From owner-svn-src-all@freebsd.org Thu Oct 27 16:28:22 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74A32C23ABB; Thu, 27 Oct 2016 16:28:22 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay103.isp.belgacom.be (mailrelay103.isp.belgacom.be [195.238.20.130]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FB581E0E; Thu, 27 Oct 2016 16:28:20 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2CsAgCHKhJY/1QiyVBcHAEBBAEBCgEBg?= =?us-ascii?q?yoBAQEBAR1KDn2NN5Z+h16MYYIHKIV7AoIBQBQBAgEBAQEBAQFiKIRjAQEEJxM?= =?us-ascii?q?cIxALDgYECSUPEhgeBhOIOgMbCrxHDYNrAQEBAQEBAQEBAQEBAQEBASGLEoJHh?= =?us-ascii?q?18BBJlhNYYthlKDGXKBB06EH4M6hW+IcYQahAEeNl+FCzw0hikrggsBAQE?= Received: from 84.34-201-80.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([80.201.34.84]) by relay.skynet.be with ESMTP; 27 Oct 2016 18:26:36 +0200 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id u9RGQZoI036835; Thu, 27 Oct 2016 18:26:35 +0200 (CEST) (envelope-from tijl@FreeBSD.org) Date: Thu, 27 Oct 2016 18:26:35 +0200 From: Tijl Coosemans To: Konstantin Belousov Cc: Gleb Smirnoff , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r307936 - head/sys/amd64/amd64 Message-ID: <20161027182635.187d5f6d@kalimero.tijl.coosemans.org> In-Reply-To: <20161026132550.GV54029@kib.kiev.ua> References: <201610251713.u9PHDkq2076226@repo.freebsd.org> <20161025212600.36e91455@kalimero.tijl.coosemans.org> <20161026132550.GV54029@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 16:28:22 -0000 On Wed, 26 Oct 2016 16:25:50 +0300 Konstantin Belousov wrote: > On Tue, Oct 25, 2016 at 09:26:00PM +0200, Tijl Coosemans wrote: >> On Tue, 25 Oct 2016 17:13:46 +0000 (UTC) Gleb Smirnoff wrote: >>> Author: glebius >>> Date: Tue Oct 25 17:13:46 2016 >>> New Revision: 307936 >>> URL: https://svnweb.freebsd.org/changeset/base/307936 >>> >>> Log: >>> The argument validation in r296956 was not enough to close all possible >>> overflows in sysarch(2). >>> >>> Submitted by: Kun Yang >>> Patch by: kib >>> Security: SA-16:15 >>> >>> Modified: >>> head/sys/amd64/amd64/sys_machdep.c >> >> This patch and r296956 need to be applied to i386 too, don't they? > I do not think so. The amd64 bug is that I thought that the overflow > checks were not needed, which appeared to be not true. > > i386_set_ldt(), which is the i386 version of amd64_set_ldt(), already > contained the comparisions of largest_ld with pldt->ldt_len etc. > > Still, independend look at the i386 (and amd64 version as well) is more > than welcomed, so please read the code yourself. It looks ok to me. i386 checks kargs.largs.num > MAX_LD early in sysarch so start + num cannot overflow. On amd64 this check was removed in https://svnweb.freebsd.org/base?view=revision&revision=217543