Start_kernel--boot_init_stack_canary

Source: Internet
Author: User

/* * Initialize theStackprotector Canary value. * * Note:this must only be called fromFunctions thatNeverreturn, * and itMust always be inlined.    */static __always_inline void boot_init_stack_canary (void) {U64 canary; U64 TSC;#ifdef config_x86_64BUILD_BUG_ON (Offsetof (Union irq_stack_union, stack_canary)! = +);#endif/* * We both use theRandom Pool and  theCurrent TSC asA source * ofRandomness. The TSC only matters forVery early init, * thereitalready hassomeRandomness onMost systems. Later * onDuring theBootup theRandom Pool hastrueEntropy too.    */get_random_bytes (&canary, sizeof (Canary));    TSC = __NATIVE_READ_TSC (); Canary + + TSC + (TSC << +UL); Current->stack_canary = Canary;#ifdef config_x86_64This_cpu_write (Irq_stack_union.stack_canary, Canary);#elseThis_cpu_write (Stack_canary.canary, Canary);#endif}

This function is primarily used to initialize the value of the "Canary"--canary.
Used to prevent stack overflow attacks.

关于栈溢出攻击,有两篇非常好的文章:http://www.ibm.com/developerworks/cn/linux/l-overflow/http://blog.aliyun.com/1126

Get_random_bytes gets a kernel random number that is assigned to Canary.


__NATIVE_READ_TSC returns a value associated with the TSC.


Tsc:time Stamp Counter, is a Linux under three kinds of clocks, is also a CPU inside a 64-bit register, each CPU clock cycle its value plus 1.

canary += tsc + (tsc << 32UL);

Finally get the value of canary and assign it to the Stack_canary member of current->stack_canary--current process.

There are usually two ways to prevent stack buffer overflow:
1 when a stack buffer overflow occurs, it is detected. thereby preventing the instruction pointer from being changed by malicious code;
2 prevent malicious code attacks without directly detecting stack buffer overflows.

Stack Canary technology belongs to one of the first methods. A stack buffer overflow can be found before the malicious code runs.


When the program starts, the value of Canary is saved before the function return address. Most stack buffer overflow attacks overwrite memory from low to high in memory, so to overwrite return addresses. Canary must be covered.
So before you use the return address, look at the value of the canary. The line confirms whether a stack buffer overflow attack has occurred.

Start_kernel--boot_init_stack_canary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.