|
Message-Id: <20191113182516.13545-1-keescook@chromium.org> Date: Wed, 13 Nov 2019 10:25:08 -0800 From: Kees Cook <keescook@...omium.org> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Kees Cook <keescook@...omium.org>, João Moreira <joao.moreira@...el.com>, Eric Biggers <ebiggers@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>, "David S. Miller" <davem@...emloft.net>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Stephan Mueller <smueller@...onox.de>, x86@...nel.org, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: [PATCH v5 0/8] crypto: x86: Fix indirect function call casts v5: - remove macros entirely and switch to declarations with common prototypes v4: https://lore.kernel.org/lkml/20191111214552.36717-1-keescook@chromium.org v3: https://lore.kernel.org/lkml/20190507161321.34611-1-keescook@chromium.org Hi, Now that Clang's CFI has been fixed to do the right thing with extern asm functions, this patch series is much simplified. Repeating patch 1's commit log here: The crypto glue performed function prototype casting to make indirect calls to assembly routines. Instead of performing casts at the call sites (which trips Control Flow Integrity prototype checking), switch each prototype to a common standard set of arguments which allows the incremental removal of the existing macros. In order to keep pointer math unchanged, internal casting between u128 pointers and u8 pointers is added. With this series (and the Clang LTO+CFI series) I am able to boot x86 with all crytpo selftests enabled without tripping any CFI checks. Thanks! -Kees Kees Cook (8): crypto: x86/glue_helper: Regularize function prototypes crypto: x86/serpent: Remove glue function macros usage crypto: x86/camellia: Remove glue function macro usage crypto: x86/twofish: Remove glue function macro usage crypto: x86/cast6: Remove glue function macro usage crypto: x86/aesni: Remove glue function macro usage crypto: x86/glue_helper: Remove function prototype cast helpers crypto, x86/sha: Eliminate casts on asm implementations arch/x86/crypto/aesni-intel_glue.c | 45 ++++++------- arch/x86/crypto/camellia_aesni_avx2_glue.c | 74 ++++++++++----------- arch/x86/crypto/camellia_aesni_avx_glue.c | 74 ++++++++++----------- arch/x86/crypto/camellia_glue.c | 45 +++++++------ arch/x86/crypto/cast6_avx_glue.c | 70 ++++++++++---------- arch/x86/crypto/glue_helper.c | 13 ++-- arch/x86/crypto/serpent_avx2_glue.c | 65 +++++++++--------- arch/x86/crypto/serpent_avx_glue.c | 72 ++++++++++---------- arch/x86/crypto/serpent_sse2_glue.c | 31 +++++---- arch/x86/crypto/sha1_ssse3_glue.c | 61 +++++++---------- arch/x86/crypto/sha256_ssse3_glue.c | 31 ++++----- arch/x86/crypto/sha512_ssse3_glue.c | 28 ++++---- arch/x86/crypto/twofish_avx_glue.c | 76 ++++++++++------------ arch/x86/crypto/twofish_glue_3way.c | 38 ++++++----- arch/x86/include/asm/crypto/camellia.h | 64 ++++++++---------- arch/x86/include/asm/crypto/glue_helper.h | 11 +--- arch/x86/include/asm/crypto/serpent-avx.h | 36 +++++----- arch/x86/include/asm/crypto/serpent-sse2.h | 6 +- arch/x86/include/asm/crypto/twofish.h | 20 +++--- crypto/cast6_generic.c | 6 +- crypto/serpent_generic.c | 6 +- include/crypto/cast6.h | 4 +- include/crypto/serpent.h | 4 +- include/crypto/xts.h | 2 - 24 files changed, 409 insertions(+), 473 deletions(-) -- 2.17.1
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.