Index: alpha/locore.s
===================================================================
RCS file: /cvs/src/sys/arch/alpha/alpha/locore.s,v
retrieving revision 1.41
diff -u -p -r1.41 locore.s
--- alpha/locore.s	11 Jun 2015 17:26:17 -0000	1.41
+++ alpha/locore.s	17 Jun 2015 04:39:11 -0000
@@ -883,65 +883,81 @@ LEAF(copystr, 4)
 
 4:	mov	zero, v0		/* return 0. */
 	RET
-	END(copystr)
+END(copystr)
 
 NESTED(copyinstr, 4, 16, ra, IM_RA|IM_S0, 0)
 	LDGP(pv)
+
+	ldiq	t0, VM_MAX_ADDRESS		/* make sure that src addr   */
+	cmpult	a0, t0, t1			/* is in user space.	     */
+	beq	t1, copy_fault			/* if it's not, error out.   */
+
 	lda	sp, -16(sp)			/* set up stack frame	     */
 	stq	ra, (16-8)(sp)			/* save ra		     */
 	stq	s0, (16-16)(sp)			/* save s0		     */
+
 	/* Note: GET_CURPROC clobbers v0, t0, t8...t11. */
 	GET_CURPROC
-	mov	v0, s0
-	ldiq	t0, VM_MAX_ADDRESS		/* make sure that src addr   */
-	cmpult	a0, t0, t1			/* is in user space.	     */
-	beq	t1, copyerr			/* if it's not, error out.   */
-	lda	v0, copyerr			/* set up fault handler.     */
 	.set noat
-	ldq	at_reg, 0(s0)
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	v0, U_PCB_ONFAULT(at_reg)
+	ldq	at_reg, 0(v0)
+	ldq	s0, P_ADDR(at_reg)
 	.set at
+
+	ldq	t0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	bne	t0, copy_enter_panic
+
+	lda	t0, copyerr			/* set up fault handler.     */
+	stq	t0, U_PCB_ONFAULT(s0)
+
 	CALL(copystr)				/* do the copy.		     */
-	.set noat
-	ldq	at_reg, 0(s0)			/* kill the fault handler.   */
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	zero, U_PCB_ONFAULT(at_reg)
-	.set at
+
+	ldq	t0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	beq	t0, copy_leave_panic
+
+	stq	zero, U_PCB_ONFAULT(s0)		/* kill the fault handler.   */
+
 	ldq	ra, (16-8)(sp)			/* restore ra.		     */
 	ldq	s0, (16-16)(sp)			/* restore s0.		     */
 	lda	sp, 16(sp)			/* kill stack frame.	     */
 	RET					/* v0 left over from copystr */
-	END(copyinstr)
+END(copyinstr)
 
 NESTED(copyoutstr, 4, 16, ra, IM_RA|IM_S0, 0)
 	LDGP(pv)
+
+	ldiq	t0, VM_MAX_ADDRESS		/* make sure that dest addr  */
+	cmpult	a1, t0, t1			/* is in user space.	     */
+	beq	t1, copy_fault			/* if it's not, error out.   */
+
 	lda	sp, -16(sp)			/* set up stack frame	     */
 	stq	ra, (16-8)(sp)			/* save ra		     */
 	stq	s0, (16-16)(sp)			/* save s0		     */
+
 	/* Note: GET_CURPROC clobbers v0, t0, t8...t11. */
 	GET_CURPROC
-	mov	v0, s0
-	ldiq	t0, VM_MAX_ADDRESS		/* make sure that dest addr  */
-	cmpult	a1, t0, t1			/* is in user space.	     */
-	beq	t1, copyerr			/* if it's not, error out.   */
-	lda	v0, copyerr			/* set up fault handler.     */
 	.set noat
-	ldq	at_reg, 0(s0)
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	v0, U_PCB_ONFAULT(at_reg)
+	ldq	at_reg, 0(v0)
+	ldq	s0, P_ADDR(at_reg)
 	.set at
+
+	ldq	t0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	bne	t0, copy_enter_panic
+
+	lda	t0, copyerr			/* set up fault handler.     */
+	stq	t0, U_PCB_ONFAULT(s0)
+
 	CALL(copystr)				/* do the copy.		     */
-	.set noat
-	ldq	at_reg, 0(s0)			/* kill the fault handler.   */
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	zero, U_PCB_ONFAULT(at_reg)
-	.set at
+
+	ldq	t0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	beq	t0, copy_leave_panic
+
+	stq	zero, U_PCB_ONFAULT(s0)		/* kill the fault handler.   */
+
 	ldq	ra, (16-8)(sp)			/* restore ra.		     */
 	ldq	s0, (16-16)(sp)			/* restore s0.		     */
 	lda	sp, 16(sp)			/* kill stack frame.	     */
 	RET					/* v0 left over from copystr */
-	END(copyoutstr)
+END(copyoutstr)
 
 /*
  * kcopy(const void *src, void *dst, size_t len);
@@ -1000,76 +1016,122 @@ END(kcopyerr)
 
 NESTED(copyin, 3, 16, ra, IM_RA|IM_S0, 0)
 	LDGP(pv)
+
+	ldiq	t0, VM_MAX_ADDRESS		/* make sure that src addr   */
+	cmpult	a0, t0, t1			/* is in user space.	     */
+	beq	t1, copy_fault			/* if it's not, error out.   */
+
 	lda	sp, -16(sp)			/* set up stack frame	     */
 	stq	ra, (16-8)(sp)			/* save ra		     */
 	stq	s0, (16-16)(sp)			/* save s0		     */
+
 	/* Note: GET_CURPROC clobbers v0, t0, t8...t11. */
 	GET_CURPROC
-	mov	v0, s0
-	ldiq	t0, VM_MAX_ADDRESS		/* make sure that src addr   */
-	cmpult	a0, t0, t1			/* is in user space.	     */
-	beq	t1, copyerr			/* if it's not, error out.   */
-	lda	v0, copyerr			/* set up fault handler.     */
 	.set noat
-	ldq	at_reg, 0(s0)
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	v0, U_PCB_ONFAULT(at_reg)
+	ldq	at_reg, 0(v0)
+	ldq	s0, P_ADDR(at_reg)
 	.set at
+
+	ldq	v0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	bne	v0, copy_enter_panic
+
+	lda	v0, copyerr			/* set up fault handler.     */
+	stq	v0, U_PCB_ONFAULT(s0)
+
 	CALL(bcopy)				/* do the copy.		     */
-	.set noat
-	ldq	at_reg, 0(s0)			/* kill the fault handler.   */
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	zero, U_PCB_ONFAULT(at_reg)
-	.set at
+
+	ldq	v0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	beq	v0, copy_leave_panic
+
+	stq	zero, U_PCB_ONFAULT(s0)		/* kill the fault handler.   */
+
 	ldq	ra, (16-8)(sp)			/* restore ra.		     */
 	ldq	s0, (16-16)(sp)			/* restore s0.		     */
 	lda	sp, 16(sp)			/* kill stack frame.	     */
 	mov	zero, v0			/* return 0. */
 	RET
-	END(copyin)
+END(copyin)
 
 NESTED(copyout, 3, 16, ra, IM_RA|IM_S0, 0)
 	LDGP(pv)
+
+	ldiq	t0, VM_MAX_ADDRESS		/* make sure that dest addr  */
+	cmpult	a1, t0, t1			/* is in user space.	     */
+	beq	t1, copy_fault			/* if it's not, error out.   */
+
 	lda	sp, -16(sp)			/* set up stack frame	     */
 	stq	ra, (16-8)(sp)			/* save ra		     */
 	stq	s0, (16-16)(sp)			/* save s0		     */
+
 	/* Note: GET_CURPROC clobbers v0, t0, t8...t11. */
 	GET_CURPROC
-	mov	v0, s0
-	ldiq	t0, VM_MAX_ADDRESS		/* make sure that dest addr  */
-	cmpult	a1, t0, t1			/* is in user space.	     */
-	beq	t1, copyerr			/* if it's not, error out.   */
-	lda	v0, copyerr			/* set up fault handler.     */
 	.set noat
-	ldq	at_reg, 0(s0)
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	v0, U_PCB_ONFAULT(at_reg)
+	ldq	at_reg, 0(v0)
+	ldq	s0, P_ADDR(at_reg)
 	.set at
+
+	ldq	v0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	bne	v0, copy_enter_panic
+
+	lda	v0, copyerr			/* set up fault handler.     */
+	stq	v0, U_PCB_ONFAULT(s0)
+
 	CALL(bcopy)				/* do the copy.		     */
-	.set noat
-	ldq	at_reg, 0(s0)			/* kill the fault handler.   */
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	zero, U_PCB_ONFAULT(at_reg)
-	.set at
+
+	ldq	v0, U_PCB_ONFAULT(s0)		/* check if onfault is NULL  */
+	beq	v0, copy_leave_panic
+
+	stq	zero, U_PCB_ONFAULT(s0)		/* kill the fault handler.   */
+
 	ldq	ra, (16-8)(sp)			/* restore ra.		     */
 	ldq	s0, (16-16)(sp)			/* restore s0.		     */
 	lda	sp, 16(sp)			/* kill stack frame.	     */
 	mov	zero, v0			/* return 0. */
 	RET
-	END(copyout)
+
+copy_enter_panic:
+	.set at
+	lda	a0, copy_enter_panicmsg
+	CALL(panic)
+	call_pal PAL_bugchk
+
+copy_leave_panic:
+	.set at
+	lda	a0, copy_leave_panicmsg
+	CALL(panic)
+	call_pal PAL_bugchk
+
+	.data
+copy_enter_panicmsg:
+	.asciz	"onfault is not NULL"
+copy_leave_panicmsg:
+	.asciz	"onfault is NULL"
+	.text
+END(copyout)
 
 LEAF(copyerr, 0)
 	LDGP(pv)
-	.set noat
-	ldq	at_reg, 0(s0)			/* kill the fault handler.   */
-	ldq	at_reg, P_ADDR(at_reg)
-	stq	zero, U_PCB_ONFAULT(at_reg)
-	.set at
+	ldq	v0, U_PCB_ONFAULT(s0)		/* check fault handler.      */
+	beq	v0, copyerr_panic
+	stq	zero, U_PCB_ONFAULT(s0)		/* kill the fault handler.   */
+
 	ldq	ra, (16-8)(sp)			/* restore ra.		     */
 	ldq	s0, (16-16)(sp)			/* restore s0.		     */
 	lda	sp, 16(sp)			/* kill stack frame.	     */
+copy_fault:
 	ldiq	v0, EFAULT			/* return EFAULT.	     */
 	RET
+
+copyerr_panic:
+	.set at
+	lda	a0, copyerr_panicmsg
+	CALL(panic)
+	call_pal PAL_bugchk
+
+	.data
+copyerr_panicmsg:
+	.asciz	"onfault is not copyerr"
+	.text
 END(copyerr)
 
 /**************************************************************************/