svn commit: r246890 - head/sys/ia64/ia64
Marcel Moolenaar
marcel at FreeBSD.org
Sun Feb 17 00:51:35 UTC 2013
Author: marcel
Date: Sun Feb 17 00:51:34 2013
New Revision: 246890
URL: http://svnweb.freebsd.org/changeset/base/246890
Log:
Close a race relating to setting the PCPU pointer (r13). Register r13
points to the TLS in user space and points to the PCPU structure in
the kernel. The race is the result of having the exception handler on
the one hand and the RPC system call entry on the other. The EPC
syscall path is non-atomic in that interrupts are enabled while the
two stacks are switched. The register stack is switched last as that
is the stack used to determine whether we're going back to user space
by the exception handler. If we go back to user space, we restore r13,
otherwise we leave r13 alone. The EPC syscall path however set r13 to
the PCPU structure *before* switching the register stack, which means
that there was a window in which the exception handler would restore
r13 when it was already pointing to the PCPU structure. This is fatal
when the exception happened on CPU x, but left from the exception on
anotehr CPU. In that case r13 would point to the PCPU of the CPU the
thread was running on. This immediately results in getting the wrong
value for curthread.
The fix is to make sure we assign r13 *after* we set ar.bspstore to
point to the kernel register stack for the thread.
Modified:
head/sys/ia64/ia64/syscall.S
Modified: head/sys/ia64/ia64/syscall.S
==============================================================================
--- head/sys/ia64/ia64/syscall.S Sun Feb 17 00:41:15 2013 (r246889)
+++ head/sys/ia64/ia64/syscall.S Sun Feb 17 00:51:34 2013 (r246890)
@@ -228,7 +228,7 @@ ENTRY_NOPROFILE(epc_syscall, 8)
{ .mmi
mov r16=ar.rsc
mov ar.rsc=0
- mov r17=r13
+ nop 0
;;
}
{ .mmi
@@ -239,13 +239,13 @@ ENTRY_NOPROFILE(epc_syscall, 8)
;;
}
{ .mmi
- mov r13=ar.k4
+ mov r21=ar.unat
add r30=-SIZEOF_TRAPFRAME,r14
mov r20=sp
;;
}
{ .mii
- mov r21=ar.unat
+ mov r17=r13
dep r30=0,r30,0,10
;;
add sp=-16,r30
@@ -258,10 +258,10 @@ ENTRY_NOPROFILE(epc_syscall, 8)
add r31=8,r30
;;
}
-{ .mii
+{ .mmi
+ mov r13=ar.k4
mov r22=ar.fpsr
sub r29=r14,r30
- nop 0
}
{ .mmi
mov r23=ar.bsp
More information about the svn-src-all
mailing list