2 * Copyright (c) 2018-2019 The FreeBSD Foundation
3 * Copyright (c) 2003 Peter Wemm.
4 * Copyright (c) 1993 The Regents of the University of California.
7 * Portions of this software were developed by
8 * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <machine/asmacros.h>
41 #include <machine/specialreg.h>
42 #include <machine/pmap.h>
51 movq $PAGE_SIZE/8,%rcx
70 * pagecopy(%rdi=from, %rsi=to)
74 movq $PAGE_SIZE/8,%rcx
92 * The loop takes 29 bytes. Ensure that it doesn't cross a 32-byte
97 movnti %rax,(%rdi,%rdx)
98 movnti %rax,8(%rdi,%rdx)
99 movnti %rax,16(%rdi,%rdx)
100 movnti %rax,24(%rdi,%rdx)
109 * memcmpy(b1, b2, len)
127 movq -8(%rdi,%rdx),%r8
128 movq -8(%rsi,%rdx),%r9
140 movl -4(%rdi,%rdx),%r8d
141 movl -4(%rsi,%rdx),%r9d
153 movzwl -2(%rdi,%rdx),%r8d
154 movzwl -2(%rsi,%rdx),%r9d
180 movq -16(%rdi,%rdx),%r8
181 movq -16(%rsi,%rdx),%r9
184 movq -8(%rdi,%rdx),%r8
185 movq -8(%rsi,%rdx),%r9
217 * Mismatch was found.
219 * Before we compute it we narrow down the range (16 -> 8 -> 4 bytes).
236 leaq -8(%rdi,%rdx),%rdi
237 leaq -8(%rsi,%rdx),%rsi
241 leaq -16(%rdi,%rdx),%rdi
242 leaq -16(%rsi,%rdx),%rsi
251 leaq -4(%rdi,%rdx),%rdi
252 leaq -4(%rsi,%rdx),%rsi
265 * We have up to 4 bytes to inspect.
292 * memmove(dst, src, cnt)
297 * Register state at entry is supposed to be as follows:
302 * The macro possibly clobbers the above and: rcx, r8, r9, 10
303 * It does not clobber rax nor r11.
305 .macro MEMMOVE erms overlap begin end
309 * For sizes 0..32 all data is read before it is written, so there
310 * is no correctness issue with direction of copying.
318 cmpq %rcx,%r8 /* overlapping && src < dst? */
350 movq -16(%rsi,%rcx),%r9
351 movq -8(%rsi,%rcx),%r10
354 movq %r9,-16(%rdi,%rcx)
355 movq %r10,-8(%rdi,%rcx)
363 movq -8(%rsi,%rcx),%r8
365 movq %r8,-8(%rdi,%rcx,)
373 movl -4(%rsi,%rcx),%r8d
375 movl %r8d,-4(%rdi,%rcx)
383 movzwl -2(%rsi,%rcx),%r8d
385 movw %r8w,-2(%rdi,%rcx)
406 shrq $3,%rcx /* copy by 64-bit words */
410 andl $7,%ecx /* any bytes left? */
421 leaq -16(%rdx,%rcx),%rdx
423 leaq 16(%rdi,%rcx),%rdi
424 leaq 16(%rsi,%rcx),%rsi
432 shrq $3,%rcx /* copy by 64-bit words */
438 andl $7,%ecx /* any bytes left? */
453 leaq -8(%rdi,%rcx),%rdi
454 leaq -8(%rsi,%rcx),%rsi
529 leaq -1(%rdi,%rcx),%rdi
530 leaq -1(%rsi,%rcx),%rsi
535 leaq -8(%rdi,%rcx),%rdi
536 leaq -8(%rsi,%rcx),%rsi
561 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
565 MEMMOVE erms=1 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
569 * memcpy(dst, src, len)
572 * Note: memcpy does not support overlapping copies
575 MEMMOVE erms=0 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
579 MEMMOVE erms=1 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
583 * memset(dst, c, len)
591 movabs $0x0101010101010101,%r10
612 movq %r10,-16(%rdi,%rcx)
613 movq %r10,-8(%rdi,%rcx)
623 movq %r10,-16(%rdi,%rcx)
624 movq %r10,-8(%rdi,%rcx)
632 movq %r10,-8(%rdi,%rcx)
640 movl %r10d,-4(%rdi,%rcx)
648 movw %r10w,-2(%rdi,%rcx)
681 movq %r10,-8(%rdi,%rdx)
691 leaq -16(%rcx,%r8),%rcx
693 leaq 16(%rdi,%r8),%rdi
705 /* fillw(pat, base, cnt) */
706 /* %rdi,%rsi, %rdx */
718 /*****************************************************************************/
719 /* copyout and fubyte family */
720 /*****************************************************************************/
722 * Access user memory from inside the kernel. These routines should be
723 * the only places that do this.
