Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1679483ybp; Fri, 11 Oct 2019 18:53:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqzf/hV4E+09+E2BIZoCmzU6g0u1T3scX3vrrTHCZ1+m21D6R3AKkJUaXswnhxC4KKGjhLhg X-Received: by 2002:a17:907:2095:: with SMTP id pv21mr16229353ejb.324.1570845195546; Fri, 11 Oct 2019 18:53:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570845195; cv=none; d=google.com; s=arc-20160816; b=rygTaGe+itlvuqpCBQYAya4zPdqorNj/7ijwdjTyaYi/2+jKGcHyl0W/mSH2LsYQ6G srAY6NVnaXpu8/27HTrMpnwpwH+V71L3wFvCuEKAp+CE6+F1Q/ooiu3C/73KM4Lkp393 mjeDhVZnR9zknx+n5Uk5VMCkVCKYg8XrByBoh3AGRw6I1MO74W6sIPsVjgK96XCypBio igsTlsepcNIkWDTblQSovZ+9OeLnxnPOoYEMv5n9AvlKgT95MbuGCbn4CbEIv0BTPDV5 YtsYmsKsN+oQdFyljNMuIm5dYK263tn4Z92x8VnEKNdZJ7hwYzoxy1sPgfw7ID0uKgpt XSZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=24RAfkXAnOco9sc5bI3WFDWWwX17Ep2iI2Pi16zo93Q=; b=gpPwU7pEdHZXCkpxxSSzGrXHVgUq5NR5PJNVyqPiSdZzaTC4PfYFeGq0XZBzDXdAX2 l7Tk0efWmua63ccZFHeNafqIof1q9sPR64rzA1uMAy0+JZweUGNJdWOyCsz9anFuwW2U p8yIcU8k9gWfHnBv5VgEiIDo6fv5XMcF9671T1w5RAo0FoahpwzLMmUvj79cHhVTDRy6 /yroUdwLVsB9SnAE8zipdweG1E7XSroq3OImXu3n/LLyWxtP5rrFlPYUxthF+W5XR5o3 M7AK2DDezkROaWd4pminBcbmwuUxn0RM6h7mY/T9p7SIKfCK/jsrQSgCsHN48DL3IZZS 4ijQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D4mC3QXV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v26si6603620ejw.276.2019.10.11.18.52.51; Fri, 11 Oct 2019 18:53:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=D4mC3QXV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728473AbfJLBtl (ORCPT + 99 others); Fri, 11 Oct 2019 21:49:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:35966 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726903AbfJLBtl (ORCPT ); Fri, 11 Oct 2019 21:49:41 -0400 Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7C3DD2089F for ; Sat, 12 Oct 2019 01:49:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570844980; bh=f0wlEjG8WmkKa1cWbJ4QmjpAGM6HQDmdqEiOIOWF7Yw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=D4mC3QXVJKKptyBI8aWDcTjdO6B+FVSKx/sH9CbwCL/uuMQ5x3t0+amlOXRdWNgup W5FZClnw9Ni+P4IofrvkUb0FgHXOn9LRfLU5ibZ+MxK86Hb49BCBEvu6fnVGlpscnm 2AirWR3S7/fd5ZWWQ06T9MyMZSV/qqeZivEyGVpI= Received: by mail-wr1-f45.google.com with SMTP id q9so13715800wrm.8 for ; Fri, 11 Oct 2019 18:49:40 -0700 (PDT) X-Gm-Message-State: APjAAAXDnIlF1rGvzQzM8D/HiVXR7WWjrVVUVmqTJQe7pvp9Nsq1y3dq AjNHQKQIrup1b1OLr6ILdu+41q9ffd+70jm7yEc= X-Received: by 2002:adf:ebd1:: with SMTP id v17mr7345395wrn.204.1570844978955; Fri, 11 Oct 2019 18:49:38 -0700 (PDT) MIME-Version: 1.0 References: <1570762615-4256-1-git-send-email-han_mao@c-sky.com> In-Reply-To: <1570762615-4256-1-git-send-email-han_mao@c-sky.com> From: Guo Ren Date: Sat, 12 Oct 2019 09:49:27 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] csky: Initial stack protector support To: Mao Han Cc: Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Acked, I need optimize commit log with: ... It's tested with strcpy local array overflow in sys_kill and get: stack-protector: Kernel stack is corrupted in: sys_kill+0x23c/0x23c TODO: - Support task switch for different cannary On Fri, Oct 11, 2019 at 10:59 AM Mao Han wrote: > > This is a basic -fstack-protector support without per-task canary > switching. The protector will report something like when stack > corruption is detected: > > stack-protector: Kernel stack is corrupted in: sys_kill+0x23c/0x23c > > Tested with a local array overflow in kill system call. > > Signed-off-by: Mao Han > Cc: Guo Ren > --- > arch/csky/Kconfig | 1 + > arch/csky/include/asm/stackprotector.h | 29 +++++++++++++++++++++++++++++ > arch/csky/kernel/process.c | 6 ++++++ > 3 files changed, 36 insertions(+) > create mode 100644 arch/csky/include/asm/stackprotector.h > > diff --git a/arch/csky/Kconfig b/arch/csky/Kconfig > index 3973847..2852343 100644 > --- a/arch/csky/Kconfig > +++ b/arch/csky/Kconfig > @@ -48,6 +48,7 @@ config CSKY > select HAVE_PERF_USER_STACK_DUMP > select HAVE_DMA_API_DEBUG > select HAVE_DMA_CONTIGUOUS > + select HAVE_STACKPROTECTOR > select HAVE_SYSCALL_TRACEPOINTS > select MAY_HAVE_SPARSE_IRQ > select MODULES_USE_ELF_RELA if MODULES > diff --git a/arch/csky/include/asm/stackprotector.h b/arch/csky/include/asm/stackprotector.h > new file mode 100644 > index 0000000..d7cd4e5 > --- /dev/null > +++ b/arch/csky/include/asm/stackprotector.h > @@ -0,0 +1,29 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef _ASM_STACKPROTECTOR_H > +#define _ASM_STACKPROTECTOR_H 1 > + > +#include > +#include > + > +extern unsigned long __stack_chk_guard; > + > +/* > + * Initialize the stackprotector canary value. > + * > + * NOTE: this must only be called from functions that never return, > + * and it must always be inlined. > + */ > +static __always_inline void boot_init_stack_canary(void) > +{ > + unsigned long canary; > + > + /* Try to get a semi random initial value. */ > + get_random_bytes(&canary, sizeof(canary)); > + canary ^= LINUX_VERSION_CODE; > + canary &= CANARY_MASK; > + > + current->stack_canary = canary; > + __stack_chk_guard = current->stack_canary; > +} > + > +#endif /* __ASM_SH_STACKPROTECTOR_H */ > diff --git a/arch/csky/kernel/process.c b/arch/csky/kernel/process.c > index f320d92..5349cd8 100644 > --- a/arch/csky/kernel/process.c > +++ b/arch/csky/kernel/process.c > @@ -16,6 +16,12 @@ > > struct cpuinfo_csky cpu_data[NR_CPUS]; > > +#ifdef CONFIG_STACKPROTECTOR > +#include > +unsigned long __stack_chk_guard __read_mostly; > +EXPORT_SYMBOL(__stack_chk_guard); > +#endif > + > asmlinkage void ret_from_fork(void); > asmlinkage void ret_from_kernel_thread(void); > > -- > 2.7.4 > -- Best Regards Guo Ren ML: https://lore.kernel.org/linux-csky/