git: 76ff03aef741 - main - powerpc: Fix copyin/copyout race condition

Wed, 30 Dec 2020 14:46:01 -0800 

The branch main has been updated by pkubaj (ports committer):

URL: 
https://cgit.FreeBSD.org/src/commit/?id=76ff03aef7411e601673dfc997bd6d691bd9a14e

commit 76ff03aef7411e601673dfc997bd6d691bd9a14e
Author:     Justin Hibbits <chmeeed...@gmail.com>
AuthorDate: 2020-12-08 22:49:25 +0000
Commit:     Piotr Kubaj <pku...@freebsd.org>
CommitDate: 2020-12-30 22:45:44 +0000

    powerpc: Fix copyin/copyout race condition
    
    It's possible for a context switch, and CPU migration, to occur between
    fetching the PCPU context and extracting the pc_curpcb.  This can cause
    the fault handler to be installed for the wrong thread, leading to a
    panic in copyin()/copyout().  Since curthread is already in %r13, just
    use that directly, as GPRs are migrated, so there is no migration race
    risk.
---
 sys/powerpc/powerpc/support.S | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/sys/powerpc/powerpc/support.S b/sys/powerpc/powerpc/support.S
index 9ff1bcc02437..10d3192972d5 100644
--- a/sys/powerpc/powerpc/support.S
+++ b/sys/powerpc/powerpc/support.S
@@ -61,6 +61,7 @@
 /* log_2(8 * WORD) */
 #define        LOOP_LOG        6
 #define        LOG_WORD        3
+#define        CURTHREAD       %r13
 #else
 #define        LOAD    lwz
 #define        STORE   stw
@@ -70,6 +71,7 @@
 /* log_2(8 * WORD) */
 #define        LOOP_LOG        5
 #define        LOG_WORD        2
+#define        CURTHREAD       %r2
 #endif
 
 #ifdef AIM
@@ -149,32 +151,26 @@
 
 #endif
 
-#define PCPU(reg) mfsprg  reg, 0
-
 #define        SET_COPYFAULT(raddr, rpcb, len) \
        VALIDATE_ADDR_COPY(raddr, len)  ;\
-       PCPU(%r9)                       ;\
        li      %r0, COPYFAULT          ;\
-       LOAD    rpcb, PC_CURPCB(%r9)    ;\
+       LOAD    rpcb, TD_PCB(CURTHREAD) ;\
        STORE   %r0, PCB_ONFAULT(rpcb)  ;\
 
 #define        SET_COPYFAULT_TRUNCATE(raddr, rpcb, len)\
        VALIDATE_TRUNCATE_ADDR_COPY(raddr, len) ;\
-       PCPU(%r9)                               ;\
        li      %r0, COPYFAULT                  ;\
-       LOAD    rpcb, PC_CURPCB(%r9)            ;\
+       LOAD    rpcb, TD_PCB(CURTHREAD)         ;\
        STORE   %r0, PCB_ONFAULT(rpcb)
 
 #define        SET_FUSUFAULT(raddr, rpcb)      \
        VALIDATE_ADDR_FUSU(raddr)       ;\
-       PCPU(%r9)                       ;\
        li      %r0, FUSUFAULT          ;\
-       LOAD    rpcb, PC_CURPCB(%r9)    ;\
+       LOAD    rpcb, TD_PCB(CURTHREAD) ;\
        STORE   %r0, PCB_ONFAULT(rpcb)
 
 #define        CLEAR_FAULT_NO_CLOBBER(rpcb)    \
-       PCPU(%r9)                       ;\
-       LOAD    rpcb, PC_CURPCB(%r9)    ;\
+       LOAD    rpcb, TD_PCB(CURTHREAD) ;\
        li      %r0, 0                  ;\
        STORE   %r0, PCB_ONFAULT(rpcb)
 
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"

Reply via email to