Validate if the value written into {FS,GS}.base is a canonical

address, writting non-canonical address can cause kernel a panic, by restricting base values to 0..VM_MAXUSER_ADDRESS, ensuring only canonical values get written to the registers. Reviewed by: peter, Josepha Koshy < joseph.koshy at gmail dot com > Approved by: re (scottl)
author: davidxu <davidxu@FreeBSD.org> 2005-07-10 23:31:11 +0000
committer: davidxu <davidxu@FreeBSD.org> 2005-07-10 23:31:11 +0000
commit: bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5 (patch)
tree: e1deb69e9ef98abe6e3de57b17a8192575186ef3 /sys/kern/kern_thr.c
parent: 6d86e52425b9f58cf008209ca788b1475811f5f3 (diff)
download: FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.zip
FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c
index 4a552a2..0e8b3e8 100644
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@@ -176,7 +176,12 @@ create_thread(struct thread *td, mcontext_t *ctx,
 		/* Set upcall address to user thread entry function. */
 		cpu_set_upcall_kse(newtd, start_func, arg, &stack);
 		/* Setup user TLS address and TLS pointer register. */
-		cpu_set_user_tls(newtd, tls_base);
+		error = cpu_set_user_tls(newtd, tls_base);
+		if (error != 0) {
+			thread_free(newtd);
+			crfree(td->td_ucred);
+			return (error);
+		}
 	}
 
 	if ((td->td_proc->p_flag & P_HADTHREADS) == 0) {
author	davidxu <davidxu@FreeBSD.org>	2005-07-10 23:31:11 +0000
committer	davidxu <davidxu@FreeBSD.org>	2005-07-10 23:31:11 +0000
commit	bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5 (patch)
tree	e1deb69e9ef98abe6e3de57b17a8192575186ef3 /sys/kern/kern_thr.c
parent	6d86e52425b9f58cf008209ca788b1475811f5f3 (diff)
download	FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.zip FreeBSD-src-bc8b519d0f5bbf92cb40d8b35ea92bb2285463c5.tar.gz