From f7a618abe15f3144ebadef7a58193d53d3d8fb6b Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 22 Mar 2021 22:02:54 +0000 Subject: [PATCH] ia64: avoid stack corruption by stack canary (ia64's stacks grow both ways) ia64 has no fixed "top of stack": it has two stacks growing towards one another: memory stack and register backing store stack. Attempt to place canary to "top" corrupts value of one of these two stack. Drop canary write (and check) entirely. --- include/linux/sched/task_stack.h | 3 +-- kernel/fork.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/include/linux/sched/task_stack.h b/include/linux/sched/task_stack.h index 2413427e439c..431d007d6423 100644 --- a/include/linux/sched/task_stack.h +++ b/include/linux/sched/task_stack.h @@ -75,8 +75,7 @@ static inline void *try_get_task_stack(struct task_struct *tsk) static inline void put_task_stack(struct task_struct *tsk) {} #endif -#define task_stack_end_corrupted(task) \ - (*(end_of_stack(task)) != STACK_END_MAGIC) +#define task_stack_end_corrupted(task) 0 static inline int object_is_on_stack(const void *obj) { diff --git a/kernel/fork.c b/kernel/fork.c index bc94b2cc5995..81c85be6f0b5 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -856,7 +856,7 @@ void set_task_stack_end_magic(struct task_struct *tsk) unsigned long *stackend; stackend = end_of_stack(tsk); - *stackend = STACK_END_MAGIC; /* for overflow detection */ + //*stackend = STACK_END_MAGIC; /* for overflow detection */ } static struct task_struct *dup_task_struct(struct task_struct *orig, int node) -- 2.32.0