Re: [PATCH v9 7/8] crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64

[Horia Geantă]

On 1/3/2018 8:07 PM, Logan Gunthorpe wrote:
> Clean up the extra ifdefs which defined the wr_reg64 and rd_reg64
> functions in non-64bit cases in favour of the new common
> io-64-nonatomic-lo-hi header.
> 
> Signed-off-by: Logan Gunthorpe 
> Cc: Andy Shevchenko 
> Cc: Horia Geantă 
> Cc: Dan Douglass 
> Cc: Herbert Xu 
> Cc: "David S. Miller" 
> ---
>  drivers/crypto/caam/regs.h | 26 +-
>  1 file changed, 1 insertion(+), 25 deletions(-)
> 
> diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
> index fee363865d88..ec6528e5ce9d 100644
> --- a/drivers/crypto/caam/regs.h
> +++ b/drivers/crypto/caam/regs.h
> @@ -10,7 +10,7 @@
>  
>  #include 
>  #include 
> -#include 
> +#include 
Typo: lo-hi should be used instead (see previous patch versions).

Please add in the commit message the explanation (which was there in v8 but
removed in v9):
To be consistent with CAAM engine HW spec: in case of 64-bit registers,
irrespective of device endianness, the lower address should be read from
/ written to first, followed by the upper address. Indeed the I/O
accessors in CAAM driver currently don't follow the spec, however this
is a good opportunity to fix the code.

>  
>  /*
>   * Architecture-specific register access methods
> @@ -136,7 +136,6 @@ static inline void clrsetbits_32(void __iomem *reg, u32 
> clear, u32 set)
>   *base + 0x : least-significant 32 bits
>   *base + 0x0004 : most-significant 32 bits
>   */
> -#ifdef CONFIG_64BIT
>  static inline void wr_reg64(void __iomem *reg, u64 data)
>  {
>   if (caam_little_end)
Since the 2 cases (32/64-bit) are merged, caam_imx should be accounted for the
logic to stay the same.

This means for e.g. for wr_reg64 (similar for rd_reg64):
static inline void wr_reg64(void __iomem *reg, u64 data)
{
if (!caam_imx && caam_little_end)
iowrite64(data, reg);
else
iowrite64be(data, reg);
}

Thanks,
Horia

> @@ -153,29 +152,6 @@ static inline u64 rd_reg64(void __iomem *reg)
>   return ioread64be(reg);
>  }
>  
> -#else /* CONFIG_64BIT */
> -static inline void wr_reg64(void __iomem *reg, u64 data)
> -{
> - if (!caam_imx && caam_little_end) {
> - wr_reg32((u32 __iomem *)(reg) + 1, data >> 32);
> - wr_reg32((u32 __iomem *)(reg), data);
> - } else {
> - wr_reg32((u32 __iomem *)(reg), data >> 32);
> - wr_reg32((u32 __iomem *)(reg) + 1, data);
> - }
> -}
> -
> -static inline u64 rd_reg64(void __iomem *reg)
> -{
> - if (!caam_imx && caam_little_end)
> - return ((u64)rd_reg32((u32 __iomem *)(reg) + 1) << 32 |
> - (u64)rd_reg32((u32 __iomem *)(reg)));
> -
> - return ((u64)rd_reg32((u32 __iomem *)(reg)) << 32 |
> - (u64)rd_reg32((u32 __iomem *)(reg) + 1));
> -}
> -#endif /* CONFIG_64BIT  */
> -
>  static inline u64 cpu_to_caam_dma64(dma_addr_t value)
>  {
>   if (caam_imx)
> 

[PATCH] [v2] crypto: aes-generic - build with -Os on gcc-7+

[Arnd Bergmann]

While testing other changes, I discovered that gcc-7.2.1 produces badly
optimized code for aes_encrypt/aes_decrypt. This is especially true when
CONFIG_UBSAN_SANITIZE_ALL is enabled, where it leads to extremely
large stack usage that in turn might cause kernel stack overflows:

crypto/aes_generic.c: In function 'aes_encrypt':
crypto/aes_generic.c:1371:1: warning: the frame size of 4880 bytes is larger 
than 2048 bytes [-Wframe-larger-than=]
crypto/aes_generic.c: In function 'aes_decrypt':
crypto/aes_generic.c:1441:1: warning: the frame size of 4864 bytes is larger 
than 2048 bytes [-Wframe-larger-than=]

I verified that this problem exists on all architectures that are
supported by gcc-7.2, though arm64 in particular is less affected than
the others. I also found that gcc-7.1 and gcc-8 do not show the extreme
stack usage but still produce worse code than earlier versions for this
file, apparently because of optimization passes that generally provide
a substantial improvement in object code quality but understandably fail
to find any shortcuts in the AES algorithm.

Possible workarounds include

a) disabling -ftree-pre and -ftree-sra optimizations, this was an earlier
   patch I tried, which reliably fixed the stack usage, but caused a
   serious performance regression in some versions, as later testing
   found.

b) disabling UBSAN on this file or all ciphers, as suggested by Ard
   Biesheuvel. This would lead to massively better crypto performance in
   UBSAN-enabled kernels and avoid the stack usage, but there is a concern
   over whether we should exclude arbitrary files from UBSAN at all.

c) Forcing the optimization level in a different way. Similar to a),
   but rather than deselecting specific optimization stages,
   this now uses "gcc -Os" for this file, regardless of the
   CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE/SIZE option. This is a reliable
   workaround for the stack consumption on all architecture, and I've
   retested the performance results now on x86, cycles/byte (lower is
   better) for cbc(aes-generic) with 256 bit keys:

-O2 -Os
gcc-6.3.1   14.915.1
gcc-7.0.1   14.715.3
gcc-7.1.1   15.314.7
gcc-7.2.1   16.815.9
gcc-8.0.0   15.515.6

This implements the option c) by enabling forcing -Os on all compiler
versions starting with gcc-7.1. As a workaround for PR83356, it would
only be needed for gcc-7.2+ with UBSAN enabled, but since it also shows
better performance on gcc-7.1 without UBSAN, it seems appropriate to
use the faster version here as well.

Side note: during testing, I also played with the AES code in libressl,
which had a similar performance regression from gcc-6 to gcc-7.2,
but was three times slower overall. It might be interesting to
investigate that further and possibly port the Linux implementation
into that.

Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651
Cc: Richard Biener 
Cc: Jakub Jelinek 
Cc: Ard Biesheuvel 
Signed-off-by: Arnd Bergmann 
---
 crypto/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/Makefile b/crypto/Makefile
index d674884b2d51..daa69360e054 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -99,6 +99,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
 obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o
 CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
 obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
+CFLAGS_aes_generic.o := $(call cc-ifversion, -ge, 0701, -Os) # 
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356
 obj-$(CONFIG_CRYPTO_AES_TI) += aes_ti.o
 obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia_generic.o
 obj-$(CONFIG_CRYPTO_CAST_COMMON) += cast_common.o
-- 
2.9.0

Re: [PATCH] [RFT] crypto: aes-generic - turn off -ftree-pre and -ftree-sra

[Arnd Bergmann]

On Wed, Jan 3, 2018 at 6:36 PM, Ard Biesheuvel
 wrote:
> On 3 January 2018 at 16:37, Arnd Bergmann  wrote:
>> On Fri, Dec 22, 2017 at 4:47 PM, Ard Biesheuvel  
>> wrote:
>>
>> A minimal patch would be to disable UBSAN specifically for aes-generic.c
>> for gcc-7.2+ but not gcc-8 to avoid the potential stack overflow. We could
>> also force building with -Os on gcc-7, and leave UBSAN enabled,
>> this would improve performance some 3-5% on x86 with gcc-7 (both
>> 7.1 and 7.2.1) and avoid the stack overflow.
>>
>
> Can't we just disable UBSAN for that file for all GCC versions and be
> done with it? It is not a production feature, and that code is
> unlikely to change in ways where UBSAN would make a difference anyway,
> nor is it ever executed on 99.9% of systems running Linux.

It's up to Herbert in the end. I'm leaning to the -Os change in the Makefile,
since it improves the performance for the common case as well, and
once we start disabling UBSAN for performance-critical files, it becomes
a slippery slope.

I'll send the patch with the -Os change as v2, and note the ubsan-disabling
alternative in the changelog.

   Arnd

[PATCH 1/6] Documentation: crypto: document crypto engine API

[Corentin Labbe]

Signed-off-by: Corentin Labbe 
---
 Documentation/crypto/crypto_engine.rst | 46 ++
 1 file changed, 46 insertions(+)
 create mode 100644 Documentation/crypto/crypto_engine.rst

diff --git a/Documentation/crypto/crypto_engine.rst 
b/Documentation/crypto/crypto_engine.rst
new file mode 100644
index ..b0ed37f9fb0c
--- /dev/null
+++ b/Documentation/crypto/crypto_engine.rst
@@ -0,0 +1,46 @@
+=
+CRYPTO ENGINE
+=
+
+Overview
+
+The crypto engine API (CE), is a crypto queue manager.
+
+Requirement
+---
+You have to put at start of your tfm_ctx the struct crypto_engine_reqctx
+struct your_tfm_ctx {
+struct crypto_engine_reqctx enginectx;
+...
+};
+Why: Since CE manage only crypto_async_request, it cannot know the underlying
+request_type and so have access only on the TFM.
+So using container_of for accessing __ctx is impossible.
+Furthermore, the crypto engine cannot know the "struct your_tfm_ctx",
+so it must assume that crypto_engine_reqctx is at start of it.
+
+Order of operations
+---
+You have to obtain a struct crypto_engine via crypto_engine_alloc_init().
+And start it via crypto_engine_start().
+
+Before transferring any request, you have to fill the enginectx.
+- prepare_request: (taking a function pointer) If you need to do some 
processing before doing the request
+- unprepare_request: (taking a function pointer) Undoing what's done in 
prepare_request
+- do_one_request: (taking a function pointer) Do encryption for current request
+
+Note: that those three functions get the crypto_async_request associated with 
the received request.
+So your need to get the original request via container_of(areq, struct 
yourrequesttype_request, base);
+
+When your driver receive a crypto_request, you have to transfer it to
+the cryptoengine via one of:
+- crypto_transfer_cipher_request_to_engine()
+- crypto_transfer_skcipher_request_to_engine()
+- crypto_transfer_akcipher_request_to_engine()
+- crypto_transfer_hash_request_to_engine()
+
+At the end of the request process, a call to one of the following function is 
needed:
+- crypto_finalize_cipher_request
+- crypto_finalize_skcipher_request
+- crypto_finalize_akcipher_request
+- crypto_finalize_hash_request
-- 
2.13.6

[PATCH 0/6] crypto: engine - Permit to enqueue all async requests

[Corentin Labbe]

Hello

The current crypto_engine support only ahash and ablkcipher request.
My first patch which try to add skcipher was Nacked, it will add too many 
functions
and adding other algs(aead, asymetric_key) will make the situation worst.

This patchset remove all algs specific stuff and now only process generic 
crypto_async_request.

The requests handler function pointer are now moved out of struct engine and
are now stored directly in a crypto_engine_reqctx.

The original proposal of Herbert [1] cannot be done completly since the 
crypto_engine
could only dequeue crypto_async_request and it is impossible to access any 
request_ctx
without knowing the underlying request type.

So I do something near that was requested: adding crypto_engine_reqctx in TFM 
context.
Note that the current implementation expect that crypto_engine_reqctx
is the first member of the context.

The first patch is a try to document the crypto engine API.
The second patch convert the crypto engine with the new way,
while the following patchs convert the 4 existing users of crypto_engine.
Note that this split break bisection, so probably the final commit will be all 
merged.

Appart from virtio, all 4 latest patch were compile tested only.
But the crypto engine is tested with my new sun8i-ce driver.

Regards

[1] https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1474434.html

Changes since RFC:
- Added a documentation patch
- Added patch for stm32-cryp
- Changed parameter of all crypto_engine_op functions from
  crypto_async_request to void*
- Reintroduced crypto_transfer_xxx_request_to_engine functions

Corentin Labbe (6):
  Documentation: crypto: document crypto engine API
  crypto: engine - Permit to enqueue all async requests
  crypto: omap: convert to new crypto engine API
  crypto: virtio: convert to new crypto engine API
  crypto: stm32-hash: convert to the new crypto engine API
  crypto: stm32-cryp: convert to the new crypto engine API

 Documentation/crypto/crypto_engine.rst   |  46 ++
 crypto/crypto_engine.c   | 230 +--
 drivers/crypto/omap-aes.c|  17 +-
 drivers/crypto/omap-aes.h|   3 +
 drivers/crypto/omap-des.c|  20 ++-
 drivers/crypto/stm32/stm32-cryp.c|  21 ++-
 drivers/crypto/stm32/stm32-hash.c|  18 ++-
 drivers/crypto/virtio/virtio_crypto_algs.c   |  10 +-
 drivers/crypto/virtio/virtio_crypto_common.h |   3 +-
 drivers/crypto/virtio/virtio_crypto_core.c   |   3 -
 include/crypto/engine.h  |  59 ---
 11 files changed, 263 insertions(+), 167 deletions(-)
 create mode 100644 Documentation/crypto/crypto_engine.rst

-- 
2.13.6

[PATCH 2/6] crypto: engine - Permit to enqueue all async requests

[Corentin Labbe]

The crypto engine could actually only enqueue hash and ablkcipher request.
This patch permit it to enqueue any type of crypto_async_request.

Signed-off-by: Corentin Labbe 
---
 crypto/crypto_engine.c  | 230 
 include/crypto/engine.h |  59 +++--
 2 files changed, 148 insertions(+), 141 deletions(-)

diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index 61e7c4e02fd2..036270b61648 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -15,7 +15,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include "internal.h"
 
@@ -34,11 +33,10 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
 bool in_kthread)
 {
struct crypto_async_request *async_req, *backlog;
-   struct ahash_request *hreq;
-   struct ablkcipher_request *breq;
unsigned long flags;
bool was_busy = false;
-   int ret, rtype;
+   int ret;
+   struct crypto_engine_reqctx *enginectx;
 
spin_lock_irqsave(&engine->queue_lock, flags);
 
@@ -94,7 +92,6 @@ static void crypto_pump_requests(struct crypto_engine *engine,
 
spin_unlock_irqrestore(&engine->queue_lock, flags);
 
-   rtype = crypto_tfm_alg_type(engine->cur_req->tfm);
/* Until here we get the request need to be encrypted successfully */
if (!was_busy && engine->prepare_crypt_hardware) {
ret = engine->prepare_crypt_hardware(engine);
@@ -104,57 +101,31 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
}
}
 
-   switch (rtype) {
-   case CRYPTO_ALG_TYPE_AHASH:
-   hreq = ahash_request_cast(engine->cur_req);
-   if (engine->prepare_hash_request) {
-   ret = engine->prepare_hash_request(engine, hreq);
-   if (ret) {
-   dev_err(engine->dev, "failed to prepare 
request: %d\n",
-   ret);
-   goto req_err;
-   }
-   engine->cur_req_prepared = true;
-   }
-   ret = engine->hash_one_request(engine, hreq);
-   if (ret) {
-   dev_err(engine->dev, "failed to hash one request from 
queue\n");
-   goto req_err;
-   }
-   return;
-   case CRYPTO_ALG_TYPE_ABLKCIPHER:
-   breq = ablkcipher_request_cast(engine->cur_req);
-   if (engine->prepare_cipher_request) {
-   ret = engine->prepare_cipher_request(engine, breq);
-   if (ret) {
-   dev_err(engine->dev, "failed to prepare 
request: %d\n",
-   ret);
-   goto req_err;
-   }
-   engine->cur_req_prepared = true;
-   }
-   ret = engine->cipher_one_request(engine, breq);
+   enginectx = crypto_tfm_ctx(async_req->tfm);
+
+   if (enginectx->op.prepare_request) {
+   ret = enginectx->op.prepare_request(engine, async_req);
if (ret) {
-   dev_err(engine->dev, "failed to cipher one request from 
queue\n");
+   dev_err(engine->dev, "failed to prepare request: %d\n",
+   ret);
goto req_err;
}
-   return;
-   default:
-   dev_err(engine->dev, "failed to prepare request of unknown 
type\n");
-   return;
+   engine->cur_req_prepared = true;
+   }
+   if (!enginectx->op.do_one_request) {
+   dev_err(engine->dev, "failed to do request\n");
+   ret = -EINVAL;
+   goto req_err;
+   }
+   ret = enginectx->op.do_one_request(engine, async_req);
+   if (ret) {
+   dev_err(engine->dev, "Failed to do one request from queue: 
%d\n", ret);
+   goto req_err;
}
+   return;
 
 req_err:
-   switch (rtype) {
-   case CRYPTO_ALG_TYPE_AHASH:
-   hreq = ahash_request_cast(engine->cur_req);
-   crypto_finalize_hash_request(engine, hreq, ret);
-   break;
-   case CRYPTO_ALG_TYPE_ABLKCIPHER:
-   breq = ablkcipher_request_cast(engine->cur_req);
-   crypto_finalize_cipher_request(engine, breq, ret);
-   break;
-   }
+   crypto_finalize_request(engine, async_req, ret);
return;
 
 out:
@@ -170,13 +141,12 @@ static void crypto_pump_work(struct kthread_work *work)
 }
 
 /**
- * crypto_transfer_cipher_request - transfer the new request into the
- * enginequeue
+ * crypto_transfer_request - transfer the new request into the engine queue
  * @engine: the hardware engine
  * @req: the request need to be listed into the engine queue
  */
-int 

[PATCH 4/6] crypto: virtio: convert to new crypto engine API

[Corentin Labbe]

This patch convert the driver to the new crypto engine API.

Signed-off-by: Corentin Labbe 
---
 drivers/crypto/virtio/virtio_crypto_algs.c   | 10 +++---
 drivers/crypto/virtio/virtio_crypto_common.h |  3 +--
 drivers/crypto/virtio/virtio_crypto_core.c   |  3 ---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c 
b/drivers/crypto/virtio/virtio_crypto_algs.c
index abe8c15450df..060824a8ab0a 100644
--- a/drivers/crypto/virtio/virtio_crypto_algs.c
+++ b/drivers/crypto/virtio/virtio_crypto_algs.c
@@ -29,6 +29,7 @@
 
 
 struct virtio_crypto_ablkcipher_ctx {
+   struct crypto_engine_reqctx enginectx;
struct virtio_crypto *vcrypto;
struct crypto_tfm *tfm;
 
@@ -521,6 +522,9 @@ static int virtio_crypto_ablkcipher_init(struct crypto_tfm 
*tfm)
tfm->crt_ablkcipher.reqsize = sizeof(struct virtio_crypto_sym_request);
ctx->tfm = tfm;
 
+   ctx->enginectx.op.do_one_request = virtio_crypto_ablkcipher_crypt_req;
+   ctx->enginectx.op.prepare_request = NULL;
+   ctx->enginectx.op.unprepare_request = NULL;
return 0;
 }
 
@@ -538,9 +542,9 @@ static void virtio_crypto_ablkcipher_exit(struct crypto_tfm 
*tfm)
 }
 
 int virtio_crypto_ablkcipher_crypt_req(
-   struct crypto_engine *engine,
-   struct ablkcipher_request *req)
+   struct crypto_engine *engine, void *vreq)
 {
+   struct ablkcipher_request *req = container_of(vreq, struct 
ablkcipher_request, base);
struct virtio_crypto_sym_request *vc_sym_req =
ablkcipher_request_ctx(req);
struct virtio_crypto_request *vc_req = &vc_sym_req->base;
@@ -562,7 +566,7 @@ static void virtio_crypto_ablkcipher_finalize_req(
int err)
 {
crypto_finalize_cipher_request(vc_sym_req->base.dataq->engine,
-   req, err);
+  req, err);
kzfree(vc_sym_req->iv);
virtcrypto_clear_request(&vc_sym_req->base);
 }
diff --git a/drivers/crypto/virtio/virtio_crypto_common.h 
b/drivers/crypto/virtio/virtio_crypto_common.h
index e976539a05d9..72621bd67211 100644
--- a/drivers/crypto/virtio/virtio_crypto_common.h
+++ b/drivers/crypto/virtio/virtio_crypto_common.h
@@ -107,8 +107,7 @@ struct virtio_crypto *virtcrypto_get_dev_node(int node);
 int virtcrypto_dev_start(struct virtio_crypto *vcrypto);
 void virtcrypto_dev_stop(struct virtio_crypto *vcrypto);
 int virtio_crypto_ablkcipher_crypt_req(
-   struct crypto_engine *engine,
-   struct ablkcipher_request *req);
+   struct crypto_engine *engine, void *vreq);
 
 void
 virtcrypto_clear_request(struct virtio_crypto_request *vc_req);
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c 
b/drivers/crypto/virtio/virtio_crypto_core.c
index ff1410a32c2b..83326986c113 100644
--- a/drivers/crypto/virtio/virtio_crypto_core.c
+++ b/drivers/crypto/virtio/virtio_crypto_core.c
@@ -111,9 +111,6 @@ static int virtcrypto_find_vqs(struct virtio_crypto *vi)
ret = -ENOMEM;
goto err_engine;
}
-
-   vi->data_vq[i].engine->cipher_one_request =
-   virtio_crypto_ablkcipher_crypt_req;
}
 
kfree(names);
-- 
2.13.6

[PATCH 3/6] crypto: omap: convert to new crypto engine API

[Corentin Labbe]

This patch convert the driver to the new crypto engine API.

Signed-off-by: Corentin Labbe 
---
 drivers/crypto/omap-aes.c | 17 +
 drivers/crypto/omap-aes.h |  3 +++
 drivers/crypto/omap-des.c | 20 
 3 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index fbec0a2e76dd..518b94628166 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -414,8 +414,9 @@ static int omap_aes_handle_queue(struct omap_aes_dev *dd,
 }
 
 static int omap_aes_prepare_req(struct crypto_engine *engine,
-   struct ablkcipher_request *req)
+   void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
struct omap_aes_ctx *ctx = crypto_ablkcipher_ctx(
crypto_ablkcipher_reqtfm(req));
struct omap_aes_reqctx *rctx = ablkcipher_request_ctx(req);
@@ -468,8 +469,9 @@ static int omap_aes_prepare_req(struct crypto_engine 
*engine,
 }
 
 static int omap_aes_crypt_req(struct crypto_engine *engine,
- struct ablkcipher_request *req)
+ void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
struct omap_aes_reqctx *rctx = ablkcipher_request_ctx(req);
struct omap_aes_dev *dd = rctx->dd;
 
@@ -601,6 +603,11 @@ static int omap_aes_ctr_decrypt(struct ablkcipher_request 
*req)
return omap_aes_crypt(req, FLAGS_CTR);
 }
 
+static int omap_aes_prepare_req(struct crypto_engine *engine,
+   void *req);
+static int omap_aes_crypt_req(struct crypto_engine *engine,
+ void *req);
+
 static int omap_aes_cra_init(struct crypto_tfm *tfm)
 {
const char *name = crypto_tfm_alg_name(tfm);
@@ -616,6 +623,10 @@ static int omap_aes_cra_init(struct crypto_tfm *tfm)
 
tfm->crt_ablkcipher.reqsize = sizeof(struct omap_aes_reqctx);
 
+   ctx->enginectx.op.prepare_request = omap_aes_prepare_req;
+   ctx->enginectx.op.unprepare_request = NULL;
+   ctx->enginectx.op.do_one_request = omap_aes_crypt_req;
+
return 0;
 }
 
@@ -1119,8 +1130,6 @@ static int omap_aes_probe(struct platform_device *pdev)
goto err_engine;
}
 
-   dd->engine->prepare_cipher_request = omap_aes_prepare_req;
-   dd->engine->cipher_one_request = omap_aes_crypt_req;
err = crypto_engine_start(dd->engine);
if (err)
goto err_engine;
diff --git a/drivers/crypto/omap-aes.h b/drivers/crypto/omap-aes.h
index 8906342e2b9a..f6ce94907ade 100644
--- a/drivers/crypto/omap-aes.h
+++ b/drivers/crypto/omap-aes.h
@@ -13,6 +13,8 @@
 #ifndef __OMAP_AES_H__
 #define __OMAP_AES_H__
 
+#include 
+
 #define DST_MAXBURST   4
 #define DMA_MIN(DST_MAXBURST * sizeof(u32))
 
@@ -95,6 +97,7 @@ struct omap_aes_gcm_result {
 };
 
 struct omap_aes_ctx {
+   struct crypto_engine_reqctx enginectx;
int keylen;
u32 key[AES_KEYSIZE_256 / sizeof(u32)];
u8  nonce[4];
diff --git a/drivers/crypto/omap-des.c b/drivers/crypto/omap-des.c
index ebc5c0f11f03..c6a3b0490616 100644
--- a/drivers/crypto/omap-des.c
+++ b/drivers/crypto/omap-des.c
@@ -86,6 +86,7 @@
 #define FLAGS_OUT_DATA_ST_SHIFT10
 
 struct omap_des_ctx {
+   struct crypto_engine_reqctx enginectx;
struct omap_des_dev *dd;
 
int keylen;
@@ -526,8 +527,9 @@ static int omap_des_handle_queue(struct omap_des_dev *dd,
 }
 
 static int omap_des_prepare_req(struct crypto_engine *engine,
-   struct ablkcipher_request *req)
+   void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
struct omap_des_ctx *ctx = crypto_ablkcipher_ctx(
crypto_ablkcipher_reqtfm(req));
struct omap_des_dev *dd = omap_des_find_dev(ctx);
@@ -582,8 +584,9 @@ static int omap_des_prepare_req(struct crypto_engine 
*engine,
 }
 
 static int omap_des_crypt_req(struct crypto_engine *engine,
- struct ablkcipher_request *req)
+ void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
struct omap_des_ctx *ctx = crypto_ablkcipher_ctx(
crypto_ablkcipher_reqtfm(req));
struct omap_des_dev *dd = omap_des_find_dev(ctx);
@@ -695,12 +698,23 @@ static int omap_des_cbc_decrypt(struct ablkcipher_request 
*req)
return omap_des_crypt(req, FLAGS_CBC);
 }
 
+static int omap_des_prepare_req(struct crypto_engine *engine,
+   void *areq);
+static int omap_des_crypt_req(struct crypto_engine *engine,
+ vo

[PATCH 5/6] crypto: stm32-hash: convert to the new crypto engine API

[Corentin Labbe]

This patch convert the stm32-hash driver to the new crypto engine API.

Signed-off-by: Corentin Labbe 
---
 drivers/crypto/stm32/stm32-hash.c | 18 +-
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/stm32/stm32-hash.c 
b/drivers/crypto/stm32/stm32-hash.c
index 4ca4a264a833..9790c2c936c7 100644
--- a/drivers/crypto/stm32/stm32-hash.c
+++ b/drivers/crypto/stm32/stm32-hash.c
@@ -122,6 +122,7 @@ enum stm32_hash_data_format {
 #define HASH_DMA_THRESHOLD 50
 
 struct stm32_hash_ctx {
+   struct crypto_engine_reqctx enginectx;
struct stm32_hash_dev   *hdev;
unsigned long   flags;
 
@@ -828,6 +829,11 @@ static int stm32_hash_hw_init(struct stm32_hash_dev *hdev,
return 0;
 }
 
+static int stm32_hash_one_request(struct crypto_engine *engine,
+ void *areq);
+static int stm32_hash_prepare_req(struct crypto_engine *engine,
+ void *areq);
+
 static int stm32_hash_handle_queue(struct stm32_hash_dev *hdev,
   struct ahash_request *req)
 {
@@ -835,8 +841,9 @@ static int stm32_hash_handle_queue(struct stm32_hash_dev 
*hdev,
 }
 
 static int stm32_hash_prepare_req(struct crypto_engine *engine,
- struct ahash_request *req)
+ void *areq)
 {
+   struct ahash_request *req = container_of(areq, struct ahash_request, 
base);
struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx);
struct stm32_hash_request_ctx *rctx;
@@ -855,8 +862,9 @@ static int stm32_hash_prepare_req(struct crypto_engine 
*engine,
 }
 
 static int stm32_hash_one_request(struct crypto_engine *engine,
- struct ahash_request *req)
+ void *areq)
 {
+   struct ahash_request *req = container_of(areq, struct ahash_request, 
base);
struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx);
struct stm32_hash_request_ctx *rctx;
@@ -1033,6 +1041,9 @@ static int stm32_hash_cra_init_algs(struct crypto_tfm 
*tfm,
if (algs_hmac_name)
ctx->flags |= HASH_FLAGS_HMAC;
 
+   ctx->enginectx.op.do_one_request = stm32_hash_one_request;
+   ctx->enginectx.op.prepare_request = stm32_hash_prepare_req;
+   ctx->enginectx.op.unprepare_request = NULL;
return 0;
 }
 
@@ -1493,9 +1504,6 @@ static int stm32_hash_probe(struct platform_device *pdev)
goto err_engine;
}
 
-   hdev->engine->prepare_hash_request = stm32_hash_prepare_req;
-   hdev->engine->hash_one_request = stm32_hash_one_request;
-
ret = crypto_engine_start(hdev->engine);
if (ret)
goto err_engine_start;
-- 
2.13.6

[PATCH 6/6] crypto: stm32-cryp: convert to the new crypto engine API

[Corentin Labbe]

This patch convert the stm32-cryp driver to the new crypto engine API.
Signed-off-by: Corentin Labbe 
---
 drivers/crypto/stm32/stm32-cryp.c | 21 -
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/stm32/stm32-cryp.c 
b/drivers/crypto/stm32/stm32-cryp.c
index cf1dddbeaa2c..99e0473ef247 100644
--- a/drivers/crypto/stm32/stm32-cryp.c
+++ b/drivers/crypto/stm32/stm32-cryp.c
@@ -91,6 +91,7 @@
 #define _walked_out (cryp->out_walk.offset - cryp->out_sg->offset)
 
 struct stm32_cryp_ctx {
+   struct crypto_engine_reqctx enginectx;
struct stm32_cryp   *cryp;
int keylen;
u32 key[AES_KEYSIZE_256 / sizeof(u32)];
@@ -494,10 +495,20 @@ static int stm32_cryp_cpu_start(struct stm32_cryp *cryp)
return 0;
 }
 
+static int stm32_cryp_cipher_one_req(struct crypto_engine *engine,
+void *areq);
+static int stm32_cryp_prepare_cipher_req(struct crypto_engine *engine,
+void *areq);
+
 static int stm32_cryp_cra_init(struct crypto_tfm *tfm)
 {
+   struct stm32_cryp_ctx *ctx = crypto_tfm_ctx(tfm);
+
tfm->crt_ablkcipher.reqsize = sizeof(struct stm32_cryp_reqctx);
 
+   ctx->enginectx.op.do_one_request = stm32_cryp_cipher_one_req;
+   ctx->enginectx.op.prepare_request = stm32_cryp_prepare_cipher_req;
+   ctx->enginectx.op.unprepare_request = NULL;
return 0;
 }
 
@@ -695,14 +706,17 @@ static int stm32_cryp_prepare_req(struct crypto_engine 
*engine,
 }
 
 static int stm32_cryp_prepare_cipher_req(struct crypto_engine *engine,
-struct ablkcipher_request *req)
+void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
+
return stm32_cryp_prepare_req(engine, req);
 }
 
 static int stm32_cryp_cipher_one_req(struct crypto_engine *engine,
-struct ablkcipher_request *req)
+void *areq)
 {
+   struct ablkcipher_request *req = container_of(areq, struct 
ablkcipher_request, base);
struct stm32_cryp_ctx *ctx = crypto_ablkcipher_ctx(
crypto_ablkcipher_reqtfm(req));
struct stm32_cryp *cryp = ctx->cryp;
@@ -1104,9 +1118,6 @@ static int stm32_cryp_probe(struct platform_device *pdev)
goto err_engine1;
}
 
-   cryp->engine->prepare_cipher_request = stm32_cryp_prepare_cipher_req;
-   cryp->engine->cipher_one_request = stm32_cryp_cipher_one_req;
-
ret = crypto_engine_start(cryp->engine);
if (ret) {
dev_err(dev, "Could not start crypto engine\n");
-- 
2.13.6

Re: general protection fault in blkcipher_walk_done (2)

[Eric Biggers]

On Wed, Jan 03, 2018 at 12:58:02AM -0800, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on
> 72bca2084a21edda74b802bc076083d5951f67b4
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
> 
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+9da652f470afd0313...@syzkaller.appspotmail.com
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
> 
> audit: type=1400 audit(1514967540.602:7): avc:  denied  { map } for
> pid=3499 comm="syzkaller241446" path="/root/syzkaller241446574"
> dev="sda1" ino=16481
> scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
> permissive=1
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault:  [#1] SMP KASAN
> Dumping ftrace buffer:
>(ftrace buffer empty)
> Modules linked in:
> CPU: 1 PID: 3499 Comm: syzkaller241446 Not tainted 4.15.0-rc5+ #173
> Hardware name: Google Google Compute Engine/Google Compute Engine,
> BIOS Google 01/01/2011
> RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline]
> RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
> RIP: 0010:scatterwalk_done include/crypto/scatterwalk.h:119 [inline]
> RIP: 0010:blkcipher_walk_done+0x300/0xde0 crypto/blkcipher.c:124
> RSP: 0018:8801c027f340 EFLAGS: 00010202
> RAX:  RBX: a74a7bf1 RCX: 0001
> RDX: dc00 RSI: 0400 RDI: 0008
> RBP: 8801c027f390 R08: f8f8 R09: 
> R10: 0003 R11:  R12: 8801c027f640
> R13: 8801c027f4f0 R14: 8801c027f538 R15: 8801c027f518
> FS:  01046880() GS:8801db30() knlGS:
> CS:  0010 DS:  ES:  CR0: 80050033
> CR2: 201c9000 CR3: 0001c09f5005 CR4: 001606e0
> DR0:  DR1:  DR2: 
> DR3:  DR6: fffe0ff0 DR7: 0400
> Call Trace:
>  glue_ctr_crypt_128bit+0x597/0xc20 arch/x86/crypto/glue_helper.c:289
>  ctr_crypt+0x34/0x40 arch/x86/crypto/serpent_avx2_glue.c:168
>  __ablk_encrypt+0x1d1/0x2d0 crypto/ablk_helper.c:64
>  ablk_encrypt+0x23e/0x2c0 crypto/ablk_helper.c:84
>  skcipher_crypt_ablkcipher crypto/skcipher.c:712 [inline]
>  skcipher_decrypt_ablkcipher+0x312/0x420 crypto/skcipher.c:730
>  crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline]
>  chacha_decrypt crypto/chacha20poly1305.c:152 [inline]
>  poly_tail_continue+0x42a/0x6b0 crypto/chacha20poly1305.c:167
>  poly_tail+0x40f/0x520 crypto/chacha20poly1305.c:201
>  poly_cipherpad+0x33e/0x470 crypto/chacha20poly1305.c:231
>  poly_cipher+0x303/0x440 crypto/chacha20poly1305.c:262
>  poly_adpad+0x347/0x480 crypto/chacha20poly1305.c:292
>  poly_ad+0x25c/0x300 crypto/chacha20poly1305.c:316
>  poly_setkey+0x2fc/0x3e0 crypto/chacha20poly1305.c:343
>  poly_init+0x16c/0x1d0 crypto/chacha20poly1305.c:366
>  poly_genkey+0x422/0x590 crypto/chacha20poly1305.c:406
>  chachapoly_decrypt+0x73/0x90 crypto/chacha20poly1305.c:488
>  crypto_aead_decrypt include/crypto/aead.h:362 [inline]
>  _aead_recvmsg crypto/algif_aead.c:314 [inline]
>  aead_recvmsg+0x154a/0x1cf0 crypto/algif_aead.c:335
>  sock_recvmsg_nosec net/socket.c:801 [inline]
>  sock_recvmsg+0xc9/0x110 net/socket.c:808
>  ___sys_recvmsg+0x2a4/0x640 net/socket.c:2177
>  __sys_recvmsg+0xe2/0x210 net/socket.c:
>  SYSC_recvmsg net/socket.c:2234 [inline]
>  SyS_recvmsg+0x2d/0x50 net/socket.c:2229
>  entry_SYSCALL_64_fastpath+0x23/0x9a
> RIP: 0033:0x43ff19
> RSP: 002b:7ffce23dfc18 EFLAGS: 0217 ORIG_RAX: 002f
> RAX: ffda RBX:  RCX: 0043ff19
> RDX:  RSI: 20318fc8 RDI: 0004
> RBP: 006ca018 R08:  R09: 
> R10:  R11: 0217 R12: 00401880
> R13: 00401910 R14:  R15: 
> Code: 00 fc ff df 48 c1 e9 03 80 3c 11 00 0f 85 7a 09 00 00 48 8d 78
> 08 48 ba 00 00 00 00 00 fc ff df 49 89 45 20 48 89 f9 48 c1 e9 03
> <0f> b6 14 11 84 d2 74 09 80 fa 03 0f 8e 3e 09 00 00 4c 89 f9 8b
> RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP:
> 8801c027f340
> RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
> RSP: 8801c027f340
> RIP: scatterwalk_done include/crypto/scatterwalk.h:119 [inline] RSP:
> 8801c027f340
> RIP: blkcipher_walk_done+0x300/0xde0 crypto/blkcipher.c:124 RSP:
> 8801c027f340
> ---

[RFC PATCH 8/9] crypto: skcipher - prevent using skciphers without setting key

[Eric Biggers]

From: Eric Biggers 

Similar to what was done for the hash API, update the skcipher API to
track whether each transform has been keyed, and reject
encryption/decryption if a key is needed but one hasn't been set.

This isn't as important as the equivalent fix for the hash API because
symmetric ciphers almost always require a key (the "null cipher" is the
only exception), so are unlikely to be used without one.  Still,
tracking the key will prevent accidental unkeyed use.  algif_skcipher
also had to track the key anyway, so the new flag replaces that and
simplifies the algif_skcipher implementation.

Signed-off-by: Eric Biggers 
---
 crypto/algif_skcipher.c   | 59 +++
 crypto/skcipher.c | 30 
 include/crypto/skcipher.h | 11 +
 3 files changed, 45 insertions(+), 55 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index c5c47b680152..c88e5e4cd6a6 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -38,11 +38,6 @@
 #include 
 #include 
 
-struct skcipher_tfm {
-   struct crypto_skcipher *skcipher;
-   bool has_key;
-};
-
 static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
size_t size)
 {
@@ -50,8 +45,7 @@ static int skcipher_sendmsg(struct socket *sock, struct 
msghdr *msg,
struct alg_sock *ask = alg_sk(sk);
struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk);
-   struct skcipher_tfm *skc = pask->private;
-   struct crypto_skcipher *tfm = skc->skcipher;
+   struct crypto_skcipher *tfm = pask->private;
unsigned ivsize = crypto_skcipher_ivsize(tfm);
 
return af_alg_sendmsg(sock, msg, size, ivsize);
@@ -65,8 +59,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct 
msghdr *msg,
struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk);
struct af_alg_ctx *ctx = ask->private;
-   struct skcipher_tfm *skc = pask->private;
-   struct crypto_skcipher *tfm = skc->skcipher;
+   struct crypto_skcipher *tfm = pask->private;
unsigned int bs = crypto_skcipher_blocksize(tfm);
struct af_alg_async_req *areq;
int err = 0;
@@ -221,7 +214,7 @@ static int skcipher_check_key(struct socket *sock)
int err = 0;
struct sock *psk;
struct alg_sock *pask;
-   struct skcipher_tfm *tfm;
+   struct crypto_skcipher *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
@@ -235,7 +228,7 @@ static int skcipher_check_key(struct socket *sock)
 
err = -ENOKEY;
lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
-   if (!tfm->has_key)
+   if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
goto unlock;
 
if (!pask->refcnt++)
@@ -314,41 +307,17 @@ static struct proto_ops algif_skcipher_ops_nokey = {
 
 static void *skcipher_bind(const char *name, u32 type, u32 mask)
 {
-   struct skcipher_tfm *tfm;
-   struct crypto_skcipher *skcipher;
-
-   tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
-   if (!tfm)
-   return ERR_PTR(-ENOMEM);
-
-   skcipher = crypto_alloc_skcipher(name, type, mask);
-   if (IS_ERR(skcipher)) {
-   kfree(tfm);
-   return ERR_CAST(skcipher);
-   }
-
-   tfm->skcipher = skcipher;
-
-   return tfm;
+   return crypto_alloc_skcipher(name, type, mask);
 }
 
 static void skcipher_release(void *private)
 {
-   struct skcipher_tfm *tfm = private;
-
-   crypto_free_skcipher(tfm->skcipher);
-   kfree(tfm);
+   crypto_free_skcipher(private);
 }
 
 static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
 {
-   struct skcipher_tfm *tfm = private;
-   int err;
-
-   err = crypto_skcipher_setkey(tfm->skcipher, key, keylen);
-   tfm->has_key = !err;
-
-   return err;
+   return crypto_skcipher_setkey(private, key, keylen);
 }
 
 static void skcipher_sock_destruct(struct sock *sk)
@@ -357,8 +326,7 @@ static void skcipher_sock_destruct(struct sock *sk)
struct af_alg_ctx *ctx = ask->private;
struct sock *psk = ask->parent;
struct alg_sock *pask = alg_sk(psk);
-   struct skcipher_tfm *skc = pask->private;
-   struct crypto_skcipher *tfm = skc->skcipher;
+   struct crypto_skcipher *tfm = pask->private;
 
af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
@@ -370,22 +338,21 @@ static int skcipher_accept_parent_nokey(void *private, 
struct sock *sk)
 {
struct af_alg_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
-   struct skcipher_tfm *tfm = private;
-   struct crypto_skcipher *skcipher = tfm->skcipher;
+   struct crypto_skcipher *tfm = private;
unsigned int len = sizeof(*ctx);
 
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)

[RFC PATCH 7/9] crypto: ghash - remove checks for key being set

[Eric Biggers]

From: Eric Biggers 

Now that the crypto API prevents a keyed hash from being used without
setting the key, there's no need for GHASH to do this check itself.

Signed-off-by: Eric Biggers 
---
 crypto/ghash-generic.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index 12ad3e3a84e3..1bffb3f712dd 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -56,9 +56,6 @@ static int ghash_update(struct shash_desc *desc,
struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
u8 *dst = dctx->buffer;
 
-   if (!ctx->gf128)
-   return -ENOKEY;
-
if (dctx->bytes) {
int n = min(srclen, dctx->bytes);
u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
@@ -111,9 +108,6 @@ static int ghash_final(struct shash_desc *desc, u8 *dst)
struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
u8 *buf = dctx->buffer;
 
-   if (!ctx->gf128)
-   return -ENOKEY;
-
ghash_flush(ctx, dctx);
memcpy(dst, buf, GHASH_BLOCK_SIZE);
 
-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 6/9] crypto: hash - prevent using keyed hashes without setting key

[Eric Biggers]

From: Eric Biggers 

Currently, almost none of the keyed hash algorithms check whether a key
has been set before proceeding.  Some algorithms are okay with this and
will effectively just use a key of all 0's or some other bogus default.
However, others will severely break, as demonstrated using
"hmac(sha3-512-generic)", the unkeyed use of which causes a kernel crash
via a (potentially exploitable) stack buffer overflow.

A while ago, this problem was solved for AF_ALG by pairing each hash
transform with a 'has_key' bool.  However, there are still other places
in the kernel where userspace can specify an arbitrary hash algorithm by
name, and the kernel uses it as unkeyed hash without checking whether it
is really unkeyed.  Examples of this include:

- KEYCTL_DH_COMPUTE, via the KDF extension
- dm-verity
- dm-crypt, via the ESSIV support
- dm-integrity, via the "internal hash" mode with no key given
- drbd (Distributed Replicated Block Device)

This bug is especially bad for KEYCTL_DH_COMPUTE as that requires no
privileges to call.

Fix the bug for all users by adding a flag CRYPTO_TFM_NEED_KEY to the
->crt_flags of each hash transform that indicates whether the transform
still needs to be keyed or not.  Then, make the hash init, import, and
digest functions return -ENOKEY if the key is still needed.

The new flag also replaces the 'has_key' bool which algif_hash was
previously using, thereby simplifying the algif_hash implementation.

Reported-by: syzbot 
Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 crypto/ahash.c | 22 -
 crypto/algif_hash.c| 52 +++---
 crypto/shash.c | 25 
 include/crypto/hash.h  | 34 +++--
 include/linux/crypto.h |  2 ++
 5 files changed, 75 insertions(+), 60 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index d2c8895bb2fe..266fc1d64f61 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -193,11 +193,18 @@ int crypto_ahash_setkey(struct crypto_ahash *tfm, const 
u8 *key,
unsigned int keylen)
 {
unsigned long alignmask = crypto_ahash_alignmask(tfm);
+   int err;
 
if ((unsigned long)key & alignmask)
-   return ahash_setkey_unaligned(tfm, key, keylen);
+   err = ahash_setkey_unaligned(tfm, key, keylen);
+   else
+   err = tfm->setkey(tfm, key, keylen);
+
+   if (err)
+   return err;
 
-   return tfm->setkey(tfm, key, keylen);
+   crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
+   return 0;
 }
 EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
 
@@ -368,7 +375,12 @@ EXPORT_SYMBOL_GPL(crypto_ahash_finup);
 
 int crypto_ahash_digest(struct ahash_request *req)
 {
-   return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->digest);
+   struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+
+   if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+   return -ENOKEY;
+
+   return crypto_ahash_op(req, tfm->digest);
 }
 EXPORT_SYMBOL_GPL(crypto_ahash_digest);
 
@@ -450,7 +462,6 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
struct ahash_alg *alg = crypto_ahash_alg(hash);
 
hash->setkey = ahash_nosetkey;
-   hash->has_setkey = false;
hash->export = ahash_no_export;
hash->import = ahash_no_import;
 
@@ -465,7 +476,8 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
 
if (alg->setkey) {
hash->setkey = alg->setkey;
-   hash->has_setkey = true;
+   if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+   crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
}
if (alg->export)
hash->export = alg->export;
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 76d2e716c792..6c9b1927a520 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -34,11 +34,6 @@ struct hash_ctx {
struct ahash_request req;
 };
 
-struct algif_hash_tfm {
-   struct crypto_ahash *hash;
-   bool has_key;
-};
-
 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
 {
unsigned ds;
@@ -307,7 +302,7 @@ static int hash_check_key(struct socket *sock)
int err = 0;
struct sock *psk;
struct alg_sock *pask;
-   struct algif_hash_tfm *tfm;
+   struct crypto_ahash *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
 
@@ -321,7 +316,7 @@ static int hash_check_key(struct socket *sock)
 
err = -ENOKEY;
lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
-   if (!tfm->has_key)
+   if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
goto unlock;
 
if (!pask->refcnt++)
@@ -412,41 +407,17 @@ static struct proto_ops algif_hash_ops_nokey = {
 
 static void *hash_bind(const char *name, u32 type, u32 mask)
 {
-   struct a

[RFC PATCH 5/9] crypto: hash - annotate algorithms taking optional key

[Eric Biggers]

From: Eric Biggers 

We need to consistently enforce that keyed hashes cannot be used without
setting the key.  To do this we need a reliable way to determine whether
a given hash algorithm is keyed or not.  AF_ALG currently does this by
checking for the presence of a ->setkey() method.  However, this is
actually slightly broken because the CRC-32 algorithms implement
->setkey() but can also be used without a key.  (The CRC-32 "key" is not
actually a cryptographic key but rather represents the initial state.
If not overridden, then a default initial state is used.)

Prepare to fix this by introducing a flag CRYPTO_ALG_OPTIONAL_KEY which
indicates that the algorithm has a ->setkey() method, but it is not
required to be called.  Then set it on all the CRC-32 algorithms.

The same also applies to the Adler-32 implementation in Lustre.

Also, the cryptd and mcryptd templates have to pass through the flag
from their underlying algorithm.

Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 arch/arm/crypto/crc32-ce-glue.c   | 2 ++
 arch/arm64/crypto/crc32-ce-glue.c | 2 ++
 arch/powerpc/crypto/crc32c-vpmsum_glue.c  | 1 +
 arch/s390/crypto/crc32-vx.c   | 3 +++
 arch/sparc/crypto/crc32c_glue.c   | 1 +
 arch/x86/crypto/crc32-pclmul_glue.c   | 1 +
 arch/x86/crypto/crc32c-intel_glue.c   | 1 +
 crypto/crc32_generic.c| 1 +
 crypto/crc32c_generic.c   | 1 +
 crypto/cryptd.c   | 7 +++
 crypto/mcryptd.c  | 7 +++
 drivers/crypto/bfin_crc.c | 3 ++-
 drivers/crypto/stm32/stm32_crc32.c| 2 ++
 drivers/staging/lustre/lnet/libcfs/linux/linux-crypto-adler.c | 1 +
 include/linux/crypto.h| 6 ++
 15 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/arch/arm/crypto/crc32-ce-glue.c b/arch/arm/crypto/crc32-ce-glue.c
index 1b0e0e86ee9c..96e62ec105d0 100644
--- a/arch/arm/crypto/crc32-ce-glue.c
+++ b/arch/arm/crypto/crc32-ce-glue.c
@@ -188,6 +188,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
.base.cra_name  = "crc32",
.base.cra_driver_name   = "crc32-arm-ce",
.base.cra_priority  = 200,
+   .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.base.cra_blocksize = 1,
.base.cra_module= THIS_MODULE,
 }, {
@@ -203,6 +204,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
.base.cra_name  = "crc32c",
.base.cra_driver_name   = "crc32c-arm-ce",
.base.cra_priority  = 200,
+   .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.base.cra_blocksize = 1,
.base.cra_module= THIS_MODULE,
 } };
diff --git a/arch/arm64/crypto/crc32-ce-glue.c 
b/arch/arm64/crypto/crc32-ce-glue.c
index 624f4137918c..34b4e3d46aab 100644
--- a/arch/arm64/crypto/crc32-ce-glue.c
+++ b/arch/arm64/crypto/crc32-ce-glue.c
@@ -185,6 +185,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
.base.cra_name  = "crc32",
.base.cra_driver_name   = "crc32-arm64-ce",
.base.cra_priority  = 200,
+   .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.base.cra_blocksize = 1,
.base.cra_module= THIS_MODULE,
 }, {
@@ -200,6 +201,7 @@ static struct shash_alg crc32_pmull_algs[] = { {
.base.cra_name  = "crc32c",
.base.cra_driver_name   = "crc32c-arm64-ce",
.base.cra_priority  = 200,
+   .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
.base.cra_blocksize = 1,
.base.cra_module= THIS_MODULE,
 } };
diff --git a/arch/powerpc/crypto/crc32c-vpmsum_glue.c 
b/arch/powerpc/crypto/crc32c-vpmsum_glue.c
index f058e0c3e4d4..fd1d6c83f0c0 100644
--- a/arch/powerpc/crypto/crc32c-vpmsum_glue.c
+++ b/arch/powerpc/crypto/crc32c-vpmsum_glue.c
@@ -141,6 +141,7 @@ static struct shash_alg alg = {
.cra_name   = "crc32c",
.cra_driver_name= "crc32c-vpmsum",
.cra_priority   = 200,
+   .cra_flags  = CRYPTO_ALG_OPTIONAL_KEY,
.cra_blocksize  = CHKSUM_BLOCK_SIZE,
.cra_ctxsize= sizeof(u32),
.cra_module = THIS_MODULE,
diff --git a/arch/s390/crypto/crc32-vx.c b/arch/s390/crypto/crc32-vx.c
index 436865926c26..423ee05887e6 100644
--- a/arch/s390/crypto/crc32-vx.c
+++ b/arch/s390/crypto/crc32-vx.c
@@ -239,6 +239,7 @@ static struct shash_alg crc32_vx_algs[] = {
.cra_name= "crc32",
.cra_driver_name = "crc32-vx",
.cra_priority=

[RFC PATCH 4/9] crypto: poly1305 - remove ->setkey() method

[Eric Biggers]

From: Eric Biggers 

Since Poly1305 requires a nonce per invocation, the Linux kernel
implementations of Poly1305 don't use the crypto API's keying mechanism
and instead expect the key and nonce as the first 32 bytes of the data.
But ->setkey() is still defined as a stub returning an error code.  This
prevents Poly1305 from being used through AF_ALG and will also break it
completely once we start enforcing that all crypto API users (not just
AF_ALG) call ->setkey() if present.

Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL.

Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 arch/x86/crypto/poly1305_glue.c |  1 -
 crypto/poly1305_generic.c   | 17 +
 include/crypto/poly1305.h   |  2 --
 3 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/arch/x86/crypto/poly1305_glue.c b/arch/x86/crypto/poly1305_glue.c
index e32142bc071d..28c372003e44 100644
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -164,7 +164,6 @@ static struct shash_alg alg = {
.init   = poly1305_simd_init,
.update = poly1305_simd_update,
.final  = crypto_poly1305_final,
-   .setkey = crypto_poly1305_setkey,
.descsize   = sizeof(struct poly1305_simd_desc_ctx),
.base   = {
.cra_name   = "poly1305",
diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index b1c2d57dc734..ba39eb308c79 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -47,17 +47,6 @@ int crypto_poly1305_init(struct shash_desc *desc)
 }
 EXPORT_SYMBOL_GPL(crypto_poly1305_init);
 
-int crypto_poly1305_setkey(struct crypto_shash *tfm,
-  const u8 *key, unsigned int keylen)
-{
-   /* Poly1305 requires a unique key for each tag, which implies that
-* we can't set it on the tfm that gets accessed by multiple users
-* simultaneously. Instead we expect the key as the first 32 bytes in
-* the update() call. */
-   return -ENOTSUPP;
-}
-EXPORT_SYMBOL_GPL(crypto_poly1305_setkey);
-
 static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key)
 {
/* r &= 0xffc0ffc0ffc0fff */
@@ -76,6 +65,11 @@ static void poly1305_setskey(struct poly1305_desc_ctx *dctx, 
const u8 *key)
dctx->s[3] = get_unaligned_le32(key + 12);
 }
 
+/*
+ * Poly1305 requires a unique key for each tag, which implies that we can't set
+ * it on the tfm that gets accessed by multiple users simultaneously. Instead 
we
+ * expect the key as the first 32 bytes in the update() call.
+ */
 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
const u8 *src, unsigned int srclen)
 {
@@ -281,7 +275,6 @@ static struct shash_alg poly1305_alg = {
.init   = crypto_poly1305_init,
.update = crypto_poly1305_update,
.final  = crypto_poly1305_final,
-   .setkey = crypto_poly1305_setkey,
.descsize   = sizeof(struct poly1305_desc_ctx),
.base   = {
.cra_name   = "poly1305",
diff --git a/include/crypto/poly1305.h b/include/crypto/poly1305.h
index c65567d01e8e..f718a19da82f 100644
--- a/include/crypto/poly1305.h
+++ b/include/crypto/poly1305.h
@@ -31,8 +31,6 @@ struct poly1305_desc_ctx {
 };
 
 int crypto_poly1305_init(struct shash_desc *desc);
-int crypto_poly1305_setkey(struct crypto_shash *tfm,
-  const u8 *key, unsigned int keylen);
 unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
const u8 *src, unsigned int srclen);
 int crypto_poly1305_update(struct shash_desc *desc,
-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 9/9] crypto: aead - prevent using AEADs without setting key

[Eric Biggers]

From: Eric Biggers 

Similar to what was done for the hash API, update the AEAD API to track
whether each transform has been keyed, and reject encryption/decryption
if a key is needed but one hasn't been set.

This isn't quite as important as the equivalent fix for the hash API
because AEADs always require a key, so are unlikely to be used without
one.  Still, tracking the key will prevent accidental unkeyed use.
algif_aead also had to track the key anyway, so the new flag replaces
that and slightly simplifies the algif_aead implementation.

Signed-off-by: Eric Biggers 
---
 crypto/aead.c | 13 +++--
 crypto/algif_aead.c   | 11 +++
 include/crypto/aead.h | 10 +-
 3 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/crypto/aead.c b/crypto/aead.c
index fe00cbd7243d..60b3bbe973e7 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -54,11 +54,18 @@ int crypto_aead_setkey(struct crypto_aead *tfm,
   const u8 *key, unsigned int keylen)
 {
unsigned long alignmask = crypto_aead_alignmask(tfm);
+   int err;
 
if ((unsigned long)key & alignmask)
-   return setkey_unaligned(tfm, key, keylen);
+   err = setkey_unaligned(tfm, key, keylen);
+   else
+   err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
+
+   if (err)
+   return err;
 
-   return crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
+   crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
+   return 0;
 }
 EXPORT_SYMBOL_GPL(crypto_aead_setkey);
 
@@ -93,6 +100,8 @@ static int crypto_aead_init_tfm(struct crypto_tfm *tfm)
struct crypto_aead *aead = __crypto_aead_cast(tfm);
struct aead_alg *alg = crypto_aead_alg(aead);
 
+   crypto_aead_set_flags(aead, CRYPTO_TFM_NEED_KEY);
+
aead->authsize = alg->maxauthsize;
 
if (alg->exit)
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index d963c8cf8a55..4b07edd5a9ff 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -42,7 +42,6 @@
 
 struct aead_tfm {
struct crypto_aead *aead;
-   bool has_key;
struct crypto_skcipher *null_tfm;
 };
 
@@ -398,7 +397,7 @@ static int aead_check_key(struct socket *sock)
 
err = -ENOKEY;
lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
-   if (!tfm->has_key)
+   if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
goto unlock;
 
if (!pask->refcnt++)
@@ -523,12 +522,8 @@ static int aead_setauthsize(void *private, unsigned int 
authsize)
 static int aead_setkey(void *private, const u8 *key, unsigned int keylen)
 {
struct aead_tfm *tfm = private;
-   int err;
-
-   err = crypto_aead_setkey(tfm->aead, key, keylen);
-   tfm->has_key = !err;
 
-   return err;
+   return crypto_aead_setkey(tfm->aead, key, keylen);
 }
 
 static void aead_sock_destruct(struct sock *sk)
@@ -589,7 +584,7 @@ static int aead_accept_parent(void *private, struct sock 
*sk)
 {
struct aead_tfm *tfm = private;
 
-   if (!tfm->has_key)
+   if (crypto_aead_get_flags(tfm->aead) & CRYPTO_TFM_NEED_KEY)
return -ENOKEY;
 
return aead_accept_parent_nokey(private, sk);
diff --git a/include/crypto/aead.h b/include/crypto/aead.h
index 03b97629442c..1e26f790b03f 100644
--- a/include/crypto/aead.h
+++ b/include/crypto/aead.h
@@ -327,7 +327,12 @@ static inline struct crypto_aead 
*crypto_aead_reqtfm(struct aead_request *req)
  */
 static inline int crypto_aead_encrypt(struct aead_request *req)
 {
-   return crypto_aead_alg(crypto_aead_reqtfm(req))->encrypt(req);
+   struct crypto_aead *aead = crypto_aead_reqtfm(req);
+
+   if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+   return -ENOKEY;
+
+   return crypto_aead_alg(aead)->encrypt(req);
 }
 
 /**
@@ -356,6 +361,9 @@ static inline int crypto_aead_decrypt(struct aead_request 
*req)
 {
struct crypto_aead *aead = crypto_aead_reqtfm(req);
 
+   if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+   return -ENOKEY;
+
if (req->cryptlen < crypto_aead_authsize(aead))
return -EINVAL;
 
-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 3/9] crypto: mcryptd - pass through absence of ->setkey()

[Eric Biggers]

From: Eric Biggers 

When the mcryptd template is used to wrap an unkeyed hash algorithm,
don't install a ->setkey() method to the mcryptd instance.  This change
is necessary for mcryptd to keep working with unkeyed hash algorithms
once we start enforcing that ->setkey() is called when present.

Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 crypto/mcryptd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c
index 2908382861ee..ace346b976b3 100644
--- a/crypto/mcryptd.c
+++ b/crypto/mcryptd.c
@@ -534,7 +534,8 @@ static int mcryptd_create_hash(struct crypto_template 
*tmpl, struct rtattr **tb,
inst->alg.finup  = mcryptd_hash_finup_enqueue;
inst->alg.export = mcryptd_hash_export;
inst->alg.import = mcryptd_hash_import;
-   inst->alg.setkey = mcryptd_hash_setkey;
+   if (crypto_hash_alg_has_setkey(halg))
+   inst->alg.setkey = mcryptd_hash_setkey;
inst->alg.digest = mcryptd_hash_digest_enqueue;
 
err = ahash_register_instance(tmpl, inst);
-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 0/9] crypto: prevent unkeyed use of keyed algorithms

[Eric Biggers]

From: Eric Biggers 

This series updates the crypto API to consistently prevent using keyed
algorithms without setting the key.  Currently this is prevented for
AF_ALG but not for other crypto API users, which is very problematic for
other places in the kernel where userspace can specify a hash algorithm
by name, e.g. KEYCTL_DH_COMPUTE as demonstrated by syzbot
(https://marc.info/?l=linux-crypto-vger&m=151395810921850).

This series fixes the bug for all users by adding a flag
CRYPTO_ALG_NEED_KEY to crypto_tfm.crt_flags.  This flag is set if needed
when the tfm is created, is cleared when the key is set, and is checked
when doing an operation that would require the key.

Patches 1-6 update the hash API, which is the primary fix.  I've marked
all those patches for stable, which is kind of a pain, but it seems the
alternative would be very messy -- we'd have to patch at least 5
different crypto API users (probably missing some), then revert those
patches upstream once we have the proper fix at the API level.

The last two patches also extend the fix to the skcipher and AEAD APIs,
primarily as a sanity check since users should be less likely to try to
use skciphers or AEADs without setting a key.

Eric Biggers (9):
  crypto: hash - introduce crypto_hash_alg_has_setkey()
  crypto: cryptd - pass through absence of ->setkey()
  crypto: mcryptd - pass through absence of ->setkey()
  crypto: poly1305 - remove ->setkey() method
  crypto: hash - annotate algorithms taking optional key
  crypto: hash - prevent using keyed hashes without setting key
  crypto: ghash - remove checks for key being set
  crypto: skcipher - prevent using skciphers without setting key
  crypto: aead - prevent using AEADs without setting key

 arch/arm/crypto/crc32-ce-glue.c|  2 +
 arch/arm64/crypto/crc32-ce-glue.c  |  2 +
 arch/powerpc/crypto/crc32c-vpmsum_glue.c   |  1 +
 arch/s390/crypto/crc32-vx.c|  3 ++
 arch/sparc/crypto/crc32c_glue.c|  1 +
 arch/x86/crypto/crc32-pclmul_glue.c|  1 +
 arch/x86/crypto/crc32c-intel_glue.c|  1 +
 arch/x86/crypto/poly1305_glue.c|  1 -
 crypto/aead.c  | 13 -
 crypto/ahash.c | 33 ++--
 crypto/algif_aead.c| 11 ++--
 crypto/algif_hash.c| 52 ---
 crypto/algif_skcipher.c| 59 +-
 crypto/crc32_generic.c |  1 +
 crypto/crc32c_generic.c|  1 +
 crypto/cryptd.c| 10 ++--
 crypto/ghash-generic.c |  6 ---
 crypto/mcryptd.c   | 10 ++--
 crypto/poly1305_generic.c  | 17 ++-
 crypto/shash.c | 25 +++--
 crypto/skcipher.c  | 30 +--
 drivers/crypto/bfin_crc.c  |  3 +-
 drivers/crypto/stm32/stm32_crc32.c |  2 +
 .../lustre/lnet/libcfs/linux/linux-crypto-adler.c  |  1 +
 include/crypto/aead.h  | 10 +++-
 include/crypto/hash.h  | 34 +
 include/crypto/internal/hash.h |  2 +
 include/crypto/poly1305.h  |  2 -
 include/crypto/skcipher.h  | 11 ++--
 include/linux/crypto.h |  8 +++
 30 files changed, 195 insertions(+), 158 deletions(-)

-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 1/9] crypto: hash - introduce crypto_hash_alg_has_setkey()

[Eric Biggers]

From: Eric Biggers 

Templates that use an shash spawn can use crypto_shash_alg_has_setkey()
to determine whether the underlying algorithm requires a key or not.
But there was no corresponding function for ahash spawns.  Add it.

Note that the new function actually has to support both shash and ahash
algorithms, since the ahash API can be used with either.

Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 crypto/ahash.c | 11 +++
 include/crypto/internal/hash.h |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 3a35d67de7d9..d2c8895bb2fe 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -649,5 +649,16 @@ struct hash_alg_common *ahash_attr_alg(struct rtattr *rta, 
u32 type, u32 mask)
 }
 EXPORT_SYMBOL_GPL(ahash_attr_alg);
 
+bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg)
+{
+   struct crypto_alg *alg = &halg->base;
+
+   if (alg->cra_type != &crypto_ahash_type)
+   return crypto_shash_alg_has_setkey(__crypto_shash_alg(alg));
+
+   return __crypto_ahash_alg(alg)->setkey != NULL;
+}
+EXPORT_SYMBOL_GPL(crypto_hash_alg_has_setkey);
+
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Asynchronous cryptographic hash type");
diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h
index c2bae8da642c..27040a46d50a 100644
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -90,6 +90,8 @@ static inline bool crypto_shash_alg_has_setkey(struct 
shash_alg *alg)
return alg->setkey != shash_no_setkey;
 }
 
+bool crypto_hash_alg_has_setkey(struct hash_alg_common *halg);
+
 int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn,
struct hash_alg_common *alg,
struct crypto_instance *inst);
-- 
2.15.1.620.gb9897f4670-goog

[RFC PATCH 2/9] crypto: cryptd - pass through absence of ->setkey()

[Eric Biggers]

From: Eric Biggers 

When the cryptd template is used to wrap an unkeyed hash algorithm,
don't install a ->setkey() method to the cryptd instance.  This change
is necessary for cryptd to keep working with unkeyed hash algorithms
once we start enforcing that ->setkey() is called when present.

Cc: sta...@vger.kernel.org
Signed-off-by: Eric Biggers 
---
 crypto/cryptd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 552e3a86e829..457ae3e66a41 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -914,7 +914,8 @@ static int cryptd_create_hash(struct crypto_template *tmpl, 
struct rtattr **tb,
inst->alg.finup  = cryptd_hash_finup_enqueue;
inst->alg.export = cryptd_hash_export;
inst->alg.import = cryptd_hash_import;
-   inst->alg.setkey = cryptd_hash_setkey;
+   if (crypto_shash_alg_has_setkey(salg))
+   inst->alg.setkey = cryptd_hash_setkey;
inst->alg.digest = cryptd_hash_digest_enqueue;
 
err = ahash_register_instance(tmpl, inst);
-- 
2.15.1.620.gb9897f4670-goog

[PATCH v9 6/8] ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver hacks

[Logan Gunthorpe]

Now that ioread64 and iowrite64 are available in io-64-nonatomic,
we can remove the hack at the top of ntb_hw_intel.c and replace it
with an include.

Signed-off-by: Logan Gunthorpe 
Reviewed-by: Andy Shevchenko 
Acked-by: Dave Jiang 
Acked-by: Allen Hubbe 
Acked-by: Jon Mason 

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# Date:  Mon Jun 19 12:18:31 2017 -0600
#
# interactive rebase in progress; onto ae64f9bd1d36
# Last commands done (6 commands done):
#pick cf3e4dab2173 io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} 
macros
#r 79b4c4b8490c ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver 
hacks
# Next commands to do (2 remaining commands):
#r 19b6c1f3b15d crypto: caam: cleanup CONFIG_64BIT ifdefs when using 
io{read|write}64
#r f3c8723446ef ntb_hw_switchtec: Cleanup 64bit IO defines to use the 
common header
# You are currently editing a commit while rebasing branch 'io64_v9' on 
'ae64f9bd1d36'.
#
# Changes to be committed:
#   modified:   drivers/ntb/hw/intel/ntb_hw_intel.c
#
---
 drivers/ntb/hw/intel/ntb_hw_intel.c | 30 +-
 1 file changed, 1 insertion(+), 29 deletions(-)

diff --git a/drivers/ntb/hw/intel/ntb_hw_intel.c 
b/drivers/ntb/hw/intel/ntb_hw_intel.c
index 4de074a86073..119cfc45617e 100644
--- a/drivers/ntb/hw/intel/ntb_hw_intel.c
+++ b/drivers/ntb/hw/intel/ntb_hw_intel.c
@@ -59,6 +59,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "ntb_hw_intel.h"
 
@@ -155,35 +156,6 @@ MODULE_PARM_DESC(xeon_b2b_dsd_bar5_addr32,
 static inline enum ntb_topo xeon_ppd_topo(struct intel_ntb_dev *ndev, u8 ppd);
 static int xeon_init_isr(struct intel_ntb_dev *ndev);
 
-#ifndef ioread64
-#ifdef readq
-#define ioread64 readq
-#else
-#define ioread64 _ioread64
-static inline u64 _ioread64(void __iomem *mmio)
-{
-   u64 low, high;
-
-   low = ioread32(mmio);
-   high = ioread32(mmio + sizeof(u32));
-   return low | (high << 32);
-}
-#endif
-#endif
-
-#ifndef iowrite64
-#ifdef writeq
-#define iowrite64 writeq
-#else
-#define iowrite64 _iowrite64
-static inline void _iowrite64(u64 val, void __iomem *mmio)
-{
-   iowrite32(val, mmio);
-   iowrite32(val >> 32, mmio + sizeof(u32));
-}
-#endif
-#endif
-
 static inline int pdev_is_atom(struct pci_dev *pdev)
 {
switch (pdev->device) {
-- 
2.11.0

[PATCH v9 0/8] Add io{read|write}64 to io-64-atomic headers

[Logan Gunthorpe]

This is just a resend. I haven't recieved any additional feedback in a number
of version and the patchset has been around for a couple kernel cycles.
It would be nice if someone would take a look at getting this merged.

This cleanup was originally requested by Greg after he reviewed my
Switchtec NTB code.

Thanks,

Logan

--

This is v9 of my cleanup series to push a number of instances of people
defining their own io{read|write}64 functions into common headers seing
they don't exist in non-64bit systems. This series adds inline functions to the
io-64-nonatomic headers and then cleans up the drivers that defined their
own.

Changes since v8:
- Rebased onto v4.15-rc2, as a result rewrote patch 7 seeing someone did
  some similar cleanup in that area.
- Added a patch to clean up the Switchtec NTB driver which landed in
  v4.15-rc1

Changes since v7:
- Fix minor nits from Andy Shevchenko
- Rebased onto v4.14-rc1

Changes since v6:
 ** none **

Changes since v5:
- Added a fix to the tilcdc driver to ensure it doesn't use the
  non-atomic operation. (This includes adding io{read|write}64[be]_is_nonatomic
  defines).

Changes since v4:
- Add functions so the powerpc implementation of iomap.c compiles. (As
  noticed by Horia)

Changes since v3:

- I noticed powerpc didn't use the appropriate functions seeing
  readq/writeq were not defined when iomap.h was included. Thus I've
  included a patch to adjust this
- Fixed some mistakes with a couple of the defines in io-64-nonatomic*
  headers
- Fixed a typo noticed by Horia.

(earlier versions were drastically different)

Logan Gunthorpe (8):
  drm/tilcdc: ensure nonatomic iowrite64 is not used
  powerpc: io.h: move iomap.h include so that it can use readq/writeq
defs
  powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}
  iomap: introduce io{read|write}64_{lo_hi|hi_lo}
  io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} macros
  ntb: ntb_hw_intel: use io-64-nonatomic instead of in-driver hacks
  crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64
  ntb: ntb_hw_switchtec: Cleanup 64bit IO defines to use the common
header

 arch/powerpc/include/asm/io.h  |   6 +-
 arch/powerpc/kernel/iomap.c|  40 ++
 drivers/crypto/caam/regs.h |  26 +--
 drivers/gpu/drm/tilcdc/tilcdc_regs.h   |   2 +-
 drivers/ntb/hw/intel/ntb_hw_intel.c|  30 +---
 drivers/ntb/hw/mscc/ntb_hw_switchtec.c |  30 +---
 include/asm-generic/iomap.h|  26 +--
 include/linux/io-64-nonatomic-hi-lo.h  |  64 
 include/linux/io-64-nonatomic-lo-hi.h  |  64 
 lib/iomap.c| 132 +
 10 files changed, 328 insertions(+), 92 deletions(-)

--
2.11.0

[PATCH v9 2/8] powerpc: io.h: move iomap.h include so that it can use readq/writeq defs

[Logan Gunthorpe]

Subsequent patches in this series makes use of the readq and writeq
defines in iomap.h. However, as is, they get missed on the powerpc
platform seeing the include comes before the define. This patch
moves the include down to fix this.

Signed-off-by: Logan Gunthorpe 
Acked-by: Michael Ellerman 
Reviewed-by: Andy Shevchenko 
Cc: Benjamin Herrenschmidt 
Cc: Paul Mackerras 
Cc: Michael Ellerman 
Cc: Nicholas Piggin 
Cc: Suresh Warrier 
Cc: "Oliver O'Halloran" 
---
 arch/powerpc/include/asm/io.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/include/asm/io.h b/arch/powerpc/include/asm/io.h
index 422f99cf9924..af074923d598 100644
--- a/arch/powerpc/include/asm/io.h
+++ b/arch/powerpc/include/asm/io.h
@@ -33,8 +33,6 @@ extern struct pci_dev *isa_bridge_pcidev;
 #include 
 #include 

-#include 
-
 #ifdef CONFIG_PPC64
 #include 
 #endif
@@ -663,6 +661,8 @@ static inline void name at  
\
 #define writel_relaxed(v, addr)writel(v, addr)
 #define writeq_relaxed(v, addr)writeq(v, addr)

+#include 
+
 #ifdef CONFIG_PPC32
 #define mmiowb()
 #else
--
2.11.0

[PATCH v9 4/8] iomap: introduce io{read|write}64_{lo_hi|hi_lo}

[Logan Gunthorpe]

In order to provide non-atomic functions for io{read|write}64 that will
use readq and writeq when appropriate. We define a number of variants
of these functions in the generic iomap that will do non-atomic
operations on pio but atomic operations on mmio.

These functions are only defined if readq and writeq are defined. If
they are not, then the wrappers that always use non-atomic operations
from include/linux/io-64-nonatomic*.h will be used.

Signed-off-by: Logan Gunthorpe 
Reviewed-by: Andy Shevchenko 
Cc: Benjamin Herrenschmidt 
Cc: Paul Mackerras 
Cc: Michael Ellerman 
Cc: Arnd Bergmann 
Cc: Suresh Warrier 
Cc: Nicholas Piggin 
---
 arch/powerpc/include/asm/io.h |   2 +
 include/asm-generic/iomap.h   |  26 +++--
 lib/iomap.c   | 132 ++
 3 files changed, 154 insertions(+), 6 deletions(-)

diff --git a/arch/powerpc/include/asm/io.h b/arch/powerpc/include/asm/io.h
index af074923d598..4cc420cfaa78 100644
--- a/arch/powerpc/include/asm/io.h
+++ b/arch/powerpc/include/asm/io.h
@@ -788,8 +788,10 @@ extern void __iounmap_at(void *ea, unsigned long size);
 
 #define mmio_read16be(addr)readw_be(addr)
 #define mmio_read32be(addr)readl_be(addr)
+#define mmio_read64be(addr)readq_be(addr)
 #define mmio_write16be(val, addr)  writew_be(val, addr)
 #define mmio_write32be(val, addr)  writel_be(val, addr)
+#define mmio_write64be(val, addr)  writeq_be(val, addr)
 #define mmio_insb(addr, dst, count)readsb(addr, dst, count)
 #define mmio_insw(addr, dst, count)readsw(addr, dst, count)
 #define mmio_insl(addr, dst, count)readsl(addr, dst, count)
diff --git a/include/asm-generic/iomap.h b/include/asm-generic/iomap.h
index 5b63b94ef6b5..5a4af0199b32 100644
--- a/include/asm-generic/iomap.h
+++ b/include/asm-generic/iomap.h
@@ -31,9 +31,16 @@ extern unsigned int ioread16(void __iomem *);
 extern unsigned int ioread16be(void __iomem *);
 extern unsigned int ioread32(void __iomem *);
 extern unsigned int ioread32be(void __iomem *);
-#ifdef CONFIG_64BIT
-extern u64 ioread64(void __iomem *);
-extern u64 ioread64be(void __iomem *);
+
+#ifdef readq
+#define ioread64_lo_hi ioread64_lo_hi
+#define ioread64_hi_lo ioread64_hi_lo
+#define ioread64be_lo_hi ioread64be_lo_hi
+#define ioread64be_hi_lo ioread64be_hi_lo
+extern u64 ioread64_lo_hi(void __iomem *addr);
+extern u64 ioread64_hi_lo(void __iomem *addr);
+extern u64 ioread64be_lo_hi(void __iomem *addr);
+extern u64 ioread64be_hi_lo(void __iomem *addr);
 #endif
 
 extern void iowrite8(u8, void __iomem *);
@@ -41,9 +48,16 @@ extern void iowrite16(u16, void __iomem *);
 extern void iowrite16be(u16, void __iomem *);
 extern void iowrite32(u32, void __iomem *);
 extern void iowrite32be(u32, void __iomem *);
-#ifdef CONFIG_64BIT
-extern void iowrite64(u64, void __iomem *);
-extern void iowrite64be(u64, void __iomem *);
+
+#ifdef writeq
+#define iowrite64_lo_hi iowrite64_lo_hi
+#define iowrite64_hi_lo iowrite64_hi_lo
+#define iowrite64be_lo_hi iowrite64be_lo_hi
+#define iowrite64be_hi_lo iowrite64be_hi_lo
+extern void iowrite64_lo_hi(u64 val, void __iomem *addr);
+extern void iowrite64_hi_lo(u64 val, void __iomem *addr);
+extern void iowrite64be_lo_hi(u64 val, void __iomem *addr);
+extern void iowrite64be_hi_lo(u64 val, void __iomem *addr);
 #endif
 
 /*
diff --git a/lib/iomap.c b/lib/iomap.c
index 541d926da95e..d324b6c013af 100644
--- a/lib/iomap.c
+++ b/lib/iomap.c
@@ -67,6 +67,7 @@ static void bad_io_access(unsigned long port, const char 
*access)
 #ifndef mmio_read16be
 #define mmio_read16be(addr) be16_to_cpu(__raw_readw(addr))
 #define mmio_read32be(addr) be32_to_cpu(__raw_readl(addr))
+#define mmio_read64be(addr) be64_to_cpu(__raw_readq(addr))
 #endif
 
 unsigned int ioread8(void __iomem *addr)
@@ -100,6 +101,80 @@ EXPORT_SYMBOL(ioread16be);
 EXPORT_SYMBOL(ioread32);
 EXPORT_SYMBOL(ioread32be);
 
+#ifdef readq
+static u64 pio_read64_lo_hi(unsigned long port)
+{
+   u64 lo, hi;
+
+   lo = inl(port);
+   hi = inl(port + sizeof(u32));
+
+   return lo | (hi << 32);
+}
+
+static u64 pio_read64_hi_lo(unsigned long port)
+{
+   u64 lo, hi;
+
+   hi = inl(port + sizeof(u32));
+   lo = inl(port);
+
+   return lo | (hi << 32);
+}
+
+static u64 pio_read64be_lo_hi(unsigned long port)
+{
+   u64 lo, hi;
+
+   lo = pio_read32be(port + sizeof(u32));
+   hi = pio_read32be(port);
+
+   return lo | (hi << 32);
+}
+
+static u64 pio_read64be_hi_lo(unsigned long port)
+{
+   u64 lo, hi;
+
+   hi = pio_read32be(port);
+   lo = pio_read32be(port + sizeof(u32));
+
+   return lo | (hi << 32);
+}
+
+u64 ioread64_lo_hi(void __iomem *addr)
+{
+   IO_COND(addr, return pio_read64_lo_hi(port), return readq(addr));
+   return 0xULL;
+}
+
+u64 ioread64_hi_lo(void __iomem *addr)
+{
+   IO_COND(addr, return pio_read64_hi_lo(port), return readq(addr));
+   return 0xULL;
+}
+
+u64 ioread64be_lo_

[PATCH v9 5/8] io-64-nonatomic: add io{read|write}64[be]{_lo_hi|_hi_lo} macros

[Logan Gunthorpe]

This patch adds generic io{read|write}64[be]{_lo_hi|_hi_lo} macros if
they are not already defined by the architecture. (As they are provided
by the generic iomap library).

The patch also points io{read|write}64[be] to the variant specified by the
header name.

This is because new drivers are encouraged to use ioreadXX, et al instead
of readX[1], et al -- and mixing ioreadXX with readq is pretty ugly.

[1] LDD3: section 9.4.2

Signed-off-by: Logan Gunthorpe 
Reviewed-by: Andy Shevchenko 
Cc: Christoph Hellwig 
Cc: Arnd Bergmann 
Cc: Alan Cox 
Cc: Greg Kroah-Hartman 
---
 include/linux/io-64-nonatomic-hi-lo.h | 64 +++
 include/linux/io-64-nonatomic-lo-hi.h | 64 +++
 2 files changed, 128 insertions(+)

diff --git a/include/linux/io-64-nonatomic-hi-lo.h 
b/include/linux/io-64-nonatomic-hi-lo.h
index 862d786a904f..ae21b72cce85 100644
--- a/include/linux/io-64-nonatomic-hi-lo.h
+++ b/include/linux/io-64-nonatomic-hi-lo.h
@@ -55,4 +55,68 @@ static inline void hi_lo_writeq_relaxed(__u64 val, volatile 
void __iomem *addr)
 #define writeq_relaxed hi_lo_writeq_relaxed
 #endif
 
+#ifndef ioread64_hi_lo
+#define ioread64_hi_lo ioread64_hi_lo
+static inline u64 ioread64_hi_lo(void __iomem *addr)
+{
+   u32 low, high;
+
+   high = ioread32(addr + sizeof(u32));
+   low = ioread32(addr);
+
+   return low + ((u64)high << 32);
+}
+#endif
+
+#ifndef iowrite64_hi_lo
+#define iowrite64_hi_lo iowrite64_hi_lo
+static inline void iowrite64_hi_lo(u64 val, void __iomem *addr)
+{
+   iowrite32(val >> 32, addr + sizeof(u32));
+   iowrite32(val, addr);
+}
+#endif
+
+#ifndef ioread64be_hi_lo
+#define ioread64be_hi_lo ioread64be_hi_lo
+static inline u64 ioread64be_hi_lo(void __iomem *addr)
+{
+   u32 low, high;
+
+   high = ioread32be(addr);
+   low = ioread32be(addr + sizeof(u32));
+
+   return low + ((u64)high << 32);
+}
+#endif
+
+#ifndef iowrite64be_hi_lo
+#define iowrite64be_hi_lo iowrite64be_hi_lo
+static inline void iowrite64be_hi_lo(u64 val, void __iomem *addr)
+{
+   iowrite32be(val >> 32, addr);
+   iowrite32be(val, addr + sizeof(u32));
+}
+#endif
+
+#ifndef ioread64
+#define ioread64_is_nonatomic
+#define ioread64 ioread64_hi_lo
+#endif
+
+#ifndef iowrite64
+#define iowrite64_is_nonatomic
+#define iowrite64 iowrite64_hi_lo
+#endif
+
+#ifndef ioread64be
+#define ioread64be_is_nonatomic
+#define ioread64be ioread64be_hi_lo
+#endif
+
+#ifndef iowrite64be
+#define iowrite64be_is_nonatomic
+#define iowrite64be iowrite64be_hi_lo
+#endif
+
 #endif /* _LINUX_IO_64_NONATOMIC_HI_LO_H_ */
diff --git a/include/linux/io-64-nonatomic-lo-hi.h 
b/include/linux/io-64-nonatomic-lo-hi.h
index d042e7bb5adb..faaa842dbdb9 100644
--- a/include/linux/io-64-nonatomic-lo-hi.h
+++ b/include/linux/io-64-nonatomic-lo-hi.h
@@ -55,4 +55,68 @@ static inline void lo_hi_writeq_relaxed(__u64 val, volatile 
void __iomem *addr)
 #define writeq_relaxed lo_hi_writeq_relaxed
 #endif
 
+#ifndef ioread64_lo_hi
+#define ioread64_lo_hi ioread64_lo_hi
+static inline u64 ioread64_lo_hi(void __iomem *addr)
+{
+   u32 low, high;
+
+   low = ioread32(addr);
+   high = ioread32(addr + sizeof(u32));
+
+   return low + ((u64)high << 32);
+}
+#endif
+
+#ifndef iowrite64_lo_hi
+#define iowrite64_lo_hi iowrite64_lo_hi
+static inline void iowrite64_lo_hi(u64 val, void __iomem *addr)
+{
+   iowrite32(val, addr);
+   iowrite32(val >> 32, addr + sizeof(u32));
+}
+#endif
+
+#ifndef ioread64be_lo_hi
+#define ioread64be_lo_hi ioread64be_lo_hi
+static inline u64 ioread64be_lo_hi(void __iomem *addr)
+{
+   u32 low, high;
+
+   low = ioread32be(addr + sizeof(u32));
+   high = ioread32be(addr);
+
+   return low + ((u64)high << 32);
+}
+#endif
+
+#ifndef iowrite64be_lo_hi
+#define iowrite64be_lo_hi iowrite64be_lo_hi
+static inline void iowrite64be_lo_hi(u64 val, void __iomem *addr)
+{
+   iowrite32be(val, addr + sizeof(u32));
+   iowrite32be(val >> 32, addr);
+}
+#endif
+
+#ifndef ioread64
+#define ioread64_is_nonatomic
+#define ioread64 ioread64_lo_hi
+#endif
+
+#ifndef iowrite64
+#define iowrite64_is_nonatomic
+#define iowrite64 iowrite64_lo_hi
+#endif
+
+#ifndef ioread64be
+#define ioread64be_is_nonatomic
+#define ioread64be ioread64be_lo_hi
+#endif
+
+#ifndef iowrite64be
+#define iowrite64be_is_nonatomic
+#define iowrite64be iowrite64be_lo_hi
+#endif
+
 #endif /* _LINUX_IO_64_NONATOMIC_LO_HI_H_ */
-- 
2.11.0

[PATCH v9 3/8] powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}

[Logan Gunthorpe]

These functions will be introduced into the generic iomap.c so
they can deal with PIO accesses in hi-lo/lo-hi variants. Thus,
the powerpc version of iomap.c will need to provide the same
functions even though, in this arch, they are identical to the
regular io{read|write}64 functions.

Signed-off-by: Logan Gunthorpe 
Tested-by: Horia Geantă 
Reviewed-by: Andy Shevchenko 
Cc: Benjamin Herrenschmidt 
Cc: Paul Mackerras 
Cc: Michael Ellerman 
---
 arch/powerpc/kernel/iomap.c | 40 
 1 file changed, 40 insertions(+)

diff --git a/arch/powerpc/kernel/iomap.c b/arch/powerpc/kernel/iomap.c
index aab456ed2a00..5ac84efc6ede 100644
--- a/arch/powerpc/kernel/iomap.c
+++ b/arch/powerpc/kernel/iomap.c
@@ -45,12 +45,32 @@ u64 ioread64(void __iomem *addr)
 {
return readq(addr);
 }
+u64 ioread64_lo_hi(void __iomem *addr)
+{
+   return readq(addr);
+}
+u64 ioread64_hi_lo(void __iomem *addr)
+{
+   return readq(addr);
+}
 u64 ioread64be(void __iomem *addr)
 {
return readq_be(addr);
 }
+u64 ioread64be_lo_hi(void __iomem *addr)
+{
+   return readq_be(addr);
+}
+u64 ioread64be_hi_lo(void __iomem *addr)
+{
+   return readq_be(addr);
+}
 EXPORT_SYMBOL(ioread64);
+EXPORT_SYMBOL(ioread64_lo_hi);
+EXPORT_SYMBOL(ioread64_hi_lo);
 EXPORT_SYMBOL(ioread64be);
+EXPORT_SYMBOL(ioread64be_lo_hi);
+EXPORT_SYMBOL(ioread64be_hi_lo);
 #endif /* __powerpc64__ */
 
 void iowrite8(u8 val, void __iomem *addr)
@@ -83,12 +103,32 @@ void iowrite64(u64 val, void __iomem *addr)
 {
writeq(val, addr);
 }
+void iowrite64_lo_hi(u64 val, void __iomem *addr)
+{
+   writeq(val, addr);
+}
+void iowrite64_hi_lo(u64 val, void __iomem *addr)
+{
+   writeq(val, addr);
+}
 void iowrite64be(u64 val, void __iomem *addr)
 {
writeq_be(val, addr);
 }
+void iowrite64be_lo_hi(u64 val, void __iomem *addr)
+{
+   writeq_be(val, addr);
+}
+void iowrite64be_hi_lo(u64 val, void __iomem *addr)
+{
+   writeq_be(val, addr);
+}
 EXPORT_SYMBOL(iowrite64);
+EXPORT_SYMBOL(iowrite64_lo_hi);
+EXPORT_SYMBOL(iowrite64_hi_lo);
 EXPORT_SYMBOL(iowrite64be);
+EXPORT_SYMBOL(iowrite64be_lo_hi);
+EXPORT_SYMBOL(iowrite64be_hi_lo);
 #endif /* __powerpc64__ */
 
 /*
-- 
2.11.0

[PATCH v9 1/8] drm/tilcdc: ensure nonatomic iowrite64 is not used

[Logan Gunthorpe]

Add a check to ensure iowrite64 is only used if it is atomic.

It was decided in [1] that the tilcdc driver should not be using an
atomic operation (so it was left out of this patchset). However, it turns
out that through the drm code, a nonatomic header is actually included:

include/linux/io-64-nonatomic-lo-hi.h
is included from include/drm/drm_os_linux.h:9:0,
from include/drm/drmP.h:74,
from include/drm/drm_modeset_helper.h:26,
from include/drm/drm_atomic_helper.h:33,
from drivers/gpu/drm/tilcdc/tilcdc_crtc.c:19:

And thus, without this change, this patchset would inadvertantly
change the behaviour of the tilcdc driver.

[1] 
lkml.kernel.org/r/cak8p3a2hho_zcnstzq7hmwsz5la5thu19fwzpun16imnyyn...@mail.gmail.com

Signed-off-by: Logan Gunthorpe 
Reviewed-by: Andy Shevchenko 
Cc: Jyri Sarha 
Cc: Arnd Bergmann 
Cc: Tomi Valkeinen 
Cc: David Airlie 
---
 drivers/gpu/drm/tilcdc/tilcdc_regs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/tilcdc/tilcdc_regs.h 
b/drivers/gpu/drm/tilcdc/tilcdc_regs.h
index 9d528c0a67a4..5048ebb86835 100644
--- a/drivers/gpu/drm/tilcdc/tilcdc_regs.h
+++ b/drivers/gpu/drm/tilcdc/tilcdc_regs.h
@@ -133,7 +133,7 @@ static inline void tilcdc_write64(struct drm_device *dev, 
u32 reg, u64 data)
struct tilcdc_drm_private *priv = dev->dev_private;
volatile void __iomem *addr = priv->mmio + reg;
 
-#ifdef iowrite64
+#if defined(iowrite64) && !defined(iowrite64_is_nonatomic)
iowrite64(data, addr);
 #else
__iowmb();
-- 
2.11.0

[PATCH v9 8/8] ntb: ntb_hw_switchtec: Cleanup 64bit IO defines to use the common header

[Logan Gunthorpe]

Clean up the ifdefs which conditionally defined the io{read|write}64
functions in favour of the new common io-64-nonatomic-lo-hi header.

Signed-off-by: Logan Gunthorpe 
Cc: Jon Mason 
---
 drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 30 +-
 1 file changed, 1 insertion(+), 29 deletions(-)

diff --git a/drivers/ntb/hw/mscc/ntb_hw_switchtec.c 
b/drivers/ntb/hw/mscc/ntb_hw_switchtec.c
index afe8ed6f3b23..53d3a34cddf3 100644
--- a/drivers/ntb/hw/mscc/ntb_hw_switchtec.c
+++ b/drivers/ntb/hw/mscc/ntb_hw_switchtec.c
@@ -19,6 +19,7 @@
 #include 
 #include 
 #include 
+#include 
 
 MODULE_DESCRIPTION("Microsemi Switchtec(tm) NTB Driver");
 MODULE_VERSION("0.1");
@@ -35,35 +36,6 @@ module_param(use_lut_mws, bool, 0644);
 MODULE_PARM_DESC(use_lut_mws,
 "Enable the use of the LUT based memory windows");
 
-#ifndef ioread64
-#ifdef readq
-#define ioread64 readq
-#else
-#define ioread64 _ioread64
-static inline u64 _ioread64(void __iomem *mmio)
-{
-   u64 low, high;
-
-   low = ioread32(mmio);
-   high = ioread32(mmio + sizeof(u32));
-   return low | (high << 32);
-}
-#endif
-#endif
-
-#ifndef iowrite64
-#ifdef writeq
-#define iowrite64 writeq
-#else
-#define iowrite64 _iowrite64
-static inline void _iowrite64(u64 val, void __iomem *mmio)
-{
-   iowrite32(val, mmio);
-   iowrite32(val >> 32, mmio + sizeof(u32));
-}
-#endif
-#endif
-
 #define SWITCHTEC_NTB_MAGIC 0x45CC0001
 #define MAX_MWS 128
 
-- 
2.11.0

[PATCH v9 7/8] crypto: caam: cleanup CONFIG_64BIT ifdefs when using io{read|write}64

[Logan Gunthorpe]

Clean up the extra ifdefs which defined the wr_reg64 and rd_reg64
functions in non-64bit cases in favour of the new common
io-64-nonatomic-lo-hi header.

Signed-off-by: Logan Gunthorpe 
Cc: Andy Shevchenko 
Cc: Horia Geantă 
Cc: Dan Douglass 
Cc: Herbert Xu 
Cc: "David S. Miller" 
---
 drivers/crypto/caam/regs.h | 26 +-
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h
index fee363865d88..ec6528e5ce9d 100644
--- a/drivers/crypto/caam/regs.h
+++ b/drivers/crypto/caam/regs.h
@@ -10,7 +10,7 @@
 
 #include 
 #include 
-#include 
+#include 
 
 /*
  * Architecture-specific register access methods
@@ -136,7 +136,6 @@ static inline void clrsetbits_32(void __iomem *reg, u32 
clear, u32 set)
  *base + 0x : least-significant 32 bits
  *base + 0x0004 : most-significant 32 bits
  */
-#ifdef CONFIG_64BIT
 static inline void wr_reg64(void __iomem *reg, u64 data)
 {
if (caam_little_end)
@@ -153,29 +152,6 @@ static inline u64 rd_reg64(void __iomem *reg)
return ioread64be(reg);
 }
 
-#else /* CONFIG_64BIT */
-static inline void wr_reg64(void __iomem *reg, u64 data)
-{
-   if (!caam_imx && caam_little_end) {
-   wr_reg32((u32 __iomem *)(reg) + 1, data >> 32);
-   wr_reg32((u32 __iomem *)(reg), data);
-   } else {
-   wr_reg32((u32 __iomem *)(reg), data >> 32);
-   wr_reg32((u32 __iomem *)(reg) + 1, data);
-   }
-}
-
-static inline u64 rd_reg64(void __iomem *reg)
-{
-   if (!caam_imx && caam_little_end)
-   return ((u64)rd_reg32((u32 __iomem *)(reg) + 1) << 32 |
-   (u64)rd_reg32((u32 __iomem *)(reg)));
-
-   return ((u64)rd_reg32((u32 __iomem *)(reg)) << 32 |
-   (u64)rd_reg32((u32 __iomem *)(reg) + 1));
-}
-#endif /* CONFIG_64BIT  */
-
 static inline u64 cpu_to_caam_dma64(dma_addr_t value)
 {
if (caam_imx)
-- 
2.11.0

Re: [PATCH] [RFT] crypto: aes-generic - turn off -ftree-pre and -ftree-sra

[Ard Biesheuvel]

On 3 January 2018 at 16:37, Arnd Bergmann  wrote:
> On Fri, Dec 22, 2017 at 4:47 PM, Ard Biesheuvel
>  wrote:
>> On 21 December 2017 at 13:47, PrasannaKumar Muralidharan 
>>  wrote:
>>> On 21 December 2017 at 17:52, Ard Biesheuvel  
>>> wrote:
 On 21 December 2017 at 10:20, Arnd Bergmann  wrote:

 So my vote is to disable UBSAN for all such cipher implementations:
 aes_generic, but also aes_ti, which has a similar 256 byte lookup
 table [although it does not seem to be affected by the same issue as
 aes_generic], and possibly others as well.

 Perhaps it makes sense to move core cipher code into a separate
 sub-directory, and disable UBSAN at the directory level?

 It would involve the following files

 crypto/aes_generic.c
 crypto/aes_ti.c
 crypto/anubis.c
 crypto/arc4.c
 crypto/blowfish_generic.c
 crypto/camellia_generic.c
 crypto/cast5_generic.c
 crypto/cast6_generic.c
 crypto/des_generic.c
 crypto/fcrypt.c
 crypto/khazad.c
 crypto/seed.c
 crypto/serpent_generic.c
 crypto/tea.c
 crypto/twofish_generic.c
>>>
>>> As *SAN is enabled only on developer setup, is such a change required?
>>> Looks like I am missing something here. Can you explain what value it
>>> provides?
>>>
>>
>> Well, in this particular case, the value it provides is that the
>> kernel can still boot and invoke the AES code without overflowing the
>> kernel stack. Of course, this is a compiler issue that hopefully gets
>> fixed, but I think it may be reasonable to exclude some C code from
>> UBSAN by default.
>
> Any idea how to proceed here? I've retested with the latest gcc snapshot
> and verified that the problem is still there. No idea what the chance of
> getting it fixed before the 7.3 release is. From the performance tests
> I've done, the patch I posted is pretty much useless, it causes significant
> performance regressions on most other compiler versions.
>
> A minimal patch would be to disable UBSAN specifically for aes-generic.c
> for gcc-7.2+ but not gcc-8 to avoid the potential stack overflow. We could
> also force building with -Os on gcc-7, and leave UBSAN enabled,
> this would improve performance some 3-5% on x86 with gcc-7 (both
> 7.1 and 7.2.1) and avoid the stack overflow.
>

Can't we just disable UBSAN for that file for all GCC versions and be
done with it? It is not a production feature, and that code is
unlikely to change in ways where UBSAN would make a difference anyway,
nor is it ever executed on 99.9% of systems running Linux.

> For the performance regression in gcc-7.2.1 on this file, I've opened
> a separate gcc PR now, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651
> I've also tested the libressl version of their generic AES code, with
> mixed results (it's appears to be much slower than the kernel version
> to start with, and while it has further performance regressions with recent
> compilers, those are with a different set of versions compared to the
> kernel implementation, and it does not suffer from the high stack usage).
>

Re: [PATCH] [RFT] crypto: aes-generic - turn off -ftree-pre and -ftree-sra

[Arnd Bergmann]

On Fri, Dec 22, 2017 at 4:47 PM, Ard Biesheuvel
 wrote:
> On 21 December 2017 at 13:47, PrasannaKumar Muralidharan 
>  wrote:
>> On 21 December 2017 at 17:52, Ard Biesheuvel  
>> wrote:
>>> On 21 December 2017 at 10:20, Arnd Bergmann  wrote:
>>>
>>> So my vote is to disable UBSAN for all such cipher implementations:
>>> aes_generic, but also aes_ti, which has a similar 256 byte lookup
>>> table [although it does not seem to be affected by the same issue as
>>> aes_generic], and possibly others as well.
>>>
>>> Perhaps it makes sense to move core cipher code into a separate
>>> sub-directory, and disable UBSAN at the directory level?
>>>
>>> It would involve the following files
>>>
>>> crypto/aes_generic.c
>>> crypto/aes_ti.c
>>> crypto/anubis.c
>>> crypto/arc4.c
>>> crypto/blowfish_generic.c
>>> crypto/camellia_generic.c
>>> crypto/cast5_generic.c
>>> crypto/cast6_generic.c
>>> crypto/des_generic.c
>>> crypto/fcrypt.c
>>> crypto/khazad.c
>>> crypto/seed.c
>>> crypto/serpent_generic.c
>>> crypto/tea.c
>>> crypto/twofish_generic.c
>>
>> As *SAN is enabled only on developer setup, is such a change required?
>> Looks like I am missing something here. Can you explain what value it
>> provides?
>>
>
> Well, in this particular case, the value it provides is that the
> kernel can still boot and invoke the AES code without overflowing the
> kernel stack. Of course, this is a compiler issue that hopefully gets
> fixed, but I think it may be reasonable to exclude some C code from
> UBSAN by default.

Any idea how to proceed here? I've retested with the latest gcc snapshot
and verified that the problem is still there. No idea what the chance of
getting it fixed before the 7.3 release is. From the performance tests
I've done, the patch I posted is pretty much useless, it causes significant
performance regressions on most other compiler versions.

A minimal patch would be to disable UBSAN specifically for aes-generic.c
for gcc-7.2+ but not gcc-8 to avoid the potential stack overflow. We could
also force building with -Os on gcc-7, and leave UBSAN enabled,
this would improve performance some 3-5% on x86 with gcc-7 (both
7.1 and 7.2.1) and avoid the stack overflow.

For the performance regression in gcc-7.2.1 on this file, I've opened
a separate gcc PR now, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651
I've also tested the libressl version of their generic AES code, with
mixed results (it's appears to be much slower than the kernel version
to start with, and while it has further performance regressions with recent
compilers, those are with a different set of versions compared to the
kernel implementation, and it does not suffer from the high stack usage).

   Arnd

Re: [PATCH v2 01/27] staging: ccree: SPDXify driver

[Philippe Ombredanne]

Gilad,

On Wed, Jan 3, 2018 at 2:35 PM, Gilad Ben-Yossef  wrote:
> Replace verbatim GPL v2 copy with SPDX tag.
>
> Signed-off-by: Gilad Ben-Yossef 



> --- a/drivers/staging/ccree/cc_crypto_ctx.h
> +++ b/drivers/staging/ccree/cc_crypto_ctx.h
> @@ -1,18 +1,5 @@
> -/*
> - * Copyright (C) 2012-2017 ARM Limited or its affiliates.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License version 2 as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU General Public License for more details.
> - *
> - * You should have received a copy of the GNU General Public License
> - * along with this program; if not, see .
> - */
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */

Thank you for using the SPDX tags!

Now, while I appreciate your attempt to use the latest and greatest
SPDX license id definitions (published by SPDX a few days agao), THIS
IS NOT a welcomed initiative. Please stick instead to use ONLY the
SPDX license ids that are defined in Thomas doc patches [1]: e.g. use
instead:  SPDX-License-Identifier: GPL-2.0 and please DO NOT USE
GPL-2.0-only for now.

The rationale is simple: from a kernel standpoint we cannot depend on
the latest changes of an external spec such as SPDX (and I am involved
with SPDX alright but I am wearing a kernel hat here). This is why
things have been carefully documented for the kernel proper by Thomas.
It is perfectly fine at some times in the future to adopt the newest
license ids, but this will have to happen in an orderly fashion with a
proper doc update and the eventual tree-wide changes to update every
occurrence. This cannot happen any other way or this would defeat the
whole purpose to have clear licensing kernel-wide: using the latest
and greatest introduces variations and creates a mess that we want to
avoid in the first place.

CC: Thomas Gleixner 

[1] https://lkml.org/lkml/2017/12/28/323

-- 
Cordially
Philippe Ombredanne

[PATCH v2 01/27] staging: ccree: SPDXify driver

[Gilad Ben-Yossef]

Replace verbatim GPL v2 copy with SPDX tag.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig|  2 ++
 drivers/staging/ccree/Makefile   |  2 ++
 drivers/staging/ccree/cc_crypto_ctx.h| 17 ++---
 drivers/staging/ccree/cc_debugfs.c   | 17 ++---
 drivers/staging/ccree/cc_debugfs.h   | 17 ++---
 drivers/staging/ccree/cc_hw_queue_defs.h | 17 ++---
 drivers/staging/ccree/cc_lli_defs.h  | 17 ++---
 drivers/staging/ccree/dx_crys_kernel.h   | 17 ++---
 drivers/staging/ccree/dx_host.h  | 17 ++---
 drivers/staging/ccree/dx_reg_common.h| 17 ++---
 drivers/staging/ccree/hash_defs.h| 17 ++---
 drivers/staging/ccree/ssi_aead.c | 17 ++---
 drivers/staging/ccree/ssi_aead.h | 17 ++---
 drivers/staging/ccree/ssi_buffer_mgr.c   | 17 ++---
 drivers/staging/ccree/ssi_buffer_mgr.h   | 17 ++---
 drivers/staging/ccree/ssi_cipher.c   | 17 ++---
 drivers/staging/ccree/ssi_cipher.h   | 17 ++---
 drivers/staging/ccree/ssi_driver.c   | 17 ++---
 drivers/staging/ccree/ssi_driver.h   | 17 ++---
 drivers/staging/ccree/ssi_fips.c | 17 ++---
 drivers/staging/ccree/ssi_fips.h | 17 ++---
 drivers/staging/ccree/ssi_hash.c | 17 ++---
 drivers/staging/ccree/ssi_hash.h | 17 ++---
 drivers/staging/ccree/ssi_ivgen.c| 17 ++---
 drivers/staging/ccree/ssi_ivgen.h| 17 ++---
 drivers/staging/ccree/ssi_pm.c   | 17 ++---
 drivers/staging/ccree/ssi_pm.h   | 17 ++---
 drivers/staging/ccree/ssi_request_mgr.c  | 17 ++---
 drivers/staging/ccree/ssi_request_mgr.h  | 17 ++---
 drivers/staging/ccree/ssi_sram_mgr.c | 17 ++---
 drivers/staging/ccree/ssi_sram_mgr.h | 17 ++---
 31 files changed, 62 insertions(+), 435 deletions(-)

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index 0b3092b..c94dfe8 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0
+
 config CRYPTO_DEV_CCREE
tristate "Support for ARM TrustZone CryptoCell C7XX family of Crypto 
accelerators"
depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index ab9f073..bb47144 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: GPL-2.0
+
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
 ccree-y := ssi_driver.o ssi_buffer_mgr.o ssi_request_mgr.o ssi_cipher.o 
ssi_hash.o ssi_aead.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o
 ccree-$(CONFIG_CRYPTO_FIPS) += ssi_fips.o
diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index 0e34d9a..1b2698f 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -1,18 +1,5 @@
-/*
- * Copyright (C) 2012-2017 ARM Limited or its affiliates.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
+/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
 
 #ifndef _CC_CRYPTO_CTX_H_
 #define _CC_CRYPTO_CTX_H_
diff --git a/drivers/staging/ccree/cc_debugfs.c 
b/drivers/staging/ccree/cc_debugfs.c
index 662fa07..518cefd 100644
--- a/drivers/staging/ccree/cc_debugfs.c
+++ b/drivers/staging/ccree/cc_debugfs.c
@@ -1,18 +1,5 @@
-/*
- * Copyright (C) 2012-2017 ARM Limited or its affiliates.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (C) 2012-2018 ARM Limited or its 

[PATCH v2 05/27] staging: ccree: pick alloc mem flags based on req flags

[Gilad Ben-Yossef]

The ccree driver was allocating memory using GFP_KERNEL flag
always, ignoring the flags set in the crypto request. Fix it
by choosing gfp flags based on crypto request flags.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 19 +++--
 drivers/staging/ccree/ssi_buffer_mgr.h |  6 ++--
 drivers/staging/ccree/ssi_cipher.c |  8 --
 drivers/staging/ccree/ssi_driver.h |  6 
 drivers/staging/ccree/ssi_hash.c   | 50 --
 5 files changed, 54 insertions(+), 35 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 60fcee4..5e3cff3 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -217,7 +217,7 @@ static int cc_render_sg_to_mlli(struct device *dev, struct 
scatterlist *sgl,
 }
 
 static int cc_generate_mlli(struct device *dev, struct buffer_array *sg_data,
-   struct mlli_params *mlli_params)
+   struct mlli_params *mlli_params, gfp_t flags)
 {
u32 *mlli_p;
u32 total_nents = 0, prev_total_nents = 0;
@@ -227,7 +227,7 @@ static int cc_generate_mlli(struct device *dev, struct 
buffer_array *sg_data,
 
/* Allocate memory from the pointed pool */
mlli_params->mlli_virt_addr =
-   dma_pool_alloc(mlli_params->curr_pool, GFP_KERNEL,
+   dma_pool_alloc(mlli_params->curr_pool, flags,
   &mlli_params->mlli_dma_addr);
if (!mlli_params->mlli_virt_addr) {
dev_err(dev, "dma_pool_alloc() failed\n");
@@ -483,7 +483,7 @@ void cc_unmap_blkcipher_request(struct device *dev, void 
*ctx,
 int cc_map_blkcipher_request(struct cc_drvdata *drvdata, void *ctx,
 unsigned int ivsize, unsigned int nbytes,
 void *info, struct scatterlist *src,
-struct scatterlist *dst)
+struct scatterlist *dst, gfp_t flags)
 {
struct blkcipher_req_ctx *req_ctx = (struct blkcipher_req_ctx *)ctx;
struct mlli_params *mlli_params = &req_ctx->mlli_params;
@@ -558,7 +558,7 @@ int cc_map_blkcipher_request(struct cc_drvdata *drvdata, 
void *ctx,
 
if (req_ctx->dma_buf_type == CC_DMA_BUF_MLLI) {
mlli_params->curr_pool = buff_mgr->mlli_buffs_pool;
-   rc = cc_generate_mlli(dev, &sg_data, mlli_params);
+   rc = cc_generate_mlli(dev, &sg_data, mlli_params, flags);
if (rc)
goto ablkcipher_exit;
}
@@ -1200,6 +1200,7 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, 
struct aead_request *req)
u32 mapped_nents = 0;
u32 dummy = 0; /*used for the assoc data fragments */
u32 size_to_map = 0;
+   gfp_t flags = cc_gfp_flags(&req->base);
 
mlli_params->curr_pool = NULL;
sg_data.num_of_buffers = 0;
@@ -1366,7 +1367,7 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, 
struct aead_request *req)
if (areq_ctx->assoc_buff_type == CC_DMA_BUF_MLLI ||
areq_ctx->data_buff_type == CC_DMA_BUF_MLLI) {
mlli_params->curr_pool = buff_mgr->mlli_buffs_pool;
-   rc = cc_generate_mlli(dev, &sg_data, mlli_params);
+   rc = cc_generate_mlli(dev, &sg_data, mlli_params, flags);
if (rc)
goto aead_map_failure;
 
@@ -1385,7 +1386,7 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, 
struct aead_request *req)
 
 int cc_map_hash_request_final(struct cc_drvdata *drvdata, void *ctx,
  struct scatterlist *src, unsigned int nbytes,
- bool do_update)
+ bool do_update, gfp_t flags)
 {
struct ahash_req_ctx *areq_ctx = (struct ahash_req_ctx *)ctx;
struct device *dev = drvdata_to_dev(drvdata);
@@ -1445,7 +1446,7 @@ int cc_map_hash_request_final(struct cc_drvdata *drvdata, 
void *ctx,
/* add the src data to the sg_data */
cc_add_sg_entry(dev, &sg_data, areq_ctx->in_nents, src, nbytes,
0, true, &areq_ctx->mlli_nents);
-   if (cc_generate_mlli(dev, &sg_data, mlli_params))
+   if (cc_generate_mlli(dev, &sg_data, mlli_params, flags))
goto fail_unmap_din;
}
/* change the buffer index for the unmap function */
@@ -1466,7 +1467,7 @@ int cc_map_hash_request_final(struct cc_drvdata *drvdata, 
void *ctx,
 
 int cc_map_hash_request_update(struct cc_drvdata *drvdata, void *ctx,
   struct scatterlist *src, unsigned int nbytes,
-  unsigned int block_size)
+  unsigned int block_size, gfp_t flags)
 {
struct ahash_req_ctx *areq_ctx = (struct ahash_req_ctx *)ctx;
struct device *dev = drvdata_to_dev(

