Faults when using any kind of atomic in a syscall handler

[ChocolateLoverRaj]

In my syscall handler, if I do this:

let mut s = unsafe { SerialPort::init() };
  writeln!(
      s,
      "Syscalled with args: {} {} {} {}",
      arg0, arg1, arg2, arg3
  );

The args get logged without any error and wierd behavior.

But if I try to call log::info!, which uses a locked logger, it either never unlocks, or causes a fault (page fault, general protection fault, double fault, I'm not sure which one).

So I tried doing a simple:

pub static TEST: AtomicBool = AtomicBool::new(false);
// In the handler
TEST.compare_exchange(false, true, Ordering::SeqCst, Ordering::SeqCst);

and that causes a general protection fault. Idk why. If I do the same code in main.rs it doesn't panic. Logging everywhere else works.

The full code is at https://github.com/ChocolateLoverRaj/code-runner/tree/edition-3

Here is one of the files (for the syscall handler):

use core::{
    arch::{asm, naked_asm},
    fmt::Write,
    sync::atomic::{AtomicBool, Ordering},
};

use bootloader_x86_64_common::serial::SerialPort;

// save the registers, handle the syscall and return to usermode
#[naked]
pub extern "C" fn handle_syscall_wrapper() {
    unsafe {
        naked_asm!("\
        push rcx // backup registers for sysretq
        push r11
        push rbp // save callee-saved registers
        push rbx
        push r12
        push r13
        push r14
        push r15
        mov rbp, rsp // save rsp
        sub rsp, 0x400 // make some room in the stack
        mov rcx, r10 // move fourth syscall arg to rcx which is the fourth argument register in sysv64
        mov r8, rax // move syscall number to the 5th argument register
        call {syscall_alloc_stack} // call the handler with the syscall number in r8
        mov rsp, rbp // restore rsp from rbp
        pop r15 // restore callee-saved registers
        pop r14
        pop r13
        pop r12
        pop rbx
        pop rbp // restore stack and registers for sysretq
        pop r11
        pop rcx
        sysretq // back to userland",
        syscall_alloc_stack = sym syscall_alloc_stack);
    }
}

// static SERIAL_PORT: OnceCell<Mutex<SerialPort>> = OnceCell::uninit();
pub static TEST: AtomicBool = AtomicBool::new(false);

// allocate a temp stack and call the syscall handler
//  extern "sysv64"
unsafe extern "sysv64" fn syscall_alloc_stack(
    arg0: u64,
    arg1: u64,
    arg2: u64,
    arg3: u64,
    syscall: u64,
) -> u64 {
    static mut syscall_stack: [u8; 0x10000] = [0; 0x10000];
    // let syscall_stack: Vec<u8> = Vec::with_capacity(0x10000);
    // let layout = Layout::from_size_align(0x10000, Size4KiB::SIZE as usize).unwrap();
    // let stack_ptr = alloc(layout);
    let stack_ptr = syscall_stack.as_ptr();
    let retval = handle_syscall_with_temp_stack(arg0, arg1, arg2, arg3, syscall, stack_ptr);
    // dealloc(stack_ptr, layout);
    // drop(syscall_stack); // we can now drop the syscall temp stack
    return retval;
}

#[inline(never)]
extern "sysv64" fn handle_syscall_with_temp_stack(
    arg0: u64,
    arg1: u64,
    arg2: u64,
    arg3: u64,
    syscall: u64,
    temp_stack: *const u8,
) -> u64 {
    let old_stack: *const u8;
    unsafe {
        asm!("\
        mov {old_stack}, rsp
        mov rsp, {temp_stack} // move our stack to the newly allocated one
        // sti // enable interrupts",
        temp_stack = in(reg) temp_stack, old_stack = out(reg) old_stack);
    }

    log::warn!("Syscalled with args: {} {} {} {}", arg0, arg1, arg2, arg3);

    TEST.compare_exchange(false, true, Ordering::SeqCst, Ordering::SeqCst);

    let mut s = unsafe { SerialPort::init() };
    writeln!(
        s,
        "Syscalled with args: {} {} {} {}",
        arg0, arg1, arg2, arg3
    );

    let retval: u64 = 4;
    unsafe {
        asm!("\
        // cli // disable interrupts while restoring the stack
        mov rsp, {old_stack} // restore the old stack
        ",
        old_stack = in(reg) old_stack);
    }
    retval
}

Why does this happen? Is there any way of fixing it?

[tsatke]

(page fault, general protection fault, double fault, I'm not sure which one)

That isn't a good start. -d int to check, then also check where in memory TEST is, and see how and if that memory is mapped.

Generally, there is no reason why this shouldn't work.

What I've noticed:

• you're using a static mut and obtain a pointer to it, just to use that pointer mutably. That's UB
• once you've fixed that: I'd be interested if that happens in release mode as well, and also in the compiled assembly of handle_syscall_with_temp_stack. I could imagine the compiler trying to be smart about the stack, but not considering your sub rsp, 0x400, or trying to make syscall_stack a stack allocation (which would probably make you run out of mapped memory (?) and causing a #PF or #GP)
• check where syscall_stack is located and whether it can be accessed
• check whether your stack is correctly set up (to ease debugging, I tend to initialize my stack with some magic value)
• I don't understand why sub rsp, 0x400 is needed. You're not putting anything there, do you? Is your stack correctly aligned when you enter handle_syscall_with_temp_stack?

[ChocolateLoverRaj]

• If I do the TEST.compare_exchange(false, true, Ordering::SeqCst, Ordering::SeqCst);, then a general protection fault happens.
• I'm not sure what to do instead of static mut syscall_stack: [u8; 0x10000] = [0; 0x10000]; Nothing else is using that memory. I checked and the ptr was (unsigned char *) stack_ptr = 0x000000800006cff9 "", which is not aligned to 16 bytes (so I will fix this)!
  So I changed it to allocate instead (although I think this is bad cuz then the allocation function will be done on the userspace stack so the stack from the allocation function will be leaked to the userspace program):

unsafe extern "sysv64" fn syscall_alloc_stack(
    arg0: u64,
    arg1: u64,
    arg2: u64,
    arg3: u64,
    syscall: u64,
) -> u64 {
    let layout = Layout::from_size_align(0x10000, 16).unwrap();
    let stack_ptr = alloc(layout);
    let retval = handle_syscall_with_temp_stack(arg0, arg1, arg2, arg3, syscall, stack_ptr);
    dealloc(stack_ptr, layout);
    return retval;
}

And now I get a print:

Syscalled with args: 10 20 30 40

And this instruction:

->  0x800003ec12 <+34>: movq   %rbp, %rsp

now causes a page fault.

I got the stack moving code from https://github.com/nikofil/rust-os/blob/69f6bca822893f173788ed1d5c3a6765e7b8898a/kernel/src/syscalls.rs#L98-L126, which is the only example I can find. And rust-os works.

Same thing happens when running in release mode.

[ChocolateLoverRaj]

I got the log::info! to work after removing the code that changes rsp to switch the stack and increasing the userspace stack size from 0x1000 to 0x2000 (ig the log::info! just needs a big stack). It's good that this works but now I need to figure out how to properly switch stacks to not leak info from the kernel to userspace.

[ChocolateLoverRaj]

And another thing I fixed is the temporary stack thing: rsp should be set to the end of the stack (allocated pointer + stack size), not the beginning.