xref: /titanic_50/usr/src/uts/sparc/dtrace/dtrace_isa.c (revision ace1a5f11236a072fca1b5e0ea1416a083a9f2aa)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/dtrace_impl.h>
30 #include <sys/atomic.h>
31 #include <sys/model.h>
32 #include <sys/frame.h>
33 #include <sys/stack.h>
34 #include <sys/machpcb.h>
35 #include <sys/procfs_isa.h>
36 #include <sys/cmn_err.h>
37 #include <sys/sysmacros.h>
38 
39 #define	DTRACE_FMT3OP3_MASK	0x81000000
40 #define	DTRACE_FMT3OP3		0x80000000
41 #define	DTRACE_FMT3RS1_SHIFT	14
42 #define	DTRACE_FMT3RD_SHIFT	25
43 #define	DTRACE_DISP22_SHIFT	10
44 #define	DTRACE_RMASK		0x1f
45 #define	DTRACE_REG_L0		16
46 #define	DTRACE_REG_O7		15
47 #define	DTRACE_REG_I0		24
48 #define	DTRACE_REG_I6		30
49 #define	DTRACE_RET		0x81c7e008
50 #define	DTRACE_RETL		0x81c3e008
51 #define	DTRACE_SAVE_MASK	0xc1f80000
52 #define	DTRACE_SAVE		0x81e00000
53 #define	DTRACE_RESTORE		0x81e80000
54 #define	DTRACE_CALL_MASK	0xc0000000
55 #define	DTRACE_CALL		0x40000000
56 #define	DTRACE_JMPL_MASK	0x81f10000
57 #define	DTRACE_JMPL		0x81c00000
58 #define	DTRACE_BA_MASK		0xdfc00000
59 #define	DTRACE_BA		0x10800000
60 #define	DTRACE_BA_MAX		10
61 
62 extern int dtrace_getupcstack_top(uint64_t *, int, uintptr_t *);
63 extern int dtrace_getustackdepth_top(uintptr_t *);
64 extern ulong_t dtrace_getreg_win(uint_t, uint_t);
65 extern void dtrace_putreg_win(uint_t, ulong_t);
66 extern int dtrace_fish(int, int, uintptr_t *);
67 
68 /*
69  * This is similar in principle to getpcstack(), but there are several marked
70  * differences in implementation:
71  *
72  * (a)	dtrace_getpcstack() is called from probe context.  Thus, the call
73  *	to flush_windows() from getpcstack() is a call to the probe-safe
74  *	equivalent here.
75  *
76  * (b)  dtrace_getpcstack() is willing to sacrifice some performance to get
77  *	a correct stack.  While consumers of getpcstack() are largely
78  *	subsystem-specific in-kernel debugging facilities, DTrace consumers
79  *	are arbitrary user-level analysis tools; dtrace_getpcstack() must
80  *	deliver as correct a stack as possible.  Details on the issues
81  *	surrounding stack correctness are found below.
82  *
83  * (c)	dtrace_getpcstack() _always_ fills in pcstack_limit pc_t's -- filling
84  *	in the difference between the stack depth and pcstack_limit with NULLs.
85  *	Due to this behavior dtrace_getpcstack() returns void.
86  *
87  * (d)	dtrace_getpcstack() takes a third parameter, aframes, that
88  *	denotes the number of _artificial frames_ on the bottom of the
89  *	stack.  An artificial frame is one induced by the provider; all
90  *	artificial frames are stripped off before frames are stored to
91  *	pcstack.
92  *
93  * (e)	dtrace_getpcstack() takes a fourth parameter, pc, that indicates
94  *	an interrupted program counter (if any).  This should be a non-NULL
95  *	value if and only if the hit probe is unanchored.  (Anchored probes
96  *	don't fire through an interrupt source.)  This parameter is used to
97  *	assure (b), above.
98  */
99 void
100 dtrace_getpcstack(pc_t *pcstack, int pcstack_limit, int aframes, uint32_t *pc)
101 {
102 	struct frame *fp, *nextfp, *minfp, *stacktop;
103 	int depth = 0;
104 	int on_intr, j = 0;
105 	uint32_t i, r;
106 
107 	fp = (struct frame *)((caddr_t)dtrace_getfp() + STACK_BIAS);
108 	dtrace_flush_windows();
109 
110 	if (pc != NULL) {
111 		/*
112 		 * If we've been passed a non-NULL pc, we need to determine
113 		 * whether or not the specified program counter falls in a leaf
114 		 * function.  If it falls within a leaf function, we know that
115 		 * %o7 is valid in its frame (and we can just drive on).  If
116 		 * it's a non-leaf, however, we know that %o7 is garbage in the
117 		 * bottom frame.  To trim this frame, we simply increment
118 		 * aframes and drop into the stack-walking loop.
119 		 *
120 		 * To quickly determine if the specified program counter is in
121 		 * a leaf function, we exploit the fact that leaf functions
122 		 * tend to be short and non-leaf functions tend to frequently
123 		 * perform operations that are only permitted in a non-leaf
124 		 * function (e.g., using the %i's or %l's; calling a function;
125 		 * performing a restore).  We exploit these tendencies by
126 		 * simply scanning forward from the specified %pc -- if we see
127 		 * an operation only permitted in a non-leaf, we know we're in
128 		 * a non-leaf; if we see a retl, we know we're in a leaf.
129 		 * Fortunately, one need not perform anywhere near full
130 		 * disassembly to effectively determine the former: determining
131 		 * that an instruction is a format-3 instruction and decoding
132 		 * its rd and rs1 fields, for example, requires very little
133 		 * manipulation.  Overall, this method of leaf determination
134 		 * performs quite well:  on average, we only examine between
135 		 * 1.5 and 2.5 instructions before making the determination.
136 		 * (Outliers do exist, however; of note is the non-leaf
137 		 * function ip_sioctl_not_ours() which -- as of this writing --
138 		 * has a whopping 455 straight instructions that manipulate
139 		 * only %g's and %o's.)
140 		 */
141 		int delay = 0, branches = 0, taken = 0;
142 
143 		if (depth < pcstack_limit)
144 			pcstack[depth++] = (pc_t)pc;
145 
146 		/*
147 		 * Our heuristic is exactly that -- a heuristic -- and there
148 		 * exists a possibility that we could be either be vectored
149 		 * off into the weeds (by following a bogus branch) or could
150 		 * wander off the end of the function and off the end of a
151 		 * text mapping (by not following a conditional branch at the
152 		 * end of the function that is effectively always taken).  So
153 		 * as a precautionary measure, we set the NOFAULT flag.
154 		 */
155 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
156 
157 		for (;;) {
158 			i = pc[j++];
159 
160 			if ((i & DTRACE_FMT3OP3_MASK) == DTRACE_FMT3OP3) {
161 				/*
162 				 * This is a format-3 instruction.  We can
163 				 * look at rd and rs1.
164 				 */
165 				r = (i >> DTRACE_FMT3RS1_SHIFT) & DTRACE_RMASK;
166 
167 				if (r >= DTRACE_REG_L0)
168 					goto nonleaf;
169 
170 				r = (i >> DTRACE_FMT3RD_SHIFT) & DTRACE_RMASK;
171 
172 				if (r >= DTRACE_REG_L0)
173 					goto nonleaf;
174 
175 				if ((i & DTRACE_JMPL_MASK) == DTRACE_JMPL) {
176 					delay = 1;
177 					continue;
178 				}
179 
180 				/*
181 				 * If we see explicit manipulation with %o7
182 				 * as a destination register, we know that
183 				 * %o7 is likely bogus -- and we treat this
184 				 * function as a non-leaf.
185 				 */
186 				if (r == DTRACE_REG_O7) {
187 					if (delay)
188 						goto leaf;
189 
190 					i &= DTRACE_JMPL_MASK;
191 
192 					if (i == DTRACE_JMPL) {
193 						delay = 1;
194 						continue;
195 					}
196 
197 					goto nonleaf;
198 				}
199 			} else {
200 				/*
201 				 * If this is a call, it may or may not be
202 				 * a leaf; we need to check the delay slot.
203 				 */
204 				if ((i & DTRACE_CALL_MASK) == DTRACE_CALL) {
205 					delay = 1;
206 					continue;
207 				}
208 
209 				/*
210 				 * If we see a ret it's not a leaf; if we
211 				 * see a retl, it is a leaf.
212 				 */
213 				if (i == DTRACE_RET)
214 					goto nonleaf;
215 
216 				if (i == DTRACE_RETL)
217 					goto leaf;
218 
219 				/*
220 				 * If this is a ba (annulled or not), then we
221 				 * need to actually follow the branch.  No, we
222 				 * don't look at the delay slot -- hopefully
223 				 * anything that can be gleaned from the delay
224 				 * slot can also be gleaned from the branch
225 				 * target.  To prevent ourselves from iterating
226 				 * infinitely, we clamp the number of branches
227 				 * that we'll follow, and we refuse to follow
228 				 * the same branch twice consecutively.  In
229 				 * both cases, we abort by deciding that we're
230 				 * looking at a leaf.  While in theory this
231 				 * could be wrong (we could be in the middle of
232 				 * a loop in a non-leaf that ends with a ba and
233 				 * only manipulates outputs and globals in the
234 				 * body of the loop -- therefore leading us to
235 				 * the wrong conclusion), this doesn't seem to
236 				 * crop up in practice.  (Or rather, this
237 				 * condition could not be deliberately induced,
238 				 * despite concerted effort.)
239 				 */
240 				if ((i & DTRACE_BA_MASK) == DTRACE_BA) {
241 					if (++branches == DTRACE_BA_MAX ||
242 					    taken == j)
243 						goto nonleaf;
244 
245 					taken = j;
246 					j += ((int)(i << DTRACE_DISP22_SHIFT) >>
247 					    DTRACE_DISP22_SHIFT) - 1;
248 					continue;
249 				}
250 
251 				/*
252 				 * Finally, if it's a save, it should be
253 				 * treated as a leaf; if it's a restore it
254 				 * should not be treated as a leaf.
255 				 */
256 				if ((i & DTRACE_SAVE_MASK) == DTRACE_SAVE)
257 					goto leaf;
258 
259 				if ((i & DTRACE_SAVE_MASK) == DTRACE_RESTORE)
260 					goto nonleaf;
261 			}
262 
263 			if (delay) {
264 				/*
265 				 * If this was a delay slot instruction and
266 				 * we didn't pick it up elsewhere, this is a
267 				 * non-leaf.
268 				 */
269 				goto nonleaf;
270 			}
271 		}
272 nonleaf:
273 		aframes++;
274 leaf:
275 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
276 	}
277 
278 	if ((on_intr = CPU_ON_INTR(CPU)) != 0)
279 		stacktop = (struct frame *)(CPU->cpu_intr_stack + SA(MINFRAME));
280 	else
281 		stacktop = (struct frame *)curthread->t_stk;
282 	minfp = fp;
283 
284 	while (depth < pcstack_limit) {
285 		nextfp = (struct frame *)((caddr_t)fp->fr_savfp + STACK_BIAS);
286 		if (nextfp <= minfp || nextfp >= stacktop) {
287 			if (!on_intr && nextfp == stacktop && aframes != 0) {
288 				/*
289 				 * If we are exactly at the top of the stack
290 				 * with a non-zero number of artificial frames,
291 				 * it must be that the stack is filled with
292 				 * nothing _but_ artificial frames.  In this
293 				 * case, we assert that this is so, zero
294 				 * pcstack, and return.
295 				 */
296 				ASSERT(aframes == 1);
297 				ASSERT(depth == 0);
298 
299 				while (depth < pcstack_limit)
300 					pcstack[depth++] = NULL;
301 				return;
302 			}
303 
304 			if (on_intr) {
305 				/*
306 				 * Hop from interrupt stack to thread stack.
307 				 */
308 				stacktop = (struct frame *)curthread->t_stk;
309 				minfp = (struct frame *)curthread->t_stkbase;
310 
311 				on_intr = 0;
312 
313 				if (nextfp > minfp && nextfp < stacktop)
314 					continue;
315 			} else {
316 				/*
317 				 * High-level interrupts may occur when %sp is
318 				 * not necessarily contained in the stack
319 				 * bounds implied by %g7 -- interrupt thread
320 				 * management runs with %pil at DISP_LEVEL,
321 				 * and high-level interrupts may thus occur
322 				 * in windows when %sp and %g7 are not self-
323 				 * consistent.  If we call dtrace_getpcstack()
324 				 * from a high-level interrupt that has occurred
325 				 * in such a window, we will fail the above test
326 				 * of nextfp against minfp/stacktop.  If the
327 				 * high-level interrupt has in turn interrupted
328 				 * a non-passivated interrupt thread, we
329 				 * will execute the below code with non-zero
330 				 * aframes.  We therefore want to assert that
331 				 * aframes is zero _or_ we are in a high-level
332 				 * interrupt -- but because cpu_intr_actv is
333 				 * updated with high-level interrupts enabled,
334 				 * we must reduce this to only asserting that
335 				 * %pil is greater than DISP_LEVEL.
336 				 */
337 				ASSERT(aframes == 0 ||
338 				    dtrace_getipl() > DISP_LEVEL);
339 				pcstack[depth++] = (pc_t)fp->fr_savpc;
340 			}
341 
342 			while (depth < pcstack_limit)
343 				pcstack[depth++] = NULL;
344 			return;
345 		}
346 
347 		if (aframes > 0) {
348 			aframes--;
349 		} else {
350 			pcstack[depth++] = (pc_t)fp->fr_savpc;
351 		}
352 
353 		fp = nextfp;
354 		minfp = fp;
355 	}
356 }
357 
358 static int
359 dtrace_getustack_common(uint64_t *pcstack, int pcstack_limit, uintptr_t sp)
360 {
361 	proc_t *p = curproc;
362 	int ret = 0;
363 
364 	ASSERT(pcstack == NULL || pcstack_limit > 0);
365 
366 	if (p->p_model == DATAMODEL_NATIVE) {
367 		for (;;) {
368 			struct frame *fr = (struct frame *)(sp + STACK_BIAS);
369 			uintptr_t pc;
370 
371 			if (sp == 0 || fr == NULL ||
372 			    !IS_P2ALIGNED((uintptr_t)fr, STACK_ALIGN))
373 				break;
374 
375 			pc = dtrace_fulword(&fr->fr_savpc);
376 			sp = dtrace_fulword(&fr->fr_savfp);
377 
378 			if (pc == 0)
379 				break;
380 
381 			ret++;
382 
383 			if (pcstack != NULL) {
384 				*pcstack++ = pc;
385 				pcstack_limit--;
386 				if (pcstack_limit == 0)
387 					break;
388 			}
389 		}
390 	} else {
391 		for (;;) {
392 			struct frame32 *fr = (struct frame32 *)sp;
393 			uint32_t pc;
394 
395 			if (sp == 0 ||
396 			    !IS_P2ALIGNED((uintptr_t)fr, STACK_ALIGN32))
397 				break;
398 
399 			pc = dtrace_fuword32(&fr->fr_savpc);
400 			sp = dtrace_fuword32(&fr->fr_savfp);
401 
402 			if (pc == 0)
403 				break;
404 
405 			ret++;
406 
407 			if (pcstack != NULL) {
408 				*pcstack++ = pc;
409 				pcstack_limit--;
410 				if (pcstack_limit == 0)
411 					break;
412 			}
413 		}
414 	}
415 
416 	return (ret);
417 }
418 
419 void
420 dtrace_getupcstack(uint64_t *pcstack, int pcstack_limit)
421 {
422 	klwp_t *lwp = ttolwp(curthread);
423 	proc_t *p = curproc;
424 	struct regs *rp;
425 	uintptr_t sp;
426 	int n;
427 
428 	if (pcstack_limit <= 0)
429 		return;
430 
431 	/*
432 	 * If there's no user context we still need to zero the stack.
433 	 */
434 	if (lwp == NULL || p == NULL || (rp = lwp->lwp_regs) == NULL)
435 		goto zero;
436 
437 	*pcstack++ = (uint64_t)p->p_pid;
438 	pcstack_limit--;
439 
440 	if (pcstack_limit <= 0)
441 		return;
442 
443 	*pcstack++ = (uint64_t)rp->r_pc;
444 	pcstack_limit--;
445 
446 	if (pcstack_limit <= 0)
447 		return;
448 
449 	if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_ENTRY)) {
450 		*pcstack++ = (uint64_t)rp->r_o7;
451 		pcstack_limit--;
452 		if (pcstack_limit <= 0)
453 			return;
454 	}
455 
456 	sp = rp->r_sp;
457 
458 	n = dtrace_getupcstack_top(pcstack, pcstack_limit, &sp);
459 	ASSERT(n >= 0);
460 	ASSERT(n <= pcstack_limit);
461 
462 	pcstack += n;
463 	pcstack_limit -= n;
464 	if (pcstack_limit <= 0)
465 		return;
466 
467 	n = dtrace_getustack_common(pcstack, pcstack_limit, sp);
468 	ASSERT(n >= 0);
469 	ASSERT(n <= pcstack_limit);
470 
471 	pcstack += n;
472 	pcstack_limit -= n;
473 
474 zero:
475 	while (pcstack_limit-- > 0)
476 		*pcstack++ = NULL;
477 }
478 
479 int
480 dtrace_getustackdepth(void)
481 {
482 	klwp_t *lwp = ttolwp(curthread);
483 	proc_t *p = curproc;
484 	struct regs *rp;
485 	uintptr_t sp;
486 	int n = 1;
487 
488 	if (lwp == NULL || p == NULL || (rp = lwp->lwp_regs) == NULL)
489 		return (0);
490 
491 	if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_FAULT))
492 		return (-1);
493 
494 	sp = rp->r_sp;
495 
496 	n += dtrace_getustackdepth_top(&sp);
497 	n += dtrace_getustack_common(NULL, 0, sp);
498 
499 	/*
500 	 * Add one more to the stack depth if we're in an entry probe as long
501 	 * as the return address is non-NULL or there are additional frames
502 	 * beyond that NULL return address.
503 	 */
504 	if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_ENTRY) &&
505 	    (rp->r_o7 != NULL || n != 1))
506 		n++;
507 
508 	return (n);
509 }
510 
511 void
512 dtrace_getufpstack(uint64_t *pcstack, uint64_t *fpstack, int pcstack_limit)
513 {
514 	klwp_t *lwp = ttolwp(curthread);
515 	proc_t *p = ttoproc(curthread);
516 	struct regs *rp;
517 	uintptr_t sp;
518 
519 	if (pcstack_limit <= 0)
520 		return;
521 
522 	/*
523 	 * If there's no user context we still need to zero the stack.
524 	 */
525 	if (lwp == NULL || p == NULL || (rp = lwp->lwp_regs) == NULL)
526 		goto zero;
527 
528 	*pcstack++ = (uint64_t)p->p_pid;
529 	pcstack_limit--;
530 
531 	if (pcstack_limit <= 0)
532 		return;
533 
534 	if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_ENTRY)) {
535 		*fpstack++ = 0;
536 		*pcstack++ = (uint64_t)rp->r_pc;
537 		pcstack_limit--;
538 		if (pcstack_limit <= 0)
539 			return;
540 
541 		*fpstack++ = (uint64_t)rp->r_sp;
542 		*pcstack++ = (uint64_t)rp->r_o7;
543 		pcstack_limit--;
544 	} else {
545 		*fpstack++ = (uint64_t)rp->r_sp;
546 		*pcstack++ = (uint64_t)rp->r_pc;
547 		pcstack_limit--;
548 	}
549 
550 	if (pcstack_limit <= 0)
551 		return;
552 
553 	sp = rp->r_sp;
554 
555 	dtrace_flush_user_windows();
556 
557 	if (p->p_model == DATAMODEL_NATIVE) {
558 		while (pcstack_limit > 0) {
559 			struct frame *fr = (struct frame *)(sp + STACK_BIAS);
560 			uintptr_t pc;
561 
562 			if (sp == 0 || fr == NULL ||
563 			    ((uintptr_t)&fr->fr_savpc & 3) != 0 ||
564 			    ((uintptr_t)&fr->fr_savfp & 3) != 0)
565 				break;
566 
567 			pc = dtrace_fulword(&fr->fr_savpc);
568 			sp = dtrace_fulword(&fr->fr_savfp);
569 
570 			if (pc == 0)
571 				break;
572 
573 			*fpstack++ = sp;
574 			*pcstack++ = pc;
575 			pcstack_limit--;
576 		}
577 	} else {
578 		while (pcstack_limit > 0) {
579 			struct frame32 *fr = (struct frame32 *)sp;
580 			uint32_t pc;
581 
582 			if (sp == 0 ||
583 			    ((uintptr_t)&fr->fr_savpc & 3) != 0 ||
584 			    ((uintptr_t)&fr->fr_savfp & 3) != 0)
585 				break;
586 
587 			pc = dtrace_fuword32(&fr->fr_savpc);
588 			sp = dtrace_fuword32(&fr->fr_savfp);
589 
590 			if (pc == 0)
591 				break;
592 
593 			*fpstack++ = sp;
594 			*pcstack++ = pc;
595 			pcstack_limit--;
596 		}
597 	}
598 
599 zero:
600 	while (pcstack_limit-- > 0)
601 		*pcstack++ = NULL;
602 }
603 
604 uint64_t
605 dtrace_getarg(int arg, int aframes)
606 {
607 	uintptr_t val;
608 	struct frame *fp;
609 	uint64_t rval;
610 
611 	/*
612 	 * Account for the fact that dtrace_getarg() consumes an additional
613 	 * stack frame.
614 	 */
615 	aframes++;
616 
617 	if (arg < 6) {
618 		if (dtrace_fish(aframes, DTRACE_REG_I0 + arg, &val) == 0)
619 			return (val);
620 	} else {
621 		if (dtrace_fish(aframes, DTRACE_REG_I6, &val) == 0) {
622 			/*
623 			 * We have a stack pointer; grab the argument.
624 			 */
625 			fp = (struct frame *)(val + STACK_BIAS);
626 
627 			DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
628 			rval = fp->fr_argx[arg - 6];
629 			DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
630 
631 			return (rval);
632 		}
633 	}
634 
635 	/*
636 	 * There are other ways to do this.  But the slow, painful way works
637 	 * just fine.  Because this requires some loads, we need to set
638 	 * CPU_DTRACE_NOFAULT to protect against looking for an argument that
639 	 * isn't there.
640 	 */
641 	fp = (struct frame *)((caddr_t)dtrace_getfp() + STACK_BIAS);
642 	dtrace_flush_windows();
643 
644 	DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
645 
646 	for (aframes -= 1; aframes; aframes--)
647 		fp = (struct frame *)((caddr_t)fp->fr_savfp + STACK_BIAS);
648 
649 	if (arg < 6) {
650 		rval = fp->fr_arg[arg];
651 	} else {
652 		fp = (struct frame *)((caddr_t)fp->fr_savfp + STACK_BIAS);
653 		rval = fp->fr_argx[arg - 6];
654 	}
655 
656 	DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
657 
658 	return (rval);
659 }
660 
661 int
662 dtrace_getstackdepth(int aframes)
663 {
664 	struct frame *fp, *nextfp, *minfp, *stacktop;
665 	int depth = 0;
666 	int on_intr;
667 
668 	fp = (struct frame *)((caddr_t)dtrace_getfp() + STACK_BIAS);
669 	dtrace_flush_windows();
670 
671 	if ((on_intr = CPU_ON_INTR(CPU)) != 0)
672 		stacktop = (struct frame *)CPU->cpu_intr_stack + SA(MINFRAME);
673 	else
674 		stacktop = (struct frame *)curthread->t_stk;
675 	minfp = fp;
676 
677 	for (;;) {
678 		nextfp = (struct frame *)((caddr_t)fp->fr_savfp + STACK_BIAS);
679 		if (nextfp <= minfp || nextfp >= stacktop) {
680 			if (on_intr) {
681 				/*
682 				 * Hop from interrupt stack to thread stack.
683 				 */
684 				stacktop = (struct frame *)curthread->t_stk;
685 				minfp = (struct frame *)curthread->t_stkbase;
686 				on_intr = 0;
687 				continue;
688 			}
689 
690 			return (++depth);
691 		}
692 
693 		if (aframes > 0) {
694 			aframes--;
695 		} else {
696 			depth++;
697 		}
698 
699 		fp = nextfp;
700 		minfp = fp;
701 	}
702 }
703 
704 /*
705  * This uses the same register numbering scheme as in sys/procfs_isa.h.
706  */
707 ulong_t
708 dtrace_getreg(struct regs *rp, uint_t reg)
709 {
710 	ulong_t value;
711 	uintptr_t fp;
712 	struct machpcb *mpcb;
713 
714 	if (reg == R_G0)
715 		return (0);
716 
717 	if (reg <= R_G7)
718 		return ((&rp->r_g1)[reg - 1]);
719 
720 	if (reg > R_I7) {
721 		switch (reg) {
722 		case R_CCR:
723 			return ((rp->r_tstate >> TSTATE_CCR_SHIFT) &
724 			    TSTATE_CCR_MASK);
725 		case R_PC:
726 			return (rp->r_pc);
727 		case R_nPC:
728 			return (rp->r_npc);
729 		case R_Y:
730 			return (rp->r_y);
731 		case R_ASI:
732 			return ((rp->r_tstate >> TSTATE_ASI_SHIFT) &
733 			    TSTATE_ASI_MASK);
734 		case R_FPRS:
735 			return (dtrace_getfprs());
736 		default:
737 			DTRACE_CPUFLAG_SET(CPU_DTRACE_ILLOP);
738 			return (0);
739 		}
740 	}
741 
742 	/*
743 	 * We reach go to the fake restore case if the probe we hit was a pid
744 	 * return probe on a restore instruction. We partially emulate the
745 	 * restore in the kernel and then execute a simple restore
746 	 * instruction that we've secreted away to do the actual register
747 	 * window manipulation. We need to go one register window further
748 	 * down to get at the %ls, and %is and we need to treat %os like %is
749 	 * to pull them out of the topmost user frame.
750 	 */
751 	if (DTRACE_CPUFLAG_ISSET(CPU_DTRACE_FAKERESTORE)) {
752 		if (reg > R_O7)
753 			goto fake_restore;
754 		else
755 			reg += R_I0 - R_O0;
756 
757 	} else if (reg <= R_O7) {
758 		return ((&rp->r_g1)[reg - 1]);
759 	}
760 
761 	if (dtrace_getotherwin() > 0)
762 		return (dtrace_getreg_win(reg, 1));
763 
764 	mpcb = (struct machpcb *)((caddr_t)rp - REGOFF);
765 
766 	if (curproc->p_model == DATAMODEL_NATIVE) {
767 		struct frame *fr = (void *)(rp->r_sp + STACK_BIAS);
768 
769 		if (mpcb->mpcb_wbcnt > 0) {
770 			struct rwindow *rwin = (void *)mpcb->mpcb_wbuf;
771 			int i = mpcb->mpcb_wbcnt;
772 			do {
773 				i--;
774 				if ((long)mpcb->mpcb_spbuf[i] == rp->r_sp)
775 					return (rwin[i].rw_local[reg - 16]);
776 			} while (i > 0);
777 		}
778 
779 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
780 		value = dtrace_fulword(&fr->fr_local[reg - 16]);
781 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
782 	} else {
783 		struct frame32 *fr = (void *)(caddr32_t)rp->r_sp;
784 
785 		if (mpcb->mpcb_wbcnt > 0) {
786 			struct rwindow32 *rwin = (void *)mpcb->mpcb_wbuf;
787 			int i = mpcb->mpcb_wbcnt;
788 			do {
789 				i--;
790 				if ((long)mpcb->mpcb_spbuf[i] == rp->r_sp)
791 					return (rwin[i].rw_local[reg - 16]);
792 			} while (i > 0);
793 		}
794 
795 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
796 		value = dtrace_fuword32(&fr->fr_local[reg - 16]);
797 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
798 	}
799 
800 	return (value);
801 
802 fake_restore:
803 	ASSERT(R_L0 <= reg && reg <= R_I7);
804 
805 	/*
806 	 * We first look two user windows down to see if we can dig out
807 	 * the register we're looking for.
808 	 */
809 	if (dtrace_getotherwin() > 1)
810 		return (dtrace_getreg_win(reg, 2));
811 
812 	/*
813 	 * First we need to get the frame pointer and then we perform
814 	 * the same computation as in the non-fake-o-restore case.
815 	 */
816 
817 	mpcb = (struct machpcb *)((caddr_t)rp - REGOFF);
818 
819 	if (dtrace_getotherwin() > 0) {
820 		fp = dtrace_getreg_win(R_FP, 1);
821 		goto got_fp;
822 	}
823 
824 	if (curproc->p_model == DATAMODEL_NATIVE) {
825 		struct frame *fr = (void *)(rp->r_sp + STACK_BIAS);
826 
827 		if (mpcb->mpcb_wbcnt > 0) {
828 			struct rwindow *rwin = (void *)mpcb->mpcb_wbuf;
829 			int i = mpcb->mpcb_wbcnt;
830 			do {
831 				i--;
832 				if ((long)mpcb->mpcb_spbuf[i] == rp->r_sp) {
833 					fp = rwin[i].rw_fp;
834 					goto got_fp;
835 				}
836 			} while (i > 0);
837 		}
838 
839 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
840 		fp = dtrace_fulword(&fr->fr_savfp);
841 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
842 		if (cpu_core[CPU->cpu_id].cpuc_dtrace_flags & CPU_DTRACE_FAULT)
843 			return (0);
844 	} else {
845 		struct frame32 *fr = (void *)(caddr32_t)rp->r_sp;
846 
847 		if (mpcb->mpcb_wbcnt > 0) {
848 			struct rwindow32 *rwin = (void *)mpcb->mpcb_wbuf;
849 			int i = mpcb->mpcb_wbcnt;
850 			do {
851 				i--;
852 				if ((long)mpcb->mpcb_spbuf[i] == rp->r_sp) {
853 					fp = rwin[i].rw_fp;
854 					goto got_fp;
855 				}
856 			} while (i > 0);
857 		}
858 
859 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
860 		fp = dtrace_fuword32(&fr->fr_savfp);
861 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
862 		if (cpu_core[CPU->cpu_id].cpuc_dtrace_flags & CPU_DTRACE_FAULT)
863 			return (0);
864 	}
865 got_fp:
866 
867 	if (curproc->p_model == DATAMODEL_NATIVE) {
868 		struct frame *fr = (void *)(fp + STACK_BIAS);
869 
870 		if (mpcb->mpcb_wbcnt > 0) {
871 			struct rwindow *rwin = (void *)mpcb->mpcb_wbuf;
872 			int i = mpcb->mpcb_wbcnt;
873 			do {
874 				i--;
875 				if ((long)mpcb->mpcb_spbuf[i] == fp)
876 					return (rwin[i].rw_local[reg - 16]);
877 			} while (i > 0);
878 		}
879 
880 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
881 		value = dtrace_fulword(&fr->fr_local[reg - 16]);
882 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
883 	} else {
884 		struct frame32 *fr = (void *)(caddr32_t)fp;
885 
886 		if (mpcb->mpcb_wbcnt > 0) {
887 			struct rwindow32 *rwin = (void *)mpcb->mpcb_wbuf;
888 			int i = mpcb->mpcb_wbcnt;
889 			do {
890 				i--;
891 				if ((long)mpcb->mpcb_spbuf[i] == fp)
892 					return (rwin[i].rw_local[reg - 16]);
893 			} while (i > 0);
894 		}
895 
896 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
897 		value = dtrace_fuword32(&fr->fr_local[reg - 16]);
898 		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
899 	}
900 
901 	return (value);
902 }
903