redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/crypto
History
Eric Biggers 19f39eff68 crypto: x86/salsa20 - remove x86 salsa20 implementations 
commit b7b73cd5d7 upstream.

The x86 assembly implementations of Salsa20 use the frame base pointer
register (%ebp or %rbp), which breaks frame pointer convention and
breaks stack traces when unwinding from an interrupt in the crypto code.
Recent (v4.10+) kernels will warn about this, e.g.

WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has bad 'bp' value 000000001077994c
[...]

But after looking into it, I believe there's very little reason to still
retain the x86 Salsa20 code.  First, these are *not* vectorized
(SSE2/SSSE3/AVX2) implementations, which would be needed to get anywhere
close to the best Salsa20 performance on any remotely modern x86
processor; they're just regular x86 assembly.  Second, it's still
unclear that anyone is actually using the kernel's Salsa20 at all,
especially given that now ChaCha20 is supported too, and with much more
efficient SSSE3 and AVX2 implementations.  Finally, in benchmarks I did
on both Intel and AMD processors with both gcc 8.1.0 and gcc 4.9.4, the
x86_64 salsa20-asm is actually slightly *slower* than salsa20-generic
(~3% slower on Skylake, ~10% slower on Zen), while the i686 salsa20-asm
is only slightly faster than salsa20-generic (~15% faster on Skylake,
~20% faster on Zen).  The gcc version made little difference.

So, the x86_64 salsa20-asm is pretty clearly useless.  That leaves just
the i686 salsa20-asm, which based on my tests provides a 15-20% speed
boost.  But that's without updating the code to not use %ebp.  And given
the maintenance cost, the small speed difference vs. salsa20-generic,
the fact that few people still use i686 kernels, the doubt that anyone
is even using the kernel's Salsa20 at all, and the fact that a SSE2
implementation would almost certainly be much faster on any remotely
modern x86 processor yet no one has cared enough to add one yet, I don't
think it's worthwhile to keep.

Thus, just remove both the x86_64 and i686 salsa20-asm implementations.

Reported-by: syzbot+ffa3a158337bbc01ff09@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-07-17 11:39:31 +02:00
..
asymmetric_keys X.509: unpack RSA signatureValue field from BIT STRING 2018-07-03 11:24:57 +02:00
async_tx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files 2015-06-25 23:29:24 +08:00
842.c crypto: acomp - add support for 842 via scomp 2016-10-25 11:08:33 +08:00
Kconfig crypto: x86/salsa20 - remove x86 salsa20 implementations 2018-07-17 11:39:31 +02:00
Makefile crypto: aes-generic - build with -Os on gcc-7+ 2018-04-12 12:32:20 +02:00
ablk_helper.c crypto: ablk_helper - Fix cryptd reordering 2016-06-23 18:29:53 +08:00
ablkcipher.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
acompress.c crypto: acomp - allow registration of multiple acomps 2017-04-21 20:30:50 +08:00
aead.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
aes_generic.c crypto: aes-generic - drop alignment requirement 2017-02-11 17:50:43 +08:00
aes_ti.c crypto: aes_ti - fix comment for MixColumns step 2017-06-19 14:11:53 +08:00
af_alg.c crypto: af_alg - fix possible uninit-value in alg_bind() 2018-05-16 10:10:23 +02:00
ahash.c crypto: ahash - Fix early termination in hash walk 2018-04-08 14:26:31 +02:00
akcipher.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
algapi.c crypto: algapi - fix NULL dereference in crypto_remove_spawns() 2018-01-17 09:45:23 +01:00
algboss.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
algif_aead.c crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t 2018-03-03 10:24:29 +01:00
algif_hash.c crypto: hash - prevent using keyed hashes without setting key 2018-02-16 20:23:00 +01:00
algif_rng.c crypto: algif_rng - Remove obsolete const-removal cast 2015-04-22 09:30:21 +08:00
algif_skcipher.c crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t 2018-03-03 10:24:29 +01:00
ansi_cprng.c crypto: ansi_cprng - Convert to new rng interface 2015-04-22 09:30:18 +08:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c sched/headers: Prepare to move signal wakeup & sigpending methods from <linux/sched.h> into <linux/sched/signal.h> 2017-03-02 08:42:32 +01:00
arc4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
authenc.c crypto: skcipher - Get rid of crypto_spawn_skcipher2() 2016-11-01 08:37:17 +08:00
authencesn.c crypto: authencesn - Fix digest_null crash 2017-07-18 17:01:11 +08:00
blkcipher.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
blowfish_common.c crypto: blowfish - split generic and common c code 2011-09-22 21:25:25 +10:00
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c crypto: cbc - Propagate NEED_FALLBACK bit 2017-03-09 18:34:39 +08:00
ccm.c crypto: ccm - preserve the IV buffer 2017-11-03 21:35:35 +08:00
chacha20_generic.c crypto: chacha20 - fix handling of chunked input 2017-08-22 14:45:47 +08:00
chacha20poly1305.c crypto: chacha20poly1305 - validate the digest size 2018-01-10 09:31:18 +01:00
cipher.c crypto: api - Remove no-op exit_ops code 2016-10-21 11:03:42 +08:00
cmac.c crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic 2017-02-11 17:52:28 +08:00
compress.c crypto: api - Remove no-op exit_ops code 2016-10-21 11:03:42 +08:00
crc32_generic.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
crc32c_generic.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: squash lines for simple wrapper functions 2016-09-13 20:27:26 +08:00
cryptd.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
crypto_engine.c crypto: engine - replace pr_xxx by dev_xxx 2017-06-19 14:19:54 +08:00
crypto_null.c crypto: null - Remove default null blkcipher 2016-07-18 17:35:44 +08:00
crypto_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
cts.c crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic 2017-02-11 17:52:28 +08:00
deflate.c crypto: scomp - add support for deflate rfc1950 (zlib) 2017-04-24 18:11:08 +08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
dh.c crypto: dh - Fix double free of ctx->p 2017-11-21 09:49:20 +01:00
dh_helper.c crypto: dh - Don't permit 'key' or 'g' size longer than 'p' 2017-11-21 09:49:21 +01:00
drbg.c crypto: drbg - set freed buffers to NULL 2018-05-01 12:58:23 -07:00
ecb.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ecc.c crypto: ecc - Fix NULL pointer deref. on no default_rng 2018-03-19 08:42:49 +01:00
ecc.h crypto: ecdh - add privkey generation support 2017-06-10 12:04:35 +08:00
ecc_curve_defs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ecdh.c crypto: ecdh - fix concurrency on shared secret and pubkey 2017-08-03 13:47:22 +08:00
ecdh_helper.c crypto: kpp, (ec)dh - fix typos 2017-06-10 12:04:25 +08:00
echainiv.c crypto: echainiv - Replace chaining with multiplication 2016-09-13 18:44:57 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
gcm.c crypto: gcm - wait for crypto op not signal safe 2017-05-23 12:45:11 +08:00
gf128mul.c crypto: gf128mul - define gf128mul_x_* in gf128mul.h 2017-04-05 21:58:35 +08:00
ghash-generic.c crypto: ghash-generic - move common definitions to a new header file 2016-10-02 22:26:40 +08:00
hash_info.c keys, trusted: select hash algorithm for TPM2 chips 2015-12-20 15:27:12 +02:00
hmac.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2017-12-20 10:10:17 +01:00
internal.h crypto: api - Remove no-op exit_ops code 2016-10-21 11:03:42 +08:00
jitterentropy-kcapi.c crypto: jitterentropy - drop duplicate header module.h 2016-11-17 23:34:52 +08:00
jitterentropy.c crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" 2015-06-25 23:18:33 +08:00
keywrap.c crypto: keywrap - memzero the correct memory 2016-02-01 22:27:05 +08:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
kpp.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
lrw.c crypto: lrw - Free rctx->ext with kzfree 2018-04-08 14:26:31 +02:00
lz4.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lz4hc.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lzo.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
mcryptd.c crypto: hash - annotate algorithms taking optional key 2018-02-16 20:23:00 +01:00
md4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
md5.c md5: remove from lib and only live in crypto 2017-03-24 22:02:56 +08:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
pcbc.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
pcrypt.c crypto: pcrypt - fix freeing pcrypt instances 2018-01-10 09:31:18 +01:00
poly1305_generic.c crypto: poly1305 - remove ->setkey() method 2018-02-16 20:23:00 +01:00
proc.c crypto: fips - Move fips_enabled sysctl into fips.c 2015-04-23 14:18:09 +08:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rng.c crypto: rng - ensure that the RNG is ready before using 2017-07-28 17:56:00 +08:00
rsa-pkcs1pad.c crypto: rsa-pkcs1pad - use constant time memory comparison for MACs 2017-06-20 11:21:19 +08:00
rsa.c crypto: rsa - comply with crypto_akcipher_maxsize() 2017-06-10 12:04:30 +08:00
rsa_helper.c crypto: rsa - fix buffer overread when stripping leading zeroes 2017-12-20 10:10:17 +01:00
rsaprivkey.asn1 crypto: rsa - Store rest of the private key components 2016-07-05 23:05:26 +08:00
rsapubkey.asn1 crypto: akcipher - Changes to asymmetric key API 2015-10-14 22:23:16 +08:00
salsa20_generic.c crypto: salsa20 - fix blkcipher_walk API usage 2017-12-20 10:10:17 +01:00
scatterwalk.c crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy 2016-11-22 15:02:25 +08:00
scompress.c crypto: scompress - defer allocation of scratch buffer to first use 2017-08-03 13:52:44 +08:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic 2017-02-11 17:52:28 +08:00
serpent_generic.c crypto: serpent - improve __serpent_setkey with UBSAN 2017-08-09 20:17:54 +08:00
sha1_generic.c crypto: hash - add zero length message hash for shax and md5 2015-12-22 20:43:35 +08:00
sha3_generic.c crypto: sha3-generic - fixes for alignment and big endian operation 2018-02-03 17:38:51 +01:00
sha256_generic.c crypto: hash - add zero length message hash for shax and md5 2015-12-22 20:43:35 +08:00
sha512_generic.c crypto: sha512-generic - move to generic glue implementation 2015-04-10 21:39:41 +08:00
shash.c crypto: hash - prevent using keyed hashes without setting key 2018-02-16 20:23:00 +01:00
simd.c crypto: simd - Add simd skcipher helper 2016-11-28 21:23:18 +08:00
skcipher.c crypto: skcipher - set walk.iv for zero-length inputs 2017-12-29 17:53:45 +01:00
tcrypt.c crypto: tcrypt - fix S/G table for test_aead_speed() 2018-02-13 10:19:49 +01:00
tcrypt.h crypto: tcrypt - Add ChaCha20/Poly1305 speed tests 2015-07-17 21:20:20 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - Reenable sha1/aes in FIPS mode 2017-06-28 22:18:58 +08:00
testmgr.h crypto: testmgr - Fix incorrect values in PKCS#1 test vector 2018-04-08 14:26:31 +02:00
tgr192.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
twofish_common.c crypto: twofish-x86_64-3way - add lrw support 2011-11-09 11:53:32 +08:00
twofish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
vmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
wp512.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
xcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
xor.c kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK 2018-02-22 15:42:23 +01:00
xts.c crypto: xts - Fix an error handling path in 'create()' 2017-10-07 12:04:31 +08:00