Tadeusz Struk [Wed, 11 May 2016 20:21:29 +0000 (13:21 -0700)]
crypto: qat - change the adf_ctl_stop_devices to void
Change the adf_ctl_stop_devices to a void function.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Catalin Vasile [Fri, 6 May 2016 13:18:53 +0000 (16:18 +0300)]
crypto: caam - fix caam_jr_alloc() ret code
caam_jr_alloc() used to return NULL if a JR device could not be
allocated for a session. In turn, every user of this function used
IS_ERR() function to verify if anything went wrong, which does NOT look
for NULL values. This made the kernel crash if the sanity check failed,
because the driver continued to think it had allocated a valid JR dev
instance to the session and at some point it tries to do a caam_jr_free()
on a NULL JR dev pointer.
This patch is a fix for this issue.
Cc: <stable@vger.kernel.org>
Signed-off-by: Catalin Vasile <cata.vasile@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Paulo Flabiano Smorigo [Thu, 5 May 2016 14:09:27 +0000 (11:09 -0300)]
crypto: vmx - comply with ABIs that specify vrsave as reserved.
It gives significant improvements ( ~+15%) on some modes.
These code has been adopted from OpenSSL project in collaboration
with the original author (Andy Polyakov <appro@openssl.org>).
Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Richard W.M. Jones [Tue, 3 May 2016 09:00:17 +0000 (10:00 +0100)]
crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime.
Running self-tests for a short-lived KVM VM takes 28ms on my laptop.
This commit adds a flag 'cryptomgr.notests' which allows them to be
disabled.
However if fips=1 as well, we ignore this flag as FIPS mode mandates
that the self-tests are run.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Julia Lawall [Sun, 1 May 2016 11:52:55 +0000 (13:52 +0200)]
crypto: ccp - constify ccp_actions structure
The ccp_actions structure is never modified, so declare it as const.
Done with the help of Coccinelle.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Gary Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Julia Lawall [Fri, 29 Apr 2016 20:09:11 +0000 (22:09 +0200)]
crypto: marvell/cesa - Use dma_pool_zalloc
Dma_pool_zalloc combines dma_pool_alloc and memset 0. The semantic patch
that makes this transformation is as follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression d,e;
statement S;
@@
d =
- dma_pool_alloc
+ dma_pool_zalloc
(...);
if (!d) S
- memset(d, 0, sizeof(*d));
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 29 Apr 2016 18:00:00 +0000 (11:00 -0700)]
crypto: qat - make adf_vf_isr.c dependant on IOV config
The adf_vf_isr.c should only be build if CONFIG_PCI_IOV is enabled
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 29 Apr 2016 17:59:59 +0000 (10:59 -0700)]
crypto: qat - Fix typo in comments
Fix copy and paste typo adf_isr.c
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor Ambarus [Fri, 29 Apr 2016 14:48:08 +0000 (17:48 +0300)]
lib: asn1_decoder - add MODULE_LICENSE("GPL")
A kernel taint results when loading the rsa_generic module:
root@(none):~# modprobe rsa_generic
asn1_decoder: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint
"Tainting" of the kernel is (usually) a way of indicating that
a proprietary module has been inserted, which is not the case here.
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Ujfalusi [Fri, 29 Apr 2016 13:03:41 +0000 (16:03 +0300)]
crypto: omap-sham - Use dma_request_chan() for requesting DMA channel
With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Ujfalusi [Fri, 29 Apr 2016 13:02:56 +0000 (16:02 +0300)]
crypto: omap-des - Use dma_request_chan() for requesting DMA channel
With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Ujfalusi [Fri, 29 Apr 2016 13:02:18 +0000 (16:02 +0300)]
crypto: omap-aes - Use dma_request_chan() for requesting DMA channel
With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Baolin Wang [Thu, 28 Apr 2016 06:11:51 +0000 (14:11 +0800)]
crypto: omap-des - Integrate with the crypto engine framework
Since the crypto engine framework had been merged, thus this patch integrates
with the newly added crypto engine framework to make the crypto hardware
engine under utilized as each block needs to be processed before the crypto
hardware can start working on the next block.
The crypto engine framework can manage and process the requests automatically,
so remove the 'queue' and 'queue_task' things in omap des driver.
Signed-off-by: Baolin <baolin.wang@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 3 May 2016 08:01:52 +0000 (16:01 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in the qat adf_init_pf_wq fix.
Tadeusz Struk [Fri, 29 Apr 2016 17:43:40 +0000 (10:43 -0700)]
crypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq
Fix undefined reference issue reported by kbuild test robot.
Cc: <stable@vger.kernel.org>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marek Szyprowski [Tue, 26 Apr 2016 07:29:26 +0000 (09:29 +0200)]
crypto: s5p-sss - fix incorrect usage of scatterlists api
sg_dma_len() macro can be used only on scattelists which are mapped, so
all calls to it before dma_map_sg() are invalid. Replace them by proper
check for direct sg segment length read.
Fixes:
a49e490c7a8a ("crypto: s5p-sss - add S5PV210 advanced crypto engine support")
Fixes:
9e4a1100a445 ("crypto: s5p-sss - Handle unaligned buffers")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Thu, 28 Apr 2016 01:13:03 +0000 (09:13 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Merge the crypto tree to pull in the qat adf_init_pf_wq change.
Tadeusz Struk [Mon, 25 Apr 2016 14:32:19 +0000 (07:32 -0700)]
crypto: qat - fix invalid pf2vf_resp_wq logic
The pf2vf_resp_wq is a global so it has to be created at init
and destroyed at exit, instead of per device.
Cc: <stable@vger.kernel.org>
Tested-by: Suresh Marikkannu <sureshx.marikkannu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Fri, 22 Apr 2016 12:15:23 +0000 (14:15 +0200)]
crypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks
The tcrypt testing module on Exynos5422-based Odroid XU3/4 board failed on
testing 8 kB size blocks:
$ sudo modprobe tcrypt sec=1 mode=500
testing speed of async ecb(aes) (ecb-aes-s5p) encryption
test 0 (128 bit key, 16 byte blocks): 21971 operations in 1 seconds (351536 bytes)
test 1 (128 bit key, 64 byte blocks): 21731 operations in 1 seconds (
1390784 bytes)
test 2 (128 bit key, 256 byte blocks): 21932 operations in 1 seconds (
5614592 bytes)
test 3 (128 bit key, 1024 byte blocks): 21685 operations in 1 seconds (
22205440 bytes)
test 4 (128 bit key, 8192 byte blocks):
This was caused by a race issue of missed BRDMA_DONE ("Block cipher
Receiving DMA") interrupt. Device starts processing the data in DMA mode
immediately after setting length of DMA block: receiving (FCBRDMAL) or
transmitting (FCBTDMAL). The driver sets these lengths from interrupt
handler through s5p_set_dma_indata() function (or xxx_setdata()).
However the interrupt handler was first dealing with receive buffer
(dma-unmap old, dma-map new, set receive block length which starts the
operation), then with transmit buffer and finally was clearing pending
interrupts (FCINTPEND). Because of the time window between setting
receive buffer length and clearing pending interrupts, the operation on
receive buffer could end already and driver would miss new interrupt.
User manual for Exynos5422 confirms in example code that setting DMA
block lengths should be the last operation.
The tcrypt hang could be also observed in following blocked-task dmesg:
INFO: task modprobe:258 blocked for more than 120 seconds.
Not tainted
4.6.0-rc4-next-20160419-00005-g9eac8b7b7753-dirty #42
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
modprobe D
c06b09d8 0 258 256 0x00000000
[<
c06b09d8>] (__schedule) from [<
c06b0f24>] (schedule+0x40/0xac)
[<
c06b0f24>] (schedule) from [<
c06b49f8>] (schedule_timeout+0x124/0x178)
[<
c06b49f8>] (schedule_timeout) from [<
c06b17fc>] (wait_for_common+0xb8/0x144)
[<
c06b17fc>] (wait_for_common) from [<
bf0013b8>] (test_acipher_speed+0x49c/0x740 [tcrypt])
[<
bf0013b8>] (test_acipher_speed [tcrypt]) from [<
bf003e8c>] (do_test+0x2240/0x30ec [tcrypt])
[<
bf003e8c>] (do_test [tcrypt]) from [<
bf008048>] (tcrypt_mod_init+0x48/0xa4 [tcrypt])
[<
bf008048>] (tcrypt_mod_init [tcrypt]) from [<
c010177c>] (do_one_initcall+0x3c/0x16c)
[<
c010177c>] (do_one_initcall) from [<
c0191ff0>] (do_init_module+0x5c/0x1ac)
[<
c0191ff0>] (do_init_module) from [<
c0185610>] (load_module+0x1a30/0x1d08)
[<
c0185610>] (load_module) from [<
c0185ab0>] (SyS_finit_module+0x8c/0x98)
[<
c0185ab0>] (SyS_finit_module) from [<
c01078c0>] (ret_fast_syscall+0x0/0x3c)
Fixes:
a49e490c7a8a ("crypto: s5p-sss - add S5PV210 advanced crypto engine support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Fri, 22 Apr 2016 12:15:22 +0000 (14:15 +0200)]
crypto: s5p-sss - Use common BIT macro
The BIT() macro is obvious and well known, so prefer to use it instead
of crafted own macro.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Fri, 22 Apr 2016 10:01:39 +0000 (13:01 +0300)]
crypto: mxc-scc - fix unwinding in mxc_scc_crypto_register()
There are two issues here:
1) We need to decrement "i" otherwise we unregister something that was
not successfully registered.
2) The original code did not unregister the first element in the array
where i is zero.
Fixes:
d293b640ebd5 ('crypto: mxc-scc - add basic driver for the MXC SCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Fri, 22 Apr 2016 09:56:31 +0000 (12:56 +0300)]
crypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init()
->src_nents and ->dst_nents are unsigned so they can't be less than
zero. I fixed this by introducing a temporary "nents" variable.
Fixes:
d293b640ebd5 ('crypto: mxc-scc - add basic driver for the MXC SCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geant? [Thu, 21 Apr 2016 16:24:55 +0000 (19:24 +0300)]
crypto: talitos - fix ahash algorithms registration
Provide hardware state import/export functionality, as mandated by
commit
8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
Cc: <stable@vger.kernel.org> # 4.3+
Reported-by: Jonas Eymann <J.Eymann@gmx.net>
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gary R Hook [Wed, 20 Apr 2016 14:55:12 +0000 (09:55 -0500)]
crypto: ccp - Ensure all dependencies are specified
A DMA_ENGINE requires DMADEVICES in Kconfig
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Romain Perier [Tue, 19 Apr 2016 15:09:20 +0000 (17:09 +0200)]
crypto: marvell/cesa - Improving code readability
When looking for available engines, the variable "engine" is
assigned to "&cesa->engines[i]" at the beginning of the for loop. Replacing
next occurences of "&cesa->engines[i]" by "engine" and in order to improve
readability.
Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 19 Apr 2016 13:44:12 +0000 (15:44 +0200)]
crypto: s5p-sss - Remove useless hash interrupt handler
Beside regular feed control interrupt, the driver requires also hash
interrupt for older SoCs (samsung,s5pv210-secss). However after
requesting it, the interrupt handler isn't doing anything with it, not
even clearing the hash interrupt bit.
Driver does not provide hash functions so it is safe to remove the hash
interrupt related code and to not require the interrupt in Device Tree.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 19 Apr 2016 13:44:11 +0000 (15:44 +0200)]
crypto: s5p-sss - Fix use after free of copied input buffer in error path
The driver makes copies of memory (input or output scatterlists) if they
are not aligned. In s5p_aes_crypt_start() error path (on unsuccessful
initialization of output scatterlist), if input scatterlist was not
aligned, the driver first freed copied input memory and then unmapped it
from the device, instead of doing otherwise (unmap and then free).
This was wrong in two ways:
1. Freed pages were still mapped to the device.
2. The dma_unmap_sg() iterated over freed scatterlist structure.
The call to s5p_free_sg_cpy() in this error path is not needed because
the copied scatterlists will be freed by s5p_aes_complete().
Fixes:
9e4a1100a445 ("crypto: s5p-sss - Handle unaligned buffers")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gary R Hook [Mon, 18 Apr 2016 14:21:44 +0000 (09:21 -0500)]
crypto: ccp - Register the CCP as a DMA resource
The CCP has the ability to provide DMA services to the
kernel using pass-through mode of the device. Register
these services as general purpose DMA channels.
Changes since v2:
- Add a Signed-off-by
Changes since v1:
- Allocate memory for a string in ccp_dmaengine_register
- Ensure register/unregister calls are properly ordered
- Verified all changed files are listed in the diffstat
- Undo some superfluous changes
- Added a cc:
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Christian Lamparter [Mon, 18 Apr 2016 10:57:41 +0000 (12:57 +0200)]
crypto4xx: integrate ppc4xx-rng into crypto4xx
This patch integrates the ppc4xx-rng driver into the existing
crypto4xx. This is because the true random number generator
is controlled and part of the security core.
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sat, 16 Apr 2016 07:01:09 +0000 (15:01 +0800)]
eCryptfs: Do not allocate hash tfm in NORECLAIM context
You cannot allocate crypto tfm objects in NORECLAIM or NOFS contexts.
The ecryptfs code currently does exactly that for the MD5 tfm.
This patch fixes it by preallocating the MD5 tfm in a safe context.
The MD5 tfm is also reentrant so this patch removes the superfluous
cs_hash_tfm_mutex.
Reported-by: Nicolas Boichat <drinkcat@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Horia Geant? [Tue, 19 Apr 2016 17:33:48 +0000 (20:33 +0300)]
crypto: talitos - fix AEAD tcrypt tests
After conversion to new AEAD interface, tcrypt tests fail as follows:
[...]
[ 1.145414] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-aes-talitos
[ 1.153564]
00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
[ 1.160041]
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1.166509]
00000020: 00 00 00 00
[...]
Fix them by providing the correct cipher in & cipher out pointers,
i.e. must skip over associated data in src and dst S/G.
While here, fix a problem with the HW S/G table index usage:
tbl_off must be updated after the pointer to the table entries is set.
Cc: <stable@vger.kernel.org> # 4.3+
Fixes:
aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
Reported-by: Jonas Eymann <J.Eymann@gmx.net>
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jonas Eymann [Tue, 19 Apr 2016 17:33:47 +0000 (20:33 +0300)]
crypto: talitos - fix crash in talitos_cra_init()
Conversion of talitos driver to the new AEAD interface
hasn't been properly tested.
AEAD algorithms crash in talitos_cra_init as follows:
[...]
[ 1.141095] talitos
ffe30000.crypto: hwrng
[ 1.145381] Unable to handle kernel paging request for data at address 0x00000058
[ 1.152913] Faulting instruction address: 0xc02accc0
[ 1.157910] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1.163315] SMP NR_CPUS=2 P1020 RDB
[ 1.166810] Modules linked in:
[ 1.169875] CPU: 0 PID: 1007 Comm: cryptomgr_test Not tainted 4.4.6 #1
[ 1.176415] task:
db5ec200 ti:
db4d6000 task.ti:
db4d6000
[ 1.181821] NIP:
c02accc0 LR:
c02acd18 CTR:
c02acd04
[ 1.186793] REGS:
db4d7d30 TRAP: 0300 Not tainted (4.4.6)
[ 1.192457] MSR:
00029000 <CE,EE,ME> CR:
95009359 XER:
e0000000
[ 1.198585] DEAR:
00000058 ESR:
00000000
GPR00:
c017bdc0 db4d7de0 db5ec200 df424b48 00000000 00000000 df424bfc db75a600
GPR08:
df424b48 00000000 db75a628 db4d6000 00000149 00000000 c0044cac db5acda0
GPR16:
00000000 00000000 00000000 00000000 00000000 00000000 00000400 df424940
GPR24:
df424900 00003083 00000400 c0180000 db75a640 c03e9f84 df424b40 df424b48
[ 1.230978] NIP [
c02accc0] talitos_cra_init+0x28/0x6c
[ 1.236039] LR [
c02acd18] talitos_cra_init_aead+0x14/0x28
[ 1.241443] Call Trace:
[ 1.243894] [
db4d7de0] [
c03e9f84] 0xc03e9f84 (unreliable)
[ 1.249322] [
db4d7df0] [
c017bdc0] crypto_create_tfm+0x5c/0xf0
[ 1.255083] [
db4d7e10] [
c017beec] crypto_alloc_tfm+0x98/0xf8
[ 1.260769] [
db4d7e40] [
c0186a20] alg_test_aead+0x28/0xc8
[ 1.266181] [
db4d7e60] [
c0186718] alg_test+0x260/0x2e0
[ 1.271333] [
db4d7ee0] [
c0183860] cryptomgr_test+0x30/0x54
[ 1.276843] [
db4d7ef0] [
c0044d80] kthread+0xd4/0xd8
[ 1.281741] [
db4d7f40] [
c000e4a4] ret_from_kernel_thread+0x5c/0x64
[ 1.287930] Instruction dump:
[ 1.290902]
38600000 4e800020 81230028 7c681b78 81490010 38e9ffc0 3929ffe8 554a073e
[ 1.298691]
2b8a000a 7d474f9e 812a0008 91230030 <
80e90058>
39270060 7c0004ac 7cc04828
Cc: <stable@vger.kernel.org> # 4.3+
Fixes:
aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
Signed-off-by: Jonas Eymann <J.Eymann@gmx.net>
Fix typo - replaced parameter of __crypto_ahash_alg(): s/tfm/alg
Remove checkpatch warnings.
Add commit message.
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 15 Apr 2016 17:54:07 +0000 (10:54 -0700)]
crypto: qat - fix section mismatch warning
Fix Section mismatch warinig in adf_exit_vf_wq()
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 15 Apr 2016 17:38:00 +0000 (10:38 -0700)]
crypto: qat - interrupts need to be enabled when VFs are disabled
IRQs need to be enabled when VFs go down in case some VF to PF
comms happens.
Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 15 Apr 2016 17:37:59 +0000 (10:37 -0700)]
crypto: qat - check if PF is running
Before VF sends a signal to PF it should check if PF
is still running.
Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 15 Apr 2016 17:37:58 +0000 (10:37 -0700)]
crypto: qat - move vf2pf_init and vf2pf_exit to common
The vf2pf_init and vf2pf_exit are exactly the same for all VFs
so move them to common and reuse.
Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Michal Hocko [Thu, 14 Apr 2016 08:51:42 +0000 (10:51 +0200)]
crypto: lzo - get rid of superfluous __GFP_REPEAT
__GFP_REPEAT has a rather weak semantic but since it has been introduced
around 2.6.12 it has been ignored for low order allocations.
lzo_init uses __GFP_REPEAT to allocate LZO1X_MEM_COMPRESS 16K. This is
order 3 allocation request and __GFP_REPEAT is ignored for this size
as well as all <= PAGE_ALLOC_COSTLY requests.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kefeng Wang [Wed, 13 Apr 2016 10:11:28 +0000 (18:11 +0800)]
hwrng: hisi - Add support for Hisilicon SoC RNG
This adds the Hisilicon Random Number Generator(RNG) support,
which is found in Hip04 and Hip05 soc.
Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kefeng Wang [Wed, 13 Apr 2016 10:11:27 +0000 (18:11 +0800)]
dt/bindings: Add bindings for hisilicon random number generator
Document the devicetree bindings for the random number generator found
on Hisilicon Hip04 and Hip05 soc.
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Rob Herring <rob@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:26 +0000 (11:04 +0200)]
crypto: mxc-scc - add basic driver for the MXC SCC
According to the Freescale GPL driver code, there are two different
Security Controller (SCC) versions: SCC and SCC2.
The SCC is found on older i.MX SoCs, e.g. the i.MX25. This is the
version implemented and tested here.
As there is no publicly available documentation for this IP core,
all information about this unit is gathered from the GPL'ed driver
from Freescale.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:25 +0000 (11:04 +0200)]
ARM: i.MX25: add scc module to dtsi
Add the Security Controller (SCC) module to the dtsi.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:24 +0000 (11:04 +0200)]
Documentation: devicetree: add Freescale SCC bindings
Add documentation for the Freescale Security Controller (SCC)
found on i.MX25 SoCs.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Wed, 6 Apr 2016 18:01:54 +0000 (11:01 -0700)]
crypto: qat - adf_dev_stop should not be called in atomic context
VFs call adf_dev_stop() from a PF to VF interrupt bottom half.
This causes an oops "scheduling while atomic", because it tries
to acquire a mutex to un-register crypto algorithms.
This patch fixes the issue by calling adf_dev_stop() asynchronously.
Changes in v2:
- change kthread to a work queue.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mike Galbraith [Tue, 5 Apr 2016 13:03:21 +0000 (15:03 +0200)]
crypto: ccp - Fix RT breaking #include <linux/rwlock_types.h>
Direct include of rwlock_types.h breaks RT, use spinlock_types.h instead.
Fixes:
553d2374db0b crypto: ccp - Support for multiple CCPs
Signed-off-by: Mike Galbraith <umgwanakikbuti@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Sat, 2 Apr 2016 15:54:56 +0000 (10:54 -0500)]
crypto: doc - document correct return value for request allocation
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tom Lendacky [Wed, 13 Apr 2016 15:52:25 +0000 (10:52 -0500)]
crypto: ccp - Prevent information leakage on export
Prevent information from leaking to userspace by doing a memset to 0 of
the export state structure before setting the structure values and copying
it. This prevents un-initialized padding areas from being copied into the
export area.
Cc: <stable@vger.kernel.org> # 3.14.x-
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Xiaodong Liu [Tue, 12 Apr 2016 09:45:51 +0000 (09:45 +0000)]
crypto: sha1-mb - use corrcet pointer while completing jobs
In sha_complete_job, incorrect mcryptd_hash_request_ctx pointer is used
when check and complete other jobs. If the memory of first completed req
is freed, while still completing other jobs in the func, kernel will
crash since NULL pointer is assigned to RIP.
Cc: <stable@vger.kernel.org>
Signed-off-by: Xiaodong Liu <xiaodong.liu@intel.com>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Wed, 6 Apr 2016 21:42:32 +0000 (14:42 -0700)]
crypto: rsa-pkcs1pad - fix dst len
The output buffer length has to be at least as big as the key_size.
It is then updated to the actual output size by the implementation.
Cc: <stable@vger.kernel.org>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 5 Apr 2016 02:04:28 +0000 (11:04 +0900)]
hwrng: exynos - Fix misspelled Samsung address
Correct smasung.com into samsung.com.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Tue, 29 Mar 2016 17:21:07 +0000 (10:21 -0700)]
crypto: qat - changed adf_dev_stop to void
It returns always zero anyway.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Tue, 29 Mar 2016 17:20:52 +0000 (10:20 -0700)]
crypto: qat - explicitly stop all VFs first
When stopping devices it is not enought to loop backwards.
We need to explicitly stop all VFs first.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stephan Mueller [Mon, 28 Mar 2016 14:47:55 +0000 (16:47 +0200)]
crypto: drbg - set HMAC key only when altered
The HMAC implementation allows setting the HMAC key independently from
the hashing operation. Therefore, the key only needs to be set when a
new key is generated.
This patch increases the speed of the HMAC DRBG by at least 35% depending
on the use case.
The patch is fully CAVS tested.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin LABBE [Wed, 23 Mar 2016 15:11:24 +0000 (16:11 +0100)]
crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore}
The current sun4i-ss driver could generate data corruption when ciphering/deciphering.
It occurs randomly on end of handled data.
No root cause have been found and the only way to remove it is to replace
all spin_lock_bh by their irq counterparts.
Fixes:
6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor Ambarus [Wed, 23 Mar 2016 15:06:40 +0000 (17:06 +0200)]
crypto: qat - fix address leaking of RSA public exponent
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tudor Ambarus [Wed, 23 Mar 2016 15:06:39 +0000 (17:06 +0200)]
crypto: qat - avoid memory corruption or undefined behaviour
memcopying to a (null pointer + offset) will result
in memory corruption or undefined behaviour.
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ahsan Atta [Tue, 22 Mar 2016 18:25:21 +0000 (11:25 -0700)]
crypto: qat - Remove redundant nrbg rings
Remove redundant nrbg rings.
Signed-off-by: Ahsan Atta <ahsan.atta@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Tue, 22 Mar 2016 17:45:25 +0000 (10:45 -0700)]
crypto: qat - make sure const_tab is 1024 bytes aligned
FW requires the const_tab to be 1024 bytes aligned.
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:18:16 +0000 (13:18 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access
Within the copying loop in mpi_read_raw_from_sgl(), the last input SGE's
byte count gets artificially extended as follows:
if (sg_is_last(sg) && (len % BYTES_PER_MPI_LIMB))
len += BYTES_PER_MPI_LIMB - (len % BYTES_PER_MPI_LIMB);
Within the following byte copying loop, this causes reads beyond that
SGE's allocated buffer:
BUG: KASAN: slab-out-of-bounds in mpi_read_raw_from_sgl+0x331/0x650
at addr
ffff8801e168d4d8
Read of size 1 by task systemd-udevd/721
[...]
Call Trace:
[<
ffffffff818c4d35>] dump_stack+0xbc/0x117
[<
ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169
[<
ffffffff814af5d1>] ? print_section+0x61/0xb0
[<
ffffffff814b1109>] print_trailer+0x179/0x2c0
[<
ffffffff814bc524>] object_err+0x34/0x40
[<
ffffffff814bfdc7>] kasan_report_error+0x307/0x8c0
[<
ffffffff814bf315>] ? kasan_unpoison_shadow+0x35/0x50
[<
ffffffff814bf38e>] ? kasan_kmalloc+0x5e/0x70
[<
ffffffff814c0ad1>] kasan_report+0x71/0xa0
[<
ffffffff81938171>] ? mpi_read_raw_from_sgl+0x331/0x650
[<
ffffffff814bf1a6>] __asan_load1+0x46/0x50
[<
ffffffff81938171>] mpi_read_raw_from_sgl+0x331/0x650
[<
ffffffff817f41b6>] rsa_verify+0x106/0x260
[<
ffffffff817f40b0>] ? rsa_set_pub_key+0xf0/0xf0
[<
ffffffff818edc79>] ? sg_init_table+0x29/0x50
[<
ffffffff817f4d22>] ? pkcs1pad_sg_set_buf+0xb2/0x2e0
[<
ffffffff817f5b74>] pkcs1pad_verify+0x1f4/0x2b0
[<
ffffffff81831057>] public_key_verify_signature+0x3a7/0x5e0
[<
ffffffff81830cb0>] ? public_key_describe+0x80/0x80
[<
ffffffff817830f0>] ? keyring_search_aux+0x150/0x150
[<
ffffffff818334a4>] ? x509_request_asymmetric_key+0x114/0x370
[<
ffffffff814b83f0>] ? kfree+0x220/0x370
[<
ffffffff818312c2>] public_key_verify_signature_2+0x32/0x50
[<
ffffffff81830b5c>] verify_signature+0x7c/0xb0
[<
ffffffff81835d0c>] pkcs7_validate_trust+0x42c/0x5f0
[<
ffffffff813c391a>] system_verify_data+0xca/0x170
[<
ffffffff813c3850>] ? top_trace_array+0x9b/0x9b
[<
ffffffff81510b29>] ? __vfs_read+0x279/0x3d0
[<
ffffffff8129372f>] mod_verify_sig+0x1ff/0x290
[...]
The exact purpose of the len extension isn't clear to me, but due to
its form, I suspect that it's a leftover somehow accounting for leading
zero bytes within the most significant output limb.
Note however that without that len adjustement, the total number of bytes
ever processed by the inner loop equals nbytes and thus, the last output
limb gets written at this point. Thus the net effect of the len adjustement
cited above is just to keep the inner loop running for some more
iterations, namely < BYTES_PER_MPI_LIMB ones, reading some extra bytes from
beyond the last SGE's buffer and discarding them afterwards.
Fix this issue by purging the extension of len beyond the last input SGE's
buffer length.
Fixes:
2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:18:07 +0000 (13:18 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices
Within the byte reading loop in mpi_read_raw_sgl(), there are two
housekeeping indices used, z and x.
At all times, the index z represents the number of output bytes covered
by the input SGEs for which processing has completed so far. This includes
any leading zero bytes within the most significant limb.
The index x changes its meaning after the first outer loop's iteration
though: while processing the first input SGE, it represents
"number of leading zero bytes in most significant output limb" +
"current position within current SGE"
For the remaining SGEs OTOH, x corresponds just to
"current position within current SGE"
After all, it is only the sum of z and x that has any meaning for the
output buffer and thus, the
"number of leading zero bytes in most significant output limb"
part can be moved away from x into z from the beginning, opening up the
opportunity for cleaner code.
Before the outer loop iterating over the SGEs, don't initialize z with
zero, but with the number of leading zero bytes in the most significant
output limb. For the inner loop iterating over a single SGE's bytes,
get rid of the buf_shift offset to x' bounds and let x run from zero to
sg->length - 1.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:17:27 +0000 (13:17 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation
The number of bits, nbits, is calculated in mpi_read_raw_from_sgl() as
follows:
nbits = nbytes * 8;
Afterwards, the number of leading zero bits of the first byte get
subtracted:
nbits -= count_leading_zeros(*(u8 *)(sg_virt(sgl) + lzeros));
However, count_leading_zeros() takes an unsigned long and thus,
the u8 gets promoted to an unsigned long.
Thus, the above doesn't subtract the number of leading zeros in the most
significant nonzero input byte from nbits, but the number of leading
zeros of the most significant nonzero input byte promoted to unsigned long,
i.e. BITS_PER_LONG - 8 too many.
Fix this by subtracting
count_leading_zeros(...) - (BITS_PER_LONG - 8)
from nbits only.
Fixes:
2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:45 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits
In mpi_read_raw_from_sgl(), unsigned nbits is calculated as follows:
nbits = nbytes * 8;
and redundantly cleared later on if nbytes == 0:
if (nbytes > 0)
...
else
nbits = 0;
Purge this redundant clearing for the sake of clarity.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:44 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): don't include leading zero SGEs in nbytes
At the very beginning of mpi_read_raw_from_sgl(), the leading zeros of
the input scatterlist are counted:
lzeros = 0;
for_each_sg(sgl, sg, ents, i) {
...
if (/* sg contains nonzero bytes */)
break;
/* sg contains nothing but zeros here */
ents--;
lzeros = 0;
}
Later on, the total number of trailing nonzero bytes is calculated by
subtracting the number of leading zero bytes from the total number of input
bytes:
nbytes -= lzeros;
However, since lzeros gets reset to zero for each completely zero leading
sg in the loop above, it doesn't include those.
Besides wasting resources by allocating a too large output buffer,
this mistake propagates into the calculation of x, the number of
leading zeros within the most significant output limb:
x = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB;
What's more, the low order bytes of the output, equal in number to the
extra bytes in nbytes, are left uninitialized.
Fix this by adjusting nbytes for each completely zero leading scatterlist
entry.
Fixes:
2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:43 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes
Currently, the nbytes local variable is calculated from the len argument
as follows:
... mpi_read_raw_from_sgl(..., unsigned int len)
{
unsigned nbytes;
...
if (!ents)
nbytes = 0;
else
nbytes = len - lzeros;
...
}
Given that nbytes is derived from len in a trivial way and that the len
argument is shadowed by a local len variable in several loops, this is just
confusing.
Rename the len argument to nbytes and get rid of the nbytes local variable.
Do the nbytes calculation in place.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:42 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): fix buffer overflow
Currently, mpi_read_buffer() writes full limbs to the output buffer
and moves memory around to purge leading zero limbs afterwards.
However, with
commit
9cbe21d8f89d ("lib/mpi: only require buffers as big as needed for
the integer")
the caller is only required to provide a buffer large enough to hold the
result without the leading zeros.
This might result in a buffer overflow for small MP numbers with leading
zeros.
Fix this by coping the result to its final destination within the output
buffer and not copying the leading zeros at all.
Fixes:
9cbe21d8f89d ("lib/mpi: only require buffers as big as needed for
the integer")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:41 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): replace open coded endian conversion
Currently, the endian conversion from CPU order to BE is open coded in
mpi_read_buffer().
Replace this by the centrally provided cpu_to_be*() macros.
Copy from the temporary storage on stack to the destination buffer
by means of memcpy().
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:40 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs
Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_read_buffer() skips them by iterating over them
limb-wise.
Instead of skipping the high order zero limbs within the loop as shown
above, adjust the copying loop's bounds.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:39 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): replace open coded endian conversion
Currently, the endian conversion from CPU order to BE is open coded in
mpi_write_sgl().
Replace this by the centrally provided cpu_to_be*() macros.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:38 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access
Within the copying loop in mpi_write_sgl(), we have
if (lzeros) {
mpi_limb_t *limb1 = (void *)p - sizeof(alimb);
mpi_limb_t *limb2 = (void *)p - sizeof(alimb)
+ lzeros;
*limb1 = *limb2;
...
}
where p points past the end of alimb2 which lives on the stack and contains
the current limb in BE order.
The purpose of the above is to shift the non-zero bytes of alimb2 to its
beginning in memory, i.e. to skip its leading zero bytes.
However, limb2 points somewhere into the middle of alimb2 and thus, reading
*limb2 pulls in lzero bytes from somewhere.
Indeed, KASAN splats:
BUG: KASAN: stack-out-of-bounds in mpi_write_to_sgl+0x4e3/0x6f0
at addr
ffff8800cb04f601
Read of size 8 by task systemd-udevd/391
page:
ffffea00032c13c0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x3fff8000000000()
page dumped because: kasan: bad access detected
CPU: 3 PID: 391 Comm: systemd-udevd Tainted: G B L
4.5.0-next-
20160316+ #12
[...]
Call Trace:
[<
ffffffff8194889e>] dump_stack+0xdc/0x15e
[<
ffffffff819487c2>] ? _atomic_dec_and_lock+0xa2/0xa2
[<
ffffffff814892b5>] ? __dump_page+0x185/0x330
[<
ffffffff8150ffd6>] kasan_report_error+0x5e6/0x8b0
[<
ffffffff814724cd>] ? kzfree+0x2d/0x40
[<
ffffffff819c5bce>] ? mpi_free_limb_space+0xe/0x20
[<
ffffffff819c469e>] ? mpi_powm+0x37e/0x16f0
[<
ffffffff815109f1>] kasan_report+0x71/0xa0
[<
ffffffff819c0353>] ? mpi_write_to_sgl+0x4e3/0x6f0
[<
ffffffff8150ed34>] __asan_load8+0x64/0x70
[<
ffffffff819c0353>] mpi_write_to_sgl+0x4e3/0x6f0
[<
ffffffff819bfe70>] ? mpi_set_buffer+0x620/0x620
[<
ffffffff819c0e6f>] ? mpi_cmp+0xbf/0x180
[<
ffffffff8186e282>] rsa_verify+0x202/0x260
What's more, since lzeros can be anything from 1 to sizeof(mpi_limb_t)-1,
the above will cause unaligned accesses which is bad on non-x86 archs.
Fix the issue, by preparing the starting point p for the upcoming copy
operation instead of shifting the source memory, i.e. alimb2.
Fixes:
2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:37 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic
Within the copying loop in mpi_write_sgl(), we have
if (lzeros) {
...
p -= lzeros;
y = lzeros;
}
p = p - (sizeof(alimb) - y);
If lzeros == 0, then y == 0, too. Thus, lzeros gets subtracted and added
back again to p.
Purge this redundancy.
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:36 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement
Within the copying loop in mpi_write_sgl(), we have
if (lzeros > 0) {
...
lzeros -= sizeof(alimb);
}
However, at this point, lzeros < sizeof(alimb) holds. Make this fact
explicit by rewriting the above to
if (lzeros) {
...
lzeros = 0;
}
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Nicolai Stange [Tue, 22 Mar 2016 12:12:35 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix skipping of leading zero limbs
Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_write_sgl() skips them by iterating over them limb-wise.
However, it fails to adjust its internal leading zeros tracking variable,
lzeros, accordingly: it does a
p -= sizeof(alimb);
continue;
which should really have been a
lzeros -= sizeof(alimb);
continue;
Since lzeros never decreases if its initial value >= sizeof(alimb), nothing
gets copied by mpi_write_sgl() in that case.
Instead of skipping the high order zero limbs within the loop as shown
above, fix the issue by adjusting the copying loop's bounds.
Fixes:
2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:25 +0000 (10:58 +0900)]
crypto: s5p-sss - Sort the headers to improve readability
Sort the headers alphabetically to improve readability and to spot
duplications easier.
Suggested-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:24 +0000 (10:58 +0900)]
crypto: s5p-sss - Handle unaligned buffers
During crypto selftests on Odroid XU3 (Exynos5422) some of the
algorithms failed because of passing AES-block unaligned source and
destination buffers:
alg: skcipher: encryption failed on chunk test 1 for ecb-aes-s5p: ret=22
Handle such case by copying the buffers to a new aligned and contiguous
space.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:23 +0000 (10:58 +0900)]
crypto: s5p-sss - Minor coding cleanups
Remove unneeded inclusion of delay.h and get rid of indentation from
labels.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tom Lendacky [Mon, 21 Mar 2016 16:43:22 +0000 (11:43 -0500)]
MAINTAINERS: Add a new maintainer for the CCP driver
Gary will be taking over future development of the CCP driver, so add
him as a co-maintainer of the driver.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gary Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dan Carpenter [Mon, 21 Mar 2016 09:03:43 +0000 (12:03 +0300)]
crypto: marvell/cesa - remove unneeded condition
creq->cache[] is an array inside the struct, it's not a pointer and it
can't be NULL.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Colin Ian King [Fri, 18 Mar 2016 15:51:31 +0000 (15:51 +0000)]
PKCS#7: fix missing break on OID_sha224 case
The OID_sha224 case is missing a break and it falls through
to the -ENOPKG error default. Since HASH_ALGO_SHA224 seems
to be supported, this looks like an unintentional missing break.
Fixes:
07f081fb5057 ("PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them")
Cc: <stable@vger.kernel.org> # 4.2+
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Amitoj Kaur Chawla [Fri, 18 Mar 2016 13:38:48 +0000 (19:08 +0530)]
crypto: n2 - Remove return statement from void function
Return statement at the end of a void function is useless.
The Coccinelle semantic patch used to make this change is as follows:
//<smpl>
@@
identifier f;
expression e;
@@
void f(...) {
<...
- return
e;
...>
}
//</smpl>
Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 04:20:18 +0000 (13:20 +0900)]
crypto: s5p-sss - Enable COMPILE_TEST
Get some build coverage of S5P/Exynos AES H/W acceleration driver.
Driver uses DMA and devm_ioremap_resource() so add DMA and IOMEM
dependencies for the compile testing.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 04:19:55 +0000 (13:19 +0900)]
hwrng: exynos - Enable COMPILE_TEST
Get some build coverage of Exynos H/W random number generator
driver. Driver uses devm_ioremap_resource() so add IOMEM dependency for
the compile testing.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:15 +0000 (09:07 +0900)]
hwrng: exynos - Disable runtime PM on driver unbind
Driver enabled runtime PM but did not revert this on removal. Re-binding
of a device triggered warning:
exynos-rng
10830400.rng: Unbalanced pm_runtime_enable!
Fixes:
b329669ea0b5 ("hwrng: exynos - Add support for Exynos random number generator")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:14 +0000 (09:07 +0900)]
hwrng: exynos - Disable runtime PM on probe failure
Add proper error path (for disabling runtime PM) when registering of
hwrng fails.
Fixes:
b329669ea0b5 ("hwrng: exynos - Add support for Exynos random number generator")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:13 +0000 (09:07 +0900)]
hwrng: exynos - Fix unbalanced PM runtime put on timeout error path
In case of timeout during read operation, the exit path lacked PM
runtime put. This could lead to unbalanced runtime PM usage counter thus
leaving the device in an active state.
Fixes:
d7fd6075a205 ("hwrng: exynos - Add timeout for waiting on init done")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:12 +0000 (09:07 +0900)]
hwrng: exynos - Runtime suspend device after init
The driver uses pm_runtime_put_noidle() after initialization so the
device might remain in active state if the core does not read from it
(the read callback contains regular runtime put). The put_noidle() was
chosen probably to avoid unneeded suspend and resume cycle after the
initialization.
However for this purpose autosuspend is enabled so it is safe to runtime
put just after the initialization.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Meerwald [Sun, 13 Mar 2016 15:15:37 +0000 (16:15 +0100)]
crypto: omap-des - Improve wording for CRYPTO_DEV_OMAP_DES in Kconfig
Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tadeusz Struk [Fri, 11 Mar 2016 19:50:33 +0000 (11:50 -0800)]
crypto: af_alg - add async support to algif_aead
Following the async change for algif_skcipher
this patch adds similar async read to algif_aead.
changes in v3:
- add call to aead_reset_ctx directly from aead_put_sgl instead of calling
them separatelly one after the other
- remove wait from aead_sock_destruct function as it is not needed
when sock_hold is used
changes in v2:
- change internal data structures from fixed size arrays, limited to
RSGL_MAX_ENTRIES, to linked list model with no artificial limitation.
- use sock_kmalloc instead of kmalloc for memory allocation
- use sock_hold instead of separate atomic ctr to wait for outstanding
request
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Álvaro Fernández Rojas [Sun, 3 Apr 2016 12:18:22 +0000 (14:18 +0200)]
hwrng: bcm63xx - fix device tree compilation
Adds missing include that resulted in implicit device tree functions errors.
Fixes:
7b651706712b ("hwrng: bcm63xx - add device tree support")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Sun, 3 Apr 2016 04:37:15 +0000 (12:37 +0800)]
sunrpc: Fix skcipher/shash conversion
The skcpiher/shash conversion introduced a number of bugs in the
sunrpc code:
1) Missing calls to skcipher_request_set_tfm lead to crashes.
2) The allocation size of shash_desc is too small which leads to
memory corruption.
Fixes:
3b5cf20cf439 ("sunrpc: Use skcipher and ahash/shash")
Reported-by: J. Bruce Fields <bfields@fieldses.org>
Tested-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Linus Torvalds [Sun, 3 Apr 2016 14:09:40 +0000 (09:09 -0500)]
Linux 4.6-rc2
Linus Torvalds [Sun, 3 Apr 2016 12:22:12 +0000 (07:22 -0500)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"Misc kernel side fixes:
- fix event leak
- fix AMD PMU driver bug
- fix core event handling bug
- fix build bug on certain randconfigs
Plus misc tooling fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/amd/ibs: Fix pmu::stop() nesting
perf/core: Don't leak event in the syscall error path
perf/core: Fix time tracking bug with multiplexing
perf jit: genelf makes assumptions about endian
perf hists: Fix determination of a callchain node's childlessness
perf tools: Add missing initialization of perf_sample.cpumode in synthesized samples
perf tools: Fix build break on powerpc
perf/x86: Move events_sysfs_show() outside CPU_SUP_INTEL
perf bench: Fix detached tarball building due to missing 'perf bench memcpy' headers
perf tests: Fix tarpkg build test error output redirection
Linus Torvalds [Sun, 3 Apr 2016 12:06:53 +0000 (07:06 -0500)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull core kernel fixes from Ingo Molnar:
"This contains the nohz/atomic cleanup/fix for the fetch_or() ugliness
you noted during the original nohz pull request, plus there's also
misc fixes:
- fix liblockdep build bug
- fix uapi header build bug
- print more lockdep hash collision info to help debug recent reports
of hash collisions
- update MAINTAINERS email address"
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
MAINTAINERS: Update my email address
locking/lockdep: Print chain_key collision information
uapi/linux/stddef.h: Provide __always_inline to userspace headers
tools/lib/lockdep: Fix unsupported 'basename -s' in run_tests.sh
locking/atomic, sched: Unexport fetch_or()
timers/nohz: Convert tick dependency mask to atomic_t
locking/atomic: Introduce atomic_fetch_or()
Linus Torvalds [Sun, 3 Apr 2016 12:03:49 +0000 (07:03 -0500)]
v4l2-mc: avoid warning about unused variable
Commit
840f5b0572ea ("media: au0828 disable tuner to demod link in
au0828_media_device_register()") removed all uses of the 'dtv_demod',
but left the variable itself around.
Remove it.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 3 Apr 2016 11:32:28 +0000 (06:32 -0500)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"This lot contains:
- Some fixups for the fallout of the topology consolidation which
unearthed AMD/Intel inconsistencies
- Documentation for the x86 topology management
- Support for AMD advanced power management bits
- Two simple cleanups removing duplicated code"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Add advanced power management bits
x86/thread_info: Merge two !__ASSEMBLY__ sections
x86/cpufreq: Remove duplicated TDP MSR macro definitions
x86/Documentation: Start documenting x86 topology
x86/cpu: Get rid of compute_unit_id
perf/x86/amd: Cleanup Fam10h NB event constraints
x86/topology: Fix AMD core count
Linus Torvalds [Sat, 2 Apr 2016 23:57:49 +0000 (18:57 -0500)]
Merge tag 'rproc-v4.6-rc1' of git://github.com/andersson/remoteproc
Pull remoteproc fix from Bjorn Andersson:
"Fix incorrect error check in the ST remoteproc driver and advertise
the newly created linux-remoteproc mailing list"
* tag 'rproc-v4.6-rc1' of git://github.com/andersson/remoteproc:
MAINTAINERS: Add mailing list for remote processor subsystems
remoteproc: st: fix check of syscon_regmap_lookup_by_phandle() return value
Linus Torvalds [Sat, 2 Apr 2016 23:48:37 +0000 (18:48 -0500)]
Merge git://git./linux/kernel/git/nab/target-pending
Pull SCSI target fixes from Nicholas Bellinger:
"This includes fixes from HCH for -rc1 configfs default_groups
conversion changes that ended up breaking some iscsi-target
default_groups, along with Sagi's ib_drain_qp() conversion for
iser-target to use the common caller now available to RDMA kernel
consumers in v4.6+ code"
* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
target: add a new add_wwn_groups fabrics method
target: initialize the nacl base CIT begfore init_nodeacl
target: remove ->fabric_cleanup_nodeacl
iser-target: Use ib_drain_qp
Linus Torvalds [Sat, 2 Apr 2016 23:35:05 +0000 (18:35 -0500)]
Convert straggling drivers to new six-argument get_user_pages()
Commit
d4edcf0d5695 ("mm/gup: Switch all callers of get_user_pages() to
not pass tsk/mm") switched get_user_pages() callers to the simpler model
where they no longer pass in the thread and mm pointer. But since then
we've merged changes to a few drivers that re-introduce use of the old
interface. Let's fix them up.
They continued to work fine (thanks to the truly disgusting macros
introduced in commit
cde70140fed8: "mm/gup: Overload get_user_pages()
functions"), but cause unnecessary build noise.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sat, 2 Apr 2016 21:46:56 +0000 (16:46 -0500)]
Merge tag 'configfs-for-linus-2' of git://git.infradead.org/users/hch/configfs
Pull configfs fix from Christoph Hellwig:
"A trivial fix to the recently introduced binary attribute helper
macros"
* tag 'configfs-for-linus-2' of git://git.infradead.org/users/hch/configfs:
configfs: fix CONFIGFS_BIN_ATTR_[RW]O definitions
Linus Torvalds [Sat, 2 Apr 2016 01:03:33 +0000 (20:03 -0500)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Missing device reference in IPSEC input path results in crashes
during device unregistration. From Subash Abhinov Kasiviswanathan.
2) Per-queue ISR register writes not being done properly in macb
driver, from Cyrille Pitchen.
3) Stats accounting bugs in bcmgenet, from Patri Gynther.
4) Lightweight tunnel's TTL and TOS were swapped in netlink dumps, from
Quentin Armitage.
5) SXGBE driver has off-by-one in probe error paths, from Rasmus
Villemoes.
6) Fix race in save/swap/delete options in netfilter ipset, from
Vishwanath Pai.
7) Ageing time of bridge not set properly when not operating over a
switchdev device. Fix from Haishuang Yan.
8) Fix GRO regression wrt nested FOU/GUE based tunnels, from Alexander
Duyck.
9) IPV6 UDP code bumps wrong stats, from Eric Dumazet.
10) FEC driver should only access registers that actually exist on the
given chipset, fix from Fabio Estevam.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (73 commits)
net: mvneta: fix changing MTU when using per-cpu processing
stmmac: fix MDIO settings
Revert "stmmac: Fix 'eth0: No PHY found' regression"
stmmac: fix TX normal DESC
net: mvneta: use cache_line_size() to get cacheline size
net: mvpp2: use cache_line_size() to get cacheline size
net: mvpp2: fix maybe-uninitialized warning
tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter
net: usb: cdc_ncm: adding Telit LE910 V2 mobile broadband card
rtnl: fix msg size calculation in if_nlmsg_size()
fec: Do not access unexisting register in Coldfire
net: mvneta: replace MVNETA_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
net: mvpp2: replace MVPP2_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
net: dsa: mv88e6xxx: Clear the PDOWN bit on setup
net: dsa: mv88e6xxx: Introduce _mv88e6xxx_phy_page_{read, write}
bpf: make padding in bpf_tunnel_key explicit
ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
bnxt_en: Fix ethtool -a reporting.
bnxt_en: Fix typo in bnxt_hwrm_set_pause_common().
bnxt_en: Implement proper firmware message padding.
...
Linus Torvalds [Sat, 2 Apr 2016 00:57:13 +0000 (19:57 -0500)]
Merge tag 'clk-fixes-for-linus' of git://git./linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"A handful of const updates for reset ops and a couple fixes to the
newly introduced IPQ4019 clock driver"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: qcom: ipq4019: add some fixed clocks for ddrppl and fepll
clk: qcom: ipq4019: switch remaining defines to enums
clk: qcom: Make reset_control_ops const
clk: tegra: Make reset_control_ops const
clk: sunxi: Make reset_control_ops const
clk: atlas7: Make reset_control_ops const
clk: rockchip: Make reset_control_ops const
clk: mmp: Make reset_control_ops const
clk: mediatek: Make reset_control_ops const
Linus Torvalds [Sat, 2 Apr 2016 00:52:10 +0000 (19:52 -0500)]
Merge tag 'pm+acpi-4.6-rc2' of git://git./linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fix from Rafael J. Wysocki:
"Just one fix for a nasty boot failure on some systems based on Intel
Skylake that shipped with broken firmware where enabling
hardware-coordinated P-states management (HWP) causes a faulty
interrupt handler in SMM to be invoked and crash the system (Srinivas
Pandruvada)"
* tag 'pm+acpi-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / processor: Request native thermal interrupt handling via _OSC