725 * These routines set curpcb->pcb_onfault for the time they execute. When a
726 * protection violation occurs inside the functions, the trap handler
727 * returns to *curpcb->pcb_onfault instead of the function.
730 .macro SMAP_DISABLE smap
737 .macro SMAP_ENABLE smap
743 .macro COPYINOUT_BEGIN
747 movq %rax,PCB_ONFAULT(%r11)
751 .macro COPYINOUT_SMAP_END
757 * copyout(from_kernel, to_user, len)
760 .macro COPYOUT smap erms
762 movq PCPU(CURPCB),%r11
763 movq $copy_fault,PCB_ONFAULT(%r11)
766 * Check explicitly for non-user addresses.
767 * First, prevent address wrapping.
773 * XXX STOP USING VM_MAXUSER_ADDRESS.
774 * It is an end address, not a max, so every time it is used correctly it
775 * looks like there is an off by one error, and of course it caused an off
776 * by one error in several places.
778 movq $VM_MAXUSER_ADDRESS,%rcx
783 * Set return value to zero. Remaining failure mode goes through
789 * Set up arguments for MEMMOVE.
799 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
801 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
806 ENTRY(copyout_nosmap_std)
807 COPYOUT smap=0 erms=0
808 END(copyout_nosmap_std)
810 ENTRY(copyout_smap_std)
811 COPYOUT smap=1 erms=0
812 END(copyout_smap_std)
814 ENTRY(copyout_nosmap_erms)
815 COPYOUT smap=0 erms=1
816 END(copyout_nosmap_erms)
818 ENTRY(copyout_smap_erms)
819 COPYOUT smap=1 erms=1
820 END(copyout_smap_erms)
823 * copyin(from_user, to_kernel, len)
826 .macro COPYIN smap erms
828 movq PCPU(CURPCB),%r11
829 movq $copy_fault,PCB_ONFAULT(%r11)
832 * make sure address is valid
837 movq $VM_MAXUSER_ADDRESS,%rcx
850 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
852 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
857 ENTRY(copyin_nosmap_std)
859 END(copyin_nosmap_std)
861 ENTRY(copyin_smap_std)
865 ENTRY(copyin_nosmap_erms)
867 END(copyin_nosmap_erms)
869 ENTRY(copyin_smap_erms)
871 END(copyin_smap_erms)
875 testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
878 1: movq $0,PCB_ONFAULT(%r11)
884 * casueword32. Compare and set user integer. Returns -1 on fault,
885 * 0 if access was successful. Old value is written to *oldp.
886 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
888 ENTRY(casueword32_nosmap)
890 movq PCPU(CURPCB),%r8
891 movq $fusufault,PCB_ONFAULT(%r8)
893 movq $VM_MAXUSER_ADDRESS-4,%rax
894 cmpq %rax,%rdi /* verify address is valid */
897 movl %esi,%eax /* old */
901 cmpxchgl %ecx,(%rdi) /* new = %ecx */
905 * The old value is in %eax. If the store succeeded it will be the
906 * value we expected (old) from before the store, otherwise it will
907 * be the current value. Save %eax into %esi to prepare the return
912 movq %rax,PCB_ONFAULT(%r8)
915 * Access the oldp after the pcb_onfault is cleared, to correctly
916 * catch corrupted pointer.
918 movl %esi,(%rdx) /* oldp = %rdx */
922 END(casueword32_nosmap)
924 ENTRY(casueword32_smap)
926 movq PCPU(CURPCB),%r8
927 movq $fusufault,PCB_ONFAULT(%r8)
929 movq $VM_MAXUSER_ADDRESS-4,%rax
930 cmpq %rax,%rdi /* verify address is valid */
933 movl %esi,%eax /* old */
938 cmpxchgl %ecx,(%rdi) /* new = %ecx */
943 * The old value is in %eax. If the store succeeded it will be the
944 * value we expected (old) from before the store, otherwise it will
945 * be the current value. Save %eax into %esi to prepare the return
950 movq %rax,PCB_ONFAULT(%r8)
953 * Access the oldp after the pcb_onfault is cleared, to correctly
954 * catch corrupted pointer.
956 movl %esi,(%rdx) /* oldp = %rdx */
960 END(casueword32_smap)
963 * casueword. Compare and set user long. Returns -1 on fault,
964 * 0 if access was successful. Old value is written to *oldp.
965 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
967 ENTRY(casueword_nosmap)
969 movq PCPU(CURPCB),%r8
970 movq $fusufault,PCB_ONFAULT(%r8)
972 movq $VM_MAXUSER_ADDRESS-4,%rax
973 cmpq %rax,%rdi /* verify address is valid */
976 movq %rsi,%rax /* old */
980 cmpxchgq %rcx,(%rdi) /* new = %rcx */
984 * The old value is in %rax. If the store succeeded it will be the
985 * value we expected (old) from before the store, otherwise it will
986 * be the current value.
990 movq %rax,PCB_ONFAULT(%r8)
995 END(casueword_nosmap)
997 ENTRY(casueword_smap)
999 movq PCPU(CURPCB),%r8
1000 movq $fusufault,PCB_ONFAULT(%r8)
1002 movq $VM_MAXUSER_ADDRESS-4,%rax
1003 cmpq %rax,%rdi /* verify address is valid */
1006 movq %rsi,%rax /* old */
1011 cmpxchgq %rcx,(%rdi) /* new = %rcx */
1016 * The old value is in %rax. If the store succeeded it will be the
1017 * value we expected (old) from before the store, otherwise it will
1018 * be the current value.
1022 movq %rax,PCB_ONFAULT(%r8)
1030 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
1031 * byte from user memory.
1032 * addr = %rdi, valp = %rsi
1035 ENTRY(fueword_nosmap)
1037 movq PCPU(CURPCB),%rcx
1038 movq $fusufault,PCB_ONFAULT(%rcx)
1040 movq $VM_MAXUSER_ADDRESS-8,%rax
1041 cmpq %rax,%rdi /* verify address is valid */
1046 movq %rax,PCB_ONFAULT(%rcx)
1054 movq PCPU(CURPCB),%rcx
1055 movq $fusufault,PCB_ONFAULT(%rcx)
1057 movq $VM_MAXUSER_ADDRESS-8,%rax
1058 cmpq %rax,%rdi /* verify address is valid */
1065 movq %rax,PCB_ONFAULT(%rcx)
1071 ENTRY(fueword32_nosmap)
1073 movq PCPU(CURPCB),%rcx
1074 movq $fusufault,PCB_ONFAULT(%rcx)
1076 movq $VM_MAXUSER_ADDRESS-4,%rax
1077 cmpq %rax,%rdi /* verify address is valid */
1082 movq %rax,PCB_ONFAULT(%rcx)
1086 END(fueword32_nosmap)
1088 ENTRY(fueword32_smap)
1090 movq PCPU(CURPCB),%rcx
1091 movq $fusufault,PCB_ONFAULT(%rcx)
1093 movq $VM_MAXUSER_ADDRESS-4,%rax
1094 cmpq %rax,%rdi /* verify address is valid */
1101 movq %rax,PCB_ONFAULT(%rcx)
1107 ENTRY(fuword16_nosmap)
1109 movq PCPU(CURPCB),%rcx
1110 movq $fusufault,PCB_ONFAULT(%rcx)
1112 movq $VM_MAXUSER_ADDRESS-2,%rax
1117 movq $0,PCB_ONFAULT(%rcx)
1120 END(fuword16_nosmap)
1122 ENTRY(fuword16_smap)
1124 movq PCPU(CURPCB),%rcx
1125 movq $fusufault,PCB_ONFAULT(%rcx)
1127 movq $VM_MAXUSER_ADDRESS-2,%rax
1134 movq $0,PCB_ONFAULT(%rcx)
1139 ENTRY(fubyte_nosmap)
1141 movq PCPU(CURPCB),%rcx
1142 movq $fusufault,PCB_ONFAULT(%rcx)
1144 movq $VM_MAXUSER_ADDRESS-1,%rax
1149 movq $0,PCB_ONFAULT(%rcx)
1156 movq PCPU(CURPCB),%rcx
1157 movq $fusufault,PCB_ONFAULT(%rcx)
1159 movq $VM_MAXUSER_ADDRESS-1,%rax
1166 movq $0,PCB_ONFAULT(%rcx)
1172 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
1174 * addr = %rdi, value = %rsi
1176 ENTRY(suword_nosmap)
1178 movq PCPU(CURPCB),%rcx
1179 movq $fusufault,PCB_ONFAULT(%rcx)
1181 movq $VM_MAXUSER_ADDRESS-8,%rax
1182 cmpq %rax,%rdi /* verify address validity */
1187 movq PCPU(CURPCB),%rcx
1188 movq %rax,PCB_ONFAULT(%rcx)
1195 movq PCPU(CURPCB),%rcx
1196 movq $fusufault,PCB_ONFAULT(%rcx)
1198 movq $VM_MAXUSER_ADDRESS-8,%rax
1199 cmpq %rax,%rdi /* verify address validity */
1206 movq PCPU(CURPCB),%rcx
1207 movq %rax,PCB_ONFAULT(%rcx)
1212 ENTRY(suword32_nosmap)
1214 movq PCPU(CURPCB),%rcx
1215 movq $fusufault,PCB_ONFAULT(%rcx)
1217 movq $VM_MAXUSER_ADDRESS-4,%rax
1218 cmpq %rax,%rdi /* verify address validity */
1223 movq PCPU(CURPCB),%rcx
1224 movq %rax,PCB_ONFAULT(%rcx)
1227 END(suword32_nosmap)
1229 ENTRY(suword32_smap)
1231 movq PCPU(CURPCB),%rcx
1232 movq $fusufault,PCB_ONFAULT(%rcx)
1234 movq $VM_MAXUSER_ADDRESS-4,%rax
1235 cmpq %rax,%rdi /* verify address validity */
1242 movq PCPU(CURPCB),%rcx
1243 movq %rax,PCB_ONFAULT(%rcx)
1248 ENTRY(suword16_nosmap)
1250 movq PCPU(CURPCB),%rcx
1251 movq $fusufault,PCB_ONFAULT(%rcx)
1253 movq $VM_MAXUSER_ADDRESS-2,%rax
1254 cmpq %rax,%rdi /* verify address validity */
1259 movq %rax,PCB_ONFAULT(%rcx)
1262 END(suword16_nosmap)
1264 ENTRY(suword16_smap)
1266 movq PCPU(CURPCB),%rcx
1267 movq $fusufault,PCB_ONFAULT(%rcx)
1269 movq $VM_MAXUSER_ADDRESS-2,%rax
1270 cmpq %rax,%rdi /* verify address validity */
1277 movq %rax,PCB_ONFAULT(%rcx)
