Date: Wed, 18 Apr 2001 21:48:14 +0100 (BST) From: Doug Rabson <dfr@nlsystems.com> To: John Baldwin <jhb@FreeBSD.org> Cc: <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/sys/alpha/alpha exception.s Message-ID: <Pine.BSF.4.33.0104182147040.55816-100000@salmon.nlsystems.com> In-Reply-To: <XFMail.010418125546.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Apr 2001, John Baldwin wrote: > > On 18-Apr-01 Doug Rabson wrote: > > On Wed, 18 Apr 2001, John Baldwin wrote: > > > >> > >> On 18-Apr-01 Doug Rabson wrote: > >> > On Wed, 18 Apr 2001, John Baldwin wrote: > >> > > >> >> jhb 2001/04/18 10:17:55 PDT > >> >> > >> >> Modified files: > >> >> sys/alpha/alpha exception.s > >> >> Log: > >> >> Back out the previous revision as it causes random sig 11's to userland > >> >> processes until a better fix is found. > >> > > >> > I can see several possible races here. For instance, if an interrupt > >> > happened partway through restoring registers trying to return to userland, > >> > we could corrupt the user's t7 pretty easily. > >> > > >> > I can't quite think of the correct solution yet though. > >> > >> Oh, we share the same stack frame for user and kernel returns? Oh yuck. > >> I can hack around that by raising the IPL in Lkernelret before changing t7, > >> but > >> if we use the same stackframe how do interrupts in the kernel work at all > >> w/o > >> trashing the user frame? > > > > Of course we have to use the kernel stack for all exceptions. The user > > stack might not even be a valid virtual address. We could raise the IPL > > before saving or restoring but it just seems like such a hack. I still > > haven't thought of a better fix though. > > Ok, I've read more of exception.s and my head feels better, sort of. The > problem with t7 being that we might get an interrupt after we restore the > registers and thus we trash the t7 right before the rti PAL call? Hmmm. > I think we only need to raise the IPL just before we do the bsr to > exception_restore_regs(), so it would only be raised for the length of the > register restore and the call_pal. I wonder if x86 has the same race condition > with %fs. We might need to be doing a 'cli' in doreti_exit just before we pop > %fs. This is not enough. There is an equivalent race when saving the registers. Also we can't raise IPL without trashing registers which adds to our problems. -- Doug Rabson Mail: dfr@nlsystems.com Phone: +44 20 8348 6160 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0104182147040.55816-100000>