From 0e8081d8e9db8b9482da7e92a72194bfa927223d Mon Sep 17 00:00:00 2001 From: Danny Holman Date: Fri, 21 Jun 2024 23:32:18 -0500 Subject: libk: use a random value for the stack protector Don't hardcode the __stack_chk_guard value, generate a random value (using RDRAND on x86) before running any C code. Signed-off-by: Danny Holman --- arch/i386/boot/boot.s | 29 +++++++++++++++++++++++++++++ libk/stack_protector.c | 8 +++----- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/arch/i386/boot/boot.s b/arch/i386/boot/boot.s index 29a3575..f861699 100644 --- a/arch/i386/boot/boot.s +++ b/arch/i386/boot/boot.s @@ -78,6 +78,8 @@ _start: 4: movl $stack_top, %esp and $-16, %esp + call setup_stack_guard + pushl %ebx pushl %eax call i386_entry @@ -86,6 +88,33 @@ _start: 1: hlt jmp 1b +.global setup_stack_guard +.type setup_stack_guard, @function +setup_stack_guard: + pushl %eax + pushl %ebx + pushl %ecx + + movl $1, %eax + movl $0, %ecx + cpuid + shrl $30, %ecx + andl $1, %ecx + jnz start_loop + jmp fail +start_loop: + rdrand %eax + jc done + loop start_loop +fail: + movl $-1, %eax +done: + movl %eax, __stack_chk_guard + popl %ecx + popl %ebx + popl %eax + ret + .global enable_paging .type enable_paging, @function enable_paging: diff --git a/libk/stack_protector.c b/libk/stack_protector.c index 78d0302..a929ae0 100644 --- a/libk/stack_protector.c +++ b/libk/stack_protector.c @@ -1,11 +1,9 @@ #include #include -#include -#define STACK_CHK_GUARD 0x32E3429E - -uintptr_t __stack_chk_guard = STACK_CHK_GUARD; +uintptr_t __stack_chk_guard; __attribute__((noreturn)) void __stack_chk_fail(void) { - panic("STACK SMASHING IN KERNEL ADDRESS SPACE"); + panic("Detected attempted stack manipulation in kernel"); + while(1); } -- cgit v1.2.3