Fully initialize the required TSS fields so that the io permission

bitmap is set correctly. Patch from: peter Security: FreeBSD-SA-05:03.amd64
2005-04-06 01:05:51 +00:00 · 2005-04-06 01:05:51 +00:00 · d0b183c937
commit d0b183c937
parent a0d17f7e98
3 changed files with 4 additions and 1 deletions
--- a/sys/amd64/amd64/machdep.c
+++ b/sys/amd64/amd64/machdep.c
@ -1251,6 +1251,9 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
 	/* doublefault stack space, runs on ist1 */
 	common_tss[0].tss_ist1 = (long)&dblfault_stack[sizeof(dblfault_stack)];

+	/* Set the IO permission bitmap (empty due to tss seg limit) */
+	common_tss[0].tss_iobase = sizeof(struct amd64tss);
+
 	gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
 	ltr(gsel_tss);

--- a/sys/amd64/amd64/mp_machdep.c
+++ b/sys/amd64/amd64/mp_machdep.c
@ -379,6 +379,7 @@ init_secondary(void)
 	/* Init tss */
 	common_tss[cpu] = common_tss[0];
 	common_tss[cpu].tss_rsp0 = 0;   /* not used until after switch */
+	common_tss[cpu].tss_iobase = sizeof(struct amd64tss);

 	gdt_segs[GPROC0_SEL].ssd_base = (long) &common_tss[cpu];
 	ssdtosyssd(&gdt_segs[GPROC0_SEL],
--- a/sys/amd64/include/tss.h
+++ b/sys/amd64/include/tss.h
@ -50,7 +50,6 @@ struct amd64tss {
 	u_int64_t	tss_rsp2 __packed; 	/* kernel stack pointer ring 2 */
 	u_int32_t	tss_rsvd1;
 	u_int32_t	tss_rsvd2;
-	u_int32_t	tss_rsvd3;
 	u_int64_t	tss_ist1 __packed;	/* Interrupt stack table 1 */
 	u_int64_t	tss_ist2 __packed;	/* Interrupt stack table 2 */
 	u_int64_t	tss_ist3 __packed;	/* Interrupt stack table 3 */