From patchwork Fri Nov 22 21:07:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13883615 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6D7A0E69193 for ; Fri, 22 Nov 2024 21:08:12 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.842001.1257453 (Exim 4.92) (envelope-from ) id 1tEasP-0006xQ-GD; Fri, 22 Nov 2024 21:07:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 842001.1257453; Fri, 22 Nov 2024 21:07:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasP-0006xJ-D0; Fri, 22 Nov 2024 21:07:41 +0000 Received: by outflank-mailman (input) for mailman id 842001; Fri, 22 Nov 2024 21:07:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tEasN-0006xA-MN for xen-devel@lists.xenproject.org; Fri, 22 Nov 2024 21:07:39 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20624.outbound.protection.outlook.com [2a01:111:f403:2614::624]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id cbf583f7-a915-11ef-a0cc-8be0dac302b0; Fri, 22 Nov 2024 22:07:35 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PAWPR03MB9738.eurprd03.prod.outlook.com (2603:10a6:102:2ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.20; Fri, 22 Nov 2024 21:07:29 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8182.016; Fri, 22 Nov 2024 21:07:29 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cbf583f7-a915-11ef-a0cc-8be0dac302b0 X-Custom-Connection: eyJyZW1vdGVpcCI6IjJhMDE6MTExOmY0MDM6MjYxNDo6NjI0IiwiaGVsbyI6IkVVUjA1LURCOC1vYmUub3V0Ym91bmQucHJvdGVjdGlvbi5vdXRsb29rLmNvbSJ9 X-Custom-Transaction: eyJpZCI6ImNiZjU4M2Y3LWE5MTUtMTFlZi1hMGNjLThiZTBkYWMzMDJiMCIsInRzIjoxNzMyMzA5NjU1LjgyODIzNiwic2VuZGVyIjoidm9sb2R5bXlyX2JhYmNodWtAZXBhbS5jb20iLCJyZWNpcGllbnQiOiJ4ZW4tZGV2ZWxAbGlzdHMueGVucHJvamVjdC5vcmcifQ== ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dkP2TPxSWigLeV6ImjKyUswMrA88KogGfDnUdcKvcTU0aE0gp81+LjLZQuwJ0AEMIdP1zlR9l8XCx16q+W1ApGRL0cEunxSQ8kZjQWWZ/kJe5HU+PTq+pjzok2ly2a9/sVMQg6ZJ7Nex061uo7di3vNhjk1wwLzA1wQqmqs8N86ZPGYrL5A3bclQN60fo//e7GXyTElFs1a1LGp5ewJvc5+G2DN8ZK+2hq9n8VWT/CcG23v4K2P7bceXf488K7xc7Wz2KxLlhPF2+vtM0knYfbgIpYWd0JhvNR5AsUuNZONjbBuRCS15Dt2Ec6NEZoseEmfDPWfK0L94aTbc+p+UiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SMx/mwcK5hU6KcgFvnAc6iQo9AVCd9WSH/e8jGDjjvY=; b=mUpXtnfBajurR1r/njEq70+wdI8R8qNx2GeVWePeZHGVFrVzpWZVIv6Qh0FwBdJz6saU0DMNHqFZNPhWPXxHhLzRrpZBBI45Mk+HD5Z8ZxhiQQVOWc/whDbl0uHzwAoQadFVnpIrpWsLwcxHnrOEqsDXRpOWAT5/mxwLjh+YtOYoj0MIuVsUPrmb1u8fhhe5FrDXD9f6nj7rW3jHtBAcDM2ttyQN6e3K7omHC9R2Yk+fIY/sJt9KvqZnEZSyrE618KpW3yNCCTe9qesJvJxpOxbI2bdXgiChv52gQQnGCQMnGm7s6CU0Qd3gOLm4H+WqOUFndtxbE5k7hNjlkBAGmw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SMx/mwcK5hU6KcgFvnAc6iQo9AVCd9WSH/e8jGDjjvY=; b=YEAeyDfcbp3NPA6vY7nNj94lu2mxujGT3Uapzew0x9vVkjjlaY/X6ki5Uo1Roy8cHJS+7jzcYjxn9KHPuOnF6+sgcPDo+/dOuzcA6qZ/CONsQDe9EBZLzxlTuLtJ/ItLto0zFJ2e8Dw6/14hNqIKrSgWVntbzxqCK4w2F2TLAX7tyS443jn+ZPA6j2yTxJJDRBhkqN0ADWnYv4HmcDjDzFLSlUn4MdYpJ3GFnpXXKr0TU2H2PCXSY4q+XDsEZG+qPuNQVUD29oZh+Alus8zSZZRr5gXF/gelRQRDYUOffRot3L0F0ewGvUwj8rzQQC+8i1URr51Z/HNJ4YfE0fgEBQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Jan Beulich , Julien Grall , Stefano Stabellini , Anthony PERARD , Samuel Thibault , =?iso-8859-1?q?Roger_Pau_Mo?= =?iso-8859-1?q?nn=E9?= , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk , Alistair Francis , Bob Eshleman , Connor Davis , Oleksii Kurochko Subject: [PATCH 0/3] Add stack protector Thread-Topic: [PATCH 0/3] Add stack protector Thread-Index: AQHbPSKJvmf4+DJbxEu3vjqcFnhN7Q== Date: Fri, 22 Nov 2024 21:07:29 +0000 Message-ID: <20241122210719.2572072-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PAWPR03MB9738:EE_ x-ms-office365-filtering-correlation-id: 0ea95a58-1046-4d54-20ce-08dd0b39ac7c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?TRHphPECUlSe/aaEWzduhgqDpQ?= =?iso-8859-1?q?NY4ntR5bMWhpzeFTDV7JYEvzYU7Q9gu5VAWDxogDnN7yscfQLtZa5CLhVkBQ?= =?iso-8859-1?q?thrnOidCSmpGMnHQ1mZkGeK2Bn0qH4PkVLF0v/u+ToHIRf9uBFt8nQwCqWWW?= =?iso-8859-1?q?sy30Imy5mG8dMvXJLE6UDhgD6V96THwPPFR868pc7tX2eVTJsuCLw2XIiKoE?= =?iso-8859-1?q?J3BOX6RQe3QCzai5oI/MTkOMpsQ0jtcS7MjrBGad+pmjsjtn0lHVQYvRqi/Z?= =?iso-8859-1?q?3BXRMhHUOSfSBlVQO1sM2ETBKcDSSSsLlUAcq2BgeEStholhXxvokQBcXLO7?= =?iso-8859-1?q?a13mIVv8GWkbH4pQsRBhHuub6Fff4sOh7kC7nbA52gh3UhBUswTCtNT9ZrEu?= =?iso-8859-1?q?6QdP8qJEH2wm1XNW+sZFFtaDcp5/WaT0efaTnX6cRZH0Ad1kUerBcRCdr6rJ?= =?iso-8859-1?q?MbWQLFo9CuJlHu6mjL83jyu2XKOZTNvWqa0wxcmW8h5N1m+qOOhPsTc+ASa6?= =?iso-8859-1?q?PT+LPzeEAoCXRMcqq9Keiu/JKYhv1NcYgcmmsg/NtIVc+F7bEPX3zhbIqx0w?= =?iso-8859-1?q?iE42g7wb8lb+x+stdEc+BJ1tV0PBuO8qjhFuHuRjeT40C6NjWtNGhKUZ/qyh?= =?iso-8859-1?q?kMcNhLl1VxB7Dsb8dPLJIkFSyaymLVrYt57C6E9xaMhWugY9Gk/mmEv8k/mY?= =?iso-8859-1?q?zWa3tOKNnZoCcyrRGTv80cp4gHQfI4KFzvE+VE/v3tqLtGJiEj8XLjg6PG+9?