diff options
author | davidcunado-arm <david.cunado@arm.com> | 2017-04-06 10:20:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-06 10:20:47 +0100 |
commit | ed7562521b8b68e6e3d681c9564cd69afbf93e89 (patch) | |
tree | f15bdf21a1fb1144367a0a9ba5172e0fc141ea4c /include | |
parent | 90e0ffd367c0e06bf42b323e78d7f4e455419a9e (diff) | |
parent | e6d2aea159f4b88fc128ae62432c8fff4b0c2e5f (diff) |
Merge pull request #886 from dp-arm/dp/stack-protector
Add support for GCC stack protection
Diffstat (limited to 'include')
-rw-r--r-- | include/common/aarch32/el3_common_macros.S | 8 | ||||
-rw-r--r-- | include/common/aarch64/el3_common_macros.S | 6 | ||||
-rw-r--r-- | include/common/debug.h | 5 | ||||
-rw-r--r-- | include/lib/utils.h | 14 | ||||
-rw-r--r-- | include/plat/common/platform.h | 14 |
5 files changed, 44 insertions, 3 deletions
diff --git a/include/common/aarch32/el3_common_macros.S b/include/common/aarch32/el3_common_macros.S index f6b7527e..d7e0b3f5 100644 --- a/include/common/aarch32/el3_common_macros.S +++ b/include/common/aarch32/el3_common_macros.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -278,6 +278,12 @@ * --------------------------------------------------------------------- */ bl plat_set_my_stack + +#if STACK_PROTECTOR_ENABLED + .if \_init_c_runtime + bl update_stack_protector_canary + .endif /* _init_c_runtime */ +#endif .endm #endif /* __EL3_COMMON_MACROS_S__ */ diff --git a/include/common/aarch64/el3_common_macros.S b/include/common/aarch64/el3_common_macros.S index e085f9f1..5c6aa069 100644 --- a/include/common/aarch64/el3_common_macros.S +++ b/include/common/aarch64/el3_common_macros.S @@ -283,6 +283,12 @@ * --------------------------------------------------------------------- */ bl plat_set_my_stack + +#if STACK_PROTECTOR_ENABLED + .if \_init_c_runtime + bl update_stack_protector_canary + .endif /* _init_c_runtime */ +#endif .endm #endif /* __EL3_COMMON_MACROS_S__ */ diff --git a/include/common/debug.h b/include/common/debug.h index 41c8df0c..c6f211f3 100644 --- a/include/common/debug.h +++ b/include/common/debug.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2013-2017, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -84,6 +84,9 @@ void __dead2 do_panic(void); #define panic() do_panic() +/* Function called when stack protection check code detects a corrupted stack */ +void __dead2 __stack_chk_fail(void); + void tf_printf(const char *fmt, ...) __printflike(1, 2); #endif /* __ASSEMBLY__ */ diff --git a/include/lib/utils.h b/include/lib/utils.h index 69bbb430..279c9135 100644 --- a/include/lib/utils.h +++ b/include/lib/utils.h @@ -42,6 +42,20 @@ #define BIT(nr) (1UL << (nr)) +#define MIN(x, y) __extension__ ({ \ + __typeof__(x) _x = (x); \ + __typeof__(y) _y = (y); \ + (void)(&_x == &_y); \ + _x < _y ? _x : _y; \ +}) + +#define MAX(x, y) __extension__ ({ \ + __typeof__(x) _x = (x); \ + __typeof__(y) _y = (y); \ + (void)(&_x == &_y); \ + _x > _y ? _x : _y; \ +}) + /* * The round_up() macro rounds up a value to the given boundary in a * type-agnostic yet type-safe manner. The boundary must be a power of two. diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 73bb6431..f13b30d8 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -72,6 +72,16 @@ uintptr_t plat_get_ns_image_entrypoint(void); unsigned int plat_my_core_pos(void); int plat_core_pos_by_mpidr(u_register_t mpidr); +#if STACK_PROTECTOR_ENABLED +/* + * Return a new value to be used for the stack protection's canary. + * + * Ideally, this value is a random number that is impossible to predict by an + * attacker. + */ +u_register_t plat_get_stack_protector_canary(void); +#endif /* STACK_PROTECTOR_ENABLED */ + /******************************************************************************* * Mandatory interrupt management functions ******************************************************************************/ @@ -326,7 +336,7 @@ int platform_setup_pm(const plat_pm_ops_t **); unsigned int plat_get_aff_count(unsigned int, unsigned long); unsigned int plat_get_aff_state(unsigned int, unsigned long); -#else +#else /* __ENABLE_PLAT_COMPAT__ */ /* * The below function enable Trusted Firmware components like SPDs which * haven't migrated to the new platform API to compile on platforms which @@ -335,4 +345,6 @@ unsigned int plat_get_aff_state(unsigned int, unsigned long); unsigned int platform_get_core_pos(unsigned long mpidr) __deprecated; #endif /* __ENABLE_PLAT_COMPAT__ */ + #endif /* __PLATFORM_H__ */ + |