Enable basic stack canary.
Change-Id: Iee065af935e9276133779a4bd24089be065a0588
diff --git a/src/BUILD.gn b/src/BUILD.gn
index d7c0d92..6bdf1af 100644
--- a/src/BUILD.gn
+++ b/src/BUILD.gn
@@ -46,6 +46,7 @@
# sharing.
source_set("src_testable") {
sources = [
+ "abort.c",
"api.c",
"cpu.c",
"fdt_handler.c",
@@ -100,6 +101,12 @@
]
}
+source_set("panic") {
+ sources = [
+ "panic.c",
+ ]
+}
+
executable("unit_tests") {
testonly = true
sources = [
diff --git a/src/abort.c b/src/abort.c
new file mode 100644
index 0000000..f16d2f7
--- /dev/null
+++ b/src/abort.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2019 The Hafnium Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "hf/abort.h"
+
+/**
+ * Causes execution to halt and prevent progress of the current and less
+ * privileged software components. This should be triggered when a
+ * non-recoverable event is identified which leaves the system in an
+ * inconsistent state.
+ *
+ * TODO: Should this also reset the system?
+ */
+noreturn void abort(void)
+{
+ /* TODO: Block all CPUs. */
+ for (;;) {
+ }
+}
diff --git a/src/arch/aarch64/BUILD.gn b/src/arch/aarch64/BUILD.gn
index e1d9ebe..5733da7 100644
--- a/src/arch/aarch64/BUILD.gn
+++ b/src/arch/aarch64/BUILD.gn
@@ -47,6 +47,7 @@
source_set("std") {
sources = [
+ "stack_protector.c",
"std.c",
]
}
diff --git a/src/arch/aarch64/stack_protector.c b/src/arch/aarch64/stack_protector.c
new file mode 100644
index 0000000..489bb50
--- /dev/null
+++ b/src/arch/aarch64/stack_protector.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2019 The Hafnium Authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <stdnoreturn.h>
+
+#include "hf/panic.h"
+
+/**
+ * This is the value that is used as the stack canary. It is written to the top
+ * of the stack when entering a function and compared against the stack when
+ * exiting a function. If there is a mismatch, a failure is triggered.
+ *
+ * As the value must be the same at the beginning and end of the function, this
+ * is a global variable and there are multiple CPUs executing concurrently, this
+ * value cannot change after being initialized.
+ *
+ * TODO: initialize to a random value at boot.
+ */
+uint64_t __attribute__((used)) __stack_chk_guard = 0x72afaf72bad0feed;
+
+/**
+ * Called when the stack canary is invalid. The stack can no longer be trusted
+ * so this function must not return.
+ */
+noreturn void __stack_chk_fail(void)
+{
+ panic("stack corruption");
+}
diff --git a/src/panic.c b/src/panic.c
index 17399dc..9c0a4f6 100644
--- a/src/panic.c
+++ b/src/panic.c
@@ -18,10 +18,11 @@
#include <stdarg.h>
+#include "hf/abort.h"
#include "hf/dlog.h"
/**
- * Blocks the hypervisor.
+ * Logs a reason before calling abort.
*
* TODO: Determine if we want to omit strings on non-debug builds.
*/
@@ -29,8 +30,6 @@
{
va_list args;
- /* TODO: Block all CPUs. */
-
dlog("Panic: ");
va_start(args, fmt);
@@ -39,6 +38,5 @@
dlog("\n");
- for (;;) {
- }
+ abort();
}