git: 91aae953cb80 - main - amd64: clear PSL.AC in the right frame
Konstantin Belousov
kib at FreeBSD.org
Tue May 25 15:20:52 UTC 2021
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=91aae953cb807d6fb7a70782b323bf9beb60d7c9
commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9
Author: Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-05-22 19:48:36 +0000
Commit: Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-05-25 15:20:46 +0000
amd64: clear PSL.AC in the right frame
If copyin family of routines fault, kernel does clear PSL.AC on the
fault entry, but the AC flag of the faulted frame is kept intact. Since
onfault handler is effectively jump, AC survives until syscall exit.
Reported by: m00nbsd, via Sony
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
admbugs: 975
---
sys/amd64/amd64/support.S | 18 ++++++++++++------
sys/amd64/linux/linux_support.s | 5 ++++-
sys/amd64/linux32/linux32_support.s | 5 ++++-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S
index 0db6f2f04099..d511fe265996 100644
--- a/sys/amd64/amd64/support.S
+++ b/sys/amd64/amd64/support.S
@@ -919,9 +919,11 @@ ENTRY(copyin_smap_erms)
END(copyin_smap_erms)
ALIGN_TEXT
- /* Trap entry clears PSL.AC */
copy_fault:
- movq $0,PCB_ONFAULT(%r11)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r11)
movl $EFAULT,%eax
POP_FRAME_POINTER
ret
@@ -1358,9 +1360,11 @@ ENTRY(subyte_smap)
END(subyte_smap)
ALIGN_TEXT
- /* Fault entry clears PSL.AC */
fusufault:
- movq PCPU(CURPCB),%rcx
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq PCPU(CURPCB),%rcx
xorl %eax,%eax
movq %rax,PCB_ONFAULT(%rcx)
decq %rax
@@ -1443,8 +1447,10 @@ ENTRY(copyinstr_smap)
END(copyinstr_smap)
cpystrflt:
- /* Fault entry clears PSL.AC */
- movl $EFAULT,%eax
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movl $EFAULT,%eax
cpystrflt_x:
/* set *lencopied and return %eax */
movq $0,PCB_ONFAULT(%r9)
diff --git a/sys/amd64/linux/linux_support.s b/sys/amd64/linux/linux_support.s
index 45eb565f667d..bb1c218bdf89 100644
--- a/sys/amd64/linux/linux_support.s
+++ b/sys/amd64/linux/linux_support.s
@@ -34,7 +34,10 @@
#include "assym.inc"
futex_fault:
- movq $0,PCB_ONFAULT(%r8)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r8)
movl $-EFAULT,%eax
ret
diff --git a/sys/amd64/linux32/linux32_support.s b/sys/amd64/linux32/linux32_support.s
index da076010c13c..86f3d11b552b 100644
--- a/sys/amd64/linux32/linux32_support.s
+++ b/sys/amd64/linux32/linux32_support.s
@@ -34,7 +34,10 @@
#include "assym.inc"
futex_fault:
- movq $0,PCB_ONFAULT(%r8)
+ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
+ je 1f
+ clac
+1: movq $0,PCB_ONFAULT(%r8)
movl $-EFAULT,%eax
ret
More information about the dev-commits-src-main
mailing list