lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <e1b65467-7497-5db4-aa93-1ad00d12af3f@c-s.fr>
Date:   Tue, 18 Sep 2018 23:41:33 +0000
From:   Christophe Leroy <christophe.leroy@....fr>
To:     linuxppc-dev@...ts.ozlabs.org, linux-kbuild@...r.kernel.org,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Michal Marek <michal.lkml@...kovi.net>,
        Segher Boessenkool <segher@...nel.crashing.org>
Cc:     LKML <linux-kernel@...r.kernel.org>
Subject: How to define some additional KBUILD_CFLAGS after building
 include/generated/asm-offsets.h ?

I'm trying to implement TLS based stack protector in the Linux Kernel.
For that I need to give to GCC the offset at which it will find the 
canary (register r2 is pointing to the current task struct).

I have been able to do it with the below patch, but it only works when 
include/generated/asm-offsets.h already exists from the start of the build.

Is there a way to evaluate CANARY_OFFSET and add the stack-protector 
flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?

Or another way of add -mstack-protector-guard-offset=offsetof(struct 
task_struct, stack_canary) ?

diff --git a/arch/powerpc/kernel/asm-offsets.c 
b/arch/powerpc/kernel/asm-offsets.c
index 89cf15566c4e..b25483946921 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -89,6 +89,9 @@ int main(void)
         DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
         OFFSET(KSP_LIMIT, thread_struct, ksp_limit);
  #endif /* CONFIG_PPC64 */
+#ifdef CONFIG_STACKPROTECTOR
+       DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, 
stack_canary));
+#endif

  #ifdef CONFIG_LIVEPATCH
         OFFSET(TI_livepatch_sp, thread_info, livepatch_sp);
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index e58c3f467db5..051b907b5c02 100644
[root@...6082vm linux-powerpc]# git diff
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 748e34e81a03..7b5a23a8afe8 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -113,7 +113,8 @@ KBUILD_ARFLAGS      += --target=elf$(BITS)-$(GNUTARGET)
  endif

  ifdef CONFIG_STACKPROTECTOR
-KBUILD_CFLAGS  += -mstack-protector-guard=global
+CANARY_OFFSET := $(shell awk '{if ($$2 == "TSK_STACK_CANARY") print 
$$3;}' include/generated/asm-offsets.h)
+KBUILD_CFLAGS  += -mstack-protector-guard=tls 
-mstack-protector-guard-reg=r2 
-mstack-protector-guard-offset=$(CANARY_OFFSET)
  endif

  LDFLAGS_vmlinux-y := -Bstatic


Thanks
Christophe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