Re: [PATCH x86#core/percpu] x86: fix x86_32 stack protector bugs

[Ingo Molnar]

* Tejun Heo <tj@xxxxxxxxxx> wrote:

> Impact: fix x86_32 stack protector
> 
> Brian Gerst found out that %gs was being initialized to stack_canary
> instead of stack_canary - 20, which basically gave the same canary
> value for all threads.  Fixing this also exposed the following bugs.
> 
> * cpu_idle() didn't call boot_init_stack_canary()
> 
> * stack canary switching in switch_to() was being done too late making
>   the initial run of a new thread use the old stack canary value.
> 
> Fix all of them and while at it update comment in cpu_idle() about
> calling boot_init_stack_canary().
> 
> Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
> Reported-by: Brian Gerst <brgerst@xxxxxxxxx>
> ---
>  arch/x86/include/asm/stackprotector.h |    2 +-
>  arch/x86/include/asm/system.h         |    8 +++-----
>  arch/x86/kernel/head_32.S             |    1 +
>  arch/x86/kernel/process_32.c          |   10 ++++++++++
>  arch/x86/kernel/process_64.c          |   11 +++++------
>  5 files changed, 20 insertions(+), 12 deletions(-)

Applied to tip:core/percpu, thanks guys!

I never got around to finding his bug in practice as the latest bits of 
tip:core/percpu are not in tip/master at the moment, due to that 64-bit
build failure.

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/