Author: kib
Date: Mon May 27 18:26:08 2013
New Revision: 251033
URL: http://svnweb.freebsd.org/changeset/base/251033
Log:
When handling an exception from the attempt from loading the faulting
context on return from the trap handler, re-enable the interrupts on
i386 and amd64. The trap return path have to disable interrupts since
the sequence of loading the machine state is not atomic. The trap()
function which transfers the control to the special handler would
enable the interrupt, but an iret loads the previous eflags with PSL_I
clear. Then, the special handler calls trap() on its own, which now
sees the original eflags with PSL_I set and does not enable
interrupts.
The end result is that signal delivery and process exiting code could
be executed with interrupts disabled, which is generally wrong and
triggers several assertions.
For amd64, the interrupts are enabled conditionally based on PSL_I in
the eflags of the outer frame, as it is already done for
doreti_iret_fault. For i386, the interrupts are enabled
unconditionally, the ast loop could have opened a window with
interrupts enabled just before the iret anyway.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Modified:
head/sys/amd64/amd64/exception.S
head/sys/i386/i386/exception.s
Modified: head/sys/amd64/amd64/exception.S
==============================================================================
--- head/sys/amd64/amd64/exception.S Mon May 27 16:29:53 2013
(r251032)
+++ head/sys/amd64/amd64/exception.S Mon May 27 18:26:08 2013
(r251033)
@@ -818,6 +818,10 @@ doreti_iret_fault:
.globl ds_load_fault
ds_load_fault:
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movq %rsp,%rdi
call trap
movw $KUDSEL,TF_DS(%rsp)
@@ -827,6 +831,10 @@ ds_load_fault:
.globl es_load_fault
es_load_fault:
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movq %rsp,%rdi
call trap
movw $KUDSEL,TF_ES(%rsp)
@@ -835,6 +843,10 @@ es_load_fault:
ALIGN_TEXT
.globl fs_load_fault
fs_load_fault:
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movl $T_PROTFLT,TF_TRAPNO(%rsp)
movq %rsp,%rdi
call trap
@@ -846,6 +858,10 @@ fs_load_fault:
gs_load_fault:
popfq
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movq %rsp,%rdi
call trap
movw $KUG32SEL,TF_GS(%rsp)
@@ -855,6 +871,10 @@ gs_load_fault:
.globl fsbase_load_fault
fsbase_load_fault:
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movq %rsp,%rdi
call trap
movq PCPU(CURTHREAD),%r8
@@ -866,6 +886,10 @@ fsbase_load_fault:
.globl gsbase_load_fault
gsbase_load_fault:
movl $T_PROTFLT,TF_TRAPNO(%rsp)
+ testl $PSL_I,TF_RFLAGS(%rsp)
+ jz 1f
+ sti
+1:
movq %rsp,%rdi
call trap
movq PCPU(CURTHREAD),%r8
Modified: head/sys/i386/i386/exception.s
==============================================================================
--- head/sys/i386/i386/exception.s Mon May 27 16:29:53 2013
(r251032)
+++ head/sys/i386/i386/exception.s Mon May 27 18:26:08 2013
(r251033)
@@ -422,6 +422,7 @@ doreti_popl_es_fault:
pushl %fs
.globl doreti_popl_fs_fault
doreti_popl_fs_fault:
+ sti
movl $0,TF_ERR(%esp) /* XXX should be the error code */
movl $T_PROTFLT,TF_TRAPNO(%esp)
jmp alltraps_with_regs_pushed
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
