diff options
| author | Andi Kleen <ak@suse.de> | 2007-01-08 22:44:07 +0100 |
|---|---|---|
| committer | Adrian Bunk <bunk@stusta.de> | 2007-01-09 03:23:30 +0100 |
| commit | 493fa112a845d9ea5d24d429b0142090758f941b (patch) | |
| tree | 28cd6362e9bfc28da5d6589b1dc287a11eebf8a0 /arch/x86_64 | |
| parent | be7b264ae676589398f8bff7ea53b01851f17be2 (diff) | |
x86_64: Don't leak NT bit into next task (CVE-2006-5755)
SYSENTER can cause a NT to be set which might cause crashes on the IRET
in the next task.
Following similar i386 patch from Linus.
Backport to 2.6.16 by Chuck Ebbert <76306.1226@compuserve.com>
[Changed 'set_debugreg' to the older 'set_debug' in setup64.c
and added raw_local_save_flags() from 2.6.19 to system.h]
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Diffstat (limited to 'arch/x86_64')
| -rw-r--r-- | arch/x86_64/kernel/entry.S | 4 | ||||
| -rw-r--r-- | arch/x86_64/kernel/setup64.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/arch/x86_64/kernel/entry.S b/arch/x86_64/kernel/entry.S index 97583bb9122d..9111d55c3764 100644 --- a/arch/x86_64/kernel/entry.S +++ b/arch/x86_64/kernel/entry.S @@ -136,6 +136,10 @@ /* rdi: prev */ ENTRY(ret_from_fork) CFI_DEFAULT_STACK + push kernel_eflags(%rip) + CFI_ADJUST_CFA_OFFSET 4 + popf # reset kernel eflags + CFI_ADJUST_CFA_OFFSET -4 call schedule_tail GET_THREAD_INFO(%rcx) testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),threadinfo_flags(%rcx) diff --git a/arch/x86_64/kernel/setup64.c b/arch/x86_64/kernel/setup64.c index 70f1bb808a20..07772c80cbff 100644 --- a/arch/x86_64/kernel/setup64.c +++ b/arch/x86_64/kernel/setup64.c @@ -178,6 +178,8 @@ void __cpuinit check_efer(void) } } +unsigned long kernel_eflags; + /* * cpu_init() initializes state that is per-CPU. Some data is already * initialized (naturally) in the bootstrap process, such as the GDT @@ -289,4 +291,6 @@ void __cpuinit cpu_init (void) set_debug(0UL, 7); fpu_init(); + + raw_local_save_flags(kernel_eflags); } |