Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp835339ybi; Thu, 30 May 2019 07:29:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJR0HtREELZYS0CpglLPK05I2YPaFHgYhqJOT7MxBh9oTYo/vfNejOy4ZJ8/CHGwdCGXwa X-Received: by 2002:a17:90a:284d:: with SMTP id p13mr3615140pjf.111.1559226567831; Thu, 30 May 2019 07:29:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559226567; cv=none; d=google.com; s=arc-20160816; b=b5kYvKy2JBHm5elZhyYbnmODRLnQ2/XZ3TRm4+irXN0YLcTJ7PPWwnKeR/wQtuftZ5 5sqS8O8xZ6TVJ3IH76z7P66hjK0HOwXPVR+Td/YAT+TQFgOaBjJD3x8pZOf9YdRvMmoo +1oBQaoQtJeOrs/O/b18x6FfhagxTBqNgKJOTEBB2FORTlgtF1CDYzmKmYcTgUpDtfgz kkvB6faQ0LKAPfJmocwMlXLvU446pXgogMvAxxto4Bh9C8PQ4NUE5e9T9UNpABxUccyE aHt4DpvYwi2O+O86msPRMpcC7TxlqOCEzNzxsqF02dc4uGTBIECcrv9P95rpmMR76RU9 2uXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=1ZCcIn2Fw734nRU6CpDHWXMhDHV7F+Ltk873wP06S/g=; b=sN+YVkBJ6AEdmjfVX5Hd1QXKDcKJEFAypPi51TSmLrrDOGBDDXzzonFz5iaLVLmVWH deF9bVEzS72aVNxjNBW04Vv8dKneh9yjh1cZQ7naRXaUvUxmDy49AOQVHpYHAbY5UJ/b 1UcPyFuskP9EDfaiabhzmSxvWWYxk6OKdRek3Cl7R9+QxaeMlNglnvKksoPsesGUh0WE 2idWqGAasZ7l4rysgR8FF0skV0m4/5aqTOtidvVmkyUpt9GJi8WWxlE5jeAP6FJBfc7E u/eYOZtuvR27hi9gK1wABJUEbs8UgWefV3ojYFC7rvu0VBXBcueyn47PCJbVibojaF6V ELYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Jqd8neyC; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z17si3386558pgg.279.2019.05.30.07.29.12; Thu, 30 May 2019 07:29:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Jqd8neyC; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725870AbfE3O3I (ORCPT + 99 others); Thu, 30 May 2019 10:29:08 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:36882 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725440AbfE3O3I (ORCPT ); Thu, 30 May 2019 10:29:08 -0400 Received: by mail-io1-f68.google.com with SMTP id e5so5235454iok.4 for ; Thu, 30 May 2019 07:29:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1ZCcIn2Fw734nRU6CpDHWXMhDHV7F+Ltk873wP06S/g=; b=Jqd8neyCEkNuRN87YhxdFapVtvj+Tbefg7QKya79rtXFcXPvPfbDmD8/LhPlqb3JlP CLnYMuKeVNKY8zTXNbpyX/5sB/fXQYS9elMEpy3HKkwTasyzx0VhVei7/AzkjTDog7uo zIAdFN3YiNTUjjuep8yLqK/uca57TYPkXPbnI4MiquiezKEvElUQ5+4LzR366O9NX9tI gH83EfQVhKpzFbk3tI+w2MQ0ln7MLFlL/UTO1nvEcOvyGaNR2rXIfcmhGr6eVXJwPr1w LT1yegueCSEZe+ljgtOqA5+gasVT1P7p07GP3eu8ipfvmGBQmzMW5vU1bbO043BnJzy7 Onvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1ZCcIn2Fw734nRU6CpDHWXMhDHV7F+Ltk873wP06S/g=; b=brp8TuZSqkuSgT6A64BYlY+3Vj6mvn+EPKDZBemmPZmQfCgzZokmP7JSvBybxNcZNx 6HGHPqxp9ol8TUts7PYPUPPxzoHRBAoC4X4Xd100WSCP2rX+WPYJa6CT7Z4Fi94n76TX m/FaAKrWV7nARLqxdYWzew2kWf28za+jMJOS1SWf66UPFkvWyhGPmktQ9LAKyJh2vyik xNH8lB2asLHJ67Ya45PKGHoAMSHCkJF45HZI5tlZUiafDoZZ4cmfAOo4lFl3Hk5iLWmW jQM/TojV6NeBFI9ZeEB2i/N38Wz9quVS74hkOt6ALaNViGDN7Oee9rIlDSIOuktLrcNg L+lw== X-Gm-Message-State: APjAAAUa7kvVcGnVqRktoB/ye4A4a6whiufML5yQUCdS3kZSGWt7wRcZ 8Ad8AADjSZ/l23qH2nY1s3s5vQG2ftobzoPuRXiWEg== X-Received: by 2002:a5d:968e:: with SMTP id m14mr2838976ion.49.1559226547782; Thu, 30 May 2019 07:29:07 -0700 (PDT) MIME-Version: 1.0 References: <1559149856-7938-1-git-send-email-iuliana.prodan@nxp.com> <20190529202728.GA35103@gmail.com> <20190530133427.qrwjzctac2x6nsby@gondor.apana.org.au> <20190530142734.qlhgzeal22zxfhk5@gondor.apana.org.au> In-Reply-To: <20190530142734.qlhgzeal22zxfhk5@gondor.apana.org.au> From: Ard Biesheuvel Date: Thu, 30 May 2019 16:28:54 +0200 Message-ID: Subject: Re: [PATCH] crypto: gcm - fix cacheline sharing To: Herbert Xu Cc: Iuliana Prodan , Eric Biggers , "David S. Miller" , Horia Geanta , Sascha Hauer , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , dl-linux-imx Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 30 May 2019 at 16:27, Herbert Xu wrote: > > On Thu, May 30, 2019 at 03:55:07PM +0200, Ard Biesheuvel wrote: > > > > > Would this work? > > I see. You need to preserve the original IV. > > > > diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c > > > index c0ece44f303b..2ef2f76a3cb8 100644 > > > --- a/drivers/crypto/caam/caamalg.c > > > +++ b/drivers/crypto/caam/caamalg.c > > > @@ -1832,22 +1832,25 @@ static int skcipher_decrypt(struct > > > skcipher_request *req) > > > struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); > > > int ivsize = crypto_skcipher_ivsize(skcipher); > > > struct device *jrdev = ctx->jrdev; > > > + u8 out_iv[AES_BLOCK_SIZE]; > > > u32 *desc; > > > int ret = 0; > > > > > > - /* allocate extended descriptor */ > > > - edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); > > > - if (IS_ERR(edesc)) > > > - return PTR_ERR(edesc); > > > - > > > /* > > > * The crypto API expects us to set the IV (req->iv) to the last > > > * ciphertext block. > > > */ > > > if (ivsize) > > > - scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - > > > + scatterwalk_map_and_copy(out_iv, req->src, req->cryptlen - > > > ivsize, ivsize, 0); > > > > > > + /* allocate extended descriptor */ > > > + edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); > > > + if (IS_ERR(edesc)) > > > + return PTR_ERR(edesc); > > > + > > > + memcpy(req->iv, out_iv, ivsize); > > > + > > > /* Create and submit job descriptor*/ > > > init_skcipher_job(req, edesc, false); > > > desc = edesc->hw_desc; > > > > Umm never mind > > > > /me hides in shame > > So why doesn't this work? > Because the memcpy() occurs while the buffer is mapped for DMA, so it suffers from the exact same problem.