diff options
| author |   deraadt <deraadt@openbsd.org> | 2017-10-03 22:06:19 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2017-10-03 22:06:19 +0000 |
| commit | 902e12ab0e9f4af4e1aa2690e19c8dfaddda40f0 (patch) | |
| tree | 95e46f2230203c931cd068c1664bce022caf68a4 | |
| parent | The xrstor instruction will fault if the provided xstate data, which (diff) | |
| download | wireguard-openbsd-902e12ab0e9f4af4e1aa2690e19c8dfaddda40f0.tar.xz wireguard-openbsd-902e12ab0e9f4af4e1aa2690e19c8dfaddda40f0.zip | |
Nested xrstor handled leaks a kernel address into sigval, but potential
user address is unavailable so use 0 instead, since the typical cases
are coredump or handing to a SIGBUS handler which cannot recover.
Issue observed by bluhm
ok bluhm, mlarkin, guenther said "Foo!"
| -rw-r--r-- | sys/arch/amd64/amd64/trap.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/arch/amd64/amd64/trap.c b/sys/arch/amd64/amd64/trap.c index 66278f198e8..5b720d10a30 100644 --- a/sys/arch/amd64/amd64/trap.c +++ b/sys/arch/amd64/amd64/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.59 2017/10/03 17:36:40 guenther Exp $ */ +/* $OpenBSD: trap.c,v 1.60 2017/10/03 22:06:19 deraadt Exp $ */ /* $NetBSD: trap.c,v 1.2 2003/05/04 23:51:56 fvdl Exp $ */ /*- @@ -211,6 +211,7 @@ trap(struct trapframe *frame) */ if (frame->tf_rip == (u_int64_t)xrstor_fault && p != NULL) { fpusave_proc(p, 0); + frame->tf_rip = 0; /* Hide kernel address */ goto user_trap; } case T_SEGNPFLT: |