diff options
| author | peter <peter@FreeBSD.org> | 2005-04-13 18:13:40 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 2005-04-13 18:13:40 +0000 |
| commit | 549fabe9167b1bcc7006711133fc05c041dfeab1 (patch) | |
| tree | d61ed41c58e2344e9425289b5422d400fce131a8 /sys/i386/include/pcb.h | |
| parent | 85b1360c6c6e0b111609983486100661e724c763 (diff) | |
| download | FreeBSD-src-549fabe9167b1bcc7006711133fc05c041dfeab1.zip FreeBSD-src-549fabe9167b1bcc7006711133fc05c041dfeab1.tar.gz | |
Fix an evil bug that appeared in September 2003. VM86 bios calls use two
of the __pcb_spare longs. Except that fields were changed and one of the
spare values was used and the __pcb_spare field was reduced from two to one
long. Now VM86 bios calls can trash the first 4 bytes of the next page
following the kernel stack/pcb. This Is Bad(TM). This bug has been
present in 5.2-release and onwards, and is still in RELENG_5.
Instead of tempting fate and trying to use "spare" fields, explicitly
reserve them.
Diffstat (limited to 'sys/i386/include/pcb.h')
| -rw-r--r-- | sys/i386/include/pcb.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/i386/include/pcb.h b/sys/i386/include/pcb.h index 3f32340..c6ae09f 100644 --- a/sys/i386/include/pcb.h +++ b/sys/i386/include/pcb.h @@ -70,7 +70,7 @@ struct pcb { struct pcb_ext *pcb_ext; /* optional pcb extension */ int pcb_psl; /* process status long */ void (*pcb_switchout)(void); /* Special switchout function. */ - u_long __pcb_spare[1]; /* adjust to avoid core dump size changes */ + u_long pcb_vm86[2]; /* vm86bios scratch space */ }; #ifdef _KERNEL |
