svn commit: r336876 - in head/sys: amd64/amd64 amd64/ia32 amd64/include conf dev/hyperv/vmbus/amd64
Konstantin Belousov
kostikbel at gmail.com
Sun Jul 29 23:53:12 UTC 2018
On Mon, Jul 30, 2018 at 01:26:51AM +0200, Oliver Pinter wrote:
> On 7/30/18, Konstantin Belousov <kostikbel at gmail.com> wrote:
> >> testq %r9,%r9
> >> jz 1f
> >> subq %rdx,%r8
> >> movq %r8,(%r9) << Here you access user-space, with cleared
> >> RFLAGS.AC from the fault handler.
> > How does this instruction access userspace ? I do not see.
>
> As far as I remember from 4 years, the r9 may contained a user-space
> address in 10-STABLE
> in the case of starting the init. I've a stac/clac pair in my internal
> version, but I haven't found
> yet the relevant commit message.
This does not make any sense at all.
What could be a use for copyinstr(9) to pass a userspace pointer to
return the copied string' length ? More, kernel must not directly access
userspace, it needs to prepare for these accesses to fault.
More information about the svn-src-head
mailing list