with it enabled - See PR port-macppc/53004 and it may have further problems even
so.
From <macallan>:
"There is some early console code that uses OF output but it causes problems
when we get close to MMU setup - I think it can go, it hasn't been enabled in
any config in at least a decade as far as I know."
message sequence similar to
imcsmb0 at imc0iic at imcsmb0 not configured
Also, while here, revert to the original FreeBSD wait-for-device-to-
settle code by waiting for 4 intervals of 10ms each, rather than 40
intervals of 1ms.
ixgbe_{enable,disable}_intr() forcibly enable/disable all interrupts
regardless of current state. That can break poll mode assumption,
that is, queue interrupts must not occur while polling Tx/Rx rings.
E.g. "ifconfig ixg0 delete && ifconfig ixg0 192.168.0.1" on heavy
load traffic can causes this issue.
This fix may have 1% or 2% performance impact at short packets.
XXX
ixgbe_rearm_queues() which is called only via watchdog can also break
this poll mode assumption because writing EICS casues interrupts
immediately when interrupt auto mask enabled.
We will fix it with other issues about watchdog later.
ok by msaitoh@n.o.
that TLBINFO_ASID_INUSE_P() returns just 0 or 1; the underlying
__BITMAP_ISSET() actually returns the matching bit nowadays, which
caused miscounting
fixes PR kern/53054 by Sevan Janiyan
during page faults (T_PAGEFLT), so here we're reading a value that comes
from a previous page fault.
That's a real problem; if you launch an unprivileged process, set up a
signal handler, make it sleep 10 seconds, and trigger a T_ALIGNFLT fault,
you get in si_addr the address of another LWP's page - and perhaps this
can be used to defeat userland ASLR.
This bug has been there since 2003.
is changed also in the non-SVS case.
I've put a documentation in amd64_trap.S. Basically, the problem with SVS
is that if iret faults, we already have a full trapframe pushed on the
stack and the CPU will push another frame on this stack (nested), but it
hits the redzone below the stack since it is still running with the user
page table loaded.
To fix that, we pop a good part of the trapframe earlier in intrfastexit.
If iret faults, the current %rsp has enough room for an iret frame, and
the CPU can push that without problem. We then switch back to the outer
iret frame (the frame the CPU was trying to pop by executing iret, but that
it didn't pop for real because iret faulted), call INTRENTRY, and handle
the trap as if it had been received from userland directly.
puts the code in the .text section, so the effect of TEXT_USER_BEGIN was
overwritten, and check_swapgs was not put in the .text.user section.
As a result kernels running SVS would crash when jumping here - because we
execute this place with the user page table loaded, and in this page table
only .text.user is mapped.
While here, rename check_swapgs -> kernuser_reenter, because we do more
things than just SWAPGS.
kamil