2 * Copyright (c) 2018-2019 The FreeBSD Foundation
3 * Copyright (c) 2003 Peter Wemm.
4 * Copyright (c) 1993 The Regents of the University of California.
7 * Portions of this software were developed by
8 * Konstantin Belousov <kib@FreeBSD.org> under sponsorship from
9 * the FreeBSD Foundation.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the University nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <machine/asmacros.h>
41 #include <machine/specialreg.h>
42 #include <machine/pmap.h>
51 movl $PAGE_SIZE/8,%ecx
70 * pagecopy(%rdi=from, %rsi=to)
74 movl $PAGE_SIZE/8,%ecx
85 * memcmpy(b1, b2, len)
120 movq -8(%rdi,%rdx),%r8
121 movq -8(%rsi,%rdx),%r9
132 movl -4(%rdi,%rdx),%r8d
133 movl -4(%rsi,%rdx),%r9d
144 movzwl -2(%rdi,%rdx),%r8d
145 movzwl -2(%rsi,%rdx),%r9d
162 movq -16(%rdi,%rdx),%r8
163 movq -16(%rsi,%rdx),%r9
166 movq -8(%rdi,%rdx),%r8
167 movq -8(%rsi,%rdx),%r9
199 * Mismatch was found.
201 * Before we compute it we narrow down the range (16 -> 8 -> 4 bytes).
218 leaq -8(%rdi,%rdx),%rdi
219 leaq -8(%rsi,%rdx),%rsi
223 leaq -16(%rdi,%rdx),%rdi
224 leaq -16(%rsi,%rdx),%rsi
233 leaq -4(%rdi,%rdx),%rdi
234 leaq -4(%rsi,%rdx),%rsi
247 * We have up to 4 bytes to inspect.
274 * memmove(dst, src, cnt)
279 * Register state at entry is supposed to be as follows:
284 * The macro possibly clobbers the above and: rcx, r8, r9, r10
285 * It does not clobber rax nor r11.
287 .macro MEMMOVE erms overlap begin end
291 * For sizes 0..32 all data is read before it is written, so there
292 * is no correctness issue with direction of copying.
300 cmpq %rcx,%r8 /* overlapping && src < dst? */
332 movq -16(%rsi,%rcx),%r9
333 movq -8(%rsi,%rcx),%r10
336 movq %r9,-16(%rdi,%rcx)
337 movq %r10,-8(%rdi,%rcx)
345 movq -8(%rsi,%rcx),%r8
347 movq %r8,-8(%rdi,%rcx,)
355 movl -4(%rsi,%rcx),%r8d
357 movl %r8d,-4(%rdi,%rcx)
365 movzwl -2(%rsi,%rcx),%r8d
367 movw %r8w,-2(%rdi,%rcx)
388 shrq $3,%rcx /* copy by 64-bit words */
392 andl $7,%ecx /* any bytes left? */
403 leaq -16(%rdx,%rcx),%rdx
405 leaq 16(%rdi,%rcx),%rdi
406 leaq 16(%rsi,%rcx),%rsi
414 shrq $3,%rcx /* copy by 64-bit words */
420 andl $7,%ecx /* any bytes left? */
435 leaq -8(%rdi,%rcx),%rdi
436 leaq -8(%rsi,%rcx),%rsi
511 leaq -1(%rdi,%rcx),%rdi
512 leaq -1(%rsi,%rcx),%rsi
517 leaq -8(%rdi,%rcx),%rdi
518 leaq -8(%rsi,%rcx),%rsi
543 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
547 MEMMOVE erms=1 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END
551 * memcpy(dst, src, len)
554 * Note: memcpy does not support overlapping copies
557 MEMMOVE erms=0 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
561 MEMMOVE erms=1 overlap=0 begin=MEMMOVE_BEGIN end=MEMMOVE_END
565 * memset(dst, c, len)
573 movabs $0x0101010101010101,%r10
594 movq %r10,-16(%rdi,%rcx)
595 movq %r10,-8(%rdi,%rcx)
605 movq %r10,-16(%rdi,%rcx)
606 movq %r10,-8(%rdi,%rcx)
614 movq %r10,-8(%rdi,%rcx)
622 movl %r10d,-4(%rdi,%rcx)
630 movw %r10w,-2(%rdi,%rcx)
663 movq %r10,-8(%rdi,%rdx)
673 leaq -16(%rcx,%r8),%rcx
675 leaq 16(%rdi,%r8),%rdi
687 /* fillw(pat, base, cnt) */
688 /* %rdi,%rsi, %rdx */
700 /*****************************************************************************/
701 /* copyout and fubyte family */
702 /*****************************************************************************/
704 * Access user memory from inside the kernel. These routines should be
705 * the only places that do this.
707 * These routines set curpcb->pcb_onfault for the time they execute. When a
708 * protection violation occurs inside the functions, the trap handler
709 * returns to *curpcb->pcb_onfault instead of the function.
712 .macro SMAP_DISABLE smap
719 .macro SMAP_ENABLE smap
725 .macro COPYINOUT_BEGIN
729 movq %rax,PCB_ONFAULT(%r11)
733 .macro COPYINOUT_SMAP_END
739 * copyout(from_kernel, to_user, len)
742 .macro COPYOUT smap erms
744 movq PCPU(CURPCB),%r11
745 movq $copy_fault,PCB_ONFAULT(%r11)
748 * Check explicitly for non-user addresses.
749 * First, prevent address wrapping.
755 * XXX STOP USING VM_MAXUSER_ADDRESS.
756 * It is an end address, not a max, so every time it is used correctly it
757 * looks like there is an off by one error, and of course it caused an off
758 * by one error in several places.
760 movq $VM_MAXUSER_ADDRESS,%rcx
765 * Set return value to zero. Remaining failure mode goes through
771 * Set up arguments for MEMMOVE.
781 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
783 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
788 ENTRY(copyout_nosmap_std)
789 COPYOUT smap=0 erms=0
790 END(copyout_nosmap_std)
792 ENTRY(copyout_smap_std)
793 COPYOUT smap=1 erms=0
794 END(copyout_smap_std)
796 ENTRY(copyout_nosmap_erms)
797 COPYOUT smap=0 erms=1
798 END(copyout_nosmap_erms)
800 ENTRY(copyout_smap_erms)
801 COPYOUT smap=1 erms=1
802 END(copyout_smap_erms)
805 * copyin(from_user, to_kernel, len)
808 .macro COPYIN smap erms
810 movq PCPU(CURPCB),%r11
811 movq $copy_fault,PCB_ONFAULT(%r11)
814 * make sure address is valid
819 movq $VM_MAXUSER_ADDRESS,%rcx
832 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_SMAP_END
834 MEMMOVE erms=\erms overlap=0 begin=COPYINOUT_BEGIN end=COPYINOUT_END
839 ENTRY(copyin_nosmap_std)
841 END(copyin_nosmap_std)
843 ENTRY(copyin_smap_std)
847 ENTRY(copyin_nosmap_erms)
849 END(copyin_nosmap_erms)
851 ENTRY(copyin_smap_erms)
853 END(copyin_smap_erms)
856 /* Trap entry clears PSL.AC */
858 movq $0,PCB_ONFAULT(%r11)
864 * casueword32. Compare and set user integer. Returns -1 on fault,
865 * 0 if access was successful. Old value is written to *oldp.
866 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
868 ENTRY(casueword32_nosmap)
870 movq PCPU(CURPCB),%r8
871 movq $fusufault,PCB_ONFAULT(%r8)
873 movq $VM_MAXUSER_ADDRESS-4,%rax
874 cmpq %rax,%rdi /* verify address is valid */
877 movl %esi,%eax /* old */
881 cmpxchgl %ecx,(%rdi) /* new = %ecx */
885 * The old value is in %eax. If the store succeeded it will be the
886 * value we expected (old) from before the store, otherwise it will
887 * be the current value. Save %eax into %esi to prepare the return
892 movq %rax,PCB_ONFAULT(%r8)
895 * Access the oldp after the pcb_onfault is cleared, to correctly
896 * catch corrupted pointer.
898 movl %esi,(%rdx) /* oldp = %rdx */
902 END(casueword32_nosmap)
904 ENTRY(casueword32_smap)
906 movq PCPU(CURPCB),%r8
907 movq $fusufault,PCB_ONFAULT(%r8)
909 movq $VM_MAXUSER_ADDRESS-4,%rax
910 cmpq %rax,%rdi /* verify address is valid */
913 movl %esi,%eax /* old */
918 cmpxchgl %ecx,(%rdi) /* new = %ecx */
923 * The old value is in %eax. If the store succeeded it will be the
924 * value we expected (old) from before the store, otherwise it will
925 * be the current value. Save %eax into %esi to prepare the return
930 movq %rax,PCB_ONFAULT(%r8)
933 * Access the oldp after the pcb_onfault is cleared, to correctly
934 * catch corrupted pointer.
936 movl %esi,(%rdx) /* oldp = %rdx */
940 END(casueword32_smap)
943 * casueword. Compare and set user long. Returns -1 on fault,
944 * 0 if access was successful. Old value is written to *oldp.
945 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
947 ENTRY(casueword_nosmap)
949 movq PCPU(CURPCB),%r8
950 movq $fusufault,PCB_ONFAULT(%r8)
952 movq $VM_MAXUSER_ADDRESS-4,%rax
953 cmpq %rax,%rdi /* verify address is valid */
956 movq %rsi,%rax /* old */
960 cmpxchgq %rcx,(%rdi) /* new = %rcx */
964 * The old value is in %rax. If the store succeeded it will be the
965 * value we expected (old) from before the store, otherwise it will
966 * be the current value.
970 movq %rax,PCB_ONFAULT(%r8)
975 END(casueword_nosmap)
977 ENTRY(casueword_smap)
979 movq PCPU(CURPCB),%r8
980 movq $fusufault,PCB_ONFAULT(%r8)
982 movq $VM_MAXUSER_ADDRESS-4,%rax
983 cmpq %rax,%rdi /* verify address is valid */
986 movq %rsi,%rax /* old */
991 cmpxchgq %rcx,(%rdi) /* new = %rcx */
996 * The old value is in %rax. If the store succeeded it will be the
997 * value we expected (old) from before the store, otherwise it will
998 * be the current value.
1002 movq %rax,PCB_ONFAULT(%r8)
1010 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
1011 * byte from user memory.
1012 * addr = %rdi, valp = %rsi
1015 ENTRY(fueword_nosmap)
1017 movq PCPU(CURPCB),%rcx
1018 movq $fusufault,PCB_ONFAULT(%rcx)
1020 movq $VM_MAXUSER_ADDRESS-8,%rax
1021 cmpq %rax,%rdi /* verify address is valid */
1026 movq %rax,PCB_ONFAULT(%rcx)
1034 movq PCPU(CURPCB),%rcx
1035 movq $fusufault,PCB_ONFAULT(%rcx)
1037 movq $VM_MAXUSER_ADDRESS-8,%rax
1038 cmpq %rax,%rdi /* verify address is valid */
1045 movq %rax,PCB_ONFAULT(%rcx)
1051 ENTRY(fueword32_nosmap)
1053 movq PCPU(CURPCB),%rcx
1054 movq $fusufault,PCB_ONFAULT(%rcx)
1056 movq $VM_MAXUSER_ADDRESS-4,%rax
1057 cmpq %rax,%rdi /* verify address is valid */
1062 movq %rax,PCB_ONFAULT(%rcx)
1066 END(fueword32_nosmap)
1068 ENTRY(fueword32_smap)
1070 movq PCPU(CURPCB),%rcx
1071 movq $fusufault,PCB_ONFAULT(%rcx)
1073 movq $VM_MAXUSER_ADDRESS-4,%rax
1074 cmpq %rax,%rdi /* verify address is valid */
1081 movq %rax,PCB_ONFAULT(%rcx)
1087 ENTRY(fuword16_nosmap)
1089 movq PCPU(CURPCB),%rcx
1090 movq $fusufault,PCB_ONFAULT(%rcx)
1092 movq $VM_MAXUSER_ADDRESS-2,%rax
1097 movq $0,PCB_ONFAULT(%rcx)
1100 END(fuword16_nosmap)
1102 ENTRY(fuword16_smap)
1104 movq PCPU(CURPCB),%rcx
1105 movq $fusufault,PCB_ONFAULT(%rcx)
1107 movq $VM_MAXUSER_ADDRESS-2,%rax
1114 movq $0,PCB_ONFAULT(%rcx)
1119 ENTRY(fubyte_nosmap)
1121 movq PCPU(CURPCB),%rcx
1122 movq $fusufault,PCB_ONFAULT(%rcx)
1124 movq $VM_MAXUSER_ADDRESS-1,%rax
1129 movq $0,PCB_ONFAULT(%rcx)
1136 movq PCPU(CURPCB),%rcx
1137 movq $fusufault,PCB_ONFAULT(%rcx)
1139 movq $VM_MAXUSER_ADDRESS-1,%rax
1146 movq $0,PCB_ONFAULT(%rcx)
1152 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
1154 * addr = %rdi, value = %rsi
1156 ENTRY(suword_nosmap)
1158 movq PCPU(CURPCB),%rcx
1159 movq $fusufault,PCB_ONFAULT(%rcx)
1161 movq $VM_MAXUSER_ADDRESS-8,%rax
1162 cmpq %rax,%rdi /* verify address validity */
1167 movq %rax,PCB_ONFAULT(%rcx)
1174 movq PCPU(CURPCB),%rcx
1175 movq $fusufault,PCB_ONFAULT(%rcx)
1177 movq $VM_MAXUSER_ADDRESS-8,%rax
1178 cmpq %rax,%rdi /* verify address validity */
1185 movq %rax,PCB_ONFAULT(%rcx)
1190 ENTRY(suword32_nosmap)
1192 movq PCPU(CURPCB),%rcx
1193 movq $fusufault,PCB_ONFAULT(%rcx)
1195 movq $VM_MAXUSER_ADDRESS-4,%rax
1196 cmpq %rax,%rdi /* verify address validity */
1201 movq %rax,PCB_ONFAULT(%rcx)
1204 END(suword32_nosmap)
1206 ENTRY(suword32_smap)
1208 movq PCPU(CURPCB),%rcx
1209 movq $fusufault,PCB_ONFAULT(%rcx)
1211 movq $VM_MAXUSER_ADDRESS-4,%rax
1212 cmpq %rax,%rdi /* verify address validity */
1219 movq %rax,PCB_ONFAULT(%rcx)
1224 ENTRY(suword16_nosmap)
1226 movq PCPU(CURPCB),%rcx
1227 movq $fusufault,PCB_ONFAULT(%rcx)
1229 movq $VM_MAXUSER_ADDRESS-2,%rax
1230 cmpq %rax,%rdi /* verify address validity */
1235 movq %rax,PCB_ONFAULT(%rcx)
1238 END(suword16_nosmap)
1240 ENTRY(suword16_smap)
1242 movq PCPU(CURPCB),%rcx
1243 movq $fusufault,PCB_ONFAULT(%rcx)
1245 movq $VM_MAXUSER_ADDRESS-2,%rax
1246 cmpq %rax,%rdi /* verify address validity */
1253 movq %rax,PCB_ONFAULT(%rcx)
1258 ENTRY(subyte_nosmap)
1260 movq PCPU(CURPCB),%rcx
1261 movq $fusufault,PCB_ONFAULT(%rcx)
1263 movq $VM_MAXUSER_ADDRESS-1,%rax
1264 cmpq %rax,%rdi /* verify address validity */
1270 movq %rax,PCB_ONFAULT(%rcx)
1277 movq PCPU(CURPCB),%rcx
1278 movq $fusufault,PCB_ONFAULT(%rcx)
1280 movq $VM_MAXUSER_ADDRESS-1,%rax
1281 cmpq %rax,%rdi /* verify address validity */
1289 movq %rax,PCB_ONFAULT(%rcx)
1295 /* Fault entry clears PSL.AC */
1297 movq PCPU(CURPCB),%rcx
1299 movq %rax,PCB_ONFAULT(%rcx)
1305 * copyinstr(from, to, maxlen, int *lencopied)
1306 * %rdi, %rsi, %rdx, %rcx
1308 * copy a string from 'from' to 'to', stop when a 0 character is reached.
1309 * return ENAMETOOLONG if string is longer than maxlen, and
1310 * EFAULT on protection violations. If lencopied is non-zero,
1311 * return the actual length in *lencopied.
1313 .macro COPYINSTR smap
1315 movq %rdx,%r8 /* %r8 = maxlen */
1316 movq PCPU(CURPCB),%r9
1317 movq $cpystrflt,PCB_ONFAULT(%r9)
1319 movq $VM_MAXUSER_ADDRESS,%rax
1321 /* make sure 'from' is within bounds */
1327 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
1335 jz copyinstr_toolong
1337 jz copyinstr_toolong_smap
1349 /* Success -- 0 byte reached */
1353 /* set *lencopied and return %eax */
1354 movq %rax,PCB_ONFAULT(%r9)
1371 ENTRY(copyinstr_nosmap)
1373 END(copyinstr_nosmap)
1375 ENTRY(copyinstr_smap)
1380 /* Fault entry clears PSL.AC */
1383 /* set *lencopied and return %eax */
1384 movq $0,PCB_ONFAULT(%r9)
1394 copyinstr_toolong_smap:
1397 /* rdx is zero - return ENAMETOOLONG or EFAULT */
1398 movq $VM_MAXUSER_ADDRESS,%rax
1401 movl $ENAMETOOLONG,%eax
1405 * Handling of special amd64 registers and descriptor tables etc
1407 /* void lgdt(struct region_descriptor *rdp); */
1409 /* reload the descriptor table */
1412 /* flush the prefetch q */
1419 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1423 /* reload code selector by turning return into intersegmental return */
1431 /*****************************************************************************/
1432 /* setjump, longjump */
1433 /*****************************************************************************/
1436 movq %rbx,0(%rdi) /* save rbx */
1437 movq %rsp,8(%rdi) /* save rsp */
1438 movq %rbp,16(%rdi) /* save rbp */
1439 movq %r12,24(%rdi) /* save r12 */
1440 movq %r13,32(%rdi) /* save r13 */
1441 movq %r14,40(%rdi) /* save r14 */
1442 movq %r15,48(%rdi) /* save r15 */
1443 movq 0(%rsp),%rdx /* get rta */
1444 movq %rdx,56(%rdi) /* save rip */
1445 xorl %eax,%eax /* return(0); */
1450 movq 0(%rdi),%rbx /* restore rbx */
1451 movq 8(%rdi),%rsp /* restore rsp */
1452 movq 16(%rdi),%rbp /* restore rbp */
1453 movq 24(%rdi),%r12 /* restore r12 */
1454 movq 32(%rdi),%r13 /* restore r13 */
1455 movq 40(%rdi),%r14 /* restore r14 */
1456 movq 48(%rdi),%r15 /* restore r15 */
1457 movq 56(%rdi),%rdx /* get rta */
1458 movq %rdx,0(%rsp) /* put in return frame */
1459 xorl %eax,%eax /* return(1); */
1465 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1469 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1471 movq PCPU(CURPCB),%r8
1472 movq $msr_onfault,PCB_ONFAULT(%r8)
1474 rdmsr /* Read MSR pointed by %ecx. Returns
1475 hi byte in edx, lo in %eax */
1476 salq $32,%rdx /* sign-shift %rdx left */
1477 movl %eax,%eax /* zero-extend %eax -> %rax */
1481 movq %rax,PCB_ONFAULT(%r8)
1486 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1490 /* int wrmsr_safe(u_int msr, uint64_t data) */
1492 movq PCPU(CURPCB),%r8
1493 movq $msr_onfault,PCB_ONFAULT(%r8)
1498 wrmsr /* Write MSR pointed by %ecx. Accepts
1499 hi byte in edx, lo in %eax. */
1501 movq %rax,PCB_ONFAULT(%r8)
1506 * MSR operations fault handler
1510 movq $0,PCB_ONFAULT(%r8)
1516 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1517 * Invalidates address space addressed by ucr3, then returns to kcr3.
1518 * Done in assembler to ensure no other memory accesses happen while
1522 ENTRY(pmap_pti_pcid_invalidate)
1525 movq %rdi,%cr3 /* to user page table */
1526 movq %rsi,%cr3 /* back to kernel */
1531 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1532 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1535 ENTRY(pmap_pti_pcid_invlpg)
1538 movq %rdi,%cr3 /* to user page table */
1540 movq %rsi,%cr3 /* back to kernel */
1545 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1547 * Invalidates virtual addresses between sva and eva in address space ucr3,
1548 * then returns to kcr3.
1551 ENTRY(pmap_pti_pcid_invlrng)
1554 movq %rdi,%cr3 /* to user page table */
1556 addq $PAGE_SIZE,%rdx
1559 movq %rsi,%cr3 /* back to kernel */
1564 .macro rsb_seq_label l
1567 .macro rsb_call_label l
1570 .macro rsb_seq count
1573 rsb_call_label %(ll)
1585 /* all callers already saved %rax, %rdx, and %rcx */
1586 ENTRY(handle_ibrs_entry)
1587 cmpb $0,hw_ibrs_ibpb_active(%rip)
1589 movl $MSR_IA32_SPEC_CTRL,%ecx
1591 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1592 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1594 movb $1,PCPU(IBPB_SET)
1595 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1598 END(handle_ibrs_entry)
1600 ENTRY(handle_ibrs_exit)
1601 cmpb $0,PCPU(IBPB_SET)
1603 movl $MSR_IA32_SPEC_CTRL,%ecx
1605 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1606 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1608 movb $0,PCPU(IBPB_SET)
1610 END(handle_ibrs_exit)
1612 /* registers-neutral version, but needs stack */
1613 ENTRY(handle_ibrs_exit_rs)
1614 cmpb $0,PCPU(IBPB_SET)
1619 movl $MSR_IA32_SPEC_CTRL,%ecx
1621 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1622 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1627 movb $0,PCPU(IBPB_SET)
1629 END(handle_ibrs_exit_rs)
1634 * Flush L1D cache. Load enough of the data from the kernel text
1635 * to flush existing L1D content.
1637 * N.B. The function does not follow ABI calling conventions, it corrupts %rbx.
1638 * The vmm.ko caller expects that only %rax, %rdx, %rbx, %rcx, %r9, and %rflags
1639 * registers are clobbered. The NMI handler caller only needs %r13 and %r15
1643 #define L1D_FLUSH_SIZE (64 * 1024)
1645 movq $-L1D_FLUSH_SIZE, %rcx
1647 * pass 1: Preload TLB.
1648 * Kernel text is mapped using superpages. TLB preload is
1649 * done for the benefit of older CPUs which split 2M page
1650 * into 4k TLB entries.
1652 1: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1653 addq $PAGE_SIZE, %rcx
1657 movq $-L1D_FLUSH_SIZE, %rcx
1658 /* pass 2: Read each cache line. */
1659 2: movb L1D_FLUSH_SIZE(%r9, %rcx), %al
1664 #undef L1D_FLUSH_SIZE
1667 ENTRY(flush_l1d_sw_abi)
1672 END(flush_l1d_sw_abi)
1674 ENTRY(mds_handler_void)
1676 END(mds_handler_void)
1678 ENTRY(mds_handler_verw)
1684 END(mds_handler_verw)
1686 ENTRY(mds_handler_ivb)
1695 1: movq PCPU(MDS_BUF), %rdx
1696 movdqa %xmm0, PCPU(MDS_TMP)
1705 2: movntdq %xmm0, (%rdx)
1711 movdqa PCPU(MDS_TMP),%xmm0
1719 END(mds_handler_ivb)
1721 ENTRY(mds_handler_bdw)
1732 1: movq PCPU(MDS_BUF), %rbx
1733 movdqa %xmm0, PCPU(MDS_TMP)
1739 2: movntdq %xmm0, (%rbx)
1748 movdqa PCPU(MDS_TMP),%xmm0
1758 END(mds_handler_bdw)
1760 ENTRY(mds_handler_skl_sse)
1770 1: movq PCPU(MDS_BUF), %rdi
1771 movq PCPU(MDS_BUF64), %rdx
1772 movdqa %xmm0, PCPU(MDS_TMP)
1779 2: clflushopt 5376(%rdi, %rax, 8)
1789 movdqa PCPU(MDS_TMP), %xmm0
1798 END(mds_handler_skl_sse)
1800 ENTRY(mds_handler_skl_avx)
1810 1: movq PCPU(MDS_BUF), %rdi
1811 movq PCPU(MDS_BUF64), %rdx
1812 vmovdqa %ymm0, PCPU(MDS_TMP)
1813 vpxor %ymm0, %ymm0, %ymm0
1816 vorpd (%rdx), %ymm0, %ymm0
1817 vorpd (%rdx), %ymm0, %ymm0
1819 2: clflushopt 5376(%rdi, %rax, 8)
1829 vmovdqa PCPU(MDS_TMP), %ymm0
1838 END(mds_handler_skl_avx)
1840 ENTRY(mds_handler_skl_avx512)
1850 1: movq PCPU(MDS_BUF), %rdi
1851 movq PCPU(MDS_BUF64), %rdx
1852 vmovdqa64 %zmm0, PCPU(MDS_TMP)
1853 vpxord %zmm0, %zmm0, %zmm0
1856 vorpd (%rdx), %zmm0, %zmm0
1857 vorpd (%rdx), %zmm0, %zmm0
1859 2: clflushopt 5376(%rdi, %rax, 8)
1869 vmovdqa64 PCPU(MDS_TMP), %zmm0
1878 END(mds_handler_skl_avx512)
1880 ENTRY(mds_handler_silvermont)
1889 1: movq PCPU(MDS_BUF), %rdx
1890 movdqa %xmm0, PCPU(MDS_TMP)
1894 2: movntdq %xmm0, (%rdx)
1900 movdqa PCPU(MDS_TMP),%xmm0
1908 END(mds_handler_silvermont)