729110c12f
This change enables per thread stack canary for RISC-V.
RISC-V GCC accesses the stack canary via a fixed offset from the
thread pointer (tp) when -mstack-protector-guard=tls is used. The
compiler emits code equivalent to:
lw t0, 0(tp) # load canary from tp+0
Additionally, tp is zeroed in arch_kernel_init() when TLS is enabled,
which means any C function called before thread setup completes (such
as z_early_rand_get or data_copy_xip_relocation) would fault trying
to access the canary.
Introduce STACK_CANARIES_TLS_PREPEND, which places the
.stack_chk.guard section at offset 0 of the TLS block, before .tdata
and .tbss. The compiler flags -mstack-protector-guard-reg=tp and
-mstack-protector-guard-offset=0 are passed so GCC generates the
correct canary access.
With STACK_CANARIES_TLS_PREPEND the per-thread TLS block layout is:
tp --> +------------------+ offset 0
| .stack_chk.guard | (__stack_chk_guard)
+------------------+
| .tdata | (initialized TLS data)
+------------------+
| .tbss | (zero-initialized TLS data)
+------------------+
The RISC-V reset path is extended to initialize tp before any C code
runs by allocating a TLS area on the boot stack and calling
arch_riscv_early_tls_stack_update(). Early boot functions that run
before tp is set up (z_early_rand_get, data_copy_xip_relocation) are
marked FUNC_NO_STACK_PROTECTOR to avoid canary access before tp is
valid.
Signed-off-by: Mayur Salve <msalve@qti.qualcomm.com>
69 lines
1.9 KiB
C
69 lines
1.9 KiB
C
/*
|
|
* Copyright (c) 2012-2014 Wind River Systems, Inc.
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
/**
|
|
* @file
|
|
* @brief Compiler stack protection (kernel part)
|
|
*
|
|
* This module provides functions to support compiler stack protection
|
|
* using canaries. This feature is enabled with configuration
|
|
* CONFIG_STACK_CANARIES=y or CONFIG_STACK_CANARIES_STRONG=y or
|
|
* CONFIG_STACK_CANARIES_ALL=y or CONFIG_STACK_CANARIES_EXPLICIT=y.
|
|
*
|
|
* When this feature is enabled, the compiler generated code refers to
|
|
* function __stack_chk_fail and global variable __stack_chk_guard.
|
|
*/
|
|
|
|
#include <zephyr/toolchain.h> /* compiler specific configurations */
|
|
|
|
#include <zephyr/kernel_structs.h>
|
|
#include <zephyr/toolchain.h>
|
|
#include <zephyr/linker/sections.h>
|
|
#include <zephyr/kernel.h>
|
|
#include <zephyr/app_memory/app_memdomain.h>
|
|
|
|
/**
|
|
*
|
|
* @brief Stack canary error handler
|
|
*
|
|
* This function is invoked when a stack canary error is detected.
|
|
*
|
|
* @return Does not return
|
|
*/
|
|
void _StackCheckHandler(void)
|
|
{
|
|
/* Stack canary error is a software fatal condition; treat it as such.
|
|
*/
|
|
z_except_reason(K_ERR_STACK_CHK_FAIL);
|
|
CODE_UNREACHABLE; /* LCOV_EXCL_LINE */
|
|
}
|
|
|
|
/* Global variable */
|
|
|
|
/*
|
|
* Symbol referenced by GCC compiler generated code for canary value.
|
|
* The canary value gets initialized in z_cstart().
|
|
*/
|
|
#ifdef CONFIG_STACK_CANARIES_TLS
|
|
#ifdef CONFIG_STACK_CANARIES_TLS_PREPEND
|
|
__attribute__((section(".stack_chk.guard"))) Z_THREAD_LOCAL volatile uintptr_t __stack_chk_guard;
|
|
#else
|
|
Z_THREAD_LOCAL volatile uintptr_t __stack_chk_guard;
|
|
#endif
|
|
#elif CONFIG_USERSPACE
|
|
K_APP_DMEM(z_libc_partition) volatile uintptr_t __stack_chk_guard;
|
|
#else
|
|
__noinit volatile uintptr_t __stack_chk_guard;
|
|
#endif
|
|
|
|
/**
|
|
*
|
|
* @brief Referenced by GCC compiler generated code
|
|
*
|
|
* This routine is invoked when a stack canary error is detected, indicating
|
|
* a buffer overflow or stack corruption problem.
|
|
*/
|
|
FUNC_ALIAS(_StackCheckHandler, __stack_chk_fail, void);
|