On Fri, Apr 04, 2014 at 03:03:55PM +0200, Ard Biesheuvel wrote: > On 4 April 2014 14:25, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Apr 01, 2014 at 08:48:24PM +0800, Herbert Xu wrote: > >> On Tue, Apr 01, 2014 at 02:37:20PM +0200, Ard Biesheuvel wrote: > >> > On 1 April 2014 13:23, kbuild test robot <fengguang.wu@xxxxxxxxx> wrote: > >> > > tree: git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git master > >> > > head: 8ceee72808d1ae3fb191284afc2257a2be964725 > >> > > commit: 8ceee72808d1ae3fb191284afc2257a2be964725 [60/60] crypto: ghash-clmulni-intel - use C implementation for setkey() > >> > > reproduce: make C=1 CF=-D__CHECK_ENDIAN__ > >> > > > >> > > > >> > > sparse warnings: (new ones prefixed by >>) > >> > > > >> > >>> arch/x86/crypto/ghash-clmulni-intel_glue.c:71:25: sparse: cast to restricted __be64 > >> > >>> arch/x86/crypto/ghash-clmulni-intel_glue.c:72:25: sparse: cast to restricted __be64 > >> > > > >> > > >> > Sigh. > >> > > >> > The sparse warnings /without/ the be64 casts are even worse. > >> > > >> > The obvious fix is not to use a be128 for the key, as it is obviously > >> > an opaque type that just represents a byte array. > >> > So, Herbert, if you prefer, I can rework this patch to use be128 > >> > instead of u128 inside struct ghash_ctx, but it will have some fallout > >> > throughout the file. Or instead, we cast to '__force __be64', > >> > basically just telling sparse to shut up ... > >> > >> I'll add the __force to shut it up. Thanks! > > > > On closer inspection I think your suggestion to use u128 makes > > more sense. So I have added the following patch to cryptodev. > > > > commit 91eef5ab1b378e10e6f87c28c9bb46614a1cc491 > > Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > Date: Fri Apr 4 20:24:03 2014 +0800 > > > > crypto: ghash-clmulni-intel - Use u128 instead of be128 for internal key > > > > The internal key isn't actually in big-endian format so let's switch > > to u128 which also happens to allow us to remove a sparse warning. > > > > Based on suggestion by Ard Biesheuvel. > > > > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > > > diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S > > index 185fad4..5d1e007 100644 > > --- a/arch/x86/crypto/ghash-clmulni-intel_asm.S > > +++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S > > @@ -92,7 +92,7 @@ __clmul_gf128mul_ble: > > ret > > ENDPROC(__clmul_gf128mul_ble) > > > > -/* void clmul_ghash_mul(char *dst, const be128 *shash) */ > > +/* void clmul_ghash_mul(char *dst, const u128 *shash) */ > > ENTRY(clmul_ghash_mul) > > movups (%rdi), DATA > > movups (%rsi), SHASH > > @@ -106,7 +106,7 @@ ENDPROC(clmul_ghash_mul) > > > > /* > > * void clmul_ghash_update(char *dst, const char *src, unsigned int srclen, > > - * const be128 *shash); > > + * const u128 *shash); > > */ > > ENTRY(clmul_ghash_update) > > cmp $16, %rdx > > diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c > > index d785cf2..00eacd2 100644 > > --- a/arch/x86/crypto/ghash-clmulni-intel_glue.c > > +++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c > > @@ -25,17 +25,17 @@ > > #define GHASH_BLOCK_SIZE 16 > > #define GHASH_DIGEST_SIZE 16 > > > > -void clmul_ghash_mul(char *dst, const be128 *shash); > > +void clmul_ghash_mul(char *dst, const u128 *shash); > > > > void clmul_ghash_update(char *dst, const char *src, unsigned int srclen, > > - const be128 *shash); > > + const u128 *shash); > > > > struct ghash_async_ctx { > > struct cryptd_ahash *cryptd_tfm; > > }; > > > > struct ghash_ctx { > > - be128 shash; > > + u128 shash; > > }; > > > > struct ghash_desc_ctx { > > @@ -68,11 +68,11 @@ static int ghash_setkey(struct crypto_shash *tfm, > > a = be64_to_cpu(x->a); > > b = be64_to_cpu(x->b); > > > > - ctx->shash.a = (__be64)((b << 1) | (a >> 63)); > > - ctx->shash.b = (__be64)((a << 1) | (b >> 63)); > > + ctx->shash.a = (b << 1) | (a >> 63); > > + ctx->shash.b = (a << 1) | (b >> 63); > > > > if (a >> 63) > > - ctx->shash.b ^= cpu_to_be64(0xc2); > > + ctx->shash.b ^= ((u64)0xc2) << 48; > > > > I think you mean '0xc2 << 56' here > > Other than that: > Acked-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> Thanks for catching the error. I'll fix it and add your ack. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html