npx.c revision 188938 
1/*-
2 * Copyright (c) 1990 William Jolitz.
3 * Copyright (c) 1991 The Regents of the University of California.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 4. Neither the name of the University nor the names of its contributors
15 *    may be used to endorse or promote products derived from this software
16 *    without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 *
30 *	from: @(#)npx.c	7.2 (Berkeley) 5/12/91
31 */
32
33#include <sys/cdefs.h>
34__FBSDID("$FreeBSD: head/sys/i386/isa/npx.c 188938 2009-02-23 15:39:24Z jhb $");
35
36#include "opt_cpu.h"
37#include "opt_isa.h"
38#include "opt_npx.h"
39
40#include <sys/param.h>
41#include <sys/systm.h>
42#include <sys/bus.h>
43#include <sys/kernel.h>
44#include <sys/lock.h>
45#include <sys/malloc.h>
46#include <sys/module.h>
47#include <sys/mutex.h>
48#include <sys/mutex.h>
49#include <sys/proc.h>
50#include <sys/smp.h>
51#include <sys/sysctl.h>
52#include <machine/bus.h>
53#include <sys/rman.h>
54#ifdef NPX_DEBUG
55#include <sys/syslog.h>
56#endif
57#include <sys/signalvar.h>
58
59#include <machine/asmacros.h>
60#include <machine/cputypes.h>
61#include <machine/frame.h>
62#include <machine/md_var.h>
63#include <machine/pcb.h>
64#include <machine/psl.h>
65#include <machine/resource.h>
66#include <machine/specialreg.h>
67#include <machine/segments.h>
68#include <machine/ucontext.h>
69
70#include <machine/intr_machdep.h>
71#ifdef XEN
72#include <machine/xen/xen-os.h>
73#include <xen/hypervisor.h>
74#endif
75
76#ifdef DEV_ISA
77#include <isa/isavar.h>
78#endif
79
80#if !defined(CPU_DISABLE_SSE) && defined(I686_CPU)
81#define CPU_ENABLE_SSE
82#endif
83
84/*
85 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver.
86 */
87
88/* Configuration flags. */
89#define	NPX_DISABLE_I586_OPTIMIZED_BCOPY	(1 << 0)
90#define	NPX_DISABLE_I586_OPTIMIZED_BZERO	(1 << 1)
91#define	NPX_DISABLE_I586_OPTIMIZED_COPYIO	(1 << 2)
92
93#if defined(__GNUCLIKE_ASM) && !defined(lint)
94
95#define	fldcw(addr)		__asm("fldcw %0" : : "m" (*(addr)))
96#define	fnclex()		__asm("fnclex")
97#define	fninit()		__asm("fninit")
98#define	fnsave(addr)		__asm __volatile("fnsave %0" : "=m" (*(addr)))
99#define	fnstcw(addr)		__asm __volatile("fnstcw %0" : "=m" (*(addr)))
100#define	fnstsw(addr)		__asm __volatile("fnstsw %0" : "=m" (*(addr)))
101#define	fp_divide_by_0()	__asm("fldz; fld1; fdiv %st,%st(1); fnop")
102#define	frstor(addr)		__asm("frstor %0" : : "m" (*(addr)))
103#ifdef CPU_ENABLE_SSE
104#define	fxrstor(addr)		__asm("fxrstor %0" : : "m" (*(addr)))
105#define	fxsave(addr)		__asm __volatile("fxsave %0" : "=m" (*(addr)))
106#define	ldmxcsr(__csr)		__asm __volatile("ldmxcsr %0" : : "m" (__csr))
107#endif
108#ifdef XEN
109#define start_emulating()	(HYPERVISOR_fpu_taskswitch(1))
110#define stop_emulating()	(HYPERVISOR_fpu_taskswitch(0))
111#else
112#define	start_emulating()	__asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \
113				      : : "n" (CR0_TS) : "ax")
114#define	stop_emulating()	__asm("clts")
115#endif
116#else	/* !(__GNUCLIKE_ASM && !lint) */
117
118void	fldcw(caddr_t addr);
119void	fnclex(void);
120void	fninit(void);
121void	fnsave(caddr_t addr);
122void	fnstcw(caddr_t addr);
123void	fnstsw(caddr_t addr);
124void	fp_divide_by_0(void);
125void	frstor(caddr_t addr);
126#ifdef CPU_ENABLE_SSE
127void	fxsave(caddr_t addr);
128void	fxrstor(caddr_t addr);
129#endif
130void	start_emulating(void);
131void	stop_emulating(void);
132
133#endif	/* __GNUCLIKE_ASM && !lint */
134
135#ifdef CPU_ENABLE_SSE
136#define GET_FPU_CW(thread) \
137	(cpu_fxsr ? \
138		(thread)->td_pcb->pcb_save.sv_xmm.sv_env.en_cw : \
139		(thread)->td_pcb->pcb_save.sv_87.sv_env.en_cw)
140#define GET_FPU_SW(thread) \
141	(cpu_fxsr ? \
142		(thread)->td_pcb->pcb_save.sv_xmm.sv_env.en_sw : \
143		(thread)->td_pcb->pcb_save.sv_87.sv_env.en_sw)
144#else /* CPU_ENABLE_SSE */
145#define GET_FPU_CW(thread) \
146	(thread->td_pcb->pcb_save.sv_87.sv_env.en_cw)
147#define GET_FPU_SW(thread) \
148	(thread->td_pcb->pcb_save.sv_87.sv_env.en_sw)
149#endif /* CPU_ENABLE_SSE */
150
151typedef u_char bool_t;
152
153#ifdef CPU_ENABLE_SSE
154static	void	fpu_clean_state(void);
155#endif
156
157static	void	fpusave(union savefpu *);
158static	void	fpurstor(union savefpu *);
159static	int	npx_attach(device_t dev);
160static	void	npx_identify(driver_t *driver, device_t parent);
161static	int	npx_intr(void *);
162static	int	npx_probe(device_t dev);
163#ifdef I586_CPU_XXX
164static	long	timezero(const char *funcname,
165		    void (*func)(void *buf, size_t len));
166#endif /* I586_CPU */
167
168int	hw_float;		/* XXX currently just alias for npx_exists */
169
170SYSCTL_INT(_hw, HW_FLOATINGPT, floatingpoint, CTLFLAG_RD,
171    &hw_float, 0, "Floating point instructions executed in hardware");
172
173static	volatile u_int		npx_intrs_while_probing;
174static	volatile u_int		npx_traps_while_probing;
175
176static	union savefpu		npx_cleanstate;
177static	bool_t			npx_cleanstate_ready;
178static	bool_t			npx_ex16;
179static	bool_t			npx_exists;
180static	bool_t			npx_irq13;
181
182alias_for_inthand_t probetrap;
183__asm("								\n\
184	.text							\n\
185	.p2align 2,0x90						\n\
186	.type	" __XSTRING(CNAME(probetrap)) ",@function	\n\
187" __XSTRING(CNAME(probetrap)) ":				\n\
188	ss							\n\
189	incl	" __XSTRING(CNAME(npx_traps_while_probing)) "	\n\
190	fnclex							\n\
191	iret							\n\
192");
193
194/*
195 * Identify routine.  Create a connection point on our parent for probing.
196 */
197static void
198npx_identify(driver, parent)
199	driver_t *driver;
200	device_t parent;
201{
202	device_t child;
203
204	child = BUS_ADD_CHILD(parent, 0, "npx", 0);
205	if (child == NULL)
206		panic("npx_identify");
207}
208
209/*
210 * Do minimal handling of npx interrupts to convert them to traps.
211 */
212static int
213npx_intr(dummy)
214	void *dummy;
215{
216	struct thread *td;
217
218	npx_intrs_while_probing++;
219
220	/*
221	 * The BUSY# latch must be cleared in all cases so that the next
222	 * unmasked npx exception causes an interrupt.
223	 */
224	outb(IO_NPX, 0);
225
226	/*
227	 * fpcurthread is normally non-null here.  In that case, schedule an
228	 * AST to finish the exception handling in the correct context
229	 * (this interrupt may occur after the thread has entered the
230	 * kernel via a syscall or an interrupt).  Otherwise, the npx
231	 * state of the thread that caused this interrupt must have been
232	 * pushed to the thread's pcb, and clearing of the busy latch
233	 * above has finished the (essentially null) handling of this
234	 * interrupt.  Control will eventually return to the instruction
235	 * that caused it and it will repeat.  We will eventually (usually
236	 * soon) win the race to handle the interrupt properly.
237	 */
238	td = PCPU_GET(fpcurthread);
239	if (td != NULL) {
240		td->td_pcb->pcb_flags |= PCB_NPXTRAP;
241		thread_lock(td);
242		td->td_flags |= TDF_ASTPENDING;
243		thread_unlock(td);
244	}
245	return (FILTER_HANDLED);
246}
247
248/*
249 * Probe routine.  Set flags to tell npxattach() what to do.  Set up an
250 * interrupt handler if npx needs to use interrupts.
251 */
252static int
253npx_probe(dev)
254	device_t dev;
255{
256	struct gate_descriptor save_idt_npxtrap;
257	struct resource *ioport_res, *irq_res;
258	void *irq_cookie;
259	int ioport_rid, irq_num, irq_rid;
260	u_short control;
261	u_short status;
262
263	device_set_desc(dev, "math processor");
264
265	/*
266	 * Modern CPUs all have an FPU that uses the INT16 interface
267	 * and provide a simple way to verify that, so handle the
268	 * common case right away.
269	 */
270	if (cpu_feature & CPUID_FPU) {
271		hw_float = npx_exists = 1;
272		npx_ex16 = 1;
273		device_quiet(dev);
274		return (0);
275	}
276
277	save_idt_npxtrap = idt[IDT_MF];
278	setidt(IDT_MF, probetrap, SDT_SYS386TGT, SEL_KPL,
279	    GSEL(GCODE_SEL, SEL_KPL));
280	ioport_rid = 0;
281	ioport_res = bus_alloc_resource(dev, SYS_RES_IOPORT, &ioport_rid,
282	    IO_NPX, IO_NPX + IO_NPXSIZE - 1, IO_NPXSIZE, RF_ACTIVE);
283	if (ioport_res == NULL)
284		panic("npx: can't get ports");
285	if (resource_int_value("npx", 0, "irq", &irq_num) != 0)
286		irq_num = IRQ_NPX;
287	irq_rid = 0;
288	irq_res = bus_alloc_resource(dev, SYS_RES_IRQ, &irq_rid, irq_num,
289	    irq_num, 1, RF_ACTIVE);
290	if (irq_res != NULL) {
291		if (bus_setup_intr(dev, irq_res, INTR_TYPE_MISC,
292			npx_intr, NULL, NULL, &irq_cookie) != 0)
293			panic("npx: can't create intr");
294	}
295
296	/*
297	 * Partially reset the coprocessor, if any.  Some BIOS's don't reset
298	 * it after a warm boot.
299	 */
300	npx_full_reset();
301	outb(IO_NPX, 0);
302
303	/*
304	 * Don't trap while we're probing.
305	 */
306	stop_emulating();
307
308	/*
309	 * Finish resetting the coprocessor, if any.  If there is an error
310	 * pending, then we may get a bogus IRQ13, but npx_intr() will handle
311	 * it OK.  Bogus halts have never been observed, but we enabled
312	 * IRQ13 and cleared the BUSY# latch early to handle them anyway.
313	 */
314	fninit();
315
316	/*
317	 * Don't use fwait here because it might hang.
318	 * Don't use fnop here because it usually hangs if there is no FPU.
319	 */
320	DELAY(1000);		/* wait for any IRQ13 */
321#ifdef DIAGNOSTIC
322	if (npx_intrs_while_probing != 0)
323		printf("fninit caused %u bogus npx interrupt(s)\n",
324		       npx_intrs_while_probing);
325	if (npx_traps_while_probing != 0)
326		printf("fninit caused %u bogus npx trap(s)\n",
327		       npx_traps_while_probing);
328#endif
329	/*
330	 * Check for a status of mostly zero.
331	 */
332	status = 0x5a5a;
333	fnstsw(&status);
334	if ((status & 0xb8ff) == 0) {
335		/*
336		 * Good, now check for a proper control word.
337		 */
338		control = 0x5a5a;
339		fnstcw(&control);
340		if ((control & 0x1f3f) == 0x033f) {
341			hw_float = npx_exists = 1;
342			/*
343			 * We have an npx, now divide by 0 to see if exception
344			 * 16 works.
345			 */
346			control &= ~(1 << 2);	/* enable divide by 0 trap */
347			fldcw(&control);
348#ifdef FPU_ERROR_BROKEN
349			/*
350			 * FPU error signal doesn't work on some CPU
351			 * accelerator board.
352			 */
353			npx_ex16 = 1;
354			return (0);
355#endif
356			npx_traps_while_probing = npx_intrs_while_probing = 0;
357			fp_divide_by_0();
358			DELAY(1000);	/* wait for any IRQ13 */
359			if (npx_traps_while_probing != 0) {
360				/*
361				 * Good, exception 16 works.
362				 */
363				npx_ex16 = 1;
364				goto no_irq13;
365			}
366			if (npx_intrs_while_probing != 0) {
367				/*
368				 * Bad, we are stuck with IRQ13.
369				 */
370				npx_irq13 = 1;
371				idt[IDT_MF] = save_idt_npxtrap;
372#ifdef SMP
373				if (mp_ncpus > 1)
374					panic("npx0 cannot use IRQ 13 on an SMP system");
375#endif
376				return (0);
377			}
378			/*
379			 * Worse, even IRQ13 is broken.  Use emulator.
380			 */
381		}
382	}
383	/*
384	 * Probe failed, but we want to get to npxattach to initialize the
385	 * emulator and say that it has been installed.  XXX handle devices
386	 * that aren't really devices better.
387	 */
388#ifdef SMP
389	if (mp_ncpus > 1)
390		panic("npx0 cannot be emulated on an SMP system");
391#endif
392	/* FALLTHROUGH */
393no_irq13:
394	idt[IDT_MF] = save_idt_npxtrap;
395	if (irq_res != NULL) {
396		bus_teardown_intr(dev, irq_res, irq_cookie);
397		bus_release_resource(dev, SYS_RES_IRQ, irq_rid, irq_res);
398	}
399	bus_release_resource(dev, SYS_RES_IOPORT, ioport_rid, ioport_res);
400	return (0);
401}
402
403/*
404 * Attach routine - announce which it is, and wire into system
405 */
406static int
407npx_attach(dev)
408	device_t dev;
409{
410	int flags;
411	register_t s;
412
413	flags = device_get_flags(dev);
414
415	if (npx_irq13)
416		device_printf(dev, "IRQ 13 interface\n");
417	else if (!npx_ex16)
418		device_printf(dev, "WARNING: no FPU!\n");
419	else if (!device_is_quiet(dev) || bootverbose)
420		device_printf(dev, "INT 16 interface\n");
421
422	npxinit(__INITIAL_NPXCW__);
423
424	if (npx_cleanstate_ready == 0) {
425		s = intr_disable();
426		stop_emulating();
427		fpusave(&npx_cleanstate);
428		start_emulating();
429#ifdef CPU_ENABLE_SSE
430		if (cpu_fxsr) {
431			if (npx_cleanstate.sv_xmm.sv_env.en_mxcsr_mask)
432				cpu_mxcsr_mask =
433			    	    npx_cleanstate.sv_xmm.sv_env.en_mxcsr_mask;
434			else
435				cpu_mxcsr_mask = 0xFFBF;
436		}
437#endif
438		npx_cleanstate_ready = 1;
439		intr_restore(s);
440	}
441#ifdef I586_CPU_XXX
442	if (cpu_class == CPUCLASS_586 && npx_ex16 && npx_exists &&
443	    timezero("i586_bzero()", i586_bzero) <
444	    timezero("bzero()", bzero) * 4 / 5) {
445		if (!(flags & NPX_DISABLE_I586_OPTIMIZED_BCOPY))
446			bcopy_vector = i586_bcopy;
447		if (!(flags & NPX_DISABLE_I586_OPTIMIZED_BZERO))
448			bzero_vector = i586_bzero;
449		if (!(flags & NPX_DISABLE_I586_OPTIMIZED_COPYIO)) {
450			copyin_vector = i586_copyin;
451			copyout_vector = i586_copyout;
452		}
453	}
454#endif
455
456	return (0);		/* XXX unused */
457}
458
459/*
460 * Initialize floating point unit.
461 */
462void
463npxinit(control)
464	u_short control;
465{
466	static union savefpu dummy;
467	register_t savecrit;
468
469	if (!npx_exists)
470		return;
471	/*
472	 * fninit has the same h/w bugs as fnsave.  Use the detoxified
473	 * fnsave to throw away any junk in the fpu.  npxsave() initializes
474	 * the fpu and sets fpcurthread = NULL as important side effects.
475	 */
476	savecrit = intr_disable();
477	npxsave(&dummy);
478	stop_emulating();
479#ifdef CPU_ENABLE_SSE
480	/* XXX npxsave() doesn't actually initialize the fpu in the SSE case. */
481	if (cpu_fxsr)
482		fninit();
483#endif
484	fldcw(&control);
485	start_emulating();
486	intr_restore(savecrit);
487}
488
489/*
490 * Free coprocessor (if we have it).
491 */
492void
493npxexit(td)
494	struct thread *td;
495{
496	register_t savecrit;
497
498	savecrit = intr_disable();
499	if (curthread == PCPU_GET(fpcurthread))
500		npxsave(&PCPU_GET(curpcb)->pcb_save);
501	intr_restore(savecrit);
502#ifdef NPX_DEBUG
503	if (npx_exists) {
504		u_int	masked_exceptions;
505
506		masked_exceptions = GET_FPU_CW(td) & GET_FPU_SW(td) & 0x7f;
507		/*
508		 * Log exceptions that would have trapped with the old
509		 * control word (overflow, divide by 0, and invalid operand).
510		 */
511		if (masked_exceptions & 0x0d)
512			log(LOG_ERR,
513	"pid %d (%s) exited with masked floating point exceptions 0x%02x\n",
514			    td->td_proc->p_pid, td->td_proc->p_comm,
515			    masked_exceptions);
516	}
517#endif
518}
519
520int
521npxformat()
522{
523
524	if (!npx_exists)
525		return (_MC_FPFMT_NODEV);
526#ifdef	CPU_ENABLE_SSE
527	if (cpu_fxsr)
528		return (_MC_FPFMT_XMM);
529#endif
530	return (_MC_FPFMT_387);
531}
532
533/*
534 * The following mechanism is used to ensure that the FPE_... value
535 * that is passed as a trapcode to the signal handler of the user
536 * process does not have more than one bit set.
537 *
538 * Multiple bits may be set if the user process modifies the control
539 * word while a status word bit is already set.  While this is a sign
540 * of bad coding, we have no choise than to narrow them down to one
541 * bit, since we must not send a trapcode that is not exactly one of
542 * the FPE_ macros.
543 *
544 * The mechanism has a static table with 127 entries.  Each combination
545 * of the 7 FPU status word exception bits directly translates to a
546 * position in this table, where a single FPE_... value is stored.
547 * This FPE_... value stored there is considered the "most important"
548 * of the exception bits and will be sent as the signal code.  The
549 * precedence of the bits is based upon Intel Document "Numerical
550 * Applications", Chapter "Special Computational Situations".
551 *
552 * The macro to choose one of these values does these steps: 1) Throw
553 * away status word bits that cannot be masked.  2) Throw away the bits
554 * currently masked in the control word, assuming the user isn't
555 * interested in them anymore.  3) Reinsert status word bit 7 (stack
556 * fault) if it is set, which cannot be masked but must be presered.
557 * 4) Use the remaining bits to point into the trapcode table.
558 *
559 * The 6 maskable bits in order of their preference, as stated in the
560 * above referenced Intel manual:
561 * 1  Invalid operation (FP_X_INV)
562 * 1a   Stack underflow
563 * 1b   Stack overflow
564 * 1c   Operand of unsupported format
565 * 1d   SNaN operand.
566 * 2  QNaN operand (not an exception, irrelavant here)
567 * 3  Any other invalid-operation not mentioned above or zero divide
568 *      (FP_X_INV, FP_X_DZ)
569 * 4  Denormal operand (FP_X_DNML)
570 * 5  Numeric over/underflow (FP_X_OFL, FP_X_UFL)
571 * 6  Inexact result (FP_X_IMP)
572 */
573static char fpetable[128] = {
574	0,
575	FPE_FLTINV,	/*  1 - INV */
576	FPE_FLTUND,	/*  2 - DNML */
577	FPE_FLTINV,	/*  3 - INV | DNML */
578	FPE_FLTDIV,	/*  4 - DZ */
579	FPE_FLTINV,	/*  5 - INV | DZ */
580	FPE_FLTDIV,	/*  6 - DNML | DZ */
581	FPE_FLTINV,	/*  7 - INV | DNML | DZ */
582	FPE_FLTOVF,	/*  8 - OFL */
583	FPE_FLTINV,	/*  9 - INV | OFL */
584	FPE_FLTUND,	/*  A - DNML | OFL */
585	FPE_FLTINV,	/*  B - INV | DNML | OFL */
586	FPE_FLTDIV,	/*  C - DZ | OFL */
587	FPE_FLTINV,	/*  D - INV | DZ | OFL */
588	FPE_FLTDIV,	/*  E - DNML | DZ | OFL */
589	FPE_FLTINV,	/*  F - INV | DNML | DZ | OFL */
590	FPE_FLTUND,	/* 10 - UFL */
591	FPE_FLTINV,	/* 11 - INV | UFL */
592	FPE_FLTUND,	/* 12 - DNML | UFL */
593	FPE_FLTINV,	/* 13 - INV | DNML | UFL */
594	FPE_FLTDIV,	/* 14 - DZ | UFL */
595	FPE_FLTINV,	/* 15 - INV | DZ | UFL */
596	FPE_FLTDIV,	/* 16 - DNML | DZ | UFL */
597	FPE_FLTINV,	/* 17 - INV | DNML | DZ | UFL */
598	FPE_FLTOVF,	/* 18 - OFL | UFL */
599	FPE_FLTINV,	/* 19 - INV | OFL | UFL */
600	FPE_FLTUND,	/* 1A - DNML | OFL | UFL */
601	FPE_FLTINV,	/* 1B - INV | DNML | OFL | UFL */
602	FPE_FLTDIV,	/* 1C - DZ | OFL | UFL */
603	FPE_FLTINV,	/* 1D - INV | DZ | OFL | UFL */
604	FPE_FLTDIV,	/* 1E - DNML | DZ | OFL | UFL */
605	FPE_FLTINV,	/* 1F - INV | DNML | DZ | OFL | UFL */
606	FPE_FLTRES,	/* 20 - IMP */
607	FPE_FLTINV,	/* 21 - INV | IMP */
608	FPE_FLTUND,	/* 22 - DNML | IMP */
609	FPE_FLTINV,	/* 23 - INV | DNML | IMP */
610	FPE_FLTDIV,	/* 24 - DZ | IMP */
611	FPE_FLTINV,	/* 25 - INV | DZ | IMP */
612	FPE_FLTDIV,	/* 26 - DNML | DZ | IMP */
613	FPE_FLTINV,	/* 27 - INV | DNML | DZ | IMP */
614	FPE_FLTOVF,	/* 28 - OFL | IMP */
615	FPE_FLTINV,	/* 29 - INV | OFL | IMP */
616	FPE_FLTUND,	/* 2A - DNML | OFL | IMP */
617	FPE_FLTINV,	/* 2B - INV | DNML | OFL | IMP */
618	FPE_FLTDIV,	/* 2C - DZ | OFL | IMP */
619	FPE_FLTINV,	/* 2D - INV | DZ | OFL | IMP */
620	FPE_FLTDIV,	/* 2E - DNML | DZ | OFL | IMP */
621	FPE_FLTINV,	/* 2F - INV | DNML | DZ | OFL | IMP */
622	FPE_FLTUND,	/* 30 - UFL | IMP */
623	FPE_FLTINV,	/* 31 - INV | UFL | IMP */
624	FPE_FLTUND,	/* 32 - DNML | UFL | IMP */
625	FPE_FLTINV,	/* 33 - INV | DNML | UFL | IMP */
626	FPE_FLTDIV,	/* 34 - DZ | UFL | IMP */
627	FPE_FLTINV,	/* 35 - INV | DZ | UFL | IMP */
628	FPE_FLTDIV,	/* 36 - DNML | DZ | UFL | IMP */
629	FPE_FLTINV,	/* 37 - INV | DNML | DZ | UFL | IMP */
630	FPE_FLTOVF,	/* 38 - OFL | UFL | IMP */
631	FPE_FLTINV,	/* 39 - INV | OFL | UFL | IMP */
632	FPE_FLTUND,	/* 3A - DNML | OFL | UFL | IMP */
633	FPE_FLTINV,	/* 3B - INV | DNML | OFL | UFL | IMP */
634	FPE_FLTDIV,	/* 3C - DZ | OFL | UFL | IMP */
635	FPE_FLTINV,	/* 3D - INV | DZ | OFL | UFL | IMP */
636	FPE_FLTDIV,	/* 3E - DNML | DZ | OFL | UFL | IMP */
637	FPE_FLTINV,	/* 3F - INV | DNML | DZ | OFL | UFL | IMP */
638	FPE_FLTSUB,	/* 40 - STK */
639	FPE_FLTSUB,	/* 41 - INV | STK */
640	FPE_FLTUND,	/* 42 - DNML | STK */
641	FPE_FLTSUB,	/* 43 - INV | DNML | STK */
642	FPE_FLTDIV,	/* 44 - DZ | STK */
643	FPE_FLTSUB,	/* 45 - INV | DZ | STK */
644	FPE_FLTDIV,	/* 46 - DNML | DZ | STK */
645	FPE_FLTSUB,	/* 47 - INV | DNML | DZ | STK */
646	FPE_FLTOVF,	/* 48 - OFL | STK */
647	FPE_FLTSUB,	/* 49 - INV | OFL | STK */
648	FPE_FLTUND,	/* 4A - DNML | OFL | STK */
649	FPE_FLTSUB,	/* 4B - INV | DNML | OFL | STK */
650	FPE_FLTDIV,	/* 4C - DZ | OFL | STK */
651	FPE_FLTSUB,	/* 4D - INV | DZ | OFL | STK */
652	FPE_FLTDIV,	/* 4E - DNML | DZ | OFL | STK */
653	FPE_FLTSUB,	/* 4F - INV | DNML | DZ | OFL | STK */
654	FPE_FLTUND,	/* 50 - UFL | STK */
655	FPE_FLTSUB,	/* 51 - INV | UFL | STK */
656	FPE_FLTUND,	/* 52 - DNML | UFL | STK */
657	FPE_FLTSUB,	/* 53 - INV | DNML | UFL | STK */
658	FPE_FLTDIV,	/* 54 - DZ | UFL | STK */
659	FPE_FLTSUB,	/* 55 - INV | DZ | UFL | STK */
660	FPE_FLTDIV,	/* 56 - DNML | DZ | UFL | STK */
661	FPE_FLTSUB,	/* 57 - INV | DNML | DZ | UFL | STK */
662	FPE_FLTOVF,	/* 58 - OFL | UFL | STK */
663	FPE_FLTSUB,	/* 59 - INV | OFL | UFL | STK */
664	FPE_FLTUND,	/* 5A - DNML | OFL | UFL | STK */
665	FPE_FLTSUB,	/* 5B - INV | DNML | OFL | UFL | STK */
666	FPE_FLTDIV,	/* 5C - DZ | OFL | UFL | STK */
667	FPE_FLTSUB,	/* 5D - INV | DZ | OFL | UFL | STK */
668	FPE_FLTDIV,	/* 5E - DNML | DZ | OFL | UFL | STK */
669	FPE_FLTSUB,	/* 5F - INV | DNML | DZ | OFL | UFL | STK */
670	FPE_FLTRES,	/* 60 - IMP | STK */
671	FPE_FLTSUB,	/* 61 - INV | IMP | STK */
672	FPE_FLTUND,	/* 62 - DNML | IMP | STK */
673	FPE_FLTSUB,	/* 63 - INV | DNML | IMP | STK */
674	FPE_FLTDIV,	/* 64 - DZ | IMP | STK */
675	FPE_FLTSUB,	/* 65 - INV | DZ | IMP | STK */
676	FPE_FLTDIV,	/* 66 - DNML | DZ | IMP | STK */
677	FPE_FLTSUB,	/* 67 - INV | DNML | DZ | IMP | STK */
678	FPE_FLTOVF,	/* 68 - OFL | IMP | STK */
679	FPE_FLTSUB,	/* 69 - INV | OFL | IMP | STK */
680	FPE_FLTUND,	/* 6A - DNML | OFL | IMP | STK */
681	FPE_FLTSUB,	/* 6B - INV | DNML | OFL | IMP | STK */
