2 * Copyright (c) 1993 The Regents of the University of California.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <machine/asmacros.h>
33 #include <machine/cputypes.h>
34 #include <machine/pmap.h>
35 #include <machine/specialreg.h>
45 * void bzero(void *buf, u_int len)
129 /* fillw(pat, base, cnt) */
149 cmpl %ecx,%eax /* overlapping && src < dst? */
159 addl %ecx,%edi /* copy backwards. */
173 * bcopy(src, dst, cnt)
174 * ws@tools.de (Wolfgang Solfrank, TooLs GmbH) +49-228-985800
187 cmpl %ecx,%eax /* overlapping && src < dst? */
190 shrl $2,%ecx /* copy by 32-bit words */
194 andl $3,%ecx /* any bytes left? */
204 addl %ecx,%edi /* copy backwards */
208 andl $3,%ecx /* any fractional bytes? */
212 movl 16(%ebp),%ecx /* copy remainder by 32-bit words */
226 * Note: memcpy does not support overlapping copies
235 shrl $2,%ecx /* copy by 32-bit words */
239 andl $3,%ecx /* any bytes left? */
247 /*****************************************************************************/
248 /* copyout and fubyte family */
249 /*****************************************************************************/
251 * Access user memory from inside the kernel. These routines and possibly
252 * the math- and DOS emulators should be the only places that do this.
254 * We have to access the memory with user's permissions, so use a segment
255 * selector with RPL 3. For writes to user space we have to additionally
256 * check the PTE for write permission, because the 386 does not check
257 * write permissions when we are executing with EPL 0. The 486 does check
258 * this if the WP bit is set in CR0, so we can use a simpler version here.
260 * These routines set curpcb->pcb_onfault for the time they execute. When a
261 * protection violation occurs inside the functions, the trap handler
262 * returns to *curpcb->pcb_onfault instead of the function.
266 * copyout(from_kernel, to_user, len) - MP SAFE
269 movl PCPU(CURPCB),%eax
270 movl $copyout_fault,PCB_ONFAULT(%eax)
277 testl %ebx,%ebx /* anything to do? */
281 * Check explicitly for non-user addresses. This check is essential
282 * because it prevents usermode from writing into the kernel. We do
283 * not verify anywhere else that the user did not specify a rogue
287 * First, prevent address wrapping.
293 * XXX STOP USING VM_MAXUSER_ADDRESS.
294 * It is an end address, not a max, so every time it is used correctly it
295 * looks like there is an off by one error, and of course it caused an off
296 * by one error in several places.
298 cmpl $VM_MAXUSER_ADDRESS,%eax
301 /* bcopy(%esi, %edi, %ebx) */
317 movl PCPU(CURPCB),%edx
318 movl %eax,PCB_ONFAULT(%edx)
327 movl PCPU(CURPCB),%edx
328 movl $0,PCB_ONFAULT(%edx)
333 * copyin(from_user, to_kernel, len) - MP SAFE
336 movl PCPU(CURPCB),%eax
337 movl $copyin_fault,PCB_ONFAULT(%eax)
340 movl 12(%esp),%esi /* caddr_t from */
341 movl 16(%esp),%edi /* caddr_t to */
342 movl 20(%esp),%ecx /* size_t len */
345 * make sure address is valid
350 cmpl $VM_MAXUSER_ADDRESS,%edx
354 shrl $2,%ecx /* copy longword-wise */
358 andb $3,%cl /* copy remaining bytes */
365 movl PCPU(CURPCB),%edx
366 movl %eax,PCB_ONFAULT(%edx)
374 movl PCPU(CURPCB),%edx
375 movl $0,PCB_ONFAULT(%edx)
380 * casueword. Compare and set user word. Returns -1 on fault,
381 * 0 on non-faulting access. The current value is in *oldp.
383 ALTENTRY(casueword32)
385 movl PCPU(CURPCB),%ecx
386 movl $fusufault,PCB_ONFAULT(%ecx)
387 movl 4(%esp),%edx /* dst */
388 movl 8(%esp),%eax /* old */
389 movl 16(%esp),%ecx /* new */
391 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address is valid */
397 cmpxchgl %ecx,(%edx) /* Compare and set. */
400 * The old value is in %eax. If the store succeeded it will be the
401 * value we expected (old) from before the store, otherwise it will
402 * be the current value.
