2 * Copyright (c) 2018-2019 The FreeBSD Foundation
3 * Copyright (c) 2003 Peter Wemm.
4 * Copyright (c) 1993 The Regents of the University of California.
7 * Portions of this software were developed by
8 * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <machine/asmacros.h>
41 #include <machine/specialreg.h>
42 #include <machine/pmap.h>
51 movq $PAGE_SIZE/8,%rcx
70 * pagecopy(%rdi=from, %rsi=to)
74 movq $PAGE_SIZE/8,%rcx
92 * The loop takes 29 bytes. Ensure that it doesn't cross a 32-byte
97 movnti %rax,(%rdi,%rdx)
98 movnti %rax,8(%rdi,%rdx)
99 movnti %rax,16(%rdi,%rdx)
100 movnti %rax,24(%rdi,%rdx)
109 * memcmpy(b1, b2, len)
121 movzbl (%rdi,%rcx,1),%eax
122 movzbl (%rsi,%rcx,1),%r8d
128 movzbl (%rdi,%rcx,1),%eax
129 movzbl (%rsi,%rcx,1),%r8d
135 movzbl (%rdi,%rcx,1),%eax
136 movzbl (%rsi,%rcx,1),%r8d
142 movzbl (%rdi,%rcx,1),%eax
143 movzbl (%rsi,%rcx,1),%r8d
203 * memmove(dst, src, cnt)
208 * Register state at entry is supposed to be as follows:
213 * The macro possibly clobbers the above and: rcx, r8, r9, 10
214 * It does not clobber rax nor r11.
216 .macro MEMMOVE erms overlap begin end
220 * For sizes 0..32 all data is read before it is written, so there
221 * is no correctness issue with direction of copying.
229 cmpq %rcx,%r8 /* overlapping && src < dst? */
260 movq -16(%rsi,%rcx),%r9
261 movq -8(%rsi,%rcx),%r10
264 movq %r9,-16(%rdi,%rcx)
265 movq %r10,-8(%rdi,%rcx)
273 movq -8(%rsi,%rcx),%r8
275 movq %r8,-8(%rdi,%rcx,)
283 movl -4(%rsi,%rcx),%r8d
285 movl %r8d,-4(%rdi,%rcx)
293 movzwl -2(%rsi,%rcx),%r8d
295 movw %r8w,-2(%rdi,%rcx)
316 shrq $3,%rcx /* copy by 64-bit words */
320 andl $7,%ecx /* any bytes left? */
331 leaq -16(%rdx,%rcx),%rdx
333 leaq 16(%rdi,%rcx),%rdi
334 leaq 16(%rsi,%rcx),%rsi
342 shrq $3,%rcx /* copy by 64-bit words */
348 andl $7,%ecx /* any bytes left? */
363 leaq -8(%rdi,%rcx),%rdi
364 leaq -8(%rsi,%rcx),%rsi
438 leaq -1(%rdi,%rcx),%rdi
439 leaq -1(%rsi,%rcx),%rsi
444 leaq -8(%rdi,%rcx),%rdi
445 leaq -8(%rsi,%rcx),%rsi
470 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
474 MEMMOVE erms=1 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
478 * memcpy(dst, src, len)
481 * Note: memcpy does not support overlapping copies
484 MEMMOVE erms=0 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
488 MEMMOVE erms=1 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
492 * memset(dst, c, len)
500 movabs $0x0101010101010101,%r10
520 movq %r10,-16(%rdi,%rcx)
521 movq %r10,-8(%rdi,%rcx)
531 movq %r10,-16(%rdi,%rcx)
532 movq %r10,-8(%rdi,%rcx)
540 movq %r10,-8(%rdi,%rcx)
548 movl %r10d,-4(%rdi,%rcx)
556 movw %r10w,-2(%rdi,%rcx)
589 movq %r10,-8(%rdi,%rdx)
599 leaq -16(%rcx,%r8),%rcx
601 leaq 16(%rdi,%r8),%rdi
613 /* fillw(pat, base, cnt) */
614 /* %rdi,%rsi, %rdx */
626 /*****************************************************************************/
627 /* copyout and fubyte family */
628 /*****************************************************************************/
630 * Access user memory from inside the kernel. These routines should be
631 * the only places that do this.
633 * These routines set curpcb->pcb_onfault for the time they execute. When a
634 * protection violation occurs inside the functions, the trap handler
635 * returns to *curpcb->pcb_onfault instead of the function.
638 .macro SMAP_DISABLE smap
645 .macro SMAP_ENABLE smap
651 .macro COPYINOUT_BEGIN
655 movq %rax,PCB_ONFAULT(%r11)
659 .macro COPYINOUT_SMAP_END
665 * copyout(from_kernel, to_user, len)
668 .macro COPYOUT smap erms
670 movq PCPU(CURPCB),%r11
671 movq $copy_fault,PCB_ONFAULT(%r11)
674 * Check explicitly for non-user addresses. If 486 write protection
675 * is being used, this check is essential because we are in kernel
676 * mode so the h/w does not provide any protection against writing
681 * First, prevent address wrapping.
687 * XXX STOP USING VM_MAXUSER_ADDRESS.
688 * It is an end address, not a max, so every time it is used correctly it
689 * looks like there is an off by one error, and of course it caused an off
690 * by one error in several places.
692 movq $VM_MAXUSER_ADDRESS,%rcx
697 * Set return value to zero. Remaining failure mode goes through
703 * Set up arguments for MEMMOVE.
713 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
715 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
720 ENTRY(copyout_nosmap_std)
721 COPYOUT smap=0 erms=0
722 END(copyout_nosmap_std)
724 ENTRY(copyout_smap_std)
725 COPYOUT smap=1 erms=0
726 END(copyout_smap_std)
728 ENTRY(copyout_nosmap_erms)
729 COPYOUT smap=0 erms=1
730 END(copyout_nosmap_erms)
732 ENTRY(copyout_smap_erms)
733 COPYOUT smap=1 erms=1
734 END(copyout_smap_erms)
737 * copyin(from_user, to_kernel, len)
740 .macro COPYIN smap erms
742 movq PCPU(CURPCB),%r11
743 movq $copy_fault,PCB_ONFAULT(%r11)
746 * make sure address is valid
751 movq $VM_MAXUSER_ADDRESS,%rcx
764 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
766 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
771 ENTRY(copyin_nosmap_std)
773 END(copyin_nosmap_std)
775 ENTRY(copyin_smap_std)
779 ENTRY(copyin_nosmap_erms)
781 END(copyin_nosmap_erms)
783 ENTRY(copyin_smap_erms)
785 END(copyin_smap_erms)
788 /* Trap entry clears PSL.AC */
790 movq $0,PCB_ONFAULT(%r11)
796 * casueword32. Compare and set user integer. Returns -1 on fault,
797 * 0 if access was successful. Old value is written to *oldp.
798 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
800 ENTRY(casueword32_nosmap)
802 movq PCPU(CURPCB),%r8
803 movq $fusufault,PCB_ONFAULT(%r8)
805 movq $VM_MAXUSER_ADDRESS-4,%rax
806 cmpq %rax,%rdi /* verify address is valid */
809 movl %esi,%eax /* old */
813 cmpxchgl %ecx,(%rdi) /* new = %ecx */
817 * The old value is in %eax. If the store succeeded it will be the
818 * value we expected (old) from before the store, otherwise it will
819 * be the current value. Save %eax into %esi to prepare the return
824 movq %rax,PCB_ONFAULT(%r8)
827 * Access the oldp after the pcb_onfault is cleared, to correctly
828 * catch corrupted pointer.
830 movl %esi,(%rdx) /* oldp = %rdx */
834 END(casueword32_nosmap)
836 ENTRY(casueword32_smap)
838 movq PCPU(CURPCB),%r8
839 movq $fusufault,PCB_ONFAULT(%r8)
841 movq $VM_MAXUSER_ADDRESS-4,%rax
842 cmpq %rax,%rdi /* verify address is valid */
845 movl %esi,%eax /* old */
850 cmpxchgl %ecx,(%rdi) /* new = %ecx */
855 * The old value is in %eax. If the store succeeded it will be the
856 * value we expected (old) from before the store, otherwise it will
857 * be the current value. Save %eax into %esi to prepare the return
862 movq %rax,PCB_ONFAULT(%r8)
865 * Access the oldp after the pcb_onfault is cleared, to correctly
866 * catch corrupted pointer.
868 movl %esi,(%rdx) /* oldp = %rdx */
872 END(casueword32_smap)
875 * casueword. Compare and set user long. Returns -1 on fault,
876 * 0 if access was successful. Old value is written to *oldp.
