1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Copyright (C) 1994 Linus Torvalds
4 *
5 * Pentium III FXSR, SSE support
6 * General FPU state handling cleanups
7 *	Gareth Hughes <gareth@valinux.com>, May 2000
8 * x86-64 work by Andi Kleen 2002
9 */
10
11#ifndef _ASM_X86_FPU_INTERNAL_H
12#define _ASM_X86_FPU_INTERNAL_H
13
14#include <linux/compat.h>
15#include <linux/sched.h>
16#include <linux/slab.h>
17#include <linux/mm.h>
18
19#include <asm/user.h>
20#include <asm/fpu/api.h>
21#include <asm/fpu/xstate.h>
22#include <asm/fpu/xcr.h>
23#include <asm/cpufeature.h>
24#include <asm/trace/fpu.h>
25
26/*
27 * High level FPU state handling functions:
28 */
29extern void fpu__prepare_read(struct fpu *fpu);
30extern void fpu__prepare_write(struct fpu *fpu);
31extern void fpu__save(struct fpu *fpu);
32extern int  fpu__restore_sig(void __user *buf, int ia32_frame);
33extern void fpu__drop(struct fpu *fpu);
34extern int  fpu__copy(struct task_struct *dst, struct task_struct *src);
35extern void fpu__clear_user_states(struct fpu *fpu);
36extern void fpu__clear_all(struct fpu *fpu);
37extern int  fpu__exception_code(struct fpu *fpu, int trap_nr);
38
39/*
40 * Boot time FPU initialization functions:
41 */
42extern void fpu__init_cpu(void);
43extern void fpu__init_system_xstate(void);
44extern void fpu__init_cpu_xstate(void);
45extern void fpu__init_system(void);
46extern void fpu__init_check_bugs(void);
47extern void fpu__resume_cpu(void);
48extern u64 fpu__get_supported_xfeatures_mask(void);
49
50/*
51 * Debugging facility:
52 */
53#ifdef CONFIG_X86_DEBUG_FPU
54# define WARN_ON_FPU(x) WARN_ON_ONCE(x)
55#else
56# define WARN_ON_FPU(x) ({ (void)(x); 0; })
57#endif
58
59/*
60 * FPU related CPU feature flag helper routines:
61 */
62static __always_inline __pure bool use_xsaveopt(void)
63{
64	return static_cpu_has(X86_FEATURE_XSAVEOPT);
65}
66
67static __always_inline __pure bool use_xsave(void)
68{
69	return static_cpu_has(X86_FEATURE_XSAVE);
70}
71
72static __always_inline __pure bool use_fxsr(void)
73{
74	return static_cpu_has(X86_FEATURE_FXSR);
75}
76
77/*
78 * fpstate handling functions:
79 */
80
81extern union fpregs_state init_fpstate;
82
83extern void fpstate_init(union fpregs_state *state);
84#ifdef CONFIG_MATH_EMULATION
85extern void fpstate_init_soft(struct swregs_state *soft);
86#else
87static inline void fpstate_init_soft(struct swregs_state *soft) {}
88#endif
89
90static inline void fpstate_init_xstate(struct xregs_state *xsave)
91{
92	/*
93	 * XRSTORS requires these bits set in xcomp_bv, or it will
94	 * trigger #GP:
95	 */
96	xsave->header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT | xfeatures_mask_all;
97}
98
99static inline void fpstate_init_fxstate(struct fxregs_state *fx)
100{
101	fx->cwd = 0x37f;
102	fx->mxcsr = MXCSR_DEFAULT;
103}
104extern void fpstate_sanitize_xstate(struct fpu *fpu);
105
106/* Returns 0 or the negated trap number, which results in -EFAULT for #PF */
107#define user_insn(insn, output, input...)				\
108({									\
109	int err;							\
110									\
111	might_fault();							\
112									\
113	asm volatile(ASM_STAC "\n"					\
114		     "1: " #insn "\n"					\
115		     "2: " ASM_CLAC "\n"				\
116		     ".section .fixup,\"ax\"\n"				\
117		     "3:  negl %%eax\n"					\
118		     "    jmp  2b\n"					\
119		     ".previous\n"					\
120		     _ASM_EXTABLE_FAULT(1b, 3b)				\
121		     : [err] "=a" (err), output				\
122		     : "0"(0), input);					\
123	err;								\
124})
125
126#define kernel_insn_err(insn, output, input...)				\
127({									\
128	int err;							\
129	asm volatile("1:" #insn "\n\t"					\
130		     "2:\n"						\
131		     ".section .fixup,\"ax\"\n"				\
132		     "3:  movl $-1,%[err]\n"				\
133		     "    jmp  2b\n"					\
134		     ".previous\n"					\
135		     _ASM_EXTABLE(1b, 3b)				\
136		     : [err] "=r" (err), output				\
137		     : "0"(0), input);					\
138	err;								\
139})
140
141#define kernel_insn(insn, output, input...)				\
142	asm volatile("1:" #insn "\n\t"					\
143		     "2:\n"						\
144		     _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_fprestore)	\
145		     : output : input)
146
147static inline int copy_fregs_to_user(struct fregs_state __user *fx)
148{
149	return user_insn(fnsave %[fx]; fwait,  [fx] "=m" (*fx), "m" (*fx));
150}
151
152static inline int copy_fxregs_to_user(struct fxregs_state __user *fx)
153{
154	if (IS_ENABLED(CONFIG_X86_32))
155		return user_insn(fxsave %[fx], [fx] "=m" (*fx), "m" (*fx));
156	else
157		return user_insn(fxsaveq %[fx], [fx] "=m" (*fx), "m" (*fx));
158
159}
160
161static inline void copy_kernel_to_fxregs(struct fxregs_state *fx)
162{
163	if (IS_ENABLED(CONFIG_X86_32))
164		kernel_insn(fxrstor %[fx], "=m" (*fx), [fx] "m" (*fx));
165	else
166		kernel_insn(fxrstorq %[fx], "=m" (*fx), [fx] "m" (*fx));
167}
168
169static inline int copy_kernel_to_fxregs_err(struct fxregs_state *fx)
170{
171	if (IS_ENABLED(CONFIG_X86_32))
172		return kernel_insn_err(fxrstor %[fx], "=m" (*fx), [fx] "m" (*fx));
173	else
174		return kernel_insn_err(fxrstorq %[fx], "=m" (*fx), [fx] "m" (*fx));
175}
176
177static inline int copy_user_to_fxregs(struct fxregs_state __user *fx)
178{
179	if (IS_ENABLED(CONFIG_X86_32))
180		return user_insn(fxrstor %[fx], "=m" (*fx), [fx] "m" (*fx));
181	else
182		return user_insn(fxrstorq %[fx], "=m" (*fx), [fx] "m" (*fx));
183}
184
185static inline void copy_kernel_to_fregs(struct fregs_state *fx)
186{
187	kernel_insn(frstor %[fx], "=m" (*fx), [fx] "m" (*fx));
188}
189
190static inline int copy_kernel_to_fregs_err(struct fregs_state *fx)
191{
192	return kernel_insn_err(frstor %[fx], "=m" (*fx), [fx] "m" (*fx));
193}
194
195static inline int copy_user_to_fregs(struct fregs_state __user *fx)
196{
197	return user_insn(frstor %[fx], "=m" (*fx), [fx] "m" (*fx));
198}
199
200static inline void copy_fxregs_to_kernel(struct fpu *fpu)
201{
202	if (IS_ENABLED(CONFIG_X86_32))
203		asm volatile( "fxsave %[fx]" : [fx] "=m" (fpu->state.fxsave));
204	else
205		asm volatile("fxsaveq %[fx]" : [fx] "=m" (fpu->state.fxsave));
206}
207
208static inline void fxsave(struct fxregs_state *fx)
209{
210	if (IS_ENABLED(CONFIG_X86_32))
211		asm volatile( "fxsave %[fx]" : [fx] "=m" (*fx));
212	else
213		asm volatile("fxsaveq %[fx]" : [fx] "=m" (*fx));
214}
215
216/* These macros all use (%edi)/(%rdi) as the single memory argument. */
217#define XSAVE		".byte " REX_PREFIX "0x0f,0xae,0x27"
218#define XSAVEOPT	".byte " REX_PREFIX "0x0f,0xae,0x37"
219#define XSAVES		".byte " REX_PREFIX "0x0f,0xc7,0x2f"
220#define XRSTOR		".byte " REX_PREFIX "0x0f,0xae,0x2f"
221#define XRSTORS		".byte " REX_PREFIX "0x0f,0xc7,0x1f"
222
223/*
224 * After this @err contains 0 on success or the negated trap number when
225 * the operation raises an exception. For faults this results in -EFAULT.
