From patchwork Mon Aug  4 15:30:55 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Olivier Martin <olivier.martin@arm.com>
X-Patchwork-Id: 34871
Return-Path: <patchwork-forward+bncBDUNH4HCWYNBBVGO72PAKGQEY72TEIQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-oi0-f69.google.com (mail-oi0-f69.google.com
 [209.85.218.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 4136F21F5F
 for <linaro@patches.linaro.org>; Mon,  4 Aug 2014 15:31:34 +0000 (UTC)
Received: by mail-oi0-f69.google.com with SMTP id h136sf36295227oig.0
 for <linaro@patches.linaro.org>; Mon, 04 Aug 2014 08:31:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:message-id:from:to:references
 :in-reply-to:date:mime-version:thread-index:cc:subject:precedence
 :reply-to:list-id:list-unsubscribe:list-archive:list-post:list-help
 :list-subscribe:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list:content-language
 :content-type;
 bh=0JuIa4HPYMCczq6YreIB81TY/gDLVAHTvOB1F3//pKs=;
 b=gDHZqQPvXR8NXteGUpSOyV/QCSHVWIz+imZdeUbtl45r81+U2WSqrOQc6VAm6x/SNK
 U26qOoeGdV1+RR3I9sxc5u8GdncZmdyllDLCSrZL/q8IMFs7xzWxalxgNgc6O94nsmYT
 l850GfaVm53zlg5RwJn1KLrXJLTmWsHMEtKZollRXDwUC14MLhIj0ZGMxWSfimRydtHK
 XhadXe/tzgjGh6/ormyfKcQnVleTbcxzNvTmGFwmpBTCmPOv+6C2nxfLd/ThJ05OmeOF
 FVwpKXtbR/FqxCYTTixH5SPDktbhn8gEFzAmXwDEwi25ICOeSrxtAT3XOiZIZotQtaXK
 0lFw==
X-Gm-Message-State: ALoCoQmSxTXPVT8ajDMQI4795t8TLqUIs22CWyFsN5QVuaAkjYepXvGUDi72bB4KQ+5o9PgQ27t3
X-Received: by 10.42.235.132 with SMTP id kg4mr35463506icb.22.1407166292694; 
 Mon, 04 Aug 2014 08:31:32 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.101.80 with SMTP id t74ls2145502qge.32.gmail; Mon, 04 Aug
 2014 08:31:32 -0700 (PDT)
X-Received: by 10.52.170.69 with SMTP id ak5mr3418578vdc.63.1407166292418;
 Mon, 04 Aug 2014 08:31:32 -0700 (PDT)
Received: from mail-vc0-f181.google.com (mail-vc0-f181.google.com
 [209.85.220.181]) by mx.google.com with ESMTPS id
 n9si12180906vcx.91.2014.08.04.08.31.32
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 04 Aug 2014 08:31:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.181 as permitted sender) client-ip=209.85.220.181; 
Received: by mail-vc0-f181.google.com with SMTP id lf12so11213081vcb.40
 for <patchwork-forward@linaro.org>;
 Mon, 04 Aug 2014 08:31:32 -0700 (PDT)
X-Received: by 10.52.244.138 with SMTP id xg10mr20568995vdc.40.1407166291929; 
 Mon, 04 Aug 2014 08:31:31 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp313412vcb;
 Mon, 4 Aug 2014 08:31:31 -0700 (PDT)
X-Received: by 10.66.120.99 with SMTP id lb3mr24902465pab.2.1407166290381;
 Mon, 04 Aug 2014 08:31:30 -0700 (PDT)
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88])
 by mx.google.com with ESMTPS id
 n7si41134755icz.38.2014.08.04.08.31.29 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 04 Aug 2014 08:31:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 edk2-devel-bounces@lists.sourceforge.net designates
 216.34.181.88 as permitted sender) client-ip=216.34.181.88; 
Message-ID: <53dfa752.87ac2a0a.0dcb.ffff8062SMTPIN_ADDED_BROKEN@mx.google.com>
Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <edk2-devel-bounces@lists.sourceforge.net>)
 id 1XEKEH-0000s9-LV; Mon, 04 Aug 2014 15:31:17 +0000
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
 helo=mx.sourceforge.net)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <olivier.martin@arm.com>) id 1XEKEF-0000rz-Ol
 for edk2-devel@lists.sourceforge.net; Mon, 04 Aug 2014 15:31:15 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of arm.com
 designates 91.220.42.44 as permitted sender)
 client-ip=91.220.42.44; envelope-from=olivier.martin@arm.com;
 helo=service87.mimecast.com;
Received: from service87.mimecast.com ([91.220.42.44])
 by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
 id 1XEKEA-0002Zh-Jp
 for edk2-devel@lists.sourceforge.net; Mon, 04 Aug 2014 15:31:15 +0000
Received: from cam-owa2.Emea.Arm.com (fw-tnat.cambridge.arm.com
 [217.140.96.21]) by service87.mimecast.com;
 Mon, 04 Aug 2014 16:31:04 +0100
Received: from E102252 ([10.1.255.212]) by cam-owa2.Emea.Arm.com with
 Microsoft SMTPSVC(6.0.3790.3959); Mon, 4 Aug 2014 16:31:03 +0100
From: "Olivier Martin" <olivier.martin@arm.com>
To: "'Gao, Liming'" <liming.gao@intel.com>, "'Andrew Fish'" <afish@apple.com>
References: <1404747833-653-1-git-send-email-olivier.martin@arm.com>
 <1404747833-653-3-git-send-email-olivier.martin@arm.com>
 <4A89E2EF3DFEDB4C8BFDE51014F606A1118B41D7@shsmsx102.ccr.corp.intel.com>
 <74DC89F9-E911-430A-B3D0-4238BAFB4425@apple.com>
 <004d01cf9ab0$382145e0$a863d1a0$@martin@arm.com>
 <4A89E2EF3DFEDB4C8BFDE51014F606A1118B4AD0@shsmsx102.ccr.corp.intel.com>
In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A1118B4AD0@shsmsx102.ccr.corp.intel.com>
Date: Mon, 4 Aug 2014 16:30:55 +0100
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHPmfqXOYjyhNDU2UGe1rBoG/OXF5uVVTfg//+EogCAAMyEgIABY5+ggCmzZ8A=
X-OriginalArrivalTime: 04 Aug 2014 15:31:03.0804 (UTC)
 FILETIME=[1A2F03C0:01CFAFF9]
X-MC-Unique: 114080416310401401
X-Spam-Score: 0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 1.0 MSGID_MULTIPLE_AT Message-ID contains multiple '@' characters
 -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
 sender-domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.0 HTML_MESSAGE           BODY: HTML included in message
X-Headers-End: 1XEKEA-0002Zh-Jp
Cc: edk2-devel@lists.sourceforge.net,
 edk2-buildtools-devel@lists.sourceforge.net
Subject: Re: [edk2] [edk2-buildtools] [PATCH 2/3] MdePkg: Introduced
 BaseStackCheckLib
X-BeenThere: edk2-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: edk2-devel@lists.sourceforge.net
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: edk2-devel-bounces@lists.sourceforge.net
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: olivier.martin@arm.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.181 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541
Content-Language: en-gb

Recommended value does not mean unique value. Anyway, no one has commented
whether this value should be kept in the code or be replaced by a PCD. So, I
will keep the original code.

I will send a new patchset in the next couple of minutes to define this
class instance as NULL instead of BASE.

 

Olivier

 

From: Gao, Liming [mailto:liming.gao@intel.com] 
Sent: 09 July 2014 03:42
To: Olivier Martin; 'Andrew Fish'
Cc: Kinney, Michael D; edk2-buildtools-devel@lists.sourceforge.net;
edk2-devel@lists.sourceforge.net
Subject: RE: [edk2-buildtools] [PATCH 2/3] MdePkg: Introduced
BaseStackCheckLib

 

Martin:

  Per Andrew comment, this value is the recommended constant. If so, we
don't need to  add one PCD for it unless someone has the strong request to
configure it. 

 

Thanks

Liming

From: Olivier Martin [mailto:olivier.martin@arm.com] 
Sent: Tuesday, July 08, 2014 9:26 PM
To: 'Andrew Fish'; Gao, Liming
Cc: Kinney, Michael D; edk2-buildtools-devel@lists.sourceforge.net;
edk2-devel@lists.sourceforge.net
Subject: RE: [edk2-buildtools] [PATCH 2/3] MdePkg: Introduced
BaseStackCheckLib

 

Actually, I was thinking to replace this canary value by a FixedPcd but I do
not remember why I have not done it. I might have just forgot it.

Olivier

 

From: Andrew Fish [mailto:afish@apple.com] 
Sent: 08 July 2014 02:14
To: Gao, Liming
Cc: Olivier Martin; Mike Kinney;
edk2-buildtools-devel@lists.sourceforge.net;
edk2-devel@lists.sourceforge.net
Subject: Re: [edk2-buildtools] [PATCH 2/3] MdePkg: Introduced
BaseStackCheckLib

 

 

On Jul 7, 2014, at 5:40 PM, Gao, Liming <liming.gao@intel.com> wrote:

 

Martin:
 What is 0x0AFF for? Is it an address or a value? 

 

This value is the recommended constant if you can not generate a real random
number for the "canary" value. 

 

It has NULL (will terminate strings), LF, and -1.
http://wiki.osdev.org/GCC_Stack_Smashing_Protector. So it helps contains
read based overruns. 

 

__stack_chk_guard is the "canary" placed on the stack by the compiler.
__stack_check_fail() is called if the "canary" has been over written. These
are both compiler intrinsics.

 

Thanks,

 

Andrew Fish

 

~/work/Compiler>cat stack.c

 

void

test (int i, char v)

{

  char test[0x100];

 

  test[i] = v;

  return; 

}

 

~/work/Compiler>clang -S stack.c

~/work/Compiler>cat stack.S

              .section    __TEXT,__text,regular,pure_instructions

              .globl       _test

              .align        4, 0x90

_test:                                  ## @test

              .cfi_startproc

## BB#0:

              pushq      %rbp

Ltmp2:

              .cfi_def_cfa_offset 16

Ltmp3:

              .cfi_offset %rbp, -16

              movq       %rsp, %rbp

Ltmp4:

              .cfi_def_cfa_register %rbp

              subq        $272, %rsp              ## imm = 0x110

              movb       %sil, %al

              movq       ___stack_chk_guard@GOTPCREL(%rip), %rcx

              movq       (%rcx), %rcx

              movq       %rcx, -8(%rbp)

              movq       ___stack_chk_guard@GOTPCREL(%rip), %rcx

              movl        %edi, -12(%rbp)

              movb       %al, -13(%rbp)

              movb       -13(%rbp), %al

              movslq    -12(%rbp), %rdx

              movb       %al, -272(%rbp,%rdx)

              movq       (%rcx), %rcx

              movq       -8(%rbp), %rdx

              cmpq       %rdx, %rcx

              jne           LBB0_2

## BB#1:                                ## %SP_return

              addq        $272, %rsp              ## imm = 0x110

              popq        %rbp

              ret

LBB0_2:                                 ## %CallStackCheckFailBlk

              callq         ___stack_chk_fail

              .cfi_endproc

 

 

.subsections_via_symbols

 

 

+/// "canary" value that is inserted by the compiler into the stack frame.
+VOID *__stack_chk_guard = (VOID*)0x0AFF;

 And, this library instance is used as NULL class instance. Its library
class should be NULL. 

Thanks
Liming
-----Original Message-----
From: Olivier Martin [mailto:olivier.martin@arm.com] 
Sent: Monday, July 07, 2014 11:44 PM
To: Kinney, Michael D; edk2-buildtools-devel@lists.sourceforge.net
Cc: andrew.fish@apple.com; edk2-devel@lists.sourceforge.net
Subject: [edk2-buildtools] [PATCH 2/3] MdePkg: Introduced BaseStackCheckLib

This library only support GCC and XCode for now.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <andrew.fish@apple.com>
Signed-off-by: Olivier Martin <olivier.martin@arm.com

Change-Id: Ib51239b7d315637fd22c34a9a78a7a830f2ffdc7
---
.../Library/BaseStackCheckLib/BaseStackCheckGcc.c  | 62
++++++++++++++++++++++
.../BaseStackCheckLib/BaseStackCheckLib.inf        | 41 ++++++++++++++
2 files changed, 103 insertions(+)
create mode 100644 MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
create mode 100644 MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf

--
1.8.5


----------------------------------------------------------------------------
--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
new file mode 100644
index 0000000..9ec76d8
--- /dev/null
+++ b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
@@ -0,0 +1,62 @@
+/** @file
+ Base Stack Check library for GCC/clang.
+
+ Use -fstack-protector-all compiler flag to make the compiler insert 
+ the __stack_chk_guard "canary" value into the stack and check the 
+ value prior to exiting the function. If the "canary" is overwritten 
+ __stack_chk_fail() is called. This is GCC specific code.
+
+ Copyright (c) 2012, Apple Inc. All rights reserved.<BR> This program 
+ and the accompanying materials are licensed and made available under 
+ the terms and conditions of the BSD License which accompanies this 
+ distribution.  The full text of the license may be found at 
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED.
+
+**/
+
+#include <Base.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+
+VOID
+__stack_chk_fail (
+ VOID
+ );
+
+
+/// "canary" value that is inserted by the compiler into the stack frame.
+VOID *__stack_chk_guard = (VOID*)0x0AFF;
+
+// If ASLR was enabled we could use
+//void (*__stack_chk_guard)(void) = __stack_chk_fail;
+
+/**
+ Error path for compiler generated stack "canary" value check code. If 
+the  stack canary has been overwritten this function gets called on 
+exit of the  function.
+**/
+VOID
+__stack_chk_fail (
+ VOID
+ )
+{
+  UINT8 DebugPropertyMask;
+
+  DEBUG ((DEBUG_ERROR, "STACK FAULT: Buffer Overflow in function 
+ %a.\n", __builtin_return_address(0)));
+
+  //
+  // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings even 
+if
+  // BaseDebugLibNull is in use.
+  //
+  DebugPropertyMask = PcdGet8 (PcdDebugPropertyMask);
+  if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_BREAKPOINT_ENABLED) != 0)
{
+    CpuBreakpoint ();
+  } else if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_DEADLOOP_ENABLED)
!= 0) {
+   CpuDeadLoop ();
+  }
+}
+
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
new file mode 100644
index 0000000..4e2285d
--- /dev/null
+++ b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
@@ -0,0 +1,41 @@
+## @file
+#  Stack Check Library
+#
+#  Copyright (c) 2014, ARM Ltd. All rights reserved.<BR> # #  This 
+program and the accompanying materials #  are licensed and made 
+available under the terms and conditions of the BSD License #  which 
+accompanies this distribution. The full text of the license may be 
+found at #  http://opensource.org/licenses/bsd-license.php.
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" 
+BASIS, #  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
OR IMPLIED.
+#
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseStackCheckLib
+  FILE_GUID                      = 5f6579f7-b648-4fdb-9f19-4c17e27e8eff
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseStackCheckLib
+
+
+#
+#  VALID_ARCHITECTURES           = ARM AARCH64
+#
+
+[Sources]
+  BaseStackCheckGcc.c | GCC
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+
+[Pcd]
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask
+