= =?iso-8859-1?q?qn1on+5BGIX4uwx+b64jupp8C8eHBZvqBUOcaWP8r7kVlcopmvLQJrS7LXD+?= =?iso-8859-1?q?fB2+2YPbDF6bSsVUq7BOQJYEY6NROl1NitFyYJ3s+9pu2JZxt39Bv4ehZt5B?= =?iso-8859-1?q?Wyw0B5wgoQQaSkaBbEIEJLolgURNdQswciGvWBKCpWwGSHSZAN6z231b7FSA?= =?iso-8859-1?q?QuIsoN6LnM3X5vsdht6wEDivht+hzNiJDFAm1/bAxLI8REpyAvVK/9fR3JSr?= =?iso-8859-1?q?M9fKmbflyTrBPozOW7Z/In2N6pbuASCh7BS0eIJpSMbZA9L4xYlxQch0R/H2?= =?iso-8859-1?q?eFnomoFjD+mSDy91QgcTVPnbJr/9HnxZpeyS6l8BWj2cx/x2cL/Nz8XcJSmi?= =?iso-8859-1?q?0Gw5eV2knvU729WpZEedpikGERnOTrE+F/WesNmTj6S1Cj+rjc2QvS3xJznN?= =?iso-8859-1?q?Gy01NhUjjJkSjC1UnZOK2bfyj3PhSpcVZyTAIFUZspkDZfgYSmB01wAdNLym?= =?iso-8859-1?q?NgMqH5UhccOjJdYUuQEw9G7GZoCEsZqCF5gBocGN4v38AstfOKetI3y77kpT?= =?iso-8859-1?q?RvvFtCMigz5e4m+optGKwU2peGpKvV1f+LUYxZrHtgWTReGKpRK6JTtob5B9?= =?iso-8859-1?q?Aq4FfzzYLrrQpDiFfPyHY9jq3+V9w3FfRpL3FoJGA=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?VTFR4i6muhibFOShnM6jTUA?= =?iso-8859-1?q?+QHOXGmUOYYbnGZ/jZudnDJl6Ffa6T9Vi81NC0aTf94Ot3xesgdZc7imHscT?= =?iso-8859-1?q?fM5VtI/kkLVyl0zmOroLwuXmMLcRAG4lIKttnxMZ7E3EqFEzrgZEWFpwrGrL?= =?iso-8859-1?q?yJv8dZC04jXGvChBSDfj20D+a807TLRsZFSDGP2qtTD1uVTNlxspmszqoxRu?= =?iso-8859-1?q?WPkYTI11WZ8xPIo844riZjR1FnWCIG/o0jD6+6PJhm2hmeke63jE6YUOeoX5?= =?iso-8859-1?q?Ybh/wOcIvUGZrPlBOye0STZuL0Ve5EH78OraRWgpMS48xr/f/FMNimlrNCxk?= =?iso-8859-1?q?P381FeRmNbs19h2lNE/IH6qNL3f1vKs6j5oXyGg2GF0d7iPa4e5VAlwPbHqW?= =?iso-8859-1?q?T5xYRh3vD15WdadnP2zsLnfM+/1fHv829Ev79SUMkGwPqSzooi86kIiCxYYC?= =?iso-8859-1?q?s0ZBzCrDQ53mV2J41m9BWtuTjn4wVjIIqJZljQjA83+B1mtqGmxunqv5R0I8?= =?iso-8859-1?q?Gw6mBILVlJEYuwE7Weu1jIQT4mg1ZoQwcKd9M+ombHnCiDROaomXWA+q6Jkm?= =?iso-8859-1?q?7Q5pXK6WuYFast09pE+MEIJ72twI7atFpCAuTSrhJnhZaA7BCwj+YWEXJVRm?= =?iso-8859-1?q?XbAFEWqFXFDzSkBRTUuKSnUbzMtRn/Z1wew0nmTaSRLiFUBT+C/SXzPz6Cl/?= =?iso-8859-1?q?+l3AnLC4x5YvPwv3qKffIx9P3cLI+yQrcH3+kpHPnmk9+QRdp2UswO31V2qd?= =?iso-8859-1?q?nmVa4oY3Keto2/oVSQP+mVxIk8wLydm5T6L25Em0owdDDJwh2X/LV4in+Eyq?= =?iso-8859-1?q?0YXvczf2yv2Di2cvI1t1vLFO9QI1qoAYYafF5xiBh/ppzc322G5h3y2rV7NU?= =?iso-8859-1?q?3KSBTVuPcmcFyr3n3kYJ9d2IIK6aEDIo/ETa4rGWLuIJRJCSapJ2ILPrwSrw?= =?iso-8859-1?q?KrsmCcpKKER/a8oYF3uDkXbEKbwODcIcWbsA9+xc5hP8sdHWqDjDcHV2eZD6?= =?iso-8859-1?q?5aMq4e4cyBfRXzk9U8ekdXauOJ4rWhly3IrCLCedVJ76YXFoP4PaWXWCrVz/?= =?iso-8859-1?q?8st97aA7rRbxErMxcvg41/PuQAP09F5Tr93rsPVEDDZj87UHJg/zr5Cg9f83?