• A
    x86/tls: Disallow unusual TLS segments · 0e58af4e
    Andy Lutomirski 提交于
    Users have no business installing custom code segments into the
    GDT, and segments that are not present but are otherwise valid
    are a historical source of interesting attacks.
    
    For completeness, block attempts to set the L bit.  (Prior to
    this patch, the L bit would have been silently dropped.)
    
    This is an ABI break.  I've checked glibc, musl, and Wine, and
    none of them look like they'll have any trouble.
    
    Note to stable maintainers: this is a hardening patch that fixes
    no known bugs.  Given the possibility of ABI issues, this
    probably shouldn't be backported quickly.
    Signed-off-by: NAndy Lutomirski <luto@amacapital.net>
    Acked-by: NH. Peter Anvin <hpa@zytor.com>
    Cc: stable@vger.kernel.org # optional
    Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: security@kernel.org <security@kernel.org>
    Cc: Willy Tarreau <w@1wt.eu>
    Signed-off-by: NIngo Molnar <mingo@kernel.org>
    0e58af4e
tls.c 5.7 KB