BugLink: https://bugs.launchpad.net/bugs/1853303
Extend the low level ep11 misc functions implementation by
several functions to support EP11 key objects for paes and pkey:
- EP11 AES secure key generation
- EP11 AES secure key generation from given clear key value
- EP11 AES secure key blob check
- findcard function returns list of apqns based on given criterias
- EP11 AES secure key derive to CPACF protected key
Extend the pkey module to be able to generate and handle EP11
secure keys and also use them as base for deriving protected
keys for CPACF usage. These ioctls are extended to support
EP11 keys: PKEY_GENSECK2, PKEY_CLR2SECK2, PKEY_VERIFYKEY2,
PKEY_APQNS4K, PKEY_APQNS4KT, PKEY_KBLOB2PROTK2.
Additionally the 'clear key' token to protected key now uses
an EP11 card if the other ways (via PCKMO, via CCA) fail.
The PAES cipher implementation needed a new upper limit for
the max key size, but is now also working with EP11 keys.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit 55d0a513a0e202c68af2c8f4b1e923a345227bbb) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
/sys/devices/ap/cardxx/API_ordinalnr
The EP11 card firmware API ordinal number.
/sys/devices/ap/cardxx/FW_version
The EP11 card firmware major and minor version.
/sys/devices/ap/cardxx/serialnr
Displays the serial number of the EP11 card. The serial
number is a 16 character string unique for this EP11 card.
/sys/devices/ap/cardxx/op_modes
Displays operation modes for this EP11 card. Known operation
modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017.
The EP11 queues get two new sysfs attributes:
/sys/devices/ap/cardxx/xx.yyyy/mkvps
Displays information about the master key(s) states and
verification patterns. Two lines are displayed:
<wk_cur_state>: 'invalid' or 'valid'
<wk_new_state>: 'empty' or 'uncommitted' or 'committed'
<wk_cur_vp> and <wk_new_vp>: '-' or a 32 byte hash pattern
/sys/devices/ap/cardxx/xx.yyyy/op_modes
Displays operation modes for this EP11 queue. Known operation
modes are: FIPS2009, BSI2009, FIPS2011, BSI2011 and BSICC2017.
The card information displayed with the sysfs attributes is fresh
fetched from the card if the card is online, otherwise cached values
are used. The queue information displayed with the sysfs attributes is
always fetched on the fly and not cached. So each read of any of these
sysfs attributes will cause an request/reply CPRB communication with
the EP11 crypto card. The queue attributes address the corresponding
EP11 domain within the EP11 card. The card attributes addresses any
domain within the EP11 card (subject to the dispatch algorithm within
the zcrypt device driver). If the addressed domain is offline or for
card addressing all domains are offline the attributes will display
'-' for state and verification patterns and an empty string for op
mode, serial number, API_ordinalnr and FW_version.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit a17becc112535b912f2165f80a98c21b59655119) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
s390/zcrypt: add new low level ep11 functions support file
BugLink: https://bugs.launchpad.net/bugs/1853303
This patch introduces two new files which provide some
low level functions to interact with EP11 crypto cards:
ep11_get_card_info() sends an EP11 query module info CPRB to the
addressed card, processes the returning reply and exposes some of
the information returned in the new ep11_card_info struct.
ep11_get_domain_info() sends an EP11 query domain info CPRB to the
addressed card/queue, processes the returning reply and exposes some
of the information returned in the new ep11_domain_info struct.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit 7384eb725e2d55649850331a560bac2d48ed5002) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1853303
Minor rework for struct ep11_cprb and struct ep11_urb. Use of u8, u16,
u32 instead of unsigned char. Declare pointers to mem from userspace
with __user to give sparse a chance to check.
Export zcrypt_send_ep11_cprb() function as this function will be
called by code in progress which will build ep11 cprbs within the
zcrypt device driver zoo and send them to EP11 crypto cards.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit a7367997abb64b5e5a4f6fe6091629440b10da40) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
s390/zcrypt: enable card/domain autoselect on ep11 cprbs
BugLink: https://bugs.launchpad.net/bugs/1853303
For EP11 CPRBs there was only to choose between specify
one or more ep11 targets or not give a target at all. Without
any target the zcrypt code assumed AUTOSELECT. For EP11 this
ended up in choosing any EP11 APQN with regards to the weight.
However, CCA CPRBs can have a more fine granular target
addressing. The caller can give 0xFFFF as AUTOSELECT for
the card and/or the domain. So it's possible to address
any card but domain given or any domain but card given.
This patch now introduces the very same for EP11 CPRB handling.
An EP11 target entry now may contain 0xFFFF as card and/or
domain value with the meaning of ANY card or domain. So
now the same behavior as with CCA CPRBs becomes possible:
Address any card with given domain or address any domain within
given card.
For convenience the zcrypt.h header file now has two new
defines AUTOSEL_AP and AUTOSEL_DOM covering the 0xFFFF
value to address card any and domain any.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit 8f291ebf327050822d4ebf3812e5cc033ee0a88a) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
crypto/testmgr: enable selftests for paes-s390 ciphers
BugLink: https://bugs.launchpad.net/bugs/1854948
This patch enables the selftests for the s390 specific protected key
AES (PAES) cipher implementations:
* cbc-paes-s390
* ctr-paes-s390
* ecb-paes-s390
* xts-paes-s390
PAES is an AES cipher but with encrypted ('protected') key
material. However, the paes ciphers are able to derive an protected
key from clear key material with the help of the pkey kernel module.
So this patch now enables the generic AES tests for the paes
ciphers. Under the hood the setkey() functions rearrange the clear key
values as clear key token and so the pkey kernel module is able to
provide protected key blobs from the given clear key values. The
derived protected key blobs are then used within the paes cipers and
should produce the very same results as the generic AES implementation
with the clear key values.
The s390-paes cipher testlist entries are surrounded
by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
make any sense on non s390 platforms or without the PAES
cipher implementation.
s390/crypto: enable clear key values for paes ciphers
BugLink: https://bugs.launchpad.net/bugs/1854948
With this patch the paes ciphers do accept AES clear key values of
size 16, 24 or 32 byte. The key value is internal rearranged to form a
paes clear key token so that the pkey kernel module recognizes and
handles this key material as source for protected keys.
Using clear key material as a source for protected keys is a security
risc as the raw key material is kept in memory. However, so the AES
selftests provided with the testmanager can be run during registration
of the paes ciphers.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
OriginalAuthor: Harald Freudenberger <freude@linux.ibm.com>
(backported from commit 7f820d053948ca82bd8221b1df3d676b9c93a494) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1854948
A very minor finding within paes ctr where when the cpacf instruction
returns with only partially data en/decrytped the walk_done() was
mistakenly done with the all data counter. Please note this can only
happen when the kmctr returns because the protected key became invalid
in the middle of the operation. And this is only with suspend and
resume on a system with different effective wrapping key.
Eric Biggers mentioned that the context struct within the tfm struct
may be shared among multiple kernel threads. So here now a rework
which uses a spinlock per context to protect the read and write of the
protected key blob value. The en/decrypt functions copy the protected
key(s) at the beginning into a param struct and do not work with the
protected key within the context any more. If the protected key in the
param struct becomes invalid, the key material is again converted to
protected key(s) and the context gets this update protected by the
spinlock. Race conditions are still possible and may result in writing
the very same protected key value more than once. So the spinlock
needs to make sure the protected key(s) within the context are
consistent updated.
The ctr page is now locked by a mutex instead of a spinlock. A similar
patch went into the aes_s390 code as a result of a complain "sleeping
function called from invalid context at ...algapi.h". See
commit 1c2c7029c008 ("s390/crypto: fix possible sleep during spinlock
aquired")' for more.
During testing with instrumented code another issue with the xts
en/decrypt function revealed. The retry cleared the running iv value
and thus let to wrong en/decrypted data.
Tested and verified with additional testcases via AF_ALG interface and
additional selftests within the kernel (which will be made available
as soon as possible).
Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
OriginalAuthor: Harald Freudenberger <freude@linux.ibm.com>
(backported from commit 6f3196b74d64fe4b0a51cefa6f2f80f7f55bcf49) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
s390/pkey: Add support for key blob with clear key value
BugLink: https://bugs.launchpad.net/bugs/1854948
This patch adds support for a new key blob format to the
pkey kernel module. The new key blob comprises a clear
key value together with key type information.
The implementation tries to derive an protected key
from the blob with the clear key value inside with
1) the PCKMO instruction. This may fail as the LPAR
profile may disable this way.
2) Generate an CCA AES secure data key with exact the
clear key value. This requires to have a working
crypto card in CCA Coprocessor mode. Then derive
an protected key from the CCA AES secure key again
with the help of a working crypto card in CCA mode.
If both way fail, the transformation of the clear key
blob into a protected key will fail. For the PAES cipher
this would result in a failure at setkey() invocation.
A clear key value exposed in main memory is a security
risk. The intention of this new 'clear key blob' support
for pkey is to provide self-tests for the PAES cipher key
implementation. These known answer tests obviously need
to be run with well known key values. So with the clear
key blob format there is a way to provide knwon answer
tests together with an pkey clear key blob for the
in-kernel self tests done at cipher registration.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit 888edbc48857c7189592fb0be3ab09994247199c) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Link: http://lkml.kernel.org/r/aca044e8-e4b2-eda8-d724-b08772a44ed9@web.de
[borntraeger@de.ibm.com: use ==0 instead of <=0 for a size_t variable]
[heiko.carstens@de.ibm.com: split bugfix into separate patch; shorten changelog] Signed-off-by: Markus Elfring <Markus.Elfring@web.de> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
(cherry picked from commit 8b57e7c852fc58a62e668a83c0fa8d9246131803) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
AceLan Kao [Wed, 12 Feb 2020 06:53:15 +0000 (14:53 +0800)]
UBUNTU: SAUCE: platform/x86: dell-uart-backlight: increase retry times
BugLink: https://bugs.launchpad.net/bugs/1862885
From ODM, scalar takes some time to activate panel during booting up,
it can't respond the UART commands within 1 seconds.
So, we add retry and wait 2 seconds for the response. But sometimes it
still fails to read the response.
During the boot up time, it sometimes takes more than 2 seconds to respond
the first command, so we enlarge the retry timeout from 2 seconds to 5
seconds to make sure we get the first response from scalar.
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-By: You-Sheng Yang <vicamo.yang@canonical.com> Acked-by: Anthony Wong <anthony.wong@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Jaroslav Kysela [Tue, 11 Feb 2020 03:12:52 +0000 (11:12 +0800)]
ASoC: intel - fix the card names
BugLink: https://launchpad.net/bugs/1862712
Those strings are exposed to the user space as the
card name thus used in the GUIs. The common
standard is to avoid '_' here. The worst case
is 'sof-skl_hda_card' string.
Signed-off-by: Jaroslav Kysela <perex@perex.cz> Cc: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> Cc: Mark Brown <broonie@kernel.org> Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com> Link: https://lore.kernel.org/r/20191028164624.14334-1-perex@perex.cz Signed-off-by: Mark Brown <broonie@kernel.org>
(cherry picked from commit d745cc1ab65945b2d17ec9c5652f38299c054649) Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Huazhong Tan [Tue, 21 Jan 2020 08:42:12 +0000 (16:42 +0800)]
net: hns3: remove redundant print on ENOMEM
BugLink: https://launchpad.net/bugs/1861972
All kmalloc-based functions print enough information on failures.
So this patch removes the log in hclge_get_dfx_reg() when returns
ENOMEM.
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 322cb97c0734555d7a10299954624363de370c9c) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Guangbin Huang [Tue, 21 Jan 2020 08:42:11 +0000 (16:42 +0800)]
net: hns3: delete unnecessary blank line and space for cleanup
BugLink: https://launchpad.net/bugs/1861972
This patch deletes some unnecessary blank lines and spaces to clean up
code, and in hclgevf_set_vlan_filter() moves the comment to the front
of hclgevf_send_mbx_msg().
Signed-off-by: Guangbin Huang <huangguangbin2@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit e31053298408dc1fbb33ad2fdc9a114e70a9dfd6) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yonglong Liu [Tue, 21 Jan 2020 08:42:10 +0000 (16:42 +0800)]
net: hns3: rewrite a log in hclge_put_vector()
BugLink: https://launchpad.net/bugs/1861972
When gets vector fails, hclge_put_vector() should print out
the vector instead of vector_id in the log and return the wrong
vector_id to its caller.
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6f8e330d27464a7ff436f2944b84d640e42e5e6e) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Guojia Liao [Tue, 21 Jan 2020 08:42:09 +0000 (16:42 +0800)]
net: hns3: refine the input parameter 'size' for snprintf()
BugLink: https://launchpad.net/bugs/1861972
The function snprintf() writes at most size bytes (including the
terminating null byte ('\0') to str. Now, We can guarantee that the
parameter of size is lager than the length of str to be formatting
including its terminating null byte. So it's unnecessary to minus 1
for the input parameter 'size'.
Signed-off-by: Guojia Liao <liaoguojia@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit cdc37385e3abaf2704adf8bb15a2c14f04762d3d) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Guojia Liao [Tue, 21 Jan 2020 08:42:08 +0000 (16:42 +0800)]
net: hns3: move duplicated macro definition into header
BugLink: https://launchpad.net/bugs/1861972
Macro HCLGE_GET_DFX_REG_TYPE_CNT in hclge_dbg_get_dfx_bd_num()
and macro HCLGE_DFX_REG_BD_NUM in hclge_get_dfx_reg_bd_num()
have the same meaning, so just defines HCLGE_GET_DFX_REG_TYPE_CNT
in hclge_main.h.
Signed-off-by: Guojia Liao <liaoguojia@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 9027d043fc31145918b40b7a68956eaff4ddb5de) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Huazhong Tan [Tue, 21 Jan 2020 08:42:07 +0000 (16:42 +0800)]
net: hns3: set VF's default reset_type to HNAE3_NONE_RESET
BugLink: https://launchpad.net/bugs/1861972
reset_type means what kind of reset the driver is handling now,
so after initializing or reset, the reset_type of VF should be
set to HNAE3_NONE_RESET, otherwise, this unknown default value
may be a little misleading when the device is running.
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit afb6afdb8dc67988d17e4926df8c8fe248ea555a) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Yunsheng Lin [Tue, 21 Jan 2020 08:42:06 +0000 (16:42 +0800)]
net: hns3: do not reuse pfmemalloc pages
BugLink: https://launchpad.net/bugs/1861972
HNS3 driver allocates pages for DMA with dev_alloc_pages(), which
calls alloc_pages_node() with the __GFP_MEMALLOC flag. So, in case
of OOM condition, HNS3 can get pages with pfmemalloc flag set.
So do not reuse the pages with pfmemalloc flag set because those
pages are reserved for special cases, such as low memory case.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 08bb3857c6c2e2a62fe0cdc593af57215e9b95bc) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
This patch uses hns3_rl_err() to ratelimit the error log in the
hns3_clean_tx_ring().
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 09783d448bccf1ec1c91d0b9e5443b0bcb034dbb) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Chen Zhou [Mon, 20 Jan 2020 12:50:33 +0000 (20:50 +0800)]
net: hns3: replace snprintf with scnprintf in hns3_update_strings
BugLink: https://launchpad.net/bugs/1861972
snprintf returns the number of bytes that would be written, which may be
greater than the the actual length to be written. Here use extra code to
handle this.
scnprintf returns the number of bytes that was actually written, just use
scnprintf to simplify the code.
Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit bea5416561b1b997adbe3a04a5665e647c589a13) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Chen Zhou [Mon, 20 Jan 2020 12:49:43 +0000 (20:49 +0800)]
net: hns3: replace snprintf with scnprintf in hns3_dbg_cmd_read
BugLink: https://launchpad.net/bugs/1861972
The return value of snprintf may be greater than the size of
HNS3_DBG_READ_LEN, use scnprintf instead in hns3_dbg_cmd_read.
Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 49e211c0e357d8c5ccdc3c6c5fb8f94ab85d037f) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 2203d3f7971d28a2bcd8e2439bcead9069089e9a) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 08:58:18 +0000 (16:58 +0800)]
crypto: hisilicon - add branch prediction macro
BugLink: https://launchpad.net/bugs/1861976
This branch prediction macro on the hot path can improve
small performance(about 2%) according to the test.
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 63fabc87a01d31ae98da5d9a8efeda04621d45aa) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 08:58:16 +0000 (16:58 +0800)]
crypto: hisilicon - Fixed some tiny bugs of HPRE
BugLink: https://launchpad.net/bugs/1861976
1.Use memzero_explicit to clear key;
2.Fix some little endian writings;
3.Fix some other bugs and stuff of code style;
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 02ab994635eb4914e1c419b29594b19195669b78) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 02:41:56 +0000 (10:41 +0800)]
crypto: hisilicon - Add aead support on SEC2
BugLink: https://launchpad.net/bugs/1861976
authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)), and
authenc(hmac(sha512),cbc(aes)) support are added for SEC v2.
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 2f072d75d1ab32e9c7c43a54398f4360a0a42d5e) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 02:41:55 +0000 (10:41 +0800)]
crypto: hisilicon - redefine skcipher initiation
BugLink: https://launchpad.net/bugs/1861976
1.Define base initiation of QP for context which can be reused.
2.Define cipher initiation for other algorithms.
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 473a0f9662d495b585fa5ebe5fe72ec54b6cb82c) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 02:41:51 +0000 (10:41 +0800)]
crypto: hisilicon - Update QP resources of SEC V2
BugLink: https://launchpad.net/bugs/1861976
1.Put resource including request and resource list into
QP context structure to avoid allocate memory repeatedly.
2.Add max context queue number to void kcalloc large memory for QP context.
3.Remove the resource allocation operation.
4.Redefine resource allocation APIs to be shared by other algorithms.
5.Move resource allocation and free inner functions out of
operations 'struct sec_req_op', and they are called directly.
