1. Patchew
  2. linux
  3. View series

[PATCH] lib/crypto: aes: Fix missing MMU protection for AES S-box

Eric Biggers posted 1 patch 1 month ago 
lib/crypto/aes.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] lib/crypto: aes: Fix missing MMU protection for AES S-box
Posted by Eric Biggers 1 month ago 
__cacheline_aligned puts the data in the ".data..cacheline_aligned"
section, which isn't marked read-only i.e. it doesn't receive MMU
protection.  Replace it with ____cacheline_aligned which does the right
thing and just aligns the data while keeping it in ".rodata".

Fixes: b5e0b032b6c3 ("crypto: aes - add generic time invariant AES cipher")
Cc: stable@vger.kernel.org
Reported-by: Qingfang Deng <dqfext@gmail.com>
Closes: https://lore.kernel.org/r/20260105074712.498-1-dqfext@gmail.com/
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---

This patch is targeting libcrypto-fixes

 lib/crypto/aes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index b57fda3460f1..102aaa76bc8d 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -11,11 +11,11 @@
 
 /*
  * Emit the sbox as volatile const to prevent the compiler from doing
  * constant folding on sbox references involving fixed indexes.
  */
-static volatile const u8 __cacheline_aligned aes_sbox[] = {
+static volatile const u8 ____cacheline_aligned aes_sbox[] = {
 	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
 	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
 	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
 	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
 	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
@@ -46,11 +46,11 @@ static volatile const u8 __cacheline_aligned aes_sbox[] = {
 	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
 	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
 	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
 };
 
-static volatile const u8 __cacheline_aligned aes_inv_sbox[] = {
+static volatile const u8 ____cacheline_aligned aes_inv_sbox[] = {
 	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
 	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
 	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
 	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
 	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,

base-commit: fdfa4339e805276a458a5df9d6caf0b43ad4c439
-- 
2.52.0
Re: [PATCH] lib/crypto: aes: Fix missing MMU protection for AES S-box
Posted by Ard Biesheuvel 1 month ago 
On Wed, 7 Jan 2026 at 06:22, Eric Biggers <ebiggers@kernel.org> wrote:
>
> __cacheline_aligned puts the data in the ".data..cacheline_aligned"
> section, which isn't marked read-only i.e. it doesn't receive MMU
> protection.  Replace it with ____cacheline_aligned which does the right
> thing and just aligns the data while keeping it in ".rodata".
>
> Fixes: b5e0b032b6c3 ("crypto: aes - add generic time invariant AES cipher")
> Cc: stable@vger.kernel.org
> Reported-by: Qingfang Deng <dqfext@gmail.com>
> Closes: https://lore.kernel.org/r/20260105074712.498-1-dqfext@gmail.com/
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
>
> This patch is targeting libcrypto-fixes
>
>  lib/crypto/aes.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>

Oops

Acked-by: Ard Biesheuvel <ardb@kernel.org>

> diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
> index b57fda3460f1..102aaa76bc8d 100644
> --- a/lib/crypto/aes.c
> +++ b/lib/crypto/aes.c
> @@ -11,11 +11,11 @@
>
>  /*
>   * Emit the sbox as volatile const to prevent the compiler from doing
>   * constant folding on sbox references involving fixed indexes.
>   */
> -static volatile const u8 __cacheline_aligned aes_sbox[] = {
> +static volatile const u8 ____cacheline_aligned aes_sbox[] = {
>         0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
>         0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
>         0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
>         0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
>         0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
> @@ -46,11 +46,11 @@ static volatile const u8 __cacheline_aligned aes_sbox[] = {
>         0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
>         0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
>         0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
>  };
>
> -static volatile const u8 __cacheline_aligned aes_inv_sbox[] = {
> +static volatile const u8 ____cacheline_aligned aes_inv_sbox[] = {
>         0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
>         0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
>         0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
>         0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
>         0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
>
> base-commit: fdfa4339e805276a458a5df9d6caf0b43ad4c439
> --
> 2.52.0
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.