From nobody Mon Apr 27 03:24:09 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g3pnj4zD8z6bbQG for ; Mon, 27 Apr 2026 03:24:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g3pnj2VH2z3nT7 for ; Mon, 27 Apr 2026 03:24:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777260249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bw5w/GjAdu/uWSRgmMV9peZv7T2GSUrkQIFURN6Tk7o=; b=VVTxvwn/vWnZJjiZrZRoq+VWxKPeQufN+WIZLh+fsZ0GEUVnIUPleS+FUISbXhvz4E7Mjr xmIyBAP7Psy1QRzwD7GoMGYoYRmoX/cfO2AMviiJm8v1irlk9+a8mLy4dhU8xcPsMk1tmU WyFW+sB3zojHmobf3dXNZWmLFWOO5YjurUPtJ2V4qVm0fDNEgOQgMU2EiFLaRSnSvU14LO CmcUG953iD3pZSR7G6mfBz6g7m+as3+tmeVyTjPZMxZoS7bCa70gFzHsUGD5gAOrcM0gtA y/qXucnNV199UnmNE0zFSZ5WZILwp09WPZbWWxhQjJTRz6fV93txvn19FSfoQw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777260249; a=rsa-sha256; cv=none; b=CiMR/lS2xAyeMI4j2ps2R6PV/iN3o/Djd31Aij/cQhABO3lUuX+PrgvNQrbJUVD8m1OBrY 8errr6I70ADYkIAf1K5LqI9X84FAi4Q8yZuHsMDpMX3bu7j7dlPnAwXY+/uilLnPaSOEnc DhUwJ8su8Y7rNqhMcn8zlwDA/6DS2xrg2AGjQLXioazYXr9ylRV0U36889fEZcLMmBNz0C mtFNWdhAJV3KY64sgaKdgj4joDMChsRfh2UGb6R/m8l3KvX2PejPECfV0ptz7espEYxGyu UVTA1/9swN3K23LJp+y9ejfkwFsG1aYzRIh6RRyaUTk1VOikzdLvQxCChR1sUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777260249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bw5w/GjAdu/uWSRgmMV9peZv7T2GSUrkQIFURN6Tk7o=; b=BE2zHhrgbGnQY/uUPCo93jjUE/5QRzWhPxbnkUFRAY33M7t8uWvRKeJufPlWIocESetvIS dcsqh1zNKgUHRwt7dGgWDR8KSWXHGk/HynndrOe+ZJjxT4dSHpCURkGNh066pJtN14Clha zFxBrQsL7A6FxPsReTCHVQrEFZqowhVbZJJwRlDPD8Z/6CB2FQCOufOk2oyy0HsNHthdPE exVdPxeumRnYd5V3Jml+UhFP3BnwtuPwJ7fYKc19XbM5YNQCu56q4JK/Fbd7knDRKZSJq5 l5JYXJSFuJUUYv0wmzZlUdjCoia8BsAgDbBYmIXqGWh/vANkwc7xhvu4N3//Bg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g3pnj1hJRzqCc for ; Mon, 27 Apr 2026 03:24:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3b10e by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 27 Apr 2026 03:24:09 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: bd8edba0792b - main - amd64 ia32_syscall(): only allow for ILP32 processes List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bd8edba0792b71be3f8ed5dea9c22287e95c986a Auto-Submitted: auto-generated Date: Mon, 27 Apr 2026 03:24:09 +0000 Message-Id: <69eed6d9.3b10e.6872e0fd@gitrepo.freebsd.org> The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=bd8edba0792b71be3f8ed5dea9c22287e95c986a commit bd8edba0792b71be3f8ed5dea9c22287e95c986a Author: Konstantin Belousov AuthorDate: 2026-04-25 09:49:08 +0000 Commit: Konstantin Belousov CommitDate: 2026-04-27 03:23:19 +0000 amd64 ia32_syscall(): only allow for ILP32 processes 64bit processes can issue INT $0x80 instruction, and get the syscall dispatched through ia32_syscall(). This works because syscall argument fetch and result return are selected from the process sysent. But, ia32_syscall() does not verify some conditions and does not perform some actions which are considered unnecessary because the caller is supposed to only access lower 4G. The INT syscall path breaks this assumption. We never supported such hack, so disable it. Send the offending thread SIGBUS as if #GP was issued by hardware due to IDT vector 0x80 having not numerically high enough DPL value. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D56630 --- sys/amd64/ia32/ia32_syscall.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sys/amd64/ia32/ia32_syscall.c b/sys/amd64/ia32/ia32_syscall.c index 85e3d8f8e920..edafb753faa0 100644 --- a/sys/amd64/ia32/ia32_syscall.c +++ b/sys/amd64/ia32/ia32_syscall.c @@ -218,6 +218,15 @@ ia32_syscall(struct trapframe *frame) orig_tf_rflags = frame->tf_rflags; td = curthread; td->td_frame = frame; + if (__predict_false(SV_PROC_FLAG(td->td_proc, SV_ILP32) == 0)) { + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = SIGBUS; + ksi.ksi_code = BUS_OBJERR; + ksi.ksi_addr = (void *)frame->tf_rip; + trapsignal(td, &ksi); + userret(td, td->td_frame); + return; + } syscallenter(td);