From patchwork Tue Jan 14 04:25:56 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
X-Patchwork-Id: 13938393
Return-Path: <xen-devel-bounces@lists.xenproject.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 297FBE77188
	for <xen-devel@archiver.kernel.org>; Tue, 14 Jan 2025 04:26:26 +0000 (UTC)
Received: from list by lists.xenproject.org with
 outflank-mailman.870901.1281960 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1tXYVG-0007hW-M9; Tue, 14 Jan 2025 04:26:10 +0000
X-Outflank-Mailman: Message body and most headers restored to incoming version
Received: by outflank-mailman (output) from mailman id 870901.1281960;
 Tue, 14 Jan 2025 04:26:10 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1tXYVG-0007hN-Im; Tue, 14 Jan 2025 04:26:10 +0000
Received: by outflank-mailman (input) for mailman id 870901;
 Tue, 14 Jan 2025 04:26:09 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=sZa5=UG=epam.com=Volodymyr_Babchuk@srs-se1.protection.inumbo.net>)
 id 1tXYVE-0007T1-SF
 for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:08 +0000
Received: from EUR03-AM7-obe.outbound.protection.outlook.com
 (mail-am7eur03on20612.outbound.protection.outlook.com
 [2a01:111:f403:260e::612])
 by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id ac958209-d22f-11ef-99a4-01e77a169b0f;
 Tue, 14 Jan 2025 05:26:07 +0100 (CET)
Received: from GV1PR03MB10456.eurprd03.prod.outlook.com
 (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com
 (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan
 2025 04:25:58 +0000
Received: from GV1PR03MB10456.eurprd03.prod.outlook.com
 ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com
 ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025
 04:25:58 +0000
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: ac958209-d22f-11ef-99a4-01e77a169b0f
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=l17/z37zEKElYK7zOeWtDOtfKDD2KmUN35OG5ObTUa8FV46PGEj04e4gwhd+ZPcAcQm1yEfUXY9ue7tiHYpkampDoe5spSOdsFx1arurJspQzhVkYI1wLVHkIaFCO8l3v3+p5K6OmCYZW6mN5E1wBOPJSyKRx0WHPQfPbn3TVnDsd3jLqdlHl7S5xT9f2TXFleG36tWr+aV3i7cQ1tRew3zgyDBjKSQ+f3JOjv5S9lwaAls0GUHNGYH7mQdMjz6I54AFTyHKOBURklq44KDdgOlRQAf20WwLCT6vBGJ5XkWH3kdihi1cVhWpPwEj6B9zv3KoP95qnUSO1p5vS+kzSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=5MtrRJxarp34S2JOLx/JyEv2kwrG4QQxCgAgsBhf7Ic=;
 b=ud15TjL/x8/iOHm4aAt9ALDKbZo4uQqyhml9iGsjChfeEiftf7Fb1NnPvDWjT+ql83ATVvKgT1Hc+dn4SRRgVyaeDAhPh2ECoyIje529Pn4QcC17QqDaC3NuWriQxf6GRAuGkSEfVg2QwuOXSR36XcmsSS5pUsVtr+SGHkAky28/EE+fYbn4lHkMNWGe5DdYOkmFdv2Z+TKwIJYwyH3m6NnTA4BYoU+UjkSS7tGpJidRL7gZsNXNjGDO99cjodPBkYp/kFS+1mC7Uq7C46Vy7POORINkqgLylHtLtrYaZu5l1OI/98cIdtrEOeGm3aOD0Htu7KSMD93eQ0NJGC9JVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com;
 dkim=pass header.d=epam.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=5MtrRJxarp34S2JOLx/JyEv2kwrG4QQxCgAgsBhf7Ic=;
 b=UnMBEl1LEJULDOTFiJerc7iC/1+DxsRUMT+wbVpeQg9Upypk00+UzM/+IRzOSVtNCQ444AdKy1P7PFLLcAUThVCr5Aga5/J03xNvwAuhxnUFdaNrgVwn5T11jPx67z1pswaCHjWKfqplqAHnn4KClHFM7GC+dRcdaGjbBkhzPcnuoDg5bexhIgJN2gwopDOt5+rqSwvCai4XbF8akUZTciciXz5Xqj6IKGkKV2YkIulEed0lMeQiIrhLq+D2Pq+Pxvxedb+P2CO/fd6ZA73Cv3g2UJ884y8O52GSaHKUAJNY43aACjp5WFqoaehe5VTjliK5gSSYci/zuZ1MP+6iuQ==
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
CC: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>,
 Andrew Cooper <andrew.cooper3@citrix.com>,
 Anthony PERARD <anthony.perard@vates.tech>,
 Michal Orzel <michal.orzel@amd.com>, Jan Beulich <jbeulich@suse.com>,
 Julien Grall <julien@xen.org>,
 =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>,
 Stefano Stabellini <sstabellini@kernel.org>
Subject: [PATCH v4 2/4] xen: common: add ability to enable stack protector
Thread-Topic: [PATCH v4 2/4] xen: common: add ability to enable stack
 protector
Thread-Index: AQHbZjxnv4AIVf4qZ0m9Cu/vUIISVg==
Date: Tue, 14 Jan 2025 04:25:56 +0000
Message-ID: <20250114042553.1624831-3-volodymyr_babchuk@epam.com>
References: <20250114042553.1624831-1-volodymyr_babchuk@epam.com>
In-Reply-To: <20250114042553.1624831-1-volodymyr_babchuk@epam.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-mailer: git-send-email 2.47.1
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=epam.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_
x-ms-office365-filtering-correlation-id: 692dc48c-a424-493a-b2c3-08dd34538baf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: =?utf-8?q?iVvZOq0jDXZ1kxUa41Gnco5lXajqyic?=
	=?utf-8?q?/ETKyfzDxxf7Cv1JZjbnSWhJU6+Gp8mKdWqH26wFwjQeDp4Sd/4lXiUB0gTE5Al2V?=
	=?utf-8?q?NjpMZXGgxYImAfC3P8hNaOwD7JnGLQ93XEL1Hb45m8t9GwGRVvLc48DSEg+clJIaD?=
	=?utf-8?q?jxW5+m7CYj32GolZflgfYa3CIIYF733NT33HZvnLBhOzKtbfZi529LHDCPWDTjD58?=
	=?utf-8?q?zQo2wOnALzT/Q9raKmkJG6F/BVIk7y0xOu0YrIVxE7LtglBWMN6V5mBhV8W6p+GOr?=
	=?utf-8?q?crnpKDygne1Q0ZVzdUyN83guCInHxxgbh9SoAniK40UkMOiLfKVOaKRoB6QOiN2OT?=
	=?utf-8?q?KT4nQIRNRxo2bsSZ8x0BV6m97/hIL1VmqpJlCJKomVozSErG4drzaJPq7/jEFvroZ?=
	=?utf-8?q?eSV0TXGOqHCQxpFYQcIQTPs/taO4yW2uvgV7he+/dzkWfi71oDxXoNNfLGnCLPGHb?=
	=?utf-8?q?wwhWydDAhwp4Q7jYYyjKe1pjXKg4j+3wDXuLmVkn3mOrYKBsWASS0ZdR6tyJSr8x2?=
	=?utf-8?q?izdKAVSEwvrE27cslAARI/sTFazMrkvDROhLjxgNvw6VeRasRWNjPg7+PY+vv7GB1?=
	=?utf-8?q?UPegzMw+omQwHwQoqtTTNdq1Cl1uNmH049pd0ezq5vdZ0sTQ4GL8fdPpCqpefzjtc?=
	=?utf-8?q?bQwU79m65jlS+b/sTyWxilt0vrX+Af62qIeO48fxHjNqusO9BSx7JF7y5trAL+odI?=
	=?utf-8?q?U83TJozpF08OhVcvdSHHcAc4bDI1WnoHUTefOzLjXKKVCU2FmvL+DI/XQyo8ZdJgI?=
	=?utf-8?q?twRyauyocR6R18eP9ZTbz+K8O2q3Dfii9YPQMxE9YqeAguuWhzdzBlBnfU9BOymaE?=
	=?utf-8?q?xetPWzUso0c65uXfrWC04Ce0rBJ79dICzzCD6JXrTUGqpj5v6D/izQ4H5I/JW0Xdt?=
	=?utf-8?q?amKVFMrdlY2sYDttzHyjAi4uMhqh92HyLHlVx0CNJUyu+kAG9rb+CME9ZD4qWLAsd?=
	=?utf-8?q?FgKxMSTQIXEV8G4Yo3xQKDe7mbKCt+T8Bv3dRtDNL1b9yjUOHYIDANHN5OLFVbAXP?=
	=?utf-8?q?wylawiFDzpET5EfNqiMtv5dlXsvMuEnShUCTZbknSGqZoqTiSvW60G8ZrA5cP9bD9?=
	=?utf-8?q?kw2vf79Bb1TmSkF5hw9pKqWsCcnzOEAZJZpWvPlHp3sLuXFIC/uWAgk5c3LHahbXu?=
	=?utf-8?q?VPw6SimQZFsSS97uh2otqcjnpWXXNZ0g21DGqhMxsG2UbITGfK7SUYs2P5gqdAdz1?=
	=?utf-8?q?HICgwdcUflVti8w6k5gH3sY2hVLx1jcKv1dPSqlLWjwKgER6jKPsdkw9OShGqeCcp?=
	=?utf-8?q?YCrcqg8PWG0aTB55IJ/dmNRvQOdufzPXH5QrljvaYFvj0j3tyCMgB0HplWBkGRBCG?=
	=?utf-8?q?aQj86/pttdH09nkAsnAMgAPszp5Vh96eyC0rKCRyrE4aXOXKjP+ZnQcpWvf1nz9lK?=
	=?utf-8?q?JuWN2eq69UZ?=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?q?TBnCREB0As4cdurVegknrXeoMBA3?=
	=?utf-8?q?eLGXFr7OETNi+FUA24LXFSDmOKTEUdq6uvJvejM0SlHZ2Ux4jpIfmrkUAGq1lNi5k?=
	=?utf-8?q?sdmSMwrObNI6+i8Aj3V92XwJt/oa/ydwPMh8FxTG7VW3fdBYrZF8WcslLGslBNGCx?=
	=?utf-8?q?RvS3yQ3gyu6HpVJMs2Ciapn+xa5mZfZoPGm4pghdSlDkwBDIdEPaKmxVGzahuiCFR?=
	=?utf-8?q?8zojR/6yDRIS84ontFNp0VXBetuj24O9Dtjc2cHewSfEBiKWu2VNkbCUaHXD7DP4w?=
	=?utf-8?q?leCoNDvdIfzfQkyPBaEiByJBV4SN9r9LRFZu/zCy0DD/Gp3om56mzhMecPzUZUd7v?=
	=?utf-8?q?fhV4JtMAAv/p6Qzr8uBZaTG/o1QnHjFZKNo7AneAfaebn0fBInc3usLeOuV7uYtyE?=
	=?utf-8?q?isBmvHgP3u4XCQQJHNy/zeZZ6mLYGR2zlrSh461lSI1bwUspoiUSNzvekFdJY1exq?=
	=?utf-8?q?11DdmRBdQsEMQDgbbOAiZc50boyJsDx6IQC9r8gY4AjC1/BHMv7AbLcTKxu38cuGv?=
	=?utf-8?q?QeFfgSEpf0/oLP6eGt7tQ1KoWke+OKLT2yVcjR5NBMOwKgVVBVEePH+vPENBtbkdK?=
	=?utf-8?q?KZzGq/TPctZGOr/9Pv8LKF3SNbzPR2kPTb1HQKz0039qhcVgKj222dh/uW5sdnwse?=
	=?utf-8?q?RdT4ghdXeKMCGaQ5MVXzvqXRHcLasEt2zW0jTfUF194HV5jWPgMECmmczXINMVAY9?=
	=?utf-8?q?/OnTnbEWE/JaSpZG/MDtnJl1kpNF+4UJV/skMzKI76XPzAeRjhIlSDYicOESqRxVK?=
	=?utf-8?q?GSk6KVnLHM5nRDBj7hDM30+ML+kjmT/E9mK72C9xGqB+uXhKKch9lEhIRddujjzUG?=
	=?utf-8?q?ciD1hLFW6ec5PUiq/+W5Jd9c8k1wHyKtxZQLHq1MckvrKMT6iJwenMmwRsjEVDh1m?=
	=?utf-8?q?a8hp/M8E00Lrk+KPskHd8fgiXBLhqh2th5KM7cBdqhwc8gAQQtLY/y/4xZAI4Reqt?=
	=?utf-8?q?29AUP1eQDwgXP3xNU+jr/Xy15FES6at9ZCeEckIGY81En9S7X4G2dcdcUBe/VlRAW?=
	=?utf-8?q?1Jo2lNelmzdcybgLm+WgZgVLCC+xTWTZ2SxJrf+MH5UH4tptM07l9l+F1jR4N6k5T?=
	=?utf-8?q?ud6Padeznxqg/8wWTiSyFHPaCFvh1Q6MCZIw9M0RlDf6+KKGt+h9a4URG/7A+rw8n?=
	=?utf-8?q?OpcVyvm19Rq89HfrhJbA46mtaBmetWnpXeiycWPan6YlO7MOlrzVHPvmSajfynZb6?=
	=?utf-8?q?dmAixuDdhOEtoBVFoDvukRCsYIlv0grIc7pM3PKVCK60YLQG2cJK44LB+1TpYml6f?=
	=?utf-8?q?vp5nJ6NlO9qZw1IQ7vswkgG1UnsjzQ5RFQzJbbJCfQCwfrvNj+2cX1knjJBI5OFS7?=
	=?utf-8?q?r9R5Z9lEFqP4wPjsAk2qhrm+FqwXocy000/jNS1K1btivwRpQX5YVkNwnOp3GkLqj?=
	=?utf-8?q?+PxfRQn3rHpaPWe9a7B3MU6xgAXBmsn3hkT4z9O/pNbQduYcVK4jX8NTUS3C4xau2?=
	=?utf-8?q?pPn5yiBedAPA8413TzwS4N6FVr2Nhrla3JYhKZFM5rfrgtFJA5CaThfTt+LHXDYc0?=
	=?utf-8?q?4Wt0w7tpiAhavf/p2T0IzZBXpXWTS9gaDQ=3D=3D?=
Content-ID: <EC61816ED7386E48BCDEA64E087A93CD@eurprd03.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: epam.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 692dc48c-a424-493a-b2c3-08dd34538baf
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:56.3138
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 lOPPHbF1PoRrJIxzKkAceFvrnygGLR1CNJlNvqAXLOd8KCfBIYmjb6lxz3+R/K3GiE7GjPwNAG1E5myl+8p0GmEEiLBF5KAO1QK7t7d81xE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300

Both GCC and Clang support -fstack-protector feature, which add stack
canaries to functions where stack corruption is possible. This patch
makes general preparations to enable this feature on different
supported architectures:

 - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture
   can enable this feature individually
 - Added user-selectable CONFIG_STACK_PROTECTOR option
 - Implemented code that sets up random stack canary and a basic
   handler for stack protector failures

Stack guard value is initialized in two phases:

1. Pre-defined randomly-selected value.

2. Own implementation linear congruent random number generator. It
relies on get_cycles() being available very early. If get_cycles()
returns zero, it would leave pre-defined value from the previous
step.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---

Changes in v4:
 - Removed third phase of initialization (it was using Xen's RNG)
 - remove stack-protector.h because it is not required anymore
 - Reworded comments
 - __stack_chk_fail() now dumps execution state before calling panic()
 - "Compiler option" Kconfig entry renamed to "Other hardening"

Changes in v3:
 - Fixed coding style in stack-protector.h
 - Extended panic() message
 - Included missed random.h
 - Renamed Kconfig option
 - Used Andrew's suggestion for the Kconfig help text
 - Added "asmlinkage" attribute to __stack_chk_fail() to make Eclair
 happy
 - Initial stack guard value is random
 - Added LCG to generate stack guard value at early boot stages
 - Added comment to asm-generic/random.h about dependencies
 - Extended the commit message

Changes in v2:
 - Moved changes to EMBEDDED_EXTRA_CFLAGS into separate patch
 - Renamed stack_protector.c to stack-protector.c
 - Renamed stack_protector.h to stack-protector.h
 - Removed #ifdef CONFIG_X86 in stack-protector.h
 - Updated comment in stack-protector.h
   (also, we can't call boot_stack_chk_guard_setup() from asm code in
   general case, because it calls get_random() and get_random() may
   depend in per_cpu infrastructure, which is initialized later)
 - Fixed coding style
 - Moved CONFIG_STACK_PROTECTOR into newly added "Compiler options"
 submenu
 - Marked __stack_chk_guard as __ro_after_init
---
 xen/Makefile                 |  4 +++
 xen/common/Kconfig           | 15 +++++++++++
 xen/common/Makefile          |  1 +
 xen/common/stack-protector.c | 51 ++++++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)
 create mode 100644 xen/common/stack-protector.c

diff --git a/xen/Makefile b/xen/Makefile
index a0c774ab7d..48bc17c418 100644
--- a/xen/Makefile
+++ b/xen/Makefile
@@ -435,7 +435,11 @@ else
 CFLAGS_UBSAN :=
 endif
 
+ifeq ($(CONFIG_STACK_PROTECTOR),y)
+CFLAGS += -fstack-protector
+else
 CFLAGS += -fno-stack-protector
+endif
 
 ifeq ($(CONFIG_LTO),y)
 CFLAGS += -flto
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 6166327f4d..bd53dae43c 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -83,6 +83,9 @@ config HAS_PMAP
 config HAS_SCHED_GRANULARITY
 	bool
 
+config HAS_STACK_PROTECTOR
+	bool
+
 config HAS_UBSAN
 	bool
 
@@ -216,6 +219,18 @@ config SPECULATIVE_HARDEN_LOCK
 
 endmenu
 
+menu "Other hardening"
+
+config STACK_PROTECTOR
+	bool "Stack protector"
+	depends on HAS_STACK_PROTECTOR
+	help
+	  Enable the Stack Protector compiler hardening option. This inserts a
+	  canary value in the stack frame of functions, and performs an integrity
+	  check on function exit.
+
+endmenu
+
 config DIT_DEFAULT
 	bool "Data Independent Timing default"
 	depends on HAS_DIT
diff --git a/xen/common/Makefile b/xen/common/Makefile
index cba3b32733..8adbf6a3b5 100644
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -46,6 +46,7 @@ obj-y += shutdown.o
 obj-y += softirq.o
 obj-y += smp.o
 obj-y += spinlock.o
+obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o
 obj-y += stop_machine.o
 obj-y += symbols.o
 obj-y += tasklet.o
diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c
new file mode 100644
index 0000000000..8fa9f6147f
--- /dev/null
+++ b/xen/common/stack-protector.c
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#include <xen/init.h>
+#include <xen/lib.h>
+#include <xen/random.h>
+#include <xen/time.h>
+
+/*
+ * Initial value is chosen by a fair dice roll.
+ * It will be updated during boot process.
+ */
+#if BITS_PER_LONG == 32
+unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL;
+#else
+unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL;
+#endif
+
+/*
+ * This function should be called from early asm or from a C function
+ * that escapes stack canary tracking (by calling
+ * reset_stack_and_jump() for example).
+ */
+void __init asmlinkage boot_stack_chk_guard_setup(void)
+{
+    /*
+     * Linear congruent generator (X_n+1 = X_n * a + c).
+     *
+     * Constant is taken from "Tables Of Linear Congruential
+     * Generators Of Different Sizes And Good Lattice Structure" by
+     * Pierre L’Ecuyer.
+     */
+#if BITS_PER_LONG == 32
+    const unsigned long a = 2891336453UL;
+#else
+    const unsigned long a = 2862933555777941757UL;
+#endif
+    const unsigned long c = 1;
+
+    unsigned long cycles = get_cycles();
+
+    /* Use the initial value if we can't generate random one */
+    if ( !cycles )
+            return;
+
+    __stack_chk_guard = cycles * a + c;
+}
+
+void asmlinkage __stack_chk_fail(void)
+{
+    dump_execution_state();
+    panic("Stack Protector integrity violation identified\n");
+}