From patchwork Tue Aug  5 09:48:23 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Olivier Martin <olivier.martin@arm.com>
X-Patchwork-Id: 34902
Return-Path: <patchwork-forward+bncBDUNH4HCWYNBBBORQKPQKGQEOBRFCMQ@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-oa0-f69.google.com (mail-oa0-f69.google.com
 [209.85.219.69])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 7493520523
 for <linaro@patches.linaro.org>; Tue,  5 Aug 2014 09:48:55 +0000 (UTC)
Received: by mail-oa0-f69.google.com with SMTP id i7sf3023995oag.4
 for <linaro@patches.linaro.org>; Tue, 05 Aug 2014 02:48:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:cc:subject
 :precedence:reply-to:list-id:list-unsubscribe:list-archive:list-post
 :list-help:list-subscribe:mime-version:errors-to:x-original-sender
 :x-original-authentication-results:mailing-list:content-type
 :content-transfer-encoding;
 bh=AUXOjqcUDe+dPjDUFZM59PWGaF70zuua7H8i3SXy0Cg=;
 b=K7V9UE56v1Jnwr8bdlCWh7pZFEHhpvvTIdxgh1jgg9TdzRwu7d0kvK4CpNt6sEn+1T
 GmA3EjlEEXR3OCRS8WlaGhYf0f7LNNuJ5MSCdr7LoVXhWLRpneuxqcOTH95OQH9H/pQI
 zFN5l1tWqSnqFprmLIkFjSvEjdA7KE/JohZuXr8lHPHG9iEzyDfQHm3fgi5iFhpQmVzk
 I07E41sEwUI02YBd7yIbJg/fYrvxjPTzeIFn6GFjDTIXJpw6Bd/6Ck/8JuFj4iKE81rS
 M68TRozK+FzSntAi7bE2WjOkdj5Ik7UA6HjXy5OCD6zQ5mJLyjmKHN2GOyJHeSAoKurT
 TNQw==
X-Gm-Message-State: ALoCoQmTP4fkbUe+w1LY1rrcRS+SL+19eo+n1ZV3yRcp26cbAz2PzyDUS/P0MOPBqDCvHPJwx7j0
X-Received: by 10.182.91.97 with SMTP id cd1mr1404213obb.33.1407232133790;
 Tue, 05 Aug 2014 02:48:53 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.88.199 with SMTP id t65ls236275qgd.93.gmail; Tue, 05 Aug
 2014 02:48:53 -0700 (PDT)
X-Received: by 10.53.13.200 with SMTP id fa8mr1720763vdd.57.1407232133625;
 Tue, 05 Aug 2014 02:48:53 -0700 (PDT)
Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com
 [209.85.220.173])
 by mx.google.com with ESMTPS id e4si709741vdw.49.2014.08.05.02.48.53
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 05 Aug 2014 02:48:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.173 as permitted sender) client-ip=209.85.220.173; 
Received: by mail-vc0-f173.google.com with SMTP id hy10so1018659vcb.32
 for <patchwork-forward@linaro.org>;
 Tue, 05 Aug 2014 02:48:53 -0700 (PDT)
X-Received: by 10.220.163.69 with SMTP id z5mr2224402vcx.10.1407232133496;
 Tue, 05 Aug 2014 02:48:53 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.221.37.5 with SMTP id tc5csp370851vcb;
 Tue, 5 Aug 2014 02:48:52 -0700 (PDT)
X-Received: by 10.42.84.141 with SMTP id m13mr4216096icl.38.1407232132415;
 Tue, 05 Aug 2014 02:48:52 -0700 (PDT)
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88])
 by mx.google.com with ESMTPS id
 p16si2854236ici.29.2014.08.05.02.48.51 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Tue, 05 Aug 2014 02:48:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 edk2-devel-bounces@lists.sourceforge.net designates
 216.34.181.88 as permitted sender) client-ip=216.34.181.88; 
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <edk2-devel-bounces@lists.sourceforge.net>)
 id 1XEbMK-0001yD-Lr; Tue, 05 Aug 2014 09:48:44 +0000
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
 helo=mx.sourceforge.net)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
 (envelope-from <olivier.martin@arm.com>) id 1XEbMI-0001y6-G7
 for edk2-devel@lists.sourceforge.net; Tue, 05 Aug 2014 09:48:42 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of arm.com
 designates 217.140.96.21 as permitted sender)
 client-ip=217.140.96.21; envelope-from=olivier.martin@arm.com;
 helo=cam-smtp0.cambridge.arm.com;
Received: from fw-tnat.cambridge.arm.com ([217.140.96.21]
 helo=cam-smtp0.cambridge.arm.com)
 by sog-mx-4.v43.ch3.sourceforge.com with esmtps
 (TLSv1:AES256-SHA:256) (Exim 4.76) id 1XEbMG-0005P7-U9
 for edk2-devel@lists.sourceforge.net; Tue, 05 Aug 2014 09:48:42 +0000
Received: from e102605-lin.cambridge.arm.com (e102605-lin.cambridge.arm.com
 [10.1.193.159])
 by cam-smtp0.cambridge.arm.com (8.13.8/8.13.8) with ESMTP id
 s759mRA4022174; Tue, 5 Aug 2014 10:48:27 +0100
From: Olivier Martin <olivier.martin@arm.com>
To: michael.d.kinney@intel.com
Date: Tue,  5 Aug 2014 10:48:23 +0100
Message-Id: <1407232103-27603-1-git-send-email-olivier.martin@arm.com>
X-Mailer: git-send-email 1.8.5
X-Spam-Score: -2.2 (--)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
 sender-domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay
 domain
X-Headers-End: 1XEbMG-0005P7-U9
Cc: edk2-devel@lists.sourceforge.net
Subject: [edk2] [PATCH v3 1/3] MdePkg: Introduced BaseStackCheckLib
X-BeenThere: edk2-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: edk2-devel@lists.sourceforge.net
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.sourceforge.net
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: olivier.martin@arm.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.220.173 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

This library only support GCC, RVCT and XCode for now.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Signed-off-by: Olivier Martin <olivier.martin@arm.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
---
 .../Library/BaseStackCheckLib/BaseStackCheckGcc.c  | 61 ++++++++++++++++++++++
 .../BaseStackCheckLib/BaseStackCheckLib.inf        | 42 +++++++++++++++
 MdePkg/MdePkg.dec                                  |  4 ++
 3 files changed, 107 insertions(+)
 create mode 100644 MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
 create mode 100644 MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf

diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
new file mode 100644
index 0000000..4160aff
--- /dev/null
+++ b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
@@ -0,0 +1,61 @@
+/** @file
+ Base Stack Check library for GCC/clang.
+
+ Use -fstack-protector-all compiler flag to make the compiler insert the
+ __stack_chk_guard "canary" value into the stack and check the value prior
+ to exiting the function. If the "canary" is overwritten __stack_chk_fail()
+ is called. This is GCC specific code.
+
+ Copyright (c) 2012, Apple Inc. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution.  The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Base.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+
+VOID
+__stack_chk_fail (
+ VOID
+ );
+
+
+/// "canary" value that is inserted by the compiler into the stack frame.
+VOID *__stack_chk_guard = (VOID*)FixedPcdGet64 (PcdBaseStackCanary);
+
+// If ASLR was enabled we could use
+//void (*__stack_chk_guard)(void) = __stack_chk_fail;
+
+/**
+ Error path for compiler generated stack "canary" value check code. If the
+ stack canary has been overwritten this function gets called on exit of the
+ function.
+**/
+VOID
+__stack_chk_fail (
+ VOID
+ )
+{
+  UINT8 DebugPropertyMask;
+
+  DEBUG ((DEBUG_ERROR, "STACK FAULT: Buffer Overflow in function %a.\n", __builtin_return_address(0)));
+
+  //
+  // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings even if
+  // BaseDebugLibNull is in use.
+  //
+  DebugPropertyMask = PcdGet8 (PcdDebugPropertyMask);
+  if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_BREAKPOINT_ENABLED) != 0) {
+    CpuBreakpoint ();
+  } else if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_DEADLOOP_ENABLED) != 0) {
+   CpuDeadLoop ();
+  }
+}
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
new file mode 100644
index 0000000..3304284
--- /dev/null
+++ b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
@@ -0,0 +1,42 @@
+## @file
+#  Stack Check Library
+#
+#  Copyright (c) 2014, ARM Ltd. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php.
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseStackCheckLib
+  FILE_GUID                      = 5f6579f7-b648-4fdb-9f19-4c17e27e8eff
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+
+
+#
+#  VALID_ARCHITECTURES           = ARM AARCH64
+#
+
+[Sources]
+  BaseStackCheckGcc.c | GCC
+  BaseStackCheckGcc.c | RVCT
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+
+[FixedPcd]
+  gEfiMdePkgTokenSpaceGuid.PcdBaseStackCanary
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 4daf3e6..fbb7d2b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -1544,6 +1544,10 @@
   #  The required memory space is decided by the value of PcdMaximumGuidedExtractHandler.
   gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|0x1000000|UINT64|0x30001015
 
+  ## Canary value for the stack overflow protection. This PCD can be used by a firmware vendor
+  # or for debugging purposes to change the recommended value.
+  gEfiMdePkgTokenSpaceGuid.PcdBaseStackCanary|0x0AFF|UINT64|0x0000002A
+
 [PcdsFixedAtBuild.IPF]
   ## The base address of IO port space for IA64 arch
   gEfiMdePkgTokenSpaceGuid.PcdIoBlockBaseAddressForIpf|0x0ffffc000000|UINT64|0x0000000f