From patchwork Mon Feb 17 02:49:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13977025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 45A4FC021AA for ; Mon, 17 Feb 2025 02:49:42 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.889655.1298745 (Exim 4.92) (envelope-from ) id 1tjrCJ-0002kI-0Y; Mon, 17 Feb 2025 02:49:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 889655.1298745; Mon, 17 Feb 2025 02:49:26 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCI-0002k9-RM; Mon, 17 Feb 2025 02:49:26 +0000 Received: by outflank-mailman (input) for mailman id 889655; Mon, 17 Feb 2025 02:49:25 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCH-0001oi-86 for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 02:49:25 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061c.outbound.protection.outlook.com [2a01:111:f403:260e::61c]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id ca54cdd2-ecd9-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 03:49:21 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9534.eurprd03.prod.outlook.com (2603:10a6:20b:5a6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.15; Mon, 17 Feb 2025 02:49:17 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%4]) with mapi id 15.20.8445.017; Mon, 17 Feb 2025 02:49:17 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ca54cdd2-ecd9-11ef-9aa6-95dc52dad729 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JyKA8lnoeY0vhCCxljZgp5JZg9OlD/T9g9HRMpZk9g2qP/HkFLrgSWKq6QFdA6SCWwq1Dpi8zoOBuXoWe6rzEQhqoqDwVz89Y2zNvj3mAEuO7PjBwPiLC5CExBer87vfGYaxtMhUzHw//lFIutSMC66/jR50sknTs6sMCs/bvxHSsTbclGGN3X39+gcifrw97MvOhOIqAXd62itRLs8saD5kyEDEEcpYtmRqGAV+G0rkG2JiB/wZecJhlpA2da2emfNC561HrEZUpYYT8XwapxskB4Lo/WvPQrl18fNfu0nXSj3UkGX5s1hHDJy8eCCQ8wx+9pIHXLDv5wvWrJZrRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JPQWEWjJWgqQ5ilMuiG6MAnVTekf3gFSc1AqZ/HDA7M=; b=ZSpHfytx42BsxwwEkFZb2L4K6RO1quYP7AmjUM/igqZjD7/z17XQoDP2Db7yqzc5qgx+hOSueb7AL2oiA/+a8t8rh8apujBbNPKr8I9xR/IhlKzYWG+HgLAEsuTuO0Jz3VyGVcyBExnT93hRLqnAxz3AzTpStbIAYpu0yYIm1QfUXD3x9/a4POjvvnvhldnKlJgns+e5v3OmQeT87PDOIJXW37Hyk73wn1SFfcjo66RvxfJi/CtIM9zC47NBR0V3rlfSN6bj3t9Gxj6Y/gXrjxbjLuZdyk+oM51HCZ9EiaMYxkWvheogRv0EF/9sD5ICXJhV8Q/gNYGQp1WVq81f5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JPQWEWjJWgqQ5ilMuiG6MAnVTekf3gFSc1AqZ/HDA7M=; b=cWoqZbNWOEzJVf/rq5ZtQ1ZjrlRfV+ofsnGLg+roYYQ2vweDe7uR9X7RGlSNO+K+mAnMS/VzLTqYmK9SUu+PMZvYdNnpn1DjYGQwiJpIDDi9CUKfs6H/VRXbebBxgPNRdwjY3/WpfYHQYWMwDNWpAHFhK4zAO5liwp1Qwy3EGuuTNpkKSJk22/pJRoHgkv9M0N7/bv7+erpTNVHfbymowuy1Vq+3PhLftmygsYAVx6+zRwlA2yIkVCyhV/taUcHN62K0XFZ232wyRBk18NHBYeHHBwjJS+oWhbEe7Af5fu2oV72Gw2czn6v1WgW4fyZVenz+/leOHBNEm3eIDOvGMQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?iso-8859-1?q?Roger_Pau_Monn=E9?= , Stefano Stabellini , Samuel Thibault Subject: [PATCH v6 1/4] common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS Thread-Topic: [PATCH v6 1/4] common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS Thread-Index: AQHbgOaJJQf0pUwpaUCZ/8SlkQXdFw== Date: Mon, 17 Feb 2025 02:49:16 +0000 Message-ID: <20250217024848.3059635-2-volodymyr_babchuk@epam.com> References: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9534:EE_ x-ms-office365-filtering-correlation-id: 08725b4c-7896-429f-38b1-08dd4efdabc0 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?YdgYpa6xYmtknD3POrvTk4L3wE?= =?iso-8859-1?q?prD+aplE5NJmVskkDSOG/3bkQ7jLxAP3FvGfOUa6ubH75dVjQngJy3VbQDc4?= =?iso-8859-1?q?yxUFkc/Zwr2v/GR13yLbG8ozlZW8i9a9fbd7OWCseETHx5I1FkbwVSVow7R/?= =?iso-8859-1?q?VUPcBIh3ymdOmTxXBdDD3w0A42QuCany/ndeQKS8mvYoub+2/U1LK2GTXXmb?= =?iso-8859-1?q?ZxNNKtKfLoSDvfWkSzmTipSy+3u6EXMhpnTmRGKMIjc2vzZH+B5zzkw/fEC1?= =?iso-8859-1?q?yiCtYaY00jX+BLKMtLxxCddGuG+2ZEpYBTjC/h8krFSYx2W9XG+5heLrnsZp?= =?iso-8859-1?q?SQmyWKVhNdsVGVReeXlN8q4YCcbfb3bWl1kfKMFZMwyp7MI0jFc9cchzv5xI?= =?iso-8859-1?q?c47Rdq/PsOnFCmW/l/u0dalCr+/sbxALsoDJ1C9tLQgCoWMdIllvJXgXGv2q?= =?iso-8859-1?q?GWKXGbr+CqZozOyrrwqlM7jp/vgYJILds2JSjsp1gR1ok8YpDYRiv3oSswAP?= =?iso-8859-1?q?Tcs3eECiYaE1ZdshZhPA4+QsX/B5h10hE8oWDcGPm2XDKkchcY2XW3f+a0YU?= =?iso-8859-1?q?DZyOdHnSLcxPsJM/+YRWDESqvTpzqpaDdVeYlyu37CBXSm6Gj+jDVh2/LcDe?= =?iso-8859-1?q?6VktqhmoHdjRwl1Z0ASzoZc2pbMn4+2kkoiSxGBLkTc5KNaZpDCXQrSL+d0C?= =?iso-8859-1?q?GwkbbLkVqB3mLBIqO/pIMXQVulnMwU1IMgbq2cwgHhXuFzDxmSMKVpSayE4v?= =?iso-8859-1?q?KvLnpl8PwvlTajGEXEtNjU/8Arx4zepzJ9DhwzFUwPdR2u2298nMgUSotTjb?= =?iso-8859-1?q?PqSMcx4oUKSX08n79Y7ucj7UHx/0bnkUhxKB+/695ADrUi+Ed9osX+sHqrUx?= =?iso-8859-1?q?u3ZTfg2hx5G4h0DKqN1qa58IWqITKNdpdVrl7agWa4gxNLLJSeY4xVp4HyoR?= =?iso-8859-1?q?Oolf8+fHJf6S2cMz75wBvZTIyDZm26LRU8ck2FhN6wsF49MKumErlL4jubLN?= =?iso-8859-1?q?ET3UApWUGarM4Hq45WdpGapvt2r7KnVbxLnPs1egLlrofvlDzDB8+TMsXx/s?= =?iso-8859-1?q?bZmSyI9q672HoLQblgsVvaSrSXLZm7WI9wqAALHDqyT/WqoAJXyR2wnOfS41?= =?iso-8859-1?q?7kmwrc73apq5ND7Azq0UUJLnV0Wpgy2kHNFTVdyfa6cI3D+Sj/Hphju6gCfC?= =?iso-8859-1?q?o/P9j5yvbYI5GtV7Vz2AME5x5rLmimEQSTIRAdsdMPaPS+YeK5ZXrpy4K7KV?= =?iso-8859-1?q?jOsYZBUv7ViTu/3wfifYyvcvNyxAJQjiOGhm3GaXJ4W5k/tW1WTqHpxhetUx?= =?iso-8859-1?q?4Uo3BVhVLsNyMM2/aeiTpcPN/W1qxdM6AgMYEspkrrs76GtKapjep4BC2xS+?= =?iso-8859-1?q?3lyKHoE9UZDeAZ1G/QL3T5fYdE3M4n4wc0WLnCRDHgY6bbNrCgB0gpMRLpB4?= =?iso-8859-1?q?fu0ZW8x01vsgE015p+eQdSdw=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?+77McI7e3FNDOBgQs0v+gf9?= =?iso-8859-1?q?jOILjAXorUSycZZgmrz4bH8i3hVLv1wBmWisaQKMLzvo2LiGQdcLE5/p0DaY?= =?iso-8859-1?q?xdEMKCHa6H0BlZcxtWlNP2RGiOYUdo07C1nfAJDYoe4rB5uPuFNqHxbEl6V8?= =?iso-8859-1?q?HhUcju8ocOOcF5JMaRTqwK/PTmkzlLn7g0dlHNvHn8ZB+jJR1skiMp7Jo8r0?= =?iso-8859-1?q?nCKFHo3jIJRuiCw4DtSlT66dNQFSHebXOWYkQVQV61OrXwoq9D8AVTpkgvhI?= =?iso-8859-1?q?NvNBoW+nE8mY1rV3kYsZ3/Ul4fhoYzpphSk6ecF4PapNeSoDvNNqP5uYAxXD?= =?iso-8859-1?q?Y8C3Fj54bFNaYLcDSbxUUonf+/sqcFcSusTBuTfc1ttK9asxZy95o4YAyxNp?= =?iso-8859-1?q?X4uX5Ev4GYuOzdfqkAiFU9YLnRk5Oo75atmF3hOmyU8LIfcyLeH/byCR9mv3?= =?iso-8859-1?q?AlEbd5bUcZvVWlmBBPTg7Tr4i7G8JtCo5eO/llDCFwtv1sbcqoCLSiSo7szL?= =?iso-8859-1?q?pJX3vP3C4yjgKNP5EX/3Q1L5yYsuTNOKkqG1Z8UabDnMxPQAweAPLhqIDKoJ?= =?iso-8859-1?q?Cu3USHeONITddXrxr4TCQYxh2mO5CsUSVXopIAybWcBrpgfyzhWyaGbb2aFk?= =?iso-8859-1?q?bUSsvZKYBWVIFovYA6qBVHlPON4aB76mlmZqJLH21wmXU9F1TXCDf3vigPzo?= =?iso-8859-1?q?L3JsbQCDW4mt93/hU2lNDA/FeMQJMTevG2ZhxGeayxWsUhIza9cn5faEJDQB?= =?iso-8859-1?q?KjKy9Qtk/PayoGcl4IYag4ESIN7SvXGoWykOyWKk5wUqUg+Nhgu2xIUgwmb+?= =?iso-8859-1?q?zGQTMpy6qxG3iMe7tiWOca1ElnV2mCnm8OqOocnGTQoqLldklzEp7KUKXP8h?= =?iso-8859-1?q?z2xsJwLvr1BGekfgyaymkbyMhY1aoQG9hwu8DO5SYTxgmzxoLGfL9+8lOvGP?= =?iso-8859-1?q?8Qzc077uL+FrmMAw9isVbQl2X6pw5rWNdSLmdkieuEhlHmk3b+/CtfRW39dm?= =?iso-8859-1?q?s66dK20a9cVk7FXHDwE/+BlUADYqBAkdQaF9lEi61wLmBYaGvjUQngLS480n?= =?iso-8859-1?q?ifsWYn6efOXc5ubuHrTGcHcWB1ufNf0RxEuD57rIqZCv5FJJD42iTRG8txGT?= =?iso-8859-1?q?BryilAwgSr42QAU9/SZhIHP8ubByXJ92o94l3qCOinv/OPxU5mNKWlEzjrcJ?= =?iso-8859-1?q?VNTR7UIRqMqSso4yrKNCGau4iXlfGTSld3zqhnQs8omLkkqe+b6fDFaHbMr1?= =?iso-8859-1?q?bNeMf/cqFzV5+mU6HAbhylYJikcGmLEbJo4TN9EJY45fsgrUklXJUAJmsv6Z?= =?iso-8859-1?q?1nI+juTopHCfGV6BhJuMgiW5rRx/uXbMeHj6P/blFnUOKhwucXP8Ruz9kjzv?= =?iso-8859-1?q?A1WM5ajQNMCRunNbfoBoGUBN17/OSnixCEVcg8Anr6tBFOgc+9LEgtNPsqU3?= =?iso-8859-1?q?2X+It78wUshNB6/Kyn4MyKw5LFdu27yh9Rb9BBP9jGz2gCGZ0kfd/2DZxy3N?= =?iso-8859-1?q?tABHSBr5MZkUYXV6xcy2G8tEQVxrXxRIeJJQTkmFLbmmoJIKqRF5yG5wTK2V?= =?iso-8859-1?q?/5KbwQSJE/M9Rtvih1y1gvUCV37+h+Bj9/zJM006Io8e8HITk7ZNoWcAhAE9?= =?iso-8859-1?q?rHWEtT3P+ksEWkB/NLRWwn/0/4nSGP4EeQcsWig=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 08725b4c-7896-429f-38b1-08dd4efdabc0 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2025 02:49:16.8178 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CEvS3qT8G7J4Kmfc3FOHGIPjGEFXjgHbzd85ncIs5LgIpqXkbPTu5GR3hnQ+HoZz4Jn5XS0cYBcn9yXrc2h64DLvuFF23WGN2i1ljLAGA5E= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9534 This patch is preparation for making stack protector configurable. First step is to remove -fno-stack-protector flag from EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) can enable/disable this feature by themselves. Signed-off-by: Volodymyr Babchuk Reviewed-by: Jan Beulich Reviewed-by: Andrew Cooper --- Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 +- xen/Makefile | 2 ++ xen/arch/x86/boot/Makefile | 1 + 6 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Config.mk b/Config.mk index 1eb6ed04fe..4dd4b50fdf 100644 --- a/Config.mk +++ b/Config.mk @@ -198,7 +198,7 @@ endif APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i)) APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) -EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector +EMBEDDED_EXTRA_CFLAGS := -fno-pie EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles diff --git a/stubdom/Makefile b/stubdom/Makefile index 2a81af28a1..9edcef6e99 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -14,6 +14,8 @@ export debug=y # Moved from config/StdGNU.mk CFLAGS += -O1 -fno-omit-frame-pointer +CFLAGS += -fno-stack-protector + ifeq (,$(findstring clean,$(MAKECMDGOALS))) ifeq ($(wildcard $(MINI_OS)/Config.mk),) $(error Please run 'make mini-os-dir' in top-level directory) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index d3482c9ec4..be2692695d 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -11,6 +11,8 @@ ifneq ($(debug),y) CFLAGS += -DNDEBUG endif +CFLAGS += -fno-stack-protector + $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk index fc95e24589..7875b95d7c 100644 --- a/tools/tests/x86_emulator/testcase.mk +++ b/tools/tests/x86_emulator/testcase.mk @@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) -CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags) +CFLAGS += -fno-builtin -fno-stack-protector -g0 $($(TESTCASE)-cflags) LDFLAGS_DIRECT += $(shell { $(LD) -v --warn-rwx-segments; } >/dev/null 2>&1 && echo --no-warn-rwx-segments) diff --git a/xen/Makefile b/xen/Makefile index 65b460e2b4..a0c774ab7d 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -435,6 +435,8 @@ else CFLAGS_UBSAN := endif +CFLAGS += -fno-stack-protector + ifeq ($(CONFIG_LTO),y) CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d457876659..ff0d61d7ac 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -17,6 +17,7 @@ obj32 := $(addprefix $(obj)/,$(obj32)) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float -mregparm=3 +CFLAGS_x86_32 += -fno-stack-protector CFLAGS_x86_32 += -nostdinc -include $(filter %/include/xen/config.h,$(XEN_CFLAGS)) CFLAGS_x86_32 += $(filter -I% -O%,$(XEN_CFLAGS)) -D__XEN__ From patchwork Mon Feb 17 02:49:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13977021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 31BEFC02198 for ; Mon, 17 Feb 2025 02:49:41 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.889654.1298735 (Exim 4.92) (envelope-from ) id 1tjrCH-0002Ta-KG; Mon, 17 Feb 2025 02:49:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 889654.1298735; Mon, 17 Feb 2025 02:49:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCH-0002T6-EC; Mon, 17 Feb 2025 02:49:25 +0000 Received: by outflank-mailman (input) for mailman id 889654; Mon, 17 Feb 2025 02:49:24 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCG-0001oi-7p for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 02:49:24 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061c.outbound.protection.outlook.com [2a01:111:f403:260e::61c]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id ca13219c-ecd9-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 03:49:21 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9534.eurprd03.prod.outlook.com (2603:10a6:20b:5a6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.15; Mon, 17 Feb 2025 02:49:17 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%4]) with mapi id 15.20.8445.017; Mon, 17 Feb 2025 02:49:17 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ca13219c-ecd9-11ef-9aa6-95dc52dad729 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=x4qLCB/liKGHWKLJRam5ZLujsg0j2rJi4/wWlU084l6v7/HdNAa7Pbfme/ng2HRZqwM8z9DeTxKhwNWdoceURBUsqMbbGQk1ifeGs76LrG8gG1gzXXOCY+OOaXYjMa5Sp/MSV2JzZsAuJYi/DqY/5aBTXgvA6tpNnEp23hDcDsiCInKV4RYh0c9t6zyoH87I569iRm+j2YX0Ng61EAJvN3Vl/OHzrb1Qv17jDxEbjshzCdG3YqwSrczXrmFTums26/Ht+I1BB6aQC/tq1GyjY3sxcgjYwYIzyWvGhlGn/CAOH4gATjUoUQaLAHfMC0y6FU0ctRzhUh2FUXqKjVtnBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fYCAKQexokAgM3h/9SoGSw9D7Aknb12i66xb7xIFR1s=; b=FCOh86KrKkzWCh3ze4fNDbXdxoDjQmKgv34Z5FscUxKSsDdewixi7+lmca9f9sqRZHQMKJHbh984rJibeH/adxcSnTZhHqPviJysulVADk1mptOKqJ34m33XDqA3ZH0862Zot562zeaIChnocZwtl6pgWjtKP6Mqvdf0UbUPfMjhFcOXs7vPuDO69CMWs9Od3jF+o5w3pBY2zntq85gKcgdXzkLHMek1rPnBngS0LOuvcZ0e230OneRDVsQxvn8N/M6Gt4DgnJ+iA8yNZa+GZ5vNgit9v8cod0ZHKi4Kt9lD747hOfMDEyITbqhpnFNhKqME5Bk6VtBLGcQE/tn4/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fYCAKQexokAgM3h/9SoGSw9D7Aknb12i66xb7xIFR1s=; b=Ff0Y+WCITB+s/U1ojn3ighb6hJFV21sKisC4SP3kTRmA2wFEz0WQTP7V6vkT3pHQ+CFaKY0JgCx/4sbn80gzZGiA5t3+qThSdT15Kal6UPKlSkppQlC1bEDiSPeVf+tHwTnr1Cjw/i2WD+jca9izXJ2qTIK6EX+SOnjBqMk9wzSdYyWPIV7E0RUdM/KQVq2hDmntrf7mdLxrxoF0EaFmijvaY14FTunlTlmvW01lLHADERiURXdaoMrOZgXa8VHwlMBcC22TpEIGvuiLTtYD1KTXg924KLbW3xeztfZsYfz4gchwdViA6ASGRSRcvZhbO7zx7J4dWtW1eZffMe8lAw== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Stefano Stabellini Subject: [PATCH v6 2/4] xen: common: add ability to enable stack protector Thread-Topic: [PATCH v6 2/4] xen: common: add ability to enable stack protector Thread-Index: AQHbgOaJRZZjxSPvq0GPGrg2wX/xCA== Date: Mon, 17 Feb 2025 02:49:17 +0000 Message-ID: <20250217024848.3059635-3-volodymyr_babchuk@epam.com> References: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9534:EE_ x-ms-office365-filtering-correlation-id: a3309769-06f9-45f9-cb5e-08dd4efdabe2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?rsrDlszoKIG7Z2+HPWZI+F7/pppR0AB?= =?utf-8?q?Du79//I7LOymxvCpJ5zcmF4RuDqJJNCbTTGUWjzlSlbc/bQ8JLwAp0bfa06MD6I1Q?= =?utf-8?q?9u3+RNoXRGQOeDHLeSX+M1dTo1wmAMfQQxZOnPjN7nS2m/xqYimGYmFsL3UYJSEMP?= =?utf-8?q?V1hvlZMWuW0MMjIwFxL1O3rsTh5tUXcApTUesIYH6lqnLvPUlqILHwziFGxp3yO4o?= =?utf-8?q?JvlHhfOs/OlSL0g3BnzrplM+1eoevopiM5NI33efz1XIsQUTR6wW4dJYh3XgD2ofT?= =?utf-8?q?oiadOoSzgHjhzuR76+445wKNnUSHp3QtyLhW6N2n/lxuh1Gs+eU4rwvL0AjeWenfO?= =?utf-8?q?syKICLECbcViKSgRHMlTLSI94DYpOfNGHeKONjbIw8zKTPB7tn1jRfgOQZKdy82eh?= =?utf-8?q?BXvgaLgafr5ahJEa1+qW1j2pfOxvS14cyUlHue+4hNHV7GuiL8DYU4PlcnyHikRJv?= =?utf-8?q?8tT4bKgNwrjyFAWRv/HsLZJYUyf1MK+v1TDERbvimZ3S4De3cPJN+D3Mhze+sv8EZ?= =?utf-8?q?RRN1fueQIdYSAOax7mQI8Jh4UYIvkY7z2LFrsN5OeMjQgA9XeCjIhCWaf8WX9Q2IY?= =?utf-8?q?JjmbBThqX+WN++MnYevLmabbirw5nBp8fCTvmSqlJnWuluIk/kSidCveirP7Ekx6T?= =?utf-8?q?n1e1Mh3cLNzM8OU3zlSGg/rws+AWmr5BqUdsUDYD+yh/TMNoWcgjsVW1IiRHHa0am?= =?utf-8?q?Xts42iRt5wOzZY0z9SV+HthhI4nCs1cLZQspjxvnWBaQ1Wf6Pm8GlHXAowfQD0weI?= =?utf-8?q?SULiyJtKr5UxrdHwXsUBSkEOmwSZY8ZeU07eF8eCcMIR0NcI7Grwk6TvHLiotbdDy?= =?utf-8?q?AeAgXizp1a+02B+Fh0osCu63gIdJhrEIjRCsqhGaNCn2nJzg77wWnCwr+OpwN6VuB?= =?utf-8?q?lbyb+ldiQPsI92PQ2DAdXXGcMtKMflA/3nSTFVZuBfyaZKjsXtP+QQdd0U2FNrscD?= =?utf-8?q?cUPVUlEqQdFE2E6DBiZwdbCUVuYOvP0XFO+XifVF9AM+bWT9ho0k2mVYrvhfrs4t2?= =?utf-8?q?ao7Cgyrafmkt+5kRK6i9b04RasJSqTQ5MVR4B3CoeXTg9wp7Gy6BFu/RIP0oSvKG2?= =?utf-8?q?Iwp0WAMCNlR3ld7tpZ2D8Sp1Ejg0HhF8tE787COO4XbykdqYelaloYKrbTLt++s7p?= =?utf-8?q?qBswSQ/fvZSl1Xzrlprh9srJ+obieZbSk5a/LATX6BvgP9Xs9LhH1YJBLTL2DrLyJ?= =?utf-8?q?y8yQoiWub3UusvZYPSMaERxjB7PNcFDLgke94qi29oR+07n9SRA63fhtmz0940FDU?= =?utf-8?q?0xt2hnGwB07b3X8WmvebAj55o4bPMPAAIlQOGc/bPpk8NvgZNmtdUeO2n1Ns1sUcz?= =?utf-8?q?gxzrYFCP3n3wu7ZwjUrstTbtjHycIhUoPLGlNGA6zxQENtlb1Yvn8np15xr4XSxq4?= =?utf-8?q?wEiA3WrlpAg?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?z/Ebo+b+LdDnASIDwg+AlU04rs7X?= =?utf-8?q?3xUaqt8/alQZZgiVtzBUzCXwCdEqehleP2RIJM9a/fbCWJeqG3x+lKYQ+LHfr2/qR?= =?utf-8?q?5hrjjdkZ6nmI933xhownRzaW6RkVBTkpQ0HP1tIShQbtIhXLsASXp/68eLy8K0KBS?= =?utf-8?q?YF7waFrxL3qQHU5DivZzvD8zISl9BDXaBiioVUk8FsbUWCNNR0KUbmJP5DpyBMH3w?= =?utf-8?q?RqUzgQ+sgP+zfRALQ20Xoi1TTtRvhaLZhZUeXz/QJebzmKFmY4qteZUjlbyjyJgCh?= =?utf-8?q?JpX5glZbZtddKQs5WQ4GUNnVDU786L06TFNwS0w56RPj8MHy60yu2Fbu9//iWCLMM?= =?utf-8?q?DGHQoobxYG/NDvQCBa1su2z21pdt6PjPiR25v8fmNNUodCa9EkTgVDik+QpYVnYHb?= =?utf-8?q?Ikdybg9voHGpq03MMCo4Xg/pw2Jdu7nss/x3mBdzgybGhla5sMOlq0wFXe9aleUMM?= =?utf-8?q?3HlQZ7+CNxcEvkoMop/2yq85QQldJ4VD3PrYkGKF1rPQD/tvg1bAMYvCLpnaoWdIr?= =?utf-8?q?/rDdYf/ndHDGgIF8Qrbkkkq4LYjboKQI7j5/HzH3BzG99Ti4sg9HrpPLHTs7F/1rh?= =?utf-8?q?x7aRI7aSXVG9dEvGg6n8n08UPcVfXEe/oMJq4Q97mOkZ2NMQ2sp0ZzjxMf88TKV4S?= =?utf-8?q?T/fW5nUFr70zVJOf57VQ1FsbHNSbMBjcstBElAn6qsj1O8Eiqwfjk0RRSdhSA7csy?= =?utf-8?q?zj9NFye30q1/nX8wgHzHZiymtUtwbyHKyfVFeL+XswYGDeP5qYnuMfSGPzBbZr4Ok?= =?utf-8?q?dDhDM0tjDp5jeUe7lvOOQ7xBBP+ZJxHMACqFyqt3ah3OdBTCiHX/sURRiUVqnnDLF?= =?utf-8?q?q03Niz8r15rEp2xCa2buwPj+G5Sir3N22y+lkohXlF9MLlbITr1Y9JluPe4oKHVEr?= =?utf-8?q?qivF+BJP1S9z0VMIKoIgvNYgZSH+E2ZypWy0jwu9yK4mX1u0FwGIn3roPDkgrBNse?= =?utf-8?q?VW9x/ovvUdfWR9nynBLPCCsDr44Q1SQTOrARcBQTsfa48pQgvdWeHZAxQ648JUEd1?= =?utf-8?q?iDfBwEAeUkGNMrV64sp+AqawAe2JXfRNn1zr+551l8IwVBRuV1rf1yJoucmIo1H0Q?= =?utf-8?q?YIwaqNegd9axKHraawo4WYHaoSmyaBKxXxA2cy21q8roHzyk9X3GdXvcGX0hjtjZH?= =?utf-8?q?F7OO729aYA7fxvJSqVGajO+cdsR9KnOxI412pc81chsJlZQNsOaWiNipUI/oWJLH0?= =?utf-8?q?Hkw5z2A14Hu+3Aa2y8tDtm3J+huqkwMB5oUkPEQA/n/ROkZX67f+4HEgFL152ssWX?= =?utf-8?q?45yS6+wJ9XFHtzU+dKFySOkPa0u7H7zkYfkNNYWWB7JfBa8DJDNXd0cNWOsOdhUeI?= =?utf-8?q?l1jde5vmxOKGpPyj/gCbClUFC0yLKKA2fU816454D/FZ8G8d1A/U9EtXhCfdKXYK1?= =?utf-8?q?PcwPK6eF0niy+qKIUzYpVF6fj3/G+gXnu674puUt23nKWT8MsHwGEpXRUc/pqRrp4?= =?utf-8?q?Vtnxbiosivraa0ffU+7hgasqQkp3AETQe8mSgVmKAXQg3TetQUnFoR0HZs6DoYdbW?= =?utf-8?q?BsrckD/BP3LEIv+NS5jq5r1o67FP2+yniA=3D=3D?= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a3309769-06f9-45f9-cb5e-08dd4efdabe2 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2025 02:49:17.1109 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iSTs79sLws3QteRDXeBrAqr5T+o2F0GQ8LICl3+H8yVGGThaCDKdo4ozaRM/EzS/s7nWpa6TohgI0SWWUGM6goY1z7aiIFJE0/4/eMcf4N4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9534 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Stack guard value is initialized in two phases: 1. Pre-defined randomly-selected value. 2. Own implementation linear congruent random number generator. It relies on get_cycles() being available very early. If get_cycles() returns zero, it would leave pre-defined value from the previous step. boot_stack_chk_guard_setup() is declared as inline, so it can be called from C code. Of course, in this case, caller should ensure that stack protection code will not be reached. It is possible to call the same function from ASM code by introducing simple trampoline in stack-protector.c, but right now there is no use case for such trampoline. Signed-off-by: Volodymyr Babchuk --- Changes in v6: - boot_stack_chk_guard_setup() moved to stack-protector.h - Removed Andrew's r-b tag Changes in v5: - Fixed indentation - Added stack-protector.h --- xen/Makefile | 4 +++ xen/common/Kconfig | 15 +++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 21 +++++++++++++++ xen/include/xen/stack-protector.h | 43 +++++++++++++++++++++++++++++++ 5 files changed, 84 insertions(+) create mode 100644 xen/common/stack-protector.c create mode 100644 xen/include/xen/stack-protector.h diff --git a/xen/Makefile b/xen/Makefile index a0c774ab7d..48bc17c418 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -435,7 +435,11 @@ else CFLAGS_UBSAN := endif +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS += -fstack-protector +else CFLAGS += -fno-stack-protector +endif ifeq ($(CONFIG_LTO),y) CFLAGS += -flto diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6166327f4d..bd53dae43c 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -83,6 +83,9 @@ config HAS_PMAP config HAS_SCHED_GRANULARITY bool +config HAS_STACK_PROTECTOR + bool + config HAS_UBSAN bool @@ -216,6 +219,18 @@ config SPECULATIVE_HARDEN_LOCK endmenu +menu "Other hardening" + +config STACK_PROTECTOR + bool "Stack protector" + depends on HAS_STACK_PROTECTOR + help + Enable the Stack Protector compiler hardening option. This inserts a + canary value in the stack frame of functions, and performs an integrity + check on function exit. + +endmenu + config DIT_DEFAULT bool "Data Independent Timing default" depends on HAS_DIT diff --git a/xen/common/Makefile b/xen/common/Makefile index cba3b32733..8adbf6a3b5 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -46,6 +46,7 @@ obj-y += shutdown.o obj-y += softirq.o obj-y += smp.o obj-y += spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o obj-y += stop_machine.o obj-y += symbols.o obj-y += tasklet.o diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c new file mode 100644 index 0000000000..9089294d30 --- /dev/null +++ b/xen/common/stack-protector.c @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#include +#include +#include +#include + +/* + * Initial value is chosen by a fair dice roll. + * It will be updated during boot process. + */ +#if BITS_PER_LONG == 32 +unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL; +#else +unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL; +#endif + +void asmlinkage __stack_chk_fail(void) +{ + dump_execution_state(); + panic("Stack Protector integrity violation identified\n"); +} diff --git a/xen/include/xen/stack-protector.h b/xen/include/xen/stack-protector.h new file mode 100644 index 0000000000..b758a8cb3d --- /dev/null +++ b/xen/include/xen/stack-protector.h @@ -0,0 +1,43 @@ +#ifndef __XEN_STACK_PROTECTOR_H__ +#define __XEN_STACK_PROTECTOR_H__ + +#ifdef CONFIG_STACK_PROTECTOR + +extern unsigned long __stack_chk_guard; + +/* + * This function should be called from a C function that escapes stack + * canary tracking (by calling reset_stack_and_jump() for example). + */ +static inline void boot_stack_chk_guard_setup(void) +{ + /* + * Linear congruent generator (X_n+1 = X_n * a + c). + * + * Constant is taken from "Tables Of Linear Congruential + * Generators Of Different Sizes And Good Lattice Structure" by + * Pierre L’Ecuyer. + */ +#if BITS_PER_LONG == 32 + const unsigned long a = 2891336453UL; +#else + const unsigned long a = 2862933555777941757UL; +#endif + const unsigned long c = 1; + + unsigned long cycles = get_cycles(); + + /* Use the initial value if we can't generate random one */ + if ( !cycles ) + return; + + __stack_chk_guard = cycles * a + c; +} + +#else + +static inline void boot_stack_chk_guard_setup(void) {}; + +#endif + +#endif /* __XEN_STACK_PROTECTOR_H__ */ From patchwork Mon Feb 17 02:49:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13977023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 419EEC021A9 for ; Mon, 17 Feb 2025 02:49:42 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.889652.1298710 (Exim 4.92) (envelope-from ) id 1tjrCF-0001rY-W1; Mon, 17 Feb 2025 02:49:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 889652.1298710; Mon, 17 Feb 2025 02:49:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCF-0001qV-R6; Mon, 17 Feb 2025 02:49:23 +0000 Received: by outflank-mailman (input) for mailman id 889652; Mon, 17 Feb 2025 02:49:22 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCE-0001oi-9J for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 02:49:22 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061c.outbound.protection.outlook.com [2a01:111:f403:260e::61c]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c9a9800f-ecd9-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 03:49:20 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9534.eurprd03.prod.outlook.com (2603:10a6:20b:5a6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.15; Mon, 17 Feb 2025 02:49:17 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%4]) with mapi id 15.20.8445.017; Mon, 17 Feb 2025 02:49:17 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c9a9800f-ecd9-11ef-9aa6-95dc52dad729 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NG+wiwxQ6pMdFp41D9W/vFk2TJxqpXF/CY/kBoLswCZjPmI61o2EXJv6HRG/n/oqmbi0tuLW7Q6X7ocMoiepAqxSzne5qo8t5K/P5zawqjAGlTu+L4Zpra8HKtsia70qx7O5y5cODZWnv8sr5yPYihEKkbbzAPSsqRjR0uLusZCrPBJ9GklM/+WsK4wgd7VFDFYToU1WDcwLWk+HRLeiqQQT68RAmnpgq+4orjYpAA9hZIgHAK0L0Y4lFTtN6pg4VCChmqztGruwLFe5L6GG1MhzMTUJ9lUhya1/8VYxNK7qKRi2CVAzBwE9BMMLJLDGMERHTqn1ubWb4Q6+ZEH5pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n7p/GHrjsr8F4ZE7rkQrmBs/1k/mYhuWeTWyLqZKz7g=; b=NijasZtXI8VIEBU7NmS9njbvyubIDqPL7huBQ9X9Nsso4+KI1QFN/d2eKBI5qYM9qZpvI6Qp0/TJQK2hE2uxkDp7wEP4T3LjCQKTKbi6T6vL/Lut7e7DpDH19TWkPfPcnLIgOZxfma+hB4z/ihlTyBPrICJEq4BW0wr5vLLgP4ha7ryR47ySXyBWlaRYV5hQerbIG7yGlZBj5xJzrXobmcacQGnPB1ZlDDJlGOhM8ajh1iFndEHTsHDjiN4ThLe0po1jaDffmyFl6RZkXvkDufZ57Q5+4XdJEOOwHA3thj1dY5x1OBwaxhYpwaQ4CmsV1ysXH2ws7SCAu5ik6ZofVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n7p/GHrjsr8F4ZE7rkQrmBs/1k/mYhuWeTWyLqZKz7g=; b=UawtOMqxOsTGYhjX0XY/PTf+A6mRnoF3kpyEkJ7mrj++AdNOVYDZjDexkAaOVy5yr7vSid7eTpK3AsR4Stbv/crHJEDIEewBdkSN2xdXdguUy19PIgC/3hCkCjC+qGLrJKvfyiewIMwL/y0ag6Ff92YVxAAy6LyYbOZ1l5TopIfwrLt2NM3GOsJlSSb7Hm2xDpThSFQEntodMKOTRd9VG+OwfjGr0lmxVp/aKkZNDGIGo7cVqx+KLtmVFM1ESy4RUVStEcsSshCFLO7/vYwY6lsRAG0TYGuYtrR3yhMMEq/oSPkRErucnzBnAWeaPn3pXDjlapdxPglsvLs8/UOUEA== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk , Julien Grall Subject: [PATCH v6 3/4] xen: arm: enable stack protector feature Thread-Topic: [PATCH v6 3/4] xen: arm: enable stack protector feature Thread-Index: AQHbgOaJE6kDVTbKPE2BH7sXiNdS9g== Date: Mon, 17 Feb 2025 02:49:17 +0000 Message-ID: <20250217024848.3059635-4-volodymyr_babchuk@epam.com> References: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9534:EE_ x-ms-office365-filtering-correlation-id: 365fe086-dc14-4bb5-7e56-08dd4efdac11 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?rfSHn/zDoldMNOSymd4O29bfNa?= =?iso-8859-1?q?4JT1K6W8D8lL/9FVZhI2nl1rvXX/poSkcCl8NpNV/8wqj2OYwoy1abq7cEED?= =?iso-8859-1?q?1oqg+yltoKAg/rQFiXjmC0gXQAjrLp9FqJ0Bm17by/dnRO1bB9I1GUWGu1q/?= =?iso-8859-1?q?bW0T/wpXcHA3RKfBBy7QJh4jDc1NGMc/7jXd12fIBBwbbDnI4E66HvQiDnSE?= =?iso-8859-1?q?4H/8j73UhAfzJMe0Qva1VKtr8/RPOd8sCdnmciDd1OuH/0XK83sbpwAo28Ts?= =?iso-8859-1?q?0U1u5/pBtgsXsYzRkUbKEUbE624mxJOH0Gdy7YHmf7K3vG/afr44M5jVaAAc?= =?iso-8859-1?q?GAW2EGhXIbdbMc1QOWa7dDWqXRRTKAG5Qq8Ih4Tj3tzyV0+R7s/hum5UKv+v?= =?iso-8859-1?q?nRJshjFWlpsn61TfeJoZ/p1Bt7DlybF0l04M2YNxmdsTRkziegR5qJVFtklp?= =?iso-8859-1?q?b9XwMg5m7NrrmUdglru+zQ3uYoj3v3XaqoJGi2d3stbEqVaAF518kGt25EbX?= =?iso-8859-1?q?3p6ccqmC/Be+LGuJ3yjlx62WctcEHAlha3ASH3Y1iALS+YbUvwL2XezIrnIS?= =?iso-8859-1?q?VM5o7wafS3uN8Oa3/Hlh2pEsIJYaMz8VX5yUyGZfJHqcZn+DWbE4wfedL8/c?= =?iso-8859-1?q?wb2pnLzuXsIHwYprf3/9PNWYh9y44KmnPyrt1bdNji1sSyruxPRfawWijZ86?= =?iso-8859-1?q?1TJ0iW326f//44y1x5HDEOVWYezdX90QVO6AP+48RhhKBAmqO40jqM+7RD4k?= =?iso-8859-1?q?FoamTqrmuVPJZYL6Qee8DTFt25+0MMtuUuwGirzQDtMR295kp+/xI0pqmyZ7?= =?iso-8859-1?q?WqFZV96s59EMRSVHufImJg6WKDxUGuhwOPWk4bNzXLGlfFHF5QiuPZrzc/h+?= =?iso-8859-1?q?xAek5BZKgZXjKmadg1H//7nKvsxmZHuWrqr/VdvZPgmV35RpY5ktNacWkTId?= =?iso-8859-1?q?7bwnlSgciPkWQRQrslK7iS+hNii6I7vkxj0zvKemTq8O+Tp7OrYaD2KEUNHo?= =?iso-8859-1?q?E5Ypw6F8tyYjlS4YlukZdd7NI+e3p+CTpFMFY9QhUQb10Vb1U7Nj8qENYI94?= =?iso-8859-1?q?2BJQZJWswoxKGob904hYMvRsQzGaDUKBpHrjVp3YorsFy2ncZw9BYGXc6/ju?= =?iso-8859-1?q?PgQaCkfSF2AcOUO2uKDZSXrQbT7NaP1ceOUJ1ZB1Y2iwH9NK27DY0bXBqwUb?= =?iso-8859-1?q?/f2zyiqd8KncRAfXtXXxWA3TkNwkF6doAqa5HWGNRWeWkoQ9jeEY8GVCDh+H?= =?iso-8859-1?q?wk6qoFLRO2cvLcwEnQZZzAMwHRXmHsAMbkndGpKX9qqbyJ8mnfRXaYfh4bxU?= =?iso-8859-1?q?EqaJvlPyNABmxPE9SO2J8+jAuti+WGLhbxtLmoMKZONzBV+e1ZtCbgVx2yFY?= =?iso-8859-1?q?vtw04fvntDnw6Rj7QlIDQuGCcWJJAOJ+bXXrpwlwGfg3ub3XA3KgMR4HR5tj?= =?iso-8859-1?q?19mIO2qi0Wjfag/xONLXQyUKQuEEs8JLyjzntp1eehqq7nUrk52KqniwL+oo?= =?iso-8859-1?q?KUmolo?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?7GehUKpaBNBVSSjToNNGDAm?= =?iso-8859-1?q?i3nWSLTRO8ZzyOl1TwcJL8GG3rEXe72Lj2CnxPnQU3w2JcKtPqxeDJNXrDn2?= =?iso-8859-1?q?Excl2LQAVX1q4b8SqQEr+LH6l+jL/45t8ikLoMJoTt1U9XKC2ThT0RzQdUh1?= =?iso-8859-1?q?owWZGlktisj9u3Gtgba29+UqF0yASV7gN1BIRX9G3vBrGtfNWteJNVZEWSyo?= =?iso-8859-1?q?+1HXCr+bzO7WmAvLsQulx+rzj6UKdAcfVfXFyBckZrEg6Y/2iFiVHowN2TOm?= =?iso-8859-1?q?sK9JdNlhERoH0HKZ+KwFO++fqzJvIKiFmxW/IWvMYTi+UHuYOmme46zxnePF?= =?iso-8859-1?q?Jf2h3UqQjtb6mBZ/PlKQIa/IygSGOvSAyPkAF9DboSQMfE1x6GyIJkOSWtVr?= =?iso-8859-1?q?eVRmi5LeCifNhh/fZURmkizuA1L6zacL4PGCieTNaOoi1OrHVLWLcUzbRp8R?= =?iso-8859-1?q?Ju/VxT1recIQGr7wjvDWOn/T4K54ou8lpO+8t2Yj8sdCdTsDxjPZBCSEqYPC?= =?iso-8859-1?q?ltSDGGN0v+9ZFb/M+i+/nJ/VrecE86MiwjGTwbuLxRTW4yJbjW7p5fC82D7C?= =?iso-8859-1?q?2WrmIUYBOthe4XPcgM8KjVMUA/QMVY7QZHjLQO0AI4Ips4c19mbwnZndcuyL?= =?iso-8859-1?q?/LBBTcnxkl7MDQDIFjIvw2h19ow8niHQIh9GsbeoWeQTB4ijrorT3FUNqGyc?= =?iso-8859-1?q?XQKgic+29lpidq0BqNBQvBUW5sKRQiSVGLOYvKwKYKKqongINx70c8UcFkRq?= =?iso-8859-1?q?SXDYMpTqMav52rOWxzpTq9OCCcIl8v96HslWoJWDYpinssGjIyCy9HyzueP2?= =?iso-8859-1?q?IcCkjGIfSS31jqOoBlqLDtJfrvKee1YaQASjNBKkXXGU0DYc/9Zvtq3owTj9?= =?iso-8859-1?q?7FbXODWgEWm6txoak6eRZjbI4fv6nZXVHzc0wqu8t/lWJH2KRyd6z0K3txVj?= =?iso-8859-1?q?8KrSGUpkGaRtlKrQhkAbjcMZaRV6eFbVlhMUlW7MzjKyPBHoUD3R29RX65KX?= =?iso-8859-1?q?yuHrDDVQNqID2DPIjmFqBH/zBvrTQXqX0diIdcKd5ILbKmeT8M0HV2gK/krQ?= =?iso-8859-1?q?0Jaxv9bEpT9IhM4kGoS9xK4Dh6bshT9OyUgER3Mk3oHWr+X9sy4epksO2cDG?= =?iso-8859-1?q?TKVnQT76QtqHSxnshPZgmaV2y6zhgx/ZDtYHAA+uP85r0eI9u0A2wda0WXcM?= =?iso-8859-1?q?q2vK32CFUs13s3vNJKwTUTqO+FXHbOHBAUfT+rn2z+T5rZ284vi0cEiwcS4E?= =?iso-8859-1?q?zrhpEYo8HHk+eHT25H4H8NNGaBxD7wT63KhEF53A+GzqDFKcV+d54UMYN2ki?= =?iso-8859-1?q?h0VKfJD2ujCtIny3R97lBqpoFeTAWWAOGrv6E5yKWtS+l0DuVGDlBJsFknKV?= =?iso-8859-1?q?ASd1zOBQbXP6EK2RP65ZNn27pywwMfec2IkYLN9c79117Jlfo8LFqy8e4XYu?= =?iso-8859-1?q?qx+9IIFFwbTziFokhEdOWPaALdMP9JVdnbEz8drI/rVUt9YP9RGDSIkGmiQH?= =?iso-8859-1?q?0RWbe3tGdCprwbiJMZiJMtirpoCGjPkxUxiJv9/uqxEwxHtwu6d7sUOKBtsN?= =?iso-8859-1?q?QR3VI/IF4B2IThNdXoxGXa7/9afHx3h30wvQjaUl3GLMn1bLjSTO1hauMLMw?= =?iso-8859-1?q?8GBh+jCF7bL46hA1GRcibU7sEv7WGCcbeeHL2/w=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 365fe086-dc14-4bb5-7e56-08dd4efdac11 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2025 02:49:17.4106 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Yl8YKWxG8WzK5FXwldUWMGP7QZbjC2OURPkBp2DwI2lUIZDWLqyOnQU/km54ce1XUDMZ1fcwxwqhPcs5kPh7C/NS7+m4h9UU8cTELilpkYs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9534 Enable previously added CONFIG_STACK_PROTECTOR feature for ARM platform. Initialize stack protector magic value very early, at the very beginning of start_xen() function. We want to do this early because prior to that boot_stack_chk_guard_setup() call, default stack protector guard value is used. While it is fine for general development and testing, it does not provide highest security level, because potential attacker will know the default value and can alter a payload, so correct stack guard value will be placed in the correct position. Apart from that argument, boot_stack_chk_guard_setup() should be called prior to enabling secondary CPUs to avoid race with them. Signed-off-by: Volodymyr Babchuk Acked-by: Julien Grall --- Changes in v6: - Expanded the commit message - Added Julien's A-b tag Changes in v5: - Call boot_stack_chk_guard_setup() from start_xen() instead of early ASM --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index a26d3e1182..8f1a3c7d74 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -16,6 +16,7 @@ config ARM select GENERIC_UART_INIT select HAS_ALTERNATIVE if HAS_VMAP select HAS_DEVICE_TREE + select HAS_STACK_PROTECTOR select HAS_UBSAN config ARCH_DEFCONFIG diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index c1f2d1b89d..0dca691207 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -305,6 +306,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr) struct domain *d; int rc, i; + boot_stack_chk_guard_setup(); + dcache_line_bytes = read_dcache_line_bytes(); percpu_init_areas(); From patchwork Mon Feb 17 02:49:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13977022 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 48FB4C021A4 for ; Mon, 17 Feb 2025 02:49:41 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.889651.1298705 (Exim 4.92) (envelope-from ) id 1tjrCF-0001p5-Oj; Mon, 17 Feb 2025 02:49:23 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 889651.1298705; Mon, 17 Feb 2025 02:49:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCF-0001oy-KQ; Mon, 17 Feb 2025 02:49:23 +0000 Received: by outflank-mailman (input) for mailman id 889651; Mon, 17 Feb 2025 02:49:22 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tjrCD-0001oi-Sj for xen-devel@lists.xenproject.org; Mon, 17 Feb 2025 02:49:22 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2061c.outbound.protection.outlook.com [2a01:111:f403:260e::61c]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id c9084f50-ecd9-11ef-9aa6-95dc52dad729; Mon, 17 Feb 2025 03:49:20 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9534.eurprd03.prod.outlook.com (2603:10a6:20b:5a6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.15; Mon, 17 Feb 2025 02:49:17 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%4]) with mapi id 15.20.8445.017; Mon, 17 Feb 2025 02:49:17 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c9084f50-ecd9-11ef-9aa6-95dc52dad729 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xj47tkysNFM2kwX50vZNp8PqFhLwWsidkqXdeZyMJWL2/Ar1trZG5MWQlcgClrCTPzWVk4Xpm1Q2pI/Yfc/f5h/B5s+d/ACmM56DDpT7TdjWB6N9w1vaLmAqYC9yWzfyuyA48Iq1Cw9LY0OPKEjCxpH7coPIbZkKnVWTRYCvTv07wu+0J3AU3ZzIBbA0Yytozf5vG5T3vH/eQU4y2PyfqhTOuUWEr3qbFRgWiUFVGJQXca79B335sU+g/8IUlfnA9WECXNy+pBDRrFJIUDLYgR/syvmwcVZ2/JKIsZzvLpzOGWiPzwVMMJm9NyQHo7LebO4YvPoaNo6RCcNQgvT4pA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xyIJ2a/VO+kFwu4+ErznKiMqdqaPnBzvYdVAEx1yfVA=; b=bLDq9k/5ud1pUkPrHj67Y94hyX66dX96ilN8Sdy/eQwQ8M6ljopayS4p2sEjNLlvJ5fAiy6vt6sGKDbivof/PAna5UMdATAh8aeNWBKqPHkcWIXtlEyDyxb2BeG9NnnmacDJ4ZHX9N8mMYPLJ2Z5vBbPotZZpvIZLkRFa0580sFGpXdwuNLn3gOM5q0uUbdXUifSOBmQkQmPKtbHMOPLepoEkgTfLYt5jf5VxhtWyxXiEoySLGFWmEqMtoCvEEnhkjhK2W24RXqX8ZPRTHlCsIaDCXH8uUhc8PzDE5g7yy7Uo8cpvJTjcIODylWRMXH1HcT8IxllGifucqLKjmZ2pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xyIJ2a/VO+kFwu4+ErznKiMqdqaPnBzvYdVAEx1yfVA=; b=pbnWiBzZMpIxS/WXhWwNvTZr4hpdpw5IASD/ANKiHP5yqCIfvL+2kjgBdm2rICYKpTnK4DYmAZR4pemfVy3lD2axALM1nO2KKJr27Zzl6XrCqgXN3g5lsrzvm8gamLvk2DGCeYshe4i/Zxv4DTDE7h3NQB3K7MtvCpIj03SdCuhOHo3RDf7RTIXjXoKq2SdIDGdyM+fTLYvc2JcjUIFfcOoIOPGt7KNwdkhYUf86wHnCFeebeT8TeLXQgdsYyqkWZwNTb6GqtiuQqMa+hbnY1iWAAp7EpX4o7DXlzo8o9UttGMDlVeeSJGTR0Jb0Ogye2S5907vN2GeVgFtoeZ8xdA== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Oleksii Kurochko , Community Manager Subject: [PATCH v6 4/4] CHANGELOG.md: Mention stack-protector feature Thread-Topic: [PATCH v6 4/4] CHANGELOG.md: Mention stack-protector feature Thread-Index: AQHbgOaJbtm4EXoPpUKhA13Cq77mpQ== Date: Mon, 17 Feb 2025 02:49:17 +0000 Message-ID: <20250217024848.3059635-5-volodymyr_babchuk@epam.com> References: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250217024848.3059635-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9534:EE_ x-ms-office365-filtering-correlation-id: 7986e5c0-1d1f-491e-5e18-08dd4efdac2c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?AtPD1jL5fRep5aSIB9yis1Vm7o?= =?iso-8859-1?q?AfyJi/v8my+i1lhsktceYKBPGiwSZEYezupdQGEHPvfkywew6ICpHNxEzXbB?= =?iso-8859-1?q?3hcXFWfjUha/Yox16jJiydrWtTv7Q6GdHNGB3jdgnFlEM0bxcKs/80/HSGQF?= =?iso-8859-1?q?ICjvDNk3M/TO2NeBTs5bii8Pv1kcC+VLY0VIEFW68Xi/HavA9WvprOi96GLh?= =?iso-8859-1?q?NBeJ0kw2UI4Qn3EvUq3wJrtQRaHDLZNlUEJPPmndRN0A9FzAe5r0C3bW4hMH?= =?iso-8859-1?q?MiOIaTFOXg1gQutQebmLjHB2pJVOorP8lwgNJUhQO2tOtD5L+Ap1Go2z0qC9?= =?iso-8859-1?q?/33D6I4UfzPTDCf0sZdRlZ5HjuXw8W7cIv7cBCzxuy77HWe/+9i3hbQll498?= =?iso-8859-1?q?O59k/vjX/jwMwKNVYbZQ1eXEpD6LEjnV14purkiZTbKHYKQ+JCwEp97Fit4I?= =?iso-8859-1?q?JqVC8nEkPaR2BDywzLuAAi7xrkEVFMf9olh5jKfgRuYcy9lVbdTqON07YSXj?= =?iso-8859-1?q?8dve2BqVGrwx193RVjvKB2a3JO00mySeLdH7M4m45Xk0VAZ9zRr5x5EmTn9+?= =?iso-8859-1?q?urRAOUPs7vCzSrE+ZGsLJ2/o93xgUa0E4+km/cg6ukuAN6G9TkL3Es4obOxp?= =?iso-8859-1?q?5QfaEYPrbJlffKRy+qyHp5g7LXwIbEpB/7nNkFX+/QbIt2GW9kQMfHTLGB3j?= =?iso-8859-1?q?oLmUjLggzn+XC2/xS3v/o9NgekYP/q/id8h01J/rwAuzROkmV0aP2BakbuXh?= =?iso-8859-1?q?lUwqCe69/T2KzIzqCfs3kgCvO3TdtclCe54X1UGf7UhhbcZYJwLZtORNBjru?= =?iso-8859-1?q?MDKZJSWL0o66gm5e4lkqvPdHTWWdHlhEIHF2vH8iEqsYI7xqhFvlZbpQz+/R?= =?iso-8859-1?q?udjSq2FhqYaa5Ed9/l7L/VqUJLAs1NJ4zzMBYUo+3itSD9YWkd1yIgEIo4KR?= =?iso-8859-1?q?c9bjpzlycNKiy6mJ4hvwao9BIvGbO722qQRaHEGfJe3mnt3dlh74aV7b+Ev0?= =?iso-8859-1?q?ZunX+yyEXWRu9BQatRk8mzTJeGZ+zBXliHZDhzSaw6v05CO2ts1fHZvS9GSE?= =?iso-8859-1?q?tTnsepvUNurh9MEBl7+CZBnRKSE4EUpdoszZJyzA0A9g2x6w1UiLo9++8BzL?= =?iso-8859-1?q?LWk9mqFVIcY1/NG7hJXiN8iUIW09HeloalFMZ0cWCaUINn5rlgMnmU/D5g+M?= =?iso-8859-1?q?dIzInNQoSUYelOqCCzchWLuoiknicM38YL8BvPQSm2oXxvrlbFSNqvtFJD5m?= =?iso-8859-1?q?wuI7DvV01Q9lTltstfe2cHIFXvVz99MbKDoytFKzL1twQez8UlF5iMlg9lHA?= =?iso-8859-1?q?dIBgGT5ya6NJNgIg0oecuulgRKjc6kCqhwrfZS0qHUCu7rHkhCV2a+WCbyy8?= =?iso-8859-1?q?FNAGf6n2ZHyJhP8jePNaEhmVOoSfdodqyIwa72iCpdOaBdzn+DbQNIXrvBwC?= =?iso-8859-1?q?Rn?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?mWP8MvdS+8Pg+CFsts16Nmm?= =?iso-8859-1?q?u72yB856FBAUIwnmWmkSU41X5i8D60ec6hD1pQCBiHT8w+F5//vYR4CyAjdA?= =?iso-8859-1?q?PKU69MSNgmpB1BtZPRZaBKj1EY0sCJj50Hm7dfJW02BGbwRF7PLKsG4MLj/C?= =?iso-8859-1?q?Sn8/uCocCPaUM+N05+a5AJSbEROkDTagsgRkJ73nMi78nWwoUKRlYhLOguKr?= =?iso-8859-1?q?XXzdbzExypK5OyGRMxBLdB9lRcK8vl7+EpaSiVZfArOHQqR/vLjtSogbztli?= =?iso-8859-1?q?zx28WQlHo3vKHKE9NDAgmUIyT3ruTnvUdgNwXhpLvV8gmM/1azsqA4ifcH4v?= =?iso-8859-1?q?2foVtqrsqKhYCHqHAgZ3TjiKvm0rSyshOF5zkQboAGZzGQPyoIm1SSI6E0HU?= =?iso-8859-1?q?fBMpyclySYOG/8tybt4xfMXh3Gy3BQxRX6h6ZGA8NUn68/fNDfbrtxLAS2vJ?= =?iso-8859-1?q?Z+c4HnntS7NzaPRdrvYil1ChyIxVoiOysMnZ47oyke2MT4VRxDXXiij2Xzm9?= =?iso-8859-1?q?xARjGcn/09FbAyVRia3sBSdVsWHdyyjBDWpf5FtAVajL6JEPABahiN6UHY0d?= =?iso-8859-1?q?fw2PXc8SxRoZAYNO+/YL1fFxFAz8zm6J/pvEJorD3+OCxyTQpLEY3dFt1Eyw?= =?iso-8859-1?q?5Rkqkx6HSep8N5hSXnth1Wt26c0yB0ANcPngbwSKCJGx5isD+yFahAVGc1B9?= =?iso-8859-1?q?oxqzxuVj7JaS8FZ2ZK0cgKZ7vSkViPlSnwpA6GQ/xyFQecLcEi8bGq1Z6e4V?= =?iso-8859-1?q?9Yl6DD2uSWMPOD+OtNKSkh10MCMWsaIYNJC2cnRv1LQDlFuzW1282T9PoH6s?= =?iso-8859-1?q?frPkuAsobBgxyVrT89Z36mPdMG2PMpQA2Pf0Xj/BsgSgZtZ9Q4f7yNwmvAJW?= =?iso-8859-1?q?4pFBrqf+6qFPjlxQhe/mLM1e0Vf8rg/5vxdgX1DNxEZcrhSjAW07irsqDgf+?= =?iso-8859-1?q?ptX457LaLY2iBi0GhglQ3fQUsHusOJy+9ffZCTHr9iQdJsVp3vlnW34KD/I1?= =?iso-8859-1?q?QIG5OJ53+dr4ElsGsSYe+YDu3U/8HaWWUIB8VPiE77L7ZLW+m/1WFabnFIte?= =?iso-8859-1?q?B95LEaqp3SRTpHPpKuusAnmurbZuzVg4vg4Yk840iVvMOSrp2c9XUG6Ek8IA?= =?iso-8859-1?q?OMkchMzvQlc059gnzqfeI0pVv/SVzj4Sfhso3UCn42ZCKaBxj7IBj8EuOqvt?= =?iso-8859-1?q?9cuzw2x3GuhQBMajfQddSrRZhlWkBDdTPt7OEiaTq4DuQVA+U7M5y7uJ/Raf?= =?iso-8859-1?q?evgfFS2ywxsn2bW1W0/oaM8evoAGkC3k95s3M49GtNIMu4eoO0o2n1UcuwYM?= =?iso-8859-1?q?gGSVRtoTMkCAiU0MgjdZkyZ34ZbiUKCpqMpJv26XqnM6WT6d1Rjno8GRdx05?= =?iso-8859-1?q?3xJr8SwPIaB+14RmjSPCxPHU4nc17RTEev9tOBxSfdnhXzA2eodQRgw+SQ47?= =?iso-8859-1?q?e4B+qOAi6/a8qQEo0PBGnwlOhEvrQgnoABgZH78T0voovFPo6rPEpqT5JrSy?= =?iso-8859-1?q?4nqwOZFwshxU3vMu7DRNN5zi47xi9Zbk7vGc5dJNmxzyWeYnDk1aRJWnt/ZT?= =?iso-8859-1?q?ukLYAetsZ1cT1oZvw0LmgWzwFs5bUJh6BT58USXM2lVyjWztYKu/kHvE7hOt?= =?iso-8859-1?q?Vu9vdoQxiFdFpuWzSUaQvFrZyGaRHY3+h6XGdYA=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7986e5c0-1d1f-491e-5e18-08dd4efdac2c X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2025 02:49:17.6890 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: XeWuTM4usAnzKJAX84iNZwElai6TCQ+2x3+lyLaH9FlSfnovBD0e744ybAztvqfMA2niSHWN0Tw8cTzaEfsf6dJjZnAv4z+JsRFgFHiGr3w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9534 Stack protector is meant to be enabled on all architectures, but currently it is tested (and enabled) only on ARM, so mention it in ARM section. Signed-off-by: Volodymyr Babchuk --- TODO: If this patch will not make into 4.20 - rework it by mentioning a correct version. Changes in v6: - Dropped Andrew's R-b tag because there is little chance that this series will be included in 4.20, so this patch should be reworked for 4.21 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1de1d1eca1..4cac4079f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Basic handling for SCMI requests over SMC using Shared Memory, by allowing forwarding the calls to EL3 FW if coming from hwdom. - Support for LLC (Last Level Cache) coloring. + - Ability to enable stack protector - On x86: - xl suspend/resume subcommands. - `wallclock` command line option to select time source.