diff options
author | davidxu <davidxu@FreeBSD.org> | 2005-07-10 23:31:11 +0000 |
---|---|---|
committer | davidxu <davidxu@FreeBSD.org> | 2005-07-10 23:31:11 +0000 |
commit | bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5 (patch) | |
tree | e1deb69e9ef98abe6e3de57b17a8192575186ef3 /sys/kern/kern_thr.c | |
parent | 6d86e52425b9f58cf008209ca788b1475811f5f3 (diff) | |
download | FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.zip FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.tar.gz |
Validate if the value written into {FS,GS}.base is a canonical
address, writting non-canonical address can cause kernel a panic,
by restricting base values to 0..VM_MAXUSER_ADDRESS, ensuring
only canonical values get written to the registers.
Reviewed by: peter, Josepha Koshy < joseph.koshy at gmail dot com >
Approved by: re (scottl)
Diffstat (limited to 'sys/kern/kern_thr.c')
-rw-r--r-- | sys/kern/kern_thr.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c index 4a552a2..0e8b3e8 100644 --- a/sys/kern/kern_thr.c +++ b/sys/kern/kern_thr.c @@ -176,7 +176,12 @@ create_thread(struct thread *td, mcontext_t *ctx, /* Set upcall address to user thread entry function. */ cpu_set_upcall_kse(newtd, start_func, arg, &stack); /* Setup user TLS address and TLS pointer register. */ - cpu_set_user_tls(newtd, tls_base); + error = cpu_set_user_tls(newtd, tls_base); + if (error != 0) { + thread_free(newtd); + crfree(td->td_ucred); + return (error); + } } if ((td->td_proc->p_flag & P_HADTHREADS) == 0) { |