2 * Copyright (c) 2003 Peter Wemm.
3 * Copyright (c) 1993 The Regents of the University of California.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 4. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <machine/asmacros.h>
36 #include <machine/specialreg.h>
37 #include <machine/pmap.h>
45 * void bzero(void *buf, u_int len)
67 movq $PAGE_SIZE/8,%rcx
95 * bcopy(src, dst, cnt)
97 * ws@tools.de (Wolfgang Solfrank, TooLs GmbH) +49-228-985800
106 cmpq %rcx,%rax /* overlapping && src < dst? */
109 shrq $3,%rcx /* copy by 64-bit words */
113 andq $7,%rcx /* any bytes left? */
121 addq %rcx,%rdi /* copy backwards */
125 andq $7,%rcx /* any fractional bytes? */
129 movq %rdx,%rcx /* copy remainder by 32-bit words */
141 * Note: memcpy does not support overlapping copies
147 shrq $3,%rcx /* copy by 64-bit words */
151 andq $7,%rcx /* any bytes left? */
159 * pagecopy(%rdi=from, %rsi=to)
163 movq $-PAGE_SIZE,%rax
168 prefetchnta (%rdi,%rax)
172 movq (%rdi,%rdx),%rax
173 movnti %rax,(%rsi,%rdx)
174 movq 8(%rdi,%rdx),%rax
175 movnti %rax,8(%rsi,%rdx)
176 movq 16(%rdi,%rdx),%rax
177 movnti %rax,16(%rsi,%rdx)
178 movq 24(%rdi,%rdx),%rax
179 movnti %rax,24(%rsi,%rdx)
187 /* fillw(pat, base, cnt) */
188 /* %rdi,%rsi, %rdx */
200 /*****************************************************************************/
201 /* copyout and fubyte family */
202 /*****************************************************************************/
204 * Access user memory from inside the kernel. These routines should be
205 * the only places that do this.
207 * These routines set curpcb->pcb_onfault for the time they execute. When a
208 * protection violation occurs inside the functions, the trap handler
209 * returns to *curpcb->pcb_onfault instead of the function.
213 * copyout(from_kernel, to_user, len)
218 movq PCPU(CURPCB),%rax
219 movq $copyout_fault,PCB_ONFAULT(%rax)
220 testq %rdx,%rdx /* anything to do? */
224 * Check explicitly for non-user addresses. This check is essential
225 * because it prevents usermode from writing into the kernel. We do
226 * not verify anywhere else that the user did not specify a rogue
230 * First, prevent address wrapping.
236 * XXX STOP USING VM_MAXUSER_ADDRESS.
237 * It is an end address, not a max, so every time it is used correctly it
238 * looks like there is an off by one error, and of course it caused an off
239 * by one error in several places.
241 movq $VM_MAXUSER_ADDRESS,%rcx
246 /* bcopy(%rsi, %rdi, %rdx) */
259 movq PCPU(CURPCB),%rdx
260 movq %rax,PCB_ONFAULT(%rdx)
266 movq PCPU(CURPCB),%rdx
267 movq $0,PCB_ONFAULT(%rdx)
274 * copyin(from_user, to_kernel, len)
279 movq PCPU(CURPCB),%rax
280 movq $copyin_fault,PCB_ONFAULT(%rax)
281 testq %rdx,%rdx /* anything to do? */
285 * make sure address is valid
290 movq $VM_MAXUSER_ADDRESS,%rcx
297 shrq $3,%rcx /* copy longword-wise */
301 andb $7,%cl /* copy remaining bytes */
307 movq PCPU(CURPCB),%rdx
308 movq %rax,PCB_ONFAULT(%rdx)
314 movq PCPU(CURPCB),%rdx
315 movq $0,PCB_ONFAULT(%rdx)
322 * casueword32. Compare and set user integer. Returns -1 on fault,
323 * 0 if access was successful. Old value is written to *oldp.
324 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
328 movq PCPU(CURPCB),%r8
329 movq $fusufault,PCB_ONFAULT(%r8)
331 movq $VM_MAXUSER_ADDRESS-4,%rax
332 cmpq %rax,%rdi /* verify address is valid */
335 movl %esi,%eax /* old */
339 cmpxchgl %ecx,(%rdi) /* new = %ecx */
342 * The old value is in %eax. If the store succeeded it will be the
343 * value we expected (old) from before the store, otherwise it will
344 * be the current value. Save %eax into %esi to prepare the return
349 movq %rax,PCB_ONFAULT(%r8)
352 * Access the oldp after the pcb_onfault is cleared, to correctly
353 * catch corrupted pointer.
355 movl %esi,(%rdx) /* oldp = %rdx */
361 * casueword. Compare and set user long. Returns -1 on fault,
362 * 0 if access was successful. Old value is written to *oldp.
363 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
367 movq PCPU(CURPCB),%r8
368 movq $fusufault,PCB_ONFAULT(%r8)
370 movq $VM_MAXUSER_ADDRESS-4,%rax
371 cmpq %rax,%rdi /* verify address is valid */
374 movq %rsi,%rax /* old */
378 cmpxchgq %rcx,(%rdi) /* new = %rcx */
381 * The old value is in %rax. If the store succeeded it will be the
382 * value we expected (old) from before the store, otherwise it will
383 * be the current value.
387 movq %rax,PCB_ONFAULT(%r8)
394 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
395 * byte from user memory.
396 * addr = %rdi, valp = %rsi
402 movq PCPU(CURPCB),%rcx
403 movq $fusufault,PCB_ONFAULT(%rcx)
405 movq $VM_MAXUSER_ADDRESS-8,%rax
406 cmpq %rax,%rdi /* verify address is valid */
411 movq %rax,PCB_ONFAULT(%rcx)
420 movq PCPU(CURPCB),%rcx
421 movq $fusufault,PCB_ONFAULT(%rcx)
423 movq $VM_MAXUSER_ADDRESS-4,%rax
424 cmpq %rax,%rdi /* verify address is valid */
429 movq %rax,PCB_ONFAULT(%rcx)
436 * fuswintr() and suswintr() are specialized variants of fuword16() and
437 * suword16(), respectively. They are called from the profiling code,
438 * potentially at interrupt time. If they fail, that's okay; good things
439 * will happen later. They always fail for now, until the trap code is
440 * able to deal with this.
451 movq PCPU(CURPCB),%rcx
452 movq $fusufault,PCB_ONFAULT(%rcx)
454 movq $VM_MAXUSER_ADDRESS-2,%rax
459 movq $0,PCB_ONFAULT(%rcx)
466 movq PCPU(CURPCB),%rcx
467 movq $fusufault,PCB_ONFAULT(%rcx)
469 movq $VM_MAXUSER_ADDRESS-1,%rax
474 movq $0,PCB_ONFAULT(%rcx)
481 movq PCPU(CURPCB),%rcx
483 movq %rax,PCB_ONFAULT(%rcx)
489 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
491 * addr = %rdi, value = %rsi
496 movq PCPU(CURPCB),%rcx
497 movq $fusufault,PCB_ONFAULT(%rcx)
499 movq $VM_MAXUSER_ADDRESS-8,%rax
500 cmpq %rax,%rdi /* verify address validity */
505 movq PCPU(CURPCB),%rcx
506 movq %rax,PCB_ONFAULT(%rcx)
514 movq PCPU(CURPCB),%rcx
515 movq $fusufault,PCB_ONFAULT(%rcx)
517 movq $VM_MAXUSER_ADDRESS-4,%rax
518 cmpq %rax,%rdi /* verify address validity */
523 movq PCPU(CURPCB),%rcx
524 movq %rax,PCB_ONFAULT(%rcx)
531 movq PCPU(CURPCB),%rcx
532 movq $fusufault,PCB_ONFAULT(%rcx)
534 movq $VM_MAXUSER_ADDRESS-2,%rax
535 cmpq %rax,%rdi /* verify address validity */
540 movq PCPU(CURPCB),%rcx /* restore trashed register */
541 movq %rax,PCB_ONFAULT(%rcx)
548 movq PCPU(CURPCB),%rcx
549 movq $fusufault,PCB_ONFAULT(%rcx)
551 movq $VM_MAXUSER_ADDRESS-1,%rax
552 cmpq %rax,%rdi /* verify address validity */
558 movq PCPU(CURPCB),%rcx /* restore trashed register */
559 movq %rax,PCB_ONFAULT(%rcx)
565 * copyinstr(from, to, maxlen, int *lencopied)
566 * %rdi, %rsi, %rdx, %rcx
568 * copy a string from 'from' to 'to', stop when a 0 character is reached.
569 * return ENAMETOOLONG if string is longer than maxlen, and
570 * EFAULT on protection violations. If lencopied is non-zero,
571 * return the actual length in *lencopied.
575 movq %rdx,%r8 /* %r8 = maxlen */
576 movq %rcx,%r9 /* %r9 = *len */
577 xchgq %rdi,%rsi /* %rdi = from, %rsi = to */
578 movq PCPU(CURPCB),%rcx
579 movq $cpystrflt,PCB_ONFAULT(%rcx)
581 movq $VM_MAXUSER_ADDRESS,%rax
583 /* make sure 'from' is within bounds */
587 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
604 /* Success -- 0 byte reached */
609 /* rdx is zero - return ENAMETOOLONG or EFAULT */
610 movq $VM_MAXUSER_ADDRESS,%rax
614 movq $ENAMETOOLONG,%rax
621 /* set *lencopied and return %eax */
622 movq PCPU(CURPCB),%rcx
623 movq $0,PCB_ONFAULT(%rcx)
635 * copystr(from, to, maxlen, int *lencopied)
636 * %rdi, %rsi, %rdx, %rcx
640 movq %rdx,%r8 /* %r8 = maxlen */
652 /* Success -- 0 byte reached */
657 /* rdx is zero -- return ENAMETOOLONG */
658 movq $ENAMETOOLONG,%rax
664 /* set *lencopied and return %rax */
673 * Handling of special amd64 registers and descriptor tables etc
675 /* void lgdt(struct region_descriptor *rdp); */
677 /* reload the descriptor table */
680 /* flush the prefetch q */
687 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
691 /* reload code selector by turning return into intersegmental return */
699 /*****************************************************************************/
700 /* setjump, longjump */
701 /*****************************************************************************/
704 movq %rbx,0(%rdi) /* save rbx */
705 movq %rsp,8(%rdi) /* save rsp */
706 movq %rbp,16(%rdi) /* save rbp */
707 movq %r12,24(%rdi) /* save r12 */
708 movq %r13,32(%rdi) /* save r13 */
709 movq %r14,40(%rdi) /* save r14 */
710 movq %r15,48(%rdi) /* save r15 */
711 movq 0(%rsp),%rdx /* get rta */
712 movq %rdx,56(%rdi) /* save rip */
713 xorl %eax,%eax /* return(0); */
718 movq 0(%rdi),%rbx /* restore rbx */
719 movq 8(%rdi),%rsp /* restore rsp */
720 movq 16(%rdi),%rbp /* restore rbp */
721 movq 24(%rdi),%r12 /* restore r12 */
722 movq 32(%rdi),%r13 /* restore r13 */
723 movq 40(%rdi),%r14 /* restore r14 */
724 movq 48(%rdi),%r15 /* restore r15 */
725 movq 56(%rdi),%rdx /* get rta */
726 movq %rdx,0(%rsp) /* put in return frame */
727 xorl %eax,%eax /* return(1); */
733 * Support for reading MSRs in the safe manner.
736 /* int rdmsr_safe(u_int msr, uint64_t *data) */
738 movq PCPU(CURPCB),%r8
739 movq $msr_onfault,PCB_ONFAULT(%r8)
741 rdmsr /* Read MSR pointed by %ecx. Returns
742 hi byte in edx, lo in %eax */
743 salq $32,%rdx /* sign-shift %rdx left */
744 movl %eax,%eax /* zero-extend %eax -> %rax */
748 movq %rax,PCB_ONFAULT(%r8)
753 * Support for writing MSRs in the safe manner.
756 /* int wrmsr_safe(u_int msr, uint64_t data) */
758 movq PCPU(CURPCB),%r8
759 movq $msr_onfault,PCB_ONFAULT(%r8)
764 wrmsr /* Write MSR pointed by %ecx. Accepts
765 hi byte in edx, lo in %eax. */
767 movq %rax,PCB_ONFAULT(%r8)
772 * MSR operations fault handler
776 movq $0,PCB_ONFAULT(%r8)
782 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
783 * Invalidates address space addressed by ucr3, then returns to kcr3.
784 * Done in assembler to ensure no other memory accesses happen while
788 ENTRY(pmap_pti_pcid_invalidate)
791 movq %rdi,%cr3 /* to user page table */
792 movq %rsi,%cr3 /* back to kernel */
797 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
798 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
801 ENTRY(pmap_pti_pcid_invlpg)
804 movq %rdi,%cr3 /* to user page table */
806 movq %rsi,%cr3 /* back to kernel */
811 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
813 * Invalidates virtual addresses between sva and eva in address space ucr3,
814 * then returns to kcr3.
817 ENTRY(pmap_pti_pcid_invlrng)
820 movq %rdi,%cr3 /* to user page table */
825 movq %rsi,%cr3 /* back to kernel */
830 .macro ibrs_seq_label l
833 .macro ibrs_call_label l
836 .macro ibrs_seq count
839 ibrs_call_label %(ll)
847 /* all callers already saved %rax, %rdx, and %rcx */
848 ENTRY(handle_ibrs_entry)
849 cmpb $0,hw_ibrs_active(%rip)
851 movl $MSR_IA32_SPEC_CTRL,%ecx
853 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
854 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
856 movb $1,PCPU(IBPB_SET)
857 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
861 END(handle_ibrs_entry)
863 ENTRY(handle_ibrs_exit)
864 cmpb $0,PCPU(IBPB_SET)
866 movl $MSR_IA32_SPEC_CTRL,%ecx
868 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
869 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
871 movb $0,PCPU(IBPB_SET)
873 END(handle_ibrs_exit)
875 /* registers-neutral version, but needs stack */
876 ENTRY(handle_ibrs_exit_rs)
877 cmpb $0,PCPU(IBPB_SET)
882 movl $MSR_IA32_SPEC_CTRL,%ecx
884 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
885 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
890 movb $0,PCPU(IBPB_SET)
892 END(handle_ibrs_exit_rs)