diff options
author | Danny Holman <dholman@gymli.org> | 2024-06-21 23:32:18 -0500 |
---|---|---|
committer | Danny Holman <dholman@gymli.org> | 2024-06-21 23:32:18 -0500 |
commit | 0e8081d8e9db8b9482da7e92a72194bfa927223d (patch) | |
tree | a8250c2071b1af527d896b718827ff7081cb5b56 | |
parent | 2f224cdeadc380037cb74c10fc65d17aac05b730 (diff) |
libk: use a random value for the stack protector
Don't hardcode the __stack_chk_guard value, generate a random value
(using RDRAND on x86) before running any C code.
Signed-off-by: Danny Holman <dholman@gymli.org>
-rw-r--r-- | arch/i386/boot/boot.s | 29 | ||||
-rw-r--r-- | libk/stack_protector.c | 8 |
2 files changed, 32 insertions, 5 deletions
diff --git a/arch/i386/boot/boot.s b/arch/i386/boot/boot.s index 29a3575..f861699 100644 --- a/arch/i386/boot/boot.s +++ b/arch/i386/boot/boot.s @@ -78,6 +78,8 @@ _start: 4: movl $stack_top, %esp and $-16, %esp + call setup_stack_guard + pushl %ebx pushl %eax call i386_entry @@ -86,6 +88,33 @@ _start: 1: hlt jmp 1b +.global setup_stack_guard +.type setup_stack_guard, @function +setup_stack_guard: + pushl %eax + pushl %ebx + pushl %ecx + + movl $1, %eax + movl $0, %ecx + cpuid + shrl $30, %ecx + andl $1, %ecx + jnz start_loop + jmp fail +start_loop: + rdrand %eax + jc done + loop start_loop +fail: + movl $-1, %eax +done: + movl %eax, __stack_chk_guard + popl %ecx + popl %ebx + popl %eax + ret + .global enable_paging .type enable_paging, @function enable_paging: diff --git a/libk/stack_protector.c b/libk/stack_protector.c index 78d0302..a929ae0 100644 --- a/libk/stack_protector.c +++ b/libk/stack_protector.c @@ -1,11 +1,9 @@ #include <kernel/panic.h> #include <stdint.h> -#include <stddef.h> -#define STACK_CHK_GUARD 0x32E3429E - -uintptr_t __stack_chk_guard = STACK_CHK_GUARD; +uintptr_t __stack_chk_guard; __attribute__((noreturn)) void __stack_chk_fail(void) { - panic("STACK SMASHING IN KERNEL ADDRESS SPACE"); + panic("Detected attempted stack manipulation in kernel"); + while(1); } |