From owner-freebsd-ia64@FreeBSD.ORG Fri Sep 1 09:03:06 2006 Return-Path: X-Original-To: ia64@FreeBSD.org Delivered-To: freebsd-ia64@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B61C416A4DD; Fri, 1 Sep 2006 09:03:06 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6153643D46; Fri, 1 Sep 2006 09:03:06 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id DC4BC46D9B; Fri, 1 Sep 2006 05:03:05 -0400 (EDT) Date: Fri, 1 Sep 2006 10:03:05 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Peter Chubb In-Reply-To: <87hczsasl5.wl%peterc@quokka.chubb.wattle.id.au> Message-ID: <20060901095744.Q4921@fledge.watson.org> References: <20060901080402.W97485@fledge.watson.org> <87irk8at9i.wl%peterc@quokka.chubb.wattle.id.au> <20060901092636.E4921@fledge.watson.org> <87hczsasl5.wl%peterc@quokka.chubb.wattle.id.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: marcel@FreeBSD.org, ia64@FreeBSD.org, ppc@FreeBSD.org Subject: Re: IA64, PPC system call path audit patches X-BeenThere: freebsd-ia64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the IA-64 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2006 09:03:06 -0000 On Fri, 1 Sep 2006, Peter Chubb wrote: >>>>>> "Robert" == Robert Watson writes: > > Robert> On Fri, 1 Sep 2006, Peter Chubb wrote: > >>> You've only caught the IA64 slow path system call entries. The >>> fast path is highly optimised assembly language inside >>> arch/ia64/kernel/fsys.S, that avoids doing a trap at all. >>> >>> With a modern libc, syscall_via_break is only called for a very few >>> system calls. > > Robert> Hmm. I'm confused by the above comment -- I'm catching system > Robert> calls on the kernel side of the system call invocation around > Robert> the system call, not on the libc side. I only see two system > Robert> call demux points in the src/sys/ia64 tree: > > Sure. Original libcs call the system call using break 0x10000, which ends > up in the code you saw. Recent libcs call via a gate page with an epc > (execute privileged code) instruction that vectors direcgtly to the syscall > implementation. > > Robert> ./ia32/ia32_trap.c: error = (*callp->sy_call)(td, args64); > Robert> ./ia64/trap.c: error = (*callp->sy_call)(td, args); > > Take a look in gate.S, symbol _kernel_syscall_via_epc > > There's assembly language there that loads the function descriptor from the > table and branches to it. THere are two kinds of system call > implementations: fast (implemented directly in assembly language in fsys.S) > and slow (the code in fsys.S `bubbles down' into kernel space and then > invokes the syscall directly. As I read the epc_syscall code, it still passes through the kernel syscall() function, which is instrumented in the patch. Are you sure that the code does what you describe? My ia64 assembly reading skills are weak to non-existent, but the final branch in epc_syscall does seem to be to the C language syscall path. Robert N M Watson Computer Laboratory University of Cambridge