Commit f6b8d477 authored May 16, 2005 by Andi Kleen Committed by Linus Torvalds May 17, 2005

[PATCH] x86_64: Fix canonical checking for segment registers in ptrace



Allowed user programs to set a non canonical segment base, which would cause
oopses in the kernel later.

Credit-to: Alexander Nyberg <alexn@dsv.su.se>

 For identifying and reporting this bug.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent d1099e8a

arch/x86_64/kernel/ptrace.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -257,12 +257,12 @@ static int putreg(struct task_struct *child,
		value &= 0xffff;
		return 0;
		case offsetof(struct user_regs_struct,fs_base):
		if (!((value >> 48) == 0 \|\| (value >> 48) == 0xffff))
		if (value >= TASK_SIZE)
		return -EIO;
		child->thread.fs = value;
		return 0;
		case offsetof(struct user_regs_struct,gs_base):
		if (!((value >> 48) == 0 \|\| (value >> 48) == 0xffff))
		if (value >= TASK_SIZE)
		return -EIO;
		child->thread.gs = value;
		return 0;