Fixed a panic caused by over-optimizing npxdrop() in the non-FXSR case.

frstor can trap despite it being a control instruction, since it bogusly checks for pending exceptions in the state that it is overwriting. This used to be a non-problem because frstor was always paired with a previous fnsave, and fnsave does an implicit fninit so any pending exceptions only remain live in the saved state. Now frstor is sometimes paired with npxdrop() and we must do a little more than just forget that the npx was used in npxdrop() to avoid a trap later. This is a non-problem in the FXSR case because fxrstor doesn't do the bogus check. FXSR is part of SSE, and npxdrop() is only in FreeBSD-5.x, so this bug only affected old machines running FreeBSD-5.x. PR: 68058
svn path=/head/; revision=130663
2004-06-18 02:10:55 +00:00 · 2004-06-18 02:10:55 +00:00 · bd1a3f1a7e · 2020-12-20 02:59:44 +00:00
commit bd1a3f1a7e
parent 27de0135ce
1 changed files with 9 additions and 0 deletions
--- a/sys/i386/isa/npx.c
+++ b/sys/i386/isa/npx.c
@ -872,6 +872,15 @@ npxdrop()
 {
 	struct thread *td;

+	/*
+	 * Discard pending exceptions in the !cpu_fxsr case so that unmasked
+	 * ones don't cause a panic on the next frstor.
+	 */
+#ifdef CPU_ENABLE_SSE
+	if (!cpu_fxsr)
+#endif
+		fnclex();
+
 	td = PCPU_GET(fpcurthread);
 	PCPU_SET(fpcurthread, NULL);
 	td->td_pcb->pcb_flags &= ~PCB_NPXINITDONE;