x86/ucode: CFI hardening

author Andrew Cooper <andrew.cooper3@citrix.com>

Thu, 28 Oct 2021 10:35:25 +0000 (11:35 +0100)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
author Andrew Cooper <andrew.cooper3@citrix.com>
Thu, 28 Oct 2021 10:35:25 +0000 (11:35 +0100)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c

index fe92e594f129fb222f8f95da5312893edbf1d3a5..0afa2192bf1df87331824c153feb6845309940a4 100644 (file)
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -91,7 +91,7 @@ static struct {
      uint16_t id;
  } equiv __read_mostly;
  
-static void collect_cpu_info(void)
+static void cf_check collect_cpu_info(void)
  {
      struct cpu_signature *csig = &this_cpu(cpu_sig);
  
@@ -204,7 +204,7 @@ static enum microcode_match_result compare_header(
      return compare_revisions(old->patch_id, new->patch_id);
  }
  
-static enum microcode_match_result compare_patch(
+static enum microcode_match_result cf_check compare_patch(
      const struct microcode_patch *new, const struct microcode_patch *old)
  {
      /* Both patches to compare are supposed to be applicable to local CPU. */
@@ -214,7 +214,7 @@ static enum microcode_match_result compare_patch(
      return compare_header(new, old);
  }
  
-static int apply_microcode(const struct microcode_patch *patch)
+static int cf_check apply_microcode(const struct microcode_patch *patch)
  {
      int hw_err;
      unsigned int cpu = smp_processor_id();
@@ -299,7 +299,8 @@ static int scan_equiv_cpu_table(const struct container_equiv_table *et)
      return -ESRCH;
  }
  
-static struct microcode_patch *cpu_request_microcode(const void *buf, size_t size)
+static struct microcode_patch *cf_check cpu_request_microcode(
+    const void *buf, size_t size)
  {
      const struct microcode_patch *saved = NULL;
      struct microcode_patch *patch = NULL;
diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c

index 841364208053853065a2e01d9ecdfbdeaf0cbe9e..c07f68ba350ef6f93c8d6bdfeaaa5c66d55245bb 100644 (file)
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -291,12 +291,12 @@ static int wait_for_condition(bool (*func)(unsigned int data),
      return 0;
  }
  
-static bool wait_cpu_callin(unsigned int nr)
+static bool cf_check wait_cpu_callin(unsigned int nr)
  {
      return cpumask_weight(&cpu_callin_map) >= nr;
  }
  
-static bool wait_cpu_callout(unsigned int nr)
+static bool cf_check wait_cpu_callout(unsigned int nr)
  {
      return atomic_read(&cpu_out) >= nr;
  }
diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c

index f6d01490e0abe01854c90834903a5748035d4c0f..d3864b5ab03eb8066e4f0bbfbe4b90d5c2917ba6 100644 (file)
--- a/xen/arch/x86/cpu/microcode/intel.c
+++ b/xen/arch/x86/cpu/microcode/intel.c
@@ -116,7 +116,7 @@ static bool signature_matches(const struct cpu_signature *cpu_sig,
      return cpu_sig->pf & ucode_pf;
  }
  
-static void collect_cpu_info(void)
+static void cf_check collect_cpu_info(void)
  {
      struct cpu_signature *csig = &this_cpu(cpu_sig);
      uint64_t msr_content;
@@ -271,7 +271,7 @@ static enum microcode_match_result microcode_update_match(
      return compare_revisions(cpu_sig->rev, mc->rev);
  }
  
-static enum microcode_match_result compare_patch(
+static enum microcode_match_result cf_check compare_patch(
      const struct microcode_patch *new, const struct microcode_patch *old)
  {
      /*
@@ -284,7 +284,7 @@ static enum microcode_match_result compare_patch(
      return compare_revisions(old->rev, new->rev);
  }
  
-static int apply_microcode(const struct microcode_patch *patch)
+static int cf_check apply_microcode(const struct microcode_patch *patch)
  {
      uint64_t msr_content;
      unsigned int cpu = smp_processor_id();
@@ -323,8 +323,8 @@ static int apply_microcode(const struct microcode_patch *patch)
      return 0;
  }
  
-static struct microcode_patch *cpu_request_microcode(const void *buf,
-                                                     size_t size)
+static struct microcode_patch *cf_check cpu_request_microcode(
+    const void *buf, size_t size)
  {
      int error = 0;
      const struct microcode_patch *saved = NULL;
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Thu, 28 Oct 2021 10:35:25 +0000 (11:35 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
xen/arch/x86/cpu/microcode/amd.c		patch \| blob \| blame \| history
xen/arch/x86/cpu/microcode/core.c		patch \| blob \| blame \| history
xen/arch/x86/cpu/microcode/intel.c		patch \| blob \| blame \| history