provide fuzzer log and any crash input data as
artifacts. This crash data can be used later to replay the input to
reproduce the crash.
Signed-off-by: Volodymyr Babchuk
---
This patch is demonstration on how xen fuzzer can be integrated in
CI. With this setup, it can serve as smoke test, because 10
asically tells
fuzzer that test was completed successfully if Dom0 tries to shut
itself (or the whole machine) down.
Signed-off-by: Volodymyr Babchuk
---
Changes in v4:
- Fixed formatting in Kconfig.debug
- Removed spurious change
- Moved libfal-qemu.o in Makefile to the upper position to
:
- Added patch with experimental CI integration
- Severely reworked the main patch (see notes in the patch itself)
Volodymyr Babchuk (2):
xen: add libafl-qemu fuzzer support
ci: enable fuzzing for arm64
automation/gitlab-ci/build.yaml| 9 +++
automation/gitlab-ci/test.yaml | 33
rting from version 7 and LLVM/Clang starting from version 11
support -fprofile-update=atomic option, which forces coverage counter
updates to be atomic, which resolves the issue. As Xen runs mostly on
SMP systems, force use this option if it is supported by a compiler.
Signed-off-by: Volodym
GCC 15 (with commit "Add prime path coverage to gcc/gcov") added a
new, tenth counter. Reflect this in gcc_4_7.c.
Signed-off-by: Volodymyr Babchuk
---
xen/common/coverage/gcc_4_7.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/xen/common/coverage/gcc_4_7.c b/
rting from version 7 and LLVM/Clang starting from version 11
support -fprofile-update=atomic option, which forces coverage counter
updates to be atomic, which resolves the issue. As Xen runs mostly on
SMP systems, force use this option if it is supported by a compiler.
Signed-off-by: Volodymyr Babchuk
Hi Stefano,
Stefano Stabellini writes:
> On Wed, 7 May 2025, Volodymyr Babchuk wrote:
>> alpine-3.18-gcc-debug-arm64:
>> + extends: .gcc-arm64-build-debug
>> + variables:
>> +CONTAINER: alpine:3.18-arm64v8
>> +EXTRA_XEN_C
in the patch itself)
Volodymyr Babchuk (2):
xen: add libafl-qemu fuzzer support
ci: enable fuzzing for arm64
automation/gitlab-ci/build.yaml| 11
automation/gitlab-ci/test.yaml | 34 ++
docs/hypervisor-guide/fuzzing.rst | 91 ++
xen
asically tells
fuzzer that test was completed successfully if Dom0 tries to shut
itself (or the whole machine) down.
Signed-off-by: Volodymyr Babchuk
---
Changes in v3:
- Added fuzzer.h
- Kconfig entries were reworked to be more generic and support
other fuzzers in the future
- Moved all the c
provide fuzzer log and any crash input data as
artifacts. This crash data can be used later to replay the input to
reproduce the crash.
Signed-off-by: Volodymyr Babchuk
---
This patch is demonstration on how xen fuzzer can be integrated in
CI. With this setup, it can serve as smoke test, because 10
Hi John,
"L, John Preetham (893)" writes:
> Hi Volodymyr,
>
> Thank you once again for the detailed explanation and the helpful resources.
>
> With your guidance, I was able to bring up the XEN hypervisor on the R-Car
> H3e board successfully. I really appreciate your support.
>
I glad that
Jan Beulich writes:
> On 30.04.2025 04:17, Volodymyr Babchuk wrote:
>> Julien Grall writes:
>>>> --- /dev/null
>>>> +++ b/xen/arch/arm/include/asm/libafl_qemu_defs.h
>>>> @@ -0,0 +1,37 @@
>>>
>>> Missing license. Also, is this fil
Hi Julien,
Julien Grall writes:
[...]
>> diff --git a/xen/arch/arm/include/asm/libafl_qemu.h
>> b/xen/arch/arm/include/asm/libafl_qemu.h
>> new file mode 100644
>> index 00..b90cf48b9a
>> --- /dev/null
>> +++ b/xen/arch/arm/include/asm/libafl_qemu.h
>> @@ -0,0 +1,54 @@
>> +#ifndef LI
- opened a GCC bug
- make COV_FLAGS -> cov-flags-y convertion as part of the second patch
Changes in v3:
- Check if gcc accepts -fcondition-coverage
- Clarify why we use do { } loop
- Add Jan's R-b tag for PATCH 1/3
Changes in v2:
- Check for gcc 14, not gcc 14.1
- Reworked irq.c p
10 of LLVM profile data, where MC/DC support was added.
Also, use the opportunity to convert COV_FLAGS to cov-cflags-y, which
reduces amount of ifeqs in Rules.mk. Otherwise this patch had to add
another nesting level with "ifeq ($(CONFIG_CONDITION_COVERAGE),y)".
Signed-off-by: Vo
Hi Jan,
Jan Beulich writes:
> On 07.04.2025 18:46, Volodymyr Babchuk wrote:
>> --- a/xen/Rules.mk
>> +++ b/xen/Rules.mk
>> @@ -31,6 +31,7 @@ CFLAGS-y :=
>> AFLAGS-y :=
>> nocov-y :=
>> noubsan-y :=
>> +cov-flags-y :=
>
> Personally I wou
Stack protector is meant to be enabled on all architectures, but
currently it is tested (and enabled) only on ARM, so mention it in ARM
section.
Signed-off-by: Volodymyr Babchuk
Acked-by: Oleksii Kurochko
---
Changes in v7:
- Moved the change to v4.21
- Added Oleksii's acked-by tag
Ch
to enable stack protector" was
divided into two patches.
- Rebase onto Andrew's patch that removes -fno-stack-protector-all
- Tested on RISC-V thanks to Oleksii Kurochko
- Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (3):
xen: com
, boot_stack_chk_guard_setup() should be
called prior to enabling secondary CPUs to avoid race with them.
Signed-off-by: Volodymyr Babchuk
Acked-by: Julien Grall
---
Changes in v6:
- Expanded the commit message
- Added Julien's A-b tag
Changes in v5:
- Call boot_stack_chk_guard_setup() from start_xen()
in
not called by Xen source code directly, and
only called by compiler-generated code, it does not needed to be
declared separately. So we need separate MISRA deviation for it.
Signed-off-by: Volodymyr Babchuk
---
Changes in v8:
- Code formatting fixes
- Added an explicit MISRA deviation for
convert COV_FLAGS to cov_flags-y, which
reduces amount of ifeqs in Rules.mk. Otherwise this patch had to add
another nesting level with "ifeq ($(CONFIG_CONDITION_COVERAGE),y)".
Signed-off-by: Volodymyr Babchuk
---
Changes in v4:
- Slight formatting fixes
- COV_FLAGS -> cov_flags-y
tive warning due to a
bug [1] in GCC.
Initialize "desc" with NULL to make GCC happy.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119665
Signed-off-by: Volodymyr Babchuk
---
Changes in v4:
- Reverted back to initialing desc, per Jan's request
- Added link to the corre
Hi Anthony,
"Anthony PERARD" writes:
> On Sat, Apr 05, 2025 at 03:30:49AM +0000, Volodymyr Babchuk wrote:
>> --- a/xen/Rules.mk
>> +++ b/xen/Rules.mk
>> @@ -133,18 +133,19 @@ $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)):
>> CFLAGS-y += -DIN
Hi Jan,
Jan Beulich writes:
> On 01.04.2025 03:17, Volodymyr Babchuk wrote:
>> --- a/xen/Kconfig
>> +++ b/xen/Kconfig
>> @@ -41,6 +41,11 @@ config CC_SPLIT_SECTIONS
>> config CC_HAS_UBSAN
>> def_bool $(cc-option,-fsanitize=undefined)
>>
>>
gcc 14 (with patch "Add condition coverage (MC/DC)") introduced 9th
gcov counter. Also this version can call new merge function
__gcov_merge_ior(), so we need a new stub for it.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Jan Beulich
---
Changes in v3:
- Added Jan's R-b tag
st we can have MC/DC with GCOV.
Changes in v3:
- Check if gcc accepts -fcondition-coverage
- Clarify why we use do { } loop
- Add Jan's R-b tag for PATCH 1/3
Changes in v2:
- Check for gcc 14, not gcc 14.1
- Reworked irq.c patch
Volodymyr Babchuk (3):
xen: gcov: add support for gcc 14
Condition coverage, also known as MC/DC (modified condition/decision
coverage) is a coverage metric that tracks separate outcomes in
boolean expressions.
This patch adds CONFIG_CONDITION_COVERAGE option to enable MC/DC for
GCC. Clang is not supported right now.
Signed-off-by: Volodymyr Babchuk
havior can be observed when building Xen with "-Og"
optimization level. Fix this by using "do { } while" loop instead of
"for" loop.
Signed-off-by: Volodymyr Babchuk
---
Changes in v3:
- Correct code style ("do {")
- Add comment describing why we need d
Condition coverage, also known as MC/DC (modified condition/decision
coverage) is a coverage metric that tracks separate outcomes in
boolean expressions.
This patch adds CONFIG_CONDITION_COVERAGE option to enable MC/DC for
GCC. Clang is not supported right now.
Signed-off-by: Volodymyr Babchuk
st we can have MC/DC with GCOV.
Changes in v2:
- Check for gcc 14, not gcc 14.1
- Reworked irq.c patch
Volodymyr Babchuk (3):
xen: gcov: add support for gcc 14
xen: x86: irq: use do-while loop in create_irq()
xen: debug: gcov: add condition coverage support
xen/Kconfig.debug
gcc 14 (with patch "Add condition coverage (MC/DC)") introduced 9th
gcov counter. Also this version can call new merge function
__gcov_merge_ior(), so we need a new stub for it.
Signed-off-by: Volodymyr Babchuk
---
Changes is v2:
- Check for gcc 14, not gcc 14.1
---
xen/commo
havior can be observed when building Xen with "-Og"
optimization level. Fix this by using "do { } while" loop instead of
"for" loop.
Signed-off-by: Volodymyr Babchuk
---
Changes in v2:
- Use do { } while loop instead of initializing desc with NULL
---
xen/arch/x
Hi Andrew,
Andrew Cooper writes:
> On 27/03/2025 10:03 pm, Volodymyr Babchuk wrote:
>> Hi Jan,
>>
>> Jan Beulich writes:
>>
>>> On 27.03.2025 01:40, Volodymyr Babchuk wrote:
>>>> GCC 14.1 has 9 gcov counters and also can call new merge functio
Hi Stefano,
Stefano Stabellini writes:
> When booting from U-Boot bootefi, there can be a high number of
> neighboring RAM banks. See for example:
>
> (XEN) RAM: - 00bf
> (XEN) RAM: 00c0 - 00c00fff
> (XEN) RAM: 00c01000 - 00d
Hi Jan,
Jan Beulich writes:
> On 27.03.2025 01:40, Volodymyr Babchuk wrote:
>> GCC 14.1 has 9 gcov counters and also can call new merge function
>> __gcov_merge_ior(), so we need a new stub for it.
>>
>> Signed-off-by: Volodymyr Babchuk
>
> As to the title
initialize "desc" with NULL to make GCC happy.
Signed-off-by: Volodymyr Babchuk
---
Attempt to declare "irq" as "unsigned int" didn't changed anything, so
looks like compiler infers unitialized via some other reasoning... And
it is interesting that this issue
s write.
>
> Fix this by changing case 0x3 to default.
>
> Fixes: 08c688ca6422 ("ARM: new VGIC: Add SGIR register handler")
> Signed-off-by: Andrew Cooper
Reviewed-by: Volodymyr Babchuk
> ---
> CC: Stefano Stabellini
> CC: Julien Grall
> CC: Volodymyr Babchuk
Condition coverage, also known as MC/DC (modified condition/decision
coverage) is a coverage metric that tracks separate outcomes in
boolean expressions.
This patch adds CONFIG_CONDITION_COVERAGE option to enable MC/DC for
GCC. Clang is not supported right now.
Signed-off-by: Volodymyr Babchuk
GCC 14.1 has 9 gcov counters and also can call new merge function
__gcov_merge_ior(), so we need a new stub for it.
Signed-off-by: Volodymyr Babchuk
---
xen/common/coverage/gcc_4_7.c | 4 +++-
xen/common/coverage/gcov_base.c | 5 +
2 files changed, 8 insertions(+), 1 deletion(-)
diff
early more work required. But at least we can have MC/DC with GCOV.
Volodymyr Babchuk (3):
xen: gcov: add support for gcc 14.1
xen: x86: irq: initialize irq desc in create_irq()
xen: debug: gcov: add condition coverage support
xen/Kconfig.debug | 9 +
xen/Rules.mk
, boot_stack_chk_guard_setup() should be
called prior to enabling secondary CPUs to avoid race with them.
Signed-off-by: Volodymyr Babchuk
Acked-by: Julien Grall
---
Changes in v6:
- Expanded the commit message
- Added Julien's A-b tag
Changes in v5:
- Call boot_stack_chk_guard_setup() from start_xen()
in
- Rebase onto Andrew's patch that removes -fno-stack-protector-all
- Tested on RISC-V thanks to Oleksii Kurochko
- Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (3):
xen: common: add ability to enable stack protector
xen: arm: enable s
Stack protector is meant to be enabled on all architectures, but
currently it is tested (and enabled) only on ARM, so mention it in ARM
section.
Signed-off-by: Volodymyr Babchuk
Acked-by: Oleksii Kurochko
---
Changes in v7:
- Moved the change to v4.21
- Added Oleksii's acked-by tag
Ch
, caller should ensure that
stack protection code will not be reached. It is possible to call the
same function from ASM code by introducing simple trampoline in
stack-protector.c, but right now there is no use case for such
trampoline.
Signed-off-by: Volodymyr Babchuk
---
Changes in v7
in.
Fixes: 48b84249459f ("xen/vm-event: Drop unused u_domctl parameter from
vm_event_domctl()")
Signed-off-by: Volodymyr Babchuk
---
This issue was found by the xen fuzzer ([1])
[1]
https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babc...@epam.com/
In v2:
- Add
Hi Tamas,
Tamas K Lengyel writes:
> On Mon, Mar 17, 2025 at 7:08 PM Volodymyr Babchuk
> wrote:
>>
>> A privileged domain can issue XEN_DOMCTL_vm_event_op with
>> op->domain == DOMID_INVALID. In this case vm_event_domctl()
>> function will get NULL as the first
in.
Signed-off-by: Volodymyr Babchuk
---
This issue was found by the xen fuzzer ([1])
[1]
https://lore.kernel.org/all/20250315003544.1101488-1-volodymyr_babc...@epam.com/
---
xen/common/vm_event.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/xen/common/vm_event.c b/xen/com
ption
CONFIG_LIBAFL_QEMU_FUZZER_PASS_BLOCKING was added. It basically tells
fuzzer that test was completed successfully if Dom0 tries to shut
itself (or the whole machine) down.
Signed-off-by: Volodymyr Babchuk
---
I tried to fuzz the vGIC emulator and hypercall interface. While vGIC
fuzzing didn't yield any i
, boot_stack_chk_guard_setup() should be
called prior to enabling secondary CPUs to avoid race with them.
Signed-off-by: Volodymyr Babchuk
Acked-by: Julien Grall
---
Changes in v6:
- Expanded the commit message
- Added Julien's A-b tag
Changes in v5:
- Call boot_stack_chk_guard_setup() from start_xen()
in
, caller should ensure that
stack protection code will not be reached. It is possible to call the
same function from ASM code by introducing simple trampoline in
stack-protector.c, but right now there is no use case for such
trampoline.
Signed-off-by: Volodymyr Babchuk
---
Changes in v6
respect commit
messages
Changes in v2:
- Patch "xen: common: add ability to enable stack protector" was
divided into two patches.
- Rebase onto Andrew's patch that removes -fno-stack-protector-all
- Tested on RISC-V thanks to Oleksii Kurochko
- Changes in individual p
This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Jan
Stack protector is meant to be enabled on all architectures, but
currently it is tested (and enabled) only on ARM, so mention it in ARM
section.
Signed-off-by: Volodymyr Babchuk
---
TODO: If this patch will not make into 4.20 - rework it by mentioning
a correct version.
