lib: debug: add common stack protection feature in lk
-fstack-protector is added in lk and corresponding
__stack_chk_fail function and __stack_chk_guard.
CRs-Fixed: 671500
Change-Id: I2ac186affa311005c4d727c8cd00a93c8f5014c9
diff --git a/include/debug.h b/include/debug.h
index a9f3237..ae7119e 100644
--- a/include/debug.h
+++ b/include/debug.h
@@ -1,6 +1,8 @@
/*
* Copyright (c) 2008 Travis Geiselbrecht
*
+ * Copyright (c) 2014, The Linux Foundation. All rights reserved.
+ *
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
@@ -67,6 +69,21 @@
#define PANIC_UNIMPLEMENTED panic("%s unimplemented\n", __PRETTY_FUNCTION__)
+void * __stack_chk_guard;
+
+/*
+* Initialize the stack protector canary value.
+*/
+static inline void __stack_chk_guard_setup()
+{
+ void *canary;
+ canary = get_canary();
+ __stack_chk_guard = canary;
+}
+
+void __attribute__ ((noreturn))
+ __stack_chk_fail (void);
+
/* spin the cpu for a period of (short) time */
void spin(uint32_t usecs);
diff --git a/kernel/main.c b/kernel/main.c
index 9999f85..95a4339 100644
--- a/kernel/main.c
+++ b/kernel/main.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2008 Travis Geiselbrecht
*
- * Copyright (c) 2009-2013, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2009-2014, The Linux Foundation. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
@@ -88,6 +88,8 @@
dprintf(SPEW, "initializing heap\n");
heap_init();
+ __stack_chk_guard_setup();
+
// initialize the threading system
dprintf(SPEW, "initializing threads\n");
thread_init();
diff --git a/lib/debug/debug.c b/lib/debug/debug.c
index bdc2d02..84d0678 100644
--- a/lib/debug/debug.c
+++ b/lib/debug/debug.c
@@ -1,6 +1,8 @@
/*
* Copyright (c) 2008 Travis Geiselbrecht
*
+ * Copyright (c) 2014, The Linux Foundation. All rights reserved.
+ *
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
@@ -32,6 +34,13 @@
#include <platform/debug.h>
#include <kernel/thread.h>
#include <kernel/timer.h>
+#include <rand.h>
+
+void __attribute__ ((noreturn))
+__stack_chk_fail (void)
+{
+ panic("stack smashing detected.");
+}
void spin(uint32_t usecs)
{
diff --git a/makefile b/makefile
index c093d3e..d422115 100644
--- a/makefile
+++ b/makefile
@@ -58,11 +58,9 @@
CFLAGS += -D_SIGNED_KERNEL=1
endif
-# When the host arch is ARM, ensure stack protection code is not emitted since
-# it's not supported by the bootloader's libc
-ifneq ($(shell uname -m | grep "arm.*"),)
- CFLAGS += -fno-stack-protector
-endif
+# setup toolchain prefix
+TOOLCHAIN_PREFIX ?= arm-eabi-
+CFLAGS += -fstack-protector-all
CFLAGS += -fno-strict-overflow
CPPFLAGS := -fno-exceptions -fno-rtti -fno-threadsafe-statics
#CPPFLAGS += -Weffc++