877 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
879 ENTRY(casueword_nosmap)
881 movq PCPU(CURPCB),%r8
882 movq $fusufault,PCB_ONFAULT(%r8)
884 movq $VM_MAXUSER_ADDRESS-4,%rax
885 cmpq %rax,%rdi /* verify address is valid */
888 movq %rsi,%rax /* old */
892 cmpxchgq %rcx,(%rdi) /* new = %rcx */
896 * The old value is in %rax. If the store succeeded it will be the
897 * value we expected (old) from before the store, otherwise it will
898 * be the current value.
902 movq %rax,PCB_ONFAULT(%r8)
907 END(casueword_nosmap)
909 ENTRY(casueword_smap)
911 movq PCPU(CURPCB),%r8
912 movq $fusufault,PCB_ONFAULT(%r8)
914 movq $VM_MAXUSER_ADDRESS-4,%rax
915 cmpq %rax,%rdi /* verify address is valid */
918 movq %rsi,%rax /* old */
923 cmpxchgq %rcx,(%rdi) /* new = %rcx */
928 * The old value is in %rax. If the store succeeded it will be the
929 * value we expected (old) from before the store, otherwise it will
930 * be the current value.
934 movq %rax,PCB_ONFAULT(%r8)
942 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
943 * byte from user memory.
944 * addr = %rdi, valp = %rsi
947 ENTRY(fueword_nosmap)
949 movq PCPU(CURPCB),%rcx
950 movq $fusufault,PCB_ONFAULT(%rcx)
952 movq $VM_MAXUSER_ADDRESS-8,%rax
953 cmpq %rax,%rdi /* verify address is valid */
958 movq %rax,PCB_ONFAULT(%rcx)
966 movq PCPU(CURPCB),%rcx
967 movq $fusufault,PCB_ONFAULT(%rcx)
969 movq $VM_MAXUSER_ADDRESS-8,%rax
970 cmpq %rax,%rdi /* verify address is valid */
977 movq %rax,PCB_ONFAULT(%rcx)
983 ENTRY(fueword32_nosmap)
985 movq PCPU(CURPCB),%rcx
986 movq $fusufault,PCB_ONFAULT(%rcx)
988 movq $VM_MAXUSER_ADDRESS-4,%rax
989 cmpq %rax,%rdi /* verify address is valid */
994 movq %rax,PCB_ONFAULT(%rcx)
998 END(fueword32_nosmap)
1000 ENTRY(fueword32_smap)
1002 movq PCPU(CURPCB),%rcx
1003 movq $fusufault,PCB_ONFAULT(%rcx)
1005 movq $VM_MAXUSER_ADDRESS-4,%rax
1006 cmpq %rax,%rdi /* verify address is valid */
1013 movq %rax,PCB_ONFAULT(%rcx)
1019 ENTRY(fuword16_nosmap)
1021 movq PCPU(CURPCB),%rcx
1022 movq $fusufault,PCB_ONFAULT(%rcx)
1024 movq $VM_MAXUSER_ADDRESS-2,%rax
1029 movq $0,PCB_ONFAULT(%rcx)
1032 END(fuword16_nosmap)
1034 ENTRY(fuword16_smap)
1036 movq PCPU(CURPCB),%rcx
1037 movq $fusufault,PCB_ONFAULT(%rcx)
1039 movq $VM_MAXUSER_ADDRESS-2,%rax
1046 movq $0,PCB_ONFAULT(%rcx)
1051 ENTRY(fubyte_nosmap)
1053 movq PCPU(CURPCB),%rcx
1054 movq $fusufault,PCB_ONFAULT(%rcx)
1056 movq $VM_MAXUSER_ADDRESS-1,%rax
1061 movq $0,PCB_ONFAULT(%rcx)
1068 movq PCPU(CURPCB),%rcx
1069 movq $fusufault,PCB_ONFAULT(%rcx)
1071 movq $VM_MAXUSER_ADDRESS-1,%rax
1078 movq $0,PCB_ONFAULT(%rcx)
1084 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
1086 * addr = %rdi, value = %rsi
1088 ENTRY(suword_nosmap)
1090 movq PCPU(CURPCB),%rcx
1091 movq $fusufault,PCB_ONFAULT(%rcx)
1093 movq $VM_MAXUSER_ADDRESS-8,%rax
1094 cmpq %rax,%rdi /* verify address validity */
1099 movq PCPU(CURPCB),%rcx
1100 movq %rax,PCB_ONFAULT(%rcx)
1107 movq PCPU(CURPCB),%rcx
1108 movq $fusufault,PCB_ONFAULT(%rcx)
1110 movq $VM_MAXUSER_ADDRESS-8,%rax
1111 cmpq %rax,%rdi /* verify address validity */
1118 movq PCPU(CURPCB),%rcx
1119 movq %rax,PCB_ONFAULT(%rcx)
1124 ENTRY(suword32_nosmap)
1126 movq PCPU(CURPCB),%rcx
1127 movq $fusufault,PCB_ONFAULT(%rcx)
1129 movq $VM_MAXUSER_ADDRESS-4,%rax
1130 cmpq %rax,%rdi /* verify address validity */
1135 movq PCPU(CURPCB),%rcx
1136 movq %rax,PCB_ONFAULT(%rcx)
1139 END(suword32_nosmap)
1141 ENTRY(suword32_smap)
1143 movq PCPU(CURPCB),%rcx
1144 movq $fusufault,PCB_ONFAULT(%rcx)
1146 movq $VM_MAXUSER_ADDRESS-4,%rax
1147 cmpq %rax,%rdi /* verify address validity */
1154 movq PCPU(CURPCB),%rcx
1155 movq %rax,PCB_ONFAULT(%rcx)
1160 ENTRY(suword16_nosmap)
1162 movq PCPU(CURPCB),%rcx
1163 movq $fusufault,PCB_ONFAULT(%rcx)
1165 movq $VM_MAXUSER_ADDRESS-2,%rax
1166 cmpq %rax,%rdi /* verify address validity */
1171 movq %rax,PCB_ONFAULT(%rcx)
1174 END(suword16_nosmap)
1176 ENTRY(suword16_smap)
1178 movq PCPU(CURPCB),%rcx
1179 movq $fusufault,PCB_ONFAULT(%rcx)
1181 movq $VM_MAXUSER_ADDRESS-2,%rax
1182 cmpq %rax,%rdi /* verify address validity */
1189 movq %rax,PCB_ONFAULT(%rcx)
1194 ENTRY(subyte_nosmap)
1196 movq PCPU(CURPCB),%rcx
1197 movq $fusufault,PCB_ONFAULT(%rcx)
1199 movq $VM_MAXUSER_ADDRESS-1,%rax
1200 cmpq %rax,%rdi /* verify address validity */
1206 movq %rax,PCB_ONFAULT(%rcx)
1213 movq PCPU(CURPCB),%rcx
1214 movq $fusufault,PCB_ONFAULT(%rcx)
1216 movq $VM_MAXUSER_ADDRESS-1,%rax
1217 cmpq %rax,%rdi /* verify address validity */
1225 movq %rax,PCB_ONFAULT(%rcx)
1231 /* Fault entry clears PSL.AC */
1233 movq PCPU(CURPCB),%rcx
1235 movq %rax,PCB_ONFAULT(%rcx)
1241 * copyinstr(from, to, maxlen, int *lencopied)
1242 * %rdi, %rsi, %rdx, %rcx
1244 * copy a string from 'from' to 'to', stop when a 0 character is reached.
1245 * return ENAMETOOLONG if string is longer than maxlen, and
1246 * EFAULT on protection violations. If lencopied is non-zero,
1247 * return the actual length in *lencopied.
1249 .macro COPYINSTR smap
1251 movq %rdx,%r8 /* %r8 = maxlen */
1252 movq PCPU(CURPCB),%r9
1253 movq $cpystrflt,PCB_ONFAULT(%r9)
1255 movq $VM_MAXUSER_ADDRESS,%rax
1257 /* make sure 'from' is within bounds */
1263 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
1271 jz copyinstr_toolong
1273 jz copyinstr_toolong_smap
1285 /* Success -- 0 byte reached */
1289 /* set *lencopied and return %eax */
1290 movq %rax,PCB_ONFAULT(%r9)
1307 ENTRY(copyinstr_nosmap)
1309 END(copyinstr_nosmap)
1311 ENTRY(copyinstr_smap)
1316 /* Fault entry clears PSL.AC */
1319 /* set *lencopied and return %eax */
1320 movq $0,PCB_ONFAULT(%r9)
1330 copyinstr_toolong_smap:
1333 /* rdx is zero - return ENAMETOOLONG or EFAULT */
1334 movq $VM_MAXUSER_ADDRESS,%rax
1337 movl $ENAMETOOLONG,%eax
1341 * copystr(from, to, maxlen, int *lencopied)
1342 * %rdi, %rsi, %rdx, %rcx
1346 movq %rdx,%r8 /* %r8 = maxlen */
1359 /* Success -- 0 byte reached */
1365 /* set *lencopied and return %rax */
1372 /* rdx is zero -- return ENAMETOOLONG */
1373 movl $ENAMETOOLONG,%eax
1378 * Handling of special amd64 registers and descriptor tables etc
1380 /* void lgdt(struct region_descriptor *rdp); */
1382 /* reload the descriptor table */
1385 /* flush the prefetch q */
1392 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1396 /* reload code selector by turning return into intersegmental return */
1404 /*****************************************************************************/
1405 /* setjump, longjump */
1406 /*****************************************************************************/
1409 movq %rbx,0(%rdi) /* save rbx */
1410 movq %rsp,8(%rdi) /* save rsp */
1411 movq %rbp,16(%rdi) /* save rbp */
1412 movq %r12,24(%rdi) /* save r12 */
1413 movq %r13,32(%rdi) /* save r13 */
1414 movq %r14,40(%rdi) /* save r14 */
1415 movq %r15,48(%rdi) /* save r15 */
