On Wed, 13 Nov 2019 at 22:28, Sami Tolvanen <samitolvanen@xxxxxxxxxx> wrote: > > On Wed, Nov 13, 2019 at 12:04 PM Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > > > > On Tue, Nov 12, 2019 at 02:30:46PM -0800, Sami Tolvanen wrote: > > > Declare assembly functions with the expected function type > > > instead of casting pointers in C to avoid type mismatch failures > > > with Control-Flow Integrity (CFI) checking. > > > > > > Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx> > > > --- > > > arch/arm64/crypto/sha1-ce-glue.c | 12 +++++------- > > > arch/arm64/crypto/sha2-ce-glue.c | 26 +++++++++++--------------- > > > arch/arm64/crypto/sha256-glue.c | 30 ++++++++++++------------------ > > > arch/arm64/crypto/sha512-ce-glue.c | 23 ++++++++++------------- > > > arch/arm64/crypto/sha512-glue.c | 13 +++++-------- > > > 5 files changed, 43 insertions(+), 61 deletions(-) > > > > > > diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c > > > index bdc1b6d7aff7..3153a9bbb683 100644 > > > --- a/arch/arm64/crypto/sha1-ce-glue.c > > > +++ b/arch/arm64/crypto/sha1-ce-glue.c > > > @@ -25,7 +25,7 @@ struct sha1_ce_state { > > > u32 finalize; > > > }; > > > > > > -asmlinkage void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src, > > > +asmlinkage void sha1_ce_transform(struct sha1_state *sst, u8 const *src, > > > int blocks); > > > > Please update the comments in the corresponding assembly files too. > > > > Also, this change doesn't really make sense because the assembly functions still > > expect struct sha1_ce_state, and they access sha1_ce_state::finalize which is > > not present in struct sha1_state. There should either be wrapper functions that > > explicitly do the cast from sha1_state to sha1_ce_state, or there should be > > comments in the assembly files that very clearly explain that although the > > function prototype takes sha1_state, it's really assumed to be a sha1_ce_state. > > Agreed, this needs a comment explaining the type mismatch. I'm also > fine with using wrapper functions and explicitly casting the > parameters instead of changing function declarations. Herbert, Ard, > any preferences? > I guess the former would be cleaner, using container_of() rather than a blind cast to make the code more self-documenting. The extra branch shouldn't really matter.