20250706-linuxkm-fixes

.wolfssl_known_macro_extras

@@ -65,6 +65,7 @@ CONFIG_CRYPTO_GCM
 CONFIG_CRYPTO_HMAC
 CONFIG_CRYPTO_MANAGER
 CONFIG_CRYPTO_RSA
+CONFIG_CRYPTO_SELFTESTS_FULL
 CONFIG_CRYPTO_SHA1
 CONFIG_CRYPTO_SHA256
 CONFIG_CRYPTO_SHA3
@@ -774,7 +775,6 @@ WOLFSSL_NO_KCAPI_SHA224
 WOLFSSL_NO_OCSP_DATE_CHECK
 WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
 WOLFSSL_NO_OCSP_OPTIONAL_CERTS
-WOLFSSL_NO_PUBLIC_FFDHE
 WOLFSSL_NO_RSA_KEY_CHECK
 WOLFSSL_NO_SERVER_GROUPS_EXT
 WOLFSSL_NO_SESSION_STATS

linuxkm/Kbuild

@@ -151,6 +151,8 @@ endif
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 
+LDFLAGS_libwolfssl.o += -T $(src)/wolfcrypt.lds
+
 rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS)
 
 ifndef NM
@@ -186,8 +188,40 @@ ifneq "$(quiet)" "silent_"
 endif
 	cd "$(obj)" || exit $$?
 	for file in $(WOLFCRYPT_PIE_FILES); do
-	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?
+	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt	\
+	    --rename-section .text.unlikely=.text.wolfcrypt	\
+	    --rename-section .rodata=.rodata.wolfcrypt		\
+	    --rename-section .rodata.str1.1=.rodata.wolfcrypt	\
+	    --rename-section .rodata.str1.8=.rodata.wolfcrypt	\
+	    --rename-section .data=.data.wolfcrypt		\
+	    --rename-section .data.rel.local=.data.wolfcrypt	\
+	    --rename-section .bss=.bss.wolfcrypt "$$file" || exit $$?
 	done
+	[ "$(KERNEL_ARCH_X86)" != "yes" ] ||			\
+	{ $(READELF) --syms $(WOLFCRYPT_PIE_FILES) |		\
+        $(AWK) -v obj="$(obj)" '				\
+	    /File:/ {						\
+		if (substr($$2, 1, length(obj)) == obj) {	\
+		    curfile = substr($$2, length(obj) + 2);	\
+		} else {					\
+		    curfile=$$2;				\
+		}						\
+		next;						\
+	    }							\
+	    {							\
+		if (($$4 == "SECTION") && ($$8 !~ "wolfcrypt")) {\
+		    if (! ((curfile ";" $$8) in warned_on)) {	\
+			print curfile ": " $$8 >"/dev/stderr";	\
+			warned_on[curfile ": " $$8] = 1;	\
+			++warnings;				\
+	    }}}							\
+	    END {						\
+		if (warnings) {					\
+		    exit(1);  					\
+		} else {					\
+		    exit(0);					\
+	    }}'; } ||						\
+	{ echo 'Error: section(s) missed by containerization.' >&2; exit 1; }
 ifneq "$(quiet)" "silent_"
 	echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
 endif

linuxkm/linuxkm_memory.c

@@ -21,56 +21,6 @@
 
 /* included by wolfcrypt/src/memory.c */
 
-#ifdef HAVE_KVMALLOC
-/* adapted from kvrealloc() draft by Changli Gao, 2010-05-13 */
-void *lkm_realloc(void *ptr, size_t newsize) {
-    void *nptr;
-    size_t oldsize;
-
-    if (unlikely(newsize == 0)) {
-        kvfree(ptr);
-        return ZERO_SIZE_PTR;
-    }
-
-    if (unlikely(ptr == NULL))
-        return kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
-
-    if (is_vmalloc_addr(ptr)) {
-        /* no way to discern the size of the old allocation,
-         * because the kernel doesn't export find_vm_area().  if
-         * it did, we could then call get_vm_area_size() on the
-         * returned struct vm_struct.
-         */
-        return NULL;
-    } else {
-#ifndef __PIE__
-        struct page *page;
-
-        page = virt_to_head_page(ptr);
-        if (PageSlab(page) || PageCompound(page)) {
-            if (newsize < PAGE_SIZE)
-#endif /* ! __PIE__ */
-                return krealloc(ptr, newsize, GFP_KERNEL);
-#ifndef __PIE__
-            oldsize = ksize(ptr);
-        } else {
-            oldsize = page->private;
-            if (newsize <= oldsize)
-                return ptr;
-        }
-#endif /* ! __PIE__ */
-    }
-
-    nptr = kvmalloc_node(newsize, GFP_KERNEL, NUMA_NO_NODE);
-    if (nptr != NULL) {
-        memcpy(nptr, ptr, oldsize);
-        kvfree(ptr);
-    }
-
-    return nptr;
-}
-#endif /* HAVE_KVMALLOC */
-
 #if defined(__PIE__) && (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0))
 /* needed in 6.1+ because show_free_areas() static definition in mm.h calls
  * __show_free_areas(), which isn't exported (neither was show_free_areas()).