mirror of
https://github.com/torvalds/linux
synced 2024-10-03 09:48:02 +00:00
d2a02e3c8b
blake2s_compress_generic is weakly aliased by blake2s_compress. The
current harness for function selection uses a function pointer, which is
ordinarily inlined and resolved at compile time. But when Clang's CFI is
enabled, CFI still triggers when making an indirect call via a weak
symbol. This seems like a bug in Clang's CFI, as though it's bucketing
weak symbols and strong symbols differently. It also only seems to
trigger when "full LTO" mode is used, rather than "thin LTO".
[ 0.000000][ T0] Kernel panic - not syncing: CFI failure (target: blake2s_compress_generic+0x0/0x1444)
[ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-mainline-06981-g076c855b846e #1
[ 0.000000][ T0] Hardware name: MT6873 (DT)
[ 0.000000][ T0] Call trace:
[ 0.000000][ T0] dump_backtrace+0xfc/0x1dc
[ 0.000000][ T0] dump_stack_lvl+0xa8/0x11c
[ 0.000000][ T0] panic+0x194/0x464
[ 0.000000][ T0] __cfi_check_fail+0x54/0x58
[ 0.000000][ T0] __cfi_slowpath_diag+0x354/0x4b0
[ 0.000000][ T0] blake2s_update+0x14c/0x178
[ 0.000000][ T0] _extract_entropy+0xf4/0x29c
[ 0.000000][ T0] crng_initialize_primary+0x24/0x94
[ 0.000000][ T0] rand_initialize+0x2c/0x6c
[ 0.000000][ T0] start_kernel+0x2f8/0x65c
[ 0.000000][ T0] __primary_switched+0xc4/0x7be4
[ 0.000000][ T0] Rebooting in 5 seconds..
Nonetheless, the function pointer method isn't so terrific anyway, so
this patch replaces it with a simple boolean, which also gets inlined
away. This successfully works around the Clang bug.
In general, I'm not too keen on all of the indirection involved here; it
clearly does more harm than good. Hopefully the whole thing can get
cleaned up down the road when lib/crypto is overhauled more
comprehensively. But for now, we go with a simple bandaid.
Fixes:
|
||
|---|---|---|
| .. | ||
| .gitignore | ||
| aes-ce-core.S | ||
| aes-ce-glue.c | ||
| aes-cipher-core.S | ||
| aes-cipher-glue.c | ||
| aes-neonbs-core.S | ||
| aes-neonbs-glue.c | ||
| blake2b-neon-core.S | ||
| blake2b-neon-glue.c | ||
| blake2s-core.S | ||
| blake2s-glue.c | ||
| blake2s-shash.c | ||
| chacha-glue.c | ||
| chacha-neon-core.S | ||
| chacha-scalar-core.S | ||
| crc32-ce-core.S | ||
| crc32-ce-glue.c | ||
| crct10dif-ce-core.S | ||
| crct10dif-ce-glue.c | ||
| curve25519-core.S | ||
| curve25519-glue.c | ||
| ghash-ce-core.S | ||
| ghash-ce-glue.c | ||
| Kconfig | ||
| Makefile | ||
| nh-neon-core.S | ||
| nhpoly1305-neon-glue.c | ||
| poly1305-armv4.pl | ||
| poly1305-glue.c | ||
| sha1-armv4-large.S | ||
| sha1-armv7-neon.S | ||
| sha1-ce-core.S | ||
| sha1-ce-glue.c | ||
| sha1.h | ||
| sha1_glue.c | ||
| sha1_neon_glue.c | ||
| sha2-ce-core.S | ||
| sha2-ce-glue.c | ||
| sha256-armv4.pl | ||
| sha256_glue.c | ||
| sha256_glue.h | ||
| sha256_neon_glue.c | ||
| sha512-armv4.pl | ||
| sha512-glue.c | ||
| sha512-neon-glue.c | ||
| sha512.h | ||