Ensure that _tmppt KVA is used exclusively by providing exclusive sx

lock around the mapping and uiomove().  Before r277643, it was
partially protected by Giant (but potential sleeping in fault from
uiomove() would still allow other thread to reuse the mapping).

Noted by:	ian
Reviewed by:	alc, ian
Sponsored by:	The FreeBSD Foundation
MFC after:	3 weeks

sys/arm/arm/mem.c

@@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/signalvar.h>
+#include <sys/sx.h>
 #include <sys/systm.h>
 #include <sys/uio.h>
 
@@ -72,6 +73,9 @@ MALLOC_DEFINE(M_MEMDESC, "memdesc", "memory range descriptors");
 
 struct mem_range_softc mem_range_softc;
 
+static struct sx tmppt_lock;
+SX_SYSINIT(tmppt, &tmppt_lock, "mem4map");
+
 /* ARGSUSED */
 int
 memrw(struct cdev *dev, struct uio *uio, int flags)
@@ -107,6 +111,7 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
 			}
 			if (!address_valid)
 				return (EINVAL);
+			sx_xlock(&tmppt_lock);
 			pmap_kenter((vm_offset_t)_tmppt, v);
 			o = (int)uio->uio_offset & PAGE_MASK;
 			c = (u_int)(PAGE_SIZE - ((int)iov->iov_base & PAGE_MASK));
@@ -114,6 +119,7 @@ memrw(struct cdev *dev, struct uio *uio, int flags)
 			c = min(c, (u_int)iov->iov_len);
 			error = uiomove((caddr_t)&_tmppt[o], (int)c, uio);
 			pmap_qremove((vm_offset_t)_tmppt, 1);
+			sx_xunlock(&tmppt_lock);
 			continue;
 		}
 		else if (dev2unit(dev) == CDEV_MINOR_KMEM) {