On Tue, Apr 25, 2023 at 06:59:29AM -0400, Joel Fernandes wrote:
> > I'm a little confused; the way I understand the whole stack protector
> > thing to work is that we push a canary on the stack at call and on
> > return check it is still valid. Since in general tasks randomly migrate,
> > the per-cpu validation canary should be the same on all CPUs.
> AFAICS, the canary is randomly chosen both in the kernel [1]. This
Yes, at boot, once. But thereafter it should be the same for all CPUs.
> also appears to be the case in glibc. That makes sense because you
> don't want the canary to be something that the attacker can easily
> predict and store on the stack to bypass buffer overflow attacks:
>
> [1] kernel :
> /*
> * Initialize the stackprotector canary value.
> *
> * NOTE: this must only be called from functions that never return,
> * and it must always be inlined.
> */
> static __always_inline void boot_init_stack_canary(void)
> {
> unsigned long canary = get_random_canary();
>
> current->stack_canary = canary;
> #ifdef CONFIG_PPC64
> get_paca()->canary = canary;
> #endif
> }
>
> thanks,
>
> - Joel
