Re: [PATCH 0/7] arm64: move literal data into .rodata section
On Thu, Jan 18, 2018 at 11:46:07AM +, Ard Biesheuvel wrote: > On 18 January 2018 at 11:41, Herbert Xu wrote: > > On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote: > >> Prevent inadvertently creating speculative gadgets by moving literal data > >> into the .rodata section. > >> > >> Patch #1 enables this for C code, by reverting a change that disables the > >> GCC feature implementing this. Note that this conflicts with the mitigation > >> of erratum #843419 for Cortex-A53. > > > > Ard, which tree is this supposed to go through? > > > > Hi Herbert, > > I am going to drop that first patch, the remaining 6 patches can go > through the crypto tree as they are independent. Patches 2-7 applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH 0/7] arm64: move literal data into .rodata section
On 18 January 2018 at 11:41, Herbert Xu wrote: > On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote: >> Prevent inadvertently creating speculative gadgets by moving literal data >> into the .rodata section. >> >> Patch #1 enables this for C code, by reverting a change that disables the >> GCC feature implementing this. Note that this conflicts with the mitigation >> of erratum #843419 for Cortex-A53. > > Ard, which tree is this supposed to go through? > Hi Herbert, I am going to drop that first patch, the remaining 6 patches can go through the crypto tree as they are independent. Thanks, Ard.
Re: [PATCH 0/7] arm64: move literal data into .rodata section
On Wed, Jan 10, 2018 at 12:11:35PM +, Ard Biesheuvel wrote: > Prevent inadvertently creating speculative gadgets by moving literal data > into the .rodata section. > > Patch #1 enables this for C code, by reverting a change that disables the > GCC feature implementing this. Note that this conflicts with the mitigation > of erratum #843419 for Cortex-A53. Ard, which tree is this supposed to go through? Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[PATCH 0/7] arm64: move literal data into .rodata section
Prevent inadvertently creating speculative gadgets by moving literal data into the .rodata section. Patch #1 enables this for C code, by reverting a change that disables the GCC feature implementing this. Note that this conflicts with the mitigation of erratum #843419 for Cortex-A53. Patch #2 - #7 update the crypto asm code to move sboxes and round constant tables (which may or may not be hiding 'interesting' opcodes) from .text to .rodata Ard Biesheuvel (7): arm64: kernel: avoid executable literal pools arm64/crypto: aes-cipher: move S-box to .rodata section arm64/crypto: aes-neon: move literal data to .rodata section arm64/crypto: crc32: move literal data to .rodata section arm64/crypto: crct10dif: move literal data to .rodata section arm64/crypto: sha2-ce: move the round constant table to .rodata section arm64/crypto: sha1-ce: get rid of literal pool arch/arm64/Makefile | 4 ++-- arch/arm64/crypto/aes-cipher-core.S | 19 ++- arch/arm64/crypto/aes-neon.S | 8 arch/arm64/crypto/crc32-ce-core.S | 7 --- arch/arm64/crypto/crct10dif-ce-core.S | 17 + arch/arm64/crypto/sha1-ce-core.S | 20 +--- arch/arm64/crypto/sha2-ce-core.S | 4 +++- 7 files changed, 41 insertions(+), 38 deletions(-) -- 2.11.0