| commit | b25897b2b82410e3c93fd1ff80fad7884413cc72 | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Sat, 23 Oct 2010 16:43:18 +0000 (23 09:43 -0700) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Sat, 23 Oct 2010 16:43:18 +0000 (23 09:43 -0700) | ||
| tree | 663e471dd4b7bf14e8099ddb18f83223c1ca42d4 | treesnapshot (tar.gz zip) |
| parent | 4117f2fda70b263231a9c322c39f683c93615c3d | commitdiff |
kernel - Fix pmap deactivate/reactivation race.
* The LWKT thread switch code clears the cpu mask bit in
proc->p_vmspace->vm_pmap.pm_active, and the switch-in code sets the
mask bit.
This code has a bug because the switch code ALSO optimizes the loading
of %cr3 to avoid reloading it if it hasn't changed, for example when
switching between two user threads associated with the process,
because the other cpu(s) running similar threads may lose track of
the fact that our cpu also needs an IPI for page invalidations in the
pmap for a short period of time.
Because we don't reload %cr3 in this case, our tlb can become invalid.
This can also occur with vfork() sequences.
* Fix by testing that we are switching to the same vmspace and do not
clear the pm_active bit in that case. Retain the %cr3 optimization.
* The LWKT thread switch code clears the cpu mask bit in
proc->p_vmspace->vm_pmap.pm_active, and the switch-in code sets the
mask bit.
This code has a bug because the switch code ALSO optimizes the loading
of %cr3 to avoid reloading it if it hasn't changed, for example when
switching between two user threads associated with the process,
because the other cpu(s) running similar threads may lose track of
the fact that our cpu also needs an IPI for page invalidations in the
pmap for a short period of time.
Because we don't reload %cr3 in this case, our tlb can become invalid.
This can also occur with vfork() sequences.
* Fix by testing that we are switching to the same vmspace and do not
clear the pm_active bit in that case. Retain the %cr3 optimization.