From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: x86@kernel.org, linux-arm-kernel@lists.infradead.org,
Sami Tolvanen <samitolvanen@google.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>
Subject: [PATCH v2 05/12] crypto: x86/sha256 - fix possible crash with CFI enabled
Date: Fri, 18 Nov 2022 11:44:14 -0800 [thread overview]
Message-ID: <20221118194421.160414-6-ebiggers@kernel.org> (raw)
In-Reply-To: <20221118194421.160414-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
sha256_transform_ssse3(), sha256_transform_avx(),
sha256_transform_rorx(), and sha256_ni_transform() are called via
indirect function calls. Therefore they need to use
SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type
hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y.
Otherwise, the code crashes with a CFI failure (if the compiler didn't
happen to optimize out the indirect calls).
Fixes: ccace936eec7 ("x86: Add types to indirectly called assembly functions")
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
arch/x86/crypto/sha256-avx-asm.S | 3 ++-
arch/x86/crypto/sha256-avx2-asm.S | 3 ++-
arch/x86/crypto/sha256-ssse3-asm.S | 3 ++-
arch/x86/crypto/sha256_ni_asm.S | 3 ++-
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S
index 3baa1ec390974..06ea30c20828d 100644
--- a/arch/x86/crypto/sha256-avx-asm.S
+++ b/arch/x86/crypto/sha256-avx-asm.S
@@ -48,6 +48,7 @@
########################################################################
#include <linux/linkage.h>
+#include <linux/cfi_types.h>
## assume buffers not aligned
#define VMOVDQ vmovdqu
@@ -346,7 +347,7 @@ a = TMP_
## arg 3 : Num blocks
########################################################################
.text
-SYM_FUNC_START(sha256_transform_avx)
+SYM_TYPED_FUNC_START(sha256_transform_avx)
.align 32
pushq %rbx
pushq %r12
diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S
index 9bcdbc47b8b4b..2d2be531a11ed 100644
--- a/arch/x86/crypto/sha256-avx2-asm.S
+++ b/arch/x86/crypto/sha256-avx2-asm.S
@@ -49,6 +49,7 @@
########################################################################
#include <linux/linkage.h>
+#include <linux/cfi_types.h>
## assume buffers not aligned
#define VMOVDQ vmovdqu
@@ -523,7 +524,7 @@ STACK_SIZE = _CTX + _CTX_SIZE
## arg 3 : Num blocks
########################################################################
.text
-SYM_FUNC_START(sha256_transform_rorx)
+SYM_TYPED_FUNC_START(sha256_transform_rorx)
.align 32
pushq %rbx
pushq %r12
diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S
index c4a5db612c327..7db28839108dd 100644
--- a/arch/x86/crypto/sha256-ssse3-asm.S
+++ b/arch/x86/crypto/sha256-ssse3-asm.S
@@ -47,6 +47,7 @@
########################################################################
#include <linux/linkage.h>
+#include <linux/cfi_types.h>
## assume buffers not aligned
#define MOVDQ movdqu
@@ -355,7 +356,7 @@ a = TMP_
## arg 3 : Num blocks
########################################################################
.text
-SYM_FUNC_START(sha256_transform_ssse3)
+SYM_TYPED_FUNC_START(sha256_transform_ssse3)
.align 32
pushq %rbx
pushq %r12
diff --git a/arch/x86/crypto/sha256_ni_asm.S b/arch/x86/crypto/sha256_ni_asm.S
index 94d50dd27cb53..47f93937f798a 100644
--- a/arch/x86/crypto/sha256_ni_asm.S
+++ b/arch/x86/crypto/sha256_ni_asm.S
@@ -54,6 +54,7 @@
*/
#include <linux/linkage.h>
+#include <linux/cfi_types.h>
#define DIGEST_PTR %rdi /* 1st arg */
#define DATA_PTR %rsi /* 2nd arg */
@@ -97,7 +98,7 @@
.text
.align 32
-SYM_FUNC_START(sha256_ni_transform)
+SYM_TYPED_FUNC_START(sha256_ni_transform)
shl $6, NUM_BLKS /* convert to bytes */
jz .Ldone_hash
--
2.38.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-11-18 19:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 19:44 [PATCH v2 00/12] crypto: CFI fixes Eric Biggers
2022-11-18 19:44 ` [PATCH v2 01/12] crypto: x86/aegis128 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` [PATCH v2 02/12] crypto: x86/aria - fix " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 03/12] crypto: x86/nhpoly1305 - eliminate unnecessary CFI wrappers Eric Biggers
2022-11-18 19:44 ` [PATCH v2 04/12] crypto: x86/sha1 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` Eric Biggers [this message]
2022-11-18 19:44 ` [PATCH v2 06/12] crypto: x86/sha512 " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 07/12] crypto: x86/sm3 " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 08/12] crypto: x86/sm4 - fix " Eric Biggers
2022-11-18 20:10 ` Eric Biggers
2022-11-18 20:27 ` Sami Tolvanen
2022-11-18 20:52 ` Eric Biggers
2022-11-18 20:53 ` Sami Tolvanen
2022-11-18 22:01 ` Sami Tolvanen
2022-11-18 22:33 ` Eric Biggers
2022-11-18 19:44 ` [PATCH v2 09/12] crypto: arm64/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18 19:44 ` [PATCH v2 10/12] crypto: arm64/sm3 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` [PATCH v2 11/12] crypto: arm/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18 19:44 ` [PATCH v2 12/12] Revert "crypto: shash - avoid comparing pointers to exported functions under CFI" Eric Biggers
2022-11-25 9:46 ` [PATCH v2 00/12] crypto: CFI fixes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221118194421.160414-6-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox