From owner-p4-projects@FreeBSD.ORG  Thu Jan 13 21:07:05 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0BAC816A4D0; Thu, 13 Jan 2005 21:07:05 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C18C416A4CE
	for <perforce@freebsd.org>; Thu, 13 Jan 2005 21:07:04 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 89A0443D2D
	for <perforce@freebsd.org>; Thu, 13 Jan 2005 21:07:04 +0000 (GMT)
	(envelope-from jhb@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j0DL744R010616
	for <perforce@freebsd.org>; Thu, 13 Jan 2005 21:07:04 GMT
	(envelope-from jhb@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j0DL74Ov010613
	for perforce@freebsd.org; Thu, 13 Jan 2005 21:07:04 GMT
	(envelope-from jhb@freebsd.org)
Date: Thu, 13 Jan 2005 21:07:04 GMT
Message-Id: <200501132107.j0DL74Ov010613@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	jhb@freebsd.org using -f
From: John Baldwin <jhb@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 68938 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2005 21:07:05 -0000

http://perforce.freebsd.org/chv.cgi?CH=68938

Change 68938 by jhb@jhb_slimer on 2005/01/13 21:06:03

	cpu_exit() cleaning inspired by sparc64 use-after-free bug:
	- Remove stale comment (alpha, powerpc)
	- Drop redundant dbregs drop (i386, amd64)
	- Note that fp state should probably be per thread (alpha, ia64)

Affected files ...

.. //depot/projects/smpng/sys/alpha/alpha/vm_machdep.c#37 edit
.. //depot/projects/smpng/sys/amd64/amd64/vm_machdep.c#22 edit
.. //depot/projects/smpng/sys/i386/i386/vm_machdep.c#59 edit
.. //depot/projects/smpng/sys/ia64/ia64/vm_machdep.c#44 edit
.. //depot/projects/smpng/sys/powerpc/powerpc/vm_machdep.c#40 edit

Differences ...

==== //depot/projects/smpng/sys/alpha/alpha/vm_machdep.c#37 (text+ko) ====

@@ -224,17 +224,15 @@
 	td->td_pcb->pcb_context[2] = (u_long) arg;
 }
 
-/*
- * cpu_exit is called as the last action during exit.
- * We release the address space of the process, block interrupts,
- * and call switch_exit.  switch_exit switches to proc0's PCB and stack,
- * then jumps into the middle of cpu_switch, as if it were switching
- * from proc0.
- */
 void
 cpu_exit(struct thread *td)
 {
 
+	/*
+	 * XXX: Should this be in thread_exit instead?  If so,
+	 * alpha_fpstate_save() should be in cpu_set_upcall()
+	 * as well.
+	 */
 	alpha_fpstate_drop(td);
 }
 

==== //depot/projects/smpng/sys/amd64/amd64/vm_machdep.c#22 (text+ko) ====

@@ -185,13 +185,6 @@
 void
 cpu_exit(struct thread *td)
 {
-	struct pcb *pcb = td->td_pcb;
-
-	if (pcb->pcb_flags & PCB_DBREGS) {
-		/* disable all hardware breakpoints */
-		reset_dbregs();
-		pcb->pcb_flags &= ~PCB_DBREGS;
-	}
 }
 
 void

==== //depot/projects/smpng/sys/i386/i386/vm_machdep.c#59 (text+ko) ====

@@ -295,8 +295,6 @@
 cpu_exit(struct thread *td)
 {
 	struct mdproc *mdp;
-	struct pcb *pcb = td->td_pcb; 
-
 
 	/* Reset pc->pcb_gs and %gs before possibly invalidating it. */
 	mdp = &td->td_proc->p_md;
@@ -307,18 +305,13 @@
 		user_ldt_free(td);
 	} else
 		mtx_unlock_spin(&sched_lock);
-
-	if (pcb->pcb_flags & PCB_DBREGS) {
-		/* disable all hardware breakpoints */
-		reset_dbregs();
-		pcb->pcb_flags &= ~PCB_DBREGS;
-	}
 }
 
 void
 cpu_thread_exit(struct thread *td)
 {
 	struct pcb *pcb = td->td_pcb; 
+
 #ifdef DEV_NPX
 	if (td == PCPU_GET(fpcurthread))
 		npxdrop();

==== //depot/projects/smpng/sys/ia64/ia64/vm_machdep.c#44 (text+ko) ====

@@ -297,6 +297,7 @@
 cpu_exit(struct thread *td)
 {
 
+	/* XXX: Should this be in cpu_thread_exit() instead? */
 	/* Throw away the high FP registers. */
 	ia64_highfp_drop(td);
 }

==== //depot/projects/smpng/sys/powerpc/powerpc/vm_machdep.c#40 (text+ko) ====

@@ -182,13 +182,6 @@
 	cf->cf_arg0 = (register_t)arg;
 }
 
-/*
- * cpu_exit is called as the last action during exit.
- * We release the address space of the process, block interrupts,
- * and call switch_exit.  switch_exit switches to proc0's PCB and stack,
- * then jumps into the middle of cpu_switch, as if it were switching
- * from proc0.
- */
 void
 cpu_exit(td)
 	register struct thread *td;