Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. Initialize stack protector very early, at the very beginning
of start_xen() function.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

---

Changes in v5:

 - Call boot_stack_chk_guard_setup() from start_xen()
   instead of early ASM
---
 xen/arch/arm/Kconfig | 1 +
 xen/arch/arm/setup.c | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index a26d3e1182..8f1a3c7d74 100644
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -16,6 +16,7 @@ config ARM
 	select GENERIC_UART_INIT
 	select HAS_ALTERNATIVE if HAS_VMAP
 	select HAS_DEVICE_TREE
+	select HAS_STACK_PROTECTOR
 	select HAS_UBSAN
 
 config ARCH_DEFCONFIG
diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index c1f2d1b89d..0dca691207 100644
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -30,6 +30,7 @@
 #include <xen/virtual_region.h>
 #include <xen/version.h>
 #include <xen/vmap.h>
+#include <xen/stack-protector.h>
 #include <xen/trace.h>
 #include <xen/libfdt/libfdt-xen.h>
 #include <xen/acpi.h>
@@ -305,6 +306,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
     struct domain *d;
     int rc, i;
 
+    boot_stack_chk_guard_setup();
+
     dcache_line_bytes = read_dcache_line_bytes();
 
     percpu_init_areas();
-- 
2.47.1

Hi Volodymyr,

On 13/02/2025 22:00, Volodymyr Babchuk wrote:
> Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
> platform. Initialize stack protector very early, at the very beginning
> of start_xen() function.

It would be worth explaining why this needs to be called very early 
given we have a default stack guard value. AFAIK, the only requirement 
is to have this enabled before we bring up any secondary CPUs.

This would be useful information if we decide to re-order the init code.

> 
> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

With the remark above:

Acked-by: Julien Grall <jgrall@amazon.com>

Cheers,

-- 
Julien Grall