[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] x86/mce: CFI hardening
commit f716c734e9573da42f8c5c6ce301801bf0eb620e Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Fri Oct 29 11:15:03 2021 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/mce: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/cpu/mcheck/mce.c | 8 ++++---- xen/arch/x86/cpu/mcheck/mce.h | 2 +- xen/arch/x86/cpu/mcheck/mce_amd.c | 9 ++++---- xen/arch/x86/cpu/mcheck/mce_amd.h | 4 ++-- xen/arch/x86/cpu/mcheck/mce_intel.c | 41 +++++++++++++++++-------------------- 5 files changed, 31 insertions(+), 33 deletions(-) diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c index 3467e0f1a3..275c54be7c 100644 --- a/xen/arch/x86/cpu/mcheck/mce.c +++ b/xen/arch/x86/cpu/mcheck/mce.c @@ -75,7 +75,7 @@ static int __init cf_check mce_set_verbosity(const char *str) custom_param("mce_verbosity", mce_set_verbosity); /* Handle unconfigured int18 (should never happen) */ -static void unexpected_machine_check(const struct cpu_user_regs *regs) +static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs) { console_force_unlock(); printk("Unexpected Machine Check Exception\n"); @@ -469,7 +469,7 @@ static int mce_urgent_action(const struct cpu_user_regs *regs, } /* Shared #MC handler. */ -void mcheck_cmn_handler(const struct cpu_user_regs *regs) +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs) { static DEFINE_MCE_BARRIER(mce_trap_bar); static atomic_t severity_cpu = ATOMIC_INIT(-1); @@ -1684,7 +1684,7 @@ long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t) u_xen_mc) } int mcinfo_dumpped; -static int x86_mcinfo_dump_panic(mctelem_cookie_t mctc) +static int cf_check x86_mcinfo_dump_panic(mctelem_cookie_t mctc) { struct mc_info *mcip = mctelem_dataptr(mctc); @@ -1801,7 +1801,7 @@ static enum mce_result mce_action(const struct cpu_user_regs *regs, * should be committed for dom0 consumption, 0 if it should be * dismissed. */ -static int mce_delayed_action(mctelem_cookie_t mctc) +static int cf_check mce_delayed_action(mctelem_cookie_t mctc) { enum mce_result result; int ret = 0; diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h index 1953626919..535d0abf8f 100644 --- a/xen/arch/x86/cpu/mcheck/mce.h +++ b/xen/arch/x86/cpu/mcheck/mce.h @@ -70,7 +70,7 @@ extern void x86_mce_vector_register(x86_mce_vector_t); * Common generic MCE handler that implementations may nominate * via x86_mce_vector_register. */ -extern void mcheck_cmn_handler(const struct cpu_user_regs *regs); +void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs); /* Register a handler for judging whether mce is recoverable. */ typedef bool (*mce_recoverable_t)(uint64_t status); diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c b/xen/arch/x86/cpu/mcheck/mce_amd.c index 279a8e6f12..d7ae8919df 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.c +++ b/xen/arch/x86/cpu/mcheck/mce_amd.c @@ -113,7 +113,7 @@ mc_ec2type(uint16_t errorcode) return 0; } -bool mc_amd_recoverable_scan(uint64_t status) +bool cf_check mc_amd_recoverable_scan(uint64_t status) { bool ret = false; enum mc_ec_type ectype; @@ -143,7 +143,7 @@ bool mc_amd_recoverable_scan(uint64_t status) return ret; } -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype) { enum mc_ec_type ectype; uint16_t errorcode; @@ -216,7 +216,7 @@ static void mcequirk_amd_apply(enum mcequirk_amd_flags flags) } } -static struct mcinfo_extended * +static struct mcinfo_extended *cf_check amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) { struct mcinfo_extended *mc_ext; @@ -252,7 +252,8 @@ amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status) return mc_ext; } -static bool amd_need_clearbank_scan(enum mca_source who, uint64_t status) +static bool cf_check amd_need_clearbank_scan( + enum mca_source who, uint64_t status) { if ( who != MCA_MCE_SCAN ) return true; diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.h b/xen/arch/x86/cpu/mcheck/mce_amd.h index 67c4545470..c12c25d745 100644 --- a/xen/arch/x86/cpu/mcheck/mce_amd.h +++ b/xen/arch/x86/cpu/mcheck/mce_amd.h @@ -1,7 +1,7 @@ #ifndef _MCHECK_AMD_H #define _MCHECK_AMD_H -bool mc_amd_recoverable_scan(uint64_t status); -bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); +bool cf_check mc_amd_recoverable_scan(uint64_t status); +bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype); #endif diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c b/xen/arch/x86/cpu/mcheck/mce_intel.c index 7aaa56fd02..50198e0c29 100644 --- a/xen/arch/x86/cpu/mcheck/mce_intel.c +++ b/xen/arch/x86/cpu/mcheck/mce_intel.c @@ -271,12 +271,13 @@ static void intel_memerr_dhandler( mc_memerr_dhandler(binfo, result, regs); } -static bool intel_srar_check(uint64_t status) +static bool cf_check intel_srar_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srar); } -static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) +static bool cf_check intel_checkaddr( + uint64_t status, uint64_t misc, int addrtype) { if ( !(status & MCi_STATUS_ADDRV) || !(status & MCi_STATUS_MISCV) || @@ -287,10 +288,9 @@ static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype) return (addrtype == MC_ADDR_PHYSICAL); } -static void intel_srar_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srar_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -306,15 +306,14 @@ static void intel_srar_dhandler( } } -static bool intel_srao_check(uint64_t status) +static bool cf_check intel_srao_check(uint64_t status) { return (intel_check_mce_type(status) == intel_mce_ucr_srao); } -static void intel_srao_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_srao_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; @@ -333,15 +332,14 @@ static void intel_srao_dhandler( } } -static bool intel_default_check(uint64_t status) +static bool cf_check intel_default_check(uint64_t status) { return true; } -static void intel_default_mce_dhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs * regs) +static void cf_check intel_default_mce_dhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs * regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -360,10 +358,9 @@ static const struct mca_error_handler intel_mce_dhandlers[] = { {intel_default_check, intel_default_mce_dhandler} }; -static void intel_default_mce_uhandler( - struct mca_binfo *binfo, - enum mce_result *result, - const struct cpu_user_regs *regs) +static void cf_check intel_default_mce_uhandler( + struct mca_binfo *binfo, enum mce_result *result, + const struct cpu_user_regs *regs) { uint64_t status = binfo->mib->mc_status; enum intel_mce_type type; @@ -396,7 +393,7 @@ static const struct mca_error_handler intel_mce_uhandlers[] = { * 3) ser_support = 1, SRAO, UC = 1, S = 1, AR = 0, [EN = 1] */ -static bool intel_need_clearbank_scan(enum mca_source who, u64 status) +static bool cf_check intel_need_clearbank_scan(enum mca_source who, u64 status) { if ( who == MCA_CMCI_HANDLER ) { @@ -453,7 +450,7 @@ static bool intel_need_clearbank_scan(enum mca_source who, u64 status) * 4) SRAO ser_support = 1, PCC = 0, S = 1, AR = 0, EN = 1 [UC = 1] * 5) UCNA ser_support = 1, OVER = 0, EN = 1, PCC = 0, S = 0, AR = 0, [UC = 1] */ -static bool intel_recoverable_scan(uint64_t status) +static bool cf_check intel_recoverable_scan(uint64_t status) { if ( !(status & MCi_STATUS_UC ) ) -- generated by git-patchbot for /home/xen/git/xen.git#staging
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |