~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/linux/randomize_kstack.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /include/linux/randomize_kstack.h (Version linux-6.12-rc7) and /include/linux/randomize_kstack.h (Version linux-4.12.14)


  1 /* SPDX-License-Identifier: GPL-2.0-only */         1 
  2 #ifndef _LINUX_RANDOMIZE_KSTACK_H                 
  3 #define _LINUX_RANDOMIZE_KSTACK_H                 
  4                                                   
  5 #ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET             
  6 #include <linux/kernel.h>                         
  7 #include <linux/jump_label.h>                     
  8 #include <linux/percpu-defs.h>                    
  9                                                   
 10 DECLARE_STATIC_KEY_MAYBE(CONFIG_RANDOMIZE_KSTA    
 11                          randomize_kstack_offs    
 12 DECLARE_PER_CPU(u32, kstack_offset);              
 13                                                   
 14 /*                                                
 15  * Do not use this anywhere else in the kernel    
 16  * it provides an arch-agnostic way to grow th    
 17  * alignment. Also, since this use is being ex    
 18  * 10 bits, stack-clash style attacks are unli    
 19  * "VLAs" in Documentation/process/deprecated.    
 20  *                                                
 21  * The normal __builtin_alloca() is initialize    
 22  * only with Clang and not GCC). Initializing     
 23  * entry is expensive, and generating an impli    
 24  * problematic (such as in noinstr functions).    
 25  * supports it (which it should if it initiali    
 26  * "uninitialized" variant of the builtin.        
 27  */                                               
 28 #if __has_builtin(__builtin_alloca_uninitializ    
 29 #define __kstack_alloca __builtin_alloca_unini    
 30 #else                                             
 31 #define __kstack_alloca __builtin_alloca          
 32 #endif                                            
 33                                                   
 34 /*                                                
 35  * Use, at most, 6 bits of entropy (on 64-bit;    
 36  * to keep the "VLA" from being unbounded (see    
 37  * the bottom 4 bits (on 64-bit systems, 2 for    
 38  * alignment will always be at least word size    
 39  * code gen better when it is applying the act    
 40  * the final offset. The resulting randomness     
 41  * constraining usable stack space.               
 42  */                                               
 43 #ifdef CONFIG_64BIT                               
 44 #define KSTACK_OFFSET_MAX(x)    ((x) & 0b11111    
 45 #else                                             
 46 #define KSTACK_OFFSET_MAX(x)    ((x) & 0b11111    
 47 #endif                                            
 48                                                   
 49 /**                                               
 50  * add_random_kstack_offset - Increase stack u    
 51  *                            chosen random of    
 52  *                                                
 53  * This should be used in the syscall entry pa    
 54  * preempt are disabled, and after user regist    
 55  * the stack. For testing the resulting entrop    
 56  * tools/testing/selftests/lkdtm/stack-entropy    
 57  */                                               
 58 #define add_random_kstack_offset() do {           
 59         if (static_branch_maybe(CONFIG_RANDOMI    
 60                                 &randomize_kst    
 61                 u32 offset = raw_cpu_read(ksta    
 62                 u8 *ptr = __kstack_alloca(KSTA    
 63                 /* Keep allocation even after     
 64                 asm volatile("" :: "r"(ptr) :     
 65         }                                         
 66 } while (0)                                       
 67                                                   
 68 /**                                               
 69  * choose_random_kstack_offset - Choose the ra    
 70  *                               add_random_ks    
 71  *                                                
 72  * This should only be used during syscall exi    
 73  * preempt are disabled. This position in the     
 74  * frustrate attacks from userspace attempting    
 75  * - Maximize the timing uncertainty visible f    
 76  *   offset is chosen at syscall entry, usersp    
 77  *   over the timing between choosing offsets.    
 78  *   kernel mode?" tends to be more difficult     
 79  *   will we be in user mode?"                    
 80  * - Reduce the lifetime of the new offset sit    
 81  *   kernel mode execution. Exposure of "threa    
 82  *   (e.g. current, percpu, etc) tends to be e    
 83  *   location memory exposure.                    
 84  */                                               
 85 #define choose_random_kstack_offset(rand) do {    
 86         if (static_branch_maybe(CONFIG_RANDOMI    
 87                                 &randomize_kst    
 88                 u32 offset = raw_cpu_read(ksta    
 89                 offset = ror32(offset, 5) ^ (r    
 90                 raw_cpu_write(kstack_offset, o    
 91         }                                         
 92 } while (0)                                       
 93 #else /* CONFIG_RANDOMIZE_KSTACK_OFFSET */        
 94 #define add_random_kstack_offset()                
 95 #define choose_random_kstack_offset(rand)         
 96 #endif /* CONFIG_RANDOMIZE_KSTACK_OFFSET */       
 97                                                   
 98 #endif                                            
 99                                                   

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php