[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/3] Add stack protector
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Date: Fri, 22 Nov 2024 21:07:29 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SMx/mwcK5hU6KcgFvnAc6iQo9AVCd9WSH/e8jGDjjvY=; b=mUpXtnfBajurR1r/njEq70+wdI8R8qNx2GeVWePeZHGVFrVzpWZVIv6Qh0FwBdJz6saU0DMNHqFZNPhWPXxHhLzRrpZBBI45Mk+HD5Z8ZxhiQQVOWc/whDbl0uHzwAoQadFVnpIrpWsLwcxHnrOEqsDXRpOWAT5/mxwLjh+YtOYoj0MIuVsUPrmb1u8fhhe5FrDXD9f6nj7rW3jHtBAcDM2ttyQN6e3K7omHC9R2Yk+fIY/sJt9KvqZnEZSyrE618KpW3yNCCTe9qesJvJxpOxbI2bdXgiChv52gQQnGCQMnGm7s6CU0Qd3gOLm4H+WqOUFndtxbE5k7hNjlkBAGmw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dkP2TPxSWigLeV6ImjKyUswMrA88KogGfDnUdcKvcTU0aE0gp81+LjLZQuwJ0AEMIdP1zlR9l8XCx16q+W1ApGRL0cEunxSQ8kZjQWWZ/kJe5HU+PTq+pjzok2ly2a9/sVMQg6ZJ7Nex061uo7di3vNhjk1wwLzA1wQqmqs8N86ZPGYrL5A3bclQN60fo//e7GXyTElFs1a1LGp5ewJvc5+G2DN8ZK+2hq9n8VWT/CcG23v4K2P7bceXf488K7xc7Wz2KxLlhPF2+vtM0knYfbgIpYWd0JhvNR5AsUuNZONjbBuRCS15Dt2Ec6NEZoseEmfDPWfK0L94aTbc+p+UiQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Bob Eshleman <bobbyeshleman@xxxxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
- Delivery-date: Fri, 22 Nov 2024 21:07:56 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHbPSKJvmf4+DJbxEu3vjqcFnhN7Q==
- Thread-topic: [PATCH 0/3] Add stack protector
Both GCC and Clang support -fstack-protector feature, which add stack
canaries to functions where stack corruption is possible. This series
makes possible to use this feature in Xen. I tested this on ARM64 and
it is working as intended. Tested both with GCC and Clang.
My aim was to enable it on x86 also, but it appears that on x86 GCC
stores canary value in TLS, exactly at fs:40, which is hardcoded. As
Xen does not setup fs register for itself, any attempt to enable stack
protector leads to paging abort.
I also tested build-ability for RISCV platform, but didn't tested that
it does not break anything, so we will need RISCV maintainer's
approval.
Volodymyr Babchuk (3):
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
xen: riscv: enable stack protector feature
Config.mk | 2 +-
stubdom/Makefile | 2 ++
tools/firmware/Rules.mk | 2 ++
tools/tests/x86_emulator/testcase.mk | 2 ++
xen/Makefile | 6 ++++++
xen/arch/arm/Kconfig | 1 +
xen/arch/arm/setup.c | 3 +++
xen/arch/riscv/Kconfig | 1 +
xen/arch/riscv/setup.c | 3 +++
xen/common/Kconfig | 13 ++++++++++++
xen/common/Makefile | 1 +
xen/common/stack_protector.c | 16 +++++++++++++++
xen/include/xen/stack_protector.h | 30 ++++++++++++++++++++++++++++
13 files changed, 81 insertions(+), 1 deletion(-)
create mode 100644 xen/common/stack_protector.c
create mode 100644 xen/include/xen/stack_protector.h
--
2.47.0
|
