From patchwork Wed Nov 29 09:42:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yaakov Selkowitz X-Patchwork-Id: 119936 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2831554qgn; Wed, 29 Nov 2017 01:43:28 -0800 (PST) X-Google-Smtp-Source: AGs4zMZMKc5HeBwvtFhx+YZVgxbUkMVG2Udg87Iu70npuZcj4mLxn23cTSBa1H+L0dB3mECL8zIx X-Received: by 10.159.198.148 with SMTP id g20mr2261665plo.89.1511948608516; Wed, 29 Nov 2017 01:43:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511948608; cv=none; d=google.com; s=arc-20160816; b=BS1XE2prAE8TeYf5+Y2yGyX6HKHAjwqvlqzL9kgzHPm5Ke8e8LJvhgJMWzWNTe9iHd k1a16GpdZKcC8ossPJWSO36mWkV4maoNdy2+GV1+irFM1OT8Tv7IBeJuVbk5fCaHad8s +RqB702vunar+6gNGrtSclfeWd7jJSiAJwIqpejvQ8IjlOTHOpcQCZQBvzplup0sQFsD KJgOWO1hjcW7ksoyPgx7EsTg5fj8iVrxOsDx0sa/DFKVwRPHlEYckhIEQqYouWedgtq/ YxSKXzQT3lbX8C0G41mc+yL93sVJw7SfQGWMrDxAc9+kNMipWLp96B8CdPkonqI/CMu4 46/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from:delivered-to :sender:list-help:list-post:list-archive:list-subscribe :list-unsubscribe:list-id:precedence:mailing-list:dkim-signature :domainkey-signature:arc-authentication-results; bh=+syHu05mAOUD4BR2oplzwWJl8p+z/9/z/Yrggl4xxcg=; b=sChcxgXCgmCEJnf3vtXynVgJdrlLrtzzOjFJZdCJE0HOyA2HatxhXL5v5NS3az5z9t 0MBzLLQNP92HW6z+p7/JSWtOM/Hd5jQqZmmek7Q40gky0vU5rD0pkBXUMeUXkAScwkoW u0tlWffa3mwSuMvn9OjEkoWIYw3/uD4+Tde2+gAZGjKG1JwMQ9aaVE8x1yOMUI2WTXrz IOOu1kk1l5nnzpP5H2U6vyXQ0t/ppZulBg/5EAgzxfGUfJyhm6mP9pPG26XC7aBGcexI 7zMX3EHjnXTeJ+5rNuNG2sAD6Z2gHLtXJAoNNLElheNneIY6uHcVmZRLoGWVa4GsZNvr RjNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=er0fTxVr; spf=pass (google.com: domain of newlib-return-15397-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=newlib-return-15397-patch=linaro.org@sourceware.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sourceware.org (server1.sourceware.org. [209.132.180.131]) by mx.google.com with ESMTPS id z1si994015plo.785.2017.11.29.01.43.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Nov 2017 01:43:28 -0800 (PST) Received-SPF: pass (google.com: domain of newlib-return-15397-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=er0fTxVr; spf=pass (google.com: domain of newlib-return-15397-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) smtp.mailfrom=newlib-return-15397-patch=linaro.org@sourceware.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=O0YGhxEw1O2DBvjwGzwNH2lrxEbQNxK jb8QARACm4iZ1ZEocVQebE29v5HmBWw73YF1pQsVOHCV+1vTWIHVWslhG8wnyjtd n8K7CpmOTkl5tx4w8rNhgUKwtnyLmoxKyU+O7K5KZ91EAThkcVjKBf+AlrOZBzYV ULaaqwEes45I= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:in-reply-to :references; s=default; bh=sXstxDTIWxwu26zCDThfP6JvI3Y=; b=er0fT xVrpzqeejybDbm+Sw2mXpvqSJ2MVnKni06riZUTOY8y/mSLF/vOZtwF6xi6HVzAa RfN+rno1jlAFWlJdDJeHzudKo0xw96uU05S+05+yNahFXpDeSYgRSIyhSLWHTiRH 487OvGUSFmKgsRhXW5yRGvwPWlv5Jjuz05APIY= Received: (qmail 66165 invoked by alias); 29 Nov 2017 09:43:15 -0000 Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-owner@sourceware.org Delivered-To: mailing list newlib@sourceware.org Received: (qmail 66140 invoked by uid 89); 29 Nov 2017 09:43:14 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.7 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KB_WAM_FROM_NAME_SINGLEWORD, SPF_HELO_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 29 Nov 2017 09:43:13 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9B5BC256A for ; Wed, 29 Nov 2017 09:43:12 +0000 (UTC) Received: from localhost.localdomain (ovpn-120-11.rdu2.redhat.com [10.10.120.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E84B60BE5 for ; Wed, 29 Nov 2017 09:43:12 +0000 (UTC) From: Yaakov Selkowitz To: newlib@sourceware.org Subject: [PATCH v5 01/10] ssp: add APIs for Stack Smashing Protection Date: Wed, 29 Nov 2017 03:42:51 -0600 Message-Id: <20171129094300.20296-2-yselkowi@redhat.com> In-Reply-To: <20171129094300.20296-1-yselkowi@redhat.com> References: <20171129094300.20296-1-yselkowi@redhat.com> Compiling with any of the -fstack-protector* flags requires the __stack_chk_guard data import (which needs to be initialized) and the __stack_chk_fail{,_local} functions. While GCC's own libssp can provide these, it is better that we provide these ourselves. The implementation is custom due to being OS-specific. Signed-off-by: Yaakov Selkowitz --- newlib/libc/ssp/stack_protector.c | 45 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 newlib/libc/ssp/stack_protector.c -- 2.15.0 diff --git a/newlib/libc/ssp/stack_protector.c b/newlib/libc/ssp/stack_protector.c new file mode 100644 index 000000000..ee014b69d --- /dev/null +++ b/newlib/libc/ssp/stack_protector.c @@ -0,0 +1,45 @@ +#include +#include +#include +#include +#include +#include + +uintptr_t __stack_chk_guard = 0; + +void +__attribute__((__constructor__)) +__stack_chk_init (void) +{ + if (__stack_chk_guard != 0) + return; + +#if defined(__CYGWIN__) || defined(__rtems__) + arc4random_buf(&__stack_chk_guard, sizeof(__stack_chk_guard)); +#else + /* If getentropy is not available, use the "terminator canary". */ + ((unsigned char *)&__stack_chk_guard)[0] = 0; + ((unsigned char *)&__stack_chk_guard)[1] = 0; + ((unsigned char *)&__stack_chk_guard)[2] = '\n'; + ((unsigned char *)&__stack_chk_guard)[3] = 255; +#endif +} + +void +__attribute__((__noreturn__)) +__stack_chk_fail (void) +{ + char msg[] = "*** stack smashing detected ***: terminated\n"; + write (2, msg, strlen (msg)); + raise (SIGABRT); + _exit (127); +} + +#ifdef __ELF__ +void +__attribute__((visibility ("hidden"))) +__stack_chk_fail_local (void) +{ + __stack_chk_fail(); +} +#endif