[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 3/3] xen: arm: enable stack protector feature

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Wed, 11 Dec 2024 02:04:30 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7IPKT9OsPoDBg5bm90YN85uCTHQcge+IDT3Vd6o2ITA=; b=kfdsdpr1YmBYed+3+BE0uKapBXpbhffr3W5CNd6dCGqrreqdWdxrrFWkDpRf1DWv+2lSWhR5rjRtu9m/tAEfCJ5qj9spQ4o6P3vGC5HlwJEtqji3vij/XkZuDkfpeynhNBx4BYlQUy0BIM+kg8TJQPFOAsJmaOQ4uW0ukRI2B0liQWyGZtdgKpaDzdknKAb6r8VBQaO6K5EBLD4FG8p5880w1n9+vO5yghBrVTOANrN91H0y8Moyx8LLrOrcGg4L190522IkmNccS+ItTYKUysXcnwstYiNUe8euND81/6ja76Pose3sTR7AfN0c7ojDnBs70/sCzqkXacTW14YjLw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ge1XlQbgH1UdvXJE/zBdwMM2tr9pint8/IVqDbnY23Vuc2xRCSaSH/mcrW1GSGysffF99uWSk4PDlRnXeKD6lVFgbuRCyNzrnd+xmCtAvb+TSmHgjz4r6JTZqPVtNjOt0+7mHAHNKCuti40MUM2phKD9Lrhf4atS6ggaqMIIAZX6QMa7gTPcPJ0eKQR3cMf7UVZQTnxEhGj/IrGPkRr7ti87mVehX+8vLpy54caluz2bLNzn49skrcQM9JD1egXOdl9/xmrX1iJzJfMDaryFugzAuF7xyPEitUqEVOMB+PaLjPX5DOiEn6jNxEz78/38sMfZiZgFf/iYniGSEHcBqw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Wed, 11 Dec 2024 02:04:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbS3EEEJvy+ytb5UyNE3P+n1UzAQ==
  • Thread-topic: [PATCH v3 3/3] xen: arm: enable stack protector feature
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. We initialize stack protector in two stages: from head.S
using boot_stack_chk_guard_setup_early() function and from start_xen()
using  boot_stack_chk_guard_setup(). This ensures that all C code from
the very beginning can use stack protector.

We call boot_stack_chk_guard_setup() only after time subsystem was
initialized to make sure that generic random number generator will
be working properly.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>

---

In v3:
 - Call boot_stack_chk_guard_setup_early from head.S to ensure
   that stack is protected from early boot stages
 - Call boot_stack_chk_guard_setup() later, when time subsystem is
   sufficiently initialized to provide values for the random number
   generator.
In v2:
 - Reordered Kconfig entry
---
 xen/arch/arm/Kconfig      | 1 +
 xen/arch/arm/arm64/head.S | 3 +++
 xen/arch/arm/setup.c      | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 23bbc91aad..a24c88c327 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -16,6 +16,7 @@ config ARM
        select HAS_ALTERNATIVE if HAS_VMAP
        select HAS_DEVICE_TREE
        select HAS_PASSTHROUGH
+       select HAS_STACK_PROTECTOR
        select HAS_UBSAN
        select IOMMU_FORCE_PT_SHARE
 
diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S
index 72c7b24498..535969e9c0 100644
--- a/xen/arch/arm/arm64/head.S
+++ b/xen/arch/arm/arm64/head.S
@@ -250,6 +250,9 @@ real_start_efi:
 #endif
         PRINT("- Boot CPU booting -\r\n")
 
+#ifdef CONFIG_STACK_PROTECTOR
+        bl    boot_stack_chk_guard_setup_early
+#endif
         bl    check_cpu_mode
         bl    cpu_init
 
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index 2e27af4560..3587baab21 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -13,6 +13,7 @@
 #include <xen/domain_page.h>
 #include <xen/grant_table.h>
 #include <xen/types.h>
+#include <xen/stack-protector.h>
 #include <xen/string.h>
 #include <xen/serial.h>
 #include <xen/sched.h>
@@ -359,6 +360,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
 
     preinit_xen_time();
 
+    boot_stack_chk_guard_setup();
+
     gic_preinit();
 
     uart_init();
-- 
2.47.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.