git: kernel - Intel user/kernel separation MMU bug fix part 3/3

Matthew Dillon dillon at
Fri Jan 5 10:23:27 PST 2018

commit 9e24b495eaee8a56a5a8a8a2c8bd5a6fdcd1f722
Author: Matthew Dillon <dillon at>
Date:   Fri Jan 5 00:47:46 2018 -0800

    kernel - Intel user/kernel separation MMU bug fix part 3/3
    * Implement the isolated pmap template, iso_pmap.  The pmap code will
      generate a dummy iso_pmap containing only the kernel mappings required
      for userland to be able to transition into the kernel and vise-versa.
      The mappings needed are:
      (1) The per-cpu trampoline area for our stack (rsp0)
      (2) The global descriptor table (gdt) for all cpus
      (3) The interrupt descriptor table (idt) for all cpus
      (4) The TSS block for all cpus (we store this in the trampoline page)
      (5) Kernel code addresses for the interrupt vector entry and exit
    * In this implementation the 'kernel code' addresses are currently just
      btext to etext.  That is, the kernel's primary text area.  Kernel
      data and bss are not part of the isolation map.
      TODO - just put the vector entry and exit points in the map, and
      not the entire kernel.
    * System call performance is reduced when isolation is turned on.
      100ns -> 350ns or so.  However, typical workloads should not lose
      more than 5% performance or so.  System-call heavy and interrupt-heavy
      workloads (network, database, high-speed storage, etc) can lose a lot
      more performance.
      We leave the trampoline code in-place whether isolation is turned on
      or not.  The trampoline overhead, without isolation, is only 5nS or so.
    * Fix a missing exec-related trampoline initialization.
    * Clean-up kernel page table PTEs a bit. PG_M is ignored on non-terminal
      PTEs, so don't set it.  Also don't set PG_U in non-terminal kernel
      page table pages (PG_U is never set on terminal PTEs so this wasn't
      a problem, but we should be correct).
    * Fix a bug in fast_syscall's trampoline stack.  The wrong stack
      pointer was being loaded.
    * Move mdglobaldata->gd_common_tss to privatespace->common_tss.
      Place common_tss in the same page as the trampoline to reduce
      exposure to globaldata from the isolated MMU context.
    * 16-byte align struct trampframe for convenience.
    * Fix a bug in POP_FRAME.  Always cli in order to avoid getting
      an interrupt just at the iretq instruction, which might be

Summary of changes:
 sys/cpu/x86_64/include/asmacros.h      |   2 +-
 sys/cpu/x86_64/include/frame.h         |   1 +
 sys/cpu/x86_64/include/segments.h      |   3 +-
 sys/platform/pc64/include/globaldata.h |  38 +++--
 sys/platform/pc64/vmm/vmx.c            |   4 +-
 sys/platform/pc64/x86_64/exception.S   |   3 +-
 sys/platform/pc64/x86_64/genassym.c    |   2 +-
 sys/platform/pc64/x86_64/machdep.c     |  19 ++-
 sys/platform/pc64/x86_64/mp_machdep.c  |  17 +--
 sys/platform/pc64/x86_64/pmap.c        | 257 ++++++++++++++++++++++++++++-----
 10 files changed, 276 insertions(+), 70 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list