5 files changed, 122 insertions, 19 deletions
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index eefdeee8a871..72bb3a26c738 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -1,6 +1,10 @@
 obj-y   :=  init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
            pat.o pgtable.o gup.o
+# Make sure __phys_addr has no stackprotector
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_ioremap.o                := $(nostackp)
 obj-$(CONFIG_SMP)               += tlb.o
 obj-$(CONFIG_X86_32)            += pgtable_32.o iomap_32.o
diff --git a/arch/x86/xen/Makefile b/arch/x86/xen/Makefile
index 7410640db173..3bb4fc21f4f2 100644
--- a/arch/x86/xen/Makefile
+++ b/arch/x86/xen/Makefile
@@ -8,6 +8,7 @@ endif
 # Make sure early boot has no stackprotector
 nostackp := $(call cc-option, -fno-stack-protector)
 CFLAGS_enlighten.o              := $(nostackp)
+CFLAGS_mmu.o                    := $(nostackp)
 obj-y           := enlighten.o setup.o multicalls.o mmu.o irq.o \
                        time.o xen-asm.o xen-asm_$(BITS).o \
@@ -16,3 +17,4 @@ obj-y		:= enlighten.o setup.o multicalls.o mmu.o irq.o \
 obj-$(CONFIG_SMP)               += smp.o
 obj-$(CONFIG_PARAVIRT_SPINLOCKS)+= spinlock.o
 obj-$(CONFIG_XEN_DEBUG_FS)      += debugfs.o
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index eb33aaa8415d..76143136dead 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -51,6 +51,7 @@
 #include <asm/pgtable.h>
 #include <asm/tlbflush.h>
 #include <asm/reboot.h>
+#include <asm/stackprotector.h>
 #include "xen-ops.h"
 #include "mmu.h"
@@ -330,18 +331,28 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
        unsigned long frames[pages];
        int f;
-        /* A GDT can be up to 64k in size, which corresponds to 8192
+        /*
-           8-byte entries, or 16 4k pages.. */
+         * A GDT can be up to 64k in size, which corresponds to 8192
+         * 8-byte entries, or 16 4k pages..
+         */
        BUG_ON(size > 65536);
        BUG_ON(va & ~PAGE_MASK);
        for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
                int level;
-                pte_t *ptep = lookup_address(va, &level);
+                pte_t *ptep;
                unsigned long pfn, mfn;
                void *virt;
+                /*
+                 * The GDT is per-cpu and is in the percpu data area.
+                 * That can be virtually mapped, so we need to do a
+                 * page-walk to get the underlying MFN for the
+                 * hypercall.  The page can also be in the kernel's
+                 * linear range, so we need to RO that mapping too.
+                 */
+                ptep = lookup_address(va, &level);
                BUG_ON(ptep == NULL);
                pfn = pte_pfn(*ptep);
@@ -358,6 +369,44 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
                BUG();
 }
+/*
+ * load_gdt for early boot, when the gdt is only mapped once
+ */
+static __init void xen_load_gdt_boot(const struct desc_ptr *dtr)
+{
+        unsigned long va = dtr->address;
+        unsigned int size = dtr->size + 1;
+        unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
+        unsigned long frames[pages];
+        int f;
+        /*
+         * A GDT can be up to 64k in size, which corresponds to 8192
+         * 8-byte entries, or 16 4k pages..
+         */
+        BUG_ON(size > 65536);
+        BUG_ON(va & ~PAGE_MASK);
+        for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
+                pte_t pte;
+                unsigned long pfn, mfn;
+                pfn = virt_to_pfn(va);
+                mfn = pfn_to_mfn(pfn);
+                pte = pfn_pte(pfn, PAGE_KERNEL_RO);
+                if (HYPERVISOR_update_va_mapping((unsigned long)va, pte, 0))
+                        BUG();
+                frames[f] = mfn;
+        }
+        if (HYPERVISOR_set_gdt(frames, size / sizeof(struct desc_struct)))
+                BUG();
+}
 static void load_TLS_descriptor(struct thread_struct *t,
                                unsigned int cpu, unsigned int i)
 {
@@ -581,6 +630,29 @@ static void xen_write_gdt_entry(struct desc_struct *dt, int entry,
        preempt_enable();
 }
+/*
+ * Version of write_gdt_entry for use at early boot-time needed to
+ * update an entry as simply as possible.
+ */
+static __init void xen_write_gdt_entry_boot(struct desc_struct *dt, int entry,
+                                            const void *desc, int type)
+{
+        switch (type) {
+        case DESC_LDT:
+        case DESC_TSS:
+                /* ignore */
+                break;
+        default: {
+                xmaddr_t maddr = virt_to_machine(&dt[entry]);
+                if (HYPERVISOR_update_descriptor(maddr.maddr, *(u64 *)desc))
+                        dt[entry] = *(struct desc_struct *)desc;
+        }
+        }
+}
 static void xen_load_sp0(struct tss_struct *tss,
                         struct thread_struct *thread)
 {
@@ -965,6 +1037,23 @@ static const struct machine_ops __initdata xen_machine_ops = {
        .emergency_restart = xen_emergency_restart,
 };
+/*
+ * Set up the GDT and segment registers for -fstack-protector.  Until
+ * we do this, we have to be careful not to call any stack-protected
+ * function, which is most of the kernel.
+ */
+static void __init xen_setup_stackprotector(void)
+{
+        pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
+        pv_cpu_ops.load_gdt = xen_load_gdt_boot;
+        setup_stack_canary_segment(0);
+        switch_to_new_gdt(0);
+        pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
+        pv_cpu_ops.load_gdt = xen_load_gdt;
+}
 /* First C function to be called on Xen boot */
 asmlinkage void __init xen_start_kernel(void)
 {
@@ -983,13 +1072,28 @@ asmlinkage void __init xen_start_kernel(void)
        pv_apic_ops = xen_apic_ops;
        pv_mmu_ops = xen_mmu_ops;
-#ifdef CONFIG_X86_64
        /*
-         * Setup percpu state.  We only need to do this for 64-bit
+         * Set up some pagetable state before starting to set any ptes.
-         * because 32-bit already has %fs set properly.
         */
-        load_percpu_segment(0);
-#endif
+        /* Prevent unwanted bits from being set in PTEs. */
+        __supported_pte_mask &= ~_PAGE_GLOBAL;
+        if (!xen_initial_domain())
+                __supported_pte_mask &= ~(_PAGE_PWT | _PAGE_PCD);
+        __supported_pte_mask |= _PAGE_IOMAP;
+        xen_setup_features();
+        /* Get mfn list */
+        if (!xen_feature(XENFEAT_auto_translated_physmap))
+                xen_build_dynamic_phys_to_machine();
+        /*
+         * Set up kernel GDT and segment registers, mainly so that
+         * -fstack-protector code can be executed.
+         */
+        xen_setup_stackprotector();
        xen_init_irq_ops();
        xen_init_cpuid_mask();
@@ -1001,8 +1105,6 @@ asmlinkage void __init xen_start_kernel(void)
        set_xen_basic_apic_ops();
 #endif
-        xen_setup_features();
        if (xen_feature(XENFEAT_mmu_pt_update_preserve_ad)) {
                pv_mmu_ops.ptep_modify_prot_start = xen_ptep_modify_prot_start;
                pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
@@ -1019,17 +1121,8 @@ asmlinkage void __init xen_start_kernel(void)
        xen_smp_init();
-        /* Get mfn list */
-        if (!xen_feature(XENFEAT_auto_translated_physmap))
-                xen_build_dynamic_phys_to_machine();
        pgd = (pgd_t *)xen_start_info->pt_base;
-        /* Prevent unwanted bits from being set in PTEs. */
-        __supported_pte_mask &= ~_PAGE_GLOBAL;
-        if (!xen_initial_domain())
-                __supported_pte_mask &= ~(_PAGE_PWT | _PAGE_PCD);
 #ifdef CONFIG_X86_64
        /* Work out if we support NX */
        check_efer();
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 429834ec1687..fe03eeed7b48 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -236,6 +236,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
        ctxt->user_regs.ss = __KERNEL_DS;
 #ifdef CONFIG_X86_32
        ctxt->user_regs.fs = __KERNEL_PERCPU;
+        ctxt->user_regs.gs = __KERNEL_STACK_CANARY;
 #else
        ctxt->gs_base_kernel = per_cpu_offset(cpu);
 #endif
diff --git a/drivers/xen/Makefile b/drivers/xen/Makefile
index ec2a39b1e26f..7c284342f30f 100644
--- a/drivers/xen/Makefile
+++ b/drivers/xen/Makefile
@@ -1,6 +1,9 @@
 obj-y   += grant-table.o features.o events.o manage.o
 obj-y   += xenbus/
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_features.o                       := $(nostackp)
 obj-$(CONFIG_HOTPLUG_CPU)       += cpu_hotplug.o
 obj-$(CONFIG_XEN_XENCOMM)       += xencomm.o
 obj-$(CONFIG_XEN_BALLOON)       += balloon.o

diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index eefdeee8a871..72bb3a26c738 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile
@@ -1,6 +1,10 @@
1	obj-y := init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \	1	obj-y := init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
2	pat.o pgtable.o gup.o	2	pat.o pgtable.o gup.o
3		3
		4	# Make sure __phys_addr has no stackprotector
		5	nostackp := $(call cc-option, -fno-stack-protector)
		6	CFLAGS_ioremap.o := $(nostackp)
		7
4	obj-$(CONFIG_SMP) += tlb.o	8	obj-$(CONFIG_SMP) += tlb.o
5		9
6	obj-$(CONFIG_X86_32) += pgtable_32.o iomap_32.o	10	obj-$(CONFIG_X86_32) += pgtable_32.o iomap_32.o


diff --git a/arch/x86/xen/Makefile b/arch/x86/xen/Makefile index 7410640db173..3bb4fc21f4f2 100644 --- a/arch/x86/xen/Makefile +++ b/arch/x86/xen/Makefile
@@ -8,6 +8,7 @@ endif
8	# Make sure early boot has no stackprotector	8	# Make sure early boot has no stackprotector
9	nostackp := $(call cc-option, -fno-stack-protector)	9	nostackp := $(call cc-option, -fno-stack-protector)
10	CFLAGS_enlighten.o := $(nostackp)	10	CFLAGS_enlighten.o := $(nostackp)
		11	CFLAGS_mmu.o := $(nostackp)
11		12
12	obj-y := enlighten.o setup.o multicalls.o mmu.o irq.o \	13	obj-y := enlighten.o setup.o multicalls.o mmu.o irq.o \
13	time.o xen-asm.o xen-asm_$(BITS).o \	14	time.o xen-asm.o xen-asm_$(BITS).o \
@@ -16,3 +17,4 @@ obj-y := enlighten.o setup.o multicalls.o mmu.o irq.o \
16	obj-$(CONFIG_SMP) += smp.o	17	obj-$(CONFIG_SMP) += smp.o
17	obj-$(CONFIG_PARAVIRT_SPINLOCKS)+= spinlock.o	18	obj-$(CONFIG_PARAVIRT_SPINLOCKS)+= spinlock.o
18	obj-$(CONFIG_XEN_DEBUG_FS) += debugfs.o	19	obj-$(CONFIG_XEN_DEBUG_FS) += debugfs.o
		20


diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c index eb33aaa8415d..76143136dead 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c
@@ -51,6 +51,7 @@
51	#include <asm/pgtable.h>	51	#include <asm/pgtable.h>
52	#include <asm/tlbflush.h>	52	#include <asm/tlbflush.h>
53	#include <asm/reboot.h>	53	#include <asm/reboot.h>
		54	#include <asm/stackprotector.h>
54		55
55	#include "xen-ops.h"	56	#include "xen-ops.h"
56	#include "mmu.h"	57	#include "mmu.h"
@@ -330,18 +331,28 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
330	unsigned long frames[pages];	331	unsigned long frames[pages];
331	int f;	332	int f;
332		333
333	/* A GDT can be up to 64k in size, which corresponds to 8192	334	/*
334	8-byte entries, or 16 4k pages.. */	335	* A GDT can be up to 64k in size, which corresponds to 8192
		336	* 8-byte entries, or 16 4k pages..
		337	*/
335		338
336	BUG_ON(size > 65536);	339	BUG_ON(size > 65536);
337	BUG_ON(va & ~PAGE_MASK);	340	BUG_ON(va & ~PAGE_MASK);
338		341
339	for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {	342	for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
340	int level;	343	int level;
341	pte_t *ptep = lookup_address(va, &level);	344	pte_t *ptep;
342	unsigned long pfn, mfn;	345	unsigned long pfn, mfn;
343	void *virt;	346	void *virt;
344		347
		348	/*
		349	* The GDT is per-cpu and is in the percpu data area.
		350	* That can be virtually mapped, so we need to do a
		351	* page-walk to get the underlying MFN for the
		352	* hypercall. The page can also be in the kernel's
		353	* linear range, so we need to RO that mapping too.
		354	*/
		355	ptep = lookup_address(va, &level);
345	BUG_ON(ptep == NULL);	356	BUG_ON(ptep == NULL);
346		357
347	pfn = pte_pfn(*ptep);	358	pfn = pte_pfn(*ptep);
@@ -358,6 +369,44 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
358	BUG();	369	BUG();
359	}	370	}
360		371
		372	/*
		373	* load_gdt for early boot, when the gdt is only mapped once
		374	*/
		375	static __init void xen_load_gdt_boot(const struct desc_ptr *dtr)
		376	{
		377	unsigned long va = dtr->address;
		378	unsigned int size = dtr->size + 1;
		379	unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
		380	unsigned long frames[pages];
		381	int f;
		382
		383	/*
		384	* A GDT can be up to 64k in size, which corresponds to 8192
		385	* 8-byte entries, or 16 4k pages..
		386	*/
		387
		388	BUG_ON(size > 65536);
		389	BUG_ON(va & ~PAGE_MASK);
		390
		391	for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
		392	pte_t pte;
		393	unsigned long pfn, mfn;
		394
		395	pfn = virt_to_pfn(va);
		396	mfn = pfn_to_mfn(pfn);
		397
		398	pte = pfn_pte(pfn, PAGE_KERNEL_RO);
		399
		400	if (HYPERVISOR_update_va_mapping((unsigned long)va, pte, 0))
		401	BUG();
		402
		403	frames[f] = mfn;
		404	}
		405
		406	if (HYPERVISOR_set_gdt(frames, size / sizeof(struct desc_struct)))
		407	BUG();
		408	}
		409
361	static void load_TLS_descriptor(struct thread_struct *t,	410	static void load_TLS_descriptor(struct thread_struct *t,
362	unsigned int cpu, unsigned int i)	411	unsigned int cpu, unsigned int i)
363	{	412	{
@@ -581,6 +630,29 @@ static void xen_write_gdt_entry(struct desc_struct *dt, int entry,
581	preempt_enable();	630	preempt_enable();
582	}	631	}
583		632
		633	/*
		634	* Version of write_gdt_entry for use at early boot-time needed to
		635	* update an entry as simply as possible.
		636	*/
		637	static __init void xen_write_gdt_entry_boot(struct desc_struct *dt, int entry,
		638	const void *desc, int type)
		639	{
		640	switch (type) {
		641	case DESC_LDT:
		642	case DESC_TSS:
		643	/* ignore */
		644	break;
		645
		646	default: {
		647	xmaddr_t maddr = virt_to_machine(&dt[entry]);
		648
		649	if (HYPERVISOR_update_descriptor(maddr.maddr, (u64 )desc))
		650	dt[entry] = (struct desc_struct )desc;
		651	}
		652
		653	}
		654	}
		655
584	static void xen_load_sp0(struct tss_struct *tss,	656	static void xen_load_sp0(struct tss_struct *tss,
585	struct thread_struct *thread)	657	struct thread_struct *thread)
586	{	658	{
@@ -965,6 +1037,23 @@ static const struct machine_ops __initdata xen_machine_ops = {
965	.emergency_restart = xen_emergency_restart,	1037	.emergency_restart = xen_emergency_restart,
966	};	1038	};
967		1039
		1040	/*
		1041	* Set up the GDT and segment registers for -fstack-protector. Until
		1042	* we do this, we have to be careful not to call any stack-protected
		1043	* function, which is most of the kernel.
		1044	*/
		1045	static void __init xen_setup_stackprotector(void)
		1046	{
		1047	pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
		1048	pv_cpu_ops.load_gdt = xen_load_gdt_boot;
		1049
		1050	setup_stack_canary_segment(0);
		1051	switch_to_new_gdt(0);
		1052
		1053	pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
		1054	pv_cpu_ops.load_gdt = xen_load_gdt;
		1055	}
		1056
968	/* First C function to be called on Xen boot */	1057	/* First C function to be called on Xen boot */
969	asmlinkage void __init xen_start_kernel(void)	1058	asmlinkage void __init xen_start_kernel(void)
970	{	1059	{
@@ -983,13 +1072,28 @@ asmlinkage void __init xen_start_kernel(void)
983	pv_apic_ops = xen_apic_ops;	1072	pv_apic_ops = xen_apic_ops;
984	pv_mmu_ops = xen_mmu_ops;	1073	pv_mmu_ops = xen_mmu_ops;
985		1074
986	#ifdef CONFIG_X86_64
987	/*	1075	/*
988	* Setup percpu state. We only need to do this for 64-bit	1076	* Set up some pagetable state before starting to set any ptes.
989	* because 32-bit already has %fs set properly.
990	*/	1077	*/
991	load_percpu_segment(0);	1078
992	#endif	1079	/* Prevent unwanted bits from being set in PTEs. */
		1080	__supported_pte_mask &= ~_PAGE_GLOBAL;
		1081	if (!xen_initial_domain())
		1082	__supported_pte_mask &= ~(_PAGE_PWT \| _PAGE_PCD);
		1083
		1084	__supported_pte_mask \|= _PAGE_IOMAP;
		1085
		1086	xen_setup_features();
		1087
		1088	/* Get mfn list */
		1089	if (!xen_feature(XENFEAT_auto_translated_physmap))
		1090	xen_build_dynamic_phys_to_machine();
		1091
		1092	/*
		1093	* Set up kernel GDT and segment registers, mainly so that
		1094	* -fstack-protector code can be executed.
		1095	*/
		1096	xen_setup_stackprotector();
993		1097
994	xen_init_irq_ops();	1098	xen_init_irq_ops();
995	xen_init_cpuid_mask();	1099	xen_init_cpuid_mask();
@@ -1001,8 +1105,6 @@ asmlinkage void __init xen_start_kernel(void)
1001	set_xen_basic_apic_ops();	1105	set_xen_basic_apic_ops();
1002	#endif	1106	#endif
1003		1107
1004	xen_setup_features();
1005
1006	if (xen_feature(XENFEAT_mmu_pt_update_preserve_ad)) {	1108	if (xen_feature(XENFEAT_mmu_pt_update_preserve_ad)) {
1007	pv_mmu_ops.ptep_modify_prot_start = xen_ptep_modify_prot_start;	1109	pv_mmu_ops.ptep_modify_prot_start = xen_ptep_modify_prot_start;
1008	pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;	1110	pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
@@ -1019,17 +1121,8 @@ asmlinkage void __init xen_start_kernel(void)
1019		1121
1020	xen_smp_init();	1122	xen_smp_init();
1021		1123
1022	/* Get mfn list */
1023	if (!xen_feature(XENFEAT_auto_translated_physmap))
1024	xen_build_dynamic_phys_to_machine();
1025
1026	pgd = (pgd_t *)xen_start_info->pt_base;	1124	pgd = (pgd_t *)xen_start_info->pt_base;
1027		1125
1028	/* Prevent unwanted bits from being set in PTEs. */
1029	__supported_pte_mask &= ~_PAGE_GLOBAL;
1030	if (!xen_initial_domain())
1031	__supported_pte_mask &= ~(_PAGE_PWT \| _PAGE_PCD);
1032
1033	#ifdef CONFIG_X86_64	1126	#ifdef CONFIG_X86_64
1034	/* Work out if we support NX */	1127	/* Work out if we support NX */
1035	check_efer();	1128	check_efer();


diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c index 429834ec1687..fe03eeed7b48 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c
@@ -236,6 +236,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
236	ctxt->user_regs.ss = __KERNEL_DS;	236	ctxt->user_regs.ss = __KERNEL_DS;
237	#ifdef CONFIG_X86_32	237	#ifdef CONFIG_X86_32
238	ctxt->user_regs.fs = __KERNEL_PERCPU;	238	ctxt->user_regs.fs = __KERNEL_PERCPU;
		239	ctxt->user_regs.gs = __KERNEL_STACK_CANARY;
239	#else	240	#else
240	ctxt->gs_base_kernel = per_cpu_offset(cpu);	241	ctxt->gs_base_kernel = per_cpu_offset(cpu);
241	#endif	242	#endif


diff --git a/drivers/xen/Makefile b/drivers/xen/Makefile index ec2a39b1e26f..7c284342f30f 100644 --- a/drivers/xen/Makefile +++ b/drivers/xen/Makefile
@@ -1,6 +1,9 @@
1	obj-y += grant-table.o features.o events.o manage.o	1	obj-y += grant-table.o features.o events.o manage.o
2	obj-y += xenbus/	2	obj-y += xenbus/
3		3
		4	nostackp := $(call cc-option, -fno-stack-protector)
		5	CFLAGS_features.o := $(nostackp)
		6
4	obj-$(CONFIG_HOTPLUG_CPU) += cpu_hotplug.o	7	obj-$(CONFIG_HOTPLUG_CPU) += cpu_hotplug.o
5	obj-$(CONFIG_XEN_XENCOMM) += xencomm.o	8	obj-$(CONFIG_XEN_XENCOMM) += xencomm.o
6	obj-$(CONFIG_XEN_BALLOON) += balloon.o	9	obj-$(CONFIG_XEN_BALLOON) += balloon.o