diff options
| author | Arjan van de Ven <arjan@linux.intel.com> | 2008-07-12 12:36:38 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2008-07-13 15:08:38 -0400 |
| commit | af9ff7868f0f76d3364351b1641b9dfa99588e77 (patch) | |
| tree | 4fbbf7a306a9a3ebbfbbe678396f0594bd18cb68 /kernel/panic.c | |
| parent | aa92db14270b79f0f91a9060b547a46f9e2639da (diff) | |
x86: simplify stackprotector self-check
Clean up the code by removing no longer needed code;
make sure the pda is updated and kept in sync
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel/panic.c')
| -rw-r--r-- | kernel/panic.c | 29 |
1 files changed, 7 insertions, 22 deletions
diff --git a/kernel/panic.c b/kernel/panic.c index 28153aec710..87445a894c3 100644 --- a/kernel/panic.c +++ b/kernel/panic.c | |||
| @@ -328,37 +328,21 @@ EXPORT_SYMBOL(warn_on_slowpath); | |||
| 328 | #ifndef GCC_HAS_SP | 328 | #ifndef GCC_HAS_SP |
| 329 | #warning You have selected the CONFIG_CC_STACKPROTECTOR option, but the gcc used does not support this. | 329 | #warning You have selected the CONFIG_CC_STACKPROTECTOR option, but the gcc used does not support this. |
| 330 | #endif | 330 | #endif |
| 331 | |||
| 331 | static unsigned long __stack_check_testing; | 332 | static unsigned long __stack_check_testing; |
| 333 | |||
| 332 | /* | 334 | /* |
| 333 | * Self test function for the stack-protector feature. | 335 | * Self test function for the stack-protector feature. |
| 334 | * This test requires that the local variable absolutely has | 336 | * This test requires that the local variable absolutely has |
| 335 | * a stack slot, hence the barrier()s. | 337 | * a stack slot. |
| 336 | */ | 338 | */ |
| 337 | static noinline void __stack_chk_test_func(void) | 339 | static noinline void __stack_chk_test_func(void) |
| 338 | { | 340 | { |
| 339 | unsigned long foo; | 341 | unsigned long dummy_buffer[64]; /* force gcc to use the canary */ |
| 340 | barrier(); | ||
| 341 | /* | ||
| 342 | * we need to make sure we're not about to clobber the return address, | ||
| 343 | * while real exploits do this, it's unhealthy on a running system. | ||
| 344 | * Besides, if we would, the test is already failed anyway so | ||
| 345 | * time to pull the emergency brake on it. | ||
| 346 | */ | ||
| 347 | if ((unsigned long)__builtin_return_address(0) == | ||
| 348 | *(((unsigned long *)&foo)+1)) { | ||
| 349 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); | ||
| 350 | } | ||
| 351 | #ifdef CONFIG_FRAME_POINTER | ||
| 352 | /* We also don't want to clobber the frame pointer */ | ||
| 353 | if ((unsigned long)__builtin_return_address(0) == | ||
| 354 | *(((unsigned long *)&foo)+2)) { | ||
| 355 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); | ||
| 356 | } | ||
| 357 | #endif | ||
| 358 | if (current->stack_canary != *(((unsigned long *)&foo)+1)) | ||
| 359 | printk(KERN_ERR "No -fstack-protector canary found\n"); | ||
| 360 | 342 | ||
| 361 | current->stack_canary = ~current->stack_canary; | 343 | current->stack_canary = ~current->stack_canary; |
| 344 | refresh_stack_canary(); | ||
| 345 | dummy_buffer[3] = 1; /* fool gcc into keeping the variable */ | ||
| 362 | } | 346 | } |
| 363 | 347 | ||
| 364 | static int __stack_chk_test(void) | 348 | static int __stack_chk_test(void) |
| @@ -371,6 +355,7 @@ static int __stack_chk_test(void) | |||
| 371 | WARN_ON(1); | 355 | WARN_ON(1); |
| 372 | }; | 356 | }; |
| 373 | current->stack_canary = ~current->stack_canary; | 357 | current->stack_canary = ~current->stack_canary; |
| 358 | refresh_stack_canary(); | ||
| 374 | return 0; | 359 | return 0; |
| 375 | } | 360 | } |
| 376 | /* | 361 | /* |