xref: /openbmc/linux/arch/x86/entry/entry_32.S (revision abfbd895) 
1/*
2 *  Copyright (C) 1991,1992  Linus Torvalds
3 *
4 * entry_32.S contains the system-call and low-level fault and trap handling routines.
5 *
6 * Stack layout while running C code:
7 *	ptrace needs to have all registers on the stack.
8 *	If the order here is changed, it needs to be
9 *	updated in fork.c:copy_process(), signal.c:do_signal(),
10 *	ptrace.c and ptrace.h
11 *
12 *	 0(%esp) - %ebx
13 *	 4(%esp) - %ecx
14 *	 8(%esp) - %edx
15 *	 C(%esp) - %esi
16 *	10(%esp) - %edi
17 *	14(%esp) - %ebp
18 *	18(%esp) - %eax
19 *	1C(%esp) - %ds
20 *	20(%esp) - %es
21 *	24(%esp) - %fs
22 *	28(%esp) - %gs		saved iff !CONFIG_X86_32_LAZY_GS
23 *	2C(%esp) - orig_eax
24 *	30(%esp) - %eip
25 *	34(%esp) - %cs
26 *	38(%esp) - %eflags
27 *	3C(%esp) - %oldesp
28 *	40(%esp) - %oldss
29 */
30
31#include <linux/linkage.h>
32#include <linux/err.h>
33#include <asm/thread_info.h>
34#include <asm/irqflags.h>
35#include <asm/errno.h>
36#include <asm/segment.h>
37#include <asm/smp.h>
38#include <asm/page_types.h>
39#include <asm/percpu.h>
40#include <asm/processor-flags.h>
41#include <asm/ftrace.h>
42#include <asm/irq_vectors.h>
43#include <asm/cpufeature.h>
44#include <asm/alternative-asm.h>
45#include <asm/asm.h>
46#include <asm/smap.h>
47
48	.section .entry.text, "ax"
49
50/*
51 * We use macros for low-level operations which need to be overridden
52 * for paravirtualization.  The following will never clobber any registers:
53 *   INTERRUPT_RETURN (aka. "iret")
54 *   GET_CR0_INTO_EAX (aka. "movl %cr0, %eax")
55 *   ENABLE_INTERRUPTS_SYSEXIT (aka "sti; sysexit").
56 *
57 * For DISABLE_INTERRUPTS/ENABLE_INTERRUPTS (aka "cli"/"sti"), you must
58 * specify what registers can be overwritten (CLBR_NONE, CLBR_EAX/EDX/ECX/ANY).
59 * Allowing a register to be clobbered can shrink the paravirt replacement
60 * enough to patch inline, increasing performance.
61 */
62
63#ifdef CONFIG_PREEMPT
64# define preempt_stop(clobbers)	DISABLE_INTERRUPTS(clobbers); TRACE_IRQS_OFF
65#else
66# define preempt_stop(clobbers)
67# define resume_kernel		restore_all
68#endif
69
70.macro TRACE_IRQS_IRET
71#ifdef CONFIG_TRACE_IRQFLAGS
72	testl	$X86_EFLAGS_IF, PT_EFLAGS(%esp)     # interrupts off?
73	jz	1f
74	TRACE_IRQS_ON
751:
76#endif
77.endm
78
79/*
80 * User gs save/restore
81 *
82 * %gs is used for userland TLS and kernel only uses it for stack
83 * canary which is required to be at %gs:20 by gcc.  Read the comment
84 * at the top of stackprotector.h for more info.
85 *
86 * Local labels 98 and 99 are used.
87 */
88#ifdef CONFIG_X86_32_LAZY_GS
89
90 /* unfortunately push/pop can't be no-op */
91.macro PUSH_GS
92	pushl	$0
93.endm
94.macro POP_GS pop=0
95	addl	$(4 + \pop), %esp
96.endm
97.macro POP_GS_EX
98.endm
99
100 /* all the rest are no-op */
101.macro PTGS_TO_GS
102.endm
103.macro PTGS_TO_GS_EX
104.endm
105.macro GS_TO_REG reg
106.endm
107.macro REG_TO_PTGS reg
108.endm
109.macro SET_KERNEL_GS reg
110.endm
111
112#else	/* CONFIG_X86_32_LAZY_GS */
113
114.macro PUSH_GS
115	pushl	%gs
116.endm
117
118.macro POP_GS pop=0
11998:	popl	%gs
120  .if \pop <> 0
121	add	$\pop, %esp
122  .endif
123.endm
124.macro POP_GS_EX
125.pushsection .fixup, "ax"
12699:	movl	$0, (%esp)
127	jmp	98b
128.popsection
129	_ASM_EXTABLE(98b, 99b)
130.endm
131
132.macro PTGS_TO_GS
13398:	mov	PT_GS(%esp), %gs
134.endm
135.macro PTGS_TO_GS_EX
136.pushsection .fixup, "ax"
13799:	movl	$0, PT_GS(%esp)
138	jmp	98b
139.popsection
140	_ASM_EXTABLE(98b, 99b)
141.endm
142
143.macro GS_TO_REG reg
144	movl	%gs, \reg
145.endm
146.macro REG_TO_PTGS reg
147	movl	\reg, PT_GS(%esp)
148.endm
149.macro SET_KERNEL_GS reg
150	movl	$(__KERNEL_STACK_CANARY), \reg
151	movl	\reg, %gs
152.endm
153
154#endif /* CONFIG_X86_32_LAZY_GS */
155
156.macro SAVE_ALL pt_regs_ax=%eax
157	cld
158	PUSH_GS
159	pushl	%fs
160	pushl	%es
161	pushl	%ds
162	pushl	\pt_regs_ax
163	pushl	%ebp
164	pushl	%edi
165	pushl	%esi
166	pushl	%edx
167	pushl	%ecx
168	pushl	%ebx
169	movl	$(__USER_DS), %edx
170	movl	%edx, %ds
171	movl	%edx, %es
172	movl	$(__KERNEL_PERCPU), %edx
173	movl	%edx, %fs
174	SET_KERNEL_GS %edx
175.endm
176
177.macro RESTORE_INT_REGS
178	popl	%ebx
179	popl	%ecx
180	popl	%edx
181	popl	%esi
182	popl	%edi
183	popl	%ebp
184	popl	%eax
185.endm
186
187.macro RESTORE_REGS pop=0
188	RESTORE_INT_REGS
1891:	popl	%ds
1902:	popl	%es
1913:	popl	%fs
192	POP_GS \pop
193.pushsection .fixup, "ax"
1944:	movl	$0, (%esp)
195	jmp	1b
1965:	movl	$0, (%esp)
197	jmp	2b
1986:	movl	$0, (%esp)
199	jmp	3b
200.popsection
201	_ASM_EXTABLE(1b, 4b)
202	_ASM_EXTABLE(2b, 5b)
203	_ASM_EXTABLE(3b, 6b)
204	POP_GS_EX
205.endm
206
207ENTRY(ret_from_fork)
208	pushl	%eax
209	call	schedule_tail
210	GET_THREAD_INFO(%ebp)
211	popl	%eax
212	pushl	$0x0202				# Reset kernel eflags
213	popfl
214
215	/* When we fork, we trace the syscall return in the child, too. */
216	movl    %esp, %eax
217	call    syscall_return_slowpath
218	jmp     restore_all
219END(ret_from_fork)
220
221ENTRY(ret_from_kernel_thread)
222	pushl	%eax
223	call	schedule_tail
224	GET_THREAD_INFO(%ebp)
225	popl	%eax
226	pushl	$0x0202				# Reset kernel eflags
227	popfl
228	movl	PT_EBP(%esp), %eax
229	call	*PT_EBX(%esp)
230	movl	$0, PT_EAX(%esp)
231
232	/*
233	 * Kernel threads return to userspace as if returning from a syscall.
234	 * We should check whether anything actually uses this path and, if so,
235	 * consider switching it over to ret_from_fork.
236	 */
237	movl    %esp, %eax
238	call    syscall_return_slowpath
239	jmp     restore_all
240ENDPROC(ret_from_kernel_thread)
241
242/*
243 * Return to user mode is not as complex as all this looks,
244 * but we want the default path for a system call return to
245 * go as quickly as possible which is why some of this is
246 * less clear than it otherwise should be.
247 */
248
249	# userspace resumption stub bypassing syscall exit tracing
250	ALIGN
251ret_from_exception:
252	preempt_stop(CLBR_ANY)
253ret_from_intr:
254	GET_THREAD_INFO(%ebp)
255#ifdef CONFIG_VM86
256	movl	PT_EFLAGS(%esp), %eax		# mix EFLAGS and CS
257	movb	PT_CS(%esp), %al
258	andl	$(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
259#else
260	/*
261	 * We can be coming here from child spawned by kernel_thread().
262	 */
263	movl	PT_CS(%esp), %eax
264	andl	$SEGMENT_RPL_MASK, %eax
265#endif
266	cmpl	$USER_RPL, %eax
267	jb	resume_kernel			# not returning to v8086 or userspace
268
269ENTRY(resume_userspace)
270	DISABLE_INTERRUPTS(CLBR_ANY)
271	TRACE_IRQS_OFF
272	movl	%esp, %eax
273	call	prepare_exit_to_usermode
274	jmp	restore_all
275END(ret_from_exception)
276
277#ifdef CONFIG_PREEMPT
278ENTRY(resume_kernel)
279	DISABLE_INTERRUPTS(CLBR_ANY)
280need_resched:
281	cmpl	$0, PER_CPU_VAR(__preempt_count)
282	jnz	restore_all
283	testl	$X86_EFLAGS_IF, PT_EFLAGS(%esp)	# interrupts off (exception path) ?
284	jz	restore_all
285	call	preempt_schedule_irq
286	jmp	need_resched
287END(resume_kernel)
288#endif
289
290	# SYSENTER  call handler stub
291ENTRY(entry_SYSENTER_32)
292	movl	TSS_sysenter_sp0(%esp), %esp
293sysenter_past_esp:
294	pushl	$__USER_DS		/* pt_regs->ss */
295	pushl	%ebp			/* pt_regs->sp (stashed in bp) */
296	pushfl				/* pt_regs->flags (except IF = 0) */
297	orl	$X86_EFLAGS_IF, (%esp)	/* Fix IF */
298	pushl	$__USER_CS		/* pt_regs->cs */
299	pushl	$0			/* pt_regs->ip = 0 (placeholder) */
300	pushl	%eax			/* pt_regs->orig_ax */
301	SAVE_ALL pt_regs_ax=$-ENOSYS	/* save rest */
302
303	/*
304	 * User mode is traced as though IRQs are on, and SYSENTER
305	 * turned them off.
306	 */
307	TRACE_IRQS_OFF
308
309	movl	%esp, %eax
310	call	do_fast_syscall_32
311	/* XEN PV guests always use IRET path */
312	ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \
313		    "jmp .Lsyscall_32_done", X86_FEATURE_XENPV
314
315/* Opportunistic SYSEXIT */
316	TRACE_IRQS_ON			/* User mode traces as IRQs on. */
317	movl	PT_EIP(%esp), %edx	/* pt_regs->ip */
318	movl	PT_OLDESP(%esp), %ecx	/* pt_regs->sp */
3191:	mov	PT_FS(%esp), %fs
320	PTGS_TO_GS
321	popl	%ebx			/* pt_regs->bx */
322	addl	$2*4, %esp		/* skip pt_regs->cx and pt_regs->dx */
323	popl	%esi			/* pt_regs->si */
324	popl	%edi			/* pt_regs->di */
325	popl	%ebp			/* pt_regs->bp */
326	popl	%eax			/* pt_regs->ax */
327
328	/*
329	 * Return back to the vDSO, which will pop ecx and edx.
330	 * Don't bother with DS and ES (they already contain __USER_DS).
331	 */
332	ENABLE_INTERRUPTS_SYSEXIT
333
334.pushsection .fixup, "ax"
3352:	movl	$0, PT_FS(%esp)
336	jmp	1b
337.popsection
338	_ASM_EXTABLE(1b, 2b)
339	PTGS_TO_GS_EX
340ENDPROC(entry_SYSENTER_32)
341
342	# system call handler stub
343ENTRY(entry_INT80_32)
344	ASM_CLAC
345	pushl	%eax			/* pt_regs->orig_ax */
346	SAVE_ALL pt_regs_ax=$-ENOSYS	/* save rest */
347
348	/*
349	 * User mode is traced as though IRQs are on.  Unlike the 64-bit
350	 * case, INT80 is a trap gate on 32-bit kernels, so interrupts
351	 * are already on (unless user code is messing around with iopl).
352	 */
353
354	movl	%esp, %eax
355	call	do_syscall_32_irqs_on
356.Lsyscall_32_done:
357
358restore_all:
359	TRACE_IRQS_IRET
360restore_all_notrace:
361#ifdef CONFIG_X86_ESPFIX32
362	movl	PT_EFLAGS(%esp), %eax		# mix EFLAGS, SS and CS
363	/*
364	 * Warning: PT_OLDSS(%esp) contains the wrong/random values if we
365	 * are returning to the kernel.
366	 * See comments in process.c:copy_thread() for details.
367	 */
368	movb	PT_OLDSS(%esp), %ah
369	movb	PT_CS(%esp), %al
370	andl	$(X86_EFLAGS_VM | (SEGMENT_TI_MASK << 8) | SEGMENT_RPL_MASK), %eax
371	cmpl	$((SEGMENT_LDT << 8) | USER_RPL), %eax
372	je ldt_ss				# returning to user-space with LDT SS
373#endif
374restore_nocheck:
375	RESTORE_REGS 4				# skip orig_eax/error_code
376irq_return:
377	INTERRUPT_RETURN
378.section .fixup, "ax"
379ENTRY(iret_exc	)
380	pushl	$0				# no error code
381	pushl	$do_iret_error
382	jmp	error_code
383.previous
384	_ASM_EXTABLE(irq_return, iret_exc)
385
386#ifdef CONFIG_X86_ESPFIX32
387ldt_ss:
388#ifdef CONFIG_PARAVIRT
389	/*
390	 * The kernel can't run on a non-flat stack if paravirt mode
391	 * is active.  Rather than try to fixup the high bits of
392	 * ESP, bypass this code entirely.  This may break DOSemu
393	 * and/or Wine support in a paravirt VM, although the option
394	 * is still available to implement the setting of the high
395	 * 16-bits in the INTERRUPT_RETURN paravirt-op.
396	 */
397	cmpl	$0, pv_info+PARAVIRT_enabled
398	jne	restore_nocheck
399#endif
400
401/*
402 * Setup and switch to ESPFIX stack
403 *
404 * We're returning to userspace with a 16 bit stack. The CPU will not
405 * restore the high word of ESP for us on executing iret... This is an
406 * "official" bug of all the x86-compatible CPUs, which we can work
407 * around to make dosemu and wine happy. We do this by preloading the
408 * high word of ESP with the high word of the userspace ESP while
409 * compensating for the offset by changing to the ESPFIX segment with
410 * a base address that matches for the difference.
411 */
412#define GDT_ESPFIX_SS PER_CPU_VAR(gdt_page) + (GDT_ENTRY_ESPFIX_SS * 8)
413	mov	%esp, %edx			/* load kernel esp */
414	mov	PT_OLDESP(%esp), %eax		/* load userspace esp */
415	mov	%dx, %ax			/* eax: new kernel esp */
416	sub	%eax, %edx			/* offset (low word is 0) */
417	shr	$16, %edx
418	mov	%dl, GDT_ESPFIX_SS + 4		/* bits 16..23 */
419	mov	%dh, GDT_ESPFIX_SS + 7		/* bits 24..31 */
420	pushl	$__ESPFIX_SS
421	pushl	%eax				/* new kernel esp */
422	/*
423	 * Disable interrupts, but do not irqtrace this section: we
424	 * will soon execute iret and the tracer was already set to
425	 * the irqstate after the IRET:
426	 */
427	DISABLE_INTERRUPTS(CLBR_EAX)
428	lss	(%esp), %esp			/* switch to espfix segment */
429	jmp	restore_nocheck
430#endif
431ENDPROC(entry_INT80_32)
432
433.macro FIXUP_ESPFIX_STACK
434/*
435 * Switch back for ESPFIX stack to the normal zerobased stack
436 *
437 * We can't call C functions using the ESPFIX stack. This code reads
438 * the high word of the segment base from the GDT and swiches to the
439 * normal stack and adjusts ESP with the matching offset.
440 */
441#ifdef CONFIG_X86_ESPFIX32
442	/* fixup the stack */
443	mov	GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
444	mov	GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
445	shl	$16, %eax
446	addl	%esp, %eax			/* the adjusted stack pointer */
447	pushl	$__KERNEL_DS
448	pushl	%eax
449	lss	(%esp), %esp			/* switch to the normal stack segment */
450#endif
451.endm
452.macro UNWIND_ESPFIX_STACK
453#ifdef CONFIG_X86_ESPFIX32
454	movl	%ss, %eax
455	/* see if on espfix stack */
456	cmpw	$__ESPFIX_SS, %ax
457	jne	27f
458	movl	$__KERNEL_DS, %eax
459	movl	%eax, %ds
460	movl	%eax, %es
461	/* switch to normal stack */
462	FIXUP_ESPFIX_STACK
46327:
464#endif
465.endm
466
467/*
468 * Build the entry stubs with some assembler magic.
469 * We pack 1 stub into every 8-byte block.
470 */
471	.align 8
472ENTRY(irq_entries_start)
473    vector=FIRST_EXTERNAL_VECTOR
474    .rept (FIRST_SYSTEM_VECTOR - FIRST_EXTERNAL_VECTOR)
475	pushl	$(~vector+0x80)			/* Note: always in signed byte range */
476    vector=vector+1
477	jmp	common_interrupt
478	.align	8
479    .endr
480END(irq_entries_start)
481
482/*
483 * the CPU automatically disables interrupts when executing an IRQ vector,
484 * so IRQ-flags tracing has to follow that:
485 */
486	.p2align CONFIG_X86_L1_CACHE_SHIFT
487common_interrupt:
488	ASM_CLAC
489	addl	$-0x80, (%esp)			/* Adjust vector into the [-256, -1] range */
490	SAVE_ALL
491	TRACE_IRQS_OFF
492	movl	%esp, %eax
493	call	do_IRQ
494	jmp	ret_from_intr
495ENDPROC(common_interrupt)
496
497#define BUILD_INTERRUPT3(name, nr, fn)	\
498ENTRY(name)				\
499	ASM_CLAC;			\
500	pushl	$~(nr);			\
501	SAVE_ALL;			\
502	TRACE_IRQS_OFF			\
503	movl	%esp, %eax;		\
504	call	fn;			\
505	jmp	ret_from_intr;		\
506ENDPROC(name)
507
508
509#ifdef CONFIG_TRACING
510# define TRACE_BUILD_INTERRUPT(name, nr)	BUILD_INTERRUPT3(trace_##name, nr, smp_trace_##name)
511#else
512# define TRACE_BUILD_INTERRUPT(name, nr)
513#endif
514
515#define BUILD_INTERRUPT(name, nr)		\
516	BUILD_INTERRUPT3(name, nr, smp_##name);	\
517	TRACE_BUILD_INTERRUPT(name, nr)
518
519/* The include is where all of the SMP etc. interrupts come from */
520#include <asm/entry_arch.h>
521
522ENTRY(coprocessor_error)
523	ASM_CLAC
524	pushl	$0
525	pushl	$do_coprocessor_error
526	jmp	error_code
527END(coprocessor_error)
528
529ENTRY(simd_coprocessor_error)
530	ASM_CLAC
531	pushl	$0
532#ifdef CONFIG_X86_INVD_BUG
533	/* AMD 486 bug: invd from userspace calls exception 19 instead of #GP */
534	ALTERNATIVE "pushl	$do_general_protection",	\
535		    "pushl	$do_simd_coprocessor_error",	\
536		    X86_FEATURE_XMM
537#else
538	pushl	$do_simd_coprocessor_error
539#endif
540	jmp	error_code
541END(simd_coprocessor_error)
542
543ENTRY(device_not_available)
544	ASM_CLAC
545	pushl	$-1				# mark this as an int
546	pushl	$do_device_not_available
547	jmp	error_code
548END(device_not_available)
549
550#ifdef CONFIG_PARAVIRT
551ENTRY(native_iret)
552	iret
553	_ASM_EXTABLE(native_iret, iret_exc)
554END(native_iret)
555
556ENTRY(native_irq_enable_sysexit)
557	sti
558	sysexit
559END(native_irq_enable_sysexit)
560#endif
561
562ENTRY(overflow)
563	ASM_CLAC
564	pushl	$0
565	pushl	$do_overflow
566	jmp	error_code
567END(overflow)
568
569ENTRY(bounds)
570	ASM_CLAC
571	pushl	$0
572	pushl	$do_bounds
573	jmp	error_code
574END(bounds)
575
576ENTRY(invalid_op)
577	ASM_CLAC
578	pushl	$0
579	pushl	$do_invalid_op
580	jmp	error_code
581END(invalid_op)
582
583ENTRY(coprocessor_segment_overrun)
584	ASM_CLAC
585	pushl	$0
586	pushl	$do_coprocessor_segment_overrun
587	jmp	error_code
588END(coprocessor_segment_overrun)
589
590ENTRY(invalid_TSS)
591	ASM_CLAC
592	pushl	$do_invalid_TSS
593	jmp	error_code
594END(invalid_TSS)
595
596ENTRY(segment_not_present)
597	ASM_CLAC
598	pushl	$do_segment_not_present
599	jmp	error_code
600END(segment_not_present)
601
602ENTRY(stack_segment)
603	ASM_CLAC
604	pushl	$do_stack_segment
605	jmp	error_code
606END(stack_segment)
607
608ENTRY(alignment_check)
609	ASM_CLAC
610	pushl	$do_alignment_check
611	jmp	error_code
612END(alignment_check)
613
614ENTRY(divide_error)
615	ASM_CLAC
616	pushl	$0				# no error code
617	pushl	$do_divide_error
618	jmp	error_code
619END(divide_error)
620
621#ifdef CONFIG_X86_MCE
622ENTRY(machine_check)
623	ASM_CLAC
624	pushl	$0
625	pushl	machine_check_vector
626	jmp	error_code
627END(machine_check)
628#endif
629
630ENTRY(spurious_interrupt_bug)
631	ASM_CLAC
632	pushl	$0
633	pushl	$do_spurious_interrupt_bug
634	jmp	error_code
635END(spurious_interrupt_bug)
636
637#ifdef CONFIG_XEN
638/*
639 * Xen doesn't set %esp to be precisely what the normal SYSENTER
640 * entry point expects, so fix it up before using the normal path.
641 */
642ENTRY(xen_sysenter_target)
643	addl	$5*4, %esp			/* remove xen-provided frame */
644	jmp	sysenter_past_esp
645
646ENTRY(xen_hypervisor_callback)
647	pushl	$-1				/* orig_ax = -1 => not a system call */
648	SAVE_ALL
649	TRACE_IRQS_OFF
650
651	/*
652	 * Check to see if we got the event in the critical
653	 * region in xen_iret_direct, after we've reenabled
654	 * events and checked for pending events.  This simulates
655	 * iret instruction's behaviour where it delivers a
656	 * pending interrupt when enabling interrupts:
657	 */
658	movl	PT_EIP(%esp), %eax
659	cmpl	$xen_iret_start_crit, %eax
660	jb	1f
661	cmpl	$xen_iret_end_crit, %eax
662	jae	1f
663
664	jmp	xen_iret_crit_fixup
665
666ENTRY(xen_do_upcall)
6671:	mov	%esp, %eax
668	call	xen_evtchn_do_upcall
669#ifndef CONFIG_PREEMPT
670	call	xen_maybe_preempt_hcall
671#endif
672	jmp	ret_from_intr
673ENDPROC(xen_hypervisor_callback)
674
675/*
676 * Hypervisor uses this for application faults while it executes.
677 * We get here for two reasons:
678 *  1. Fault while reloading DS, ES, FS or GS
679 *  2. Fault while executing IRET
680 * Category 1 we fix up by reattempting the load, and zeroing the segment
681 * register if the load fails.
682 * Category 2 we fix up by jumping to do_iret_error. We cannot use the
683 * normal Linux return path in this case because if we use the IRET hypercall
684 * to pop the stack frame we end up in an infinite loop of failsafe callbacks.
685 * We distinguish between categories by maintaining a status value in EAX.
686 */
687ENTRY(xen_failsafe_callback)
688	pushl	%eax
689	movl	$1, %eax
6901:	mov	4(%esp), %ds
6912:	mov	8(%esp), %es
6923:	mov	12(%esp), %fs
6934:	mov	16(%esp), %gs
694	/* EAX == 0 => Category 1 (Bad segment)
695	   EAX != 0 => Category 2 (Bad IRET) */
696	testl	%eax, %eax
697	popl	%eax
698	lea	16(%esp), %esp
699	jz	5f
700	jmp	iret_exc
7015:	pushl	$-1				/* orig_ax = -1 => not a system call */
702	SAVE_ALL
703	jmp	ret_from_exception
704
705.section .fixup, "ax"
7066:	xorl	%eax, %eax
707	movl	%eax, 4(%esp)
708	jmp	1b
7097:	xorl	%eax, %eax
710	movl	%eax, 8(%esp)
711	jmp	2b
7128:	xorl	%eax, %eax
713	movl	%eax, 12(%esp)
714	jmp	3b
7159:	xorl	%eax, %eax
716	movl	%eax, 16(%esp)
717	jmp	4b
718.previous
719	_ASM_EXTABLE(1b, 6b)
720	_ASM_EXTABLE(2b, 7b)
721	_ASM_EXTABLE(3b, 8b)
722	_ASM_EXTABLE(4b, 9b)
723ENDPROC(xen_failsafe_callback)
724
725BUILD_INTERRUPT3(xen_hvm_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
726		xen_evtchn_do_upcall)
727
728#endif /* CONFIG_XEN */
729
730#if IS_ENABLED(CONFIG_HYPERV)
731
732BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
733	hyperv_vector_handler)
734
735#endif /* CONFIG_HYPERV */
736
737#ifdef CONFIG_FUNCTION_TRACER
738#ifdef CONFIG_DYNAMIC_FTRACE
739
740ENTRY(mcount)
741	ret
742END(mcount)
743
744ENTRY(ftrace_caller)
745	pushl	%eax
746	pushl	%ecx
747	pushl	%edx
748	pushl	$0				/* Pass NULL as regs pointer */
749	movl	4*4(%esp), %eax
750	movl	0x4(%ebp), %edx
751	movl	function_trace_op, %ecx
752	subl	$MCOUNT_INSN_SIZE, %eax
753
754.globl ftrace_call
755ftrace_call:
756	call	ftrace_stub
757
758	addl	$4, %esp			/* skip NULL pointer */
759	popl	%edx
760	popl	%ecx
761	popl	%eax
762ftrace_ret:
763#ifdef CONFIG_FUNCTION_GRAPH_TRACER
764.globl ftrace_graph_call
765ftrace_graph_call:
766	jmp	ftrace_stub
767#endif
768
769.globl ftrace_stub
770ftrace_stub:
771	ret
772END(ftrace_caller)
773
774ENTRY(ftrace_regs_caller)
775	pushf	/* push flags before compare (in cs location) */
776
777	/*
778	 * i386 does not save SS and ESP when coming from kernel.
779	 * Instead, to get sp, &regs->sp is used (see ptrace.h).
780	 * Unfortunately, that means eflags must be at the same location
781	 * as the current return ip is. We move the return ip into the
782	 * ip location, and move flags into the return ip location.
783	 */
784	pushl	4(%esp)				/* save return ip into ip slot */
785
786	pushl	$0				/* Load 0 into orig_ax */
787	pushl	%gs
788	pushl	%fs
789	pushl	%es
790	pushl	%ds
791	pushl	%eax
792	pushl	%ebp
793	pushl	%edi
794	pushl	%esi
795	pushl	%edx
796	pushl	%ecx
797	pushl	%ebx
798
799	movl	13*4(%esp), %eax		/* Get the saved flags */
800	movl	%eax, 14*4(%esp)		/* Move saved flags into regs->flags location */
801						/* clobbering return ip */
802	movl	$__KERNEL_CS, 13*4(%esp)
803
804	movl	12*4(%esp), %eax		/* Load ip (1st parameter) */
805	subl	$MCOUNT_INSN_SIZE, %eax		/* Adjust ip */
806	movl	0x4(%ebp), %edx			/* Load parent ip (2nd parameter) */
807	movl	function_trace_op, %ecx		/* Save ftrace_pos in 3rd parameter */
808	pushl	%esp				/* Save pt_regs as 4th parameter */
809
810GLOBAL(ftrace_regs_call)
811	call	ftrace_stub
812
813	addl	$4, %esp			/* Skip pt_regs */
814	movl	14*4(%esp), %eax		/* Move flags back into cs */
815	movl	%eax, 13*4(%esp)		/* Needed to keep addl	from modifying flags */
816	movl	12*4(%esp), %eax		/* Get return ip from regs->ip */
817	movl	%eax, 14*4(%esp)		/* Put return ip back for ret */
818
819	popl	%ebx
820	popl	%ecx
821	popl	%edx
822	popl	%esi
823	popl	%edi
824	popl	%ebp
825	popl	%eax
826	popl	%ds
827	popl	%es
828	popl	%fs
829	popl	%gs
830	addl	$8, %esp			/* Skip orig_ax and ip */
831	popf					/* Pop flags at end (no addl to corrupt flags) */
832	jmp	ftrace_ret
833
834	popf
835	jmp	ftrace_stub
836#else /* ! CONFIG_DYNAMIC_FTRACE */
837
838ENTRY(mcount)
839	cmpl	$__PAGE_OFFSET, %esp
840	jb	ftrace_stub			/* Paging not enabled yet? */
841
842	cmpl	$ftrace_stub, ftrace_trace_function
843	jnz	trace
844#ifdef CONFIG_FUNCTION_GRAPH_TRACER
845	cmpl	$ftrace_stub, ftrace_graph_return
846	jnz	ftrace_graph_caller
847
848	cmpl	$ftrace_graph_entry_stub, ftrace_graph_entry
849	jnz	ftrace_graph_caller
850#endif
851.globl ftrace_stub
852ftrace_stub:
853	ret
854
855	/* taken from glibc */
856trace:
857	pushl	%eax
858	pushl	%ecx
859	pushl	%edx
860	movl	0xc(%esp), %eax
861	movl	0x4(%ebp), %edx
862	subl	$MCOUNT_INSN_SIZE, %eax
863
864	call	*ftrace_trace_function
865
866	popl	%edx
867	popl	%ecx
868	popl	%eax
869	jmp	ftrace_stub
870END(mcount)
871#endif /* CONFIG_DYNAMIC_FTRACE */
872#endif /* CONFIG_FUNCTION_TRACER */
873
874#ifdef CONFIG_FUNCTION_GRAPH_TRACER
875ENTRY(ftrace_graph_caller)
876	pushl	%eax
877	pushl	%ecx
878	pushl	%edx
879	movl	0xc(%esp), %eax
880	lea	0x4(%ebp), %edx
881	movl	(%ebp), %ecx
882	subl	$MCOUNT_INSN_SIZE, %eax
883	call	prepare_ftrace_return
884	popl	%edx
885	popl	%ecx
886	popl	%eax
887	ret
888END(ftrace_graph_caller)
889
890.globl return_to_handler
891return_to_handler:
892	pushl	%eax
893	pushl	%edx
894	movl	%ebp, %eax
895	call	ftrace_return_to_handler
896	movl	%eax, %ecx
897	popl	%edx
898	popl	%eax
899	jmp	*%ecx
900#endif
901
902#ifdef CONFIG_TRACING
903ENTRY(trace_page_fault)
904	ASM_CLAC
905	pushl	$trace_do_page_fault
906	jmp	error_code
907END(trace_page_fault)
908#endif
909
910ENTRY(page_fault)
911	ASM_CLAC
912	pushl	$do_page_fault
913	ALIGN
914error_code:
915	/* the function address is in %gs's slot on the stack */
916	pushl	%fs
917	pushl	%es
918	pushl	%ds
919	pushl	%eax
920	pushl	%ebp
921	pushl	%edi
922	pushl	%esi
923	pushl	%edx
924	pushl	%ecx
925	pushl	%ebx
926	cld
927	movl	$(__KERNEL_PERCPU), %ecx
928	movl	%ecx, %fs
929	UNWIND_ESPFIX_STACK
930	GS_TO_REG %ecx
931	movl	PT_GS(%esp), %edi		# get the function address
932	movl	PT_ORIG_EAX(%esp), %edx		# get the error code
933	movl	$-1, PT_ORIG_EAX(%esp)		# no syscall to restart
934	REG_TO_PTGS %ecx
935	SET_KERNEL_GS %ecx
936	movl	$(__USER_DS), %ecx
937	movl	%ecx, %ds
938	movl	%ecx, %es
939	TRACE_IRQS_OFF
940	movl	%esp, %eax			# pt_regs pointer
941	call	*%edi
942	jmp	ret_from_exception
943END(page_fault)
944
945/*
946 * Debug traps and NMI can happen at the one SYSENTER instruction
947 * that sets up the real kernel stack. Check here, since we can't
948 * allow the wrong stack to be used.
949 *
950 * "TSS_sysenter_sp0+12" is because the NMI/debug handler will have
951 * already pushed 3 words if it hits on the sysenter instruction:
952 * eflags, cs and eip.
953 *
954 * We just load the right stack, and push the three (known) values
955 * by hand onto the new stack - while updating the return eip past
956 * the instruction that would have done it for sysenter.
957 */
958.macro FIX_STACK offset ok label
959	cmpw	$__KERNEL_CS, 4(%esp)
960	jne	\ok
961\label:
962	movl	TSS_sysenter_sp0 + \offset(%esp), %esp
963	pushfl
964	pushl	$__KERNEL_CS
965	pushl	$sysenter_past_esp
966.endm
967
968ENTRY(debug)
969	ASM_CLAC
970	cmpl	$entry_SYSENTER_32, (%esp)
971	jne	debug_stack_correct
972	FIX_STACK 12, debug_stack_correct, debug_esp_fix_insn
973debug_stack_correct:
974	pushl	$-1				# mark this as an int
975	SAVE_ALL
976	TRACE_IRQS_OFF
977	xorl	%edx, %edx			# error code 0
978	movl	%esp, %eax			# pt_regs pointer
979	call	do_debug
980	jmp	ret_from_exception
981END(debug)
982
983/*
984 * NMI is doubly nasty. It can happen _while_ we're handling
985 * a debug fault, and the debug fault hasn't yet been able to
986 * clear up the stack. So we first check whether we got  an
987 * NMI on the sysenter entry path, but after that we need to
988 * check whether we got an NMI on the debug path where the debug
989 * fault happened on the sysenter path.
990 */
991ENTRY(nmi)
992	ASM_CLAC
993#ifdef CONFIG_X86_ESPFIX32
994	pushl	%eax
995	movl	%ss, %eax
996	cmpw	$__ESPFIX_SS, %ax
997	popl	%eax
998	je	nmi_espfix_stack
999#endif
1000	cmpl	$entry_SYSENTER_32, (%esp)
1001	je	nmi_stack_fixup
1002	pushl	%eax
1003	movl	%esp, %eax
1004	/*
1005	 * Do not access memory above the end of our stack page,
1006	 * it might not exist.
1007	 */
1008	andl	$(THREAD_SIZE-1), %eax
1009	cmpl	$(THREAD_SIZE-20), %eax
1010	popl	%eax
1011	jae	nmi_stack_correct
1012	cmpl	$entry_SYSENTER_32, 12(%esp)
1013	je	nmi_debug_stack_check
1014nmi_stack_correct:
1015	pushl	%eax
1016	SAVE_ALL
1017	xorl	%edx, %edx			# zero error code
1018	movl	%esp, %eax			# pt_regs pointer
1019	call	do_nmi
1020	jmp	restore_all_notrace
1021
1022nmi_stack_fixup:
1023	FIX_STACK 12, nmi_stack_correct, 1
1024	jmp	nmi_stack_correct
1025
1026nmi_debug_stack_check:
1027	cmpw	$__KERNEL_CS, 16(%esp)
1028	jne	nmi_stack_correct
1029	cmpl	$debug, (%esp)
1030	jb	nmi_stack_correct
1031	cmpl	$debug_esp_fix_insn, (%esp)
1032	ja	nmi_stack_correct
1033	FIX_STACK 24, nmi_stack_correct, 1
1034	jmp	nmi_stack_correct
1035
1036#ifdef CONFIG_X86_ESPFIX32
1037nmi_espfix_stack:
1038	/*
1039	 * create the pointer to lss back
1040	 */
1041	pushl	%ss
1042	pushl	%esp
1043	addl	$4, (%esp)
1044	/* copy the iret frame of 12 bytes */
1045	.rept 3
1046	pushl	16(%esp)
1047	.endr
1048	pushl	%eax
1049	SAVE_ALL
1050	FIXUP_ESPFIX_STACK			# %eax == %esp
1051	xorl	%edx, %edx			# zero error code
1052	call	do_nmi
1053	RESTORE_REGS
1054	lss	12+4(%esp), %esp		# back to espfix stack
1055	jmp	irq_return
1056#endif
1057END(nmi)
1058
1059ENTRY(int3)
1060	ASM_CLAC
1061	pushl	$-1				# mark this as an int
1062	SAVE_ALL
1063	TRACE_IRQS_OFF
1064	xorl	%edx, %edx			# zero error code
1065	movl	%esp, %eax			# pt_regs pointer
1066	call	do_int3
1067	jmp	ret_from_exception
1068END(int3)
1069
1070ENTRY(general_protection)
1071	pushl	$do_general_protection
1072	jmp	error_code
1073END(general_protection)
1074
1075#ifdef CONFIG_KVM_GUEST
1076ENTRY(async_page_fault)
1077	ASM_CLAC
1078	pushl	$do_async_page_fault
1079	jmp	error_code
1080END(async_page_fault)
1081#endif
1082