Date: Mon, 18 Jun 2012 20:48:22 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r237241 - releng/8.1/sys/amd64/amd64 Message-ID: <201206182048.q5IKmMlr099955@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Mon Jun 18 20:48:21 2012 New Revision: 237241 URL: http://svn.freebsd.org/changeset/base/237241 Log: Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it was accidently applied to the wrong location. Reported by: Steven Chamberlain <steven@pyro.eu.org> Reviewed by: jhb, kib Security: FreeBSD-SA-12:04.sysret Approved by: so (simon) Modified: releng/8.1/sys/amd64/amd64/trap.c Modified: releng/8.1/sys/amd64/amd64/trap.c ============================================================================== --- releng/8.1/sys/amd64/amd64/trap.c Mon Jun 18 20:19:07 2012 (r237240) +++ releng/8.1/sys/amd64/amd64/trap.c Mon Jun 18 20:48:21 2012 (r237241) @@ -972,23 +972,6 @@ syscall(struct trapframe *frame) ksi.ksi_code = TRAP_TRACE; ksi.ksi_addr = (void *)frame->tf_rip; trapsignal(td, &ksi); - - /* - * If the user-supplied value of %rip is not a canonical - * address, then some CPUs will trigger a ring 0 #GP during - * the sysret instruction. However, the fault handler would - * execute with the user's %gs and %rsp in ring 0 which would - * not be safe. Instead, preemptively kill the thread with a - * SIGBUS. - */ - if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { - ksiginfo_init_trap(&ksi); - ksi.ksi_signo = SIGBUS; - ksi.ksi_code = BUS_OBJERR; - ksi.ksi_trapno = T_PROTFLT; - ksi.ksi_addr = (void *)td->td_frame->tf_rip; - trapsignal(td, &ksi); - } } /* @@ -1027,4 +1010,21 @@ syscall(struct trapframe *frame) STOPEVENT(p, S_SCX, sa.code); PTRACESTOP_SC(p, td, S_PT_SCX); + + /* + * If the user-supplied value of %rip is not a canonical + * address, then some CPUs will trigger a ring 0 #GP during + * the sysret instruction. However, the fault handler would + * execute with the user's %gs and %rsp in ring 0 which would + * not be safe. Instead, preemptively kill the thread with a + * SIGBUS. + */ + if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = SIGBUS; + ksi.ksi_code = BUS_OBJERR; + ksi.ksi_trapno = T_PROTFLT; + ksi.ksi_addr = (void *)td->td_frame->tf_rip; + trapsignal(td, &ksi); + } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206182048.q5IKmMlr099955>