core: add stack overflow detection

This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler will insert entry and exit hooks in all
functions in the TEE core. On entry, the stack pointer is checked and
if an overflow is detected, panic() is called.

How is this helpful since we have stack canaries already?
 1. When a dead canary is found, the call stack will give no indication
of the root cause of the corruption which may have happened quite some
time before. Running the test case again with a debugger attached and a
watchpoint on the canary is not always an option.
 2. The system may corrupt the stack and hang in an exception handler
before the first canary check, for instance, during boot when the
temporary stack is used. This code will likely catch such issues, too.

The downside is increased stack usage and a significant runtime overhead
which is why this feature should be enabled only for troubleshooting.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

1 files changed, 7 insertions, 0 deletions

diff --git a/core/core.mk b/core/core.mk
index 52ce6885..7ac989be 100644
--- a/core/core.mk
+++ b/core/core.mk
@@ -40,6 +40,13 @@ cflags_kasan	+= -fsanitize=kernel-address \
 		   --param asan-instrumentation-with-call-threshold=0
 cflags$(sm)	+= $(cflags_kasan)
 endif
+ifeq ($(CFG_CORE_DEBUG_CHECK_STACKS),y)
+finstrument-functions := $(call cc-option,-finstrument-functions)
+ifeq (,$(finstrument-functions))
+$(error -finstrument-functions not supported)
+endif
+cflags$(sm) += $(finstrument-functions)
+endif
 ifeq ($(CFG_SYSCALL_FTRACE),y)
 cflags$(sm)	+= -pg
 endif