20260303-linuxkm-aarch64-fixes

.wolfssl_known_macro_extras

@@ -637,7 +637,6 @@ WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
-WC_LINUXKM_SUPPORT_DUMP_TO_FILE
 WC_LMS_FULL_HASH
 WC_NO_ASYNC_SLEEP
 WC_NO_RNG_SIMPLE

configure.ac

@@ -754,14 +754,14 @@ AC_ARG_ENABLE([benchmark],
 
 ENABLED_LINUXKM_PIE=$ENABLED_FIPS
 
-AC_ARG_ENABLE([linuxkm-pie],
-    [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
-    [ENABLED_LINUXKM_PIE=$enableval])
-
 AC_ARG_ENABLE([kernel-reloc-tables],
     [AS_HELP_STRING([--enable-kernel-reloc-tables],[Enable containerized object build of wolfCrypt module in kernel build (default: disabled)])],
     [ENABLED_LINUXKM_PIE=$enableval])
 
+AC_ARG_ENABLE([linuxkm-pie],
+    [AS_HELP_STRING([--enable-linuxkm-pie],[Alias for --enable-kernel-reloc-tables])],
+    [ENABLED_LINUXKM_PIE=$enableval])
+
 if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_LINUXKM_PIE" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWC_SYM_RELOC_TABLES"
@@ -1701,13 +1701,13 @@ AC_ARG_WITH([liboqs],
 # Used:
 #  - SHA3, Shake128 and Shake256
 AC_ARG_ENABLE([mlkem],
-    [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])],
+    [AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: disabled)])],
     [ ENABLED_MLKEM=$enableval ],
     [ ENABLED_MLKEM=no ]
     )
 # note, inherits default from "mlkem" clause above.
 AC_ARG_ENABLE([kyber],
-    [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])],
+    [AS_HELP_STRING([--enable-kyber],[Alias for --enable-mlkem])],
     [ ENABLED_MLKEM=$enableval ]
     )
 
@@ -1837,13 +1837,13 @@ fi
 # Dilithium
 #  - SHA3, Shake128, Shake256 and AES-CTR
 AC_ARG_ENABLE([mldsa],
-    [AS_HELP_STRING([--enable-mldsa],[Enable MLDSA (default: disabled)])],
+    [AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])],
     [ ENABLED_DILITHIUM=$enableval ],
     [ ENABLED_DILITHIUM=no ]
     )
 # note, inherits default from "mldsa" clause above.
 AC_ARG_ENABLE([dilithium],
-    [AS_HELP_STRING([--enable-dilithium],[Enable Dilithium/MLDSA (default: disabled)])],
+    [AS_HELP_STRING([--enable-dilithium],[Alias for --enable-mldsa])],
     [ ENABLED_DILITHIUM=$enableval ]
     )
 
@@ -4107,7 +4107,7 @@ AC_ARG_ENABLE([amdrdseed],
     )
 
 AC_ARG_ENABLE([amdrand],
-    [AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
+    [AS_HELP_STRING([--enable-amdrand],[Alias for --enable-amdrdseed])],
     [ ENABLED_AMDRDSEED=$enableval ]
     )
 
@@ -6016,8 +6016,12 @@ AC_ARG_ENABLE([wolfEntropy],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ],
     [ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
     )
+AC_ARG_ENABLE([wolfentropy],
+    [AS_HELP_STRING([--enable-wolfentropy],[Alias for --enable-wolfEntropy])],
+    [ ENABLED_ENTROPY_MEMUSE=$enableval ],
+    )
 AC_ARG_ENABLE([entropy-memuse],
-    [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
+    [AS_HELP_STRING([--enable-entropy-memuse],[Alias for --enable-wolfEntropy])],
     [ ENABLED_ENTROPY_MEMUSE=$enableval ]
     )
 
@@ -11046,8 +11050,11 @@ AX_HARDEN_CC_COMPILER_FLAGS
 
 # -Wdeprecated-enum-enum-conversion is on by default in C++20, but conflicts with
 # our use of enum constructs to define fungible constants.
-AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
-  [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
+if test "$KERNEL_MODE_DEFAULTS" != "yes"
+then
+    AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
+      [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
+fi
 
 case $host_os in
     mingw*)

linuxkm/Kbuild

@@ -39,10 +39,13 @@ endif
 
 WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include)
 
+# -moutline-atomics added in gcc 10.1 for ARMv8.0.
+AARCH64_NO_OUTLINE_ATOMICS := $(shell { echo -e 'int f(void) {\n  return 0;\n}\n' | $(CC) -mno-outline-atomics -x c -c - -o /dev/null 2>/dev/null; } && echo -mno-outline-atomics)
+
 ifeq "$(KERNEL_ARCH)" "aarch64"
-    WOLFSSL_CFLAGS += -mno-outline-atomics
+    WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
 else ifeq "$(KERNEL_ARCH)" "arm64"
-    WOLFSSL_CFLAGS += -mno-outline-atomics
+    WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS)
 else ifeq "$(KERNEL_ARCH)" "arm"
     # avoids R_ARM_THM_JUMP11 relocations, including a stubborn tail recursion
     # optimization from wc_sp_cmp to wc_sp_cmp_mag:
@@ -111,7 +114,21 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     # note, we need -fno-stack-protector to avoid references to
     # "__stack_chk_fail" from the wolfCrypt container.
     PIE_FLAGS := -DWC_CONTAINERIZE_THIS -fno-stack-protector -fno-toplevel-reorder
-    # some targets can't handle -fpie.  E.g. ARM32 on kernel <=5.10 has no handling for R_ARM_REL32.
+
+    ifndef NO_PIE_FLAG
+      ifeq ($(KERNEL_ARCH),arm)
+        ifeq ($(intcmp $(VERSION),5,1,0,0),1)
+          NO_PIE_FLAG :=
+          $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
+        else
+          ifeq ($(intcmp $(VERSION),5,0,1,0)-$(intcmp $(PATCHLEVEL),11,1,0,0),1-1)
+            NO_PIE_FLAG :=
+            $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.)
+          endif
+        endif
+      endif
+    endif
+
     ifdef NO_PIE_FLAG
         PIE_FLAGS += -DWC_NO_PIE_FLAG
     else

linuxkm/linuxkm_wc_port.h

@@ -301,7 +301,13 @@
     #endif
 
     #if defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_ARM64)
-        #define alt_cb_patch_nops my__alt_cb_patch_nops
+        /* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early
+         * to allow shimming in system headers.
+         */
+        /* alt_cb_patch_nops added by d926079f17, release 6.1 */
+        #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+            #define alt_cb_patch_nops my__alt_cb_patch_nops
+        #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
         #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath
     #endif
 
@@ -509,6 +515,11 @@
     #endif /* !WOLFCRYPT_ONLY */
 #endif /* !WC_CONTAINERIZE_THIS */
 
+    #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) && \
+        !defined(WC_LINUXKM_SUPPORT_DUMP_TO_FILE)
+        #define WC_LINUXKM_SUPPORT_DUMP_TO_FILE
+    #endif
+
     #ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE
         #include <linux/fs.h>
         #include <linux/uaccess.h>
@@ -1116,12 +1127,16 @@
              * to allow shimming in system headers, but now we need the native
              * ones.
              */
+            #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
             #undef alt_cb_patch_nops
             typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops;
+            #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
             #undef queued_spin_lock_slowpath
             typeof(my__queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
         #else
+            #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
             typeof(alt_cb_patch_nops) *alt_cb_patch_nops;
+            #endif
             typeof(queued_spin_lock_slowpath) *queued_spin_lock_slowpath;
         #endif
         #endif

linuxkm/module_hooks.c

@@ -268,16 +268,19 @@ static ssize_t dump_to_file(const char *path, const u8 *buf, size_t buf_len)
         return ret;
     }
 
-    fp = filp_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+    fp = filp_open(path, O_WRONLY | O_CREAT, 0644);
     if (IS_ERR(fp)) {
         pr_err("libwolfssl: cannot open %s: %ld\n", path, PTR_ERR(fp));
         return PTR_ERR(fp);
     }
 
     WC_SANITIZE_DISABLE();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
-    /* kernel_write() exported by 7bb307e894d51 */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
+    /* kernel_write() fixed by e13ec939e9 */
     ret = kernel_write(fp, buf, buf_len, &pos);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
+    /* kernel_write() exported by 7bb307e894d51 */
+    ret = kernel_write(fp, (char *)buf, buf_len, pos);
 #else
     ret = vfs_write(fp, buf, buf_len, &pos);
 #endif
@@ -575,12 +578,26 @@ static int wolfssl_init(void)
 
 #ifdef WC_SYM_RELOC_TABLES
     if (text_dump_path) {
-        if (dump_to_file(text_dump_path, (u8 *)__wc_text_start, (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) == 0)
-            pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), text_dump_path);
+        if (dump_to_file(text_dump_path,
+                         (u8 *)__wc_text_start,
+                         (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start))
+            > 0)
+        {
+            pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n",
+                    (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start),
+                    text_dump_path);
+        }
     }
     if (rodata_dump_path) {
-        if (dump_to_file(rodata_dump_path, (u8 *)__wc_rodata_start, (size_t)(__wc_rodata_end - __wc_rodata_start)) == 0)
-            pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), text_dump_path);
+        if (dump_to_file(rodata_dump_path,
+                         (u8 *)__wc_rodata_start,
+                         (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start))
+            > 0)
+        {
+            pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n",
+                    (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start),
+                    rodata_dump_path);
+        }
     }
 #else
     if ((text_dump_path != NULL) ||
@@ -1536,7 +1553,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
 #ifdef CONFIG_ARM64
 #ifndef CONFIG_ARCH_TEGRA
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
     wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops;
+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
     wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath;
 #endif
 #endif

tests/api.c

@@ -18879,7 +18879,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     const unsigned char* p;
     unsigned char *der = NULL;
     unsigned char *tmp = NULL;
-    int derLen;
+    int derLen = -1;
     unsigned char pub_buf[65];
     unsigned char pub_spki_buf[91];
     const int pub_len = 65;
@@ -18989,7 +18989,7 @@ static int test_wolfSSL_d2i_and_i2d_DSAparams(void)
     };
     int derInLen = sizeof(derIn);
     byte* derOut = NULL;
-    int derOutLen;
+    int derOutLen = -1;
     byte* p = derIn;
 
     /* Check that params can be successfully decoded. */

tests/api/test_pkcs7.c

@@ -3143,7 +3143,7 @@ int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
     byte rid[256];
     byte cms[1024];
     XFILE cmsFile = XBADFILE;
-    int ret;
+    int ret = -1;
     word32 ridSz = sizeof(rid);
     XFILE skiHexFile = XBADFILE;
     byte skiHex[256];

wolfcrypt/src/wc_port.c

@@ -5008,12 +5008,15 @@ char* wolfSSL_strnstr(const char* s1, const char* s2, unsigned int n)
 #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \
     defined(WC_SYM_RELOC_TABLES)
 #ifndef CONFIG_ARCH_TEGRA
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
 noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
                                    __le32 *updptr, int nr_inst)
 {
     return WC_PIE_INDIRECT_SYM(alt_cb_patch_nops)
         (alt, origptr, updptr, nr_inst);
 }
+#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */
 
 void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
 {