开启内核栈保护选项CONFIG_CC_STACKPROTECTOR_STRONG,编译内核模块时不生效
各位大侠帮忙看下为什没有插入栈保护指令,谢谢! 具体操作如下:
在ubuntu16.04(gcc-5.3.1, linux-4.4.0 )下,默认开启CONFIG_CC_STACKPROTECTOR_STRONG。
编译内核模块,Makefile和源文件stack.c如下:
Makefile:
obj-m = stack.o
KERNELDIR=/usr/src/kernels/4.4.0-21-generic/build
all:
make -C $(KERNELDIR) M=$(shell pwd) modules
clean:
make -C $(KERNELDIR) M=$(shell pwd) clean
stack.c:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/string.h>
static int func(void)
{
char buf[8];
memset(buf, 0, 64);
return 0;
}
static int __init stack_init(void)
{
printk("stack init .......\n");
func();
return 0;
}
static void __exit stack_exit(void)
{
printk("stack exit ......\n");
return;
}
module_init(stack_init);
module_exit(stack_exit);
MODULE_LICENSE("GPL");
将编译出来的stack.ko进行反汇编,发现没有添加插入栈保护指令(canary):
#objdump -d stack.ko
stack.ko: file format elf64-x86-64
Disassembly of section .init.text:
0000000000000000 <init_module>:
0: 55 push %rbp
1: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
8: 48 89 e5 mov %rsp,%rbp
b: e8 00 00 00 00 callq 10 <init_module+0x10>
10: 31 c0 xor %eax,%eax
12: 5d pop %rbp
13: c3 retq
Disassembly of section .exit.text:
0000000000000000 <cleanup_module>:
0: 55 push %rbp
1: 48 c7 c7 00 00 00 00 mov $0x0,%rdi
8: 48 89 e5 mov %rsp,%rbp
b: e8 00 00 00 00 callq 10 <cleanup_module+0x10>
10: 5d pop %rbp
11: c3 retq
#objdump -r stack.ko
stack.ko: file format elf64-x86-64
RELOCATION RECORDS FOR [.init.text]:
OFFSET TYPE VALUE
0000000000000004 R_X86_64_32S .rodata.str1.1
000000000000000c R_X86_64_PC32 printk-0x0000000000000004
RELOCATION RECORDS FOR [.exit.text]:
OFFSET TYPE VALUE
0000000000000004 R_X86_64_32S .rodata.str1.1+0x0000000000000014
000000000000000c R_X86_64_PC32 printk-0x0000000000000004
RELOCATION RECORDS FOR [.gnu.linkonce.this_module]:
OFFSET TYPE VALUE
0000000000000180 R_X86_64_64 init_module
0000000000000338 R_X86_64_64 cleanup_module