- 26 May, 2008 16 commits
-
-
Eric Sandeen authored
(Updated with a common max-stack-used checker that knows about the canary, as suggested by Joe Perches) Use a canary at the end of the stack to clearly indicate at oops time whether the stack has ever overflowed. This is a very simple implementation with a couple of drawbacks: 1) a thread may legitimately use exactly up to the last word on the stack -- but the chances of doing this and then oopsing later seem slim 2) it's possible that the stack usage isn't dense enough that the canary location could get skipped over -- but the worst that happens is that we don't flag the overrun -- though this happens fairly often in my testing :( With the code in place, an intentionally-bloated stack oops might do: BUG: unable to handle kernel paging request at ffff8103f84cc680 IP: [<ffffffff810253df>] update_curr+0x9a/0xa8 PGD 8063 PUD 0 Thread overran stack or stack corrupted Oops: 0000 [1] SMP CPU 0 ... ... unless the stack overrun is so bad that it corrupts some other thread. Signed-off-by:
Eric Sandeen <sandeen@redhat.com> Signed-off-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de>
-
Arjan van de Ven authored
If the user selects the stack-protector config option, but does not have a gcc that has the right bits enabled (for example because it isn't build with a glibc that supports TLS, as is common for cross-compilers, but also because it may be too old), then the runtime test fails right now. This patch adds a warning message for this scenario. This warning accomplishes two goals 1) the user is informed that the security option he selective isn't available 2) the user is suggested to turn of the CONFIG option that won't work for him, and would make the runtime test fail anyway. Signed-off-by:
Arjan van de Ven <arjan@linux.intel.com> Signed-off-by:
-
Daniel Walker authored
trivial: remove white space addition in stack protector Signed-off-by:
-
Arjan van de Ven authored
This patch adds a simple self-test capability to the stackprotector feature. The test deliberately overflows a stack buffer and then checks if the canary trap function gets called. Signed-off-by:
-
Ingo Molnar authored
streamline the stackprotector features under a single option and make the stronger feature the one accessible. Signed-off-by:
-
Ingo Molnar authored
mix the TSC to the boot canary. Signed-off-by:
-
Ingo Molnar authored
Signed-off-by:
-
Ingo Molnar authored
add the boot_init_stack_canary() and make the secondary idle threads use it. Signed-off-by:
-
Ingo Molnar authored
create <linux/stackprotector.h> for core kernel files to include. Signed-off-by:
-
Ingo Molnar authored
also enable the rodata and nx tests. Signed-off-by:
-
Ingo Molnar authored
if CONFIG_DEBUG_BUGVERBOSE is set then the user most definitely wanted to see as much information about kernel crashes as possible - so give them at least a stack dump. this is particularly useful for stackprotector related panics, where the stacktrace can give us the exact location of the (attempted) attack. Pointed out by pageexec@freemail.hu in the stackprotector breakage threads. Signed-off-by:
-
Ingo Molnar authored
pointed out by pageexec@freemail.hu: we just simply panic() when there's a stackprotector attack - giving the attacked person no information about what kernel code the attack went against. print out the attacked function. Signed-off-by:
-
Ingo Molnar authored
the boot CPU's idle task has a zero stackprotector canary value. this is a special task that is never forked, so the fork code does not randomize its canary. Do it when we hit cpu_idle(). Academic sidenote: this means that the early init code runs with a zero canary and hence the canary becomes predictable for this short, boot-only amount of time. Although attack vectors against early init code are very rare, it might make sense to move this initialization to an earlier point. (to one of the early init functions that never return - such as start_kernel()) Signed-off-by:
-
Arjan van de Ven authored
The idle threads for non-boot CPUs are a bit special in how they are created; the result is that these don't have the stack canary set up properly in their PDA. Easiest fix is to just always set the PDA up correctly when entering the idle thread; this is a NOP for the boot cpu. Signed-off-by:
-
Ingo Molnar authored
fix a bug noticed and fixed by pageexec@freemail.hu. if built with -fstack-protector-all then we'll have canary checks built into the __switch_to() function. That does not work well with the canary-switching code there: while we already use the %rsp of the new task, we still call __switch_to() whith the previous task's canary value in the PDA, hence the __switch_to() ssp prologue instructions will store the previous canary. Then we update the PDA and upon return from __switch_to() the canary check triggers and we panic. so update the canary after we have called __switch_to(), where we are at the same stackframe level as the last stackframe of the next (and now freshly current) task. Note: this means that we call __switch_to() [and its sub-functions] still with the old canary, but that is not a problem, both the previous and the next task has a high-quality canary. The only (mostly academic) disadvantage is that the canary of one task may leak onto the stack of another task, increasing the risk of information leaks, were an attacker able to read the stack of specific tasks (but not that of others). To solve this we'll have to reorganize the way we switch tasks, and move the PDA setting into the switch_to() assembly code. That will happen in another patch. Signed-off-by:
-
Ingo Molnar authored
on paravirt enabled 64-bit kernels the paravirt ops do function calls themselves - which is bad with the stackprotector - for example pda_init() loads 0 into %gs and then does MSR_GS_BASE write (which modifies gs.base) - but that MSR write is a function call on paravirt, which with stackprotector tries to read the stack canary from the PDA ... crashing the bootup. the solution was suggested by Arjan van de Ven: to exclude paravirt.c from stackprotector, too many lowlevel functionality is in it. It's not like we'll have paravirt functions with character arrays on their stack anyway... Signed-off-by:
-
- 25 May, 2008 16 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixesLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes: Kconfig: introduce ARCH_DEFCONFIG to DEFCONFIG_LIST .gitignore: match ncscope.out scripts/ver_linux use 'gcc -dumpversion'
-
git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdogLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog: [WATCHDOG] Add ICH9DO into the iTCO_wdt.c driver [WATCHDOG] Fix booke_wdt.c on MPC85xx SMP system's [WATCHDOG] Add a watchdog driver based on the CS5535/CS5536 MFGPT timers [WATCHDOG] hpwdt: Fix NMI handling. [WATCHDOG] Blackfin Watchdog Driver: split platform device/driver [WATCHDOG] Add w83697h_wdt early_disable option [WATCHDOG] Make w83697h_wdt timeout option string similar to others [WATCHDOG] Make w83697h_wdt void-like functions void
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: [ALSA] hda - Fix capture mute Widget for stac9250/9251 [ALSA] snd-pcsp - fix pcsp_treble_info() to honour an item number [ALSA] hda - Added support for Foxconn P35AX-S mainboard [ALSA] hda - Fix COEF and EAPD in ALC889 auto-configuration mode [ALSA] hda - Fix noise on VT1708 codec [ALSA] hda - Add model for ASUS P5K-E/WIFI-AP
-
Sam Ravnborg authored
init/Kconfig contains a list of configs that are searched for if 'make *config' are used with no .config present. Extend this list to look at the config identified by ARCH_DEFCONFIG. With this change we now try the defconfig targets last. This fixes a regression reported by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:Sam Ravnborg <sam@ravnborg.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com>
-
Jike Song authored
Sometimes I got this: $ git-status {snip} # On branch master # Untracked files: # (use "git add <file>..." to include in what will be committed) # # ncscope.out nothing added to commit but untracked files present (use "git add" to track) Fix it. Signed-off-by:Jike Song <albcamus@gmail.com> Signed-off-by:
-
Gabriel C authored
These magic greps and hacks in ver_linux to get the gcc version always break after some gcc releases. Since now gcc >4.3 allows compiling with '--with-pkgversion' ( which can be everything 'My Cool Gcc' or something ) ver_linux will report random junk for these. Simply use 'gcc -dumpversion' to get the gcc version which should always work. Signed-off-by:
Gabriel C <nix.or.die@googlemail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Mauro Carvalho Chehab authored
Fix capture mute widget for STAC9250/9251 codecs. The widget 0x09 has no mute but 0x14 does actually. Signed-off-by:Mauro Carvalho Chehab <mchehab@infradead.org>
-
Stas Sergeev authored
This solves the problem with mixers wrongly displaying the PWM freq. Signed-off-by:
Stas Sergeev <stsp@aknet.ru> Signed-off-by:
Takashi Iwai <tiwai@suse.de>
-
Gabriel C authored
Add the Intel ICH9DO controller ID's for the iTCO_wdt kernel driver and bump the driver version. Tested on an P5E-VM DO ASUS motherboard. Signed-off-by:
Wim Van Sebroeck <wim@iguana.be> Signed-off-by:
-
Chen Gong authored
On Book-E SMP systems each core has its own private watchdog. If only one watchdog is enabled, when the core that doesn't enable the watchdog is hung, system can't reset because no watchdog is running on it. That's bad. It means we must enable watchdogs on both cores. We can use smp_call_function() to send appropriate messages to all the other cores to enable and update the watchdog. Signed-off-by:
Chen Gong <g.chen@freescale.com> Signed-off-by:
-
Jordan Crouse authored
Add a watchdog timer based on the MFGPT timers in the CS5535/CS5536 companion chips to the AMD Geode GX and LX processors. Only caveat is that the BIOS must provide at least a one free timer, and most do not. Signed-off-by:
Jordan Crouse <jordan.crouse@amd.com> Signed-off-by:
-
Mingarelli, Thomas authored
I need to just return in case it's not my NMI so someone else can take a look at it (and reset die_nmi_called to 0 in case I actually do get one that's mine to handle). Signed-off-by:
Thomas Mingarelli <thomas.mingarelli@hp.com> Signed-off-by:
-
Mike Frysinger authored
- split platform device/driver registering from actual watchdog device/driver registering so that we can cleanly load/unload - fixup __initdata with __initconst and __devinitdata with __devinitconst Signed-off-by:
Mike Frysinger <vapier.adi@gmail.com> Signed-off-by:
Bryan Wu <cooloney@kernel.org> Signed-off-by:
-
Samuel Tardieu authored
Pádraig Brady requested the possibility of not disabling the watchdog at module load time or kernel boot time if it had been previously enabled in the bios. It may help rebooting the machine if it freezes before the userland daemon kicks in. Signed-off-by:
Samuel Tardieu <sam@rfc1149.net> Cc: Pádraig Brady <P@draigBrady.com> Signed-off-by:
-
Samuel Tardieu authored
Signed-off-by:
-
Samuel Tardieu authored
Some non-exported functions always returned 0. Mark them void instead. Signed-off-by:
-
- 24 May, 2008 8 commits
-
-
Linus Torvalds authored
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip: x86: prevent PGE flush from interruption/preemption x86: use explicit copy in vdso_gettimeofday() namespacecheck: automated fixes x86/xen: fix arbitrary_virt_to_machine() x86: don't read maxlvt before checking if APIC is mapped x86: disable TSC for sched_clock() when calibration failed x86: distangle user disabled TSC from unstable x86: fix setup of cyc2ns in tsc_64.c
-
Linus Torvalds authored
* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] integrator: fix build warnings and errors [ARM] fix OMAP include loops Revert "[ARM] pxa: spitz wants PXA27x UDC definitions" [ARM] 5053/1: define before use of processor_id [ARM] 5052/1: export clock functions for the at91x40 [ARM] 5051/1: define pgtable_t for the !CONFIG_MMU case too [ARM] omap: fix omap clk support build errors [ARM] 5039/1: S3C244X: Rename SDI device if running on S3C244X. [ARM] 5043/1: pxafb: remove unused mode variable in pxafb_init_fbinfo [ARM] 5041/1: VR1000: Fix DM9000 IRQ flags initialisation [ARM] 5040/1: BAST: Fix DM9000 IRQ flags initialisation [ARM] 5038/1: ARM: OMAP: Remove tsc2102 references from board-palmte.c [ARM] 5025/2: fix collie cpu initialisation
-
David Brownell authored
Somehow the spidev code forgot to include a critical mechanism: when the underlying device is removed (e.g. spi_master rmmod), open file descriptors must be prevented from issuing new I/O requests to that device. On penalty of the oopsing reported by Sebastian Siewior <bigeasy@tglx.de> ... This is a partial fix, adding handshaking between the lower level (SPI messaging) and the file operations using the spi_dev. (It also fixes an issue where reads and writes didn't return the number of bytes sent or received.) There's still a refcounting issue to be addressed (separately). Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Reported-by:
Sebastian Siewior <bigeasy@tglx.de> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Cedric Le Goater authored
This is a slight change in the namespace cgroup subsystem api. The change is that previously when cgroup_clone() was called (currently only from the unshare path in ns_proxy cgroup, you'd get a new group named "node_$pid" whereas now you'll get a group named after just your pid.) The only users who would notice it are those who are using the ns_proxy cgroup subsystem to auto-create cgroups when namespaces are unshared - something of an experimental feature, which I think really needs more complete container/namespace support in order to be useful. I suspect the only users are Cedric and Serge, or maybe a few others on containers@lists.linux-foundation.org. And in fact it would only be noticed by the users who make the assumption about how the name is generated, rather than getting it from the /proc/<pid>/cgroups file for the process in question. Whether the change is actually needed or not I'm fairly agnostic on, but I guess it is more elegant to just use the pid as the new group name rather than adding a fairly arbitrary "node_" prefix on the front. [menage@google.com: provided changelog] Signed-off-by:
Cedric Le Goater <clg@fr.ibm.com> Cc: "Paul Menage" <menage@google.com> Cc: "Serge E. Hallyn" <serue@us.ibm.com> Cc: <stable@kernel.org> Signed-off-by:
-
Fernando Luis Vazquez Cao authored
for_each_pgdat() was renamed to for_each_online_pgdat() and kerneldoc comments should be updated accordingly. Signed-off-by:
Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by:
-
Adrian Bunk authored
Fix the following build error: ERROR: "empty_zero_page" [fs/ext4/ext4dev.ko] undefined! Reported-by:
Adrian Bunk <bunk@kernel.org> Signed-off-by:
-
Shi Weihua authored
If none of the switch cases match, the PR_SET_PDEATHSIG and PR_SET_DUMPABLE cases of the switch statement will never write to local variable `error'. Signed-off-by:
Shi Weihua <shiwh@cn.fujitsu.com> Cc: Andrew G. Morgan <morgan@kernel.org> Acked-by:
"Serge E. Hallyn" <serue@us.ibm.com> Signed-off-by:
-
Kumar Gala authored
including of <asm/mpc85xx.h> causes build problems since it doesn't exist. Also removed warning: drivers/edac/mpc85xx_edac.c:45: warning: 'mpc85xx_ctl_name' defined but not used Signed-off-by:
Kumar Gala <galak@kernel.crashing.org> Acked-by:
Doug Thompson <dougthompson@xmission.com> Acked-by:
Dave Jiang <djiang@mvista.com> Signed-off-by:
-
