-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QEMUv7: PKCS#11 TA crash with Clang 18.1.7 #7047
Comments
@jforissier Interesting that we're encountering this issue when the function is defined with the noreturn attribute. It appears that Clang 18 has decided to also check the stack canary for noreturn functions. In Linux user space, the dynamic linker (ld.so) typically initializes __stack_chk_guard with a random value during the program's startup phase, before any user code runs. So one approach is to generate a random stack canary value and populate this symbol in OPTEE's ldelf, but this seems complicated. Your proposed solution looks okay. In fact, in the Linux kernel, they initialize the kernel stack canary in a similar way (see start_kernel() in Linux source code); start_kernel() also sets __no_stack_protector. Do we support the attribute((constructor)) or static initializers yet? If so, then maybe this would be a good point to set up the __stack_chk_guard value before entering the TA entry point. It would make sense to do this in ldelf. |
I agree.
Sounds good. Thanks for the link.
We do support Thanks for your advice. I will create a PR with a proposed fix. |
Apply the __no_stack_protector attribute to the first C function called following the TA entry point (i.e., __ta_entry(), or for the special case of ARM32, __ta_entry_c()). This is required because __stack_chk_guard is initialized in this very function, therefore stack protection cannot be assumed to be functional at this point. Fixes a TA crash on QEMUv7 with Clang 18.1.7 [1]. Link: OP-TEE#7047 [1] Signed-off-by: Jerome Forissier <[email protected]>
Platform is QEMUv7. OP-TEE and TAs are built with Clang 18.1.7. The PKCS#11 TA crashes upon first call to
__ta_entry()
with a stack check error. No issue observed with GCC or Clang 12.0.0 (downloaded withmake clang-toolchains
), or with QEMUv8.Details and how to reproduce:
The make check command ends with:
Crash info from the log file:
I believe the code that sets
__stack_chck_guard
is incorrect. That variable is supposed to be reserved by the compiler implementation and therefore it is undefined behavior to touch it in C code. The following patch fixes the issue but I am not sure it is the way to go (we would still want to initialize the stack check value to some true random sequence I suppose):@maximus64 what do you think?
The text was updated successfully, but these errors were encountered: