提交 7e09b2a0 编写于 作者: I Ingo Molnar 提交者: Thomas Gleixner

x86: fix canary of the boot CPU's idle task

the boot CPU's idle task has a zero stackprotector canary value.

this is a special task that is never forked, so the fork code
does not randomize its canary. Do it when we hit cpu_idle().

Academic sidenote: this means that the early init code runs with a
zero canary and hence the canary becomes predictable for this short,
boot-only amount of time.

Although attack vectors against early init code are very rare, it might
make sense to move this initialization to an earlier point.
(to one of the early init functions that never return - such as
start_kernel())
Signed-off-by: NIngo Molnar <mingo@elte.hu>
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
上级 ce22bd92
...@@ -150,9 +150,13 @@ void cpu_idle(void) ...@@ -150,9 +150,13 @@ void cpu_idle(void)
#ifdef CONFIG_CC_STACKPROTECTOR #ifdef CONFIG_CC_STACKPROTECTOR
/* /*
* If we're the non-boot CPU, nothing set the PDA stack * If we're the non-boot CPU, nothing set the PDA stack
* canary up for us. This is as good a place as any for * canary up for us - and if we are the boot CPU we have
* doing that. * a 0 stack canary. This is a good place for updating
* it, as we wont ever return from this function (so the
* invalid canaries already on the stack wont ever
* trigger):
*/ */
current->stack_canary = get_random_int();
write_pda(stack_canary, current->stack_canary); write_pda(stack_canary, current->stack_canary);
#endif #endif
/* endless idle loop with no priority at all */ /* endless idle loop with no priority at all */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册