[patch 09/23] i386: fixup TRACE_IRQ breakage (CVE-2007-3731)

From: Greg KH
Date: Fri Feb 22 2008 - 16:47:45 EST

Next message: Greg KH: "[patch 10/23] Intel_agp: really fix 945/965GME"
Previous message: Greg KH: "[patch 08/23] Handle bogus %cs selector in single-step instructiondecoding (CVE-2007-3731)"
In reply to: Greg KH: "[patch 08/23] Handle bogus %cs selector in single-step instructiondecoding (CVE-2007-3731)"
Next in thread: Greg KH: "[patch 10/23] Intel_agp: really fix 945/965GME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.22-stable review patch. If anyone has any objections, please let us
know.

------------------

From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>

mainline: a10d9a71bafd3a283da240d2868e71346d2aef6f

The TRACE_IRQS_ON function in iret_exc: calls a C function without
ensuring that the segments are set properly. Move the trace function and
the enabling of interrupt into the C stub.

Signed-off-by: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Acked-by: Jeff Mahoney <jeffm@xxxxxxxx>
CC: Oliver Pinter <oliver.pntr@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
arch/i386/kernel/entry.S | 2 --
arch/i386/kernel/traps.c | 10 ++++++----
2 files changed, 6 insertions(+), 6 deletions(-)

--- a/arch/i386/kernel/entry.S
+++ b/arch/i386/kernel/entry.S
@@ -409,8 +409,6 @@ restore_nocheck_notrace:
1: INTERRUPT_RETURN
.section .fixup,"ax"
iret_exc:
- TRACE_IRQS_ON
- ENABLE_INTERRUPTS(CLBR_NONE)
pushl $0 # no error code
pushl $do_iret_error
jmp error_code
--- a/arch/i386/kernel/traps.c
+++ b/arch/i386/kernel/traps.c
@@ -517,10 +517,12 @@ fastcall void do_##name(struct pt_regs *
do_trap(trapnr, signr, str, 0, regs, error_code, NULL); \
}

-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr) \
+#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq) \
fastcall void do_##name(struct pt_regs * regs, long error_code) \
{ \
siginfo_t info; \
+ if (irq) \
+ local_irq_enable(); \
info.si_signo = signr; \
info.si_errno = 0; \
info.si_code = sicode; \
@@ -560,13 +562,13 @@ DO_VM86_ERROR( 3, SIGTRAP, "int3", int3)
#endif
DO_VM86_ERROR( 4, SIGSEGV, "overflow", overflow)
DO_VM86_ERROR( 5, SIGSEGV, "bounds", bounds)
-DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip)
+DO_ERROR_INFO( 6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->eip, 0)
DO_ERROR( 9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
-DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0)
+DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
+DO_ERROR_INFO(32, SIGSEGV, "iret exception", iret_error, ILL_BADSTK, 0, 1)

fastcall void __kprobes do_general_protection(struct pt_regs * regs,
long error_code)

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[patch 10/23] Intel_agp: really fix 945/965GME"
Previous message: Greg KH: "[patch 08/23] Handle bogus %cs selector in single-step instructiondecoding (CVE-2007-3731)"
In reply to: Greg KH: "[patch 08/23] Handle bogus %cs selector in single-step instructiondecoding (CVE-2007-3731)"
Next in thread: Greg KH: "[patch 10/23] Intel_agp: really fix 945/965GME"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]