xref: /titanic_51/usr/src/cmd/mdb/sparc/kmdb/kaif.c (revision fa9e4066f08beec538e775443c5be79dd423fcab)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /*
30  * The debugger/PROM interface
31  */
32 
33 #include <sys/types.h>
34 #include <sys/mmu.h>
35 
36 #ifndef	sun4v
37 #include <sys/spitregs.h>
38 #endif	/* sun4v */
39 
40 #include <sys/machasi.h>
41 #include <sys/machtrap.h>
42 #include <sys/trap.h>
43 #include <sys/privregs.h>
44 
45 #include <kmdb/kaif.h>
46 #include <kmdb/kaif_regs.h>
47 #include <kmdb/kmdb_asmutil.h>
48 #include <kmdb/kmdb_kdi.h>
49 #include <kmdb/kmdb_promif_isadep.h>
50 #include <kmdb/kmdb_dpi_impl.h>
51 #include <mdb/mdb_debug.h>
52 #include <mdb/mdb_err.h>
53 #include <mdb/mdb_modapi.h>
54 #include <mdb/mdb_nv.h>
55 #include <mdb/mdb_kreg_impl.h>
56 #include <mdb/mdb_v9util.h>
57 #include <mdb/mdb.h>
58 
59 #define	KAIF_PREGNO_PSTATE	0x6		/* %pstate is priv reg 6 */
60 #define	KAIF_BRKPT_INSTR	0x91d0207e	/* ta 0x7e */
61 
62 
63 #define	OP(x)		((x) >> 30)
64 #define	OP2(x)		(((x) >> 22) & 0x07)
65 #define	OP3(x)		(((x) >> 19) & 0x3f)
66 #define	COND(x)		(((x) >> 25) & 0x0f)
67 #define	RD(x)		(((x) >> 25) & 0x1f)
68 #define	RS1(x)		(((x) >> 14) & 0x1f)
69 #define	RS2(x)		((x) & 0x1f)
70 
71 #define	OP_BRANCH	0x0
72 #define	OP_ARITH	0x2
73 
74 #define	OP2_BPcc	0x1
75 #define	OP2_Bicc	0x2
76 #define	OP2_BPr		0x3
77 #define	OP2_FBPfcc	0x5
78 #define	OP2_FBfcc	0x6
79 
80 #define	OP3_RDPR	0x2a
81 #define	OP3_WRPR	0x32
82 
83 #define	A(x)		(((x) >> 29) & 0x01)
84 #define	I(x)		(((x) >> 13) & 0x01)
85 #define	DISP16(x)	((((x) >> 6) & 0xc000) | ((x) & 0x3fff))
86 #define	DISP22(x)	((x) & 0x3fffff)
87 #define	DISP19(x)	((x) & 0x7ffff)
88 #define	SIMM13(x)	((x) & 0x1fff)
89 
90 static uint64_t		kaif_vwapt_addr;
91 static uint64_t		kaif_pwapt_addr;
92 
93 #ifndef	sun4v
94 static uint64_t		kaif_lsuctl;
95 #endif	/* sun4v */
96 
97 kaif_cpusave_t		*kaif_cpusave;
98 int			kaif_ncpusave;
99 caddr_t			kaif_dseg;
100 caddr_t			kaif_dseg_lim;
101 caddr_t			kaif_tba;		/* table currently in use */
102 caddr_t			kaif_tba_obp;		/* obp's trap table */
103 caddr_t			kaif_tba_native;	/* our table; needs khat */
104 #ifdef	sun4v
105 caddr_t			kaif_tba_kernel;	/* kernel's trap table */
106 #endif	/* sun4v */
107 size_t			kaif_tba_native_sz;
108 int			*kaif_promexitarmp;
109 int			kaif_trap_switch;
110 
111 void (*kaif_modchg_cb)(struct modctl *, int);
112 void (*kaif_ktrap_install)(int, void (*)(void));
113 void (*kaif_ktrap_restore)(void);
114 
115 static int
116 kaif_get_master_cpuid(void)
117 {
118 	return (kaif_master_cpuid);
119 }
120 
121 /*ARGSUSED*/
122 static int
123 kaif_get_nwin(int cpuid)
124 {
125 	return (get_nwin());
126 }
127 
128 static int
129 kaif_get_cpu_state(int cpuid)
130 {
131 	if (cpuid == DPI_MASTER_CPUID)
132 		return (DPI_CPU_STATE_MASTER);
133 
134 	if (cpuid < 0 || cpuid >= kaif_ncpusave)
135 		return (set_errno(EINVAL));
136 
137 	switch (kaif_cpusave[cpuid].krs_cpu_state) {
138 	case KAIF_CPU_STATE_MASTER:
139 		return (DPI_CPU_STATE_MASTER);
140 	case KAIF_CPU_STATE_SLAVE:
141 		return (DPI_CPU_STATE_SLAVE);
142 	default:
143 		return (set_errno(EINVAL));
144 	}
145 }
146 
147 static const mdb_tgt_gregset_t *
148 kaif_get_gregs(int cpuid)
149 {
150 	kaif_cpusave_t *cpusave;
151 	mdb_tgt_gregset_t *gregs;
152 	int wp, i;
153 
154 	if (cpuid == DPI_MASTER_CPUID)
155 		cpuid = kaif_master_cpuid;
156 
157 	if (cpuid < 0 || cpuid >= kaif_ncpusave) {
158 		(void) set_errno(EINVAL);
159 		return (NULL);
160 	}
161 
162 	cpusave = &kaif_cpusave[cpuid];
163 	gregs = &cpusave->krs_gregs;
164 
165 	/*
166 	 * The DPI startup routine populates the register window portions of
167 	 * the kaif_cpusave_t.  We copy the current set of ins, outs, and
168 	 * locals to the gregs.  We also extract %pstate from %tstate.
