From owner-cvs-all  Thu Sep 19 11:46:27 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5FBDE37B401; Thu, 19 Sep 2002 11:46:26 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 25CC043E4A; Thu, 19 Sep 2002 11:46:26 -0700 (PDT)
	(envelope-from mdodd@FreeBSD.org)
Received: from freefall.freebsd.org (mdodd@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8JIkQCo012396;
	Thu, 19 Sep 2002 11:46:26 -0700 (PDT)
	(envelope-from mdodd@freefall.freebsd.org)
Received: (from mdodd@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8JIkQuR012395;
	Thu, 19 Sep 2002 11:46:26 -0700 (PDT)
Message-Id: <200209191846.g8JIkQuR012395@freefall.freebsd.org>
From: "Matthew N. Dodd" <mdodd@FreeBSD.org>
Date: Thu, 19 Sep 2002 11:46:25 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/i386/i386 machdep.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

mdodd       2002/09/19 11:46:25 PDT

  Modified files:
    sys/i386/i386        machdep.c 
  Log:
  From Christian Zander:
  
  This patch addresses a bug that can cause a GPF in the kernel - if a
  process makes use of i386_set_ldt to install a LDT entry, then loads
  a corresponding segment descriptor into %gs, forks, and if the child
  execs.
  
  In this scenario, setregs executes user_ldt_free and then determines
  how to reset the %gs register:
  
      /* reset %gs as well */
      if (pcb == curpcb)
          load_gs(_udatasel);
      else
          pcb->pcb_gs = _udatasel;
  
  This is insufficient in the fork/exec case, since pcb will be equal
  to curpcb when the child execs; load_gs will reset %gs to _udatasel
  but it doesn't reset pcb->pcb_gs; upon return from the system call,
  cpu_switch_load_gs will thus attempt to restore %gs from pcb->pcb_gs
  and trigger a GPF since all LDT entries have already been cleared.
  
  The fix is to always reset pcb->pcb_gs to _udatasel.
  
  Submitted by:   Christian Zander <zander@minion.de>
  Reviewed by:    jake
  
  Revision  Changes    Path
  1.536     +9 -2      src/sys/i386/i386/machdep.c

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message