src-test2/sys/arm/include, branch releng/6.3FreeBSD source treehttps://cgit-dev.freebsd.org/src-test2/atom?h=releng%2F6.32007-12-07T22:08:02ZMFC:2007-12-07T22:08:02ZOlivier Houchardcognet@FreeBSD.org2007-12-07T22:08:02Zurn:sha1:a86845d51eace6601c07cba9c037814493b45539
sys/arm/include/asmacros.h rev 1.7
sys/arm/include/atomic.h rev 1.23
Close a race.
The RAS implementation would set the end address, then the start
address. These were used by the kernel to restart a RAS sequence if
it was interrupted. When the thread switching code ran, it would
check these values and adjust the PC and clear them if it did.
However, there's a small flaw in this scheme. Thread T1, sets the end
address and gets preempted. Thread T2 runs and also does a RAS
operation. This resets end to zero. Thread T1 now runs again and
sets start and then begins the RAS sequence, but is preempted before
the RAS sequence executes its last instruction. The kernel code that
would ordinarily restart the RAS sequence doesn't because the PC isn't
between start and 0, so the PC isn't set to the start of the sequence.
So when T1 is resumed again, it is at the wrong location for RAS to
produce the correct results. This causes the wrong results for the
atomic sequence.
The window for the first race is 3 instructions. The window for the
second race is 5-10 instructions depending on the atomic operation.
This makes this failure fairly rare and hard to reproduce.
Mutexs are implemented in libthr using atomic operations. When the
above race would occur, a lock could get stuck locked, causing many
downstream problems, as you might expect.
Also, make sure to reset the start and end address when doing a syscall, or
a malicious process could set them before doing a syscall.
Reviewed by: imp, ups (thanks guys)
Approved by: re (kensmith)
Pointy hat to: cognet
MFC the reimplementation of ARM_USE_SMALL_ALLOC.2007-10-16T21:24:44ZOlivier Houchardcognet@FreeBSD.org2007-10-16T21:24:44Zurn:sha1:1d5f266e83c5c3bb05c9d5564e9dc8a66b05f3b1MFC:2007-02-26T23:23:31ZOlivier Houchardcognet@FreeBSD.org2007-02-26T23:23:31Zurn:sha1:e01607951d55802cf0d437a4a02a5e188f65999c
bounce pages for arm.
MFC: Big endian support.2007-02-26T01:05:01ZOlivier Houchardcognet@FreeBSD.org2007-02-26T01:05:01Zurn:sha1:afe7ebb4b3ed3b7b75c6bc0ab3bfe649838b591bMFC (in preparation for IXP425 support):2007-02-25T23:09:51ZOlivier Houchardcognet@FreeBSD.org2007-02-25T23:09:51Zurn:sha1:245abf396af69489f90da3452141c65aecd888c7
Use the good prototype for bus_space_unmap().
Add stream operations.
MFC: Also need do_pseudo from -current. Doh!2006-07-19T21:53:36ZWarner Loshimp@FreeBSD.org2006-07-19T21:53:36Zurn:sha1:407322bf2c373375d613562973854e19d294cc19MFC: Merge the change from inline function to prototype.2006-07-19T21:41:51ZWarner Loshimp@FreeBSD.org2006-07-19T21:41:51Zurn:sha1:145541c5f616588e6edc991d0b417a086830dafeMFC: Define the magic number for the ELF trampoline.2006-06-30T21:42:52ZOlivier Houchardcognet@FreeBSD.org2006-06-30T21:42:52Zurn:sha1:9b2e02931b502384351ca2298fbd482ae67eb864MFC: Use a 64 bits time_t for arm. For Releng6, this also require to use a2006-06-23T23:41:05ZOlivier Houchardcognet@FreeBSD.org2006-06-23T23:41:05Zurn:sha1:4eae44a7c8ac5e1607fd457983c9d0512458a5f0
time_t instead of a long for the tv_sec field of the struct timeval (for
arm only).
This is a big ABI breakage, but there's no FreeBSD/arm RELENG6 users beside
me as far as I know, so it's better if it happens now, when I'm the only
one to get annoyed. Without this, we couldn't load 6 binaries on 7.
MFC: a bunch of fixes/enhancements for the pmap subsystem.2006-06-23T17:41:02ZOlivier Houchardcognet@FreeBSD.org2006-06-23T17:41:02Zurn:sha1:9f3bff8d2902a9f727861eaee7ab689e5f436539