1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * This file contains the code that gets mapped at the upper end of each task's text
4 * region. For now, it contains the signal trampoline code only.
5 *
6 * Copyright (C) 1999-2003 Hewlett-Packard Co
7 * David Mosberger-Tang <davidm@hpl.hp.com>
8 */
9
10
11 #include <asm/asmmacro.h>
12 #include <asm/errno.h>
13 #include <asm/asm-offsets.h>
14 #include <asm/sigcontext.h>
15 #include <asm/unistd.h>
16 #include <asm/kregs.h>
17 #include <asm/page.h>
18 #include <asm/native/inst.h>
19
20 /*
21 * We can't easily refer to symbols inside the kernel. To avoid full runtime relocation,
22 * complications with the linker (which likes to create PLT stubs for branches
23 * to targets outside the shared object) and to avoid multi-phase kernel builds, we
24 * simply create minimalistic "patch lists" in special ELF sections.
25 */
26 .section ".data..patch.fsyscall_table", "a"
27 .previous
28 #define LOAD_FSYSCALL_TABLE(reg) \
29 [1:] movl reg=0; \
30 .xdata4 ".data..patch.fsyscall_table", 1b-.
31
32 .section ".data..patch.brl_fsys_bubble_down", "a"
33 .previous
34 #define BRL_COND_FSYS_BUBBLE_DOWN(pr) \
35 [1:](pr)brl.cond.sptk 0; \
36 ;; \
37 .xdata4 ".data..patch.brl_fsys_bubble_down", 1b-.
38
39 GLOBAL_ENTRY(__kernel_syscall_via_break)
40 .prologue
41 .altrp b6
42 .body
43 /*
44 * Note: for (fast) syscall restart to work, the break instruction must be
45 * the first one in the bundle addressed by syscall_via_break.
46 */
47 { .mib
48 break 0x100000
49 nop.i 0
50 br.ret.sptk.many b6
51 }
52 END(__kernel_syscall_via_break)
53
54 # define ARG0_OFF (16 + IA64_SIGFRAME_ARG0_OFFSET)
55 # define ARG1_OFF (16 + IA64_SIGFRAME_ARG1_OFFSET)
56 # define ARG2_OFF (16 + IA64_SIGFRAME_ARG2_OFFSET)
57 # define SIGHANDLER_OFF (16 + IA64_SIGFRAME_HANDLER_OFFSET)
58 # define SIGCONTEXT_OFF (16 + IA64_SIGFRAME_SIGCONTEXT_OFFSET)
59
60 # define FLAGS_OFF IA64_SIGCONTEXT_FLAGS_OFFSET
61 # define CFM_OFF IA64_SIGCONTEXT_CFM_OFFSET
62 # define FR6_OFF IA64_SIGCONTEXT_FR6_OFFSET
63 # define BSP_OFF IA64_SIGCONTEXT_AR_BSP_OFFSET
64 # define RNAT_OFF IA64_SIGCONTEXT_AR_RNAT_OFFSET
65 # define UNAT_OFF IA64_SIGCONTEXT_AR_UNAT_OFFSET
66 # define FPSR_OFF IA64_SIGCONTEXT_AR_FPSR_OFFSET
67 # define PR_OFF IA64_SIGCONTEXT_PR_OFFSET
68 # define RP_OFF IA64_SIGCONTEXT_IP_OFFSET
69 # define SP_OFF IA64_SIGCONTEXT_R12_OFFSET
70 # define RBS_BASE_OFF IA64_SIGCONTEXT_RBS_BASE_OFFSET
71 # define LOADRS_OFF IA64_SIGCONTEXT_LOADRS_OFFSET
72 # define base0 r2
73 # define base1 r3
74 /*
75 * When we get here, the memory stack looks like this:
76 *
77 * +===============================+
78 * | |
79 * // struct sigframe //
80 * | |
81 * +-------------------------------+ <-- sp+16
82 * | 16 byte of scratch |
83 * | space |
84 * +-------------------------------+ <-- sp
85 *
86 * The register stack looks _exactly_ the way it looked at the time the signal
87 * occurred. In other words, we're treading on a potential mine-field: each
88 * incoming general register may be a NaT value (including sp, in which case the
89 * process ends up dying with a SIGSEGV).
90 *
91 * The first thing need to do is a cover to get the registers onto the backing
92 * store. Once that is done, we invoke the signal handler which may modify some
93 * of the machine state. After returning from the signal handler, we return
94 * control to the previous context by executing a sigreturn system call. A signal
95 * handler may call the rt_sigreturn() function to directly return to a given
96 * sigcontext. However, the user-level sigreturn() needs to do much more than
97 * calling the rt_sigreturn() system call as it needs to unwind the stack to
98 * restore preserved registers that may have been saved on the signal handler's
99 * call stack.
100 */
101
102 #define SIGTRAMP_SAVES \
103 .unwabi 3, 's'; /* mark this as a sigtramp handler (saves scratch regs) */ \
104 .unwabi @svr4, 's'; /* backwards compatibility with old unwinders (remove in v2.7) */ \
105 .savesp ar.unat, UNAT_OFF+SIGCONTEXT_OFF; \
106 .savesp ar.fpsr, FPSR_OFF+SIGCONTEXT_OFF; \
107 .savesp pr, PR_OFF+SIGCONTEXT_OFF; \
108 .savesp rp, RP_OFF+SIGCONTEXT_OFF; \
109 .savesp ar.pfs, CFM_OFF+SIGCONTEXT_OFF; \
110 .vframesp SP_OFF+SIGCONTEXT_OFF
111
112 GLOBAL_ENTRY(__kernel_sigtramp)
113 // describe the state that is active when we get here:
114 .prologue
115 SIGTRAMP_SAVES
116 .body
117
118 .label_state 1
119
120 adds base0=SIGHANDLER_OFF,sp
121 adds base1=RBS_BASE_OFF+SIGCONTEXT_OFF,sp
122 br.call.sptk.many rp=1f
123 1:
124 ld8 r17=[base0],(ARG0_OFF-SIGHANDLER_OFF) // get pointer to signal handler's plabel
125 ld8 r15=[base1] // get address of new RBS base (or NULL)
126 cover // push args in interrupted frame onto backing store
127 ;;
128 cmp.ne p1,p0=r15,r0 // do we need to switch rbs? (note: pr is saved by kernel)
129 mov.m r9=ar.bsp // fetch ar.bsp
130 .spillsp.p p1, ar.rnat, RNAT_OFF+SIGCONTEXT_OFF
131 (p1) br.cond.spnt setup_rbs // yup -> (clobbers p8, r14-r16, and r18-r20)
132 back_from_setup_rbs:
133 alloc r8=ar.pfs,0,0,3,0
134 ld8 out0=[base0],16 // load arg0 (signum)
135 adds base1=(ARG1_OFF-(RBS_BASE_OFF+SIGCONTEXT_OFF)),base1
136 ;;
137 ld8 out1=[base1] // load arg1 (siginfop)
138 ld8 r10=[r17],8 // get signal handler entry point
139 ;;
140 ld8 out2=[base0] // load arg2 (sigcontextp)
141 ld8 gp=[r17] // get signal handler's global pointer
142 adds base0=(BSP_OFF+SIGCONTEXT_OFF),sp
143 ;;
144 .spillsp ar.bsp, BSP_OFF+SIGCONTEXT_OFF
145 st8 [base0]=r9 // save sc_ar_bsp
146 adds base0=(FR6_OFF+SIGCONTEXT_OFF),sp
147 adds base1=(FR6_OFF+16+SIGCONTEXT_OFF),sp
148 ;;
149 stf.spill [base0]=f6,32
150 stf.spill [base1]=f7,32
151 ;;
152 stf.spill [base0]=f8,32
153 stf.spill [base1]=f9,32
154 mov b6=r10
155 ;;
156 stf.spill [base0]=f10,32
157 stf.spill [base1]=f11,32
158 ;;
159 stf.spill [base0]=f12,32
160 stf.spill [base1]=f13,32
161 ;;
162 stf.spill [base0]=f14,32
163 stf.spill [base1]=f15,32
164 br.call.sptk.many rp=b6 // call the signal handler
165 .ret0: adds base0=(BSP_OFF+SIGCONTEXT_OFF),sp
166 ;;
167 ld8 r15=[base0] // fetch sc_ar_bsp
168 mov r14=ar.bsp
169 ;;
170 cmp.ne p1,p0=r14,r15 // do we need to restore the rbs?
171 (p1) br.cond.spnt restore_rbs // yup -> (clobbers r14-r18, f6 & f7)
172 ;;
173 back_from_restore_rbs:
174 adds base0=(FR6_OFF+SIGCONTEXT_OFF),sp
175 adds base1=(FR6_OFF+16+SIGCONTEXT_OFF),sp
176 ;;
177 ldf.fill f6=[base0],32
178 ldf.fill f7=[base1],32
179 ;;
180 ldf.fill f8=[base0],32
181 ldf.fill f9=[base1],32
182 ;;
183 ldf.fill f10=[base0],32
184 ldf.fill f11=[base1],32
185 ;;
186 ldf.fill f12=[base0],32
187 ldf.fill f13=[base1],32
188 ;;
189 ldf.fill f14=[base0],32
190 ldf.fill f15=[base1],32
191 mov r15=__NR_rt_sigreturn
192 .restore sp // pop .prologue
193 break __BREAK_SYSCALL
194
195 .prologue
196 SIGTRAMP_SAVES
197 setup_rbs:
198 mov ar.rsc=0 // put RSE into enforced lazy mode
199 ;;
200 .save ar.rnat, r19
201 mov r19=ar.rnat // save RNaT before switching backing store area
202 adds r14=(RNAT_OFF+SIGCONTEXT_OFF),sp
203
204 mov r18=ar.bspstore
205 mov ar.bspstore=r15 // switch over to new register backing store area
206 ;;
207
208 .spillsp ar.rnat, RNAT_OFF+SIGCONTEXT_OFF
209 st8 [r14]=r19 // save sc_ar_rnat
210 .body
211 mov.m r16=ar.bsp // sc_loadrs <- (new bsp - new bspstore) << 16
212 adds r14=(LOADRS_OFF+SIGCONTEXT_OFF),sp
213 ;;
214 invala
215 sub r15=r16,r15
216 extr.u r20=r18,3,6
217 ;;
218 mov ar.rsc=0xf // set RSE into eager mode, pl 3
219 cmp.eq p8,p0=63,r20
220 shl r15=r15,16
221 ;;
222 st8 [r14]=r15 // save sc_loadrs
223 (p8) st8 [r18]=r19 // if bspstore points at RNaT slot, store RNaT there now
224 .restore sp // pop .prologue
225 br.cond.sptk back_from_setup_rbs
226
227 .prologue
228 SIGTRAMP_SAVES
229 .spillsp ar.rnat, RNAT_OFF+SIGCONTEXT_OFF
230 .body
231 restore_rbs:
232 // On input:
233 // r14 = bsp1 (bsp at the time of return from signal handler)
234 // r15 = bsp0 (bsp at the time the signal occurred)
235 //
236 // Here, we need to calculate bspstore0, the value that ar.bspstore needs
237 // to be set to, based on bsp0 and the size of the dirty partition on
238 // the alternate stack (sc_loadrs >> 16). This can be done with the
239 // following algorithm:
240 //
241 // bspstore0 = rse_skip_regs(bsp0, -rse_num_regs(bsp1 - (loadrs >> 19), bsp1));
242 //
243 // This is what the code below does.
244 //
245 alloc r2=ar.pfs,0,0,0,0 // alloc null frame
246 adds r16=(LOADRS_OFF+SIGCONTEXT_OFF),sp
247 adds r18=(RNAT_OFF+SIGCONTEXT_OFF),sp
248 ;;
249 ld8 r17=[r16]
250 ld8 r16=[r18] // get new rnat
251 extr.u r18=r15,3,6 // r18 <- rse_slot_num(bsp0)
252 ;;
253 mov ar.rsc=r17 // put RSE into enforced lazy mode
254 shr.u r17=r17,16
255 ;;
256 sub r14=r14,r17 // r14 (bspstore1) <- bsp1 - (sc_loadrs >> 16)
257 shr.u r17=r17,3 // r17 <- (sc_loadrs >> 19)
258 ;;
259 loadrs // restore dirty partition
260 extr.u r14=r14,3,6 // r14 <- rse_slot_num(bspstore1)
261 ;;
262 add r14=r14,r17 // r14 <- rse_slot_num(bspstore1) + (sc_loadrs >> 19)
263 ;;
264 shr.u r14=r14,6 // r14 <- (rse_slot_num(bspstore1) + (sc_loadrs >> 19))/0x40
265 ;;
266 sub r14=r14,r17 // r14 <- -rse_num_regs(bspstore1, bsp1)
267 movl r17=0x8208208208208209
268 ;;
269 add r18=r18,r14 // r18 (delta) <- rse_slot_num(bsp0) - rse_num_regs(bspstore1,bsp1)
270 setf.sig f7=r17
271 cmp.lt p7,p0=r14,r0 // p7 <- (r14 < 0)?
272 ;;
273 (p7) adds r18=-62,r18 // delta -= 62
274 ;;
275 setf.sig f6=r18
276 ;;
277 xmpy.h f6=f6,f7
278 ;;
279 getf.sig r17=f6
280 ;;
281 add r17=r17,r18
282 shr r18=r18,63
283 ;;
284 shr r17=r17,5
285 ;;
286 sub r17=r17,r18 // r17 = delta/63
287 ;;
288 add r17=r14,r17 // r17 <- delta/63 - rse_num_regs(bspstore1, bsp1)
289 ;;
290 shladd r15=r17,3,r15 // r15 <- bsp0 + 8*(delta/63 - rse_num_regs(bspstore1, bsp1))
291 ;;
292 mov ar.bspstore=r15 // switch back to old register backing store area
293 ;;
294 mov ar.rnat=r16 // restore RNaT
295 mov ar.rsc=0xf // (will be restored later on from sc_ar_rsc)
296 // invala not necessary as that will happen when returning to user-mode
297 br.cond.sptk back_from_restore_rbs
298 END(__kernel_sigtramp)
299
300 /*
301 * On entry:
302 * r11 = saved ar.pfs
303 * r15 = system call #
304 * b0 = saved return address
305 * b6 = return address
306 * On exit:
307 * r11 = saved ar.pfs
308 * r15 = system call #
309 * b0 = saved return address
310 * all other "scratch" registers: undefined
311 * all "preserved" registers: same as on entry
312 */
313
314 GLOBAL_ENTRY(__kernel_syscall_via_epc)
315 .prologue
316 .altrp b6
317 .body
318 {
319 /*
320 * Note: the kernel cannot assume that the first two instructions in this
321 * bundle get executed. The remaining code must be safe even if
322 * they do not get executed.
323 */
324 adds r17=-1024,r15 // A
325 mov r10=0 // A default to successful syscall execution
326 epc // B causes split-issue
327 }
328 ;;
329 RSM_PSR_BE_I(r20, r22) // M2 (5 cyc to srlz.d)
330 LOAD_FSYSCALL_TABLE(r14) // X
331 ;;
332 mov r16=IA64_KR(CURRENT) // M2 (12 cyc)
333 shladd r18=r17,3,r14 // A
334 mov r19=NR_syscalls-1 // A
335 ;;
336 lfetch [r18] // M0|1
337 MOV_FROM_PSR(p0, r29, r8) // M2 (12 cyc)
338 // If r17 is a NaT, p6 will be zero
339 cmp.geu p6,p7=r19,r17 // A (sysnr > 0 && sysnr < 1024+NR_syscalls)?
340 ;;
341 mov r21=ar.fpsr // M2 (12 cyc)
342 tnat.nz p10,p9=r15 // I0
343 mov.i r26=ar.pfs // I0 (would stall anyhow due to srlz.d...)
344 ;;
345 srlz.d // M0 (forces split-issue) ensure PSR.BE==0
346 (p6) ld8 r18=[r18] // M0|1
347 nop.i 0
348 ;;
349 nop.m 0
350 (p6) tbit.z.unc p8,p0=r18,0 // I0 (dual-issues with "mov b7=r18"!)
351 nop.i 0
352 ;;
353 SSM_PSR_I(p8, p14, r25)
354 (p6) mov b7=r18 // I0
355 (p8) br.dptk.many b7 // B
356
357 mov r27=ar.rsc // M2 (12 cyc)
358 /*
359 * brl.cond doesn't work as intended because the linker would convert this branch
360 * into a branch to a PLT. Perhaps there will be a way to avoid this with some
361 * future version of the linker. In the meantime, we just use an indirect branch
362 * instead.
363 */
364 #ifdef CONFIG_ITANIUM
365 (p6) add r14=-8,r14 // r14 <- addr of fsys_bubble_down entry
366 ;;
367 (p6) ld8 r14=[r14] // r14 <- fsys_bubble_down
368 ;;
369 (p6) mov b7=r14
370 (p6) br.sptk.many b7
371 #else
372 BRL_COND_FSYS_BUBBLE_DOWN(p6)
373 #endif
374 SSM_PSR_I(p0, p14, r10)
375 mov r10=-1
376 (p10) mov r8=EINVAL
377 (p9) mov r8=ENOSYS
378 FSYS_RETURN
379
380 END(__kernel_syscall_via_epc)