[Git][hardenedbsd/HardenedBSD][hardened/current/cross-dso-cfi] 3 commits: amd64: do reset %rip after page fault if pcb_onfault is set

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch hardened/current/cross-dso-cfi at HardenedBSD / HardenedBSD


Commits:
8365f877 by Konstantin Belousov at 2026-03-15T08:57:08+02:00
amd64: do reset %rip after page fault if pcb_onfault is set

for any kernel page fault, and not only for EFIRT case.

Reported and tested by: pho
Fixes: 914a53570750ce5a104a5870403d7669656fddc3
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

- - - - -
67e668da by HardenedBSD Sync Services at 2026-03-15T06:03:42-06:00
Merge branch 'freebsd/current/main' into hardened/current/master

- - - - -
e6b77c11 by HardenedBSD Sync Services at 2026-03-15T06:04:29-06:00
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

- - - - -


1 changed file:

- sys/amd64/amd64/trap.c


Changes:

=====================================
sys/amd64/amd64/trap.c
=====================================
@@ -219,15 +219,19 @@ trap_uprintf_signal(struct thread *td, struct trapframe *frame, register_t addr,
}

static bool
-trap_check_efirt(struct thread *td, struct trapframe *frame)
+trap_check_pcb_onfault(struct thread *td, struct trapframe *frame)
{
- /*
- * Most likely, EFI RT faulted. This check prevents
- * kdb from handling breakpoints set on the BIOS text,
- * if such option is ever needed.
- */
- if ((td->td_pflags & TDP_EFIRT) != 0 &&
- curpcb->pcb_onfault != NULL) {
+ bool res = false;
+
+ if (curpcb->pcb_onfault == NULL)
+ return (res);
+
+ if (__predict_false((td->td_pflags & TDP_EFIRT) != 0)) {
+ /*
+ * Most likely, EFI RT faulted. This check prevents
+ * kdb from handling breakpoints set on the BIOS text,
+ * if such option is ever needed.
+ */
u_long cnt = atomic_fetchadd_long(&cnt_efirt_faults, 1);

if ((print_efirt_faults == 1 && cnt == 0) ||
@@ -236,10 +240,13 @@ trap_check_efirt(struct thread *td, struct trapframe *frame)
traptype_to_msg(frame->tf_trapno));
trap_diag(frame, 0);
}
- frame->tf_rip = (long)curpcb->pcb_onfault;
- return (true);
+ res = true;
+ } else if (frame->tf_trapno == T_PAGEFLT) {
+ res = true;
}
- return (false);
+ if (res)
+ frame->tf_rip = (register_t)curpcb->pcb_onfault;
+ return (res);
}

static void
@@ -494,7 +501,7 @@ trap(struct trapframe *frame)
KASSERT(cold || td->td_ucred != NULL,
("kernel trap doesn't have ucred"));

- if (type != T_PAGEFLT && trap_check_efirt(td, frame))
+ if (type != T_PAGEFLT && trap_check_pcb_onfault(td, frame))
return;

switch (type) {
@@ -904,7 +911,7 @@ trap_pfault(struct trapframe *frame, bool usermode, int *signo, int *ucode)
return (1);
after_vmfault:
if (td->td_intr_nesting_level == 0 &&
- trap_check_efirt(td, frame))
+ trap_check_pcb_onfault(td, frame))
return (0);
trap_fatal(frame, eva);
return (-1);



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/e47bb18ab8e86cec2faa259c4d4627e6283a4c9a...e6b77c1104f17cbc92d8ff10951404ceb6cf7903

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/e47bb18ab8e86cec2faa259c4d4627e6283a4c9a...e6b77c1104f17cbc92d8ff10951404ceb6cf7903
You're receiving this email because of your account on git.hardenedbsd.org.