From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Peter Zijlstra <a.p.zijlstra@chello.nl>,
Jeff Mahoney <jeffm@suse.com>,
Oliver Pinter <oliver.pntr@gmail.com>
Subject: [patch 09/23] i386: fixup TRACE_IRQ breakage (CVE-2007-3731)
Date: Fri, 22 Feb 2008 13:40:27 -0800 [thread overview]
Message-ID: <20080222214027.GJ8686@suse.de> (raw)
In-Reply-To: <20080222213927.GA8686@suse.de>
[-- Attachment #1: i386-fixup-trace_irq-breakage.patch --]
[-- Type: text/plain, Size: 2583 bytes --]
2.6.22-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
mainline: a10d9a71bafd3a283da240d2868e71346d2aef6f
The TRACE_IRQS_ON function in iret_exc: calls a C function without
ensuring that the segments are set properly. Move the trace function and
the enabling of interrupt into the C stub.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Jeff Mahoney <jeffm@suse.com>
CC: Oliver Pinter <oliver.pntr@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
arch/i386/kernel/entry.S | 2 --
arch/i386/kernel/traps.c | 10 ++++++----
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/arch/i386/kernel/entry.S
+++ b/arch/i386/kernel/entry.S
@@ -409,8 +409,6 @@ restore_nocheck_notrace:
1: INTERRUPT_RETURN
.section .fixup,"ax"
iret_exc:
- TRACE_IRQS_ON
- ENABLE_INTERRUPTS(CLBR_NONE)
pushl $0 # no error code
pushl $do_iret_error
jmp error_code
--- a/arch/i386/kernel/traps.c
+++ b/arch/i386/kernel/traps.c
@@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs *
do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
}
-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
+#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
fastcall void do_##name(struct pt_regs * regs, long error_code) \
{ \
siginfo_t info; \
+ if (irq) \
+ local_irq_enable(); \
info.si_signo = signr; \
info.si_errno = 0; \
info.si_code = sicode; \
@@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
#endif
DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
-DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
+DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0)
DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
-DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
+DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
+DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)
fastcall void __kprobes do_general_protection(struct pt_regs * regs,
long error_code)
--
next prev parent reply other threads:[~2008-02-22 21:47 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080222213114.583282464@mini.kroah.org>
2008-02-22 21:39 ` [patch 00/23] 2.6.22-stable review Greg KH
2008-02-22 21:39 ` [patch 01/23] cciss: fix memory leak Greg KH
2008-02-22 21:40 ` [patch 02/23] sata_promise: FastTrack TX4200 is a second-generation chip Greg KH
2008-02-22 21:40 ` [patch 03/23] sata_promise: ASIC PRD table bug workaround Greg KH
2008-02-22 21:40 ` [patch 04/23] PCI: Fix fakephp deadlock Greg KH
2008-02-22 21:40 ` [patch 05/23] quicklists: do not release off node pages early Greg KH
2008-02-22 21:40 ` [patch 06/23] NFS: Fix a potential file corruption issue when writing Greg KH
2008-02-22 21:40 ` [patch 07/23] cciss: Panic in blk_rq_map_sg() from CCISS driver Greg KH
2008-02-25 15:06 ` Lee Schermerhorn
2008-02-25 15:39 ` Jens Axboe
2008-02-25 17:55 ` [stable] " Greg KH
2008-02-22 21:40 ` [patch 08/23] Handle bogus %cs selector in single-step instruction decoding (CVE-2007-3731) Greg KH
2008-02-22 21:40 ` Greg KH [this message]
2008-02-22 21:40 ` [patch 10/23] Intel_agp: really fix 945/965GME Greg KH
2008-02-22 21:40 ` [patch 11/23] pci: fix unterminated pci_device_id lists Greg KH
2008-02-22 21:40 ` [patch 12/23] sony-laptop: call sonypi_compat_init earlier Greg KH
2008-02-22 21:40 ` [patch 13/23] VIA_VELOCITY: Dont oops on MTU change Greg KH
2008-02-22 21:40 ` [patch 14/23] via-velocity: dont oops on MTU change (resend) Greg KH
2008-02-22 21:40 ` [patch 15/23] knfsd: fix spurious EINVAL errors on first access of new filesystem Greg KH
2008-02-22 21:40 ` [patch 16/23] NFS: Fix nfs_reval_fsid() Greg KH
2008-02-22 21:40 ` [patch 17/23] NFSv2/v3: Fix a memory leak when using -onolock Greg KH
2008-02-22 21:40 ` [patch 18/23] NFS: Fix an Oops in encode_lookup() Greg KH
2008-02-22 21:40 ` [patch 19/23] knfsd: query filesystem for NFSv4 getattr of FATTR4_MAXNAME Greg KH
2008-02-22 21:40 ` [patch 20/23] quicklists: Only consider memory that can be used with GFP_KERNEL Greg KH
2008-02-22 21:40 ` [patch 21/23] Be more robust about bad arguments in get_user_pages() Greg KH
2008-02-22 21:40 ` [patch 22/23] SCSI: sd: handle bad lba in sense information Greg KH
2008-02-22 21:41 ` [patch 23/23] NETFILTER: nf_conntrack_tcp: conntrack reopening fix Greg KH
2008-02-22 21:44 ` [patch 00/23] 2.6.22-stable review Greg KH
2008-02-22 22:03 ` Oliver Pinter
2008-02-22 22:32 ` Greg KH
2008-02-23 8:47 ` Willy Tarreau
2008-02-22 21:59 ` Oliver Pinter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080222214027.GJ8686@suse.de \
--to=gregkh@suse.de \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jeffm@suse.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=oliver.pntr@gmail.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.