mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 15:45:45 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/x86/crypto
History
Eric Biggers 392e03283a crypto: x86/twofish-3way - Fix %rbp usage 
commit d8c7fe9f2a upstream.

Using %rbp as a temporary register breaks frame pointer convention and
breaks stack traces when unwinding from an interrupt in the crypto code.

In twofish-3way, we can't simply replace %rbp with another register
because there are none available.  Instead, we use the stack to hold the
values that %rbp, %r11, and %r12 were holding previously.  Each of these
values represents the half of the output from the previous Feistel round
that is being passed on unchanged to the following round.  They are only
used once per round, when they are exchanged with %rax, %rbx, and %rcx.

As a result, we free up 3 registers (one per block) and can reassign
them so that %rbp is not used, and additionally %r14 and %r15 are not
used so they do not need to be saved/restored.

There may be a small overhead caused by replacing 'xchg REG, REG' with
the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
round.  But, counterintuitively, when I tested "ctr-twofish-3way" on a
Haswell processor, the new version was actually about 2% faster.
(Perhaps 'xchg' is not as well optimized as plain moves.)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-25 11:07:49 +01:00
..
sha1-mb Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-06 09:05:03 -08:00
sha256-mb Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-06 09:05:03 -08:00
sha512-mb crypto: sha512-mb - initialize pending lengths correctly 2018-02-16 20:23:02 +01:00
aes-i586-asm_32.S
aes-x86_64-asm_64.S crypto: x86/aes - Don't use %rbp as temporary register 2017-05-23 12:52:05 +08:00
aes_ctrby8_avx-x86_64.S crypto, x86: aesni - fix token pasting for clang 2017-03-24 22:02:55 +08:00
aes_glue.c
aesni-intel_asm.S crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni 2018-02-03 17:38:50 +01:00
aesni-intel_avx-x86_64.S crypto: aesni - make AVX2 AES-GCM work with all valid auth_tag_len 2017-05-18 13:19:55 +08:00
aesni-intel_glue.c crypto: aesni - add wrapper for generic gcm(aes) 2018-02-03 17:38:49 +01:00
blowfish-x86_64-asm_64.S crypto: x86/blowfish - Fix RBP usage 2017-09-20 17:42:31 +08:00
blowfish_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
camellia-aesni-avx-asm_64.S x86/retpoline/crypto: Convert crypto assembler indirect jumps 2018-01-17 09:45:29 +01:00
camellia-aesni-avx2-asm_64.S x86/retpoline/crypto: Convert crypto assembler indirect jumps 2018-01-17 09:45:29 +01:00
camellia-x86_64-asm_64.S crypto: x86/camellia - Fix RBP usage 2017-09-20 17:42:31 +08:00
camellia_aesni_avx2_glue.c x86/cpufeature: Replace cpu_has_avx with boot_cpu_has() usage 2016-04-13 11:37:40 +02:00
camellia_aesni_avx_glue.c x86/cpufeature: Replace cpu_has_avx with boot_cpu_has() usage 2016-04-13 11:37:40 +02:00
camellia_glue.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00
cast5-avx-x86_64-asm_64.S crypto: x86/cast5 - Fix RBP usage 2017-09-20 17:42:32 +08:00
cast5_avx_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
cast6-avx-x86_64-asm_64.S crypto: x86/cast6 - Fix RBP usage 2017-09-20 17:42:33 +08:00
cast6_avx_glue.c
chacha20-avx2-x86_64.S crypto: x86/chacha20 - satisfy stack validation 2.0 2017-10-12 22:51:16 +08:00
chacha20-ssse3-x86_64.S crypto: x86/chacha20 - satisfy stack validation 2.0 2017-10-12 22:51:16 +08:00
chacha20_glue.c crypto: x86/chacha20 - Manually align stack buffer 2017-01-13 00:26:46 +08:00
crc32-pclmul_asm.S
crc32-pclmul_glue.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
crc32c-intel_glue.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
crc32c-pcl-intel-asm_64.S x86/retpoline/crypto: Convert crypto assembler indirect jumps 2018-01-17 09:45:29 +01:00
crct10dif-pcl-asm_64.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
crct10dif-pclmul_glue.c
des3_ede-asm_64.S crypto: x86/des3_ede - Fix RBP usage 2017-09-20 17:42:34 +08:00
des3_ede_glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
fpu.c crypto: aesni - Convert to skcipher 2016-11-28 21:23:20 +08:00
ghash-clmulni-intel_asm.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
ghash-clmulni-intel_glue.c crypto: ghash-clmulni - Fix cryptd reordering 2016-06-23 18:29:53 +08:00
glue_helper-asm-avx.S
glue_helper-asm-avx2.S
glue_helper.c crypto: glue_helper - Delete some dead code 2017-06-19 14:11:54 +08:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
poly1305-avx2-x86_64.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
poly1305-sse2-x86_64.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
poly1305_glue.c crypto: poly1305 - remove ->setkey() method 2018-02-16 20:23:00 +01:00
salsa20-i586-asm_32.S
salsa20-x86_64-asm_64.S License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
salsa20_glue.c crypto: salsa20 - fix blkcipher_walk API usage 2017-12-20 10:10:17 +01:00
serpent-avx-x86_64-asm_64.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
serpent-avx2-asm_64.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
serpent-sse2-i586-asm_32.S
serpent-sse2-x86_64-asm_64.S
serpent_avx2_glue.c x86/cpufeature: Replace cpu_has_avx2 with boot_cpu_has() usage 2016-04-13 11:37:39 +02:00
serpent_avx_glue.c
serpent_sse2_glue.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00
sha1_avx2_x86_64_asm.S crypto: x86/sha1-avx2 - Fix RBP usage 2017-09-20 17:42:34 +08:00
sha1_ni_asm.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
sha1_ssse3_asm.S crypto: x86/sha1-ssse3 - Fix RBP usage 2017-09-20 17:42:35 +08:00
sha1_ssse3_glue.c crypto: x86/sha1 - Fix reads beyond the number of blocks passed 2017-08-09 20:01:37 +08:00
sha256-avx-asm.S crypto: x86/sha256-avx - Fix RBP usage 2017-09-20 17:42:36 +08:00
sha256-avx2-asm.S crypto: x86/sha256-avx2 - Fix RBP usage 2017-09-20 17:42:36 +08:00
sha256-ssse3-asm.S crypto: x86/sha256-ssse3 - Fix RBP usage 2017-09-20 17:42:37 +08:00
sha256_ni_asm.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
sha256_ssse3_glue.c crypto: sha-ssse3 - add MODULE_ALIAS 2016-05-31 16:41:46 +08:00
sha512-avx-asm.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
sha512-avx2-asm.S crypto: sha512-avx2 - Fix RBP usage 2017-09-20 17:42:37 +08:00
sha512-ssse3-asm.S crypto: x86 - make constants readonly, allow linker to merge them 2017-01-23 22:50:29 +08:00
sha512_ssse3_glue.c crypto: sha-ssse3 - add MODULE_ALIAS 2016-05-31 16:41:46 +08:00
twofish-avx-x86_64-asm_64.S crypto: x86/twofish - Fix RBP usage 2017-09-20 17:42:38 +08:00
twofish-i586-asm_32.S
twofish-x86_64-asm_64-3way.S crypto: x86/twofish-3way - Fix %rbp usage 2018-02-25 11:07:49 +01:00
twofish-x86_64-asm_64.S
twofish_avx_glue.c
twofish_glue.c
twofish_glue_3way.c crypto: gf128mul - switch gf128mul_x_ble to le128 2017-04-05 21:58:37 +08:00