Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp215213pxk;
        Wed, 16 Sep 2020 02:29:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwSQLdTeeYhkR3MLKJCkydEbAIH5zsr9Ui+2ByoKLcavmR5hXmeqORYfWv9uD2F/cP059bw
X-Received: by 2002:a17:907:432b:: with SMTP id ob19mr24545972ejb.400.1600248545951;
        Wed, 16 Sep 2020 02:29:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600248545; cv=none;
        d=google.com; s=arc-20160816;
        b=eLYujZd33JkzZGf6qIX41S8sICJ+R//tu7vMbmIoqZrhGIV/om8B3jFdxDAkhBFNl/
         fqbVBP9iYhNp3P3cv5Jd/8YrIOAB6Q87itVkr7aHiS+kyvsuW2MnLuSs3HcNpFwBWH3X
         QqPXVtfJ+WMyk3LNBg93KS9Y2On/b9Zn5yma1hBpOYB7W3WvTFrhpudZV2ccK24FkHMx
         qNDaTTD3HXJy9hK22UP91cKfhvfT6F6dbujGW3geItCy5aLiPEDwMKFAcK9RYi1O/vNx
         jf4lVUQhH64tDUNx3TgA95XBvUmDrEhs7p/DnisadQg74U7i5IMZ396jHm7zhIVp91bA
         d5ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:message-id:subject:from:to:cc
         :references:in-reply-to:content-transfer-encoding:mime-version;
        bh=phSV/MU0Hfu6jEmQQ5qbqCa0Azxfsar+R1S3qrY/n3o=;
        b=PDIM8madKCuyYPjega7lkJWnVBvLAIvAFjuFTFOKr0KdLp/NYCS52CtYJaUmhOtLCJ
         fCN0uGQpi0P0Q+k6EeddWAD6FmZwBTB3ZKLOrLYR7HZISxB76BolOYWxb4H2oHtJgaTL
         /nALFmt9s70Ax/SRKIA/hXRYnbZPS7oUdTpMRG4KuqIw+ewWzu2s/8bHhVYYw0FHKpxU
         sr7evTuXINo9U6VH8xEFNdWQ5gICjT1AopdoI6rjX6m+ARhgZpmkmCGaHgVgMzac9TNB
         nGXh7vFteU3Bldj0vswg03fKgbUWeI5fptyin5IHE5P0d/sX3N62JfeIUc/9PQkURMEV
         zK8w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a25si12130731ejx.145.2020.09.16.02.28.35;
        Wed, 16 Sep 2020 02:29:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726425AbgIPJ2e convert rfc822-to-8bit (ORCPT
        <rfc822;rajesh.android@gmail.com> + 99 others);
        Wed, 16 Sep 2020 05:28:34 -0400
Received: from relay5-d.mail.gandi.net ([217.70.183.197]:49973 "EHLO
        relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726149AbgIPJ2d (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 16 Sep 2020 05:28:33 -0400
X-Originating-IP: 90.76.143.236
Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236])
        (Authenticated sender: antoine.tenart@bootlin.com)
        by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 1CECE1C0005;
        Wed, 16 Sep 2020 09:28:29 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
In-Reply-To: <1599545445-5716-1-git-send-email-pvanleeuwen@rambus.com>
References: <1599545445-5716-1-git-send-email-pvanleeuwen@rambus.com>
Cc:     herbert@gondor.apana.org.au, davem@davemloft.net,
        Pascal van Leeuwen <pvanleeuwen@rambus.com>
To:     Pascal van Leeuwen <pvanleeuwen@rambus.com>,
        linux-crypto@vger.kernel.org
From:   Antoine Tenart <antoine.tenart@bootlin.com>
Subject: Re: [PATCH] crypto: inside-secure - Prevent missing of processing errors
Message-ID: <160024850785.39497.13746876037464237291@kwain>
Date:   Wed, 16 Sep 2020 11:28:28 +0200
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi Pascal,

Quoting Pascal van Leeuwen (2020-09-08 08:10:45)
> On systems with coherence issues, packet processed could succeed while
> it should have failed, e.g. because of an authentication fail.
> This is because the driver would read stale status information that had
> all error bits initialised to zero = no error.
> Since this is potential a security risk, we want to prevent it from being
> a possibility at all. So initialize all error bits to error state, so
> that reading stale status information will always result in errors.
> 
> Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com>

Acked-by: Antoine Tenart <antoine.tenart@bootlin.com>

Thanks!
Antoine

> ---
>  drivers/crypto/inside-secure/safexcel_ring.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/crypto/inside-secure/safexcel_ring.c b/drivers/crypto/inside-secure/safexcel_ring.c
> index e454c3d..90f1503 100644
> --- a/drivers/crypto/inside-secure/safexcel_ring.c
> +++ b/drivers/crypto/inside-secure/safexcel_ring.c
> @@ -236,8 +236,8 @@ struct safexcel_result_desc *safexcel_add_rdesc(struct safexcel_crypto_priv *pri
>  
>         rdesc->particle_size = len;
>         rdesc->rsvd0 = 0;
> -       rdesc->descriptor_overflow = 0;
> -       rdesc->buffer_overflow = 0;
> +       rdesc->descriptor_overflow = 1; /* assume error */
> +       rdesc->buffer_overflow = 1;     /* assume error */
>         rdesc->last_seg = last;
>         rdesc->first_seg = first;
>         rdesc->result_size = EIP197_RD64_RESULT_SIZE;
> @@ -245,9 +245,10 @@ struct safexcel_result_desc *safexcel_add_rdesc(struct safexcel_crypto_priv *pri
>         rdesc->data_lo = lower_32_bits(data);
>         rdesc->data_hi = upper_32_bits(data);
>  
> -       /* Clear length & error code in result token */
> +       /* Clear length in result token */
>         rtoken->packet_length = 0;
> -       rtoken->error_code = 0;
> +       /* Assume errors - HW will clear if not the case */
> +       rtoken->error_code = 0x7fff;
>  
>         return rdesc;
>  }
> -- 
> 1.8.3.1
> 

-- 
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com