linux/arch
Frediano Ziglio 7cde9b27e7 xen: Fix possible user space selector corruption
Due to the way kernel is initialized under Xen is possible that the
ring1 selector used by the kernel for the boot cpu end up to be copied
to userspace leading to segmentation fault in the userspace.

Xen code in the kernel initialize no-boot cpus with correct selectors (ds
and es set to __USER_DS) but the boot one keep the ring1 (passed by Xen).
On task context switch (switch_to) we assume that ds, es and cs already
point to __USER_DS and __KERNEL_CSso these selector are not changed.

If processor is an Intel that support sysenter instruction sysenter/sysexit
is used so ds and es are not restored switching back from kernel to
userspace. In the case the selectors point to a ring1 instead of __USER_DS
the userspace code will crash on first memory access attempt (to be
precise Xen on the emulated iret used to do sysexit will detect and set ds
and es to zero which lead to GPF anyway).

Now if an userspace process call kernel using sysenter and get rescheduled
(for me it happen on a specific init calling wait4) could happen that the
ring1 selector is set to ds and es.

This is quite hard to detect cause after a while these selectors are fixed
(__USER_DS seems sticky).

Bisecting the code commit 7076aada10 appears
to be the first one that have this issue.

Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
2013-10-10 14:39:37 +00:00
..
alpha Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
arc ARC: Fix signal frame management for SA_SIGINFO 2013-10-03 09:43:56 +05:30
arm ARM: SoC fixes for 3.12-rc 2013-10-02 21:48:32 -07:00
arm64 arm64: Remove duplicate DEBUG_STACK_USAGE config 2013-10-02 18:03:26 +01:00
avr32 avr32: cast syscall_return to silence compiler warning 2013-09-30 08:42:01 +02:00
blackfin Merge branch 'genirq' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2013-09-13 07:31:38 -07:00
c6x Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
cris Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
frv Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
h8300 Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
hexagon Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
ia64 Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
m32r Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
m68k Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
metag Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
microblaze Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
mips MIPS: Fix forgotten preempt_enable() when CPU has inclusive pcaches 2013-10-02 10:58:50 +02:00
mn10300 Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
openrisc openrisc: clean-up prom.h 2013-09-24 21:12:27 -05:00
parisc arch/parisc/mm/fault.c: fix uninitialized variable usage 2013-09-30 14:31:02 -07:00
powerpc powerpc/tm: Switch out userspace PPR and DSCR sooner 2013-10-03 17:25:51 +10:00
s390 s390: enable ARCH_USE_CMPXCHG_LOCKREF 2013-09-28 12:46:29 +02:00
score Score: Modify the Makefile of Score, remove -mlong-calls for compiling 2013-09-26 03:46:03 +08:00
sh Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
sparc sparc: fix MSI build failure on Sparc32 2013-10-02 20:02:35 -04:00
tile tile: remove stray blank space 2013-09-16 15:47:32 -04:00
um Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
unicore32 Remove GENERIC_HARDIRQ config option 2013-09-13 15:09:52 +02:00
x86 xen: Fix possible user space selector corruption 2013-10-10 14:39:37 +00:00
xtensa Xtensa patchset for v3.12 2013-09-13 10:57:48 -07:00
.gitignore
Kconfig mutex: replace CONFIG_HAVE_ARCH_MUTEX_CPU_RELAX with simple ifdef 2013-09-28 12:46:21 +02:00