/* * Initialize theStackprotector Canary value. * * Note:this must only be called fromFunctions thatNeverreturn, * and itMust always be inlined. */static __always_inline void boot_init_stack_canary (void) {U64 canary; U64 TSC;#ifdef config_x86_64BUILD_BUG_ON (Offsetof (Union irq_stack_union, stack_canary)! = +);#endif/* * We both use theRandom Pool and theCurrent TSC asA source * ofRandomness. The TSC only matters forVery early init, * thereitalready hassomeRandomness onMost systems. Later * onDuring theBootup theRandom Pool hastrueEntropy too. */get_random_bytes (&canary, sizeof (Canary)); TSC = __NATIVE_READ_TSC (); Canary + + TSC + (TSC << +UL); Current->stack_canary = Canary;#ifdef config_x86_64This_cpu_write (Irq_stack_union.stack_canary, Canary);#elseThis_cpu_write (Stack_canary.canary, Canary);#endif}
This function is primarily used to initialize the value of the "Canary"--canary.
Used to prevent stack overflow attacks.
关于栈溢出攻击,有两篇非常好的文章:http://www.ibm.com/developerworks/cn/linux/l-overflow/http://blog.aliyun.com/1126
Get_random_bytes gets a kernel random number that is assigned to Canary.
__NATIVE_READ_TSC returns a value associated with the TSC.
Tsc:time Stamp Counter, is a Linux under three kinds of clocks, is also a CPU inside a 64-bit register, each CPU clock cycle its value plus 1.
canary += tsc + (tsc << 32UL);
Finally get the value of canary and assign it to the Stack_canary member of current->stack_canary--current process.
There are usually two ways to prevent stack buffer overflow:
1 when a stack buffer overflow occurs, it is detected. thereby preventing the instruction pointer from being changed by malicious code;
2 prevent malicious code attacks without directly detecting stack buffer overflows.
Stack Canary technology belongs to one of the first methods. A stack buffer overflow can be found before the malicious code runs.
When the program starts, the value of Canary is saved before the function return address. Most stack buffer overflow attacks overwrite memory from low to high in memory, so to overwrite return addresses. Canary must be covered.
So before you use the return address, look at the value of the canary. The line confirms whether a stack buffer overflow attack has occurred.
Start_kernel--boot_init_stack_canary