Xen project Mailing List

[PATCH v2 22/70] xen/hypfs: CFI hardening

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 14 Feb 2022 12:50:39 +0000

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Mon, 14 Feb 2022 13:16:54 +0000

Ironport-data: A9a23:05oBVq4mnwcOXuE8EroTCwxRtCDAchMFZxGqfqrLsTDasY5as4F+v jcYWG/Sb62PNGD8fox/b9zloEIA7JbQz9c2SVFkpC9jHi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FV8MpBsJ00o5wbZj29Iw2LBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z5 M5drreIbDwQJ7Dgt8UGQkNUFRB9FPgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQQauDO 5FHN1KDajzQUgBjF2pJLqsDt7awtCShVTsE9G+88P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvGtJk6TePisKQw2RvKmzJVWEZ+uUaHTeeRplWuQPlnD nct4zcCgokp5RanSOj+dkjtyJKbhSI0V91VGuw8zQiCzKvI/gqUblQ5oi59hM8O75FvG2Fzv rOdt5awXGE07uXJIZ6I3urM9VuP1T4pwXjujMPuZS8M+JHdrY46lXojpf4zQffu3rUZ9dwdq g1mTRTSZZ1O16bnNI3hpDgrZg5AQbCTEGYICv3/BD7N0++ATNfNi3aUwVba9+1cC42SU0OMu nMJ8+DHsrxSUsHdyXHVGb5XdF1M2xpiGGeC6WOD4rF7r2j9k5JdVdw4DM5CyLdBbZ9fJG6Bj L77sgJN/p5DVEZGnocsC79d//8ClPC6ffy8D6i8RoMXPvBZKV/WlAkzNBX49z28zyARfVQXZ M7znTCEVi1BV8yKDVOeGo8g7FPc7n5ilD2DHcihl3xKE9O2PRaodFvMC3PWBshR0U9OiFyFq r6z7uOGlEdSVvPQeC7S/dJBJFwGNyFjV5v3t9ZWZqiIJQ8/QDMtDPrYwLUAfY15nvsKyreUr y/lAkIImkDigXDnKBmRbiwxYr3YQpsi/2kwOjYhPAj01iF7M5qv9qoWa7A+YaIjqL541fdxQ vRcI5eAD/1DRy7p4TMYaZWh/oVueA7y3VCFPja/YSh5dJllHlSb9tjhdwrp1S8PEivo6pdu/ +z+jlvWGMNRSR5jAcDabOOU42mw5XVNyvhvW0boI8VIfBm++oZdNCGs3OQ8JNsBKEufy2LCh RqWGxoRucLEv5QxrIvSnamBooqkT7l+E05dEzWJ5Lq6L3CHrG+qwIsGW+eUZzHNEmjz/fz6N +lSyvj9NtwBnUpL7NUgQ+o6k/pm6ou9vaJewyRlAG7PPgaiBb5XK3Wb2dVC6/9WzbhDtArqA k+C97G241lS1B8JxLLJGDcYUw==

Ironport-hdrordr: A9a23:oCqK1qB25taa2f/lHemu55DYdb4zR+YMi2TC1yhKJyC9E/bo7v xG88566faZslossTQb6LW90cq7MBXhHPxOkOos1N6ZNWGM0gaVxcNZnO/fKlXbakrDH4VmtJ uIHZIQNDSJNykZsfrH

Ironport-sdr: eeE3LFTm9b8nkfrMlUyy4uZFO/R4lMxjDAfHhnrjeDnBJZud3NiZXxnsPOqcWXd+ZgMjWITqva eh5HcLAqsc6HKfVABc6qlCVqqZrkhoewaXy7qmvp/23vEotR8ErY6SwanUvzTtNxiq3JmKpjqP tAUpWzutLeLxeYYiOU5ZQF1KIQS8y7c+ls8eQce7w3nxC1X3hd6SuvTDOciTpR47kZd3NhUy+D PMqqgNT6CVcL3PzN1SI9D+uaIvwzqTvb26ucvVPFoaYg2Qu7SYLutkdjqXVDzjEOMCsPlTbHE5 oHmYc33QS11WMmqwAGWUFrdD

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Juergen Gross <jgross@xxxxxxxx> --- xen/common/hypfs.c | 57 +++++++++++++++++++++++----------------------- xen/common/sched/cpupool.c | 25 ++++++++++---------- xen/include/xen/hypfs.h | 49 +++++++++++++++++++-------------------- 3 files changed, 65 insertions(+), 66 deletions(-) diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 1526bcc52810..0d22396f5dd7 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -113,12 +113,13 @@ static void hypfs_unlock(void) } } -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry) +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry) { return entry; } -void hypfs_node_exit(const struct hypfs_entry *entry) +void cf_check hypfs_node_exit(const struct hypfs_entry *entry) { } @@ -289,16 +290,14 @@ static int hypfs_get_path_user(char *buf, return 0; } -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { return ERR_PTR(-ENOTDIR); } -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { struct hypfs_entry *entry; @@ -360,7 +359,7 @@ static struct hypfs_entry *hypfs_get_entry(const char *path) return hypfs_get_entry_rel(&hypfs_root, path + 1); } -unsigned int hypfs_getsize(const struct hypfs_entry *entry) +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry) { return entry->size; } @@ -396,7 +395,7 @@ int hypfs_read_dyndir_id_entry(const struct hypfs_entry_dir *template, return 0; } -static const struct hypfs_entry *hypfs_dyndir_enter( +static const struct hypfs_entry *cf_check hypfs_dyndir_enter( const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; @@ -407,7 +406,7 @@ static const struct hypfs_entry *hypfs_dyndir_enter( return data->template->e.funcs->enter(&data->template->e); } -static struct hypfs_entry *hypfs_dyndir_findentry( +static struct hypfs_entry *cf_check hypfs_dyndir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { const struct hypfs_dyndir_id *data; @@ -418,8 +417,8 @@ static struct hypfs_entry *hypfs_dyndir_findentry( return data->template->e.funcs->findentry(data->template, name, name_len); } -static int hypfs_read_dyndir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check hypfs_read_dyndir( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; @@ -463,8 +462,8 @@ unsigned int hypfs_dynid_entry_size(const struct hypfs_entry *template, return DIRENTRY_SIZE(snprintf(NULL, 0, template->name, id)); } -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_dir *d; const struct hypfs_entry *e; @@ -510,8 +509,8 @@ int hypfs_read_dir(const struct hypfs_entry *entry, return 0; } -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_leaf( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_leaf *l; unsigned int size = entry->funcs->getsize(entry); @@ -555,9 +554,9 @@ static int hypfs_read(const struct hypfs_entry *entry, return ret; } -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_leaf( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { char *buf; int ret; @@ -596,9 +595,9 @@ int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_bool( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { bool buf; @@ -618,9 +617,9 @@ int hypfs_write_bool(struct hypfs_entry_leaf *leaf, return 0; } -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_custom( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { struct param_hypfs *p; char *buf; @@ -653,9 +652,9 @@ int hypfs_write_custom(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_deny( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { return -EACCES; } diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index b9d4babd0d8a..07f984a659cd 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1026,8 +1026,8 @@ static struct notifier_block cpu_nfb = { static HYPFS_DIR_INIT(cpupool_pooldir, "%u"); -static int cpupool_dir_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_dir_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { int ret = 0; struct cpupool *c; @@ -1050,7 +1050,8 @@ static int cpupool_dir_read(const struct hypfs_entry *entry, return ret; } -static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check cpupool_dir_getsize( + const struct hypfs_entry *entry) { const struct cpupool *c; unsigned int size = 0; @@ -1061,7 +1062,7 @@ static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) return size; } -static const struct hypfs_entry *cpupool_dir_enter( +static const struct hypfs_entry *cf_check cpupool_dir_enter( const struct hypfs_entry *entry) { struct hypfs_dyndir_id *data; @@ -1076,14 +1077,14 @@ static const struct hypfs_entry *cpupool_dir_enter( return entry; } -static void cpupool_dir_exit(const struct hypfs_entry *entry) +static void cf_check cpupool_dir_exit(const struct hypfs_entry *entry) { spin_unlock(&cpupool_lock); hypfs_free_dyndata(); } -static struct hypfs_entry *cpupool_dir_findentry( +static struct hypfs_entry *cf_check cpupool_dir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { unsigned long id; @@ -1102,8 +1103,8 @@ static struct hypfs_entry *cpupool_dir_findentry( return hypfs_gen_dyndir_id_entry(&cpupool_pooldir, id, cpupool); } -static int cpupool_gran_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_gran_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1121,7 +1122,7 @@ static int cpupool_gran_read(const struct hypfs_entry *entry, return copy_to_guest(uaddr, gran, strlen(gran) + 1) ? -EFAULT : 0; } -static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check hypfs_gran_getsize(const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1136,9 +1137,9 @@ static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) return strlen(gran) + 1; } -static int cpupool_gran_write(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +static int cf_check cpupool_gran_write( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { const struct hypfs_dyndir_id *data; struct cpupool *cpupool; diff --git a/xen/include/xen/hypfs.h b/xen/include/xen/hypfs.h index e9d4c2555bd7..1b65a9188c6c 100644 --- a/xen/include/xen/hypfs.h +++ b/xen/include/xen/hypfs.h @@ -168,31 +168,30 @@ void hypfs_add_dyndir(struct hypfs_entry_dir *parent, struct hypfs_entry_dir *template); int hypfs_add_leaf(struct hypfs_entry_dir *parent, struct hypfs_entry_leaf *leaf, bool nofault); -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry); -void hypfs_node_exit(const struct hypfs_entry *entry); -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -unsigned int hypfs_getsize(const struct hypfs_entry *entry); -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry); +void cf_check hypfs_node_exit(const struct hypfs_entry *entry); +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_read_leaf(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_write_deny(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_leaf(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_bool(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_custom(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry); +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); void *hypfs_alloc_dyndata(unsigned long size); #define hypfs_alloc_dyndata(type) ((type *)hypfs_alloc_dyndata(sizeof(type))) void *hypfs_get_dyndata(void); -- 2.11.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.