From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: David Laight <David.Laight@aculab.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 16:03:29 +0100 [thread overview]
Message-ID: <CAHmME9oON=XwOoMNyO+Uu6pEC5j=JvvfK5g2u7mFcM=Y_LZ3uw@mail.gmail.com> (raw)
In-Reply-To: <13f9d24879e34914b1135a4d2ae48d73@AcuMS.aculab.com>
Hi David,
On Wed, Jan 19, 2022 at 3:41 PM David Laight <David.Laight@aculab.com> wrote:
>
> From: Ard Biesheuvel
> > Sent: 19 January 2022 12:19
> ...
> > - (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S))
> > + (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + else
> > + blake2s_compress_generic(state, in, nblocks - 1,
> > + BLAKE2S_BLOCK_SIZE);
>
> Isn't that a candidate for a 'static call' ?
>
> And, maybe all these inlined functions should be real functions?
> No point having all the bloat on every call site.
> Much better to call a real function and used the cached instructions.
Not a good candidate for static call, as this doesn't actually need to
change at runtime ever. It's using a function pointer here out of
laziness to keep the same body of the function, like a compile-time
template. You can sort of squint and imagine the C++. Unfortunately,
CFI felt differently and still treats it as an indirect call.
https://lore.kernel.org/linux-crypto/20220119135450.564115-1-Jason@zx2c4.com/
fixes it up to use a boolean instead, which will certainly be inlined
away. So that's definitely an improvement on what's there now.
For 5.18, I think it's probable that all of this stuff goes away
anyway, and we don't need the templated helpers at all. So perhaps my
patch will serve as an okay stop gap. Alternatively, maybe the clang
people will say, "oh no, our bug" and then fix it in their
neighborhood. According to
https://github.com/ClangBuiltLinux/linux/issues/1567 it looks like
that could be the case.
> There are clearly optimisations for the top/bottom of the loop.
> But they can be done to the generic C version.
Optimizing the generic C version would be quite nice, as it'd help all
platforms.
Jason
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: David Laight <David.Laight@aculab.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 16:03:29 +0100 [thread overview]
Message-ID: <CAHmME9oON=XwOoMNyO+Uu6pEC5j=JvvfK5g2u7mFcM=Y_LZ3uw@mail.gmail.com> (raw)
In-Reply-To: <13f9d24879e34914b1135a4d2ae48d73@AcuMS.aculab.com>
Hi David,
On Wed, Jan 19, 2022 at 3:41 PM David Laight <David.Laight@aculab.com> wrote:
>
> From: Ard Biesheuvel
> > Sent: 19 January 2022 12:19
> ...
> > - (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S))
> > + (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + else
> > + blake2s_compress_generic(state, in, nblocks - 1,
> > + BLAKE2S_BLOCK_SIZE);
>
> Isn't that a candidate for a 'static call' ?
>
> And, maybe all these inlined functions should be real functions?
> No point having all the bloat on every call site.
> Much better to call a real function and used the cached instructions.
Not a good candidate for static call, as this doesn't actually need to
change at runtime ever. It's using a function pointer here out of
laziness to keep the same body of the function, like a compile-time
template. You can sort of squint and imagine the C++. Unfortunately,
CFI felt differently and still treats it as an indirect call.
https://lore.kernel.org/linux-crypto/20220119135450.564115-1-Jason@zx2c4.com/
fixes it up to use a boolean instead, which will certainly be inlined
away. So that's definitely an improvement on what's there now.
For 5.18, I think it's probable that all of this stuff goes away
anyway, and we don't need the templated helpers at all. So perhaps my
patch will serve as an okay stop gap. Alternatively, maybe the clang
people will say, "oh no, our bug" and then fix it in their
neighborhood. According to
https://github.com/ClangBuiltLinux/linux/issues/1567 it looks like
that could be the case.
> There are clearly optimisations for the top/bottom of the loop.
> But they can be done to the generic C version.
Optimizing the generic C version would be quite nice, as it'd help all
platforms.
Jason
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: David Laight <David.Laight@aculab.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
"linux-mediatek@lists.infradead.org"
<linux-mediatek@lists.infradead.org>,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 16:03:29 +0100 [thread overview]
Message-ID: <CAHmME9oON=XwOoMNyO+Uu6pEC5j=JvvfK5g2u7mFcM=Y_LZ3uw@mail.gmail.com> (raw)
In-Reply-To: <13f9d24879e34914b1135a4d2ae48d73@AcuMS.aculab.com>
Hi David,
On Wed, Jan 19, 2022 at 3:41 PM David Laight <David.Laight@aculab.com> wrote:
>
> From: Ard Biesheuvel
> > Sent: 19 January 2022 12:19
> ...
> > - (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S))
> > + (*compress)(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> > + else
> > + blake2s_compress_generic(state, in, nblocks - 1,
> > + BLAKE2S_BLOCK_SIZE);
>
> Isn't that a candidate for a 'static call' ?
>
> And, maybe all these inlined functions should be real functions?
> No point having all the bloat on every call site.
> Much better to call a real function and used the cached instructions.
Not a good candidate for static call, as this doesn't actually need to
change at runtime ever. It's using a function pointer here out of
laziness to keep the same body of the function, like a compile-time
template. You can sort of squint and imagine the C++. Unfortunately,
CFI felt differently and still treats it as an indirect call.
https://lore.kernel.org/linux-crypto/20220119135450.564115-1-Jason@zx2c4.com/
fixes it up to use a boolean instead, which will certainly be inlined
away. So that's definitely an improvement on what's there now.
For 5.18, I think it's probable that all of this stuff goes away
anyway, and we don't need the templated helpers at all. So perhaps my
patch will serve as an okay stop gap. Alternatively, maybe the clang
people will say, "oh no, our bug" and then fix it in their
neighborhood. According to
https://github.com/ClangBuiltLinux/linux/issues/1567 it looks like
that could be the case.
> There are clearly optimisations for the top/bottom of the loop.
> But they can be done to the generic C version.
Optimizing the generic C version would be quite nice, as it'd help all
platforms.
Jason
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-01-19 15:03 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-19 8:24 [PATCH] lib/crypto: blake2s: fix a CFI failure miles.chen
2022-01-19 8:24 ` miles.chen
2022-01-19 8:24 ` miles.chen
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:43 ` Miles Chen
2022-01-19 9:43 ` Miles Chen
2022-01-19 9:43 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:54 ` [PATCH] lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI Jason A. Donenfeld
2022-01-19 13:54 ` Jason A. Donenfeld
2022-01-19 13:54 ` Jason A. Donenfeld
2022-01-19 14:46 ` Miles Chen
2022-01-19 14:46 ` Miles Chen
2022-01-19 14:46 ` Miles Chen
2022-01-19 22:24 ` Nathan Chancellor
2022-01-19 22:24 ` Nathan Chancellor
2022-01-19 22:24 ` Nathan Chancellor
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-21 19:54 ` Eric Biggers
2022-01-21 19:54 ` Eric Biggers
2022-01-21 19:54 ` Eric Biggers
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:51 ` Sami Tolvanen
2022-01-21 20:51 ` Sami Tolvanen
2022-01-21 20:51 ` Sami Tolvanen
2022-01-24 19:28 ` [PATCH v2] " Jason A. Donenfeld
2022-01-24 19:28 ` Jason A. Donenfeld
2022-01-24 19:59 ` Nick Desaulniers
2022-01-24 19:59 ` Nick Desaulniers
2022-01-25 6:40 ` Eric Biggers
2022-01-25 6:40 ` Eric Biggers
2022-01-25 12:23 ` Jason A. Donenfeld
2022-01-25 12:23 ` Jason A. Donenfeld
2022-01-26 22:54 ` Eric Biggers
2022-01-26 22:54 ` Eric Biggers
2022-01-26 22:51 ` [PATCH] " John Stultz
2022-01-26 22:51 ` John Stultz
2022-01-26 22:51 ` John Stultz
2022-01-19 14:40 ` [PATCH] lib/crypto: blake2s: fix a CFI failure David Laight
2022-01-19 14:40 ` David Laight
2022-01-19 14:40 ` David Laight
2022-01-19 15:03 ` Jason A. Donenfeld [this message]
2022-01-19 15:03 ` Jason A. Donenfeld
2022-01-19 15:03 ` Jason A. Donenfeld
2022-01-19 12:34 ` Miles Chen
2022-01-19 12:34 ` Miles Chen
2022-01-19 12:34 ` Miles Chen
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:35 ` Ard Biesheuvel
2022-01-19 10:35 ` Ard Biesheuvel
2022-01-19 10:35 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9oON=XwOoMNyO+Uu6pEC5j=JvvfK5g2u7mFcM=Y_LZ3uw@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=David.Laight@aculab.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=miles.chen@mediatek.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.