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 7c7d902aa4059bd4637f8ba59f0bd49e57b4825d) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 02:41:50 +0000 (10:41 +0800)]
crypto: hisilicon - Update some names on SEC V2
BugLink: https://launchpad.net/bugs/1861976
1.Adjust dma map function to be reused by AEAD algorithms;
2.Update some names of internal functions and variables to
support AEAD algorithms;
3.Rename 'sec_skcipher_exit' as 'sec_skcipher_uninit';
4.Rename 'sec_get/put_queue_id' as 'sec_alloc/free_queue_id';
Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a181647c06c21828c012df221d4adc1fd4125f16) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Zaibo Xu [Sat, 11 Jan 2020 02:41:48 +0000 (10:41 +0800)]
crypto: hisilicon - Update debugfs usage of SEC V2
BugLink: https://launchpad.net/bugs/1861976
Applied some advices of Marco Elver on atomic usage of Debugfs,
which is carried out by basing on Arnd Bergmann's fixing patch.
Reported-by: Arnd Bergmann <arnd@arndb.de> Reported-by: Marco Elver <elver@google.com> Signed-off-by: Zaibo Xu <xuzaibo@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit ca0d158dc9e5dc0902c1d507d82178d97f6f5709) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
crypto: hisilicon - still no need to check return value of debugfs_create functions
BugLink: https://launchpad.net/bugs/1861976
Just like in 4a97bfc79619 ("crypto: hisilicon - no need to check return
value of debugfs_create functions"), there still is no need to ever
check the return value. The function can work or not, but the code
logic should never do something different based on this.
Cc: Zhou Wang <wangzhou1@hisilicon.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit f2c5d27bb8899b7f527e2e7005d691c432563145) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Arnd Bergmann [Tue, 7 Jan 2020 20:08:58 +0000 (21:08 +0100)]
crypto: hisilicon/sec2 - Use atomics instead of __sync
BugLink: https://launchpad.net/bugs/1861976
The use of __sync functions for atomic memory access is not
supported in the kernel, and can result in a link error depending
on configuration:
Xinwei Kong [Fri, 3 Jan 2020 02:52:10 +0000 (10:52 +0800)]
spi: dw: use "smp_mb()" to avoid sending spi data error
BugLink: https://launchpad.net/bugs/1859744
Because of out-of-order execution about some CPU architecture,
In this debug stage we find Completing spi interrupt enable ->
prodrucing TXEI interrupt -> running "interrupt_transfer" function
will prior to set "dw->rx and dws->rx_end" data, so this patch add
memory barrier to enable dw->rx and dw->rx_end to be visible and
solve to send SPI data error.
eg:
it will fix to this following low possibility error in testing environment
which using SPI control to connect TPM Modules
Xinwei Kong [Thu, 7 Nov 2019 08:24:21 +0000 (16:24 +0800)]
efi: libstub/tpm: enable tpm eventlog function for ARM platforms
BugLink: https://launchpad.net/bugs/1859743
Wire up the existing code for ARM that loads the TPM event log into
OS accessible buffers while running the EFI stub so that the kernel
proper can access it at runtime.
Tested-by: Zou Cao <zoucao@linux.alibaba.com> Signed-off-by: Xinwei Kong <kong.kongxinwei@hisilicon.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
(cherry picked from commit d99c1ba6a73b9e93e2884b7893fe19e3c082ba03) Signed-off-by: Ike Panhc <ike.pan@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Stefan Bader [Mon, 17 Feb 2020 11:31:13 +0000 (12:31 +0100)]
UBUNTU: [Packaging] final-checks: Depend on makefile flavours
The available ABI files do not depend on the config flavours but
those actually built. So instead of looking at the config files,
parse the flavours variable of the <arch>.mk files.
This handles the case where we would like to drop certain flavours
or even whole architectures in backport kernels. Removing the
configuration file is bad because that would cause a huge delta
everytime we rebase (a local mangle would to remove the config
file each time and then the next updateconfigs would re-arrange
things based on that).
Instead we can rely on the information in the architecture
specific rules.
Ignore: yes Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Put xmon into read-only mode for lockdown=integrity and prevent user
entry into xmon when lockdown=confidentiality. Xmon checks the lockdown
state on every attempted entry:
(1) during early xmon'ing
(2) when triggered via sysrq
(3) when toggled via debugfs
(4) when triggered via a previously enabled breakpoint
The following lockdown state transitions are handled:
(1) lockdown=none -> lockdown=integrity
set xmon read-only mode
(2) lockdown=none -> lockdown=confidentiality
clear all breakpoints, set xmon read-only mode,
prevent user re-entry into xmon
(3) lockdown=integrity -> lockdown=confidentiality
clear all breakpoints, set xmon read-only mode,
prevent user re-entry into xmon
Suggested-by: Andrew Donnellan <ajd@linux.ibm.com> Signed-off-by: Christopher M. Riedl <cmr@informatik.wtf> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190907061124.1947-3-cmr@informatik.wtf
(cherry picked from commit 69393cb03ccdf29f3b452d3482ef918469d1c098) Signed-off-by: Frank Heimes <frank.heimes@canonical.com> Acked-by: Paolo Pisati <paolo.pisati@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
The original intent behind Lockdown's SysRq support was that the SysRq
command to lift Lockdown would only be honored if the command was
physically entered on a keyboard. Attempts to synthetically generate the
SysRq command, by a software program, were to be ignored since software,
even running as root, must not have the authorization to lift Lockdown.
Unfortunately, attempts to detect a synthetic SysRq command can be
thwarted by a privileged process that is able to set up a USB/IP
connection as the USB/IP connection could be used to lift Lockdown.
Remove the ability to lift Lockdown using SysRq.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Sultan Alsawaf [Tue, 11 Feb 2020 01:57:00 +0000 (02:57 +0100)]
UBUNTU: SAUCE: drm/i915: Disable PSR by default on all platforms
BugLink: https://bugs.launchpad.net/bugs/1849947
On all Dell laptops with screens and chipsets that support PSR, both
PSR1 and PSR2 cause flickering and graphical glitches. Many laptops
don't support PSR so it isn't known if PSR works correctly on any
consumer hardware. PSR was enabled by default in 5.0 for capable
hardware, so this patch just restores the previous functionality of PSR
being disabled by default.
