From nobody Sat Dec 28 19:03:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=epam.com); dmarc=pass(p=quarantine dis=none) header.from=epam.com ARC-Seal: i=2; a=rsa-sha256; t=1733882706; cv=pass; d=zohomail.com; s=zohoarc; b=ToCWQGmuVrS8rRzmXc1lbR9cSIz9maOg0Z9xdv9vyDaXvKmehhoY6QtVBKsLlXgchPl39bF1aYa6FeFX2IIiK1RVE8SvGeVJi4E+njtyYrrk7FcPXf5yscephWHLExb3Ot6PmGcnHVNRKJ30EPal6dD64nV07mmXakie+Xd6WrE= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1733882706; h=Content-ID:Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=pj/nhgXuxO2BrnIrOHAoc56dHIEuF1g5kUOJqX9YgsA=; b=gDAkpd2BxecCVcijj4ETs7W9JWqp5dLessdvz0pyYqEju2FSOGRo/Sef8KLi7JVCPvdb1jtAEUig3T4hBnXsXGw7TlRzbhqqaK8zOAOfdZgEdAXh+MCVQyZ647wXfdYBYHn4BwuaZlWiL/nKtSAaJRIjTT0DJ4SaJ1P7o4woGac= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=epam.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1733882706854248.98598983417628; Tue, 10 Dec 2024 18:05:06 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.853577.1267010 (Exim 4.92) (envelope-from ) id 1tLC5f-00059P-UM; Wed, 11 Dec 2024 02:04:39 +0000 Received: by outflank-mailman (output) from mailman id 853577.1267010; Wed, 11 Dec 2024 02:04:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tLC5f-00057Z-Nq; Wed, 11 Dec 2024 02:04:39 +0000 Received: by outflank-mailman (input) for mailman id 853577; Wed, 11 Dec 2024 02:04:39 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1tLC5f-0004a4-9a for xen-devel@lists.xenproject.org; Wed, 11 Dec 2024 02:04:39 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2060a.outbound.protection.outlook.com [2a01:111:f403:2607::60a]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 460fbfa0-b764-11ef-a0d5-8be0dac302b0; Wed, 11 Dec 2024 03:04:37 +0100 (CET) Received: from GV1PR03MB10456.eurprd03.prod.outlook.com (2603:10a6:150:16a::21) by AS8PR03MB9365.eurprd03.prod.outlook.com (2603:10a6:20b:57d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.18; Wed, 11 Dec 2024 02:04:32 +0000 Received: from GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e]) by GV1PR03MB10456.eurprd03.prod.outlook.com ([fe80::a41e:5aa8:e298:757e%7]) with mapi id 15.20.8251.008; Wed, 11 Dec 2024 02:04:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 460fbfa0-b764-11ef-a0d5-8be0dac302b0 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OT78h65K4E9xQWiZ7n65iJPNFV5XhFzfqBj/3omUeJ1E7tD5XIX/iESfZPfJgAhdPz3mNc3oD93nH+xpI4dsAWYjXZX826XXTRbrKTd0iqUDrLLuGKHpzFeljWh15O1yUIsD8PUKwhhMHzmlf0Dhx/yntGuiEEg+V1cKnI9avH9t6RiiBGo6tARkFEqaWwKBmruCaQ0vLeZxhV7XE9tAkSCATU5txi0EfEbso+YgpXMg6Jb762k8YOMd2+ar5ycPdPC17GyvnNJfmlzAK38T60J0krsOXvL8KnMTPdwlXndtWXqZ1t0z5rmJ5bHUC1mWPJbvc0YJKBuAXaBlqVbV6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pj/nhgXuxO2BrnIrOHAoc56dHIEuF1g5kUOJqX9YgsA=; b=jj/Yg9F6HmwqkQUL7de8jIcL0uvlOvloUL5Iwi55RDBK//mWk84i2NoTfEe+DWCG3Fto+E0O78Qy5aiHo215vd+R+Lxsu2QLSYBblOCy1xHaeRtAMJNxr4u9Vn5uW6KpJ+OoIzbzKU03jXm7dOJ7mBK/wOs/s8GDdDk0tTuceYUwBEpJK8h2iidsgloy5y7I5JIegWv+O6llB1pqXV+UYjVs3cpJPldGaCYxTXfCt/gTa7q1q/0PbUk+Ax+YUhCsboNSSQdInLkqGlQt1okTbFjqx+p4QqIx4rbxTnksL6DaL//aZLllwqUa4BFSyWXDHqdBON0vLKcCtuCpzQEePQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pj/nhgXuxO2BrnIrOHAoc56dHIEuF1g5kUOJqX9YgsA=; b=voZhMb8qzCJ/xuIwjPXo29EdKK3USyXGlLVRvi4HbLfS76lDjLS6pube1vTzaqyiRm2sCtVdx5p3E3JrW8KkQEXUCcGGJryKQziGxo0djoO27X+omimlfRBXiKZvtqxofwSxNN2k0O+4XFywx8sbERuW1gSx5COv6J+Cq/JPJX3O3It0UEb3C9wkqzFKyAPvKrx3Tjt+0l6lXSDNDFPCO3LO5i6Vt9sgTd0O65Bl1IwI6C8oEcOd1k2kmQ1LjgCaFxBrMA530BN5MJfTxsHYNBIucnqHIc9KXK786tD8pEXOrwjOOH/qsYUzQ1onNfTRT+ZnmYglk8ROOs+iOmqdgQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Volodymyr Babchuk , Andrew Cooper , Jan Beulich , Julien Grall , Stefano Stabellini Subject: [PATCH v3 2/3] xen: common: add ability to enable stack protector Thread-Topic: [PATCH v3 2/3] xen: common: add ability to enable stack protector Thread-Index: AQHbS3ED5ZENsqu4Z0+AIfWfHmGdmQ== Date: Wed, 11 Dec 2024 02:04:30 +0000 Message-ID: <20241211020424.401614-3-volodymyr_babchuk@epam.com> References: <20241211020424.401614-1-volodymyr_babchuk@epam.com> In-Reply-To: <20241211020424.401614-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.47.1 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: GV1PR03MB10456:EE_|AS8PR03MB9365:EE_ x-ms-office365-filtering-correlation-id: 52bfae58-3baa-4e48-f333-08dd19882730 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: =?utf-8?B?MnpDMnVWZElTYXFlclgzN3hVQ3B1WjhTQWMvMDE3NW56bW9tZWhjb0xPbytu?= =?utf-8?B?dXpnRTFqUWN5U1pvN1ZQeVVOT21sSnBuVXFUWEFoUWFUa2hkSDJ3dCtnc1hJ?= =?utf-8?B?am9kTzJmRG50NXhvb3M5ZTFBRHN5V2FBVVdSZjN3N25iSm93aTlwK2xLN1ls?= =?utf-8?B?RGdRaHdOZC83QVZzYnlKaVVFRXFYNThkYStKcmF1QktmemR3dy9tU1NpajBw?= =?utf-8?B?ZWZFcG4vVGthVzRhekV4N2xtYzRYM3ZXbGFvS0lCdFY4VThhUTl6UC9OSC9m?= =?utf-8?B?b3lpUnF6OXhqK1Uvby9TNmQ4N0FnWkdxbkIyeEdNV0tVQkM4emVkbk9oYWg4?= =?utf-8?B?L0VkV25mYTdmQnhlcTQ2amtNVmRSZXMzSUZTNXdhZkxFSzI5azFPdmJMelNM?= =?utf-8?B?aTU0TExxcjUrU2FDODhrdDA5bm5JZ1l6QXZRSSt6MFgxQjRSQmpSOGQrV21w?= =?utf-8?B?RlEyekhVN1lRbEFjODR1SXJIL0JjNytXd25mNmVqTFp5S1Zhb3RhbTRnOU9q?= =?utf-8?B?cUFLRXZwNXhIczJJQlVUZTdXK3JlYlBXeWNxTm5TZm40ckdodi9XN3VDYnNq?= =?utf-8?B?ckxmcDFLQmlWQTFZVGNnbmZURUNGcURXdEdvQURjVk1WNDUyc3RTK29mZ1Vw?= =?utf-8?B?a1Vhb1BuU092K1YvYm9aRW5DN0RoeFJjVWlPR0lxeWxiUVZ2N1I0b1RveXBQ?= =?utf-8?B?MFplT2dJUHkzUWRDRnhXSGNYV1JqNG5sVUhxMVJyRE5nd3FGZHJZZEpKNlJa?= =?utf-8?B?VnZtcko0OHNGTGdPenJOT1NSTWF4ekM1NGl1L0JFY0hLNThJRXh6aXB5Z2tw?= =?utf-8?B?dGRpZXEvaVdOR0RxMVFRK1o2S2IwUjIyQmRNczhXdW5EUFJQR0tyWG1EWGtW?= =?utf-8?B?ZFplUWlnT1l4dXUyQ1M5V3FDRFBFVGJ5dEJKeHN6WEFPRW5tdG5qT2pDbW5u?= =?utf-8?B?ZTJZM2NpKzJqOVF0MSt6SVYyaFc0bEtCWlE0ZFh3UEpjM09Vei94N3JLK0tD?= =?utf-8?B?V1E5RzMrbk41WVVPcjZyK2haSFN3K3pOeU9abFJNalU5U2k5VlF6SWQ1cnBa?= =?utf-8?B?UFZXa29McHloSm5FUktEUkV3U2U3TWVNU2dOQ3pDaElLSC8vVWljWmIwRzhC?= =?utf-8?B?dU5URG5CRmNla2xqUjMyS0FyWGxGNUlQUFlTRktVaVJGK1MzMDI5bWJPcEtX?= =?utf-8?B?aURmWVp3b2NJZkw3OGI4Z09uTnpxbHpQSWkrTkU0Y3llVG5EN1FHcDJETzVa?= =?utf-8?B?K21qS1h0QVZNcktuZHNLV0l4S2hMZFE1TVRnMTRnWGYreGpKVmZzby9aMFFG?= =?utf-8?B?bmg0akdhWStxUm9IVWlKSXhVdkxBZjhTMmM4elFkampkZVg0emNDRGJ6aGov?= =?utf-8?B?eUdacHBDcC83MHI3Ujh6V2JvSnZ3Vy9ZaERXTXY0K2FNUjRsL0lsMFdkU3RX?= =?utf-8?B?azE0b2l0NEpZanFqeGh4WDhEVEtHVWF6eFZhai9wR2pxQndYTktvRHRkeHNU?= =?utf-8?B?QUU1Ly9ac0tGWGljMXNCajBYTDMxUnIyMCs4TEFwaDBkWVR4dTk4ZERpTGVD?= =?utf-8?B?VW5KV3BaVVdvOWtnalcvcTg3V2NOelNuWlMybjJvZjlvREM2TUQ2NDZZWDBp?= =?utf-8?B?U3Bibm1uVXJqNlc2S3dVdkdxKzJJTWkvV09pT0VmN2tEL0lhTVFnUCtzQjNh?= =?utf-8?B?RE5XQ1YyelRkTExpMGcydUpybE5PUnE2V08zZHEvMmlXNEJGMVpROVBiM0kr?= =?utf-8?B?VzhKNkx2ZERRZVdqcVJlTlhhOWdSdFk4eFZ0NE92aks4T09wcGFPaEF4Ly9n?= =?utf-8?B?MzFmS1JwRWdLV05TL1E5ejNqamN5THpKN3FDVlNOWFpuZTJ1UDBWckNQUEt6?= =?utf-8?B?ZE1peWpFQXZlUWlkVUJjRmU1dDViMkk4VG5JYnhqaHYyQ0E9PQ==?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR03MB10456.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?bk1CWHIxM1NZMnNyZzE2b3dYUUw2MFZDMUpGOE1CclY0aHkvMHJBVnJlclNi?= =?utf-8?B?YlpGMGRkZDVPY3pxSnFRWVZlR3JyMkhDNFpHUVlVVkFITjdwV0R3NHZxbzds?= =?utf-8?B?TWNiajRrczNkY21TUTA5M0ZMbmpPMkhsa2l0M2J1RmdUSnVFaFNuT1B5dWNH?= =?utf-8?B?WU45YVdSaDM2NC8rLzR0cHNPc25HblY3TCtCWUdxWkwvbHFIaXcrWUlEb3dn?= =?utf-8?B?S1VzNzdGUUtDWWVwbUJja2hkSnlxRE1iNFlaNkZOY1IvaGVkbEFkZy9WV2hu?= =?utf-8?B?QitXZ1F1NHZmaVZqbTM1d3ZGVExLVnB2bG9rUHFzNG9CYWV0L25weTVEem9W?= =?utf-8?B?amIwWW4wM1VDb1pvWmwxMkVTYWlROElsZExJeTNqYTd1YmxwZ2tWbnU2RmxP?= =?utf-8?B?ekRyVk9vSGdEcVJzOHpZVzFCalF0aVJLbjFqVmtKYzJWd2JjR0RxSm92Q29S?= =?utf-8?B?bjllWUF6MldPKzhyaWV0N05jR0k3d01TRGx1TG1UM1dOVGJHSlJ4eUowT2Fw?= =?utf-8?B?QnIyeFMvTkVBYXE4OFI4aktkNEFrQVhTOHpLa3FqS2crZzB3eTNjMjRacXp1?= =?utf-8?B?b203TXhYcDQ5UURESE1OSFVwTVNTVkF1MStFSVQ3aTBuMzZpUXo2VHdOckRn?= =?utf-8?B?ZXFNMC9selQ4UlpqQVN0ZlFNNDlvV3piazB5Y0xCQVBHVEhkeU5BNGdRVnEv?= =?utf-8?B?cDlQbkpxNEd3Q0xjK1lqNmZ1TzhjYnhjWWlZRTVZTTNRRjZpUVoxR05OWlEw?= =?utf-8?B?azc0RlpxVXlsVXgvcGdFemlMc2RZY0poQzRra0J2emwxU0tyS2h0WnpJUnRW?= =?utf-8?B?dEJ2TnB3MHhOdVAvZTBoaDQ5blFQZk14WjY3QzhDd0Zxa3NPb2JwaThXeXRr?= =?utf-8?B?bXJ4RUFNQm5Ca1c0QkFmVzJhUWd4ODV3MkM0RDN0YXhrMjlEMXh3L3VVWUN4?= =?utf-8?B?VTlHMEJGL05haFhuam1WdXYzc0s2N0ZsZlhOOFFqRGJ2UDcwdEpBY2RJeHVT?= =?utf-8?B?aEViWlR1c2lTNXJ5SnBJS3IxUDhtTGpsUzVGZElWM0JKNytXZ3Z1ZGI1NG15?= =?utf-8?B?WUt0SW1WQVE3RTZlSE9rREV0TXREckFMZVhpUGZsbkRvVVo3ZG9PODFhRG5M?= =?utf-8?B?QkloL2k0dThHOWJYRHZGVkk0QjJyeG4zNFVwUUVWZmRHM2RZeFFieTAyS1NM?= =?utf-8?B?ZThFWmFzbXFFVzdMVHZnQWR6NXV6ZnN5RWZLWXJPZG1ZNkhvVjc5d1J5c0FN?= =?utf-8?B?L1B0RGN1cTIwa3R2VzlHZ0VGQmdSWW9qc1JrRWhjQVNEZkwzTWJ0VVRQZzJH?= =?utf-8?B?VFVtcmFFUFhMY29xK1p3MmwzYnBMVG9iNmxWbmR3TE84T2pwSHc0S3k4MXRK?= =?utf-8?B?RG00all5ZXowQXE5blVIUjJWWW02cnExZU04d2hxUUR3VE5TMFpVY1M5cVVQ?= =?utf-8?B?SVhlOU1GTGI3RVRWUkl2R3k3WW02ZEg1UzBXV1I1eHF0b214VVBGZlBQKzN1?= =?utf-8?B?eDVhdmJycXVGbWNIc1FLeGlPaTBvN0dWNVo5aER4Z2pTeklLZ29XQWJCL2tt?= =?utf-8?B?dXRybW1TZVJOUTFHckIzRlRpakI0K3FPSlB4NWl0ZzVjRlhITHUyQzlhZmhU?= =?utf-8?B?SUtWbHh4MG1sdmtucWphMUFBYkpjMWEyczQvOHl3UnFSamVTNFVBSHNmdElQ?= =?utf-8?B?UmRGclU3T29CbzU4OEwyRWxjVDg0N3JRaXM5bTkrc1pwdm9hakduenl0OS9w?= =?utf-8?B?N2Nza1pyeTRjS0lBS3FoaW41TERmZ1JEaWpSaVRlRnFHajM2N0FkTjE2YVpr?= =?utf-8?B?akd0MnJqcTRXWVJBN2ZMTUw2V1dlQURVZ3dJcjBRdmxZRVNLWFhybnVDZFBx?= =?utf-8?B?V3l0ZXltT0FYRlp6aytQNVVUb3BtNms1VTFnMm1VemhLZ0h4bVc5UkdOYXJY?= =?utf-8?B?bEtRYjRoVll5dGN4VS9lMXhaKzdFUnR3L0J6cmJMMjJ5dDNxMkJTTlhHSFVN?= =?utf-8?B?Zm03L0IvQUVsMmMraXNZakhuVHdMdTU0M2tVRkEzSEJweE5TMDVuZkNmUGNi?= =?utf-8?B?bG92QmtKRTFPMUZHSEk1WFIrd3dzSFMzeEYzbzd5UEFZN3R5VXh6ZDZxcWdZ?= =?utf-8?B?WFUzUVJjc1NrWmpNVFZOMFUzd2RPblYxcE85RXlRZkdFeHpydUZCcm1JalB2?= =?utf-8?B?R2c9PQ==?= Content-Type: text/plain; charset="utf-8" Content-ID: <549BB8EE78CD0E44856ABAF33634CF3D@eurprd03.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: GV1PR03MB10456.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52bfae58-3baa-4e48-f333-08dd19882730 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Dec 2024 02:04:30.6083 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: und5uM0Y6qfmy3kFhAOaLA9gHjBVUXlMDrlOS+vGfshN3Oq4ZaX+4xv7sbS8L4ooynsDL9zxC7aB33VeiLtD7EqLE87kLpWA7qV0Pg0r9/Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB9365 X-ZohoMail-DKIM: pass (identity @epam.com) X-ZM-MESSAGEID: 1733882707516116600 Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This patch makes general preparations to enable this feature on different supported architectures: - Added CONFIG_HAS_STACK_PROTECTOR option so each architecture can enable this feature individually - Added user-selectable CONFIG_STACK_PROTECTOR option - Implemented code that sets up random stack canary and a basic handler for stack protector failures Stack guard value is initialized in three phases: 1. Pre-defined randomly-selected value. 2. Early use of linear congruent random number generator. It relies on get_cycles() being available very early. If get_cycles() returns zero, it would leave pre-defined value from the previous step. Even when get_cycles() is available, it's return value may be easily predicted, especially on embedded systems, where boot time is quite consistent. 3. After hypervisor is sufficiently initialized, stack guard can be set-up with get_random() function, which is expected to provide better randomness. Also this patch adds comment to asm-generic/random.h about stack protector dependency on it. Signed-off-by: Volodymyr Babchuk --- Changes in v3: - Fixed coding style in stack-protector.h - Extended panic() message - Included missed random.h - Renamed Kconfig option - Used Andrew's suggestion for the Kconfig help text - Added "asmlinkage" attribute to __stack_chk_fail() to make Eclair happy - Initial stack guard value is random - Added LCG to generate stack guard value at early boot stages - Added comment to asm-generic/random.h about dependencies - Extended the commit message Changes in v2: - Moved changes to EMBEDDED_EXTRA_CFLAGS into separate patch - Renamed stack_protector.c to stack-protector.c - Renamed stack_protector.h to stack-protector.h - Removed #ifdef CONFIG_X86 in stack-protector.h - Updated comment in stack-protector.h (also, we can't call boot_stack_chk_guard_setup() from asm code in general case, because it calls get_random() and get_random() may depend in per_cpu infrastructure, which is initialized later) - Fixed coding style - Moved CONFIG_STACK_PROTECTOR into newly added "Compiler options" submenu - Marked __stack_chk_guard as __ro_after_init --- xen/Makefile | 4 +++ xen/common/Kconfig | 15 ++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 47 +++++++++++++++++++++++++++++++ xen/include/asm-generic/random.h | 5 ++++ xen/include/xen/stack-protector.h | 30 ++++++++++++++++++++ 6 files changed, 102 insertions(+) create mode 100644 xen/common/stack-protector.c create mode 100644 xen/include/xen/stack-protector.h diff --git a/xen/Makefile b/xen/Makefile index 34ed8c0fc7..0de0101fd0 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -432,7 +432,11 @@ else CFLAGS_UBSAN :=3D endif =20 +ifeq ($(CONFIG_STACK_PROTECTOR),y) +CFLAGS +=3D -fstack-protector +else CFLAGS +=3D -fno-stack-protector +endif =20 ifeq ($(CONFIG_LTO),y) CFLAGS +=3D -flto diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 90268d9249..5676339a66 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -86,6 +86,9 @@ config HAS_UBSAN config HAS_VMAP bool =20 +config HAS_STACK_PROTECTOR + bool + config MEM_ACCESS_ALWAYS_ON bool =20 @@ -213,6 +216,18 @@ config SPECULATIVE_HARDEN_LOCK =20 endmenu =20 +menu "Compiler options" + +config STACK_PROTECTOR + bool "Stack protector" + depends on HAS_STACK_PROTECTOR + help + Enable the Stack Protector compiler hardening option. This inserts a + canary value in the stack frame of functions, and performs an integrity + check on exit. + +endmenu + config DIT_DEFAULT bool "Data Independent Timing default" depends on HAS_DIT diff --git a/xen/common/Makefile b/xen/common/Makefile index b279b09bfb..ceb5b2f32b 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -45,6 +45,7 @@ obj-y +=3D shutdown.o obj-y +=3D softirq.o obj-y +=3D smp.o obj-y +=3D spinlock.o +obj-$(CONFIG_STACK_PROTECTOR) +=3D stack-protector.o obj-y +=3D stop_machine.o obj-y +=3D symbols.o obj-y +=3D tasklet.o diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c new file mode 100644 index 0000000000..922511555f --- /dev/null +++ b/xen/common/stack-protector.c @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include +#include +#include + +/* + * Initial value is chosen by a fair dice roll. + * It will be updated during boot process. + */ +#if BITS_PER_LONG =3D=3D 32 +unsigned long __ro_after_init __stack_chk_guard =3D 0xdd2cc927UL; +#else +unsigned long __ro_after_init __stack_chk_guard =3D 0x2d853605a4d9a09cUL; +#endif + +/* This function should be called from ASM only */ +void __init asmlinkage boot_stack_chk_guard_setup_early(void) +{ + /* + * Linear congruent generator (X_n+1 =3D X_n * a + c). + * + * Constant is taken from "Tables Of Linear Congruential + * Generators Of Different Sizes And Good Lattice Structure" by + * Pierre L=E2=80=99Ecuyer. + */ +#if BITS_PER_LONG =3D=3D 32 + const unsigned long a =3D 2891336453UL; +#else + const unsigned long a =3D 2862933555777941757UL; +#endif + const unsigned long c =3D 1; + + unsigned long cycles =3D get_cycles(); + + /* Use the initial value if we can't generate random one */ + if ( !cycles ) + return; + + __stack_chk_guard =3D cycles * a + c; +} + +void asmlinkage __stack_chk_fail(void) +{ + panic("Stack Protector integrity violation identified in %ps\n", + __builtin_return_address(0)); +} diff --git a/xen/include/asm-generic/random.h b/xen/include/asm-generic/ran= dom.h index d0d35dd217..7f6d8790c4 100644 --- a/xen/include/asm-generic/random.h +++ b/xen/include/asm-generic/random.h @@ -2,6 +2,11 @@ #ifndef __ASM_GENERIC_RANDOM_H__ #define __ASM_GENERIC_RANDOM_H__ =20 +/* + * When implementing arch_get_random(), please make sure that + * it can provide random data before stack protector is initialized + * (i.e. before boot_stack_chk_guard_setup() is called). + */ static inline unsigned int arch_get_random(void) { return 0; diff --git a/xen/include/xen/stack-protector.h b/xen/include/xen/stack-prot= ector.h new file mode 100644 index 0000000000..bd324d9003 --- /dev/null +++ b/xen/include/xen/stack-protector.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef XEN__STACK_PROTECTOR_H +#define XEN__STACK_PROTECTOR_H + +#ifdef CONFIG_STACK_PROTECTOR + +#include + +extern unsigned long __stack_chk_guard; + +/* + * This function should be always inlined. Also it should be called + * from a function that never returns or a function that has + * stack-protector disabled. + */ +static always_inline void boot_stack_chk_guard_setup(void) +{ + __stack_chk_guard =3D get_random(); + if (BITS_PER_LONG =3D=3D 64) + __stack_chk_guard |=3D ((unsigned long)get_random()) << 32; +} + +#else + +static inline void boot_stack_chk_guard_setup(void) {} + +#endif /* CONFIG_STACK_PROTECTOR */ + +#endif /* XEN__STACK_PROTECTOR_H */ --=20 2.47.1