[PATCH v4] crypto: riscv/poly1305 - import OpenSSL/CRYPTOGAMS implementation
Andy Polyakov
appro at cryptogams.org
Fri Jun 27 02:07:42 PDT 2025
>>>>> +.globl poly1305_init
>>>>> +.type poly1305_init,\@function
>>>>> +poly1305_init:
>>>>> +#ifdef __riscv_zicfilp
>>>>> + lpad 0
>>>>> +#endif
>>>>
>>>> But they appear to be unnecessary.
>>>
>>> They are better be there if Control Flow Integrity is on. It's the same deal
>>> as with endbranch instruction on Intel and hint #34 on ARM. It's possible
>>> that the kernel never engages CFI for itself, in which case all the
>>> mentioned instructions are executed as nop-s. But note that here they are
>>> compiled conditionally, so that if you don't compile the kernel with
>>> -march=..._zicfilp_..., then they won't be there.
>>
>> There appears to be no kernel-mode support for Zicfilp yet. This would be the
>> very first occurrence of the lpad instruction in the kernel source.
>
> Of course, if the kernel actually ends up calling these functions
> indirectly at some point, lpad alone isn't sufficient,
The exception condition is specified as "tag != x7 *and* tag != 0." In
other words lpad 0 provides a coarse-grained, but a protection
nevertheless. As effective as the endbranch on Intel. Since a
"fit-multiple-use-cases" assembly module, such as cryptogams' ones,
can't make specific assumptions about the caller, lpad 0 is a working
fall-back.
> we would need
> to use SYM_TYPED_FUNC_START to emit CFI type information for them.
I'm confused. My understanding is that SYM_TYPED_FUNC_START is about
clang -fsanitize=kcfi, which is a different mechanism. Well, you might
be referring to future developments...
> Also, if the kernel decides to use type-based landing pad labels for
> finer-grained CFI, "lpad 0" isn't going to work anyway.
It would, it simply won't be fine-graned.
> Perhaps it
> would make sense to just drop the lpad instruction in kernel builds
> for now to avoid confusion?
Let's say I go for
#ifdef __KERNEL__
SYM_TYPED_FUNC_START(poly1305_init, ...)
#else
.globl poly1305_init
.type poly1305_init,\@function
poly1305_init:
# ifdef __riscv_zicfilp
lpad 0
# endif
#endif
Would it be sufficient to #include <linux/cfi_types.h>?
Cheers.
More information about the linux-riscv
mailing list