From owner-freebsd-threads@FreeBSD.ORG Thu Sep 23 10:20:55 2004 Return-Path: Delivered-To: freebsd-threads@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFC5116A4CE; Thu, 23 Sep 2004 10:20:55 +0000 (GMT) Received: from tts.orel.ru (tts.orel.ru [213.59.64.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F8F443D1D; Thu, 23 Sep 2004 10:20:55 +0000 (GMT) (envelope-from bel@orel.ru) Received: from orel.ru (lg.orel.ru [62.33.11.59]) by tts.orel.ru (8.12.10/8.12.10/bel) with ESMTP id i8NAKpBm006528; Thu, 23 Sep 2004 14:20:52 +0400 Message-ID: <4152A383.3090901@orel.ru> Date: Thu, 23 Sep 2004 14:20:51 +0400 From: Andrew Belashov Organization: ORIS User-Agent: Mozilla/5.0 (X11; U; FreeBSD sparc64; en-US; rv:1.6) Gecko/20040407 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: freebsd-threads@freebsd.org References: <41518130.3000704@orel.ru> In-Reply-To: <41518130.3000704@orel.ru> X-Enigmail-Version: 0.83.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Zombi-Check: on netra2.orel.ru cc: freebsd-sparc64@freebsd.org Subject: Bug in kse_switchin()? X-BeenThere: freebsd-threads@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Threading on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 10:20:56 -0000 Hello! I long time work on libkse library for FreeBSD/sparc64. Some work is done. Recently I have found a bug in kernel. Here details. From sys/kern/kern_kse.c: --------------------------------------------------------------------------- 1 int 2 kse_switchin(struct thread *td, struct kse_switchin_args *uap) 3 { 4 struct kse_thr_mailbox tmbx; 5 struct kse_upcall *ku; 6 int error; 7 8 if ((ku = td->td_upcall) == NULL || TD_CAN_UNBIND(td)) 9 return (EINVAL); 10 error = (uap->tmbx == NULL) ? EINVAL : 0; 11 if (!error) 12 error = copyin(uap->tmbx, &tmbx, sizeof(tmbx)); 13 if (!error && (uap->flags & KSE_SWITCHIN_SETTMBX)) 14 error = (suword(&ku->ku_mailbox->km_curthread, 15 (long)uap->tmbx) != 0 ? EINVAL : 0); 16 if (!error) 17 error = set_mcontext(td, &tmbx.tm_context.uc_mcontext); 18 if (!error) { 19 suword32(&uap->tmbx->tm_lwp, td->td_tid); 20 if (uap->flags & KSE_SWITCHIN_SETTMBX) { 21 td->td_mailbox = uap->tmbx; 22 td->td_pflags |= TDP_CAN_UNBIND; 23 } 24 if (td->td_proc->p_flag & P_TRACED) { 25 if (tmbx.tm_dflags & TMDF_SSTEP) 26 ptrace_single_step(td); 27 else 28 ptrace_clear_single_step(td); 29 if (tmbx.tm_dflags & TMDF_SUSPEND) { 30 mtx_lock_spin(&sched_lock); 31 /* fuword can block, check again */ 32 if (td->td_upcall) 33 ku->ku_flags |= KUF_DOUPCALL; 34 mtx_unlock_spin(&sched_lock); 35 } 36 } 37 } 38 return ((error == 0) ? EJUSTRETURN : error); 39 } --------------------------------------------------------------------------- 1. On FreeBSD/sparc64 uap structure (line 2) is stored in trap stack frame, if number of syscall arguments is 6 or less (see: sys/sparc64/sparc64/trap.c). 2. set_mcontext() function overwriting trap stack frame for restore saved context (line 17). 3. uap structure used after overwriting by set_mcontext() in following lines: 19, 20, 21. Same problem in thr_create() (see sys/kern/kern_thr.c). Where bug? - In sparc64 specific core? - In kern/kern_kse.c and kern/kern_thr.c code? -- With best regards, Andrew Belashov.