linux/arch/x86_64
Andi Kleen 7bf36bbc5e [PATCH] x86_64: When user could have changed RIP always force IRET
Intel EM64T CPUs handle uncanonical return addresses differently
from AMD CPUs.

The exception is reported in the SYSRET, not the next instruction.
This leads to the kernel exception handler running on the user stack
with the wrong GS because the kernel didn't expect exceptions
on this instruction.

This version of the patch has the teething problems that plagued an earlier
version fixed.

This is CVE-2006-0744

Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
patches.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-09 11:53:52 -07:00
..
boot [PATCH] x86: "make isoimage" support; FDINITRD= support; minor cleanups 2006-03-26 08:56:53 -08:00
crypto [CRYPTO] aes: Fixed array boundary violation 2006-03-21 20:14:10 +11:00
ia32 [PATCH] Mark unwind info for signal trampolines in vDSOs 2006-03-31 12:18:52 -08:00
kernel [PATCH] x86_64: When user could have changed RIP always force IRET 2006-04-09 11:53:52 -07:00
lib [PATCH] x86_64: remove dead do_softirq_thunk 2006-03-25 09:10:53 -08:00
mm [PATCH] x86_64: Rename e820_mapped to e820_any_mapped 2006-04-09 11:53:17 -07:00
oprofile [PATCH] Move Kprobes and Oprofile to "Instrumentation Support" menu 2005-11-07 07:53:35 -08:00
pci [PATCH] i386/x86-64: Check that MCFG points to an e820 reserved area 2006-04-09 11:53:51 -07:00
defconfig [PATCH] x86_64: Update defconfig 2006-04-09 11:53:16 -07:00
Kconfig [PATCH] unify pfn_to_page: x86_64 pfn_to_page 2006-03-27 08:44:44 -08:00
Kconfig.debug [PATCH] x86_64: Remove CONFIG_INIT_DEBUG 2006-02-04 16:43:13 -08:00
Makefile [PATCH] x86: "make isoimage" support; FDINITRD= support; minor cleanups 2006-03-26 08:56:53 -08:00