Date: Wed, 13 Apr 2005 18:13:40 +0000 (UTC) From: Peter Wemm <peter@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/i386/i386 genassym.c vm86bios.s src/sys/i386/include pcb.h Message-ID: <200504131813.j3DIDecc073406@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
peter 2005-04-13 18:13:40 UTC
FreeBSD src repository
Modified files:
sys/i386/i386 genassym.c vm86bios.s
sys/i386/include pcb.h
Log:
Fix an evil bug that appeared in September 2003. VM86 bios calls use two
of the __pcb_spare longs. Except that fields were changed and one of the
spare values was used and the __pcb_spare field was reduced from two to one
long. Now VM86 bios calls can trash the first 4 bytes of the next page
following the kernel stack/pcb. This Is Bad(TM). This bug has been
present in 5.2-release and onwards, and is still in RELENG_5.
Instead of tempting fate and trying to use "spare" fields, explicitly
reserve them.
Revision Changes Path
1.150 +1 -1 src/sys/i386/i386/genassym.c
1.31 +2 -2 src/sys/i386/i386/vm86bios.s
1.53 +1 -1 src/sys/i386/include/pcb.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504131813.j3DIDecc073406>