> +++ b/arch/x86/crypto/aria-gfni-avx512-asm_64.S
...
> +/* struct aria_ctx: */
> +#define enc_key 0
> +#define dec_key 272
> +#define rounds 544
I've noticed other modules with assembly code also has
hardcoded assumptions about the offsets in the context
structure. Sometimes they don't use macros, so they're
less apparent. Example from aesni:
SYM_FUNC_START(aesni_dec)
FRAME_BEGIN
#ifndef __x86_64__
pushl KEYP
pushl KLEN
movl (FRAME_OFFSET+12)(%esp), KEYP # ctx
movl (FRAME_OFFSET+16)(%esp), OUTP # dst
movl (FRAME_OFFSET+20)(%esp), INP # src
#endif
mov 480(KEYP), KLEN # key length
add $240, KEYP
movups (INP), STATE # input
call _aesni_dec1
To ensure the C code and assembly code stay in agreement,
it might be prudent to add a compile-time check in one of
the C functions for each hardcoded offset value, like this
for aesni:
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 5db4814583ea..e4bcba765c77 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -288,6 +288,10 @@ static int aes_set_key_common(struct crypto_tfm *tfm, void *raw_ctx,
struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx);
int err;
+ BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_enc) != 0);
+ BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_dec) != 240);
+ BUILD_BUG_ON(offsetof(struct crypto_aes_ctx, key_length) != 480);
+
if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
key_len != AES_KEYSIZE_256)
return -EINVAL;
The sha functions and sm3 have such a check for the first field
(but only that one) in their context structures:
static int sha1_update(struct shash_desc *desc, const u8 *data,
...
/*
* Make sure struct sha1_state begins directly with the SHA1
* 160-bit internal state, as this is what the asm functions expect.
*/
BUILD_BUG_ON(offsetof(struct sha1_state, state) != 0);
