Add stack protector storage to base library

This patch adds the items necessary for building Genode components with
stack protection enabled, but it is not initialized at runtime. They are
provided at the moment as a convenience and do not implement a security
feature.

Fix #3066
This commit is contained in:
Emery Hemingway 2018-11-30 14:13:27 +01:00 committed by Norman Feske
parent 35c17ced72
commit 6819c43a05
3 changed files with 36 additions and 0 deletions

View File

@ -31,6 +31,7 @@ SRC_CC += trace.cc
SRC_CC += root_proxy.cc SRC_CC += root_proxy.cc
SRC_CC += env_session_id_space.cc SRC_CC += env_session_id_space.cc
SRC_CC += vm_session.cc SRC_CC += vm_session.cc
SRC_CC += stack_protector.cc
INC_DIR += $(REP_DIR)/src/include $(BASE_DIR)/src/include INC_DIR += $(REP_DIR)/src/include $(BASE_DIR)/src/include

View File

@ -640,6 +640,8 @@ __cxa_throw_bad_array_new_length T
__cxa_type_match T __cxa_type_match T
__dynamic_cast T __dynamic_cast T
__gxx_personality_v0 T __gxx_personality_v0 T
__stack_chk_guard B 8
__stack_chk_fail W
dl_iterate_phdr T dl_iterate_phdr T
dl_unwind_find_exidx T dl_unwind_find_exidx T
genode_argc D 4 genode_argc D 4

View File

@ -0,0 +1,33 @@
/*
* \brief Stack protector support
* \author Emery Hemingway
* \date 2018-11-30
*
* The following is necessary but not sufficient for stack protection,
* the __stack_chk_guard is initialized to zero and must be reinitialized
* with a nonce to protect against malicious behavior.
*/
/*
* Copyright (C) 2018 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
/* Genode includes */
#include <base/log.h>
#include <base/sleep.h>
extern "C" {
Genode::uint64_t __stack_chk_guard;
__attribute__((noreturn)) __attribute__((weak))
void __stack_chk_fail(void)
{
Genode::error("stack protector check failed");
Genode::sleep_forever();
}
}