= =?iso-8859-1?q?+2rtsb5Y+5DphqGi6GFyt0SB9SZB0lkacMMpeJcsULSLJX3dFv/cty+plCQ4?= =?iso-8859-1?q?F8KbsjgRmYvM5XDRaZn5XPfckepthrDOJzPny/vTIY1MRVWD9UB2xj88jZPb?= =?iso-8859-1?q?Oh4Wanhg1N3FuKN28m46Lao4xaqABatRldFZQ1yj95v3pPxJ33Cnwjebex6h?= =?iso-8859-1?q?vqa2vjjoH/M3snck4JBCyLJAJ93EUmzAhUKovBlFT91dRE9L4wT/tup2LcS0?= =?iso-8859-1?q?tn526y6WqpS4BdhTVknHEfMhxajM/4lB2e2mlMgAcMIBtSkjk3Fb2/BPXQ+q?= =?iso-8859-1?q?OVfc/izUJSD/ME7l3HbqA6bxwm8W3drTplf5DeoCT2Rkmk21Muwc6TQWUdAu?= =?iso-8859-1?q?QABCTTZgf6IrcNKbg3zMv3BTvNplO2z3wA36WcqU6uh75P23q4W6q1Ye+Q4N?= =?iso-8859-1?q?11Iv2rGHPc3UV7wuO9N/IycSOIRMX/O9okggAomuF+8xCnLU4CAs8m+TDmhR?= =?iso-8859-1?q?m9K/tQcKr9T6E//TW7Wvo6xtlDyGi0NnpIvCkPg=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0ea95a58-1046-4d54-20ce-08dd0b39ac7c X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2024 21:07:29.1312 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: h/Mnn3ykmu5Rlc3cWISliAFH7S+t9DRgycId1yKHpgssN2f9ujHq39G0iBXmrYmCkg7fDlujskuPLf51tHIlPzCrgtmZnPs4VHMKzLmDxV8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR03MB9738 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This series makes possible to use this feature in Xen. I tested this on ARM64 and it is working as intended. Tested both with GCC and Clang. My aim was to enable it on x86 also, but it appears that on x86 GCC stores canary value in TLS, exactly at fs:40, which is hardcoded. As Xen does not setup fs register for itself, any attempt to enable stack protector leads to paging abort. I also tested build-ability for RISCV platform, but didn't tested that it does not break anything, so we will need RISCV maintainer's approval. Volodymyr Babchuk (3): xen: common: add ability to enable stack protector xen: arm: enable stack protector feature xen: riscv: enable stack protector feature Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 ++ xen/Makefile | 6 ++++++ xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ xen/arch/riscv/Kconfig | 1 + xen/arch/riscv/setup.c | 3 +++ xen/common/Kconfig | 13 ++++++++++++ xen/common/Makefile | 1 + xen/common/stack_protector.c | 16 +++++++++++++++ xen/include/xen/stack_protector.h | 30 ++++++++++++++++++++++++++++ 13 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 xen/common/stack_protector.c create mode 100644 xen/include/xen/stack_protector.h