From e63cdeebb829683a9b30bf60a616d5476a07e1a5 Mon Sep 17 00:00:00 2001 From: Oliver Smith-Denny Date: Wed, 29 Jan 2025 10:48:49 -0800 Subject: MdePkg: Add StackCheckLib Library Class StackCheckLib defines the interface between a compiler and the stack checking code. It is being converted from a NULL library class to an actual library class to make it easier to use for a platform and be easier to define the expected interface with a compiler, so if there is a compiler change it can be tracked and caught. Signed-off-by: Oliver Smith-Denny --- MdePkg/Include/Library/StackCheckLib.h | 78 ++++++++++++++++++++++ .../Library/StackCheckLib/StackCheckLibCommonGcc.c | 2 + .../StackCheckLib/StackCheckLibCommonMsvc.c | 1 + .../StackCheckLibNull/StackCheckLibNullGcc.c | 1 + .../StackCheckLibNull/StackCheckLibNullMsvc.c | 1 + MdePkg/MdePkg.dec | 4 ++ 6 files changed, 87 insertions(+) create mode 100644 MdePkg/Include/Library/StackCheckLib.h diff --git a/MdePkg/Include/Library/StackCheckLib.h b/MdePkg/Include/Library/StackCheckLib.h new file mode 100644 index 0000000000..5773caafa5 --- /dev/null +++ b/MdePkg/Include/Library/StackCheckLib.h @@ -0,0 +1,78 @@ +/** @file + This library provides stack cookie checking functions for symbols inserted by the compiler. This header + is not intended to be used directly by modules, but rather defines the expected interfaces to each supported + compiler, so that if the compiler interface is updated it is easier to track. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef STACK_CHECK_LIB_H_ +#define STACK_CHECK_LIB_H_ + +#include + +#if defined (__GNUC__) || defined (__clang__) + +// The __stack_chk_guard is a random value placed on the stack between the stack variables +// and the return address so that continuously writing past the stack variables will cause +// the stack cookie to be overwritten. Before the function returns, the stack cookie value +// will be checked and if there is a mismatch then StackCheckLib handles the failure. +extern VOID *__stack_chk_guard; + +/** + Called when a stack cookie check fails. The return address is the failing address. + +**/ +VOID +EFIAPI +__stack_chk_fail ( + VOID + ); + +#elif defined (_MSC_VER) + +// The __security_cookie is a random value placed on the stack between the stack variables +// and the return address so that continuously writing past the stack variables will cause +// the stack cookie to be overwritten. Before the function returns, the stack cookie value +// will be checked and if there is a mismatch then StackCheckLib handles the failure. +extern VOID *__security_cookie; + +/** + Called when a buffer check fails. This functionality is dependent on MSVC + C runtime libraries and so is unsupported in UEFI. + +**/ +VOID +EFIAPI +__report_rangecheckfailure ( + VOID + ); + +/** + The GS handler is for checking the stack cookie during SEH or + EH exceptions and is unsupported in UEFI. + +**/ +VOID +EFIAPI +__GSHandlerCheck ( + VOID + ); + +/** + Checks the stack cookie value against __security_cookie and calls the + stack cookie failure handler if there is a mismatch. + + @param UINTN CheckValue The value to check against __security_cookie + +**/ +VOID +EFIAPI +__security_check_cookie ( + UINTN CheckValue + ); + +#endif // Compiler type + +#endif // STACK_CHECK_LIB_H_ diff --git a/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c b/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c index 4146012b90..7157e0dfe7 100644 --- a/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c +++ b/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c @@ -10,6 +10,7 @@ #include #include +#include #include /** @@ -28,6 +29,7 @@ VOID *__stack_chk_guard = (VOID *)(UINTN)STACK_COOKIE_VALUE; **/ VOID +EFIAPI __stack_chk_fail ( VOID ) diff --git a/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c b/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c index 406b2d0116..d9018ed09e 100644 --- a/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c +++ b/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c @@ -10,6 +10,7 @@ #include #include +#include #include /** diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c index cc30632761..ed2bc410e5 100644 --- a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c +++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c @@ -6,6 +6,7 @@ **/ #include +#include VOID *__stack_chk_guard = (VOID *)(UINTN)0x0; diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c index ba9a4e6f3c..ebc2ba21d3 100644 --- a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c +++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c @@ -6,5 +6,6 @@ **/ #include +#include VOID *__security_cookie = (VOID *)(UINTN)0x0; diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index fc53cf5f1e..0694b87275 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -308,6 +308,10 @@ # StackCheckFailureHookLib|Include/Library/StackCheckFailureHookLib.h + ## @libraryclass Provides stack cookie checking functionality + # + StackCheckLib|Include/Library/StackCheckLib.h + [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] ## @libraryclass Provides services to generate random number. # -- cgit