682	FPE_FLTDIV,	/* 6C - DZ | OFL | IMP | STK */
683	FPE_FLTSUB,	/* 6D - INV | DZ | OFL | IMP | STK */
684	FPE_FLTDIV,	/* 6E - DNML | DZ | OFL | IMP | STK */
685	FPE_FLTSUB,	/* 6F - INV | DNML | DZ | OFL | IMP | STK */
686	FPE_FLTUND,	/* 70 - UFL | IMP | STK */
687	FPE_FLTSUB,	/* 71 - INV | UFL | IMP | STK */
688	FPE_FLTUND,	/* 72 - DNML | UFL | IMP | STK */
689	FPE_FLTSUB,	/* 73 - INV | DNML | UFL | IMP | STK */
690	FPE_FLTDIV,	/* 74 - DZ | UFL | IMP | STK */
691	FPE_FLTSUB,	/* 75 - INV | DZ | UFL | IMP | STK */
692	FPE_FLTDIV,	/* 76 - DNML | DZ | UFL | IMP | STK */
693	FPE_FLTSUB,	/* 77 - INV | DNML | DZ | UFL | IMP | STK */
694	FPE_FLTOVF,	/* 78 - OFL | UFL | IMP | STK */
695	FPE_FLTSUB,	/* 79 - INV | OFL | UFL | IMP | STK */
696	FPE_FLTUND,	/* 7A - DNML | OFL | UFL | IMP | STK */
697	FPE_FLTSUB,	/* 7B - INV | DNML | OFL | UFL | IMP | STK */
698	FPE_FLTDIV,	/* 7C - DZ | OFL | UFL | IMP | STK */
699	FPE_FLTSUB,	/* 7D - INV | DZ | OFL | UFL | IMP | STK */
700	FPE_FLTDIV,	/* 7E - DNML | DZ | OFL | UFL | IMP | STK */
701	FPE_FLTSUB,	/* 7F - INV | DNML | DZ | OFL | UFL | IMP | STK */
702};
703
704/*
705 * Preserve the FP status word, clear FP exceptions, then generate a SIGFPE.
706 *
707 * Clearing exceptions is necessary mainly to avoid IRQ13 bugs.  We now
708 * depend on longjmp() restoring a usable state.  Restoring the state
709 * or examining it might fail if we didn't clear exceptions.
710 *
711 * The error code chosen will be one of the FPE_... macros. It will be
712 * sent as the second argument to old BSD-style signal handlers and as
713 * "siginfo_t->si_code" (second argument) to SA_SIGINFO signal handlers.
714 *
715 * XXX the FP state is not preserved across signal handlers.  So signal
716 * handlers cannot afford to do FP unless they preserve the state or
717 * longjmp() out.  Both preserving the state and longjmp()ing may be
718 * destroyed by IRQ13 bugs.  Clearing FP exceptions is not an acceptable
719 * solution for signals other than SIGFPE.
720 */
721int
722npxtrap()
723{
724	register_t savecrit;
725	u_short control, status;
726
727	if (!npx_exists) {
728		printf("npxtrap: fpcurthread = %p, curthread = %p, npx_exists = %d\n",
729		       PCPU_GET(fpcurthread), curthread, npx_exists);
730		panic("npxtrap from nowhere");
731	}
732	savecrit = intr_disable();
733
734	/*
735	 * Interrupt handling (for another interrupt) may have pushed the
736	 * state to memory.  Fetch the relevant parts of the state from
737	 * wherever they are.
738	 */
739	if (PCPU_GET(fpcurthread) != curthread) {
740		control = GET_FPU_CW(curthread);
741		status = GET_FPU_SW(curthread);
742	} else {
743		fnstcw(&control);
744		fnstsw(&status);
745	}
746
747	if (PCPU_GET(fpcurthread) == curthread)
748		fnclex();
749	intr_restore(savecrit);
750	return (fpetable[status & ((~control & 0x3f) | 0x40)]);
751}
752
753/*
754 * Implement device not available (DNA) exception
755 *
756 * It would be better to switch FP context here (if curthread != fpcurthread)
757 * and not necessarily for every context switch, but it is too hard to
758 * access foreign pcb's.
759 */
760
761static int err_count = 0;
762
763int
764npxdna()
765{
766	struct pcb *pcb;
767	register_t s;
768#ifdef CPU_ENABLE_SSE
769	int mxcsr;
770#endif
771	u_short control;
772
773	if (!npx_exists)
774		return (0);
775	if (PCPU_GET(fpcurthread) == curthread) {
776		printf("npxdna: fpcurthread == curthread %d times\n",
777		    ++err_count);
778		stop_emulating();
779		return (1);
780	}
781	if (PCPU_GET(fpcurthread) != NULL) {
782		printf("npxdna: fpcurthread = %p (%d), curthread = %p (%d)\n",
783		       PCPU_GET(fpcurthread),
784		       PCPU_GET(fpcurthread)->td_proc->p_pid,
785		       curthread, curthread->td_proc->p_pid);
786		panic("npxdna");
787	}
788	s = intr_disable();
789	stop_emulating();
790	/*
791	 * Record new context early in case frstor causes an IRQ13.
792	 */
793	PCPU_SET(fpcurthread, curthread);
794	pcb = PCPU_GET(curpcb);
795
796	if ((pcb->pcb_flags & PCB_NPXINITDONE) == 0) {
797		/*
798		 * This is the first time this thread has used the FPU or
799		 * the PCB doesn't contain a clean FPU state.  Explicitly
800		 * initialize the FPU and load the default control word.
801		 */
802		fninit();
803		control = __INITIAL_NPXCW__;
804		fldcw(&control);
805#ifdef CPU_ENABLE_SSE
806		if (cpu_fxsr) {
807			mxcsr = __INITIAL_MXCSR__;
808			ldmxcsr(mxcsr);
809		}
810#endif
811		pcb->pcb_flags |= PCB_NPXINITDONE;
812	} else {
813		/*
814		 * The following fpurstor() may cause an IRQ13 when the
815		 * state being restored has a pending error.  The error will
816		 * appear to have been triggered by the current (npx) user
817		 * instruction even when that instruction is a no-wait
818		 * instruction that should not trigger an error (e.g.,
819		 * fnclex).  On at least one 486 system all of the no-wait
820		 * instructions are broken the same as frstor, so our
821		 * treatment does not amplify the breakage.  On at least
822		 * one 386/Cyrix 387 system, fnclex works correctly while
823		 * frstor and fnsave are broken, so our treatment breaks
824		 * fnclex if it is the first FPU instruction after a context
825		 * switch.
826		 */
827		fpurstor(&pcb->pcb_save);
828	}
829	intr_restore(s);
830
831	return (1);
832}
833
834/*
835 * Wrapper for fnsave instruction, partly to handle hardware bugs.  When npx
836 * exceptions are reported via IRQ13, spurious IRQ13's may be triggered by
837 * no-wait npx instructions.  See the Intel application note AP-578 for
838 * details.  This doesn't cause any additional complications here.  IRQ13's
839 * are inherently asynchronous unless the CPU is frozen to deliver them --
840 * one that started in userland may be delivered many instructions later,
841 * after the process has entered the kernel.  It may even be delivered after
842 * the fnsave here completes.  A spurious IRQ13 for the fnsave is handled in
843 * the same way as a very-late-arriving non-spurious IRQ13 from user mode:
844 * it is normally ignored at first because we set fpcurthread to NULL; it is
845 * normally retriggered in npxdna() after return to user mode.
846 *
847 * npxsave() must be called with interrupts disabled, so that it clears
848 * fpcurthread atomically with saving the state.  We require callers to do the
849 * disabling, since most callers need to disable interrupts anyway to call
850 * npxsave() atomically with checking fpcurthread.
851 *
852 * A previous version of npxsave() went to great lengths to excecute fnsave
853 * with interrupts enabled in case executing it froze the CPU.  This case
854 * can't happen, at least for Intel CPU/NPX's.  Spurious IRQ13's don't imply
855 * spurious freezes.
856 */
857void
858npxsave(addr)
859	union savefpu *addr;
860{
861
862	stop_emulating();
863	fpusave(addr);
864
865	start_emulating();
866	PCPU_SET(fpcurthread, NULL);
867}
868
869/*
870 * This should be called with interrupts disabled and only when the owning
871 * FPU thread is non-null.
872 */
873void
874npxdrop()
875{
876	struct thread *td;
877
878	/*
879	 * Discard pending exceptions in the !cpu_fxsr case so that unmasked
880	 * ones don't cause a panic on the next frstor.
881	 */
882#ifdef CPU_ENABLE_SSE
883	if (!cpu_fxsr)
884#endif
885		fnclex();
886
887	td = PCPU_GET(fpcurthread);
888	PCPU_SET(fpcurthread, NULL);
889	td->td_pcb->pcb_flags &= ~PCB_NPXINITDONE;
890	start_emulating();
891}
892
893/*
894 * Get the state of the FPU without dropping ownership (if possible).
895 * It returns the FPU ownership status.
896 */
897int
898npxgetregs(td, addr)
899	struct thread *td;
900	union savefpu *addr;
901{
902	register_t s;
903
904	if (!npx_exists)
905		return (_MC_FPOWNED_NONE);
906
907	if ((td->td_pcb->pcb_flags & PCB_NPXINITDONE) == 0) {
908		if (npx_cleanstate_ready)
909			bcopy(&npx_cleanstate, addr, sizeof(npx_cleanstate));
910		else
911			bzero(addr, sizeof(*addr));
912		return (_MC_FPOWNED_NONE);
913	}
914	s = intr_disable();
915	if (td == PCPU_GET(fpcurthread)) {
916		fpusave(addr);
917#ifdef CPU_ENABLE_SSE
918		if (!cpu_fxsr)
919#endif
920			/*
921			 * fnsave initializes the FPU and destroys whatever
922			 * context it contains.  Make sure the FPU owner
923			 * starts with a clean state next time.
924			 */
925			npxdrop();
926		intr_restore(s);
927		return (_MC_FPOWNED_FPU);
928	} else {
929		intr_restore(s);
930		bcopy(&td->td_pcb->pcb_save, addr, sizeof(*addr));
931		return (_MC_FPOWNED_PCB);
932	}
933}
934
935/*
936 * Set the state of the FPU.
937 */
938void
939npxsetregs(td, addr)
940	struct thread *td;
941	union savefpu *addr;
942{
943	register_t s;
944
945	if (!npx_exists)
946		return;
947
948	s = intr_disable();
949	if (td == PCPU_GET(fpcurthread)) {
950#ifdef CPU_ENABLE_SSE
951		if (!cpu_fxsr)
952#endif
953			fnclex();	/* As in npxdrop(). */
954		fpurstor(addr);
955		intr_restore(s);
956	} else {
957		intr_restore(s);
958		bcopy(addr, &td->td_pcb->pcb_save, sizeof(*addr));
959	}
960	curthread->td_pcb->pcb_flags |= PCB_NPXINITDONE;
961}
962
963static void
964fpusave(addr)
965	union savefpu *addr;
966{
967
968#ifdef CPU_ENABLE_SSE
969	if (cpu_fxsr)
970		fxsave(addr);
971	else
972#endif
973		fnsave(addr);
974}
975
976#ifdef CPU_ENABLE_SSE
977/*
978 * On AuthenticAMD processors, the fxrstor instruction does not restore
979 * the x87's stored last instruction pointer, last data pointer, and last
980 * opcode values, except in the rare case in which the exception summary
981 * (ES) bit in the x87 status word is set to 1.
982 *
983 * In order to avoid leaking this information across processes, we clean
984 * these values by performing a dummy load before executing fxrstor().
985 */
986static	double	dummy_variable = 0.0;
987static void
988fpu_clean_state(void)
989{
990	u_short status;
991
992	/*
993	 * Clear the ES bit in the x87 status word if it is currently
994	 * set, in order to avoid causing a fault in the upcoming load.
995	 */
996	fnstsw(&status);
997	if (status & 0x80)
998		fnclex();
999
1000	/*
1001	 * Load the dummy variable into the x87 stack.  This mangles
1002	 * the x87 stack, but we don't care since we're about to call
1003	 * fxrstor() anyway.
1004	 */
1005	__asm __volatile("ffree %%st(7); fld %0" : : "m" (dummy_variable));
1006}
1007#endif /* CPU_ENABLE_SSE */
1008
1009static void
1010fpurstor(addr)
1011	union savefpu *addr;
1012{
1013
1014#ifdef CPU_ENABLE_SSE
1015	if (cpu_fxsr) {
1016		fpu_clean_state();
1017		fxrstor(addr);
1018	} else
1019#endif
1020		frstor(addr);
1021}
1022
1023#ifdef I586_CPU_XXX
1024static long
1025timezero(funcname, func)
1026	const char *funcname;
1027	void (*func)(void *buf, size_t len);
1028
1029{
1030	void *buf;
1031#define	BUFSIZE		1048576
1032	long usec;
1033	struct timeval finish, start;
1034
1035	buf = malloc(BUFSIZE, M_TEMP, M_NOWAIT);
1036	if (buf == NULL)
1037		return (BUFSIZE);
1038	microtime(&start);
1039	(*func)(buf, BUFSIZE);
1040	microtime(&finish);
1041	usec = 1000000 * (finish.tv_sec - start.tv_sec) +
1042	    finish.tv_usec - start.tv_usec;
1043	if (usec <= 0)
1044		usec = 1;
1045	if (bootverbose)
1046		printf("%s bandwidth = %u kBps\n", funcname,
1047		    (u_int32_t)(((BUFSIZE >> 10) * 1000000) / usec));
1048	free(buf, M_TEMP);
1049	return (usec);
1050}
1051#endif /* I586_CPU */
1052
1053static device_method_t npx_methods[] = {
1054	/* Device interface */
1055	DEVMETHOD(device_identify,	npx_identify),
1056	DEVMETHOD(device_probe,		npx_probe),
1057	DEVMETHOD(device_attach,	npx_attach),
1058	DEVMETHOD(device_detach,	bus_generic_detach),
1059	DEVMETHOD(device_shutdown,	bus_generic_shutdown),
1060	DEVMETHOD(device_suspend,	bus_generic_suspend),
1061	DEVMETHOD(device_resume,	bus_generic_resume),
1062
1063	{ 0, 0 }
1064};
1065
1066static driver_t npx_driver = {
1067	"npx",
1068	npx_methods,
1069	1,			/* no softc */
1070};
1071
1072static devclass_t npx_devclass;
1073
1074/*
1075 * We prefer to attach to the root nexus so that the usual case (exception 16)
1076 * doesn't describe the processor as being `on isa'.
1077 */
1078DRIVER_MODULE(npx, nexus, npx_driver, npx_devclass, 0, 0);
1079
1080#ifdef DEV_ISA
1081/*
1082 * This sucks up the legacy ISA support assignments from PNPBIOS/ACPI.
1083 */
1084static struct isa_pnp_id npxisa_ids[] = {
1085	{ 0x040cd041, "Legacy ISA coprocessor support" }, /* PNP0C04 */
1086	{ 0 }
1087};
1088
1089static int
1090npxisa_probe(device_t dev)
1091{
1092	int result;
1093	if ((result = ISA_PNP_PROBE(device_get_parent(dev), dev, npxisa_ids)) <= 0) {
1094		device_quiet(dev);
1095	}
1096	return(result);
1097}
1098
1099static int
1100npxisa_attach(device_t dev)
1101{
1102	return (0);
1103}
1104
1105static device_method_t npxisa_methods[] = {
1106	/* Device interface */
1107	DEVMETHOD(device_probe,		npxisa_probe),
1108	DEVMETHOD(device_attach,	npxisa_attach),
1109	DEVMETHOD(device_detach,	bus_generic_detach),
1110	DEVMETHOD(device_shutdown,	bus_generic_shutdown),
1111	DEVMETHOD(device_suspend,	bus_generic_suspend),
1112	DEVMETHOD(device_resume,	bus_generic_resume),
1113
1114	{ 0, 0 }
1115};
1116
1117static driver_t npxisa_driver = {
1118	"npxisa",
1119	npxisa_methods,
1120	1,			/* no softc */
1121};
1122
1123static devclass_t npxisa_devclass;
1124
1125DRIVER_MODULE(npxisa, isa, npxisa_driver, npxisa_devclass, 0, 0);
1126#ifndef PC98
1127DRIVER_MODULE(npxisa, acpi, npxisa_driver, npxisa_devclass, 0, 0);
1128#endif
1129#endif /* DEV_ISA */
1130