Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp772800rwl; Wed, 12 Apr 2023 04:03:49 -0700 (PDT) X-Google-Smtp-Source: AKy350bWZRcLtV6hB4InzhvPTVo0c3hgCcgxI1ql0bDSSpeimJAo60U8Jl1/rW67gvixnhdgAJlt X-Received: by 2002:a17:906:d4:b0:94b:cf11:1680 with SMTP id 20-20020a17090600d400b0094bcf111680mr1479132eji.4.1681297429199; Wed, 12 Apr 2023 04:03:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681297429; cv=none; d=google.com; s=arc-20160816; b=AflVjMWmdhfiQnHaneqLJiq/WwJUUgWLC2kqa9oVw/jmnkI8Xars3DsZ7eR7VUa17z m5UOtqU1W8zHPv61Xra96Y622BxIg12vWrdeAG3gPG+R6RlW/QP2ymJI1FGzJ4NvUR9E 2fC11pGDTRZbkf1MP5sIDBRNDuc8agGEWva4+59+joEhsuywNTlfDdicq2V2IYeRbh44 HFvtg9n/dps0wpMgAMrKoL0NYsejtAsrwRBHxdI5N7GpLSMcK7IZOJ2TdA5bGdP7izDU s17CsSqr+ZGhhBRBl/RsQixqVSQae+995zfjoNI6b/+0Bdvrk6em+h9hLFo3tRFjCvNE g76Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HVECx/LRvBs3kQO/bf8w5lvnCbsKdQKiefcgWZ7u4Fw=; b=IiaWRe2kBnPfNqAE27/CEqOzRrNILkK5U3Rc7aSBspVU8bPn139NtLz9CoUDdRCq+8 F2CGehrDUEG8qXq6v6N/ZwmZq1W4gKssurw4mTi9QZ4ZqdFSRDVPQHL+0x/f6QJrIiMO EOo7ioMhqzcplOCMEmkDtFQoE8/Y/hnZz2yi9g0W4NdKjBzuVkJd7t9sdztEs/hrArhs 4I78rSJNEcswhFwz4ve7D9Onyh0ZxYCswaYOngqv0Ppp6J+RS271wzbzwM5daX2qe4oy AUA6wUwbEjBEMPQSKJ+zhTDK8DyDM4hP4OBnXaQwNqfgZvAY/CbCwbgbB4z4apBVg4Sy HJnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aM4VIu+F; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bu11-20020a170906a14b00b0093dae541072si2875688ejb.524.2023.04.12.04.03.22; Wed, 12 Apr 2023 04:03:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aM4VIu+F; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229559AbjDLLA5 (ORCPT + 99 others); Wed, 12 Apr 2023 07:00:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229659AbjDLLAy (ORCPT ); Wed, 12 Apr 2023 07:00:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A0666A7A for ; Wed, 12 Apr 2023 04:00:51 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EA42C63256 for ; Wed, 12 Apr 2023 11:00:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3EA4DC433EF; Wed, 12 Apr 2023 11:00:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1681297250; bh=byw+Jg+9hm2CvseYnTXzAmr7kwzuwBHIZKxwiR9Q0+o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aM4VIu+FVsk96+BslgqN+KILMrukQfXkAuNyuwHHu+B3jDUJ2gMQUo5DVBZUAyE0W LIxKifrZuQsxW0WTIZ057R2MraWs2z8xbBb8emJhwE5qDAQi9P8ZMS+evWzmWoMPj4 9s3xViA8jP7c2V+gUVhrbg7vtxO9jrRfSylUxMi44mhaVypGOcNcfbLvfj9BF3+zaY BB3IiVJ/jskHfCISa5gBLyNUFpGqUgLEMU8Wz0SaIlNlecsXzWd3aXqrSqk+gbFiSE OJF4AS+2NiTcf3GsWYyjg77ssj6Ve0VVQTITwHvk/l780OZRSif0A2RYabWz9YhFbW oWvNM0EaQU05A== From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , Eric Biggers , Kees Cook Subject: [PATCH v2 02/13] crypto: x86/aesni - Use RIP-relative addressing Date: Wed, 12 Apr 2023 13:00:24 +0200 Message-Id: <20230412110035.361447-3-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412110035.361447-1-ardb@kernel.org> References: <20230412110035.361447-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3052; i=ardb@kernel.org; h=from:subject; bh=byw+Jg+9hm2CvseYnTXzAmr7kwzuwBHIZKxwiR9Q0+o=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIcWs32X+8z4Lho07d+nsFRLsXmJ4f0vVbk11p1WGH7Sl+ PZdPJ7ZUcrCIMbBICumyCIw+++7nacnStU6z5KFmcPKBDKEgYtTACYS+IGRYdGpL6Xsu7Lb/m5T teuWXcLWeWm/7w0/1bN5Vx4vXNFZqcTIcOxPyMxdhTLvc6587u+zCzi66PzN+tjdBgfNnsxInSl exwwA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Prefer RIP-relative addressing where possible, which removes the need for boot time relocation fixups. In the GCM case, we can get rid of the oversized permutation array entirely while at it. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/aesni-intel_asm.S | 2 +- arch/x86/crypto/aesni-intel_avx-x86_64.S | 36 ++++---------------- 2 files changed, 8 insertions(+), 30 deletions(-) diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S index 837c1e0aa0217783..ca99a2274d551015 100644 --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -2717,7 +2717,7 @@ SYM_FUNC_END(aesni_cts_cbc_dec) * BSWAP_MASK == endian swapping mask */ SYM_FUNC_START_LOCAL(_aesni_inc_init) - movaps .Lbswap_mask, BSWAP_MASK + movaps .Lbswap_mask(%rip), BSWAP_MASK movaps IV, CTR pshufb BSWAP_MASK, CTR mov $1, TCTR_LOW diff --git a/arch/x86/crypto/aesni-intel_avx-x86_64.S b/arch/x86/crypto/aesni-intel_avx-x86_64.S index 0852ab573fd306ac..b6ca80f188ff9418 100644 --- a/arch/x86/crypto/aesni-intel_avx-x86_64.S +++ b/arch/x86/crypto/aesni-intel_avx-x86_64.S @@ -154,30 +154,6 @@ SHIFT_MASK: .octa 0x0f0e0d0c0b0a09080706050403020100 ALL_F: .octa 0xffffffffffffffffffffffffffffffff .octa 0x00000000000000000000000000000000 -.section .rodata -.align 16 -.type aad_shift_arr, @object -.size aad_shift_arr, 272 -aad_shift_arr: - .octa 0xffffffffffffffffffffffffffffffff - .octa 0xffffffffffffffffffffffffffffff0C - .octa 0xffffffffffffffffffffffffffff0D0C - .octa 0xffffffffffffffffffffffffff0E0D0C - .octa 0xffffffffffffffffffffffff0F0E0D0C - .octa 0xffffffffffffffffffffff0C0B0A0908 - .octa 0xffffffffffffffffffff0D0C0B0A0908 - .octa 0xffffffffffffffffff0E0D0C0B0A0908 - .octa 0xffffffffffffffff0F0E0D0C0B0A0908 - .octa 0xffffffffffffff0C0B0A090807060504 - .octa 0xffffffffffff0D0C0B0A090807060504 - .octa 0xffffffffff0E0D0C0B0A090807060504 - .octa 0xffffffff0F0E0D0C0B0A090807060504 - .octa 0xffffff0C0B0A09080706050403020100 - .octa 0xffff0D0C0B0A09080706050403020100 - .octa 0xff0E0D0C0B0A09080706050403020100 - .octa 0x0F0E0D0C0B0A09080706050403020100 - - .text @@ -646,11 +622,13 @@ _get_AAD_rest4\@: _get_AAD_rest0\@: /* finalize: shift out the extra bytes we read, and align left. since pslldq can only shift by an immediate, we use - vpshufb and an array of shuffle masks */ - movq %r12, %r11 - salq $4, %r11 - vmovdqu aad_shift_arr(%r11), \T1 - vpshufb \T1, \T7, \T7 + vpshufb and a pair of shuffle masks */ + leaq ALL_F(%rip), %r11 + subq %r12, %r11 + vmovdqu 16(%r11), \T1 + andq $~3, %r11 + vpshufb (%r11), \T7, \T7 + vpand \T1, \T7, \T7 _get_AAD_rest_final\@: vpshufb SHUF_MASK(%rip), \T7, \T7 vpxor \T8, \T7, \T7 -- 2.39.2