Skip to content

L
linux
Commit 6221f036 authored by Linus Torvalds's avatar Linus Torvalds
Browse files
Options

Fix impressive call gate misuse DoS reported on bugtraq.

parent c2ef76af
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 0 deletions
arch/i386/kernel/entry.S
View file @ 6221f036
...@@ -66,7 +66,9 @@ OLDESP = 0x34 ...@@ -66,7 +66,9 @@ OLDESP = 0x34
OLDSS = 0x38 OLDSS = 0x38
CF_MASK = 0x00000001 CF_MASK = 0x00000001
TF_MASK = 0x00000100
IF_MASK = 0x00000200 IF_MASK = 0x00000200
DF_MASK = 0x00000400
NT_MASK = 0x00004000 NT_MASK = 0x00004000
VM_MASK = 0x00020000 VM_MASK = 0x00020000
...@@ -134,6 +136,17 @@ ENTRY(lcall7) ...@@ -134,6 +136,17 @@ ENTRY(lcall7)
movl %eax,EFLAGS(%esp) # movl %eax,EFLAGS(%esp) #
movl %edx,EIP(%esp) # Now we move them to their "normal" places movl %edx,EIP(%esp) # Now we move them to their "normal" places
movl %ecx,CS(%esp) # movl %ecx,CS(%esp) #
#
# Call gates don't clear TF and NT in eflags like
# traps do, so we need to do it ourselves.
# %eax already contains eflags (but it may have
# DF set, clear that also)
#
andl $~(DF_MASK | TF_MASK | NT_MASK),%eax
pushl %eax
popfl
movl %esp, %ebx movl %esp, %ebx
pushl %ebx pushl %ebx
andl $-8192, %ebx # GET_THREAD_INFO andl $-8192, %ebx # GET_THREAD_INFO
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7