From patchwork Mon Feb 14 12:50:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 12745593 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6FC22C433F5 for ; Mon, 14 Feb 2022 13:17:05 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.271950.466720 (Exim 4.92) (envelope-from ) id 1nJbDq-0004pp-Ff; Mon, 14 Feb 2022 13:16:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 271950.466720; Mon, 14 Feb 2022 13:16:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJbDq-0004pc-Bl; Mon, 14 Feb 2022 13:16:54 +0000 Received: by outflank-mailman (input) for mailman id 271950; Mon, 14 Feb 2022 13:16:52 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nJb4S-0008IH-L9 for xen-devel@lists.xenproject.org; Mon, 14 Feb 2022 13:07:12 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 0480d88e-8d97-11ec-8eb8-a37418f5ba1a; Mon, 14 Feb 2022 14:07:11 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0480d88e-8d97-11ec-8eb8-a37418f5ba1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1644844031; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=yEfJ1NphsqCcqUw8wV8ep+8qNFa6scIfTulHuJmrWCU=; b=BV6MgJgt1uxW3nHKsjmv5L56zukR6CjPzyP3m/uzCMfGqK34518N9EOq enD6Ny7puxpeXV+zGR33pjvqHFOMlR9R6krevpLCiDzVZrvJnQ6f8G65a zJIcDMwuQWlL/Z+vhSdPrYcgVe4f5VL+ELIJ3aUikIZuZck4fdaEr9fbU Q=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: eeE3LFTm9b8nkfrMlUyy4uZFO/R4lMxjDAfHhnrjeDnBJZud3NiZXxnsPOqcWXd+ZgMjWITqva eh5HcLAqsc6HKfVABc6qlCVqqZrkhoewaXy7qmvp/23vEotR8ErY6SwanUvzTtNxiq3JmKpjqP tAUpWzutLeLxeYYiOU5ZQF1KIQS8y7c+ls8eQce7w3nxC1X3hd6SuvTDOciTpR47kZd3NhUy+D PMqqgNT6CVcL3PzN1SI9D+uaIvwzqTvb26ucvVPFoaYg2Qu7SYLutkdjqXVDzjEOMCsPlTbHE5 oHmYc33QS11WMmqwAGWUFrdD X-SBRS: 5.1 X-MesageID: 64554366 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:05oBVq4mnwcOXuE8EroTCwxRtCDAchMFZxGqfqrLsTDasY5as4F+v jcYWG/Sb62PNGD8fox/b9zloEIA7JbQz9c2SVFkpC9jHi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuV3zyIQUBUjclkfJKlYAL/En03FV8MpBsJ00o5wbZj29Iw2LBVPivW0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pGTU2FFFPqQ5E8IwKPb 72rIIdVXI/u10xF5tuNyt4Xe6CRK1LYFVDmZnF+A8BOjvXez8CbP2lS2Pc0MC9qZzu1c99Z5 M5drreIbDwQJ7Dgt8UGQkNUFRB9FPgTkFPHCSDXXc27ykTHdz3nwul0DVFwNoodkgp1KTgQr 7pCcmlLN03dwbLtqF64YrAEasALBc/nJo4A/FpnyinUF60OSpHfWaTao9Rf2V/cg+gQQauDO 5FHN1KDajzQUgBjF2pJLqsDt7awtCShVTsE9G+88P9fD2/7k1UqjemF3MDuUsyHQ4BZk1iVo krC/n/lGVcKOdqH0z2H/3mwwOjVkkvGtJk6TePisKQw2RvKmzJVWEZ+uUaHTeeRplWuQPlnD nct4zcCgokp5RanSOj+dkjtyJKbhSI0V91VGuw8zQiCzKvI/gqUblQ5oi59hM8O75FvG2Fzv rOdt5awXGE07uXJIZ6I3urM9VuP1T4pwXjujMPuZS8M+JHdrY46lXojpf4zQffu3rUZ9dwdq g1mTRTSZZ1O16bnNI3hpDgrZg5AQbCTEGYICv3/BD7N0++ATNfNi3aUwVba9+1cC42SU0OMu nMJ8+DHsrxSUsHdyXHVGb5XdF1M2xpiGGeC6WOD4rF7r2j9k5JdVdw4DM5CyLdBbZ9fJG6Bj L77sgJN/p5DVEZGnocsC79d//8ClPC6ffy8D6i8RoMXPvBZKV/WlAkzNBX49z28zyARfVQXZ M7znTCEVi1BV8yKDVOeGo8g7FPc7n5ilD2DHcihl3xKE9O2PRaodFvMC3PWBshR0U9OiFyFq r6z7uOGlEdSVvPQeC7S/dJBJFwGNyFjV5v3t9ZWZqiIJQ8/QDMtDPrYwLUAfY15nvsKyreUr y/lAkIImkDigXDnKBmRbiwxYr3YQpsi/2kwOjYhPAj01iF7M5qv9qoWa7A+YaIjqL541fdxQ vRcI5eAD/1DRy7p4TMYaZWh/oVueA7y3VCFPja/YSh5dJllHlSb9tjhdwrp1S8PEivo6pdu/ +z+jlvWGMNRSR5jAcDabOOU42mw5XVNyvhvW0boI8VIfBm++oZdNCGs3OQ8JNsBKEufy2LCh RqWGxoRucLEv5QxrIvSnamBooqkT7l+E05dEzWJ5Lq6L3CHrG+qwIsGW+eUZzHNEmjz/fz6N +lSyvj9NtwBnUpL7NUgQ+o6k/pm6ou9vaJewyRlAG7PPgaiBb5XK3Wb2dVC6/9WzbhDtArqA k+C97G241lS1B8JxLLJGDcYUw== IronPort-HdrOrdr: A9a23:oCqK1qB25taa2f/lHemu55DYdb4zR+YMi2TC1yhKJyC9E/bo7v xG88566faZslossTQb6LW90cq7MBXhHPxOkOos1N6ZNWGM0gaVxcNZnO/fKlXbakrDH4VmtJ uIHZIQNDSJNykZsfrH X-IronPort-AV: E=Sophos;i="5.88,367,1635220800"; d="scan'208";a="64554366" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper Subject: [PATCH v2 22/70] xen/hypfs: CFI hardening Date: Mon, 14 Feb 2022 12:50:39 +0000 Message-ID: <20220214125127.17985-23-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20220214125127.17985-1-andrew.cooper3@citrix.com> References: <20220214125127.17985-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Control Flow Integrity schemes use toolchain and optionally hardware support to help protect against call/jump/return oriented programming attacks. Use cf_check to annotate function pointer targets for the toolchain. Signed-off-by: Andrew Cooper Acked-by: Juergen Gross --- xen/common/hypfs.c | 57 +++++++++++++++++++++++----------------------- xen/common/sched/cpupool.c | 25 ++++++++++---------- xen/include/xen/hypfs.h | 49 +++++++++++++++++++-------------------- 3 files changed, 65 insertions(+), 66 deletions(-) diff --git a/xen/common/hypfs.c b/xen/common/hypfs.c index 1526bcc52810..0d22396f5dd7 100644 --- a/xen/common/hypfs.c +++ b/xen/common/hypfs.c @@ -113,12 +113,13 @@ static void hypfs_unlock(void) } } -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry) +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry) { return entry; } -void hypfs_node_exit(const struct hypfs_entry *entry) +void cf_check hypfs_node_exit(const struct hypfs_entry *entry) { } @@ -289,16 +290,14 @@ static int hypfs_get_path_user(char *buf, return 0; } -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { return ERR_PTR(-ENOTDIR); } -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len) +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { struct hypfs_entry *entry; @@ -360,7 +359,7 @@ static struct hypfs_entry *hypfs_get_entry(const char *path) return hypfs_get_entry_rel(&hypfs_root, path + 1); } -unsigned int hypfs_getsize(const struct hypfs_entry *entry) +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry) { return entry->size; } @@ -396,7 +395,7 @@ int hypfs_read_dyndir_id_entry(const struct hypfs_entry_dir *template, return 0; } -static const struct hypfs_entry *hypfs_dyndir_enter( +static const struct hypfs_entry *cf_check hypfs_dyndir_enter( const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; @@ -407,7 +406,7 @@ static const struct hypfs_entry *hypfs_dyndir_enter( return data->template->e.funcs->enter(&data->template->e); } -static struct hypfs_entry *hypfs_dyndir_findentry( +static struct hypfs_entry *cf_check hypfs_dyndir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { const struct hypfs_dyndir_id *data; @@ -418,8 +417,8 @@ static struct hypfs_entry *hypfs_dyndir_findentry( return data->template->e.funcs->findentry(data->template, name, name_len); } -static int hypfs_read_dyndir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check hypfs_read_dyndir( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; @@ -463,8 +462,8 @@ unsigned int hypfs_dynid_entry_size(const struct hypfs_entry *template, return DIRENTRY_SIZE(snprintf(NULL, 0, template->name, id)); } -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_dir *d; const struct hypfs_entry *e; @@ -510,8 +509,8 @@ int hypfs_read_dir(const struct hypfs_entry *entry, return 0; } -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +int cf_check hypfs_read_leaf( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_entry_leaf *l; unsigned int size = entry->funcs->getsize(entry); @@ -555,9 +554,9 @@ static int hypfs_read(const struct hypfs_entry *entry, return ret; } -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_leaf( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { char *buf; int ret; @@ -596,9 +595,9 @@ int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_bool( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { bool buf; @@ -618,9 +617,9 @@ int hypfs_write_bool(struct hypfs_entry_leaf *leaf, return 0; } -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_custom( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { struct param_hypfs *p; char *buf; @@ -653,9 +652,9 @@ int hypfs_write_custom(struct hypfs_entry_leaf *leaf, return ret; } -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +int cf_check hypfs_write_deny( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { return -EACCES; } diff --git a/xen/common/sched/cpupool.c b/xen/common/sched/cpupool.c index b9d4babd0d8a..07f984a659cd 100644 --- a/xen/common/sched/cpupool.c +++ b/xen/common/sched/cpupool.c @@ -1026,8 +1026,8 @@ static struct notifier_block cpu_nfb = { static HYPFS_DIR_INIT(cpupool_pooldir, "%u"); -static int cpupool_dir_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_dir_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { int ret = 0; struct cpupool *c; @@ -1050,7 +1050,8 @@ static int cpupool_dir_read(const struct hypfs_entry *entry, return ret; } -static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check cpupool_dir_getsize( + const struct hypfs_entry *entry) { const struct cpupool *c; unsigned int size = 0; @@ -1061,7 +1062,7 @@ static unsigned int cpupool_dir_getsize(const struct hypfs_entry *entry) return size; } -static const struct hypfs_entry *cpupool_dir_enter( +static const struct hypfs_entry *cf_check cpupool_dir_enter( const struct hypfs_entry *entry) { struct hypfs_dyndir_id *data; @@ -1076,14 +1077,14 @@ static const struct hypfs_entry *cpupool_dir_enter( return entry; } -static void cpupool_dir_exit(const struct hypfs_entry *entry) +static void cf_check cpupool_dir_exit(const struct hypfs_entry *entry) { spin_unlock(&cpupool_lock); hypfs_free_dyndata(); } -static struct hypfs_entry *cpupool_dir_findentry( +static struct hypfs_entry *cf_check cpupool_dir_findentry( const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len) { unsigned long id; @@ -1102,8 +1103,8 @@ static struct hypfs_entry *cpupool_dir_findentry( return hypfs_gen_dyndir_id_entry(&cpupool_pooldir, id, cpupool); } -static int cpupool_gran_read(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr) +static int cf_check cpupool_gran_read( + const struct hypfs_entry *entry, XEN_GUEST_HANDLE_PARAM(void) uaddr) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1121,7 +1122,7 @@ static int cpupool_gran_read(const struct hypfs_entry *entry, return copy_to_guest(uaddr, gran, strlen(gran) + 1) ? -EFAULT : 0; } -static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) +static unsigned int cf_check hypfs_gran_getsize(const struct hypfs_entry *entry) { const struct hypfs_dyndir_id *data; const struct cpupool *cpupool; @@ -1136,9 +1137,9 @@ static unsigned int hypfs_gran_getsize(const struct hypfs_entry *entry) return strlen(gran) + 1; } -static int cpupool_gran_write(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen) +static int cf_check cpupool_gran_write( + struct hypfs_entry_leaf *leaf, XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen) { const struct hypfs_dyndir_id *data; struct cpupool *cpupool; diff --git a/xen/include/xen/hypfs.h b/xen/include/xen/hypfs.h index e9d4c2555bd7..1b65a9188c6c 100644 --- a/xen/include/xen/hypfs.h +++ b/xen/include/xen/hypfs.h @@ -168,31 +168,30 @@ void hypfs_add_dyndir(struct hypfs_entry_dir *parent, struct hypfs_entry_dir *template); int hypfs_add_leaf(struct hypfs_entry_dir *parent, struct hypfs_entry_leaf *leaf, bool nofault); -const struct hypfs_entry *hypfs_node_enter(const struct hypfs_entry *entry); -void hypfs_node_exit(const struct hypfs_entry *entry); -int hypfs_read_dir(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_read_leaf(const struct hypfs_entry *entry, - XEN_GUEST_HANDLE_PARAM(void) uaddr); -int hypfs_write_deny(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_leaf(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_bool(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -int hypfs_write_custom(struct hypfs_entry_leaf *leaf, - XEN_GUEST_HANDLE_PARAM(const_void) uaddr, - unsigned int ulen); -unsigned int hypfs_getsize(const struct hypfs_entry *entry); -struct hypfs_entry *hypfs_leaf_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); -struct hypfs_entry *hypfs_dir_findentry(const struct hypfs_entry_dir *dir, - const char *name, - unsigned int name_len); +const struct hypfs_entry *cf_check hypfs_node_enter( + const struct hypfs_entry *entry); +void cf_check hypfs_node_exit(const struct hypfs_entry *entry); +int cf_check hypfs_read_dir(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_read_leaf(const struct hypfs_entry *entry, + XEN_GUEST_HANDLE_PARAM(void) uaddr); +int cf_check hypfs_write_deny(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_leaf(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_bool(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +int cf_check hypfs_write_custom(struct hypfs_entry_leaf *leaf, + XEN_GUEST_HANDLE_PARAM(const_void) uaddr, + unsigned int ulen); +unsigned int cf_check hypfs_getsize(const struct hypfs_entry *entry); +struct hypfs_entry *cf_check hypfs_leaf_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); +struct hypfs_entry *cf_check hypfs_dir_findentry( + const struct hypfs_entry_dir *dir, const char *name, unsigned int name_len); void *hypfs_alloc_dyndata(unsigned long size); #define hypfs_alloc_dyndata(type) ((type *)hypfs_alloc_dyndata(sizeof(type))) void *hypfs_get_dyndata(void);