• Eric Biggers's avatar
    crypto: x86/twofish-3way - Fix %rbp usage · eda4a836
    Eric Biggers authored
    commit d8c7fe9f upstream.
    
    Using %rbp as a temporary register breaks frame pointer convention and
    breaks stack traces when unwinding from an interrupt in the crypto code.
    
    In twofish-3way, we can't simply replace %rbp with another register
    because there are none available.  Instead, we use the stack to hold the
    values that %rbp, %r11, and %r12 were holding previously.  Each of these
    values represents the half of the output from the previous Feistel round
    that is being passed on unchanged to the following round.  They are only
    used once per round, when they are exchanged with %rax, %rbx, and %rcx.
    
    As a result, we free up 3 registers (one per block) and can reassign
    them so that %rbp is not used, and additionally %r14 and %r15 are not
    used so they do not need to be saved/restored.
    
    There may be a small overhead caused by replacing 'xchg REG, REG' with
    the needed sequence 'mov MEM, REG; mov REG, MEM; mov REG, REG' once per
    round.  But, counterintuitively, when I tested "ctr-twofish-3way" on a
    Haswell processor, the new version was actually about 2% faster.
    (Perhaps 'xchg' is not as well optimized as plain moves.)
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Reviewed-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    eda4a836
twofish-x86_64-asm_64-3way.S 7.06 KB