OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hv: refine set_fs_base() function 

Leave canary of stack protector untouched on pCPU
 if it has been initialized, instead of generating a new one.

Tracked-On: #8577
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
This commit is contained in:
Yonghua Huang 2024-04-15 18:33:01 +08:00 committed by acrnsi-robot
parent d5d21fdc1b
commit 7bcd9d783e
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hypervisor/arch/x86/security.c
View File

@ -214,9 +214,22 @@ uint64_t get_random_value(void)
#ifdef STACK_PROTECTOR
void set_fs_base(void)
{
int retry;
struct stack_canary *psc = &get_cpu_var(stk_canary);
psc->canary = get_random_value();
/*
* 1) Leave initialized canary untouched when this function
* is called again such as on resuming from S3.
* 2) Do some retries in case 'get_random_value()' returns 0.
*/
for (retry = 0; (retry < 5) && (psc->canary == 0UL); retry++) {
psc->canary = get_random_value();
}
if (psc->canary == 0UL) {
panic("Failed to setup stack protector!");
}
msr_write(MSR_IA32_FS_BASE, (uint64_t)psc);
}
#endif