Close a race where we might save/drop the fpu state of the wrong process in

the ipi handlers.

2 files changed, 12 insertions, 5 deletions

diff --git a/sys/arch/sparc64/sparc64/locore.s b/sys/arch/sparc64/sparc64/locore.s
index e4f556ae4ed..81b4aca127c 100644
--- a/sys/arch/sparc64/sparc64/locore.s
+++ b/sys/arch/sparc64/sparc64/locore.s
@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore.s,v 1.100 2007/10/31 21:29:04 kettenis Exp $	*/
+/*	$OpenBSD: locore.s,v 1.101 2007/11/06 22:20:59 kettenis Exp $	*/
 /*	$NetBSD: locore.s,v 1.137 2001/08/13 06:10:10 jdolecek Exp $	*/
 
 /*
@@ -3334,7 +3334,8 @@ ENTRY(ipi_save_fpstate)
 	membar	#Sync
 	sethi	%hi(FPPROC), %o0
 	ldx	[%o0 + %lo(FPPROC)], %o0
-	brz,pn	%o0, 1f
+	cmp	%o0, %g3
+	bne,pn	%xcc, 1f
 	 nop
 	call	savefpstate
 	 ldx	[%o0 + P_FPSTATE], %o0
@@ -3353,8 +3354,14 @@ ENTRY(ipi_drop_fpstate)
 	or	%g1, PSTATE_PEF, %g1
 	wrpr	%g1, 0, %pstate
 	sethi	%hi(FPPROC), %g1
+	ldx	[%g1 + %lo(FPPROC)], %g5
+	cmp	%g5, %g3
+	bne,pn	%xcc, 1f
+	 nop
+	stx	%g0, [%g1 + %lo(FPPROC)]	! fpproc = NULL
+1:
 	ba	ret_from_intr_vector
-	 stx	%g0, [%g1 + %lo(FPPROC)]	! fpproc = NULL
+	 nop
 
 ENTRY(ipi_softint)
 	ba	ret_from_intr_vector
diff --git a/sys/arch/sparc64/sparc64/vm_machdep.c b/sys/arch/sparc64/sparc64/vm_machdep.c
index 560f13bdba3..06e433b7999 100644
--- a/sys/arch/sparc64/sparc64/vm_machdep.c
+++ b/sys/arch/sparc64/sparc64/vm_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vm_machdep.c,v 1.20 2007/10/31 22:46:52 kettenis Exp $	*/
+/*	$OpenBSD: vm_machdep.c,v 1.21 2007/11/06 22:20:59 kettenis Exp $	*/
 /*	$NetBSD: vm_machdep.c,v 1.38 2001/06/30 00:02:20 eeh Exp $ */
 
 /*
@@ -348,7 +348,7 @@ fpusave_proc(struct proc *p, int save)
 		if (ci->ci_fpproc != p)
 			continue;
 		sparc64_send_ipi(ci->ci_upaid,
-		    save ? ipi_save_fpstate : ipi_drop_fpstate, 0, 0);
+		    save ? ipi_save_fpstate : ipi_drop_fpstate, (vaddr_t)p, 0);
 		while(ci->ci_fpproc == p) {
 			spincount++;
 			if (spincount > 10000000) {