Route all returns from the interrupts and faults through the doreti_iret

labeled iretq instruction. Suppose that multithreaded process executes two threads, currently scheduled on different processors. Let assume that thread A executes using %cs or %ss pointing into the descriptor from LDT. If IPI comes which handler does not return by jump to doreti, and meantime thread B invalidates descriptor pointed to by %cs or %ss, then iretq from IPI handler could fault. Routing the return by doreti_iret allows kernel to catch the situation and recover from it by sending signal to the usermode. Tested by: pho MFC after: 1 week
author: kib <kib@FreeBSD.org> 2010-05-12 10:29:35 +0000
committer: kib <kib@FreeBSD.org> 2010-05-12 10:29:35 +0000
commit: 7c190c1c89d45ca83db4120a8a5fe107a8a52050 (patch)
tree: eecf228988f4249cfce539021a39a53ebe7b9b01 /sys/amd64/amd64/exception.S
parent: 7b04e359b060fb4d6869ca817495df9327ef6090 (diff)
download: FreeBSD-src-7c190c1c89d45ca83db4120a8a5fe107a8a52050.zip
FreeBSD-src-7c190c1c89d45ca83db4120a8a5fe107a8a52050.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/amd64/amd64/exception.S b/sys/amd64/amd64/exception.S
index 7b1fed8..d18fb0d 100644
--- a/sys/amd64/amd64/exception.S
+++ b/sys/amd64/amd64/exception.S
@@ -553,7 +553,7 @@ nmi_restoreregs:
 	movq	TF_R14(%rsp),%r14
 	movq	TF_R15(%rsp),%r15
 	addq	$TF_RIP,%rsp
-	iretq
+	jmp	doreti_iret
 
 ENTRY(fork_trampoline)
 	movq	%r12,%rdi		/* function */
author	kib <kib@FreeBSD.org>	2010-05-12 10:29:35 +0000
committer	kib <kib@FreeBSD.org>	2010-05-12 10:29:35 +0000
commit	7c190c1c89d45ca83db4120a8a5fe107a8a52050 (patch)
tree	eecf228988f4249cfce539021a39a53ebe7b9b01 /sys/amd64/amd64/exception.S
parent	7b04e359b060fb4d6869ca817495df9327ef6090 (diff)
download	FreeBSD-src-7c190c1c89d45ca83db4120a8a5fe107a8a52050.zip FreeBSD-src-7c190c1c89d45ca83db4120a8a5fe107a8a52050.tar.gz