xref: /titanic_50/usr/src/uts/sun4/os/trap.c (revision 5e1c72e1529d41fe7e1babf69acebeed897f9610)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 
28 #include <sys/mmu.h>
29 #include <sys/systm.h>
30 #include <sys/trap.h>
31 #include <sys/machtrap.h>
32 #include <sys/vtrace.h>
33 #include <sys/prsystm.h>
34 #include <sys/archsystm.h>
35 #include <sys/machsystm.h>
36 #include <sys/fpu/fpusystm.h>
37 #include <sys/tnf.h>
38 #include <sys/tnf_probe.h>
39 #include <sys/simulate.h>
40 #include <sys/ftrace.h>
41 #include <sys/ontrap.h>
42 #include <sys/kcpc.h>
43 #include <sys/kobj.h>
44 #include <sys/procfs.h>
45 #include <sys/sun4asi.h>
46 #include <sys/sdt.h>
47 #include <sys/fpras.h>
48 #include <sys/contract/process_impl.h>
49 
50 #ifdef  TRAPTRACE
51 #include <sys/traptrace.h>
52 #endif
53 
54 int tudebug = 0;
55 static int tudebugbpt = 0;
56 static int tudebugfpe = 0;
57 
58 static int alignfaults = 0;
59 
60 #if defined(TRAPDEBUG) || defined(lint)
61 static int lodebug = 0;
62 #else
63 #define	lodebug	0
64 #endif /* defined(TRAPDEBUG) || defined(lint) */
65 
66 
67 int vis1_partial_support(struct regs *rp, k_siginfo_t *siginfo, uint_t *fault);
68 #pragma weak vis1_partial_support
69 
70 void showregs(unsigned, struct regs *, caddr_t, uint_t);
71 #pragma weak showregs
72 
73 void trap_async_hwerr(void);
74 #pragma weak trap_async_hwerr
75 
76 void trap_async_berr_bto(int, struct regs *);
77 #pragma weak trap_async_berr_bto
78 
79 static enum seg_rw get_accesstype(struct regs *);
80 static int nfload(struct regs *, int *);
81 static int swap_nc(struct regs *, int);
82 static int ldstub_nc(struct regs *, int);
83 void	trap_cleanup(struct regs *, uint_t, k_siginfo_t *, int);
84 void	trap_rtt(void);
85 
86 static int
87 die(unsigned type, struct regs *rp, caddr_t addr, uint_t mmu_fsr)
88 {
89 	struct panic_trap_info ti;
90 
91 #ifdef TRAPTRACE
92 	TRAPTRACE_FREEZE;
93 #endif
94 
95 	ti.trap_regs = rp;
96 	ti.trap_type = type;
97 	ti.trap_addr = addr;
98 	ti.trap_mmu_fsr = mmu_fsr;
99 
100 	curthread->t_panic_trap = &ti;
101 
102 	if (type == T_DATA_MMU_MISS && addr < (caddr_t)KERNELBASE) {
103 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x "
104 		    "occurred in module \"%s\" due to %s",
105 		    type, (void *)rp, (void *)addr, mmu_fsr,
106 		    mod_containing_pc((caddr_t)rp->r_pc),
107 		    addr < (caddr_t)PAGESIZE ?
108 		    "a NULL pointer dereference" :
109 		    "an illegal access to a user address");
110 	} else {
111 		panic("BAD TRAP: type=%x rp=%p addr=%p mmu_fsr=%x",
112 		    type, (void *)rp, (void *)addr, mmu_fsr);
113 	}
114 
115 	return (0);	/* avoid optimization of restore in call's delay slot */
116 }
117 
118 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
119 int	ill_calls;
120 #endif
121 
122 /*
123  * Currently, the only PREFETCH/PREFETCHA instructions which cause traps
124  * are the "strong" prefetches (fcn=20-23).  But we check for all flavors of
125  * PREFETCH, in case some future variant also causes a DATA_MMU_MISS.
126  */
127 #define	IS_PREFETCH(i)	(((i) & 0xc1780000) == 0xc1680000)
128 
129 #define	IS_FLUSH(i)	(((i) & 0xc1f80000) == 0x81d80000)
130 #define	IS_SWAP(i)	(((i) & 0xc1f80000) == 0xc0780000)
131 #define	IS_LDSTUB(i)	(((i) & 0xc1f80000) == 0xc0680000)
132 #define	IS_FLOAT(i)	(((i) & 0x1000000) != 0)
133 #define	IS_STORE(i)	(((i) >> 21) & 1)
134 
135 /*
136  * Called from the trap handler when a processor trap occurs.
137  */
138 /*VARARGS2*/
139 void
140 trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t mmu_fsr)
141 {
142 	proc_t *p = ttoproc(curthread);
143 	klwp_id_t lwp = ttolwp(curthread);
144 	struct machpcb *mpcb = NULL;
145 	k_siginfo_t siginfo;
146 	uint_t op3, fault = 0;
147 	int stepped = 0;
148 	greg_t oldpc;
149 	int mstate;
150 	char *badaddr;
151 	faultcode_t res;
152 	enum fault_type fault_type;
153 	enum seg_rw rw;
154 	uintptr_t lofault;
155 	int instr;
156 	int iskernel;
157 	int watchcode;
158 	int watchpage;
159 	extern faultcode_t pagefault(caddr_t, enum fault_type,
160 	    enum seg_rw, int);
161 
162 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
163 
164 #ifdef SF_ERRATA_23 /* call causes illegal-insn */
165 	ASSERT((curthread->t_schedflag & TS_DONT_SWAP) ||
166 	    (type == T_UNIMP_INSTR));
167 #else
168 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
169 #endif /* SF_ERRATA_23 */
170 
171 	if (USERMODE(rp->r_tstate) || (type & T_USER)) {
172 		/*
173 		 * Set lwp_state before trying to acquire any
174 		 * adaptive lock
175 		 */
176 		ASSERT(lwp != NULL);
177 		lwp->lwp_state = LWP_SYS;
178 		/*
179 		 * Set up the current cred to use during this trap. u_cred
180 		 * no longer exists.  t_cred is used instead.
181 		 * The current process credential applies to the thread for
182 		 * the entire trap.  If trapping from the kernel, this
183 		 * should already be set up.
184 		 */
185 		if (curthread->t_cred != p->p_cred) {
186 			cred_t *oldcred = curthread->t_cred;
187 			/*
188 			 * DTrace accesses t_cred in probe context.  t_cred
189 			 * must always be either NULL, or point to a valid,
190 			 * allocated cred structure.
191 			 */
192 			curthread->t_cred = crgetcred();
193 			crfree(oldcred);
194 		}
195 		type |= T_USER;
196 		ASSERT((type == (T_SYS_RTT_PAGE | T_USER)) ||
197 		    (type == (T_SYS_RTT_ALIGN | T_USER)) ||
198 		    lwp->lwp_regs == rp);
199 		mpcb = lwptompcb(lwp);
200 		switch (type) {
201 		case T_WIN_OVERFLOW + T_USER:
202 		case T_WIN_UNDERFLOW + T_USER:
203 		case T_SYS_RTT_PAGE + T_USER:
204 		case T_DATA_MMU_MISS + T_USER:
205 			mstate = LMS_DFAULT;
206 			break;
207 		case T_INSTR_MMU_MISS + T_USER:
208 			mstate = LMS_TFAULT;
209 			break;
210 		default:
211 			mstate = LMS_TRAP;
212 			break;
213 		}
214 		/* Kernel probe */
215 		TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
216 		    tnf_microstate, state, (char)mstate);
217 		mstate = new_mstate(curthread, mstate);
218 		siginfo.si_signo = 0;
219 		stepped =
220 		    lwp->lwp_pcb.pcb_step != STEP_NONE &&
221 		    ((oldpc = rp->r_pc), prundostep()) &&
222 		    mmu_btop((uintptr_t)addr) == mmu_btop((uintptr_t)oldpc);
223 		/* this assignment must not precede call to prundostep() */
224 		oldpc = rp->r_pc;
225 	}
226 
227 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
228 	    "C_trap_handler_enter:type %x", type);
229 
230 #ifdef	F_DEFERRED
231 	/*
232 	 * Take any pending floating point exceptions now.
233 	 * If the floating point unit has an exception to handle,
234 	 * just return to user-level to let the signal handler run.
235 	 * The instruction that got us to trap() will be reexecuted on
236 	 * return from the signal handler and we will trap to here again.
237 	 * This is necessary to disambiguate simultaneous traps which
238 	 * happen when a floating-point exception is pending and a
239 	 * machine fault is incurred.
240 	 */
241 	if (type & USER) {
242 		/*
243 		 * FP_TRAPPED is set only by sendsig() when it copies
244 		 * out the floating-point queue for the signal handler.
245 		 * It is set there so we can test it here and in syscall().
246 		 */
247 		mpcb->mpcb_flags &= ~FP_TRAPPED;
248 		syncfpu();
249 		if (mpcb->mpcb_flags & FP_TRAPPED) {
250 			/*
251 			 * trap() has have been called recursively and may
252 			 * have stopped the process, so do single step
253 			 * support for /proc.
254 			 */
255 			mpcb->mpcb_flags &= ~FP_TRAPPED;
256 			goto out;
257 		}
258 	}
259 #endif
260 	switch (type) {
261 		case T_DATA_MMU_MISS:
262 		case T_INSTR_MMU_MISS + T_USER:
263 		case T_DATA_MMU_MISS + T_USER:
264 		case T_DATA_PROT + T_USER:
265 		case T_AST + T_USER:
266 		case T_SYS_RTT_PAGE + T_USER:
267 		case T_FLUSH_PCB + T_USER:
268 		case T_FLUSHW + T_USER:
269 			break;
270 
271 		default:
272 			FTRACE_3("trap(): type=0x%lx, regs=0x%lx, addr=0x%lx",
273 			    (ulong_t)type, (ulong_t)rp, (ulong_t)addr);
274 			break;
275 	}
276 
277 	switch (type) {
278 
279 	default:
280 		/*
281 		 * Check for user software trap.
282 		 */
283 		if (type & T_USER) {
284 			if (tudebug)
285 				showregs(type, rp, (caddr_t)0, 0);
286 			if ((type & ~T_USER) >= T_SOFTWARE_TRAP) {
287 				bzero(&siginfo, sizeof (siginfo));
288 				siginfo.si_signo = SIGILL;
289 				siginfo.si_code  = ILL_ILLTRP;
290 				siginfo.si_addr  = (caddr_t)rp->r_pc;
291 				siginfo.si_trapno = type &~ T_USER;
292 				fault = FLTILL;
293 				break;
294 			}
295 		}
296 		addr = (caddr_t)rp->r_pc;
297 		(void) die(type, rp, addr, 0);
298 		/*NOTREACHED*/
299 
300 	case T_ALIGNMENT:	/* supv alignment error */
301 		if (nfload(rp, NULL))
302 			goto cleanup;
303 
304 		if (curthread->t_lofault) {
305 			if (lodebug) {
306 				showregs(type, rp, addr, 0);
307 				traceback((caddr_t)rp->r_sp);
308 			}
309 			rp->r_g1 = EFAULT;
310 			rp->r_pc = curthread->t_lofault;
311 			rp->r_npc = rp->r_pc + 4;
312 			goto cleanup;
313 		}
314 		(void) die(type, rp, addr, 0);
315 		/*NOTREACHED*/
316 
317 	case T_INSTR_EXCEPTION:		/* sys instruction access exception */
318 		addr = (caddr_t)rp->r_pc;
319 		(void) die(type, rp, addr, mmu_fsr);
320 		/*NOTREACHED*/
321 
322 	case T_INSTR_MMU_MISS:		/* sys instruction mmu miss */
323 		addr = (caddr_t)rp->r_pc;
324 		(void) die(type, rp, addr, 0);
325 		/*NOTREACHED*/
326 
327 	case T_DATA_EXCEPTION:		/* system data access exception */
328 		switch (X_FAULT_TYPE(mmu_fsr)) {
329 		case FT_RANGE:
330 			/*
331 			 * This happens when we attempt to dereference an
332 			 * address in the address hole.  If t_ontrap is set,
333 			 * then break and fall through to T_DATA_MMU_MISS /
334 			 * T_DATA_PROT case below.  If lofault is set, then
335 			 * honour it (perhaps the user gave us a bogus
336 			 * address in the hole to copyin from or copyout to?)
337 			 */
338 
339 			if (curthread->t_ontrap != NULL)
340 				break;
341 
342 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
343 			if (curthread->t_lofault) {
344 				if (lodebug) {
345 					showregs(type, rp, addr, 0);
346 					traceback((caddr_t)rp->r_sp);
347 				}
348 				rp->r_g1 = EFAULT;
349 				rp->r_pc = curthread->t_lofault;
350 				rp->r_npc = rp->r_pc + 4;
351 				goto cleanup;
352 			}
353 			(void) die(type, rp, addr, mmu_fsr);
354 			/*NOTREACHED*/
355 
356 		case FT_PRIV:
357 			/*
358 			 * This can happen if we access ASI_USER from a kernel
359 			 * thread.  To support pxfs, we need to honor lofault if
360 			 * we're doing a copyin/copyout from a kernel thread.
361 			 */
362 
363 			if (nfload(rp, NULL))
364 				goto cleanup;
365 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
366 			if (curthread->t_lofault) {
367 				if (lodebug) {
368 					showregs(type, rp, addr, 0);
369 					traceback((caddr_t)rp->r_sp);
370 				}
371 				rp->r_g1 = EFAULT;
372 				rp->r_pc = curthread->t_lofault;
373 				rp->r_npc = rp->r_pc + 4;
374 				goto cleanup;
375 			}
376 			(void) die(type, rp, addr, mmu_fsr);
377 			/*NOTREACHED*/
378 
379 		default:
380 			if (nfload(rp, NULL))
381 				goto cleanup;
382 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
383 			(void) die(type, rp, addr, mmu_fsr);
384 			/*NOTREACHED*/
385 
386 		case FT_NFO:
387 			break;
388 		}
389 		/* fall into ... */
390 
391 	case T_DATA_MMU_MISS:		/* system data mmu miss */
392 	case T_DATA_PROT:		/* system data protection fault */
393 		if (nfload(rp, &instr))
394 			goto cleanup;
395 
396 		/*
397 		 * If we're under on_trap() protection (see <sys/ontrap.h>),
398 		 * set ot_trap and return from the trap to the trampoline.
399 		 */
400 		if (curthread->t_ontrap != NULL) {
401 			on_trap_data_t *otp = curthread->t_ontrap;
402 
403 			TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT,
404 			    "C_trap_handler_exit");
405 			TRACE_0(TR_FAC_TRAP, TR_TRAP_END, "trap_end");
406 
407 			if (otp->ot_prot & OT_DATA_ACCESS) {
408 				otp->ot_trap |= OT_DATA_ACCESS;
409 				rp->r_pc = otp->ot_trampoline;
410 				rp->r_npc = rp->r_pc + 4;
411 				goto cleanup;
412 			}
413 		}
414 		lofault = curthread->t_lofault;
415 		curthread->t_lofault = 0;
416 
417 		mstate = new_mstate(curthread, LMS_KFAULT);
418 
419 		switch (type) {
420 		case T_DATA_PROT:
421 			fault_type = F_PROT;
422 			rw = S_WRITE;
423 			break;
424 		case T_INSTR_MMU_MISS:
425 			fault_type = F_INVAL;
426 			rw = S_EXEC;
427 			break;
428 		case T_DATA_MMU_MISS:
429 		case T_DATA_EXCEPTION:
430 			/*
431 			 * The hardware doesn't update the sfsr on mmu
432 			 * misses so it is not easy to find out whether
433 			 * the access was a read or a write so we need
434 			 * to decode the actual instruction.
435 			 */
436 			fault_type = F_INVAL;
437 			rw = get_accesstype(rp);
438 			break;
439 		default:
440 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
441 			break;
442 		}
443 		/*
444 		 * We determine if access was done to kernel or user
445 		 * address space.  The addr passed into trap is really the
446 		 * tag access register.
447 		 */
448 		iskernel = (((uintptr_t)addr & TAGACC_CTX_MASK) == KCONTEXT);
449 		addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
450 
451 		res = pagefault(addr, fault_type, rw, iskernel);
452 		if (!iskernel && res == FC_NOMAP &&
453 		    addr < p->p_usrstack && grow(addr))
454 			res = 0;
455 
456 		(void) new_mstate(curthread, mstate);
457 
458 		/*
459 		 * Restore lofault.  If we resolved the fault, exit.
460 		 * If we didn't and lofault wasn't set, die.
461 		 */
462 		curthread->t_lofault = lofault;
463 
464 		if (res == 0)
465 			goto cleanup;
466 
467 		if (IS_PREFETCH(instr)) {
468 			/* skip prefetch instructions in kernel-land */
469 			rp->r_pc = rp->r_npc;
470 			rp->r_npc += 4;
471 			goto cleanup;
472 		}
473 
474 		if ((lofault == 0 || lodebug) &&
475 		    (calc_memaddr(rp, &badaddr) == SIMU_SUCCESS))
476 			addr = badaddr;
477 		if (lofault == 0)
478 			(void) die(type, rp, addr, 0);
479 		/*
480 		 * Cannot resolve fault.  Return to lofault.
481 		 */
482 		if (lodebug) {
483 			showregs(type, rp, addr, 0);
484 			traceback((caddr_t)rp->r_sp);
485 		}
486 		if (FC_CODE(res) == FC_OBJERR)
487 			res = FC_ERRNO(res);
488 		else
489 			res = EFAULT;
490 		rp->r_g1 = res;
491 		rp->r_pc = curthread->t_lofault;
492 		rp->r_npc = curthread->t_lofault + 4;
493 		goto cleanup;
494 
495 	case T_INSTR_EXCEPTION + T_USER: /* user insn access exception */
496 		bzero(&siginfo, sizeof (siginfo));
497 		siginfo.si_addr = (caddr_t)rp->r_pc;
498 		siginfo.si_signo = SIGSEGV;
499 		siginfo.si_code = X_FAULT_TYPE(mmu_fsr) == FT_PRIV ?
500 		    SEGV_ACCERR : SEGV_MAPERR;
501 		fault = FLTBOUNDS;
502 		break;
503 
504 	case T_WIN_OVERFLOW + T_USER:	/* window overflow in ??? */
505 	case T_WIN_UNDERFLOW + T_USER:	/* window underflow in ??? */
506 	case T_SYS_RTT_PAGE + T_USER:	/* window underflow in user_rtt */
507 	case T_INSTR_MMU_MISS + T_USER:	/* user instruction mmu miss */
508 	case T_DATA_MMU_MISS + T_USER:	/* user data mmu miss */
509 	case T_DATA_PROT + T_USER:	/* user data protection fault */
510 		switch (type) {
511 		case T_INSTR_MMU_MISS + T_USER:
512 			addr = (caddr_t)rp->r_pc;
513 			fault_type = F_INVAL;
514 			rw = S_EXEC;
515 			break;
516 
517 		case T_DATA_MMU_MISS + T_USER:
518 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
519 			fault_type = F_INVAL;
520 			/*
521 			 * The hardware doesn't update the sfsr on mmu misses
522 			 * so it is not easy to find out whether the access
523 			 * was a read or a write so we need to decode the
524 			 * actual instruction.  XXX BUGLY HW
525 			 */
526 			rw = get_accesstype(rp);
527 			break;
528 
529 		case T_DATA_PROT + T_USER:
530 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
531 			fault_type = F_PROT;
532 			rw = S_WRITE;
533 			break;
534 
535 		case T_WIN_OVERFLOW + T_USER:
536 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
537 			fault_type = F_INVAL;
538 			rw = S_WRITE;
539 			break;
540 
541 		case T_WIN_UNDERFLOW + T_USER:
542 		case T_SYS_RTT_PAGE + T_USER:
543 			addr = (caddr_t)((uintptr_t)addr & TAGACC_VADDR_MASK);
544 			fault_type = F_INVAL;
545 			rw = S_READ;
546 			break;
547 
548 		default:
549 			cmn_err(CE_PANIC, "trap: unknown type %x", type);
550 			break;
551 		}
552 
553 		/*
554 		 * If we are single stepping do not call pagefault
555 		 */
556 		if (stepped) {
557 			res = FC_NOMAP;
558 		} else {
559 			caddr_t vaddr = addr;
560 			size_t sz;
561 			int ta;
562 
563 			ASSERT(!(curthread->t_flag & T_WATCHPT));
564 			watchpage = (pr_watch_active(p) &&
565 			    type != T_WIN_OVERFLOW + T_USER &&
566 			    type != T_WIN_UNDERFLOW + T_USER &&
567 			    type != T_SYS_RTT_PAGE + T_USER &&
568 			    pr_is_watchpage(addr, rw));
569 
570 			if (!watchpage ||
571 			    (sz = instr_size(rp, &vaddr, rw)) <= 0)
572 				/* EMPTY */;
573 			else if ((watchcode = pr_is_watchpoint(&vaddr, &ta,
574 			    sz, NULL, rw)) != 0) {
575 				if (ta) {
576 					do_watch_step(vaddr, sz, rw,
577 					    watchcode, rp->r_pc);
578 					fault_type = F_INVAL;
579 				} else {
580 					bzero(&siginfo,	sizeof (siginfo));
581 					siginfo.si_signo = SIGTRAP;
582 					siginfo.si_code = watchcode;
583 					siginfo.si_addr = vaddr;
584 					siginfo.si_trapafter = 0;
585 					siginfo.si_pc = (caddr_t)rp->r_pc;
586 					fault = FLTWATCH;
587 					break;
588 				}
589 			} else {
590 				if (rw != S_EXEC &&
591 				    pr_watch_emul(rp, vaddr, rw))
592 					goto out;
593 				do_watch_step(vaddr, sz, rw, 0, 0);
594 				fault_type = F_INVAL;
595 			}
596 
597 			if (pr_watch_active(p) &&
598 			    (type == T_WIN_OVERFLOW + T_USER ||
599 			    type == T_WIN_UNDERFLOW + T_USER ||
600 			    type == T_SYS_RTT_PAGE + T_USER)) {
601 				int dotwo = (type == T_WIN_UNDERFLOW + T_USER);
602 				if (copy_return_window(dotwo))
603 					goto out;
604 				fault_type = F_INVAL;
605 			}
606 
607 			res = pagefault(addr, fault_type, rw, 0);
608 
609 			/*
610 			 * If pagefault succeed, ok.
611 			 * Otherwise grow the stack automatically.
612 			 */
613 			if (res == 0 ||
614 			    (res == FC_NOMAP &&
615 			    type != T_INSTR_MMU_MISS + T_USER &&
616 			    addr < p->p_usrstack &&
617 			    grow(addr))) {
618 				int ismem = prismember(&p->p_fltmask, FLTPAGE);
619 
620 				/*
621 				 * instr_size() is used to get the exact
622 				 * address of the fault, instead of the
623 				 * page of the fault. Unfortunately it is
624 				 * very slow, and this is an important
625 				 * code path. Don't call it unless
626 				 * correctness is needed. ie. if FLTPAGE
627 				 * is set, or we're profiling.
628 				 */
629 
630 				if (curthread->t_rprof != NULL || ismem)
631 					(void) instr_size(rp, &addr, rw);
632 
633 				lwp->lwp_lastfault = FLTPAGE;
634 				lwp->lwp_lastfaddr = addr;
635 
636 				if (ismem) {
637 					bzero(&siginfo, sizeof (siginfo));
638 					siginfo.si_addr = addr;
639 					(void) stop_on_fault(FLTPAGE, &siginfo);
640 				}
641 				goto out;
642 			}
643 
644 			if (type != (T_INSTR_MMU_MISS + T_USER)) {
645 				/*
646 				 * check for non-faulting loads, also
647 				 * fetch the instruction to check for
648 				 * flush
649 				 */
650 				if (nfload(rp, &instr))
651 					goto out;
652 
653 				/* skip userland prefetch instructions */
654 				if (IS_PREFETCH(instr)) {
655 					rp->r_pc = rp->r_npc;
656 					rp->r_npc += 4;
657 					goto out;
658 					/*NOTREACHED*/
659 				}
660 
661 				/*
662 				 * check if the instruction was a
663 				 * flush.  ABI allows users to specify
664 				 * an illegal address on the flush
665 				 * instruction so we simply return in
666 				 * this case.
667 				 *
668 				 * NB: the hardware should set a bit
669 				 * indicating this trap was caused by
670 				 * a flush instruction.  Instruction
671 				 * decoding is bugly!
672 				 */
673 				if (IS_FLUSH(instr)) {
674 					/* skip the flush instruction */
675 					rp->r_pc = rp->r_npc;
676 					rp->r_npc += 4;
677 					goto out;
678 					/*NOTREACHED*/
679 				}
680 			} else if (res == FC_PROT) {
681 				report_stack_exec(p, addr);
682 			}
683 
684 			if (tudebug)
685 				showregs(type, rp, addr, 0);
686 		}
687 
688 		/*
689 		 * In the case where both pagefault and grow fail,
690 		 * set the code to the value provided by pagefault.
691 		 */
692 		(void) instr_size(rp, &addr, rw);
693 		bzero(&siginfo, sizeof (siginfo));
694 		siginfo.si_addr = addr;
695 		if (FC_CODE(res) == FC_OBJERR) {
696 			siginfo.si_errno = FC_ERRNO(res);
697 			if (siginfo.si_errno != EINTR) {
698 				siginfo.si_signo = SIGBUS;
699 				siginfo.si_code = BUS_OBJERR;
700 				fault = FLTACCESS;
701 			}
702 		} else { /* FC_NOMAP || FC_PROT */
703 			siginfo.si_signo = SIGSEGV;
704 			siginfo.si_code = (res == FC_NOMAP) ?
705 			    SEGV_MAPERR : SEGV_ACCERR;
706 			fault = FLTBOUNDS;
707 		}
708 		/*
709 		 * If this is the culmination of a single-step,
710 		 * reset the addr, code, signal and fault to
711 		 * indicate a hardware trace trap.
712 		 */
713 		if (stepped) {
714 			pcb_t *pcb = &lwp->lwp_pcb;
715 
716 			siginfo.si_signo = 0;
717 			fault = 0;
718 			if (pcb->pcb_step == STEP_WASACTIVE) {
719 				pcb->pcb_step = STEP_NONE;
720 				pcb->pcb_tracepc = NULL;
721 				oldpc = rp->r_pc - 4;
722 			}
723 			/*
724 			 * If both NORMAL_STEP and WATCH_STEP are in
725 			 * effect, give precedence to WATCH_STEP.
726 			 * One or the other must be set at this point.
727 			 */
728 			ASSERT(pcb->pcb_flags & (NORMAL_STEP|WATCH_STEP));
729 			if ((fault = undo_watch_step(&siginfo)) == 0 &&
730 			    (pcb->pcb_flags & NORMAL_STEP)) {
731 				siginfo.si_signo = SIGTRAP;
732 				siginfo.si_code = TRAP_TRACE;
733 				siginfo.si_addr = (caddr_t)rp->r_pc;
734 				fault = FLTTRACE;
735 			}
736 			pcb->pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
737 		}
738 		break;
739 
740 	case T_DATA_EXCEPTION + T_USER:	/* user data access exception */
741 
742 		if (&vis1_partial_support != NULL) {
743 			bzero(&siginfo, sizeof (siginfo));
744 			if (vis1_partial_support(rp,
745 			    &siginfo, &fault) == 0)
746 				goto out;
747 		}
748 
749 		if (nfload(rp, &instr))
750 			goto out;
751 		if (IS_FLUSH(instr)) {
752 			/* skip the flush instruction */
753 			rp->r_pc = rp->r_npc;
754 			rp->r_npc += 4;
755 			goto out;
756 			/*NOTREACHED*/
757 		}
758 		bzero(&siginfo, sizeof (siginfo));
759 		siginfo.si_addr = addr;
760 		switch (X_FAULT_TYPE(mmu_fsr)) {
761 		case FT_ATOMIC_NC:
762 			if ((IS_SWAP(instr) && swap_nc(rp, instr)) ||
763 			    (IS_LDSTUB(instr) && ldstub_nc(rp, instr))) {
764 				/* skip the atomic */
765 				rp->r_pc = rp->r_npc;
766 				rp->r_npc += 4;
767 				goto out;
768 			}
769 			/* fall into ... */
770 		case FT_PRIV:
771 			siginfo.si_signo = SIGSEGV;
772 			siginfo.si_code = SEGV_ACCERR;
773 			fault = FLTBOUNDS;
774 			break;
775 		case FT_SPEC_LD:
776 		case FT_ILL_ALT:
777 			siginfo.si_signo = SIGILL;
778 			siginfo.si_code = ILL_ILLADR;
779 			fault = FLTILL;
780 			break;
781 		default:
782 			siginfo.si_signo = SIGSEGV;
783 			siginfo.si_code = SEGV_MAPERR;
784 			fault = FLTBOUNDS;
785 			break;
786 		}
787 		break;
788 
789 	case T_SYS_RTT_ALIGN + T_USER:	/* user alignment error */
790 	case T_ALIGNMENT + T_USER:	/* user alignment error */
791 		if (tudebug)
792 			showregs(type, rp, addr, 0);
793 		/*
794 		 * If the user has to do unaligned references
795 		 * the ugly stuff gets done here.
796 		 */
797 		alignfaults++;
798 		if (&vis1_partial_support != NULL) {
799 			bzero(&siginfo, sizeof (siginfo));
800 			if (vis1_partial_support(rp,
801 			    &siginfo, &fault) == 0)
802 				goto out;
803 		}
804 
805 		bzero(&siginfo, sizeof (siginfo));
806 		if (type == T_SYS_RTT_ALIGN + T_USER) {
807 			if (nfload(rp, NULL))
808 				goto out;
809 			/*
810 			 * Can't do unaligned stack access
811 			 */
812 			siginfo.si_signo = SIGBUS;
813 			siginfo.si_code = BUS_ADRALN;
814 			siginfo.si_addr = addr;
815 			fault = FLTACCESS;
816 			break;
817 		}
818 
819 		/*
820 		 * Try to fix alignment before non-faulting load test.
821 		 */
822 		if (p->p_fixalignment) {
823 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
824 				rp->r_pc = rp->r_npc;
825 				rp->r_npc += 4;
826 				goto out;
827 			}
828 			if (nfload(rp, NULL))
829 				goto out;
830 			siginfo.si_signo = SIGSEGV;
831 			siginfo.si_code = SEGV_MAPERR;
832 			siginfo.si_addr = badaddr;
833 			fault = FLTBOUNDS;
834 		} else {
835 			if (nfload(rp, NULL))
836 				goto out;
837 			siginfo.si_signo = SIGBUS;
838 			siginfo.si_code = BUS_ADRALN;
839 			if (rp->r_pc & 3) {	/* offending address, if pc */
840 				siginfo.si_addr = (caddr_t)rp->r_pc;
841 			} else {
842 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
843 					siginfo.si_addr = badaddr;
844 				else
845 					siginfo.si_addr = (caddr_t)rp->r_pc;
846 			}
847 			fault = FLTACCESS;
848 		}
849 		break;
850 
851 	case T_PRIV_INSTR + T_USER:	/* privileged instruction fault */
852 		if (tudebug)
853 			showregs(type, rp, (caddr_t)0, 0);
854 		bzero(&siginfo, sizeof (siginfo));
855 		siginfo.si_signo = SIGILL;
856 		siginfo.si_code = ILL_PRVOPC;
857 		siginfo.si_addr = (caddr_t)rp->r_pc;
858 		fault = FLTILL;
859 		break;
860 
861 	case T_UNIMP_INSTR:		/* priv illegal instruction fault */
862 		if (fpras_implemented) {
863 			/*
864 			 * Call fpras_chktrap indicating that
865 			 * we've come from a trap handler and pass
866 			 * the regs.  That function may choose to panic
867 			 * (in which case it won't return) or it may
868 			 * determine that a reboot is desired.  In the
869 			 * latter case it must alter pc/npc to skip
870 			 * the illegal instruction and continue at
871 			 * a controlled address.
872 			 */
873 			if (&fpras_chktrap) {
874 				if (fpras_chktrap(rp))
875 					goto cleanup;
876 			}
877 		}
878 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
879 		instr = *(int *)rp->r_pc;
880 		if ((instr & 0xc0000000) == 0x40000000) {
881 			long pc;
882 
883 			rp->r_o7 = (long long)rp->r_pc;
884 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
885 			rp->r_pc = rp->r_npc;
886 			rp->r_npc = pc;
887 			ill_calls++;
888 			goto cleanup;
889 		}
890 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
891 		/*
892 		 * It's not an fpras failure and it's not SF_ERRATA_23 - die
893 		 */
894 		addr = (caddr_t)rp->r_pc;
895 		(void) die(type, rp, addr, 0);
896 		/*NOTREACHED*/
897 
898 	case T_UNIMP_INSTR + T_USER:	/* illegal instruction fault */
899 #if defined(SF_ERRATA_23) || defined(SF_ERRATA_30) /* call ... illegal-insn */
900 		instr = fetch_user_instr((caddr_t)rp->r_pc);
901 		if ((instr & 0xc0000000) == 0x40000000) {
902 			long pc;
903 
904 			rp->r_o7 = (long long)rp->r_pc;
905 			pc = rp->r_pc + ((instr & 0x3fffffff) << 2);
906 			rp->r_pc = rp->r_npc;
907 			rp->r_npc = pc;
908 			ill_calls++;
909 			goto out;
910 		}
911 #endif /* SF_ERRATA_23 || SF_ERRATA_30 */
912 		if (tudebug)
913 			showregs(type, rp, (caddr_t)0, 0);
914 		bzero(&siginfo, sizeof (siginfo));
915 		/*
916 		 * Try to simulate the instruction.
917 		 */
918 		switch (simulate_unimp(rp, &badaddr)) {
919 		case SIMU_RETRY:
920 			goto out;	/* regs are already set up */
921 			/*NOTREACHED*/
922 
923 		case SIMU_SUCCESS:
924 			/* skip the successfully simulated instruction */
925 			rp->r_pc = rp->r_npc;
926 			rp->r_npc += 4;
927 			goto out;
928 			/*NOTREACHED*/
929 
930 		case SIMU_FAULT:
931 			siginfo.si_signo = SIGSEGV;
932 			siginfo.si_code = SEGV_MAPERR;
933 			siginfo.si_addr = badaddr;
934 			fault = FLTBOUNDS;
935 			break;
936 
937 		case SIMU_DZERO:
938 			siginfo.si_signo = SIGFPE;
939 			siginfo.si_code = FPE_INTDIV;
940 			siginfo.si_addr = (caddr_t)rp->r_pc;
941 			fault = FLTIZDIV;
942 			break;
943 
944 		case SIMU_UNALIGN:
945 			siginfo.si_signo = SIGBUS;
946 			siginfo.si_code = BUS_ADRALN;
947 			siginfo.si_addr = badaddr;
948 			fault = FLTACCESS;
949 			break;
950 
951 		case SIMU_ILLEGAL:
952 		default:
953 			siginfo.si_signo = SIGILL;
954 			op3 = (instr >> 19) & 0x3F;
955 			if ((IS_FLOAT(instr) && (op3 == IOP_V8_STQFA) ||
956 			    (op3 == IOP_V8_STDFA)))
957 				siginfo.si_code = ILL_ILLADR;
958 			else
959 				siginfo.si_code = ILL_ILLOPC;
960 			siginfo.si_addr = (caddr_t)rp->r_pc;
961 			fault = FLTILL;
962 			break;
963 		}
964 		break;
965 
966 	case T_UNIMP_LDD + T_USER:
967 	case T_UNIMP_STD + T_USER:
968 		if (tudebug)
969 			showregs(type, rp, (caddr_t)0, 0);
970 		switch (simulate_lddstd(rp, &badaddr)) {
971 		case SIMU_SUCCESS:
972 			/* skip the successfully simulated instruction */
973 			rp->r_pc = rp->r_npc;
974 			rp->r_npc += 4;
975 			goto out;
976 			/*NOTREACHED*/
977 
978 		case SIMU_FAULT:
979 			if (nfload(rp, NULL))
980 				goto out;
981 			siginfo.si_signo = SIGSEGV;
982 			siginfo.si_code = SEGV_MAPERR;
983 			siginfo.si_addr = badaddr;
984 			fault = FLTBOUNDS;
985 			break;
986 
987 		case SIMU_UNALIGN:
988 			if (nfload(rp, NULL))
989 				goto out;
990 			siginfo.si_signo = SIGBUS;
991 			siginfo.si_code = BUS_ADRALN;
992 			siginfo.si_addr = badaddr;
993 			fault = FLTACCESS;
994 			break;
995 
996 		case SIMU_ILLEGAL:
997 		default:
998 			siginfo.si_signo = SIGILL;
999 			siginfo.si_code = ILL_ILLOPC;
1000 			siginfo.si_addr = (caddr_t)rp->r_pc;
1001 			fault = FLTILL;
1002 			break;
1003 		}
1004 		break;
1005 
1006 	case T_UNIMP_LDD:
1007 	case T_UNIMP_STD:
1008 		if (simulate_lddstd(rp, &badaddr) == SIMU_SUCCESS) {
1009 			/* skip the successfully simulated instruction */
1010 			rp->r_pc = rp->r_npc;
1011 			rp->r_npc += 4;
1012 			goto cleanup;
1013 			/*NOTREACHED*/
1014 		}
1015 		/*
1016 		 * A third party driver executed an {LDD,STD,LDDA,STDA}
1017 		 * that we couldn't simulate.
1018 		 */
1019 		if (nfload(rp, NULL))
1020 			goto cleanup;
1021 
1022 		if (curthread->t_lofault) {
1023 			if (lodebug) {
1024 				showregs(type, rp, addr, 0);
1025 				traceback((caddr_t)rp->r_sp);
1026 			}
1027 			rp->r_g1 = EFAULT;
1028 			rp->r_pc = curthread->t_lofault;
1029 			rp->r_npc = rp->r_pc + 4;
1030 			goto cleanup;
1031 		}
1032 		(void) die(type, rp, addr, 0);
1033 		/*NOTREACHED*/
1034 
1035 	case T_IDIV0 + T_USER:		/* integer divide by zero */
1036 	case T_DIV0 + T_USER:		/* integer divide by zero */
1037 		if (tudebug && tudebugfpe)
1038 			showregs(type, rp, (caddr_t)0, 0);
1039 		bzero(&siginfo, sizeof (siginfo));
1040 		siginfo.si_signo = SIGFPE;
1041 		siginfo.si_code = FPE_INTDIV;
1042 		siginfo.si_addr = (caddr_t)rp->r_pc;
1043 		fault = FLTIZDIV;
1044 		break;
1045 
1046 	case T_INT_OVERFLOW + T_USER:	/* integer overflow */
1047 		if (tudebug && tudebugfpe)
1048 			showregs(type, rp, (caddr_t)0, 0);
1049 		bzero(&siginfo, sizeof (siginfo));
1050 		siginfo.si_signo = SIGFPE;
1051 		siginfo.si_code  = FPE_INTOVF;
1052 		siginfo.si_addr  = (caddr_t)rp->r_pc;
1053 		fault = FLTIOVF;
1054 		break;
1055 
1056 	case T_BREAKPOINT + T_USER:	/* breakpoint trap (t 1) */
1057 		if (tudebug && tudebugbpt)
1058 			showregs(type, rp, (caddr_t)0, 0);
1059 		bzero(&siginfo, sizeof (siginfo));
1060 		siginfo.si_signo = SIGTRAP;
1061 		siginfo.si_code = TRAP_BRKPT;
1062 		siginfo.si_addr = (caddr_t)rp->r_pc;
1063 		fault = FLTBPT;
1064 		break;
1065 
1066 	case T_TAG_OVERFLOW + T_USER:	/* tag overflow (taddcctv, tsubcctv) */
1067 		if (tudebug)
1068 			showregs(type, rp, (caddr_t)0, 0);
1069 		bzero(&siginfo, sizeof (siginfo));
1070 		siginfo.si_signo = SIGEMT;
1071 		siginfo.si_code = EMT_TAGOVF;
1072 		siginfo.si_addr = (caddr_t)rp->r_pc;
1073 		fault = FLTACCESS;
1074 		break;
1075 
1076 	case T_FLUSH_PCB + T_USER:	/* finish user window overflow */
1077 	case T_FLUSHW + T_USER:		/* finish user window flush */
1078 		/*
1079 		 * This trap is entered from sys_rtt in locore.s when,
1080 		 * upon return to user is is found that there are user
1081 		 * windows in pcb_wbuf.  This happens because they could
1082 		 * not be saved on the user stack, either because it
1083 		 * wasn't resident or because it was misaligned.
1084 		 */
1085 	{
1086 		int error;
1087 		caddr_t sp;
1088 
1089 		error = flush_user_windows_to_stack(&sp);
1090 		/*
1091 		 * Possible errors:
1092 		 *	error copying out
1093 		 *	unaligned stack pointer
1094 		 * The first is given to us as the return value
1095 		 * from flush_user_windows_to_stack().  The second
1096 		 * results in residual windows in the pcb.
1097 		 */
1098 		if (error != 0) {
1099 			/*
1100 			 * EINTR comes from a signal during copyout;
1101 			 * we should not post another signal.
1102 			 */
1103 			if (error != EINTR) {
1104 				/*
1105 				 * Zap the process with a SIGSEGV - process
1106 				 * may be managing its own stack growth by
1107 				 * taking SIGSEGVs on a different signal stack.
1108 				 */
1109 				bzero(&siginfo, sizeof (siginfo));
1110 				siginfo.si_signo = SIGSEGV;
1111 				siginfo.si_code  = SEGV_MAPERR;
1112 				siginfo.si_addr  = sp;
1113 				fault = FLTBOUNDS;
1114 			}
1115 			break;
1116 		} else if (mpcb->mpcb_wbcnt) {
1117 			bzero(&siginfo, sizeof (siginfo));
1118 			siginfo.si_signo = SIGILL;
1119 			siginfo.si_code  = ILL_BADSTK;
1120 			siginfo.si_addr  = (caddr_t)rp->r_pc;
1121 			fault = FLTILL;
1122 			break;
1123 		}
1124 	}
1125 
1126 		/*
1127 		 * T_FLUSHW is used when handling a ta 0x3 -- the old flush
1128 		 * window trap -- which is implemented by executing the
1129 		 * flushw instruction. The flushw can trap if any of the
1130 		 * stack pages are not writable for whatever reason. In this
1131 		 * case only, we advance the pc to the next instruction so
1132 		 * that the user thread doesn't needlessly execute the trap
1133 		 * again. Normally this wouldn't be a problem -- we'll
1134 		 * usually only end up here if this is the first touch to a
1135 		 * stack page -- since the second execution won't trap, but
1136 		 * if there's a watchpoint on the stack page the user thread
1137 		 * would spin, continuously executing the trap instruction.
1138 		 */
1139 		if (type == T_FLUSHW + T_USER) {
1140 			rp->r_pc = rp->r_npc;
1141 			rp->r_npc += 4;
1142 		}
1143 		goto out;
1144 
1145 	case T_AST + T_USER:		/* profiling or resched pseudo trap */
1146 		if (lwp->lwp_pcb.pcb_flags & CPC_OVERFLOW) {
1147 			lwp->lwp_pcb.pcb_flags &= ~CPC_OVERFLOW;
1148 			if (kcpc_overflow_ast()) {
1149 				/*
1150 				 * Signal performance counter overflow
1151 				 */
1152 				if (tudebug)
1153 					showregs(type, rp, (caddr_t)0, 0);
1154 				bzero(&siginfo, sizeof (siginfo));
1155 				siginfo.si_signo = SIGEMT;
1156 				siginfo.si_code = EMT_CPCOVF;
1157 				siginfo.si_addr = (caddr_t)rp->r_pc;
1158 				/* for trap_cleanup(), below */
1159 				oldpc = rp->r_pc - 4;
1160 				fault = FLTCPCOVF;
1161 			}
1162 		}
1163 
1164 		/*
1165 		 * The CPC_OVERFLOW check above may already have populated
1166 		 * siginfo and set fault, so the checks below must not
1167 		 * touch these and the functions they call must use
1168 		 * trapsig() directly.
1169 		 */
1170 
1171 		if (lwp->lwp_pcb.pcb_flags & ASYNC_HWERR) {
1172 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_HWERR;
1173 			trap_async_hwerr();
1174 		}
1175 
1176 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BERR) {
1177 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BERR;
1178 			trap_async_berr_bto(ASYNC_BERR, rp);
1179 		}
1180 
1181 		if (lwp->lwp_pcb.pcb_flags & ASYNC_BTO) {
1182 			lwp->lwp_pcb.pcb_flags &= ~ASYNC_BTO;
1183 			trap_async_berr_bto(ASYNC_BTO, rp);
1184 		}
1185 
1186 		break;
1187 	}
1188 
1189 	if (fault) {
1190 		/* We took a fault so abort single step. */
1191 		lwp->lwp_pcb.pcb_flags &= ~(NORMAL_STEP|WATCH_STEP);
1192 	}
1193 	trap_cleanup(rp, fault, &siginfo, oldpc == rp->r_pc);
1194 
1195 out:	/* We can't get here from a system trap */
1196 	ASSERT(type & T_USER);
1197 	trap_rtt();
1198 	(void) new_mstate(curthread, mstate);
1199 	/* Kernel probe */
1200 	TNF_PROBE_1(thread_state, "thread", /* CSTYLED */,
1201 		tnf_microstate, state, LMS_USER);
1202 
1203 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1204 	return;
1205 
1206 cleanup:	/* system traps end up here */
1207 	ASSERT(!(type & T_USER));
1208 
1209 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1210 }
1211 
1212 void
1213 trap_cleanup(
1214 	struct regs *rp,
1215 	uint_t fault,
1216 	k_siginfo_t *sip,
1217 	int restartable)
1218 {
1219 	extern void aio_cleanup();
1220 	proc_t *p = ttoproc(curthread);
1221 	klwp_id_t lwp = ttolwp(curthread);
1222 
1223 	if (fault) {
1224 		/*
1225 		 * Remember the fault and fault address
1226 		 * for real-time (SIGPROF) profiling.
1227 		 */
1228 		lwp->lwp_lastfault = fault;
1229 		lwp->lwp_lastfaddr = sip->si_addr;
1230 
1231 		DTRACE_PROC2(fault, int, fault, ksiginfo_t *, sip);
1232 
1233 		/*
1234 		 * If a debugger has declared this fault to be an
1235 		 * event of interest, stop the lwp.  Otherwise just
1236 		 * deliver the associated signal.
1237 		 */
1238 		if (sip->si_signo != SIGKILL &&
1239 		    prismember(&p->p_fltmask, fault) &&
1240 		    stop_on_fault(fault, sip) == 0)
1241 			sip->si_signo = 0;
1242 	}
1243 
1244 	if (sip->si_signo)
1245 		trapsig(sip, restartable);
1246 
1247 	if (lwp->lwp_oweupc)
1248 		profil_tick(rp->r_pc);
1249 
1250 	if (curthread->t_astflag | curthread->t_sig_check) {
1251 		/*
1252 		 * Turn off the AST flag before checking all the conditions that
1253 		 * may have caused an AST.  This flag is on whenever a signal or
1254 		 * unusual condition should be handled after the next trap or
1255 		 * syscall.
1256 		 */
1257 		astoff(curthread);
1258 		curthread->t_sig_check = 0;
1259 
1260 		/*
1261 		 * The following check is legal for the following reasons:
1262 		 *	1) The thread we are checking, is ourselves, so there is
1263 		 *	   no way the proc can go away.
1264 		 *	2) The only time we need to be protected by the
1265 		 *	   lock is if the binding is changed.
1266 		 *
1267 		 *	Note we will still take the lock and check the binding
1268 		 *	if the condition was true without the lock held.  This
1269 		 *	prevents lock contention among threads owned by the
1270 		 *	same proc.
1271 		 */
1272 
1273 		if (curthread->t_proc_flag & TP_CHANGEBIND) {
1274 			mutex_enter(&p->p_lock);
1275 			if (curthread->t_proc_flag & TP_CHANGEBIND) {
1276 				timer_lwpbind();
1277 				curthread->t_proc_flag &= ~TP_CHANGEBIND;
1278 			}
1279 			mutex_exit(&p->p_lock);
1280 		}
1281 
1282 		/*
1283 		 * for kaio requests that are on the per-process poll queue,
1284 		 * aiop->aio_pollq, they're AIO_POLL bit is set, the kernel
1285 		 * should copyout their result_t to user memory. by copying
1286 		 * out the result_t, the user can poll on memory waiting
1287 		 * for the kaio request to complete.
1288 		 */
1289 		if (p->p_aio)
1290 			aio_cleanup(0);
1291 
1292 		/*
1293 		 * If this LWP was asked to hold, call holdlwp(), which will
1294 		 * stop.  holdlwps() sets this up and calls pokelwps() which
1295 		 * sets the AST flag.
1296 		 *
1297 		 * Also check TP_EXITLWP, since this is used by fresh new LWPs
1298 		 * through lwp_rtt().  That flag is set if the lwp_create(2)
1299 		 * syscall failed after creating the LWP.
1300 		 */
1301 		if (ISHOLD(p))
1302 			holdlwp();
1303 
1304 		/*
1305 		 * All code that sets signals and makes ISSIG evaluate true must
1306 		 * set t_astflag afterwards.
1307 		 */
1308 		if (ISSIG_PENDING(curthread, lwp, p)) {
1309 			if (issig(FORREAL))
1310 				psig();
1311 			curthread->t_sig_check = 1;
1312 		}
1313 
1314 		if (curthread->t_rprof != NULL) {
1315 			realsigprof(0, 0);
1316 			curthread->t_sig_check = 1;
1317 		}
1318 	}
1319 }
1320 
1321 /*
1322  * Called from fp_traps when a floating point trap occurs.
1323  * Note that the T_DATA_EXCEPTION case does not use X_FAULT_TYPE(mmu_fsr),
1324  * because mmu_fsr (now changed to code) is always 0.
1325  * Note that the T_UNIMP_INSTR case does not call simulate_unimp(),
1326  * because the simulator only simulates multiply and divide instructions,
1327  * which would not cause floating point traps in the first place.
1328  * XXX - Supervisor mode floating point traps?
1329  */
1330 void
1331 fpu_trap(struct regs *rp, caddr_t addr, uint32_t type, uint32_t code)
1332 {
1333 	proc_t *p = ttoproc(curthread);
1334 	klwp_id_t lwp = ttolwp(curthread);
1335 	k_siginfo_t siginfo;
1336 	uint_t op3, fault = 0;
1337 	int mstate;
1338 	char *badaddr;
1339 	kfpu_t *fp;
1340 	struct fpq *pfpq;
1341 	uint32_t inst;
1342 	utrap_handler_t *utrapp;
1343 
1344 	CPU_STATS_ADDQ(CPU, sys, trap, 1);
1345 
1346 	ASSERT(curthread->t_schedflag & TS_DONT_SWAP);
1347 
1348 	if (USERMODE(rp->r_tstate)) {
1349 		/*
1350 		 * Set lwp_state before trying to acquire any
1351 		 * adaptive lock
1352 		 */
1353 		ASSERT(lwp != NULL);
1354 		lwp->lwp_state = LWP_SYS;
1355 		/*
1356 		 * Set up the current cred to use during this trap. u_cred
1357 		 * no longer exists.  t_cred is used instead.
1358 		 * The current process credential applies to the thread for
1359 		 * the entire trap.  If trapping from the kernel, this
1360 		 * should already be set up.
1361 		 */
1362 		if (curthread->t_cred != p->p_cred) {
1363 			cred_t *oldcred = curthread->t_cred;
1364 			/*
1365 			 * DTrace accesses t_cred in probe context.  t_cred
1366 			 * must always be either NULL, or point to a valid,
1367 			 * allocated cred structure.
1368 			 */
1369 			curthread->t_cred = crgetcred();
1370 			crfree(oldcred);
1371 		}
1372 		ASSERT(lwp->lwp_regs == rp);
1373 		mstate = new_mstate(curthread, LMS_TRAP);
1374 		siginfo.si_signo = 0;
1375 		type |= T_USER;
1376 	}
1377 
1378 	TRACE_1(TR_FAC_TRAP, TR_C_TRAP_HANDLER_ENTER,
1379 	    "C_fpu_trap_handler_enter:type %x", type);
1380 
1381 	if (tudebug && tudebugfpe)
1382 		showregs(type, rp, addr, 0);
1383 
1384 	bzero(&siginfo, sizeof (siginfo));
1385 	siginfo.si_code = code;
1386 	siginfo.si_addr = addr;
1387 
1388 	switch (type) {
1389 
1390 	case T_FP_EXCEPTION_IEEE + T_USER:	/* FPU arithmetic exception */
1391 		/*
1392 		 * FPU arithmetic exception - fake up a fpq if we
1393 		 *	came here directly from _fp_ieee_exception,
1394 		 *	which is indicated by a zero fpu_qcnt.
1395 		 */
1396 		fp = lwptofpu(curthread->t_lwp);
1397 		utrapp = curthread->t_procp->p_utraps;
1398 		if (fp->fpu_qcnt == 0) {
1399 			inst = fetch_user_instr((caddr_t)rp->r_pc);
1400 			lwp->lwp_state = LWP_SYS;
1401 			pfpq = &fp->fpu_q->FQu.fpq;
1402 			pfpq->fpq_addr = (uint32_t *)rp->r_pc;
1403 			pfpq->fpq_instr = inst;
1404 			fp->fpu_qcnt = 1;
1405 			fp->fpu_q_entrysize = sizeof (struct fpq);
1406 #ifdef SF_V9_TABLE_28
1407 			/*
1408 			 * Spitfire and blackbird followed the SPARC V9 manual
1409 			 * paragraph 3 of section 5.1.7.9 FSR_current_exception
1410 			 * (cexc) for setting fsr.cexc bits on underflow and
1411 			 * overflow traps when the fsr.tem.inexact bit is set,
1412 			 * instead of following Table 28. Bugid 1263234.
1413 			 */
1414 			{
1415 				extern int spitfire_bb_fsr_bug;
1416 
1417 				if (spitfire_bb_fsr_bug &&
1418 				    (fp->fpu_fsr & FSR_TEM_NX)) {
1419 					if (((fp->fpu_fsr & FSR_TEM_OF) == 0) &&
1420 					    (fp->fpu_fsr & FSR_CEXC_OF)) {
1421 						fp->fpu_fsr &= ~FSR_CEXC_OF;
1422 						fp->fpu_fsr |= FSR_CEXC_NX;
1423 						_fp_write_pfsr(&fp->fpu_fsr);
1424 						siginfo.si_code = FPE_FLTRES;
1425 					}
1426 					if (((fp->fpu_fsr & FSR_TEM_UF) == 0) &&
1427 					    (fp->fpu_fsr & FSR_CEXC_UF)) {
1428 						fp->fpu_fsr &= ~FSR_CEXC_UF;
1429 						fp->fpu_fsr |= FSR_CEXC_NX;
1430 						_fp_write_pfsr(&fp->fpu_fsr);
1431 						siginfo.si_code = FPE_FLTRES;
1432 					}
1433 				}
1434 			}
1435 #endif /* SF_V9_TABLE_28 */
1436 			rp->r_pc = rp->r_npc;
1437 			rp->r_npc += 4;
1438 		} else if (utrapp && utrapp[UT_FP_EXCEPTION_IEEE_754]) {
1439 			/*
1440 			 * The user had a trap handler installed.  Jump to
1441 			 * the trap handler instead of signalling the process.
1442 			 */
1443 			rp->r_pc = (long)utrapp[UT_FP_EXCEPTION_IEEE_754];
1444 			rp->r_npc = rp->r_pc + 4;
1445 			break;
1446 		}
1447 		siginfo.si_signo = SIGFPE;
1448 		fault = FLTFPE;
1449 		break;
1450 
1451 	case T_DATA_EXCEPTION + T_USER:		/* user data access exception */
1452 		siginfo.si_signo = SIGSEGV;
1453 		fault = FLTBOUNDS;
1454 		break;
1455 
1456 	case T_LDDF_ALIGN + T_USER: /* 64 bit user lddfa alignment error */
1457 	case T_STDF_ALIGN + T_USER: /* 64 bit user stdfa alignment error */
1458 		alignfaults++;
1459 		lwp->lwp_state = LWP_SYS;
1460 		if (&vis1_partial_support != NULL) {
1461 			bzero(&siginfo, sizeof (siginfo));
1462 			if (vis1_partial_support(rp,
1463 			    &siginfo, &fault) == 0)
1464 				goto out;
1465 		}
1466 		if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1467 			rp->r_pc = rp->r_npc;
1468 			rp->r_npc += 4;
1469 			goto out;
1470 		}
1471 		fp = lwptofpu(curthread->t_lwp);
1472 		fp->fpu_qcnt = 0;
1473 		siginfo.si_signo = SIGSEGV;
1474 		siginfo.si_code = SEGV_MAPERR;
1475 		siginfo.si_addr = badaddr;
1476 		fault = FLTBOUNDS;
1477 		break;
1478 
1479 	case T_ALIGNMENT + T_USER:		/* user alignment error */
1480 		/*
1481 		 * If the user has to do unaligned references
1482 		 * the ugly stuff gets done here.
1483 		 * Only handles vanilla loads and stores.
1484 		 */
1485 		alignfaults++;
1486 		if (p->p_fixalignment) {
1487 			if (do_unaligned(rp, &badaddr) == SIMU_SUCCESS) {
1488 				rp->r_pc = rp->r_npc;
1489 				rp->r_npc += 4;
1490 				goto out;
1491 			}
1492 			siginfo.si_signo = SIGSEGV;
1493 			siginfo.si_code = SEGV_MAPERR;
1494 			siginfo.si_addr = badaddr;
1495 			fault = FLTBOUNDS;
1496 		} else {
1497 			siginfo.si_signo = SIGBUS;
1498 			siginfo.si_code = BUS_ADRALN;
1499 			if (rp->r_pc & 3) {	/* offending address, if pc */
1500 				siginfo.si_addr = (caddr_t)rp->r_pc;
1501 			} else {
1502 				if (calc_memaddr(rp, &badaddr) == SIMU_UNALIGN)
1503 					siginfo.si_addr = badaddr;
1504 				else
1505 					siginfo.si_addr = (caddr_t)rp->r_pc;
1506 			}
1507 			fault = FLTACCESS;
1508 		}
1509 		break;
1510 
1511 	case T_UNIMP_INSTR + T_USER:		/* illegal instruction fault */
1512 		siginfo.si_signo = SIGILL;
1513 		inst = fetch_user_instr((caddr_t)rp->r_pc);
1514 		op3 = (inst >> 19) & 0x3F;
1515 		if ((op3 == IOP_V8_STQFA) || (op3 == IOP_V8_STDFA))
1516 			siginfo.si_code = ILL_ILLADR;
1517 		else
1518 			siginfo.si_code = ILL_ILLTRP;
1519 		fault = FLTILL;
1520 		break;
1521 
1522 	default:
1523 		(void) die(type, rp, addr, 0);
1524 		/*NOTREACHED*/
1525 	}
1526 
1527 	/*
1528 	 * We can't get here from a system trap
1529 	 * Never restart any instruction which got here from an fp trap.
1530 	 */
1531 	ASSERT(type & T_USER);
1532 
1533 	trap_cleanup(rp, fault, &siginfo, 0);
1534 out:
1535 	trap_rtt();
1536 	(void) new_mstate(curthread, mstate);
1537 }
1538 
1539 void
1540 trap_rtt(void)
1541 {
1542 	klwp_id_t lwp = ttolwp(curthread);
1543 
1544 	/*
1545 	 * Restore register window if a debugger modified it.
1546 	 * Set up to perform a single-step if a debugger requested it.
1547 	 */
1548 	if (lwp->lwp_pcb.pcb_xregstat != XREGNONE)
1549 		xregrestore(lwp, 0);
1550 
1551 	/*
1552 	 * Set state to LWP_USER here so preempt won't give us a kernel
1553 	 * priority if it occurs after this point.  Call CL_TRAPRET() to
1554 	 * restore the user-level priority.
1555 	 *
1556 	 * It is important that no locks (other than spinlocks) be entered
1557 	 * after this point before returning to user mode (unless lwp_state
1558 	 * is set back to LWP_SYS).
1559 	 */
1560 	lwp->lwp_state = LWP_USER;
1561 	if (curthread->t_trapret) {
1562 		curthread->t_trapret = 0;
1563 		thread_lock(curthread);
1564 		CL_TRAPRET(curthread);
1565 		thread_unlock(curthread);
1566 	}
1567 	if (CPU->cpu_runrun || curthread->t_schedflag & TS_ANYWAITQ)
1568 		preempt();
1569 	if (lwp->lwp_pcb.pcb_step != STEP_NONE)
1570 		prdostep();
1571 
1572 	TRACE_0(TR_FAC_TRAP, TR_C_TRAP_HANDLER_EXIT, "C_trap_handler_exit");
1573 }
1574 
1575 #define	IS_LDASI(o)	\
1576 	((o) == (uint32_t)0xC0C00000 || (o) == (uint32_t)0xC0800000 ||	\
1577 	(o) == (uint32_t)0xC1800000)
1578 #define	IS_IMM_ASI(i)	(((i) & 0x2000) == 0)
1579 #define	IS_ASINF(a)	(((a) & 0xF6) == 0x82)
1580 #define	IS_LDDA(i)	(((i) & 0xC1F80000) == 0xC0980000)
1581 
1582 static int
1583 nfload(struct regs *rp, int *instrp)
1584 {
1585 	uint_t	instr, asi, op3, rd;
1586 	size_t	len;
1587 	struct as *as;
1588 	caddr_t addr;
1589 	FPU_DREGS_TYPE zero;
1590 	extern int segnf_create();
1591 
1592 	if (USERMODE(rp->r_tstate))
1593 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1594 	else
1595 		instr = *(int *)rp->r_pc;
1596 
1597 	if (instrp)
1598 		*instrp = instr;
1599 
1600 	op3 = (uint_t)(instr & 0xC1E00000);
1601 	if (!IS_LDASI(op3))
1602 		return (0);
1603 	if (IS_IMM_ASI(instr))
1604 		asi = (instr & 0x1FE0) >> 5;
1605 	else
1606 		asi = (uint_t)((rp->r_tstate >> TSTATE_ASI_SHIFT) &
1607 		    TSTATE_ASI_MASK);
1608 	if (!IS_ASINF(asi))
1609 		return (0);
1610 	if (calc_memaddr(rp, &addr) == SIMU_SUCCESS) {
1611 		len = 1;
1612 		as = USERMODE(rp->r_tstate) ? ttoproc(curthread)->p_as : &kas;
1613 		as_rangelock(as);
1614 		if (as_gap(as, len, &addr, &len, 0, addr) == 0)
1615 			(void) as_map(as, addr, len, segnf_create, NULL);
1616 		as_rangeunlock(as);
1617 	}
1618 	zero = 0;
1619 	rd = (instr >> 25) & 0x1f;
1620 	if (IS_FLOAT(instr)) {
1621 		uint_t dbflg = ((instr >> 19) & 3) == 3;
1622 
1623 		if (dbflg) {		/* clever v9 reg encoding */
1624 			if (rd & 1)
1625 				rd = (rd & 0x1e) | 0x20;
1626 			rd >>= 1;
1627 		}
1628 		if (fpu_exists) {
1629 			if (!(_fp_read_fprs() & FPRS_FEF))
1630 				fp_enable();
1631 
1632 			if (dbflg)
1633 				_fp_write_pdreg(&zero, rd);
1634 			else
1635 				_fp_write_pfreg((uint_t *)&zero, rd);
1636 		} else {
1637 			kfpu_t *fp = lwptofpu(curthread->t_lwp);
1638 
1639 			if (!fp->fpu_en)
1640 				fp_enable();
1641 
1642 			if (dbflg)
1643 				fp->fpu_fr.fpu_dregs[rd] = zero;
1644 			else
1645 				fp->fpu_fr.fpu_regs[rd] = 0;
1646 		}
1647 	} else {
1648 		(void) putreg(&zero, rp, rd, &addr);
1649 		if (IS_LDDA(instr))
1650 			(void) putreg(&zero, rp, rd + 1, &addr);
1651 	}
1652 	rp->r_pc = rp->r_npc;
1653 	rp->r_npc += 4;
1654 	return (1);
1655 }
1656 
1657 kmutex_t atomic_nc_mutex;
1658 
1659 /*
1660  * The following couple of routines are for userland drivers which
1661  * do atomics to noncached addresses.  This sort of worked on previous
1662  * platforms -- the operation really wasn't atomic, but it didn't generate
1663  * a trap as sun4u systems do.
1664  */
1665 static int
1666 swap_nc(struct regs *rp, int instr)
1667 {
1668 	uint64_t rdata, mdata;
1669 	caddr_t addr, badaddr;
1670 	uint_t tmp, rd;
1671 
1672 	(void) flush_user_windows_to_stack(NULL);
1673 	rd = (instr >> 25) & 0x1f;
1674 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1675 		return (0);
1676 	if (getreg(rp, rd, &rdata, &badaddr))
1677 		return (0);
1678 	mutex_enter(&atomic_nc_mutex);
1679 	if (fuword32(addr, &tmp) == -1) {
1680 		mutex_exit(&atomic_nc_mutex);
1681 		return (0);
1682 	}
1683 	mdata = (u_longlong_t)tmp;
1684 	if (suword32(addr, (uint32_t)rdata) == -1) {
1685 		mutex_exit(&atomic_nc_mutex);
1686 		return (0);
1687 	}
1688 	(void) putreg(&mdata, rp, rd, &badaddr);
1689 	mutex_exit(&atomic_nc_mutex);
1690 	return (1);
1691 }
1692 
1693 static int
1694 ldstub_nc(struct regs *rp, int instr)
1695 {
1696 	uint64_t mdata;
1697 	caddr_t addr, badaddr;
1698 	uint_t rd;
1699 	uint8_t tmp;
1700 
1701 	(void) flush_user_windows_to_stack(NULL);
1702 	rd = (instr >> 25) & 0x1f;
1703 	if (calc_memaddr(rp, &addr) != SIMU_SUCCESS)
1704 		return (0);
1705 	mutex_enter(&atomic_nc_mutex);
1706 	if (fuword8(addr, &tmp) == -1) {
1707 		mutex_exit(&atomic_nc_mutex);
1708 		return (0);
1709 	}
1710 	mdata = (u_longlong_t)tmp;
1711 	if (suword8(addr, (uint8_t)0xff) == -1) {
1712 		mutex_exit(&atomic_nc_mutex);
1713 		return (0);
1714 	}
1715 	(void) putreg(&mdata, rp, rd, &badaddr);
1716 	mutex_exit(&atomic_nc_mutex);
1717 	return (1);
1718 }
1719 
1720 /*
1721  * This function helps instr_size() determine the operand size.
1722  * It is called for the extended ldda/stda asi's.
1723  */
1724 int
1725 extended_asi_size(int asi)
1726 {
1727 	switch (asi) {
1728 	case ASI_PST8_P:
1729 	case ASI_PST8_S:
1730 	case ASI_PST16_P:
1731 	case ASI_PST16_S:
1732 	case ASI_PST32_P:
1733 	case ASI_PST32_S:
1734 	case ASI_PST8_PL:
1735 	case ASI_PST8_SL:
1736 	case ASI_PST16_PL:
1737 	case ASI_PST16_SL:
1738 	case ASI_PST32_PL:
1739 	case ASI_PST32_SL:
1740 		return (8);
1741 	case ASI_FL8_P:
1742 	case ASI_FL8_S:
1743 	case ASI_FL8_PL:
1744 	case ASI_FL8_SL:
1745 		return (1);
1746 	case ASI_FL16_P:
1747 	case ASI_FL16_S:
1748 	case ASI_FL16_PL:
1749 	case ASI_FL16_SL:
1750 		return (2);
1751 	case ASI_BLK_P:
1752 	case ASI_BLK_S:
1753 	case ASI_BLK_PL:
1754 	case ASI_BLK_SL:
1755 	case ASI_BLK_COMMIT_P:
1756 	case ASI_BLK_COMMIT_S:
1757 		return (64);
1758 	}
1759 
1760 	return (0);
1761 }
1762 
1763 /*
1764  * Patch non-zero to disable preemption of threads in the kernel.
1765  */
1766 int IGNORE_KERNEL_PREEMPTION = 0;	/* XXX - delete this someday */
1767 
1768 struct kpreempt_cnts {	/* kernel preemption statistics */
1769 	int	kpc_idle;	/* executing idle thread */
1770 	int	kpc_intr;	/* executing interrupt thread */
1771 	int	kpc_clock;	/* executing clock thread */
1772 	int	kpc_blocked;	/* thread has blocked preemption (t_preempt) */
1773 	int	kpc_notonproc;	/* thread is surrendering processor */
1774 	int	kpc_inswtch;	/* thread has ratified scheduling decision */
1775 	int	kpc_prilevel;	/* processor interrupt level is too high */
1776 	int	kpc_apreempt;	/* asynchronous preemption */
1777 	int	kpc_spreempt;	/* synchronous preemption */
1778 }	kpreempt_cnts;
1779 
1780 /*
1781  * kernel preemption: forced rescheduling
1782  *	preempt the running kernel thread.
1783  */
1784 void
1785 kpreempt(int asyncspl)
1786 {
1787 	if (IGNORE_KERNEL_PREEMPTION) {
1788 		aston(CPU->cpu_dispthread);
1789 		return;
1790 	}
1791 	/*
1792 	 * Check that conditions are right for kernel preemption
1793 	 */
1794 	do {
1795 		if (curthread->t_preempt) {
1796 			/*
1797 			 * either a privileged thread (idle, panic, interrupt)
1798 			 * or will check when t_preempt is lowered
1799 			 * We need to specifically handle the case where
1800 			 * the thread is in the middle of swtch (resume has
1801 			 * been called) and has its t_preempt set
1802 			 * [idle thread and a thread which is in kpreempt
1803 			 * already] and then a high priority thread is
1804 			 * available in the local dispatch queue.
1805 			 * In this case the resumed thread needs to take a
1806 			 * trap so that it can call kpreempt. We achieve
1807 			 * this by using siron().
1808 			 * How do we detect this condition:
1809 			 * idle thread is running and is in the midst of
1810 			 * resume: curthread->t_pri == -1 && CPU->dispthread
1811 			 * != CPU->thread
1812 			 * Need to ensure that this happens only at high pil
1813 			 * resume is called at high pil
1814 			 * Only in resume_from_idle is the pil changed.
1815 			 */
1816 			if (curthread->t_pri < 0) {
1817 				kpreempt_cnts.kpc_idle++;
1818 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1819 					siron();
1820 			} else if (curthread->t_flag & T_INTR_THREAD) {
1821 				kpreempt_cnts.kpc_intr++;
1822 				if (curthread->t_pil == CLOCK_LEVEL)
1823 					kpreempt_cnts.kpc_clock++;
1824 			} else {
1825 				kpreempt_cnts.kpc_blocked++;
1826 				if (CPU->cpu_dispthread != CPU->cpu_thread)
1827 					siron();
1828 			}
1829 			aston(CPU->cpu_dispthread);
1830 			return;
1831 		}
1832 		if (curthread->t_state != TS_ONPROC ||
1833 		    curthread->t_disp_queue != CPU->cpu_disp) {
1834 			/* this thread will be calling swtch() shortly */
1835 			kpreempt_cnts.kpc_notonproc++;
1836 			if (CPU->cpu_thread != CPU->cpu_dispthread) {
1837 				/* already in swtch(), force another */
1838 				kpreempt_cnts.kpc_inswtch++;
1839 				siron();
1840 			}
1841 			return;
1842 		}
1843 
1844 		if (((asyncspl != KPREEMPT_SYNC) ? spltoipl(asyncspl) :
1845 		    getpil()) >= DISP_LEVEL) {
1846 			/*
1847 			 * We can't preempt this thread if it is at
1848 			 * a PIL >= DISP_LEVEL since it may be holding
1849 			 * a spin lock (like sched_lock).
1850 			 */
1851 			siron();	/* check back later */
1852 			kpreempt_cnts.kpc_prilevel++;
1853 			return;
1854 		}
1855 
1856 		/*
1857 		 * block preemption so we don't have multiple preemptions
1858 		 * pending on the interrupt stack
1859 		 */
1860 		curthread->t_preempt++;
1861 		if (asyncspl != KPREEMPT_SYNC) {
1862 			splx(asyncspl);
1863 			kpreempt_cnts.kpc_apreempt++;
1864 		} else
1865 			kpreempt_cnts.kpc_spreempt++;
1866 
1867 		preempt();
1868 		curthread->t_preempt--;
1869 	} while (CPU->cpu_kprunrun);
1870 }
1871 
1872 static enum seg_rw
1873 get_accesstype(struct regs *rp)
1874 {
1875 	uint32_t instr;
1876 
1877 	if (USERMODE(rp->r_tstate))
1878 		instr = fetch_user_instr((caddr_t)rp->r_pc);
1879 	else
1880 		instr = *(uint32_t *)rp->r_pc;
1881 
1882 	if (IS_FLUSH(instr))
1883 		return (S_OTHER);
1884 
1885 	if (IS_STORE(instr))
1886 		return (S_WRITE);
1887 	else
1888 		return (S_READ);
1889 }
1890 
1891 /*
1892  * Handle an asynchronous hardware error.
1893  * The policy is currently to send a hardware error contract event to
1894  * the process's process contract and to kill the process.  Eventually
1895  * we may want to instead send a special signal whose default
1896  * disposition is to generate the contract event.
1897  */
1898 void
1899 trap_async_hwerr(void)
1900 {
1901 	k_siginfo_t si;
1902 	proc_t *p = ttoproc(curthread);
1903 	extern void print_msg_hwerr(ctid_t ct_id, proc_t *p);
1904 
1905 	errorq_drain(ue_queue); /* flush pending async error messages */
1906 
1907 	print_msg_hwerr(p->p_ct_process->conp_contract.ct_id, p);
1908 
1909 	contract_process_hwerr(p->p_ct_process, p);
1910 
1911 	bzero(&si, sizeof (k_siginfo_t));
1912 	si.si_signo = SIGKILL;
1913 	si.si_code = SI_NOINFO;
1914 	trapsig(&si, 1);
1915 }
1916 
1917 /*
1918  * Handle bus error and bus timeout for a user process by sending SIGBUS
1919  * The type is either ASYNC_BERR or ASYNC_BTO.
1920  */
1921 void
1922 trap_async_berr_bto(int type, struct regs *rp)
1923 {
1924 	k_siginfo_t si;
1925 
1926 	errorq_drain(ue_queue); /* flush pending async error messages */
1927 	bzero(&si, sizeof (k_siginfo_t));
1928 
1929 	si.si_signo = SIGBUS;
1930 	si.si_code = (type == ASYNC_BERR ? BUS_OBJERR : BUS_ADRERR);
1931 	si.si_addr = (caddr_t)rp->r_pc; /* AFAR unavailable - future RFE */
1932 	si.si_errno = ENXIO;
1933 
1934 	trapsig(&si, 1);
1935 }
1936