On 1/10/21 4:39 PM, Joel Peshkin wrote:
Cc: Simon Glass <s...@chromium.org>
Cc: Bin Meng <bmeng...@gmail.com>
Cc: Jagan Teki <ja...@amarulasolutions.com>
Cc: Kever Yang <kever.y...@rock-chips.com>
Cc: Heinrich Schuchardt <xypron.g...@gmx.de>
Cc: AKASHI Takahiro <takahiro.aka...@linaro.org>
Cc: Usama Arif <usama.a...@arm.com>
Cc: Sam Protsenko <joe.s...@gmail.com>
Cc: Masahiro Yamada <masahi...@kernel.org>
Cc: Philippe Reynes <philippe.rey...@softathome.com>
Cc: Eugeniu Rosca <roscaeuge...@gmail.com>
Cc: Jan Kiszka <jan.kis...@siemens.com>

Signed-off-by: Joel Peshkin <joel.pesh...@broadcom.com>

---

  Makefile             |  4 ++++
  common/Kconfig       | 15 +++++++++++++++
  common/Makefile      |  2 ++
  common/stackprot.c   | 17 +++++++++++++++++
  scripts/Makefile.spl |  6 ++++++
  5 files changed, 44 insertions(+)
  create mode 100644 common/stackprot.c

diff --git a/Makefile b/Makefile
index 3ee4cc00dd..6e7a81ec7d 100644
--- a/Makefile
+++ b/Makefile
@@ -677,7 +677,11 @@ else
  KBUILD_CFLAGS += -O2
  endif

+ifeq ($(CONFIG_STACKPROTECTOR),y)
+KBUILD_CFLAGS += $(call cc-option,-fstack-protector-strong)
+else
  KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
+endif
  KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks)

  # disable stringop warnings in gcc 8+
diff --git a/common/Kconfig b/common/Kconfig
index 2bce8c9ba1..e30c3c4ab8 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -595,6 +595,21 @@ config TPL_HASH
          and the algorithms it supports are defined in common/hash.c. See
          also CMD_HASH for command-line access.

+config STACKPROTECTOR
+       bool "Stack Protector buffer overflow detection"
+       default n
+       help
+         Enable stack smash detection through gcc built-in stack-protector
+         canary logic
+
+config SPL_STACKPROTECTOR
+       bool "Stack Protector buffer overflow detection for SPL"
+       default n
+
+config TPL_STACKPROTECTOR
+       bool "Stack Protector buffer overflow detection for SPL"

%s/SPL/TPL/

+       default n
+
  endmenu

  menu "Update support"
diff --git a/common/Makefile b/common/Makefile
index bcf352d016..fe71e18317 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -138,3 +138,5 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o
  obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o

  obj-$(CONFIG_AVB_VERIFY) += avb_verify.o
+obj-$(CONFIG_$(SPL_TPL_)STACKPROTECTOR) += stackprot.o
+
diff --git a/common/stackprot.c b/common/stackprot.c
new file mode 100644
index 0000000000..7c95b8544f
--- /dev/null
+++ b/common/stackprot.c
@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ *  Copyright 2021 Broadcom
+ */
+
+#include <common.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+unsigned long __stack_chk_guard = 0xfeedf00ddeadbeef;
+
+void __stack_chk_fail(void)

The standalone EFI binaries are compiled with -fstack-protector-strong
when selecting CONFIG_STACKPROTECTOR.

Do we need a function __stack_chk_fail) in
lib/efi_selftest/efi_freestanding.c and
lib/efi_loader/efi_freestanding.c too?

Could you, please, provide unit tests demonstrating that the stack
protection is actually working SPL, main U-Boot, and the EFI binaries.

Best regards

Heinrich

+{
+       panic("Stack smashing detected in function: %p relocated from %p",
+             __builtin_return_address(0),
+             __builtin_return_address(0) - gd->reloc_off);
+}
diff --git a/scripts/Makefile.spl b/scripts/Makefile.spl
index 9f1f7445d7..1505e4e851 100644
--- a/scripts/Makefile.spl
+++ b/scripts/Makefile.spl
@@ -63,6 +63,12 @@ include $(srctree)/scripts/Makefile.lib
  KBUILD_CFLAGS += -ffunction-sections -fdata-sections
  LDFLAGS_FINAL += --gc-sections

+ifeq ($(CONFIG_$(SPL_TPL_)STACKPROTECTOR),y)
+KBUILD_CFLAGS += -fstack-protector-strong
+else
+KBUILD_CFLAGS += -fno-stack-protector
+endif
+
  # FIX ME
  cpp_flags := $(KBUILD_CPPFLAGS) $(PLATFORM_CPPFLAGS) $(UBOOTINCLUDE) \
                                                        $(NOSTDINC_FLAGS)


Reply via email to