git: kernel - Add safety for Intel SYSRET issue

Matthew Dillon dillon at crater.dragonflybsd.org
Tue Jul 15 12:38:18 PDT 2014


commit db2ac896813080e775d0cce25ee903932bc75292
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Tue Jul 15 12:31:50 2014 -0700

    kernel - Add safety for Intel SYSRET issue
    
    * First, insofar as we can tell DragonFly was *NOT* vulnerable to the
      Intel SYSRET issue.  We have a RQF_QUICKRET flag that determines if SYSRET
      can be used.  Any heavy weight process switch, signal delivery, signal
      return, or set_regs() call clears this flag and forces the system call to
      return via IRET.
    
    * However, the ptrace() path is a bit convoluted.  Insofar as I can tell
      it just won't allow %rip to be changed unless the target process is in
      a SSTOPped state, meaning that a heavy weight context switch must occur
      before the new %rip is used which means we should be safe.
    
      Still, we are adding a safety to ptrace_set_pc() to cannonicalize the
      %rip anyway, to ensure that this bug cannot bite us indirectly in the
      future.

Summary of changes:
 sys/platform/pc64/x86_64/machdep.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/db2ac896813080e775d0cce25ee903932bc75292


-- 
DragonFly BSD source repository


More information about the Commits mailing list