port-i386/44995: PAE cpu_load_pmap doesn't seem safe

To: port-i386-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-i386/44995: PAE cpu_load_pmap doesn't seem safe
From: yamt%NetBSD.org@localhost
Date: Thu, 26 May 2011 03:20:00 +0000 (UTC)

>Number:         44995
>Category:       port-i386
>Synopsis:       PAE cpu_load_pmap doesn't seem safe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 26 03:20:00 +0000 2011
>Originator:     YAMAMOTO Takashi
>Release:        NetBSD current
>Organization:
        
>Environment:
        
        
Architecture: i386
Machine: i386
>Description:
        in the case of PAE, cpu_load_pmap modifies L3 PDIR for
        the current cpu with the following code.

                l3_pd[i] = pmap->pm_pdirpa[i] | PG_V;

        this likely will be complied into two 32-bit mov instructions
        and nothing prevents a page table walk between them.

>How-To-Repeat:
        
>Fix:
        make cr3 simply point to the recursive mapping part of the second
        level PTP?  (i haven't confirmed if this is possible.  just an idea.)

>Unformatted:

Prev by Date: Re: kern/44986: "screens" gets stuck during detach
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: install/44994: ACPI ERROR
Next by Thread: PR/44594 CVS commit: pkgsrc/meta-pkgs/modular-xorg
Indexes:

Home | Main Index | Thread Index | Old Index