CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Mark Johnston <markj@FreeBSD.org>
	Sat, 25 Sep 2021 14:15:31 +0000 (10:15 -0400)
committer	Ed Maste <emaste@FreeBSD.org>
	Tue, 7 Mar 2023 16:36:02 +0000 (11:36 -0500)
commit	96064e0924d8e456f50252205bf3b221cb2e835c
tree	e55426965b550e32ff2d0f72e0038d5d6b518f36	tree \| snapshot
parent	4182ec520407a702ec2b670d597ca4f7d80ef58b	commit \| diff

amd64: Avoid copying td_frame from kernel procs

When creating a new thread, we unconditionally copy td_frame from the
creating thread.  For threads which never return to user mode, this is
unnecessary since td_frame just points to the base of the stack or a
random interrupt frame.

If KASAN is configured this copying may also trigger false positives
since the td_frame region may contain poisoned stack regions.  It was
not noticed before since thread0 used a dummy proc0_tf trapframe, and
kernel procs are generally created by thread0.  Since commit
df8dd6025af88a99d34f549fa9591a9b8f9b75b1, though, we call
cpu_thread_alloc(&thread0) when initializing FPU state, which
reinitializes thread0.td_frame.

Work around the problem by not copying the frame unless the copying
thread came from user mode.  While here, de-duplicate the copying and
remove redundant re(initialization) of td_frame.

Reported by: syzbot+2ec89312bffbf38d9aec@syzkaller.appspotmail.com
Reviewed by: kib
Approved by: re (delphij)
Fixes: df8dd6025af8
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32057

(cherry picked from commit ca1e447b1048b26b855d7f7fbcdad78309e4d741)
(cherry picked from commit cf25fa7f31e7bda9b8aa20757659524db9c4ef97)