From patchwork Wed Jan 10 12:11:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124070 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5196941qgn; Wed, 10 Jan 2018 04:11:55 -0800 (PST) X-Google-Smtp-Source: ACJfBosQJ2K3RSxW9UcxM3pui6w6hRSUkJjElNLd7C/IC0oImHUOhTfokssioyEJ88WfpNUmTY2y X-Received: by 10.159.197.6 with SMTP id bj6mr2951573plb.87.1515586315254; Wed, 10 Jan 2018 04:11:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586315; cv=none; d=google.com; s=arc-20160816; b=m9qEDCLVZDBfTmhJsFPD3p+NDNiaz5chxDR0MwU2Fm0OapqBzADXqBGFruy0IGihH0 wu9V2G3nvBrCjma2czEseiLK2zI2racYAd4yGS5LBk/PoyVwK71FKxGv0bINEDOI7UEL mxpS9Qa5itcvoQPBf+goA1DRQ6ucM3IFOfYX82aFcmj5Y/WfdRDjEfpLpKAADQeB0Ke0 jFy6OeQPm3XB3Aw/TLFtwEyUbwwcsWn7KUOpuQ73+q2nRf0T1vwKuFLZUzediMD0gtSh sMNj+FzpeW5YlVZX3BXyIT0FA0rTBAsrlmeIq/MaPxIz9nH3J/nib06OA72P+yCAYR7o uvSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=E/JeRA4QOkB76REI+wPeUYjKvlZjSYuiNwE2EV8O9NImK7LRAPNguW/XvF6a6m9sL1 AI7/xOeKABmKoHEs20s8TN/FA0Fb7a16ddzEpGYszXfq7oxJHzvyap5YVdvcAN6MtkjC DdV32sXP2PSNulOwWKFWg83am6hA9M1UOZXIwiuEw/9uPWPOkRaEu2Xpvfk612hSu6QI 3XCDpf10XuRAWDIXOR5d7ckG+kufINM4xn4FJICwrO8AFISH0xwLvCP2jTm0gh3kpzj6 1DxML4xO7gr5KLLj+OlIXBDUygmN4B8hEaqrZ+tb33atf97rWplZSm1UEgqr1SmAGg4j 7exA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=G+HBkFQ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b1si1686333pld.641.2018.01.10.04.11.55; Wed, 10 Jan 2018 04:11:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=G+HBkFQ2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754585AbeAJMLy (ORCPT + 1 other); Wed, 10 Jan 2018 07:11:54 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:35092 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751352AbeAJMLx (ORCPT ); Wed, 10 Jan 2018 07:11:53 -0500 Received: by mail-wm0-f67.google.com with SMTP id r78so1362071wme.0 for ; Wed, 10 Jan 2018 04:11:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=G+HBkFQ2B8iH+11SyMAASYTWNxR/rUer+mnC9Ryk/esRfIJd3WotPVRBBkGCldy6RT mFoXNLdB3rnii/XCN2EeQhcB0vZUHK9c4sW4zb5+l0L9fn7mSI3bN51q3BGDmseQWiKr bd6yirDvVAv5zp/21CzlM3F8COZ4/6d9qOqTk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2ilW7WNjraUY/HnEDEKZ/4rPlXyuM8aTkU4t7xgVeTw=; b=miOV7GGbPgGZWpOr7h+ewgT8eMtAzgwu4Zv1RGkH9q9BpfZxQmOG6tocIji06fMR9I wnbtvixRZfNDBt3fXR1LX6div9BR2LuvI9CGyqVZ89NVtbp7An9/zyLTuz7Y1T0KlbHy 3/cPuE9rmp7Sm3BmqUbidopG+h+jlE0WzLTMkslxnUD9E11n937Mp30xw9n1Tl+itsS6 EkR43aVI8gsaI6T8awHuyyVF22ICUs6hzIhoP+C+sOQ35tOJCCHDhmgey9aURon49+GZ wDiU1yVGclYxu/ykEOOZnyClas7KHr0rjwsF+QUKudNxnMSrBs1pKVTP407fJNk9ze5b 0oow== X-Gm-Message-State: AKGB3mIbfYS0FuPQ3P0+tvCITmUttlXR826njQc47IxOSI5eWFg8LNl0 iViGTuu09CF9fMvQ9+dJmOPgOw== X-Received: by 10.28.91.142 with SMTP id p136mr14207945wmb.55.1515586312352; Wed, 10 Jan 2018 04:11:52 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.11.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:11:51 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 1/7] arm64: kernel: avoid executable literal pools Date: Wed, 10 Jan 2018 12:11:36 +0000 Message-Id: <20180110121142.18291-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Recent versions of GCC will emit literals into a separate .rodata section rather than interspersed with the instruction stream. We disabled this in commit 67dfa1751ce71 ("arm64: errata: Add -mpc-relative-literal-loads to build flags"), because it uses adrp/add pairs to reference these literals even when building with -mcmodel=large, which breaks module loading when we have the mitigation for Cortex-A53 erratum #843419 enabled. However, due to the recent discoveries regarding speculative execution, we should avoid putting data into executable sections, to prevent creating speculative gadgets inadvertently. So set -mpc-relative-literal-loads only for modules, and only if the A53 erratum is enabled. Signed-off-by: Ard Biesheuvel --- arch/arm64/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index b481b4a7c011..bd7cb205e28a 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -26,7 +26,8 @@ ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) ifeq ($(call ld-option, --fix-cortex-a53-843419),) $(warning ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum) else -LDFLAGS_vmlinux += --fix-cortex-a53-843419 +LDFLAGS_vmlinux += --fix-cortex-a53-843419 +KBUILD_CFLAGS_MODULE += $(call cc-option, -mpc-relative-literal-loads) endif endif @@ -51,7 +52,6 @@ endif KBUILD_CFLAGS += -mgeneral-regs-only $(lseinstr) $(brokengasinst) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -KBUILD_CFLAGS += $(call cc-option, -mpc-relative-literal-loads) KBUILD_AFLAGS += $(lseinstr) $(brokengasinst) KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) From patchwork Wed Jan 10 12:11:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124071 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5198714qgn; Wed, 10 Jan 2018 04:13:41 -0800 (PST) X-Google-Smtp-Source: ACJfBouMzbrvShvRwCXpLxj+p46nA3ip4++ZrX2Fh7URHlZnkKOd2CzKx/Y5CIYjMSfAG4x7u0+L X-Received: by 10.99.44.14 with SMTP id s14mr14867000pgs.452.1515586421266; Wed, 10 Jan 2018 04:13:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586421; cv=none; d=google.com; s=arc-20160816; b=ykdvjdLzG+LeKVuXxtIXSQhmavZJhxmoFmlNVPPqEQoOw9Lj698dwC3mD1Sfl4wZ7g z/8CmPpN5YaFKF/CX5D9R66VlfIb+xnlIpDOl+rmSVRu6FnWURv8fpMKf351tOPWWmdv qJTAhD2KBTGa6nJL8ASfcIyT8wkR3kRYYRMT81I/AcHluRlZ2+ecmJsPfVfO1sJfvHgu YaVxcPYsuU0ad2xAbN5qeO3+6TlgJwY6bTekc2GxCf5lS/Xp3RX5E/dV+qUyah90Vm5K zOqMRS7RAo0AKA+YkeuZ6/eYgztZEuR5b6yufG7Y+gDKfkFt41o/OgpgPaxhyZpOC4SD PPgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=Rd0si03cU9e5Wu9uXlrgeIlIuqe4OiBRHZ5+UPx32H8U2GcqDHyuDqM4U+VgeYVFSV ARxN3CcTPJS8RfeVm47Y+wy+xxdkGVH66dqmDbLVOMdOOAaA2s8dKf0Go+TZoPr4Recf lTwuo54daFXb0RW1Pcmtz1Cm1IRvr/1IMnJM87brMaqPGNfK25MK6VjfBYhR+FVc7GZr 56SS5IFSwgX0yiz8Yc6E9k234RGU4gOsg9c+zflq3DRFHgYtY9D27S7/fppBylGZ6ykO ejAujphsWtN08hOfFPVV9nOy6TBas2V90eZywNN+lv0jrxd/ZjV8mcNCWESnG+87zCNn g69A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GWihTtR/; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v15si5570618plk.832.2018.01.10.04.13.41; Wed, 10 Jan 2018 04:13:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GWihTtR/; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754986AbeAJMNi (ORCPT + 1 other); Wed, 10 Jan 2018 07:13:38 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:42434 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754968AbeAJMNg (ORCPT ); Wed, 10 Jan 2018 07:13:36 -0500 Received: by mail-wm0-f68.google.com with SMTP id b141so26552357wme.1 for ; Wed, 10 Jan 2018 04:13:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=GWihTtR/e6GcvyqB7EgBuRPyyJZg2w/b9f3mYMlJXBeMBad5AEPIMNq7i35hSuce6d Ah9zfDtwaKl7rTypPlSeLrpSvlzZ8aoFcbhDRRJO8dtnQzagLUTUkjHA+MqG+cJOtb2N tRJtz4Mpu/keRWeDHKNxJpjcX38GkO9plJpbA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=mFUk+RjlgSF9ntfLmtsUqGopz3KizhgQxUymPzbnyjMsJzOtrlCyDn2ELY6tC7g7V9 UuLfG3ITF/8Iq0hOLPQcF33j8fLWE0qkXMpDnYU3bPlnL5SAU4J+1bmCVIFvhkXNgz7+ 2bDNzgAEW5w625oDSTObH2/97TqjuuBY2uW+yEgUSTwGF6zFnG+5CBhagLinLJ9UPEyv anQPPH8bqirQAwu6mW3wzH6QtLAthKXKPQfu0BxSeXBzyZ5E7SES0N5a/tWNLhN+Pcao OBlG2kkCtR8rpeN7ne1N+5Nw+l9DUmxKTtxgETcLtgv+G1A+SM5AVzjToaBY5UXwOE4r 06+g== X-Gm-Message-State: AKGB3mJ3oqvqJ3KhQ1fS3GjobYoKu5rU+rXrVpkG4GhPuE54zgKlJDUc GUloBLwrJVW4WFE34yPIz86Sfg== X-Received: by 10.28.206.142 with SMTP id e136mr14228051wmg.45.1515586415658; Wed, 10 Jan 2018 04:13:35 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.11.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:34 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 2/7] arm64/crypto: aes-cipher: move S-box to .rodata section Date: Wed, 10 Jan 2018 12:11:37 +0000 Message-Id: <20180110121142.18291-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move the AES inverse S-box to the .rodata section where it is safe from abuse by speculation. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-cipher-core.S | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/aes-cipher-core.S b/arch/arm64/crypto/aes-cipher-core.S index 6d2445d603cc..3a44eada2347 100644 --- a/arch/arm64/crypto/aes-cipher-core.S +++ b/arch/arm64/crypto/aes-cipher-core.S @@ -125,6 +125,16 @@ CPU_BE( rev w7, w7 ) ret .endm +ENTRY(__aes_arm64_encrypt) + do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 +ENDPROC(__aes_arm64_encrypt) + + .align 5 +ENTRY(__aes_arm64_decrypt) + do_crypt iround, crypto_it_tab, __aes_arm64_inverse_sbox, 0 +ENDPROC(__aes_arm64_decrypt) + + .section ".rodata", "a" .align L1_CACHE_SHIFT .type __aes_arm64_inverse_sbox, %object __aes_arm64_inverse_sbox: @@ -161,12 +171,3 @@ __aes_arm64_inverse_sbox: .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d .size __aes_arm64_inverse_sbox, . - __aes_arm64_inverse_sbox - -ENTRY(__aes_arm64_encrypt) - do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 -ENDPROC(__aes_arm64_encrypt) - - .align 5 -ENTRY(__aes_arm64_decrypt) - do_crypt iround, crypto_it_tab, __aes_arm64_inverse_sbox, 0 -ENDPROC(__aes_arm64_decrypt) From patchwork Wed Jan 10 12:11:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124076 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5199307qgn; Wed, 10 Jan 2018 04:14:17 -0800 (PST) X-Google-Smtp-Source: ACJfBosnZI5lIuGnoqfOUDngybUdOXb69ueVzFvmL0EMKdrVVPKoMbyzMDQc4zLlnJD4isP6964H X-Received: by 10.101.90.129 with SMTP id c1mr15057772pgt.209.1515586457532; Wed, 10 Jan 2018 04:14:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586457; cv=none; d=google.com; s=arc-20160816; b=Gd1LVXq0YIBdNYjl0XSnmB1gM3V37bt+/XV6tNL9B0SG+YUMEFJx3K9TfjTynu8NnC TWHZF37aIqnYOnd2kbCZd/2mmanR3OR6DbXL9A+WumqEiVAZgShzvmH4525H3RC5A5GU rOoxTPFrOdJvkqcd3hMzjRIUixPobSBq+ABf4xtz7kFEt0bTEWKfW1d3oXeETXZs5eYA aw9UqA7S8nVohbRGK/iLRYZXnyTHB1Xjlu7Rwmq5nzqusuhTYM6aLfZbqKstGelfDlan 8TdsKVYtWaVoXnRV0UXPSnZygFEo7EcU0XpdTHyaKMR8svnvguhl6UmASSMqCK57Q3kF ufVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=L6hh2zUbxFH9E4x38JcNUHoFDnHjFEBUuttnSmIZZ98=; b=VcXhDcqDotzGn19u5s+GrrfRDUiDYIYDY7V/0i38Yp13s+/7frFq2rtC87GF72OxHF 841YKQYYbahDKfFGrJMFBVpoT+hKltm2NEQTcF1bAodwYhziAwZHrtkWw5HYPB1Cl8UG RntLTgXpcYcXXAytBTpsonw7zYqyhRoddXqsq9I3NOE8MGD5fVp1SOViNfbWnXDsafBD 3Q6FVJ5+dxaKCLbYXYhzRebdXE8D1o82pJo7yDhNs2WmDPXHtFgzZRYtJtyYHvYuRxfI va6IhJm4CiFRB405sQQ965c6qOF8qHLCaWGuZDszb0sSitdk43pSnDTp79Miul5uwMMT MtsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CZ2Ha6El; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si6107564pln.324.2018.01.10.04.14.17; Wed, 10 Jan 2018 04:14:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CZ2Ha6El; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964968AbeAJMOO (ORCPT + 1 other); Wed, 10 Jan 2018 07:14:14 -0500 Received: from mail-wm0-f65.google.com ([74.125.82.65]:43015 "EHLO mail-wm0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754968AbeAJMNj (ORCPT ); Wed, 10 Jan 2018 07:13:39 -0500 Received: by mail-wm0-f65.google.com with SMTP id g1so8591355wmg.2 for ; Wed, 10 Jan 2018 04:13:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=L6hh2zUbxFH9E4x38JcNUHoFDnHjFEBUuttnSmIZZ98=; b=CZ2Ha6El0ubLi2nTeVMFVq3CIvOobsZyRpZsBPy4VeWxNlq1wmvLPQfUez8f9JNdM2 /OutBoUZxPJ30JELWyL8A1c3pplCzdhLN06dOvWYVzh9OnPhNWvkGGIRx6RqhvMLF8z1 wT1fZyF+Ru0oqcljqbRmIR1aJIi+80+R0D4TQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=L6hh2zUbxFH9E4x38JcNUHoFDnHjFEBUuttnSmIZZ98=; b=j4KSC9CQVy5igxlmxg/VAnco4bFHkmUk+7CjySTRuVl/SqQTaYxc37ZCKlTINtoIca MjRoBmqoUXfE145wWsO6bxNAPT/8N49JMqX0ZMoZxM/ia8zTNMjwMrm5UhDlq0Li2SH8 l03sZ24Q0uT3l10jUE+QFJXDySCaFSNRNlvcd1g92TwVo4baNyG++RkY/SQIg2Q9nCst mD5ZvHwtq8vLyu2Tqt06ECbjJYIkLpq4fHzOSNm1SY7CcFKoPYanWx8FozqF9EgI+HB9 P+USbmWTHE1BVgMOdF3E6Hw/AxrECOQfVvdRY3UtdhP1cBixtNp4xKpECvZ3Mz1UBLkm