[PATCH] i386 / desc_empty macro is incorrect

Chuck Ebbert noticed that the desc_empty macro is incorrect.  Fix it.

Thankfully, this is not used as a security check, but it can falsely
overwrite TLS segments with carefully chosen base / limits.  I do not
believe this is an issue in practice, but it is a kernel bug.

Signed-off-by: Zachary Amsden <zach@vmware.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[ x86-64 had the same problem, and the same fix. Linus ]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/include/asm-i386/processor.h b/include/asm-i386/processor.h
index 5d06e6bd6ba0bff037197c5ff047d66f47faa9fd..d0d8b0160090427328fc384baed9ab77872ecb88 100644 (file)
--- a/include/asm-i386/processor.h
+++ b/include/asm-i386/processor.h
@@ -29,7 +29,7 @@ struct desc_struct {
 };
 
 #define desc_empty(desc) \
-               (!((desc)->a + (desc)->b))
+               (!((desc)->a | (desc)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))

diff --git a/include/asm-x86_64/processor.h b/include/asm-x86_64/processor.h
index 106f666517bb47eedd3983d8bf72dcdc4fd8d63e..85549e656eeb26aad35a50c973f8ea8b9a441bd2 100644 (file)
--- a/include/asm-x86_64/processor.h
+++ b/include/asm-x86_64/processor.h
@@ -32,7 +32,7 @@
 #define ID_MASK                0x00200000
 
 #define desc_empty(desc) \
-               (!((desc)->a + (desc)->b))
+               (!((desc)->a | (desc)->b))
 
 #define desc_equal(desc1, desc2) \
                (((desc1)->a == (desc2)->a) && ((desc1)->b == (desc2)->b))