Band-aid a problem with 32 bit selector setup.

Initialize %ds, %es, and %fs during CPU startup.  Otherwise a garbage
value could leak to a 32-bit process if a process migrated to a different
CPU after exec and the new CPU had never exec'd a 32-bit process.

A more complete fix is needed, but this mitigates the most frequent
manifestations.

Obtained from:	ups

2 files changed, 9 insertions, 1 deletions

diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c
index 42fc22c..06c0803 100644
--- a/sys/amd64/amd64/machdep.c
+++ b/sys/amd64/amd64/machdep.c
@@ -1466,6 +1466,10 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
 	_udatasel = GSEL(GUDATA_SEL, SEL_UPL);
 	_ucode32sel = GSEL(GUCODE32_SEL, SEL_UPL);
 
+	load_ds(_udatasel);
+	load_es(_udatasel);
+	load_fs(_udatasel);
+
 	/* setup proc 0's pcb */
 	thread0.td_pcb->pcb_flags = 0;
 	thread0.td_pcb->pcb_cr3 = KPML4phys;
diff --git a/sys/amd64/amd64/mp_machdep.c b/sys/amd64/amd64/mp_machdep.c
index 9a0ed51..304deaa 100644
--- a/sys/amd64/amd64/mp_machdep.c
+++ b/sys/amd64/amd64/mp_machdep.c
@@ -98,6 +98,8 @@ extern pt_entry_t *KPTphys;
 /* SMP page table page */
 extern pt_entry_t *SMPpt;
 
+extern int  _udatasel;
+
 struct pcb stoppcbs[MAXCPU];
 
 /* Variables needed for SMP tlb shootdown. */
@@ -564,7 +566,9 @@ init_secondary(void)
 	 */
 
 	load_cr4(rcr4() | CR4_PGE);
-
+	load_ds(_udatasel);
+	load_es(_udatasel);
+	load_fs(_udatasel);
 	mtx_unlock_spin(&ap_boot_mtx);
 
 	/* wait until all the AP's are up */