Created attachment 113012 [details] fix for sysret fault case This fixes the case with that bad failure mode and DoS potential. This patch works against 2.6.12rc2 and against RHEL4 (6.38).
Created attachment 113013 [details] fix for iret fault cases This fixes the iret cases, and handles both a native 64-bit sigreturn case and the cases with 32-bit processes that bug 154221 deals with. These cases all have a fairly harmless failure mode (some console spew and a confusing user result), so buggy but not exploitable.
I originally labelled this issue as CAN-2005-0756 however that was in error due to two similar ptrace check issues. The following is as reported to vendor-sec: Fixing rip -> CAN-2005-1762 Fixing fs_base and gs_base -> CAN-2005-0756
[PATCH] x86_64: check if ptrace RIP is canonical This works around an AMD Erratum. This is a DoS on 2.4 and 2.6 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d1099e8a18960693c04507bdd7b9403db70bfd97
*** Bug 159916 has been marked as a duplicate of this bug. ***
This is in linux-2.6.9-CAN-2005-0756-x86_64-ptrace-canonical-addr.patch in -11.34.EL
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html