diff options
| author | Tejun Heo <tj@kernel.org> | 2009-02-11 02:31:00 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2009-02-11 05:33:49 -0500 |
| commit | 5c79d2a517a9905599d192db8ce77ab5f1a2faca (patch) | |
| tree | 11f550a59b9b653fbd6c54b37effbf2d4a750fb5 /arch/x86/kernel/head_32.S | |
| parent | 60a5317ff0f42dd313094b88f809f63041568b08 (diff) | |
x86: fix x86_32 stack protector bugs
Impact: fix x86_32 stack protector
Brian Gerst found out that %gs was being initialized to stack_canary
instead of stack_canary - 20, which basically gave the same canary
value for all threads. Fixing this also exposed the following bugs.
* cpu_idle() didn't call boot_init_stack_canary()
* stack canary switching in switch_to() was being done too late making
the initial run of a new thread use the old stack canary value.
Fix all of them and while at it update comment in cpu_idle() about
calling boot_init_stack_canary().
Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch/x86/kernel/head_32.S')
| -rw-r--r-- | arch/x86/kernel/head_32.S | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 924e31615fb6..cf21fd0cf6ac 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S | |||
| @@ -447,6 +447,7 @@ is386: movl $2,%ecx # set MP | |||
| 447 | jne 1f | 447 | jne 1f |
| 448 | movl $per_cpu__gdt_page,%eax | 448 | movl $per_cpu__gdt_page,%eax |
| 449 | movl $per_cpu__stack_canary,%ecx | 449 | movl $per_cpu__stack_canary,%ecx |
| 450 | subl $20, %ecx | ||
| 450 | movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) | 451 | movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) |
| 451 | shrl $16, %ecx | 452 | shrl $16, %ecx |
| 452 | movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) | 453 | movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) |