[efi] Enable stack protection where possible

Enable -fstack-protector for EFI builds, where binary size is less critical than for BIOS builds. The stack cookie must be constructed immediately on entry, which prohibits the use of any viable entropy source. Construct a cookie by XORing together various mildly random quantities to produce a value that will at least not be identical on each run. On detecting a stack corruption, attempt to call Exit() with an appropriate error. If that fails, then lock up the machine since there is no other safe action that can be taken. The old conditional check for support of -fno-stack-protector is omitted since this flag dates back to GCC 4.1. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-07 04:31:39 +03:00 · 2020-06-23 23:08:49 +01:00
parent 8830f2f351
commit a61b27b97f
6 changed files with 115 additions and 11 deletions
--- a/src/Makefile.housekeeping
+++ b/src/Makefile.housekeeping
@@ -146,17 +146,6 @@ define NEWLINE

 endef

-# Some widespread patched versions of gcc include -fstack-protector by
-# default, even when -ffreestanding is specified.  We therefore need
-# to disable -fstack-protector if the compiler supports it.
-#
-ifeq ($(CCTYPE),gcc)
-SP_TEST = $(CC) -fno-stack-protector -x c -c /dev/null \
-		-o /dev/null >/dev/null 2>&1
-SP_FLAGS := $(shell $(SP_TEST) && $(ECHO) '-fno-stack-protector')
-WORKAROUND_CFLAGS += $(SP_FLAGS)
-endif
-
 # gcc 4.4 generates .eh_frame sections by default, which distort the
 # output of "size".  Inhibit this.
 #
@@ -415,6 +404,13 @@ ifdef BIN
 incdirs :
 	@$(ECHO) $(INCDIRS)

+# Inhibit -fstack-protector (which is implicitly enabled in some
+# patched gcc versions) unless explicitly mentioned in CFLAGS.
+#
+ifeq ($(findstring -fstack-protector,$(CFLAGS)),)
+CFLAGS		+= -fno-stack-protector
+endif
+
 # Common flags
 #
 CFLAGS		+= $(foreach INC,$(INCDIRS),-I$(INC))