mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:50:52 +02:00
linuxkm/Kbuild:
* for aarch64/arm64, only add -mno-outline-atomics if the compiler supports it. * in ENABLED_LINUXKM_PIE setup, avoid -fPIE on arm32 <5.11 (missing reloc support). linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, and wolfcrypt/src/wc_port.c: gate interception of alt_cb_patch_nops() on kernel >= 6.1. linuxkm/linuxkm_wc_port.h: define WC_LINUXKM_SUPPORT_DUMP_TO_FILE implicitly when WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT. linuxkm/module_hooks.c: fixes for text_dump_path and rodata_dump_path handler code.
This commit is contained in:
@@ -637,7 +637,6 @@ WC_DILITHIUM_FIXED_ARRAY
|
||||
WC_DISABLE_RADIX_ZERO_PAD
|
||||
WC_FLAG_DONT_USE_AESNI
|
||||
WC_FORCE_LINUXKM_FORTIFY_SOURCE
|
||||
WC_LINUXKM_SUPPORT_DUMP_TO_FILE
|
||||
WC_LMS_FULL_HASH
|
||||
WC_NO_ASYNC_SLEEP
|
||||
WC_NO_RNG_SIMPLE
|
||||
|
||||
+20
-3
@@ -39,10 +39,13 @@ endif
|
||||
|
||||
WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include)
|
||||
|
||||
# -moutline-atomics added in gcc 10.1 for ARMv8.0.
|
||||
AARCH64_NO_OUTLINE_ATOMICS := $(shell { echo -e 'int f(void) {\n return 0;\n}\n' | $(CC) -mno-outline-atomics -x c -c - -o /dev/null 2>/dev/null; } && echo -mno-outline-atomics)
|
||||
|
||||
ifeq "$(KERNEL_ARCH)" "aarch64"
|
||||
WOLFSSL_CFLAGS += -mno-outline-atomics
|
||||
WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
|
||||
else ifeq "$(KERNEL_ARCH)" "arm64"
|
||||
WOLFSSL_CFLAGS += -mno-outline-atomics
|
||||
WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
|
||||
else ifeq "$(KERNEL_ARCH)" "arm"
|
||||
# avoids R_ARM_THM_JUMP11 relocations, including a stubborn tail recursion
|
||||
# optimization from wc_sp_cmp to wc_sp_cmp_mag:
|
||||
@@ -111,7 +114,21 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
|
||||
# note, we need -fno-stack-protector to avoid references to
|
||||
# "__stack_chk_fail" from the wolfCrypt container.
|
||||
PIE_FLAGS := -DWC_CONTAINERIZE_THIS -fno-stack-protector -fno-toplevel-reorder
|
||||
# some targets can't handle -fpie. E.g. ARM32 on kernel <=5.10 has no handling for R_ARM_REL32.
|
||||
|
||||
ifndef NO_PIE_FLAG
|
||||
ifeq ($(KERNEL_ARCH),arm)
|
||||
ifeq ($(intcmp $(VERSION),5,1,0,0),1)
|
||||
NO_PIE_FLAG :=
|
||||
$(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
|
||||
else
|
||||
ifeq ($(intcmp $(VERSION),5,0,1,0)-$(intcmp $(PATCHLEVEL),11,1,0,0),1-1)
|
||||
NO_PIE_FLAG :=
|
||||
$(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
ifdef NO_PIE_FLAG
|
||||
PIE_FLAGS += -DWC_NO_PIE_FLAG
|
||||
else
|
||||
|
||||
@@ -301,7 +301,13 @@
|
||||
#endif
|
||||
|
||||
#if defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_ARM64)
|
||||
#define alt_cb_patch_nops my__alt_cb_patch_nops
|
||||
/* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early
|
||||
* to allow shimming in system headers.
|
||||
*/
|
||||
/* alt_cb_patch_nops added by d926079f17, release 6.1 */
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
|
||||
#define alt_cb_patch_nops my__alt_cb_patch_nops
|
||||
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
|
||||
#define queued_spin_lock_slowpath my__queued_spin_lock_slowpath
|
||||
#endif
|
||||
|
||||
@@ -509,6 +515,11 @@
|
||||
#endif /* !WOLFCRYPT_ONLY */
|
||||
#endif /* !WC_CONTAINERIZE_THIS */
|
||||
|
||||
#if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) && \
|
||||
!defined(WC_LINUXKM_SUPPORT_DUMP_TO_FILE)
|
||||
#define WC_LINUXKM_SUPPORT_DUMP_TO_FILE
|
||||
#endif
|
||||
|
||||
#ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE
|
||||
#include <linux/fs.h>
|
||||
#include <linux/uaccess.h>
|
||||
@@ -1116,12 +1127,16 @@
|
||||
* to allow shimming in system headers, but now we need the native
|
||||
* ones.
|
||||
*/
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
|
||||
#undef alt_cb_patch_nops
|
||||
typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops;
|
||||
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
|
||||
#undef queued_spin_lock_slowpath
|
||||
typeof(my__queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
|
||||
#else
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
|
||||
typeof(alt_cb_patch_nops) *alt_cb_patch_nops;
|
||||
#endif
|
||||
typeof(queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -575,12 +575,12 @@ static int wolfssl_init(void)
|
||||
|
||||
#ifdef WC_SYM_RELOC_TABLES
|
||||
if (text_dump_path) {
|
||||
if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) == 0)
|
||||
if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) > 0)
|
||||
pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), text_dump_path);
|
||||
}
|
||||
if (rodata_dump_path) {
|
||||
if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)(__wc_rodata_end - __wc_rodata_start)) == 0)
|
||||
pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), text_dump_path);
|
||||
if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start)) > 0)
|
||||
pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), rodata_dump_path);
|
||||
}
|
||||
#else
|
||||
if ((text_dump_path != NULL) ||
|
||||
@@ -1536,7 +1536,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
|
||||
|
||||
#ifdef CONFIG_ARM64
|
||||
#ifndef CONFIG_ARCH_TEGRA
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
|
||||
wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops;
|
||||
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
|
||||
wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -5008,12 +5008,15 @@ char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n)
|
||||
#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \
|
||||
defined(WC_SYM_RELOC_TABLES)
|
||||
#ifndef CONFIG_ARCH_TEGRA
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
|
||||
noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
|
||||
__le32 *updptr, int nr_inst)
|
||||
{
|
||||
return WC_PIE_INDIRECT_SYM(alt_cb_patch_nops)
|
||||
(alt, origptr, updptr, nr_inst);
|
||||
}
|
||||
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
|
||||
|
||||
void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user