subject:"\[PATCH 2\/2\] powerpc\/32\: stack protector\: change the canary value per task"

[PATCH 2/2] powerpc/32: stack protector: change the canary value per task

2016-09-30 Thread Christophe Leroy

Partially copied from commit df0698be14c66 ("ARM: stack protector:
change the canary value per task")

A new random value for the canary is stored in the task struct whenever
a new task is forked.  This is meant to allow for different canary values
per task.  On powerpc, GCC expects the canary value to be found in a global
variable called __stack_chk_guard.  So this variable has to be updated
with the value stored in the task struct whenever a task switch occurs.

Because the variable GCC expects is global, this cannot work on SMP
unfortunately.  So, on SMP, the same initial canary value is kept
throughout, making this feature a bit less effective although it is still
useful.

Cc: Nicolas Pitre 
Signed-off-by: Christophe Leroy 
---
 arch/powerpc/kernel/asm-offsets.c | 3 +++
 arch/powerpc/kernel/entry_32.S| 6 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/asm-offsets.c 
b/arch/powerpc/kernel/asm-offsets.c
index a51ae9b..ede2fc4 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -91,6 +91,9 @@ int main(void)
DEFINE(TI_livepatch_sp, offsetof(struct thread_info, livepatch_sp));
 #endif
 
+#ifdef CONFIG_CC_STACKPROTECTOR
+   DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, stack_canary));
+#endif
DEFINE(KSP, offsetof(struct thread_struct, ksp));
DEFINE(PT_REGS, offsetof(struct thread_struct, regs));
 #ifdef CONFIG_BOOKE
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index 3841d74..5742dbd 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -674,7 +674,11 @@ BEGIN_FTR_SECTION
mtspr   SPRN_SPEFSCR,r0 /* restore SPEFSCR reg */
 END_FTR_SECTION_IFSET(CPU_FTR_SPE)
 #endif /* CONFIG_SPE */
-
+#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP)
+   lwz r0,TSK_STACK_CANARY(r2)
+   lis r4,__stack_chk_guard@ha
+   stw r0,__stack_chk_guard@l(r4)
+#endif
lwz r0,_CCR(r1)
mtcrf   0xFF,r0
/* r3-r12 are destroyed -- Cort */
-- 
2.1.0

[PATCH 2/2] powerpc/32: stack protector: change the canary value per task

2018-09-17 Thread Christophe Leroy

Partially copied from commit df0698be14c66 ("ARM: stack protector:
change the canary value per task")

A new random value for the canary is stored in the task struct whenever
a new task is forked.  This is meant to allow for different canary values
per task.  On powerpc, GCC expects the canary value to be found in a global
variable called __stack_chk_guard.  So this variable has to be updated
with the value stored in the task struct whenever a task switch occurs.

Because the variable GCC expects is global, this cannot work on SMP
unfortunately.  So, on SMP, the same initial canary value is kept
throughout, making this feature a bit less effective although it is still
useful.

Signed-off-by: Christophe Leroy 
---
 I would have liked to use -mstack-protector-guard=tls 
-mstack-protector-guard-reg=r2
 -mstack-protector-guard-offset=offsetof(struct task_struct, stack_canary) but 
I have
 not found how set the value of offsetof(struct task_struct, stack_canary) in 
Makefile.
 Any idea ?

 arch/powerpc/kernel/asm-offsets.c | 3 +++
 arch/powerpc/kernel/entry_32.S| 5 +
 2 files changed, 8 insertions(+)

diff --git a/arch/powerpc/kernel/asm-offsets.c 
b/arch/powerpc/kernel/asm-offsets.c
index 89cf15566c4e..cb02d23764ca 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -89,6 +89,9 @@ int main(void)
DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
OFFSET(KSP_LIMIT, thread_struct, ksp_limit);
 #endif /* CONFIG_PPC64 */
+#ifdef CONFIG_CC_STACKPROTECTOR
+   DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, stack_canary));
+#endif
 
 #ifdef CONFIG_LIVEPATCH
OFFSET(TI_livepatch_sp, thread_info, livepatch_sp);
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index e58c3f467db5..0cdb4170a21d 100644
--- a/arch/powerpc/kernel/entry_32.S
+++ b/arch/powerpc/kernel/entry_32.S
@@ -721,6 +721,11 @@ BEGIN_FTR_SECTION
mtspr   SPRN_SPEFSCR,r0 /* restore SPEFSCR reg */
 END_FTR_SECTION_IFSET(CPU_FTR_SPE)
 #endif /* CONFIG_SPE */
+#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP)
+   lwz r0, TSK_STACK_CANARY(r2)
+   lis r4, __stack_chk_guard@ha
+   stw r0, __stack_chk_guard@l(r4)
+#endif
 
lwz r0,_CCR(r1)
mtcrf   0xFF,r0
-- 
2.13.3

Re: [PATCH 2/2] powerpc/32: stack protector: change the canary value per task

2018-09-17 Thread Segher Boessenkool

On Mon, Sep 17, 2018 at 12:15:08PM +, Christophe Leroy wrote:
>  I would have liked to use -mstack-protector-guard=tls 
> -mstack-protector-guard-reg=r2
>  -mstack-protector-guard-offset=offsetof(struct task_struct, stack_canary) 
> but I have
>  not found how set the value of offsetof(struct task_struct, stack_canary) in 
> Makefile.

By far the easiest is to have the canary at a fixed offset from r2.


Segher

[PATCH 2/2] powerpc/32: stack protector: change the canary value per task

[PATCH 2/2] powerpc/32: stack protector: change the canary value per task

Re: [PATCH 2/2] powerpc/32: stack protector: change the canary value per task

3 matches

Site Navigation

Mail list logo

Footer information