Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp752160pxj; Thu, 10 Jun 2021 11:48:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5V2mVKTnYYyKcN8vi2n6SKciEu7TOhokor/PHgWYKqSIQZvi4P9EKyzpPeEfqiYBtbvEx X-Received: by 2002:a05:6402:51cf:: with SMTP id r15mr860236edd.263.1623350928310; Thu, 10 Jun 2021 11:48:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623350928; cv=none; d=google.com; s=arc-20160816; b=wEgMGuEmxSqLZ1Gzu4wOfEyzV4XUN9bP0XFZaBaaY6QInnZVAoHQpf2/aTohqfhUTN Msu3EWg9O3p2oHN/JE6b37kjvi3u8GYI5NVD62LxJMDQa5oYduv+SEhzOBqkTTItSOjZ Lv/40wkSj/j2Pj50BzirYa31hupjJPmjKU03iMa2KWw7OHhNi40WXOqaOfWEN1I9t2vB OCb4ecrGi4+/Xw39Ne0cGjvBuEIrBkJfO24d1fzhNOfmlVy11WBDrMp/unt3V8K7jjaR vdfabXpPsdVd2nBo7uV6ptwRklDuUPeDV/PeJygUePXyZ+9uUeVqw82PPFEHMRHI2g7o pA7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qoX+t4auZIGw7u262i64OHAQwRdfFsl5lrRw31ug3bM=; b=I0/NYl21mCu8ceApAEMLCUhTGEcEMOfMVJ5Hj6NOQNZY5FZlIDvXQXUutbpuw73SOJ Nygq2Tyl9Dsv4PS81LintJW60ej9cS3fbbDasnDNjlVpgq7re4xMYw+cQJrWa/g7exoS uaWvaiD3FN0HAd3fK0SQ7DJVDo6SymbqHo/m1EwXWbuiYR0zm/VxHNGEnieqCraVuJf0 FRpjdgGfLfP/nzC/soXKAgmuQiTgPnIIxIJwI/qoBP44DWAwPiQoaiI2BwPdugMiDCis AEcBBB5tw2F1J5xUZfooGluJP6ke4Bysb8ChNFEBi1r5JkuynM1DQzUXvx5Mf3hUoN/H OBaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGptpNtx; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s27si2895935eja.413.2021.06.10.11.48.13; Thu, 10 Jun 2021 11:48:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGptpNtx; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230080AbhFJSuD (ORCPT + 99 others); Thu, 10 Jun 2021 14:50:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:46426 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229935AbhFJSuC (ORCPT ); Thu, 10 Jun 2021 14:50:02 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3C657613DF; Thu, 10 Jun 2021 18:48:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1623350886; bh=V7TG4y7UNJ3EHwuNTUY6ZTRf2X1MD+YMR1lY0uWspXo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OGptpNtxHYLF7t6tCrjkhrpLMK9PDbecotaG7d1VeTacWqsnxqF78YCwbZ2IFVfum zDq+tAeEKzht5wSS/eePTC9zzrhAW+dBxiM+XgdfyLU9RJqT9a/wpb9pHfWKyr8/XU I6Fc9NoFaYdG7JAmLR2N/Ud9lHwuShAIpVTMxlgvvzuJPfFudmL0Eks4kBVWe0XBYw kezjFCpaZgrH1bmjpuOsrWZWdROELmfFUnj8maPQKqvwNEq7FZpTOPH3BCH1o+V9oj VwZcfiezhOmWTXaARYZjkpE33HhZtbSEdmmdWX/ybddE16YO0zlepo5JfA8gMqiUqG 4FEfrKS0lSYPQ== Date: Thu, 10 Jun 2021 11:48:04 -0700 From: Eric Biggers To: Ard Biesheuvel Cc: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, Sami Tolvanen Subject: Re: [PATCH v3] crypto: shash - avoid comparing pointers to exported functions under CFI Message-ID: References: <20210610062150.212779-1-ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210610062150.212779-1-ardb@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jun 10, 2021 at 08:21:50AM +0200, Ard Biesheuvel wrote: > crypto_shash_alg_has_setkey() is implemented by testing whether the > .setkey() member of a struct shash_alg points to the default version, > called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static > inline, this requires shash_no_setkey() to be exported to modules. > > Unfortunately, when building with CFI, function pointers are routed > via CFI stubs which are private to each module (or to the kernel proper) > and so this function pointer comparison may fail spuriously. > > Let's fix this by turning crypto_shash_alg_has_setkey() into an out of > line function. > > Cc: Sami Tolvanen > Cc: Eric Biggers > Signed-off-by: Ard Biesheuvel > --- > v3: improve comment as per Eric's suggestion > v2: add code comment to explain why the function needs to remain out of > line > > crypto/shash.c | 18 +++++++++++++++--- > include/crypto/internal/hash.h | 8 +------- > 2 files changed, 16 insertions(+), 10 deletions(-) > Reviewed-by: Eric Biggers