diff options
| author | Dan McDonald <danmcd@joyent.com> | 2020-11-17 14:48:44 -0500 |
|---|---|---|
| committer | Dan McDonald <danmcd@joyent.com> | 2020-11-17 14:48:44 -0500 |
| commit | 2d6415143e9c1044d04ebf846f72f232883413cb (patch) | |
| tree | 555fae9f2f89b0c9a4d8c4bbd66b02b70ded9fc7 /usr/src/lib/libc/port/gen | |
| parent | 5a1b3228538dfeb09e05cc2bdfad707ee4d698d7 (diff) | |
| parent | 5a0af8165ce9590e7a18f1ef4f9badc4dd72c6e6 (diff) | |
| download | illumos-joyent-release-20201119.tar.gz | |
[illumos-gate merge]release-20201119
commit 5a0af8165ce9590e7a18f1ef4f9badc4dd72c6e6
13274 enable -fstack-protector-strong by default in user land
commit 6a817834d81cc75ce12d0d393320837b1fec1e85
5788 Want support for GCC's stack protector in libc
commit 350ffdd54baf880f440ddf9697666e283894ded1
13273 want upanic(2)
commit 7fdea60d55a95f0e46066fd021c4ef1b1321bafc
13300 mlxcx_cq_setup() doesn't take required locks for ASSERTs
Merge notes:
- Manifest changes to match package changes (including shipping libssp_ns.a)
- Modified lx_vdso tools to not include SSP, to match other build-only tools.
Diffstat (limited to 'usr/src/lib/libc/port/gen')
| -rw-r--r-- | usr/src/lib/libc/port/gen/ssp.c | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/usr/src/lib/libc/port/gen/ssp.c b/usr/src/lib/libc/port/gen/ssp.c new file mode 100644 index 0000000000..81d93829ea --- /dev/null +++ b/usr/src/lib/libc/port/gen/ssp.c @@ -0,0 +1,67 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2020 Oxide Computer Company + */ + +#include <upanic.h> +#include <sys/random.h> + +/* + * This provides an implementation of the stack protector functions that are + * expected by gcc's ssp implementation. + * + * We attempt to initialize the stack guard with random data, which is our best + * protection. If that fails, we'd like to have a guard that is still meaningful + * and not totally predictable. The original StackGuard paper suggests using a + * terminator canary. To make this a little more difficult, we also use a + * portion of the data from gethrtime(). + * + * In a 32-bit environment, we only have four bytes worth of data. We use the + * lower two bytes of the gethrtime() value and then use pieces of the + * terminator canary, '\n\0'. In a 64-bit environment we use the full four byte + * terminator canary and then four bytes of gethrtime. + */ + +/* + * Use an array here so it's easier to get the length at compile time. + */ +static const char ssp_msg[] = "*** stack smashing detected"; + +uintptr_t __stack_chk_guard; + +void +ssp_init(void) +{ + if (getrandom(&__stack_chk_guard, sizeof (__stack_chk_guard), 0) != + sizeof (__stack_chk_guard)) { + /* + * This failed, attempt to get some data that might let us get + * off the ground. + */ + hrtime_t t = gethrtime(); +#ifdef _LP32 + const uint16_t guard = '\n' << 8 | '\0'; + __stack_chk_guard = guard << 16 | (uint16_t)t; +#else + const uint32_t guard = '\r' << 24 | '\n' << 16 | '\0' << 8 | + '\xff'; + __stack_chk_guard = (uint64_t)guard << 32 | (uint32_t)t; +#endif + } +} + +void +__stack_chk_fail(void) +{ + upanic(ssp_msg, sizeof (ssp_msg)); +} |