From 305ca3b4d590a88f9c955aa61429ca9c83e5a8dc Mon Sep 17 00:00:00 2001 From: Md Sadre Alam Date: Mon, 6 May 2019 19:21:53 +0530 Subject: [PATCH 1/2] board: common: cmd_bootqca: Add missing symbol to enable stack-protection The symbol __stack_guard & __stack_fail_check not present so add these symbols explicitly in u-boot source code as per defined in kernel source code. The symbol __stack_guard is defined with a magic value for stack canary. Whenever u-boot source code build with "fstack-protector" enabled then stack canary appiled for specific function and it saved on stack. Whenever stack canary value get currupted then __stack_fail_check function will get called and after that programs behaves as per pre defined behaviour. Change-Id: Ia0575a26ab43aa2177af127e59c67a41873748c3 Signed-off-by: Md Sadre Alam --- board/qca/arm/common/cmd_bootqca.c | 7 +++++++ include/common.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/board/qca/arm/common/cmd_bootqca.c b/board/qca/arm/common/cmd_bootqca.c index 130ef4bceb..a787d556bf 100644 --- a/board/qca/arm/common/cmd_bootqca.c +++ b/board/qca/arm/common/cmd_bootqca.c @@ -35,6 +35,7 @@ #define ELF_HDR_PLUS_PHDR_SIZE sizeof(Elf32_Ehdr) + \ (NO_OF_PROGRAM_HDRS * sizeof(Elf32_Phdr)) +unsigned long __stack_chk_guard = 0x000a0dff; static int debug = 0; static char mtdids[256]; DECLARE_GLOBAL_DATA_PTR; @@ -78,6 +79,10 @@ typedef struct { } image_info; #endif +void __stack_chk_fail(void) +{ + printf("stack-protector: U-boot stack is corrupted.\n"); +} /* * Set the root device and bootargs for mounting root filesystem. */ @@ -88,6 +93,8 @@ static int set_fs_bootargs(int *fs_on_nand) int ret = 0; char boot_args[MAX_BOOT_ARGS_SIZE] = {'\0'}; + + #define nand_rootfs "ubi.mtd=" QCA_ROOT_FS_PART_NAME " root=mtd:ubi_rootfs rootfstype=squashfs" if (sfi->flash_type == SMEM_BOOT_SPI_FLASH) { diff --git a/include/common.h b/include/common.h index 1e74c7e90a..e7923d6563 100644 --- a/include/common.h +++ b/include/common.h @@ -305,7 +305,9 @@ static inline int print_cpuinfo(void) #endif int update_flash_size(int flash_size); int arch_early_init_r(void); +extern unsigned long __stack_chk_guard; +void __stack_chk_fail(void); /** * arch_cpu_init_dm() - init CPU after driver model is available * From 8aef0ad840f4bb620c9795e2bd4062f863689d9e Mon Sep 17 00:00:00 2001 From: Md Sadre Alam Date: Fri, 3 May 2019 15:45:20 +0530 Subject: [PATCH 2/2] Makefile: Enable Stack protector flag This change will enable stack protector for u-boot code for ipq807x. Change-Id: Iea28c20efa3bf582728e8a0099f01c8f93595ff6 Signed-off-by: Md Sadre Alam --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e2fe97ddc4..9bb51c69b9 100644 --- a/Makefile +++ b/Makefile @@ -566,7 +566,11 @@ ifdef BUILD_TAG KBUILD_CFLAGS += -DBUILD_TAG='"$(BUILD_TAG)"' endif -KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector) +ifdef CONFIG_ARCH_IPQ807x +KBUILD_CFLAGS += $(call cc-option,-fstack-protector) +else +KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) +endif KBUILD_CFLAGS += $(call cc-option,-fno-delete-null-pointer-checks) KBUILD_CFLAGS += -g