Why is this check is needed ? I did not repeated the note for all occurrences, but IMO UCR3 check is enough.

Perhaps calculate the result in %r8 and remove the instructions at lines 224 and 225 ?

I think this should be commented about. It relies on some assumptions that might be not true in the final version.

This is quite strange code. I expect it is needed for !PCID case as well. Also note that pmap_activate() may be called when interrupts are not disabled. I suspect that you have to move rsp0 recalculation back to cpu_swtch.s.

Move local vars declaration into the block at the function start, per style(9).

This code can be executing with interrupts enabled. The inconsistent pc_ucr3 vs. tss.rsp0 can be fatal, I believe.

I suspect a solution is to always disable interrupts around all calls to pmap_activate.

Perhaps I'm mistaken, but I thought that tss.rsp0 only came into play when we're transitioned from the kernel to user land. Namely even if we get an interrupt in the kernel when pc_ucr3 and tss.rsp0 are inconsistent that's okay. They need to be consistent when we exit CPL0. That may happen either via a return from fast_syscall() after leaving this function or if we happen to get interrupted and context switched via cpu_switch() at a later time -- where another attempt at getting pc_ucr3 and tss.rsp0 consistent is made.

Ok.

But still, pmap_activate_sw() is about managing pmap, and not the other state. It is unnatural to have the state management not related to MMU, there. One option is to move rs0 recalculation into doreti, but then it would occur sometimes unnecessary.

Another thing that can be usefully improved, I believe, is to store top of the stack in PCPU pti_stack, instead of the bottom. Then one addition can be saved.

Indeed storing the top of the PTI stack in PCPU would save an add. I'll do that and update the diff.

Now what to do about the TSS manipulation in pmap_activate_sw() is a little more confounding. It could be done in doreti() but there it will add overhead unnecessarily in most cases.

pmap_activate_sw() does seems a bit unnatural as it is not directly an MMU register nor a pmap data structure. Arguably though it is a reasonable place because if the pmap wasn't changing then the TSS rsp wouldn't need to be adjusted so from a code flow perspective it makes sense.

I'd favor performance over semantics. Let me see if I can find a more suitable location for this snippet. Unless you have further suggestions!

I think it would be more useful to save the user %cr3 into pc_saved_ucr3 always, regardless of the PTI state for the current process. If a mistake was done and user process executed with the wrong page tables, then the condition in trap_pfault() needs to have the actual cr3 value.

If you move this check right after <name>_pti_doreti and do the direct jump to X<name>, you can save two useless swapgs'es.

Is this check still needed ?

Ok, let is stay as is.