fpu.c revision 25083 
1/*-
2 * Copyright (c) 1990 William Jolitz.
3 * Copyright (c) 1991 The Regents of the University of California.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 *    must display the following acknowledgement:
16 *	This product includes software developed by the University of
17 *	California, Berkeley and its contributors.
18 * 4. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 *	from: @(#)npx.c	7.2 (Berkeley) 5/12/91
35 *	$Id: npx.c,v 1.40 1997/03/24 11:23:58 bde Exp $
36 */
37
38#include "npx.h"
39#if NNPX > 0
40
41#include "opt_cpu.h"
42#include "opt_math_emulate.h"
43
44#include <sys/param.h>
45#include <sys/systm.h>
46#include <sys/kernel.h>
47#include <sys/sysctl.h>
48#include <sys/conf.h>
49#include <sys/file.h>
50#include <sys/proc.h>
51#ifdef NPX_DEBUG
52#include <sys/syslog.h>
53#endif
54#include <sys/signalvar.h>
55
56#include <machine/asmacros.h>
57#include <machine/cpu.h>
58#include <machine/pcb.h>
59#include <machine/md_var.h>
60#include <machine/trap.h>
61#include <machine/clock.h>
62#include <machine/specialreg.h>
63
64#include <i386/isa/icu.h>
65#include <i386/isa/isa_device.h>
66#include <i386/isa/isa.h>
67
68/*
69 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver.
70 */
71
72/* Configuration flags. */
73#define	NPX_DISABLE_I586_OPTIMIZED_BCOPY	(1 << 0)
74#define	NPX_DISABLE_I586_OPTIMIZED_BZERO	(1 << 1)
75#define	NPX_DISABLE_I586_OPTIMIZED_COPYIO	(1 << 2)
76
77/* XXX - should be in header file. */
78extern void (*bcopy_vector) __P((const void *from, void *to, size_t len));
79extern void (*ovbcopy_vector) __P((const void *from, void *to, size_t len));
80extern int (*copyin_vector) __P((const void *udaddr, void *kaddr, size_t len));
81extern int (*copyout_vector) __P((const void *kaddr, void *udaddr, size_t len));
82
83void	i586_bcopy __P((const void *from, void *to, size_t len));
84void	i586_bzero __P((void *buf, size_t len));
85int	i586_copyin __P((const void *udaddr, void *kaddr, size_t len));
86int	i586_copyout __P((const void *kaddr, void *udaddr, size_t len));
87
88#ifdef	__GNUC__
89
90#define	fldcw(addr)		__asm("fldcw %0" : : "m" (*(addr)))
91#define	fnclex()		__asm("fnclex")
92#define	fninit()		__asm("fninit")
93#define	fnop()			__asm("fnop")
94#define	fnsave(addr)		__asm("fnsave %0" : "=m" (*(addr)))
95#define	fnstcw(addr)		__asm("fnstcw %0" : "=m" (*(addr)))
96#define	fnstsw(addr)		__asm("fnstsw %0" : "=m" (*(addr)))
97#define	fp_divide_by_0()	__asm("fldz; fld1; fdiv %st,%st(1); fnop")
98#define	frstor(addr)		__asm("frstor %0" : : "m" (*(addr)))
99#define	start_emulating()	__asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \
100				      : : "n" (CR0_TS) : "ax")
101#define	stop_emulating()	__asm("clts")
102
103#else	/* not __GNUC__ */
104
105void	fldcw		__P((caddr_t addr));
106void	fnclex		__P((void));
107void	fninit		__P((void));
108void	fnop		__P((void));
109void	fnsave		__P((caddr_t addr));
110void	fnstcw		__P((caddr_t addr));
111void	fnstsw		__P((caddr_t addr));
112void	fp_divide_by_0	__P((void));
113void	frstor		__P((caddr_t addr));
114void	start_emulating	__P((void));
115void	stop_emulating	__P((void));
116
117#endif	/* __GNUC__ */
118
119typedef u_char bool_t;
120
121static	int	npxattach	__P((struct isa_device *dvp));
122static	int	npxprobe	__P((struct isa_device *dvp));
123static	int	npxprobe1	__P((struct isa_device *dvp));
124
125struct	isa_driver npxdriver = {
126	npxprobe, npxattach, "npx",
127};
128
129int	hw_float;		/* XXX currently just alias for npx_exists */
130
131SYSCTL_INT(_hw,HW_FLOATINGPT, floatingpoint,
132	CTLFLAG_RD, &hw_float, 0,
133	"Floatingpoint instructions executed in hardware");
134
135static u_int	npx0_imask = SWI_CLOCK_MASK;
136struct proc	*npxproc;
137
138static	bool_t			npx_ex16;
139static	bool_t			npx_exists;
140static	struct gate_descriptor	npx_idt_probeintr;
141static	int			npx_intrno;
142static	volatile u_int		npx_intrs_while_probing;
143static	bool_t			npx_irq13;
144static	volatile u_int		npx_traps_while_probing;
145
146/*
147 * Special interrupt handlers.  Someday intr0-intr15 will be used to count
148 * interrupts.  We'll still need a special exception 16 handler.  The busy
149 * latch stuff in probeintr() can be moved to npxprobe().
