Add support for stack-protector
Add support for stack protector for UBOOT, SPL, and TPL
as well as new pytest for stackprotector
Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com>
Adjust UEFI build flags.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
diff --git a/common/Kconfig b/common/Kconfig
index 0e36dfd..26496f9 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -618,6 +618,23 @@
and the algorithms it supports are defined in common/hash.c. See
also CMD_HASH for command-line access.
+config STACKPROTECTOR
+ bool "Stack Protector buffer overflow detection"
+ default n
+ help
+ Enable stack smash detection through compiler's stack-protector
+ canary logic
+
+config SPL_STACKPROTECTOR
+ bool "Stack Protector buffer overflow detection for SPL"
+ depends on STACKPROTECTOR && SPL
+ default n
+
+config TPL_STACKPROTECTOR
+ bool "Stack Protector buffer overflow detection for TPL"
+ depends on STACKPROTECTOR && TPL
+ default n
+
endmenu
menu "Update support"
diff --git a/common/Makefile b/common/Makefile
index 0952ae2..829ea5f 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -137,6 +137,7 @@
obj-$(CONFIG_$(SPL_TPL_)YMODEM_SUPPORT) += xyzModem.o
obj-$(CONFIG_AVB_VERIFY) += avb_verify.o
+obj-$(CONFIG_$(SPL_TPL_)STACKPROTECTOR) += stackprot.o
obj-$(CONFIG_SCP03) += scp03.o
obj-$(CONFIG_QFW) += qfw.o
diff --git a/common/stackprot.c b/common/stackprot.c
new file mode 100644
index 0000000..d5b7061
--- /dev/null
+++ b/common/stackprot.c
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright 2021 Broadcom
+ */
+
+#include <common.h>
+#include <asm/global_data.h>
+
+DECLARE_GLOBAL_DATA_PTR;
+
+unsigned long __stack_chk_guard = (unsigned long)(0xfeedf00ddeadbeef & ~0UL);
+
+void __stack_chk_fail(void)
+{
+ void *ra;
+
+ ra = __builtin_extract_return_addr(__builtin_return_address(0));
+ panic("Stack smashing detected in function:\n%p relocated from %p",
+ ra, ra - gd->reloc_off);
+}