2 * Copyright (c) 2018-2019 The FreeBSD Foundation
3 * Copyright (c) 2003 Peter Wemm.
4 * Copyright (c) 1993 The Regents of the University of California.
7 * Portions of this software were developed by
8 * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <machine/asmacros.h>
41 #include <machine/specialreg.h>
42 #include <machine/pmap.h>
51 movl $PAGE_SIZE/8,%ecx
70 * pagecopy(%rdi=from, %rsi=to)
74 movl $PAGE_SIZE/8,%ecx
92 * The loop takes 29 bytes. Ensure that it doesn't cross a 32-byte
97 movnti %rax,(%rdi,%rdx)
98 movnti %rax,8(%rdi,%rdx)
99 movnti %rax,16(%rdi,%rdx)
100 movnti %rax,24(%rdi,%rdx)
109 * memcmpy(b1, b2, len)
127 movq -8(%rdi,%rdx),%r8
128 movq -8(%rsi,%rdx),%r9
140 movl -4(%rdi,%rdx),%r8d
141 movl -4(%rsi,%rdx),%r9d
153 movzwl -2(%rdi,%rdx),%r8d
154 movzwl -2(%rsi,%rdx),%r9d
180 movq -16(%rdi,%rdx),%r8
181 movq -16(%rsi,%rdx),%r9
184 movq -8(%rdi,%rdx),%r8
185 movq -8(%rsi,%rdx),%r9
217 * Mismatch was found.
219 * Before we compute it we narrow down the range (16 -> 8 -> 4 bytes).
236 leaq -8(%rdi,%rdx),%rdi
237 leaq -8(%rsi,%rdx),%rsi
241 leaq -16(%rdi,%rdx),%rdi
242 leaq -16(%rsi,%rdx),%rsi
251 leaq -4(%rdi,%rdx),%rdi
252 leaq -4(%rsi,%rdx),%rsi
265 * We have up to 4 bytes to inspect.
292 * memmove(dst, src, cnt)
297 * Register state at entry is supposed to be as follows:
302 * The macro possibly clobbers the above and: rcx, r8, r9, r10
303 * It does not clobber rax nor r11.
305 .macro MEMMOVE erms overlap begin end
309 * For sizes 0..32 all data is read before it is written, so there
310 * is no correctness issue with direction of copying.
318 cmpq %rcx,%r8 /* overlapping && src < dst? */
349 movq -16(%rsi,%rcx),%r9
350 movq -8(%rsi,%rcx),%r10
353 movq %r9,-16(%rdi,%rcx)
354 movq %r10,-8(%rdi,%rcx)
362 movq -8(%rsi,%rcx),%r8
364 movq %r8,-8(%rdi,%rcx,)
372 movl -4(%rsi,%rcx),%r8d
374 movl %r8d,-4(%rdi,%rcx)
382 movzwl -2(%rsi,%rcx),%r8d
384 movw %r8w,-2(%rdi,%rcx)
405 shrq $3,%rcx /* copy by 64-bit words */
409 andl $7,%ecx /* any bytes left? */
420 leaq -16(%rdx,%rcx),%rdx
422 leaq 16(%rdi,%rcx),%rdi
423 leaq 16(%rsi,%rcx),%rsi
431 shrq $3,%rcx /* copy by 64-bit words */
437 andl $7,%ecx /* any bytes left? */
452 leaq -8(%rdi,%rcx),%rdi
453 leaq -8(%rsi,%rcx),%rsi
527 leaq -1(%rdi,%rcx),%rdi
528 leaq -1(%rsi,%rcx),%rsi
533 leaq -8(%rdi,%rcx),%rdi
534 leaq -8(%rsi,%rcx),%rsi
559 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
563 MEMMOVE erms=1 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
567 * memcpy(dst, src, len)
570 * Note: memcpy does not support overlapping copies
573 MEMMOVE erms=0 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
577 MEMMOVE erms=1 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
581 * memset(dst, c, len)
589 movabs $0x0101010101010101,%r10
609 movq %r10,-16(%rdi,%rcx)
610 movq %r10,-8(%rdi,%rcx)
620 movq %r10,-16(%rdi,%rcx)
621 movq %r10,-8(%rdi,%rcx)
629 movq %r10,-8(%rdi,%rcx)
637 movl %r10d,-4(%rdi,%rcx)
645 movw %r10w,-2(%rdi,%rcx)
678 movq %r10,-8(%rdi,%rdx)
688 leaq -16(%rcx,%r8),%rcx
690 leaq 16(%rdi,%r8),%rdi
702 /* fillw(pat, base, cnt) */
703 /* %rdi,%rsi, %rdx */
715 /*****************************************************************************/
716 /* copyout and fubyte family */
717 /*****************************************************************************/
719 * Access user memory from inside the kernel. These routines should be
720 * the only places that do this.
