Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This series makes possible to use this feature in Xen. I tested this on ARM64 and it is working as intended. Tested both with GCC and Clang.
It is hard to enable this feature on x86, as GCC stores stack canary in %fs:40 by default, but Xen can't use %fs for various reasons. It is possibly to change stack canary location new newer GCC versions, but this will change minimal GCC requirement, which is also hard due to various reasons. So, this series focus mostly on ARM and RISCV. Changes in v2: - Patch "xen: common: add ability to enable stack protector" was divided into two patches. - Rebase onto Andrew's patch that removes -fno-stack-protector-all - Tested on RISC-V thanks to Oleksii Kurochko - Changes in individual patches covered in their respect commit messages Volodymyr Babchuk (4): common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS xen: common: add ability to enable stack protector xen: arm: enable stack protector feature xen: riscv: enable stack protector feature Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 ++ xen/Makefile | 6 ++++++ xen/arch/arm/Kconfig | 1 + xen/arch/arm/setup.c | 3 +++ xen/arch/riscv/Kconfig | 1 + xen/arch/riscv/setup.c | 3 +++ xen/common/Kconfig | 17 ++++++++++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 10 ++++++++++ xen/include/xen/stack-protector.h | 29 ++++++++++++++++++++++++++++ 13 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 xen/common/stack-protector.c create mode 100644 xen/include/xen/stack-protector.h -- 2.47.1
