From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE461C43381 for ; Wed, 20 Mar 2019 16:17:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AA5542183E for ; Wed, 20 Mar 2019 16:17:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553098672; bh=Zrlm2nsFlPqxbz1/c9Pe6xpYGVKjeAgsI12TwcToops=; h=Subject:To:Cc:From:Date:List-ID:From; b=EBKvP06KoR/3r78+g6z0eraSJPt8eDRE96uwFWJKnRir5P6suxHBSp+JtzA7TsQl0 QlHQLGpA5z/3CbzbkKOksTE7DsF1i+P7udWEwiHkMbNOz4vGK9GmyFLtfyg3mPrrQI AKJt85agMQ/3HY5UaIfgyufZ0Js0ZjOjHK+NAj+A= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726782AbfCTQRw (ORCPT ); Wed, 20 Mar 2019 12:17:52 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:46567 "EHLO out5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727330AbfCTQRw (ORCPT ); Wed, 20 Mar 2019 12:17:52 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id D052121EF6; Wed, 20 Mar 2019 12:17:50 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Wed, 20 Mar 2019 12:17:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=5KVBel 4ygbG55LzbOMIQ6u5oKR8M8zSayTX7lz3M2FY=; b=Rd00MT6bRZAJDi17Ugqyps lfTLek2nvgXbqqdNkZMyVyo/4ifMADlb44SxZpxsYbgUYWt3ed8K/sdnYTS3ooSJ aHOcyXc8eBIwjmOBLdoOgY5wSM5p6eX2xq5/rcjYpCWPYDjDdvmCKdLV4VplnN+d 1W8ARvt/fROaO7lBRhDxsUJ2Dghhfor3My53a62KOvNiXt/a3Jv9Mp2XYadrouYj xHpIKm3TMRqJIk2Zqga2fERAR+rOQNTjg4EbgRZcH9GZNz8EZJD9VOLDBvnTp1cw G3jFDoxU+1UkDvvMHLXfgE8+OtvvnTDjZ0awQQdRm7E/DwwCB/gc2X5sAmPIKyQA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrieeigdekjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvhfffkfggtgfgsehtkeertddttd flnecuhfhrohhmpeeoghhrvghgkhhhsehlihhnuhigfhhouhhnuggrthhiohhnrdhorhhg qeenucffohhmrghinheprggvshdqnhgvohhnsghsqdgtohhrvgdrshgsnecukfhppeekfe drkeeirdekledruddtjeenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhho rghhrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (5356596b.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) by mail.messagingengine.com (Postfix) with ESMTPA id 49E9B10321; Wed, 20 Mar 2019 12:17:49 -0400 (EDT) Subject: FAILED: patch "[PATCH] crypto: arm64/aes-neonbs - fix returning final keystream" failed to apply to 4.14-stable tree To: ebiggers@google.com, ard.biesheuvel@linaro.org, herbert@gondor.apana.org.au, stable@vger.kernel.org Cc: From: Date: Wed, 20 Mar 2019 17:17:47 +0100 Message-ID: <155309866716396@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to . thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 12455e320e19e9cc7ad97f4ab89c280fe297387c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:42 -0800 Subject: [PATCH] crypto: arm64/aes-neonbs - fix returning final keystream block The arm64 NEON bit-sliced implementation of AES-CTR fails the improved skcipher tests because it sometimes produces the wrong ciphertext. The bug is that the final keystream block isn't returned from the assembly code when the number of non-final blocks is zero. This can happen if the input data ends a few bytes after a page boundary. In this case the last bytes get "encrypted" by XOR'ing them with uninitialized memory. Fix the assembly code to return the final keystream block when needed. Fixes: 88a3f582bea9 ("crypto: arm64/aes - don't use IV buffer to return final keystream block") Cc: # v4.11+ Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S index e613a87f8b53..8432c8d0dea6 100644 --- a/arch/arm64/crypto/aes-neonbs-core.S +++ b/arch/arm64/crypto/aes-neonbs-core.S @@ -971,18 +971,22 @@ CPU_LE( rev x8, x8 ) 8: next_ctr v0 st1 {v0.16b}, [x24] - cbz x23, 0f + cbz x23, .Lctr_done cond_yield_neon 98b b 99b -0: frame_pop +.Lctr_done: + frame_pop ret /* * If we are handling the tail of the input (x6 != NULL), return the * final keystream block back to the caller. */ +0: cbz x25, 8b + st1 {v0.16b}, [x25] + b 8b 1: cbz x25, 8b st1 {v1.16b}, [x25] b 8b