2 * Copyright (c) 2003 Peter Wemm.
3 * Copyright (c) 1993 The Regents of the University of California.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <machine/asmacros.h>
36 #include <machine/specialreg.h>
37 #include <machine/pmap.h>
46 movq $PAGE_SIZE/8,%rcx
65 * pagecopy(%rdi=from, %rsi=to)
69 movq $PAGE_SIZE/8,%rcx
87 * The loop takes 29 bytes. Ensure that it doesn't cross a 32-byte
92 movnti %rax,(%rdi,%rdx)
93 movnti %rax,8(%rdi,%rdx)
94 movnti %rax,16(%rdi,%rdx)
95 movnti %rax,24(%rdi,%rdx)
104 * memcmpy(b1, b2, len)
116 movzbl (%rdi,%rcx,1),%eax
117 movzbl (%rsi,%rcx,1),%r8d
123 movzbl (%rdi,%rcx,1),%eax
124 movzbl (%rsi,%rcx,1),%r8d
130 movzbl (%rdi,%rcx,1),%eax
131 movzbl (%rsi,%rcx,1),%r8d
137 movzbl (%rdi,%rcx,1),%eax
138 movzbl (%rsi,%rcx,1),%r8d
198 * memmove(dst, src, cnt)
203 * Register state at entry is supposed to be as follows:
208 * The macro possibly clobbers the above and: rcx, r8, r9, 10
209 * It does not clobber rax nor r11.
211 .macro MEMMOVE erms overlap begin end
215 * For sizes 0..32 all data is read before it is written, so there
216 * is no correctness issue with direction of copying.
224 cmpq %rcx,%r8 /* overlapping && src < dst? */
255 movq -16(%rsi,%rcx),%r9
256 movq -8(%rsi,%rcx),%r10
259 movq %r9,-16(%rdi,%rcx)
260 movq %r10,-8(%rdi,%rcx)
268 movq -8(%rsi,%rcx),%r8
270 movq %r8,-8(%rdi,%rcx,)
278 movl -4(%rsi,%rcx),%r8d
280 movl %r8d,-4(%rdi,%rcx)
288 movzwl -2(%rsi,%rcx),%r8d
290 movw %r8w,-2(%rdi,%rcx)
311 shrq $3,%rcx /* copy by 64-bit words */
315 andl $7,%ecx /* any bytes left? */
326 leaq -16(%rdx,%rcx),%rdx
328 leaq 16(%rdi,%rcx),%rdi
329 leaq 16(%rsi,%rcx),%rsi
337 shrq $3,%rcx /* copy by 64-bit words */
343 andl $7,%ecx /* any bytes left? */
358 leaq -8(%rdi,%rcx),%rdi
359 leaq -8(%rsi,%rcx),%rsi
433 leaq -1(%rdi,%rcx),%rdi
434 leaq -1(%rsi,%rcx),%rsi
439 leaq -8(%rdi,%rcx),%rdi
440 leaq -8(%rsi,%rcx),%rsi
465 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
469 MEMMOVE erms=1 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
473 * memcpy(dst, src, len)
476 * Note: memcpy does not support overlapping copies
479 MEMMOVE erms=0 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
483 MEMMOVE erms=1 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
487 * memset(dst, c, len)
495 movabs $0x0101010101010101,%r10
515 movq %r10,-16(%rdi,%rcx)
516 movq %r10,-8(%rdi,%rcx)
526 movq %r10,-16(%rdi,%rcx)
527 movq %r10,-8(%rdi,%rcx)
535 movq %r10,-8(%rdi,%rcx)
543 movl %r10d,-4(%rdi,%rcx)
551 movw %r10w,-2(%rdi,%rcx)
584 movq %r10,-8(%rdi,%rdx)
594 leaq -16(%rcx,%r8),%rcx
596 leaq 16(%rdi,%r8),%rdi
608 /* fillw(pat, base, cnt) */
609 /* %rdi,%rsi, %rdx */
621 /*****************************************************************************/
622 /* copyout and fubyte family */
623 /*****************************************************************************/
625 * Access user memory from inside the kernel. These routines should be
626 * the only places that do this.
628 * These routines set curpcb->pcb_onfault for the time they execute. When a
629 * protection violation occurs inside the functions, the trap handler
630 * returns to *curpcb->pcb_onfault instead of the function.
633 .macro SMAP_DISABLE smap
640 .macro SMAP_ENABLE smap
646 .macro COPYINOUT_BEGIN
650 movq %rax,PCB_ONFAULT(%r11)
654 .macro COPYINOUT_SMAP_END
660 * copyout(from_kernel, to_user, len)
663 .macro COPYOUT smap erms
665 movq PCPU(CURPCB),%r11
666 movq $copy_fault,PCB_ONFAULT(%r11)
669 * Check explicitly for non-user addresses. If 486 write protection
670 * is being used, this check is essential because we are in kernel
671 * mode so the h/w does not provide any protection against writing
676 * First, prevent address wrapping.
682 * XXX STOP USING VM_MAXUSER_ADDRESS.
683 * It is an end address, not a max, so every time it is used correctly it
684 * looks like there is an off by one error, and of course it caused an off
685 * by one error in several places.
687 movq $VM_MAXUSER_ADDRESS,%rcx
692 * Set return value to zero. Remaining failure mode goes through
698 * Set up arguments for MEMMOVE.
708 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
710 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
715 ENTRY(copyout_nosmap_std)
716 COPYOUT smap=0 erms=0
717 END(copyout_nosmap_std)
719 ENTRY(copyout_smap_std)
720 COPYOUT smap=1 erms=0
721 END(copyout_smap_std)
723 ENTRY(copyout_nosmap_erms)
724 COPYOUT smap=0 erms=1
725 END(copyout_nosmap_erms)
727 ENTRY(copyout_smap_erms)
728 COPYOUT smap=1 erms=1
729 END(copyout_smap_erms)
732 * copyin(from_user, to_kernel, len)
735 .macro COPYIN smap erms
737 movq PCPU(CURPCB),%r11
738 movq $copy_fault,PCB_ONFAULT(%r11)
741 * make sure address is valid
746 movq $VM_MAXUSER_ADDRESS,%rcx
759 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
761 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
766 ENTRY(copyin_nosmap_std)
768 END(copyin_nosmap_std)
770 ENTRY(copyin_smap_std)
774 ENTRY(copyin_nosmap_erms)
776 END(copyin_nosmap_erms)
778 ENTRY(copyin_smap_erms)
780 END(copyin_smap_erms)
783 /* Trap entry clears PSL.AC */
785 movq $0,PCB_ONFAULT(%r11)
791 * casueword32. Compare and set user integer. Returns -1 on fault,
792 * 0 if access was successful. Old value is written to *oldp.
793 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
795 ENTRY(casueword32_nosmap)
797 movq PCPU(CURPCB),%r8
798 movq $fusufault,PCB_ONFAULT(%r8)
800 movq $VM_MAXUSER_ADDRESS-4,%rax
801 cmpq %rax,%rdi /* verify address is valid */
804 movl %esi,%eax /* old */
808 cmpxchgl %ecx,(%rdi) /* new = %ecx */
811 * The old value is in %eax. If the store succeeded it will be the
812 * value we expected (old) from before the store, otherwise it will
813 * be the current value. Save %eax into %esi to prepare the return
818 movq %rax,PCB_ONFAULT(%r8)
821 * Access the oldp after the pcb_onfault is cleared, to correctly
822 * catch corrupted pointer.
824 movl %esi,(%rdx) /* oldp = %rdx */
827 END(casueword32_nosmap)
829 ENTRY(casueword32_smap)
831 movq PCPU(CURPCB),%r8
832 movq $fusufault,PCB_ONFAULT(%r8)
834 movq $VM_MAXUSER_ADDRESS-4,%rax
835 cmpq %rax,%rdi /* verify address is valid */
838 movl %esi,%eax /* old */
843 cmpxchgl %ecx,(%rdi) /* new = %ecx */
847 * The old value is in %eax. If the store succeeded it will be the
848 * value we expected (old) from before the store, otherwise it will
849 * be the current value. Save %eax into %esi to prepare the return
854 movq %rax,PCB_ONFAULT(%r8)
857 * Access the oldp after the pcb_onfault is cleared, to correctly
858 * catch corrupted pointer.
860 movl %esi,(%rdx) /* oldp = %rdx */
863 END(casueword32_smap)
866 * casueword. Compare and set user long. Returns -1 on fault,
867 * 0 if access was successful. Old value is written to *oldp.
868 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
870 ENTRY(casueword_nosmap)
872 movq PCPU(CURPCB),%r8
873 movq $fusufault,PCB_ONFAULT(%r8)
875 movq $VM_MAXUSER_ADDRESS-4,%rax
876 cmpq %rax,%rdi /* verify address is valid */
879 movq %rsi,%rax /* old */
883 cmpxchgq %rcx,(%rdi) /* new = %rcx */
886 * The old value is in %rax. If the store succeeded it will be the
887 * value we expected (old) from before the store, otherwise it will
888 * be the current value.
892 movq %rax,PCB_ONFAULT(%r8)
896 END(casueword_nosmap)
898 ENTRY(casueword_smap)
900 movq PCPU(CURPCB),%r8
901 movq $fusufault,PCB_ONFAULT(%r8)
903 movq $VM_MAXUSER_ADDRESS-4,%rax
904 cmpq %rax,%rdi /* verify address is valid */
907 movq %rsi,%rax /* old */
912 cmpxchgq %rcx,(%rdi) /* new = %rcx */
916 * The old value is in %rax. If the store succeeded it will be the
917 * value we expected (old) from before the store, otherwise it will
918 * be the current value.
922 movq %rax,PCB_ONFAULT(%r8)
929 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
930 * byte from user memory.
931 * addr = %rdi, valp = %rsi
934 ENTRY(fueword_nosmap)
936 movq PCPU(CURPCB),%rcx
937 movq $fusufault,PCB_ONFAULT(%rcx)
939 movq $VM_MAXUSER_ADDRESS-8,%rax
940 cmpq %rax,%rdi /* verify address is valid */
945 movq %rax,PCB_ONFAULT(%rcx)
953 movq PCPU(CURPCB),%rcx
954 movq $fusufault,PCB_ONFAULT(%rcx)
956 movq $VM_MAXUSER_ADDRESS-8,%rax
957 cmpq %rax,%rdi /* verify address is valid */
964 movq %rax,PCB_ONFAULT(%rcx)
970 ENTRY(fueword32_nosmap)
972 movq PCPU(CURPCB),%rcx
973 movq $fusufault,PCB_ONFAULT(%rcx)
975 movq $VM_MAXUSER_ADDRESS-4,%rax
976 cmpq %rax,%rdi /* verify address is valid */
981 movq %rax,PCB_ONFAULT(%rcx)
985 END(fueword32_nosmap)
987 ENTRY(fueword32_smap)
989 movq PCPU(CURPCB),%rcx
990 movq $fusufault,PCB_ONFAULT(%rcx)
992 movq $VM_MAXUSER_ADDRESS-4,%rax
993 cmpq %rax,%rdi /* verify address is valid */
1000 movq %rax,PCB_ONFAULT(%rcx)
1006 ENTRY(fuword16_nosmap)
