[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] xsm/flask/ss: CFI hardening
commit c9e0a06259aff799b57b3180ba815081c914f4e8 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Fri Oct 29 15:32:08 2021 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Feb 23 15:33:43 2022 +0000 xsm/flask/ss: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> --- xen/xsm/flask/ss/avtab.c | 4 ++-- xen/xsm/flask/ss/conditional.c | 10 ++++---- xen/xsm/flask/ss/conditional.h | 6 ++--- xen/xsm/flask/ss/policydb.c | 53 ++++++++++++++++++++++-------------------- xen/xsm/flask/ss/services.c | 6 ++--- xen/xsm/flask/ss/symtab.c | 5 ++-- 6 files changed, 44 insertions(+), 40 deletions(-) diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c index bfc91c8b0c..55c2b4d8a4 100644 --- a/xen/xsm/flask/ss/avtab.c +++ b/xen/xsm/flask/ss/avtab.c @@ -482,8 +482,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return insertf(a, &key, &datum, p); } -static int avtab_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *p) +static int cf_check avtab_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p) { return avtab_insert(a, k, d); } diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c index 3e58aea551..b4b116666c 100644 --- a/xen/xsm/flask/ss/conditional.c +++ b/xen/xsm/flask/ss/conditional.c @@ -189,14 +189,14 @@ int cond_init_bool_indexes(struct policydb *p) return 0; } -int cond_destroy_bool(void *key, void *datum, void *p) +int cf_check cond_destroy_bool(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -int cond_index_bool(void *key, void *datum, void *datap) +int cf_check cond_index_bool(void *key, void *datum, void *datap) { struct policydb *p; struct cond_bool_datum *booldatum; @@ -220,7 +220,7 @@ static int bool_isvalid(struct cond_bool_datum *b) return 1; } -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cond_bool_datum *booldatum; @@ -268,8 +268,8 @@ struct cond_insertf_data struct cond_av_list *tail; }; -static int cond_insertf(struct avtab *a, struct avtab_key *k, - struct avtab_datum *d, void *ptr) +static int cf_check cond_insertf( + struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr) { struct cond_insertf_data *data = ptr; struct policydb *p = data->p; diff --git a/xen/xsm/flask/ss/conditional.h b/xen/xsm/flask/ss/conditional.h index 59ac6b4b57..500fe4305a 100644 --- a/xen/xsm/flask/ss/conditional.h +++ b/xen/xsm/flask/ss/conditional.h @@ -63,11 +63,11 @@ int cond_policydb_init(struct policydb* p); void cond_policydb_destroy(struct policydb* p); int cond_init_bool_indexes(struct policydb* p); -int cond_destroy_bool(void *key, void *datum, void *p); +int cf_check cond_destroy_bool(void *key, void *datum, void *p); -int cond_index_bool(void *key, void *datum, void *datap); +int cf_check cond_index_bool(void *key, void *datum, void *datap); -int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); +int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); int cond_read_list(struct policydb *p, void *fp); void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd); diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c index 9426164353..ff2103c63e 100644 --- a/xen/xsm/flask/ss/policydb.c +++ b/xen/xsm/flask/ss/policydb.c @@ -257,12 +257,12 @@ out_free_symtab: * of a class, role, or user are needed. */ -static int common_index(void *key, void *datum, void *datap) +static int cf_check common_index(void *key, void *datum, void *datap) { return 0; } -static int class_index(void *key, void *datum, void *datap) +static int cf_check class_index(void *key, void *datum, void *datap) { struct policydb *p; struct class_datum *cladatum; @@ -276,7 +276,7 @@ static int class_index(void *key, void *datum, void *datap) return 0; } -static int role_index(void *key, void *datum, void *datap) +static int cf_check role_index(void *key, void *datum, void *datap) { struct policydb *p; struct role_datum *role; @@ -292,7 +292,7 @@ static int role_index(void *key, void *datum, void *datap) return 0; } -static int type_index(void *key, void *datum, void *datap) +static int cf_check type_index(void *key, void *datum, void *datap) { struct policydb *p; struct type_datum *typdatum; @@ -313,7 +313,7 @@ static int type_index(void *key, void *datum, void *datap) return 0; } -static int user_index(void *key, void *datum, void *datap) +static int cf_check user_index(void *key, void *datum, void *datap) { struct policydb *p; struct user_datum *usrdatum; @@ -329,7 +329,7 @@ static int user_index(void *key, void *datum, void *datap) return 0; } -static int sens_index(void *key, void *datum, void *datap) +static int cf_check sens_index(void *key, void *datum, void *datap) { struct policydb *p; struct level_datum *levdatum; @@ -348,7 +348,7 @@ static int sens_index(void *key, void *datum, void *datap) return 0; } -static int cat_index(void *key, void *datum, void *datap) +static int cf_check cat_index(void *key, void *datum, void *datap) { struct policydb *p; struct cat_datum *catdatum; @@ -506,14 +506,14 @@ out: * symbol data in the policy database. */ -static int perm_destroy(void *key, void *datum, void *p) +static int cf_check perm_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int common_destroy(void *key, void *datum, void *p) +static int cf_check common_destroy(void *key, void *datum, void *p) { struct common_datum *comdatum; @@ -525,7 +525,7 @@ static int common_destroy(void *key, void *datum, void *p) return 0; } -static int class_destroy(void *key, void *datum, void *p) +static int cf_check class_destroy(void *key, void *datum, void *p) { struct class_datum *cladatum; struct constraint_node *constraint, *ctemp; @@ -572,7 +572,7 @@ static int class_destroy(void *key, void *datum, void *p) return 0; } -static int role_destroy(void *key, void *datum, void *p) +static int cf_check role_destroy(void *key, void *datum, void *p) { struct role_datum *role; @@ -584,14 +584,14 @@ static int role_destroy(void *key, void *datum, void *p) return 0; } -static int type_destroy(void *key, void *datum, void *p) +static int cf_check type_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); return 0; } -static int user_destroy(void *key, void *datum, void *p) +static int cf_check user_destroy(void *key, void *datum, void *p) { struct user_datum *usrdatum; @@ -605,7 +605,7 @@ static int user_destroy(void *key, void *datum, void *p) return 0; } -static int sens_destroy(void *key, void *datum, void *p) +static int cf_check sens_destroy(void *key, void *datum, void *p) { struct level_datum *levdatum; @@ -617,7 +617,7 @@ static int sens_destroy(void *key, void *datum, void *p) return 0; } -static int cat_destroy(void *key, void *datum, void *p) +static int cf_check cat_destroy(void *key, void *datum, void *p) { xfree(key); xfree(datum); @@ -989,7 +989,7 @@ bad: goto out; } -static int common_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check common_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct common_datum *comdatum; @@ -1151,7 +1151,7 @@ static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, return 0; } -static int class_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check class_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct class_datum *cladatum; @@ -1250,7 +1250,7 @@ bad: goto out; } -static int role_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check role_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct role_datum *role; @@ -1321,7 +1321,7 @@ bad: goto out; } -static int type_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check type_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct type_datum *typdatum; @@ -1415,7 +1415,7 @@ bad: return -EINVAL; } -static int user_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check user_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct user_datum *usrdatum; @@ -1479,7 +1479,7 @@ bad: goto out; } -static int sens_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check sens_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct level_datum *levdatum; @@ -1534,7 +1534,7 @@ bad: goto out; } -static int cat_read(struct policydb *p, struct hashtab *h, void *fp) +static int cf_check cat_read(struct policydb *p, struct hashtab *h, void *fp) { char *key = NULL; struct cat_datum *catdatum; @@ -1591,7 +1591,8 @@ static int (*read_f[SYM_NUM]) (struct policydb *p, struct hashtab *h, void *fp) cat_read, }; -static int user_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check user_bounds_sanity_check( + void *key, void *datum, void *datap) { struct user_datum *upper, *user; struct policydb *p = datap; @@ -1631,7 +1632,8 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int role_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check role_bounds_sanity_check( + void *key, void *datum, void *datap) { struct role_datum *upper, *role; struct policydb *p = datap; @@ -1671,7 +1673,8 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) return 0; } -static int type_bounds_sanity_check(void *key, void *datum, void *datap) +static int cf_check type_bounds_sanity_check( + void *key, void *datum, void *datap) { struct type_datum *upper, *type; struct policydb *p = datap; diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c index 42686535f2..2f6d3d350d 100644 --- a/xen/xsm/flask/ss/services.c +++ b/xen/xsm/flask/ss/services.c @@ -283,7 +283,7 @@ mls_ops: * security_dump_masked_av - dumps masked permissions during * security_compute_av due to RBAC, MLS/Constraint and Type bounds. */ -static int dump_masked_av_helper(void *k, void *d, void *args) +static int cf_check dump_masked_av_helper(void *k, void *d, void *args) { struct perm_datum *pdatum = d; char **permission_names = args; @@ -1240,7 +1240,7 @@ static int validate_classes(struct policydb *p) } /* Clone the SID into the new SID table. */ -static int clone_sid(u32 sid, struct context *context, void *arg) +static int cf_check clone_sid(u32 sid, struct context *context, void *arg) { struct sidtab *s = arg; @@ -1277,7 +1277,7 @@ struct convert_context_args { * in the policy `p->newp'. Verify that the * context is valid under the new policy. */ -static int convert_context(u32 key, struct context *c, void *p) +static int cf_check convert_context(u32 key, struct context *c, void *p) { struct convert_context_args *args; struct context oldc; diff --git a/xen/xsm/flask/ss/symtab.c b/xen/xsm/flask/ss/symtab.c index d98c116d5b..0ce7e08c24 100644 --- a/xen/xsm/flask/ss/symtab.c +++ b/xen/xsm/flask/ss/symtab.c @@ -12,7 +12,7 @@ #include <xen/errno.h> #include "symtab.h" -static unsigned int symhash(struct hashtab *h, const void *key) +static unsigned int cf_check symhash(struct hashtab *h, const void *key) { const char *p, *keyp; unsigned int size; @@ -26,7 +26,8 @@ static unsigned int symhash(struct hashtab *h, const void *key) return val & (h->size - 1); } -static int symcmp(struct hashtab *h, const void *key1, const void *key2) +static int cf_check symcmp( + struct hashtab *h, const void *key1, const void *key2) { const char *keyp1, *keyp2; -- generated by git-patchbot for /home/xen/git/xen.git#staging
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |