Commit Graph

1431 Commits

Author SHA1 Message Date
Rahul Pathak 871b88a841 crypto: atmel-sha - Removed unused variable "err"
Removed unused variable "err" and directly return "0"

Reported by coccicheck -
./drivers/crypto/atmel-sha.c:758:5-8: Unneeded variable: "err". Return "0" on line 766

Signed-off-by: Rahul Pathak <rpathak@visteon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-17 16:42:13 +08:00
Haren Myneni 6333ed8f26 crypto: nx-842 - Mask XERS0 bit in return value
NX842 coprocessor sets 3rd bit in CR register with XER[S0] which is
nothing to do with NX request. Since this bit can be set with other
valuable return status, mast this bit.

One of other bits (INITIATED, BUSY or REJECTED) will be returned for
any given NX request.

Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-17 16:42:12 +08:00
Tadeusz Struk 81b312f11d crypto: qat - uint8_t is not large enough for accel_id
accel_id has to be large enough to hold ADF_MAX_DEVICES + 1
(which is > 1025) so uint8_t is too small.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-14 21:03:38 +08:00
Sam Protsenko 50eca2561b crypto: omap-des - Fix "schedule while atomic" bug
When using DES module the next bug appears:

    BUG: scheduling while atomic: kworker/0:1/63/0x00000102

With backtrace as follows:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[<c0012294>] (dump_backtrace) from [<c00124ac>] (show_stack+0x18/0x1c)
[<c0012494>] (show_stack) from [<c0752554>] (dump_stack+0x84/0xc4)
[<c07524d0>] (dump_stack) from [<c0750218>] (__schedule_bug+0x54/0x64)
[<c07501c4>] (__schedule_bug) from [<c07548a4>] (__schedule+0x4ac/0x53c)
[<c07543f8>] (__schedule) from [<c075496c>] (schedule+0x38/0x88)
[<c0754934>] (schedule) from [<c03c3984>] (rpm_resume+0x158/0x59c)
[<c03c382c>] (rpm_resume) from [<c03c3e1c>] (__pm_runtime_resume+0x54/0x6c)
[<c03c3dc8>] (__pm_runtime_resume) from [<c0568ff8>] (omap_des_handle_queue+0x154/0x7bc)
[<c0568ea4>] (omap_des_handle_queue) from [<c05696b8>] (omap_des_crypt+0x58/0xbc)
[<c0569660>] (omap_des_crypt) from [<c0569730>] (omap_des_cbc_decrypt+0x14/0x18)
[<c056971c>] (omap_des_cbc_decrypt) from [<c0297534>] (authenc_verify_ahash_done+0xe0/0xe8)
[<c0297454>] (authenc_verify_ahash_done) from [<c056a330>] (omap_sham_finish_req+0x58/0xa8)
[<c056a2d8>] (omap_sham_finish_req) from [<c056b714>] (omap_sham_done_task+0x1c0/0x1e0)
[<c056b554>] (omap_sham_done_task) from [<c003e53c>] (tasklet_action+0x80/0x118)
[<c003e4bc>] (tasklet_action) from [<c003e740>] (__do_softirq+0x11c/0x260)
[<c003e624>] (__do_softirq) from [<c003eb64>] (irq_exit+0xc0/0xfc)
[<c003eaa4>] (irq_exit) from [<c000f1c4>] (handle_IRQ+0x4c/0x98)
[<c000f178>] (handle_IRQ) from [<c0008568>] (gic_handle_irq+0x34/0x64)
[<c0008534>] (gic_handle_irq) from [<c0758540>] (__irq_svc+0x40/0x70)

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Insight was seen in drivers/crypto/omap-sham.c driver.
All credits for this patch go to Grygorii Strashko.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-14 21:03:37 +08:00
Zeng Xin 40c18a59d2 crypto: qat - enable VF irq after guest exits ungracefully
The VF bundle interrupt is not triggered any more in
the case when guest is shut down with sample app running.
Need to clear the flag interrupt bit when restarting to fix
this irrecoverable state.

Signed-off-by: Zeng Xin <xin.zeng@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-14 21:03:36 +08:00
Tadeusz Struk 75910d375e crypto: qat - select PCI_IOV when VF are enabled
Fix i386-randconfig-x004-12092241.
PCI_IOV needs to be selected when VFs are enabled

Reported-by: <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-11 22:55:17 +08:00
Harvijay Saini 06cabd755a crypto: qat - ring returning retry even though ring has BW
When many threads submit multiple requests they get blocked until all
responses are processed, which prevents them from submitting more requests
even though there is space on the rings.
To fix this we need to decrement the inflight counter early to in the callback.

Signed-off-by: Harvijay Saini <harvijayx.saini@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-11 22:55:16 +08:00
Arnd Bergmann d4b98f20f4 crypto: sahara - fix debug output for 64-bit dma_addr_t
The sahara_dump_descriptors and sahara_dump_links functions attempt
to print a dma_addr_t value with a 0x%08x format string, which
produces a warning when dma_addr_t is 64-bit wide:

drivers/crypto/sahara.c:419:120: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]

This changes the code to use the %pad format string that is meant
for dma_addr_t, which avoids the warning and gives us the correct
output in all configurations.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-10 22:39:50 +08:00
Arnd Bergmann 75d3f811f3 crypto: sahara - fix 64-bit dma_addr_t compilation
The sahara hardware uses DMA descriptors with 32-bit addresses, but
dma_addr_t is variable size depending on whether we want to support
any devices that use 64-bit DMA addresses in hardware.
This means that the definition of the DMA descriptor structure is wrong,
and we helpfully get a compiler warning about them too:

drivers/crypto/sahara.c:423:372: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]

This changes the definition of the sahara_hw_desc and sahara_hw_link
structures to only contain fixed-length members, which is required
to make the driver work on ARM LPAE mode, and avoids most of the
gcc warnings we get.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-10 22:39:48 +08:00
Tadeusz Struk 3771df3cff crypto: qat - add support for c62xvf accel type
Add support for c62x accelerator Virtual Function

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:56 +08:00
Tadeusz Struk 8b206f2d66 crypto: qat - add support for c3xxxvf accel type
Add support for c3xxx accelerator Virtual Function

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:55 +08:00
Tadeusz Struk a6dabee6c8 crypto: qat - add support for c62x accel type
Add support for qat c62x accel type

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:53 +08:00
Tadeusz Struk 890c55f4dc crypto: qat - add support for c3xxx accel type
Add support for c3xxx accel type.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:52 +08:00
Tadeusz Struk 1a72d3a6d1 crypto: qat - move isr files to qat common so that they can be reused
Move qat_isr.c and qat_isrvf.c files to qat_common dir
so that they can be reused by all devices.
Remove adf_drv.h files because thay are not longer needed.
Move adf_dev_configure() function to qat_common so it can be reused.
Also some minor updates to common code for multidevice.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:51 +08:00
Pingchao Yang b0272276d9 crypto: qat - add support for new devices to FW loader
FW loader updates for new qat devices

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:49 +08:00
Tadeusz Struk 9809ebcd0e crypto: qat - add new device definitions
Add dev ids and names for the new device types.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-09 20:03:47 +08:00
Linus Torvalds 9cfe521274 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "This fixes a couple of crypto drivers that were using memcmp to verify
  authentication tags.  They now use crypto_memneq instead"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: talitos - Fix timing leak in ESP ICV verification
  crypto: nx - Fix timing leak in GCM and CCM decryption
2015-12-05 10:46:44 -08:00
Thierry Reding a103a75ad9 crypto: n2 - Use platform_register/unregister_drivers()
These new helpers simplify implementing multi-driver modules and
properly handle failure to register one driver by unregistering all
previously registered drivers.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-04 22:29:57 +08:00
LEROY Christophe 5e75ae1b3c crypto: talitos - add new crypto modes
This patch adds the following algorithms to the talitos driver:
* ecb(aes)
* ctr(aes)
* ecb(des)
* cbc(des)
* ecb(des3_ede)

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-04 22:29:56 +08:00
Leonidas Da Silva Barbosa 0d3d054b43 crypto: vmx - IV size failing on skcipher API
IV size was zero on CBC and CTR modes,
causing a bug triggered by skcipher.

Fixing this  adding a correct size.

Signed-off-by: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Paulo Smorigo <pfsmorigo@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-04 22:29:56 +08:00
Fabio Estevam f456cd2dc8 crypto: caam - pass the correct buffer length
When buffer 0 is used we should use buflen_0 instead of buflen_1.

Fix it.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-04 22:29:56 +08:00
Heiko Stuebner ac7c8e6b6d crypto: rockchip - fix possible deadlock
Lockdep warns about a possible deadlock resulting from the use of regular
spin_locks:

=================================
[ INFO: inconsistent lock state ]
4.4.0-rc2+ #2724 Not tainted
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/0/3 [HC0[0]:SC1[1]:HE1:SE0] takes:
(&(&crypto_info->lock)->rlock){+.?...}, at: [<bf14a65c>] rk_crypto_tasklet_cb+0x24/0xb4 [rk_crypto]
{SOFTIRQ-ON-W} state was registered at:
  [<c007f4ac>] lock_acquire+0x178/0x218
  [<c0759bac>] _raw_spin_lock+0x54/0x64
  [<bf14af88>] rk_handle_req+0x7c/0xbc [rk_crypto]
  [<bf14b040>] rk_des_ecb_encrypt+0x2c/0x30 [rk_crypto]
  [<bf14b05c>] rk_aes_ecb_encrypt+0x18/0x1c [rk_crypto]
  [<c028c820>] skcipher_encrypt_ablkcipher+0x64/0x68
  [<c0290770>] __test_skcipher+0x2a8/0x8dc
  [<c0292e94>] test_skcipher+0x38/0xc4
  [<c0292fb0>] alg_test_skcipher+0x90/0xb0
  [<c0292158>] alg_test+0x1e8/0x280
  [<c028f6f4>] cryptomgr_test+0x34/0x54
  [<c004bbe8>] kthread+0xf4/0x10c
  [<c0010010>] ret_from_fork+0x14/0x24
irq event stamp: 10672
hardirqs last  enabled at (10672): [<c002fac8>] tasklet_action+0x48/0x104
hardirqs last disabled at (10671): [<c002faa0>] tasklet_action+0x20/0x104
softirqs last  enabled at (10658): [<c002ef84>] __do_softirq+0x358/0x49c
softirqs last disabled at (10669): [<c002f108>] run_ksoftirqd+0x40/0x80

other info that might help us debug this:
Possible unsafe locking scenario:

    CPU0
    ----
  lock(&(&crypto_info->lock)->rlock);
  <Interrupt>
    lock(&(&crypto_info->lock)->rlock);

 *** DEADLOCK ***

Fix this by moving to irq-disabling spinlocks.

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-12-04 22:21:48 +08:00
Anton Blanchard dc4fbba11e powerpc: Create disable_kernel_{fp,altivec,vsx,spe}()
The enable_kernel_*() functions leave the relevant MSR bits enabled
until we exit the kernel sometime later. Create disable versions
that wrap the kernel use of FP, Altivec VSX or SPE.

While we don't want to disable it normally for performance reasons
(MSR writes are slow), it will be used for a debug boot option that
does this and catches bad uses in other areas of the kernel.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-12-01 13:52:25 +11:00
Anton Blanchard 1552cd703c crypto: vmx: Only call enable_kernel_vsx()
With the recent change to enable_kernel_vsx(), we no longer need
to call enable_kernel_fp() and enable_kernel_altivec().

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-12-01 13:52:25 +11:00
Zain Wang 433cd2c617 crypto: rockchip - add crypto driver for rk3288
Crypto driver support:
     ecb(aes) cbc(aes) ecb(des) cbc(des) ecb(des3_ede) cbc(des3_ede)
You can alloc tags above in your case.

And other algorithms and platforms will be added later on.

Signed-off-by: Zain Wang <zain.wang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-27 21:19:32 +08:00
saurabh d62112f27e crypto: nx - use of_property_read_u32()
use of_propert_read_u32() for reading int value,
it can help reducing number of variables used

Signed-off-by: Saurabh Sengar <saurabh.truth@gmail.com>
Acked-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-24 18:19:21 +08:00
Geliang Tang 1d4bbc5a6f crypto: padlock-aes - use offset_in_page macro
Use offset_in_page macro instead of (addr & ~PAGE_MASK).

