npx.c revision 2631 
1/*-
2 * Copyright (c) 1990 William Jolitz.
3 * Copyright (c) 1991 The Regents of the University of California.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 *    must display the following acknowledgement:
16 *	This product includes software developed by the University of
17 *	California, Berkeley and its contributors.
18 * 4. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 *	from: @(#)npx.c	7.2 (Berkeley) 5/12/91
35 *	$Id: npx.c,v 1.10 1994/08/13 03:50:11 wollman Exp $
36 */
37
38#include "npx.h"
39#if NNPX > 0
40
41#include <sys/param.h>
42#include <sys/systm.h>
43#include <sys/conf.h>
44#include <sys/file.h>
45#include <sys/proc.h>
46#include <machine/cpu.h>
47#include <machine/pcb.h>
48#include <machine/trap.h>
49#include <sys/ioctl.h>
50#include <machine/specialreg.h>
51#include <i386/isa/icu.h>
52#include <i386/isa/isa_device.h>
53#include <i386/isa/isa.h>
54
55/*
56 * 387 and 287 Numeric Coprocessor Extension (NPX) Driver.
57 */
58
59#ifdef	__GNUC__
60
61#define	disable_intr()		__asm("cli")
62#define	enable_intr()		__asm("sti")
63#define	fldcw(addr)		__asm("fldcw %0" : : "m" (*addr))
64#define	fnclex()		__asm("fnclex")
65#define	fninit()		__asm("fninit")
66#define	fnsave(addr)		__asm("fnsave %0" : "=m" (*addr) : "0" (*addr))
67#define	fnstcw(addr)		__asm("fnstcw %0" : "=m" (*addr) : "0" (*addr))
68#define	fnstsw(addr)		__asm("fnstsw %0" : "=m" (*addr) : "0" (*addr))
69#define	fp_divide_by_0()	__asm("fldz; fld1; fdiv %st,%st(1); fwait")
70#define	frstor(addr)		__asm("frstor %0" : : "m" (*addr))
71#define	fwait()			__asm("fwait")
72#define	read_eflags()		({u_long ef; \
73				  __asm("pushf; popl %0" : "=a" (ef)); \
74				  ef; })
75#define	start_emulating()	__asm("smsw %%ax; orb %0,%%al; lmsw %%ax" \
76				      : : "n" (CR0_TS) : "ax")
77#define	stop_emulating()	__asm("clts")
78#define	write_eflags(ef)	__asm("pushl %0; popf" : : "a" ((u_long) ef))
79
80#else	/* not __GNUC__ */
81
82void	disable_intr	__P((void));
83void	enable_intr	__P((void));
84void	fldcw		__P((caddr_t addr));
85void	fnclex		__P((void));
86void	fninit		__P((void));
87void	fnsave		__P((caddr_t addr));
88void	fnstcw		__P((caddr_t addr));
89void	fnstsw		__P((caddr_t addr));
90void	fp_divide_by_0	__P((void));
91void	frstor		__P((caddr_t addr));
92void	fwait		__P((void));
93u_long	read_eflags	__P((void));
94void	start_emulating	__P((void));
95void	stop_emulating	__P((void));
96void	write_eflags	__P((u_long ef));
97
98#endif	/* __GNUC__ */
99
100typedef u_char bool_t;
101
102extern	struct gate_descriptor idt[];
103
104int	npxdna		__P((void));
105void	npxexit		__P((struct proc *p));
106void	npxinit		__P((u_int control));
107void	npxintr		__P((struct intrframe frame));
108void	npxsave		__P((struct save87 *addr));
109static	int	npxattach	__P((struct isa_device *dvp));
110static	int	npxprobe	__P((struct isa_device *dvp));
111static	int	npxprobe1	__P((struct isa_device *dvp));
112
113struct	isa_driver npxdriver = {
114	npxprobe, npxattach, "npx",
115};
116
117u_int	npx0_imask;
118struct proc	*npxproc;
119
120static	bool_t			npx_ex16;
121static	bool_t			npx_exists;
122int hw_float;
123static	struct gate_descriptor	npx_idt_probeintr;
124static	int			npx_intrno;
125static	volatile u_int		npx_intrs_while_probing;
126static	bool_t			npx_irq13;
127static	volatile u_int		npx_traps_while_probing;
128
129/*
130 * Special interrupt handlers.  Someday intr0-intr15 will be used to count
131 * interrupts.  We'll still need a special exception 16 handler.  The busy
132 * latch stuff in probintr() can be moved to npxprobe().
133 */
134void probeintr(void);
135asm
136("
137	.text
138_probeintr:
139	ss
140	incl	_npx_intrs_while_probing
141	pushl	%eax
142	movb	$0x20,%al	# EOI (asm in strings loses cpp features)
143	outb	%al,$0xa0	# IO_ICU2
144	outb	%al,$0x20	#IO_ICU1
145	movb	$0,%al
146	outb	%al,$0xf0	# clear BUSY# latch
147	popl	%eax
148	iret
149");
150
151void probetrap(void);
152asm
153("
154	.text
155_probetrap:
156	ss
157	incl	_npx_traps_while_probing
158	fnclex
159	iret
160");
161
162/*
163 * Probe routine.  Initialize cr0 to give correct behaviour for [f]wait
164 * whether the device exists or not (XXX should be elsewhere).  Set flags
165 * to tell npxattach() what to do.  Modify device struct if npx doesn't
166 * need to use interrupts.  Return 1 if device exists.
167 */
168static int
169npxprobe(dvp)
170	struct isa_device *dvp;
171{
172	int	result;
173	u_long	save_eflags;
174	u_char	save_icu1_mask;
175	u_char	save_icu2_mask;
176	struct	gate_descriptor save_idt_npxintr;
177	struct	gate_descriptor save_idt_npxtrap;
178	/*
179	 * This routine is now just a wrapper for npxprobe1(), to install
180	 * special npx interrupt and trap handlers, to enable npx interrupts
181	 * and to disable other interrupts.  Someday isa_configure() will
182	 * install suitable handlers and run with interrupts enabled so we
183	 * won't need to do so much here.
184	 */
185	npx_intrno = NRSVIDT + ffs(dvp->id_irq) - 1;
186	save_eflags = read_eflags();
187	disable_intr();
188	save_icu1_mask = inb(IO_ICU1 + 1);
189	save_icu2_mask = inb(IO_ICU2 + 1);
190	save_idt_npxintr = idt[npx_intrno];
191	save_idt_npxtrap = idt[16];
192	outb(IO_ICU1 + 1, ~(IRQ_SLAVE | dvp->id_irq));
193	outb(IO_ICU2 + 1, ~(dvp->id_irq >> 8));
194	setidt(16, probetrap, SDT_SYS386TGT, SEL_KPL);
195	setidt(npx_intrno, probeintr, SDT_SYS386IGT, SEL_KPL);
196	npx_idt_probeintr = idt[npx_intrno];
197	enable_intr();
198	result = npxprobe1(dvp);
199	disable_intr();
200	outb(IO_ICU1 + 1, save_icu1_mask);
201	outb(IO_ICU2 + 1, save_icu2_mask);
202	idt[npx_intrno] = save_idt_npxintr;
203	idt[16] = save_idt_npxtrap;
204	write_eflags(save_eflags);
205	return (result);
206}
207
208static int
209npxprobe1(dvp)
210	struct isa_device *dvp;
211{
212	int control;
213	int status;
214#ifdef lint
215	npxintr();
216#endif
217	/*
218	 * Partially reset the coprocessor, if any.  Some BIOS's don't reset
219	 * it after a warm boot.
220	 */
221	outb(0xf1, 0);		/* full reset on some systems, NOP on others */
222	outb(0xf0, 0);		/* clear BUSY# latch */
223	/*
224	 * Prepare to trap all ESC (i.e., NPX) instructions and all WAIT
225	 * instructions.  We must set the CR0_MP bit and use the CR0_TS
226	 * bit to control the trap, because setting the CR0_EM bit does
227	 * not cause WAIT instructions to trap.  It's important to trap
228	 * WAIT instructions - otherwise the "wait" variants of no-wait
229	 * control instructions would degenerate to the "no-wait" variants
230	 * after FP context switches but work correctly otherwise.  It's
231	 * particularly important to trap WAITs when there is no NPX -
232	 * otherwise the "wait" variants would always degenerate.
233	 *
234	 * Try setting CR0_NE to get correct error reporting on 486DX's.
235	 * Setting it should fail or do nothing on lesser processors.
236	 */
237	load_cr0(rcr0() | CR0_MP | CR0_NE);
238	/*
239	 * But don't trap while we're probing.
240	 */
241	stop_emulating();
242	/*
243	 * Finish resetting the coprocessor, if any.  If there is an error
244	 * pending, then we may get a bogus IRQ13, but probeintr() will handle
245	 * it OK.  Bogus halts have never been observed, but we enabled
246	 * IRQ13 and cleared the BUSY# latch early to handle them anyway.
247	 */
248	fninit();
249	DELAY(1000);		/* wait for any IRQ13 (fwait might hang) */
250#ifdef DIAGNOSTIC
251	if (npx_intrs_while_probing != 0)
252		printf("fninit caused %u bogus npx interrupt(s)\n",
253		       npx_intrs_while_probing);
254	if (npx_traps_while_probing != 0)
255		printf("fninit caused %u bogus npx trap(s)\n",
256		       npx_traps_while_probing);
257#endif
258	/*
259	 * Check for a status of mostly zero.
260	 */
261	status = 0x5a5a;
262	fnstsw(&status);
263	if ((status & 0xb8ff) == 0) {
264		/*
265		 * Good, now check for a proper control word.
266		 */
267		control = 0x5a5a;
268		fnstcw(&control);
269		if ((control & 0x1f3f) == 0x033f) {
270			hw_float = npx_exists = 1;
271			/*
272			 * We have an npx, now divide by 0 to see if exception
273			 * 16 works.
274			 */
275			control &= ~(1 << 2);	/* enable divide by 0 trap */
276			fldcw(&control);
277			npx_traps_while_probing = npx_intrs_while_probing = 0;
278			fp_divide_by_0();
279			if (npx_traps_while_probing != 0) {
280				/*
281				 * Good, exception 16 works.
282				 */
283				npx_ex16 = 1;
284				dvp->id_irq = 0;	/* zap the interrupt */
285				/*
286				 * special return value to flag that we do not
287				 * actually use any I/O registers
288				 */
289				return (-1);
290			}
291			if (npx_intrs_while_probing != 0) {
292				/*
293				 * Bad, we are stuck with IRQ13.
294				 */
295				npx_irq13 = 1;
296				npx0_imask = dvp->id_irq;	/* npxattach too late */
297				return (IO_NPXSIZE);
298			}
299			/*
300			 * Worse, even IRQ13 is broken.  Use emulator.
301			 */
302		}
303	}
304	/*
305	 * Probe failed, but we want to get to npxattach to initialize the
306	 * emulator and say that it has been installed.  XXX handle devices
307	 * that aren't really devices better.
308	 */
309	dvp->id_irq = 0;
310	/*
311	 * special return value to flag that we do not
312	 * actually use any I/O registers
313	 */
314	return (-1);
315}
316
317/*
318 * Attach routine - announce which it is, and wire into system
319 */
320int
321npxattach(dvp)
322	struct isa_device *dvp;
323{
324	if (!npx_ex16 && !npx_irq13) {
325		if (npx_exists) {
326			printf("npx%d: Error reporting broken, using 387 emulator\n",dvp->id_unit);
327			hw_float = npx_exists = 0;
328		} else {
329			printf("npx%d: 387 Emulator\n",dvp->id_unit);
330		}
331	}
332	npxinit(__INITIAL_NPXCW__);
333	return (1);		/* XXX unused */
334}
335
336/*
337 * Initialize floating point unit.
338 */
339void
340npxinit(control)
341	u_int control;
342{
343	struct save87 dummy;
344
345	if (!npx_exists)
346		return;
347	/*
348	 * fninit has the same h/w bugs as fnsave.  Use the detoxified
349	 * fnsave to throw away any junk in the fpu.  fnsave initializes
350	 * the fpu and sets npxproc = NULL as important side effects.
351	 */
352	npxsave(&dummy);
353	stop_emulating();
354	fldcw(&control);
355	if (curpcb != NULL)
356		fnsave(&curpcb->pcb_savefpu);
357	start_emulating();
358}
359
360/*
361 * Free coprocessor (if we have it).
362 */
363void
364npxexit(p)
365	struct proc *p;
366{
367
368	if (p == npxproc) {
369		start_emulating();
370		npxproc = NULL;
371	}
372}
373
374/*
375 * Record the FPU state and reinitialize it all except for the control word.
376 * Then generate a SIGFPE.
377 *
378 * Reinitializing the state allows naive SIGFPE handlers to longjmp without
379 * doing any fixups.
380 *
381 * XXX there is currently no way to pass the full error state to signal
382 * handlers, and if this is a nested interrupt there is no way to pass even
383 * a status code!  So there is no way to have a non-naive SIGFPE handler.  At
384 * best a handler could do an fninit followed by an fldcw of a static value.
385 * fnclex would be of little use because it would leave junk on the FPU stack.
386 * Returning from the handler would be even less safe than usual because
387 * IRQ13 exception handling makes exceptions even less precise than usual.
388 */
389void
390npxintr(frame)
391	struct intrframe frame;
392{
393	int code;
394
395	if (npxproc == NULL || !npx_exists) {
396		/* XXX no %p in stand/printf.c.  Cast to quiet gcc -Wall. */
397		printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n",
398		       (u_long) npxproc, (u_long) curproc, npx_exists);
399		panic("npxintr from nowhere");
400	}
401	if (npxproc != curproc) {
402		printf("npxintr: npxproc = %lx, curproc = %lx, npx_exists = %d\n",
403		       (u_long) npxproc, (u_long) curproc, npx_exists);
404		panic("npxintr from non-current process");
405	}
406	/*
407	 * Save state.  This does an implied fninit.  It had better not halt
408	 * the cpu or we'll hang.
409	 */
410	outb(0xf0, 0);
411	fnsave(&curpcb->pcb_savefpu);
412	fwait();
413	/*
414	 * Restore control word (was clobbered by fnsave).
415	 */
416	fldcw(&curpcb->pcb_savefpu.sv_env.en_cw);
417	fwait();
418	/*
419	 * Remember the exception status word and tag word.  The current
420	 * (almost fninit'ed) fpu state is in the fpu and the exception
421	 * state just saved will soon be junk.  However, the implied fninit
422	 * doesn't change the error pointers or register contents, and we
423	 * preserved the control word and will copy the status and tag
424	 * words, so the complete exception state can be recovered.
425	 */
426	curpcb->pcb_savefpu.sv_ex_sw = curpcb->pcb_savefpu.sv_env.en_sw;
427	curpcb->pcb_savefpu.sv_ex_tw = curpcb->pcb_savefpu.sv_env.en_tw;
428
429	/*
430	 * Pass exception to process.
431	 */
432	if (ISPL(frame.if_cs) == SEL_UPL) {
433		/*
434		 * Interrupt is essentially a trap, so we can afford to call
435		 * the SIGFPE handler (if any) as soon as the interrupt
436		 * returns.
437		 *
438		 * XXX little or nothing is gained from this, and plenty is
439		 * lost - the interrupt frame has to contain the trap frame
440		 * (this is otherwise only necessary for the rescheduling trap
441		 * in doreti, and the frame for that could easily be set up
442		 * just before it is used).
443		 */
444		curproc->p_md.md_regs = (int *)&frame.if_es;
445#ifdef notyet
446		/*
447		 * Encode the appropriate code for detailed information on
448		 * this exception.
449		 */
450		code = XXX_ENCODE(curpcb->pcb_savefpu.sv_ex_sw);
451#else
452		code = 0;	/* XXX */
453#endif
454		trapsignal(curproc, SIGFPE, code);
455	} else {
456		/*
457		 * Nested interrupt.  These losers occur when:
458		 *	o an IRQ13 is bogusly generated at a bogus time, e.g.:
459		 *		o immediately after an fnsave or frstor of an
460		 *		  error state.
461		 *		o a couple of 386 instructions after
462		 *		  "fstpl _memvar" causes a stack overflow.
463		 *	  These are especially nasty when combined with a
464		 *	  trace trap.
465		 *	o an IRQ13 occurs at the same time as another higher-
466		 *	  priority interrupt.
467		 *
468		 * Treat them like a true async interrupt.
469		 */
470		psignal(npxproc, SIGFPE);
471	}
472}
473
474/*
475 * Implement device not available (DNA) exception
476 *
477 * It would be better to switch FP context here (only).  This would require
478 * saving the state in the proc table instead of in the pcb.
479 */
480int
481npxdna()
482{
483	if (!npx_exists)
484		return (0);
485	if (npxproc != NULL) {
486		printf("npxdna: npxproc = %lx, curproc = %lx\n",
487		       (u_long) npxproc, (u_long) curproc);
488		panic("npxdna");
489	}
490	stop_emulating();
491	/*
492	 * Record new context early in case frstor causes an IRQ13.
493	 */
494	npxproc = curproc;
495	/*
496	 * The following frstor may cause an IRQ13 when the state being
497	 * restored has a pending error.  The error will appear to have been
498	 * triggered by the current (npx) user instruction even when that
499	 * instruction is a no-wait instruction that should not trigger an
500	 * error (e.g., fnclex).  On at least one 486 system all of the
501	 * no-wait instructions are broken the same as frstor, so our
502	 * treatment does not amplify the breakage.  On at least one
503	 * 386/Cyrix 387 system, fnclex works correctly while frstor and
504	 * fnsave are broken, so our treatment breaks fnclex if it is the
505	 * first FPU instruction after a context switch.
506	 */
507	frstor(&curpcb->pcb_savefpu);
508
509	return (1);
510}
511
512/*
513 * Wrapper for fnsave instruction to handle h/w bugs.  If there is an error
514 * pending, then fnsave generates a bogus IRQ13 on some systems.  Force
515 * any IRQ13 to be handled immediately, and then ignore it.  This routine is
516 * often called at splhigh so it must not use many system services.  In
517 * particular, it's much easier to install a special handler than to
518 * guarantee that it's safe to use npxintr() and its supporting code.
519 */
520void
521npxsave(addr)
522	struct save87 *addr;
523{
524	u_char	icu1_mask;
525	u_char	icu2_mask;
526	u_char	old_icu1_mask;
527	u_char	old_icu2_mask;
528	struct gate_descriptor	save_idt_npxintr;
529
530	disable_intr();
531	old_icu1_mask = inb(IO_ICU1 + 1);
532	old_icu2_mask = inb(IO_ICU2 + 1);
533	save_idt_npxintr = idt[npx_intrno];
534	outb(IO_ICU1 + 1, old_icu1_mask & ~(IRQ_SLAVE | npx0_imask));
535	outb(IO_ICU2 + 1, old_icu2_mask & ~(npx0_imask >> 8));
536	idt[npx_intrno] = npx_idt_probeintr;
537	enable_intr();
538	stop_emulating();
539	fnsave(addr);
540	fwait();
541	start_emulating();
542	npxproc = NULL;
543	disable_intr();
544	icu1_mask = inb(IO_ICU1 + 1);	/* masks may have changed */
545	icu2_mask = inb(IO_ICU2 + 1);
546	outb(IO_ICU1 + 1,
547	     (icu1_mask & ~npx0_imask) | (old_icu1_mask & npx0_imask));
548	outb(IO_ICU2 + 1,
549	     (icu2_mask & ~(npx0_imask >> 8))
550	     | (old_icu2_mask & (npx0_imask >> 8)));
551	idt[npx_intrno] = save_idt_npxintr;
552	enable_intr();		/* back to usual state */
553}
554
555#endif /* NNPX > 0 */
556