Changes in v6
Hi Julien,
Julien Grall writes:
> Hi Volodymyr,
>
> On 13/02/2025 22:00, Volodymyr Babchuk wrote:
>> diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c
>> new file mode 100644
>> index 00..286753a1b1
>> --- /dev/null
>
Hi Andrew,
Andrew Cooper writes:
> On 13/02/2025 10:00 pm, Volodymyr Babchuk wrote:
>> Volodymyr Babchuk (4):
>> common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
>> xen: common: add ability to enable stack protector
>> xen: arm: ena
Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (4):
common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
CHANGELOG.md: Mention stack-pr
This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Jan
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. Initialize stack protector very early, at the very beginning
of start_xen() function.
Signed-off-by: Volodymyr Babchuk
---
Changes in v5:
- Call boot_stack_chk_guard_setup() from start_xen()
instead of early ASM
Stack protector is meant to be enabled on all architectures, but
currently it is tested (and enabled) only on ARM, so mention it in ARM
section.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Andrew Cooper
---
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG.md b
implementation linear congruent random number generator. It
relies on get_cycles() being available very early. If get_cycles()
returns zero, it would leave pre-defined value from the previous
step.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Andrew Cooper
---
Changes in v5:
- Fixed indentation
: Volodymyr Babchuk
Changes in v2:
- Introduced in v2
---
xen/arch/arm/traps.c | 29 -
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c
index 5338d5c033..3071c38768 100644
--- a/xen/arch/arm/traps.c
+++ b/xen/arch/arm
exception.
Following two patches address both issues.
Volodymyr Babchuk (2):
arch: arm64: always set IL=1 when injecting undefined exception
arch: arm64: always set IL=1 when injecting an abort exception
xen/arch/arm/arm64/vsysreg.c | 10 ++---
xen/arch/arm/include/asm/arm64/tr
: Volodymyr Babchuk
---
Changes in v2:
- Removed unused parameter from p2m_set_way_flush()
---
xen/arch/arm/arm64/vsysreg.c | 10 +-
xen/arch/arm/include/asm/arm64/traps.h | 2 +-
xen/arch/arm/include/asm/p2m.h | 3 +--
xen/arch/arm/include/asm/traps.h | 2 +-
xen
Hi Andrew,
Andrew Cooper writes:
> On 14/01/2025 4:25 am, Volodymyr Babchuk wrote:
>> Volodymyr Babchuk (4):
>> common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
>> xen: common: add ability to enable stack protector
>> xen: arm: ena
: Volodymyr Babchuk
---
xen/arch/arm/arm64/vsysreg.c | 8
xen/arch/arm/include/asm/arm64/traps.h | 2 +-
xen/arch/arm/include/asm/traps.h | 2 +-
xen/arch/arm/p2m.c | 2 +-
xen/arch/arm/traps.c | 24
xen/arch
"L, John Preetham (893)" writes:
Hi John,
> Hi Volodymyr,
>
> Thank you for the detailed suggestions.
> Since I'm new to XEN hypervisor.
>
> I will approach the recommended method.
Yeah, I think this is the best approach if you want get something
working ASAP.
> Could you please let me know wh
Hi John,
Sorry, I hit wrong "reply" button last time. So I'm re-sending this mail
with xen-devel ML included.
"L, John Preetham (893)" writes:
> Dear Xen Community,
>
> I hope this message finds you well.
>
> I am currently working on a project that involves bringing up Xen on the
> Renesas
implementation linear congruent random number generator. It
relies on get_cycles() being available very early. If get_cycles()
returns zero, it would leave pre-defined value from the previous
step.
Signed-off-by: Volodymyr Babchuk
---
Changes in v4:
- Removed third phase of initialization (it was using
ii Kurochko
- Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (4):
common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
CHANGELOG.md: Mentio
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. We initialize stack protector very early, in head.S using
boot_stack_chk_guard_setup. This ensures that all C code from the very
beginning can use stack protector.
Signed-off-by: Volodymyr Babchuk
---
In v4:
- setup.c
This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk
Reviewed-by: Jan
Stack protector is meant to be enabled on all architectures, but
currently it is tested (and enabled) only on ARM, so mention it in ARM
section.
Signed-off-by: Volodymyr Babchuk
---
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8507e6556a
Hello Jan,
Jan Beulich writes:
> On 11.12.2024 03:04, Volodymyr Babchuk wrote:
[...]
>
>> @@ -213,6 +216,18 @@ config SPECULATIVE_HARDEN_LOCK
>>
>> endmenu
>>
>> +menu "Compiler options"
>> +
>> +config STACK_P
Hello Jan,
Jan Beulich writes:
> On 11.12.2024 03:04, Volodymyr Babchuk wrote:
>> Both GCC and Clang support -fstack-protector feature, which add stack
>> canaries to functions where stack corruption is possible. This series
>> makes possible to use this feature in Xen. I
ff-by: Volodymyr Babchuk
---
Changes in v3:
- Fixed coding style in stack-protector.h
- Extended panic() message
- Included missed random.h
- Renamed Kconfig option
- Used Andrew's suggestion for the Kconfig help text
- Added "asmlinkage" attribute to __stack_chk_fail() t
ch that removes -fno-stack-protector-all
- Tested on RISC-V thanks to Oleksii Kurochko
- Changes in individual patches covered in their respect commit
messages
Volodymyr Babchuk (3):
common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
xen: common: add ability to enable stack protecto
stack protector.
We call boot_stack_chk_guard_setup() only after time subsystem was
initialized to make sure that generic random number generator will
be working properly.
Signed-off-by: Volodymyr Babchuk
---
In v3:
- Call boot_stack_chk_guard_setup_early from head.S to ensure
that stack
This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate components (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk
---
Changes in v3
Hi Jan,
Jan Beulich writes:
[...]
>
>> #else
>> const unsigned long a = 2862933555777941757;
>> #endif
>> const unsigned c = 1;
>
> I'm having a hard time seeing why this need to be a static variable. Its
> sole use is ...
It's a constant in a hope that compiler is smart enough to o
Hi Andrew,
Andrew Cooper writes:
> On 03/12/2024 11:16 pm, Julien Grall wrote:
>> On Tue, 3 Dec 2024 at 22:00, Andrew Cooper wrote:
>>> On 30/11/2024 1:10 am, Volodymyr Babchuk wrote:
>>>> diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
>>&g
Hi Andrew,
I addressed almost all your comments, but didn't get this one:
Andrew Cooper writes:
> On 30/11/2024 1:10 am, Volodymyr Babchuk wrote:
[...]
>> diff --git a/xen/common/stack-protector.c b/xen/common/stack-protector.c
>> new file mode 100644
>> in
Hello Oleksii,
oleksii.kuroc...@gmail.com writes:
> On Mon, 2024-12-02 at 09:12 +0100, Jan Beulich wrote:
>> On 30.11.2024 02:10, Volodymyr Babchuk wrote:
>> > Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V
>> > platform. Here we can call boot
enable this feature individually
- Added user-selectable CONFIG_STACK_PROTECTOR option
- Implemented code that sets up random stack canary and a basic
handler for stack protector failures
Signed-off-by: Volodymyr Babchuk
---
Changes in v2:
- Moved changes to EMBEDDED_EXTRA_CFLAGS into
red in their respect commit
messages
Volodymyr Babchuk (4):
common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
xen: riscv: enable stack protector feature
Config.mk
Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V
platform. Here we can call boot_stack_chk_guard_setup() in start_xen()
function, because it never returns, so stack protector code will not
be triggered because of changed canary.
Signed-off-by: Volodymyr Babchuk
Tested-by
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. Here we can call boot_stack_chk_guard_setup() in start_xen()
function, because it never returns, so stack protector code will not
be triggered because of changed canary.
Signed-off-by: Volodymyr Babchuk
---
In v2
This patch is preparation for making stack protector
configurable. First step is to remove -fno-stack-protector flag from
EMBEDDED_EXTRA_CFLAGS so separate projects (Hypervisor in this case)
can enable/disable this feature by themselves.
Signed-off-by: Volodymyr Babchuk
---
Changes in v2
Hi Jan,
Jan Beulich writes:
> On 29.11.2024 02:49, Volodymyr Babchuk wrote:
>> Provide -target and -march explicitly when building with clang. This
>> makes cross-compilation much easier, because clang accept this
>> parameters regardless of host platform. Bas
host platforms, although I tested this only on x86.
[1]
https://patchwork.kernel.org/project/xen-devel/cover/20190327184531.30986-1-julien.gr...@arm.com/
Volodymyr Babchuk (5):
arm: bugframe: emit msg offset only if msg is present
build: add possibility to use LLVM tools
build: arm64: pr
Signed-off-by: Volodymyr Babchuk
---
xen/arch/arm/arm64/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/xen/arch/arm/arm64/Makefile b/xen/arch/arm/arm64/Makefile
index 6491c5350b..af949b8ee6 100644
--- a/xen/arch/arm/arm64/Makefile
+++ b/xen/arch/arm/arm64/Makefile
@@ -18,3 +18,5 @@ obj-$(C
This variable can be used in cases when we need to remove certain
CFLAGS for particular object file. One such case is
-mgeneral-regs-only flags that should be omitted when we are building
an object file that uses not only general registers.
Signed-off-by: Volodymyr Babchuk
---
xen/Rules.mk | 2
any other platform.
-march is required because with default value, clang will not
recognize EL2 registers.
Signed-off-by: Volodymyr Babchuk
---
config/arm64.mk | 4
1 file changed, 4 insertions(+)
diff --git a/config/arm64.mk b/config/arm64.mk
index c4662f67d0..97eb9a82e7 100644
--- a
instead of calculated zero if
there is no error message in a bugframe.
Signed-off-by: Volodymyr Babchuk
---
xen/arch/arm/include/asm/bug.h | 4
1 file changed, 4 insertions(+)
diff --git a/xen/arch/arm/include/asm/bug.h b/xen/arch/arm/include/asm/bug.h
index cacaf014ab..9339e3bbf6 100644
--- a
ix in this case.
Signed-off-by: Volodymyr Babchuk
---
config/GNUCommon.mk | 16
config/Linux.mk | 4
config/StdGNU.mk| 18 +-
config/llvm.mk | 17 +
4 files changed, 38 insertions(+), 17 deletions(-)
create mode 100644 conf
Hi Julien,
Julien Grall writes:
> Hi,
>
> Hi Volodymyr,
>
> On 22/11/2024 21:07, Volodymyr Babchuk wrote:
>> diff --git a/xen/include/xen/stack_protector.h
>> b/xen/include/xen/stack_protector.h
>> new file mode 100644
>> index 00..97f1eb5ac0
&g
Hello Stefano,
Stefano Stabellini writes:
> On Thu, 21 Nov 2024, Volodymyr Babchuk wrote:
>> Hi Stefano,
>>
>> Stefano Stabellini writes:
>>
>> > On Wed, 20 Nov 2024, Volodymyr Babchuk wrote:
>> >> Hi Stefano,
>> >>
>> &
Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. Here we can call boot_stack_chk_guard_setup() in start_xen()
function, because it never returns, so stack protector code will not
be triggered because of changed canary.
Signed-off-by: Volodymyr Babchuk
---
xen/arch/arm
Enable previously added CONFIG_STACK_PROTECTOR feature for RISC-V
platform. Here we can call boot_stack_chk_guard_setup() in start_xen()
function, because it never returns, so stack protector code will not
be triggered because of changed canary.
Signed-off-by: Volodymyr Babchuk
---
I tested
g
- Added CONFIG_HAS_STACK_PROTECTOR option so each architecture
can enable this feature individually
- Added user-selectable CONFIG_STACK_PROTECTOR option
- Implemented code that sets up random stack canary and a basic
handler for stack protector failures
Signed-off-by: Volodymyr Babchuk
---
s not break anything, so we will need RISCV maintainer's
approval.
Volodymyr Babchuk (3):
xen: common: add ability to enable stack protector
xen: arm: enable stack protector feature
xen: riscv: enable stack protector feature
Config.mk| 2 +-
stubdo
1 - 100 of 791 matches
Mail list logo
