- The firmware of Sun Fire V1280 has a misfeature of setting %wstate to

7 which corresponds to WSTATE_KMIX in OpenSolaris whenever calling into
  it which totally screws us even when restoring %wstate afterwards as
  spill/fill traps can happen while in OFW. The rather hackish OpenBSD
  approach of just setting the equivalent of WSTATE_KERNEL to 7 also is
  no option as we treat %wstate as a bit field. So in order to deal with
  this problem actually implement spill/fill handlers for %wstate 7 which
  just act as the WSTATE_KERNEL ones except of theoretically also handling
  32-bit, turn off interrupts completely so we don't even take IPIs while
  in OFW which should ensure we only take spill/fill traps at most and
  restore %wstate after calling into OFW once we have taken over the trap
  table. While at it, actually set WSTATE_{,PROM}_KMIX before calling into
  OFW just like OpenSolaris does, which should at least help testing this
  change on non-V1280.
- Remove comments referring to the %wstate usage in BSD/OS.
- Remove the no longer used RSF_ALIGN_RETRY macro.
- Correct some trap table addresses in comments.
- Ensure %wstate is set to WSTATE_KERNEL when taking over the trap table.
- Ensure PSTATE_AM is off when entering or exiting to OFW as well as that
  interrupts are also completely off when exiting to OFW as the firmware
  trap table shouldn't be used to handle our interrupts.

sys/sparc64/include/wstate.h

@@ -33,7 +33,7 @@
 #define	_MACHINE_WSTATE_H_
 
 /*
- * Window state register bits.
+ * Window state register bits
  *
  * There really are no bits per se, just the two fields WSTATE.NORMAL
  * and WSTATE.OTHER.  The rest is up to software.
@@ -42,37 +42,8 @@
  * (whichever is currently in effect) and WSTATE_OTHER to represent
  * user mode saves (only).
  *
- * We use the low bit to suggest 32-bit mode, with the next bit set
- * once we succeed in saving in some mode.  That is, if the WSTATE_ASSUME
- * bit is set, the spill or fill handler we use will be one that makes
- * an assumption about the proper window-save mode.  If the spill or
- * fill fails with an alignment fault, the spill or fill op should
- * take the `assume' bit away retry the instruction that caused the
- * spill or fill.  This will use the new %wstate, which will test for
- * which mode to use.  The alignment fault code helps us out here by
- * resuming the spill vector at offset +70, where we are allowed to
- * execute two instructions (i.e., write to %wstate and RETRY).
- *
- * If the ASSUME bit is not set when the alignment fault occurs, the
- * given stack pointer is hopelessly wrong (and the spill, if it is a
- * spill, should be done as a sort of "panic spill") -- so those two
- * instructions will be a branch sequence.
- *
  * Note that locore.s assumes this same bit layout (since the translation
  * from "bits" to "{spill,fill}_N_{normal,other}" is done in hardware).
- *
- * The value 0 is preferred for unknown to make it easy to start in
- * unknown state and continue in whichever state unknown succeeds in --
- * a successful "other" save, for instance, can just set %wstate to
- * ASSUMExx << USERSHIFT and thus leave the kernel state "unknown".
- *
- * We also need values for managing the somewhat tricky transition from
- * user to kernel and back, so we use the one remaining free bit to mean
- * "although this looks like kernel mode, the window(s) involved are
- * user windows and should be saved ASI_AIUP".  Everything else is
- * otherwise the same, but we need not bother with assumptions in this
- * mode (we expect it to apply to at most one window spill or fill),
- * i.e., WSTATE_TRANSITION can ignore WSTATE_ASSUME if it likes.
  */
 
 #define	WSTATE_NORMAL_MASK	1	/* wstate normal minus transition */
@@ -88,4 +59,8 @@
 #define	WSTATE_NESTED			/* if set, spill must not fault */ \
 	(WSTATE_TRANSITION << WSTATE_OTHER_SHIFT)
 
+/* Values used by the PROM and (Open)Solaris */
+#define	WSTATE_PROM_KMIX	7
+#define	WSTATE_PROM_MASK	7
+
 #endif /* !_MACHINE_WSTATE_H_ */

sys/sparc64/sparc64/exception.S

@@ -315,15 +315,6 @@ END(tl1_kstack_fault)
  */
 #define	RSF_FILL_INC	tl0_ret_fill_end - tl0_ret_fill
 
-/*
- * Retry a spill or fill with a different wstate due to an alignment fault.
- * We may just be using the wrong stack offset.
- */
-#define	RSF_ALIGN_RETRY(ws) \
-	wrpr	%g0, (ws), %wstate ; \
-	retry ; \
-	.align	16
-
 /*
  * Generate a T_SPILL or T_FILL trap if the window operation fails.
  */
@@ -1716,6 +1707,19 @@ END(tl1_dmmu_prot_trap)
 	RSF_SPILL_TOPCB
 	.endm
 
+	.macro	tl1_spill_7_n
+	btst	1, %sp
+	bnz,a,pn %xcc, tl1_spill_0_n
+	 nop
+	srl	%sp, 0, %sp
+	SPILL(stw, %sp, 4, EMPTY)
+	saved
+	retry
+	.align	32
+	RSF_FATAL(T_SPILL)
+	RSF_FATAL(T_SPILL)
+	.endm
+
 	.macro	tl1_spill_0_o
 	wr	%g0, ASI_AIUP, %asi
 	SPILL(stxa, %sp + SPOFF, 8, %asi)
@@ -1770,6 +1774,19 @@ END(tl1_dmmu_prot_trap)
 	RSF_FILL_MAGIC
 	.endm
 
+	.macro	tl1_fill_7_n
+	btst	1, %sp
+	bnz,a,pt %xcc, tl1_fill_0_n
+	 nop
+	srl	%sp, 0, %sp
+	FILL(lduw, %sp, 4, EMPTY)
+	restored
+	retry
+	.align	32
+	RSF_FATAL(T_FILL)
+	RSF_FATAL(T_FILL)
+	.endm
+
 /*
  * This is used to spill windows that are still occupied with user
  * data on kernel entry to the pcb.
@@ -2016,8 +2033,10 @@ tl1_spill_0_n:
 tl1_spill_2_n:
 	tl1_spill_2_n					! 0x288
 tl1_spill_3_n:
-	tl1_spill_3_n					! 0x29c
-	tl1_spill_bad	4				! 0x290-0x29f
+	tl1_spill_3_n					! 0x28c
+	tl1_spill_bad	3				! 0x290-0x29b
+tl1_spill_7_n:
+	tl1_spill_7_n					! 0x29c
 tl1_spill_0_o:
 	tl1_spill_0_o					! 0x2a0
 tl1_spill_1_o:
@@ -2029,10 +2048,13 @@ tl1_fill_0_n:
 	tl1_fill_0_n					! 0x2c0
 	tl1_fill_bad	1				! 0x2c4
 tl1_fill_2_n:
-	tl1_fill_2_n					! 0x2d0
+	tl1_fill_2_n					! 0x2c8
 tl1_fill_3_n:
-	tl1_fill_3_n					! 0x2d4
-	tl1_fill_bad	12				! 0x2d8-0x2ff
+	tl1_fill_3_n					! 0x2cc
+	tl1_fill_bad	3				! 0x2d0-0x2db
+tl1_fill_7_n:
+	tl1_fill_7_n					! 0x2dc
+	tl1_fill_bad	8				! 0x2e0-0x2ff
 	tl1_reserved	1				! 0x300
 tl1_breakpoint:
 	tl1_gen		T_BREAKPOINT			! 0x301
@@ -2649,7 +2671,7 @@ END(tl0_ret)
  * Kernel trap entry point
  *
  * void tl1_trap(u_int type, u_long o1, u_long o2, u_long tar, u_long sfar,
- *      u_int sfsr)
+ *     u_int sfsr)
  *
  * This is easy because the stack is already setup and the windows don't need
  * to be split.  We build a trapframe and call trap(), the same as above, but

sys/sparc64/sparc64/locore.S

@@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$");
 #include <machine/asi.h>
 #include <machine/asmacros.h>
 #include <machine/pstate.h>
+#include <machine/wstate.h>
 
 #include "assym.s"
 
@@ -139,8 +140,12 @@ ENTRY(cpu_setregs)
 	 * Force trap level 1 and take over the trap table.
 	 */
 	SET(tl0_base, %o2, %o1)
+	SET(tba_taken_over, %o3, %o2)
+	mov	1, %o3
+	wrpr	%g0, WSTATE_KERNEL, %wstate
 	wrpr	%g0, 1, %tl
 	wrpr	%o1, 0, %tba
+	stw	%o3, [%o2]
 
 	/*
 	 * Re-enable interrupts.

sys/sparc64/sparc64/machdep.c

@@ -138,6 +138,7 @@ struct kva_md_info kmi;
 
 u_long ofw_vec;
 u_long ofw_tba;
+u_int tba_taken_over;
 
 char sparc64_model[32];
 
@@ -466,7 +467,7 @@ sparc64_init(caddr_t mdp, u_long o1, u_long o2, u_long o3, ofw_vec_t *vec)
 	/*
 	 * Determine the TLB slot maxima, which are expected to be
 	 * equal across all CPUs.
-	 * NB: for Cheetah-class CPUs, these properties only refer
+	 * NB: for cheetah-class CPUs, these properties only refer
 	 * to the t16s.
 	 */
 	if (OF_getprop(pc->pc_node, "#dtlb-entries", &dtlb_slots,

sys/sparc64/sparc64/support.S

@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
 #include <machine/ktr.h>
 #include <machine/pcb.h>
 #include <machine/pstate.h>
+#include <machine/wstate.h>
 
 #include "assym.s"
 
@@ -751,11 +752,20 @@ ENTRY(ofw_entry)
 	save	%sp, -CCFSZ, %sp
 	SET(ofw_vec, %l7, %l6)
 	ldx	[%l6], %l6
-	rdpr	%pil, %l7
-	wrpr	%g0, PIL_TICK, %pil
-	call	%l6
+	rdpr	%pstate, %l7
+	andn	%l7, PSTATE_AM | PSTATE_IE, %l5
+	wrpr	%l5, 0, %pstate
+	SET(tba_taken_over, %l5, %l4)
+	brz,pn	%l4, 1f
+	 rdpr	%wstate, %l5
+	andn	%l5, WSTATE_PROM_MASK, %l3
+	wrpr	%l3, WSTATE_PROM_KMIX, %wstate
+1:	call	%l6
 	 mov	%i0, %o0
-	wrpr	%l7, 0, %pil
+	brz,pn	%l4, 1f
+	 nop
+	wrpr	%g0, %l5, %wstate
+1:	wrpr	%l7, 0, %pstate
 	ret
 	 restore %o0, %g0, %o0
 END(ofw_entry)
@@ -766,9 +776,14 @@ END(ofw_entry)
 ENTRY(ofw_exit)
 	save	%sp, -CCFSZ, %sp
 	flushw
-	wrpr	%g0, PIL_TICK, %pil
 	SET(ofw_tba, %l7, %l5)
 	ldx	[%l5], %l5
+	rdpr	%pstate, %l7
+	andn	%l7, PSTATE_AM | PSTATE_IE, %l7
+	wrpr	%l7, 0, %pstate
+	rdpr	%wstate, %l7
+	andn	%l7, WSTATE_PROM_MASK, %l7
+	wrpr	%l7, WSTATE_PROM_KMIX, %wstate
 	wrpr	%l5, 0, %tba			! restore the OFW trap table
 	SET(ofw_vec, %l7, %l6)
 	ldx	[%l6], %l6