On 7 May 2014 00:42, gregkh@xxxxxxxxxxxxxxxxxxx <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Fri, Apr 11, 2014 at 09:48:42PM +0200, Ard Biesheuvel wrote: >> On 11 April 2014 18:03, gregkh@xxxxxxxxxxxxxxxxxxx >> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: >> > On Fri, Apr 04, 2014 at 10:11:19AM +0200, Ard Biesheuvel wrote: >> >> Greg, >> >> >> >> This pertains to commit 8ceee72808d1 (crypto: ghash-clmulni-intel - >> >> use C implementation for setkey()) that has been pulled by Linus >> >> during the current merge window. >> >> >> >> It is missing two things: >> >> - a cc to stable annotation >> >> - a fix for the sparse warning below (change cast from __be64 to __force __be64) >> >> >> >> The reason for cc'ing stable on this patch is that it fixes a >> >> potential data corruption issue where the ghash setkey() method uses >> >> SSE registers without calling kernel_fpu_begin() first. This issue was >> >> introduced by 0e1227d356e9b (crypto: ghash - Add PCLMULQDQ accelerated >> >> implementation). >> >> >> >> So how would you like to proceed with this? Should I propose a new >> >> patch somewhere? >> > >> > No problem, I'll apply this as-is. But it doesn't apply to the >> > 3.4-stable tree cleanly, can you send me a backported version if it's >> > still needed there as well? >> > >> >> Yes, the code was broken from the start. 3.4 version is attached, the >> only difference is the missing ENDPROC() at the end of the asm file. > > Now applied, thanks. > >> In the mean time, Herbert has submitted a fix for the sparse warning, >> but we settled on a different fix than I had suggested before. >> https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=0ea481466d1c >> >> Note that this code has not been tested (not by me, at least), so I >> wouldn't suggest you take it straight away, but if you care about the >> sparse warning, we could add a cc stable to it as well, I suppose. > > If it's a real bugfix that people can hit, then yse, I'll take it. Just > let me know when it hits Linus's tree. > Hardly. The only thing it fixes is a diagnostic related to the use of be128 where u128 is more appropriate, only this time, it changes the type throughout the file rather than using a __force cast when accessing the variable, as I did in my original fix. -- Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html