Skip to content

Commit

Permalink
Swap Out Stack Cookie Libraries with New Versions
Browse files Browse the repository at this point in the history 
Description

This update replaces StackCheckLib with StackCheckLibStaticInit and
StackCheckLibDynamicInit. The new libraries have GCC support for ARM,
AARCH64, IA32 and X64 builds. The libraries have MSVC support for IA32
and X64 builds.

This update also removes the stack cookie library definitions from
MdeLibs.dsc.inc due to GCC build issues when the instanced versions are
used during CI builds. The instanced versions will need to be explicitly
added to the platform DSC files, and this is acceptable because
platforms will likely want to mix and match the static and dynamic
versions of the library for each module type.

- [x] Impacts functionality?
  - **Functionality** - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [ ] Impacts security?
  - **Security** - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [x] Breaking change?
  - **Breaking change** - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
  - **Documentation** - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...

How This Was Tested

Tested on MSVC and GCC builds of Q35 and a GCC build of SBSA
by purposefully corrupting the stack.

Integration Instructions

Platforms which used MdeLibs.dsc.inc to get the stack cookie library
defintions in their platform DSC files will need to explicitly declare
them.
  • Loading branch information
@TaylorBeebe
TaylorBeebe committed Feb 10, 2024
1 parent eebf7ad commit 3636c45
Show file tree
Hide file tree
Showing 14 changed files with 28 additions and 143 deletions.
4 changes: 3 additions & 1 deletion CryptoPkg/CryptoPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@
TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
HashApiLib|CryptoPkg/Library/BaseHashApiLib/BaseHashApiLib.inf
RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support


##MSCHANGE Begin
FltUsedLib|MdePkg/Library/FltUsedLib/FltUsedLib.inf
Expand Down Expand Up @@ -94,7 +96,7 @@
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf

# Add support for stack protector
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[LibraryClasses.common.PEIM]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
Expand Down
4 changes: 3 additions & 1 deletion MdeModulePkg/MdeModulePkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@

PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE

NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

# MU_CHANGE START Include MemoryProtectionHobLib
[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION]
DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf
Expand Down Expand Up @@ -235,7 +237,7 @@
# Since software stack checking may be heuristically enabled by the compiler
# include BaseStackCheckLib unconditionally.
#
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[LibraryClasses.EBC, LibraryClasses.RISCV64, LibraryClasses.LOONGARCH64]
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
Expand Down
48 changes: 0 additions & 48 deletions MdePkg/Library/StackCheckLib/StackCheckLib.c
View file

This file was deleted.

40 changes: 0 additions & 40 deletions MdePkg/Library/StackCheckLib/StackCheckLib.inf
View file

This file was deleted.

7 changes: 0 additions & 7 deletions MdePkg/MdeLibs.dsc.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,3 @@
RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf
SmmCpuRendezvousLib|MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf

# MU_CHANGE [BEGIN] - Add Stack Cookie Support
[LibraryClasses.X64.SEC, LibraryClasses.X64.PEIM, LibraryClasses.X64.PEI_CORE, LibraryClasses.X64.SMM_CORE, LibraryClasses.X64.DXE_SMM_DRIVER, LibraryClasses.X64.MM_CORE_STANDALONE, LibraryClasses.X64.MM_STANDALONE, LibraryClasses.X64.DXE_CORE, LibraryClasses.X64.DXE_DRIVER, LibraryClasses.X64.DXE_RUNTIME_DRIVER, LibraryClasses.X64.DXE_SAL_DRIVER, LibraryClasses.X64.UEFI_DRIVER, LibraryClasses.X64.UEFI_APPLICATION]
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
NULL|MdePkg/Library/StackCheckLib/StackCheckLib.inf
StackCheckFailureLib|MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf
# MU_CHANGE [END] - Add Stack Cookie Support
18 changes: 7 additions & 11 deletions MdePkg/MdePkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

[LibraryClasses]
SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[Components]
MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
Expand Down Expand Up @@ -138,7 +139,11 @@
MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
MdePkg/Library/SmmCpuRendezvousLibNull/SmmCpuRendezvousLibNull.inf

MdePkg/Library/BaseMmuLibNull/BaseMmuLibNull.inf ## MU_CHANGE
MdePkg/Library/BaseMmuLibNull/BaseMmuLibNull.inf ## MU_CHANGE
MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf ## MU_CHANGE
MdePkg/Library/StackCheckLib/StackCheckLibDynamicInit.inf ## MU_CHANGE
MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf ## MU_CHANGE
MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf ## MU_CHANGE

[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
#
Expand Down Expand Up @@ -186,15 +191,6 @@
MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
MdePkg/Library/TdxLib/TdxLib.inf

# MU_CHANGE [BEGIN] - Stack Cookie Support
[Components.X64]
MdePkg/Library/StackCheckLib/StackCheckLib.inf
MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf
MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
# MU_CHANGE [END] - Add Stack Cookie Support



# MS_CHANGE Begin
!if $(TOOLCHAIN) == VS2017 or $(TOOLCHAIN) == VS2019 or $(TOOLCHAIN) == VS2022
[Components.IA32]
Expand All @@ -208,7 +204,7 @@

[Components.ARM, Components.AARCH64]
MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicArmVirt.inf
MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib
MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf #MU_CHANGE - Add moved module

[Components.RISCV64]
Expand Down
7 changes: 2 additions & 5 deletions NetworkPkg/NetworkPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@
DEFINE NETWORK_ISCSI_ENABLE = TRUE

!include MdePkg/MdeLibs.dsc.inc
## MU_CHANGE Begin
[LibraryClasses.ARM, LibraryClasses.AARCH64]
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
## MU_CHANGE End

[LibraryClasses]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
Expand Down Expand Up @@ -58,6 +54,7 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.common.UEFI_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
Expand All @@ -80,7 +77,7 @@
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf
!endif
# MU_CHANGE End
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib
#ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf # MU_CHANGE

[LibraryClasses.ARM]
Expand Down
15 changes: 2 additions & 13 deletions NetworkPkg/SharedNetworking/SharedNetworkPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,6 @@
NETWORK_SNP_ENABLE = TRUE
!include NetworkPkg/NetworkDefines.dsc.inc


## MU_CHANGE Begin
[LibraryClasses.ARM, LibraryClasses.AARCH64]
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
## MU_CHANGE End

[LibraryClasses]
!include NetworkPkg/NetworkLibs.dsc.inc
DebugLib|MdePkg/Library/UefiDebugLibDebugPortProtocol/UefiDebugLibDebugPortProtocol.inf
Expand Down Expand Up @@ -66,6 +60,7 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER]
# Common\MU_TIANO\CryptoPkg\Library\BaseCryptLibOnProtocolPpi\DxeCryptLib.inf
Expand All @@ -80,12 +75,6 @@
BaseCryptLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf
TlsLib|CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.inf

# MU_CHANGE [BEGIN] - Add Stack Cookie Support
[LibraryClasses.X64]
NULL|MdePkg/Library/StackCheckLib/StackCheckLib.inf
StackCheckFailureLib|MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf
# MU_CHANGE [END] - Add Stack Cookie Support

[LibraryClasses.DXE_RUNTIME_DRIVER, LibraryClasses.DXE_CORE]
DebugLib|MdePkg/Library/UefiDebugLibDebugPortProtocol/UefiDebugLibDebugPortProtocol.inf
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
Expand Down Expand Up @@ -126,7 +115,7 @@
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf # MU_CHANGE
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf # while building with MSVC, we can't process the s files
!endif
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib
# ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf # MU_CHANGE


Expand Down
1 change: 1 addition & 0 deletions PcAtChipsetPkg/PcAtChipsetPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf # MU_CHANGE
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[Components]
PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf
Expand Down
9 changes: 2 additions & 7 deletions PolicyServicePkg/PolicyServicePkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,11 @@
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf

# MU_CHANGE [BEGIN] - Add Stack Cookie Support
[LibraryClasses.X64]
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
NULL|MdePkg/Library/StackCheckLib/StackCheckLib.inf
StackCheckFailureLib|MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf
# MU_CHANGE [END] - Add Stack Cookie Support
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.ARM, LibraryClasses.AARCH64]
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[LibraryClasses.common.PEIM]
MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
Expand Down
3 changes: 2 additions & 1 deletion ShellPkg/ShellPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf

SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf # MU_CHANGE - CodeQL change
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.ARM,LibraryClasses.AARCH64]
#
Expand All @@ -79,7 +80,7 @@
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf # MU_CHANGE

# Add support for GCC stack protector
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[PcdsFixedAtBuild]
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF
Expand Down
3 changes: 2 additions & 1 deletion StandaloneMmPkg/StandaloneMmPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
VariableMmDependency|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
MmuLib|MdePkg/Library/BaseMmuLibNull/BaseMmuLibNull.inf # MU_CHANGE
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.X64] # MU_CHANGE
StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf # MU_CHANGE
Expand All @@ -86,7 +87,7 @@
#NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf
# MU_CHANGE [END]
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[LibraryClasses.common.MM_CORE_STANDALONE]
HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
Expand Down
3 changes: 2 additions & 1 deletion UefiCpuPkg/UefiCpuPkg.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
#
#NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
NULL|MdePkg/Library/CompilerIntrinsicsLib/ArmCompilerIntrinsicsLib.inf
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib
## MU_CHANGE End

[LibraryClasses]
Expand Down Expand Up @@ -87,6 +87,7 @@
DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf

PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf # MU_CHANGE
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support
[LibraryClasses.X64, LibraryClasses.IA32]
HwResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf
##MSCHANGE End
Expand Down
9 changes: 2 additions & 7 deletions UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,7 @@

UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf

# MU_CHANGE [BEGIN] - Add Stack Cookie Support
[LibraryClasses.X64]
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
NULL|MdePkg/Library/StackCheckLib/StackCheckLib.inf
StackCheckFailureLib|MdePkg/Library/StackCheckFailureLib/StackCheckFailureLib.inf
# MU_CHANGE [END] - Add Stack Cookie Support
NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support

[LibraryClasses.ARM, LibraryClasses.AARCH64]
#
Expand All @@ -49,7 +44,7 @@
# Since software stack checking may be heuristically enabled by the compiler
# include BaseStackCheckLib unconditionally.
#
NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
# NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf # MU_CHANGE: Use Project Mu StackCheckLib

[LibraryClasses.common.PEIM]
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
Expand Down

0 comments on commit 3636c45

Please sign in to comment.