From patchwork Wed Jan 10 12:11:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124074 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5199050qgn; Wed, 10 Jan 2018 04:14:02 -0800 (PST) X-Google-Smtp-Source: ACJfBovzhDcJSlbn7OtRC1O0Y8+9Qsl3+LQt4n3ulav1y32cVw8VM5fvZXMZgJ/VKcYWwCqpMpxn X-Received: by 10.101.75.81 with SMTP id k17mr14407416pgt.301.1515586442736; Wed, 10 Jan 2018 04:14:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586442; cv=none; d=google.com; s=arc-20160816; b=MJN/wV0l50OHfoMKJ/tXt8sS/gOSMru2slKzZhKGepPoATL5lStIcqOeAzlnsQRKxF tl2GXJjU91VmAUOyr591ZxsA8tBdtRsUSeuzob0T2lshXP8N3OdqF+yqms0jr0MARvNG z/KhH18KmcatEqwXaSKtZc14r0wxNEM9hiwG5qYw69tj7qFpyeqTKfVJoSWinOEdCyZB eQcrwgdNeOeNeJCtpBv0Blz12gPyJ3xMk45jNSfeIZKEXbBRUMjIEKD+qY3M8DyZ6ix/ 2hb744UHPRR3mf6ajeVngRft0SejAC4YIGH7ZAoSIqcVdKSkzXSpAJrXuZZUzJjsKaoR mztA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=i/kNCMf9IwZEH9RcambEaZtO5fzWD0+sbiw50dYegqh/psk/QqBQgvZh2todSD9QhR +w9vq8gSYC8jNpvKk/qWWnXtEHolpeU60T3CWHQ+NYefdT3PzdRYmlMvACE/YRftRhJ1 aSAwa7jwV4M8m8Q28zqoOvCGZ06MgbQP1SQGD4MGk7yLOgEECUXy3R9tEQB5VsCqSw7x PHFNqZVbQRHE/G2yI86qTorTWY4TyZyLYx0uHK0ficT+66dOownVvQsEcvbRQaHm3cRq XiweBjksj8idNDMiap20M6wEpYT2+KLgU3Hkr2H49CDRFjZ8zPWwN7WiMD7kYUPmQvS7 nAMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXctxzlL; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si6107564pln.324.2018.01.10.04.14.02; Wed, 10 Jan 2018 04:14:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXctxzlL; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964994AbeAJMOA (ORCPT + 1 other); Wed, 10 Jan 2018 07:14:00 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:45855 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965018AbeAJMNt (ORCPT ); Wed, 10 Jan 2018 07:13:49 -0500 Received: by mail-wm0-f67.google.com with SMTP id i186so10102400wmi.4 for ; Wed, 10 Jan 2018 04:13:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=GXctxzlLBzBNSTTRtJ9Fudkv7MGu711gMxc7+aLrBkuEuUHsbUTKB7o+lR+nrKNopG tAMjz+1+bx/yfB/HzCkIyPytQ5AkEeLbSdGF9AHH06gv0EW99+k8lXn6oesTmjRPnFXc 9uiFz6Llbd7bzHqiv8srNZu35ao+UMMGiXtwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=TVD5FjQ3HfEvDV6hwsRl2OYgmaMyw2KfEz+CFtFiqx2b/Rc4HAZp9seFuuSJ3jDHDc 4dbmAbbOmgwQBwaELQzml+2waKw8IcAxwCYY9QDzkpSzjXByR/YPd5UDWTUVCFlCfx7D eAdyBB3GyNWPClTS61OZT2bMW4J7lwN35zSvcQBwcij5vuT2XHLSDd1LmsD9+CQ3/qQz DB05ebQ4q8bmd059B5M+Jz6j5MYmO8qSTr3luqkYS6/wl+/kqXHfYwNLAY7YEYt4MgTd 1k9x3hrxlDzaHWzqWraMuoq61TYspAj2dKeX8NwdxscFg+s48tYwFl4U+XXfSI8sDGiF I7HQ== X-Gm-Message-State: AKGB3mLEL16xRXLZSglUuvgMNbyfs0b/L4WsXE+vhcy4wCQjh7KRYluU dZDDid8iAhwNlezNj9qSiLqSaw== X-Received: by 10.28.131.17 with SMTP id f17mr14332838wmd.139.1515586427861; Wed, 10 Jan 2018 04:13:47 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:47 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 7/7] arm64/crypto: sha1-ce: get rid of literal pool Date: Wed, 10 Jan 2018 12:11:42 +0000 Message-Id: <20180110121142.18291-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Load the four SHA-1 round constants using immediates rather than literal pool entries, to avoid having executable data that may be exploitable under speculation attacks. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/sha1-ce-core.S | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S index 8550408735a0..46049850727d 100644 --- a/arch/arm64/crypto/sha1-ce-core.S +++ b/arch/arm64/crypto/sha1-ce-core.S @@ -58,12 +58,11 @@ sha1su1 v\s0\().4s, v\s3\().4s .endm - /* - * The SHA1 round constants - */ - .align 4 -.Lsha1_rcon: - .word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 + .macro loadrc, k, val, tmp + movz \tmp, :abs_g0_nc:\val + movk \tmp, :abs_g1:\val + dup \k, \tmp + .endm /* * void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src, @@ -71,11 +70,10 @@ */ ENTRY(sha1_ce_transform) /* load round constants */ - adr x6, .Lsha1_rcon - ld1r {k0.4s}, [x6], #4 - ld1r {k1.4s}, [x6], #4 - ld1r {k2.4s}, [x6], #4 - ld1r {k3.4s}, [x6] + loadrc k0.4s, 0x5a827999, w6 + loadrc k1.4s, 0x6ed9eba1, w6 + loadrc k2.4s, 0x8f1bbcdc, w6 + loadrc k3.4s, 0xca62c1d6, w6 /* load state */ ld1 {dgav.4s}, [x0]