From patchwork Fri Nov 22 21:07:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13883614 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3D908E69193 for ; Fri, 22 Nov 2024 21:08:08 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.842002.1257463 (Exim 4.92) (envelope-from ) id 1tEasR-0007BX-OC; Fri, 22 Nov 2024 21:07:43 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 842002.1257463; Fri, 22 Nov 2024 21:07:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasR-0007BQ-Kw; Fri, 22 Nov 2024 21:07:43 +0000 Received: by outflank-mailman (input) for mailman id 842002; Fri, 22 Nov 2024 21:07:42 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasQ-0006xA-Cp for xen-devel@lists.xenproject.org; Fri, 22 Nov 2024 21:07:42 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20624.outbound.protection.outlook.com [2a01:111:f403:2614::624]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id cded252b-a915-11ef-a0cc-8be0dac302b0; Fri, 22 Nov 2024 22:07:38 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PAWPR03MB9738.eurprd03.prod.outlook.com (2603:10a6:102:2ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.20; Fri, 22 Nov 2024 21:07:33 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8182.016; Fri, 22 Nov 2024 21:07:33 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cded252b-a915-11ef-a0cc-8be0dac302b0 X-Custom-Connection: eyJyZW1vdGVpcCI6IjJhMDE6MTExOmY0MDM6MjYxNDo6NjI0IiwiaGVsbyI6IkVVUjA1LURCOC1vYmUub3V0Ym91bmQucHJvdGVjdGlvbi5vdXRsb29rLmNvbSJ9 X-Custom-Transaction: eyJpZCI6ImNkZWQyNTJiLWE5MTUtMTFlZi1hMGNjLThiZTBkYWMzMDJiMCIsInRzIjoxNzMyMzA5NjU4LjcxODkwMiwic2VuZGVyIjoidm9sb2R5bXlyX2JhYmNodWtAZXBhbS5jb20iLCJyZWNpcGllbnQiOiJ4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcifQ== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KOhZIL40V/Nn3Nr8jf7dyQjk78wYeb7xRrCxGc/tHb3ui5uRjtOmc1Mno5oZBuCQugk1pomgajMBOZJHTkFExDDjNXZNiTLBq4yPFC5eNg/gR/aH6MnVBbbs0hc8yVOmNRd0bQobbBJfdE786Gb5HUBdPNtaTg5AfnQlOdxAu0upPLbpAauHZbTlVHHp9Y5SOrLeb441Jfkx4yQ8R0yHaLiuEpYqbsNx501ju9fkbpI9Z1cOIaT9D1212Fy4AmRPwLtVbVdN6Tj6QwfQ632bc7a7+P5pHOX4JDHSFdICpvjFk6gjxvQB5xs22DNp7ZHIf2GfTQ+amCHCaFul42ZjzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FNlNjXvfJVm1fbN8Mlag5X39oGFDKabRNL8lFdyjINQ=; b=ETfWokfsftBTMWlAP2/XzVckgU0HSJ+jX7Lm02TZhCrgq6flzj+s/R0qUfRiyJADrMk9Em8VAgzbDbxrvJ27hFXn2oSdqnhwlxTrR3cTkFrOdYsEQ0Q6zmk9oyvhzBD2pG0WRLroeXyIehvhrcMswsuMSZftbvX2tB45V9E89YqoPDEAW0uIGaPbUFVq5qYRfVZvCGyOn5L74TZTZOVfAUVlomLTat4Fvl0sU7rvUf0ki3EEoeowTlItbRzo4TuiADcBAM+UMQHz/xZRWACBpooEUAzIi8uadYd+x2nRf1y6zsJVdZVwmPKATL7h3904H6GMUcYYNkd4tim0csu7uw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FNlNjXvfJVm1fbN8Mlag5X39oGFDKabRNL8lFdyjINQ=; b=DMMeYNkOxbZ63EYB8U867/Ri28w2iqf4yLgi9C6wnY+3OGD6qda4OZh5YHmOOM8XjkZ6Dn5hFN5ZYh42WGCzGrxQwJNCsB56TWKkXnDVDLiQSruAR37IAMlHlI7i7wlIfa+FMzPCY/1vtBqE8Ry7PhYv9QzXDLg+bo0IRdxzXOyWGlikqnZQ+ep1AL8cXbRueeKZEoLey16nG6Pi05BnEEpDxlonkUyxAB2DH4PhGhZZXidj4ryXEoFLH9fp9MQmTkpZ3c/S3uP0XndDuSvQZaLbdRws8IspzR6tT00uzhpwpoj/OkT3gV3/n2eNTvXE/CVzL5DtYRGdKRrcCYFAng== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Jan Beulich , Julien Grall , Stefano Stabellini , Anthony PERARD , Samuel Thibault , =?iso-8859-1?q?Roger_Pau_Mo?= =?iso-8859-1?q?nn=E9?= Subject: [PATCH 1/3] xen: common: add ability to enable stack protector Thread-Topic: [PATCH 1/3] xen: common: add ability to enable stack protector Thread-Index: AQHbPSKKCRg4722UIUuMGLA9PEEyZg== Date: Fri, 22 Nov 2024 21:07:29 +0000 Message-ID: <20241122210719.2572072-2-volodymyr_babchuk@epam.com> References: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> In-Reply-To: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PAWPR03MB9738:EE_ x-ms-office365-filtering-correlation-id: b0bbdf27-da14-4f83-6faa-08dd0b39af00 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?DKQUg+TzQpo7IG5DnsdqPQbmPA?= =?iso-8859-1?q?+uelJ8+lUk/CUrhsgqFveQlfih7HiyumJ7a7+WAvqr/PlW83ZNsCRwpeluSw?= =?iso-8859-1?q?R7tcyW53Wi4ZU/+pe/6olSpTnbTZsOFxUqSsj8889gcYw9auQPozOjTQUriM?