Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp25108pxj; Thu, 10 Jun 2021 13:42:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7HDKmqo/FWmTbwimG5PXfSaEEyjiCr4U8Tgb9MkvW3V0sipQjDmr3Q0uxdsmaCRFBNBnO X-Received: by 2002:aa7:db93:: with SMTP id u19mr302289edt.227.1623357770360; Thu, 10 Jun 2021 13:42:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623357770; cv=none; d=google.com; s=arc-20160816; b=skYvhE7DisoGsnxcOw2LuR0MDELSjBzWozgRJxOs1zpZghtXPxfNp0ce4Cm0qg0bDE ajggbxbc64QGLIQ7nitFnFk28uPfzjxG1/ypwOhvdPNqa1ji98xftbN0PlgIoAR6mBjR TY4LSLeeb5F6ztJsHNjz2keiTfo9nqpFJI0Z0SH+hJPIf+GCKrkq171E2XR7QyblQO92 rwFgZ40e4y2LH792gTRaLVckqYyWDzL5ahBkLcdUPbbCrG30PsYXIR50CuIo3ujw9RB6 mOd+DEZ2jGvkg027QQDD9TN4cbMLICqrEUB+u6uMfXwZ0KKNgwzkjstjrNYMU5h26xpq 9v6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=GSEpM/8U8+9Wh8OlIRV8yoDCL+pXbR9afyZOId+gd8s=; b=Q0qHsYR5sJ2D091JzGfIinMtJWrooWvncZcIZ0E6y6NuNk9wgOC6pXyDHCM5tGKTzF YMWZB15m4punVEOTHeaFAKJwLkuciRL4fxsyYUBq2a3RnjxNELia/NTEjqYVW6PUvCN8 VbepChIWawb2jzy4bNrQkRYHS5yZvk8RzzfeHX8WKj/c+GYuM0W6kffsyCwy5YAjzCNl gjbejNrT4dVXZhbkSKu0R1g08dzRBsw+mfR0WeYI1WXhuVDUjZerOqeSuBmwsL04J6gE O7kDC27A3N41UBFml3fXZQ5a5gtkauH7gWamM2pEj7elQrU7+RQjwr/8LGuyL+a4oUF7 0Yjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RLUha37m; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f9si3006039ejd.630.2021.06.10.13.42.16; Thu, 10 Jun 2021 13:42:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=RLUha37m; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230520AbhFJUmU (ORCPT + 99 others); Thu, 10 Jun 2021 16:42:20 -0400 Received: from mail-yb1-f179.google.com ([209.85.219.179]:37441 "EHLO mail-yb1-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230447AbhFJUmU (ORCPT ); Thu, 10 Jun 2021 16:42:20 -0400 Received: by mail-yb1-f179.google.com with SMTP id b13so1179130ybk.4 for ; Thu, 10 Jun 2021 13:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GSEpM/8U8+9Wh8OlIRV8yoDCL+pXbR9afyZOId+gd8s=; b=RLUha37mtxfmon728WpMQRtqTcPQ5mzrrSHudUN10PwR6PGxgi5WQHAU+MRFfT70SZ wBSAhKFe8Yv50oNXs0qVpEQxajAWu9KUrQpryAFUZ7oeqPGgEhofYl3Pbh3MBK2Mm2Em MU7OX0Hn74YxL1EbpH119urOXbSq/tZf2O227W7mqWwu+hrHdvt7twKj+QqYVzkNem85 gFGOKNJEvj5dswvFZsgj4k18HlJ1VKWmHBF6DjLXeT/mqrCO5Vhob0nZkwMwBl/rn1tf 0WqVugygy5GjbCss6DjXQPtsthUyGGOJApxwm6LdDDd1gkx212TDx0eHNdFkzagYEU+v qFLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GSEpM/8U8+9Wh8OlIRV8yoDCL+pXbR9afyZOId+gd8s=; b=motgL1vpKyQg2co6qVmVSw549Jz6I4rgQKRCtLKnbcHxCamkgPYn5VrWN1tCrtF2FV TSjsxtiy1/w3FQeAyhgBxepPfVLxZiy0d/knYCjSng2nVDK+ml0w1eQP68eF5URxhtMF KYNvUQedXcnACd/0k3FdsAUNrVlqoEgQR6IWgVuz96GhmD2FjUkz8l5SYOy4TdQr6tiy NWiAaV7Y9IvkhdZDHSZukIZLaX86wT/9UXH/aHb4j4M+klxwGkhSIR+TUMQpI2fJBTb+ a851QMy0w9bN+clgbyMINAQxDGgYbpqSDmRLZCVgk9y/uBv3ZxKOSBWxgB4hTL6jkImW rSdA== X-Gm-Message-State: AOAM531fvTVDTFc9a79i1vrb48YgT7uf0anrR46+KWhAXzh0X908F7mh /k3aJDcEBPdKqPk8mqLrsy4xO0wLj6jEem+tIuyQ8WAxwLJIOg== X-Received: by 2002:a25:26c3:: with SMTP id m186mr880274ybm.47.1623357551424; Thu, 10 Jun 2021 13:39:11 -0700 (PDT) MIME-Version: 1.0 References: <20210610062150.212779-1-ardb@kernel.org> In-Reply-To: From: Sami Tolvanen Date: Thu, 10 Jun 2021 13:39:00 -0700 Message-ID: Subject: Re: [PATCH v3] crypto: shash - avoid comparing pointers to exported functions under CFI To: Eric Biggers Cc: Ard Biesheuvel , linux-crypto , Herbert Xu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jun 10, 2021 at 11:48 AM Eric Biggers wrote: > > On Thu, Jun 10, 2021 at 08:21:50AM +0200, Ard Biesheuvel wrote: > > crypto_shash_alg_has_setkey() is implemented by testing whether the > > .setkey() member of a struct shash_alg points to the default version, > > called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static > > inline, this requires shash_no_setkey() to be exported to modules. > > > > Unfortunately, when building with CFI, function pointers are routed > > via CFI stubs which are private to each module (or to the kernel proper) > > and so this function pointer comparison may fail spuriously. > > > > Let's fix this by turning crypto_shash_alg_has_setkey() into an out of > > line function. > > > > Cc: Sami Tolvanen > > Cc: Eric Biggers > > Signed-off-by: Ard Biesheuvel > > --- > > v3: improve comment as per Eric's suggestion > > v2: add code comment to explain why the function needs to remain out of > > line > > > > crypto/shash.c | 18 +++++++++++++++--- > > include/crypto/internal/hash.h | 8 +------- > > 2 files changed, 16 insertions(+), 10 deletions(-) > > > > Reviewed-by: Eric Biggers Looks good to me as well. Thank you for fixing this! Reviewed-by: Sami Tolvanen Sami