2 * linux/arch/x86_64/entry.S
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 * Copyright (C) 2000, 2001, 2002 Andi Kleen SuSE Labs
6 * Copyright (C) 2000 Pavel Machek <pavel@suse.cz>
10 * entry.S contains the system-call and fault low-level handling routines.
12 * Some of this is documented in Documentation/x86/entry_64.txt
14 * NOTE: This code handles signal-recognition, which happens every time
15 * after an interrupt and after each system call.
17 * A note on terminology:
18 * - iret frame: Architecture defined interrupt frame from SS to RIP
19 * at the top of the kernel process stack.
22 * - CFI macros are used to generate dwarf2 unwind information for better
23 * backtraces. They don't change any code.
24 * - ENTRY/END Define functions in the symbol table.
25 * - TRACE_IRQ_* - Trace hard interrupt state for lock debugging.
26 * - idtentry - Define exception entry points.
29 #include <linux/linkage.h>
30 #include <asm/segment.h>
31 #include <asm/cache.h>
32 #include <asm/errno.h>
33 #include <asm/dwarf2.h>
34 #include <asm/calling.h>
35 #include <asm/asm-offsets.h>
37 #include <asm/unistd.h>
38 #include <asm/thread_info.h>
39 #include <asm/hw_irq.h>
40 #include <asm/page_types.h>
41 #include <asm/irqflags.h>
42 #include <asm/paravirt.h>
43 #include <asm/percpu.h>
45 #include <asm/context_tracking.h>
47 #include <asm/pgtable_types.h>
48 #include <linux/err.h>
50 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
51 #include <linux/elf-em.h>
52 #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
53 #define __AUDIT_ARCH_64BIT 0x80000000
54 #define __AUDIT_ARCH_LE 0x40000000
57 .section .entry.text, "ax"
60 #ifdef CONFIG_PARAVIRT
61 ENTRY(native_usergs_sysret64)
64 ENDPROC(native_usergs_sysret64)
65 #endif /* CONFIG_PARAVIRT */
68 .macro TRACE_IRQS_IRETQ
69 #ifdef CONFIG_TRACE_IRQFLAGS
70 bt $9,EFLAGS(%rsp) /* interrupts off? */
78 * When dynamic function tracer is enabled it will add a breakpoint
79 * to all locations that it is about to modify, sync CPUs, update
80 * all the code, sync CPUs, then remove the breakpoints. In this time
81 * if lockdep is enabled, it might jump back into the debug handler
82 * outside the updating of the IST protection. (TRACE_IRQS_ON/OFF).
84 * We need to change the IDT table before calling TRACE_IRQS_ON/OFF to
85 * make sure the stack pointer does not get reset back to the top
86 * of the debug stack, and instead just reuses the current stack.
88 #if defined(CONFIG_DYNAMIC_FTRACE) && defined(CONFIG_TRACE_IRQFLAGS)
90 .macro TRACE_IRQS_OFF_DEBUG
91 call debug_stack_set_zero
93 call debug_stack_reset
96 .macro TRACE_IRQS_ON_DEBUG
97 call debug_stack_set_zero
99 call debug_stack_reset
102 .macro TRACE_IRQS_IRETQ_DEBUG
103 bt $9,EFLAGS(%rsp) /* interrupts off? */
110 # define TRACE_IRQS_OFF_DEBUG TRACE_IRQS_OFF
111 # define TRACE_IRQS_ON_DEBUG TRACE_IRQS_ON
112 # define TRACE_IRQS_IRETQ_DEBUG TRACE_IRQS_IRETQ
118 .macro EMPTY_FRAME start=1 offset=0
122 CFI_DEF_CFA rsp,8+\offset
124 CFI_DEF_CFA_OFFSET 8+\offset
129 * initial frame state for interrupts (and exceptions without error code)
131 .macro INTR_FRAME start=1 offset=0
132 EMPTY_FRAME \start, 5*8+\offset
133 /*CFI_REL_OFFSET ss, 4*8+\offset*/
134 CFI_REL_OFFSET rsp, 3*8+\offset
135 /*CFI_REL_OFFSET rflags, 2*8+\offset*/
136 /*CFI_REL_OFFSET cs, 1*8+\offset*/
137 CFI_REL_OFFSET rip, 0*8+\offset
141 * initial frame state for exceptions with error code (and interrupts
142 * with vector already pushed)
144 .macro XCPT_FRAME start=1 offset=0
145 INTR_FRAME \start, 1*8+\offset
149 * frame that enables passing a complete pt_regs to a C function.
151 .macro DEFAULT_FRAME start=1 offset=0
152 XCPT_FRAME \start, ORIG_RAX+\offset
153 CFI_REL_OFFSET rdi, RDI+\offset
154 CFI_REL_OFFSET rsi, RSI+\offset
155 CFI_REL_OFFSET rdx, RDX+\offset
156 CFI_REL_OFFSET rcx, RCX+\offset
157 CFI_REL_OFFSET rax, RAX+\offset
158 CFI_REL_OFFSET r8, R8+\offset
159 CFI_REL_OFFSET r9, R9+\offset
160 CFI_REL_OFFSET r10, R10+\offset
161 CFI_REL_OFFSET r11, R11+\offset
162 CFI_REL_OFFSET rbx, RBX+\offset
163 CFI_REL_OFFSET rbp, RBP+\offset
164 CFI_REL_OFFSET r12, R12+\offset
165 CFI_REL_OFFSET r13, R13+\offset
166 CFI_REL_OFFSET r14, R14+\offset
167 CFI_REL_OFFSET r15, R15+\offset
171 * 64bit SYSCALL instruction entry. Up to 6 arguments in registers.
173 * 64bit SYSCALL saves rip to rcx, clears rflags.RF, then saves rflags to r11,
174 * then loads new ss, cs, and rip from previously programmed MSRs.
175 * rflags gets masked by a value from another MSR (so CLD and CLAC
176 * are not needed). SYSCALL does not save anything on the stack
177 * and does not change rsp.
179 * Registers on entry:
180 * rax system call number
182 * r11 saved rflags (note: r11 is callee-clobbered register in C ABI)
186 * r10 arg3 (needs to be moved to rcx to conform to C ABI)
189 * (note: r12-r15,rbp,rbx are callee-preserved in C ABI)
191 * Only called from user space.
193 * When user can change pt_regs->foo always force IRET. That is because
194 * it deals with uncanonical addresses better. SYSRET has trouble
195 * with them due to bugs in both AMD and Intel CPUs.
203 /*CFI_REGISTER rflags,r11*/
206 * Interrupts are off on entry.
207 * We do not frame this tiny irq-off block with TRACE_IRQS_OFF/ON,
208 * it is too small to ever cause noticeable irq latency.
212 * A hypervisor implementation might want to use a label
213 * after the swapgs, so that it can do the swapgs
214 * for the guest and jump here on syscall.
216 GLOBAL(system_call_after_swapgs)
218 movq %rsp,PER_CPU_VAR(rsp_scratch)
219 movq PER_CPU_VAR(kernel_stack),%rsp
221 /* Construct struct pt_regs on stack */
222 pushq_cfi $__USER_DS /* pt_regs->ss */
223 pushq_cfi PER_CPU_VAR(rsp_scratch) /* pt_regs->sp */
225 * Re-enable interrupts.
226 * We use 'rsp_scratch' as a scratch space, hence irq-off block above
227 * must execute atomically in the face of possible interrupt-driven
228 * task preemption. We must enable interrupts only after we're done
229 * with using rsp_scratch:
231 ENABLE_INTERRUPTS(CLBR_NONE)
232 pushq_cfi %r11 /* pt_regs->flags */
233 pushq_cfi $__USER_CS /* pt_regs->cs */
234 pushq_cfi %rcx /* pt_regs->ip */
236 pushq_cfi_reg rax /* pt_regs->orig_ax */
237 pushq_cfi_reg rdi /* pt_regs->di */
238 pushq_cfi_reg rsi /* pt_regs->si */
239 pushq_cfi_reg rdx /* pt_regs->dx */
240 pushq_cfi_reg rcx /* pt_regs->cx */
241 pushq_cfi $-ENOSYS /* pt_regs->ax */
242 pushq_cfi_reg r8 /* pt_regs->r8 */
243 pushq_cfi_reg r9 /* pt_regs->r9 */
244 pushq_cfi_reg r10 /* pt_regs->r10 */
245 pushq_cfi_reg r11 /* pt_regs->r11 */
246 sub $(6*8),%rsp /* pt_regs->bp,bx,r12-15 not saved */
247 CFI_ADJUST_CFA_OFFSET 6*8
249 testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
251 system_call_fastpath:
252 #if __SYSCALL_MASK == ~0
253 cmpq $__NR_syscall_max,%rax
255 andl $__SYSCALL_MASK,%eax
256 cmpl $__NR_syscall_max,%eax
258 ja 1f /* return -ENOSYS (already in pt_regs->ax) */
260 call *sys_call_table(,%rax,8)
264 * Syscall return path ending with SYSRET (fast path).
265 * Has incompletely filled pt_regs.
269 * We do not frame this tiny irq-off block with TRACE_IRQS_OFF/ON,
270 * it is too small to ever cause noticeable irq latency.
272 DISABLE_INTERRUPTS(CLBR_NONE)
275 * We must check ti flags with interrupts (or at least preemption)
276 * off because we must *never* return to userspace without
277 * processing exit work that is enqueued if we're preempted here.
278 * In particular, returning to userspace with any of the one-shot
279 * flags (TIF_NOTIFY_RESUME, TIF_USER_RETURN_NOTIFY, etc) set is
282 testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
283 jnz int_ret_from_sys_call_irqs_off /* Go to the slow path */
287 RESTORE_C_REGS_EXCEPT_RCX_R11
290 movq EFLAGS(%rsp),%r11
291 /*CFI_REGISTER rflags,r11*/
294 * 64bit SYSRET restores rip from rcx,
295 * rflags from r11 (but RF and VM bits are forced to 0),
296 * cs and ss are loaded from MSRs.
297 * Restoration of rflags re-enables interrupts.
299 * NB: On AMD CPUs with the X86_BUG_SYSRET_SS_ATTRS bug, the ss
300 * descriptor is not reinitialized. This means that we should
301 * avoid SYSRET with SS == NULL, which could happen if we schedule,
302 * exit the kernel, and re-enter using an interrupt vector. (All
303 * interrupt entries on x86_64 set SS to NULL.) We prevent that
304 * from happening by reloading SS in __switch_to. (Actually
305 * detecting the failure in 64-bit userspace is tricky but can be
312 /* Do syscall entry tracing */
315 movl $AUDIT_ARCH_X86_64, %esi
316 call syscall_trace_enter_phase1
318 jnz tracesys_phase2 /* if needed, run the slow path */
319 RESTORE_C_REGS_EXCEPT_RAX /* else restore clobbered regs */
320 movq ORIG_RAX(%rsp), %rax
321 jmp system_call_fastpath /* and return to the fast path */
326 movl $AUDIT_ARCH_X86_64, %esi
328 call syscall_trace_enter_phase2
331 * Reload registers from stack in case ptrace changed them.
332 * We don't reload %rax because syscall_trace_entry_phase2() returned
333 * the value it wants us to use in the table lookup.
335 RESTORE_C_REGS_EXCEPT_RAX
337 #if __SYSCALL_MASK == ~0
338 cmpq $__NR_syscall_max,%rax
340 andl $__SYSCALL_MASK,%eax
341 cmpl $__NR_syscall_max,%eax
343 ja 1f /* return -ENOSYS (already in pt_regs->ax) */
344 movq %r10,%rcx /* fixup for C */
345 call *sys_call_table(,%rax,8)
348 /* Use IRET because user could have changed pt_regs->foo */
351 * Syscall return path ending with IRET.
352 * Has correct iret frame.
354 GLOBAL(int_ret_from_sys_call)
355 DISABLE_INTERRUPTS(CLBR_NONE)
356 int_ret_from_sys_call_irqs_off: /* jumps come here from the irqs-off SYSRET path */
358 movl $_TIF_ALLWORK_MASK,%edi
359 /* edi: mask to check */
360 GLOBAL(int_with_check)
362 GET_THREAD_INFO(%rcx)
363 movl TI_flags(%rcx),%edx
366 andl $~TS_COMPAT,TI_status(%rcx)
369 /* Either reschedule or signal or syscall exit tracking needed. */
370 /* First do a reschedule test. */
371 /* edx: work, edi: workmask */
373 testl $_TIF_NEED_RESCHED_MASK,%edx
376 ENABLE_INTERRUPTS(CLBR_NONE)
380 DISABLE_INTERRUPTS(CLBR_NONE)
384 /* handle signals and tracing -- both require a full pt_regs */
387 ENABLE_INTERRUPTS(CLBR_NONE)
389 /* Check for syscall exit trace */
390 testl $_TIF_WORK_SYSCALL_EXIT,%edx
393 leaq 8(%rsp),%rdi # &ptregs -> arg1
394 call syscall_trace_leave
396 andl $~(_TIF_WORK_SYSCALL_EXIT|_TIF_SYSCALL_EMU),%edi
400 testl $_TIF_DO_NOTIFY_MASK,%edx
402 movq %rsp,%rdi # &ptregs -> arg1
403 xorl %esi,%esi # oldset -> arg2
404 call do_notify_resume
405 1: movl $_TIF_WORK_MASK,%edi
408 DISABLE_INTERRUPTS(CLBR_NONE)
413 /* The IRETQ could re-enable interrupts: */
414 DISABLE_INTERRUPTS(CLBR_ANY)
418 * Try to use SYSRET instead of IRET if we're returning to
419 * a completely clean 64-bit userspace context.
422 cmpq %rcx,RIP(%rsp) /* RCX == RIP */
423 jne opportunistic_sysret_failed
426 * On Intel CPUs, SYSRET with non-canonical RCX/RIP will #GP
427 * in kernel space. This essentially lets the user take over
428 * the kernel, since userspace controls RSP. It's not worth
429 * testing for canonicalness exactly -- this check detects any
430 * of the 17 high bits set, which is true for non-canonical
431 * or kernel addresses. (This will pessimize vsyscall=native.
434 * If virtual addresses ever become wider, this will need
435 * to be updated to remain correct on both old and new CPUs.
437 .ifne __VIRTUAL_MASK_SHIFT - 47
438 .error "virtual address width changed -- SYSRET checks need update"
440 shr $__VIRTUAL_MASK_SHIFT, %rcx
441 jnz opportunistic_sysret_failed
443 cmpq $__USER_CS,CS(%rsp) /* CS must match SYSRET */
444 jne opportunistic_sysret_failed
447 cmpq %r11,EFLAGS(%rsp) /* R11 == RFLAGS */
448 jne opportunistic_sysret_failed
451 * SYSRET can't restore RF. SYSRET can restore TF, but unlike IRET,
452 * restoring TF results in a trap from userspace immediately after
453 * SYSRET. This would cause an infinite loop whenever #DB happens
454 * with register state that satisfies the opportunistic SYSRET
455 * conditions. For example, single-stepping this user code:
457 * movq $stuck_here,%rcx
462 * would never get past 'stuck_here'.
464 testq $(X86_EFLAGS_RF|X86_EFLAGS_TF), %r11
465 jnz opportunistic_sysret_failed
467 /* nothing to check for RSP */
469 cmpq $__USER_DS,SS(%rsp) /* SS must match SYSRET */
470 jne opportunistic_sysret_failed
473 * We win! This label is here just for ease of understanding
474 * perf profiles. Nothing jumps here.
476 syscall_return_via_sysret:
478 /* r11 is already restored (see code above) */
479 RESTORE_C_REGS_EXCEPT_R11
484 opportunistic_sysret_failed:
486 jmp restore_c_regs_and_iret
491 .macro FORK_LIKE func
494 DEFAULT_FRAME 0, 8 /* offset 8: return address */
512 /* exec failed, can use fast SYSRET code path in this case */
515 /* must use IRET code path (pt_regs->cs may have changed) */
517 CFI_ADJUST_CFA_OFFSET -8
520 jmp int_ret_from_sys_call
524 * Remaining execve stubs are only 7 bytes long.
525 * ENTRY() often aligns to 16 bytes, which in this case has no benefits.
528 GLOBAL(stub_execveat)
532 jmp return_from_execve
536 #ifdef CONFIG_X86_X32_ABI
538 GLOBAL(stub_x32_execve)
541 call compat_sys_execve
542 jmp return_from_execve
546 GLOBAL(stub_x32_execveat)
549 call compat_sys_execveat
550 jmp return_from_execve
552 END(stub_x32_execveat)
555 #ifdef CONFIG_IA32_EMULATION
557 GLOBAL(stub32_execve)
559 call compat_sys_execve
560 jmp return_from_execve
564 GLOBAL(stub32_execveat)
566 call compat_sys_execveat
567 jmp return_from_execve
573 * sigreturn is special because it needs to restore all registers on return.
574 * This cannot be done with SYSRET, so use the IRET return path instead.
576 ENTRY(stub_rt_sigreturn)
580 * SAVE_EXTRA_REGS result is not normally needed:
581 * sigreturn overwrites all pt_regs->GPREGS.
582 * But sigreturn can fail (!), and there is no easy way to detect that.
583 * To make sure RESTORE_EXTRA_REGS doesn't restore garbage on error,
584 * we SAVE_EXTRA_REGS here.
587 call sys_rt_sigreturn
590 CFI_ADJUST_CFA_OFFSET -8
593 jmp int_ret_from_sys_call
595 END(stub_rt_sigreturn)
597 #ifdef CONFIG_X86_X32_ABI
598 ENTRY(stub_x32_rt_sigreturn)
602 call sys32_x32_rt_sigreturn
605 END(stub_x32_rt_sigreturn)
609 * A newly forked process directly context switches into this address.
611 * rdi: prev task we switched from
616 LOCK ; btr $TIF_FORK,TI_flags(%r8)
619 popfq_cfi # reset kernel eflags
621 call schedule_tail # rdi: 'prev' task parameter
625 testl $3,CS(%rsp) # from kernel_thread?
628 * By the time we get here, we have no idea whether our pt_regs,
629 * ti flags, and ti status came from the 64-bit SYSCALL fast path,
630 * the slow path, or one of the ia32entry paths.
631 * Use IRET code path to return, since it can safely handle
634 jnz int_ret_from_sys_call
636 /* We came from kernel_thread */
637 /* nb: we depend on RESTORE_EXTRA_REGS above */
642 jmp int_ret_from_sys_call
647 * Build the entry stubs with some assembler magic.
648 * We pack 1 stub into every 8-byte block.
651 ENTRY(irq_entries_start)
653 vector=FIRST_EXTERNAL_VECTOR
654 .rept (FIRST_SYSTEM_VECTOR - FIRST_EXTERNAL_VECTOR)
655 pushq_cfi $(~vector+0x80) /* Note: always in signed byte range */
658 CFI_ADJUST_CFA_OFFSET -8
662 END(irq_entries_start)
665 * Interrupt entry/exit.
667 * Interrupt entry points save only callee clobbered registers in fast path.
669 * Entry runs with interrupts off.
672 /* 0(%rsp): ~(interrupt number) */
673 .macro interrupt func
676 * Since nothing in interrupt handling code touches r12...r15 members
677 * of "struct pt_regs", and since interrupts can nest, we can save
678 * four stack slots and simultaneously provide
679 * an unwind-friendly stack layout by saving "truncated" pt_regs
680 * exactly up to rbp slot, without these members.
682 ALLOC_PT_GPREGS_ON_STACK -RBP
684 /* this goes to 0(%rsp) for unwinder, not for saving the value: */
685 SAVE_EXTRA_REGS_RBP -RBP
687 leaq -RBP(%rsp),%rdi /* arg1 for \func (pointer to pt_regs) */
689 testl $3, CS-RBP(%rsp)
694 * Save previous stack pointer, optionally switch to interrupt stack.
695 * irq_count is used to check if a CPU is already on an interrupt stack
696 * or not. While this is essentially redundant with preempt_count it is
697 * a little cheaper to use a separate counter in the PDA (short of
698 * moving irq_enter into assembly, which would be too much work)
701 incl PER_CPU_VAR(irq_count)
702 cmovzq PER_CPU_VAR(irq_stack_ptr),%rsp
703 CFI_DEF_CFA_REGISTER rsi
707 * "CFA (Current Frame Address) is the value on stack + offset"
709 CFI_ESCAPE 0x0f /* DW_CFA_def_cfa_expression */, 6, \
710 0x77 /* DW_OP_breg7 (rsp) */, 0, \
711 0x06 /* DW_OP_deref */, \
712 0x08 /* DW_OP_const1u */, SIZEOF_PTREGS-RBP, \
713 0x22 /* DW_OP_plus */
714 /* We entered an interrupt context - irqs are off: */
721 * The interrupt stubs push (~vector+0x80) onto the stack and
722 * then jump to common_interrupt.
724 .p2align CONFIG_X86_L1_CACHE_SHIFT
728 addq $-0x80,(%rsp) /* Adjust vector to [-256,-1] range */
730 /* 0(%rsp): old RSP */
732 DISABLE_INTERRUPTS(CLBR_NONE)
734 decl PER_CPU_VAR(irq_count)
736 /* Restore saved previous stack */
738 CFI_DEF_CFA rsi,SIZEOF_PTREGS-RBP /* reg/off reset after def_cfa_expr */
739 /* return code expects complete pt_regs - adjust rsp accordingly: */
741 CFI_DEF_CFA_REGISTER rsp
742 CFI_ADJUST_CFA_OFFSET RBP
746 /* Interrupt came from user space */
748 GET_THREAD_INFO(%rcx)
750 * %rcx: thread info. Interrupts off.
752 retint_with_reschedule:
753 movl $_TIF_WORK_MASK,%edi
756 movl TI_flags(%rcx),%edx
761 retint_swapgs: /* return to user-space */
763 * The iretq could re-enable interrupts:
765 DISABLE_INTERRUPTS(CLBR_ANY)
769 jmp restore_c_regs_and_iret
771 /* Returning to kernel space */
773 #ifdef CONFIG_PREEMPT
774 /* Interrupts are off */
775 /* Check if we need preemption */
776 bt $9,EFLAGS(%rsp) /* interrupts were off? */
778 0: cmpl $0,PER_CPU_VAR(__preempt_count)
779 #ifndef CONFIG_PREEMPT_LAZY
782 jz do_preempt_schedule_irq
784 # atleast preempt count == 0 ?
785 cmpl $_PREEMPT_ENABLED,PER_CPU_VAR(__preempt_count)
788 GET_THREAD_INFO(%rcx)
789 cmpl $0, TI_preempt_lazy_count(%rcx)
792 bt $TIF_NEED_RESCHED_LAZY,TI_flags(%rcx)
794 do_preempt_schedule_irq:
796 call preempt_schedule_irq
801 * The iretq could re-enable interrupts:
806 * At this label, code paths which return to kernel and to user,
807 * which come from interrupts/exception and from syscalls, merge.
809 restore_c_regs_and_iret:
811 REMOVE_PT_GPREGS_FROM_STACK 8
816 * Are we returning to a stack segment from the LDT? Note: in
817 * 64-bit mode SS:RSP on the exception stack is always valid.
819 #ifdef CONFIG_X86_ESPFIX64
820 testb $4,(SS-RIP)(%rsp)
821 jnz native_irq_return_ldt
824 .global native_irq_return_iret
825 native_irq_return_iret:
827 * This may fault. Non-paranoid faults on return to userspace are
828 * handled by fixup_bad_iret. These include #SS, #GP, and #NP.
829 * Double-faults due to espfix64 are handled in do_double_fault.
830 * Other faults here are fatal.
834 #ifdef CONFIG_X86_ESPFIX64
835 native_irq_return_ldt:
839 movq PER_CPU_VAR(espfix_waddr),%rdi
840 movq %rax,(0*8)(%rdi) /* RAX */
841 movq (2*8)(%rsp),%rax /* RIP */
842 movq %rax,(1*8)(%rdi)
843 movq (3*8)(%rsp),%rax /* CS */
844 movq %rax,(2*8)(%rdi)
845 movq (4*8)(%rsp),%rax /* RFLAGS */
846 movq %rax,(3*8)(%rdi)
847 movq (6*8)(%rsp),%rax /* SS */
848 movq %rax,(5*8)(%rdi)
849 movq (5*8)(%rsp),%rax /* RSP */
850 movq %rax,(4*8)(%rdi)
851 andl $0xffff0000,%eax
853 orq PER_CPU_VAR(espfix_stack),%rax
857 jmp native_irq_return_iret
860 /* edi: workmask, edx: work */
863 testl $_TIF_NEED_RESCHED_MASK,%edx
866 ENABLE_INTERRUPTS(CLBR_NONE)
870 GET_THREAD_INFO(%rcx)
871 DISABLE_INTERRUPTS(CLBR_NONE)
876 testl $_TIF_DO_NOTIFY_MASK,%edx
879 ENABLE_INTERRUPTS(CLBR_NONE)
881 movq $-1,ORIG_RAX(%rsp)
882 xorl %esi,%esi # oldset
883 movq %rsp,%rdi # &pt_regs
884 call do_notify_resume
886 DISABLE_INTERRUPTS(CLBR_NONE)
888 GET_THREAD_INFO(%rcx)
889 jmp retint_with_reschedule
892 END(common_interrupt)
897 .macro apicinterrupt3 num sym do_sym
909 #ifdef CONFIG_TRACING
910 #define trace(sym) trace_##sym
911 #define smp_trace(sym) smp_trace_##sym
913 .macro trace_apicinterrupt num sym
914 apicinterrupt3 \num trace(\sym) smp_trace(\sym)
917 .macro trace_apicinterrupt num sym do_sym
921 .macro apicinterrupt num sym do_sym
922 apicinterrupt3 \num \sym \do_sym
923 trace_apicinterrupt \num \sym
927 apicinterrupt3 IRQ_MOVE_CLEANUP_VECTOR \
928 irq_move_cleanup_interrupt smp_irq_move_cleanup_interrupt
929 apicinterrupt3 REBOOT_VECTOR \
930 reboot_interrupt smp_reboot_interrupt
934 apicinterrupt3 UV_BAU_MESSAGE \
935 uv_bau_message_intr1 uv_bau_message_interrupt
937 apicinterrupt LOCAL_TIMER_VECTOR \
938 apic_timer_interrupt smp_apic_timer_interrupt
939 apicinterrupt X86_PLATFORM_IPI_VECTOR \
940 x86_platform_ipi smp_x86_platform_ipi
942 #ifdef CONFIG_HAVE_KVM
943 apicinterrupt3 POSTED_INTR_VECTOR \
944 kvm_posted_intr_ipi smp_kvm_posted_intr_ipi
947 #ifdef CONFIG_X86_MCE_THRESHOLD
948 apicinterrupt THRESHOLD_APIC_VECTOR \
949 threshold_interrupt smp_threshold_interrupt
952 #ifdef CONFIG_X86_THERMAL_VECTOR
953 apicinterrupt THERMAL_APIC_VECTOR \
954 thermal_interrupt smp_thermal_interrupt
958 apicinterrupt CALL_FUNCTION_SINGLE_VECTOR \
959 call_function_single_interrupt smp_call_function_single_interrupt
960 apicinterrupt CALL_FUNCTION_VECTOR \
961 call_function_interrupt smp_call_function_interrupt
962 apicinterrupt RESCHEDULE_VECTOR \
963 reschedule_interrupt smp_reschedule_interrupt
966 apicinterrupt ERROR_APIC_VECTOR \
967 error_interrupt smp_error_interrupt
968 apicinterrupt SPURIOUS_APIC_VECTOR \
969 spurious_interrupt smp_spurious_interrupt
971 #ifdef CONFIG_IRQ_WORK
972 apicinterrupt IRQ_WORK_VECTOR \
973 irq_work_interrupt smp_irq_work_interrupt
977 * Exception entry points.
979 #define CPU_TSS_IST(x) PER_CPU_VAR(cpu_tss) + (TSS_ist + ((x) - 1) * 8)
981 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
984 .if \shift_ist != -1 && \paranoid == 0
985 .error "using shift_ist requires paranoid=1"
995 PARAVIRT_ADJUST_EXCEPTION_FRAME
997 .ifeq \has_error_code
998 pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
1001 ALLOC_PT_GPREGS_ON_STACK
1006 testl $3, CS(%rsp) /* If coming from userspace, switch */
1007 jnz 1f /* stacks. */
1013 /* returned flag: ebx=0: need swapgs on exit, ebx=1: don't need it */
1018 .if \shift_ist != -1
1019 TRACE_IRQS_OFF_DEBUG /* reload IDT in case of recursion */
1025 movq %rsp,%rdi /* pt_regs pointer */
1028 movq ORIG_RAX(%rsp),%rsi /* get error code */
1029 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
1031 xorl %esi,%esi /* no error code */
1034 .if \shift_ist != -1
1035 subq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
1040 .if \shift_ist != -1
1041 addq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
1044 /* these procedures expect "no swapgs" flag in ebx */
1054 * Paranoid entry from userspace. Switch stacks and treat it
1055 * as a normal entry. This means that paranoid handlers
1056 * run in real process context if user_mode(regs).
1063 movq %rsp,%rdi /* pt_regs pointer */
1065 movq %rax,%rsp /* switch stack */
1067 movq %rsp,%rdi /* pt_regs pointer */
1070 movq ORIG_RAX(%rsp),%rsi /* get error code */
1071 movq $-1,ORIG_RAX(%rsp) /* no syscall to restart */
1073 xorl %esi,%esi /* no error code */
1078 jmp error_exit /* %ebx: no swapgs flag */
1085 #ifdef CONFIG_TRACING
1086 .macro trace_idtentry sym do_sym has_error_code:req
1087 idtentry trace(\sym) trace(\do_sym) has_error_code=\has_error_code
1088 idtentry \sym \do_sym has_error_code=\has_error_code
1091 .macro trace_idtentry sym do_sym has_error_code:req
1092 idtentry \sym \do_sym has_error_code=\has_error_code
1096 idtentry divide_error do_divide_error has_error_code=0
1097 idtentry overflow do_overflow has_error_code=0
1098 idtentry bounds do_bounds has_error_code=0
1099 idtentry invalid_op do_invalid_op has_error_code=0
1100 idtentry device_not_available do_device_not_available has_error_code=0
1101 idtentry double_fault do_double_fault has_error_code=1 paranoid=2
1102 idtentry coprocessor_segment_overrun do_coprocessor_segment_overrun has_error_code=0
1103 idtentry invalid_TSS do_invalid_TSS has_error_code=1
1104 idtentry segment_not_present do_segment_not_present has_error_code=1
1105 idtentry spurious_interrupt_bug do_spurious_interrupt_bug has_error_code=0
1106 idtentry coprocessor_error do_coprocessor_error has_error_code=0
1107 idtentry alignment_check do_alignment_check has_error_code=1
1108 idtentry simd_coprocessor_error do_simd_coprocessor_error has_error_code=0
1111 /* Reload gs selector with exception handling */
1112 /* edi: new selector */
1113 ENTRY(native_load_gs_index)
1116 DISABLE_INTERRUPTS(CLBR_ANY & ~CLBR_RDI)
1120 2: mfence /* workaround */
1125 END(native_load_gs_index)
1127 _ASM_EXTABLE(gs_change,bad_gs)
1128 .section .fixup,"ax"
1129 /* running with kernelgs */
1131 SWAPGS /* switch back to user gs */
1137 #ifndef CONFIG_PREEMPT_RT_FULL
1138 /* Call softirq on interrupt stack. Interrupts are off. */
1139 ENTRY(do_softirq_own_stack)
1142 CFI_REL_OFFSET rbp,0
1144 CFI_DEF_CFA_REGISTER rbp
1145 incl PER_CPU_VAR(irq_count)
1146 cmove PER_CPU_VAR(irq_stack_ptr),%rsp
1147 push %rbp # backlink for old unwinder
1151 CFI_DEF_CFA_REGISTER rsp
1152 CFI_ADJUST_CFA_OFFSET -8
1153 decl PER_CPU_VAR(irq_count)
1156 END(do_softirq_own_stack)
1160 idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
1163 * A note on the "critical region" in our callback handler.
1164 * We want to avoid stacking callback handlers due to events occurring
1165 * during handling of the last event. To do this, we keep events disabled
1166 * until we've done all processing. HOWEVER, we must enable events before
1167 * popping the stack frame (can't be done atomically) and so it would still
1168 * be possible to get enough handler activations to overflow the stack.
1169 * Although unlikely, bugs of that kind are hard to track down, so we'd
1170 * like to avoid the possibility.
1171 * So, on entry to the handler we detect whether we interrupted an
1172 * existing activation in its critical region -- if so, we pop the current
1173 * activation and restart the handler using the previous one.
1175 ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
1178 * Since we don't modify %rdi, evtchn_do_upall(struct *pt_regs) will
1179 * see the correct pointer to the pt_regs
1181 movq %rdi, %rsp # we don't return, adjust the stack frame
1184 11: incl PER_CPU_VAR(irq_count)
1186 CFI_DEF_CFA_REGISTER rbp
1187 cmovzq PER_CPU_VAR(irq_stack_ptr),%rsp
1188 pushq %rbp # backlink for old unwinder
1189 call xen_evtchn_do_upcall
1191 CFI_DEF_CFA_REGISTER rsp
1192 decl PER_CPU_VAR(irq_count)
1193 #ifndef CONFIG_PREEMPT
1194 call xen_maybe_preempt_hcall
1198 END(xen_do_hypervisor_callback)
1201 * Hypervisor uses this for application faults while it executes.
1202 * We get here for two reasons:
1203 * 1. Fault while reloading DS, ES, FS or GS
1204 * 2. Fault while executing IRET
1205 * Category 1 we do not need to fix up as Xen has already reloaded all segment
1206 * registers that could be reloaded and zeroed the others.
1207 * Category 2 we fix up by killing the current process. We cannot use the
1208 * normal Linux return path in this case because if we use the IRET hypercall
1209 * to pop the stack frame we end up in an infinite loop of failsafe callbacks.
1210 * We distinguish between categories by comparing each saved segment register
1211 * with its current contents: any discrepancy means we in category 1.
1213 ENTRY(xen_failsafe_callback)
1215 /*CFI_REL_OFFSET gs,GS*/
1216 /*CFI_REL_OFFSET fs,FS*/
1217 /*CFI_REL_OFFSET es,ES*/
1218 /*CFI_REL_OFFSET ds,DS*/
1219 CFI_REL_OFFSET r11,8
1220 CFI_REL_OFFSET rcx,0
1234 /* All segments match their saved values => Category 2 (Bad IRET). */
1240 CFI_ADJUST_CFA_OFFSET -0x30
1241 pushq_cfi $0 /* RIP */
1244 jmp general_protection
1246 1: /* Segment mismatch => Category 1 (Bad segment). Retry the IRET. */
1252 CFI_ADJUST_CFA_OFFSET -0x30
1253 pushq_cfi $-1 /* orig_ax = -1 => not a system call */
1254 ALLOC_PT_GPREGS_ON_STACK
1259 END(xen_failsafe_callback)
1261 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
1262 xen_hvm_callback_vector xen_evtchn_do_upcall
1264 #endif /* CONFIG_XEN */
1266 #if IS_ENABLED(CONFIG_HYPERV)
1267 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
1268 hyperv_callback_vector hyperv_vector_handler
1269 #endif /* CONFIG_HYPERV */
1271 idtentry debug do_debug has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
1272 idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
1273 idtentry stack_segment do_stack_segment has_error_code=1
1275 idtentry xen_debug do_debug has_error_code=0
1276 idtentry xen_int3 do_int3 has_error_code=0
1277 idtentry xen_stack_segment do_stack_segment has_error_code=1
1279 idtentry general_protection do_general_protection has_error_code=1
1280 trace_idtentry page_fault do_page_fault has_error_code=1
1281 #ifdef CONFIG_KVM_GUEST
1282 idtentry async_page_fault do_async_page_fault has_error_code=1
1284 #ifdef CONFIG_X86_MCE
1285 idtentry machine_check has_error_code=0 paranoid=1 do_sym=*machine_check_vector(%rip)
1289 * Save all registers in pt_regs, and switch gs if needed.
1290 * Use slow, but surefire "are we in kernel?" check.
1291 * Return: ebx=0: need swapgs on exit, ebx=1: otherwise
1293 ENTRY(paranoid_entry)
1299 movl $MSR_GS_BASE,%ecx
1302 js 1f /* negative -> in kernel */
1310 * "Paranoid" exit path from exception stack. This is invoked
1311 * only on return from non-NMI IST interrupts that came
1312 * from kernel space.
1314 * We may be returning to very strange contexts (e.g. very early
1315 * in syscall entry), so checking for preemption here would
1316 * be complicated. Fortunately, we there's no good reason
1317 * to try to handle preemption here.
1319 /* On entry, ebx is "no swapgs" flag (1: don't need swapgs, 0: need it) */
1320 ENTRY(paranoid_exit)
1322 DISABLE_INTERRUPTS(CLBR_NONE)
1323 TRACE_IRQS_OFF_DEBUG
1324 testl %ebx,%ebx /* swapgs needed? */
1325 jnz paranoid_exit_no_swapgs
1328 jmp paranoid_exit_restore
1329 paranoid_exit_no_swapgs:
1330 TRACE_IRQS_IRETQ_DEBUG
1331 paranoid_exit_restore:
1334 REMOVE_PT_GPREGS_FROM_STACK 8
1340 * Save all registers in pt_regs, and switch gs if needed.
1341 * Return: ebx=0: need swapgs on exit, ebx=1: otherwise
1350 je error_kernelspace
1358 * There are two places in the kernel that can potentially fault with
1359 * usergs. Handle them here. B stepping K8s sometimes report a
1360 * truncated RIP for IRET exceptions returning to compat mode. Check
1361 * for these here too.
1364 CFI_REL_OFFSET rcx, RCX+8
1366 leaq native_irq_return_iret(%rip),%rcx
1367 cmpq %rcx,RIP+8(%rsp)
1369 movl %ecx,%eax /* zero extend */
1370 cmpq %rax,RIP+8(%rsp)
1372 cmpq $gs_change,RIP+8(%rsp)
1377 /* Fix truncated RIP */
1378 movq %rcx,RIP+8(%rsp)
1386 decl %ebx /* Return to usergs */
1392 /* On entry, ebx is "no swapgs" flag (1: don't need swapgs, 0: need it) */
1397 DISABLE_INTERRUPTS(CLBR_NONE)
1399 GET_THREAD_INFO(%rcx)
1402 LOCKDEP_SYS_EXIT_IRQ
1403 movl TI_flags(%rcx),%edx
1404 movl $_TIF_WORK_MASK,%edi
1411 /* Runs on exception stack */
1414 PARAVIRT_ADJUST_EXCEPTION_FRAME
1416 * We allow breakpoints in NMIs. If a breakpoint occurs, then
1417 * the iretq it performs will take us out of NMI context.
1418 * This means that we can have nested NMIs where the next
1419 * NMI is using the top of the stack of the previous NMI. We
1420 * can't let it execute because the nested NMI will corrupt the
1421 * stack of the previous NMI. NMI handlers are not re-entrant
1424 * To handle this case we do the following:
1425 * Check the a special location on the stack that contains
1426 * a variable that is set when NMIs are executing.
1427 * The interrupted task's stack is also checked to see if it
1429 * If the variable is not set and the stack is not the NMI
1431 * o Set the special variable on the stack
1432 * o Copy the interrupt frame into an "outermost" location on the
1434 * o Copy the interrupt frame into an "iret" location on the stack
1435 * o Continue processing the NMI
1436 * If the variable is set or the previous stack is the NMI stack:
1437 * o Modify the "iret" location to jump to the repeat_nmi
1438 * o return back to the first NMI
1440 * Now on exit of the first NMI, we first clear the stack variable
1441 * The NMI stack will tell any nested NMIs at that point that it is
1442 * nested. Then we pop the stack normally with iret, and if there was
1443 * a nested NMI that updated the copy interrupt stack frame, a
1444 * jump will be made to the repeat_nmi code that will handle the second
1447 * However, espfix prevents us from directly returning to userspace
1448 * with a single IRET instruction. Similarly, IRET to user mode
1449 * can fault. We therefore handle NMIs from user space like
1450 * other IST entries.
1453 /* Use %rdx as our temp variable throughout */
1455 CFI_REL_OFFSET rdx, 0
1457 testb $3, CS-RIP+8(%rsp)
1458 jz .Lnmi_from_kernel
1461 * NMI from user mode. We need to run on the thread stack, but we
1462 * can't go through the normal entry paths: NMIs are masked, and
1463 * we don't want to enable interrupts, because then we'll end
1464 * up in an awkward situation in which IRQs are on but NMIs
1471 movq PER_CPU_VAR(kernel_stack), %rsp
1472 pushq 5*8(%rdx) /* pt_regs->ss */
1473 pushq 4*8(%rdx) /* pt_regs->rsp */
1474 pushq 3*8(%rdx) /* pt_regs->flags */
1475 pushq 2*8(%rdx) /* pt_regs->cs */
1476 pushq 1*8(%rdx) /* pt_regs->rip */
1477 pushq $-1 /* pt_regs->orig_ax */
1478 pushq %rdi /* pt_regs->di */
1479 pushq %rsi /* pt_regs->si */
1480 pushq (%rdx) /* pt_regs->dx */
1481 pushq %rcx /* pt_regs->cx */
1482 pushq %rax /* pt_regs->ax */
1483 pushq %r8 /* pt_regs->r8 */
1484 pushq %r9 /* pt_regs->r9 */
1485 pushq %r10 /* pt_regs->r10 */
1486 pushq %r11 /* pt_regs->r11 */
1487 pushq %rbx /* pt_regs->rbx */
1488 pushq %rbp /* pt_regs->rbp */
1489 pushq %r12 /* pt_regs->r12 */
1490 pushq %r13 /* pt_regs->r13 */
1491 pushq %r14 /* pt_regs->r14 */
1492 pushq %r15 /* pt_regs->r15 */
1495 * At this point we no longer need to worry about stack damage
1496 * due to nesting -- we're on the normal thread stack and we're
1497 * done with the NMI stack.
1504 * Return back to user mode. We must *not* do the normal exit
1505 * work, because we don't want to enable interrupts. Fortunately,
1506 * do_nmi doesn't modify pt_regs.
1509 jmp restore_c_regs_and_iret
1513 * Here's what our stack frame will look like:
1514 * +---------------------------------------------------------+
1516 * | original Return RSP |
1517 * | original RFLAGS |
1520 * +---------------------------------------------------------+
1521 * | temp storage for rdx |
1522 * +---------------------------------------------------------+
1523 * | "NMI executing" variable |
1524 * +---------------------------------------------------------+
1525 * | iret SS } Copied from "outermost" frame |
1526 * | iret Return RSP } on each loop iteration; overwritten |
1527 * | iret RFLAGS } by a nested NMI to force another |
1528 * | iret CS } iteration if needed. |
1530 * +---------------------------------------------------------+
1531 * | outermost SS } initialized in first_nmi; |
1532 * | outermost Return RSP } will not be changed before |
1533 * | outermost RFLAGS } NMI processing is done. |
1534 * | outermost CS } Copied to "iret" frame on each |
1535 * | outermost RIP } iteration. |
1536 * +---------------------------------------------------------+
1538 * +---------------------------------------------------------+
1540 * The "original" frame is used by hardware. Before re-enabling
1541 * NMIs, we need to be done with it, and we need to leave enough
1542 * space for the asm code here.
1544 * We return by executing IRET while RSP points to the "iret" frame.
1545 * That will either return for real or it will loop back into NMI
1548 * The "outermost" frame is copied to the "iret" frame on each
1549 * iteration of the loop, so each iteration starts with the "iret"
1550 * frame pointing to the final return target.
1554 * Determine whether we're a nested NMI.
1556 * If we interrupted kernel code between repeat_nmi and
1557 * end_repeat_nmi, then we are a nested NMI. We must not
1558 * modify the "iret" frame because it's being written by
1559 * the outer NMI. That's okay; the outer NMI handler is
1560 * about to about to call do_nmi anyway, so we can just
1561 * resume the outer NMI.
1564 movq $repeat_nmi, %rdx
1567 movq $end_repeat_nmi, %rdx
1573 * Now check "NMI executing". If it's set, then we're nested.
1574 * This will not detect if we interrupted an outer NMI just
1581 * Now test if the previous stack was an NMI stack. This covers
1582 * the case where we interrupt an outer NMI after it clears
1583 * "NMI executing" but before IRET. We need to be careful, though:
1584 * there is one case in which RSP could point to the NMI stack
1585 * despite there being no NMI active: naughty userspace controls
1586 * RSP at the very beginning of the SYSCALL targets. We can
1587 * pull a fast one on naughty userspace, though: we program
1588 * SYSCALL to mask DF, so userspace cannot cause DF to be set
1589 * if it controls the kernel's RSP. We set DF before we clear
1593 /* Compare the NMI stack (rdx) with the stack we came from (4*8(%rsp)) */
1594 cmpq %rdx, 4*8(%rsp)
1595 /* If the stack pointer is above the NMI stack, this is a normal NMI */
1597 subq $EXCEPTION_STKSZ, %rdx
1598 cmpq %rdx, 4*8(%rsp)
1599 /* If it is below the NMI stack, it is a normal NMI */
1602 /* Ah, it is within the NMI stack. */
1604 testb $(X86_EFLAGS_DF >> 8), (3*8 + 1)(%rsp)
1605 jz first_nmi /* RSP was user controlled. */
1607 /* This is a nested NMI. */
1613 * Modify the "iret" frame to point to repeat_nmi, forcing another
1614 * iteration of NMI handling.
1616 leaq -1*8(%rsp), %rdx
1618 CFI_ADJUST_CFA_OFFSET 1*8
1619 leaq -10*8(%rsp), %rdx
1620 pushq_cfi $__KERNEL_DS
1623 pushq_cfi $__KERNEL_CS
1624 pushq_cfi $repeat_nmi
1626 /* Put stack back */
1628 CFI_ADJUST_CFA_OFFSET -6*8
1634 /* We are returning to kernel mode, so this cannot result in a fault. */
1643 /* Set "NMI executing" on the stack. */
1646 /* Leave room for the "iret" frame */
1648 CFI_ADJUST_CFA_OFFSET 5*8
1650 /* Copy the "original" frame to the "outermost" frame */
1652 pushq_cfi 11*8(%rsp)
1654 CFI_DEF_CFA_OFFSET 5*8
1656 /* Everything up to here is safe from nested NMIs */
1660 * If there was a nested NMI, the first NMI's iret will return
1661 * here. But NMIs are still enabled and we can take another
1662 * nested NMI. The nested NMI checks the interrupted RIP to see
1663 * if it is between repeat_nmi and end_repeat_nmi, and if so
1664 * it will just return, as we are about to repeat an NMI anyway.
1665 * This makes it safe to copy to the stack frame that a nested
1668 * RSP is pointing to "outermost RIP". gsbase is unknown, but, if
1669 * we're repeating an NMI, gsbase has the same value that it had on
1670 * the first iteration. paranoid_entry will load the kernel
1671 * gsbase if needed before we call do_nmi.
1673 * Set "NMI executing" in case we came back here via IRET.
1678 * Copy the "outermost" frame to the "iret" frame. NMIs that nest
1679 * here must not modify the "iret" frame while we're writing to
1680 * it or it will end up containing garbage.
1683 CFI_ADJUST_CFA_OFFSET -10*8
1685 pushq_cfi -6*8(%rsp)
1688 CFI_DEF_CFA_OFFSET 5*8
1692 * Everything below this point can be preempted by a nested NMI.
1693 * If this happens, then the inner NMI will change the "iret"
1694 * frame to point back to repeat_nmi.
1696 pushq_cfi $-1 /* ORIG_RAX: no syscall to restart */
1697 ALLOC_PT_GPREGS_ON_STACK
1700 * Use paranoid_entry to handle SWAPGS, but no need to use paranoid_exit
1701 * as we should not be calling schedule in NMI context.
1702 * Even with normal interrupts enabled. An NMI should not be
1703 * setting NEED_RESCHED or anything that normal interrupts and
1704 * exceptions might do.
1709 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
1714 testl %ebx,%ebx /* swapgs needed? */
1722 /* Point RSP at the "iret" frame. */
1723 REMOVE_PT_GPREGS_FROM_STACK 6*8
1726 * Clear "NMI executing". Set DF first so that we can easily
1727 * distinguish the remaining code between here and IRET from
1728 * the SYSCALL entry and exit paths. On a native kernel, we
1729 * could just inspect RIP, but, on paravirt kernels,
1730 * INTERRUPT_RETURN can translate into a jump into a
1734 movq $0, 5*8(%rsp) /* clear "NMI executing" */
1737 * INTERRUPT_RETURN reads the "iret" frame and exits the NMI
1738 * stack in a single instruction. We are returning to kernel
1739 * mode, so this cannot result in a fault.
1745 ENTRY(ignore_sysret)