Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1114579yba;
        Thu, 9 May 2019 10:58:56 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwJ4xyZIw3L0G5OXgSZbg9DQvyLM0RiBkPnBlCdwagHagUTKkENltkOrh4GhpkESItYCHFA
X-Received: by 2002:a65:6295:: with SMTP id f21mr7446446pgv.129.1557424735929;
        Thu, 09 May 2019 10:58:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557424735; cv=none;
        d=google.com; s=arc-20160816;
        b=caEEEc1Tj5HorIFEftrDNH0gygaNL6CkH3imglfSQbrqU1IDzMHkiW1ATSw0aYM9QJ
         JrtaHk82KK0A0p1NVz4fe5nt7qyySgRGrNV6gwtie3tuoyTuMGrRgNb2gIt7WKii41xr
         /qu///NcnvX6Z29RAlW4eC8mXrJpQWEggGKVZK0m8tNAo3Dimohc0S3FhUUlegQEtsl1
         UzEvv+qhmRuylyBNpDrMxnOWhNlK5/R9nCOIv1Fz/EMPkElG6vzS20OgUSSNuSWzwDUL
         fjQvie/VBYhukYUC361TGA1BigbcY7A4WXiTfcciHcwRdlHrQCjzL+MMpiScqXTw0rD6
         HBGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=JZDYctoJK+fOisYIqhDQqJXVBLl1L71LGPHwLTrwlR4=;
        b=G0In/fsKlDIBCvltn84SJZOx0RC7Z9O2Zt3jnv+7Zu+UQ/9qLbVVM9i3VTRunLJMsR
         +fD+B4x1nc2gsigBRQqljO7NgqUFE7UKdYcMUuebQZnwSRi5XbGqFeHYXnHmP+5Qelof
         D00yaHUPVafPQ5FPvjoiWagTq6vKckC0JF+9k9jU4FM9wFKlSCfO+98EIQ7dnSCb5F95
         ipdgpOS+5vtMXD6VO33TTZXusE9B1+rqB9mGR7wTxaFaAaRxeMxHZ5TydagMZliE34U+
         Bx6GdC1Xi/O7p7J7ZJ/+r+XSRdm7RhZwnaQLLddYmTwLKRiY/8/peeU0OwLA9bve/h+H
         aYCQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=kLhYb3t9;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 187si4542147pgj.149.2019.05.09.10.58.34;
        Thu, 09 May 2019 10:58:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=kLhYb3t9;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726790AbfEIR60 (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Thu, 9 May 2019 13:58:26 -0400
Received: from mail.kernel.org ([198.145.29.99]:45816 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726558AbfEIR6Z (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 9 May 2019 13:58:25 -0400
Received: from gmail.com (unknown [104.132.1.77])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 0A1B72085A;
        Thu,  9 May 2019 17:58:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1557424705;
        bh=YiJk2tcPpKphUTjpD3Gqc+Ugt+DTuVzY4k6rDbHx4ik=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=kLhYb3t9rHIfD5eNfgXKr9ZSLJTKa3rk6SclZMQQB3lM2zCM0vL9nE4oAc1cajvTV
         PJ8k9vHRyJn24LkV6GhhVH3FNf/EoPLmMsykM3aksm+WQ9MuKJy3W8ZxLRyaW0DF4Q
         7ScecLU+GXWKWbA+r+6GIzaspWZSDKK3nTgstZ0Y=
Date:   Thu, 9 May 2019 10:58:23 -0700
From:   Eric Biggers <ebiggers@kernel.org>
To:     Sami Tolvanen <samitolvanen@google.com>
Cc:     Kees Cook <keescook@chromium.org>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Joao Moreira <jmoreira@suse.de>,
        Ingo Molnar <mingo@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@alien8.de>, X86 ML <x86@kernel.org>,
        linux-crypto <linux-crypto@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>
Subject: Re: [PATCH v3 0/7] crypto: x86: Fix indirect function call casts
Message-ID: <20190509175822.GB12602@gmail.com>
References: <20190507161321.34611-1-keescook@chromium.org>
 <20190507170039.GB1399@sol.localdomain>
 <CAGXu5jL7pWWXuJMinghn+3GjQLLBYguEtwNdZSQy++XGpGtsHQ@mail.gmail.com>
 <20190507215045.GA7528@sol.localdomain>
 <20190508133606.nsrzthbad5kynavp@gondor.apana.org.au>
 <CAGXu5jKdsuzX6KF74zAYw3PpEf8DExS9P0Y_iJrJVS+goHFbcA@mail.gmail.com>
 <20190509020439.GB693@sol.localdomain>
 <20190509153828.GA261205@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190509153828.GA261205@google.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Thu, May 09, 2019 at 08:38:28AM -0700, Sami Tolvanen wrote:
> On Wed, May 08, 2019 at 07:04:40PM -0700, Eric Biggers wrote:
> > And I also asked whether indirect calls to asm code are even allowed
> > with CFI. IIRC, the AOSP kernels have been patched to remove them from
> > arm64
> 
> At least with clang, indirect calls to stand-alone assembly functions
> trip CFI checks, which is why Android kernels use static inline stubs
> to convert these to direct calls instead.
> 
> Sami

Thanks Sami.  Is there any way to annotate assembly functions such that they
work directly with CFI?  Otherwise, we need the wrapper functions.

Kees and Joao, it would be helpful if you'd explain this in the patchset.

- Eric