| created | 2024-06-09T20:31:30Z |
|---|---|
| begin | 2024-06-06T00:00:00Z |
| end | 2024-06-07T00:00:00Z |
| path | src/sys |
| commits | 2 |
| date | 2024-06-06T00:36:46Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/arch/amd64/amd64/copy.S | log | diff | annotate |
| src/sys/arch/i386/i386/locore.s | log | diff | annotate | |
| message |
Clear DF flag after kcopy faulted. A memory corruption in the kernel happend that was caused by memset in the wrong direction. After that DF bit was set in ddb rflags. Only kcopy and memmove use std to set DF bit. kcopy has the special property that it can fault. In this case DF is set in the trap frame. kpageflttrap() changes the return address to copy_fault via pcb_onfault. When alltraps_kern returns, it restores the rflags with DF set and jumps into copy_fault. From there a function return goes back into regular kernel execution. Now DF is set, but kernel memset and memcpy expect that it is cleared. After copy fault, also reset the DF bit with cld in copy_fault. The crash happend on OpenBSD 7.4 amd64. As i386 code looks similar, also insert cld there. OK guenther@ miod@ |
|||
| date | 2024-06-06T12:36:41Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/arch/amd64/amd64/db_disasm.c | log | diff | annotate |
| message |
Fix call instruction disassembler in ddb. Disassembling the amd64 call instruction in ddb produced wrong output. The operand of e8 is only 4 bytes long, not 8. The shown address was off by 4 bytes. Following instructions were interpreted incorrectly. OK guenther@ |
|||