kernel panic on ibm4xx-based powerpc box with DDB

To: port-powerpc%netbsd.org@localhost, tech-kern%netbsd.org@localhost
Subject: kernel panic on ibm4xx-based powerpc box with DDB
From: Rin Okuyama <rokuyama%rk.phys.keio.ac.jp@localhost>
Date: Tue, 27 Dec 2016 18:26:10 +0900

I would like to fix port-powerpc/51367,

  http://gnats.netbsd.org/51367

where ibm4xx-based machine is unstable with DDB option is specified.

DDB hooks the program interrupt (EXC_PGM). In the privileged mode,
this is OK. However, in the user mode, it must dispatch directly
to the usual trap handler, in the same manner as OEA:

  http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/arch/powerpc/powerpc/trap_subr.S#rev1.51

Otherwise, for example, a FPU instruction in the user mode triggers
the program interrupt (ibm4xx does not have FPU), which results in
inappropriate execution of DDB handler and kernel panic.

With attached patch, DDB and IPKDB handlers check whether they run
in the privileged or user modes as in a similar manner to
powerpc/trap_subr.S rev >= 1.51, raised above. I've confirmed that
kernel panics are avoided on my OPENBLOCKS266. Can I commit this?

Thanks,
Rin
====
--- src/sys/arch/powerpc/ibm4xx/trap_subr.S.orig	2016-08-11 22:50:25.735573856 +0900
+++ src/sys/arch/powerpc/ibm4xx/trap_subr.S	2016-08-11 23:12:47.087302767 +0900
@@ -204,8 +204,28 @@
 	.globl	_C_LABEL(ddblow),_C_LABEL(ddbsize)
 _C_LABEL(ddblow):
 	mtsprg1	%r1			/* save SP */
+	mtsprg2	%r31			/* save r31 */
+	mfcr	%r31			/* save CR */
+	mfsrr1	%r1
+	mtcr	%r1
 	GET_CPUINFO(%r1)
-	stmw	%r28,CI_DDBSAVE(%r1)	/* free r28-r31 */
+	bf	MSR_PR,1f		/* branch if privileged */
+	mtcr	%r31			/* restore CR */
+	mfsprg2	%r31			/* restore r31 */
+	stmw	%r28,(CI_TEMPSAVE+CPUSAVE_R28)(%r1) /* free r28-r31 */
+	mflr	%r28			/* save LR */
+	mfcr	%r29			/* save CR */
+	mfsrr0	%r30
+	mfsrr1	%r31
+	stmw	%r30,(CI_TEMPSAVE+CPUSAVE_SRR0)(%r1) /* save srr0/srr1 */
+	mfsprg1	%r1			/* restore SP */
+	GET_PCB(%r1)
+	addi	%r1,%r1,USPACE-CALLFRAMELEN /* stack is top of user struct */
+	bla	s_trap
+1:
+	mtcr	%r31			/* restore CR */
+	mfsprg2	%r31			/* restore r31 */
+	stmw	%r28,(CI_DDBSAVE+CPUSAVE_R28)(%r1)	/* free r28-r31 */
 	mflr	%r28			/* save LR */
 	mfcr	%r29			/* save CR */
 	mfsrr0	%r30
@@ -227,8 +247,28 @@
 	.globl	_C_LABEL(ipkdblow),_C_LABEL(ipkdbsize)
 _C_LABEL(ipkdblow):
 	mtsprg1	%r1			/* save SP */
+	mtsprg2	%r31			/* save r31 */
+	mfcr	%r31			/* save CR */
+	mfsrr1	%r1
+	mtcr	%r1
 	GET_CPUINFO(%r1)
-	stmw	%r28,CI_IPKDBSAVE(%r1)	/* free r28-r31 */
+	bf	MSR_PR,1f		/* branch if privileged */
+	mtcr	%r31			/* restore CR */
+	mfsprg2	%r31			/* restore r31 */
+	stmw	%r28,(CI_TEMPSAVE+CPUSAVE_R28)(%r1) /* free r28-r31 */
+	mflr	%r28			/* save LR */
+	mfcr	%r29			/* save CR */
+	mfsrr0	%r30
+	mfsrr1	%r31
+	stmw	%r30,(CI_TEMPSAVE+CPUSAVE_SRR0)(%r1) /* save srr0/srr1 */
+	mfsprg1	%r1			/* restore SP */
+	GET_PCB(%r1)
+	addi	%r1,%r1,USPACE-CALLFRAMELEN /* stack is top of user struct */
+	bla	s_trap
+1:
+	mtcr	%r31			/* restore CR */
+	mfsprg2	%r31			/* restore r31 */
+	stmw	%r28,(CI_IPKDBSAVE+CPUSAVE_R28)(%r1)	/* free r28-r31 */
 	mflr	%r28			/* save LR */
 	mfcr	%r29			/* save CR */
 	mfsrr0	%r30
@@ -536,7 +576,7 @@
 	stw	%r3,(CI_DDBSAVE+CPUSAVE_SRR1)(%r4)
 	wrteei	0			/* disable interrupts */
 	isync
-	stmw	%r28,CI_DDBSAVE(%r4)
+	stmw	%r28,(CI_DDBSAVE+CPUSAVE_R28)(%r4)
 	mflr	%r28
 	stw	%r28,(CI_DDBSAVE+CPUSAVE_SRR0)(%r4)
 	li	%r29,EXC_BPT
@@ -568,7 +608,7 @@
 	stw	%r3,(CI_IPKDBSAVE+CPUSAVE_SRR1)(%r4)
 	wrteei	0			/* disable interrupts */
 	isync
-	stmw	%r28,CI_IPKDBSAVE(%r4)
+	stmw	%r28,(CI_IPKDBSAVE+CPUSAVE_R28)(%r4)
 	mflr	%r28
 	stw	%r28,(CI_IPKDBSAVE+CPUSAVE_SRR0)(%r4)
 	li	%r29,EXC_BPT

Follow-Ups:
- Re: kernel panic on ibm4xx-based powerpc box with DDB
  - From: Matt Thomas

Prev by Date: Re: spurious DIAGNOSTIC message "no disk label"
Next by Date: Re: UVM and the NULL page
Previous by Thread: kernel build failure for evbppc due to uvm_physseg.c
Next by Thread: Re: kernel panic on ibm4xx-based powerpc box with DDB
Indexes:

Home | Main Index | Thread Index | Old Index