Hi Yann,
On Fri, Jan 20, 2023 at 03:09:43PM +0100, Yann Sionneau wrote:
> +#include <linux/random.h>
> +#include <linux/version.h>
> +
> +extern unsigned long __stack_chk_guard;
> +
> +/*
> + * Initialize the stackprotector canary value.
> + *
> + * NOTE: this must only be called from functions that never return,
> + * and it must always be inlined.
> + */
> +static __always_inline void boot_init_stack_canary(void)
> +{
> + unsigned long canary;
> +
> + /* Try to get a semi random initial value. */
> + get_random_bytes(&canary, sizeof(canary));
> + canary ^= LINUX_VERSION_CODE;
> + canary &= CANARY_MASK;
> +
> + current->stack_canary = canary;
> + __stack_chk_guard = current->stack_canary;
> +}
You should rewrite this as:
current->stack_canary = get_random_canary();
__stack_chk_guard = current->stack_canary;
which is what the other archs all now do. (They didn't used to, and this
looks like it's simply based on older code.)
> +#define get_cycles get_cycles
> +
> +#include <asm/sfr.h>
> +#include <asm-generic/timex.h>
> +
> +static inline cycles_t get_cycles(void)
> +{
> + return kvx_sfr_get(PM0);
> +}
Glad to see this CPU has a cycle counter. Out of curiosity, what is
its resolution?
Also, related, does this CPU happen to have a "RDRAND"-like instruction?
(I don't know anything about kvx or even what it is.)
Jason
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
