From b22f4b696d3e7b811ed976add0b92f72b590dec1 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 29 Oct 2021 20:57:23 +0100
Subject: [PATCH] xen/decompress: CFI hardening

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
 xen/common/bunzip2.c            | 2 +-
 xen/common/decompress.c         | 2 +-
 xen/common/unlzma.c             | 2 +-
 xen/common/zstd/zstd_common.c   | 4 ++--
 xen/common/zstd/zstd_internal.h | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c
index 2087cfbbed..782b589a8b 100644
--- a/xen/common/bunzip2.c
+++ b/xen/common/bunzip2.c
@@ -607,7 +607,7 @@ decode_next_byte:
 	goto decode_next_byte;
 }
 
-static int __init nofill(void *buf, unsigned int len)
+static int __init cf_check nofill(void *buf, unsigned int len)
 {
 	return -1;
 }
diff --git a/xen/common/decompress.c b/xen/common/decompress.c
index 79e60f4802..989336983f 100644
--- a/xen/common/decompress.c
+++ b/xen/common/decompress.c
@@ -3,7 +3,7 @@
 #include <xen/string.h>
 #include <xen/decompress.h>
 
-static void __init error(const char *msg)
+static void __init cf_check error(const char *msg)
 {
     printk("%s\n", msg);
 }
diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c
index d0ef78eef0..6cd99023ad 100644
--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -76,7 +76,7 @@ struct rc {
 #define RC_MODEL_TOTAL_BITS 11
 
 
-static int __init nofill(void *buffer, unsigned int len)
+static int __init cf_check nofill(void *buffer, unsigned int len)
 {
 	return -1;
 }
diff --git a/xen/common/zstd/zstd_common.c b/xen/common/zstd/zstd_common.c
index 9a85e938cd..5c44e5db76 100644
--- a/xen/common/zstd/zstd_common.c
+++ b/xen/common/zstd/zstd_common.c
@@ -54,12 +54,12 @@ void *__init ZSTD_stackAllocAll(void *opaque, size_t *size)
 	return stack_push(stack, *size);
 }
 
-void *__init ZSTD_stackAlloc(void *opaque, size_t size)
+void *__init cf_check ZSTD_stackAlloc(void *opaque, size_t size)
 {
 	ZSTD_stack *stack = (ZSTD_stack *)opaque;
 	return stack_push(stack, size);
 }
-void __init ZSTD_stackFree(void *opaque, void *address)
+void __init cf_check ZSTD_stackFree(void *opaque, void *address)
 {
 	(void)opaque;
 	(void)address;
diff --git a/xen/common/zstd/zstd_internal.h b/xen/common/zstd/zstd_internal.h
index b7dd14f6ce..94f8c58622 100644
--- a/xen/common/zstd/zstd_internal.h
+++ b/xen/common/zstd/zstd_internal.h
@@ -351,8 +351,8 @@ typedef struct {
 ZSTD_customMem ZSTD_initStack(void *workspace, size_t workspaceSize);
 
 void *ZSTD_stackAllocAll(void *opaque, size_t *size);
-void *ZSTD_stackAlloc(void *opaque, size_t size);
-void ZSTD_stackFree(void *opaque, void *address);
+void *cf_check ZSTD_stackAlloc(void *opaque, size_t size);
+void cf_check ZSTD_stackFree(void *opaque, void *address);
 
 /*======  common function  ======*/
 
-- 
2.30.2