diff options
| author | kib <kib@FreeBSD.org> | 2008-09-02 17:52:11 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2008-09-02 17:52:11 +0000 |
| commit | 59a00054acff9e2ada7d2366d4aeaec829dcd3a4 (patch) | |
| tree | 6ebcf1585c96d0e1d8f54111b10eb1820d727ffe /sys/amd64/ia32 | |
| parent | 84967086499f3a1a3480390747da9dcc1ae26abd (diff) | |
| download | FreeBSD-src-59a00054acff9e2ada7d2366d4aeaec829dcd3a4.zip FreeBSD-src-59a00054acff9e2ada7d2366d4aeaec829dcd3a4.tar.gz | |
- When executing FreeBSD/amd64 binaries from FreeBSD/i386 or Linux/i386
processes, clear PCB_32BIT and PCB_GS32BIT bits [1].
- Reread the fs and gs bases from the msr unconditionally, not believing
the values in pcb_fsbase and pcb_gsbase, since usermode may reload
segment registers, invalidating the cache. [2].
Both problems resulted in the wrong fs base, causing wrong tls pointer
be dereferenced in the usermode.
Reported and tested by: Vyacheslav Bocharov <adeepv at gmail com> [1]
Reported by: Bernd Walter <ticsoat cicely7 cicely de>,
Artem Belevich <fbsdlist at src cx>[2]
Reviewed by: peter
MFC after: 3 days
Diffstat (limited to 'sys/amd64/ia32')
| -rw-r--r-- | sys/amd64/ia32/ia32_signal.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/amd64/ia32/ia32_signal.c b/sys/amd64/ia32/ia32_signal.c index 9e98656..162dcf9 100644 --- a/sys/amd64/ia32/ia32_signal.c +++ b/sys/amd64/ia32/ia32_signal.c @@ -742,5 +742,6 @@ ia32_setregs(td, entry, stack, ps_strings) /* Return via doreti so that we can change to a different %cs */ pcb->pcb_flags |= PCB_FULLCTX | PCB_32BIT; + pcb->pcb_flags &= ~PCB_GS32BIT; td->td_retval[1] = 0; } |
