From bd1a3f1a7e7cb85a82e94e71f82eca2af16ec941 Mon Sep 17 00:00:00 2001 From: Bruce Evans Date: Fri, 18 Jun 2004 02:10:55 +0000 Subject: [PATCH] Fixed a panic caused by over-optimizing npxdrop() in the non-FXSR case. frstor can trap despite it being a control instruction, since it bogusly checks for pending exceptions in the state that it is overwriting. This used to be a non-problem because frstor was always paired with a previous fnsave, and fnsave does an implicit fninit so any pending exceptions only remain live in the saved state. Now frstor is sometimes paired with npxdrop() and we must do a little more than just forget that the npx was used in npxdrop() to avoid a trap later. This is a non-problem in the FXSR case because fxrstor doesn't do the bogus check. FXSR is part of SSE, and npxdrop() is only in FreeBSD-5.x, so this bug only affected old machines running FreeBSD-5.x. PR: 68058 --- sys/i386/isa/npx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sys/i386/isa/npx.c b/sys/i386/isa/npx.c index 4844efea8f2d..43e019f5288c 100644 --- a/sys/i386/isa/npx.c +++ b/sys/i386/isa/npx.c @@ -872,6 +872,15 @@ npxdrop() { struct thread *td; + /* + * Discard pending exceptions in the !cpu_fxsr case so that unmasked + * ones don't cause a panic on the next frstor. + */ +#ifdef CPU_ENABLE_SSE + if (!cpu_fxsr) +#endif + fnclex(); + td = PCPU_GET(fpcurthread); PCPU_SET(fpcurthread, NULL); td->td_pcb->pcb_flags &= ~PCB_NPXINITDONE;