More info is available on the freedesktop bug:
https://gitlab.freedesktop.org/drm/intel/issues/425
Signed-off-by: Sultan Alsawaf <sultan.alsawaf@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
commit bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
passed down the rcu flag to the SELinux AVC, but failed to adjust the
test in slow_avc_audit() to also return -ECHILD on LSM_AUDIT_DATA_DENTRY.
Previously, we only returned -ECHILD if generating an audit record with
LSM_AUDIT_DATA_INODE since this was only relevant from inode_permission.
Move the handling of MAY_NOT_BLOCK to avc_audit() and its inlined
equivalent in selinux_inode_permission() immediately after we determine
that audit is required, and always fall back to ref-walk in this case.
Fixes: bda0be7ad994 ("security: make inode_follow_link RCU-walk aware") Reported-by: Will Deacon <will@kernel.org> Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing() and made it to return on overflow.
However, the aforementioned commit doesn't set the return value accordingly
and thus, lbs_ibss_join_existing() would return with zero even though it
failed.
Make lbs_ibss_join_existing return -EINVAL in case the bounds check on the
number of supplied rates fails.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor") Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Commit e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss
descriptor") introduced a bounds check on the number of supplied rates to
lbs_ibss_join_existing().
Unfortunately, it introduced a return path from within a RCU read side
critical section without a corresponding rcu_read_unlock(). Fix this.
Fixes: e5e884b42639 ("libertas: Fix two buffer overflows at parsing bss descriptor") Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
mwifiex_cmd_append_vsie_tlv() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().
Signed-off-by: Qing Xu <m1s5p6688@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
mwifiex_ret_wmm_get_status() calls memcpy() without checking the
destination size.Since the source is given from remote AP which
contains illegal wmm elements , this may trigger a heap buffer
overflow.
Fix it by putting the length check before calling memcpy().
Signed-off-by: Qing Xu <m1s5p6688@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
UART2 peripheral is missing from the regmap fixup table of the g12a family
clock controller. As it is, any access to this clock would Oops, which is
not great.
Add the clock to the table to fix the problem.
Fixes: 085a4ea93d54 ("clk: meson: g12a: add peripheral clock controller") Reported-by: Dmitry Shmidt <dimitrysh@google.com> Tested-by: Dmitry Shmidt <dimitrysh@google.com> Acked-by: Neil Armstrong <narmstrong@baylibre.com> Tested-by: Kevin Hilman <khilman@baylibre.com> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
MAX77650 MFD driver uses regmap_irq API but doesn't select the required
REGMAP_IRQ option in Kconfig. This can cause the following build error
if regmap irq is not enabled implicitly by someone else:
ld: drivers/mfd/max77650.o: in function `max77650_i2c_probe':
max77650.c:(.text+0xcb): undefined reference to `devm_regmap_add_irq_chip'
ld: max77650.c:(.text+0xdb): undefined reference to `regmap_irq_get_domain'
make: *** [Makefile:1079: vmlinux] Error 1
Fix it by adding the missing option.
Fixes: d0f60334500b ("mfd: Add new driver for MAX77650 PMIC") Reported-by: Paul Gazzillo <paul@pgazz.com> Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
When checking if a register block is writable we must ensure that the
block does not start with or contain a non incrementing register.
Fixes: 8b9f9d4dc511 ("regmap: verify if register is writeable before writing operations") Signed-off-by: Ben Whitten <ben.whitten@gmail.com> Link: https://lore.kernel.org/r/20200118205625.14532-1-ben.whitten@gmail.com Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
R-Car Gen3 Hardware Manual Errata for Rev. 2.00 of October 24, 2019
changed the configuration bits for drive and bias control for the
DU_DOTCLKIN3 pin on R-Car M3-N, to match the same pin on R-Car H3.
Update the driver to reflect this.
After this, the handling of drive and bias control for the various
DU_DOTCLKINx pins is consistent across all of the R-Car H3, M3-W,
M3-W+, and M3-N SoCs.
Fixes: 86c045c2e4201e94 ("pinctrl: sh-pfc: r8a77965: Replace DU_DOTCLKIN2 by DU_DOTCLKIN3") Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Link: https://lore.kernel.org/r/20191113101653.28428-1-geert+renesas@glider.be Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any existing
LSM. This creates a regression for SELinux with respect to consistent
checking of mounts; the existing selinux_mount hook checks mounton
permission to the mount point path. Provide a SELinux hook
implementation for move_mount that applies this same check for
consistency. In the future we may wish to add a new move_mount
filesystem permission and check as well, but this addresses
the immediate regression.
Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around") Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This reverts commit e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK
to the AVC upon follow_link"). The correct fix is to instead fall
back to ref-walk if audit is required irrespective of the specific
audit data type. This is done in the next commit.
Fixes: e46e01eebbbc ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link") Reported-by: Will Deacon <will@kernel.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
the commit 91be66e1318f ("bcache: performance improvement for
btree_flush_write()") was an effort to flushing btree node with oldest
btree node faster in following methods,
- Only iterate dirty btree nodes in c->btree_cache, avoid scanning a lot
of clean btree nodes.
- Take c->btree_cache as a LRU-like list, aggressively flushing all
dirty nodes from tail of c->btree_cache util the btree node with
oldest journal entry is flushed. This is to reduce the time of holding
c->bucket_lock.
Guoju Fang and Shuang Li reported that they observe unexptected extra
write I/Os on cache device after applying the above patch. Guoju Fang
provideed more detailed diagnose information that the aggressive
btree nodes flushing may cause 10x more btree nodes to flush in his
workload. He points out when system memory is large enough to hold all
btree nodes in memory, c->btree_cache is not a LRU-like list any more.
Then the btree node with oldest journal entry is very probably not-
close to the tail of c->btree_cache list. In such situation much more
dirty btree nodes will be aggressively flushed before the target node
is flushed. When slow SATA SSD is used as cache device, such over-
aggressive flushing behavior will cause performance regression.
After spending a lot of time on debug and diagnose, I find the real
condition is more complicated, aggressive flushing dirty btree nodes
from tail of c->btree_cache list is not a good solution.
