The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/kern/stack_protector.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 #include <sys/cdefs.h>
    2 __FBSDID("$FreeBSD: head/sys/kern/stack_protector.c 346292 2019-04-16 18:47:20Z cem $");
    3 
    4 #include <sys/types.h>
    5 #include <sys/param.h>
    6 #include <sys/kernel.h>
    7 #include <sys/random.h>
    8 #include <sys/sysctl.h>
    9 #include <sys/systm.h>
   10 #include <sys/libkern.h>
   11 
   12 long __stack_chk_guard[8] = {};
   13 void __stack_chk_fail(void);
   14 
   15 /*
   16  * XXX This default is unsafe!!!  We intend to change it after resolving issues
   17  * with early entropy in the installer; some kinds of systems that do not use
   18  * loader(8), such as riscv, aarch64, and power; and perhaps others that I am
   19  * forgetting off the top of my head.
   20  */
   21 static bool permit_nonrandom_cookies = true;
   22 
   23 SYSCTL_NODE(_security, OID_AUTO, stack_protect, CTLFLAG_RW, 0,
   24     "-fstack-protect support");
   25 SYSCTL_BOOL(_security_stack_protect, OID_AUTO, permit_nonrandom_cookies,
   26     CTLFLAG_RDTUN, &permit_nonrandom_cookies, 0,
   27     "Allow stack guard to be used without real random cookies");
   28 
   29 void
   30 __stack_chk_fail(void)
   31 {
   32 
   33         panic("stack overflow detected; backtrace may be corrupted");
   34 }
   35 
   36 static void
   37 __stack_chk_init(void *dummy __unused)
   38 {
   39         size_t i;
   40         long guard[nitems(__stack_chk_guard)];
   41 
   42         if (is_random_seeded()) {
   43                 arc4rand(guard, sizeof(guard), 0);
   44                 for (i = 0; i < nitems(guard); i++)
   45                         __stack_chk_guard[i] = guard[i];
   46                 return;
   47         }
   48 
   49         if (permit_nonrandom_cookies) {
   50                 printf("%s: WARNING: Initializing stack protection with "
   51                     "non-random cookies!\n", __func__);
   52                 printf("%s: WARNING: This severely limits the benefit of "
   53                     "-fstack-protector!\n", __func__);
   54 
   55                 /*
   56                  * The emperor is naked, but I rolled some dice and at least
   57                  * these values aren't zero.
   58                  */
   59                 __stack_chk_guard[0] = (long)0xe7318d5959af899full;
   60                 __stack_chk_guard[1] = (long)0x35a9481c089348bfull;
   61                 __stack_chk_guard[2] = (long)0xde657fdc04117255ull;
   62                 __stack_chk_guard[3] = (long)0x0dd44c61c22e4a6bull;
   63                 __stack_chk_guard[4] = (long)0x0a5869a354edb0a5ull;
   64                 __stack_chk_guard[5] = (long)0x05cebfed255b5232ull;
   65                 __stack_chk_guard[6] = (long)0x270ffac137c4c72full;
   66                 __stack_chk_guard[7] = (long)0xd8141a789bad478dull;
   67                 _Static_assert(nitems(__stack_chk_guard) == 8,
   68                     "__stack_chk_guard doesn't have 8 items");
   69                 return;
   70         }
   71 
   72         panic("%s: cannot initialize stack cookies because random device is "
   73             "not yet seeded", __func__);
   74 }
   75 SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);

Cache object: d8f7ff103b02c3fb5a27f375536230e5


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.