[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] xen: CFI hardening for continue_hypercall_on_cpu()
commit 19804ed02902e78c82c6c97af8bd5ec348d5f071 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Thu Oct 28 10:56:49 2021 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Feb 23 15:33:43 2022 +0000 xen: CFI hardening for continue_hypercall_on_cpu() Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/acpi/power.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 2 +- xen/arch/x86/include/asm/pv/shim.h | 8 ++++---- xen/arch/x86/include/asm/smp.h | 6 +++--- xen/arch/x86/platform_hypercall.c | 4 ++-- xen/arch/x86/pv/shim.c | 4 ++-- xen/arch/x86/smp.c | 4 ++-- xen/arch/x86/sysctl.c | 2 +- xen/common/core_parking.c | 2 +- xen/common/kexec.c | 2 +- xen/common/sched/cpupool.c | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c index 912d4c4d62..c4e7e86989 100644 --- a/xen/arch/x86/acpi/power.c +++ b/xen/arch/x86/acpi/power.c @@ -326,7 +326,7 @@ static int enter_state(u32 state) return error; } -static long enter_state_helper(void *data) +static long cf_check enter_state_helper(void *data) { struct acpi_sleep_info *sinfo = (struct acpi_sleep_info *)data; return enter_state(sinfo->sleep_state); diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c index 46f55fe7f1..9631042190 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c @@ -558,7 +558,7 @@ struct ucode_buf { char buffer[]; }; -static long microcode_update_helper(void *data) +static long cf_check microcode_update_helper(void *data) { int ret; struct ucode_buf *buffer = data; diff --git a/xen/arch/x86/include/asm/pv/shim.h b/xen/arch/x86/include/asm/pv/shim.h index 6415f8068e..a43c3689b4 100644 --- a/xen/arch/x86/include/asm/pv/shim.h +++ b/xen/arch/x86/include/asm/pv/shim.h @@ -38,8 +38,8 @@ void pv_shim_setup_dom(struct domain *d, l4_pgentry_t *l4start, start_info_t *si); int pv_shim_shutdown(uint8_t reason); void pv_shim_inject_evtchn(unsigned int port); -long pv_shim_cpu_up(void *data); -long pv_shim_cpu_down(void *data); +long cf_check pv_shim_cpu_up(void *data); +long cf_check pv_shim_cpu_down(void *data); void pv_shim_online_memory(unsigned int nr, unsigned int order); void pv_shim_offline_memory(unsigned int nr, unsigned int order); domid_t get_initial_domain_id(void); @@ -69,12 +69,12 @@ static inline void pv_shim_inject_evtchn(unsigned int port) { ASSERT_UNREACHABLE(); } -static inline long pv_shim_cpu_up(void *data) +static inline long cf_check pv_shim_cpu_up(void *data) { ASSERT_UNREACHABLE(); return 0; } -static inline long pv_shim_cpu_down(void *data) +static inline long cf_check pv_shim_cpu_down(void *data) { ASSERT_UNREACHABLE(); return 0; diff --git a/xen/arch/x86/include/asm/smp.h b/xen/arch/x86/include/asm/smp.h index f7485f602e..1747772d23 100644 --- a/xen/arch/x86/include/asm/smp.h +++ b/xen/arch/x86/include/asm/smp.h @@ -57,10 +57,10 @@ int cpu_add(uint32_t apic_id, uint32_t acpi_id, uint32_t pxm); void __stop_this_cpu(void); -long cpu_up_helper(void *data); -long cpu_down_helper(void *data); +long cf_check cpu_up_helper(void *data); +long cf_check cpu_down_helper(void *data); -long core_parking_helper(void *data); +long cf_check core_parking_helper(void *data); bool core_parking_remove(unsigned int cpu); uint32_t get_cur_idle_nums(void); diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c index 84566bbfaa..f5d7adc1e8 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c @@ -45,7 +45,7 @@ struct resource_access { xenpf_resource_entry_t *entries; }; -long cpu_frequency_change_helper(void *); +long cf_check cpu_frequency_change_helper(void *); void check_resource_access(struct resource_access *); void resource_access(void *); @@ -59,7 +59,7 @@ DEFINE_SPINLOCK(xenpf_lock); # undef guest_from_compat_handle # define guest_from_compat_handle(x,y) ((x)=(y)) -long cpu_frequency_change_helper(void *data) +long cf_check cpu_frequency_change_helper(void *data) { return cpu_frequency_change((uint64_t)data); } diff --git a/xen/arch/x86/pv/shim.c b/xen/arch/x86/pv/shim.c index ae4d8913fa..2ee290a392 100644 --- a/xen/arch/x86/pv/shim.c +++ b/xen/arch/x86/pv/shim.c @@ -845,7 +845,7 @@ int cf_check compat_grant_table_op( #endif #endif -long pv_shim_cpu_up(void *data) +long cf_check pv_shim_cpu_up(void *data) { struct vcpu *v = data; struct domain *d = v->domain; @@ -883,7 +883,7 @@ long pv_shim_cpu_up(void *data) return 0; } -long pv_shim_cpu_down(void *data) +long cf_check pv_shim_cpu_down(void *data) { struct vcpu *v = data; long rc; diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c index eef0f9c6cb..f4952a6bf9 100644 --- a/xen/arch/x86/smp.c +++ b/xen/arch/x86/smp.c @@ -399,7 +399,7 @@ void call_function_interrupt(struct cpu_user_regs *regs) smp_call_function_interrupt(); } -long cpu_up_helper(void *data) +long cf_check cpu_up_helper(void *data) { unsigned int cpu = (unsigned long)data; int ret = cpu_up(cpu); @@ -422,7 +422,7 @@ long cpu_up_helper(void *data) return ret; } -long cpu_down_helper(void *data) +long cf_check cpu_down_helper(void *data) { int cpu = (unsigned long)data; int ret = cpu_down(cpu); diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index aff52a13f3..1772f51f8f 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -79,7 +79,7 @@ static void l3_cache_get(void *arg) l3_info->size = info.size / 1024; /* in KB unit */ } -static long smt_up_down_helper(void *data) +static long cf_check smt_up_down_helper(void *data) { bool up = (bool)data; unsigned int cpu, sibling_mask = boot_cpu_data.x86_num_siblings - 1; diff --git a/xen/common/core_parking.c b/xen/common/core_parking.c index 44a907abfd..4afad04f2f 100644 --- a/xen/common/core_parking.c +++ b/xen/common/core_parking.c @@ -169,7 +169,7 @@ static unsigned int core_parking_power(unsigned int event) return cpu; } -long core_parking_helper(void *data) +long cf_check core_parking_helper(void *data) { uint32_t idle_nums = (unsigned long)data; unsigned int cpu; diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 3b223cd03d..b222a5fd78 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -395,7 +395,7 @@ void kexec_crash(enum crash_reason reason) BUG(); } -static long kexec_reboot(void *_image) +static long cf_check kexec_reboot(void *_image) { struct kexec_image *image = _image; diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index e5cfb03b85..b9d4babd0d 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -544,7 +544,7 @@ static int cpupool_unassign_cpu_start(struct cpupool *c, unsigned int cpu) return ret; } -static long cpupool_unassign_cpu_helper(void *info) +static long cf_check cpupool_unassign_cpu_helper(void *info) { struct cpupool *c = info; long ret; -- generated by git-patchbot for /home/xen/git/xen.git#staging
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |