On Tue, Apr 06, 2021 at 04:25:23PM +0200, Ard Biesheuvel wrote:
> The new carry handling code in the CTR driver can deal with a carry
> occurring in the 4x/5x parallel code path, by using a computed goto to
> jump into the carry sequence at the right place as to only apply the
> carry to a subset of the blocks being processed.
>
> If the lower half of the counter wraps and ends up at exactly 0x0, a
> carry needs to be applied to the counter, but not to the counter values
> taken for the 4x/5x parallel sequence. In this case, the computed goto
> skips all register assignments, and branches straight to the jump
> instruction that gets us back to the fast path. This produces the
> correct result, but due to the fact that this branch target does not
> carry the correct BTI annotation, this fails when BTI is enabled.
>
> Let's omit the computed goto entirely in this case, and jump straight
> back to the fast path after applying the carry to the main counter.
>
> Fixes: 5318d3db465d ("crypto: arm64/aes-ctr - improve tail handling")
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> arch/arm64/crypto/aes-modes.S | 1 +
> 1 file changed, 1 insertion(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
