* [kernel-hardening] [PATCH] use get_random_long for the per-task stack canary
@ 2017-05-04 13:32 ` Daniel Micay
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Micay @ 2017-05-04 13:32 UTC (permalink / raw)
To: Kees Cook, Arjan van Ven, Ingo Molnar, kernel-hardening, LKML
Cc: Daniel Micay, stable
The stack canary is an unsigned long and should be fully initialized to
random data rather than only 32 bits of random data.
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
---
kernel/fork.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 56d85fd81411..ff84ff82f56a 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -537,7 +537,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
set_task_stack_end_magic(tsk);
#ifdef CONFIG_CC_STACKPROTECTOR
- tsk->stack_canary = get_random_int();
+ tsk->stack_canary = get_random_long();
#endif
/*
--
2.12.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] use get_random_long for the per-task stack canary
@ 2017-05-04 13:32 ` Daniel Micay
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Micay @ 2017-05-04 13:32 UTC (permalink / raw)
To: Kees Cook, Arjan van Ven, Ingo Molnar, kernel-hardening, LKML
Cc: Daniel Micay, stable
The stack canary is an unsigned long and should be fully initialized to
random data rather than only 32 bits of random data.
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
---
kernel/fork.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 56d85fd81411..ff84ff82f56a 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -537,7 +537,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
set_task_stack_end_magic(tsk);
#ifdef CONFIG_CC_STACKPROTECTOR
- tsk->stack_canary = get_random_int();
+ tsk->stack_canary = get_random_long();
#endif
/*
--
2.12.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [kernel-hardening] Re: [PATCH] use get_random_long for the per-task stack canary
2017-05-04 13:32 ` Daniel Micay
@ 2017-05-04 13:33 ` Arjan van de Ven
-1 siblings, 0 replies; 7+ messages in thread
From: Arjan van de Ven @ 2017-05-04 13:33 UTC (permalink / raw)
To: Daniel Micay, Kees Cook, Ingo Molnar, kernel-hardening, LKML; +Cc: stable
On 5/4/2017 6:32 AM, Daniel Micay wrote:
> The stack canary is an unsigned long and should be fully initialized to
> random data rather than only 32 bits of random data.
that makes sense to me... ack
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] use get_random_long for the per-task stack canary
@ 2017-05-04 13:33 ` Arjan van de Ven
0 siblings, 0 replies; 7+ messages in thread
From: Arjan van de Ven @ 2017-05-04 13:33 UTC (permalink / raw)
To: Daniel Micay, Kees Cook, Ingo Molnar, kernel-hardening, LKML; +Cc: stable
On 5/4/2017 6:32 AM, Daniel Micay wrote:
> The stack canary is an unsigned long and should be fully initialized to
> random data rather than only 32 bits of random data.
that makes sense to me... ack
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kernel-hardening] [PATCH] use get_random_long for the per-task stack canary
2017-05-04 13:32 ` Daniel Micay
(?)
(?)
@ 2017-05-04 14:04 ` Rik van Riel
2017-05-04 14:29 ` Kees Cook
-1 siblings, 1 reply; 7+ messages in thread
From: Rik van Riel @ 2017-05-04 14:04 UTC (permalink / raw)
To: Daniel Micay, Kees Cook, Arjan van Ven, Ingo Molnar,
kernel-hardening, LKML
Cc: stable
On Thu, 2017-05-04 at 09:32 -0400, Daniel Micay wrote:
> The stack canary is an unsigned long and should be fully initialized
> to
> random data rather than only 32 bits of random data.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Daniel Micay <danielmicay@gmail.com>
>
Acked-by: Rik van Riel <riel@redhat.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [kernel-hardening] [PATCH] use get_random_long for the per-task stack canary
2017-05-04 14:04 ` [kernel-hardening] " Rik van Riel
@ 2017-05-04 14:29 ` Kees Cook
0 siblings, 0 replies; 7+ messages in thread
From: Kees Cook @ 2017-05-04 14:29 UTC (permalink / raw)
To: Daniel Micay, Ingo Molnar
Cc: Rik van Riel, Arjan van Ven, kernel-hardening@lists.openwall.com,
LKML
On Thu, May 4, 2017 at 7:04 AM, Rik van Riel <riel@redhat.com> wrote:
> On Thu, 2017-05-04 at 09:32 -0400, Daniel Micay wrote:
>> The stack canary is an unsigned long and should be fully initialized
>> to
>> random data rather than only 32 bits of random data.
>>
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Daniel Micay <danielmicay@gmail.com>
>>
> Acked-by: Rik van Riel <riel@redhat.com>
Thanks! Ingo, should this go via tip?
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 7+ messages in thread
* [tip:core/urgent] stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms
2017-05-04 13:32 ` Daniel Micay
` (2 preceding siblings ...)
(?)
@ 2017-05-05 8:10 ` tip-bot for Daniel Micay
-1 siblings, 0 replies; 7+ messages in thread
From: tip-bot for Daniel Micay @ 2017-05-05 8:10 UTC (permalink / raw)
To: linux-tip-commits
Cc: mingo, peterz, keescook, torvalds, tglx, linux-kernel, arjan, hpa,
danielmicay, riel
Commit-ID: 5ea30e4e58040cfd6434c2f33dc3ea76e2c15b05
Gitweb: http://git.kernel.org/tip/5ea30e4e58040cfd6434c2f33dc3ea76e2c15b05
Author: Daniel Micay <danielmicay@gmail.com>
AuthorDate: Thu, 4 May 2017 09:32:09 -0400
Committer: Ingo Molnar <mingo@kernel.org>
CommitDate: Fri, 5 May 2017 08:05:13 +0200
stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms
The stack canary is an 'unsigned long' and should be fully initialized to
random data rather than only 32 bits of random data.
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: Rik van Riel <riel@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-hardening@lists.openwall.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20170504133209.3053-1-danielmicay@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
kernel/fork.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/fork.c b/kernel/fork.c
index 3a4343c..d681f8f 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -536,7 +536,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
set_task_stack_end_magic(tsk);
#ifdef CONFIG_CC_STACKPROTECTOR
- tsk->stack_canary = get_random_int();
+ tsk->stack_canary = get_random_long();
#endif
/*
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-05-05 8:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-04 13:32 [kernel-hardening] [PATCH] use get_random_long for the per-task stack canary Daniel Micay
2017-05-04 13:32 ` Daniel Micay
2017-05-04 13:33 ` [kernel-hardening] " Arjan van de Ven
2017-05-04 13:33 ` Arjan van de Ven
2017-05-04 14:04 ` [kernel-hardening] " Rik van Riel
2017-05-04 14:29 ` Kees Cook
2017-05-05 8:10 ` [tip:core/urgent] stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms tip-bot for Daniel Micay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.