diff options
author | Tejun Heo <tj@kernel.org> | 2009-02-11 16:31:00 +0900 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2009-02-11 11:33:49 +0100 |
commit | 5c79d2a517a9905599d192db8ce77ab5f1a2faca (patch) | |
tree | 11f550a59b9b653fbd6c54b37effbf2d4a750fb5 /arch/x86/kernel/head_32.S | |
parent | 60a5317ff0f42dd313094b88f809f63041568b08 (diff) | |
download | kernel_samsung_smdk4412-5c79d2a517a9905599d192db8ce77ab5f1a2faca.tar.gz kernel_samsung_smdk4412-5c79d2a517a9905599d192db8ce77ab5f1a2faca.tar.bz2 kernel_samsung_smdk4412-5c79d2a517a9905599d192db8ce77ab5f1a2faca.zip |
x86: fix x86_32 stack protector bugs
Impact: fix x86_32 stack protector
Brian Gerst found out that %gs was being initialized to stack_canary
instead of stack_canary - 20, which basically gave the same canary
value for all threads. Fixing this also exposed the following bugs.
* cpu_idle() didn't call boot_init_stack_canary()
* stack canary switching in switch_to() was being done too late making
the initial run of a new thread use the old stack canary value.
Fix all of them and while at it update comment in cpu_idle() about
calling boot_init_stack_canary().
Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch/x86/kernel/head_32.S')
-rw-r--r-- | arch/x86/kernel/head_32.S | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S index 924e31615fb..cf21fd0cf6a 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -447,6 +447,7 @@ is386: movl $2,%ecx # set MP jne 1f movl $per_cpu__gdt_page,%eax movl $per_cpu__stack_canary,%ecx + subl $20, %ecx movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) |