From 990cb8acf23cab19a2930f1ed5e7dc108f89079b Mon Sep 17 00:00:00 2001 From: Nicolas Pitre Date: Mon, 14 Jun 2010 16:27:19 -0400 Subject: [ARM] implement arch_randomize_brk() For this feature to take effect, CONFIG_COMPAT_BRK must be turned off. This can safely be turned off for any EABI user space versions. Signed-off-by: Nicolas Pitre --- arch/arm/kernel/process.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'arch/arm/kernel') diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c index acf5e6f..1c6eb7e 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -421,3 +422,9 @@ unsigned long get_wchan(struct task_struct *p) } while (count ++ < 16); return 0; } + +unsigned long arch_randomize_brk(struct mm_struct *mm) +{ + unsigned long range_end = mm->brk + 0x02000000; + return randomize_range(mm->brk, range_end, 0) ? : mm->brk; +} -- cgit v1.1 From c743f38013aeff58ef6252601e397b5ba281c633 Mon Sep 17 00:00:00 2001 From: Nicolas Pitre Date: Mon, 24 May 2010 23:55:42 -0400 Subject: ARM: initial stack protector (-fstack-protector) support This is the very basic stuff without the changing canary upon task switch yet. Just the Kconfig option and a constant canary value initialized at boot time. Signed-off-by: Nicolas Pitre --- arch/arm/kernel/process.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'arch/arm/kernel') diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c index 1c6eb7e..090ac94 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -37,6 +37,12 @@ #include #include +#ifdef CONFIG_CC_STACKPROTECTOR +#include +unsigned long __stack_chk_guard __read_mostly; +EXPORT_SYMBOL(__stack_chk_guard); +#endif + static const char *processor_modes[] = { "USER_26", "FIQ_26" , "IRQ_26" , "SVC_26" , "UK4_26" , "UK5_26" , "UK6_26" , "UK7_26" , "UK8_26" , "UK9_26" , "UK10_26", "UK11_26", "UK12_26", "UK13_26", "UK14_26", "UK15_26", -- cgit v1.1 From df0698be14c6683606d5df2d83e3ae40f85ed0d9 Mon Sep 17 00:00:00 2001 From: Nicolas Pitre Date: Mon, 7 Jun 2010 21:50:33 -0400 Subject: ARM: stack protector: change the canary value per task A new random value for the canary is stored in the task struct whenever a new task is forked. This is meant to allow for different canary values per task. On ARM, GCC expects the canary value to be found in a global variable called __stack_chk_guard. So this variable has to be updated with the value stored in the task struct whenever a task switch occurs. Because the variable GCC expects is global, this cannot work on SMP unfortunately. So, on SMP, the same initial canary value is kept throughout, making this feature a bit less effective although it is still useful. One way to overcome this GCC limitation would be to locate the __stack_chk_guard variable into a memory page of its own for each CPU, and then use TLB locking to have each CPU see its own page at the same virtual address for each of them. Signed-off-by: Nicolas Pitre --- arch/arm/kernel/asm-offsets.c | 3 +++ arch/arm/kernel/entry-armv.S | 8 ++++++++ 2 files changed, 11 insertions(+) (limited to 'arch/arm/kernel') diff --git a/arch/arm/kernel/asm-offsets.c b/arch/arm/kernel/asm-offsets.c index 8835115..85f2a01 100644 --- a/arch/arm/kernel/asm-offsets.c +++ b/arch/arm/kernel/asm-offsets.c @@ -40,6 +40,9 @@ int main(void) { DEFINE(TSK_ACTIVE_MM, offsetof(struct task_struct, active_mm)); +#ifdef CONFIG_CC_STACKPROTECTOR + DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, stack_canary)); +#endif BLANK(); DEFINE(TI_FLAGS, offsetof(struct thread_info, flags)); DEFINE(TI_PREEMPT, offsetof(struct thread_info, preempt_count)); diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 7ee48e7..2d14081 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -745,6 +745,11 @@ ENTRY(__switch_to) mov r4, #0xffff0fff str r3, [r4, #-15] @ TLS val at 0xffff0ff0 #endif +#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) + ldr r7, [r2, #TI_TASK] + ldr r8, =__stack_chk_guard + ldr r7, [r7, #TSK_STACK_CANARY] +#endif #ifdef CONFIG_MMU mcr p15, 0, r6, c3, c0, 0 @ Set domain register #endif @@ -753,6 +758,9 @@ ENTRY(__switch_to) ldr r0, =thread_notify_head mov r1, #THREAD_NOTIFY_SWITCH bl atomic_notifier_call_chain +#if defined(CONFIG_CC_STACKPROTECTOR) && !defined(CONFIG_SMP) + str r7, [r8] +#endif THUMB( mov ip, r4 ) mov r0, r5 ARM( ldmia r4, {r4 - sl, fp, sp, pc} ) @ Load all regs saved previously -- cgit v1.1 From 73a65b3f8587fa1c83768515ecc0bf6fa44ccdd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= Date: Tue, 19 Jan 2010 10:13:14 +0100 Subject: ARM: deprecate support for old way to pass kernel parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was deprecated in 2001 and announced to live on for 5 years. For now provide a kernel parameter for those who still need it. Acked-by: Eric Miao Signed-off-by: Uwe Kleine-König --- arch/arm/kernel/Makefile | 4 +++- arch/arm/kernel/compat.c | 7 ------- arch/arm/kernel/compat.h | 2 -- arch/arm/kernel/setup.c | 11 +++++++++++ 4 files changed, 14 insertions(+), 10 deletions(-) (limited to 'arch/arm/kernel') diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile index 26d302c..021f72d 100644 --- a/arch/arm/kernel/Makefile +++ b/arch/arm/kernel/Makefile @@ -13,10 +13,12 @@ CFLAGS_REMOVE_return_address.o = -pg # Object file lists. -obj-y := compat.o elf.o entry-armv.o entry-common.o irq.o \ +obj-y := elf.o entry-armv.o entry-common.o irq.o \ process.o ptrace.o return_address.o setup.o signal.o \ sys_arm.o stacktrace.o time.o traps.o +obj-$(CONFIG_DEPRECATED_PARAM_STRUCT) += compat.o + obj-$(CONFIG_LEDS) += leds.o obj-$(CONFIG_OC_ETM) += etm.o diff --git a/arch/arm/kernel/compat.c b/arch/arm/kernel/compat.c index 0a13854..9256523 100644 --- a/arch/arm/kernel/compat.c +++ b/arch/arm/kernel/compat.c @@ -217,10 +217,3 @@ void __init convert_to_tag_list(struct tag *tags) struct param_struct *params = (struct param_struct *)tags; build_tag_list(params, ¶ms->u2); } - -void __init squash_mem_tags(struct tag *tag) -{ - for (; tag->hdr.size; tag = tag_next(tag)) - if (tag->hdr.tag == ATAG_MEM) - tag->hdr.tag = ATAG_NONE; -} diff --git a/arch/arm/kernel/compat.h b/arch/arm/kernel/compat.h index 27e61a6..39264ab 100644 --- a/arch/arm/kernel/compat.h +++ b/arch/arm/kernel/compat.h @@ -9,5 +9,3 @@ */ extern void convert_to_tag_list(struct tag *tags); - -extern void squash_mem_tags(struct tag *tag); diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c index 122d999..cbc6ddb 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -44,7 +44,9 @@ #include #include +#if defined(CONFIG_DEPRECATED_PARAM_STRUCT) #include "compat.h" +#endif #include "atags.h" #include "tcm.h" @@ -663,6 +665,13 @@ static int __init customize_machine(void) } arch_initcall(customize_machine); +static void __init squash_mem_tags(struct tag *tag) +{ + for (; tag->hdr.size; tag = tag_next(tag)) + if (tag->hdr.tag == ATAG_MEM) + tag->hdr.tag = ATAG_NONE; +} + void __init setup_arch(char **cmdline_p) { struct tag *tags = (struct tag *)&init_tags; @@ -683,12 +692,14 @@ void __init setup_arch(char **cmdline_p) else if (mdesc->boot_params) tags = phys_to_virt(mdesc->boot_params); +#if defined(CONFIG_DEPRECATED_PARAM_STRUCT) /* * If we have the old style parameters, convert them to * a tag list. */ if (tags->hdr.tag != ATAG_CORE) convert_to_tag_list(tags); +#endif if (tags->hdr.tag != ATAG_CORE) tags = (struct tag *)&init_tags; -- cgit v1.1