---
- branch: netbsd-8
  date: Sun Apr  8 06:14:18 UTC 2018
  files:
  - new: 1.96.4.3
    old: 1.96.4.2
    path: src/sys/arch/amd64/amd64/trap.c
    pathrev: src/sys/arch/amd64/amd64/trap.c@1.96.4.3
    type: modified
  id: 20180408T061418Z.29ad7a1864f68935fec93524d7a8d8230bb61797
  log: "Pull up following revision(s) (requested by maxv in ticket #705):\n\tsys/arch/amd64/amd64/trap.c:
    1.113\nMmh. We shouldn't read %cr2 here. %cr2 is initialized by the CPU only\nduring
    page faults (T_PAGEFLT), so here we're reading a value that comes\nfrom a previous
    page fault.\nThat's a real problem; if you launch an unprivileged process, set
    up a\nsignal handler, make it sleep 10 seconds, and trigger a T_ALIGNFLT fault,\nyou
    get in si_addr the address of another LWP's page - and perhaps this\ncan be used
    to defeat userland ASLR.\nThis bug has been there since 2003.\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys/arch/amd64/amd64'
  unixtime: '1523168058'
  user: snj