169 	 */
170 	wp = gregs->kregs[KREG_CWP];
171 	for (i = 0; i < 8; i++) {
172 		gregs->kregs[KREG_L0 + i] = cpusave->krs_rwins[wp].rw_local[i];
173 		gregs->kregs[KREG_I0 + i] = cpusave->krs_rwins[wp].rw_in[i];
174 	}
175 
176 	gregs->kregs[KREG_PSTATE] = KREG_TSTATE_PSTATE(cpusave->krs_tstate);
177 
178 	if (++wp == kaif_get_nwin(cpuid))
179 		wp = 0;
180 
181 	for (i = 0; i < 8; i++)
182 		gregs->kregs[KREG_O0 + i] = cpusave->krs_rwins[wp].rw_in[i];
183 
184 	return (gregs);
185 }
186 
187 static kreg_t *
188 kaif_find_regp(int cpuid, int win, const char *regname)
189 {
190 	kaif_cpusave_t *cpusave;
191 	mdb_tgt_gregset_t *gregs;
192 	int nwin, i;
193 
194 	ASSERT(cpuid != DPI_MASTER_CPUID);
195 
196 	if (cpuid < 0 || cpuid >= kaif_ncpusave) {
197 		(void) set_errno(EINVAL);
198 		return (NULL);
199 	}
200 
201 	nwin = kaif_get_nwin(cpuid);
202 
203 	if (win < -1 || win >= nwin) {
204 		(void) set_errno(EINVAL);
205 		return (NULL);
206 	}
207 
208 	cpusave = &kaif_cpusave[cpuid];
209 	gregs = &cpusave->krs_gregs;
210 
211 	if (win == DPI_TOP_WINDOW)
212 		win = gregs->kregs[KREG_CWP];
213 
214 	if (strcmp(regname, "sp") == 0)
215 		regname = "o6";
216 	else if (strcmp(regname, "fp") == 0)
217 		regname = "i6";
218 
219 	if (strlen(regname) == 2 && regname[1] >= '0' && regname[1] <= '7') {
220 		int idx = regname[1] - '0';
221 
222 		switch (regname[0]) {
223 		case 'o':
224 			if (++win == nwin)
225 				win = 0;
226 			/*FALLTHROUGH*/
227 		case 'i':
228 			return ((kreg_t *)&cpusave->krs_rwins[win].rw_in[idx]);
229 		case 'l':
230 			return ((kreg_t *)
231 			    &cpusave->krs_rwins[win].rw_local[idx]);
232 		}
233 	}
234 
235 	for (i = 0; mdb_sparcv9_kregs[i].rd_name != NULL; i++) {
236 		const mdb_tgt_regdesc_t *rd = &mdb_sparcv9_kregs[i];
237 
238 		if (strcmp(rd->rd_name, regname) == 0)
239 			return (&gregs->kregs[rd->rd_num]);
240 	}
241 
242 	(void) set_errno(ENOENT);
243 	return (NULL);
244 }
245 
246 static int
247 kaif_get_cpu_register(int cpuid, int win, const char *regname, kreg_t *valp)
248 {
249 	kreg_t *regp;
250 
251 	if (cpuid == DPI_MASTER_CPUID)
252 		cpuid = kaif_master_cpuid;
253 
254 	if (cpuid < 0 || cpuid >= kaif_ncpusave)
255 		return (set_errno(EINVAL));
256 
257 	if (strcmp(regname, "pstate") == 0) {
258 		*valp = KREG_TSTATE_PSTATE(kaif_cpusave[cpuid].krs_tstate);
259 		return (0);
260 	}
261 
262 	if ((regp = kaif_find_regp(cpuid, win, regname)) == NULL)
263 		return (-1);
264 
265 	*valp = *regp;
266 
267 	return (0);
268 }
269 
270 static int
271 kaif_set_cpu_register(int cpuid, int win, const char *regname, kreg_t val)
272 {
273 	kreg_t *regp;
274 
275 	if (cpuid == DPI_MASTER_CPUID)
276 		cpuid = kaif_master_cpuid;
277 
278 	if (cpuid < 0 || cpuid >= kaif_ncpusave)
279 		return (set_errno(EINVAL));
280 
281 	if (strcmp(regname, "g0") == 0) {
282 		return (0);
283 
284 	} else if (strcmp(regname, "pstate") == 0) {
285 		kaif_cpusave[cpuid].krs_tstate &= ~KREG_TSTATE_PSTATE_MASK;
286 		kaif_cpusave[cpuid].krs_tstate |=
287 		    (val & KREG_PSTATE_MASK) << KREG_TSTATE_PSTATE_SHIFT;
288 		return (0);
289 	}
290 
291 	if ((regp = kaif_find_regp(cpuid, win, regname)) == NULL)
292 		return (-1);
293 
294 	*regp = val;
295 
296 	return (0);
297 }
298 
299 static int
300 kaif_brkpt_arm(uintptr_t addr, mdb_instr_t *instrp)
301 {
302 	mdb_instr_t bkpt = KAIF_BRKPT_INSTR;
303 
304 	if (mdb_tgt_vread(mdb.m_target, instrp, sizeof (mdb_instr_t), addr) !=
305 	    sizeof (mdb_instr_t))
306 		return (-1); /* errno is set for us */
307 
308 	if (mdb_tgt_vwrite(mdb.m_target, &bkpt, sizeof (mdb_instr_t), addr) !=
309 	    sizeof (mdb_instr_t))
310 		return (-1); /* errno is set for us */
311 
312 	return (0);
313 }
314 
315 static int
316 kaif_brkpt_disarm(uintptr_t addr, mdb_instr_t instrp)
317 {
318 	if (mdb_tgt_vwrite(mdb.m_target, &instrp, sizeof (mdb_instr_t), addr) !=
319 	    sizeof (mdb_instr_t))
320 		return (-1); /* errno is set for us */
321 
322 	return (0);
323 }
324 
325 /*
326  * Calculate the watchpoint mask byte (VM or PM, as appropriate).  A 1 bit in
327  * the mask indicates that the corresponding byte in the watchpoint address
328  * should be used for activation comparison.
329  */
330 /*
331  * Sun4v dosen't have watchpoint regs
332  */
333 #ifndef	sun4v
334 static uchar_t
335 kaif_wapt_calc_mask(size_t len)
336 {
337 	int pow;
338 
339 	if (len == 8)
340 		return (0xff);
341 
342 	for (pow = 0; len > 1; len /= 256, pow++);
343 
344 	return (~((1 << pow) - 1));
345 }
346 #endif
347 
348 /*
349  * UltraSPARC processors have one physical and one virtual watchpoint.  These
350  * watchpoints are specified by setting the address in a register, and by
351  * setting a selector byte in another register to determine which bytes of the
352  * address are to be used for comparison.  For simplicity, we only support
353  * selector byte values whose bit patterns match the regexp "1+0*".  Watchpoint
354  * addresses must be 8-byte aligned on these chips, so a selector byte of 0xff
355  * indicates an 8-byte watchpoint.  Successive valid sizes are powers of 256,
356  * starting with 256.
357  */
358 static int
359 kaif_wapt_validate(kmdb_wapt_t *wp)
360 {
361 	if (wp->wp_wflags & MDB_TGT_WA_X) {
362 		warn("execute watchpoints are not supported on this "
363 		    "platform\n");
364 		return (set_errno(EMDB_TGTNOTSUP));
365 	}
366 
367 	if (wp->wp_size % 0xff != 0 && wp->wp_size != 8) {
368 		warn("watchpoint size must be 8 or a power of 256 bytes\n");
369 		return (set_errno(EINVAL));
370 	}
371 
372 	if (wp->wp_addr & (wp->wp_size - 1)) {
373 		warn("%lu-byte watchpoints must be %lu-byte aligned\n",
374 		    wp->wp_size, wp->wp_size);
375 		return (set_errno(EINVAL));
376 	}
377 
378 	if (wp->wp_type != DPI_WAPT_TYPE_PHYS &&
379 	    wp->wp_type != DPI_WAPT_TYPE_VIRT) {
380 		warn("requested watchpoint type not supported on this "
381 		    "platform\n");
382 		return (set_errno(EMDB_TGTHWNOTSUP));
383 	}
384 
385 	return (0);
386 }
387 
388 static int
389 kaif_wapt_reserve(kmdb_wapt_t *wp)
390 {
391 #ifdef	sun4v
392 #ifdef	lint
393 	ASSERT(wp == (kmdb_wapt_t *)wp);
394 #endif	/* !lint */
395 	/* Watchpoints not supported */
396 	return (set_errno(EMDB_TGTHWNOTSUP));
397 #else
398 	uint64_t *addrp;
399 
400 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS)
401 		addrp = &kaif_pwapt_addr;
402 	else
403 		addrp = &kaif_vwapt_addr;
404 
405 	if (*addrp != NULL)
406 		return (set_errno(EMDB_WPTOOMANY));
407 
408 	*addrp = wp->wp_addr;
409 
410 	return (0);
411 #endif
412 }
413 
414 static void
415 kaif_wapt_release(kmdb_wapt_t *wp)
416 {
417 	uint64_t *addrp = (wp->wp_type == DPI_WAPT_TYPE_PHYS ?
418 	    &kaif_pwapt_addr : &kaif_vwapt_addr);
419 
420 	ASSERT(*addrp != NULL);
421 	*addrp = NULL;
422 }
423 
424 /*ARGSUSED*/
425 static void
426 kaif_wapt_arm(kmdb_wapt_t *wp)
427 {
428 	/*
429 	 * Sun4v dosen't have watch point regs
430 	 */
431 #ifndef	sun4v
432 	uint64_t mask = kaif_wapt_calc_mask(wp->wp_size);
433 
434 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS) {
435 		kaif_lsuctl &= ~KAIF_LSUCTL_PWAPT_MASK;
436 
437 		if (wp->wp_wflags & MDB_TGT_WA_R)
438 			kaif_lsuctl |= LSU_PR;
439 		if (wp->wp_wflags & MDB_TGT_WA_W)
440 			kaif_lsuctl |= LSU_PW;
441 		kaif_lsuctl |= ((mask << LSU_PM_SHIFT) & LSU_PM);
442 
443 	} else if (wp->wp_type == DPI_WAPT_TYPE_VIRT) {
444 		kaif_lsuctl &= ~KAIF_LSUCTL_VWAPT_MASK;
445 
446 		if (wp->wp_wflags & MDB_TGT_WA_R)
447 			kaif_lsuctl |= LSU_VR;
448 		if (wp->wp_wflags & MDB_TGT_WA_W)
449 			kaif_lsuctl |= LSU_VW;
450 		kaif_lsuctl |= ((mask << LSU_VM_SHIFT) & LSU_VM);
451 	}
452 #endif	/* sun4v */
453 }
454 
455 /*ARGSUSED*/
456 static void
457 kaif_wapt_disarm(kmdb_wapt_t *wp)
458 {
459 	/*
460 	 * Sun4v dosen't have watch point regs
461 	 */
462 #ifndef	sun4v
463 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS) {
464 		ASSERT(kaif_pwapt_addr != NULL);
465 		kaif_lsuctl &= ~(LSU_PR|LSU_PW);
466 	} else {
467 		ASSERT(kaif_vwapt_addr != NULL);
468 		kaif_lsuctl &= ~(LSU_VR|LSU_VW);
469 	}
470 #endif
471 }
472 
473 /*
474  * `kaif_wapt_arm' and `kaif_wapt_disarm' modify the global state we keep that
475  * indicates what the values of the wapt control registers should be.  These
476  * values must be individually set and cleared on each active CPU, a task which
477  * is performed by `kaif_wapt_clear_regs' and `kaif_wapt_set_regs', invoked as
478  * the world is stopped and resumed, respectively.  `kaif_wapt_set_regs' is also
479  * used for CPU initialization.
480  */
481 void
482 kaif_wapt_set_regs(void)
483 {
484 	/*
485 	 * Sun4v dosen't have watch point regs
486 	 */
487 #ifndef sun4v
488 	uint64_t lsu;
489 
490 	wrasi(ASI_DMMU, MMU_VAW, kaif_vwapt_addr);
491 	wrasi(ASI_DMMU, MMU_PAW, kaif_pwapt_addr);
492 
493 	ASSERT((kaif_lsuctl & ~KAIF_LSUCTL_WAPT_MASK) == NULL);
494 
495 	lsu = rdasi(ASI_LSU, NULL);
496 	lsu &= ~KAIF_LSUCTL_WAPT_MASK;
497 	lsu |= kaif_lsuctl;
498 	wrasi(ASI_LSU, NULL, lsu);
499 #endif /* sun4v */
500 }
501 
502 void
503 kaif_wapt_clear_regs(void)
504 {
505 	/*
506 	 * Sun4v dosen't have watch point regs
507 	 */
508 #ifndef sun4v
509 	uint64_t lsu = rdasi(ASI_LSU, NULL);
510 	lsu &= ~KAIF_LSUCTL_WAPT_MASK;
511 	wrasi(ASI_LSU, NULL, lsu);
512 #endif /* sun4v */
513 }
514 
515 /*
516  * UltraSPARC has one PA watchpoint and one VA watchpoint.  The trap we get will
517  * tell us which one we hit, but it won't tell us where.  We could attempt to
518  * dissect the instruction at %pc to see where it was reading from or writing
519  * to, but that gets messy in a hurry.  We can, however, make a couple of
520  * assumptions:
521  *
522  * - kaif_set_watchpoint and kaif_delete_watchpoint will enforce the limits as
523  *   to the number of watch points.  As such, at most one VA watchpoint and one
524  *   PA watchpoint will be on the active list.
525  *
526  * - We'll only be called on watchpoints that are on the active list.
527  *
528  * Taking these two assumptions, we can conclude that, if we're stopped due to
529  * a watchpoint and we're asked to match against a watchpoint, we must have
530  * stopped due to the watchpoint.  This is all very terrifying, but the
531  * alternative (taking instructions apart) is worse.
532  */
533 /*ARGSUSED*/
534 static int
535 kaif_wapt_match(kmdb_wapt_t *wp)
536 {
537 	int state, why, deswhy;
538 
539 	state = kmdb_dpi_get_state(&why);
540 
541 	if (wp->wp_type == DPI_WAPT_TYPE_PHYS)
542 		deswhy = DPI_STATE_WHY_P_WAPT;
543 	else
544 		deswhy = DPI_STATE_WHY_V_WAPT;
545 
546 	return (state == DPI_STATE_FAULTED && why == deswhy);
547 }
548 
549 static const char *
550 regno2name(int idx)
551 {
552 	const mdb_tgt_regdesc_t *rd;
553 
554 	for (rd = mdb_sparcv9_kregs; rd->rd_name != NULL; rd++) {
555 		if (idx == rd->rd_num)
556 			return (rd->rd_name);
557 	}
558 
559 	ASSERT(rd->rd_name != NULL);
560 
561 	return ("unknown");
562 }
563 
564 /*
565  * UltraSPARC doesn't support single-step natively, so we have to do it
566  * ourselves, by placing breakpoints at the instruction after the current one.
567  * Note that "after" will be %npc in the simple case, but can be one of
568  * several places if %pc is a branch.
569  *
570  * If %pc is an unconditional annulled branch, we put a breakpoint at the branch
571  * target.  If it is a conditional annulled branch, we put breakpoints at %pc +
572  * 8 and the branch target.  For all other branches, %npc will be set correctly
573  * as determined by the branch condition, and thus we can step through the
574  * branch by putting a breakpoint at %npc.  If %pc contains a non-branch
575  * instruction (with the exception of certain rdpr and wrpr instructions,
576  * described more below), we step over it by placing a breakpoint at %npc.
577  */
578 static int
579 kaif_step(void)
580 {
581 	kreg_t pc, npc, brtgt, pstate, tt;
582 	int bptgt = 0, bpnpc = 0, bppc8 = 0;
583 	mdb_instr_t svtgt = 0, svnpc = 0, svpc8 = 0;
584 	mdb_instr_t instr;
585 	int ie, err;
586 
587 	(void) kmdb_dpi_get_register("pc", &pc);
588 	(void) kmdb_dpi_get_register("npc", &npc);
589 
590 	if (mdb_tgt_vread(mdb.m_target, &instr, sizeof (instr), pc) !=
591 	    sizeof (instr)) {
592 		warn("failed to read %%pc at %p for step", (void *)pc);
593 		return (-1);
594 	}
595 
596 	/*
597 	 * If the current instruction is a read or write of PSTATE we need
598 	 * to emulate it because we've taken over management of PSTATE and
599 	 * we need keep interrupts disabled. If it's a branch, we may need
600 	 * to set two breakpoints -- one at the target and one at the
601 	 * subsequent instruction.
602 	 */
603 	if (OP(instr) == OP_ARITH) {
604 		if (OP3(instr) == OP3_RDPR &&
605 		    RS1(instr) == KAIF_PREGNO_PSTATE) {
606 			const char *tgtreg =
607 			    mdb_sparcv9_kregs[RD(instr)].rd_name;
608 			kreg_t pstate;
609 
610 			(void) kmdb_dpi_get_register("pstate", &pstate);
611 			(void) kmdb_dpi_set_register(tgtreg, pstate);
612 
613 			(void) kmdb_dpi_set_register("pc", npc);
614 			(void) kmdb_dpi_set_register("npc", npc + 4);
615 			return (0);
616 
617 		} else if (OP3(instr) == OP3_WRPR &&
618 		    RD(instr) == KAIF_PREGNO_PSTATE) {
619 			kreg_t rs1, rs2, val;
620 
621 			(void) kmdb_dpi_get_register(regno2name(RS1(instr)),
622 			    &rs1);
623 
624 			if (I(instr)) {
625 				int imm = SIMM13(instr);
626 				imm <<= 19;
627 				imm >>= 19;
628 				rs2 = imm;
629 			} else {
630 				(void) kmdb_dpi_get_register(
631 				    regno2name(RS2(instr)), &rs2);
632 			}
633 
634 			val = rs1 ^ rs2;
635 
636 			(void) kmdb_dpi_set_register("pstate", val);
637 
638 			(void) kmdb_dpi_set_register("pc", npc);
639 			(void) kmdb_dpi_set_register("npc", npc + 4);
640 			return (0);
641 
642 		}
643 
644 		bpnpc = 1;
645 
646 	} else if (OP(instr) == OP_BRANCH) {
647 		int disp, cond, annul;
648 
649 		switch (OP2(instr)) {
650 		case OP2_BPcc:
651 		case OP2_FBPfcc:
652 			cond = (COND(instr) != 8);
653 
654 			disp = DISP19(instr);
655 			disp <<= 13;
656 			disp >>= 11;
657 			break;
658 
659 		case OP2_Bicc:
660 		case OP2_FBfcc:
661 			cond = (COND(instr) != 8);
662 
663 			disp = DISP22(instr);
664 			disp <<= 10;
665 			disp >>= 8;
666 			break;
667 
668 		case OP2_BPr:
669 			cond = 1;
670 
671 			disp = DISP16(instr);
672 			disp <<= 16;
673 			disp >>= 14;
674 			break;
675 
676 		default:
677 			bpnpc = 1;
678 		}
679 
680 		if (!bpnpc) {
681 			annul = A(instr);
682 
683 			if (!cond && annul) {
684 				brtgt = pc + disp;
685 				bptgt = 1;
686 			} else {
687 				bpnpc = 1;
688 
689 				if (cond && annul)
690 					bppc8 = 1;
691 			}
692 		}
693 
694 	} else {
695 		bpnpc = 1;
696 	}
697 
698 	/*
699 	 * Place the breakpoints and resume this CPU with IE off.  We'll come
700 	 * back after having encountered either one of the breakpoints we placed
701 	 * or a trap.
