WebSVN – Kolibri OS – Diff – /kernel/trunk/core/mtrr.inc

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;                                                              ;;
-;; Copyright (C) KolibriOS team 2004-2012. All rights reserved. ;;
+;; Copyright (C) KolibriOS team 2004-2014. All rights reserved. ;;
 ;; Distributed under terms of the GNU General Public License    ;;
 ;;                                                              ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+$Revision: 4608 $
-$Revision: 4424 $
-align 4
-proc alloc_page
-        pushfd
-        cli
-        push    ebx
-;//-
-        cmp     [pg_data.pages_free], 1
-        jle     .out_of_memory
-;//-
-        mov     ebx, [page_start]
-        mov     ecx, [page_end]
-.l1:
-        bsf     eax, [ebx];
-        jnz     .found
-        add     ebx, 4
-        cmp     ebx, ecx
-        jb      .l1
-        pop     ebx
-        popfd
-        xor     eax, eax
-        ret
-.found:
-;//-
-        dec     [pg_data.pages_free]
-        jz      .out_of_memory
-;//-
-        btr     [ebx], eax
-        mov     [page_start], ebx
-        sub     ebx, sys_pgmap
-        lea     eax, [eax+ebx*8]
-        shl     eax, 12
-;//-       dec [pg_data.pages_free]
-        pop     ebx
-        popfd
-        ret
-;//-
-.out_of_memory:
-        mov     [pg_data.pages_free], 1
-        xor     eax, eax
-        pop     ebx
-        popfd
-        ret
-;//-
-endp
-align 4
-proc alloc_pages stdcall, count:dword
-        pushfd
-        push    ebx
-        push    edi
-        cli
-        mov     eax, [count]
-        add     eax, 7
-        shr     eax, 3
-        mov     [count], eax
-;//-
-        mov     ebx, [pg_data.pages_free]
-        sub     ebx, 9
-        js      .out_of_memory
-        shr     ebx, 3
-        cmp     eax, ebx
-        jg      .out_of_memory
-;//-
-        mov     ecx, [page_start]
-        mov     ebx, [page_end]
-.find:
-        mov     edx, [count]
-        mov     edi, ecx
-.match:
-        cmp     byte [ecx], 0xFF
-        jne     .next
-        dec     edx
-        jz      .ok
-        inc     ecx
-        cmp     ecx, ebx
-        jb      .match
-.out_of_memory:
-.fail:
-        xor     eax, eax
-        pop     edi
-        pop     ebx
-        popfd
-        ret
-.next:
-        inc     ecx
-        cmp     ecx, ebx
-        jb      .find
-        pop     edi
-        pop     ebx
-        popfd
-        xor     eax, eax
-        ret
-.ok:
-        sub     ecx, edi
-        inc     ecx
-        push    esi
-        mov     esi, edi
-        xor     eax, eax
-        rep stosb
-        sub     esi, sys_pgmap
-        shl     esi, 3+12
-        mov     eax, esi
-        mov     ebx, [count]
-        shl     ebx, 3
-        sub     [pg_data.pages_free], ebx
-        pop     esi
-        pop     edi
-        pop     ebx
-        popfd
-        ret
-endp
-align 4
-;proc map_page stdcall,lin_addr:dword,phis_addr:dword,flags:dword
-map_page:
-        push    ebx
-        mov     eax, [esp+12]               ; phis_addr
-        and     eax, not 0xFFF
-        or      eax, [esp+16]              ; flags
-        mov     ebx, [esp+8]               ; lin_addr
-        shr     ebx, 12
-        mov     [page_tabs+ebx*4], eax
-        mov     eax, [esp+8]               ; lin_addr
-        pop     ebx
-        invlpg  [eax]
-        ret     12
-align 4
-map_space:    ;not implemented
-        ret
-align 4
-proc free_page
-;arg:  eax  page address
-        pushfd
-        cli
-        shr     eax, 12                       ;page index
-        bts     dword [sys_pgmap], eax        ;that's all!
-        cmc
-        adc     [pg_data.pages_free], 0
-        shr     eax, 3
-        and     eax, not 3                    ;dword offset from page_map
-        add     eax, sys_pgmap
-        cmp     [page_start], eax
-        ja      @f
-        popfd
-        ret
-@@:
-        mov     [page_start], eax
-        popfd
-        ret
-endp
-align 4
-proc map_io_mem stdcall, base:dword, size:dword, flags:dword
-        push    ebx
-        push    edi
-        mov     eax, [size]
-        add     eax, [base]
-        add     eax, 4095
-        and     eax, -4096
-        mov     ecx, [base]
-        and     ecx, -4096
-        sub     eax, ecx
-        mov     [size], eax
-        stdcall alloc_kernel_space, eax
-        test    eax, eax
-        jz      .fail
-        push    eax
-        mov     edi, 0x1000
-        mov     ebx, eax
-        mov     ecx, [size]
-        mov     edx, [base]
-        shr     eax, 12
-        shr     ecx, 12
-        and     edx, -4096
-        or      edx, [flags]
-@@:
-        mov     [page_tabs+eax*4], edx
-        invlpg  [ebx]
-        inc     eax
-        add     ebx, edi
-        add     edx, edi
-        loop    @B
-        pop     eax
-        mov     edx, [base]
-        and     edx, 4095
-        add     eax, edx
-.fail:
-        pop     edi
-        pop     ebx
-        ret
-endp
-; param
-;  eax= page base + page flags
-;  ebx= linear address
-;  ecx= count
-align 4
-commit_pages:
-        test    ecx, ecx
-        jz      .fail
-        push    edi
-        push    eax
-        push    ecx
-        mov     ecx, pg_data.mutex
-        call    mutex_lock
-        pop     ecx
-        pop     eax
-        mov     edi, ebx
-        shr     edi, 12
-        lea     edi, [page_tabs+edi*4]
-@@:
-        stosd
-        invlpg  [ebx]
-        add     eax, 0x1000
-        add     ebx, 0x1000
-        loop    @B
-        pop     edi
-        mov     ecx, pg_data.mutex
-        call    mutex_unlock
-.fail:
-        ret
-; param
-;  eax= base
-;  ecx= count
-align 4
-release_pages:
-        push    ebp
-        push    esi
-        push    edi
-        push    ebx
-        mov     esi, eax
-        mov     edi, eax
-        shr     esi, 12
-        lea     esi, [page_tabs+esi*4]
-        push    ecx
-        mov     ecx, pg_data.mutex
-        call    mutex_lock
-        pop     ecx
-        mov     ebp, [pg_data.pages_free]
-        mov     ebx, [page_start]
-        mov     edx, sys_pgmap
-@@:
-        xor     eax, eax
-        xchg    eax, [esi]
-        invlpg  [edi]
-        test    eax, 1
-        jz      .next
-        shr     eax, 12
-        bts     [edx], eax
-        cmc
-        adc     ebp, 0
-        shr     eax, 3
-        and     eax, -4
-        add     eax, edx
-        cmp     eax, ebx
-        jae     .next
-        mov     ebx, eax
-.next:
-        add     edi, 0x1000
-        add     esi, 4
-        loop    @B
-        mov     [pg_data.pages_free], ebp
-        mov     ecx, pg_data.mutex
-        call    mutex_unlock
-        pop     ebx
-        pop     edi
-        pop     esi
-        pop     ebp
-        ret
-; param
-;  eax= base
-;  ecx= count
-align 4
-unmap_pages:
-        push    edi
-        mov     edi, eax
-        mov     edx, eax
-        shr     edi, 10
-        add     edi, page_tabs
-        xor     eax, eax
-@@:
-        stosd
-        invlpg  [edx]
-        add     edx, 0x1000
-        loop    @b
-        pop     edi
-        ret
-align 4
-proc map_page_table stdcall, lin_addr:dword, phis_addr:dword
-        push    ebx
-        mov     ebx, [lin_addr]
-        shr     ebx, 22
-        mov     eax, [phis_addr]
-        and     eax, not 0xFFF
-        or      eax, PG_UW        ;+PG_NOCACHE
-        mov     dword [master_tab+ebx*4], eax
-        mov     eax, [lin_addr]
-        shr     eax, 10
-        add     eax, page_tabs
-        invlpg  [eax]
-        pop     ebx
-        ret
-endp
-align 4
-proc init_LFB
-           locals
-             pg_count dd ?
-           endl
+; Initializes MTRRs.
-        cmp     dword [LFBAddress], -1
-        jne     @f
-        mov     [BOOT_VARS+BOOT_MTRR], byte 2
-; max VGA=640*480*4=1228800 bytes
-; + 32*640*4=81920 bytes for mouse pointer
-        stdcall alloc_pages, ((1228800+81920)/4096)
-        push    eax
-        call    alloc_page
-        stdcall map_page_table, LFB_BASE, eax
-        pop     eax
-        or      eax, PG_UW
-        mov     ebx, LFB_BASE
-; max VGA=640*480*4=1228800 bytes
-; + 32*640*4=81920 bytes for mouse pointer
-        mov     ecx, (1228800+81920)/4096
-        call    commit_pages
-        mov     [LFBAddress], dword LFB_BASE
-        ret
-@@:
-        test    [SCR_MODE], word 0100000000000000b
-        jnz     @f
-        mov     [BOOT_VARS+BOOT_MTRR], byte 2
-        ret
-@@:
-        call    init_mtrr
-        mov     edx, LFB_BASE
-        mov     esi, [LFBAddress]
-        mov     edi, 0x00C00000
-        mov     dword [exp_lfb+4], edx
-        shr     edi, 12
-        mov     [pg_count], edi
-        shr     edi, 10
-        bt      [cpu_caps], CAPS_PSE
-        jnc     .map_page_tables
-        or      esi, PG_LARGE+PG_UW
-        mov     edx, sys_pgdir+(LFB_BASE shr 20)
-@@:
-        mov     [edx], esi
-        add     edx, 4
-        add     esi, 0x00400000
-        dec     edi
-        jnz     @B
-        bt      [cpu_caps], CAPS_PGE
-        jnc     @F
-        or      dword [sys_pgdir+(LFB_BASE shr 20)], PG_GLOBAL
-@@:
-        mov     dword [LFBAddress], LFB_BASE
-        mov     eax, cr3      ;flush TLB
-        mov     cr3, eax
-        ret
-.map_page_tables:
-@@:
-        call    alloc_page
-        stdcall map_page_table, edx, eax
-        add     edx, 0x00400000
-        dec     edi
-        jnz     @B
-        mov     eax, [LFBAddress]
-        mov     edi, page_tabs + (LFB_BASE shr 10)
-        or      eax, PG_UW
-        mov     ecx, [pg_count]
-        cld
-@@:
-        stosd
-        add     eax, 0x1000
-        dec     ecx
-        jnz     @B
-        mov     dword [LFBAddress], LFB_BASE
-        mov     eax, cr3      ;flush TLB
-        mov     cr3, eax
-        ret
-endp
-align 4
-proc new_mem_resize stdcall, new_size:dword
-        push    ebx
-        push    esi
-        push    edi
-        mov     edx, [current_slot]
-        cmp     [edx+APPDATA.heap_base], 0
-        jne     .exit
-        mov     edi, [new_size]
-        add     edi, 4095
-        and     edi, not 4095
-        mov     [new_size], edi
-        mov     esi, [edx+APPDATA.mem_size]
-        add     esi, 4095
-        and     esi, not 4095
 proc init_mtrr
-        cmp     edi, esi
-        ja      .expand
-        je      .exit
-        mov     ebx, edi
-        shr     edi, 12
-        shr     esi, 12
-        mov     ecx, pg_data.mutex
-        call    mutex_lock
+        cmp     [BOOT_VARS+BOOT_MTRR], byte 2
-@@:
-        mov     eax, [app_page_tabs+edi*4]
+        je      .exit
-        test    eax, 1
-        jz      .next
-        mov     dword [app_page_tabs+edi*4], 0
-        invlpg  [ebx]
-        call    free_page
-.next:
-        inc     edi
-        add     ebx, 0x1000
-        cmp     edi, esi
-        jb      @B
-        mov     ecx, pg_data.mutex
-        call    mutex_unlock
+        bt      [cpu_caps], CAPS_MTRR
-.update_size:
-        mov     edx, [current_slot]
-        mov     ebx, [new_size]
-        call    update_mem_size
-.exit:
-        pop     edi
-        pop     esi
-        pop     ebx
-        xor     eax, eax
-        ret
-.expand:
-        mov     ecx, pg_data.mutex
-        call    mutex_lock
-        xchg    esi, edi
-        push    esi                   ;new size
-        push    edi                   ;old size
-        add     edi, 0x3FFFFF
-        and     edi, not(0x3FFFFF)
-        add     esi, 0x3FFFFF
-        and     esi, not(0x3FFFFF)
-        cmp     edi, esi
-        jae     .grow
- @@:
-        call    alloc_page
-        test    eax, eax
-        jz      .exit_fail
-        stdcall map_page_table, edi, eax
-        push    edi
-        shr     edi, 10
-        add     edi, page_tabs
-        mov     ecx, 1024
-        xor     eax, eax
-        cld
-        rep stosd
-        pop     edi
-        add     edi, 0x00400000
-        cmp     edi, esi
-        jb      @B
-.grow:
-        pop     edi                   ;old size
-        pop     ecx                   ;new size
-        shr     edi, 10
-        shr     ecx, 10
-        sub     ecx, edi
-        shr     ecx, 2                ;pages count
-        mov     eax, 2
-        add     edi, app_page_tabs
-        rep stosd
-        mov     ecx, pg_data.mutex
-        call    mutex_unlock
-        jmp     .update_size
-.exit_fail:
-        mov     ecx, pg_data.mutex
-        call    mutex_unlock
-        add     esp, 8
+        jnc     .exit
         pop     edi
-        pop     esi
-        pop     ebx
-        xor     eax, eax
-        inc     eax
-        ret
-endp
+        call    mtrr_reconfigure
-align 4
+        stdcall set_mtrr, [LFBAddress], 0x1000000, MEM_WC
-update_mem_size:
-; in: edx = slot base
-;     ebx = new memory size
+.exit:
-; destroys eax,ecx,edx
-        mov     [APPDATA.mem_size+edx], ebx
-;search threads and update
-;application memory size infomation
-        mov     ecx, [APPDATA.dir_table+edx]
-        mov     eax, 2
+        ret
+endp
-.search_threads:
-;eax = current slot
-;ebx = new memory size
-;ecx = page directory
-        cmp     eax, [TASK_COUNT]
-        jg      .search_threads_end
-        mov     edx, eax
-        shl     edx, 5
-        cmp     word [CURRENT_TASK+edx+TASKDATA.state], 9  ;if slot empty?
-        jz      .search_threads_next
-        shl     edx, 3
-        cmp     [SLOT_BASE+edx+APPDATA.dir_table], ecx      ;if it is our thread?
-        jnz     .search_threads_next
-        mov     [SLOT_BASE+edx+APPDATA.mem_size], ebx      ;update memory size
-.search_threads_next:
-        inc     eax
-        jmp     .search_threads
-.search_threads_end:
-        ret
-; param
-;  eax= linear address
-;
-; retval
-;  eax= phisical page address
-align 4
-get_pg_addr:
-        sub     eax, OS_BASE
+; Helper procedure for mtrr_reconfigure and set_mtrr,
+; called before changes in MTRRs.
-        cmp     eax, 0x400000
-        jb      @f
-        shr     eax, 12
+proc mtrr_begin_change
-        mov     eax, [page_tabs+(eax+(OS_BASE shr 12))*4]
+        mov     eax, cr0
-@@:
-        and     eax, 0xFFFFF000
+        or      eax, 0x60000000 ;disable caching
-        ret
+        mov     cr0, eax
-align 4
+        wbinvd                  ;invalidate cache
-; Now it is called from core/sys32::exc_c (see stack frame there)
-proc page_fault_handler
-    .err_addr   equ ebp-4
+        ret
-        push    ebx               ;save exception number (#PF)
-        mov     ebp, esp
-        mov     ebx, cr2
-        push    ebx               ;that is locals: .err_addr = cr2
-        inc     [pg_data.pages_faults]
-        mov     eax, [pf_err_code]
-        cmp     ebx, OS_BASE      ;ebx == .err_addr
-        jb      .user_space       ;страница в памяти приложения ;
-        cmp     ebx, page_tabs
-        jb      .kernel_space     ;страница в памяти ядра
-        cmp     ebx, kernel_tabs
-        jb      .alloc;.app_tabs  ;таблицы страниц приложения ;
+endp
-                                  ;просто создадим одну
-if 0 ;пока это просто лишнее
-        cmp     ebx, LFB_BASE
-        jb      .core_tabs        ;таблицы страниц ядра
-                                  ;Ошибка
-  .lfb:
                                   ;область LFB
-                                  ;Ошибка
-        jmp     .fail
-end if
-.core_tabs:
-.fail:  ;simply return to caller
-        mov     esp, ebp
-        pop     ebx               ;restore exception number (#PF)
-        ret
-;        xchg bx, bx
-;        add     esp,12 ;clear in stack: locals(.err_addr) + #PF + ret_to_caller
-;        restore_ring3_context
-;        iretd
-.user_space:
-        test    eax, PG_MAP
-        jnz     .err_access       ;Страница присутствует
-                                  ;Ошибка доступа ?
-        shr     ebx, 12
-        mov     ecx, ebx
-        shr     ecx, 10
-        mov     edx, [master_tab+ecx*4]
-        test    edx, PG_MAP
-        jz      .fail             ;таблица страниц не создана
-                                  ;неверный адрес в программе
-        mov     eax, [page_tabs+ebx*4]
-        test    eax, 2
-        jz      .fail             ;адрес не зарезервирован для ;
-                                  ;использования. Ошибка
-.alloc:
-        call    alloc_page
-        test    eax, eax
-        jz      .fail
-        stdcall map_page, [.err_addr], eax, PG_UW
-        mov     edi, [.err_addr]
-        and     edi, 0xFFFFF000
-        mov     ecx, 1024
-        xor     eax, eax
-       ;cld     ;caller is duty for this
-        rep stosd
-.exit:  ;iret with repeat fault instruction
-        add     esp, 12;clear in stack: locals(.err_addr) + #PF + ret_to_caller
-        restore_ring3_context
-        iretd
-.err_access:
-; access denied? this may be a result of copy-on-write protection for DLL
-; check list of HDLLs
-        and     ebx, not 0xFFF
-        mov     eax, [CURRENT_TASK]
-        shl     eax, 8
-        mov     eax, [SLOT_BASE+eax+APPDATA.dlls_list_ptr]
-        test    eax, eax
-        jz      .fail
-        mov     esi, [eax+HDLL.fd]
-.scan_hdll:
-        cmp     esi, eax
-        jz      .fail
-        mov     edx, ebx
-        sub     edx, [esi+HDLL.base]
-        cmp     edx, [esi+HDLL.size]
-        jb      .fault_in_hdll
-.scan_hdll.next:
-        mov     esi, [esi+HDLL.fd]
-        jmp     .scan_hdll
-.fault_in_hdll:
-; allocate new page, map it as rw and copy data
-        call    alloc_page
-        test    eax, eax
-        jz      .fail
-        stdcall map_page, ebx, eax, PG_UW
-        mov     edi, ebx
-        mov     ecx, 1024
-        sub     ebx, [esi+HDLL.base]
-        mov     esi, [esi+HDLL.parent]
-        mov     esi, [esi+DLLDESCR.data]
-        add     esi, ebx
-        rep movsd
-        jmp     .exit
-.kernel_space:
-        test    eax, PG_MAP
-        jz      .fail   ;страница не присутствует
-        test    eax, 12 ;U/S (+below)
-        jnz     .fail   ;приложение обратилось к памяти
-                        ;ядра
-       ;test    eax, 8
-       ;jnz     .fail   ;установлен зарезервированный бит
-                        ;в таблицах страниц. добавлено в P4/Xeon
-;попытка записи в защищённую страницу ядра
-        cmp     ebx, tss._io_map_0
-        jb      .fail
-        cmp     ebx, tss._io_map_0+8192
-        jae     .fail
-; io permission map
-; copy-on-write protection
-        call    alloc_page
-        test    eax, eax
-        jz      .fail
-        push    eax
-        stdcall map_page, [.err_addr], eax, dword PG_SW
-        pop     eax
-        mov     edi, [.err_addr]
-        and     edi, -4096
-        lea     esi, [edi+(not tss._io_map_0)+1]; -tss._io_map_0
-        mov     ebx, esi
-        shr     ebx, 12
-        mov     edx, [current_slot]
-        or      eax, PG_SW
+; Helper procedure for mtrr_reconfigure and set_mtrr,
-        mov     [edx+APPDATA.io_map+ebx*4], eax
+; called after changes in MTRRs.
+proc mtrr_end_change
-        add     esi, [default_io_map]
-        mov     ecx, 4096/4
+        wbinvd                  ;again invalidate
-       ;cld     ;caller is duty for this
+        mov     eax, cr0
-        rep movsd
+        and     eax, not 0x60000000
-        jmp     .exit
+        mov     cr0, eax        ; enable caching
-endp
+        ret
-; returns number of mapped bytes
+endp
-proc map_mem stdcall, lin_addr:dword,slot:dword,\
-                      ofs:dword,buf_size:dword,req_access:dword
+; Some limits to number of structures located in the stack.
+MAX_USEFUL_MTRRS = 16
-        push    0 ; initialize number of mapped bytes
+MAX_RANGES = 16
-        cmp     [buf_size], 0
-        jz      .exit
+; mtrr_reconfigure keeps a list of MEM_WB ranges.
+; This structure describes one item in the list.
+struct mtrr_range
+next            dd      ?       ; next item
-        mov     eax, [slot]
+start           dq      ?       ; first byte
-        shl     eax, 8
+length          dq      ?       ; length in bytes
-        mov     eax, [SLOT_BASE+eax+APPDATA.dir_table]
+ends
-        and     eax, 0xFFFFF000
-        stdcall map_page, [ipc_pdir], eax, PG_UW
-        mov     ebx, [ofs]
+uglobal
-        shr     ebx, 22
+align 4
-        mov     esi, [ipc_pdir]
+num_variable_mtrrs      dd      0       ; number of variable-range MTRRs
-        mov     edi, [ipc_ptab]
-        mov     eax, [esi+ebx*4]
+endg
-        and     eax, 0xFFFFF000
-        jz      .exit
-        stdcall map_page, edi, eax, PG_UW
-;           inc ebx
+; Helper procedure for MTRR initialization.
-;           add edi, 0x1000
+; Takes MTRR configured by BIOS and tries to recongifure them
-;           mov eax, [esi+ebx*4]
+; in order to allow non-UC data at top of 4G memory.
-;           test eax, eax
+; Example: if low part of physical memory is 3.5G = 0xE0000000 bytes wide,
-;           jz @f
+; BIOS can configure two MTRRs so that the first MTRR describes [0, 4G) as WB
-;          and eax, 0xFFFFF000
+; and the second MTRR describes [3.5G, 4G) as UC;
-;           stdcall map_page, edi, eax
+; WB+UC=UC, so the resulting memory map would be as needed,
-@@:
+; but in this configuration our attempts to map LFB at (say) 0xE8000000 as WC
-        mov     edi, [lin_addr]
+; would be ignored, WB+UC+WC is still UC.
-        and     edi, 0xFFFFF000
+; So we must keep top of 4G memory not covered by MTRRs,
-        mov     ecx, [buf_size]
-        add     ecx, 4095
+; using three WB MTRRs [0,2G) + [2G,3G) + [3G,3.5G),
-        shr     ecx, 12
+; this gives the same memory map, but allows to add further entries.
-        inc     ecx
+; See mtrrtest.asm for detailed input/output from real hardware+BIOS.
-        mov     edx, [ofs]
+proc mtrr_reconfigure
-        shr     edx, 12
+        push    ebp     ; we're called from init_LFB, and it feels hurt when ebp is destroyed
-        and     edx, 0x3FF
-        mov     esi, [ipc_ptab]
-.map:
-        stdcall safe_map_page, [slot], [req_access], [ofs]
+; 1. Prepare local variables.
-        jnc     .exit
-        add     dword [ebp-4], 4096
+; 1a. Create list of MAX_RANGES free (aka not yet allocated) ranges.
-        add     [ofs], 4096
+        xor     eax, eax
-        dec     ecx
-        jz      .exit
-        add     edi, 0x1000
-        inc     edx
+        lea     ecx, [eax+MAX_RANGES]
+.init_ranges:
+        sub     esp, sizeof.mtrr_range - 4
+        push    eax
+        mov     eax, esp
+        dec     ecx
+        jnz     .init_ranges
-        cmp     edx, 0x400
+        mov     eax, esp
-        jnz     .map
+; 1b. Fill individual local variables.
+        xor     edx, edx
-        inc     ebx
+        sub     esp, MAX_USEFUL_MTRRS * 16      ; .mtrrs
+        push    edx             ; .mtrrs_end
-        mov     eax, [ipc_pdir]
+        push    edx             ; .num_used_mtrrs
-        mov     eax, [eax+ebx*4]
+        push    eax             ; .first_free_range
-        and     eax, 0xFFFFF000
+        push    edx             ; .first_range: no ranges yet
-        jz      .exit
-        stdcall map_page, esi, eax, PG_UW
+        mov     cl, [cpu_phys_addr_width]
-        xor     edx, edx
+        or      eax, -1
-        jmp     .map
+        shl     eax, cl ; note: this uses cl&31 = cl-32, not the entire cl
+        push    eax     ; .phys_reserved_mask
+virtual at esp
+.phys_reserved_mask     dd      ?
+.first_range            dd      ?
-.exit:
+.first_free_range       dd      ?
-        pop     eax
+.num_used_mtrrs         dd      ?
-        ret
-endp
+.mtrrs_end              dd      ?
+.mtrrs          rq      MAX_USEFUL_MTRRS * 2
-proc map_memEx stdcall, lin_addr:dword,slot:dword,\
+.local_vars_size = $ - esp
+end virtual
-                        ofs:dword,buf_size:dword,req_access:dword
-        push    0 ; initialize number of mapped bytes
+; 2. Get the number of variable-range MTRRs from MTRRCAP register.
+; Abort if zero.
-        cmp     [buf_size], 0
+        mov     ecx, 0xFE
+        rdmsr
+        test    al, al
+        jz      .abort
-        jz      .exit
+        mov     byte [num_variable_mtrrs], al
+; 3. Validate MTRR_DEF_TYPE register.
-        mov     eax, [slot]
+        mov     ecx, 0x2FF
-        shl     eax, 8
+        rdmsr
+; If BIOS has not initialized variable-range MTRRs, fallback to step 7.
+        test    ah, 8
-        mov     eax, [SLOT_BASE+eax+APPDATA.dir_table]
+        jz      .fill_ranges_from_memory_map
-        and     eax, 0xFFFFF000
+; If the default memory type (not covered by MTRRs) is not UC,
+; then probably BIOS did something strange, so it is better to exit immediately
-        stdcall map_page, [proc_mem_pdir], eax, PG_UW
+; hoping for the best.
-        mov     ebx, [ofs]
-        shr     ebx, 22
+        cmp     al, MEM_UC
-        mov     esi, [proc_mem_pdir]
+        jnz     .abort
-        mov     edi, [proc_mem_tab]
+; 4. Validate all variable-range MTRRs
-        mov     eax, [esi+ebx*4]
+; and copy configured MTRRs to the local array [.mtrrs].
-        and     eax, 0xFFFFF000
+; 4a. Prepare for the loop over existing variable-range MTRRs.
-        test    eax, eax
+        mov     ecx, 0x200
-        jz      .exit
+        lea     edi, [.mtrrs]
-        stdcall map_page, edi, eax, PG_UW
+.get_used_mtrrs_loop:
+; 4b. For every MTRR, read PHYSBASEn and PHYSMASKn.
-@@:
+; In PHYSBASEn, clear upper bits and copy to ebp:ebx.
-        mov     edi, [lin_addr]
+        rdmsr
-        and     edi, 0xFFFFF000
+        or      edx, [.phys_reserved_mask]
-        mov     ecx, [buf_size]
-        add     ecx, 4095
-        shr     ecx, 12
+        xor     edx, [.phys_reserved_mask]
-        inc     ecx
+        mov     ebp, edx
+        mov     ebx, eax
-        mov     edx, [ofs]
+        inc     ecx
-        shr     edx, 12
+; If PHYSMASKn is not active, ignore this MTRR.
-        and     edx, 0x3FF
+        rdmsr
-        mov     esi, [proc_mem_tab]
+        inc     ecx
-.map:
-        stdcall safe_map_page, [slot], [req_access], [ofs]
+        test    ah, 8
-        jnc     .exit
-        add     dword [ebp-4], 0x1000
-        add     edi, 0x1000
-        add     [ofs], 0x1000
+        jz      .get_used_mtrrs_next
-        inc     edx
+; 4c. For every active MTRR, check that number of local entries is not too large.
-        dec     ecx
+        inc     [.num_used_mtrrs]
-        jnz     .map
+        cmp     [.num_used_mtrrs], MAX_USEFUL_MTRRS
-.exit:
+        ja      .abort
-        pop     eax
+; 4d. For every active MTRR, store PHYSBASEn with upper bits cleared.
-        ret
+; This contains the MTRR base and the memory type in low byte.
-endp
+        mov     [edi], ebx
+        mov     [edi+4], ebp
-; in: esi+edx*4 = pointer to page table entry
+; 4e. For every active MTRR, check that the range is continuous:
-; in: [slot], [req_access], [ofs] on the stack
+; PHYSMASKn with upper bits set must be negated power of two, and
-; in: edi = linear address to map
-; out: CF cleared <=> failed
-; destroys: only eax
+; low bits of PHYSBASEn must be zeroes:
-proc safe_map_page stdcall, slot:dword, req_access:dword, ofs:dword
+; PHYSMASKn = 1...10...0,
-        mov     eax, [esi+edx*4]
-        test    al, PG_MAP
+; PHYSBASEn = x...x0...0,
-        jz      .not_present
+; this defines a continuous range from x...x0...0 to x...x1...1,
-        test    al, PG_WRITE
+; length = 10...0 = negated PHYSMASKn.
-        jz      .resolve_readonly
+; Store length in the local array.
-; normal case: writable page, just map with requested access
+        and     eax, not 0xFFF
-.map:
+        or      edx, [.phys_reserved_mask]
-        stdcall map_page, edi, eax, [req_access]
+        mov     dword [edi+8], 0
-        stc
+        mov     dword [edi+12], 0
-.fail:
+        sub     [edi+8], eax
-        ret
+        sbb     [edi+12], edx
-.not_present:
+; (x and -x) is the maximum power of two that divides x.
-; check for alloc-on-demand page
+; Condition for powers of two: (x and -x) equals x.
-        test    al, 2
+        and     eax, [edi+8]
-        jz      .fail
+        and     edx, [edi+12]
-; allocate new page, save it to source page table
-        push    ecx
-        call    alloc_page
-        pop     ecx
+        cmp     eax, [edi+8]
-        test    eax, eax
+        jnz     .abort
-        jz      .fail
+        cmp     edx, [edi+12]
-        or      al, PG_UW
+        jnz     .abort
-        mov     [esi+edx*4], eax
+        sub     eax, 1
-        jmp     .map
+        sbb     edx, 0
-.resolve_readonly:
+        and     eax, not 0xFFF
-; readonly page, probably copy-on-write
+        and     eax, ebx
-; check: readonly request of readonly page is ok
+        jnz     .abort
-        test    [req_access], PG_WRITE
+        and     edx, ebp
-        jz      .map
+        jnz     .abort
-; find control structure for this page
-        pushf
+; 4f. For every active MTRR, validate memory type: it must be either WB or UC.
-        cli
-        cld
+        add     edi, 16
-        push    ebx ecx
+        cmp     bl, MEM_UC
-        mov     eax, [slot]
-        shl     eax, 8
-        mov     eax, [SLOT_BASE+eax+APPDATA.dlls_list_ptr]
+        jz      .get_used_mtrrs_next
-        test    eax, eax
+        cmp     bl, MEM_WB
-        jz      .no_hdll
+        jnz     .abort
-        mov     ecx, [eax+HDLL.fd]
+.get_used_mtrrs_next:
-.scan_hdll:
-        cmp     ecx, eax
-        jz      .no_hdll
-        mov     ebx, [ofs]
-        and     ebx, not 0xFFF
-        sub     ebx, [ecx+HDLL.base]
-        cmp     ebx, [ecx+HDLL.size]
-        jb      .hdll_found
+; 4g. Repeat the loop at 4b-4f for all [num_variable_mtrrs] entries.
-        mov     ecx, [ecx+HDLL.fd]
-        jmp     .scan_hdll
-.no_hdll:
-        pop     ecx ebx
-        popf
-        clc
-        ret
-.hdll_found:
+        mov     eax, [num_variable_mtrrs]
-; allocate page, save it in page table, map it, copy contents from base
-        mov     eax, [ecx+HDLL.parent]
-        add     ebx, [eax+DLLDESCR.data]
+        lea     eax, [0x200+eax*2]
-        call    alloc_page
+        cmp     ecx, eax
-        test    eax, eax
+        jb      .get_used_mtrrs_loop
-        jz      .no_hdll
-        or      al, PG_UW
-        mov     [esi+edx*4], eax
-        stdcall map_page, edi, eax, [req_access]
-        push    esi edi
-        mov     esi, ebx
-        mov     ecx, 4096/4
-        rep movsd
-        pop     edi esi
-        pop     ecx ebx
-        popf
-        stc
-        ret
-endp
-sys_IPC:
-;input:
-;  ebx=1 - set ipc buffer area
-;    ecx=address of buffer
-;    edx=size of buffer
-;  eax=2 - send message
-;    ebx=PID
-;    ecx=address of message
-;    edx=size of message
-        dec     ebx
+; 4h. If no active MTRRs were detected, fallback to step 7.
-        jnz     @f
+        cmp     [.num_used_mtrrs], 0
+        jz      .fill_ranges_from_memory_map
-        mov     eax, [current_slot]
-        pushf
-        cli
+        mov     [.mtrrs_end], edi
-        mov     [eax+APPDATA.ipc_start], ecx    ;set fields in extended information area
+; 5. Generate sorted list of ranges marked as WB.
-        mov     [eax+APPDATA.ipc_size], edx
-        add     edx, ecx
-        add     edx, 4095
-        and     edx, not 4095
+; 5a. Prepare for the loop over configured MTRRs filled at step 4.
-.touch:
-        mov     eax, [ecx]
-        add     ecx, 0x1000
-        cmp     ecx, edx
-        jb      .touch
-        popf
-        mov     [esp+32], ebx   ;ebx=0
+        lea     ecx, [.mtrrs]
-        ret
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;2
-@@:
-        dec     ebx
-        jnz     @f
-        stdcall sys_ipc_send, ecx, edx, esi
-        mov     [esp+32], eax
-        ret
+.fill_wb_ranges:
-@@:
-        or      eax, -1
+; 5b. Ignore non-WB MTRRs.
-        mov     [esp+32], eax
+        mov     ebx, [ecx]
-        ret
-;align 4
-;proc set_ipc_buff
-;           mov  eax,[current_slot]
-;           pushf
-;           cli
-;           mov  [eax+APPDATA.ipc_start],ebx     ;set fields in extended information area
-;           mov  [eax+APPDATA.ipc_size],ecx
+        cmp     bl, MEM_WB
-;
-;           add ecx, ebx
-;           add ecx, 4095
-;           and ecx, not 4095
-;
-;.touch:    mov eax, [ebx]
-;           add ebx, 0x1000
-;           cmp ebx, ecx
-;           jb  .touch
-;
-;           popf
-;           xor eax, eax
-;           ret
-;endp
-proc sys_ipc_send stdcall, PID:dword, msg_addr:dword, msg_size:dword
-           locals
-             dst_slot   dd ?
+        jnz     .next_wb_range
-             dst_offset dd ?
-             buf_size   dd ?
-             used_buf   dd ?
-           endl
-        pushf
-        cli
         mov     ebp, [ecx+4]
-        ret
+        mov     edi, [.first_range]
+        cmp     dword [edi+mtrr_range.start], eax
+        jnz     .abort
+        cmp     dword [edi+mtrr_range.start+4], eax
+        jnz     .abort
+        cmp     dword [edi+mtrr_range.length+4], eax
+        jnz     .abort
+        mov     edx, [edi+mtrr_range.next]
+        test    edx, edx
-.ipc_blocked:
+        jz      @f
+        cmp     dword [edx+mtrr_range.start], eax
+        jnz     .abort
+        cmp     dword [edx+mtrr_range.start+4], 1
+        jnz     .abort
+        cmp     [edx+mtrr_range.next], eax
+        jnz     .abort
+@@:
+; 8b. Initialize: no MTRRs filled.
+        mov     [.num_used_mtrrs], eax
+        lea     esi, [.mtrrs]
+.range2mtrr_loop:
+; 8c. If we are dealing with upper-memory range (after 4G)
+; with length > start, create one WB MTRR with [start,2*start),
+; reset start to 2*start and return to this step.
+; Example: [4G,24G) -> [4G,8G) {returning} + [8G,16G) {returning}
+; + [16G,24G) {advancing to ?}.
+        mov     eax, dword [edi+mtrr_range.length+4]
+        test    eax, eax
+        jz      .less4G
+        mov     edx, dword [edi+mtrr_range.start+4]
+        cmp     eax, edx
+        jb      .start_aligned
+        inc     [.num_used_mtrrs]
+        cmp     [.num_used_mtrrs], MAX_USEFUL_MTRRS
+        ja      .abort
+        mov     dword [esi], MEM_WB
+        mov     dword [esi+4], edx
+        mov     dword [esi+8], 0
+        mov     dword [esi+12], edx
+        add     esi, 16
+        add     dword [edi+mtrr_range.start+4], edx
+        sub     dword [edi+mtrr_range.length+4], edx
+        jnz     .range2mtrr_loop
+        cmp     dword [edi+mtrr_range.length], 0
+        jz      .range2mtrr_next
+.less4G:
+; 8d. If we are dealing with low-memory range (before 4G)
+; and appending a maximal-size hole would create a range covering top of 4G,
+; create a maximal-size WB range and return to this step.
+; Example: for [0,0xBC000000) the following steps would consider
+; variants [0,0x80000000)+(another range to be splitted) and
+; [0,0x100000000)-(another range to be splitted); we forbid the last variant,
+; so the first variant must be used.
+        bsr     ecx, dword [edi+mtrr_range.length]
+        xor     edx, edx
+        inc     edx
+        shl     edx, cl
+        lea     eax, [edx*2]
+        add     eax, dword [edi+mtrr_range.start]
+        jnz     .start_aligned
+        inc     [.num_used_mtrrs]
+        cmp     [.num_used_mtrrs], MAX_USEFUL_MTRRS
+        ja      .abort
+        mov     eax, dword [edi+mtrr_range.start]
+        mov     dword [esi], eax
+        or      dword [esi], MEM_WB
+        mov     dword [esi+4], 0
+        mov     dword [esi+8], edx
+        mov     dword [esi+12], 0
+        add     esi, 16
+        add     dword [edi+mtrr_range.start], edx
+        sub     dword [edi+mtrr_range.length], edx
+        jnz     .less4G
+        jmp     .range2mtrr_next
+.start_aligned:
+; Start is aligned for any allowed length, maximum-size hole is allowed.
+; Select the best MTRR configuration for one range.
+; length=...101101
+; Without hole at the end, we need one WB MTRR for every 1-bit in length:
+; length=...100000 + ...001000 + ...000100 + ...000001
+; We can also append one hole at the end so that one 0-bit (selected by us)
+; becomes 1 and all lower bits become 0 for WB-range:
+; length=...110000 - (...00010 + ...00001)
+; In this way, we need one WB MTRR for every 1-bit higher than the selected bit,
+; one WB MTRR for the selected bit, one UC MTRR for every 0-bit between
+; the selected bit and lowest 1-bit (they become 1-bits after negation)
+; and one UC MTRR for lowest 1-bit.
+; So we need to select 0-bit with the maximal difference
+; (number of 0-bits) - (number of 1-bits) between selected and lowest 1-bit,
+; this equals the gain from using a hole. If the difference is negative for
+; all 0-bits, don't append hole.
+; Note that lowest 1-bit is not included when counting, but selected 0-bit is.
+; 8e. Find the optimal bit position for hole.
-        push    2
+; eax = current difference, ebx = best difference,
-        jmp     .ret
+; ecx = hole bit position, edx = current bit position.
-.buffer_overflow:
-        push    3
-.ret:
-        mov     eax, [used_buf]
-        cmp     eax, [ipc_tmp]
+        xor     eax, eax
-        jz      @f
-        stdcall free_kernel_space, eax
-@@:
-        pop     eax
-        popf
+        xor     ebx, ebx
-        ret
-endp
-align 4
+        xor     ecx, ecx
-sysfn_meminfo:
+        bsf     edx, dword [edi+mtrr_range.length]
+        jnz     @f
-        ;   add ecx, new_app_base
-        cmp     ecx, OS_BASE
+        bsf     edx, dword [edi+mtrr_range.length+4]
-        jae     .fail
+        add     edx, 32
-        mov     eax, [pg_data.pages_count]
+@@:
-        mov     [ecx], eax
-        shl     eax, 12
+        push    edx     ; save position of lowest 1-bit for step 8f
-        mov     [esp+32], eax
+.calc_stat:
-        mov     eax, [pg_data.pages_free]
-        mov     [ecx+4], eax
+        inc     edx
-        mov     eax, [pg_data.pages_faults]
-        mov     [ecx+8], eax
-        mov     eax, [heap_size]
-        mov     [ecx+12], eax
-        mov     eax, [heap_free]
-        mov     [ecx+16], eax
-        mov     eax, [heap_blocks]
-        mov     [ecx+20], eax
-        mov     eax, [free_blocks]
+        cmp     edx, 64
-        mov     [ecx+24], eax
+        jae     .stat_done
-        ret
-.fail:
+        inc     eax     ; increment difference in hope for 1-bit
-        or      dword [esp+32], -1
-        ret
+; Note: bt conveniently works with both .length and .length+4,
-align 4
+; depending on whether edx>=32.
-f68:
-        cmp     ebx, 4
-        jbe     sys_sheduler
-        cmp     ebx, 11
-        jb      .fail
+        bt      dword [edi+mtrr_range.length], edx
-        cmp     ebx, 27
+        jc      .calc_stat
-        ja      .fail
-        jmp     dword [f68call+ebx*4-11*4]
-.11:
-        call    init_heap
-        mov     [esp+32], eax
-        ret
-.12:
-        stdcall user_alloc, ecx
-        mov     [esp+32], eax
-        ret
-.13:
+        dec     eax     ; hope was wrong, decrement difference to correct 'inc'
-        stdcall user_free, ecx
-        mov     [esp+32], eax
-        ret
+        dec     eax     ; and again, now getting the real difference
-.14:
+        cmp     eax, ebx
-        cmp     ecx, OS_BASE
-        jae     .fail
-        mov     edi, ecx
-        call    get_event_ex
-        mov     [esp+32], eax
-        ret
-.16:
-        test    ecx, ecx
-        jz      .fail
-        cmp     ecx, OS_BASE
-        jae     .fail
-        stdcall get_service, ecx
-        mov     [esp+32], eax
-        ret
-.17:
-        call    srv_handlerEx   ;ecx
-        mov     [esp+32], eax
-        ret
-.19:
-        cmp     ecx, OS_BASE
-        jae     .fail
-        stdcall load_library, ecx
-        mov     [esp+32], eax
-        ret
-.20:
-        mov     eax, edx
-        mov     ebx, ecx
-        call    user_realloc            ;in: eax = pointer, ebx = new size
-        mov     [esp+32], eax
-        ret
-.21:
-        cmp     ecx, OS_BASE
-        jae     .fail
-        cmp     edx, OS_BASE
-        jae     .fail
-        stdcall load_pe_driver, ecx, edx
-        mov     [esp+32], eax
-        ret
-.22:
-        cmp     ecx, OS_BASE
-        jae     .fail
-        stdcall shmem_open, ecx, edx, esi
-        mov     [esp+24], edx
-        mov     [esp+32], eax
-        ret
-.23:
-        cmp     ecx, OS_BASE
-        jae     .fail
-        stdcall shmem_close, ecx
-        mov     [esp+32], eax
-        ret
-.24:
-        mov     eax, [current_slot]
-        xchg    ecx, [eax+APPDATA.exc_handler]
-        xchg    edx, [eax+APPDATA.except_mask]
-        mov     [esp+32], ecx ; reg_eax+8
-        mov     [esp+20], edx ; reg_ebx+8
-        ret
+        jle     .calc_stat
-.25:
+        mov     ebx, eax
-        cmp     ecx, 32
-        jae     .fail
-        mov     eax, [current_slot]
+        mov     ecx, edx
-        btr     [eax+APPDATA.except_mask], ecx
+        jmp     .calc_stat
+.stat_done:
-        setc    byte[esp+32]
+; 8f. If we decided to create a hole, flip all bits between lowest and selected.
-        jecxz   @f
-        bts     [eax+APPDATA.except_mask], ecx
+        pop     edx     ; restore position of lowest 1-bit saved at step 8e
+        test    ecx, ecx
-@@:
+        jz      .fill_hi_init
+@@:
+        inc     edx
-        ret
+        cmp     edx, ecx
-.26:
+        ja      .fill_hi_init
+        btc     dword [edi+mtrr_range.length], edx
-        stdcall user_unmap, ecx, edx, esi
+        jmp     @b
+.fill_hi_init:
-        mov     [esp+32], eax
+; 8g. Create MTRR ranges corresponding to upper 32 bits.
