diff options
author | Arjan van de Ven | 2008-07-11 05:09:55 -0700 |
---|---|---|
committer | Ingo Molnar | 2008-07-11 20:32:58 +0200 |
commit | aa92db14270b79f0f91a9060b547a46f9e2639da (patch) | |
tree | 576da2534db939abe8c71a02e3ac4fbe4833037e | |
parent | 5ce001b0e56638c726270d4f9e05d46d4250dfbb (diff) |
stackprotector: better self-test
check stackprotector functionality by manipulating the canary briefly
during bootup.
far more robust than trying to overflow the stack. (which is architecture
dependent, etc.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r-- | kernel/panic.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/kernel/panic.c b/kernel/panic.c index 6729e3f4ebcb..28153aec7100 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -347,22 +347,18 @@ static noinline void __stack_chk_test_func(void) if ((unsigned long)__builtin_return_address(0) == *(((unsigned long *)&foo)+1)) { printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); - return; } #ifdef CONFIG_FRAME_POINTER /* We also don't want to clobber the frame pointer */ if ((unsigned long)__builtin_return_address(0) == *(((unsigned long *)&foo)+2)) { printk(KERN_ERR "No -fstack-protector-stack-frame!\n"); - return; } #endif - barrier(); - if (current->stack_canary == *(((unsigned long *)&foo)+1)) - *(((unsigned long *)&foo)+1) = 0; - else + if (current->stack_canary != *(((unsigned long *)&foo)+1)) printk(KERN_ERR "No -fstack-protector canary found\n"); - barrier(); + + current->stack_canary = ~current->stack_canary; } static int __stack_chk_test(void) @@ -373,7 +369,8 @@ static int __stack_chk_test(void) if (__stack_check_testing) { printk(KERN_ERR "-fstack-protector-all test failed\n"); WARN_ON(1); - } + }; + current->stack_canary = ~current->stack_canary; return 0; } /* |