[v2,37/70] x86/apic: CFI hardening

Message ID	20220214125127.17985-38-andrew.cooper3@citrix.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> IronPort-SDR: 6qVrT5YlGRLe+iB32YZTsQOWSU/VWq5wH2X4XuAUdRo7uhPMH01lQPSplGVDoye+u39HVFUsWj GlaznnRrjnGfI3nWFfVrpuirUGhDsQLb57yNmO3qUT6BYEXWnvvYc9O7U65Ao0fKXnfqLp/BUP AK3WxvcZg3D8XHjAHOpDqWsLvj/XBgvQ4xFABRuUe7J2/GnzVlyTrp2zkoDeDSqUrR4Y//wyX1 JBbQZ7nMLS2KhzG4ebGv2jsDT+2UUKl1cDF5qwLU2Y2sAoOoJ0fgZ2wLWZaJvmIJ7kuIxI/LWK BbsIyjiVyyc7sDxvfswrysrR IronPort-Data: A9a23:mkvNcauFnnrShkkFCzfWplKis+fnVEhZMUV32f8akzHdYApBsoF/q tZmKTrUP/+LMGbzLt4jPIm39BkCvJeEmtZrHQI/r3o2E34R+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZQP0VOZigHtIQMsadUsxKbVIiGHdJZS5LwbZj2NYy2IThWmthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ NplnpWSRF4NDIP3u8cZfD0HDHh+IqN29+qSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DFYUToHx/ixreCu4rW8vrSKTW/95Imjw3g6iiGN6AP JdIM2QxMXwsZTUUZwclEsgHu9632F/jLjxTo3/E+KAOtj27IAtZj+G2bYu9lsaxbdVYmAOUq 3zL+0z9AwoGL5qPxDyd6HWui+TT2yThV+ov+KaQr6AwxgfJnypKVUNQBQDTTeSFZlCWcNt9J hUwyAQVjos222j0UYD9QBOIryvR1vIDYOZ4H+o/4QCL76Pb5QeFG2QJJgJ8hMwaWNweHmJzi ALQ9z/9LXk26eDOFyrBnluBhW7qYUAowXk+iTjopOfvy/3qu8kNgx3GVb6P+4bl34SuSVkcL 91nxRXSZon/b+ZWjc1XHnid2lpAQ6QlqSZvuG3qspqNtF8RWWJcT9XABaLnxfhBNp2FaVKKo WIJncOThMhXU83Ry3zdHbhVRerzjxpgDNE7qQQxd6TNChz3oyLzFWyuyG0WyLhV3jYsJmayP R67VfJ5755PJnq6BZKbkKrqY/nGOZPITIy/PtiNN4ImSsEoKGevoXE/DWbNjjuFuBV9zskC1 WKzLJ/E4YAyUv88klJbho41jNcW+8zJ7T2PFM6rl0z9idJzphe9EN84DbdHVchhhIvsnekf2 4832xKix0oNXevgTDPQ9IJPf1kGIWJiXcL9qtBNd/7FKQ1jQTlzB/jUyLInWopkg6UKybuYo iDjAhdVmAjlmHnKCQSWcXQ/Ornhaoly8CAgNis2MFf2h3V6OdSz7L0SfoccdKU88LAx1uZ9S vQIIp3SAvlGRjnd1S4aaJ3x8N5reBix3FrcNCu5ejkvOZVnQlWRqNPjewLu8ggIDza26pRi8 +HxiFuDTMNaFQp4DcvQZPa+9H+LvCAQyLBoQk/FAthPY0GwooJkHDP8060sKMYWJBSdmjbDj 1SKAQ0VrPXmqpMu9IWbnriNqoqkHrcsHkdeGGWHv7+6OTODozimyI5EFu2JYSrcRCX//6D7P bdZyPT1MfsmmldWstUjT+Y3nPxmv9a/9aVHyglEHWnQawX5A7xtFXCKwM1Tu/Af3bReowa3B hqC99Qy1W9l4y85/Ir9/DYYU9k= IronPort-HdrOrdr: A9a23:Adm6qK7ZXP0F5SbHMgPXwMrXdLJyesId70hD6qhwISY6TiX4rb HWoB1173/JYVoqNE3I3OrwXZVoIkmsk6Kdg7NhXotKNTOO0ADDQb2Kr7GSpwEIcxeOkdK1vp 0AT0ERMrLN5CBB/KTH3DU= From: Andrew Cooper <andrew.cooper3@citrix.com> To: Xen-devel <xen-devel@lists.xenproject.org> CC: Andrew Cooper <andrew.cooper3@citrix.com> Subject: [PATCH v2 37/70] x86/apic: CFI hardening Date: Mon, 14 Feb 2022 12:50:54 +0000 Message-ID: <20220214125127.17985-38-andrew.cooper3@citrix.com> In-Reply-To: <20220214125127.17985-1-andrew.cooper3@citrix.com> References: <20220214125127.17985-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain
Series	x86: Support for CET Indirect Branch Tracking \| expand [v2,00/70] x86: Support for CET Indirect Branch Tracking [v2,01/70] xen/domain: Improve pirq handling [v2,02/70] xen/sort: Switch to an extern inline implementation [v2,03/70] xen/xsm: Move {do,compat}_flask_op() declarations into a header [v2,04/70] x86/pv-shim: Don't modify the hypercall table [v2,05/70] x86: Don't use the hypercall table for calling compat hypercalls [v2,06/70] x86: Introduce support for CET-IBT [v2,07/70] x86: Build check for embedded endbr64 instructions [v2,08/70] xen: CFI hardening for x86 hypercalls [v2,09/70] xen: CFI hardening for custom_param() [v2,10/70] xen: CFI hardening for __initcall() [v2,11/70] xen: CFI hardening for notifier callbacks [v2,12/70] xen: CFI hardening for acpi_table_parse() [v2,13/70] xen: CFI hardening for continue_hypercall_on_cpu() [v2,14/70] xen: CFI hardening for init_timer() [v2,15/70] xen: CFI hardening for call_rcu() [v2,16/70] xen: CFI hardening for IPIs [v2,17/70] xen: CFI hardening for open_softirq() [v2,18/70] xsm/flask/ss: CFI hardening [v2,19/70] xsm: CFI hardening [v2,20/70] xen/sched: CFI hardening [v2,21/70] xen/evtchn: CFI hardening [v2,22/70] xen/hypfs: CFI hardening [v2,23/70] xen/tasklet: CFI hardening [v2,24/70] xen/keyhandler: CFI hardening [v2,25/70] xen/vpci: CFI hardening [v2,26/70] xen/decompress: CFI hardening [v2,27/70] xen/iommu: CFI hardening [v2,28/70] xen/video: CFI hardening [v2,29/70] xen/console: CFI hardening [v2,30/70] xen/misc: CFI hardening [v2,31/70] x86: CFI hardening for request_irq() [v2,32/70] x86/hvm: CFI hardening for hvm_funcs [v2,33/70] x86/hvm: CFI hardening for device emulation [v2,34/70] x86/emul: CFI hardening [v2,35/70] x86/ucode: CFI hardening [v2,36/70] x86/power: CFI hardening [v2,37/70] x86/apic: CFI hardening [v2,38/70] x86/nmi: CFI hardening [v2,39/70] x86/mtrr: CFI hardening [v2,40/70] x86/idle: CFI hardening [v2,41/70] x86/quirks: CFI hardening [v2,42/70] x86/hvmsave: CFI hardening [v2,43/70] x86/mce: CFI hardening [v2,44/70] x86/pmu: CFI hardening [v2,45/70] x86/cpu: CFI hardening [v2,46/70] x86/guest: CFI hardening [v2,47/70] x86/logdirty: CFI hardening [v2,48/70] x86/shadow: CFI hardening [v2,49/70] x86/hap: CFI hardening [v2,50/70] x86/p2m: CFI hardening [v2,51/70] x86/irq: CFI hardening [v2,52/70] x86/apei: CFI hardening [v2,53/70] x86/psr: CFI hardening [v2,54/70] x86/dpci: CFI hardening [v2,55/70] x86/pt: CFI hardening [v2,56/70] x86/time: CFI hardening [v2,57/70] x86/misc: CFI hardening [v2,58/70] x86/stack: CFI hardening [v2,59/70] x86/bugframe: CFI hardening [v2,60/70] x86: Use control flow typechecking where possible [v2,61/70] x86/setup: Read CR4 earlier in __start_xen() [v2,62/70] x86/alternatives: Clear CR4.CET when clearing CR0.WP [v2,63/70] x86/traps: Rework write_stub_trampoline() to not hardcode the jmp [v2,64/70] x86: Introduce helpers/checks for endbr64 instructions [v2,65/70] x86/emul: Update emulation stubs to be CET-IBT compatible [v2,66/70] x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible [v2,67/70] x86/entry: Make IDT entrypoints CET-IBT compatible [v2,68/70] x86/setup: Rework MSR_S_CET handling for CET-IBT [v2,69/70] x86/efi: Disable CET-IBT around Runtime Services calls [v2,70/70] x86: Enable CET Indirect Branch Tracking

Message ID

20220214125127.17985-38-andrew.cooper3@citrix.com (mailing list archive)

State

New, archived

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
IronPort-SDR: 
 6qVrT5YlGRLe+iB32YZTsQOWSU/VWq5wH2X4XuAUdRo7uhPMH01lQPSplGVDoye+u39HVFUsWj
 GlaznnRrjnGfI3nWFfVrpuirUGhDsQLb57yNmO3qUT6BYEXWnvvYc9O7U65Ao0fKXnfqLp/BUP
 AK3WxvcZg3D8XHjAHOpDqWsLvj/XBgvQ4xFABRuUe7J2/GnzVlyTrp2zkoDeDSqUrR4Y//wyX1
 JBbQZ7nMLS2KhzG4ebGv2jsDT+2UUKl1cDF5qwLU2Y2sAoOoJ0fgZ2wLWZaJvmIJ7kuIxI/LWK
 BbsIyjiVyyc7sDxvfswrysrR
IronPort-Data: A9a23:mkvNcauFnnrShkkFCzfWplKis+fnVEhZMUV32f8akzHdYApBsoF/q
 tZmKTrUP/+LMGbzLt4jPIm39BkCvJeEmtZrHQI/r3o2E34R+JbJXdiXEBz9bniYRiHhoOOLz
 Cm8hv3odp1coqr0/0/1WlTZQP0VOZigHtIQMsadUsxKbVIiGHdJZS5LwbZj2NYy2IThWmthh
 PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe
 gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ
 NplnpWSRF4NDIP3u8cZfD0HDHh+IqN29+qSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3
 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DFYUToHx/ixreCu4rW8vrSKTW/95Imjw3g6iiGN6AP
 JdIM2QxMXwsZTUUZwclEsgHu9632F/jLjxTo3/E+KAOtj27IAtZj+G2bYu9lsaxbdVYmAOUq
 3zL+0z9AwoGL5qPxDyd6HWui+TT2yThV+ov+KaQr6AwxgfJnypKVUNQBQDTTeSFZlCWcNt9J
 hUwyAQVjos222j0UYD9QBOIryvR1vIDYOZ4H+o/4QCL76Pb5QeFG2QJJgJ8hMwaWNweHmJzi
 ALQ9z/9LXk26eDOFyrBnluBhW7qYUAowXk+iTjopOfvy/3qu8kNgx3GVb6P+4bl34SuSVkcL
 91nxRXSZon/b+ZWjc1XHnid2lpAQ6QlqSZvuG3qspqNtF8RWWJcT9XABaLnxfhBNp2FaVKKo
 WIJncOThMhXU83Ry3zdHbhVRerzjxpgDNE7qQQxd6TNChz3oyLzFWyuyG0WyLhV3jYsJmayP
 R67VfJ5755PJnq6BZKbkKrqY/nGOZPITIy/PtiNN4ImSsEoKGevoXE/DWbNjjuFuBV9zskC1
 WKzLJ/E4YAyUv88klJbho41jNcW+8zJ7T2PFM6rl0z9idJzphe9EN84DbdHVchhhIvsnekf2
 4832xKix0oNXevgTDPQ9IJPf1kGIWJiXcL9qtBNd/7FKQ1jQTlzB/jUyLInWopkg6UKybuYo
 iDjAhdVmAjlmHnKCQSWcXQ/Ornhaoly8CAgNis2MFf2h3V6OdSz7L0SfoccdKU88LAx1uZ9S
 vQIIp3SAvlGRjnd1S4aaJ3x8N5reBix3FrcNCu5ejkvOZVnQlWRqNPjewLu8ggIDza26pRi8
 +HxiFuDTMNaFQp4DcvQZPa+9H+LvCAQyLBoQk/FAthPY0GwooJkHDP8060sKMYWJBSdmjbDj
 1SKAQ0VrPXmqpMu9IWbnriNqoqkHrcsHkdeGGWHv7+6OTODozimyI5EFu2JYSrcRCX//6D7P
 bdZyPT1MfsmmldWstUjT+Y3nPxmv9a/9aVHyglEHWnQawX5A7xtFXCKwM1Tu/Af3bReowa3B
 hqC99Qy1W9l4y85/Ir9/DYYU9k=
IronPort-HdrOrdr: A9a23:Adm6qK7ZXP0F5SbHMgPXwMrXdLJyesId70hD6qhwISY6TiX4rb
 HWoB1173/JYVoqNE3I3OrwXZVoIkmsk6Kdg7NhXotKNTOO0ADDQb2Kr7GSpwEIcxeOkdK1vp
 0AT0ERMrLN5CBB/KTH3DU=
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH v2 37/70] x86/apic: CFI hardening
Date: Mon, 14 Feb 2022 12:50:54 +0000
Message-ID: <20220214125127.17985-38-andrew.cooper3@citrix.com>
In-Reply-To: <20220214125127.17985-1-andrew.cooper3@citrix.com>
References: <20220214125127.17985-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain

Series

x86: Support for CET Indirect Branch Tracking | expand

Commit Message

Andrew Cooper Feb. 14, 2022, 12:50 p.m. UTC

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
 xen/arch/x86/genapic/bigsmp.c      |  4 ++--
 xen/arch/x86/genapic/delivery.c    | 12 ++++++------
 xen/arch/x86/genapic/x2apic.c      | 16 ++++++++++------
 xen/arch/x86/include/asm/genapic.h | 18 +++++++++---------
 xen/arch/x86/smp.c                 |  6 +++---
 5 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/xen/arch/x86/genapic/bigsmp.c b/xen/arch/x86/genapic/bigsmp.c
index b9d976e8abf2..2000383ab0bf 100644
--- a/xen/arch/x86/genapic/bigsmp.c
+++ b/xen/arch/x86/genapic/bigsmp.c
@@ -10,7 +10,7 @@ 
 #include <xen/dmi.h>
 #include <asm/io_apic.h>
 
-static __init int force_bigsmp(const struct dmi_system_id *d)
+static int __init cf_check force_bigsmp(const struct dmi_system_id *d)
 {
 	printk(KERN_NOTICE "%s detected: force use of apic=bigsmp\n", d->ident);
 	def_to_bigsmp = true;
@@ -27,7 +27,7 @@  static const struct dmi_system_id __initconstrel bigsmp_dmi_table[] = {
 };
 
 
-static __init int probe_bigsmp(void)
+static int __init cf_check probe_bigsmp(void)
 { 
 	/*
 	 * We don't implement cluster mode, so force use of
diff --git a/xen/arch/x86/genapic/delivery.c b/xen/arch/x86/genapic/delivery.c
index 548c33f282dd..d1f99bf6834a 100644
--- a/xen/arch/x86/genapic/delivery.c
+++ b/xen/arch/x86/genapic/delivery.c
@@ -9,7 +9,7 @@ 
  * LOGICAL FLAT DELIVERY MODE (multicast via bitmask to <= 8 logical APIC IDs).
  */
 
-void init_apic_ldr_flat(void)
+void cf_check init_apic_ldr_flat(void)
 {
 	unsigned long val;
 
@@ -19,12 +19,12 @@  void init_apic_ldr_flat(void)
 	apic_write(APIC_LDR, val);
 }
 
-const cpumask_t *vector_allocation_cpumask_flat(int cpu)
+const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu)
 {
 	return &cpu_online_map;
 } 
 
-unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask)
+unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask)
 {
 	return cpumask_bits(cpumask)[0]&0xFF;
 }
@@ -33,17 +33,17 @@  unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask)
  * PHYSICAL DELIVERY MODE (unicast to physical APIC IDs).
  */
 
-void init_apic_ldr_phys(void)
+void cf_check init_apic_ldr_phys(void)
 {
 	/* We only deliver in phys mode - no setup needed. */
 }
 
-const cpumask_t *vector_allocation_cpumask_phys(int cpu)
+const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu)
 {
 	return cpumask_of(cpu);
 }
 
-unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask)
+unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask)
 {
 	/* As we are using single CPU as destination, pick only one CPU here */
 	return cpu_physical_id(cpumask_any(cpumask));
diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c
index bd44bb753995..de5032f2020a 100644
--- a/xen/arch/x86/genapic/x2apic.c
+++ b/xen/arch/x86/genapic/x2apic.c
@@ -38,7 +38,7 @@  static inline u32 x2apic_cluster(unsigned int cpu)
     return per_cpu(cpu_2_logical_apicid, cpu) >> 16;
 }
 
-static void init_apic_ldr_x2apic_cluster(void)
+static void cf_check init_apic_ldr_x2apic_cluster(void)
 {
     unsigned int cpu, this_cpu = smp_processor_id();
 
@@ -74,12 +74,14 @@  static void init_apic_ldr_x2apic_cluster(void)
     cpumask_set_cpu(this_cpu, per_cpu(cluster_cpus, this_cpu));
 }
 
-static const cpumask_t *vector_allocation_cpumask_x2apic_cluster(int cpu)
+static const cpumask_t *cf_check vector_allocation_cpumask_x2apic_cluster(
+    int cpu)
 {
     return per_cpu(cluster_cpus, cpu);
 }
 
-static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask)
+static unsigned int cf_check cpu_mask_to_apicid_x2apic_cluster(
+    const cpumask_t *cpumask)
 {
     unsigned int cpu = cpumask_any(cpumask);
     unsigned int dest = per_cpu(cpu_2_logical_apicid, cpu);
@@ -92,12 +94,13 @@  static unsigned int cpu_mask_to_apicid_x2apic_cluster(const cpumask_t *cpumask)
     return dest;
 }
 
-static void send_IPI_self_x2apic(uint8_t vector)
+static void cf_check send_IPI_self_x2apic(uint8_t vector)
 {
     apic_wrmsr(APIC_SELF_IPI, vector);
 }
 
-static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector)
+static void cf_check send_IPI_mask_x2apic_phys(
+    const cpumask_t *cpumask, int vector)
 {
     unsigned int cpu;
     unsigned long flags;
@@ -130,7 +133,8 @@  static void send_IPI_mask_x2apic_phys(const cpumask_t *cpumask, int vector)
     local_irq_restore(flags);
 }
 
-static void send_IPI_mask_x2apic_cluster(const cpumask_t *cpumask, int vector)
+static void cf_check send_IPI_mask_x2apic_cluster(
+    const cpumask_t *cpumask, int vector)
 {
     unsigned int cpu = smp_processor_id();
     cpumask_t *ipimask = per_cpu(scratch_mask, cpu);
diff --git a/xen/arch/x86/include/asm/genapic.h b/xen/arch/x86/include/asm/genapic.h
index 51a65d3e0f0c..beeaddf19daa 100644
--- a/xen/arch/x86/include/asm/genapic.h
+++ b/xen/arch/x86/include/asm/genapic.h
@@ -39,12 +39,12 @@  extern struct genapic genapic;
 extern const struct genapic apic_default;
 extern const struct genapic apic_bigsmp;
 
-void send_IPI_self_legacy(uint8_t vector);
+void cf_check send_IPI_self_legacy(uint8_t vector);
 
-void init_apic_ldr_flat(void);
-unsigned int cpu_mask_to_apicid_flat(const cpumask_t *cpumask);
-void send_IPI_mask_flat(const cpumask_t *mask, int vector);
-const cpumask_t *vector_allocation_cpumask_flat(int cpu);
+void cf_check init_apic_ldr_flat(void);
+unsigned int cf_check cpu_mask_to_apicid_flat(const cpumask_t *cpumask);
+void cf_check send_IPI_mask_flat(const cpumask_t *mask, int vector);
+const cpumask_t *cf_check vector_allocation_cpumask_flat(int cpu);
 #define GENAPIC_FLAT \
 	.int_delivery_mode = dest_LowestPrio, \
 	.int_dest_mode = 1 /* logical delivery */, \
@@ -54,10 +54,10 @@  const cpumask_t *vector_allocation_cpumask_flat(int cpu);
 	.send_IPI_mask = send_IPI_mask_flat, \
 	.send_IPI_self = send_IPI_self_legacy
 
-void init_apic_ldr_phys(void);
-unsigned int cpu_mask_to_apicid_phys(const cpumask_t *cpumask);
-void send_IPI_mask_phys(const cpumask_t *mask, int vector);
-const cpumask_t *vector_allocation_cpumask_phys(int cpu);
+void cf_check init_apic_ldr_phys(void);
+unsigned int cf_check cpu_mask_to_apicid_phys(const cpumask_t *cpumask);
+void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector);
+const cpumask_t *cf_check vector_allocation_cpumask_phys(int cpu);
 #define GENAPIC_PHYS \
 	.int_delivery_mode = dest_Fixed, \
 	.int_dest_mode = 0 /* physical delivery */, \
diff --git a/xen/arch/x86/smp.c b/xen/arch/x86/smp.c
index 33748e629a21..0a02086966c0 100644
--- a/xen/arch/x86/smp.c
+++ b/xen/arch/x86/smp.c
@@ -161,13 +161,13 @@  void send_IPI_self(int vector)
  * The following functions deal with sending IPIs between CPUs.
  */
 
-void send_IPI_self_legacy(uint8_t vector)
+void cf_check send_IPI_self_legacy(uint8_t vector)
 {
     /* NMI continuation handling relies on using a shorthand here. */
     send_IPI_shortcut(APIC_DEST_SELF, vector, APIC_DEST_PHYSICAL);
 }
 
-void send_IPI_mask_flat(const cpumask_t *cpumask, int vector)
+void cf_check send_IPI_mask_flat(const cpumask_t *cpumask, int vector)
 {
     unsigned long mask = cpumask_bits(cpumask)[0];
     unsigned long cfg;
@@ -204,7 +204,7 @@  void send_IPI_mask_flat(const cpumask_t *cpumask, int vector)
     local_irq_restore(flags);
 }
 
-void send_IPI_mask_phys(const cpumask_t *mask, int vector)
+void cf_check send_IPI_mask_phys(const cpumask_t *mask, int vector)
 {
     unsigned long cfg, flags;
     unsigned int query_cpu;

[v2,37/70] x86/apic: CFI hardening

Commit Message

Patch