From nobody@FreeBSD.org  Wed Feb  6 11:46:55 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3694C16A418
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  6 Feb 2008 11:46:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 1766513C4E5
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  6 Feb 2008 11:46:55 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m16BiqdK023584
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 6 Feb 2008 11:44:52 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m16Bip2m023582;
	Wed, 6 Feb 2008 11:44:51 GMT
	(envelope-from nobody)
Message-Id: <200802061144.m16Bip2m023582@www.freebsd.org>
Date: Wed, 6 Feb 2008 11:44:51 GMT
From: Christian Kandeler <christian.kandeler@hob.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Backing store switch in exception_save_restart leaves ar.rnat undefined
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         120315
>Category:       ia64
>Synopsis:       Backing store switch in exception_save_restart leaves ar.rnat undefined
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ia64
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 06 11:50:02 UTC 2008
>Closed-Date:    Fri Dec 11 01:31:16 UTC 2009
>Last-Modified:  Fri Dec 11 01:31:16 UTC 2009
>Originator:     Christian Kandeler
>Release:        >= 5.2
>Organization:
HOB
>Environment:
>Description:
The move to bspstore in exception_save_restart (file ia64/ia64/exception.S) invalidates ar.rnat, which has to be recovered from r19, but isn't. This is the same problem that existed in epc_syscall (see this thread: http://lists.freebsd.org/pipermail/freebsd-ia64/2007-June/001391.html). It will most likely crash Itanium processors that define the "undefined()" value as used in the SDM as something else than zero, which is perfectly possible.

>How-To-Repeat:

>Fix:
Insert a mov ar.rnat=r19 after the move to bspstore. I am not including a patch because I don't want to mess with the hand-crafted bundles.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: marcel 
State-Changed-When: Tue Dec 8 00:46:03 UTC 2009 
State-Changed-Why:  
Fix committed to 9-CURRENT. merge to 8-STABLE will happen in 
a few days. Thanks for the PR, and sorry for the delay. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120315 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ia64/120315: commit references a PR
Date: Tue,  8 Dec 2009 00:44:36 +0000 (UTC)

 Author: marcel
 Date: Tue Dec  8 00:44:23 2009
 New Revision: 200240
 URL: http://svn.freebsd.org/changeset/base/200240
 
 Log:
   In exception_save, write-back ar.rnat after switching the backing-
   store. Writing to ar.bspstore is defined to leave ar.rnat undefined.
   
   PR:		ia64/120315
   MFC after:	3 days
 
 Modified:
   head/sys/ia64/ia64/exception.S
 
 Modified: head/sys/ia64/ia64/exception.S
 ==============================================================================
 --- head/sys/ia64/ia64/exception.S	Mon Dec  7 21:30:54 2009	(r200239)
 +++ head/sys/ia64/ia64/exception.S	Tue Dec  8 00:44:23 2009	(r200240)
 @@ -228,43 +228,42 @@ exception_save_restart:
  (p13)	dep		r20=r20,r21,0,9		// align dirty registers
  	;;
  }
 -	// r20=bspstore, r22=iip, r23=ipsr
 +	// r19=rnat, r20=bspstore, r22=iip, r23=ipsr
  {	.mmi
  	st8		[r31]=r23,16		// psr
  (p13)	mov		ar.bspstore=r20
  	nop		0
  	;;
  }
 -{	.mmi
 +{	.mmb
 +(p13)	mov		ar.rnat=r19
  	mov		r18=ar.bsp
 -	;;
 -	mov		r19=cr.ifs
 -	sub		r18=r18,r20
 +	nop		0
  	;;
  }
  {	.mmi
 +	mov		r19=cr.ifs
  	st8.spill	[r30]=gp,16		// gp
 -	st8		[r31]=r18,16		// ndirty
 -	nop		0
 +	sub		r18=r18,r20
  	;;
  }
  	// r19=ifs, r22=iip
 -{	.mmi
 +{	.mmb
 +	st8		[r31]=r18,16		// ndirty
  	st8		[r30]=r19,16		// cfm
 -	st8		[r31]=r22,16		// iip
  	nop		0
  	;;
  }
  {	.mmi
 -	st8		[r30]=r17		// ifa
  	mov		r18=cr.isr
 +	st8		[r31]=r22,16		// iip
  	add		r29=16,r30
  	;;
  }
 -{	.mmi
 -	st8		[r31]=r18		// isr
 -	add		r30=8,r29
 -	add		r31=16,r29
 +{	.mmb
 +	st8		[r30]=r17,24		// ifa
 +	st8		[r31]=r18,24		// isr
 +	nop		0
  	;;
  }
  {	.mmi
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ia64/120315: commit references a PR
Date: Fri, 11 Dec 2009 01:26:40 +0000 (UTC)

 Author: marcel
 Date: Fri Dec 11 01:26:26 2009
 New Revision: 200386
 URL: http://svn.freebsd.org/changeset/base/200386
 
 Log:
   MFC rev 200240:
   In exception_save, write-back ar.rnat after switching the backing-store.
   
   PR:		ia64/120315
 
 Modified:
   stable/8/sys/ia64/ia64/exception.S
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
   stable/8/sys/dev/xen/xenpci/   (props changed)
 
 Modified: stable/8/sys/ia64/ia64/exception.S
 ==============================================================================
 --- stable/8/sys/ia64/ia64/exception.S	Fri Dec 11 01:26:09 2009	(r200385)
 +++ stable/8/sys/ia64/ia64/exception.S	Fri Dec 11 01:26:26 2009	(r200386)
 @@ -219,43 +219,42 @@ exception_save_restart:
  (p13)	dep		r20=r20,r21,0,9		// align dirty registers
  	;;
  }
 -	// r20=bspstore, r22=iip, r23=ipsr
 +	// r19=rnat, r20=bspstore, r22=iip, r23=ipsr
  {	.mmi
  	st8		[r31]=r23,16		// psr
  (p13)	mov		ar.bspstore=r20
  	nop		0
  	;;
  }
 -{	.mmi
 +{	.mmb
 +(p13)	mov		ar.rnat=r19
  	mov		r18=ar.bsp
 -	;;
 -	mov		r19=cr.ifs
 -	sub		r18=r18,r20
 +	nop		0
  	;;
  }
  {	.mmi
 +	mov		r19=cr.ifs
  	st8.spill	[r30]=gp,16		// gp
 -	st8		[r31]=r18,16		// ndirty
 -	nop		0
 +	sub		r18=r18,r20
  	;;
  }
  	// r19=ifs, r22=iip
 -{	.mmi
 +{	.mmb
 +	st8		[r31]=r18,16		// ndirty
  	st8		[r30]=r19,16		// cfm
 -	st8		[r31]=r22,16		// iip
  	nop		0
  	;;
  }
  {	.mmi
 -	st8		[r30]=r17		// ifa
  	mov		r18=cr.isr
 +	st8		[r31]=r22,16		// iip
  	add		r29=16,r30
  	;;
  }
 -{	.mmi
 -	st8		[r31]=r18		// isr
 -	add		r30=8,r29
 -	add		r31=16,r29
 +{	.mmb
 +	st8		[r30]=r17,24		// ifa
 +	st8		[r31]=r18,24		// isr
 +	nop		0
  	;;
  }
  {	.mmi
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: marcel 
State-Changed-When: Fri Dec 11 01:30:57 UTC 2009 
State-Changed-Why:  
Fix merged to 8-STABLE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120315 
>Unformatted:
