Lines Matching +full:a +full:- +full:b
1 .. SPDX-License-Identifier: GPL-2.0
9 When a process runs in kernel mode, it often has to access user
22 It only failed for a few buggy programs. In some kernel profiling
23 tests, this normally unneeded verification used up a considerable
27 hardware present in every Linux-capable CPU handle this test.
32 accessible, the CPU generates a page fault exception and calls the
39 regs is a pointer to the saved registers on the stack, error_code
40 contains a reason code for the exception.
51 (i.e. regs->eip) to find an address where the execution can continue
53 return address (again regs->eip) and returns. The execution will
63 the get_user() call in drivers/char/sysrq.c for a detailed examination.
73 long __gu_err = - 14 , __gu_val = 0;
75 if (((((0 + current_set[0])->tss.segment) == 0x18 ) ||
77 ((unsigned long)(__gu_addr ) <= 0xC0000000UL - (sizeof(*(buf)))))))
83 "1: mov" "b" " %2,%" "b" "1\n"
87 " xor" "b" " %" "b" "1,%" "b" "1\n"
88 " jmp 2b\n"
89 ".section __ex_table,\"a\"\n"
91 " .long 1b,3b\n"
93 ( __gu_addr )) ), "i"(- 14 ), "0"( __gu_err )) ;
102 " jmp 2b\n"
103 ".section __ex_table,\"a\"\n"
105 " .long 1b,3b\n"
107 ( __gu_addr )) ), "i"(- 14 ), "0"( __gu_err ));
116 " jmp 2b\n"
117 ".section __ex_table,\"a\"\n"
118 " .align 4\n" " .long 1b,3b\n"
120 ( __gu_addr )) ), "i"(- 14 ), "0"(__gu_err));
138 > cmpl $-1073741825,64(%esp)
147 > 3: movl $-14,%eax
149 > jmp 2b
150 > .section __ex_table,"a"
152 > .long 1b,3b
158 The optimizer does a good job and gives us something we can actually
165 > objdump --section-headers vmlinux
167 > vmlinux: file format elf32-i386
192 > objdump --disassemble --section=.text vmlinux
207 in the normal execution path. They are located in a different section
210 > objdump --disassemble --section=.fixup vmlinux
218 > objdump --full-contents --section=__ex_table vmlinux
235 .section __ex_table,"a"
240 3: movl $-14,%eax
242 jmp 2b
246 .long 1b,3b
248 ended up in the __ex_table section of the object file. 1b and 3b
249 are local labels. The local label 1b (1b stands for next label 1
257 the original assembly code: > 3: movl $-14,%eax
261 to the instruction after the one that triggered the fault, ie. local label 2b.
265 > .section __ex_table,"a"
267 > .long 1b,3b
273 1b 3b
277 So, what actually happens if a fault from kernel mode with no suitable
287 #. kernelmode_fixup_or_oops() calls fixup_exception() (regs->eip == c017e7a5);
295 #. a) EAX becomes -EFAULT (== -14)
296 b) DL becomes zero (the value we "read" from user space)
300 The steps a to c above in a certain way emulate the faulting instruction.
303 we set EAX to -EFAULT in the exception handler code. Well, the
304 get_user() macro actually returns a value: 0, if the user access was
305 successful, -EFAULT on failure. Our original code did not test this
307 return -EFAULT. GCC selected EAX to return this value.
315 Things changed when 64-bit support was added to x86 Linux. Rather than
317 from 32-bits to 64 bits, a clever trick was used to store addresses
321 .long 1b,3b
323 .long (from) - .
324 .long (to) - .
326 and the C-code that uses these values converts back to absolute addresses
331 return (unsigned long)&x->insn + x->insn;
334 In v4.6 the exception table entry was expanded with a new field "handler".
335 This is also 32-bits wide and contains a third relative function
343 entry->insn. It is used to distinguish page faults from machine
349 link of the kernel image, via a host utility scripts/sorttable. It will set the
354 This is not just a boot time optimization, some architectures require this