From owner-svn-src-head@freebsd.org Wed Apr 25 14:21:13 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BDB5CFA741C; Wed, 25 Apr 2018 14:21:13 +0000 (UTC) (envelope-from tychon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 720A9705C8; Wed, 25 Apr 2018 14:21:13 +0000 (UTC) (envelope-from tychon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6D12D2405; Wed, 25 Apr 2018 14:21:13 +0000 (UTC) (envelope-from tychon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3PELDcx066397; Wed, 25 Apr 2018 14:21:13 GMT (envelope-from tychon@FreeBSD.org) Received: (from tychon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3PELDIn066396; Wed, 25 Apr 2018 14:21:13 GMT (envelope-from tychon@FreeBSD.org) Message-Id: <201804251421.w3PELDIn066396@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tychon set sender to tychon@FreeBSD.org using -f From: Tycho Nightingale Date: Wed, 25 Apr 2018 14:21:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332994 - head/sys/amd64/amd64 X-SVN-Group: head X-SVN-Commit-Author: tychon X-SVN-Commit-Paths: head/sys/amd64/amd64 X-SVN-Commit-Revision: 332994 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 14:21:13 -0000 Author: tychon Date: Wed Apr 25 14:21:13 2018 New Revision: 332994 URL: https://svnweb.freebsd.org/changeset/base/332994 Log: If a trap is encountered upon executing iretq from within doreti() the hardware will ensure the stack pointer is aligned to a 16-byte boundary before saving the fault state on the stack. In the PTI case, handle this potential alignment adjustment by copying both frames independently while unwinding the stack in between. Reviewed by: kib Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15183 Modified: head/sys/amd64/amd64/exception.S Modified: head/sys/amd64/amd64/exception.S ============================================================================== --- head/sys/amd64/amd64/exception.S Wed Apr 25 13:23:58 2018 (r332993) +++ head/sys/amd64/amd64/exception.S Wed Apr 25 14:21:13 2018 (r332994) @@ -341,6 +341,9 @@ page_cr2: * On the stack, we have the hardware interrupt frame to return * to usermode (faulted) and another frame with error code, for * fault. For PTI, copy both frames to the main thread stack. + * Handle the potential 16-byte alignment adjustment incurred + * during the second fault by copying both frames independently + * while unwinding the stack in between. */ .macro PROTF_ENTRY name,trapno \name\()_pti_doreti: @@ -351,7 +354,11 @@ page_cr2: movq %rax,%cr3 movq PCPU(RSP0),%rax subq $2*PTI_SIZE-3*8,%rax /* no err, %rax, %rdx in faulted frame */ - MOVE_STACKS (PTI_SIZE / 4 - 3) + MOVE_STACKS (PTI_SIZE / 8) + addq $PTI_SIZE,%rax + movq PTI_RSP(%rsp),%rsp + MOVE_STACKS (PTI_SIZE / 8 - 3) + subq $PTI_SIZE,%rax movq %rax,%rsp popq %rdx popq %rax