Clear the kernel grab of the FPU state on fork. The pcb_save pointer

is already correctly reset to the FPU user save area, only PCB_KERNFPU flag might leak from old thread state into the new state. For creation of the user-mode thread, the change is nop since corresponding syscall code does not use FPU. On the other hand, creation of a kernel thread forks from a thread selected arbitrary from proc0, which might use FPU. Reported and tested by: Chris Torek <torek@torek.net> Sponsored by: The FreeBSD Foundation MFC after: 1 week
svn path=/head/; revision=263912
2024-12-21 11:13:30 +00:00 · 2014-03-29 11:56:33 +00:00 · 2014-03-29 11:56:33 +00:00 · 65f99c74fb · 2020-12-20 02:59:44 +00:00
commit 65f99c74fb
parent 4797432ff7
2 changed files with 4 additions and 2 deletions
--- a/sys/amd64/amd64/vm_machdep.c
+++ b/sys/amd64/amd64/vm_machdep.c
@ -446,7 +446,8 @@ cpu_set_upcall(struct thread *td, struct thread *td0)
 	 * values here.
 	 */
 	bcopy(td0->td_pcb, pcb2, sizeof(*pcb2));
-	clear_pcb_flags(pcb2, PCB_FPUINITDONE | PCB_USERFPUINITDONE);
+	clear_pcb_flags(pcb2, PCB_FPUINITDONE | PCB_USERFPUINITDONE |
+	    PCB_KERNFPU);
 	pcb2->pcb_save = get_pcb_user_save_pcb(pcb2);
 	bcopy(get_pcb_user_save_td(td0), pcb2->pcb_save,
 	    cpu_max_ext_state_size);
--- a/sys/i386/i386/vm_machdep.c
+++ b/sys/i386/i386/vm_machdep.c
@ -457,7 +457,8 @@ cpu_set_upcall(struct thread *td, struct thread *td0)
 	 * values here.
 	 */
 	bcopy(td0->td_pcb, pcb2, sizeof(*pcb2));
-	pcb2->pcb_flags &= ~(PCB_NPXINITDONE | PCB_NPXUSERINITDONE);
+	pcb2->pcb_flags &= ~(PCB_NPXINITDONE | PCB_NPXUSERINITDONE |
+	    PCB_KERNNPX);
 	pcb2->pcb_save = &pcb2->pcb_user_save;

 	/*