From: Andi Kleen <[email protected]>
cacheline_aligned is a special section. It cannot be const at the same
time because it's not read-only. It doesn't give any MMU protection.
Mark it ____cacheline_aligned to not place it in a special section,
but just align it in .rodata
Cc: [email protected]
Suggested-by: Rasmus Villemoes <[email protected]>
Signed-off-by: Andi Kleen <[email protected]>
---
crypto/aes_generic.c | 8 ++++----
include/crypto/aes.h | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index 13df33aca463..fddcbe3edb0a 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -64,7 +64,7 @@ static inline u8 byte(const u32 x, const unsigned n)
static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
/* cacheline-aligned to facilitate prefetching into cache */
-__visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
{
0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
@@ -328,7 +328,7 @@ __visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
}
};
-__visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
{
0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
@@ -592,7 +592,7 @@ __visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
}
};
-__visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
{
0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
@@ -856,7 +856,7 @@ __visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
}
};
-__visible const u32 crypto_il_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
{
0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
0x00000030, 0x00000036, 0x000000a5, 0x00000038,
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 852eaa9cd4db..0fdb542c70cd 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -28,10 +28,10 @@ struct crypto_aes_ctx {
u32 key_length;
};
-extern const u32 crypto_ft_tab[4][256];
-extern const u32 crypto_fl_tab[4][256];
-extern const u32 crypto_it_tab[4][256];
-extern const u32 crypto_il_tab[4][256];
+extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_fl_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_il_tab[4][256] ____cacheline_aligned;
int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len);
--
2.20.1
On Sat, 30 Mar 2019 at 01:46, Andi Kleen <[email protected]> wrote:
>
> From: Andi Kleen <[email protected]>
>
> cacheline_aligned is a special section. It cannot be const at the same
> time because it's not read-only. It doesn't give any MMU protection.
>
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
>
> Cc: [email protected]
> Suggested-by: Rasmus Villemoes <[email protected]>
> Signed-off-by: Andi Kleen <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Fixes: 913a3aa07d ("crypto: arm/aes - add some hardening against
cache-timing attacks")
> ---
> crypto/aes_generic.c | 8 ++++----
> include/crypto/aes.h | 8 ++++----
> 2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
> index 13df33aca463..fddcbe3edb0a 100644
> --- a/crypto/aes_generic.c
> +++ b/crypto/aes_generic.c
> @@ -64,7 +64,7 @@ static inline u8 byte(const u32 x, const unsigned n)
> static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
>
> /* cacheline-aligned to facilitate prefetching into cache */
> -__visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
> {
> 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
> 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
> @@ -328,7 +328,7 @@ __visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
> }
> };
>
> -__visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
> {
> 0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
> 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
> @@ -592,7 +592,7 @@ __visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
> }
> };
>
> -__visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
> {
> 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
> 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
> @@ -856,7 +856,7 @@ __visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
> }
> };
>
> -__visible const u32 crypto_il_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
> {
> 0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
> 0x00000030, 0x00000036, 0x000000a5, 0x00000038,
> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
> index 852eaa9cd4db..0fdb542c70cd 100644
> --- a/include/crypto/aes.h
> +++ b/include/crypto/aes.h
> @@ -28,10 +28,10 @@ struct crypto_aes_ctx {
> u32 key_length;
> };
>
> -extern const u32 crypto_ft_tab[4][256];
> -extern const u32 crypto_fl_tab[4][256];
> -extern const u32 crypto_it_tab[4][256];
> -extern const u32 crypto_il_tab[4][256];
> +extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_fl_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_il_tab[4][256] ____cacheline_aligned;
>
> int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
> unsigned int key_len);
> --
> 2.20.1
>
Hi,
Le vendredi 29 mars 2019 à 17:46 -0700, Andi Kleen a écrit :
>
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
>
Small typo: commit title seems to suggests there's only 3 underscore
('___cacheline_aligned') instead of 4.
Regards.
--
Yann Droneaud
OPTEYA
On Fri, Mar 29, 2019 at 05:46:29PM -0700, Andi Kleen wrote:
> From: Andi Kleen <[email protected]>
>
> cacheline_aligned is a special section. It cannot be const at the same
> time because it's not read-only. It doesn't give any MMU protection.
>
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
>
> Cc: [email protected]
> Suggested-by: Rasmus Villemoes <[email protected]>
> Signed-off-by: Andi Kleen <[email protected]>
> ---
> crypto/aes_generic.c | 8 ++++----
> include/crypto/aes.h | 8 ++++----
> 2 files changed, 8 insertions(+), 8 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt