svn commit: r246890 - head/sys/ia64/ia64

Sat, 16 Feb 2013 16:51:44 -0800 

Author: marcel
Date: Sun Feb 17 00:51:34 2013
New Revision: 246890
URL: http://svnweb.freebsd.org/changeset/base/246890

Log:
  Close a race relating to setting the PCPU pointer (r13). Register r13
  points to the TLS in user space and points to the PCPU structure in
  the kernel. The race is the result of having the exception handler on
  the one hand and the RPC system call entry on the other. The EPC
  syscall path is non-atomic in that interrupts are enabled while the
  two stacks are switched. The register stack is switched last as that
  is the stack used to determine whether we're going back to user space
  by the exception handler. If we go back to user space, we restore r13,
  otherwise we leave r13 alone. The EPC syscall path however set r13 to
  the PCPU structure *before* switching the register stack, which means
  that there was a window in which the exception handler would restore
  r13 when it was already pointing to the PCPU structure. This is fatal
  when the exception happened on CPU x, but left from the exception on
  anotehr CPU. In that case r13 would point to the PCPU of the CPU the
  thread was running on. This immediately results in getting the wrong
  value for curthread.
  The fix is to make sure we assign r13 *after* we set ar.bspstore to
  point to the kernel register stack for the thread.

Modified:
  head/sys/ia64/ia64/syscall.S

Modified: head/sys/ia64/ia64/syscall.S
==============================================================================
--- head/sys/ia64/ia64/syscall.S        Sun Feb 17 00:41:15 2013        
(r246889)
+++ head/sys/ia64/ia64/syscall.S        Sun Feb 17 00:51:34 2013        
(r246890)
@@ -228,7 +228,7 @@ ENTRY_NOPROFILE(epc_syscall, 8)
 {      .mmi
        mov             r16=ar.rsc
        mov             ar.rsc=0
-       mov             r17=r13
+       nop             0
        ;;
 }
 {      .mmi
@@ -239,13 +239,13 @@ ENTRY_NOPROFILE(epc_syscall, 8)
        ;;
 }
 {      .mmi
-       mov             r13=ar.k4
+       mov             r21=ar.unat
        add             r30=-SIZEOF_TRAPFRAME,r14
        mov             r20=sp
        ;;
 }
 {      .mii
-       mov             r21=ar.unat
+       mov             r17=r13
        dep             r30=0,r30,0,10
        ;;
        add             sp=-16,r30
@@ -258,10 +258,10 @@ ENTRY_NOPROFILE(epc_syscall, 8)
        add             r31=8,r30
        ;;
 }
-{      .mii
+{      .mmi
+       mov             r13=ar.k4
        mov             r22=ar.fpsr
        sub             r29=r14,r30
-       nop             0
 }
 {      .mmi
        mov             r23=ar.bsp
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to