From 67620c84fd16b2127759b3a191cf84f111d2884b Mon Sep 17 00:00:00 2001
From: marcel <marcel@FreeBSD.org>
Date: Sat, 7 Jun 2003 04:10:07 +0000
Subject: If we get a fault in the gateway page, which would happen if we try
 to deliver a signal and the RSE backing store has been exhausted or the
 backing store pointer has been clobbered, we need to make sure we call
 userret() and do_ast() when we exit from trap(). Not adjusting the local
 variable 'user' in this case will prevent the faulty process from being
 terminated and we end up in an infinite fault repetition.

Faulty process provided by: bento
---
 sys/ia64/ia64/trap.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'sys/ia64')

diff --git a/sys/ia64/ia64/trap.c b/sys/ia64/ia64/trap.c
index 8626641..d22b8ff0 100644
--- a/sys/ia64/ia64/trap.c
+++ b/sys/ia64/ia64/trap.c
@@ -699,7 +699,9 @@ trap(int vector, struct trapframe *framep)
 		/*
 		 * Additionally check the privilege level. We don't want to
 		 * panic when we're in the gateway page, running at user
-		 * level. This happens for the signal trampolines.
+		 * level. This happens for the signal trampolines. Note that
+		 * when that happens, user is defined as 0 above. We need to
+		 * set user to 1 to force calling userret() and do_ast().
 		 */
 		if (!TRAPF_USERMODE(framep)) {
 			/* Check for copyin/copyout fault. */
@@ -711,7 +713,8 @@ trap(int vector, struct trapframe *framep)
 				goto out;
 			}
 			goto dopanic;
-		}
+		} else
+			user = 1;
 		ucode = va;	
 		i = (rv == KERN_PROTECTION_FAILURE) ? SIGBUS : SIGSEGV;
 		break;
-- 
cgit v1.1