1f0c48b5818abe240289d7878d364eff43a3ae05 - chromiumos/third_party/kernel

commit	1f0c48b5818abe240289d7878d364eff43a3ae05	[log] [tgz]
author	Andy Lutomirski <luto@amacapital.net>	Fri Dec 05 00:48:16 2014
committer	Kees Cook <keescook@chromium.org>	Mon Jan 05 19:44:09 2015
tree	b374793ba56d8306d7aedee4c0d6640600dc4205
parent	a03b3f3cfcc39235ffad1c2e2996e88aeed411cc [diff]

UPSTREAM: x86/tls: Validate TLS entries to protect espfix

Installing a 16-bit RW data segment into the GDT defeats espfix.
AFAICT this will not affect glibc, Wine, or dosemu at all.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: H. Peter Anvin <hpa@zytor.com>
Cc: stable@vger.kernel.org
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: security@kernel.org <security@kernel.org>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Ingo Molnar <mingo@kernel.org>

BUG=chromium:439158
TEST=lumpy build & boot, sigreturn PoC runs without failures

(cherry picked from commit 41bdc78544b8a93a9c6814b8bbbfef966272abbe)
Signed-off-by: Kees Cook <keescook@chromium.org>

Reviewed-on: https://chromium-review.googlesource.com/236052
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Commit-Queue: Aviv Keshet <akeshet@chromium.org>

(cherry picked from ToT)
Signed-off-by: Kees Cook <keescook@chromium.org>
Change-Id: I6b0777aad884a30937bc4d123de346314425a402
Reviewed-on: https://chromium-review.googlesource.com/236905
Reviewed-by: Aaron Durbin <adurbin@chromium.org>

arch/x86/kernel/tls.c[diff]

1 file changed

tree: b374793ba56d8306d7aedee4c0d6640600dc4205