cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

strlen.S (6489B)

      1/* SPDX-License-Identifier: GPL-2.0 */
      2/*
      3 *
      4 * Optimized version of the standard strlen() function
      5 *
      6 *
      7 * Inputs:
      8 *	in0	address of string
      9 *
     10 * Outputs:
     11 *	ret0	the number of characters in the string (0 if empty string)
     12 *	does not count the \0
     13 *
     14 * Copyright (C) 1999, 2001 Hewlett-Packard Co
     15 *	Stephane Eranian <eranian@hpl.hp.com>
     16 *
     17 * 09/24/99 S.Eranian add speculation recovery code
     18 */
     19
     20#include <asm/asmmacro.h>
     21#include <asm/export.h>
     22
     23//
     24//
     25// This is an enhanced version of the basic strlen. it includes a combination
     26// of compute zero index (czx), parallel comparisons, speculative loads and
     27// loop unroll using rotating registers.
     28//
     29// General Ideas about the algorithm:
     30//	  The goal is to look at the string in chunks of 8 bytes.
     31//	  so we need to do a few extra checks at the beginning because the
     32//	  string may not be 8-byte aligned. In this case we load the 8byte
     33//	  quantity which includes the start of the string and mask the unused
     34//	  bytes with 0xff to avoid confusing czx.
     35//	  We use speculative loads and software pipelining to hide memory
     36//	  latency and do read ahead safely. This way we defer any exception.
     37//
     38//	  Because we don't want the kernel to be relying on particular
     39//	  settings of the DCR register, we provide recovery code in case
     40//	  speculation fails. The recovery code is going to "redo" the work using
     41//	  only normal loads. If we still get a fault then we generate a
     42//	  kernel panic. Otherwise we return the strlen as usual.
     43//
     44//	  The fact that speculation may fail can be caused, for instance, by
     45//	  the DCR.dm bit being set. In this case TLB misses are deferred, i.e.,
     46//	  a NaT bit will be set if the translation is not present. The normal
     47//	  load, on the other hand, will cause the translation to be inserted
     48//	  if the mapping exists.
     49//
     50//	  It should be noted that we execute recovery code only when we need
     51//	  to use the data that has been speculatively loaded: we don't execute
     52//	  recovery code on pure read ahead data.
     53//
     54// Remarks:
     55//	- the cmp r0,r0 is used as a fast way to initialize a predicate
     56//	  register to 1. This is required to make sure that we get the parallel
     57//	  compare correct.
     58//
     59//	- we don't use the epilogue counter to exit the loop but we need to set
     60//	  it to zero beforehand.
     61//
     62//	- after the loop we must test for Nat values because neither the
     63//	  czx nor cmp instruction raise a NaT consumption fault. We must be
     64//	  careful not to look too far for a Nat for which we don't care.
     65//	  For instance we don't need to look at a NaT in val2 if the zero byte
     66//	  was in val1.
     67//
     68//	- Clearly performance tuning is required.
     69//
     70//
     71//
     72#define saved_pfs	r11
     73#define	tmp		r10
     74#define base		r16
     75#define orig		r17
     76#define saved_pr	r18
     77#define src		r19
     78#define mask		r20
     79#define val		r21
     80#define val1		r22
     81#define val2		r23
     82
     83GLOBAL_ENTRY(strlen)
     84	.prologue
     85	.save ar.pfs, saved_pfs
     86	alloc saved_pfs=ar.pfs,11,0,0,8 // rotating must be multiple of 8
     87
     88	.rotr v[2], w[2]	// declares our 4 aliases
     89
     90	extr.u tmp=in0,0,3	// tmp=least significant 3 bits
     91	mov orig=in0		// keep trackof initial byte address
     92	dep src=0,in0,0,3	// src=8byte-aligned in0 address
     93	.save pr, saved_pr
     94	mov saved_pr=pr		// preserve predicates (rotation)
     95	;;
     96
     97	.body
     98
     99	ld8 v[1]=[src],8	// must not speculate: can fail here
    100	shl tmp=tmp,3		// multiply by 8bits/byte
    101	mov mask=-1		// our mask
    102	;;
    103	ld8.s w[1]=[src],8	// speculatively load next
    104	cmp.eq p6,p0=r0,r0	// sets p6 to true for cmp.and
    105	sub tmp=64,tmp		// how many bits to shift our mask on the right
    106	;;
    107	shr.u	mask=mask,tmp	// zero enough bits to hold v[1] valuable part
    108	mov ar.ec=r0		// clear epilogue counter (saved in ar.pfs)
    109	;;
    110	add base=-16,src	// keep track of aligned base
    111	or v[1]=v[1],mask	// now we have a safe initial byte pattern
    112	;;
    1131:
    114	ld8.s v[0]=[src],8	// speculatively load next
    115	czx1.r val1=v[1]	// search 0 byte from right
    116	czx1.r val2=w[1]	// search 0 byte from right following 8bytes
    117	;;
    118	ld8.s w[0]=[src],8	// speculatively load next to next
    119	cmp.eq.and p6,p0=8,val1	// p6 = p6 and val1==8
    120	cmp.eq.and p6,p0=8,val2	// p6 = p6 and mask==8
    121(p6)	br.wtop.dptk 1b		// loop until p6 == 0
    122	;;
    123	//
    124	// We must return try the recovery code iff
    125	// val1_is_nat || (val1==8 && val2_is_nat)
    126	//
    127	// XXX Fixme
    128	//	- there must be a better way of doing the test
    129	//
    130	cmp.eq  p8,p9=8,val1	// p6 = val1 had zero (disambiguate)
    131	tnat.nz p6,p7=val1	// test NaT on val1
    132(p6)	br.cond.spnt .recover	// jump to recovery if val1 is NaT
    133	;;
    134	//
    135	// if we come here p7 is true, i.e., initialized for // cmp
    136	//
    137	cmp.eq.and  p7,p0=8,val1// val1==8?
    138	tnat.nz.and p7,p0=val2	// test NaT if val2
    139(p7)	br.cond.spnt .recover	// jump to recovery if val2 is NaT
    140	;;
    141(p8)	mov val1=val2		// the other test got us out of the loop
    142(p8)	adds src=-16,src	// correct position when 3 ahead
    143(p9)	adds src=-24,src	// correct position when 4 ahead
    144	;;
    145	sub ret0=src,orig	// distance from base
    146	sub tmp=8,val1		// which byte in word
    147	mov pr=saved_pr,0xffffffffffff0000
    148	;;
    149	sub ret0=ret0,tmp	// adjust
    150	mov ar.pfs=saved_pfs	// because of ar.ec, restore no matter what
    151	br.ret.sptk.many rp	// end of normal execution
    152
    153	//
    154	// Outlined recovery code when speculation failed
    155	//
    156	// This time we don't use speculation and rely on the normal exception
    157	// mechanism. that's why the loop is not as good as the previous one
    158	// because read ahead is not possible
    159	//
    160	// IMPORTANT:
    161	// Please note that in the case of strlen() as opposed to strlen_user()
    162	// we don't use the exception mechanism, as this function is not
    163	// supposed to fail. If that happens it means we have a bug and the
    164	// code will cause of kernel fault.
    165	//
    166	// XXX Fixme
    167	//	- today we restart from the beginning of the string instead
    168	//	  of trying to continue where we left off.
    169	//
    170.recover:
    171	ld8 val=[base],8	// will fail if unrecoverable fault
    172	;;
    173	or val=val,mask		// remask first bytes
    174	cmp.eq p0,p6=r0,r0	// nullify first ld8 in loop
    175	;;
    176	//
    177	// ar.ec is still zero here
    178	//
    1792:
    180(p6)	ld8 val=[base],8	// will fail if unrecoverable fault
    181	;;
    182	czx1.r val1=val		// search 0 byte from right
    183	;;
    184	cmp.eq p6,p0=8,val1	// val1==8 ?
    185(p6)	br.wtop.dptk 2b		// loop until p6 == 0
    186	;;			// (avoid WAW on p63)
    187	sub ret0=base,orig	// distance from base
    188	sub tmp=8,val1
    189	mov pr=saved_pr,0xffffffffffff0000
    190	;;
    191	sub ret0=ret0,tmp	// length=now - back -1
    192	mov ar.pfs=saved_pfs	// because of ar.ec, restore no matter what
    193	br.ret.sptk.many rp	// end of successful recovery code
    194END(strlen)
    195EXPORT_SYMBOL(strlen)