Date: Mon, 22 Aug 2016 13:04:56 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Bruce Evans <brde@optusnet.com.au> Cc: Slawa Olhovchenkov <slw@zxy.spb.ru>, Ed Schouten <ed@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r304555 - head/sys/compat/cloudabi Message-ID: <20160822100456.GA83214@kib.kiev.ua> In-Reply-To: <20160822184056.M1897@besplex.bde.org> References: <20160821105207.GS22212@zxy.spb.ru> <20160821210751.J2219@besplex.bde.org> <20160821120016.GZ8192@zxy.spb.ru> <20160821223255.K2478@besplex.bde.org> <20160821131447.GA8192@zxy.spb.ru> <20160821232721.G2639@besplex.bde.org> <20160821135826.GB8192@zxy.spb.ru> <20160822022832.Q3214@besplex.bde.org> <20160821170611.GC8192@zxy.spb.ru> <20160822184056.M1897@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 22, 2016 at 06:55:58PM +1000, Bruce Evans wrote: > No. PSL_AC is ignored in kernel mode. Not quite. On recent processors there is a feature called SMAP. If enabled, user mode pages accesses from kernel mode require eflags.ac set to 1. If EFLAGS.AC == 0, usermode access causes #PF with protection violation AFAIR. > Not quite that short. i386 has the 1-byte cli instruction for conveniently > setting the interrupt enable flag, but setting PSL_AC seems to take at > least 3 instructions and 6-7 bytes (pushf; orb $N,$M(%[re][bs]p); popf). In ring 0, when SMAP is present, there are two new instructions STAC (set AC) and CLAC (clear AC). From the manual, the instructions are not available in ring 3 for convenient manipulation of EFLAGS.AC. But I think that the original question was about accesses which cause #AC and not about instructions which manipulate EFLAGS.AC. The description of #AC in SDM contains all relevant details. In short, or userspace accesses must be naturally aligned, otherwise #AC is triggered. I used to have trivial LD_PRELOAD-able dso which just set EFLAGS.AC, but it is not much useful exactly because x86 compilers systematically generate unaligned accesses. Typed languages runtimes sometimes use a witty trick with AC to get tag checking for free. If you assign e.g. a tag 0x7 to pointers, i.e. store tag 0x7 in three low bits of the pointer representation, then load instruction would be movq -0x7(%rdx), %rax and you get the #AC fault in case of any other tag. Quite nifty and gives zero runtime cost for basic dynamic type checking.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160822100456.GA83214>