From: Filippo ARCIDIACONO <filippo.arcidiacono@st.com> To: linux-arm-kernel@lists.infradead.org Subject: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support Date: Tue, 07 Dec 2010 10:20:53 +0000 [thread overview] Message-ID: <1291717254-17455-1-git-send-email-filippo.arcidiacono@st.com> (raw) Add stack smashing suppurt for SH architecture. This is based on work from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633). Use the ARM boot_init_stack_canary function to initialize the guard canary. It has been placed under asm-generic to allow archtectures based on __stack_chk_guard to use a common implementation. Update the __stack_chk_guard global variable with the value stored in the task struct whenever a task switch occurs to allow for different canary values per task. This cannot work on SMP where the initial canary value is always used. Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com> --- arch/sh/Kconfig | 13 +++++++++++ arch/sh/Makefile | 4 +++ arch/sh/include/asm/stackprotector.h | 10 ++++++++ arch/sh/kernel/process_32.c | 9 +++++++ include/asm-generic/stackprotector.h | 39 ++++++++++++++++++++++++++++++++++ 5 files changed, 75 insertions(+), 0 deletions(-) create mode 100644 arch/sh/include/asm/stackprotector.h create mode 100644 include/asm-generic/stackprotector.h diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index 1e905a6..2c82c98 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -742,6 +742,19 @@ config HW_PERF_EVENTS Enable hardware performance counter support for perf events. If disabled, perf events will use software events only. +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" + depends on EXPERIMENTAL + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + This feature requires gcc version 4.2 or above. + source "drivers/sh/Kconfig" endmenu diff --git a/arch/sh/Makefile b/arch/sh/Makefile index 9c8c6e1..3cef435 100644 --- a/arch/sh/Makefile +++ b/arch/sh/Makefile @@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y) KBUILD_CFLAGS += -fasynchronous-unwind-tables endif +ifeq ($(CONFIG_CC_STACKPROTECTOR),y) + KBUILD_CFLAGS += -fstack-protector +endif + libs-$(CONFIG_SUPERH32) := arch/sh/lib/ $(libs-y) libs-$(CONFIG_SUPERH64) := arch/sh/lib64/ $(libs-y) diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h new file mode 100644 index 0000000..f777dbd --- /dev/null +++ b/arch/sh/include/asm/stackprotector.h @@ -0,0 +1,10 @@ +/* + * SH specific GCC stack protector support. + */ + +#ifndef _ASM_STACKPROTECTOR_H +#define _ASM_STACKPROTECTOR_H 1 + +#include <asm-generic/stackprotector.h> + +#endif /* _ASM_STACKPROTECTOR_H */ diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c index 762a139..97535d8 100644 --- a/arch/sh/kernel/process_32.c +++ b/arch/sh/kernel/process_32.c @@ -27,6 +27,11 @@ #include <asm/fpu.h> #include <asm/syscalls.h> +#ifdef CONFIG_CC_STACKPROTECTOR +unsigned long __stack_chk_guard __read_mostly; +EXPORT_SYMBOL(__stack_chk_guard); +#endif + void show_regs(struct pt_regs * regs) { printk("\n"); @@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next) { struct thread_struct *next_t = &next->thread; +#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP + __stack_chk_guard = next->stack_canary; +#endif + unlazy_fpu(prev, task_pt_regs(prev)); /* we're going to use this soon, after a few expensive things */ diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h new file mode 100644 index 0000000..2d33c83 --- /dev/null +++ b/include/asm-generic/stackprotector.h @@ -0,0 +1,39 @@ +/* + * GCC stack protector support. + * (Generic implementation based on __stack_chk_guard) + * + * Stack protector works by putting predefined pattern at the start of + * the stack frame and verifying that it hasn't been overwritten when + * returning from the function. The pattern is called stack canary + * and gcc expects it to be defined by a global variable called + * "__stack_chk_guard". This unfortunately means that on SMP + * we cannot have a different canary value per task. + */ + +#ifndef _ASM_STACKPROTECTOR_H +#error "Never use <asm-generic/stackprotector.h> directly; \ +include <asm/stackprotector.h> instead." +#endif + +#include <linux/random.h> +#include <linux/version.h> + +extern unsigned long __stack_chk_guard; + +/* + * Initialize the stackprotector canary value. + * + * NOTE: this must only be called from functions that never return, + * and it must always be inlined. + */ +static __always_inline void boot_init_stack_canary(void) +{ + unsigned long canary; + + /* Try to get a semi random initial value. */ + get_random_bytes(&canary, sizeof(canary)); + canary ^= LINUX_VERSION_CODE; + + current->stack_canary = canary; + __stack_chk_guard = current->stack_canary; +} -- 1.5.5.6
WARNING: multiple messages have this Message-ID (diff)
From: filippo.arcidiacono@st.com (Filippo ARCIDIACONO) To: linux-arm-kernel@lists.infradead.org Subject: [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support Date: Tue, 7 Dec 2010 11:20:53 +0100 [thread overview] Message-ID: <1291717254-17455-1-git-send-email-filippo.arcidiacono@st.com> (raw) Add stack smashing suppurt for SH architecture. This is based on work from Nicolas Pitre for ARM (c743f38013aeff58ef6252601e397b5ba281c633). Use the ARM boot_init_stack_canary function to initialize the guard canary. It has been placed under asm-generic to allow archtectures based on __stack_chk_guard to use a common implementation. Update the __stack_chk_guard global variable with the value stored in the task struct whenever a task switch occurs to allow for different canary values per task. This cannot work on SMP where the initial canary value is always used. Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com> --- arch/sh/Kconfig | 13 +++++++++++ arch/sh/Makefile | 4 +++ arch/sh/include/asm/stackprotector.h | 10 ++++++++ arch/sh/kernel/process_32.c | 9 +++++++ include/asm-generic/stackprotector.h | 39 ++++++++++++++++++++++++++++++++++ 5 files changed, 75 insertions(+), 0 deletions(-) create mode 100644 arch/sh/include/asm/stackprotector.h create mode 100644 include/asm-generic/stackprotector.h diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index 1e905a6..2c82c98 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -742,6 +742,19 @@ config HW_PERF_EVENTS Enable hardware performance counter support for perf events. If disabled, perf events will use software events only. +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" + depends on EXPERIMENTAL + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + This feature requires gcc version 4.2 or above. + source "drivers/sh/Kconfig" endmenu diff --git a/arch/sh/Makefile b/arch/sh/Makefile index 9c8c6e1..3cef435 100644 --- a/arch/sh/Makefile +++ b/arch/sh/Makefile @@ -197,6 +197,10 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y) KBUILD_CFLAGS += -fasynchronous-unwind-tables endif +ifeq ($(CONFIG_CC_STACKPROTECTOR),y) + KBUILD_CFLAGS += -fstack-protector +endif + libs-$(CONFIG_SUPERH32) := arch/sh/lib/ $(libs-y) libs-$(CONFIG_SUPERH64) := arch/sh/lib64/ $(libs-y) diff --git a/arch/sh/include/asm/stackprotector.h b/arch/sh/include/asm/stackprotector.h new file mode 100644 index 0000000..f777dbd --- /dev/null +++ b/arch/sh/include/asm/stackprotector.h @@ -0,0 +1,10 @@ +/* + * SH specific GCC stack protector support. + */ + +#ifndef _ASM_STACKPROTECTOR_H +#define _ASM_STACKPROTECTOR_H 1 + +#include <asm-generic/stackprotector.h> + +#endif /* _ASM_STACKPROTECTOR_H */ diff --git a/arch/sh/kernel/process_32.c b/arch/sh/kernel/process_32.c index 762a139..97535d8 100644 --- a/arch/sh/kernel/process_32.c +++ b/arch/sh/kernel/process_32.c @@ -27,6 +27,11 @@ #include <asm/fpu.h> #include <asm/syscalls.h> +#ifdef CONFIG_CC_STACKPROTECTOR +unsigned long __stack_chk_guard __read_mostly; +EXPORT_SYMBOL(__stack_chk_guard); +#endif + void show_regs(struct pt_regs * regs) { printk("\n"); @@ -221,6 +226,10 @@ __switch_to(struct task_struct *prev, struct task_struct *next) { struct thread_struct *next_t = &next->thread; +#if defined CONFIG_CC_STACKPROTECTOR && !defined CONFIG_SMP + __stack_chk_guard = next->stack_canary; +#endif + unlazy_fpu(prev, task_pt_regs(prev)); /* we're going to use this soon, after a few expensive things */ diff --git a/include/asm-generic/stackprotector.h b/include/asm-generic/stackprotector.h new file mode 100644 index 0000000..2d33c83 --- /dev/null +++ b/include/asm-generic/stackprotector.h @@ -0,0 +1,39 @@ +/* + * GCC stack protector support. + * (Generic implementation based on __stack_chk_guard) + * + * Stack protector works by putting predefined pattern at the start of + * the stack frame and verifying that it hasn't been overwritten when + * returning from the function. The pattern is called stack canary + * and gcc expects it to be defined by a global variable called + * "__stack_chk_guard". This unfortunately means that on SMP + * we cannot have a different canary value per task. + */ + +#ifndef _ASM_STACKPROTECTOR_H +#error "Never use <asm-generic/stackprotector.h> directly; \ +include <asm/stackprotector.h> instead." +#endif + +#include <linux/random.h> +#include <linux/version.h> + +extern unsigned long __stack_chk_guard; + +/* + * Initialize the stackprotector canary value. + * + * NOTE: this must only be called from functions that never return, + * and it must always be inlined. + */ +static __always_inline void boot_init_stack_canary(void) +{ + unsigned long canary; + + /* Try to get a semi random initial value. */ + get_random_bytes(&canary, sizeof(canary)); + canary ^= LINUX_VERSION_CODE; + + current->stack_canary = canary; + __stack_chk_guard = current->stack_canary; +} -- 1.5.5.6
next reply other threads:[~2010-12-07 10:20 UTC|newest] Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-12-07 10:20 Filippo ARCIDIACONO [this message] 2010-12-07 10:20 ` [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support Filippo ARCIDIACONO 2010-12-07 10:20 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of Filippo ARCIDIACONO 2010-12-07 10:20 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary Filippo ARCIDIACONO 2010-12-07 18:29 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of Nicolas Pitre 2010-12-07 18:29 ` [PATCH (sh-2.6) 2/2] arm: use generic implementation of boot_init_stack_canary Nicolas Pitre 2010-12-07 13:43 ` [PATCH (sh-2.6) 1/2] sh: add stack smashing protection support 2010-12-07 13:43 ` Uwe Kleine-König 2010-12-07 18:28 ` Nicolas Pitre 2010-12-07 18:28 ` Nicolas Pitre 2010-12-07 20:15 ` Mike Frysinger 2010-12-07 20:15 ` Mike Frysinger 2010-12-08 4:40 ` Paul Mundt 2010-12-08 4:40 ` Paul Mundt 2010-12-09 15:56 ` Carmelo AMOROSO 2010-12-09 15:56 ` Carmelo AMOROSO 2010-12-09 16:07 ` Mike Frysinger 2010-12-09 16:07 ` Mike Frysinger 2010-12-09 16:45 ` Carmelo AMOROSO 2010-12-09 16:45 ` Carmelo AMOROSO 2010-12-09 17:32 ` Mike Frysinger 2010-12-09 17:32 ` Mike Frysinger 2010-12-09 18:23 ` Nicolas Pitre 2010-12-09 18:23 ` Nicolas Pitre 2010-12-09 18:52 ` Carmelo Amoroso 2010-12-09 18:52 ` Carmelo Amoroso 2010-12-09 21:14 ` Mike Frysinger 2010-12-09 21:14 ` Mike Frysinger 2010-12-10 5:56 ` Carmelo AMOROSO 2010-12-10 5:56 ` Carmelo AMOROSO 2010-12-10 6:38 ` Mike Frysinger 2010-12-10 6:38 ` Mike Frysinger
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1291717254-17455-1-git-send-email-filippo.arcidiacono@st.com \ --to=filippo.arcidiacono@st.com \ --cc=linux-arm-kernel@lists.infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.