Both GCC and Clang support -fstack-protector feature, which add stack
canaries to functions where stack corruption is possible. This series
makes possible to use this feature in Xen. I tested this on ARM64 and
it is working as intended. Tested both with GCC and Clang.
It is hard to enable this feature on x86, as GCC stores stack canary
in %fs:40 by default, but Xen can't use %fs for various reasons. It is
possibly to change stack canary location new newer GCC versions, but
attempt to do this uncovered a whole host problems with GNU ld.
So, this series focus mostly on ARM.
Changes in v4:
- Added patch to CHANGELOG.md
- Removed stack-protector.h because we dropped support for
Xen's built-in RNG code and rely only on own implementation
- Changes in individual patches are covered in their respect commit
messages
Changes in v3:
- Removed patch for riscv
- Changes in individual patches are covered in their respect commit
messages
Changes in v2:
- Patch "xen: common: add ability to enable stack protector" was
divided into two patches.
- Rebase onto Andrew's patch that removes -fno-stack-protector-all
- Tested on RISC-V thanks to Oleksii Kurochko
- Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (4):
common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
CHANGELOG.md: Mention stack-protector feature
CHANGELOG.md | 1 +
Config.mk | 2 +-
stubdom/Makefile | 2 ++
tools/firmware/Rules.mk | 2 ++
tools/tests/x86_emulator/testcase.mk | 2 +-
xen/Makefile | 6 ++++
xen/arch/arm/Kconfig | 1 +
xen/arch/arm/arm64/head.S | 3 ++
xen/arch/x86/boot/Makefile | 1 +
xen/common/Kconfig | 15 ++++++++
xen/common/Makefile | 1 +
xen/common/stack-protector.c | 51 ++++++++++++++++++++++++++++
12 files changed, 85 insertions(+), 2 deletions(-)
create mode 100644 xen/common/stack-protector.c
--
2.47.1