mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 11:17:29 +02:00
linuxkm: add coverage for Linux 6.4+ module memory layout refactor; also, refactor WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to make it settable independent of WOLFSSL_AESNI etc.
This commit is contained in:
Daniel Pouzzner
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
/* included by wolfcrypt/src/memory.c */
|
/* included by wolfcrypt/src/memory.c */
|
||||||
|
|
||||||
#if defined(WOLFSSL_LINUXKM_SIMD_X86)
|
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
|
||||||
#ifdef LINUXKM_SIMD_IRQ
|
#ifdef LINUXKM_SIMD_IRQ
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)
|
||||||
static union fpregs_state **wolfcrypt_linuxkm_fpu_states = NULL;
|
static union fpregs_state **wolfcrypt_linuxkm_fpu_states = NULL;
|
||||||
@ -335,7 +335,7 @@
|
|||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED */
|
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS && CONFIG_X86 */
|
||||||
|
|
||||||
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
|
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
|
||||||
/* needed in 6.1+ because show_free_areas() static definition in mm.h calls
|
/* needed in 6.1+ because show_free_areas() static definition in mm.h calls
|
||||||
|
|||||||
@ -119,10 +119,30 @@
|
|||||||
#endif
|
#endif
|
||||||
#include <linux/net.h>
|
#include <linux/net.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
|
|
||||||
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
|
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
|
||||||
#ifndef CONFIG_X86
|
#ifndef CONFIG_X86
|
||||||
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
|
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
|
||||||
|
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
|
||||||
|
#endif
|
||||||
|
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
|
||||||
|
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
|
||||||
|
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
|
||||||
|
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
|
||||||
|
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
|
||||||
|
#endif
|
||||||
|
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
|
||||||
|
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
|
||||||
|
#endif
|
||||||
|
#else
|
||||||
|
#ifndef WOLFSSL_NO_ASM
|
||||||
|
#define WOLFSSL_NO_ASM
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
|
||||||
#define WOLFSSL_LINUXKM_SIMD
|
#define WOLFSSL_LINUXKM_SIMD
|
||||||
#define WOLFSSL_LINUXKM_SIMD_X86
|
#define WOLFSSL_LINUXKM_SIMD_X86
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
|
||||||
@ -148,28 +168,21 @@
|
|||||||
#ifndef RESTORE_VECTOR_REGISTERS
|
#ifndef RESTORE_VECTOR_REGISTERS
|
||||||
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
|
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
|
||||||
#endif
|
#endif
|
||||||
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
|
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
|
||||||
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
|
|
||||||
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
|
|
||||||
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
|
|
||||||
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
|
|
||||||
#endif
|
|
||||||
#define WOLFSSL_LINUXKM_SIMD
|
#define WOLFSSL_LINUXKM_SIMD
|
||||||
#define WOLFSSL_LINUXKM_SIMD_ARM
|
#define WOLFSSL_LINUXKM_SIMD_ARM
|
||||||
#include <asm/fpsimd.h>
|
#include <asm/fpsimd.h>
|
||||||
|
#ifdef LINUXKM_SIMD_IRQ
|
||||||
|
#error LINUXKM_SIMD_IRQ is unavailable on ARM (not implemented)
|
||||||
|
#endif
|
||||||
#ifndef SAVE_VECTOR_REGISTERS
|
#ifndef SAVE_VECTOR_REGISTERS
|
||||||
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
|
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
|
||||||
#endif
|
#endif
|
||||||
#ifndef RESTORE_VECTOR_REGISTERS
|
#ifndef RESTORE_VECTOR_REGISTERS
|
||||||
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
|
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
|
||||||
#endif
|
#endif
|
||||||
#ifdef LINUXKM_SIMD_IRQ
|
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
|
||||||
#error LINUXKM_SIMD_IRQ is unavailable on ARM (not implemented)
|
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
|
||||||
#endif
|
|
||||||
#else
|
|
||||||
#ifndef WOLFSSL_NO_ASM
|
|
||||||
#define WOLFSSL_NO_ASM
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
_Pragma("GCC diagnostic pop");
|
_Pragma("GCC diagnostic pop");
|
||||||
|
|||||||
@ -141,13 +141,21 @@ static int wolfssl_init(void)
|
|||||||
|
|
||||||
#ifdef HAVE_LINUXKM_PIE_SUPPORT
|
#ifdef HAVE_LINUXKM_PIE_SUPPORT
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
|
||||||
#define THIS_MODULE_BASE (THIS_MODULE->core_layout.base)
|
/* see linux commit ac3b432839 */
|
||||||
|
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->mem[MOD_TEXT].base)
|
||||||
|
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->mem[MOD_TEXT].size)
|
||||||
|
#define THIS_MODULE_RO_BASE (THIS_MODULE->mem[MOD_RODATA].base)
|
||||||
|
#define THIS_MODULE_RO_SIZE (THIS_MODULE->mem[MOD_RODATA].size)
|
||||||
|
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
|
||||||
|
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->core_layout.base)
|
||||||
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_layout.text_size)
|
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_layout.text_size)
|
||||||
|
#define THIS_MODULE_RO_BASE ((char *)THIS_MODULE->core_layout.base + THIS_MODULE->core_layout.text_size)
|
||||||
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_layout.ro_size)
|
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_layout.ro_size)
|
||||||
#else
|
#else
|
||||||
#define THIS_MODULE_BASE (THIS_MODULE->module_core)
|
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->module_core)
|
||||||
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_text_size)
|
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_text_size)
|
||||||
|
#define THIS_MODULE_RO_BASE ((char *)THIS_MODULE->module_core + THIS_MODULE->core_ro_size)
|
||||||
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_ro_size)
|
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_ro_size)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -159,8 +167,8 @@ static int wolfssl_init(void)
|
|||||||
unsigned int text_hash, rodata_hash;
|
unsigned int text_hash, rodata_hash;
|
||||||
|
|
||||||
if ((pie_text_start < pie_text_end) &&
|
if ((pie_text_start < pie_text_end) &&
|
||||||
(pie_text_start >= (char *)THIS_MODULE_BASE) &&
|
(pie_text_start >= (char *)THIS_MODULE_TEXT_BASE) &&
|
||||||
(pie_text_end - (char *)THIS_MODULE_BASE <= THIS_MODULE_TEXT_SIZE))
|
(pie_text_end - (char *)THIS_MODULE_TEXT_BASE <= THIS_MODULE_TEXT_SIZE))
|
||||||
{
|
{
|
||||||
text_hash = hash_span(pie_text_start, pie_text_end);
|
text_hash = hash_span(pie_text_start, pie_text_end);
|
||||||
} else {
|
} else {
|
||||||
@ -169,14 +177,14 @@ static int wolfssl_init(void)
|
|||||||
pie_text_start,
|
pie_text_start,
|
||||||
pie_text_end,
|
pie_text_end,
|
||||||
pie_text_end-pie_text_start,
|
pie_text_end-pie_text_start,
|
||||||
THIS_MODULE_BASE,
|
THIS_MODULE_TEXT_BASE,
|
||||||
(char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE);
|
(char *)THIS_MODULE_TEXT_BASE + THIS_MODULE_TEXT_SIZE);
|
||||||
text_hash = 0;
|
text_hash = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers
|
if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers
|
||||||
(pie_rodata_start >= (char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE) &&
|
(pie_rodata_start >= (char *)THIS_MODULE_RO_BASE) &&
|
||||||
(pie_rodata_end - (char *)THIS_MODULE_BASE <= THIS_MODULE_RO_SIZE))
|
(pie_rodata_end - (char *)THIS_MODULE_RO_BASE <= THIS_MODULE_RO_SIZE))
|
||||||
{
|
{
|
||||||
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
|
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
|
||||||
} else {
|
} else {
|
||||||
@ -185,8 +193,8 @@ static int wolfssl_init(void)
|
|||||||
pie_rodata_start,
|
pie_rodata_start,
|
||||||
pie_rodata_end,
|
pie_rodata_end,
|
||||||
pie_rodata_end-pie_rodata_start,
|
pie_rodata_end-pie_rodata_start,
|
||||||
(char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE,
|
(char *)THIS_MODULE_RO_BASE,
|
||||||
(char *)THIS_MODULE_BASE + THIS_MODULE_RO_SIZE);
|
(char *)THIS_MODULE_RO_BASE + THIS_MODULE_RO_SIZE);
|
||||||
rodata_hash = 0;
|
rodata_hash = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,10 +202,10 @@ static int wolfssl_init(void)
|
|||||||
* the true module start address, which is potentially useful to an
|
* the true module start address, which is potentially useful to an
|
||||||
* attacker.
|
* attacker.
|
||||||
*/
|
*/
|
||||||
pr_info("wolfCrypt container hashes (spans): %x (%lu) %x (%lu), module base %pK\n",
|
pr_info("wolfCrypt container hashes (spans): %x (%lu) %x (%lu), text base %pK, ro base %pK\n",
|
||||||
text_hash, pie_text_end-pie_text_start,
|
text_hash, pie_text_end-pie_text_start,
|
||||||
rodata_hash, pie_rodata_end-pie_rodata_start,
|
rodata_hash, pie_rodata_end-pie_rodata_start,
|
||||||
THIS_MODULE_BASE);
|
THIS_MODULE_TEXT_BASE, THIS_MODULE_RO_BASE);
|
||||||
}
|
}
|
||||||
#endif /* HAVE_LINUXKM_PIE_SUPPORT */
|
#endif /* HAVE_LINUXKM_PIE_SUPPORT */
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user