From owner-svn-src-all@FreeBSD.ORG Sat Jan 9 11:28:01 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C56D01065676; Sat, 9 Jan 2010 11:28:01 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B47DE8FC12; Sat, 9 Jan 2010 11:28:01 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o09BS1CY086740; Sat, 9 Jan 2010 11:28:01 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o09BS1MQ086738; Sat, 9 Jan 2010 11:28:01 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201001091128.o09BS1MQ086738@svn.freebsd.org> From: Konstantin Belousov Date: Sat, 9 Jan 2010 11:28:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r201890 - head/sys/amd64/amd64 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jan 2010 11:28:01 -0000 Author: kib Date: Sat Jan 9 11:28:01 2010 New Revision: 201890 URL: http://svn.freebsd.org/changeset/base/201890 Log: Set md_ldt (pointer to the LDT) after md_ldt_sd (system segment descriptor for the LDT) is populated. md_ldt is used by context-switch code as indicator that LDT segment register shall be loaded with GUSERLDT segment instead of 0, so context switch at the wrong time may cause attempt to load non-populated descriptor. Use store with the barrier to prevent other CPUs from seeing updated md_ldt but not seeing updated md_ldt_sd. Multithreaded process may context-switch to another thread of the process on another CPU and read md_ldt. MFC after: 1 week Modified: head/sys/amd64/amd64/sys_machdep.c Modified: head/sys/amd64/amd64/sys_machdep.c ============================================================================== --- head/sys/amd64/amd64/sys_machdep.c Sat Jan 9 10:24:09 2010 (r201889) +++ head/sys/amd64/amd64/sys_machdep.c Sat Jan 9 11:28:01 2010 (r201890) @@ -420,13 +420,14 @@ user_ldt_alloc(struct proc *p, int force return (pldt); } - mdp->md_ldt = new_ldt; if (pldt != NULL) { bcopy(pldt->ldt_base, new_ldt->ldt_base, max_ldt_segment * sizeof(struct user_segment_descriptor)); user_ldt_derefl(pldt); } ssdtosyssd(&sldt, &p->p_md.md_ldt_sd); + atomic_store_rel_ptr((volatile uintptr_t *)&mdp->md_ldt, + (uintptr_t)new_ldt); if (p == curproc) set_user_ldt(mdp);