amd64: Clear the local TSS when creating a new thread
ClosedPublic
Actions

Authored by markj on Jun 1 2021, 10:27 PM.

Details

Reviewers

Commits

rG8cd05b883330: amd64: Clear the local TSS when creating a new thread

Summary

Otherwise it is copied from the creating thread. Then, if either thread
exits, the other is left with a dangling pointer, typically resulting in
a page fault upon the next context switch. This is equivalent to our
behaviour on i386.

Reported by: syzkaller

Test Plan

syzkaller generated a test case where a thread

calls sysarch(AMD64_SET_IOPERM)
creates a new thread

when the new thread exits, the current thread triggers
a page fault when reloading the TSS during a context switch.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 39656
Build 36545: arc lint + arc unit

Event Timeline

markj created this revision.Jun 1 2021, 10:27 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 1 2021, 10:27 PM

markj requested review of this revision.Jun 1 2021, 10:27 PM

Harbormaster completed remote builds in B39656: Diff 90288.Jun 1 2021, 10:27 PM

markj edited the test plan for this revision. (Show Details)Jun 1 2021, 10:29 PM

markj added a reviewer: kib.

kib accepted this revision.Jun 1 2021, 10:55 PM

This revision is now accepted and ready to land.Jun 1 2021, 10:55 PM

Closed by commit rG8cd05b883330: amd64: Clear the local TSS when creating a new thread (authored by markj). · Explain WhyJun 1 2021, 11:52 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG8cd05b883330: amd64: Clear the local TSS when creating a new thread.

Revision Contents
Changeset List

Path

Size

sys/

amd64/

vm_machdep.c

2 lines

Diff 90288

View Options

sys/amd64/amd64/vm_machdep.c

amd64: Clear the local TSS when creating a new threadClosedPublicActions