1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Low-level exception handling code 4 * 5 * Copyright (C) 2012 ARM Ltd. 6 * Authors: Catalin Marinas <catalin.marinas@arm.com> 7 * Will Deacon <will.deacon@arm.com> 8 */ 9 10#include <linux/arm-smccc.h> 11#include <linux/init.h> 12#include <linux/linkage.h> 13 14#include <asm/alternative.h> 15#include <asm/assembler.h> 16#include <asm/asm-offsets.h> 17#include <asm/asm_pointer_auth.h> 18#include <asm/bug.h> 19#include <asm/cpufeature.h> 20#include <asm/errno.h> 21#include <asm/esr.h> 22#include <asm/irq.h> 23#include <asm/memory.h> 24#include <asm/mmu.h> 25#include <asm/processor.h> 26#include <asm/ptrace.h> 27#include <asm/scs.h> 28#include <asm/thread_info.h> 29#include <asm/asm-uaccess.h> 30#include <asm/unistd.h> 31 32/* 33 * Context tracking and irqflag tracing need to instrument transitions between 34 * user and kernel mode. 35 */ 36 .macro user_exit_irqoff 37#if defined(CONFIG_CONTEXT_TRACKING) || defined(CONFIG_TRACE_IRQFLAGS) 38 bl enter_from_user_mode 39#endif 40 .endm 41 42 .macro user_enter_irqoff 43#if defined(CONFIG_CONTEXT_TRACKING) || defined(CONFIG_TRACE_IRQFLAGS) 44 bl exit_to_user_mode 45#endif 46 .endm 47 48 .macro clear_gp_regs 49 .irp n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 50 mov x\n, xzr 51 .endr 52 .endm 53 54/* 55 * Bad Abort numbers 56 *----------------- 57 */ 58#define BAD_SYNC 0 59#define BAD_IRQ 1 60#define BAD_FIQ 2 61#define BAD_ERROR 3 62 63 .macro kernel_ventry, el, label, regsize = 64 64 .align 7 65#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 66 .if \el == 0 67alternative_if ARM64_UNMAP_KERNEL_AT_EL0 68 .if \regsize == 64 69 mrs x30, tpidrro_el0 70 msr tpidrro_el0, xzr 71 .else 72 mov x30, xzr 73 .endif 74alternative_else_nop_endif 75 .endif 76#endif 77 78 sub sp, sp, #S_FRAME_SIZE 79#ifdef CONFIG_VMAP_STACK 80 /* 81 * Test whether the SP has overflowed, without corrupting a GPR. 82 * Task and IRQ stacks are aligned so that SP & (1 << THREAD_SHIFT) 83 * should always be zero. 84 */ 85 add sp, sp, x0 // sp' = sp + x0 86 sub x0, sp, x0 // x0' = sp' - x0 = (sp + x0) - x0 = sp 87 tbnz x0, #THREAD_SHIFT, 0f 88 sub x0, sp, x0 // x0'' = sp' - x0' = (sp + x0) - sp = x0 89 sub sp, sp, x0 // sp'' = sp' - x0 = (sp + x0) - x0 = sp 90 b el\()\el\()_\label 91 920: 93 /* 94 * Either we've just detected an overflow, or we've taken an exception 95 * while on the overflow stack. Either way, we won't return to 96 * userspace, and can clobber EL0 registers to free up GPRs. 97 */ 98 99 /* Stash the original SP (minus S_FRAME_SIZE) in tpidr_el0. */ 100 msr tpidr_el0, x0 101 102 /* Recover the original x0 value and stash it in tpidrro_el0 */ 103 sub x0, sp, x0 104 msr tpidrro_el0, x0 105 106 /* Switch to the overflow stack */ 107 adr_this_cpu sp, overflow_stack + OVERFLOW_STACK_SIZE, x0 108 109 /* 110 * Check whether we were already on the overflow stack. This may happen 111 * after panic() re-enables interrupts. 112 */ 113 mrs x0, tpidr_el0 // sp of interrupted context 114 sub x0, sp, x0 // delta with top of overflow stack 115 tst x0, #~(OVERFLOW_STACK_SIZE - 1) // within range? 116 b.ne __bad_stack // no? -> bad stack pointer 117 118 /* We were already on the overflow stack. Restore sp/x0 and carry on. */ 119 sub sp, sp, x0 120 mrs x0, tpidrro_el0 121#endif 122 b el\()\el\()_\label 123 .endm 124 125 .macro tramp_alias, dst, sym 126 mov_q \dst, TRAMP_VALIAS 127 add \dst, \dst, #(\sym - .entry.tramp.text) 128 .endm 129 130 /* 131 * This macro corrupts x0-x3. It is the caller's duty to save/restore 132 * them if required. 133 */ 134 .macro apply_ssbd, state, tmp1, tmp2 135alternative_cb spectre_v4_patch_fw_mitigation_enable 136 b .L__asm_ssbd_skip\@ // Patched to NOP 137alternative_cb_end 138 ldr_this_cpu \tmp2, arm64_ssbd_callback_required, \tmp1 139 cbz \tmp2, .L__asm_ssbd_skip\@ 140 ldr \tmp2, [tsk, #TSK_TI_FLAGS] 141 tbnz \tmp2, #TIF_SSBD, .L__asm_ssbd_skip\@ 142 mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2 143 mov w1, #\state 144alternative_cb spectre_v4_patch_fw_mitigation_conduit 145 nop // Patched to SMC/HVC #0 146alternative_cb_end 147.L__asm_ssbd_skip\@: 148 .endm 149 150 /* Check for MTE asynchronous tag check faults */ 151 .macro check_mte_async_tcf, flgs, tmp 152#ifdef CONFIG_ARM64_MTE 153alternative_if_not ARM64_MTE 154 b 1f 155alternative_else_nop_endif 156 mrs_s \tmp, SYS_TFSRE0_EL1 157 tbz \tmp, #SYS_TFSR_EL1_TF0_SHIFT, 1f 158 /* Asynchronous TCF occurred for TTBR0 access, set the TI flag */ 159 orr \flgs, \flgs, #_TIF_MTE_ASYNC_FAULT 160 str \flgs, [tsk, #TSK_TI_FLAGS] 161 msr_s SYS_TFSRE0_EL1, xzr 1621: 163#endif 164 .endm 165 166 /* Clear the MTE asynchronous tag check faults */ 167 .macro clear_mte_async_tcf 168#ifdef CONFIG_ARM64_MTE 169alternative_if ARM64_MTE 170 dsb ish 171 msr_s SYS_TFSRE0_EL1, xzr 172alternative_else_nop_endif 173#endif 174 .endm 175 176 .macro kernel_entry, el, regsize = 64 177 .if \regsize == 32 178 mov w0, w0 // zero upper 32 bits of x0 179 .endif 180 stp x0, x1, [sp, #16 * 0] 181 stp x2, x3, [sp, #16 * 1] 182 stp x4, x5, [sp, #16 * 2] 183 stp x6, x7, [sp, #16 * 3] 184 stp x8, x9, [sp, #16 * 4] 185 stp x10, x11, [sp, #16 * 5] 186 stp x12, x13, [sp, #16 * 6] 187 stp x14, x15, [sp, #16 * 7] 188 stp x16, x17, [sp, #16 * 8] 189 stp x18, x19, [sp, #16 * 9] 190 stp x20, x21, [sp, #16 * 10] 191 stp x22, x23, [sp, #16 * 11] 192 stp x24, x25, [sp, #16 * 12] 193 stp x26, x27, [sp, #16 * 13] 194 stp x28, x29, [sp, #16 * 14] 195 196 .if \el == 0 197 clear_gp_regs 198 mrs x21, sp_el0 199 ldr_this_cpu tsk, __entry_task, x20 200 msr sp_el0, tsk 201 202 /* 203 * Ensure MDSCR_EL1.SS is clear, since we can unmask debug exceptions 204 * when scheduling. 205 */ 206 ldr x19, [tsk, #TSK_TI_FLAGS] 207 disable_step_tsk x19, x20 208 209 /* Check for asynchronous tag check faults in user space */ 210 check_mte_async_tcf x19, x22 211 apply_ssbd 1, x22, x23 212 213 ptrauth_keys_install_kernel tsk, x20, x22, x23 214 215 scs_load tsk, x20 216 .else 217 add x21, sp, #S_FRAME_SIZE 218 get_current_task tsk 219 .endif /* \el == 0 */ 220 mrs x22, elr_el1 221 mrs x23, spsr_el1 222 stp lr, x21, [sp, #S_LR] 223 224 /* 225 * In order to be able to dump the contents of struct pt_regs at the 226 * time the exception was taken (in case we attempt to walk the call 227 * stack later), chain it together with the stack frames. 228 */ 229 .if \el == 0 230 stp xzr, xzr, [sp, #S_STACKFRAME] 231 .else 232 stp x29, x22, [sp, #S_STACKFRAME] 233 .endif 234 add x29, sp, #S_STACKFRAME 235 236#ifdef CONFIG_ARM64_SW_TTBR0_PAN 237alternative_if_not ARM64_HAS_PAN 238 bl __swpan_entry_el\el 239alternative_else_nop_endif 240#endif 241 242 stp x22, x23, [sp, #S_PC] 243 244 /* Not in a syscall by default (el0_svc overwrites for real syscall) */ 245 .if \el == 0 246 mov w21, #NO_SYSCALL 247 str w21, [sp, #S_SYSCALLNO] 248 .endif 249 250 /* Save pmr */ 251alternative_if ARM64_HAS_IRQ_PRIO_MASKING 252 mrs_s x20, SYS_ICC_PMR_EL1 253 str x20, [sp, #S_PMR_SAVE] 254alternative_else_nop_endif 255 256 /* Re-enable tag checking (TCO set on exception entry) */ 257#ifdef CONFIG_ARM64_MTE 258alternative_if ARM64_MTE 259 SET_PSTATE_TCO(0) 260alternative_else_nop_endif 261#endif 262 263 /* 264 * Registers that may be useful after this macro is invoked: 265 * 266 * x20 - ICC_PMR_EL1 267 * x21 - aborted SP 268 * x22 - aborted PC 269 * x23 - aborted PSTATE 270 */ 271 .endm 272 273 .macro kernel_exit, el 274 .if \el != 0 275 disable_daif 276 .endif 277 278 /* Restore pmr */ 279alternative_if ARM64_HAS_IRQ_PRIO_MASKING 280 ldr x20, [sp, #S_PMR_SAVE] 281 msr_s SYS_ICC_PMR_EL1, x20 282 mrs_s x21, SYS_ICC_CTLR_EL1 283 tbz x21, #6, .L__skip_pmr_sync\@ // Check for ICC_CTLR_EL1.PMHE 284 dsb sy // Ensure priority change is seen by redistributor 285.L__skip_pmr_sync\@: 286alternative_else_nop_endif 287 288 ldp x21, x22, [sp, #S_PC] // load ELR, SPSR 289 290#ifdef CONFIG_ARM64_SW_TTBR0_PAN 291alternative_if_not ARM64_HAS_PAN 292 bl __swpan_exit_el\el 293alternative_else_nop_endif 294#endif 295 296 .if \el == 0 297 ldr x23, [sp, #S_SP] // load return stack pointer 298 msr sp_el0, x23 299 tst x22, #PSR_MODE32_BIT // native task? 300 b.eq 3f 301 302#ifdef CONFIG_ARM64_ERRATUM_845719 303alternative_if ARM64_WORKAROUND_845719 304#ifdef CONFIG_PID_IN_CONTEXTIDR 305 mrs x29, contextidr_el1 306 msr contextidr_el1, x29 307#else 308 msr contextidr_el1, xzr 309#endif 310alternative_else_nop_endif 311#endif 3123: 313 scs_save tsk, x0 314 315 /* No kernel C function calls after this as user keys are set. */ 316 ptrauth_keys_install_user tsk, x0, x1, x2 317 318 apply_ssbd 0, x0, x1 319 .endif 320 321 msr elr_el1, x21 // set up the return data 322 msr spsr_el1, x22 323 ldp x0, x1, [sp, #16 * 0] 324 ldp x2, x3, [sp, #16 * 1] 325 ldp x4, x5, [sp, #16 * 2] 326 ldp x6, x7, [sp, #16 * 3] 327 ldp x8, x9, [sp, #16 * 4] 328 ldp x10, x11, [sp, #16 * 5] 329 ldp x12, x13, [sp, #16 * 6] 330 ldp x14, x15, [sp, #16 * 7] 331 ldp x16, x17, [sp, #16 * 8] 332 ldp x18, x19, [sp, #16 * 9] 333 ldp x20, x21, [sp, #16 * 10] 334 ldp x22, x23, [sp, #16 * 11] 335 ldp x24, x25, [sp, #16 * 12] 336 ldp x26, x27, [sp, #16 * 13] 337 ldp x28, x29, [sp, #16 * 14] 338 ldr lr, [sp, #S_LR] 339 add sp, sp, #S_FRAME_SIZE // restore sp 340 341 .if \el == 0 342alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 343#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 344 bne 4f 345 msr far_el1, x30 346 tramp_alias x30, tramp_exit_native 347 br x30 3484: 349 tramp_alias x30, tramp_exit_compat 350 br x30 351#endif 352 .else 353 /* Ensure any device/NC reads complete */ 354 alternative_insn nop, "dmb sy", ARM64_WORKAROUND_1508412 355 356 eret 357 .endif 358 sb 359 .endm 360 361#ifdef CONFIG_ARM64_SW_TTBR0_PAN 362 /* 363 * Set the TTBR0 PAN bit in SPSR. When the exception is taken from 364 * EL0, there is no need to check the state of TTBR0_EL1 since 365 * accesses are always enabled. 366 * Note that the meaning of this bit differs from the ARMv8.1 PAN 367 * feature as all TTBR0_EL1 accesses are disabled, not just those to 368 * user mappings. 369 */ 370SYM_CODE_START_LOCAL(__swpan_entry_el1) 371 mrs x21, ttbr0_el1 372 tst x21, #TTBR_ASID_MASK // Check for the reserved ASID 373 orr x23, x23, #PSR_PAN_BIT // Set the emulated PAN in the saved SPSR 374 b.eq 1f // TTBR0 access already disabled 375 and x23, x23, #~PSR_PAN_BIT // Clear the emulated PAN in the saved SPSR 376SYM_INNER_LABEL(__swpan_entry_el0, SYM_L_LOCAL) 377 __uaccess_ttbr0_disable x21 3781: ret 379SYM_CODE_END(__swpan_entry_el1) 380 381 /* 382 * Restore access to TTBR0_EL1. If returning to EL0, no need for SPSR 383 * PAN bit checking. 384 */ 385SYM_CODE_START_LOCAL(__swpan_exit_el1) 386 tbnz x22, #22, 1f // Skip re-enabling TTBR0 access if the PSR_PAN_BIT is set 387 __uaccess_ttbr0_enable x0, x1 3881: and x22, x22, #~PSR_PAN_BIT // ARMv8.0 CPUs do not understand this bit 389 ret 390SYM_CODE_END(__swpan_exit_el1) 391 392SYM_CODE_START_LOCAL(__swpan_exit_el0) 393 __uaccess_ttbr0_enable x0, x1 394 /* 395 * Enable errata workarounds only if returning to user. The only 396 * workaround currently required for TTBR0_EL1 changes are for the 397 * Cavium erratum 27456 (broadcast TLBI instructions may cause I-cache 398 * corruption). 399 */ 400 b post_ttbr_update_workaround 401SYM_CODE_END(__swpan_exit_el0) 402#endif 403 404 .macro irq_stack_entry 405 mov x19, sp // preserve the original sp 406#ifdef CONFIG_SHADOW_CALL_STACK 407 mov x24, scs_sp // preserve the original shadow stack 408#endif 409 410 /* 411 * Compare sp with the base of the task stack. 412 * If the top ~(THREAD_SIZE - 1) bits match, we are on a task stack, 413 * and should switch to the irq stack. 414 */ 415 ldr x25, [tsk, TSK_STACK] 416 eor x25, x25, x19 417 and x25, x25, #~(THREAD_SIZE - 1) 418 cbnz x25, 9998f 419 420 ldr_this_cpu x25, irq_stack_ptr, x26 421 mov x26, #IRQ_STACK_SIZE 422 add x26, x25, x26 423 424 /* switch to the irq stack */ 425 mov sp, x26 426 427#ifdef CONFIG_SHADOW_CALL_STACK 428 /* also switch to the irq shadow stack */ 429 ldr_this_cpu scs_sp, irq_shadow_call_stack_ptr, x26 430#endif 431 4329998: 433 .endm 434 435 /* 436 * The callee-saved regs (x19-x29) should be preserved between 437 * irq_stack_entry and irq_stack_exit, but note that kernel_entry 438 * uses x20-x23 to store data for later use. 439 */ 440 .macro irq_stack_exit 441 mov sp, x19 442#ifdef CONFIG_SHADOW_CALL_STACK 443 mov scs_sp, x24 444#endif 445 .endm 446 447/* GPRs used by entry code */ 448tsk .req x28 // current thread_info 449 450/* 451 * Interrupt handling. 452 */ 453 .macro irq_handler 454 ldr_l x1, handle_arch_irq 455 mov x0, sp 456 irq_stack_entry 457 blr x1 458 irq_stack_exit 459 .endm 460 461#ifdef CONFIG_ARM64_PSEUDO_NMI 462 /* 463 * Set res to 0 if irqs were unmasked in interrupted context. 464 * Otherwise set res to non-0 value. 465 */ 466 .macro test_irqs_unmasked res:req, pmr:req 467alternative_if ARM64_HAS_IRQ_PRIO_MASKING 468 sub \res, \pmr, #GIC_PRIO_IRQON 469alternative_else 470 mov \res, xzr 471alternative_endif 472 .endm 473#endif 474 475 .macro gic_prio_kentry_setup, tmp:req 476#ifdef CONFIG_ARM64_PSEUDO_NMI 477 alternative_if ARM64_HAS_IRQ_PRIO_MASKING 478 mov \tmp, #(GIC_PRIO_PSR_I_SET | GIC_PRIO_IRQON) 479 msr_s SYS_ICC_PMR_EL1, \tmp 480 alternative_else_nop_endif 481#endif 482 .endm 483 484 .macro gic_prio_irq_setup, pmr:req, tmp:req 485#ifdef CONFIG_ARM64_PSEUDO_NMI 486 alternative_if ARM64_HAS_IRQ_PRIO_MASKING 487 orr \tmp, \pmr, #GIC_PRIO_PSR_I_SET 488 msr_s SYS_ICC_PMR_EL1, \tmp 489 alternative_else_nop_endif 490#endif 491 .endm 492 493 .text 494 495/* 496 * Exception vectors. 497 */ 498 .pushsection ".entry.text", "ax" 499 500 .align 11 501SYM_CODE_START(vectors) 502 kernel_ventry 1, sync_invalid // Synchronous EL1t 503 kernel_ventry 1, irq_invalid // IRQ EL1t 504 kernel_ventry 1, fiq_invalid // FIQ EL1t 505 kernel_ventry 1, error_invalid // Error EL1t 506 507 kernel_ventry 1, sync // Synchronous EL1h 508 kernel_ventry 1, irq // IRQ EL1h 509 kernel_ventry 1, fiq_invalid // FIQ EL1h 510 kernel_ventry 1, error // Error EL1h 511 512 kernel_ventry 0, sync // Synchronous 64-bit EL0 513 kernel_ventry 0, irq // IRQ 64-bit EL0 514 kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0 515 kernel_ventry 0, error // Error 64-bit EL0 516 517#ifdef CONFIG_COMPAT 518 kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0 519 kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0 520 kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0 521 kernel_ventry 0, error_compat, 32 // Error 32-bit EL0 522#else 523 kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0 524 kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0 525 kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0 526 kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0 527#endif 528SYM_CODE_END(vectors) 529 530#ifdef CONFIG_VMAP_STACK 531 /* 532 * We detected an overflow in kernel_ventry, which switched to the 533 * overflow stack. Stash the exception regs, and head to our overflow 534 * handler. 535 */ 536__bad_stack: 537 /* Restore the original x0 value */ 538 mrs x0, tpidrro_el0 539 540 /* 541 * Store the original GPRs to the new stack. The orginal SP (minus 542 * S_FRAME_SIZE) was stashed in tpidr_el0 by kernel_ventry. 