diff options
| author | Xin LI <delphij@FreeBSD.org> | 2015-08-25 20:49:05 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2015-08-25 20:49:05 +0000 |
| commit | 0a4794072ceddb6293565e4730b0081a906d0844 (patch) | |
| tree | 2fced043194bfb9dd5d9f3a562fece921c64c58b /sys | |
| parent | 85d704f8b6f27204b662eb54da2490c7495b441d (diff) | |
| download | src-0a4794072ceddb6293565e4730b0081a906d0844.tar.gz src-0a4794072ceddb6293565e4730b0081a906d0844.zip | |
Fix local privilege escalation in IRET handler. [SA-15:21]
Fix OpenSSH multiple vulnerabilities. [SA-15:22]
Fix insufficient check of unsupported pkg(7) signature methods.
[EN-15:15]
Approved by: so
Notes
Notes:
svn path=/releng/9.3/; revision=287147
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/amd64/amd64/exception.S | 9 | ||||
| -rw-r--r-- | sys/amd64/amd64/machdep.c | 1 | ||||
| -rw-r--r-- | sys/amd64/amd64/trap.c | 2 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 |
4 files changed, 9 insertions, 5 deletions
diff --git a/sys/amd64/amd64/exception.S b/sys/amd64/amd64/exception.S index 25b89d819af0..49d61f67a581 100644 --- a/sys/amd64/amd64/exception.S +++ b/sys/amd64/amd64/exception.S @@ -154,9 +154,13 @@ IDTVEC(xmm) IDTVEC(tss) TRAP_ERR(T_TSSFLT) IDTVEC(missing) - TRAP_ERR(T_SEGNPFLT) + subq $TF_ERR,%rsp + movl $T_SEGNPFLT,TF_TRAPNO(%rsp) + jmp prot_addrf IDTVEC(stk) - TRAP_ERR(T_STKFLT) + subq $TF_ERR,%rsp + movl $T_STKFLT,TF_TRAPNO(%rsp) + jmp prot_addrf IDTVEC(align) TRAP_ERR(T_ALIGNFLT) @@ -319,6 +323,7 @@ IDTVEC(page) IDTVEC(prot) subq $TF_ERR,%rsp movl $T_PROTFLT,TF_TRAPNO(%rsp) +prot_addrf: movq $0,TF_ADDR(%rsp) movq %rdi,TF_RDI(%rsp) /* free up a GP register */ leaq doreti_iret(%rip),%rdi diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c index 63de58ff8f9c..e0f848657d9f 100644 --- a/sys/amd64/amd64/machdep.c +++ b/sys/amd64/amd64/machdep.c @@ -428,6 +428,7 @@ sendsig(sig_t catcher, ksiginfo_t *ksi, sigset_t *mask) regs->tf_rflags &= ~(PSL_T | PSL_D); regs->tf_cs = _ucodesel; regs->tf_ds = _udatasel; + regs->tf_ss = _udatasel; regs->tf_es = _udatasel; regs->tf_fs = _ufssel; regs->tf_gs = _ugssel; diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index 3c6e0d3e6d4c..3c82692903ad 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -473,8 +473,6 @@ trap(struct trapframe *frame) goto out; case T_STKFLT: /* stack fault */ - break; - case T_PROTFLT: /* general protection fault */ case T_SEGNPFLT: /* segment not present fault */ if (td->td_intr_nesting_level != 0) diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index f5c1e4f8d64b..1424a22587a2 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RELEASE-p23" +BRANCH="RELEASE-p24" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi |