VM_MAXUSER_ADDRESS + 1 ?

Ditto

Why clrex?

Hm, no. Note that I compare VM_MAXUSER_ADDRESS with the address which is accessed, not the one past of the buffer end address, which is done when the whole buffer length is validated in advance, like in copyin and copyout.

copyinstr cannot validate the maxlength buffer, because e.g. exec_copyout_strings() is somewhat relaxed on the maxlength usage.

Because in the case when old value is not equal to the *base value, we branch out of the loop,with monitor still armed. I think that it is good programming practice to clean after itself. Might be, clearing the monitor would even turn off some unneccessary CPU blocks.

If the old and *base values are equal, the monitor is unarmed by strex.

(Here and more times bellow)
Use RETc(cs). Direct access to PC is deprecated for ARMv6+, See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0473j/dom1361289878994.html

Sorry for noise, my bad.

It is, of course only minor detail. On ARM, usage of STREX without corresponding LDREX with same address results to UNDEFINED behavior. CLREX doesn't change nothing on this. CLREX, imo, is designed for usage in CPU context switch.

When does this label get used?

This doesn't look correct, shouldn't it be ldmfdeq? i.e. only load when equal. Alternatively you could use the ip register (r12) above as it's callee saved, then keep the stmfd below the DIAGNOSTIC section..

This looks wrong. Either the ne was incorrectly removed, or the mov is unneeded, and you can use r5 in the store below.

It leaked from the intermediate version, removed.

I cannot keep pcb pointer in r12, since fault would jump through trap() and register would be corrupted. Due to this, I think it is simpler to just use ldmfdeq there.

I do not follow. Could you, please, explain a possible execution path where I do clrex without ldrex, or ldrex/strex/clrex sequence ?

mov is not needed, it was just wrong.

It is a long story, and im not able to explain it here clearly here. But I'm ready to discuss this by mail, if you want it and if it allows my english.

Use mail. I surely find email more convenient than the web gui.

Ok, there is probably no need to move the mov instruction then.

Was the clrex staying or not?

There were no discussion in mail, and I still do not see why clearing monitor after the ldrex which is not paired with strex is wrong.

As best as I can tell the clrex is unneeded. The ARM sample code in D7.3.1 of the ARM ARM is similar, other than it uses a fixed value to compare against. ARM doesn't use a clrex in this code.

Without the clrex we can remove two branch instructions, so the code would be:

ldrex   r4, [r0]
cmp     r4, r1
strexeq r5, r3, [r0]
cmpeq   r5, #1
beq     1b
str     r4, [r2]