Index: sys/powerpc/aim/aim_machdep.c =================================================================== --- sys/powerpc/aim/aim_machdep.c +++ sys/powerpc/aim/aim_machdep.c @@ -251,9 +251,26 @@ psl_userset32 = psl_userset & ~PSL_SF; #endif - /* Bits that users aren't allowed to change */ - psl_userstatic = ~(PSL_VEC | PSL_FP | PSL_FE0 | PSL_FE1); /* + * Zeroed bits in this variable signify that the value of the bit + * in its position is allowed to vary between userspace contexts. + * + * All other bits are requried to be identical for every userspace + * context. The actual *value* of the bit is determined by + * psl_userset and/or psl_userset32, and is not allowed to change. + * + * Remember to update this set when implementing support for + * *conditionally* enabling a processor facility. Failing to do + * this will cause swapcontext() in userspace to break when a + * process uses a conditionally-enabled facility. + * + * When *unconditionally* implementing support for a processor + * facility, update psl_userset / psl_userset32 instead. + * + * See the access control check in set_mcontext(). + */ + psl_userstatic = ~(PSL_VSX | PSL_VEC | PSL_FP | PSL_FE0 | PSL_FE1); + /* * Mask bits from the SRR1 that aren't really the MSR: * Bits 1-4, 10-15 (ppc32), 33-36, 42-47 (ppc64) */ Index: sys/powerpc/booke/booke_machdep.c =================================================================== --- sys/powerpc/booke/booke_machdep.c +++ sys/powerpc/booke/booke_machdep.c @@ -222,6 +222,24 @@ #ifdef __powerpc64__ psl_userset32 = psl_userset & ~PSL_CM; #endif + /* + * Zeroed bits in this variable signify that the value of the bit + * in its position is allowed to vary between userspace contexts. + * + * All other bits are requried to be identical for every userspace + * context. The actual *value* of the bit is determined by + * psl_userset and/or psl_userset32, and is not allowed to change. + * + * Remember to update this set when implementing support for + * *conditionally* enabling a processor facility. Failing to do + * this will cause swapcontext() in userspace to break when a + * process uses a conditionally-enabled facility. + * + * When *unconditionally* implementing support for a processor + * facility, update psl_userset / psl_userset32 instead. + * + * See the access control check in set_mcontext(). + */ psl_userstatic = ~(PSL_VEC | PSL_FP | PSL_FE0 | PSL_FE1); pmap_mmu_install(MMU_TYPE_BOOKE, BUS_PROBE_GENERIC); Index: sys/powerpc/powerpc/exec_machdep.c =================================================================== --- sys/powerpc/powerpc/exec_machdep.c +++ sys/powerpc/powerpc/exec_machdep.c @@ -463,7 +463,17 @@ return (EINVAL); /* - * Don't let the user set privileged MSR bits + * Don't let the user change privileged MSR bits. + * + * psl_userstatic is used here to mask off any bits that can + * legitimately vary between user contexts (Floating point + * exception control and any facilities that we are using the + * "enable on first use" pattern with.) + * + * All other bits are required to match psl_userset(32). + * + * Remember to update the platform cpu_init code when implementing + * support for a new conditional facility! */ if ((mcp->mc_srr1 & psl_userstatic) != (tf->srr1 & psl_userstatic)) { return (EINVAL); @@ -480,7 +490,14 @@ else tf->fixreg[2] = tls; - /* Disable FPU */ + /* + * Force the FPU back off to ensure the new context will not bypass + * the enable_fpu() setup code accidentally. + * + * This prevents an issue where a process that uses floating point + * inside a signal handler could end up in a state where the MSR + * did not match pcb_flags. + */ tf->srr1 &= ~PSL_FP; pcb->pcb_flags &= ~PCB_FPU;