APZg== X-Gm-Message-State: AKGB3mJONsn/rNzKQgBOyHHLwS7EJC4Wx/2PTU71ZNDQGoSEKwWpDLma K87mj8mE2q8lTASdEjLOdH4HvQ== X-Received: by 10.28.234.10 with SMTP id i10mr14474863wmh.49.1515586418385; Wed, 10 Jan 2018 04:13:38 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:37 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 3/7] arm64/crypto: aes-neon: move literal data to .rodata section Date: Wed, 10 Jan 2018 12:11:38 +0000 Message-Id: <20180110121142.18291-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move the S-boxes and some other literals to the .rodata section where it is safe from being exploited by speculative execution. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-neon.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/aes-neon.S b/arch/arm64/crypto/aes-neon.S index f1e3aa2732f9..1c7b45b7268e 100644 --- a/arch/arm64/crypto/aes-neon.S +++ b/arch/arm64/crypto/aes-neon.S @@ -32,10 +32,10 @@ /* preload the entire Sbox */ .macro prepare, sbox, shiftrows, temp - adr \temp, \sbox movi v12.16b, #0x1b - ldr q13, \shiftrows - ldr q14, .Lror32by8 + ldr_l q13, \shiftrows, \temp + ldr_l q14, .Lror32by8, \temp + adr_l \temp, \sbox ld1 {v16.16b-v19.16b}, [\temp], #64 ld1 {v20.16b-v23.16b}, [\temp], #64 ld1 {v24.16b-v27.16b}, [\temp], #64 @@ -272,7 +272,7 @@ #include "aes-modes.S" - .text + .section ".rodata", "a" .align 6 .LForward_Sbox: .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 From patchwork Wed Jan 10 12:11:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124072 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5198790qgn; Wed, 10 Jan 2018 04:13:46 -0800 (PST) X-Google-Smtp-Source: ACJfBoumGGxyV9ifZngb0H/pAYNQX5QWHFZUqxjWu+5nngzoArWLsOISCwQCOF4NSwEruYR0zFy6 X-Received: by 10.98.149.21 with SMTP id p21mr7989206pfd.106.1515586426668; Wed, 10 Jan 2018 04:13:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586426; cv=none; d=google.com; s=arc-20160816; b=OLGNGTnVnx1buydWmo9bVMznJI2h3QTpRDVdvKgY2Kk6W2tgbB9QMu+/jg4LE80LoI vKZXBPKJOdCjLFy3Jc10rNvkvEueSUS2xGtoAvwOLwEoa3zoaZaIknPHHDhwNGf6L7sp Z3diveCrQTBogELXgU/dRikddACYNHX7TGBi5MVNVse0C3GW3a8qvBMH77YutaFRY41/ 763tSD9eN8cjF4aMUDvuDG25tMzHvqO6uw+7oTylVSmVbFHGFUbxF2RiQlhXhGL8ZgL6 hiQPetPx725rBawE7EY2O+CznTNSVbTKYJFIhytrRbwtUH9JuuEVcSuZTy5Lz0tXH2KL dPEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=jy6ao3pZDP9091Xn0CmB5jzF5yI6zZxoY/Ei+etDSXM=; b=WpU0ElUkbgjgfmwpvQ1879zBYz3ZRmThN0h4Nw9+2Q4ZQTbz06z5w2LAS5tt8zn2Ue IIC2Zv+6kmm39KNc2isCywvZvnqNxxlmkBtwRxFoNBGKr+tgExi6M2J6489CNVFulXsQ JN7XlBVxI9iiDtsxyadCO41H6Mmll6IvKroKF4l0Ma9ETr/a8VGDcxt9rx4S/oKKmP9N nhflu0p2emJokZ8pnrMB0Ng7ijzgQH5AnnvYU8M950mdz7LbhZPW+fqm1zsgiE1AVTDc YDBOQuDP2uuSodrafM1gULBQZEvbGTxR0eCwPSbvCL5yOtC4SZMRv7MebWy5Sg8TobA8 bYwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WachCkD4; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e5si1022882plb.319.2018.01.10.04.13.46; Wed, 10 Jan 2018 04:13:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WachCkD4; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964996AbeAJMNo (ORCPT + 1 other); Wed, 10 Jan 2018 07:13:44 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:46136 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964968AbeAJMNl (ORCPT ); Wed, 10 Jan 2018 07:13:41 -0500 Received: by mail-wm0-f68.google.com with SMTP id 143so1570643wma.5 for ; Wed, 10 Jan 2018 04:13:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jy6ao3pZDP9091Xn0CmB5jzF5yI6zZxoY/Ei+etDSXM=; b=WachCkD4Oh+qCVG7Mn9+8JuFWSyUtNB/g8p05FLvG4Pr9FxpEYNwNxXFzXXZLHNAgo L1Ggvfko0e6LT1ga4911r4tYoEwcHU/9Sm042GD3ObGb2+ht9RPMN/xW7S7NpIgpdkg2 bDtFY27/naenrG6MaRZ2s+aHcwMkwN9qmX29o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jy6ao3pZDP9091Xn0CmB5jzF5yI6zZxoY/Ei+etDSXM=; b=Eg1+QWdnSScLLty4o+3eRfh4a/jMkNlqs/wfp5C+l6vseAh6iF87SRF9RAqKu8kgy3 FzaGrt9GtfNrrIsCpR+q0SmMyzFJf5Q7YDpOrsPkHe3eYYLt4rgU2N7MPCFLLyFEXoiK WX2fc9g6t6rJwN6dtD1bByktUMDJLj+OPgSVPd0IEI+HE43VUAh4EeAQwbDBf7DeP1VM 0S1fzARU8VoanR5X+jjz39behoKX1HCaDAZOaM3vMMvYJwu+Mpj4dESfaCNNQQ4zDU79 40HtQByvPivYuHty9yP97eHTyd3BpZ42yx2qRMkrVEWJIS4Myf9a7gJwid/tu4P2+Dl3 8Dbw== X-Gm-Message-State: AKwxytd0c4NVov75hWcYyt2mFvHEjEU/bgzyswI6/K/zs4BpIwPe2mif 2639kh7GUdves/fvOp8a++l3vA== X-Received: by 10.28.1.210 with SMTP id 201mr836848wmb.120.1515586420577; Wed, 10 Jan 2018 04:13:40 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:39 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 4/7] arm64/crypto: crc32: move literal data to .rodata section Date: Wed, 10 Jan 2018 12:11:39 +0000 Message-Id: <20180110121142.18291-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move CRC32 literal data to the .rodata section where it is safe from being exploited by speculative execution. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/crc32-ce-core.S | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/crc32-ce-core.S b/arch/arm64/crypto/crc32-ce-core.S index 18f5a8442276..16ed3c7ebd37 100644 --- a/arch/arm64/crypto/crc32-ce-core.S +++ b/arch/arm64/crypto/crc32-ce-core.S @@ -50,7 +50,7 @@ #include #include - .text + .section ".rodata", "a" .align 6 .cpu generic+crypto+crc @@ -115,12 +115,13 @@ * uint crc32_pmull_le(unsigned char const *buffer, * size_t len, uint crc32) */ + .text ENTRY(crc32_pmull_le) - adr x3, .Lcrc32_constants + adr_l x3, .Lcrc32_constants b 0f ENTRY(crc32c_pmull_le) - adr x3, .Lcrc32c_constants + adr_l x3, .Lcrc32c_constants 0: bic LEN, LEN, #15 ld1 {v1.16b-v4.16b}, [BUF], #0x40 From patchwork Wed Jan 10 12:11:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124073 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5198863qgn; Wed, 10 Jan 2018 04:13:51 -0800 (PST) X-Google-Smtp-Source: ACJfBotrxbZMQn1GzG9PH+JsB9gVmprj5ZOUUFoupJJqu20LzZB8M0878KyHTGWX8POVKrHQGu+N X-Received: by 10.98.17.193 with SMTP id 62mr12152073pfr.126.1515586431591; Wed, 10 Jan 2018 04:13:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586431; cv=none; d=google.com; s=arc-20160816; b=yz6ncDfDZ8GNtpvkLSgyW1OwzYgaMFxNZ36a+rScNjV6AALGMxKMIeqOY38P7mYXnt SxIHLffNByZvXmILd9PQIAej71fBSObGoGqc81Z9o7oXf2tuzhS49+L2yPjglPtAFviS yDKk2LwBBousQNgg6HLWH3GuTUns1C3lVZlAlUGI+lU0vdjW+79da/DsgAuVKSAf4DlS Q8oce2aMWSsl9Fq5uPgr5teaFPq2zGKFmPhBBH20UBB+OPkxsZk7nZ8+7+aTCHRmfp8z f5NlEJmLaykDWrZsCsmbNWcbkJKC6bm4T+5T9U0dUI/eVAd4d1HH/zSVakx+dIo4ly+5 7cPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=MWshLiWOGX3MjVxfW8vB3hWxNhyu9hQSwShk2STc6A4=; b=eZONbaRzFx+MvVjAKI4gYOSZEcwIkQeBRk9tWRoYar3bYYQC5Kpf7wlcOXeq5k5EhG yvMUvRFvc/wDrmr9SkdgSQ90o+v8aoLMj1Olpte7E0tXLUb7GMH3WiwTqoyMsFfXYu/3 FJ7SwLKpcHRladVMzM9AkgdWhP53rY0I+uKcP2cEdHEBiKZh5QY5Zlp4uvfnz++oVGVx levF5WKSm3+J9Y+UJD/gH2BuIUEkucTcuMGyr2ZqXJQOlvy4v/dIQl8G6x8gDRIRmvws kS5uF/ArfHPS1Pcq/f4LIFz4L1h07JyqLKXRXbDXKO6A3AykqRA0FetOKWYD9ybn/54Z VdCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=icXe9DiW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e5si1022882plb.319.2018.01.10.04.13.51; Wed, 10 Jan 2018 04:13:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=icXe9DiW; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965013AbeAJMNr (ORCPT + 1 other); Wed, 10 Jan 2018 07:13:47 -0500 Received: from mail-wr0-f196.google.com ([209.85.128.196]:36333 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964973AbeAJMNo (ORCPT ); Wed, 10 Jan 2018 07:13:44 -0500 Received: by mail-wr0-f196.google.com with SMTP id d9so1830589wre.3 for ; Wed, 10 Jan 2018 04:13:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MWshLiWOGX3MjVxfW8vB3hWxNhyu9hQSwShk2STc6A4=; b=icXe9DiWYq2UmPXLyoqiEyon04aUjz7jqEyE18IL/MnzBPdsVg/5vic7EmBNS8MgIh kkZMEH9Za4f/ToQWWoWWNuDrE4K2JJMminMEFwRXosYon7OqLervmbEO8xTLEQVPHO5M CiWKsEAm6d68WhxCE8Hs1L6sn26cFOR1UG4b8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MWshLiWOGX3MjVxfW8vB3hWxNhyu9hQSwShk2STc6A4=; b=AcCcwZHOrlmmAHeplyTrfvD5Vu9SK00+pbXZMYbn7FVjam+OkqnORb8wNHpwOqhmjW TuGbsALIL9zvx2wLLsaiyRUEJbynG8Qgn1DC9KyUUiepuhkdV/5xjH0s+SGQ+8xNajQS RKyDhc2FEUAIcz/r3r1ZCGrf9SfuxNsGIxdYIqgYgNoSE1n0kMQSII4WUOc4b4+SPqN1 w/FWjw6azZaxBoG+ZWJe5sQYTJAAjVGYf14z3m1HSMU43E6p1UjGea7pr/19UkPLZhIz C3iQYSZNnV/yjYCSsv6RvgsEtNWOErdcUFYFkaVNaKtY8kyHWC/qR2XeKnLrnvxvIbcN 9jLQ== X-Gm-Message-State: AKGB3mIqPhlqM0Nqoc67e8u0fJjQ5PoKZCG6hpR2bZ4wIQA+pAIcN1Q/ dsEG0IlSNLUP5k7lrihMiXIbQg== X-Received: by 10.223.155.131 with SMTP id d3mr16076933wrc.134.1515586422838; Wed, 10 Jan 2018 04:13:42 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:42 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 5/7] arm64/crypto: crct10dif: move literal data to .rodata section Date: Wed, 10 Jan 2018 12:11:40 +0000 Message-Id: <20180110121142.18291-6-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move the CRC-T10DIF literal data to the .rodata section where it is safe from being exploited by speculative execution. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/crct10dif-ce-core.S | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/crct10dif-ce-core.S b/arch/arm64/crypto/crct10dif-ce-core.S index d5b5a8c038c8..f179c01bd55c 100644 --- a/arch/arm64/crypto/crct10dif-ce-core.S +++ b/arch/arm64/crypto/crct10dif-ce-core.S @@ -128,7 +128,7 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) // XOR the initial_crc value eor v0.16b, v0.16b, v10.16b - ldr q10, rk3 // xmm10 has rk3 and rk4 + ldr_l q10, rk3, x8 // xmm10 has rk3 and rk4 // type of pmull instruction // will determine which constant to use @@ -184,13 +184,13 @@ CPU_LE( ext v12.16b, v12.16b, v12.16b, #8 ) // fold the 8 vector registers to 1 vector register with different // constants - ldr q10, rk9 + ldr_l q10, rk9, x8 .macro fold16, reg, rk pmull v8.1q, \reg\().1d, v10.1d pmull2 \reg\().1q, \reg\().2d, v10.2d .ifnb \rk - ldr q10, \rk + ldr_l q10, \rk, x8 .endif eor v7.16b, v7.16b, v8.16b eor v7.16b, v7.16b, \reg\().16b @@ -251,7 +251,7 @@ CPU_LE( ext v1.16b, v1.16b, v1.16b, #8 ) // get rid of the extra data that was loaded before // load the shift constant - adr x4, tbl_shf_table + 16 + adr_l x4, tbl_shf_table + 16 sub x4, x4, arg3 ld1 {v0.16b}, [x4] @@ -275,7 +275,7 @@ CPU_LE( ext v1.16b, v1.16b, v1.16b, #8 ) _128_done: // compute crc of a 128-bit value - ldr q10, rk5 // rk5 and rk6 in xmm10 + ldr_l q10, rk5, x8 // rk5 and rk6 in xmm10 // 64b fold ext v0.16b, vzr.16b, v7.16b, #8 @@ -291,7 +291,7 @@ _128_done: // barrett reduction _barrett: - ldr q10, rk7 + ldr_l q10, rk7, x8 mov v0.d[0], v7.d[1] pmull v0.1q, v0.1d, v10.1d @@ -321,7 +321,7 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) b.eq _128_done // exactly 16 left b.lt _less_than_16_left - ldr q10, rk1 // rk1 and rk2 in xmm10 + ldr_l q10, rk1, x8 // rk1 and rk2 in xmm10 // update the counter. subtract 32 instead of 16 to save one // instruction from the loop @@ -333,7 +333,7 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) _less_than_16_left: // shl r9, 4 - adr x0, tbl_shf_table + 16 + adr_l x0, tbl_shf_table + 16 sub x0, x0, arg3 ld1 {v0.16b}, [x0] movi v9.16b, #0x80 @@ -345,6 +345,7 @@ ENDPROC(crc_t10dif_pmull) // precomputed constants // these constants are precomputed from the poly: // 0x8bb70000 (0x8bb7 scaled to 32 bits) + .section ".rodata", "a" .align 4 // Q = 0x18BB70000 // rk1 = 2^(32*3) mod Q << 32 From patchwork Wed Jan 10 12:11:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124075 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5199168qgn; Wed, 10 Jan 2018 04:14:09 -0800 (PST) X-Google-Smtp-Source: ACJfBosezVRKOABAgc3vgAcuFRgInBty6dZNEdV/FIhLDhA6S/vBjpp8pTSMXEdr8GNrFRKBDt3B X-Received: by 10.99.61.143 with SMTP id k137mr15543784pga.315.1515586449690; Wed, 10 Jan 2018 04:14:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586449; cv=none; d=google.com; s=arc-20160816; b=WLORwe9Sbqb+pMriKJuSZQL617zqFbUjr+uULG2ctUWYWdjlROmSLht29FpALdAjmB 1ZIKdhRbDkK3SYSr8kI8PzfSGOvpbUxz7Nj1pEGdHF63w6k6jtO22XFkz3WTwcBUKXmE hOB9jlyoYpyeP85R/zxmWfE9Dfc/dEH09zYGimd/9AxAZweKS/oPN1MTZlTRq83QRAMM lVv+vpimx34xx5f+m/ZNtGkjzKtoZ1nq0fw2HD+jfVVc5oS1dxLGF8nRLudMtiMxfCY9 Vwi40mxPqNcORDDdRrux0HUK/4b3ceoABytzSLOOhY9lrYttl4958fJRj7FhsxvIX1Nu oF3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=UzDHmVA88kHIPG5d2XbNNkTfVigQpoljbpXIvfJnwoo=; b=EFXTuPyEpqMXUVJZ3FgXwAvYkCRkPkoBUsiypc2JCtt1QNQCe2F407u+YT24dxrnEp iVxS/mxsd+PfZ7pCghroBRR7Zvo9UdcRV3YGByvMNlMqbfccIz6COYQUAMlMso6rCRfh UzK9tXI3QVekelmz2GcCk96l0pkNHgY/UG59zpsBu3ru4qSdAbA6l862ncaNRK11Hl70 CYhuK/gEROgeMdk3nqhTHlg5sUDxICB9FIcSGqHkbOMOrsEy1uIY4CqhaLC49CfRH97K FKPoZOrzk3ewem3ZI5mFWEzpHgzwrSbiBLXm/PfGUPvs7PsC6L1BVfVFmdBZwNVDGtgj Rd0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g9x6ZuM2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si6107564pln.324.2018.01.10.04.14.09; Wed, 10 Jan 2018 04:14:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=g9x6ZuM2; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751884AbeAJMOI (ORCPT + 1 other); Wed, 10 Jan 2018 07:14:08 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:45848 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964968AbeAJMNq (ORCPT ); Wed, 10 Jan 2018 07:13:46 -0500 Received: by mail-wm0-f68.google.com with SMTP id i186so10102158wmi.4 for ; Wed, 10 Jan 2018 04:13:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UzDHmVA88kHIPG5d2XbNNkTfVigQpoljbpXIvfJnwoo=; b=g9x6ZuM2MIzoYxHOHcfBJWAMxtLGHXptEzORYztgUYgmLEgUIYMCCeQny7OQA+dUAr zC8CSgMA2tzMuEDvWdGVpgDpn/PkwMaZTJOtEL3pB/iQBWUBYK/holKvL/CtyQkyVMVi JoB5pYGsL9ZltUzDUaIEbGoEGmr226s0xiEQQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UzDHmVA88kHIPG5d2XbNNkTfVigQpoljbpXIvfJnwoo=; b=NRk26cQsDNMJeZYv8fxSTClEXF79OW8KybnQPBk4je03xUIWEY7Ck/doB+A9NGf+Kf 7/pzORqWAmO/2qeP9/GbgDdSoDystHpadWOLQIOlLh81qh3byb2ZF6gtwHg62SN0wZ6a KnR1TtVg3jwi4U6PjLj3g6dwg1qGYcMfv/cJsM1UkpMvSTeEQcDilaz/Z12daMYDpc4t UcQN5daN5gabWu5QNcCyGCNikWm2BPzQCB/G9lj5RxfL2BSxLwklLl/PuvYfYwBXGLai 9JsCIViybcRpeo48BpK4seIMarKFLqYcySs05c3JdQMxqwLzTgybB2LXvTB4APdt+1u5 cF8A== X-Gm-Message-State: AKGB3mJjFlZ1tKQq7k9oBmHlZVbVkXJhZhU76JN315ULNxH9SLgyyU+c AzORdGgIiBRG/2kHWbIK8aoHUA== X-Received: by 10.28.12.2 with SMTP id 2mr14854862wmm.43.1515586425133; Wed, 10 Jan 2018 04:13:45 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:44 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 6/7] arm64/crypto: sha2-ce: move the round constant table to .rodata section Date: Wed, 10 Jan 2018 12:11:41 +0000 Message-Id: <20180110121142.18291-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move the SHA2 round constant table to the .rodata section where it is safe from being exploited by speculative execution. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/sha2-ce-core.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/crypto/sha2-ce-core.S b/arch/arm64/crypto/sha2-ce-core.S index 679c6c002f4f..4c3c89b812ce 100644 --- a/arch/arm64/crypto/sha2-ce-core.S +++ b/arch/arm64/crypto/sha2-ce-core.S @@ -53,6 +53,7 @@ /* * The SHA-256 round constants */ + .section ".rodata", "a" .align 4 .Lsha2_rcon: .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 @@ -76,9 +77,10 @@ * void sha2_ce_transform(struct sha256_ce_state *sst, u8 const *src, * int blocks) */ + .text ENTRY(sha2_ce_transform) /* load round constants */ - adr x8, .Lsha2_rcon + adr_l x8, .Lsha2_rcon ld1 { v0.4s- v3.4s}, [x8], #64 ld1 { v4.4s- v7.4s}, [x8], #64 ld1 { v8.4s-v11.4s}, [x8], #64 From patchwork Wed Jan 10 12:11:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124074 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5199050qgn; Wed, 10 Jan 2018 04:14:02 -0800 (PST) X-Google-Smtp-Source: ACJfBovzhDcJSlbn7OtRC1O0Y8+9Qsl3+LQt4n3ulav1y32cVw8VM5fvZXMZgJ/VKcYWwCqpMpxn X-Received: by 10.101.75.81 with SMTP id k17mr14407416pgt.301.1515586442736; Wed, 10 Jan 2018 04:14:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586442; cv=none; d=google.com; s=arc-20160816; b=MJN/wV0l50OHfoMKJ/tXt8sS/gOSMru2slKzZhKGepPoATL5lStIcqOeAzlnsQRKxF tl2GXJjU91VmAUOyr591ZxsA8tBdtRsUSeuzob0T2lshXP8N3OdqF+yqms0jr0MARvNG z/KhH18KmcatEqwXaSKtZc14r0wxNEM9hiwG5qYw69tj7qFpyeqTKfVJoSWinOEdCyZB eQcrwgdNeOeNeJCtpBv0Blz12gPyJ3xMk45jNSfeIZKEXbBRUMjIEKD+qY3M8DyZ6ix/ 2hb744UHPRR3mf6ajeVngRft0SejAC4YIGH7ZAoSIqcVdKSkzXSpAJrXuZZUzJjsKaoR mztA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=i/kNCMf9IwZEH9RcambEaZtO5fzWD0+sbiw50dYegqh/psk/QqBQgvZh2todSD9QhR +w9vq8gSYC8jNpvKk/qWWnXtEHolpeU60T3CWHQ+NYefdT3PzdRYmlMvACE/YRftRhJ1 aSAwa7jwV4M8m8Q28zqoOvCGZ06MgbQP1SQGD4MGk7yLOgEECUXy3R9tEQB5VsCqSw7x PHFNqZVbQRHE/G2yI86qTorTWY4TyZyLYx0uHK0ficT+66dOownVvQsEcvbRQaHm3cRq XiweBjksj8idNDMiap20M6wEpYT2+KLgU3Hkr2H49CDRFjZ8zPWwN7WiMD7kYUPmQvS7 nAMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXctxzlL; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1si6107564pln.324.2018.01.10.04.14.02; Wed, 10 Jan 2018 04:14:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GXctxzlL; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964994AbeAJMOA (ORCPT + 1 other); Wed, 10 Jan 2018 07:14:00 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:45855 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965018AbeAJMNt (ORCPT ); Wed, 10 Jan 2018 07:13:49 -0500 Received: by mail-wm0-f67.google.com with SMTP id i186so10102400wmi.4 for ; Wed, 10 Jan 2018 04:13:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=GXctxzlLBzBNSTTRtJ9Fudkv7MGu711gMxc7+aLrBkuEuUHsbUTKB7o+lR+nrKNopG tAMjz+1+bx/yfB/HzCkIyPytQ5AkEeLbSdGF9AHH06gv0EW99+k8lXn6oesTmjRPnFXc 9uiFz6Llbd7bzHqiv8srNZu35ao+UMMGiXtwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BAZvme+9fMONqCKhmfnvZwNJem4uKRlUfxDkiaFyoeI=; b=TVD5FjQ3HfEvDV6hwsRl2OYgmaMyw2KfEz+CFtFiqx2b/Rc4HAZp9seFuuSJ3jDHDc 4dbmAbbOmgwQBwaELQzml+2waKw8IcAxwCYY9QDzkpSzjXByR/YPd5UDWTUVCFlCfx7D eAdyBB3GyNWPClTS61OZT2bMW4J7lwN35zSvcQBwcij5vuT2XHLSDd1LmsD9+CQ3/qQz DB05ebQ4q8bmd059B5M+Jz6j5MYmO8qSTr3luqkYS6/wl+/kqXHfYwNLAY7YEYt4MgTd 1k9x3hrxlDzaHWzqWraMuoq61TYspAj2dKeX8NwdxscFg+s48tYwFl4U+XXfSI8sDGiF I7HQ== X-Gm-Message-State: AKGB3mLEL16xRXLZSglUuvgMNbyfs0b/L4WsXE+vhcy4wCQjh7KRYluU dZDDid8iAhwNlezNj9qSiLqSaw== X-Received: by 10.28.131.17 with SMTP id f17mr14332838wmd.139.1515586427861; Wed, 10 Jan 2018 04:13:47 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.13.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:47 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 7/7] arm64/crypto: sha1-ce: get rid of literal pool Date: Wed, 10 Jan 2018 12:11:42 +0000 Message-Id: <20180110121142.18291-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Load the four SHA-1 round constants using immediates rather than literal pool entries, to avoid having executable data that may be exploitable under speculation attacks. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/sha1-ce-core.S | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S index 8550408735a0..46049850727d 100644 --- a/arch/arm64/crypto/sha1-ce-core.S +++ b/arch/arm64/crypto/sha1-ce-core.S @@ -58,12 +58,11 @@ sha1su1 v\s0\().4s, v\s3\().4s .endm - /* - * The SHA1 round constants - */ - .align 4 -.Lsha1_rcon: - .word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 + .macro loadrc, k, val, tmp + movz \tmp, :abs_g0_nc:\val + movk \tmp, :abs_g1:\val + dup \k, \tmp + .endm /* * void sha1_ce_transform(struct sha1_ce_state *sst, u8 const *src, @@ -71,11 +70,10 @@ */ ENTRY(sha1_ce_transform) /* load round constants */ - adr x6, .Lsha1_rcon - ld1r {k0.4s}, [x6], #4 - ld1r {k1.4s}, [x6], #4 - ld1r {k2.4s}, [x6], #4 - ld1r {k3.4s}, [x6] + loadrc k0.4s, 0x5a827999, w6 + loadrc k1.4s, 0x6ed9eba1, w6 + loadrc k2.4s, 0x8f1bbcdc, w6 + loadrc k3.4s, 0xca62c1d6, w6 /* load state */ ld1 {dgav.4s}, [x0]