FreeBSD Mail Archives

Date:      Wed, 30 Dec 2020 22:45:53 GMT
From:      Piotr Kubaj <pkubaj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 76ff03aef741 - main - powerpc: Fix copyin/copyout race condition
Message-ID:  <202012302245.0BUMjrpm032399@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help

The branch main has been updated by pkubaj (ports committer):

URL: https://cgit.FreeBSD.org/src/commit/?id=76ff03aef7411e601673dfc997bd6d691bd9a14e

commit 76ff03aef7411e601673dfc997bd6d691bd9a14e
Author:     Justin Hibbits <chmeeedalf@gmail.com>
AuthorDate: 2020-12-08 22:49:25 +0000
Commit:     Piotr Kubaj <pkubaj@FreeBSD.org>
CommitDate: 2020-12-30 22:45:44 +0000

    powerpc: Fix copyin/copyout race condition
    
    It's possible for a context switch, and CPU migration, to occur between
    fetching the PCPU context and extracting the pc_curpcb.  This can cause
    the fault handler to be installed for the wrong thread, leading to a
    panic in copyin()/copyout().  Since curthread is already in %r13, just
    use that directly, as GPRs are migrated, so there is no migration race
    risk.
---
 sys/powerpc/powerpc/support.S | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/sys/powerpc/powerpc/support.S b/sys/powerpc/powerpc/support.S
index 9ff1bcc02437..10d3192972d5 100644
--- a/sys/powerpc/powerpc/support.S
+++ b/sys/powerpc/powerpc/support.S
@@ -61,6 +61,7 @@
 /* log_2(8 * WORD) */
 #define	LOOP_LOG	6
 #define	LOG_WORD	3
+#define	CURTHREAD	%r13
 #else
 #define	LOAD	lwz
 #define	STORE	stw
@@ -70,6 +71,7 @@
 /* log_2(8 * WORD) */
 #define	LOOP_LOG	5
 #define	LOG_WORD	2
+#define	CURTHREAD	%r2
 #endif
 
 #ifdef AIM
@@ -149,32 +151,26 @@
 
 #endif
 
-#define PCPU(reg) mfsprg  reg, 0
-
 #define	SET_COPYFAULT(raddr, rpcb, len)	\
 	VALIDATE_ADDR_COPY(raddr, len)	;\
-	PCPU(%r9)			;\
 	li	%r0, COPYFAULT		;\
-	LOAD	rpcb, PC_CURPCB(%r9)	;\
+	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
 	STORE	%r0, PCB_ONFAULT(rpcb)	;\
 
 #define	SET_COPYFAULT_TRUNCATE(raddr, rpcb, len)\
 	VALIDATE_TRUNCATE_ADDR_COPY(raddr, len)	;\
-	PCPU(%r9)				;\
 	li	%r0, COPYFAULT			;\
-	LOAD	rpcb, PC_CURPCB(%r9)		;\
+	LOAD	rpcb, TD_PCB(CURTHREAD)		;\
 	STORE	%r0, PCB_ONFAULT(rpcb)
 
 #define	SET_FUSUFAULT(raddr, rpcb)	\
 	VALIDATE_ADDR_FUSU(raddr)	;\
-	PCPU(%r9)			;\
 	li	%r0, FUSUFAULT		;\
-	LOAD	rpcb, PC_CURPCB(%r9)	;\
+	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
 	STORE	%r0, PCB_ONFAULT(rpcb)
 
 #define	CLEAR_FAULT_NO_CLOBBER(rpcb)	\
-	PCPU(%r9)			;\
-	LOAD	rpcb, PC_CURPCB(%r9)	;\
+	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
 	li	%r0, 0			;\
 	STORE	%r0, PCB_ONFAULT(rpcb)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012302245.0BUMjrpm032399>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation