Use correct asm! options

This adds some previously omitted options to our inline asm!

Note that instuctions that just push/pop the stack (but otherwise
don't touch memory) can be marked `nomem`. We also don't mark
instuctions as `nomem` if they could modify memory translation:

This includes
  - writing segment registers
  - invlpg/invpcid
  - writing cr2/cr3/cr4
  - writing any MSR

(we still mark these as `nostack` though.

The following are still marked `nomem`:
  - Reading any MSR (as this cannot have a side-effect)
  - Writing XCR0

Signed-off-by: Joe Richey <[email protected]>

Author: josephlr

src/instructions/mod.rs

@@ -14,7 +14,7 @@ pub mod tlb;
 pub fn hlt() {
     unsafe {
         #[cfg(feature = "inline_asm")]
-        asm!("hlt", options(nomem, nostack));
+        asm!("hlt", options(nomem, nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_hlt();
@@ -44,7 +44,7 @@ pub fn nop() {
 #[inline]
 pub fn bochs_breakpoint() {
     unsafe {
-        asm!("xchg bx, bx", options(nomem, nostack));
+        asm!("xchg bx, bx", options(nomem, nostack, preserves_flags));
     }
 }
 
@@ -56,7 +56,7 @@ pub fn read_rip() -> crate::VirtAddr {
     let rip: u64;
     unsafe {
         asm!(
-            "lea {}, [rip]", out(reg) rip, options(nostack, nomem)
+            "lea {}, [rip]", out(reg) rip, options(nostack, nomem, preserves_flags)
         );
     }
     crate::VirtAddr::new(rip)

src/instructions/port.rs

@@ -11,7 +11,7 @@ impl PortRead for u8 {
         #[cfg(feature = "inline_asm")]
         {
             let value: u8;
-            asm!("in al, dx", out("al") value, in("dx") port, options(nomem, nostack));
+            asm!("in al, dx", out("al") value, in("dx") port, options(nomem, nostack, preserves_flags));
             value
         }
         #[cfg(not(feature = "inline_asm"))]
@@ -25,7 +25,7 @@ impl PortRead for u16 {
         #[cfg(feature = "inline_asm")]
         {
             let value: u16;
-            asm!("in ax, dx", out("ax") value, in("dx") port, options(nomem, nostack));
+            asm!("in ax, dx", out("ax") value, in("dx") port, options(nomem, nostack, preserves_flags));
             value
         }
         #[cfg(not(feature = "inline_asm"))]
@@ -39,7 +39,7 @@ impl PortRead for u32 {
         #[cfg(feature = "inline_asm")]
         {
             let value: u32;
-            asm!("in eax, dx", out("eax") value, in("dx") port, options(nomem, nostack));
+            asm!("in eax, dx", out("eax") value, in("dx") port, options(nomem, nostack, preserves_flags));
             value
         }
         #[cfg(not(feature = "inline_asm"))]
@@ -51,7 +51,7 @@ impl PortWrite for u8 {
     #[inline]
     unsafe fn write_to_port(port: u16, value: u8) {
         #[cfg(feature = "inline_asm")]
-        asm!("out dx, al", in("dx") port, in("al") value, options(nomem, nostack));
+        asm!("out dx, al", in("dx") port, in("al") value, options(nomem, nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_write_to_port_u8(port, value);
@@ -62,7 +62,7 @@ impl PortWrite for u16 {
     #[inline]
     unsafe fn write_to_port(port: u16, value: u16) {
         #[cfg(feature = "inline_asm")]
-        asm!("out dx, ax", in("dx") port, in("ax") value, options(nomem, nostack));
+        asm!("out dx, ax", in("dx") port, in("ax") value, options(nomem, nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_write_to_port_u16(port, value);
@@ -73,7 +73,7 @@ impl PortWrite for u32 {
     #[inline]
     unsafe fn write_to_port(port: u16, value: u32) {
         #[cfg(feature = "inline_asm")]
-        asm!("out dx, eax", in("dx") port, in("eax") value, options(nomem, nostack));
+        asm!("out dx, eax", in("dx") port, in("eax") value, options(nomem, nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_write_to_port_u32(port, value);

src/instructions/segmentation.rs

@@ -24,6 +24,7 @@ pub unsafe fn set_cs(sel: SegmentSelector) {
         "1:",
         sel = in(reg) u64::from(sel.0),
         tmp = lateout(reg) _,
+        options(preserves_flags),
     );
 
     #[cfg(not(feature = "inline_asm"))]
@@ -39,7 +40,7 @@ pub unsafe fn set_cs(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn load_ss(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("mov ss, {0:x}", in(reg) sel.0, options(nostack));
+    asm!("mov ss, {0:x}", in(reg) sel.0, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_load_ss(sel.0);
@@ -54,7 +55,7 @@ pub unsafe fn load_ss(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn load_ds(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("mov ds, {0:x}", in(reg) sel.0, options(nostack));
+    asm!("mov ds, {0:x}", in(reg) sel.0, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_load_ds(sel.0);
@@ -69,7 +70,7 @@ pub unsafe fn load_ds(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn load_es(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("mov es, {0:x}", in(reg) sel.0, options(nostack));
+    asm!("mov es, {0:x}", in(reg) sel.0, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_load_es(sel.0);
@@ -84,7 +85,7 @@ pub unsafe fn load_es(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn load_fs(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("mov fs, {0:x}", in(reg) sel.0, options(nostack));
+    asm!("mov fs, {0:x}", in(reg) sel.0, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_load_fs(sel.0);
@@ -99,7 +100,7 @@ pub unsafe fn load_fs(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn load_gs(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("mov gs, {0:x}", in(reg) sel.0, options(nostack));
+    asm!("mov gs, {0:x}", in(reg) sel.0, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_load_gs(sel.0);
@@ -114,7 +115,7 @@ pub unsafe fn load_gs(sel: SegmentSelector) {
 #[inline]
 pub unsafe fn swap_gs() {
     #[cfg(feature = "inline_asm")]
-    asm!("swapgs", options(nostack));
+    asm!("swapgs", options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_swapgs();
@@ -127,7 +128,7 @@ pub fn cs() -> SegmentSelector {
 
     #[cfg(feature = "inline_asm")]
     unsafe {
-        asm!("mov {0:x}, cs", out(reg) segment, options(nostack, nomem));
+        asm!("mov {0:x}, cs", out(reg) segment, options(nomem, nostack, preserves_flags));
     }
     #[cfg(not(feature = "inline_asm"))]
     unsafe {
@@ -149,7 +150,7 @@ pub fn cs() -> SegmentSelector {
 #[inline]
 pub unsafe fn wrfsbase(val: u64) {
     #[cfg(feature = "inline_asm")]
-    asm!("wrfsbase {}", in(reg) val, options(nomem, nostack));
+    asm!("wrfsbase {}", in(reg) val, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_wrfsbase(val);
@@ -165,7 +166,7 @@ pub unsafe fn rdfsbase() -> u64 {
     #[cfg(feature = "inline_asm")]
     {
         let val: u64;
-        asm!("rdfsbase {}", out(reg) val, options(nomem, nostack));
+        asm!("rdfsbase {}", out(reg) val, options(nomem, nostack, preserves_flags));
         val
     }
 
@@ -184,7 +185,7 @@ pub unsafe fn rdfsbase() -> u64 {
 #[inline]
 pub unsafe fn wrgsbase(val: u64) {
     #[cfg(feature = "inline_asm")]
-    asm!("wrgsbase {}", in(reg) val, options(nomem, nostack));
+    asm!("wrgsbase {}", in(reg) val, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_wrgsbase(val);
@@ -200,7 +201,7 @@ pub unsafe fn rdgsbase() -> u64 {
     #[cfg(feature = "inline_asm")]
     {
         let val: u64;
-        asm!("rdgsbase {}", out(reg) val, options(nomem, nostack));
+        asm!("rdgsbase {}", out(reg) val, options(nomem, nostack, preserves_flags));
         val
     }
 

src/instructions/tables.rs

@@ -19,7 +19,7 @@ pub use crate::structures::DescriptorTablePointer;
 #[inline]
 pub unsafe fn lgdt(gdt: &DescriptorTablePointer) {
     #[cfg(feature = "inline_asm")]
-    asm!("lgdt [{}]", in(reg) gdt, options(nostack));
+    asm!("lgdt [{}]", in(reg) gdt, options(readonly, nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_lgdt(gdt as *const _);
@@ -39,7 +39,7 @@ pub unsafe fn lgdt(gdt: &DescriptorTablePointer) {
 #[inline]
 pub unsafe fn lidt(idt: &DescriptorTablePointer) {
     #[cfg(feature = "inline_asm")]
-    asm!("lidt [{}]", in(reg) idt, options(nostack));
+    asm!("lidt [{}]", in(reg) idt, options(readonly, nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_lidt(idt as *const _);
@@ -54,7 +54,7 @@ pub fn sidt() -> DescriptorTablePointer {
     };
     unsafe {
         #[cfg(feature = "inline_asm")]
-        asm!("sidt [{}]", in(reg) &mut idt, options(nostack));
+        asm!("sidt [{}]", in(reg) &mut idt, options(nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_sidt(&mut idt as *mut _);
@@ -72,7 +72,7 @@ pub fn sidt() -> DescriptorTablePointer {
 #[inline]
 pub unsafe fn load_tss(sel: SegmentSelector) {
     #[cfg(feature = "inline_asm")]
-    asm!("ltr {0:x}", in(reg) sel.0, options(nostack, nomem));
+    asm!("ltr {0:x}", in(reg) sel.0, options(nomem, nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_ltr(sel.0);

src/instructions/tlb.rs

@@ -7,7 +7,7 @@ use crate::VirtAddr;
 pub fn flush(addr: VirtAddr) {
     unsafe {
         #[cfg(feature = "inline_asm")]
-        asm!("invlpg [{}]", in(reg) addr.as_u64(), options(nostack));
+        asm!("invlpg [{}]", in(reg) addr.as_u64(), options(nostack, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_invlpg(addr.as_u64());
@@ -96,7 +96,7 @@ pub unsafe fn flush_pcid(command: InvPicdCommand) {
     }
 
     #[cfg(feature = "inline_asm")]
-    asm!("invpcid {1}, [{0}]", in(reg) &desc, in(reg) kind);
+    asm!("invpcid {0}, [{1}]", in(reg) kind, in(reg) &desc, options(nostack, preserves_flags));
 
     #[cfg(not(feature = "inline_asm"))]
     crate::asm::x86_64_asm_invpcid(kind, &desc as *const _ as u64);

src/registers/control.rs

@@ -144,7 +144,7 @@ mod x86_64 {
 
             #[cfg(feature = "inline_asm")]
             unsafe {
-                asm!("mov {}, cr0", out(reg) value, options(nomem));
+                asm!("mov {}, cr0", out(reg) value, options(nomem, nostack, preserves_flags));
             }
             #[cfg(not(feature = "inline_asm"))]
             unsafe {
@@ -182,7 +182,7 @@ mod x86_64 {
         #[inline]
         pub unsafe fn write_raw(value: u64) {
             #[cfg(feature = "inline_asm")]
-            asm!("mov cr0, {}", in(reg) value, options(nostack));
+            asm!("mov cr0, {}", in(reg) value, options(nostack, preserves_flags));
 
             #[cfg(not(feature = "inline_asm"))]
             crate::asm::x86_64_asm_write_cr0(value);
@@ -215,7 +215,7 @@ mod x86_64 {
 
             #[cfg(feature = "inline_asm")]
             unsafe {
-                asm!("mov {}, cr2", out(reg) value, options(nomem));
+                asm!("mov {}, cr2", out(reg) value, options(nomem, nostack, preserves_flags));
             }
             #[cfg(not(feature = "inline_asm"))]
             unsafe {
@@ -242,7 +242,7 @@ mod x86_64 {
 
             #[cfg(feature = "inline_asm")]
             unsafe {
-                asm!("mov {}, cr3", out(reg) value, options(nomem));
+                asm!("mov {}, cr3", out(reg) value, options(nomem, nostack, preserves_flags));
             }
             #[cfg(not(feature = "inline_asm"))]
             unsafe {
@@ -295,7 +295,7 @@ mod x86_64 {
             let value = addr.as_u64() | val as u64;
 
             #[cfg(feature = "inline_asm")]
-            asm!("mov cr3, {}", in(reg) value, options(nostack));
+            asm!("mov cr3, {}", in(reg) value, options(nostack, preserves_flags));
 
             #[cfg(not(feature = "inline_asm"))]
             crate::asm::x86_64_asm_write_cr3(value)
@@ -316,7 +316,7 @@ mod x86_64 {
 
             #[cfg(feature = "inline_asm")]
             unsafe {
-                asm!("mov {}, cr4", out(reg) value, options(nostack));
+                asm!("mov {}, cr4", out(reg) value, options(nomem, nostack, preserves_flags));
             }
             #[cfg(not(feature = "inline_asm"))]
             unsafe {
@@ -356,7 +356,7 @@ mod x86_64 {
         #[inline]
         pub unsafe fn write_raw(value: u64) {
             #[cfg(feature = "inline_asm")]
-            asm!("mov cr4, {}", in(reg) value, options(nostack));
+            asm!("mov cr4, {}", in(reg) value, options(nostack, preserves_flags));
 
             #[cfg(not(feature = "inline_asm"))]
             crate::asm::x86_64_asm_write_cr4(value);

src/registers/model_specific.rs

@@ -121,7 +121,12 @@ mod x86_64 {
             #[cfg(feature = "inline_asm")]
             {
                 let (high, low): (u32, u32);
-                asm!("rdmsr", out("eax") low, out("edx") high, in("ecx") self.0, options(nostack));
+                asm!(
+                    "rdmsr",
+                    in("ecx") self.0,
+                    out("eax") low, out("edx") high,
+                    options(nomem, nostack, preserves_flags),
+                );
                 ((high as u64) << 32) | (low as u64)
             }
 
@@ -141,7 +146,12 @@ mod x86_64 {
             {
                 let low = value as u32;
                 let high = (value >> 32) as u32;
-                asm!("wrmsr", in("ecx") self.0, in("eax") low, in("edx") high, options(nostack))
+                asm!(
+                    "wrmsr",
+                    in("ecx") self.0,
+                    in("eax") low, in("edx") high,
+                    options(nostack, preserves_flags),
+                );
             }
 
             #[cfg(not(feature = "inline_asm"))]

src/registers/rflags.rs

@@ -81,7 +81,7 @@ mod x86_64 {
 
         #[cfg(feature = "inline_asm")]
         unsafe {
-            asm!("pushf; pop {}", out(reg) r);
+            asm!("pushf; pop {}", out(reg) r, options(nomem, preserves_flags));
         }
         #[cfg(not(feature = "inline_asm"))]
         unsafe {
@@ -119,9 +119,10 @@ mod x86_64 {
     /// flags also used by Rust/LLVM can result in undefined behavior too.
     #[inline]
     pub unsafe fn write_raw(val: u64) {
-        // FIXME - There's probably a better way than saying we preserve the flags even though we actually don't
+        // HACK: we mark this function as preserves_flags to prevent Rust from restoring
+        // saved flags after the "popf" below. See above note on safety.
         #[cfg(feature = "inline_asm")]
-        asm!("push {}; popf", in(reg) val, options(preserves_flags));
+        asm!("push {}; popf", in(reg) val, options(nomem, preserves_flags));
 
         #[cfg(not(feature = "inline_asm"))]
         crate::asm::x86_64_asm_write_rflags(val);