226 */
227#define XSTATE_OP(op, st, lmask, hmask, err)				\
228	asm volatile("1:" op "\n\t"					\
229		     "xor %[err], %[err]\n"				\
230		     "2:\n\t"						\
231		     ".pushsection .fixup,\"ax\"\n\t"			\
232		     "3: negl %%eax\n\t"				\
233		     "jmp 2b\n\t"					\
234		     ".popsection\n\t"					\
235		     _ASM_EXTABLE_FAULT(1b, 3b)				\
236		     : [err] "=a" (err)					\
237		     : "D" (st), "m" (*st), "a" (lmask), "d" (hmask)	\
238		     : "memory")
239
240/*
241 * If XSAVES is enabled, it replaces XSAVEOPT because it supports a compact
242 * format and supervisor states in addition to modified optimization in
243 * XSAVEOPT.
244 *
245 * Otherwise, if XSAVEOPT is enabled, XSAVEOPT replaces XSAVE because XSAVEOPT
246 * supports modified optimization which is not supported by XSAVE.
247 *
248 * We use XSAVE as a fallback.
249 *
250 * The 661 label is defined in the ALTERNATIVE* macros as the address of the
251 * original instruction which gets replaced. We need to use it here as the
252 * address of the instruction where we might get an exception at.
253 */
254#define XSTATE_XSAVE(st, lmask, hmask, err)				\
255	asm volatile(ALTERNATIVE_2(XSAVE,				\
256				   XSAVEOPT, X86_FEATURE_XSAVEOPT,	\
257				   XSAVES,   X86_FEATURE_XSAVES)	\
258		     "\n"						\
259		     "xor %[err], %[err]\n"				\
260		     "3:\n"						\
261		     ".pushsection .fixup,\"ax\"\n"			\
262		     "4: movl $-2, %[err]\n"				\
263		     "jmp 3b\n"						\
264		     ".popsection\n"					\
265		     _ASM_EXTABLE(661b, 4b)				\
266		     : [err] "=r" (err)					\
267		     : "D" (st), "m" (*st), "a" (lmask), "d" (hmask)	\
268		     : "memory")
269
270/*
271 * Use XRSTORS to restore context if it is enabled. XRSTORS supports compact
272 * XSAVE area format.
273 */
274#define XSTATE_XRESTORE(st, lmask, hmask)				\
275	asm volatile(ALTERNATIVE(XRSTOR,				\
276				 XRSTORS, X86_FEATURE_XSAVES)		\
277		     "\n"						\
278		     "3:\n"						\
279		     _ASM_EXTABLE_HANDLE(661b, 3b, ex_handler_fprestore)\
280		     :							\
281		     : "D" (st), "m" (*st), "a" (lmask), "d" (hmask)	\
282		     : "memory")
283
284/*
285 * This function is called only during boot time when x86 caps are not set
286 * up and alternative can not be used yet.
287 */
288static inline void copy_kernel_to_xregs_booting(struct xregs_state *xstate)
289{
290	u64 mask = -1;
291	u32 lmask = mask;
292	u32 hmask = mask >> 32;
293	int err;
294
295	WARN_ON(system_state != SYSTEM_BOOTING);
296
297	if (boot_cpu_has(X86_FEATURE_XSAVES))
298		XSTATE_OP(XRSTORS, xstate, lmask, hmask, err);
299	else
300		XSTATE_OP(XRSTOR, xstate, lmask, hmask, err);
301
302	/*
303	 * We should never fault when copying from a kernel buffer, and the FPU
304	 * state we set at boot time should be valid.
305	 */
306	WARN_ON_FPU(err);
307}
308
309/*
310 * Save processor xstate to xsave area.
311 */
312static inline void copy_xregs_to_kernel(struct xregs_state *xstate)
313{
314	u64 mask = xfeatures_mask_all;
315	u32 lmask = mask;
316	u32 hmask = mask >> 32;
317	int err;
318
319	WARN_ON_FPU(!alternatives_patched);
320
321	XSTATE_XSAVE(xstate, lmask, hmask, err);
322
323	/* We should never fault when copying to a kernel buffer: */
324	WARN_ON_FPU(err);
325}
326
327/*
328 * Restore processor xstate from xsave area.
329 */
330static inline void copy_kernel_to_xregs(struct xregs_state *xstate, u64 mask)
331{
332	u32 lmask = mask;
333	u32 hmask = mask >> 32;
334
335	XSTATE_XRESTORE(xstate, lmask, hmask);
336}
337
338/*
339 * Save xstate to user space xsave area.
