Bug#813327: linux-image-3.16.0-4-amd64: cryptroot + VIA padlock fails with message from testmgr.c

[Ben Hutchings <ben@decadent.org.uk>]

On Wed, 2016-02-03 at 08:19 +0100, Carsten Wolff wrote:
> Hi Ben,
> 
> thanks for the quick answer.
> 
> On Sunday 31 January 2016 23:37:56 Ben Hutchings wrote:
> > That suggests a regression in the padlock-aes driver, although I don't
> > see any functional changes there.  As a workaround, you can blacklist
> > it by adding "blacklist=padlock-aes" to the kernel command line.
> 
> of course, but this machine is mainly serving files and running backups and 
> padlock really makes a difference in throughput.
> 
> > I wonder whether the compiler version makes a difference.  Does the
> > 3.16 kernel in the wheezy-backports suite behave any differently?
> 
> Unfortunatly, that wasn't it. The bp.o kernel shows the same symptoms. 
> Anything else I can try out or do to provide more info?

I found what seems to be a bug in the driver, but it was present in
both 3.2 and 3.16.  Please test whether the attached patch fixes this
issue, following the instructions at
<https://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s-common-official>.

Ben.

-- 
Ben Hutchings
It is a miracle that curiosity survives formal education. - Albert Einstein

From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 31 Jan 2016 22:48:01 +0100
Subject: padlock-aes: Fix check for whether cword has changed
Bug-Debian: https://bugs.debian.org/813327

The cword pointers passed to padlock_{reset_key,store,cword}() did not
match those actually used.

Compile-tested only.

Fixes: 420a4b20c504 ("crypto: padlock - Avoid resetting cword on ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/crypto/padlock-aes.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c
index 441e86b23571..73c2a3ffb7d5 100644
--- a/drivers/crypto/padlock-aes.c
+++ b/drivers/crypto/padlock-aes.c
@@ -312,11 +312,11 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	struct aes_ctx *ctx = aes_ctx(tfm);
 	int ts_state;
 
-	padlock_reset_key(&ctx->cword.encrypt);
+	padlock_reset_key(&ctx->cword.decrypt);
 	ts_state = irq_ts_save();
 	ecb_crypt(in, out, ctx->D, &ctx->cword.decrypt, 1);
 	irq_ts_restore(ts_state);
-	padlock_store_cword(&ctx->cword.encrypt);
+	padlock_store_cword(&ctx->cword.decrypt);
 }
 
 static struct crypto_alg aes_alg = {
@@ -392,7 +392,7 @@ static int ecb_aes_decrypt(struct blkcipher_desc *desc,
 	}
 	irq_ts_restore(ts_state);
 
-	padlock_store_cword(&ctx->cword.encrypt);
+	padlock_store_cword(&ctx->cword.decrypt);
 
 	return err;
 }
@@ -444,7 +444,7 @@ static int cbc_aes_encrypt(struct blkcipher_desc *desc,
 	}
 	irq_ts_restore(ts_state);
 
-	padlock_store_cword(&ctx->cword.decrypt);
+	padlock_store_cword(&ctx->cword.encrypt);
 
 	return err;
 }
@@ -458,7 +458,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
 	int err;
 	int ts_state;
 
-	padlock_reset_key(&ctx->cword.encrypt);
+	padlock_reset_key(&ctx->cword.decrypt);
 
 	blkcipher_walk_init(&walk, dst, src, nbytes);
 	err = blkcipher_walk_virt(desc, &walk);
@@ -474,7 +474,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
 
 	irq_ts_restore(ts_state);
 
-	padlock_store_cword(&ctx->cword.encrypt);
+	padlock_store_cword(&ctx->cword.decrypt);
 
 	return err;
 }

Attachment: signature.asc
Description: This is a digitally signed message part