diff options
| author | Tejun Heo <tj@kernel.org> | 2009-02-11 07:31:00 (GMT) |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2009-02-11 10:33:49 (GMT) |
| commit | 5c79d2a517a9905599d192db8ce77ab5f1a2faca (patch) | |
| tree | 11f550a59b9b653fbd6c54b37effbf2d4a750fb5 /arch/x86/include/asm/stackprotector.h | |
| parent | 60a5317ff0f42dd313094b88f809f63041568b08 (diff) | |
| download | linux-fsl-qoriq-5c79d2a517a9905599d192db8ce77ab5f1a2faca.tar.xz | |
x86: fix x86_32 stack protector bugs
Impact: fix x86_32 stack protector
Brian Gerst found out that %gs was being initialized to stack_canary
instead of stack_canary - 20, which basically gave the same canary
value for all threads. Fixing this also exposed the following bugs.
* cpu_idle() didn't call boot_init_stack_canary()
* stack canary switching in switch_to() was being done too late making
the initial run of a new thread use the old stack canary value.
Fix all of them and while at it update comment in cpu_idle() about
calling boot_init_stack_canary().
Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch/x86/include/asm/stackprotector.h')
| -rw-r--r-- | arch/x86/include/asm/stackprotector.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h index fa7e5bd..c2d742c 100644 --- a/arch/x86/include/asm/stackprotector.h +++ b/arch/x86/include/asm/stackprotector.h @@ -85,7 +85,7 @@ static __always_inline void boot_init_stack_canary(void) static inline void setup_stack_canary_segment(int cpu) { #ifdef CONFIG_X86_32 - unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu); + unsigned long canary = (unsigned long)&per_cpu(stack_canary, cpu) - 20; struct desc_struct *gdt_table = get_cpu_gdt_table(cpu); struct desc_struct desc; |