Date: Thu, 19 Sep 2002 11:46:25 -0700 (PDT) From: "Matthew N. Dodd" <mdodd@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/i386/i386 machdep.c Message-ID: <200209191846.g8JIkQuR012395@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
mdodd 2002/09/19 11:46:25 PDT
Modified files:
sys/i386/i386 machdep.c
Log:
From Christian Zander:
This patch addresses a bug that can cause a GPF in the kernel - if a
process makes use of i386_set_ldt to install a LDT entry, then loads
a corresponding segment descriptor into %gs, forks, and if the child
execs.
In this scenario, setregs executes user_ldt_free and then determines
how to reset the %gs register:
/* reset %gs as well */
if (pcb == curpcb)
load_gs(_udatasel);
else
pcb->pcb_gs = _udatasel;
This is insufficient in the fork/exec case, since pcb will be equal
to curpcb when the child execs; load_gs will reset %gs to _udatasel
but it doesn't reset pcb->pcb_gs; upon return from the system call,
cpu_switch_load_gs will thus attempt to restore %gs from pcb->pcb_gs
and trigger a GPF since all LDT entries have already been cleared.
The fix is to always reset pcb->pcb_gs to _udatasel.
Submitted by: Christian Zander <zander@minion.de>
Reviewed by: jake
Revision Changes Path
1.536 +9 -2 src/sys/i386/i386/machdep.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209191846.g8JIkQuR012395>