On Wed, Sep 19, 2018 at 11:14:45AM +0000, Christophe Leroy wrote: > --- a/arch/powerpc/Makefile > +++ b/arch/powerpc/Makefile > @@ -112,6 +112,10 @@ KBUILD_LDFLAGS += -m elf$(BITS)$(LDEMULATION) > KBUILD_ARFLAGS += --target=elf$(BITS)-$(GNUTARGET) > endif > > +cflags-$(CONFIG_STACKPROTECTOR) += -mstack-protector-guard=tls > +cflags-$(CONFIG_STACKPROTECTOR) += -mstack-protector-guard-reg=r2 > +cflags-$(CONFIG_STACKPROTECTOR) += -mstack-protector-guard-offset=4
This last line is only correct if !CONFIG_THREAD_INFO_IN_TASK; is that always true? Add an assert somewhere maybe? > + /* > + * The stack_canary must be located at the offset given to > + * -mstack-protector-guard-offset in the Makefile > + */ > + BUILD_BUG_ON(offsetof(struct task_struct, stack_canary) != > sizeof(long)); Well this will help :-) It looks like it will be easy to enable on 64 bit as well. > + /* Try to get a semi random initial value. */ > + get_random_bytes(&canary, sizeof(canary)); > + canary ^= mftb(); > + canary ^= LINUX_VERSION_CODE; These last two lines are useless (or worse, they may give people the idea that they are not!) You should use wait_for_random_bytes I think. Segher
