linux/arch
Andi Kleen 7bf36bbc5e [PATCH] x86_64: When user could have changed RIP always force IRET
Intel EM64T CPUs handle uncanonical return addresses differently
from AMD CPUs.

The exception is reported in the SYSRET, not the next instruction.
This leads to the kernel exception handler running on the user stack
with the wrong GS because the kernel didn't expect exceptions
on this instruction.

This version of the patch has the teething problems that plagued an earlier
version fixed.

This is CVE-2006-0744

Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
patches.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-09 11:53:52 -07:00
..
alpha Manual merge with Linus. 2006-04-02 00:08:05 -05:00
arm Merge master.kernel.org:/home/rmk/linux-2.6-arm 2006-04-02 13:34:00 -07:00
arm26 [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00
cris [PATCH] unify PFN_* macros 2006-03-27 08:44:48 -08:00
frv [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00
h8300 [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00
i386 [PATCH] x86_64: Proper null pointer check in powernow_k8_get 2006-04-09 11:53:51 -07:00
ia64 [IA64] Avoid "u64 foo : 32;" for gcc3 vs. gcc4 compatibility 2006-03-31 10:28:29 -08:00
m32r [PATCH] unify PFN_* macros 2006-03-27 08:44:48 -08:00
m68k [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00
m68knommu [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00
mips Manual merge with Linus. 2006-04-02 00:08:05 -05:00
parisc [PARISC] Enabled some NLS modules in a500, b180 and c3000 defconfigs 2006-03-30 17:48:58 +00:00
powerpc Merge master.kernel.org:/pub/scm/linux/kernel/git/dtor/input 2006-04-02 12:49:19 -07:00
ppc [PATCH] for_each_possible_cpu: ppc 2006-03-29 13:44:16 +11:00
s390 [PATCH] for_each_possible_cpu: s390 2006-03-31 12:18:52 -08:00
sh [PATCH] Don't pass boot parameters to argv_init[] 2006-03-31 12:18:53 -08:00
sh64 [PATCH] RTC: Remove some duplicate BCD definitions 2006-03-28 09:16:01 -08:00
sparc [SPARC]: Wire up sys_sync_file_range() into syscall tables. 2006-03-31 23:49:34 -08:00
sparc64 [SPARC]: Wire up sys_sync_file_range() into syscall tables. 2006-03-31 23:49:34 -08:00
um [PATCH] uml: check for differences in host support 2006-03-31 12:18:52 -08:00
v850 [PATCH] bitops: v850: use generic bitops 2006-03-26 08:57:14 -08:00
x86_64 [PATCH] x86_64: When user could have changed RIP always force IRET 2006-04-09 11:53:52 -07:00
xtensa [PATCH] unexport get_wchan 2006-03-31 12:19:01 -08:00