Module Name: src
Committed By: rmind
Date: Thu Jul 9 21:43:17 UTC 2009
Modified Files:
src/sys/arch/amd64/amd64: vector.S
src/sys/arch/i386/i386: vector.S
src/sys/uvm: uvm_emap.c
Log Message:
- Fix rare crashe in the intr_lapic_tlb_bcast() handler: save and setup
%fs on i386, %gs on amd64 registers, before using them. Otherwise, it
might be invalid/garbage, eg. IPI can interrupt userspace.
- Explicitly initialize per-CPU emap generation number.
Thanks <drochner> for reporting and testing of patch.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/amd64/amd64/vector.S
cvs rdiff -u -r1.46 -r1.47 src/sys/arch/i386/i386/vector.S
cvs rdiff -u -r1.1 -r1.2 src/sys/uvm/uvm_emap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/amd64/vector.S
diff -u src/sys/arch/amd64/amd64/vector.S:1.30 src/sys/arch/amd64/amd64/vector.S:1.31
--- src/sys/arch/amd64/amd64/vector.S:1.30 Sun Jun 28 15:18:50 2009
+++ src/sys/arch/amd64/amd64/vector.S Thu Jul 9 21:43:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: vector.S,v 1.30 2009/06/28 15:18:50 rmind Exp $ */
+/* $NetBSD: vector.S,v 1.31 2009/07/09 21:43:16 rmind Exp $ */
/*-
* Copyright (c) 1998, 2007, 2008 The NetBSD Foundation, Inc.
@@ -524,6 +524,10 @@
* Broadcast TLB shootdown handler for kernel_pmap.
*/
IDTVEC(intr_lapic_tlb_bcast)
+ testq $SEL_UPL,8(%rsp)
+ jz 0f
+ swapgs
+0:
/* Save state. */
pushq %rax
pushq %rdi
@@ -556,6 +560,10 @@
popq %rsi
popq %rdi
popq %rax
+ testq $SEL_UPL, 8(%rsp)
+ jz 5f
+ swapgs
+5:
iretq
3:
testq %rdi, %rdi
Index: src/sys/arch/i386/i386/vector.S
diff -u src/sys/arch/i386/i386/vector.S:1.46 src/sys/arch/i386/i386/vector.S:1.47
--- src/sys/arch/i386/i386/vector.S:1.46 Sun Jun 28 15:18:50 2009
+++ src/sys/arch/i386/i386/vector.S Thu Jul 9 21:43:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: vector.S,v 1.46 2009/06/28 15:18:50 rmind Exp $ */
+/* $NetBSD: vector.S,v 1.47 2009/07/09 21:43:16 rmind Exp $ */
/*
* Copyright 2002 (c) Wasabi Systems, Inc.
@@ -65,7 +65,7 @@
*/
#include <machine/asm.h>
-__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.46 2009/06/28 15:18:50 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vector.S,v 1.47 2009/07/09 21:43:16 rmind Exp $");
#include "opt_ddb.h"
#include "opt_multiprocessor.h"
@@ -252,6 +252,12 @@
pushl %ebx
pushl %ecx
pushl %edx
+ pushl %ds
+ pushl %fs
+ movl $GSEL(GDATA_SEL, SEL_KPL), %eax
+ movl $GSEL(GCPU_SEL, SEL_KPL), %edx
+ movl %eax, %ds
+ movl %edx, %fs
/* Find out what we need to invalidate. */
movl %ss:_C_LABEL(pmap_mbox)+MB_ADDR1, %eax
movl %ss:_C_LABEL(pmap_mbox)+MB_ADDR2, %edx
@@ -269,6 +275,8 @@
/* Ack the request, restore state & return. */
lock
incl %ss:_C_LABEL(pmap_mbox)+MB_TAIL
+ popl %fs
+ popl %ds
popl %edx
popl %ecx
popl %ebx
Index: src/sys/uvm/uvm_emap.c
diff -u src/sys/uvm/uvm_emap.c:1.1 src/sys/uvm/uvm_emap.c:1.2
--- src/sys/uvm/uvm_emap.c:1.1 Sun Jun 28 15:18:50 2009
+++ src/sys/uvm/uvm_emap.c Thu Jul 9 21:43:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_emap.c,v 1.1 2009/06/28 15:18:50 rmind Exp $ */
+/* $NetBSD: uvm_emap.c,v 1.2 2009/07/09 21:43:17 rmind Exp $ */
/*-
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_emap.c,v 1.1 2009/06/28 15:18:50 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_emap.c,v 1.2 2009/07/09 21:43:17 rmind Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -81,7 +81,9 @@
void
uvm_emap_sysinit(void)
{
+ struct uvm_cpu *ucpu;
size_t qmax;
+ u_int i;
uvm_emap_size = roundup(uvm_emap_size, PAGE_SIZE);
qmax = 16 * PAGE_SIZE;
@@ -98,7 +100,12 @@
panic("uvm_emap_init: vmem creation failed");
}
+ /* Initial generation value is 1. */
uvm_emap_gen = 1;
+ for (i = 0; i < MAXCPUS; i++) {
+ ucpu = &uvm.cpus[i];
+ ucpu->emap_gen = 1;
+ }
}
/*
