SOURCES (LINUX_2_6_16): linux-2.6-x86_64-stack-protector.patch (NE...
pluto
pluto at pld-linux.org
Sun Aug 27 12:02:07 CEST 2006
Author: pluto Date: Sun Aug 27 10:02:07 2006 GMT
Module: SOURCES Tag: LINUX_2_6_16
---- Log message:
- buffer overflow detection.
---- Files affected:
SOURCES:
linux-2.6-x86_64-stack-protector.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-x86_64-stack-protector.patch
diff -u /dev/null SOURCES/linux-2.6-x86_64-stack-protector.patch:1.1.2.1
--- /dev/null Sun Aug 27 12:02:07 2006
+++ SOURCES/linux-2.6-x86_64-stack-protector.patch Sun Aug 27 12:02:02 2006
@@ -0,0 +1,163 @@
+diff -uNr linux-2.6.16.orig/arch/x86_64/Kconfig linux-2.6.16/arch/x86_64/Kconfig
+--- linux-2.6.16.orig/arch/x86_64/Kconfig 2006-08-27 09:02:03.754054500 +0200
++++ linux-2.6.16/arch/x86_64/Kconfig 2006-08-27 09:12:33.514413750 +0200
+@@ -464,6 +464,30 @@
+
+ If unsure, say Y. Only embedded should say N here.
+
++config CC_STACKPROTECTOR
++ bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
++ depends on EXPERIMENTAL
++ help
++ This option turns on the -fstack-protector GCC feature. This
++ feature puts, at the beginning of critical functions, a canary
++ value on the stack just before the return address, and validates
++ the value just before actually returning. Stack based buffer
++ overflows (that need to overwrite this return address) now also
++ overwrite the canary, which gets detected and the attack is then
++ neutralized via a kernel panic.
++
++ This feature requires gcc version 4.2 or above, or a distribution
++ gcc with the feature backported. Older versions are automatically
++ detected and for those versions, this configuration option is ignored.
++
++config CC_STACKPROTECTOR_ALL
++ bool "Use stack-protector for all functions"
++ depends on CC_STACKPROTECTOR
++ help
++ Normally, GCC only inserts the canary value protection for
++ functions that use large-ish on-stack buffers. By enabling
++ this option, GCC will be asked to do this for ALL functions.
++
+ source kernel/Kconfig.hz
+
+ endmenu
+diff -uNr linux-2.6.16.orig/arch/x86_64/kernel/process.c linux-2.6.16/arch/x86_64/kernel/process.c
+--- linux-2.6.16.orig/arch/x86_64/kernel/process.c 2006-08-27 09:02:03.798035250 +0200
++++ linux-2.6.16/arch/x86_64/kernel/process.c 2006-08-27 09:12:52.254211500 +0200
+@@ -598,6 +598,14 @@
+
+ write_pda(kernelstack,
+ task_stack_page(next_p) + THREAD_SIZE - PDA_STACKOFFSET);
++#ifdef CONFIG_CC_STACKPROTECTOR
++ write_pda(stack_canary, next_p->stack_canary);
++ /*
++ * Build time only check to make sure the stack_canary is at
++ * offset 40 in the pda; this is a gcc ABI requirement
++ */
++ BUILD_BUG_ON(offsetof(struct x8664_pda, stack_canary) != 40);
++#endif
+
+ /*
+ * Now maybe reload the debug registers
+diff -uNr linux-2.6.16.orig/arch/x86_64/Makefile linux-2.6.16/arch/x86_64/Makefile
+--- linux-2.6.16.orig/arch/x86_64/Makefile 2006-03-20 06:53:29.000000000 +0100
++++ linux-2.6.16/arch/x86_64/Makefile 2006-08-27 09:13:17.898987000 +0200
+@@ -29,6 +29,14 @@
+
+ cflags-$(CONFIG_MK8) += $(call cc-option,-march=k8)
+ cflags-$(CONFIG_MPSC) += $(call cc-option,-march=nocona)
++
++stack-protector = $(shell $(CONFIG_SHELL) \
++ $(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(1))
++cflags-$(CONFIG_CC_STACKPROTECTOR) += \
++ $(call stack-protector, $(CC) -fstack-protector)
++cflags-$(CONFIG_CC_STACKPROTECTOR_ALL) += \
++ $(call stack-protector, $(CC) -fstack-protector-all)
++
+ CFLAGS += $(cflags-y)
+
+ CFLAGS += -m64
+diff -uNr linux-2.6.16.orig/include/asm-x86_64/pda.h linux-2.6.16/include/asm-x86_64/pda.h
+--- linux-2.6.16.orig/include/asm-x86_64/pda.h 2006-03-20 06:53:29.000000000 +0100
++++ linux-2.6.16/include/asm-x86_64/pda.h 2006-08-27 09:12:52.254211500 +0200
+@@ -9,14 +9,16 @@
+
+ /* Per processor datastructure. %gs points to it while the kernel runs */
+ struct x8664_pda {
+- struct task_struct *pcurrent; /* Current process */
+- unsigned long data_offset; /* Per cpu data offset from linker address */
+- unsigned long kernelstack; /* top of kernel stack for current */
+- unsigned long oldrsp; /* user rsp for system call */
+-#if DEBUG_STKSZ > EXCEPTION_STKSZ
+- unsigned long debugstack; /* #DB/#BP stack. */
++ struct task_struct *pcurrent; /* 0 */ /* Current process */
++ unsigned long data_offset; /* 8 */ /* Per cpu data offset from linker address */
++ unsigned long kernelstack; /* 16 */ /* top of kernel stack for current */
++ unsigned long oldrsp; /* 24 */ /* user rsp for system call */
++ unsigned long debugstack; /* 32 */ /* #DB/#BP stack. */
++#ifdef CONFIG_CC_STACKPROTECTOR
++ unsigned long stack_canary; /* 40 */ /* stack canary value */
++ /* gcc-ABI: this canary MUST be at offset 40!!! */
+ #endif
+- int irqcount; /* Irq nesting counter. Starts with -1 */
++ int irqcount; /* 48 */ /* Irq nesting counter. Starts with -1 */
+ int cpunumber; /* Logical CPU number */
+ char *irqstackptr; /* top of irqstack */
+ int nodenumber; /* number of current node */
+diff -uNr linux-2.6.16.orig/include/linux/sched.h linux-2.6.16/include/linux/sched.h
+--- linux-2.6.16.orig/include/linux/sched.h 2006-08-27 09:02:04.285821750 +0200
++++ linux-2.6.16/include/linux/sched.h 2006-08-27 09:12:52.254211500 +0200
+@@ -755,6 +755,11 @@
+ unsigned did_exec:1;
+ pid_t pid;
+ pid_t tgid;
++
++#ifdef CONFIG_CC_STACKPROTECTOR
++ /* Canary value for the -fstack-protector gcc feature */
++ unsigned long stack_canary;
++#endif
+ /*
+ * pointers to (original) parent process, youngest child, younger sibling,
+ * older sibling, respectively. (p->father can be replaced with
+diff -uNr linux-2.6.16.orig/kernel/fork.c linux-2.6.16/kernel/fork.c
+--- linux-2.6.16.orig/kernel/fork.c 2006-08-27 09:02:04.097904000 +0200
++++ linux-2.6.16/kernel/fork.c 2006-08-27 09:12:52.254211500 +0200
+@@ -45,6 +45,7 @@
+ #include <linux/acct.h>
+ #include <linux/cn_proc.h>
+ #include <linux/vs_context.h>
++#include <linux/random.h>
+ #include <linux/vs_network.h>
+ #include <linux/vs_limit.h>
+ #include <linux/vs_memory.h>
+@@ -184,6 +185,10 @@
+ tsk->thread_info = ti;
+ setup_thread_stack(tsk, orig);
+
++#ifdef CONFIG_CC_STACKPROTECTOR
++ tsk->stack_canary = get_random_int();
++#endif
++
+ /* One for us, one for whoever does the "release_task()" (usually parent) */
+ atomic_set(&tsk->usage,2);
+ atomic_set(&tsk->fs_excl, 0);
+diff -uNr linux-2.6.16.orig/kernel/panic.c linux-2.6.16/kernel/panic.c
+--- linux-2.6.16.orig/kernel/panic.c 2006-03-20 06:53:29.000000000 +0100
++++ linux-2.6.16/kernel/panic.c 2006-08-27 09:13:06.200107500 +0200
+@@ -174,3 +174,15 @@
+ tainted |= flag;
+ }
+ EXPORT_SYMBOL(add_taint);
++
++#ifdef CONFIG_CC_STACKPROTECTOR
++/*
++ * Called when gcc's -fstack-protector feature is used, and
++ * gcc detects corruption of the on-stack canary value
++ */
++void __stack_chk_fail(void)
++{
++ panic("stack-protector: Kernel stack is corrupted");
++}
++EXPORT_SYMBOL(__stack_chk_fail);
++#endif
+diff -uNr linux-2.6.16.orig/scripts/gcc-x86_64-has-stack-protector.sh linux-2.6.16/scripts/gcc-x86_64-has-stack-protector.sh
+--- linux-2.6.16.orig/scripts/gcc-x86_64-has-stack-protector.sh 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/scripts/gcc-x86_64-has-stack-protector.sh 2006-08-27 09:13:17.898987000 +0200
+@@ -0,0 +1,6 @@
++#!/bin/sh
++
++echo "int foo(void) { char X[200]; return 3; }" | $1 -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o - | grep -q "%gs"
++if [ "$?" -eq "0" ] ; then
++ echo $2
++fi
================================================================
More information about the pld-cvs-commit
mailing list