diff options
author | Konstantin Belousov <kib@FreeBSD.org> | 2008-08-18 08:47:27 +0000 |
---|---|---|
committer | Konstantin Belousov <kib@FreeBSD.org> | 2008-08-18 08:47:27 +0000 |
commit | 8ad85ff260e18e0bf17f67ab941663d141d248e3 (patch) | |
tree | 42ad3ba8578b6509c62721c7dec184daa649fb73 | |
parent | 0f4b98311a8675e8692204a6197ab4c52b191f29 (diff) | |
download | src-8ad85ff260e18e0bf17f67ab941663d141d248e3.tar.gz src-8ad85ff260e18e0bf17f67ab941663d141d248e3.zip |
The doreti_iret_fault code is always called with gs base MSR containing
kernel gs base, because %rip is adjusted only on kernel-mode trap caused
by iretq execution. On the other hand, the stack contains (hardware
part of) trap frame from the usermode. As a consequence, checking for
frame mode and doing swapgs causes the kernel to enter trap() with
usermode gs base.
Remove the check for mode and conditional swapgs, we already have right
gs base in the MSR.
Submitted by: Nate Eldredge <neldredge math ucsd edu>
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=181823
-rw-r--r-- | sys/amd64/amd64/exception.S | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/amd64/amd64/exception.S b/sys/amd64/amd64/exception.S index f1cbe35d82b7..fd0a7ca9f54a 100644 --- a/sys/amd64/amd64/exception.S +++ b/sys/amd64/amd64/exception.S @@ -636,13 +636,10 @@ doreti_iret: .globl doreti_iret_fault doreti_iret_fault: subq $TF_RIP,%rsp /* space including tf_err, tf_trapno */ - testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ - jz 1f /* already running with kernel GS.base */ - swapgs -1: testl $PSL_I,TF_RFLAGS(%rsp) - jz 2f + testl $PSL_I,TF_RFLAGS(%rsp) + jz 1f sti -2: movq %rdi,TF_RDI(%rsp) +1: movq %rdi,TF_RDI(%rsp) movq %rsi,TF_RSI(%rsp) movq %rdx,TF_RDX(%rsp) movq %rcx,TF_RCX(%rsp) |