Both GCC and Clang support -fstack-protector feature, which add stack canaries to functions where stack corruption is possible. This series makes possible to use this feature in Xen. I tested this on ARM64 and it is working as intended. Tested both with GCC and Clang.
It is hard to enable this feature on x86, as GCC stores stack canary in %fs:40 by default, but Xen can't use %fs for various reasons. It is possibly to change stack canary location new newer GCC versions, but attempt to do this uncovered a whole host problems with GNU ld. So, this series focus mostly on ARM. Changes in v4: - Added patch to CHANGELOG.md - Removed stack-protector.h because we dropped support for Xen's built-in RNG code and rely only on own implementation - Changes in individual patches are covered in their respect commit messages Changes in v3: - Removed patch for riscv - Changes in individual patches are covered in their respect commit messages Changes in v2: - Patch "xen: common: add ability to enable stack protector" was divided into two patches. - Rebase onto Andrew's patch that removes -fno-stack-protector-all - Tested on RISC-V thanks to Oleksii Kurochko - Changes in individual patches covered in their respect commit messages Volodymyr Babchuk (4): common: remove -fno-stack-protector from EMBEDDED_EXTRA_CFLAGS xen: common: add ability to enable stack protector xen: arm: enable stack protector feature CHANGELOG.md: Mention stack-protector feature CHANGELOG.md | 1 + Config.mk | 2 +- stubdom/Makefile | 2 ++ tools/firmware/Rules.mk | 2 ++ tools/tests/x86_emulator/testcase.mk | 2 +- xen/Makefile | 6 ++++ xen/arch/arm/Kconfig | 1 + xen/arch/arm/arm64/head.S | 3 ++ xen/arch/x86/boot/Makefile | 1 + xen/common/Kconfig | 15 ++++++++ xen/common/Makefile | 1 + xen/common/stack-protector.c | 51 ++++++++++++++++++++++++++++ 12 files changed, 85 insertions(+), 2 deletions(-) create mode 100644 xen/common/stack-protector.c -- 2.47.1
