From owner-freebsd-amd64@FreeBSD.ORG Mon Jan 29 12:16:50 2007 Return-Path: X-Original-To: freebsd-amd64@freebsd.org Delivered-To: freebsd-amd64@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 24E6716A403; Mon, 29 Jan 2007 12:16:50 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from relay02.kiev.sovam.com (relay02.kiev.sovam.com [62.64.120.197]) by mx1.freebsd.org (Postfix) with ESMTP id B3B7C13C4B7; Mon, 29 Jan 2007 12:16:49 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from [212.82.216.227] (helo=fw.zoral.com.ua) by relay02.kiev.sovam.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.60) (envelope-from ) id 1HBVAs-000H1Y-Bs; Mon, 29 Jan 2007 13:59:58 +0200 Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by fw.zoral.com.ua (8.13.4/8.13.4) with ESMTP id l0TBxhL9029470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 29 Jan 2007 13:59:43 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.13.8/8.13.8) with ESMTP id l0TBxh0g073759; Mon, 29 Jan 2007 13:59:43 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.13.8/8.13.8/Submit) id l0TBxgBA073758; Mon, 29 Jan 2007 13:59:42 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 29 Jan 2007 13:59:42 +0200 From: Kostik Belousov To: Jung-uk Kim Message-ID: <20070129115942.GA56152@deviant.kiev.zoral.com.ua> References: <200701261821.12274.jkim@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline In-Reply-To: <200701261821.12274.jkim@FreeBSD.org> User-Agent: Mutt/1.4.2.2i X-Virus-Scanned: ClamAV version 0.88.7, clamav-milter version 0.88.7 on fw.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-0.1 required=5.0 tests=ALL_TRUSTED,SPF_NEUTRAL autolearn=failed version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on fw.zoral.com.ua X-Scanner-Signature: feb28a81ec0850514d099b7346a2573b X-DrWeb-checked: yes X-SpamTest-Envelope-From: kostikbel@gmail.com X-SpamTest-Group-ID: 00000000 X-SpamTest-Info: Profiles 720 [Jan 28 2007] X-SpamTest-Info: helo_type=3 X-SpamTest-Info: {received from trusted relay: not dialup} X-SpamTest-Method: none X-SpamTest-Method: Local Lists X-SpamTest-Rate: 0 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release Cc: freebsd-emulation@freebsd.org, freebsd-amd64@freebsd.org Subject: Re: load_fs() and load_gs() X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 12:16:50 -0000 --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 26, 2007 at 06:21:09PM -0500, Jung-uk Kim wrote: > I have been chasing TLS problem for Linuxulator/amd64. The whole=20 > thing actually boils down to the following simulation: >=20 > ---------------- > #include > #include > #include > #include >=20 > static __thread u_int tls =3D 0xdeadbeef; >=20 > int > main(void) > { > #if defined(__amd64__) > u_int fs; > uint64_t fsbase; >=20 > fs =3D rfs(); > if (sysarch(AMD64_GET_FSBASE, &fsbase)) > return (-1); > printf("fsbase =3D 0x%lx, %%fs: 0x%08x, tls =3D 0x%x\n", > fsbase, fs, tls); >=20 > /* > * glibc does the following two calls. > * Note: Actually we don't do anything here > * but writing them back. > */ > if (sysarch(AMD64_SET_FSBASE, &fsbase)) > return (-1); > load_fs(fs); According to Intel docs, In 64-bit mode, memory accesses using FS-segment and GS-segment overrides are not checked for a runtime limit nor subjected to attribute-checking. Normal segment loads (MOV to Sreg and POP Sreg) into FS and GS load a standard 32-bit base value in the hidden portion of the segment descriptor register. The base address bits above the standard 32 bits are cleared to 0 to allow consistency for implementations that use less than 64 bits. So, by executing load_fs(fs), you effectively load some low (<=3D 2^32) val= ue into fs base (I suspect that it is just 0, since GUDATA_SEL has 0 as segment base, see gdt_segs in amd64/machdep.c). And then, mov %fs:0x0,%rax instruction just dereferences 0 instead of TLS. I suspect that Linux does not use that code sequence too, since behaviour on the segment register load in 64-bit mode is defined by CPU. >=20 > if (sysarch(AMD64_GET_FSBASE, &fsbase)) > return (-1); > printf("fsbase =3D 0x%lx, %%fs: 0x%08x, tls =3D 0x%x\n", > fsbase, rfs(), tls); > #elif defined(__i386__) > u_int gs; > uint32_t gsbase; >=20 > gs =3D rgs(); > if (sysarch(I386_GET_GSBASE, &gsbase)) > return (-1); > printf("gsbase =3D 0x%lx, %%gs: 0x%08x, tls =3D 0x%x\n", > gsbase, gs, tls); >=20 > /* > * glibc does the following two calls. > * Note: Actually we don't do anything here > * but writing them back. > */ > if (sysarch(I386_SET_GSBASE, &gsbase)) > return (-1); > load_gs(gs); Again, this load segment base hidden register from the segment descriptor in memory, that is 0. Access to tls would dereference NULL pointer. In 32-bit mode, the problem is that FreeBSD does not support segmentation (yet ?). >=20 > if (sysarch(I386_GET_GSBASE, &gsbase)) > return (-1); > printf("gsbase =3D 0x%lx, %%gs: 0x%08x, tls =3D 0x%x\n", > gsbase, rgs(), tls); > #endif >=20 > return (0); > } > ---------------- >=20 > If you run it on amd64 (both amd64 and i386 binaries), it segfaults=20 > at: >=20 > mov %fs:0x0,%rax (amd64) >=20 > or >=20 > mov %gs:0x0,%eax (i386) >=20 > which is basically reading tls. Why does it segfaults when we just=20 > read and write them back? Can anyone enlighten me? In normal situation, when segment registers are not reloaded, the IA32_FS_BASE and IA32_GS_BASE MSRs define the actual base used when fs: or gs: segment override is supplied (that is set by sysarch(XXX_SET_XSBASE) syscalls). In fact, it seems that kernel uses only gs: for per-cpu data, and completely ignores fs base. Due to this, IA32_FS_BASE is changed only on thread context switch. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFveGtC3+MBN1Mb4gRApCgAKDXNPUkS5liGv8wCFiNCALKKbvvmACdEEDF Iei4lesQuXChJalTg+4M2RM= =2hyj -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--