- When all btree nodes are cached in memory, c->btree_cache is not
a LRU-like list, the btree nodes with oldest journal entry won't
be close to the tail of the list.
- There can be hundreds dirty btree nodes reference the oldest journal
entry, before flushing all the nodes the oldest journal entry cannot
be reclaimed.
When the above two conditions mixed together, a simply flushing from
tail of c->btree_cache list is really NOT a good idea.
Fortunately there is still chance to make btree_flush_write() work
better. Here is how this patch avoids unnecessary btree nodes flushing,
- Only acquire c->journal.lock when getting oldest journal entry of
fifo c->journal.pin. In rested locations check the journal entries
locklessly, so their values can be changed on other cores
in parallel.
- In loop list_for_each_entry_safe_reverse(), checking latest front
point of fifo c->journal.pin. If it is different from the original
point which we get with locking c->journal.lock, it means the oldest
journal entry is reclaim on other cores. At this moment, all selected
dirty nodes recorded in array btree_nodes[] are all flushed and clean
on other CPU cores, it is unncessary to iterate c->btree_cache any
longer. Just quit the list_for_each_entry_safe_reverse() loop and
the following for-loop will skip all the selected clean nodes.
- Find a proper time to quit the list_for_each_entry_safe_reverse()
loop. Check the refcount value of orignial fifo front point, if the
value is larger than selected node number of btree_nodes[], it means
more matching btree nodes should be scanned. Otherwise it means no
more matching btee nodes in rest of c->btree_cache list, the loop
can be quit. If the original oldest journal entry is reclaimed and
fifo front point is updated, the refcount of original fifo front point
will be 0, then the loop will be quit too.
- Not hold c->bucket_lock too long time. c->bucket_lock is also required
for space allocation for cached data, hold it for too long time will
block regular I/O requests. When iterating list c->btree_cache, even
there are a lot of maching btree nodes, in order to not holding
c->bucket_lock for too long time, only BTREE_FLUSH_NR nodes are
selected and to flush in following for-loop.
With this patch, only btree nodes referencing oldest journal entry
are flushed to cache device, no aggressive flushing for unnecessary
btree node any more. And in order to avoid blocking regluar I/O
requests, each time when btree_flush_write() called, at most only
BTREE_FLUSH_NR btree nodes are selected to flush, even there are more
maching btree nodes in list c->btree_cache.
At last, one more thing to explain: Why it is safe to read front point
of c->journal.pin without holding c->journal.lock inside the
list_for_each_entry_safe_reverse() loop ?
Here is my answer: When reading the front point of fifo c->journal.pin,
we don't need to know the exact value of front point, we just want to
check whether the value is different from the original front point
(which is accurate value because we get it while c->jouranl.lock is
held). For such purpose, it works as expected without holding
c->journal.lock. Even the front point is changed on other CPU core and
not updated to local core, and current iterating btree node has
identical journal entry local as original fetched fifo front point, it
is still safe. Because after holding mutex b->write_lock (with memory
barrier) this btree node can be found as clean and skipped, the loop
will quite latter when iterate on next node of list c->btree_cache.
Fixes: 91be66e1318f ("bcache: performance improvement for btree_flush_write()") Reported-by: Guoju Fang <fangguoju@gmail.com> Reported-by: Shuang Li <psymon@bonuscloud.io> Signed-off-by: Coly Li <colyli@suse.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This patch set the correct value for oversampling maxItems. In the
original example, appears 3 items for oversampling while the maxItems
is set to 1, this patch fixes those issues.
Fixes: 416f882c3b40 ("dt-bindings: iio: adc: Migrate AD7606 documentation to yaml") Signed-off-by: Beniamin Bia <beniamin.bia@analog.com> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Enclose multiple macro parameters in parentheses in order to
make such macros safer and fix the Clang warning below:
drivers/media/i2c/adv748x/adv748x-afe.c:452:12: warning: operator '?:'
has lower precedence than '|'; '|' will be evaluated first
[-Wbitwise-conditional-parentheses]
If the watchdog hardware is already enabled during the boot process,
when the Linux watchdog driver loads, it should start/reset the watchdog
and tell the watchdog framework. As a result, ping can be generated from
the watchdog framework (if CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED is set),
until the userspace watchdog daemon takes over control
HMAC keys can be of any length, and atmel_sha_hmac_key_set() can only
fail due to -ENOMEM. But atmel_sha_hmac_setkey() incorrectly treated
any error as a "bad key length" error. Fix it to correctly propagate
the -ENOMEM error code and not set any tfm result flags.
Fixes: 81d8750b2b59 ("crypto: atmel-sha - add support to hmac(shaX)") Cc: Nicolas Ferre <nicolas.ferre@microchip.com> Cc: Alexandre Belloni <alexandre.belloni@bootlin.com> Cc: Ludovic Desroches <ludovic.desroches@microchip.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Currently if the comparison fuzz tests encounter an encryption error
when generating an skcipher or AEAD test vector, they will still test
the decryption side (passing it the uninitialized ciphertext buffer)
and expect it to fail with the same error.
This is sort of broken because it's not well-defined usage of the API to
pass an uninitialized buffer, and furthermore in the AEAD case it's
acceptable for the decryption error to be EBADMSG (meaning "inauthentic
input") even if the encryption error was something else like EINVAL.
Fix this for skcipher by explicitly initializing the ciphertext buffer
on error, and for AEAD by skipping the decryption test on error.
Reported-by: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com> Fixes: d435e10e67be ("crypto: testmgr - fuzz skciphers against their generic implementation") Fixes: 40153b10d91c ("crypto: testmgr - fuzz AEADs against their generic implementation") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
../drivers/mtd/nand/onenand/onenand_base.c:1269:3: warning: misleading
indentation; statement is not part of the previous 'if'
[-Wmisleading-indentation]
while (!ret) {
^
../drivers/mtd/nand/onenand/onenand_base.c:1266:2: note: previous
statement is here
if (column + thislen > writesize)
^
1 warning generated.
This warning occurs because there is a space before the tab of the while
loop. There are spaces at the beginning of a lot of the lines in this
block, remove them so that the indentation is consistent with the Linux
kernel coding style and clang no longer warns.
We detect the absence of FP/SIMD after an incapable CPU is brought up,
and by then we have kernel threads running already with TIF_FOREIGN_FPSTATE set
which could be set for early userspace applications (e.g, modprobe triggered
from initramfs) and init. This could cause the applications to loop forever in
do_nofity_resume() as we never clear the TIF flag, once we now know that
we don't support FP.
Fix this by making sure that we clear the TIF_FOREIGN_FPSTATE flag
for tasks which may have them set, as we would have done in the normal
case, but avoiding touching the hardware state (since we don't support any).
Also to make sure we handle the cases seemlessly we categorise the
helper functions to two :
1) Helpers for common core code, which calls into take appropriate
actions without knowing the current FPSIMD state of the CPU/task.
We bail out early for these functions, taking any appropriate actions
(e.g, clearing the TIF flag) where necessary to hide the handling
from core code.
2) Helpers used when the presence of FP/SIMD is apparent.
i.e, save/restore the FP/SIMD register state, modify the CPU/task
FP/SIMD state.
e.g,
fpsimd_bind_task_to_cpu() \
- Update the "state" metadata for CPU/task.
fpsimd_bind_state_to_cpu() /
fpsimd_update_current_state() - Update the fp/simd state for the current
task from memory.
These must not be called in the absence of FP/SIMD. Put in a WARNING
to make sure they are not invoked in the absence of FP/SIMD.
KVM also uses the TIF_FOREIGN_FPSTATE flag to manage the FP/SIMD state
on the CPU. However, without FP/SIMD support we trap all accesses and
inject undefined instruction. Thus we should never "load" guest state.
Add a sanity check to make sure this is valid.
Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD") Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Marc Zyngier <maz@kernel.org> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
According to the ARM ARM, registers CNT{P,V}_TVAL_EL0 have bits [63:32]
RES0 [1]. When reading the register, the value is truncated to the least
significant 32 bits [2], and on writes, TimerValue is treated as a signed
32-bit integer [1, 2].
When the guest behaves correctly and writes 32-bit values, treating TVAL
as an unsigned 64 bit register works as expected. However, things start
to break down when the guest writes larger values, because
(u64)0x1_ffff_ffff = 8589934591. but (s32)0x1_ffff_ffff = -1, and the
former will cause the timer interrupt to be asserted in the future, but
the latter will cause it to be asserted now. Let's treat TVAL as a
signed 32-bit register on writes, to match the behaviour described in
the architecture, and the behaviour experimentally exhibited by the
virtual timer on a non-vhe host.
[1] Arm DDI 0487E.a, section D13.8.18
[2] Arm DDI 0487E.a, section D11.2.4
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
[maz: replaced the read-side mask with lower_32_bits] Signed-off-by: Marc Zyngier <maz@kernel.org> Fixes: 8fa761624871 ("KVM: arm/arm64: arch_timer: Fix CNTP_TVAL calculation") Link: https://lore.kernel.org/r/20200127103652.2326-1-alexandru.elisei@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
KVM's inject_abt64() injects an external-abort into an aarch64 guest.
The KVM_CAP_ARM_INJECT_EXT_DABT is intended to do exactly this, but
for an aarch32 guest inject_abt32() injects an implementation-defined
exception, 'Lockdown fault'.
Change this to external abort. For non-LPAE we now get the documented:
| Unhandled fault: external abort on non-linefetch (0x008) at 0x9c800f00
and for LPAE:
| Unhandled fault: synchronous external abort (0x210) at 0x9c800f00
Fixes: 74a64a981662a ("KVM: arm/arm64: Unify 32bit fault injection") Reported-by: Beata Michalska <beata.michalska@linaro.org> Signed-off-by: James Morse <james.morse@arm.com> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20200121123356.203000-3-james.morse@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Beata reports that KVM_SET_VCPU_EVENTS doesn't inject the expected
exception to a non-LPAE aarch32 guest.
The host intends to inject DFSR.FS=0x14 "IMPLEMENTATION DEFINED fault
(Lockdown fault)", but the guest receives DFSR.FS=0x04 "Fault on
instruction cache maintenance". This fault is hooked by
do_translation_fault() since ARMv6, which goes on to silently 'handle'
the exception, and restart the faulting instruction.
It turns out, when TTBCR.EAE is clear DFSR is split, and FS[4] has
to shuffle up to DFSR[10].
As KVM only does this in one place, fix up the static values. We
now get the expected:
| Unhandled fault: lock abort (0x404) at 0x9c800f00
Fixes: 74a64a981662a ("KVM: arm/arm64: Unify 32bit fault injection") Reported-by: Beata Michalska <beata.michalska@linaro.org> Signed-off-by: James Morse <james.morse@arm.com> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20200121123356.203000-2-james.morse@arm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
kvm_test_age_hva() is called upon mmu_notifier_test_young(), but wrong
address range has been passed to handle_hva_to_gpa(). With the wrong
address range, no young bits will be checked in handle_hva_to_gpa().
It means zero is always returned from mmu_notifier_test_young().
This fixes the issue by passing correct address range to the underly
function handle_hva_to_gpa(), so that the hardware young (access) bit
will be visited.
Fixes: 35307b9a5f7e ("arm/arm64: KVM: Implement Stage-2 page aging") Signed-off-by: Gavin Shan <gshan@redhat.com> Signed-off-by: Marc Zyngier <maz@kernel.org> Link: https://lore.kernel.org/r/20200121055659.19560-1-gshan@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
When fp/simd is not supported on the system, fail the operations
of FP/SIMD regsets.
Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD") Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
We set the compat_elf_hwcap bits unconditionally on arm64 to
include the VFP and NEON support. However, the FP/SIMD unit
is optional on Arm v8 and thus could be missing. We already
handle this properly in the kernel, but still advertise to
the COMPAT applications that the VFP is available. Fix this
to make sure we only advertise when we really have them.
Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD") Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
The NO_FPSIMD capability is defined with scope SYSTEM, which implies
that the "absence" of FP/SIMD on at least one CPU is detected only
after all the SMP CPUs are brought up. However, we use the status
of this capability for every context switch. So, let us change
the scope to LOCAL_CPU to allow the detection of this capability
as and when the first CPU without FP is brought up.
Also, the current type allows hotplugged CPU to be brought up without
FP/SIMD when all the current CPUs have FP/SIMD and we have the userspace
up. Fix both of these issues by changing the capability to
BOOT_RESTRICTED_LOCAL_CPU_FEATURE.
Fixes: 82e0191a1aa11abf ("arm64: Support systems without FP/ASIMD") Cc: Will Deacon <will@kernel.org> Cc: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
When a new cgroup is created, the effective uclamp value wasn't updated
with a call to cpu_util_update_eff() that looks at the hierarchy and
update to the most restrictive values.
Fix it by ensuring to call cpu_util_update_eff() when a new cgroup
becomes online.
Without this change, the newly created cgroup uses the default
root_task_group uclamp values, which is 1024 for both uclamp_{min, max},
which will cause the rq to to be clamped to max, hence cause the
system to run at max frequency.
The problem was observed on Ubuntu server and was reproduced on Debian
and Buildroot rootfs.
By default, Ubuntu and Debian create a cpu controller cgroup hierarchy
and add all tasks to it - which creates enough noise to keep the rq
uclamp value at max most of the time. Imitating this behavior makes the
problem visible in Buildroot too which otherwise looks fine since it's a
minimal userspace.
As of commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING
forcibly"), free_memmap() might not always be inlined, and thus is
triggering a section warning:
WARNING: vmlinux.o(.text.unlikely+0x904): Section mismatch in reference from the function free_memmap() to the function .meminit.text:memblock_free()
Mark it as __init, since the faller (free_unused_memmap) already is.
Fixes: ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING forcibly") Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Saving/restoring an unmapped collection is a valid scenario. For
example this happens if a MAPTI command was sent, featuring an
unmapped collection. At the moment the CTE fails to be restored.
Only compare against the number of online vcpus if the rdist
base is set.
Fixes: ea1ad53e1e31a ("KVM: arm64: vgic-its: Collection table save/restore") Signed-off-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Marc Zyngier <maz@kernel.org> Reviewed-by: Zenghui Yu <yuzenghui@huawei.com> Link: https://lore.kernel.org/r/20191213094237.19627-1-eric.auger@redhat.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Use of_device_id array to find the proper shdwc compatibile node.
SAM9X60's shdwc changes were not integrated when
commit eaedc0d379da ("ARM: at91: pm: add ULP1 support for SAM9X60")
was integrated.
Fixes: eaedc0d379da ("ARM: at91: pm: add ULP1 support for SAM9X60") Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> Link: https://lore.kernel.org/r/1576062248-18514-3-git-send-email-claudiu.beznea@microchip.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
SAM9X60 PMC's has a different PMC. It was not integrated at the moment
commit 01c7031cfa73 ("ARM: at91: pm: initial PM support for SAM9X60")
was published.
Fixes: 01c7031cfa73 ("ARM: at91: pm: initial PM support for SAM9X60") Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> Link: https://lore.kernel.org/r/1576062248-18514-2-git-send-email-claudiu.beznea@microchip.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
CMDQ_OP_TLBI_NH_VA requires VMID and this was missing since
commit 1c27df1c0a82 ("iommu/arm-smmu: Use correct address mask
for CMD_TLBI_S2_IPA"). Add it back.
Fixes: 1c27df1c0a82 ("iommu/arm-smmu: Use correct address mask for CMD_TLBI_S2_IPA") Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Signed-off-by: Will Deacon <will@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
By default a pseries guest supports a H_PUT_TCE hypercall which maps
a single IOMMU page in a DMA window. Additionally the hypervisor may
support H_PUT_TCE_INDIRECT/H_STUFF_TCE which update multiple TCEs at once;
this is advertised via the device tree /rtas/ibm,hypertas-functions
property which Linux converts to FW_FEATURE_MULTITCE.
FW_FEATURE_MULTITCE is checked when dma_iommu_ops is used; however
the code managing the huge DMA window (DDW) ignores it and calls
H_PUT_TCE_INDIRECT even if it is explicitly disabled via
the "multitce=off" kernel command line parameter.
This adds FW_FEATURE_MULTITCE checking to the DDW code path.
This changes tce_build_pSeriesLP to take liobn and page size as
the huge window does not have iommu_table descriptor which usually
the place to store these numbers.
Fixes: 4e8b0cf46b25 ("powerpc/pseries: Add support for dynamic dma windows") Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Tested-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20191216041924.42318-3-aik@ozlabs.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Commit e5afdf9dd515 ("powerpc/vfio_spapr_tce: Add reference counting to
iommu_table") missed an iommu_table allocation in the pseries vio code.
The iommu_table is allocated with kzalloc and as a result the associated
kref gets a value of zero. This has the side effect that during a DLPAR
remove of the associated virtual IOA the iommu_tce_table_put() triggers
a use-after-free underflow warning.
String 'bus_desc.provider_name' allocated inside
papr_scm_nvdimm_init() will leaks in case call to
nvdimm_bus_register() fails or when papr_scm_remove() is called.
This minor patch ensures that 'bus_desc.provider_name' is freed in
error path for nvdimm_bus_register() as well as in papr_scm_remove().
Fixes: b5beae5e224f ("powerpc/pseries: Add driver for PAPR SCM regions") Signed-off-by: Vaibhav Jain <vaibhav@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20200122155140.120429-1-vaibhav@linux.ibm.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
At the time the change allowed direct DMA ops for secure VMs; however
since then we switched on using SWIOTLB backed with IOMMU (direct mapping)
and to make this work, we need dma_iommu_ops which handles all cases
including TCE mapping I/O pages in the presence of an IOMMU.
Fixes: edea902c1c1e ("powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests") Signed-off-by: Ram Pai <linuxram@us.ibm.com>
[aik: added "revert" and "fixes:"] Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Tested-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20191216041924.42318-2-aik@ozlabs.ru Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
projects / mirror_ubuntu-focal-kernel.git / log