Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3974925yba;
        Tue, 7 May 2019 10:01:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyZEC1Z0N3Wk/xOWsV0UC6EV+xLy5R4fV6H1gZVgVtvdly0ZJEuvRE57TiFQN2wRJp3y5RG
X-Received: by 2002:a63:8242:: with SMTP id w63mr40510073pgd.169.1557248469141;
        Tue, 07 May 2019 10:01:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557248469; cv=none;
        d=google.com; s=arc-20160816;
        b=0Xx2AdujNQ4nOBbTu+SAE5EQU8BFCQwLtpduc48XcbrZop7+31SVVNq9Gbe8hvZv6y
         cNifw6a+lwNkA22zIg9UNG9aVRvRU9yBK3w6uuYQ5wHEojL1K0RMQ/vy2qSUs8gSXFsb
         W1G4/beFWQAoi52+fv4b6FPApcL8B3ogEh80iNKTDWQoko4Xia7d3ZAsdhQ8wOKVoNL9
         XBAQSgS2sxOfpgrCWj2YE5c8xO/ar2IZE2cIMfq1SJvkx+8seLT2CS70oSSpZkmqmMRw
         6NXxCEQRSKS/bOrRhwgH+xxD+8kn/0cqM3gcMDcKpPwsq/wVCs0YWnu8/mZqHDMkkhkt
         /xTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=jyHvBcvNx1NbU2VbLJaFmKKj+K/y3+DDedgi4YHcvsQ=;
        b=QeMIgM+Q1SnJYdViFX/Jrtch/rKl13XViG3UgW4X8+bjX1BSFH/ufJIs8vlvtVJexY
         VKR56huxJZZ8dzyAiqMfQ1hda1mvEaSDz4qzWoA7anG5BcfkJCXHjIJHI+NJb24G9EaY
         IvarfoJvkO03tqsCmw5ALt7JLJ7AEHK+Ow3r9JnQnnd3l7znbFFtc9+CxWVb3WiYO6hM
         u1fzzmNZSu2yeXDavYbuzsnlo1yBd5Gsn3KaGrQP7jWCas7hjsLwxf8ciOOg6utHo2DU
         a+ldXkqjm6kKTopHttYY5ujgLIzpP4IRWvfgQOVirS6eXufh4BmvWx4OQxvPefPVYsw1
         dI7A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=w8MinZXn;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 19si19546734pga.249.2019.05.07.10.00.45;
        Tue, 07 May 2019 10:01:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=w8MinZXn;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726572AbfEGRAo (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Tue, 7 May 2019 13:00:44 -0400
Received: from mail.kernel.org ([198.145.29.99]:57620 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726653AbfEGRAo (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 7 May 2019 13:00:44 -0400
Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 9E458205C9;
        Tue,  7 May 2019 17:00:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1557248443;
        bh=G+qb4mTZZf1+K60slYyfU+u7qCcmQIGix5qa5oI84So=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=w8MinZXn3uyE4T4a8rqFyPszmf9okXiIhTuBUQIyeVHWtqh/KNbEZvZQXnWOtXcyJ
         KM1VyZ9uKbx5Jz4uAoJ+pjB/6v+ON5dBLtJReyJ6CzD/gzfXV+TwnB1Br4o+YXhrAI
         EM35u4+lXLDbn03vngyg40yRK5SxfUAqxUvFlOzQ=
Date:   Tue, 7 May 2019 10:00:41 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Kees Cook <keescook@chromium.org>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        Joao Moreira <jmoreira@suse.de>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>, x86@kernel.org,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v3 0/7] crypto: x86: Fix indirect function call casts
Message-ID: <20190507170039.GB1399@sol.localdomain>
References: <20190507161321.34611-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190507161321.34611-1-keescook@chromium.org>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, May 07, 2019 at 09:13:14AM -0700, Kees Cook wrote:
> It is possible to indirectly invoke functions with prototypes that do
> not match those of the respectively used function pointers by using void
> types or casts. This feature is frequently used as a way of relaxing
> function invocation, making it possible that different data structures
> are passed to different functions through the same pointer.
> 
> Despite the benefits, this can lead to a situation where functions with a
> given prototype are invoked by pointers with a different prototype. This
> is undesirable as it may prevent the use of heuristics such as prototype
> matching-based Control-Flow Integrity, which can be used to prevent
> ROP-based attacks.
> 
> One way of fixing this situation is through the use of inline helper
> functions with prototypes that match the one in the respective invoking
> pointer.
> 
> Given the above, the current efforts to improve the Linux security,
> and the upcoming kernel support to compilers with CFI features, this
> creates macros to be used to build the needed function definitions,
> to be used in camellia, cast6, serpent, twofish, and aesni.

So why not change the function prototypes to be compatible with common_glue_*_t
instead, rather than wrapping them with another layer of functions?  Is it
because indirect calls into asm code won't be allowed with CFI?

> 
> -Kees (and Joao)
> 
> v3:
> - no longer RFC
> - consolidate macros into glue_helper.h
> - include aesni which was using casts as well
> - remove XTS_TWEAK_CAST while we're at it
> 
> v2:
> - update cast macros for clarity
> 
> v1:
> - initial prototype
> 
> Joao Moreira (4):
>   crypto: x86/crypto: Use new glue function macros

This one should be "x86/serpent", not "x86/crypto".

>   crypto: x86/camellia: Use new glue function macros
>   crypto: x86/twofish: Use new glue function macros
>   crypto: x86/cast6: Use new glue function macros
> 
> Kees Cook (3):
>   crypto: x86/glue_helper: Add static inline function glue macros
>   crypto: x86/aesni: Use new glue function macros
>   crypto: x86/glue_helper: Remove function prototype cast helpers
> 
>  arch/x86/crypto/aesni-intel_glue.c         | 31 ++++-----
>  arch/x86/crypto/camellia_aesni_avx2_glue.c | 73 +++++++++-------------
>  arch/x86/crypto/camellia_aesni_avx_glue.c  | 63 +++++++------------
>  arch/x86/crypto/camellia_glue.c            | 21 +++----
>  arch/x86/crypto/cast6_avx_glue.c           | 65 +++++++++----------
>  arch/x86/crypto/serpent_avx2_glue.c        | 65 +++++++++----------
>  arch/x86/crypto/serpent_avx_glue.c         | 58 ++++++-----------
>  arch/x86/crypto/serpent_sse2_glue.c        | 27 +++++---
>  arch/x86/crypto/twofish_avx_glue.c         | 71 ++++++++-------------
>  arch/x86/crypto/twofish_glue_3way.c        | 28 ++++-----
>  arch/x86/include/asm/crypto/camellia.h     | 64 ++++++-------------
>  arch/x86/include/asm/crypto/glue_helper.h  | 34 ++++++++--
>  arch/x86/include/asm/crypto/serpent-avx.h  | 28 ++++-----
>  arch/x86/include/asm/crypto/twofish.h      | 22 ++++---
>  include/crypto/xts.h                       |  2 -
>  15 files changed, 283 insertions(+), 369 deletions(-)
> 
> -- 
> 2.17.1
>