search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel - Fix some rare pmap races in i386 and x86_64.
[dragonfly.git] / sys / platform / pc32 / i386 / bcopy.s
blob131ab0da54be344f6548c4dd33ad2256f6848312
1 /*
2 * Copyright (c) 2004 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $DragonFly: src/sys/platform/pc32/i386/bcopy.s,v 1.10 2008/05/09 06:35:11 dillon Exp $
35 */
36 /*
37 * bcopy(source:%esi, target:%edi, count:%ecx)
38 *
39 * note: esi, edi, eax, ecx, and edx may be destroyed
40 */
41
42 #include "use_npx.h"
43
44 #include <machine/asmacros.h>
45 #include <machine/cputypes.h>
46 #include <machine/pmap.h>
47 #include <machine/specialreg.h>
48
49 #include "assym.s"
50
51 .text
52
53 /*
54 * bcopyb() is a 'dumb' byte-granular bcopy. It is only used by
55 * devices which need to bcopy device-mapped memory which cannot
56 * otherwise handle 16 or 32 bit ops.
57 */
58 ALIGN_TEXT
59 ENTRY(bcopyb)
60 pushl %esi
61 pushl %edi
62 movl 12(%esp),%esi
63 movl 16(%esp),%edi
64 movl 20(%esp),%ecx
65 movl %edi,%eax
66 subl %esi,%eax
67 cmpl %ecx,%eax /* overlapping && src < dst? */
68 jb 1f
69 cld /* nope, copy forwards */
70 rep
71 movsb
72 popl %edi
73 popl %esi
74 ret
75
76 ALIGN_TEXT
77 1:
78 addl %ecx,%edi /* copy backwards. */
79 addl %ecx,%esi
80 decl %edi
81 decl %esi
82 std
83 rep
84 movsb
85 popl %edi
86 popl %esi
87 cld
88 ret
89
90 /*
91 * bcopyi(s, d, len) (NON OVERLAPPING)
92 *
93 * This is a dumb 32-bit-granular bcopy
94 */
95 ALIGN_TEXT
96 ENTRY(bcopyi)
97 pushl %esi
98 pushl %edi
99 movl 12(%esp),%esi
100 movl 16(%esp),%edi
101 movl 20(%esp),%ecx
102 shrl $2,%ecx
103 cld
104 rep
105 movsl
106 popl %edi
107 popl %esi
108 ret
109
110 /*
111 * If memcpy/bcopy is called as part of a copyin or copyout, the
112 * on-fault routine is set up to do a 'ret'. We have to restore
113 * %ebx and return to the copyin/copyout fault handler.
114 */
115 generic_onfault:
116 popl %ebx
117 addl $4,%esp /* skip normal return vector */
118 ret /* return to copyin/copyout fault handler */
119
120 /*
121 * GENERIC BCOPY() - COPY DIRECTION CHECK AND FORWARDS COPY
122 *
123 * Reasonably optimal on all modern machines.
124 */
125
126 SUPERALIGN_TEXT
127 ENTRY(asm_generic_memcpy) /* memcpy() entry point use optimal copy */
128 pushl %ebx
129 pushl $generic_onfault
130 jmp 2f
131
132 SUPERALIGN_TEXT
133 ENTRY(asm_generic_bcopy)
134 pushl %ebx
135 pushl $generic_onfault
136 cmpl %esi,%edi /* if (edi < esi) fwd copy ok */
137 jb 2f
138 addl %ecx,%esi
139 cmpl %esi,%edi /* if (edi < esi + count) do bkwrds copy */
140 jb 10f
141 subl %ecx,%esi
142 jmp 2f
143
144 SUPERALIGN_TEXT
145 1:
146 movl (%esi),%eax
147 movl 4(%esi),%ebx
148 movl 8(%esi),%edx
149 movl %eax,(%edi)
150 movl 12(%esi),%eax
151 movl %ebx,4(%edi)
152 movl 16(%esi),%ebx
153 movl %edx,8(%edi)
154 movl 20(%esi),%edx
155 movl %eax,12(%edi)
156 movl 24(%esi),%eax
157 movl %ebx,16(%edi)
158 movl 28(%esi),%ebx
159 movl %edx,20(%edi)
160 movl %eax,24(%edi)
161 addl $32,%esi
162 movl %ebx,28(%edi)
163 addl $32,%edi
164 2:
165 subl $32,%ecx
166 jae 1b
167 addl $32,%ecx
168 jz 3f
169 cld
170 rep
171 movsb
172 3:
173 addl $4,%esp
174 popl %ebx
175 ret
176
177 /*
178 * GENERIC_BCOPY() - BACKWARDS COPY
179 */
180 SUPERALIGN_TEXT
181 10:
182 addl %ecx,%edi
183 jmp 12f
184
185 SUPERALIGN_TEXT
186 11:
187 movl -4(%esi),%eax
188 movl -8(%esi),%ebx
189 movl -12(%esi),%edx
190 movl %eax,-4(%edi)
191 movl -16(%esi),%eax
192 movl %ebx,-8(%edi)
193 movl -20(%esi),%ebx
194 movl %edx,-12(%edi)
195 movl -24(%esi),%edx
196 movl %eax,-16(%edi)
197 movl -28(%esi),%eax
198 movl %ebx,-20(%edi)
199 movl -32(%esi),%ebx
