Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V
platform. Here we can call boot_stack_chk_guard_setup() in start_xen()
function, because it never returns, so stack protector code will not
be triggered because of changed canary.
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
---
I tested this patch for buildability, but didn't verified that Xen
really boots on RISC-V when this feature is enabled. So I am asking
RISC-V maintainers to provide feedback on it.
---
xen/arch/riscv/Kconfig | 1 +
xen/arch/riscv/setup.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig
index 1858004676..1481f23b66 100644
--- a/xen/arch/riscv/Kconfig
+++ b/xen/arch/riscv/Kconfig
@@ -5,6 +5,7 @@ config RISCV
select HAS_DEVICE_TREE
select HAS_PMAP
select HAS_VMAP
+ select HAS_STACK_PROTECTOR
config RISCV_64
def_bool y
diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
index e29bd75d7c..cd71748d2c 100644
--- a/xen/arch/riscv/setup.c
+++ b/xen/arch/riscv/setup.c
@@ -7,6 +7,7 @@
#include <xen/init.h>
#include <xen/mm.h>
#include <xen/shutdown.h>
+#include <xen/stack_protector.h>
#include <public/version.h>
@@ -55,6 +56,8 @@ void __init noreturn start_xen(unsigned long bootcpu_id,
if ( !boot_fdt_info(device_tree_flattened, dtb_addr) )
BUG();
+ boot_stack_chk_guard_setup();
+
cmdline = boot_fdt_cmdline(device_tree_flattened);
printk("Command line: %s\n", cmdline);
cmdline_parse(cmdline);
--
2.47.0On Fri, 2024-11-22 at 21:07 +0000, Volodymyr Babchuk wrote:
> Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V
> platform. Here we can call boot_stack_chk_guard_setup() in
> start_xen()
> function, because it never returns, so stack protector code will not
> be triggered because of changed canary.
>
> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
>
> ---
>
> I tested this patch for buildability, but didn't verified that Xen
> really boots on RISC-V when this feature is enabled. So I am asking
> RISC-V maintainers to provide feedback on it.
> ---
I've tested on staging and on downstream branches everything is fine:
Tested-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
~ Oleksii
> xen/arch/riscv/Kconfig | 1 +
> xen/arch/riscv/setup.c | 3 +++
> 2 files changed, 4 insertions(+)
>
> diff --git a/xen/arch/riscv/Kconfig b/xen/arch/riscv/Kconfig
> index 1858004676..1481f23b66 100644
> --- a/xen/arch/riscv/Kconfig
> +++ b/xen/arch/riscv/Kconfig
> @@ -5,6 +5,7 @@ config RISCV
> select HAS_DEVICE_TREE
> select HAS_PMAP
> select HAS_VMAP
> + select HAS_STACK_PROTECTOR
>
> config RISCV_64
> def_bool y
> diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c
> index e29bd75d7c..cd71748d2c 100644
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -7,6 +7,7 @@
> #include <xen/init.h>
> #include <xen/mm.h>
> #include <xen/shutdown.h>
> +#include <xen/stack_protector.h>
>
> #include <public/version.h>
>
> @@ -55,6 +56,8 @@ void __init noreturn start_xen(unsigned long
> bootcpu_id,
> if ( !boot_fdt_info(device_tree_flattened, dtb_addr) )
> BUG();
>
> + boot_stack_chk_guard_setup();
> +
> cmdline = boot_fdt_cmdline(device_tree_flattened);
> printk("Command line: %s\n", cmdline);
> cmdline_parse(cmdline);
On 22.11.2024 22:07, Volodymyr Babchuk wrote: > --- a/xen/arch/riscv/Kconfig > +++ b/xen/arch/riscv/Kconfig > @@ -5,6 +5,7 @@ config RISCV > select HAS_DEVICE_TREE > select HAS_PMAP > select HAS_VMAP > + select HAS_STACK_PROTECTOR Please maintain alphabetic sorting here (perhaps similarly in the Arm change). Jan
© 2016 - 2024 Red Hat, Inc.