From: Eric Biggers <ebiggers@kernel.org>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Kees Cook <keescook@chromium.org>,
linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] crypto: arm64/sha: fix function types
Date: Wed, 13 Nov 2019 12:04:20 -0800 [thread overview]
Message-ID: <20191113200419.GE221701@gmail.com> (raw)
In-Reply-To: <20191112223046.176097-1-samitolvanen@google.com>
On Tue, Nov 12, 2019 at 02:30:46PM -0800, Sami Tolvanen wrote:
> Declare assembly functions with the expected function type
> instead of casting pointers in C to avoid type mismatch failures
> with Control-Flow Integrity (CFI) checking.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> ---
> arch/arm64/crypto/sha1-ce-glue.c | 12 +++++-------
> arch/arm64/crypto/sha2-ce-glue.c | 26 +++++++++++---------------
> arch/arm64/crypto/sha256-glue.c | 30 ++++++++++++------------------
> arch/arm64/crypto/sha512-ce-glue.c | 23 ++++++++++-------------
> arch/arm64/crypto/sha512-glue.c | 13 +++++--------
> 5 files changed, 43 insertions(+), 61 deletions(-)
>
> diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c
> index bdc1b6d7aff7..3153a9bbb683 100644
> --- a/arch/arm64/crypto/sha1-ce-glue.c
> +++ b/arch/arm64/crypto/sha1-ce-glue.c
> @@ -25,7 +25,7 @@ struct sha1_ce_state {
> u32 finalize;
> };
>
> -asmlinkage void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
> +asmlinkage void sha1_ce_transform(struct sha1_state *sst, u8 const *src,
> int blocks);
Please update the comments in the corresponding assembly files too.
Also, this change doesn't really make sense because the assembly functions still
expect struct sha1_ce_state, and they access sha1_ce_state::finalize which is
not present in struct sha1_state. There should either be wrapper functions that
explicitly do the cast from sha1_state to sha1_ce_state, or there should be
comments in the assembly files that very clearly explain that although the
function prototype takes sha1_state, it's really assumed to be a sha1_ce_state.
Likewise for SHA-256 and SHA-512.
- Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] crypto: arm64/sha: fix function types
Date: Wed, 13 Nov 2019 12:04:20 -0800 [thread overview]
Message-ID: <20191113200419.GE221701@gmail.com> (raw)
In-Reply-To: <20191112223046.176097-1-samitolvanen@google.com>
On Tue, Nov 12, 2019 at 02:30:46PM -0800, Sami Tolvanen wrote:
> Declare assembly functions with the expected function type
> instead of casting pointers in C to avoid type mismatch failures
> with Control-Flow Integrity (CFI) checking.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> ---
> arch/arm64/crypto/sha1-ce-glue.c | 12 +++++-------
> arch/arm64/crypto/sha2-ce-glue.c | 26 +++++++++++---------------
> arch/arm64/crypto/sha256-glue.c | 30 ++++++++++++------------------
> arch/arm64/crypto/sha512-ce-glue.c | 23 ++++++++++-------------
> arch/arm64/crypto/sha512-glue.c | 13 +++++--------
> 5 files changed, 43 insertions(+), 61 deletions(-)
>
> diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c
> index bdc1b6d7aff7..3153a9bbb683 100644
> --- a/arch/arm64/crypto/sha1-ce-glue.c
> +++ b/arch/arm64/crypto/sha1-ce-glue.c
> @@ -25,7 +25,7 @@ struct sha1_ce_state {
> u32 finalize;
> };
>
> -asmlinkage void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src,
> +asmlinkage void sha1_ce_transform(struct sha1_state *sst, u8 const *src,
> int blocks);
Please update the comments in the corresponding assembly files too.
Also, this change doesn't really make sense because the assembly functions still
expect struct sha1_ce_state, and they access sha1_ce_state::finalize which is
not present in struct sha1_state. There should either be wrapper functions that
explicitly do the cast from sha1_state to sha1_ce_state, or there should be
comments in the assembly files that very clearly explain that although the
function prototype takes sha1_state, it's really assumed to be a sha1_ce_state.
Likewise for SHA-256 and SHA-512.
- Eric
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-11-13 20:04 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 22:30 [PATCH] crypto: arm64/sha: fix function types Sami Tolvanen
2019-11-12 22:30 ` Sami Tolvanen
2019-11-13 18:27 ` Kees Cook
2019-11-13 18:27 ` Kees Cook
2019-11-13 20:04 ` Eric Biggers [this message]
2019-11-13 20:04 ` Eric Biggers
2019-11-13 22:28 ` Sami Tolvanen
2019-11-13 22:28 ` Sami Tolvanen
2019-11-14 9:45 ` Ard Biesheuvel
2019-11-14 9:45 ` Ard Biesheuvel
2019-11-14 18:21 ` Sami Tolvanen
2019-11-14 18:21 ` Sami Tolvanen
2019-11-14 22:51 ` [PATCH v2] " Sami Tolvanen
2019-11-14 22:51 ` Sami Tolvanen
2019-11-15 11:32 ` Ard Biesheuvel
2019-11-15 11:32 ` Ard Biesheuvel
2019-11-19 20:01 ` Sami Tolvanen
2019-11-19 20:01 ` Sami Tolvanen
2019-11-19 20:13 ` [PATCH v3] " Sami Tolvanen
2019-11-19 20:13 ` Sami Tolvanen
2019-11-22 11:04 ` Herbert Xu
2019-11-22 11:04 ` Herbert Xu
2019-11-22 11:05 ` Herbert Xu
2019-11-22 11:05 ` Herbert Xu
2019-11-27 18:19 ` Eric Biggers
2019-11-27 18:19 ` Eric Biggers
2019-11-27 23:42 ` Sami Tolvanen
2019-11-27 23:42 ` Sami Tolvanen
2019-11-27 23:55 ` [PATCH v4] " Sami Tolvanen
2019-11-27 23:55 ` Sami Tolvanen
2019-11-28 0:25 ` Eric Biggers
2019-11-28 0:25 ` Eric Biggers
2019-12-11 9:40 ` Herbert Xu
2019-12-11 9:40 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191113200419.GE221701@gmail.com \
--to=ebiggers@kernel.org \
--cc=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.