- 14 Mar, 2023 39 commits
-
-
Shashank Gupta authored
The function adf_sysfs_init() is used by qat_4xxx to create sysfs attributes. This is called by the probe function before starting a device. With this sequence, there might be a chance that the sysfs entries for configuration might be changed by a user while the driver is performing a device bring-up causing unexpected behaviors. Delay the creation of sysfs entries after adf_dev_start(). Signed-off-by:
Shashank Gupta <shashank.gupta@intel.com> Reviewed-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Eric Biggers authored
The performance of the crypto fuzz tests has greatly regressed since v5.18. When booting a kernel on an arm64 dev board with all software crypto algorithms and CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled, the fuzz tests now take about 200 seconds to run, or about 325 seconds with lockdep enabled, compared to about 5 seconds before. The root cause is that the random number generation has become much slower due to commit d4150779 ("random32: use real rng for non-deterministic randomness"). On my same arm64 dev board, at the time the fuzz tests are run, get_random_u8() is about 345x slower than prandom_u32_state(), or about 469x if lockdep is enabled. Lockdep makes a big difference, but much of the rest comes from the get_random_*() functions taking a *very* slow path when the CRNG is not yet initialized. Since the crypto self-tests run early during boot, even having a hardware RNG driver enabled (CONFIG_CRYPTO_DEV_QCOM_RNG in my case) doesn't prevent this. x86 systems don't have this issue, but they still see a significant regression if lockdep is enabled. Converting the "Fully random bytes" case in generate_random_bytes() to use get_random_bytes() helps significantly, improving the test time to about 27 seconds. But that's still over 5x slower than before. This is all a bit silly, though, since the fuzz tests don't actually need cryptographically secure random numbers. So let's just make them use a non-cryptographically-secure RNG as they did before. The original prandom_u32() is gone now, so let's use prandom_u32_state() instead, with an explicitly managed state, like various other self-tests in the kernel source tree (rbtree_test.c, test_scanf.c, etc.) already do. This also has the benefit that no locking is required anymore, so performance should be even better than the original version that used prandom_u32(). Fixes: d4150779 ("random32: use real rng for non-deterministic randomness") Cc: stable@vger.kernel.org Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Eric Biggers authored
aesbs_ecb_encrypt(), aesbs_ecb_decrypt(), aesbs_xts_encrypt(), and aesbs_xts_decrypt() are called via indirect function calls. Therefore they need to use SYM_TYPED_FUNC_START instead of SYM_FUNC_START to cause their type hashes to be emitted when the kernel is built with CONFIG_CFI_CLANG=y. Otherwise, the code crashes with a CFI failure if the compiler doesn't happen to optimize out the indirect calls. Fixes: c50d3285 ("arm64: Add types to indirect called assembly functions") Cc: stable@vger.kernel.org Signed-off-by:
Ard Biesheuvel <ardb@kernel.org> Signed-off-by:
-
Neal Liu authored
Since the acry_dev->buf_addr may be NULL, add error handling to prevent any additional access to avoid potential issues. Signed-off-by:
Neal Liu <neal_liu@aspeedtech.com> Signed-off-by:
-
Anthony Yznaga authored
For multithreaded jobs the computed chunk size is rounded up by the caller-specified alignment. However, the number of worker threads to use is computed using the minimum chunk size without taking alignment into account. A sufficiently large alignment value can result in too many worker threads being allocated for the job. Signed-off-by:
Anthony Yznaga <anthony.yznaga@oracle.com> Acked-by:
Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by:
-
Vladimir Zapolskiy authored
The added 'qcom,qce' compatible value will serve as a sole QCE IP family compatible, since a particular QCE IP version is discoverablem thus, if it'd be needed to differentiate various IP versions, it can be obtained in runtime. Two IP version based compatibles are left untouched to preserve backward DTB ABI compatibility. Signed-off-by:
Vladimir Zapolskiy <vladimir.zapolskiy@linaro.org> Reviewed-by:
Konrad Dybcio <konrad.dybcio@linaro.org> Signed-off-by:
-
Thara Gopinath authored
On certain Snapdragon processors, the crypto engine clocks are enabled by default by security firmware and the driver should not handle the clocks. Make acquiring of all the clocks optional in crypto engine driver, so that the driver initializes properly even if no clocks are specified in the dt. Tested-by:
Jordan Crouse <jorcrous@amazon.com> Signed-off-by:
Thara Gopinath <thara.gopinath@gmail.com> Signed-off-by:
Bhupesh Sharma <bhupesh.sharma@linaro.org> [Bhupesh: Massage the commit log] Signed-off-by:
-
Thara Gopinath authored
Crypto engine on certain Snapdragon processors like sm8150, sm8250, sm8350 etc. requires interconnect path between the engine and memory to be explicitly enabled and bandwidth set prior to any operations. Add support in the qce core to enable the interconnect path appropriately. Tested-by:
-
Vladimir Zapolskiy authored
Add a family compatible for QCE IP on SM8550 SoC, which is equal to QCE IP found on SM8150 SoC and described in the recently updated device tree bindings documentation, as well add a generic QCE IP family compatible. Reviewed-by:
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by:
Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by:
-
Vladimir Zapolskiy authored
On newer Qualcomm SoCs the crypto engine clocks are enabled by default by security firmware. To drop clocks and clock-names from the list of required properties use 'qcom,sm8150-qce' compatible name. The change is based on Neil Armstrong's observation and an original change. Cc: Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by:
-
Vladimir Zapolskiy authored
Introduce a generic IP family compatible 'qcom,qce' and its two derivatives based on SoC names rather than on IP versions. Having a generic compatible is only partially sufficient, the QCE IP version can be discovered in runtime, however there are two known groups of QCE IP versions, which require different DT properties, these two groups are populated with SoC based compatibles known at the moment. Keep the old compatible 'qcom,crypto-v5.1' and document an existing and already used but not previously documented compatible 'qcom,crypto-v5.4' for backward compatibility of DTB ABI, mark both of the compatibles as deprecated. The change is based on the original one written by Bhupesh Sharma, adding a generic family compatible is suggested by Neil Armstrong. Cc: Bhupesh Sharma <bhupesh.sharma@linaro.org> Cc: Neil Armstrong <neil.armstrong@linaro.org> Reviewed-by:
-
Bhupesh Sharma authored
Add the missing optional property - 'iommus' to the device-tree binding documentation for qcom-qce crypto IP. This property describes the phandle(s) to apps_smmu node with sid mask. Cc: Bjorn Andersson <andersson@kernel.org> Reviewed-by:
Rob Herring <robh@kernel.org> Tested-by:
-
Bhupesh Sharma authored
Add 'interconnects' and 'interconnect-names' as optional properties to the device-tree binding documentation for Qualcomm crypto IP. These properties describe the interconnect path between crypto and main memory and the interconnect type respectively. Cc: Bjorn Andersson <andersson@kernel.org> Acked-by:
-
Bhupesh Sharma authored
Add the entry for 'Documentation/devicetree/bindings/crypto/qcom-qce.yaml' to the appropriate section for 'QUALCOMM CRYPTO DRIVERS' in MAINTAINERS file. Reviewed-by:
Bjorn Andersson <andersson@kernel.org> Signed-off-by:
-
Bhupesh Sharma authored
Convert Qualcomm QCE crypto devicetree binding to YAML. Reviewed-by:
-
Danny Tsen authored
Defined CRYPTO_AES_GCM_P10 in Kconfig to support AES/GCM stitched implementation for Power10 or later CPU. Added a new module driver aes-gcm-p10-crypto. Signed-off-by:
Danny Tsen <dtsen@linux.ibm.com> Signed-off-by:
-
Danny Tsen authored
Signed-off-by:
-
Danny Tsen authored
This perl code is taken from the OpenSSL project and added gcm_init_htable function used in the aes-gcm-p10-glue.c code to initialize hash table. gcm_hash_p8 is used to hash encrypted data blocks. Signed-off-by:
-
Danny Tsen authored
This code is taken from CRYPTOGAMs[1]. The following functions are used, aes_p8_set_encrypt_key is used to generate AES round keys and aes_p8_encrypt is used to encrypt single block. Signed-off-by:
-
Danny Tsen authored
Improve overall performance of AES/GCM encrypt and decrypt operations for Power10 or later CPU. Signed-off-by:
-
Danny Tsen authored
Signed-off-by:
-
Yang Li authored
Convert platform_get_resource(), devm_ioremap_resource() to a single call to devm_platform_get_and_ioremap_resource(), as this is exactly what this function does. Signed-off-by:
Yang Li <yang.lee@linux.alibaba.com> Acked-by:
Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by:
-
Yang Li authored
Convert platform_get_resource(), devm_ioremap_resource() to a single call to Use devm_platform_ioremap_resource(), as this is exactly what this function does. Signed-off-by:
-
Heiner Kallweit authored
drvdata isn't used, therefore remove this call. Signed-off-by:
Heiner Kallweit <hkallweit1@gmail.com> Reviewed-by:
Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by:
-
Heiner Kallweit authored
Use devm_clk_get_optional_enabled() to simplify the code. Signed-off-by:
-
Heiner Kallweit authored
Member pdev isn't used, remove it. Signed-off-by:
-
Thomas Weißschuh authored
Since commit ee6d3dd4 ("driver core: make kobj_type constant.") the driver core allows the usage of const struct kobj_type. Take advantage of this to constify the structure definition to prevent modification at runtime. Signed-off-by:
Thomas Weißschuh <linux@weissschuh.net> Acked-by:
-
Herbert Xu authored
The report function is currently conditionalised on CONFIG_NET. As it's only used by CONFIG_CRYPTO_USER, conditionalising on that instead of CONFIG_NET makes more sense. This gets rid of a rarely used code-path. Signed-off-by: -
Herbert Xu authored
This is part of the low-level API and should not be exposed to top-level Crypto API users. Signed-off-by: -
Herbert Xu authored
Move all stat code specific to rng into the rng code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to skcipher into the skcipher code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to kpp into the kpp code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to acomp into the acomp code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to hash into the hash code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to akcipher into the akcipher code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
Move all stat code specific to aead into the aead code. While we're at it, change the stats so that bytes and counts are always incremented even in case of error. This allows the reference counting to be removed as we can now increment the counters prior to the operation. After the operation we simply increase the error count if necessary. This is safe as errors can only occur synchronously (or rather, the existing code already ignored asynchronous errors which are only visible to the callback function). Signed-off-by: -
Herbert Xu authored
The stats code resurrected the unions from the early days of kernel crypto. This patch starts the process of moving them out to the individual type structures as we do for everything else. In particular, add a report_stat function to cra_type and call that from the stats code if available. This allows us to move the actual code over one-by-one. Signed-off-by: -
Herbert Xu authored
Include crypto/algapi.h instead of linux/crypto.h in adf_ctl_drv.c as this is using the low-level Crypto API. It just happens to work currently because MODULE_ALIAS_CRYPTO was mistakenly added to linux/crypto.h. Signed-off-by:
-
Uwe Kleine-König authored
Returning an error value in a platform driver's remove callback results in a generic error message being emitted by the driver core, but otherwise it doesn't make a difference. The device goes away anyhow. As the driver already emits a better error message than the core, suppress the generic error message by returning zero unconditionally. Signed-off-by:
Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by:
-
- 10 Mar, 2023 1 commit
-
-
Uwe Kleine-König authored
Instead of ignoring errors returned by devm_clk_get() and manually enabling the clk for the whole lifetime of the bound device, use devm_clk_get_optional_enabled(). This is simpler and also more correct as it doesn't ignore errors. This is also more correct because now the call to clk_disable_unprepare() can be dropped from xgene_rng_remove() which happened while the hwrn device was still registered. With the devm callback disabling the clk happens correctly only after devm_hwrng_register() is undone. As a result struct xgene_rng_dev::clk is only used in xgene_rng_probe, and so the struct member can be replaced by a local variable. Signed-off-by:
-