200 movl %edx,-24(%edi)
201 movl %eax,-28(%edi)
202 subl $32,%esi
203 movl %ebx,-32(%edi)
204 subl $32,%edi
205 12:
206 subl $32,%ecx
207 jae 11b
208 addl $32,%ecx
209 jz 13f
210 decl %esi
211 decl %edi
212 std
213 rep
214 movsb
215 cld
216 13:
217 addl $4,%esp
218 popl %ebx
219 ret
220
221 /*
222 * MMX BCOPY() - COPY DIRECTION CHECK AND FORWARDS COPY
223 *
224 * note: esi, edi, eax, ecx, and edx are allowed to be destroyed.
225 *
226 * In order for the kernel to be able to use the FPU:
227 *
228 * (1) The kernel may not already be using the fpu.
229 *
230 * (2) If the fpu is owned by the application, we must save
231 * its state. If the fpu is not owned by the application
232 * the application's saved fp state may already exist
233 * in TD_SAVEFPU.
234 *
235 * (3) We cannot allow the kernel to overwrite the application's
236 * FPU state with our own, so we make sure the application's
237 * FPU state has been saved and then point TD_SAVEFPU at a
238 * temporary fpu save area in the globaldata structure.
239 *
240 * RACES/ALGORITHM:
241 *
242 * If gd_npxthread is not NULL we must save the application's
243 * current FP state to the current save area and then NULL
244 * out gd_npxthread to interlock against new interruptions
245 * changing the FP state further.
246 *
247 * If gd_npxthread is NULL the FP unit is in a known 'safe'
248 * state and may be used once the new save area is installed.
249 *
250 * race(1): If an interrupt occurs just prior to calling fxsave
251 * all that happens is that fxsave gets a npxdna trap, restores
252 * the app's environment, and immediately traps, restores,
253 * and saves it again.
254 *
255 * race(2): No interrupt can safely occur after we NULL-out
256 * npxthread until we fnclex, because the kernel assumes that
257 * the FP unit is in a safe state when npxthread is NULL. It's
258 * more convenient to use a cli sequence here (it is not
259 * considered to be in the critical path), but a critical
260 * section would also work.
261 *
262 * NOTE ON FNINIT vs FNCLEX - Making the FP unit safe here is
263 * the goal. It should be sufficient to just call FNCLEX rather
264 * then having to FNINIT the entire unit.
265 *
266 * race(3): The FP unit is in a known state (because npxthread
267 * was either previously NULL or we saved and init'd and made
268 * it NULL). This is true even if we are preempted and the
269 * preempting thread uses the FP unit, because it will be
270 * fninit's again on return. ANY STATE WE SAVE TO THE FPU MAY
271 * BE DESTROYED BY PREEMPTION WHILE NPXTHREAD IS NULL! However,
272 * an interrupt occuring inbetween clts and the setting of
273 * gd_npxthread may set the TS bit again and cause the next
274 * npxdna() to panic when it sees a non-NULL gd_npxthread.
275 *
276 * We can safely set TD_SAVEFPU to point to a new uninitialized
277 * save area and then set GD_NPXTHREAD to non-NULL. If an
278 * interrupt occurs after we set GD_NPXTHREAD, all that happens
279 * is that the safe FP state gets saved and restored. We do not
280 * need to clex again.
281 *
282 * We can safely clts after setting up the new save-area, before
283 * installing gd_npxthread, even if we get preempted just after
284 * calling clts. This is because the FP unit will be in a safe
285 * state while gd_npxthread is NULL. Setting gd_npxthread will
286 * simply lock-in that safe-state. Calling clts saves
287 * unnecessary trap overhead since we are about to use the FP
288 * unit anyway and don't need to 'restore' any state prior to
289 * that first use.
290 *
291 * MMX+XMM (SSE2): Typical on Athlons, later P4s. 128 bit media insn.
292 * MMX: Typical on XPs and P3s. 64 bit media insn.
293 */
294
295 #define MMX_SAVE_BLOCK(missfunc) \
296 cmpl $2048,%ecx ; \
297 jb missfunc ; \
298 movl MYCPU,%eax ; /* EAX = MYCPU */ \
299 btsl $1,GD_FPU_LOCK(%eax) ; \
300 jc missfunc ; \
301 pushl %ebx ; \
302 pushl %ecx ; \
303 movl GD_CURTHREAD(%eax),%edx ; /* EDX = CURTHREAD */ \
304 movl TD_SAVEFPU(%edx),%ebx ; /* save app save area */\
305 addl $TDPRI_CRIT,TD_PRI(%edx) ; \
306 cmpl $0,GD_NPXTHREAD(%eax) ; \
307 je 100f ; \
308 fxsave 0(%ebx) ; /* race(1) */ \
309 movl $0,GD_NPXTHREAD(%eax) ; /* interlock intr */ \
310 clts ; \
311 fnclex ; /* race(2) */ \
312 100: ; \
313 leal GD_SAVEFPU(%eax),%ecx ; \
314 movl %ecx,TD_SAVEFPU(%edx) ; \
315 orl $TDF_KERNELFP,TD_FLAGS(%edx) ; \
316 clts ; \
317 movl %edx,GD_NPXTHREAD(%eax) ; /* race(3) */ \
318 subl $TDPRI_CRIT,TD_PRI(%edx) ; /* crit_exit() */ \
319 cmpl $0,GD_REQFLAGS(%eax) ; \
320 je 101f ; \
321 cmpl $TDPRI_CRIT,TD_PRI(%edx) ; \
322 jge 101f ; \
323 call splz_check ; \
324 /* note: eax,ecx,edx destroyed */ \
325 101: ; \
326 movl (%esp),%ecx ; \
327 movl $mmx_onfault,(%esp) ; \
328
329 /*
330 * When restoring the application's FP state we must first clear
331 * npxthread to prevent further saves, then restore the pointer
332 * to the app's save area. We do not have to (and should not)
333 * restore the app's FP state now. Note that we do not have to
334 * call fnclex because our use of the FP guarentees that it is in
335 * a 'safe' state (at least for kernel use).
336 *
337 * NOTE: it is not usually safe to mess with CR0 outside of a
338 * critical section, because TS may get set by a preemptive
339 * interrupt. However, we *can* race a load/set-ts/store against
340 * an interrupt doing the same thing.
341 *
342 * WARNING! A Virtual kernel depends on CR0_TS remaining set after
343 * we use the FP unit if it asked it to be set.
344 */
345
346 #define MMX_RESTORE_BLOCK \
347 addl $4,%esp ; \
348 MMX_RESTORE_BLOCK2
349
350 #define MMX_RESTORE_BLOCK2 \
351 movl MYCPU,%ecx ; \
352 movl GD_CURTHREAD(%ecx),%edx ; \
353 movl $0,GD_NPXTHREAD(%ecx) ; \
354 andl $~TDF_KERNELFP,TD_FLAGS(%edx) ; \
355 movl %ebx,TD_SAVEFPU(%edx) ; \
356 smsw %ax ; \
357 popl %ebx ; \
358 orb $CR0_TS,%al ; \
359 lmsw %ax ; \
360 movl $0,GD_FPU_LOCK(%ecx)
361
362 /*
363 * xmm/mmx_onfault routine. Restore the fpu state, skip the normal
364 * return vector, and return to the caller's on-fault routine
365 * (which was pushed on the callers stack just before he called us)
366 */
367 ALIGN_TEXT
368 mmx_onfault:
369 MMX_RESTORE_BLOCK2
370 addl $4,%esp
371 ret
372
373 /*
374 * MXX entry points - only support 64 bit media instructions
375 */
376 SUPERALIGN_TEXT
377 ENTRY(asm_mmx_memcpy) /* memcpy() entry point use optimal copy */
378 MMX_SAVE_BLOCK(asm_generic_memcpy)
379 jmp 5f
380
381 SUPERALIGN_TEXT
382 ENTRY(asm_mmx_bcopy)
383 MMX_SAVE_BLOCK(asm_generic_bcopy)
384 cmpl %esi,%edi /* if (edi < esi) fwd copy ok */
385 jb 5f
386 addl %ecx,%esi
387 cmpl %esi,%edi /* if (edi < esi + count) do bkwrds copy */
388 jb 10f
389 subl %ecx,%esi
390 jmp 5f
391
392 /*
393 * XMM entry points - support 128 bit media instructions
394 */
395 SUPERALIGN_TEXT
396 ENTRY(asm_xmm_memcpy) /* memcpy() entry point use optimal copy */
397 MMX_SAVE_BLOCK(asm_generic_memcpy)
398 jmp 1f
399
400 SUPERALIGN_TEXT
401 ENTRY(asm_xmm_bcopy)
402 MMX_SAVE_BLOCK(asm_generic_bcopy)
403 cmpl %esi,%edi /* if (edi < esi) fwd copy ok */
404 jb 1f
405 addl %ecx,%esi
406 cmpl %esi,%edi /* if (edi < esi + count) do bkwrds copy */
407 jb 10f
408 subl %ecx,%esi
409 1:
410 movl %esi,%eax /* skip xmm if the data is not aligned */
411 andl $15,%eax
412 jnz 5f
413 movl %edi,%eax
414 andl $15,%eax
415 jz 3f
416 jmp 5f
417
418 SUPERALIGN_TEXT
419 2:
420 movdqa (%esi),%xmm0
421 movdqa 16(%esi),%xmm1
422 movdqa 32(%esi),%xmm2
423 movdqa 48(%esi),%xmm3
424 movdqa 64(%esi),%xmm4
425 movdqa 80(%esi),%xmm5
426 movdqa 96(%esi),%xmm6
427 movdqa 112(%esi),%xmm7
428 /*prefetchnta 128(%esi) 3dNOW */
429 addl $128,%esi
430
431 /*
432 * movdqa or movntdq can be used.
433 */
434 movdqa %xmm0,(%edi)
435 movdqa %xmm1,16(%edi)
436 movdqa %xmm2,32(%edi)
437 movdqa %xmm3,48(%edi)
438 movdqa %xmm4,64(%edi)
439 movdqa %xmm5,80(%edi)
440 movdqa %xmm6,96(%edi)
441 movdqa %xmm7,112(%edi)
442 addl $128,%edi
443 3:
444 subl $128,%ecx
445 jae 2b
446 addl $128,%ecx
447 jz 6f
448 jmp 5f
449 SUPERALIGN_TEXT
450 4:
451 movq (%esi),%mm0
452 movq 8(%esi),%mm1
453 movq 16(%esi),%mm2
454 movq 24(%esi),%mm3
455 movq 32(%esi),%mm4
456 movq 40(%esi),%mm5
457 movq 48(%esi),%mm6
458 movq 56(%esi),%mm7
459 /*prefetchnta 128(%esi) 3dNOW */
460 addl $64,%esi
461 movq %mm0,(%edi)
462 movq %mm1,8(%edi)
463 movq %mm2,16(%edi)
464 movq %mm3,24(%edi)
465 movq %mm4,32(%edi)
466 movq %mm5,40(%edi)
467 movq %mm6,48(%edi)
468 movq %mm7,56(%edi)
469 addl $64,%edi
470 5:
471 subl $64,%ecx
472 jae 4b
473 addl $64,%ecx
474 jz 6f
475 cld
476 rep
477 movsb
478 6:
479 MMX_RESTORE_BLOCK
480 ret
481
482 /*
483 * GENERIC_BCOPY() - BACKWARDS COPY
484 *
485 * Don't bother using xmm optimizations, just stick with mmx.
486 */
487 SUPERALIGN_TEXT
488 10:
489 addl %ecx,%edi
490 jmp 12f
491
492 SUPERALIGN_TEXT
493 11:
494 movq -64(%esi),%mm0
495 movq -56(%esi),%mm1
496 movq -48(%esi),%mm2
497 movq -40(%esi),%mm3
498 movq -32(%esi),%mm4
499 movq -24(%esi),%mm5
500 movq -16(%esi),%mm6
501 movq -8(%esi),%mm7
502 /*prefetchnta -128(%esi)*/
503 subl $64,%esi
504 movq %mm0,-64(%edi)
505 movq %mm1,-56(%edi)
506 movq %mm2,-48(%edi)
507 movq %mm3,-40(%edi)
508 movq %mm4,-32(%edi)
509 movq %mm5,-24(%edi)
510 movq %mm6,-16(%edi)
511 movq %mm7,-8(%edi)
512 subl $64,%edi
513 12:
514 subl $64,%ecx
515 jae 11b
516 addl $64,%ecx
517 jz 13f
518 decl %esi
519 decl %edi
520 std
521 rep
522 movsb
523 cld
524 13:
525 MMX_RESTORE_BLOCK
526 ret
527
DragonFly BSD