150 */
151
152inthand_t probeintr;
153asm
154("
155	.text
156	.p2align 2,0x90
157" __XSTRING(CNAME(probeintr)) ":
158	ss
159	incl	" __XSTRING(CNAME(npx_intrs_while_probing)) "
160	pushl	%eax
161	movb	$0x20,%al	# EOI (asm in strings loses cpp features)
162	outb	%al,$0xa0	# IO_ICU2
163	outb	%al,$0x20	# IO_ICU1
164	movb	$0,%al
165	outb	%al,$0xf0	# clear BUSY# latch
166	popl	%eax
167	iret
168");
169
170inthand_t probetrap;
171asm
172("
173	.text
174	.p2align 2,0x90
175" __XSTRING(CNAME(probetrap)) ":
176	ss
177	incl	" __XSTRING(CNAME(npx_traps_while_probing)) "
178	fnclex
179	iret
180");
181
182/*
183 * Probe routine.  Initialize cr0 to give correct behaviour for [f]wait
184 * whether the device exists or not (XXX should be elsewhere).  Set flags
185 * to tell npxattach() what to do.  Modify device struct if npx doesn't
186 * need to use interrupts.  Return 1 if device exists.
187 */
188static int
189npxprobe(dvp)
190	struct isa_device *dvp;
191{
192	int	result;
193	u_long	save_eflags;
194	u_char	save_icu1_mask;
195	u_char	save_icu2_mask;
196	struct	gate_descriptor save_idt_npxintr;
197	struct	gate_descriptor save_idt_npxtrap;
198	/*
199	 * This routine is now just a wrapper for npxprobe1(), to install
200	 * special npx interrupt and trap handlers, to enable npx interrupts
201	 * and to disable other interrupts.  Someday isa_configure() will
202	 * install suitable handlers and run with interrupts enabled so we
203	 * won't need to do so much here.
204	 */
205	npx_intrno = NRSVIDT + ffs(dvp->id_irq) - 1;
206	save_eflags = read_eflags();
207	disable_intr();
208	save_icu1_mask = inb(IO_ICU1 + 1);
209	save_icu2_mask = inb(IO_ICU2 + 1);
210	save_idt_npxintr = idt[npx_intrno];
211	save_idt_npxtrap = idt[16];
212	outb(IO_ICU1 + 1, ~(IRQ_SLAVE | dvp->id_irq));
213	outb(IO_ICU2 + 1, ~(dvp->id_irq >> 8));
214	setidt(16, probetrap, SDT_SYS386TGT, SEL_KPL, GSEL(GCODE_SEL, SEL_KPL));
215	setidt(npx_intrno, probeintr, SDT_SYS386IGT, SEL_KPL, GSEL(GCODE_SEL, SEL_KPL));
216	npx_idt_probeintr = idt[npx_intrno];
217	enable_intr();
218	result = npxprobe1(dvp);
219	disable_intr();
220	outb(IO_ICU1 + 1, save_icu1_mask);
221	outb(IO_ICU2 + 1, save_icu2_mask);
222	idt[npx_intrno] = save_idt_npxintr;
223	idt[16] = save_idt_npxtrap;
224	write_eflags(save_eflags);
225	return (result);
226}
227
228static int
229npxprobe1(dvp)
230	struct isa_device *dvp;
231{
232	u_short control;
233	u_short status;
234
235	/*
236	 * Partially reset the coprocessor, if any.  Some BIOS's don't reset
237	 * it after a warm boot.
238	 */
239	outb(0xf1, 0);		/* full reset on some systems, NOP on others */
240	outb(0xf0, 0);		/* clear BUSY# latch */
241	/*
242	 * Prepare to trap all ESC (i.e., NPX) instructions and all WAIT
243	 * instructions.  We must set the CR0_MP bit and use the CR0_TS
244	 * bit to control the trap, because setting the CR0_EM bit does
245	 * not cause WAIT instructions to trap.  It's important to trap
246	 * WAIT instructions - otherwise the "wait" variants of no-wait
247	 * control instructions would degenerate to the "no-wait" variants
248	 * after FP context switches but work correctly otherwise.  It's
249	 * particularly important to trap WAITs when there is no NPX -
250	 * otherwise the "wait" variants would always degenerate.
251	 *
252	 * Try setting CR0_NE to get correct error reporting on 486DX's.
253	 * Setting it should fail or do nothing on lesser processors.
254	 */
255	load_cr0(rcr0() | CR0_MP | CR0_NE);
256	/*
257	 * But don't trap while we're probing.
258	 */
259	stop_emulating();
260	/*
261	 * Finish resetting the coprocessor, if any.  If there is an error
262	 * pending, then we may get a bogus IRQ13, but probeintr() will handle
263	 * it OK.  Bogus halts have never been observed, but we enabled
264	 * IRQ13 and cleared the BUSY# latch early to handle them anyway.
265	 */
266	fninit();
267	/*
268	 * Don't use fwait here because it might hang.
269	 * Don't use fnop here because it usually hangs if there is no FPU.
270	 */
271	DELAY(1000);		/* wait for any IRQ13 */
272#ifdef DIAGNOSTIC
273	if (npx_intrs_while_probing != 0)
274		printf("fninit caused %u bogus npx interrupt(s)\n",
275		       npx_intrs_while_probing);
276	if (npx_traps_while_probing != 0)
277		printf("fninit caused %u bogus npx trap(s)\n",
278		       npx_traps_while_probing);
279#endif
280	/*
281	 * Check for a status of mostly zero.
282	 */
283	status = 0x5a5a;
284	fnstsw(&status);
285	if ((status & 0xb8ff) == 0) {
286		/*
287		 * Good, now check for a proper control word.
288		 */
289		control = 0x5a5a;
290		fnstcw(&control);
291		if ((control & 0x1f3f) == 0x033f) {
292			hw_float = npx_exists = 1;
293			/*
294			 * We have an npx, now divide by 0 to see if exception
295			 * 16 works.
296			 */
297			control &= ~(1 << 2);	/* enable divide by 0 trap */
298			fldcw(&control);
299			npx_traps_while_probing = npx_intrs_while_probing = 0;
300			fp_divide_by_0();
301			if (npx_traps_while_probing != 0) {
302				/*
303				 * Good, exception 16 works.
304				 */
305				npx_ex16 = 1;
306				dvp->id_irq = 0;	/* zap the interrupt */
307				/*
308				 * special return value to flag that we do not
309				 * actually use any I/O registers
310				 */
311				return (-1);
312			}
313			if (npx_intrs_while_probing != 0) {
314				/*
315				 * Bad, we are stuck with IRQ13.
316				 */
317				npx_irq13 = 1;
318				/*
319				 * npxattach would be too late to set npx0_imask.
320				 */
321				npx0_imask |= dvp->id_irq;
322				return (IO_NPXSIZE);
323			}
324			/*
325			 * Worse, even IRQ13 is broken.  Use emulator.
326			 */
327		}
328	}
329	/*
330	 * Probe failed, but we want to get to npxattach to initialize the
331	 * emulator and say that it has been installed.  XXX handle devices
332	 * that aren't really devices better.
333	 */
334	dvp->id_irq = 0;
335	/*
336	 * special return value to flag that we do not
337	 * actually use any I/O registers
338	 */
339	return (-1);
340}
341
342/*
343 * Attach routine - announce which it is, and wire into system
344 */
345int
346npxattach(dvp)
347	struct isa_device *dvp;
348{
349	/* The caller has printed "irq 13" for the npx_irq13 case. */
350	if (!npx_irq13) {
351		printf("npx%d: ", dvp->id_unit);
352		if (npx_ex16)
353			printf("INT 16 interface\n");
354#if defined(MATH_EMULATE) || defined(GPL_MATH_EMULATE)
355		else if (npx_exists) {
356			printf("error reporting broken; using 387 emulator\n");
357			hw_float = npx_exists = 0;
358		} else
359			printf("387 emulator\n");
360#else
361		else
362			printf("no 387 emulator in kernel!\n");
363#endif
364	}
365	npxinit(__INITIAL_NPXCW__);
366
367#ifdef I586_CPU
368	if (cpu_class == CPUCLASS_586 && npx_ex16) {
369		if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_BCOPY)) {
370			bcopy_vector = i586_bcopy;
371			ovbcopy_vector = i586_bcopy;
372		}
373		if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_BZERO))
374			bzero = i586_bzero;
375		if (!(dvp->id_flags & NPX_DISABLE_I586_OPTIMIZED_COPYIO)) {
376			copyin_vector = i586_copyin;
377			copyout_vector = i586_copyout;
378		}
379	}
380#endif
381
382	return (1);		/* XXX unused */
383}
384
385/*
386 * Initialize floating point unit.
387 */
388void
389npxinit(control)
390	u_short control;
391{
392	struct save87 dummy;
393
394	if (!npx_exists)
395		return;
396	/*
397	 * fninit has the same h/w bugs as fnsave.  Use the detoxified
398	 * fnsave to throw away any junk in the fpu.  npxsave() initializes
399	 * the fpu and sets npxproc = NULL as important side effects.
400	 */
401	npxsave(&dummy);
402	stop_emulating();
403	fldcw(&control);
404	if (curpcb != NULL)
405		fnsave(&curpcb->pcb_savefpu);
406	start_emulating();
407}
408
409/*
410 * Free coprocessor (if we have it).
411 */
412void
413npxexit(p)
414	struct proc *p;
415{
416
417	if (p == npxproc)
418		npxsave(&curpcb->pcb_savefpu);
419#ifdef NPX_DEBUG
420	if (npx_exists) {
421		u_int	masked_exceptions;
422
423		masked_exceptions = curpcb->pcb_savefpu.sv_env.en_cw
424				    & curpcb->pcb_savefpu.sv_env.en_sw & 0x7f;
425		/*
426		 * Log exceptions that would have trapped with the old
427		 * control word (overflow, divide by 0, and invalid operand).
428		 */
429		if (masked_exceptions & 0x0d)
430			log(LOG_ERR,
431	"pid %d (%s) exited with masked floating point exceptions 0x%02x\n",
432			    p->p_pid, p->p_comm, masked_exceptions);
433	}
434#endif
435}
436
437/*
438 * Preserve the FP status word, clear FP exceptions, then generate a SIGFPE.
439 *
440 * Clearing exceptions is necessary mainly to avoid IRQ13 bugs.  We now
441 * depend on longjmp() restoring a usable state.  Restoring the state
442 * or examining it might fail if we didn't clear exceptions.
443 *
444 * XXX there is no standard way to tell SIGFPE handlers about the error
445 * state.  The old interface:
446 *
447 *	void handler(int sig, int code, struct sigcontext *scp);
448 *
449 * is broken because it is non-ANSI and because the FP state is not in
450 * struct sigcontext.
451 *
452 * XXX the FP state is not preserved across signal handlers.  So signal
453 * handlers cannot afford to do FP unless they preserve the state or
454 * longjmp() out.  Both preserving the state and longjmp()ing may be
455 * destroyed by IRQ13 bugs.  Clearing FP exceptions is not an acceptable
456 * solution for signals other than SIGFPE.
457 */
458void
459npxintr(unit)
460	int unit;
461{
462	int code;
463	struct intrframe *frame;
464
465	if (npxproc == NULL || !npx_exists) {
466		printf("npxintr: npxproc = %p, curproc = %p, npx_exists = %d\n",
467		       npxproc, curproc, npx_exists);
468		panic("npxintr from nowhere");
469	}
470	if (npxproc != curproc) {
471		printf("npxintr: npxproc = %p, curproc = %p, npx_exists = %d\n",
472		       npxproc, curproc, npx_exists);
473		panic("npxintr from non-current process");
474	}
475
476	outb(0xf0, 0);
477	fnstsw(&curpcb->pcb_savefpu.sv_ex_sw);
478	fnclex();
479	fnop();
480
481	/*
482	 * Pass exception to process.
483	 */
484	frame = (struct intrframe *)&unit;	/* XXX */
485	if (ISPL(frame->if_cs) == SEL_UPL) {
486		/*
487		 * Interrupt is essentially a trap, so we can afford to call
488		 * the SIGFPE handler (if any) as soon as the interrupt
489		 * returns.
490		 *
491		 * XXX little or nothing is gained from this, and plenty is
492		 * lost - the interrupt frame has to contain the trap frame
493		 * (this is otherwise only necessary for the rescheduling trap
494		 * in doreti, and the frame for that could easily be set up
495		 * just before it is used).