405 movl PCPU(CURPCB),%ecx
406 movl $0,PCB_ONFAULT(%ecx)
407 movl 12(%esp),%edx /* oldp */
415 * Fetch (load) a 32-bit word, a 16-bit word, or an 8-bit byte from user
421 movl PCPU(CURPCB),%ecx
422 movl $fusufault,PCB_ONFAULT(%ecx)
423 movl 4(%esp),%edx /* from */
425 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address is valid */
429 movl $0,PCB_ONFAULT(%ecx)
438 * fuswintr() and suswintr() are specialized variants of fuword16() and
439 * suword16(), respectively. They are called from the profiling code,
440 * potentially at interrupt time. If they fail, that's okay; good things
441 * will happen later. They always fail for now, until the trap code is
442 * able to deal with this.
452 movl PCPU(CURPCB),%ecx
453 movl $fusufault,PCB_ONFAULT(%ecx)
456 cmpl $VM_MAXUSER_ADDRESS-2,%edx
460 movl $0,PCB_ONFAULT(%ecx)
465 movl PCPU(CURPCB),%ecx
466 movl $fusufault,PCB_ONFAULT(%ecx)
469 cmpl $VM_MAXUSER_ADDRESS-1,%edx
473 movl $0,PCB_ONFAULT(%ecx)
479 movl PCPU(CURPCB),%ecx
481 movl %eax,PCB_ONFAULT(%ecx)
486 * Store a 32-bit word, a 16-bit word, or an 8-bit byte to user memory.
487 * All these functions are MPSAFE.
492 movl PCPU(CURPCB),%ecx
493 movl $fusufault,PCB_ONFAULT(%ecx)
496 cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address validity */
502 movl PCPU(CURPCB),%ecx
503 movl %eax,PCB_ONFAULT(%ecx)
509 movl PCPU(CURPCB),%ecx
510 movl $fusufault,PCB_ONFAULT(%ecx)
513 cmpl $VM_MAXUSER_ADDRESS-2,%edx /* verify address validity */
519 movl PCPU(CURPCB),%ecx /* restore trashed register */
520 movl %eax,PCB_ONFAULT(%ecx)
525 movl PCPU(CURPCB),%ecx
526 movl $fusufault,PCB_ONFAULT(%ecx)
529 cmpl $VM_MAXUSER_ADDRESS-1,%edx /* verify address validity */
535 movl PCPU(CURPCB),%ecx /* restore trashed register */
536 movl %eax,PCB_ONFAULT(%ecx)
541 * copyinstr(from, to, maxlen, int *lencopied) - MP SAFE
543 * copy a string from 'from' to 'to', stop when a 0 character is reached.
544 * return ENAMETOOLONG if string is longer than maxlen, and
545 * EFAULT on protection violations. If lencopied is non-zero,
546 * return the actual length in *lencopied.
551 movl PCPU(CURPCB),%ecx
552 movl $cpystrflt,PCB_ONFAULT(%ecx)
554 movl 12(%esp),%esi /* %esi = from */
555 movl 16(%esp),%edi /* %edi = to */
556 movl 20(%esp),%edx /* %edx = maxlen */
558 movl $VM_MAXUSER_ADDRESS,%eax
560 /* make sure 'from' is within bounds */
564 /* restrict maxlen to <= VM_MAXUSER_ADDRESS-from */
581 /* Success -- 0 byte reached */
586 /* edx is zero - return ENAMETOOLONG or EFAULT */
587 cmpl $VM_MAXUSER_ADDRESS,%esi
590 movl $ENAMETOOLONG,%eax
597 /* set *lencopied and return %eax */
598 movl PCPU(CURPCB),%ecx
599 movl $0,PCB_ONFAULT(%ecx)
613 * copystr(from, to, maxlen, int *lencopied) - MP SAFE
619 movl 12(%esp),%esi /* %esi = from */
620 movl 16(%esp),%edi /* %edi = to */
621 movl 20(%esp),%edx /* %edx = maxlen */
631 /* Success -- 0 byte reached */
636 /* edx is zero -- return ENAMETOOLONG */
637 movl $ENAMETOOLONG,%eax
640 /* set *lencopied and return %eax */
679 * Handling of special 386 registers and descriptor tables etc
681 /* void lgdt(struct region_descriptor *rdp); */
683 /* reload the descriptor table */
687 /* flush the prefetch q */
691 /* reload "stale" selectors */
700 /* reload code selector by turning return into intersegmental return */
708 /* ssdtosd(*ssdp,*sdp) */
730 /* void reset_dbregs() */
733 movl %eax,%dr7 /* disable all breakpoints first */
742 /*****************************************************************************/
743 /* setjump, longjump */
744 /*****************************************************************************/
748 movl %ebx,(%eax) /* save ebx */
749 movl %esp,4(%eax) /* save esp */
750 movl %ebp,8(%eax) /* save ebp */
751 movl %esi,12(%eax) /* save esi */
752 movl %edi,16(%eax) /* save edi */
753 movl (%esp),%edx /* get rta */
754 movl %edx,20(%eax) /* save eip */
755 xorl %eax,%eax /* return(0); */
761 movl (%eax),%ebx /* restore ebx */
762 movl 4(%eax),%esp /* restore esp */
763 movl 8(%eax),%ebp /* restore ebp */
764 movl 12(%eax),%esi /* restore esi */
765 movl 16(%eax),%edi /* restore edi */
766 movl 20(%eax),%edx /* get rta */
767 movl %edx,(%esp) /* put in return frame */
768 xorl %eax,%eax /* return(1); */
774 * Support for reading MSRs in the safe manner.
777 /* int rdmsr_safe(u_int msr, uint64_t *data) */
778 movl PCPU(CURPCB),%ecx
779 movl $msr_onfault,PCB_ONFAULT(%ecx)
788 movl PCPU(CURPCB),%ecx
789 movl %eax,PCB_ONFAULT(%ecx)
794 * Support for writing MSRs in the safe manner.
797 /* int wrmsr_safe(u_int msr, uint64_t data) */
798 movl PCPU(CURPCB),%ecx
799 movl $msr_onfault,PCB_ONFAULT(%ecx)
807 movl PCPU(CURPCB),%ecx
808 movl %eax,PCB_ONFAULT(%ecx)
813 * MSR operations fault handler
817 movl PCPU(CURPCB),%ecx
818 movl $0,PCB_ONFAULT(%ecx)
822 ENTRY(handle_ibrs_entry)
824 END(handle_ibrs_entry)
826 ENTRY(handle_ibrs_exit)
828 END(handle_ibrs_exit)
830 ENTRY(mds_handler_void)
832 END(mds_handler_void)
834 ENTRY(mds_handler_verw)
840 END(mds_handler_verw)
842 ENTRY(mds_handler_ivb)
847 1: movl PCPU(MDS_BUF), %edx
848 movdqa %xmm0, PCPU(MDS_TMP)
857 2: movntdq %xmm0, (%edx)
863 movdqa PCPU(MDS_TMP),%xmm0
870 ENTRY(mds_handler_bdw)
875 1: movl PCPU(MDS_BUF), %ebx
876 movdqa %xmm0, PCPU(MDS_TMP)
882 2: movntdq %xmm0, (%ebx)
891 movdqa PCPU(MDS_TMP),%xmm0
898 ENTRY(mds_handler_skl_sse)
903 1: movl PCPU(MDS_BUF), %edi
904 movl PCPU(MDS_BUF64), %edx
905 movdqa %xmm0, PCPU(MDS_TMP)
912 2: clflushopt 5376(%edi, %eax, 8)
922 movdqa PCPU(MDS_TMP), %xmm0
927 END(mds_handler_skl_sse)
929 ENTRY(mds_handler_skl_avx)
934 1: movl PCPU(MDS_BUF), %edi
935 movl PCPU(MDS_BUF64), %edx
936 vmovdqa %ymm0, PCPU(MDS_TMP)
937 vpxor %ymm0, %ymm0, %ymm0
940 vorpd (%edx), %ymm0, %ymm0
941 vorpd (%edx), %ymm0, %ymm0
943 2: clflushopt 5376(%edi, %eax, 8)
953 vmovdqa PCPU(MDS_TMP), %ymm0
958 END(mds_handler_skl_avx)
960 ENTRY(mds_handler_skl_avx512)
965 1: movl PCPU(MDS_BUF), %edi
966 movl PCPU(MDS_BUF64), %edx
967 /* vmovdqa64 %zmm0, PCPU(MDS_TMP) */
968 .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x7f, 0x05
970 /* vpxor %zmm0, %zmm0, %zmm0 */
971 .byte 0x62, 0xf1, 0xfd, 0x48, 0xef, 0xc0
974 /* vorpd (%edx), %zmm0, %zmm0 */
975 .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
976 /* vorpd (%edx), %zmm0, %zmm0 */
977 .byte 0x62, 0xf1, 0xfd, 0x48, 0x56, 0x02
979 2: clflushopt 5376(%edi, %eax, 8)
989 /* vmovdqa64 PCPU(MDS_TMP), %zmm0 */
990 .byte 0x64, 0x62, 0xf1, 0xfd, 0x48, 0x6f, 0x05
996 END(mds_handler_skl_avx512)
998 ENTRY(mds_handler_silvermont)
1003 1: movl PCPU(MDS_BUF), %edx
1004 movdqa %xmm0, PCPU(MDS_TMP)
1008 2: movntdq %xmm0, (%edx)
1014 movdqa PCPU(MDS_TMP),%xmm0
1019 END(mds_handler_silvermont)