* Re: [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
2017-11-17 19:50 [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher Eric Biggers
@ 2017-11-17 20:07 ` Ard Biesheuvel
2017-11-19 10:21 ` Greg KH
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Ard Biesheuvel @ 2017-11-17 20:07 UTC (permalink / raw)
To: Eric Biggers; +Cc: stable@vger.kernel.org, linux-crypto@vger.kernel.org
On 17 November 2017 at 19:50, Eric Biggers <ebiggers@google.com> wrote:
> Hi,
>
> I'd like the following patch to be applied to stable for versions
> between 4.1 and 4.10 (inclusively).
>
> This is a minimal fix for a bug where arm32 kernels can use a much
> slower implementation of AES than is actually available, potentially
> forcing vendors to disable encryption on their devices.
>
> Min version is 4.1 because that was the first version to include the
> aes-ce algorithms.
>
> Max version is 4.10 because in 4.11, this bug was fixed incidentally as
> part of a complete rewrite of the bit-sliced AES implementation.
>
> ---8<---
>
> All the aes-bs (bit-sliced) and aes-ce (cryptographic extensions)
> algorithms had a priority of 300. This is undesirable because it means
> an aes-bs algorithm may be used when an aes-ce algorithm is available.
> The aes-ce algorithms have much better performance (up to 10x faster).
>
I'd say up to 20x is more accurate.
> Fix it by decreasing the priority of the aes-bs algorithms to 250.
>
> This was fixed upstream by commit cc477bf64573 ("crypto: arm/aes -
> replace bit-sliced OpenSSL NEON code"), but it was just a small part of
> a complete rewrite. This patch just fixes the priority bug for older
> kernels.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm/crypto/aesbs-glue.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/arm/crypto/aesbs-glue.c b/arch/arm/crypto/aesbs-glue.c
> index 0511a6cafe24..5d934a0039d7 100644
> --- a/arch/arm/crypto/aesbs-glue.c
> +++ b/arch/arm/crypto/aesbs-glue.c
> @@ -363,7 +363,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "cbc(aes)",
> .cra_driver_name = "cbc-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = AES_BLOCK_SIZE,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> @@ -383,7 +383,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "ctr(aes)",
> .cra_driver_name = "ctr-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = 1,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> @@ -403,7 +403,7 @@ static struct crypto_alg aesbs_algs[] = { {
> }, {
> .cra_name = "xts(aes)",
> .cra_driver_name = "xts-aes-neonbs",
> - .cra_priority = 300,
> + .cra_priority = 250,
> .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
> .cra_blocksize = AES_BLOCK_SIZE,
> .cra_ctxsize = sizeof(struct async_helper_ctx),
> --
> 2.15.0.448.gf294e3d99a-goog
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
2017-11-17 19:50 [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher Eric Biggers
2017-11-17 20:07 ` Ard Biesheuvel
@ 2017-11-19 10:21 ` Greg KH
2017-11-19 10:33 ` Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.9-stable tree gregkh
2017-11-19 11:05 ` Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.4-stable tree gregkh
3 siblings, 0 replies; 5+ messages in thread
From: Greg KH @ 2017-11-19 10:21 UTC (permalink / raw)
To: Eric Biggers; +Cc: stable, Ard Biesheuvel, linux-crypto
On Fri, Nov 17, 2017 at 11:50:27AM -0800, Eric Biggers wrote:
> Hi,
>
> I'd like the following patch to be applied to stable for versions
> between 4.1 and 4.10 (inclusively).
>
> This is a minimal fix for a bug where arm32 kernels can use a much
> slower implementation of AES than is actually available, potentially
> forcing vendors to disable encryption on their devices.
>
> Min version is 4.1 because that was the first version to include the
> aes-ce algorithms.
>
> Max version is 4.10 because in 4.11, this bug was fixed incidentally as
> part of a complete rewrite of the bit-sliced AES implementation.
Thanks for the patch, now queued up.
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.9-stable tree
2017-11-17 19:50 [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher Eric Biggers
2017-11-17 20:07 ` Ard Biesheuvel
2017-11-19 10:21 ` Greg KH
@ 2017-11-19 10:33 ` gregkh
2017-11-19 11:05 ` Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.4-stable tree gregkh
3 siblings, 0 replies; 5+ messages in thread
From: gregkh @ 2017-11-19 10:33 UTC (permalink / raw)
To: ebiggers, ard.biesheuvel; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm-crypto-reduce-priority-of-bit-sliced-aes-cipher.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From ebiggers@google.com Sun Nov 19 11:20:08 2017
From: Eric Biggers <ebiggers@google.com>
Date: Fri, 17 Nov 2017 11:50:27 -0800
Subject: [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
To: stable@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Message-ID: <20171117195027.88288-1-ebiggers@google.com>
From: Eric Biggers <ebiggers@google.com>
[ Not upstream because this is a minimal fix for a bug where arm32
kernels can use a much slower implementation of AES than is actually
available, potentially forcing vendors to disable encryption on their
devices.]
All the aes-bs (bit-sliced) and aes-ce (cryptographic extensions)
algorithms had a priority of 300. This is undesirable because it means
an aes-bs algorithm may be used when an aes-ce algorithm is available.
The aes-ce algorithms have much better performance (up to 10x faster).
Fix it by decreasing the priority of the aes-bs algorithms to 250.
This was fixed upstream by commit cc477bf64573 ("crypto: arm/aes -
replace bit-sliced OpenSSL NEON code"), but it was just a small part of
a complete rewrite. This patch just fixes the priority bug for older
kernels.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/crypto/aesbs-glue.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/crypto/aesbs-glue.c
+++ b/arch/arm/crypto/aesbs-glue.c
@@ -363,7 +363,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "cbc(aes)",
.cra_driver_name = "cbc-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct async_helper_ctx),
@@ -383,7 +383,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "ctr(aes)",
.cra_driver_name = "ctr-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct async_helper_ctx),
@@ -403,7 +403,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "xts(aes)",
.cra_driver_name = "xts-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct async_helper_ctx),
Patches currently in stable-queue which might be from ebiggers@google.com are
queue-4.9/arm-crypto-reduce-priority-of-bit-sliced-aes-cipher.patch
^ permalink raw reply [flat|nested] 5+ messages in thread* Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.4-stable tree
2017-11-17 19:50 [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher Eric Biggers
` (2 preceding siblings ...)
2017-11-19 10:33 ` Patch "[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher" has been added to the 4.9-stable tree gregkh
@ 2017-11-19 11:05 ` gregkh
3 siblings, 0 replies; 5+ messages in thread
From: gregkh @ 2017-11-19 11:05 UTC (permalink / raw)
To: ebiggers, ard.biesheuvel; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
[PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
arm-crypto-reduce-priority-of-bit-sliced-aes-cipher.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From ebiggers@google.com Sun Nov 19 11:20:08 2017
From: Eric Biggers <ebiggers@google.com>
Date: Fri, 17 Nov 2017 11:50:27 -0800
Subject: [PATCH -stable] arm: crypto: reduce priority of bit-sliced AES cipher
To: stable@vger.kernel.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@google.com>
Message-ID: <20171117195027.88288-1-ebiggers@google.com>
From: Eric Biggers <ebiggers@google.com>
[ Not upstream because this is a minimal fix for a bug where arm32
kernels can use a much slower implementation of AES than is actually
available, potentially forcing vendors to disable encryption on their
devices.]
All the aes-bs (bit-sliced) and aes-ce (cryptographic extensions)
algorithms had a priority of 300. This is undesirable because it means
an aes-bs algorithm may be used when an aes-ce algorithm is available.
The aes-ce algorithms have much better performance (up to 10x faster).
Fix it by decreasing the priority of the aes-bs algorithms to 250.
This was fixed upstream by commit cc477bf64573 ("crypto: arm/aes -
replace bit-sliced OpenSSL NEON code"), but it was just a small part of
a complete rewrite. This patch just fixes the priority bug for older
kernels.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
arch/arm/crypto/aesbs-glue.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/arm/crypto/aesbs-glue.c
+++ b/arch/arm/crypto/aesbs-glue.c
@@ -357,7 +357,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "cbc(aes)",
.cra_driver_name = "cbc-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct async_helper_ctx),
@@ -377,7 +377,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "ctr(aes)",
.cra_driver_name = "ctr-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = 1,
.cra_ctxsize = sizeof(struct async_helper_ctx),
@@ -397,7 +397,7 @@ static struct crypto_alg aesbs_algs[] =
}, {
.cra_name = "xts(aes)",
.cra_driver_name = "xts-aes-neonbs",
- .cra_priority = 300,
+ .cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct async_helper_ctx),
Patches currently in stable-queue which might be from ebiggers@google.com are
queue-4.4/arm-crypto-reduce-priority-of-bit-sliced-aes-cipher.patch
^ permalink raw reply [flat|nested] 5+ messages in thread