Re: [PATCH v3] crypto: shash - avoid comparing pointers to exported functions under CFI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 10, 2021 at 08:21:50AM +0200, Ard Biesheuvel wrote:
> crypto_shash_alg_has_setkey() is implemented by testing whether the
> .setkey() member of a struct shash_alg points to the default version,
> called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static
> inline, this requires shash_no_setkey() to be exported to modules.
> 
> Unfortunately, when building with CFI, function pointers are routed
> via CFI stubs which are private to each module (or to the kernel proper)
> and so this function pointer comparison may fail spuriously.
> 
> Let's fix this by turning crypto_shash_alg_has_setkey() into an out of
> line function.
> 
> Cc: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
> Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> v3: improve comment as per Eric's suggestion
> v2: add code comment to explain why the function needs to remain out of
> line
> 
>  crypto/shash.c                 | 18 +++++++++++++++---
>  include/crypto/internal/hash.h |  8 +-------
>  2 files changed, 16 insertions(+), 10 deletions(-)
> 

Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux