Browse Source

Merge pull request #6176 from kaspar030/add_ssp_support

sys: add ssp support
master
Kaspar Schleiser 5 years ago committed by GitHub
parent
commit
44fc2c6a2a
  1. 1
      core/include/panic.h
  2. 1
      cpu/k60/Makefile.include
  3. 53
      cpu/k60/ssp.c
  4. 4
      sys/Makefile.include
  5. 12
      sys/doc.txt
  6. 1
      sys/ssp/Makefile
  7. 3
      sys/ssp/Makefile.include
  8. 33
      sys/ssp/ssp.c
  9. 14
      tests/ssp/Makefile
  10. 45
      tests/ssp/main.c

1
core/include/panic.h

@ -48,6 +48,7 @@ typedef enum {
#endif
PANIC_DUMMY_HANDLER, /**< unhandled interrupt */
#endif
PANIC_SSP, /**< stack smashing protector failure */
PANIC_UNDEFINED
} core_panic_t;

1
cpu/k60/Makefile.include

@ -18,6 +18,5 @@ export COMMON_STARTUP = $(KINETIS_COMMON)
# add the CPU specific system calls implementations for the linker
export UNDEF += $(BINDIR)/cpu/vectors.o
export UNDEF += $(BINDIR)/cpu/ssp.o
include $(RIOTMAKE)/arch/cortexm.inc.mk

53
cpu/k60/ssp.c

@ -1,53 +0,0 @@
/*
* Copyright (C) 2015 Eistec AB
*
* This file is subject to the terms and conditions of the GNU Lesser General
* Public License v2.1. See the file LICENSE in the top level directory for more
* details.
*/
#include "cpu.h"
/**
* @ingroup cpu_k60
* @{
*
* @file
* @brief Implementation of stack smashing protection helper functions used by GCC's -fstack-protector
*
* @author Joakim Nohlgård <joakim.nohlgard@eistec.se>
*/
void *__stack_chk_guard = 0;
void __stack_chk_guard_setup(void)
{
unsigned char *p;
p = (unsigned char *) &__stack_chk_guard;
/* TODO: This should be replaced by a random number to use as a canary value */
p[0] = 0;
p[1] = 0;
p[2] = '\n';
p[3] = 255;
}
/*
* Arrange so that the __stack_chk_guard_setup function is called during
* early init.
*/
void __attribute__((section(".preinit_array")))(*preinit__stack_chk_guard_setup[])(void) = {__stack_chk_guard_setup};
/**
* @brief Handler for stack smashing protection failure.
*
* This is called if the SSP checks fail, which means that the stack has been
* corrupted.
*/
void __attribute__((noreturn)) __stack_chk_fail(void)
{
__asm__ volatile ("bkpt #1");
while (1);
}
/** @} */

4
sys/Makefile.include

@ -83,4 +83,8 @@ ifneq (,$(filter printf_float,$(USEMODULE)))
endif
endif
ifneq (,$(filter ssp,$(USEMODULE)))
include $(RIOTBASE)/sys/ssp/Makefile.include
endif
INCLUDES += -I$(RIOTBASE)/sys/libc/include

12
sys/doc.txt

@ -10,3 +10,15 @@
* @defgroup sys System
* @brief System library contains tools and utilities that make RIOT an actual operating system
*/
/**
* @defgroup sys_ssp Stack Smashing Protector
* @ingroup sys
* @brief Stack Smashing protector
*
* This module implements necessary helper functions that enable RIOT to make
* use of GCC's stack smashing protector (SSP).
*
* See http://wiki.osdev.org/Stack_Smashing_Protector for a more detailed
* description.
*/

1
sys/ssp/Makefile

@ -0,0 +1 @@
include $(RIOTBASE)/Makefile.base

3
sys/ssp/Makefile.include

@ -0,0 +1,3 @@
ifneq (,$(filter ssp,$(USEMODULE)))
CFLAGS += -fstack-protector
endif

33
sys/ssp/ssp.c

@ -0,0 +1,33 @@
/*
* Copyright (C) 2016 Kaspar Schleiser <kaspar@schleiser.de>
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @{
*
* @ingroup sys
* @file
* @brief Stack Smashing Protector (SSP) helper functions
*
* @author Kaspar Schleiser <kaspar@schleiser.de>
*
* @}
*/
#include <stdint.h>
#include "panic.h"
/* this should be randomized for each build */
#define STACK_CHK_GUARD 0x595e9fbd94fda766
uintptr_t __stack_chk_guard = (uintptr_t) STACK_CHK_GUARD;
__attribute__((noreturn)) void __stack_chk_fail(void)
{
core_panic(PANIC_SSP, "ssp: stack smashing detected");
}

14
tests/ssp/Makefile

@ -0,0 +1,14 @@
APPLICATION = ssp
include ../Makefile.tests_common
# avr8, msp430 and mips don't support ssp (yet)
BOARD_BLACKLIST := arduino-mega2560 waspmote-pro arduino-uno arduino-duemilanove \
chronos msb-430 msb-430h telosb wsn430-v1_3b wsn430-v1_4 z1 \
pic32-clicker pic32-wifire
USEMODULE += ssp
# set DEVELHELP so the board halts after crash
CFLAGS += -DDEVELHELP
include $(RIOTBASE)/Makefile.include

45
tests/ssp/main.c

@ -0,0 +1,45 @@
/*
* Copyright (C) 2016 Kaspar Schleiser <kaspar@schleiser.de>
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup tests
* @{
*
* @file
* @brief ssp test application
*
* This test should crash badly when *not* using the ssp module, and panic if
* using it.
*
* @author Kaspar Schleiser <kaspar@schleiser.de>
*
* @}
*/
#include <stdio.h>
#include <string.h>
void test_func(void)
{
char buf[16];
/* cppcheck-suppress bufferAccessOutOfBounds
* (reason: deliberately overflowing stack) */
memset(buf, 0, 32);
}
int main(void)
{
puts("calling stack corruption function");
test_func();
puts("back to main");
return 0;
}
Loading…
Cancel
Save