Stack protection is a feature to detect and handle stack buffer overflows at runtime. For this to work the compiler and libc have to collaborate.
This patch adds the following parts to nolibc that are required by the compiler:
* __stack_chk_guard: random sentinel value * __stack_chk_fail: handler for detected stack smashes
In addition an initialization function is added that randomizes the sentinel value.
Only support for global guards is implemented. Register guards are useful in multi-threaded context which nolibc does not provide support for.
Link: https://lwn.net/Articles/584225/
Signed-off-by: Thomas Weißschuh linux@weissschuh.net --- Thomas Weißschuh (5): tools/nolibc: add definitions for standard fds tools/nolibc: add helpers for wait() signal exits tools/nolibc: tests: constify test_names tools/nolibc: add support for stack protector tools/nolibc: tests: add test for -fstack-protector
tools/include/nolibc/Makefile | 4 +- tools/include/nolibc/arch-i386.h | 8 ++- tools/include/nolibc/arch-x86_64.h | 5 ++ tools/include/nolibc/nolibc.h | 1 + tools/include/nolibc/stackprotector.h | 48 ++++++++++++++++++ tools/include/nolibc/types.h | 2 + tools/include/nolibc/unistd.h | 5 ++ tools/testing/selftests/nolibc/Makefile | 12 +++++ tools/testing/selftests/nolibc/nolibc-test.c | 76 ++++++++++++++++++++++++++-- 9 files changed, 155 insertions(+), 6 deletions(-) --- base-commit: b7453ccfdbe0b9e95b488814c53e8cbf8966aae4 change-id: 20230223-nolibc-stackprotector-d4d5f48ff771
Best regards,