Author: emaste
Date: Wed Nov 27 16:08:33 2013
New Revision: 258685
URL: http://svnweb.freebsd.org/changeset/base/258685
Log:
MFC r258135: x86: Allow users to change PSL_RF via ptrace(PT_SETREGS...)
Debuggers may need to change PSL_RF. Note that tf_eflags is already stored
in the signal context during signal handling and PSL_RF previously could
be modified via sigreturn, so this change should not provide any new
ability to userspace.
For background see the thread at:
http://lists.freebsd.org/pipermail/freebsd-i386/2007-September/005910.html
Reviewed by: jhb, kib
Sponsored by: DARPA, AFRL
Modified:
stable/9/sys/amd64/amd64/machdep.c
stable/9/sys/amd64/ia32/ia32_signal.c
stable/9/sys/amd64/include/psl.h
stable/9/sys/amd64/linux32/linux32_sysvec.c
stable/9/sys/i386/i386/machdep.c
stable/9/sys/i386/include/psl.h
stable/9/sys/i386/include/vm86.h
stable/9/sys/i386/linux/linux_sysvec.c
stable/9/sys/pc98/pc98/machdep.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/amd64/amd64/machdep.c
==============================================================================
--- stable/9/sys/amd64/amd64/machdep.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/amd64/amd64/machdep.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -486,17 +486,7 @@ sys_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_rflags for faults. Debuggers
- * should sometimes set it there too. tf_rflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(rflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF)) {
+ if (!EFL_SECURE(rflags, regs->tf_rflags)) {
uprintf("pid %d (%s): sigreturn rflags = 0x%lx\n", p->p_pid,
td->td_name, rflags);
return (EINVAL);
Modified: stable/9/sys/amd64/ia32/ia32_signal.c
==============================================================================
--- stable/9/sys/amd64/ia32/ia32_signal.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/amd64/ia32/ia32_signal.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -719,7 +719,7 @@ ofreebsd32_sigreturn(struct thread *td,
return (error);
scp = ≻
eflags = scp->sc_eflags;
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_rflags)) {
return (EINVAL);
}
if (!CS_SECURE(scp->sc_cs)) {
@@ -787,17 +787,7 @@ freebsd4_freebsd32_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_rflags)) {
uprintf("pid %d (%s): freebsd4_freebsd32_sigreturn eflags =
0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
@@ -873,17 +863,7 @@ freebsd32_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_rflags)) {
uprintf("pid %d (%s): freebsd32_sigreturn eflags = 0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
Modified: stable/9/sys/amd64/include/psl.h
==============================================================================
--- stable/9/sys/amd64/include/psl.h Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/amd64/include/psl.h Wed Nov 27 16:08:33 2013
(r258685)
@@ -77,8 +77,16 @@
* is undesirable but it may as well be allowed since users can inflict
* it on the kernel directly. Changes to PSL_AC are silently ignored on
* 386's.
+ *
+ * Users are allowed to change the privileged flag PSL_RF. The cpu sets PSL_RF
+ * in tf_eflags for faults. Debuggers should sometimes set it there too.
+ * tf_eflags is kept in the signal context during signal handling and there is
+ * no other place to remember it, so the PSL_RF bit may be corrupted by the
+ * signal handler without us knowing. Corruption of the PSL_RF bit at worst
+ * causes one more or one less debugger trap, so allowing it is fairly
+ * harmless.
*/
#define PSL_USERCHANGE (PSL_C | PSL_PF | PSL_AF | PSL_Z | PSL_N | PSL_T
\
- | PSL_D | PSL_V | PSL_NT | PSL_AC | PSL_ID)
+ | PSL_D | PSL_V | PSL_NT | PSL_RF | PSL_AC | PSL_ID)
#endif /* !_MACHINE_PSL_H_ */
Modified: stable/9/sys/amd64/linux32/linux32_sysvec.c
==============================================================================
--- stable/9/sys/amd64/linux32/linux32_sysvec.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/amd64/linux32/linux32_sysvec.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -586,17 +586,7 @@ linux_sigreturn(struct thread *td, struc
*/
#define EFLAGS_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) ==
0)
eflags = frame.sf_sc.sc_eflags;
- /*
- * XXX do allow users to change the privileged flag PSL_RF. The
- * cpu sets PSL_RF in tf_eflags for faults. Debuggers should
- * sometimes set it there too. tf_eflags is kept in the signal
- * context during signal handling and there is no other place
- * to remember it, so the PSL_RF bit may be corrupted by the
- * signal handler without us knowing. Corruption of the PSL_RF
- * bit at worst causes one more or one less debugger trap, so
- * allowing it is fairly harmless.
- */
- if (!EFLAGS_SECURE(eflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF))
+ if (!EFLAGS_SECURE(eflags, regs->tf_rflags))
return(EINVAL);
/*
@@ -688,17 +678,7 @@ linux_rt_sigreturn(struct thread *td, st
*/
#define EFLAGS_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) ==
0)
eflags = context->sc_eflags;
- /*
- * XXX do allow users to change the privileged flag PSL_RF. The
- * cpu sets PSL_RF in tf_eflags for faults. Debuggers should
- * sometimes set it there too. tf_eflags is kept in the signal
- * context during signal handling and there is no other place
- * to remember it, so the PSL_RF bit may be corrupted by the
- * signal handler without us knowing. Corruption of the PSL_RF
- * bit at worst causes one more or one less debugger trap, so
- * allowing it is fairly harmless.
- */
- if (!EFLAGS_SECURE(eflags & ~PSL_RF, regs->tf_rflags & ~PSL_RF))
+ if (!EFLAGS_SECURE(eflags, regs->tf_rflags))
return(EINVAL);
/*
Modified: stable/9/sys/i386/i386/machdep.c
==============================================================================
--- stable/9/sys/i386/i386/machdep.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/i386/i386/machdep.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -843,17 +843,7 @@ osigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
return (EINVAL);
}
@@ -969,17 +959,7 @@ freebsd4_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
uprintf("pid %d (%s): freebsd4_sigreturn eflags =
0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
@@ -1083,17 +1063,7 @@ sys_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
uprintf("pid %d (%s): sigreturn eflags = 0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
Modified: stable/9/sys/i386/include/psl.h
==============================================================================
--- stable/9/sys/i386/include/psl.h Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/i386/include/psl.h Wed Nov 27 16:08:33 2013
(r258685)
@@ -77,8 +77,16 @@
* is undesirable but it may as well be allowed since users can inflict
* it on the kernel directly. Changes to PSL_AC are silently ignored on
* 386's.
+ *
+ * Users are allowed to change the privileged flag PSL_RF. The cpu sets PSL_RF
+ * in tf_eflags for faults. Debuggers should sometimes set it there too.
+ * tf_eflags is kept in the signal context during signal handling and there is
+ * no other place to remember it, so the PSL_RF bit may be corrupted by the
+ * signal handler without us knowing. Corruption of the PSL_RF bit at worst
+ * causes one more or one less debugger trap, so allowing it is fairly
+ * harmless.
*/
#define PSL_USERCHANGE (PSL_C | PSL_PF | PSL_AF | PSL_Z | PSL_N | PSL_T
\
- | PSL_D | PSL_V | PSL_NT | PSL_AC | PSL_ID)
+ | PSL_D | PSL_V | PSL_NT | PSL_RF | PSL_AC | PSL_ID)
#endif /* !_MACHINE_PSL_H_ */
Modified: stable/9/sys/i386/include/vm86.h
==============================================================================
--- stable/9/sys/i386/include/vm86.h Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/i386/include/vm86.h Wed Nov 27 16:08:33 2013
(r258685)
@@ -113,7 +113,7 @@ struct vm86context {
} pmap[VM86_PMAPSIZE];
};
-#define VM_USERCHANGE (PSL_USERCHANGE | PSL_RF)
+#define VM_USERCHANGE (PSL_USERCHANGE)
#define VME_USERCHANGE (VM_USERCHANGE | PSL_VIP | PSL_VIF)
struct vm86_kernel {
Modified: stable/9/sys/i386/linux/linux_sysvec.c
==============================================================================
--- stable/9/sys/i386/linux/linux_sysvec.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/i386/linux/linux_sysvec.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -683,17 +683,7 @@ linux_sigreturn(struct thread *td, struc
*/
#define EFLAGS_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) ==
0)
eflags = frame.sf_sc.sc_eflags;
- /*
- * XXX do allow users to change the privileged flag PSL_RF. The
- * cpu sets PSL_RF in tf_eflags for faults. Debuggers should
- * sometimes set it there too. tf_eflags is kept in the signal
- * context during signal handling and there is no other place
- * to remember it, so the PSL_RF bit may be corrupted by the
- * signal handler without us knowing. Corruption of the PSL_RF
- * bit at worst causes one more or one less debugger trap, so
- * allowing it is fairly harmless.
- */
- if (!EFLAGS_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF))
+ if (!EFLAGS_SECURE(eflags, regs->tf_eflags))
return(EINVAL);
/*
@@ -784,17 +774,7 @@ linux_rt_sigreturn(struct thread *td, st
*/
#define EFLAGS_SECURE(ef, oef) ((((ef) ^ (oef)) & ~PSL_USERCHANGE) ==
0)
eflags = context->sc_eflags;
- /*
- * XXX do allow users to change the privileged flag PSL_RF. The
- * cpu sets PSL_RF in tf_eflags for faults. Debuggers should
- * sometimes set it there too. tf_eflags is kept in the signal
- * context during signal handling and there is no other place
- * to remember it, so the PSL_RF bit may be corrupted by the
- * signal handler without us knowing. Corruption of the PSL_RF
- * bit at worst causes one more or one less debugger trap, so
- * allowing it is fairly harmless.
- */
- if (!EFLAGS_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF))
+ if (!EFLAGS_SECURE(eflags, regs->tf_eflags))
return(EINVAL);
/*
Modified: stable/9/sys/pc98/pc98/machdep.c
==============================================================================
--- stable/9/sys/pc98/pc98/machdep.c Wed Nov 27 15:58:07 2013
(r258684)
+++ stable/9/sys/pc98/pc98/machdep.c Wed Nov 27 16:08:33 2013
(r258685)
@@ -777,17 +777,7 @@ osigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
return (EINVAL);
}
@@ -903,17 +893,7 @@ freebsd4_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
uprintf("pid %d (%s): freebsd4_sigreturn eflags =
0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
@@ -1017,17 +997,7 @@ sys_sigreturn(td, uap)
/*
* Don't allow users to change privileged or reserved flags.
*/
- /*
- * XXX do allow users to change the privileged flag PSL_RF.
- * The cpu sets PSL_RF in tf_eflags for faults. Debuggers
- * should sometimes set it there too. tf_eflags is kept in
- * the signal context during signal handling and there is no
- * other place to remember it, so the PSL_RF bit may be
- * corrupted by the signal handler without us knowing.
- * Corruption of the PSL_RF bit at worst causes one more or
- * one less debugger trap, so allowing it is fairly harmless.
- */
- if (!EFL_SECURE(eflags & ~PSL_RF, regs->tf_eflags & ~PSL_RF)) {
+ if (!EFL_SECURE(eflags, regs->tf_eflags)) {
uprintf("pid %d (%s): sigreturn eflags = 0x%x\n",
td->td_proc->p_pid, td->td_name, eflags);
return (EINVAL);
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
