Date: Sun, 1 Jun 2003 15:10:51 -0700 From: Marcel Moolenaar <marcel@xcllnt.net> To: threads@FreeBSD.org Subject: libthr: ia64 port: trapframe issue Message-ID: <20030601221051.GA975@athlon.pn.xcllnt.net>
next in thread | raw e-mail | index | archive | help
Gang, After implementing cpu_thread_setup() as Mike pointed out I hit upon another snafu. In kern_thr.c:thr_create() we copy the trapframe over from the currently running thread (td) to the newly created thread (td0). This however cannot be done on ia64: On ia64 we can have a nested fault when trying to contruct a trapframe. A nested fault is icky, because the CPU does not save any state (it would otherwise clobber the state of the original trap/interrupt). This also means that we have to know exactly what can cause a nested fault so that we know what the faulting address is and where we have to jump to when we inserted a TLB. This means that we have to make sure that a trapframe does not cross a page boundary, because otherwise we can have a nested fault any place we write into the trapframe. To solve this, we align the trapframe on a 1KB boundary. Now the crux: if we align the trapframe, we don't know how much the delta is from the previous stack pointer to the bottom of the trapframe and hence the new stack pointer. This itself is not really a problem, but we need to know this delta if we want to restore the stack pointer to the value it had prior to the trap (we're talking kernel stack pointer). Therefore, we save the length of the trapframe (ie the delta) in the trapframe itself. By copying trapframes, we also copy the length of the trapframe, which is generally bad. The new trapframe is not 1KB aligned (we know up front it will be contained in a single page) and thus will have a fixed length (sizeof(struct trapframe)). However the trapframe we copy from has been 1KB aligned and is generally larger than sizeof(trapframe). Anyway: the end result is that if we enter userland with a thread created by thr_create, we clobber our PCB because we incorrectly updated the stack pointer. The following solutions exist: 1. quick and dirty: ------------------- We know that the new trapframe is sizeof(struct trapframe) long, so we simply correct the length after copying: Index: kern_thr.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_thr.c,v retrieving revision 1.8 diff -u -r1.8 kern_thr.c --- kern_thr.c 16 May 2003 21:26:42 -0000 1.8 +++ kern_thr.c 1 Jun 2003 22:02:46 -0000 @@ -157,6 +157,9 @@ td0->td_sigmask = td->td_sigmask; PROC_UNLOCK(td->td_proc); bcopy(td->td_frame, td0->td_frame, sizeof(struct trapframe)); +#ifdef __ia64__ + td0->td_frame->tf_length = sizeof(struct trapframe); +#endif td0->td_ucred = crhold(td->td_ucred); /* Initialize our kse structure. */ 2. cpu__set_upcall() change: ---------------------------- We have all the MD specifics in cpu_set_upcall, so we move the copying of the trapframe to cpu_set_upcall(). This means we need to change its prototype to either void cpu_set_upcall(struct thread *new, struct thread *old) or void cpu_set_upcall(struct thread *new, struct pcb *pcb, struct trapframe *tf) I don't know if we can simply remove the copying of the trapframe and have it happen after crhold() and kse_alloc() or that we need to move the call to cpu_set_upcall() up to before kse_alloc() and/or crhold(). In other words: I don't know if we have a phase ordering problem if we delay copying the trapframe until we call cpu_set_upcall() Thought? -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030601221051.GA975>