543 */ 544 sub sp, sp, #S_FRAME_SIZE 545 kernel_entry 1 546 mrs x0, tpidr_el0 547 add x0, x0, #S_FRAME_SIZE 548 str x0, [sp, #S_SP] 549 550 /* Stash the regs for handle_bad_stack */ 551 mov x0, sp 552 553 /* Time to die */ 554 bl handle_bad_stack 555 ASM_BUG() 556#endif /* CONFIG_VMAP_STACK */ 557 558/* 559 * Invalid mode handlers 560 */ 561 .macro inv_entry, el, reason, regsize = 64 562 kernel_entry \el, \regsize 563 mov x0, sp 564 mov x1, #\reason 565 mrs x2, esr_el1 566 bl bad_mode 567 ASM_BUG() 568 .endm 569 570SYM_CODE_START_LOCAL(el0_sync_invalid) 571 inv_entry 0, BAD_SYNC 572SYM_CODE_END(el0_sync_invalid) 573 574SYM_CODE_START_LOCAL(el0_irq_invalid) 575 inv_entry 0, BAD_IRQ 576SYM_CODE_END(el0_irq_invalid) 577 578SYM_CODE_START_LOCAL(el0_fiq_invalid) 579 inv_entry 0, BAD_FIQ 580SYM_CODE_END(el0_fiq_invalid) 581 582SYM_CODE_START_LOCAL(el0_error_invalid) 583 inv_entry 0, BAD_ERROR 584SYM_CODE_END(el0_error_invalid) 585 586#ifdef CONFIG_COMPAT 587SYM_CODE_START_LOCAL(el0_fiq_invalid_compat) 588 inv_entry 0, BAD_FIQ, 32 589SYM_CODE_END(el0_fiq_invalid_compat) 590#endif 591 592SYM_CODE_START_LOCAL(el1_sync_invalid) 593 inv_entry 1, BAD_SYNC 594SYM_CODE_END(el1_sync_invalid) 595 596SYM_CODE_START_LOCAL(el1_irq_invalid) 597 inv_entry 1, BAD_IRQ 598SYM_CODE_END(el1_irq_invalid) 599 600SYM_CODE_START_LOCAL(el1_fiq_invalid) 601 inv_entry 1, BAD_FIQ 602SYM_CODE_END(el1_fiq_invalid) 603 604SYM_CODE_START_LOCAL(el1_error_invalid) 605 inv_entry 1, BAD_ERROR 606SYM_CODE_END(el1_error_invalid) 607 608/* 609 * EL1 mode handlers. 610 */ 611 .align 6 612SYM_CODE_START_LOCAL_NOALIGN(el1_sync) 613 kernel_entry 1 614 mov x0, sp 615 bl el1_sync_handler 616 kernel_exit 1 617SYM_CODE_END(el1_sync) 618 619 .align 6 620SYM_CODE_START_LOCAL_NOALIGN(el1_irq) 621 kernel_entry 1 622 gic_prio_irq_setup pmr=x20, tmp=x1 623 enable_da_f 624 625 mov x0, sp 626 bl enter_el1_irq_or_nmi 627 628 irq_handler 629 630#ifdef CONFIG_PREEMPTION 631 ldr x24, [tsk, #TSK_TI_PREEMPT] // get preempt count 632alternative_if ARM64_HAS_IRQ_PRIO_MASKING 633 /* 634 * DA_F were cleared at start of handling. If anything is set in DAIF, 635 * we come back from an NMI, so skip preemption 636 */ 637 mrs x0, daif 638 orr x24, x24, x0 639alternative_else_nop_endif 640 cbnz x24, 1f // preempt count != 0 || NMI return path 641 bl arm64_preempt_schedule_irq // irq en/disable is done inside 6421: 643#endif 644 645 mov x0, sp 646 bl exit_el1_irq_or_nmi 647 648 kernel_exit 1 649SYM_CODE_END(el1_irq) 650 651/* 652 * EL0 mode handlers. 653 */ 654 .align 6 655SYM_CODE_START_LOCAL_NOALIGN(el0_sync) 656 kernel_entry 0 657 mov x0, sp 658 bl el0_sync_handler 659 b ret_to_user 660SYM_CODE_END(el0_sync) 661 662#ifdef CONFIG_COMPAT 663 .align 6 664SYM_CODE_START_LOCAL_NOALIGN(el0_sync_compat) 665 kernel_entry 0, 32 666 mov x0, sp 667 bl el0_sync_compat_handler 668 b ret_to_user 669SYM_CODE_END(el0_sync_compat) 670 671 .align 6 672SYM_CODE_START_LOCAL_NOALIGN(el0_irq_compat) 673 kernel_entry 0, 32 674 b el0_irq_naked 675SYM_CODE_END(el0_irq_compat) 676 677SYM_CODE_START_LOCAL_NOALIGN(el0_error_compat) 678 kernel_entry 0, 32 679 b el0_error_naked 680SYM_CODE_END(el0_error_compat) 681#endif 682 683 .align 6 684SYM_CODE_START_LOCAL_NOALIGN(el0_irq) 685 kernel_entry 0 686el0_irq_naked: 687 gic_prio_irq_setup pmr=x20, tmp=x0 688 user_exit_irqoff 689 enable_da_f 690 691 tbz x22, #55, 1f 692 bl do_el0_irq_bp_hardening 6931: 694 irq_handler 695 696 b ret_to_user 697SYM_CODE_END(el0_irq) 698 699SYM_CODE_START_LOCAL(el1_error) 700 kernel_entry 1 701 mrs x1, esr_el1 702 gic_prio_kentry_setup tmp=x2 703 enable_dbg 704 mov x0, sp 705 bl do_serror 706 kernel_exit 1 707SYM_CODE_END(el1_error) 708 709SYM_CODE_START_LOCAL(el0_error) 710 kernel_entry 0 711el0_error_naked: 712 mrs x25, esr_el1 713 gic_prio_kentry_setup tmp=x2 714 user_exit_irqoff 715 enable_dbg 716 mov x0, sp 717 mov x1, x25 718 bl do_serror 719 enable_da_f 720 b ret_to_user 721SYM_CODE_END(el0_error) 722 723/* 724 * "slow" syscall return path. 725 */ 726SYM_CODE_START_LOCAL(ret_to_user) 727 disable_daif 728 gic_prio_kentry_setup tmp=x3 729#ifdef CONFIG_TRACE_IRQFLAGS 730 bl trace_hardirqs_off 731#endif 732 ldr x19, [tsk, #TSK_TI_FLAGS] 733 and x2, x19, #_TIF_WORK_MASK 734 cbnz x2, work_pending 735finish_ret_to_user: 736 user_enter_irqoff 737 /* Ignore asynchronous tag check faults in the uaccess routines */ 738 clear_mte_async_tcf 739 enable_step_tsk x19, x2 740#ifdef CONFIG_GCC_PLUGIN_STACKLEAK 741 bl stackleak_erase 742#endif 743 kernel_exit 0 744 745/* 746 * Ok, we need to do extra processing, enter the slow path. 747 */ 748work_pending: 749 mov x0, sp // 'regs' 750 mov x1, x19 751 bl do_notify_resume 752 ldr x19, [tsk, #TSK_TI_FLAGS] // re-check for single-step 753 b finish_ret_to_user 754SYM_CODE_END(ret_to_user) 755 756 .popsection // .entry.text 757 758#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 759/* 760 * Exception vectors trampoline. 761 */ 762 .pushsection ".entry.tramp.text", "ax" 763 764 // Move from tramp_pg_dir to swapper_pg_dir 765 .macro tramp_map_kernel, tmp 766 mrs \tmp, ttbr1_el1 767 add \tmp, \tmp, #(2 * PAGE_SIZE) 768 bic \tmp, \tmp, #USER_ASID_FLAG 769 msr ttbr1_el1, \tmp 770#ifdef CONFIG_QCOM_FALKOR_ERRATUM_1003 771alternative_if ARM64_WORKAROUND_QCOM_FALKOR_E1003 772 /* ASID already in \tmp[63:48] */ 773 movk \tmp, #:abs_g2_nc:(TRAMP_VALIAS >> 12) 774 movk \tmp, #:abs_g1_nc:(TRAMP_VALIAS >> 12) 775 /* 2MB boundary containing the vectors, so we nobble the walk cache */ 776 movk \tmp, #:abs_g0_nc:((TRAMP_VALIAS & ~(SZ_2M - 1)) >> 12) 777 isb 778 tlbi vae1, \tmp 779 dsb nsh 780alternative_else_nop_endif 781#endif /* CONFIG_QCOM_FALKOR_ERRATUM_1003 */ 782 .endm 783 784 // Move from swapper_pg_dir to tramp_pg_dir 785 .macro tramp_unmap_kernel, tmp 786 mrs \tmp, ttbr1_el1 787 sub \tmp, \tmp, #(2 * PAGE_SIZE) 788 orr \tmp, \tmp, #USER_ASID_FLAG 789 msr ttbr1_el1, \tmp 790 /* 791 * We avoid running the post_ttbr_update_workaround here because 792 * it's only needed by Cavium ThunderX, which requires KPTI to be 793 * disabled. 794 */ 795 .endm 796 797 .macro tramp_ventry, regsize = 64 798 .align 7 7991: 800 .if \regsize == 64 801 msr tpidrro_el0, x30 // Restored in kernel_ventry 802 .endif 803 /* 804 * Defend against branch aliasing attacks by pushing a dummy 805 * entry onto the return stack and using a RET instruction to 806 * enter the full-fat kernel vectors. 807 */ 808 bl 2f 809 b . 8102: 811 tramp_map_kernel x30 812#ifdef CONFIG_RANDOMIZE_BASE 813 adr x30, tramp_vectors + PAGE_SIZE 814alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003 815 ldr x30, [x30] 816#else 817 ldr x30, =vectors 818#endif 819alternative_if_not ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM 820 prfm plil1strm, [x30, #(1b - tramp_vectors)] 821alternative_else_nop_endif 822 msr vbar_el1, x30 823 add x30, x30, #(1b - tramp_vectors) 824 isb 825 ret 826 .endm 827 828 .macro tramp_exit, regsize = 64 829 adr x30, tramp_vectors 830 msr vbar_el1, x30 831 tramp_unmap_kernel x30 832 .if \regsize == 64 833 mrs x30, far_el1 834 .endif 835 eret 836 sb 837 .endm 838 839 .align 11 840SYM_CODE_START_NOALIGN(tramp_vectors) 841 .space 0x400 842 843 tramp_ventry 844 tramp_ventry 845 tramp_ventry 846 tramp_ventry 847 848 tramp_ventry 32 849 tramp_ventry 32 850 tramp_ventry 32 851 tramp_ventry 32 852SYM_CODE_END(tramp_vectors) 853 854SYM_CODE_START(tramp_exit_native) 855 tramp_exit 856SYM_CODE_END(tramp_exit_native) 857 858SYM_CODE_START(tramp_exit_compat) 859 tramp_exit 32 860SYM_CODE_END(tramp_exit_compat) 861 862 .ltorg 863 .popsection // .entry.tramp.text 864#ifdef CONFIG_RANDOMIZE_BASE 865 .pushsection ".rodata", "a" 866 .align PAGE_SHIFT 867SYM_DATA_START(__entry_tramp_data_start) 868 .quad vectors 869SYM_DATA_END(__entry_tramp_data_start) 870 .popsection // .rodata 871#endif /* CONFIG_RANDOMIZE_BASE */ 872#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ 873 874/* 875 * Register switch for AArch64. The callee-saved registers need to be saved 876 * and restored. On entry: 877 * x0 = previous task_struct (must be preserved across the switch) 878 * x1 = next task_struct 879 * Previous and next are guaranteed not to be the same. 880 * 881 */ 882SYM_FUNC_START(cpu_switch_to) 883 mov x10, #THREAD_CPU_CONTEXT 884 add x8, x0, x10 885 mov x9, sp 886 stp x19, x20, [x8], #16 // store callee-saved registers 887 stp x21, x22, [x8], #16 888 stp x23, x24, [x8], #16 889 stp x25, x26, [x8], #16 890 stp x27, x28, [x8], #16 891 stp x29, x9, [x8], #16 892 str lr, [x8] 893 add x8, x1, x10 894 ldp x19, x20, [x8], #16 // restore callee-saved registers 895 ldp x21, x22, [x8], #16 896 ldp x23, x24, [x8], #16 897 ldp x25, x26, [x8], #16 898 ldp x27, x28, [x8], #16 899 ldp x29, x9, [x8], #16 900 ldr lr, [x8] 901 mov sp, x9 902 msr sp_el0, x1 903 ptrauth_keys_install_kernel x1, x8, x9, x10 904 scs_save x0, x8 905 scs_load x1, x8 906 ret 907SYM_FUNC_END(cpu_switch_to) 908NOKPROBE(cpu_switch_to) 909 910/* 911 * This is how we return from a fork. 912 */ 913SYM_CODE_START(ret_from_fork) 914 bl schedule_tail 915 cbz x19, 1f // not a kernel thread 916 mov x0, x20 917 blr x19 9181: get_current_task tsk 919 b ret_to_user 920SYM_CODE_END(ret_from_fork) 921NOKPROBE(ret_from_fork) 922 923#ifdef CONFIG_ARM_SDE_INTERFACE 924 925#include <asm/sdei.h> 926#include <uapi/linux/arm_sdei.h> 927 928.macro sdei_handler_exit exit_mode 929 /* On success, this call never returns... */ 930 cmp \exit_mode, #SDEI_EXIT_SMC 931 b.ne 99f 932 smc #0 933 b . 93499: hvc #0 935 b . 936.endm 937 938#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 939/* 940 * The regular SDEI entry point may have been unmapped along with the rest of 941 * the kernel. This trampoline restores the kernel mapping to make the x1 memory 942 * argument accessible. 943 * 944 * This clobbers x4, __sdei_handler() will restore this from firmware's 945 * copy. 946 */ 947.ltorg 948.pushsection ".entry.tramp.text", "ax" 949SYM_CODE_START(__sdei_asm_entry_trampoline) 950 mrs x4, ttbr1_el1 951 tbz x4, #USER_ASID_BIT, 1f 952 953 tramp_map_kernel tmp=x4 954 isb 955 mov x4, xzr 956 957 /* 958 * Remember whether to unmap the kernel on exit. 959 */ 9601: str x4, [x1, #(SDEI_EVENT_INTREGS + S_SDEI_TTBR1)] 961 962#ifdef CONFIG_RANDOMIZE_BASE 963 adr x4, tramp_vectors + PAGE_SIZE 964 add x4, x4, #:lo12:__sdei_asm_trampoline_next_handler 965 ldr x4, [x4] 966#else 967 ldr x4, =__sdei_asm_handler 968#endif 969 br x4 970SYM_CODE_END(__sdei_asm_entry_trampoline) 971NOKPROBE(__sdei_asm_entry_trampoline) 972 973/* 974 * Make the exit call and restore the original ttbr1_el1 975 * 976 * x0 & x1: setup for the exit API call 977 * x2: exit_mode 978 * x4: struct sdei_registered_event argument from registration time. 979 */ 980SYM_CODE_START(__sdei_asm_exit_trampoline) 981 ldr x4, [x4, #(SDEI_EVENT_INTREGS + S_SDEI_TTBR1)] 982 cbnz x4, 1f 983 984 tramp_unmap_kernel tmp=x4 985 9861: sdei_handler_exit exit_mode=x2 987SYM_CODE_END(__sdei_asm_exit_trampoline) 988NOKPROBE(__sdei_asm_exit_trampoline) 989 .ltorg 990.popsection // .entry.tramp.text 991#ifdef CONFIG_RANDOMIZE_BASE 992.pushsection ".rodata", "a" 993SYM_DATA_START(__sdei_asm_trampoline_next_handler) 994 .quad __sdei_asm_handler 995SYM_DATA_END(__sdei_asm_trampoline_next_handler) 996.popsection // .rodata 997#endif /* CONFIG_RANDOMIZE_BASE */ 998#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */ 999 1000/* 1001 * Software Delegated Exception entry point. 1002 * 1003 * x0: Event number 1004 * x1: struct sdei_registered_event argument from registration time. 1005 * x2: interrupted PC 1006 * x3: interrupted PSTATE 1007 * x4: maybe clobbered by the trampoline 1008 * 1009 * Firmware has preserved x0->x17 for us, we must save/restore the rest to 1010 * follow SMC-CC. We save (or retrieve) all the registers as the handler may 1011 * want them. 1012 */ 1013SYM_CODE_START(__sdei_asm_handler) 1014 stp x2, x3, [x1, #SDEI_EVENT_INTREGS + S_PC] 1015 stp x4, x5, [x1, #SDEI_EVENT_INTREGS + 16 * 2] 1016 stp x6, x7, [x1, #SDEI_EVENT_INTREGS + 16 * 3] 1017 stp x8, x9, [x1, #SDEI_EVENT_INTREGS + 16 * 4] 1018 stp x10, x11, [x1, #SDEI_EVENT_INTREGS + 16 * 5] 1019 stp x12, x13, [x1, #SDEI_EVENT_INTREGS + 16 * 6] 1020 stp x14, x15, [x1, #SDEI_EVENT_INTREGS + 16 * 7] 1021 stp x16, x17, [x1, #SDEI_EVENT_INTREGS + 16 * 8] 1022 stp x18, x19, [x1, #SDEI_EVENT_INTREGS + 16 * 9] 1023 stp x20, x21, [x1, #SDEI_EVENT_INTREGS + 16 * 10] 1024 stp x22, x23, [x1, #SDEI_EVENT_INTREGS + 16 * 11] 1025 stp x24, x25, [x1, #SDEI_EVENT_INTREGS + 16 * 12] 1026 stp x26, x27, [x1, #SDEI_EVENT_INTREGS + 16 * 13] 1027 stp x28, x29, [x1, #SDEI_EVENT_INTREGS + 16 * 14] 1028 mov x4, sp 1029 stp lr, x4, [x1, #SDEI_EVENT_INTREGS + S_LR] 1030 1031 mov x19, x1 1032 1033#if defined(CONFIG_VMAP_STACK) || defined(CONFIG_SHADOW_CALL_STACK) 1034 ldrb w4, [x19, #SDEI_EVENT_PRIORITY] 1035#endif 1036 1037#ifdef CONFIG_VMAP_STACK 1038 /* 1039 * entry.S may have been using sp as a scratch register, find whether 1040 * this is a normal or critical event and switch to the appropriate 1041 * stack for this CPU. 1042 */ 1043 cbnz w4, 1f 1044 ldr_this_cpu dst=x5, sym=sdei_stack_normal_ptr, tmp=x6 1045 b 2f 10461: ldr_this_cpu dst=x5, sym=sdei_stack_critical_ptr, tmp=x6 10472: mov x6, #SDEI_STACK_SIZE 1048 add x5, x5, x6 1049 mov sp, x5 1050#endif 1051 1052#ifdef CONFIG_SHADOW_CALL_STACK 1053 /* Use a separate shadow call stack for normal and critical events */ 1054 cbnz w4, 3f 1055 ldr_this_cpu dst=scs_sp, sym=sdei_shadow_call_stack_normal_ptr, tmp=x6 1056 b 4f 10573: ldr_this_cpu dst=scs_sp, sym=sdei_shadow_call_stack_critical_ptr, tmp=x6 10584: 1059#endif 1060 1061 /* 1062 * We may have interrupted userspace, or a guest, or exit-from or 1063 * return-to either of these. We can't trust sp_el0, restore it. 1064 */ 1065 mrs x28, sp_el0 1066 ldr_this_cpu dst=x0, sym=__entry_task, tmp=x1 1067 msr sp_el0, x0 1068 1069 /* If we interrupted the kernel point to the previous stack/frame. */ 1070 and x0, x3, #0xc 1071 mrs x1, CurrentEL 1072 cmp x0, x1 1073 csel x29, x29, xzr, eq // fp, or zero 1074 csel x4, x2, xzr, eq // elr, or zero 1075 1076 stp x29, x4, [sp, #-16]! 1077 mov x29, sp 1078 1079 add x0, x19, #SDEI_EVENT_INTREGS 1080 mov x1, x19 1081 bl __sdei_handler 1082 1083 msr sp_el0, x28 1084 /* restore regs >x17 that we clobbered */ 1085 mov x4, x19 // keep x4 for __sdei_asm_exit_trampoline 1086 ldp x28, x29, [x4, #SDEI_EVENT_INTREGS + 16 * 14] 1087 ldp x18, x19, [x4, #SDEI_EVENT_INTREGS + 16 * 9] 1088 ldp lr, x1, [x4, #SDEI_EVENT_INTREGS + S_LR] 1089 mov sp, x1 1090 1091 mov x1, x0 // address to complete_and_resume 1092 /* x0 = (x0 <= 1) ? EVENT_COMPLETE:EVENT_COMPLETE_AND_RESUME */ 1093 cmp x0, #1 1094 mov_q x2, SDEI_1_0_FN_SDEI_EVENT_COMPLETE 1095 mov_q x3, SDEI_1_0_FN_SDEI_EVENT_COMPLETE_AND_RESUME 1096 csel x0, x2, x3, ls 1097 1098 ldr_l x2, sdei_exit_mode 1099 1100alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0 1101 sdei_handler_exit exit_mode=x2 1102alternative_else_nop_endif 1103 1104#ifdef CONFIG_UNMAP_KERNEL_AT_EL0 1105 tramp_alias dst=x5, sym=__sdei_asm_exit_trampoline 1106 br x5 1107#endif 1108SYM_CODE_END(__sdei_asm_handler) 1109NOKPROBE(__sdei_asm_handler) 1110#endif /* CONFIG_ARM_SDE_INTERFACE */ 1111