340 *
341 * We don't use modified optimization because xrstor/xrstors might track
342 * a different application.
343 *
344 * We don't use compacted format xsave area for
345 * backward compatibility for old applications which don't understand
346 * compacted format of xsave area.
347 */
348static inline int copy_xregs_to_user(struct xregs_state __user *buf)
349{
350	u64 mask = xfeatures_mask_user();
351	u32 lmask = mask;
352	u32 hmask = mask >> 32;
353	int err;
354
355	/*
356	 * Clear the xsave header first, so that reserved fields are
357	 * initialized to zero.
358	 */
359	err = __clear_user(&buf->header, sizeof(buf->header));
360	if (unlikely(err))
361		return -EFAULT;
362
363	stac();
364	XSTATE_OP(XSAVE, buf, lmask, hmask, err);
365	clac();
366
367	return err;
368}
369
370/*
371 * Restore xstate from user space xsave area.
372 */
373static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
374{
375	struct xregs_state *xstate = ((__force struct xregs_state *)buf);
376	u32 lmask = mask;
377	u32 hmask = mask >> 32;
378	int err;
379
380	stac();
381	XSTATE_OP(XRSTOR, xstate, lmask, hmask, err);
382	clac();
383
384	return err;
385}
386
387/*
388 * Restore xstate from kernel space xsave area, return an error code instead of
389 * an exception.
390 */
391static inline int copy_kernel_to_xregs_err(struct xregs_state *xstate, u64 mask)
392{
393	u32 lmask = mask;
394	u32 hmask = mask >> 32;
395	int err;
396
397	if (static_cpu_has(X86_FEATURE_XSAVES))
398		XSTATE_OP(XRSTORS, xstate, lmask, hmask, err);
399	else
400		XSTATE_OP(XRSTOR, xstate, lmask, hmask, err);
401
402	return err;
403}
404
405extern int copy_fpregs_to_fpstate(struct fpu *fpu);
406
407static inline void __copy_kernel_to_fpregs(union fpregs_state *fpstate, u64 mask)
408{
409	if (use_xsave()) {
410		copy_kernel_to_xregs(&fpstate->xsave, mask);
411	} else {
412		if (use_fxsr())
413			copy_kernel_to_fxregs(&fpstate->fxsave);
414		else
415			copy_kernel_to_fregs(&fpstate->fsave);
416	}
417}
418
419static inline void copy_kernel_to_fpregs(union fpregs_state *fpstate)
420{
421	/*
422	 * AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception is
423	 * pending. Clear the x87 state here by setting it to fixed values.
424	 * "m" is a random variable that should be in L1.
425	 */
426	if (unlikely(static_cpu_has_bug(X86_BUG_FXSAVE_LEAK))) {
427		asm volatile(
428			"fnclex\n\t"
429			"emms\n\t"
430			"fildl %P[addr]"	/* set F?P to defined value */
431			: : [addr] "m" (fpstate));
432	}
433
434	__copy_kernel_to_fpregs(fpstate, -1);
435}
436
437extern int copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size);
438
439/*
440 * FPU context switch related helper methods:
441 */
442
443DECLARE_PER_CPU(struct fpu *, fpu_fpregs_owner_ctx);
444
445/*
446 * The in-register FPU state for an FPU context on a CPU is assumed to be
447 * valid if the fpu->last_cpu matches the CPU, and the fpu_fpregs_owner_ctx
448 * matches the FPU.
449 *
450 * If the FPU register state is valid, the kernel can skip restoring the
451 * FPU state from memory.
452 *
453 * Any code that clobbers the FPU registers or updates the in-memory
454 * FPU state for a task MUST let the rest of the kernel know that the
455 * FPU registers are no longer valid for this task.
456 *
457 * Either one of these invalidation functions is enough. Invalidate
458 * a resource you control: CPU if using the CPU for something else
459 * (with preemption disabled), FPU for the current task, or a task that
460 * is prevented from running by the current task.
461 */
462static inline void __cpu_invalidate_fpregs_state(void)
463{
464	__this_cpu_write(fpu_fpregs_owner_ctx, NULL);
465}
466
467static inline void __fpu_invalidate_fpregs_state(struct fpu *fpu)
468{
469	fpu->last_cpu = -1;
470}
471
472static inline int fpregs_state_valid(struct fpu *fpu, unsigned int cpu)
473{
474	return fpu == this_cpu_read(fpu_fpregs_owner_ctx) && cpu == fpu->last_cpu;
475}
476
477/*
478 * These generally need preemption protection to work,
479 * do try to avoid using these on their own:
480 */
481static inline void fpregs_deactivate(struct fpu *fpu)
482{
483	this_cpu_write(fpu_fpregs_owner_ctx, NULL);
484	trace_x86_fpu_regs_deactivated(fpu);
485}
486
487static inline void fpregs_activate(struct fpu *fpu)
488{
489	this_cpu_write(fpu_fpregs_owner_ctx, fpu);
490	trace_x86_fpu_regs_activated(fpu);
491}
492
493/*
494 * Internal helper, do not use directly. Use switch_fpu_return() instead.
495 */
496static inline void __fpregs_load_activate(void)
497{
498	struct fpu *fpu = &current->thread.fpu;
499	int cpu = smp_processor_id();
500
501	if (WARN_ON_ONCE(current->flags & PF_KTHREAD))
502		return;
503
504	if (!fpregs_state_valid(fpu, cpu)) {
505		copy_kernel_to_fpregs(&fpu->state);
506		fpregs_activate(fpu);
507		fpu->last_cpu = cpu;
508	}
509	clear_thread_flag(TIF_NEED_FPU_LOAD);
510}
511
512/*
513 * FPU state switching for scheduling.
514 *
515 * This is a two-stage process:
516 *
517 *  - switch_fpu_prepare() saves the old state.
518 *    This is done within the context of the old process.
519 *
520 *  - switch_fpu_finish() sets TIF_NEED_FPU_LOAD; the floating point state
521 *    will get loaded on return to userspace, or when the kernel needs it.
522 *
523 * If TIF_NEED_FPU_LOAD is cleared then the CPU's FPU registers
524 * are saved in the current thread's FPU register state.
525 *
526 * If TIF_NEED_FPU_LOAD is set then CPU's FPU registers may not
527 * hold current()'s FPU registers. It is required to load the
528 * registers before returning to userland or using the content
529 * otherwise.
530 *
531 * The FPU context is only stored/restored for a user task and
532 * PF_KTHREAD is used to distinguish between kernel and user threads.
533 */
534static inline void switch_fpu_prepare(struct task_struct *prev, int cpu)
535{
536	struct fpu *old_fpu = &prev->thread.fpu;
537
538	if (static_cpu_has(X86_FEATURE_FPU) && !(prev->flags & PF_KTHREAD)) {
539		if (!copy_fpregs_to_fpstate(old_fpu))
540			old_fpu->last_cpu = -1;
541		else
542			old_fpu->last_cpu = cpu;
543
544		/* But leave fpu_fpregs_owner_ctx! */
545		trace_x86_fpu_regs_deactivated(old_fpu);
546	}
547}
548
549/*
550 * Misc helper functions:
551 */
552
553/*
554 * Load PKRU from the FPU context if available. Delay loading of the
555 * complete FPU state until the return to userland.
556 */
557static inline void switch_fpu_finish(struct task_struct *next)
558{
559	u32 pkru_val = init_pkru_value;
560	struct pkru_state *pk;
561	struct fpu *next_fpu = &next->thread.fpu;
562
563	if (!static_cpu_has(X86_FEATURE_FPU))
564		return;
565
566	set_thread_flag(TIF_NEED_FPU_LOAD);
567
568	if (!cpu_feature_enabled(X86_FEATURE_OSPKE))
569		return;
570
571	/*
572	 * PKRU state is switched eagerly because it needs to be valid before we
573	 * return to userland e.g. for a copy_to_user() operation.
574	 */
575	if (!(next->flags & PF_KTHREAD)) {
576		/*
577		 * If the PKRU bit in xsave.header.xfeatures is not set,
578		 * then the PKRU component was in init state, which means
579		 * XRSTOR will set PKRU to 0. If the bit is not set then
580		 * get_xsave_addr() will return NULL because the PKRU value
581		 * in memory is not valid. This means pkru_val has to be
582		 * set to 0 and not to init_pkru_value.
583		 */
584		pk = get_xsave_addr(&next_fpu->state.xsave, XFEATURE_PKRU);
585		pkru_val = pk ? pk->pkru : 0;
586	}
587	__write_pkru(pkru_val);
588}
589
590#endif /* _ASM_X86_FPU_INTERNAL_H */
591