[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] xsm/flask/ss: CFI hardening



commit c9e0a06259aff799b57b3180ba815081c914f4e8
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Oct 29 15:32:08 2021 +0100
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Feb 23 15:33:43 2022 +0000

    xsm/flask/ss: CFI hardening
    
    Control Flow Integrity schemes use toolchain and optionally hardware support
    to help protect against call/jump/return oriented programming attacks.
    
    Use cf_check to annotate function pointer targets for the toolchain.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
---
 xen/xsm/flask/ss/avtab.c       |  4 ++--
 xen/xsm/flask/ss/conditional.c | 10 ++++----
 xen/xsm/flask/ss/conditional.h |  6 ++---
 xen/xsm/flask/ss/policydb.c    | 53 ++++++++++++++++++++++--------------------
 xen/xsm/flask/ss/services.c    |  6 ++---
 xen/xsm/flask/ss/symtab.c      |  5 ++--
 6 files changed, 44 insertions(+), 40 deletions(-)

diff --git a/xen/xsm/flask/ss/avtab.c b/xen/xsm/flask/ss/avtab.c
index bfc91c8b0c..55c2b4d8a4 100644
--- a/xen/xsm/flask/ss/avtab.c
+++ b/xen/xsm/flask/ss/avtab.c
@@ -482,8 +482,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct 
policydb *pol,
     return insertf(a, &key, &datum, p);
 }
 
-static int avtab_insertf(struct avtab *a, struct avtab_key *k,
-                                                struct avtab_datum *d, void *p)
+static int cf_check avtab_insertf(
+    struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p)
 {
     return avtab_insert(a, k, d);
 }
diff --git a/xen/xsm/flask/ss/conditional.c b/xen/xsm/flask/ss/conditional.c
index 3e58aea551..b4b116666c 100644
--- a/xen/xsm/flask/ss/conditional.c
+++ b/xen/xsm/flask/ss/conditional.c
@@ -189,14 +189,14 @@ int cond_init_bool_indexes(struct policydb *p)
     return 0;
 }
 
-int cond_destroy_bool(void *key, void *datum, void *p)
+int cf_check cond_destroy_bool(void *key, void *datum, void *p)
 {
     xfree(key);
     xfree(datum);
     return 0;
 }
 
-int cond_index_bool(void *key, void *datum, void *datap)
+int cf_check cond_index_bool(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct cond_bool_datum *booldatum;
@@ -220,7 +220,7 @@ static int bool_isvalid(struct cond_bool_datum *b)
     return 1;
 }
 
-int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
+int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct cond_bool_datum *booldatum;
@@ -268,8 +268,8 @@ struct cond_insertf_data
     struct cond_av_list *tail;
 };
 
-static int cond_insertf(struct avtab *a, struct avtab_key *k, 
-                                            struct avtab_datum *d, void *ptr)
+static int cf_check cond_insertf(
+    struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *ptr)
 {
     struct cond_insertf_data *data = ptr;
     struct policydb *p = data->p;
diff --git a/xen/xsm/flask/ss/conditional.h b/xen/xsm/flask/ss/conditional.h
index 59ac6b4b57..500fe4305a 100644
--- a/xen/xsm/flask/ss/conditional.h
+++ b/xen/xsm/flask/ss/conditional.h
@@ -63,11 +63,11 @@ int cond_policydb_init(struct policydb* p);
 void cond_policydb_destroy(struct policydb* p);
 
 int cond_init_bool_indexes(struct policydb* p);
-int cond_destroy_bool(void *key, void *datum, void *p);
+int cf_check cond_destroy_bool(void *key, void *datum, void *p);
 
-int cond_index_bool(void *key, void *datum, void *datap);
+int cf_check cond_index_bool(void *key, void *datum, void *datap);
 
-int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
+int cf_check cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
 int cond_read_list(struct policydb *p, void *fp);
 
 void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct 
av_decision *avd);
diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c
index 9426164353..ff2103c63e 100644
--- a/xen/xsm/flask/ss/policydb.c
+++ b/xen/xsm/flask/ss/policydb.c
@@ -257,12 +257,12 @@ out_free_symtab:
  * of a class, role, or user are needed.
  */
 
-static int common_index(void *key, void *datum, void *datap)
+static int cf_check common_index(void *key, void *datum, void *datap)
 {
     return 0;
 }
 
-static int class_index(void *key, void *datum, void *datap)
+static int cf_check class_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct class_datum *cladatum;
@@ -276,7 +276,7 @@ static int class_index(void *key, void *datum, void *datap)
     return 0;
 }
 
-static int role_index(void *key, void *datum, void *datap)
+static int cf_check role_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct role_datum *role;
@@ -292,7 +292,7 @@ static int role_index(void *key, void *datum, void *datap)
     return 0;
 }
 
-static int type_index(void *key, void *datum, void *datap)
+static int cf_check type_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct type_datum *typdatum;
@@ -313,7 +313,7 @@ static int type_index(void *key, void *datum, void *datap)
     return 0;
 }
 
-static int user_index(void *key, void *datum, void *datap)
+static int cf_check user_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct user_datum *usrdatum;
@@ -329,7 +329,7 @@ static int user_index(void *key, void *datum, void *datap)
     return 0;
 }
 
-static int sens_index(void *key, void *datum, void *datap)
+static int cf_check sens_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct level_datum *levdatum;
@@ -348,7 +348,7 @@ static int sens_index(void *key, void *datum, void *datap)
     return 0;
 }
 
-static int cat_index(void *key, void *datum, void *datap)
+static int cf_check cat_index(void *key, void *datum, void *datap)
 {
     struct policydb *p;
     struct cat_datum *catdatum;
@@ -506,14 +506,14 @@ out:
  * symbol data in the policy database.
  */
 
-static int perm_destroy(void *key, void *datum, void *p)
+static int cf_check perm_destroy(void *key, void *datum, void *p)
 {
     xfree(key);
     xfree(datum);
     return 0;
 }
 
-static int common_destroy(void *key, void *datum, void *p)
+static int cf_check common_destroy(void *key, void *datum, void *p)
 {
     struct common_datum *comdatum;
 
@@ -525,7 +525,7 @@ static int common_destroy(void *key, void *datum, void *p)
     return 0;
 }
 
-static int class_destroy(void *key, void *datum, void *p)
+static int cf_check class_destroy(void *key, void *datum, void *p)
 {
     struct class_datum *cladatum;
     struct constraint_node *constraint, *ctemp;
@@ -572,7 +572,7 @@ static int class_destroy(void *key, void *datum, void *p)
     return 0;
 }
 
-static int role_destroy(void *key, void *datum, void *p)
+static int cf_check role_destroy(void *key, void *datum, void *p)
 {
     struct role_datum *role;
 
@@ -584,14 +584,14 @@ static int role_destroy(void *key, void *datum, void *p)
     return 0;
 }
 
-static int type_destroy(void *key, void *datum, void *p)
+static int cf_check type_destroy(void *key, void *datum, void *p)
 {
     xfree(key);
     xfree(datum);
     return 0;
 }
 
-static int user_destroy(void *key, void *datum, void *p)
+static int cf_check user_destroy(void *key, void *datum, void *p)
 {
     struct user_datum *usrdatum;
 
@@ -605,7 +605,7 @@ static int user_destroy(void *key, void *datum, void *p)
     return 0;
 }
 
-static int sens_destroy(void *key, void *datum, void *p)
+static int cf_check sens_destroy(void *key, void *datum, void *p)
 {
     struct level_datum *levdatum;
 
@@ -617,7 +617,7 @@ static int sens_destroy(void *key, void *datum, void *p)
     return 0;
 }
 
-static int cat_destroy(void *key, void *datum, void *p)
+static int cf_check cat_destroy(void *key, void *datum, void *p)
 {
     xfree(key);
     xfree(datum);
@@ -989,7 +989,7 @@ bad:
     goto out;
 }
 
-static int common_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check common_read(struct policydb *p, struct hashtab *h, void 
*fp)
 {
     char *key = NULL;
     struct common_datum *comdatum;
@@ -1151,7 +1151,7 @@ static int read_cons_helper(struct policydb *p, struct 
constraint_node **nodep,
     return 0;
 }
 
-static int class_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check class_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct class_datum *cladatum;
@@ -1250,7 +1250,7 @@ bad:
     goto out;
 }
 
-static int role_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check role_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct role_datum *role;
@@ -1321,7 +1321,7 @@ bad:
     goto out;
 }
 
-static int type_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check type_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct type_datum *typdatum;
@@ -1415,7 +1415,7 @@ bad:
     return -EINVAL;
 }
 
-static int user_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check user_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct user_datum *usrdatum;
@@ -1479,7 +1479,7 @@ bad:
     goto out;
 }
 
-static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check sens_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct level_datum *levdatum;
@@ -1534,7 +1534,7 @@ bad:
     goto out;
 }
 
-static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
+static int cf_check cat_read(struct policydb *p, struct hashtab *h, void *fp)
 {
     char *key = NULL;
     struct cat_datum *catdatum;
@@ -1591,7 +1591,8 @@ static int (*read_f[SYM_NUM]) (struct policydb *p, struct 
hashtab *h, void *fp)
     cat_read,
 };
 
-static int user_bounds_sanity_check(void *key, void *datum, void *datap)
+static int cf_check user_bounds_sanity_check(
+    void *key, void *datum, void *datap)
 {
     struct user_datum *upper, *user;
     struct policydb *p = datap;
@@ -1631,7 +1632,8 @@ static int user_bounds_sanity_check(void *key, void 
*datum, void *datap)
     return 0;
 }
 
-static int role_bounds_sanity_check(void *key, void *datum, void *datap)
+static int cf_check role_bounds_sanity_check(
+    void *key, void *datum, void *datap)
 {
     struct role_datum *upper, *role;
     struct policydb *p = datap;
@@ -1671,7 +1673,8 @@ static int role_bounds_sanity_check(void *key, void 
*datum, void *datap)
     return 0;
 }
 
-static int type_bounds_sanity_check(void *key, void *datum, void *datap)
+static int cf_check type_bounds_sanity_check(
+    void *key, void *datum, void *datap)
 {
     struct type_datum *upper, *type;
     struct policydb *p = datap;
diff --git a/xen/xsm/flask/ss/services.c b/xen/xsm/flask/ss/services.c
index 42686535f2..2f6d3d350d 100644
--- a/xen/xsm/flask/ss/services.c
+++ b/xen/xsm/flask/ss/services.c
@@ -283,7 +283,7 @@ mls_ops:
  * security_dump_masked_av - dumps masked permissions during
  * security_compute_av due to RBAC, MLS/Constraint and Type bounds.
  */
-static int dump_masked_av_helper(void *k, void *d, void *args)
+static int cf_check dump_masked_av_helper(void *k, void *d, void *args)
 {
     struct perm_datum *pdatum = d;
     char **permission_names = args;
@@ -1240,7 +1240,7 @@ static int validate_classes(struct policydb *p)
 }
 
 /* Clone the SID into the new SID table. */
-static int clone_sid(u32 sid, struct context *context, void *arg)
+static int cf_check clone_sid(u32 sid, struct context *context, void *arg)
 {
     struct sidtab *s = arg;
 
@@ -1277,7 +1277,7 @@ struct convert_context_args {
  * in the policy `p->newp'.  Verify that the
  * context is valid under the new policy.
  */
-static int convert_context(u32 key, struct context *c, void *p)
+static int cf_check convert_context(u32 key, struct context *c, void *p)
 {
     struct convert_context_args *args;
     struct context oldc;
diff --git a/xen/xsm/flask/ss/symtab.c b/xen/xsm/flask/ss/symtab.c
index d98c116d5b..0ce7e08c24 100644
--- a/xen/xsm/flask/ss/symtab.c
+++ b/xen/xsm/flask/ss/symtab.c
@@ -12,7 +12,7 @@
 #include <xen/errno.h>
 #include "symtab.h"
 
-static unsigned int symhash(struct hashtab *h, const void *key)
+static unsigned int cf_check symhash(struct hashtab *h, const void *key)
 {
     const char *p, *keyp;
     unsigned int size;
@@ -26,7 +26,8 @@ static unsigned int symhash(struct hashtab *h, const void 
*key)
     return val & (h->size - 1);
 }
 
-static int symcmp(struct hashtab *h, const void *key1, const void *key2)
+static int cf_check symcmp(
+    struct hashtab *h, const void *key1, const void *key2)
 {
     const char *keyp1, *keyp2;
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.