From patchwork Wed Jan 10 12:11:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124069 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5196899qgn; Wed, 10 Jan 2018 04:11:52 -0800 (PST) X-Google-Smtp-Source: ACJfBouu1BA5LEFVjgkGbhqy35hghA2ptKRVdAuvtUd6fFh7MLJ3dbWYEUGRWtIrEAWLGGZxvUvA X-Received: by 10.84.232.9 with SMTP id h9mr6175661plk.46.1515586312917; Wed, 10 Jan 2018 04:11:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586312; cv=none; d=google.com; s=arc-20160816; b=urSBiv+Qh+nCTWXKcK+VL0kItSAkg+h7y00w1ksGqntAa65f1fZlO2fXH0axosQODU VOHi+ATaH9G221yPNYmYMPJ78vioP2333RassnhNzPfNGOa34JZWPoDas8eW2dp+pp1L mIbUFpQehS0mj9y2mewEGm/2RLDo4rHYG3MJOeg3nUBdL6fG5Pm4TGHmb428YNH2TX8V BepJL3xDjikeuR4Uh8RajPEICiB/lW/66cbF2pvElvYaCSZeJ9QaEtaud92J7srHyjdj 8qnBj4NSBmlzFPSZcVXxEWX0Ttr7pgeZn9eYiTnRVWsW7fjM79FRXVoh+fXfl1z39gGj cQqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=w4ApknpJlIKVGjwBCbfOUsz1H2A+qLXVRErRKtmhbmY=; b=JBsZJKyIhQzdR/+aGFibZXvKeMAjdJRuEl7Npj6n0BnosvPn8wygy7nEMpzzH/mn38 DdBCZCx8b3yalgXQ77+bAFaRnpIbMogpGag0xozpULyg9ExXvsHEzzc7Tbzw7t0TRfro jQC6PuXvXLDKdygDVZSjmtc317BRfVFnF5L0vZVok4RE7Evj8ZstG5zEAx+sJCCXi6Os CS3uw/qVwhuKDwiKDIRPzWuYPTsJIrLeX1FQlkYHsLSQV4smpg4W/KVOV2zFqm9MHXeU Y11Hu/l97XNWvlECICo0H5vlac0e90/m0hVtQN3dU9+yQv1GOWhygydlGlD33ErlnlPU +PLA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V02EB04N; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b1si1686333pld.641.2018.01.10.04.11.52; Wed, 10 Jan 2018 04:11:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V02EB04N; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754567AbeAJMLw (ORCPT + 1 other); Wed, 10 Jan 2018 07:11:52 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:35086 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751352AbeAJMLv (ORCPT ); Wed, 10 Jan 2018 07:11:51 -0500 Received: by mail-wm0-f68.google.com with SMTP id r78so1361879wme.0 for ; Wed, 10 Jan 2018 04:11:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=w4ApknpJlIKVGjwBCbfOUsz1H2A+qLXVRErRKtmhbmY=; b=V02EB04NIqN36TX9chWZb0TmxIglg84aXaZQOn3LGEBfmgf4IKYC3i1axIWaZ8r1eG XGUtyQZckLnu7jFCxB6vdcDYsskNLf/pSlQraHn4M9XZAeDG2fBjasDnfpHTAhiq5Uo8 NFY4c16TYhX8m4UME3bjBnwbilIUCu/W4dVFs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=w4ApknpJlIKVGjwBCbfOUsz1H2A+qLXVRErRKtmhbmY=; b=gB0wf1N2etYofogk8UwLatxSih4Gx/4tulSIEs/MFfCYcHfZe3XMgfA/vM0NvIXV8P DMXvZDapGYUnvjLYn0oKH1hZ7N6sIAxOoae/d7bAvKMtvxOmDoUtJmEZpe8gorx2IuAZ oCadq17seWv2jtocl3QI0yqpfazKb8/hFRHhQNzeIIJav7JpiJNdd4g8VtPqKbbTaRj+ udETJyYDcd+8kZvkm2ABMUN36OIwWQrAdHYGEDF6MxTPwdmnVc7GfOGbNkm7WwnUnFSO Q1FU1vElkmlIHsruV3IiaBe4cYp2ERFonluENfNmn0GFVPqLDic0yTSaYVRilfr8BSAf 5KYA== X-Gm-Message-State: AKGB3mIonkyCPomzRCOao3COroUNvHdINSdVQsiUTD23KX0GpmHnFmC6 jtOSBi9ax9pLGsz0cDH9uAIEcw== X-Received: by 10.28.10.70 with SMTP id 67mr14215917wmk.12.1515586310007; Wed, 10 Jan 2018 04:11:50 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.11.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:11:49 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 0/7] arm64: move literal data into .rodata section Date: Wed, 10 Jan 2018 12:11:35 +0000 Message-Id: <20180110121142.18291-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Prevent inadvertently creating speculative gadgets by moving literal data into the .rodata section. Patch #1 enables this for C code, by reverting a change that disables the GCC feature implementing this. Note that this conflicts with the mitigation of erratum #843419 for Cortex-A53. Patch #2 - #7 update the crypto asm code to move sboxes and round constant tables (which may or may not be hiding 'interesting' opcodes) from .text to .rodata Ard Biesheuvel (7): arm64: kernel: avoid executable literal pools arm64/crypto: aes-cipher: move S-box to .rodata section arm64/crypto: aes-neon: move literal data to .rodata section arm64/crypto: crc32: move literal data to .rodata section arm64/crypto: crct10dif: move literal data to .rodata section arm64/crypto: sha2-ce: move the round constant table to .rodata section arm64/crypto: sha1-ce: get rid of literal pool arch/arm64/Makefile | 4 ++-- arch/arm64/crypto/aes-cipher-core.S | 19 ++++++++++--------- arch/arm64/crypto/aes-neon.S | 8 ++++---- arch/arm64/crypto/crc32-ce-core.S | 7 ++++--- arch/arm64/crypto/crct10dif-ce-core.S | 17 +++++++++-------- arch/arm64/crypto/sha1-ce-core.S | 20 +++++++++----------- arch/arm64/crypto/sha2-ce-core.S | 4 +++- 7 files changed, 41 insertions(+), 38 deletions(-) -- 2.11.0