Re: [PATCH v2] crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 26, 2020 at 08:49:07AM +0100, Ard Biesheuvel wrote:
> ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
> by silicon errata #1742098 and #1655431, respectively, where the second
> instruction of a AES instruction pair may execute twice if an interrupt
> is taken right after the first instruction consumes an input register of
> which a single 32-bit lane has been updated the last time it was modified.
> 
> This is not such a rare occurrence as it may seem: in counter mode, only
> the least significant 32-bit word is incremented in the absence of a
> carry, which makes our counter mode implementation susceptible to these
> errata.
> 
> So let's shuffle the counter assignments around a bit so that the most
> recent updates when the AES instruction pair executes are 128-bit wide.
> 
> [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
> [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
> 
> Cc: <stable@xxxxxxxxxxxxxxx> # v5.4+
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> v2: - add comment block describing the erratum and how it is being worked
>       around
>     - mention A57 as well as A72, as both are affected
> 
>  arch/arm/crypto/aes-ce-core.S | 32 ++++++++++++++------
>  1 file changed, 22 insertions(+), 10 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux