From: Eric Biggers <ebiggers@kernel.org>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: x86@kernel.org, linux-arm-kernel@lists.infradead.org,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH v2 08/12] crypto: x86/sm4 - fix crash with CFI enabled
Date: Fri, 18 Nov 2022 12:10:26 -0800 [thread overview]
Message-ID: <Y3fmskgfAb/xxzpS@sol.localdomain> (raw)
In-Reply-To: <20221118194421.160414-9-ebiggers@kernel.org>
On Fri, Nov 18, 2022 at 11:44:17AM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> sm4_aesni_avx_ctr_enc_blk8(), sm4_aesni_avx_cbc_dec_blk8(),
> sm4_aesni_avx_cfb_dec_blk8(), sm4_aesni_avx2_ctr_enc_blk16(),
> sm4_aesni_avx2_cbc_dec_blk16(), and sm4_aesni_avx2_cfb_dec_blk16() are
> called via indirect function calls. Therefore they need to use
> SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type
> hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y.
> Otherwise, the code crashes with a CFI failure.
>
> (Or at least that should be the case. For some reason the CFI checks in
> sm4_avx_cbc_decrypt(), sm4_avx_cfb_decrypt(), and sm4_avx_ctr_crypt()
> are not always being generated, using current tip-of-tree clang.
> Anyway, this patch is a good idea anyway.)
Sami, is it expected that a CFI check isn't being generated for the indirect
call to 'func' in sm4_avx_cbc_decrypt()? I'm using LLVM commit 4a7be42d922af0.
- Eric
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-11-18 20:11 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 19:44 [PATCH v2 00/12] crypto: CFI fixes Eric Biggers
2022-11-18 19:44 ` [PATCH v2 01/12] crypto: x86/aegis128 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` [PATCH v2 02/12] crypto: x86/aria - fix " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 03/12] crypto: x86/nhpoly1305 - eliminate unnecessary CFI wrappers Eric Biggers
2022-11-18 19:44 ` [PATCH v2 04/12] crypto: x86/sha1 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` [PATCH v2 05/12] crypto: x86/sha256 " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 06/12] crypto: x86/sha512 " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 07/12] crypto: x86/sm3 " Eric Biggers
2022-11-18 19:44 ` [PATCH v2 08/12] crypto: x86/sm4 - fix " Eric Biggers
2022-11-18 20:10 ` Eric Biggers [this message]
2022-11-18 20:27 ` Sami Tolvanen
2022-11-18 20:52 ` Eric Biggers
2022-11-18 20:53 ` Sami Tolvanen
2022-11-18 22:01 ` Sami Tolvanen
2022-11-18 22:33 ` Eric Biggers
2022-11-18 19:44 ` [PATCH v2 09/12] crypto: arm64/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18 19:44 ` [PATCH v2 10/12] crypto: arm64/sm3 - fix possible crash with CFI enabled Eric Biggers
2022-11-18 19:44 ` [PATCH v2 11/12] crypto: arm/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18 19:44 ` [PATCH v2 12/12] Revert "crypto: shash - avoid comparing pointers to exported functions under CFI" Eric Biggers
2022-11-25 9:46 ` [PATCH v2 00/12] crypto: CFI fixes Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y3fmskgfAb/xxzpS@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox