lib: stackprot: don't directly write stack protector from HWRNG driver

get_crypto_bytes itself or some function it calls down to the driver may
require a stack protector, so passing the address of the stack protector
value down may end up tripping the stack protector during function
return.

To avoid this, let's write the stack protector in a function
chain that eithr has stack protector disabled or that never returns.

This fixes a crash using the virtio RNG driver to generate the stack
protector.

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Link: https://lore.barebox.org/20231009115239.2291016-4-a.fatoum@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

1 files changed, 6 insertions, 2 deletions

diff --git a/lib/stackprot.c b/lib/stackprot.c
index c1cc19aadd..7a8d0a4c10 100644
--- a/lib/stackprot.c
+++ b/lib/stackprot.c
@@ -16,7 +16,7 @@
 
 void __stack_chk_fail(void);
 
-unsigned long __stack_chk_guard = (unsigned long)(0xfeedf00ddeadbeef & ~0UL);
+volatile ulong __stack_chk_guard = (ulong)(0xfeedf00ddeadbeef & ~0UL);
 
 /*
  * Called when gcc's -fstack-protector feature is used, and
@@ -30,11 +30,15 @@ EXPORT_SYMBOL(__stack_chk_fail);
 
 static __no_stack_protector int stackprot_randomize_guard(void)
 {
+	ulong chk_guard;
 	int ret;
 
-	ret = get_crypto_bytes(&__stack_chk_guard, sizeof(__stack_chk_guard));
+	ret = get_crypto_bytes(&chk_guard, sizeof(chk_guard));
 	if (ret)
 		pr_warn("proceeding without randomized stack protector\n");
+	else
+		__stack_chk_guard = chk_guard;
+
 	return 0;
 }
 late_initcall(stackprot_randomize_guard);