1/* $NetBSD: cpu_extended_state.h,v 1.10 2016/08/18 13:00:54 maxv Exp $ */
2
3#ifndef _X86_CPU_EXTENDED_STATE_H_
4#define _X86_CPU_EXTENDED_STATE_H_
5
6#ifdef __lint__
7/* Lint has different packing rules and doesn't understand __aligned() */
8#define __CTASSERT_NOLINT(x) __CTASSERT(1)
9#else
10#define __CTASSERT_NOLINT(x) __CTASSERT(x)
11#endif
12
13/*
14 * This file contains definitions of structures that match the memory layouts
15 * used on x86 processors to save floating point registers and other extended
16 * cpu states.
17 *
18 * This includes registers (etc) used by SSE/SSE2/SSE3/SSSE3/SSE4 and the later
19 * AVX instructions.
20 *
21 * The definitions are such that any future 'extended state' should be handled
22 * (provided the kernel doesn't need to know the actual contents).
23 *
24 * The actual structures the cpu accesses must be aligned to 16 bytes for FXSAVE
25 * and 64 for XSAVE. The types aren't aligned because copies do not need extra
26 * alignment.
27 *
28 * The slightly different layout saved by the i387 fsave is also defined.
29 * This is only normally written by pre Pentium II type cpus that don't
30 * support the fxsave instruction.
31 *
32 * Associated save instructions:
33 * FNSAVE: Saves x87 state in 108 bytes (original i387 layout).
34 * Then reinitializes the fpu.
35 * FSAVE: Encodes to FWAIT followed by FNSAVE.
36 * FXSAVE: Saves the x87 state and XMM (aka SSE) registers to the
37 * first 448 (max) bytes of a 512 byte area.
38 * This layout does not match that written by FNSAVE.
39 * XSAVE: Uses the same layout for the x87 and XMM registers,
40 * followed by a 64byte header and separate save areas
41 * for additional extended cpu state.
42 * The x87 state is always saved, the others conditionally.
43 * XSAVEOPT: As XSAVE but only writes the registers blocks that have been
44 * modified.
45 */
46
47/*
48 * Layout for code/data pointers relating to FP exceptions. Marked 'packed'
49 * because they aren't always 64bit aligned. Since the x86 cpu supports
50 * misaligned accesses it isn't worth avoiding the 'packed' attribute.
51 */
52union fp_addr {
53 uint64_t fa_64; /* Linear address for 64bit systems */
54 struct {
55 uint32_t fa_off; /* linear address for 32 bit */
56 uint16_t fa_seg; /* code/data (etc) segment */
57 uint16_t fa_opcode; /* last opcode (sometimes) */
58 } fa_32;
59} __packed __aligned(4);
60
61/* The x87 registers are 80 bits */
62struct fpacc87 {
63 uint64_t f87_mantissa; /* mantissa */
64 uint16_t f87_exp_sign; /* exponent and sign */
65} __packed __aligned(2);
66
67/* The x87 registers padded out to 16 bytes for fxsave */
68struct fpaccfx {
69 struct fpacc87 r __aligned(16);
70};
71
72/* The SSE/SSE2 registers are 128 bits */
73struct xmmreg {
74 uint8_t xmm_bytes[16];
75};
76
77/* The AVX registers are 256 bits, but the low bits are the xmmregs */
78struct ymmreg {
79 uint8_t ymm_bytes[16];
80};
81
82/*
83 * Floating point unit registers (fsave instruction).
84 * The s87_ac[] and fx_87_ac[] are relative to the stack top.
85 * The 'tag word' contains 2 bits per register and refers to absolute register
86 * numbers.
87 * The cpu sets the tag values 0b01 (zero) and 0b10 (special) when a value
88 * is loaded. The software need only set 0b00 (used) and 0xb11 (unused).
89 * The fxsave 'Abridged tag word' in inverted.
90 */
91struct save87 {
92 uint16_t s87_cw __aligned(4); /* control word */
93 uint16_t s87_sw __aligned(4); /* status word */
94 uint16_t s87_tw __aligned(4); /* tag word */
95 union fp_addr s87_ip; /* floating point instruction pointer */
96#define s87_opcode s87_ip.fa_32.fa_opcode /* opcode last executed (11bits) */
97 union fp_addr s87_dp; /* floating operand offset */
98 struct fpacc87 s87_ac[8]; /* accumulator contents */
99};
100__CTASSERT_NOLINT(sizeof(struct save87) == 108);
101
102/*
103 * FPU/MMX/SSE/SSE2 context
104 */
105struct fxsave {
106 uint16_t fx_cw; /* FPU Control Word */
107 uint16_t fx_sw; /* FPU Status Word */
108 uint8_t fx_tw; /* FPU Tag Word (abridged) */
109 uint16_t fx_opcode; /* FPU Opcode */
110 union fp_addr fx_ip; /* FPU Instruction Pointer */
111 union fp_addr fx_dp; /* FPU Data pointer */
112 uint32_t fx_mxcsr; /* MXCSR Register State */
113 uint32_t fx_mxcsr_mask;
114 struct fpaccfx fx_87_ac[8]; /* 8 x87 registers */
115 struct xmmreg fx_xmm[16]; /* XMM regs (8 in 32bit modes) */
116 uint8_t fx_rsvd[48];
117 uint8_t fx_kernel[48]; /* Not written by the hardware */
118} __aligned(16);
119__CTASSERT_NOLINT(sizeof(struct fxsave) == 512);
120
121/*
122 * The end of the fsave buffer can be used by the operating system
123 */
124struct fxsave_os {
125 uint8_t fxo_fxsave[512 - 48];
126 /* 48 bytes available, NB copied to/from userspace */
127 uint16_t fxo_dflt_cw; /* Control word for signal handlers */
128};
129
130/*
131 * For XSAVE, a 64byte header follows the fxsave data.
132 */
133struct xsave_header {
134 uint64_t xsh_fxsave[64]; /* to align in the union */
135 uint64_t xsh_xstate_bv; /* bitmap of saved sub structures */
136 uint64_t xsh_rsrvd[2]; /* must be zero */
137 uint64_t xsh_reserved[5]; /* best if zero */
138};
139__CTASSERT(sizeof(struct xsave_header) == 512 + 64);
140
141/*
142 * The ymm save area actually follows the xsave_header.
143 */
144struct xsave_ymm {
145 struct ymmreg xs_ymm[16]; /* High bits of YMM registers */
146};
147__CTASSERT(sizeof(struct xsave_ymm) == 256);
148
149/*
150 * The following union is placed at the end of the pcb.
151 * It is defined this way to separate the definitions and to
152 * minimise the number of union/struct selectors.
153 * NB: Some userspace stuff (eg firefox) uses it to parse ucontext.
154 */
155union savefpu {
156 struct save87 sv_87;
157 struct fxsave sv_xmm;
158#ifdef _KERNEL
159 struct fxsave_os sv_os;
160 struct xsave_header sv_xsave_hdr;
161#endif
162};
163
164/*
165 * 80387 control and status word bits
166 *
167 * The only reference I can find to bits 0x40 and 0x80 in the control word
168 * is for the Weitek 1167/3167.
169 * I (dsl) can't find why the default word has 0x40 set.
170 *
171 * A stack error is signalled as an INVOP that also sets STACK_FAULT
172 * (other INVOP do not clear STACK_FAULT).
173 */
174/* Interrupt masks (set masks interrupt) and status bits */
175#define EN_SW_INVOP 0x0001 /* Invalid operation */
176#define EN_SW_DENORM 0x0002 /* Denormalized operand */
177#define EN_SW_ZERODIV 0x0004 /* Divide by zero */
178#define EN_SW_OVERFLOW 0x0008 /* Overflow */
179#define EN_SW_UNDERFLOW 0x0010 /* Underflow */
180#define EN_SW_PRECLOSS 0x0020 /* Loss of precision */
181/* Status word bits (reserved in control word) */
182#define EN_SW_STACK_FAULT 0x0040 /* Stack under/overflow */
183#define EN_SW_ERROR_SUMMARY 0x0080 /* Unmasked error has occurred */
184/* Control bits (badly named) */
185#define EN_SW_CTL_PREC 0x0300 /* Precision control */
186#define EN_SW_PREC_24 0x0000 /* Single precision */
187#define EN_SW_PREC_53 0x0200 /* Double precision */
188#define EN_SW_PREC_64 0x0300 /* Extended precision */
189#define EN_SW_CTL_ROUND 0x0c00 /* Rounding control */
190#define EN_SW_ROUND_EVEN 0x0000 /* Round to nearest even */
191#define EN_SW_ROUND_DOWN 0x0400 /* Round towards minus infinity */
192#define EN_SW_ROUND_UP 0x0800 /* Round towards plus infinity */
193#define EN_SW_ROUND_ZERO 0x0c00 /* Round towards zero (truncates) */
194#define EN_SW_CTL_INF 0x1000 /* Infinity control, not used */
195
196/*
197 * The standard 0x87 control word from finit is 0x37F, giving:
198 * round to nearest
199 * 64-bit precision
200 * all exceptions masked.
201 *
202 * NetBSD used to select:
203 * round to nearest
204 * 53-bit precision
205 * all exceptions masked.
206 * Stating: 64-bit precision often gives bad results with high level
207 * languages because it makes the results of calculations depend on whether
208 * intermediate values are stored in memory or in FPU registers.
209 * Also some 'pathological divisions' give an error in the LSB because
210 * the value is first rounded up when the 64bit mantissa is generated,
211 * and then again when it is truncated to 53 bits.
212 *
213 * However the C language explicitly allows the extra precision.
214 *
215 * The iBCS control word has underflow, overflow, zero divide, and invalid
216 * operation exceptions unmasked. But that causes an unexpected exception
217 * in the test program 'paranoia' and makes denormals useless (DBL_MIN / 2
218 * underflows). It doesn't make a lot of sense to trap underflow without
219 * trapping denormals.
220 */
221#define __INITIAL_NPXCW__ 0x037f
222/* Modern NetBSD uses the default control word.. */
223#define __NetBSD_NPXCW__ __INITIAL_NPXCW__
224/* NetBSD before 6.99.26 forced IEEE double precision. */
225#define __NetBSD_COMPAT_NPXCW__ 0x127f
226/* FreeBSD leaves some exceptions unmasked as well. */
227#define __FreeBSD_NPXCW__ 0x1272
228/* iBCS2 goes a bit further and leaves the underflow exception unmasked. */
229#define __iBCS2_NPXCW__ 0x0262
230/* Linux just uses the default control word. */
231#define __Linux_NPXCW__ __INITIAL_NPXCW__
232/* SVR4 uses the same control word as iBCS2. */
233#define __SVR4_NPXCW__ 0x0262
234
235/*
236 * The default MXCSR value at reset is 0x1f80, IA-32 Instruction
237 * Set Reference, pg. 3-369.
238 *
239 * The low 6 bits of the mxcsr are the fp status bits (same order as x87).
240 * Bit 6 is 'denormals are zero' (speeds up calculations).
241 * Bits 7-16 are the interrupt mask bits (same order, 1 to mask).
242 * Bits 13 and 14 are rounding control.
243 * Bit 15 is 'flush to zero' - affects underflow.
244 * Bits 16-31 must be zero.
245 */
246#define __INITIAL_MXCSR__ 0x1f80
247#define __INITIAL_MXCSR_MASK__ 0xffbf
248
249#endif /* _X86_CPU_EXTENDED_STATE_H_ */
250