Date: Wed, 13 Nov 2019 22:39:46 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354696 - head/sys/amd64/amd64 Message-ID: <201911132239.xADMdkXu001866@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Wed Nov 13 22:39:46 2019 New Revision: 354696 URL: https://svnweb.freebsd.org/changeset/base/354696 Log: amd64: only set PCB_FULL_IRET pcb flag when #gp or similar exception comes from usermode. If CPU supports RDFSBASE, the flag also means that userspace fsbase and gsbase are already written into pcb, which might be not true when we handle #gp from kernel. The offender is rdmsr_safe(), and the visible result is corrupted userspace TLS base. Reported by: pstef Sponsored by: The FreeBSD Foundation MFC after: 3 days Modified: head/sys/amd64/amd64/exception.S Modified: head/sys/amd64/amd64/exception.S ============================================================================== --- head/sys/amd64/amd64/exception.S Wed Nov 13 22:25:53 2019 (r354695) +++ head/sys/amd64/amd64/exception.S Wed Nov 13 22:39:46 2019 (r354696) @@ -497,8 +497,8 @@ prot_addrf: 3: cmpw $KUG32SEL,TF_GS(%rsp) jne 4f movq %rdx,PCB_GSBASE(%rdi) + orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* full iret from user #gp */ 4: call handle_ibrs_entry - orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* always full iret from GPF */ movw %es,TF_ES(%rsp) movw %ds,TF_DS(%rsp) testl $PSL_I,TF_RFLAGS(%rsp)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911132239.xADMdkXu001866>