forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MIPS: initial stack protector support
Implements basic stack protector support based on ARM version in c743f38 , with Kconfig option, constant canary value set at boot time, and script to check if compiler actually supports stack protector. Tested by creating a kernel module that writes past end of char[]. Signed-off-by: Gregory Fong <[email protected]> Cc: [email protected] Cc: Filippo Arcidiacono <[email protected]> Cc: Carmelo Amoroso <[email protected]> Patchwork: https://patchwork.linux-mips.org/patch/5448/ Signed-off-by: Ralf Baechle <[email protected]>
- Loading branch information
1 parent
23df341
commit 36ecafc
Showing
4 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
* GCC stack protector support. | ||
* | ||
* (This is directly adopted from the ARM implementation) | ||
* | ||
* Stack protector works by putting predefined pattern at the start of | ||
* the stack frame and verifying that it hasn't been overwritten when | ||
* returning from the function. The pattern is called stack canary | ||
* and gcc expects it to be defined by a global variable called | ||
* "__stack_chk_guard" on MIPS. This unfortunately means that on SMP | ||
* we cannot have a different canary value per task. | ||
*/ | ||
|
||
#ifndef _ASM_STACKPROTECTOR_H | ||
#define _ASM_STACKPROTECTOR_H 1 | ||
|
||
#include <linux/random.h> | ||
#include <linux/version.h> | ||
|
||
extern unsigned long __stack_chk_guard; | ||
|
||
/* | ||
* Initialize the stackprotector canary value. | ||
* | ||
* NOTE: this must only be called from functions that never return, | ||
* and it must always be inlined. | ||
*/ | ||
static __always_inline void boot_init_stack_canary(void) | ||
{ | ||
unsigned long canary; | ||
|
||
/* Try to get a semi random initial value. */ | ||
get_random_bytes(&canary, sizeof(canary)); | ||
canary ^= LINUX_VERSION_CODE; | ||
|
||
current->stack_canary = canary; | ||
__stack_chk_guard = current->stack_canary; | ||
} | ||
|
||
#endif /* _ASM_STACKPROTECTOR_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters