Commit e3b3b6d580b073a5fbf9b74495a88eb9f69bb23c
Committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
1 parent
f84d9d8d9b
x86, tls, ldt: Stop checking lm in LDT_empty
commit e30ab185c490e9a9381385529e0fd32f0a399495 upstream. 32-bit programs don't have an lm bit in their ABI, so they can't reliably cause LDT_empty to return true without resorting to memset. They shouldn't need to do this. This should fix a longstanding, if minor, issue in all 64-bit kernels as well as a potential regression in the TLS hardening code. Fixes: 41bdc78544b8 x86/tls: Validate TLS entries to protect espfix Signed-off-by: Andy Lutomirski <luto@amacapital.net> Cc: torvalds@linux-foundation.org Link: http://lkml.kernel.org/r/72a059de55e86ad5e2935c80aa91880ddf19d07c.1421954363.git.luto@amacapital.net Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing 1 changed file with 2 additions and 7 deletions Side-by-side Diff
arch/x86/include/asm/desc.h
| ... | ... | @@ -251,7 +251,8 @@ |
| 251 | 251 | gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i]; |
| 252 | 252 | } |
| 253 | 253 | |
| 254 | -#define _LDT_empty(info) \ | |
| 254 | +/* This intentionally ignores lm, since 32-bit apps don't have that field. */ | |
| 255 | +#define LDT_empty(info) \ | |
| 255 | 256 | ((info)->base_addr == 0 && \ |
| 256 | 257 | (info)->limit == 0 && \ |
| 257 | 258 | (info)->contents == 0 && \ |
| ... | ... | @@ -260,12 +261,6 @@ |
| 260 | 261 | (info)->limit_in_pages == 0 && \ |
| 261 | 262 | (info)->seg_not_present == 1 && \ |
| 262 | 263 | (info)->useable == 0) |
| 263 | - | |
| 264 | -#ifdef CONFIG_X86_64 | |
| 265 | -#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0)) | |
| 266 | -#else | |
| 267 | -#define LDT_empty(info) (_LDT_empty(info)) | |
| 268 | -#endif | |
| 269 | 264 | |
| 270 | 265 | static inline void clear_LDT(void) |
| 271 | 266 | { |