[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 2/4] xen: common: add ability to enable stack protector
- To: Julien Grall <julien@xxxxxxx>
- From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Date: Mon, 17 Feb 2025 00:59:40 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zc0qZGEe4WXKS5RV6EfTrd/7jqkLTbcTl4byQyMaXtc=; b=G1ke0+15mqmUe3Fdg9tLLqZWyCcmmKG4sj16GYvCuzvFfiXVgKc627l4PVQDMGPKYuIDuLCyHlf7DnlzHIrVeiCsErwjKaw7ljqqwGjlpmsa7EFoAsx1+es7hCmv8kCOjNgxQGyYa5hmJgfwB8yYFAu/Omjx0cHzGtOzyjwaV537I8/aD8FJTtRgLjdQaAANZBm5B92QLlgg72uPfKZSeuJxdWjYaZBay5RRw2JXj2c1a8dZspDofiWTFcLqWcfjMQg3b/6iQrQO7uNKWS1VYS3V838jbMBRtjSvw9eN+A9gfTi9lcxsZutMmdAfXhSwMZEhyJ9ycfjRs1H0VVO/ZQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZwX3Z60naN7VY41//xVYiVxuiwP37qtB8l151pKrgIC10V7nE9D+WdpBFdgVbJrBw6pyHxU2BZGzNQvoXmuBn6lOHPvBys9jph7tjGpf8t93kT05TDkbiqQQ7p1uHGYlCZ0QDruDYjGcpc1zAR9UtXodtMM5qmV4ngKSVweVcPyHI8gNL7zB9JfW6JciwTx6u/5PfRChFz8MsaIkxMvhyJC33kxW5yhHAbwX+HbnFmSMMFlVpDaIrkZN+A/HHRnEQHHl6p5GJ8QVxW2JjwMKkUPIX+00QLumWxeG+x8FhtRHr5rmcfvq9PdufrxsNVyRpR/2StURJWqPETf3bV5/hw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- Delivery-date: Mon, 17 Feb 2025 01:00:09 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHbfmKwgsjxBZVOSE6qB7f/GfKgPA==
- Thread-topic: [PATCH v5 2/4] xen: common: add ability to enable stack protector
Hi Julien,
Julien Grall <julien@xxxxxxx> writes:
> Hi Volodymyr,
>
> On 13/02/2025 22:00, Volodymyr Babchuk wrote:
>> diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c
>> new file mode 100644
>> index 0000000000..286753a1b1
>> --- /dev/null
>> +++ b/xen/common/stack-protector.c
>> @@ -0,0 +1,51 @@
>> +/* SPDX-License-Identifier: GPL-2.0-only */
>> +#include <xen/init.h>
>> +#include <xen/lib.h>
>> +#include <xen/random.h>
>> +#include <xen/time.h>
>> +
>> +/*
>> + * Initial value is chosen by a fair dice roll.
>> + * It will be updated during boot process.
>> + */
>> +#if BITS_PER_LONG == 32
>> +unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL;
>> +#else
>> +unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL;
>> +#endif
>> +
>> +/*
>> + * This function should be called from early asm or from a C function
>> + * that escapes stack canary tracking (by calling
>> + * reset_stack_and_jump() for example).
>> + */
>> +void __init asmlinkage boot_stack_chk_guard_setup(void)
>
> I am probably missing something. But what prevent the compiler to
> insert a stack guard when entering this function and checking on exit?
> Wouldn't this fail because __stack_chk_guard would be different?
Yes, you are right. I got carried away a bit this time. It is working
right now only because GCC does not emit stack checking code in this
particular function. With "-fstack-protector-all" it panics, as expected.
> IOW, shouldn't this function be a static always inline like it used to be?
Yes, I am going to make it inline in the next version.
--
WBR, Volodymyr
|
