vmx_ivt.s

xen 3.2.2 源码

    *
    * During system call exit, scratch registers (including r15) are modified/cleared
    * to prevent leaking bits from kernel to user level.
    */
   
//  mov.m r16=IA64_KR(CURRENT)		// M2 r16 <- current task (12 cyc)
    mov r14=r21
    bsw.1					// B (6 cyc) regs are saved, switch to bank 1
    ;;   
    mov r29=cr.ipsr				// M2 (12 cyc)
    mov r31=pr				// I0 (2 cyc)
    mov r16=r14
    mov r15=r2

    mov r17=cr.iim				// M2 (2 cyc)
    mov.m r27=ar.rsc			// M2 (12 cyc)
//  mov r18=__IA64_BREAK_SYSCALL		// A

    mov.m ar.rsc=0				// M2
    mov.m r21=ar.fpsr			// M2 (12 cyc)
    mov r19=b6				// I0 (2 cyc)
    ;;
    mov.m r23=ar.bspstore			// M2 (12 cyc)
    mov.m r24=ar.rnat			// M2 (5 cyc)
    mov.i r26=ar.pfs			// I0 (2 cyc)

    invala					// M0|1
    nop.m 0					// M
    mov r20=r1				// A			save r1

    nop.m 0
//  movl r30=sys_call_table			// X
    movl r30=ia64_hypercall_table			// X

    mov r28=cr.iip				// M2 (2 cyc)
//  cmp.eq p0,p7=r18,r17			// I0 is this a system call?
//(p7)  br.cond.spnt non_syscall		// B  no ->
   //
   // From this point on, we are definitely on the syscall-path
   // and we can use (non-banked) scratch registers.
   //
///////////////////////////////////////////////////////////////////////
    mov r1=r16				// A    move task-pointer to "addl"-addressable reg
    mov r2=r16				// A    setup r2 for ia64_syscall_setup
//  add r9=TI_FLAGS+IA64_TASK_SIZE,r16	// A	r9 = &current_thread_info()->flags

//  adds r16=IA64_TASK_THREAD_ON_USTACK_OFFSET,r16
//  adds r15=-1024,r15			// A    subtract 1024 from syscall number
//  mov r3=NR_syscalls - 1
    mov r3=NR_hypercalls - 1
    ;;
//  ld1.bias r17=[r16]			// M0|1 r17 = current->thread.on_ustack flag
//  ld4 r9=[r9]				// M0|1 r9 = current_thread_info()->flags
    mov r9=r0               // force flags = 0
    extr.u r8=r29,41,2			// I0   extract ei field from cr.ipsr

    shladd r30=r15,3,r30			// A    r30 = sys_call_table + 8*(syscall-1024)
    addl r22=IA64_RBS_OFFSET,r1		// A    compute base of RBS
    cmp.leu p6,p7=r15,r3			// A    syscall number in range?
    ;;

    lfetch.fault.excl.nt1 [r22]		// M0|1 prefetch RBS
(p6) ld8 r30=[r30]				// M0|1 load address of syscall entry point
    tnat.nz.or p7,p0=r15			// I0	is syscall nr a NaT?

    mov.m ar.bspstore=r22			// M2   switch to kernel RBS
    cmp.eq p8,p9=2,r8			// A    isr.ei==2?
    ;;

(p8) mov r8=0				// A    clear ei to 0
//(p7)  movl r30=sys_ni_syscall			// X
(p7) movl r30=do_ni_hypercall			// X

(p8) adds r28=16,r28				// A    switch cr.iip to next bundle
(p9) adds r8=1,r8				// A    increment ei to next slot
    nop.i 0
    ;;

    mov.m r25=ar.unat			// M2 (5 cyc)
    dep r29=r8,r29,41,2			// I0   insert new ei into cr.ipsr
//  adds r15=1024,r15			// A    restore original syscall number
   //
   // If any of the above loads miss in L1D, we'll stall here until
   // the data arrives.
   //
///////////////////////////////////////////////////////////////////////
//    st1 [r16]=r0				// M2|3 clear current->thread.on_ustack flag
    mov b6=r30				// I0   setup syscall handler branch reg early
//    cmp.ne pKStk,pUStk=r0,r0		// A    were we on kernel stacks already?

