Skip to content

Enable stack protector #1128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bboilot-ledger wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Enable stack protector #1128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8fae237
feat: fix and enable stack protector
bboilot-ledger Aug 27, 2025
575c2ed
build(canary): support libcalls
bboilot-ledger Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions Makefile.defines
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ log = $(if $(strip $(VERBOSE)),$1,@$1) # kept for retrocompat
L = $(if $(strip $(VERBOSE)),,@)

ifeq ($(CC),)
CC = clang
CC = clang-19
endif

SYSROOT = $(shell $(GCCPATH)arm-none-eabi-gcc -print-sysroot)
Expand Down Expand Up @@ -77,7 +77,7 @@ CFLAGS += -std=gnu99

CFLAGS += -Wall -Wextra
CFLAGS += -Wno-main
CFLAGS += -Werror=int-to-pointer-cast
CFLAGS += -Werror=int-to-pointer-cast -Wno-implicit-function-declaration

# Additional Clang warnings
CFLAGS += -Wno-error=int-conversion -Wimplicit-fallthrough
Expand All @@ -99,6 +99,10 @@ LDFLAGS += -mno-unaligned-access
LDFLAGS += -Wl,--gc-sections -Wl,-Map,$(DBG_DIR)/app.map
LDFLAGS += -nostdlib -nodefaultlibs

LDLIBS += -Wl,--wrap=__stack_chk_fail -Wl,--wrap=__stack_chk_init
AFLAGS += -fstack-protector-strong
CFLAGS += -fstack-protector-strong

ifeq ($(TARGET_NAME),TARGET_NANOX)
CPU = cortex-m3
CFLAGS += -frwpi
Expand Down
6 changes: 3 additions & 3 deletions Makefile.standard_app
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,9 +266,9 @@ APP_FLAGS_APP_LOAD_PARAMS = $(shell printf '0x%x' $$(( $(STANDARD_APP_FLAGS) + $
#####################################################################
# COMPILER SETTINGS #
#####################################################################
CC = $(CLANGPATH)clang
AS = $(CLANGPATH)clang
LD = $(CLANGPATH)clang
CC = $(CLANGPATH)clang-19
AS = $(CLANGPATH)clang-19
LD = $(CLANGPATH)clang-19
LDLIBS += -lclang_rt.builtins

AFLAGS += --target=arm-none-eabi
Expand Down
9 changes: 7 additions & 2 deletions src/stack_protector_init.S
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,22 @@
.global __wrap___stack_chk_init
.thumb_func
__wrap___stack_chk_init:
// if r0 != 0, skip initialization and jump directly to main
// (don't overwrite parent canary during a libcall)
cmp r0, #0
bne 1f

// save arguments passed to main
push {r0-r3}

// call cx_get_random_bytes(&__stack_chk_guard, sizeof(__stack_chk_guard));
// we can't use the function cx_get_random_bytes because of PIC
ldr r0, =SYSCALL_cx_get_random_bytes_ID
ldr r2, =__stack_chk_guard
mov r2, r9
movs r3, #4
push {r2-r3}
mov r1, sp
svc 1
bl SVC_Call
pop {r2-r3}

// restore arguments
Expand Down
13 changes: 12 additions & 1 deletion target/apex_m/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ SECTIONS
_text = .;
_nvram_start = .;

/* ensure main is always @ 0xC0D00000 */
/* ensure __stack_chk_init is always @ 0xC0D00000 */
KEEP(*(.boot.ssp_init))
/* ensure main directly follows __stack_chk_init */
*(.boot*)

/* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
Expand Down Expand Up @@ -105,6 +107,9 @@ SECTIONS
/**
* Place RAM uninitialized variables
*/
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;
Expand All @@ -126,6 +131,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
13 changes: 12 additions & 1 deletion target/apex_p/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ SECTIONS
_text = .;
_nvram_start = .;

/* ensure main is always @ 0xC0D00000 */
/* ensure __stack_chk_init is always @ 0xC0D00000 */
KEEP(*(.boot.ssp_init))
/* ensure main directly follows __stack_chk_init */
*(.boot*)

/* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
Expand Down Expand Up @@ -105,6 +107,9 @@ SECTIONS
/**
* Place RAM uninitialized variables
*/
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;
Expand All @@ -126,6 +131,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
13 changes: 12 additions & 1 deletion target/flex/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ SECTIONS
_text = .;
_nvram_start = .;

/* ensure main is always @ 0xC0D00000 */
/* ensure __stack_chk_init is always @ 0xC0D00000 */
KEEP(*(.boot.ssp_init))
/* ensure main directly follows __stack_chk_init */
*(.boot*)

/* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
Expand Down Expand Up @@ -108,6 +110,9 @@ SECTIONS
/**
* Place RAM uninitialized variables
*/
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;
Expand All @@ -129,6 +134,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
13 changes: 12 additions & 1 deletion target/nanos2/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ SECTIONS
_text = .;
_nvram_start = .;

/* ensure main is always @ 0xC0D00000 */
/* ensure __stack_chk_init is always @ 0xC0D00000 */
KEEP(*(.boot.ssp_init))
/* ensure main directly follows __stack_chk_init */
*(.boot*)

/* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
Expand Down Expand Up @@ -107,6 +109,9 @@ SECTIONS
/**
* Place RAM uninitialized variables
*/
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;
Expand All @@ -128,6 +133,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
14 changes: 7 additions & 7 deletions target/nanox/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,21 +104,15 @@ SECTIONS

ASSERT( (_edata - _data) <= 0, ".data section must be empty" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

.bss :
{
/**
* Place RAM uninitialized variables
*/
_bss = .;
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;

Expand All @@ -139,6 +133,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
13 changes: 12 additions & 1 deletion target/stax/script.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,9 @@ SECTIONS
_text = .;
_nvram_start = .;

/* ensure main is always @ 0xC0D00000 */
/* ensure __stack_chk_init is always @ 0xC0D00000 */
KEEP(*(.boot.ssp_init))
/* ensure main directly follows __stack_chk_init */
*(.boot*)

/* place the other code and rodata defined BUT nvram variables that are displaced in a r/w area */
Expand Down Expand Up @@ -108,6 +110,9 @@ SECTIONS
/**
* Place RAM uninitialized variables
*/
__stack_chk_guard = .;
PROVIDE(__stack_chk_guard = .);
. += 4;
_bss = .;
*(.bss*)
_ebss = .;
Expand All @@ -129,6 +134,12 @@ SECTIONS

ASSERT( (_estack - _stack) >= STACK_MIN_SIZE, "stack section too small" )

/* The .init_array is initialized with functions with the constructor
* attribute. Discard this section since there's no loader. */
/DISCARD/ : {
*(.init_array)
}

/****************************************************************/
/* DEBUG */
/****************************************************************/
Expand Down
Loading