system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-16 00:10:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/crypto
History
Eric Biggers b7b73cd5d7 crypto: x86/salsa20 - remove x86 salsa20 implementations 
The x86 assembly implementations of Salsa20 use the frame base pointer
register (%ebp or %rbp), which breaks frame pointer convention and
breaks stack traces when unwinding from an interrupt in the crypto code.
Recent (v4.10+) kernels will warn about this, e.g.

WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has bad 'bp' value 000000001077994c
[...]

But after looking into it, I believe there's very little reason to still
retain the x86 Salsa20 code.  First, these are *not* vectorized
(SSE2/SSSE3/AVX2) implementations, which would be needed to get anywhere
close to the best Salsa20 performance on any remotely modern x86
processor; they're just regular x86 assembly.  Second, it's still
unclear that anyone is actually using the kernel's Salsa20 at all,
especially given that now ChaCha20 is supported too, and with much more
efficient SSSE3 and AVX2 implementations.  Finally, in benchmarks I did
on both Intel and AMD processors with both gcc 8.1.0 and gcc 4.9.4, the
x86_64 salsa20-asm is actually slightly *slower* than salsa20-generic
(~3% slower on Skylake, ~10% slower on Zen), while the i686 salsa20-asm
is only slightly faster than salsa20-generic (~15% faster on Skylake,
~20% faster on Zen).  The gcc version made little difference.

So, the x86_64 salsa20-asm is pretty clearly useless.  That leaves just
the i686 salsa20-asm, which based on my tests provides a 15-20% speed
boost.  But that's without updating the code to not use %ebp.  And given
the maintenance cost, the small speed difference vs. salsa20-generic,
the fact that few people still use i686 kernels, the doubt that anyone
is even using the kernel's Salsa20 at all, and the fact that a SSE2
implementation would almost certainly be much faster on any remotely
modern x86 processor yet no one has cared enough to add one yet, I don't
think it's worthwhile to keep.

Thus, just remove both the x86_64 and i686 salsa20-asm implementations.

Reported-by: syzbot+ffa3a158337bbc01ff09@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-31 00:13:57 +08:00
..
asymmetric_keys kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
async_tx License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
842.c
ablkcipher.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
acompress.c crypto: acomp - allow registration of multiple acomps 2017-04-21 20:30:50 +08:00
aead.c crypto: aead - prevent using AEADs without setting key 2018-01-12 23:03:39 +11:00
aegis.h crypto: aegis - Add generic AEGIS AEAD implementations 2018-05-19 00:13:58 +08:00
aegis128.c crypto: aegis - Add generic AEGIS AEAD implementations 2018-05-19 00:13:58 +08:00
aegis128l.c crypto: aegis - Add generic AEGIS AEAD implementations 2018-05-19 00:13:58 +08:00
aegis256.c crypto: aegis - Add generic AEGIS AEAD implementations 2018-05-19 00:13:58 +08:00
aes_generic.c crypto: aes-generic - drop alignment requirement 2017-02-11 17:50:43 +08:00
aes_ti.c crypto: aes_ti - fix comment for MixColumns step 2017-06-19 14:11:53 +08:00
af_alg.c crypto: af_alg - fix possible uninit-value in alg_bind() 2018-04-07 22:32:31 -04:00
ahash.c crypto: ahash - Fix early termination in hash walk 2018-03-31 01:34:19 +08:00
akcipher.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
algapi.c crypto: api - laying defines and checks for statically allocated buffers 2018-04-21 00:58:32 +08:00
algboss.c crypto: algboss - remove redundant setting of len to zero 2017-10-07 12:10:34 +08:00
algif_aead.c crypto: aead - prevent using AEADs without setting key 2018-01-12 23:03:39 +11:00
algif_hash.c crypto: hash - prevent using keyed hashes without setting key 2018-01-12 23:03:37 +11:00
algif_rng.c
algif_skcipher.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-31 14:22:45 -08:00
ansi_cprng.c
anubis.c
api.c crypto: api - fix finding algorithm currently being tested 2018-04-21 00:24:02 +08:00
arc4.c
authenc.c crypto: authenc - don't leak pointers to authenc keys 2018-04-21 00:58:30 +08:00
authencesn.c crypto: authencesn - don't leak pointers to authenc keys 2018-04-21 00:58:30 +08:00
blkcipher.c crypto: remove unused hardirq.h 2017-11-29 17:33:29 +11:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast5_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast6_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
cast_common.c
cbc.c crypto: cbc - Propagate NEED_FALLBACK bit 2017-03-09 18:34:39 +08:00
ccm.c crypto: ccm - preserve the IV buffer 2017-11-03 21:35:35 +08:00
cfb.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
chacha20_generic.c crypto: chacha20 - Fix keystream alignment for chacha20_block() 2017-11-29 17:33:33 +11:00
chacha20poly1305.c crypto: chacha20poly1305 - validate the digest size 2017-12-22 19:02:33 +11:00
cipher.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
cmac.c crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic 2017-02-11 17:52:28 +08:00
compress.c
crc32_generic.c crypto: crc32-generic - remove __crc32_le() 2018-05-27 00:12:09 +08:00
crc32c_generic.c crypto: crc32c-generic - remove cra_alignmask 2018-05-27 00:12:08 +08:00
crct10dif_common.c
crct10dif_generic.c
cryptd.c crypto: hash - annotate algorithms taking optional key 2018-01-12 23:03:35 +11:00
crypto_engine.c crypto: engine - Permit to enqueue all async requests 2018-02-15 23:26:50 +08:00
crypto_null.c
crypto_user.c crypto: user - Replace GFP_ATOMIC with GFP_KERNEL in crypto_report 2018-02-15 23:26:47 +08:00
crypto_wq.c
ctr.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
cts.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
deflate.c crypto: scomp - add support for deflate rfc1950 (zlib) 2017-04-24 18:11:08 +08:00
des_generic.c
dh.c crypto: dh - Remove pointless checks for NULL 'p' and 'g' 2017-11-10 19:20:22 +08:00
dh_helper.c crypto: dh - Don't permit 'key' or 'g' size longer than 'p' 2017-11-10 19:20:17 +08:00
drbg.c crypto: drbg - set freed buffers to NULL 2018-04-21 00:57:00 +08:00
ecb.c
ecc.c crypto: ecc - Actually remove stack VLA usage 2018-04-21 00:58:29 +08:00
ecc.h crypto: ecc - Actually remove stack VLA usage 2018-04-21 00:58:29 +08:00
ecc_curve_defs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ecdh.c crypto: ecc - Actually remove stack VLA usage 2018-04-21 00:58:29 +08:00
ecdh_helper.c crypto: ecdh - return unsigned value for crypto_ecdh_key_len() 2017-10-12 22:55:00 +08:00
echainiv.c crypto: echainiv - Remove unused alg/spawn variable 2017-12-22 19:52:45 +11:00
fcrypt.c
fips.c
gcm.c crypto: null - Get rid of crypto_{get,put}_default_null_skcipher2() 2017-12-22 19:29:08 +11:00
gf128mul.c crypto: gf128mul - remove incorrect comment 2017-12-22 19:52:40 +11:00
ghash-generic.c crypto: ghash - remove checks for key being set 2018-01-12 23:03:38 +11:00
hash_info.c
hmac.c crypto: hmac - require that the underlying hash algorithm is unkeyed 2017-11-29 13:39:15 +11:00
internal.h crypto: api - Make crypto_alg_lookup static 2018-03-31 01:32:58 +08:00
jitterentropy-kcapi.c
jitterentropy.c
Kconfig crypto: x86/salsa20 - remove x86 salsa20 implementations 2018-05-31 00:13:57 +08:00
keywrap.c crypto: keywrap - Add missing ULL suffixes for 64-bit constants 2017-11-29 17:33:26 +11:00
khazad.c
kpp.c crypto: Replaced gcc specific attributes with macros from compiler.h 2017-01-13 00:24:39 +08:00
lrw.c crypto: lrw - Free rctx->ext with kzfree 2018-03-31 01:33:10 +08:00
lz4.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lz4hc.c crypto: lz4 - fixed decompress function to return error code 2017-04-10 19:17:27 +08:00
lzo.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
Makefile crypto: morus - Mark MORUS SIMD glue as x86-specific 2018-05-31 00:13:41 +08:00
mcryptd.c crypto: mcryptd - remove pointless wrapper functions 2018-02-15 23:26:45 +08:00
md4.c crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() 2018-03-31 01:33:09 +08:00
md5.c crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() 2018-03-31 01:33:09 +08:00
memneq.c
michael_mic.c
morus640.c crypto: morus - Add generic MORUS AEAD implementations 2018-05-19 00:15:00 +08:00
morus1280.c crypto: morus - Add generic MORUS AEAD implementations 2018-05-19 00:15:00 +08:00
pcbc.c crypto: remove several VLAs 2018-04-21 00:58:34 +08:00
pcrypt.c crypto: pcrypt - fix freeing pcrypt instances 2017-12-22 19:02:47 +11:00
poly1305_generic.c crypto: poly1305 - remove ->setkey() method 2018-01-12 23:03:14 +11:00
proc.c crypto: algapi - convert cra_refcnt to refcount_t 2018-01-05 18:43:09 +11:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd160.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd256.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rmd320.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
rng.c crypto: rng - ensure that the RNG is ready before using 2017-07-28 17:56:00 +08:00
rsa-pkcs1pad.c crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete 2018-02-15 23:26:47 +08:00
rsa.c crypto: rsa - Remove unneeded error assignment 2018-04-21 00:58:37 +08:00
rsa_helper.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c crypto: salsa20 - export generic helpers 2018-01-12 23:03:42 +11:00
scatterwalk.c
scompress.c crypto: scompress - use sgl_alloc() and sgl_free() 2018-01-06 09:18:00 -07:00
seed.c
seqiv.c crypto: seqiv - Remove unused alg/spawn variable 2017-12-22 19:52:45 +11:00
serpent_generic.c crypto: serpent - improve __serpent_setkey with UBSAN 2017-08-09 20:17:54 +08:00
sha1_generic.c
sha3_generic.c mn10300: Remove the architecture 2018-03-09 23:19:56 +01:00
sha256_generic.c
sha512_generic.c
shash.c crypto: hash - prevent using keyed hashes without setting key 2018-01-12 23:03:37 +11:00
simd.c crypto: simd - allow registering multiple algorithms at once 2018-03-03 00:03:17 +08:00
skcipher.c crypto: skcipher - prevent using skciphers without setting key 2018-01-12 23:03:39 +11:00
sm3_generic.c crypto: sm3 - add OSCCA SM3 secure hash 2017-09-22 17:43:07 +08:00
sm4_generic.c crypto: sm4 - export encrypt/decrypt routines to other drivers 2018-05-05 14:52:51 +08:00
speck.c crypto: speck - export common helpers 2018-02-22 22:16:54 +08:00
tcrypt.c crypto: testmgr - remove bfin_crc "hmac(crc32)" test vectors 2018-05-27 00:12:10 +08:00
tcrypt.h
tea.c
testmgr.c crypto: testmgr - eliminate redundant decryption test vectors 2018-05-31 00:13:39 +08:00
testmgr.h crypto: testmgr - eliminate redundant decryption test vectors 2018-05-31 00:13:39 +08:00
tgr192.c
twofish_common.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
twofish_generic.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
vmac.c
wp512.c
xcbc.c crypto: replace FSF address with web source in license notices 2017-11-29 17:33:25 +11:00
xor.c kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK 2017-11-15 18:21:04 -08:00
xts.c crypto: xts - remove xts_crypt() 2018-03-03 00:03:33 +08:00
zstd.c crypto: zstd - Add zstd support 2018-04-21 00:58:30 +08:00