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-24 18:19:19 +08:00
Jim Davis f143fc6735 crypto: qat - fix typo in clean-files
A typo in the Makefile leaves qat_rsaprivkey-asn1.h hanging around.

Signed-off-by: Jim Davis <jim.epost@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-24 18:19:18 +08:00
LABBE Corentin f53e38afdc crypto: picoxcell - set [src|dst]_nents and nents as signed int
The unsigned int variables [src|dst]_nents and nents can be assigned
signed value (-EINVAL) from sg_nents_for_len().
Furthermore they are used only by dma_map_sg and dma_unmap_sg which wait
for an signed int, so they must be set as int.

Fixes: f051f95eb4 ("crypto: picoxcell - check return value of sg_nents_for_len")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-23 20:55:55 +08:00
LABBE Corentin f8e28a0dec crypto: sahara - set nb_[in|out]_sg as signed int
The two unsigned int variables nb_in_sg and nb_out_sg can be assigned
signed value (-EINVAL) from sg_nents_for_len().
Furthermore they are used only by dma_map_sg and dma_unmap_sg which wait
for an signed int, so they must be set as int.

Fixes: 6c2b74d477 ("crypto: sahara - check return value of sg_nents_for_len")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-23 20:55:55 +08:00
Arnd Bergmann 56b85c9d7a crypto: atmel: fix bogus select
The Atmel at91 crypto driver unconditionally selects AT_HDMAC,
which results in a Kconfig warning if that driver is not enabled:

warning: (CRYPTO_DEV_ATMEL_AES) selects AT_HDMAC which has unmet direct dependencies (DMADEVICES && ARCH_AT91)

The crypto driver itself does not actually have a dependency
on a particular dma engine, other than this being the one that
is used in at91.

Removing the 'select' gets rid of the warning, but can cause
the driver to be unusable if the HDMAC is not enabled at the
same time. To work around that, this patch clarifies the runtime
dependency to be 'AT_HDMAC || AT_XDMAC', but adds an alternative
for COMPILE_TEST, which lets the driver get build on all systems.

The ARCH_AT91 dependency is implied by AT_XDMAC || AT_HDMAC now
and no longer needs to be listed separately.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-23 20:55:53 +08:00
Arnd Bergmann 20ecae79e7 crypto: atmel - fix 64-bit warnings
The atmel AES driver assumes that 'int' and 'size_t' are the same
type in multiple locations, which the compiler warns about when
building it for 64-bit systems:

In file included from ../drivers/crypto/atmel-aes.c:17:0:
drivers/crypto/atmel-aes.c: In function 'atmel_aes_sg_copy':
include/linux/kernel.h:724:17: warning: comparison of distinct pointer types lacks a cast
drivers/crypto/atmel-aes.c:448:11: note: in expansion of macro 'min'

drivers/crypto/atmel-aes.c: In function 'atmel_aes_crypt_dma_stop':
include/linux/kern_levels.h:4:18: warning: format '%u' expects argument of type 'unsigned int', but argument 2 has type 'size_t {aka long unsigned int}' [-Wformat=]

This changes the format strings to use the %z modifier when printing
a size_t, and makes sure that we use the correct size_t type where
needed. In case of sg_dma_len(), the type of the result depends
on CONFIG_NEED_SG_DMA_LENGTH, so we have to use min_t to get it to
work in all configurations.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-23 20:55:52 +08:00
Linus Torvalds 864f83a1f6 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
 "This fixes a bug in the qat driver where a user-space pointer is
  dereferenced"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: qat - don't use userspace pointer
2015-11-17 09:40:05 -08:00
LABBE Corentin 4f9ea86604 crypto: sun4i-ss - add missing statesize
sun4i-ss implementaton of md5/sha1 is via ahash algorithms.
Commit 8996eafdcb ("crypto: ahash - ensure statesize is non-zero")
made impossible to load them without giving statesize. This patch
specifiy statesize for sha1 and md5.

Fixes: 6298e94821 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Cc: <stable@vger.kernel.org> # v4.3+
Tested-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:42 +08:00
Markus Elfring f9d1293b3c crypto: ixp4xx - Delete unnecessary checks before the function call "dma_pool_destroy"
The dma_pool_destroy() function tests whether its argument is NULL
and then returns immediately. Thus the test around the calls is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:41 +08:00
Julia Lawall 202a32f046 crypto: qat - constify pci_error_handlers structures
This pci_error_handlers structure is never modified, like all the other
pci_error_handlers structures, so declare it as const.

Done with the help of Coccinelle.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:41 +08:00
LABBE Corentin 7aff7d0abc crypto: amcc - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:38 +08:00
LABBE Corentin f9970c2865 crypto: caam - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.
We do the same for sg_count since it use sg_nents_for_len().

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:38 +08:00
LABBE Corentin f051f95eb4 crypto: picoxcell - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.
In the same time, we remove sg_count() as it is used as an alias of
sg_nents_for_len.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Acked-by: Jamie Iles <jamie@jamieiles.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:37 +08:00
LABBE Corentin 4fa9948ca5 crypto: qce - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:36 +08:00
LABBE Corentin 6c2b74d477 crypto: sahara - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:36 +08:00
LABBE Corentin 8e409fe106 crypto: talitos - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:36 +08:00
LABBE Corentin c22dafb3b1 crypto: marvell - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 22:00:35 +08:00
Salvatore Benedetto c52b673389 crypto: qat - remove superfluous check from adf_probe
- ent->device is already checked at the beginning of the function
   against the same value. This check is a duplicate.

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:37 +08:00
Tadeusz Struk d956fed7b6 crypto: qat - fix get instance function
Fix the logic in case we have found a device on a given node.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:36 +08:00
LABBE Corentin 16f56e8b75 crypto: hifn_795x - fix coding style
The hifn_795x driver is old and have lots of style issue.
This patch try to solve easy ones.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:35 +08:00
LABBE Corentin cfeecab44c crypto: hifn_795x - use dev_xx/pr_xx instead of printk
This patch replace all printk by their dev_xx/pr_xx counterpart.
The patch remove also all custom dprintk by pr_debug/dev_debug

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:35 +08:00
LABBE Corentin 276a2ff1ae crypto: hifn_795x - remove the hifn_test function
The hifn_test function is redundant with test done at register time by
the crypto API, so remove it.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:02 +08:00
Tadeusz Struk b0c8bc1b9d crypto: qat - when stopping all devices make fure VF are stopped first
When stopping all devices make sure VFs are stopped before the
corresponding PF.
VFs will always be after PF so just need to loop back.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-17 21:58:02 +08:00
David Gstir 79960943fd crypto: talitos - Fix timing leak in ESP ICV verification
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-16 21:39:24 +08:00
David Gstir cb8affb55c crypto: nx - Fix timing leak in GCM and CCM decryption
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-16 21:39:23 +08:00
Tadeusz Struk 176155dac1 crypto: qat - don't use userspace pointer
Bugfix - don't dereference userspace pointer.

Cc: stable@vger.kernel.org
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-11-13 18:03:43 +08:00
Linus Torvalds be23c9d20b More power management and ACPI updates for v4.4-rc1
- Support for the ACPI _CCA configuration object intended to tell
    the OS whether or not a bus master device supports hardware
    managed cache coherency and a new set of functions to allow
    drivers to check the cache coherency support for devices in a
    platform firmware interface agnostic way (Suravee Suthikulpanit,
    Jeremy Linton).
 
  - ACPI backlight quirks for ESPRIMO Mobile M9410 and Dell XPS L421X
    (Aaron Lu, Hans de Goede).
 
  - Fixes for the arm_big_little and s5pv210-cpufreq cpufreq drivers
    (Jon Medhurst, Nicolas Pitre).
 
  - kfree()-related fixup for the recently introduced CPPC cpufreq
    frontend (Markus Elfring).
 
  - intel_pstate fix reducing kernel log noise on systems where
    P-states are managed by hardware (Prarit Bhargava).
 
  - intel_pstate maintainers information update (Srinivas Pandruvada).
 
  - cpufreq core optimization related to the handling of delayed work
    items used by governors (Viresh Kumar).
 
  - Locking fixes and cleanups of the Operating Performance Points
    (OPP) framework (Viresh Kumar).
 
  - Generic power domains framework cleanups (Lina Iyer).
 
  - cpupower tool updates (Jacob Tanenbaum, Sriram Raghunathan,
    Thomas Renninger).
 
  - turbostat tool updates (Len Brown).
 
 /
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCAAGBQJWQ96OAAoJEILEb/54YlRxyYYQALJ1HXu76SvYX1re2aawOw6Y
 WgzF3Ly7JX034E1VvA2xP6wgkWpBRBDcpnRDeltNA4dYXPBDei/eTcRZTLX12N3g
 AfFRGjGWTtLJfpNPecNMmUyF5xHjgDgMIQRabY+Is5NfP5STkPHJeqULnEpvTtx8
 bd0lnC5jc4vuZiPEh1xVb+ClYDqWS8YQPyFJVjV/BaIf8Qwe5+oRX36byMBaKc9D
 ZgmvmCk5n/HLQQ1uQsqe4xnhFLHN2rypt2BLvFrOtlnSz9VNNpQyB+OIW1mgCD4f
 LhpKIwjP8NhZNQUq8HFu7nDlm8ciQtWmeMPB5NdGQ+OESu7yfKAOzQ+3U6Gl2Gaf
 66zVGyV6SOJJwfDVJ3qKTtroWps9QV7ZClOJ+zJGgiujwU+tJ3pDQyZM9pa7CL3C
 s7ZAUsI6IigSBjD3nJVOyG4DO0a8KQFCIE1mDmyqId45Qz8xJoOrYP33/ZnDuOdo
 2OtL/emyfWsz9ixbHVfwIhb7EC6aoaUxQrhSWmNraaQS43YfioZR7h4we8gwenph
 X4E1KY4SdML+uFf2VKIcd45NM3IBprCxx5UgFAJdrqe8+otqPNF2AVosG4iqhg/b
 k4nxwuIvw2a8Fm77U9ytyXDYMItU/wIlAHMbnmgx+oTwRv6AbZ07MHkyfuQLYuhD
 tq5Y14qSiTS7prNacx98
 =XZiP
 -----END PGP SIGNATURE-----

Merge tag 'pm+acpi-4.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull more power management and ACPI updates from Rafael Wysocki:
 "The only new feature in this batch is support for the ACPI _CCA device
  configuration object, which it a pre-requisite for future ACPI PCI
  support on ARM64, but should not affect the other architectures.

  The rest is fixes and cleanups, mostly in cpufreq (including
  intel_pstate), the Operating Performace Points (OPP) framework and
  tools (cpupower and turbostat).

  Specifics:

   - Support for the ACPI _CCA configuration object intended to tell the
     OS whether or not a bus master device supports hardware managed
     cache coherency and a new set of functions to allow drivers to
     check the cache coherency support for devices in a platform
     firmware interface agnostic way (Suravee Suthikulpanit, Jeremy
     Linton).

   - ACPI backlight quirks for ESPRIMO Mobile M9410 and Dell XPS L421X
     (Aaron Lu, Hans de Goede).

   - Fixes for the arm_big_little and s5pv210-cpufreq cpufreq drivers
     (Jon Medhurst, Nicolas Pitre).

   - kfree()-related fixup for the recently introduced CPPC cpufreq
     frontend (Markus Elfring).

   - intel_pstate fix reducing kernel log noise on systems where
     P-states are managed by hardware (Prarit Bhargava).

   - intel_pstate maintainers information update (Srinivas Pandruvada).

   - cpufreq core optimization related to the handling of delayed work
     items used by governors (Viresh Kumar).

   - Locking fixes and cleanups of the Operating Performance Points
     (OPP) framework (Viresh Kumar).

   - Generic power domains framework cleanups (Lina Iyer).

   - cpupower tool updates (Jacob Tanenbaum, Sriram Raghunathan, Thomas
     Renninger).

   - turbostat tool updates (Len Brown)"

* tag 'pm+acpi-4.4-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (32 commits)
  PCI: ACPI: Add support for PCI device DMA coherency
  PCI: OF: Move of_pci_dma_configure() to pci_dma_configure()
  of/pci: Fix pci_get_host_bridge_device leak
  device property: ACPI: Remove unused DMA APIs
  device property: ACPI: Make use of the new DMA Attribute APIs
  device property: Adding DMA Attribute APIs for Generic Devices
  ACPI: Adding DMA Attribute APIs for ACPI Device
  device property: Introducing enum dev_dma_attr
  ACPI: Honor ACPI _CCA attribute setting
  cpufreq: CPPC: Delete an unnecessary check before the function call kfree()
  PM / OPP: Add opp_rcu_lockdep_assert() to _find_device_opp()
  PM / OPP: Hold dev_opp_list_lock for writers
  PM / OPP: Protect updates to list_dev with mutex
  PM / OPP: Propagate error properly from dev_pm_opp_set_sharing_cpus()
  cpufreq: s5pv210-cpufreq: fix wrong do_div() usage
  MAINTAINERS: update for intel P-state driver
  Creating a common structure initialization pattern for struct option
  cpupower: Enable disabled Cstates if they are below max latency
  cpupower: Remove debug message when using cpupower idle-set -D switch
  cpupower: cpupower monitor reports uninitialized values for offline cpus
  ...
2015-11-12 11:50:33 -08:00
Rafael J. Wysocki f2115faaf0 Merge branch 'acpi-pci'
* acpi-pci:
  PCI: ACPI: Add support for PCI device DMA coherency
  PCI: OF: Move of_pci_dma_configure() to pci_dma_configure()
  of/pci: Fix pci_get_host_bridge_device leak
  device property: ACPI: Remove unused DMA APIs
  device property: ACPI: Make use of the new DMA Attribute APIs
  device property: Adding DMA Attribute APIs for Generic Devices
  ACPI: Adding DMA Attribute APIs for ACPI Device
  device property: Introducing enum dev_dma_attr
  ACPI: Honor ACPI _CCA attribute setting

Conflicts:
	drivers/crypto/ccp/ccp-platform.c
2015-11-07 01:30:10 +01:00
Suthikulpanit, Suravee 1831eff876 device property: ACPI: Make use of the new DMA Attribute APIs
Now that we have the new DMA attribute APIs, we can replace the older
acpi_check_dma() and device_dma_is_coherent().

Signed-off-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Hanjun Guo <hanjun.guo@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-11-07 01:29:22 +01:00
Linus Torvalds 9cf5c095b6 asm-generic cleanups
The asm-generic changes for 4.4 are mostly a series from Christoph Hellwig
 to clean up various abuses of headers in there. The patch to rename the
 io-64-nonatomic-*.h headers caused some conflicts with new users, so I
 added a workaround that we can remove in the next merge window.
 
 The only other patch is a warning fix from Marek Vasut
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVjzaf2CrR//JCVInAQImmhAA20fZ91sUlnA5skKNPT1phhF6Z7UF2Sx5
 nPKcHQD3HA3lT1OKfPBYvCo+loYflvXFLaQThVylVcnE/8ecAEMtft4nnGW2nXvh
 sZqHIZ8fszTB53cynAZKTjdobD1wu33Rq7XRzg0ugn1mdxFkOzCHW/xDRvWRR5TL
 rdQjzzgvn2PNlqFfHlh6cZ5ykShM36AIKs3WGA0H0Y/aYsE9GmDOAUp41q1mLXnA
 4lKQaIxoeOa+kmlsUB0wEHUecWWWJH4GAP+CtdKzTX9v12bGNhmiKUMCETG78BT3
 uL8irSqaViNwSAS9tBxSpqvmVUsa5aCA5M3MYiO+fH9ifd7wbR65g/wq39D3Pc01
 KnZ3BNVRW5XSA3c86pr8vbg/HOynUXK8TN0lzt6rEk8bjoPBNEDy5YWzy0t6reVe
 wX65F+ver8upjOKe9yl2Jsg+5Kcmy79GyYjLUY3TU2mZ+dIdScy/jIWatXe/OTKZ
 iB4Ctc4MDe9GDECmlPOWf98AXqsBUuKQiWKCN/OPxLtFOeWBvi4IzvFuO8QvnL9p
 jZcRDmIlIWAcDX/2wMnLjV+Hqi3EeReIrYznxTGnO7HHVInF555GP51vFaG5k+SN
 smJQAB0/sostmC1OCCqBKq5b6/li95/No7+0v0SUhJJ5o76AR5CcNsnolXesw1fu
 vTUkB/I66Hk=
 =dQKG
 -----END PGP SIGNATURE-----

Merge tag 'asm-generic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic

Pull asm-generic cleanups from Arnd Bergmann:
 "The asm-generic changes for 4.4 are mostly a series from Christoph
  Hellwig to clean up various abuses of headers in there.  The patch to
  rename the io-64-nonatomic-*.h headers caused some conflicts with new
  users, so I added a workaround that we can remove in the next merge
  window.

  The only other patch is a warning fix from Marek Vasut"

* tag 'asm-generic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
  asm-generic: temporarily add back asm-generic/io-64-nonatomic*.h
  asm-generic: cmpxchg: avoid warnings from macro-ized cmpxchg() implementations
  gpio-mxc: stop including <asm-generic/bug>
  n_tracesink: stop including <asm-generic/bug>
  n_tracerouter: stop including <asm-generic/bug>
  mlx5: stop including <asm-generic/kmap_types.h>
  hifn_795x: stop including <asm-generic/kmap_types.h>
  drbd: stop including <asm-generic/kmap_types.h>
  move count_zeroes.h out of asm-generic
  move io-64-nonatomic*.h out of asm-generic
2015-11-06 14:22:15 -08:00
Linus Torvalds ccc9d4a6d6 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto update from Herbert Xu:
 "API:

   - Add support for cipher output IVs in testmgr
   - Add missing crypto_ahash_blocksize helper
   - Mark authenc and des ciphers as not allowed under FIPS.

Algorithms:

   - Add CRC support to 842 compression
   - Add keywrap algorithm
   - A number of changes to the akcipher interface:
      + Separate functions for setting public/private keys.
      + Use SG lists.

Drivers:

   - Add Intel SHA Extension optimised SHA1 and SHA256
   - Use dma_map_sg instead of custom functions in crypto drivers
   - Add support for STM32 RNG
   - Add support for ST RNG
   - Add Device Tree support to exynos RNG driver
   - Add support for mxs-dcp crypto device on MX6SL
   - Add xts(aes) support to caam
   - Add ctr(aes) and xts(aes) support to qat
   - A large set of fixes from Russell King for the marvell/cesa driver"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (115 commits)
  crypto: asymmetric_keys - Fix unaligned access in x509_get_sig_params()
  crypto: akcipher - Don't #include crypto/public_key.h as the contents aren't used
  hwrng: exynos - Add Device Tree support
  hwrng: exynos - Fix missing configuration after suspend to RAM
  hwrng: exynos - Add timeout for waiting on init done
  dt-bindings: rng: Describe Exynos4 PRNG bindings
  crypto: marvell/cesa - use __le32 for hardware descriptors
  crypto: marvell/cesa - fix missing cpu_to_le32() in mv_cesa_dma_add_op()
  crypto: marvell/cesa - use memcpy_fromio()/memcpy_toio()
  crypto: marvell/cesa - use gfp_t for gfp flags
  crypto: marvell/cesa - use dma_addr_t for cur_dma
  crypto: marvell/cesa - use readl_relaxed()/writel_relaxed()
  crypto: caam - fix indentation of close braces
  crypto: caam - only export the state we really need to export
  crypto: caam - fix non-block aligned hash calculation
  crypto: caam - avoid needlessly saving and restoring caam_hash_ctx
  crypto: caam - print errno code when hash registration fails
  crypto: marvell/cesa - fix memory leak
  crypto: marvell/cesa - fix first-fragment handling in mv_cesa_ahash_dma_last_req()
  crypto: marvell/cesa - rearrange handling for sw padded hashes
  ...
2015-11-04 09:11:12 -08:00
Russell King 6de59d453a crypto: marvell/cesa - use __le32 for hardware descriptors
Much of the driver uses cpu_to_le32() to convert values for descriptors
to little endian before writing.  Use __le32 to define the hardware-
accessed parts of the descriptors, and ensure most places where it's
reasonable to do so use cpu_to_le32() when assigning to these.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:58 +08:00
Russell King ea1f662bde crypto: marvell/cesa - fix missing cpu_to_le32() in mv_cesa_dma_add_op()
When tdma->src is freed in mv_cesa_dma_cleanup(), we convert the DMA
address from a little-endian value prior to calling dma_pool_free().
However, mv_cesa_dma_add_op() assigns tdma->src without first converting
the DMA address to little endian.  Fix this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:57 +08:00
Russell King 0f3304dc18 crypto: marvell/cesa - use memcpy_fromio()/memcpy_toio()
Use the IO memcpy() functions when copying from/to MMIO memory.
These locations were found via sparse.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:57 +08:00
Russell King 35622eae18 crypto: marvell/cesa - use gfp_t for gfp flags
Use gfp_t not u32 for the GFP flags.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:56 +08:00
Russell King 5d754137ab crypto: marvell/cesa - use dma_addr_t for cur_dma
cur_dma is part of the software state, not read by the hardware.
Storing it in LE32 format is wrong, use dma_addr_t for this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:56 +08:00
Russell King b150856152 crypto: marvell/cesa - use readl_relaxed()/writel_relaxed()
Use relaxed IO accessors where appropriate.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:13:55 +08:00
Russell King 659f313dcf crypto: caam - fix indentation of close braces
The kernel's coding style suggests that closing braces for initialisers
should not be aligned to the open brace column.  The CodingStyle doc
shows how this should be done.  Remove the additional tab.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:11 +08:00
Russell King 5ec908319a crypto: caam - only export the state we really need to export
Avoid exporting lots of state by only exporting what we really require,
which is the buffer containing the set of pending bytes to be hashed,
number of pending bytes, the context buffer, and the function pointer
state.  This reduces down the exported state size to 216 bytes from
576 bytes.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:11 +08:00
Russell King c7556ff7e3 crypto: caam - fix non-block aligned hash calculation
caam does not properly calculate the size of the retained state
when non-block aligned hashes are requested - it uses the wrong
buffer sizes, which results in errors such as:

caam_jr 2102000.jr1: 40000501: DECO: desc idx 5: SGT Length Error. The descriptor is trying to read more data than is contained in the SGT table.

We end up here with:

in_len 0x46 blocksize 0x40 last_bufsize 0x0 next_bufsize 0x6
to_hash 0x40 ctx_len 0x28 nbytes 0x20

which results in a job descriptor of:

jobdesc@889: ed03d918: b0861c08 3daa0080 f1400000 3d03d938
jobdesc@889: ed03d928: 00000068 f8400000 3cde2a40 00000028

where the word at 0xed03d928 is the expected data size (0x68), and a
scatterlist containing:

sg@892: ed03d938: 00000000 3cde2a40 00000028 00000000
sg@892: ed03d948: 00000000 3d03d100 00000006 00000000
sg@892: ed03d958: 00000000 7e8aa700 40000020 00000000

0x68 comes from 0x28 (the context size) plus the "in_len" rounded down
to a block size (0x40).  in_len comes from 0x26 bytes of unhashed data
from the previous operation, plus the 0x20 bytes from the latest
operation.

The fixed version would create:

sg@892: ed03d938: 00000000 3cde2a40 00000028 00000000
sg@892: ed03d948: 00000000 3d03d100 00000026 00000000
sg@892: ed03d958: 00000000 7e8aa700 40000020 00000000

which replaces the 0x06 length with the correct 0x26 bytes of previously
unhashed data.

This fixes a previous commit which erroneously "fixed" this due to a
DMA-API bug report; that commit indicates that the bug was caused via a
test_ahash_pnum() function in the tcrypt module.  No such function has
ever existed in the mainline kernel.  Given that the change in this
commit has been tested with DMA API debug enabled and shows no issue,
I can only conclude that test_ahash_pnum() was triggering that bad
behaviour by CAAM.

Fixes: 7d5196aba3 ("crypto: caam - Correct DMA unmap size in ahash_update_ctx()")
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:10 +08:00
Russell King 434b421241 crypto: caam - avoid needlessly saving and restoring caam_hash_ctx
When exporting and importing the hash state, we will only export and
import into hashes which share the same struct crypto_ahash pointer.
(See hash_accept->af_alg_accept->hash_accept_parent.)

This means that saving the caam_hash_ctx structure on export, and
restoring it on import is a waste of resources.  So, remove this code.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:10 +08:00
Russell King 6ea30f0acf crypto: caam - print errno code when hash registration fails
Print the errno code when hash registration fails, so we know why the
failure occurred.  This aids debugging.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:09 +08:00
Boris Brezillon 8c07f3a8c4 crypto: marvell/cesa - fix memory leak
To: Boris Brezillon <boris.brezillon@free-electrons.com>,Arnaud Ebalard <arno@natisbad.org>,Thomas Petazzoni <thomas.petazzoni@free-electrons.com>,Jason Cooper <jason@lakedaemon.net>

The local chain variable is not cleaned up if an error occurs in the middle
of DMA chain creation. Fix that by dropping the local chain variable and
using the dreq->chain field which will be cleaned up by
mv_cesa_dma_cleanup() in case of errors.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:09 +08:00
Russell King 8efbc2c0f6 crypto: marvell/cesa - fix first-fragment handling in mv_cesa_ahash_dma_last_req()
When adding the software padding, this must be done using the first/mid
fragment mode, and any subsequent operation needs to be a mid-fragment.
Fix this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:09 +08:00
Russell King ab270e7055 crypto: marvell/cesa - rearrange handling for sw padded hashes
Rearrange the last request handling for hashes which require software
padding.

We prepare the padding to be appended, and then append as much of the
padding to any existing data that's already queued up, adding an
operation block and launching the operation.

Any remainder is then appended as a separate operation.

This ensures that the hardware only ever sees multiples of the hash
block size to be operated on for software padded hashes, thus ensuring
that the engine always indicates that it has finished the calculation.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:08 +08:00
Russell King aee84a7e6e crypto: marvell/cesa - rearrange handling for hw finished hashes
Rearrange the last request handling for hardware finished hashes
by moving the generation of the fragment operation into this path.
This results in a simplified sequence to handle this case, and
allows us to move the software padded case further down into the
function.  Add comments describing these parts.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:08 +08:00
Russell King 58953e15ef crypto: marvell/cesa - rearrange last request handling
Move the test for the last request out of mv_cesa_ahash_dma_last_req()
to its caller, and move the mv_cesa_dma_add_frag() down into this
function.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:08 +08:00
Russell King e41bbebdde crypto: marvell/cesa - avoid adding final operation within loop
Avoid adding the final operation within the loop, but instead add it
outside.  We combine this with the handling for the no-data case.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:07 +08:00
Russell King bd274b1085 crypto: marvell/cesa - ensure iter.base.op_len is the full op length
When we process the last request of data, and the request contains user
data, the loop in mv_cesa_ahash_dma_req_init() marks the first data size
as being iter.base.op_len which does not include the size of the cache
data.  This means we end up hashing an insufficient amount of data.

Fix this by always including the cache size in the first operation
length of any request.

This has the effect that for a request containing no user data,

	iter.base.op_len === iter.src.op_offset === creq->cache_ptr

As a result, we include one further change to use iter.base.op_len in
the cache-but-no-user-data case to make the next change clearer.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:07 +08:00
Russell King d9bba4c3eb crypto: marvell/cesa - use presence of scatterlist to determine data load
Use the presence of the scatterlist to determine whether we should load
any new user data to the engine.  The following shall always be true at
this point:

	iter.base.op_len == 0 === iter.src.sg

In doing so, we can:

1. eliminate the test for iter.base.op_len inside the loop, which
   makes the loop operation more obvious and understandable.

2. move the operation generation for the cache-only case.

This prepares the code for the next step in its transformation, and also
uncovers a bug that will be fixed in the next patch.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:06 +08:00
Russell King 0971d09a85 crypto: marvell/cesa - move mv_cesa_dma_add_frag() calls
Move the calls to mv_cesa_dma_add_frag() into the parent function,
mv_cesa_ahash_dma_req_init().  This is in preparation to changing
when we generate the operation blocks, as we need to avoid generating
a block for a partial hash block at the end of the user data.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:06 +08:00
Russell King 2f396a91d1 crypto: marvell/cesa - always ensure mid-fragments after first-fragment
If we add a template first-fragment operation, always update the
template to be a mid-fragment.  This ensures that mid-fragments
always follow on from a first fragment in every case.

This means we can move the first to mid-fragment update code out of
mv_cesa_ahash_dma_add_data().

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:05 +08:00
Russell King 9621288673 crypto: marvell/cesa - factor out adding an operation and launching it
Add a helper to add the fragment operation block followed by the DMA
entry to launch the operation.

Although at the moment this pattern only strictly appears at one site,
two other sites can be factored as well by slightly changing the order
in which the DMA operations are performed.  This should be harmless as
the only thing which matters is to have all the data loaded into SRAM
prior to launching the operation.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:05 +08:00
Russell King 8651791e54 crypto: marvell/cesa - factor out first fragment decisions to helper
Multiple locations in the driver test the operation context fragment
type, checking whether it is a first fragment or not.  Introduce a
mv_cesa_mac_op_is_first_frag() helper, which returns true if the
fragment operation is for a first fragment.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:11:04 +08:00
Russell King c439e4eec7 crypto: marvell/cesa - const-ify argument to mv_cesa_get_op_cfg()
mv_cesa_get_op_cfg() does not write to its argument, it only reads.
So, let's make it const.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:52 +08:00
Russell King d30cb2fa34 crypto: marvell/cesa - ensure template operation is initialised
Ensure that the template operation is fully initialised, otherwise we
end up loading data from the kernel stack into the engines, which can
upset the hash results.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:52 +08:00
Russell King 51954a968b crypto: marvell/cesa - fix the bit length endianness
The endianness of the bit length used in the final stage depends on the
endianness of the algorithm - md5 hashes need it to be in little endian
format, whereas SHA hashes need it in big endian format.  Use the
previously added algorithm endianness flag to control this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:51 +08:00
Russell King a9eb678f8a crypto: marvell/cesa - add flag to determine algorithm endianness
Rather than determining whether we're using a MD5 hash by looking at
the digest size, switch to a cleaner solution using a per-request flag
initialised by the method type.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:51 +08:00
Russell King 4c2b130c8a crypto: marvell/cesa - keep creq->state in CPU endian format at all times
Currently, we read/write the state in CPU endian, but on the final
request, we convert its endian according to the requested algorithm.
(md5 is little endian, SHA are big endian.)

Always keep creq->state in CPU native endian format, and perform the
necessary conversion when copying the hash to the result.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:50 +08:00
Russell King 80754539ec crypto: marvell/cesa - easier way to get the transform
There's an easier way to get at the hash transform - rather than
using crypto_ahash_tfm(ahash), we can get it directly from
req->base.tfm.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:49 +08:00
Tadeusz Struk 4a4b0bad06 crypto: qat - fix crypto_get_instance_node function
qat_crypto_get_instance_node function needs to handle situation when the
first dev in the list is not started.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-20 22:10:47 +08:00
LABBE Corentin 50826874f0 crypto: n2 - set array of const as const
Some array of const char are not set as const.
This patch fix that.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-15 21:05:20 +08:00
LABBE Corentin cac367bfc1 crypto: sahara - set array of const as const
Some array of const char are not set as const.
This patch fix that.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-15 21:05:18 +08:00
Christoph Hellwig ac8427b9eb hifn_795x: stop including <asm-generic/kmap_types.h>
<linux/highmem.h> is the placace the get the kmap type flags, asm-generic
files are generic implementations only to be used by architecture code.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-15 00:21:09 +02:00
LABBE Corentin 5a4eea2658 crypto: ux500 - Use devm_xxx() managed function
Using the devm_xxx() managed function to stripdown the error
and remove code.
In the same time, we replace request_mem_region/ioremap by the unified
devm_ioremap_resource() function.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:38 +08:00
LABBE Corentin b0e8b3417a crypto: atmel - use devm_xxx() managed function
Using the devm_xxx() managed function to stripdown the error and remove
code.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:38 +08:00
Arnd Bergmann dc97fa0232 crypto: mxs-dcp - mxs-dcp is an stmp device
The mxs-dcp driver relies on the stmp_reset_block() helper function, which
is provided by CONFIG_STMP_DEVICE. This symbol is always set on MXS,
but the driver can now also be built for MXC (i.MX6), which results
in a built error if no other driver selects STMP_DEVICE:

drivers/built-in.o: In function `mxs_dcp_probe':
vf610-ocotp.c:(.text+0x3df302): undefined reference to `stmp_reset_block'

This adds the 'select', like all other stmp drivers have it.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: a2712e6c75 ("crypto: mxs-dcp - Allow MXS_DCP to be used on MX6SL")
Acked-by: Marek Vasut <marex@denx.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:37 +08:00
Russell King a6479ea487 crypto: marvell/cesa - factor out common import/export functions
As all the import functions and export functions are virtually
identical, factor out their common parts into a generic
mv_cesa_ahash_import() and mv_cesa_ahash_export() respectively.  This
performs the actual import or export, and we pass the data pointers and
length into these functions.

We have to switch a % const operation to do_div() in the common import
function to avoid provoking gcc to use the expensive 64-bit by 64-bit
modulus operation.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:18 +08:00
Russell King c3bf02a22c crypto: marvell/cesa - fix wrong hash results
Attempting to use the sha1 digest for openssh via openssl reveals that
the result from the hash is wrong: this happens when we export the
state from one socket and import it into another via calling accept().

The reason for this is because the operation is reset to "initial block"
state, whereas we may be past the first fragment of data to be hashed.

Arrange for the operation code to avoid the initialisation of the state,
thereby preserving the imported state.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:18 +08:00
Russell King e72f407ee7 crypto: marvell/cesa - initialise struct mv_cesa_ahash_req
When a AF_ALG fd is accepted a second time (hence hash_accept() is
used), hash_accept_parent() allocates a new private context using
sock_kmalloc().  This context is uninitialised.  After use of the new
fd, we eventually end up with the kernel complaining:

marvell-cesa f1090000.crypto: dma_pool_free cesa_padding, c0627770/0 (bad dma)

where c0627770 is a random address.  Poisoning the memory allocated by
the above sock_kmalloc() produces kernel oopses within the marvell hash
code, particularly the interrupt handling.

The following simplfied call sequence occurs:

hash_accept()
  crypto_ahash_export()
    marvell hash export function
  af_alg_accept()
    hash_accept_parent()	<== allocates uninitialised struct hash_ctx
  crypto_ahash_import()
    marvell hash import function

hash_ctx contains the struct mv_cesa_ahash_req in its req.__ctx member,
and, as the marvell hash import function only partially initialises
this structure, we end up with a lot of members which are left with
whatever data was in memory prior to sock_kmalloc().

Add zero-initialisation of this structure.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Boris Brezillon <boris.brezillon@free-electronc.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:18 +08:00
Russell King 9f5594c91e crypto: marvell/cesa - fix stack smashing in marvell/hash.c
Several of the algorithms in marvell/hash.c have a statesize of zero.
When an AF_ALG accept() on an already-accepted file descriptor to
calls into hash_accept(), this causes:

	char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req))];

to be zero-sized, but we still pass this to:

	err = crypto_ahash_export(req, state);

which proceeds to write to 'state' as if it was a "struct md5_state",
"struct sha1_state" etc.  Add the necessary initialisers for the
.statesize member.

Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:17 +08:00
Haren Myneni ea0b3984c1 crypto: 842 - Add CRC and validation support
This patch adds CRC generation and validation support for nx-842.
Add CRC flag so that nx842 coprocessor includes CRC during compression
and validates during decompression.

Also changes in 842 SW compression to append CRC value at the end
of template and checks during decompression.

Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:17 +08:00
Tadeusz Struk 22287b0b59 crypto: akcipher - Changes to asymmetric key API
Setkey function has been split into set_priv_key and set_pub_key.
Akcipher requests takes sgl for src and dst instead of void *.
Users of the API i.e. two existing RSA implementation and
test mgr code have been updated accordingly.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14 22:23:16 +08:00
LABBE Corentin 9d83d29954 crypto: atmel - Check for clk_prepare_enable() return value
clk_prepare_enable() can fail so add a check for this and
return the error code if it fails.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-08 21:42:21 +08:00