Merge pull request #886 from dp-arm/dp/stack-protector

Add support for GCC stack protection
author: davidcunado-arm <david.cunado@arm.com> 2017-04-06 10:20:47 +0100
committer: GitHub <noreply@github.com> 2017-04-06 10:20:47 +0100
commit: ed7562521b8b68e6e3d681c9564cd69afbf93e89 (patch)
tree: f15bdf21a1fb1144367a0a9ba5172e0fc141ea4c /include
parent: 90e0ffd367c0e06bf42b323e78d7f4e455419a9e (diff)
parent: e6d2aea159f4b88fc128ae62432c8fff4b0c2e5f (diff)
5 files changed, 44 insertions, 3 deletions
diff --git a/include/common/aarch32/el3_common_macros.S b/include/common/aarch32/el3_common_macros.S
index f6b7527e..d7e0b3f5 100644
--- a/include/common/aarch32/el3_common_macros.S
+++ b/include/common/aarch32/el3_common_macros.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -278,6 +278,12 @@
 	 * ---------------------------------------------------------------------
 	 */
 	bl	plat_set_my_stack
+
+#if STACK_PROTECTOR_ENABLED
+	.if \_init_c_runtime
+	bl	update_stack_protector_canary
+	.endif /* _init_c_runtime */
+#endif
 	.endm
 
 #endif /* __EL3_COMMON_MACROS_S__ */
diff --git a/include/common/aarch64/el3_common_macros.S b/include/common/aarch64/el3_common_macros.S
index e085f9f1..5c6aa069 100644
--- a/include/common/aarch64/el3_common_macros.S
+++ b/include/common/aarch64/el3_common_macros.S
@@ -283,6 +283,12 @@
 	 * ---------------------------------------------------------------------
 	 */
 	bl	plat_set_my_stack
+
+#if STACK_PROTECTOR_ENABLED
+	.if \_init_c_runtime
+	bl	update_stack_protector_canary
+	.endif /* _init_c_runtime */
+#endif
 	.endm
 
 #endif /* __EL3_COMMON_MACROS_S__ */
diff --git a/include/common/debug.h b/include/common/debug.h
index 41c8df0c..c6f211f3 100644
--- a/include/common/debug.h
+++ b/include/common/debug.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -84,6 +84,9 @@
 void __dead2 do_panic(void);
 #define panic()	do_panic()
 
+/* Function called when stack protection check code detects a corrupted stack */
+void __dead2 __stack_chk_fail(void);
+
 void tf_printf(const char *fmt, ...) __printflike(1, 2);
 
 #endif /* __ASSEMBLY__ */
diff --git a/include/lib/utils.h b/include/lib/utils.h
index 69bbb430..279c9135 100644
--- a/include/lib/utils.h
+++ b/include/lib/utils.h
@@ -42,6 +42,20 @@
 
 #define BIT(nr)				(1UL << (nr))
 
+#define MIN(x, y) __extension__ ({	\
+	__typeof__(x) _x = (x);		\
+	__typeof__(y) _y = (y);		\
+	(void)(&_x == &_y);		\
+	_x < _y ? _x : _y;		\
+})
+
+#define MAX(x, y) __extension__ ({	\
+	__typeof__(x) _x = (x);		\
+	__typeof__(y) _y = (y);		\
+	(void)(&_x == &_y);		\
+	_x > _y ? _x : _y;		\
+})
+
 /*
  * The round_up() macro rounds up a value to the given boundary in a
  * type-agnostic yet type-safe manner. The boundary must be a power of two.
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 73bb6431..f13b30d8 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -72,6 +72,16 @@ uintptr_t plat_get_ns_image_entrypoint(void);
 unsigned int plat_my_core_pos(void);
 int plat_core_pos_by_mpidr(u_register_t mpidr);
 
+#if STACK_PROTECTOR_ENABLED
+/*
+ * Return a new value to be used for the stack protection's canary.
+ *
+ * Ideally, this value is a random number that is impossible to predict by an
+ * attacker.
+ */
+u_register_t plat_get_stack_protector_canary(void);
+#endif /* STACK_PROTECTOR_ENABLED */
+
 /*******************************************************************************
  * Mandatory interrupt management functions
  ******************************************************************************/
@@ -326,7 +336,7 @@ int platform_setup_pm(const plat_pm_ops_t **);
 
 unsigned int plat_get_aff_count(unsigned int, unsigned long);
 unsigned int plat_get_aff_state(unsigned int, unsigned long);
-#else
+#else /* __ENABLE_PLAT_COMPAT__ */
 /*
  * The below function enable Trusted Firmware components like SPDs which
  * haven't migrated to the new platform API to compile on platforms which
@@ -335,4 +345,6 @@ unsigned int plat_get_aff_state(unsigned int, unsigned long);
 unsigned int platform_get_core_pos(unsigned long mpidr) __deprecated;
 
 #endif /* __ENABLE_PLAT_COMPAT__ */
+
 #endif /* __PLATFORM_H__ */
+
author	davidcunado-arm <david.cunado@arm.com>	2017-04-06 10:20:47 +0100
committer	GitHub <noreply@github.com>	2017-04-06 10:20:47 +0100
commit	ed7562521b8b68e6e3d681c9564cd69afbf93e89 (patch)
tree	f15bdf21a1fb1144367a0a9ba5172e0fc141ea4c /include
parent	90e0ffd367c0e06bf42b323e78d7f4e455419a9e (diff)
parent	e6d2aea159f4b88fc128ae62432c8fff4b0c2e5f (diff)