libk: use a random value for the stack protector

Don't hardcode the __stack_chk_guard value, generate a random value
(using RDRAND on x86) before running any C code.

Signed-off-by: Danny Holman <dholman@gymli.org>

2 files changed, 32 insertions, 5 deletions

diff --git a/arch/i386/boot/boot.s b/arch/i386/boot/boot.s
index 29a3575..f861699 100644
--- a/arch/i386/boot/boot.s
+++ b/arch/i386/boot/boot.s
@@ -78,6 +78,8 @@ _start:
 4:      movl $stack_top, %esp
         and $-16, %esp
 
+        call setup_stack_guard
+
         pushl %ebx
         pushl %eax
         call i386_entry
@@ -86,6 +88,33 @@ _start:
 1:      hlt
         jmp 1b
 
+.global setup_stack_guard
+.type setup_stack_guard, @function
+setup_stack_guard:
+        pushl %eax
+        pushl %ebx
+        pushl %ecx
+
+        movl $1, %eax
+        movl $0, %ecx
+        cpuid
+        shrl $30, %ecx
+        andl $1, %ecx
+        jnz start_loop
+        jmp fail
+start_loop:
+        rdrand %eax
+        jc done
+        loop start_loop
+fail:
+        movl $-1, %eax
+done:
+        movl %eax, __stack_chk_guard
+        popl %ecx
+        popl %ebx
+        popl %eax
+        ret
+
 .global enable_paging
 .type enable_paging, @function
 enable_paging:
diff --git a/libk/stack_protector.c b/libk/stack_protector.c
index 78d0302..a929ae0 100644
--- a/libk/stack_protector.c
+++ b/libk/stack_protector.c
@@ -1,11 +1,9 @@
 #include <kernel/panic.h>
 #include <stdint.h>
-#include <stddef.h>
 
-#define STACK_CHK_GUARD 0x32E3429E
-
-uintptr_t __stack_chk_guard = STACK_CHK_GUARD;
+uintptr_t __stack_chk_guard;
 
 __attribute__((noreturn)) void __stack_chk_fail(void) {
-        panic("STACK SMASHING IN KERNEL ADDRESS SPACE");
+        panic("Detected attempted stack manipulation in kernel");
+        while(1);
 }