rpms/kernel/F-11 linux-2.6-x86-load-percpu-segment-no-stackprotector.patch, NONE, 1.1 linux-2.6-xen-rearrange-to-fix-stackprotector.patch, NONE, 1.1 config-x86-generic, 1.79, 1.80 kernel.spec, 1.1720, 1.1721

Chuck Ebbert cebbert at fedoraproject.org
Thu Aug 27 22:50:03 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28315

Modified Files:
	config-x86-generic kernel.spec 
Added Files:
	linux-2.6-x86-load-percpu-segment-no-stackprotector.patch 
	linux-2.6-xen-rearrange-to-fix-stackprotector.patch 
Log Message:
Fix stackprotector problems with Xen on x86_64.
Disable stackprotector on i386 until 32-bit Xen gets fixed.

linux-2.6-x86-load-percpu-segment-no-stackprotector.patch:
 Makefile |    4 ++++
 1 file changed, 4 insertions(+)

--- NEW FILE linux-2.6-x86-load-percpu-segment-no-stackprotector.patch ---
From: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
Date: Mon, 17 Aug 2009 19:25:41 +0000 (-0700)
Subject: x86: make sure load_percpu_segment has no stackprotector
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=5416c2663517ebd0be0664c4d4ce3df0b116c059

x86: make sure load_percpu_segment has no stackprotector

load_percpu_segment() is used to set up the per-cpu segment registers,
which are also used for -fstack-protector.  Make sure that the
load_percpu_segment() function doesn't have stackprotector enabled.

[ Impact: allow percpu setup before calling stack-protected functions ]

Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
---

diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
index 4e242f9..8b5b9b6 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -7,6 +7,10 @@ ifdef CONFIG_FUNCTION_TRACER
 CFLAGS_REMOVE_common.o = -pg
 endif
 
+# Make sure load_percpu_segment has no stackprotector
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_common.o		:= $(nostackp)
+
 obj-y			:= intel_cacheinfo.o addon_cpuid_features.o
 obj-y			+= proc.o capflags.o powerflags.o common.o
 obj-y			+= vmware.o hypervisor.o

linux-2.6-xen-rearrange-to-fix-stackprotector.patch:
 Makefile    |    4 ++++
 enlighten.c |   22 ++++++++++------------
 2 files changed, 14 insertions(+), 12 deletions(-)

--- NEW FILE linux-2.6-xen-rearrange-to-fix-stackprotector.patch ---
From: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
Date: Mon, 17 Aug 2009 19:26:53 +0000 (-0700)
Subject: xen: rearrange things to fix stackprotector
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=ce2eef33d35cd7b932492b5a81fb0febd2b323cd

xen: rearrange things to fix stackprotector

Make sure the stack-protector segment registers are properly set up
before calling any functions which may have stack-protection compiled
into them.

[ Impact: prevent Xen early-boot crash when stack-protector is enabled ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge at citrix.com>
---

diff --git a/arch/x86/xen/Makefile b/arch/x86/xen/Makefile
index 3b767d0..a5b9288 100644
--- a/arch/x86/xen/Makefile
+++ b/arch/x86/xen/Makefile
@@ -5,6 +5,10 @@ CFLAGS_REMOVE_time.o = -pg
 CFLAGS_REMOVE_irq.o = -pg
 endif
 
+# Make sure early boot has no stackprotector
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_enlighten.o		:= $(nostackp)
+
 obj-y		:= enlighten.o setup.o multicalls.o mmu.o irq.o \
 			time.o xen-asm.o xen-asm_$(BITS).o \
 			grant-table.o suspend.o
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index f09e8c3..edcf72a 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -925,10 +925,6 @@ asmlinkage void __init xen_start_kernel(void)
 
 	xen_domain_type = XEN_PV_DOMAIN;
 
-	BUG_ON(memcmp(xen_start_info->magic, "xen-3", 5) != 0);
-
-	xen_setup_features();
-
 	/* Install Xen paravirt ops */
 	pv_info = xen_info;
 	pv_init_ops = xen_init_ops;
@@ -937,8 +933,15 @@ asmlinkage void __init xen_start_kernel(void)
 	pv_apic_ops = xen_apic_ops;
 	pv_mmu_ops = xen_mmu_ops;
 
-	xen_init_irq_ops();
+#ifdef CONFIG_X86_64
+	/*
+	 * Setup percpu state.  We only need to do this for 64-bit
+	 * because 32-bit already has %fs set properly.
+	 */
+	load_percpu_segment(0);
+#endif
 
+	xen_init_irq_ops();
 	xen_init_cpuid_mask();
 
 #ifdef CONFIG_X86_LOCAL_APIC
@@ -948,6 +951,8 @@ asmlinkage void __init xen_start_kernel(void)
 	set_xen_basic_apic_ops();
 #endif
 
+	xen_setup_features();
+
 	if (xen_feature(XENFEAT_mmu_pt_update_preserve_ad)) {
 		pv_mmu_ops.ptep_modify_prot_start = xen_ptep_modify_prot_start;
 		pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
@@ -955,13 +960,6 @@ asmlinkage void __init xen_start_kernel(void)
 
 	machine_ops = xen_machine_ops;
 
-#ifdef CONFIG_X86_64
-	/*
-	 * Setup percpu state.  We only need to do this for 64-bit
-	 * because 32-bit already has %fs set properly.
-	 */
-	load_percpu_segment(0);
-#endif
 	/*
 	 * The only reliable way to retain the initial address of the
 	 * percpu gdt_page is to remember it here, so we can go and


Index: config-x86-generic
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/config-x86-generic,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -p -r1.79 -r1.80
--- config-x86-generic	25 Jul 2009 04:09:17 -0000	1.79
+++ config-x86-generic	27 Aug 2009 22:50:02 -0000	1.80
@@ -109,7 +109,8 @@ CONFIG_PCMCIA_FDOMAIN=m
 CONFIG_SCSI_FUTURE_DOMAIN=m
 CONFIG_SCSI_ADVANSYS=m
 
-CONFIG_CC_STACKPROTECTOR=y
+# setting this breaks Xen guests
+# CONFIG_CC_STACKPROTECTOR is not set
 
 CONFIG_SECCOMP=y
 


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1720
retrieving revision 1.1721
diff -u -p -r1.1720 -r1.1721
--- kernel.spec	27 Aug 2009 20:23:30 -0000	1.1720
+++ kernel.spec	27 Aug 2009 22:50:02 -0000	1.1721
@@ -739,6 +739,10 @@ Patch14060: linux-2.6-v4l-dvb-af9015-fix
 # fix race in kthreads
 Patch14070: linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch
 
+# fix stack protector problems with xen on x86_64
+Patch14080: linux-2.6-x86-load-percpu-segment-no-stackprotector.patch
+Patch14090: linux-2.6-xen-rearrange-to-fix-stackprotector.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1369,6 +1373,10 @@ ApplyPatch linux-2.6-v4l-dvb-af9015-fix-
 # fix race in kthreads
 ApplyPatch linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch
 
+# fix stack protector problems with xen on x86_64
+ApplyPatch linux-2.6-x86-load-percpu-segment-no-stackprotector.patch
+ApplyPatch linux-2.6-xen-rearrange-to-fix-stackprotector.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -1954,6 +1962,10 @@ fi
 # and build.
 
 %changelog
+* Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-42
+- Fix stackprotector problems with Xen on x86_64.
+- Disable stackprotector on i386 until 32-bit Xen gets fixed.
+
 * Thu Aug 27 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.5-41
 - linux-2.6-kthreads-fix-kthread-create-vs-kthread-stop.patch:
   fix race in kthreads.

More information about the fedora-extras-commits mailing list