Xen project Mailing List

Re: [PATCH 0/3] Stack checking on Arm

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Mon, 29 Jul 2024 14:37:34 -0700 (PDT)

Cc: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, George Dunlap <gwd@xxxxxxxxxxxxxx>

Delivery-date: Mon, 29 Jul 2024 21:37:54 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, 29 Jul 2024, Julien Grall wrote: > Hi, > > On 29/07/2024 15:24, Stewart Hildebrand wrote: > > This series introduces stack check instrumentation on Arm. This is > > helpful for safety certification efforts. I'm sending this in an RFC > > state because I wanted to gather opinions on the approach of using > > -finstrument-functions. > > This looks ok for an initial approach. I wonder if longer term we want to > implement stack guards on Arm. We would need to allocate an extra "virtual" > page per stack that would be unmapped. > > The advantage is this could be used also in production and doesn't rely on any > support from the processor. > > Any thoughts? I think we need both. We should implement stack guards on Arm. In addition, it is also beneficial to have -finstrument-functions for profiling, debugging, and also so that we can retrieve detailed call graphs from execution runs. As an example, -finstrument-functions can help with offline analysis to prove that we don't have unbounded recursion, on both arm and x86 too. On the other hand, stack guards help with protecting the stack in production.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.