 @@ -1,14 +1,14 @@
-/* $NetBSD: locore.s,v 1.136 2020/09/19 01:32:16 thorpej Exp $ */
+/* $NetBSD: locore.s,v 1.137 2021/05/23 01:00:53 thorpej Exp $ */
 /*-
  * Copyright (c) 1999, 2000, 2019 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
  * NASA Ames Research Center.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
 @@ -57,27 +57,27 @@
  * rights to redistribute these changes.
  */
 .stabs	__FILE__,100,0,0,kernel_text
 #include "opt_ddb.h"
 #include "opt_kgdb.h"
 #include "opt_multiprocessor.h"
 #include "opt_lockdebug.h"
 #include "opt_compat_netbsd.h"
 #include <machine/asm.h>
-__KERNEL_RCSID(0, "$NetBSD: locore.s,v 1.136 2020/09/19 01:32:16 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: locore.s,v 1.137 2021/05/23 01:00:53 thorpej Exp $");
 #include "assym.h"
 .stabs	__FILE__,132,0,0,kernel_text
 	/* don't reorder instructions; paranoia. */
 	.set noreorder
 	.text
 	.macro	bfalse	reg, dst
 	beq	\reg, \dst
 	.endm
 @@ -977,26 +977,31 @@ NESTED(copyoutstr, 4, 16, ra, IM_RA|IM_S
 	lda	sp, 16(sp)			/* kill stack frame.	     */
 	RET					/* v0 left over from copystr */
 	END(copyoutstr)
 /*
  * kcopy(const void *src, void *dst, size_t len);
+ *
  * Copy len bytes from src to dst, aborting if we encounter a fatal
  * page fault.
+ *
  * kcopy() _must_ save and restore the old fault handler since it is
  * called by uiomove(), which may be in the path of servicing a non-fatal
  * page fault.
+ *
  * N.B. This implementation is a wrapper around memcpy(), which is
  * implemented in src/common/lib/libc/arch/alpha/string/bcopy.S.
  * This is safe ONLY because we know that, as implemented, it is
  * a LEAF function (and thus does not use any callee-saved registers).
  */
 NESTED(kcopy, 3, 32, ra, IM_RA|IM_S0|IM_S1, 0)
 	LDGP(pv)
 	lda	sp, -32(sp)			/* set up stack frame	     */
 	stq	ra, (32-8)(sp)			/* save ra		     */
 	stq	s0, (32-16)(sp)			/* save s0		     */
 	stq	s1, (32-24)(sp)			/* save s1		     */
 	/* Swap a0, a1, for call to memcpy(). */
 	mov	a1, v0
 	mov	a0, a1
 	mov	v0, a0
 	/* Note: GET_CURLWP clobbers v0, t0, t8...t11. */
 	GET_CURLWP
 @@ -1006,30 +1011,27 @@ NESTED(kcopy, 3, 32, ra, IM_RA|IM_S0|IM_
 	stq	v0, PCB_ONFAULT(s1)
 	CALL(memcpy)				/* do the copy.		     */
 	stq	s0, PCB_ONFAULT(s1)		/* restore the old handler.  */
 	ldq	ra, (32-8)(sp)			/* restore ra.		     */
 	ldq	s0, (32-16)(sp)			/* restore s0.		     */
 	ldq	s1, (32-24)(sp)			/* restore s1.		     */
 	lda	sp, 32(sp)			/* kill stack frame.	     */
 	mov	zero, v0			/* return 0. */
 	RET
 	END(kcopy)
 LEAF(kcopyerr, 0)
 	LDGP(pv)
-	.set noat
+	stq	s0, PCB_ONFAULT(s1)		/* s1 == pcb (from above)    */
 	ldq	at_reg, L_PCB(s1)		/* restore the old handler.  */
 	stq	s0, PCB_ONFAULT(at_reg)
 	.set at
 	ldq	ra, (32-8)(sp)			/* restore ra.		     */
 	ldq	s0, (32-16)(sp)			/* restore s0.		     */
 	ldq	s1, (32-24)(sp)			/* restore s1.		     */
 	lda	sp, 32(sp)			/* kill stack frame.	     */
 	RET
 END(kcopyerr)
 NESTED(copyin, 3, 16, ra, IM_RA|IM_S0, 0)
 	LDGP(pv)
 	lda	sp, -16(sp)			/* set up stack frame	     */
 	stq	ra, (16-8)(sp)			/* save ra		     */
 	stq	s0, (16-16)(sp)			/* save s0		     */
 	ldiq	t0, VM_MAX_ADDRESS		/* make sure that src addr   */