Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Dec 2015 16:27:11 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r291947 - head/sys/i386/i386
Message-ID:  <201512071627.tB7GRBIQ001386@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jhb
Date: Mon Dec  7 16:27:11 2015
New Revision: 291947
URL: https://svnweb.freebsd.org/changeset/base/291947

Log:
  Set %esp correctly in the extended TSS.
  
  The pcb is saved at the top of the kernel stack on x86 platforms.
  The initial kenrel stack pointer is set in the TSS so that the trapframe
  from user -> kernel transitions begins directly below the pcb and grows
  down.
  
  The XSAVE changes moved the FPU save area out of the pcb and into a
  variable-sized area after the pcb.  This required updating the expressions
  to calculate the initial stack pointer from 'stacktop - sizeof(pcb)' to
  'stacktop - sizeof(pcb) + FPU save area size'.
  
  The i386_set_ioperm() system call allows user applications to access
  individual I/O ports via the I/O port permission bitmap in the TSS.
  On FreeBSD this requires allocating a custom per-process TSS instead of
  using the shared per-CPU TSS.
  
  The expression to initialize the initial kernel stack pointer in the
  per-process TSS created for i386_set_ioperm() was not properly updated
  after the XSAVE changes.  Processes that used i386_set_ioperm() would
  trash the trapframe during subsequent context switches resulting in
  panics from memory corruption.
  
  This changes fixes the kernel stack pointer calculation for the per-process
  TSS.
  
  Reviewed by:	kib, n_hibma
  Reported by:	n_hibma
  MFC after:	1 week

Modified:
  head/sys/i386/i386/sys_machdep.c

Modified: head/sys/i386/i386/sys_machdep.c
==============================================================================
--- head/sys/i386/i386/sys_machdep.c	Mon Dec  7 16:08:26 2015	(r291946)
+++ head/sys/i386/i386/sys_machdep.c	Mon Dec  7 16:27:11 2015	(r291947)
@@ -275,8 +275,7 @@ i386_extend_pcb(struct thread *td)
 	ext = (struct pcb_ext *)kmem_malloc(kernel_arena, ctob(IOPAGES+1),
 	    M_WAITOK | M_ZERO);
 	/* -16 is so we can convert a trapframe into vm86trapframe inplace */
-	ext->ext_tss.tss_esp0 = td->td_kstack + ctob(td->td_kstack_pages) -
-	    sizeof(struct pcb) - 16;
+	ext->ext_tss.tss_esp0 = (vm_offset_t)td->td_pcb - 16;
 	ext->ext_tss.tss_ss0 = GSEL(GDATA_SEL, SEL_KPL);
 	/*
 	 * The last byte of the i/o map must be followed by an 0xff byte.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512071627.tB7GRBIQ001386>