f2c9699f65
The -fstack-protector & -fstack-protector-strong features are from gcc. The patch only add basic kernel support to stack-protector feature and some arch could have its own solution such as ARM64_PTR_AUTH. After enabling STACKPROTECTOR and STACKPROTECTOR_STRONG, the .text size is expanded from 0x7de066 to 0x81fb32 (only 5%) to add canary checking code. Signed-off-by: Guo Ren <guoren@linux.alibaba.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
33 lines
824 B
C
33 lines
824 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef _ASM_RISCV_STACKPROTECTOR_H
|
|
#define _ASM_RISCV_STACKPROTECTOR_H
|
|
|
|
#include <linux/random.h>
|
|
#include <linux/version.h>
|
|
#include <asm/timex.h>
|
|
|
|
extern unsigned long __stack_chk_guard;
|
|
|
|
/*
|
|
* Initialize the stackprotector canary value.
|
|
*
|
|
* NOTE: this must only be called from functions that never return,
|
|
* and it must always be inlined.
|
|
*/
|
|
static __always_inline void boot_init_stack_canary(void)
|
|
{
|
|
unsigned long canary;
|
|
unsigned long tsc;
|
|
|
|
/* Try to get a semi random initial value. */
|
|
get_random_bytes(&canary, sizeof(canary));
|
|
tsc = get_cycles();
|
|
canary += tsc + (tsc << BITS_PER_LONG/2);
|
|
canary ^= LINUX_VERSION_CODE;
|
|
canary &= CANARY_MASK;
|
|
|
|
current->stack_canary = canary;
|
|
__stack_chk_guard = current->stack_canary;
|
|
}
|
|
#endif /* _ASM_RISCV_STACKPROTECTOR_H */
|