From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_NEOMUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91861C28D1B for ; Thu, 6 Jun 2019 06:58:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 64E6E207E0 for ; Thu, 6 Jun 2019 06:58:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726522AbfFFG6G (ORCPT ); Thu, 6 Jun 2019 02:58:06 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:39098 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725267AbfFFG6G (ORCPT ); Thu, 6 Jun 2019 02:58:06 -0400 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1hYmLZ-00071d-Co; Thu, 06 Jun 2019 14:58:01 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1hYmLV-0006mr-F1; Thu, 06 Jun 2019 14:57:57 +0800 Date: Thu, 6 Jun 2019 14:57:57 +0800 From: Herbert Xu To: Ard Biesheuvel Cc: Iuliana Prodan , Eric Biggers , "David S. Miller" , Horia Geanta , Sascha Hauer , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , dl-linux-imx Subject: Re: [PATCH] crypto: gcm - fix cacheline sharing Message-ID: <20190606065757.4agqd4poer4rexri@gondor.apana.org.au> References: <20190530142734.qlhgzeal22zxfhk5@gondor.apana.org.au> <20190606063724.n77z7gaf32tmyxng@gondor.apana.org.au> <20190606064603.lvde6dproqi3vwcq@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 06, 2019 at 08:53:10AM +0200, Ard Biesheuvel wrote: > > That same patch 'fixes' CBC, since CBC was never broken to begin with. > The CTS driver does not have something like the auth_tag sharing the > same cacheline with the IV, so CBC has always worked fine. CBC is broken. Any crypto API user is allowed to place the IV in the same position relative to the src/dst buffer. So the driver must deal with it. It's just that the CTR/ghash combo happened to expose this first. > So I guess what you are after is a patch that, instead of dodging the > issue by limiting the copy to CBC, does not perform the copy at all > while anything is mapped for DMA? Then we can leave it up to the NXP > engineers to fix CTR mode. Right, we definitely need to fix it for CBC, probably in the way that you suggested. We should fix CTR too but at least it should be obviously broken as the self-test should catch this case now. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt