diff options
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch')
| -rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch deleted file mode 100644 index 0bf1b61..0000000 --- a/sys-freebsd/freebsd-sources/files/freebsd-sources-cve-2012-0217.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: sys/amd64/amd64/trap.c -=================================================================== ---- sys/amd64/amd64/trap.c.orig -+++ sys/amd64/amd64/trap.c (working copy) -@@ -972,4 +972,21 @@ - syscallname(td->td_proc, sa.code))); - - syscallret(td, error, &sa); -+ -+ /* -+ * If the user-supplied value of %rip is not a canonical -+ * address, then some CPUs will trigger a ring 0 #GP during -+ * the sysret instruction. However, the fault handler would -+ * execute with the user's %gs and %rsp in ring 0 which would -+ * not be safe. Instead, preemptively kill the thread with a -+ * SIGBUS. -+ */ -+ if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) { -+ ksiginfo_init_trap(&ksi); -+ ksi.ksi_signo = SIGBUS; -+ ksi.ksi_code = BUS_OBJERR; -+ ksi.ksi_trapno = T_PROTFLT; -+ ksi.ksi_addr = (void *)td->td_frame->tf_rip; -+ trapsignal(td, &ksi); -+ } - } |