From 7a0fcc30c85b626572b4d1cdb310d2773031ff8d Mon Sep 17 00:00:00 2001
From: Kaspar Schleiser <kaspar@schleiser.de>
Date: Sun, 4 Dec 2016 11:04:40 +0100
Subject: [PATCH] sys: add initial SSP support

---
 core/include/panic.h     |  1 +
 sys/Makefile.include     |  4 ++++
 sys/doc.txt              | 12 ++++++++++++
 sys/ssp/Makefile         |  1 +
 sys/ssp/Makefile.include |  3 +++
 sys/ssp/ssp.c            | 33 +++++++++++++++++++++++++++++++++
 6 files changed, 54 insertions(+)
 create mode 100644 sys/ssp/Makefile
 create mode 100644 sys/ssp/Makefile.include
 create mode 100644 sys/ssp/ssp.c

diff --git a/core/include/panic.h b/core/include/panic.h
index 83fbcaef12..5d10aab624 100644
--- a/core/include/panic.h
+++ b/core/include/panic.h
@@ -48,6 +48,7 @@ typedef enum {
 #endif
     PANIC_DUMMY_HANDLER,     /**< unhandled interrupt */
 #endif
+    PANIC_SSP,               /**< stack smashing protector failure */
     PANIC_UNDEFINED
 } core_panic_t;
 
diff --git a/sys/Makefile.include b/sys/Makefile.include
index 092bb68792..3eac8e5760 100644
--- a/sys/Makefile.include
+++ b/sys/Makefile.include
@@ -83,4 +83,8 @@ ifneq (,$(filter printf_float,$(USEMODULE)))
     endif
 endif
 
+ifneq (,$(filter ssp,$(USEMODULE)))
+    include $(RIOTBASE)/sys/ssp/Makefile.include
+endif
+
 INCLUDES += -I$(RIOTBASE)/sys/libc/include
diff --git a/sys/doc.txt b/sys/doc.txt
index e3dcb829da..9dda1b2c8f 100644
--- a/sys/doc.txt
+++ b/sys/doc.txt
@@ -10,3 +10,15 @@
  * @defgroup    sys System
  * @brief       System library contains tools and utilities that make RIOT an actual operating system
  */
+
+/**
+ * @defgroup    sys_ssp Stack Smashing Protector
+ * @ingroup     sys
+ * @brief       Stack Smashing protector
+ *
+ * This module implements necessary helper functions that enable RIOT to make
+ * use of GCC's stack smashing protector (SSP).
+ *
+ * See http://wiki.osdev.org/Stack_Smashing_Protector for a more detailed
+ * description.
+ */
diff --git a/sys/ssp/Makefile b/sys/ssp/Makefile
new file mode 100644
index 0000000000..48422e909a
--- /dev/null
+++ b/sys/ssp/Makefile
@@ -0,0 +1 @@
+include $(RIOTBASE)/Makefile.base
diff --git a/sys/ssp/Makefile.include b/sys/ssp/Makefile.include
new file mode 100644
index 0000000000..84104d594c
--- /dev/null
+++ b/sys/ssp/Makefile.include
@@ -0,0 +1,3 @@
+ifneq (,$(filter ssp,$(USEMODULE)))
+    CFLAGS += -fstack-protector
+endif
diff --git a/sys/ssp/ssp.c b/sys/ssp/ssp.c
new file mode 100644
index 0000000000..116032c40b
--- /dev/null
+++ b/sys/ssp/ssp.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2016 Kaspar Schleiser <kaspar@schleiser.de>
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @{
+ *
+ * @ingroup     sys
+ * @file
+ * @brief       Stack Smashing Protector (SSP) helper functions
+ *
+ * @author      Kaspar Schleiser <kaspar@schleiser.de>
+ *
+ * @}
+ */
+
+#include <stdint.h>
+
+#include "panic.h"
+
+/* this should be randomized for each build */
+#define STACK_CHK_GUARD 0x595e9fbd94fda766
+
+uintptr_t __stack_chk_guard = (uintptr_t) STACK_CHK_GUARD;
+
+__attribute__((noreturn)) void __stack_chk_fail(void)
+{
+    core_panic(PANIC_SSP, "ssp: stack smashing detected");
+}
-- 
GitLab