From patchwork Mon Apr 7 22:40:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 14041935 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1CCDDC36010 for ; Mon, 7 Apr 2025 22:41:03 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.941215.1340757 (Exim 4.92) (envelope-from ) id 1u1v8v-0007Hn-Ix; Mon, 07 Apr 2025 22:40:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 941215.1340757; Mon, 07 Apr 2025 22:40:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8v-0007Hg-FR; Mon, 07 Apr 2025 22:40:37 +0000 Received: by outflank-mailman (input) for mailman id 941215; Mon, 07 Apr 2025 22:40:35 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8t-0006OT-Bx for xen-devel@lists.xenproject.org; Mon, 07 Apr 2025 22:40:35 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on20605.outbound.protection.outlook.com [2a01:111:f403:2607::605]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 510ec3c4-1401-11f0-9ffb-bf95429c2676; Tue, 08 Apr 2025 00:40:33 +0200 (CEST) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PA1PR03MB10914.eurprd03.prod.outlook.com (2603:10a6:102:48a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.31; Mon, 7 Apr 2025 22:40:29 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%5]) with mapi id 15.20.8606.033; Mon, 7 Apr 2025 22:40:29 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 510ec3c4-1401-11f0-9ffb-bf95429c2676 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BJlQ2XSY6LOMj4nv54oj83O+xC/dsQxZH/XLl0zhnbfSKxzOIxtYBRBgavGd0XeykLjxKVvf2y+MrKYkjNq51i1/dKri2ZAFtUxliDcO1u9NXfuIYuIDM9oaNlftC8e5CzeMH0i//5DI7PgtjH58zeZ9XQKUU/9T5zk/0XcKkawgMR8q/2ou0vD9smWF0vHw5j87c/14C29QPwsIcChvWPyHz5coQa5G15OcZj+RTPXh9VuzEtBcy6p4hE8wvldpuucFoit+imqIBnKcnMdOjyXBlIeCvNPV83GVl9WsyYI1btToG7pL4wcKq5iLoMAv8ua6EHPpoo/AD9GaoDE7fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dpwTyKZDitgAE5NHFJnIxBl6LWPz6r0Idd0Cm8s4Sp4=; b=X1+ha5PKvzWU4wTPr6IjATduJ/Eo3/D3lMZwil5wVZeumhEOMQNaEQFob2DYZ94TEOREboVd++myal2gkrDY9PSEtO87AZyO6UiYuPr8thCXGJQUxLxISErjOTEX7nxTZUD75dlJYaWBbJ69nJzmAmRmm9UxNh9S6wa8kx9pi/l4SUP8MJWVk+GB59mgDmZKaFTo75a5IRkfoQa1vKZsB/HHF51lEd63qeH60/uxkZCb+91SlQr9e+qGK0Fd2sM4Mw0KMjvq4MQHc5JHsyFR0e/VIXOmb5/9WI5CRTbkJ3+Opg4h6Qu55p4qZplk2wt7N4bLFZs3Lr0SktZ4eoRSGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dpwTyKZDitgAE5NHFJnIxBl6LWPz6r0Idd0Cm8s4Sp4=; b=PL0+e+SE8mxQhWr4lwMrHmS/VfWIYqnc1u/wxFeCKM2RLylqg26bI3CrObvYfc6+if4+8Ph4R1hRlVg5UJ1BkStxLGkkZ5GAVrnyV/R3PdcC9QJgMmCvKKLZWU8sHyvRYL9RvfUHj/AhH5bRyh3J/eByyyyVNX3Zdn7Qy6ns8GAMgXB5smazxiGx8PfSwPy5tj+IIk7vhbWPIQ2+/mFyiJB7r21YhwssfbD+mazKieLFznAh/acBfYTkQwwLLzW07mCIffWx/Ze7HSV7BPTvbHBx6IQ+ieHfwL7mQAdbOxlCuo71A0eIcULY91Bhq7N6oK6gDt35fbkGRh+sEF0oVw== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Anthony PERARD , Michal Orzel , Jan Beulich , Julien Grall , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Stefano Stabellini , Nicola Vetrini Subject: [PATCH v8 1/3] xen: common: add ability to enable stack protector Thread-Topic: [PATCH v8 1/3] xen: common: add ability to enable stack protector Thread-Index: AQHbqA4Pj76hGRdg9ESZqA2thQqQLA== Date: Mon, 7 Apr 2025 22:40:27 +0000 Message-ID: <20250407224009.2577560-2-volodymyr_babchuk@epam.com> References: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.48.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PA1PR03MB10914:EE_ x-ms-office365-filtering-correlation-id: 79e97baf-960f-4ae9-7d9c-08dd762532c2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?q?0PKgTNKlxtQ3wutBVpJ+ULxJWyQMP/K?= =?utf-8?q?+LUdWq96D8gqnV2OunWdoz+wA49IgxPnvmpIcjFzcd37HN014xJpOE1nTHMY6JReZ?= =?utf-8?q?+xz+fXiQgdGcMTt1+V/zDrTEPROc4Sz6NdbNOwfVxhC3LMvQMsgZVvCrA1v01VedK?= =?utf-8?q?ZN1ijwbB/2uu0DTNt1E71aPnTaYn12MQcOA+wA5pwQbyoIsEd3bXRIJD+WKBREUZi?= =?utf-8?q?5oQzixd/okrF6LDYmLQAchQIKKSEdd3meWVonuyZHOY6e3KRfMXbOZRjy0USOGOlK?= =?utf-8?q?r751DcnSCSaj0kbbBei4rBx2uk3s1PB23Sjlc4+K8JI/bjdXmh4QDvCkz0HSd8fof?= =?utf-8?q?okUexspE6gDkMpprR5vUoPdtIOScaMF8X2VYfQ6oHU2RZbSaWyTMOAvxrqTuGJ1vZ?= =?utf-8?q?qDpihfLkyviYtRHRnqiwtPMZ4fvPLMOX06Oo7xmUwv0IVWBeVGHMHyBiQDD+Jx+14?= =?utf-8?q?3auOETV9xxPYpDkyrK36EKwp0jbuT1DHdpBOdTkM4RlWBY7PkrS4k9DwxCIwuFN15?= =?utf-8?q?RzEMLqwrKDwb27T7kUGJPT8k2ZSnT2zmkKNh98SnPo7yEUpSmYrrrFQ8TddjEVOVx?= =?utf-8?q?r6lpupji5Ik+Gz17kM93W1SGSsSdep1EEgYprG/gB7C0iEYCFKDjsE89aCY6XD3pD?= =?utf-8?q?ZP9NN3+1mDrfjPu5QVJ8dpyNa5OgMdMq09K/uYpxOVfBHmQdRT69n4DFsY1hcqc+2?= =?utf-8?q?k2O4TlA4iO7W5JH/8u03/6YntgqHDEedfWgBmAbQyRn8QUmwfoWrCg9PcNoxw75jX?= =?utf-8?q?mwPQ0y338lujY7lJ3usJf4FaoKrQt9jYKekKcfVBqYBdZcCKwjwWhL8H+Yf3ZdeOe?= =?utf-8?q?cljOobj6HpwACcMCw+3BQTf8CA0D/kJTzX3fSEx+aUuJdYlR9Fl3F7+ETDGws1OAz?= =?utf-8?q?/+RG5F/fwlhyok73GLafuKuwTv7SEFck8S38mGC8eERbz75U+HclCREH+Bnol/GPP?= =?utf-8?q?r9VT0T9RtqzhlN8rJrLK6LsEtW1+IRuiljjortlJ4nUuRdEYKgMfoTZuyczzTanPo?= =?utf-8?q?OtTNhqrsIH8SRdsNwRXsutKiSeAX3d476domFt+u7ulHAKfEYXGbRgwSZi3cGOw2V?= =?utf-8?q?GrhoSJO0WOzdXT9a8umYXJcG34PUL1v5XLRp8SH9eTgioHXHeEBfWGFbtS/NqffLE?= =?utf-8?q?YQr2TiL52iRUNSoEYuiCt1V26hDuNj/3Ar5g++6m6c8qxlZPvFvukA3QFhg4bwDDN?= =?utf-8?q?NyDMXsB9fwDEWNdh462UYLOAS1nieqAKXfAJL9ehL0n6wyb42kjoP8MUeBdDgiDHo?= =?utf-8?q?Bw7UkXThWDq3utbfK64ba85X0G3c362Y4jfJr91TrETmMTYPGu1uaOT87IT6vOiJY?= =?utf-8?q?pOuk77aMHi1dWtdgQwYiRhMcPjxx2CGtVdk9nF7nYEtJD4rdCsSmgJe5ebizrZ/AU?= =?utf-8?q?u5bhPYOOutC?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?6qY28H3SwYcqNHcSTyakjMpFbQKb?= =?utf-8?q?6llZR9P8KKLB10XdInpJ0jbUJ4/3cK8gjCZZ4Bq3eJTkIeNjtZYIYrodgsXItHku/?= =?utf-8?q?B5IJq2svZxtUNwT21X0jUQ4PJ7NSQXPswnxbGRrjHHjUlJiNWGnEGM4u2rpxIEeZs?= =?utf-8?q?SF6sBrNvTsgBJyfLJIwflzGwBgMmB5gDGyg4e/WEnxkuOOl1iycVZcfTTPbnpcoWC?= =?utf-8?q?GIF3CXfiorOtPcriHB9J8ZwaCZQNi5dlASgtdi7ZyVkpvoNA2PBFaLhzk98C4XizS?= =?utf-8?q?fYwqKCMWzbgt6L/BdjPSZF+wvPYbPe5V3VPVFY4utLxwmaD9x7XgaPX5i7paadzuo?= =?utf-8?q?Dag/l18k+42f7HInpnXOo3l2cFy/l26tRy/dyuXcF5eNM8dx2HZvo95NJjiPjSFKl?= =?utf-8?q?7bHB688gfO9D5JUynjV69QC1j7dO6boMphSY+NeKltlVlKH2JMHeO8YphqCA4hMaO?= =?utf-8?q?p5uGaxo6y5/0vSWzv78WvDU4S2DpunvBISxWH7VJupXJbSL6dzg4AEXjNhGBWt+Df?= =?utf-8?q?phnBIBHXYpB8omNAIKHPNEXcBdTm5ggs5GM7Jct9liU6vn9UxZnpQA1qDReMnXAmo?= =?utf-8?q?+M1G+1h7b69Ow3h2QIvZKFATTtruZXf7m0Tpii+WGCZTtATI1EgDZAPUlAa5XHifH?= =?utf-8?q?mb4QPlyAP9xz6rGqZDCJKI5w78lM3yupPyjiYTHhV/XN/9eDp6ZdVgJ+GWIxRFBjy?= =?utf-8?q?j/kG/5eEQ4LMj2Br73iLqWgDBNyjLUaQaaUKg7qnI7vJDVop2R1sfEmAyYP6LwT0O?= =?utf-8?q?q61RCn5dq+3JUZatsoxnpVVsiSIR4vcvrEFp/Ztb+fPmjEa/VGRjxAVKAP3SvOCk0?= =?utf-8?q?JX8Y5bHL0JF5A390ppIM2jK9algMv26HxhiRyz7oEx6rtWfSnvA0C/WHo0p7LkVYF?= =?utf-8?q?+mDHNRPyQ2zUnfdiejf8qjH5+Uuq4rvlgiwYTviHReMHq9YLabUQZldrs6CVuSEUM?= =?utf-8?q?rLnRxeGIj8ILCgIPXWRThQdglWLJoXSl0FjQBnU6iTYiKNYanLDuefs+HiHJCbHDZ?= =?utf-8?q?JoZhrUeCvsS4OOUOjKgW6CadahgL1J9KntLwm+06vmTGWr/o1SPo1R4bi85vhOyYl?= =?utf-8?q?V2TSjhRbY+tODYXe/V4pu74GvFivb2Xcm3H+NTEdZzOKH2mRg6xIPHcVSaTm/niV9?= =?utf-8?q?PLawqvvXttzIGbtKjny/Dplk7Jasbq7LT3FcirdUOtRrXfgWOzyT0EzRd4s/8bmpF?= =?utf-8?q?KjTc6Z0Hfjm57lDv9tZuOtSRD0Qh0PEFGKd/Mv2i5by8rY8BOPr3Z2uzzBhi6QAIB?= =?utf-8?q?wpCqC4mZGERIlTVYKrE+3jOfVxQDodIfxqo1s/z+Y1Th3ICVI6bbyW4rLaChycYbY?= =?utf-8?q?dc3P6Ut7pngkJUTvm5/ck9l94wk0nbKkZDhWeSiaGmdt7Zz/4ncvIzIfPjWLCZSey?= =?utf-8?q?lscLLYO4usk9MH37zOkdZuPAWdR/6v+L+z9Ob8KrJA2TLg8TCEN1vsNLo4uKo9a4z?= =?utf-8?q?ktymf0bVBsDmo/9mAI/0J93oCV7WZhJAhXBhONzgogCcLE++D9hIw5Hhb7vHPUYI8?= =?utf-8?q?MwvXDsc2/SHXqLReypin5Taza4Vjm6afMw=3D=3D?= Content-ID: <26DE99963D618A438C85DFD6BB7A52BE@eurprd03.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79e97baf-960f-4ae9-7d9c-08dd762532c2 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2025 22:40:27.6385 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: seKqDiBnHUHP8abQrzaHSLXDSdjQRFZhgyuoOpDji2DttpsVbfSnuhOhYtLiYeojxe7V42TJ3zgYieUADUqh+nldwiLRjHpzX/SevYWauYo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR03MB10914 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Stack guard value is initialized in two phases: 1. Pre-defined randomly-selected value. 2. Own implementation of linear congruent random number generator. It relies on get_cycles() being available very early. If get_cycles() returns zero, it would leave pre-defined value from the previous step. boot_stack_chk_guard_setup() is declared as always_inline to ensure that it will not trigger stack protector by itself. And of course, caller should ensure that stack protection code will not be reached later. It is possible to call the same function from an ASM code by introducing simple trampoline in stack-protector.c, but right now there is no use case for such trampoline. As __stack_chk_fail() is not called by Xen source code directly, and only called by compiler-generated code, it does not needed to be declared separately. So we need separate MISRA deviation for it. Signed-off-by: Volodymyr Babchuk Reviewed-by: Jan Beulich --- Changes in v8: - Code formatting fixes - Added an explicit MISRA deviation for __stack_chk_fail() - Marked __stack_chk_fail() as noreturn Changes in v7: - declared boot_stack_chk_guard_setup as always_inline - moved `#ifdef CONFIG_STACK_PROTECTOR` inside the function Changes in v6: - boot_stack_chk_guard_setup() moved to stack-protector.h - Removed Andrew's r-b tag Changes in v5: - Fixed indentation - Added stack-protector.h --- docs/misra/safe.json | 8 +++++++ xen/Makefile | 4 ++++ xen/common/Kconfig | 15 ++++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 22 +++++++++++++++++ xen/include/xen/stack-protector.h | 39 +++++++++++++++++++++++++++++++ 6 files changed, 89 insertions(+) create mode 100644 xen/common/stack-protector.c create mode 100644 xen/include/xen/stack-protector.h diff --git a/docs/misra/safe.json b/docs/misra/safe.json index 3d68b59169..e249bcbf81 100644 --- a/docs/misra/safe.json +++ b/docs/misra/safe.json @@ -108,6 +108,14 @@ }, { "id": "SAF-13-safe", + "analyser": { + "eclair": "MC3A2.R8.4" + }, + "name": "Rule 8.4: compiler-called function", + "text": "A function, for which compiler generates calls to do not need to have a visible declaration prior to its definition." + }, + { + "id": "SAF-14-safe", "analyser": {}, "name": "Sentinel", "text": "Next ID to be used" diff --git a/xen/Makefile b/xen/Makefile index 58fafab33d..8fc4e042ff 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -435,7 +435,11 @@ else CFLAGS_UBSAN := endif +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS += -fstack-protector +else CFLAGS += -fno-stack-protector +endif ifeq ($(CONFIG_LTO),y) CFLAGS += -flto diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 06ae9751aa..42a2b6a03f 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -100,6 +100,9 @@ config HAS_PMAP config HAS_SCHED_GRANULARITY bool +config HAS_STACK_PROTECTOR + bool + config HAS_UBSAN bool @@ -233,6 +236,18 @@ config SPECULATIVE_HARDEN_LOCK endmenu +menu "Other hardening" + +config STACK_PROTECTOR + bool "Stack protector" + depends on HAS_STACK_PROTECTOR + help + Enable the Stack Protector compiler hardening option. This inserts a + canary value in the stack frame of functions, and performs an integrity + check on function exit. + +endmenu + config DIT_DEFAULT bool "Data Independent Timing default" depends on HAS_DIT diff --git a/xen/common/Makefile b/xen/common/Makefile index 9da8a7244d..f625031d16 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -46,6 +46,7 @@ obj-y += shutdown.o obj-y += softirq.o obj-y += smp.o obj-y += spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) += stack-protector.o obj-y += stop_machine.o obj-y += symbols.o obj-y += tasklet.o diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c new file mode 100644 index 0000000000..2115912c3b --- /dev/null +++ b/xen/common/stack-protector.c @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#include +#include +#include +#include + +/* + * Initial value is chosen by a fair dice roll. + * It will be updated during boot process. + */ +#if BITS_PER_LONG == 32 +unsigned long __ro_after_init __stack_chk_guard = 0xdd2cc927UL; +#else +unsigned long __ro_after_init __stack_chk_guard = 0x2d853605a4d9a09cUL; +#endif + +/* SAF-13-safe compiler-called function */ +void noreturn __stack_chk_fail(void) +{ + dump_execution_state(); + panic("Stack Protector integrity violation identified\n"); +} diff --git a/xen/include/xen/stack-protector.h b/xen/include/xen/stack-protector.h new file mode 100644 index 0000000000..931affd919 --- /dev/null +++ b/xen/include/xen/stack-protector.h @@ -0,0 +1,39 @@ +#ifndef __XEN_STACK_PROTECTOR_H__ +#define __XEN_STACK_PROTECTOR_H__ + +extern unsigned long __stack_chk_guard; + +/* + * This function should be called from a C function that escapes stack + * canary tracking (by calling reset_stack_and_jump() for example). + */ +static always_inline void boot_stack_chk_guard_setup(void) +{ +#ifdef CONFIG_STACK_PROTECTOR + + /* + * Linear congruent generator (X_n+1 = X_n * a + c). + * + * Constant is taken from "Tables Of Linear Congruential + * Generators Of Different Sizes And Good Lattice Structure" by + * Pierre L’Ecuyer. + */ +#if BITS_PER_LONG == 32 + const unsigned long a = 2891336453UL; +#else + const unsigned long a = 2862933555777941757UL; +#endif + const unsigned long c = 1; + + unsigned long cycles = get_cycles(); + + /* Use the initial value if we can't generate random one */ + if ( !cycles ) + return; + + __stack_chk_guard = cycles * a + c; + +#endif /* CONFIG_STACK_PROTECTOR */ +} + +#endif /* __XEN_STACK_PROTECTOR_H__ */ From patchwork Mon Apr 7 22:40:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 14041932 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4BE15C36010 for ; Mon, 7 Apr 2025 22:40:53 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.941216.1340763 (Exim 4.92) (envelope-from ) id 1u1v8v-0007Kz-TW; Mon, 07 Apr 2025 22:40:37 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 941216.1340763; Mon, 07 Apr 2025 22:40:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8v-0007KD-Mo; Mon, 07 Apr 2025 22:40:37 +0000 Received: by outflank-mailman (input) for mailman id 941216; Mon, 07 Apr 2025 22:40:37 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8u-0006OT-Ux for xen-devel@lists.xenproject.org; Mon, 07 Apr 2025 22:40:36 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on20605.outbound.protection.outlook.com [2a01:111:f403:2607::605]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 520ed6f4-1401-11f0-9ffb-bf95429c2676; Tue, 08 Apr 2025 00:40:35 +0200 (CEST) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PA1PR03MB10914.eurprd03.prod.outlook.com (2603:10a6:102:48a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.31; Mon, 7 Apr 2025 22:40:29 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%5]) with mapi id 15.20.8606.033; Mon, 7 Apr 2025 22:40:29 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 520ed6f4-1401-11f0-9ffb-bf95429c2676 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OE7gybsGsogEl0uXSFDarZgloYGlBOdulJlo088AhOE0EIG+faPALcSzbidniWdpO+X46G8R29qtu3CvXh9f5SIqPMGRX3hjOTs7mjU684aeHBxpehx/m0nuSl0v2cIwt8PsEJ6/oTdxaC+nkJYIp2nVE4EFmZg+92v1l/pTskRwD03vwvo7LgZgth9esri2OTX9bHraXaiskwsPo9FetODuXvuLy6UFvxsWnGBQRdZz6WuAT3F0WSToZV2vgJQJtQghhvh+NR3fBJlqyfmZFjOsnk2jSyije5UJREdX1O/GKGF/b1VMDgEx/CeD5H9mfpn7M79oYWMypI//jyj/+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LjV3Ix0lRqsYcfZ9MZ3oHVWnpUgcHjwvqWZ+xmEudlA=; b=bkIZ4z+u6qbkUz00VEngaWvew8I8uwGlI6MlKxY22vk/4icxIau7K+PBQGWk8oqyI/56fNC0wrMTuYEwlhknQoAV0H+dLldJwaz5ZHomwt0KE797RWgsAbr7dUjIoaS/W7JKbD3C6wARdZhWQsT35igDqrwAyZCN/hmUccUqQDLuMz3LxUZVCJdwLmP4yMniQa2o9pt7uR6M3TmoPBH25rvFW0w4KXHYn5uECiFpyUBg6wDjbyl0LJcz2Ev4rRwm2qsH3ysWHevSPIh0hIMvjDXS3oaK7YaWnRSI9MNSTFJQGO6kA808tMP+/yi+1zSzQ4qi7CgjAv1vtHUnM7ceTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LjV3Ix0lRqsYcfZ9MZ3oHVWnpUgcHjwvqWZ+xmEudlA=; b=UfTvoMRFLSs3H0jHYdMa2ansjgnE0U7hJn4SKbUOulMF/QUXoQuBMU7eeGMa/Kkv737yHfZPpjhHH4N3VhUauRVpPrcTCPgFdAwZVdRRrZMoHtbF+w9xH8kkFzi6Phm420De6LSjJJRPUUXikhXXL1sebl+dtkI/xyl9nEBY0Np2UY2pNLORbbJgG8le5WU+YpqpGN4n1bp9LcrK4AFGNa1hkpCHwehL3xUG+DoUoe+KfVMVI7S7oyS1Jycz/ghBnrfYF1xRwbYKC0sF+B5dY8EwaY9zSIzy9XYcFbqUlYcT7xMY9KZVNY7Injf83vDXB0bz2TBOd9i3f9sGMjWLTg== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Stefano Stabellini , Julien Grall , Bertrand Marquis , Michal Orzel , Volodymyr Babchuk , Julien Grall Subject: [PATCH v8 2/3] xen: arm: enable stack protector feature Thread-Topic: [PATCH v8 2/3] xen: arm: enable stack protector feature Thread-Index: AQHbqA4PPDkWtASJxk+dJciG8QkunA== Date: Mon, 7 Apr 2025 22:40:27 +0000 Message-ID: <20250407224009.2577560-3-volodymyr_babchuk@epam.com> References: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.48.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PA1PR03MB10914:EE_ x-ms-office365-filtering-correlation-id: 6893f7bb-b108-46c3-9480-08dd762532ef x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?K6UpvI6hRHc4TDBRIr51QBiAJa?= =?iso-8859-1?q?1HgmXP3//TpWzJi+YJxjTz9G41r6I9Xm0J3biEaNRcjapGNeUT/o8driGpa2?= =?iso-8859-1?q?SPLM3ocWoaWmfqfJIjEXa6PBkDB/5RfP6mqLDMaqYs3kGDb6mLzBUzPoHqI2?= =?iso-8859-1?q?cP7TAkobiGbxLQq0jMH/qD8PtrTGha5SLKKNYIxYbV6/1ygWHW3tRQIgi/p2?= =?iso-8859-1?q?S95ZsfHO7TlFtfgdLqOVlKIsri5unz5+8q4ve2LYG5GgLEklK0XgOZZeDXTd?= =?iso-8859-1?q?znGUQHSrbwL1vknhLzQn47/nkzVZDT1EGnTtLv3MEyDUwHQO/XOy5/yjE7Sa?= =?iso-8859-1?q?6gjCdekmZSh3zy/+48DZBBZGfy7IZV4HUHTtTy2fPpzN7VTMcDowfmqVd/g6?= =?iso-8859-1?q?l8Z25SVvjcDnZGVdLXvlhQve5hQuDK8MwhwnXbq2bBCkRFQ/c7IlGjFgtXSN?= =?iso-8859-1?q?z4pXLeVRB8R5tBV2h+tC7kbUEh2EOmPYu8eEbBkGIXHGSyaPR+9hK/hYhVSh?= =?iso-8859-1?q?P6rFlZIbe1fKFZgq8z/vZ05DRze7I5fXZmQEz7Gfow2z+D6pxlQsnorZr08f?= =?iso-8859-1?q?O4rGkb/aLVMbFFI0FOFw49+0tRxh5hzfIvdGshO2MiTI9e11R/gNsNdFtaKK?= =?iso-8859-1?q?A8FdCZdz3SWW2KFeAEG0ld58xh5IdQykwQxjV8wx3XjH04elbKgthOwY/vLh?= =?iso-8859-1?q?9mhHm1V6hme0atbEGtflvD9WqbOaYvc/Nwb5n8RldZ8nT/DCoJh/zlM06fa1?= =?iso-8859-1?q?NmXwiCpWk3cR7P7W9K13J5F/gEFiCjWp927/E7mDQ6USTaWrvIzxNjI/pz/M?= =?iso-8859-1?q?r14srCbLK6lez5JFlKagKmvtlysKZQNtpMoFcTl6Yqq8d6j77jx0uPoU6UIJ?= =?iso-8859-1?q?qzrdD4FZANVHd71P9JkwPSxZ7+O4u07bDle09YYJsEqU44rPzbWRWv+LSijw?= =?iso-8859-1?q?ikzbDabQXGrEUGvjA7KD7xAKayOLC5kwXWYJTWklYZdhmzvE3+ILj4hqmkQZ?= =?iso-8859-1?q?5SmWnLL+kR670MD3ZIR7oVDsVU3+1A3+dcWImyA/oEbemvKqNxGC43KQU8VA?= =?iso-8859-1?q?uZaGVRprYvRC2iNQUaD+Z/YTDGyObEwN8wv7PH2lzmDYnsyRTQCVUhelXPvG?= =?iso-8859-1?q?nkzCv1vMAdmZSwPLKi+/xf+oAsSC3k+XwBQKrLBZNmlOd/cewM4SSFXqrTfb?= =?iso-8859-1?q?AB8ZJJLigu/ojcRMYpZUKanto65Cf9uZbwL8kYUygXuNqDgBAkoZCHL9BNFu?= =?iso-8859-1?q?BRSNdiMmIcO7OJLT/GQjL/Kmo3fPNU7u5o0Lp7yalTVg0pUj1HCCPN29RZff?= =?iso-8859-1?q?XRzjZ6Aj0MH7pVQd7x9D9YvCyhlnwe1Dvf2AjtH/KO4NPIWkuIqdb1o6QOxt?= =?iso-8859-1?q?Ym12c9iK328jICA6Z/vmozFdIRuRsoSlXqAcejR8Egpi5e98UJayR0cuOtFQ?= =?iso-8859-1?q?tdn611WT588hPPbfZulD7u5NJOSzrxcCRWZaYF2PZLfj7HKXa9CF83U1hn1z?= =?iso-8859-1?q?+n++ie?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?0f4GxzvFto9CI5lHs/1dFvh?= =?iso-8859-1?q?l3KDwkpQnIwZVRTAcXWEYwtx1DWDmM8ZkzXo1WUYCTNEVyvS8/fUvFI7DkZA?= =?iso-8859-1?q?4nWt7tH8N8ih6NgVy0zLA5ve7Og16PglTqn3SHHtgW/g/lUpYxEVlVSuD8ME?= =?iso-8859-1?q?I59dOWEjmbMrLXLe/HD/gwAyokaQ0HGk7rx3ai7uYM2GFYXvHT1X8PovIHOW?= =?iso-8859-1?q?ztYRtAe02Pk9vcr613wjASjRneaDfhr4Knkuhn2VdIwrJj4kn8t+Bi/v5AHH?= =?iso-8859-1?q?8C4xriKXsW0mlcZwZ86EJa4gruV6cTy4cnhMFV+UKnAVIgFT/i/VyajvYdQ5?= =?iso-8859-1?q?LIIz0tDRKp7hpQfbF1zvsiX5w79sLhUiVjAIeFTnwz3vg3O2K7d8woZhvXMt?= =?iso-8859-1?q?6UmI3EU2WVAzjL8xm1IPuFpzknsqn0vga50tcFXVK8JKLBMh5LbQpVuesZB9?= =?iso-8859-1?q?7fc9U226ioU9fIKMZ5sFp3lndG9K0qZLYuXlRJU1zK8gg4iY8eZjPv8AYEBa?= =?iso-8859-1?q?zvdjUM5s85fuGUoT5epil/ckuaWiMUx/2B4GQ2x6ukOmEqr3qkAAJ4TiVg1q?= =?iso-8859-1?q?un1FTXKwyeEJ+pdEOo5fT3TbPOu2qO3o9Al6rJokXXZXPiSpT5iDfQ4SZFMU?= =?iso-8859-1?q?/xjwBXM50OAEO9SO6avRIKhdMlKkFiqXrJn+y0szbepHhQrc0h1GtoRequSX?= =?iso-8859-1?q?/1FB4nSj8gi75qxkq9FQAzq3NtR99gmzlA+o69eFp4h1bREaFbLyFsOWpBWU?= =?iso-8859-1?q?6KGKIzoZkYp/xVHSpbFoYoUIlDCHGnizHA5W5omKSDkPVmyhMF5z8qTprz2O?= =?iso-8859-1?q?kNoOZTdpzLL+WbngDYoqtaV3KkMAJF76fi/CCbdf4n9YRI0df+NwIgORyzN5?= =?iso-8859-1?q?TZ6QDXxJ+deyNK6x3SIgpayOMgUw9BY4oe24PISPn7IXu6LviiQX4cFLK0xp?= =?iso-8859-1?q?vVK4CUE2yfbAld4eu7xfMTCFlZ/ZwhJr1eW9CFAPZVk6xaohAQwYKG1KVKfj?= =?iso-8859-1?q?kZdKRgjdedHDbOTdZz+tCRJBeHIuL+4lX5/+Xjj9xBZzU92t7Ix0w9yR+Psa?= =?iso-8859-1?q?8Go1nuxZyRMbWMcsd5vhxqXxMaKemF33O5DxzIImrGtYL2v7M7EyzUgpHkkG?= =?iso-8859-1?q?C/DCo8ecHfFdzNnKr/Tq/uaNn03dkSrGCkL9DM5/genA0SSgVnqRpYstTwE6?= =?iso-8859-1?q?IIhJ4STgrXmZ9nq5TaG0VLKNJeWKgX1rNVdf65u64AbNfNF+6p4rEgn9xI6z?= =?iso-8859-1?q?IDHqfiS7p964/0eHdNSCVX+AkO4Rfo2AIs7wvTs7ph2KHpe2h9Y356mgpEPZ?= =?iso-8859-1?q?o/nGzJgKhQUdSYiaY3sv1QgOogPEdqDJV7lujmvFyDW6qLZ/x1A8vGeYmalC?= =?iso-8859-1?q?27Mnd5NalaAiV37Kf83TasO5/FIIMJ7YmNq9pQeikPD82ocl/xh77Dm9vUk4?= =?iso-8859-1?q?sWgI+0W0Bhr5hoqTSlebjTUWzp2sb8lrQrTCQ42LwY63RB3mgCzlh6jkWADW?= =?iso-8859-1?q?zvuc2Af0couM15TiyLOyuQpHfyM0Hf4Ql5irc7BgYWHQewXLzhmsCKs+/Wll?= =?iso-8859-1?q?wEak2lST8H23KTlldu6kjSStkVEYtEgRCA/B/KDj3UPo9CYooUj6whP3fq8U?= =?iso-8859-1?q?JIObYhZ/Z0E4AD9uty5U9Ry4xWKZeedkSUkWr9w=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6893f7bb-b108-46c3-9480-08dd762532ef X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2025 22:40:28.0205 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: q+r4/tRAhvAUz0jyjKJ5GyK2iQTpSbjXl1Q70rI+G4s+pgF0jh/i3esBiFYd9HG+xznv1g+i8sXWf8M5yGJIF8B7CBVMA8AqJ7OabmvJsgs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR03MB10914 Enable previously added CONFIG_STACK_PROTECTOR feature for ARM platform. Initialize stack protector magic value very early, at the very beginning of start_xen() function. We want to do this early because prior to that boot_stack_chk_guard_setup() call, default stack protector guard value is used. While it is fine for general development and testing, it does not provide highest security level, because potential attacker will know the default value and can alter a payload, so correct stack guard value will be placed in the correct position. Apart from that argument, boot_stack_chk_guard_setup() should be called prior to enabling secondary CPUs to avoid race with them. Signed-off-by: Volodymyr Babchuk Acked-by: Julien Grall --- Changes in v6: - Expanded the commit message - Added Julien's A-b tag Changes in v5: - Call boot_stack_chk_guard_setup() from start_xen() instead of early ASM --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index 565f288331..da8a406f5a 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -15,6 +15,7 @@ config ARM select GENERIC_UART_INIT select HAS_ALTERNATIVE if HAS_VMAP select HAS_DEVICE_TREE + select HAS_STACK_PROTECTOR select HAS_UBSAN config ARCH_DEFCONFIG diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c index bf39d41e9b..07703a15e1 100644 --- a/xen/arch/arm/setup.c +++ b/xen/arch/arm/setup.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -306,6 +307,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr) struct domain *d; int rc, i; + boot_stack_chk_guard_setup(); + dcache_line_bytes = read_dcache_line_bytes(); percpu_init_areas(); From patchwork Mon Apr 7 22:40:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 14041933 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2A120C369A1 for ; Mon, 7 Apr 2025 22:40:55 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.941217.1340777 (Exim 4.92) (envelope-from ) id 1u1v8y-0007kr-7u; Mon, 07 Apr 2025 22:40:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 941217.1340777; Mon, 07 Apr 2025 22:40:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8y-0007kk-2x; Mon, 07 Apr 2025 22:40:40 +0000 Received: by outflank-mailman (input) for mailman id 941217; Mon, 07 Apr 2025 22:40:38 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1u1v8w-0006OT-EW for xen-devel@lists.xenproject.org; Mon, 07 Apr 2025 22:40:38 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on20605.outbound.protection.outlook.com [2a01:111:f403:2607::605]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 530163fd-1401-11f0-9ffb-bf95429c2676; Tue, 08 Apr 2025 00:40:36 +0200 (CEST) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by PA1PR03MB10914.eurprd03.prod.outlook.com (2603:10a6:102:48a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.31; Mon, 7 Apr 2025 22:40:30 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%5]) with mapi id 15.20.8606.033; Mon, 7 Apr 2025 22:40:30 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 530163fd-1401-11f0-9ffb-bf95429c2676 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ts+7hrCwA5c8rg/Zgx9flDNHN3dzigNBYFsgy106xd5PBfF52l5gAeZdmv3HUgP6Gv0tf9i46RWLvAqT0e/dHM/cxRRU6Rahvz1aXqFOewn0AsE6DTkAdQjNV2pdK7hIv8mDaIB58zuAK6AdPiNaYfSW9FyGKX8ewz1jYyzD189VZyIFmSAS0VGQpqfyk03a5SdUBG/mMW1JiSl9rtq3rGG4vltUKqqLoQo6eMrgEsGd8TzYrj2UtSiAsw3ZCwgKpCpEQ0RHXmtaMzDfCVsq2FwYFqp3+8pbBwwLTOEyS5GqQlCakvZWp1DPCva4QdWn0ElkezrC008JoaemUq0n8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HTaXM1YcpRWAmexAanCUNtB3dc8utxSCTc4qJp2hJ04=; b=QN591Pt8xdCRab4iDb47/j/fHE8rxfFIbAks8pq1A1OfVWHl2+xL3uuqVs5U+aJAKBLHM0kKOhwtZw5w/oiicQ4khmczv5w+xFTy8ACnYlRmU5ILimWkhESKGYgJ+/PGTlSpMXZ1+vHdCjciqTYz8gsYIosh2g9fyM6M0JCnPLeUiHnvuaTCX741biUOwXuWSOgH2KVd5O0rMELmVv1x7hqAYWenzOY5LURmYqRCvv3FZkTVTQtLcK++Ipy8Cg9yu+Y42RQ2IMHETFlNZAawcMyQ+zTv+EKM04OjSx/hRqe/txq0ipYal6liRkput12qDdVIUyRvl0562rs0K5VasA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HTaXM1YcpRWAmexAanCUNtB3dc8utxSCTc4qJp2hJ04=; b=YUZRxHE/OClcSNYW8Mh3U3gpW6HdVIG2SxotLj5lmsBTygJW14wx4c6ZrYJw2lrp9/KQ8vmdh7nOjY+0r3bpcdcQyUv0TzdWkCjFkHgFXyn5rkzWJ4isl7ioQhPNCtILVDqX9NT16ZCrS8Bcc6WlH9I667jLqYBeNFiCvorQHpCFRJqZAc7W4pyXKX3ogeZwvF75B9gtLg4ZazzAXzOg9g+NLKqU610Az29Z9dc2gCisOG0BTFNDbwSSD8KvmAZCNasYEwupmHbLLiqcejolrKQ0K9ykTX4L7J0bzlcWAN+oyQGnTpm4n8nmAs6j49K1Yl5d4enzeF8eSz3Of/I2TA== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Oleksii Kurochko , Community Manager Subject: [PATCH v8 3/3] CHANGELOG.md: Mention stack-protector feature Thread-Topic: [PATCH v8 3/3] CHANGELOG.md: Mention stack-protector feature Thread-Index: AQHbqA4P46MaoNq1rU+9TN2F/tJcNQ== Date: Mon, 7 Apr 2025 22:40:28 +0000 Message-ID: <20250407224009.2577560-4-volodymyr_babchuk@epam.com> References: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> In-Reply-To: <20250407224009.2577560-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.48.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|PA1PR03MB10914:EE_ x-ms-office365-filtering-correlation-id: 2ef9572f-cc07-459a-e6d1-08dd76253326 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?q?VvoGeoeRJBMEeEGQOOib5dGlHd?= =?iso-8859-1?q?gMeDoPtIC9S216aAiOSXufZQey5OzBfQqfrMIsLePMI2XCLCsO17oo73877A?= =?iso-8859-1?q?DipJ+aN8COWKqf935SOO9/+jYB/5ZZsRbt/prs2B4aruqt0aVHRayKXhWy/e?= =?iso-8859-1?q?6+ywe3Z0rvwAcXXFrw2x03xAIuKgNufxUNp9N8dWOAVSBRsRWT0OFCwfm8Wn?= =?iso-8859-1?q?XYIoW+xniQiVTO0JhsRUXwk2EoiYxzkHDF1c5qOP4YsYPq0lPNqlRCtGgCtJ?= =?iso-8859-1?q?m45/KNn71BDqYhxH9mU6rmPJHAkXfxh3ow00TOG74OFeCJzSp3SQ5GWJ3sm8?= =?iso-8859-1?q?nU3SH3N+aWFGfQCXPr7ruyaxIMjCYrgjHrHhtEQtNmRHiTRSuyfmC3fjAD5e?= =?iso-8859-1?q?5X/GKgRiTC7Jm27wk1XwWhaFFBQBqP8FBTdbbDexafkcE0004R7Ql21wTOBF?= =?iso-8859-1?q?S1yle01yJxRbSi9KzfTEzPItV+FEbNKDLj+rGMuKl2L8+WERHdBcIMOvvySz?= =?iso-8859-1?q?A+XSdd28hmpFnQO9A69EuE3P9gkojkJqv26oYCvJTtvVT8VrQgIOBeuqHPAn?= =?iso-8859-1?q?Ooab+KEYzLCoZTobQqj0fKcGF0Suli5j96M4S/4rzNOgl2vcXPtHp1nxhoPl?= =?iso-8859-1?q?7Cohe7oyUH5WVc6CQxnbCVdteZbWTHIgWxDSHwkatHE63p7UxDSMgSBki3uH?= =?iso-8859-1?q?DO4gKmLHl07V4idvY9BFXpCyI/JQlpcMxyqEmL+K9SdWM67iG/rrrl9w3hfN?= =?iso-8859-1?q?+XtiAHKKOi+Bh0vRTUVBAYFm01u8JTbezHiXXOpv26VheDeEHtujlKsCsPFS?= =?iso-8859-1?q?n6tzwzdE8CNxXkfcjhtplNOlThGjNB8oAg6eBkCX7AmiNjSrGqiCzOmue6v0?= =?iso-8859-1?q?68UVy/eHUEN4yniBN7IGviJu0IY9FWk/zQ5tVzkyci3c7VMtARidBtJge545?= =?iso-8859-1?q?50JZaiFE77GipCyBpa7ub/wDUM+5lSMWM/0r3GPU0F9crVIAW+FwfWX+Oe4P?= =?iso-8859-1?q?eO+y0wmGtXjdYLMc4K3l3uKSf2VD37BC+6o76gbk0dOS8CSx80d0nyYq1wWk?= =?iso-8859-1?q?heOXFO7Ja62OWoCRlAzvq+pMi/f8xKPLCMCCVEZpPkfT8W25fc32ZFrFPSwK?= =?iso-8859-1?q?5jG7CIMbQzBX9fWfbh07IWJtgFn+sYg37KzuBgeRzjW30BBX7KoJZ0ZAT7MN?= =?iso-8859-1?q?K5nrx7XIv5GMupiSpky5M3twxENDlnxBP81sKF5tkVYsg2BnuR+99fRI2owg?= =?iso-8859-1?q?Y3oXEp9VmYsIJW8vpuciaf50DYUDTGstnBwT+f1K5+B0IWyn2fpHKxFjL3F3?= =?iso-8859-1?q?WFD0bX6yeqTdRdBEPkLLiJ6mQclNfsel5QEdCjryNchiWtJcigBniEWhZFNH?= =?iso-8859-1?q?vu5WOZcaFhBVqVv0ba+YHox6RXIKdNyAixBecyn/avliF1yCv2w43mM0A4Fg?= =?iso-8859-1?q?ta?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?EtjadY2Q9Bo8v0yYewuWBB7?= =?iso-8859-1?q?ni1pBdgH4GQDiZX5V4zRa/2oEHXCsUdE1k45kCFb/Tnx4Wxffh/r6Qj+JJ+B?= =?iso-8859-1?q?QlAhRreEOgWAy+7/GYEYgizLDkCwu7gkSSFoOgoNp2ID0/22iadmVd+1GzUN?= =?iso-8859-1?q?JcSnj7QdkAHwU3Ec4bvgSuv0vmpU9gSbceWzwoY1T0USadooBl5zSot4ZIes?= =?iso-8859-1?q?Ym9loycGcsKCyqNBdQEju3wb95v6CXV2yydMi3NptW4CxqVJx7h0aLrhFR2r?= =?iso-8859-1?q?QLWeK9EGku0SvU7Dya4BPizkPo7V9cWjMl/fKhTgXAGtHxFSrQ7qjd2Gu7wQ?= =?iso-8859-1?q?yToso1IbIdM6HHHfc6pZ+WfM6qOfcjlZCvHYqKPzp3cykNGKDAe+03WX5wRs?= =?iso-8859-1?q?cv+ETQzL4rcSiJqEG+26OTKYmmOIVT8pcC4yhrv6+5YPg5qfnOPkZxpHINel?= =?iso-8859-1?q?NGbWf0VYuRdhslp0Z6MaC86MXucHVgIJTY+1O1fvgYFvVXhwbFZsN+0vGvB5?= =?iso-8859-1?q?ZpYaPYWADI4L530UnzJ6GRYRwub4eIJyMKIxCnWjoX0fYXfant9XZpet1aPr?= =?iso-8859-1?q?lsQoW9yCWd9KhVOqyr1eGAcqiOhRj0BRoygNvGNvhZJwctnQEWFzVFCbuxFI?= =?iso-8859-1?q?l1KA8VO6bQ9f3L47w1vUjk0dFJ0IRMmjf3VrmS8+Jqog0mOgohAQiHWXFlPQ?= =?iso-8859-1?q?ENEfOyVtf9cCxd3pHtuq/RXQ0pE2vCwktsRVvDVGzkf4GjAIhQsWENdDciMD?= =?iso-8859-1?q?8nE6IWJ4OpW3tqS7nTGPUmZe/ERHiyIYLeGZfLx76GwMPTyf3clRpdqVpJ4P?= =?iso-8859-1?q?SdJedzUDpew0TYxguZQC617ywp/5tSd+aoe9JcK9rqcIiJbAhChxy1trsnc4?= =?iso-8859-1?q?Cm0sSuJYFcRDaUSSIfHP9Wai2MNycmCj/08LH1wOls/+4XGNruJgUUQKfgXA?= =?iso-8859-1?q?Cv5pBwzO8LHk9lux4PJeYoge/ILL5AyEae1t9AhehYbyKTmhCedOn0WIf+Lt?= =?iso-8859-1?q?0SkTfiaQVLx7Nhzxy7SkRHdqPNW8R56eTyqHpC0OZWghDcFUqyz2hgSHX/t5?= =?iso-8859-1?q?ElFN8hOWXngGPXPVy/W6Rx+g+txsbuMKKCFfJTzK993vZqbFW/vgazxpPDrQ?= =?iso-8859-1?q?97PniaPCG7E9lYwahrW7eH0cUrzhVZDuIsGjmKjJbSJTY9Yydj4cO1YYf+OM?= =?iso-8859-1?q?sDKH97ZQiEllIp9Fxc3tiNNdfu6HSIg6F7sHG91ca8vdOSN2tzfxntml8+Ay?= =?iso-8859-1?q?FdLV3em+cq7qFa2W7eV/+D5f3e7EKiRUNdV6nz5wgv82zD/ur+JVz36xoyXK?= =?iso-8859-1?q?nQMalJbw49vEQcDJI5v2UlzWScvftZO+kTUowG9Rwz0aBPYwDW7wjGnLly7p?= =?iso-8859-1?q?z1YMt5mzi4DmQj2IEQ0EvWAMsmVMcgQ8qO/CFRNi6rdlrp9ETqFgfpNdJ8gv?= =?iso-8859-1?q?Z7e5nzEibhWTeXgTddBZXdURXWgiejcywkiXTGUoUtde5RBxj4jBtEon3xR4?= =?iso-8859-1?q?8QTF+Z0/X/bdkGVUDgbX6W5vLNZINudHX+N1oPbI9KdpQTfCxMUmW0GBqeIr?= =?iso-8859-1?q?tKLgK4UMdPXFOQDIJGK939zOdDRWx8mYf6ccEfM74CpJQMLnK0rGXrqWPA6+?= =?iso-8859-1?q?2rTOrZFn8a028S5Ccr403lSh6nM4YhO6yb6FSuA=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2ef9572f-cc07-459a-e6d1-08dd76253326 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2025 22:40:28.6795 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 82YAi6SThVJw8Z/trU7zin760OMLMTMLnr9SuXwAFjAPBWJ1WMzQ0lReCuD/1x2w1RtFqoP6h9en4cMcnhe5BDqitcFmJGAKAgZz7ms8IY8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA1PR03MB10914 Stack protector is meant to be enabled on all architectures, but currently it is tested (and enabled) only on ARM, so mention it in ARM section. Signed-off-by: Volodymyr Babchuk Acked-by: Oleksii Kurochko --- Changes in v7: - Moved the change to v4.21 - Added Oleksii's acked-by tag Changes in v6: - Dropped Andrew's R-b tag because there is little chance that this series will be included in 4.20, so this patch should be reworked for 4.21 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f6afa5c85..d3dd31dea2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) capability usage is not yet supported on PVH dom0). - Smoke tests for the FreeBSD Xen builds in Cirrus CI. + - On Arm: + - Ability to enable stack protector + ### Removed ## [4.20.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.20.0) - 2025-03-05