PR/53993 CVS commit: [netbsd-8] src/sys

To: maxv%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, fstd.lkml%gmail.com@localhost
Subject: PR/53993 CVS commit: [netbsd-8] src/sys
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Fri, 5 Apr 2019 07:50:01 +0000 (UTC)

The following reply was made to PR port-amd64/53993; it has been noted by GNATS.

From: "Martin Husemann" <martin%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/53993 CVS commit: [netbsd-8] src/sys
Date: Fri, 5 Apr 2019 07:48:05 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Fri Apr  5 07:48:05 UTC 2019

 Modified Files:
 	src/sys/arch/amd64/amd64 [netbsd-8]: machdep.c netbsd32_machdep.c
 	src/sys/compat/linux/arch/amd64 [netbsd-8]: linux_machdep.c
 	src/sys/compat/linux32/arch/amd64 [netbsd-8]: linux32_machdep.c

 Log Message:
 Pull up following revision(s) (requested by maxv):

 	sys/arch/amd64/amd64/netbsd32_machdep.c: revision 1.120
 	sys/compat/linux/arch/amd64/linux_machdep.c: revision 1.57
 	sys/compat/linux32/arch/amd64/linux32_machdep.c: revision 1.44
 	sys/arch/amd64/amd64/machdep.c: revision 1.328
 	sys/arch/amd64/amd64/machdep.c: revision 1.329

 Fix a tiny race in setregs and linux_setregs. Between the moment we set
 pcb_flags to zero, and the moment cpu_segregs64_zero resets pcb_gs, we may
 be preempted.

 If this happens, and if the calling LWP was a 32bit thread, when switching
 back to that LWP, the context switcher sees that PCB_COMPAT32 is not set in
 pcb_flags and tries to perform a 64bit context switch; but pcb_gs contains
 a 32bit GDT descriptor, and not a 64bit GS.base value. The wrmsr therefore
 faults because the value is non-canonical, and this fault is fatal.

 Rearrange the code so that the update of pcb_flags and pcb_gs/pcb_fs is non
 interruptible. This fixes the problem, tested with a reproducer (which
 therefore doesn't work anymore).

 Likely fixes PR/53993.

 Disable preemption when setting PCB_COMPAT32, to prevent a context switch
 before cpu_fsgs_reload() finishes, otherwise we write garbage in the GDT.

 On NetBSD-current it is harmless, however in NetBSD-8 it might cause
 panics, because NetBSD-8 uses the old SegRegs model and under this model
 we reload %fs and %gs during switches.

 To generate a diff of this commit:
 cvs rdiff -u -r1.255.6.8 -r1.255.6.9 src/sys/arch/amd64/amd64/machdep.c
 cvs rdiff -u -r1.105.2.2 -r1.105.2.3 \
     src/sys/arch/amd64/amd64/netbsd32_machdep.c
 cvs rdiff -u -r1.51.6.1 -r1.51.6.2 \
     src/sys/compat/linux/arch/amd64/linux_machdep.c
 cvs rdiff -u -r1.38.6.1 -r1.38.6.2 \
     src/sys/compat/linux32/arch/amd64/linux32_machdep.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: Re: port-amd64/37198 (NetBSD has limited hardware support for IBM x3755)
Next by Date: port-xen/54099: NetBSD 8.0_STABLE i386 domU fails to boot
Previous by Thread: Re: port-amd64/37198 (NetBSD has limited hardware support for IBM x3755)
Next by Thread: port-xen/54099: NetBSD 8.0_STABLE i386 domU fails to boot
Indexes:

Home | Main Index | Thread Index | Old Index