From owner-freebsd-arch@FreeBSD.ORG Fri Aug 2 15:32:21 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 73A63F50 for ; Fri, 2 Aug 2013 15:32:21 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from mho-02-ewr.mailhop.org (mho-02-ewr.mailhop.org [204.13.248.72]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 47D602C9F for ; Fri, 2 Aug 2013 15:32:20 +0000 (UTC) Received: from c-24-8-230-52.hsd1.co.comcast.net ([24.8.230.52] helo=damnhippie.dyndns.org) by mho-02-ewr.mailhop.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from ) id 1V5HL1-0009Ml-Tp; Fri, 02 Aug 2013 15:32:20 +0000 Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id r72FVYEP022775; Fri, 2 Aug 2013 09:31:34 -0600 (MDT) (envelope-from ian@FreeBSD.org) X-Mail-Handler: Dyn Standard SMTP by Dyn X-Originating-IP: 24.8.230.52 X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1/W/1+LO8epj8i6ZroHx49H Subject: Re: Fwd: Use of the PC value in interrupt/exception handlers From: Ian Lepore To: Piyus Kedia In-Reply-To: References: Content-Type: text/plain; charset="us-ascii" Date: Fri, 02 Aug 2013 09:31:33 -0600 Message-ID: <1375457493.45247.249.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Sorav Bansal , freebsd-arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2013 15:32:21 -0000 On Fri, 2013-08-02 at 19:08 +0900, Piyus Kedia wrote: > Dear all, > > We are working on developing a dynamic binary translator for the kernel. > Towards this, we wanted to confirm if the interrupted PC value pushed on > stack by an interrupt/exception is used by the interrupt/exception > handlers? For example, is the PC value compared against a fixed address to > determine the handler behaviour (like > Linux's page fault handler compares the faulting PC against an exception > table, to allow functions like copy_from_user to fault). > > Basically, we are wondering if it is safe to replace the pushed PC value on > stack by another value. This would be safe if the PC value is only used for > returning from interrupt, or for reading contents at that PC address (e.g., > to decode the instruction at current PC). It would be unsafe if the value > of the address itself is meaningful to the handler. > > We found that in FreeBSD segment-not-present exception handler checks the > trapped PC value against some fixed kernel PC by looking at the code, > except that it is only used for debugging purposes. It would be nice if > somebody could also confirm this. > > Thanks, > Piyus For the ARM architectures which use Restartable Atomic Sequences (RAS) to implement atomic operations, examining the value of the saved PC and possibly modifying it is how RAS works. See the PUSHFRAMEINSVC macro in sys/arm/include/asmacros.h. In a nutshell, the RAS code works by having userland code store the begin/end addresses of a small block of code that must be executed to completion without interruption to be correct. If an exception or interrupt happens while the PC is in that range, the exception-entry code implemented by PUSHFRAMEINSVC modifies the saved PC so that on return to userland, execution resumes at the beginning of the atomic sequence. -- Ian