From davidx@viasoft.com.cn  Sun Apr 28 02:30:28 2002
Return-Path: <davidx@viasoft.com.cn>
Received: from mail.viasoft.com.cn (ip-167-164-97-218.anlai.com [218.97.164.167])
	by hub.freebsd.org (Postfix) with ESMTP id 6C6F637B405
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Apr 2002 02:30:26 -0700 (PDT)
Received: from davidbsd.viasoft.com.cn (davidlnx.viasoft.com.cn [192.168.1.240])
	by mail.viasoft.com.cn (8.9.3/8.9.3) with ESMTP id RAA01186
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 28 Apr 2002 17:44:14 +0800
Received: by davidbsd.viasoft.com.cn (Postfix, from userid 1000)
	id 1243DBE; Sun, 28 Apr 2002 17:12:24 +0800 (CST)
Message-Id: <20020428091224.1243DBE@davidbsd.viasoft.com.cn>
Date: Sun, 28 Apr 2002 17:12:24 +0800 (CST)
From: David Xu <davidx@viasoft.com.cn>
Reply-To: David Xu <davidx@viasoft.com.cn>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: lock for bios16 call and vm86call
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         37523
>Category:       i386
>Synopsis:       [i386] [patch] lock for bios16 call and vm86call
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jhb
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 28 02:40:01 PDT 2002
>Closed-Date:    
>Last-Modified:  Mon Apr 14 08:17:08 UTC 2014
>Originator:     David Xu
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Viatech	
>Environment:
System: FreeBSD davidbsd.viasoft.com.cn 5.0-CURRENT FreeBSD 5.0-CURRENT #16: Sun Apr 28 16:43:08 CST 2002 davidx@davidbsd.viasoft.com.cn:/usr/src/sys/i386/compile/xu i386


>Description:
	vm86 calling and bios16 calling are sharing same physical page vm86phystk as 
	their stack, while vm86 code was already locked down, the 16 bits protected mode 
        bios calling can still escape from vm86 lock, and bios service itself may also
	not reentranable.

>How-To-Repeat:
>Fix:

--- /usr/src/sys/i386/i386/vm86.c.orig	Sun Apr 28 16:54:42 2002
+++ /usr/src/sys/i386/i386/vm86.c	Sun Apr 28 16:40:07 2002
@@ -49,7 +49,7 @@
 extern int vm86pa;
 extern struct pcb *vm86pcb;
 
-static struct mtx vm86_lock;
+struct mtx vm86_lock;
 
 extern int vm86_bioscall(struct vm86frame *);
 extern void vm86_biosret(struct vm86frame *);




--- /usr/src/sys/i386/i386/bios.c.orig	Sun Apr 28 13:43:25 2002
+++ /usr/src/sys/i386/i386/bios.c	Sun Apr 28 16:41:31 2002
@@ -36,7 +36,9 @@
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mutex.h>
 #include <sys/bus.h>
 #include <sys/pcpu.h>
 #include <vm/vm.h>
@@ -60,6 +62,7 @@
 struct PnPBIOS_table		*PnPBIOStable = 0;
 
 static u_int			bios32_SDCI = 0;
+extern struct mtx 		vm86_lock; 
 
 /* start fairly early */
 static void			bios32_init(void *junk);
@@ -382,6 +385,8 @@
     args->seg.code32.base = (u_int)&bios16_jmp & PG_FRAME;
     args->seg.code32.limit = 0xffff;	
 
+    mtx_lock(&vm86_lock);
+
     ptd = (u_int *)rcr3();
     if (ptd == (u_int *)IdlePTD) {
 	/*
@@ -441,6 +446,7 @@
 	    break;
 
 	default:
+	    mtx_unlock(&vm86_lock);
 	    return (EINVAL);
 	}
     }
@@ -457,6 +463,7 @@
 	*ptd = 0;			/* remove page table */
 	free(pte, M_TEMP);		/* ... and free it */
     }
+    mtx_unlock(&vm86_lock);
 
     /*
      * XXX only needs to be invlpg(0) but that doesn't work on the 386 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->davidxu 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Sep 11 19:47:43 GMT 2004 
Responsible-Changed-Why:  
Submitter is now committer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37523 
Responsible-Changed-From-To: davidxu->jhb 
Responsible-Changed-By: davidxu 
Responsible-Changed-When: Mon Apr 14 08:16:13 UTC 2014 
Responsible-Changed-Why:  
jhb@ may take a look. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=37523 
>Unformatted:
