|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] x86/mce: CFI hardening
commit f716c734e9573da42f8c5c6ce301801bf0eb620e
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Oct 29 11:15:03 2021 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Feb 23 15:33:43 2022 +0000
x86/mce: CFI hardening
Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.
Use cf_check to annotate function pointer targets for the toolchain.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/cpu/mcheck/mce.c | 8 ++++----
xen/arch/x86/cpu/mcheck/mce.h | 2 +-
xen/arch/x86/cpu/mcheck/mce_amd.c | 9 ++++----
xen/arch/x86/cpu/mcheck/mce_amd.h | 4 ++--
xen/arch/x86/cpu/mcheck/mce_intel.c | 41 +++++++++++++++++--------------------
5 files changed, 31 insertions(+), 33 deletions(-)
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c
index 3467e0f1a3..275c54be7c 100644
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -75,7 +75,7 @@ static int __init cf_check mce_set_verbosity(const char *str)
custom_param("mce_verbosity", mce_set_verbosity);
/* Handle unconfigured int18 (should never happen) */
-static void unexpected_machine_check(const struct cpu_user_regs *regs)
+static void cf_check unexpected_machine_check(const struct cpu_user_regs *regs)
{
console_force_unlock();
printk("Unexpected Machine Check Exception\n");
@@ -469,7 +469,7 @@ static int mce_urgent_action(const struct cpu_user_regs
*regs,
}
/* Shared #MC handler. */
-void mcheck_cmn_handler(const struct cpu_user_regs *regs)
+void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs)
{
static DEFINE_MCE_BARRIER(mce_trap_bar);
static atomic_t severity_cpu = ATOMIC_INIT(-1);
@@ -1684,7 +1684,7 @@ long cf_check do_mca(XEN_GUEST_HANDLE_PARAM(xen_mc_t)
u_xen_mc)
}
int mcinfo_dumpped;
-static int x86_mcinfo_dump_panic(mctelem_cookie_t mctc)
+static int cf_check x86_mcinfo_dump_panic(mctelem_cookie_t mctc)
{
struct mc_info *mcip = mctelem_dataptr(mctc);
@@ -1801,7 +1801,7 @@ static enum mce_result mce_action(const struct
cpu_user_regs *regs,
* should be committed for dom0 consumption, 0 if it should be
* dismissed.
*/
-static int mce_delayed_action(mctelem_cookie_t mctc)
+static int cf_check mce_delayed_action(mctelem_cookie_t mctc)
{
enum mce_result result;
int ret = 0;
diff --git a/xen/arch/x86/cpu/mcheck/mce.h b/xen/arch/x86/cpu/mcheck/mce.h
index 1953626919..535d0abf8f 100644
--- a/xen/arch/x86/cpu/mcheck/mce.h
+++ b/xen/arch/x86/cpu/mcheck/mce.h
@@ -70,7 +70,7 @@ extern void x86_mce_vector_register(x86_mce_vector_t);
* Common generic MCE handler that implementations may nominate
* via x86_mce_vector_register.
*/
-extern void mcheck_cmn_handler(const struct cpu_user_regs *regs);
+void cf_check mcheck_cmn_handler(const struct cpu_user_regs *regs);
/* Register a handler for judging whether mce is recoverable. */
typedef bool (*mce_recoverable_t)(uint64_t status);
diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.c
b/xen/arch/x86/cpu/mcheck/mce_amd.c
index 279a8e6f12..d7ae8919df 100644
--- a/xen/arch/x86/cpu/mcheck/mce_amd.c
+++ b/xen/arch/x86/cpu/mcheck/mce_amd.c
@@ -113,7 +113,7 @@ mc_ec2type(uint16_t errorcode)
return 0;
}
-bool mc_amd_recoverable_scan(uint64_t status)
+bool cf_check mc_amd_recoverable_scan(uint64_t status)
{
bool ret = false;
enum mc_ec_type ectype;
@@ -143,7 +143,7 @@ bool mc_amd_recoverable_scan(uint64_t status)
return ret;
}
-bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype)
+bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype)
{
enum mc_ec_type ectype;
uint16_t errorcode;
@@ -216,7 +216,7 @@ static void mcequirk_amd_apply(enum mcequirk_amd_flags
flags)
}
}
-static struct mcinfo_extended *
+static struct mcinfo_extended *cf_check
amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t status)
{
struct mcinfo_extended *mc_ext;
@@ -252,7 +252,8 @@ amd_f10_handler(struct mc_info *mi, uint16_t bank, uint64_t
status)
return mc_ext;
}
-static bool amd_need_clearbank_scan(enum mca_source who, uint64_t status)
+static bool cf_check amd_need_clearbank_scan(
+ enum mca_source who, uint64_t status)
{
if ( who != MCA_MCE_SCAN )
return true;
diff --git a/xen/arch/x86/cpu/mcheck/mce_amd.h
b/xen/arch/x86/cpu/mcheck/mce_amd.h
index 67c4545470..c12c25d745 100644
--- a/xen/arch/x86/cpu/mcheck/mce_amd.h
+++ b/xen/arch/x86/cpu/mcheck/mce_amd.h
@@ -1,7 +1,7 @@
#ifndef _MCHECK_AMD_H
#define _MCHECK_AMD_H
-bool mc_amd_recoverable_scan(uint64_t status);
-bool mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype);
+bool cf_check mc_amd_recoverable_scan(uint64_t status);
+bool cf_check mc_amd_addrcheck(uint64_t status, uint64_t misc, int addrtype);
#endif
diff --git a/xen/arch/x86/cpu/mcheck/mce_intel.c
b/xen/arch/x86/cpu/mcheck/mce_intel.c
index 7aaa56fd02..50198e0c29 100644
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c
@@ -271,12 +271,13 @@ static void intel_memerr_dhandler(
mc_memerr_dhandler(binfo, result, regs);
}
-static bool intel_srar_check(uint64_t status)
+static bool cf_check intel_srar_check(uint64_t status)
{
return (intel_check_mce_type(status) == intel_mce_ucr_srar);
}
-static bool intel_checkaddr(uint64_t status, uint64_t misc, int addrtype)
+static bool cf_check intel_checkaddr(
+ uint64_t status, uint64_t misc, int addrtype)
{
if ( !(status & MCi_STATUS_ADDRV) ||
!(status & MCi_STATUS_MISCV) ||
@@ -287,10 +288,9 @@ static bool intel_checkaddr(uint64_t status, uint64_t
misc, int addrtype)
return (addrtype == MC_ADDR_PHYSICAL);
}
-static void intel_srar_dhandler(
- struct mca_binfo *binfo,
- enum mce_result *result,
- const struct cpu_user_regs *regs)
+static void cf_check intel_srar_dhandler(
+ struct mca_binfo *binfo, enum mce_result *result,
+ const struct cpu_user_regs *regs)
{
uint64_t status = binfo->mib->mc_status;
@@ -306,15 +306,14 @@ static void intel_srar_dhandler(
}
}
-static bool intel_srao_check(uint64_t status)
+static bool cf_check intel_srao_check(uint64_t status)
{
return (intel_check_mce_type(status) == intel_mce_ucr_srao);
}
-static void intel_srao_dhandler(
- struct mca_binfo *binfo,
- enum mce_result *result,
- const struct cpu_user_regs *regs)
+static void cf_check intel_srao_dhandler(
+ struct mca_binfo *binfo, enum mce_result *result,
+ const struct cpu_user_regs *regs)
{
uint64_t status = binfo->mib->mc_status;
@@ -333,15 +332,14 @@ static void intel_srao_dhandler(
}
}
-static bool intel_default_check(uint64_t status)
+static bool cf_check intel_default_check(uint64_t status)
{
return true;
}
-static void intel_default_mce_dhandler(
- struct mca_binfo *binfo,
- enum mce_result *result,
- const struct cpu_user_regs * regs)
+static void cf_check intel_default_mce_dhandler(
+ struct mca_binfo *binfo, enum mce_result *result,
+ const struct cpu_user_regs * regs)
{
uint64_t status = binfo->mib->mc_status;
enum intel_mce_type type;
@@ -360,10 +358,9 @@ static const struct mca_error_handler
intel_mce_dhandlers[] = {
{intel_default_check, intel_default_mce_dhandler}
};
-static void intel_default_mce_uhandler(
- struct mca_binfo *binfo,
- enum mce_result *result,
- const struct cpu_user_regs *regs)
+static void cf_check intel_default_mce_uhandler(
+ struct mca_binfo *binfo, enum mce_result *result,
+ const struct cpu_user_regs *regs)
{
uint64_t status = binfo->mib->mc_status;
enum intel_mce_type type;
@@ -396,7 +393,7 @@ static const struct mca_error_handler intel_mce_uhandlers[]
= {
* 3) ser_support = 1, SRAO, UC = 1, S = 1, AR = 0, [EN = 1]
*/
-static bool intel_need_clearbank_scan(enum mca_source who, u64 status)
+static bool cf_check intel_need_clearbank_scan(enum mca_source who, u64 status)
{
if ( who == MCA_CMCI_HANDLER )
{
@@ -453,7 +450,7 @@ static bool intel_need_clearbank_scan(enum mca_source who,
u64 status)
* 4) SRAO ser_support = 1, PCC = 0, S = 1, AR = 0, EN = 1 [UC = 1]
* 5) UCNA ser_support = 1, OVER = 0, EN = 1, PCC = 0, S = 0, AR = 0, [UC = 1]
*/
-static bool intel_recoverable_scan(uint64_t status)
+static bool cf_check intel_recoverable_scan(uint64_t status)
{
if ( !(status & MCi_STATUS_UC ) )
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |