2 * Low-level exception handling code
4 * Copyright (C) 2012 ARM Ltd.
5 * Authors: Catalin Marinas <catalin.marinas@arm.com>
6 * Will Deacon <will.deacon@arm.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include <linux/init.h>
22 #include <linux/linkage.h>
24 #include <asm/alternative.h>
25 #include <asm/assembler.h>
26 #include <asm/asm-offsets.h>
27 #include <asm/cpufeature.h>
28 #include <asm/errno.h>
31 #include <asm/memory.h>
33 #include <asm/ptrace.h>
34 #include <asm/thread_info.h>
35 #include <asm/uaccess.h>
36 #include <asm/asm-uaccess.h>
37 #include <asm/unistd.h>
40 * Context tracking subsystem. Used to instrument transitions
41 * between user and kernel mode.
43 .macro ct_user_exit, syscall = 0
44 #ifdef CONFIG_CONTEXT_TRACKING
45 bl context_tracking_user_exit
48 * Save/restore needed during syscalls. Restore syscall arguments from
49 * the values already saved on stack during kernel_entry.
52 ldp x2, x3, [sp, #S_X2]
53 ldp x4, x5, [sp, #S_X4]
54 ldp x6, x7, [sp, #S_X6]
60 #ifdef CONFIG_CONTEXT_TRACKING
61 bl context_tracking_user_enter
74 .macro kernel_ventry, el, label, regsize = 64
76 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
77 alternative_if ARM64_UNMAP_KERNEL_AT_EL0
86 alternative_else_nop_endif
89 sub sp, sp, #S_FRAME_SIZE
93 .macro tramp_alias, dst, sym
94 mov_q \dst, TRAMP_VALIAS
95 add \dst, \dst, #(\sym - .entry.tramp.text)
98 .macro kernel_entry, el, regsize = 64
100 mov w0, w0 // zero upper 32 bits of x0
102 stp x0, x1, [sp, #16 * 0]
103 stp x2, x3, [sp, #16 * 1]
104 stp x4, x5, [sp, #16 * 2]
105 stp x6, x7, [sp, #16 * 3]
106 stp x8, x9, [sp, #16 * 4]
107 stp x10, x11, [sp, #16 * 5]
108 stp x12, x13, [sp, #16 * 6]
109 stp x14, x15, [sp, #16 * 7]
110 stp x16, x17, [sp, #16 * 8]
111 stp x18, x19, [sp, #16 * 9]
112 stp x20, x21, [sp, #16 * 10]
113 stp x22, x23, [sp, #16 * 11]
114 stp x24, x25, [sp, #16 * 12]
115 stp x26, x27, [sp, #16 * 13]
116 stp x28, x29, [sp, #16 * 14]
121 and tsk, tsk, #~(THREAD_SIZE - 1) // Ensure MDSCR_EL1.SS is clear,
122 ldr x19, [tsk, #TI_FLAGS] // since we can unmask debug
123 disable_step_tsk x19, x20 // exceptions when scheduling.
125 mov x29, xzr // fp pointed to user-space
127 add x21, sp, #S_FRAME_SIZE
129 /* Save the task's original addr_limit and set USER_DS (TASK_SIZE_64) */
130 ldr x20, [tsk, #TI_ADDR_LIMIT]
131 str x20, [sp, #S_ORIG_ADDR_LIMIT]
132 mov x20, #TASK_SIZE_64
133 str x20, [tsk, #TI_ADDR_LIMIT]
134 /* No need to reset PSTATE.UAO, hardware's already set it to 0 for us */
135 .endif /* \el == 0 */
138 stp lr, x21, [sp, #S_LR]
140 #ifdef CONFIG_ARM64_SW_TTBR0_PAN
142 * Set the TTBR0 PAN bit in SPSR. When the exception is taken from
143 * EL0, there is no need to check the state of TTBR0_EL1 since
144 * accesses are always enabled.
145 * Note that the meaning of this bit differs from the ARMv8.1 PAN
146 * feature as all TTBR0_EL1 accesses are disabled, not just those to
149 alternative_if ARM64_HAS_PAN
150 b 1f // skip TTBR0 PAN
151 alternative_else_nop_endif
155 tst x21, #TTBR_ASID_MASK // Check for the reserved ASID
156 orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR
157 b.eq 1f // TTBR0 access already disabled
158 and x23, x23, #~PSR_PAN_BIT // Clear the emulated PAN in the saved SPSR
161 __uaccess_ttbr0_disable x21
165 stp x22, x23, [sp, #S_PC]
168 * Set syscallno to -1 by default (overridden later if real syscall).
172 str x21, [sp, #S_SYSCALLNO]
176 * Set sp_el0 to current thread_info.
183 * Registers that may be useful after this macro is invoked:
187 * x23 - aborted PSTATE
191 .macro kernel_exit, el
193 /* Restore the task's original addr_limit. */
194 ldr x20, [sp, #S_ORIG_ADDR_LIMIT]
195 str x20, [tsk, #TI_ADDR_LIMIT]
197 /* No need to restore UAO, it will be restored from SPSR_EL1 */
200 ldp x21, x22, [sp, #S_PC] // load ELR, SPSR
205 #ifdef CONFIG_ARM64_SW_TTBR0_PAN
207 * Restore access to TTBR0_EL1. If returning to EL0, no need for SPSR
210 alternative_if ARM64_HAS_PAN
211 b 2f // skip TTBR0 PAN
212 alternative_else_nop_endif
215 tbnz x22, #22, 1f // Skip re-enabling TTBR0 access if the PSR_PAN_BIT is set
218 __uaccess_ttbr0_enable x0, x1
222 * Enable errata workarounds only if returning to user. The only
223 * workaround currently required for TTBR0_EL1 changes are for the
224 * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache
227 bl post_ttbr_update_workaround
231 and x22, x22, #~PSR_PAN_BIT // ARMv8.0 CPUs do not understand this bit
237 ldr x23, [sp, #S_SP] // load return stack pointer
239 tst x22, #PSR_MODE32_BIT // native task?
242 #ifdef CONFIG_ARM64_ERRATUM_845719
243 alternative_if ARM64_WORKAROUND_845719
244 #ifdef CONFIG_PID_IN_CONTEXTIDR
245 mrs x29, contextidr_el1
246 msr contextidr_el1, x29
248 msr contextidr_el1, xzr
250 alternative_else_nop_endif
255 msr elr_el1, x21 // set up the return data
257 ldp x0, x1, [sp, #16 * 0]
258 ldp x2, x3, [sp, #16 * 1]
259 ldp x4, x5, [sp, #16 * 2]
260 ldp x6, x7, [sp, #16 * 3]
261 ldp x8, x9, [sp, #16 * 4]
262 ldp x10, x11, [sp, #16 * 5]
263 ldp x12, x13, [sp, #16 * 6]
264 ldp x14, x15, [sp, #16 * 7]
265 ldp x16, x17, [sp, #16 * 8]
266 ldp x18, x19, [sp, #16 * 9]
267 ldp x20, x21, [sp, #16 * 10]
268 ldp x22, x23, [sp, #16 * 11]
269 ldp x24, x25, [sp, #16 * 12]
270 ldp x26, x27, [sp, #16 * 13]
271 ldp x28, x29, [sp, #16 * 14]
273 add sp, sp, #S_FRAME_SIZE // restore sp
276 alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
277 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
280 tramp_alias x30, tramp_exit_native
283 tramp_alias x30, tramp_exit_compat
291 .macro irq_stack_entry
292 mov x19, sp // preserve the original sp
295 * Compare sp with the current thread_info, if the top
296 * ~(THREAD_SIZE - 1) bits match, we are on a task stack, and
297 * should switch to the irq stack.
299 and x25, x19, #~(THREAD_SIZE - 1)
303 this_cpu_ptr irq_stack, x25, x26
304 mov x26, #IRQ_STACK_START_SP
307 /* switch to the irq stack */
311 * Add a dummy stack frame, this non-standard format is fixed up
314 stp x29, x19, [sp, #-16]!
321 * x19 should be preserved between irq_stack_entry and
324 .macro irq_stack_exit
329 * These are the registers used in the syscall handler, and allow us to
330 * have in theory up to 7 arguments to a function - x0 to x6.
332 * x7 is reserved for the system call number in 32-bit mode.
334 sc_nr .req x25 // number of system calls
335 scno .req x26 // syscall number
336 stbl .req x27 // syscall table pointer
337 tsk .req x28 // current thread_info
340 * Interrupt handling.
343 ldr_l x1, handle_arch_irq
355 .pushsection ".entry.text", "ax"
359 kernel_ventry 1, sync_invalid // Synchronous EL1t
360 kernel_ventry 1, irq_invalid // IRQ EL1t
361 kernel_ventry 1, fiq_invalid // FIQ EL1t
362 kernel_ventry 1, error_invalid // Error EL1t
364 kernel_ventry 1, sync // Synchronous EL1h
365 kernel_ventry 1, irq // IRQ EL1h
366 kernel_ventry 1, fiq_invalid // FIQ EL1h
367 kernel_ventry 1, error_invalid // Error EL1h
369 kernel_ventry 0, sync // Synchronous 64-bit EL0
370 kernel_ventry 0, irq // IRQ 64-bit EL0
371 kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0
372 kernel_ventry 0, error_invalid // Error 64-bit EL0
375 kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0
376 kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0
377 kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0
378 kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0
380 kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0
381 kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0
382 kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0
383 kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0
388 * Invalid mode handlers
390 .macro inv_entry, el, reason, regsize = 64
391 kernel_entry \el, \regsize
399 inv_entry 0, BAD_SYNC
400 ENDPROC(el0_sync_invalid)
404 ENDPROC(el0_irq_invalid)
408 ENDPROC(el0_fiq_invalid)
411 inv_entry 0, BAD_ERROR
412 ENDPROC(el0_error_invalid)
415 el0_fiq_invalid_compat:
416 inv_entry 0, BAD_FIQ, 32
417 ENDPROC(el0_fiq_invalid_compat)
419 el0_error_invalid_compat:
420 inv_entry 0, BAD_ERROR, 32
421 ENDPROC(el0_error_invalid_compat)
425 inv_entry 1, BAD_SYNC
426 ENDPROC(el1_sync_invalid)
430 ENDPROC(el1_irq_invalid)
434 ENDPROC(el1_fiq_invalid)
437 inv_entry 1, BAD_ERROR
438 ENDPROC(el1_error_invalid)
446 mrs x1, esr_el1 // read the syndrome register
447 lsr x24, x1, #ESR_ELx_EC_SHIFT // exception class
448 cmp x24, #ESR_ELx_EC_DABT_CUR // data abort in EL1
450 cmp x24, #ESR_ELx_EC_IABT_CUR // instruction abort in EL1
452 cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
454 cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception
456 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
458 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL1
460 cmp x24, #ESR_ELx_EC_BREAKPT_CUR // debug exception in EL1
466 * Fall through to the Data abort case
470 * Data abort handling
474 // re-enable interrupts if they were enabled in the aborted context
475 tbnz x23, #7, 1f // PSR_I_BIT
478 clear_address_tag x0, x3
479 mov x2, sp // struct pt_regs
482 // disable interrupts before pulling preserved data off the stack
487 * Stack or PC alignment exception handling
495 * Undefined instruction
502 * Debug exception handling
504 cmp x24, #ESR_ELx_EC_BRK64 // if BRK64
505 cinc x24, x24, eq // set bit '0'
506 tbz x24, #0, el1_inv // EL1 only
508 mov x2, sp // struct pt_regs
509 bl do_debug_exception
512 // TODO: add support for undefined instructions in kernel mode
524 #ifdef CONFIG_TRACE_IRQFLAGS
525 bl trace_hardirqs_off
530 #ifdef CONFIG_PREEMPT
531 ldr w24, [tsk, #TI_PREEMPT] // get preempt count
532 cbnz w24, 1f // preempt count != 0
533 ldr x0, [tsk, #TI_FLAGS] // get flags
534 tbz x0, #TIF_NEED_RESCHED, 1f // needs rescheduling?
538 #ifdef CONFIG_TRACE_IRQFLAGS
544 #ifdef CONFIG_PREEMPT
547 1: bl preempt_schedule_irq // irq en/disable is done inside
548 ldr x0, [tsk, #TI_FLAGS] // get new tasks TI_FLAGS
549 tbnz x0, #TIF_NEED_RESCHED, 1b // needs rescheduling?
559 mrs x25, esr_el1 // read the syndrome register
560 lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
561 cmp x24, #ESR_ELx_EC_SVC64 // SVC in 64-bit state
563 cmp x24, #ESR_ELx_EC_DABT_LOW // data abort in EL0
565 cmp x24, #ESR_ELx_EC_IABT_LOW // instruction abort in EL0
567 cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
569 cmp x24, #ESR_ELx_EC_FP_EXC64 // FP/ASIMD exception
571 cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
573 cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception
575 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
577 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0
579 cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0
587 mrs x25, esr_el1 // read the syndrome register
588 lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
589 cmp x24, #ESR_ELx_EC_SVC32 // SVC in 32-bit state
591 cmp x24, #ESR_ELx_EC_DABT_LOW // data abort in EL0
593 cmp x24, #ESR_ELx_EC_IABT_LOW // instruction abort in EL0
595 cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
597 cmp x24, #ESR_ELx_EC_FP_EXC32 // FP/ASIMD exception
599 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
601 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0
603 cmp x24, #ESR_ELx_EC_CP15_32 // CP15 MRC/MCR trap
605 cmp x24, #ESR_ELx_EC_CP15_64 // CP15 MRRC/MCRR trap
607 cmp x24, #ESR_ELx_EC_CP14_MR // CP14 MRC/MCR trap
609 cmp x24, #ESR_ELx_EC_CP14_LS // CP14 LDC/STC trap
611 cmp x24, #ESR_ELx_EC_CP14_64 // CP14 MRRC/MCRR trap
613 cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0
618 * AArch32 syscall handling
620 adrp stbl, compat_sys_call_table // load compat syscall table pointer
621 uxtw scno, w7 // syscall number in w7 (r7)
622 mov sc_nr, #__NR_compat_syscalls
633 * Data abort handling
636 // enable interrupts before calling the main handler
639 clear_address_tag x0, x26
646 * Instruction abort handling
649 // enable interrupts before calling the main handler
659 * Floating Point or Advanced SIMD access
669 * Floating Point or Advanced SIMD exception
679 * Stack or PC alignment exception handling
682 // enable interrupts before calling the main handler
692 * Undefined instruction
694 // enable interrupts before calling the main handler
702 * System instructions, for trapped cache maintenance instructions
712 * Debug exception handling
714 tbnz x24, #0, el0_inv // EL0 only
718 bl do_debug_exception
737 #ifdef CONFIG_TRACE_IRQFLAGS
738 bl trace_hardirqs_off
744 #ifdef CONFIG_TRACE_IRQFLAGS
751 * Register switch for AArch64. The callee-saved registers need to be saved
752 * and restored. On entry:
753 * x0 = previous task_struct (must be preserved across the switch)
754 * x1 = next task_struct
755 * Previous and next are guaranteed not to be the same.
759 mov x10, #THREAD_CPU_CONTEXT
762 stp x19, x20, [x8], #16 // store callee-saved registers
763 stp x21, x22, [x8], #16
764 stp x23, x24, [x8], #16
765 stp x25, x26, [x8], #16
766 stp x27, x28, [x8], #16
767 stp x29, x9, [x8], #16
770 ldp x19, x20, [x8], #16 // restore callee-saved registers
771 ldp x21, x22, [x8], #16
772 ldp x23, x24, [x8], #16
773 ldp x25, x26, [x8], #16
774 ldp x27, x28, [x8], #16
775 ldp x29, x9, [x8], #16
778 and x9, x9, #~(THREAD_SIZE - 1)
781 ENDPROC(cpu_switch_to)
784 * This is the fast syscall return path. We do as little as possible here,
785 * and this includes saving x0 back into the kernel stack.
788 disable_irq // disable interrupts
789 str x0, [sp, #S_X0] // returned x0
790 ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
791 and x2, x1, #_TIF_SYSCALL_WORK
792 cbnz x2, ret_fast_syscall_trace
793 and x2, x1, #_TIF_WORK_MASK
794 cbnz x2, work_pending
795 enable_step_tsk x1, x2
797 ret_fast_syscall_trace:
798 enable_irq // enable interrupts
799 b __sys_trace_return_skipped // we already saved x0
802 * Ok, we need to do extra processing, enter the slow path.
807 #ifdef CONFIG_TRACE_IRQFLAGS
808 bl trace_hardirqs_on // enabled while in userspace
810 ldr x1, [tsk, #TI_FLAGS] // re-check for single-step
813 * "slow" syscall return path.
816 disable_irq // disable interrupts
817 ldr x1, [tsk, #TI_FLAGS]
818 and x2, x1, #_TIF_WORK_MASK
819 cbnz x2, work_pending
821 enable_step_tsk x1, x2
826 * This is how we return from a fork.
830 cbz x19, 1f // not a kernel thread
833 1: get_thread_info tsk
835 ENDPROC(ret_from_fork)
842 adrp stbl, sys_call_table // load syscall table pointer
843 uxtw scno, w8 // syscall number in w8
844 mov sc_nr, #__NR_syscalls
845 el0_svc_naked: // compat entry point
846 stp x0, scno, [sp, #S_ORIG_X0] // save the original x0 and syscall number
850 ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks
851 tst x16, #_TIF_SYSCALL_WORK
853 cmp scno, sc_nr // check upper syscall limit
855 ldr x16, [stbl, scno, lsl #3] // address in the syscall table
856 blr x16 // call sys_* routine
865 * This is the really slow path. We're going to be doing context
866 * switches, and waiting for our parent to respond.
869 mov w0, #-1 // set default errno for
870 cmp scno, x0 // user-issued syscall(-1)
875 bl syscall_trace_enter
876 cmp w0, #-1 // skip the syscall?
877 b.eq __sys_trace_return_skipped
878 uxtw scno, w0 // syscall number (possibly new)
879 mov x1, sp // pointer to regs
880 cmp scno, sc_nr // check upper syscall limit
882 ldp x0, x1, [sp] // restore the syscall args
883 ldp x2, x3, [sp, #S_X2]
884 ldp x4, x5, [sp, #S_X4]
885 ldp x6, x7, [sp, #S_X6]
886 ldr x16, [stbl, scno, lsl #3] // address in the syscall table
887 blr x16 // call sys_* routine
890 str x0, [sp, #S_X0] // save returned x0
891 __sys_trace_return_skipped:
893 bl syscall_trace_exit
901 .popsection // .entry.text
903 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
905 * Exception vectors trampoline.
907 .pushsection ".entry.tramp.text", "ax"
909 .macro tramp_map_kernel, tmp
911 sub \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE)
912 bic \tmp, \tmp, #USER_ASID_FLAG
914 #ifdef CONFIG_ARCH_MSM8996
915 /* ASID already in \tmp[63:48] */
916 movk \tmp, #:abs_g2_nc:(TRAMP_VALIAS >> 12)
917 movk \tmp, #:abs_g1_nc:(TRAMP_VALIAS >> 12)
918 /* 2MB boundary containing the vectors, so we nobble the walk cache */
919 movk \tmp, #:abs_g0_nc:((TRAMP_VALIAS & ~(SZ_2M - 1)) >> 12)
923 #endif /* CONFIG_ARCH_MSM8996 */
926 .macro tramp_unmap_kernel, tmp
928 add \tmp, \tmp, #(SWAPPER_DIR_SIZE + RESERVED_TTBR0_SIZE)
929 orr \tmp, \tmp, #USER_ASID_FLAG
932 * We avoid running the post_ttbr_update_workaround here because the
933 * user and kernel ASIDs don't have conflicting mappings, so any
934 * "blessing" as described in:
936 * http://lkml.kernel.org/r/56BB848A.6060603@caviumnetworks.com
938 * will not hurt correctness. Whilst this may partially defeat the
939 * point of using split ASIDs in the first place, it avoids
940 * the hit of invalidating the entire I-cache on every return to
945 .macro tramp_ventry, regsize = 64
949 msr tpidrro_el0, x30 // Restored in kernel_ventry
955 #ifdef CONFIG_RANDOMIZE_BASE
956 adr x30, tramp_vectors + PAGE_SIZE
957 #ifndef CONFIG_ARCH_MSM8996
964 prfm plil1strm, [x30, #(1b - tramp_vectors)]
966 add x30, x30, #(1b - tramp_vectors)
971 .macro tramp_exit, regsize = 64
972 adr x30, tramp_vectors
974 tramp_unmap_kernel x30
996 ENTRY(tramp_exit_native)
998 END(tramp_exit_native)
1000 ENTRY(tramp_exit_compat)
1002 END(tramp_exit_compat)
1005 .popsection // .entry.tramp.text
1006 #ifdef CONFIG_RANDOMIZE_BASE
1007 .pushsection ".rodata", "a"
1009 .globl __entry_tramp_data_start
1010 __entry_tramp_data_start:
1012 .popsection // .rodata
1013 #endif /* CONFIG_RANDOMIZE_BASE */
1014 #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
1017 * Special system call wrappers.
1019 ENTRY(sys_rt_sigreturn_wrapper)
1022 ENDPROC(sys_rt_sigreturn_wrapper)
OSDN Git Service
