Linus Torvalds writes: (Summary)
That said, this time it's actually the "load_segments()" that causes
the real problem, and the GDT and IDT invalidation shouldn't have
actually done anything at all, since we shouldn't actually be taking
faults or loading segments.
faults or loading segments.
And historically that segment reset didn't matter either, because apparently we don't do any percpu stuff either. And the stack canary use for %gs is actually fairly recent (well, "recent" is relative: the stack protector code goes back to 2006, but the load_segments() use predates that.
predates that.
So I think we should actually fix "load_segments()" to not load fs/gs with __KERNEL_DS, but with __KERNEL_PERCPU and __KERNEL_STACK_CANARY respectively.
respectively.
...
faults or loading segments.
And historically that segment reset didn't matter either, because apparently we don't do any percpu stuff either. And the stack canary use for %gs is actually fairly recent (well, "recent" is relative: the stack protector code goes back to 2006, but the load_segments() use predates that.
predates that.
So I think we should actually fix "load_segments()" to not load fs/gs with __KERNEL_DS, but with __KERNEL_PERCPU and __KERNEL_STACK_CANARY respectively.
respectively.
...