diff --git a/Makefile.defines b/Makefile.defines index 5b6b90be0..476b35141 100644 --- a/Makefile.defines +++ b/Makefile.defines @@ -47,7 +47,7 @@ log = $(if $(strip $(VERBOSE)),$1,@$1) # kept for retrocompat L = $(if $(strip $(VERBOSE)),,@) ifeq ($(CC),) -CC = clang +CC = clang-19 endif SYSROOT = $(shell $(GCCPATH)arm-none-eabi-gcc -print-sysroot) @@ -77,7 +77,7 @@ CFLAGS += -std=gnu99 CFLAGS += -Wall -Wextra CFLAGS += -Wno-main -CFLAGS += -Werror=int-to-pointer-cast +CFLAGS += -Werror=int-to-pointer-cast -Wno-implicit-function-declaration # Additional Clang warnings CFLAGS += -Wno-error=int-conversion -Wimplicit-fallthrough @@ -99,6 +99,10 @@ LDFLAGS += -mno-unaligned-access LDFLAGS += -Wl,--gc-sections -Wl,-Map,$(DBG_DIR)/app.map LDFLAGS += -nostdlib -nodefaultlibs +LDLIBS += -Wl,--wrap=__stack_chk_fail -Wl,--wrap=__stack_chk_init +AFLAGS += -fstack-protector-strong +CFLAGS += -fstack-protector-strong + ifeq ($(TARGET_NAME),TARGET_NANOX) CPU = cortex-m3 CFLAGS += -frwpi diff --git a/Makefile.standard_app b/Makefile.standard_app index 497e67aac..d9c0865d6 100644 --- a/Makefile.standard_app +++ b/Makefile.standard_app @@ -266,9 +266,9 @@ APP_FLAGS_APP_LOAD_PARAMS = $(shell printf '0x%x' $$(( $(STANDARD_APP_FLAGS) + $ ##################################################################### # COMPILER SETTINGS # ##################################################################### -CC = $(CLANGPATH)clang -AS = $(CLANGPATH)clang -LD = $(CLANGPATH)clang +CC = $(CLANGPATH)clang-19 +AS = $(CLANGPATH)clang-19 +LD = $(CLANGPATH)clang-19 LDLIBS += -lclang_rt.builtins AFLAGS += --target=arm-none-eabi diff --git a/src/stack_protector_init.S b/src/stack_protector_init.S index da865c261..b0d0448a5 100644 --- a/src/stack_protector_init.S +++ b/src/stack_protector_init.S @@ -10,17 +10,22 @@ .global __wrap___stack_chk_init .thumb_func __wrap___stack_chk_init: + // if r0 != 0, skip initialization and jump directly to main + // (don't overwrite parent canary during a libcall) + cmp r0, #0 + bne 1f + // save arguments passed to main push {r0-r3} // call cx_get_random_bytes(&__stack_chk_guard, sizeof(__stack_chk_guard)); // we can't use the function cx_get_random_bytes because of PIC ldr r0, =SYSCALL_cx_get_random_bytes_ID - ldr r2, =__stack_chk_guard + mov r2, r9 movs r3, #4 push {r2-r3} mov r1, sp - svc 1 + bl SVC_Call pop {r2-r3} // restore arguments diff --git a/target/apex_m/script.ld b/target/apex_m/script.ld index 29954d801..11a7916b6 100644 --- a/target/apex_m/script.ld +++ b/target/apex_m/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -105,6 +107,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -126,6 +131,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/apex_p/script.ld b/target/apex_p/script.ld index 29954d801..11a7916b6 100644 --- a/target/apex_p/script.ld +++ b/target/apex_p/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -105,6 +107,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -126,6 +131,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/flex/script.ld b/target/flex/script.ld index 02c5e1bc6..0af862f1b 100644 --- a/target/flex/script.ld +++ b/target/flex/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -108,6 +110,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -129,6 +134,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/nanos2/script.ld b/target/nanos2/script.ld index 809f6b729..ad034137a 100644 --- a/target/nanos2/script.ld +++ b/target/nanos2/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -107,6 +109,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -128,6 +133,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/nanox/script.ld b/target/nanox/script.ld index 932db68e9..6bd7e6bc0 100644 --- a/target/nanox/script.ld +++ b/target/nanox/script.ld @@ -104,21 +104,15 @@ SECTIONS ASSERT( (_edata - _data) <= 0, ".data section must be empty" ) - /* The .init_array is initialized with functions with the constructor - * attribute. Discard this section since there's no loader. */ - /DISCARD/ : { - *(.init_array) - } - .bss : { /** * Place RAM uninitialized variables */ - _bss = .; __stack_chk_guard = .; PROVIDE(__stack_chk_guard = .); . += 4; + _bss = .; *(.bss*) _ebss = .; @@ -139,6 +133,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/ diff --git a/target/stax/script.ld b/target/stax/script.ld index 02c5e1bc6..0af862f1b 100644 --- a/target/stax/script.ld +++ b/target/stax/script.ld @@ -48,7 +48,9 @@ SECTIONS _text = .; _nvram_start = .; - /* ensure main is always @ 0xC0D00000 */ + /* ensure __stack_chk_init is always @ 0xC0D00000 */ + KEEP(*(.boot.ssp_init)) + /* ensure main directly follows __stack_chk_init */ *(.boot*) /* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */ @@ -108,6 +110,9 @@ SECTIONS /** * Place RAM uninitialized variables */ + __stack_chk_guard = .; + PROVIDE(__stack_chk_guard = .); + . += 4; _bss = .; *(.bss*) _ebss = .; @@ -129,6 +134,12 @@ SECTIONS ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" ) + /* The .init_array is initialized with functions with the constructor + * attribute. Discard this section since there's no loader. */ + /DISCARD/ : { + *(.init_array) + } + /****************************************************************/ /* DEBUG */ /****************************************************************/