From patchwork Tue Jan 14 04:25:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13938394 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 800E7C02183 for ; Tue, 14 Jan 2025 04:26:27 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.870903.1281976 (Exim 4.92) (envelope-from ) id 1tXYVI-0007zw-81; Tue, 14 Jan 2025 04:26:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 870903.1281976; Tue, 14 Jan 2025 04:26:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVI-0007z2-41; Tue, 14 Jan 2025 04:26:12 +0000 Received: by outflank-mailman (input) for mailman id 870903; Tue, 14 Jan 2025 04:26:11 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVH-0007T1-O6 for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:11 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20612.outbound.protection.outlook.com [2a01:111:f403:260e::612]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ae50ecf2-d22f-11ef-99a4-01e77a169b0f; Tue, 14 Jan 2025 05:26:10 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 04:25:58 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025 04:25:58 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ae50ecf2-d22f-11ef-99a4-01e77a169b0f ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CNXFYZv/i8RoY9DhK1A9DrY4pdXJC1Iapr7z3cc8RK2kZ2J3kPN50KDRnd3UW5VbxLVqDJF5DxIjxlgqrckFs61qOAbY3PFpCTIqyXZ6Jy0uy3pE7Vbs9VD3kIkjkqfgyDmNEM2AYXXalMQuuKtZaHCTSSePJhv0bSRrHFRKHCA2J3FXKZszxVrPvteXwFmi2dMT2aTESpaVENoHSGueuzM9bpobDWBy9jaegG3sMixrX+SdXq8I5r7gvVZAyFjeJWkVuZFLOA2FvIOUnFR5EQCFDACbE6nVTBKgj21mXi9xtrH9olZrkbTic9aZnVFD3YdjwWgxEDoieEY2uemWsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=F7CrkfKLq5jOHyUUc5QDVCpbIzJ4tC6vRwCVPj0QO1U=; b=LDR0TqthiVKH52S6P3gPieScKBeTAJLuS+swq+eSzT7mJeLrCkxZVK4aXmEbUl7ldnGY3zdfFo6tEZASPtL+DDq+PhDmsJuuypZH9+qBmT+NW7LaYLT6Ub5fUsV0QBaz6CEUy2eFh/QwZnUi2LcRi8UwA0KivmtipxwatO7OdZTShyVw8WKGOu2zuIrxD1eAN8X8aWvAFcov+41+n6Po9Khx0aqA/UZC9kXzAXctfPyfDIg3tKlHKtA2zAkOTUe86Ql9YS+orp+tFJNRcN3vOkDR4ZS6Y/OJ733kn3tj66b0yF8DIRFtIldBkkObqXFEgUgR6+syLrM5NdFXtYL9bA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=F7CrkfKLq5jOHyUUc5QDVCpbIzJ4tC6vRwCVPj0QO1U=; b=Yn9+xYbbUUVHjoYYDr8g4znus83Mz4T5tf/U07jT5qWt4N5fk1665Ium68fQzpIoyNKvOTgxDaP28hPCcS3MDImyDlt4NvBM+ZBV7Z2Swtu8fmUlaaZA/qInRDfNVq+EyEBvc0VzudQpC+2xh7nuoniHwLzyMbxfK7c67MMooNzzqLRGiCqRy3nNOAsQkBJuQ1EZ7+xVjnkmuZ258/jmeoTf5E8zjzPCx5NJMawa1z2zC4qoGQi9tf2vdDmGElwgNyh5pQ278mjvZblMJuqoXmi/7b9/rM7kcqJSqf/NtbPnvpfqIXPrMukyctYt6RCmxZyCTpDVNdYU3IRMALb0ig== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?iso-8859-1?q?Roger_Pau_Monn=E9?= , Stefano Stabellini , Samuel Thibault Subject: [PATCH v4 1/4] common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS Thread-Topic: [PATCH v4 1/4] common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS Thread-Index: AQHbZjxnmljcDXAlQke3Qcb/enjdIw== Date: Tue, 14 Jan 2025 04:25:56 +0000 Message-ID: <20250114042553.1624831-2-volodymyr_babchuk@epam.com> References: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_ x-ms-office365-filtering-correlation-id: dc1d4bfe-8639-42de-07d5-08dd34538b89 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?+beGIrg/eSZhYUmXb9AHSpzeS0?= =?iso-8859-1?q?Sx9usP25oSeUHNwkRBHLBkJs9qCRscvK4+6Ba6NcKan/W4mQjc6GnS/gX17Z?= =?iso-8859-1?q?IuHx/Do6QhAB+rHyaCtUPw6nI1DLQIXuaj10RP0+LngF6IkhmoCw4Nv1f3aJ?= =?iso-8859-1?q?cpZMIpmNUxTO/AfGI70l66vc2Kou8FHgghsAqVj3gfohzR8UvmQueQbxtlaL?= =?iso-8859-1?q?0dMWiEctHCz9DqDCuRkOUd6btU50IfXICBI2lasIDtj8cbHF9G7s00WhcSjV?= =?iso-8859-1?q?sld2IL7nrtFvzULsiefnX2wUvFVZM5nQmSrXZDoFFqOWJO9wT28sBgetWRRR?= =?iso-8859-1?q?JgTO44j8rzHuj+i3iIt+cz8KjDVTCStyOqrU4qPXBTFqlHLp8TIenapkvOJx?= =?iso-8859-1?q?z6d5M9XnGx+ClY6AqmS9jtgUQz6QIrA1eVb1X3Chv1Zbx6R8C4atjsnPt/0/?= =?iso-8859-1?q?TC+hwZpQPj6d8MG9PTZQJM0s0L+zPn5suO6u3Gaw05NOXpqbcYTMj7ci5flm?= =?iso-8859-1?q?gN+k6Cj5ws24HSb5rfCYHcaC1xgqSpBQlhCylm5jKuAvCLIOSAdK5r+GWXFh?= =?iso-8859-1?q?lF86t3gTYPsJVATETeQiTAY8kreFyb91E1gh4GpY63ahWAvCJWYw5tHUMHVq?= =?iso-8859-1?q?ECitSxs+q7bihU4LaPwSKnfPGQqZ/507Dl9zlBRYpPr+Ug57NfEMZ79eTjUp?= =?iso-8859-1?q?m/BSz667pAJMbuQLZVTJS/1mJ5cnEZ79mQgDI6UIxe5lXza0ZrkZJaSuAc5x?= =?iso-8859-1?q?gQ7ZQmpWqAwJ+/2465YKiLNZ6xWmzFiEclvCuPRi16UvMsziDdi0JLZh238W?= =?iso-8859-1?q?zr7JCDXz4YLMulmNCDnSMNYxPPCeOFgq5fQ9HfAOfFpS+CQhagydRMFy8JmD?= =?iso-8859-1?q?ijA2ZnVvUHFw8j6btnb3x+tUALI8xSuVszBpw22zmMRfHMYvL2Kwe08bzWRt?= =?iso-8859-1?q?1T2MNCs3TK+mZzxGiHF1+wE2hkifppWWHgLIwN6vVSUxY8pD/xer6AVrElOA?= =?iso-8859-1?q?9P4oo4vKANGOFLUrSpbeoV35E3vjQh0IgMFxEqMKhYhrH6SeGvF6F1deg8AB?= =?iso-8859-1?q?vBQFbF4P4so/1Zr8Cqe9OctyoU6Qp3VewaQ9dmrLGJC5cKisiXtVtH/Jt9fS?= =?iso-8859-1?q?eGtOaEMAmxtsVkzGqKNSf6pB/8W0HhjdUiztKFlmAVWSSwhNGAVpJPnZudxm?= =?iso-8859-1?q?YCH7G5Iu87uV5d1TXNsgdD+G0rHddhmcj4JQ4xln0uPF2pXExYzCkjWHe3qX?= =?iso-8859-1?q?ylAPcPe3x930S/JRBKcTIGGds02ONw0bKwJS8hTk/qhxDdPs62pYauwalBMM?= =?iso-8859-1?q?Xyn7k5N4zagHJH506Bkd27cGEpkG3l/x7Wd/TeLPgsIcCHxYb3L+kV/VFoKU?= =?iso-8859-1?q?oS9sRMXIYjyYRLZIGHT76WbwSAuKlA33immx/GrHEAtX+8XgW9XG4afYassL?= =?iso-8859-1?q?JC6qGCisNg4zZWNnxMQ0FzVw=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?L5wvyISKyJDkP5EF9Dgmylb?= =?iso-8859-1?q?MPPeCpLh5QSGlutY8iOkAFzxpp9FWMIG/KL7p5f5egBQKlC3rWHoxaOqr4ni?= =?iso-8859-1?q?hPVv8beG+oX5fQ8bcRkAT4Ge/IJVHWWNBMwqqNN+JwFo/yqN+CVCp3hL+VsR?= =?iso-8859-1?q?5JVhZqe0DxkMfSbbXhnmDPQWN/2tiJQnYdhlknWUzQKWpQK/5m962wYBzkRn?= =?iso-8859-1?q?BXZsmhmt0/twcBlbspiI9Cs1/XZg408b/vBS3innEUKr2pyWdGg6H+uyKFst?= =?iso-8859-1?q?rBav2suUV3e+HfK2hQR1H7yuTVantBjNJl0U1WzHvI0qSl1eAr7JYPm8rD7O?= =?iso-8859-1?q?wYAsf5dvDAsMe7L8ZNYJyKTYjpvEvhP4/qItdBZlUhccxejAA2iTLvnUWVoS?= =?iso-8859-1?q?NP8wPvGj3sgsmscLbge+KvDa/b6vEb/S6yXjTHxuxdYjdbd8VvpFbMMQO/bf?= =?iso-8859-1?q?iU3KRJfnhRhlJYe1mxH2TkvMDzm9T7ys6f9bDU3b3LNl8A4v4nuDL+ie09ki?= =?iso-8859-1?q?nsmHmMkRID+yuMR37wzsk5Gt0oI/P/c0R/C+qqli4Wq7JR+751bXDTfuwn9N?= =?iso-8859-1?q?K1x6JezLYuh4joM2Tfmh07Erl9EXWkSW/tkx8hp3w4mAWIj5xptNBlnGPQwv?= =?iso-8859-1?q?hORqjN90pzn7KVPWZ3wWKQWBUlFZm8RMC2ZoMO5VFeSj/wuVEMbBrgPx1l9c?= =?iso-8859-1?q?KxsjM9Ic3AL5VyElYs8UifwmAcONicjjAGZC6qhcKXiogpmi6z2N+AJQ/Pp7?= =?iso-8859-1?q?r25KCPxrbyUBBS60jMKgffYdmDjShq9VgKbwton805mn2ZyjD1ItAWPR/S/x?= =?iso-8859-1?q?F6/fgnpDEPKRXpaN8Sj3psJQixuJGwFN0tmHGddLn2iyIDt1Bn6vOZ19+jPk?= =?iso-8859-1?q?0OgdADr7Bb9rdvV/zcM7fRFBU5PFUDo6TstOO3VK3nRFYxP9bAsqL/NdRLSj?= =?iso-8859-1?q?HLF0sgknzs9YZnz9rBhEPAneaz77SNsQEo/KsZiL6xX931Eoz16hJnUKLHcw?= =?iso-8859-1?q?8l1gOol8qpObSg2iCvFFH+lTIXR2g3SZ7tfm4bNTwv9/5XuP0qKiWDbPAXdJ?= =?iso-8859-1?q?Ut1s+LZusLchtJRJBuPtWiHY/Fz7HaTkdL17H5NjO0RfTmjeAvaAU/2AfzMF?= =?iso-8859-1?q?lD6vimnSlKCNXwHc1FH+EOrcsBhL5e5Ex5Gg9e6nYXsxaqk8HtcjOL+z90XK?= =?iso-8859-1?q?WvmNCa3sJnZkFVI+oPR1y120gLniOdJXLwaRrvUZG/QkuUazSD/I3/VTBrW9?= =?iso-8859-1?q?4sjXVkH1qJAUn6f1+Dz9pBiYzjvoU5AQZ1hp7DxTysb06HCEakc8683Ywyp+?= =?iso-8859-1?q?hdtM+PQL0RInF16Qwaj6fV6ozwjnvhT70RfEWEupr0xkGNjsrRiWmlvHVGLw?= =?iso-8859-1?q?hlQZUodj27VauuOz1Q/JKoWLS4DQ9hmZhHdonJSfUo8+trICxl4JqL8wcTx+?= =?iso-8859-1?q?OsESg9xsnleHRT+Er/tjw3hgLtrunNdF+9nEwSfWeVaN4F5qvB8d8ILVH6st?= =?iso-8859-1?q?qYShRj+jfo+ZhB3t+pl1T+3YH93T5ufPD3nO+tYozFQE2xKW/WM2VwBrlwEn?= =?iso-8859-1?q?u9TL6LJ0jNdW73GHo+H95eJ3/napLoKbmvf3v4VWCC98zBUsL8/q+O3SKi6/?= =?iso-8859-1?q?Kdk2SeCdQtcgQk1jNclFM0Loz6BBkLVmWab25YQ=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dc1d4bfe-8639-42de-07d5-08dd34538b89 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:56.0171 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SGhmTuRTaWRYryxHSbYKorYCgpSz2uR2NhfXEYeZLtfCB0vw9DL5a9JxUu89Qi2/dFm0fA0nFPc85AdX2QK6rldFn5uWrcPU1CDq0ZQguec= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300 This patch is preparation for making stack protector configurable. First step is to remove -fno-stack-protector flag from EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case) can enable/disable this feature by themselves. Signed-off-by: Volodymyr Babchuk Reviewed-by: Jan Beulich --- Changes in v4: - Removed stray hunk - Added x86_32 CFLAG - Added Jan's R-b tag Changes in v3: - Reword commit message - Use CFLAGS += instead of cc-optios-add Changes in v2: - New in v2 --- Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 +- xen/Makefile | 2 ++ xen/arch/x86/boot/Makefile | 1 + 6 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Config.mk b/Config.mk index 1eb6ed04fe..4dd4b50fdf 100644 --- a/Config.mk +++ b/Config.mk @@ -198,7 +198,7 @@ endif APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i)) APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) -EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector +EMBEDDED_EXTRA_CFLAGS := -fno-pie EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles diff --git a/stubdom/Makefile b/stubdom/Makefile index 2a81af28a1..9edcef6e99 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -14,6 +14,8 @@ export debug=y # Moved from config/StdGNU.mk CFLAGS += -O1 -fno-omit-frame-pointer +CFLAGS += -fno-stack-protector + ifeq (,$(findstring clean,$(MAKECMDGOALS))) ifeq ($(wildcard $(MINI_OS)/Config.mk),) $(error Please run 'make mini-os-dir' in top-level directory) diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk index d3482c9ec4..be2692695d 100644 --- a/tools/firmware/Rules.mk +++ b/tools/firmware/Rules.mk @@ -11,6 +11,8 @@ ifneq ($(debug),y) CFLAGS += -DNDEBUG endif +CFLAGS += -fno-stack-protector + $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk index fc95e24589..7875b95d7c 100644 --- a/tools/tests/x86_emulator/testcase.mk +++ b/tools/tests/x86_emulator/testcase.mk @@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) -CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags) +CFLAGS += -fno-builtin -fno-stack-protector -g0 $($(TESTCASE)-cflags) LDFLAGS_DIRECT += $(shell { $(LD) -v --warn-rwx-segments; } >/dev/null 2>&1 && echo --no-warn-rwx-segments) diff --git a/xen/Makefile b/xen/Makefile index 65b460e2b4..a0c774ab7d 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -435,6 +435,8 @@ else CFLAGS_UBSAN := endif +CFLAGS += -fno-stack-protector + ifeq ($(CONFIG_LTO),y) CFLAGS += -flto LDFLAGS-$(CONFIG_CC_IS_CLANG) += -plugin LLVMgold.so diff --git a/xen/arch/x86/boot/Makefile b/xen/arch/x86/boot/Makefile index d457876659..ff0d61d7ac 100644 --- a/xen/arch/x86/boot/Makefile +++ b/xen/arch/x86/boot/Makefile @@ -17,6 +17,7 @@ obj32 := $(addprefix $(obj)/,$(obj32)) CFLAGS_x86_32 := $(subst -m64,-m32 -march=i686,$(XEN_TREEWIDE_CFLAGS)) $(call cc-options-add,CFLAGS_x86_32,CC,$(EMBEDDED_EXTRA_CFLAGS)) CFLAGS_x86_32 += -Werror -fno-builtin -g0 -msoft-float -mregparm=3 +CFLAGS_x86_32 += -fno-stack-protector CFLAGS_x86_32 += -nostdinc -include $(filter %/include/xen/config.h,$(XEN_CFLAGS)) CFLAGS_x86_32 += $(filter -I% -O%,$(XEN_CFLAGS)) -D__XEN__ From patchwork Tue Jan 14 04:25:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13938393 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 297FBE77188 for ; Tue, 14 Jan 2025 04:26:26 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.870901.1281960 (Exim 4.92) (envelope-from ) id 1tXYVG-0007hW-M9; Tue, 14 Jan 2025 04:26:10 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 870901.1281960; Tue, 14 Jan 2025 04:26:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVG-0007hN-Im; Tue, 14 Jan 2025 04:26:10 +0000 Received: by outflank-mailman (input) for mailman id 870901; Tue, 14 Jan 2025 04:26:09 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVE-0007T1-SF for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:08 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20612.outbound.protection.outlook.com [2a01:111:f403:260e::612]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ac958209-d22f-11ef-99a4-01e77a169b0f; Tue, 14 Jan 2025 05:26:07 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 04:25:58 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025 04:25:58 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ac958209-d22f-11ef-99a4-01e77a169b0f ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l17/z37zEKElYK7zOeWtDOtfKDD2KmUN35OG5ObTUa8FV46PGEj04e4gwhd+ZPcAcQm1yEfUXY9ue7tiHYpkampDoe5spSOdsFx1arurJspQzhVkYI1wLVHkIaFCO8l3v3+p5K6OmCYZW6mN5E1wBOPJSyKRx0WHPQfPbn3TVnDsd3jLqdlHl7S5xT9f2TXFleG36tWr+aV3i7cQ1tRew3zgyDBjKSQ+f3JOjv5S9lwaAls0GUHNGYH7mQdMjz6I54AFTyHKOBURklq44KDdgOlRQAf20WwLCT6vBGJ5XkWH3kdihi1cVhWpPwEj6B9zv3KoP95qnUSO1p5vS+kzSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5MtrRJxarp34S2JOLx/JyEv2kwrG4QQxCgAgsBhf7Ic=; b=ud15TjL/x8/iOHm4aAt9ALDKbZo4uQqyhml9iGsjChfeEiftf7Fb1NnPvDWjT+ql83ATVvKgT1Hc+dn4SRRgVyaeDAhPh2ECoyIje529Pn4QcC17QqDaC3NuWriQxf6GRAuGkSEfVg2QwuOXSR36XcmsSS5pUsVtr+SGHkAky28/EE+fYbn4lHkMNWGe5DdYOkmFdv2Z+TKwIJYwyH3m6NnTA4BYoU+UjkSS7tGpJidRL7gZsNXNjGDO99cjodPBkYp/kFS+1mC7Uq7C46Vy7POORINkqgLylHtLtrYaZu5l1OI/98cIdtrEOeGm3aOD0Htu7KSMD93eQ0NJGC9JVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5MtrRJxarp34S2JOLx/JyEv2kwrG4QQxCgAgsBhf7Ic=; b=UnMBEl1LEJULDOTFiJerc7iC/1+DxsRUMT+wbVpeQg9Upypk00+UzM/+IRzOSVtNCQ444AdKy1P7PFLLcAUThVCr5Aga5/J03xNvwAuhxnUFdaNrgVwn5T11jPx67z1pswaCHjWKfqplqAHnn4KClHFM7GC+dRcdaGjbBkhzPcnuoDg5bexhIgJN2gwopDOt5+rqSwvCai4XbF8akUZTciciXz5Xqj6IKGkKV2YkIulEed0lMeQiIrhLq+D2Pq+Pxvxedb+P2CO/fd6ZA73Cv3g2UJ884y8O52GSaHKUAJNY43aACjp5WFqoaehe5VTjliK5gSSYci/zuZ1MP+6iuQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Stefano Stabellini Subject: [PATCH v4 2/4] xen: common: add ability to enable stack protector Thread-Topic: [PATCH v4 2/4] xen: common: add ability to enable stack protector Thread-Index: AQHbZjxnv4AIVf4qZ0m9Cu/vUIISVg== Date: Tue, 14 Jan 2025 04:25:56 +0000 Message-ID: <20250114042553.1624831-3-volodymyr_babchuk@epam.com> References: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_ x-ms-office365-filtering-correlation-id: 692dc48c-a424-493a-b2c3-08dd34538baf x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?iVvZOq0jDXZ1kxUa41Gnco5lXajqyic?= =?utf-8?q?/ETKyfzDxxf7Cv1JZjbnSWhJU6+Gp8mKdWqH26wFwjQeDp4Sd/4lXiUB0gTE5Al2V?= =?utf-8?q?NjpMZXGgxYImAfC3P8hNaOwD7JnGLQ93XEL1Hb45m8t9GwGRVvLc48DSEg+clJIaD?= =?utf-8?q?jxW5+m7CYj32GolZflgfYa3CIIYF733NT33HZvnLBhOzKtbfZi529LHDCPWDTjD58?= =?utf-8?q?zQo2wOnALzT/Q9raKmkJG6F/BVIk7y0xOu0YrIVxE7LtglBWMN6V5mBhV8W6p+GOr?= =?utf-8?q?crnpKDygne1Q0ZVzdUyN83guCInHxxgbh9SoAniK40UkMOiLfKVOaKRoB6QOiN2OT?= =?utf-8?q?KT4nQIRNRxo2bsSZ8x0BV6m97/hIL1VmqpJlCJKomVozSErG4drzaJPq7/jEFvroZ?= =?utf-8?q?eSV0TXGOqHCQxpFYQcIQTPs/taO4yW2uvgV7he+/dzkWfi71oDxXoNNfLGnCLPGHb?= =?utf-8?q?wwhWydDAhwp4Q7jYYyjKe1pjXKg4j+3wDXuLmVkn3mOrYKBsWASS0ZdR6tyJSr8x2?= =?utf-8?q?izdKAVSEwvrE27cslAARI/sTFazMrkvDROhLjxgNvw6VeRasRWNjPg7+PY+vv7GB1?= =?utf-8?q?UPegzMw+omQwHwQoqtTTNdq1Cl1uNmH049pd0ezq5vdZ0sTQ4GL8fdPpCqpefzjtc?= =?utf-8?q?bQwU79m65jlS+b/sTyWxilt0vrX+Af62qIeO48fxHjNqusO9BSx7JF7y5trAL+odI?= =?utf-8?q?U83TJozpF08OhVcvdSHHcAc4bDI1WnoHUTefOzLjXKKVCU2FmvL+DI/XQyo8ZdJgI?= =?utf-8?q?twRyauyocR6R18eP9ZTbz+K8O2q3Dfii9YPQMxE9YqeAguuWhzdzBlBnfU9BOymaE?= =?utf-8?q?xetPWzUso0c65uXfrWC04Ce0rBJ79dICzzCD6JXrTUGqpj5v6D/izQ4H5I/JW0Xdt?= =?utf-8?q?amKVFMrdlY2sYDttzHyjAi4uMhqh92HyLHlVx0CNJUyu+kAG9rb+CME9ZD4qWLAsd?= =?utf-8?q?FgKxMSTQIXEV8G4Yo3xQKDe7mbKCt+T8Bv3dRtDNL1b9yjUOHYIDANHN5OLFVbAXP?= =?utf-8?q?wylawiFDzpET5EfNqiMtv5dlXsvMuEnShUCTZbknSGqZoqTiSvW60G8ZrA5cP9bD9?= =?utf-8?q?kw2vf79Bb1TmSkF5hw9pKqWsCcnzOEAZJZpWvPlHp3sLuXFIC/uWAgk5c3LHahbXu?= =?utf-8?q?VPw6SimQZFsSS97uh2otqcjnpWXXNZ0g21DGqhMxsG2UbITGfK7SUYs2P5gqdAdz1?= =?utf-8?q?HICgwdcUflVti8w6k5gH3sY2hVLx1jcKv1dPSqlLWjwKgER6jKPsdkw9OShGqeCcp?= =?utf-8?q?YCrcqg8PWG0aTB55IJ/dmNRvQOdufzPXH5QrljvaYFvj0j3tyCMgB0HplWBkGRBCG?= =?utf-8?q?aQj86/pttdH09nkAsnAMgAPszp5Vh96eyC0rKCRyrE4aXOXKjP+ZnQcpWvf1nz9lK?= =?utf-8?q?JuWN2eq69UZ?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?TBnCREB0As4cdurVegknrXeoMBA3?= =?utf-8?q?eLGXFr7OETNi+FUA24LXFSDmOKTEUdq6uvJvejM0SlHZ2Ux4jpIfmrkUAGq1lNi5k?= =?utf-8?q?sdmSMwrObNI6+i8Aj3V92XwJt/oa/ydwPMh8FxTG7VW3fdBYrZF8WcslLGslBNGCx?= =?utf-8?q?RvS3yQ3gyu6HpVJMs2Ciapn+xa5mZfZoPGm4pghdSlDkwBDIdEPaKmxVGzahuiCFR?= =?utf-8?q?8zojR/6yDRIS84ontFNp0VXBetuj24O9Dtjc2cHewSfEBiKWu2VNkbCUaHXD7DP4w?= =?utf-8?q?leCoNDvdIfzfQkyPBaEiByJBV4SN9r9LRFZu/zCy0DD/Gp3om56mzhMecPzUZUd7v?= =?utf-8?q?fhV4JtMAAv/p6Qzr8uBZaTG/o1QnHjFZKNo7AneAfaebn0fBInc3usLeOuV7uYtyE?= =?utf-8?q?isBmvHgP3u4XCQQJHNy/zeZZ6mLYGR2zlrSh461lSI1bwUspoiUSNzvekFdJY1exq?= =?utf-8?q?11DdmRBdQsEMQDgbbOAiZc50boyJsDx6IQC9r8gY4AjC1/BHMv7AbLcTKxu38cuGv?= =?utf-8?q?QeFfgSEpf0/oLP6eGt7tQ1KoWke+OKLT2yVcjR5NBMOwKgVVBVEePH+vPENBtbkdK?= =?utf-8?q?KZzGq/TPctZGOr/9Pv8LKF3SNbzPR2kPTb1HQKz0039qhcVgKj222dh/uW5sdnwse?= =?utf-8?q?RdT4ghdXeKMCGaQ5MVXzvqXRHcLasEt2zW0jTfUF194HV5jWPgMECmmczXINMVAY9?= =?utf-8?q?/OnTnbEWE/JaSpZG/MDtnJl1kpNF+4UJV/skMzKI76XPzAeRjhIlSDYicOESqRxVK?= =?utf-8?q?GSk6KVnLHM5nRDBj7hDM30+ML+kjmT/E9mK72C9xGqB+uXhKKch9lEhIRddujjzUG?= =?utf-8?q?ciD1hLFW6ec5PUiq/+W5Jd9c8k1wHyKtxZQLHq1MckvrKMT6iJwenMmwRsjEVDh1m?= =?utf-8?q?a8hp/M8E00Lrk+KPskHd8fgiXBLhqh2th5KM7cBdqhwc8gAQQtLY/y/4xZAI4Reqt?= =?utf-8?q?29AUP1eQDwgXP3xNU+jr/Xy15FES6at9ZCeEckIGY81En9S7X4G2dcdcUBe/VlRAW?= =?utf-8?q?1Jo2lNelmzdcybgLm+WgZgVLCC+xTWTZ2SxJrf+MH5UH4tptM07l9l+F1jR4N6k5T?= =?utf-8?q?ud6Padeznxqg/8wWTiSyFHPaCFvh1Q6MCZIw9M0RlDf6+KKGt+h9a4URG/7A+rw8n?= =?utf-8?q?OpcVyvm19Rq89HfrhJbA46mtaBmetWnpXeiycWPan6YlO7MOlrzVHPvmSajfynZb6?= =?utf-8?q?dmAixuDdhOEtoBVFoDvukRCsYIlv0grIc7pM3PKVCK60YLQG2cJK44LB+1TpYml6f?= =?utf-8?q?vp5nJ6NlO9qZw1IQ7vswkgG1UnsjzQ5RFQzJbbJCfQCwfrvNj+2cX1knjJBI5OFS7?= =?utf-8?q?r9R5Z9lEFqP4wPjsAk2qhrm+FqwXocy000/jNS1K1btivwRpQX5YVkNwnOp3GkLqj?= =?utf-8?q?+PxfRQn3rHpaPWe9a7B3MU6xgAXBmsn3hkT4z9O/pNbQduYcVK4jX8NTUS3C4xau2?= =?utf-8?q?pPn5yiBedAPA8413TzwS4N6FVr2Nhrla3JYhKZFM5rfrgtFJA5CaThfTt+LHXDYc0?= =?utf-8?q?4Wt0w7tpiAhavf/p2T0IzZBXpXWTS9gaDQ=3D=3D?= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 692dc48c-a424-493a-b2c3-08dd34538baf X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:56.3138 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lOPPHbF1PoRrJIxzKkAceFvrnygGLR1CNJlNvqAXLOd8KCfBIYmjb6lxz3+R/K3GiE7GjPwNAG1E5myl+8p0GmEEiLBF5KAO1QK7t7d81xE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Stack guard value is initialized in two phases: 1. Pre-defined randomly-selected value. 2. Own implementation linear congruent random number generator. It relies on get_cycles() being available very early. If get_cycles() returns zero, it would leave pre-defined value from the previous step. Signed-off-by: Volodymyr Babchuk --- Changes in v4: - Removed third phase of initialization (it was using Xen's RNG) - remove stack-protector.h because it is not required anymore - Reworded comments - __stack_chk_fail() now dumps execution state before calling panic() - "Compiler option" Kconfig entry renamed to "Other hardening" Changes in v3: - Fixed coding style in stack-protector.h - Extended panic() message - Included missed random.h - Renamed Kconfig option - Used Andrew's suggestion for the Kconfig help text - Added "asmlinkage" attribute to __stack_chk_fail() to make Eclair happy - Initial stack guard value is random - Added LCG to generate stack guard value at early boot stages - Added comment to asm-generic/random.h about dependencies - Extended the commit message Changes in v2: - Moved changes to EMBEDDED_EXTRA_CFLAGS into separate patch - Renamed stack_protector.c to stack-protector.c - Renamed stack_protector.h to stack-protector.h - Removed #ifdef CONFIG_X86 in stack-protector.h - Updated comment in stack-protector.h (also, we can't call boot_stack_chk_guard_setup() from asm code in general case, because it calls get_random() and get_random() may depend in per_cpu infrastructure, which is initialized later) - Fixed coding style - Moved CONFIG_STACK_PROTECTOR into newly added "Compiler options" submenu - Marked __stack_chk_guard as __ro_after_init --- xen/Makefile | 4 +++ xen/common/Kconfig | 15 +++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 51 ++++++++++++++++++++++++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 xen/common/stack-protector.c diff --git a/xen/Makefile b/xen/Makefile index a0c774ab7d..48bc17c418 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -435,7 +435,11 @@ else CFLAGS_UBSAN := endif +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS += -fstack-protector +else CFLAGS += -fno-stack-protector +endif ifeq ($(CONFIG_LTO),y) CFLAGS += -flto diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 6166327f4d..bd53dae43c 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -83,6 +83,9 @@ config HAS_PMAP config HAS_SCHED_GRANULARITY bool +config HAS_STACK_PROTECTOR + bool + config HAS_UBSAN bool @@ -216,6 +219,18 @@ config SPECULATIVE_HARDEN_LOCK endmenu +menu "Other hardening" + +config STACK_PROTECTOR + bool "Stack protector" + depends on HAS_STACK_PROTECTOR + help + Enable the Stack Protector compiler hardening option. This inserts a + canary value in the stack frame of functions, and performs an integrity + check on function exit. + +endmenu + config DIT_DEFAULT bool "Data Independent Timing default" depends on HAS_DIT diff --git a/xen/common/Makefile b/xen/common/Makefile index cba3b32733..8adbf6a3b5 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -46,6 +46,7 @@ obj-y += shutdown.o obj-y += softirq.o obj-y += smp.o obj-y += spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o obj-y += stop_machine.o obj-y += symbols.o obj-y += tasklet.o diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c new file mode 100644 index 0000000000..8fa9f6147f --- /dev/null +++ b/xen/common/stack-protector.c @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#include +#include +#include +#include + +/* + * Initial value is chosen by a fair dice roll. + * It will be updated during boot process. + */ +#if BITS_PER_LONG == 32 +unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL; +#else +unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL; +#endif + +/* + * This function should be called from early asm or from a C function + * that escapes stack canary tracking (by calling + * reset_stack_and_jump() for example). + */ +void __init asmlinkage boot_stack_chk_guard_setup(void) +{ + /* + * Linear congruent generator (X_n+1 = X_n * a + c). + * + * Constant is taken from "Tables Of Linear Congruential + * Generators Of Different Sizes And Good Lattice Structure" by + * Pierre L’Ecuyer. + */ +#if BITS_PER_LONG == 32 + const unsigned long a = 2891336453UL; +#else + const unsigned long a = 2862933555777941757UL; +#endif + const unsigned long c = 1; + + unsigned long cycles = get_cycles(); + + /* Use the initial value if we can't generate random one */ + if ( !cycles ) + return; + + __stack_chk_guard = cycles * a + c; +} + +void asmlinkage __stack_chk_fail(void) +{ + dump_execution_state(); + panic("Stack Protector integrity violation identified\n"); +} From patchwork Tue Jan 14 04:25:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13938397 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9F798C02185 for ; Tue, 14 Jan 2025 04:26:27 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.870900.1281950 (Exim 4.92) (envelope-from ) id 1tXYVF-0007TP-BE; Tue, 14 Jan 2025 04:26:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 870900.1281950; Tue, 14 Jan 2025 04:26:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVF-0007TI-82; Tue, 14 Jan 2025 04:26:09 +0000 Received: by outflank-mailman (input) for mailman id 870900; Tue, 14 Jan 2025 04:26:07 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVD-0007T1-Qg for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:07 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20612.outbound.protection.outlook.com [2a01:111:f403:260e::612]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a8db482b-d22f-11ef-99a4-01e77a169b0f; Tue, 14 Jan 2025 05:26:01 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 04:25:58 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025 04:25:58 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a8db482b-d22f-11ef-99a4-01e77a169b0f ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=twLS1QJUg53q+bKBQGsnqe7IItYwsHmxgiwkTBLCrvglecOqxHDRxvzJTDtcCUTKzfsE6jYvCb24eCHWlXj0a7e87QSZR2S36Zzf24XoBUuoCkmAeEj5pvA3BEejXxIHnXkwKMnfkrNSBwrZhX7lSfg+xm+hm8vATCnPHQdn+pKitA+9tu1HvmJEcWWTaaWAnzDHi+6jqWD71iPgonj95Ov42ib2dnxIf/bnqMiHBuqoW5AkofuNEJBtvGyaIVlN9mDbUhW8A8F9wbSoVCV5GiHrgW7wFY6my6FW1r26jBHKFY2UrvjfJ+LTWG9TcFn1Sqfht3ktu3Xou00y//kx8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oOdNcIAOSgUxY9nIPcgrwfCpmXDyekAM1FEvRJo6MHM=; b=OZ5qxIAQY3sIPXf1sT0VPQhwQc84C5GyHdSMB7GX159pdJ08RAgkZC1U5n9tulYujHOO3QXVC6jnS8xsCT2RGIIALsk+Qj5eET3snS8XpfEI3Vyp4zN1qt/HlzJguuKmeyyDhuXNhfB44v/iJAgg5Y84bgdpawKDYLBOqsSZypqUZCTJXNW4dvjKDNzUBstrqsaS9bHNNPZSOUFjCNVhdrxfL9F6kj+UfR4wSE4uw8U5stVlhhtMZexOdggcFg1cKjeiLrSWnFuux26/bjHLhxriMgkD2axk0VT2CH+OnqTgPk5OevflMyO3oJIRSMY0OuZadT42j5zlQ/TL7Jvr5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oOdNcIAOSgUxY9nIPcgrwfCpmXDyekAM1FEvRJo6MHM=; b=DLsg94Ut0KSS77Z7PLwsfNKYBbo5rEkAGFDsjOPLU6OSkN7aAwdLAMHibx1mmWqVeKFTF39MLcKg/If9QHXA0mQW1mmh/oaCqlXHXxcToHF/o9CKSmWVkWYZWlovFqx9Xrzh6SenT0Fwh6nL/qkBfwzNgdjAbp34EEXoL1+tTnJEZ8sG/pWE2PuHKNTKyxFiloS41IjgprQYIxEui6H5wohQD7+DJ+CF97sLNrOPIFgfzJovZSlNZ6+sdClZv5WIoTSZ73y+cqYVXq+denwQLc5+ExaqzsLr7/HqV37+RxmsR65K3I/7dzxLg1lLi+TsWSVe2LLS/GHt6zQ271jOSg== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk Subject: [PATCH v4 3/4] xen: arm: enable stack protector feature Thread-Topic: [PATCH v4 3/4] xen: arm: enable stack protector feature Thread-Index: AQHbZjxnrBLNCau4fk6dLN+QtVmLtA== Date: Tue, 14 Jan 2025 04:25:56 +0000 Message-ID: <20250114042553.1624831-4-volodymyr_babchuk@epam.com> References: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_ x-ms-office365-filtering-correlation-id: 94f90734-a613-48c2-47cc-08dd34538bd1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?ZD6Dg1neyJjs7BOLntiqSUddy+?= =?iso-8859-1?q?Viycyi58r0PQ/kvvxa9WLUCyN4kLZseiP7WpSQfRoLZbq2k7QhtFo4F3ND5V?= =?iso-8859-1?q?7D41BjdhX9mPZoYf7ssNto0vGYsS5qVDDkHTu5hmuACIS3x9UIjlQNiQNGP2?= =?iso-8859-1?q?TTIuFbODnJvZKU1mDZzJlzRjHCI3+hUW/RF4l+2QItbU2DIkrCyBjSPOD5SH?= =?iso-8859-1?q?47DDuTr/kDyBw38eAwz3w+AYR0QCGBEDFqIZH+E8Uy8XsGJ1E4NGUczKKURl?= =?iso-8859-1?q?KPO98eaNlpTviXvJZIwM9gBOd+nMwQuoUVHVNvXxs+wkh5kGsOi53kC+fBIy?= =?iso-8859-1?q?4tEIlAWGMukQ8mgBQOONCb3YGYe3qfSrYh1GmvIPhIxPAmINdaYgsWtSafoX?= =?iso-8859-1?q?dGOW9Xyhnb6QBrYVen+Q6o5kMYHjWvmkeaFZcIFyIoE3wcj6lXbh8jHdRrc7?= =?iso-8859-1?q?41ucZ/apayyP2t5T1xjtVC+UuIXgOqoS6Mb9yr/jxrWvXj2xAoDJm1QnDIoI?= =?iso-8859-1?q?Y9pCwB4ZJb6mMQKWvzhGl4AB7BICQ4P+CQXx33dj35Gl/1J4hDtL0nqkV6F/?= =?iso-8859-1?q?tsnhgDVfw1eSNc0a5+ccnqEf46tZdqhlGULUa3GMgDNyoiklv+uBgZuZFd7Q?= =?iso-8859-1?q?KwR0gLxUt5LNLsuurMyWA9cjFsQKNPt86i1DLDWuCQuiMX+tPxc9UMGJFIUZ?= =?iso-8859-1?q?e2nqca9r1Cg927Z0cWBNQQjjLpRgvGDDAZM4AEme2+V3CE9XINeOdSRyj7Nj?= =?iso-8859-1?q?denK7dDLm9DmBzpbJT78CU1pORSR1HSdf6pJ5wUFRCtzsPcITC+OhTabJKg5?= =?iso-8859-1?q?PG60r/oW+9TywXwliTwMZ1s7YCsuNjJbeRVlF/AcpkjZuRCCH9GC4er+2/Kn?= =?iso-8859-1?q?NhlPjDTd32fjYFIKBvjTh7wE80/wrR4KAidAomVERQKf/18HbBQsuqwM5Qwy?= =?iso-8859-1?q?DJ4kU4VgtbeidXmSUdPbCZd6ppqLWU1nX2IJmYZSlg77iXV11RO8yXIrB3RK?= =?iso-8859-1?q?N2b1a3ogLcqQfYV0JqT4rQfwan45G16Wk5vd1hdjr5ILhjmlzbiD8QpP1Mr/?= =?iso-8859-1?q?x8A+6bUi9phUyDNU3Gv+LUhVpM6+esIB0PxAwx+hu7aP81BmmmVTymi2YCeQ?= =?iso-8859-1?q?feJIndQbjGjV+OtNNOBP86r/wV6rIAjDJ5Mh0uFfCxcMorAWgXkHnRmnoC/0?= =?iso-8859-1?q?FBhmQQSTkIktcrwrdTOBBr2Y5CNDTXPQldcpvGCIRRlSqoDFkirQb9wZcKP7?= =?iso-8859-1?q?VXtBpoJAZKby4QJTXMe5kHYdoVI09T68bozTkFul34MYqNWpgTrgf7ydOOlg?= =?iso-8859-1?q?K8npaVRQC2qaHLxmWNxAcWTgAmYTiys+0JMFi9FUnmmVd6XiAnUKqBrKalLI?= =?iso-8859-1?q?LZL2V5b++ruciA4TKrf6Dxf/z9S21c5JEyL5ObMuSe1/4RESpkhFSMq5fqS8?= =?iso-8859-1?q?ZN1Zu+hgL+OEihXG/yPvb5t3KIZfRG9aPLR11voK/+r+mEXYksY0VTWBGfGq?= =?iso-8859-1?q?XgfnB/?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?ibo6LQp/izy3ntUh8tLNS53?= =?iso-8859-1?q?5CENi5aR1fdc/avEr4jxaxYH8o5yI3ux2Z/VO8IzaS6drbmhLYu8C9qsfPa/?= =?iso-8859-1?q?9AfTw8NA6W6NFbnNwfLRjqq8poA7jXjajx27b5UbG3AXaTjSHcybnIaG162H?= =?iso-8859-1?q?93/6TLMKB3q1kPNFLkj96TguqY1o6/RbGUczuGmYqBfc9Evry1qbeBqz2fMf?= =?iso-8859-1?q?wlk14tsoZHzatdhkalpsrcyiXzyQduveXPE5lwNOUNgp8BfsujTifbNina1q?= =?iso-8859-1?q?XJqpSWXlQ8097n4mTw5hCulPog8AB7NbxNbAj3BQUKfQs5ALzn/zmR6VHLsy?= =?iso-8859-1?q?JQ//xzTkSUkM3MY0YXkSj6900ILp0owsd7F3yHcH/xqYPvNf/4Ap8gXRdaYq?= =?iso-8859-1?q?MzC9zRMVLu15K686C/FzAcPjRsn9QIt7lV6JKw2tXFiWIU8AaTm5lzEfJ9AR?= =?iso-8859-1?q?q0LHCX1yHqo83gtZpqkhthyMmrxsUEL86QrhK27losWsF3AiEfPXAQ8uCW4a?= =?iso-8859-1?q?ABgDp3e0nBuknn6FxsvbGIh5PoQkPK93z0mdmFa/+M3uI3/alISKT68vuZ2s?= =?iso-8859-1?q?AcwxQ+A7pH0tAyIKvem+yfKIEadvxnTd7Up5IyOmYTOBZPv228zi94tn34ZJ?= =?iso-8859-1?q?9n5sWysuV5rsnx/Ql95SEEI6MQMst81NbFpwN4khrVii2cHLd8FlQqs3kJ7o?= =?iso-8859-1?q?QQefB/ZJBFMDpa1e99VIfYJ12yZol5mTVDL4Ex4xE+hAPkcuUlCFsRYtj5Ja?= =?iso-8859-1?q?vYl4D1N2k7F60qO6pc1RfrBZnTWpPl+KLJfr3FYXz6YZteYEEx1lKMJpmSnk?= =?iso-8859-1?q?LKaQAdwA+ugMyO5J1j3Z+N4PwZ7DDAbumS747Xmkolivs+HwGGY9GL7UHlQL?= =?iso-8859-1?q?66SjG5SUs3lnNh5IxCf7iv6JY6XwUwtACYmB6Tkg6JeNArxzAYRecb6qvsOC?= =?iso-8859-1?q?4cd98flW935k977e3k8gisYLeTgYhBhaJoMxi16nPukiIDju1lEvw5QdqZEb?= =?iso-8859-1?q?UYckelGKO8LczWllS60/AYHCMdzNuIziTwoMLa5fE8jZ+N4gt3Y/l6e3HD9T?= =?iso-8859-1?q?CWm0Wx0/zpr1qteLLDI+u5XxK8APr+YFvxvMiUGUw6hRMitZhpppTFym07P7?= =?iso-8859-1?q?YPoaP7Dbfu9HFmUYLQdGuDucSnG73V7bpqKu6ezKxmheuxB/MGXwRNooYyzx?= =?iso-8859-1?q?NrPFvAUrghkXpx1xH+xRwhDFkikEgkC7k50wHv9U9TiSpRw+rjf5TBCDFf1U?= =?iso-8859-1?q?gvmszPrIKODCJYecTuITygTt2KmNcVZ3h1CsrkqhAejxiXNjPHQYcCKeQlqR?= =?iso-8859-1?q?yaoTEjqgxNJCVOlYBHUtPGrbHE1tjrXoOX2OfUkUsHWzN4i7jb2OE3OZe664?= =?iso-8859-1?q?CBsQB1bVYnJ1Fp3ohRD3P/Dy4ojWG/3rq+N5/QonFY8DBVx9/73kOGvV83yj?= =?iso-8859-1?q?rShZWgu4U1vk2lV8aGsdEUYCxSWWxbZxMxP+AGrAF1nbiMDoA2VnyidisPgU?= =?iso-8859-1?q?FegG7WWVKTrTPXz/cIDBBbvep95J9dpTAegpub+nCG2/lnYPu3ZuSmMMveWa?= =?iso-8859-1?q?Ez0fNHY3JHFQdzdGzMok7He91b8Ir8tXlKUQxV1y9th6DlljqgLwDtRY6o7r?= =?iso-8859-1?q?Ed/LBHcLOoLwghh/PwBTISxXGArtpR1vA9eblIA=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 94f90734-a613-48c2-47cc-08dd34538bd1 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:56.6028 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +lGlImmpjcC2n94+sI9odtBaapSSisdurf1i8RQHmswF74d0JzvhoV5qYBqZ6vYdnTBP4Oc3/c0vzVzQOIh+ER3Sj7foiXWBqOf6AS2c6J8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300 Enable previously added CONFIG_STACK_PROTECTOR feature for ARM platform. We initialize stack protector very early, in head.S using boot_stack_chk_guard_setup. This ensures that all C code from the very beginning can use stack protector. Signed-off-by: Volodymyr Babchuk --- In v4: - setup.c does not call boot_stack_chk_guard_setup() anymore, because the original implementation was removed and boot_stack_chk_guard_setup_early was renamed to boot_stack_chk_guard_setup In v3: - Call boot_stack_chk_guard_setup_early from head.S to ensure that stack is protected from early boot stages - Call boot_stack_chk_guard_setup() later, when time subsystem is sufficiently initialized to provide values for the random number generator. In v2: - Reordered Kconfig entry --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/arm64/head.S | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index a26d3e1182..8f1a3c7d74 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -16,6 +16,7 @@ config ARM select GENERIC_UART_INIT select HAS_ALTERNATIVE if HAS_VMAP select HAS_DEVICE_TREE + select HAS_STACK_PROTECTOR select HAS_UBSAN config ARCH_DEFCONFIG diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 72c7b24498..5cbd62af86 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -250,6 +250,9 @@ real_start_efi: #endif PRINT("- Boot CPU booting -\r\n") +#ifdef CONFIG_STACK_PROTECTOR + bl boot_stack_chk_guard_setup +#endif bl check_cpu_mode bl cpu_init From patchwork Tue Jan 14 04:25:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13938395 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DA9DAC02186 for ; Tue, 14 Jan 2025 04:26:28 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.870904.1281989 (Exim 4.92) (envelope-from ) id 1tXYVK-0008Qz-H5; Tue, 14 Jan 2025 04:26:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 870904.1281989; Tue, 14 Jan 2025 04:26:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVK-0008Qm-Dv; Tue, 14 Jan 2025 04:26:14 +0000 Received: by outflank-mailman (input) for mailman id 870904; Tue, 14 Jan 2025 04:26:13 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tXYVJ-0007T1-4L for xen-devel@lists.xenproject.org; Tue, 14 Jan 2025 04:26:13 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on20612.outbound.protection.outlook.com [2a01:111:f403:260e::612]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id af320c79-d22f-11ef-99a4-01e77a169b0f; Tue, 14 Jan 2025 05:26:11 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by DB8PR03MB6300.eurprd03.prod.outlook.com (2603:10a6:10:13f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.12; Tue, 14 Jan 2025 04:25:59 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%3]) with mapi id 15.20.8335.015; Tue, 14 Jan 2025 04:25:59 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: af320c79-d22f-11ef-99a4-01e77a169b0f ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TSnouGHV/umH4ucsoS7EOUXQE1nqjAB5+yWyt29EwXkyequkZJokk+ZmYXb4DZM37mH5eXQyGk0RvvOmz/N8R3Svxh4ftL7n9WoR+qDlvrHhNoOZZwT+DmjW1cA6WP2DXGBsfPB0Dz31T0p4530AxZqCEvl1X6liAMamSVsVO9tjOcaAFFOd6CRb2wFLiRwwxSAAEAJ65kyOWq9+3KdLBRYw0pTG8WmOifal58VGM+D7WjvwQdXxrgLIXCvV/ZM1GTuf7+nONq3iwLTMZwF8cz7YeRPub+MzRNWQ1SvnWk1BHDbn290/xykPAEepekNlDDrXdToqwao6HpcSz4Ydmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ojki7nJQGFp6MabSULR9hew/zeC1tbVTuB9R0uaCM9w=; b=T+ThCKSx37kfsG8zyPOAwJAQwl3RodYQaC834flyQHEgZclGgUTQ0lBnatKDlaewMjZLxYfhJBzZAtB/KYsiapHhjmuNMWFeyW8efr5CtotyckDWXLo/m41dReGcT3wPcZUtd0TPBDU8xoUJoz2TaY0o/TohaqtTTaQmCtNryOBlJ6SQ7SLlv55G+3KsGMpxyhIsPqj3hgrrD/l0vHDUCD3aKZDqhnxmtHbj3Z0H304Kgdgyvw3IquxKC0QKuYGs8zh2Ye3ZvcZrqGsMiRiFGT9MhgWNbWzr3mU4WXvob+YGateBGJ2YDM4GRTtWHEy+px18khLsxOAR+YaB4lqKQA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ojki7nJQGFp6MabSULR9hew/zeC1tbVTuB9R0uaCM9w=; b=o8ZV4NOSIRdWVlmo2KcY1WMFsf142wl+VabodXmTDwrdxoSP4+VRybtln+mZb3QrmqKqSz/jbd03wdUEynz9l4GPdWpT0er9WoeNV443AtpTcmdP3k9K+g77Uzmgtt1JMdG4xlhjIBBxv8hTiDTKg6tOdQsNQkylAtj0lrI1W+G0s9PjN46WpN0xnswfPBe/+KOWtEWusrUjKsavyRu2yQC6nr7Lp4xrL98Tp5JXmGiPti+74e7T0ypwbzPsdfuR/fF9QorMf4L8QW0sQjuUwX/KJA4spHnXqQ+1ZaYjDIly5HaksxMomlTxHnfLT4E6NXeKvcVxmbDEztwKdGLfqQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Oleksii Kurochko , Community Manager Subject: [PATCH v4 4/4] CHANGELOG.md: Mention stack-protector feature Thread-Topic: [PATCH v4 4/4] CHANGELOG.md: Mention stack-protector feature Thread-Index: AQHbZjxoP9pre94pwUyb17Ngp5RsMQ== Date: Tue, 14 Jan 2025 04:25:56 +0000 Message-ID: <20250114042553.1624831-5-volodymyr_babchuk@epam.com> References: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250114042553.1624831-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|DB8PR03MB6300:EE_ x-ms-office365-filtering-correlation-id: b592ae4f-a3b4-4cd1-dbf1-08dd34538bf7 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?W5baY+ao0+c7SVyksNryF+SPy4?