[PATCH 04/11] crypto: x86/sha1 - fix possible crash with CFI enabled

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: x86@kernel.org, linux-arm-kernel@lists.infradead.org,
	Sami Tolvanen <samitolvanen@google.com>
Subject: [PATCH 04/11] crypto: x86/sha1 - fix possible crash with CFI enabled
Date: Fri, 18 Nov 2022 01:02:13 -0800	[thread overview]
Message-ID: <20221118090220.398819-5-ebiggers@kernel.org> (raw)
In-Reply-To: <20221118090220.398819-1-ebiggers@kernel.org>

From: Eric Biggers <ebiggers@google.com>

sha1_transform_ssse3(), sha1_transform_avx(), and sha1_ni_transform()
(but not sha1_transform_avx2()) are called via indirect function calls.
These functions need to use SYM_TYPED_FUNC_START instead of
SYM_FUNC_START to cause type hashes to be emitted when the kernel is
built with CONFIG_CFI_CLANG=y.  Otherwise, the code crashes with a CFI
failure (if the compiler didn't happen to optimize out the indirect
calls).

Fixes: 3c516f89e17e ("x86: Add support for CONFIG_CFI_CLANG")
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 arch/x86/crypto/sha1_ni_asm.S    | 3 ++-
 arch/x86/crypto/sha1_ssse3_asm.S | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/crypto/sha1_ni_asm.S b/arch/x86/crypto/sha1_ni_asm.S
index 2f94ec0e763bf..3cae5a1bb3d6e 100644
--- a/arch/x86/crypto/sha1_ni_asm.S
+++ b/arch/x86/crypto/sha1_ni_asm.S
@@ -54,6 +54,7 @@
  */
 
 #include <linux/linkage.h>
+#include <linux/cfi_types.h>
 
 #define DIGEST_PTR	%rdi	/* 1st arg */
 #define DATA_PTR	%rsi	/* 2nd arg */
@@ -93,7 +94,7 @@
  */
 .text
 .align 32
-SYM_FUNC_START(sha1_ni_transform)
+SYM_TYPED_FUNC_START(sha1_ni_transform)
 	push		%rbp
 	mov		%rsp, %rbp
 	sub		$FRAME_SIZE, %rsp
diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
index 263f916362e02..f54988c80eb40 100644
--- a/arch/x86/crypto/sha1_ssse3_asm.S
+++ b/arch/x86/crypto/sha1_ssse3_asm.S
@@ -25,6 +25,7 @@
  */
 
 #include <linux/linkage.h>
+#include <linux/cfi_types.h>
 
 #define CTX	%rdi	// arg1
 #define BUF	%rsi	// arg2
@@ -67,7 +68,7 @@
  * param: function's name
  */
 .macro SHA1_VECTOR_ASM  name
-	SYM_FUNC_START(\name)
+	SYM_TYPED_FUNC_START(\name)
 
 	push	%rbx
 	push	%r12
-- 
2.38.1

next prev parent reply	other threads:[~2022-11-18  9:04 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-18  9:02 [PATCH 0/11] crypto: CFI fixes Eric Biggers
2022-11-18  9:02 ` [PATCH 01/11] crypto: x86/aegis128 - fix crash with CFI enabled Eric Biggers
2022-11-18  9:02 ` [PATCH 02/11] crypto: x86/aria " Eric Biggers
2022-11-18  9:02 ` [PATCH 03/11] crypto: x86/nhpoly1305 - eliminate unnecessary CFI wrappers Eric Biggers
2022-11-18  9:02 ` Eric Biggers [this message]
2022-11-18  9:02 ` [PATCH 05/11] crypto: x86/sha256 - fix possible crash with CFI enabled Eric Biggers
2022-11-18  9:02 ` [PATCH 06/11] crypto: x86/sha512 " Eric Biggers
2022-11-18  9:02 ` [PATCH 07/11] crypto: x86/sm3 " Eric Biggers
2022-11-18  9:02 ` [PATCH 08/11] crypto: arm64/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18  9:02 ` [PATCH 09/11] crypto: arm64/sm3 - fix possible crash with CFI enabled Eric Biggers
2022-11-18  9:02 ` [PATCH 10/11] crypto: arm/nhpoly1305 - eliminate unnecessary CFI wrapper Eric Biggers
2022-11-18  9:02 ` [PATCH 11/11] Revert "crypto: shash - avoid comparing pointers to exported functions under CFI" Eric Biggers
2022-11-18  9:51 ` [PATCH 0/11] crypto: CFI fixes Peter Zijlstra
2022-11-18 15:43 ` Elliott, Robert (Servers)
2022-11-18 18:49   ` Eric Biggers
2022-11-18 19:14     ` Elliott, Robert (Servers)
2022-11-18 19:18       ` Eric Biggers
2022-11-18 17:21 ` Sami Tolvanen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2f94ec0e763b dfblob:3cae5a1bb3d6 dfblob:263f916362e0
dfblob:f54988c80eb4 )
 OR (
bs:"[PATCH 04/11] crypto: x86/sha1 - fix possible crash with CFI enabled" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221118090220.398819-5-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=samitolvanen@google.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox