git: 6bbde34ae608 - stable/13 - amd64: clear PSL.AC in the right frame
Mark Johnston
markj at FreeBSD.org
Wed May 26 19:28:43 UTC 2021
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=6bbde34ae6088285af9d1cc587249c3e7a0159a9
commit 6bbde34ae6088285af9d1cc587249c3e7a0159a9
Author: Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-05-22 19:48:36 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-05-26 19:18:41 +0000
amd64: clear PSL.AC in the right frame
If copyin family of routines fault, kernel does clear PSL.AC on the
fault entry, but the AC flag of the faulted frame is kept intact. Since
onfault handler is effectively jump, AC survives until syscall exit.
Reported by: m00nbsd, via Sony
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
admbugs: 975
(cherry picked from commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9)
---
sys/amd64/amd64/support.S | 18 ++++++++++++------
sys/amd64/linux/linux_support.s | 5 ++++-
sys/amd64/linux32/linux32_support.s | 5 ++++-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S
index 4c0f7da87ef8..9272870e9c5e 100644
--- a/sys/amd64/amd64/support.S
+++ b/sys/amd64/amd64/support.S
@@ -919,9 +919,11 @@ ENTRY(copyin_smap_erms)
END(copyin_smap_erms)
ALIGN_TEXT
- /* Trap entry clears PSL.AC */
copy_fault:
- movq $0,PCB_ONFAULT(%r11)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r11)
movl $EFAULT,%eax
POP_FRAME_POINTER
ret
@@ -1358,9 +1360,11 @@ ENTRY(subyte_smap)
END(subyte_smap)
ALIGN_TEXT
- /* Fault entry clears PSL.AC */
fusufault:
- movq PCPU(CURPCB),%rcx
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq PCPU(CURPCB),%rcx
xorl %eax,%eax
movq %rax,PCB_ONFAULT(%rcx)
decq %rax
@@ -1443,8 +1447,10 @@ ENTRY(copyinstr_smap)
END(copyinstr_smap)
cpystrflt:
- /* Fault entry clears PSL.AC */
- movl $EFAULT,%eax
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movl $EFAULT,%eax
cpystrflt_x:
/* set *lencopied and return %eax */
movq $0,PCB_ONFAULT(%r9)
diff --git a/sys/amd64/linux/linux_support.s b/sys/amd64/linux/linux_support.s
index 45eb565f667d..bb1c218bdf89 100644
--- a/sys/amd64/linux/linux_support.s
+++ b/sys/amd64/linux/linux_support.s
@@ -34,7 +34,10 @@
#include "assym.inc"
futex_fault:
- movq $0,PCB_ONFAULT(%r8)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r8)
movl $-EFAULT,%eax
ret
diff --git a/sys/amd64/linux32/linux32_support.s b/sys/amd64/linux32/linux32_support.s
index da076010c13c..86f3d11b552b 100644
--- a/sys/amd64/linux32/linux32_support.s
+++ b/sys/amd64/linux32/linux32_support.s
@@ -34,7 +34,10 @@
#include "assym.inc"
futex_fault:
- movq $0,PCB_ONFAULT(%r8)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r8)
movl $-EFAULT,%eax
ret
More information about the dev-commits-src-all
mailing list