1 files changed, 360 insertions, 0 deletions
diff --git a/arch/sparc/kernel/wuf.S b/arch/sparc/kernel/wuf.S
new file mode 100644
index 000000000000..d1a266bf103a
--- /dev/null
+++ b/arch/sparc/kernel/wuf.S
@@ -0,0 +1,360 @@
+/* $Id: wuf.S,v 1.39 2000/01/08 16:38:18 anton Exp $
+ * wuf.S: Window underflow trap handler for the Sparc.
+ *
+ * Copyright (C) 1995 David S. Miller
+ */
+#include <asm/contregs.h>
+#include <asm/page.h>
+#include <asm/ptrace.h>
+#include <asm/psr.h>
+#include <asm/smp.h>
+#include <asm/asi.h>
+#include <asm/winmacro.h>
+#include <asm/asmmacro.h>
+#include <asm/thread_info.h>
+/* Just like the overflow handler we define macros for registers
+ * with fixed meanings in this routine.
+ */
+#define t_psr       l0
+#define t_pc        l1
+#define t_npc       l2
+#define t_wim       l3
+/* Don't touch the above registers or else you die horribly... */
+/* Now macros for the available scratch registers in this routine. */
+#define twin_tmp1    l4
+#define twin_tmp2    l5
+#define curptr       g6
+        .text
+        .align  4
+        /* The trap entry point has executed the following:
+         *
+         * rd    %psr, %l0
+         * rd    %wim, %l3
+         * b     fill_window_entry
+         * andcc %l0, PSR_PS, %g0
+         */
+        /* Datum current_thread_info->uwinmask contains at all times a bitmask
+         * where if any user windows are active, at least one bit will
+         * be set in to mask.  If no user windows are active, the bitmask
+         * will be all zeroes.
+         */
+        /* To get an idea of what has just happened to cause this
+         * trap take a look at this diagram:
+         *
+         *      1  2  3  4     <--  Window number
+         *      ----------
+         *      T  O  W  I     <--  Symbolic name
+         *
+         *      O == the window that execution was in when
+         *           the restore was attempted
+         *
+         *      T == the trap itself has save'd us into this
+         *           window
+         *
+         *      W == this window is the one which is now invalid
+         *           and must be made valid plus loaded from the
+         *           stack
+         *
+         *      I == this window will be the invalid one when we
+         *           are done and return from trap if successful
+         */
+        /* BEGINNING OF PATCH INSTRUCTIONS */
+        /* On 7-window Sparc the boot code patches fnwin_patch1
+         * with the following instruction.
+         */
+        .globl  fnwin_patch1_7win, fnwin_patch2_7win
+fnwin_patch1_7win:      srl     %t_wim, 6, %twin_tmp2
+fnwin_patch2_7win:      and     %twin_tmp1, 0x7f, %twin_tmp1
+        /* END OF PATCH INSTRUCTIONS */
+        .globl  fill_window_entry, fnwin_patch1, fnwin_patch2
+fill_window_entry:
+        /* LOCATION: Window 'T' */
+        /* Compute what the new %wim is going to be if we retrieve
+         * the proper window off of the stack.
+         */
+                sll     %t_wim, 1, %twin_tmp1
+fnwin_patch1:   srl     %t_wim, 7, %twin_tmp2
+                or      %twin_tmp1, %twin_tmp2, %twin_tmp1
+fnwin_patch2:   and     %twin_tmp1, 0xff, %twin_tmp1
+        wr      %twin_tmp1, 0x0, %wim   /* Make window 'I' invalid */
+        andcc   %t_psr, PSR_PS, %g0
+        be      fwin_from_user
+         restore        %g0, %g0, %g0           /* Restore to window 'O' */
+        /* Trapped from kernel, we trust that the kernel does not
+         * 'over restore' sorta speak and just grab the window
+         * from the stack and return.  Easy enough.
+         */
+fwin_from_kernel:
+        /* LOCATION: Window 'O' */
+        restore %g0, %g0, %g0
+        /* LOCATION: Window 'W' */
+        LOAD_WINDOW(sp)                 /* Load it up */
+        /* Spin the wheel... */
+        save    %g0, %g0, %g0
+        save    %g0, %g0, %g0
+        /* I'd like to buy a vowel please... */
+        /* LOCATION: Window 'T' */
+        /* Now preserve the condition codes in %psr, pause, and
+         * return from trap.  This is the simplest case of all.
+         */
+        wr      %t_psr, 0x0, %psr
+        WRITE_PAUSE
+        jmp     %t_pc
+        rett    %t_npc
+fwin_from_user:
+        /* LOCATION: Window 'O' */
+        restore %g0, %g0, %g0           /* Restore to window 'W' */
+        /* LOCATION: Window 'W' */
+        /* Branch to the architecture specific stack validation
+         * routine.  They can be found below...
+         */
+        .globl  fwin_mmu_patchme
+fwin_mmu_patchme:       b       sun4c_fwin_stackchk
+                                 andcc  %sp, 0x7, %g0
+#define STACK_OFFSET (THREAD_SIZE - TRACEREG_SZ - STACKFRAME_SZ)
+fwin_user_stack_is_bolixed:
+        /* LOCATION: Window 'W' */
+        /* Place a pt_regs frame on the kernel stack, save back
+         * to the trap window and call c-code to deal with this.
+         */
+        LOAD_CURRENT(l4, l5)
+        sethi   %hi(STACK_OFFSET), %l5
+        or      %l5, %lo(STACK_OFFSET), %l5
+        add     %l4, %l5, %l5
+        /* Store globals into pt_regs frame. */
+        STORE_PT_GLOBALS(l5)
+        STORE_PT_YREG(l5, g3)
+        /* Save current in a global while we change windows. */
+        mov     %l4, %curptr
+        save    %g0, %g0, %g0
+        /* LOCATION: Window 'O' */
+        rd      %psr, %g3               /* Read %psr in live user window */
+        mov     %fp, %g4                /* Save bogus frame pointer. */
+        save    %g0, %g0, %g0
+        /* LOCATION: Window 'T' */
+        sethi   %hi(STACK_OFFSET), %l5
+        or      %l5, %lo(STACK_OFFSET), %l5
+        add     %curptr, %l5, %sp
+        /* Build rest of pt_regs. */
+        STORE_PT_INS(sp)
+        STORE_PT_PRIV(sp, t_psr, t_pc, t_npc)
+        /* re-set trap time %wim value */
+        wr      %t_wim, 0x0, %wim
+        /* Fix users window mask and buffer save count. */
+        mov     0x1, %g5
+        sll     %g5, %g3, %g5
+        st      %g5, [%curptr + TI_UWINMASK]            ! one live user window still
+        st      %g0, [%curptr + TI_W_SAVED]             ! no windows in the buffer
+        wr      %t_psr, PSR_ET, %psr                    ! enable traps
+        nop
+        call    window_underflow_fault
+         mov    %g4, %o0
+        b       ret_trap_entry
+         clr    %l6
+fwin_user_stack_is_ok:
+        /* LOCATION: Window 'W' */
+        /* The users stack area is kosher and mapped, load the
+         * window and fall through to the finish up routine.
+         */
+        LOAD_WINDOW(sp)
+        /* Round and round she goes... */
+        save    %g0, %g0, %g0           /* Save to window 'O' */
+        save    %g0, %g0, %g0           /* Save to window 'T' */
+        /* Where she'll trap nobody knows... */
+        /* LOCATION: Window 'T' */
+fwin_user_finish_up:
+        /* LOCATION: Window 'T' */
+        wr      %t_psr, 0x0, %psr
+        WRITE_PAUSE     
+        jmp     %t_pc
+        rett    %t_npc
+        /* Here come the architecture specific checks for stack.
+         * mappings.  Note that unlike the window overflow handler
+         * we only need to check whether the user can read from
+         * the appropriate addresses.  Also note that we are in
+         * an invalid window which will be loaded, and this means
+         * that until we actually load the window up we are free
+         * to use any of the local registers contained within.
+         *
+         * On success these routine branch to fwin_user_stack_is_ok
+         * if the area at %sp is user readable and the window still
+         * needs to be loaded, else fwin_user_finish_up if the
+         * routine has done the loading itself.  On failure (bogus
+         * user stack) the routine shall branch to the label called
+         * fwin_user_stack_is_bolixed.
+         *
+         * Contrary to the arch-specific window overflow stack
+         * check routines in wof.S, these routines are free to use
+         * any of the local registers they want to as this window
+         * does not belong to anyone at this point, however the
+         * outs and ins are still verboten as they are part of
+         * 'someone elses' window possibly.
+         */
+        .align  4
+        .globl  sun4c_fwin_stackchk
+sun4c_fwin_stackchk:
+        /* LOCATION: Window 'W' */
+        /* Caller did 'andcc %sp, 0x7, %g0' */
+        be      1f
+         and    %sp, 0xfff, %l0         ! delay slot
+        b,a     fwin_user_stack_is_bolixed
+        /* See if we have to check the sanity of one page or two */
+1:
+        add     %l0, 0x38, %l0
+        sra     %sp, 29, %l5
+        add     %l5, 0x1, %l5
+        andncc  %l5, 0x1, %g0
+        be      1f
+         andncc %l0, 0xff8, %g0
+        b,a     fwin_user_stack_is_bolixed      /* %sp is in vma hole, yuck */
+1:
+        be      sun4c_fwin_onepage      /* Only one page to check */
+         lda    [%sp] ASI_PTE, %l1
+sun4c_fwin_twopages:
+        add     %sp, 0x38, %l0
+        sra     %l0, 29, %l5
+        add     %l5, 0x1, %l5
+        andncc  %l5, 0x1, %g0
+        be      1f
+         lda    [%l0] ASI_PTE, %l1
+        b,a     fwin_user_stack_is_bolixed      /* Second page in vma hole */
+1:
+        srl     %l1, 29, %l1
+        andcc   %l1, 0x4, %g0
+        bne     sun4c_fwin_onepage
+         lda    [%sp] ASI_PTE, %l1      
+        b,a     fwin_user_stack_is_bolixed      /* Second page has bad perms */
+sun4c_fwin_onepage:
+        srl     %l1, 29, %l1
+        andcc   %l1, 0x4, %g0
+        bne     fwin_user_stack_is_ok
+         nop
+        /* A page had bad page permissions, losing... */
+        b,a     fwin_user_stack_is_bolixed
+        .globl  srmmu_fwin_stackchk
+srmmu_fwin_stackchk:
+        /* LOCATION: Window 'W' */
+        /* Caller did 'andcc %sp, 0x7, %g0' */
+        bne     fwin_user_stack_is_bolixed
+         sethi   %hi(PAGE_OFFSET), %l5
+        /* Check if the users stack is in kernel vma, then our
+         * trial and error technique below would succeed for
+         * the 'wrong' reason.
+         */
+        mov     AC_M_SFSR, %l4
+        cmp     %l5, %sp
+        bleu    fwin_user_stack_is_bolixed
+         lda    [%l4] ASI_M_MMUREGS, %g0        ! clear fault status
+        /* The technique is, turn off faults on this processor,
+         * just let the load rip, then check the sfsr to see if
+         * a fault did occur.  Then we turn on fault traps again
+         * and branch conditionally based upon what happened.
+         */
+        lda     [%g0] ASI_M_MMUREGS, %l5        ! read mmu-ctrl reg
+        or      %l5, 0x2, %l5                   ! turn on no-fault bit
+        sta     %l5, [%g0] ASI_M_MMUREGS        ! store it
+        /* Cross fingers and go for it. */
+        LOAD_WINDOW(sp)
+        /* A penny 'saved'... */
+        save    %g0, %g0, %g0
+        save    %g0, %g0, %g0
+        /* Is a BADTRAP earned... */
+        /* LOCATION: Window 'T' */
+        lda     [%g0] ASI_M_MMUREGS, %twin_tmp1 ! load mmu-ctrl again
+        andn    %twin_tmp1, 0x2, %twin_tmp1     ! clear no-fault bit
+        sta     %twin_tmp1, [%g0] ASI_M_MMUREGS ! store it
+        mov     AC_M_SFAR, %twin_tmp2
+        lda     [%twin_tmp2] ASI_M_MMUREGS, %g0 ! read fault address
+        mov     AC_M_SFSR, %twin_tmp2
+        lda     [%twin_tmp2] ASI_M_MMUREGS, %twin_tmp2  ! read fault status
+        andcc   %twin_tmp2, 0x2, %g0                    ! did fault occur?
+        bne     1f                                      ! yep, cleanup
+         nop
+        wr      %t_psr, 0x0, %psr
+        nop
+        b       fwin_user_finish_up + 0x4
+         nop
+        /* Did I ever tell you about my window lobotomy?
+         * anyways... fwin_user_stack_is_bolixed expects
+         * to be in window 'W' so make it happy or else
+         * we watchdog badly.
+         */
+1:
+        restore %g0, %g0, %g0
+        b       fwin_user_stack_is_bolixed      ! oh well
+         restore        %g0, %g0, %g0

diff --git a/arch/sparc/kernel/wuf.S b/arch/sparc/kernel/wuf.S new file mode 100644 index 000000000000..d1a266bf103a --- /dev/null +++ b/arch/sparc/kernel/wuf.S
@@ -0,0 +1,360 @@
	1	/* $Id: wuf.S,v 1.39 2000/01/08 16:38:18 anton Exp $
	2	* wuf.S: Window underflow trap handler for the Sparc.
	3	*
	4	* Copyright (C) 1995 David S. Miller
	5	*/
	6
	7	#include <asm/contregs.h>
	8	#include <asm/page.h>
	9	#include <asm/ptrace.h>
	10	#include <asm/psr.h>
	11	#include <asm/smp.h>
	12	#include <asm/asi.h>
	13	#include <asm/winmacro.h>
	14	#include <asm/asmmacro.h>
	15	#include <asm/thread_info.h>
	16
	17	/* Just like the overflow handler we define macros for registers
	18	* with fixed meanings in this routine.
	19	*/
	20	#define t_psr l0
	21	#define t_pc l1
	22	#define t_npc l2
	23	#define t_wim l3
	24	/* Don't touch the above registers or else you die horribly... */
	25
	26	/* Now macros for the available scratch registers in this routine. */
	27	#define twin_tmp1 l4
	28	#define twin_tmp2 l5
	29
	30	#define curptr g6
	31
	32	.text
	33	.align 4
	34
	35	/* The trap entry point has executed the following:
	36	*
	37	* rd %psr, %l0
	38	* rd %wim, %l3
	39	* b fill_window_entry
	40	* andcc %l0, PSR_PS, %g0
	41	*/
	42
	43	/* Datum current_thread_info->uwinmask contains at all times a bitmask
	44	* where if any user windows are active, at least one bit will
	45	* be set in to mask. If no user windows are active, the bitmask
	46	* will be all zeroes.
	47	*/
	48
	49	/* To get an idea of what has just happened to cause this
	50	* trap take a look at this diagram:
	51	*
	52	* 1 2 3 4 <-- Window number
	53	* ----------
	54	* T O W I <-- Symbolic name
	55	*
	56	* O == the window that execution was in when
	57	* the restore was attempted
	58	*
	59	* T == the trap itself has save'd us into this
	60	* window
	61	*
	62	* W == this window is the one which is now invalid
	63	* and must be made valid plus loaded from the
	64	* stack
	65	*
	66	* I == this window will be the invalid one when we
	67	* are done and return from trap if successful
	68	*/
	69
	70	/* BEGINNING OF PATCH INSTRUCTIONS */
	71
	72	/* On 7-window Sparc the boot code patches fnwin_patch1
	73	* with the following instruction.
	74	*/
	75	.globl fnwin_patch1_7win, fnwin_patch2_7win
	76	fnwin_patch1_7win: srl %t_wim, 6, %twin_tmp2
	77	fnwin_patch2_7win: and %twin_tmp1, 0x7f, %twin_tmp1
	78	/* END OF PATCH INSTRUCTIONS */
	79
	80	.globl fill_window_entry, fnwin_patch1, fnwin_patch2
	81	fill_window_entry:
	82	/* LOCATION: Window 'T' */
	83
	84	/* Compute what the new %wim is going to be if we retrieve
	85	* the proper window off of the stack.
	86	*/
	87	sll %t_wim, 1, %twin_tmp1
	88	fnwin_patch1: srl %t_wim, 7, %twin_tmp2
	89	or %twin_tmp1, %twin_tmp2, %twin_tmp1
	90	fnwin_patch2: and %twin_tmp1, 0xff, %twin_tmp1
	91
	92	wr %twin_tmp1, 0x0, %wim /* Make window 'I' invalid */
	93
	94	andcc %t_psr, PSR_PS, %g0
	95	be fwin_from_user
	96	restore %g0, %g0, %g0 /* Restore to window 'O' */
	97
	98	/* Trapped from kernel, we trust that the kernel does not
	99	* 'over restore' sorta speak and just grab the window
	100	* from the stack and return. Easy enough.
	101	*/
	102	fwin_from_kernel:
	103	/* LOCATION: Window 'O' */
	104
	105	restore %g0, %g0, %g0
	106
	107	/* LOCATION: Window 'W' */
	108
	109	LOAD_WINDOW(sp) /* Load it up */
	110
	111	/* Spin the wheel... */
	112	save %g0, %g0, %g0
	113	save %g0, %g0, %g0
	114	/* I'd like to buy a vowel please... */
	115
	116	/* LOCATION: Window 'T' */
	117
	118	/* Now preserve the condition codes in %psr, pause, and
	119	* return from trap. This is the simplest case of all.
	120	*/
	121	wr %t_psr, 0x0, %psr
	122	WRITE_PAUSE
	123
	124	jmp %t_pc
	125	rett %t_npc
	126
	127	fwin_from_user:
	128	/* LOCATION: Window 'O' */
	129
	130	restore %g0, %g0, %g0 /* Restore to window 'W' */
	131
	132	/* LOCATION: Window 'W' */
	133
	134	/* Branch to the architecture specific stack validation
	135	* routine. They can be found below...
	136	*/
	137	.globl fwin_mmu_patchme
	138	fwin_mmu_patchme: b sun4c_fwin_stackchk
	139	andcc %sp, 0x7, %g0
	140
	141	#define STACK_OFFSET (THREAD_SIZE - TRACEREG_SZ - STACKFRAME_SZ)
	142
	143	fwin_user_stack_is_bolixed:
	144	/* LOCATION: Window 'W' */
	145
	146	/* Place a pt_regs frame on the kernel stack, save back
	147	* to the trap window and call c-code to deal with this.
	148	*/
	149	LOAD_CURRENT(l4, l5)
	150
	151	sethi %hi(STACK_OFFSET), %l5
	152	or %l5, %lo(STACK_OFFSET), %l5
	153	add %l4, %l5, %l5
	154
	155	/* Store globals into pt_regs frame. */
	156	STORE_PT_GLOBALS(l5)
	157	STORE_PT_YREG(l5, g3)
	158
	159	/* Save current in a global while we change windows. */
	160	mov %l4, %curptr
	161
	162	save %g0, %g0, %g0
	163
	164	/* LOCATION: Window 'O' */
	165
	166	rd %psr, %g3 /* Read %psr in live user window */
	167	mov %fp, %g4 /* Save bogus frame pointer. */
	168
	169	save %g0, %g0, %g0
	170
	171	/* LOCATION: Window 'T' */
	172
	173	sethi %hi(STACK_OFFSET), %l5
	174	or %l5, %lo(STACK_OFFSET), %l5
	175	add %curptr, %l5, %sp
	176
	177	/* Build rest of pt_regs. */
	178	STORE_PT_INS(sp)
	179	STORE_PT_PRIV(sp, t_psr, t_pc, t_npc)
	180
	181	/* re-set trap time %wim value */
	182	wr %t_wim, 0x0, %wim
	183
	184	/* Fix users window mask and buffer save count. */
	185	mov 0x1, %g5
	186	sll %g5, %g3, %g5
	187	st %g5, [%curptr + TI_UWINMASK] ! one live user window still
	188	st %g0, [%curptr + TI_W_SAVED] ! no windows in the buffer
	189
	190	wr %t_psr, PSR_ET, %psr ! enable traps
	191	nop
	192	call window_underflow_fault
	193	mov %g4, %o0
	194
	195	b ret_trap_entry
	196	clr %l6
	197
	198	fwin_user_stack_is_ok:
	199	/* LOCATION: Window 'W' */
	200
	201	/* The users stack area is kosher and mapped, load the
	202	* window and fall through to the finish up routine.
	203	*/
	204	LOAD_WINDOW(sp)
	205
	206	/* Round and round she goes... */
	207	save %g0, %g0, %g0 /* Save to window 'O' */
	208	save %g0, %g0, %g0 /* Save to window 'T' */
	209	/* Where she'll trap nobody knows... */
	210
	211	/* LOCATION: Window 'T' */
	212
	213	fwin_user_finish_up:
	214	/* LOCATION: Window 'T' */
	215
	216	wr %t_psr, 0x0, %psr
	217	WRITE_PAUSE
	218
	219	jmp %t_pc
	220	rett %t_npc
	221
	222	/* Here come the architecture specific checks for stack.
	223	* mappings. Note that unlike the window overflow handler
	224	* we only need to check whether the user can read from
	225	* the appropriate addresses. Also note that we are in
	226	* an invalid window which will be loaded, and this means
	227	* that until we actually load the window up we are free
	228	* to use any of the local registers contained within.
	229	*
	230	* On success these routine branch to fwin_user_stack_is_ok
	231	* if the area at %sp is user readable and the window still
	232	* needs to be loaded, else fwin_user_finish_up if the
	233	* routine has done the loading itself. On failure (bogus
	234	* user stack) the routine shall branch to the label called
	235	* fwin_user_stack_is_bolixed.
	236	*
	237	* Contrary to the arch-specific window overflow stack
	238	* check routines in wof.S, these routines are free to use
	239	* any of the local registers they want to as this window
	240	* does not belong to anyone at this point, however the
	241	* outs and ins are still verboten as they are part of
	242	* 'someone elses' window possibly.
	243	*/
	244
	245	.align 4
	246	.globl sun4c_fwin_stackchk
	247	sun4c_fwin_stackchk:
	248	/* LOCATION: Window 'W' */
	249
	250	/* Caller did 'andcc %sp, 0x7, %g0' */
	251	be 1f
	252	and %sp, 0xfff, %l0 ! delay slot
	253
	254	b,a fwin_user_stack_is_bolixed
	255
	256	/* See if we have to check the sanity of one page or two */
	257	1:
	258	add %l0, 0x38, %l0
	259	sra %sp, 29, %l5
	260	add %l5, 0x1, %l5
	261	andncc %l5, 0x1, %g0
	262	be 1f
	263	andncc %l0, 0xff8, %g0
	264
	265	b,a fwin_user_stack_is_bolixed /* %sp is in vma hole, yuck */
	266
	267	1:
	268	be sun4c_fwin_onepage /* Only one page to check */
	269	lda [%sp] ASI_PTE, %l1
	270	sun4c_fwin_twopages:
	271	add %sp, 0x38, %l0
	272	sra %l0, 29, %l5
	273	add %l5, 0x1, %l5
	274	andncc %l5, 0x1, %g0
	275	be 1f
	276	lda [%l0] ASI_PTE, %l1
	277
	278	b,a fwin_user_stack_is_bolixed /* Second page in vma hole */
	279
	280	1:
	281	srl %l1, 29, %l1
	282	andcc %l1, 0x4, %g0
	283	bne sun4c_fwin_onepage
	284	lda [%sp] ASI_PTE, %l1
	285
	286	b,a fwin_user_stack_is_bolixed /* Second page has bad perms */
	287
	288	sun4c_fwin_onepage:
	289	srl %l1, 29, %l1
	290	andcc %l1, 0x4, %g0
	291	bne fwin_user_stack_is_ok
	292	nop
	293
	294	/* A page had bad page permissions, losing... */
	295	b,a fwin_user_stack_is_bolixed
	296
	297	.globl srmmu_fwin_stackchk
	298	srmmu_fwin_stackchk:
	299	/* LOCATION: Window 'W' */
	300
	301	/* Caller did 'andcc %sp, 0x7, %g0' */
	302	bne fwin_user_stack_is_bolixed
	303	sethi %hi(PAGE_OFFSET), %l5
	304
	305	/* Check if the users stack is in kernel vma, then our
	306	* trial and error technique below would succeed for
	307	* the 'wrong' reason.
	308	*/
	309	mov AC_M_SFSR, %l4
	310	cmp %l5, %sp
	311	bleu fwin_user_stack_is_bolixed
	312	lda [%l4] ASI_M_MMUREGS, %g0 ! clear fault status
	313
	314	/* The technique is, turn off faults on this processor,
	315	* just let the load rip, then check the sfsr to see if
	316	* a fault did occur. Then we turn on fault traps again
	317	* and branch conditionally based upon what happened.
	318	*/
	319	lda [%g0] ASI_M_MMUREGS, %l5 ! read mmu-ctrl reg
	320	or %l5, 0x2, %l5 ! turn on no-fault bit
	321	sta %l5, [%g0] ASI_M_MMUREGS ! store it
	322
	323	/* Cross fingers and go for it. */
	324	LOAD_WINDOW(sp)
	325
	326	/* A penny 'saved'... */
	327	save %g0, %g0, %g0
	328	save %g0, %g0, %g0
	329	/* Is a BADTRAP earned... */
	330
	331	/* LOCATION: Window 'T' */
	332
	333	lda [%g0] ASI_M_MMUREGS, %twin_tmp1 ! load mmu-ctrl again
	334	andn %twin_tmp1, 0x2, %twin_tmp1 ! clear no-fault bit
	335	sta %twin_tmp1, [%g0] ASI_M_MMUREGS ! store it
	336
	337	mov AC_M_SFAR, %twin_tmp2
	338	lda [%twin_tmp2] ASI_M_MMUREGS, %g0 ! read fault address
	339
	340	mov AC_M_SFSR, %twin_tmp2
	341	lda [%twin_tmp2] ASI_M_MMUREGS, %twin_tmp2 ! read fault status
	342	andcc %twin_tmp2, 0x2, %g0 ! did fault occur?
	343
	344	bne 1f ! yep, cleanup
	345	nop
	346
	347	wr %t_psr, 0x0, %psr
	348	nop
	349	b fwin_user_finish_up + 0x4
	350	nop
	351
	352	/* Did I ever tell you about my window lobotomy?
	353	* anyways... fwin_user_stack_is_bolixed expects
	354	* to be in window 'W' so make it happy or else
	355	* we watchdog badly.
	356	*/
	357	1:
	358	restore %g0, %g0, %g0
	359	b fwin_user_stack_is_bolixed ! oh well
	360	restore %g0, %g0, %g0