git: de7a32eaa528 - stable/13 - i386: explain the handshake between copyout_fast.s and page fault handler
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Sep 2022 09:30:09 UTC
The branch stable/13 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=de7a32eaa5284cb400c7cd16839fe6df0dcd0659 commit de7a32eaa5284cb400c7cd16839fe6df0dcd0659 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2022-09-09 20:44:48 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2022-09-21 09:29:02 +0000 i386: explain the handshake between copyout_fast.s and page fault handler (cherry picked from commit 2eddd8ebf96a83fdb01d1a7e45e2d652aa05f4b8) --- sys/i386/i386/copyout_fast.s | 11 +++++++++++ sys/i386/i386/exception.s | 33 ++++++++++++++++++++++----------- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/sys/i386/i386/copyout_fast.s b/sys/i386/i386/copyout_fast.s index 4391f36b18e4..2aa17a5c45c8 100644 --- a/sys/i386/i386/copyout_fast.s +++ b/sys/i386/i386/copyout_fast.s @@ -37,6 +37,17 @@ #include "assym.inc" +/* + * Fast path for copyout code. We switch to user space %cr3 and perform + * move operation between user memory and copyout buffer, located in the + * trampoline area. We must switch to trampoline stack, because both + * user and kernel buffer accesses might cause page fault. + * + * Page fault handler expects %edx to point to the onfault routine. + * Handler switches to idlePTD and calls the routine. + * The routine must restore the stack, enable interrupts, and + * return to the caller, informing it about failure. + */ .text ENTRY(copyout_fast) diff --git a/sys/i386/i386/exception.s b/sys/i386/i386/exception.s index 73d77e289e7a..010fc743dfa0 100644 --- a/sys/i386/i386/exception.s +++ b/sys/i386/i386/exception.s @@ -133,15 +133,25 @@ IDTVEC(prot) jmp irettraps IDTVEC(page) testl $PSL_VM, TF_EFLAGS-TF_ERR(%esp) - jnz 6f + jnz upf testb $SEL_RPL_MASK, TF_CS-TF_ERR(%esp) - jnz 6f + jnz upf cmpl $PMAP_TRM_MIN_ADDRESS, TF_EIP-TF_ERR(%esp) - jb 6f + jb upf + + /* + * This is a handshake between copyout_fast.s and page fault + * handler. We check for page fault occuring at the special + * places in the copyout fast path, where page fault can + * legitimately happen while accessing either user space or + * kernel pageable memory, and return control to *%edx. + * We switch to the idleptd page table from a user page table, + * if needed. + */ pushl %eax movl TF_EIP-TF_ERR+4(%esp), %eax addl $1f, %eax - call 7f + call 5f 1: cmpl $pf_x1, %eax je 2f cmpl $pf_x2, %eax @@ -162,23 +172,24 @@ IDTVEC(page) je 4f cmpl $pf_y2, %eax je 4f - jmp 5f + jmp upf_eax 2: movl $tramp_idleptd, %eax subl $3f, %eax - call 8f + call 6f 3: movl (%eax), %eax movl %eax, %cr3 4: popl %eax movl %edx, TF_EIP-TF_ERR(%esp) addl $4, %esp iret -5: popl %eax -6: pushl $T_PAGEFLT - jmp alltraps -7: subl (%esp), %eax +5: subl (%esp), %eax retl -8: addl (%esp), %eax +6: addl (%esp), %eax retl + +upf_eax:popl %eax +upf: pushl $T_PAGEFLT + jmp alltraps IDTVEC(rsvd_pti) IDTVEC(rsvd) pushl $0; TRAP(T_RESERVED)