Ziele Untersuchung
mit Columbo Integrität von
Datenbanken Interaktion und
Portierbarkeit Ergonomie der
Schnittstellen

Angebot Produkte Projekt Beratung

Mittel Analytik Modellierung Sprachen Algebra Logik Hardware Denken Kreativität

Zusammenhänge Gesellschaft Wirtschaft Branche Firma


products/sources/formale Sprachen/C/Linux/kernel/ (Open Source Betriebssystem Version 6.17.9^©) Datei vom 24.10.2025 mit Größe 4 kB

Quelle kstack_erase.c Sprache: C

// SPDX-License-Identifier: GPL-2.0
/*
* This code fills the used part of the kernel stack with a poison value
* before returning to userspace. It's part of the STACKLEAK feature
* ported from grsecurity/PaX.
*
* Author: Alexander Popov <alex.popov@linux.com>
*
* KSTACK_ERASE reduces the information which kernel stack leak bugs can
* reveal and blocks some uninitialized stack variable attacks.
*/

#include <linux/kstack_erase.h>
#include <linux/kprobes.h>

#ifdef CONFIG_KSTACK_ERASE_RUNTIME_DISABLE
#include <linux/jump_label.h>
#include <linux/string_choices.h>
#include <linux/sysctl.h>
#include <linux/init.h>

static DEFINE_STATIC_KEY_FALSE(stack_erasing_bypass);

#ifdef CONFIG_SYSCTL
static int stack_erasing_sysctl(const struct ctl_table *table, int write,
   void __user *buffer, size_t *lenp, loff_t *ppos)
{
int ret = 0;
int state = !static_branch_unlikely(&stack_erasing_bypass);
int prev_state = state;
struct ctl_table table_copy = *table;

table_copy.data = &state;
ret = proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos);
state = !!state;
if (ret || !write || state == prev_state)
  return ret;

if (state)
  static_branch_disable(&stack_erasing_bypass);
else
  static_branch_enable(&stack_erasing_bypass);

pr_warn("stackleak: kernel stack erasing is %s\n",
     str_enabled_disabled(state));
return ret;
}
static const struct ctl_table stackleak_sysctls[] = {
{
  .procname = "stack_erasing",
  .data  = NULL,
  .maxlen  = sizeof(int),
  .mode  = 0600,
  .proc_handler = stack_erasing_sysctl,
  .extra1  = SYSCTL_ZERO,
  .extra2  = SYSCTL_ONE,
},
};

static int __init stackleak_sysctls_init(void)
{
register_sysctl_init("kernel", stackleak_sysctls);
return 0;
}
late_initcall(stackleak_sysctls_init);
#endif /* CONFIG_SYSCTL */

#define skip_erasing() static_branch_unlikely(&stack_erasing_bypass)
#else
#define skip_erasing() false
#endif /* CONFIG_KSTACK_ERASE_RUNTIME_DISABLE */

#ifndef __stackleak_poison
static __always_inline void __stackleak_poison(unsigned long erase_low,
            unsigned long erase_high,
            unsigned long poison)
{
while (erase_low < erase_high) {
  *(unsigned long *)erase_low = poison;
  erase_low += sizeof(unsigned long);
}
}
#endif

static __always_inline void __stackleak_erase(bool on_task_stack)
{
const unsigned long task_stack_low = stackleak_task_low_bound(current);
const unsigned long task_stack_high = stackleak_task_high_bound(current);
unsigned long erase_low, erase_high;

erase_low = stackleak_find_top_of_poison(task_stack_low,
       current->lowest_stack);

#ifdef CONFIG_KSTACK_ERASE_METRICS
current->prev_lowest_stack = erase_low;
#endif

/*
* Write poison to the task's stack between 'erase_low' and
* 'erase_high'.
*
* If we're running on a different stack (e.g. an entry trampoline
* stack) we can erase everything below the pt_regs at the top of the
* task stack.
*
* If we're running on the task stack itself, we must not clobber any
* stack used by this function and its caller. We assume that this
* function has a fixed-size stack frame, and the current stack pointer
* doesn't change while we write poison.
*/
if (on_task_stack)
  erase_high = current_stack_pointer;
else
  erase_high = task_stack_high;

__stackleak_poison(erase_low, erase_high, KSTACK_ERASE_POISON);

/* Reset the 'lowest_stack' value for the next syscall */
current->lowest_stack = task_stack_high;
}

/*
* Erase and poison the portion of the task stack used since the last erase.
* Can be called from the task stack or an entry stack when the task stack is
* no longer in use.
*/
asmlinkage void noinstr stackleak_erase(void)
{
if (skip_erasing())
  return;

__stackleak_erase(on_thread_stack());
}

/*
* Erase and poison the portion of the task stack used since the last erase.
* Can only be called from the task stack.
*/
asmlinkage void noinstr stackleak_erase_on_task_stack(void)
{
if (skip_erasing())
  return;

__stackleak_erase(true);
}

/*
* Erase and poison the portion of the task stack used since the last erase.
* Can only be called from a stack other than the task stack.
*/
asmlinkage void noinstr stackleak_erase_off_task_stack(void)
{
if (skip_erasing())
  return;

__stackleak_erase(false);
}

void __used __no_caller_saved_registers noinstr __sanitizer_cov_stack_depth(void)
{
unsigned long sp = current_stack_pointer;

/*
* Having CONFIG_KSTACK_ERASE_TRACK_MIN_SIZE larger than
* KSTACK_ERASE_SEARCH_DEPTH makes the poison search in
* stackleak_erase() unreliable. Let's prevent that.
*/
BUILD_BUG_ON(CONFIG_KSTACK_ERASE_TRACK_MIN_SIZE > KSTACK_ERASE_SEARCH_DEPTH);

/* 'lowest_stack' should be aligned on the register width boundary */
sp = ALIGN(sp, sizeof(unsigned long));
if (sp < current->lowest_stack &&
     sp >= stackleak_task_low_bound(current)) {
  current->lowest_stack = sp;
}
}
EXPORT_SYMBOL(__sanitizer_cov_stack_depth);

quality93%

¤ Dauer der Verarbeitung: 0.19 Sekunden (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.