From owner-dev-commits-src-branches@freebsd.org  Wed May 26 19:29:11 2021
Return-Path: <owner-dev-commits-src-branches@freebsd.org>
Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id F37BF644B33;
 Wed, 26 May 2021 19:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Fr1Gb5sN2z4YCW;
 Wed, 26 May 2021 19:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D732416933;
 Wed, 26 May 2021 19:29:10 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14QJTAEM059714;
 Wed, 26 May 2021 19:29:10 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14QJTAZ4059713;
 Wed, 26 May 2021 19:29:10 GMT (envelope-from git)
Date: Wed, 26 May 2021 19:29:10 GMT
Message-Id: <202105261929.14QJTAZ4059713@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 4590f0345956 - stable/12 - amd64: clear PSL.AC in the right frame
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 4590f0345956329d414611c6cee300f486732b53
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-branches@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the stable branches of the FreeBSD src repository
 <dev-commits-src-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-branches/>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Help: <mailto:dev-commits-src-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 19:29:12 -0000

The branch stable/12 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=4590f0345956329d414611c6cee300f486732b53

commit 4590f0345956329d414611c6cee300f486732b53
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2021-05-22 19:48:36 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-05-26 19:29:06 +0000

    amd64: clear PSL.AC in the right frame
    
    If copyin family of routines fault, kernel does clear PSL.AC on the
    fault entry, but the AC flag of the faulted frame is kept intact.  Since
    onfault handler is effectively jump, AC survives until syscall exit.
    
    Reported by:    m00nbsd, via Sony
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    admbugs:        975
    
    (cherry picked from commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9)
---
 sys/amd64/amd64/support.S           | 18 ++++++++++++------
 sys/amd64/linux/linux_support.s     |  5 ++++-
 sys/amd64/linux32/linux32_support.s |  5 ++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S
index 58bf5f7303ec..906e52b81db7 100644
--- a/sys/amd64/amd64/support.S
+++ b/sys/amd64/amd64/support.S
@@ -868,9 +868,11 @@ ENTRY(copyin_smap_erms)
 END(copyin_smap_erms)
 
 	ALIGN_TEXT
-	/* Trap entry clears PSL.AC */
 copy_fault:
-	movq	$0,PCB_ONFAULT(%r11)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r11)
 	movl	$EFAULT,%eax
 	POP_FRAME_POINTER
 	ret
@@ -1311,9 +1313,11 @@ ENTRY(subyte_smap)
 END(subyte_smap)
 
 	ALIGN_TEXT
-	/* Fault entry clears PSL.AC */
 fusufault:
-	movq	PCPU(CURPCB),%rcx
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	PCPU(CURPCB),%rcx
 	xorl	%eax,%eax
 	movq	%rax,PCB_ONFAULT(%rcx)
 	decq	%rax
@@ -1396,8 +1400,10 @@ ENTRY(copyinstr_smap)
 END(copyinstr_smap)
 
 cpystrflt:
-	/* Fault entry clears PSL.AC */
-	movl	$EFAULT,%eax
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movl	$EFAULT,%eax
 cpystrflt_x:
 	/* set *lencopied and return %eax */
 	movq	$0,PCB_ONFAULT(%r9)
diff --git a/sys/amd64/linux/linux_support.s b/sys/amd64/linux/linux_support.s
index 45eb565f667d..bb1c218bdf89 100644
--- a/sys/amd64/linux/linux_support.s
+++ b/sys/amd64/linux/linux_support.s
@@ -34,7 +34,10 @@
 #include "assym.inc"
 
 futex_fault:
-	movq	$0,PCB_ONFAULT(%r8)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r8)
 	movl	$-EFAULT,%eax
 	ret
 
diff --git a/sys/amd64/linux32/linux32_support.s b/sys/amd64/linux32/linux32_support.s
index da076010c13c..86f3d11b552b 100644
--- a/sys/amd64/linux32/linux32_support.s
+++ b/sys/amd64/linux32/linux32_support.s
@@ -34,7 +34,10 @@
 #include "assym.inc"
 
 futex_fault:
-	movq	$0,PCB_ONFAULT(%r8)
+	testl	$CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+	je	1f
+	clac
+1:	movq	$0,PCB_ONFAULT(%r8)
 	movl	$-EFAULT,%eax
 	ret