Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp204362yba;
        Wed, 8 May 2019 19:05:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyMoCoA+SZqdBvCT509zbSdw5G6pISLS6CfJMEmfGPKz3Pk3FvsVWPoLOygMgYoyIUyOsy6
X-Received: by 2002:a65:5302:: with SMTP id m2mr1899903pgq.369.1557367555560;
        Wed, 08 May 2019 19:05:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557367555; cv=none;
        d=google.com; s=arc-20160816;
        b=MB85B3hEGeWv67toYXMIQjG0t1pGetNMWGaH5HaqCigdOUunr+QIWQjy/BsZGpqSEW
         J1QjnYvLlvDk2Pib+Zt7tcKokHrcaVFTHH3rB3DhOU/XZ+F6dixlntkMCiLzYYT2VFJG
         ikRoj+mp7sCYgKYV+9f9g/nben/q0dMdssF5qxdrx0GiyRxpS0eOu52p5Ud2t7fUXlZD
         M1gtkGWzNaxYQFVZ2zXD3w+MLYqrUKxQxqyERzvVkWkWKD4oZAup4Rr2eW/QpgjucRCd
         80VKgHQvQW0gv8AzYmh8WvzAxbo3oeg6W/DsJyLLmgdRGSE1cFYl/Wgr32sV+rlRmMbg
         okGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=/+N/0bLTd//q3Ta8MKGgYiMP/kMgbgoDErQm/1OzMwo=;
        b=PB9youfdaoatW2XQr3xhQY24BJm/KVaH+Jmhm92Qj/iPool9lG8t/eQU7P08r/1agH
         coq/FgfAjZOGB02f98pYg8D8/mdWBUhLoqFCYJkeW2+thzOHPRXsmFvEYjYCjZgB51fD
         DAfLWwZk+EE6Lbj9HN7LdBAH1MnMoI0/xVgBan0e8yHnii9hhk629J6/Df3API6fQa5m
         lSLVIoJOR5D0Kd2LHZE532wbwJfG7qnCyNxM8RCitLnScW44MMHz6W6tAo8CiSqYYuJv
         dbGD3TRWbS1kUbnLrRBPY6CiblOmiP+ArFTF2MVbBqmQ/g8Kd9y7xOPY1RO6uuT7bhKx
         zYOQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=i5x4EIRc;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s205si986438pgs.467.2019.05.08.19.05.38;
        Wed, 08 May 2019 19:05:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=i5x4EIRc;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726775AbfEICEn (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Wed, 8 May 2019 22:04:43 -0400
Received: from mail.kernel.org ([198.145.29.99]:36020 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726567AbfEICEn (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 8 May 2019 22:04:43 -0400
Received: from sol.localdomain (c-24-5-143-220.hsd1.ca.comcast.net [24.5.143.220])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 347B821530;
        Thu,  9 May 2019 02:04:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1557367482;
        bh=znO1N4UgeT7juzLezaDsDsXDpIojNyGSb5KuszeYBLQ=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=i5x4EIRcwWtIsiVqkXftBLit52Wbl8qQng+6DxaLqgqGo3HVH5jYxAQnjXD7tEzLp
         aGnEDrHBvbtPTpWVxfAueOYlQHRMAQYzYmAEXut5cCjJky3KXbe0iW81rTzOb14ort
         g5M50eldEf4Ytahb1Sn4R428dxR3h1Sb34Vh+WYQ=
Date:   Wed, 8 May 2019 19:04:40 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Kees Cook <keescook@chromium.org>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        Joao Moreira <jmoreira@suse.de>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>, X86 ML <x86@kernel.org>,
        linux-crypto <linux-crypto@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [PATCH v3 0/7] crypto: x86: Fix indirect function call casts
Message-ID: <20190509020439.GB693@sol.localdomain>
References: <20190507161321.34611-1-keescook@chromium.org>
 <20190507170039.GB1399@sol.localdomain>
 <CAGXu5jL7pWWXuJMinghn+3GjQLLBYguEtwNdZSQy++XGpGtsHQ@mail.gmail.com>
 <20190507215045.GA7528@sol.localdomain>
 <20190508133606.nsrzthbad5kynavp@gondor.apana.org.au>
 <CAGXu5jKdsuzX6KF74zAYw3PpEf8DExS9P0Y_iJrJVS+goHFbcA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGXu5jKdsuzX6KF74zAYw3PpEf8DExS9P0Y_iJrJVS+goHFbcA@mail.gmail.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, May 08, 2019 at 02:08:25PM -0700, Kees Cook wrote:
> On Wed, May 8, 2019 at 6:36 AM Herbert Xu <herbert@gondor.apana.org.au> wrote:
> > On Tue, May 07, 2019 at 02:50:46PM -0700, Eric Biggers wrote:
> > >
> > > I don't know yet.  It's difficult to read the code with 2 layers of macros.
> > >
> > > Hence why I asked why you didn't just change the prototypes to be compatible.
> >
> > I agree.  Kees, since you're changing this anyway please make it
> > look better not worse.
> 
> Do you mean I should use the typedefs in the new macros? I'm not aware
> of a way to use a typedef to declare a function body, so I had to
> repeat them. I'm open to suggestions!
> 
> As far as "fixing the prototypes", the API is agnostic of the context
> type, and uses void *. And also it provides a way to call the same
> function with different pointer types on the other arguments:
> 
> For example, quoting the existing code:
> 
> asmlinkage void twofish_dec_blk(struct twofish_ctx *ctx, u8 *dst,
>                                 const u8 *src);
> 
> Which is used for ecb and cbc:
> 
> #define GLUE_FUNC_CAST(fn) ((common_glue_func_t)(fn))
> #define GLUE_CBC_FUNC_CAST(fn) ((common_glue_cbc_func_t)(fn))
> ...
> static const struct common_glue_ctx twofish_dec = {
> ...
>                 .fn_u = { .ecb = GLUE_FUNC_CAST(twofish_dec_blk) }
> 
> static const struct common_glue_ctx twofish_dec_cbc = {
> ...
>                 .fn_u = { .cbc = GLUE_CBC_FUNC_CAST(twofish_dec_blk) }
> 
> which have different prototypes:
> 
> typedef void (*common_glue_func_t)(void *ctx, u8 *dst, const u8 *src);
> typedef void (*common_glue_cbc_func_t)(void *ctx, u128 *dst, const u128 *src);
> ...
> struct common_glue_func_entry {
>         unsigned int num_blocks; /* number of blocks that @fn will process */
>         union {
>                 common_glue_func_t ecb;
>                 common_glue_cbc_func_t cbc;
>                 common_glue_ctr_func_t ctr;
>                 common_glue_xts_func_t xts;
>         } fn_u;
> };
> 

As Herbert said, the ctx parameters could be made 'void *'.

And I also asked whether indirect calls to asm code are even allowed with CFI.
IIRC, the AOSP kernels have been patched to remove them from arm64.  It would be
helpful if you would answer that question, since it would inform the best
approach here.

As for the "ecb" functions taking 'u8 *' but the "cbc" ones taking 'u128 *' and
the same function being used in the blocks==1 case, you could just pick one of
the types to use for both.  'u8 *' probably makes more sense since both ecb and
cbc operate on blocks of 16 bytes but don't interpret them as 128-bit integers.

- Eric