On Thu, Nov 26, 2020 at 08:49:07AM +0100, Ard Biesheuvel wrote: > ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected > by silicon errata #1742098 and #1655431, respectively, where the second > instruction of a AES instruction pair may execute twice if an interrupt > is taken right after the first instruction consumes an input register of > which a single 32-bit lane has been updated the last time it was modified. > > This is not such a rare occurrence as it may seem: in counter mode, only > the least significant 32-bit word is incremented in the absence of a > carry, which makes our counter mode implementation susceptible to these > errata. > > So let's shuffle the counter assignments around a bit so that the most > recent updates when the AES instruction pair executes are 128-bit wide. > > [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice > [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice > > Cc: <stable@xxxxxxxxxxxxxxx> # v5.4+ > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > v2: - add comment block describing the erratum and how it is being worked > around > - mention A57 as well as A72, as both are affected > > arch/arm/crypto/aes-ce-core.S | 32 ++++++++++++++------ > 1 file changed, 22 insertions(+), 10 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
