36ecafc5ad
Implements basic stack protector support based on ARM version in
c743f38013 , with Kconfig option,
constant canary value set at boot time, and script to check if
compiler actually supports stack protector.
Tested by creating a kernel module that writes past end of char[].
Signed-off-by: Gregory Fong <gregory.0xf0@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: Filippo Arcidiacono <filippo.arcidiacono@st.com>
Cc: Carmelo Amoroso <carmelo.amoroso@st.com>
Patchwork: https://patchwork.linux-mips.org/patch/5448/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
40 lines
1.1 KiB
C
40 lines
1.1 KiB
C
/*
|
|
* GCC stack protector support.
|
|
*
|
|
* (This is directly adopted from the ARM implementation)
|
|
*
|
|
* Stack protector works by putting predefined pattern at the start of
|
|
* the stack frame and verifying that it hasn't been overwritten when
|
|
* returning from the function. The pattern is called stack canary
|
|
* and gcc expects it to be defined by a global variable called
|
|
* "__stack_chk_guard" on MIPS. This unfortunately means that on SMP
|
|
* we cannot have a different canary value per task.
|
|
*/
|
|
|
|
#ifndef _ASM_STACKPROTECTOR_H
|
|
#define _ASM_STACKPROTECTOR_H 1
|
|
|
|
#include <linux/random.h>
|
|
#include <linux/version.h>
|
|
|
|
extern unsigned long __stack_chk_guard;
|
|
|
|
/*
|
|
* Initialize the stackprotector canary value.
|
|
*
|
|
* NOTE: this must only be called from functions that never return,
|
|
* and it must always be inlined.
|
|
*/
|
|
static __always_inline void boot_init_stack_canary(void)
|
|
{
|
|
unsigned long canary;
|
|
|
|
/* Try to get a semi random initial value. */
|
|
get_random_bytes(&canary, sizeof(canary));
|
|
canary ^= LINUX_VERSION_CODE;
|
|
|
|
current->stack_canary = canary;
|
|
__stack_chk_guard = current->stack_canary;
|
|
}
|
|
|
|
#endif /* _ASM_STACKPROTECTOR_H */
|