security: Add option for explicit stack canaries

Add option to enable stack canaries only when explicitely
declared. It adds a new function attribute, __stack_protect, that
can be used to enable stack protection in a function.

Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>

CMakeLists.txt

@@ -177,6 +177,8 @@ if(CONFIG_STACK_CANARIES)
   zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries>)
 elseif(CONFIG_STACK_CANARIES_STRONG)
   zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries_strong>)
+elseif(CONFIG_STACK_CANARIES_EXPLICIT)
+  zephyr_compile_options($<TARGET_PROPERTY:compiler,security_canaries_explicit>)
 endif()
 
 # @Intent: Obtain compiler optimizations flags and store in variables

cmake/compiler/compiler_flags_template.cmake

@@ -93,6 +93,7 @@ set_compiler_property(PROPERTY coverage)
 # Security canaries flags.
 set_compiler_property(PROPERTY security_canaries)
 set_compiler_property(PROPERTY security_canaries_strong)
+set_compiler_property(PROPERTY security_canaries_explicit)
 
 set_compiler_property(PROPERTY security_fortify_compile_time)
 set_compiler_property(PROPERTY security_fortify_run_time)

cmake/compiler/gcc/compiler_flags.cmake

@@ -169,14 +169,17 @@ set_compiler_property(PROPERTY coverage -fprofile-arcs -ftest-coverage -fno-inli
 # Security canaries.
 set_compiler_property(PROPERTY security_canaries -fstack-protector-all)
 set_compiler_property(PROPERTY security_canaries_strong -fstack-protector-strong)
+set_compiler_property(PROPERTY security_canaries_explicit -fstack-protector-explicit)
 
 # Only a valid option with GCC 7.x and above, so let's do check and set.
 if(CONFIG_STACK_CANARIES_TLS)
   check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=tls)
   check_set_compiler_property(APPEND PROPERTY security_canaries_strong -mstack-protector-guard=tls)
+  check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=tls)
 else()
   check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
   check_set_compiler_property(APPEND PROPERTY security_canaries_global -mstack-protector-guard=global)
+  check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=global)
 endif()
 
 

kernel/Kconfig

@@ -907,6 +907,16 @@ config STACK_CANARIES_STRONG
 	  functions that have local array definitiion or have references to local
 	  frame addresses.
 
+config STACK_CANARIES_EXPLICIT
+	bool "Explicit protection"
+	depends on ENTROPY_GENERATOR || TEST_RANDOM_GENERATOR
+	depends on "${ZEPHYR_TOOLCHAIN_VARIANT}" = "zephyr"
+	select NEED_LIBC_MEM_PARTITION if !STACK_CANARIES_TLS
+	select REQUIRES_STACK_CANARIES
+	help
+	  This option enables compiler stack canaries only in functions which have the
+	  stack_protect attribute.
+
 endchoice
 
 if REQUIRES_STACK_CANARIES

kernel/compiler_stack_protect.c

@@ -10,7 +10,8 @@
  *
  * This module provides functions to support compiler stack protection
  * using canaries.  This feature is enabled with configuration
- * CONFIG_STACK_CANARIES=y or CONFIG_STACK_CANARIES_STRONG=y.
+ * CONFIG_STACK_CANARIES=y or CONFIG_STACK_CANARIES_STRONG=y or
+ * CONFIG_STACK_CANARIES_EXPLICIT=y.
  *
  * When this feature is enabled, the compiler generated code refers to
  * function __stack_chk_fail and global variable __stack_chk_guard.