1. Patchew
  2. Xen
  3. [PATCH v3 0/3] Add stack protector
  4. View patch

[PATCH v3 3/3] xen: arm: enable stack protector feature

Volodymyr Babchuk posted 3 patches 2 weeks, 3 days ago
[PATCH v3 3/3] xen: arm: enable stack protector feature
Posted by Volodymyr Babchuk 2 weeks, 3 days ago 
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. We initialize stack protector in two stages: from head.S
using boot_stack_chk_guard_setup_early() function and from start_xen()
using  boot_stack_chk_guard_setup(). This ensures that all C code from
the very beginning can use stack protector.

We call boot_stack_chk_guard_setup() only after time subsystem was
initialized to make sure that generic random number generator will
be working properly.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

---

In v3:
 - Call boot_stack_chk_guard_setup_early from head.S to ensure
   that stack is protected from early boot stages
 - Call boot_stack_chk_guard_setup() later, when time subsystem is
   sufficiently initialized to provide values for the random number
   generator.
In v2:
 - Reordered Kconfig entry
---
 xen/arch/arm/Kconfig      | 1 +
 xen/arch/arm/arm64/head.S | 3 +++
 xen/arch/arm/setup.c      | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 23bbc91aad..a24c88c327 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -16,6 +16,7 @@ config ARM
 	select HAS_ALTERNATIVE if HAS_VMAP
 	select HAS_DEVICE_TREE
 	select HAS_PASSTHROUGH
+	select HAS_STACK_PROTECTOR
 	select HAS_UBSAN
 	select IOMMU_FORCE_PT_SHARE
 
diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S
index 72c7b24498..535969e9c0 100644
--- a/xen/arch/arm/arm64/head.S
+++ b/xen/arch/arm/arm64/head.S
@@ -250,6 +250,9 @@ real_start_efi:
 #endif
         PRINT("- Boot CPU booting -\r\n")
 
+#ifdef CONFIG_STACK_PROTECTOR
+        bl    boot_stack_chk_guard_setup_early
+#endif
         bl    check_cpu_mode
         bl    cpu_init
 
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index 2e27af4560..3587baab21 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -13,6 +13,7 @@
 #include <xen/domain_page.h>
 #include <xen/grant_table.h>
 #include <xen/types.h>
+#include <xen/stack-protector.h>
 #include <xen/string.h>
 #include <xen/serial.h>
 #include <xen/sched.h>
@@ -359,6 +360,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
 
     preinit_xen_time();
 
+    boot_stack_chk_guard_setup();
+
     gic_preinit();
 
     uart_init();
-- 
2.47.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.