722 * These routines set curpcb->pcb_onfault for the time they execute. When a
723 * protection violation occurs inside the functions, the trap handler
724 * returns to *curpcb->pcb_onfault instead of the function.
727 .macro SMAP_DISABLE smap
734 .macro SMAP_ENABLE smap
740 .macro COPYINOUT_BEGIN
744 movq %rax,PCB_ONFAULT(%r11)
748 .macro COPYINOUT_SMAP_END
754 * copyout(from_kernel, to_user, len)
757 .macro COPYOUT smap erms
759 movq PCPU(CURPCB),%r11
760 movq $copy_fault,PCB_ONFAULT(%r11)
763 * Check explicitly for non-user addresses.
764 * First, prevent address wrapping.
770 * XXX STOP USING VM_MAXUSER_ADDRESS.
771 * It is an end address, not a max, so every time it is used correctly it
772 * looks like there is an off by one error, and of course it caused an off
773 * by one error in several places.
775 movq $VM_MAXUSER_ADDRESS,%rcx
780 * Set return value to zero. Remaining failure mode goes through
786 * Set up arguments for MEMMOVE.
796 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
798 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
803 ENTRY(copyout_nosmap_std)
804 COPYOUT smap=0 erms=0
805 END(copyout_nosmap_std)
807 ENTRY(copyout_smap_std)
808 COPYOUT smap=1 erms=0
809 END(copyout_smap_std)
811 ENTRY(copyout_nosmap_erms)
812 COPYOUT smap=0 erms=1
813 END(copyout_nosmap_erms)
815 ENTRY(copyout_smap_erms)
816 COPYOUT smap=1 erms=1
817 END(copyout_smap_erms)
820 * copyin(from_user, to_kernel, len)
823 .macro COPYIN smap erms
825 movq PCPU(CURPCB),%r11
826 movq $copy_fault,PCB_ONFAULT(%r11)
829 * make sure address is valid
834 movq $VM_MAXUSER_ADDRESS,%rcx
847 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
849 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
854 ENTRY(copyin_nosmap_std)
856 END(copyin_nosmap_std)
858 ENTRY(copyin_smap_std)
862 ENTRY(copyin_nosmap_erms)
864 END(copyin_nosmap_erms)
866 ENTRY(copyin_smap_erms)
868 END(copyin_smap_erms)
871 /* Trap entry clears PSL.AC */
873 movq $0,PCB_ONFAULT(%r11)
879 * casueword32. Compare and set user integer. Returns -1 on fault,
880 * 0 if access was successful. Old value is written to *oldp.
881 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
883 ENTRY(casueword32_nosmap)
885 movq PCPU(CURPCB),%r8
886 movq $fusufault,PCB_ONFAULT(%r8)
888 movq $VM_MAXUSER_ADDRESS-4,%rax
889 cmpq %rax,%rdi /* verify address is valid */
892 movl %esi,%eax /* old */
896 cmpxchgl %ecx,(%rdi) /* new = %ecx */
900 * The old value is in %eax. If the store succeeded it will be the
901 * value we expected (old) from before the store, otherwise it will
902 * be the current value. Save %eax into %esi to prepare the return
907 movq %rax,PCB_ONFAULT(%r8)
910 * Access the oldp after the pcb_onfault is cleared, to correctly
911 * catch corrupted pointer.
913 movl %esi,(%rdx) /* oldp = %rdx */
917 END(casueword32_nosmap)
919 ENTRY(casueword32_smap)
921 movq PCPU(CURPCB),%r8
922 movq $fusufault,PCB_ONFAULT(%r8)
924 movq $VM_MAXUSER_ADDRESS-4,%rax
925 cmpq %rax,%rdi /* verify address is valid */
928 movl %esi,%eax /* old */
933 cmpxchgl %ecx,(%rdi) /* new = %ecx */
938 * The old value is in %eax. If the store succeeded it will be the
939 * value we expected (old) from before the store, otherwise it will
940 * be the current value. Save %eax into %esi to prepare the return
945 movq %rax,PCB_ONFAULT(%r8)
948 * Access the oldp after the pcb_onfault is cleared, to correctly
949 * catch corrupted pointer.
951 movl %esi,(%rdx) /* oldp = %rdx */
955 END(casueword32_smap)
958 * casueword. Compare and set user long. Returns -1 on fault,
959 * 0 if access was successful. Old value is written to *oldp.
960 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
962 ENTRY(casueword_nosmap)
964 movq PCPU(CURPCB),%r8
965 movq $fusufault,PCB_ONFAULT(%r8)
967 movq $VM_MAXUSER_ADDRESS-4,%rax
968 cmpq %rax,%rdi /* verify address is valid */
971 movq %rsi,%rax /* old */
975 cmpxchgq %rcx,(%rdi) /* new = %rcx */
979 * The old value is in %rax. If the store succeeded it will be the
980 * value we expected (old) from before the store, otherwise it will
981 * be the current value.
985 movq %rax,PCB_ONFAULT(%r8)
990 END(casueword_nosmap)
992 ENTRY(casueword_smap)
994 movq PCPU(CURPCB),%r8
995 movq $fusufault,PCB_ONFAULT(%r8)
997 movq $VM_MAXUSER_ADDRESS-4,%rax
998 cmpq %rax,%rdi /* verify address is valid */
1001 movq %rsi,%rax /* old */
1006 cmpxchgq %rcx,(%rdi) /* new = %rcx */
1011 * The old value is in %rax. If the store succeeded it will be the
1012 * value we expected (old) from before the store, otherwise it will
1013 * be the current value.
1017 movq %rax,PCB_ONFAULT(%r8)
1025 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
1026 * byte from user memory.
1027 * addr = %rdi, valp = %rsi
1030 ENTRY(fueword_nosmap)
1032 movq PCPU(CURPCB),%rcx
1033 movq $fusufault,PCB_ONFAULT(%rcx)
1035 movq $VM_MAXUSER_ADDRESS-8,%rax
1036 cmpq %rax,%rdi /* verify address is valid */
1041 movq %rax,PCB_ONFAULT(%rcx)
1049 movq PCPU(CURPCB),%rcx
1050 movq $fusufault,PCB_ONFAULT(%rcx)
1052 movq $VM_MAXUSER_ADDRESS-8,%rax
1053 cmpq %rax,%rdi /* verify address is valid */
1060 movq %rax,PCB_ONFAULT(%rcx)
1066 ENTRY(fueword32_nosmap)
1068 movq PCPU(CURPCB),%rcx
1069 movq $fusufault,PCB_ONFAULT(%rcx)
1071 movq $VM_MAXUSER_ADDRESS-4,%rax
1072 cmpq %rax,%rdi /* verify address is valid */
1077 movq %rax,PCB_ONFAULT(%rcx)
1081 END(fueword32_nosmap)
1083 ENTRY(fueword32_smap)
1085 movq PCPU(CURPCB),%rcx
1086 movq $fusufault,PCB_ONFAULT(%rcx)
1088 movq $VM_MAXUSER_ADDRESS-4,%rax
1089 cmpq %rax,%rdi /* verify address is valid */
1096 movq %rax,PCB_ONFAULT(%rcx)
1102 ENTRY(fuword16_nosmap)
1104 movq PCPU(CURPCB),%rcx
1105 movq $fusufault,PCB_ONFAULT(%rcx)
1107 movq $VM_MAXUSER_ADDRESS-2,%rax
1112 movq $0,PCB_ONFAULT(%rcx)
1115 END(fuword16_nosmap)
1117 ENTRY(fuword16_smap)
1119 movq PCPU(CURPCB),%rcx
1120 movq $fusufault,PCB_ONFAULT(%rcx)
1122 movq $VM_MAXUSER_ADDRESS-2,%rax
1129 movq $0,PCB_ONFAULT(%rcx)
1134 ENTRY(fubyte_nosmap)
1136 movq PCPU(CURPCB),%rcx
1137 movq $fusufault,PCB_ONFAULT(%rcx)
1139 movq $VM_MAXUSER_ADDRESS-1,%rax
1144 movq $0,PCB_ONFAULT(%rcx)
1151 movq PCPU(CURPCB),%rcx
1152 movq $fusufault,PCB_ONFAULT(%rcx)
1154 movq $VM_MAXUSER_ADDRESS-1,%rax
1161 movq $0,PCB_ONFAULT(%rcx)
1167 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
1169 * addr = %rdi, value = %rsi
1171 ENTRY(suword_nosmap)
1173 movq PCPU(CURPCB),%rcx
1174 movq $fusufault,PCB_ONFAULT(%rcx)
1176 movq $VM_MAXUSER_ADDRESS-8,%rax
1177 cmpq %rax,%rdi /* verify address validity */
1182 movq %rax,PCB_ONFAULT(%rcx)
1189 movq PCPU(CURPCB),%rcx
1190 movq $fusufault,PCB_ONFAULT(%rcx)
1192 movq $VM_MAXUSER_ADDRESS-8,%rax
1193 cmpq %rax,%rdi /* verify address validity */
1200 movq %rax,PCB_ONFAULT(%rcx)
1205 ENTRY(suword32_nosmap)
1207 movq PCPU(CURPCB),%rcx
1208 movq $fusufault,PCB_ONFAULT(%rcx)
1210 movq $VM_MAXUSER_ADDRESS-4,%rax
1211 cmpq %rax,%rdi /* verify address validity */
1216 movq %rax,PCB_ONFAULT(%rcx)
1219 END(suword32_nosmap)
1221 ENTRY(suword32_smap)
1223 movq PCPU(CURPCB),%rcx
1224 movq $fusufault,PCB_ONFAULT(%rcx)
1226 movq $VM_MAXUSER_ADDRESS-4,%rax
1227 cmpq %rax,%rdi /* verify address validity */
1234 movq %rax,PCB_ONFAULT(%rcx)
1239 ENTRY(suword16_nosmap)
1241 movq PCPU(CURPCB),%rcx
1242 movq $fusufault,PCB_ONFAULT(%rcx)
1244 movq $VM_MAXUSER_ADDRESS-2,%rax
1245 cmpq %rax,%rdi /* verify address validity */
1250 movq %rax,PCB_ONFAULT(%rcx)
1253 END(suword16_nosmap)
1255 ENTRY(suword16_smap)
1257 movq PCPU(CURPCB),%rcx
1258 movq $fusufault,PCB_ONFAULT(%rcx)
1260 movq $VM_MAXUSER_ADDRESS-2,%rax
1261 cmpq %rax,%rdi /* verify address validity */
1268 movq %rax,PCB_ONFAULT(%rcx)
1273 ENTRY(subyte_nosmap)
1275 movq PCPU(CURPCB),%rcx
1276 movq $fusufault,PCB_ONFAULT(%rcx)
1278 movq $VM_MAXUSER_ADDRESS-1,%rax
1279 cmpq %rax,%rdi /* verify address validity */
1285 movq %rax,PCB_ONFAULT(%rcx)
1292 movq PCPU(CURPCB),%rcx
1293 movq $fusufault,PCB_ONFAULT(%rcx)
1295 movq $VM_MAXUSER_ADDRESS-1,%rax
1296 cmpq %rax,%rdi /* verify address validity */
1304 movq %rax,PCB_ONFAULT(%rcx)
1310 /* Fault entry clears PSL.AC */
1312 movq PCPU(CURPCB),%rcx
1314 movq %rax,PCB_ONFAULT(%rcx)
1320 * copyinstr(from, to, maxlen, int *lencopied)
1321 * %rdi, %rsi, %rdx, %rcx
1323 * copy a string from 'from' to 'to', stop when a 0 character is reached.
1324 * return ENAMETOOLONG if string is longer than maxlen, and
1325 * EFAULT on protection violations. If lencopied is non-zero,
1326 * return the actual length in *lencopied.
1328 .macro COPYINSTR smap
1330 movq %rdx,%r8 /* %r8 = maxlen */
1331 movq PCPU(CURPCB),%r9
1332 movq $cpystrflt,PCB_ONFAULT(%r9)
1334 movq $VM_MAXUSER_ADDRESS,%rax
1336 /* make sure 'from' is within bounds */
1342 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
1350 jz copyinstr_toolong
1352 jz copyinstr_toolong_smap
1364 /* Success -- 0 byte reached */
1368 /* set *lencopied and return %eax */
1369 movq %rax,PCB_ONFAULT(%r9)
1386 ENTRY(copyinstr_nosmap)
1388 END(copyinstr_nosmap)
1390 ENTRY(copyinstr_smap)
1395 /* Fault entry clears PSL.AC */
1398 /* set *lencopied and return %eax */
1399 movq $0,PCB_ONFAULT(%r9)
1409 copyinstr_toolong_smap:
1412 /* rdx is zero - return ENAMETOOLONG or EFAULT */
1413 movq $VM_MAXUSER_ADDRESS,%rax
1416 movl $ENAMETOOLONG,%eax
1420 * Handling of special amd64 registers and descriptor tables etc
1422 /* void lgdt(struct region_descriptor *rdp); */
1424 /* reload the descriptor table */
1427 /* flush the prefetch q */
1434 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1438 /* reload code selector by turning return into intersegmental return */
1446 /*****************************************************************************/
1447 /* setjump, longjump */
1448 /*****************************************************************************/
1451 movq %rbx,0(%rdi) /* save rbx */
1452 movq %rsp,8(%rdi) /* save rsp */
1453 movq %rbp,16(%rdi) /* save rbp */
1454 movq %r12,24(%rdi) /* save r12 */
1455 movq %r13,32(%rdi) /* save r13 */
1456 movq %r14,40(%rdi) /* save r14 */
1457 movq %r15,48(%rdi) /* save r15 */
1458 movq 0(%rsp),%rdx /* get rta */
1459 movq %rdx,56(%rdi) /* save rip */
1460 xorl %eax,%eax /* return(0); */
1465 movq 0(%rdi),%rbx /* restore rbx */
1466 movq 8(%rdi),%rsp /* restore rsp */
1467 movq 16(%rdi),%rbp /* restore rbp */
1468 movq 24(%rdi),%r12 /* restore r12 */
1469 movq 32(%rdi),%r13 /* restore r13 */
1470 movq 40(%rdi),%r14 /* restore r14 */
1471 movq 48(%rdi),%r15 /* restore r15 */
1472 movq 56(%rdi),%rdx /* get rta */
1473 movq %rdx,0(%rsp) /* put in return frame */
1474 xorl %eax,%eax /* return(1); */
1480 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1484 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1486 movq PCPU(CURPCB),%r8
1487 movq $msr_onfault,PCB_ONFAULT(%r8)
1489 rdmsr /* Read MSR pointed by %ecx. Returns
1490 hi byte in edx, lo in %eax */
1491 salq $32,%rdx /* sign-shift %rdx left */
1492 movl %eax,%eax /* zero-extend %eax -> %rax */
1496 movq %rax,PCB_ONFAULT(%r8)
1501 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1505 /* int wrmsr_safe(u_int msr, uint64_t data) */
1507 movq PCPU(CURPCB),%r8
1508 movq $msr_onfault,PCB_ONFAULT(%r8)
1513 wrmsr /* Write MSR pointed by %ecx. Accepts
1514 hi byte in edx, lo in %eax. */
1516 movq %rax,PCB_ONFAULT(%r8)
1521 * MSR operations fault handler
1525 movq $0,PCB_ONFAULT(%r8)
1531 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1532 * Invalidates address space addressed by ucr3, then returns to kcr3.
1533 * Done in assembler to ensure no other memory accesses happen while
1537 ENTRY(pmap_pti_pcid_invalidate)
1540 movq %rdi,%cr3 /* to user page table */
1541 movq %rsi,%cr3 /* back to kernel */
1546 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1547 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1550 ENTRY(pmap_pti_pcid_invlpg)
1553 movq %rdi,%cr3 /* to user page table */
1555 movq %rsi,%cr3 /* back to kernel */
1560 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1562 * Invalidates virtual addresses between sva and eva in address space ucr3,
1563 * then returns to kcr3.
1566 ENTRY(pmap_pti_pcid_invlrng)
1569 movq %rdi,%cr3 /* to user page table */
1571 addq $PAGE_SIZE,%rdx
1574 movq %rsi,%cr3 /* back to kernel */
1579 .macro rsb_seq_label l
1582 .macro rsb_call_label l
1585 .macro rsb_seq count
1588 rsb_call_label %(ll)
1600 /* all callers already saved %rax, %rdx, and %rcx */
1601 ENTRY(handle_ibrs_entry)
1602 cmpb $0,hw_ibrs_ibpb_active(%rip)
1604 movl $MSR_IA32_SPEC_CTRL,%ecx
1606 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1607 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1609 movb $1,PCPU(IBPB_SET)
1610 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1613 END(handle_ibrs_entry)
1615 ENTRY(handle_ibrs_exit)
1616 cmpb $0,PCPU(IBPB_SET)
1618 movl $MSR_IA32_SPEC_CTRL,%ecx
1620 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1621 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1623 movb $0,PCPU(IBPB_SET)
1625 END(handle_ibrs_exit)
1627 /* registers-neutral version, but needs stack */
1628 ENTRY(handle_ibrs_exit_rs)
1629 cmpb $0,PCPU(IBPB_SET)
1634 movl $MSR_IA32_SPEC_CTRL,%ecx
1636 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1637 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1642 movb $0,PCPU(IBPB_SET)
1644 END(handle_ibrs_exit_rs)
1649 * Flush L1D cache. Load enough of the data from the kernel text
1650 * to flush existing L1D content.
