diff options
author | kib <kib@FreeBSD.org> | 2014-11-18 12:53:32 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2014-11-18 12:53:32 +0000 |
commit | e4b2ee7e2b8167b0254356fea784913422730087 (patch) | |
tree | 90629f2d3f2351fa1eca5e7a9a55006c51a375a9 /sys/amd64 | |
parent | 96205db8c06612ea266eacb9d710b26e6ec5d225 (diff) | |
download | FreeBSD-src-e4b2ee7e2b8167b0254356fea784913422730087.zip FreeBSD-src-e4b2ee7e2b8167b0254356fea784913422730087.tar.gz |
Merge the fueword(9) and casueword(9). In particular,
MFC r273783:
Add fueword(9) and casueword(9) functions.
MFC note: ia64 is handled like arm, with NO_FUEWORD define.
MFC r273784:
Replace some calls to fuword() by fueword() with proper error checking.
MFC r273785:
Convert kern_umtx.c to use fueword() and casueword().
MFC note: the sys__umtx_lock and sys__umtx_unlock syscalls are not
converted, they are removed from HEAD, and not used. The do_sem2*()
family is not yet merged to stable/10, corresponding chunk will be
merged after do_sem2* are committed.
MFC r273788 (by jkim):
Actually install casuword(9) to fix build.
MFC r273911:
Add type qualifier volatile to the base (userspace) address argument
of fuword(9) and suword(9).
Diffstat (limited to 'sys/amd64')
-rw-r--r-- | sys/amd64/amd64/support.S | 77 | ||||
-rw-r--r-- | sys/amd64/ia32/ia32_syscall.c | 12 |
2 files changed, 54 insertions, 35 deletions
diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S index 4897367..50e653d 100644 --- a/sys/amd64/amd64/support.S +++ b/sys/amd64/amd64/support.S @@ -312,12 +312,13 @@ copyin_fault: END(copyin) /* - * casuword32. Compare and set user integer. Returns -1 or the current value. - * dst = %rdi, old = %rsi, new = %rdx + * casueword32. Compare and set user integer. Returns -1 on fault, + * 0 if access was successful. Old value is written to *oldp. + * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx */ -ENTRY(casuword32) - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) +ENTRY(casueword32) + movq PCPU(CURPCB),%r8 + movq $fusufault,PCB_ONFAULT(%r8) movq $VM_MAXUSER_ADDRESS-4,%rax cmpq %rax,%rdi /* verify address is valid */ @@ -327,26 +328,34 @@ ENTRY(casuword32) #ifdef SMP lock #endif - cmpxchgl %edx,(%rdi) /* new = %edx */ + cmpxchgl %ecx,(%rdi) /* new = %ecx */ /* * The old value is in %eax. If the store succeeded it will be the * value we expected (old) from before the store, otherwise it will - * be the current value. + * be the current value. Save %eax into %esi to prepare the return + * value. */ + movl %eax,%esi + xorl %eax,%eax + movq %rax,PCB_ONFAULT(%r8) - movq PCPU(CURPCB),%rcx - movq $0,PCB_ONFAULT(%rcx) + /* + * Access the oldp after the pcb_onfault is cleared, to correctly + * catch corrupted pointer. + */ + movl %esi,(%rdx) /* oldp = %rdx */ ret -END(casuword32) +END(casueword32) /* - * casuword. Compare and set user word. Returns -1 or the current value. - * dst = %rdi, old = %rsi, new = %rdx + * casueword. Compare and set user long. Returns -1 on fault, + * 0 if access was successful. Old value is written to *oldp. + * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx */ -ENTRY(casuword) - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) +ENTRY(casueword) + movq PCPU(CURPCB),%r8 + movq $fusufault,PCB_ONFAULT(%r8) movq $VM_MAXUSER_ADDRESS-4,%rax cmpq %rax,%rdi /* verify address is valid */ @@ -356,28 +365,28 @@ ENTRY(casuword) #ifdef SMP lock #endif - cmpxchgq %rdx,(%rdi) /* new = %rdx */ + cmpxchgq %rcx,(%rdi) /* new = %rcx */ /* - * The old value is in %eax. If the store succeeded it will be the + * The old value is in %rax. If the store succeeded it will be the * value we expected (old) from before the store, otherwise it will * be the current value. */ - - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) - movq $0,PCB_ONFAULT(%rcx) + movq %rax,%rsi + xorl %eax,%eax + movq %rax,PCB_ONFAULT(%r8) + movq %rsi,(%rdx) ret -END(casuword) +END(casueword) /* * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit - * byte from user memory. All these functions are MPSAFE. - * addr = %rdi + * byte from user memory. + * addr = %rdi, valp = %rsi */ -ALTENTRY(fuword64) -ENTRY(fuword) +ALTENTRY(fueword64) +ENTRY(fueword) movq PCPU(CURPCB),%rcx movq $fusufault,PCB_ONFAULT(%rcx) @@ -385,13 +394,15 @@ ENTRY(fuword) cmpq %rax,%rdi /* verify address is valid */ ja fusufault - movq (%rdi),%rax - movq $0,PCB_ONFAULT(%rcx) + xorl %eax,%eax + movq (%rdi),%r11 + movq %rax,PCB_ONFAULT(%rcx) + movq %r11,(%rsi) ret END(fuword64) END(fuword) -ENTRY(fuword32) +ENTRY(fueword32) movq PCPU(CURPCB),%rcx movq $fusufault,PCB_ONFAULT(%rcx) @@ -399,10 +410,12 @@ ENTRY(fuword32) cmpq %rax,%rdi /* verify address is valid */ ja fusufault - movl (%rdi),%eax - movq $0,PCB_ONFAULT(%rcx) + xorl %eax,%eax + movl (%rdi),%r11d + movq %rax,PCB_ONFAULT(%rcx) + movl %r11d,(%rsi) ret -END(fuword32) +END(fueword32) /* * fuswintr() and suswintr() are specialized variants of fuword16() and diff --git a/sys/amd64/ia32/ia32_syscall.c b/sys/amd64/ia32/ia32_syscall.c index 0cdec6f..92249f9 100644 --- a/sys/amd64/ia32/ia32_syscall.c +++ b/sys/amd64/ia32/ia32_syscall.c @@ -110,7 +110,7 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) struct proc *p; struct trapframe *frame; caddr_t params; - u_int32_t args[8]; + u_int32_t args[8], tmp; int error, i; p = td->td_proc; @@ -126,7 +126,10 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) /* * Code is first argument, followed by actual args. */ - sa->code = fuword32(params); + error = fueword32(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(int); } else if (sa->code == SYS___syscall) { /* @@ -135,7 +138,10 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) * We use a 32-bit fetch in case params is not * aligned. */ - sa->code = fuword32(params); + error = fueword32(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(quad_t); } if (p->p_sysent->sv_mask) |