# git rev-parse -q --verify 678cce4019d746da6c680c48ba9e6d417803e127^{commit} # git fetch -q -n -f git://fs.ozlabs.ibm.com/kernel/crypto master # git rev-parse -q --verify 678cce4019d746da6c680c48ba9e6d417803e127^{commit} 678cce4019d746da6c680c48ba9e6d417803e127 # git checkout -q -f -B kisskb 678cce4019d746da6c680c48ba9e6d417803e127 # git clean -qxdf # < git log -1 # commit 678cce4019d746da6c680c48ba9e6d417803e127 # Author: Eric Biggers # Date: Sun Mar 31 13:04:11 2019 -0700 # # crypto: x86/poly1305 - fix overflow during partial reduction # # The x86_64 implementation of Poly1305 produces the wrong result on some # inputs because poly1305_4block_avx2() incorrectly assumes that when # partially reducing the accumulator, the bits carried from limb 'd4' to # limb 'h0' fit in a 32-bit integer. This is true for poly1305-generic # which processes only one block at a time. However, it's not true for # the AVX2 implementation, which processes 4 blocks at a time and # therefore can produce intermediate limbs about 4x larger. # # Fix it by making the relevant calculations use 64-bit arithmetic rather # than 32-bit. Note that most of the carries already used 64-bit # arithmetic, but the d4 -> h0 carry was different for some reason. # # To be safe I also made the same change to the corresponding SSE2 code, # though that only operates on 1 or 2 blocks at a time. I don't think # it's really needed for poly1305_block_sse2(), but it doesn't hurt # because it's already x86_64 code. It *might* be needed for # poly1305_2block_sse2(), but overflows aren't easy to reproduce there. # # This bug was originally detected by my patches that improve testmgr to # fuzz algorithms against their generic implementation. But also add a # test vector which reproduces it directly (in the AVX2 case). # # Fixes: b1ccc8f4b631 ("crypto: poly1305 - Add a four block AVX2 variant for x86_64") # Fixes: c70f4abef07a ("crypto: poly1305 - Add a SSE2 SIMD variant for x86_64") # Cc: # v4.3+ # Cc: Martin Willi # Cc: Jason A. Donenfeld # Signed-off-by: Eric Biggers # Reviewed-by: Martin Willi # Signed-off-by: Herbert Xu # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 678cce4019d746da6c680c48ba9e6d417803e127 # < make -s -j 120 ARCH=powerpc O=/kisskb/build/crypto_ppc64e_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- ppc64e_defconfig # make -s -j 120 ARCH=powerpc O=/kisskb/build/crypto_ppc64e_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- :1478:2: warning: #warning syscall io_uring_setup not implemented [-Wcpp] :1481:2: warning: #warning syscall io_uring_enter not implemented [-Wcpp] :1484:2: warning: #warning syscall io_uring_register not implemented [-Wcpp] /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:186:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/trace/trace_dynevent.c: In function 'create_dyn_event': /kisskb/src/kernel/trace/trace_dynevent.c:89:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:337:21: note: 'pdeo' was declared here /kisskb/src/fs/nfsd/nfs4xdr.c: In function 'nfsd4_encode_components_esc': /kisskb/src/fs/nfsd/nfs4xdr.c:2076:9: warning: 'str' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/udf/unicode.c: In function 'udf_name_conv_char': /kisskb/src/fs/udf/unicode.c:132:8: warning: 'c' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/bridge/br_netlink.c: In function 'br_afspec.isra.28': /kisskb/src/net/bridge/br_netlink.c:652:7: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:247:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:227:19: note: 'i' was declared here /kisskb/src/net/sunrpc/xprtsock.c: In function 'xs_read_stream.constprop.18': /kisskb/src/net/sunrpc/xprtsock.c:529:2: warning: 'read' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/sunrpc/xprtsock.c:498:15: note: 'read' was declared here /kisskb/src/net/sunrpc/xprtsock.c:529:2: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/sunrpc/xprtsock.c:499:10: note: 'ret' was declared here /kisskb/src/drivers/net/tun.c: In function 'tun_get_user': /kisskb/src/drivers/net/tun.c:1845:30: warning: 'copylen' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1755:46: warning: 'linear' may be used uninitialized in this function [-Wuninitialized] WARNING: vmlinux.o (.PPC.EMB.apuinfo): unexpected non-allocatable section. Did you forget to use "ax"/"aw" in a .S file? Note that for example contains section definitions for use in .S files. INFO: Uncompressed kernel (size 0xc5ab30) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xd00000) Image Name: Linux-5.0.0-g678cce4019d7 Created: Mon Apr 8 21:21:36 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5281425 Bytes = 5157.64 KiB = 5.04 MiB Load Address: 00000000 Entry Point: 00000000 Completed OK # rm -rf /kisskb/build/crypto_ppc64e_defconfig_powerpc-gcc4.6 # Build took: 0:00:59.998706