On Mon, Feb 04, 2019 at 12:26:26PM +0000, Horia Geanta wrote:
The root cause of the issue is cache line sharing.
struct crypto_gcm_req_priv_ctx { u8 iv[16]; u8 auth_tag[16]; [...] };
Since caam does not support ghash on i.MX6, only ctr skcipher part of the gcm is offloaded. The skcipher request received by caam has req->src pointing to auth_tag[16] (1st S/G entry) and req->iv pointing to iv[16]. caam driver: 1-DMA maps req->src 2-copies original req->iv to internal buffer 3-updates req->iv (scatterwalk_map_and_copy from last block in req->src) 4-sends job to crypto engine
Problem is that operation 3 above is writing iv[16], which is on the same cache line as auth_tag[16] that was previously DMA mapped.
I've checked that forcing auth_tag and iv to be on separate cache lines
u8 auth_tag[16];
u8 auth_tag[16] ____cacheline_aligned;
solves the issue.
OTOH, maybe the fix should be done in caam driver, by avoiding any writes (touching any data, even seemingly unrelated req->iv) after DMA mapping req->src, req->dst etc. Having req->iv and req->src sharing the same cache line is unfortunate.
Herbert, what do you think?
Well just like the other cases if your input is a kernel pointer you must not perform DMA on it. Only SG lists can be used for DMA.
So the IV needs to be copied on completion.
Thanks,