[PATCH] i386 / desc_empty macro is incorrect
authorZachary Amsden <zach@vmware.com>
Tue, 16 Aug 2005 19:05:09 +0000 (12:05 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Tue, 16 Aug 2005 19:18:01 +0000 (12:18 -0700)
Chuck Ebbert noticed that the desc_empty macro is incorrect.  Fix it.

Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits.  I do not
believe this is an issue in practice, but it is a kernel bug.

Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[ x86-64 had the same problem, and the same fix. Linus ]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
include/asm-i386/processor.h
include/asm-x86_64/processor.h

index 5d06e6bd6ba0bff037197c5ff047d66f47faa9fd..d0d8b0160090427328fc384baed9ab77872ecb88 100644 (file)
@@ -29,7 +29,7 @@ struct desc_struct {
 };
 
 #define desc_empty(desc) \
 };
 
 #define desc_empty(desc) \
-               (!((desc)->a + (desc)->b))
+               (!((desc)->a | (desc)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))
index 106f666517bb47eedd3983d8bf72dcdc4fd8d63e..85549e656eeb26aad35a50c973f8ea8b9a441bd2 100644 (file)
@@ -32,7 +32,7 @@
 #define ID_MASK                0x00200000
 
 #define desc_empty(desc) \
 #define ID_MASK                0x00200000
 
 #define desc_empty(desc) \
-               (!((desc)->a + (desc)->b))
+               (!((desc)->a | (desc)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))