CVS commit: src/sys/arch/amd64/amd64

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/arch/amd64/amd64
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Thu, 9 Feb 2017 08:23:46 +0000

Module Name:    src
Committed By:   maxv
Date:           Thu Feb  9 08:23:46 UTC 2017

Modified Files:
        src/sys/arch/amd64/amd64: locore.S

Log Message:
Restore %ds before swapgs. Movs to segment registers are allowed to fault
in kernel mode but simply cause a signal to be sent to userland. The thing
is, in this case %gs is not restored when entering the trap routine, which
means the kernel uses userland's TLS instead of using its own. Which in
short makes it easy to escalate privileges.

Currently, this bug is triggered only in one place, which I am about to
fix too.


To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 src/sys/arch/amd64/amd64/locore.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/opencrypto
Next by Date: CVS commit: src/sys/arch/amd64/amd64
Previous by Thread: CVS commit: src/sys/opencrypto
Next by Thread: CVS commit: src/sys/arch/amd64/amd64
Indexes:

Home | Main Index | Thread Index | Old Index