From nobody Thu Sep 08 17:00:09 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MNljn1qd0z4cVh2; Thu, 8 Sep 2022 17:00:13 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MNljn1J5yz3ZCM; Thu, 8 Sep 2022 17:00:13 +0000 (UTC) (envelope-from tijl@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1662656413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E3VBmM8JoL/5rXTdyoNV8LnnIz+DiqhdbdAxtDnn2iU=; b=XAQBrPQlL7iA8BwisXYaibnn39ntc4vFwypvg4VP5x9AszxhrOvU7R4zlJYfa/BNvMDlS+ SQLQyp7Lb1FvwercF9b53H8PpoGf05Xz3nnVIrgB8Xy+CAA6j14vo8y3SVzf4lP6l1UXfr r+iwVqk/M0ALvycI0Hdp9sd3OqYZ1Ky//Q9DFjIThuD35C7UpasPbhPraTfdWW+saQ4Mdz 9vT7Bw78aGAlDd3ItESMt2qrImsdrj+VClmGT36L0sZi3t8JUzk0S97Aiz5EWRKWtgBECM NjqYKyS3zZBhhLsWU0KXsouGplqqBp1IMVJF4/LzB/xzmWTr7JsQtz6Rk2G4hw== Received: from localhost (unknown [IPv6:2a02:a03f:894b:4700:fd1e:4ba8:eecd:e544]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: tijl) by smtp.freebsd.org (Postfix) with ESMTPSA id 4MNljm2ctzz18yQ; Thu, 8 Sep 2022 17:00:12 +0000 (UTC) (envelope-from tijl@FreeBSD.org) Date: Thu, 8 Sep 2022 19:00:09 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans To: Konstantin Belousov Cc: pho@freebsd.org, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 95f773e59482 - main - i386 copyout_fast: improve detection of a fault on accessing userspace Message-ID: <20220908190009.6377b71a@FreeBSD.org> In-Reply-To: <20220908144909.7e6a0d6b@FreeBSD.org> References: <202208241925.27OJP9Fh069091@gitrepo.freebsd.org> <20220906171826.1629cfcf@FreeBSD.org> <20220906231745.1a0f3c15@FreeBSD.org> <20220907183804.29829b14@FreeBSD.org> <20220908144909.7e6a0d6b@FreeBSD.org> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1662656413; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E3VBmM8JoL/5rXTdyoNV8LnnIz+DiqhdbdAxtDnn2iU=; b=lBv4ZoR90n6ZFlG3gzpj0CFtg1CX3FiTipPbW2ydW/ls2d9/UyRR2ysFL7nER5pXYCE4I/ k2CsAs7U6f8szxDrDeAfshIDuH4t+wlegYf4UCUsiCg1fkAI0+KZt9eFXUKSZEmDc5WsR9 LiRKV8jC0ukoO9V2+B3xQ9Dkd7OUbFImOugTtK/qDehFPpJD7Gb5ocir6PoXEwa5+bb1+M nVMyayKQq3NrXbn3iYB7bUagkFjQTUYRSV44H4AfkWW5oW6emo01F4xDi2UicHMSLKTuTa HZGYLHppAwKJ9MyZ/lisYXzNkUGwXtR0aKJGyOyE1VQyAnqeTxqdyKRGcDVczA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1662656413; a=rsa-sha256; cv=none; b=AeJglf6iXkzRhTe5+cY4K2SEAdl07yzc86XQPD9k/3HR3geyY6feSpgsi/J3/dDPQemmUx E62eBecoskSrLgDDnWYEO66Jwzxx0sf1dg3+7SuLSgTP7/lcMSK2bgbvrxUEgnjO/GXSYD 5AnOA5QWhOi/CJ3M+HSZvyX+xEEysMlBh950A3JhA2K5TDz+LazV3cfb7KLqIsG5Zx1+FE cJcV1ZQoXSf++1uJaktzeXOo1s/VsaACyMRfc0rBupzzyBxpqQhXyPROQoOHAER6a269Hz NTQpCrDk7fBBO5dzDPIkl2Js/1fW0dyxrR2eGvPdJQy0hYubhP3PcITtQJUlzw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On Thu, 8 Sep 2022 14:49:09 +0200 T=C4=B3l Coosemans wro= te: > On Wed, 7 Sep 2022 23:18:32 +0300 Konstantin Belousov > wrote: > > On Wed, Sep 07, 2022 at 06:38:04PM +0200, T=C4=B3l Coosemans wrote: =20 > >> So interrupts must have been reenabled somehow, probably by the page > >> fault handler, and this allows context switches and then another proce= ss > >> can call copyout or copyin and corrupt the trampoline stack and > >> copyout_buf. =20 > > I do not see where the interrupts could be reenabled in copyout_fast pa= th, > > without or with page fault on the userspace access. =20 >=20 > The problem is not with userspace page faults. Those are treated > specially by the page fault handler in exception.s causing copyout_fast > and copyin_fast to return immediately with EFAULT so copyout and copyin > fall back to doing a slow copy. >=20 > The problem is with page faults on the kernel space accesses. Before > this commit they were also treated specially, and now they are not. Now= =20 > the page fault handler in exception.s calls trap() which calls > trap_pfault() etc. And trap() contains this: if (trap_enable_intr(type) && td->td_md.md_spinlock_count =3D=3D 0 && frame->tf_eip !=3D (int)cpu_switch_load_gs) enable_intr(); Where trap_enable_intr(T_PAGEFLT) returns true and enable_intr() is sti.