702 	 */
703 	err = 0;
704 	if ((bpnpc && kaif_brkpt_arm(npc, &svnpc) != 0) ||
705 	    (bppc8 && kaif_brkpt_arm(pc + 8, &svpc8) != 0) ||
706 	    (bptgt && kaif_brkpt_arm(brtgt, &svtgt) != 0)) {
707 		err = errno;
708 		goto step_done;
709 	}
710 
711 	(void) kmdb_dpi_get_register("pstate", &pstate);
712 	ie = pstate & KREG_PSTATE_IE_MASK;
713 	(void) kmdb_dpi_set_register("pstate", (pstate & ~KREG_PSTATE_IE_MASK));
714 
715 	kmdb_dpi_resume_master(); /* ... there and back again ... */
716 
717 	(void) kmdb_dpi_get_register("pstate", &pstate);
718 	(void) kmdb_dpi_set_register("pstate",
719 	    ((pstate & ~KREG_PSTATE_IE_MASK) | ie));
720 
721 	(void) kmdb_dpi_get_register("tt", &tt);
722 
723 step_done:
724 	if (svnpc)
725 		(void) kaif_brkpt_disarm(npc, svnpc);
726 	if (svpc8)
727 		(void) kaif_brkpt_disarm(pc + 8, svpc8);
728 	if (svtgt)
729 		(void) kaif_brkpt_disarm(brtgt, svtgt);
730 
731 	return (err == 0 ? 0 : set_errno(err));
732 }
733 
734 static uintptr_t
735 kaif_call(uintptr_t funcva, uint_t argc, const uintptr_t *argv)
736 {
737 	kreg_t g6, g7;
738 
739 	(void) kmdb_dpi_get_register("g6", &g6);
740 	(void) kmdb_dpi_get_register("g7", &g7);
741 
742 	return (kaif_invoke(funcva, argc, argv, g6, g7));
743 }
744 
745 static const mdb_bitmask_t krm_flag_bits[] = {
746 	{ "M_W",	KAIF_CRUMB_F_MAIN_OBPWAPT, KAIF_CRUMB_F_MAIN_OBPWAPT },
747 	{ "M_PE",	KAIF_CRUMB_F_MAIN_OBPPENT, KAIF_CRUMB_F_MAIN_OBPPENT },
748 	{ "M_NRM",	KAIF_CRUMB_F_MAIN_NORMAL, KAIF_CRUMB_F_MAIN_NORMAL },
749 	{ "I_RE",	KAIF_CRUMB_F_IVEC_REENTER, KAIF_CRUMB_F_IVEC_REENTER },
750 	{ "I_OBP", 	KAIF_CRUMB_F_IVEC_INOBP, KAIF_CRUMB_F_IVEC_INOBP },
751 	{ "I_NRM",	KAIF_CRUMB_F_IVEC_NORMAL, KAIF_CRUMB_F_IVEC_NORMAL },
752 	{ "O_NRM",	KAIF_CRUMB_F_OBP_NORMAL, KAIF_CRUMB_F_OBP_NORMAL },
753 	{ "O_REVEC",	KAIF_CRUMB_F_OBP_REVECT, KAIF_CRUMB_F_OBP_REVECT },
754 	{ NULL }
755 };
756 
757 static void
758 dump_crumb(kaif_crumb_t *crumb)
759 {
760 	mdb_printf(" src: ");
761 	switch (crumb->krm_src) {
762 	case KAIF_CRUMB_SRC_OBP:
763 		mdb_printf("O");
764 		break;
765 	case KAIF_CRUMB_SRC_IVEC:
766 		mdb_printf("I");
767 		break;
768 	case KAIF_CRUMB_SRC_MAIN:
769 		mdb_printf("M");
770 		break;
771 	case 0:
772 		mdb_printf("-");
773 		break;
774 	default:
775 		mdb_printf("%d", crumb->krm_src);
776 	}
777 
778 	mdb_printf(" tt %3x pc %8p %-20A <%b>\n",
779 	    crumb->krm_tt, crumb->krm_pc, crumb->krm_pc,
780 	    crumb->krm_flag, krm_flag_bits);
781 }
782 
783 static void
784 dump_crumbs(kaif_cpusave_t *save)
785 {
786 	int i;
787 
788 	for (i = KAIF_NCRUMBS; i > 0; i--) {
789 		uint_t idx = (save->krs_curcrumbidx + i) % KAIF_NCRUMBS;
790 
