[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT PATCH v3 1/3] lib/uksp: Introduce uksp library





On 27.01.20 14:33, Vlad-Andrei BĂDOIU (78692) wrote:
Hey Simon,

Thank you for the review, I agree with all the proposed changes. Please
see my answer inline.

Vlad

On 07.01.2020 16:17, Simon Kuenzer wrote:
On 04.12.19 16:14, Vlad-Andrei BĂDOIU (78692) wrote:
From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>

This library provides the necessary functionalities for the stack
protector.

A make clean is required when toggling the stack smashing protection
option.

Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
---
   lib/Makefile.uk                        |  1 +
   lib/uksp/Config.uk                     |  4 ++
   lib/uksp/Makefile.uk                   |  5 +++
   lib/uksp/exportsyms.uk                 |  2 +
   lib/uksp/include/uksp/stackprotector.h | 56 ++++++++++++++++++++++++++
   lib/uksp/ssp.c                         | 43 ++++++++++++++++++++
   6 files changed, 111 insertions(+)
   create mode 100644 lib/uksp/Config.uk
   create mode 100644 lib/uksp/Makefile.uk
   create mode 100644 lib/uksp/exportsyms.uk
   create mode 100644 lib/uksp/include/uksp/stackprotector.h
   create mode 100644 lib/uksp/ssp.c

diff --git a/lib/Makefile.uk b/lib/Makefile.uk
index 4b9568a1..735d0eda 100644
--- a/lib/Makefile.uk
+++ b/lib/Makefile.uk
@@ -34,3 +34,4 @@ $(eval $(call
_import_lib,$(CONFIG_UK_BASE)/lib/uktime))
   $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukmmap))
   $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukblkdev))
   $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/posix-process))
+$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uksp))
diff --git a/lib/uksp/Config.uk b/lib/uksp/Config.uk
new file mode 100644
index 00000000..497381a3
--- /dev/null
+++ b/lib/uksp/Config.uk
@@ -0,0 +1,4 @@
+config LIBUKSP
+    bool "uksp : stack protector"

In order to make the library title inline with the others, please
remove the space before the colon and start with a capital letter
after the colon. For instance: "uksp: Stack protection"

+    select LIBUKSWRAND
+    default n
diff --git a/lib/uksp/Makefile.uk b/lib/uksp/Makefile.uk
new file mode 100644
index 00000000..6c391c9d
--- /dev/null
+++ b/lib/uksp/Makefile.uk
@@ -0,0 +1,5 @@
+$(eval $(call addlib_s,libuksp,$(CONFIG_LIBUKSP)))
+
+CINCLUDES-y += -I$(LIBUKSP_BASE)/include
+
+LIBUKSP_SRCS-y += $(LIBUKSP_BASE)/ssp.c
diff --git a/lib/uksp/exportsyms.uk b/lib/uksp/exportsyms.uk
new file mode 100644
index 00000000..fbc319e7
--- /dev/null
+++ b/lib/uksp/exportsyms.uk
@@ -0,0 +1,2 @@
+__stack_chk_fail
+__stack_chk_guard
diff --git a/lib/uksp/include/uksp/stackprotector.h
b/lib/uksp/include/uksp/stackprotector.h

Hum, do you really want to put the headers under
<uksp/stackprotector.h>? I would do it inline with our other Unikraft
libraries and add it within the `uk` name space: <uk/sp.h>... But
overall, I even think that we do not need a header for this library. I
would declare the init function as uk_ctor function - no need to call
it directly from lib/ukboot.

new file mode 100644
index 00000000..2410b21b
--- /dev/null
+++ b/lib/uksp/include/uksp/stackprotector.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All
rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer
in the
+ *    documentation and/or other materials provided with the
distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products
derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#ifndef __UK_STACKPROTECTOR_H__
+#define __UK_STACKPROTECTOR_H__
+
+#include <uk/swrand.h>
+#include <uk/config.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern unsigned long __stack_chk_guard;
+
+static __attribute__((always_inline)) void boot_init_stack_canary(void)
+{
+    __stack_chk_guard = uk_swrand_randr();
+}

I would put the init function into ssp.c and declare it as system
constructor:

    UK_CTOR_FUNC(UK_SWRAND_CTOR_PRIO + 1, init_stack_canary);

This wouldn't work since we end up with a concatenation: ... ## lvl ##
... where lvl is UK_SWRAND_CTOR_PRIO + 1.

Since the preprocessor performs integer arithmetic only for conditional
directives this causes compilation errors. I'll

leave the value to 2 until we find a solution to this.


This is actually a good point... I think, the actual fix should be in the UK_CTOR_FUNC macro. I guess we can get it working with macros that help to do the computation. I am preparing something and will send it out.


You would call it directly after libukswrandr was initialized. In
order to get the priority value, we maybe want to move
`UK_SWRAND_CTOR_PRIO` definition to the <uk/swrand.h> header.

+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __UK_STACKPROTECTOR_H__ */
diff --git a/lib/uksp/ssp.c b/lib/uksp/ssp.c
new file mode 100644
index 00000000..79fd0e55
--- /dev/null
+++ b/lib/uksp/ssp.c
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Badoiu Vlad-Andrei <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All
rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer
in the
+ *    documentation and/or other materials provided with the
distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products
derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#include <uk/assert.h>
+
+unsigned long __stack_chk_guard;
+
+__attribute__((noreturn))
+void __stack_chk_fail(void)
+{
+    UK_CRASH("Stack smashing detected\n");

Maybe we want to add the current stack pointer to the message in order
to simplify debugging. There should be a platform API function that
you can use to retrieve the sp.

+}


_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.