On 17 November 2017 at 19:50, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> Hi,
>
> I'd like the following patch to be applied to stable for versions
> between 4.1 and 4.10 (inclusively).
>
> This is a minimal fix for a bug where arm32 kernels can use a much
> slower implementation of AES than is actually available, potentially
> forcing vendors to disable encryption on their devices.
>
> Min version is 4.1 because that was the first version to include the
> aes-ce algorithms.
>
> Max version is 4.10 because in 4.11, this bug was fixed incidentally as
> part of a complete rewrite of the bit-sliced AES implementation.
>
> ---8<---
>
> All the aes-bs (bit-sliced) and aes-ce (cryptographic extensions)
> algorithms had a priority of 300. This is undesirable because it means
> an aes-bs algorithm may be used when an aes-ce algorithm is available.
> The aes-ce algorithms have much better performance (up to 10x faster).
>
I'd say up to 20x is more accurate.
> Fix it by decreasing the priority of the aes-bs algorithms to 250.
>
> This was fixed upstream by commit cc477bf64573 ("crypto: arm/aes -
> replace bit-sliced OpenSSL NEON code"), but it was just a small part of
> a complete rewrite. This patch just fixes the priority bug for older
> kernels.
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
Acked-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
> arch/arm/crypto/aesbs-glue.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm/crypto/aesbs-glue.c b/arch/arm/crypto/aesbs-glue.c
> index 0511a6cafe24..5d934a0039d7 100644
> --- a/arch/arm/crypto/aesbs-glue.c
> +++ b/arch/arm/crypto/aesbs-glue.c
> @@ -363,7 +363,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "cbc(aes)",
> .cra_driver_name = "cbc-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = AES_BLOCK_SIZE,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> @@ -383,7 +383,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "ctr(aes)",
> .cra_driver_name = "ctr-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = 1,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> @@ -403,7 +403,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "xts(aes)",
> .cra_driver_name = "xts-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = AES_BLOCK_SIZE,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> --
> 2.15.0.448.gf294e3d99a-goog
>