Re: git: 76ff03aef741 - main - powerpc: Fix copyin/copyout race condition

Brandon Bergren bdragon at FreeBSD.org
Wed Dec 30 23:00:33 UTC 2020 

Approved-By: bdragon (in IRC)

On Wed, Dec 30, 2020, at 4:45 PM, Piotr Kubaj wrote:
> The branch main has been updated by pkubaj (ports committer):
> 
> URL: 
> https://cgit.FreeBSD.org/src/commit/?id=76ff03aef7411e601673dfc997bd6d691bd9a14e
> 
> commit 76ff03aef7411e601673dfc997bd6d691bd9a14e
> Author:     Justin Hibbits <chmeeedalf at gmail.com>
> AuthorDate: 2020-12-08 22:49:25 +0000
> Commit:     Piotr Kubaj <pkubaj at FreeBSD.org>
> CommitDate: 2020-12-30 22:45:44 +0000
> 
>     powerpc: Fix copyin/copyout race condition
>     
>     It's possible for a context switch, and CPU migration, to occur between
>     fetching the PCPU context and extracting the pc_curpcb.  This can cause
>     the fault handler to be installed for the wrong thread, leading to a
>     panic in copyin()/copyout().  Since curthread is already in %r13, just
>     use that directly, as GPRs are migrated, so there is no migration race
>     risk.
> ---
>  sys/powerpc/powerpc/support.S | 16 ++++++----------
>  1 file changed, 6 insertions(+), 10 deletions(-)
> 
> diff --git a/sys/powerpc/powerpc/support.S b/sys/powerpc/powerpc/support.S
> index 9ff1bcc02437..10d3192972d5 100644
> --- a/sys/powerpc/powerpc/support.S
> +++ b/sys/powerpc/powerpc/support.S
> @@ -61,6 +61,7 @@
>  /* log_2(8 * WORD) */
>  #define	LOOP_LOG	6
>  #define	LOG_WORD	3
> +#define	CURTHREAD	%r13
>  #else
>  #define	LOAD	lwz
>  #define	STORE	stw
> @@ -70,6 +71,7 @@
>  /* log_2(8 * WORD) */
>  #define	LOOP_LOG	5
>  #define	LOG_WORD	2
> +#define	CURTHREAD	%r2
>  #endif
>  
>  #ifdef AIM
> @@ -149,32 +151,26 @@
>  
>  #endif
>  
> -#define PCPU(reg) mfsprg  reg, 0
> -
>  #define	SET_COPYFAULT(raddr, rpcb, len)	\
>  	VALIDATE_ADDR_COPY(raddr, len)	;\
> -	PCPU(%r9)			;\
>  	li	%r0, COPYFAULT		;\
> -	LOAD	rpcb, PC_CURPCB(%r9)	;\
> +	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
>  	STORE	%r0, PCB_ONFAULT(rpcb)	;\
>  
>  #define	SET_COPYFAULT_TRUNCATE(raddr, rpcb, len)\
>  	VALIDATE_TRUNCATE_ADDR_COPY(raddr, len)	;\
> -	PCPU(%r9)				;\
>  	li	%r0, COPYFAULT			;\
> -	LOAD	rpcb, PC_CURPCB(%r9)		;\
> +	LOAD	rpcb, TD_PCB(CURTHREAD)		;\
>  	STORE	%r0, PCB_ONFAULT(rpcb)
>  
>  #define	SET_FUSUFAULT(raddr, rpcb)	\
>  	VALIDATE_ADDR_FUSU(raddr)	;\
> -	PCPU(%r9)			;\
>  	li	%r0, FUSUFAULT		;\
> -	LOAD	rpcb, PC_CURPCB(%r9)	;\
> +	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
>  	STORE	%r0, PCB_ONFAULT(rpcb)
>  
>  #define	CLEAR_FAULT_NO_CLOBBER(rpcb)	\
> -	PCPU(%r9)			;\
> -	LOAD	rpcb, PC_CURPCB(%r9)	;\
> +	LOAD	rpcb, TD_PCB(CURTHREAD)	;\
>  	li	%r0, 0			;\
>  	STORE	%r0, PCB_ONFAULT(rpcb)
>  
>

-- 
  Brandon Bergren
  bdragon at FreeBSD.org

More information about the dev-commits-src-main mailing list