[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 1/3] xen: common: add ability to enable stack protector
- To: Jan Beulich <jbeulich@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Mon, 24 Mar 2025 14:38:50 +0100
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1742823530; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=fg4AdSp/4w4ePwGukNfy4BDqKs2+tU4sYzE8mqw+324=; b=ZIj4/E8hQwFKQUXMqJ7GP7f9P0yjvm/DyBvKVHiWxPQ77E/xxletkbZ4SiEEdiIXpa8V TBNNQs/Z2awcSyVvtStRv3ghf8dtFPRIN4iJ1bLuGouONix1/wHFJUK5ZAEACIforBaMp MFJEiY9ZmZ4Nyn7OW/AYxYWjQpyYyWbLdio59SQ18J8om8Q2KPWTA12p1hNtQZ8BK30pd /BxitcXAZ6tWTD61PNWnaox5jpwCjp6+CVhA7pk178PL0bGO0zj5VZlR2cIoGLhWKtZml 9CPcGI6187xLFkhQhQHlwoIHWG+svfDzlkxUou83+rpGMIIB2bcDt9McuoP/KNgXkka5A XRcxChxaz7ImYbQ/rRvN5wjVvaefIpen3sPkZh3kk6EvMikHP4F2beUsiJQqSLdlZJJdR UkaeKJKRnX/y4WiNLKnjLM3vtK9xMZcEdQqiroImU4IyMXhAXTrJsLuFMX2AxQRMma1Cp cs/nc8TtgLkxZiLiwKXpG3lnzlxbMOescVuFLd2G96IUpMFZB/SaJcxEx7OQYPUkIIoXe IBWvv2szCMqszp7xdNHYSGsIADyPx0gqeolL6fMW4l/DpElTBia4c7T1GGo+EeDiUChuR VqvVeYThvuCeRWEV1CV7HmFfx57Ri8SDpkOQepHROSufKp1ZDMCysdBr2dBKYyI=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1742823530; b=J+8s0KGKMzoLwGIRx1bf4t/QuiWX01e5HRlHwIbAlJF6APGtgicpZiFq7ATE1zHi1EbJ Lgr41xkQ/LQ3MWT4Oc+uqX+aMOCXsXIqeGt19P5D1XOAqDzotekgz5vJ73q5Egvhk34Hg QclhVldc0QLS0Ml0XOTMnyAHtg7d3WkMl12uN/c4nwketYYlqrItQIHhb/MNqG49Wnz42 4r3h3Lalwt5QS4hdpuFmqp096RJHTaDYFoqCYhGprJMS+/VKVjB3a8bU35t1MVHcnrj5w Jnz9AvK1zePwEXuA28tu0098k7zXcMCiqAk+izpLrJgtWbyrZ+P4tgWyzT6Bz6zPclQGb OxwOvV+I4MZGzCiY87gZLTe4UF7DBPFZGM+A/rkjuTbzHqzgVFUUHrlzTbNinK1cTzhpn 3Ca7rruYoDeSJaCXRfRJFbPB4ybqyWjpw5cWxhlDXcBVFUf4C+GN+nHZUWdI5GBxjcmKF 7vp1AvPVmpS0LAOK/B5g0rYG5dUuUNXfFosdM92Jp63N8ajHzCwbNcbN5vWk6ar6au/ci NgrKgRYB/l7sfJfzJpMMtVGF9To4SYetDLdSiog5/ZrXo1fu9XGXlnMaa5v+C3hDAB25A zTvYR3DYSkUZ73qZtcoVxBeByT5tI1662U9AdGlEemWoJxKPS1heWRMksfN50UE=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Mon, 24 Mar 2025 13:38:54 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-03-24 13:50, Jan Beulich wrote:
On 18.03.2025 03:34, Volodymyr Babchuk wrote:
Both GCC and Clang support -fstack-protector feature, which add stack
canaries to functions where stack corruption is possible. This patch
makes general preparations to enable this feature on different
supported architectures:
- Added CONFIG_HAS_STACK_PROTECTOR option so each architecture
can enable this feature individually
- Added user-selectable CONFIG_STACK_PROTECTOR option
- Implemented code that sets up random stack canary and a basic
handler for stack protector failures
Stack guard value is initialized in two phases:
1. Pre-defined randomly-selected value.
2. Own implementation linear congruent random number generator. It
relies on get_cycles() being available very early. If get_cycles()
returns zero, it would leave pre-defined value from the previous
step.
[...]
+void asmlinkage __stack_chk_fail(void)
The use of asmlinkage here comes close to an abuse: The Misra deviation
is
about C code called from assembly code only. This isn't the case here;
instead
it's a function that the compiler generates calls to without source
code
explicitly saying so.
This imo wants approving from the Misra side as well, and even if
approved
likely requires a justifying code comment.
Here my suggestion would be an explicit deviation via a code comment, as
described in [1], to describe the motivation of introducing such
definition without a declaration. Moreover, asmlinkage is only relevant
for the missing declaration, but is not effective for other rules. It is
probably appropriate to mark the function "noreturn" as well, given its
purpose.
[1]
https://gitlab.com/xen-project/xen/-/blob/staging/docs/misra/documenting-violations.rst
--- /dev/null
+++ b/xen/include/xen/stack-protector.h
@@ -0,0 +1,39 @@
+#ifndef __XEN_STACK_PROTECTOR_H__
+#define __XEN_STACK_PROTECTOR_H__
+
+extern unsigned long __stack_chk_guard;
+
+/*
+ * This function should be called from a C function that escapes
stack
+ * canary tracking (by calling reset_stack_and_jump() for example).
+ */
+static always_inline void boot_stack_chk_guard_setup(void)
+{
+#ifdef CONFIG_STACK_PROTECTOR
+
+ /*
Nit: Hard tab slipped in.
Jan
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|