496		 */
497		curproc->p_md.md_regs = &frame->if_es;
498#ifdef notyet
499		/*
500		 * Encode the appropriate code for detailed information on
501		 * this exception.
502		 */
503		code = XXX_ENCODE(curpcb->pcb_savefpu.sv_ex_sw);
504#else
505		code = 0;	/* XXX */
506#endif
507		trapsignal(curproc, SIGFPE, code);
508	} else {
509		/*
510		 * Nested interrupt.  These losers occur when:
511		 *	o an IRQ13 is bogusly generated at a bogus time, e.g.:
512		 *		o immediately after an fnsave or frstor of an
513		 *		  error state.
514		 *		o a couple of 386 instructions after
515		 *		  "fstpl _memvar" causes a stack overflow.
516		 *	  These are especially nasty when combined with a
517		 *	  trace trap.
518		 *	o an IRQ13 occurs at the same time as another higher-
519		 *	  priority interrupt.
520		 *
521		 * Treat them like a true async interrupt.
522		 */
523		psignal(curproc, SIGFPE);
524	}
525}
526
527/*
528 * Implement device not available (DNA) exception
529 *
530 * It would be better to switch FP context here (if curproc != npxproc)
531 * and not necessarily for every context switch, but it is too hard to
532 * access foreign pcb's.
533 */
534int
535npxdna()
536{
537	if (!npx_exists)
538		return (0);
539	if (npxproc != NULL) {
540		printf("npxdna: npxproc = %p, curproc = %p\n",
541		       npxproc, curproc);
542		panic("npxdna");
543	}
544	stop_emulating();
545	/*
546	 * Record new context early in case frstor causes an IRQ13.
547	 */
548	npxproc = curproc;
549	curpcb->pcb_savefpu.sv_ex_sw = 0;
550	/*
551	 * The following frstor may cause an IRQ13 when the state being
552	 * restored has a pending error.  The error will appear to have been
553	 * triggered by the current (npx) user instruction even when that
554	 * instruction is a no-wait instruction that should not trigger an
555	 * error (e.g., fnclex).  On at least one 486 system all of the
556	 * no-wait instructions are broken the same as frstor, so our
557	 * treatment does not amplify the breakage.  On at least one
558	 * 386/Cyrix 387 system, fnclex works correctly while frstor and
559	 * fnsave are broken, so our treatment breaks fnclex if it is the
560	 * first FPU instruction after a context switch.
561	 */
562	frstor(&curpcb->pcb_savefpu);
563
564	return (1);
565}
566
567/*
568 * Wrapper for fnsave instruction to handle h/w bugs.  If there is an error
569 * pending, then fnsave generates a bogus IRQ13 on some systems.  Force
570 * any IRQ13 to be handled immediately, and then ignore it.  This routine is
571 * often called at splhigh so it must not use many system services.  In
572 * particular, it's much easier to install a special handler than to
573 * guarantee that it's safe to use npxintr() and its supporting code.
574 */
575void
576npxsave(addr)
577	struct save87 *addr;
578{
579	u_char	icu1_mask;
580	u_char	icu2_mask;
581	u_char	old_icu1_mask;
582	u_char	old_icu2_mask;
583	struct gate_descriptor	save_idt_npxintr;
584
585	disable_intr();
586	old_icu1_mask = inb(IO_ICU1 + 1);
587	old_icu2_mask = inb(IO_ICU2 + 1);
588	save_idt_npxintr = idt[npx_intrno];
589	outb(IO_ICU1 + 1, old_icu1_mask & ~(IRQ_SLAVE | npx0_imask));
590	outb(IO_ICU2 + 1, old_icu2_mask & ~(npx0_imask >> 8));
591	idt[npx_intrno] = npx_idt_probeintr;
592	enable_intr();
593	stop_emulating();
594	fnsave(addr);
595	fnop();
596	start_emulating();
597	npxproc = NULL;
598	disable_intr();
599	icu1_mask = inb(IO_ICU1 + 1);	/* masks may have changed */
600	icu2_mask = inb(IO_ICU2 + 1);
601	outb(IO_ICU1 + 1,
602	     (icu1_mask & ~npx0_imask) | (old_icu1_mask & npx0_imask));
603	outb(IO_ICU2 + 1,
604	     (icu2_mask & ~(npx0_imask >> 8))
605	     | (old_icu2_mask & (npx0_imask >> 8)));
606	idt[npx_intrno] = save_idt_npxintr;
607	enable_intr();		/* back to usual state */
608}
609
610#endif /* NNPX > 0 */
611