From: Zachary Amsden <[EMAIL PROTECTED]>
Chuck Ebbert wrote:
> I think that should be "|" instead of "+".
I think so too. I merely moved the code here and didn't notice it in
all this excitement.
0x00cf9a000xff306600 =>
Present CPL-0 32-bit code segment, base 0x0000ff30, limit 0xf6601 pages,
for which desc_empty(desc) is true.
Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits. I do not
believe this is an issue in practice, but it is a kernel bug.
Nice catch. Looks like it affects all 2.6.X kernels.
Chuck Ebbert noticed that the desc_empty macro is incorrect. Fix it.
Signed-off-by: Zachary Amsden <[EMAIL PROTECTED]>
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
---
diff --git a/include/asm-i386/processor.h b/include/asm-i386/processor.h
--- a/include/asm-i386/processor.h
+++ b/include/asm-i386/processor.h
@@ -29,7 +29,7 @@ struct desc_struct {
};
#define desc_empty(desc) \
- (!((desc)->a + (desc)->b))
+ (!((desc)->a | (desc)->b))
#define desc_equal(desc1, desc2) \
(((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
