[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 0/4] Add/enable stack protector

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Tue, 14 Jan 2025 04:25:55 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a0nv7W8vVhr0JkTF84nve4JbMYGweEVnfzqPpaJwAmg=; b=xbuowyeRzTedra9cx1Sa7+YNMp3Kx9DZLXzZla7KK+dX8hMlNDBeecQ6qgHAfbDASw9dWwnWCfxZLnL7uu0aktbk3lbNtqrNPXG0mBkW69pz85yGutvtQ8vm2GAgb/wkBPZQJ88lKnhl5U2LuMbqf+qPkk+BwiFi8+r81Z2fvNjXfewjZtull3fYGReuc2Eit4JVH/BEqv/QcTm+sz/TZy3oja0IModRhGJ0by5/B/gZqogTpGIISDYMEcFJf0J3OqOe+3xCmG9hwbeBtumGeXegXr8K7p0n+OWzwcC/2B/F0/RB5R/rrXbWhSv3Ue0jgWomMDqiHpr5OsnF1v9Z3w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fCP3yA6RQOZYd19qQA5DtwPrQ4XZP/OI+bYfOMOJlJaIP6XqeGqeFxRmz/vte+zDF4BsWI+QHZ6mBU0nbjUlbvopZlEXnEosnCrO0ugLUaiZV+B00X2R1PPu4iEI0O0DPCZOLgOAoiHANBeV6t4aWcKgGsT1z5a6Mf2+NZ6/aCruajnbT/utTUxsCw5w5Q9JX9PpU1shrA4jQcAoPAxFbtnyGxnR6732aYgBmtweMtaAFJ9bIxL7g/K4F3YI710RcQPI4TwhRq/PhBefffDuvOOfW1XqZQ1u+8POsUVtwRhf7NqGWoyHftzrWivqFDEPVYbqb2uocBwUYl5Ltzi6gw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Community Manager <community.manager@xxxxxxxxxxxxxx>
  • Delivery-date: Tue, 14 Jan 2025 04:26:17 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbZjxnT1sWh5IhbkWxtBQPTP3DXA==
  • Thread-topic: [PATCH v4 0/4] Add/enable stack protector
Both GCC and Clang support -fstack-protector feature, which add stack
canaries to functions where stack corruption is possible. This series
makes possible to use this feature in Xen. I tested this on ARM64 and
it is working as intended. Tested both with GCC and Clang.

It is hard to enable this feature on x86, as GCC stores stack canary
in %fs:40 by default, but Xen can't use %fs for various reasons. It is
possibly to change stack canary location new newer GCC versions, but
attempt to do this uncovered a whole host problems with GNU ld.
So, this series focus mostly on ARM.

Changes in v4:

 - Added patch to CHANGELOG.md
 - Removed stack-protector.h because we dropped support for
   Xen's built-in RNG code and rely only on own implementation
 - Changes in individual patches are covered in their respect commit
 messages

Changes in v3:

 - Removed patch for riscv
 - Changes in individual patches are covered in their respect commit
 messages

Changes in v2:

 - Patch "xen: common: add ability to enable stack protector" was
   divided into two patches.
 - Rebase onto Andrew's patch that removes -fno-stack-protector-all
 - Tested on RISC-V thanks to Oleksii Kurochko
 - Changes in individual patches covered in their respect commit
 messages


Volodymyr Babchuk (4):
  common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
  xen: common: add ability to enable stack protector
  xen: arm: enable stack protector feature
  CHANGELOG.md: Mention stack-protector feature

 CHANGELOG.md                         |  1 +
 Config.mk                            |  2 +-
 stubdom/Makefile                     |  2 ++
 tools/firmware/Rules.mk              |  2 ++
 tools/tests/x86_emulator/testcase.mk |  2 +-
 xen/Makefile                         |  6 ++++
 xen/arch/arm/Kconfig                 |  1 +
 xen/arch/arm/arm64/head.S            |  3 ++
 xen/arch/x86/boot/Makefile           |  1 +
 xen/common/Kconfig                   | 15 ++++++++
 xen/common/Makefile                  |  1 +
 xen/common/stack-protector.c         | 51 ++++++++++++++++++++++++++++
 12 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 xen/common/stack-protector.c

-- 
2.47.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.