From owner-dev-commits-src-main@freebsd.org  Tue May 25 15:20:51 2021
Return-Path: <owner-dev-commits-src-main@freebsd.org>
Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id ED90064EB31;
 Tue, 25 May 2021 15:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FqHpW6RgTz3JBN;
 Tue, 25 May 2021 15:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BB1B41F6EA;
 Tue, 25 May 2021 15:20:51 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14PFKpYp009554;
 Tue, 25 May 2021 15:20:51 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14PFKpiA009553;
 Tue, 25 May 2021 15:20:51 GMT (envelope-from git)
Date: Tue, 25 May 2021 15:20:51 GMT
Message-Id: <202105251520.14PFKpiA009553@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 91aae953cb80 - main - amd64: clear PSL.AC in the right frame
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 91aae953cb807d6fb7a70782b323bf9beb60d7c9
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for the main branch of the src repository
 <dev-commits-src-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-main/>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Help: <mailto:dev-commits-src-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2021 15:20:52 -0000

The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=91aae953cb807d6fb7a70782b323bf9beb60d7c9

commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-05-22 19:48:36 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2021-05-25 15:20:46 +0000

    amd64: clear PSL.AC in the right frame
    
    If copyin family of routines fault, kernel does clear PSL.AC on the
    fault entry, but the AC flag of the faulted frame is kept intact.  Since
    onfault handler is effectively jump, AC survives until syscall exit.
    
    Reported by:    m00nbsd, via Sony
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    admbugs:        975
---
 sys/amd64/amd64/support.S           | 18 ++++++++++++------
 sys/amd64/linux/linux_support.s     |  5 ++++-
 sys/amd64/linux32/linux32_support.s |  5 ++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S
index 0db6f2f04099..d511fe265996 100644
--- a/sys/amd64/amd64/support.S
+++ b/sys/amd64/amd64/support.S
@@ -919,9 +919,11 @@ ENTRY(copyin_smap_erms)
 END(copyin_smap_erms)
 
 	ALIGN_TEXT
-	/* Trap entry clears PSL.AC */
 copy_fault:
-	movq	$0,PCB_ONFAULT(%r11)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r11)
 	movl	$EFAULT,%eax
 	POP_FRAME_POINTER
 	ret
@@ -1358,9 +1360,11 @@ ENTRY(subyte_smap)
 END(subyte_smap)
 
 	ALIGN_TEXT
-	/* Fault entry clears PSL.AC */
 fusufault:
-	movq	PCPU(CURPCB),%rcx
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	PCPU(CURPCB),%rcx
 	xorl	%eax,%eax
 	movq	%rax,PCB_ONFAULT(%rcx)
 	decq	%rax
@@ -1443,8 +1447,10 @@ ENTRY(copyinstr_smap)
 END(copyinstr_smap)
 
 cpystrflt:
-	/* Fault entry clears PSL.AC */
-	movl	$EFAULT,%eax
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movl	$EFAULT,%eax
 cpystrflt_x:
 	/* set *lencopied and return %eax */
 	movq	$0,PCB_ONFAULT(%r9)
diff --git a/sys/amd64/linux/linux_support.s b/sys/amd64/linux/linux_support.s
index 45eb565f667d..bb1c218bdf89 100644
--- a/sys/amd64/linux/linux_support.s
+++ b/sys/amd64/linux/linux_support.s
@@ -34,7 +34,10 @@
 #include "assym.inc"
 
 futex_fault:
-	movq	$0,PCB_ONFAULT(%r8)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r8)
 	movl	$-EFAULT,%eax
 	ret
 
diff --git a/sys/amd64/linux32/linux32_support.s b/sys/amd64/linux32/linux32_support.s
index da076010c13c..86f3d11b552b 100644
--- a/sys/amd64/linux32/linux32_support.s
+++ b/sys/amd64/linux32/linux32_support.s
@@ -34,7 +34,10 @@
 #include "assym.inc"
 
 futex_fault:
-	movq	$0,PCB_ONFAULT(%r8)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r8)
 	movl	$-EFAULT,%eax
 	ret