From owner-svn-src-all@FreeBSD.ORG  Mon Jun 18 20:48:22 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6F2DA106566C;
	Mon, 18 Jun 2012 20:48:22 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 40A948FC17;
	Mon, 18 Jun 2012 20:48:22 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q5IKmMqZ099957;
	Mon, 18 Jun 2012 20:48:22 GMT (envelope-from simon@svn.freebsd.org)
Received: (from simon@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q5IKmMlr099955;
	Mon, 18 Jun 2012 20:48:22 GMT (envelope-from simon@svn.freebsd.org)
Message-Id: <201206182048.q5IKmMlr099955@svn.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Mon, 18 Jun 2012 20:48:22 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-releng@freebsd.org
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r237241 - releng/8.1/sys/amd64/amd64
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jun 2012 20:48:22 -0000

Author: simon
Date: Mon Jun 18 20:48:21 2012
New Revision: 237241
URL: http://svn.freebsd.org/changeset/base/237241

Log:
  Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it
  was accidently applied to the wrong location.
  
  Reported by:	Steven Chamberlain <steven@pyro.eu.org>
  Reviewed by:	jhb, kib
  Security:	FreeBSD-SA-12:04.sysret
  Approved by:	so (simon)

Modified:
  releng/8.1/sys/amd64/amd64/trap.c

Modified: releng/8.1/sys/amd64/amd64/trap.c
==============================================================================
--- releng/8.1/sys/amd64/amd64/trap.c	Mon Jun 18 20:19:07 2012	(r237240)
+++ releng/8.1/sys/amd64/amd64/trap.c	Mon Jun 18 20:48:21 2012	(r237241)
@@ -972,23 +972,6 @@ syscall(struct trapframe *frame)
 		ksi.ksi_code = TRAP_TRACE;
 		ksi.ksi_addr = (void *)frame->tf_rip;
 		trapsignal(td, &ksi);
-
-	/*
-	 * If the user-supplied value of %rip is not a canonical
-	 * address, then some CPUs will trigger a ring 0 #GP during
-	 * the sysret instruction.  However, the fault handler would
-	 * execute with the user's %gs and %rsp in ring 0 which would
-	 * not be safe.  Instead, preemptively kill the thread with a
-	 * SIGBUS.
-	 */
-	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
-		ksiginfo_init_trap(&ksi);
-		ksi.ksi_signo = SIGBUS;
-		ksi.ksi_code = BUS_OBJERR;
-		ksi.ksi_trapno = T_PROTFLT;
-		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
-		trapsignal(td, &ksi);
-	}
 	}
 
 	/*
@@ -1027,4 +1010,21 @@ syscall(struct trapframe *frame)
 	STOPEVENT(p, S_SCX, sa.code);
 
 	PTRACESTOP_SC(p, td, S_PT_SCX);
+
+	/*
+	 * If the user-supplied value of %rip is not a canonical
+	 * address, then some CPUs will trigger a ring 0 #GP during
+	 * the sysret instruction.  However, the fault handler would
+	 * execute with the user's %gs and %rsp in ring 0 which would
+	 * not be safe.  Instead, preemptively kill the thread with a
+	 * SIGBUS.
+	 */
+	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
+		ksiginfo_init_trap(&ksi);
+		ksi.ksi_signo = SIGBUS;
+		ksi.ksi_code = BUS_OBJERR;
+		ksi.ksi_trapno = T_PROTFLT;
+		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
+		trapsignal(td, &ksi);
+	}
 }