summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Cosgrove <tom@cvs.openbsd.org>2006-03-12 21:28:55 +0000
committerTom Cosgrove <tom@cvs.openbsd.org>2006-03-12 21:28:55 +0000
commitb977cde3b87ad6f425e63ead2e51347d0caa7fbd (patch)
treede47705c21a36cf824c040fd21ead9d68d976da3
parentcbc58bc4ca7cfbcc140252261fdb6c801dab10f9 (diff)
Don't leave a dangling pointer to the process-specific LDT after
we free it. Instead set it to the default value for a new process. Bug found by hugh@, fix tested by several - thanks. ok weingart@ deraadt@
-rw-r--r--sys/arch/i386/i386/pmap.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/arch/i386/i386/pmap.c b/sys/arch/i386/i386/pmap.c
index 913cf43432c..425926da4d5 100644
--- a/sys/arch/i386/i386/pmap.c
+++ b/sys/arch/i386/i386/pmap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmap.c,v 1.89 2006/02/16 16:08:53 mickey Exp $ */
+/* $OpenBSD: pmap.c,v 1.90 2006/03/12 21:28:54 tom Exp $ */
/* $NetBSD: pmap.c,v 1.91 2000/06/02 17:46:37 thorpej Exp $ */
/*
@@ -2186,6 +2186,12 @@ pmap_ldt_cleanup(p)
ldt_free(pmap);
pmap->pm_ldt_sel = GSEL(GLDT_SEL, SEL_KPL);
pcb->pcb_ldt_sel = pmap->pm_ldt_sel;
+ /* Reset the cached address of the LDT that this process uses */
+#ifdef MULTIPROCESSOR
+ pcb->pcb_ldt = curcpu()->ci_ldt;
+#else
+ pcb->pcb_ldt = ldt;
+#endif
if (pcb == curpcb)
lldt(pcb->pcb_ldt_sel);
old_ldt = pmap->pm_ldt;