When amd64 CPU cannot load segment descriptor during trap return to

usermode, it generates GPF, that is mirrored to user mode as SIGSEGV. The offending register in mcontext should contain the value loading of which generated the GPF, and it is so on i386. On amd64, we currently report segment descriptor in tf_err, while segment register contains the corrected value loaded by trap handler. Fix the issue by behaving like i386, reloading segment register in trap frame after signal frame is pushed onto user stack. Noted and tested by: pho Approved by: re (kensmith)
2009-07-10 10:29:16 +00:00 · 2009-07-10 10:29:16 +00:00 · bc06993eb4
commit bc06993eb4
parent e33e5dce32
1 changed files with 12 additions and 12 deletions
--- a/sys/amd64/amd64/exception.S
+++ b/sys/amd64/amd64/exception.S
@ -766,38 +766,38 @@ doreti_iret_fault:
 	.globl	ds_load_fault
 ds_load_fault:
 	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
-	movzwl	TF_DS(%rsp),%edx
-	movl	%edx,TF_ERR(%rsp)
+	movq	%rsp, %rdi
+	call	trap
 	movw	$KUDSEL,TF_DS(%rsp)
-	jmp	calltrap
+	jmp	doreti

 	ALIGN_TEXT
 	.globl	es_load_fault
 es_load_fault:
 	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
-	movzwl	TF_ES(%rsp),%edx
-	movl	%edx,TF_ERR(%rsp)
+	movq	%rsp, %rdi
+	call	trap
 	movw	$KUDSEL,TF_ES(%rsp)
-	jmp	calltrap
+	jmp	doreti

 	ALIGN_TEXT
 	.globl	fs_load_fault
 fs_load_fault:
 	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
-	movzwl	TF_FS(%rsp),%edx
-	movl	%edx,TF_ERR(%rsp)
+	movq	%rsp, %rdi
+	call	trap
 	movw	$KUF32SEL,TF_FS(%rsp)
-	jmp	calltrap
+	jmp	doreti

 	ALIGN_TEXT
 	.globl	gs_load_fault
 gs_load_fault:
 	popfq
 	movl	$T_PROTFLT,TF_TRAPNO(%rsp)
-	movzwl	TF_GS(%rsp),%edx
-	movl	%edx,TF_ERR(%rsp)
+	movq	%rsp, %rdi
+	call	trap
 	movw	$KUG32SEL,TF_GS(%rsp)
-	jmp	calltrap
+	jmp	doreti
 #ifdef HWPMC_HOOKS
 	ENTRY(end_exceptions)
 #endif