linuxkm/lkcapi_sha_glue.c:

  * implement interception of _get_random_bytes() and get_random_bytes_user() (implicitly intercepts /dev/random and /dev/urandom):

    * get_crypto_default_rng()
    * get_default_drbg_ctx()
    * wc__get_random_bytes()
    * wc_get_random_bytes_user()
    * wc_extract_crng_user()
    * wc_mix_pool_bytes()
    * wc_crng_reseed()
    * wc_get_random_bytes_by_kprobe()
    * wc_get_random_bytes_user_kretprobe_enter()
    * wc_get_random_bytes_user_kretprobe_exit()

    * add LINUXKM_DRBG_GET_RANDOM_BYTES sections to wc_linuxkm_drbg_startup() and wc_linuxkm_drbg_cleanup()

    * add linuxkm/patches/*/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-*.patch, initially for versions:
      * 5.10.17
      * 5.10.236
      * 5.15
      * 5.17
      * 6.1.73
      * 6.12
      * 6.15

    * remove "*.patch" from .gitignore.

    * add linuxkm/patches/regen-patches.sh.

  * in wc_linuxkm_drbg_ctx_clear(), check lock count before freeing.

  * in get_drbg() and put_drbg(), use migrate_disable(), not DISABLE_VECTOR_REGISTERS().

  * in wc_linuxkm_drbg_generate(), explicitly DISABLE_VECTOR_REGISTERS() for the crypto_default_rng.

  * in wc_linuxkm_drbg_generate(), add DRBG reinitialization code to handle RNG_FAILURE_E.  This handles the situation where a DRBG was instantiated in a vector-ops-allowed context, caching a vectorized SHA256 ethod, but later used in a no-vector-ops-allowed context.

  * in wc_linuxkm_drbg_seed(), add DISABLE_VECTOR_REGISTERS() wrapper around wc_RNG_DRBG_Reseed() for crypto_default_rng.

linuxkm/x86_vector_register_glue.c:

  * add crash recovery logic to wc_linuxkm_fpu_state_assoc_unlikely()

  * in wc_linuxkm_fpu_state_assoc(), when wc_linuxkm_fpu_states is null, don't call wc_linuxkm_fpu_state_assoc_unlikely() if !assume_fpu_began.

  * in can_save_vector_registers_x86(), save_vector_registers_x86(), and restore_vector_registers_x86(), check for hard interrupt context first, to return early failure if current->pid is unusable.

  * in save_vector_registers_x86(), tweak logic around WC_FPU_INHIBITED_FLAG, adding local_bh_disable()...local_bh_enable() to provide for safe recursion.

wolfcrypt/src/random.c: optimization: in Hash_df(), for WOLFSSL_LINUXKM, don't put digest[WC_SHA256_DIGEST_SIZE] in the heap, keep it on the stack.

wolfssl/wolfcrypt/types.h: add WOLFSSL_NO_ASM no-op definitions for DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS().

configure.ac:

* move --enable-linuxkm and --enable-linuxkm-defaults initial detection early, so that HMAC_COPY_DEFAULT picks it up.

* add ENABLED_ENTROPY_MEMUSE_DEFAULT, and enable it by default when ENABLED_LINUXKM_DEFAULTS.

* update linuxkm-lkcapi-register help message.

linuxkm/linuxkm_wc_port.h:

* add my_kallsyms_lookup_name().

* add preempt_count, _raw_spin_lock_irqsave, _raw_spin_trylock, _raw_spin_unlock_irqrestore, and _cond_resched, to wolfssl_linuxkm_pie_redirect_table, and add spin_unlock_irqrestore() macro to mask native inline.

* move linuxkm mutex wrappers from wolfcrypt/src/wc_port.c to linuxkm_wc_port.h, make them inlines, and add new default spinlock-based implementation, with old method now gated on WOLFSSL_LINUXKM_USE_MUTEXES.

* change malloc() and realloc() wrappers from GFP_KERNEL to GFP_ATOMIC.

linuxkm/lkcapi_glue.c: make misc.h/misc.c inclusion unconditional, and trim now-redundant inclusions out of lkcapi_dh_glue.c and lkcapi_ecdh_glue.c.

Author: douzzer

.gitignore

@@ -3,7 +3,6 @@ ctaocrypt/src/src/
 *.lo
 *.la
 *.o
-*.patch
 *.deps
 *.d
 *.libs
@@ -246,6 +245,9 @@ linuxkm/libwolfssl.mod.c
 linuxkm/libwolfssl.lds
 linuxkm/module_exports.c
 linuxkm/linuxkm/get_thread_size
+linuxkm/linuxkm
+linuxkm/src
+linuxkm/patches/src
 *.nds
 
 # autotools generated

.wolfssl_known_macro_extras

@@ -112,6 +112,7 @@ CONFIG_IDF_TARGET_ESP32S3
 CONFIG_IDF_TARGET_ESP8266
 CONFIG_IDF_TARGET_ESP8684
 CONFIG_KASAN
+CONFIG_KPROBES
 CONFIG_MAIN_TASK_STACK_SIZE
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 CONFIG_MBEDTLS_PSA_CRYPTO_C
@@ -538,6 +539,7 @@ USE_ALT_MPRIME
 USE_ANY_ADDR
 USE_CERT_BUFFERS_25519
 USE_CERT_BUFFERS_3072
+USE_CONTESTMUTEX
 USE_ECDSA_KEYSZ_HASH_ALGO
 USE_FULL_ASSERT
 USE_HAL_DRIVER
@@ -716,6 +718,8 @@ WOLFSSL_KYBER_NO_DECAPSULATE
 WOLFSSL_KYBER_NO_ENCAPSULATE
 WOLFSSL_KYBER_NO_MAKE_KEY
 WOLFSSL_LIB
+WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES
+WOLFSSL_LINUXKM_USE_MUTEXES
 WOLFSSL_LMS_CACHE_BITS
 WOLFSSL_LMS_FULL_HASH
 WOLFSSL_LMS_LARGE_CACHES

configure.ac

@@ -119,6 +119,22 @@ then
     AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
 fi
 
+
+# Linux Kernel Module options (more options later)
+
+AC_ARG_ENABLE([linuxkm],
+    [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
+    [ENABLED_LINUXKM=$enableval],
+    [ENABLED_LINUXKM=no]
+    )
+
+AC_ARG_ENABLE([linuxkm-defaults],
+    [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
+    [ENABLED_LINUXKM_DEFAULTS=$enableval],
+    [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
+    )
+
+
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h])
 AC_CHECK_LIB([network],[socket])
 AC_C_BIGENDIAN
@@ -658,18 +674,7 @@ AC_ARG_ENABLE([benchmark],
     )
 
 
-# Linux Kernel Module
-AC_ARG_ENABLE([linuxkm],
-    [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
-    [ENABLED_LINUXKM=$enableval],
-    [ENABLED_LINUXKM=no]
-    )
-
-AC_ARG_ENABLE([linuxkm-defaults],
-    [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
-    [ENABLED_LINUXKM_DEFAULTS=$enableval],
-    [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
-    )
+# Remainder of Linux kernel module options, continued from earlier:
 
 AC_ARG_ENABLE([linuxkm-pie],
     [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
@@ -5649,10 +5654,18 @@ AC_ARG_ENABLE([pwdbased],
 
 # MemUse Entropy
 # wolfEntropy Software Jitter SP800-90B certifiable entropy source
+
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+then
+    ENABLED_ENTROPY_MEMUSE_DEFAULT=yes
+else
+    ENABLED_ENTROPY_MEMUSE_DEFAULT=no
+fi
+
 AC_ARG_ENABLE([wolfEntropy],
     [AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ],
-    [ ENABLED_ENTROPY_MEMUSE=no ]
+    [ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
     )
 AC_ARG_ENABLE([entropy-memuse],
     [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
@@ -9538,7 +9551,11 @@ if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
 fi
 
 AC_ARG_ENABLE([linuxkm-lkcapi-register],
-    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.  Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
+    [AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.
+    Possible values are "none" or a comma-separated combination of "all", "all-kconfig", "sysfs-nodes-only", "cbc(aes)", "cfb(aes)",
+    "gcm(aes)", "rfc4106(gcm(aes))", "xts(aes)", "ctr(aes)", "ofb(aes)", "ecb(aes)", "sha1", "sha2", "sha3", "hmac(sha1)", "hmac(sha2)",
+    "hmac(sha3)", "stdrng", "stdrng-default", "ecdsa", "ecdh", "rsa", "dh", and negations of the foregoing algorithms by prefixing "-".
+    (default: none)])],
     [ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
     [ENABLED_LINUXKM_LKCAPI_REGISTER=no]
     )

linuxkm/linuxkm_wc_port.h

@@ -301,6 +301,9 @@
         #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
             #include <crypto/internal/sig.h>
         #endif /* linux ver >= 6.13 */
+        #ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES
+            #include <linux/kprobes.h>
+        #endif
 
         /* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
          * loaded simultaneously, and the Linux in-tree implementations have two
@@ -712,6 +715,12 @@
         #endif
         #endif
 
+        typeof(preempt_count) *preempt_count;
+        typeof(_raw_spin_lock_irqsave) *_raw_spin_lock_irqsave;
+        typeof(_raw_spin_trylock) *_raw_spin_trylock;
+        typeof(_raw_spin_unlock_irqrestore) *_raw_spin_unlock_irqrestore;
+        typeof(_cond_resched) *_cond_resched;
+
         const void *_last_slot;
     };
 
@@ -874,6 +883,18 @@
         #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack)
     #endif
 
+    #undef preempt_count /* just in case -- not a macro on x86. */
+    #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count)
+    #define _raw_spin_lock_irqsave (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_lock_irqsave)
+    #define _raw_spin_trylock (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_trylock)
+    #define _raw_spin_unlock_irqrestore (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_unlock_irqrestore)
+    #define _cond_resched (wolfssl_linuxkm_get_pie_redirect_table()->_cond_resched)
+
+    /* this is defined in linux/spinlock.h as an inline that calls the unshimmed
+     * raw_spin_unlock_irqrestore().  use a macro here to supersede it.
+     */
+    #define spin_unlock_irqrestore(lock, flags) raw_spin_unlock_irqrestore(&((lock)->rlock), flags)
+
     #endif /* __PIE__ */
 
     #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
@@ -932,9 +953,120 @@
      * above, with the bevy of warnings suppressed, and the below include will
      * be a redundant no-op.
      */
-    #include <linux/mutex.h>
-    typedef struct mutex wolfSSL_Mutex;
-    #define WOLFSSL_MUTEX_INITIALIZER(lockname) __MUTEX_INITIALIZER(lockname)
+
+    /* Copied from wc_port.h: For FIPS keep the function names the same */
+    #ifdef HAVE_FIPS
+    #define wc_InitMutex   InitMutex
+    #define wc_FreeMutex   FreeMutex
+    #define wc_LockMutex   LockMutex
+    #define wc_UnLockMutex UnLockMutex
+    #endif /* HAVE_FIPS */
+
+    #ifdef WOLFSSL_LINUXKM_USE_MUTEXES
+        #ifdef LINUXKM_LKCAPI_REGISTER
+            /* must use spin locks when registering implementations with the
+             * kernel, because mutexes are forbidden when calling with nonzero
+             * irq_count().
+             */
+            #error WOLFSSL_LINUXKM_USE_MUTEXES is incompatible with LINUXKM_LKCAPI_REGISTER.
+        #endif
+
+        #include <linux/mutex.h>
+        typedef struct mutex wolfSSL_Mutex;
+        #define WOLFSSL_MUTEX_INITIALIZER(lockname) __MUTEX_INITIALIZER(lockname)
+
+        /* Linux kernel mutex routines are voids, alas. */
+
+        static inline int wc_InitMutex(wolfSSL_Mutex* m)
+        {
+            mutex_init(m);
+            return 0;
+        }
+
+        static inline int wc_FreeMutex(wolfSSL_Mutex* m)
+        {
+            mutex_destroy(m);
+            return 0;
+        }
+
+        static inline int wc_LockMutex(wolfSSL_Mutex* m)
+        {
+            if (in_nmi() || in_hardirq() || in_softirq())
+                return BAD_STATE_E;
+            mutex_lock(m);
+            return 0;
+        }
+
+        static inline int wc_UnLockMutex(wolfSSL_Mutex* m)
+        {
+            mutex_unlock(m);
+            return 0;
+        }
+    #else
+        typedef struct {
+            spinlock_t lock;
+            unsigned long irq_flags;
+        } wolfSSL_Mutex;
+        #define WOLFSSL_MUTEX_INITIALIZER(lockname) { .lock =__SPIN_LOCK_UNLOCKED(lockname), .irq_flags = 0 }
+
+        static __always_inline int wc_InitMutex(wolfSSL_Mutex* m)
+        {
+            m->lock = __SPIN_LOCK_UNLOCKED(m);
+            m->irq_flags = 0;
+
+            return 0;
+        }
+
+        static __always_inline int wc_FreeMutex(wolfSSL_Mutex* m)
+        {
+            (void)m;
+            return 0;
+        }
+
+        static __always_inline int wc_LockMutex(wolfSSL_Mutex* m)
+        {
+            unsigned long irq_flags;
+            /* first, try the cheap way. */
+            if (spin_trylock_irqsave(&m->lock, irq_flags)) {
+                m->irq_flags = irq_flags;
+                return 0;
+            }
+            if (irq_count() != 0) {
+                /* Note, this catches calls while SAVE_VECTOR_REGISTERS()ed as
+                 * required, because in_softirq() is always true while saved,
+                 * even for WC_FPU_INHIBITED_FLAG contexts.
+                 */
+                spin_lock_irqsave(&m->lock, irq_flags);
+                m->irq_flags = irq_flags;
+                return 0;
+            }
+            else {
+                for (;;) {
+                    if (spin_trylock_irqsave(&m->lock, irq_flags)) {
+                        m->irq_flags = irq_flags;
+                        return 0;
+                    }
+                    cond_resched();
+                }
+            }
+            __builtin_unreachable();
+        }
+
+        static __always_inline int wc_UnLockMutex(wolfSSL_Mutex* m)
+        {
+            spin_unlock_irqrestore(&m->lock, m->irq_flags);
+            return 0;
+        }
+
+    #endif
+
+    /* Undo copied defines from wc_port.h, to avoid redefinition warnings. */
+    #ifdef HAVE_FIPS
+    #undef wc_InitMutex
+    #undef wc_FreeMutex
+    #undef wc_LockMutex
+    #undef wc_UnLockMutex
+    #endif /* HAVE_FIPS */
 
     /* prevent gcc's mm_malloc.h from being included, since it unconditionally
      * includes stdlib.h, which is kernel-incompatible.
@@ -953,14 +1085,14 @@
         _alloc_sz;                                                         \
     })
     #ifdef HAVE_KVMALLOC
-        #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_KERNEL, NUMA_NO_NODE)
+        #define malloc(size) kvmalloc_node(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_ATOMIC, NUMA_NO_NODE)
         #define free(ptr) kvfree(ptr)
         void *lkm_realloc(void *ptr, size_t newsize);
         #define realloc(ptr, newsize) lkm_realloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize))
     #else
-        #define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_KERNEL)
+        #define malloc(size) kmalloc(WC_LINUXKM_ROUND_UP_P_OF_2(size), GFP_ATOMIC)
         #define free(ptr) kfree(ptr)
-        #define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), GFP_KERNEL)
+        #define realloc(ptr, newsize) krealloc(ptr, WC_LINUXKM_ROUND_UP_P_OF_2(newsize), GFP_ATOMIC)
     #endif
 
     #ifndef static_assert

linuxkm/lkcapi_dh_glue.c

@@ -82,14 +82,6 @@
 #include <wolfssl/wolfcrypt/dh.h>
 #include <crypto/dh.h>
 
-/* need misc.c for ForceZero(). */
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
-
 #define WOLFKM_DH_NAME    ("dh")
 #define WOLFKM_DH_DRIVER  ("dh" WOLFKM_DRIVER_FIPS \
                            "-wolfcrypt")

linuxkm/lkcapi_ecdh_glue.c

@@ -58,14 +58,6 @@
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <crypto/ecdh.h>
 
-/* need misc.c for ForceZero(). */
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #define WOLFSSL_MISC_INCLUDED
-    #include <wolfcrypt/src/misc.c>
-#endif
-
 #define WOLFKM_ECDH_DRIVER       ("ecdh-wolfcrypt")
 
 #define WOLFKM_ECDH_P192_NAME    ("ecdh-nist-p192")

linuxkm/lkcapi_glue.c

@@ -43,14 +43,12 @@
     #include <linux/fips.h>
 #endif
 
-#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
-    /* need misc.c for ForceZero(). */
-    #ifdef NO_INLINE
-        #include <wolfssl/wolfcrypt/misc.h>
-    #else
-        #define WOLFSSL_MISC_INCLUDED
-        #include <wolfcrypt/src/misc.c>
-    #endif
+/* need misc.c for ForceZero(). */
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
 #endif
 
 #ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY