IA64, PPC system call path audit patches

Peter Chubb peterc at gelato.unsw.edu.au
Fri Sep 1 10:02:56 UTC 2006 

>>>>> "Robert" == Robert Watson <rwatson at FreeBSD.org> writes:

Robert> On Fri, 1 Sep 2006, Peter Chubb wrote:

>>>>>>> "Robert" == Robert Watson <rwatson at FreeBSD.org> writes:
>>
Robert> On Fri, 1 Sep 2006, Peter Chubb wrote:
>>
>>>> You've only caught the IA64 slow path system call entries.  The
>>>> fast path is highly optimised assembly language inside
>>>> arch/ia64/kernel/fsys.S, that avoids doing a trap at all.
>>>> 
>>>> With a modern libc, syscall_via_break is only called for a very
>>>> few system calls.
>>
Robert> Hmm.  I'm confused by the above comment -- I'm catching system
Robert> calls on the kernel side of the system call invocation around
Robert> the system call, not on the libc side.  I only see two system
Robert> call demux points in the src/sys/ia64 tree:
>>  Sure.  Original libcs call the system call using break 0x10000,
>> which ends up in the code you saw.  Recent libcs call via a gate
>> page with an epc (execute privileged code) instruction that vectors
>> direcgtly to the syscall implementation.
>> 
Robert> ./ia32/ia32_trap.c: error = (*callp->sy_call)(td, args64);
Robert> ./ia64/trap.c: error = (*callp->sy_call)(td, args);
>>  Take a look in gate.S, symbol _kernel_syscall_via_epc
>> 
>> There's assembly language there that loads the function descriptor
>> from the table and branches to it.  THere are two kinds of system
>> call implementations: fast (implemented directly in assembly
>> language in fsys.S) and slow (the code in fsys.S `bubbles down'
>> into kernel space and then invokes the syscall directly.

Robert> As I read the epc_syscall code, it still passes through the
Robert> kernel syscall() function, which is instrumented in the patch.
Robert> Are you sure that the code does what you describe?  My ia64
Robert> assembly reading skills are weak to non-existent, but the
Robert> final branch in epc_syscall does seem to be to the C language
Robert> syscall path.

AAArrrrgg.  Sorry, I'm looking at Linux source (where the syscall path
is a *lot* more streamlined than the FreeBSD source).

My bad,  I'll go away and hide in a corner.

Peter C

More information about the freebsd-ppc mailing list