releases/3.7.2/sparc64-fix-unrolled-aes-256-bit-key-loops.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 436a669c393b665dc201a86973a6c72d6cce1796 Mon Sep 17 00:00:00 2001
 From: "David S. Miller" <davem@davemloft.net>
 Date: Wed, 19 Dec 2012 15:19:11 -0800
 Subject: sparc64: Fix unrolled AES 256-bit key loops.


 From: "David S. Miller" <davem@davemloft.net>

 [ Upstream commit 9f28ffc03e93343ac04874fda9edb7affea45165 ]

 The basic scheme of the block mode assembler is that we start by
 enabling the FPU, loading the key into the floating point registers,
 then iterate calling the encrypt/decrypt routine for each block.

 For the 256-bit key cases, we run short on registers in the unrolled
 loops.

 So the {ENCRYPT,DECRYPT}_256_2() macros reload the key registers that
 get clobbered.

 The unrolled macros, {ENCRYPT,DECRYPT}_256(), are not mindful of this.

 So if we have a mix of multi-block and single-block calls, the
 single-block unrolled 256-bit encrypt/decrypt can run with some
 of the key registers clobbered.

 Handle this by always explicitly loading those registers before using
 the non-unrolled 256-bit macro.

 This was discovered thanks to all of the new test cases added by
 Jussi Kivilinna.

 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  arch/sparc/crypto/aes_asm.S |   20 ++++++++++++++------
  1 file changed, 14 insertions(+), 6 deletions(-)

 --- a/arch/sparc/crypto/aes_asm.S
 +++ b/arch/sparc/crypto/aes_asm.S
 @@ -1024,7 +1024,11 @@ ENTRY(aes_sparc64_ecb_encrypt_256)
  	 add		%o2, 0x20, %o2
  	brlz,pt		%o3, 11f
  	 nop
 -10:	ldx		[%o1 + 0x00], %g3
 +10:	ldd		[%o0 + 0xd0], %f56
 +	ldd		[%o0 + 0xd8], %f58
 +	ldd		[%o0 + 0xe0], %f60
 +	ldd		[%o0 + 0xe8], %f62
 +	ldx		[%o1 + 0x00], %g3
  	ldx		[%o1 + 0x08], %g7
  	xor		%g1, %g3, %g3
  	xor		%g2, %g7, %g7
 @@ -1128,9 +1132,9 @@ ENTRY(aes_sparc64_ecb_decrypt_256)
  	/* %o0=&key[key_len], %o1=input, %o2=output, %o3=len */
  	ldx		[%o0 - 0x10], %g1
  	subcc		%o3, 0x10, %o3
 +	ldx		[%o0 - 0x08], %g2
  	be		10f
 -	 ldx		[%o0 - 0x08], %g2
 -	sub		%o0, 0xf0, %o0
 +	 sub		%o0, 0xf0, %o0
  1:	ldx		[%o1 + 0x00], %g3
  	ldx		[%o1 + 0x08], %g7
  	ldx		[%o1 + 0x10], %o4
 @@ -1154,7 +1158,11 @@ ENTRY(aes_sparc64_ecb_decrypt_256)
  	 add		%o2, 0x20, %o2
  	brlz,pt		%o3, 11f
  	 nop
 -10:	ldx		[%o1 + 0x00], %g3
 +10:	ldd		[%o0 + 0x18], %f56
 +	ldd		[%o0 + 0x10], %f58
 +	ldd		[%o0 + 0x08], %f60
 +	ldd		[%o0 + 0x00], %f62
 +	ldx		[%o1 + 0x00], %g3
  	ldx		[%o1 + 0x08], %g7
  	xor		%g1, %g3, %g3
  	xor		%g2, %g7, %g7
 @@ -1511,11 +1519,11 @@ ENTRY(aes_sparc64_ctr_crypt_256)
  	 add		%o2, 0x20, %o2
  	brlz,pt		%o3, 11f
  	 nop
 -	ldd		[%o0 + 0xd0], %f56
 +10:	ldd		[%o0 + 0xd0], %f56
  	ldd		[%o0 + 0xd8], %f58
  	ldd		[%o0 + 0xe0], %f60
  	ldd		[%o0 + 0xe8], %f62
 -10:	xor		%g1, %g3, %o5
 +	xor		%g1, %g3, %o5
  	MOVXTOD_O5_F0
  	xor		%g2, %g7, %o5
  	MOVXTOD_O5_F2
	From 436a669c393b665dc201a86973a6c72d6cce1796 Mon Sep 17 00:00:00 2001
	From: "David S. Miller" <davem@davemloft.net>
	Date: Wed, 19 Dec 2012 15:19:11 -0800
	Subject: sparc64: Fix unrolled AES 256-bit key loops.


	From: "David S. Miller" <davem@davemloft.net>

	[ Upstream commit 9f28ffc03e93343ac04874fda9edb7affea45165 ]

	The basic scheme of the block mode assembler is that we start by
	enabling the FPU, loading the key into the floating point registers,
	then iterate calling the encrypt/decrypt routine for each block.

	For the 256-bit key cases, we run short on registers in the unrolled
	loops.

	So the {ENCRYPT,DECRYPT}_256_2() macros reload the key registers that
	get clobbered.

	The unrolled macros, {ENCRYPT,DECRYPT}_256(), are not mindful of this.

	So if we have a mix of multi-block and single-block calls, the
	single-block unrolled 256-bit encrypt/decrypt can run with some
	of the key registers clobbered.

	Handle this by always explicitly loading those registers before using
	the non-unrolled 256-bit macro.

	This was discovered thanks to all of the new test cases added by
	Jussi Kivilinna.

	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	arch/sparc/crypto/aes_asm.S \| 20 ++++++++++++++------
	1 file changed, 14 insertions(+), 6 deletions(-)

	--- a/arch/sparc/crypto/aes_asm.S
	+++ b/arch/sparc/crypto/aes_asm.S
	@@ -1024,7 +1024,11 @@ ENTRY(aes_sparc64_ecb_encrypt_256)
	add %o2, 0x20, %o2
	brlz,pt %o3, 11f
	nop
	-10: ldx [%o1 + 0x00], %g3
	+10: ldd [%o0 + 0xd0], %f56
	+ ldd [%o0 + 0xd8], %f58
	+ ldd [%o0 + 0xe0], %f60
	+ ldd [%o0 + 0xe8], %f62
	+ ldx [%o1 + 0x00], %g3
	ldx [%o1 + 0x08], %g7
	xor %g1, %g3, %g3
	xor %g2, %g7, %g7
	@@ -1128,9 +1132,9 @@ ENTRY(aes_sparc64_ecb_decrypt_256)
	/* %o0=&key[key_len], %o1=input, %o2=output, %o3=len */
	ldx [%o0 - 0x10], %g1
	subcc %o3, 0x10, %o3
	+ ldx [%o0 - 0x08], %g2
	be 10f
	- ldx [%o0 - 0x08], %g2
	- sub %o0, 0xf0, %o0
	+ sub %o0, 0xf0, %o0
	1: ldx [%o1 + 0x00], %g3
	ldx [%o1 + 0x08], %g7
	ldx [%o1 + 0x10], %o4
	@@ -1154,7 +1158,11 @@ ENTRY(aes_sparc64_ecb_decrypt_256)
	add %o2, 0x20, %o2
	brlz,pt %o3, 11f
	nop
	-10: ldx [%o1 + 0x00], %g3
	+10: ldd [%o0 + 0x18], %f56
	+ ldd [%o0 + 0x10], %f58
	+ ldd [%o0 + 0x08], %f60
	+ ldd [%o0 + 0x00], %f62
	+ ldx [%o1 + 0x00], %g3
	ldx [%o1 + 0x08], %g7
	xor %g1, %g3, %g3
	xor %g2, %g7, %g7
	@@ -1511,11 +1519,11 @@ ENTRY(aes_sparc64_ctr_crypt_256)
	add %o2, 0x20, %o2
	brlz,pt %o3, 11f
	nop
	- ldd [%o0 + 0xd0], %f56
	+10: ldd [%o0 + 0xd0], %f56
	ldd [%o0 + 0xd8], %f58
	ldd [%o0 + 0xe0], %f60
	ldd [%o0 + 0xe8], %f62
	-10: xor %g1, %g3, %o5
	+ xor %g1, %g3, %o5
	MOVXTOD_O5_F0
	xor %g2, %g7, %o5
	MOVXTOD_O5_F2