sys: add initial SSP support

core/include/panic.h

@@ -48,6 +48,7 @@ typedef enum {
 #endif
     PANIC_DUMMY_HANDLER,     /**< unhandled interrupt */
 #endif
+    PANIC_SSP,               /**< stack smashing protector failure */
     PANIC_UNDEFINED
 } core_panic_t;
 

sys/Makefile.include

@@ -83,4 +83,8 @@ ifneq (,$(filter printf_float,$(USEMODULE)))
     endif
 endif
 
+ifneq (,$(filter ssp,$(USEMODULE)))
+    include $(RIOTBASE)/sys/ssp/Makefile.include
+endif
+
 INCLUDES += -I$(RIOTBASE)/sys/libc/include

sys/doc.txt

@@ -10,3 +10,15 @@
  * @defgroup    sys System
  * @brief       System library contains tools and utilities that make RIOT an actual operating system
  */
+
+/**
+ * @defgroup    sys_ssp Stack Smashing Protector
+ * @ingroup     sys
+ * @brief       Stack Smashing protector
+ *
+ * This module implements necessary helper functions that enable RIOT to make
+ * use of GCC's stack smashing protector (SSP).
+ *
+ * See http://wiki.osdev.org/Stack_Smashing_Protector for a more detailed
+ * description.
+ */

sys/ssp/Makefile

@@ -0,0 +1 @@
+include $(RIOTBASE)/Makefile.base

sys/ssp/Makefile.include

@@ -0,0 +1,3 @@
+ifneq (,$(filter ssp,$(USEMODULE)))
+    CFLAGS += -fstack-protector
+endif

sys/ssp/ssp.c

@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2016 Kaspar Schleiser <kaspar@schleiser.de>
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @{
+ *
+ * @ingroup     sys
+ * @file
+ * @brief       Stack Smashing Protector (SSP) helper functions
+ *
+ * @author      Kaspar Schleiser <kaspar@schleiser.de>
+ *
+ * @}
+ */
+
+#include <stdint.h>
+
+#include "panic.h"
+
+/* this should be randomized for each build */
+#define STACK_CHK_GUARD 0x595e9fbd94fda766
+
+uintptr_t __stack_chk_guard = (uintptr_t) STACK_CHK_GUARD;
+
+__attribute__((noreturn)) void __stack_chk_fail(void)
+{
+    core_panic(PANIC_SSP, "ssp: stack smashing detected");
+}