Xen project Mailing List

[xen master] x86/apei: CFI hardening

Date: Thu, 24 Feb 2022 08:52:28 +0000

Delivery-date: Thu, 24 Feb 2022 08:52:29 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit c028bde9a6960b440e537dbde2c0327fce7f4955 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Fri Oct 29 19:37:20 2021 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/apei: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/drivers/acpi/apei/apei-base.c | 32 ++++++++++---------- xen/drivers/acpi/apei/apei-internal.h | 20 ++++++------ xen/drivers/acpi/apei/erst.c | 57 +++++++++++++++++------------------ 3 files changed, 54 insertions(+), 55 deletions(-) diff --git a/xen/drivers/acpi/apei/apei-base.c b/xen/drivers/acpi/apei/apei-base.c index 6f81e7fa36..de75c1cef9 100644 --- a/xen/drivers/acpi/apei/apei-base.c +++ b/xen/drivers/acpi/apei/apei-base.c @@ -80,8 +80,8 @@ int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val) return 0; } -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val = 0; @@ -94,8 +94,8 @@ int apei_exec_read_register(struct apei_exec_context *ctx, return 0; } -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -126,14 +126,14 @@ int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val) return rc; } -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->value); } -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; @@ -143,8 +143,8 @@ int apei_exec_write_register_value(struct apei_exec_context *ctx, return rc; } -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return 0; } @@ -230,9 +230,9 @@ static int __init apei_exec_for_each_entry(struct apei_exec_context *ctx, return 0; } -static int __init pre_map_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check pre_map_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; @@ -259,9 +259,9 @@ int __init apei_exec_pre_map_gars(struct apei_exec_context *ctx) return rc; } -static int __init post_unmap_gar_callback(struct apei_exec_context *ctx, - struct acpi_whea_header *entry, - void *data) +static int __init cf_check post_unmap_gar_callback( + struct apei_exec_context *ctx, struct acpi_whea_header *entry, + void *data) { u8 ins = entry->instruction; diff --git a/xen/drivers/acpi/apei/apei-internal.h b/xen/drivers/acpi/apei/apei-internal.h index b813d55b92..360e94b9c8 100644 --- a/xen/drivers/acpi/apei/apei-internal.h +++ b/xen/drivers/acpi/apei/apei-internal.h @@ -68,16 +68,16 @@ static inline int apei_exec_run_optional(struct apei_exec_context *ctx, u8 actio int __apei_exec_read_register(struct acpi_whea_header *entry, u64 *val); int __apei_exec_write_register(struct acpi_whea_header *entry, u64 val); -int apei_exec_read_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_read_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_write_register_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); -int apei_exec_noop(struct apei_exec_context *ctx, - struct acpi_whea_header *entry); +int cf_check apei_exec_read_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_read_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_write_register_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); +int cf_check apei_exec_noop( + struct apei_exec_context *ctx, struct acpi_whea_header *entry); int apei_exec_pre_map_gars(struct apei_exec_context *ctx); int apei_exec_post_unmap_gars(struct apei_exec_context *ctx); diff --git a/xen/drivers/acpi/apei/erst.c b/xen/drivers/acpi/apei/erst.c index c5df512b98..40d8f00270 100644 --- a/xen/drivers/acpi/apei/erst.c +++ b/xen/drivers/acpi/apei/erst.c @@ -114,40 +114,40 @@ static int erst_timedout(u64 *t, u64 spin_unit) return 0; } -static int erst_exec_load_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var1); } -static int erst_exec_load_var2(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_load_var2( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->var2); } -static int erst_exec_store_var1(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_store_var1( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_write_register(entry, ctx->var1); } -static int erst_exec_add(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 += ctx->var2; return 0; } -static int erst_exec_subtract(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->var1 -= ctx->var2; return 0; } -static int erst_exec_add_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_add_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -160,8 +160,8 @@ static int erst_exec_add_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_subtract_value(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_subtract_value( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -174,8 +174,8 @@ static int erst_exec_subtract_value(struct apei_exec_context *ctx, return rc; } -static int erst_exec_stall(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { udelay((ctx->var1 > FIRMWARE_MAX_STALL) ? FIRMWARE_MAX_STALL : @@ -183,8 +183,8 @@ static int erst_exec_stall(struct apei_exec_context *ctx, return 0; } -static int erst_exec_stall_while_true(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_stall_while_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -205,9 +205,8 @@ static int erst_exec_stall_while_true(struct apei_exec_context *ctx, return 0; } -static int erst_exec_skip_next_instruction_if_true( - struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_skip_next_instruction_if_true( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 val; @@ -223,27 +222,27 @@ static int erst_exec_skip_next_instruction_if_true( return 0; } -static int erst_exec_goto(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_goto( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { ctx->ip = ctx->value; return APEI_EXEC_SET_IP; } -static int erst_exec_set_src_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_src_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->src_base); } -static int erst_exec_set_dst_address_base(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_set_dst_address_base( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { return __apei_exec_read_register(entry, &ctx->dst_base); } -static int erst_exec_move_data(struct apei_exec_context *ctx, - struct acpi_whea_header *entry) +static int cf_check erst_exec_move_data( + struct apei_exec_context *ctx, struct acpi_whea_header *entry) { int rc; u64 offset; -- generated by git-patchbot for /home/xen/git/xen.git#master

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.