lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6101e8c40802061506x297eb52by6d4d30e1e406f97b@mail.gmail.com>
Date:	Thu, 7 Feb 2008 00:06:45 +0100
From:	"Oliver Pinter" <oliver.pntr@...il.com>
To:	"Linux Kernel" <linux-kernel@...r.kernel.org>, stable@...nel.org,
	stable-commits@...r.kernel.org
Subject: Re: [2.6.22.y] {07/17} - i386-fixup-TRACE_IRQ-breakage - series for stable kernel #2

From: Peter Zijlstra <peterz@...radead.org>
Date: Wed, 18 Jul 2007 18:59:22 +0000 (+0200)
Subject: i386: fixup TRACE_IRQ breakage
Patch-mainline: 2.6.23-rc1
References: 326270, CVE-2007-3731

i386: fixup TRACE_IRQ breakage

The TRACE_IRQS_ON function in iret_exc: calls a C function without
ensuring that the segments are set properly. Move the trace function and
the enabling of interrupt into the C stub.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Acked-by: Jeff Mahoney <jeffm@...e.com>
---

 arch/i386/kernel/entry.S |    2 --
 arch/i386/kernel/traps.c |   10 ++++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

--- linux-2.6.22.orig/arch/i386/kernel/entry.S
+++ linux-2.6.22/arch/i386/kernel/entry.S
@@ -409,8 +409,6 @@ restore_nocheck_notrace:
 1:	INTERRUPT_RETURN
 .section .fixup,"ax"
 iret_exc:
-	TRACE_IRQS_ON
-	ENABLE_INTERRUPTS(CLBR_NONE)
 	pushl $0			# no error code
 	pushl $do_iret_error
 	jmp error_code
--- linux-2.6.22.orig/arch/i386/kernel/traps.c
+++ linux-2.6.22/arch/i386/kernel/traps.c
@@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs *
 	do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
 }

-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
+#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
 fastcall void do_##name(struct pt_regs * regs, long error_code) \
 { \
 	siginfo_t info; \
+	if (irq) \
+		local_irq_enable(); \
 	info.si_signo = signr; \
 	info.si_errno = 0; \
 	info.si_code = sicode; \
@@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
 #endif
 DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
 DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
-DO_ERROR_INFO( 6, SIGILL,  "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
+DO_ERROR_INFO( 6, SIGILL,  "invalid opcode", invalid_op, ILL_ILLOPN,
regs->eip, 0)
 DO_ERROR( 9, SIGFPE,  "coprocessor segment overrun",
coprocessor_segment_overrun)
 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
 DO_ERROR(11, SIGBUS,  "segment not present", segment_not_present)
 DO_ERROR(12, SIGBUS,  "stack segment", stack_segment)
-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
-DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
+DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
+DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)

 fastcall void __kprobes do_general_protection(struct pt_regs * regs,
 					      long error_code)


On 2/2/08, Oliver Pinter (Pintér Olivér) <oliver.pntr@...il.com> wrote:
> mainline: a10d9a71bafd3a283da240d2868e71346d2aef6f
>
>
> --
> Thanks,
> Oliver
>


-- 
Thanks,
Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