2 * Copyright (c) 2003 Peter Wemm.
3 * Copyright (c) 1993 The Regents of the University of California.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <machine/asmacros.h>
36 #include <machine/specialreg.h>
37 #include <machine/pmap.h>
46 movq $PAGE_SIZE/8,%rcx
55 * pagecopy(%rdi=from, %rsi=to)
59 movq $PAGE_SIZE/8,%rcx
77 * The loop takes 29 bytes. Ensure that it doesn't cross a 32-byte
82 movnti %rax,(%rdi,%rdx)
83 movnti %rax,8(%rdi,%rdx)
84 movnti %rax,16(%rdi,%rdx)
85 movnti %rax,24(%rdi,%rdx)
94 * memmove(dst, src, cnt)
96 * Adapted from bcopy written by:
97 * ws@tools.de (Wolfgang Solfrank, TooLs GmbH) +49-228-985800
106 cmpq %rcx,%rax /* overlapping && src < dst? */
109 shrq $3,%rcx /* copy by 64-bit words */
113 andq $7,%rcx /* any bytes left? */
127 addq %rcx,%rdi /* copy backwards */
131 andq $7,%rcx /* any fractional bytes? */
135 movq %rdx,%rcx /* copy remainder by 32-bit words */
148 * memcpy(dst, src, len)
151 * Note: memcpy does not support overlapping copies
157 shrq $3,%rcx /* copy by 64-bit words */
161 andq $7,%rcx /* any bytes left? */
173 * memset(dst, c, len)
181 movabs $0x0101010101010101,%rax
200 /* fillw(pat, base, cnt) */
201 /* %rdi,%rsi, %rdx */
213 /*****************************************************************************/
214 /* copyout and fubyte family */
215 /*****************************************************************************/
217 * Access user memory from inside the kernel. These routines should be
218 * the only places that do this.
220 * These routines set curpcb->pcb_onfault for the time they execute. When a
221 * protection violation occurs inside the functions, the trap handler
222 * returns to *curpcb->pcb_onfault instead of the function.
226 * copyout(from_kernel, to_user, len)
229 ENTRY(copyout_nosmap)
231 movq PCPU(CURPCB),%rax
232 movq $copyout_fault,PCB_ONFAULT(%rax)
233 testq %rdx,%rdx /* anything to do? */
237 * Check explicitly for non-user addresses. This check is essential
238 * because it prevents usermode from writing into the kernel. We do
239 * not verify anywhere else that the user did not specify a rogue
243 * First, prevent address wrapping.
249 * XXX STOP USING VM_MAXUSER_ADDRESS.
250 * It is an end address, not a max, so every time it is used correctly it
251 * looks like there is an off by one error, and of course it caused an off
252 * by one error in several places.
254 movq $VM_MAXUSER_ADDRESS,%rcx
259 /* bcopy(%rsi, %rdi, %rdx) */
276 movq PCPU(CURPCB),%rax
277 /* Trap entry clears PSL.AC */
278 movq $copyout_fault,PCB_ONFAULT(%rax)
279 testq %rdx,%rdx /* anything to do? */
283 * Check explicitly for non-user addresses. If 486 write protection
284 * is being used, this check is essential because we are in kernel
285 * mode so the h/w does not provide any protection against writing
290 * First, prevent address wrapping.
296 * XXX STOP USING VM_MAXUSER_ADDRESS.
297 * It is an end address, not a max, so every time it is used correctly it
298 * looks like there is an off by one error, and of course it caused an off
299 * by one error in several places.
301 movq $VM_MAXUSER_ADDRESS,%rcx
306 /* bcopy(%rsi, %rdi, %rdx) */
321 movq PCPU(CURPCB),%rdx
322 movq %rax,PCB_ONFAULT(%rdx)
328 movq PCPU(CURPCB),%rdx
329 movq $0,PCB_ONFAULT(%rdx)
336 * copyin(from_user, to_kernel, len)
341 movq PCPU(CURPCB),%rax
342 movq $copyin_fault,PCB_ONFAULT(%rax)
343 testq %rdx,%rdx /* anything to do? */
347 * make sure address is valid
352 movq $VM_MAXUSER_ADDRESS,%rcx
359 shrq $3,%rcx /* copy longword-wise */
363 andb $7,%cl /* copy remaining bytes */
372 movq PCPU(CURPCB),%rax
373 movq $copyin_fault,PCB_ONFAULT(%rax)
374 testq %rdx,%rdx /* anything to do? */
378 * make sure address is valid
383 movq $VM_MAXUSER_ADDRESS,%rcx
390 shrq $3,%rcx /* copy longword-wise */
395 andb $7,%cl /* copy remaining bytes */
403 movq PCPU(CURPCB),%rdx
404 movq %rax,PCB_ONFAULT(%rdx)
411 movq PCPU(CURPCB),%rdx
412 movq $0,PCB_ONFAULT(%rdx)
418 * casueword32. Compare and set user integer. Returns -1 on fault,
419 * 0 if access was successful. Old value is written to *oldp.
420 * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx
422 ENTRY(casueword32_nosmap)
424 movq PCPU(CURPCB),%r8
425 movq $fusufault,PCB_ONFAULT(%r8)
427 movq $VM_MAXUSER_ADDRESS-4,%rax
428 cmpq %rax,%rdi /* verify address is valid */
431 movl %esi,%eax /* old */
435 cmpxchgl %ecx,(%rdi) /* new = %ecx */
438 * The old value is in %eax. If the store succeeded it will be the
439 * value we expected (old) from before the store, otherwise it will
440 * be the current value. Save %eax into %esi to prepare the return
445 movq %rax,PCB_ONFAULT(%r8)
448 * Access the oldp after the pcb_onfault is cleared, to correctly
449 * catch corrupted pointer.
451 movl %esi,(%rdx) /* oldp = %rdx */
454 END(casueword32_nosmap)
456 ENTRY(casueword32_smap)
458 movq PCPU(CURPCB),%r8
459 movq $fusufault,PCB_ONFAULT(%r8)
461 movq $VM_MAXUSER_ADDRESS-4,%rax
462 cmpq %rax,%rdi /* verify address is valid */
465 movl %esi,%eax /* old */
470 cmpxchgl %ecx,(%rdi) /* new = %ecx */
474 * The old value is in %eax. If the store succeeded it will be the
475 * value we expected (old) from before the store, otherwise it will
476 * be the current value. Save %eax into %esi to prepare the return
481 movq %rax,PCB_ONFAULT(%r8)
484 * Access the oldp after the pcb_onfault is cleared, to correctly
485 * catch corrupted pointer.
487 movl %esi,(%rdx) /* oldp = %rdx */
490 END(casueword32_smap)
493 * casueword. Compare and set user long. Returns -1 on fault,
494 * 0 if access was successful. Old value is written to *oldp.
495 * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx
497 ENTRY(casueword_nosmap)
499 movq PCPU(CURPCB),%r8
500 movq $fusufault,PCB_ONFAULT(%r8)
502 movq $VM_MAXUSER_ADDRESS-4,%rax
503 cmpq %rax,%rdi /* verify address is valid */
506 movq %rsi,%rax /* old */
510 cmpxchgq %rcx,(%rdi) /* new = %rcx */
513 * The old value is in %rax. If the store succeeded it will be the
514 * value we expected (old) from before the store, otherwise it will
515 * be the current value.
519 movq %rax,PCB_ONFAULT(%r8)
523 END(casueword_nosmap)
525 ENTRY(casueword_smap)
527 movq PCPU(CURPCB),%r8
528 movq $fusufault,PCB_ONFAULT(%r8)
530 movq $VM_MAXUSER_ADDRESS-4,%rax
531 cmpq %rax,%rdi /* verify address is valid */
534 movq %rsi,%rax /* old */
539 cmpxchgq %rcx,(%rdi) /* new = %rcx */
543 * The old value is in %rax. If the store succeeded it will be the
544 * value we expected (old) from before the store, otherwise it will
545 * be the current value.
549 movq %rax,PCB_ONFAULT(%r8)
556 * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit
557 * byte from user memory.
558 * addr = %rdi, valp = %rsi
561 ENTRY(fueword_nosmap)
563 movq PCPU(CURPCB),%rcx
564 movq $fusufault,PCB_ONFAULT(%rcx)
566 movq $VM_MAXUSER_ADDRESS-8,%rax
567 cmpq %rax,%rdi /* verify address is valid */
572 movq %rax,PCB_ONFAULT(%rcx)
576 END(fueword64_nosmap)
580 movq PCPU(CURPCB),%rcx
581 movq $fusufault,PCB_ONFAULT(%rcx)
583 movq $VM_MAXUSER_ADDRESS-8,%rax
584 cmpq %rax,%rdi /* verify address is valid */
591 movq %rax,PCB_ONFAULT(%rcx)
597 ENTRY(fueword32_nosmap)
599 movq PCPU(CURPCB),%rcx
600 movq $fusufault,PCB_ONFAULT(%rcx)
602 movq $VM_MAXUSER_ADDRESS-4,%rax
603 cmpq %rax,%rdi /* verify address is valid */
608 movq %rax,PCB_ONFAULT(%rcx)
612 END(fueword32_nosmap)
614 ENTRY(fueword32_smap)
616 movq PCPU(CURPCB),%rcx
617 movq $fusufault,PCB_ONFAULT(%rcx)
619 movq $VM_MAXUSER_ADDRESS-4,%rax
620 cmpq %rax,%rdi /* verify address is valid */
627 movq %rax,PCB_ONFAULT(%rcx)
633 ENTRY(fuword16_nosmap)
635 movq PCPU(CURPCB),%rcx
636 movq $fusufault,PCB_ONFAULT(%rcx)
638 movq $VM_MAXUSER_ADDRESS-2,%rax
643 movq $0,PCB_ONFAULT(%rcx)
650 movq PCPU(CURPCB),%rcx
651 movq $fusufault,PCB_ONFAULT(%rcx)
653 movq $VM_MAXUSER_ADDRESS-2,%rax
660 movq $0,PCB_ONFAULT(%rcx)
667 movq PCPU(CURPCB),%rcx
668 movq $fusufault,PCB_ONFAULT(%rcx)
670 movq $VM_MAXUSER_ADDRESS-1,%rax
675 movq $0,PCB_ONFAULT(%rcx)
682 movq PCPU(CURPCB),%rcx
683 movq $fusufault,PCB_ONFAULT(%rcx)
685 movq $VM_MAXUSER_ADDRESS-1,%rax
692 movq $0,PCB_ONFAULT(%rcx)
698 /* Fault entry clears PSL.AC */
700 movq PCPU(CURPCB),%rcx
702 movq %rax,PCB_ONFAULT(%rcx)
708 * Store a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit byte to
710 * addr = %rdi, value = %rsi
714 movq PCPU(CURPCB),%rcx
715 movq $fusufault,PCB_ONFAULT(%rcx)
717 movq $VM_MAXUSER_ADDRESS-8,%rax
718 cmpq %rax,%rdi /* verify address validity */
723 movq PCPU(CURPCB),%rcx
724 movq %rax,PCB_ONFAULT(%rcx)
731 movq PCPU(CURPCB),%rcx
732 movq $fusufault,PCB_ONFAULT(%rcx)
734 movq $VM_MAXUSER_ADDRESS-8,%rax
735 cmpq %rax,%rdi /* verify address validity */
742 movq PCPU(CURPCB),%rcx
743 movq %rax,PCB_ONFAULT(%rcx)
748 ENTRY(suword32_nosmap)
750 movq PCPU(CURPCB),%rcx
751 movq $fusufault,PCB_ONFAULT(%rcx)
753 movq $VM_MAXUSER_ADDRESS-4,%rax
754 cmpq %rax,%rdi /* verify address validity */
759 movq PCPU(CURPCB),%rcx
760 movq %rax,PCB_ONFAULT(%rcx)
767 movq PCPU(CURPCB),%rcx
768 movq $fusufault,PCB_ONFAULT(%rcx)
770 movq $VM_MAXUSER_ADDRESS-4,%rax
771 cmpq %rax,%rdi /* verify address validity */
778 movq PCPU(CURPCB),%rcx
779 movq %rax,PCB_ONFAULT(%rcx)
784 ENTRY(suword16_nosmap)
786 movq PCPU(CURPCB),%rcx
787 movq $fusufault,PCB_ONFAULT(%rcx)
789 movq $VM_MAXUSER_ADDRESS-2,%rax
790 cmpq %rax,%rdi /* verify address validity */
795 movq PCPU(CURPCB),%rcx /* restore trashed register */
796 movq %rax,PCB_ONFAULT(%rcx)
803 movq PCPU(CURPCB),%rcx
804 movq $fusufault,PCB_ONFAULT(%rcx)
806 movq $VM_MAXUSER_ADDRESS-2,%rax
807 cmpq %rax,%rdi /* verify address validity */
814 movq PCPU(CURPCB),%rcx /* restore trashed register */
815 movq %rax,PCB_ONFAULT(%rcx)
822 movq PCPU(CURPCB),%rcx
823 movq $fusufault,PCB_ONFAULT(%rcx)
825 movq $VM_MAXUSER_ADDRESS-1,%rax
826 cmpq %rax,%rdi /* verify address validity */
832 movq PCPU(CURPCB),%rcx /* restore trashed register */
833 movq %rax,PCB_ONFAULT(%rcx)
840 movq PCPU(CURPCB),%rcx
841 movq $fusufault,PCB_ONFAULT(%rcx)
843 movq $VM_MAXUSER_ADDRESS-1,%rax
844 cmpq %rax,%rdi /* verify address validity */
852 movq PCPU(CURPCB),%rcx /* restore trashed register */
853 movq %rax,PCB_ONFAULT(%rcx)
859 * copyinstr(from, to, maxlen, int *lencopied)
860 * %rdi, %rsi, %rdx, %rcx
862 * copy a string from 'from' to 'to', stop when a 0 character is reached.
863 * return ENAMETOOLONG if string is longer than maxlen, and
864 * EFAULT on protection violations. If lencopied is non-zero,
865 * return the actual length in *lencopied.
867 ENTRY(copyinstr_nosmap)
869 movq %rdx,%r8 /* %r8 = maxlen */
870 movq %rcx,%r9 /* %r9 = *len */
871 xchgq %rdi,%rsi /* %rdi = from, %rsi = to */
872 movq PCPU(CURPCB),%rcx
873 movq $cpystrflt,PCB_ONFAULT(%rcx)
875 movq $VM_MAXUSER_ADDRESS,%rax
877 /* make sure 'from' is within bounds */
881 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
899 END(copyinstr_nosmap)
901 ENTRY(copyinstr_smap)
903 movq %rdx,%r8 /* %r8 = maxlen */
904 movq %rcx,%r9 /* %r9 = *len */
905 xchgq %rdi,%rsi /* %rdi = from, %rsi = to */
906 movq PCPU(CURPCB),%rcx
907 movq $cpystrflt,PCB_ONFAULT(%rcx)
909 movq $VM_MAXUSER_ADDRESS,%rax
911 /* make sure 'from' is within bounds */
915 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
935 /* Success -- 0 byte reached */
940 /* rdx is zero - return ENAMETOOLONG or EFAULT */
941 movq $VM_MAXUSER_ADDRESS,%rax
944 movq $ENAMETOOLONG,%rax
947 /* Fault entry clears PSL.AC */
952 /* set *lencopied and return %eax */
953 movq PCPU(CURPCB),%rcx
954 movq $0,PCB_ONFAULT(%rcx)
966 * copystr(from, to, maxlen, int *lencopied)
967 * %rdi, %rsi, %rdx, %rcx
971 movq %rdx,%r8 /* %r8 = maxlen */
983 /* Success -- 0 byte reached */
988 /* rdx is zero -- return ENAMETOOLONG */
989 movq $ENAMETOOLONG,%rax
995 /* set *lencopied and return %rax */
1004 * Handling of special amd64 registers and descriptor tables etc
1006 /* void lgdt(struct region_descriptor *rdp); */
1008 /* reload the descriptor table */
1011 /* flush the prefetch q */
1018 movl %eax,%fs /* Beware, use wrmsr to set 64 bit base */
1022 /* reload code selector by turning return into intersegmental return */
1030 /*****************************************************************************/
1031 /* setjump, longjump */
1032 /*****************************************************************************/
1035 movq %rbx,0(%rdi) /* save rbx */
1036 movq %rsp,8(%rdi) /* save rsp */
1037 movq %rbp,16(%rdi) /* save rbp */
1038 movq %r12,24(%rdi) /* save r12 */
1039 movq %r13,32(%rdi) /* save r13 */
1040 movq %r14,40(%rdi) /* save r14 */
1041 movq %r15,48(%rdi) /* save r15 */
1042 movq 0(%rsp),%rdx /* get rta */
1043 movq %rdx,56(%rdi) /* save rip */
1044 xorl %eax,%eax /* return(0); */
1049 movq 0(%rdi),%rbx /* restore rbx */
1050 movq 8(%rdi),%rsp /* restore rsp */
1051 movq 16(%rdi),%rbp /* restore rbp */
1052 movq 24(%rdi),%r12 /* restore r12 */
1053 movq 32(%rdi),%r13 /* restore r13 */
1054 movq 40(%rdi),%r14 /* restore r14 */
1055 movq 48(%rdi),%r15 /* restore r15 */
1056 movq 56(%rdi),%rdx /* get rta */
1057 movq %rdx,0(%rsp) /* put in return frame */
1058 xorl %eax,%eax /* return(1); */
1064 * Support for reading MSRs in the safe manner. (Instead of panic on #gp,
