svn commit: r237241 - releng/8.1/sys/amd64/amd64

Mon, 18 Jun 2012 13:54:13 -0700 

Author: simon
Date: Mon Jun 18 20:48:21 2012
New Revision: 237241
URL: http://svn.freebsd.org/changeset/base/237241

Log:
  Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it
  was accidently applied to the wrong location.
  
  Reported by:  Steven Chamberlain <ste...@pyro.eu.org>
  Reviewed by:  jhb, kib
  Security:     FreeBSD-SA-12:04.sysret
  Approved by:  so (simon)

Modified:
  releng/8.1/sys/amd64/amd64/trap.c

Modified: releng/8.1/sys/amd64/amd64/trap.c
==============================================================================
--- releng/8.1/sys/amd64/amd64/trap.c   Mon Jun 18 20:19:07 2012        
(r237240)
+++ releng/8.1/sys/amd64/amd64/trap.c   Mon Jun 18 20:48:21 2012        
(r237241)
@@ -972,23 +972,6 @@ syscall(struct trapframe *frame)
                ksi.ksi_code = TRAP_TRACE;
                ksi.ksi_addr = (void *)frame->tf_rip;
                trapsignal(td, &ksi);
-
-       /*
-        * If the user-supplied value of %rip is not a canonical
-        * address, then some CPUs will trigger a ring 0 #GP during
-        * the sysret instruction.  However, the fault handler would
-        * execute with the user's %gs and %rsp in ring 0 which would
-        * not be safe.  Instead, preemptively kill the thread with a
-        * SIGBUS.
-        */
-       if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
-               ksiginfo_init_trap(&ksi);
-               ksi.ksi_signo = SIGBUS;
-               ksi.ksi_code = BUS_OBJERR;
-               ksi.ksi_trapno = T_PROTFLT;
-               ksi.ksi_addr = (void *)td->td_frame->tf_rip;
-               trapsignal(td, &ksi);
-       }
        }
 
        /*
@@ -1027,4 +1010,21 @@ syscall(struct trapframe *frame)
        STOPEVENT(p, S_SCX, sa.code);
 
        PTRACESTOP_SC(p, td, S_PT_SCX);
+
+       /*
+        * If the user-supplied value of %rip is not a canonical
+        * address, then some CPUs will trigger a ring 0 #GP during
+        * the sysret instruction.  However, the fault handler would
+        * execute with the user's %gs and %rsp in ring 0 which would
+        * not be safe.  Instead, preemptively kill the thread with a
+        * SIGBUS.
+        */
+       if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
+               ksiginfo_init_trap(&ksi);
+               ksi.ksi_signo = SIGBUS;
+               ksi.ksi_code = BUS_OBJERR;
+               ksi.ksi_trapno = T_PROTFLT;
+               ksi.ksi_addr = (void *)td->td_frame->tf_rip;
+               trapsignal(td, &ksi);
+       }
 }
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to