[PATCH v2] crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
Herbert Xu
herbert at gondor.apana.org.au
Fri Dec 4 02:15:29 EST 2020
On Thu, Nov 26, 2020 at 08:49:07AM +0100, Ard Biesheuvel wrote:
> ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
> by silicon errata #1742098 and #1655431, respectively, where the second
> instruction of a AES instruction pair may execute twice if an interrupt
> is taken right after the first instruction consumes an input register of
> which a single 32-bit lane has been updated the last time it was modified.
>
> This is not such a rare occurrence as it may seem: in counter mode, only
> the least significant 32-bit word is incremented in the absence of a
> carry, which makes our counter mode implementation susceptible to these
> errata.
>
> So let's shuffle the counter assignments around a bit so that the most
> recent updates when the AES instruction pair executes are 128-bit wide.
>
> [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
> [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
>
> Cc: <stable at vger.kernel.org> # v5.4+
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> ---
> v2: - add comment block describing the erratum and how it is being worked
> around
> - mention A57 as well as A72, as both are affected
>
> arch/arm/crypto/aes-ce-core.S | 32 ++++++++++++++------
> 1 file changed, 22 insertions(+), 10 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the linux-arm-kernel
mailing list