1068 /* int rdmsr_safe(u_int msr, uint64_t *data) */
1070 movq PCPU(CURPCB),%r8
1071 movq $msr_onfault,PCB_ONFAULT(%r8)
1073 rdmsr /* Read MSR pointed by %ecx. Returns
1074 hi byte in edx, lo in %eax */
1075 salq $32,%rdx /* sign-shift %rdx left */
1076 movl %eax,%eax /* zero-extend %eax -> %rax */
1080 movq %rax,PCB_ONFAULT(%r8)
1085 * Support for writing MSRs in the safe manner. (Instead of panic on #gp,
1089 /* int wrmsr_safe(u_int msr, uint64_t data) */
1091 movq PCPU(CURPCB),%r8
1092 movq $msr_onfault,PCB_ONFAULT(%r8)
1097 wrmsr /* Write MSR pointed by %ecx. Accepts
1098 hi byte in edx, lo in %eax. */
1100 movq %rax,PCB_ONFAULT(%r8)
1105 * MSR operations fault handler
1109 movq $0,PCB_ONFAULT(%r8)
1115 * void pmap_pti_pcid_invalidate(uint64_t ucr3, uint64_t kcr3);
1116 * Invalidates address space addressed by ucr3, then returns to kcr3.
1117 * Done in assembler to ensure no other memory accesses happen while
1121 ENTRY(pmap_pti_pcid_invalidate)
1124 movq %rdi,%cr3 /* to user page table */
1125 movq %rsi,%cr3 /* back to kernel */
1130 * void pmap_pti_pcid_invlpg(uint64_t ucr3, uint64_t kcr3, vm_offset_t va);
1131 * Invalidates virtual address va in address space ucr3, then returns to kcr3.
1134 ENTRY(pmap_pti_pcid_invlpg)
1137 movq %rdi,%cr3 /* to user page table */
1139 movq %rsi,%cr3 /* back to kernel */
1144 * void pmap_pti_pcid_invlrng(uint64_t ucr3, uint64_t kcr3, vm_offset_t sva,
1146 * Invalidates virtual addresses between sva and eva in address space ucr3,
1147 * then returns to kcr3.
1150 ENTRY(pmap_pti_pcid_invlrng)
1153 movq %rdi,%cr3 /* to user page table */
1155 addq $PAGE_SIZE,%rdx
1158 movq %rsi,%cr3 /* back to kernel */
1163 .macro ibrs_seq_label l
1166 .macro ibrs_call_label l
1169 .macro ibrs_seq count
1172 ibrs_call_label %(ll)
1174 ibrs_seq_label %(ll)
1180 /* all callers already saved %rax, %rdx, and %rcx */
1181 ENTRY(handle_ibrs_entry)
1182 cmpb $0,hw_ibrs_active(%rip)
1184 movl $MSR_IA32_SPEC_CTRL,%ecx
1186 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1187 orl $(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32,%edx
1189 movb $1,PCPU(IBPB_SET)
1190 testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip)
1194 END(handle_ibrs_entry)
1196 ENTRY(handle_ibrs_exit)
1197 cmpb $0,PCPU(IBPB_SET)
1199 movl $MSR_IA32_SPEC_CTRL,%ecx
1201 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1202 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1204 movb $0,PCPU(IBPB_SET)
1206 END(handle_ibrs_exit)
1208 /* registers-neutral version, but needs stack */
1209 ENTRY(handle_ibrs_exit_rs)
1210 cmpb $0,PCPU(IBPB_SET)
1215 movl $MSR_IA32_SPEC_CTRL,%ecx
1217 andl $~(IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP),%eax
1218 andl $~((IA32_SPEC_CTRL_IBRS|IA32_SPEC_CTRL_STIBP)>>32),%edx
1223 movb $0,PCPU(IBPB_SET)
1225 END(handle_ibrs_exit_rs)