On Thu, Jun 10, 2021 at 08:21:50AM +0200, Ard Biesheuvel wrote: > crypto_shash_alg_has_setkey() is implemented by testing whether the > .setkey() member of a struct shash_alg points to the default version, > called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static > inline, this requires shash_no_setkey() to be exported to modules. > > Unfortunately, when building with CFI, function pointers are routed > via CFI stubs which are private to each module (or to the kernel proper) > and so this function pointer comparison may fail spuriously. > > Let's fix this by turning crypto_shash_alg_has_setkey() into an out of > line function. > > Cc: Sami Tolvanen <samitolvanen@xxxxxxxxxx> > Cc: Eric Biggers <ebiggers@xxxxxxxxxx> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > v3: improve comment as per Eric's suggestion > v2: add code comment to explain why the function needs to remain out of > line > > crypto/shash.c | 18 +++++++++++++++--- > include/crypto/internal/hash.h | 8 +------- > 2 files changed, 16 insertions(+), 10 deletions(-) > Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>