From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Horia Geantă" <horia.geanta@nxp.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>
Subject: [PATCH 4.14 16/61] crypto: caam - fix concurrency issue in givencrypt descriptor
Date: Thu, 10 Oct 2019 10:36:41 +0200 [thread overview]
Message-ID: <20191010083458.828032360@linuxfoundation.org> (raw)
In-Reply-To: <20191010083449.500442342@linuxfoundation.org>
From: Horia Geantă <horia.geanta@nxp.com>
commit 48f89d2a2920166c35b1c0b69917dbb0390ebec7 upstream.
IV transfer from ofifo to class2 (set up at [29][30]) is not guaranteed
to be scheduled before the data transfer from ofifo to external memory
(set up at [38]:
[29] 10FA0004 ld: ind-nfifo (len=4) imm
[30] 81F00010 <nfifo_entry: ofifo->class2 type=msg len=16>
[31] 14820004 ld: ccb2-datasz len=4 offs=0 imm
[32] 00000010 data:0x00000010
[33] 8210010D operation: cls1-op aes cbc init-final enc
[34] A8080B04 math: (seqin + math0)->vseqout len=4
[35] 28000010 seqfifold: skip len=16
[36] A8080A04 math: (seqin + math0)->vseqin len=4
[37] 2F1E0000 seqfifold: both msg1->2-last2-last1 len=vseqinsz
[38] 69300000 seqfifostr: msg len=vseqoutsz
[39] 5C20000C seqstr: ccb2 ctx len=12 offs=0
If ofifo -> external memory transfer happens first, DECO will hang
(issuing a Watchdog Timeout error, if WDOG is enabled) waiting for
data availability in ofifo for the ofifo -> c2 ififo transfer.
Make sure IV transfer happens first by waiting for all CAAM internal
transfers to end before starting payload transfer.
New descriptor with jump command inserted at [37]:
[..]
[36] A8080A04 math: (seqin + math0)->vseqin len=4
[37] A1000401 jump: jsl1 all-match[!nfifopend] offset=[01] local->[38]
[38] 2F1E0000 seqfifold: both msg1->2-last2-last1 len=vseqinsz
[39] 69300000 seqfifostr: msg len=vseqoutsz
[40] 5C20000C seqstr: ccb2 ctx len=12 offs=0
[Note: the issue is present in the descriptor from the very beginning
(cf. Fixes tag). However I've marked it v4.19+ since it's the oldest
maintained kernel that the patch applies clean against.]
Cc: <stable@vger.kernel.org> # v4.19+
Fixes: 1acebad3d8db8 ("crypto: caam - faster aead implementation")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/caam/caamalg_desc.c | 9 +++++++++
drivers/crypto/caam/caamalg_desc.h | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
--- a/drivers/crypto/caam/caamalg_desc.c
+++ b/drivers/crypto/caam/caamalg_desc.c
@@ -476,6 +476,7 @@ void cnstr_shdsc_aead_givencap(u32 * con
const bool is_qi)
{
u32 geniv, moveiv;
+ u32 *wait_cmd;
/* Note: Context registers are saved. */
init_sh_desc_key_aead(desc, cdata, adata, is_rfc3686, nonce);
@@ -566,6 +567,14 @@ copy_iv:
/* Will read cryptlen */
append_math_add(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ);
+
+ /*
+ * Wait for IV transfer (ofifo -> class2) to finish before starting
+ * ciphertext transfer (ofifo -> external memory).
+ */
+ wait_cmd = append_jump(desc, JUMP_JSL | JUMP_TEST_ALL | JUMP_COND_NIFP);
+ set_jump_tgt_here(desc, wait_cmd);
+
append_seq_fifo_load(desc, 0, FIFOLD_CLASS_BOTH | KEY_VLF |
FIFOLD_TYPE_MSG1OUT2 | FIFOLD_TYPE_LASTBOTH);
append_seq_fifo_store(desc, 0, FIFOST_TYPE_MESSAGE_DATA | KEY_VLF);
--- a/drivers/crypto/caam/caamalg_desc.h
+++ b/drivers/crypto/caam/caamalg_desc.h
@@ -12,7 +12,7 @@
#define DESC_AEAD_BASE (4 * CAAM_CMD_SZ)
#define DESC_AEAD_ENC_LEN (DESC_AEAD_BASE + 11 * CAAM_CMD_SZ)
#define DESC_AEAD_DEC_LEN (DESC_AEAD_BASE + 15 * CAAM_CMD_SZ)
-#define DESC_AEAD_GIVENC_LEN (DESC_AEAD_ENC_LEN + 7 * CAAM_CMD_SZ)
+#define DESC_AEAD_GIVENC_LEN (DESC_AEAD_ENC_LEN + 8 * CAAM_CMD_SZ)
#define DESC_QI_AEAD_ENC_LEN (DESC_AEAD_ENC_LEN + 3 * CAAM_CMD_SZ)
#define DESC_QI_AEAD_DEC_LEN (DESC_AEAD_DEC_LEN + 3 * CAAM_CMD_SZ)
#define DESC_QI_AEAD_GIVENC_LEN (DESC_AEAD_GIVENC_LEN + 3 * CAAM_CMD_SZ)
next prev parent reply other threads:[~2019-10-10 8:54 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-10 8:36 [PATCH 4.14 00/61] 4.14.149-stable review Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 01/61] s390/process: avoid potential reading of freed stack Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 02/61] KVM: s390: Test for bad access register and size at the start of S390_MEM_OP Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 03/61] s390/topology: avoid firing events before kobjs are created Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 04/61] s390/cio: avoid calling strlen on null pointer Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 05/61] s390/cio: exclude subchannels with no parent from pseudo check Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 06/61] KVM: PPC: Book3S HV: Dont lose pending doorbell request on migration on P9 Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 07/61] KVM: nVMX: handle page fault in vmread fix Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 08/61] PM / devfreq: tegra: Fix kHz to Hz conversion Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 09/61] ASoC: Define a set of DAPM pre/post-up events Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 10/61] powerpc/powernv: Restrict OPAL symbol map to only be readable by root Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 11/61] can: mcp251x: mcp251x_hw_reset(): allow more time after a reset Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 12/61] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 13/61] crypto: qat - Silence smp_processor_id() warning Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 14/61] crypto: skcipher - Unmap pages after an external error Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 15/61] crypto: cavium/zip - Add missing single_release() Greg Kroah-Hartman
2019-10-10 8:36 ` Greg Kroah-Hartman [this message]
2019-10-10 8:36 ` [PATCH 4.14 17/61] MIPS: Treat Loongson Extensions as ASEs Greg Kroah-Hartman
2019-10-11 4:30 ` Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 18/61] usercopy: Avoid HIGHMEM pfn warning Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 19/61] timer: Read jiffies once when forwarding base clk Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 20/61] watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 21/61] drm/omap: fix max fclk divider for omap36xx Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 22/61] mmc: sdhci: improve ADMA error reporting Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 23/61] mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 24/61] Revert "locking/pvqspinlock: Dont wait if vCPU is preempted" Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 25/61] xen/xenbus: fix self-deadlock after killing user process Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 26/61] ieee802154: atusb: fix use-after-free at disconnect Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 27/61] cfg80211: initialize on-stack chandefs Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 28/61] ima: always return negative code for error Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 29/61] fs: nfs: Fix possible null-pointer dereferences in encode_attrs() Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 30/61] 9p: avoid attaching writeback_fid on mmap with type PRIVATE Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 31/61] xen/pci: reserve MCFG areas earlier Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 32/61] ceph: fix directories inode i_blkbits initialization Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 33/61] ceph: reconnect connection if session hang in opening state Greg Kroah-Hartman
2019-10-10 8:36 ` [PATCH 4.14 34/61] watchdog: aspeed: Add support for AST2600 Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 35/61] netfilter: nf_tables: allow lookups in dynamic sets Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 36/61] drm/amdgpu: Check for valid number of registers to read Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 37/61] pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 38/61] pwm: stm32-lp: Add check in case requested period cannot be achieved Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 39/61] thermal: Fix use-after-free when unregistering thermal zone device Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 40/61] fuse: fix memleak in cuse_channel_open Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 41/61] sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 42/61] perf build: Add detection of java-11-openjdk-devel package Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 43/61] kernel/elfcore.c: include proper prototypes Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 44/61] perf unwind: Fix libunwind build failure on i386 systems Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 45/61] KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 46/61] nbd: fix crash when the blksize is zero Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 47/61] block/ndb: add WQ_UNBOUND to the knbd-recv workqueue Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 48/61] nbd: fix max number of supported devs Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 49/61] powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 50/61] tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 51/61] tick: broadcast-hrtimer: Fix a race in bc_set_next Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 53/61] perf stat: Fix a segmentation fault when using repeat forever Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 54/61] perf stat: Reset previous counts on repeat with interval Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 55/61] drm/i915/userptr: Acquire the page lock around set_page_dirty() Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 56/61] vfs: Fix EOVERFLOW testing in put_compat_statfs64 Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 57/61] coresight: etm4x: Use explicit barriers on enable/disable Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 58/61] cfg80211: add and use strongly typed element iteration macros Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 59/61] cfg80211: Use const more consistently in for_each_element macros Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 60/61] nl80211: validate beacon head Greg Kroah-Hartman
2019-10-10 8:37 ` [PATCH 4.14 61/61] ASoC: sgtl5000: Improve VAG power and mute control Greg Kroah-Hartman
2019-10-10 13:27 ` [PATCH 4.14 00/61] 4.14.149-stable review Naresh Kamboju
2019-10-10 14:21 ` kernelci.org bot
2019-10-10 17:12 ` Guenter Roeck
2019-10-11 4:29 ` Greg Kroah-Hartman
2019-10-11 13:14 ` Guenter Roeck
2019-10-11 14:01 ` Greg Kroah-Hartman
2019-10-10 22:18 ` Guenter Roeck
2019-10-10 23:50 ` Didik Setiawan
2019-10-11 3:09 ` shuah
2019-10-11 8:33 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191010083458.828032360@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).