From ab9f563b7042d2c12fb72dd167e0c05d82f4c1bd Mon Sep 17 00:00:00 2001 From: simon Date: Mon, 18 Jun 2012 20:48:21 +0000 Subject: [PATCH] Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it was accidently applied to the wrong location. Reported by: Steven Chamberlain Reviewed by: jhb, kib Security: FreeBSD-SA-12:04.sysret Approved by: so (simon) git-svn-id: svn://svn.freebsd.org/base/releng/8.1@237241 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/amd64/amd64/trap.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index 9b6af3b5..7caa3d81 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -972,23 +972,6 @@ syscall(struct trapframe *frame) ksi.ksi_code = TRAP_TRACE; ksi.ksi_addr = (void *)frame->tf_rip; trapsignal(td, &ksi); - - /* - * If the user-supplied value of %rip is not a canonical - * address, then some CPUs will trigger a ring 0 #GP during - * the sysret instruction. However, the fault handler would - * execute with the user's %gs and %rsp in ring 0 which would - * not be safe. Instead, preemptively kill the thread with a - * SIGBUS. - */ - if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { - ksiginfo_init_trap(&ksi); - ksi.ksi_signo = SIGBUS; - ksi.ksi_code = BUS_OBJERR; - ksi.ksi_trapno = T_PROTFLT; - ksi.ksi_addr = (void *)td->td_frame->tf_rip; - trapsignal(td, &ksi); - } } /* @@ -1027,4 +1010,21 @@ syscall(struct trapframe *frame) STOPEVENT(p, S_SCX, sa.code); PTRACESTOP_SC(p, td, S_PT_SCX); + + /* + * If the user-supplied value of %rip is not a canonical + * address, then some CPUs will trigger a ring 0 #GP during + * the sysret instruction. However, the fault handler would + * execute with the user's %gs and %rsp in ring 0 which would + * not be safe. Instead, preemptively kill the thread with a + * SIGBUS. + */ + if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { + ksiginfo_init_trap(&ksi); + ksi.ksi_signo = SIGBUS; + ksi.ksi_code = BUS_OBJERR; + ksi.ksi_trapno = T_PROTFLT; + ksi.ksi_addr = (void *)td->td_frame->tf_rip; + trapsignal(td, &ksi); + } } -- 2.44.0