From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26AD7C433F5 for ; Wed, 13 Oct 2021 15:23:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 140B260FDA for ; Wed, 13 Oct 2021 15:23:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229851AbhJMPZD (ORCPT ); Wed, 13 Oct 2021 11:25:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:38360 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229777AbhJMPZD (ORCPT ); Wed, 13 Oct 2021 11:25:03 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B6FDE610E6; Wed, 13 Oct 2021 15:22:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1634138580; bh=5k0BYZS5Q/5ehvuCNbkjkrQtkcOaZ95KgwqdtymNMw8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rSRQFnixLFq34y1EmGz+pYyqzxOdxSI4yOx9AbRTj4cI4zLBmJ8TxtRaPcb7bOmGb Y5O1OgCZjvs9jIARptaA3X3uo6yVxOfFdu2qvgJNF0VvgVH3EcwKBO0GozomRepUjv r+DgAG6o/ZPLRKSNqm9yGQTNyknbNu4cEwZrID6hdpJUtp6CDsfjQn/PzZYFcdy5/9 nAonJzEJ86RxbsnR92LuO2YLPJHLtJeBfoWi4/cOU8A8bkXI0dG82V8KgBkwzOtGtJ l/H53p9iFLKb9YU+TqGuVCH9w2YHLXceaTnmxUJbCUeA1oqkPWBn+8bn9A1IIx4jfz blR5RPYRMZFGA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: linux-hardening@vger.kernel.org, mark.rutland@arm.com, catalin.marinas@arm.com, will@kernel.org, Ard Biesheuvel Subject: [RFC PATCH 3/9] arm64: crypto: avoid overlapping linkage definitions for AES-CBC Date: Wed, 13 Oct 2021 17:22:37 +0200 Message-Id: <20211013152243.2216899-4-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211013152243.2216899-1-ardb@kernel.org> References: <20211013152243.2216899-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1720; h=from:subject; bh=5k0BYZS5Q/5ehvuCNbkjkrQtkcOaZ95KgwqdtymNMw8=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBhZvm2ZdTKQVU79efbhhoiav8D8jmUODgZpp6seolz 7krY+66JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYWb5tgAKCRDDTyI5ktmPJPCzC/ 9TsCXIseJHAZqVmbMAnkuIb2BaOu1gpH+jsUsy0F/6R4DS9LOLaM3mxG3DdO5C/FSkAqKWoNNIBeM7 ZnDp01QfO4/qYC4fwqjHTqGQDWyDvJzsdTcWfTpDSRhtY9JLoMsUdsLvT30YITusiEbF5XFbTitXI0 92baTTP8u1kLey0vAQeKf6BII9scGDQouFc417QAo9J7V5G+JOPlm4K9My6wU/y4/uzSIiOo9UPxIh w7OYHP47Lgte9pdS+OpXPQ6PzMUOzO2r39gliZbQZ6CdFzLq5ZuOq49YA99t7I+QFu4SO3EH5SmdUc ATAbhDNNhdiZM6XZJvlZoPM0uT7iupzy6koBXLoK9vJaP3ncdZ1k4mE0NDojqIhVGbiu3Cso+tR/9z FuKzsIvXIxQVet2++w0P18BCxL5oDLfz/1gAvrJg2jySIEfK/pO0qugsBQTU03QM6kcV5OyE4DfKza cPRzKRIOjZ6V6ZFRekTkKs0i54bRYl5uWjA9dYP4dQ6n8= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The aes_essiv_cbc_[en|de]crypt routines perform a single AES block encryption of the IV before tail calling into the ordinary AES-CBC routines to perform the actual data en/decryption. In the asm code, the symbol definitions currently overlap, which is unnecessary, and becomes problematic once we enable generation of CFI unwind metadata. So instead, move the end marker of the ESSIV versions right after the respective tail calls. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-modes.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index b495de22bb38..50427301b4d8 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -134,6 +134,7 @@ AES_FUNC_START(aes_essiv_cbc_encrypt) encrypt_block v4, w8, x6, x7, w9 enc_switch_key w3, x2, x6 b .Lcbcencloop4x +AES_FUNC_END(aes_essiv_cbc_encrypt) AES_FUNC_START(aes_cbc_encrypt) ld1 {v4.16b}, [x5] /* get iv */ @@ -168,7 +169,6 @@ AES_FUNC_START(aes_cbc_encrypt) st1 {v4.16b}, [x5] /* return iv */ ret AES_FUNC_END(aes_cbc_encrypt) -AES_FUNC_END(aes_essiv_cbc_encrypt) AES_FUNC_START(aes_essiv_cbc_decrypt) stp x29, x30, [sp, #-16]! @@ -180,6 +180,7 @@ AES_FUNC_START(aes_essiv_cbc_decrypt) enc_prepare w8, x6, x7 encrypt_block cbciv, w8, x6, x7, w9 b .Lessivcbcdecstart +AES_FUNC_END(aes_essiv_cbc_decrypt) AES_FUNC_START(aes_cbc_decrypt) stp x29, x30, [sp, #-16]! @@ -239,7 +240,6 @@ ST5( st1 {v4.16b}, [x0], #16 ) ldp x29, x30, [sp], #16 ret AES_FUNC_END(aes_cbc_decrypt) -AES_FUNC_END(aes_essiv_cbc_decrypt) /* -- 2.30.2 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91D75C433F5 for ; Wed, 13 Oct 2021 15:25:37 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5477F61056 for ; Wed, 13 Oct 2021 15:25:37 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5477F61056 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JxDD3OAaGVwxEZI+/AcOTDjoJBigaHBciLE3TjgwjdM=; b=4sIEOLWMTabvUa siGdxrFM4GYwXv6xEk1R0VRur4+AUHVomoWfWWlZD6aI36u/nWVJ8DrrcLgRzNGHOW1fntaulNXZ8 W3q2xy8BSIa3Qje+i8h3Lqoyp5v0xWaBa/fSviKEEcXgWCnCvvvhQivy5KTujKglykwLvxqXilfoA DGcmiQF+ObAUrf0j99i/cNksvU+XE+gxOQT/GWUg/HXDWyKhLpiErDSm/JqGO7vGW2XWZuW61gS+A j1ntTjqRIY+EogZOksbL/kUK7OwEHwe+JFk8EJQs5dgEIIQlso7+B3amF9NhSQmsp1QowqXPpzgap z29C/To3jvss6jFrV29g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mag6a-00HKpj-4Q; Wed, 13 Oct 2021 15:23:44 +0000 Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mag5s-00HKg6-Fq for linux-arm-kernel@lists.infradead.org; Wed, 13 Oct 2021 15:23:01 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id B6FDE610E6; Wed, 13 Oct 2021 15:22:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1634138580; bh=5k0BYZS5Q/5ehvuCNbkjkrQtkcOaZ95KgwqdtymNMw8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rSRQFnixLFq34y1EmGz+pYyqzxOdxSI4yOx9AbRTj4cI4zLBmJ8TxtRaPcb7bOmGb Y5O1OgCZjvs9jIARptaA3X3uo6yVxOfFdu2qvgJNF0VvgVH3EcwKBO0GozomRepUjv r+DgAG6o/ZPLRKSNqm9yGQTNyknbNu4cEwZrID6hdpJUtp6CDsfjQn/PzZYFcdy5/9 nAonJzEJ86RxbsnR92LuO2YLPJHLtJeBfoWi4/cOU8A8bkXI0dG82V8KgBkwzOtGtJ l/H53p9iFLKb9YU+TqGuVCH9w2YHLXceaTnmxUJbCUeA1oqkPWBn+8bn9A1IIx4jfz blR5RPYRMZFGA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: linux-hardening@vger.kernel.org, mark.rutland@arm.com, catalin.marinas@arm.com, will@kernel.org, Ard Biesheuvel Subject: [RFC PATCH 