[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131125221400.GA11041@www.outflux.net>
Date: Mon, 25 Nov 2013 14:14:00 -0800
From: Kees Cook <keescook@...omium.org>
To: linux-kernel@...r.kernel.org
Cc: Russell King <linux@....linux.org.uk>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
Kees Cook <keescook@...omium.org>,
Shawn Guo <shawn.guo@...aro.org>,
Olof Johansson <olofj@...omium.org>,
linux-arm-kernel@...ts.infradead.org
Subject: [PATCH] use -fstack-protector-strong
Build the kernel with -fstack-protector-strong when it is available
(gcc 4.9 and later). This increases the coverage of the stack protector
without the heavy performance hit of -fstack-protector-all.
On a Chrome OS kernel build, this grows the uncompressed kernel image
by less than 0.16% on x86:
-rwxr-xr-x 1 keescook portage 118219343 Apr 17 12:26 vmlinux.old
-rwxr-xr-x 1 keescook portage 118407919 Apr 19 15:00 vmlinux
ARM's compressed boot code now triggers stack protection, so a static
guard was added. Since this is only used during decompression and was
never used before, the exposure here is very small. Once it switches to
the full kernel, the stack guard is back to normal.
Signed-off-by: Kees Cook <keescook@...omium.org>
---
arch/arm/Makefile | 3 ++-
arch/arm/boot/compressed/misc.c | 14 ++++++++++++++
arch/x86/Makefile | 2 +-
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index c99b1086d83d..c6d3ea1c063e 100644
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -41,7 +41,8 @@ KBUILD_CFLAGS +=-fno-omit-frame-pointer -mapcs -mno-sched-prolog
endif
ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
-KBUILD_CFLAGS +=-fstack-protector
+KBUILD_CFLAGS += $(call cc-option,-fstack-protector-strong,-fstack-protector)
+
endif
ifeq ($(CONFIG_CPU_BIG_ENDIAN),y)
diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c
index 31bd43b82095..d4f891f56996 100644
--- a/arch/arm/boot/compressed/misc.c
+++ b/arch/arm/boot/compressed/misc.c
@@ -127,6 +127,18 @@ asmlinkage void __div0(void)
error("Attempting division by 0!");
}
+unsigned long __stack_chk_guard;
+
+void __stack_chk_guard_setup(void)
+{
+ __stack_chk_guard = 0x000a0dff;
+}
+
+void __stack_chk_fail(void)
+{
+ error("stack-protector: Kernel stack is corrupted\n");
+}
+
extern int do_decompress(u8 *input, int len, u8 *output, void (*error)(char *x));
@@ -137,6 +149,8 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p,
{
int ret;
+ __stack_chk_guard_setup();
+
output_data = (unsigned char *)output_start;
free_mem_ptr = free_mem_ptr_p;
free_mem_end_ptr = free_mem_ptr_end_p;
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 41250fb33985..4ebb054cc323 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -86,7 +86,7 @@ endif
ifdef CONFIG_CC_STACKPROTECTOR
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
- stackp-y := -fstack-protector
+ stackp-y := $(call cc-option,-fstack-protector-strong,-fstack-protector)
KBUILD_CFLAGS += $(stackp-y)
else
$(warning stack protector enabled but no compiler support)
--
1.7.9.5
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists