[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/misc: CFI hardening
commit 07d6c4fa3e329a91767d0230f21da53a4ec84a95 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Thu Oct 28 12:31:20 2021 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Wed Feb 23 15:33:43 2022 +0000 x86/misc: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/extable.c | 4 ++-- xen/common/efi/boot.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/extable.c b/xen/arch/x86/extable.c index 51ef863d78..4d1875585f 100644 --- a/xen/arch/x86/extable.c +++ b/xen/arch/x86/extable.c @@ -23,7 +23,7 @@ static inline unsigned long ex_cont(const struct exception_table_entry *x) return EX_FIELD(x, cont); } -static int init_or_livepatch cmp_ex(const void *a, const void *b) +static int init_or_livepatch cf_check cmp_ex(const void *a, const void *b) { const struct exception_table_entry *l = a, *r = b; unsigned long lip = ex_addr(l); @@ -37,7 +37,7 @@ static int init_or_livepatch cmp_ex(const void *a, const void *b) return 0; } -static void init_or_livepatch swap_ex(void *a, void *b, size_t size) +static void init_or_livepatch cf_check swap_ex(void *a, void *b, size_t size) { struct exception_table_entry *l = a, *r = b, tmp; long delta = b - a; diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index f31f68fd4c..4dd5ea6a06 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -1497,7 +1497,7 @@ static __init void copy_mapping(unsigned long mfn, unsigned long end, unmap_domain_page(l3dst); } -static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check ram_range_valid(unsigned long smfn, unsigned long emfn) { unsigned long sz = pfn_to_pdx(emfn - 1) / PDX_GROUP_COUNT + 1; @@ -1506,7 +1506,7 @@ static bool __init ram_range_valid(unsigned long smfn, unsigned long emfn) pfn_to_pdx(smfn) / PDX_GROUP_COUNT) < sz; } -static bool __init rt_range_valid(unsigned long smfn, unsigned long emfn) +static bool __init cf_check rt_range_valid(unsigned long smfn, unsigned long emfn) { return true; } -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |