diff options
| author | Joel Peshkin <joel.peshkin@broadcom.com> | 2021-04-11 11:21:58 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-04-20 07:31:12 -0400 |
| commit | 4e9bce12432492aa7a7c2121d9fae1640606ace5 (patch) | |
| tree | ca4ff1ffa3d447d51e945ce4cd9f75f6e80babe9 /common | |
| parent | 1598c83ecec64619379834ec21de8efe2536ac3d (diff) | |
Add support for stack-protector
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'common')
| -rw-r--r-- | common/Kconfig | 17 | ||||
| -rw-r--r-- | common/Makefile | 1 | ||||
| -rw-r--r-- | common/stackprot.c | 20 |
3 files changed, 38 insertions, 0 deletions
diff --git a/common/Kconfig b/common/Kconfig index 0e36dfd236..26496f9a2e 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -618,6 +618,23 @@ config TPL_HASH and the algorithms it supports are defined in common/hash.c. See also CMD_HASH for command-line access. +config STACKPROTECTOR + bool "Stack Protector buffer overflow detection" + default n + help + Enable stack smash detection through compiler's stack-protector + canary logic + +config SPL_STACKPROTECTOR + bool "Stack Protector buffer overflow detection for SPL" + depends on STACKPROTECTOR && SPL + default n + +config TPL_STACKPROTECTOR + bool "Stack Protector buffer overflow detection for TPL" + depends on STACKPROTECTOR && TPL + default n + endmenu menu "Update support" diff --git a/common/Makefile b/common/Makefile index 0952ae23f8..829ea5fb42 100644 --- a/common/Makefile +++ b/common/Makefile @@ -137,6 +137,7 @@ obj-$(CONFIG_CMD_LOADB) += xyzModem.o obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o obj-$(CONFIG_AVB_VERIFY) += avb_verify.o +obj-$(CONFIG_$(SPL_TPL_)STACKPROTECTOR) += stackprot.o obj-$(CONFIG_SCP03) += scp03.o obj-$(CONFIG_QFW) += qfw.o diff --git a/common/stackprot.c b/common/stackprot.c new file mode 100644 index 0000000000..d5b7061665 --- /dev/null +++ b/common/stackprot.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2021 Broadcom + */ + +#include <common.h> +#include <asm/global_data.h> + +DECLARE_GLOBAL_DATA_PTR; + +unsigned long __stack_chk_guard = (unsigned long)(0xfeedf00ddeadbeef & ~0UL); + +void __stack_chk_fail(void) +{ + void *ra; + + ra = __builtin_extract_return_addr(__builtin_return_address(0)); + panic("Stack smashing detected in function:\n%p relocated from %p", + ra, ra - gd->reloc_off); +} |