github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
621be26198
linux/arch
History
Andy Lutomirski 621be26198 x86_64, entry: Fix out of bounds read on sysenter 
commit 653bc77af6 upstream.

Rusty noticed a Really Bad Bug (tm) in my NT fix.  The entry code
reads out of bounds, causing the NT fix to be unreliable.  But, and
this is much, much worse, if your stack is somehow just below the
top of the direct map (or a hole), you read out of bounds and crash.

Excerpt from the crash:

[    1.129513] RSP: 0018:ffff88001da4bf88  EFLAGS: 00010296

  2b:*    f7 84 24 90 00 00 00     testl  $0x4000,0x90(%rsp)

That read is deterministically above the top of the stack.  I
thought I even single-stepped through this code when I wrote it to
check the offset, but I clearly screwed it up.

Fixes: 8c7aa698ba ("x86_64, entry: Filter RFLAGS.NT on entry from userspace")
Reported-by: Rusty Russell <rusty@ozlabs.org>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-11-14 08:47:54 -08:00
..
alpha Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
arc ARC: Implement ptrace(PTRACE_GET_THREAD_AREA) 2014-07-28 08:00:07 -07:00
arm ARM: at91/PMC: don't forget to write PMC_PCDR register to disable clocks 2014-10-30 09:35:13 -07:00
arm64 arm64: compat: fix compat types affecting struct compat_elf_prpsinfo 2014-10-30 09:35:12 -07:00
avr32 avr32: Makefile: add '-D__linux__' flag for gcc-4.4.7 use 2014-03-06 21:30:02 -08:00
blackfin blackfin updates for Linux 3.10 2013-05-10 07:21:16 -07:00
c6x arch: c6x: mm: include "asm/uaccess.h" to pass compiling 2013-07-21 18:21:29 -07:00
cris cris: media platform drivers: fix build 2013-11-29 11:11:53 -08:00
frv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
h8300 We get rid of the general module prefix confusion with a binary config option, 2013-05-05 10:58:06 -07:00
hexagon Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
ia64 exec/ptrace: fix get_dumpable() incorrect tests 2013-11-29 11:11:44 -08:00
m32r Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
m68k m68k: Disable/restore interrupts in hwreg_present()/hwreg_write() 2014-10-30 09:35:11 -07:00
metag metag: Reduce maximum stack size to 256MB 2014-06-07 13:25:38 -07:00
microblaze microblaze: fix clone syscall 2013-08-20 08:43:02 -07:00
mips MIPS: mcount: Adjust stack pointer for static trace in MIPS32 2014-10-05 14:54:11 -07:00
mn10300 mn10300: Use early_param() to parse "mem=" parameter 2013-06-28 16:53:03 +01:00
openrisc openrisc: Rework signal handling 2014-09-17 09:03:59 -07:00
parisc parisc: Only use -mfast-indirect-calls option for 32-bit kernel builds 2014-10-05 14:54:14 -07:00
powerpc powerpc/perf: Fix ABIv2 kernel backtraces 2014-10-05 14:54:14 -07:00
s390 KVM: s390: unintended fallthrough for external call 2014-10-30 09:35:09 -07:00
score Score: Modify the Makefile of Score, remove -mlong-calls for compiling 2014-07-17 15:58:04 -07:00
sh sh: fix format string bug in stack tracer 2014-05-06 07:55:32 -07:00
sparc arch/sparc/math-emu/math_32.c: drop stray break operator 2014-08-14 09:24:16 +08:00
tile tile: remove compat_sys_lookup_dcookie declaration to fix compile error 2014-02-13 13:48:00 -08:00
um uml: check length in exitcode_proc_write() 2013-11-13 12:05:33 +09:00
unicore32 arch/unicore32/mm/alignment.c: include "asm/pgtable.h" to avoid compiling error 2014-07-09 11:14:02 -07:00
x86 x86_64, entry: Fix out of bounds read on sysenter 2014-11-14 08:47:54 -08:00
xtensa xtensa: fix a6 and a7 handling in fast_syscall_xtensa 2014-10-05 14:54:09 -07:00
.gitignore
Kconfig microblaze: fix clone syscall 2013-08-20 08:43:02 -07:00