> +++ b/arch/x86/crypto/aria-gfni-avx512-asm_64.S ... > +/* struct aria_ctx: */ > +#define enc_key 0 > +#define dec_key 272 > +#define rounds 544 I've noticed other modules with assembly code also has hardcoded assumptions about the offsets in the context structure. Sometimes they don't use macros, so they're less apparent. Example from aesni: SYM_FUNC_START(aesni_dec) FRAME_BEGIN #ifndef __x86_64__ pushl KEYP pushl KLEN movl (FRAME_OFFSET+12)(%esp), KEYP # ctx movl (FRAME_OFFSET+16)(%esp), OUTP # dst movl (FRAME_OFFSET+20)(%esp), INP # src #endif mov 480(KEYP), KLEN # key length add $240, KEYP movups (INP), STATE # input call _aesni_dec1 To ensure the C code and assembly code stay in agreement, it might be prudent to add a compile-time check in one of the C functions for each hardcoded offset value, like this for aesni: diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index 5db4814583ea..e4bcba765c77 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -288,6 +288,10 @@ static int aes_set_key_common(struct crypto_tfm *tfm, void *raw_ctx, struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx); int err; + BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_enc) != 0); + BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_dec) != 240); + BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_length) != 480); + if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 && key_len != AES_KEYSIZE_256) return -EINVAL; The sha functions and sm3 have such a check for the first field (but only that one) in their context structures: static int sha1_update(struct shash_desc *desc, const u8 *data, ... /* * Make sure struct sha1_state begins directly with the SHA1 * 160-bit internal state, as this is what the asm functions expect. */ BUILD_BUG_ON(offsetof(struct sha1_state, state) != 0);