crypto/arm64: aes-ce-gcm - add missing kernel_neon_begin/end pair

Calling pmull_gcm_encrypt_block() requires kernel_neon_begin() and
kernel_neon_end() to be used since the routine touches the NEON
register file. Add the missing calls.

Also, since NEON register contents are not preserved outside of
a kernel mode NEON region, pass the key schedule array again.

Fixes: 7c50136a8aba ("crypto: arm64/aes-ghash - yield NEON after every ...")
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>

diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c
index 7cf0b1aa6ea80bf6f87d45b85a349fb7a9e677e5..8a10f1d7199aed6ab88ded8d29ad5513df26a2cb 100644 (file)
--- a/arch/arm64/crypto/ghash-ce-glue.c
+++ b/arch/arm64/crypto/ghash-ce-glue.c
@@ -488,9 +488,13 @@ static int gcm_decrypt(struct aead_request *req)
                        err = skcipher_walk_done(&walk,
                                                 walk.nbytes % AES_BLOCK_SIZE);
                }
-               if (walk.nbytes)
-                       pmull_gcm_encrypt_block(iv, iv, NULL,
+               if (walk.nbytes) {
+                       kernel_neon_begin();
+                       pmull_gcm_encrypt_block(iv, iv, ctx->aes_key.key_enc,
                                                num_rounds(&ctx->aes_key));
+                       kernel_neon_end();
+               }
+
        } else {
                __aes_arm64_encrypt(ctx->aes_key.key_enc, tag, iv,
                                    num_rounds(&ctx->aes_key));