From patchwork Mon Nov 25 22:14:00 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 3234921 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 52AECC045B for ; Mon, 25 Nov 2013 22:16:17 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 854862031C for ; Mon, 25 Nov 2013 22:16:16 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9D14C20203 for ; Mon, 25 Nov 2013 22:16:15 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Vl4RI-0007Ux-3M; Mon, 25 Nov 2013 22:15:32 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1Vl4R4-0000UD-EW; Mon, 25 Nov 2013 22:15:18 +0000 Received: from smtp.outflux.net ([2001:19d0:2:6:c0de:0:736d:7470]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Vl4Qt-0000R0-Di for linux-arm-kernel@lists.infradead.org; Mon, 25 Nov 2013 22:15:09 +0000 Received: from www.outflux.net (serenity-end.outflux.net [10.2.0.2]) by vinyl.outflux.net (8.14.4/8.14.4/Debian-2ubuntu2.1) with ESMTP id rAPME1NE015892; Mon, 25 Nov 2013 14:14:01 -0800 Date: Mon, 25 Nov 2013 14:14:00 -0800 From: Kees Cook To: linux-kernel@vger.kernel.org Subject: [PATCH] use -fstack-protector-strong Message-ID: <20131125221400.GA11041@www.outflux.net> MIME-Version: 1.0 Content-Disposition: inline X-MIMEDefang-Filter: outflux$Revision: 1.316 $ X-HELO: www.outflux.net X-Scanned-By: MIMEDefang 2.71 on 10.2.0.1 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20131125_171507_792915_A3C28832 X-CRM114-Status: GOOD ( 15.03 ) X-Spam-Score: -1.9 (-) Cc: Russell King , Kees Cook , x86@kernel.org, Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner , Shawn Guo , Olof Johansson , linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Build the kernel with -fstack-protector-strong when it is available (gcc 4.9 and later). This increases the coverage of the stack protector without the heavy performance hit of -fstack-protector-all. On a Chrome OS kernel build, this grows the uncompressed kernel image by less than 0.16% on x86: -rwxr-xr-x 1 keescook portage 118219343 Apr 17 12:26 vmlinux.old -rwxr-xr-x 1 keescook portage 118407919 Apr 19 15:00 vmlinux ARM's compressed boot code now triggers stack protection, so a static guard was added. Since this is only used during decompression and was never used before, the exposure here is very small. Once it switches to the full kernel, the stack guard is back to normal. Signed-off-by: Kees Cook --- arch/arm/Makefile | 3 ++- arch/arm/boot/compressed/misc.c | 14 ++++++++++++++ arch/x86/Makefile | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index c99b1086d83d..c6d3ea1c063e 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -41,7 +41,8 @@ KBUILD_CFLAGS +=-fno-omit-frame-pointer -mapcs -mno-sched-prolog endif ifeq ($(CONFIG_CC_STACKPROTECTOR),y) -KBUILD_CFLAGS +=-fstack-protector +KBUILD_CFLAGS += $(call cc-option,-fstack-protector-strong,-fstack-protector) + endif ifeq ($(CONFIG_CPU_BIG_ENDIAN),y) diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 31bd43b82095..d4f891f56996 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -127,6 +127,18 @@ asmlinkage void __div0(void) error("Attempting division by 0!"); } +unsigned long __stack_chk_guard; + +void __stack_chk_guard_setup(void) +{ + __stack_chk_guard = 0x000a0dff; +} + +void __stack_chk_fail(void) +{ + error("stack-protector: Kernel stack is corrupted\n"); +} + extern int do_decompress(u8 *input, int len, u8 *output, void (*error)(char *x)); @@ -137,6 +149,8 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, { int ret; + __stack_chk_guard_setup(); + output_data = (unsigned char *)output_start; free_mem_ptr = free_mem_ptr_p; free_mem_end_ptr = free_mem_ptr_end_p; diff --git a/arch/x86/Makefile b/arch/x86/Makefile index 41250fb33985..4ebb054cc323 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -86,7 +86,7 @@ endif ifdef CONFIG_CC_STACKPROTECTOR cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y) - stackp-y := -fstack-protector + stackp-y := $(call cc-option,-fstack-protector-strong,-fstack-protector) KBUILD_CFLAGS += $(stackp-y) else $(warning stack protector enabled but no compiler support)