diff options
| author | Oliver Smith-Denny <osde@microsoft.com> | 2025-01-29 11:05:03 -0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2025-02-07 02:23:11 +0000 |
| commit | e6b6aa90d490c298da140bc118d73ceff510f563 (patch) | |
| tree | e20b3795b7d5bab5c7280396aafbfb61e9b1b577 /MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S | |
| parent | efbf5ed08c48478b51bb6b6da5670b1312755854 (diff) | |
| download | edk2-e6b6aa90d490c298da140bc118d73ceff510f563.tar.gz | |
MdePkg: Add Dynamic Stack Cookie Support
Adds dynamic stack cookies in the form of copies of the entry
point libraries that use shared logic to update stack cookies
at runtime.
This relies on RDRAND on IA32/X64 and RNDR on AARCH64 to get a
random number to apply to the stack cookie on module entry point.
This simplifies the logic a platform must do to include stack
check functionality.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Diffstat (limited to 'MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S')
| -rw-r--r-- | MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S b/MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S new file mode 100644 index 0000000000..d33c02a7c4 --- /dev/null +++ b/MdePkg/Library/DynamicStackCookieEntryPointLib/AArch64/DynamicCookieGcc.S @@ -0,0 +1,56 @@ +#------------------------------------------------------------------------------
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# Module Name:
+#
+# DynamicCookie.S
+#
+# Abstract:
+#
+# Generates random number through the RNDR instruction on a 64-bit AARCH64 platform
+# to store a random value in the GCC __stack_check_guard stack cookie.
+# The first byte is 0'd to prevent string copy functions from clobbering
+# the stack cookie.
+#
+# Notes:
+#
+# If RNDR fails, the build time static stack cookie value will be used instead.
+#
+#------------------------------------------------------------------------------
+
+#include <AArch64/AArch64.h>
+
+.text
+.p2align 2
+
+GCC_ASM_IMPORT(__stack_chk_guard)
+GCC_ASM_IMPORT(_CModuleEntryPoint)
+GCC_ASM_EXPORT(_ModuleEntryPoint)
+
+#------------------------------------------------------------------------------
+# VOID
+# EFIAPI
+# _ModuleEntryPoint (
+# Parameters are passed through.
+# )
+#------------------------------------------------------------------------------
+ASM_PFX(_ModuleEntryPoint):
+ AARCH64_BTI(c)
+
+ mrs x9, ID_AA64ISAR0_EL1 // Read the AArch64 Instruction Set Attribute Register 0
+ ubfx x9, x9, #60, #4 // Extract the RNDR bit field (bits 60-63)
+ cbz x9, c_entry // If RNDR is not supported, jump to c_entry
+
+ mrs x9, RNDR // Generate a random number
+ b.eq c_entry // RNDR sets NZCV to 0b0100 on failure
+ // So if the zero flag is set, use the static stack guard
+
+ and x9, x9, #0xFFFFFFFFFFFFFF00 // Zero the first byte of the random value
+
+ adrp x8, ASM_PFX(__stack_chk_guard) // Load the page address of __stack_chk_guard
+ str x9, [x8, :lo12:ASM_PFX(__stack_chk_guard)] // Store the random value in __stack_chk_guard
+
+c_entry:
+ b ASM_PFX(_CModuleEntryPoint) // Jump to the C module entry point
|