Message ID | 20240327111523.855715-1-ross.burton@arm.com |
---|---|
State | Changes Requested |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [kirkstone] openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions | expand |
*Kirkstone-nut openssl compile error:* *Error Log* : ERROR: openssl-3.0.13-r0 do_patch: Applying patch 'bti.patch' on target directory '/home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ openssl-3.0.13' CmdError('quilt --quiltrc /home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ recipe-sysroot-native/etc/ quiltrc push', 0, "stdout: Applying patch bti.patch can't find file to patch at input line 23 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |From ba8a599395f8b770c76316b5f5b0f3 838567014f Mon Sep 17 00:00:00 2001 |From: Tom Cosgrove < tom.cosgrove@arm.com > |Date: Tue, 26 Mar 2024 13:18:00 +0000 |Subject: [PATCH] aarch64: fix BTI in bsaes assembly code | |In Arm systems where BTI is enabled but the Crypto extensions are not (more |likely in FVPs than in real hardware), the bit-sliced assembler code will |be used. However, this wasn't annotated with BTI instructions when BTI was |enabled, so the moment libssl jumps into this code it (correctly) aborts. | |Solve this by adding the missing BTI landing pads. | |Upstream-Status: Submitted [ https://github.com/openssl/ openssl/pull/23982 ( https://github.com/openssl/openssl/pull/23982 ) ] |Signed-off-by: Ross Burton < ross.burton@arm.com > |--- | crypto/aes/asm/ bsaes-armv8.pl ( http://bsaes-armv8.pl/ ) | 5 ++++- | 1 file changed, 4 insertions(+), 1 deletion(-) | |diff --git a/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ ) b/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ ) |index b3c97e439f..c3c5ff3e05 100644 |--- a/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ ) |+++ b/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ ) -------------------------- No file to patch. Skipping patch. 4 out of 4 hunks ignored Patch bti.patch does not apply (enforce with -f) stderr: ") ERROR: Logfile of failure stored in: /home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ temp/log.do_patch.152571 ERROR: Task (/home/vkumbhar/kirkstone-nut/ meta/recipes-connectivity/ openssl/openssl_3.0.13.bb:do_ patch) failed with exit code '1'
Sorry for the delayed response, but I found the same issue with the kirkstone version that Vivek did. Awaiting a V2 :-) Steve On Thu, Mar 28, 2024 at 5:51 PM Vivek Kumbhar via lists.openembedded.org <vkumbhar=mvista.com@lists.openembedded.org> wrote: > > Kirkstone-nut openssl compile error: > > Error Log: > > ERROR: openssl-3.0.13-r0 do_patch: Applying patch 'bti.patch' on target directory '/home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/openssl-3.0.13' > CmdError('quilt --quiltrc /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch bti.patch > can't find file to patch at input line 23 > Perhaps you used the wrong -p or --strip option? > The text leading up to this was: > -------------------------- > |From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 > |From: Tom Cosgrove <tom.cosgrove@arm.com> > |Date: Tue, 26 Mar 2024 13:18:00 +0000 > |Subject: [PATCH] aarch64: fix BTI in bsaes assembly code > | > |In Arm systems where BTI is enabled but the Crypto extensions are not (more > |likely in FVPs than in real hardware), the bit-sliced assembler code will > |be used. However, this wasn't annotated with BTI instructions when BTI was > |enabled, so the moment libssl jumps into this code it (correctly) aborts. > | > |Solve this by adding the missing BTI landing pads. > | > |Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] > |Signed-off-by: Ross Burton <ross.burton@arm.com> > |--- > | crypto/aes/asm/bsaes-armv8.pl | 5 ++++- > | 1 file changed, 4 insertions(+), 1 deletion(-) > | > |diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl > |index b3c97e439f..c3c5ff3e05 100644 > |--- a/crypto/aes/asm/bsaes-armv8.pl > |+++ b/crypto/aes/asm/bsaes-armv8.pl > -------------------------- > No file to patch. Skipping patch. > 4 out of 4 hunks ignored > Patch bti.patch does not apply (enforce with -f) > > stderr: ") > ERROR: Logfile of failure stored in: /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/temp/log.do_patch.152571 > ERROR: Task (/home/vkumbhar/kirkstone-nut/meta/recipes-connectivity/openssl/openssl_3.0.13.bb:do_patch) failed with exit code '1' > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#197620): https://lists.openembedded.org/g/openembedded-core/message/197620 > Mute This Topic: https://lists.openembedded.org/mt/105174962/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 29 Mar 2024, at 13:31, Steve Sakoman <steve@sakoman.com> wrote: > > Sorry for the delayed response, but I found the same issue with the > kirkstone version that Vivek did. Sorry for the very delayed response, I somehow missed this reply in my inbox. The patched code doesn’t exist in kirkstone so this isn’t needed, I thought I tested this patch before posting but maybe I did something stupid. Sorry for the inconvenience, Ross
diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch new file mode 100644 index 00000000000..748576c30ca --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/bti.patch @@ -0,0 +1,58 @@ +From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001 +From: Tom Cosgrove <tom.cosgrove@arm.com> +Date: Tue, 26 Mar 2024 13:18:00 +0000 +Subject: [PATCH] aarch64: fix BTI in bsaes assembly code + +In Arm systems where BTI is enabled but the Crypto extensions are not (more +likely in FVPs than in real hardware), the bit-sliced assembler code will +be used. However, this wasn't annotated with BTI instructions when BTI was +enabled, so the moment libssl jumps into this code it (correctly) aborts. + +Solve this by adding the missing BTI landing pads. + +Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982] +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/aes/asm/bsaes-armv8.pl | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl +index b3c97e439f..c3c5ff3e05 100644 +--- a/crypto/aes/asm/bsaes-armv8.pl ++++ b/crypto/aes/asm/bsaes-armv8.pl +@@ -1018,6 +1018,7 @@ _bsaes_key_convert: + // Initialisation vector overwritten with last quadword of ciphertext + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_cbc_encrypt: ++ AARCH64_VALID_CALL_TARGET + cmp x2, #128 + bhs .Lcbc_do_bsaes + b AES_cbc_encrypt +@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt: + // Output text filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_ctr32_encrypt_blocks: +- ++ AARCH64_VALID_CALL_TARGET + cmp x2, #8 // use plain AES for + blo .Lctr_enc_short // small sizes + +@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks: + // Output ciphertext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_encrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt: + // Output plaintext filled in + // No output registers, usual AAPCS64 register preservation + ossl_bsaes_xts_decrypt: ++ AARCH64_VALID_CALL_TARGET + // Stack layout: + // sp -> + // nrounds*128-96 bytes: key schedule +-- +2.34.1 + diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb index 5e43fdc2ded..d0910a7a32d 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://afalg.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ + file://bti.patch \ " SRC_URI:append:class-nativesdk = " \