Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-3.15.y
linux-stable/Documentation
History
H. Peter Anvin 6fd50a78ae x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack 
commit 3891a04aaf upstream.

The IRET instruction, when returning to a 16-bit segment, only
restores the bottom 16 bits of the user space stack pointer.  This
causes some 16-bit software to break, but it also leaks kernel state
to user space.  We have a software workaround for that ("espfix") for
the 32-bit kernel, but it relies on a nonzero stack segment base which
is not available in 64-bit mode.

In checkin:

    b3b42ac2cb x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels

we "solved" this by forbidding 16-bit segments on 64-bit kernels, with
the logic that 16-bit support is crippled on 64-bit kernels anyway (no
V86 support), but it turns out that people are doing stuff like
running old Win16 binaries under Wine and expect it to work.

This works around this by creating percpu "ministacks", each of which
is mapped 2^16 times 64K apart.  When we detect that the return SS is
on the LDT, we copy the IRET frame to the ministack and use the
relevant alias to return to userspace.  The ministacks are mapped
readonly, so if IRET faults we promote #GP to #DF which is an IST
vector and thus has its own stack; we then do the fixup in the #DF
handler.

(Making #GP an IST exception would make the msr_safe functions unsafe
in NMI/MC context, and quite possibly have other effects.)

Special thanks to:

- Andy Lutomirski, for the suggestion of using very small stack slots
  and copy (as opposed to map) the IRET frame there, and for the
  suggestion to mark them readonly and let the fault promote to #DF.
- Konrad Wilk for paravirt fixup and testing.
- Borislav Petkov for testing help and useful comments.

