From owner-freebsd-bugs Mon Apr 29 2:51:40 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3584037B404 for ; Mon, 29 Apr 2002 02:50:15 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3T9oFb16510; Mon, 29 Apr 2002 02:50:15 -0700 (PDT) (envelope-from gnats) Date: Mon, 29 Apr 2002 02:50:15 -0700 (PDT) Message-Id: <200204290950.g3T9oFb16510@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: David Xu Subject: i386/37523: lock for bios16 call and vm86call Reply-To: David Xu Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR i386/37523; it has been noted by GNATS. From: David Xu To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: i386/37523: lock for bios16 call and vm86call Date: Sun, 28 Apr 2002 17:12:24 +0800 (CST) >Number: 37523 >Category: i386 >Synopsis: lock for bios16 call and vm86call >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Apr 28 02:40:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: David Xu >Release: FreeBSD 5.0-CURRENT i386 >Organization: Viatech >Environment: System: FreeBSD davidbsd.viasoft.com.cn 5.0-CURRENT FreeBSD 5.0-CURRENT #16: Sun Apr 28 16:43:08 CST 2002 davidx@davidbsd.viasoft.com.cn:/usr/src/sys/i386/compile/xu i386 >Description: vm86 calling and bios16 calling are sharing same physical page vm86phystk as their stack, while vm86 code was already locked down, the 16 bits protected mode bios calling can still escape from vm86 lock, and bios service itself may also not reentranable. >How-To-Repeat: >Fix: --- /usr/src/sys/i386/i386/vm86.c.orig Sun Apr 28 16:54:42 2002 +++ /usr/src/sys/i386/i386/vm86.c Sun Apr 28 16:40:07 2002 @@ -49,7 +49,7 @@ extern int vm86pa; extern struct pcb *vm86pcb; -static struct mtx vm86_lock; +struct mtx vm86_lock; extern int vm86_bioscall(struct vm86frame *); extern void vm86_biosret(struct vm86frame *); --- /usr/src/sys/i386/i386/bios.c.orig Sun Apr 28 13:43:25 2002 +++ /usr/src/sys/i386/i386/bios.c Sun Apr 28 16:41:31 2002 @@ -36,7 +36,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -60,6 +62,7 @@ struct PnPBIOS_table *PnPBIOStable = 0; static u_int bios32_SDCI = 0; +extern struct mtx vm86_lock; /* start fairly early */ static void bios32_init(void *junk); @@ -382,6 +385,8 @@ args->seg.code32.base = (u_int)&bios16_jmp & PG_FRAME; args->seg.code32.limit = 0xffff; + mtx_lock(&vm86_lock); + ptd = (u_int *)rcr3(); if (ptd == (u_int *)IdlePTD) { /* @@ -441,6 +446,7 @@ break; default: + mtx_unlock(&vm86_lock); return (EINVAL); } } @@ -457,6 +463,7 @@ *ptd = 0; /* remove page table */ free(pte, M_TEMP); /* ... and free it */ } + mtx_unlock(&vm86_lock); /* * XXX only needs to be invlpg(0) but that doesn't work on the 386 >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message