1282 ENTRY(subyte_nosmap)
1284 movq PCPU(CURPCB),%rcx
1285 movq $fusufault,PCB_ONFAULT(%rcx)
1287 movq $VM_MAXUSER_ADDRESS-1,%rax
1288 cmpq %rax,%rdi /* verify address validity */
1294 movq %rax,PCB_ONFAULT(%rcx)
1301 movq PCPU(CURPCB),%rcx
1302 movq $fusufault,PCB_ONFAULT(%rcx)
1304 movq $VM_MAXUSER_ADDRESS-1,%rax
1305 cmpq %rax,%rdi /* verify address validity */
1313 movq %rax,PCB_ONFAULT(%rcx)
1320 testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
1323 1: movq PCPU(CURPCB),%rcx
1325 movq %rax,PCB_ONFAULT(%rcx)
1331 * copyinstr(from, to, maxlen, int *lencopied)
1332 * %rdi, %rsi, %rdx, %rcx
1334 * copy a string from 'from' to 'to', stop when a 0 character is reached.
1335 * return ENAMETOOLONG if string is longer than maxlen, and
1336 * EFAULT on protection violations. If lencopied is non-zero,
1337 * return the actual length in *lencopied.
1339 .macro COPYINSTR smap
1341 movq %rdx,%r8 /* %r8 = maxlen */
1342 movq PCPU(CURPCB),%r9
1343 movq $cpystrflt,PCB_ONFAULT(%r9)
1345 movq $VM_MAXUSER_ADDRESS,%rax
1347 /* make sure 'from' is within bounds */
1353 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
1361 jz copyinstr_toolong
1363 jz copyinstr_toolong_smap
1375 /* Success -- 0 byte reached */
1379 /* set *lencopied and return %eax */
1380 movq %rax,PCB_ONFAULT(%r9)
1397 ENTRY(copyinstr_nosmap)
1399 END(copyinstr_nosmap)
1401 ENTRY(copyinstr_smap)
1406 testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
1409 1: movl $EFAULT,%eax
1411 /* set *lencopied and return %eax */
1412 movq $0,PCB_ONFAULT(%r9)
1422 copyinstr_toolong_smap:
1425 /* rdx is zero - return ENAMETOOLONG or EFAULT */
1426 movq $VM_MAXUSER_ADDRESS,%rax
1429 movl $ENAMETOOLONG,%eax
1433 * copystr(from, to, maxlen, int *lencopied)
1434 * %rdi, %rsi, %rdx, %rcx
1438 movq %rdx,%r8 /* %r8 = maxlen */
1451 /* Success -- 0 byte reached */
1457 /* set *lencopied and return %rax */
1464 /* rdx is zero -- return ENAMETOOLONG */
1465 movl $ENAMETOOLONG,%eax
1470 * Handling of special amd64 registers and descriptor tables etc
1472 /* void lgdt(struct region_descriptor *rdp); */
1474 /* reload the descriptor table */
1477 /* flush the prefetch q */
1484 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1488 /* reload code selector by turning return into intersegmental return */
1496 /*****************************************************************************/
1497 /* setjump, longjump */
1498 /*****************************************************************************/
1501 movq %rbx,0(%rdi) /* save rbx */
1502 movq %rsp,8(%rdi) /* save rsp */
1503 movq %rbp,16(%rdi) /* save rbp */
1504 movq %r12,24(%rdi) /* save r12 */
1505 movq %r13,32(%rdi) /* save r13 */
1506 movq %r14,40(%rdi) /* save r14 */
1507 movq %r15,48(%rdi) /* save r15 */
1508 movq 0(%rsp),%rdx /* get rta */
1509 movq %rdx,56(%rdi) /* save rip */
1510 xorl %eax,%eax /* return(0); */
1515 movq 0(%rdi),%rbx /* restore rbx */
1516 movq 8(%rdi),%rsp /* restore rsp */
1517 movq 16(%rdi),%rbp /* restore rbp */
1518 movq 24(%rdi),%r12 /* restore r12 */
1519 movq 32(%rdi),%r13 /* restore r13 */
1520 movq 40(%rdi),%r14 /* restore r14 */
1521 movq 48(%rdi),%r15 /* restore r15 */
1522 movq 56(%rdi),%rdx /* get rta */
1523 movq %rdx,0(%rsp) /* put in return frame */
1524 xorl %eax,%eax /* return(1); */
1530 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1534 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1536 movq PCPU(CURPCB),%r8
1537 movq $msr_onfault,PCB_ONFAULT(%r8)
1539 rdmsr /* Read MSR pointed by %ecx. Returns
1540 hi byte in edx, lo in %eax */
1541 salq $32,%rdx /* sign-shift %rdx left */
1542 movl %eax,%eax /* zero-extend %eax -> %rax */
1546 movq %rax,PCB_ONFAULT(%r8)
1551 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1555 /* int wrmsr_safe(u_int msr, uint64_t data) */
1557 movq PCPU(CURPCB),%r8
1558 movq $msr_onfault,PCB_ONFAULT(%r8)
1563 wrmsr /* Write MSR pointed by %ecx. Accepts
1564 hi byte in edx, lo in %eax. */
1566 movq %rax,PCB_ONFAULT(%r8)
1571 * MSR operations fault handler
1575 movq $0,PCB_ONFAULT(%r8)
1581 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1582 * Invalidates address space addressed by ucr3, then returns to kcr3.
1583 * Done in assembler to ensure no other memory accesses happen while
1587 ENTRY(pmap_pti_pcid_invalidate)
1590 movq %rdi,%cr3 /* to user page table */
1591 movq %rsi,%cr3 /* back to kernel */
1596 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1597 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1600 ENTRY(pmap_pti_pcid_invlpg)
1603 movq %rdi,%cr3 /* to user page table */
1605 movq %rsi,%cr3 /* back to kernel */
1610 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1612 * Invalidates virtual addresses between sva and eva in address space ucr3,
1613 * then returns to kcr3.
1616 ENTRY(pmap_pti_pcid_invlrng)
1619 movq %rdi,%cr3 /* to user page table */
1621 addq $PAGE_SIZE,%rdx
1624 movq %rsi,%cr3 /* back to kernel */
1629 .macro rsb_seq_label l
1632 .macro rsb_call_label l
1635 .macro rsb_seq count
1638 rsb_call_label %(ll)
1650 /* all callers already saved %rax, %rdx, and %rcx */
1651 ENTRY(handle_ibrs_entry)
1652 cmpb $0,hw_ibrs_ibpb_active(%rip)
1654 movl $MSR_IA32_SPEC_CTRL,%ecx
1656 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1657 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1659 movb $1,PCPU(IBPB_SET)
1660 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1663 END(handle_ibrs_entry)
1665 ENTRY(handle_ibrs_exit)
1666 cmpb $0,PCPU(IBPB_SET)
1668 movl $MSR_IA32_SPEC_CTRL,%ecx
1670 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1671 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1673 movb $0,PCPU(IBPB_SET)
1675 END(handle_ibrs_exit)
1677 /* registers-neutral version, but needs stack */
1678 ENTRY(handle_ibrs_exit_rs)
1679 cmpb $0,PCPU(IBPB_SET)
1684 movl $MSR_IA32_SPEC_CTRL,%ecx
1686 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1687 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1692 movb $0,PCPU(IBPB_SET)
1694 END(handle_ibrs_exit_rs)
1699 * Flush L1D cache. Load enough of the data from the kernel text
1700 * to flush existing L1D content.
1702 * N.B. The function does not follow ABI calling conventions, it corrupts %rbx.
1703 * The vmm.ko caller expects that only %rax, %rdx, %rbx, %rcx, %r9, and %rflags
1704 * registers are clobbered. The NMI handler caller only needs %r13 preserved.
1707 #define L1D_FLUSH_SIZE (64 * 1024)
1709 movq $-L1D_FLUSH_SIZE, %rcx
1711 * pass 1: Preload TLB.
1712 * Kernel text is mapped using superpages. TLB preload is
1713 * done for the benefit of older CPUs which split 2M page
1714 * into 4k TLB entries.
1716 1: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1717 addq $PAGE_SIZE, %rcx
1721 movq $-L1D_FLUSH_SIZE, %rcx
1722 /* pass 2: Read each cache line. */
1723 2: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1728 #undef L1D_FLUSH_SIZE
1731 ENTRY(flush_l1d_sw_abi)
1736 END(flush_l1d_sw_abi)
1738 ENTRY(mds_handler_void)
1740 END(mds_handler_void)
1742 ENTRY(mds_handler_verw)
1748 END(mds_handler_verw)
1750 ENTRY(mds_handler_ivb)
1759 1: movq PCPU(MDS_BUF), %rdx
1760 movdqa %xmm0, PCPU(MDS_TMP)
1769 2: movntdq %xmm0, (%rdx)
1775 movdqa PCPU(MDS_TMP),%xmm0
1783 END(mds_handler_ivb)
1785 ENTRY(mds_handler_bdw)
1796 1: movq PCPU(MDS_BUF), %rbx
1797 movdqa %xmm0, PCPU(MDS_TMP)
1803 2: movntdq %xmm0, (%rbx)
1812 movdqa PCPU(MDS_TMP),%xmm0
1822 END(mds_handler_bdw)
1824 ENTRY(mds_handler_skl_sse)
1834 1: movq PCPU(MDS_BUF), %rdi
1835 movq PCPU(MDS_BUF64), %rdx
1836 movdqa %xmm0, PCPU(MDS_TMP)
1843 2: clflushopt 5376(%rdi, %rax, 8)
1853 movdqa PCPU(MDS_TMP), %xmm0
1862 END(mds_handler_skl_sse)
1864 ENTRY(mds_handler_skl_avx)
1874 1: movq PCPU(MDS_BUF), %rdi
1875 movq PCPU(MDS_BUF64), %rdx
1876 vmovdqa %ymm0, PCPU(MDS_TMP)
1877 vpxor %ymm0, %ymm0, %ymm0
1880 vorpd (%rdx), %ymm0, %ymm0
1881 vorpd (%rdx), %ymm0, %ymm0
1883 2: clflushopt 5376(%rdi, %rax, 8)
1893 vmovdqa PCPU(MDS_TMP), %ymm0
1902 END(mds_handler_skl_avx)
1904 ENTRY(mds_handler_skl_avx512)
1914 1: movq PCPU(MDS_BUF), %rdi
1915 movq PCPU(MDS_BUF64), %rdx
1916 vmovdqa64 %zmm0, PCPU(MDS_TMP)
1917 vpxord %zmm0, %zmm0, %zmm0
1920 vorpd (%rdx), %zmm0, %zmm0
1921 vorpd (%rdx), %zmm0, %zmm0
1923 2: clflushopt 5376(%rdi, %rax, 8)
1933 vmovdqa64 PCPU(MDS_TMP), %zmm0
1942 END(mds_handler_skl_avx512)
1944 ENTRY(mds_handler_silvermont)
1953 1: movq PCPU(MDS_BUF), %rdx
1954 movdqa %xmm0, PCPU(MDS_TMP)
1958 2: movntdq %xmm0, (%rdx)
1964 movdqa PCPU(MDS_TMP),%xmm0
1972 END(mds_handler_silvermont)