K 10
svn:author
V 3
kib
K 8
svn:date
V 27
2017-07-08T11:07:39.524133Z
K 7
svn:log
V 599
Fix handling of one more possible exception on return to usermode.

If %ss is loaded with a segment pointing to a non-present descriptor
by the IRETD instruction, a kernel-mode #SS exception is generated.
Resulting T_STKFLT trap must be checked against doreti_iret_fault
location and handled, otherwise userspace may panic the kernel.

Note that this is i386 variant of FreeBSD-SA-15:21.amd64, but unlike
amd64, there is no swapgs on i386 and the issue is arguably not
exploitable.

Reported by:	Maxime Villard <max@m00nbsd.net>
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

END