From patchwork Tue Jan 14 04:25:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13938396 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CC387C02184 for ; Tue, 14 Jan 2025 04:26:27 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.870902.1281970 (Exim 4.92) (envelope-from ) id 1tXYVH-0007vp-T0; Tue, 14 Jan 2025 04:26:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 870902.1281970; Tue, 14 Jan 2025 04:26:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVH-0007vf-PC; Tue, 14 Jan 2025 04:26:11 +0000 Received: by outflank-mailman (input) for mailman id 870902; Tue, 14 Jan 2025 04:26:10 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVG-0007T1-8n for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:10 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20612.outbound.protection.outlook.com [2a01:111:f403:260e::612]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ad7bc3b5-d22f-11ef-99a4-01e77a169b0f; Tue, 14 Jan 2025 05:26:08 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 04:25:55 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025 04:25:55 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ad7bc3b5-d22f-11ef-99a4-01e77a169b0f ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fCP3yA6RQOZYd19qQA5DtwPrQ4XZP/OI+bYfOMOJlJaIP6XqeGqeFxRmz/vte+zDF4BsWI+QHZ6mBU0nbjUlbvopZlEXnEosnCrO0ugLUaiZV+B00X2R1PPu4iEI0O0DPCZOLgOAoiHANBeV6t4aWcKgGsT1z5a6Mf2+NZ6/aCruajnbT/utTUxsCw5w5Q9JX9PpU1shrA4jQcAoPAxFbtnyGxnR6732aYgBmtweMtaAFJ9bIxL7g/K4F3YI710RcQPI4TwhRq/PhBefffDuvOOfW1XqZQ1u+8POsUVtwRhf7NqGWoyHftzrWivqFDEPVYbqb2uocBwUYl5Ltzi6gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a0nv7W8vVhr0JkTF84nve4JbMYGweEVnfzqPpaJwAmg=; b=xbuowyeRzTedra9cx1Sa7+YNMp3Kx9DZLXzZla7KK+dX8hMlNDBeecQ6qgHAfbDASw9dWwnWCfxZLnL7uu0aktbk3lbNtqrNPXG0mBkW69pz85yGutvtQ8vm2GAgb/wkBPZQJ88lKnhl5U2LuMbqf+qPkk+BwiFi8+r81Z2fvNjXfewjZtull3fYGReuc2Eit4JVH/BEqv/QcTm+sz/TZy3oja0IModRhGJ0by5/B/gZqogTpGIISDYMEcFJf0J3OqOe+3xCmG9hwbeBtumGeXegXr8K7p0n+OWzwcC/2B/F0/RB5R/rrXbWhSv3Ue0jgWomMDqiHpr5OsnF1v9Z3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a0nv7W8vVhr0JkTF84nve4JbMYGweEVnfzqPpaJwAmg=; b=QXw5SkjuIeISF0CFCghjMlzH+R/m2yjTv2yG322fr11BEsFM8mfsiQYotH7gXeQeEKfuOZcPaQE0zH+Zrv1BndbGLbt0IyIadRVC20n+2DbXx6KtnwXmUNQK0KLrC5V9fQ4b3Nfc2d9VFUgxKkgB+6pExBU8V+C32MyqIlxZzkWFHf4oHlxo9lSHSd/4QgYmyKwwtkc1XRxo4ZYWK0viO39VK6yGYWL+R1dETmeerQ49V18eB3uir0V5tdb7G8J4p4+gRyfTgo6Y/u7WEZURYH25fHL406uocWVCzOFPLQYGpPeZfuHWKs5DT3b2tioDd1XezoCq473I9/52ALblnw== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?iso-8859-1?q?Roger_Pau_Monn=E9?= , Stefano Stabellini , Samuel Thibault , Bertrand Marquis , Volodymyr Babchuk , Oleksii Kurochko , Community Manager Subject: [PATCH v4 0/4] Add/enable stack protector Thread-Topic: [PATCH v4 0/4] Add/enable stack protector Thread-Index: AQHbZjxnT1sWh5IhbkWxtBQPTP3DXA== Date: Tue, 14 Jan 2025 04:25:55 +0000 Message-ID: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_ x-ms-office365-filtering-correlation-id: 84d0eeb4-ce40-449e-2aef-08dd345389ee x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?QALWUg29LEbZ6hJgfrDdWYYN6r?= =?iso-8859-1?q?mnpA4uKmmTqxuAcm+XBZ6/aAGGk17To1UWaXvXi3cEDoA48UGNqGejzPZkqa?= =?iso-8859-1?q?eS9/8WFzUSurLzmK+FxWXzGQNl4EiDRJRnjwYt7WcY5eAEkfKoTT/OgCqLbq?= =?iso-8859-1?q?0S14O6M4H5mgsWbjXsVMPtshY6hhBtDzNb57Wa9YlsK8gKVOC5ThGgPRzw3H?= =?iso-8859-1?q?99ln3g+00IT3WZl7og9tKg8nDSxOrWGyIq2z+x+3EApCL3OC7q9+y1GP3oLp?= =?iso-8859-1?q?Sn6iQSavux9aw9LLNGVYovHJv6sMKvXepp2AKbehIMaYgNCaBUtrYrd3plJ2?= =?iso-8859-1?q?br9UpZOeH8SWRSvdYOiRM6ph6WUItZhFHK5HrvKZSKb8iT6Z1znWsZcMmKDr?= =?iso-8859-1?q?ag89I80LCWabDnoLfYN/2PrecPPdvrqxxUXrP8dd4PxN7nwX2lKo98MsemWq?= =?iso-8859-1?q?tv3/aGyl5djU1p7t0ZdP63770l/vF8JykxN/JIDK+vZcktK4wB4ES3vZjWXO?= =?iso-8859-1?q?R96TuaUSe0Xh0HzGNJlRS0xqq0r0YgKBJSBz37tzI5pyAnDOu+F6fNJ6+qfr?= =?iso-8859-1?q?cnkjDpgXMzGytr4oki1oeKTvSa3DxsteA7hRZv6zSyJKIZf8pcTnoZO0GWSr?= =?iso-8859-1?q?/wVPEbisEd7wNFOhx+7CU2ZsPXE+b4jE1PRb+rFIdkLCcUmg+oxtmmqv9jYW?= =?iso-8859-1?q?hxparro2xJrDYhyLvy/yU7nvFNWafbVY3HeXW+C+uBlJAc1dA+b9q35/etTH?= =?iso-8859-1?q?pk/B56qXiozNWESLGIPWpMxP34NL/BN57lg/67364j5jSy4A3oVhCsW/hSXY?= =?iso-8859-1?q?cyyrbIg5pMWT1rOp8PU00+GkDtKUvCRCqJC5ujWTK4tl56AahjfUrC28wQ9G?= =?iso-8859-1?q?XT5deIQurj27LA3HEDrdnj2QYOwm45UgzHnTjvGo2JJgS6Z6hGdUtld2WXAo?= =?iso-8859-1?q?wyG8xWhbucwCj7Cat6oSMSfA7TlKfaMeXubL2fgqHgD+FldCLaATmDzPQT+0?= =?iso-8859-1?q?IvFxACh+SE1Y5y47wRmkCzCJsWeQwIewqFy9G//zqrGt+7khSlGhH0vamdl0?= =?iso-8859-1?q?ub0xXcPWxkWxsGb1a9KyaTS/eeMGo4nEOJk4B/ybWJiskefi1mrSLG+hkaPO?= =?iso-8859-1?q?KmjvbAUDTgUW6sFsvzu3xdw6iTUa1ZtgiEOa5K1ysrXxSGnOFRwWeZbG5lKM?= =?iso-8859-1?q?FM2/RkNotUpIjYURITKEqIMroeuQAKXWdEOf/+en04WgGwyX0NY5SOooUog6?= =?iso-8859-1?q?PvDxAUEfgI2aYogfUyszyUbhoKefMb0QaevEKLMA0A8kb2UtVJ9MOHH+XQWl?= =?iso-8859-1?q?jJPGvW7Nru/x2oR0z4Crjia9cXvK1ICmOhEepxxZtm3U+AW+UObrTrMlXCQj?= =?iso-8859-1?q?VTO3Y7JlGVaTacGmXJ9fBOsgpXJiNssVC1VpkJC7C3LDrXuC82EBEdVWLzOK?= =?iso-8859-1?q?qh1ihIiqQOUrmH5S6dReHHyukGoegl3msEe9zd9uPseNFoJ34u2knbwWmAUn?= =?iso-8859-1?q?g2bSj/?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?E+OUDI0NEbRb70cRV1yvgEL?= =?iso-8859-1?q?S0JEo6fULvxVL1Umn5+NyxNB0fjlGhL5zIfZw9NM5TZiUh1jv6SOHrLptHk+?= =?iso-8859-1?q?Rix8UTHE3mYOR+MPO6ijBV9Tdyl5wvTA+FelVbCU0xBGgdG3c0fdHDhWA9vO?= =?iso-8859-1?q?9Q2Vgdf4whkMtwXaGfIzJCn69EPS0JPWh+MSOyGJGPTsMnD7tXx+q2wBORE1?= =?iso-8859-1?q?xxTGrbev16HjdxJn8sZHFuaON7asu5XELpkt97QfxlpstHAvm1dkLB0chBek?= =?iso-8859-1?q?6inZqrLoCRFIL5zoyZJ8JPyBj3AtbImKsUsMnx1vKFxTVLZ4fXTbiH6Lrnh9?= =?iso-8859-1?q?X05IRxq4PK4pCgWkRM4DWiqf09Abwum2Vru3hFJnntDNmOjKZGGsugsHnePR?= =?iso-8859-1?q?50+j5dIaDF1e87FNPLY9UGPWF3SYKOXj6IgNCXxyXQbDKycE3oonUTWt/Q70?= =?iso-8859-1?q?XjMLFa4Z1arxUKJvFTxx5U5rwwLMEa/XkXeUolX7ff5KZ8e0mOR6yfWs5Anm?= =?iso-8859-1?q?mq189OgIPeOXZCeTPofMOHyETksZ8deka02IrcBMuSsAl93Dw2KdF5KoMUhj?= =?iso-8859-1?q?DmHBio2N+iI8TpbcC6aIM3CM03P+FJnB5/RtsGKvYLfp3eHHJJtAJQehgRBe?= =?iso-8859-1?q?ajbSnNkjQ8X5l/mOdyh9bl0JBFaPLxq6B7l+dy1hcScMOBWl66JLyZyInjJM?= =?iso-8859-1?q?mpGiT9GjTJGiBQJD295cjf3R8aKMHb1Q/5gzvMzflrqTxTyYaXnOP6ZEjZ43?= =?iso-8859-1?q?xZv/Q4c16p5AizRAZSIN7fKgqnf1rgXu5vF8JYsllXx9eWs9/Tb0N4f36bt1?= =?iso-8859-1?q?lGvhPpO4HqlRxHVZkeSgg95J9cbqJPuK0/0Fpv2iCiIvEwHuwuvFufiIaRqL?= =?iso-8859-1?q?PltougahzW2Y25gnNlnqTsEiLDzyUTDKnQL6rk8eJFCZsCDOmaHhpKSUUX/y?= =?iso-8859-1?q?BkfGTnOLnmcAe5zie99DbyHIpqgsS4F7LthfvLzJfaTfd9rDm7AopmymtnzU?= =?iso-8859-1?q?DL6+R0/lGOzP79Su5uaWsvTdTK+is9pxowC7QCEInWNmqsHbd6U49CALJ7lP?= =?iso-8859-1?q?JNlJZHae5zIjJUPUDZAbyAlbY98p4409EVvkZBjIKbCs7N3CDd/skRugbEAX?= =?iso-8859-1?q?j87l0r0cIdNqjdK6jdPbMTdez4ImHz96lEQDWK2env6vObk9lPnIP3VUX689?= =?iso-8859-1?q?V8sEIBHXm94flvyPXFREKWyfuZPUWcoZTwT5tB1e+fHRc6YbNjDP4XIr3ffg?= =?iso-8859-1?q?Qad/QIWbT05CJ+At/zGV5w34KeBKDjg8/HQjORoT67YRa9+osvNwpfhv2gfe?= =?iso-8859-1?q?EieLJmWfEqNvw9OJfGbcMKutoZcSK7OWw9x3eql7oMZU3c/w6hDgnPHC9Or5?= =?iso-8859-1?q?2QBHiZOEZG4D0Bez1yd3AlOneekjvSMjXXKjIexbF6rigS6tHo0sVGO8gAOn?= =?iso-8859-1?q?jckP8JprDjcbey+xauveLRZhBlVaEKqWc53+XSjSEo56f54BcEyv7mir9hdO?= =?iso-8859-1?q?rnBTN9UC872/YKUJOMJHNATyYcuSqx49SxEMCslKunE3sJmcd5HJKlobaYix?= =?iso-8859-1?q?4yYUvAjfaWIdHMzcCkp3sg5CiGU4IMpZahx1fMm/GdMT/fTY2eoDxYqlNCab?= =?iso-8859-1?q?kIZk7HUNn+CD/JRSkzFjIox2+4KuGf/v6H74BLQ=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 84d0eeb4-ce40-449e-2aef-08dd345389ee X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:55.6860 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ConcDrQK26gT9YPfN+8afmSBi83WAdbur3CuhXD4Hu7wSWRJwmOKI9mF3SQeBfiOzn+XmsmrukDTYLwHPudBplOzHnPJscoIKjrFE4Hzrqw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This series makes possible to use this feature in Xen. I tested this on ARM64 and it is working as intended. Tested both with GCC and Clang. It is hard to enable this feature on x86, as GCC stores stack canary in %fs:40 by default, but Xen can't use %fs for various reasons. It is possibly to change stack canary location new newer GCC versions, but attempt to do this uncovered a whole host problems with GNU ld. So, this series focus mostly on ARM. Changes in v4: - Added patch to CHANGELOG.md - Removed stack-protector.h because we dropped support for Xen's built-in RNG code and rely only on own implementation - Changes in individual patches are covered in their respect commit messages Changes in v3: - Removed patch for riscv - Changes in individual patches are covered in their respect commit messages Changes in v2: - Patch "xen: common: add ability to enable stack protector" was divided into two patches. - Rebase onto Andrew's patch that removes -fno-stack-protector-all - Tested on RISC-V thanks to Oleksii Kurochko - Changes in individual patches covered in their respect commit messages Volodymyr Babchuk (4): common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS xen: common: add ability to enable stack protector xen: arm: enable stack protector feature CHANGELOG.md: Mention stack-protector feature CHANGELOG.md | 1 + Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 +- xen/Makefile | 6 ++++ xen/arch/arm/Kconfig | 1 + xen/arch/arm/arm64/head.S | 3 ++ xen/arch/x86/boot/Makefile | 1 + xen/common/Kconfig | 15 ++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 51 ++++++++++++++++++++++++++++ 12 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 xen/common/stack-protector.c Reviewed-by: Andrew Cooper