From: Chris Wright <chrisw@osdl.org>
To: torvalds@osdl.org, akpm@osdl.org
Cc: Zachary Amsden <zach@vmware.com>,
Chuck Ebbert <76306.1226@compuserve.com>,
Chris Wright <chrisw@osdl.org>,
virtualization@lists.osdl.org,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [PATCH] i386 / desc_empty macro is incorrect
Date: Tue, 16 Aug 2005 12:05:09 -0700 [thread overview]
Message-ID: <20050816190509.GE7762@shell0.pdx.osdl.net> (raw)
In-Reply-To: <430233FF.7090106@vmware.com>
From: Zachary Amsden <zach@vmware.com>
Chuck Ebbert wrote:
> I think that should be "|" instead of "+".
I think so too. I merely moved the code here and didn't notice it in
all this excitement.
0x00cf9a000xff306600 =>
Present CPL-0 32-bit code segment, base 0x0000ff30, limit 0xf6601 pages,
for which desc_empty(desc) is true.
Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits. I do not
believe this is an issue in practice, but it is a kernel bug.
Nice catch. Looks like it affects all 2.6.X kernels.
Chuck Ebbert noticed that the desc_empty macro is incorrect. Fix it.
Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
diff --git a/include/asm-i386/processor.h b/include/asm-i386/processor.h
--- a/include/asm-i386/processor.h
+++ b/include/asm-i386/processor.h
@@ -29,7 +29,7 @@ struct desc_struct {
};
#define desc_empty(desc) \
- (!((desc)->a + (desc)->b))
+ (!((desc)->a | (desc)->b))
#define desc_equal(desc1, desc2) \
(((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))
next prev parent reply other threads:[~2005-08-16 19:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-16 17:03 [PATCH 3/6] i386 virtualization - Make ldt a desc struct Chuck Ebbert
2005-08-16 18:44 ` Zachary Amsden
2005-08-16 19:05 ` Chris Wright [this message]
2005-08-16 19:18 ` [PATCH] i386 / desc_empty macro is incorrect Linus Torvalds
2005-08-16 20:41 ` [PATCH 3/6] i386 virtualization - Make ldt a desc struct Chris Wright
2005-08-16 20:56 ` Zachary Amsden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050816190509.GE7762@shell0.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=76306.1226@compuserve.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
--cc=virtualization@lists.osdl.org \
--cc=zach@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox