Syscalls and RSE
Christian Kandeler
christian.kandeler at hob.de
Thu Jun 21 09:58:58 UTC 2007
Hi,
I think I have spotted a problem with the Backing Store switch for syscalls.
In epc_syscall, no flushrs is done; instead, the number of dirty registers is
saved. But isn't it necessary in this case to restore the RNAT register after
setting the new BspStore?
Imagine the case where we enter the syscall with BSP > BspStore and the
location of a NaT collection in between. In such a case a subsequent RSE
store in the kernel will write a partly undefined value to the next NaT
collection address in the kernel backing store. This value will later be
copied to the user space backing store by ia64_flush_dirty(), which also
increases the saved user space BspStore by the number of dirty registers. As
a consequence, when the user space BspStore is restored in
epc_syscall_return, BspLoad will point to a location above the invalid NaT
collection, which will subsequently be restored by RSE loads in user space
and potentially contaminate stacked registers with NaT bits (or erroneously
remove NaT bits from registers that should have them, depending on which bits
of the "undefined" value are 1).
Regards,
Christian Kandeler
More information about the freebsd-ia64
mailing list