1. 25 May, 2016 1 commit
    • Tom Lendacky's avatar
      crypto: ccp - Fix AES XTS error for request sizes above 4096 · ab6a11a7
      Tom Lendacky authored
      The ccp-crypto module for AES XTS support has a bug that can allow requests
      greater than 4096 bytes in size to be passed to the CCP hardware. The CCP
      hardware does not support request sizes larger than 4096, resulting in
      incorrect output. The request should actually be handled by the fallback
      mechanism instantiated by the ccp-crypto module.
      
      Add a check to insure the request size is less than or equal to the maximum
      supported size and use the fallback mechanism if it is not.
      
      Cc: <stable@vger.kernel.org> # 3.14.x-
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ab6a11a7
  2. 19 May, 2016 2 commits
  3. 17 May, 2016 1 commit
    • Josh Poimboeuf's avatar
      crypto: sha1-mb - make sha1_x8_avx2() conform to C function ABI · 4a6b27b7
      Josh Poimboeuf authored
      Megha Dey reported a kernel panic in crypto code.  The problem is that
      sha1_x8_avx2() clobbers registers r12-r15 without saving and restoring
      them.
      
      Before commit aec4d0e3 ("x86/asm/crypto: Simplify stack usage in
      sha-mb functions"), those registers were saved and restored by the
      callers of the function.  I removed them with that commit because I
      didn't realize sha1_x8_avx2() clobbered them.
      
      Fix the potential undefined behavior associated with clobbering the
      registers and make the behavior less surprising by changing the
      registers to be callee saved/restored to conform with the C function
      call ABI.
      
      Also, rdx (aka RSP_SAVE) doesn't need to be saved: I verified that none
      of the callers rely on it being saved, and it's not a callee-saved
      register in the C ABI.
      
      Fixes: aec4d0e3 ("x86/asm/crypto: Simplify stack usage in sha-mb functions")
      Cc: stable@vger.kernel.org # 4.6
      Reported-by: default avatarMegha Dey <megha.dey@linux.intel.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4a6b27b7
  4. 13 May, 2016 1 commit
  5. 10 May, 2016 2 commits
  6. 05 May, 2016 1 commit
  7. 03 May, 2016 11 commits
  8. 28 Apr, 2016 3 commits
  9. 25 Apr, 2016 6 commits
    • Krzysztof Kozlowski's avatar
      crypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks · 79152e8d
      Krzysztof Kozlowski authored
      The tcrypt testing module on Exynos5422-based Odroid XU3/4 board failed on
      testing 8 kB size blocks:
      
      	$ sudo modprobe tcrypt sec=1 mode=500
      	testing speed of async ecb(aes) (ecb-aes-s5p) encryption
      	test 0 (128 bit key, 16 byte blocks): 21971 operations in 1 seconds (351536 bytes)
      	test 1 (128 bit key, 64 byte blocks): 21731 operations in 1 seconds (1390784 bytes)
      	test 2 (128 bit key, 256 byte blocks): 21932 operations in 1 seconds (5614592 bytes)
      	test 3 (128 bit key, 1024 byte blocks): 21685 operations in 1 seconds (22205440 bytes)
      	test 4 (128 bit key, 8192 byte blocks):
      
      This was caused by a race issue of missed BRDMA_DONE ("Block cipher
      Receiving DMA") interrupt. Device starts processing the data in DMA mode
      immediately after setting length of DMA block: receiving (FCBRDMAL) or
      transmitting (FCBTDMAL). The driver sets these lengths from interrupt
      handler through s5p_set_dma_indata() function (or xxx_setdata()).
      
      However the interrupt handler was first dealing with receive buffer
      (dma-unmap old, dma-map new, set receive block length which starts the
      operation), then with transmit buffer and finally was clearing pending
      interrupts (FCINTPEND). Because of the time window between setting
      receive buffer length and clearing pending interrupts, the operation on
      receive buffer could end already and driver would miss new interrupt.
      
