Re: [PATCH v4 20/24] crypto: x86/ciphers - load based on CPU features
From: Jason A. Donenfeld
Date: Wed Nov 16 2022 - 06:46:28 EST
On Tue, Nov 15, 2022 at 10:13:38PM -0600, Robert Elliott wrote:
> diff --git a/arch/x86/crypto/curve25519-x86_64.c b/arch/x86/crypto/curve25519-x86_64.c
> index d55fa9e9b9e6..ae7536b17bf9 100644
> --- a/arch/x86/crypto/curve25519-x86_64.c
> +++ b/arch/x86/crypto/curve25519-x86_64.c
> @@ -12,7 +12,7 @@
> #include <linux/kernel.h>
> #include <linux/module.h>
> #include <linux/scatterlist.h>
> -
> +#include <asm/cpu_device_id.h>
> #include <asm/cpufeature.h>
> #include <asm/processor.h>
>
> @@ -1697,13 +1697,22 @@ static struct kpp_alg curve25519_alg = {
> .max_size = curve25519_max_size,
> };
>
> +static const struct x86_cpu_id module_cpu_ids[] = {
> + X86_MATCH_FEATURE(X86_FEATURE_ADX, NULL),
> + {}
> +};
> +MODULE_DEVICE_TABLE(x86cpu, module_cpu_ids);
>
> static int __init curve25519_mod_init(void)
> {
> - if (boot_cpu_has(X86_FEATURE_BMI2) && boot_cpu_has(X86_FEATURE_ADX))
> - static_branch_enable(&curve25519_use_bmi2_adx);
> - else
> - return 0;
> + if (!x86_match_cpu(module_cpu_ids))
> + return -ENODEV;
> +
> + if (!boot_cpu_has(X86_FEATURE_BMI2))
> + return -ENODEV;
> +
> + static_branch_enable(&curve25519_use_bmi2_adx);
Can the user still insmod this? If so, you can't remove the ADX check.
Ditto for rest of patch.