2 * Low-level exception handling code
4 * Copyright (C) 2012 ARM Ltd.
5 * Authors: Catalin Marinas <catalin.marinas@arm.com>
6 * Will Deacon <will.deacon@arm.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include <linux/arm-smccc.h>
22 #include <linux/init.h>
23 #include <linux/linkage.h>
25 #include <asm/alternative.h>
26 #include <asm/assembler.h>
27 #include <asm/asm-offsets.h>
28 #include <asm/cpufeature.h>
29 #include <asm/errno.h>
32 #include <asm/memory.h>
34 #include <asm/processor.h>
35 #include <asm/thread_info.h>
36 #include <asm/asm-uaccess.h>
37 #include <asm/unistd.h>
38 #include <asm/kernel-pgtable.h>
41 * Context tracking subsystem. Used to instrument transitions
42 * between user and kernel mode.
44 .macro ct_user_exit, syscall = 0
45 #ifdef CONFIG_CONTEXT_TRACKING
46 bl context_tracking_user_exit
49 * Save/restore needed during syscalls. Restore syscall arguments from
50 * the values already saved on stack during kernel_entry.
53 ldp x2, x3, [sp, #S_X2]
54 ldp x4, x5, [sp, #S_X4]
55 ldp x6, x7, [sp, #S_X6]
61 #ifdef CONFIG_CONTEXT_TRACKING
62 bl context_tracking_user_enter
75 .macro kernel_ventry, el, label, regsize = 64
80 * This must be the first instruction of the EL0 vector entries. It is
81 * skipped by the trampoline vectors, to trigger the cleanup.
83 b .Lskip_tramp_vectors_cleanup\@
90 .Lskip_tramp_vectors_cleanup\@:
93 sub sp, sp, #S_FRAME_SIZE
95 .org .Lventry_start\@ + 128 // Did we overflow the ventry slot?
98 .macro tramp_alias, dst, sym, tmp
99 mov_q \dst, TRAMP_VALIAS
102 adr_l \tmp, .entry.tramp.text
106 // This macro corrupts x0-x3. It is the caller's duty
107 // to save/restore them if required.
108 .macro apply_ssbd, state, targ, tmp1, tmp2
109 #ifdef CONFIG_ARM64_SSBD
110 alternative_cb arm64_enable_wa2_handling
113 ldr_this_cpu \tmp2, arm64_ssbd_callback_required, \tmp1
115 ldr \tmp2, [tsk, #TI_FLAGS]
116 tbnz \tmp2, #TIF_SSBD, \targ
117 mov w0, #ARM_SMCCC_ARCH_WORKAROUND_2
119 alternative_cb arm64_update_smccc_conduit
120 nop // Patched to SMC/HVC #0
125 .macro kernel_entry, el, regsize = 64
127 mov w0, w0 // zero upper 32 bits of x0
129 stp x0, x1, [sp, #16 * 0]
130 stp x2, x3, [sp, #16 * 1]
131 stp x4, x5, [sp, #16 * 2]
132 stp x6, x7, [sp, #16 * 3]
133 stp x8, x9, [sp, #16 * 4]
134 stp x10, x11, [sp, #16 * 5]
135 stp x12, x13, [sp, #16 * 6]
136 stp x14, x15, [sp, #16 * 7]
137 stp x16, x17, [sp, #16 * 8]
138 stp x18, x19, [sp, #16 * 9]
139 stp x20, x21, [sp, #16 * 10]
140 stp x22, x23, [sp, #16 * 11]
141 stp x24, x25, [sp, #16 * 12]
142 stp x26, x27, [sp, #16 * 13]
143 stp x28, x29, [sp, #16 * 14]
148 and tsk, tsk, #~(THREAD_SIZE - 1) // Ensure MDSCR_EL1.SS is clear,
149 ldr x19, [tsk, #TI_FLAGS] // since we can unmask debug
150 disable_step_tsk x19, x20 // exceptions when scheduling.
152 apply_ssbd 1, 1f, x22, x23
154 #ifdef CONFIG_ARM64_SSBD
155 ldp x0, x1, [sp, #16 * 0]
156 ldp x2, x3, [sp, #16 * 1]
160 mov x29, xzr // fp pointed to user-space
162 add x21, sp, #S_FRAME_SIZE
164 /* Save the task's original addr_limit and set USER_DS */
165 ldr x20, [tsk, #TI_ADDR_LIMIT]
166 str x20, [sp, #S_ORIG_ADDR_LIMIT]
168 str x20, [tsk, #TI_ADDR_LIMIT]
169 /* No need to reset PSTATE.UAO, hardware's already set it to 0 for us */
170 .endif /* \el == 0 */
173 stp lr, x21, [sp, #S_LR]
174 stp x22, x23, [sp, #S_PC]
177 * Set syscallno to -1 by default (overridden later if real syscall).
181 str x21, [sp, #S_SYSCALLNO]
185 * Set sp_el0 to current thread_info.
192 * Registers that may be useful after this macro is invoked:
196 * x23 - aborted PSTATE
200 .macro kernel_exit, el
202 /* Restore the task's original addr_limit. */
203 ldr x20, [sp, #S_ORIG_ADDR_LIMIT]
204 str x20, [tsk, #TI_ADDR_LIMIT]
206 /* No need to restore UAO, it will be restored from SPSR_EL1 */
209 ldp x21, x22, [sp, #S_PC] // load ELR, SPSR
212 ldr x23, [sp, #S_SP] // load return stack pointer
214 tst x22, #PSR_MODE32_BIT // native task?
217 #ifdef CONFIG_ARM64_ERRATUM_845719
218 alternative_if ARM64_WORKAROUND_845719
219 #ifdef CONFIG_PID_IN_CONTEXTIDR
220 mrs x29, contextidr_el1
221 msr contextidr_el1, x29
223 msr contextidr_el1, xzr
225 alternative_else_nop_endif
228 apply_ssbd 0, 5f, x0, x1
231 msr elr_el1, x21 // set up the return data
233 ldp x0, x1, [sp, #16 * 0]
234 ldp x2, x3, [sp, #16 * 1]
235 ldp x4, x5, [sp, #16 * 2]
236 ldp x6, x7, [sp, #16 * 3]
237 ldp x8, x9, [sp, #16 * 4]
238 ldp x10, x11, [sp, #16 * 5]
239 ldp x12, x13, [sp, #16 * 6]
240 ldp x14, x15, [sp, #16 * 7]
241 ldp x16, x17, [sp, #16 * 8]
242 ldp x18, x19, [sp, #16 * 9]
243 ldp x20, x21, [sp, #16 * 10]
244 ldp x22, x23, [sp, #16 * 11]
245 ldp x24, x25, [sp, #16 * 12]
246 ldp x26, x27, [sp, #16 * 13]
247 ldp x28, x29, [sp, #16 * 14]
250 alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0
252 add sp, sp, #S_FRAME_SIZE // restore sp
254 alternative_else_nop_endif
255 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
258 tramp_alias x30, tramp_exit_native, x29
261 tramp_alias x30, tramp_exit_compat, x29
266 add sp, sp, #S_FRAME_SIZE // restore sp
271 .macro get_thread_info, rd
275 .macro irq_stack_entry
276 mov x19, sp // preserve the original sp
279 * Compare sp with the current thread_info, if the top
280 * ~(THREAD_SIZE - 1) bits match, we are on a task stack, and
281 * should switch to the irq stack.
283 and x25, x19, #~(THREAD_SIZE - 1)
287 adr_this_cpu x25, irq_stack, x26
288 mov x26, #IRQ_STACK_START_SP
291 /* switch to the irq stack */
295 * Add a dummy stack frame, this non-standard format is fixed up
298 stp x29, x19, [sp, #-16]!
305 * x19 should be preserved between irq_stack_entry and
308 .macro irq_stack_exit
313 * These are the registers used in the syscall handler, and allow us to
314 * have in theory up to 7 arguments to a function - x0 to x6.
316 * x7 is reserved for the system call number in 32-bit mode.
318 sc_nr .req x25 // number of system calls
319 scno .req x26 // syscall number
320 stbl .req x27 // syscall table pointer
321 tsk .req x28 // current thread_info
324 * Interrupt handling.
327 ldr_l x1, handle_arch_irq
339 .pushsection ".entry.text", "ax"
343 kernel_ventry 1, sync_invalid // Synchronous EL1t
344 kernel_ventry 1, irq_invalid // IRQ EL1t
345 kernel_ventry 1, fiq_invalid // FIQ EL1t
346 kernel_ventry 1, error_invalid // Error EL1t
348 kernel_ventry 1, sync // Synchronous EL1h
349 kernel_ventry 1, irq // IRQ EL1h
350 kernel_ventry 1, fiq_invalid // FIQ EL1h
351 kernel_ventry 1, error_invalid // Error EL1h
353 kernel_ventry 0, sync // Synchronous 64-bit EL0
354 kernel_ventry 0, irq // IRQ 64-bit EL0
355 kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0
356 kernel_ventry 0, error_invalid // Error 64-bit EL0
359 kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0
360 kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0
361 kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0
362 kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0
364 kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0
365 kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0
366 kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0
367 kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0
372 * Invalid mode handlers
374 .macro inv_entry, el, reason, regsize = 64
375 kernel_entry \el, \regsize
383 inv_entry 0, BAD_SYNC
384 ENDPROC(el0_sync_invalid)
388 ENDPROC(el0_irq_invalid)
392 ENDPROC(el0_fiq_invalid)
395 inv_entry 0, BAD_ERROR
396 ENDPROC(el0_error_invalid)
399 el0_fiq_invalid_compat:
400 inv_entry 0, BAD_FIQ, 32
401 ENDPROC(el0_fiq_invalid_compat)
403 el0_error_invalid_compat:
404 inv_entry 0, BAD_ERROR, 32
405 ENDPROC(el0_error_invalid_compat)
409 inv_entry 1, BAD_SYNC
410 ENDPROC(el1_sync_invalid)
414 ENDPROC(el1_irq_invalid)
418 ENDPROC(el1_fiq_invalid)
421 inv_entry 1, BAD_ERROR
422 ENDPROC(el1_error_invalid)
430 mrs x1, esr_el1 // read the syndrome register
431 lsr x24, x1, #ESR_ELx_EC_SHIFT // exception class
432 cmp x24, #ESR_ELx_EC_DABT_CUR // data abort in EL1
434 cmp x24, #ESR_ELx_EC_IABT_CUR // instruction abort in EL1
436 cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
438 cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception
440 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
442 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL1
444 cmp x24, #ESR_ELx_EC_BREAKPT_CUR // debug exception in EL1
450 * Fall through to the Data abort case
454 * Data abort handling
458 // re-enable interrupts if they were enabled in the aborted context
459 tbnz x23, #7, 1f // PSR_I_BIT
462 clear_address_tag x0, x3
463 mov x2, sp // struct pt_regs
466 // disable interrupts before pulling preserved data off the stack
471 * Stack or PC alignment exception handling
479 * Undefined instruction
486 * Debug exception handling
488 cmp x24, #ESR_ELx_EC_BRK64 // if BRK64
489 cinc x24, x24, eq // set bit '0'
490 tbz x24, #0, el1_inv // EL1 only
492 mov x2, sp // struct pt_regs
493 bl do_debug_exception
496 // TODO: add support for undefined instructions in kernel mode
508 #ifdef CONFIG_TRACE_IRQFLAGS
509 bl trace_hardirqs_off
514 #ifdef CONFIG_PREEMPT
515 ldr w24, [tsk, #TI_PREEMPT] // get preempt count
516 cbnz w24, 1f // preempt count != 0
517 ldr x0, [tsk, #TI_FLAGS] // get flags
518 tbz x0, #TIF_NEED_RESCHED, 1f // needs rescheduling?
522 #ifdef CONFIG_TRACE_IRQFLAGS
528 #ifdef CONFIG_PREEMPT
531 1: bl preempt_schedule_irq // irq en/disable is done inside
532 ldr x0, [tsk, #TI_FLAGS] // get new tasks TI_FLAGS
533 tbnz x0, #TIF_NEED_RESCHED, 1b // needs rescheduling?
543 mrs x25, esr_el1 // read the syndrome register
544 lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
545 cmp x24, #ESR_ELx_EC_SVC64 // SVC in 64-bit state
547 cmp x24, #ESR_ELx_EC_DABT_LOW // data abort in EL0
549 cmp x24, #ESR_ELx_EC_IABT_LOW // instruction abort in EL0
551 cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
553 cmp x24, #ESR_ELx_EC_FP_EXC64 // FP/ASIMD exception
555 cmp x24, #ESR_ELx_EC_SYS64 // configurable trap
557 cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception
559 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
561 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0
563 cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0
571 mrs x25, esr_el1 // read the syndrome register
572 lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
573 cmp x24, #ESR_ELx_EC_SVC32 // SVC in 32-bit state
575 cmp x24, #ESR_ELx_EC_DABT_LOW // data abort in EL0
577 cmp x24, #ESR_ELx_EC_IABT_LOW // instruction abort in EL0
579 cmp x24, #ESR_ELx_EC_FP_ASIMD // FP/ASIMD access
581 cmp x24, #ESR_ELx_EC_FP_EXC32 // FP/ASIMD exception
583 cmp x24, #ESR_ELx_EC_PC_ALIGN // pc alignment exception
585 cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0
587 cmp x24, #ESR_ELx_EC_CP15_32 // CP15 MRC/MCR trap
589 cmp x24, #ESR_ELx_EC_CP15_64 // CP15 MRRC/MCRR trap
591 cmp x24, #ESR_ELx_EC_CP14_MR // CP14 MRC/MCR trap
593 cmp x24, #ESR_ELx_EC_CP14_LS // CP14 LDC/STC trap
595 cmp x24, #ESR_ELx_EC_CP14_64 // CP14 MRRC/MCRR trap
597 cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0
602 * AArch32 syscall handling
604 adrp stbl, compat_sys_call_table // load compat syscall table pointer
605 uxtw scno, w7 // syscall number in w7 (r7)
606 mov sc_nr, #__NR_compat_syscalls
617 * Data abort handling
620 // enable interrupts before calling the main handler
623 clear_address_tag x0, x26
630 * Instruction abort handling
633 msr daifclr, #(8 | 4 | 1)
634 #ifdef CONFIG_TRACE_IRQFLAGS
635 bl trace_hardirqs_off
641 bl do_el0_ia_bp_hardening
645 * Floating Point or Advanced SIMD access
655 * Floating Point or Advanced SIMD exception
665 * Stack or PC alignment exception handling
669 #ifdef CONFIG_TRACE_IRQFLAGS
670 bl trace_hardirqs_off
680 * Undefined instruction
682 // enable interrupts before calling the main handler
690 * System instructions, for trapped cache maintenance instructions
700 * Debug exception handling
702 tbnz x24, #0, el0_inv // EL0 only
706 bl do_debug_exception
725 #ifdef CONFIG_TRACE_IRQFLAGS
726 bl trace_hardirqs_off
730 #ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
732 bl do_el0_irq_bp_hardening
737 #ifdef CONFIG_TRACE_IRQFLAGS
744 * Register switch for AArch64. The callee-saved registers need to be saved
745 * and restored. On entry:
746 * x0 = previous task_struct (must be preserved across the switch)
747 * x1 = next task_struct
748 * Previous and next are guaranteed not to be the same.
752 mov x10, #THREAD_CPU_CONTEXT
755 stp x19, x20, [x8], #16 // store callee-saved registers
756 stp x21, x22, [x8], #16
757 stp x23, x24, [x8], #16
758 stp x25, x26, [x8], #16
759 stp x27, x28, [x8], #16
760 stp x29, x9, [x8], #16
763 ldp x19, x20, [x8], #16 // restore callee-saved registers
764 ldp x21, x22, [x8], #16
765 ldp x23, x24, [x8], #16
766 ldp x25, x26, [x8], #16
767 ldp x27, x28, [x8], #16
768 ldp x29, x9, [x8], #16
771 and x9, x9, #~(THREAD_SIZE - 1)
774 ENDPROC(cpu_switch_to)
777 * This is the fast syscall return path. We do as little as possible here,
778 * and this includes saving x0 back into the kernel stack.
781 disable_irq // disable interrupts
782 str x0, [sp, #S_X0] // returned x0
783 ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing
784 and x2, x1, #_TIF_SYSCALL_WORK
785 cbnz x2, ret_fast_syscall_trace
786 and x2, x1, #_TIF_WORK_MASK
787 cbnz x2, work_pending
788 enable_step_tsk x1, x2
790 ret_fast_syscall_trace:
791 enable_irq // enable interrupts
792 b __sys_trace_return_skipped // we already saved x0
795 * Ok, we need to do extra processing, enter the slow path.
800 #ifdef CONFIG_TRACE_IRQFLAGS
801 bl trace_hardirqs_on // enabled while in userspace
803 ldr x1, [tsk, #TI_FLAGS] // re-check for single-step
806 * "slow" syscall return path.
809 disable_irq // disable interrupts
810 ldr x1, [tsk, #TI_FLAGS]
811 and x2, x1, #_TIF_WORK_MASK
812 cbnz x2, work_pending
814 enable_step_tsk x1, x2
819 * This is how we return from a fork.
823 cbz x19, 1f // not a kernel thread
826 1: get_thread_info tsk
828 ENDPROC(ret_from_fork)
835 adrp stbl, sys_call_table // load syscall table pointer
836 uxtw scno, w8 // syscall number in w8
837 mov sc_nr, #__NR_syscalls
838 el0_svc_naked: // compat entry point
839 stp x0, scno, [sp, #S_ORIG_X0] // save the original x0 and syscall number
843 ldr x16, [tsk, #TI_FLAGS] // check for syscall hooks
844 tst x16, #_TIF_SYSCALL_WORK
846 cmp scno, sc_nr // check upper syscall limit
848 mask_nospec64 scno, sc_nr, x19 // enforce bounds for syscall number
849 ldr x16, [stbl, scno, lsl #3] // address in the syscall table
850 blr x16 // call sys_* routine
859 * This is the really slow path. We're going to be doing context
860 * switches, and waiting for our parent to respond.
863 mov w0, #-1 // set default errno for
864 cmp scno, x0 // user-issued syscall(-1)
869 bl syscall_trace_enter
870 cmp w0, #-1 // skip the syscall?
871 b.eq __sys_trace_return_skipped
872 uxtw scno, w0 // syscall number (possibly new)
873 mov x1, sp // pointer to regs
874 cmp scno, sc_nr // check upper syscall limit
876 ldp x0, x1, [sp] // restore the syscall args
877 ldp x2, x3, [sp, #S_X2]
878 ldp x4, x5, [sp, #S_X4]
879 ldp x6, x7, [sp, #S_X6]
880 ldr x16, [stbl, scno, lsl #3] // address in the syscall table
881 blr x16 // call sys_* routine
884 str x0, [sp, #S_X0] // save returned x0
885 __sys_trace_return_skipped:
887 bl syscall_trace_exit
895 .popsection // .entry.text
897 // Move from tramp_pg_dir to swapper_pg_dir
898 .macro tramp_map_kernel, tmp
900 sub \tmp, \tmp, #SWAPPER_DIR_SIZE
901 bic \tmp, \tmp, #USER_ASID_FLAG
905 .macro tramp_unmap_kernel, tmp
907 add \tmp, \tmp, #SWAPPER_DIR_SIZE
908 orr \tmp, \tmp, #USER_ASID_FLAG
911 * We avoid running the post_ttbr_update_workaround here because
912 * it's only needed by Cavium ThunderX, which requires KPTI to be
917 .macro tramp_data_page dst
918 adr_l \dst, .entry.tramp.text
919 sub \dst, \dst, PAGE_SIZE
922 .macro tramp_data_read_var dst, var
923 #ifdef CONFIG_RANDOMIZE_BASE
925 add \dst, \dst, #:lo12:__entry_tramp_data_\var
932 #define BHB_MITIGATION_NONE 0
933 #define BHB_MITIGATION_LOOP 1
934 #define BHB_MITIGATION_FW 2
935 #define BHB_MITIGATION_INSN 3
937 .macro tramp_ventry, vector_start, regsize, kpti, bhb
941 msr tpidrro_el0, x30 // Restored in kernel_ventry
944 .if \bhb == BHB_MITIGATION_LOOP
946 * This sequence must appear before the first indirect branch. i.e. the
947 * ret out of tramp_ventry. It appears here because x30 is free.
949 __mitigate_spectre_bhb_loop x30
950 .endif // \bhb == BHB_MITIGATION_LOOP
952 .if \bhb == BHB_MITIGATION_INSN
955 .endif // \bhb == BHB_MITIGATION_INSN
959 * Defend against branch aliasing attacks by pushing a dummy
960 * entry onto the return stack and using a RET instruction to
961 * enter the full-fat kernel vectors.
968 tramp_data_read_var x30, vectors
969 prfm plil1strm, [x30, #(1b - \vector_start)]
976 .if \bhb == BHB_MITIGATION_FW
978 * The firmware sequence must appear before the first indirect branch.
979 * i.e. the ret out of tramp_ventry. But it also needs the stack to be
980 * mapped to save/restore the registers the SMC clobbers.
982 __mitigate_spectre_bhb_fw
983 .endif // \bhb == BHB_MITIGATION_FW
985 add x30, x30, #(1b - \vector_start + 4)
987 .org 1b + 128 // Did we overflow the ventry slot?
990 .macro tramp_exit, regsize = 64
991 tramp_data_read_var x30, this_cpu_vector
992 alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
1001 tramp_unmap_kernel x29
1005 add sp, sp, #S_FRAME_SIZE // restore sp
1009 .macro generate_tramp_vector, kpti, bhb
1014 tramp_ventry .Lvector_start\@, 64, \kpti, \bhb
1017 tramp_ventry .Lvector_start\@, 32, \kpti, \bhb
1021 #ifdef CONFIG_UNMAP_KERNEL_AT_EL0
1023 * Exception vectors trampoline.
1024 * The order must match __bp_harden_el1_vectors and the
1025 * arm64_bp_harden_el1_vectors enum.
1027 .pushsection ".entry.tramp.text", "ax"
1029 ENTRY(tramp_vectors)
1030 #ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
1031 generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_LOOP
1032 generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_FW
1033 generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_INSN
1034 #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
1035 generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_NONE
1038 ENTRY(tramp_exit_native)
1040 END(tramp_exit_native)
1042 ENTRY(tramp_exit_compat)
1044 END(tramp_exit_compat)
1047 .popsection // .entry.tramp.text
1048 #ifdef CONFIG_RANDOMIZE_BASE
1049 .pushsection ".rodata", "a"
1051 .globl __entry_tramp_data_start
1052 __entry_tramp_data_start:
1053 __entry_tramp_data_vectors:
1055 #ifdef CONFIG_ARM_SDE_INTERFACE
1056 __entry_tramp_data___sdei_asm_trampoline_next_handler:
1057 .quad __sdei_asm_handler
1058 #endif /* CONFIG_ARM_SDE_INTERFACE */
1059 __entry_tramp_data_this_cpu_vector:
1060 .quad this_cpu_vector
1061 .popsection // .rodata
1062 #endif /* CONFIG_RANDOMIZE_BASE */
1063 #endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
1066 * Exception vectors for spectre mitigations on entry from EL1 when
1067 * kpti is not in use.
1069 .macro generate_el1_vector, bhb
1071 kernel_ventry 1, sync_invalid // Synchronous EL1t
1072 kernel_ventry 1, irq_invalid // IRQ EL1t
1073 kernel_ventry 1, fiq_invalid // FIQ EL1t
1074 kernel_ventry 1, error_invalid // Error EL1t
1076 kernel_ventry 1, sync // Synchronous EL1h
1077 kernel_ventry 1, irq // IRQ EL1h
1078 kernel_ventry 1, fiq_invalid // FIQ EL1h
1079 kernel_ventry 1, error_invalid // Error EL1h
1082 tramp_ventry .Lvector_start\@, 64, 0, \bhb
1085 tramp_ventry .Lvector_start\@, 32, 0, \bhb
1089 /* The order must match tramp_vecs and the arm64_bp_harden_el1_vectors enum. */
1090 .pushsection ".entry.text", "ax"
1092 ENTRY(__bp_harden_el1_vectors)
1093 #ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
1094 generate_el1_vector bhb=BHB_MITIGATION_LOOP
1095 generate_el1_vector bhb=BHB_MITIGATION_FW
1096 generate_el1_vector bhb=BHB_MITIGATION_INSN
1097 #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
1098 END(__bp_harden_el1_vectors)
1102 * Special system call wrappers.
1104 ENTRY(sys_rt_sigreturn_wrapper)
1107 ENDPROC(sys_rt_sigreturn_wrapper)
projects / releases.git / blob