Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp243752pxb;
        Fri, 16 Apr 2021 04:43:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy2/SnpI4h1wvr61Lb2O5PnRQ6kjIzEhGkvfidh/YpkZi5tFrShobEcfQ3EQuKJMLRGeP0K
X-Received: by 2002:a05:6a00:1511:b029:24c:e3f9:cce6 with SMTP id q17-20020a056a001511b029024ce3f9cce6mr7619258pfu.28.1618573405193;
        Fri, 16 Apr 2021 04:43:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618573405; cv=none;
        d=google.com; s=arc-20160816;
        b=JJ0qpmWG25ruaOL64FlQRGsg3ikhKt1UTrHySu8MlfJleyqS0SlYisrQuizKWOhel2
         qw1UD2kfkBQUoSlL4xy85BP269xaMj3EfIjT1qqlT2zayc8ojD5tPJ8Vo9rG+vb66cS9
         w2iFB2Fz8h7y+p+7NZ52YXb27nx+GJHQDFCzsN13sWGrwBqN2DUcCoGc3oM0wt6Ro3bm
         l3MxEqv7X4+z1LY27yVUE60FfvZrNombjroeeeIE+z2+zSofiGbvTKtI5OxTK4QCfKwJ
         S2uY0dlrhmQSRVU2b197te4fSDW/JYAcS8jQRSQCPlEBWBzUOTgu/gqxUSEYHIFTQOhx
         zoIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=F9Bhvg9d0FHeEp4QGH3mfWozrlkpbc1wTIFUz2gX8wY=;
        b=YIW4UxpSb4qqQWCxO4ef06Lc9z7ZcYVKZRT2hPidX7DHrhytHRa107AAIHBbFb94vE
         kZVXzEtN/GktD8p0e89/n6vCLUzbFqdMdxytYLiiFq5SRH9kclOPIAfyxGR9uFkwySi4
         Ep1zOz2DseDnzGL1cgdeyUbZSYWBU/DGT72LRy3YbhBUWc3BadScsmubfsPeqH0lOA9b
         dfLldxZQ0XE+0fSRv+Gtc7YEM6EM2Gy9Lj0cuCSVYnX3Q5EUAEo+S2gcVlQv/o7nVG2u
         DyMWw4nexiXQr8A2l6+OwwstpLLVsTzxkK2vVRcSRdTW2Z3FZD20Cf4WR6NcLQbnsFLc
         Y2Mg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d13si1448938pgq.134.2021.04.16.04.43.11;
        Fri, 16 Apr 2021 04:43:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241812AbhDPLaj (ORCPT <rfc822;jere.viikari@gmail.com>
        + 99 others); Fri, 16 Apr 2021 07:30:39 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:53042 "EHLO fornost.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S235124AbhDPLah (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Fri, 16 Apr 2021 07:30:37 -0400
Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7])
        by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian))
        id 1lXMfq-0003L7-QI; Fri, 16 Apr 2021 21:30:11 +1000
Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 16 Apr 2021 21:30:10 +1000
Date:   Fri, 16 Apr 2021 21:30:10 +1000
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Ard Biesheuvel <ardb@kernel.org>
Cc:     linux-crypto@vger.kernel.org
Subject: Re: [PATCH] crypto: arm64/aes-ce - deal with oversight in new CTR
 carry code
Message-ID: <20210416113010.GE16633@gondor.apana.org.au>
References: <20210406142523.1101817-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210406142523.1101817-1-ardb@kernel.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, Apr 06, 2021 at 04:25:23PM +0200, Ard Biesheuvel wrote:
> The new carry handling code in the CTR driver can deal with a carry
> occurring in the 4x/5x parallel code path, by using a computed goto to
> jump into the carry sequence at the right place as to only apply the
> carry to a subset of the blocks being processed.
> 
> If the lower half of the counter wraps and ends up at exactly 0x0, a
> carry needs to be applied to the counter, but not to the counter values
> taken for the 4x/5x parallel sequence. In this case, the computed goto
> skips all register assignments, and branches straight to the jump
> instruction that gets us back to the fast path. This produces the
> correct result, but due to the fact that this branch target does not
> carry the correct BTI annotation, this fails when BTI is enabled.
> 
> Let's omit the computed goto entirely in this case, and jump straight
> back to the fast path after applying the carry to the main counter.
> 
> Fixes: 5318d3db465d ("crypto: arm64/aes-ctr - improve tail handling")
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  arch/arm64/crypto/aes-modes.S | 1 +
>  1 file changed, 1 insertion(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt