[PATCH] crypto: testmgr: use consistent format for errors

[Gilad Ben-Yossef]

Fix inconsistent format and spelling in hash tests error messages.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/testmgr.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 6f5f3ed..8c68c99 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -218,14 +218,14 @@ static int ahash_partial_update(struct ahash_request 
**preq,
crypto_ahash_reqtfm(req));
state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
if (!state) {
-   pr_err("alt: hash: Failed to alloc state for %s\n", algo);
+   pr_err("alg: hash: Failed to alloc state for %s\n", algo);
goto out_nostate;
}
memcpy(state + statesize, guard, sizeof(guard));
ret = crypto_ahash_export(req, state);
WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
if (ret) {
-   pr_err("alt: hash: Failed to export() for %s\n", algo);
+   pr_err("alg: hash: Failed to export() for %s\n", algo);
goto out;
}
ahash_request_free(req);
@@ -344,19 +344,19 @@ static int __test_hash(struct crypto_ahash *tfm,
} else {
ret = wait_async_op(, crypto_ahash_init(req));
if (ret) {
-   pr_err("alt: hash: init failed on test %d "
+   pr_err("alg: hash: init failed on test %d "
   "for %s: ret=%d\n", j, algo, -ret);
goto out;
}
ret = wait_async_op(, crypto_ahash_update(req));
if (ret) {
-   pr_err("alt: hash: update failed on test %d "
+   pr_err("alg: hash: update failed on test %d "
   "for %s: ret=%d\n", j, algo, -ret);
goto out;
}
ret = wait_async_op(, crypto_ahash_final(req));
if (ret) {
-   pr_err("alt: hash: final failed on test %d "
+   pr_err("alg: hash: final failed on test %d "
   "for %s: ret=%d\n", j, algo, -ret);
goto out;
}
@@ -488,13 +488,13 @@ static int __test_hash(struct crypto_ahash *tfm,
ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
ret = wait_async_op(, crypto_ahash_init(req));
if (ret) {
-   pr_err("alt: hash: init failed on test %d for %s: 
ret=%d\n",
+   pr_err("alg: hash: init failed on test %d for %s: 
ret=%d\n",
j, algo, -ret);
goto out;
}
ret = wait_async_op(, crypto_ahash_update(req));
if (ret) {
-   pr_err("alt: hash: update failed on test %d for %s: 
ret=%d\n",
+   pr_err("alg: hash: update failed on test %d for %s: 
ret=%d\n",
j, algo, -ret);
goto out;
}
@@ -505,7 +505,7 @@ static int __test_hash(struct crypto_ahash *tfm,
hash_buff, k, temp, [0], algo, result,
);
if (ret) {
-   pr_err("hash: partial update failed on test %d 
for %s: ret=%d\n",
+   pr_err("alg: hash: partial update failed on 
test %d for %s: ret=%d\n",
j, algo, -ret);
goto out_noreq;
}
@@ -513,7 +513,7 @@ static int __test_hash(struct crypto_ahash *tfm,
}
ret = wait_async_op(, crypto_ahash_final(req));
if (ret) {
-   pr_err("alt: hash: final failed on test %d for %s: 
ret=%d\n",
+   pr_err("alg: hash: final failed on test %d for %s: 
ret=%d\n",
j, algo, -ret);
goto out;
}
-- 
2.1.4

[PATCH RFC v2 2/8] random: add get_random_{bytes,u32,u64,int,long,once}_wait family

[Jason A. Donenfeld]

These functions are simple convenience wrappers that call
wait_for_random_bytes before calling the respective get_random_*
function.

Signed-off-by: Jason A. Donenfeld 
---
 include/linux/net.h|  2 ++
 include/linux/once.h   |  2 ++
 include/linux/random.h | 25 +
 3 files changed, 29 insertions(+)

diff --git a/include/linux/net.h b/include/linux/net.h
index abcfa46a2bd9..dda2cc939a53 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -274,6 +274,8 @@ do {
\
 
 #define net_get_random_once(buf, nbytes)   \
get_random_once((buf), (nbytes))
+#define net_get_random_once_wait(buf, nbytes)  \
+   get_random_once_wait((buf), (nbytes))
 
 int kernel_sendmsg(struct socket *sock, struct msghdr *msg, struct kvec *vec,
   size_t num, size_t len);
diff --git a/include/linux/once.h b/include/linux/once.h
index 285f12cb40e6..9c98aaa87cbc 100644
--- a/include/linux/once.h
+++ b/include/linux/once.h
@@ -53,5 +53,7 @@ void __do_once_done(bool *done, struct static_key *once_key,
 
 #define get_random_once(buf, nbytes)\
DO_ONCE(get_random_bytes, (buf), (nbytes))
+#define get_random_once_wait(buf, nbytes)\
+   DO_ONCE(get_random_bytes_wait, (buf), (nbytes))  \
 
 #endif /* _LINUX_ONCE_H */
diff --git a/include/linux/random.h b/include/linux/random.h
index e29929347c95..4aecc339558d 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -58,6 +58,31 @@ static inline unsigned long get_random_long(void)
 #endif
 }
 
+/* Calls wait_for_random_bytes() and then calls get_random_bytes(buf, nbytes).
+ * Returns the result of the call to wait_for_random_bytes. */
+static inline int get_random_bytes_wait(void *buf, int nbytes)
+{
+   int ret = wait_for_random_bytes();
+   if (unlikely(ret))
+   return ret;
+   get_random_bytes(buf, nbytes);
+   return 0;
+}
+
+#define declare_get_random_var_wait(var) \
+   static inline int get_random_ ## var ## _wait(var *out) { \
+   int ret = wait_for_random_bytes(); \
+   if (unlikely(ret)) \
+   return ret; \
+   *out = get_random_ ## var(); \
+   return 0; \
+   }
+declare_get_random_var_wait(u32)
+declare_get_random_var_wait(u64)
+declare_get_random_var_wait(int)
+declare_get_random_var_wait(long)
+#undef declare_get_random_var
+
 unsigned long randomize_page(unsigned long start, unsigned long range);
 
 u32 prandom_u32(void);
-- 
2.13.0

[PATCH RFC v2 1/8] random: add synchronous API for the urandom pool

[Jason A. Donenfeld]

This enables users of get_random_{bytes,u32,u64,int,long} to wait until
the pool is ready before using this function, in case they actually want
to have reliable randomness.

Signed-off-by: Jason A. Donenfeld 
---
 drivers/char/random.c  | 41 +++--
 include/linux/random.h |  1 +
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 0ab024918907..035a5d7c06bd 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -844,11 +844,6 @@ static void crng_reseed(struct crng_state *crng, struct 
entropy_store *r)
spin_unlock_irqrestore(_crng.lock, flags);
 }
 
-static inline void crng_wait_ready(void)
-{
-   wait_event_interruptible(crng_init_wait, crng_ready());
-}
-
 static void _extract_crng(struct crng_state *crng,
  __u8 out[CHACHA20_BLOCK_SIZE])
 {
@@ -1466,7 +1461,10 @@ static ssize_t extract_entropy_user(struct entropy_store 
*r, void __user *buf,
  * number of good random numbers, suitable for key generation, seeding
  * TCP sequence numbers, etc.  It does not rely on the hardware random
  * number generator.  For random bytes direct from the hardware RNG
- * (when available), use get_random_bytes_arch().
+ * (when available), use get_random_bytes_arch(). In order to ensure
+ * that the randomness provided by this function is okay, the function
+ * wait_for_random_bytes() should be called and return 0 at least once
+ * at any point prior.
  */
 void get_random_bytes(void *buf, int nbytes)
 {
@@ -1496,6 +1494,24 @@ void get_random_bytes(void *buf, int nbytes)
 EXPORT_SYMBOL(get_random_bytes);
 
 /*
+ * Wait for the urandom pool to be seeded and thus guaranteed to supply
+ * cryptographically secure random numbers. This applies to: the /dev/urandom
+ * device, the get_random_bytes function, and the get_random_{u32,u64,int,long}
+ * family of functions. Using any of these functions without first calling
+ * this function forfeits the guarantee of security.
+ *
+ * Returns: 0 if the urandom pool has been seeded.
+ *  -ERESTARTSYS if the function was interrupted by a signal.
+ */
+int wait_for_random_bytes(void)
+{
+   if (likely(crng_ready()))
+   return 0;
+   return wait_event_interruptible(crng_init_wait, crng_ready());
+}
+EXPORT_SYMBOL(wait_for_random_bytes);
+
+/*
  * Add a callback function that will be invoked when the nonblocking
  * pool is initialised.
  *
@@ -1849,6 +1865,8 @@ const struct file_operations urandom_fops = {
 SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count,
unsigned int, flags)
 {
+   int ret;
+
if (flags & ~(GRND_NONBLOCK|GRND_RANDOM))
return -EINVAL;
 
@@ -1861,9 +1879,9 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, 
count,
if (!crng_ready()) {
if (flags & GRND_NONBLOCK)
return -EAGAIN;
-   crng_wait_ready();
-   if (signal_pending(current))
-   return -ERESTARTSYS;
+   ret = wait_for_random_bytes();
+   if (unlikely(ret))
+   return ret;
}
return urandom_read(NULL, buf, count, NULL);
 }
@@ -2023,7 +2041,10 @@ struct batched_entropy {
 /*
  * Get a random word for internal kernel use only. The quality of the random
  * number is either as good as RDRAND or as good as /dev/urandom, with the
- * goal of being quite fast and not depleting entropy.
+ * goal of being quite fast and not depleting entropy. In order to ensure
+ * that the randomness provided by this function is okay, the function
+ * wait_for_random_bytes() should be called and return 0 at least once
+ * at any point prior.
  */
 static DEFINE_PER_CPU(struct batched_entropy, batched_entropy_u64);
 u64 get_random_u64(void)
diff --git a/include/linux/random.h b/include/linux/random.h
index ed5c3838780d..e29929347c95 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -34,6 +34,7 @@ extern void add_input_randomness(unsigned int type, unsigned 
int code,
 extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
 
 extern void get_random_bytes(void *buf, int nbytes);
+extern int wait_for_random_bytes(void);
 extern int add_random_ready_callback(struct random_ready_callback *rdy);
 extern void del_random_ready_callback(struct random_ready_callback *rdy);
 extern void get_random_bytes_arch(void *buf, int nbytes);
-- 
2.13.0

[PATCH RFC v2 8/8] ceph: ensure RNG is seeded before using

[Jason A. Donenfeld]

Ceph uses the RNG for various nonce generations, and it shouldn't accept
using bad randomness. So, we wait for the RNG to be properly seeded. We
do this by calling wait_for_random_bytes() in a function that is
certainly called in process context, early on, so that all subsequent
calls to get_random_bytes are necessarily acceptable.

Signed-off-by: Jason A. Donenfeld 
Cc: Ilya Dryomov 
Cc: "Yan, Zheng" 
Cc: Sage Weil 
---
 net/ceph/ceph_common.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 4fd02831beed..26ab58665f77 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -611,7 +611,11 @@ struct ceph_client *ceph_create_client(struct ceph_options 
*opt, void *private)
 {
struct ceph_client *client;
struct ceph_entity_addr *myaddr = NULL;
-   int err = -ENOMEM;
+   int err;
+
+   err = wait_for_random_bytes();
+   if (err < 0)
+   return ERR_PTR(err);
 
client = kzalloc(sizeof(*client), GFP_KERNEL);
if (client == NULL)
-- 
2.13.0

[PATCH RFC v2 4/8] crypto/rng: ensure that the RNG is ready before using

[Jason A. Donenfeld]

Otherwise, we might be seeding the RNG using bad randomness, which is
dangerous.

Cc: Herbert Xu 
Signed-off-by: Jason A. Donenfeld 
---
 crypto/rng.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/rng.c b/crypto/rng.c
index f46dac5288b9..e042437e64b4 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -48,12 +48,14 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 
*seed, unsigned int slen)
if (!buf)
return -ENOMEM;
 
-   get_random_bytes(buf, slen);
+   err = get_random_bytes_wait(buf, slen);
+   if (err)
+   goto out;
seed = buf;
}
 
err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
-
+out:
kzfree(buf);
return err;
 }
-- 
2.13.0

[PATCH RFC v2 5/8] security/keys: ensure RNG is seeded before use

[Jason A. Donenfeld]

Otherwise, we might use bad random numbers which, particularly in the
case of IV generation, could be quite bad. It makes sense to use the
synchronous API here, because we're always in process context (as the
code is littered with GFP_KERNEL and the like).

Signed-off-by: Jason A. Donenfeld 
Cc: David Howells 
Cc: Mimi Zohar 
Cc: David Safford 
---
 security/keys/encrypted-keys/encrypted.c |  8 +---
 security/keys/key.c  | 13 +
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/security/keys/encrypted-keys/encrypted.c 
b/security/keys/encrypted-keys/encrypted.c
index 0010955d7876..d51a28fc5cd5 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -777,10 +777,12 @@ static int encrypted_init(struct encrypted_key_payload 
*epayload,
 
__ekey_init(epayload, format, master_desc, datalen);
if (!hex_encoded_iv) {
-   get_random_bytes(epayload->iv, ivsize);
+   ret = get_random_bytes_wait(epayload->iv, ivsize);
+   if (unlikely(ret))
+   return ret;
 
-   get_random_bytes(epayload->decrypted_data,
-epayload->decrypted_datalen);
+   ret = get_random_bytes_wait(epayload->decrypted_data,
+   epayload->decrypted_datalen);
} else
ret = encrypted_key_decrypt(epayload, format, hex_encoded_iv);
return ret;
diff --git a/security/keys/key.c b/security/keys/key.c
index 455c04d80bbb..1e0367475a4c 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -134,15 +134,18 @@ void key_user_put(struct key_user *user)
  * Allocate a serial number for a key.  These are assigned randomly to avoid
  * security issues through covert channel problems.
  */
-static inline void key_alloc_serial(struct key *key)
+static inline int key_alloc_serial(struct key *key)
 {
struct rb_node *parent, **p;
struct key *xkey;
+   int ret;
 
/* propose a random serial number and look for a hole for it in the
 * serial number tree */
do {
-   get_random_bytes(>serial, sizeof(key->serial));
+   ret = get_random_bytes_wait(>serial, sizeof(key->serial));
+   if (unlikely(ret))
+   return ret;
 
key->serial >>= 1; /* negative numbers are not permitted */
} while (key->serial < 3);
@@ -170,7 +173,7 @@ static inline void key_alloc_serial(struct key *key)
rb_insert_color(>serial_node, _serial_tree);
 
spin_unlock(_serial_lock);
-   return;
+   return 0;
 
/* we found a key with the proposed serial number - walk the tree from
 * that point looking for the next unused serial number */
@@ -314,7 +317,9 @@ struct key *key_alloc(struct key_type *type, const char 
*desc,
 
/* publish the key by giving it a serial number */
atomic_inc(>nkeys);
-   key_alloc_serial(key);
+   ret = key_alloc_serial(key);
+   if (ret < 0)
+   goto security_error;
 
 error:
return key;
-- 
2.13.0

[PATCH RFC v2 7/8] bluetooth/smp: ensure RNG is properly seeded before ECDH use

[Jason A. Donenfeld]

This protocol uses lots of complex cryptography that relies on securely
generated random numbers. Thus, it's important that the RNG is actually
seeded before use. Fortuantely, it appears we're always operating in
process context (there are many GFP_KERNEL allocations and other
sleeping operations), and so we can simply demand that the RNG is seeded
before we use it.

We take two strategies in this commit. The first is for the library code
that's called from other modules like hci or mgmt: here we just change
the call to get_random_bytes_wait, and return the result of the wait to
the caller, along with the other error codes of those functions like
usual. Then there's the SMP protocol handler itself, which makes many
many many calls to get_random_bytes during different phases. For this,
rather than have to change all the calls to get_random_bytes_wait and
propagate the error result, it's actually enough to just put a single
call to wait_for_random_bytes() at the beginning of the handler, to
ensure that all the subsequent invocations are safe, without having to
actually change them. Likewise, for the random address changing
function, we'd rather know early on in the function whether the RNG
initialization has been interrupted, rather than later, so we call
wait_for_random_bytes() at the top, so that later on the call to
get_random_bytes() is acceptable.

Signed-off-by: Jason A. Donenfeld 
Cc: Marcel Holtmann 
Cc: Gustavo Padovan 
Cc: Johan Hedberg 
---
 net/bluetooth/hci_request.c |  6 ++
 net/bluetooth/smp.c | 18 ++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c
index b5faff458d8b..4078057c4fd7 100644
--- a/net/bluetooth/hci_request.c
+++ b/net/bluetooth/hci_request.c
@@ -1406,6 +1406,12 @@ int hci_update_random_address(struct hci_request *req, 
bool require_privacy,
struct hci_dev *hdev = req->hdev;
int err;
 
+   if (require_privacy) {
+   err = wait_for_random_bytes();
+   if (unlikely(err))
+   return err;
+   }
+
/* If privacy is enabled use a resolvable private address. If
 * current RPA has expired or there is something else than
 * the current RPA in use, then generate a new one.
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 14585edc9439..5fef1bc96f42 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -537,7 +537,9 @@ int smp_generate_rpa(struct hci_dev *hdev, const u8 
irk[16], bdaddr_t *rpa)
 
smp = chan->data;
 
-   get_random_bytes(>b[3], 3);
+   err = get_random_bytes_wait(>b[3], 3);
+   if (unlikely(err))
+   return err;
 
rpa->b[5] &= 0x3f;  /* Clear two most significant bits */
rpa->b[5] |= 0x40;  /* Set second most significant bit */
@@ -570,7 +572,9 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 
rand[16])
} else {
while (true) {
/* Seed private key with random number */
-   get_random_bytes(smp->local_sk, 32);
+   err = get_random_bytes_wait(smp->local_sk, 32);
+   if (unlikely(err))
+   return err;
 
/* Generate local key pair for Secure Connections */
if (!generate_ecdh_keys(smp->local_pk, smp->local_sk))
@@ -589,7 +593,9 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 
rand[16])
SMP_DBG("OOB Public Key Y: %32phN", smp->local_pk + 32);
SMP_DBG("OOB Private Key:  %32phN", smp->local_sk);
 
-   get_random_bytes(smp->local_rand, 16);
+   err = get_random_bytes_wait(smp->local_rand, 16);
+   if (unlikely(err))
+   return err;
 
err = smp_f4(smp->tfm_cmac, smp->local_pk, smp->local_pk,
 smp->local_rand, 0, hash);
@@ -2831,7 +2837,11 @@ static int smp_sig_channel(struct l2cap_chan *chan, 
struct sk_buff *skb)
struct hci_conn *hcon = conn->hcon;
struct smp_chan *smp;
__u8 code, reason;
-   int err = 0;
+   int err;
+
+   err = wait_for_random_bytes();
+   if (unlikely(err))
+   return err;
 
if (skb->len < 1)
return -EILSEQ;
-- 
2.13.0

[PATCH RFC v2 6/8] iscsi: ensure RNG is seeded before use

[Jason A. Donenfeld]

It's not safe to use weak random data here, especially for the challenge
response randomness. Since we're always in process context, it's safe to
simply wait until we have enough randomness to carry out the
authentication correctly.

While we're at it, we clean up a small memleak during an error
condition.

Signed-off-by: Jason A. Donenfeld 
Cc: "Nicholas A. Bellinger" 
Cc: Lee Duncan 
Cc: Chris Leech 
---
 drivers/target/iscsi/iscsi_target_auth.c  | 14 +++---
 drivers/target/iscsi/iscsi_target_login.c | 22 ++
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/drivers/target/iscsi/iscsi_target_auth.c 
b/drivers/target/iscsi/iscsi_target_auth.c
index 903b667f8e01..f9bc8ec6fb6b 100644
--- a/drivers/target/iscsi/iscsi_target_auth.c
+++ b/drivers/target/iscsi/iscsi_target_auth.c
@@ -47,18 +47,21 @@ static void chap_binaryhex_to_asciihex(char *dst, char 
*src, int src_len)
}
 }
 
-static void chap_gen_challenge(
+static int chap_gen_challenge(
struct iscsi_conn *conn,
int caller,
char *c_str,
unsigned int *c_len)
 {
+   int ret;
unsigned char challenge_asciihex[CHAP_CHALLENGE_LENGTH * 2 + 1];
struct iscsi_chap *chap = conn->auth_protocol;
 
memset(challenge_asciihex, 0, CHAP_CHALLENGE_LENGTH * 2 + 1);
 
-   get_random_bytes(chap->challenge, CHAP_CHALLENGE_LENGTH);
+   ret = get_random_bytes_wait(chap->challenge, CHAP_CHALLENGE_LENGTH);
+   if (unlikely(ret))
+   return ret;
chap_binaryhex_to_asciihex(challenge_asciihex, chap->challenge,
CHAP_CHALLENGE_LENGTH);
/*
@@ -69,6 +72,7 @@ static void chap_gen_challenge(
 
pr_debug("[%s] Sending CHAP_C=0x%s\n\n", (caller) ? "server" : "client",
challenge_asciihex);
+   return 0;
 }
 
 static int chap_check_algorithm(const char *a_str)
@@ -143,6 +147,7 @@ static struct iscsi_chap *chap_server_open(
case CHAP_DIGEST_UNKNOWN:
default:
pr_err("Unsupported CHAP_A value\n");
+   kfree(conn->auth_protocol);
return NULL;
}
 
@@ -156,7 +161,10 @@ static struct iscsi_chap *chap_server_open(
/*
 * Generate Challenge.
 */
-   chap_gen_challenge(conn, 1, aic_str, aic_len);
+   if (chap_gen_challenge(conn, 1, aic_str, aic_len) < 0) {
+   kfree(conn->auth_protocol);
+   return NULL;
+   }
 
return chap;
 }
diff --git a/drivers/target/iscsi/iscsi_target_login.c 
b/drivers/target/iscsi/iscsi_target_login.c
index 66238477137b..5ef028c11738 100644
--- a/drivers/target/iscsi/iscsi_target_login.c
+++ b/drivers/target/iscsi/iscsi_target_login.c
@@ -245,22 +245,26 @@ int iscsi_check_for_session_reinstatement(struct 
iscsi_conn *conn)
return 0;
 }
 
-static void iscsi_login_set_conn_values(
+static int iscsi_login_set_conn_values(
struct iscsi_session *sess,
struct iscsi_conn *conn,
__be16 cid)
 {
+   int ret;
conn->sess  = sess;
conn->cid   = be16_to_cpu(cid);
/*
 * Generate a random Status sequence number (statsn) for the new
 * iSCSI connection.
 */
-   get_random_bytes(>stat_sn, sizeof(u32));
+   ret = get_random_bytes_wait(>stat_sn, sizeof(u32));
+   if (unlikely(ret))
+   return ret;
 
mutex_lock(_id_lock);
conn->auth_id   = iscsit_global->auth_id++;
mutex_unlock(_id_lock);
+   return 0;
 }
 
 __printf(2, 3) int iscsi_change_param_sprintf(
@@ -306,7 +310,11 @@ static int iscsi_login_zero_tsih_s1(
return -ENOMEM;
}
 
-   iscsi_login_set_conn_values(sess, conn, pdu->cid);
+   ret = iscsi_login_set_conn_values(sess, conn, pdu->cid);
+   if (unlikely(ret)) {
+   kfree(sess);
+   return ret;
+   }
sess->init_task_tag = pdu->itt;
memcpy(>isid, pdu->isid, 6);
sess->exp_cmd_sn= be32_to_cpu(pdu->cmdsn);
@@ -497,8 +505,7 @@ static int iscsi_login_non_zero_tsih_s1(
 {
struct iscsi_login_req *pdu = (struct iscsi_login_req *)buf;
 
-   iscsi_login_set_conn_values(NULL, conn, pdu->cid);
-   return 0;
+   return iscsi_login_set_conn_values(NULL, conn, pdu->cid);
 }
 
 /*
@@ -554,9 +561,8 @@ static int iscsi_login_non_zero_tsih_s2(
atomic_set(>session_continuation, 1);
spin_unlock_bh(>conn_lock);
 
-   iscsi_login_set_conn_values(sess, conn, pdu->cid);
-
-   if (iscsi_copy_param_list(>param_list,
+   if (iscsi_login_set_conn_values(sess, conn, pdu->cid) < 0 ||
+   iscsi_copy_param_list(>param_list,
conn->tpg->param_list, 0) < 0) {
iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
   

[PATCH RFC v2 3/8] random: warn when kernel uses unseeded randomness

[Jason A. Donenfeld]

This enables an important dmesg notification about when drivers have
used the crng without it being seeded first. Prior, these errors would
occur silently, and so there hasn't been a great way of diagnosing these
types of bugs for obscure setups. By adding this as a config option, we
can leave it on by default, so that we learn where these issues happen,
in the field, will still allowing some people to turn it off, if they
really know what they're doing and do not want the log entries.

Signed-off-by: Jason A. Donenfeld 
---
 drivers/char/random.c |  3 +--
 lib/Kconfig.debug | 15 +++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/drivers/char/random.c b/drivers/char/random.c
index 035a5d7c06bd..9320b04235ae 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -285,7 +285,6 @@
 #define SEC_XFER_SIZE  512
 #define EXTRACT_SIZE   10
 
-#define DEBUG_RANDOM_BOOT 0
 
 #define LONGS(x) (((x) + sizeof(unsigned long) - 1)/sizeof(unsigned long))
 
@@ -1470,7 +1469,7 @@ void get_random_bytes(void *buf, int nbytes)
 {
__u8 tmp[CHACHA20_BLOCK_SIZE];
 
-#if DEBUG_RANDOM_BOOT > 0
+#ifdef CONFIG_WARN_UNSEEDED_RANDOM
if (!crng_ready())
printk(KERN_NOTICE "random: %pF get_random_bytes called "
   "with crng_init = %d\n", (void *) _RET_IP_, crng_init);
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index e4587ebe52c7..fd5e67bcd46c 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1209,6 +1209,21 @@ config STACKTRACE
  It is also used by various kernel debugging features that require
  stack trace generation.
 
+config WARN_UNSEEDED_RANDOM
+   bool "Warn when kernel uses unseeded randomness"
+   default y
+   help
+ Some parts of the kernel contain bugs relating to their use of
+ cryptographically secure random numbers before it's actually possible
+ to generate those numbers securely. This setting ensures that these
+ flaws don't go unnoticed, by enabling a message, should this ever
+ occur. This will allow people with obscure setups to know when things
+ are going wrong, so that they might contact developers about fixing
+ it.
+
+ Say Y here, unless you simply do not care about using unseeded
+ randomness and do not want a potential warning message in your logs.
+
 config DEBUG_KOBJECT
bool "kobject debugging"
depends on DEBUG_KERNEL
-- 
2.13.0

[PATCH RFC v2 0/8] get_random_bytes_wait family of APIs

[Jason A. Donenfeld]

As discussed in [1], there is a problem with get_random_bytes being
used before the RNG has actually been seeded. The solution for fixing
this appears to be multi-pronged. One of those prongs involves adding
a simple blocking API so that modules that use the RNG in process
context can just sleep (in an interruptable manner) until the RNG is
ready to be used. This winds up being a very useful API that covers
a few use cases, 5 of which are included in this patch set.

[1] http://www.openwall.com/lists/kernel-hardening/2017/06/02/2

Changes v1->v2:
  - Rather than support both interruptable and non-interruptable
waiting and also timeouts, we just support the case that people
will actually use: ordinary interruptable waiting. This simplifies
the API a bit.
  - This patch set now has a few examples of where it might be useful.

Jason A. Donenfeld (8):
  random: add synchronous API for the urandom pool
  random: add get_random_{bytes,u32,u64,int,long,once}_wait family
  random: warn when kernel uses unseeded randomness
  crypto/rng: ensure that the RNG is ready before using
  security/keys: ensure RNG is seeded before use
  iscsi: ensure RNG is seeded before use
  bluetooth/smp: ensure RNG is properly seeded before ECDH use
  ceph: ensure RNG is seeded before using

 crypto/rng.c  |  6 +++--
 drivers/char/random.c | 44 ++-
 drivers/target/iscsi/iscsi_target_auth.c  | 14 +++---
 drivers/target/iscsi/iscsi_target_login.c | 22 ++--
 include/linux/net.h   |  2 ++
 include/linux/once.h  |  2 ++
 include/linux/random.h| 26 ++
 lib/Kconfig.debug | 15 +++
 net/bluetooth/hci_request.c   |  6 +
 net/bluetooth/smp.c   | 18 ++---
 net/ceph/ceph_common.c|  6 -
 security/keys/encrypted-keys/encrypted.c  |  8 +++---
 security/keys/key.c   | 13 ++---
 13 files changed, 145 insertions(+), 37 deletions(-)

-- 
2.13.0

[PATCH] Drivers: ccree - style fix, spaces and tabs

[Derek Robson]

Changed code indent to be tabs across whole driver
Found using checkpatch

Signed-off-by: Derek Robson 
---
 drivers/staging/ccree/ssi_cipher.c | 45 +-
 drivers/staging/ccree/ssi_driver.c |  6 ++---
 drivers/staging/ccree/ssi_driver.h |  6 ++---
 drivers/staging/ccree/ssi_fips.h   |  8 +++---
 drivers/staging/ccree/ssi_fips_ext.c   |  4 +--
 drivers/staging/ccree/ssi_fips_ll.c| 40 +++---
 drivers/staging/ccree/ssi_fips_local.c | 28 ++---
 drivers/staging/ccree/ssi_fips_local.h | 12 -
 8 files changed, 75 insertions(+), 74 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 2dfc6a3bd4c1..34450a5e6573 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -258,45 +258,45 @@ static void ssi_blkcipher_exit(struct crypto_tfm *tfm)
 
 
 typedef struct tdes_keys{
-u8  key1[DES_KEY_SIZE];
-u8  key2[DES_KEY_SIZE];
-u8  key3[DES_KEY_SIZE];
+   u8  key1[DES_KEY_SIZE];
+   u8  key2[DES_KEY_SIZE];
+   u8  key3[DES_KEY_SIZE];
 }tdes_keys_t;
 
-static const u8 zero_buff[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
-   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
-   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
-   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
+static const u8 zero_buff[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
+   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0};
 
 /* The function verifies that tdes keys are not weak.*/
 static int ssi_fips_verify_3des_keys(const u8 *key, unsigned int keylen)
 {
 #ifdef CCREE_FIPS_SUPPORT
-tdes_keys_t *tdes_key = (tdes_keys_t*)key;
+   tdes_keys_t *tdes_key = (tdes_keys_t*)key;
 
/* verify key1 != key2 and key3 != key2*/
-if (unlikely( (memcmp((u8*)tdes_key->key1, (u8*)tdes_key->key2, 
sizeof(tdes_key->key1)) == 0) ||
+   if (unlikely( (memcmp((u8*)tdes_key->key1, (u8*)tdes_key->key2, 
sizeof(tdes_key->key1)) == 0) ||
  (memcmp((u8*)tdes_key->key3, (u8*)tdes_key->key2, 
sizeof(tdes_key->key3)) == 0) )) {
-return -ENOEXEC;
-}
+   return -ENOEXEC;
+   }
 #endif /* CCREE_FIPS_SUPPORT */
 
-return 0;
+   return 0;
 }
 
 /* The function verifies that xts keys are not weak.*/
 static int ssi_fips_verify_xts_keys(const u8 *key, unsigned int keylen)
 {
 #ifdef CCREE_FIPS_SUPPORT
-/* Weak key is define as key that its first half (128/256 lsb) equals 
its second half (128/256 msb) */
-int singleKeySize = keylen >> 1;
+   /* Weak key is define as key that its first half (128/256 lsb) equals 
its second half (128/256 msb) */
+   int singleKeySize = keylen >> 1;
 
if (unlikely(memcmp(key, [singleKeySize], singleKeySize) == 0)) {
return -ENOEXEC;
}
 #endif /* CCREE_FIPS_SUPPORT */
 
-return 0;
+   return 0;
 }
 
 static enum cc_hw_crypto_key hw_key_to_cc_hw_key(int slot_num)
@@ -720,12 +720,13 @@ ssi_blkcipher_create_data_desc(
 }
 
 static int ssi_blkcipher_complete(struct device *dev,
-  struct ssi_ablkcipher_ctx *ctx_p,
-  struct blkcipher_req_ctx *req_ctx,
-  struct scatterlist *dst, struct scatterlist 
*src,
-  unsigned int ivsize,
-  void *areq,
-  void __iomem *cc_base)
+   struct ssi_ablkcipher_ctx *ctx_p,
+   struct blkcipher_req_ctx *req_ctx,
+   struct scatterlist *dst,
+   struct scatterlist *src,
+   unsigned int ivsize,
+   void *areq,
+   void __iomem *cc_base)
 {
int completion_error = 0;
u32 inflight_counter;
@@ -779,7 +780,7 @@ static int ssi_blkcipher_process(
/* No data to process is valid */
return 0;
}
-/*For CTS in case of data size aligned to 16 use CBC mode*/
+   /*For CTS in case of data size aligned to 16 use CBC mode*/
if (((nbytes % AES_BLOCK_SIZE) == 0) && (ctx_p->cipher_mode == 
DRV_CIPHER_CBC_CTS)){
 
ctx_p->cipher_mode = DRV_CIPHER_CBC;
diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 190922970bf0..b9d0dd27e853 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -437,9 +437,9 @@ static void cleanup_cc_resources(struct 

workqueue list corruption

[Cong Wang]

Hello,

On Tue, Apr 18, 2017 at 8:08 PM, Samuel Holland  wrote:
> Representative backtraces follow (the warnings come in sets). I have
> kernel .configs and extended netconsole output from several occurrences
> available upon request.
>
> WARNING: CPU: 1 PID: 0 at lib/list_debug.c:33 __list_add+0x89/0xb0
> list_add corruption. prev->next should be next (99f135016a90), but
> was d34affc03b10. (prev=d34affc03b10).
> CPU: 1 PID: 0 Comm: swapper/1 Tainted: G   O4.9.20+ #1
> Call Trace:
>  
>  dump_stack+0x67/0x92
>  __warn+0xc6/0xe0
>  warn_slowpath_fmt+0x5a/0x80
>  __list_add+0x89/0xb0
>  insert_work+0x3c/0xc0
>  __queue_work+0x18a/0x600
>  queue_work_on+0x33/0x70

We triggered a similar list corruption on 4.1.35 stable kernel,
and without padata:

[9021262.823059] [ cut here ]
[9021262.827957] WARNING: CPU: 8 PID: 1366 at lib/list_debug.c:62
__list_del_entry+0x5a/0x98()
[9021262.836275] list_del corruption. next->prev should be
8802f4644ca0, but was 88080c337ca0
[9021262.845285] Modules linked in: fuse sch_htb cls_basic act_mirred
cls_u32 veth sch_ingress cpufreq_ondemand in
tel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm iTCO_wdt
iTCO_vendor_support microcode wmi lpc_ich shpchp dcdbas acpi_pad hed
mfd_core i2c_i801 sb_edac edac_core ioatd
ma acpi_cpufreq lp parport tcp_diag inet_diag sch_fq_codel ipmi_si
ipmi_devintf ipmi_msghandler ipv6 xfs libcrc32c crc32c_intel igb ptp
pps_core i2c_algo_bit dca i2c_core
[9021262.885919] CPU: 8 PID: 1366 Comm: kworker/8:0 Not tainted
4.1.35.el7.twitter.x86_64 #1
[9021262.894284] Hardware name: Dell Inc. PowerEdge C6220/04GD66, BIOS
2.2.3 11/07/2013
[9021262.902126]   8802c01f7cd8 81544a67
8802c01f7d28
[9021262.909644]  0009 8802c01f7d18 81069285
8802c01f7cf8
[9021262.917232]  812b247f 8802f4644c98 88080c337c98
8802f4644ca0
[9021262.924741] Call Trace:
[9021262.927326]  [] dump_stack+0x4d/0x63
[9021262.932749]  [] warn_slowpath_common+0xa1/0xbb
[9021262.938889]  [] ? __list_del_entry+0x5a/0x98
[9021262.944990]  [] warn_slowpath_fmt+0x46/0x48
[9021262.950802]  [] __list_del_entry+0x5a/0x98
[9021262.956638]  [] move_linked_works+0x35/0x65
[9021262.962632]  [] pwq_activate_delayed_work+0x31/0x3f
[9021262.969234]  [] pwq_dec_nr_in_flight+0x45/0x8c
[9021262.975411]  [] process_one_work+0x284/0x2d1
[9021262.981408]  [] worker_thread+0x1dd/0x2bb
[9021262.987079]  [] ? cancel_delayed_work+0x72/0x72
[9021262.993394]  [] ? cancel_delayed_work+0x72/0x72
[9021262.999685]  [] kthread+0xa5/0xad
[9021263.004678]  [] ? __kthread_parkme+0x61/0x61
[9021263.010655]  [] ret_from_fork+0x42/0x70
[9021263.016305]  [] ? __kthread_parkme+0x61/0x61
[9021263.022236] ---[ end trace 62dde64b253c2f87 ]---


Unfortunately I have no idea how this was triggered since it happened
on one of thousands in the cluster.

Is there anything I can help to debug this?

Thanks!

[PATCH] crypto: brcm: fix spelling mistake: "fallbck" -> "fallback"

[Colin King]

From: Colin Ian King 

Trivial fix to spelling mistake in flow_log message

Signed-off-by: Colin Ian King 
---
 drivers/crypto/bcm/cipher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index 61393dc70b0b..9cfd36c1bcb6 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -2639,7 +2639,7 @@ static int aead_need_fallback(struct aead_request *req)
(spu->spu_type == SPU_TYPE_SPUM) &&
(ctx->digestsize != 8) && (ctx->digestsize != 12) &&
(ctx->digestsize != 16)) {
-   flow_log("%s() AES CCM needs fallbck for digest size %d\n",
+   flow_log("%s() AES CCM needs fallback for digest size %d\n",
 __func__, ctx->digestsize);
return 1;
}
-- 
2.11.0

Re: [PATCH 1/4] Staging: ccree: cc_crypto_ctx.h: Added * on subsequent lines of a comment block.

[Greg KH]

On Sun, Jun 04, 2017 at 05:02:08AM +0530, srishti sharma wrote:
> Added * on subsequent lines of a comment block.
> 
> Signed-off-by: srishti sharma 
> ---
>  drivers/staging/ccree/cc_crypto_ctx.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

This whole series also does not apply.  Note, this driver is under
active development, you are probably running into the problem that lots
of people are working on it at the same time.

sorry,

greg k-h

Re: [PATCH] Staging: ccree: ssi_aead.h: Fixed a comment coding style issue.

[Greg KH]

On Sat, Jun 03, 2017 at 06:04:59PM +0530, srishti sharma wrote:
> Fixed a comment coding style issue , block comments use * on subsequent lines.
> 
> Signed-off-by: srishti sharma 
> ---
>  drivers/staging/ccree/ssi_aead.h | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Patch does not apply to my staging-testing branch, sorry :(

[PATCH v3 03/18] staging: ccree: remove 48 bit dma addr sim

[Gilad Ben-Yossef]

Remove no longer needed code used to simulate 48 bit dma addresses
on 32 bit platforms for development purposes.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c| 19 
 drivers/staging/ccree/ssi_buffer_mgr.c  | 83 -
 drivers/staging/ccree/ssi_buffer_mgr.h  | 16 ---
 drivers/staging/ccree/ssi_cipher.c  |  4 --
 drivers/staging/ccree/ssi_hash.c| 35 --
 drivers/staging/ccree/ssi_ivgen.c   |  3 --
 drivers/staging/ccree/ssi_request_mgr.c |  3 --
 7 files changed, 163 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index b0db815..a42bb49 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -99,7 +99,6 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
dev = >drvdata->plat_dev->dev;
/* Unmap enckey buffer */
if (ctx->enckey != NULL) {
-   SSI_RESTORE_DMA_ADDR_TO_48BIT(ctx->enckey_dma_addr);
dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey, 
ctx->enckey_dma_addr);
SSI_LOG_DEBUG("Freed enckey DMA buffer 
enckey_dma_addr=0x%llX\n",
(unsigned long long)ctx->enckey_dma_addr);
@@ -109,8 +108,6 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
 
if (ctx->auth_mode == DRV_HASH_XCBC_MAC) { /* XCBC authetication */
if (ctx->auth_state.xcbc.xcbc_keys != NULL) {
-   SSI_RESTORE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.xcbc.xcbc_keys_dma_addr);
dma_free_coherent(dev, CC_AES_128_BIT_KEY_SIZE * 3,
ctx->auth_state.xcbc.xcbc_keys,
ctx->auth_state.xcbc.xcbc_keys_dma_addr);
@@ -121,8 +118,6 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
ctx->auth_state.xcbc.xcbc_keys = NULL;
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC auth. */
if (ctx->auth_state.hmac.ipad_opad != NULL) {
-   SSI_RESTORE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.hmac.ipad_opad_dma_addr);
dma_free_coherent(dev, 2 * MAX_HMAC_DIGEST_SIZE,
ctx->auth_state.hmac.ipad_opad,
ctx->auth_state.hmac.ipad_opad_dma_addr);
@@ -132,8 +127,6 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
ctx->auth_state.hmac.ipad_opad = NULL;
}
if (ctx->auth_state.hmac.padded_authkey != NULL) {
-   SSI_RESTORE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.hmac.padded_authkey_dma_addr);
dma_free_coherent(dev, MAX_HMAC_BLOCK_SIZE,
ctx->auth_state.hmac.padded_authkey,
ctx->auth_state.hmac.padded_authkey_dma_addr);
@@ -171,7 +164,6 @@ static int ssi_aead_init(struct crypto_aead *tfm)
SSI_LOG_ERR("Failed allocating key buffer\n");
goto init_failed;
}
-   SSI_UPDATE_DMA_ADDR_TO_48BIT(ctx->enckey_dma_addr, AES_MAX_KEY_SIZE);
SSI_LOG_DEBUG("Allocated enckey buffer in context ctx->enckey=@%p\n", 
ctx->enckey);
 
/* Set default authlen value */
@@ -186,9 +178,6 @@ static int ssi_aead_init(struct crypto_aead *tfm)
SSI_LOG_ERR("Failed allocating buffer for XCBC keys\n");
goto init_failed;
}
-   SSI_UPDATE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.xcbc.xcbc_keys_dma_addr,
-   CC_AES_128_BIT_KEY_SIZE * 3);
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC authentication */
/* Allocate dma-coherent buffer for IPAD + OPAD */
ctx->auth_state.hmac.ipad_opad = dma_alloc_coherent(dev,
@@ -198,9 +187,6 @@ static int ssi_aead_init(struct crypto_aead *tfm)
SSI_LOG_ERR("Failed allocating IPAD/OPAD buffer\n");
goto init_failed;
}
-   SSI_UPDATE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.hmac.ipad_opad_dma_addr,
-   2 * MAX_HMAC_DIGEST_SIZE);
SSI_LOG_DEBUG("Allocated authkey buffer in context 
ctx->authkey=@%p\n",
ctx->auth_state.hmac.ipad_opad);
 
@@ -211,9 +197,6 @@ static int ssi_aead_init(struct crypto_aead *tfm)
SSI_LOG_ERR("failed to allocate padded_authkey\n");
goto init_failed;
}
-   SSI_UPDATE_DMA_ADDR_TO_48BIT(
-   ctx->auth_state.hmac.padded_authkey_dma_addr,
-   MAX_HMAC_BLOCK_SIZE);
} else {
ctx->auth_state.hmac.ipad_opad = NULL;

[PATCH v3 04/18] staging: ccree: refactor LLI access macros

[Gilad Ben-Yossef]

The Linked List Item descriptors were being programmed via
a set of macros which suffer a few problems:
- Use of macros rather than inline leaves out parameter type
  checking and risks multiple macro parameter evaluation side
  effects.
- Implemented via hand rolled versions of bitfield operations.

This patch refactors LLI programming into a set of
of inline functions using generic kernel bitfield access
infrastructure, thus resolving the above issues and opening
the way later on to drop the hand rolled bitfield macros
once additional users are dropped in later patches in the
series.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_lli_defs.h| 39 ++
 drivers/staging/ccree/ssi_buffer_mgr.c |  8 +++
 2 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/drivers/staging/ccree/cc_lli_defs.h 
b/drivers/staging/ccree/cc_lli_defs.h
index 857b94f..876dde0 100644
--- a/drivers/staging/ccree/cc_lli_defs.h
+++ b/drivers/staging/ccree/cc_lli_defs.h
@@ -26,24 +26,7 @@
  */
 #define DLLI_SIZE_BIT_SIZE 0x18
 
-#define CC_MAX_MLLI_ENTRY_SIZE 0x1
-
-#define LLI_SET_ADDR(__lli_p, __addr) do { \
-   u32 *lli_p = (u32 *)__lli_p;\
-   typeof(__addr) addr = __addr;   \
-   \
-   BITFIELD_SET(lli_p[LLI_WORD0_OFFSET],   \
-   LLI_LADDR_BIT_OFFSET,   \
-   LLI_LADDR_BIT_SIZE, (addr & U32_MAX));  \
-   \
-   BITFIELD_SET(lli_p[LLI_WORD1_OFFSET],   \
-   LLI_HADDR_BIT_OFFSET,   \
-   LLI_HADDR_BIT_SIZE, MSB64(addr));   \
-   } while (0)
-
-#define LLI_SET_SIZE(lli_p, size)  \
-   BITFIELD_SET(((u32 *)(lli_p))[LLI_WORD1_OFFSET],\
-   LLI_SIZE_BIT_OFFSET, LLI_SIZE_BIT_SIZE, size)
+#define CC_MAX_MLLI_ENTRY_SIZE 0x
 
 /* Size of entry */
 #define LLI_ENTRY_WORD_SIZE 2
@@ -60,4 +43,24 @@
 #define LLI_HADDR_BIT_OFFSET 16
 #define LLI_HADDR_BIT_SIZE 16
 
+#define LLI_SIZE_MASK GENMASK((LLI_SIZE_BIT_SIZE - 1), LLI_SIZE_BIT_OFFSET)
+#define LLI_HADDR_MASK GENMASK( \
+  (LLI_HADDR_BIT_OFFSET + LLI_HADDR_BIT_SIZE - 1),\
+   LLI_HADDR_BIT_OFFSET)
+
+static inline void cc_lli_set_addr(u32 *lli_p, dma_addr_t addr)
+{
+   lli_p[LLI_WORD0_OFFSET] = (addr & U32_MAX);
+#ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT
+   lli_p[LLI_WORD1_OFFSET] &= ~LLI_HADDR_MASK;
+   lli_p[LLI_WORD1_OFFSET] |= FIELD_PREP(LLI_HADDR_MASK, (addr >> 16));
+#endif /* CONFIG_ARCH_DMA_ADDR_T_64BIT */
+}
+
+static inline void cc_lli_set_size(u32 *lli_p, u16 size)
+{
+   lli_p[LLI_WORD1_OFFSET] &= ~LLI_SIZE_MASK;
+   lli_p[LLI_WORD1_OFFSET] |= FIELD_PREP(LLI_SIZE_MASK, size);
+}
+
 #endif /*_CC_LLI_DEFS_H_*/
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index f21dd26..24ba51d 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -186,8 +186,8 @@ static inline int ssi_buffer_mgr_render_buff_to_mlli(
 
/*handle buffer longer than 64 kbytes */
while (buff_size > CC_MAX_MLLI_ENTRY_SIZE ) {
-   LLI_SET_ADDR(mlli_entry_p,buff_dma);
-   LLI_SET_SIZE(mlli_entry_p, CC_MAX_MLLI_ENTRY_SIZE);
+   cc_lli_set_addr(mlli_entry_p, buff_dma);
+   cc_lli_set_size(mlli_entry_p, CC_MAX_MLLI_ENTRY_SIZE);
SSI_LOG_DEBUG("entry[%d]: single_buff=0x%08X 
size=%08X\n",*curr_nents,
   mlli_entry_p[LLI_WORD0_OFFSET],
   mlli_entry_p[LLI_WORD1_OFFSET]);
@@ -197,8 +197,8 @@ static inline int ssi_buffer_mgr_render_buff_to_mlli(
(*curr_nents)++;
}
/*Last entry */
-   LLI_SET_ADDR(mlli_entry_p,buff_dma);
-   LLI_SET_SIZE(mlli_entry_p, buff_size);
+   cc_lli_set_addr(mlli_entry_p, buff_dma);
+   cc_lli_set_size(mlli_entry_p, buff_size);
SSI_LOG_DEBUG("entry[%d]: single_buff=0x%08X size=%08X\n",*curr_nents,
   mlli_entry_p[LLI_WORD0_OFFSET],
   mlli_entry_p[LLI_WORD1_OFFSET]);
-- 
2.1.4

[PATCH v3 08/18] staging: ccree: move request_mgr to generic bitfield ops

[Gilad Ben-Yossef]

request_mgr was using custom bit field macros. move over to
standard kernel bitfield ops.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_regs.h |  5 +
 drivers/staging/ccree/ssi_request_mgr.c | 27 +--
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/drivers/staging/ccree/cc_regs.h b/drivers/staging/ccree/cc_regs.h
index 1513412..6abb6ff 100644
--- a/drivers/staging/ccree/cc_regs.h
+++ b/drivers/staging/ccree/cc_regs.h
@@ -26,6 +26,11 @@
 
 #include "cc_bitops.h"
 
+#define AXIM_MON_BASE_OFFSET CC_REG_OFFSET(CRY_KERNEL, AXIM_MON_COMP)
+#define AXIM_MON_COMP_VALUE GENMASK(DX_AXIM_MON_COMP_VALUE_BIT_SIZE + \
+   DX_AXIM_MON_COMP_VALUE_BIT_SHIFT, \
+   DX_AXIM_MON_COMP_VALUE_BIT_SHIFT)
+
 /* Register Offset macro */
 #define CC_REG_OFFSET(unit_name, reg_name)   \
(DX_BASE_ ## unit_name + DX_ ## reg_name ## _REG_OFFSET)
diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index 2382f32..7c2d88a 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -35,8 +35,6 @@
 
 #define SSI_MAX_POLL_ITER  10
 
-#define AXIM_MON_BASE_OFFSET CC_REG_OFFSET(CRY_KERNEL, AXIM_MON_COMP)
-
 struct ssi_request_mgr_handle {
/* Request manager resources */
unsigned int hw_queue_size; /* HW capability */
@@ -502,6 +500,15 @@ static void proc_completions(struct ssi_drvdata *drvdata)
}
 }
 
+static inline u32 cc_axi_comp_count(void __iomem *cc_base)
+{
+   /* The CC_HAL_READ_REGISTER macro implictly requires and uses
+* a base MMIO register address variable named cc_base.
+*/
+   return FIELD_GET(AXIM_MON_COMP_VALUE,
+CC_HAL_READ_REGISTER(AXIM_MON_BASE_OFFSET));
+}
+
 /* Deferred service handler, run as interrupt-fired tasklet */
 static void comp_handler(unsigned long devarg)
 {
@@ -521,25 +528,25 @@ static void comp_handler(unsigned long devarg)
CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_ICR), 
SSI_COMP_IRQ_MASK);
 
/* Avoid race with above clear: Test completion counter once 
more */
-   request_mgr_handle->axi_completed += CC_REG_FLD_GET(CRY_KERNEL, 
AXIM_MON_COMP, VALUE,
-   CC_HAL_READ_REGISTER(AXIM_MON_BASE_OFFSET));
+   request_mgr_handle->axi_completed +=
+   cc_axi_comp_count(cc_base);
 
while (request_mgr_handle->axi_completed) {
do {
proc_completions(drvdata);
-   /* At this point (after proc_completions()), 
request_mgr_handle->axi_completed is always 0.
-* The following assignment was changed to = 
(previously was +=) to conform KW restrictions.
+   /* At this point (after proc_completions()),
+* request_mgr_handle->axi_completed is 0.
 */
-   request_mgr_handle->axi_completed = 
CC_REG_FLD_GET(CRY_KERNEL, AXIM_MON_COMP, VALUE,
-   
CC_HAL_READ_REGISTER(AXIM_MON_BASE_OFFSET));
+   request_mgr_handle->axi_completed =
+   cc_axi_comp_count(cc_base);
} while (request_mgr_handle->axi_completed > 0);
 
/* To avoid the interrupt from firing as we unmask it, 
we clear it now */
CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, 
HOST_ICR), SSI_COMP_IRQ_MASK);
 
/* Avoid race with above clear: Test completion counter 
once more */
-   request_mgr_handle->axi_completed += 
CC_REG_FLD_GET(CRY_KERNEL, AXIM_MON_COMP, VALUE,
-   CC_HAL_READ_REGISTER(AXIM_MON_BASE_OFFSET));
+   request_mgr_handle->axi_completed +=
+   cc_axi_comp_count(cc_base);
}
 
}
-- 
2.1.4

[PATCH v3 07/18] staging: ccree: remove cycle count debug support

[Gilad Ben-Yossef]

The ccree driver had support for rough performance debugging
via cycle counting which has bit rotted and can easily be
replcaed with perf. Remove it from the driver.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_hw_queue_defs.h |  14 
 drivers/staging/ccree/ssi_aead.c |  33 -
 drivers/staging/ccree/ssi_cipher.c   |  20 --
 drivers/staging/ccree/ssi_config.h   |   6 --
 drivers/staging/ccree/ssi_driver.c   |   8 ---
 drivers/staging/ccree/ssi_driver.h   |  25 ---
 drivers/staging/ccree/ssi_hash.c |  28 
 drivers/staging/ccree/ssi_request_mgr.c  | 116 ---
 8 files changed, 250 deletions(-)

diff --git a/drivers/staging/ccree/cc_hw_queue_defs.h 
b/drivers/staging/ccree/cc_hw_queue_defs.h
index c3f9d6a..e750817 100644
--- a/drivers/staging/ccree/cc_hw_queue_defs.h
+++ b/drivers/staging/ccree/cc_hw_queue_defs.h
@@ -29,8 +29,6 @@
 #define HW_DESC_SIZE_WORDS 6
 #define HW_QUEUE_SLOTS_MAX  15 /* Max. available slots in HW queue 
*/
 
-#define _HW_DESC_MONITOR_KICK 0x7FFFC00
-
 #define CC_REG_NAME(word, name) DX_DSCRPTR_QUEUE_WORD ## word ## _ ## name
 
 #define CC_REG_LOW(word, name)  \
@@ -606,16 +604,4 @@ static inline void set_cipher_do(struct cc_hw_desc *pdesc,
(config & HW_KEY_MASK_CIPHER_DO));
 }
 
-/*!
- * This macro sets the DIN field of a HW descriptors to star/stop monitor 
descriptor.
- * Used for performance measurements and debug purposes.
- *
- * \param pDesc pointer HW descriptor struct
- */
-#define HW_DESC_SET_DIN_MONITOR_CNTR(pDesc)
\
-   do {
\
-   CC_REG_FLD_SET(CRY_KERNEL, DSCRPTR_MEASURE_CNTR, VALUE, 
(pDesc)->word[1], _HW_DESC_MONITOR_KICK);   \
-   } while (0)
-
-
 #endif /*__CC_HW_QUEUE_DEFS_H__*/
diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index a42bb49..e8936a3 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -217,9 +217,6 @@ static void ssi_aead_complete(struct device *dev, void 
*ssi_req, void __iomem *c
struct crypto_aead *tfm = crypto_aead_reqtfm(ssi_req);
struct ssi_aead_ctx *ctx = crypto_aead_ctx(tfm);
int err = 0;
-   DECL_CYCLE_COUNT_RESOURCES;
-
-   START_CYCLE_COUNT();
 
ssi_buffer_mgr_unmap_aead_request(dev, areq);
 
@@ -254,7 +251,6 @@ static void ssi_aead_complete(struct device *dev, void 
*ssi_req, void __iomem *c
}
}
 
-   END_CYCLE_COUNT(STAT_OP_TYPE_GENERIC, STAT_PHASE_4);
aead_request_complete(areq, err);
 }
 
@@ -521,10 +517,6 @@ ssi_get_plain_hmac_key(struct crypto_aead *tfm, const u8 
*key, unsigned int keyl
idx++;
}
 
-#ifdef ENABLE_CYCLE_COUNT
-   ssi_req.op_type = STAT_OP_TYPE_SETKEY;
-#endif
-
rc = send_request(ctx->drvdata, _req, desc, idx, 0);
if (unlikely(rc != 0))
SSI_LOG_ERR("send_request() failed (rc=%d)\n", rc);
@@ -546,14 +538,12 @@ ssi_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
struct crypto_authenc_key_param *param;
struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ];
int seq_len = 0, rc = -EINVAL;
-   DECL_CYCLE_COUNT_RESOURCES;
 
SSI_LOG_DEBUG("Setting key in context @%p for %s. key=%p keylen=%u\n",
ctx, crypto_tfm_alg_name(crypto_aead_tfm(tfm)), key, keylen);
 
CHECK_AND_RETURN_UPON_FIPS_ERROR();
/* STAT_PHASE_0: Init and sanity checks */
-   START_CYCLE_COUNT();
 
if (ctx->auth_mode != DRV_HASH_NULL) { /* authenc() alg. */
if (!RTA_OK(rta, keylen))
@@ -592,9 +582,7 @@ ssi_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
if (unlikely(rc != 0))
goto badkey;
 
-   END_CYCLE_COUNT(STAT_OP_TYPE_SETKEY, STAT_PHASE_0);
/* STAT_PHASE_1: Copy key to ctx */
-   START_CYCLE_COUNT();
 
/* Get key material */
memcpy(ctx->enckey, key + ctx->auth_keylen, ctx->enc_keylen);
@@ -608,10 +596,8 @@ ssi_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
goto badkey;
}
 
-   END_CYCLE_COUNT(STAT_OP_TYPE_SETKEY, STAT_PHASE_1);
 
/* STAT_PHASE_2: Create sequence */
-   START_CYCLE_COUNT();
 
switch (ctx->auth_mode) {
case DRV_HASH_SHA1:
@@ -629,15 +615,10 @@ ssi_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
goto badkey;
}
 
-   END_CYCLE_COUNT(STAT_OP_TYPE_SETKEY, STAT_PHASE_2);
 
/* STAT_PHASE_3: Submit sequence to HW */
-   START_CYCLE_COUNT();
 
if (seq_len > 0) { /* For CCM there is no sequence to setup the key */
-#ifdef 

[PATCH v3 10/18] staging: ccree: remove unused struct

[Gilad Ben-Yossef]

struct SepHashPrivateContext is not used anywhere in the code.
Remove it.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/hash_defs.h | 18 --
 1 file changed, 18 deletions(-)

diff --git a/drivers/staging/ccree/hash_defs.h 
b/drivers/staging/ccree/hash_defs.h
index 3f2b2d1..9e01219 100644
--- a/drivers/staging/ccree/hash_defs.h
+++ b/drivers/staging/ccree/hash_defs.h
@@ -57,23 +57,5 @@ enum HashCipherDoPadding {
HASH_CIPHER_DO_PADDING_RESERVE32 = S32_MAX,
 };
 
-typedef struct SepHashPrivateContext {
-   /* The current length is placed at the end of the context buffer 
because the hash
-*  context is used for all HMAC operations as well. HMAC context 
includes a 64 bytes
-*  K0 field.  The size of struct drv_ctx_hash reserved field is  
88/184 bytes depend if t
-*  he SHA512 is supported ( in this case teh context size is 256 
bytes).
-*  The size of struct drv_ctx_hash reseved field is 20 or 52 depend if 
the SHA512 is supported.
-*  This means that this structure size (without the reserved field can 
be up to 20 bytes ,
-*  in case sha512 is not suppported it is 20 bytes 
(SEP_HASH_LENGTH_WORDS define to 2 ) and in the other
-* case it is 28 (SEP_HASH_LENGTH_WORDS define to 4)
-*/
-   u32 reserved[(sizeof(struct drv_ctx_hash)/sizeof(u32)) - 
SEP_HASH_LENGTH_WORDS - 3];
-   u32 CurrentDigestedLength[SEP_HASH_LENGTH_WORDS];
-   u32 KeyType;
-   u32 dataCompleted;
-   u32 hmacFinalization;
-   /* no space left */
-} SepHashPrivateContext_s;
-
 #endif /*_HASH_DEFS_H__*/
 
-- 
2.1.4

[PATCH v3 11/18] staging: ccree: use snake_case for hash enums

[Gilad Ben-Yossef]

Hash enum were named using CamelCase, move over to snake_case.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_hw_queue_defs.h | 4 ++--
 drivers/staging/ccree/hash_defs.h| 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/ccree/cc_hw_queue_defs.h 
b/drivers/staging/ccree/cc_hw_queue_defs.h
index 8dc9b6e..1cbd2e1 100644
--- a/drivers/staging/ccree/cc_hw_queue_defs.h
+++ b/drivers/staging/ccree/cc_hw_queue_defs.h
@@ -505,7 +505,7 @@ static inline void set_cipher_config0(struct cc_hw_desc 
*pdesc,
  * @config: Any one of the modes defined in [CC7x-DESC]
  */
 static inline void set_cipher_config1(struct cc_hw_desc *pdesc,
- enum HashConfig1Padding config)
+ enum cc_hash_conf_pad config)
 {
pdesc->word[4] |= FIELD_PREP(WORD4_CIPHER_CONF1, config);
 }
@@ -598,7 +598,7 @@ static inline void set_setup_mode(struct cc_hw_desc *pdesc,
  * @config: Any one of the cipher do defined in [CC7x-DESC]
  */
 static inline void set_cipher_do(struct cc_hw_desc *pdesc,
-enum HashCipherDoPadding config)
+enum cc_hash_cipher_pad config)
 {
pdesc->word[4] |= FIELD_PREP(WORD4_CIPHER_DO,
(config & HW_KEY_MASK_CIPHER_DO));
diff --git a/drivers/staging/ccree/hash_defs.h 
b/drivers/staging/ccree/hash_defs.h
index 9e01219..872ed97 100644
--- a/drivers/staging/ccree/hash_defs.h
+++ b/drivers/staging/ccree/hash_defs.h
@@ -44,14 +44,14 @@
 #define HASH_LARVAL_SHA512 0x5be0cd19, 0x137e2179, 0x1f83d9ab, 0xfb41bd6b, 
0x9b05688c, 0x2b3e6c1f, 0x510e527f, 0xade682d1, 0xa54ff53a, 0x5f1d36f1, 
0x3c6ef372, 0xfe94f82b, 0xbb67ae85, 0x84caa73b, 0x6a09e667, 0xf3bcc908
 #endif
 
-enum HashConfig1Padding {
+enum cc_hash_conf_pad {
HASH_PADDING_DISABLED = 0,
HASH_PADDING_ENABLED = 1,
HASH_DIGEST_RESULT_LITTLE_ENDIAN = 2,
HASH_CONFIG1_PADDING_RESERVE32 = S32_MAX,
 };
 
-enum HashCipherDoPadding {
+enum cc_hash_cipher_pad {
DO_NOT_PAD = 0,
DO_PAD = 1,
HASH_CIPHER_DO_PADDING_RESERVE32 = S32_MAX,
-- 
2.1.4

[PATCH v3 13/18] staging: ccree: remove dead code

[Gilad Ben-Yossef]

Remove some unused macro definitions from hash definitions.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/hash_defs.h | 31 +++
 1 file changed, 3 insertions(+), 28 deletions(-)

diff --git a/drivers/staging/ccree/hash_defs.h 
b/drivers/staging/ccree/hash_defs.h
index 872ed97..f52656f 100644
--- a/drivers/staging/ccree/hash_defs.h
+++ b/drivers/staging/ccree/hash_defs.h
@@ -14,36 +14,11 @@
  * along with this program; if not, see .
  */
 
-#ifndef  _HASH_DEFS_H__
-#define  _HASH_DEFS_H__
+#ifndef _HASH_DEFS_H_
+#define _HASH_DEFS_H_
 
 #include "cc_crypto_ctx.h"
 
-/* this files provides definitions required for hash engine drivers */
-#ifndef CC_CONFIG_HASH_SHA_512_SUPPORTED
-#define SEP_HASH_LENGTH_WORDS  2
-#else
-#define SEP_HASH_LENGTH_WORDS  4
-#endif
-
-#ifdef BIG__ENDIAN
-#define OPAD_CURRENT_LENGTH 0x4000, 0x , 0x, 0x
-#define HASH_LARVAL_MD5  0x76543210, 0xFEDCBA98, 0x89ABCDEF, 0x01234567
-#define HASH_LARVAL_SHA1 0xF0E1D2C3, 0x76543210, 0xFEDCBA98, 0x89ABCDEF, 
0x01234567
-#define HASH_LARVAL_SHA224 0XA44FFABE, 0XA78FF964, 0X11155868, 0X310BC0FF, 
0X39590EF7, 0X17DD7030, 0X07D57C36, 0XD89E05C1
-#define HASH_LARVAL_SHA256 0X19CDE05B, 0XABD9831F, 0X8C68059B, 0X7F520E51, 
0X3AF54FA5, 0X72F36E3C, 0X85AE67BB, 0X67E6096A
-#define HASH_LARVAL_SHA384 0X1D48B547, 0XA44FFABE, 0X0D2E0CDB, 0XA78FF964, 
0X874AB48E, 0X11155868, 0X67263367, 0X310BC0FF, 0XD8EC2F15, 0X39590EF7, 
0X5A015991, 0X17DD7030, 0X2A299A62, 0X07D57C36, 0X5D9DBBCB, 0XD89E05C1
-#define HASH_LARVAL_SHA512 0X19CDE05B, 0X79217E13, 0XABD9831F, 0X6BBD41FB, 
0X8C68059B, 0X1F6C3E2B, 0X7F520E51, 0XD182E6AD, 0X3AF54FA5, 0XF1361D5F, 
0X72F36E3C, 0X2BF894FE, 0X85AE67BB, 0X3BA7CA84, 0X67E6096A, 0X08C9BCF3
-#else
-#define OPAD_CURRENT_LENGTH 0x0040, 0x, 0x, 0x
-#define HASH_LARVAL_MD5  0x10325476, 0x98BADCFE, 0xEFCDAB89, 0x67452301
-#define HASH_LARVAL_SHA1 0xC3D2E1F0, 0x10325476, 0x98BADCFE, 0xEFCDAB89, 
0x67452301
-#define HASH_LARVAL_SHA224 0xbefa4fa4, 0x64f98fa7, 0x68581511, 0xffc00b31, 
0xf70e5939, 0x3070dd17, 0x367cd507, 0xc1059ed8
-#define HASH_LARVAL_SHA256 0x5be0cd19, 0x1f83d9ab, 0x9b05688c, 0x510e527f, 
0xa54ff53a, 0x3c6ef372, 0xbb67ae85, 0x6a09e667
-#define HASH_LARVAL_SHA384 0X47B5481D, 0XBEFA4FA4, 0XDB0C2E0D, 0X64F98FA7, 
0X8EB44A87, 0X68581511, 0X67332667, 0XFFC00B31, 0X152FECD8, 0XF70E5939, 
0X9159015A, 0X3070DD17, 0X629A292A, 0X367CD507, 0XCBBB9D5D, 0XC1059ED8
-#define HASH_LARVAL_SHA512 0x5be0cd19, 0x137e2179, 0x1f83d9ab, 0xfb41bd6b, 
0x9b05688c, 0x2b3e6c1f, 0x510e527f, 0xade682d1, 0xa54ff53a, 0x5f1d36f1, 
0x3c6ef372, 0xfe94f82b, 0xbb67ae85, 0x84caa73b, 0x6a09e667, 0xf3bcc908
-#endif
-
 enum cc_hash_conf_pad {
HASH_PADDING_DISABLED = 0,
HASH_PADDING_ENABLED = 1,
@@ -57,5 +32,5 @@ enum cc_hash_cipher_pad {
HASH_CIPHER_DO_PADDING_RESERVE32 = S32_MAX,
 };
 
-#endif /*_HASH_DEFS_H__*/
+#endif /*_HASH_DEFS_H_*/
 
-- 
2.1.4

[PATCH v3 12/18] staging: ccree: drop no longer used macro

[Gilad Ben-Yossef]

MSB64 macro is no longer used or needed. Drop it.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_hw_queue_defs.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/staging/ccree/cc_hw_queue_defs.h 
b/drivers/staging/ccree/cc_hw_queue_defs.h
index 1cbd2e1..aaa56c8 100644
--- a/drivers/staging/ccree/cc_hw_queue_defs.h
+++ b/drivers/staging/ccree/cc_hw_queue_defs.h
@@ -237,8 +237,6 @@ static inline void set_ack_last(struct cc_hw_desc *pdesc)
pdesc->word[4] |= FIELD_PREP(WORD4_ACK_NEEDED, 1);
 }
 
-#define MSB64(_addr) (sizeof(_addr) == 4 ? 0 : ((_addr) >> 32) & U16_MAX)
-
 /*
  * Set the DIN field of a HW descriptors
  *
-- 
2.1.4

[PATCH v3 09/18] staging: ccree: remove custom bitfield macros

[Gilad Ben-Yossef]

With all users removed or re-factored to use the standard
kernel bit fields ops we can now drop the custom
bit field macros.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_bitops.h| 39 --
 drivers/staging/ccree/cc_hw_queue_defs.h |  2 +-
 drivers/staging/ccree/cc_lli_defs.h  |  2 -
 drivers/staging/ccree/cc_regs.h  | 71 +++-
 drivers/staging/ccree/ssi_driver.h   |  1 -
 5 files changed, 7 insertions(+), 108 deletions(-)
 delete mode 100644 drivers/staging/ccree/cc_bitops.h

diff --git a/drivers/staging/ccree/cc_bitops.h 
b/drivers/staging/ccree/cc_bitops.h
deleted file mode 100644
index cbdc1ab..000
--- a/drivers/staging/ccree/cc_bitops.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2012-2017 ARM Limited or its affiliates.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-/*!
- * \file cc_bitops.h
- * Bit fields operations macros.
- */
-#ifndef _CC_BITOPS_H_
-#define _CC_BITOPS_H_
-
-#include 
-#include 
-
-#define BITMASK(mask_size) (((mask_size) < 32) ?   \
-   ((1UL << (mask_size)) - 1) : 0xUL)
-
-#define BITMASK_AT(mask_size, mask_offset) (BITMASK(mask_size) << 
(mask_offset))
-
-#define BITFIELD_GET(word, bit_offset, bit_size) \
-   (((word) >> (bit_offset)) & BITMASK(bit_size))
-#define BITFIELD_SET(word, bit_offset, bit_size, new_val)   do {\
-   word = ((word) & ~BITMASK_AT(bit_size, bit_offset)) |   \
-   (((new_val) & BITMASK(bit_size)) << (bit_offset));  \
-} while (0)
-
-#endif /*_CC_BITOPS_H_*/
diff --git a/drivers/staging/ccree/cc_hw_queue_defs.h 
b/drivers/staging/ccree/cc_hw_queue_defs.h
index e750817..8dc9b6e 100644
--- a/drivers/staging/ccree/cc_hw_queue_defs.h
+++ b/drivers/staging/ccree/cc_hw_queue_defs.h
@@ -19,8 +19,8 @@
 
 #include 
 
-#include "cc_regs.h"
 #include "dx_crys_kernel.h"
+#include 
 
 /**
 *  DEFINITIONS
diff --git a/drivers/staging/ccree/cc_lli_defs.h 
b/drivers/staging/ccree/cc_lli_defs.h
index 78811aa..851d390 100644
--- a/drivers/staging/ccree/cc_lli_defs.h
+++ b/drivers/staging/ccree/cc_lli_defs.h
@@ -19,8 +19,6 @@
 
 #include 
 
-#include "cc_bitops.h"
-
 /* Max DLLI size
  *  AKA DX_DSCRPTR_QUEUE_WORD1_DIN_SIZE_BIT_SIZE
  */
diff --git a/drivers/staging/ccree/cc_regs.h b/drivers/staging/ccree/cc_regs.h
index 6abb6ff..53675e3 100644
--- a/drivers/staging/ccree/cc_regs.h
+++ b/drivers/staging/ccree/cc_regs.h
@@ -24,7 +24,12 @@
 #ifndef _CC_REGS_H_
 #define _CC_REGS_H_
 
-#include "cc_bitops.h"
+#include 
+
+#define AXIM_MON_BASE_OFFSET CC_REG_OFFSET(CRY_KERNEL, AXIM_MON_COMP)
+#define AXIM_MON_COMP_VALUE GENMASK(DX_AXIM_MON_COMP_VALUE_BIT_SIZE + \
+   DX_AXIM_MON_COMP_VALUE_BIT_SHIFT, \
+   DX_AXIM_MON_COMP_VALUE_BIT_SHIFT)
 
 #define AXIM_MON_BASE_OFFSET CC_REG_OFFSET(CRY_KERNEL, AXIM_MON_COMP)
 #define AXIM_MON_COMP_VALUE GENMASK(DX_AXIM_MON_COMP_VALUE_BIT_SIZE + \
@@ -35,68 +40,4 @@
 #define CC_REG_OFFSET(unit_name, reg_name)   \
(DX_BASE_ ## unit_name + DX_ ## reg_name ## _REG_OFFSET)
 
-#define CC_REG_BIT_SHIFT(reg_name, field_name)   \
-   (DX_ ## reg_name ## _ ## field_name ## _BIT_SHIFT)
-
-/* Read-Modify-Write a field of a register */
-#define MODIFY_REGISTER_FLD(unitName, regName, fldName, fldVal) \
-do {   \
-   u32 regVal; \
-   regVal = READ_REGISTER(CC_REG_ADDR(unitName, regName));   \
-   CC_REG_FLD_SET(unitName, regName, fldName, regVal, fldVal); \
-   WRITE_REGISTER(CC_REG_ADDR(unitName, regName), regVal);   \
-} while (0)
-
-/*! Bit fields get */
-#define CC_REG_FLD_GET(unit_name, reg_name, fld_name, reg_val)   \
-   (DX_ ## reg_name ## _ ## fld_name ## _BIT_SIZE == 0x20 ?  \
-   reg_val /*!< \internal Optimization for 32b fields */ : 
  \
-   BITFIELD_GET(reg_val, DX_ ## reg_name ## _ ## fld_name ## _BIT_SHIFT, \
-DX_ ## reg_name ## _ ## fld_name ## _BIT_SIZE))
-
-/*! Bit fields access */
-#define CC_REG_FLD_GET2(unit_name, reg_name, fld_name, reg_val)  \
-   (CC_ ## reg_name ## _ ## fld_name ## _BIT_SIZE == 0x20 ?  \
-   reg_val /*!< 

[PATCH v3 14/18] staging: ccree: remove spurious blank line

[Gilad Ben-Yossef]

Remove spurious blank line from cc_regs.h

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_regs.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/staging/ccree/cc_regs.h b/drivers/staging/ccree/cc_regs.h
index 53675e3..4a893a6 100644
--- a/drivers/staging/ccree/cc_regs.h
+++ b/drivers/staging/ccree/cc_regs.h
@@ -14,7 +14,6 @@
  * along with this program; if not, see .
  */
 
-
 /*!
  * @file
  * @brief This file contains macro definitions for accessing ARM TrustZone
-- 
2.1.4

[PATCH v3 16/18] staging: ccree: remove last remnants of sash algo

[Gilad Ben-Yossef]

The hash code had some left overs from a misguided attempt
to support shash API with the HW. Remove the code handling
this.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 448 +++
 1 file changed, 127 insertions(+), 321 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 47bc496..ed1c672 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -76,15 +76,11 @@ static void ssi_hash_create_cmac_setup(struct ahash_request 
*areq,
 
 struct ssi_hash_alg {
struct list_head entry;
-   bool synchronize;
int hash_mode;
int hw_mode;
int inter_digestsize;
struct ssi_drvdata *drvdata;
-   union {
-   struct ahash_alg ahash_alg;
-   struct shash_alg shash_alg;
-   };
+   struct ahash_alg ahash_alg;
 };
 
 
@@ -112,8 +108,6 @@ struct ssi_hash_ctx {
bool is_hmac;
 };
 
-static const struct crypto_type crypto_shash_type;
-
 static void ssi_hash_create_data_desc(
struct ahash_req_ctx *areq_ctx,
struct ssi_hash_ctx *ctx,
@@ -1015,15 +1009,9 @@ static int ssi_hash_setkey(void *hash,
 SSI_LOG_DEBUG("ssi_hash_setkey: start keylen: %d", keylen);
 
CHECK_AND_RETURN_UPON_FIPS_ERROR();
-   if (synchronize) {
-   ctx = crypto_shash_ctx(((struct crypto_shash *)hash));
-   blocksize = crypto_tfm_alg_blocksize(&((struct crypto_shash 
*)hash)->base);
-   digestsize = crypto_shash_digestsize(((struct crypto_shash 
*)hash));
-   } else {
-   ctx = crypto_ahash_ctx(((struct crypto_ahash *)hash));
-   blocksize = crypto_tfm_alg_blocksize(&((struct crypto_ahash 
*)hash)->base);
-   digestsize = crypto_ahash_digestsize(((struct crypto_ahash 
*)hash));
-   }
+   ctx = crypto_ahash_ctx(((struct crypto_ahash *)hash));
+   blocksize = crypto_tfm_alg_blocksize(&((struct crypto_ahash 
*)hash)->base);
+   digestsize = crypto_ahash_digestsize(((struct crypto_ahash *)hash));
 
larval_addr = ssi_ahash_get_larval_digest_sram_addr(
ctx->drvdata, ctx->hash_mode);
@@ -1184,13 +1172,8 @@ static int ssi_hash_setkey(void *hash,
rc = send_request(ctx->drvdata, _req, desc, idx, 0);
 
 out:
-   if (rc != 0) {
-   if (synchronize) {
-   crypto_shash_set_flags((struct crypto_shash *)hash, 
CRYPTO_TFM_RES_BAD_KEY_LEN);
-   } else {
-   crypto_ahash_set_flags((struct crypto_ahash *)hash, 
CRYPTO_TFM_RES_BAD_KEY_LEN);
-   }
-   }
+   if (rc)
+   crypto_ahash_set_flags((struct crypto_ahash *)hash, 
CRYPTO_TFM_RES_BAD_KEY_LEN);
 
if (ctx->key_params.key_dma_addr) {
dma_unmap_single(>drvdata->plat_dev->dev,
@@ -1395,23 +1378,6 @@ static int ssi_hash_alloc_ctx(struct ssi_hash_ctx *ctx)
return -ENOMEM;
 }
 
-static int ssi_shash_cra_init(struct crypto_tfm *tfm)
-{
-   struct ssi_hash_ctx *ctx = crypto_tfm_ctx(tfm);
-   struct shash_alg * shash_alg =
-   container_of(tfm->__crt_alg, struct shash_alg, base);
-   struct ssi_hash_alg *ssi_alg =
-   container_of(shash_alg, struct ssi_hash_alg, shash_alg);
-
-   CHECK_AND_RETURN_UPON_FIPS_ERROR();
-   ctx->hash_mode = ssi_alg->hash_mode;
-   ctx->hw_mode = ssi_alg->hw_mode;
-   ctx->inter_digestsize = ssi_alg->inter_digestsize;
-   ctx->drvdata = ssi_alg->drvdata;
-
-   return ssi_hash_alloc_ctx(ctx);
-}
-
 static int ssi_ahash_cra_init(struct crypto_tfm *tfm)
 {
struct ssi_hash_ctx *ctx = crypto_tfm_ctx(tfm);
@@ -1764,100 +1730,6 @@ static int ssi_mac_digest(struct ahash_request *req)
return rc;
 }
 
-//shash wrap functions
-#ifdef SYNC_ALGS
-static int ssi_shash_digest(struct shash_desc *desc,
-   const u8 *data, unsigned int len, u8 *out)
-{
-   struct ahash_req_ctx *state = shash_desc_ctx(desc);
-   struct crypto_shash *tfm = desc->tfm;
-   struct ssi_hash_ctx *ctx = crypto_shash_ctx(tfm);
-   u32 digestsize = crypto_shash_digestsize(tfm);
-   struct scatterlist src;
-
-   if (len == 0) {
-   return ssi_hash_digest(state, ctx, digestsize, NULL, 0, out, 
NULL);
-   }
-
-   /* sg_init_one may crash when len is 0 (depends on kernel 
configuration) */
-   sg_init_one(, (const void *)data, len);
-
-   return ssi_hash_digest(state, ctx, digestsize, , len, out, NULL);
-}
-
-static int ssi_shash_update(struct shash_desc *desc,
-   const u8 *data, unsigned int 
len)
-{
-   struct ahash_req_ctx *state = shash_desc_ctx(desc);
-   struct crypto_shash *tfm = desc->tfm;
-   struct ssi_hash_ctx *ctx = crypto_shash_ctx(tfm);
-   u32 blocksize = 

[PATCH v3 15/18] staging: ccree: fix wrong whitespace usage

[Gilad Ben-Yossef]

Some of the register definition files had none
kernel coding style usage of tabs vs. spaces in macro
definitions. This patch fixes them.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/dx_crys_kernel.h | 308 -
 drivers/staging/ccree/dx_host.h| 256 +--
 2 files changed, 282 insertions(+), 282 deletions(-)

diff --git a/drivers/staging/ccree/dx_crys_kernel.h 
b/drivers/staging/ccree/dx_crys_kernel.h
index a776e24..2196030 100644
--- a/drivers/staging/ccree/dx_crys_kernel.h
+++ b/drivers/staging/ccree/dx_crys_kernel.h
@@ -20,161 +20,161 @@
 // --
 // BLOCK: DSCRPTR
 // --
-#define DX_DSCRPTR_COMPLETION_COUNTER_REG_OFFSET   0xE00UL
-#define DX_DSCRPTR_COMPLETION_COUNTER_COMPLETION_COUNTER_BIT_SHIFT 0x0UL
-#define DX_DSCRPTR_COMPLETION_COUNTER_COMPLETION_COUNTER_BIT_SIZE  0x6UL
-#define DX_DSCRPTR_COMPLETION_COUNTER_OVERFLOW_COUNTER_BIT_SHIFT   0x6UL
-#define DX_DSCRPTR_COMPLETION_COUNTER_OVERFLOW_COUNTER_BIT_SIZE0x1UL
-#define DX_DSCRPTR_SW_RESET_REG_OFFSET 0xE40UL
-#define DX_DSCRPTR_SW_RESET_VALUE_BIT_SHIFT0x0UL
-#define DX_DSCRPTR_SW_RESET_VALUE_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_REG_OFFSET  0xE60UL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_NUM_OF_DSCRPTR_BIT_SHIFT0x0UL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_NUM_OF_DSCRPTR_BIT_SIZE 0xAUL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_DSCRPTR_SRAM_SIZE_BIT_SHIFT 0xAUL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_DSCRPTR_SRAM_SIZE_BIT_SIZE  0xCUL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_SRAM_SIZE_BIT_SHIFT 0x16UL
-#define DX_DSCRPTR_QUEUE_SRAM_SIZE_SRAM_SIZE_BIT_SIZE  0x3UL
-#define DX_DSCRPTR_SINGLE_ADDR_EN_REG_OFFSET   0xE64UL
-#define DX_DSCRPTR_SINGLE_ADDR_EN_VALUE_BIT_SHIFT  0x0UL
-#define DX_DSCRPTR_SINGLE_ADDR_EN_VALUE_BIT_SIZE   0x1UL
-#define DX_DSCRPTR_MEASURE_CNTR_REG_OFFSET 0xE68UL
-#define DX_DSCRPTR_MEASURE_CNTR_VALUE_BIT_SHIFT0x0UL
-#define DX_DSCRPTR_MEASURE_CNTR_VALUE_BIT_SIZE 0x20UL
-#define DX_DSCRPTR_QUEUE_WORD0_REG_OFFSET  0xE80UL
-#define DX_DSCRPTR_QUEUE_WORD0_VALUE_BIT_SHIFT 0x0UL
-#define DX_DSCRPTR_QUEUE_WORD0_VALUE_BIT_SIZE  0x20UL
-#define DX_DSCRPTR_QUEUE_WORD1_REG_OFFSET  0xE84UL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_DMA_MODE_BIT_SHIFT  0x0UL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_DMA_MODE_BIT_SIZE   0x2UL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_SIZE_BIT_SHIFT  0x2UL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_SIZE_BIT_SIZE   0x18UL
-#define DX_DSCRPTR_QUEUE_WORD1_NS_BIT_BIT_SHIFT0x1AUL
-#define DX_DSCRPTR_QUEUE_WORD1_NS_BIT_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_CONST_VALUE_BIT_SHIFT   0x1BUL
-#define DX_DSCRPTR_QUEUE_WORD1_DIN_CONST_VALUE_BIT_SIZE0x1UL
-#define DX_DSCRPTR_QUEUE_WORD1_NOT_LAST_BIT_SHIFT  0x1CUL
-#define DX_DSCRPTR_QUEUE_WORD1_NOT_LAST_BIT_SIZE   0x1UL
-#define DX_DSCRPTR_QUEUE_WORD1_LOCK_QUEUE_BIT_SHIFT0x1DUL
-#define DX_DSCRPTR_QUEUE_WORD1_LOCK_QUEUE_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD1_NOT_USED_BIT_SHIFT  0x1EUL
-#define DX_DSCRPTR_QUEUE_WORD1_NOT_USED_BIT_SIZE   0x2UL
-#define DX_DSCRPTR_QUEUE_WORD2_REG_OFFSET  0xE88UL
-#define DX_DSCRPTR_QUEUE_WORD2_VALUE_BIT_SHIFT 0x0UL
-#define DX_DSCRPTR_QUEUE_WORD2_VALUE_BIT_SIZE  0x20UL
-#define DX_DSCRPTR_QUEUE_WORD3_REG_OFFSET  0xE8CUL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_DMA_MODE_BIT_SHIFT 0x0UL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_DMA_MODE_BIT_SIZE  0x2UL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_SIZE_BIT_SHIFT 0x2UL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_SIZE_BIT_SIZE  0x18UL
-#define DX_DSCRPTR_QUEUE_WORD3_NS_BIT_BIT_SHIFT0x1AUL
-#define DX_DSCRPTR_QUEUE_WORD3_NS_BIT_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_LAST_IND_BIT_SHIFT 0x1BUL
-#define DX_DSCRPTR_QUEUE_WORD3_DOUT_LAST_IND_BIT_SIZE  0x1UL
-#define DX_DSCRPTR_QUEUE_WORD3_HASH_XOR_BIT_BIT_SHIFT  0x1DUL
-#define DX_DSCRPTR_QUEUE_WORD3_HASH_XOR_BIT_BIT_SIZE   0x1UL
-#define DX_DSCRPTR_QUEUE_WORD3_NOT_USED_BIT_SHIFT  0x1EUL
-#define DX_DSCRPTR_QUEUE_WORD3_NOT_USED_BIT_SIZE   0x1UL
-#define DX_DSCRPTR_QUEUE_WORD3_QUEUE_LAST_IND_BIT_SHIFT0x1FUL
-#define DX_DSCRPTR_QUEUE_WORD3_QUEUE_LAST_IND_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD4_REG_OFFSET  0xE90UL
-#define DX_DSCRPTR_QUEUE_WORD4_DATA_FLOW_MODE_BIT_SHIFT0x0UL
-#define DX_DSCRPTR_QUEUE_WORD4_DATA_FLOW_MODE_BIT_SIZE 0x6UL
-#define DX_DSCRPTR_QUEUE_WORD4_AES_SEL_N_HASH_BIT_SHIFT0x6UL
-#define DX_DSCRPTR_QUEUE_WORD4_AES_SEL_N_HASH_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD4_AES_XOR_CRYPTO_KEY_BIT_SHIFT0x7UL
-#define DX_DSCRPTR_QUEUE_WORD4_AES_XOR_CRYPTO_KEY_BIT_SIZE 0x1UL
-#define DX_DSCRPTR_QUEUE_WORD4_ACK_NEEDED_BIT_SHIFT0x8UL
-#define DX_DSCRPTR_QUEUE_WORD4_ACK_NEEDED_BIT_SIZE 0x2UL
-#define 

[PATCH v3 18/18] staging: ccree: remove descriptor context definitions

[Gilad Ben-Yossef]

Remove definitions of descriptor context which are not used
in the driver.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_crypto_ctx.h | 86 ---
 1 file changed, 86 deletions(-)

diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index 20f3f9f..591f6fd 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -196,91 +196,5 @@ enum drv_crypto_padding_type {
DRV_PADDING_RESERVE32B = S32_MAX
 };
 
-/***/
-/* DESCRIPTOR BASED CONTEXTS ***/
-/***/
-
- /* Generic context ("super-class") */
-struct drv_ctx_generic {
-   enum drv_crypto_alg alg;
-} __attribute__((__may_alias__));
-
-struct drv_ctx_hash {
-   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_HASH */
-   enum drv_hash_mode mode;
-   u8 digest[CC_DIGEST_SIZE_MAX];
-   /* reserve to end of allocated context size */
-   u8 reserved[CC_CTX_SIZE - 2 * sizeof(u32) -
-   CC_DIGEST_SIZE_MAX];
-};
-
-/* NOTE! drv_ctx_hmac should have the same structure as drv_ctx_hash except
- * k0, k0_size fields
- */
-struct drv_ctx_hmac {
-   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_HMAC */
-   enum drv_hash_mode mode;
-   u8 digest[CC_DIGEST_SIZE_MAX];
-   u32 k0[CC_HMAC_BLOCK_SIZE_MAX / sizeof(u32)];
-   u32 k0_size;
-   /* reserve to end of allocated context size */
-   u8 reserved[CC_CTX_SIZE - 3 * sizeof(u32) -
-   CC_DIGEST_SIZE_MAX - CC_HMAC_BLOCK_SIZE_MAX];
-};
-
-struct drv_ctx_cipher {
-   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_AES */
-   enum drv_cipher_mode mode;
-   enum drv_crypto_direction direction;
-   enum drv_crypto_key_type crypto_key_type;
-   enum drv_crypto_padding_type padding_type;
-   u32 key_size; /* numeric value in bytes   */
-   u32 data_unit_size; /* required for XTS */
-   /* block_state is the AES engine block state.
-* It is used by the host to pass IV or counter at initialization.
-* It is used by SeP for intermediate block chaining state and for
-* returning MAC algorithms results.
-*/
-   u8 block_state[CC_AES_BLOCK_SIZE];
-   u8 key[CC_AES_KEY_SIZE_MAX];
-   u8 xex_key[CC_AES_KEY_SIZE_MAX];
-   /* reserve to end of allocated context size */
-   u32 reserved[CC_DRV_CTX_SIZE_WORDS - 7 -
-   CC_AES_BLOCK_SIZE / sizeof(u32) - 2 *
-   (CC_AES_KEY_SIZE_MAX / sizeof(u32))];
-};
-
-/* authentication and encryption with associated data class */
-struct drv_ctx_aead {
-   enum drv_crypto_alg alg; /* DRV_CRYPTO_ALG_AES */
-   enum drv_cipher_mode mode;
-   enum drv_crypto_direction direction;
-   u32 key_size; /* numeric value in bytes   */
-   u32 nonce_size; /* nonce size (octets) */
-   u32 header_size; /* finit additional data size (octets) */
-   u32 text_size; /* finit text data size (octets) */
-   u32 tag_size; /* mac size, element of {4, 6, 8, 10, 12, 14, 16} */
-   /* block_state1/2 is the AES engine block state */
-   u8 block_state[CC_AES_BLOCK_SIZE];
-   u8 mac_state[CC_AES_BLOCK_SIZE]; /* MAC result */
-   u8 nonce[CC_AES_BLOCK_SIZE]; /* nonce buffer */
-   u8 key[CC_AES_KEY_SIZE_MAX];
-   /* reserve to end of allocated context size */
-   u32 reserved[CC_DRV_CTX_SIZE_WORDS - 8 -
-   3 * (CC_AES_BLOCK_SIZE / sizeof(u32)) -
-   CC_AES_KEY_SIZE_MAX / sizeof(u32)];
-};
-
-/***/
-/* MESSAGE BASED CONTEXTS **/
-/***/
-
-/* Get the address of a @member within a given @ctx address
- * @ctx: The context address
- * @type: Type of context structure
- * @member: Associated context field
- */
-#define GET_CTX_FIELD_ADDR(ctx, type, member) ((ctx) + offsetof(type, member))
-
 #endif /* _CC_CRYPTO_CTX_H_ */
 
-- 
2.1.4

[PATCH v3 17/18] staging: ccree: remove last remnants of sblkcipher

[Gilad Ben-Yossef]

The cipher code had some left overs of an attempt to support
synch. cipher API with the HW. Remove the code handling this.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_cipher.c | 102 +++--
 drivers/staging/ccree/ssi_driver.h |   1 -
 2 files changed, 6 insertions(+), 97 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index e16fd36..2dfc6a3 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -36,7 +36,6 @@
 #define MAX_ABLKCIPHER_SEQ_LEN 6
 
 #define template_ablkciphertemplate_u.ablkcipher
-#define template_sblkciphertemplate_u.blkcipher
 
 #define SSI_MIN_AES_XTS_SIZE 0x10
 #define SSI_MAX_AES_XTS_SIZE 0x2000
@@ -886,69 +885,6 @@ static void ssi_ablkcipher_complete(struct device *dev, 
void *ssi_req, void __io
   ivsize, areq, cc_base);
 }
 
-
-
-static int ssi_sblkcipher_init(struct crypto_tfm *tfm)
-{
-   struct ssi_ablkcipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
-
-   /* Allocate sync ctx buffer */
-   ctx_p->sync_ctx = kmalloc(sizeof(struct blkcipher_req_ctx), 
GFP_KERNEL|GFP_DMA);
-   if (!ctx_p->sync_ctx) {
-   SSI_LOG_ERR("Allocating sync ctx buffer in context failed\n");
-   return -ENOMEM;
-   }
-   SSI_LOG_DEBUG("Allocated sync ctx buffer in context 
ctx_p->sync_ctx=@%p\n",
-   
ctx_p->sync_ctx);
-
-   return ssi_blkcipher_init(tfm);
-}
-
-
-static void ssi_sblkcipher_exit(struct crypto_tfm *tfm)
-{
-   struct ssi_ablkcipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
-
-   kfree(ctx_p->sync_ctx);
-   SSI_LOG_DEBUG("Free sync ctx buffer in context ctx_p->sync_ctx=@%p\n", 
ctx_p->sync_ctx);
-
-   ssi_blkcipher_exit(tfm);
-}
-
-#ifdef SYNC_ALGS
-static int ssi_sblkcipher_encrypt(struct blkcipher_desc *desc,
-struct scatterlist *dst, struct scatterlist *src,
-unsigned int nbytes)
-{
-   struct crypto_blkcipher *blk_tfm = desc->tfm;
-   struct crypto_tfm *tfm = crypto_blkcipher_tfm(blk_tfm);
-   struct ssi_ablkcipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
-   struct blkcipher_req_ctx *req_ctx = ctx_p->sync_ctx;
-   unsigned int ivsize = crypto_blkcipher_ivsize(blk_tfm);
-
-   req_ctx->backup_info = desc->info;
-   req_ctx->is_giv = false;
-
-   return ssi_blkcipher_process(tfm, req_ctx, dst, src, nbytes, 
desc->info, ivsize, NULL, DRV_CRYPTO_DIRECTION_ENCRYPT);
-}
-
-static int ssi_sblkcipher_decrypt(struct blkcipher_desc *desc,
-struct scatterlist *dst, struct scatterlist *src,
-unsigned int nbytes)
-{
-   struct crypto_blkcipher *blk_tfm = desc->tfm;
-   struct crypto_tfm *tfm = crypto_blkcipher_tfm(blk_tfm);
-   struct ssi_ablkcipher_ctx *ctx_p = crypto_tfm_ctx(tfm);
-   struct blkcipher_req_ctx *req_ctx = ctx_p->sync_ctx;
-   unsigned int ivsize = crypto_blkcipher_ivsize(blk_tfm);
-
-   req_ctx->backup_info = desc->info;
-   req_ctx->is_giv = false;
-
-   return ssi_blkcipher_process(tfm, req_ctx, dst, src, nbytes, 
desc->info, ivsize, NULL, DRV_CRYPTO_DIRECTION_DECRYPT);
-}
-#endif
-
 /* Async wrap functions */
 
 static int ssi_ablkcipher_init(struct crypto_tfm *tfm)
@@ -1014,7 +950,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_XTS,
.flow_mode = S_DIN_to_AES,
-.synchronous = false,
},
{
.name = "xts(aes)",
@@ -1031,7 +966,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_XTS,
.flow_mode = S_DIN_to_AES,
-   .synchronous = false,
},
{
.name = "xts(aes)",
@@ -1048,7 +982,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_XTS,
.flow_mode = S_DIN_to_AES,
-   .synchronous = false,
},
 #endif /*SSI_CC_HAS_AES_XTS*/
 #if SSI_CC_HAS_AES_ESSIV
@@ -1067,7 +1000,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_ESSIV,
.flow_mode = S_DIN_to_AES,
-   .synchronous = false,
},
{
.name = "essiv(aes)",
@@ -1084,7 +1016,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_ESSIV,
.flow_mode = S_DIN_to_AES,
-   .synchronous = false,
},
{
.name = "essiv(aes)",
@@ -1101,7 +1032,6 @@ static struct ssi_alg_template blkcipher_algs[] = {
},
.cipher_mode = DRV_CIPHER_ESSIV,

[PATCH v3 05/18] staging: ccree: move M/LLI defines to header file

[Gilad Ben-Yossef]

A bunch of macros used to define M/LLI descriptors where
being defined in the C file. Move them over to private
include file where other relevant definitions are stored.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_lli_defs.h| 8 
 drivers/staging/ccree/ssi_buffer_mgr.c | 7 ---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/staging/ccree/cc_lli_defs.h 
b/drivers/staging/ccree/cc_lli_defs.h
index 876dde0..78811aa 100644
--- a/drivers/staging/ccree/cc_lli_defs.h
+++ b/drivers/staging/ccree/cc_lli_defs.h
@@ -28,6 +28,14 @@
 
 #define CC_MAX_MLLI_ENTRY_SIZE 0x
 
+#define LLI_MAX_NUM_OF_DATA_ENTRIES 128
+#define LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES 4
+#define MLLI_TABLE_MIN_ALIGNMENT 4 /* 32 bit alignment */
+#define MAX_NUM_OF_BUFFERS_IN_MLLI 4
+#define MAX_NUM_OF_TOTAL_MLLI_ENTRIES \
+   (2 * LLI_MAX_NUM_OF_DATA_ENTRIES + \
+LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES)
+
 /* Size of entry */
 #define LLI_ENTRY_WORD_SIZE 2
 #define LLI_ENTRY_BYTE_SIZE (LLI_ENTRY_WORD_SIZE * sizeof(u32))
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 24ba51d..63ffcd5 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -33,13 +33,6 @@
 #include "ssi_hash.h"
 #include "ssi_aead.h"
 
-#define LLI_MAX_NUM_OF_DATA_ENTRIES 128
-#define LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES 4
-#define MLLI_TABLE_MIN_ALIGNMENT 4 /*Force the MLLI table to be align to 
uint32 */
-#define MAX_NUM_OF_BUFFERS_IN_MLLI 4
-#define MAX_NUM_OF_TOTAL_MLLI_ENTRIES (2*LLI_MAX_NUM_OF_DATA_ENTRIES + \
-   LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES )
-
 #ifdef CC_DEBUG
 #define DUMP_SGL(sg) \
while (sg) { \
-- 
2.1.4

[PATCH v3 06/18] staging: ccree: remove unused debug macros

[Gilad Ben-Yossef]

The DUMP_SGL() and DUMP_MLLI_TABLE() debug macros were
defined but not used anywhere and the difference of their
definitions for debug vs. none debug indicated this has
not being used in a while.

Remove the dead code.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 19 ---
 1 file changed, 19 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 63ffcd5..3252114 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -34,30 +34,11 @@
 #include "ssi_aead.h"
 
 #ifdef CC_DEBUG
-#define DUMP_SGL(sg) \
-   while (sg) { \
-   SSI_LOG_DEBUG("page=%p offset=%u length=%u (dma_len=%u) " \
-"dma_addr=%08x\n", sg_page(sg), (sg)->offset, \
-   (sg)->length, sg_dma_len(sg), (sg)->dma_address); \
-   (sg) = sg_next(sg); \
-   }
-#define DUMP_MLLI_TABLE(mlli_p, nents) \
-   do { \
-   SSI_LOG_DEBUG("mlli=%pK nents=%u\n", (mlli_p), (nents)); \
-   while((nents)--) { \
-   SSI_LOG_DEBUG("addr=0x%08X size=0x%08X\n", \
-(mlli_p)[LLI_WORD0_OFFSET], \
-(mlli_p)[LLI_WORD1_OFFSET]); \
-   (mlli_p) += LLI_ENTRY_WORD_SIZE; \
-   } \
-   } while (0)
 #define GET_DMA_BUFFER_TYPE(buff_type) ( \
((buff_type) == SSI_DMA_BUF_NULL) ? "BUF_NULL" : \
((buff_type) == SSI_DMA_BUF_DLLI) ? "BUF_DLLI" : \
((buff_type) == SSI_DMA_BUF_MLLI) ? "BUF_MLLI" : "BUF_INVALID")
 #else
-#define DX_BUFFER_MGR_DUMP_SGL(sg)
-#define DX_BUFFER_MGR_DUMP_MLLI_TABLE(mlli_p, nents)
 #define GET_DMA_BUFFER_TYPE(buff_type)
 #endif
 
-- 
2.1.4

[PATCH v3 01/18] staging: ccree: replace bit shift with BIT macro

[Gilad Ben-Yossef]

CC_CTX_SIZE was being defined using a hand rolled bit shift operation.
Replace with use of BIT macro.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_crypto_ctx.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index 1fc68de..20f3f9f 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -27,7 +27,7 @@
 #define CC_CTX_SIZE_LOG2 7
 #endif
 #endif
-#define CC_CTX_SIZE (1 << CC_CTX_SIZE_LOG2)
+#define CC_CTX_SIZE BIT(CC_CTX_SIZE_LOG2)
 #define CC_DRV_CTX_SIZE_WORDS (CC_CTX_SIZE >> 2)
 
 #define CC_DRV_DES_IV_SIZE 8
-- 
2.1.4

[PATCH v3 00/18] additional driver cleanups

[Gilad Ben-Yossef]

This is another batch of clean ups for the ccree driver.
Mostly comprised of:
- Coding Style fixes
- Move to kernel infrastructure from custom constructs
- Replace macros with static inline functions
- Removal of dead code

Changes from v2:
- Rebase on top of commit ed5210cb07de90b8dc31a420466847755331536b
  ("Drivers: ccree: cc_hw_queue_defs.h - align block comments").
- Drop already upstream patches.
- Add three new patches to drop more unused code.

Changes from v1:
- Break up patches better to "do one thing" as indicated by GregKH
- Better description for some of the patches
- Better line breakup for code clarity as suggested by Joe Perches

Gilad Ben-Yossef (18):
  staging: ccree: replace bit shift with BIT macro
  staging: ccree: refactor HW command FIFO access
  staging: ccree: remove 48 bit dma addr sim
  staging: ccree: refactor LLI access macros
  staging: ccree: move M/LLI defines to header file
  staging: ccree: remove unused debug macros
  staging: ccree: remove cycle count debug support
  staging: ccree: move request_mgr to generic bitfield ops
  staging: ccree: remove custom bitfield macros
  staging: ccree: remove unused struct
  staging: ccree: use snake_case for hash enums
  staging: ccree: drop no longer used macro
  staging: ccree: remove dead code
  staging: ccree: remove spurious blank line
  staging: ccree: fix wrong whitespace usage
  staging: ccree: remove last remnants of sash algo
  staging: ccree: remove last remnants of sblkcipher
  staging: ccree: remove descriptor context definitions

 drivers/staging/ccree/cc_bitops.h|   35 -
 drivers/staging/ccree/cc_crypto_ctx.h|   88 +-
 drivers/staging/ccree/cc_hw_queue_defs.h |  686 ---
 drivers/staging/ccree/cc_lli_defs.h  |   49 +-
 drivers/staging/ccree/cc_regs.h  |   77 +-
 drivers/staging/ccree/dx_crys_kernel.h   |  308 +++
 drivers/staging/ccree/dx_host.h  |  256 +++---
 drivers/staging/ccree/hash_defs.h|   53 +-
 drivers/staging/ccree/ssi_aead.c |  953 ++---
 drivers/staging/ccree/ssi_buffer_mgr.c   |  117 +--
 drivers/staging/ccree/ssi_buffer_mgr.h   |   16 -
 drivers/staging/ccree/ssi_cipher.c   |  350 +++-
 drivers/staging/ccree/ssi_config.h   |6 -
 drivers/staging/ccree/ssi_driver.c   |8 -
 drivers/staging/ccree/ssi_driver.h   |   31 +-
 drivers/staging/ccree/ssi_fips_ll.c  |  704 
 drivers/staging/ccree/ssi_hash.c | 1343 +-
 drivers/staging/ccree/ssi_ivgen.c|   80 +-
 drivers/staging/ccree/ssi_request_mgr.c  |  161 +---
 drivers/staging/ccree/ssi_sram_mgr.c |8 +-
 20 files changed, 2230 insertions(+), 3099 deletions(-)
 delete mode 100644 drivers/staging/ccree/cc_bitops.h

-- 
2.1.4

Re: get_random_bytes returns bad randomness before seeding is complete

[Stephan Müller]

Am Freitag, 2. Juni 2017, 16:59:56 CEST schrieb Jason A. Donenfeld:

Hi Jason,

> Alternatively, I'm open to other solutions people might come up with.

One addition, there is an issue (I would call it a bug) in random.c before 4.8 
where the nonblocking_pool is not reseeded during early boot even though 
entropy may be available. That issue aggravates early boot time entropy issues 
for user and kernel land.

I have not heard about accepting or rejecting it, so I am wondering how 
patches go into random.c at all.

[1] https://patchwork.kernel.org/patch/9620431/

Ciao
Stephan