1. 30 Apr, 2020 5 commits
    • Andy Shevchenko's avatar
      hwrng: optee - Use UUID API for exporting the UUID · 1c8414da
      Andy Shevchenko authored
      There is export_uuid() function which exports uuid_t to the u8 array.
      Use it instead of open coding variant.
      
      This allows to hide the uuid_t internals.
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Reviewed-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1c8414da
    • Nathan Chancellor's avatar
      lib/mpi: Fix 64-bit MIPS build with Clang · 18f1ca46
      Nathan Chancellor authored
      When building 64r6_defconfig with CONFIG_MIPS32_O32 disabled and
      CONFIG_CRYPTO_RSA enabled:
      
      lib/mpi/generic_mpih-mul1.c:37:24: error: invalid use of a cast in a
      inline asm context requiring an l-value: remove the cast
      or build with -fheinous-gnu-extensions
                      umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                      ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      lib/mpi/longlong.h:664:22: note: expanded from macro 'umul_ppmm'
                       : "=d" ((UDItype)(w0))
                               ~~~~~~~~~~^~~
      lib/mpi/generic_mpih-mul1.c:37:13: error: invalid use of a cast in a
      inline asm context requiring an l-value: remove the cast
      or build with -fheinous-gnu-extensions
                      umul_ppmm(prod_high, prod_low, s1_ptr[j], s2_limb);
                      ~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      lib/mpi/longlong.h:668:22: note: expanded from macro 'umul_ppmm'
                       : "=d" ((UDItype)(w1))
                               ~~~~~~~~~~^~~
      2 errors generated.
      
      This special case for umul_ppmm for MIPS64r6 was added in
      commit bbc25bee ("lib/mpi: Fix umul_ppmm() for MIPS64r6"), due to
      GCC being inefficient and emitting a __multi3 intrinsic.
      
      There is no such issue with clang; with this patch applied, I can build
      this configuration without any problems and there are no link errors
      like mentioned in the commit above (which I can still reproduce with
      GCC 9.3.0 when that commit is reverted). Only use this definition when
      GCC is being used.
      
      This really should have been caught by commit b0c091ae ("lib/mpi:
      Eliminate unused umul_ppmm definitions for MIPS") when I was messing
      around in this area but I was not testing 64-bit MIPS at the time.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/885Reported-by: default avatarDmitry Golovin <dima@golovin.in>
      Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      18f1ca46
    • Tom Lendacky's avatar
      crypto: ccp - Add support for SEV-ES to the PSP driver · 97f9ac3d
      Tom Lendacky authored
      To provide support for SEV-ES, the hypervisor must provide an area of
      memory to the PSP. Once this Trusted Memory Region (TMR) is provided to
      the PSP, the contents of this area of memory are no longer available to
      the x86.
      
      Update the PSP driver to allocate a 1MB region for the TMR that is 1MB
      aligned and then provide it to the PSP through the SEV INIT command.
      Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Reviewed-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
      Reviewed-by: default avatarJoerg Roedel <jroedel@suse.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      97f9ac3d
    • Daniel Jordan's avatar
      padata: add separate cpuhp node for CPUHP_PADATA_DEAD · 3c2214b6
      Daniel Jordan authored
      Removing the pcrypt module triggers this:
      
        general protection fault, probably for non-canonical
          address 0xdead000000000122
        CPU: 5 PID: 264 Comm: modprobe Not tainted 5.6.0+ #2
        Hardware name: QEMU Standard PC
        RIP: 0010:__cpuhp_state_remove_instance+0xcc/0x120
        Call Trace:
         padata_sysfs_release+0x74/0xce
         kobject_put+0x81/0xd0
         padata_free+0x12/0x20
         pcrypt_exit+0x43/0x8ee [pcrypt]
      
      padata instances wrongly use the same hlist node for the online and dead
      states, so __padata_free()'s second cpuhp remove call chokes on the node
      that the first poisoned.
      
      cpuhp multi-instance callbacks only walk forward in cpuhp_step->list and
      the same node is linked in both the online and dead lists, so the list
      corruption that results from padata_alloc() adding the node to a second
      list without removing it from the first doesn't cause problems as long
      as no instances are freed.
      
      Avoid the issue by giving each state its own node.
      
      Fixes: 894c9ef9 ("padata: validate cpumask without removed CPU during offline")
      Signed-off-by: default avatarDaniel Jordan <daniel.m.jordan@oracle.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: linux-crypto@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: stable@vger.kernel.org # v5.4+
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3c2214b6
    • Herbert Xu's avatar
      hwrng: cctrng - Remove unnecessary FIPS ifdef · b2d7e8bc
      Herbert Xu authored
      This patch removes the unnecessary FIPS ifdef in cctrng.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Acked-by: default avatarHadar Gat <hadar.gat@arm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b2d7e8bc
  2. 24 Apr, 2020 6 commits
    • Tang Bin's avatar
      crypto: bcm - Delete redundant variable definition · 9c3d6497
      Tang Bin authored
      The variable "i" is redundant to be assigned a value
      of zero,because it's assigned in the for loop, so remove
      redundant one here.
      Signed-off-by: default avatarShengju Zhang <zhangshengju@cmss.chinamobile.com>
      Signed-off-by: default avatarTang Bin <tangbin@cmss.chinamobile.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9c3d6497
    • Stephan Müller's avatar
      crypto: drbg - always seeded with SP800-90B compliant noise source · 97f2650e
      Stephan Müller authored
      As the Jitter RNG provides an SP800-90B compliant noise source, use this
      noise source always for the (re)seeding of the DRBG.
      
      To make sure the DRBG is always properly seeded, the reseed threshold
      is reduced to 1<<20 generate operations.
      
      The Jitter RNG may report health test failures. Such health test
      failures are treated as transient as follows. The DRBG will not reseed
      from the Jitter RNG (but from get_random_bytes) in case of a health
      test failure. Though, it produces the requested random number.
      
      The Jitter RNG has a failure counter where at most 1024 consecutive
      resets due to a health test failure are considered as a transient error.
      If more consecutive resets are required, the Jitter RNG will return
      a permanent error which is returned to the caller by the DRBG. With this
      approach, the worst case reseed threshold is significantly lower than
      mandated by SP800-90A in order to seed with an SP800-90B noise source:
      the DRBG has a reseed threshold of 2^20 * 1024 = 2^30 generate requests.
      
      Yet, in case of a transient Jitter RNG health test failure, the DRBG is
      seeded with the data obtained from get_random_bytes.
      
      However, if the Jitter RNG fails during the initial seeding operation
      even due to a health test error, the DRBG will send an error to the
      caller because at that time, the DRBG has received no seed that is
      SP800-90B compliant.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      97f2650e
    • Stephan Müller's avatar
      crypto: jitter - SP800-90B compliance · 764428fe
      Stephan Müller authored
      SP800-90B specifies various requirements for the noise source(s) that
      may seed any DRNG including SP800-90A DRBGs. In November 2020,
      SP800-90B will be mandated for all noise sources that provide entropy
      to DRBGs as part of a FIPS 140-[2|3] validation or other evaluation
      types. Without SP800-90B compliance, a noise source is defined to always
      deliver zero bits of entropy.
      
      This patch ports the SP800-90B compliance from the user space Jitter RNG
      version 2.2.0.
      
      The following changes are applied:
      
      - addition of (an enhanced version of) the repetitive count test (RCT)
        from SP800-90B section 4.4.1 - the enhancement is due to the fact of
        using the stuck test as input to the RCT.
      
      - addition of the adaptive proportion test (APT) from SP800-90B section
        4.4.2
      
      - update of the power-on self test to perform a test measurement of 1024
        noise samples compliant to SP800-90B section 4.3
      
      - remove of the continuous random number generator test which is
        replaced by APT and RCT
      
      Health test failures due to the SP800-90B operation are only enforced in
      FIPS mode. If a runtime health test failure is detected, the Jitter RNG
      is reset. If more than 1024 resets in a row are performed, a permanent
      error is returned to the caller.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      764428fe
    • Colin Ian King's avatar
      crypto: algif_rng - remove redundant assignment to variable err · 63e05f32
      Colin Ian King authored
      The variable err is being initialized with a value that is never read
      and it is being updated later with a new value.  The initialization is
      redundant and can be removed.
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      63e05f32
    • Colin Ian King's avatar
      crypto: chelsio - remove redundant assignment to variable error · 8a656a48
      Colin Ian King authored
      The variable error is being initialized with a value that is never read
      and it is being updated later with a new value.  The initialization is
      redundant and can be removed.
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      8a656a48
    • Mark Brown's avatar
      crypto: arm64 - Consistently enable extension · 3ca73b70
      Mark Brown authored
      Currently most of the crypto files enable the crypto extension using the
      .arch directive but crct10dif-ce-core.S uses .cpu instead. Move that over
      to .arch for consistency.
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3ca73b70
  3. 22 Apr, 2020 2 commits
  4. 20 Apr, 2020 2 commits
  5. 16 Apr, 2020 24 commits
    • Christophe JAILLET's avatar
      crypto: marvell/octeontx - Add missing '\n' in log messages · 0a8f5989
      Christophe JAILLET authored
      Message logged by 'dev_xxx()' or 'pr_xxx()' should end with a '\n'.
      
      While at it, I've introduced a few pr_cont that looked logical to me.
      
      Fixes: 10b4f094 ("crypto: marvell - add the Virtual Function driver for CPT")
      Fixes: d9110b0b ("crypto: marvell - add support for OCTEON TX CPT engine")
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      0a8f5989
    • Herbert Xu's avatar
      crypto: api - Fix use-after-free and race in crypto_spawn_alg · 6603523b
      Herbert Xu authored
      There are two problems in crypto_spawn_alg.  First of all it may
      return spawn->alg even if spawn->dead is set.  This results in a
      double-free as detected by syzbot.
      
      Secondly the setting of the DYING flag is racy because we hold
      the read-lock instead of the write-lock.  We should instead call
      crypto_shoot_alg in a safe manner by gaining a refcount, dropping
      the lock, and then releasing the refcount.
      
      This patch fixes both problems.
      
      Reported-by: syzbot+fc0674cde00b66844470@syzkaller.appspotmail.com
      Fixes: 4f87ee11 ("crypto: api - Do not zap spawn->alg")
      Fixes: 73669cc5 ("crypto: api - Fix race condition in...")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      6603523b
    • Arnd Bergmann's avatar
      crypto: ccp -- don't "select" CONFIG_DMADEVICES · eebac678
      Arnd Bergmann authored
      DMADEVICES is the top-level option for the slave DMA
      subsystem, and should not be selected by device drivers,
      as this can cause circular dependencies such as:
      
      drivers/net/ethernet/freescale/Kconfig:6:error: recursive dependency detected!
      drivers/net/ethernet/freescale/Kconfig:6:	symbol NET_VENDOR_FREESCALE depends on PPC_BESTCOMM
      drivers/dma/bestcomm/Kconfig:6:	symbol PPC_BESTCOMM depends on DMADEVICES
      drivers/dma/Kconfig:6:	symbol DMADEVICES is selected by CRYPTO_DEV_SP_CCP
      drivers/crypto/ccp/Kconfig:10:	symbol CRYPTO_DEV_SP_CCP depends on CRYPTO
      crypto/Kconfig:16:	symbol CRYPTO is selected by LIBCRC32C
      lib/Kconfig:222:	symbol LIBCRC32C is selected by LIQUIDIO
      drivers/net/ethernet/cavium/Kconfig:65:	symbol LIQUIDIO depends on PTP_1588_CLOCK
      drivers/ptp/Kconfig:8:	symbol PTP_1588_CLOCK is implied by FEC
      drivers/net/ethernet/freescale/Kconfig:23:	symbol FEC depends on NET_VENDOR_FREESCALE
      
      The LIQUIDIO driver causing this problem is addressed in a
      separate patch, but this change is needed to prevent it from
      happening again.
      
      Using "depends on DMADEVICES" is what we do for all other
      implementations of slave DMA controllers as well.
      
      Fixes: b3c2fee5 ("crypto: ccp - Ensure all dependencies are specified")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      eebac678
    • Eric Biggers's avatar
      crypto: algapi - Avoid spurious modprobe on LOADED · beeb460c
      Eric Biggers authored
      Currently after any algorithm is registered and tested, there's an
      unnecessary request_module("cryptomgr") even if it's already loaded.
      Also, CRYPTO_MSG_ALG_LOADED is sent twice, and thus if the algorithm is
      "crct10dif", lib/crc-t10dif.c replaces the tfm twice rather than once.
      
      This occurs because CRYPTO_MSG_ALG_LOADED is sent using
      crypto_probing_notify(), which tries to load "cryptomgr" if the
      notification is not handled (NOTIFY_DONE).  This doesn't make sense
      because "cryptomgr" doesn't handle this notification.
      
      Fix this by using crypto_notify() instead of crypto_probing_notify().
      
      Fixes: dd8b083f ("crypto: api - Introduce notifier for new crypto algorithms")
      Cc: <stable@vger.kernel.org> # v4.20+
      Cc: Martin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      beeb460c
    • Markus Elfring's avatar
      crypto: sun8i-ss - Delete an error message in sun8i_ss_probe() · 56b80bde
      Markus Elfring authored
      The function “platform_get_irq” can log an error already.
      Thus omit a redundant message for the exception handling in the
      calling function.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
      Acked-by: default avatarCorentin Labbe <clabbe.montjoie@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      56b80bde
    • Markus Elfring's avatar
      hwrng: xgene - Delete an error message in xgene_rng_probe() · f72fed86
      Markus Elfring authored
      The function “platform_get_irq” can log an error already.
      Thus omit a redundant message for the exception handling in the
      calling function.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f72fed86
    • Markus Elfring's avatar
      hwrng: omap - Delete an error message in of_get_omap_rng_device_details() · b111418a
      Markus Elfring authored
      The function “platform_get_irq” can log an error already.
      Thus omit a redundant message for the exception handling in the
      calling function.
      
      This issue was detected by using the Coccinelle software.
      Signed-off-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b111418a
    • Tang Bin's avatar
      crypto: amlogic - Delete duplicate dev_err in meson_crypto_probe() · 56e0b627
      Tang Bin authored
      When something goes wrong, platform_get_irq() will print an error message,
      so in order to avoid the situation of repeat output,we should remove
      dev_err here.
      Signed-off-by: default avatarTang Bin <tangbin@cmss.chinamobile.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      56e0b627
    • Yang Shen's avatar
      crypto: hisilicon/qm - stop qp by judging sq and cq tail · f037fc5f
      Yang Shen authored
      It is not working well to determine whether the queue is empty based on
      whether the used count is 0. It is more stable to get if the queue is
      stopping by checking if the tail pointer of the send queue and the
      completion queue are equal.
      Signed-off-by: default avatarYang Shen <shenyang39@huawei.com>
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f037fc5f
    • Yang Shen's avatar
      crypto: hisilicon/sec2 - add controller reset support for SEC2 · 141876c2
      Yang Shen authored
      Add support for controller reset in SEC driver.
      Signed-off-by: default avatarYang Shen <shenyang39@huawei.com>
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      141876c2
    • Hui Tang's avatar
      crypto: hisilicon/hpre - add controller reset support for HPRE · 1f5c9f34
      Hui Tang authored
      Add support for the controller reset in HPRE driver.
      Signed-off-by: default avatarHui Tang <tanghui20@huawei.com>
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      1f5c9f34
    • Shukun Tan's avatar
      crypto: hisilicon/zip - add controller reset support for zip · 84c9b780
      Shukun Tan authored
      Register controller reset handle with PCIe AER.
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      84c9b780
    • Shukun Tan's avatar
      crypto: hisilicon/qm - add controller reset interface · 6c6dd580
      Shukun Tan authored
      Add the main implementation of the controller reset interface, which is
      roughly divided into three parts, stop, reset, and reinitialization.
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      6c6dd580
    • Hao Fang's avatar
      crypto: hisilicon - add vfs_num module parameter for hpre/sec · 35ee280f
      Hao Fang authored
      The vfs_num module parameter has been used in zip driver, this patch adds
      this for HPRE and SEC driver.
      Signed-off-by: default avatarHao Fang <fanghao11@huawei.com>
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      35ee280f
    • Shukun Tan's avatar
      crypto: hisilicon - unify SR-IOV related codes into QM · cd1b7ae3
      Shukun Tan authored
      Clean the duplicate SR-IOV related codes, put all into qm.c.
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      cd1b7ae3
    • Shukun Tan's avatar
      crypto: hisilicon - put vfs_num into struct hisi_qm · 619e464a
      Shukun Tan authored
      We plan to move vfs_num related code into qm.c, put the param
      vfs_num into struct hisi_qm first.
      Signed-off-by: default avatarShukun Tan <tanshukun1@huawei.com>
      Reviewed-by: default avatarZhou Wang <wangzhou1@hisilicon.com>
      Reviewed-by: default avatarZaibo Xu <xuzaibo@huawei.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      619e464a
    • Hadar Gat's avatar
      MAINTAINERS: add HG as cctrng maintainer · 3c8e0bd1
      Hadar Gat authored
      I work for Arm on maintaining the TrustZone CryptoCell TRNG driver.
      Signed-off-by: default avatarHadar Gat <hadar.gat@arm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3c8e0bd1
    • Hadar Gat's avatar
      hwrng: cctrng - introduce Arm CryptoCell driver · a583ed31
      Hadar Gat authored
      Introduce low level Arm CryptoCell TRNG HW support.
      Signed-off-by: default avatarHadar Gat <hadar.gat@arm.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a583ed31
    • Hadar Gat's avatar
      dt-bindings: add device tree binding for Arm CryptoCell trng engine · ffb57daa
      Hadar Gat authored
      The Arm CryptoCell is a hardware security engine. This patch adds DT
      bindings for its TRNG (True Random Number Generator) engine.
      Signed-off-by: default avatarHadar Gat <hadar.gat@arm.com>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ffb57daa
    • Iuliana Prodan's avatar
      crypto: caam - fix the address of the last entry of S/G · 55b3209a
      Iuliana Prodan authored
      For skcipher algorithms, the input, output HW S/G tables
      look like this: [IV, src][dst, IV]
      Now, we can have 2 conditions here:
      - there is no IV;
      - src and dst are equal (in-place encryption) and scattered
      and the error is an "off-by-one" in the HW S/G table.
      
      This issue was seen with KASAN:
      BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018
      
      Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321
      
      CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted
      5.6.0-rc1-00165-ge4ef8383-dirty #4
      Hardware name: LS1046A RDB Board (DT)
      Call trace:
       dump_backtrace+0x0/0x260
       show_stack+0x14/0x20
       dump_stack+0xe8/0x144
       print_address_description.isra.11+0x64/0x348
       __kasan_report+0x11c/0x230
       kasan_report+0xc/0x18
       __asan_load4+0x90/0xb0
       skcipher_edesc_alloc+0x95c/0x1018
       skcipher_encrypt+0x84/0x150
       crypto_skcipher_encrypt+0x50/0x68
       test_skcipher_vec_cfg+0x4d4/0xc10
       test_skcipher_vec+0x178/0x1d8
       alg_test_skcipher+0xec/0x230
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Allocated by task 321:
       save_stack+0x24/0xb0
       __kasan_kmalloc.isra.10+0xc4/0xe0
       kasan_kmalloc+0xc/0x18
       __kmalloc+0x178/0x2b8
       skcipher_edesc_alloc+0x21c/0x1018
       skcipher_encrypt+0x84/0x150
       crypto_skcipher_encrypt+0x50/0x68
       test_skcipher_vec_cfg+0x4d4/0xc10
       test_skcipher_vec+0x178/0x1d8
       alg_test_skcipher+0xec/0x230
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Freed by task 0:
      (stack is not available)
      
      The buggy address belongs to the object at ffff000022a02800
       which belongs to the cache dma-kmalloc-512 of size 512
      The buggy address is located 344 bytes inside of
       512-byte region [ffff000022a02800, ffff000022a02a00)
      The buggy address belongs to the page:
      page:fffffe00006a8000 refcount:1 mapcount:0 mapping:ffff00093200c400
      index:0x0 compound_mapcount: 0
      flags: 0xffff00000010200(slab|head)
      raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400
      raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff000022a02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
       ffff000022a02880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      >ffff000022a02900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
                                                          ^
       ffff000022a02980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff000022a02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      
      Fixes: 334d37c9 ("crypto: caam - update IV using HW support")
      Cc: <stable@vger.kernel.org> # v5.3+
      Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
      Reviewed-by: default avatarHoria Geantă <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      55b3209a
    • Iuliana Prodan's avatar
      crypto: caam - fix use-after-free KASAN issue for RSA algorithms · 80994e3f
      Iuliana Prodan authored
      Here's the KASAN report:
      BUG: KASAN: use-after-free in rsa_pub_done+0x70/0xe8
      Read of size 1 at addr ffff000023082014 by task swapper/0/0
      
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d51 #60
      Hardware name: LS1046A RDB Board (DT)
      Call trace:
       dump_backtrace+0x0/0x260
       show_stack+0x14/0x20
       dump_stack+0xe8/0x144
       print_address_description.isra.11+0x64/0x348
       __kasan_report+0x11c/0x230
       kasan_report+0xc/0x18
       __asan_load1+0x5c/0x68
       rsa_pub_done+0x70/0xe8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
       irq_exit+0x114/0x128
       __handle_domain_irq+0x80/0xe0
       gic_handle_irq+0x50/0xa0
       el1_irq+0xb8/0x180
       cpuidle_enter_state+0xa4/0x490
       cpuidle_enter+0x48/0x70
       call_cpuidle+0x44/0x70
       do_idle+0x304/0x338
       cpu_startup_entry+0x24/0x40
       rest_init+0xf8/0x10c
       arch_call_rest_init+0xc/0x14
       start_kernel+0x774/0x7b4
      
      Allocated by task 263:
       save_stack+0x24/0xb0
       __kasan_kmalloc.isra.10+0xc4/0xe0
       kasan_kmalloc+0xc/0x18
       __kmalloc+0x178/0x2b8
       rsa_edesc_alloc+0x2cc/0xe10
       caam_rsa_enc+0x9c/0x5f0
       test_akcipher_one+0x78c/0x968
       alg_test_akcipher+0x78/0xf8
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Freed by task 0:
       save_stack+0x24/0xb0
       __kasan_slab_free+0x10c/0x188
       kasan_slab_free+0x10/0x18
       kfree+0x7c/0x298
       rsa_pub_done+0x68/0xe8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
      
      The buggy address belongs to the object at ffff000023082000
       which belongs to the cache dma-kmalloc-256 of size 256
      The buggy address is located 20 bytes inside of
       256-byte region [ffff000023082000, ffff000023082100)
      The buggy address belongs to the page:
      page:fffffe00006c2080 refcount:1 mapcount:0 mapping:ffff00093200c200 index:0x0 compound_mapcount: 0
      flags: 0xffff00000010200(slab|head)
      raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c200
      raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff000023081f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
       ffff000023081f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      >ffff000023082000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
       ffff000023082080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff000023082100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      
      Fixes: bf537950 ("crypto: caam - add crypto_engine support for RSA algorithms")
      Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      80994e3f
    • Iuliana Prodan's avatar
      crypto: caam - fix use-after-free KASAN issue for HASH algorithms · 63db32e6
      Iuliana Prodan authored
      Here's the KASAN report:
      BUG: KASAN: use-after-free in ahash_done+0xdc/0x3b8
      Read of size 1 at addr ffff00002303f010 by task swapper/0/0
      
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d51 #59
      Hardware name: LS1046A RDB Board (DT)
      Call trace:
       dump_backtrace+0x0/0x260
       show_stack+0x14/0x20
       dump_stack+0xe8/0x144
       print_address_description.isra.11+0x64/0x348
       __kasan_report+0x11c/0x230
       kasan_report+0xc/0x18
       __asan_load1+0x5c/0x68
       ahash_done+0xdc/0x3b8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
       irq_exit+0x114/0x128
       __handle_domain_irq+0x80/0xe0
       gic_handle_irq+0x50/0xa0
       el1_irq+0xb8/0x180
       cpuidle_enter_state+0xa4/0x490
       cpuidle_enter+0x48/0x70
       call_cpuidle+0x44/0x70
       do_idle+0x304/0x338
       cpu_startup_entry+0x24/0x40
       rest_init+0xf8/0x10c
       arch_call_rest_init+0xc/0x14
       start_kernel+0x774/0x7b4
      
      Allocated by task 263:
       save_stack+0x24/0xb0
       __kasan_kmalloc.isra.10+0xc4/0xe0
       kasan_kmalloc+0xc/0x18
       __kmalloc+0x178/0x2b8
       ahash_edesc_alloc+0x58/0x1f8
       ahash_final_no_ctx+0x94/0x6e8
       ahash_final+0x24/0x30
       crypto_ahash_op+0x58/0xb0
       crypto_ahash_final+0x30/0x40
       do_ahash_op+0x2c/0xa0
       test_ahash_vec_cfg+0x894/0x9e0
       test_hash_vec_cfg+0x6c/0x88
       test_hash_vec+0xfc/0x1e0
       __alg_test_hash+0x1ac/0x368
       alg_test_hash+0xf8/0x1c8
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Freed by task 0:
       save_stack+0x24/0xb0
       __kasan_slab_free+0x10c/0x188
       kasan_slab_free+0x10/0x18
       kfree+0x7c/0x298
       ahash_done+0xd4/0x3b8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
      
      The buggy address belongs to the object at ffff00002303f000
       which belongs to the cache dma-kmalloc-128 of size 128
      The buggy address is located 16 bytes inside of
       128-byte region [ffff00002303f000, ffff00002303f080)
      The buggy address belongs to the page:
      page:fffffe00006c0fc0 refcount:1 mapcount:0 mapping:ffff00093200c000 index:0x0
      flags: 0xffff00000000200(slab)
      raw: 0ffff00000000200 dead000000000100 dead000000000122 ffff00093200c000
      raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff00002303ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
       ffff00002303ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      >ffff00002303f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
       ffff00002303f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff00002303f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      
      Fixes: 21b014f0 ("crypto: caam - add crypto_engine support for HASH algorithms")
      Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      63db32e6
    • Iuliana Prodan's avatar
      crypto: caam - fix use-after-free KASAN issue for AEAD algorithms · 5ed1e8b8
      Iuliana Prodan authored
      Here's the KASAN report:
      BUG: KASAN: use-after-free in aead_crypt_done+0x60/0xd8
      Read of size 1 at addr ffff00002303f014 by task swapper/0/0
      
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d51 #58
      Hardware name: LS1046A RDB Board (DT)
      Call trace:
       dump_backtrace+0x0/0x260
       show_stack+0x14/0x20
       dump_stack+0xe8/0x144
       print_address_description.isra.11+0x64/0x348
       __kasan_report+0x11c/0x230
       kasan_report+0xc/0x18
       __asan_load1+0x5c/0x68
       aead_crypt_done+0x60/0xd8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
       irq_exit+0x114/0x128
       __handle_domain_irq+0x80/0xe0
       gic_handle_irq+0x50/0xa0
       el1_irq+0xb8/0x180
       _raw_spin_unlock_irq+0x2c/0x78
       finish_task_switch+0xa4/0x2f8
       __schedule+0x3a4/0x890
       schedule_idle+0x28/0x50
       do_idle+0x22c/0x338
       cpu_startup_entry+0x24/0x40
       rest_init+0xf8/0x10c
       arch_call_rest_init+0xc/0x14
       start_kernel+0x774/0x7b4
      
      Allocated by task 263:
       save_stack+0x24/0xb0
       __kasan_kmalloc.isra.10+0xc4/0xe0
       kasan_kmalloc+0xc/0x18
       __kmalloc+0x178/0x2b8
       aead_edesc_alloc+0x1b4/0xbf0
       ipsec_gcm_encrypt+0xd4/0x140
       crypto_aead_encrypt+0x50/0x68
       test_aead_vec_cfg+0x498/0xec0
       test_aead_vec+0x110/0x200
       alg_test_aead+0xfc/0x680
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Freed by task 0:
       save_stack+0x24/0xb0
       __kasan_slab_free+0x10c/0x188
       kasan_slab_free+0x10/0x18
       kfree+0x7c/0x298
       aead_crypt_done+0x58/0xd8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
      
      The buggy address belongs to the object at ffff00002303f000
       which belongs to the cache dma-kmalloc-128 of size 128
      The buggy address is located 20 bytes inside of
       128-byte region [ffff00002303f000, ffff00002303f080)
      The buggy address belongs to the page:
      page:fffffe00006c0fc0 refcount:1 mapcount:0 mapping:ffff00093200c000 index:0x0
      flags: 0xffff00000000200(slab)
      raw: 0ffff00000000200 dead000000000100 dead000000000122 ffff00093200c000
      raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff00002303ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
       ffff00002303ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      >ffff00002303f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                               ^
       ffff00002303f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
       ffff00002303f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      
      Fixes: 1c240226 ("crypto: caam - add crypto_engine support for AEAD algorithms")
      Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5ed1e8b8
    • Iuliana Prodan's avatar
      crypto: caam - fix use-after-free KASAN issue for SKCIPHER algorithms · 5af4e8d4
      Iuliana Prodan authored
      Here's the KASAN report:
      BUG: KASAN: use-after-free in skcipher_crypt_done+0xe8/0x1a8
      Read of size 1 at addr ffff00002304001c by task swapper/0/0
      
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d51 #57
      Hardware name: LS1046A RDB Board (DT)
      Call trace:
       dump_backtrace+0x0/0x260
       show_stack+0x14/0x20
       dump_stack+0xe8/0x144
       print_address_description.isra.11+0x64/0x348
       __kasan_report+0x11c/0x230
       kasan_report+0xc/0x18
       __asan_load1+0x5c/0x68
       skcipher_crypt_done+0xe8/0x1a8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
       irq_exit+0x114/0x128
       __handle_domain_irq+0x80/0xe0
       gic_handle_irq+0x50/0xa0
       el1_irq+0xb8/0x180
       _raw_spin_unlock_irq+0x2c/0x78
       finish_task_switch+0xa4/0x2f8
       __schedule+0x3a4/0x890
       schedule_idle+0x28/0x50
       do_idle+0x22c/0x338
       cpu_startup_entry+0x24/0x40
       rest_init+0xf8/0x10c
       arch_call_rest_init+0xc/0x14
       start_kernel+0x774/0x7b4
      
      Allocated by task 263:
       save_stack+0x24/0xb0
       __kasan_kmalloc.isra.10+0xc4/0xe0
       kasan_kmalloc+0xc/0x18
       __kmalloc+0x178/0x2b8
       skcipher_edesc_alloc+0x21c/0x1018
       skcipher_encrypt+0x84/0x150
       crypto_skcipher_encrypt+0x50/0x68
       test_skcipher_vec_cfg+0x4d4/0xc10
       test_skcipher_vec+0xf8/0x1d8
       alg_test_skcipher+0xec/0x230
       alg_test.part.44+0x114/0x4a0
       alg_test+0x1c/0x60
       cryptomgr_test+0x34/0x58
       kthread+0x1b8/0x1c0
       ret_from_fork+0x10/0x18
      
      Freed by task 0:
       save_stack+0x24/0xb0
       __kasan_slab_free+0x10c/0x188
       kasan_slab_free+0x10/0x18
       kfree+0x7c/0x298
       skcipher_crypt_done+0xe0/0x1a8
       caam_jr_dequeue+0x390/0x608
       tasklet_action_common.isra.13+0x1ec/0x230
       tasklet_action+0x24/0x30
       efi_header_end+0x1a4/0x370
      
      The buggy address belongs to the object at ffff000023040000
       which belongs to the cache dma-kmalloc-512 of size 512
      The buggy address is located 28 bytes inside of
       512-byte region [ffff000023040000, ffff000023040200)
      The buggy address belongs to the page:
      page:fffffe00006c1000 refcount:1 mapcount:0 mapping:ffff00093200c400 index:0x0 compound_mapcount: 0
      flags: 0xffff00000010200(slab|head)
      raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400
      raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff00002303ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
       ffff00002303ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      >ffff000023040000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
       ffff000023040080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff000023040100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      
      Fixes: ee38767f ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms")
      Signed-off-by: default avatarIuliana Prodan <iuliana.prodan@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5af4e8d4
  6. 12 Apr, 2020 1 commit