1652 * N.B. The function does not follow ABI calling conventions, it corrupts %rbx.
1653 * The vmm.ko caller expects that only %rax, %rdx, %rbx, %rcx, %r9, and %rflags
1654 * registers are clobbered. The NMI handler caller only needs %r13 preserved.
1657 #define L1D_FLUSH_SIZE (64 * 1024)
1659 movq $-L1D_FLUSH_SIZE, %rcx
1661 * pass 1: Preload TLB.
1662 * Kernel text is mapped using superpages. TLB preload is
1663 * done for the benefit of older CPUs which split 2M page
1664 * into 4k TLB entries.
1666 1: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1667 addq $PAGE_SIZE, %rcx
1671 movq $-L1D_FLUSH_SIZE, %rcx
1672 /* pass 2: Read each cache line. */
1673 2: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1678 #undef L1D_FLUSH_SIZE
1681 ENTRY(flush_l1d_sw_abi)
1686 END(flush_l1d_sw_abi)
1688 ENTRY(mds_handler_void)
1690 END(mds_handler_void)
1692 ENTRY(mds_handler_verw)
1698 END(mds_handler_verw)
1700 ENTRY(mds_handler_ivb)
1709 1: movq PCPU(MDS_BUF), %rdx
1710 movdqa %xmm0, PCPU(MDS_TMP)
1719 2: movntdq %xmm0, (%rdx)
1725 movdqa PCPU(MDS_TMP),%xmm0
1733 END(mds_handler_ivb)
1735 ENTRY(mds_handler_bdw)
1746 1: movq PCPU(MDS_BUF), %rbx
1747 movdqa %xmm0, PCPU(MDS_TMP)
1753 2: movntdq %xmm0, (%rbx)
1762 movdqa PCPU(MDS_TMP),%xmm0
1772 END(mds_handler_bdw)
1774 ENTRY(mds_handler_skl_sse)
1784 1: movq PCPU(MDS_BUF), %rdi
1785 movq PCPU(MDS_BUF64), %rdx
1786 movdqa %xmm0, PCPU(MDS_TMP)
1793 2: clflushopt 5376(%rdi, %rax, 8)
1803 movdqa PCPU(MDS_TMP), %xmm0
1812 END(mds_handler_skl_sse)
1814 ENTRY(mds_handler_skl_avx)
1824 1: movq PCPU(MDS_BUF), %rdi
1825 movq PCPU(MDS_BUF64), %rdx
1826 vmovdqa %ymm0, PCPU(MDS_TMP)
1827 vpxor %ymm0, %ymm0, %ymm0
1830 vorpd (%rdx), %ymm0, %ymm0
1831 vorpd (%rdx), %ymm0, %ymm0
1833 2: clflushopt 5376(%rdi, %rax, 8)
1843 vmovdqa PCPU(MDS_TMP), %ymm0
1852 END(mds_handler_skl_avx)
1854 ENTRY(mds_handler_skl_avx512)
1864 1: movq PCPU(MDS_BUF), %rdi
1865 movq PCPU(MDS_BUF64), %rdx
1866 vmovdqa64 %zmm0, PCPU(MDS_TMP)
1867 vpxord %zmm0, %zmm0, %zmm0
1870 vorpd (%rdx), %zmm0, %zmm0
1871 vorpd (%rdx), %zmm0, %zmm0
1873 2: clflushopt 5376(%rdi, %rax, 8)
1883 vmovdqa64 PCPU(MDS_TMP), %zmm0
1892 END(mds_handler_skl_avx512)
1894 ENTRY(mds_handler_silvermont)
1903 1: movq PCPU(MDS_BUF), %rdx
1904 movdqa %xmm0, PCPU(MDS_TMP)
1908 2: movntdq %xmm0, (%rdx)
1914 movdqa PCPU(MDS_TMP),%xmm0
1922 END(mds_handler_silvermont)