[PATCH v4] riscv: Enable per-task stack canaries
Kees Cook
keescook at chromium.org
Fri Nov 13 17:57:55 EST 2020
On Sun, Oct 18, 2020 at 12:38:17PM +0000, guoren at kernel.org wrote:
> From: Guo Ren <guoren at linux.alibaba.com>
>
> This enables the use of per-task stack canary values if GCC has
> support for emitting the stack canary reference relative to the
> value of tp, which holds the task struct pointer in the riscv
> kernel.
>
> After compare arm64 and x86 implementations, seems arm64's is more
> flexible and readable. The key point is how gcc get the offset of
> stack_canary from gs/el0_sp.
>
> x86: Use a fix offset from gs, not flexible.
>
> struct fixed_percpu_data {
> /*
> * GCC hardcodes the stack canary as %gs:40. Since the
> * irq_stack is the object at %gs:0, we reserve the bottom
> * 48 bytes of the irq stack for the canary.
> */
> char gs_base[40]; // :(
> unsigned long stack_canary;
> };
>
> arm64: Use -mstack-protector-guard-offset & guard-reg
> gcc options:
> -mstack-protector-guard=sysreg
> -mstack-protector-guard-reg=sp_el0
> -mstack-protector-guard-offset=xxx
>
> riscv: Use -mstack-protector-guard-offset & guard-reg
> gcc options:
> -mstack-protector-guard=tls
> -mstack-protector-guard-reg=tp
> -mstack-protector-guard-offset=xxx
>
> GCC's implementation has been merged:
> commit c931e8d5a96463427040b0d11f9c4352ac22b2b0
> Author: Cooper Qu <cooper.qu at linux.alibaba.com>
> Date: Mon Jul 13 16:15:08 2020 +0800
>
> RISC-V: Add support for TLS stack protector canary access
>
> In the end, these codes are inserted by gcc before return:
>
> * 0xffffffe00020b396 <+120>: ld a5,1008(tp) # 0x3f0
> * 0xffffffe00020b39a <+124>: xor a5,a5,a4
> * 0xffffffe00020b39c <+126>: mv a0,s5
> * 0xffffffe00020b39e <+128>: bnez a5,0xffffffe00020b61c <_do_fork+766>
> 0xffffffe00020b3a2 <+132>: ld ra,136(sp)
> 0xffffffe00020b3a4 <+134>: ld s0,128(sp)
> 0xffffffe00020b3a6 <+136>: ld s1,120(sp)
> 0xffffffe00020b3a8 <+138>: ld s2,112(sp)
> 0xffffffe00020b3aa <+140>: ld s3,104(sp)
> 0xffffffe00020b3ac <+142>: ld s4,96(sp)
> 0xffffffe00020b3ae <+144>: ld s5,88(sp)
> 0xffffffe00020b3b0 <+146>: ld s6,80(sp)
> 0xffffffe00020b3b2 <+148>: ld s7,72(sp)
> 0xffffffe00020b3b4 <+150>: addi sp,sp,144
> 0xffffffe00020b3b6 <+152>: ret
> ...
> * 0xffffffe00020b61c <+766>: auipc ra,0x7f8
> * 0xffffffe00020b620 <+770>: jalr -1764(ra) # 0xffffffe000a02f38 <__stack_chk_fail>
>
> Signed-off-by: Guo Ren <guoren at linux.alibaba.com>
Thanks for getting this working! It looks good to me. :)
Reviewed-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the linux-riscv
mailing list