1416 movq 0(%rsp),%rdx /* get rta */
1417 movq %rdx,56(%rdi) /* save rip */
1418 xorl %eax,%eax /* return(0); */
1423 movq 0(%rdi),%rbx /* restore rbx */
1424 movq 8(%rdi),%rsp /* restore rsp */
1425 movq 16(%rdi),%rbp /* restore rbp */
1426 movq 24(%rdi),%r12 /* restore r12 */
1427 movq 32(%rdi),%r13 /* restore r13 */
1428 movq 40(%rdi),%r14 /* restore r14 */
1429 movq 48(%rdi),%r15 /* restore r15 */
1430 movq 56(%rdi),%rdx /* get rta */
1431 movq %rdx,0(%rsp) /* put in return frame */
1432 xorl %eax,%eax /* return(1); */
1438 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1442 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1444 movq PCPU(CURPCB),%r8
1445 movq $msr_onfault,PCB_ONFAULT(%r8)
1447 rdmsr /* Read MSR pointed by %ecx. Returns
1448 hi byte in edx, lo in %eax */
1449 salq $32,%rdx /* sign-shift %rdx left */
1450 movl %eax,%eax /* zero-extend %eax -> %rax */
1454 movq %rax,PCB_ONFAULT(%r8)
1459 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1463 /* int wrmsr_safe(u_int msr, uint64_t data) */
1465 movq PCPU(CURPCB),%r8
1466 movq $msr_onfault,PCB_ONFAULT(%r8)
1471 wrmsr /* Write MSR pointed by %ecx. Accepts
1472 hi byte in edx, lo in %eax. */
1474 movq %rax,PCB_ONFAULT(%r8)
1479 * MSR operations fault handler
1483 movq $0,PCB_ONFAULT(%r8)
1489 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1490 * Invalidates address space addressed by ucr3, then returns to kcr3.
1491 * Done in assembler to ensure no other memory accesses happen while
1495 ENTRY(pmap_pti_pcid_invalidate)
1498 movq %rdi,%cr3 /* to user page table */
1499 movq %rsi,%cr3 /* back to kernel */
1504 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1505 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1508 ENTRY(pmap_pti_pcid_invlpg)
1511 movq %rdi,%cr3 /* to user page table */
1513 movq %rsi,%cr3 /* back to kernel */
1518 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1520 * Invalidates virtual addresses between sva and eva in address space ucr3,
1521 * then returns to kcr3.
1524 ENTRY(pmap_pti_pcid_invlrng)
1527 movq %rdi,%cr3 /* to user page table */
1529 addq $PAGE_SIZE,%rdx
1532 movq %rsi,%cr3 /* back to kernel */
1537 .macro ibrs_seq_label l
1540 .macro ibrs_call_label l
1543 .macro ibrs_seq count
1546 ibrs_call_label %(ll)
1548 ibrs_seq_label %(ll)
1554 /* all callers already saved %rax, %rdx, and %rcx */
1555 ENTRY(handle_ibrs_entry)
1556 cmpb $0,hw_ibrs_active(%rip)
1558 movl $MSR_IA32_SPEC_CTRL,%ecx
1560 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1561 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1563 movb $1,PCPU(IBPB_SET)
1564 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1568 END(handle_ibrs_entry)
1570 ENTRY(handle_ibrs_exit)
1571 cmpb $0,PCPU(IBPB_SET)
1573 movl $MSR_IA32_SPEC_CTRL,%ecx
1575 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1576 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1578 movb $0,PCPU(IBPB_SET)
1580 END(handle_ibrs_exit)
1582 /* registers-neutral version, but needs stack */
1583 ENTRY(handle_ibrs_exit_rs)
1584 cmpb $0,PCPU(IBPB_SET)
1589 movl $MSR_IA32_SPEC_CTRL,%ecx
1591 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1592 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1597 movb $0,PCPU(IBPB_SET)
1599 END(handle_ibrs_exit_rs)
1604 * Flush L1D cache. Load enough of the data from the kernel text
1605 * to flush existing L1D content.
1607 * N.B. The function does not follow ABI calling conventions, it corrupts %rbx.
1608 * The vmm.ko caller expects that only %rax, %rdx, %rbx, %rcx, %r9, and %rflags
1609 * registers are clobbered. The NMI handler caller only needs %r13 preserved.
1612 #define L1D_FLUSH_SIZE (64 * 1024)
1614 movq $-L1D_FLUSH_SIZE, %rcx
1616 * pass 1: Preload TLB.
1617 * Kernel text is mapped using superpages. TLB preload is
1618 * done for the benefit of older CPUs which split 2M page
1619 * into 4k TLB entries.
1621 1: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1622 addq $PAGE_SIZE, %rcx
1626 movq $-L1D_FLUSH_SIZE, %rcx
1627 /* pass 2: Read each cache line. */
1628 2: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1633 #undef L1D_FLUSH_SIZE
1636 ENTRY(flush_l1d_sw_abi)
1641 END(flush_l1d_sw_abi)
1643 ENTRY(mds_handler_void)
1645 END(mds_handler_void)
1647 ENTRY(mds_handler_verw)
1653 END(mds_handler_verw)
1655 ENTRY(mds_handler_ivb)
1664 1: movq PCPU(MDS_BUF), %rdx
1665 movdqa %xmm0, PCPU(MDS_TMP)
1674 2: movntdq %xmm0, (%rdx)
1680 movdqa PCPU(MDS_TMP),%xmm0
1688 END(mds_handler_ivb)
1690 ENTRY(mds_handler_bdw)
1701 1: movq PCPU(MDS_BUF), %rbx
1702 movdqa %xmm0, PCPU(MDS_TMP)
1708 2: movntdq %xmm0, (%rbx)
1717 movdqa PCPU(MDS_TMP),%xmm0
1727 END(mds_handler_bdw)
1729 ENTRY(mds_handler_skl_sse)
1739 1: movq PCPU(MDS_BUF), %rdi
1740 movq PCPU(MDS_BUF64), %rdx
1741 movdqa %xmm0, PCPU(MDS_TMP)
1748 2: clflushopt 5376(%rdi, %rax, 8)
1758 movdqa PCPU(MDS_TMP), %xmm0
1767 END(mds_handler_skl_sse)
1769 ENTRY(mds_handler_skl_avx)
1779 1: movq PCPU(MDS_BUF), %rdi
1780 movq PCPU(MDS_BUF64), %rdx
1781 vmovdqa %ymm0, PCPU(MDS_TMP)
1782 vpxor %ymm0, %ymm0, %ymm0
1785 vorpd (%rdx), %ymm0, %ymm0
1786 vorpd (%rdx), %ymm0, %ymm0
1788 2: clflushopt 5376(%rdi, %rax, 8)
1798 vmovdqa PCPU(MDS_TMP), %ymm0
1807 END(mds_handler_skl_avx)
1809 ENTRY(mds_handler_skl_avx512)
1819 1: movq PCPU(MDS_BUF), %rdi
1820 movq PCPU(MDS_BUF64), %rdx
1821 vmovdqa64 %zmm0, PCPU(MDS_TMP)
1822 vpxor %zmm0, %zmm0, %zmm0
1825 vorpd (%rdx), %zmm0, %zmm0
1826 vorpd (%rdx), %zmm0, %zmm0
1828 2: clflushopt 5376(%rdi, %rax, 8)
1838 vmovdqa64 PCPU(MDS_TMP), %zmm0
1847 END(mds_handler_skl_avx512)
1849 ENTRY(mds_handler_silvermont)
1858 1: movq PCPU(MDS_BUF), %rdx
1859 movdqa %xmm0, PCPU(MDS_TMP)
1863 2: movntdq %xmm0, (%rdx)
1869 movdqa PCPU(MDS_TMP),%xmm0
1877 END(mds_handler_silvermont)
projects / FreeBSD / FreeBSD.git / blob