diff options
| author | kib <kib@FreeBSD.org> | 2014-11-18 12:53:32 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2014-11-18 12:53:32 +0000 |
| commit | e4b2ee7e2b8167b0254356fea784913422730087 (patch) | |
| tree | 90629f2d3f2351fa1eca5e7a9a55006c51a375a9 | |
| parent | 96205db8c06612ea266eacb9d710b26e6ec5d225 (diff) | |
| download | FreeBSD-src-e4b2ee7e2b8167b0254356fea784913422730087.zip FreeBSD-src-e4b2ee7e2b8167b0254356fea784913422730087.tar.gz | |
Merge the fueword(9) and casueword(9). In particular,
MFC r273783:
Add fueword(9) and casueword(9) functions.
MFC note: ia64 is handled like arm, with NO_FUEWORD define.
MFC r273784:
Replace some calls to fuword() by fueword() with proper error checking.
MFC r273785:
Convert kern_umtx.c to use fueword() and casueword().
MFC note: the sys__umtx_lock and sys__umtx_unlock syscalls are not
converted, they are removed from HEAD, and not used. The do_sem2*()
family is not yet merged to stable/10, corresponding chunk will be
merged after do_sem2* are committed.
MFC r273788 (by jkim):
Actually install casuword(9) to fix build.
MFC r273911:
Add type qualifier volatile to the base (userspace) address argument
of fuword(9) and suword(9).
| -rw-r--r-- | share/man/man9/Makefile | 9 | ||||
| -rw-r--r-- | share/man/man9/casuword.9 | 95 | ||||
| -rw-r--r-- | share/man/man9/fetch.9 | 72 | ||||
| -rw-r--r-- | share/man/man9/store.9 | 14 | ||||
| -rw-r--r-- | sys/amd64/amd64/support.S | 77 | ||||
| -rw-r--r-- | sys/amd64/ia32/ia32_syscall.c | 12 | ||||
| -rw-r--r-- | sys/arm/include/param.h | 4 | ||||
| -rw-r--r-- | sys/compat/freebsd32/freebsd32_misc.c | 11 | ||||
| -rw-r--r-- | sys/i386/i386/support.s | 30 | ||||
| -rw-r--r-- | sys/i386/i386/trap.c | 11 | ||||
| -rw-r--r-- | sys/ia64/include/param.h | 4 | ||||
| -rw-r--r-- | sys/kern/kern_exec.c | 26 | ||||
| -rw-r--r-- | sys/kern/kern_umtx.c | 546 | ||||
| -rw-r--r-- | sys/kern/subr_uio.c | 130 | ||||
| -rw-r--r-- | sys/kern/vfs_acl.c | 8 | ||||
| -rw-r--r-- | sys/mips/include/param.h | 4 | ||||
| -rw-r--r-- | sys/net/if_spppsubr.c | 3 | ||||
| -rw-r--r-- | sys/powerpc/powerpc/copyinout.c | 118 | ||||
| -rw-r--r-- | sys/sparc64/include/param.h | 4 | ||||
| -rw-r--r-- | sys/sys/systm.h | 29 |
20 files changed, 861 insertions, 346 deletions
diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 66e0027..c7140e2 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -46,6 +46,7 @@ MAN= accept_filter.9 \ BUS_SETUP_INTR.9 \ bus_space.9 \ byteorder.9 \ + casuword.9 \ cd.9 \ condvar.9 \ config_intrhook.9 \ @@ -566,6 +567,9 @@ MLINKS+=condvar.9 cv_broadcast.9 \ MLINKS+=config_intrhook.9 config_intrhook_disestablish.9 \ config_intrhook.9 config_intrhook_establish.9 MLINKS+=contigmalloc.9 contigfree.9 +MLINKS+=casuword.9 casueword.9 \ + casuword.9 casueword32.9 \ + casuword.9 casuword32.9 MLINKS+=copy.9 copyin.9 \ copy.9 copyin_nofault.9 \ copy.9 copyinstr.9 \ @@ -668,7 +672,10 @@ MLINKS+=fetch.9 fubyte.9 \ fetch.9 fuword.9 \ fetch.9 fuword16.9 \ fetch.9 fuword32.9 \ - fetch.9 fuword64.9 + fetch.9 fuword64.9 \ + fetch.9 fueword.9 \ + fetch.9 fueword32.9 \ + fetch.9 fueword64.9 MLINKS+=fpu_kern.9 fpu_kern_alloc_ctx.9 \ fpu_kern.9 fpu_kern_free_ctx.9 \ fpu_kern.9 fpu_kern_enter.9 \ diff --git a/share/man/man9/casuword.9 b/share/man/man9/casuword.9 new file mode 100644 index 0000000..34a0f1d --- /dev/null +++ b/share/man/man9/casuword.9 @@ -0,0 +1,95 @@ +.\" Copyright (c) 2014 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" Part of this documentation was written by +.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship +.\" from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd October 21, 2014 +.Dt CASU 9 +.Os +.Sh NAME +.Nm casueword , +.Nm casueword32 , +.Nm casuword , +.Nm casuword32 +.Nd fetch, compare and store data from user-space +.Sh SYNOPSIS +.In sys/types.h +.In sys/systm.h +.Ft int +.Fn casueword "volatile u_long *base" "u_long oldval" "u_long *oldvalp" "u_long newval" +.Ft int +.Fn casueword32 "volatile uint32_t *base" "uint32_t oldval" "uint32_t *oldvalp" "uint32_t newval" +.Ft u_long +.Fn casuword "volatile u_long *base" "u_long oldval" "u_long newval" +.Ft uint32_t +.Fn casuword32 "volatile uint32_t *base" "uint32_t oldval" "uint32_t newval" +.Sh DESCRIPTION +The +.Nm +functions are designed to perform atomic compare-and-swap operation on +the value in the usermode memory of the current process. +.Pp +The +.Nm +routines reads the value from user memory with address +.Pa base , +and compare the value read with +.Pa oldval . +If the values are equal, +.Pa newval +is written to the +.Pa *base . +In case of +.Fn casueword32 +and +.Fn casueword , +old value is stored into the (kernel-mode) variable pointed by +.Pa *oldvalp . +The userspace value must be naturally aligned. +.Pp +The callers of +.Fn casuword +and +.Fn casuword32 +functions cannot distinguish between -1 read from +userspace and function failure. +.Sh RETURN VALUES +The +.Fn casuword +and +.Fn casuword32 +functions return the data fetched or -1 on failure. +The +.Fn casueword +and +.Fn casueword32 +functions return 0 on success and -1 on failure. +.Sh SEE ALSO +.Xr atomic 9 , +.Xr fetch 9 , +.Xr store 9 diff --git a/share/man/man9/fetch.9 b/share/man/man9/fetch.9 index ccf6866..1d46784 100644 --- a/share/man/man9/fetch.9 +++ b/share/man/man9/fetch.9 @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 5, 2009 +.Dd October 29, 2014 .Dt FETCH 9 .Os .Sh NAME @@ -44,43 +44,56 @@ .Nm fuword , .Nm fuword16 , .Nm fuword32 , -.Nm fuword64 +.Nm fuword64 , +.Nm fueword , +.Nm fueword32 , +.Nm fueword64 .Nd fetch data from user-space .Sh SYNOPSIS .In sys/types.h -.In sys/time.h .In sys/systm.h .Ft int -.Fn fubyte "const void *base" +.Fn fubyte "volatile const void *base" .Ft long -.Fn fuword "const void *base" +.Fn fuword "volatile const void *base" .Ft int -.Fn fuword16 "void *base" +.Fn fuword16 "volatile const void *base" .Ft int32_t -.Fn fuword32 "const void *base" +.Fn fuword32 "volatile const void *base" .Ft int64_t -.Fn fuword64 "const void *base" +.Fn fuword64 "volatile const void *base" +.Ft long +.Fn fueword "volatile const void *base" "long *val" +.Ft int32_t +.Fn fueword32 "volatile const void *base" "int32_t *val" +.Ft int64_t +.Fn fueword64 "volatile const void *base" "int64_t *val" .In sys/resourcevar.h .Ft int .Fn fuswintr "void *base" .Sh DESCRIPTION The .Nm -functions are designed to copy small amounts of data from user-space. +functions are designed to copy small amounts of data from user-space +of the current process. +If read is successful, it is performed atomically. +The data read must be naturally aligned. .Pp The .Nm routines provide the following functionality: -.Bl -tag -width "fuswintr()" +.Bl -tag -width "fueword32()" .It Fn fubyte Fetches a byte of data from the user-space address .Pa base . +The byte read is zero-extended into the results variable. .It Fn fuword -Fetches a word of data from the user-space address +Fetches a word of data (long) from the user-space address .Pa base . .It Fn fuword16 Fetches 16 bits of data from the user-space address .Pa base . +The half-word read is zero-extended into the results variable. .It Fn fuword32 Fetches 32 bits of data from the user-space address .Pa base . @@ -91,11 +104,46 @@ Fetches 64 bits of data from the user-space address Fetches a short word of data from the user-space address .Pa base . This function is safe to call during an interrupt context. +.It Fn fueword +Fetches a word of data (long) from the user-space address +.Pa base +and stores the result in the variable pointed by +.Pa val . +.It Fn fueword32 +Fetches 32 bits of data from the user-space address +.Pa base +and stores the result in the variable pointed by +.Pa val . +.It Fn fueword64 +Fetches 64 bits of data from the user-space address +.Pa base +and stores the result in the variable pointed by +.Pa val . .El +.Pp +The callers of +.Fn fuword , +.Fn fuword32 +and +.Fn fuword64 +functions cannot distinguish between -1 read from +userspace and function failure. .Sh RETURN VALUES The -.Nm +.Fn fubyte , +.Fn fuword , +.Fn fuword16 , +.Fn fuword32 , +.Fn fuword64 , +and +.Fn fuswintr functions return the data fetched or -1 on failure. +The +.Fn fueword , +.Fn fueword32 +and +.Fn fueword64 +functions return 0 on success and -1 on failure. .Sh SEE ALSO .Xr copy 9 , .Xr store 9 diff --git a/share/man/man9/store.9 b/share/man/man9/store.9 index d333eff..cc442f2 100644 --- a/share/man/man9/store.9 +++ b/share/man/man9/store.9 @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 5, 2009 +.Dd October 29, 2014 .Dt STORE 9 .Os .Sh NAME @@ -48,15 +48,15 @@ .In sys/time.h .In sys/systm.h .Ft int -.Fn subyte "void *base" "int byte" +.Fn subyte "volatile void *base" "int byte" .Ft int -.Fn suword "void *base" "long word" +.Fn suword "volatile void *base" "long word" .Ft int -.Fn suword16 "void *base" "int word" +.Fn suword16 "volatile void *base" "int word" .Ft int -.Fn suword32 "void *base" "int32_t word" +.Fn suword32 "volatile void *base" "int32_t word" .Ft int -.Fn suword64 "void *base" "int64_t word" +.Fn suword64 "volatile void *base" "int64_t word" .In sys/resourcevar.h .Ft int .Fn suswintr "void *base" "int word" @@ -64,6 +64,8 @@ The .Nm functions are designed to copy small amounts of data to user-space. +If write is successful, it is performed atomically. +The data written must be naturally aligned. .Pp The .Nm diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S index 4897367..50e653d 100644 --- a/sys/amd64/amd64/support.S +++ b/sys/amd64/amd64/support.S @@ -312,12 +312,13 @@ copyin_fault: END(copyin) /* - * casuword32. Compare and set user integer. Returns -1 or the current value. - * dst = %rdi, old = %rsi, new = %rdx + * casueword32. Compare and set user integer. Returns -1 on fault, + * 0 if access was successful. Old value is written to *oldp. + * dst = %rdi, old = %esi, oldp = %rdx, new = %ecx */ -ENTRY(casuword32) - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) +ENTRY(casueword32) + movq PCPU(CURPCB),%r8 + movq $fusufault,PCB_ONFAULT(%r8) movq $VM_MAXUSER_ADDRESS-4,%rax cmpq %rax,%rdi /* verify address is valid */ @@ -327,26 +328,34 @@ ENTRY(casuword32) #ifdef SMP lock #endif - cmpxchgl %edx,(%rdi) /* new = %edx */ + cmpxchgl %ecx,(%rdi) /* new = %ecx */ /* * The old value is in %eax. If the store succeeded it will be the * value we expected (old) from before the store, otherwise it will - * be the current value. + * be the current value. Save %eax into %esi to prepare the return + * value. */ + movl %eax,%esi + xorl %eax,%eax + movq %rax,PCB_ONFAULT(%r8) - movq PCPU(CURPCB),%rcx - movq $0,PCB_ONFAULT(%rcx) + /* + * Access the oldp after the pcb_onfault is cleared, to correctly + * catch corrupted pointer. + */ + movl %esi,(%rdx) /* oldp = %rdx */ ret -END(casuword32) +END(casueword32) /* - * casuword. Compare and set user word. Returns -1 or the current value. - * dst = %rdi, old = %rsi, new = %rdx + * casueword. Compare and set user long. Returns -1 on fault, + * 0 if access was successful. Old value is written to *oldp. + * dst = %rdi, old = %rsi, oldp = %rdx, new = %rcx */ -ENTRY(casuword) - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) +ENTRY(casueword) + movq PCPU(CURPCB),%r8 + movq $fusufault,PCB_ONFAULT(%r8) movq $VM_MAXUSER_ADDRESS-4,%rax cmpq %rax,%rdi /* verify address is valid */ @@ -356,28 +365,28 @@ ENTRY(casuword) #ifdef SMP lock #endif - cmpxchgq %rdx,(%rdi) /* new = %rdx */ + cmpxchgq %rcx,(%rdi) /* new = %rcx */ /* - * The old value is in %eax. If the store succeeded it will be the + * The old value is in %rax. If the store succeeded it will be the * value we expected (old) from before the store, otherwise it will * be the current value. */ - - movq PCPU(CURPCB),%rcx - movq $fusufault,PCB_ONFAULT(%rcx) - movq $0,PCB_ONFAULT(%rcx) + movq %rax,%rsi + xorl %eax,%eax + movq %rax,PCB_ONFAULT(%r8) + movq %rsi,(%rdx) ret -END(casuword) +END(casueword) /* * Fetch (load) a 64-bit word, a 32-bit word, a 16-bit word, or an 8-bit - * byte from user memory. All these functions are MPSAFE. - * addr = %rdi + * byte from user memory. + * addr = %rdi, valp = %rsi */ -ALTENTRY(fuword64) -ENTRY(fuword) +ALTENTRY(fueword64) +ENTRY(fueword) movq PCPU(CURPCB),%rcx movq $fusufault,PCB_ONFAULT(%rcx) @@ -385,13 +394,15 @@ ENTRY(fuword) cmpq %rax,%rdi /* verify address is valid */ ja fusufault - movq (%rdi),%rax - movq $0,PCB_ONFAULT(%rcx) + xorl %eax,%eax + movq (%rdi),%r11 + movq %rax,PCB_ONFAULT(%rcx) + movq %r11,(%rsi) ret END(fuword64) END(fuword) -ENTRY(fuword32) +ENTRY(fueword32) movq PCPU(CURPCB),%rcx movq $fusufault,PCB_ONFAULT(%rcx) @@ -399,10 +410,12 @@ ENTRY(fuword32) cmpq %rax,%rdi /* verify address is valid */ ja fusufault - movl (%rdi),%eax - movq $0,PCB_ONFAULT(%rcx) + xorl %eax,%eax + movl (%rdi),%r11d + movq %rax,PCB_ONFAULT(%rcx) + movl %r11d,(%rsi) ret -END(fuword32) +END(fueword32) /* * fuswintr() and suswintr() are specialized variants of fuword16() and diff --git a/sys/amd64/ia32/ia32_syscall.c b/sys/amd64/ia32/ia32_syscall.c index 0cdec6f..92249f9 100644 --- a/sys/amd64/ia32/ia32_syscall.c +++ b/sys/amd64/ia32/ia32_syscall.c @@ -110,7 +110,7 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) struct proc *p; struct trapframe *frame; caddr_t params; - u_int32_t args[8]; + u_int32_t args[8], tmp; int error, i; p = td->td_proc; @@ -126,7 +126,10 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) /* * Code is first argument, followed by actual args. */ - sa->code = fuword32(params); + error = fueword32(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(int); } else if (sa->code == SYS___syscall) { /* @@ -135,7 +138,10 @@ ia32_fetch_syscall_args(struct thread *td, struct syscall_args *sa) * We use a 32-bit fetch in case params is not * aligned. */ - sa->code = fuword32(params); + error = fueword32(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(quad_t); } if (p->p_sysent->sv_mask) diff --git a/sys/arm/include/param.h b/sys/arm/include/param.h index 4a64607..6267154 100644 --- a/sys/arm/include/param.h +++ b/sys/arm/include/param.h @@ -149,4 +149,8 @@ #define pgtok(x) ((x) * (PAGE_SIZE / 1024)) +#ifdef _KERNEL +#define NO_FUEWORD 1 +#endif + #endif /* !_ARM_INCLUDE_PARAM_H_ */ diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c index ff72aad..eeb8347 100644 --- a/sys/compat/freebsd32/freebsd32_misc.c +++ b/sys/compat/freebsd32/freebsd32_misc.c @@ -1924,16 +1924,21 @@ freebsd32_sysctl(struct thread *td, struct freebsd32_sysctl_args *uap) { int error, name[CTL_MAXNAME]; size_t j, oldlen; + uint32_t tmp; if (uap->namelen > CTL_MAXNAME || uap->namelen < 2) return (EINVAL); error = copyin(uap->name, name, uap->namelen * sizeof(int)); if (error) return (error); - if (uap->oldlenp) - oldlen = fuword32(uap->oldlenp); - else + if (uap->oldlenp) { + error = fueword32(uap->oldlenp, &tmp); + oldlen = tmp; + } else { oldlen = 0; + } + if (error != 0) + return (EFAULT); error = userland_sysctl(td, name, uap->namelen, uap->old, &oldlen, 1, uap->new, uap->newlen, &j, SCTL_MASK32); diff --git a/sys/i386/i386/support.s b/sys/i386/i386/support.s index c126f78..0a08012 100644 --- a/sys/i386/i386/support.s +++ b/sys/i386/i386/support.s @@ -389,16 +389,16 @@ copyin_fault: ret /* - * casuword. Compare and set user word. Returns -1 or the current value. + * casueword. Compare and set user word. Returns -1 on fault, + * 0 on non-faulting access. The current value is in *oldp. */ - -ALTENTRY(casuword32) -ENTRY(casuword) +ALTENTRY(casueword32) +ENTRY(casueword) movl PCPU(CURPCB),%ecx movl $fusufault,PCB_ONFAULT(%ecx) movl 4(%esp),%edx /* dst */ movl 8(%esp),%eax /* old */ - movl 12(%esp),%ecx /* new */ + movl 16(%esp),%ecx /* new */ cmpl $VM_MAXUSER_ADDRESS-4,%edx /* verify address is valid */ ja fusufault @@ -416,17 +416,20 @@ ENTRY(casuword) movl PCPU(CURPCB),%ecx movl $0,PCB_ONFAULT(%ecx) + movl 12(%esp),%edx /* oldp */ + movl %eax,(%edx) + xorl %eax,%eax ret -END(casuword32) -END(casuword) +END(casueword32) +END(casueword) /* * Fetch (load) a 32-bit word, a 16-bit word, or an 8-bit byte from user - * memory. All these functions are MPSAFE. + * memory. */ -ALTENTRY(fuword32) -ENTRY(fuword) +ALTENTRY(fueword32) +ENTRY(fueword) movl PCPU(CURPCB),%ecx movl $fusufault,PCB_ONFAULT(%ecx) movl 4(%esp),%edx /* from */ @@ -436,9 +439,12 @@ ENTRY(fuword) movl (%edx),%eax movl $0,PCB_ONFAULT(%ecx) + movl 8(%esp),%edx + movl %eax,(%edx) + xorl %eax,%eax ret -END(fuword32) -END(fuword) +END(fueword32) +END(fueword) /* * fuswintr() and suswintr() are specialized variants of fuword16() and diff --git a/sys/i386/i386/trap.c b/sys/i386/i386/trap.c index e654fe0..152addf 100644 --- a/sys/i386/i386/trap.c +++ b/sys/i386/i386/trap.c @@ -1062,6 +1062,7 @@ cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa) struct proc *p; struct trapframe *frame; caddr_t params; + long tmp; int error; p = td->td_proc; @@ -1077,14 +1078,20 @@ cpu_fetch_syscall_args(struct thread *td, struct syscall_args *sa) /* * Code is first argument, followed by actual args. */ - sa->code = fuword(params); + error = fueword(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(int); } else if (sa->code == SYS___syscall) { /* * Like syscall, but code is a quad, so as to maintain * quad alignment for the rest of the arguments. */ - sa->code = fuword(params); + error = fueword(params, &tmp); + if (error == -1) + return (EFAULT); + sa->code = tmp; params += sizeof(quad_t); } diff --git a/sys/ia64/include/param.h b/sys/ia64/include/param.h index a260a75..8514326 100644 --- a/sys/ia64/include/param.h +++ b/sys/ia64/include/param.h @@ -121,4 +121,8 @@ #define pgtok(x) ((x) * (PAGE_SIZE / 1024)) +#ifdef _KERNEL +#define NO_FUEWORD 1 +#endif + #endif /* !_IA64_INCLUDE_PARAM_H_ */ diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index e720c7a..039fdd0 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1124,7 +1124,7 @@ int exec_copyin_args(struct image_args *args, char *fname, enum uio_seg segflg, char **argv, char **envv) { - char *argp, *envp; + u_long argp, envp; int error; size_t length; @@ -1160,13 +1160,17 @@ exec_copyin_args(struct image_args *args, char *fname, /* * extract arguments first */ - while ((argp = (caddr_t) (intptr_t) fuword(argv++))) { - if (argp == (caddr_t) -1) { + for (;;) { + error = fueword(argv++, &argp); + if (error == -1) { error = EFAULT; goto err_exit; } - if ((error = copyinstr(argp, args->endp, - args->stringspace, &length))) { + if (argp == 0) + break; + error = copyinstr((void *)(uintptr_t)argp, args->endp, + args->stringspace, &length); + if (error != 0) { if (error == ENAMETOOLONG) error = E2BIG; goto err_exit; @@ -1182,13 +1186,17 @@ exec_copyin_args(struct image_args *args, char *fname, * extract environment strings */ if (envv) { - while ((envp = (caddr_t)(intptr_t)fuword(envv++))) { - if (envp == (caddr_t)-1) { + for (;;) { + error = fueword(envv++, &envp); + if (error == -1) { error = EFAULT; goto err_exit; } - if ((error = copyinstr(envp, args->endp, - args->stringspace, &length))) { + if (envp == 0) + break; + error = copyinstr((void *)(uintptr_t)envp, + args->endp, args->stringspace, &length); + if (error != 0) { if (error == ENAMETOOLONG) error = E2BIG; goto err_exit; diff --git a/sys/kern/kern_umtx.c b/sys/kern/kern_umtx.c index f3ff3be..9217690 100644 --- a/sys/kern/kern_umtx.c +++ b/sys/kern/kern_umtx.c @@ -510,6 +510,15 @@ umtxq_unbusy(struct umtx_key *key) wakeup_one(uc); } +static inline void +umtxq_unbusy_unlocked(struct umtx_key *key) +{ + + umtxq_lock(key); + umtxq_unbusy(key); + umtxq_unlock(key); +} + static struct umtxq_queue * umtxq_queue_lookup(struct umtx_key *key, int q) { @@ -1208,6 +1217,7 @@ do_wait(struct thread *td, void *addr, u_long id, struct abs_timeout timo; struct umtx_q *uq; u_long tmp; + uint32_t tmp32; int error = 0; uq = td->td_umtxq; @@ -1221,18 +1231,29 @@ do_wait(struct thread *td, void *addr, u_long id, umtxq_lock(&uq->uq_key); umtxq_insert(uq); umtxq_unlock(&uq->uq_key); - if (compat32 == 0) - tmp = fuword(addr); - else - tmp = (unsigned int)fuword32(addr); + if (compat32 == 0) { + error = fueword(addr, &tmp); + if (error != 0) + error = EFAULT; + } else { + error = fueword32(addr, &tmp32); + if (error == 0) + tmp = tmp32; + else + error = EFAULT; + } umtxq_lock(&uq->uq_key); - if (tmp == id) - error = umtxq_sleep(uq, "uwait", timeout == NULL ? - NULL : &timo); - if ((uq->uq_flags & UQF_UMTXQ) == 0) - error = 0; - else + if (error == 0) { + if (tmp == id) + error = umtxq_sleep(uq, "uwait", timeout == NULL ? + NULL : &timo); + if ((uq->uq_flags & UQF_UMTXQ) == 0) + error = 0; + else + umtxq_remove(uq); + } else if ((uq->uq_flags & UQF_UMTXQ) != 0) { umtxq_remove(uq); + } umtxq_unlock(&uq->uq_key); umtx_key_release(&uq->uq_key); if (error == ERESTART) @@ -1269,11 +1290,11 @@ do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags, struct abs_timeout timo; struct umtx_q *uq; uint32_t owner, old, id; - int error = 0; + int error, rv; id = td->td_tid; uq = td->td_umtxq; - + error = 0; if (timeout != NULL) abs_timeout_init2(&timo, timeout); @@ -1282,7 +1303,9 @@ do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags, * can fault on any access. */ for (;;) { - owner = fuword32(__DEVOLATILE(void *, &m->m_owner)); + rv = fueword32(&m->m_owner, &owner); + if (rv == -1) + return (EFAULT); if (mode == _UMUTEX_WAIT) { if (owner == UMUTEX_UNOWNED || owner == UMUTEX_CONTESTED) return (0); @@ -1290,31 +1313,31 @@ do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags, /* * Try the uncontested case. This should be done in userland. */ - owner = casuword32(&m->m_owner, UMUTEX_UNOWNED, id); + rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, + &owner, id); + /* The address was invalid. */ + if (rv == -1) + return (EFAULT); /* The acquire succeeded. */ if (owner == UMUTEX_UNOWNED) return (0); - /* The address was invalid. */ - if (owner == -1) - return (EFAULT); - /* If no one owns it but it is contested try to acquire it. */ if (owner == UMUTEX_CONTESTED) { - owner = casuword32(&m->m_owner, - UMUTEX_CONTESTED, id | UMUTEX_CONTESTED); + rv = casueword32(&m->m_owner, + UMUTEX_CONTESTED, &owner, + id | UMUTEX_CONTESTED); + /* The address was invalid. */ + if (rv == -1) + return (EFAULT); if (owner == UMUTEX_CONTESTED) return (0); - /* The address was invalid. */ - if (owner == -1) - return (EFAULT); - - error = umtxq_check_susp(td); - if (error != 0) - return (error); + rv = umtxq_check_susp(td); + if (rv != 0) + return (rv); /* If this failed the lock has changed, restart. */ continue; @@ -1350,10 +1373,11 @@ do_lock_normal(struct thread *td, struct umutex *m, uint32_t flags, * either some one else has acquired the lock or it has been * released. */ - old = casuword32(&m->m_owner, owner, owner | UMUTEX_CONTESTED); + rv = casueword32(&m->m_owner, owner, &old, + owner | UMUTEX_CONTESTED); /* The address was invalid. */ - if (old == -1) { + if (rv == -1) { umtxq_lock(&uq->uq_key); umtxq_remove(uq); umtxq_unbusy(&uq->uq_key); @@ -1398,16 +1422,16 @@ do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags) /* * Make sure we own this mtx. */ - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - if (owner == -1) + error = fueword32(&m->m_owner, &owner); + if (error == -1) return (EFAULT); if ((owner & ~UMUTEX_CONTESTED) != id) return (EPERM); if ((owner & UMUTEX_CONTESTED) == 0) { - old = casuword32(&m->m_owner, owner, UMUTEX_UNOWNED); - if (old == -1) + error = casueword32(&m->m_owner, owner, &old, UMUTEX_UNOWNED); + if (error == -1) return (EFAULT); if (old == owner) return (0); @@ -1429,14 +1453,14 @@ do_unlock_normal(struct thread *td, struct umutex *m, uint32_t flags) * there is zero or one thread only waiting for it. * Otherwise, it must be marked as contested. */ - old = casuword32(&m->m_owner, owner, - count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); + error = casueword32(&m->m_owner, owner, &old, + count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); umtxq_lock(&key); umtxq_signal(&key,1); umtxq_unbusy(&key); umtxq_unlock(&key); umtx_key_release(&key); - if (old == -1) + if (error == -1) return (EFAULT); if (old != owner) return (EINVAL); @@ -1456,14 +1480,16 @@ do_wake_umutex(struct thread *td, struct umutex *m) int error; int count; - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - if (owner == -1) + error = fueword32(&m->m_owner, &owner); + if (error == -1) return (EFAULT); if ((owner & ~UMUTEX_CONTESTED) != 0) return (0); - flags = fuword32(&m->m_flags); + error = fueword32(&m->m_flags, &flags); + if (error == -1) + return (EFAULT); /* We should only ever be in here for contested locks */ if ((error = umtx_key_get(m, TYPE_NORMAL_UMUTEX, GET_SHARE(flags), @@ -1475,16 +1501,20 @@ do_wake_umutex(struct thread *td, struct umutex *m) count = umtxq_count(&key); umtxq_unlock(&key); - if (count <= 1) - owner = casuword32(&m->m_owner, UMUTEX_CONTESTED, UMUTEX_UNOWNED); + if (count <= 1) { + error = casueword32(&m->m_owner, UMUTEX_CONTESTED, &owner, + UMUTEX_UNOWNED); + if (error == -1) + error = EFAULT; + } umtxq_lock(&key); - if (count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) + if (error == 0 && count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) umtxq_signal(&key, 1); umtxq_unbusy(&key); umtxq_unlock(&key); umtx_key_release(&key); - return (0); + return (error); } /* @@ -1527,41 +1557,47 @@ do_wake2_umutex(struct thread *td, struct umutex *m, uint32_t flags) * any memory. */ if (count > 1) { - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - while ((owner & UMUTEX_CONTESTED) ==0) { - old = casuword32(&m->m_owner, owner, - owner|UMUTEX_CONTESTED); + error = fueword32(&m->m_owner, &owner); + if (error == -1) + error = EFAULT; + while (error == 0 && (owner & UMUTEX_CONTESTED) == 0) { + error = casueword32(&m->m_owner, owner, &old, + owner | UMUTEX_CONTESTED); + if (error == -1) { + error = EFAULT; + break; + } if (old == owner) break; owner = old; - if (old == -1) - break; error = umtxq_check_susp(td); if (error != 0) break; } } else if (count == 1) { - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - while ((owner & ~UMUTEX_CONTESTED) != 0 && + error = fueword32(&m->m_owner, &owner); + if (error == -1) + error = EFAULT; + while (error == 0 && (owner & ~UMUTEX_CONTESTED) != 0 && (owner & UMUTEX_CONTESTED) == 0) { - old = casuword32(&m->m_owner, owner, - owner|UMUTEX_CONTESTED); + error = casueword32(&m->m_owner, owner, &old, + owner | UMUTEX_CONTESTED); + if (error == -1) { + error = EFAULT; + break; + } if (old == owner) break; owner = old; - if (old == -1) - break; error = umtxq_check_susp(td); if (error != 0) break; } } umtxq_lock(&key); - if (owner == -1) { - error = EFAULT; + if (error == EFAULT) { umtxq_signal(&key, INT_MAX); - } - else if (count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) + } else if (count != 0 && (owner & ~UMUTEX_CONTESTED) == 0) umtxq_signal(&key, 1); umtxq_unbusy(&key); umtxq_unlock(&key); @@ -1941,7 +1977,7 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, struct umtx_q *uq; struct umtx_pi *pi, *new_pi; uint32_t id, owner, old; - int error; + int error, rv; id = td->td_tid; uq = td->td_umtxq; @@ -1984,7 +2020,12 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, /* * Try the uncontested case. This should be done in userland. */ - owner = casuword32(&m->m_owner, UMUTEX_UNOWNED, id); + rv = casueword32(&m->m_owner, UMUTEX_UNOWNED, &owner, id); + /* The address was invalid. */ + if (rv == -1) { + error = EFAULT; + break; + } /* The acquire succeeded. */ if (owner == UMUTEX_UNOWNED) { @@ -1992,16 +2033,15 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, break; } - /* The address was invalid. */ - if (owner == -1) { - error = EFAULT; - break; - } - /* If no one owns it but it is contested try to acquire it. */ if (owner == UMUTEX_CONTESTED) { - owner = casuword32(&m->m_owner, - UMUTEX_CONTESTED, id | UMUTEX_CONTESTED); + rv = casueword32(&m->m_owner, + UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); + /* The address was invalid. */ + if (rv == -1) { + error = EFAULT; + break; + } if (owner == UMUTEX_CONTESTED) { umtxq_lock(&uq->uq_key); @@ -2012,12 +2052,6 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, break; } - /* The address was invalid. */ - if (owner == -1) { - error = EFAULT; - break; - } - error = umtxq_check_susp(td); if (error != 0) break; @@ -2054,13 +2088,12 @@ do_lock_pi(struct thread *td, struct umutex *m, uint32_t flags, * either some one else has acquired the lock or it has been * released. */ - old = casuword32(&m->m_owner, owner, owner | UMUTEX_CONTESTED); + rv = casueword32(&m->m_owner, owner, &old, + owner | UMUTEX_CONTESTED); /* The address was invalid. */ - if (old == -1) { - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); error = EFAULT; break; } @@ -2112,8 +2145,8 @@ do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags) /* * Make sure we own this mtx. */ - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - if (owner == -1) + error = fueword32(&m->m_owner, &owner); + if (error == -1) return (EFAULT); if ((owner & ~UMUTEX_CONTESTED) != id) @@ -2121,8 +2154,8 @@ do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags) /* This should be done in userland */ if ((owner & UMUTEX_CONTESTED) == 0) { - old = casuword32(&m->m_owner, owner, UMUTEX_UNOWNED); - if (old == -1) + error = casueword32(&m->m_owner, owner, &old, UMUTEX_UNOWNED); + if (error == -1) return (EFAULT); if (old == owner) return (0); @@ -2180,14 +2213,12 @@ do_unlock_pi(struct thread *td, struct umutex *m, uint32_t flags) * there is zero or one thread only waiting for it. * Otherwise, it must be marked as contested. */ - old = casuword32(&m->m_owner, owner, - count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); + error = casueword32(&m->m_owner, owner, &old, + count <= 1 ? UMUTEX_UNOWNED : UMUTEX_CONTESTED); - umtxq_lock(&key); - umtxq_unbusy(&key); - umtxq_unlock(&key); + umtxq_unbusy_unlocked(&key); umtx_key_release(&key); - if (old == -1) + if (error == -1) return (EFAULT); if (old != owner) return (EINVAL); @@ -2206,7 +2237,7 @@ do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, struct umtx_pi *pi; uint32_t ceiling; uint32_t owner, id; - int error, pri, old_inherited_pri, su; + int error, pri, old_inherited_pri, su, rv; id = td->td_tid; uq = td->td_umtxq; @@ -2224,7 +2255,12 @@ do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, umtxq_busy(&uq->uq_key); umtxq_unlock(&uq->uq_key); - ceiling = RTP_PRIO_MAX - fuword32(&m->m_ceilings[0]); + rv = fueword32(&m->m_ceilings[0], &ceiling); + if (rv == -1) { + error = EFAULT; + goto out; + } + ceiling = RTP_PRIO_MAX - ceiling; if (ceiling > RTP_PRIO_MAX) { error = EINVAL; goto out; @@ -2245,17 +2281,16 @@ do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, } mtx_unlock_spin(&umtx_lock); - owner = casuword32(&m->m_owner, - UMUTEX_CONTESTED, id | UMUTEX_CONTESTED); - - if (owner == UMUTEX_CONTESTED) { - error = 0; + rv = casueword32(&m->m_owner, + UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); + /* The address was invalid. */ + if (rv == -1) { + error = EFAULT; break; } - /* The address was invalid. */ - if (owner == -1) { - error = EFAULT; + if (owner == UMUTEX_CONTESTED) { + error = 0; break; } @@ -2323,9 +2358,7 @@ do_lock_pp(struct thread *td, struct umutex *m, uint32_t flags, } out: - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); umtx_key_release(&uq->uq_key); return (error); } @@ -2350,8 +2383,8 @@ do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags) /* * Make sure we own this mtx. */ - owner = fuword32(__DEVOLATILE(uint32_t *, &m->m_owner)); - if (owner == -1) + error = fueword32(&m->m_owner, &owner); + if (error == -1) return (EFAULT); if ((owner & ~UMUTEX_CONTESTED) != id) @@ -2382,8 +2415,7 @@ do_unlock_pp(struct thread *td, struct umutex *m, uint32_t flags) * to lock the mutex, it is necessary because thread priority * has to be adjusted for such mutex. */ - error = suword32(__DEVOLATILE(uint32_t *, &m->m_owner), - UMUTEX_CONTESTED); + error = suword32(&m->m_owner, UMUTEX_CONTESTED); umtxq_lock(&key); if (error == 0) @@ -2424,9 +2456,11 @@ do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling, uint32_t save_ceiling; uint32_t owner, id; uint32_t flags; - int error; + int error, rv; - flags = fuword32(&m->m_flags); + error = fueword32(&m->m_flags, &flags); + if (error == -1) + return (EFAULT); if ((flags & UMUTEX_PRIO_PROTECT) == 0) return (EINVAL); if (ceiling > RTP_PRIO_MAX) @@ -2441,25 +2475,26 @@ do_set_ceiling(struct thread *td, struct umutex *m, uint32_t ceiling, umtxq_busy(&uq->uq_key); umtxq_unlock(&uq->uq_key); - save_ceiling = fuword32(&m->m_ceilings[0]); + rv = fueword32(&m->m_ceilings[0], &save_ceiling); + if (rv == -1) { + error = EFAULT; + break; + } - owner = casuword32(&m->m_owner, - UMUTEX_CONTESTED, id | UMUTEX_CONTESTED); + rv = casueword32(&m->m_owner, + UMUTEX_CONTESTED, &owner, id | UMUTEX_CONTESTED); + if (rv == -1) { + error = EFAULT; + break; + } if (owner == UMUTEX_CONTESTED) { suword32(&m->m_ceilings[0], ceiling); - suword32(__DEVOLATILE(uint32_t *, &m->m_owner), - UMUTEX_CONTESTED); + suword32(&m->m_owner, UMUTEX_CONTESTED); error = 0; break; } - /* The address was invalid. */ - if (owner == -1) { - error = EFAULT; - break; - } - if ((owner & ~UMUTEX_CONTESTED) == id) { suword32(&m->m_ceilings[0], ceiling); error = 0; @@ -2506,8 +2541,8 @@ do_lock_umutex(struct thread *td, struct umutex *m, uint32_t flags; int error; - flags = fuword32(&m->m_flags); - if (flags == -1) + error = fueword32(&m->m_flags, &flags); + if (error == -1) return (EFAULT); switch(flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) { @@ -2541,9 +2576,10 @@ static int do_unlock_umutex(struct thread *td, struct umutex *m) { uint32_t flags; + int error; - flags = fuword32(&m->m_flags); - if (flags == -1) + error = fueword32(&m->m_flags, &flags); + if (error == -1) return (EFAULT); switch(flags & (UMUTEX_PRIO_INHERIT | UMUTEX_PRIO_PROTECT)) { @@ -2564,21 +2600,27 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, { struct abs_timeout timo; struct umtx_q *uq; - uint32_t flags; - uint32_t clockid; + uint32_t flags, clockid, hasw; int error; uq = td->td_umtxq; - flags = fuword32(&cv->c_flags); + error = fueword32(&cv->c_flags, &flags); + if (error == -1) + return (EFAULT); error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &uq->uq_key); if (error != 0) return (error); if ((wflags & CVWAIT_CLOCKID) != 0) { - clockid = fuword32(&cv->c_clockid); + error = fueword32(&cv->c_clockid, &clockid); + if (error == -1) { + umtx_key_release(&uq->uq_key); + return (EFAULT); + } if (clockid < CLOCK_REALTIME || clockid >= CLOCK_THREAD_CPUTIME_ID) { /* hmm, only HW clock id will work. */ + umtx_key_release(&uq->uq_key); return (EINVAL); } } else { @@ -2594,12 +2636,11 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, * Set c_has_waiters to 1 before releasing user mutex, also * don't modify cache line when unnecessary. */ - if (fuword32(__DEVOLATILE(uint32_t *, &cv->c_has_waiters)) == 0) - suword32(__DEVOLATILE(uint32_t *, &cv->c_has_waiters), 1); + error = fueword32(&cv->c_has_waiters, &hasw); + if (error == 0 && hasw == 0) + suword32(&cv->c_has_waiters, 1); - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); error = do_unlock_umutex(td, m); @@ -2627,9 +2668,7 @@ do_cv_wait(struct thread *td, struct ucond *cv, struct umutex *m, umtxq_remove(uq); if (oldlen == 1) { umtxq_unlock(&uq->uq_key); - suword32( - __DEVOLATILE(uint32_t *, - &cv->c_has_waiters), 0); + suword32(&cv->c_has_waiters, 0); umtxq_lock(&uq->uq_key); } } @@ -2653,7 +2692,9 @@ do_cv_signal(struct thread *td, struct ucond *cv) int error, cnt, nwake; uint32_t flags; - flags = fuword32(&cv->c_flags); + error = fueword32(&cv->c_flags, &flags); + if (error == -1) + return (EFAULT); if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0) return (error); umtxq_lock(&key); @@ -2662,8 +2703,9 @@ do_cv_signal(struct thread *td, struct ucond *cv) nwake = umtxq_signal(&key, 1); if (cnt <= nwake) { umtxq_unlock(&key); - error = suword32( - __DEVOLATILE(uint32_t *, &cv->c_has_waiters), 0); + error = suword32(&cv->c_has_waiters, 0); + if (error == -1) + error = EFAULT; umtxq_lock(&key); } umtxq_unbusy(&key); @@ -2679,7 +2721,9 @@ do_cv_broadcast(struct thread *td, struct ucond *cv) int error; uint32_t flags; - flags = fuword32(&cv->c_flags); + error = fueword32(&cv->c_flags, &flags); + if (error == -1) + return (EFAULT); if ((error = umtx_key_get(cv, TYPE_CV, GET_SHARE(flags), &key)) != 0) return (error); @@ -2688,11 +2732,11 @@ do_cv_broadcast(struct thread *td, struct ucond *cv) umtxq_signal(&key, INT_MAX); umtxq_unlock(&key); - error = suword32(__DEVOLATILE(uint32_t *, &cv->c_has_waiters), 0); + error = suword32(&cv->c_has_waiters, 0); + if (error == -1) + error = EFAULT; - umtxq_lock(&key); - umtxq_unbusy(&key); - umtxq_unlock(&key); + umtxq_unbusy_unlocked(&key); umtx_key_release(&key); return (error); @@ -2706,10 +2750,12 @@ do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx uint32_t flags, wrflags; int32_t state, oldstate; int32_t blocked_readers; - int error; + int error, rv; uq = td->td_umtxq; - flags = fuword32(&rwlock->rw_flags); + error = fueword32(&rwlock->rw_flags, &flags); + if (error == -1) + return (EFAULT); error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); if (error != 0) return (error); @@ -2722,15 +2768,21 @@ do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx wrflags |= URWLOCK_WRITE_WAITERS; for (;;) { - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) { + umtx_key_release(&uq->uq_key); + return (EFAULT); + } + /* try to lock it */ while (!(state & wrflags)) { if (__predict_false(URWLOCK_READER_COUNT(state) == URWLOCK_MAX_READERS)) { umtx_key_release(&uq->uq_key); return (EAGAIN); } - oldstate = casuword32(&rwlock->rw_state, state, state + 1); - if (oldstate == -1) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state + 1); + if (rv == -1) { umtx_key_release(&uq->uq_key); return (EFAULT); } @@ -2756,12 +2808,16 @@ do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx * re-read the state, in case it changed between the try-lock above * and the check below */ - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) + error = EFAULT; /* set read contention bit */ - while ((state & wrflags) && !(state & URWLOCK_READ_WAITERS)) { - oldstate = casuword32(&rwlock->rw_state, state, state | URWLOCK_READ_WAITERS); - if (oldstate == -1) { + while (error == 0 && (state & wrflags) && + !(state & URWLOCK_READ_WAITERS)) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state | URWLOCK_READ_WAITERS); + if (rv == -1) { error = EFAULT; break; } @@ -2773,17 +2829,13 @@ do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx break; } if (error != 0) { - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); break; } /* state is changed while setting flags, restart */ if (!(state & wrflags)) { - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); error = umtxq_check_susp(td); if (error != 0) break; @@ -2792,7 +2844,13 @@ do_rw_rdlock(struct thread *td, struct urwlock *rwlock, long fflag, struct _umtx sleep: /* contention bit is set, before sleeping, increase read waiter count */ - blocked_readers = fuword32(&rwlock->rw_blocked_readers); + rv = fueword32(&rwlock->rw_blocked_readers, + &blocked_readers); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } suword32(&rwlock->rw_blocked_readers, blocked_readers+1); while (state & wrflags) { @@ -2808,18 +2866,30 @@ sleep: umtxq_unlock(&uq->uq_key); if (error) break; - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) { + error = EFAULT; + break; + } } /* decrease read waiter count, and may clear read contention bit */ - blocked_readers = fuword32(&rwlock->rw_blocked_readers); + rv = fueword32(&rwlock->rw_blocked_readers, + &blocked_readers); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } suword32(&rwlock->rw_blocked_readers, blocked_readers-1); if (blocked_readers == 1) { - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); - for (;;) { - oldstate = casuword32(&rwlock->rw_state, state, - state & ~URWLOCK_READ_WAITERS); - if (oldstate == -1) { + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) + error = EFAULT; + while (error == 0) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state & ~URWLOCK_READ_WAITERS); + if (rv == -1) { error = EFAULT; break; } @@ -2827,14 +2897,10 @@ sleep: break; state = oldstate; error = umtxq_check_susp(td); - if (error != 0) - break; } } - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); if (error != 0) break; } @@ -2853,10 +2919,12 @@ do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeo int32_t state, oldstate; int32_t blocked_writers; int32_t blocked_readers; - int error; + int error, rv; uq = td->td_umtxq; - flags = fuword32(&rwlock->rw_flags); + error = fueword32(&rwlock->rw_flags, &flags); + if (error == -1) + return (EFAULT); error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); if (error != 0) return (error); @@ -2866,10 +2934,15 @@ do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeo blocked_readers = 0; for (;;) { - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) { + umtx_key_release(&uq->uq_key); + return (EFAULT); + } while (!(state & URWLOCK_WRITE_OWNER) && URWLOCK_READER_COUNT(state) == 0) { - oldstate = casuword32(&rwlock->rw_state, state, state | URWLOCK_WRITE_OWNER); - if (oldstate == -1) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state | URWLOCK_WRITE_OWNER); + if (rv == -1) { umtx_key_release(&uq->uq_key); return (EFAULT); } @@ -2905,12 +2978,16 @@ do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeo * re-read the state, in case it changed between the try-lock above * and the check below */ - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) + error = EFAULT; - while (((state & URWLOCK_WRITE_OWNER) || URWLOCK_READER_COUNT(state) != 0) && - (state & URWLOCK_WRITE_WAITERS) == 0) { - oldstate = casuword32(&rwlock->rw_state, state, state | URWLOCK_WRITE_WAITERS); - if (oldstate == -1) { + while (error == 0 && ((state & URWLOCK_WRITE_OWNER) || + URWLOCK_READER_COUNT(state) != 0) && + (state & URWLOCK_WRITE_WAITERS) == 0) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state | URWLOCK_WRITE_WAITERS); + if (rv == -1) { error = EFAULT; break; } @@ -2922,23 +2999,25 @@ do_rw_wrlock(struct thread *td, struct urwlock *rwlock, struct _umtx_time *timeo break; } if (error != 0) { - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); break; } if (!(state & URWLOCK_WRITE_OWNER) && URWLOCK_READER_COUNT(state) == 0) { - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); error = umtxq_check_susp(td); if (error != 0) break; continue; } sleep: - blocked_writers = fuword32(&rwlock->rw_blocked_writers); + rv = fueword32(&rwlock->rw_blocked_writers, + &blocked_writers); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } suword32(&rwlock->rw_blocked_writers, blocked_writers+1); while ((state & URWLOCK_WRITE_OWNER) || URWLOCK_READER_COUNT(state) != 0) { @@ -2954,17 +3033,32 @@ sleep: umtxq_unlock(&uq->uq_key); if (error) break; - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) { + error = EFAULT; + break; + } } - blocked_writers = fuword32(&rwlock->rw_blocked_writers); + rv = fueword32(&rwlock->rw_blocked_writers, + &blocked_writers); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } suword32(&rwlock->rw_blocked_writers, blocked_writers-1); if (blocked_writers == 1) { - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + rv = fueword32(&rwlock->rw_state, &state); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } for (;;) { - oldstate = casuword32(&rwlock->rw_state, state, - state & ~URWLOCK_WRITE_WAITERS); - if (oldstate == -1) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state & ~URWLOCK_WRITE_WAITERS); + if (rv == -1) { error = EFAULT; break; } @@ -2980,13 +3074,17 @@ sleep: if (error != 0) break; } - blocked_readers = fuword32(&rwlock->rw_blocked_readers); + rv = fueword32(&rwlock->rw_blocked_readers, + &blocked_readers); + if (rv == -1) { + umtxq_unbusy_unlocked(&uq->uq_key); + error = EFAULT; + break; + } } else blocked_readers = 0; - umtxq_lock(&uq->uq_key); - umtxq_unbusy(&uq->uq_key); - umtxq_unlock(&uq->uq_key); + umtxq_unbusy_unlocked(&uq->uq_key); } umtx_key_release(&uq->uq_key); @@ -3001,20 +3099,26 @@ do_rw_unlock(struct thread *td, struct urwlock *rwlock) struct umtx_q *uq; uint32_t flags; int32_t state, oldstate; - int error, q, count; + int error, rv, q, count; uq = td->td_umtxq; - flags = fuword32(&rwlock->rw_flags); + error = fueword32(&rwlock->rw_flags, &flags); + if (error == -1) + return (EFAULT); error = umtx_key_get(rwlock, TYPE_RWLOCK, GET_SHARE(flags), &uq->uq_key); if (error != 0) return (error); - state = fuword32(__DEVOLATILE(int32_t *, &rwlock->rw_state)); + error = fueword32(&rwlock->rw_state, &state); + if (error == -1) { + error = EFAULT; + goto out; + } if (state & URWLOCK_WRITE_OWNER) { for (;;) { - oldstate = casuword32(&rwlock->rw_state, state, - state & ~URWLOCK_WRITE_OWNER); - if (oldstate == -1) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state & ~URWLOCK_WRITE_OWNER); + if (rv == -1) { error = EFAULT; goto out; } @@ -3032,9 +3136,9 @@ do_rw_unlock(struct thread *td, struct urwlock *rwlock) } } else if (URWLOCK_READER_COUNT(state) != 0) { for (;;) { - oldstate = casuword32(&rwlock->rw_state, state, - state - 1); - if (oldstate == -1) { + rv = casueword32(&rwlock->rw_state, state, + &oldstate, state - 1); + if (rv == -1) { error = EFAULT; goto out; } @@ -3092,11 +3196,13 @@ do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout) { struct abs_timeout timo; struct umtx_q *uq; - uint32_t flags, count; - int error; + uint32_t flags, count, count1; + int error, rv; uq = td->td_umtxq; - flags = fuword32(&sem->_flags); + error = fueword32(&sem->_flags, &flags); + if (error == -1) + return (EFAULT); error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &uq->uq_key); if (error != 0) return (error); @@ -3108,15 +3214,16 @@ do_sem_wait(struct thread *td, struct _usem *sem, struct _umtx_time *timeout) umtxq_busy(&uq->uq_key); umtxq_insert(uq); umtxq_unlock(&uq->uq_key); - casuword32(__DEVOLATILE(uint32_t *, &sem->_has_waiters), 0, 1); - count = fuword32(__DEVOLATILE(uint32_t *, &sem->_count)); - if (count != 0) { + rv = casueword32(&sem->_has_waiters, 0, &count1, 1); + if (rv == 0) + rv = fueword32(&sem->_count, &count); + if (rv == -1 || count != 0) { umtxq_lock(&uq->uq_key); umtxq_unbusy(&uq->uq_key); umtxq_remove(uq); umtxq_unlock(&uq->uq_key); umtx_key_release(&uq->uq_key); - return (0); + return (rv == -1 ? EFAULT : 0); } umtxq_lock(&uq->uq_key); umtxq_unbusy(&uq->uq_key); @@ -3147,7 +3254,9 @@ do_sem_wake(struct thread *td, struct _usem *sem) int error, cnt; uint32_t flags; - flags = fuword32(&sem->_flags); + error = fueword32(&sem->_flags, &flags); + if (error == -1) + return (EFAULT); if ((error = umtx_key_get(sem, TYPE_SEM, GET_SHARE(flags), &key)) != 0) return (error); umtxq_lock(&key); @@ -3162,9 +3271,10 @@ do_sem_wake(struct thread *td, struct _usem *sem) */ if (cnt == 1) { umtxq_unlock(&key); - error = suword32( - __DEVOLATILE(uint32_t *, &sem->_has_waiters), 0); + error = suword32(&sem->_has_waiters, 0); umtxq_lock(&key); + if (error == -1) + error = EFAULT; } } umtxq_unbusy(&key); diff --git a/sys/kern/subr_uio.c b/sys/kern/subr_uio.c index f2e6e32..87892fd 100644 --- a/sys/kern/subr_uio.c +++ b/sys/kern/subr_uio.c @@ -7,6 +7,11 @@ * Co. or Unix System Laboratories, Inc. and are reproduced herein with * the permission of UNIX System Laboratories, Inc. * + * Copyright (c) 2014 The FreeBSD Foundation + * + * Portions of this software were developed by Konstantin Belousov + * under sponsorship from the FreeBSD Foundation. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -438,3 +443,128 @@ copyout_unmap(struct thread *td, vm_offset_t addr, size_t sz) return (0); } + +#ifdef NO_FUEWORD +/* + * XXXKIB The temporal implementation of fue*() functions which do not + * handle usermode -1 properly, mixing it with the fault code. Keep + * this until MD code is written. Currently sparc64, mips and arm do + * not have proper implementation. + */ + +int +fueword(volatile const void *base, long *val) +{ + long res; + + res = fuword(base); + if (res == -1) + return (-1); + *val = res; + return (0); +} + +int +fueword32(volatile const void *base, int32_t *val) +{ + int32_t res; + + res = fuword32(base); + if (res == -1) + return (-1); + *val = res; + return (0); +} + +#ifdef _LP64 +int +fueword64(volatile const void *base, int64_t *val) +{ + int32_t res; + + res = fuword64(base); + if (res == -1) + return (-1); + *val = res; + return (0); +} +#endif + +int +casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp, + uint32_t newval) +{ + int32_t ov; + + ov = casuword32(base, oldval, newval); + if (ov == -1) + return (-1); + *oldvalp = ov; + return (0); +} + +int +casueword(volatile u_long *p, u_long oldval, u_long *oldvalp, u_long newval) +{ + u_long ov; + + ov = casuword(p, oldval, newval); + if (ov == -1) + return (-1); + *oldvalp = ov; + return (0); +} +#else /* NO_FUEWORD */ +int32_t +fuword32(volatile const void *addr) +{ + int rv; + int32_t val; + + rv = fueword32(addr, &val); + return (rv == -1 ? -1 : val); +} + +#ifdef _LP64 +int64_t +fuword64(volatile const void *addr) +{ + int rv; + int64_t val; + + rv = fueword64(addr, &val); + return (rv == -1 ? -1 : val); +} +#endif /* _LP64 */ + +long +fuword(volatile const void *addr) +{ + long val; + int rv; + + rv = fueword(addr, &val); + return (rv == -1 ? -1 : val); +} + +uint32_t +casuword32(volatile uint32_t *addr, uint32_t old, uint32_t new) +{ + int rv; + uint32_t val; + + rv = casueword32(addr, old, &val, new); + return (rv == -1 ? -1 : val); +} + +u_long +casuword(volatile u_long *addr, u_long old, u_long new) +{ + int rv; + u_long val; + + rv = casueword(addr, old, &val, new); + return (rv == -1 ? -1 : val); +} + +#endif /* NO_FUEWORD */ diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index 362792b..39a784db 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -148,6 +148,7 @@ acl_copyin(void *user_acl, struct acl *kernel_acl, acl_type_t type) static int acl_copyout(struct acl *kernel_acl, void *user_acl, acl_type_t type) { + uint32_t am; int error; struct oldacl old; @@ -162,8 +163,11 @@ acl_copyout(struct acl *kernel_acl, void *user_acl, acl_type_t type) break; default: - if (fuword32((char *)user_acl + - offsetof(struct acl, acl_maxcnt)) != ACL_MAX_ENTRIES) + error = fueword32((char *)user_acl + + offsetof(struct acl, acl_maxcnt), &am); + if (error == -1) + return (EFAULT); + if (am != ACL_MAX_ENTRIES) return (EINVAL); error = copyout(kernel_acl, user_acl, sizeof(*kernel_acl)); diff --git a/sys/mips/include/param.h b/sys/mips/include/param.h index 2d1d7f1..90f3e6f 100644 --- a/sys/mips/include/param.h +++ b/sys/mips/include/param.h @@ -178,4 +178,8 @@ #define pgtok(x) ((x) * (PAGE_SIZE / 1024)) +#ifdef _KERNEL +#define NO_FUEWORD 1 +#endif + #endif /* !_MIPS_INCLUDE_PARAM_H_ */ diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index 0df8f4d..c19a613 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -5085,7 +5085,8 @@ sppp_params(struct sppp *sp, u_long cmd, void *data) * Check the cmd word first before attempting to fetch all the * data. */ - if ((subcmd = fuword(ifr->ifr_data)) == -1) { + rv = fueword(ifr->ifr_data, &subcmd); + if (rv == -1) { rv = EFAULT; goto quit; } diff --git a/sys/powerpc/powerpc/copyinout.c b/sys/powerpc/powerpc/copyinout.c index a8108d6..83e192a 100644 --- a/sys/powerpc/powerpc/copyinout.c +++ b/sys/powerpc/powerpc/copyinout.c @@ -80,7 +80,7 @@ int setfault(faultbuf); /* defined in locore.S */ #ifdef __powerpc64__ static __inline void -set_user_sr(pmap_t pm, const void *addr) +set_user_sr(pmap_t pm, volatile const void *addr) { struct slb *slb; register_t slbv; @@ -113,7 +113,7 @@ set_user_sr(pmap_t pm, const void *addr) } #else static __inline void -set_user_sr(pmap_t pm, const void *addr) +set_user_sr(pmap_t pm, volatile const void *addr) { register_t vsid; @@ -135,7 +135,7 @@ set_user_sr(pmap_t pm, const void *addr) #endif static __inline int -map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen, +map_user_ptr(pmap_t pm, volatile const void *uaddr, void **kaddr, size_t ulen, size_t *klen) { size_t l; @@ -156,7 +156,7 @@ map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen, } #else /* Book-E uses a combined kernel/user mapping */ static __inline int -map_user_ptr(pmap_t pm, const void *uaddr, void **kaddr, size_t ulen, +map_user_ptr(pmap_t pm, volatile const void *uaddr, void **kaddr, size_t ulen, size_t *klen) { @@ -281,7 +281,7 @@ copyinstr(const void *udaddr, void *kaddr, size_t len, size_t *done) } int -subyte(void *addr, int byte) +subyte(volatile void *addr, int byte) { struct thread *td; pmap_t pm; @@ -309,7 +309,7 @@ subyte(void *addr, int byte) #ifdef __powerpc64__ int -suword32(void *addr, int word) +suword32(volatile void *addr, int word) { struct thread *td; pmap_t pm; @@ -337,7 +337,7 @@ suword32(void *addr, int word) #endif int -suword(void *addr, long word) +suword(volatile void *addr, long word) { struct thread *td; pmap_t pm; @@ -365,20 +365,20 @@ suword(void *addr, long word) #ifdef __powerpc64__ int -suword64(void *addr, int64_t word) +suword64(volatile void *addr, int64_t word) { return (suword(addr, (long)word)); } #else int -suword32(void *addr, int32_t word) +suword32(volatile void *addr, int32_t word) { return (suword(addr, (long)word)); } #endif int -fubyte(const void *addr) +fubyte(volatile const void *addr) { struct thread *td; pmap_t pm; @@ -405,14 +405,13 @@ fubyte(const void *addr) return (val); } -#ifdef __powerpc64__ -int32_t -fuword32(const void *addr) +int +fuword16(volatile const void *addr) { struct thread *td; pmap_t pm; faultbuf env; - int32_t *p, val; + uint16_t *p, val; td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; @@ -432,15 +431,14 @@ fuword32(const void *addr) td->td_pcb->pcb_onfault = NULL; return (val); } -#endif -long -fuword(const void *addr) +int +fueword32(volatile const void *addr, int32_t *val) { struct thread *td; pmap_t pm; faultbuf env; - long *p, val; + int32_t *p; td = curthread; pm = &td->td_proc->p_vmspace->vm_pmap; @@ -455,22 +453,71 @@ fuword(const void *addr) return (-1); } - val = *p; + *val = *p; td->td_pcb->pcb_onfault = NULL; - return (val); + return (0); } -#ifndef __powerpc64__ -int32_t -fuword32(const void *addr) +#ifdef __powerpc64__ +int +fueword64(volatile const void *addr, int64_t *val) { - return ((int32_t)fuword(addr)); + struct thread *td; + pmap_t pm; + faultbuf env; + int64_t *p; + + td = curthread; + pm = &td->td_proc->p_vmspace->vm_pmap; + + if (setfault(env)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + + *val = *p; + + td->td_pcb->pcb_onfault = NULL; + return (0); } #endif -uint32_t -casuword32(volatile uint32_t *addr, uint32_t old, uint32_t new) +int +fueword(volatile const void *addr, long *val) +{ + struct thread *td; + pmap_t pm; + faultbuf env; + long *p; + + td = curthread; + pm = &td->td_proc->p_vmspace->vm_pmap; + + if (setfault(env)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + + if (map_user_ptr(pm, addr, (void **)&p, sizeof(*p), NULL)) { + td->td_pcb->pcb_onfault = NULL; + return (-1); + } + + *val = *p; + + td->td_pcb->pcb_onfault = NULL; + return (0); +} + +int +casueword32(volatile uint32_t *addr, uint32_t old, uint32_t *oldvalp, + uint32_t new) { struct thread *td; pmap_t pm; @@ -507,18 +554,21 @@ casuword32(volatile uint32_t *addr, uint32_t old, uint32_t new) td->td_pcb->pcb_onfault = NULL; - return (val); + *oldvalp = val; + return (0); } #ifndef __powerpc64__ -u_long -casuword(volatile u_long *addr, u_long old, u_long new) +int +casueword(volatile u_long *addr, u_long old, u_long *oldvalp, u_long new) { - return (casuword32((volatile uint32_t *)addr, old, new)); + + return (casueword32((volatile uint32_t *)addr, old, + (uint32_t *)oldvalp, new)); } #else -u_long -casuword(volatile u_long *addr, u_long old, u_long new) +int +casueword(volatile u_long *addr, u_long old, u_long *oldvalp, u_long new) { struct thread *td; pmap_t pm; @@ -555,7 +605,7 @@ casuword(volatile u_long *addr, u_long old, u_long new) td->td_pcb->pcb_onfault = NULL; - return (val); + *oldvalp = val; + return (0); } #endif - diff --git a/sys/sparc64/include/param.h b/sys/sparc64/include/param.h index e59f2c4..46bacae 100644 --- a/sys/sparc64/include/param.h +++ b/sys/sparc64/include/param.h @@ -146,4 +146,8 @@ #define pgtok(x) ((unsigned long)(x) * (PAGE_SIZE / 1024)) +#ifdef _KERNEL +#define NO_FUEWORD 1 +#endif + #endif /* !_SPARC64_INCLUDE_PARAM_H_ */ diff --git a/sys/sys/systm.h b/sys/sys/systm.h index c484b7b..0542535 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -251,18 +251,25 @@ int copyout(const void * __restrict kaddr, void * __restrict udaddr, int copyout_nofault(const void * __restrict kaddr, void * __restrict udaddr, size_t len) __nonnull(1) __nonnull(2); -int fubyte(const void *base); -long fuword(const void *base); -int fuword16(void *base); -int32_t fuword32(const void *base); -int64_t fuword64(const void *base); -int subyte(void *base, int byte); -int suword(void *base, long word); -int suword16(void *base, int word); -int suword32(void *base, int32_t word); -int suword64(void *base, int64_t word); +int fubyte(volatile const void *base); +long fuword(volatile const void *base); +int fuword16(volatile const void *base); +int32_t fuword32(volatile const void *base); +int64_t fuword64(volatile const void *base); +int fueword(volatile const void *base, long *val); +int fueword32(volatile const void *base, int32_t *val); +int fueword64(volatile const void *base, int64_t *val); +int subyte(volatile void *base, int byte); +int suword(volatile void *base, long word); +int suword16(volatile void *base, int word); +int suword32(volatile void *base, int32_t word); +int suword64(volatile void *base, int64_t word); uint32_t casuword32(volatile uint32_t *base, uint32_t oldval, uint32_t newval); -u_long casuword(volatile u_long *p, u_long oldval, u_long newval); +u_long casuword(volatile u_long *p, u_long oldval, u_long newval); +int casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp, + uint32_t newval); +int casueword(volatile u_long *p, u_long oldval, u_long *oldvalp, + u_long newval); void realitexpire(void *); |