//  and r9=_TIF_SYSCALL_TRACEAUDIT,r9	// A    mask trace or audit
    mov r18=ar.bsp				// M2 (12 cyc)
   ;;
//(pUStk) addl r1=IA64_STK_OFFSET-IA64_PT_REGS_SIZE,r1 // A    compute base of memory stack
    addl r1=IA64_STK_OFFSET-IA64_PT_REGS_SIZE,r1 // A    compute base of memory stack
//  cmp.eq p14,p0=r9,r0			// A    are syscalls being traced/audited?
//    br.call.sptk.many b7=ia64_syscall_setup	// B
    br.call.sptk.many b7=ia64_hypercall_setup	// B
1:
    mov ar.rsc=0x3				// M2   set eager mode, pl 0, LE, loadrs=0
//    nop 0
//    bsw.1					// B (6 cyc) regs are saved, switch to bank 1
    ;;
    ssm psr.ic | PSR_DEFAULT_BITS		// M2	now it's safe to re-enable intr.-collection
//    movl r3=ia64_ret_from_syscall		// X
    movl r3=ia64_leave_hypercall		// X
    ;;

    srlz.i					// M0   ensure interruption collection is on
    mov rp=r3				// I0   set the real return addr
    //(p10) br.cond.spnt.many ia64_ret_from_syscall	// B    return if bad call-frame or r15 is a NaT
    (p15)   ssm psr.i				// M2   restore psr.i
    //(p14) br.call.sptk.many b6=b6			// B    invoke syscall-handker (ignore return addr)
    br.call.sptk.many b6=b6			// B    invoke syscall-handker (ignore return addr)
//  br.cond.spnt.many ia64_trace_syscall	// B	do syscall-tracing thingamagic
   ;;
   VMX_FAULT(11)
END(vmx_break_fault)

    .org vmx_ia64_ivt+0x3000
/////////////////////////////////////////////////////////////////////////////////////////
// 0x3000 Entry 12 (size 64 bundles) External Interrupt (4)
ENTRY(vmx_interrupt)
//    VMX_DBG_FAULT(12)
    mov r31=pr		// prepare to save predicates
    mov r19=12
    mov r29=cr.ipsr
    ;;
    tbit.z p6,p7=r29,IA64_PSR_VM_BIT
    tbit.z p0,p15=r29,IA64_PSR_I_BIT
    ;;
(p7) br.sptk vmx_dispatch_interrupt
    ;;
    mov r27=ar.rsc		/* M */
    mov r20=r1			/* A */
    mov r25=ar.unat		/* M */
    mov r26=ar.pfs		/* I */
    mov r28=cr.iip		/* M */
    cover			/* B (or nothing) */
    ;;
    mov r1=sp
    ;;
    invala			/* M */
    mov r30=cr.ifs
    ;;
    addl r1=-IA64_PT_REGS_SIZE,r1
    ;;
    adds r17=2*L1_CACHE_BYTES,r1	/* really: biggest cache-line size */
    adds r16=PT(CR_IPSR),r1
    ;;
    lfetch.fault.excl.nt1 [r17],L1_CACHE_BYTES
    st8 [r16]=r29			/* save cr.ipsr */
    ;;
    lfetch.fault.excl.nt1 [r17]
    mov r29=b0
    ;;
    adds r16=PT(R8),r1  	/* initialize first base pointer */
    adds r17=PT(R9),r1  	/* initialize second base pointer */
    mov r18=r0      		/* make sure r18 isn't NaT */
    ;;
.mem.offset 0,0; st8.spill [r16]=r8,16
.mem.offset 8,0; st8.spill [r17]=r9,16
        ;;
.mem.offset 0,0; st8.spill [r16]=r10,24
.mem.offset 8,0; st8.spill [r17]=r11,24
        ;;
    st8 [r16]=r28,16		/* save cr.iip */
    st8 [r17]=r30,16		/* save cr.ifs */
    mov r8=ar.fpsr		/* M */
    mov r9=ar.csd
    mov r10=ar.ssd
    movl r11=FPSR_DEFAULT	/* L-unit */
    ;;
    st8 [r16]=r25,16		/* save ar.unat */
    st8 [r17]=r26,16		/* save ar.pfs */
    shl r18=r18,16		/* compute ar.rsc to be used for "loadrs" */
    ;;
    st8 [r16]=r27,16		/* save ar.rsc */
    adds r17=16,r17		/* skip over ar_rnat field */
    ;;
    st8 [r17]=r31,16		/* save predicates */
    adds r16=16,r16		/* skip over ar_bspstore field */
    ;;
    st8 [r16]=r29,16		/* save b0 */
    st8 [r17]=r18,16		/* save ar.rsc value for "loadrs" */
    ;;
.mem.offset 0,0; st8.spill [r16]=r20,16    /* save original r1 */
.mem.offset 8,0; st8.spill [r17]=r12,16
    adds r12=-16,r1    /* switch to kernel memory stack (with 16 bytes of scratch) */
    ;;
.mem.offset 0,0; st8.spill [r16]=r13,16
.mem.offset 8,0; st8.spill [r17]=r8,16 /* save ar.fpsr */
    MINSTATE_GET_CURRENT(r13)
    ;;
.mem.offset 0,0; st8.spill [r16]=r15,16
.mem.offset 8,0; st8.spill [r17]=r14,16
    dep r14=-1,r0,60,4
    ;;
.mem.offset 0,0; st8.spill [r16]=r2,16
.mem.offset 8,0; st8.spill [r17]=r3,16
    adds r2=IA64_PT_REGS_R16_OFFSET,r1
    ;;
    mov r8=ar.ccv
    movl r1=__gp       /* establish kernel global pointer */
    ;;                                          \
    bsw.1
    ;;
    alloc r14=ar.pfs,0,0,2,0	// must be first in an insn group
    mov out0=cr.ivr		// pass cr.ivr as first arg
    add out1=16,sp		// pass pointer to pt_regs as second arg

    ssm psr.ic
    ;;
    srlz.i
    ;;
    (p15) ssm psr.i
    adds r3=8,r2		// set up second base pointer for SAVE_REST
    srlz.i			// ensure everybody knows psr.ic is back on
    ;;
.mem.offset 0,0; st8.spill [r2]=r16,16
.mem.offset 8,0; st8.spill [r3]=r17,16
    ;;
.mem.offset 0,0; st8.spill [r2]=r18,16
.mem.offset 8,0; st8.spill [r3]=r19,16
    ;;
.mem.offset 0,0; st8.spill [r2]=r20,16
.mem.offset 8,0; st8.spill [r3]=r21,16
    mov r18=b6
    ;;
.mem.offset 0,0; st8.spill [r2]=r22,16
.mem.offset 8,0; st8.spill [r3]=r23,16
    mov r19=b7
    ;;
.mem.offset 0,0; st8.spill [r2]=r24,16
.mem.offset 8,0; st8.spill [r3]=r25,16
    ;;
.mem.offset 0,0; st8.spill [r2]=r26,16
.mem.offset 8,0; st8.spill [r3]=r27,16
    ;;
.mem.offset 0,0; st8.spill [r2]=r28,16
.mem.offset 8,0; st8.spill [r3]=r29,16
    ;;
.mem.offset 0,0; st8.spill [r2]=r30,16
.mem.offset 8,0; st8.spill [r3]=r31,32
    ;;
    mov ar.fpsr=r11       /* M-unit */
    st8 [r2]=r8,8         /* ar.ccv */
    adds r24=PT(B6)-PT(F7),r3
    ;;
    stf.spill [r2]=f6,32
    stf.spill [r3]=f7,32
    ;;
    stf.spill [r2]=f8,32
    stf.spill [r3]=f9,32
    ;;
    stf.spill [r2]=f10
    stf.spill [r3]=f11
    adds r25=PT(B7)-PT(F11),r3
    ;;
    st8 [r24]=r18,16       /* b6 */
    st8 [r25]=r19,16       /* b7 */
    ;;
    st8 [r24]=r9           /* ar.csd */
    st8 [r25]=r10          /* ar.ssd */
    ;;
    srlz.d		// make sure we see the effect of cr.ivr
    movl r14=ia64_leave_nested
    ;;
    mov rp=r14
    br.call.sptk.many b6=ia64_handle_irq
    ;;
END(vmx_interrupt)

    .org vmx_ia64_ivt+0x3400
/////////////////////////////////////////////////////////////////////////////////////////
// 0x3400 Entry 13 (size 64 bundles) Reserved
ENTRY(vmx_virtual_exirq)
    VMX_DBG_FAULT(13)
    mov r31=pr
    mov r19=13
    br.sptk vmx_dispatch_vexirq
END(vmx_virtual_exirq)

    .org vmx_ia64_ivt+0x3800
/////////////////////////////////////////////////////////////////////////////////////////
// 0x3800 Entry 14 (size 64 bundles) Reserved
    VMX_DBG_FAULT(14)
    VMX_FAULT(14)
    // this code segment is from 2.6.16.13
    
    /*
     * There is no particular reason for this code to be here, other than that
     * there happens to be space here that would go unused otherwise.  If this
     * fault ever gets "unreserved", simply moved the following code to a more
     * suitable spot...
     *
     * ia64_syscall_setup() is a separate subroutine so that it can
     *	allocate stacked registers so it can safely demine any
     *	potential NaT values from the input registers.
     *
     * On entry:
     *	- executing on bank 0 or bank 1 register set (doesn't matter)
     *	-  r1: stack pointer
     *	-  r2: current task pointer
     *	-  r3: preserved
     *	- r11: original contents (saved ar.pfs to be saved)
     *	- r12: original contents (sp to be saved)
     *	- r13: original contents (tp to be saved)
     *	- r15: original contents (syscall # to be saved)
     *	- r18: saved bsp (after switching to kernel stack)
     *	- r19: saved b6
     *	- r20: saved r1 (gp)
     *	- r21: saved ar.fpsr
     *	- r22: kernel's register backing store base (krbs_base)
     *	- r23: saved ar.bspstore
     *	- r24: saved ar.rnat
     *	- r25: saved ar.unat
     *	- r26: saved ar.pfs
     *	- r27: saved ar.rsc
     *	- r28: saved cr.iip
     *	- r29: saved cr.ipsr
     *	- r31: saved pr
     *	-  b0: original contents (to be saved)
     * On exit:
     *	-  p10: TRUE if syscall is invoked with more than 8 out
     *		registers or r15's Nat is true
     *	-  r1: kernel's gp
     *	-  r3: preserved (same as on entry)
     *	-  r8: -EINVAL if p10 is true
     *	- r12: points to kernel stack
     *	- r13: points to current task
     *	- r14: preserved (same as on entry)
     *	- p13: preserved
     *	- p15: TRUE if interrupts need to be re-enabled
     *	- ar.fpsr: set to kernel settings
     *	-  b6: preserved (same as on entry)
     */
GLOBAL_ENTRY(ia64_hypercall_setup)
#if PT(B6) != 0
# error This code assumes that b6 is the first field in pt_regs.
#endif
    st8 [r1]=r19				// save b6
    add r16=PT(CR_IPSR),r1			// initialize first base pointer
    add r17=PT(R11),r1			// initialize second base pointer
    ;;
    alloc r19=ar.pfs,8,0,0,0		// ensure in0-in7 are writable
    st8 [r16]=r29,PT(AR_PFS)-PT(CR_IPSR)	// save cr.ipsr
    tnat.nz p8,p0=in0

    st8.spill [r17]=r11,PT(CR_IIP)-PT(R11)	// save r11
    tnat.nz p9,p0=in1
//(pKStk) mov r18=r0				// make sure r18 isn't NaT
    ;;

    st8 [r16]=r26,PT(CR_IFS)-PT(AR_PFS)	// save ar.pfs
    st8 [r17]=r28,PT(AR_UNAT)-PT(CR_IIP)	// save cr.iip
    mov r28=b0				// save b0 (2 cyc)
    ;;

    st8 [r17]=r25,PT(AR_RSC)-PT(AR_UNAT)	// save ar.unat
    dep r19=0,r19,38,26			// clear all bits but 0..37 [I0]
(p8)    mov in0=-1
    ;;

    st8 [r16]=r19,PT(AR_RNAT)-PT(CR_IFS)	// store ar.pfs.pfm in cr.ifs
    extr.u r11=r19,7,7	// I0		// get sol of ar.pfs
    and r8=0x7f,r19		// A		// get sof of ar.pfs

    st8 [r17]=r27,PT(AR_BSPSTORE)-PT(AR_RSC)// save ar.rsc
    tbit.nz p15,p0=r29,IA64_PSR_I_BIT // I0
(p9)    mov in1=-1
    ;;

//(pUStk) sub r18=r18,r22				// r18=RSE.ndirty*8
    sub r18=r18,r22				// r18=RSE.ndirty*8
    tnat.nz p10,p0=in2
    add r11=8,r11
    ;;
//(pKStk) adds r16=PT(PR)-PT(AR_RNAT),r16		// skip over ar_rnat field
//(pKStk) adds r17=PT(B0)-PT(AR_BSPSTORE),r17	// skip over ar_bspstore field
    tnat.nz p11,p0=in3
    ;;
(p10)   mov in2=-1
    tnat.nz p12,p0=in4				// [I0]
(p11)   mov in3=-1
    ;;
//(pUStk) st8 [r16]=r24,PT(PR)-PT(AR_RNAT)	// save ar.rnat
    st8 [r16]=r24,PT(PR)-PT(AR_RNAT)	// save ar.rnat
//(pUStk) st8 [r17]=r23,PT(B0)-PT(AR_BSPSTORE)	// save ar.bspstore
    st8 [r17]=r23,PT(B0)-PT(AR_BSPSTORE)	// save ar.bspstore	
    shl r18=r18,16				// compute ar.rsc to be used for "loadrs"
    ;;
    st8 [r16]=r31,PT(LOADRS)-PT(PR)		// save predicates
    st8 [r17]=r28,PT(R1)-PT(B0)		// save b0
    tnat.nz p13,p0=in5				// [I0]
    ;;
    st8 [r16]=r18,PT(R12)-PT(LOADRS)	// save ar.rsc value for "loadrs"
    st8.spill [r17]=r20,PT(R13)-PT(R1)	// save original r1
(p12)   mov in4=-1
    ;;

.mem.offset 0,0; st8.spill [r16]=r12,PT(AR_FPSR)-PT(R12)	// save r12
.mem.offset 8,0; st8.spill [r17]=r13,PT(R15)-PT(R13)		// save r13
(p13)   mov in5=-1
    ;;
    st8 [r16]=r21,PT(R8)-PT(AR_FPSR)	// save ar.fpsr
    tnat.nz p13,p0=in6
    cmp.lt p10,p9=r11,r8	// frame size can't be more than local+8
    ;;
    mov r8=1
(p9)    tnat.nz p10,p0=r15
    adds r12=-16,r1		// switch to kernel memory stack (with 16 bytes of scratch)

    st8.spill [r17]=r15			// save r15
    tnat.nz p8,p0=in7
    nop.i 0

    mov r13=r2				// establish `current'
    movl r1=__gp				// establish kernel global pointer
    ;;
    st8 [r16]=r8		// ensure pt_regs.r8 != 0 (see handle_syscall_error)
(p13)   mov in6=-1
(p8)    mov in7=-1

    cmp.eq pSys,pNonSys=r0,r0		// set pSys=1, pNonSys=0
    movl r17=FPSR_DEFAULT
    ;;
    mov.m ar.fpsr=r17			// set ar.fpsr to kernel default value
(p10)   mov r8=-EINVAL
    br.ret.sptk.many b7
END(ia64_hypercall_setup)


    .org vmx_ia64_ivt+0x3c00
/////////////////////////////////////////////////////////////////////////////////////////
// 0x3c00 Entry 15 (size 64 bundles) Reserved
    VMX_DBG_FAULT(15)
    VMX_FAULT(15)


    .org vmx_ia64_ivt+0x4000
/////////////////////////////////////////////////////////////////////////////////////////
// 0x4000 Entry 16 (size 64 bundles) Reserved
    VMX_DBG_FAULT(16)
    VMX_FAULT(16)

    .org vmx_ia64_ivt+0x4400
/////////////////////////////////////////////////////////////////////////////////////////
// 0x4400 Entry 17 (size 64 bundles) Reserved
    VMX_DBG_FAULT(17)
    VMX_FAULT(17)

    .org vmx_ia64_ivt+0x4800
/////////////////////////////////////////////////////////////////////////////////////////
// 0x4800 Entry 18 (size 64 bundles) Reserved
    VMX_DBG_FAULT(18)
    VMX_FAULT(18)

    .org vmx_ia64_ivt+0x4c00
/////////////////////////////////////////////////////////////////////////////////////////
// 0x4c00 Entry 19 (size 64 bundles) Reserved
    VMX_DBG_FAULT(19)
    VMX_FAULT(19)

    .org vmx_ia64_ivt+0x5000
/////////////////////////////////////////////////////////////////////////////////////////
// 0x5000 Entry 20 (size 16 bundles) Page Not Present
ENTRY(vmx_page_not_present)
    VMX_DBG_FAULT(20)
    VMX_REFLECT(20)
END(vmx_page_not_present)

    .org vmx_ia64_ivt+0x5100
/////////////////////////////////////////////////////////////////////////////////////////
// 0x5100 Entry 21 (size 16 bundles) Key Permission vector
ENTRY(vmx_key_permission)
    VMX_DBG_FAULT(21)
    VMX_REFLECT(21)
END(vmx_key_permission)

    .org vmx_ia64_ivt+0x5200
/////////////////////////////////////////////////////////////////////////////////////////
// 0x5200 Entry 22 (size 16 bundles) Instruction Access Rights (26)
ENTRY(vmx_iaccess_rights)
    VMX_DBG_FAULT(22)
    VMX_REFLECT(22)
END(vmx_iaccess_rights)

    .org vmx_ia64_ivt+0x5300
/////////////////////////////////////////////////////////////////////////////////////////
// 0x5300 Entry 23 (size 16 bundles) Data Access Rights (14,53)