Skip to content

Replace constant stack canary with per-task random #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 20, 2025
Merged

Replace constant stack canary with per-task random #46

merged 1 commit into from
Nov 20, 2025
+23 −10

Conversation

@jserv
Copy link
Contributor

@jserv jserv commented Nov 20, 2025
edited by cubic-dev-ai bot
Loading

This commit replaces fixed STACK_CANARY (0x33333333U) with per-task random canary generated using xorshift32 PRNG. This prevents trivial canary forgery attacks and significantly improves stack overflow detection.

The xorshift32 PRNG provides sufficient entropy for embedded systems without MMU/MPU support. Future enhancements can improve PRNG seeding with hardware entropy sources.

Close #8

Summary by cubic

Replaced the fixed stack canary with a per-task random canary to harden stack overflow detection and prevent trivial forgery. Each task gets its own canary from a lightweight xorshift32 PRNG seeded at boot with hardware entropy.

  • New Features
    • Added tcb.canary; wrote it to both ends of each task’s stack.
    • Generated canary via random() with hardware-entropy seeding; fallback to 0xDEADBEEF if zero.
    • Updated stack check to validate against the task’s canary and print expected value.

Written for commit 4a8087c. Summary will update automatically on new commits.

cubic-dev-ai[bot]

This comment was marked as resolved.

Sign in to view

@jserv
Replace constant stack canary with per-task random
4a8087c 
This commit replaces fixed STACK_CANARY (0x33333333U) with per-task
random canary generated using xorshift32 PRNG. This prevents trivial
canary forgery attacks and significantly improves stack overflow
detection.

The xorshift32 PRNG provides sufficient entropy for embedded systems
without MMU/MPU support. Future enhancements can improve PRNG seeding
with hardware entropy sources.

Close #8
@sysprog21 sysprog21 deleted a comment from github-actions bot Nov 20, 2025
@github-actions
Copy link

github-actions bot commented Nov 20, 2025

Linmo CI Test Results

Overall Status: ✅ passed
Timestamp: 2025-11-20T04:33:51+00:00

Toolchain Results

Toolchain Build Crash Test Functional
GNU ✅ passed ✅ passed ✅ passed
LLVM ✅ passed ⏭️ skipped ⏭️ skipped

Application Tests

App GNU LLVM
cond ✅ passed ⏭️ skipped
coop ✅ passed ⏭️ skipped
cpubench ✅ passed ⏭️ skipped
echo ✅ passed ⏭️ skipped
hello ✅ passed ⏭️ skipped
mqueues ✅ passed ⏭️ skipped
mutex ✅ passed ⏭️ skipped
pipes ✅ passed ⏭️ skipped
pipes_small ✅ passed ⏭️ skipped
pipes_struct ✅ passed ⏭️ skipped
prodcons ✅ passed ⏭️ skipped
progress ✅ passed ⏭️ skipped
rtsched ✅ passed ⏭️ skipped
semaphore ✅ passed ⏭️ skipped
suspend ✅ passed ⏭️ skipped
test64 ✅ passed ⏭️ skipped
test_libc ✅ passed ⏭️ skipped
timer ✅ passed ⏭️ skipped
timer_kill ✅ passed ⏭️ skipped

Functional Test Details

Test GNU LLVM
mutex:data_consistency ✅ passed ⏭️ skipped
mutex:fairness ✅ passed ⏭️ skipped
mutex:mutual_exclusion ✅ passed ⏭️ skipped
mutex:overall ✅ passed ⏭️ skipped
semaphore:overall ✅ passed ⏭️ skipped

Report generated from test-summary.toml

@jserv jserv merged commit 3a3de1c into main Nov 20, 2025
4 checks passed
@jserv jserv deleted the stack-canary branch November 20, 2025 04:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fixed stack canary causes potential security issue

2 participants

@jserv