diff options
author | Arjan van de Ven <arjan@linux.intel.com> | 2008-07-11 08:09:55 -0400 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2008-07-11 14:32:58 -0400 |
commit | aa92db14270b79f0f91a9060b547a46f9e2639da (patch) | |
tree | 576da2534db939abe8c71a02e3ac4fbe4833037e /kernel | |
parent | 5ce001b0e56638c726270d4f9e05d46d4250dfbb (diff) |
stackprotector: better self-test
check stackprotector functionality by manipulating the canary briefly
during bootup.
far more robust than trying to overflow the stack. (which is architecture
dependent, etc.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/panic.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/kernel/panic.c b/kernel/panic.c index 6729e3f4ebcb..28153aec7100 100644 --- a/kernel/panic.c +++ b/kernel/panic.c | |||
@@ -347,22 +347,18 @@ static noinline void __stack_chk_test_func(void) | |||
347 | if ((unsigned long)__builtin_return_address(0) == | 347 | if ((unsigned long)__builtin_return_address(0) == |
348 | *(((unsigned long *)&foo)+1)) { | 348 | *(((unsigned long *)&foo)+1)) { |
349 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); | 349 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); |
350 | return; | ||
351 | } | 350 | } |
352 | #ifdef CONFIG_FRAME_POINTER | 351 | #ifdef CONFIG_FRAME_POINTER |
353 | /* We also don't want to clobber the frame pointer */ | 352 | /* We also don't want to clobber the frame pointer */ |
354 | if ((unsigned long)__builtin_return_address(0) == | 353 | if ((unsigned long)__builtin_return_address(0) == |
355 | *(((unsigned long *)&foo)+2)) { | 354 | *(((unsigned long *)&foo)+2)) { |
356 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); | 355 | printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); |
357 | return; | ||
358 | } | 356 | } |
359 | #endif | 357 | #endif |
360 | barrier(); | 358 | if (current->stack_canary != *(((unsigned long *)&foo)+1)) |
361 | if (current->stack_canary == *(((unsigned long *)&foo)+1)) | ||
362 | *(((unsigned long *)&foo)+1) = 0; | ||
363 | else | ||
364 | printk(KERN_ERR "No -fstack-protector canary found\n"); | 359 | printk(KERN_ERR "No -fstack-protector canary found\n"); |
365 | barrier(); | 360 | |
361 | current->stack_canary = ~current->stack_canary; | ||
366 | } | 362 | } |
367 | 363 | ||
368 | static int __stack_chk_test(void) | 364 | static int __stack_chk_test(void) |
@@ -373,7 +369,8 @@ static int __stack_chk_test(void) | |||
373 | if (__stack_check_testing) { | 369 | if (__stack_check_testing) { |
374 | printk(KERN_ERR "-fstack-protector-all test failed\n"); | 370 | printk(KERN_ERR "-fstack-protector-all test failed\n"); |
375 | WARN_ON(1); | 371 | WARN_ON(1); |
376 | } | 372 | }; |
373 | current->stack_canary = ~current->stack_canary; | ||
377 | return 0; | 374 | return 0; |
378 | } | 375 | } |
379 | /* | 376 | /* |