From 8f6bc7fd10af0a89cc740c29c5812bfd87ccce64 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 27 Jul 2021 14:47:42 +0200
Subject: [PATCH] Kernel: Mark the stack check guard as READONLY_AFTER_INIT

This makes it harder for an exploit to replace the kernel's randomized
canary value since the memory containing it will be mapped read-only.
---
 Kernel/init.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Kernel/init.cpp b/Kernel/init.cpp
index 3dda9f51e5..39d2ec7ed5 100644
--- a/Kernel/init.cpp
+++ b/Kernel/init.cpp
@@ -68,7 +68,7 @@ extern ctor_func_t start_ctors[];
 extern ctor_func_t end_ctors[];
 
 extern size_t __stack_chk_guard;
-size_t __stack_chk_guard;
+READONLY_AFTER_INIT size_t __stack_chk_guard;
 
 extern "C" u8 start_of_safemem_text[];
 extern "C" u8 end_of_safemem_text[];