[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Minios-devel] [UNIKRAFT PATCH v2 1/3] lib/uksecurity: Introduce uksecurity library

  • To: "minios-devel@xxxxxxxxxxxxx" <minios-devel@xxxxxxxxxxxxx>
  • From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
  • Date: Wed, 20 Nov 2019 14:02:30 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=stud.acs.upb.ro; dmarc=pass action=none header.from=stud.acs.upb.ro; dkim=pass header.d=stud.acs.upb.ro; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4418UuiTIJwNxiTmq/JQ9KpOZoF9Z630nVFCZ76ga50=; b=l8ov7ToCzgT/RWex3izcU8IfTNGcb4NMA1c6GOACYn3Urg6YqGlDDi48GBoPKG7pCFC+EaiwdfsWWypVRrLMJBpmj+Y9SOFGgJ3XrggpMjhPiBiSCi+Bo/cPgqemS9n+zUKr0LIzzV5eoJqz7XQduQADyA29yfQ7rcWpNwYoD4b3I62VFoAZRTkWT8Ft1QO4C0a6EHKQQnQcPu3Dv+IFiwQy/tHMYA5c8ftaUihBC7rhZ2AzkRs0X1fpY8VdKs3WfLEKSWxlFU1wuK23irEb3JC1nXGreeYJqbTjZTyU77qVUvqKdE1QcAyaG4iZT+jL9K9gymOjLuSA0uP732h9dA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JSSoaeBqws4HtjtZyBmuGwNuAShIc77OGn89Wv/ptFz2OR75kIzl/AzqeoFRga5ANnobzdYQTrgxyxDAsjrw+MA8TgPRMlldQZ/DutjL7BJpfTHhSG/8doEQHm0Ds66IHLwunysm74DHhlQyFR41MhxujvRTtFSbOG9qoq9JTtuj52+yv7mhysVWnlcbdQevwJ1/oUXC41E5MZy3wQ66IKnP5G1Y8kBEN0shZWrgF6ILyIN4LIhBhRCV+uGbs/taAPKVIa0ZvneBqRxvJbokKskQmECm5glQvKqHDwP0NkuuIMZqvXrZWr9cZYNtWjIIkeliifF9WxW/UQWgpHwMdA==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=vlad_andrei.badoiu@xxxxxxxxxxxxxxx;
  • Cc: "felipe.huici@xxxxxxxxx" <felipe.huici@xxxxxxxxx>, "simon.kuenzer@xxxxxxxxx" <simon.kuenzer@xxxxxxxxx>, Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>, "sharan.santhanam@xxxxxxxxx" <sharan.santhanam@xxxxxxxxx>
  • Delivery-date: Wed, 20 Nov 2019 14:02:41 +0000
  • List-id: Mini-os development list <minios-devel.lists.xenproject.org>
  • Thread-index: AQHVn6slmZBSDyup80C0fEjwK0jWYA==
  • Thread-topic: [UNIKRAFT PATCH v2 1/3] lib/uksecurity: Introduce uksecurity library
Library to provide different security related functionalities. Only
the stack smashing protection is implemented for now. This option
increases the size of the final binary(hello world) by around 9%.

A make clean is required when toggling the stack smashing protection
option.

Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
---
 lib/Makefile.uk                               |  1 +
 lib/uksecurity/Config.uk                      | 11 ++++
 lib/uksecurity/Makefile.uk                    |  5 ++
 lib/uksecurity/exportsyms.uk                  |  2 +
 .../include/uksecurity/stackprotector.h       | 58 +++++++++++++++++++
 lib/uksecurity/ssp.c                          | 43 ++++++++++++++
 6 files changed, 120 insertions(+)
 create mode 100644 lib/uksecurity/Config.uk
 create mode 100644 lib/uksecurity/Makefile.uk
 create mode 100644 lib/uksecurity/exportsyms.uk
 create mode 100644 lib/uksecurity/include/uksecurity/stackprotector.h
 create mode 100644 lib/uksecurity/ssp.c

diff --git a/lib/Makefile.uk b/lib/Makefile.uk
index 4b9568a1..c04b2203 100644
--- a/lib/Makefile.uk
+++ b/lib/Makefile.uk
@@ -34,3 +34,4 @@ $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uktime))
 $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukmmap))
 $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukblkdev))
 $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/posix-process))
+$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uksecurity))
diff --git a/lib/uksecurity/Config.uk b/lib/uksecurity/Config.uk
new file mode 100644
index 00000000..b41afaff
--- /dev/null
+++ b/lib/uksecurity/Config.uk
@@ -0,0 +1,11 @@
+config LIBUKSECURITY
+       bool "uksecurity : security related functionalities"
+       default n
+
+if LIBUKSECURITY
+
+config LIBUKSECURITY_SSP
+       bool "Stack smashing protection"
+       select LIBUKSWRAND
+       default n
+endif
diff --git a/lib/uksecurity/Makefile.uk b/lib/uksecurity/Makefile.uk
new file mode 100644
index 00000000..710c420f
--- /dev/null
+++ b/lib/uksecurity/Makefile.uk
@@ -0,0 +1,5 @@
+$(eval $(call addlib_s,libuksecurity,$(CONFIG_LIBUKSECURITY)))
+
+CINCLUDES-y += -I$(LIBUKSECURITY_BASE)/include
+
+LIBUKSECURITY_SRCS-$(CONFIG_LIBUKSECURITY_SSP) += $(LIBUKSECURITY_BASE)/ssp.c
diff --git a/lib/uksecurity/exportsyms.uk b/lib/uksecurity/exportsyms.uk
new file mode 100644
index 00000000..fbc319e7
--- /dev/null
+++ b/lib/uksecurity/exportsyms.uk
@@ -0,0 +1,2 @@
+__stack_chk_fail
+__stack_chk_guard
diff --git a/lib/uksecurity/include/uksecurity/stackprotector.h 
b/lib/uksecurity/include/uksecurity/stackprotector.h
new file mode 100644
index 00000000..b22a64c7
--- /dev/null
+++ b/lib/uksecurity/include/uksecurity/stackprotector.h
@@ -0,0 +1,58 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All rights 
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#ifndef __UK_STACKPROTECTOR_H__
+#define __UK_STACKPROTECTOR_H__
+
+#include <uk/swrand.h>
+#include <uk/config.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef CONFIG_LIBUKSECURITY_SSP
+extern unsigned long __stack_chk_guard;
+
+static __attribute__((always_inline)) void boot_init_stack_canary(void)
+{
+       __stack_chk_guard = uk_swrand_randr();
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __UK_STACKPROTECTOR_H__ */
diff --git a/lib/uksecurity/ssp.c b/lib/uksecurity/ssp.c
new file mode 100644
index 00000000..79fd0e55
--- /dev/null
+++ b/lib/uksecurity/ssp.c
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Badoiu Vlad-Andrei <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All rights 
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ *    contributors may be used to endorse or promote products derived from
+ *    this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#include <uk/assert.h>
+
+unsigned long __stack_chk_guard;
+
+__attribute__((noreturn))
+void __stack_chk_fail(void)
+{
+       UK_CRASH("Stack smashing detected\n");
+}
-- 
2.20.1


_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.