Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This series makes possible to use this feature in Xen. I tested this on ARM64 and it is working as intended. Tested both with GCC and Clang.
My aim was to enable it on x86 also, but it appears that on x86 GCC stores canary value in TLS, exactly at fs:40, which is hardcoded. As Xen does not setup fs register for itself, any attempt to enable stack protector leads to paging abort. I also tested build-ability for RISCV platform, but didn't tested that it does not break anything, so we will need RISCV maintainer's approval. Volodymyr Babchuk (3): xen: common: add ability to enable stack protector xen: arm: enable stack protector feature xen: riscv: enable stack protector feature Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 ++ xen/Makefile | 6 ++++++ xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ xen/arch/riscv/Kconfig | 1 + xen/arch/riscv/setup.c | 3 +++ xen/common/Kconfig | 13 ++++++++++++ xen/common/Makefile | 1 + xen/common/stack_protector.c | 16 +++++++++++++++ xen/include/xen/stack_protector.h | 30 ++++++++++++++++++++++++++++ 13 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 xen/common/stack_protector.c create mode 100644 xen/include/xen/stack_protector.h -- 2.47.0