      User manual for Exynos5422 confirms in example code that setting DMA
      block lengths should be the last operation.
      
      The tcrypt hang could be also observed in following blocked-task dmesg:
      
      INFO: task modprobe:258 blocked for more than 120 seconds.
            Not tainted 4.6.0-rc4-next-20160419-00005-g9eac8b7b7753-dirty #42
      "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      modprobe        D c06b09d8     0   258    256 0x00000000
      [<c06b09d8>] (__schedule) from [<c06b0f24>] (schedule+0x40/0xac)
      [<c06b0f24>] (schedule) from [<c06b49f8>] (schedule_timeout+0x124/0x178)
      [<c06b49f8>] (schedule_timeout) from [<c06b17fc>] (wait_for_common+0xb8/0x144)
      [<c06b17fc>] (wait_for_common) from [<bf0013b8>] (test_acipher_speed+0x49c/0x740 [tcrypt])
      [<bf0013b8>] (test_acipher_speed [tcrypt]) from [<bf003e8c>] (do_test+0x2240/0x30ec [tcrypt])
      [<bf003e8c>] (do_test [tcrypt]) from [<bf008048>] (tcrypt_mod_init+0x48/0xa4 [tcrypt])
      [<bf008048>] (tcrypt_mod_init [tcrypt]) from [<c010177c>] (do_one_initcall+0x3c/0x16c)
      [<c010177c>] (do_one_initcall) from [<c0191ff0>] (do_init_module+0x5c/0x1ac)
      [<c0191ff0>] (do_init_module) from [<c0185610>] (load_module+0x1a30/0x1d08)
      [<c0185610>] (load_module) from [<c0185ab0>] (SyS_finit_module+0x8c/0x98)
      [<c0185ab0>] (SyS_finit_module) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
      
      Fixes: a49e490c ("crypto: s5p-sss - add S5PV210 advanced crypto engine support")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Tested-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      79152e8d
    • Krzysztof Kozlowski's avatar
      crypto: s5p-sss - Use common BIT macro · 5e00c604
      Krzysztof Kozlowski authored
      The BIT() macro is obvious and well known, so prefer to use it instead
      of crafted own macro.
      Signed-off-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5e00c604
    • Dan Carpenter's avatar
      crypto: mxc-scc - fix unwinding in mxc_scc_crypto_register() · 4c048af7
      Dan Carpenter authored
      There are two issues here:
      
      1) We need to decrement "i" otherwise we unregister something that was
         not successfully registered.
      2) The original code did not unregister the first element in the array
         where i is zero.
      
      Fixes: d293b640 ('crypto: mxc-scc - add basic driver for the MXC SCC')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4c048af7
    • Dan Carpenter's avatar
      crypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init() · b908bd3d
      Dan Carpenter authored
      ->src_nents and ->dst_nents are unsigned so they can't be less than
      zero.  I fixed this by introducing a temporary "nents" variable.
      
      Fixes: d293b640 ('crypto: mxc-scc - add basic driver for the MXC SCC')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b908bd3d
    • Horia Geant?'s avatar
      crypto: talitos - fix ahash algorithms registration · 3639ca84
      Horia Geant? authored
      Provide hardware state import/export functionality, as mandated by
      commit 8996eafd ("crypto: ahash - ensure statesize is non-zero")
      
      Cc: <stable@vger.kernel.org> # 4.3+
      Reported-by: default avatarJonas Eymann <J.Eymann@gmx.net>
      Signed-off-by: default avatarHoria Geant? <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3639ca84
    • Gary R Hook's avatar
      crypto: ccp - Ensure all dependencies are specified · b3c2fee5
      Gary R Hook authored
      A DMA_ENGINE requires DMADEVICES in Kconfig
      Signed-off-by: default avatarGary R Hook <gary.hook@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b3c2fee5
  10. 20 Apr, 2016 8 commits
    • Romain Perier's avatar
      crypto: marvell/cesa - Improving code readability · 21ec757d
      Romain Perier authored
      When looking for available engines, the variable "engine" is
      assigned to "&cesa->engines[i]" at the beginning of the for loop. Replacing
      next occurences of "&cesa->engines[i]" by "engine" and in order to improve
      readability.
      Signed-off-by: default avatarRomain Perier <romain.perier@free-electrons.com>
      Acked-by: default avatarBoris Brezillon <boris.brezillon@free-electrons.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      21ec757d
    • Krzysztof Kozlowski's avatar
      crypto: s5p-sss - Remove useless hash interrupt handler · 55124425
      Krzysztof Kozlowski authored
      Beside regular feed control interrupt, the driver requires also hash
      interrupt for older SoCs (samsung,s5pv210-secss). However after
      requesting it, the interrupt handler isn't doing anything with it, not
      even clearing the hash interrupt bit.
      
      Driver does not provide hash functions so it is safe to remove the hash
      interrupt related code and to not require the interrupt in Device Tree.
      Signed-off-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      55124425
    • Krzysztof Kozlowski's avatar
      crypto: s5p-sss - Fix use after free of copied input buffer in error path · 07c8fccb
      Krzysztof Kozlowski authored
      The driver makes copies of memory (input or output scatterlists) if they
      are not aligned. In s5p_aes_crypt_start() error path (on unsuccessful
      initialization of output scatterlist), if input scatterlist was not
      aligned, the driver first freed copied input memory and then unmapped it
      from the device, instead of doing otherwise (unmap and then free).
      
      This was wrong in two ways:
      1. Freed pages were still mapped to the device.
      2. The dma_unmap_sg() iterated over freed scatterlist structure.
      
      The call to s5p_free_sg_cpy() in this error path is not needed because
      the copied scatterlists will be freed by s5p_aes_complete().
      
      Fixes: 9e4a1100 ("crypto: s5p-sss - Handle unaligned buffers")
      Signed-off-by: default avatarKrzysztof Kozlowski <k.kozlowski@samsung.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      07c8fccb
    • Gary R Hook's avatar
      crypto: ccp - Register the CCP as a DMA resource · 58ea8abf
      Gary R Hook authored
      The CCP has the ability to provide DMA services to the
      kernel using pass-through mode of the device. Register
      these services as general purpose DMA channels.
      
      Changes since v2:
      - Add a Signed-off-by
      
      Changes since v1:
      - Allocate memory for a string in ccp_dmaengine_register
      - Ensure register/unregister calls are properly ordered
      - Verified all changed files are listed in the diffstat
      - Undo some superfluous changes
      - Added a cc:
      Signed-off-by: default avatarGary R Hook <gary.hook@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      58ea8abf
    • Christian Lamparter's avatar
      crypto4xx: integrate ppc4xx-rng into crypto4xx · 5343e674
      Christian Lamparter authored
      This patch integrates the ppc4xx-rng driver into the existing
      crypto4xx. This is because the true random number generator
      is controlled and part of the security core.
      Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5343e674
    • Herbert Xu's avatar
      eCryptfs: Do not allocate hash tfm in NORECLAIM context · e81f3340
      Herbert Xu authored
      You cannot allocate crypto tfm objects in NORECLAIM or NOFS contexts.
      The ecryptfs code currently does exactly that for the MD5 tfm.
      
      This patch fixes it by preallocating the MD5 tfm in a safe context.
      
      The MD5 tfm is also reentrant so this patch removes the superfluous
      cs_hash_tfm_mutex.
      Reported-by: default avatarNicolas Boichat <drinkcat@chromium.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e81f3340
    • Horia Geant?'s avatar
      crypto: talitos - fix AEAD tcrypt tests · 340ff60a
      Horia Geant? authored
      After conversion to new AEAD interface, tcrypt tests fail as follows:
      
      [...]
      [    1.145414] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-aes-talitos
      [    1.153564] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
      [    1.160041] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [    1.166509] 00000020: 00 00 00 00
      [...]
      
      Fix them by providing the correct cipher in & cipher out pointers,
      i.e. must skip over associated data in src and dst S/G.
      
      While here, fix a problem with the HW S/G table index usage:
      tbl_off must be updated after the pointer to the table entries is set.
      
      Cc: <stable@vger.kernel.org> # 4.3+
      Fixes: aeb4c132 ("crypto: talitos - Convert to new AEAD interface")
      Reported-by: default avatarJonas Eymann <J.Eymann@gmx.net>
      Signed-off-by: default avatarHoria Geant? <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      340ff60a
    • Jonas Eymann's avatar
      crypto: talitos - fix crash in talitos_cra_init() · 89d124cb
      Jonas Eymann authored
      Conversion of talitos driver to the new AEAD interface
      hasn't been properly tested.
      
      AEAD algorithms crash in talitos_cra_init as follows:
      
      [...]
      [    1.141095] talitos ffe30000.crypto: hwrng
      [    1.145381] Unable to handle kernel paging request for data at address 0x00000058
      [    1.152913] Faulting instruction address: 0xc02accc0
      [    1.157910] Oops: Kernel access of bad area, sig: 11 [#1]
      [    1.163315] SMP NR_CPUS=2 P1020 RDB
      [    1.166810] Modules linked in:
      [    1.169875] CPU: 0 PID: 1007 Comm: cryptomgr_test Not tainted 4.4.6 #1
      [    1.176415] task: db5ec200 ti: db4d6000 task.ti: db4d6000
      [    1.181821] NIP: c02accc0 LR: c02acd18 CTR: c02acd04
      [    1.186793] REGS: db4d7d30 TRAP: 0300   Not tainted  (4.4.6)
      [    1.192457] MSR: 00029000 <CE,EE,ME>  CR: 95009359  XER: e0000000
      [    1.198585] DEAR: 00000058 ESR: 00000000
      GPR00: c017bdc0 db4d7de0 db5ec200 df424b48 00000000 00000000 df424bfc db75a600
      GPR08: df424b48 00000000 db75a628 db4d6000 00000149 00000000 c0044cac db5acda0
      GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000400 df424940
      GPR24: df424900 00003083 00000400 c0180000 db75a640 c03e9f84 df424b40 df424b48
      [    1.230978] NIP [c02accc0] talitos_cra_init+0x28/0x6c
      [    1.236039] LR [c02acd18] talitos_cra_init_aead+0x14/0x28
      [    1.241443] Call Trace:
      [    1.243894] [db4d7de0] [c03e9f84] 0xc03e9f84 (unreliable)
      [    1.249322] [db4d7df0] [c017bdc0] crypto_create_tfm+0x5c/0xf0
      [    1.255083] [db4d7e10] [c017beec] crypto_alloc_tfm+0x98/0xf8
      [    1.260769] [db4d7e40] [c0186a20] alg_test_aead+0x28/0xc8
      [    1.266181] [db4d7e60] [c0186718] alg_test+0x260/0x2e0
      [    1.271333] [db4d7ee0] [c0183860] cryptomgr_test+0x30/0x54
      [    1.276843] [db4d7ef0] [c0044d80] kthread+0xd4/0xd8
      [    1.281741] [db4d7f40] [c000e4a4] ret_from_kernel_thread+0x5c/0x64
      [    1.287930] Instruction dump:
      [    1.290902] 38600000 4e800020 81230028 7c681b78 81490010 38e9ffc0 3929ffe8 554a073e
      [    1.298691] 2b8a000a 7d474f9e 812a0008 91230030 <80e90058> 39270060 7c0004ac 7cc04828
      
      Cc: <stable@vger.kernel.org> # 4.3+
      Fixes: aeb4c132 ("crypto: talitos - Convert to new AEAD interface")
      Signed-off-by: default avatarJonas Eymann <J.Eymann@gmx.net>
      
      Fix typo - replaced parameter of __crypto_ahash_alg(): s/tfm/alg
      Remove checkpatch warnings.
      Add commit message.
      Signed-off-by: default avatarHoria Geant? <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      89d124cb
  11. 18 Apr, 2016 4 commits