Change Details

``` commit c0822c1ea80eb0c99234f2fe3451bf270d472c96 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 02:14:02 2022 +0300 fork_exit(): style comment Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit 58958eb5e96d027e00fb5f577e27a10810a025b1 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:47:11 2022 +0300 x86: improve machdep.uprintf_signal Print %eax/%rax. Use better format strings, like %#x. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit e89698511ccce7db25690c54caa95727420faf32 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:46:13 2022 +0300 x86: print trap name in addition of trap number for the "trap with interrupts disabled" warning. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit b4ec0ee345c775163cee84ee84c2e10b67b3897f Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:16:09 2022 +0300 i386: print all GPRs, PSL, and CR3 on double fault Also compactify the printfs, and remove comment about 'two prints'. Their arguments are on same page, so one fault implies another. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit 2b4e82b0187a413d72cbe90b7d889ce323f44ad1 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 08:56:45 2022 +0300 i386: simplify flow control in irettraps It is enough to have only one 'call calltrap' locally. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit 13e7cee69694046ae614e20eb2fc50e04946b3c7 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:07:29 2022 +0300 i386 doreti: stop saving/restoring %ecx around calls into C There is no reason to do this. Instead just calculate it later. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit aa74cc08863ff0c551999294706e6709d6ddfe08 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Fri Aug 19 04:26:37 2022 +0300 i386: do not allow userspace to set tf_trapno on sigreturn(2) tf_trapno is checked on return from interrupt/exception to determine if special handling is needed for switching address space. This is due to the possibility of NMI/MCHK/DBG to occur at arbitrary place in kernel, where both address space and stack used could be transient. Kernel saves current %cr3 in tf_err for such events, to restore on return. If user is able to set tf_trapno, it can trigger that special handling, and since tf_err is also user-controlled by sigreturn(2), the result is undefined. PR: 265889 Reported by: lwhsu Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit 2db1f6eeabef869977e0727573a94a2c298323b0 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 04:20:28 2022 +0300 irettraps: i386 does not push %ss/%esp when exception does not switch rings Which means that we must not copy top 8 bytes from the trampoline stack for the exception frame to the regular thread kstack. As consequence, this stops corruption of the pcb. The visible effect was often a broken fork(2) on the CPU where corruption occured. Account for the detail by substracting 8 from the copy byte count when moving exception frames from trampoline to the regular stack. [irettraps handles segmentation/stack/protection faults which could occur on the doreti path, where we might already switched stack and address space] Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: commit 341ac4004108cd63487be25fd9a8cb50ea8c5b86 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Tue Aug 9 03:56:54 2022 +0300 i386 copyout_fast: improve detection of a fault on accessing userspace Do not blindly account a page fault occuring on the trampoline area, as the userspace access fault. Check that it occured exactly in the instruction that does that. This avoids unneeded switches of address space on faults not needing the switch, effectively converting machine resets due to tripple faults, into regular panics. Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: ```

``` commit 57b1254317cd498d24ea3098a21c17f5d8da5476 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 02:14:02 2022 +0300 fork_exit(): style comment Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 8087742a59d1b780687ff5ca95efca57d1fd96da Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:47:11 2022 +0300 x86: improve machdep.uprintf_signal Print %eax/%rax. Use better format strings, like %#x. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 988d245b2ba96635eae0c2d3bb0c2c56c66b2940 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:46:13 2022 +0300 x86: print trap name in addition of trap number for the "trap with interrupts disabled" warning. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 7db6274e3c971621a6a842292fa5a8deffcabe78 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:16:09 2022 +0300 i386: print all GPRs, PSL, and CR3 on double fault Also compactify the printfs, and remove comment about 'two prints'. Their arguments are on same page, so one fault implies another. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 7c074ea047f46f510a30f38be37e33bf56486d41 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 08:56:45 2022 +0300 i386: simplify flow control in irettraps It is enough to have only one 'call calltrap' locally. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit b081fe789db2867fd0f50eb756fb559da2aa3082 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:07:29 2022 +0300 i386 doreti: stop saving/restoring %ecx around calls into C There is no reason to do this. Instead just calculate it later. Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit c52767a786275985ba883fa62624db2fa5f54e93 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Fri Aug 19 04:26:37 2022 +0300 i386: do not allow userspace to set tf_trapno on sigreturn(2) tf_trapno is checked on return from interrupt/exception to determine if special handling is needed for switching address space. This is due to the possibility of NMI/MCHK/DBG to occur at arbitrary place in kernel, where both address space and stack used could be transient. Kernel saves current %cr3 in tf_err for such events, to restore on return. If user is able to set tf_trapno, it can trigger that special handling, and since tf_err is also user-controlled by sigreturn(2), the result is undefined. PR: 265889 Reported by: lwhsu Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 555094d533abed9bed6036876d7661d2772056c2 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 04:20:28 2022 +0300 irettraps: i386 does not push %ss/%esp when exception does not switch rings Which means that we must not copy top 8 bytes from the trampoline stack for the exception frame to the regular thread kstack. As consequence, this stops corruption of the pcb. The visible effect was often a broken fork(2) on the CPU where corruption occured. Account for the detail by substracting 8 from the copy byte count when moving exception frames from trampoline to the regular stack. [irettraps handles segmentation/stack/protection faults which could occur on the doreti path, where we might already switched stack and address space] Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 08950e45cc059ec64bcd64e21cb1b569b641c72d Author: Konstantin Belousov <kib@FreeBSD.org> Date: Tue Aug 9 03:56:54 2022 +0300 i386 copyout_fast: improve detection of a fault on accessing userspace Do not blindly account a page fault occuring on the trampoline area, as the userspace access fault. Check that it occured exactly in the instruction that does that. This avoids unneeded switches of address space on faults not needing the switch, effectively converting machine resets due to tripple faults, into regular panics. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 ```

``` commit c0822c1ea80eb0c99234f2fe3451bf270d472c9657b1254317cd498d24ea3098a21c17f5d8da5476 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 02:14:02 2022 +0300 fork_exit(): style comment Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 58958eb5e96d027e00fb5f577e27a10810a025b18087742a59d1b780687ff5ca95efca57d1fd96da Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:47:11 2022 +0300 x86: improve machdep.uprintf_signal Print %eax/%rax. Use better format strings, like %#x. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit e89698511ccce7db25690c54caa95727420faf32988d245b2ba96635eae0c2d3bb0c2c56c66b2940 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Sun Aug 21 04:46:13 2022 +0300 x86: print trap name in addition of trap number for the "trap with interrupts disabled" warning. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit b4ec0ee345c775163cee84ee84c2e10b67b3897f7db6274e3c971621a6a842292fa5a8deffcabe78 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:16:09 2022 +0300 i386: print all GPRs, PSL, and CR3 on double fault Also compactify the printfs, and remove comment about 'two prints'. Their arguments are on same page, so one fault implies another. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 2b4e82b0187a413d72cbe90b7d889ce323f44ad17c074ea047f46f510a30f38be37e33bf56486d41 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 08:56:45 2022 +0300 i386: simplify flow control in irettraps It is enough to have only one 'call calltrap' locally. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 13e7cee69694046ae614e20eb2fc50e04946b3c7b081fe789db2867fd0f50eb756fb559da2aa3082 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Thu Aug 18 07:07:29 2022 +0300 i386 doreti: stop saving/restoring %ecx around calls into C There is no reason to do this. Instead just calculate it later. TesReported by: and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit aa74cc08863ff0c551999294706e6709d6ddfe08c52767a786275985ba883fa62624db2fa5f54e93 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Fri Aug 19 04:26:37 2022 +0300 i386: do not allow userspace to set tf_trapno on sigreturn(2) tf_trapno is checked on return from interrupt/exception to determine if special handling is needed for switching address space. This is due to the possibility of NMI/MCHK/DBG to occur at arbitrary place in kernel, where both address space and stack used could be transient. Kernel saves current %cr3 in tf_err for such events, to restore on return. If user is able to set tf_trapno, it can trigger that special handling, and since tf_err is also user-controlled by sigreturn(2), the result is undefined. PR: 265889 Reported by: lwhsu Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 2db1f6eeabef869977e0727573a94a2c298323b0555094d533abed9bed6036876d7661d2772056c2 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Aug 22 04:20:28 2022 +0300 irettraps: i386 does not push %ss/%esp when exception does not switch rings Which means that we must not copy top 8 bytes from the trampoline stack for the exception frame to the regular thread kstack. As consequence, this stops corruption of the pcb. The visible effect was often a broken fork(2) on the CPU where corruption occured. Account for the detail by substracting 8 from the copy byte count when moving exception frames from trampoline to the regular stack. [irettraps handles segmentation/stack/protection faults which could occur on the doreti path, where we might already switched stack and address space] Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 commit 341ac4004108cd63487be25fd9a8cb50ea8c5b8608950e45cc059ec64bcd64e21cb1b569b641c72d Author: Konstantin Belousov <kib@FreeBSD.org> Date: Tue Aug 9 03:56:54 2022 +0300 i386 copyout_fast: improve detection of a fault on accessing userspace Do not blindly account a page fault occuring on the trampoline area, as the userspace access fault. Check that it occured exactly in the instruction that does that. This avoids unneeded switches of address space on faults not needing the switch, effectively converting machine resets due to tripple faults, into regular panics. Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D36302 ```