git: 2eddd8ebf96a - main - i386: explain the handshake between copyout_fast.s and page fault handler

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Wed, 14 Sep 2022 15:57:46 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=2eddd8ebf96a83fdb01d1a7e45e2d652aa05f4b8

commit 2eddd8ebf96a83fdb01d1a7e45e2d652aa05f4b8
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-09-09 20:44:48 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-09-14 15:47:57 +0000

    i386: explain the handshake between copyout_fast.s and page fault handler
    
    Tested by:      pho
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
---
 sys/i386/i386/copyout_fast.s | 11 +++++++++++
 sys/i386/i386/exception.s    | 33 ++++++++++++++++++++++-----------
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/sys/i386/i386/copyout_fast.s b/sys/i386/i386/copyout_fast.s
index 4391f36b18e4..2aa17a5c45c8 100644
--- a/sys/i386/i386/copyout_fast.s
+++ b/sys/i386/i386/copyout_fast.s
@@ -37,6 +37,17 @@
 
 #include "assym.inc"
 
+/*
+ * Fast path for copyout code.  We switch to user space %cr3 and perform
+ * move operation between user memory and copyout buffer, located in the
+ * trampoline area.  We must switch to trampoline stack, because both
+ * user and kernel buffer accesses might cause page fault.
+ *
+ * Page fault handler expects %edx to point to the onfault routine.
+ * Handler switches to idlePTD and calls the routine.
+ * The routine must restore the stack, enable interrupts, and
+ * return to the caller, informing it about failure.
+ */
 	.text
 
 ENTRY(copyout_fast)
diff --git a/sys/i386/i386/exception.s b/sys/i386/i386/exception.s
index a2a6f5311a87..1a950b80b9b6 100644
--- a/sys/i386/i386/exception.s
+++ b/sys/i386/i386/exception.s
@@ -130,15 +130,25 @@ IDTVEC(prot)
 	jmp	irettraps
 IDTVEC(page)
 	testl	$PSL_VM, TF_EFLAGS-TF_ERR(%esp)
-	jnz	6f
+	jnz	upf
 	testb	$SEL_RPL_MASK, TF_CS-TF_ERR(%esp)
-	jnz	6f
+	jnz	upf
 	cmpl	$PMAP_TRM_MIN_ADDRESS, TF_EIP-TF_ERR(%esp)
-	jb	6f
+	jb	upf
+
+	/*
+	 * This is a handshake between copyout_fast.s and page fault
+	 * handler.  We check for page fault occuring at the special
+	 * places in the copyout fast path, where page fault can
+	 * legitimately happen while accessing either user space or
+	 * kernel pageable memory, and return control to *%edx.
+	 * We switch to the idleptd page table from a user page table,
+	 * if needed.
+	 */
 	pushl	%eax
 	movl	TF_EIP-TF_ERR+4(%esp), %eax
 	addl	$1f, %eax
-	call	7f
+	call	5f
 1:	cmpl	$pf_x1, %eax
 	je	2f
 	cmpl	$pf_x2, %eax
@@ -159,23 +169,24 @@ IDTVEC(page)
 	je	4f
 	cmpl	$pf_y2, %eax
 	je	4f
-	jmp	5f
+	jmp	upf_eax
 2:	movl	$tramp_idleptd, %eax
 	subl	$3f, %eax
-	call	8f
+	call	6f
 3:	movl	(%eax), %eax
 	movl	%eax, %cr3
 4:	popl	%eax
 	movl	%edx, TF_EIP-TF_ERR(%esp)
 	addl	$4, %esp
 	iret
-5:	popl	%eax
-6:	pushl	$T_PAGEFLT
-	jmp	alltraps
-7:	subl	(%esp), %eax
+5:	subl	(%esp), %eax
 	retl
-8:	addl	(%esp), %eax
+6:	addl	(%esp), %eax
 	retl
+
+upf_eax:popl	%eax
+upf:	pushl	$T_PAGEFLT
+	jmp	alltraps
 IDTVEC(rsvd_pti)
 IDTVEC(rsvd)
 	pushl $0; TRAP(T_RESERVED)