From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Christoph Egger" Subject: Re: [PATCH 3/3] Add support for OpenBSD Date: Wed, 18 Oct 2006 09:08:31 +0200 Message-ID: <200610180908.32132.Christoph.Egger@amd.com> References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Boundary-00=_wLdNFe80GU/PA8w" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org --Boundary-00=_wLdNFe80GU/PA8w Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On Wednesday 18 October 2006 17:51, Keir Fraser wrote: > On 17/10/06 15:44, "Christoph Egger" wrote: > > This is the third and last patch. > > > > This patch makes the xen kernel buildable on OpenBSD by adding support > > for ProPolice. ProPolice has been added to standard GCC in version 4.1.x > > under the name Stack Smashing Protection (SSP). > > Gcc 4.1.x works fine for me already (under Linux at least). We specifically > disable stack protection in xen/arch/x86/Rules.mk. The stack protection is not just to improve security. With a stack protection, it is more likely that you find off-by-one bugs like this: void foo(void) { char array[8]; int i; for (i = 0; i <= 8; i++) { array[i] = 0; } ..... } The propolice patch also contained a snippet, which necessary to make the Xen kernel build independ if SSP is disabled or not. I extracted this snippet into a separate patch to fix this build error: gcc -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer -o boot/mkelf32 boot/mkelf32.c boot/mkelf32.c:93:1: "swap16" redefined In file included from /usr/include/machine/endian.h:68, from /usr/include/sys/types.h:45, from /usr/include/stdio.h:45, from boot/mkelf32.c:11: /usr/include/sys/endian.h:156:1: this is the location of the previous definition boot/mkelf32.c:94:1: "swap32" redefined /usr/include/sys/endian.h:157:1: this is the location of the previous definition boot/mkelf32.c:95:1: "swap64" redefined /usr/include/sys/endian.h:158:1: this is the location of the previous definition gmake[2]: *** [boot/mkelf32] Error 1 This mail has two patches attached: openbsd_buildfix.diff - the absolute necessary patch to make the kernel build on OpenBSD openbsd_propolice.diff - it adds support for SSP --Boundary-00=_wLdNFe80GU/PA8w Content-Type: text/x-diff; charset=iso-8859-1; name=openbsd_buildfix.diff Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=openbsd_buildfix.diff diff -r 20522afb2615 xen/arch/x86/boot/mkelf32.c =2D-- a/xen/arch/x86/boot/mkelf32.c Wed Oct 18 19:23:32 2006 +0100 +++ b/xen/arch/x86/boot/mkelf32.c Wed Oct 18 09:03:19 2006 +0200 @@ -90,9 +90,15 @@ static Elf32_Shdr out_shdr[] =3D { } }; =20 +#ifndef swap16 #define swap16(_v) ((((u16)(_v)>>8)&0xff)|(((u16)(_v)&0xff)<<8)) +#endif +#ifndef swap32 #define swap32(_v) (((u32)swap16((u16)(_v))<<16)|(u32)swap16((u32)((_v)>>1= 6))) +#endif +#ifndef swap64 #define swap64(_v) (((u64)swap32((u32)(_v))<<32)|(u64)swap32((u32)((_v)>>3= 2))) +#endif =20 static int big_endian; =20 --Boundary-00=_wLdNFe80GU/PA8w Content-Type: text/x-diff; charset=iso-8859-1; name=openbsd_propolice.diff Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=openbsd_propolice.diff diff -r 20522afb2615 xen/arch/x86/setup.c =2D-- a/xen/arch/x86/setup.c Wed Oct 18 19:23:32 2006 +0100 +++ b/xen/arch/x86/setup.c Wed Oct 18 09:03:33 2006 +0200 @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -668,6 +669,8 @@ void __init __start_xen(multiboot_info_t cmdline) !=3D 0) panic("Could not set up DOM0 guest OS\n"); =20 + init_guard(); + /* Scrub RAM that is still free and so may go to an unprivileged domai= n. */ scrub_heap_pages(); =20 diff -r 20522afb2615 xen/common/Makefile =2D-- a/xen/common/Makefile Wed Oct 18 19:23:32 2006 +0100 +++ b/xen/common/Makefile Wed Oct 18 09:03:33 2006 +0200 @@ -5,6 +5,7 @@ obj-y +=3D elf.o obj-y +=3D elf.o obj-y +=3D event_channel.o obj-y +=3D grant_table.o +obj-y +=3D guard.o obj-y +=3D kernel.o obj-y +=3D keyhandler.o obj-y +=3D lib.o diff -r 20522afb2615 xen/common/guard.c =2D-- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/common/guard.c Wed Oct 18 09:03:33 2006 +0200 @@ -0,0 +1,34 @@ + +#include + +long __guard[8]; + +void __stack_smash_handler(char [], int __attribute__((unused))); + +void +__stack_smash_handler(char func[], int damaged) +{ + panic("smashed stack in %s", func); +} + + +void init_guard(void) +{ + volatile long newguard[8]; + int i; + + /* XXX newguard is intended to get filled with random values. + * But there's nothing to use, so this is just something + * out of my head :) */ + newguard[0] =3D 103958; + newguard[1] =3D 3505; + newguard[2] =3D 75601; + newguard[3] =3D 35703; + newguard[4] =3D 94; + newguard[5] =3D 721; + newguard[6] =3D 3094; + newguard[7] =3D 217; + + for (i =3D sizeof(__guard) / sizeof(__guard[0]) - 1; i; i--) + __guard[i] =3D newguard[i]; +} diff -r 20522afb2615 xen/include/xen/guard.h =2D-- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/include/xen/guard.h Wed Oct 18 09:03:33 2006 +0200 @@ -0,0 +1,3 @@ + + +void init_guard(void); --Boundary-00=_wLdNFe80GU/PA8w Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --Boundary-00=_wLdNFe80GU/PA8w--