Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp231536ybg; Thu, 17 Oct 2019 22:02:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqzCgsFUvWg+9bZ50M+VHzWJbs1fEBjvK+1YXk8QDE+bajtcsN4T9Nwe34ZCBwdUvWiRm/zy X-Received: by 2002:a17:907:365:: with SMTP id rs5mr7011113ejb.121.1571374975771; Thu, 17 Oct 2019 22:02:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571374975; cv=none; d=google.com; s=arc-20160816; b=l3J40O/AuPgk0HJ81vOACF8e6gv/UePu3koAvLLKl/hitg6Csm6DiHPriEhHf2qUwj dCHgzeMbGWspsUnQNhXKhtBx7aM9oj17m/9uDBcIgaREQv72w9k0z4dGtMl/CNkN+umv Vtc6KoD8w5vLUxmJ/axFZe3C6zxluODl8zZamaYyFH+qcONNjB1lUB7VZqy0q7s+/NbU SLAzaURglp5SKWuLtIzKjIt6IJAmC6fH4zteMqSh63BT2dIMhgKUakmIfrEanjF2YAfH GOHi1KoSQ94XlFbwlqWpP+LHxCZnk2HRGu+qnxBCkRaeTYGfnHlhyJJwk1i7IkJHhd+q eMpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=j7Zxrs4uVOe8dY6cz3qB/T0cYyb28ARUSWBzc5DnPTQ=; b=GMpat4p4pvlNXhB4END5aPEdnPdTscvOd5ScoERgS0Kixeza11XTSc0TfeCDxvFFkQ xOgZm3cz4Sh7P2CZ8o/JWZCTrkwl0RGR2tw/glyJY/rMd+ACv7SrdTizGCsHURVePNh0 N///DUVt+y1mcnlmDNU8a39nZfZuvR4ksMquKbO8bAvClGxG/65Vjhhw/Tip54RRnKKS pxnuRX1N0tQN49TcsuRweZJik/9Wom1eu6No2/L5CWH3GZdYoS3B1o2cNc4juuEbgoSQ A/j3WPOgkYm0QP7QskMw5HPT2os03AyZL+f8eIHYPIaLsfjDf4f6ZkK1kxEkZ3d2+FS4 vrTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VHL9gfO8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i38si3190799eda.64.2019.10.17.22.02.32; Thu, 17 Oct 2019 22:02:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=VHL9gfO8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392308AbfJPWSc (ORCPT + 99 others); Wed, 16 Oct 2019 18:18:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:44320 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2394989AbfJPVyZ (ORCPT ); Wed, 16 Oct 2019 17:54:25 -0400 Received: from localhost (unknown [192.55.54.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9723C21A49; Wed, 16 Oct 2019 21:54:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571262864; bh=kSRLvh1VGKPe24MHdjufCBfj8tkZ+ksvQLTkai6Q4+c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VHL9gfO8w4xT+2TBq6sMwCc+SCOjiC7iUo7Ci8GtWgAXb4KPimszI0IlBwTcgRjAU rUqgPpiDQt7g4F5y448JRsj+xzITzOoef/VSm1D7FHzZ9luez8gSEZ+4SgOmo2VEzR rkNZVccWkjSOWs7u97iPSh9SY/InNGZl1pFvDJqk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Herbert Xu , =?UTF-8?q?Horia=20Geant=C4=83?= Subject: [PATCH 4.9 30/92] crypto: caam - fix concurrency issue in givencrypt descriptor Date: Wed, 16 Oct 2019 14:50:03 -0700 Message-Id: <20191016214825.237765068@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191016214759.600329427@linuxfoundation.org> References: <20191016214759.600329427@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Horia Geantă commit 48f89d2a2920166c35b1c0b69917dbb0390ebec7 upstream. IV transfer from ofifo to class2 (set up at [29][30]) is not guaranteed to be scheduled before the data transfer from ofifo to external memory (set up at [38]: [29] 10FA0004 ld: ind-nfifo (len=4) imm [30] 81F00010 class2 type=msg len=16> [31] 14820004 ld: ccb2-datasz len=4 offs=0 imm [32] 00000010 data:0x00000010 [33] 8210010D operation: cls1-op aes cbc init-final enc [34] A8080B04 math: (seqin + math0)->vseqout len=4 [35] 28000010 seqfifold: skip len=16 [36] A8080A04 math: (seqin + math0)->vseqin len=4 [37] 2F1E0000 seqfifold: both msg1->2-last2-last1 len=vseqinsz [38] 69300000 seqfifostr: msg len=vseqoutsz [39] 5C20000C seqstr: ccb2 ctx len=12 offs=0 If ofifo -> external memory transfer happens first, DECO will hang (issuing a Watchdog Timeout error, if WDOG is enabled) waiting for data availability in ofifo for the ofifo -> c2 ififo transfer. Make sure IV transfer happens first by waiting for all CAAM internal transfers to end before starting payload transfer. New descriptor with jump command inserted at [37]: [..] [36] A8080A04 math: (seqin + math0)->vseqin len=4 [37] A1000401 jump: jsl1 all-match[!nfifopend] offset=[01] local->[38] [38] 2F1E0000 seqfifold: both msg1->2-last2-last1 len=vseqinsz [39] 69300000 seqfifostr: msg len=vseqoutsz [40] 5C20000C seqstr: ccb2 ctx len=12 offs=0 [Note: the issue is present in the descriptor from the very beginning (cf. Fixes tag). However I've marked it v4.19+ since it's the oldest maintained kernel that the patch applies clean against.] Cc: # v4.19+ Fixes: 1acebad3d8db8 ("crypto: caam - faster aead implementation") Signed-off-by: Herbert Xu [Horia: backport to v4.4, v4.9] Signed-off-by: Horia Geantă Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/caam/caamalg.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -75,7 +75,7 @@ #define DESC_AEAD_BASE (4 * CAAM_CMD_SZ) #define DESC_AEAD_ENC_LEN (DESC_AEAD_BASE + 11 * CAAM_CMD_SZ) #define DESC_AEAD_DEC_LEN (DESC_AEAD_BASE + 15 * CAAM_CMD_SZ) -#define DESC_AEAD_GIVENC_LEN (DESC_AEAD_ENC_LEN + 9 * CAAM_CMD_SZ) +#define DESC_AEAD_GIVENC_LEN (DESC_AEAD_ENC_LEN + 10 * CAAM_CMD_SZ) /* Note: Nonce is counted in enckeylen */ #define DESC_AEAD_CTR_RFC3686_LEN (4 * CAAM_CMD_SZ) @@ -474,6 +474,7 @@ static int aead_set_sh_desc(struct crypt u32 geniv, moveiv; u32 ctx1_iv_off = 0; u32 *desc; + u32 *wait_cmd; const bool ctr_mode = ((ctx->class1_alg_type & OP_ALG_AAI_MASK) == OP_ALG_AAI_CTR_MOD128); const bool is_rfc3686 = alg->caam.rfc3686; @@ -736,6 +737,14 @@ copy_iv: /* Will read cryptlen */ append_math_add(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); + + /* + * Wait for IV transfer (ofifo -> class2) to finish before starting + * ciphertext transfer (ofifo -> external memory). + */ + wait_cmd = append_jump(desc, JUMP_JSL | JUMP_TEST_ALL | JUMP_COND_NIFP); + set_jump_tgt_here(desc, wait_cmd); + append_seq_fifo_load(desc, 0, FIFOLD_CLASS_BOTH | KEY_VLF | FIFOLD_TYPE_MSG1OUT2 | FIFOLD_TYPE_LASTBOTH); append_seq_fifo_store(desc, 0, FIFOST_TYPE_MESSAGE_DATA | KEY_VLF);