On 12.12.2024 01:13, Volodymyr Babchuk wrote: > Jan Beulich <jbeul...@suse.com> writes: >> On 11.12.2024 03:04, Volodymyr Babchuk wrote: >>> Both GCC and Clang support -fstack-protector feature, which add stack >>> canaries to functions where stack corruption is possible. This series >>> makes possible to use this feature in Xen. I tested this on ARM64 and >>> it is working as intended. Tested both with GCC and Clang. >>> >>> It is hard to enable this feature on x86, as GCC stores stack canary >>> in %fs:40 by default, but Xen can't use %fs for various reasons. It is >>> possibly to change stack canary location new newer GCC versions, but >>> this will change minimal GCC requirement, which is also hard due to >>> various reasons. So, this series focus mostly on ARM and RISCV. >> >> Why exactly would it not be possible to offer the feature when new enough >> gcc is in use? > > It is possible to use this feature with a modern enough GCC, yes. Are > you suggesting to make HAS_STACK_PROTECTOR dependent on GCC_VERSION for > x86 platform?
Only kind of. I remain yet to be convinced (or formally outvoted) on such wanting to live in (only) Kconfig. I actually proposed a hybrid model [1]. But yes - some time of build time dependency. Jan [1] https://lists.xen.org/archives/html/xen-devel/2022-09/msg01793.html
