crypto: Use ___cacheline_aligned for aes data

Commit Message

Andi Kleen March 30, 2019, 12:46 a.m. UTC

From: Andi Kleen <ak@linux.intel.com>

cacheline_aligned is a special section. It cannot be const at the same
time because it's not read-only. It doesn't give any MMU protection.

Mark it ____cacheline_aligned to not place it in a special section,
but just align it in .rodata

Cc: herbert@gondor.apana.org.au
Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
---
 crypto/aes_generic.c | 8 ++++----
 include/crypto/aes.h | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

Comments

Ard Biesheuvel March 30, 2019, 9:52 a.m. UTC | #1

On Sat, 30 Mar 2019 at 01:46, Andi Kleen <andi@firstfloor.org> wrote:
>
> From: Andi Kleen <ak@linux.intel.com>
>
> cacheline_aligned is a special section. It cannot be const at the same
> time because it's not read-only. It doesn't give any MMU protection.
>
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
>
> Cc: herbert@gondor.apana.org.au
> Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Signed-off-by: Andi Kleen <ak@linux.intel.com>

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: 913a3aa07d ("crypto: arm/aes - add some hardening against
cache-timing attacks")


> ---
>  crypto/aes_generic.c | 8 ++++----
>  include/crypto/aes.h | 8 ++++----
>  2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
> index 13df33aca463..fddcbe3edb0a 100644
> --- a/crypto/aes_generic.c
> +++ b/crypto/aes_generic.c
> @@ -64,7 +64,7 @@ static inline u8 byte(const u32 x, const unsigned n)
>  static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
>
>  /* cacheline-aligned to facilitate prefetching into cache */
> -__visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
>         {
>                 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
>                 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
> @@ -328,7 +328,7 @@ __visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
>         }
>  };
>
> -__visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
>         {
>                 0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
>                 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
> @@ -592,7 +592,7 @@ __visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
>         }
>  };
>
> -__visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
>         {
>                 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
>                 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
> @@ -856,7 +856,7 @@ __visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
>         }
>  };
>
> -__visible const u32 crypto_il_tab[4][256] __cacheline_aligned = {
> +__visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
>         {
>                 0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
>                 0x00000030, 0x00000036, 0x000000a5, 0x00000038,
> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
> index 852eaa9cd4db..0fdb542c70cd 100644
> --- a/include/crypto/aes.h
> +++ b/include/crypto/aes.h
> @@ -28,10 +28,10 @@ struct crypto_aes_ctx {
>         u32 key_length;
>  };
>
> -extern const u32 crypto_ft_tab[4][256];
> -extern const u32 crypto_fl_tab[4][256];
> -extern const u32 crypto_it_tab[4][256];
> -extern const u32 crypto_il_tab[4][256];
> +extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_fl_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
> +extern const u32 crypto_il_tab[4][256] ____cacheline_aligned;
>
>  int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
>                 unsigned int key_len);
> --
> 2.20.1
>

Yann Droneaud March 30, 2019, 2:51 p.m. UTC | #2

Hi,

Le vendredi 29 mars 2019 à 17:46 -0700, Andi Kleen a écrit :
> 
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
> 

Small typo: commit title seems to suggests there's only 3 underscore
('___cacheline_aligned') instead of 4.

Regards.

Herbert Xu April 8, 2019, 6:40 a.m. UTC | #3

On Fri, Mar 29, 2019 at 05:46:29PM -0700, Andi Kleen wrote:
> From: Andi Kleen <ak@linux.intel.com>
> 
> cacheline_aligned is a special section. It cannot be const at the same
> time because it's not read-only. It doesn't give any MMU protection.
> 
> Mark it ____cacheline_aligned to not place it in a special section,
> but just align it in .rodata
> 
> Cc: herbert@gondor.apana.org.au
> Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> Signed-off-by: Andi Kleen <ak@linux.intel.com>
> ---
>  crypto/aes_generic.c | 8 ++++----
>  include/crypto/aes.h | 8 ++++----
>  2 files changed, 8 insertions(+), 8 deletions(-)

Patch applied.  Thanks.

Patch

diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index 13df33aca463..fddcbe3edb0a 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -64,7 +64,7 @@  static inline u8 byte(const u32 x, const unsigned n)
 static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
 
 /* cacheline-aligned to facilitate prefetching into cache */
-__visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
 	{
 		0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
 		0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
@@ -328,7 +328,7 @@  __visible const u32 crypto_ft_tab[4][256] __cacheline_aligned = {
 	}
 };
 
-__visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
 	{
 		0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
 		0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
@@ -592,7 +592,7 @@  __visible const u32 crypto_fl_tab[4][256] __cacheline_aligned = {
 	}
 };
 
-__visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
 	{
 		0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
 		0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
@@ -856,7 +856,7 @@  __visible const u32 crypto_it_tab[4][256] __cacheline_aligned = {
 	}
 };
 
-__visible const u32 crypto_il_tab[4][256] __cacheline_aligned = {
+__visible const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
 	{
 		0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
 		0x00000030, 0x00000036, 0x000000a5, 0x00000038,
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 852eaa9cd4db..0fdb542c70cd 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -28,10 +28,10 @@  struct crypto_aes_ctx {
 	u32 key_length;
 };
 
-extern const u32 crypto_ft_tab[4][256];
-extern const u32 crypto_fl_tab[4][256];
-extern const u32 crypto_it_tab[4][256];
-extern const u32 crypto_il_tab[4][256];
+extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_fl_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
+extern const u32 crypto_il_tab[4][256] ____cacheline_aligned;
 
 int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 		unsigned int key_len);