[somebody_amzn]

To elaborate:

On Darwin, x18 is used as a scratch register in context switches on hardware where Meltdown mitigations are needed.

As such, it is cleaned on each ctx switch on that hardware.

On M1, it's currently usable by applications, but that is not part of the ABI contract and might change at any time without notice.

On Windows, x18 is the TEB (thread environment block) register. It must as such _not_ be touched by apps either.

[NobodyNada]

> On Darwin, x18 is used [...] on hardware where Meltdown mitigations are needed. [...] On M1, it's currently usable by applications

I’m confused. x18 is an ARM register, but I thought Meltdown only affected x86 chips. Were iOS devices vulnerable to Meltdown too? Or did you mean not x18 specifically but some equivalent OS-reserved x86 register?

[somebody_amzn]

Yeah, Meltdown did affect quite some Arm CPUs, including the Cortex-A75 too.

However, due to specific features of the Arm architecture, it was patchable without a significant performance hit.

(see this section: https://siguza.github.io/KTRR/#meltdownspectre-mitigations-1..., which made the need for actually doing a page table switch avoidable)

[NobodyNada]

Interesting, thanks for the link!

[saagarjha]

x18 happens to also be used by Rosetta, and is restored in those cases.