Merge branch 'core-stackprotector-for-linus' of... (ad3ab302) · Commits · e / devices / android_kernel_fairphone_FP3

Makefile

+17 −3

Original line number	Diff line number	Diff line
		@@ -595,10 +595,24 @@ ifneq ($(CONFIG_FRAME_WARN),0)
		KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
		endif

		# Force gcc to behave correct even for buggy distributions
		ifndef CONFIG_CC_STACKPROTECTOR
		KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
		# Handle stack protector mode.
		ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
		stackp-flag := -fstack-protector
		ifeq ($(call cc-option, $(stackp-flag)),)
		$(warning Cannot use CONFIG_CC_STACKPROTECTOR: \
		-fstack-protector not supported by compiler))
		endif
		else ifdef CONFIG_CC_STACKPROTECTOR_STRONG
		stackp-flag := -fstack-protector-strong
		ifeq ($(call cc-option, $(stackp-flag)),)
		$(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \
		-fstack-protector-strong not supported by compiler)
		endif
		else
		# Force off for distro compilers that enable stack protector by default.
		stackp-flag := $(call cc-option, -fno-stack-protector)
		endif
		KBUILD_CFLAGS += $(stackp-flag)

		# This warning generated too much noise in a regular build.
		# Use make W=1 to enable this warning (see scripts/Makefile.build)

arch/Kconfig

+67 −0

Original line number	Diff line number	Diff line
		@@ -336,6 +336,73 @@ config SECCOMP_FILTER

		See Documentation/prctl/seccomp_filter.txt for details.

		config HAVE_CC_STACKPROTECTOR
		bool
		help
		An arch should select this symbol if:
		- its compiler supports the -fstack-protector option
		- it has implemented a stack canary (e.g. __stack_chk_guard)

		config CC_STACKPROTECTOR
		def_bool n
		help
		Set when a stack-protector mode is enabled, so that the build
		can enable kernel-side support for the GCC feature.

		choice
		prompt "Stack Protector buffer overflow detection"
		depends on HAVE_CC_STACKPROTECTOR
		default CC_STACKPROTECTOR_NONE
		help
		This option turns on the "stack-protector" GCC feature. This
		feature puts, at the beginning of functions, a canary value on
		the stack just before the return address, and validates
		the value just before actually returning. Stack based buffer
		overflows (that need to overwrite this return address) now also
		overwrite the canary, which gets detected and the attack is then
		neutralized via a kernel panic.

		config CC_STACKPROTECTOR_NONE
		bool "None"
		help
		Disable "stack-protector" GCC feature.

		config CC_STACKPROTECTOR_REGULAR
		bool "Regular"
		select CC_STACKPROTECTOR
		help
		Functions will have the stack-protector canary logic added if they
		have an 8-byte or larger character array on the stack.

		This feature requires gcc version 4.2 or above, or a distribution
		gcc with the feature backported ("-fstack-protector").

		On an x86 "defconfig" build, this feature adds canary checks to
		about 3% of all kernel functions, which increases kernel code size
		by about 0.3%.

		config CC_STACKPROTECTOR_STRONG
		bool "Strong"
		select CC_STACKPROTECTOR
		help
		Functions will have the stack-protector canary logic added in any
		of the following conditions:

		- local variable's address used as part of the right hand side of an
		assignment or function argument
		- local variable is an array (or union containing an array),
		regardless of array type or length
		- uses register local variables

		This feature requires gcc version 4.9 or above, or a distribution
		gcc with the feature backported ("-fstack-protector-strong").

		On an x86 "defconfig" build, this feature adds canary checks to
		about 20% of all kernel functions, which increases the kernel code
		size by about 2%.

		endchoice

		config HAVE_CONTEXT_TRACKING
		bool
		help

arch/arm/Kconfig

+1 −12

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@ config ARM
		select HAVE_BPF_JIT
		select HAVE_CONTEXT_TRACKING
		select HAVE_C_RECORDMCOUNT
		select HAVE_CC_STACKPROTECTOR
		select HAVE_DEBUG_KMEMLEAK
		select HAVE_DMA_API_DEBUG
		select HAVE_DMA_ATTRS
		@@ -1856,18 +1857,6 @@ config SECCOMP
		and the task is only allowed to execute a few safe syscalls
		defined by each seccomp mode.

		config CC_STACKPROTECTOR
		bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
		help
		This option turns on the -fstack-protector GCC feature. This
		feature puts, at the beginning of functions, a canary value on
		the stack just before the return address, and validates
		the value just before actually returning. Stack based buffer
		overflows (that need to overwrite this return address) now also
		overwrite the canary, which gets detected and the attack is then
		neutralized via a kernel panic.
		This feature requires gcc version 4.2 or above.

		config SWIOTLB
		def_bool y

arch/arm/Makefile

+0 −4

Original line number	Diff line number	Diff line
		@@ -40,10 +40,6 @@ ifeq ($(CONFIG_FRAME_POINTER),y)
		KBUILD_CFLAGS +=-fno-omit-frame-pointer -mapcs -mno-sched-prolog
		endif

		ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
		KBUILD_CFLAGS +=-fstack-protector
		endif

		ifeq ($(CONFIG_CPU_BIG_ENDIAN),y)
		KBUILD_CPPFLAGS += -mbig-endian
		AS += -EB

arch/arm/boot/compressed/misc.c

+14 −0

Original line number	Diff line number	Diff line
		@@ -127,6 +127,18 @@ asmlinkage void __div0(void)
		error("Attempting division by 0!");
		}

		unsigned long __stack_chk_guard;

		void __stack_chk_guard_setup(void)
		{
		__stack_chk_guard = 0x000a0dff;
		}

		void __stack_chk_fail(void)
		{
		error("stack-protector: Kernel stack is corrupted\n");
		}

		extern int do_decompress(u8 input, int len, u8 output, void (error)(char x));


		@@ -137,6 +149,8 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p,
		{
		int ret;

		__stack_chk_guard_setup();

		output_data = (unsigned char *)output_start;
		free_mem_ptr = free_mem_ptr_p;
		free_mem_end_ptr = free_mem_ptr_end_p;