Lines Matching +full:user +full:- +full:level
2 Light-weight System Calls for IA-64
5 Started: 13-Jan-2003
7 Last update: 27-Sep-2003
9 David Mosberger-Tang
14 "fsys-mode". To recap, the normal states of execution are:
16 - kernel mode:
18 switched over to kernel memory. The user-level state is saved
19 in a pt-regs structure at the top of the kernel memory stack.
21 - user mode:
23 user memory. The user-level state is contained in the
26 - bank 0 interruption-handling mode:
27 This is the non-interruptible state which all
28 interruption-handlers start execution in. The user-level
30 be stored in bank 0 of registers r16-r31.
32 In contrast, fsys-mode has the following special properties:
34 - execution is at privilege level 0 (most-privileged)
36 - CPU registers may contain a mixture of user-level and kernel-level
38 security-sensitive kernel-level state is leaked back to
39 user-level)
41 - execution is interruptible and preemptible (an fsys-mode handler
42 can disable interrupts and avoid all other interruption-sources
45 - neither the memory-stack nor the register-stack can be trusted while
46 in fsys-mode (they point to the user-level stacks, which may
49 In summary, fsys-mode is much more similar to running in user-mode
50 than it is to running in kernel-mode. Of course, given that the
51 privilege level is at level 0, this means that fsys-mode requires some
55 How to tell fsys-mode
58 Linux operates in fsys-mode when (a) the privilege level is 0 (most
60 yet. For convenience, the header file <asm-ia64/ptrace.h> provides
70 to by "regs" was executing in user mode (privilege level 3).
72 executing on the user-level stack(s). Finally, fsys_mode() returns
73 TRUE if the CPU state pointed to by "regs" was executing in fsys-mode.
81 The file arch/ia64/kernel/fsys.S contains a table of fsyscall-handlers
85 normal Linux system call handler. For performance-critical system
86 calls, it is possible to write a hand-tuned fsyscall_handler. For
87 example, fsys.S contains fsys_getpid(), which is a hand-tuned version
90 The entry and exit-state of an fsyscall handler is as follows:
93 ------------------------------------------
97 r11 saved ar.pfs (a user-level value)
99 r16 "current" task pointer (in normal kernel-mode, this is in r13)
100 r32-r39 system call arguments
101 b6 return address (a user-level value)
102 ar.pfs previous frame-state (a user-level value)
103 PSR.be cleared to zero (i.e., little-endian byte order is in effect)
104 - all other registers may contain values passed in from user-mode
108 --------------------------------------------------
113 r32-r39 system call arguments (as passed into the fsyscall handler)
115 ar.pfs previous frame-state (as passed into the fsyscall handler)
121 * Fsyscall-handlers MUST check for any pending work in the flags
122 member of the thread-info structure and if any of the
126 * Fsyscall-handlers MUST preserve incoming arguments (r32-r39, r11,
131 * Fsyscall-handlers MUST check argument registers for containing a
133 NaT-consumption fault. If a system call argument is found to
134 contain a NaT value, an fsyscall-handler may return immediately
135 with r8=EINVAL, r10=-1.
137 * Fsyscall-handlers MUST NOT use the "alloc" instruction or perform
139 (register-stack engine) traffic.
141 * Fsyscall-handlers MUST NOT write to any stacked registers because
142 it is not safe to assume that user-level called a handler with the
145 * Fsyscall-handlers need to be careful when accessing per-CPU variables:
146 unless proper safe-guards are taken (e.g., interruptions are avoided),
147 execution may be pre-empted and resumed on another CPU at any given
150 * Fsyscall-handlers must be careful not to leak sensitive kernel'
151 information back to user-level. In particular, before returning to
152 user-level, care needs to be taken to clear any scratch registers
157 * Fsyscall-handlers MUST NOT access user-memory without first
158 validating access-permission (this can be done typically via
165 higher overhead. For example, if an fsyscall-handler could benefit
176 The delivery of (asynchronous) signals must be delayed until fsys-mode
177 is exited. This is accomplished with the help of the lower-privilege
179 checks whether the interrupted task was in fsys-mode and, if so, sets
180 PSR.lp and returns immediately. When fsys-mode is exited via the
181 "br.ret" instruction that lowers the privilege level, a trap will
195 PSR.be Cleared when entering fsys-mode. A srlz.d instruction is used
196 to ensure the CPU is in little-endian mode before the first
198 restored upon return from an fsys-mode handler. In other
199 words, user-level code must not rely on PSR.be being preserved
203 PSR.mfl Unchanged. Note: fsys-mode handlers must not write-registers!
204 PSR.mfh Unchanged. Note: fsys-mode handlers must not write-registers!
205 PSR.ic Unchanged. Note: fsys-mode handlers can clear the bit, if needed.
206 PSR.i Unchanged. Note: fsys-mode handlers can clear the bit, if needed.
209 PSR.dfl Unchanged. Note: fsys-mode handlers must not write-registers!
210 PSR.dfh Unchanged. Note: fsys-mode handlers must not write-registers!
215 PSR.db Unchanged. The kernel prevents user-level from setting a hardware
216 breakpoint that triggers at any privilege level other than
217 3 (user-mode).
219 PSR.tb Lazy redirect. If a taken-branch trap occurs while in
220 fsys-mode, the trap-handler modifies the saved machine state
222 syscall_via_break(), with privilege level 3. Note: the
224 fsyscall-handler, at which point, by definition, a syscall
226 the fsys-mode handler will return directly to user-level. This
227 return will trigger a taken-branch trap, but since the trap is
228 taken _after_ restoring the privilege level, the CPU has already
229 left fsys-mode, so no special treatment is needed.
241 syscall_via_break(), with privilege level 3.
243 PSR.ed Unchanged. Note: This bit could only have an effect if an fsys-mode
247 PSR.bn Unchanged. Note: fsys-mode handlers may clear the bit, if needed.
258 -- example fgettimeofday() call --
260 -- fgettimeofday.S --
289 -- end fgettimeofday.S --
292 values passed via the ELF auxiliary vector (include/asm-ia64/elf.h)
297 The ELF DSO is a pre-linked library that is mapped in by the kernel at