svn commit: r354696 - head/sys/amd64/amd64
Konstantin Belousov
kib at FreeBSD.org
Wed Nov 13 22:39:47 UTC 2019
Author: kib
Date: Wed Nov 13 22:39:46 2019
New Revision: 354696
URL: https://svnweb.freebsd.org/changeset/base/354696
Log:
amd64: only set PCB_FULL_IRET pcb flag when #gp or similar exception comes
from usermode.
If CPU supports RDFSBASE, the flag also means that userspace fsbase
and gsbase are already written into pcb, which might be not true when
we handle #gp from kernel.
The offender is rdmsr_safe(), and the visible result is corrupted
userspace TLS base.
Reported by: pstef
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Modified:
head/sys/amd64/amd64/exception.S
Modified: head/sys/amd64/amd64/exception.S
==============================================================================
--- head/sys/amd64/amd64/exception.S Wed Nov 13 22:25:53 2019 (r354695)
+++ head/sys/amd64/amd64/exception.S Wed Nov 13 22:39:46 2019 (r354696)
@@ -497,8 +497,8 @@ prot_addrf:
3: cmpw $KUG32SEL,TF_GS(%rsp)
jne 4f
movq %rdx,PCB_GSBASE(%rdi)
+ orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* full iret from user #gp */
4: call handle_ibrs_entry
- orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* always full iret from GPF */
movw %es,TF_ES(%rsp)
movw %ds,TF_DS(%rsp)
testl $PSL_I,TF_RFLAGS(%rsp)
More information about the svn-src-all
mailing list