791 		dump_crumb(&save->krs_crumbs[idx]);
792 	}
793 }
794 
795 static void
796 kaif_dump_crumbs(uintptr_t addr, int cpuid)
797 {
798 	int i;
799 
800 	if (addr != NULL) {
801 		dump_crumb((kaif_crumb_t *)addr);
802 
803 	} else if (cpuid != -1) {
804 		if (cpuid >= kaif_ncpusave)
805 			return;
806 
807 		dump_crumbs(&kaif_cpusave[cpuid]);
808 
809 	} else {
810 		for (i = 0; i < kaif_ncpusave; i++) {
811 			kaif_cpusave_t *save = &kaif_cpusave[i];
812 
813 			if (save->krs_cpu_state == KAIF_CPU_STATE_NONE)
814 				continue;
815 
816 			mdb_printf("%sCPU %d crumbs: (curidx %d)\n",
817 			    (i == 0 ? "" : "\n"), i, save->krs_curcrumbidx);
818 
819 			dump_crumbs(save);
820 		}
821 	}
822 }
823 
824 static int
825 kaif_get_rwin(int cpuid, int win, struct rwindow *rwin)
826 {
827 	if (cpuid == DPI_MASTER_CPUID)
828 		cpuid = kaif_master_cpuid;
829 	if (win == DPI_TOP_WINDOW)
830 		win = kaif_cpusave[cpuid].krs_gregs.kregs[KREG_CWP];
831 
832 	if (win < 0 || win >= kaif_get_nwin(cpuid))
833 		return (-1);
834 
835 	bcopy(&kaif_cpusave[cpuid].krs_rwins[win], rwin,
836 	    sizeof (struct rwindow));
837 
838 	return (0);
839 }
840 
841 static void
842 kaif_enter_mon(void)
843 {
844 	kmdb_prom_enter_mon();
845 	kaif_prom_rearm();
846 }
847 
848 static void
849 kaif_modchg_register(void (*func)(struct modctl *, int))
850 {
851 	kaif_modchg_cb = func;
852 }
853 
854 static void
855 kaif_modchg_cancel(void)
856 {
857 	ASSERT(kaif_modchg_cb != NULL);
858 
859 	kaif_modchg_cb = NULL;
860 }
861 
862 void
863 kaif_mod_loaded(struct modctl *modp)
864 {
865 	if (kaif_modchg_cb != NULL)
866 		kaif_modchg_cb(modp, 1);
867 }
868 
869 void
870 kaif_mod_unloading(struct modctl *modp)
871 {
872 	if (kaif_modchg_cb != NULL)
873 		kaif_modchg_cb(modp, 0);
874 }
875 
876 /*ARGSUSED*/
877 int
878 kaif_memrange_add(caddr_t base, size_t len)
879 {
880 	/* We don't support multiple memory ranges on SPARC */
881 	return (set_errno(ENOTSUP));
882 }
883 
884 void
885 kaif_trap_set_debugger(void)
886 {
887 	set_tba(kaif_tba);
888 }
889 
890 void
891 kaif_trap_set_saved(kaif_cpusave_t *cpusave)
892 {
893 	set_tba((caddr_t)cpusave->krs_gregs.kregs[KREG_TBA]);
894 }
895 
896 static void
897 kaif_kernpanic(int cpuid)
898 {
899 	struct regs regs;
900 
901 	/*
902 	 * We're going to try to panic the system by using the same entry point
903 	 * used by the PROM when told to `sync'.  The kernel wants a
904 	 * fully-populated struct regs, which we're going to build using the
905 	 * state captured at the time of the debugger fault.  Said state lives
906 	 * in kaif_cb_save, since we haven't yet copied it over to the cpusave
907 	 * structure for the current master.
908 	 */
909 
910 	regs.r_tstate = kaif_cb_save.krs_tstate;
911 
912 	regs.r_g1 = kaif_cb_save.krs_gregs.kregs[KREG_G1];
913 	regs.r_g2 = kaif_cb_save.krs_gregs.kregs[KREG_G2];
914 	regs.r_g3 = kaif_cb_save.krs_gregs.kregs[KREG_G3];
915 	regs.r_g4 = kaif_cb_save.krs_gregs.kregs[KREG_G4];
916 	regs.r_g5 = kaif_cb_save.krs_gregs.kregs[KREG_G5];
917 	regs.r_g6 = kaif_cb_save.krs_gregs.kregs[KREG_G6];
918 	regs.r_g7 = kaif_cb_save.krs_gregs.kregs[KREG_G7];
919 
920 	regs.r_o0 = kaif_cb_save.krs_gregs.kregs[KREG_O0];
921 	regs.r_o1 = kaif_cb_save.krs_gregs.kregs[KREG_O1];
922 	regs.r_o2 = kaif_cb_save.krs_gregs.kregs[KREG_O2];
923 	regs.r_o3 = kaif_cb_save.krs_gregs.kregs[KREG_O3];
924 	regs.r_o4 = kaif_cb_save.krs_gregs.kregs[KREG_O4];
925 	regs.r_o5 = kaif_cb_save.krs_gregs.kregs[KREG_O5];
926 	regs.r_o6 = kaif_cb_save.krs_gregs.kregs[KREG_O6];
927 	regs.r_o7 = kaif_cb_save.krs_gregs.kregs[KREG_O7];
928 
929 	regs.r_pc = kaif_cb_save.krs_gregs.kregs[KREG_PC];
930 	regs.r_npc = kaif_cb_save.krs_gregs.kregs[KREG_NPC];
931 	regs.r_y = kaif_cb_save.krs_gregs.kregs[KREG_Y];
932 
933 	/*
934 	 * The %tba is, as ever, different.  We don't want the %tba from the
935 	 * time of the fault -- that'll be the debugger's.  We want the %tba
936 	 * saved when the debugger was initially entered.  It'll be saved in
937 	 * the cpusave area for the current CPU.
938 	 */
939 	set_tba((caddr_t)kaif_cpusave[cpuid].krs_gregs.kregs[KREG_TBA]);
940 
941 	kmdb_kdi_kernpanic(&regs, kaif_cb_save.krs_gregs.kregs[KREG_TT]);
942 }
943 
944 static int
945 kaif_init(kmdb_auxv_t *kav)
946 {
947 	struct rwindow *rwins;
948 	int nwin = get_nwin();
949 	int i;
950 
951 	kaif_vwapt_addr = kaif_pwapt_addr = 0;
952 
953 	kaif_tba = kav->kav_tba_active;
954 	kaif_tba_obp = kav->kav_tba_obp;
955 	kaif_tba_native = kav->kav_tba_native;
956 	kaif_tba_native_sz = kav->kav_tba_native_sz;
957 #ifdef	sun4v
958 	kaif_tba_kernel = kav->kav_tba_kernel;
959 #endif
960 
961 	/* Allocate the per-CPU save areas */
962 	kaif_cpusave = mdb_zalloc(sizeof (kaif_cpusave_t) * kav->kav_ncpu,
963 	    UM_SLEEP);
964 	kaif_ncpusave = kav->kav_ncpu;
965 
966 	rwins = mdb_zalloc(sizeof (struct rwindow) * nwin * kav->kav_ncpu,
967 	    UM_SLEEP);
968 
969 	for (i = 0; i < kaif_ncpusave; i++) {
970 		kaif_cpusave[i].krs_rwins = &rwins[nwin * i];
971 		kaif_cpusave[i].krs_cpu_id = i;
972 
973 		kaif_cpusave[i].krs_curcrumb =
974 		    &kaif_cpusave[i].krs_crumbs[KAIF_NCRUMBS - 1];
975 		kaif_cpusave[i].krs_curcrumbidx = KAIF_NCRUMBS - 1;
976 	}
977 
978 	kaif_dseg = kav->kav_dseg;
979 	kaif_dseg_lim = kav->kav_dseg + kav->kav_dseg_size;
980 
981 	kaif_promexitarmp = kav->kav_promexitarmp;
982 
983 	kaif_ktrap_install = kav->kav_ktrap_install;
984 	kaif_ktrap_restore = kav->kav_ktrap_restore;
985 
986 	kaif_modchg_cb = NULL;
987 
988 	kaif_trap_switch = (kav->kav_flags & KMDB_AUXV_FL_NOTRPSWTCH) == 0;
989 
990 	return (0);
991 }
992 
993 dpi_ops_t kmdb_dpi_ops = {
994 	kaif_init,
995 	kaif_activate,
996 	kaif_deactivate,
997 	kaif_enter_mon,
998 	kaif_modchg_register,
999 	kaif_modchg_cancel,
1000 	kaif_get_cpu_state,
1001 	kaif_get_master_cpuid,
1002 	kaif_get_gregs,
1003 	kaif_get_cpu_register,
1004 	kaif_set_cpu_register,
1005 	kaif_get_rwin,
1006 	kaif_get_nwin,
1007 	kaif_brkpt_arm,
1008 	kaif_brkpt_disarm,
1009 	kaif_wapt_validate,
1010 	kaif_wapt_reserve,
1011 	kaif_wapt_release,
1012 	kaif_wapt_arm,
1013 	kaif_wapt_disarm,
1014 	kaif_wapt_match,
1015 	kaif_step,
1016 	kaif_call,
1017 	kaif_dump_crumbs,
1018 	kaif_memrange_add,
1019 	kaif_kernpanic
1020 };
1021