security: Add option for explicit stack canaries

Add option to enable stack canaries only when explicitely declared. It adds a new function attribute, __stack_protect, that can be used to enable stack protection in a function. Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
2024-11-25 15:46:26 -08:00 · 2024-11-25 15:46:26 -08:00 · 0236f7c9aa
commit 0236f7c9aa
parent 82ace41da4
5 changed files with 18 additions and 1 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -177,6 +177,8 @@ if(CONFIG_STACK_CANARIES)
  zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries>)
 elseif(CONFIG_STACK_CANARIES_STRONG)
  zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries_strong>)
+elseif(CONFIG_STACK_CANARIES_EXPLICIT)
+  zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries_explicit>)
 endif()

 # @Intent: Obtain compiler optimizations flags and store in variables
--- a/cmake/compiler/compiler_flags_template.cmake
+++ b/cmake/compiler/compiler_flags_template.cmake
@ -93,6 +93,7 @@ set_compiler_property(PROPERTY coverage)
 # Security canaries flags.
 set_compiler_property(PROPERTY security_canaries)
 set_compiler_property(PROPERTY security_canaries_strong)
+set_compiler_property(PROPERTY security_canaries_explicit)

 set_compiler_property(PROPERTY security_fortify_compile_time)
 set_compiler_property(PROPERTY security_fortify_run_time)
--- a/cmake/compiler/gcc/compiler_flags.cmake
+++ b/cmake/compiler/gcc/compiler_flags.cmake
@ -169,14 +169,17 @@ set_compiler_property(PROPERTY coverage -fprofile-arcs -ftest-coverage -fno-inli
 # Security canaries.
 set_compiler_property(PROPERTY security_canaries -fstack-protector-all)
 set_compiler_property(PROPERTY security_canaries_strong -fstack-protector-strong)
+set_compiler_property(PROPERTY security_canaries_explicit -fstack-protector-explicit)

 # Only a valid option with GCC 7.x and above, so let's do check and set.
 if(CONFIG_STACK_CANARIES_TLS)
  check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=tls)
  check_set_compiler_property(APPEND PROPERTY security_canaries_strong -mstack-protector-guard=tls)
+  check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=tls)
 else()
  check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
  check_set_compiler_property(APPEND PROPERTY security_canaries_global -mstack-protector-guard=global)
+  check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=global)
 endif()


--- a/kernel/Kconfig
+++ b/kernel/Kconfig
@ -907,6 +907,16 @@ config STACK_CANARIES_STRONG
 	  functions that have local array definitiion or have references to local
 	  frame addresses.

+config STACK_CANARIES_EXPLICIT
+	bool "Explicit protection"
+	depends on ENTROPY_GENERATOR || TEST_RANDOM_GENERATOR
+	depends on "${ZEPHYR_TOOLCHAIN_VARIANT}" = "zephyr"
+	select NEED_LIBC_MEM_PARTITION if !STACK_CANARIES_TLS
+	select REQUIRES_STACK_CANARIES
+	help
+	  This option enables compiler stack canaries only in functions which have the
+	  stack_protect attribute.
+
 endchoice

 if REQUIRES_STACK_CANARIES
--- a/kernel/compiler_stack_protect.c
+++ b/kernel/compiler_stack_protect.c
@ -10,7 +10,8 @@
 *
 * This module provides functions to support compiler stack protection
 * using canaries.  This feature is enabled with configuration
- * CONFIG_STACK_CANARIES=y or CONFIG_STACK_CANARIES_STRONG=y.
+ * CONFIG_STACK_CANARIES=y or CONFIG_STACK_CANARIES_STRONG=y or
+ * CONFIG_STACK_CANARIES_EXPLICIT=y.
 *
 * When this feature is enabled, the compiler generated code refers to
 * function __stack_chk_fail and global variable __stack_chk_guard.