xref: /illumos-gate/usr/src/lib/libc/port/gen/ssp.c (revision 6a817834) 
1*6a817834SRobert Mustacchi /*
2*6a817834SRobert Mustacchi  * This file and its contents are supplied under the terms of the
3*6a817834SRobert Mustacchi  * Common Development and Distribution License ("CDDL"), version 1.0.
4*6a817834SRobert Mustacchi  * You may only use this file in accordance with the terms of version
5*6a817834SRobert Mustacchi  * 1.0 of the CDDL.
6*6a817834SRobert Mustacchi  *
7*6a817834SRobert Mustacchi  * A full copy of the text of the CDDL should have accompanied this
8*6a817834SRobert Mustacchi  * source.  A copy of the CDDL is also available via the Internet at
9*6a817834SRobert Mustacchi  * http://www.illumos.org/license/CDDL.
10*6a817834SRobert Mustacchi  */
11*6a817834SRobert Mustacchi 
12*6a817834SRobert Mustacchi /*
13*6a817834SRobert Mustacchi  * Copyright 2020 Oxide Computer Company
14*6a817834SRobert Mustacchi  */
15*6a817834SRobert Mustacchi 
16*6a817834SRobert Mustacchi #include <upanic.h>
17*6a817834SRobert Mustacchi #include <sys/random.h>
18*6a817834SRobert Mustacchi 
19*6a817834SRobert Mustacchi /*
20*6a817834SRobert Mustacchi  * This provides an implementation of the stack protector functions that are
21*6a817834SRobert Mustacchi  * expected by gcc's ssp implementation.
22*6a817834SRobert Mustacchi  *
23*6a817834SRobert Mustacchi  * We attempt to initialize the stack guard with random data, which is our best
24*6a817834SRobert Mustacchi  * protection. If that fails, we'd like to have a guard that is still meaningful
25*6a817834SRobert Mustacchi  * and not totally predictable. The original StackGuard paper suggests using a
26*6a817834SRobert Mustacchi  * terminator canary. To make this a little more difficult, we also use a
27*6a817834SRobert Mustacchi  * portion of the data from gethrtime().
28*6a817834SRobert Mustacchi  *
29*6a817834SRobert Mustacchi  * In a 32-bit environment, we only have four bytes worth of data. We use the
30*6a817834SRobert Mustacchi  * lower two bytes of the gethrtime() value and then use pieces of the
31*6a817834SRobert Mustacchi  * terminator canary, '\n\0'. In a 64-bit environment we use the full four byte
32*6a817834SRobert Mustacchi  * terminator canary and then four bytes of gethrtime.
33*6a817834SRobert Mustacchi  */
34*6a817834SRobert Mustacchi 
35*6a817834SRobert Mustacchi /*
36*6a817834SRobert Mustacchi  * Use an array here so it's easier to get the length at compile time.
37*6a817834SRobert Mustacchi  */
38*6a817834SRobert Mustacchi static const char ssp_msg[] = "*** stack smashing detected";
39*6a817834SRobert Mustacchi 
40*6a817834SRobert Mustacchi uintptr_t __stack_chk_guard;
41*6a817834SRobert Mustacchi 
42*6a817834SRobert Mustacchi void
ssp_init(void)43*6a817834SRobert Mustacchi ssp_init(void)
44*6a817834SRobert Mustacchi {
45*6a817834SRobert Mustacchi 	if (getrandom(&__stack_chk_guard, sizeof (__stack_chk_guard), 0) !=
46*6a817834SRobert Mustacchi 	    sizeof (__stack_chk_guard)) {
47*6a817834SRobert Mustacchi 		/*
48*6a817834SRobert Mustacchi 		 * This failed, attempt to get some data that might let us get
49*6a817834SRobert Mustacchi 		 * off the ground.
50*6a817834SRobert Mustacchi 		 */
51*6a817834SRobert Mustacchi 		hrtime_t t = gethrtime();
52*6a817834SRobert Mustacchi #ifdef	_LP32
53*6a817834SRobert Mustacchi 		const uint16_t guard = '\n' << 8 | '\0';
54*6a817834SRobert Mustacchi 		__stack_chk_guard = guard  << 16 | (uint16_t)t;
55*6a817834SRobert Mustacchi #else
56*6a817834SRobert Mustacchi 		const uint32_t guard = '\r' << 24 | '\n' << 16 | '\0' << 8 |
57*6a817834SRobert Mustacchi 		    '\xff';
58*6a817834SRobert Mustacchi 		__stack_chk_guard = (uint64_t)guard << 32 | (uint32_t)t;
59*6a817834SRobert Mustacchi #endif
60*6a817834SRobert Mustacchi 	}
61*6a817834SRobert Mustacchi }
62*6a817834SRobert Mustacchi 
63*6a817834SRobert Mustacchi void
__stack_chk_fail(void)64*6a817834SRobert Mustacchi __stack_chk_fail(void)
65*6a817834SRobert Mustacchi {
66*6a817834SRobert Mustacchi 	upanic(ssp_msg, sizeof (ssp_msg));
67*6a817834SRobert Mustacchi }
68