]> git.kernelconcepts.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59b2832) | patch
[PATCH] x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)
authorAndi Kleen <ak@suse.de>
Wed, 12 Apr 2006 06:19:29 +0000 (08:19 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Wed, 12 Apr 2006 20:06:54 +0000 (13:06 -0700)
commit6b12095a4a0e1f21bbf83f95f13299ca99d758fe
tree5d2a3d96f7b99a3a225c0f7a110c6631848524b0tree | snapshot
parent59b2832a31ae2f3279bb5b16ae9b1c4e38e40deacommit | diff
[PATCH] x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)

Intel EM64T CPUs handle uncanonical return addresses differently from
AMD CPUs.

The exception is reported in the SYSRET, not the next instruction.
Thgis leads to the kernel exception handler running on the user stack
with the wrong GS because the kernel didn't expect exceptions on this
instruction.

This version of the patch has the teething problems that plagued an
earlier version fixed.

This is CVE-2006-0744

Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
patches.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
arch/x86_64/kernel/entry.S diff | blob | history
Linux kernel for KaRo TX COM modules