Reported-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andrew Lutomriski <amluto@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Dirk Hohndel <dirk@hohndel.org>
Cc: Arjan van de Ven <arjan.van.de.ven@intel.com>
Cc: comex <comexk@gmail.com>
Cc: Alexander van Heukelum <heukelum@fastmail.fm>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-08-07 16:53:53 -07:00
..
ABI ima: audit log files opened with O_DIRECT flag 2014-06-26 15:17:33 -04:00
accounting Documentation/accounting/getdelays.c: avoid strncpy in accounting tool 2013-07-03 16:08:06 -07:00
acpi ACPI and power management updates for 3.14-rc1 2014-01-24 15:51:02 -08:00
aoe aoe: remove do-nothing NAME="%k" term from example udev rules 2013-09-11 15:59:28 -07:00
arm Merge branch 'mvebu/soc3' into next/dt 2014-03-17 12:13:09 +01:00
arm64 - Documentation clarification on CPU topology and booting requirements 2014-04-08 12:06:03 -07:00
auxdisplay
backlight backlight: lp855x_bl: support new LP8555 device 2013-11-13 12:09:14 +09:00
blackfin Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
block Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
blockdev zram: propagate error to user 2014-04-07 16:36:02 -07:00
bus-devices ARM: OMAP2+: gpmc: generic timing calculation 2012-11-09 18:07:11 +05:30
cdrom
cgroups memcg: rename high level charging functions 2014-04-07 16:35:57 -07:00
connector connector: add portid to unicast in addition to broadcasting 2014-02-07 15:40:17 -08:00
console TTY:console: update document console.txt 2013-05-21 10:21:57 -07:00
cpu-freq intel_pstate: Update documentation of {max,min}_perf_pct sysfs files 2014-07-17 16:23:15 -07:00
cpuidle cpuidle: remove cpuidle_unregister_governor() 2013-10-30 01:21:24 +01:00
cris
crypto drivers/dma: remove unused support for MEMSET operations 2013-07-03 16:07:42 -07:00
development-process Documentation: development-process: Update -mm and -next URLs 2013-07-25 12:37:24 +02:00
device-mapper dm thin: add 'no_space_timeout' dm-thin-pool module param 2014-05-20 14:30:36 -04:00
devicetree ARM: mvebu: Fix the improper use of the compatible string armada38x using a wildcard 2014-07-09 11:21:29 -07:00
DocBook Merge branch 'rdunlap' (patches from Randy Dunlap) 2014-05-25 12:39:08 -07:00
driver-model Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-01-22 21:21:55 -08:00
dvb Linux 3.14-rc5 2014-03-11 06:55:49 -03:00
early-userspace Documentation: remove reference to 2.7 kernel in early-userspace 2013-08-20 12:47:28 +02:00
EDID drm: Add 1600x1200 (UXGA) screen resolution to the built-in EDIDs 2013-04-12 14:06:16 +10:00
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection doc: fix quite a few typos within Documentation 2012-11-19 14:28:24 +01:00
fb Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
filesystems Documentation: update /proc/stat "intr" count summary 2014-05-25 12:39:00 -07:00
firmware_class firmware loader: document firmware cache mechanism 2012-11-14 15:07:18 -08:00
fmc FMC: make eeprom attribute writable 2014-02-28 15:12:08 -08:00
frv
gpio gpio: make gpiod_direction_output take a logical value 2014-02-07 09:47:02 +01:00
hid HID: uhid: Add UHID_CREATE2 + UHID_INPUT2 2014-04-01 18:27:33 +02:00
hwmon hwmon: Document temp[1-*]_min_hyst sysfs attribute 2014-05-25 17:23:07 +02:00
i2c Documentation: i2c: improve section about flags mangling the protocol 2014-04-06 13:53:48 +02:00
i2o
ia64 Fix example error_injection_tool 2013-04-02 09:39:55 -07:00
ide Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
infiniband IB/ipoib: Add rtnl_link_ops support 2012-09-20 16:49:17 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2014-05-08 14:06:45 -07:00
ioctl s390/hypfs: add interface for diagnose 0x304 2014-01-24 09:40:59 +01:00
isdn
ja_JP Documentation: Update stable address in Chinese and Japanese translations 2014-04-16 14:13:27 -07:00
kbuild kconfig: make allnoconfig disable options behind EMBEDDED and EXPERT 2014-04-07 16:36:09 -07:00
kdump Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
leds Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
m68k Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
make
memory-devices
metag doc: fix misspellings with 'codespell' tool 2013-05-28 12:02:12 +02:00
mic misc: mic: Fix endianness issues. 2013-11-27 11:03:38 -08:00
mips
misc-devices Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2014-01-29 18:56:27 -08:00
mmc mmc: core: Add in support to expose PRV for v4 MMCs 2013-03-22 12:10:42 -04:00
mn10300
mtd mtd: nand: pxa3xx: Add documentation about the controller 2014-01-03 11:22:09 -08:00
namespaces userns: Recommend use of memory control groups. 2013-01-26 22:20:06 -08:00
netlabel
networking net: doc: Update references to skb->rxhash 2014-05-22 15:26:37 -04:00
nfc NFC: Update pn544 documentation 2013-01-10 01:27:46 +01:00
parisc parisc: document the shadow registers 2013-07-09 22:09:19 +02:00
PCI Merge branch 'pci/dead-code' into next 2014-02-20 14:32:34 -07:00
pcmcia
phy phy: Add new Exynos USB 2.0 PHY driver 2014-03-08 12:39:44 +05:30
power Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
powerpc powerpc: Update the 00-Index in Documentation/powerpc 2013-08-27 14:44:27 +10:00
pps USB: serial: invoke dcd_change ldisc's handler. 2013-09-26 09:45:40 -07:00
prctl seccomp: Make syscall skipping and nr changes more consistent 2012-10-02 21:14:29 +10:00
pti
ptp ptp: Fix compiler warnings in the testptp utility 2014-03-27 14:51:47 -04:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
RCU documentation: Fix some inconsistencies in RTFP.txt 2014-02-17 14:56:10 -08:00
s390 Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
scheduler asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
scsi [SCSI] megaraid_sas: Version and Changelog update 2014-03-15 10:19:21 -07:00
security doc: fix double words 2014-03-21 13:16:58 +01:00
serial Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
sh
sound ALSA: hda - Adjust speaker HPF and add LED support for HP Spectre 13 2014-07-06 18:59:12 -07:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/sc18is602', 'spi/topic/sh-hspi', 'spi/topic/sh-msiof', 'spi/topic/sh-sci', 'spi/topic/sirf' and 'spi/topic/spidev' into spi-next 2014-03-30 00:51:34 +00:00
sysctl mm, pcp: allow restoring percpu_pagelist_fraction default 2014-07-09 11:21:28 -07:00
target target: Remove TF_CIT_TMPL macro 2013-10-16 13:35:02 -07:00
thermal thermal: thermal_core: allow binding with limits on bind_params 2013-09-03 09:10:24 -04:00
timers Documentation/: update 00-INDEX files 2014-02-10 16:01:40 -08:00
tpm drivers/tpm: add xen tpmfront interface 2013-08-09 10:57:06 -04:00
trace Most of the changes were largely clean ups, and some documentation. 2014-04-03 10:26:31 -07:00
usb doc: fix double words 2014-03-21 13:16:58 +01:00
vDSO
video4linux [media] s5p-fimc: Remove reference to outdated macro 2014-03-14 10:37:43 -03:00
virtual KVM: s390: announce irqfd capability 2014-05-15 10:55:10 +02:00
vm mm/memory-failure.c: support use of a dedicated thread to handle SIGBUS(BUS_MCEERR_AO) 2014-06-30 20:13:55 -07:00
w1 Merge 3.14-rc3 into char-misc-next 2014-02-18 08:09:40 -08:00
watchdog watchdog: it87_wdt: Work around non-working CIR interrupts 2014-03-31 13:33:55 +02:00
wimax
x86 x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack 2014-08-07 16:53:53 -07:00
xtensa xtensa: remap io area defined in device tree 2014-01-15 00:25:14 +04:00
zh_CN driver core fixes for 3.15-rc2 2014-04-18 16:59:52 -07:00
.gitignore
00-INDEX Merge branch 'x86-nuke-platforms-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2014-04-02 13:15:58 -07:00
applying-patches.txt
assoc_array.txt KEYS: Fix multiple key add into associative array 2013-12-02 11:24:18 +00:00
atomic_ops.txt Documentation: Memory barrier semantics of atomic_xchg() 2013-01-08 14:14:55 -08:00
bad_memory.txt
basic_profiling.txt
bcache.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt Documentation: fix typo and update version in cachetlb.txt 2013-08-20 12:46:52 +02:00
Changes remove obsolete references to powertweak 2013-11-27 20:34:32 -08:00
circular-buffers.txt documentation: Update circular buffer for load-acquire/store-release 2013-12-03 10:08:57 -08:00
clk.txt Documentation: clk: Add locking documentation 2014-03-19 14:56:06 -07:00
coccinelle.txt Coccinelle: Update information about the minimal version required 2013-07-03 22:58:20 +02:00
CodingStyle Documentation/CodingStyle: allow multiple return statements per function 2013-07-03 16:08:01 -07:00
cpu-hotplug.txt Doc/cpu-hotplug: Specify race-free way to register CPU hotplug callbacks 2014-03-20 13:43:40 +01:00
cpu-load.txt
cputopology.txt doc: Documentation/cputopology.txt fix typo 2013-09-04 12:59:47 +02:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
dell_rbu.txt
devices.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
digsig.txt
DMA-API-HOWTO.txt DMA-API: provide a helper to set both DMA and coherent DMA masks 2013-09-17 15:32:37 +01:00
DMA-API.txt DMA-API: provide a helper to set both DMA and coherent DMA masks 2013-09-17 15:32:37 +01:00
DMA-attributes.txt doc: Documentation/DMA-attributes.txt fix typo 2013-10-14 15:50:53 +02:00
dma-buf-sharing.txt dma-buf: Expose buffer size to userspace (v2) 2013-09-10 11:36:45 +05:30
DMA-ISA-LPC.txt
dmaengine.txt
dmatest.txt dmatest: add a 'wait' parameter 2013-11-14 11:04:40 -08:00
dontdiff Documentation: LLVMLinux: Update Documentation/dontdiff 2014-04-09 13:44:34 -07:00
dynamic-debug-howto.txt dynamic-debug-howto.txt: update since new wildcard support 2014-01-23 16:36:55 -08:00
edac.txt [media, edac] Change my email address 2014-02-07 08:03:07 -02:00
efi-stub.txt doc: Fix trivial spelling mistake in efi-stub.txt 2013-12-19 15:09:14 +01:00
eisa.txt MCA: delete all remaining traces of microchannel bus support. 2012-05-17 19:06:13 -04:00
email-clients.txt Documentation: update thunderbird email client settings 2014-05-25 12:39:00 -07:00
flexible-arrays.txt
futex-requeue-pi.txt doc: fix double words 2014-03-21 13:16:58 +01:00
gcov.txt gcov: compile specific gcov implementation based on gcc version 2013-11-13 12:09:34 +09:00
highuid.txt
HOWTO Documentation: HOWTO: Update broken links to tpp 2013-12-10 23:09:08 -08:00
hw_random.txt hwrng: Fix a wrong comment in Documentation/hw_random.txt 2013-03-10 18:16:36 +08:00
hwspinlock.txt doc: documentation/hwspinlock.txt fix typo 2013-08-27 10:46:02 +02:00
init.txt
initrd.txt Documentation/initrd.txt: Change the location of util-linux 2012-05-25 16:18:34 +02:00
intel_txt.txt Documentation: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:38:03 -08:00
Intel-IOMMU.txt
io_ordering.txt
io-mapping.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
iostats.txt iostats.txt: add easy-to-find description for field 6 2013-04-29 15:18:50 +02:00
IPMI.txt ipmi: add options to disable openfirmware and PCI scanning 2013-02-27 19:10:21 -08:00
IRQ-affinity.txt doc: fix a typo about irq affinity 2013-08-20 12:59:18 +02:00
IRQ-domain.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
IRQ.txt
irqflags-tracing.txt asm/system.h: clean asm/system.h from docs 2014-04-07 16:36:11 -07:00
isapnp.txt
java.txt Documentation: update java sample wrapper for java 7 2014-05-25 12:39:00 -07:00
kernel-doc-nano-HOWTO.txt kernel-doc: Update references to SGML to refs to XML instead. 2013-05-28 12:02:11 +02:00
kernel-docs.txt
kernel-parameters.txt x86, rdrand: When nordrand is specified, disable RDSEED as well 2014-05-11 20:25:20 -07:00
kernel-per-CPU-kthreads.txt Documentation/kernel-per-CPU-kthreads.txt: Workqueue affinity 2014-02-17 14:56:08 -08:00
kmemcheck.txt doc: fix double words 2014-03-21 13:16:58 +01:00
kmemleak.txt Documentation/kmemleak.txt: updates 2014-04-03 16:21:27 -07:00
kobject.txt kobject: remove kset from sysfs immediately in kset_unregister() 2013-12-07 21:20:11 -08:00
kprobes.txt
kref.txt kref: Add kref_get_unless_zero documentation 2012-11-28 18:36:06 +10:00
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt lockstat: Report avg wait and hold times 2013-10-09 08:19:08 +02:00
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt Documentation/serial: Delete obsolete driver documentation 2014-04-16 14:20:34 -07:00
Makefile
ManagementStyle Documentation: ManagementStyle: fixed typo 2012-06-28 12:03:15 +02:00
md.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
media-framework.txt Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-07-13 12:09:57 -07:00
memory-barriers.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-04-02 16:23:38 -07:00
memory-hotplug.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
module-signing.txt Nothing major: the stricter permissions checking for sysfs broke 2014-04-06 09:38:07 -07:00
mono.txt
mutex-design.txt locking/doc: Update references to kernel/mutex.c 2013-11-11 12:41:33 +01:00
nommu-mmap.txt
numastat.txt
oops-tracing.txt Use 'E' instead of 'X' for unsigned module taint flag. 2014-03-31 14:52:43 +10:30
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt percpu-rw-semaphore: fix documentation typos 2012-09-26 19:56:15 +02:00
phy.txt drivers: phy: Add support for optional phys 2014-02-05 05:48:43 +00:00
pi-futex.txt
pinctrl.txt pinctrl: Fix some typos and grammar issues in the documentation 2014-01-15 13:59:50 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt vsprintf: add %pad extension for dma_addr_t use 2014-01-23 16:36:56 -08:00
pwm.txt Documentation/pwm: Fix trivial typos 2013-10-24 10:51:33 +02:00
ramoops.txt pstore/ftrace: Convert to its own enable/disable debugfs knob 2012-09-06 22:16:58 -07:00
rbtree.txt rbtree: move augmented rbtree functionality to rbtree_augmented.h 2012-10-09 16:22:40 +09:00
remoteproc.txt remoteproc: add rproc_report_crash function to notify rproc crashes 2012-09-18 12:53:22 +03:00
rfkill.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
robust-futex-ABI.txt Documentation/robust-futex-API: Count properly to 4 2013-11-30 14:08:28 +01:00
robust-futexes.txt
rpmsg.txt Documentation: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
rt-mutex-design.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
rt-mutex.txt
rtc.txt rtc: add ability to push out an existing wakealarm using sysfs 2013-07-03 16:07:54 -07:00
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
SM501.txt
smsc_ece1099.txt mfd: smsc: Add support for smsc gpio io/keypad driver 2012-10-01 15:27:48 +02:00
sparse.txt Documentation/sparse.txt: document context annotations for lock checking 2012-12-17 17:15:23 -08:00
spinlocks.txt sched: Rename sched.c as sched/core.c in comments and Documentation 2013-06-19 12:58:42 +02:00
stable_api_nonsense.txt
stable_kernel_rules.txt stable_kernel_rules: spelling/word usage 2014-04-16 14:13:26 -07:00
static-keys.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
SubmitChecklist Finally eradicate CONFIG_HOTPLUG 2013-06-03 14:20:18 -07:00
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: describe the Fixes: tag 2014-07-06 18:59:12 -07:00
svga.txt
sysfs-rules.txt doc: Fix typo in doucmentations 2013-07-25 12:34:15 +02:00
sysrq.txt sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
this_cpu_ops.txt percpu: add documentation on this_cpu operations 2013-04-04 10:24:53 -07:00
unaligned-memory-access.txt ether_addr_equal: Optimize implementation, remove unused compare_ether_addr 2013-12-06 16:37:43 -05:00
unicode.txt
unshare.txt
vfio.txt vfio: fix documentation 2013-09-05 16:36:21 -06:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt VME: Rename vme_slot_get to avoid confusion with reference counting 2013-12-03 11:15:58 -08:00
volatile-considered-harmful.txt
workqueue.txt workqueue: Correct/Drop references to gcwq in Documentation 2013-08-21 10:32:09 -04:00
ww-mutex-design.txt mutex: Add support for wound/wait style locks 2013-06-26 12:10:56 +02:00
xz.txt
zorro.txt zorro/UAPI: Disintegrate include/linux/zorro*.h 2013-11-26 11:09:08 +01:00