diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-02 19:21:49 +0200 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-02 19:21:49 +0200 |
| commit | 8cda548ffba8ee67793e54d885068dd69ed6b905 (patch) | |
| tree | acea06c9d92307f867bc189e4e06871944c2ccbe /arch/arm64 | |
| parent | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (diff) | |
| parent | crypto/arm64: aes-ce-gcm - add missing kernel_neon_begin/end pair (diff) | |
| download | linux-8cda548ffba8ee67793e54d885068dd69ed6b905.tar.xz linux-8cda548ffba8ee67793e54d885068dd69ed6b905.zip | |
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 regression fix from Will Deacon:
"Ard found a nasty arm64 regression in 4.18 where the AES ghash/gcm
code doesn't notify the kernel about its use of the vector registers,
therefore potentially corrupting live user state.
The fix is straightforward and Herbert agreed for it to go via arm64"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
crypto/arm64: aes-ce-gcm - add missing kernel_neon_begin/end pair
Diffstat (limited to 'arch/arm64')
| -rw-r--r-- | arch/arm64/crypto/ghash-ce-glue.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c index 7cf0b1aa6ea8..8a10f1d7199a 100644 --- a/arch/arm64/crypto/ghash-ce-glue.c +++ b/arch/arm64/crypto/ghash-ce-glue.c @@ -488,9 +488,13 @@ static int gcm_decrypt(struct aead_request *req) err = skcipher_walk_done(&walk, walk.nbytes % AES_BLOCK_SIZE); } - if (walk.nbytes) - pmull_gcm_encrypt_block(iv, iv, NULL, + if (walk.nbytes) { + kernel_neon_begin(); + pmull_gcm_encrypt_block(iv, iv, ctx->aes_key.key_enc, num_rounds(&ctx->aes_key)); + kernel_neon_end(); + } + } else { __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv, num_rounds(&ctx->aes_key)); |