git: kernel - Fix pmap->pm_active race in switch code

Matthew Dillon dillon at
Wed Nov 30 17:35:17 PST 2011

commit d8d8c8c54abec95be5a3e5895f4cb816d978a3af
Author: Matthew Dillon <dillon at>
Date:   Wed Nov 30 17:29:35 2011 -0800

    kernel - Fix pmap->pm_active race in switch code
    * Use an atomic cmpxchg to set the cpu bit in the pmap->pm_active bitmap
      AND test the pmap interlock bit at the same time, instead of testing
      the interlock bit afterwords.
    * In addition, if we find the lock bit set and must spin-wait for it to
      clear, we skip the %cr3 comparison check and unconditionally load %cr3.
    * It is unclear if the race could be realized in any way.  It was probably
      not responsible for the seg-fault issue as prior tests with an unconditional
      load of %cr3 did not fix the problem.  Plus in the same-%cr3-as-last-thread
      case the cpu bit is already set so there should be no possibility of
      losing a TLB interlock IPI (and %cr3 is loaded unconditionally when it
      doesn't match, so....).
      But fix the race anyway.

Summary of changes:
 sys/platform/pc32/i386/swtch.s   |   33 ++++++++++++++---
 sys/platform/pc64/x86_64/swtch.s |   70 ++++++++++++++++++++++++++-----------
 2 files changed, 76 insertions(+), 27 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list