xen: arm: enable stack protector feature

Enable previously added CONFIG_STACK_PROTECTOR feature for ARM
platform. Initialize stack protector magic value very early, at the
very beginning of start_xen() function.

We want to do this early because prior to that
boot_stack_chk_guard_setup() call, default stack protector guard value
is used. While it is fine for general development and testing, it does
not provide highest security level, because potential attacker will
know the default value and can alter a payload, so correct stack
guard value will be placed in the correct position.

Apart from that argument, boot_stack_chk_guard_setup() should be
called prior to enabling secondary CPUs to avoid race with them.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Julien Grall <jgrall@amazon.com>

diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig
index 565f28833118c617484d5421c84330283c0a81ba..da8a406f5a6af972318b959786e8f8772e46c974 100644 (file)
--- a/xen/arch/arm/Kconfig
+++ b/xen/arch/arm/Kconfig
@@ -15,6 +15,7 @@ config ARM
        select GENERIC_UART_INIT
        select HAS_ALTERNATIVE if HAS_VMAP
        select HAS_DEVICE_TREE
+       select HAS_STACK_PROTECTOR
        select HAS_UBSAN
 
 config ARCH_DEFCONFIG

diff --git a/xen/arch/arm/setup.c b/xen/arch/arm/setup.c
index bf39d41e9be2e4397aec0ca650c1536c5e9e4275..07703a15e1608ab6f220a9eafce8cd8bb4bcf8c0 100644 (file)
--- a/xen/arch/arm/setup.c
+++ b/xen/arch/arm/setup.c
@@ -30,6 +30,7 @@
 #include <xen/virtual_region.h>
 #include <xen/version.h>
 #include <xen/vmap.h>
+#include <xen/stack-protector.h>
 #include <xen/trace.h>
 #include <xen/libfdt/libfdt-xen.h>
 #include <xen/acpi.h>
@@ -306,6 +307,8 @@ void asmlinkage __init start_xen(unsigned long fdt_paddr)
     struct domain *d;
     int rc, i;
 
+    boot_stack_chk_guard_setup();
+
     dcache_line_bytes = read_dcache_line_bytes();
 
     percpu_init_areas();