Date: Tue, 25 May 2021 15:20:51 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 91aae953cb80 - main - amd64: clear PSL.AC in the right frame Message-ID: <202105251520.14PFKpiA009553@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=91aae953cb807d6fb7a70782b323bf9beb60d7c9 commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-05-22 19:48:36 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-05-25 15:20:46 +0000 amd64: clear PSL.AC in the right frame If copyin family of routines fault, kernel does clear PSL.AC on the fault entry, but the AC flag of the faulted frame is kept intact. Since onfault handler is effectively jump, AC survives until syscall exit. Reported by: m00nbsd, via Sony Reviewed by: markj Sponsored by: The FreeBSD Foundation admbugs: 975 --- sys/amd64/amd64/support.S | 18 ++++++++++++------ sys/amd64/linux/linux_support.s | 5 ++++- sys/amd64/linux32/linux32_support.s | 5 ++++- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S index 0db6f2f04099..d511fe265996 100644 --- a/sys/amd64/amd64/support.S +++ b/sys/amd64/amd64/support.S @@ -919,9 +919,11 @@ ENTRY(copyin_smap_erms) END(copyin_smap_erms) ALIGN_TEXT - /* Trap entry clears PSL.AC */ copy_fault: - movq $0,PCB_ONFAULT(%r11) + testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip) + je 1f + clac +1: movq $0,PCB_ONFAULT(%r11) movl $EFAULT,%eax POP_FRAME_POINTER ret @@ -1358,9 +1360,11 @@ ENTRY(subyte_smap) END(subyte_smap) ALIGN_TEXT - /* Fault entry clears PSL.AC */ fusufault: - movq PCPU(CURPCB),%rcx + testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip) + je 1f + clac +1: movq PCPU(CURPCB),%rcx xorl %eax,%eax movq %rax,PCB_ONFAULT(%rcx) decq %rax @@ -1443,8 +1447,10 @@ ENTRY(copyinstr_smap) END(copyinstr_smap) cpystrflt: - /* Fault entry clears PSL.AC */ - movl $EFAULT,%eax + testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip) + je 1f + clac +1: movl $EFAULT,%eax cpystrflt_x: /* set *lencopied and return %eax */ movq $0,PCB_ONFAULT(%r9) diff --git a/sys/amd64/linux/linux_support.s b/sys/amd64/linux/linux_support.s index 45eb565f667d..bb1c218bdf89 100644 --- a/sys/amd64/linux/linux_support.s +++ b/sys/amd64/linux/linux_support.s @@ -34,7 +34,10 @@ #include "assym.inc" futex_fault: - movq $0,PCB_ONFAULT(%r8) + testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip) + je 1f + clac +1: movq $0,PCB_ONFAULT(%r8) movl $-EFAULT,%eax ret diff --git a/sys/amd64/linux32/linux32_support.s b/sys/amd64/linux32/linux32_support.s index da076010c13c..86f3d11b552b 100644 --- a/sys/amd64/linux32/linux32_support.s +++ b/sys/amd64/linux32/linux32_support.s @@ -34,7 +34,10 @@ #include "assym.inc" futex_fault: - movq $0,PCB_ONFAULT(%r8) + testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip) + je 1f + clac +1: movq $0,PCB_ONFAULT(%r8) movl $-EFAULT,%eax ret
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105251520.14PFKpiA009553>