MdePkg: Add StackCheckLib Library Class

StackCheckLib defines the interface between a compiler
and the stack checking code. It is being converted from
a NULL library class to an actual library class to make
it easier to use for a platform and be easier to define
the expected interface with a compiler, so if there is
a compiler change it can be tracked and caught.

Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>

MdePkg/Include/Library/StackCheckLib.h

@@ -0,0 +1,78 @@
+/** @file
+  This library provides stack cookie checking functions for symbols inserted by the compiler. This header
+  is not intended to be used directly by modules, but rather defines the expected interfaces to each supported
+  compiler, so that if the compiler interface is updated it is easier to track.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef STACK_CHECK_LIB_H_
+#define STACK_CHECK_LIB_H_
+
+#include <Base.h>
+
+#if defined (__GNUC__) || defined (__clang__)
+
+// The __stack_chk_guard is a random value placed on the stack between the stack variables
+// and the return address so that continuously writing past the stack variables will cause
+// the stack cookie to be overwritten. Before the function returns, the stack cookie value
+// will be checked and if there is a mismatch then StackCheckLib handles the failure.
+extern VOID  *__stack_chk_guard;
+
+/**
+  Called when a stack cookie check fails. The return address is the failing address.
+
+**/
+VOID
+EFIAPI
+__stack_chk_fail (
+  VOID
+  );
+
+#elif defined (_MSC_VER)
+
+// The __security_cookie is a random value placed on the stack between the stack variables
+// and the return address so that continuously writing past the stack variables will cause
+// the stack cookie to be overwritten. Before the function returns, the stack cookie value
+// will be checked and if there is a mismatch then StackCheckLib handles the failure.
+extern VOID  *__security_cookie;
+
+/**
+  Called when a buffer check fails. This functionality is dependent on MSVC
+  C runtime libraries and so is unsupported in UEFI.
+
+**/
+VOID
+EFIAPI
+__report_rangecheckfailure (
+  VOID
+  );
+
+/**
+   The GS handler is for checking the stack cookie during SEH or
+   EH exceptions and is unsupported in UEFI.
+
+**/
+VOID
+EFIAPI
+__GSHandlerCheck (
+  VOID
+  );
+
+/**
+   Checks the stack cookie value against __security_cookie and calls the
+   stack cookie failure handler if there is a mismatch.
+
+   @param UINTN  CheckValue The value to check against __security_cookie
+
+**/
+VOID
+EFIAPI
+__security_check_cookie (
+  UINTN  CheckValue
+  );
+
+#endif // Compiler type
+
+#endif // STACK_CHECK_LIB_H_

MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c

@@ -10,6 +10,7 @@
 
 #include <Library/DebugLib.h>
 #include <Library/BaseLib.h>
+#include <Library/StackCheckLib.h>
 #include <Library/StackCheckFailureHookLib.h>
 
 /**
@@ -28,6 +29,7 @@ VOID  *__stack_chk_guard = (VOID *)(UINTN)STACK_COOKIE_VALUE;
 
 **/
 VOID
+EFIAPI
 __stack_chk_fail (
   VOID
   )

MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c

@@ -10,6 +10,7 @@
 
 #include <Library/DebugLib.h>
 #include <Library/BaseLib.h>
+#include <Library/StackCheckLib.h>
 #include <Library/StackCheckFailureHookLib.h>
 
 /**

MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c

@@ -6,6 +6,7 @@
 **/
 
 #include <Uefi.h>
+#include <Library/StackCheckLib.h>
 
 VOID  *__stack_chk_guard = (VOID *)(UINTN)0x0;
 

MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c

@@ -6,5 +6,6 @@
 **/
 
 #include <Uefi.h>
+#include <Library/StackCheckLib.h>
 
 VOID  *__security_cookie = (VOID *)(UINTN)0x0;

MdePkg/MdePkg.dec

@@ -308,6 +308,10 @@
   #
   StackCheckFailureHookLib|Include/Library/StackCheckFailureHookLib.h
 
+  ##  @libraryclass  Provides stack cookie checking functionality
+  #
+  StackCheckLib|Include/Library/StackCheckLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
   ##  @libraryclass  Provides services to generate random number.
   #