= =?iso-8859-1?q?KwIPfp/im/gn51yXHt2F89dR2t7JX3KtJDTWzP9t59lRRGuzlUdyZj6fxfLv?= =?iso-8859-1?q?7uhoG8LSVCzZ5J+2gYSqMQDBhop1sfsIxrPWJHNjb/TObyfYW03jly3Llm9Z?= =?iso-8859-1?q?+PXecGdp1PrfsLT6e1n1DEblOT89yeyT6AcBBTNFNzop28ukPf6p28XbF7JN?= =?iso-8859-1?q?PdP6VImyvI59Edmuxxo5Fj4SrChCQWZXzEYMc46tT6EkePVNxOaj55UMCdg7?= =?iso-8859-1?q?XoMNrD5JX2vDKGzkym0ux8hZORVDjNPdKbGMwTaYGwUWxIEpLkLBpMoV2W7a?= =?iso-8859-1?q?j6wAZS42Q3bcm4uT9Wyh7FLvDor26veWeQiUlCgYgNAuDsdzMbbdgeOi6jh8?= =?iso-8859-1?q?cBJawE0/074oqRhnbJzSWrX/vt5jY3TfiG8aqj7JN7nRHmWVqzHELJmXS2Pu?= =?iso-8859-1?q?E97hzT2Kbgq/QvKGsqEtoTwHye/P3bJ2i2OpZQHND0JbQ+PPtG1BvI9TufRL?= =?iso-8859-1?q?1tcD4VaJ6J93HeMocA26fLaCZaGlm7AnxTmJdZNIej+T/MNRkbgw9TPS2pwL?= =?iso-8859-1?q?T9lUD6QGEztigrb6sqPU1CCJCZALF29ErlsMwifE/CzuKt7f4vrV9eyM3mft?= =?iso-8859-1?q?cMYs7t5N8/h1NR2RiECxNvtd9eFh21W0FYJDg7+y/qEBhpgbq+uKB3IBFMxj?= =?iso-8859-1?q?XkQjUoPO/nZPVBbnwSSNNvIZXjCK84hk6bNuYYGPszqp8veJ+Uxbnqb5h8Ca?= =?iso-8859-1?q?WyajRLIEyWp3xCKAU91i9sQnDepWrM93cRB20DL6SnVfCsKKgmQulqBj9wuX?= =?iso-8859-1?q?ydJWtc91+/l3Q+5vb4LFerhhcCFhPKdYwtrpXf4s5Lhccm495j6l1dEDMbQP?= =?iso-8859-1?q?zAVIK2utkvZbAIhXi3Mbkq7SqJ5KGyvtEtxu50gn4ihddkPbSwNq2HUdNtfy?= =?iso-8859-1?q?9CioL9pnlK7cbEk8q+ddoKi7ufVS4GgDb33vnJGFF2TyAjvPEXPsle5wSVTc?= =?iso-8859-1?q?pVCOW/ZUmcfE7RgTCyKOHZOXEngRsUhlZ7MQ6recSU45Z+18hcBSbRNnsDw2?= =?iso-8859-1?q?cikGZ7etOMNnd04Js6Vh6GjDOQZrGuo1P5euH7To8UFAktIqeYkAccnjZW1Z?= =?iso-8859-1?q?nmAUO8pwgBpol+x2xncgWqEo7vPqmYpSXwWytx4LjA05OBTVBafC0ja4FpO6?= =?iso-8859-1?q?74WMFeg/BlWy15RiX2A9SM9DnRW09nLdZKM+p3UZrBMethQvtJciEK+ZgQ?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?vj0VqqDdUDo4X3IZXk197zO?= =?iso-8859-1?q?xV7GKHVIwcibUexws1BOQRvJPwBsOV0vprLnNXTlwdri6k53ngQFmUazmb7m?= =?iso-8859-1?q?JuB2v37vOlxBuuVBqDSjfFPZZTwuSyFahRXQNaipwLzEqOJPtPskjPr/HDpK?= =?iso-8859-1?q?8oGx47wL1d8pt2uRakChgtxyoj87gqT1iGchD0E5uZbAcbbAPPRK5REbNwcM?= =?iso-8859-1?q?DoMbdrFGNoJIYtoQi2EoaR8HbbWNtf2b28qOgS3nKqN8CIWUu4BhT3paHQDu?= =?iso-8859-1?q?FZl895H4aQTe6vmIcfwiO0q+KGUHq1nUyPvqNXU2YIT8gbbifYHZKkVRmdzw?= =?iso-8859-1?q?XMbj/KZuPkHl+oYY5C/xc502AmWiyNTV9T0STyjrE2juKQoSH81hS2+mIynV?= =?iso-8859-1?q?nF5eyurtjB0+g4kMg1bhOcaT3ARsBVmvCowKXX4uUPVrkQlnqhjNcfqBQweh?= =?iso-8859-1?q?HRtiZzHQxbkf7v6YkE2jouCd1BQ2d/ZbYt+2Bveq2SErWKd6GUyP8kTUkq+Z?= =?iso-8859-1?q?BCdWcEIBBljWKG51TLOsedU0MNb16MMARtKnwQgckTeRox3O3zwi7yVj36Xq?= =?iso-8859-1?q?jTyoLHSXuXwAWNEu13QDGR4OInac4UsHVzvgrnyOXmHomzpHN9m4zfxF6cQX?= =?iso-8859-1?q?5/FEz7YJQ7Br8JEzLXeg5a2JPNUN6NEqCSJmaBzuryyImWUlRRlXyDtidBZv?= =?iso-8859-1?q?67lip7ZH6aHRuHErnMApARIUTKdE9ANPSuinszRyp/K3ldXz/plAk4OcQxaF?= =?iso-8859-1?q?3qX63TuXVYJIIPkvdnpmUeM57O5010zTGfxBo6kWvJWsBAHSD31hI09V554E?= =?iso-8859-1?q?DOflpIi2LqcIvQPsrioF1k+7AqjH1jGAgnADecli2PD17YOgfOXYt3qtY42P?= =?iso-8859-1?q?4V8BzzVAEf8IsIoxHa7gsSCelD8r7MXkamBNPaRUT3kQGwkvnnHvgc+tCCQU?= =?iso-8859-1?q?U6E+StGRfF4U9Y0CgtGyvI45cGGJWuqeEN3dREtg5QyVKycV8Tk4Gba1FJnE?= =?iso-8859-1?q?nwqebHDtmxUFjQcaYKJuLjs3hiDiFVvquyvolT7TM+R+tClMzKKD0DjbwsE3?= =?iso-8859-1?q?hJePpFdumyx/nlEE8PLdGRSBlfPzmW0oM2SBBqVIz8tYrVfqsp10wT2wtnaI?= =?iso-8859-1?q?r0wkRMAR/U9SLduOpgkkGOvR3KQTEDjmQdDzIVvJFKt54CbGm5rg9ZyALMPD?= =?iso-8859-1?q?GoYxB6oPP9t6ClGu4FfioZNSkVootbK2DWPC5aKmckD+ou89uORWb6T6MKlc?= =?iso-8859-1?q?u66KuDUu0GATwKdPRV+xpp+xlBOJyJQJ9GiYOc5KwcrCe2C3xmystIGXNcM6?= =?iso-8859-1?q?5/m+jU2CyE/Q5VnadKbjAYF376fTg1MNVY+Q6e4cO2lGq7G4DJvVrYxRKJzO?= =?iso-8859-1?q?/DxixC1Ylr0ZjYBLNSHdBPwUro5z0rzqON/X3ZfZRqOJegC9lz0yFI/kSN/y?= =?iso-8859-1?q?mGLeLI7b5nVotHJYR7DFhHx8lLD0ccZg/2IdqhC31/kjPIMXfmQaS4JTWmcb?= =?iso-8859-1?q?bmJOANFPIJlufO012/76N2Q9Sp61HZdTr6SL08ED44sS9zXdrUo4Wutmg5Qs?= =?iso-8859-1?q?ZuSETztNOmiLx3aKknOeWKc4Au4rEpdmujSP6+b7/G+Tmoz122NqaoR08no9?= =?iso-8859-1?q?S74WgRiPO6hHSmqdCcCuPY9kGtL2/AO4Pik0AdA=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0bbdf27-da14-4f83-6faa-08dd0b39af00 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2024 21:07:29.6659 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: igXOCkrOe4Tzz2Nto8WxFLZSW9QJuA3B5aSPjw/Qi2duMO3zOp1ofuQrO+6V+PR3YgNhZof61iQQ6cBY8KKuS1CkOt4BYBzJW4yng1xaWhg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB9738 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - "-fno-stack-protector" is removed from global config - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Signed-off-by: Volodymyr Babchuk --- Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 ++ xen/Makefile | 6 ++++++ xen/common/Kconfig | 13 ++++++++++++ xen/common/Makefile | 1 + xen/common/stack_protector.c | 16 +++++++++++++++ xen/include/xen/stack_protector.h | 30 ++++++++++++++++++++++++++++ 9 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 xen/common/stack_protector.c create mode 100644 xen/include/xen/stack_protector.h diff --git a/Config.mk b/Config.mk index f1eab9a20a..c9fef4659f 100644 --- a/Config.mk +++ b/Config.mk @@ -190,7 +190,7 @@ endif APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i)) APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) -EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector -fno-stack-protector-all +EMBEDDED_EXTRA_CFLAGS := -fno-pie EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles diff --git a/stubdom/Makefile b/stubdom/Makefile index 2a81af28a1..41424f6aca 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -54,6 +54,8 @@ TARGET_CFLAGS += $(CFLAGS) TARGET_CPPFLAGS += $(CPPFLAGS) $(call cc-options-add,TARGET_CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,TARGET_CFLAGS,CC,-fno-stack-protector) + # Do not use host headers and libs GCC_INSTALL = $(shell LANG=C gcc -print-search-dirs | sed -n -e 's/install: \(.*\)/\1/p') TARGET_CPPFLAGS += -U __linux__ -U __FreeBSD__ -U __sun__ diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index d3482c9ec4..b3f29556b7 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -15,6 +15,8 @@ $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) +$(call cc-option-add,CFLAGS,CC,-fno-stack-protector) + # Do not add the .note.gnu.property section to any of the firmware objects: it # breaks the rombios binary and is not useful for firmware anyway. $(call cc-option-add,CFLAGS,CC,-Wa$$(comma)-mx86-used-note=no) diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk index fc95e24589..49a7a8dee9 100644 --- a/tools/tests/x86_emulator/testcase.mk +++ b/tools/tests/x86_emulator/testcase.mk @@ -4,6 +4,8 @@ include $(XEN_ROOT)/tools/Rules.mk $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fno-stack-protector) + CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags) LDFLAGS_DIRECT += $(shell { $(LD) -v --warn-rwx-segments; } >/dev/null 2>&1 && echo --no-warn-rwx-segments) diff --git a/xen/Makefile b/xen/Makefile index 2e1a925c84..0de0101fd0 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -432,6 +432,12 @@ else CFLAGS_UBSAN := endif +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS += -fstack-protector +else +CFLAGS += -fno-stack-protector +endif + ifeq ($(CONFIG_LTO),y) CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 90268d9249..0ffd825510 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -86,6 +86,9 @@ config HAS_UBSAN config HAS_VMAP bool +config HAS_STACK_PROTECTOR + bool + config MEM_ACCESS_ALWAYS_ON bool @@ -516,4 +519,14 @@ config TRACEBUFFER to be collected at run time for debugging or performance analysis. Memory and execution overhead when not active is minimal. +config STACK_PROTECTOR + bool "Stack protection" + depends on HAS_STACK_PROTECTOR + help + Use compiler's option -fstack-protector (supported both by GCC + and clang) to generate code that checks for corrupted stack + and halts the system in case of any problems. + + Please note that this option will impair performance. + endmenu diff --git a/xen/common/Makefile b/xen/common/Makefile index b279b09bfb..a9f2d05476 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -45,6 +45,7 @@ obj-y += shutdown.o obj-y += softirq.o obj-y += smp.o obj-y += spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) += stack_protector.o obj-y += stop_machine.o obj-y += symbols.o obj-y += tasklet.o diff --git a/xen/common/stack_protector.c b/xen/common/stack_protector.c new file mode 100644 index 0000000000..de7c20f682 --- /dev/null +++ b/xen/common/stack_protector.c @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include + +#ifndef CONFIG_X86 +/* + * GCC uses TLS to store stack canary value on x86. + * All other platforms use this global variable. + */ +unsigned long __stack_chk_guard; +#endif + +void __stack_chk_fail(void) +{ + panic("Detected stack corruption\n"); +} diff --git a/xen/include/xen/stack_protector.h b/xen/include/xen/stack_protector.h new file mode 100644 index 0000000000..97f1eb5ac0 --- /dev/null +++ b/xen/include/xen/stack_protector.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef XEN__STACK_PROTECTOR_H +#define XEN__STACK_PROTECTOR_H + +#ifdef CONFIG_STACKPROTECTOR + +#ifndef CONFIG_X86 +extern unsigned long __stack_chk_guard; +#endif + +/* + * This function should be always inlined. Also it should be called + * from a function that never returns. + */ +static inline void boot_stack_chk_guard_setup(void) +{ + __stack_chk_guard = get_random(); + if (BITS_PER_LONG == 64) + __stack_chk_guard |= ((unsigned long)get_random()) << 32; +} + +#else + +static inline void boot_stack_chk_guard_setup(void) {} + +#endif /* CONFIG_STACKPROTECTOR */ + +#endif /* XEN__STACK_PROTECTOR_H */ + From patchwork Fri Nov 22 21:07:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13883616 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0C88FE69191 for ; Fri, 22 Nov 2024 21:08:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.842003.1257473 (Exim 4.92) (envelope-from ) id 1tEasT-0007QE-5j; Fri, 22 Nov 2024 21:07:45 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 842003.1257473; Fri, 22 Nov 2024 21:07:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasT-0007Q2-18; Fri, 22 Nov 2024 21:07:45 +0000 Received: by outflank-mailman (input) for mailman id 842003; Fri, 22 Nov 2024 21:07:44 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasS-0006xA-FC for xen-devel@lists.xenproject.org; Fri, 22 Nov 2024 21:07:44 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20624.outbound.protection.outlook.com [2a01:111:f403:2614::624]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d0226e3e-a915-11ef-a0cc-8be0dac302b0; Fri, 22 Nov 2024 22:07:42 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PAWPR03MB9738.eurprd03.prod.outlook.com (2603:10a6:102:2ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.20; Fri, 22 Nov 2024 21:07:33 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8182.016; Fri, 22 Nov 2024 21:07:33 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d0226e3e-a915-11ef-a0cc-8be0dac302b0 X-Custom-Connection: eyJyZW1vdGVpcCI6IjJhMDE6MTExOmY0MDM6MjYxNDo6NjI0IiwiaGVsbyI6IkVVUjA1LURCOC1vYmUub3V0Ym91bmQucHJvdGVjdGlvbi5vdXRsb29rLmNvbSJ9 X-Custom-Transaction: eyJpZCI6ImQwMjI2ZTNlLWE5MTUtMTFlZi1hMGNjLThiZTBkYWMzMDJiMCIsInRzIjoxNzMyMzA5NjYyLjQyMjQzNiwic2VuZGVyIjoidm9sb2R5bXlyX2JhYmNodWtAZXBhbS5jb20iLCJyZWNpcGllbnQiOiJ4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcifQ== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ByzlH/mC/RxZMcA3Jn7WlK2C4XWE8REKDsqGHfRgSnr/0Po/17BWtfFqpY2BvucsxaDYL5jkUTE75MNQgeOb6wr4jiDSdk9hXPaQ5BX/CPOq95euYk3xIOOe/vS88vYFOFuXbesritFa1eEC2EX7B4Lozfm26dcaOvC60+VsHVJQW3mjY43VrdHjytMWXJSmJ4QBt5DW5OvNXcSXO9/FokxljoTmkaPe+I0lmHxHvoJre6gp6zz5oKsaH/a8J3r8UYyTWFVMkAXWPN4PcfIT6T8MoRWXxpxCbsdItu6q0vizdHW0La0Z1y5Ltiw8oeVjOURHbnYJTC8IExeDCtav/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hKhc6MOCXjks3p+mF1Hok1MhyOqzBUachJYh4VSNAfA=; b=pzOchMNl+fLT32dCQV7r01lAII9BvuvkhjInQ/RNH5X/xrJRs3aB4lXVCWE/n4OaWoFdbIwu5pKWfjAPCRg4LRhNxdH1+DcoTmh3pxINE8k4RYcTSZa2vqXoUxUNkWnPbtUXBBXSpDGTTPcAJRxdkWWUgu1nctjMAnr8geautjgOtGmdhTK29moic0FmmTxkh9N/49yos88deeSdMRFGpiP2AMFWmLyA5bmSUrHYz7QJwML9Q4I4B72B5ZDiFxs+PKbTWhc7wkwzzjHbC9Zrqgmz36aqSa4ziq6msKF5CiCFHIxBjxA87gv8cUwMCl0x3CnCL2DGapZ4g5aV/mS3xQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hKhc6MOCXjks3p+mF1Hok1MhyOqzBUachJYh4VSNAfA=; b=pt5H47fIUyJkZlZPkYguX3OnwuVCPvbRHPgulL39nx2yB/2tQrEmEx92hxjB3eEJ6bBNpiwi3BB/ZT+fAuK2GYdMCNfKCnIJNjDqkYsnz5rjHoC9XVGHyP/u1cWbLUnB17vxEAyT8FTGkGCeKVVjklEnLC/3yA0pxfM920Z8cAdjdnWZPcAJsCiFDqHoYeCKpuqFxZg4AboDPvHLYEczbX6xiWvc+rae41QTplfCbUKk+2HksElq5xEyVH4ZCNUCro6Uc2rkYB+pkjIy9tFm0EXU2N6Luu5w27oP+1u4RGuiBczL/77/pFpbahcUUf4qx3FX0H28ayH9P/63iJczpw== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk Subject: [PATCH 2/3] xen: arm: enable stack protector feature Thread-Topic: [PATCH 2/3] xen: arm: enable stack protector feature Thread-Index: AQHbPSKKppr5gbUiFkmSWcjt2gLITQ== Date: Fri, 22 Nov 2024 21:07:29 +0000 Message-ID: <20241122210719.2572072-3-volodymyr_babchuk@epam.com> References: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> In-Reply-To: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PAWPR03MB9738:EE_ x-ms-office365-filtering-correlation-id: 0ae32b17-3bee-4fa5-71ba-08dd0b39af41 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?+579lqAQJn6kfrGeZZuax79w41?= =?iso-8859-1?q?sh3ApDnHGJe3ih1gow+1IKiJy3sgXoerEFdPAfetsNuDfx5B5/xoxgILkRvU?= =?iso-8859-1?q?gr5lzKkaZr58nG2AV3liptaBOh9w4SemvuDzcdDWw//RgpaW6bIlEGAtTVJz?= =?iso-8859-1?q?8JetJAD0EXrUUpzAK27IBwBt38RGW72K6lh3PYr17acSIsq2fKyBzBzLHl+v?= =?iso-8859-1?q?g+YeqYNz6ZZhdAJrUVI6cvL7mqyfepkpzrtcg45VE+Sd1AygZlaMecLAaFMW?= =?iso-8859-1?q?mkoc72W1EC1IyFbC79R0kFV5ZAwhsL+/vvXn4qpvnZY3aloxNK8WN+Y0UOMP?= =?iso-8859-1?q?FqtoRyQYASVCP8HIQe0n77iN/WEbtT7al/YxGDIaODIyz7yTYRVGBVWSoGck?= =?iso-8859-1?q?Mao00hPWUmac2YGpzwdR7zhdA4O5wf8ojRZrjYHzPt70BxHa+cHuHphA5N74?= =?iso-8859-1?q?9WWRuOl3uW4IYPSNuUpM8l2+l3EqAeQQbhSqhZm/TMYTEjQsSvGQZ4l5W7cn?= =?iso-8859-1?q?9B2QwFaZT0sNx2QAaUJ74tpC33OSiiVHyJOLEiJ2i2MPPy/laOreq/gxDubR?= =?iso-8859-1?q?esRwEzFnx7C6BZPIPL/4lOpIJPhJrBwtIjPf/7u8o3fdtw/aBGvBc37QgZcC?= =?iso-8859-1?q?2fVMwbQjs75NeK0b6xYhNSmkNAUw3I/LbIe8XyJ5FBHk7TL/9xLqZS0kyLJc?= =?iso-8859-1?q?tSQX7hcBaMwlC8TXoWT2E6AH5xDM+ewNIX5dJd8dY/dQUuJbqs1L1sxD8eic?= =?iso-8859-1?q?5nztonfbIZQcWzjgrpVWUYXKUKciUP2LGmhZjHz4VJ7hsOHsFPNqJwjPV0eI?= =?iso-8859-1?q?Cwu1AN60rsomAKE9cGC9gnx/wdAgysEC2SutqnMbxPR4oDUCWNFFAKQDqY5D?= =?iso-8859-1?q?rGlGwi0YNboCyLrUeiJ6w2OOGmcExFFfMJteQ924iXf5Rysjivxh5pSyziQ+?= =?iso-8859-1?q?sc+yrjgoGndRdjKYPpdcMRZaY+b8nq8PAVL/TLwQNN0cxlllf6dnxOaTs+Zm?= =?iso-8859-1?q?DJ2/pg/Xno1bCn5gDJ8bzSo6FZ1Hk0vFx1YFzJ4Z5M6mxh9US75yRu7Zk9V3?= =?iso-8859-1?q?51HaOBvcc4PoUKVrYYy900dkSN8q9APbzIi86jpbWm3gtwOr++MJKVmJqAOf?= =?iso-8859-1?q?6jlDcgmaqHtysM1gxPp39tgfSjuv+prOdJ1PtKMoTUr7knUd8yqu7zs81VII?= =?iso-8859-1?q?06J8MI1G90kEezS8DGw1A3MWZyvXuCB1nVhnt5Us7rY2Nbd7RD+yjVXfzT9M?= =?iso-8859-1?q?X3n8VQu2eqeONua7aCTGmrny1wA8t/I+vEgKCH5QCEItVY4QmXTgwHRGaLxq?= =?iso-8859-1?q?UUwVuZjU+ufuQWKZVRRKME2oL3nFN8m8yCKvpbvoSEN/tgeu/m8S6/rwOr0e?= =?iso-8859-1?q?0hvKm3u9Tl77dJhtMIjSPAQT31l1Dh+9v5j7PS7BQ=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?/+Tecr5i2su+bV/AdY0bINo?= =?iso-8859-1?q?gBkte2JNwP1tioneadIsb8AnAlKUmqeR7z04aPheOU9L3yj31MUB5WIzVr5L?= =?iso-8859-1?q?FH1HqBoi98v+f+jqZFbKkJJlvwa7IwmWZToL207uEoCDpGWVLnL81mXU1g7n?= =?iso-8859-1?q?hbGsnh8Trw7VEv6sWa2CCVv4umeq0T0ZD4k03xv7Fjet9b/cSh7JIbahxGiu?= =?iso-8859-1?q?y04BIH+yjc9TA6A8aELBhj5dWRoAOMWImesC1UoX7dah8bABP50+YCuvFN61?= =?iso-8859-1?q?zgGyP6cCmiMcLeNJyvUTomxFQhGP7e+U5dAQ69jycjqFxolt+IllSp1FEvOj?= =?iso-8859-1?q?J8a5VpdGgstSbg5CfrEu49rLEHdZKfW4ARrpJQDtHQWfkgOO4hsaagswpjCy?= =?iso-8859-1?q?uW39fdEEPSAQU/CMfqD8BY3OJofNhnI0DVWwwOTJVBX87eFD9RsGzWIGlS2Z?= =?iso-8859-1?q?cmSsIax+cDtZLJgAWZVSD0Ny/rBPXMXd/U3F1G33By0SHw269WEDMY/L3aBi?= =?iso-8859-1?q?fG0LerMvU+zKnSWJBYTZFlzpnuUwHh+/2fG/V35Zpx/1monOxeir7+R0rf/E?= =?iso-8859-1?q?MCX3tUR7p/SAH+gLey1x2gE4svTsLi3SiSxVsvOGDfV3d1jYT4+saPovM3OR?= =?iso-8859-1?q?fIFdb940RBI5cSwuNQFB5erOS8WBwBwXoNVPkZxQ41f7btJcyOIk69scGJ4O?= =?iso-8859-1?q?FkISu3TYnT8oxx/cWqPEhb6W0MfyjGd8yqG1LGxPtz3UYwrPcLtbsY66M6eR?= =?iso-8859-1?q?Lo+Jau6PLtBD5LRrotk1Pju87gvmZlRZ9RpZVRrKweZnzgycDCm0RgN8kAwo?= =?iso-8859-1?q?rcE67wA1/YhtxIzkIZBK83ugAjAb2zRUpI0j6cy8Yv7JgXfNhUtklfJ3KJnp?= =?iso-8859-1?q?vlqkxaLqtPtsHGkiq8Oqd7x+4JnuT/gVerveY31fzfUOyB9qm/kxEbUTty6n?= =?iso-8859-1?q?s5Zzf97Cq1ESytUi8I9cuBVbz1MjXSv8qXW2BddPSso8Ohw8kQEL1ZExql0H?= =?iso-8859-1?q?7YrdqR4KP2u0DGWQvRTzw0Ig7fVmVwFccXf+8QXZUyyoyIXCNAqMTE78vDwi?= =?iso-8859-1?q?L3hz6qo5NI9g7kERxOR/2JdpsPOp9NHOCpf85QXaKbFL+9fwFd7y5XDZ4EEX?= =?iso-8859-1?q?u+MAcs+FM2nnsxsPGAfrban13syx5jbEfrQxNxi05m2Q4ob7Cr/kMYywBrBF?= =?iso-8859-1?q?7OAL4cDRipV5MXD8kZm/nFXOabJucKO5Zxt7NOEedljgulLIvfPJFz6oi7LO?= =?iso-8859-1?q?oi3vvmH/NjhI1bpKxMxRzoim1hzcuymPKRLYcYGU4l43ha73oLrU//Sz4xLS?= =?iso-8859-1?q?Dd7ZvRnUDxNRKwgssL65glqtMp4/TJ36+E7gYQ1r2HZl49YChg++LDyu1TIh?= =?iso-8859-1?q?Bi/YNnbanZNX0tIstvP6a7d1wjUYLFuYFuuy4RxTz2nV3K71TB1BMME54P/u?= =?iso-8859-1?q?U5GdnlGQDl1fpnmgizelprw8/ukrfFwAwcu4M7LJPs09k0eiaxLHIyDkPMKx?= =?iso-8859-1?q?bOmy+5Iq/J2Whpdn90P1v/TxhTf6q8PkhMSi9WFeqom2l7dq5shtD0MyJF+J?= =?iso-8859-1?q?sotuLs8cIkGKy4D0nWsZNFK6uz+v8qBvtSG76nB+3c8guZoE40SJX+bPXO0C?= =?iso-8859-1?q?DFd7JdiyNfGXqjzwet+3VIAeV+I4F/LTIyGei2w=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0ae32b17-3bee-4fa5-71ba-08dd0b39af41 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2024 21:07:29.9392 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: KMYuHsr6PE5ZEiu/DOeB5dDQSh190D8NrYXaktEnim0720bVzcySTr9s6Qj2Hb7DHt+64EoTnf4mzTZNWsusZIQUUnRzFWryflWdUh4mgm0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB9738 Enable previously added CONFIG_STACK_PROTECTOR feature for ARM platform. Here we can call boot_stack_chk_guard_setup() in start_xen() function, because it never returns, so stack protector code will not be triggered because of changed canary. Signed-off-by: Volodymyr Babchuk --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index 15b2e4a227..8fbb31bc07 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -17,6 +17,7 @@ config ARM select HAS_PASSTHROUGH select HAS_UBSAN select IOMMU_FORCE_PT_SHARE + select HAS_STACK_PROTECTOR config ARCH_DEFCONFIG string diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index 71ebaa77ca..2bd3caf90b 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include #include @@ -341,6 +342,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr) */ system_state = SYS_STATE_boot; + boot_stack_chk_guard_setup(); + if ( acpi_disabled ) { printk("Booting using Device Tree\n"); From patchwork Fri Nov 22 21:07:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13883617 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7A301E69194 for ; Fri, 22 Nov 2024 21:08:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.842004.1257483 (Exim 4.92) (envelope-from ) id 1tEasV-0007gH-BJ; Fri, 22 Nov 2024 21:07:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 842004.1257483; Fri, 22 Nov 2024 21:07:47 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasV-0007g8-8G; Fri, 22 Nov 2024 21:07:47 +0000 Received: by outflank-mailman (input) for mailman id 842004; Fri, 22 Nov 2024 21:07:46 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasU-0006xA-Fy for xen-devel@lists.xenproject.org; Fri, 22 Nov 2024 21:07:46 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20624.outbound.protection.outlook.com [2a01:111:f403:2614::624]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id d15de20e-a915-11ef-a0cc-8be0dac302b0; Fri, 22 Nov 2024 22:07:44 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PAWPR03MB9738.eurprd03.prod.outlook.com (2603:10a6:102:2ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.20; Fri, 22 Nov 2024 21:07:34 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8182.016; Fri, 22 Nov 2024 21:07:34 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d15de20e-a915-11ef-a0cc-8be0dac302b0 X-Custom-Connection: eyJyZW1vdGVpcCI6IjJhMDE6MTExOmY0MDM6MjYxNDo6NjI0IiwiaGVsbyI6IkVVUjA1LURCOC1vYmUub3V0Ym91bmQucHJvdGVjdGlvbi5vdXRsb29rLmNvbSJ9 X-Custom-Transaction: eyJpZCI6ImQxNWRlMjBlLWE5MTUtMTFlZi1hMGNjLThiZTBkYWMzMDJiMCIsInRzIjoxNzMyMzA5NjY0LjQ4NDcwNSwic2VuZGVyIjoidm9sb2R5bXlyX2JhYmNodWtAZXBhbS5jb20iLCJyZWNpcGllbnQiOiJ4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcifQ== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Cc08jIfohAxGrqPd2m7uaZ+ID4ut1zGkoJJgv1sDdyz37eaOi4mnR4zlGaldvffp4fYHiHzvnBcrInp0TykLtMsxscvszdcEsTA02mrWWjdcHVHBqUI+2P1rlA7tMgAKVYdVZrENh0TyVNtrkHHObePxYxXGUwggUf+YDmbJnw23iSxZSw5GEEjY68eTdo0CEzHq2lXLHFoTZHh5WMweSx6HMtc+FmEpkR/lPI0MzI2TfQrhmTFqqYjDdSGjYlnDbhhIvg/kPEIxaeqQpHejXju87s5PgkAE3IZ/Ic+gOzRb6u1kj0C3//4f5JROQm6CWCHHPukEEbdEl0S10RLPHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KNLjq8vKDQdOVp6utg+lFA4xZstRQk7PIXTXtcimxyI=; b=E01hlIWj/eTOKonvNibrbU4UYzF+vMb2XwJFwoOfk/8BPJAgjYEnxdJkTwfPAdGaYYZTAAWNK7V7byG7LOYTiN4X3tCTzv1F88h9GEpObquM1koSDRM+j/Nw0m9l8jwuFI6xyxbz56QGrz+4GkGE0rUapPnNXHyqBO1WW6VuAj0SCwg8rUubt6Msx+kpYvy0MkvbNz3tbOwr1LfTeqlNP0i7HwAZJ2dExXXBxWfNwJEBxpzPfPTsl0m6YblnFUE722pE+ZP8RtoviQjDh7hINlRs1uwWH8uEpWEsSgjFrucLzlJOllxBE30LJj2hh/yKAu4tGBgvzbjn8fLBZ+X1bA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KNLjq8vKDQdOVp6utg+lFA4xZstRQk7PIXTXtcimxyI=; b=h80nxDy5HnoCjpqdz+JfSKd+vZrddveWYASYi+Ke/OaBT2JcOfxz1snkQKO/WDdnPhsGepIyPe6+EyKn/hDZ8QoFvNeBy1RwNkgVBm1L6pVWkuWAVSwqAdgzzvov16/7IAeZu5aSI9FZ3cOG4meV8t0jZvuCAuZDJDIn3aAXVUIXg9r9tk4RZLiBwHc+wYsLK4404Ixzfn/UexW8rhlvsqzWSXKLyqyjoao6kmpdMLshknyouEATJTxe87cAIm1fG7xL9DG1FAudUlCEpv6sESG0/a8vLGNWIKLvzSA0iFWZBAZZpIZH77q3uogQSMEvQrT67t0Pf49w2mRM03uQ4A== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Alistair Francis , Bob Eshleman , Connor Davis , Oleksii Kurochko , Andrew Cooper , Jan Beulich , Julien Grall , Stefano Stabellini Subject: [PATCH 3/3] xen: riscv: enable stack protector feature Thread-Topic: [PATCH 3/3] xen: riscv: enable stack protector feature Thread-Index: AQHbPSKK7LmLMh+hFUu+rgI8SvJulg== Date: Fri, 22 Nov 2024 21:07:30 +0000 Message-ID: <20241122210719.2572072-4-volodymyr_babchuk@epam.com> References: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> In-Reply-To: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PAWPR03MB9738:EE_ x-ms-office365-filtering-correlation-id: 9021afc3-c04b-4a6e-27e7-08dd0b39af7d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?gfvSFmTDN0jJASxjgOGw44tKsp?= =?iso-8859-1?q?Qvz4vljlKLduxbZ023iMxbWImwdl/njfBCXCV7pJyul+SVUS1mUPm0jWLENs?= =?iso-8859-1?q?pPZUN2WwtGNzACxXhF60PFwtnB+NyQApR0ZQ0Pdh8eHj8+R79R1HwuoXQb3G?= =?iso-8859-1?q?/fO241bxvz+r9o1lj/pKaC7nFB63EZPFg7uDNeojHwtYDz11tLkoySEdzcSh?= =?iso-8859-1?q?IAM4/XldOUwUwY4yadQsHj8t+gm8SERasOTIEV0PwM6EYH9krnlUfTCcq+Dd?= =?iso-8859-1?q?9IfhaVPyqUBfaJRKLT6e1Zn6oG9gPokRfNDM/NCDfAzeXfRIKaFt+VtLuSdR?= =?iso-8859-1?q?7h1FZYq9TshE34/yD715hps/zHVBBZN+q2B7cvdSqdENeyYchRuDocTL54PD?= =?iso-8859-1?q?1c2bIIaknxHX9SX7/tA8GQ1fpG7kzEST7iYUK0G2EIWcjm/4gIGlSQqHDtlS?= =?iso-8859-1?q?7iIqwRLGgoZgggGn8UjXUWPX7MZrpB3HvD8QjMBYTNXFwEJnrkLo4DtaXIJP?= =?iso-8859-1?q?78ra3tpEKicxFQQNopdTj+hgwDQH1lZmR6AFArB+NFykXmGfe8pII51IWOe7?= =?iso-8859-1?q?IU1U+wXEamTCZk8eH6Mtir9AkKtj0OynjuJ+Wcnat/90H4aZIGzncKauAlGJ?= =?iso-8859-1?q?LPxqk8j6Ik4nQ2Ej0Ya6dNzFSiK3v/Vz2qpmv+wBO3jst4UNOq1WknC/0Ntw?= =?iso-8859-1?q?NnxM0gAMYabspgPBWUX+H6AjBiQ0YAb8oQ0s9l4wgFNFQc772TU4t3CYTG5N?= =?iso-8859-1?q?nADwcvaJ1eBYaMxe9Mvv+Geu6nNdYolPANSGIn5wdZVwiymm+B+vDrx5uGGv?= =?iso-8859-1?q?gIpKP0hmchAJztNyuzS7S1igB1evaHzwBdEALi/Oej/18FqB6oVrmK97+YVT?= =?iso-8859-1?q?Z1j10nkWrg+0LxDsieD6Td5bF8hHD8E2J7EHac0HGDPgP/OOQQU/9rmUmM2Z?= =?iso-8859-1?q?N6EpKU26bnG7fA6AuPGRJdY6uNmlNnOFBivA9hxyMO0Gp2DVp3iKZxbx70y6?= =?iso-8859-1?q?DbMyvRhp5YUFQNp3o4UXFRorf5lF34+dDNVksLPtd+/7HUygxUt0f0/sPeEX?= =?iso-8859-1?q?q91Nc7uy+p2GJzJpcvZ6ViCYiB9Z4GlwSI9aYV8ypjDk09xbwAUy/QSLaUeG?= =?iso-8859-1?q?0YEkGhGybleLRHjGqpjUuxCK5yO/TDwet/0jQfMggHa5buC2L4k4r4esy4vI?= =?iso-8859-1?q?d6GarXc4/K7b4m9rW5WkxL/YvJnh6ieb1SD3qnG/SIPQ8ApD9OV/BOR10jhu?= =?iso-8859-1?q?a6GignkWJGZQ2Muqwv576RF7KHuRYF/Hrtr2ZSwlAcFIvqH4RLjLoRFp3919?= =?iso-8859-1?q?VSHfT2yajnQ4goOxz5zUTSaYy4FXju6/HCJAam/My9cjbdXvYSf1bgCgf8/D?= =?iso-8859-1?q?3BPbpGYveTnG/1uodpaQLTna8MQIqJ2vw8pjpnRvc=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?TVkB6YN8SxXyDh3744jI/T8?= =?iso-8859-1?q?IGN96a0VTC4bClbj5l89rpKt0n04jckaw6YsUFRQ9y+zcBoSSxc8iaFNnKY6?= =?iso-8859-1?q?lE+QLuPIlaZ3G6LTWAjRZB8SUT/lTJ8qmVWtZGrCWDv9PyP7zyjrzcRUFFUT?= =?iso-8859-1?q?u0gsxD3p4PCcx3AelSO26I47bGE/4oXzqHS48f/uLl1wGVRZ0UnTLDKCjZd3?= =?iso-8859-1?q?G4Fsp3Px/remgA/yKn2FB9MqPvTYKr66yqw5CDZPkYDvD5H+lCmUzj7P9d6Y?= =?iso-8859-1?q?xdEdOuhlOZxgWk9g3wmHG4XSaP0YOWkyCtv/gryyRiQsodTwfqoacG728ucz?= =?iso-8859-1?q?KPBiJ/vhF5VTSUCp5TIal2va3v+Dd+9HvseVGTa3KvEpR6c/xe3Fsu90Mz94?= =?iso-8859-1?q?lOo+MKUwqKyosr413iDPn4pYmZAwfd+fpUiBSaP5MWiqDFpUixZ1WnzGMPCL?= =?iso-8859-1?q?F1+NYNFT3WJdXNLibMAeox7De+I+S3MZO2dQ+Ar8zPL4ERpNBZSvozx2PObw?= =?iso-8859-1?q?a5AnX9ewhz9bm77XAjU23SD9XhX5ooWHX6IoEvB5DTjY2N3vBpWPMGctURhJ?= =?iso-8859-1?q?V34evbUNK4ITTpwCYc2urPcX/XrGm3MOkIC92wnZGbumeGDR1v1lNRfteVqh?= =?iso-8859-1?q?WN8YlvrR/+D+M6/TjsRhHguu7zeqYW6Ik55YFOruey1y3Mq1HqaGtUD1iim+?= =?iso-8859-1?q?rkU4a9aqDtWsXCddECnloN0Bj3HDzV0vrGnIdCn3OwAejsiSQkvRhKEHriuC?= =?iso-8859-1?q?VE380z5hdCOMfVmXipe3dJljuFOr2T7o3YgSvvcch+S7BWmvX42t4mVIBevy?= =?iso-8859-1?q?9tMWNZTI5F0jcAqJekBFAALu/1z97IFoev1Yju/RasCrB71cqCGSUIiKhVLG?= =?iso-8859-1?q?vuux7VRV4WlLeZfWJtey6KSdVWrkbvVvKTI9qFVBlt+CpkIDngTMxbk9oUSS?= =?iso-8859-1?q?ZEt8Asu6YQKCTIHYfOW1doSumev7mZ2q/S95Ot5QthP3g52LGkWXQpAyqIwu?= =?iso-8859-1?q?cbEK2etWL0WWfP9y1dPaIsG4kG8CGxtR1L99+YmhZi0PbEfvWd8a+rnVZX9Q?= =?iso-8859-1?q?0gr9VyiSXTfcXM2x9bZC0/6+9ddWI1MKtvFaffLC1AvuznNBn1mE7LGGSZSK?= =?iso-8859-1?q?y2HsEmuaZQr2q0cIRt0C2TAO7iIKBHiFuTK/krcoM+nyzoNL1KuDxAt146Gn?= =?iso-8859-1?q?e7LqDBmnj/DhttfXWziX4UDF9udT+1bwg0/98nTce3g9X3RStZpADAq8cnlP?= =?iso-8859-1?q?qpOTmPxAK2/plglRDg7Gx4GVMdWPnNfauO/F8oBxGTeAXkzyf4n0v/u6TQit?= =?iso-8859-1?q?mYYHPmuNmm6wei+Rq4SGAlH6nbAVoaV+bMWgOa+PDzo4Xvmy0Eon/kxMVorl?= =?iso-8859-1?q?EYZGSDNy8+7aP2id5CbXlJfyA2Ki2OavbYN1gQ0QXLmTf3dJNjOAE546fOWQ?= =?iso-8859-1?q?Opb/DbmnDI7o9s2MeLUB/N7bACRQhQYZ8M6eH/rm+lPsf37m5rgDACruWGhm?= =?iso-8859-1?q?KMqEB6mfuGDnW3Oe3bmhePgZg76/U4OueDi63bpc7Awbjoi+9N0fuMzBk3FJ?= =?iso-8859-1?q?PFkAsfapgHgJHuSX0HOf2Ff3t5QAPiMzmJpO++zkV6ELMHksXbXegWvsyxPS?= =?iso-8859-1?q?NeJil1acLJA/vrMBRPl+3AVAgmMoqVq4enB+rBw=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9021afc3-c04b-4a6e-27e7-08dd0b39af7d X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2024 21:07:30.2212 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: UpOkUQd1/b95pJhxZaWSKVqshQsDw9zPAr01nWxFrfcWuqYH8y3u2rA1sC7EQYNL2y7hlaolqaTRK2PxKfIqdA3WczEvrgXIEFenQ7cKo24= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB9738 Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V platform. Here we can call boot_stack_chk_guard_setup() in start_xen() function, because it never returns, so stack protector code will not be triggered because of changed canary. Signed-off-by: Volodymyr Babchuk Tested-by: Oleksii Kurochko --- I tested this patch for buildability, but didn't verified that Xen really boots on RISC-V when this feature is enabled. So I am asking RISC-V maintainers to provide feedback on it. --- xen/arch/riscv/Kconfig | 1 + xen/arch/riscv/setup.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig index 1858004676..1481f23b66 100644 --- a/xen/arch/riscv/Kconfig +++ b/xen/arch/riscv/Kconfig @@ -5,6 +5,7 @@ config RISCV select HAS_DEVICE_TREE select HAS_PMAP select HAS_VMAP + select HAS_STACK_PROTECTOR config RISCV_64 def_bool y diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c index e29bd75d7c..cd71748d2c 100644 --- a/xen/arch/riscv/setup.c +++ b/xen/arch/riscv/setup.c @@ -7,6 +7,7 @@ #include #include #include +#include #include @@ -55,6 +56,8 @@ void __init noreturn start_xen(unsigned long bootcpu_id, if ( !boot_fdt_info(device_tree_flattened, dtb_addr) ) BUG(); + boot_stack_chk_guard_setup(); + cmdline = boot_fdt_cmdline(device_tree_flattened); printk("Command line: %s\n", cmdline); cmdline_parse(cmdline);