= =?iso-8859-1?q?f8HV+NtjpgXuA2tWsdSxnXdqtiBwR5jxRnqZICm2Am5VMMv/WJbEhA/BCUBY?= =?iso-8859-1?q?Oqd758ga1Dz13uAAQU4Ab9sHNb1pw3KbHgqyMVPrPWbj91WxLeCxHMpnOrVR?= =?iso-8859-1?q?CEZoB5sTYXuVSGCbp1O1+QZmgXemtX/bpw/LjS1kcQaWhjDmYyKwlQaWcQgZ?= =?iso-8859-1?q?1lCJB/aF7sqytnip3zWjBxGamVIEdw7xa3MNOUFBM1SjMxGeSPcTFxZQisl7?= =?iso-8859-1?q?gR4szxk6UCBMzicYYWo4MF/9+X1viIt/rUOVk0FPzVa9cFynCE3+HPGSTeyx?= =?iso-8859-1?q?za9PVQTCbynJjpSM1J9mJ3YToKsw/WsQsITSMncXLL/x1cXoVy6oMt1I5NVg?= =?iso-8859-1?q?bQZjO+QZJ9rmdSOztWgwV+G1dyPUz5jivkHr4veacHwSwt990nM+B7FOBoTN?= =?iso-8859-1?q?Vvz+VIjg0Zf+2Trf/YGNxNVL2i2uIJBaALSOslBlgC31H/SOxWuEArUqMxBm?= =?iso-8859-1?q?lIZoocIMeKGUDY4kRo6HKNFZAh4EvT+D8ul6BxOJ5wguoSSZ5Wm+lqJdIVSh?= =?iso-8859-1?q?FJHal5wJwYh/2yGkyXtUm9qnb6JPXvTnAw0DMKVSoVs4rkSnOrlyDWQbmnWr?= =?iso-8859-1?q?dwntZmlbMSmVuMyAilFrw9/UrhZ1EitVmFaxd0aGZt5AP3Hhe4TzUEjvEH8S?= =?iso-8859-1?q?185zz/iWvnQWk/ZDnzOCjMtuNOh5dV+Z3gZ3ZLve/HBVoP9vP2oVMXg180BL?= =?iso-8859-1?q?75ZIUPYi8iNJdbxtUC49RGyrn7zXUjo8CR1P12Gp4bmPjFKgOjgdB6aZ70m+?= =?iso-8859-1?q?SaTG3SYoptpiDlWyzRe2uIqyc2wSzX/77wqAl/Fkt/DFmKAaFIcnev5m5fX8?= =?iso-8859-1?q?b2WzC7Pt/KjBW4PKuxSuz2gf2w1URtxk67pbTpMLDuTtQsttxvvo7dbaN2DK?= =?iso-8859-1?q?bSksOy9VfyGZ7Ve0zLGRmwcjbAsb5tqq/CtzvxmYR0c9TzPXEatmy3KuYYad?= =?iso-8859-1?q?eUweAYlwyH2O71NHjddZ4Jjs/Gh+PEz3i3fpAFqWexr9eMaOWoKcoEdPi/gE?= =?iso-8859-1?q?fituEewWQWCDeakPLgaMV34O6/Haxjp5m95O55DZn7WXcF8yHFKvWvu3DLN2?= =?iso-8859-1?q?I4Bn9wQQrCdjPvFG/bCaEvWybQCG5sAx9r/x7Ex6vDhacA2oIgIVBuqnFFn0?= =?iso-8859-1?q?X4yQRTaZ0a7A91JQMO6oJ3pkryhdBQV2Y/tmTmEcrcm0T8YOUq9Rqt4t2FYw?= =?iso-8859-1?q?I3CSwnutGdyEuegoCRtGDfUGx2krCyoAYfsj65D7inWVPKLL80aAx4HJpSMY?= =?iso-8859-1?q?0fFZMkaW9RDI7K6n6YFagBA+pgQ0l3EruZ39v4Bf+u+c/bCO8mYKnAjYuIZq?= =?iso-8859-1?q?bthCCZsDk1wXCPX032sI/+4zcd7+UHbBGBrzsTdbxmoqiWdmSr3NIupcjMQF?= =?iso-8859-1?q?Pn?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?mpI9arIxDVbscoZdZRiUNb7?= =?iso-8859-1?q?/xR2jb5cqZidTtdXJoH+B0ZanHKiQLVI39aLnN5mJXFq/60gO2L8O64Fzn/I?= =?iso-8859-1?q?0tINifn9W0Wi3ckurp6Tul2Em86/5JtnA4HkZBFid4p/Ra1krzJfWBQKDh+w?= =?iso-8859-1?q?+p67FXVGLehq25KvherZBGgxUCwl7zlJjPCOZRi8XjdpPtbScKVhqh+NR2N8?= =?iso-8859-1?q?7lmo5uDKzdwCDJ5dC5Qtq268yJCFBXpzcK1iggP/NRbuuavhhbKV1l0whCey?= =?iso-8859-1?q?WiPh6ATMolh2uATTIYIjXlt2pUf/SpdiSmQYqc/6udA++TdR69+i9Pjex5HH?= =?iso-8859-1?q?PWHNk+XfbOwWTphzzbhS4VPubzs3jvP2VSZBHa9xvigRJU7zTImOIWyHdQiU?= =?iso-8859-1?q?7dvztNayBhhkqNkEfp5guizk0YeFqRojdkxQ6TTnhb4oIJAYhXFjTWBE4O9U?= =?iso-8859-1?q?jfYrCg37WEyWCJ1VQKsAURk6QhbmAlvrKGWoChhaHSZdUsZJTT348sP2Vgos?= =?iso-8859-1?q?on9xU/hNkmAV1rHuYwoK0HtEO1Bpj2DJSkO1FqVrI+4cYhcK8YVa+BiUgzdC?= =?iso-8859-1?q?6HvD/riN2XRsstnkBY3suEIpRHtOXhhDmeAhGlT+ufCVVII6CYde7o43su+V?= =?iso-8859-1?q?XJ3dpVzzPDHGGdSOjoDi5cNTN3us9gtX49jaVjZGFGINlwl1Z2eo2U8zbIkl?= =?iso-8859-1?q?mHvGOT74LAmkDLLAlD9XRSXIlE8wukHcaLe309eK17g2awBOWTiFRe4BqiH0?= =?iso-8859-1?q?mq2ALlsm3XmwZ/IhQo2sY250q3Fw9YjZ776/WyBlk+yqaItf6sFz4nqjJ1oY?= =?iso-8859-1?q?wSJ4v2A7h3pJRs0A52Tla7hVaBIZpwTIup/DSI5Q+DlAqDxKGHKUQjuUHBMm?= =?iso-8859-1?q?uJlDBzMfNypPjU00WOHldTDLics4FCmfmuKOV8x0ogC5zh90Q2400kJjZzpe?= =?iso-8859-1?q?+Ezp1+AS+iPwf9bYXoF3lzOqS8duYOyNEdD/pMtSQ1t2I71SWuWznCATkRWs?= =?iso-8859-1?q?bqDxYbTHMfYnFBiEgt8SLfPlcpmjMQSh3zaE+T8MJPLRymOvWG6iDZdN+nm1?= =?iso-8859-1?q?B252fAzmnjehHajYfmfR61z355HzAqlNc1r8GI96hHLZ75ngosvj9dDAGhDg?= =?iso-8859-1?q?nNLtrliFCjvsSYemN6L1scVCz4vZIOzmN2sB5M7DbB/Ye0LebMayV07ouQB1?= =?iso-8859-1?q?+Ayy/U+ZmZoQ4uFPOoqNCKQyN6gVveof1qAK1DkjZZAOklomHiibLFQr8iVS?= =?iso-8859-1?q?yKW9ewUWkLRFGeZ3cny/MiwubQyvTY4ghO58Sxints4TKOSxjAJs9CvLHZX4?= =?iso-8859-1?q?H2hdQ1B4CZdEWSjQP4/IzOLeS/CAnLhSSzGnOv5miD+SSn2XwlG1eYW0O3R9?= =?iso-8859-1?q?mByHmmGHybfBOD4xKUJY4mZXRKrxskGSOpOd4WLfUfrW+f1lTly6iX80xipW?= =?iso-8859-1?q?fIk/VxpRZ56nnv1QryMyL0NiJZWRIZFDwyzJamaMBCxFzB7vERaCzyWokQIy?= =?iso-8859-1?q?1deJ46fdR6zMBV2KfuB2vibAa9qclIXeIoPZF3oxfg3Wzp9MDTx8Lx0E1msQ?= =?iso-8859-1?q?MSbZiDEiXTCv8+JgQYC/wKBvr8VtFt9Q4C5plIO1roqeKShlov15ZUPC2GIK?= =?iso-8859-1?q?MTK2BA5Rpv2xtf5p84WAugaqD+otYh/tEHPl3iA=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b592ae4f-a3b4-4cd1-dbf1-08dd34538bf7 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jan 2025 04:25:56.9105 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TEKMDAKVKMjmMFf1NHIGcv8ncuv8qCFJMhXIm3f8MOkXw7863yGYfXrTUsviuYpqkUZGjl6IJLBJBYna8mdhsGlf4zKAkQhn/AnjbV6XwVM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR03MB6300 Stack protector is meant to be enabled on all architectures, but currently it is tested (and enabled) only on ARM, so mention it in ARM section. Signed-off-by: Volodymyr Babchuk --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8507e6556a..62e6c26aaf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Basic handling for SCMI requests over SMC using Shared Memory, by allowing forwarding the calls to EL3 FW if coming from hwdom. - Support for LLC (Last Level Cache) coloring. + - Ability to enable stack protector - On x86: - xl suspend/resume subcommands.