lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Sep 2017 17:09:19 -0700 From: Eric Biggers <ebiggers3@...il.com> To: Josh Poimboeuf <jpoimboe@...hat.com> Cc: x86@...nel.org, linux-kernel@...r.kernel.org, Tim Chen <tim.c.chen@...ux.intel.com>, Mathias Krause <minipli@...glemail.com>, Chandramouli Narayanan <mouli@...ux.intel.com>, Jussi Kivilinna <jussi.kivilinna@....fi>, Peter Zijlstra <peterz@...radead.org>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, linux-crypto@...r.kernel.org, Eric Biggers <ebiggers@...gle.com>, Andy Lutomirski <luto@...nel.org>, Jiri Slaby <jslaby@...e.cz> Subject: Re: [PATCH 00/12] x86/crypto: Fix RBP usage in several crypto .S files Hi Josh, On Tue, Aug 29, 2017 at 01:05:33PM -0500, Josh Poimboeuf wrote: > Many of the x86 crypto functions use RBP as a temporary register. This > breaks frame pointer convention, and breaks stack traces when unwinding > from an interrupt in the crypto code. > > Convert most* of them to leave RBP alone. > > These pass the crypto boot tests for me. Any further testing would be > appreciated! > > [*] There are still a few crypto files left that need fixing, but the > fixes weren't trivial and nobody reported unwinder warnings about > them yet, so I'm skipping them for now. > > Josh Poimboeuf (12): > x86/crypto: Fix RBP usage in blowfish-x86_64-asm_64.S > x86/crypto: Fix RBP usage in camellia-x86_64-asm_64.S > x86/crypto: Fix RBP usage in cast5-avx-x86_64-asm_64.S > x86/crypto: Fix RBP usage in cast6-avx-x86_64-asm_64.S > x86/crypto: Fix RBP usage in des3_ede-asm_64.S > x86/crypto: Fix RBP usage in sha1_avx2_x86_64_asm.S > x86/crypto: Fix RBP usage in sha1_ssse3_asm.S > x86/crypto: Fix RBP usage in sha256-avx-asm.S > x86/crypto: Fix RBP usage in sha256-avx2-asm.S > x86/crypto: Fix RBP usage in sha256-ssse3-asm.S > x86/crypto: Fix RBP usage in sha512-avx2-asm.S > x86/crypto: Fix RBP usage in twofish-avx-x86_64-asm_64.S > Thanks for fixing these! I don't have time to review these in detail, but I ran the crypto self-tests on the affected algorithms, and they all pass. I also benchmarked them before and after; the only noticable performance difference was that sha256-avx2 and sha512-avx2 became a few percent slower. I don't suppose there is a way around that? Otherwise it's probably not a big deal. For reference, this was the list of affected algorithms I used: shash: sha1-ssse3, sha1-avx, sha1-avx2, sha256-ssse3, sha256-avx, sha256-avx2, sha512-ssse3, sha512-avx, sha512-avx2 cipher: blowfish-asm, camellia-asm, des3_ede-asm skcipher: ecb-blowfish-asm, cbc-blowfish-asm, ctr-blowfish-asm, ecb-cast5-avx, cbc-cast5-avx, ctr-cast5-avx, ecb-cast6-avx, cbc-cast6-avx, ctr-cast6-avx, lrw-cast6-avx, xts-cast6-avx, ecb-camellia-asm, cbc-camellia-asm, ctr-camellia-asm, lrw-camellia-asm, xts-camellia-asm, ecb-des3_ede-asm, cbc-des3_ede-asm, ctr-des3_ede-asm, ecb-twofish-avx, cbc-twofish-avx, ctr-twofish-avx, lrw-twofish-avx, xts-twofish-avx Eric
Powered by blists - more mailing lists