Author: tychon Date: Wed Apr 25 14:21:13 2018 New Revision: 332994 URL: https://svnweb.freebsd.org/changeset/base/332994
Log: If a trap is encountered upon executing iretq from within doreti() the hardware will ensure the stack pointer is aligned to a 16-byte boundary before saving the fault state on the stack. In the PTI case, handle this potential alignment adjustment by copying both frames independently while unwinding the stack in between. Reviewed by: kib Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15183 Modified: head/sys/amd64/amd64/exception.S Modified: head/sys/amd64/amd64/exception.S ============================================================================== --- head/sys/amd64/amd64/exception.S Wed Apr 25 13:23:58 2018 (r332993) +++ head/sys/amd64/amd64/exception.S Wed Apr 25 14:21:13 2018 (r332994) @@ -341,6 +341,9 @@ page_cr2: * On the stack, we have the hardware interrupt frame to return * to usermode (faulted) and another frame with error code, for * fault. For PTI, copy both frames to the main thread stack. + * Handle the potential 16-byte alignment adjustment incurred + * during the second fault by copying both frames independently + * while unwinding the stack in between. */ .macro PROTF_ENTRY name,trapno \name\()_pti_doreti: @@ -351,7 +354,11 @@ page_cr2: movq %rax,%cr3 movq PCPU(RSP0),%rax subq $2*PTI_SIZE-3*8,%rax /* no err, %rax, %rdx in faulted frame */ - MOVE_STACKS (PTI_SIZE / 4 - 3) + MOVE_STACKS (PTI_SIZE / 8) + addq $PTI_SIZE,%rax + movq PTI_RSP(%rsp),%rsp + MOVE_STACKS (PTI_SIZE / 8 - 3) + subq $PTI_SIZE,%rax movq %rax,%rsp popq %rdx popq %rax _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