3/9] arm64: crypto: avoid overlapping linkage definitions for AES-CBC Date: Wed, 13 Oct 2021 17:22:37 +0200 Message-Id: <20211013152243.2216899-4-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211013152243.2216899-1-ardb@kernel.org> References: <20211013152243.2216899-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1720; h=from:subject; bh=5k0BYZS5Q/5ehvuCNbkjkrQtkcOaZ95KgwqdtymNMw8=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBhZvm2ZdTKQVU79efbhhoiav8D8jmUODgZpp6seolz 7krY+66JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYWb5tgAKCRDDTyI5ktmPJPCzC/ 9TsCXIseJHAZqVmbMAnkuIb2BaOu1gpH+jsUsy0F/6R4DS9LOLaM3mxG3DdO5C/FSkAqKWoNNIBeM7 ZnDp01QfO4/qYC4fwqjHTqGQDWyDvJzsdTcWfTpDSRhtY9JLoMsUdsLvT30YITusiEbF5XFbTitXI0 92baTTP8u1kLey0vAQeKf6BII9scGDQouFc417QAo9J7V5G+JOPlm4K9My6wU/y4/uzSIiOo9UPxIh w7OYHP47Lgte9pdS+OpXPQ6PzMUOzO2r39gliZbQZ6CdFzLq5ZuOq49YA99t7I+QFu4SO3EH5SmdUc ATAbhDNNhdiZM6XZJvlZoPM0uT7iupzy6koBXLoK9vJaP3ncdZ1k4mE0NDojqIhVGbiu3Cso+tR/9z FuKzsIvXIxQVet2++w0P18BCxL5oDLfz/1gAvrJg2jySIEfK/pO0qugsBQTU03QM6kcV5OyE4DfKza cPRzKRIOjZ6V6ZFRekTkKs0i54bRYl5uWjA9dYP4dQ6n8= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211013_082300_615416_8F8EB265 X-CRM114-Status: UNSURE ( 9.04 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The aes_essiv_cbc_[en|de]crypt routines perform a single AES block encryption of the IV before tail calling into the ordinary AES-CBC routines to perform the actual data en/decryption. In the asm code, the symbol definitions currently overlap, which is unnecessary, and becomes problematic once we enable generation of CFI unwind metadata. So instead, move the end marker of the ESSIV versions right after the respective tail calls. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-modes.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index b495de22bb38..50427301b4d8 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -134,6 +134,7 @@ AES_FUNC_START(aes_essiv_cbc_encrypt) encrypt_block v4, w8, x6, x7, w9 enc_switch_key w3, x2, x6 b .Lcbcencloop4x +AES_FUNC_END(aes_essiv_cbc_encrypt) AES_FUNC_START(aes_cbc_encrypt) ld1 {v4.16b}, [x5] /* get iv */ @@ -168,7 +169,6 @@ AES_FUNC_START(aes_cbc_encrypt) st1 {v4.16b}, [x5] /* return iv */ ret AES_FUNC_END(aes_cbc_encrypt) -AES_FUNC_END(aes_essiv_cbc_encrypt) AES_FUNC_START(aes_essiv_cbc_decrypt) stp x29, x30, [sp, #-16]! @@ -180,6 +180,7 @@ AES_FUNC_START(aes_essiv_cbc_decrypt) enc_prepare w8, x6, x7 encrypt_block cbciv, w8, x6, x7, w9 b .Lessivcbcdecstart +AES_FUNC_END(aes_essiv_cbc_decrypt) AES_FUNC_START(aes_cbc_decrypt) stp x29, x30, [sp, #-16]! @@ -239,7 +240,6 @@ ST5( st1 {v4.16b}, [x0], #16 ) ldp x29, x30, [sp], #16 ret AES_FUNC_END(aes_cbc_decrypt) -AES_FUNC_END(aes_essiv_cbc_decrypt) /* -- 2.30.2 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel