summaryrefslogtreecommitdiff
path: root/sys/arch
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2018-08-21 13:10:14 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2018-08-21 13:10:14 +0000
commitab4da7550ef0caa484810f1301760efe2f86dffb (patch)
treef7e36d60d475de4c737aef0b26152f177208a434 /sys/arch
parentbb4d6f5a58afa89737900d6e0da9cd8bf067ae82 (diff)
If a kernel thread was created by a user land system call, the user
land FPU context was saved to proc0. This was an information leak as proc0 is used to initialize the FPU at exec and signal handlers. Never save the FPU to proc0, it has the initialization value. Also check whether the FPU has valid user land state that has to be forked. This bug is a regression from the eager FPU commit. OK guenther@
Diffstat (limited to 'sys/arch')
-rw-r--r--sys/arch/amd64/amd64/vm_machdep.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/arch/amd64/amd64/vm_machdep.c b/sys/arch/amd64/amd64/vm_machdep.c
index fea5d268eca..cbdb7c7e1f7 100644
--- a/sys/arch/amd64/amd64/vm_machdep.c
+++ b/sys/arch/amd64/amd64/vm_machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: vm_machdep.c,v 1.42 2018/06/05 06:39:10 guenther Exp $ */
+/* $OpenBSD: vm_machdep.c,v 1.43 2018/08/21 13:10:13 bluhm Exp $ */
/* $NetBSD: vm_machdep.c,v 1.1 2003/04/26 18:39:33 fvdl Exp $ */
/*-
@@ -65,13 +65,15 @@ void
cpu_fork(struct proc *p1, struct proc *p2, void *stack, void *tcb,
void (*func)(void *), void *arg)
{
+ struct cpu_info *ci = curcpu();
struct pcb *pcb = &p2->p_addr->u_pcb;
struct pcb *pcb1 = &p1->p_addr->u_pcb;
struct trapframe *tf;
struct switchframe *sf;
/* Save the fpu h/w state to p1's pcb so that we can copy it. */
- fpusave(&pcb1->pcb_savefpu);
+ if (p1 != &proc0 && (ci->ci_flags & CPUF_USERXSTATE))
+ fpusave(&pcb1->pcb_savefpu);
p2->p_md.md_flags = p1->p_md.md_flags;