xen: CFI hardening for open_softirq()

author Andrew Cooper <andrew.cooper3@citrix.com>

Fri, 29 Oct 2021 09:58:21 +0000 (10:58 +0100)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
author Andrew Cooper <andrew.cooper3@citrix.com>
Fri, 29 Oct 2021 09:58:21 +0000 (10:58 +0100)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
diff --git a/xen/arch/x86/cpu/mcheck/mce.c b/xen/arch/x86/cpu/mcheck/mce.c

index 43f6c8471a904af8bbbcf8f696aed68ba5338d56..3467e0f1a3152b3059e744e946ce989e5f1a1c76 100644 (file)
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
@@ -1837,7 +1837,7 @@ static int mce_delayed_action(mctelem_cookie_t mctc)
  }
  
  /* Softirq Handler for this MCE# processing */
-static void mce_softirq(void)
+static void cf_check mce_softirq(void)
  {
      static DEFINE_MCE_BARRIER(mce_inside_bar);
      static DEFINE_MCE_BARRIER(mce_severity_bar);
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c

index 36748f67daefcb55295f219e0a0b1e6f2e550b8a..ec0b631f7cdd23937596edd5c0d363f64d8d3beb 100644 (file)
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -2524,7 +2524,7 @@ void vcpu_mark_events_pending(struct vcpu *v)
          vcpu_kick(v);
  }
  
-static void vcpu_kick_softirq(void)
+static void cf_check vcpu_kick_softirq(void)
  {
      /*
       * Nothing to do here: we merely prevent notifiers from racing with checks
diff --git a/xen/arch/x86/include/asm/flushtlb.h b/xen/arch/x86/include/asm/flushtlb.h

index 0be2273387edda0385f4d4edc5e2d87265da371a..18777f1d4c003c3807774e6f38f815962127bf44 100644 (file)
--- a/xen/arch/x86/include/asm/flushtlb.h
+++ b/xen/arch/x86/include/asm/flushtlb.h
@@ -87,7 +87,7 @@ static inline void tlbflush_filter(cpumask_t *mask, uint32_t page_timestamp)
              __cpumask_clear_cpu(cpu, mask);
  }
  
-void new_tlbflush_clock_period(void);
+void cf_check new_tlbflush_clock_period(void);
  
  /* Read pagetable base. */
  static inline unsigned long read_cr3(void)
diff --git a/xen/arch/x86/pv/traps.c b/xen/arch/x86/pv/traps.c

index 170e1030982b938514d3f1a7092cf3993580d0ac..97fe54b5ee5a6a95daa6146314f0d3fa482118b8 100644 (file)
--- a/xen/arch/x86/pv/traps.c
+++ b/xen/arch/x86/pv/traps.c
@@ -130,7 +130,7 @@ bool set_guest_nmi_trapbounce(void)
  
  static DEFINE_PER_CPU(struct vcpu *, softirq_nmi_vcpu);
  
-static void nmi_softirq(void)
+static void cf_check nmi_softirq(void)
  {
      struct vcpu **v_ptr = &this_cpu(softirq_nmi_vcpu);
  
diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c

index f6fd7f95df58e49a980314206b24f497ffba66f3..b9a696f61963f4b11d40f36b70dd04a718cb8f8e 100644 (file)
--- a/xen/arch/x86/smp.c
+++ b/xen/arch/x86/smp.c
@@ -290,7 +290,7 @@ void flush_area_mask(const cpumask_t *mask, const void *va, unsigned int flags)
  }
  
  /* Call with no locks held and interrupts enabled (e.g., softirq context). */
-void new_tlbflush_clock_period(void)
+void cf_check new_tlbflush_clock_period(void)
  {
      cpumask_t allbutself;
  
diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c

index a78f350b23b234453045ab540826ce034caad3bd..32111358a71b760f80dba58c5f09f54e13563e8e 100644 (file)
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -1454,7 +1454,7 @@ int cpu_frequency_change(u64 freq)
  static DEFINE_PER_CPU(struct cpu_time_stamp, cpu_calibration);
  
  /* Softirq handler for per-CPU time calibration. */
-static void local_time_calibration(void)
+static void cf_check local_time_calibration(void)
  {
      struct cpu_time *t = &this_cpu(cpu_time);
      const struct cpu_time_stamp *c = &this_cpu(cpu_calibration);
diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c

index 423d6b1d6d023e132a2dc801ef94d6cb7fee9580..212a99acd8c8d4c2649b3bcc56bb163f87ba7b8b 100644 (file)
--- a/xen/common/rcupdate.c
+++ b/xen/common/rcupdate.c
@@ -466,7 +466,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp,
          rcu_do_batch(rdp);
  }
  
-static void rcu_process_callbacks(void)
+static void cf_check rcu_process_callbacks(void)
  {
      struct rcu_data *rdp = &this_cpu(rcu_data);
  
diff --git a/xen/common/sched/core.c b/xen/common/sched/core.c

index aaa7ef2a6f4e43f1f13921dd9c3532616eabefb9..4e60500c7cd73ca2026f00c009fa0a319c790eda 100644 (file)
--- a/xen/common/sched/core.c
+++ b/xen/common/sched/core.c
@@ -2568,7 +2568,7 @@ static struct sched_unit *sched_wait_rendezvous_in(struct sched_unit *prev,
      return prev->next_task;
  }
  
-static void sched_slave(void)
+static void cf_check sched_slave(void)
  {
      struct vcpu          *v, *vprev = current;
      struct sched_unit    *prev = vprev->sched_unit, *next;
@@ -2632,7 +2632,7 @@ static void sched_slave(void)
   * - deschedule the current domain (scheduler independent).
   * - pick a new domain (scheduler dependent).
   */
-static void schedule(void)
+static void cf_check schedule(void)
  {
      struct vcpu          *vnext, *vprev = current;
      struct sched_unit    *prev = vprev->sched_unit, *next = NULL;
@@ -2928,7 +2928,7 @@ const cpumask_t *sched_get_opt_cpumask(enum sched_gran opt, unsigned int cpu)
      return mask;
  }
  
-static void schedule_dummy(void)
+static void cf_check schedule_dummy(void)
  {
      sched_tasklet_check_cpu(smp_processor_id());
  }
diff --git a/xen/common/tasklet.c b/xen/common/tasklet.c

index 1b16bbcdeb0b6dfdebd3a967aa2d41b277e99677..3ad67b5c2493bb181e94c96b0b44b4fb5f695ee0 100644 (file)
--- a/xen/common/tasklet.c
+++ b/xen/common/tasklet.c
@@ -135,7 +135,7 @@ void do_tasklet(void)
  }
  
  /* Softirq context work */
-static void tasklet_softirq_action(void)
+static void cf_check tasklet_softirq_action(void)
  {
      unsigned int cpu = smp_processor_id();
      struct list_head *list = &per_cpu(softirq_tasklet_list, cpu);
diff --git a/xen/common/timer.c b/xen/common/timer.c

index b788050ea1d84d55e0cb08ad9e576fd05a9a069a..700f191a70b44cb9a920517aa2e35eb74deb1ee9 100644 (file)
--- a/xen/common/timer.c
+++ b/xen/common/timer.c
@@ -450,7 +450,7 @@ static void execute_timer(struct timers *ts, struct timer *t)
  }
  
  
-static void timer_softirq_action(void)
+static void cf_check timer_softirq_action(void)
  {
      struct timer  *t, **heap, *next;
      struct timers *ts;
diff --git a/xen/drivers/passthrough/x86/hvm.c b/xen/drivers/passthrough/x86/hvm.c

index 527bd6a56d839e8a85a1036dda174d3bbd97b223..0e3c0f6aeed3a7f747eab2f0044feed1fb3934d4 100644 (file)
--- a/xen/drivers/passthrough/x86/hvm.c
+++ b/xen/drivers/passthrough/x86/hvm.c
@@ -1003,7 +1003,7 @@ int arch_pci_clean_pirqs(struct domain *d)
   * Note: 'pt_pirq_softirq_reset' can clear the STATE_SCHED before we get to
   * doing it. If that is the case we let 'pt_pirq_softirq_reset' do ref-counting.
   */
-static void dpci_softirq(void)
+static void cf_check dpci_softirq(void)
  {
      unsigned int cpu = smp_processor_id();
      LIST_HEAD(our_list);
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 29 Oct 2021 09:58:21 +0000 (10:58 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
xen/arch/x86/cpu/mcheck/mce.c		patch \| blob \| blame \| history
xen/arch/x86/domain.c		patch \| blob \| blame \| history
xen/arch/x86/include/asm/flushtlb.h		patch \| blob \| blame \| history
xen/arch/x86/pv/traps.c		patch \| blob \| blame \| history
xen/arch/x86/smp.c		patch \| blob \| blame \| history
xen/arch/x86/time.c		patch \| blob \| blame \| history
xen/common/rcupdate.c		patch \| blob \| blame \| history
xen/common/sched/core.c		patch \| blob \| blame \| history
xen/common/tasklet.c		patch \| blob \| blame \| history
xen/common/timer.c		patch \| blob \| blame \| history
xen/drivers/passthrough/x86/hvm.c		patch \| blob \| blame \| history