HomeFreeBSD
Diffusion FreeBSD src repository bb4435255df5

amd64: clear PSL.AC in the right frame
bb4435255df5
Actions

Description

amd64: clear PSL.AC in the right frame

If copyin family of routines fault, kernel does clear PSL.AC on the
fault entry, but the AC flag of the faulted frame is kept intact. Since
onfault handler is effectively jump, AC survives until syscall exit.

Approved by: so
Security: FreeBSD-SA-21:11.smap
Security: CVE-2021-29628
Reported by: m00nbsd, via Sony
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
admbugs: 975

(cherry picked from commit 91aae953cb807d6fb7a70782b323bf9beb60d7c9)
(cherry picked from commit 4590f0345956329d414611c6cee300f486732b53)

Details

Provenance
kibAuthored on May 22 2021, 7:48 PM
markjCommitted on May 26 2021, 7:38 PM
Parents
rGbf30c74e5a2a: pms(4): Do not return CAM_REQ_CMP on errors.
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
sys/
amd64/
amd64/
linux/
linux32/

rGbb4435255df5

View Options

sys/amd64/amd64/support.S

Loading...
View Options

sys/amd64/linux/linux_support.s

Loading...
View Options

sys/amd64/linux32/linux32_support.s

Loading...