<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/Documentation/x86, branch linux-3.12.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack</title>
<updated>2014-08-19T12:23:37+00:00</updated>
<author>
<name>H. Peter Anvin</name>
<email>hpa@linux.intel.com</email>
</author>
<published>2014-04-29T23:46:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7e329475de1f97df56e1cfa412e5b3479994c202'/>
<id>7e329475de1f97df56e1cfa412e5b3479994c202</id>
<content type='text'>
commit 3891a04aafd668686239349ea58f3314ea2af86b upstream.

The IRET instruction, when returning to a 16-bit segment, only
restores the bottom 16 bits of the user space stack pointer.  This
causes some 16-bit software to break, but it also leaks kernel state
to user space.  We have a software workaround for that ("espfix") for
the 32-bit kernel, but it relies on a nonzero stack segment base which
is not available in 64-bit mode.

In checkin:

    b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels

we "solved" this by forbidding 16-bit segments on 64-bit kernels, with
the logic that 16-bit support is crippled on 64-bit kernels anyway (no
V86 support), but it turns out that people are doing stuff like
running old Win16 binaries under Wine and expect it to work.

This works around this by creating percpu "ministacks", each of which
is mapped 2^16 times 64K apart.  When we detect that the return SS is
on the LDT, we copy the IRET frame to the ministack and use the
relevant alias to return to userspace.  The ministacks are mapped
readonly, so if IRET faults we promote #GP to #DF which is an IST
vector and thus has its own stack; we then do the fixup in the #DF
handler.

(Making #GP an IST exception would make the msr_safe functions unsafe
in NMI/MC context, and quite possibly have other effects.)

Special thanks to:

- Andy Lutomirski, for the suggestion of using very small stack slots
  and copy (as opposed to map) the IRET frame there, and for the
  suggestion to mark them readonly and let the fault promote to #DF.
- Konrad Wilk for paravirt fixup and testing.
- Borislav Petkov for testing help and useful comments.

Reported-by: Brian Gerst &lt;brgerst@gmail.com&gt;
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Cc: Konrad Rzeszutek Wilk &lt;konrad.wilk@oracle.com&gt;
Cc: Borislav Petkov &lt;bp@alien8.de&gt;
Cc: Andrew Lutomriski &lt;amluto@gmail.com&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Dirk Hohndel &lt;dirk@hohndel.org&gt;
Cc: Arjan van de Ven &lt;arjan.van.de.ven@intel.com&gt;
Cc: comex &lt;comexk@gmail.com&gt;
Cc: Alexander van Heukelum &lt;heukelum@fastmail.fm&gt;
Cc: Boris Ostrovsky &lt;boris.ostrovsky@oracle.com&gt;
Cc: &lt;stable@vger.kernel.org&gt; # consider after upstream merge
Signed-off-by: Jiri Slaby &lt;jslaby@suse.cz&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 3891a04aafd668686239349ea58f3314ea2af86b upstream.

The IRET instruction, when returning to a 16-bit segment, only
restores the bottom 16 bits of the user space stack pointer.  This
causes some 16-bit software to break, but it also leaks kernel state
to user space.  We have a software workaround for that ("espfix") for
the 32-bit kernel, but it relies on a nonzero stack segment base which
is not available in 64-bit mode.

In checkin:

    b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels

we "solved" this by forbidding 16-bit segments on 64-bit kernels, with
the logic that 16-bit support is crippled on 64-bit kernels anyway (no
V86 support), but it turns out that people are doing stuff like
running old Win16 binaries under Wine and expect it to work.

This works around this by creating percpu "ministacks", each of which
is mapped 2^16 times 64K apart.  When we detect that the return SS is
on the LDT, we copy the IRET frame to the ministack and use the
relevant alias to return to userspace.  The ministacks are mapped
readonly, so if IRET faults we promote #GP to #DF which is an IST
vector and thus has its own stack; we then do the fixup in the #DF
handler.

(Making #GP an IST exception would make the msr_safe functions unsafe
in NMI/MC context, and quite possibly have other effects.)

Special thanks to:

- Andy Lutomirski, for the suggestion of using very small stack slots
  and copy (as opposed to map) the IRET frame there, and for the
  suggestion to mark them readonly and let the fault promote to #DF.
- Konrad Wilk for paravirt fixup and testing.
- Borislav Petkov for testing help and useful comments.

Reported-by: Brian Gerst &lt;brgerst@gmail.com&gt;
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Cc: Konrad Rzeszutek Wilk &lt;konrad.wilk@oracle.com&gt;
Cc: Borislav Petkov &lt;bp@alien8.de&gt;
Cc: Andrew Lutomriski &lt;amluto@gmail.com&gt;
Cc: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Cc: Dirk Hohndel &lt;dirk@hohndel.org&gt;
Cc: Arjan van de Ven &lt;arjan.van.de.ven@intel.com&gt;
Cc: comex &lt;comexk@gmail.com&gt;
Cc: Alexander van Heukelum &lt;heukelum@fastmail.fm&gt;
Cc: Boris Ostrovsky &lt;boris.ostrovsky@oracle.com&gt;
Cc: &lt;stable@vger.kernel.org&gt; # consider after upstream merge
Signed-off-by: Jiri Slaby &lt;jslaby@suse.cz&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial</title>
<updated>2013-09-06T16:36:28+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2013-09-06T16:36:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2e515bf096c245ba87f20ab4b4ea20f911afaeda'/>
<id>2e515bf096c245ba87f20ab4b4ea20f911afaeda</id>
<content type='text'>
Pull trivial tree from Jiri Kosina:
 "The usual trivial updates all over the tree -- mostly typo fixes and
  documentation updates"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (52 commits)
  doc: Documentation/cputopology.txt fix typo
  treewide: Convert retrun typos to return
  Fix comment typo for init_cma_reserved_pageblock
  Documentation/trace: Correcting and extending tracepoint documentation
  mm/hotplug: fix a typo in Documentation/memory-hotplug.txt
  power: Documentation: Update s2ram link
  doc: fix a typo in Documentation/00-INDEX
  Documentation/printk-formats.txt: No casts needed for u64/s64
  doc: Fix typo "is is" in Documentations
  treewide: Fix printks with 0x%#
  zram: doc fixes
  Documentation/kmemcheck: update kmemcheck documentation
  doc: documentation/hwspinlock.txt fix typo
  PM / Hibernate: add section for resume options
  doc: filesystems : Fix typo in Documentations/filesystems
  scsi/megaraid fixed several typos in comments
  ppc: init_32: Fix error typo "CONFIG_START_KERNEL"
  treewide: Add __GFP_NOWARN to k.alloc calls with v.alloc fallbacks
  page_isolation: Fix a comment typo in test_pages_isolated()
  doc: fix a typo about irq affinity
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull trivial tree from Jiri Kosina:
 "The usual trivial updates all over the tree -- mostly typo fixes and
  documentation updates"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (52 commits)
  doc: Documentation/cputopology.txt fix typo
  treewide: Convert retrun typos to return
  Fix comment typo for init_cma_reserved_pageblock
  Documentation/trace: Correcting and extending tracepoint documentation
  mm/hotplug: fix a typo in Documentation/memory-hotplug.txt
  power: Documentation: Update s2ram link
  doc: fix a typo in Documentation/00-INDEX
  Documentation/printk-formats.txt: No casts needed for u64/s64
  doc: Fix typo "is is" in Documentations
  treewide: Fix printks with 0x%#
  zram: doc fixes
  Documentation/kmemcheck: update kmemcheck documentation
  doc: documentation/hwspinlock.txt fix typo
  PM / Hibernate: add section for resume options
  doc: filesystems : Fix typo in Documentations/filesystems
  scsi/megaraid fixed several typos in comments
  ppc: init_32: Fix error typo "CONFIG_START_KERNEL"
  treewide: Add __GFP_NOWARN to k.alloc calls with v.alloc fallbacks
  page_isolation: Fix a comment typo in test_pages_isolated()
  doc: fix a typo about irq affinity
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'x86/mce' into x86/ras</title>
<updated>2013-08-12T15:54:05+00:00</updated>
<author>
<name>Ingo Molnar</name>
<email>mingo@kernel.org</email>
</author>
<published>2013-08-12T15:54:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0237d7f355eef4d9ab8557e1597e8c9debd6c8c2'/>
<id>0237d7f355eef4d9ab8557e1597e8c9debd6c8c2</id>
<content type='text'>
Pursue a single RAS/MCE topic branch on x86.

Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pursue a single RAS/MCE topic branch on x86.

Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>doc: Fix typo in doucmentations</title>
<updated>2013-07-25T10:34:15+00:00</updated>
<author>
<name>Masanari Iida</name>
<email>standby24x7@gmail.com</email>
</author>
<published>2013-07-17T16:29:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c9f3f2d8b3247b7e16b3cd66698e690ab4697301'/>
<id>c9f3f2d8b3247b7e16b3cd66698e690ab4697301</id>
<content type='text'>
Correct typo (double words) in documentations.

Signed-off-by: Masanari Iida &lt;standby24x7@gmail.com&gt;
Acked-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Correct typo (double words) in documentations.

Signed-off-by: Masanari Iida &lt;standby24x7@gmail.com&gt;
Acked-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>arm: add support for LZ4-compressed kernel</title>
<updated>2013-07-09T17:33:30+00:00</updated>
<author>
<name>Kyungsik Lee</name>
<email>kyungsik.lee@lge.com</email>
</author>
<published>2013-07-08T23:01:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f9b493ac9b833fd9dd3bbd50460adb33f29e1238'/>
<id>f9b493ac9b833fd9dd3bbd50460adb33f29e1238</id>
<content type='text'>
Integrates the LZ4 decompression code to the arm pre-boot code.

Signed-off-by: Kyungsik Lee &lt;kyungsik.lee@lge.com&gt;
Cc: "H. Peter Anvin" &lt;hpa@zytor.com&gt;
Cc: Ingo Molnar &lt;mingo@elte.hu&gt;
Cc: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Cc: Russell King &lt;rmk@arm.linux.org.uk&gt;
Cc: Borislav Petkov &lt;bp@alien8.de&gt;
Cc: Florian Fainelli &lt;florian@openwrt.org&gt;
Cc: Yann Collet &lt;yann.collet.73@gmail.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Integrates the LZ4 decompression code to the arm pre-boot code.

Signed-off-by: Kyungsik Lee &lt;kyungsik.lee@lge.com&gt;
Cc: "H. Peter Anvin" &lt;hpa@zytor.com&gt;
Cc: Ingo Molnar &lt;mingo@elte.hu&gt;
Cc: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Cc: Russell King &lt;rmk@arm.linux.org.uk&gt;
Cc: Borislav Petkov &lt;bp@alien8.de&gt;
Cc: Florian Fainelli &lt;florian@openwrt.org&gt;
Cc: Yann Collet &lt;yann.collet.73@gmail.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mce: acpi/apei: Add a boot option to disable ff mode for corrected errors</title>
<updated>2013-07-08T18:54:28+00:00</updated>
<author>
<name>Naveen N. Rao</name>
<email>naveen.n.rao@linux.vnet.ibm.com</email>
</author>
<published>2013-07-01T15:38:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9ad95879cd1b22ed016c804f8d686ff83a41a9d4'/>
<id>9ad95879cd1b22ed016c804f8d686ff83a41a9d4</id>
<content type='text'>
Add a boot option to disable firmware first mode for corrected errors.

Signed-off-by: Naveen N. Rao &lt;naveen.n.rao@linux.vnet.ibm.com&gt;
Acked-by: Borislav Petkov &lt;bp@suse.de&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a boot option to disable firmware first mode for corrected errors.

Signed-off-by: Naveen N. Rao &lt;naveen.n.rao@linux.vnet.ibm.com&gt;
Acked-by: Borislav Petkov &lt;bp@suse.de&gt;
Signed-off-by: Tony Luck &lt;tony.luck@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>x86, microcode, amd: Early microcode patch loading support for AMD</title>
<updated>2013-05-31T03:19:25+00:00</updated>
<author>
<name>Jacob Shin</name>
<email>jacob.shin@amd.com</email>
</author>
<published>2013-05-30T19:09:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=757885e94a22bcc82beb9b1445c95218cb20ceab'/>
<id>757885e94a22bcc82beb9b1445c95218cb20ceab</id>
<content type='text'>
Add early microcode patch loading support for AMD.

Signed-off-by: Jacob Shin &lt;jacob.shin@amd.com&gt;
Link: http://lkml.kernel.org/r/1369940959-2077-5-git-send-email-jacob.shin@amd.com
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add early microcode patch loading support for AMD.

Signed-off-by: Jacob Shin &lt;jacob.shin@amd.com&gt;
Link: http://lkml.kernel.org/r/1369940959-2077-5-git-send-email-jacob.shin@amd.com
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
Cc: Fenghua Yu &lt;fenghua.yu@intel.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip</title>
<updated>2013-04-30T15:35:20+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2013-04-30T15:35:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=39b2f8656e2af4d5d490ce6e33e4ba229cda3e33'/>
<id>39b2f8656e2af4d5d490ce6e33e4ba229cda3e33</id>
<content type='text'>
Pull x86 debug update from Ingo Molnar:
 "Two small changes: a documentation update and a constification"

* 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, early-printk: Update earlyprintk documentation (and kill x86 copy)
  x86: Constify a few items
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull x86 debug update from Ingo Molnar:
 "Two small changes: a documentation update and a constification"

* 'x86-debug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, early-printk: Update earlyprintk documentation (and kill x86 copy)
  x86: Constify a few items
</pre>
</div>
</content>
</entry>
<entry>
<title>x86, early-printk: Update earlyprintk documentation (and kill x86 copy)</title>
<updated>2013-04-11T08:30:40+00:00</updated>
<author>
<name>Dave Hansen</name>
<email>dave@sr71.net</email>
</author>
<published>2013-04-10T21:03:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=147ea09119e45caf2e8bf57c9e54cc930ccfeda9'/>
<id>147ea09119e45caf2e8bf57c9e54cc930ccfeda9</id>
<content type='text'>
Documentation/kernel-parameters.txt and
Documentation/x86/x86_64/boot-options.txt contain virtually
identical text describing earlyprintk.

This consolidates the two copies and updates the documentation a
bit.  No one ever documented the:

	earlyprintk=serial,0x1008,115200

syntax, nor mentioned that ARM is now a supported earlyprintk
arch.

Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Cc: Rob Landley &lt;rob@landley.net&gt;
Cc: Catalin Marinas &lt;catalin.marinas@arm.com&gt;
Cc: Dave Hansen &lt;dave@sr71.net&gt;
Link: http://lkml.kernel.org/r/20130410210338.E2930E98@viggo.jf.intel.com
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Documentation/kernel-parameters.txt and
Documentation/x86/x86_64/boot-options.txt contain virtually
identical text describing earlyprintk.

This consolidates the two copies and updates the documentation a
bit.  No one ever documented the:

	earlyprintk=serial,0x1008,115200

syntax, nor mentioned that ARM is now a supported earlyprintk
arch.

Signed-off-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Cc: Rob Landley &lt;rob@landley.net&gt;
Cc: Catalin Marinas &lt;catalin.marinas@arm.com&gt;
Cc: Dave Hansen &lt;dave@sr71.net&gt;
Link: http://lkml.kernel.org/r/20130410210338.E2930E98@viggo.jf.intel.com
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>x86-64, docs, mm: Add vsyscall range to virtual address space layout</title>
<updated>2013-04-02T23:03:31+00:00</updated>
<author>
<name>Borislav Petkov</name>
<email>bp@alien8.de</email>
</author>
<published>2013-03-04T20:16:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=aca91bfc67fe356544eb1cfc483c09b27ce49fa9'/>
<id>aca91bfc67fe356544eb1cfc483c09b27ce49fa9</id>
<content type='text'>
Add the end of the virtual address space to its layout documentation.

Signed-off-by: Borislav Petkov &lt;bp@alien8.de&gt;
Link: http://lkml.kernel.org/r/1362428180-8865-4-git-send-email-bp@alien8.de
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add the end of the virtual address space to its layout documentation.

Signed-off-by: Borislav Petkov &lt;bp@alien8.de&gt;
Link: http://lkml.kernel.org/r/1362428180-8865-4-git-send-email-bp@alien8.de
Signed-off-by: H. Peter Anvin &lt;hpa@linux.intel.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
