summaryrefslogtreecommitdiffstats
path: root/arch/ia64/kernel/unwind.c
diff options
context:
space:
mode:
authorAndy Lutomirski <luto@amacapital.net>2014-11-01 02:08:45 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2014-11-01 02:47:09 +0100
commit653bc77af60911ead1f423e588f54fc2547c4957 (patch)
treec1e404d37868318063fcb6f57d40346b0c1a131d /arch/ia64/kernel/unwind.c
parentMerge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kerne... (diff)
downloadlinux-653bc77af60911ead1f423e588f54fc2547c4957.tar.xz
linux-653bc77af60911ead1f423e588f54fc2547c4957.zip
x86_64, entry: Fix out of bounds read on sysenter
Rusty noticed a Really Bad Bug (tm) in my NT fix. The entry code reads out of bounds, causing the NT fix to be unreliable. But, and this is much, much worse, if your stack is somehow just below the top of the direct map (or a hole), you read out of bounds and crash. Excerpt from the crash: [ 1.129513] RSP: 0018:ffff88001da4bf88 EFLAGS: 00010296 2b:* f7 84 24 90 00 00 00 testl $0x4000,0x90(%rsp) That read is deterministically above the top of the stack. I thought I even single-stepped through this code when I wrote it to check the offset, but I clearly screwed it up. Fixes: 8c7aa698baca ("x86_64, entry: Filter RFLAGS.NT on entry from userspace") Reported-by: Rusty Russell <rusty@ozlabs.org> Cc: stable@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/ia64/kernel/unwind.c')
0 files changed, 0 insertions, 0 deletions