Fork us on GitHub Follow us on Facebook Follow us on Twitter

Changeset 4fc93d5 in mainline


Ignore:
Timestamp:
2012-07-26T21:46:57Z (9 years ago)
Author:
Jakub Jermar <jakub@…>
Branches:
lfn, master
Children:
d30b14f
Parents:
8f4f444
Message:

Sanitize the SYSRET vulnerability on Intel amd64 processors.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • kernel/arch/amd64/src/asm.S

    r8f4f444 r4fc93d5  
    362362         */
    363363        call syscall_handler
    364        
     364
     365        /*
     366         * Test if the saved return address is canonical and not-kernel.
     367         * We do this by looking at the 16 most significant bits
     368         * of the saved return address (two bytes at offset 6).
     369         */
     370        testw $0xffff, ISTATE_OFFSET_RIP+6(%rsp)
     371        jnz bad_rip
     372
    365373        cli
    366374       
     
    388396        sysretq
    389397
     398bad_rip:
     399        movq %rsp, %rdi
     400        movabs $bad_rip_msg, %rsi
     401        callq fault_from_uspace
     402        /* not reached */
     403       
     404bad_rip_msg:
     405        .asciz "Invalid instruction pointer."
     406
    390407/** Print Unicode character to EGA display.
    391408 *
Note: See TracChangeset for help on using the changeset viewer.