5788 Want support for GCC's stack protector in libc

Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Gordon Ross <gordon.w.ross@gmail.com>

18 files changed, 277 insertions, 0 deletions

diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile
index e3b3889305..55fc83ac7f 100644
--- a/usr/src/lib/Makefile
+++ b/usr/src/lib/Makefile
@@ -47,6 +47,7 @@ include ../Makefile.master
 
 # Build libc and its dependencies
 SUBDIRS=			\
+	ssp_ns			\
 	crt			\
 	../cmd/sgs/libconv	\
 	../cmd/sgs/libdl	\
diff --git a/usr/src/lib/libc/amd64/Makefile b/usr/src/lib/libc/amd64/Makefile
index 7ef34a268d..846b260cfd 100644
--- a/usr/src/lib/libc/amd64/Makefile
+++ b/usr/src/lib/libc/amd64/Makefile
@@ -267,6 +267,7 @@ COMSYSOBJS=			\
 	sigprocmsk.o		\
 	sigsendset.o		\
 	sigsuspend.o		\
+	ssp.o			\
 	statfs.o		\
 	statvfs.o		\
 	stty.o			\
diff --git a/usr/src/lib/libc/i386/Makefile.com b/usr/src/lib/libc/i386/Makefile.com
index e9e9479ac9..a45feed38a 100644
--- a/usr/src/lib/libc/i386/Makefile.com
+++ b/usr/src/lib/libc/i386/Makefile.com
@@ -575,6 +575,7 @@ PORTGEN=			\
 	sigsend.o		\
 	sigsetops.o		\
 	ssignal.o		\
+	ssp.o			\
 	stack.o			\
 	stpcpy.o		\
 	stpncpy.o		\
diff --git a/usr/src/lib/libc/inc/thr_uberdata.h b/usr/src/lib/libc/inc/thr_uberdata.h
index c9e2670cc4..7ad0447271 100644
--- a/usr/src/lib/libc/inc/thr_uberdata.h
+++ b/usr/src/lib/libc/inc/thr_uberdata.h
@@ -1318,6 +1318,7 @@ extern	void	_flush_windows(void);
 #define	_flush_windows()
 #endif
 extern	void	set_curthread(void *);
+extern	void	ssp_init(void);
 
 /*
  * Utility function used when waking up many threads (more than MAXLWPS)
diff --git a/usr/src/lib/libc/port/gen/ssp.c b/usr/src/lib/libc/port/gen/ssp.c
new file mode 100644
index 0000000000..81d93829ea
--- /dev/null
+++ b/usr/src/lib/libc/port/gen/ssp.c
@@ -0,0 +1,67 @@
+/*
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source.  A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ */
+
+/*
+ * Copyright 2020 Oxide Computer Company
+ */
+
+#include <upanic.h>
+#include <sys/random.h>
+
+/*
+ * This provides an implementation of the stack protector functions that are
+ * expected by gcc's ssp implementation.
+ *
+ * We attempt to initialize the stack guard with random data, which is our best
+ * protection. If that fails, we'd like to have a guard that is still meaningful
+ * and not totally predictable. The original StackGuard paper suggests using a
+ * terminator canary. To make this a little more difficult, we also use a
+ * portion of the data from gethrtime().
+ *
+ * In a 32-bit environment, we only have four bytes worth of data. We use the
+ * lower two bytes of the gethrtime() value and then use pieces of the
+ * terminator canary, '\n\0'. In a 64-bit environment we use the full four byte
+ * terminator canary and then four bytes of gethrtime.
+ */
+
+/*
+ * Use an array here so it's easier to get the length at compile time.
+ */
+static const char ssp_msg[] = "*** stack smashing detected";
+
+uintptr_t __stack_chk_guard;
+
+void
+ssp_init(void)
+{
+	if (getrandom(&__stack_chk_guard, sizeof (__stack_chk_guard), 0) !=
+	    sizeof (__stack_chk_guard)) {
+		/*
+		 * This failed, attempt to get some data that might let us get
+		 * off the ground.
+		 */
+		hrtime_t t = gethrtime();
+#ifdef	_LP32
+		const uint16_t guard = '\n' << 8 | '\0';
+		__stack_chk_guard = guard  << 16 | (uint16_t)t;
+#else
+		const uint32_t guard = '\r' << 24 | '\n' << 16 | '\0' << 8 |
+		    '\xff';
+		__stack_chk_guard = (uint64_t)guard << 32 | (uint32_t)t;
+#endif
+	}
+}
+
+void
+__stack_chk_fail(void)
+{
+	upanic(ssp_msg, sizeof (ssp_msg));
+}
diff --git a/usr/src/lib/libc/port/mapfile-vers b/usr/src/lib/libc/port/mapfile-vers
index 6a85e0d37e..5223dbc01d 100644
--- a/usr/src/lib/libc/port/mapfile-vers
+++ b/usr/src/lib/libc/port/mapfile-vers
@@ -78,6 +78,13 @@ $if _x86 && _ELF64
 $add amd64
 $endif
 
+SYMBOL_VERSION ILLUMOS_0.37 {
+   global:
+	__stack_chk_guard;
+   protected:
+	__stack_chk_fail;
+} ILLUMOS_0.36;
+
 SYMBOL_VERSION ILLUMOS_0.36 {
     protected:
 	upanic;
diff --git a/usr/src/lib/libc/port/threads/thr.c b/usr/src/lib/libc/port/threads/thr.c
index 2a982eb8c8..4b7d9035b3 100644
--- a/usr/src/lib/libc/port/threads/thr.c
+++ b/usr/src/lib/libc/port/threads/thr.c
@@ -1299,6 +1299,11 @@ libc_init(void)
 	 */
 	if (oldself != NULL && (oldself->ul_primarymap || !primary_link_map)) {
 		__tdb_bootstrap = oldself->ul_uberdata->tdb_bootstrap;
+		/*
+		 * Each link map has its own copy of the stack protector guard
+		 * and must always be initialized.
+		 */
+		ssp_init();
 		mutex_setup();
 		atfork_init();	/* every link map needs atfork() processing */
 		init_progname();
@@ -1439,6 +1444,7 @@ libc_init(void)
 		/* tls_size was zero when oldself was allocated */
 		lfree(oldself, sizeof (ulwp_t));
 	}
+	ssp_init();
 	mutex_setup();
 	atfork_init();
 	signal_init();
diff --git a/usr/src/lib/libc/sparc/Makefile.com b/usr/src/lib/libc/sparc/Makefile.com
index 7308fc64f6..b2c0c36ef7 100644
--- a/usr/src/lib/libc/sparc/Makefile.com
+++ b/usr/src/lib/libc/sparc/Makefile.com
@@ -602,6 +602,7 @@ PORTGEN=			\
 	sigsend.o		\
 	sigsetops.o		\
 	ssignal.o		\
+	ssp.o			\
 	stack.o			\
 	stpcpy.o		\
 	stpncpy.o		\
diff --git a/usr/src/lib/libc/sparcv9/Makefile.com b/usr/src/lib/libc/sparcv9/Makefile.com
index 9b7ff53999..a009541deb 100644
--- a/usr/src/lib/libc/sparcv9/Makefile.com
+++ b/usr/src/lib/libc/sparcv9/Makefile.com
@@ -560,6 +560,7 @@ PORTGEN=			\
 	sigsend.o		\
 	sigsetops.o		\
 	ssignal.o		\
+	ssp.o			\
 	stack.o			\
 	stpcpy.o		\
 	stpncpy.o		\
diff --git a/usr/src/lib/ssp_ns/Makefile b/usr/src/lib/ssp_ns/Makefile
new file mode 100644
index 0000000000..e04e271f66
--- /dev/null
+++ b/usr/src/lib/ssp_ns/Makefile
@@ -0,0 +1,37 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+include		../Makefile.lib
+
+SUBDIRS =	$(MACH)
+$(BUILD64)SUBDIRS +=	$(MACH64)
+
+all :=		TARGET = all
+clean :=	TARGET = clean
+clobber :=	TARGET = clobber
+install :=	TARGET = install
+
+.KEEP_STATE:
+
+all clean clobber: $(SUBDIRS)
+
+install:	$(SUBDIRS)
+
+$(SUBDIRS):  FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+FRC:
+
+include ../Makefile.targ
diff --git a/usr/src/lib/ssp_ns/Makefile.com b/usr/src/lib/ssp_ns/Makefile.com
new file mode 100644
index 0000000000..5ff9bbd913
--- /dev/null
+++ b/usr/src/lib/ssp_ns/Makefile.com
@@ -0,0 +1,40 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+LIBRARY =	libssp_ns.a
+VERS =		.1
+OBJECTS =	ssp_ns.o
+
+include ../../Makefile.lib
+
+#
+# We need to build an archive file; however, this is going to show up
+# and be used in libraries and otherwise. So we need to still build it
+# as position independent code. The Makefile system doesn't want to
+# build a PIC file that's going into a .a file by default, so we have to
+# do a little bit here.
+#
+LIBS =		$(LIBRARY)
+SRCDIR =	../common
+CFLAGS +=	$($(MACH)_C_PICFLAGS)
+
+CLOBBERFILES +=	$(LIBRARY)
+
+.KEEP_STATE:
+
+all:	$(LIBS)
+
+
+include ../../Makefile.targ
diff --git a/usr/src/lib/ssp_ns/amd64/Makefile b/usr/src/lib/ssp_ns/amd64/Makefile
new file mode 100644
index 0000000000..59bd9673ce
--- /dev/null
+++ b/usr/src/lib/ssp_ns/amd64/Makefile
@@ -0,0 +1,19 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+include ../Makefile.com
+include ../../Makefile.lib.64
+
+install: all $(ROOTLIBS64)
diff --git a/usr/src/lib/ssp_ns/common/ssp_ns.c b/usr/src/lib/ssp_ns/common/ssp_ns.c
new file mode 100644
index 0000000000..bf7c45cd90
--- /dev/null
+++ b/usr/src/lib/ssp_ns/common/ssp_ns.c
@@ -0,0 +1,37 @@
+/*
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source.  A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ */
+
+/*
+ * Copyright 2020 Oxide Computer Company
+ */
+
+#include <sys/ccompile.h>
+
+/*
+ * To impement gcc's stack protector library, the compiler emits a function call
+ * to a symbol which can be called absolutely. As a result, to make that happen,
+ * we mimic what gcc does with libssp and create an archive file that can be
+ * used in the specs file to pull this in directly. This is a bit of a pain, but
+ * that's the best we can do given the architecture that we have.
+ *
+ * Warning: This is a static archive. Nothing beyond the call for
+ * __stack_chk_fail_local and calls to committed interfaces should be here. As
+ * this implementation will be linked into programs, one should exercise care to
+ * make sure we don't expose anything else here.
+ */
+
+extern void __stack_chk_fail(void);
+
+void __HIDDEN
+__stack_chk_fail_local(void)
+{
+	__stack_chk_fail();
+}
diff --git a/usr/src/lib/ssp_ns/i386/Makefile b/usr/src/lib/ssp_ns/i386/Makefile
new file mode 100644
index 0000000000..c5a17a19d7
--- /dev/null
+++ b/usr/src/lib/ssp_ns/i386/Makefile
@@ -0,0 +1,18 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+include ../Makefile.com
+
+install: all $(ROOTLIBS)
diff --git a/usr/src/lib/ssp_ns/sparc/Makefile b/usr/src/lib/ssp_ns/sparc/Makefile
new file mode 100644
index 0000000000..c5a17a19d7
--- /dev/null
+++ b/usr/src/lib/ssp_ns/sparc/Makefile
@@ -0,0 +1,18 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+include ../Makefile.com
+
+install: all $(ROOTLIBS)
diff --git a/usr/src/lib/ssp_ns/sparcv9/Makefile b/usr/src/lib/ssp_ns/sparcv9/Makefile
new file mode 100644
index 0000000000..59bd9673ce
--- /dev/null
+++ b/usr/src/lib/ssp_ns/sparcv9/Makefile
@@ -0,0 +1,19 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet at
+# http://www.illumos.org/license/CDDL.
+#
+
+#
+# Copyright 2020 Oxide Computer Company
+#
+
+include ../Makefile.com
+include ../../Makefile.lib.64
+
+install: all $(ROOTLIBS64)
diff --git a/usr/src/pkg/manifests/system-library-c-runtime.mf b/usr/src/pkg/manifests/system-library-c-runtime.mf
index 2151c03897..2b8bd7aafd 100644
--- a/usr/src/pkg/manifests/system-library-c-runtime.mf
+++ b/usr/src/pkg/manifests/system-library-c-runtime.mf
@@ -18,6 +18,7 @@ set name=variant.arch value=$(ARCH)
 file path=usr/lib/$(ARCH64)/crt1.o
 file path=usr/lib/$(ARCH64)/crti.o
 file path=usr/lib/$(ARCH64)/crtn.o
+file path=usr/lib/$(ARCH64)/libssp_ns.a
 file path=usr/lib/$(ARCH64)/values-Xa.o
 file path=usr/lib/$(ARCH64)/values-Xc.o
 file path=usr/lib/$(ARCH64)/values-Xs.o
@@ -27,6 +28,7 @@ file path=usr/lib/$(ARCH64)/values-xpg6.o
 file path=usr/lib/crt1.o
 file path=usr/lib/crti.o
 file path=usr/lib/crtn.o
+file path=usr/lib/libssp_ns.a
 file path=usr/lib/values-Xa.o
 file path=usr/lib/values-Xc.o
 file path=usr/lib/values-Xs.o
diff --git a/usr/src/uts/common/sys/ccompile.h b/usr/src/uts/common/sys/ccompile.h
index de0031d6b0..e687fd99a3 100644
--- a/usr/src/uts/common/sys/ccompile.h
+++ b/usr/src/uts/common/sys/ccompile.h
@@ -160,6 +160,7 @@ extern "C" {
 #define	__unused		__sun_attr__((__unused__))
 #define	__used			__attribute__((__used__))
 #define	__weak_symbol		__attribute__((__weak__))
+#define	__HIDDEN		__attribute__((visibility("hidden")))
 
 #ifdef	__cplusplus
 }