Xen project Mailing List

Re: [PATCH 1/3] xen: common: add ability to enable stack protector

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Tue, 26 Nov 2024 11:33:20 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BONro44LvlcrQMnwueHeP4LdW0F6v65BUBjlsnzObLs=; b=qqkRtW92XuYS1ScqfVz+oSdx2rebBnW2ykb9zV8M52j5o8PxAsr8eteU95GkSg90GZAzvMcuaC+AY5i8LHc9VIL1kDOT+17jPIVGShKV3aRirYD9fEBriEx6jitcrmlTntyA6CIPrdD4uLZtUS71Bgi30ENzTheLZwFjdKxulJx/qmas//jA2aU6oSn58U2UafZZEpVkSFZ3sfpFH+WQx+dtK7Dt8kVmUgxBDxvMnTbtwu3gBHbvgpHAi9OCD+fccBgQRLLynd2/jNpIqetNDmPYaDPT/jCC60aTgz4CD9aQyj0kz12Bh1a3Sq5VvGYfrSLKJy59sBIeWrTvG2Mw8A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UtSVSopLYl6Q1isZ+eFqHaQsquY+lx5wjVB0hMNWBJpR7hRC8YM6EDO4+/lJUnn0cGF1/DeBkCdJyt9duIUqUqw8eyZmnnMOXgbcDskw3/bW7iBs841qSmL9g4BAmaH6AKuQ8/Mol6CnwfhgIxcBl4tz7iQEYjLWk2GScaluPdM6AQ5QLEHp3nl8eDTlvzIkyvwoFT5YtLXhq1covVlVXsNsHiyFKDG+X1/bowXAywbW5yIth4d4Kr8yBmrmccw3ZBAxatLM1d18D9EHZVuC3K9RxYgKcv2oIH38aXa+kj6//H0x9AGQTuBGA8lI5qGiGqYWM/MhQZDZjlcdpl1IAw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 26 Nov 2024 11:33:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHbPSKKCRg4722UIUuMGLA9PEEyZg==

Thread-topic: [PATCH 1/3] xen: common: add ability to enable stack protector

Hi Julien, Julien Grall <julien@xxxxxxx> writes: > Hi, > > Hi Volodymyr, > > On 22/11/2024 21:07, Volodymyr Babchuk wrote: >> diff --git a/xen/include/xen/stack_protector.h >> b/xen/include/xen/stack_protector.h >> new file mode 100644 >> index 0000000000..97f1eb5ac0 >> --- /dev/null >> +++ b/xen/include/xen/stack_protector.h >> @@ -0,0 +1,30 @@ >> +/* SPDX-License-Identifier: GPL-2.0-only */ >> + >> +#ifndef XEN__STACK_PROTECTOR_H >> +#define XEN__STACK_PROTECTOR_H >> + >> +#ifdef CONFIG_STACKPROTECTOR >> + >> +#ifndef CONFIG_X86 >> +extern unsigned long __stack_chk_guard; > > Is this variable meant to change after boot? If not, then can you tag > it with __ro_after_init? > No, changing it after boot will lead to a random panic. So yes, it is good idea to make it RO. -- WBR, Volodymyr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.