From owner-svn-src-head@FreeBSD.ORG Wed May 12 10:29:35 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FA5710657C2; Wed, 12 May 2010 10:29:35 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [69.147.83.44]) by mx1.freebsd.org (Postfix) with ESMTP id 808CE8FC16; Wed, 12 May 2010 10:29:35 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o4CATZg1080839; Wed, 12 May 2010 10:29:35 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o4CATZgR080836; Wed, 12 May 2010 10:29:35 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201005121029.o4CATZgR080836@svn.freebsd.org> From: Konstantin Belousov Date: Wed, 12 May 2010 10:29:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r207958 - head/sys/amd64/amd64 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2010 10:29:35 -0000 Author: kib Date: Wed May 12 10:29:35 2010 New Revision: 207958 URL: http://svn.freebsd.org/changeset/base/207958 Log: Route all returns from the interrupts and faults through the doreti_iret labeled iretq instruction. Suppose that multithreaded process executes two threads, currently scheduled on different processors. Let assume that thread A executes using %cs or %ss pointing into the descriptor from LDT. If IPI comes which handler does not return by jump to doreti, and meantime thread B invalidates descriptor pointed to by %cs or %ss, then iretq from IPI handler could fault. Routing the return by doreti_iret allows kernel to catch the situation and recover from it by sending signal to the usermode. Tested by: pho MFC after: 1 week Modified: head/sys/amd64/amd64/apic_vector.S head/sys/amd64/amd64/exception.S Modified: head/sys/amd64/amd64/apic_vector.S ============================================================================== --- head/sys/amd64/amd64/apic_vector.S Wed May 12 10:29:06 2010 (r207957) +++ head/sys/amd64/amd64/apic_vector.S Wed May 12 10:29:35 2010 (r207958) @@ -41,6 +41,7 @@ #include "assym.s" + .extern doreti_iret /* * I/O Interrupt Entry Point. Rather than having one entry point for * each interrupt source, we use one entry point for each 32-bit word @@ -81,7 +82,7 @@ IDTVEC(spuriousint) /* No EOI cycle used here */ - iretq + jmp doreti_iret ISR_VEC(1, apic_isr1) ISR_VEC(2, apic_isr2) @@ -135,7 +136,7 @@ IDTVEC(invltlb) incl smp_tlb_wait popq %rax - iretq + jmp doreti_iret /* * Single page TLB shootdown @@ -155,7 +156,7 @@ IDTVEC(invlpg) incl smp_tlb_wait popq %rax - iretq + jmp doreti_iret /* * Page range TLB shootdown. @@ -181,7 +182,7 @@ IDTVEC(invlrng) popq %rdx popq %rax - iretq + jmp doreti_iret /* * Invalidate cache. @@ -200,7 +201,7 @@ IDTVEC(invlcache) incl smp_tlb_wait popq %rax - iretq + jmp doreti_iret /* * Handler for IPIs sent via the per-cpu IPI bitmap. @@ -247,7 +248,7 @@ IDTVEC(cpususpend) call cpususpend_handler POP_FRAME - iretq + jmp doreti_iret /* * Executed by a CPU when it receives a RENDEZVOUS IPI from another CPU. Modified: head/sys/amd64/amd64/exception.S ============================================================================== --- head/sys/amd64/amd64/exception.S Wed May 12 10:29:06 2010 (r207957) +++ head/sys/amd64/amd64/exception.S Wed May 12 10:29:35 2010 (r207958) @@ -553,7 +553,7 @@ nmi_restoreregs: movq TF_R14(%rsp),%r14 movq TF_R15(%rsp),%r15 addq $TF_RIP,%rsp - iretq + jmp doreti_iret ENTRY(fork_trampoline) movq %r12,%rdi /* function */