+        sub     ecx, 32
-        ret
+.fill_hi_loop:
-.27:
-        cmp     ecx, OS_BASE
+        bsr     edx, dword [edi+mtrr_range.length+4]
-        jae     .fail
+        jz      .fill_hi_done
+        inc     [.num_used_mtrrs]
-        stdcall load_file_umode, ecx
-        mov     [esp+24], edx
-        mov     [esp+32], eax
-        ret
+        cmp     [.num_used_mtrrs], MAX_USEFUL_MTRRS
-.fail:
+        ja      .abort
-        xor     eax, eax
+        mov     eax, dword [edi+mtrr_range.start]
-        mov     [esp+32], eax
+        mov     [esi], eax
-        ret
+        mov     eax, dword [edi+mtrr_range.start+4]
+        mov     [esi+4], eax
+        xor     eax, eax
-align 4
+        mov     [esi+8], eax
-f68call:   ; keep this table closer to main code
+        bts     eax, edx
+        mov     [esi+12], eax
+        cmp     edx, ecx
-           dd f68.11   ; init_heap
+        jl      .fill_hi_uc
-           dd f68.12   ; user_alloc
+        or      dword [esi], MEM_WB
-           dd f68.13   ; user_free
+        add     dword [edi+mtrr_range.start+4], eax
-           dd f68.14   ; get_event_ex
+        jmp     @f
-           dd f68.fail ; moved to f68.24
+.fill_hi_uc:
+        sub     dword [esi+4], eax
-           dd f68.16   ; get_service
+        sub     dword [edi+mtrr_range.start+4], eax
-           dd f68.17   ; call_service
+@@:
-           dd f68.fail ; moved to f68.25
+        add     esi, 16
-           dd f68.19   ; load_dll
-           dd f68.20   ; user_realloc
-           dd f68.21   ; load_driver
-           dd f68.22   ; shmem_open
+        sub     dword [edi+mtrr_range.length], eax
-           dd f68.23   ; shmem_close
+        jmp     .fill_hi_loop
-           dd f68.24   ; set exception handler
-           dd f68.25   ; unmask exception
+.fill_hi_done:
-           dd f68.26   ; user_unmap
+; 8h. Create MTRR ranges corresponding to lower 32 bits.
-           dd f68.27   ; load_file_umode
+        add     ecx, 32
+.fill_lo_loop:
-align 4
+        bsr     edx, dword [edi+mtrr_range.length]
-proc load_pe_driver stdcall, file:dword, cmdline:dword
+        jz      .range2mtrr_next
-        push    esi
+        inc     [.num_used_mtrrs]
+        cmp     [.num_used_mtrrs], MAX_USEFUL_MTRRS
-        stdcall load_PE, [file]
+        ja      .abort
-        test    eax, eax
+        mov     eax, dword [edi+mtrr_range.start]
-        jz      .fail
+        mov     [esi], eax
-        mov     esi, eax
+        mov     eax, dword [edi+mtrr_range.start+4]
-        push    [cmdline]
+        mov     [esi+4], eax
-        push    DRV_ENTRY
-        call    eax
-        pop     ecx
+        xor     eax, eax
-        pop     ecx
+        mov     [esi+12], eax
-        test    eax, eax
+        bts     eax, edx
-        jz      .fail
+        mov     [esi+8], eax
-        mov     [eax+SRV.entry], esi
-        pop     esi
-        ret
+        cmp     edx, ecx
-.fail:
+        jl      .fill_lo_uc
-        xor     eax, eax
+        or      dword [esi], MEM_WB
-        pop     esi
+        add     dword [edi+mtrr_range.start], eax
+        jmp     @f
-        ret
+.fill_lo_uc:
-endp
+        sub     dword [esi], eax
-align 4
+        sub     dword [edi+mtrr_range.start], eax
+@@:
+        add     esi, 16
-proc init_mtrr
+        sub     dword [edi+mtrr_range.length], eax
+        jmp     .fill_lo_loop
-        cmp     [BOOT_VARS+BOOT_MTRR], byte 2
+.range2mtrr_next:
-        je      .exit
-        bt      [cpu_caps], CAPS_MTRR
-        jnc     .exit
-        mov     eax, cr0
-        or      eax, 0x60000000 ;disable caching
+; 8i. Repeat the loop at 8c-8h for all ranges.
-        mov     cr0, eax
+        mov     edi, [edi+mtrr_range.next]
-        wbinvd                  ;invalidate cache
+        test    edi, edi
-        mov     ecx, 0x2FF
-        rdmsr                   ;
-; has BIOS already initialized MTRRs?
-        test    ah, 8
-        jnz     .skip_init
-; rarely needed, so mainly placeholder
-; main memory - cached
-        push    eax
+        jnz     .range2mtrr_loop
 ; 9. We have calculated needed MTRRs, now setup them in the CPU.
+; 9a. Abort if number of MTRRs is too large.
+        mov     eax, [num_variable_mtrrs]
+        cmp     [.num_used_mtrrs], eax
+        ja      .abort
-        mov     eax, [MEM_AMOUNT]
+; 9b. Prepare for changes.
-; round eax up to next power of 2
-        dec     eax
-        bsr     ecx, eax
-        mov     ebx, 2
-        shl     ebx, cl
-        dec     ebx
-; base of memory range = 0, type of memory range = MEM_WB
+        call    mtrr_begin_change
+; 9c. Prepare for loop over MTRRs.
+        lea     esi, [.mtrrs]
+        mov     ecx, 0x200
+@@:
+; 9d. For every MTRR, copy PHYSBASEn as is: step 8 has configured
+; start value and type bits as needed.
+        mov     eax, [esi]
+        mov     edx, [esi+4]
-        xor     edx, edx
+        wrmsr
+        inc     ecx
+; 9e. For every MTRR, calculate PHYSMASKn = -(length) or 0x800
+; with upper bits cleared, 0x800 = MTRR is valid.
+        xor     eax, eax
+        xor     edx, edx
-        mov     eax, MEM_WB
+        sub     eax, [esi+8]
-        mov     ecx, 0x200
+        sbb     edx, [esi+12]
-        wrmsr
+        or      eax, 0x800
+        or      edx, [.phys_reserved_mask]
+        xor     edx, [.phys_reserved_mask]
-; mask of memory range = 0xFFFFFFFFF - (size - 1), ebx = size - 1
+        wrmsr
+        inc     ecx
+; 9f. Continue steps 9d and 9e for all MTRRs calculated at step 8.
+        add     esi, 16
-        mov     eax, 0xFFFFFFFF
+        dec     [.num_used_mtrrs]
-        mov     edx, 0x0000000F
+        jnz     @b
-        sub     eax, ebx
+; 9g. Zero other MTRRs.
-        sbb     edx, 0
+        xor     eax, eax
-        or      eax, 0x800
+        xor     edx, edx
-        inc     ecx
+        mov     ebx, [num_variable_mtrrs]
-        wrmsr
+        lea     ebx, [0x200+ebx*2]
-; clear unused MTRRs
-        xor     eax, eax
+@@:
+        cmp     ecx, ebx
+        jae     @f
+        wrmsr
-        xor     edx, edx
+        inc     ecx
-@@:
-        inc     ecx
+        wrmsr
-        wrmsr
+        inc     ecx
-        cmp     ecx, 0x20F
+        jmp     @b
-        jb      @b
+@@:
-; enable MTRRs
-        pop     eax
-        or      ah, 8
+; 9i. Configure MTRR_DEF_TYPE.
-        and     al, 0xF0; default memtype = UC
+        mov     ecx, 0x2FF
-        mov     ecx, 0x2FF
+        rdmsr
+        or      ah, 8   ; enable variable-ranges MTRR
-        wrmsr
+        and     al, 0xF0; default memtype = UC
-.skip_init:
+        wrmsr
         stdcall set_mtrr, [LFBAddress], [LFBSize], MEM_WC
+; 9j. Changes are done.
-        wbinvd                  ;again invalidate
+        call    mtrr_end_change
-        mov     eax, cr0
+.abort:
-        and     eax, not 0x60000000
+        add     esp, .local_vars_size + MAX_RANGES * sizeof.mtrr_range
-        mov     cr0, eax        ; enable caching
+        pop     ebp
+        ret
+endp
-.exit:
-        ret
+; Allocate&set one MTRR for given range.
-endp
+; size must be power of 2 that divides base.
+proc set_mtrr stdcall, base:dword,size:dword,mem_type:dword
 ; find unused register
+        mov     ecx, 0x201
+.scan:
-align 4
+        rdmsr
-proc set_mtrr stdcall, base:dword,size:dword,mem_type:dword
+        dec     ecx
-; find unused register
+        test    ah, 8
-        mov     ecx, 0x201
+        jz      .found
-@@:
+        rdmsr
-        rdmsr
+        test    edx, edx
-        dec     ecx
+        jnz     @f
+        and     eax, not 0xFFF  ; clear reserved bits
-        test    ah, 8
+        cmp     eax, [base]
-        jz      .found
+        jz      .ret
-        rdmsr
+@@:
-        mov     al, 0; clear memory type field
+        add     ecx, 3
-        cmp     eax, [base]
+        mov     eax, [num_variable_mtrrs]
-        jz      .ret
+        lea     eax, [0x200+eax*2]
-        add     ecx, 3
+        cmp     ecx, eax
-        cmp     ecx, 0x210
+        jb      .scan
-        jb      @b
+; no free registers, ignore the call
-; no free registers, ignore the call
+.ret:
-.ret:
+        ret
-        ret
+.found:
-.found:
+; found, write values
+        call    mtrr_begin_change
-; found, write values
+        xor     edx, edx
-        xor     edx, edx
+        mov     eax, [base]
-        mov     eax, [base]
-        or      eax, [mem_type]
-        wrmsr
-        mov     ebx, [size]
-        dec     ebx
-        mov     eax, 0xFFFFFFFF
+        or      eax, [mem_type]
-        mov     edx, 0x00000000
-        sub     eax, ebx
-        sbb     edx, 0
-        or      eax, 0x800
-        inc     ecx
+        wrmsr
-        wrmsr
-        ret
-endp
-align 4
-proc create_ring_buffer stdcall, size:dword, flags:dword
+        mov     al, [cpu_phys_addr_width]
-           locals
-             buf_ptr  dd ?
+        xor     edx, edx
-           endl
+        bts     edx, eax
-        mov     eax, [size]
-        test    eax, eax
+        xor     eax, eax
-        jz      .fail
-        add     eax, eax
-        stdcall alloc_kernel_space, eax
-        test    eax, eax
-        jz      .fail
+        sub     eax, [size]
-        push    ebx
-        mov     [buf_ptr], eax
+        sbb     edx, 0
-        mov     ebx, [size]
-        shr     ebx, 12
-        push    ebx
+        or      eax, 0x800
-        stdcall alloc_pages, ebx
+        inc     ecx
-        pop     ecx
-        test    eax, eax
-        jz      .mm_fail
+        wrmsr
-        push    edi
+        call    mtrr_end_change
+        ret
+endp
-        or      eax, [flags]
+; Helper procedure for mtrr_validate.
-        mov     edi, [buf_ptr]
+; Calculates memory type for given address according to variable-range MTRRs.
-        mov     ebx, [buf_ptr]
+; Assumes that MTRRs are enabled.
+; in: ebx = 32-bit physical address
+; out: eax = memory type for ebx
-        mov     edx, ecx
+proc mtrr_get_real_type
+; 1. Initialize: we have not yet found any MTRRs covering ebx.
+        push    0
+        mov     ecx, 0x201
-        shl     edx, 2
+.mtrr_loop:
+; 2. For every MTRR, check whether it is valid; if not, continue to the next MTRR.
+        rdmsr
+        dec     ecx
-        shr     edi, 10
+        test    ah, 8
+        jz      .next
+; 3. For every valid MTRR, check whether (ebx and PHYSMASKn) == PHYSBASEn,
-@@:
+; excluding low 12 bits.
+        and     eax, ebx
+        push    eax
+        rdmsr
+        test    edx, edx
+        pop     edx
+        jnz     .next
+        xor     edx, eax
+        and     edx, not 0xFFF
+        jnz     .next
+; 4. If so, set the bit corresponding to memory type defined by this MTRR.
+        and     eax, 7
+        bts     [esp], eax
+.next:
+; 5. Continue loop at 2-4 for all variable-range MTRRs.
-        mov     [page_tabs+edi], eax
+        add     ecx, 3
+        mov     eax, [num_variable_mtrrs]
-        mov     [page_tabs+edi+edx], eax
+        lea     eax, [0x200+eax*2]
-        invlpg  [ebx]
+        cmp     ecx, eax
+        jb      .mtrr_loop
+; 6. If no MTRRs cover address in ebx, use default MTRR type from MTRR_DEF_CAP.
+        pop     edx
-        invlpg  [ebx+0x10000]
+        test    edx, edx
-        add     eax, 0x1000
+        jz      .default
-        add     ebx, 0x1000
+; 7. Find&clear 1-bit in edx.
+        bsf     eax, edx
+        btr     edx, eax
+; 8. If there was only one 1-bit, then all MTRRs are consistent, return that bit.
+        test    edx, edx
-        add     edi, 4
+        jz      .nothing
+; Otherwise, return MEM_UC (e.g. WB+UC is UC).
+        xor     eax, eax
+.nothing:
+        ret
+.default:
-        dec     ecx
+        mov     ecx, 0x2FF
+        rdmsr
+        movzx   eax, al
+        ret
+endp
+; If MTRRs are configured improperly, this is not obvious to the user;
+; everything works, but the performance can be horrible.
+; Try to detect this and let the user know that the low performance
+; is caused by some problem and is not a global property of the system.
+; Let's hope he would report it to developers...
+proc mtrr_validate
-        jnz     @B
+; 1. If MTRRs are not supported, they cannot be configured improperly.
+        bt      [cpu_caps], CAPS_MTRR
+        jnc     .exit
+; 2. If variable-range MTRRs are not configured, this is a problem.
+        mov     ecx, 0x2FF
+        rdmsr
+        test    ah, 8
+        jz      .fail
-        mov     eax, [buf_ptr]
+; 3. Get the memory type for address somewhere inside working memory.
-        pop     edi
+; It must be write-back.
-        pop     ebx
+        mov     ebx, 0x27FFFF
-        ret
+        call    mtrr_get_real_type
-.mm_fail:
+        cmp     al, MEM_WB
-        stdcall free_kernel_space, [buf_ptr]
+        jnz     .fail
+; 4. If we're using a mode with LFB,
-        xor     eax, eax
+; get the memory type for last pixel of the framebuffer.
-        pop     ebx
+; It must be write-combined.
-.fail:
+        test    word [SCR_MODE], 0x4000
+        jz      .exit
+        mov     eax, [_display.pitch]
+        mul     [_display.height]
-        ret
+        dec     eax
+; LFB is mapped to virtual address LFB_BASE,
-endp
+; it uses global pages if supported by CPU.
+        mov     ebx, [sys_pgdir+(LFB_BASE shr 20)]
+        test    ebx, PG_LARGE
+        jnz     @f
+        mov     ebx, [page_tabs+(LFB_BASE shr 10)]
-align 4
+@@:
+        and     ebx, not 0xFFF
-proc print_mem
+        add     ebx, eax
+        call    mtrr_get_real_type
+        cmp     al, MEM_WC
-        mov     edi, BOOT_VAR + 0x9104
+        jz      .exit
+; 5. The check at step 4 fails on Bochs:
+; Bochs BIOS configures MTRRs in a strange way not respecting [cpu_phys_addr_width],
+; so mtrr_reconfigure avoids to touch anything.
-        mov     ecx, [edi-4]
+; However, Bochs core ignores MTRRs (keeping them only for rdmsr/wrmsr),
-        test    ecx, ecx
+; so we don't care about proper setting for Bochs.

Subversion Repositories Kolibri OS

(root)/kernel/trunk/core/mtrr.inc – Rev 4424 → 4608