On Thu, Jun 06, 2019 at 08:53:10AM +0200, Ard Biesheuvel wrote: > > That same patch 'fixes' CBC, since CBC was never broken to begin with. > The CTS driver does not have something like the auth_tag sharing the > same cacheline with the IV, so CBC has always worked fine. CBC is broken. Any crypto API user is allowed to place the IV in the same position relative to the src/dst buffer. So the driver must deal with it. It's just that the CTR/ghash combo happened to expose this first. > So I guess what you are after is a patch that, instead of dodging the > issue by limiting the copy to CBC, does not perform the copy at all > while anything is mapped for DMA? Then we can leave it up to the NXP > engineers to fix CTR mode. Right, we definitely need to fix it for CBC, probably in the way that you suggested. We should fix CTR too but at least it should be obviously broken as the self-test should catch this case now. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt