summaryrefslogtreecommitdiffstats
path: root/drivers/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* crypto: caam - fix copy of next buffer for xcbc and cmacIuliana Prodan2019-03-281-7/+6
| | | | | | | | | | | | | | | | | | | | Fix a side effect of adding xcbc support, when the next_buffer is not copied. The issue occurs, when there is stored from previous state a blocksize buffer and received, a less than blocksize, from user. In this case, the nents for req->src is 0, and the next_buffer is not copied. An example is: { .tap = { 17, 15, 8 }, .psize = 40, .np = 3, .ksize = 16, } Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* Merge branch 'linus' of ↵Linus Torvalds2019-03-136-28/+51
|\ | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes a bug in the newly added Exynos5433 AES code as well as an old one in the caam driver" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: caam - add missing put_device() call crypto: s5p-sss - fix AES support for Exynos5433
| * crypto: caam - add missing put_device() callWen Yang2019-03-075-27/+50
| | | | | | | | | | | | | | | | | | | | | | The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. Fixes: 35af64038623 ("crypto: caam - Check for CAAM block presence before registering with crypto layer") Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms") Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Wen Yang <yellowriver2010@hotmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: s5p-sss - fix AES support for Exynos5433Kamil Konieczny2019-03-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 0918f18c7179 ("crypto: s5p - add AES support for Exynos5433") introduced bug in dereferencing clk_names[1] on platforms different from Exynos5433. On Exynos board XU3 call trace is: "Unable to handle kernel paging request at virtual address 00004000" (strcmp) from [<c0774014>] (of_property_match_string+0x58/0xd0) ... (devm_clk_get) from [<c075c248>] (s5p_aes_probe+0xd4/0x4a0) (s5p_aes_probe) from [<c059dbc4>] (platform_drv_probe+0x6c/0xa4) Fix this by setting array clk_names size to 2. Fixes: 0918f18c7179 ("crypto: s5p - add AES support for Exynos5433") Reported-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com> Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Tested-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | Merge branch 'linus' of ↵Linus Torvalds2019-03-0588-929/+1153
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto update from Herbert Xu: "API: - Add helper for simple skcipher modes. - Add helper to register multiple templates. - Set CRYPTO_TFM_NEED_KEY when setkey fails. - Require neither or both of export/import in shash. - AEAD decryption test vectors are now generated from encryption ones. - New option CONFIG_CRYPTO_MANAGER_EXTRA_TESTS that includes random fuzzing. Algorithms: - Conversions to skcipher and helper for many templates. - Add more test vectors for nhpoly1305 and adiantum. Drivers: - Add crypto4xx prng support. - Add xcbc/cmac/ecb support in caam. - Add AES support for Exynos5433 in s5p. - Remove sha384/sha512 from artpec7 as hardware cannot do partial hash" [ There is a merge of the Freescale SoC tree in order to pull in changes required by patches to the caam/qi2 driver. ] * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (174 commits) crypto: s5p - add AES support for Exynos5433 dt-bindings: crypto: document Exynos5433 SlimSSS crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name crypto: af_alg - use struct_size() in sock_kfree_s() crypto: caam - remove redundant likely/unlikely annotation crypto: s5p - update iv after AES-CBC op end crypto: x86/poly1305 - Clear key material from stack in SSE2 variant crypto: caam - generate hash keys in-place crypto: caam - fix DMA mapping xcbc key twice crypto: caam - fix hash context DMA unmap size hwrng: bcm2835 - fix probe as platform device crypto: s5p-sss - Use AES_BLOCK_SIZE define instead of number crypto: stm32 - drop pointless static qualifier in stm32_hash_remove() crypto: chelsio - Fixed Traffic Stall crypto: marvell - Remove set but not used variable 'ivsize' crypto: ccp - Update driver messages to remove some confusion crypto: adiantum - add 1536 and 4096-byte test vectors crypto: nhpoly1305 - add a test vector with len % 16 != 0 crypto: arm/aes-ce - update IV after partial final CTR block ...
| * crypto: s5p - add AES support for Exynos5433Kamil Konieczny2019-02-281-4/+46
| | | | | | | | | | | | | | | | Add AES crypto HW acceleration for Exynos5433, with the help of SlimSSS IP. Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: crypto4xx - add missing of_node_put after of_device_is_availableJulia Lawall2019-02-281-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an of_node_put when a tested device node is not available. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // <smpl> @@ identifier f; local idexpression e; expression x; @@ e = f(...); ... when != of_node_put(e) when != x = e when != e = x when any if (<+...of_device_is_available(e)...+>) { ... when != of_node_put(e) ( return e; | + of_node_put(e); return ...; ) } // </smpl> Fixes: 5343e674f32fb ("crypto4xx: integrate ppc4xx-rng into crypto4xx") Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: cavium/zip - fix collision with generic cra_driver_nameEric Biggers2019-02-281-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cavium/zip implementation of the deflate compression algorithm is incorrectly being registered under the generic driver name, which prevents the generic implementation from being registered with the crypto API when CONFIG_CRYPTO_DEV_CAVIUM_ZIP=y. Similarly the lzs algorithm (which does not currently have a generic implementation...) is incorrectly being registered as lzs-generic. Fix the naming collision by adding a suffix "-cavium" to the cra_driver_name of the cavium/zip algorithms. Fixes: 640035a2dc55 ("crypto: zip - Add ThunderX ZIP driver core") Cc: Mahipal Challa <mahipalreddy2006@gmail.com> Cc: Jan Glauber <jglauber@cavium.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam - remove redundant likely/unlikely annotationChengguang Xu2019-02-282-5/+5
| | | | | | | | | | | | | | | | | | unlikely has already included in IS_ERR(), so just remove redundant likely/unlikely annotation. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: s5p - update iv after AES-CBC op endKamil Konieczny2019-02-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | Fix bug "s5p-sss crypto driver doesn't set next AES-CBC IV". While at this, fix also AES-CTR mode. Tested on Odroid U3 with Eric Biggers branch "iv-out-testing". Signed-off-by: Kamil Konieczny <k.konieczny@partner.samsung.com> Reported-by: Eric Biggers <ebiggers@kernel.org> Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam - generate hash keys in-placeHoria Geantă2019-02-282-47/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | When generating a split key or hashing the key, DMA mapping the key buffers coming directly from user is incorrect, since they are not guaranteed to be DMAable. Update driver to first copy user-provided key in the output buffer ("key_out") and then use this buffer for in-place computation (split key generation, respectively key hashing). Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam - fix DMA mapping xcbc key twiceHoria Geantă2019-02-281-2/+1
| | | | | | | | | | | | | | | | | | Fix a side effect of adding xcbc support, which leads to DMA mapping the key twice. Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam - fix hash context DMA unmap sizeFranck LENORMAND2019-02-281-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | When driver started using state->caam_ctxt for storing both running hash and final hash, it was not updated to handle different DMA unmap lengths. Cc: <stable@vger.kernel.org> # v4.19+ Fixes: c19650d6ea99 ("crypto: caam - fix DMA mapping of stack memory") Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: s5p-sss - Use AES_BLOCK_SIZE define instead of numberKrzysztof Kozlowski2019-02-281-2/+4
| | | | | | | | | | | | | | Replace hard coded AES block size with define. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: stm32 - drop pointless static qualifier in stm32_hash_remove()Mao Wenan2019-02-281-1/+1
| | | | | | | | | | | | | | | | There is no need to have the struct stm32_hash_dev *hdev static since new value always be assigned before use it. Signed-off-by: Mao Wenan <maowenan@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: chelsio - Fixed Traffic StallAtul Gupta2019-02-281-13/+20
| | | | | | | | | | | | | | | | | | | | Fixed Traffic Stall caused by - Subcommands except last should have more bit set - For esn case subcommand is required for linear skb only - Also Optimized is_eth_imm usage Signed-off-by: Atul Gupta <atul.gupta@chelsio.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: marvell - Remove set but not used variable 'ivsize'YueHaibing2019-02-281-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes gcc '-Wunused-but-set-variable' warning: drivers/crypto/marvell/cipher.c: In function 'mv_cesa_skcipher_dma_req_init': drivers/crypto/marvell/cipher.c:325:15: warning: variable 'ivsize' set but not used [-Wunused-but-set-variable] It's not used any more after 0c99620f0ac1 ("crypto: marvell - Use an unique pool to copy results of requests") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: ccp - Update driver messages to remove some confusionLendacky, Thomas2019-02-222-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current content of some of the driver messages and the way that they are issued results in some confusion, especially in the area of the PSP as it relates to SEV support. If SEV is not supported, a message is issued that says "psp initialization failed." This makes it seem like there was a problem, when in fact, the PSP support is just disabled if SEV is not supported. Update the driver to check SEV support a bit earlier and issue a debug- level message if SEV is not supported, followed by a debug-level message that the PSP is disabled. This way you will only see PSP messages if SEV is supported or if debug information is desired. Also, remove the overall "enabled" and "disabled" messages for the driver and rely on the CCP and PSP support to issue component-specific messages. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: rockchip - update new iv to device in multiple operationsZhang Zhijie2019-02-222-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | For chain mode in cipher(eg. AES-CBC/DES-CBC), the iv is continuously updated in the operation. The new iv value should be written to device register by software. Reported-by: Eric Biggers <ebiggers@google.com> Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") Cc: <stable@vger.kernel.org> # v4.5+ Signed-off-by: Zhang Zhijie <zhangzj@rock-chips.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: rockchip - fix scatterlist nents errorZhang Zhijie2019-02-224-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | In some cases, the nents of src scatterlist is different from dst scatterlist. So two variables are used to handle the nents of src&dst scatterlist. Reported-by: Eric Biggers <ebiggers@google.com> Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") Cc: <stable@vger.kernel.org> # v4.5+ Signed-off-by: Zhang Zhijie <zhangzj@rock-chips.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: ccree - fix missing break in switch statementGustavo A. R. Silva2019-02-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Add missing break statement in order to prevent the code from falling through to case S_DIN_to_DES. This bug was found thanks to the ongoing efforts to enable -Wimplicit-fallthrough. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam/qi2 - relax busy polling while enqueuing FDsHoria Geantă2019-02-221-0/+2
| | | | | | | | | | | | | | Add cpu_relax() in the loop that tries to enqueue the FDs. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam/qi2 - rate-limit enqueue failure printsHoria Geantă2019-02-221-1/+1
| | | | | | | | | | | | | | | | Avoid console being flooded with prints in case HW is too busy to accept new enqueue requests. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: caam/qi2 - use affine DPIOsHoria Geantă2019-02-222-23/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Driver was relying on an older DPIO API, which provided a CPU-affine DPIO in case it was called with preemption disabled. Since this is no longer the case, save the CPU-affine DPIO in per-cpu private structure during setup and further use it on the hot path. Note that preemption is no longer disabled while trying to enqueue an FD. Thus it might be possible to run the enqueue on a different CPU (due to migration, when in process context), however this wouldn't be a functionality issue. Since we allow for all cores to enqueue, we take care of data structures setup to handle the case when number of (Rx, Tx) queue pairs is smaller than number of cores. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * crypto: chtls - remove cdev_list_lockSebastian Andrzej Siewior2019-02-221-1/+0
| | | | | | | | | | | | | | | | | | | | | | Last user of cdev_list_lock was removed in commit 6422ccc5fbefb ("crypto/chelsio/chtls: listen fails with multiadapt") Cc: Atul Gupta <atul.gupta@chelsio.com> Cc: Harsh Jain <harsh@chelsio.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * Merge git://git.kernel.org/pub/scm/linux/kernel/git/leo/linux nextHerbert Xu2019-02-221-3/+3
| |\ | | | | | | | | | | | | Pull changes from Freescale SoC drivers tree that are required by subsequent caam/qi2 patches.
| | * soc: fsl: dpio: add a device_link at dpaa2_io_service_registerIoana Ciornei2019-01-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatically add a device link between the actual device requesting the dpaa2_io_service_register and the underlying dpaa2_io used. This link will ensure that when a DPIO device, which is indirectly used by other devices, is unbound any consumer devices will be also unbound from their drivers. For example, any DPNI, bound to the dpaa2-eth driver, which is using DPIO devices will be unbound before its supplier device. Also, add a new parameter to the dpaa2_io_service_[de]register functions to specify the requesting device (ie the consumer). Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Reviewed-by: Ioana Radulescu <ruxandra.radulescu@nxp.com> Signed-off-by: Li Yang <leoyang.li@nxp.com>
| * | crypto: caam - weak key checking for cbc des, 3desIuliana Prodan2019-02-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Modify setkey callback for cbc des and 3des to check for weak keys. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - add ecb(*) supportIuliana Prodan2019-02-154-49/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add ecb mode support for aes, des, 3des and arc4 ciphers. ecb(*) reuses existing skcipher implementation, updating it with support for no IV. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: export arc4 definesIuliana Prodan2019-02-151-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some arc4 cipher algorithm defines show up in two places: crypto/arc4.c and drivers/crypto/bcm/cipher.h. Let's export them in a common header and update their users. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - use mapped_{src,dst}_nents for job descriptorIuliana Prodan2019-02-151-7/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The mapped_{src,dst}_nents _returned_ from the dma_map_sg call (which could be less than src/dst_nents) have to be used to generate the aead, skcipher job descriptors. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: qat - Remove unused goto labelHerbert Xu2019-02-081-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | This patch removes an unused label. Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Fixes: f0fcf9ade46a ("crypto: qat - no need to check return...") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - fixed handling of sg listPankaj Gupta2019-02-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when the source sg contains more than 1 fragment and destination sg contains 1 fragment, the caam driver mishandle the buffers to be sent to caam. Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface") Cc: <stable@vger.kernel.org> # 4.2+ Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Arun Pathak <arun.pathak@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: ccp - fix the SEV probe in kexec boot pathSingh, Brijesh2019-02-081-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A kexec reboot may leave the firmware in INIT or WORKING state. Currently, we issue PLATFORM_INIT command during the probe without checking the current state. The PLATFORM_INIT command fails if the FW is already in INIT state. Lets check the current state, if FW is not in UNINIT state then transition it to UNINIT before initializing or upgrading the FW. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gary Hook <gary.hook@amd.com> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - fix DMA mapping of stack memoryHoria Geantă2019-02-011-64/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Roland reports the following issue and provides a root cause analysis: "On a v4.19 i.MX6 system with IMA and CONFIG_DMA_API_DEBUG enabled, a warning is generated when accessing files on a filesystem for which IMA measurement is enabled: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at kernel/dma/debug.c:1181 check_for_stack.part.9+0xd0/0x120 caam_jr 2101000.jr0: DMA-API: device driver maps memory from stack [addr=b668049e] Modules linked in: CPU: 0 PID: 1 Comm: switch_root Not tainted 4.19.0-20181214-1 #2 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) Backtrace: [<c010efb8>] (dump_backtrace) from [<c010f2d0>] (show_stack+0x20/0x24) [<c010f2b0>] (show_stack) from [<c08b04f4>] (dump_stack+0xa0/0xcc) [<c08b0454>] (dump_stack) from [<c012b610>] (__warn+0xf0/0x108) [<c012b520>] (__warn) from [<c012b680>] (warn_slowpath_fmt+0x58/0x74) [<c012b62c>] (warn_slowpath_fmt) from [<c0199acc>] (check_for_stack.part.9+0xd0/0x120) [<c01999fc>] (check_for_stack.part.9) from [<c019a040>] (debug_dma_map_page+0x144/0x174) [<c0199efc>] (debug_dma_map_page) from [<c065f7f4>] (ahash_final_ctx+0x5b4/0xcf0) [<c065f240>] (ahash_final_ctx) from [<c065b3c4>] (ahash_final+0x1c/0x20) [<c065b3a8>] (ahash_final) from [<c03fe278>] (crypto_ahash_op+0x38/0x80) [<c03fe240>] (crypto_ahash_op) from [<c03fe2e0>] (crypto_ahash_final+0x20/0x24) [<c03fe2c0>] (crypto_ahash_final) from [<c03f19a8>] (ima_calc_file_hash+0x29c/0xa40) [<c03f170c>] (ima_calc_file_hash) from [<c03f2b24>] (ima_collect_measurement+0x1dc/0x240) [<c03f2948>] (ima_collect_measurement) from [<c03f0a60>] (process_measurement+0x4c4/0x6b8) [<c03f059c>] (process_measurement) from [<c03f0cdc>] (ima_file_check+0x88/0xa4) [<c03f0c54>] (ima_file_check) from [<c02d8adc>] (path_openat+0x5d8/0x1364) [<c02d8504>] (path_openat) from [<c02dad24>] (do_filp_open+0x84/0xf0) [<c02daca0>] (do_filp_open) from [<c02cf50c>] (do_open_execat+0x84/0x1b0) [<c02cf488>] (do_open_execat) from [<c02d1058>] (__do_execve_file+0x43c/0x890) [<c02d0c1c>] (__do_execve_file) from [<c02d1770>] (sys_execve+0x44/0x4c) [<c02d172c>] (sys_execve) from [<c0101000>] (ret_fast_syscall+0x0/0x28) ---[ end trace 3455789a10e3aefd ]--- The cause is that the struct ahash_request *req is created as a stack-local variable up in the stack (presumably somewhere in the IMA implementation), then passed down into the CAAM driver, which tries to dma_single_map the req->result (indirectly via map_seq_out_ptr_result) in order to make that buffer available for the CAAM to store the result of the following hash operation. The calling code doesn't know how req will be used by the CAAM driver, and there could be other such occurrences where stack memory is passed down to the CAAM driver. Therefore we should rather fix this issue in the CAAM driver where the requirements are known." Fix this problem by: -instructing the crypto engine to write the final hash in state->caam_ctx -subsequently memcpy-ing the final hash into req->result Cc: <stable@vger.kernel.org> # v4.19+ Reported-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Tested-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: bcm - remove -I. header search path and unused macro defineMasahiro Yamada2019-02-011-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The header search path -I. in kernel Makefiles is very suspicious; it allows the compiler to search for headers in the top of $(srctree), where obviously no header file exists. 'git grep BCMDRIVER' has no hit. So, this macro is not referenced. I was able to build this driver without the extra compiler options. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: prefix header search paths with $(srctree)/Masahiro Yamada2019-02-018-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the Kbuild core manipulates header search paths in a crazy way [1]. To fix this mess, I want all Makefiles to add explicit $(srctree)/ to the search paths in the srctree. Some Makefiles are already written in that way, but not all. The goal of this work is to make the notation consistent, and finally get rid of the gross hacks. Having whitespaces after -I does not matter since commit 48f6e3cf5bc6 ("kbuild: do not drop -I without parameter"). [1]: https://patchwork.kernel.org/patch/9632347/ Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - move request unmap outside of the queue lockVincent Whitchurch2019-02-011-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | The request unmap and bounce buffer copying is currently unnecessarily done while holding the queue spin lock. Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Vincent Whitchurch <rabinv@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - use a constant time tag compareLars Persson2019-02-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Avoid plain memcmp() on the AEAD tag value as this could leak information through a timing side channel. Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - support variable AEAD tag lengthLars Persson2019-02-011-10/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | The implementation assumed that the client always wants the whole 16 byte AES-GCM tag. Now we respect the requested authentication tag size fetched using crypto_aead_authsize(). Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - give DMA the start of the status bufferLars Persson2019-02-011-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The driver was optimized to only do cache maintenance for the last word of the dma descriptor status array. Unfortunately an omission also passed the last word as the address of the array start to the DMA engine. In most cases this goes unnoticed since the hardware aligns the address to a 64 byte boundary. Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - fix for recursive locking from bottom halfLars Persson2019-02-011-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clients may submit a new requests from the completion callback context. The driver was not prepared to receive a request in this state because it already held the request queue lock and a recursive lock error is triggered. Now all completions are queued up until we are ready to drop the queue lock and then delivered. The fault was triggered by TCP over an IPsec connection in the LTP test suite: LTP: starting tcp4_ipsec02 (tcp_ipsec.sh -p ah -m transport -s "100 1000 65535") BUG: spinlock recursion on CPU#1, genload/943 lock: 0xbf3c3094, .magic: dead4ead, .owner: genload/943, .owner_cpu: 1 CPU: 1 PID: 943 Comm: genload Tainted: G O 4.9.62-axis5-devel #6 Hardware name: Axis ARTPEC-6 Platform (unwind_backtrace) from [<8010d134>] (show_stack+0x18/0x1c) (show_stack) from [<803a289c>] (dump_stack+0x84/0x98) (dump_stack) from [<8016e164>] (do_raw_spin_lock+0x124/0x128) (do_raw_spin_lock) from [<804de1a4>] (artpec6_crypto_submit+0x2c/0xa0) (artpec6_crypto_submit) from [<804def38>] (artpec6_crypto_prepare_submit_hash+0xd0/0x54c) (artpec6_crypto_prepare_submit_hash) from [<7f3165f0>] (ah_output+0x2a4/0x3dc [ah4]) (ah_output [ah4]) from [<805df9bc>] (xfrm_output_resume+0x178/0x4a4) (xfrm_output_resume) from [<805d283c>] (xfrm4_output+0xac/0xbc) (xfrm4_output) from [<80587928>] (ip_queue_xmit+0x140/0x3b4) (ip_queue_xmit) from [<805a13b4>] (tcp_transmit_skb+0x4c4/0x95c) (tcp_transmit_skb) from [<8059f218>] (tcp_rcv_state_process+0xdf4/0xdfc) (tcp_rcv_state_process) from [<805a7530>] (tcp_v4_do_rcv+0x64/0x1ac) (tcp_v4_do_rcv) from [<805a9724>] (tcp_v4_rcv+0xa34/0xb74) (tcp_v4_rcv) from [<80581d34>] (ip_local_deliver_finish+0x78/0x2b0) (ip_local_deliver_finish) from [<8058259c>] (ip_local_deliver+0xe4/0x104) (ip_local_deliver) from [<805d23ec>] (xfrm4_transport_finish+0xf4/0x144) (xfrm4_transport_finish) from [<805df564>] (xfrm_input+0x4f4/0x74c) (xfrm_input) from [<804de420>] (artpec6_crypto_task+0x208/0x38c) (artpec6_crypto_task) from [<801271b0>] (tasklet_action+0x60/0xec) (tasklet_action) from [<801266d4>] (__do_softirq+0xcc/0x3a4) (__do_softirq) from [<80126d20>] (irq_exit+0xf4/0x15c) (irq_exit) from [<801741e8>] (__handle_domain_irq+0x68/0xbc) (__handle_domain_irq) from [<801014f0>] (gic_handle_irq+0x50/0x94) (gic_handle_irq) from [<80657370>] (__irq_usr+0x50/0x80) Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - remove sha512 support for artpec7Lars Persson2019-02-011-117/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | The hardware cannot restore the context correctly when it operates in SHA512 mode. This is too restrictive when operating in a framework that can interleave multiple hash sessions. Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: axis - remove sha384 support for artpec7Lars Persson2019-02-011-105/+2
| | | | | | | | | | | | | | | | | | | | | | | | The hardware implementation of SHA384 was not correct and it cannot be used in any situation. Signed-off-by: Lars Persson <larper@axis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() argumentsCorentin Labbe2019-02-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When building without CONFIG_HW_RANDOM_PPC4XX, I hit the following build failure: drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_probe': drivers/crypto/amcc/crypto4xx_core.c:1407:20: error: passing argument 1 of 'ppc4xx_trng_probe' from incompatible pointer type [-Werror=incompatible-pointer-types] In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0: drivers/crypto/amcc/crypto4xx_trng.h:28:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *' drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_remove': drivers/crypto/amcc/crypto4xx_core.c:1434:21: error: passing argument 1 of 'ppc4xx_trng_remove' from incompatible pointer type [-Werror=incompatible-pointer-types] In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0: drivers/crypto/amcc/crypto4xx_trng.h:30:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *' This patch fix the needed argument of ppc4xx_trng_probe()/ppc4xx_trng_remove() in that case. Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_opYueHaibing2019-02-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a static code checker warning: drivers/crypto/chelsio/chcr_algo.c:3681 chcr_aead_op() warn: passing zero to 'PTR_ERR' Fixes: 2debd3325e55 ("crypto: chcr - Add AEAD algos.") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - fix indentation of goto labelRoland Hieber2019-02-011-1/+1
| | | | | | | | | | | | | | | Signed-off-by: Roland Hieber <rhi@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: caam - no need to check return value of debugfs_create functionsGreg Kroah-Hartman2019-02-012-16/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: "Horia Geantă" <horia.geanta@nxp.com> Cc: Aymen Sghaier <aymen.sghaier@nxp.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: ccp - no need to check return value of debugfs_create functionsGreg Kroah-Hartman2019-02-011-29/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gary Hook <gary.hook@amd.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
| * | crypto: cavium/nitrox - no need to check return value of debugfs_create ↵Greg Kroah-Hartman2019-02-013-28/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: Srikanth Jampala <Jampala.Srikanth@cavium.com> Cc: Yangtao Li <tiny.windzz@gmail.com> Cc: Gadam Sreerama <sgadam@cavium.com> Cc: Eric Biggers <ebiggers@google.com> Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>