diff options
| author |   Ard Biesheuvel <ardb@kernel.org> | 2020-11-26 08:49:07 +0100 |
|---|---|---|
| committer |   Herbert Xu <herbert@gondor.apana.org.au> | 2020-12-04 18:13:14 +1100 |
| commit | f3456b9fd269c6d0c973b136c5449d46b2510f4b (patch) | |
| tree | f4c2002692d77ebfece68ab866b2bdf6a4db727e /include/crypto | |
| parent | crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (diff) | |
| download | linux-dev-f3456b9fd269c6d0c973b136c5449d46b2510f4b.tar.xz linux-dev-f3456b9fd269c6d0c973b136c5449d46b2510f4b.zip | |
crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are affected
by silicon errata #1742098 and #1655431, respectively, where the second
instruction of a AES instruction pair may execute twice if an interrupt
is taken right after the first instruction consumes an input register of
which a single 32-bit lane has been updated the last time it was modified.
This is not such a rare occurrence as it may seem: in counter mode, only
the least significant 32-bit word is incremented in the absence of a
carry, which makes our counter mode implementation susceptible to these
errata.
So let's shuffle the counter assignments around a bit so that the most
recent updates when the AES instruction pair executes are 128-bit wide.
[0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
[1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
Cc: <stable@vger.kernel.org> # v5.4+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
0 files changed, 0 insertions, 0 deletions