1008 movq PCPU(CURPCB),%rcx
1009 movq $fusufault,PCB_ONFAULT(%rcx)
1011 movq $VM_MAXUSER_ADDRESS-2,%rax
1016 movq $0,PCB_ONFAULT(%rcx)
1019 END(fuword16_nosmap)
1021 ENTRY(fuword16_smap)
1023 movq PCPU(CURPCB),%rcx
1024 movq $fusufault,PCB_ONFAULT(%rcx)
1026 movq $VM_MAXUSER_ADDRESS-2,%rax
1033 movq $0,PCB_ONFAULT(%rcx)
1038 ENTRY(fubyte_nosmap)
1040 movq PCPU(CURPCB),%rcx
1041 movq $fusufault,PCB_ONFAULT(%rcx)
1043 movq $VM_MAXUSER_ADDRESS-1,%rax
1048 movq $0,PCB_ONFAULT(%rcx)
1055 movq PCPU(CURPCB),%rcx
1056 movq $fusufault,PCB_ONFAULT(%rcx)
1058 movq $VM_MAXUSER_ADDRESS-1,%rax
1065 movq $0,PCB_ONFAULT(%rcx)
1071 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
1073 * addr = %rdi, value = %rsi
1075 ENTRY(suword_nosmap)
1077 movq PCPU(CURPCB),%rcx
1078 movq $fusufault,PCB_ONFAULT(%rcx)
1080 movq $VM_MAXUSER_ADDRESS-8,%rax
1081 cmpq %rax,%rdi /* verify address validity */
1086 movq PCPU(CURPCB),%rcx
1087 movq %rax,PCB_ONFAULT(%rcx)
1094 movq PCPU(CURPCB),%rcx
1095 movq $fusufault,PCB_ONFAULT(%rcx)
1097 movq $VM_MAXUSER_ADDRESS-8,%rax
1098 cmpq %rax,%rdi /* verify address validity */
1105 movq PCPU(CURPCB),%rcx
1106 movq %rax,PCB_ONFAULT(%rcx)
1111 ENTRY(suword32_nosmap)
1113 movq PCPU(CURPCB),%rcx
1114 movq $fusufault,PCB_ONFAULT(%rcx)
1116 movq $VM_MAXUSER_ADDRESS-4,%rax
1117 cmpq %rax,%rdi /* verify address validity */
1122 movq PCPU(CURPCB),%rcx
1123 movq %rax,PCB_ONFAULT(%rcx)
1126 END(suword32_nosmap)
1128 ENTRY(suword32_smap)
1130 movq PCPU(CURPCB),%rcx
1131 movq $fusufault,PCB_ONFAULT(%rcx)
1133 movq $VM_MAXUSER_ADDRESS-4,%rax
1134 cmpq %rax,%rdi /* verify address validity */
1141 movq PCPU(CURPCB),%rcx
1142 movq %rax,PCB_ONFAULT(%rcx)
1147 ENTRY(suword16_nosmap)
1149 movq PCPU(CURPCB),%rcx
1150 movq $fusufault,PCB_ONFAULT(%rcx)
1152 movq $VM_MAXUSER_ADDRESS-2,%rax
1153 cmpq %rax,%rdi /* verify address validity */
1158 movq %rax,PCB_ONFAULT(%rcx)
1161 END(suword16_nosmap)
1163 ENTRY(suword16_smap)
1165 movq PCPU(CURPCB),%rcx
1166 movq $fusufault,PCB_ONFAULT(%rcx)
1168 movq $VM_MAXUSER_ADDRESS-2,%rax
1169 cmpq %rax,%rdi /* verify address validity */
1176 movq %rax,PCB_ONFAULT(%rcx)
1181 ENTRY(subyte_nosmap)
1183 movq PCPU(CURPCB),%rcx
1184 movq $fusufault,PCB_ONFAULT(%rcx)
1186 movq $VM_MAXUSER_ADDRESS-1,%rax
1187 cmpq %rax,%rdi /* verify address validity */
1193 movq %rax,PCB_ONFAULT(%rcx)
1200 movq PCPU(CURPCB),%rcx
1201 movq $fusufault,PCB_ONFAULT(%rcx)
1203 movq $VM_MAXUSER_ADDRESS-1,%rax
1204 cmpq %rax,%rdi /* verify address validity */
1212 movq %rax,PCB_ONFAULT(%rcx)
1218 /* Fault entry clears PSL.AC */
1220 movq PCPU(CURPCB),%rcx
1222 movq %rax,PCB_ONFAULT(%rcx)
1228 * copyinstr(from, to, maxlen, int *lencopied)
1229 * %rdi, %rsi, %rdx, %rcx
1231 * copy a string from 'from' to 'to', stop when a 0 character is reached.
