Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4209483yba; Tue, 7 May 2019 14:08:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqz/WFtiNS7fTT48mKlEBwwAhhbk0BTy9+qeqw2Z/a1hDQbG223SOq7ovWq1ksEuuAw665G8 X-Received: by 2002:a63:cf:: with SMTP id 198mr40838146pga.228.1557263321361; Tue, 07 May 2019 14:08:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557263321; cv=none; d=google.com; s=arc-20160816; b=eRXJSFBeqw7qo7BstOC5DA4hsSlZcYI1vQDkTBQvmBmLT2LrH8UgAtYQZWGqoE67rO 0A0tdQmPIv/4m0Ka9EOGIb+b1dfSwd5MDBKlArS6hXxBpTTl5Tj2jbRxmY4q2kPqDGsP PfYlFXqPPcdUfm3+zHJgoE5LiMHW+Sn+xFnDniIh5hAR0hqJNyOtsC5DpvR+9z3DaIAk Q8qELxydcOchg+kSYWzGZJeo90IA/sZcD+l0V1s9/jllFH18D+mGbfPpb/6oKtPuLbgM ieJYyrOAXc5dAXMmmr6W6xXqlBaUVF3FjnyxqZQ7wqqk0KtGWQ4iFOEqq+17jKFHcpaW 4xYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=NyT42HhZo+NoWlMcFfVHa74AFNvsodijHlMncKg590Q=; b=P5FEWwnwGZULIyWTRU3uk8xj2kOq+skL6TV/qGHmgGLunt63q5AS3Here9WMCcZo/l 5mMZ/c09zFj/Y1V0U0yverOnrFSa8a9yU0dYVRUus9ugW5DujRRtCF47GdBpktvP55H2 jiN+1i52s7seCWqBl8jV54hRu/nBVtg/MaoGXHGFlmvUPRUsQIh644iiE9igtwWLhIsY xoccbNH4ODOW4TDWL5h9xAfIfsicaYwDiEWkhW7QAdFytN7IS7ewVwRdAwKlS7EQqryT jfumXUD/HjXeMe+ZMLYdvohhNgmi+VsPMjs++/xMaHYjq/cOEswGZqFqp6TQzXEEIZm3 kSUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YehQViZv; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b89si2250926plb.351.2019.05.07.14.08.18; Tue, 07 May 2019 14:08:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YehQViZv; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727408AbfEGVIH (ORCPT + 99 others); Tue, 7 May 2019 17:08:07 -0400 Received: from mail-vs1-f65.google.com ([209.85.217.65]:33457 "EHLO mail-vs1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727387AbfEGVIG (ORCPT ); Tue, 7 May 2019 17:08:06 -0400 Received: by mail-vs1-f65.google.com with SMTP id z145so11316290vsc.0 for ; Tue, 07 May 2019 14:08:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NyT42HhZo+NoWlMcFfVHa74AFNvsodijHlMncKg590Q=; b=YehQViZvLM7Lmr9d7H2oBVwOnhxc/W7ZGb3C0R7fmfvEgavSj8wr0dWjHPOIOGCXVB ++EpCbZEDhD0i+6YXXoX1RK3f89W5kHuFQztGG9LtdCwHB6ZKLxVsTYZOa3dSuXWWfxY 9ZMhyvs5cRAiCyhMUyX4IsaE2+u2EYpSjxKnk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NyT42HhZo+NoWlMcFfVHa74AFNvsodijHlMncKg590Q=; b=t5qyAabf7/ynJeM5q+N29vtO3Xp8wSvATW8ENNStdEyK2ZFJ6RJ32qvpfvhT8qCCbt 0R7ztoytpQAyrr/s63pogeer+xV/ktc/p8gUWMzxP9dwvIyZ6o0fzANekGCfk1gg+qLR 3x8krHVuG4h3h4hgt7bMGS35TYRYkfwLVIGVWIBMH2YX1JXpsclYIuNcXrvGoEd6R8pa XZu5xhXp7i+erztwWL6akQqSzLB78gQnr9MIsUUhPoPiVXl2ohuNdNe39sZmYO9p64bq V+cu+H2LIaIDzOuyVwgXUjh1qbNXklJbHx1eTJGaPjzBtSj96+ACRqABh5t8AsK+oS5U o1lA== X-Gm-Message-State: APjAAAVhJj4RAwatE52bKH7TkGznpHIBsDuJhcOKq5qWLIooLY/dKWP7 1K++Chy4ugx53LjV8v2mjROh0QNQ+lI= X-Received: by 2002:a05:6102:403:: with SMTP id d3mr9927404vsq.131.1557263284947; Tue, 07 May 2019 14:08:04 -0700 (PDT) Received: from mail-vs1-f42.google.com (mail-vs1-f42.google.com. [209.85.217.42]) by smtp.gmail.com with ESMTPSA id u3sm5318228vsi.2.2019.05.07.14.08.03 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 14:08:03 -0700 (PDT) Received: by mail-vs1-f42.google.com with SMTP id j184so11280138vsd.11 for ; Tue, 07 May 2019 14:08:03 -0700 (PDT) X-Received: by 2002:a67:dd95:: with SMTP id i21mr13304046vsk.48.1557263282871; Tue, 07 May 2019 14:08:02 -0700 (PDT) MIME-Version: 1.0 References: <20190507161321.34611-1-keescook@chromium.org> <20190507170039.GB1399@sol.localdomain> In-Reply-To: <20190507170039.GB1399@sol.localdomain> From: Kees Cook Date: Tue, 7 May 2019 14:07:51 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 0/7] crypto: x86: Fix indirect function call casts To: Eric Biggers Cc: Herbert Xu , Joao Moreira , Ingo Molnar , Thomas Gleixner , Borislav Petkov , X86 ML , linux-crypto , LKML , Kernel Hardening Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, May 7, 2019 at 10:00 AM Eric Biggers wrote: > > Given the above, the current efforts to improve the Linux security, > > and the upcoming kernel support to compilers with CFI features, this > > creates macros to be used to build the needed function definitions, > > to be used in camellia, cast6, serpent, twofish, and aesni. > > So why not change the function prototypes to be compatible with common_glue_*_t > instead, rather than wrapping them with another layer of functions? Is it > because indirect calls into asm code won't be allowed with CFI? I don't know why they're not that way to begin with. But given that the casting was already happening, this is just moving it to a place where CFI won't be angry. :) > > crypto: x86/crypto: Use new glue function macros > > This one should be "x86/serpent", not "x86/crypto". Oops, yes, that's my typo. I'll fix for v4. Do the conversions themselves look okay (the changes are pretty mechanical)? If so, Herbert, do you want a v4 with the typo fix, or do you want to fix that up yourself? Thanks! -- Kees Cook