Module Name: src
Committed By: riz
Date: Fri Jul 16 18:43:58 UTC 2010
Modified Files:
src/sys/arch/amd64/amd64 [netbsd-5-0]: netbsd32_machdep.c
src/sys/arch/i386/i386 [netbsd-5-0]: trap.c
Log Message:
Apply patches (requested by chs in ticket #1424):
sys/arch/amd64/amd64/netbsd32_machdep.c: patch
sys/arch/i386/i386/trap.c: patch
Fix several panics that can be caused by applications using
bad segment register values with setcontext() or sigreturn().
To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.6.1 src/sys/arch/amd64/amd64/netbsd32_machdep.c
cvs rdiff -u -r1.241.4.1.2.1 -r1.241.4.1.2.2 src/sys/arch/i386/i386/trap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/amd64/netbsd32_machdep.c
diff -u src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.55 src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.55.6.1
--- src/sys/arch/amd64/amd64/netbsd32_machdep.c:1.55 Wed Oct 15 06:51:17 2008
+++ src/sys/arch/amd64/amd64/netbsd32_machdep.c Fri Jul 16 18:43:58 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_machdep.c,v 1.55 2008/10/15 06:51:17 wrstuden Exp $ */
+/* $NetBSD: netbsd32_machdep.c,v 1.55.6.1 2010/07/16 18:43:58 riz Exp $ */
/*
* Copyright (c) 2001 Wasabi Systems, Inc.
@@ -36,7 +36,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.55 2008/10/15 06:51:17 wrstuden Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.55.6.1 2010/07/16 18:43:58 riz Exp $");
#include "opt_compat_netbsd.h"
#include "opt_coredump.h"
@@ -936,7 +936,9 @@
static int
check_sigcontext32(const struct netbsd32_sigcontext *scp, struct trapframe *tf)
{
- if (((scp->sc_eflags ^ tf->tf_rflags) & PSL_USERSTATIC) != 0)
+
+ if (((scp->sc_eflags ^ tf->tf_rflags) & PSL_USERSTATIC) != 0 ||
+ scp->sc_cs != GSEL(GUCODE32_SEL, SEL_UPL))
return EINVAL;
if (scp->sc_fs != 0 && !VALID_USER_DSEL32(scp->sc_fs))
return EINVAL;
@@ -958,7 +960,8 @@
gr = mcp->__gregs;
- if (((gr[_REG32_EFL] ^ tf->tf_rflags) & PSL_USERSTATIC) != 0)
+ if (((gr[_REG32_EFL] ^ tf->tf_rflags) & PSL_USERSTATIC) != 0 ||
+ gr[_REG32_CS] != GSEL(GUCODE32_SEL, SEL_UPL))
return EINVAL;
if (gr[_REG32_FS] != 0 && !VALID_USER_DSEL32(gr[_REG32_FS]))
return EINVAL;
Index: src/sys/arch/i386/i386/trap.c
diff -u src/sys/arch/i386/i386/trap.c:1.241.4.1.2.1 src/sys/arch/i386/i386/trap.c:1.241.4.1.2.2
--- src/sys/arch/i386/i386/trap.c:1.241.4.1.2.1 Thu May 20 05:56:29 2010
+++ src/sys/arch/i386/i386/trap.c Fri Jul 16 18:43:58 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: trap.c,v 1.241.4.1.2.1 2010/05/20 05:56:29 snj Exp $ */
+/* $NetBSD: trap.c,v 1.241.4.1.2.2 2010/07/16 18:43:58 riz Exp $ */
/*-
* Copyright (c) 1998, 2000, 2005, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.241.4.1.2.1 2010/05/20 05:56:29 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: trap.c,v 1.241.4.1.2.2 2010/07/16 18:43:58 riz Exp $");
#include "opt_ddb.h"
#include "opt_kgdb.h"
@@ -401,6 +401,7 @@
* returning from a trap, syscall, or interrupt.
*/
+kern_pagefault:
KSI_INIT_TRAP(&ksi);
ksi.ksi_signo = SIGSEGV;
ksi.ksi_code = SEGV_ACCERR;
@@ -427,7 +428,8 @@
break;
case 0x8e:
switch (*(uint32_t *)frame->tf_eip) {
- case 0x8e242c8e: /* mov (%esp,%gs), then */
+ case 0x8e242c8e: /* mov (%esp),%gs */
+ case 0x00246c8e: /* mov 0x0(%esp),%gs */
case 0x0424648e: /* mov 0x4(%esp),%fs */
case 0x0824448e: /* mov 0x8(%esp),%es */
case 0x0c245c8e: /* mov 0xc(%esp),%ds */
@@ -734,7 +736,7 @@
goto copyfault;
printf("uvm_fault(%p, %#lx, %d) -> %#x\n",
map, va, ftype, error);
- goto we_re_toast;
+ goto kern_pagefault;
}
if (error == ENOMEM) {
ksi.ksi_signo = SIGKILL;
