From 359acf7746e70e7e0ceddc75de08c59c167e2ab6 Mon Sep 17 00:00:00 2001
From: Varun Wadekar <vwadekar@nvidia.com>
Date: Sat, 16 May 2020 22:10:09 -0700
Subject: [PATCH] Tegra: enable stack protection

This patch sets ENABLE_STACK_PROTECTOR=strong and implements
the platform support to generate a stack protection canary value.

Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ia8afe464b5645917b1c77d49305d19c7cd01866a
---
 plat/nvidia/tegra/common/tegra_common.mk      |  5 ++++
 .../tegra/common/tegra_stack_protector.c      | 28 +++++++++++++++++++
 plat/nvidia/tegra/platform.mk                 |  3 ++
 3 files changed, 36 insertions(+)
 create mode 100644 plat/nvidia/tegra/common/tegra_stack_protector.c

diff --git a/plat/nvidia/tegra/common/tegra_common.mk b/plat/nvidia/tegra/common/tegra_common.mk
index c946a7597..79cc03ac9 100644
--- a/plat/nvidia/tegra/common/tegra_common.mk
+++ b/plat/nvidia/tegra/common/tegra_common.mk
@@ -1,5 +1,6 @@
 #
 # Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -32,3 +33,7 @@ BL31_SOURCES		+=	drivers/delay_timer/delay_timer.c		\
 				${COMMON_DIR}/tegra_platform.c			\
 				${COMMON_DIR}/tegra_pm.c			\
 				${COMMON_DIR}/tegra_sip_calls.c
+
+ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+BL31_SOURCES		+=	${COMMON_DIR}/tegra_stack_protector.c
+endif
diff --git a/plat/nvidia/tegra/common/tegra_stack_protector.c b/plat/nvidia/tegra/common/tegra_stack_protector.c
new file mode 100644
index 000000000..f6c459a8e
--- /dev/null
+++ b/plat/nvidia/tegra/common/tegra_stack_protector.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2020, NVIDIA Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdint.h>
+
+#include <arch_helpers.h>
+#include <lib/mmio.h>
+#include <plat/common/platform.h>
+#include <platform_def.h>
+
+u_register_t plat_get_stack_protector_canary(void)
+{
+	u_register_t seed;
+
+	/*
+	 * Ideally, a random number should be returned instead. As the
+	 * platform does not have any random number generator, this is
+	 * better than nothing, but not really secure.
+	 */
+	seed = mmio_read_32(TEGRA_MISC_BASE + HARDWARE_REVISION_OFFSET);
+	seed <<= 32;
+	seed |= mmio_read_32(TEGRA_TMRUS_BASE);
+
+	return seed ^ read_cntpct_el0();
+}
diff --git a/plat/nvidia/tegra/platform.mk b/plat/nvidia/tegra/platform.mk
index e03e1f37b..aedd3c6ff 100644
--- a/plat/nvidia/tegra/platform.mk
+++ b/plat/nvidia/tegra/platform.mk
@@ -49,6 +49,9 @@ ENABLE_TEGRA_WDT_LEGACY_FIQ_HANDLING	?= 0
 # Flag to allow relocation of BL32 image to TZDRAM during boot
 RELOCATE_BL32_IMAGE		?= 0
 
+# Enable stack protection
+ENABLE_STACK_PROTECTOR		:=	strong
+
 include plat/nvidia/tegra/common/tegra_common.mk
 include ${SOC_DIR}/platform_${TARGET_SOC}.mk