[PATCH] i386 / desc_empty macro is incorrect

Chuck Ebbert noticed that the desc_empty macro is incorrect. Fix it. Thankfully, this is not used as a security check, but it can falsely overwrite TLS segments with carefully chosen base / limits. I do not believe this is an issue in practice, but it is a kernel bug. Signed-off-by: N Zachary Amsden <zach@vmware.com> Signed-off-by: N Chris Wright <chrisw@osdl.org> [ x86-64 had the same problem, and the same fix. Linus ] Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] i386 / desc_empty macro is incorrect
Chuck Ebbert noticed that the desc_empty macro is incorrect. Fix it. Thankfully, this is not used as a security check, but it can falsely overwrite TLS segments with carefully chosen base / limits. I do not believe this is an issue in practice, but it is a kernel bug. Signed-off-by: N Zachary Amsden <zach@vmware.com> Signed-off-by: N Chris Wright <chrisw@osdl.org> [ x86-64 had the same problem, and the same fix. Linus ] Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
12aaa085 · Zachary Amsden · Linus Torvalds · 5153f7e6 · 12aaa085 · 12aaa085
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

include/asm-i386/processor.h include/asm-i386/processor.h +1 -1

include/asm-x86_64/processor.h include/asm-x86_64/processor.h +1 -1

未找到文件。
--- a/include/asm-i386/processor.h
+++ b/include/asm-i386/processor.h
@@ -29,7 +29,7 @@ struct desc_struct {
 };

 #define desc_empty(desc) \
-		(!((desc)->a + (desc)->b))
+		(!((desc)->a | (desc)->b))

 #define desc_equal(desc1, desc2) \
 		(((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))

--- a/include/asm-x86_64/processor.h
+++ b/include/asm-x86_64/processor.h
@@ -32,7 +32,7 @@
 #define ID_MASK		0x00200000

 #define desc_empty(desc) \
-               (!((desc)->a + (desc)->b))
+               (!((desc)->a | (desc)->b))

 #define desc_equal(desc1, desc2) \
               (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))