Add stack guard

Author: eupn

armv7a-unknown-xous-elf.json

@@ -15,5 +15,6 @@
   "features": "+v7,+thumb2,+thumb-mode,+vfp4d16,+d32,+neon,+strict-align",
   "executables": true,
   "relocation-model": "static",
+  "supports-stack-protector": true,
   "os": "xous"
 }

library/std/src/sys/pal/xous/os.rs

@@ -18,6 +18,8 @@ mod eh_unwinding {
 #[cfg(not(test))]
 mod c_compat {
     use crate::os::xous::ffi::exit;
+    use crate::sync::atomic::{AtomicU32, Ordering};
+
     unsafe extern "C" {
         fn main() -> u32;
     }
@@ -28,14 +30,16 @@ mod c_compat {
     }
 
     #[unsafe(no_mangle)]
-    pub extern "C" fn _start(_eh_frame: usize, params_address: usize) {
+    pub extern "C" fn _start(_eh_frame: usize, params_address: usize, rnd_seed: usize) {
         #[cfg(feature = "panic_unwind")]
         {
             // TODO
             // unsafe { super::eh_unwinding::EH_FRAME_ADDRESS = eh_frame };
             // unwind::set_custom_eh_frame_finder(&super::eh_unwinding::EH_FRAME_SETTINGS).ok();
         }
 
+        init_stack_guard(rnd_seed as u32);
+
         if params_address != 0 {
             let params_address = crate::ptr::with_exposed_provenance_mut::<u8>(params_address);
             if unsafe {
@@ -46,6 +50,19 @@ mod c_compat {
         }
         exit(unsafe { main() });
     }
+
+    pub fn init_stack_guard(rnd_seed: u32) {
+        unsafe extern "C" {
+            static __stack_chk_guard: AtomicU32;
+        }
+
+        // Ensure at least one 0 byte to reduce certain string-overflow exploits
+        let canary = rnd_seed & 0xFFFF_FF00;
+
+        unsafe {
+            __stack_chk_guard.store(canary, Ordering::Relaxed);
+        }
+    }
 }
 
 pub fn errno() -> i32 {