commit d4a7dd8e637b322faaa934ffcd6dd07711af831f · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[CRYPTO] padlock: Fix spurious ECB page fault

The xcryptecb instruction always processes an even number of blocks so
we need to ensure th existence of an extra block if we have to process
an odd number of blocks.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu 18 years ago d4a7dd8e 38cb2419

+49 -4

1 changed file

expand all

unified split

drivers

crypto

padlock-aes.c

+49 -4

drivers/crypto/padlock-aes.c

··· 419 419 /* ====== Encryption/decryption routines ====== */ 420 420 421 421 /* These are the real call to PadLock. */ 422 + static inline void padlock_xcrypt(const u8 *input, u8 *output, void *key, 423 + void *control_word) 424 + { 425 + asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ 426 + : "+S"(input), "+D"(output) 427 + : "d"(control_word), "b"(key), "c"(1)); 428 + } 429 + 430 + static void aes_crypt_copy(const u8 *in, u8 *out, u32 *key, struct cword *cword) 431 + { 432 + u8 tmp[AES_BLOCK_SIZE * 2] 433 + __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); 434 + 435 + memcpy(tmp, in, AES_BLOCK_SIZE); 436 + padlock_xcrypt(tmp, out, key, cword); 437 + } 438 + 439 + static inline void aes_crypt(const u8 *in, u8 *out, u32 *key, 440 + struct cword *cword) 441 + { 442 + asm volatile ("pushfl; popfl"); 443 + 444 + /* padlock_xcrypt requires at least two blocks of data. */ 445 + if (unlikely(!(((unsigned long)in ^ (PAGE_SIZE - AES_BLOCK_SIZE)) & 446 + (PAGE_SIZE - 1)))) { 447 + aes_crypt_copy(in, out, key, cword); 448 + return; 449 + } 450 + 451 + padlock_xcrypt(in, out, key, cword); 452 + } 453 + 422 454 static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key, 423 455 void *control_word, u32 count) 424 456 { 457 + if (count == 1) { 458 + aes_crypt(input, output, key, control_word); 459 + return; 460 + } 461 + 425 462 asm volatile ("pushfl; popfl"); /* enforce key reload. */ 426 - asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ 463 + asm volatile ("test $1, %%cl;" 464 + "je 1f;" 465 + "lea -1(%%ecx), %%eax;" 466 + "mov $1, %%ecx;" 467 + ".byte 0xf3,0x0f,0xa7,0xc8;" /* rep xcryptecb */ 468 + "mov %%eax, %%ecx;" 469 + "1:" 470 + ".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ 427 471 : "+S"(input), "+D"(output) 428 - : "d"(control_word), "b"(key), "c"(count)); 472 + : "d"(control_word), "b"(key), "c"(count) 473 + : "ax"); 429 474 } 430 475 431 476 static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, ··· 488 443 static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 489 444 { 490 445 struct aes_ctx *ctx = aes_ctx(tfm); 491 - padlock_xcrypt_ecb(in, out, ctx->E, &ctx->cword.encrypt, 1); 446 + aes_crypt(in, out, ctx->E, &ctx->cword.encrypt); 492 447 } 493 448 494 449 static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) 495 450 { 496 451 struct aes_ctx *ctx = aes_ctx(tfm); 497 - padlock_xcrypt_ecb(in, out, ctx->D, &ctx->cword.decrypt, 1); 452 + aes_crypt(in, out, ctx->D, &ctx->cword.decrypt); 498 453 } 499 454 500 455 static struct crypto_alg aes_alg = {