Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp838651ybi; Thu, 30 May 2019 07:32:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqyiToFn7fC0LO0VcPCthv1bEciDU1VQ92H12kPDthUT235XlaC5mXUpvGfJAZZ62aS02qcq X-Received: by 2002:a17:90a:f992:: with SMTP id cq18mr3693308pjb.54.1559226735042; Thu, 30 May 2019 07:32:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559226735; cv=none; d=google.com; s=arc-20160816; b=rcVy+YocLSlp0Lnf8Vf7R7VnOKIZFxdWzlXuAtoWgi8K/P/MEofMjn/QSC4wL0ox09 lRSR4v5wyDuNZuX2oNn9qmeXwsxF3hO5zzkWAVwV5FvMoGCrcliFYMFBIQcOnCwpn0eZ Q3IK1VjjU4RATZa3cMRlgTcdJ6hXPUYwNpsA9D5HNtZQA35Q7QoblWwhZmLHIrBcbf/5 LqTJTG4otcWQrh/1YSQDuApTt0NEH98dO+lOCH2n/HGOXekXOw7L/Nwdclj0XgRezHWv oHOj3rALPQa4G4qVS48OHbySATS1NJH9joKPyMED32wBv4H5u45BU5YzQatACNZVaBR7 LK6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=d9z/WdVRRf6vdfFIoG1dq2l7RwLG3vNFiWTkrU7D/nk=; b=uDAEjm3Pp9H311ETi9gcPOVq/XILLBP48SI8Z3p/PIEAaW6kBTd8PG0/7lGFAq/wg6 gdbcEtBB8VDpPxNkfqwSQfWToW1X6c+cVTEHN4gXti4Mb1V7ubfhikpGAFsM/TNMWKJo I4FojFi2Y61G5A6V5DIeKkOCOh54djXOoJzKaKLKgVH5sYSDnyI99UYVq/nfqxN66zQI gxkI7Mzr+dZyOmQuiJxL9g5Oy3lTdG+gctnOH0mnUhKowjGZ4QpKC/wsq0/XDIgOHrXQ FHTTgNmBQL8N1c4+fIToVO5QorKLquhzxD3k2nl7OtngQYzEzcTQrMHlvtgZv7idiYuI cw6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZMmhaKbW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z18si3322097pgv.229.2019.05.30.07.31.58; Thu, 30 May 2019 07:32:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZMmhaKbW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726824AbfE3ObX (ORCPT + 99 others); Thu, 30 May 2019 10:31:23 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:46630 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725440AbfE3ObX (ORCPT ); Thu, 30 May 2019 10:31:23 -0400 Received: by mail-io1-f66.google.com with SMTP id u25so5193192iot.13 for ; Thu, 30 May 2019 07:31:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d9z/WdVRRf6vdfFIoG1dq2l7RwLG3vNFiWTkrU7D/nk=; b=ZMmhaKbW4Cn70U73eCpnJ5yejbxfst26fJzumTLlslyElxjp9fcBkEGZMScFosMuxt zMqAo9SQrjNXO8KxO2H+kxjnhJcY3+kkQYiVcuxufFL7Br8UIF0OwfjgyL3cnUKajLhO kPVG1au5pp50+mX1/xRxiYbNt/wgI04qCbadJs17CI0/TW7wWEnxAZCuG0L5giUOMJ8O kqzTB/SZRhWy1++ixHA48Ev+SNsjJCQIUT6oDhK8GjehQl04JmiS2VTiNwVJJjIM89jh +YXHQgdHpTxC+L7J7BE7ir3kiMivB1cSlkY+dyxYxDJ9vq+uVwWEKU45lzb3RN6QqEaI ug+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d9z/WdVRRf6vdfFIoG1dq2l7RwLG3vNFiWTkrU7D/nk=; b=qcNgScTLC0nY2pQiOihFwWAoRRSgUViXR9DiG5l4XScFGZ2D5ycdYdw0fgV3U6QMxN Le8xSFUEWVFCEPbRIB+Uv+WjDAx52Nl6X8qx5mEEt4ewhFSoA21vEMkvY6qi+oZUSDbJ zghVJPxK3PpM7aJLwbezyWJIr+43IR3uDMlARWgdNyIcRp7gujb4zXZMxYOfFjgG2Zwb AN1ntVLblVfyZ/3FCxXYXIM8LvDI5ab5IC5WGYYX8zRgLd6htGkj6kajxSGfIp6AAZmg 9DFgWTiig5Y1S8KyLauN67gXAunINZUVhHZn0sz/FmB5gfmN7cAm+27ST3qUnylaW3Oj h+Sw== X-Gm-Message-State: APjAAAVNosneWat1Um/SyRh0ilH2Xj2o7U8mp1Iazr8OT75QpOXxw2Rf gDIpKASY0kg1t55puniF5yfudJdUZ9DJUvtbcPpfBm9VTFhcuQ== X-Received: by 2002:a5d:9402:: with SMTP id v2mr2780864ion.128.1559226682223; Thu, 30 May 2019 07:31:22 -0700 (PDT) MIME-Version: 1.0 References: <1559149856-7938-1-git-send-email-iuliana.prodan@nxp.com> <20190529202728.GA35103@gmail.com> <20190530133427.qrwjzctac2x6nsby@gondor.apana.org.au> <20190530142734.qlhgzeal22zxfhk5@gondor.apana.org.au> In-Reply-To: From: Ard Biesheuvel Date: Thu, 30 May 2019 16:31:09 +0200 Message-ID: Subject: Re: [PATCH] crypto: gcm - fix cacheline sharing To: Herbert Xu Cc: Iuliana Prodan , Eric Biggers , "David S. Miller" , Horia Geanta , Sascha Hauer , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , dl-linux-imx Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, 30 May 2019 at 16:28, Ard Biesheuvel wrote: > > On Thu, 30 May 2019 at 16:27, Herbert Xu wrote: > > > > On Thu, May 30, 2019 at 03:55:07PM +0200, Ard Biesheuvel wrote: > > > > > > > Would this work? > > > > I see. You need to preserve the original IV. > > > > > > diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c > > > > index c0ece44f303b..2ef2f76a3cb8 100644 > > > > --- a/drivers/crypto/caam/caamalg.c > > > > +++ b/drivers/crypto/caam/caamalg.c > > > > @@ -1832,22 +1832,25 @@ static int skcipher_decrypt(struct > > > > skcipher_request *req) > > > > struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); > > > > int ivsize = crypto_skcipher_ivsize(skcipher); > > > > struct device *jrdev = ctx->jrdev; > > > > + u8 out_iv[AES_BLOCK_SIZE]; > > > > u32 *desc; > > > > int ret = 0; > > > > > > > > - /* allocate extended descriptor */ > > > > - edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); > > > > - if (IS_ERR(edesc)) > > > > - return PTR_ERR(edesc); > > > > - > > > > /* > > > > * The crypto API expects us to set the IV (req->iv) to the last > > > > * ciphertext block. > > > > */ > > > > if (ivsize) > > > > - scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - > > > > + scatterwalk_map_and_copy(out_iv, req->src, req->cryptlen - > > > > ivsize, ivsize, 0); > > > > > > > > + /* allocate extended descriptor */ > > > > + edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); > > > > + if (IS_ERR(edesc)) > > > > + return PTR_ERR(edesc); > > > > + > > > > + memcpy(req->iv, out_iv, ivsize); > > > > + > > > > /* Create and submit job descriptor*/ > > > > init_skcipher_job(req, edesc, false); > > > > desc = edesc->hw_desc; > > > > > > Umm never mind > > > > > > /me hides in shame > > > > So why doesn't this work? > > > > Because the memcpy() occurs while the buffer is mapped for DMA, so it > suffers from the exact same problem. This might work: diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index c0ece44f303b..3d313d2a279a 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -1661,7 +1661,8 @@ static int aead_decrypt(struct aead_request *req) * allocate and map the skcipher extended descriptor for skcipher */ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, - int desc_bytes) + int desc_bytes, + u8 const *input_iv) { struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req); struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); @@ -1745,7 +1746,7 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, /* Make sure IV is located in a DMAable area */ if (ivsize) { iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; - memcpy(iv, req->iv, ivsize); + memcpy(iv, input_iv, ivsize); iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_TO_DEVICE); if (dma_mapping_error(jrdev, iv_dma)) { @@ -1801,7 +1802,8 @@ static int skcipher_encrypt(struct skcipher_request *req) int ret = 0; /* allocate extended descriptor */ - edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); + edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ, + req->iv); if (IS_ERR(edesc)) return PTR_ERR(edesc); @@ -1832,13 +1834,11 @@ static int skcipher_decrypt(struct skcipher_request *req) struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher); int ivsize = crypto_skcipher_ivsize(skcipher); struct device *jrdev = ctx->jrdev; + u8 in_iv[AES_BLOCK_SIZE]; u32 *desc; int ret = 0; - /* allocate extended descriptor */ - edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ); - if (IS_ERR(edesc)) - return PTR_ERR(edesc); + memcpy(in_iv, req->iv, ivsize); /* * The crypto API expects us to set the IV (req->iv) to the last @@ -1848,6 +1848,11 @@ static int skcipher_decrypt(struct skcipher_request *req) scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - ivsize, ivsize, 0); + /* allocate extended descriptor */ + edesc = skcipher_edesc_alloc(req, DESC_JOB_IO_LEN * CAAM_CMD_SZ, in_iv); + if (IS_ERR(edesc)) + return PTR_ERR(edesc); + /* Create and submit job descriptor*/ init_skcipher_job(req, edesc, false); desc = edesc->hw_desc;