[PATCH] crypto: padlock-aes: Add ecx to outputs for rep instructions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The current constraints for inline "rep xcrypt*" instructions mark ecx
as an input only.  The compiler can therefore assume wrongly that ecx
holds the same value afterward, but in reality it will contain 0.

This previously led to data corruption, which was fixed around by
commit 46d8c4b28652 ("crypto: padlock-aes - Fix Nano workaround data
corruption").  But a future compiler or different optimisation
configuration could reintroduce the problem.  Update the constraints
to avoid this.

Fixes: a76c1c23d0c3 ("crypto: padlock-aes - work around Nano CPU ...")
Fixes: 46d8c4b28652 ("crypto: padlock-aes - Fix Nano workaround data ...")
Signed-off-by: Ben Hutchings <ben.hutchings@xxxxxxxxxxxxxxx>
---
This is totally untested, so don't assume I know what I'm talking
about. :-)

Ben.

 drivers/crypto/padlock-aes.c | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c
index 09d823d36d3a..079b85bf657d 100644
--- a/drivers/crypto/padlock-aes.c
+++ b/drivers/crypto/padlock-aes.c
@@ -191,16 +191,16 @@ static inline void rep_xcrypt_ecb(const u8 *input, u8 *output, void *key,
 				  struct cword *control_word, int count)
 {
 	asm volatile (".byte 0xf3,0x0f,0xa7,0xc8"	/* rep xcryptecb */
-		      : "+S"(input), "+D"(output)
-		      : "d"(control_word), "b"(key), "c"(count));
+		      : "+S"(input), "+D"(output), "+c"(count)
+		      : "d"(control_word), "b"(key));
 }
 
 static inline u8 *rep_xcrypt_cbc(const u8 *input, u8 *output, void *key,
 				 u8 *iv, struct cword *control_word, int count)
 {
 	asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"	/* rep xcryptcbc */
-		      : "+S" (input), "+D" (output), "+a" (iv)
-		      : "d" (control_word), "b" (key), "c" (count));
+		      : "+S" (input), "+D" (output), "+a" (iv), "+c" (count)
+		      : "d" (control_word), "b" (key));
 	return iv;
 }
 
@@ -270,12 +270,12 @@ static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key,
 
 	if (initial)
 		asm volatile (".byte 0xf3,0x0f,0xa7,0xc8"	/* rep xcryptecb */
-			      : "+S"(input), "+D"(output)
-			      : "d"(control_word), "b"(key), "c"(initial));
+			      : "+S"(input), "+D"(output), "+c"(initial)
+			      : "d"(control_word), "b"(key));
 
 	asm volatile (".byte 0xf3,0x0f,0xa7,0xc8"	/* rep xcryptecb */
-		      : "+S"(input), "+D"(output)
-		      : "d"(control_word), "b"(key), "c"(count));
+		      : "+S"(input), "+D"(output), "+c"(count)
+		      : "d"(control_word), "b"(key));
 }
 
 static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key,
@@ -290,12 +290,13 @@ static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key,
 
 	if (initial)
 		asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"	/* rep xcryptcbc */
-			      : "+S" (input), "+D" (output), "+a" (iv)
-			      : "d" (control_word), "b" (key), "c" (initial));
+			      : "+S" (input), "+D" (output), "+a" (iv),
+				"+c" (initial)
+			      : "d" (control_word), "b" (key));
 
 	asm volatile (".byte 0xf3,0x0f,0xa7,0xd0"	/* rep xcryptcbc */
-		      : "+S" (input), "+D" (output), "+a" (iv)
-		      : "d" (control_word), "b" (key), "c" (count));
+		      : "+S" (input), "+D" (output), "+a" (iv), "+c" (count)
+		      : "d" (control_word), "b" (key));
 	return iv;
 }
 
-- 
Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux