x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)

author Andy Lutomirski <luto@amacapital.net>

Mon, 23 Jun 2014 21:22:15 +0000 (14:22 -0700)

committer Ben Hutchings <ben@decadent.org.uk>

Fri, 11 Jul 2014 12:33:54 +0000 (13:33 +0100)
author Andy Lutomirski <luto@amacapital.net>
Mon, 23 Jun 2014 21:22:15 +0000 (14:22 -0700)
committer Ben Hutchings <ben@decadent.org.uk>
Fri, 11 Jul 2014 12:33:54 +0000 (13:33 +0100)
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S

index d2d488b..db090f6 100644 (file)
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -427,9 +427,10 @@ sysenter_past_esp:
         jnz sysenter_audit
  sysenter_do_call:
         cmpl $(nr_syscalls), %eax
-       jae syscall_badsys
+       jae sysenter_badsys
         call *sys_call_table(,%eax,4)
         movl %eax,PT_EAX(%esp)
+sysenter_after_call:
         LOCKDEP_SYS_EXIT
         DISABLE_INTERRUPTS(CLBR_ANY)
         TRACE_IRQS_OFF
@@ -681,7 +682,12 @@ END(syscall_fault)
  
  syscall_badsys:
         movl $-ENOSYS,PT_EAX(%esp)
-       jmp resume_userspace
+       jmp syscall_exit
+END(syscall_badsys)
+
+sysenter_badsys:
+       movl $-ENOSYS,PT_EAX(%esp)
+       jmp sysenter_after_call
  END(syscall_badsys)
         CFI_ENDPROC
  /*
author	Andy Lutomirski <luto@amacapital.net>
	Mon, 23 Jun 2014 21:22:15 +0000 (14:22 -0700)
committer	Ben Hutchings <ben@decadent.org.uk>
	Fri, 11 Jul 2014 12:33:54 +0000 (13:33 +0100)