Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 54371a43 authored by Arjan van de Ven's avatar Arjan van de Ven Committed by Thomas Gleixner
Browse files

x86: add CONFIG_CC_STACKPROTECTOR self-test 



This patch adds a simple self-test capability to the stackprotector
feature. The test deliberately overflows a stack buffer and then
checks if the canary trap function gets called.

Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
parent 113c5413

kernel/panic.c

+68 −0
Original line number Diff line number Diff line
@@ -324,14 +324,82 @@ EXPORT_SYMBOL(warn_on_slowpath); 
#endif



#ifdef CONFIG_CC_STACKPROTECTOR



static unsigned long __stack_check_testing;

/*

 * Self test function for the stack-protector feature.

 * This test requires that the local variable absolutely has

 * a stack slot, hence the barrier()s.

 */

static noinline void __stack_chk_test_func(void)

{

	unsigned long foo;

	barrier();

	/*

	 * we need to make sure we're not about to clobber the return address,

	 * while real exploits do this, it's unhealthy on a running system.

	 * Besides, if we would, the test is already failed anyway so

	 * time to pull the emergency brake on it.

	 */

	if ((unsigned long)__builtin_return_address(0) == 

					*(((unsigned long *)&foo)+1)) {

		printk(KERN_ERR "No -fstack-protector-stack-frame!\n");

		return;

	}

#ifdef CONFIG_FRAME_POINTER

	/* We also don't want to clobber the frame pointer */

	if ((unsigned long)__builtin_return_address(0) == 

					*(((unsigned long *)&foo)+2)) {

		printk(KERN_ERR "No -fstack-protector-stack-frame!\n");

		return;

	}

#endif

	barrier();

	if (current->stack_canary == *(((unsigned long *)&foo)+1))

		*(((unsigned long *)&foo)+1) = 0;

	else

		printk(KERN_ERR "No -fstack-protector canary found\n");

	barrier();

}



static int __stack_chk_test(void)

{

	printk(KERN_INFO "Testing -fstack-protector-all feature\n");

	__stack_check_testing = (unsigned long)&__stack_chk_test_func;

	__stack_chk_test_func();

	if (__stack_check_testing) {

		printk(KERN_ERR "-fstack-protector-all test failed\n");

		WARN_ON(1);

	}

	return 0;

}

/*

 * Called when gcc's -fstack-protector feature is used, and

 * gcc detects corruption of the on-stack canary value

 */

void __stack_chk_fail(void)

{

	if (__stack_check_testing == (unsigned long)&__stack_chk_test_func) {

		long delta;



		delta = (unsigned long)__builtin_return_address(0) -

				__stack_check_testing;

		/*

		 * The test needs to happen inside the test function, so

		 * check if the return address is close to that function.

		 * The function is only 2 dozen bytes long, but keep a wide

		 * safety margin to avoid panic()s for normal users regardless

		 * of the quality of the compiler.

		 */

		if (delta >= 0 && delta <= 400) {

			__stack_check_testing = 0;

			return;

		}

	}

	panic("stack-protector: Kernel stack is corrupted in: %p\n",

		__builtin_return_address(0));

}

EXPORT_SYMBOL(__stack_chk_fail);



late_initcall(__stack_chk_test);

#endif