From owner-svn-src-head@freebsd.org Thu Oct 5 12:50:04 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88CFEE37F96; Thu, 5 Oct 2017 12:50:04 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BEBF701CE; Thu, 5 Oct 2017 12:50:04 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v95Co35a048932; Thu, 5 Oct 2017 12:50:03 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v95Co31e048931; Thu, 5 Oct 2017 12:50:03 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201710051250.v95Co31e048931@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Thu, 5 Oct 2017 12:50:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r324313 - head/sys/amd64/amd64 X-SVN-Group: head X-SVN-Commit-Author: kib X-SVN-Commit-Paths: head/sys/amd64/amd64 X-SVN-Commit-Revision: 324313 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2017 12:50:04 -0000 Author: kib Date: Thu Oct 5 12:50:03 2017 New Revision: 324313 URL: https://svnweb.freebsd.org/changeset/base/324313 Log: Avoid a race betweem freeing LDT and context switches. cpu_switch.S uses curproc->p_md.md_ldt value as the flag indicating presence of the process LDT. The flag is checked and then ldt segment descriptor is copied into the CPU' GDT slot. Disallow context switches around clearing of the curproc LDT state by performing the cleanup in critical section. Ensure that the md_ldt flag is cleared before md_ldt_sd descriptor content is destroyed by inserting fence between the operations. We depend on the x86 memory model strong ordering guarantees, in particular, that cpu_switch.S observes the writes to md_ldt and md_ldt_sd in the expected order. Discussed with: bde Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/amd64/amd64/sys_machdep.c Modified: head/sys/amd64/amd64/sys_machdep.c ============================================================================== --- head/sys/amd64/amd64/sys_machdep.c Thu Oct 5 12:38:26 2017 (r324312) +++ head/sys/amd64/amd64/sys_machdep.c Thu Oct 5 12:50:03 2017 (r324313) @@ -514,10 +514,13 @@ user_ldt_free(struct thread *td) return; } + critical_enter(); mdp->md_ldt = NULL; + atomic_thread_fence_rel(); bzero(&mdp->md_ldt_sd, sizeof(mdp->md_ldt_sd)); if (td == curthread) lldt(GSEL(GNULL_SEL, SEL_KPL)); + critical_exit(); user_ldt_deref(pldt); }