From: Greg Kroah-Hartman Date: Fri, 20 Apr 2018 06:45:47 +0000 (+0200) Subject: 4.16-stable patches X-Git-Tag: v3.18.106~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12b1d9f62cfe9502213f063ee95447b628d88216;p=thirdparty%2Fkernel%2Fstable-queue.git 4.16-stable patches added patches: x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch --- diff --git a/queue-4.16/series b/queue-4.16/series index 76f11ba4719..ad365e849b1 100644 --- a/queue-4.16/series +++ b/queue-4.16/series @@ -32,3 +32,4 @@ media-atomisp_fops.c-disable-atomisp_compat_ioctl32.patch media-vivid-check-if-the-cec_adapter-is-valid.patch media-vb2-core-finish-buffers-at-the-end-of-the-stream.patch media-vsp1-fix-brx-conditional-path-in-wpf.patch +x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch diff --git a/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch b/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch new file mode 100644 index 00000000000..4939bbb3598 --- /dev/null +++ b/queue-4.16/x86-xen-delay-get_cpu_cap-until-stack-canary-is-established.patch @@ -0,0 +1,61 @@ +From 36104cb9012a82e73c32a3b709257766b16bcd1d Mon Sep 17 00:00:00 2001 +From: Jason Andryuk +Date: Mon, 19 Mar 2018 12:58:04 -0400 +Subject: x86/xen: Delay get_cpu_cap until stack canary is established + +From: Jason Andryuk + +commit 36104cb9012a82e73c32a3b709257766b16bcd1d upstream. + +Commit 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") introduced a +call to get_cpu_cap, which is fstack-protected. This is works on x86-64 +as commit 4f277295e54c ("x86/xen: init %gs very early to avoid page +faults with stack protector") ensures the stack protector is configured, +but it it did not cover x86-32. + +Delay calling get_cpu_cap until after xen_setup_gdt has initialized the +stack canary. Without this, a 32bit PV machine crashes early +in boot. +(XEN) Domain 0 (vcpu#0) crashed on cpu#0: +(XEN) ----[ Xen-4.6.6-xc x86_64 debug=n Tainted: C ]---- +(XEN) CPU: 0 +(XEN) RIP: e019:[<00000000c10362f8>] + +And the PV kernel IP corresponds to init_scattered_cpuid_features + 0xc10362f8 <+24>: mov %gs:0x14,%eax + +Fixes 2cc42bac1c79 ("x86-64/Xen: eliminate W+X mappings") + +Signed-off-by: Jason Andryuk +Reviewed-by: Boris Ostrovsky +Signed-off-by: Boris Ostrovsky +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/xen/enlighten_pv.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/x86/xen/enlighten_pv.c ++++ b/arch/x86/xen/enlighten_pv.c +@@ -1259,10 +1259,6 @@ asmlinkage __visible void __init xen_sta + */ + __userpte_alloc_gfp &= ~__GFP_HIGHMEM; + +- /* Work out if we support NX */ +- get_cpu_cap(&boot_cpu_data); +- x86_configure_nx(); +- + /* Get mfn list */ + xen_build_dynamic_phys_to_machine(); + +@@ -1272,6 +1268,10 @@ asmlinkage __visible void __init xen_sta + */ + xen_setup_gdt(0); + ++ /* Work out if we support NX */ ++ get_cpu_cap(&boot_cpu_data); ++ x86_configure_nx(); ++ + xen_init_irq_ops(); + + /* Let's presume PV guests always boot on vCPU with id 0. */