- 06 Sep, 2024 15 commits
-
-
Herbert Xu authored
Select CRYPTO_AUTHENC as the function crypto_authenec_extractkeys may not be available without it. Fixes: 311eea7e ("crypto: octeontx - Fix authenc setkey") Fixes: 7ccb750d ("crypto: octeontx2 - Fix authenc setkey") Reported-by:
kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202409042013.gT2ZI4wR-lkp@intel.com/Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
When a crypto algorithm with a higher priority is registered, it kills the spawns of all lower-priority algorithms. Thus it is to be expected for an algorithm to go away at any time, even during a self-test. This is now much more common with asynchronous testing. Remove the printk when an ENOENT is encountered during a self-test. This is not really an error since the algorithm being tested is no longer there (i.e., it didn't fail the test which is what we care about). Signed-off-by: -
Colin Ian King authored
There is a extraneous space after a newline in a pr_err message. Remove it. Signed-off-by:
Colin Ian King <colin.i.king@gmail.com> Signed-off-by:
-
Colin Ian King authored
There is a extraneous space after a newline in a dev_err message. Remove it. Signed-off-by:
-
Herbert Xu authored
Pass any errors we get during instance creation up through the larval. Signed-off-by: -
Herbert Xu authored
On Fri, Aug 30, 2024 at 10:51:54AM -0700, Eric Biggers wrote: > > Given below in defconfig form, use 'make olddefconfig' to apply. The failures > are nondeterministic and sometimes there are different ones, for example: > > [ 0.358017] alg: skcipher: failed to allocate transform for cbc(twofish-generic): -2 > [ 0.358365] alg: self-tests for cbc(twofish) using cbc(twofish-generic) failed (rc=-2) > [ 0.358535] alg: skcipher: failed to allocate transform for cbc(camellia-generic): -2 > [ 0.358918] alg: self-tests for cbc(camellia) using cbc(camellia-generic) failed (rc=-2) > [ 0.371533] alg: skcipher: failed to allocate transform for xts(ecb(aes-generic)): -2 > [ 0.371922] alg: self-tests for xts(aes) using xts(ecb(aes-generic)) failed (rc=-2) > > Modules are not enabled, maybe that matters (I haven't checked yet). Yes I think that was the key. This triggers a massive self-test run which executes in parallel and reveals a few race conditions in the system. I think it boils down to the following scenario: Base algorithm X-generic, X-optimised Template Y Optimised algorithm Y-X-optimised Everything gets registered, and then the self-tests are started. When Y-X-optimised gets tested, it requests the creation of the generic Y(X-generic). Which then itself undergoes testing. The race is that after Y(X-generic) gets registered, but just before it gets tested, X-optimised finally finishes self-testing which then causes all spawns of X-generic to be destroyed. So by the time the self-test for Y(X-generic) comes along, it can no longer find the algorithm. This error then bubbles up all the way up to the self-test of Y-X-optimised which then fails. Note that there is some complexity that I've omitted here because when the generic self-test fails to find Y(X-generic) it actually triggers the construction of it again which then fails for various other reasons (these are not important because the construction should *not* be triggered at this point). So in a way the error is expected, and we should probably remove the pr_err for the case where ENOENT is returned for the algorithm that we're currently testing. The solution is two-fold. First when an algorithm undergoes self-testing it should not trigger its construction. Secondly if an instance larval fails to materialise due to it being destroyed by a more optimised algorithm coming along, it should obviously retry the construction. Remove the check in __crypto_alg_lookup that stops a larval from matching new requests based on differences in the mask. It is better to block new requests even if it is wrong and then simply retry the lookup. If this ends up being the wrong larval it will sort iself out during the retry. Reduce the CRYPTO_ALG_TYPE_MASK bits in type during larval creation as otherwise LSKCIPHER algorithms may not match SKCIPHER larvals. Also block the instance creation during self-testing in the function crypto_larval_lookup by checking for CRYPTO_ALG_TESTED in the mask field. Finally change the return value when crypto_alg_lookup fails in crypto_larval_wait to EAGAIN to redo the lookup. Fixes: 37da5d0f ("crypto: api - Do not wait for tests during registration") Reported-by:
Eric Biggers <ebiggers@kernel.org> Signed-off-by:
-
Weili Qian authored
The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo before stopping queue to ensure that the device does not access the released memory. Fixes: 6c6dd580 ("crypto: hisilicon/qm - add controller reset interface") Signed-off-by:
Weili Qian <qianweili@huawei.com> Signed-off-by:
-
Weili Qian authored
The timeout threshold of the hpre cluster is 16ms. When the CPU and device share virtual address, page fault processing time may exceed the threshold. In the current test, there is a high probability that the cluster times out. However, the cluster is waiting for the completion of memory access, which is not an error, the device does not need to be reset. If an error occurs in the cluster, qm also reports the error. Therefore, the cluster timeout error of hpre can be masked. Fixes: d90fab0d ("crypto: hisilicon/qm - get error type from hardware registers") Signed-off-by:
-
Weili Qian authored
Before the device is enabled again, the device may still store the previously processed data. If an error occurs in the previous task, the device may fail to be enabled again. Therefore, before enabling device, reset the device to restore the initial state. Signed-off-by:
-
Chenghai Huang authored
Header files is included Order-ref: standard library headers, OS library headers, and project-specific headers. This patch modifies the order of header files according to suggestions. In addition, use %u to print unsigned int variables to prevent overflow. Signed-off-by:
Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by:
-
Chenghai Huang authored
Apply for a lock before the qp send operation to ensure no resource race in multi-concurrency situations. This modification has almost no impact on performance. Signed-off-by:
-
Yang Shen authored
If an error occurs in the process after the SGL is mapped successfully, it need to unmap the SGL. Otherwise, memory problems may occur. Signed-off-by:
Yang Shen <shenyang39@huawei.com> Signed-off-by:
-
Amit Shah authored
While sending a command to the PSP, we always requested an interrupt from the PSP after command completion. This worked for most cases. For the special case of irqs being disabled -- e.g. when running within crashdump or kexec contexts, we should not set the SEV_CMDRESP_IOC flag, so the PSP knows to not attempt interrupt delivery. Fixes: 8ef97958 ("crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump") Based-on-patch-by:
Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by:
Amit Shah <amit.shah@amd.com> Signed-off-by:
-
Eric Biggers authored
Update the kconfig help and module description to reflect that VAES instructions are now used in some cases. Also fix XTR => XCTR. Signed-off-by:
Eric Biggers <ebiggers@google.com> Signed-off-by:
-
Guoqing Jiang authored
Replace pm_runtime_enable with the devres-enabled version which can trigger pm_runtime_disable. Otherwise, the below appears during reload driver. mtk_rng 1020f000.rng: Unbalanced pm_runtime_enable! Fixes: 81d2b345 ("hwrng: mtk - add runtime PM support") Cc: <stable@vger.kernel.org> Suggested-by:
Chen-Yu Tsai <wenst@chromium.org> Signed-off-by:
Guoqing Jiang <guoqing.jiang@canonical.com> Signed-off-by:
-
- 03 Sep, 2024 1 commit
-
-
Herbert Xu authored
This reverts the following commits: 87a3fcf5 58bf9910 3b1c9df6 8bc1bfa0 c32f08d0 f036dd56 c76c9ec3 5d22d37a b63483b3 2d6213bd fc61c658 cb67c924 06af76b4 9f1a7ab4 8ebb14de c8981d92 They were submitted with no device tree bindings. Reported-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
- 30 Aug, 2024 17 commits
-
-
Kuan-Wei Chiu authored
The req_lock is currently implemented as a rw_lock, but there are no instances where read_lock() is called. This means that the lock is effectively only used by writers, making it functionally equivalent to a simple spinlock. As stated in Documentation/locking/spinlocks.rst: "Reader-writer locks require more atomic memory operations than simple spinlocks. Unless the reader critical section is long, you are better off just using spinlocks." Since the rw_lock in this case incurs additional atomic memory operations without any benefit from reader-writer locking, it is more efficient to replace it with a spinlock. This patch implements that replacement to optimize the driver's performance. Signed-off-by:
Kuan-Wei Chiu <visitorckw@gmail.com> Signed-off-by:
-
Chunhai Guo authored
Simplify the code by replacing devm_clk_get() and clk_prepare_enable() with devm_clk_get_enabled(), which also avoids the call to clk_disable_unprepare(). Signed-off-by:
Chunhai Guo <guochunhai@vivo.com> Signed-off-by:
-
Chunhai Guo authored
Simplify the code by replacing devm_clk_get() and clk_prepare() with devm_clk_get_prepared(), which also avoids the call to clk_unprepare(). Signed-off-by:
-
Kamlesh Gurudasani authored
In the case where we are forcing the ps.chunk_size to be at least 1, we are ignoring the caller's alignment. Move the forcing of ps.chunk_size to be at least 1 before rounding it up to caller's alignment, so that caller's alignment is honored. While at it, use max() to force the ps.chunk_size to be at least 1 to improve readability. Fixes: 6d45e1c9 ("padata: Fix possible divide-by-0 panic in padata_mt_helper()") Signed-off-by:
Kamlesh Gurudasani <kamlesh@ti.com> Acked-by:
Waiman Long <longman@redhat.com> Acked-by:
Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by:
-
Frank Li authored
Add two description for register space of rtic. There are two register space, one is for control and status, the other optional space is recoverable error indication register space. Fix below CHECK_DTBS error: arch/arm64/boot/dts/freescale/fsl-ls1012a-frdm.dtb: crypto@1700000: rtic@60000:reg: [[393216, 256], [396800, 24]] is too long from schema $id: http://devicetree.org/schemas/crypto/fsl,sec-v4.0.yaml#Signed-off-by:Frank Li <Frank.Li@nxp.com> Acked-by:
Conor Dooley <conor.dooley@microchip.com> Signed-off-by:
-
Martin Kaiser authored
It's unlikely that devm_pm_runtime_enable ever fails. Still, it makes sense to read the return value and handle errors. Signed-off-by:
Martin Kaiser <martin@kaiser.cx> Signed-off-by:
-
Martin Kaiser authored
The driver uses the rst variable only for an initial reset when the chip is probed. There's no need to store rst in the driver's private data, we can make it a local variable in the probe function. Signed-off-by:
-
Huan Yang authored
The devm_clk_get_enabled() helpers: - call devm_clk_get() - call clk_prepare_enable() and register what is needed in order to call clk_disable_unprepare() when needed, as a managed resource. This simplifies the code and avoids the calls to clk_disable_unprepare(). Signed-off-by:Huan Yang <link@vivo.com> Reviewed-by:
-
Yue Haibing authored
This function is never implemented and used since introduction in commit 049359d6 ("crypto: amcc - Add crypt4xx driver"). Signed-off-by:
Yue Haibing <yuehaibing@huawei.com> Signed-off-by:
-
Yue Haibing authored
This function is never implemented and used since introduction in commit 48fe583f ("crypto: amlogic - Add crypto accelerator for amlogic GXL"). Signed-off-by:
-
Yue Haibing authored
This function is never implemented and used since introduction in commit 720419f0 ("crypto: ccp - Introduce the AMD Secure Processor device"). Signed-off-by:
-
Yue Haibing authored
This function is never implemented and used since introduction in commit 10b4f094 ("crypto: marvell - add the Virtual Function driver for CPT") Signed-off-by:
-
Yue Haibing authored
This function is never implemented and used since introduction in commit 46c5338d ("crypto: sl3516 - Add sl3516 crypto engine") Signed-off-by:
-
Yue Haibing authored
Commit 9744fec9 ("crypto: inside-secure - remove request list to improve performance") declar this but never implemented. Signed-off-by:
-
Zhu Jun authored
the variable is never referenced in the code, just remove them. Signed-off-by:
Zhu Jun <zhujun2@cmss.chinamobile.com> Reviewed-by:
Mario Limonciello <mario.limonciello@amd.com> Signed-off-by:
-
Thorsten Blum authored
Use the min() macro to simplify the jent_read_entropy() function and improve its readability. Signed-off-by:
Thorsten Blum <thorsten.blum@toblux.com> Signed-off-by:
-
Pavan Kumar Paluri authored
In case of sev PLATFORM_STATUS failure, sev_get_api_version() fails resulting in sev_data field of psp_master nulled out. This later becomes a problem when unloading the ccp module because the device has not been unregistered (via misc_deregister()) before clearing the sev_data field of psp_master. As a result, on reloading the ccp module, a duplicate device issue is encountered as can be seen from the dmesg log below. on reloading ccp module via modprobe ccp Call Trace: <TASK> dump_stack_lvl+0xd7/0xf0 dump_stack+0x10/0x20 sysfs_warn_dup+0x5c/0x70 sysfs_create_dir_ns+0xbc/0xd kobject_add_internal+0xb1/0x2f0 kobject_add+0x7a/0xe0 ? srso_alias_return_thunk+0x5/0xfbef5 ? get_device_parent+0xd4/0x1e0 ? __pfx_klist_children_get+0x10/0x10 device_add+0x121/0x870 ? srso_alias_return_thunk+0x5/0xfbef5 device_create_groups_vargs+0xdc/0x100 device_create_with_groups+0x3f/0x60 misc_register+0x13b/0x1c0 sev_dev_init+0x1d4/0x290 [ccp] psp_dev_init+0x136/0x300 [ccp] sp_init+0x6f/0x80 [ccp] sp_pci_probe+0x2a6/0x310 [ccp] ? srso_alias_return_thunk+0x5/0xfbef5 local_pci_probe+0x4b/0xb0 work_for_cpu_fn+0x1a/0x30 process_one_work+0x203/0x600 worker_thread+0x19e/0x350 ? __pfx_worker_thread+0x10/0x10 kthread+0xeb/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x3c/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> kobject: kobject_add_internal failed for sev with -EEXIST, don't try to register things with the same name in the same directory. ccp 0000:22:00.1: sev initialization failed ccp 0000:22:00.1: psp initialization failed ccp 0000:a2:00.1: no command queues available ccp 0000:a2:00.1: psp enabled Address this issue by unregistering the /dev/sev before clearing out sev_data in case of PLATFORM_STATUS failure. Fixes: 200664d5 ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support") Cc: stable@vger.kernel.org Signed-off-by:
Pavan Kumar Paluri <papaluri@amd.com> Acked-by:
-
- 24 Aug, 2024 7 commits
-
-
Herbert Xu authored
Algorithm registration is usually carried out during module init, where as little work as possible should be carried out. The SIMD code violated this rule by allocating a tfm, this then triggers a full test of the algorithm which may dead-lock in certain cases. SIMD is only allocating the tfm to get at the alg object, which is in fact already available as it is what we are registering. Use that directly and remove the crypto_alloc_tfm call. Also remove some obsolete and unused SIMD API. Signed-off-by: -
Herbert Xu authored
As registration is usually carried out during module init, this is a context where as little work as possible should be carried out. Testing may trigger module loads of underlying components, which could even lead back to the module that is registering at the moment. This may lead to dead-locks outside of the Crypto API. Avoid this by not waiting for the tests to complete. They will be scheduled but completion will be asynchronous. Any users will still wait for completion. Reported-by:
Russell King <linux@armlinux.org.uk> Signed-off-by:
-
Herbert Xu authored
In order to allow testing to complete asynchronously after the registration process, instance larvals need to complete prior to having a test result. Support this by redoing the lookup for instance larvals after completion. This should locate the pending test larval and then repeat the wait on that (if it is still pending). As the lookup is now repeated there is no longer any need to compute the fulfilment status and all that code can be removed. Signed-off-by: -
Herbert Xu authored
Use the generic crypto_authenc_extractkeys helper instead of custom parsing code that is slightly broken. Also fix a number of memory leaks by moving memory allocation from setkey to init_tfm (setkey can be called multiple times over the life of a tfm). Finally accept all hash key lengths by running the digest over extra-long keys. Signed-off-by: -
Herbert Xu authored
Use the generic crypto_authenc_extractkeys helper instead of custom parsing code that is slightly broken. Also fix a number of memory leaks by moving memory allocation from setkey to init_tfm (setkey can be called multiple times over the life of a tfm). Finally accept all hash key lengths by running the digest over extra-long keys. Signed-off-by: -
Pavitrakumar M authored
Removed CRYPTO_USED_JB and returning CRYPTO_OK instead. Signed-off-by:
Bhoomika K <bhoomikak@vayavyalabs.com> Signed-off-by:
Pavitrakumar M <pavitrakumarm@vayavyalabs.com> Acked-by:
Ruud Derwig <Ruud.Derwig@synopsys.com> Signed-off-by:
-
Pavitrakumar M authored
This patch fixes counter width checks according to the version extension3 register. The counter widths can be 8, 16, 32 and 64 bits as per the extension3 register. Signed-off-by:
-
