svn commit: r207958 - head/sys/amd64/amd64

Konstantin Belousov kib at FreeBSD.org
Wed May 12 10:29:35 UTC 2010 

Author: kib
Date: Wed May 12 10:29:35 2010
New Revision: 207958
URL: http://svn.freebsd.org/changeset/base/207958

Log:
  Route all returns from the interrupts and faults through the doreti_iret
  labeled iretq instruction.
  
  Suppose that multithreaded process executes two threads, currently
  scheduled on different processors. Let assume that thread A executes
  using %cs or %ss pointing into the descriptor from LDT. If IPI comes
  which handler does not return by jump to doreti, and meantime thread B
  invalidates descriptor pointed to by %cs or %ss, then iretq from IPI
  handler could fault.
  
  Routing the return by doreti_iret allows kernel to catch the situation
  and recover from it by sending signal to the usermode.
  
  Tested by:	pho
  MFC after:	1 week

Modified:
  head/sys/amd64/amd64/apic_vector.S
  head/sys/amd64/amd64/exception.S

Modified: head/sys/amd64/amd64/apic_vector.S
==============================================================================
--- head/sys/amd64/amd64/apic_vector.S	Wed May 12 10:29:06 2010	(r207957)
+++ head/sys/amd64/amd64/apic_vector.S	Wed May 12 10:29:35 2010	(r207958)
@@ -41,6 +41,7 @@
 
 #include "assym.s"
 
+	.extern	doreti_iret
 /*
  * I/O Interrupt Entry Point.  Rather than having one entry point for
  * each interrupt source, we use one entry point for each 32-bit word
@@ -81,7 +82,7 @@ IDTVEC(spuriousint)
 
 	/* No EOI cycle used here */
 
-	iretq
+	jmp	doreti_iret
 
 	ISR_VEC(1, apic_isr1)
 	ISR_VEC(2, apic_isr2)
@@ -135,7 +136,7 @@ IDTVEC(invltlb)
 	incl	smp_tlb_wait
 
 	popq	%rax
-	iretq
+	jmp	doreti_iret
 
 /*
  * Single page TLB shootdown
@@ -155,7 +156,7 @@ IDTVEC(invlpg)
 	incl	smp_tlb_wait
 
 	popq	%rax
-	iretq
+	jmp	doreti_iret
 
 /*
  * Page range TLB shootdown.
@@ -181,7 +182,7 @@ IDTVEC(invlrng)
 
 	popq	%rdx
 	popq	%rax
-	iretq
+	jmp	doreti_iret
 
 /*
  * Invalidate cache.
@@ -200,7 +201,7 @@ IDTVEC(invlcache)
 	incl	smp_tlb_wait
 
 	popq	%rax
-	iretq
+	jmp	doreti_iret
 
 /*
  * Handler for IPIs sent via the per-cpu IPI bitmap.
@@ -247,7 +248,7 @@ IDTVEC(cpususpend)
 	call	cpususpend_handler
 
 	POP_FRAME
-	iretq
+	jmp	doreti_iret
 
 /*
  * Executed by a CPU when it receives a RENDEZVOUS IPI from another CPU.

Modified: head/sys/amd64/amd64/exception.S
==============================================================================
--- head/sys/amd64/amd64/exception.S	Wed May 12 10:29:06 2010	(r207957)
+++ head/sys/amd64/amd64/exception.S	Wed May 12 10:29:35 2010	(r207958)
@@ -553,7 +553,7 @@ nmi_restoreregs:
 	movq	TF_R14(%rsp),%r14
 	movq	TF_R15(%rsp),%r15
 	addq	$TF_RIP,%rsp
-	iretq
+	jmp	doreti_iret
 
 ENTRY(fork_trampoline)
 	movq	%r12,%rdi		/* function */

More information about the svn-src-all mailing list