[PATCH] x86_64: Fix canonical checking for segment registers in ptrace

Allowed user programs to set a non canonical segment base, which would cause oopses in the kernel later. Credit-to: Alexander Nyberg <alexn@dsv.su.se> For identifying and reporting this bug. Signed-off-by: N Andi Kleen <ak@suse.de> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] x86_64: Fix canonical checking for segment registers in ptrace
Allowed user programs to set a non canonical segment base, which would cause oopses in the kernel later. Credit-to: Alexander Nyberg <alexn@dsv.su.se> For identifying and reporting this bug. Signed-off-by: N Andi Kleen <ak@suse.de> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
f6b8d477 · Andi Kleen · Linus Torvalds · d1099e8a · f6b8d477
显示空白变更内容
内联并排

Showing with 4 addition and 4 deletion

arch/x86_64/kernel/ptrace.c arch/x86_64/kernel/ptrace.c +4 -4

未找到文件。
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -257,12 +257,12 @@ static int putreg(struct task_struct *child,
 			value &= 0xffff;
 			return 0;
 		case offsetof(struct user_regs_struct,fs_base):
-			if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+			if (value >= TASK_SIZE)
 				return -EIO;
 			child->thread.fs = value;
 			return 0;
 		case offsetof(struct user_regs_struct,gs_base):
-			if (!((value >> 48) == 0 || (value >> 48) == 0xffff))
+			if (value >= TASK_SIZE)
 				return -EIO;
 			child->thread.gs = value;
 			return 0;