get_register(regno2name(RS1(instr)),
618 			    &rs1);
619 
620 			if (I(instr)) {
621 				int imm = SIMM13(instr);
622 				imm <<= 19;
623 				imm >>= 19;
624 				rs2 = imm;
625 			} else {
626 				(void) kmdb_dpi_get_register(
627 				    regno2name(RS2(instr)), &rs2);
628 			}
629 
630 			val = rs1 ^ rs2;
631 
632 			(void) kmdb_dpi_set_register("pstate", val);
633 
634 			(void) kmdb_dpi_set_register("pc", npc);
635 			(void) kmdb_dpi_set_register("npc", npc + 4);
636 			return (0);
637 
638 		}
639 
640 		bpnpc = 1;
641 
642 	} else if (OP(instr) == OP_BRANCH) {
643 		int disp, cond, annul;
644 
645 		switch (OP2(instr)) {
646 		case OP2_BPcc:
647 		case OP2_FBPfcc:
648 			cond = (COND(instr) != 8);
649 
650 			disp = DISP19(instr);
651 			disp <<= 13;
652 			disp >>= 11;
653 			break;
654 
655 		case OP2_Bicc:
656 		case OP2_FBfcc:
657 			cond = (COND(instr) != 8);
658 
659 			disp = DISP22(instr);
660 			disp <<= 10;
661 			disp >>= 8;
662 			break;
663 
664 		case OP2_BPr:
665 			cond = 1;
666 
667 			disp = DISP16(instr);
668 			disp <<= 16;
669 			disp >>= 14;
670 			break;
671 
672 		default:
673 			bpnpc = 1;
674 		}
675 
676 		if (!bpnpc) {
677 			annul = A(instr);
678 
679 			if (!cond && annul) {
680 				brtgt = pc + disp;
681 				bptgt = 1;
682 			} else {
683 				bpnpc = 1;
684 
685 				if (cond && annul)
686 					bppc8 = 1;
687 			}
688 		}
689 
690 	} else {
691 		bpnpc = 1;
692 	}
693 
694 	/*
695 	 * Place the breakpoints and resume this CPU with IE off.  We'll come
696 	 * back after having encountered either one of the breakpoints we placed
697 	 * or a trap.
698 	 */
699 	err = 0;
700 	if ((bpnpc && kaif_brkpt_arm(npc, &svnpc) != 0) ||
701 	    (bppc8 && kaif_brkpt_arm(pc + 8, &svpc8) != 0) ||
702 	    (bptgt && kaif_brkpt_arm(brtgt, &svtgt) != 0)) {
703 		err = errno;
704 		goto step_done;
705 	}
706 
707 	(void) kmdb_dpi_get_register("pstate", &pstate);
708 	ie = pstate & KREG_PSTATE_IE_MASK;
709 	(void) kmdb_dpi_set_register("pstate", (pstate & ~KREG_PSTATE_IE_MASK));
710 
711 	kmdb_dpi_resume_master(); /* ... there and back again ... */
712 
713 	(void) kmdb_dpi_get_register("pstate", &pstate);
714 	(void) kmdb_dpi_set_register("pstate",
715 	    ((pstate & ~KREG_PSTATE_IE_MASK) | ie));
716 
717 	(void) kmdb_dpi_get_register("tt", &tt);
718 
719 step_done:
720 	if (svnpc)
721 		(void) kaif_brkpt_disarm(npc, svnpc);
722 	if (svpc8)
723 		(void) kaif_brkpt_disarm(pc + 8, svpc8);
724 	if (svtgt)
725 		(void) kaif_brkpt_disarm(brtgt, svtgt);
726 
727 	return (err == 0 ? 0 : set_errno(err));
728 }
729 
730 static uintptr_t
731 kaif_call(uintptr_t funcva, uint_t argc, const uintptr_t *argv)
732 {
733 	kreg_t g6, g7;
734 
735 	(void) kmdb_dpi_get_register("g6", &g6);
736 	(void) kmdb_dpi_get_register("g7", &g7);
737 
738 	return (kaif_invoke(funcva, argc, argv, g6, g7));
739 }
740 
741 static const mdb_bitmask_t krm_flag_bits[] = {
742 	{ "M_W",	KAIF_CRUMB_F_MAIN_OBPWAPT, KAIF_CRUMB_F_MAIN_OBPWAPT },
743 	{ "M_PE",	KAIF_CRUMB_F_MAIN_OBPPENT, KAIF_CRUMB_F_MAIN_OBPPENT },
744 	{ "M_NRM",	KAIF_CRUMB_F_MAIN_NORMAL, KAIF_CRUMB_F_MAIN_NORMAL },
745 	{ "I_RE",	KAIF_CRUMB_F_IVEC_REENTER, KAIF_CRUMB_F_IVEC_REENTER },
746 	{ "I_OBP", 	KAIF_CRUMB_F_IVEC_INOBP, KAIF_CRUMB_F_IVEC_INOBP },
747 	{ "I_NRM",	KAIF_CRUMB_F_IVEC_NORMAL, KAIF_CRUMB_F_IVEC_NORMAL },
748 	{ "O_NRM",	KAIF_CRUMB_F_OBP_NORMAL, KAIF_CRUMB_F_OBP_NORMAL },
749 	{ "O_REVEC",	KAIF_CRUMB_F_OBP_REVECT, KAIF_CRUMB_F_OBP_REVECT },
750 	{ NULL }
751 };
752 
753 static void
754 dump_crumb(kaif_crumb_t *krmp)
755 {
756 	kaif_crumb_t krm;
757 
758 	if (mdb_vread(&krm, sizeof (kaif_crumb_t), (uintptr_t)krmp) !=
759 	    sizeof (kaif_crumb_t)) {
760 		warn("failed to read crumb at %p", krmp);
761 		return;
762 	}
763 
764 	mdb_printf(" src: ");
765 	switch (krm.krm_src) {
766 	case KAIF_CRUMB_SRC_OBP:
767 		mdb_printf("O");
768 		break;
769 	case KAIF_CRUMB_SRC_IVEC:
770 		mdb_printf("I");
771 		break;
772 	case KAIF_CRUMB_SRC_MAIN:
773 		mdb_printf("M");
774 		break;
775 	case 0:
776 		mdb_printf("-");
777 		break;
778 	default:
779 		mdb_printf("%d", krm.krm_src);
780 	}
781 
782 	mdb_printf(" tt %3x pc %8p %-20A <%b>\n",
783 	    krm.krm_tt, krm.krm_pc, krm.krm_pc, krm.krm_flag, krm_flag_bits);
784 }
785 
786 static void
787 dump_crumbs(kaif_cpusave_t *save)
788 {
789 	int i;
790 
791 	for (i = KAIF_NCRUMBS; i > 0; i--) {
792 		uint_t idx = (save->krs_curcrumbidx + i) % KAIF_NCRUMBS;
793 		dump_crumb(&save->krs_crumbs[idx]);
794 	}
795 }
796 
797 static void
798 kaif_dump_crumbs(uintptr_t addr, int cpuid)
799 {
800 	int i;
801 
802 	if (addr != NULL) {
803 		/* dump_crumb will protect us from bogus addresses */
804 		dump_crumb((kaif_crumb_t *)addr);
805 
806 	} else if (cpuid != -1) {
807 		if (cpuid >= kaif_ncpusave)
808 			return;
809 
810 		dump_crumbs(&kaif_cpusave[cpuid]);
811 
812 	} else {
813 		for (i = 0; i < kaif_ncpusave; i++) {
814 			kaif_cpusave_t *save = &kaif_cpusave[i];
815 
816 			if (save->krs_cpu_state == KAIF_CPU_STATE_NONE)
817 				continue;
818 
819 			mdb_printf("%sCPU %d crumbs: (curidx %d)\n",
820 			    (i == 0 ? "" : "\n"), i, save->krs_curcrumbidx);
821 
822 			dump_crumbs(save);
823 		}
824 	}
825 }
826 
827 static int
828 kaif_get_rwin(int cpuid, int win, struct rwindow *rwin)
829 {
830 	kaif_cpusave_t *save;
831 
832 	if ((save = kaif_cpuid2save(cpuid)) == NULL)
833 		return (-1); /* errno is set for us */
834 
835 	if (win < 0 || win >= kaif_get_nwin(cpuid))
836 		return (-1);
837 
838 	bcopy(&save->krs_rwins[win], rwin, sizeof (struct rwindow));
839 
840 	return (0);
841 }
842 
843 static void
844 kaif_enter_mon(void)
845 {
846 	kmdb_prom_enter_mon();
847 	kaif_prom_rearm();
848 }
849 
850 static void
851 kaif_modchg_register(void (*func)(struct modctl *, int))
852 {
853 	kaif_modchg_cb = func;
854 }
855 
856 static void
857 kaif_modchg_cancel(void)
858 {
859 	ASSERT(kaif_modchg_cb != NULL);
860 
861 	kaif_modchg_cb = NULL;
862 }
863 
864 void
865 kaif_mod_loaded(struct modctl *modp)
866 {
867 	if (kaif_modchg_cb != NULL)
868 		kaif_modchg_cb(modp, 1);
869 }
870 
871 void
872 kaif_mod_unloading(struct modctl *modp)
873 {
874 	if (kaif_modchg_cb != NULL)
875 		kaif_modchg_cb(modp, 0);
876 }
877 
878 /*ARGSUSED*/
879 int
880 kaif_memrange_add(caddr_t base, size_t len)
881 {
882 	/* We don't support multiple memory ranges on SPARC */
883 	return (set_errno(ENOTSUP));
884 }
885 
886 void
887 kaif_trap_set_debugger(void)
888 {
889 	set_tba(kaif_tba);
890 }
891 
892 void
893 kaif_trap_set_saved(kaif_cpusave_t *save)
894 {
895 	set_tba((caddr_t)save->krs_gregs.kregs[KREG_TBA]);
896 }
897 
898 static void
899 kaif_kernpanic(int cpuid)
900 {
901 	struct regs regs;
902 
903 	/*
904 	 * We're going to try to panic the system by using the same entry point
905 	 * used by the PROM when told to `sync'.  The kernel wants a
906 	 * fully-populated struct regs, which we're going to build using the
907 	 * state captured at the time of the debugger fault.  Said state lives
908 	 * in kaif_cb_save, since we haven't yet copied it over to the cpusave
909 	 * structure for the current master.
910 	 */
911 
912 	regs.r_tstate = kaif_cb_save.krs_tstate;
913 
914 	regs.r_g1 = kaif_cb_save.krs_gregs.kregs[KREG_G1];
915 	regs.r_g2 = kaif_cb_save.krs_gregs.kregs[KREG_G2];
916 	regs.r_g3 = kaif_cb_save.krs_gregs.kregs[KREG_G3];
917 	regs.r_g4 = kaif_cb_save.krs_gregs.kregs[KREG_G4];
918 	regs.r_g5 = kaif_cb_save.krs_gregs.kregs[KREG_G5];
919 	regs.r_g6 = kaif_cb_save.krs_gregs.kregs[KREG_G6];
920 	regs.r_g7 = kaif_cb_save.krs_gregs.kregs[KREG_G7];
921 
922 	regs.r_o0 = kaif_cb_save.krs_gregs.kregs[KREG_O0];
923 	regs.r_o1 = kaif_cb_save.krs_gregs.kregs[KREG_O1];
924 	regs.r_o2 = kaif_cb_save.krs_gregs.kregs[KREG_O2];
925 	regs.r_o3 = kaif_cb_save.krs_gregs.kregs[KREG_O3];
926 	regs.r_o4 = kaif_cb_save.krs_gregs.kregs[KREG_O4];
927 	regs.r_o5 = kaif_cb_save.krs_gregs.kregs[KREG_O5];
928 	regs.r_o6 = kaif_cb_save.krs_gregs.kregs[KREG_O6];
929 	regs.r_o7 = kaif_cb_save.krs_gregs.kregs[KREG_O7];
930 
931 	regs.r_pc = kaif_cb_save.krs_gregs.kregs[KREG_PC];
932 	regs.r_npc = kaif_cb_save.krs_gregs.kregs[KREG_NPC];
933 	regs.r_y = kaif_cb_save.krs_gregs.kregs[KREG_Y];
934 
935 	/*
936 	 * The %tba is, as ever, different.  We don't want the %tba from the
937 	 * time of the fault -- that'll be the debugger's.  We want the %tba
938 	 * saved when the debugger was initially entered.  It'll be saved in
939 	 * the cpusave area for the current CPU.
940 	 */
941 	set_tba((caddr_t)kaif_cpusave[cpuid].krs_gregs.kregs[KREG_TBA]);
942 
943 	kmdb_kdi_kernpanic(&regs, kaif_cb_save.krs_gregs.kregs[KREG_TT]);
944 }
945 
946 static int
947 kaif_init(kmdb_auxv_t *kav)
948 {
949 	struct rwindow *rwins;
950 	int nwin = get_nwin();
951 	int i;
952 
953 	kaif_vwapt_addr = kaif_pwapt_addr = 0;
954 
955 	kaif_tba = kav->kav_tba_active;
956 	kaif_tba_obp = kav->kav_tba_obp;
957 	kaif_tba_native = kav->kav_tba_native;
958 	kaif_tba_native_sz = kav->kav_tba_native_sz;
959 #ifdef	sun4v
960 	kaif_tba_kernel = kav->kav_tba_kernel;
961 #endif
962 
963 	/* Allocate the per-CPU save areas */
964 	kaif_cpusave = mdb_zalloc(sizeof (kaif_cpusave_t) * kav->kav_ncpu,
965 	    UM_SLEEP);
966 	kaif_ncpusave = kav->kav_ncpu;
967 
968 	rwins = mdb_zalloc(sizeof (struct rwindow) * nwin * kav->kav_ncpu,
969 	    UM_SLEEP);
970 
971 	for (i = 0; i < kaif_ncpusave; i++) {
972 		kaif_cpusave_t *save = &kaif_cpusave[i];
973 
974 		save->krs_cpu_id = i;
975 		save->krs_rwins = &rwins[nwin * i];
976 		save->krs_curcrumbidx = KAIF_NCRUMBS - 1;
977 		save->krs_curcrumb = &save->krs_crumbs[save->krs_curcrumbidx];
978 	}
979 
980 	kaif_dseg = kav->kav_dseg;
981 	kaif_dseg_lim = kav->kav_dseg + kav->kav_dseg_size;
982 
983 	kaif_promexitarmp = kav->kav_promexitarmp;
984 
985 	kaif_ktrap_install = kav->kav_ktrap_install;
986 	kaif_ktrap_restore = kav->kav_ktrap_restore;
987 
988 	kaif_modchg_cb = NULL;
989 
990 	kaif_trap_switch = (kav->kav_flags & KMDB_AUXV_FL_NOTRPSWTCH) == 0;
991 
992 	return (0);
993 }
994 
995 dpi_ops_t kmdb_dpi_ops = {
996 	kaif_init,
997 	kaif_activate,
998 	kaif_deactivate,
999 	kaif_enter_mon,
1000 	kaif_modchg_register,
1001 	kaif_modchg_cancel,
1002 	kaif_get_cpu_state,
1003 	kaif_get_master_cpuid,
1004 	kaif_get_gregs,
1005 	kaif_get_register,
1006 	kaif_set_register,
1007 	kaif_get_rwin,
1008 	kaif_get_nwin,
1009 	kaif_brkpt_arm,
1010 	kaif_brkpt_disarm,
1011 	kaif_wapt_validate,
1012 	kaif_wapt_reserve,
1013 	kaif_wapt_release,
1014 	kaif_wapt_arm,
1015 	kaif_wapt_disarm,
1016 	kaif_wapt_match,
1017 	kaif_step,
1018 	kaif_call,
1019 	kaif_dump_crumbs,
1020 	kaif_memrange_add,
1021 	kaif_kernpanic
1022 };
1023