freebsd-skq/sys/i386
Konstantin Belousov f2c18deb0e Fix handling of one more possible exception on return to usermode.
If %ss is loaded with a segment pointing to a non-present descriptor
by the IRETD instruction, a kernel-mode #SS exception is generated.
Resulting T_STKFLT trap must be checked against doreti_iret_fault
location and handled, otherwise userspace may panic the kernel.

Note that this is i386 variant of FreeBSD-SA-15:21.amd64, but unlike
amd64, there is no swapgs on i386 and the issue is arguably not
exploitable.

Reported by:	Maxime Villard <max@m00nbsd.net>
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2017-07-08 11:07:39 +00:00
..
acpica
bios Remove Micro Channel Architecture support. Of the commonly available 2017-02-15 23:04:25 +00:00
cloudabi32 Move struct syscall_args syscall arguments parameters container into 2017-06-12 21:03:23 +00:00
conf Garbage collect kernel option TWA_FLASH_FIRMWARE 2017-07-03 19:33:50 +00:00
i386 Fix handling of one more possible exception on return to usermode. 2017-07-08 11:07:39 +00:00
ibcs2 Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
include Clean up MD pollution of bus_dma.h: 2017-07-01 05:35:29 +00:00
isa Fix indent. 2017-06-24 10:19:06 +00:00
linux Add support for musl consumers to the Linuxulator. 2017-07-03 10:24:49 +00:00
pci
xbox
Makefile