From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Kees Cook" <keescook@chromium.org>,
"João Moreira" <joao.moreira@lsc.ic.unicamp.br>,
"Eric Biggers" <ebiggers@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
"David S. Miller" <davem@davemloft.net>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Stephan Mueller" <smueller@chronox.de>,
x86@kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v4 1/8] crypto: x86/glue_helper: Add function glue macros
Date: Mon, 11 Nov 2019 13:45:45 -0800 [thread overview]
Message-ID: <20191111214552.36717-2-keescook@chromium.org> (raw)
In-Reply-To: <20191111214552.36717-1-keescook@chromium.org>
The crypto glue performed function prototype casting to make indirect
calls to assembly routines. Instead of performing casts at the call
sites (which trips Control Flow Integrity prototype checking), create a
set of macros to either declare the prototypes to avoid the need for
casts, or build inline helpers to allow for various aliased functions.
Co-developed-by: João Moreira <joao.moreira@lsc.ic.unicamp.br>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/x86/include/asm/crypto/glue_helper.h | 24 +++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/arch/x86/include/asm/crypto/glue_helper.h b/arch/x86/include/asm/crypto/glue_helper.h
index 8d4a8e1226ee..2fa4968ab8e2 100644
--- a/arch/x86/include/asm/crypto/glue_helper.h
+++ b/arch/x86/include/asm/crypto/glue_helper.h
@@ -23,6 +23,30 @@ typedef void (*common_glue_xts_func_t)(void *ctx, u128 *dst, const u128 *src,
#define GLUE_CTR_FUNC_CAST(fn) ((common_glue_ctr_func_t)(fn))
#define GLUE_XTS_FUNC_CAST(fn) ((common_glue_xts_func_t)(fn))
+#define CRYPTO_FUNC(func) \
+asmlinkage void func(void *ctx, u8 *dst, const u8 *src)
+
+#define CRYPTO_FUNC_CBC(func) \
+asmlinkage void func(void *ctx, u128 *dst, const u128 *src)
+
+#define CRYPTO_FUNC_WRAP_CBC(func) \
+static inline void func ## _cbc(void *ctx, u128 *dst, const u128 *src) \
+{ func(ctx, (u8 *)dst, (u8 *)src); }
+
+#define CRYPTO_FUNC_CTR(func) \
+asmlinkage void func(void *ctx, u128 *dst, const u128 *src, le128 *iv);
+
+#define CRYPTO_FUNC_XTS(func) CRYPTO_FUNC_CTR(func)
+
+#define CRYPTO_FUNC_XOR(func) \
+asmlinkage void __ ## func(void *ctx, u8 *dst, const u8 *src, bool y); \
+asmlinkage static inline \
+void func(void *ctx, u8 *dst, const u8 *src) \
+{ __ ## func(ctx, dst, src, false); } \
+asmlinkage static inline \
+void func ## _xor(void *ctx, u8 *dst, const u8 *src) \
+{ __ ## func(ctx, dst, src, true); }
+
struct common_glue_func_entry {
unsigned int num_blocks; /* number of blocks that @fn will process */
union {
--
2.17.1
next prev parent reply other threads:[~2019-11-11 21:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-11 21:45 [PATCH v4 0/8] crypto: x86: Fix indirect function call casts Kees Cook
2019-11-11 21:45 ` Kees Cook [this message]
2019-11-11 21:45 ` [PATCH v4 2/8] crypto: x86/serpent: Use new glue function macros Kees Cook
2019-11-11 21:45 ` [PATCH v4 3/8] crypto: x86/camellia: " Kees Cook
2019-11-12 2:41 ` Stephan Müller
2019-11-12 3:14 ` Eric Biggers
2019-11-12 3:16 ` Herbert Xu
2019-11-12 22:56 ` Kees Cook
2019-11-11 21:45 ` [PATCH v4 4/8] crypto: x86/twofish: " Kees Cook
2019-11-11 21:45 ` [PATCH v4 5/8] crypto: x86/cast6: " Kees Cook
2019-11-11 21:45 ` [PATCH v4 6/8] crypto: x86/aesni: " Kees Cook
2019-11-11 21:45 ` [PATCH v4 7/8] crypto: x86/glue_helper: Remove function prototype cast helpers Kees Cook
2019-11-11 21:45 ` [PATCH v4 8/8] crypto, x86/sha: Eliminate casts on asm implementations Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191111214552.36717-2-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=ard.biesheuvel@linaro.org \
--cc=davem@davemloft.net \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=joao.moreira@lsc.ic.unicamp.br \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.