From: Andrew Cooper Date: Thu, 28 Oct 2021 12:48:54 +0000 (+0100) Subject: x86/mtrr: CFI hardening X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=142923eaaf71f6cf38053da13c6dba598aff8839;p=people%2Ftklengyel%2Fxen.git x86/mtrr: CFI hardening Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich --- diff --git a/xen/arch/x86/cpu/mtrr/generic.c b/xen/arch/x86/cpu/mtrr/generic.c index 7cf4cd01f3..47aaf76226 100644 --- a/xen/arch/x86/cpu/mtrr/generic.c +++ b/xen/arch/x86/cpu/mtrr/generic.c @@ -287,7 +287,8 @@ static void set_fixed_range(int msr, bool *changed, unsigned int *msrwords) } } -int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg) +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg) /* [SUMMARY] Get a free MTRR. The starting (base) address of the region. The size (in bytes) of the region. @@ -309,8 +310,8 @@ int generic_get_free_region(unsigned long base, unsigned long size, int replace_ return -ENOSPC; } -static void generic_get_mtrr(unsigned int reg, unsigned long *base, - unsigned long *size, mtrr_type *type) +static void cf_check generic_get_mtrr( + unsigned int reg, unsigned long *base, unsigned long *size, mtrr_type *type) { uint64_t _mask, _base; @@ -499,7 +500,7 @@ static void post_set(bool pge) spin_unlock(&set_atomicity_lock); } -static void generic_set_all(void) +static void cf_check generic_set_all(void) { unsigned long mask, count; unsigned long flags; @@ -522,8 +523,8 @@ static void generic_set_all(void) } } -static void generic_set_mtrr(unsigned int reg, unsigned long base, - unsigned long size, mtrr_type type) +static void cf_check generic_set_mtrr( + unsigned int reg, unsigned long base, unsigned long size, mtrr_type type) /* [SUMMARY] Set variable MTRR register on the local CPU. The register to set. The base address of the region. @@ -566,7 +567,8 @@ static void generic_set_mtrr(unsigned int reg, unsigned long base, local_irq_restore(flags); } -int generic_validate_add_page(unsigned long base, unsigned long size, unsigned int type) +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type) { unsigned long lbase, last; @@ -584,7 +586,7 @@ int generic_validate_add_page(unsigned long base, unsigned long size, unsigned i } -static int generic_have_wrcomb(void) +static int cf_check generic_have_wrcomb(void) { unsigned long config; rdmsrl(MSR_MTRRcap, config); diff --git a/xen/arch/x86/cpu/mtrr/mtrr.h b/xen/arch/x86/cpu/mtrr/mtrr.h index 9a406e6f61..c7fd44daab 100644 --- a/xen/arch/x86/cpu/mtrr/mtrr.h +++ b/xen/arch/x86/cpu/mtrr/mtrr.h @@ -24,10 +24,10 @@ struct mtrr_ops { int (*have_wrcomb)(void); }; -extern int generic_get_free_region(unsigned long base, unsigned long size, - int replace_reg); -extern int generic_validate_add_page(unsigned long base, unsigned long size, - unsigned int type); +int cf_check generic_get_free_region( + unsigned long base, unsigned long size, int replace_reg); +int cf_check generic_validate_add_page( + unsigned long base, unsigned long size, unsigned int type); extern const struct mtrr_ops generic_mtrr_ops;