Scott Bauer <sba...@eng.utah.edu> writes:
> This patch adds a per-process secret to the task struct which
> will be used during signal delivery and during a sigreturn.
> Also, logic is added in signal.c to generate, place, extract,
> clear and verify the signal cookie.
>
> Cc: Abhiram Balasubramanian <abhi...@cs.utah.edu>
> Signed-off-by: Scott Bauer <sba...@plzdonthack.me>
> Signed-off-by: Scott Bauer <sba...@eng.utah.edu>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 60bba7e..1828fb8 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -1502,6 +1502,13 @@ struct task_struct {
> unsigned long stack_canary;
> #endif
> /*
> + * Canary value for signal frames placed on user stack.
> + * This helps mitigate "Signal Return oriented program"
> + * exploits in userland.
> + */
> + unsigned long sig_cookie;
I suspect we want this to be a per-mm attribute rather than a per-thread
attribute.
Otherwise you are breaking anything that uses a N-M threading model.
Which I suspect means that this implementation choice breaks all go
programs on linux.
> + /*
> * pointers to (original) parent process, youngest child, younger
> sibling,
> * older sibling, respectively. (p->father can be replaced with
> * p->real_parent->pid)
Eric
