1 /* $NetBSD: cpu_extended_state.h,v 1.19 2025/04/24 01:50:39 riastradh Exp $ */ 2 3 #ifndef _X86_CPU_EXTENDED_STATE_H_ 4 #define _X86_CPU_EXTENDED_STATE_H_ 5 6 #ifdef __lint__ 7 /* Lint has different packing rules and doesn't understand __aligned() */ 8 #define __CTASSERT_NOLINT(x) __CTASSERT(1) 9 #else 10 #define __CTASSERT_NOLINT(x) __CTASSERT(x) 11 #endif 12 13 /* 14 * This file contains definitions of structures that match the memory layouts 15 * used on x86 processors to save floating point registers and other extended 16 * cpu states. 17 * 18 * This includes registers (etc) used by SSE/SSE2/SSE3/SSSE3/SSE4 and the later 19 * AVX instructions. 20 * 21 * The definitions are such that any future 'extended state' should be handled, 22 * provided the kernel doesn't need to know the actual contents. 23 * 24 * The actual structures the cpu accesses must be aligned to 16 bytes for FXSAVE 25 * and 64 for XSAVE. The types aren't aligned because copies do not need extra 26 * alignment. 27 * 28 * The slightly different layout saved by the i387 fsave is also defined. 29 * This is only normally written by pre Pentium II type cpus that don't 30 * support the fxsave instruction. 31 * 32 * Associated save instructions: 33 * FNSAVE: Saves x87 state in 108 bytes (original i387 layout). Then 34 * reinitializes the fpu. 35 * FSAVE: Encodes to FWAIT followed by FNSAVE. 36 * FXSAVE: Saves the x87 state and XMM (aka SSE) registers to the first 37 * 448 (max) bytes of a 512 byte area. This layout does not match 38 * that written by FNSAVE. 39 * XSAVE: Uses the same layout for the x87 and XMM registers, followed by 40 * a 64byte header and separate save areas for additional extended 41 * cpu states. The x87 state is always saved, the others 42 * conditionally. 43 * XSAVEOPT: Same as XSAVE but only writes the registers blocks that have 44 * been modified. 45 */ 46 47 /* 48 * Layout for code/data pointers relating to FP exceptions. Marked 'packed' 49 * because they aren't always 64bit aligned. Since the x86 cpu supports 50 * misaligned accesses it isn't worth avoiding the 'packed' attribute. 51 */ 52 union fp_addr { 53 uint64_t fa_64; /* Linear address for 64bit systems */ 54 struct { 55 uint32_t fa_off; /* linear address for 32 bit */ 56 uint16_t fa_seg; /* code/data (etc) segment */ 57 uint16_t fa_opcode; /* last opcode (sometimes) */ 58 } fa_32; 59 } __packed __aligned(4); 60 61 /* The x87 registers are 80 bits */ 62 struct fpacc87 { 63 uint64_t f87_mantissa; /* mantissa */ 64 uint16_t f87_exp_sign; /* exponent and sign */ 65 } __packed __aligned(2); 66 67 /* The x87 registers padded out to 16 bytes for fxsave */ 68 struct fpaccfx { 69 struct fpacc87 r __aligned(16); 70 }; 71 72 /* The SSE/SSE2 registers are 128 bits */ 73 struct xmmreg { 74 uint8_t xmm_bytes[16]; 75 }; 76 77 /* The AVX registers are 256 bits, but the low bits are the xmmregs */ 78 struct ymmreg { 79 uint8_t ymm_bytes[16]; 80 }; 81 82 /* The AVX-512 registers are 512 bits but the low bits are in xmmregs 83 * and ymmregs */ 84 struct zmmreg { 85 uint8_t zmm_bytes[32]; 86 }; 87 88 /* 512-bit ZMM register. */ 89 struct hi16_zmmreg { 90 uint8_t zmm_bytes[64]; 91 }; 92 93 /* 94 * Floating point unit registers (FSAVE instruction). 95 * 96 * The s87_ac[] and fx_87_ac[] are relative to the stack top. The 'tag word' 97 * contains 2 bits per register and refers to absolute register numbers. 98 * 99 * The cpu sets the tag values 0b01 (zero) and 0b10 (special) when a value 100 * is loaded. The software need only set 0b00 (used) and 0xb11 (unused). 101 * The fxsave 'Abridged tag word' in inverted. 102 */ 103 struct save87 { 104 uint16_t s87_cw __aligned(4); /* control word */ 105 uint16_t s87_sw __aligned(4); /* status word */ 106 uint16_t s87_tw __aligned(4); /* tag word */ 107 union fp_addr s87_ip; /* floating point instruction pointer */ 108 #define s87_opcode s87_ip.fa_32.fa_opcode /* opcode last executed (11bits) */ 109 union fp_addr s87_dp; /* floating operand offset */ 110 struct fpacc87 s87_ac[8]; /* accumulator contents */ 111 }; 112 __CTASSERT_NOLINT(sizeof(struct save87) == 108); 113 114 /* 115 * FPU/MMX/SSE/SSE2 context (FXSAVE instruction). 116 */ 117 struct fxsave { 118 uint16_t fx_cw; /* FPU Control Word */ 119 uint16_t fx_sw; /* FPU Status Word */ 120 uint8_t fx_tw; /* FPU Tag Word (abridged) */ 121 uint8_t fx_zero; /* zero */ 122 uint16_t fx_opcode; /* FPU Opcode */ 123 union fp_addr fx_ip; /* FPU Instruction Pointer */ 124 union fp_addr fx_dp; /* FPU Data pointer */ 125 uint32_t fx_mxcsr; /* MXCSR Register State */ 126 uint32_t fx_mxcsr_mask; 127 struct fpaccfx fx_87_ac[8]; /* 8 x87 registers */ 128 struct xmmreg fx_xmm[16]; /* XMM regs (8 in 32bit modes) */ 129 uint8_t fx_rsvd[96]; 130 } __aligned(16); 131 __CTASSERT_NOLINT(sizeof(struct fxsave) == 512); 132 133 /* 134 * For XSAVE, a 64byte header follows the fxsave data. 135 */ 136 struct xsave_header { 137 uint8_t xsh_fxsave[512]; /* struct fxsave */ 138 uint64_t xsh_xstate_bv; /* bitmap of saved sub structures */ 139 uint64_t xsh_xcomp_bv; /* bitmap of compact sub structures */ 140 uint8_t xsh_rsrvd[8]; /* must be zero */ 141 uint8_t xsh_reserved[40]; /* best if zero */ 142 }; 143 __CTASSERT(sizeof(struct xsave_header) == 512 + 64); 144 145 /* 146 * The ymm save area actually follows the xsave_header. 147 */ 148 struct xsave_ymm { 149 struct ymmreg xs_ymm[16]; /* High bits of YMM registers */ 150 }; 151 __CTASSERT(sizeof(struct xsave_ymm) == 256); 152 153 /* 154 * AVX-512: opmask state. 155 */ 156 struct xsave_opmask { 157 uint64_t xs_k[8]; /* k0..k7 registers. */ 158 }; 159 __CTASSERT(sizeof(struct xsave_opmask) == 64); 160 161 /* 162 * AVX-512: ZMM_Hi256 state. 163 */ 164 struct xsave_zmm_hi256 { 165 struct zmmreg xs_zmm[16]; /* High bits of zmm0..zmm15 registers. */ 166 }; 167 __CTASSERT(sizeof(struct xsave_zmm_hi256) == 512); 168 169 /* 170 * AVX-512: Hi16_ZMM state. 171 */ 172 struct xsave_hi16_zmm { 173 struct hi16_zmmreg xs_hi16_zmm[16]; /* zmm16..zmm31 registers. */ 174 }; 175 __CTASSERT(sizeof(struct xsave_hi16_zmm) == 1024); 176 177 /* 178 * Structure used to hold all interesting data from XSAVE, in predictable form. 179 * Note that this structure can have new members added to the end. 180 */ 181 struct xstate { 182 /* 183 * The two following fields are bitmaps of XSAVE components. They can be 184 * matched against XCR0_* constants from <machine/specialreg.h>). 185 */ 186 /* 187 * XSAVE/XRSTOR RFBM parameter. 188 * 189 * PT_GETXSTATE: 1 indicates that the respective XSAVE component is 190 * supported and has been enabled for saving. 0 indicates that it is not 191 * supported by the platform or kernel. 192 * 193 * PT_SETXSTATE: 1 indicates that the respective XSAVE component should 194 * be updated to the value of respective field (or reset if xs_xsave_bv 195 * bit is 0). 0 indicates that it should be left intact. It is an error 196 * to enable bits that are not supported by the platform or kernel. 197 */ 198 uint64_t xs_rfbm; 199 /* 200 * XSAVE/XRSTOR xstate header. 201 * 202 * PT_GETXSTATE: 1 indicates that the respective XSAVE component has been 203 * saved. 0 indicates that it had been in its CPU-defined initial value 204 * at the time of saving (i.e. was not used by the program). 205 * 206 * PT_SETXSTATE: 1 indicates that the respective XSAVE component (if present 207 * in xs_rfbm) should be set to the values in respective field. 0 indicates 208 * that it should be reset to CPU-defined initial value. 209 */ 210 uint64_t xs_xstate_bv; 211 212 /* legacy FXSAVE area (used for x87 & SSE state) */ 213 struct fxsave xs_fxsave; 214 /* AVX state: high bits of ymm0..ymm15 registers */ 215 struct xsave_ymm xs_ymm_hi128; 216 /* AVX-512: opmask */ 217 struct xsave_opmask xs_opmask; 218 /* AVX-512: high bits of zmm0..zmm15 registers */ 219 struct xsave_zmm_hi256 xs_zmm_hi256; 220 /* AVX-512: whole zmm16..zmm31 registers */ 221 struct xsave_hi16_zmm xs_hi16_zmm; 222 }; 223 224 /* 225 * The following union is placed at the end of the pcb. 226 * It is defined this way to separate the definitions and to 227 * minimise the number of union/struct selectors. 228 * NB: Some userspace stuff (eg firefox) uses it to parse ucontext. 229 * NB: This is not actually the largest possible save space; 230 * x86_fpu_save_size may be larger. 231 */ 232 union savefpu { 233 struct save87 sv_87; 234 struct fxsave sv_xmm; 235 #ifdef _KERNEL 236 struct xsave_header sv_xsave_hdr; 237 #endif 238 }; 239 240 /* 241 * 80387 control and status word bits 242 * 243 * The only reference I can find to bits 0x40 and 0x80 in the control word 244 * is for the Weitek 1167/3167. 245 * I (dsl) can't find why the default word has 0x40 set. 246 * 247 * A stack error is signalled as an INVOP that also sets STACK_FAULT 248 * (other INVOP do not clear STACK_FAULT). 249 */ 250 /* Interrupt masks (set masks interrupt) and status bits */ 251 #define EN_SW_INVOP 0x0001 /* Invalid operation */ 252 #define EN_SW_DENORM 0x0002 /* Denormalized operand */ 253 #define EN_SW_ZERODIV 0x0004 /* Divide by zero */ 254 #define EN_SW_OVERFLOW 0x0008 /* Overflow */ 255 #define EN_SW_UNDERFLOW 0x0010 /* Underflow */ 256 #define EN_SW_PRECLOSS 0x0020 /* Loss of precision */ 257 /* Status word bits (reserved in control word) */ 258 #define EN_SW_STACK_FAULT 0x0040 /* Stack under/overflow */ 259 #define EN_SW_ERROR_SUMMARY 0x0080 /* Unmasked error has occurred */ 260 /* Control bits (badly named) */ 261 #define EN_SW_CTL_PREC 0x0300 /* Precision control */ 262 #define EN_SW_PREC_24 0x0000 /* Single precision */ 263 #define EN_SW_PREC_53 0x0200 /* Double precision */ 264 #define EN_SW_PREC_64 0x0300 /* Extended precision */ 265 #define EN_SW_CTL_ROUND 0x0c00 /* Rounding control */ 266 #define EN_SW_ROUND_EVEN 0x0000 /* Round to nearest even */ 267 #define EN_SW_ROUND_DOWN 0x0400 /* Round towards minus infinity */ 268 #define EN_SW_ROUND_UP 0x0800 /* Round towards plus infinity */ 269 #define EN_SW_ROUND_ZERO 0x0c00 /* Round towards zero (truncates) */ 270 #define EN_SW_CTL_INF 0x1000 /* Infinity control, not used */ 271 272 /* 273 * The standard 0x87 control word from finit is 0x37F, giving: 274 * round to nearest 275 * 64-bit precision 276 * all exceptions masked. 277 * 278 * NetBSD used to select: 279 * round to nearest 280 * 53-bit precision 281 * all exceptions masked. 282 * Stating: 64-bit precision often gives bad results with high level 283 * languages because it makes the results of calculations depend on whether 284 * intermediate values are stored in memory or in FPU registers. 285 * Also some 'pathological divisions' give an error in the LSB because 286 * the value is first rounded up when the 64bit mantissa is generated, 287 * and then again when it is truncated to 53 bits. 288 * 289 * However the C language explicitly allows the extra precision. 290 */ 291 #define __INITIAL_NPXCW__ 0x037f 292 /* Modern NetBSD uses the default control word.. */ 293 #define __NetBSD_NPXCW__ __INITIAL_NPXCW__ 294 /* NetBSD before 6.99.26 forced IEEE double precision. */ 295 #define __NetBSD_COMPAT_NPXCW__ 0x127f 296 /* FreeBSD leaves some exceptions unmasked as well. */ 297 #define __FreeBSD_NPXCW__ 0x1272 298 /* Linux just uses the default control word. */ 299 #define __Linux_NPXCW__ __INITIAL_NPXCW__ 300 301 /* 302 * The default MXCSR value at reset is 0x1f80, IA-32 Instruction 303 * Set Reference, pg. 3-369. 304 * 305 * The low 6 bits of the mxcsr are the fp status bits (same order as x87). 306 * Bit 6 is 'denormals are zero' (speeds up calculations). 307 * Bits 7-16 are the interrupt mask bits (same order, 1 to mask). 308 * Bits 13 and 14 are rounding control. 309 * Bit 15 is 'flush to zero' - affects underflow. 310 * Bits 16-31 must be zero. 311 * 312 * The safe MXCSR is fit for constant-time use, e.g. in crypto. Some 313 * CPU instructions take input- dependent time if an exception status 314 * bit is not set; __SAFE_MXCSR__ has the exception status bits all set 315 * already to mitigate this. See: 316 * https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/mxcsr-configuration-dependent-timing.html 317 */ 318 #define __INITIAL_MXCSR__ 0x1f80 319 #define __INITIAL_MXCSR_MASK__ 0xffbf 320 #define __SAFE_MXCSR__ 0x1fbf 321 322 #endif /* _X86_CPU_EXTENDED_STATE_H_ */ 323