Skip to content

Commit ec9beaa

Browse files
douzzerdouzzer
committed
linuxkm: add coverage for Linux 6.4+ module memory layout refactor; also, refactor WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to make it settable independent of WOLFSSL_AESNI etc.
1 parent 158c036 commit ec9beaa

3 files changed

Lines changed: 49 additions & 28 deletions

File tree

linuxkm/linuxkm_memory.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121

2222
/* included by wolfcrypt/src/memory.c */
2323

24-
#if defined(WOLFSSL_LINUXKM_SIMD_X86)
24+
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
2525
#ifdef LINUXKM_SIMD_IRQ
2626
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 16, 0)
2727
static union fpregs_state **wolfcrypt_linuxkm_fpu_states = NULL;
@@ -335,7 +335,7 @@
335335

336336
return;
337337
}
338-
#endif /* WOLFSSL_LINUXKM_SIMD_X86 && WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED */
338+
#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS && CONFIG_X86 */
339339

340340
#if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
341341
/* needed in 6.1+ because show_free_areas() static definition in mm.h calls

linuxkm/linuxkm_wc_port.h

Lines changed: 26 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,30 @@
119119
#endif
120120
#include <linux/net.h>
121121
#include <linux/slab.h>
122+
122123
#if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_SP_X86_64_ASM)
123124
#ifndef CONFIG_X86
124125
#error X86 SIMD extensions requested, but CONFIG_X86 is not set.
125126
#endif
127+
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
128+
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
129+
#endif
130+
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
131+
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
132+
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
133+
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
134+
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
135+
#endif
136+
#ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
137+
#define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
138+
#endif
139+
#else
140+
#ifndef WOLFSSL_NO_ASM
141+
#define WOLFSSL_NO_ASM
142+
#endif
143+
#endif
144+
145+
#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
126146
#define WOLFSSL_LINUXKM_SIMD
127147
#define WOLFSSL_LINUXKM_SIMD_X86
128148
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -148,28 +168,21 @@
148168
#ifndef RESTORE_VECTOR_REGISTERS
149169
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
150170
#endif
151-
#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
152-
defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
153-
defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
154-
#if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
155-
#error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
156-
#endif
171+
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
157172
#define WOLFSSL_LINUXKM_SIMD
158173
#define WOLFSSL_LINUXKM_SIMD_ARM
159174
#include <asm/fpsimd.h>
175+
#ifdef LINUXKM_SIMD_IRQ
176+
#error LINUXKM_SIMD_IRQ is unavailable on ARM (not implemented)
177+
#endif
160178
#ifndef SAVE_VECTOR_REGISTERS
161179
#define SAVE_VECTOR_REGISTERS(fail_clause) { int _svr_ret = save_vector_registers_arm(); if (_svr_ret != 0) { fail_clause } }
162180
#endif
163181
#ifndef RESTORE_VECTOR_REGISTERS
164182
#define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
165183
#endif
166-
#ifdef LINUXKM_SIMD_IRQ
167-
#error LINUXKM_SIMD_IRQ is unavailable on ARM (not implemented)
168-
#endif
169-
#else
170-
#ifndef WOLFSSL_NO_ASM
171-
#define WOLFSSL_NO_ASM
172-
#endif
184+
#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
185+
#error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
173186
#endif
174187

175188
_Pragma("GCC diagnostic pop");

linuxkm/module_hooks.c

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -141,13 +141,21 @@ static int wolfssl_init(void)
141141

142142
#ifdef HAVE_LINUXKM_PIE_SUPPORT
143143

144-
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
145-
#define THIS_MODULE_BASE (THIS_MODULE->core_layout.base)
144+
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
145+
/* see linux commit ac3b432839 */
146+
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->mem[MOD_TEXT].base)
147+
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->mem[MOD_TEXT].size)
148+
#define THIS_MODULE_RO_BASE (THIS_MODULE->mem[MOD_RODATA].base)
149+
#define THIS_MODULE_RO_SIZE (THIS_MODULE->mem[MOD_RODATA].size)
150+
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
151+
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->core_layout.base)
146152
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_layout.text_size)
153+
#define THIS_MODULE_RO_BASE ((char *)THIS_MODULE->core_layout.base + THIS_MODULE->core_layout.text_size)
147154
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_layout.ro_size)
148155
#else
149-
#define THIS_MODULE_BASE (THIS_MODULE->module_core)
156+
#define THIS_MODULE_TEXT_BASE (THIS_MODULE->module_core)
150157
#define THIS_MODULE_TEXT_SIZE (THIS_MODULE->core_text_size)
158+
#define THIS_MODULE_RO_BASE ((char *)THIS_MODULE->module_core + THIS_MODULE->core_ro_size)
151159
#define THIS_MODULE_RO_SIZE (THIS_MODULE->core_ro_size)
152160
#endif
153161

@@ -159,8 +167,8 @@ static int wolfssl_init(void)
159167
unsigned int text_hash, rodata_hash;
160168

161169
if ((pie_text_start < pie_text_end) &&
162-
(pie_text_start >= (char *)THIS_MODULE_BASE) &&
163-
(pie_text_end - (char *)THIS_MODULE_BASE <= THIS_MODULE_TEXT_SIZE))
170+
(pie_text_start >= (char *)THIS_MODULE_TEXT_BASE) &&
171+
(pie_text_end - (char *)THIS_MODULE_TEXT_BASE <= THIS_MODULE_TEXT_SIZE))
164172
{
165173
text_hash = hash_span(pie_text_start, pie_text_end);
166174
} else {
@@ -169,14 +177,14 @@ static int wolfssl_init(void)
169177
pie_text_start,
170178
pie_text_end,
171179
pie_text_end-pie_text_start,
172-
THIS_MODULE_BASE,
173-
(char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE);
180+
THIS_MODULE_TEXT_BASE,
181+
(char *)THIS_MODULE_TEXT_BASE + THIS_MODULE_TEXT_SIZE);
174182
text_hash = 0;
175183
}
176184

177185
if ((pie_rodata_start < pie_rodata_end) && // cppcheck-suppress comparePointers
178-
(pie_rodata_start >= (char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE) &&
179-
(pie_rodata_end - (char *)THIS_MODULE_BASE <= THIS_MODULE_RO_SIZE))
186+
(pie_rodata_start >= (char *)THIS_MODULE_RO_BASE) &&
187+
(pie_rodata_end - (char *)THIS_MODULE_RO_BASE <= THIS_MODULE_RO_SIZE))
180188
{
181189
rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
182190
} else {
@@ -185,19 +193,19 @@ static int wolfssl_init(void)
185193
pie_rodata_start,
186194
pie_rodata_end,
187195
pie_rodata_end-pie_rodata_start,
188-
(char *)THIS_MODULE_BASE + THIS_MODULE_TEXT_SIZE,
189-
(char *)THIS_MODULE_BASE + THIS_MODULE_RO_SIZE);
196+
(char *)THIS_MODULE_RO_BASE,
197+
(char *)THIS_MODULE_RO_BASE + THIS_MODULE_RO_SIZE);
190198
rodata_hash = 0;
191199
}
192200

193201
/* note, "%pK" conceals the actual layout information. "%px" exposes
194202
* the true module start address, which is potentially useful to an
195203
* attacker.
196204
*/
197-
pr_info("wolfCrypt container hashes (spans): %x (%lu) %x (%lu), module base %pK\n",
205+
pr_info("wolfCrypt container hashes (spans): %x (%lu) %x (%lu), text base %pK, ro base %pK\n",
198206
text_hash, pie_text_end-pie_text_start,
199207
rodata_hash, pie_rodata_end-pie_rodata_start,
200-
THIS_MODULE_BASE);
208+
THIS_MODULE_TEXT_BASE, THIS_MODULE_RO_BASE);
201209
}
202210
#endif /* HAVE_LINUXKM_PIE_SUPPORT */
203211

0 commit comments

Comments
 (0)