From patchwork Wed Dec 11 02:04:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13902748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6D79BE77182 for ; Wed, 11 Dec 2024 02:04:56 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.853577.1267010 (Exim 4.92) (envelope-from ) id 1tLC5f-00059P-UM; Wed, 11 Dec 2024 02:04:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 853577.1267010; Wed, 11 Dec 2024 02:04:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tLC5f-00057Z-Nq; Wed, 11 Dec 2024 02:04:39 +0000 Received: by outflank-mailman (input) for mailman id 853577; Wed, 11 Dec 2024 02:04:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tLC5f-0004a4-9a for xen-devel@lists.xenproject.org; Wed, 11 Dec 2024 02:04:39 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2060a.outbound.protection.outlook.com [2a01:111:f403:2607::60a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 460fbfa0-b764-11ef-a0d5-8be0dac302b0; Wed, 11 Dec 2024 03:04:37 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9365.eurprd03.prod.outlook.com (2603:10a6:20b:57d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.18; Wed, 11 Dec 2024 02:04:32 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8251.008; Wed, 11 Dec 2024 02:04:32 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 460fbfa0-b764-11ef-a0d5-8be0dac302b0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OT78h65K4E9xQWiZ7n65iJPNFV5XhFzfqBj/3omUeJ1E7tD5XIX/iESfZPfJgAhdPz3mNc3oD93nH+xpI4dsAWYjXZX826XXTRbrKTd0iqUDrLLuGKHpzFeljWh15O1yUIsD8PUKwhhMHzmlf0Dhx/yntGuiEEg+V1cKnI9avH9t6RiiBGo6tARkFEqaWwKBmruCaQ0vLeZxhV7XE9tAkSCATU5txi0EfEbso+YgpXMg6Jb762k8YOMd2+ar5ycPdPC17GyvnNJfmlzAK38T60J0krsOXvL8KnMTPdwlXndtWXqZ1t0z5rmJ5bHUC1mWPJbvc0YJKBuAXaBlqVbV6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pj/nhgXuxO2BrnIrOHAoc56dHIEuF1g5kUOJqX9YgsA=; b=jj/Yg9F6HmwqkQUL7de8jIcL0uvlOvloUL5Iwi55RDBK//mWk84i2NoTfEe+DWCG3Fto+E0O78Qy5aiHo215vd+R+Lxsu2QLSYBblOCy1xHaeRtAMJNxr4u9Vn5uW6KpJ+OoIzbzKU03jXm7dOJ7mBK/wOs/s8GDdDk0tTuceYUwBEpJK8h2iidsgloy5y7I5JIegWv+O6llB1pqXV+UYjVs3cpJPldGaCYxTXfCt/gTa7q1q/0PbUk+Ax+YUhCsboNSSQdInLkqGlQt1okTbFjqx+p4QqIx4rbxTnksL6DaL//aZLllwqUa4BFSyWXDHqdBON0vLKcCtuCpzQEePQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pj/nhgXuxO2BrnIrOHAoc56dHIEuF1g5kUOJqX9YgsA=; b=voZhMb8qzCJ/xuIwjPXo29EdKK3USyXGlLVRvi4HbLfS76lDjLS6pube1vTzaqyiRm2sCtVdx5p3E3JrW8KkQEXUCcGGJryKQziGxo0djoO27X+omimlfRBXiKZvtqxofwSxNN2k0O+4XFywx8sbERuW1gSx5COv6J+Cq/JPJX3O3It0UEb3C9wkqzFKyAPvKrx3Tjt+0l6lXSDNDFPCO3LO5i6Vt9sgTd0O65Bl1IwI6C8oEcOd1k2kmQ1LjgCaFxBrMA530BN5MJfTxsHYNBIucnqHIc9KXK786tD8pEXOrwjOOH/qsYUzQ1onNfTRT+ZnmYglk8ROOs+iOmqdgQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Jan Beulich , Julien Grall , Stefano Stabellini Subject: [PATCH v3 2/3] xen: common: add ability to enable stack protector Thread-Topic: [PATCH v3 2/3] xen: common: add ability to enable stack protector Thread-Index: AQHbS3ED5ZENsqu4Z0+AIfWfHmGdmQ== Date: Wed, 11 Dec 2024 02:04:30 +0000 Message-ID: <20241211020424.401614-3-volodymyr_babchuk@epam.com> References: <20241211020424.401614-1-volodymyr_babchuk@epam.com> In-Reply-To: <20241211020424.401614-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9365:EE_ x-ms-office365-filtering-correlation-id: 52bfae58-3baa-4e48-f333-08dd19882730 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?2zC2uVdISaqerX37xUCpuZ8SAc/0175?= =?utf-8?q?nzmomehcoLOo+nuzgE1jQcySZo7VPyUNOmlJpnUqTXAhQaTkhdH2wt+gsXIjodO2f?= =?utf-8?q?Dnt5xoos9e1ADsyWaAUWRf3w7nbJowi9p+lK7YlDgQhwNd/7AVsbyJiUEEqX58da+?= =?utf-8?q?JrauBKfzdww/mSSij0pefEpn/TkaW4azEx7lmc4X3vWlaoKIBtV8U8aQ9zP/NH/fo?= =?utf-8?q?yiRqz9xj+U/o/S6d87AgZGqnB2xGMWKUBC8zednOhah8/EdWnfa7fBxeq46jkMVdR?= =?utf-8?q?es3IFS5wafLEK29k1OvbLzSLi54LLqr5+SaC88kt09nnIgYzAvQI+z0X1B4RBjR8d?= =?utf-8?q?+WmpFQ2zHU7YQlAc84uIrH/Bc7+Wwnf6ejLZyKVaotam4g9OjqAKEvp5xHs2IBUTe?= =?utf-8?q?7W+rebPWycqNnSfn4rGhv/W7uCbsjrLfp1KBiVA1YTcgnfTECFqDWtGoADcVMV452?= =?utf-8?q?stS+ofgUpkUaoPnSOv+V/boZEnC7DhxRcUiOGIqylbQVv7R4oToypP0ZeOgIPy3Qd?= =?utf-8?q?CFxWHcXWRj4nlUHq1RrDNgwqFdrYdJJ6RZVvmrJ48sFLgOzrNOSRMaxzC54iu/BEc?= =?utf-8?q?HK58IExzipygkptdieq/iWNGDq1QQ+Z6Kb0R22BdMs8WunDPRPGKrXmDXkVdZeQig?= =?utf-8?q?OYxuu2CS9WqCDPETbytBJxszXAOEnmtnjOjCmnne2Y3ci+2j9Qt1+zIV2hW4lKBZQ?= =?utf-8?q?4dXwPJc3OUz/x7rK+KCWQ9G3+nN5YUOr6r+hZHSw+zNyOZlRMjU9Si9VQzId5rpZP?= =?utf-8?q?VWkoLpyhJnERKDREwSe7MeMSgNCzChIKH//UicZb0G8BuNTDnBFcekljR32KArXlF?= =?utf-8?q?5IPPYSFKUiRF+S3029mbOpKWiDfYZwocIfL78b8gOnNzqlzPIi+NE4cyeTnD7QGp2?= =?utf-8?q?DO5Z+mjKXtAVMrKndsKWIxKhLdQ5MTg14gXf+xjJVfso/Z0QFnh4jGaY+qRoHUiJI?= =?utf-8?q?xUvLAf8S2c8zQdjjdeX4zcCDbzhj/yGZppCp/70r7R8zWboJvwW/YhDWMv4+aMR4l?= =?utf-8?q?/Il0WdStWk14oit4JYjqjxhxX8DTKGUazxVaj/pGjqBwXNKoDtdxsTAE5//ZsKFXi?= =?utf-8?q?c1sBj0XL31Rr20+8LAph0dYTxu98dDiLeCUnJWpZUWo9kgjW/q87WcNzSnZS2n2of?= =?utf-8?q?9oDC6MD646YX0iSpbnmnUrj6W6KwUvGq+2IMi/WOiOEf7kD/IaMQgP+sB3aDNWCV2?= =?utf-8?q?zTdLLi0g2uJrlNORq6WO3dq/2iW4BF1ZQ9Pb3I+W8J6LvdDQeWjqReNXa9gRtY8xV?= =?utf-8?q?t4OvjK8OOppaOhAx//g31fKRpEgKWNS/Q9z3jjcyLzJ7qCVSNXZne2uP0VrCPPKzd?= =?utf-8?q?MiyjEAveQidUBcFe5t5b2I8TnIbxjhv2CA=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?nMBXr13SY2srg16owXQL60VC1JF8?= =?utf-8?q?MBrV4hy/0rAVrerSbbZF0ddd5OczqJqQYVeGrr2HC4ZGQYUVAHN7pWDw4vqo7lMcb?= =?utf-8?q?j4ks3dcmSQ093FLnjO2Hlkit3buFgTJuEhSnOPyucGYN9aWRh364/+/4tpsOsnGnV?= =?utf-8?q?7L+BYGqZL/lqHiw+YIDowgKUs77FQKCYepmBckhdJyqDMb4YZ6FNcR/hedlAdg/VW?= =?utf-8?q?hnB+WgQu4vfiVjm35wvFTLKVpvlokPqs4oBaet/npy5DzoVjb0Yn03UCoZoZl12ES?= =?utf-8?q?aiQ8IldLIy3ja7ublpgkVnu6FlOzDrVOoHgDqRs8zYW1BjQtiRKn1jVkJc2VwbcGD?= =?utf-8?q?qJovCoRn9eYAz2WO+8riet7NcGI7wMSDluLmT3WNTbGJRxyJ0OapBr2xS/NEAaq88?= =?utf-8?q?R8jKd4AkAXS8zKkqjKg+g0wy3c24Zqzuom7MxXp49QDDHMNHUpMSSVAu1+EIT7i0n?= =?utf-8?q?36iQz6TwNrDgeqM0/lzT8RZjAStfQM49oWzbk0ycLBAPGTHdyNA4gQVq/p9PnJq4G?= =?utf-8?q?wCLc+Yj6fuO8cbxcYiYE5YM3QF6iQZ1GNNZQ0k74FZqUylUx/pgEziLsdYcJhC4kk?= =?utf-8?q?Bvzl1SKrKhtZzIRtVtBvNpw0xNuP/e0hh49nQPfMxZ67C8CwFqksOobpi8Wytkmrx?= =?utf-8?q?EAMBnBkW4BAfW2aQgx85w2C4D3taxk29D1xw/uUYCxU9G0BF/NahXnjmVuv3sK67F?= =?utf-8?q?lfXN8QjDbvP70tJAcdIxuShEbZTusiS5ryJpIKr1P8mLjlS5FdIV3BJ7+Wgvudb54?= =?utf-8?q?myYKtImVAQ7E6eHOkDEtMtDrALeXiPflnDoUZ7doO81aDnLBIh/i4u8G9bXDvFVI4?= =?utf-8?q?B2rxn34UpQEVfdG3dYxQby02KSLe8EZasmqEW7LTvgAdz5uzfsyEfKYrOdmY6HoV7?= =?utf-8?q?9wRysAM/PtDcuq20ktvW9GgEFBgRYojsRkEhcASDfL3MbtUTPg2GTUmraEPXLcoq+?= =?utf-8?q?Zw2l3bpLTob6lVndwLO8OjpHw4Ky81tJDm4jYyez0Aq9nUHR2VYm6rq1eM8whqQDw?= =?utf-8?q?TNS0ZUcS9qUPIXe9MFLb7ETVRIvGy7Ym6dH5S0WWR5xqtomxUPFfPP+3ux5avbrqu?= =?utf-8?q?FmcHsQKxiOi0o7GV5Z9hDxgjSzIKgoWAbB/kmutrmmSeRNQ1GrB3FTijB4+qOJPx5?= =?utf-8?q?itg5cFXHLu2C9afhTIKVlxx0mlvknqja1AAbJc1a2s4/8ywRqRjeS4UAHsftIPRdF?= =?utf-8?q?rU7OoBo588L2ElcT847rQis9m9+sZpvoajGnzyt9/p7cskZry4cKIAKqhin5LDfgR?= =?utf-8?q?DijRiTeFqGj367AdN16aZkjGt2rjq4WYRA7fLML6WWeADUgwIr0QvlYESKXXrnuCd?= =?utf-8?q?PqWyteymOAXFZzk+P5UTopm6k5U1g2mUzhKgHxmW9RGNarXlKQb4hVYytcxU/e1xZ?= =?utf-8?q?+7ERtw/BzrbL22yt3q2BSNXGHUMfm7/B/AEl2c+isYjHnTwLu543kUFA3HBpxNS05?= =?utf-8?q?nfCfPcblovBkJE1O1FGHI5XR+wwsHS3xF3o7yPAY7tyUxzd6qqgYXU3QRcsSkZjMT?= =?utf-8?q?VN0U3wdOnV1pO9EyQfGExzruFBrmIjPvGg=3D=3D?= Content-ID: <549BB8EE78CD0E44856ABAF33634CF3D@eurprd03.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52bfae58-3baa-4e48-f333-08dd19882730 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2024 02:04:30.6083 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: und5uM0Y6qfmy3kFhAOaLA9gHjBVUXlMDrlOS+vGfshN3Oq4ZaX+4xv7sbS8L4ooynsDL9zxC7aB33VeiLtD7EqLE87kLpWA7qV0Pg0r9/Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9365 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Stack guard value is initialized in three phases: 1. Pre-defined randomly-selected value. 2. Early use of linear congruent random number generator. It relies on get_cycles() being available very early. If get_cycles() returns zero, it would leave pre-defined value from the previous step. Even when get_cycles() is available, it's return value may be easily predicted, especially on embedded systems, where boot time is quite consistent. 3. After hypervisor is sufficiently initialized, stack guard can be set-up with get_random() function, which is expected to provide better randomness. Also this patch adds comment to asm-generic/random.h about stack protector dependency on it. Signed-off-by: Volodymyr Babchuk --- Changes in v3: - Fixed coding style in stack-protector.h - Extended panic() message - Included missed random.h - Renamed Kconfig option - Used Andrew's suggestion for the Kconfig help text - Added "asmlinkage" attribute to __stack_chk_fail() to make Eclair happy - Initial stack guard value is random - Added LCG to generate stack guard value at early boot stages - Added comment to asm-generic/random.h about dependencies - Extended the commit message Changes in v2: - Moved changes to EMBEDDED_EXTRA_CFLAGS into separate patch - Renamed stack_protector.c to stack-protector.c - Renamed stack_protector.h to stack-protector.h - Removed #ifdef CONFIG_X86 in stack-protector.h - Updated comment in stack-protector.h (also, we can't call boot_stack_chk_guard_setup() from asm code in general case, because it calls get_random() and get_random() may depend in per_cpu infrastructure, which is initialized later) - Fixed coding style - Moved CONFIG_STACK_PROTECTOR into newly added "Compiler options" submenu - Marked __stack_chk_guard as __ro_after_init --- xen/Makefile | 4 +++ xen/common/Kconfig | 15 ++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 47 +++++++++++++++++++++++++++++++ xen/include/asm-generic/random.h | 5 ++++ xen/include/xen/stack-protector.h | 30 ++++++++++++++++++++ 6 files changed, 102 insertions(+) create mode 100644 xen/common/stack-protector.c create mode 100644 xen/include/xen/stack-protector.h diff --git a/xen/Makefile b/xen/Makefile index 34ed8c0fc7..0de0101fd0 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -432,7 +432,11 @@ else CFLAGS_UBSAN := endif +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS += -fstack-protector +else CFLAGS += -fno-stack-protector +endif ifeq ($(CONFIG_LTO),y) CFLAGS += -flto diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 90268d9249..5676339a66 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -86,6 +86,9 @@ config HAS_UBSAN config HAS_VMAP bool +config HAS_STACK_PROTECTOR + bool + config MEM_ACCESS_ALWAYS_ON bool @@ -213,6 +216,18 @@ config SPECULATIVE_HARDEN_LOCK endmenu +menu "Compiler options" + +config STACK_PROTECTOR + bool "Stack protector" + depends on HAS_STACK_PROTECTOR + help + Enable the Stack Protector compiler hardening option. This inserts a + canary value in the stack frame of functions, and performs an integrity + check on exit. + +endmenu + config DIT_DEFAULT bool "Data Independent Timing default" depends on HAS_DIT diff --git a/xen/common/Makefile b/xen/common/Makefile index b279b09bfb..ceb5b2f32b 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -45,6 +45,7 @@ obj-y += shutdown.o obj-y += softirq.o obj-y += smp.o obj-y += spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o obj-y += stop_machine.o obj-y += symbols.o obj-y += tasklet.o diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c new file mode 100644 index 0000000000..922511555f --- /dev/null +++ b/xen/common/stack-protector.c @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include +#include +#include + +/* + * Initial value is chosen by a fair dice roll. + * It will be updated during boot process. + */ +#if BITS_PER_LONG == 32 +unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL; +#else +unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL; +#endif + +/* This function should be called from ASM only */ +void __init asmlinkage boot_stack_chk_guard_setup_early(void) +{ + /* + * Linear congruent generator (X_n+1 = X_n * a + c). + * + * Constant is taken from "Tables Of Linear Congruential + * Generators Of Different Sizes And Good Lattice Structure" by + * Pierre L’Ecuyer. + */ +#if BITS_PER_LONG == 32 + const unsigned long a = 2891336453UL; +#else + const unsigned long a = 2862933555777941757UL; +#endif + const unsigned long c = 1; + + unsigned long cycles = get_cycles(); + + /* Use the initial value if we can't generate random one */ + if ( !cycles ) + return; + + __stack_chk_guard = cycles * a + c; +} + +void asmlinkage __stack_chk_fail(void) +{ + panic("Stack Protector integrity violation identified in %ps\n", + __builtin_return_address(0)); +} diff --git a/xen/include/asm-generic/random.h b/xen/include/asm-generic/random.h index d0d35dd217..7f6d8790c4 100644 --- a/xen/include/asm-generic/random.h +++ b/xen/include/asm-generic/random.h @@ -2,6 +2,11 @@ #ifndef __ASM_GENERIC_RANDOM_H__ #define __ASM_GENERIC_RANDOM_H__ +/* + * When implementing arch_get_random(), please make sure that + * it can provide random data before stack protector is initialized + * (i.e. before boot_stack_chk_guard_setup() is called). + */ static inline unsigned int arch_get_random(void) { return 0; diff --git a/xen/include/xen/stack-protector.h b/xen/include/xen/stack-protector.h new file mode 100644 index 0000000000..bd324d9003 --- /dev/null +++ b/xen/include/xen/stack-protector.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef XEN__STACK_PROTECTOR_H +#define XEN__STACK_PROTECTOR_H + +#ifdef CONFIG_STACK_PROTECTOR + +#include + +extern unsigned long __stack_chk_guard; + +/* + * This function should be always inlined. Also it should be called + * from a function that never returns or a function that has + * stack-protector disabled. + */ +static always_inline void boot_stack_chk_guard_setup(void) +{ + __stack_chk_guard = get_random(); + if (BITS_PER_LONG == 64) + __stack_chk_guard |= ((unsigned long)get_random()) << 32; +} + +#else + +static inline void boot_stack_chk_guard_setup(void) {} + +#endif /* CONFIG_STACK_PROTECTOR */ + +#endif /* XEN__STACK_PROTECTOR_H */