mirror of
https://github.com/torvalds/linux
synced 2024-09-23 21:07:52 +00:00
0a1213fa74
This enables the use of per-task stack canary values if GCC has support for emitting the stack canary reference relative to the value of sp_el0, which holds the task struct pointer in the arm64 kernel. The $(eval) extends KBUILD_CFLAGS at the moment the make rule is applied, which means asm-offsets.o (which we rely on for the offset value) is built without the arguments, and everything built afterwards has the options set. Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com>
42 lines
1.2 KiB
C
42 lines
1.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* GCC stack protector support.
|
|
*
|
|
* Stack protector works by putting predefined pattern at the start of
|
|
* the stack frame and verifying that it hasn't been overwritten when
|
|
* returning from the function. The pattern is called stack canary
|
|
* and gcc expects it to be defined by a global variable called
|
|
* "__stack_chk_guard" on ARM. This unfortunately means that on SMP
|
|
* we cannot have a different canary value per task.
|
|
*/
|
|
|
|
#ifndef __ASM_STACKPROTECTOR_H
|
|
#define __ASM_STACKPROTECTOR_H
|
|
|
|
#include <linux/random.h>
|
|
#include <linux/version.h>
|
|
|
|
extern unsigned long __stack_chk_guard;
|
|
|
|
/*
|
|
* Initialize the stackprotector canary value.
|
|
*
|
|
* NOTE: this must only be called from functions that never return,
|
|
* and it must always be inlined.
|
|
*/
|
|
static __always_inline void boot_init_stack_canary(void)
|
|
{
|
|
unsigned long canary;
|
|
|
|
/* Try to get a semi random initial value. */
|
|
get_random_bytes(&canary, sizeof(canary));
|
|
canary ^= LINUX_VERSION_CODE;
|
|
canary &= CANARY_MASK;
|
|
|
|
current->stack_canary = canary;
|
|
if (!IS_ENABLED(CONFIG_STACKPROTECTOR_PER_TASK))
|
|
__stack_chk_guard = current->stack_canary;
|
|
}
|
|
|
|
#endif /* _ASM_STACKPROTECTOR_H */
|