diff --git a/Makefile.defines b/Makefile.defines index 509009a25..7147f9e49 100644 --- a/Makefile.defines +++ b/Makefile.defines @@ -88,6 +88,10 @@ ifneq ($(ENABLE_SDK_WERROR),0) CFLAGS += -Werror endif +LDLIBS += -Wl,--wrap=__stack_chk_fail, -Wl,--wrap=__stack_chk_init +CFLAGS += -fstack-protector-strong +AFLAGS += -fstack-protector-strong + CFLAGS += -fdata-sections -ffunction-sections -funsigned-char -fshort-enums -fstack-usage CFLAGS += -mno-unaligned-access CFLAGS += -fropi diff --git a/src/stack_protector_init.S b/src/stack_protector_init.S index da865c261..b0d0448a5 100644 --- a/src/stack_protector_init.S +++ b/src/stack_protector_init.S @@ -10,17 +10,22 @@ .global __wrap___stack_chk_init .thumb_func __wrap___stack_chk_init: + // if r0 != 0, skip initialization and jump directly to main + // (don't overwrite parent canary during a libcall) + cmp r0, #0 + bne 1f + // save arguments passed to main push {r0-r3} // call cx_get_random_bytes(&__stack_chk_guard, sizeof(__stack_chk_guard)); // we can't use the function cx_get_random_bytes because of PIC ldr r0, =SYSCALL_cx_get_random_bytes_ID - ldr r2, =__stack_chk_guard + mov r2, r9 movs r3, #4 push {r2-r3} mov r1, sp - svc 1 + bl SVC_Call pop {r2-r3} // restore arguments diff --git a/target/apex_m/script.ld b/target/apex_m/script.ld index 29954d801..11a7916b6 100644 --- a/target/apex_m/script.ld +++ b/target/apex_m/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -105,6 +107,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -126,6 +131,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/apex_p/script.ld b/target/apex_p/script.ld index 29954d801..11a7916b6 100644 --- a/target/apex_p/script.ld +++ b/target/apex_p/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -105,6 +107,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -126,6 +131,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/flex/script.ld b/target/flex/script.ld index 02c5e1bc6..0af862f1b 100644 --- a/target/flex/script.ld +++ b/target/flex/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -108,6 +110,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -129,6 +134,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/nanos2/script.ld b/target/nanos2/script.ld index 809f6b729..ad034137a 100644 --- a/target/nanos2/script.ld +++ b/target/nanos2/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -107,6 +109,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -128,6 +133,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/nanox/script.ld b/target/nanox/script.ld index 932db68e9..4062031f9 100644 --- a/target/nanox/script.ld +++ b/target/nanox/script.ld @@ -115,10 +115,10 @@ SECTIONS /** * Place RAM uninitialized variables */ - _bss = .; __stack_chk_guard = .; PROVIDE(__stack_chk_guard = .); . += 4; + _bss = .; *(.bss*) _ebss = .; @@ -139,6 +139,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/stax/script.ld b/target/stax/script.ld index 02c5e1bc6..825f8304f 100644 --- a/target/stax/script.ld +++ b/target/stax/script.ld @@ -48,8 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ - *(.boot*) + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ _code = .; @@ -108,6 +109,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -129,6 +133,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/