From 6819c43a05155ce6891e53fc1ef260c3199f5b3a Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Fri, 30 Nov 2018 14:13:27 +0100 Subject: [PATCH] Add stack protector storage to base library This patch adds the items necessary for building Genode components with stack protection enabled, but it is not initialized at runtime. They are provided at the moment as a convenience and do not implement a security feature. Fix #3066 --- repos/base/lib/mk/base-common.inc | 1 + repos/base/lib/symbols/ld | 2 ++ repos/base/src/lib/base/stack_protector.cc | 33 ++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 repos/base/src/lib/base/stack_protector.cc diff --git a/repos/base/lib/mk/base-common.inc b/repos/base/lib/mk/base-common.inc index 637f31542..475f0e461 100644 --- a/repos/base/lib/mk/base-common.inc +++ b/repos/base/lib/mk/base-common.inc @@ -31,6 +31,7 @@ SRC_CC += trace.cc SRC_CC += root_proxy.cc SRC_CC += env_session_id_space.cc SRC_CC += vm_session.cc +SRC_CC += stack_protector.cc INC_DIR += $(REP_DIR)/src/include $(BASE_DIR)/src/include diff --git a/repos/base/lib/symbols/ld b/repos/base/lib/symbols/ld index 7d835345a..16ef9bd5c 100644 --- a/repos/base/lib/symbols/ld +++ b/repos/base/lib/symbols/ld @@ -640,6 +640,8 @@ __cxa_throw_bad_array_new_length T __cxa_type_match T __dynamic_cast T __gxx_personality_v0 T +__stack_chk_guard B 8 +__stack_chk_fail W dl_iterate_phdr T dl_unwind_find_exidx T genode_argc D 4 diff --git a/repos/base/src/lib/base/stack_protector.cc b/repos/base/src/lib/base/stack_protector.cc new file mode 100644 index 000000000..118e3c3d2 --- /dev/null +++ b/repos/base/src/lib/base/stack_protector.cc @@ -0,0 +1,33 @@ +/* + * \brief Stack protector support + * \author Emery Hemingway + * \date 2018-11-30 + * + * The following is necessary but not sufficient for stack protection, + * the __stack_chk_guard is initialized to zero and must be reinitialized + * with a nonce to protect against malicious behavior. + */ + +/* + * Copyright (C) 2018 Genode Labs GmbH + * + * This file is part of the Genode OS framework, which is distributed + * under the terms of the GNU Affero General Public License version 3. + */ + +/* Genode includes */ +#include +#include + +extern "C" { + + Genode::uint64_t __stack_chk_guard; + + __attribute__((noreturn)) __attribute__((weak)) + void __stack_chk_fail(void) + { + Genode::error("stack protector check failed"); + Genode::sleep_forever(); + } + +}