The ADRL pseudo instruction is not an architectural construct, but a
convenience macro that was supported by the ARM proprietary assembler
and adopted by binutils GAS as well, but only when assembling in 32-bit
ARM mode. Therefore, it can only be used in assembler code that is known
to assemble in ARM mode only, but as it turns out, the Clang assembler
does not implement ADRL at all, and so it is better to get rid of it
entirely.
So replace the ADRL instruction with a ADR instruction that refers to
a nearer symbol, and apply the delta explicitly using an additional
instruction.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The ADRL pseudo instruction is not an architectural construct, but a
convenience macro that was supported by the ARM proprietary assembler
and adopted by binutils GAS as well, but only when assembling in 32-bit
ARM mode. Therefore, it can only be used in assembler code that is known
to assemble in ARM mode only, but as it turns out, the Clang assembler
does not implement ADRL at all, and so it is better to get rid of it
entirely.
So replace the ADRL instruction with a ADR instruction that refers to
a nearer symbol, and apply the delta explicitly using an additional
instruction.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Liu Shixin [Wed, 16 Sep 2020 02:50:17 +0000 (10:50 +0800)]
crypto: qat - convert to use DEFINE_SEQ_ATTRIBUTE macro
Use DEFINE_SEQ_ATTRIBUTE macro to simplify the code.
Signed-off-by: Liu Shixin <liushixin2@huawei.com> Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 15 Sep 2020 03:30:24 +0000 (13:30 +1000)]
crypto: lib/chacha20poly1305 - Set SG_MITER_ATOMIC unconditionally
There is no reason for the chacha20poly1305 SG miter code to use
kmap instead of kmap_atomic as the critical section doesn't sleep
anyway. So we can simply get rid of the preemptible check and
set SG_MITER_ATOMIC unconditionally.
Even if we need to reenable preemption to lower latency we should
be doing that by interrupting the SG miter walk rather than using
kmap.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 14 Sep 2020 04:22:16 +0000 (14:22 +1000)]
crypto: inside-secure - Reuse code in safexcel_hmac_alg_setkey
The code in the current implementation of safexcel_hmac_alg_setkey
can be reused by safexcel_cipher. This patch does just that by
renaming the previous safexcel_hmac_setkey to __safexcel_hmac_setkey.
The now-shared safexcel_hmac_alg_setkey becomes safexcel_hmac_setkey
and a new safexcel_hmac_alg_setkey has been added for use by ahash
transforms.
As a result safexcel_aead_setkey's stack frame has been reduced by
about half in size, or about 512 bytes.
Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Mon, 14 Sep 2020 04:22:14 +0000 (14:22 +1000)]
crypto: inside-secure - Move ipad/opad into safexcel_context
As both safexcel_ahash_ctx and safexcel_cipher_ctx contain ipad
and opad buffers this patch moves them into the common struct
safexcel_context. It also adds a union so that they can be accessed
in the appropriate endian without crazy casts.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Xiaoliang Pang [Mon, 14 Sep 2020 03:00:51 +0000 (11:00 +0800)]
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
In the init loop, if an error occurs in function 'dma_alloc_coherent',
then goto the err_cleanup section, after run i--,
in the array ring, the struct mtk_ring with index i will not be released,
causing memory leaks
Fixes: 785e5c616c849 ("crypto: mediatek - Add crypto driver support for some MediaTek chips") Cc: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Xiaoliang Pang <dawning.pang@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We have a few interesting pieces in our cipher museum, which are never
used internally, and were only ever provided as generic C implementations.
Unfortunately, we cannot simply remove this code, as we cannot be sure
that it is not being used via the AF_ALG socket API, however unlikely.
So let's mark the Anubis, Khazad, SEED and TEA algorithms as obsolete,
which means they can only be enabled in the build if the socket API is
enabled in the first place.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Add support for EIP197 with output classifier
This patch adds support for EIP197 instances that include the output
classifier (OCE) option, as used by one of our biggest customers.
The OCE normally requires initialization and dedicated firmware, but
for the simple operations supported by this driver, we just bypass it
completely for now (using what is formally a debug feature).
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/caam/caamalg_qi2.c:73: warning: cannot understand function prototype: 'struct caam_ctx'
drivers/crypto/caam/caamalg_qi2.c:2962: warning: cannot understand function prototype: 'struct caam_hash_ctx'
drivers/crypto/caam/ctrl.c:449: warning: Function parameter or member 'ctrl' not described in 'caam_get_era'
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Longfang Liu [Thu, 10 Sep 2020 11:56:39 +0000 (19:56 +0800)]
crypto: hisilicon - update mininum queue
At present, as HPRE/SEC/ZIP modules' parameter 'pf_q_num' is 1,
kernel CRYPTO test will fail on the algorithms from the modules,
since 'QP' hardware resources are not enough for CRYPTO TFM.
To fix this, the minimum value of 'pf_q_num' should be 2.
Signed-off-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Build pci_device_id structure using the PCI_VDEVICE macro.
This removes any references to the ADF_SYSTEM_DEVICE macro.
Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Fiona Trahe <fiona.trahe@intel.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure - Prevent missing of processing errors
On systems with coherence issues, packet processed could succeed while
it should have failed, e.g. because of an authentication fail.
This is because the driver would read stale status information that had
all error bits initialised to zero = no error.
Since this is potential a security risk, we want to prevent it from being
a possibility at all. So initialize all error bits to error state, so
that reading stale status information will always result in errors.
Signed-off-by: Pascal van Leeuwen <pvanleeuwen@rambus.com> Acked-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:22:01 +0000 (16:22 +0800)]
crypto: hisilicon/zip - supplement some comments
Supplement some comments.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:22:00 +0000 (16:22 +0800)]
crypto: hisilicon/zip - move some private macros from 'zip.h' to 'zip_crypto.c'
Some macros which are defined in 'zip.h' are related to the struct
'hisi_zip_sqe' and are only used in 'zip_crypto.c'. So move them from
'zip.h' to 'zip_crypto.c'.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:59 +0000 (16:21 +0800)]
crypto: hisilicon/zip - fix static check warning
Fix some code for PClint warning:
Warning - Suspicious Cast
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:58 +0000 (16:21 +0800)]
crypto: hisilicon/zip - add print for error branch
Add print for some error branches.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:57 +0000 (16:21 +0800)]
crypto: hisilicon/zip - use a enum parameter instead of some macros
Macros 'QPC_COMP', 'QPC_DECOMP' and 'HZIP_CTX_Q_NUM' are relative and
incremental. So, use an enum instead.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:56 +0000 (16:21 +0800)]
crypto: hisilicon/zip - replace 'sprintf' with 'scnprintf'
Replace 'sprintf' with 'scnprintf' to avoid overrun.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:54 +0000 (16:21 +0800)]
crypto: hisilicon/zip - unify naming style for functions and macros
1.Add prefix 'HZIP' for some macros
2.Add prefix 'hisi_zip' for some functions
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Mon, 7 Sep 2020 08:21:53 +0000 (16:21 +0800)]
crypto: hisilicon/zip - remove some useless parameters
1.Remove the macro 'HZIP_VF_NUM'.
2.Remove 'list' of the struct 'hisi_zip'
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tero Kristo [Mon, 7 Sep 2020 07:56:24 +0000 (10:56 +0300)]
crypto: omap-sham - fix digcnt register handling with export/import
Running export/import for hashes in peculiar order (mostly done by
openssl) can mess up the internal book keeping of the OMAP SHA core.
Fix by forcibly writing the correct DIGCNT back to hardware. This issue
was noticed while transitioning to openssl 1.1 support.
Fixes: 0d373d603202 ("crypto: omap-sham - Add OMAP4/AM33XX SHAM Support") Signed-off-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: qat - include domain in top level debugfs path
Use pci_name() when creating debugfs entries in order to include PCI
domain in the path.
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Add missing and fix existing kerneldoc to silence W=1 warnings:
drivers/crypto/s5p-sss.c:333: warning: Function parameter or member 'pclk' not described in 's5p_aes_dev'
drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'sgl' not described in 's5p_hash_reqctx'
drivers/crypto/s5p-sss.c:373: warning: Function parameter or member 'buffer' not described in 's5p_hash_reqctx'
drivers/crypto/s5p-sss.c:1143: warning: Function parameter or member 'new_len' not described in 's5p_hash_prepare_sgs'
drivers/crypto/s5p-sss.c:1143: warning: Excess function parameter 'nbytes' description in 's5p_hash_prepare_sgs'
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> Reviewed-by: Kamil Konieczny <k.konieczny@samsung.com> Acked-by: Kamil Konieczny <k.konieczny@samsung.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
hwrng: xiphera-trng: add support for XIP8001B hwrng
Xiphera XIP8001B is an FPGA-based True Random Number Generator
Intellectual Property (IP) Core which can be instantiated in
multiple FPGA families. This driver adds Linux support for it through
the hwrng interface.
Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 1 Sep 2020 11:48:40 +0000 (21:48 +1000)]
crypto: arm/aes-neonbs - Use generic cbc encryption path
Since commit b56f5cbc7e08ec7d31c42fc41e5247677f20b143 ("crypto:
arm/aes-neonbs - resolve fallback cipher at runtime") the CBC
encryption path in aes-neonbs is now identical to that obtained
through the cbc template. This means that it can simply call
the generic cbc template instead of doing its own thing.
This patch removes the custom encryption path and simply invokes
the generic cbc template.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Mon, 31 Aug 2020 15:16:49 +0000 (18:16 +0300)]
crypto: arc4 - mark ecb(arc4) skcipher as obsolete
Cryptographic algorithms may have a lifespan that is significantly
shorter than Linux's, and so we need to start phasing out algorithms
that are known to be broken, and are no longer fit for general use.
RC4 (or arc4) is a good example here: there are a few areas where its
use is still somewhat acceptable, e.g., for interoperability with legacy
wifi hardware that can only use WEP or TKIP data encryption, but that
should not imply that, for instance, use of RC4 based EAP-TLS by the WPA
supplicant for negotiating TKIP keys is equally acceptable, or that RC4
should remain available as a general purpose cryptographic transform for
all in-kernel and user space clients.
Now that all in-kernel users that need to retain support have moved to
the arc4 library interface, and the known users of ecb(arc4) via the
socket API (iwd [0] and libell [1][2]) have been updated to switch to a
local implementation, we can take the next step, and mark the ecb(arc4)
skcipher as obsolete, and only provide it if the socket API is enabled in
the first place, as well as provide the option to disable all algorithms
that have been marked as obsolete.
Ard Biesheuvel [Mon, 31 Aug 2020 15:16:48 +0000 (18:16 +0300)]
net: wireless: drop bogus CRYPTO_xxx Kconfig selects
Drop some bogus Kconfig selects that are not entirely accurate, and
unnecessary to begin with, since the same Kconfig options also select
LIB80211 features that already imply the selected functionality (AES
for CCMP, ARC4 and ECB for TKIP)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ard Biesheuvel [Mon, 31 Aug 2020 15:16:45 +0000 (18:16 +0300)]
SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says
The IETF Kerberos community supports publishing this specification as
an informational document in order to describe this widely
implemented technology. However, while these encryption types
provide the operations necessary to implement the base Kerberos
specification [RFC4120], they do not provide all the required
operations in the Kerberos cryptography framework [RFC3961]. As a
result, it is not generally possible to implement potential
extensions to Kerberos using these encryption types. The Kerberos
encryption type negotiation mechanism [RFC4537] provides one approach
for using such extensions even when a Kerberos infrastructure uses
long-term RC4 keys. Because this specification does not implement
operations required by RFC 3961 and because of security concerns with
the use of RC4 and MD4 discussed in Section 8, this specification is
not appropriate for publication on the standards track.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong cryptography (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption. This document describes
the implementation of those encryption types.
Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'
Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)
Ard Biesheuvel [Mon, 31 Aug 2020 15:16:44 +0000 (18:16 +0300)]
staging/rtl8192u: switch to RC4 library interface
Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.
Ard Biesheuvel [Mon, 31 Aug 2020 15:16:43 +0000 (18:16 +0300)]
staging/rtl8192e: switch to RC4 library interface
Switch to the ARC4 library interface, to remove the pointless
dependency on the skcipher API, from which we will hopefully be
able to drop ecb(arc4) skcipher support.
Marco Felsch [Mon, 31 Aug 2020 14:00:42 +0000 (16:00 +0200)]
hwrng: imx-rngc - add quality to use it as kernel entropy pool
The RNGB can generate 2^20 words (1 word == 4 byte) of 'random' data
after the seed pool was initialized. The pool needs to be reseeded if
more words are required. The reseeding is done automatically since
commit 3acd9ea9331c ("hwrng: imx-rngc - use automatic seeding").
We can't retrieve the TRNG values directly so we need a other way to get
the quality level. We know that the PRNG uses 20.000 entropy samples
from the TRNG to generate 2^20 words (1MiB) and the quality level is
defined as (in bits of entropy per 1024 bits of input). So the quality
level can be calculated by:
20.000 * 1024
------------- = ~ 19.5
2^20
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
Return -EINVAL for authenc(hmac(sha1),cbc(aes)),
authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes))
if the cipher length is not multiple of the AES block.
This is to prevent an undefined device behaviour.
Uros Bizjak [Thu, 27 Aug 2020 17:38:31 +0000 (19:38 +0200)]
crypto: poly1305-x86_64 - Use XORL r32,32
x86_64 zero extends 32bit operations, so for 64bit operands,
XORL r32,r32 is functionally equal to XORQ r64,r64, but avoids
a REX prefix byte when legacy registers are used.
Signed-off-by: Uros Bizjak <ubizjak@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Uros Bizjak [Thu, 27 Aug 2020 17:30:58 +0000 (19:30 +0200)]
crypto: curve25519-x86_64 - Use XORL r32,32
x86_64 zero extends 32bit operations, so for 64bit operands,
XORL r32,r32 is functionally equal to XORL r64,r64, but avoids
a REX prefix byte when legacy registers are used.
Signed-off-by: Uros Bizjak <ubizjak@gmail.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Remove redundant memzero_explicit() in sun8i_ss_cipher() before calling
kfree_sensitive(). kfree_sensitive() will zero the memory with
memzero_explicit().
Fixes: 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()") Signed-off-by: Denis Efremov <efremov@linux.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 25 Aug 2020 01:34:28 +0000 (11:34 +1000)]
crypto: arm64/sha - Add declarations for assembly variables
This patch adds declarations for variables only used by assembly
code to silence compiler warnings:
CC [M] arch/arm64/crypto/sha1-ce-glue.o
AS [M] arch/arm64/crypto/sha1-ce-core.o
CC [M] arch/arm64/crypto/sha2-ce-glue.o
AS [M] arch/arm64/crypto/sha2-ce-core.o
CHECK ../arch/arm64/crypto/sha1-ce-glue.c
CHECK ../arch/arm64/crypto/sha2-ce-glue.c
../arch/arm64/crypto/sha1-ce-glue.c:38:11: warning: symbol 'sha1_ce_offsetof_count' was not declared. Should it be static?
../arch/arm64/crypto/sha1-ce-glue.c:39:11: warning: symbol 'sha1_ce_offsetof_finalize' was not declared. Should it be static?
../arch/arm64/crypto/sha2-ce-glue.c:38:11: warning: symbol 'sha256_ce_offsetof_count' was not declared. Should it be static?
../arch/arm64/crypto/sha2-ce-glue.c:40:11: warning: symbol 'sha256_ce_offsetof_finalize' was not declared. Should it be static?
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 25 Aug 2020 01:23:00 +0000 (11:23 +1000)]
crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
This patch adds a prototype for poly1305_blocks_neon to slience
a compiler warning:
CC [M] arch/arm/crypto/poly1305-glue.o
../arch/arm/crypto/poly1305-glue.c:25:13: warning: no previous prototype for `poly1305_blocks_neon' [-Wmissing-prototypes]
void __weak poly1305_blocks_neon(void *state, const u8 *src, u32 len, u32 hibit)
^~~~~~~~~~~~~~~~~~~~
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 21 Aug 2020 13:59:12 +0000 (23:59 +1000)]
crypto: stm32 - Fix sparse warnings
This patch fixes most of the sparse endianness warnings in stm32.
The patch itself doesn't change anything apart from markings,
but there is some questionable code in stm32_cryp_check_ctr_counter.
That function operates on the counters as if they're in CPU order,
however, they're then written out as big-endian. This looks like
a genuine bug. Therefore I've left that warning alone until
someone can confirm that this really does work as intended on
little-endian.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
pm_runtime_get_sync() increments the runtime PM usage counter
even when it returns an error code. However, users of cc_pm_get(),
a direct wrapper of pm_runtime_get_sync(), assume that PM usage
counter will not change on error. Thus a pairing decrement is needed
on the error handling path to keep the counter balanced.
Fixes: 8c7849a30255c ("crypto: ccree - simplify Runtime PM handling") Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 21 Aug 2020 07:52:04 +0000 (17:52 +1000)]
crypto: mediatek - Fix endianness bugs and sparse warnings
This patch squashes all the sparse warnings in mediatek, some of
which appear to be genuine bugs. In particular, previously on
BE the keys and IVs all get 32-bit swabbed which can't be right
because they don't get swabbed on LE. I presume LE is the one
that actually works.
Another funky thing is that the GHASH key gets swabbed on LE.
This makes no sense but I'm presuming someone actually tested
this on LE so I'm preserving the swabbing. Someone needs to
test this though as it is entirely possible that GCM is the
only thing that worked on BE but not LE.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
YueHaibing [Tue, 18 Aug 2020 14:00:01 +0000 (22:00 +0800)]
crypto: sa2ul - Fix pointer-to-int-cast warning
drivers/crypto/sa2ul.c: In function ‘sa_sha_init’:
drivers/crypto/sa2ul.c:1486:33: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
crypto_ahash_digestsize(tfm), (u64)rctx);
^
./include/linux/dev_printk.h:123:47: note: in definition of macro ‘dev_dbg’
dev_printk(KERN_DEBUG, dev, dev_fmt(fmt), ##__VA_ARGS__); \
^~~~~~~~~~~
Use %p to print rctx pointer.
Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fabio Estevam [Mon, 24 Aug 2020 14:09:53 +0000 (11:09 -0300)]
crypto: arm/curve25519 - include <linux/scatterlist.h>
Building ARM allmodconfig leads to the following warnings:
arch/arm/crypto/curve25519-glue.c:73:12: error: implicit declaration of function 'sg_copy_to_buffer' [-Werror=implicit-function-declaration]
arch/arm/crypto/curve25519-glue.c:74:9: error: implicit declaration of function 'sg_nents_for_len' [-Werror=implicit-function-declaration]
arch/arm/crypto/curve25519-glue.c:88:11: error: implicit declaration of function 'sg_copy_from_buffer' [-Werror=implicit-function-declaration]
Include <linux/scatterlist.h> to fix such warnings
Reported-by: Olof's autobuilder <build@lixom.net> Fixes: 0c3dc787a62a ("crypto: algapi - Remove skbuff.h inclusion") Signed-off-by: Fabio Estevam <festevam@gmail.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 21 Aug 2020 12:42:10 +0000 (22:42 +1000)]
crypto: stm32 - Add missing header inclusions
The stm32 driver was missing a number of includes that we being
pulled in by unrelated header files. As the indirect inclusion
went away, it now fails to build.
This patch adds the missing inclusions.
Reported-by: kernel test robot <lkp@intel.com> Fixes: 0c3dc787a62a ("crypto: algapi - Remove skbuff.h inclusion") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Sat, 15 Aug 2020 09:56:17 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix the process of register algorithms to crypto
When the devices are removed or not existing, the corresponding algorithms
which are registered by 'hisi-zip' driver can't be used.
Move 'hisi_zip_register_to_crypto' from 'hisi_zip_init' to
'hisi_zip_probe'. The algorithms will be registered to crypto only when
there is device bind on the driver. And when the devices are removed,
the algorithms will be unregistered.
In the previous process, the function 'xxx_register_to_crypto' need a lock
and a static variable to judge if the registration is the first time.
Move this action into the function 'hisi_qm_alg_register'. Each device
will call 'hisi_qm_alg_register' to add itself to qm list in probe process
and registering algs when the qm list is empty.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Sat, 15 Aug 2020 09:56:16 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix the call trace when unbind device
Call trace will appear in the Hisilicon crypto driver unbinding or
disabling SRIOV during task running with TFMs on the corresponding
function.
The log looks like this:
[ 293.908078] Call trace:
[ 293.908080] __queue_work+0x494/0x548
[ 293.908081] queue_work_on+0x84/0xd8
[ 293.908092] qm_irq+0x4c/0xd0 [hisi_qm]
[ 293.908096] __handle_irq_event_percpu+0x74/0x2a0
[ 293.908098] handle_irq_event_percpu+0x40/0x98
[ 293.908099] handle_irq_event+0x4c/0x80
[ 293.908101] handle_fasteoi_irq+0xb0/0x170
[ 293.908102] generic_handle_irq+0x3c/0x58
[ 293.908103] __handle_domain_irq+0x68/0xc0
[ 293.908104] gic_handle_irq+0xb4/0x298
[ 293.908105] el1_irq+0xcc/0x180
[ 293.908107] arch_cpu_idle+0x38/0x228
[ 293.908110] default_idle_call+0x20/0x40
[ 293.908113] do_idle+0x1cc/0x2b8
[ 293.908114] cpu_startup_entry+0x2c/0x30
[ 293.908115] rest_init+0xdc/0xe8
[ 293.908117] arch_call_rest_init+0x14/0x1c
[ 293.908117] start_kernel+0x490/0x4c4
This patch adds a waiting logic as user doing the above two operations
to avoid panic. The two operations will hold on in the driver
remove function until the tasks release all their relative TFMs.
Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Weili Qian <qianweili@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Sat, 15 Aug 2020 09:56:15 +0000 (17:56 +0800)]
crypto: hisilicon/qm - register callback function to 'pci_driver.shutdown'
Since the drivers such as HPRE/SEC/ZIP do not implement
'pci_driver.shutdow', a RAS will be triggered at OS rebooting or shutting
down as the hardware device is processing request.
The log looks like this:
NOTICE: [NimbusSecNodeType1]:[2372L]This is sec, Base = 0x141800000
NOTICE: [NimbusSecHandle]:[2319L] SecIntSt = 0x3
NOTICE: [NimbusSecHandle]:[2320L] SecQmIntStatus = 0x2
NOTICE: [PrintSecurityType]:[344L] SecurityType is RECOVERABLE!
This patch offers a new API in qm to shutdown devices, and add shutdown
callbacks in ACC driver based on this new API.
So the running devices will be stopped when the OS reboot or shutdown.
Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Shukun Tan [Sat, 15 Aug 2020 09:56:14 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix VF not available after PF FLR
When PF FLR, the hardware will actively trigger the VF FLR. Configuration
space of VF needs to be saved and restored to ensure that it is available
after the PF FLR.
Fixes: 7ce396fa12a9("crypto: hisilicon - add FLR support") Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Sat, 15 Aug 2020 09:56:13 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix no stop reason when use 'hisi_qm_stop'
Now, there are three reasons of stopping: 'NORMAL', 'SOFT_RESET' and 'FLR'.
In order to keep this, explicitly pass the stop reason as an input
parameter of 'hisi_qm_stop' function.
Fixes: b67202e8ed30("crypto: hisilicon/qm - add state machine for QM") Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Shukun Tan [Sat, 15 Aug 2020 09:56:12 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix event queue depth to 2048
Increasing depth of 'event queue' from 1024 to 2048, which equals to twice
depth of 'completion queue'. It will fix the easily happened 'event queue
overflow' as using 1024 queue depth for 'event queue'.
Fixes: 263c9959c937("crypto: hisilicon - add queue management driver...") Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Hui Tang [Sat, 15 Aug 2020 09:56:11 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix judgement of queue is full
The queue depth is 1024, so the condition for judging the queue full
should be 1023, otherwise the hardware cannot judge whether the queue
is empty or full.
Fixes: 263c9959c937("crypto: hisilicon - add queue management driver...") Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Sat, 15 Aug 2020 09:56:10 +0000 (17:56 +0800)]
crypto: hisilicon/qm - fix print frequence in hisi_qp_send
Requests will be sent continuously as resetting, which will cause 'printk'
flooding. Using 'dev_info_ratelimited' can solve this problem well.
Fixes: b67202e8ed30("crypto: hisilicon/qm - add state machine for QM") Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Shukun Tan [Sat, 15 Aug 2020 09:56:09 +0000 (17:56 +0800)]
crypto: hisilicon/qm - clear used reference count when start qp
The used reference count is used for counting the number of 'sqe' which
is under processing. This reference count should be cleared as starting
'qp', otherwise the 'used' will be messy when allocating this 'qp' again.
Fixes: 5308f6600a39("crypto: hisilicon - QM memory management...") Signed-off-by: Shukun Tan <tanshukun1@huawei.com> Signed-off-by: Yang Shen <shenyang39@huawei.com> Reviewed-by: Zhou Wang <wangzhou1@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>