1232 * return ENAMETOOLONG if string is longer than maxlen, and
1233 * EFAULT on protection violations. If lencopied is non-zero,
1234 * return the actual length in *lencopied.
1236 .macro COPYINSTR smap
1238 movq %rdx,%r8 /* %r8 = maxlen */
1239 movq PCPU(CURPCB),%r9
1240 movq $cpystrflt,PCB_ONFAULT(%r9)
1242 movq $VM_MAXUSER_ADDRESS,%rax
1244 /* make sure 'from' is within bounds */
1250 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
1258 jz copyinstr_toolong
1260 jz copyinstr_toolong_smap
1272 /* Success -- 0 byte reached */
1276 /* set *lencopied and return %eax */
1277 movq %rax,PCB_ONFAULT(%r9)
1294 ENTRY(copyinstr_nosmap)
1296 END(copyinstr_nosmap)
1298 ENTRY(copyinstr_smap)
1303 /* Fault entry clears PSL.AC */
1306 /* set *lencopied and return %eax */
1307 movq $0,PCB_ONFAULT(%r9)
1317 copyinstr_toolong_smap:
1320 /* rdx is zero - return ENAMETOOLONG or EFAULT */
1321 movq $VM_MAXUSER_ADDRESS,%rax
1324 movl $ENAMETOOLONG,%eax
1328 * copystr(from, to, maxlen, int *lencopied)
1329 * %rdi, %rsi, %rdx, %rcx
1333 movq %rdx,%r8 /* %r8 = maxlen */
1346 /* Success -- 0 byte reached */
1352 /* set *lencopied and return %rax */
1359 /* rdx is zero -- return ENAMETOOLONG */
1360 movl $ENAMETOOLONG,%eax
1365 * Handling of special amd64 registers and descriptor tables etc
1367 /* void lgdt(struct region_descriptor *rdp); */
1369 /* reload the descriptor table */
1372 /* flush the prefetch q */
1379 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1383 /* reload code selector by turning return into intersegmental return */
1391 /*****************************************************************************/
1392 /* setjump, longjump */
1393 /*****************************************************************************/
1396 movq %rbx,0(%rdi) /* save rbx */
1397 movq %rsp,8(%rdi) /* save rsp */
1398 movq %rbp,16(%rdi) /* save rbp */
1399 movq %r12,24(%rdi) /* save r12 */
1400 movq %r13,32(%rdi) /* save r13 */
1401 movq %r14,40(%rdi) /* save r14 */
1402 movq %r15,48(%rdi) /* save r15 */
1403 movq 0(%rsp),%rdx /* get rta */
1404 movq %rdx,56(%rdi) /* save rip */
1405 xorl %eax,%eax /* return(0); */
1410 movq 0(%rdi),%rbx /* restore rbx */
1411 movq 8(%rdi),%rsp /* restore rsp */
1412 movq 16(%rdi),%rbp /* restore rbp */
1413 movq 24(%rdi),%r12 /* restore r12 */
1414 movq 32(%rdi),%r13 /* restore r13 */
1415 movq 40(%rdi),%r14 /* restore r14 */
1416 movq 48(%rdi),%r15 /* restore r15 */
1417 movq 56(%rdi),%rdx /* get rta */
1418 movq %rdx,0(%rsp) /* put in return frame */
1419 xorl %eax,%eax /* return(1); */
1425 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1429 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1431 movq PCPU(CURPCB),%r8
1432 movq $msr_onfault,PCB_ONFAULT(%r8)
1434 rdmsr /* Read MSR pointed by %ecx. Returns
1435 hi byte in edx, lo in %eax */
1436 salq $32,%rdx /* sign-shift %rdx left */
1437 movl %eax,%eax /* zero-extend %eax -> %rax */
1441 movq %rax,PCB_ONFAULT(%r8)
1446 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1450 /* int wrmsr_safe(u_int msr, uint64_t data) */
1452 movq PCPU(CURPCB),%r8
1453 movq $msr_onfault,PCB_ONFAULT(%r8)
1458 wrmsr /* Write MSR pointed by %ecx. Accepts
1459 hi byte in edx, lo in %eax. */
1461 movq %rax,PCB_ONFAULT(%r8)
1466 * MSR operations fault handler
1470 movq $0,PCB_ONFAULT(%r8)
1476 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1477 * Invalidates address space addressed by ucr3, then returns to kcr3.
1478 * Done in assembler to ensure no other memory accesses happen while
1482 ENTRY(pmap_pti_pcid_invalidate)
1485 movq %rdi,%cr3 /* to user page table */
1486 movq %rsi,%cr3 /* back to kernel */
1491 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1492 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1495 ENTRY(pmap_pti_pcid_invlpg)
1498 movq %rdi,%cr3 /* to user page table */
1500 movq %rsi,%cr3 /* back to kernel */
1505 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1507 * Invalidates virtual addresses between sva and eva in address space ucr3,
1508 * then returns to kcr3.
1511 ENTRY(pmap_pti_pcid_invlrng)
1514 movq %rdi,%cr3 /* to user page table */
1516 addq $PAGE_SIZE,%rdx
1519 movq %rsi,%cr3 /* back to kernel */
1524 .macro ibrs_seq_label l
1527 .macro ibrs_call_label l
1530 .macro ibrs_seq count
1533 ibrs_call_label %(ll)
1535 ibrs_seq_label %(ll)
1541 /* all callers already saved %rax, %rdx, and %rcx */
1542 ENTRY(handle_ibrs_entry)
1543 cmpb $0,hw_ibrs_active(%rip)
1545 movl $MSR_IA32_SPEC_CTRL,%ecx
1547 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1548 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1550 movb $1,PCPU(IBPB_SET)
1551 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1555 END(handle_ibrs_entry)
1557 ENTRY(handle_ibrs_exit)
1558 cmpb $0,PCPU(IBPB_SET)
1560 movl $MSR_IA32_SPEC_CTRL,%ecx
1562 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1563 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1565 movb $0,PCPU(IBPB_SET)
1567 END(handle_ibrs_exit)
1569 /* registers-neutral version, but needs stack */
1570 ENTRY(handle_ibrs_exit_rs)
1571 cmpb $0,PCPU(IBPB_SET)
1576 movl $MSR_IA32_SPEC_CTRL,%ecx
1578 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1579 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1584 movb $0,PCPU(IBPB_SET)
1586 END(handle_ibrs_exit_rs)
1591 * Flush L1D cache. Load enough of the data from the kernel text
1592 * to flush existing L1D content.
1594 * N.B. The function does not follow ABI calling conventions, it corrupts %rbx.
1595 * The vmm.ko caller expects that only %rax, %rdx, %rbx, %rcx, %r9, and %rflags
1596 * registers are clobbered. The NMI handler caller only needs %r13 preserved.
1599 #define L1D_FLUSH_SIZE (64 * 1024)
1601 movq $-L1D_FLUSH_SIZE, %rcx
1603 * pass 1: Preload TLB.
1604 * Kernel text is mapped using superpages. TLB preload is
1605 * done for the benefit of older CPUs which split 2M page
1606 * into 4k TLB entries.
1608 1: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1609 addq $PAGE_SIZE, %rcx
1613 movq $-L1D_FLUSH_SIZE, %rcx
1614 /* pass 2: Read each cache line. */
1615 2: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1620 #undef L1D_FLUSH_SIZE
1623 ENTRY(flush_l1d_sw_abi)
1628 END(flush_l1d_sw_abi)