diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index ea4c8eaaa9..50527e10f6 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -637,7 +637,6 @@ WC_DILITHIUM_FIXED_ARRAY WC_DISABLE_RADIX_ZERO_PAD WC_FLAG_DONT_USE_AESNI WC_FORCE_LINUXKM_FORTIFY_SOURCE -WC_LINUXKM_SUPPORT_DUMP_TO_FILE WC_LMS_FULL_HASH WC_NO_ASYNC_SLEEP WC_NO_RNG_SIMPLE diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 7922077810..17c9d4f137 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -39,10 +39,13 @@ endif WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include) +# -moutline-atomics added in gcc 10.1 for ARMv8.0. +AARCH64_NO_OUTLINE_ATOMICS := $(shell { echo -e 'int f(void) {\n return 0;\n}\n' | $(CC) -mno-outline-atomics -x c -c - -o /dev/null 2>/dev/null; } && echo -mno-outline-atomics) + ifeq "$(KERNEL_ARCH)" "aarch64" - WOLFSSL_CFLAGS += -mno-outline-atomics + WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS) else ifeq "$(KERNEL_ARCH)" "arm64" - WOLFSSL_CFLAGS += -mno-outline-atomics + WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS) else ifeq "$(KERNEL_ARCH)" "arm" # avoids R_ARM_THM_JUMP11 relocations, including a stubborn tail recursion # optimization from wc_sp_cmp to wc_sp_cmp_mag: @@ -111,7 +114,21 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" # note, we need -fno-stack-protector to avoid references to # "__stack_chk_fail" from the wolfCrypt container. PIE_FLAGS := -DWC_CONTAINERIZE_THIS -fno-stack-protector -fno-toplevel-reorder - # some targets can't handle -fpie. E.g. ARM32 on kernel <=5.10 has no handling for R_ARM_REL32. + + ifndef NO_PIE_FLAG + ifeq ($(KERNEL_ARCH),arm) + ifeq ($(intcmp $(VERSION),5,1,0,0),1) + NO_PIE_FLAG := + $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.) + else + ifeq ($(intcmp $(VERSION),5,0,1,0)-$(intcmp $(PATCHLEVEL),11,1,0,0),1-1) + NO_PIE_FLAG := + $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.) + endif + endif + endif + endif + ifdef NO_PIE_FLAG PIE_FLAGS += -DWC_NO_PIE_FLAG else diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 9061308fb5..fc30b60eb2 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -301,7 +301,13 @@ #endif #if defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_ARM64) - #define alt_cb_patch_nops my__alt_cb_patch_nops + /* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early + * to allow shimming in system headers. + */ + /* alt_cb_patch_nops added by d926079f17, release 6.1 */ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) + #define alt_cb_patch_nops my__alt_cb_patch_nops + #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath #endif @@ -509,6 +515,11 @@ #endif /* !WOLFCRYPT_ONLY */ #endif /* !WC_CONTAINERIZE_THIS */ + #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) && \ + !defined(WC_LINUXKM_SUPPORT_DUMP_TO_FILE) + #define WC_LINUXKM_SUPPORT_DUMP_TO_FILE + #endif + #ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE #include #include @@ -1116,12 +1127,16 @@ * to allow shimming in system headers, but now we need the native * ones. */ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #undef alt_cb_patch_nops typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops; + #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ #undef queued_spin_lock_slowpath typeof(my__queued_spin_lock_slowpath) *queued_spin_lock_slowpath; #else + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) typeof(alt_cb_patch_nops) *alt_cb_patch_nops; + #endif typeof(queued_spin_lock_slowpath) *queued_spin_lock_slowpath; #endif #endif diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 44e8a35dc7..6d3ad94b95 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -575,12 +575,12 @@ static int wolfssl_init(void) #ifdef WC_SYM_RELOC_TABLES if (text_dump_path) { - if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) == 0) + if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) > 0) pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), text_dump_path); } if (rodata_dump_path) { - if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)(__wc_rodata_end - __wc_rodata_start)) == 0) - pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), text_dump_path); + if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start)) > 0) + pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), rodata_dump_path); } #else if ((text_dump_path != NULL) || @@ -1536,7 +1536,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { #ifdef CONFIG_ARM64 #ifndef CONFIG_ARCH_TEGRA +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops; +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath; #endif #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index d1712774d8..b0f8c07aad 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -5008,12 +5008,15 @@ char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n) #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \ defined(WC_SYM_RELOC_TABLES) #ifndef CONFIG_ARCH_TEGRA + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr, __le32 *updptr, int nr_inst) { return WC_PIE_INDIRECT_SYM(alt_cb_patch_nops) (alt, origptr, updptr, nr_inst); } +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val) {