From: Ard Biesheuvel <ardb@kernel.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-mediatek@lists.infradead.org,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 11:35:32 +0100 [thread overview]
Message-ID: <CAMj1kXFdgPj7Ky-361QNAOLccr1mq5m9LSsPfbgpwV58fLAxJw@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9o-=q6jT6mF3XsfoA17756YVEWdXGHukP=rxWS1gs5irg@mail.gmail.com>
On Wed, 19 Jan 2022 at 11:20, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On 1/19/22, Ard Biesheuvel <ardb@kernel.org> wrote:
> > On Wed, 19 Jan 2022 at 11:06, Miles Chen <miles.chen@mediatek.com> wrote:
> >>
> >> Hi,
> >>
> >> >Hi Miles,
> >> >
> >> >I'm actually not able to reproduce your oops. I'm using vanilla clang
> >> >13, cross compiling for arm64, with thin LTO enabled and CFI enabled.
> >> >Kernel seems to run fine.
> >> >
> >> >
> >> >Are there other settings that are needed to trigger this? Do you see
> >> >it in upstream clang or just the Android fork of clang?
> >> >
> >> I will try another clang (the previous version I use).
> >> I am using Android fork of clang and there is a clang upgrade in this
> >> merge.
> >>
> >
> > One thing that could be worth a try is to make __blake2s_update() and
> > __blake2s_final() __always_inline rather than just inline, which by
> > itself does not appear to be sufficient for the code to get inlined.
> > (If it were, the indirect call should have disappeared as well)
> >
> > Given that indirect calls suck on x86, we should probably apply that
> > change in any case, regardless of CFI.
> >
>
> Had the same thought at first, but then looking at the original stack
> trace, it looks like the __ function is inlined:
>
> [ 0.000000][ T0] __cfi_slowpath_diag+0x354/0x4b0
> [ 0.000000][ T0] blake2s_update+0x14c/0x178
> [ 0.000000][ T0] _extract_entropy+0xf4/0x29c
>
Indeed. How odd. I hope this doesn't happen with the x86 backend
because that would be plain silly. On arm64, it doesn't actually
matter in terms of performance, it just needs one additional callee
save register to preserve the function pointer across calls.
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-mediatek@lists.infradead.org,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 11:35:32 +0100 [thread overview]
Message-ID: <CAMj1kXFdgPj7Ky-361QNAOLccr1mq5m9LSsPfbgpwV58fLAxJw@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9o-=q6jT6mF3XsfoA17756YVEWdXGHukP=rxWS1gs5irg@mail.gmail.com>
On Wed, 19 Jan 2022 at 11:20, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On 1/19/22, Ard Biesheuvel <ardb@kernel.org> wrote:
> > On Wed, 19 Jan 2022 at 11:06, Miles Chen <miles.chen@mediatek.com> wrote:
> >>
> >> Hi,
> >>
> >> >Hi Miles,
> >> >
> >> >I'm actually not able to reproduce your oops. I'm using vanilla clang
> >> >13, cross compiling for arm64, with thin LTO enabled and CFI enabled.
> >> >Kernel seems to run fine.
> >> >
> >> >
> >> >Are there other settings that are needed to trigger this? Do you see
> >> >it in upstream clang or just the Android fork of clang?
> >> >
> >> I will try another clang (the previous version I use).
> >> I am using Android fork of clang and there is a clang upgrade in this
> >> merge.
> >>
> >
> > One thing that could be worth a try is to make __blake2s_update() and
> > __blake2s_final() __always_inline rather than just inline, which by
> > itself does not appear to be sufficient for the code to get inlined.
> > (If it were, the indirect call should have disappeared as well)
> >
> > Given that indirect calls suck on x86, we should probably apply that
> > change in any case, regardless of CFI.
> >
>
> Had the same thought at first, but then looking at the original stack
> trace, it looks like the __ function is inlined:
>
> [ 0.000000][ T0] __cfi_slowpath_diag+0x354/0x4b0
> [ 0.000000][ T0] blake2s_update+0x14c/0x178
> [ 0.000000][ T0] _extract_entropy+0xf4/0x29c
>
Indeed. How odd. I hope this doesn't happen with the x86 backend
because that would be plain silly. On arm64, it doesn't actually
matter in terms of performance, it just needs one additional callee
save register to preserve the function pointer across calls.
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
WARNING: multiple messages have this Message-ID (diff)
From: Ard Biesheuvel <ardb@kernel.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Miles Chen <miles.chen@mediatek.com>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-mediatek@lists.infradead.org,
Matthias Brugger <matthias.bgg@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] lib/crypto: blake2s: fix a CFI failure
Date: Wed, 19 Jan 2022 11:35:32 +0100 [thread overview]
Message-ID: <CAMj1kXFdgPj7Ky-361QNAOLccr1mq5m9LSsPfbgpwV58fLAxJw@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9o-=q6jT6mF3XsfoA17756YVEWdXGHukP=rxWS1gs5irg@mail.gmail.com>
On Wed, 19 Jan 2022 at 11:20, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On 1/19/22, Ard Biesheuvel <ardb@kernel.org> wrote:
> > On Wed, 19 Jan 2022 at 11:06, Miles Chen <miles.chen@mediatek.com> wrote:
> >>
> >> Hi,
> >>
> >> >Hi Miles,
> >> >
> >> >I'm actually not able to reproduce your oops. I'm using vanilla clang
> >> >13, cross compiling for arm64, with thin LTO enabled and CFI enabled.
> >> >Kernel seems to run fine.
> >> >
> >> >
> >> >Are there other settings that are needed to trigger this? Do you see
> >> >it in upstream clang or just the Android fork of clang?
> >> >
> >> I will try another clang (the previous version I use).
> >> I am using Android fork of clang and there is a clang upgrade in this
> >> merge.
> >>
> >
> > One thing that could be worth a try is to make __blake2s_update() and
> > __blake2s_final() __always_inline rather than just inline, which by
> > itself does not appear to be sufficient for the code to get inlined.
> > (If it were, the indirect call should have disappeared as well)
> >
> > Given that indirect calls suck on x86, we should probably apply that
> > change in any case, regardless of CFI.
> >
>
> Had the same thought at first, but then looking at the original stack
> trace, it looks like the __ function is inlined:
>
> [ 0.000000][ T0] __cfi_slowpath_diag+0x354/0x4b0
> [ 0.000000][ T0] blake2s_update+0x14c/0x178
> [ 0.000000][ T0] _extract_entropy+0xf4/0x29c
>
Indeed. How odd. I hope this doesn't happen with the x86 backend
because that would be plain silly. On arm64, it doesn't actually
matter in terms of performance, it just needs one additional callee
save register to preserve the function pointer across calls.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-01-19 10:35 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-19 8:24 [PATCH] lib/crypto: blake2s: fix a CFI failure miles.chen
2022-01-19 8:24 ` miles.chen
2022-01-19 8:24 ` miles.chen
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:00 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:09 ` Jason A. Donenfeld
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:16 ` Miles Chen
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:09 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:13 ` Ard Biesheuvel
2022-01-19 9:43 ` Miles Chen
2022-01-19 9:43 ` Miles Chen
2022-01-19 9:43 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 10:10 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:24 ` Miles Chen
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 9:55 ` Jason A. Donenfeld
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:06 ` Miles Chen
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:11 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 10:56 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:14 ` Jason A. Donenfeld
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 12:18 ` Ard Biesheuvel
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:34 ` Jason A. Donenfeld
2022-01-19 13:54 ` [PATCH] lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI Jason A. Donenfeld
2022-01-19 13:54 ` Jason A. Donenfeld
2022-01-19 13:54 ` Jason A. Donenfeld
2022-01-19 14:46 ` Miles Chen
2022-01-19 14:46 ` Miles Chen
2022-01-19 14:46 ` Miles Chen
2022-01-19 22:24 ` Nathan Chancellor
2022-01-19 22:24 ` Nathan Chancellor
2022-01-19 22:24 ` Nathan Chancellor
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-20 9:44 ` Jason A. Donenfeld
2022-01-21 19:54 ` Eric Biggers
2022-01-21 19:54 ` Eric Biggers
2022-01-21 19:54 ` Eric Biggers
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:22 ` Jason A. Donenfeld
2022-01-21 20:51 ` Sami Tolvanen
2022-01-21 20:51 ` Sami Tolvanen
2022-01-21 20:51 ` Sami Tolvanen
2022-01-24 19:28 ` [PATCH v2] " Jason A. Donenfeld
2022-01-24 19:28 ` Jason A. Donenfeld
2022-01-24 19:59 ` Nick Desaulniers
2022-01-24 19:59 ` Nick Desaulniers
2022-01-25 6:40 ` Eric Biggers
2022-01-25 6:40 ` Eric Biggers
2022-01-25 12:23 ` Jason A. Donenfeld
2022-01-25 12:23 ` Jason A. Donenfeld
2022-01-26 22:54 ` Eric Biggers
2022-01-26 22:54 ` Eric Biggers
2022-01-26 22:51 ` [PATCH] " John Stultz
2022-01-26 22:51 ` John Stultz
2022-01-26 22:51 ` John Stultz
2022-01-19 14:40 ` [PATCH] lib/crypto: blake2s: fix a CFI failure David Laight
2022-01-19 14:40 ` David Laight
2022-01-19 14:40 ` David Laight
2022-01-19 15:03 ` Jason A. Donenfeld
2022-01-19 15:03 ` Jason A. Donenfeld
2022-01-19 15:03 ` Jason A. Donenfeld
2022-01-19 12:34 ` Miles Chen
2022-01-19 12:34 ` Miles Chen
2022-01-19 12:34 ` Miles Chen
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:13 ` Ard Biesheuvel
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:20 ` Jason A. Donenfeld
2022-01-19 10:35 ` Ard Biesheuvel [this message]
2022-01-19 10:35 ` Ard Biesheuvel
2022-01-19 10:35 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXFdgPj7Ky-361QNAOLccr1mq5m9LSsPfbgpwV58fLAxJw@mail.gmail.com \
--to=ardb@kernel.org \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=miles.chen@mediatek.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.