aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2012-06-18 20:48:21 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2012-06-18 20:48:21 +0000
commit7a395ce1678e7d16ed5027e23d660cbdde83e505 (patch)
tree7c24967ec933535f41058a04393b6d8f8bff6a14
parent5c96f75b591dd1e67de381c69a98fc2bb5ceb89e (diff)
downloadsrc-7a395ce1678e7d16ed5027e23d660cbdde83e505.tar.gz
src-7a395ce1678e7d16ed5027e23d660cbdde83e505.zip
Correct the patch for FreeBSD-SA-12:04.sysret for releng/8.1 where it
was accidently applied to the wrong location. Reported by: Steven Chamberlain <steven@pyro.eu.org> Reviewed by: jhb, kib Security: FreeBSD-SA-12:04.sysret Approved by: so (simon)
Notes
Notes: svn path=/releng/8.1/; revision=237241
-rw-r--r--sys/amd64/amd64/trap.c34
1 files changed, 17 insertions, 17 deletions
diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c
index 9b6af3b59d33..7caa3d816355 100644
--- a/sys/amd64/amd64/trap.c
+++ b/sys/amd64/amd64/trap.c
@@ -972,23 +972,6 @@ syscall(struct trapframe *frame)
ksi.ksi_code = TRAP_TRACE;
ksi.ksi_addr = (void *)frame->tf_rip;
trapsignal(td, &ksi);
-
- /*
- * If the user-supplied value of %rip is not a canonical
- * address, then some CPUs will trigger a ring 0 #GP during
- * the sysret instruction. However, the fault handler would
- * execute with the user's %gs and %rsp in ring 0 which would
- * not be safe. Instead, preemptively kill the thread with a
- * SIGBUS.
- */
- if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
- ksiginfo_init_trap(&ksi);
- ksi.ksi_signo = SIGBUS;
- ksi.ksi_code = BUS_OBJERR;
- ksi.ksi_trapno = T_PROTFLT;
- ksi.ksi_addr = (void *)td->td_frame->tf_rip;
- trapsignal(td, &ksi);
- }
}
/*
@@ -1027,4 +1010,21 @@ syscall(struct trapframe *frame)
STOPEVENT(p, S_SCX, sa.code);
PTRACESTOP_SC(p, td, S_PT_SCX);
+
+ /*
+ * If the user-supplied value of %rip is not a canonical
+ * address, then some CPUs will trigger a ring 0 #GP during
+ * the sysret instruction. However, the fault handler would
+ * execute with the user's %gs and %rsp in ring 0 which would
+ * not be safe. Instead, preemptively kill the thread with a
+ * SIGBUS.
+ */
+ if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
+ ksiginfo_init_trap(&ksi);
+ ksi.ksi_signo = SIGBUS;
+ ksi.ksi_code = BUS_OBJERR;
+ ksi.ksi_trapno = T_PROTFLT;
+ ksi.ksi_addr = (void *)td->td_frame->tf_rip;
+ trapsignal(td, &ksi);
+ }
}