Re: [PATCH v3] crypto: shash - avoid comparing pointers to exported functions under CFI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 10, 2021 at 11:48 AM Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> On Thu, Jun 10, 2021 at 08:21:50AM +0200, Ard Biesheuvel wrote:
> > crypto_shash_alg_has_setkey() is implemented by testing whether the
> > .setkey() member of a struct shash_alg points to the default version,
> > called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static
> > inline, this requires shash_no_setkey() to be exported to modules.
> >
> > Unfortunately, when building with CFI, function pointers are routed
> > via CFI stubs which are private to each module (or to the kernel proper)
> > and so this function pointer comparison may fail spuriously.
> >
> > Let's fix this by turning crypto_shash_alg_has_setkey() into an out of
> > line function.
> >
> > Cc: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
> > Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
> > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> > ---
> > v3: improve comment as per Eric's suggestion
> > v2: add code comment to explain why the function needs to remain out of
> > line
> >
> >  crypto/shash.c                 | 18 +++++++++++++++---
> >  include/crypto/internal/hash.h |  8 +-------
> >  2 files changed, 16 insertions(+), 10 deletions(-)
> >
>
> Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Looks good to me as well. Thank you for fixing this!

Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Sami



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux