Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp7731234ybi; Thu, 6 Jun 2019 00:11:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqyrIu8Stx8FRWHwoNQaxYa1Pwf9hmMvDElKkZScOJLlzioBSEExoD866d/kR7qSa5tXx4dv X-Received: by 2002:a62:5387:: with SMTP id h129mr53042149pfb.6.1559805111166; Thu, 06 Jun 2019 00:11:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559805111; cv=none; d=google.com; s=arc-20160816; b=VwqDx63T9VCqQ16Ur3V6gVpo/9/Dfr4C3yA+HiOxy2KR9BP0tT/1R+mfIP7BQKWUob bH85Ib3IDYekNkRsvn/CZxvj99hcyaAV3hzXI2hy71xNPqnvUza67avCd0b3X42dkZFy sBTT949+dQvDXF6GW8V3kIom8JboKlAbW0wqJKSPCWaZQkBnnrQB5uPfi+RMPER2ndg/ WV07U2/xNUoF9MJ8ezNtx7WWJyjbcieZGnSFajeYbAFpLODEBXrEp/IdSP7UX9shBorI is2rx+DaAL6R0vB2v2iCz+RLiy9lttp11G1YY0VaI0thUWglIQHSTGF5XsFkV5dd09v/ WHjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-language:accept-language:references:message-id:date :thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=5A2Yp4IQbJFiax/+usUSdkY0IdyO9D6rI74ULukINbs=; b=y7VUjAhcLql9HNTn9+wQwvgdrcC5Q0LMw6bwjPMDncEhjeCfub+hRXChQK1DcFplwM P30ZdaCffXCClhy41r4JE0Hj/D6gMMy1SKCccfUr8iNvfxcPpkVLHetW6mXnHrdNRkCT Ee+Ffl6hJG5phhtTrorX/gMghoDMXe7BaPE/lCpkilIPeb0UlOYwqT9Xmty6tOX+wTuh Sz4gY7ySeXB4ArlqDHitrxzSHkTHKclHJtfv6dlCFR9Ktdidv9jiyVzNbeDhvXifc3tY Pc0Nx2xMSUCXKGM5qqBfyzMmUzn73dtctcb8QBfEoADnZb3Qv70bIaCAbvHTd1ABxBlf To9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=qOHNq0OJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z14si1161693pjt.99.2019.06.06.00.11.32; Thu, 06 Jun 2019 00:11:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nxp.com header.s=selector2 header.b=qOHNq0OJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726551AbfFFHKK (ORCPT + 99 others); Thu, 6 Jun 2019 03:10:10 -0400 Received: from mail-eopbgr50076.outbound.protection.outlook.com ([40.107.5.76]:35297 "EHLO EUR03-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725782AbfFFHKK (ORCPT ); Thu, 6 Jun 2019 03:10:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5A2Yp4IQbJFiax/+usUSdkY0IdyO9D6rI74ULukINbs=; b=qOHNq0OJF+2rPmIKUT37c/1TFCadbB1Ynxx9QjKLUkZuJY7wwnYCcxtf6TCse06n3l2Kj/P6gV/TR+Loa4emxcyhgI3oOVPjssBk7tGsUr8j+4vRv/MpjxU1BI91KYi9xbR8Yq49j2NruyJqda4ubeuOz2C1fm9RJ0UoutNbwuo= Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com (52.134.3.153) by VI1PR0402MB3821.eurprd04.prod.outlook.com (52.134.16.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Thu, 6 Jun 2019 07:10:06 +0000 Received: from VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::ccaf:f4a1:704a:e745]) by VI1PR0402MB3485.eurprd04.prod.outlook.com ([fe80::ccaf:f4a1:704a:e745%4]) with mapi id 15.20.1943.023; Thu, 6 Jun 2019 07:10:06 +0000 From: Horia Geanta To: Herbert Xu , Ard Biesheuvel CC: Iuliana Prodan , Eric Biggers , "David S. Miller" , Sascha Hauer , "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" , Linux Kernel Mailing List , dl-linux-imx Subject: Re: [PATCH] crypto: gcm - fix cacheline sharing Thread-Topic: [PATCH] crypto: gcm - fix cacheline sharing Thread-Index: AQHVHDJUFTzexZfnZkK5jYnCMHmb4A== Date: Thu, 6 Jun 2019 07:10:06 +0000 Message-ID: References: <20190530142734.qlhgzeal22zxfhk5@gondor.apana.org.au> <20190606063724.n77z7gaf32tmyxng@gondor.apana.org.au> <20190606064603.lvde6dproqi3vwcq@gondor.apana.org.au> <20190606065757.4agqd4poer4rexri@gondor.apana.org.au> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=horia.geanta@nxp.com; x-originating-ip: [78.96.98.22] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f0f05391-8976-4a4e-246a-08d6ea4e00ff x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:VI1PR0402MB3821; x-ms-traffictypediagnostic: VI1PR0402MB3821: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 00603B7EEF x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(136003)(39860400002)(346002)(366004)(396003)(376002)(189003)(199004)(25786009)(6436002)(81166006)(99286004)(4326008)(66476007)(2906002)(8676002)(81156014)(64756008)(66556008)(8936002)(66446008)(52536014)(54906003)(476003)(7696005)(5660300002)(446003)(256004)(73956011)(76116006)(91956017)(66946007)(71200400001)(14444005)(71190400001)(66066001)(7736002)(305945005)(86362001)(186003)(6246003)(26005)(33656002)(68736007)(53546011)(55016002)(6506007)(110136005)(9686003)(102836004)(486006)(3846002)(6116002)(76176011)(53936002)(74316002)(229853002)(478600001)(44832011)(316002)(14454004);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0402MB3821;H:VI1PR0402MB3485.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: /uNQQeDFRAPWMU3ZRN6uylGKi/BfzRyFRy6Eo3PPeC9ryoX8LRkCDqMMGwahks4rW8uhI50+WIrzpzoLBMy7JEzpogKVB90UM0ao4jTaa3js+B3Zy/Bu8IuUr/thFxKEpkfJBq+gEuF7OKAX09i0LfHBGcpU7oJUwayQV+zDq5JIyKLtvI/z71gnj5V4qy6cFuDDtJcDni3fsIcVkDG8tuyC9HSKWCdTVWaHuPooYLFwtyY6Ot9o4E9xuXWv6j40KK7pGnvQMiLRudlGXRQsJN1/eOSXmw8/6wVlV7RESOKIkb0DynB0DwjHNBELSIWKqypgqir0sV8R7rooxG8U0+oFWBN+n8RWGrv3ai8Vx/t5ZWBlrhIvywIN/c072O+/IoP+wjWUVs4O+XSvzm6e2e1VoPF4O8FXyLmumrnPEhc= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: f0f05391-8976-4a4e-246a-08d6ea4e00ff X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jun 2019 07:10:06.2384 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: horia.geanta@nxp.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0402MB3821 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 6/6/2019 9:58 AM, Herbert Xu wrote:=0A= > On Thu, Jun 06, 2019 at 08:53:10AM +0200, Ard Biesheuvel wrote:=0A= >>=0A= >> That same patch 'fixes' CBC, since CBC was never broken to begin with.= =0A= >> The CTS driver does not have something like the auth_tag sharing the=0A= >> same cacheline with the IV, so CBC has always worked fine.=0A= > =0A= > CBC is broken. Any crypto API user is allowed to place the IV=0A= > in the same position relative to the src/dst buffer. So the driver=0A= > must deal with it.=0A= > =0A= That's the theory.=0A= In practice we haven't encountered any issue so far, but yes this case has = to be=0A= handled properly.=0A= =0A= > It's just that the CTR/ghash combo happened to expose this first.=0A= > =0A= Yes, and that's what the patch is fixing.=0A= =0A= >> So I guess what you are after is a patch that, instead of dodging the=0A= >> issue by limiting the copy to CBC, does not perform the copy at all=0A= >> while anything is mapped for DMA? Then we can leave it up to the NXP=0A= >> engineers to fix CTR mode.=0A= > =0A= > Right, we definitely need to fix it for CBC, probably in the way that=0A= > you suggested.=0A= > =0A= Not really.=0A= I am in favor of using the HW to update the IV, which would work for all=0A= skcipher algorithms.=0A= I have the fix ready, will send it in a couple of days.=0A= =0A= Thanks,=0A= Horia=0A=