I'm trying to implement TLS based stack protector in the Linux Kernel.
For that I need to give to GCC the offset at which it will find the
canary (register r2 is pointing to the current task struct).
I have been able to do it with the below patch, but it only works when
include/generated/asm-offsets.h already exists from the start of the build.
Is there a way to evaluate CANARY_OFFSET and add the stack-protector
flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
Or another way of add -mstack-protector-guard-offset=offsetof(struct
task_struct, stack_canary) ?
diff --git a/arch/powerpc/kernel/asm-offsets.c
b/arch/powerpc/kernel/asm-offsets.c
index 89cf15566c4e..b25483946921 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -89,6 +89,9 @@ int main(void)
DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
OFFSET(KSP_LIMIT, thread_struct, ksp_limit);
#endif /* CONFIG_PPC64 */
+#ifdef CONFIG_STACKPROTECTOR
+ DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct,
stack_canary));
+#endif
#ifdef CONFIG_LIVEPATCH
OFFSET(TI_livepatch_sp, thread_info, livepatch_sp);
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index e58c3f467db5..051b907b5c02 100644
[root@pc16082vm linux-powerpc]# git diff
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 748e34e81a03..7b5a23a8afe8 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -113,7 +113,8 @@ KBUILD_ARFLAGS += --target=elf$(BITS)-$(GNUTARGET)
endif
ifdef CONFIG_STACKPROTECTOR
-KBUILD_CFLAGS += -mstack-protector-guard=global
+CANARY_OFFSET := $(shell awk '{if ($$2 == "TSK_STACK_CANARY") print
$$3;}' include/generated/asm-offsets.h)
+KBUILD_CFLAGS += -mstack-protector-guard=tls
-mstack-protector-guard-reg=r2
-mstack-protector-guard-offset=$(CANARY_OFFSET)
endif
LDFLAGS_vmlinux-y := -Bstatic
Thanks
Christophe
