NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-arm/41552: lwp_trampoline missused in cpu_setfunc



>Number:         41552
>Category:       port-arm
>Synopsis:       lwp_trampoline missused in cpu_setfunc
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-arm-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 07 20:05:00 +0000 2009
>Originator:     Martin Husemann
>Release:        NetBSD 5.0_STABLE
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD night-porter.duskware.de 5.0_STABLE NetBSD 5.0_STABLE (PORTER) 
#10: Sun May 24 14:53:26 CEST 2009 
martin%night-porter.duskware.de@localhost:/usr/src-5/sys/arch/i386/compile/PORTER
 i386
Architecture: i386
Machine: i386
>Description:

The cpu_setfunc() function abuses lwp_trampoline, which is not a valid thing
to do after the latter started calling lwp_startup().

I do not understand where the %r0 and %r1 arguments (oldlwp and newlwp) to
lwp_startup() come from, so I did not dare to touch it myself.

>How-To-Repeat:
code inspection

>Fix:
Something like the patch below - untested, and due to lack of understanding
of the current situation probably wrong...

Index: cpuswitch.S
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/arm32/cpuswitch.S,v
retrieving revision 1.59
diff -c -u -r1.59 cpuswitch.S
--- cpuswitch.S 19 Nov 2008 06:34:21 -0000      1.59
+++ cpuswitch.S 7 Jun 2009 19:53:56 -0000
@@ -345,6 +345,7 @@
         */
        bl      _C_LABEL(lwp_startup)
 
+ENTRY(setfunc_trampoline)
        mov     r0, r5
        mov     r1, sp
        mov     lr, pc
Index: vm_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/arm32/vm_machdep.c,v
retrieving revision 1.49
diff -c -u -r1.49 vm_machdep.c
--- vm_machdep.c        14 Mar 2009 21:04:05 -0000      1.49
+++ vm_machdep.c        7 Jun 2009 19:53:56 -0000
@@ -79,6 +79,7 @@
 int process_read_fpregs(struct proc *p, struct fpreg *regs);
 
 void lwp_trampoline(void);
+void setfunc_trampoline(void);
 
 /*
  * Special compilation symbols:
@@ -112,7 +113,7 @@
        sf->sf_r4 = (u_int)func;
        sf->sf_r5 = (u_int)arg;
        sf->sf_sp = (u_int)tf;
-       sf->sf_pc = (u_int)lwp_trampoline;
+       sf->sf_pc = (u_int)setfunc_trampoline;
        pcb->pcb_un.un_32.pcb32_sp = (u_int)sf;
 }
 
@@ -134,6 +135,7 @@
 {
        struct pcb *pcb = &l2->l_addr->u_pcb;
        struct trapframe *tf;
+       struct switchframe *sf;
 
 #ifdef PMAP_DEBUG
        if (pmap_debug_level >= 0)
@@ -200,7 +202,11 @@
        if (stack != NULL)
                tf->tf_usr_sp = (u_int)stack + stacksize;
 
-       cpu_setfunc(l2, func, arg);
+       sf->sf_r4 = (u_int)func;
+       sf->sf_r5 = (u_int)arg;
+       sf->sf_sp = (u_int)tf;
+       sf->sf_pc = (u_int)lwp_trampoline;
+       pcb->pcb_un.un_32.pcb32_sp = (u_int)sf;
 }
 
 /*



Home | Main Index | Thread Index | Old Index