diff options
author | Andi Kleen <ak@suse.de> | 2006-07-28 08:44:45 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-07-28 22:28:00 -0400 |
commit | 0e92da4acb763272c6060f0b14adc2377b627d07 (patch) | |
tree | f720ea910c370c86a244a6ac4b94706bac276ad0 /arch/x86_64/ia32/ia32entry.S | |
parent | d5a2601734bcc740ee78dc4cb0c56b5687da7bd9 (diff) |
[PATCH] x86_64: Don't clobber r8-r11 in int 0x80 handler
When int 0x80 is called from long mode r8-r11 would leak out of the
kernel (or rather they would be filled with some values from
the kernel stack). I don't think it's a security issue because
the values come from the fixed stack frame which should be near
always user registers from a previous interrupt.
Still better fix it.
Longer term the register save macros need to be cleaned up
to avoid such mistakes in the future.
Original analysis from Richard Brunner, fix by me.
Cc: Richard.Brunner@amd.com
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch/x86_64/ia32/ia32entry.S')
-rw-r--r-- | arch/x86_64/ia32/ia32entry.S | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86_64/ia32/ia32entry.S b/arch/x86_64/ia32/ia32entry.S index 9b5bb413a6e9..5d4a7d125ed0 100644 --- a/arch/x86_64/ia32/ia32entry.S +++ b/arch/x86_64/ia32/ia32entry.S | |||
@@ -103,7 +103,7 @@ ENTRY(ia32_sysenter_target) | |||
103 | pushq %rax | 103 | pushq %rax |
104 | CFI_ADJUST_CFA_OFFSET 8 | 104 | CFI_ADJUST_CFA_OFFSET 8 |
105 | cld | 105 | cld |
106 | SAVE_ARGS 0,0,1 | 106 | SAVE_ARGS 0,0,0 |
107 | /* no need to do an access_ok check here because rbp has been | 107 | /* no need to do an access_ok check here because rbp has been |
108 | 32bit zero extended */ | 108 | 32bit zero extended */ |
109 | 1: movl (%rbp),%r9d | 109 | 1: movl (%rbp),%r9d |