[PATCH v2 06/27] staging: ccree: copy larval digest from RAM

[Gilad Ben-Yossef]

The ccree driver was using a DMA operation to copy larval digest
from the ccree SRAM to RAM. Replace it with a simple memcpy.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c |   2 +
 drivers/staging/ccree/ssi_hash.c   | 121 -
 drivers/staging/ccree/ssi_hash.h   |   2 +
 3 files changed, 68 insertions(+), 57 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 9b4c064..64db0c1 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -484,6 +484,8 @@ static int __init ccree_init(void)
 {
int ret;
 
+   cc_hash_global_init();
+
ret = cc_debugfs_global_init();
if (ret)
return ret;
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 5324914..06cc5cd 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -41,10 +41,10 @@ static const u32 sha256_init[] = {
 #if (CC_DEV_SHA_MAX > 256)
 static const u32 digest_len_sha512_init[] = {
0x0080, 0x, 0x, 0x };
-static const u64 sha384_init[] = {
+static u64 sha384_init[] = {
SHA384_H7, SHA384_H6, SHA384_H5, SHA384_H4,
SHA384_H3, SHA384_H2, SHA384_H1, SHA384_H0 };
-static const u64 sha512_init[] = {
+static u64 sha512_init[] = {
SHA512_H7, SHA512_H6, SHA512_H5, SHA512_H4,
SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0 };
 #endif
@@ -55,6 +55,8 @@ static void cc_setup_xcbc(struct ahash_request *areq, struct 
cc_hw_desc desc[],
 static void cc_setup_cmac(struct ahash_request *areq, struct cc_hw_desc desc[],
  unsigned int *seq_size);
 
+static const void *cc_larval_digest(struct device *dev, u32 mode);
+
 struct cc_hash_alg {
struct list_head entry;
int hash_mode;
@@ -126,10 +128,6 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
  struct cc_hash_ctx *ctx, gfp_t flags)
 {
bool is_hmac = ctx->is_hmac;
-   cc_sram_addr_t larval_digest_addr =
-   cc_larval_digest_addr(ctx->drvdata, ctx->hash_mode);
-   struct cc_crypto_req cc_req = {};
-   struct cc_hw_desc desc;
int rc = -ENOMEM;
 
state->buff0 = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
@@ -203,9 +201,6 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
   HASH_LEN_SIZE);
 #endif
}
-   dma_sync_single_for_device(dev, state->digest_buff_dma_addr,
-  ctx->inter_digestsize,
-  DMA_BIDIRECTIONAL);
 
if (ctx->hash_mode != DRV_HASH_NULL) {
dma_sync_single_for_cpu(dev,
@@ -216,22 +211,15 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
   ctx->opad_tmp_keys_buff, ctx->inter_digestsize);
}
} else { /*hash*/
-   /* Copy the initial digests if hash flow. The SRAM contains the
-* initial digests in the expected order for all SHA*
-*/
-   hw_desc_init(&desc);
-   set_din_sram(&desc, larval_digest_addr, ctx->inter_digestsize);
-   set_dout_dlli(&desc, state->digest_buff_dma_addr,
- ctx->inter_digestsize, NS_BIT, 0);
-   set_flow_mode(&desc, BYPASS);
+   /* Copy the initial digests if hash flow. */
+   const void *larval = cc_larval_digest(dev, ctx->hash_mode);
 
-   rc = send_request(ctx->drvdata, &cc_req, &desc, 1, 0);
-   if (rc) {
-   dev_err(dev, "send_request() failed (rc=%d)\n", rc);
-   goto fail4;
-   }
+   memcpy(state->digest_buff, larval, ctx->inter_digestsize);
}
 
+   dma_sync_single_for_device(dev, state->digest_buff_dma_addr,
+  ctx->inter_digestsize, DMA_BIDIRECTIONAL);
+
if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC) {
state->digest_bytes_len_dma_addr =
dma_map_single(dev, (void *)state->digest_bytes_len,
@@ -2003,11 +1991,7 @@ int cc_init_hash_sram(struct cc_drvdata *drvdata)
cc_sram_addr_t sram_buff_ofs = hash_handle->digest_len_sram_addr;
unsigned int larval_seq_len = 0;
struct cc_hw_desc larval_seq[CC_DIGEST_SIZE_MAX / sizeof(u32)];
-   struct device *dev = drvdata_to_dev(drvdata);
int rc = 0;
-#if (CC_DEV_SHA_MAX > 256)
-   int i;
-#endif
 
/* Copy-to-sram digest-len */
cc_set_sram_desc(digest_len_init, sram_buff_ofs,
@@ -2074,49 +2058,49 @@ int cc_init_hash_sram(struct cc_drvdata *drvdata)
larval_seq_len = 0;
 
 #if (CC_DEV_SHA_MAX > 256)
-   /* We are forced to swap each double-word larval before copying to
-   

[PATCH v2 03/27] staging: ccree: fold reg common defines into driver

[Gilad Ben-Yossef]

Fold the 2 macro defined in dx_reg_common.h into the file they
are used in and delete the file.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_crypto_ctx.h |  4 ++--
 drivers/staging/ccree/dx_reg_common.h | 13 -
 drivers/staging/ccree/ssi_driver.h|  5 +++--
 3 files changed, 5 insertions(+), 17 deletions(-)
 delete mode 100644 drivers/staging/ccree/dx_reg_common.h

diff --git a/drivers/staging/ccree/cc_crypto_ctx.h 
b/drivers/staging/ccree/cc_crypto_ctx.h
index 1b2698f..88b6e88 100644
--- a/drivers/staging/ccree/cc_crypto_ctx.h
+++ b/drivers/staging/ccree/cc_crypto_ctx.h
@@ -8,7 +8,7 @@
 
 /* context size */
 #ifndef CC_CTX_SIZE_LOG2
-#if (CC_SUPPORT_SHA > 256)
+#if (CC_DEV_SHA_MAX > 256)
 #define CC_CTX_SIZE_LOG2 8
 #else
 #define CC_CTX_SIZE_LOG2 7
@@ -59,7 +59,7 @@
 #define CC_SHA384_BLOCK_SIZE 128
 #define CC_SHA512_BLOCK_SIZE 128
 
-#if (CC_SUPPORT_SHA > 256)
+#if (CC_DEV_SHA_MAX > 256)
 #define CC_DIGEST_SIZE_MAX CC_SHA512_DIGEST_SIZE
 #define CC_HASH_BLOCK_SIZE_MAX CC_SHA512_BLOCK_SIZE /*1024b*/
 #else /* Only up to SHA256 */
diff --git a/drivers/staging/ccree/dx_reg_common.h 
b/drivers/staging/ccree/dx_reg_common.h
deleted file mode 100644
index 84184d2..000
--- a/drivers/staging/ccree/dx_reg_common.h
+++ /dev/null
@@ -1,13 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
-
-#ifndef __CC_REG_COMMON_H__
-#define __CC_REG_COMMON_H__
-
-#define CC_DEV_SIGNATURE 0xDCC71200UL
-
-#define CC_HW_VERSION 0xef840015UL
-
-#define CC_DEV_SHA_MAX 512
-
-#endif /*__CC_REG_COMMON_H__*/
diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index b978862..3810740 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -27,8 +27,7 @@
 
 /* Registers definitions from shared/hw/ree_include */
 #include "dx_host.h"
-#include "dx_reg_common.h"
-#define CC_SUPPORT_SHA CC_DEV_SHA_MAX
+#define CC_DEV_SHA_MAX 512
 #include "cc_crypto_ctx.h"
 #include "cc_hw_queue_defs.h"
 #include "ssi_sram_mgr.h"
@@ -44,6 +43,8 @@ extern bool cc_dump_bytes;
 /* Maximum DMA mask supported by IP */
 #define DMA_BIT_MASK_LEN 48
 
+#define CC_DEV_SIGNATURE 0xDCC71200UL
+
 #define CC_AXI_IRQ_MASK ((1 << CC_AXIM_CFG_BRESPMASK_BIT_SHIFT) | \
  (1 << CC_AXIM_CFG_RRESPMASK_BIT_SHIFT) | \
  (1 << CC_AXIM_CFG_INFLTMASK_BIT_SHIFT) | \
-- 
2.7.4

[PATCH v2 04/27] staging: ccree: remove GFP_DMA flag from mem allocs

[Gilad Ben-Yossef]

Remove bogus GFP_DMA flag from memory allocations. ccree driver
does not operate over an ISA or similar limited bus.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_cipher.c |  2 +-
 drivers/staging/ccree/ssi_hash.c   | 15 ++-
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 71d3e79..479186f 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -166,7 +166,7 @@ static int cc_cipher_init(struct crypto_tfm *tfm)
ctx_p->drvdata = cc_alg->drvdata;
 
/* Allocate key buffer, cache line aligned */
-   ctx_p->user.key = kmalloc(max_key_buf_size, GFP_KERNEL | GFP_DMA);
+   ctx_p->user.key = kmalloc(max_key_buf_size, GFP_KERNEL);
if (!ctx_p->user.key)
return -ENOMEM;
 
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index c409dcd..a6702cf 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -132,29 +132,27 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
struct cc_hw_desc desc;
int rc = -ENOMEM;
 
-   state->buff0 = kzalloc(CC_MAX_HASH_BLCK_SIZE, GFP_KERNEL | GFP_DMA);
+   state->buff0 = kzalloc(CC_MAX_HASH_BLCK_SIZE, GFP_KERNEL);
if (!state->buff0)
goto fail0;
 
-   state->buff1 = kzalloc(CC_MAX_HASH_BLCK_SIZE, GFP_KERNEL | GFP_DMA);
+   state->buff1 = kzalloc(CC_MAX_HASH_BLCK_SIZE, GFP_KERNEL);
if (!state->buff1)
goto fail_buff0;
 
state->digest_result_buff = kzalloc(CC_MAX_HASH_DIGEST_SIZE,
-   GFP_KERNEL | GFP_DMA);
+   GFP_KERNEL);
if (!state->digest_result_buff)
goto fail_buff1;
 
-   state->digest_buff = kzalloc(ctx->inter_digestsize,
-GFP_KERNEL | GFP_DMA);
+   state->digest_buff = kzalloc(ctx->inter_digestsize, GFP_KERNEL);
if (!state->digest_buff)
goto fail_digest_result_buff;
 
dev_dbg(dev, "Allocated digest-buffer in context 
ctx->digest_buff=@%p\n",
state->digest_buff);
if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC) {
-   state->digest_bytes_len = kzalloc(HASH_LEN_SIZE,
- GFP_KERNEL | GFP_DMA);
+   state->digest_bytes_len = kzalloc(HASH_LEN_SIZE, GFP_KERNEL);
if (!state->digest_bytes_len)
goto fail1;
 
@@ -164,8 +162,7 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
state->digest_bytes_len = NULL;
}
 
-   state->opad_digest_buff = kzalloc(ctx->inter_digestsize,
- GFP_KERNEL | GFP_DMA);
+   state->opad_digest_buff = kzalloc(ctx->inter_digestsize, GFP_KERNEL);
if (!state->opad_digest_buff)
goto fail2;
 
-- 
2.7.4

[PATCH v2 09/27] staging: ccree: break send_request and fix ret val

[Gilad Ben-Yossef]

The send_request() function was handling both synchronous
and asynchronous invocations, but were not handling
the asynchronous case, which may be called in an atomic
context, properly as it was sleeping.

Start to fix the problem by breaking up the two use
cases to separate functions calling a common internal
service function and return error instead of sleeping
for the asynchronous case.

The next patch will complete the fix by implementing
proper backlog handling.

Fixes: abefd6741d ("staging: ccree: introduce CryptoCell HW driver").
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c|   6 +-
 drivers/staging/ccree/ssi_cipher.c  |   3 +-
 drivers/staging/ccree/ssi_hash.c|  22 ++--
 drivers/staging/ccree/ssi_request_mgr.c | 180 ++--
 drivers/staging/ccree/ssi_request_mgr.h |  11 +-
 5 files changed, 128 insertions(+), 94 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index 5276bde..ec50014 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -531,7 +531,7 @@ cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 
*key,
idx++;
}
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, idx, 0);
+   rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx);
if (rc)
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
 
@@ -630,7 +630,7 @@ cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
unsigned int keylen)
/* STAT_PHASE_3: Submit sequence to HW */
 
if (seq_len > 0) { /* For CCM there is no sequence to setup the key */
-   rc = send_request(ctx->drvdata, &cc_req, desc, seq_len, 0);
+   rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, seq_len);
if (rc) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
goto setkey_error;
@@ -2039,7 +2039,7 @@ static int cc_proc_aead(struct aead_request *req,
 
/* STAT_PHASE_3: Lock HW and push sequence */
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, seq_len, 1);
+   rc = cc_send_request(ctx->drvdata, &cc_req, desc, seq_len, &req->base);
 
if (rc != -EINPROGRESS) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index fe8d78d..ad56da7 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -717,7 +717,8 @@ static int cc_cipher_process(struct ablkcipher_request *req,
 
/* STAT_PHASE_3: Lock HW and push sequence */
 
-   rc = send_request(ctx_p->drvdata, &cc_req, desc, seq_len, 1);
+   rc = cc_send_request(ctx_p->drvdata, &cc_req, desc, seq_len,
+&req->base);
if (rc != -EINPROGRESS) {
/* Failed to send the request or request completed
 * synchronously
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 06cc5cd..21745bb 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -532,7 +532,7 @@ static int cc_hash_digest(struct ahash_request *req)
cc_set_endianity(ctx->hash_mode, &desc[idx]);
idx++;
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, idx, 1);
+   rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base);
if (rc != -EINPROGRESS) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
cc_unmap_hash_request(dev, state, src, true);
@@ -620,7 +620,7 @@ static int cc_hash_update(struct ahash_request *req)
set_setup_mode(&desc[idx], SETUP_WRITE_STATE1);
idx++;
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, idx, 1);
+   rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base);
if (rc != -EINPROGRESS) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
cc_unmap_hash_request(dev, state, src, true);
@@ -741,7 +741,7 @@ static int cc_hash_finup(struct ahash_request *req)
set_cipher_mode(&desc[idx], ctx->hw_mode);
idx++;
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, idx, 1);
+   rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base);
if (rc != -EINPROGRESS) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
cc_unmap_hash_request(dev, state, src, true);
@@ -873,7 +873,7 @@ static int cc_hash_final(struct ahash_request *req)
set_cipher_mode(&desc[idx], ctx->hw_mode);
idx++;
 
-   rc = send_request(ctx->drvdata, &cc_req, desc, idx, 1);
+   rc = cc_send_request(ctx->drvdata, &cc_req, desc, idx, &req->base);
if (rc != -EINPROGRESS) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
cc_unmap_hash_request(dev, state, src, true);
@@ -1014,7 +

[PATCH v2 10/27] staging: ccree: add backlog processing

[Gilad Ben-Yossef]

Crypto API tfm providers are required to provide a backlog
service, if so indicated, that queues up requests in the case
of the provider being busy and processing them later.

The ccree driver did not provide this facility. Add it now.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c|  26 +++---
 drivers/staging/ccree/ssi_cipher.c  |  13 ++-
 drivers/staging/ccree/ssi_driver.h  |   2 +-
 drivers/staging/ccree/ssi_hash.c|  28 +++
 drivers/staging/ccree/ssi_request_mgr.c | 136 ++--
 5 files changed, 163 insertions(+), 42 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index ec50014..cbe520d 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -211,19 +211,21 @@ static int cc_aead_init(struct crypto_aead *tfm)
return -ENOMEM;
 }
 
-static void cc_aead_complete(struct device *dev, void *cc_req)
+static void cc_aead_complete(struct device *dev, void *cc_req, int err)
 {
struct aead_request *areq = (struct aead_request *)cc_req;
struct aead_req_ctx *areq_ctx = aead_request_ctx(areq);
struct crypto_aead *tfm = crypto_aead_reqtfm(cc_req);
struct cc_aead_ctx *ctx = crypto_aead_ctx(tfm);
-   int err = 0;
 
cc_unmap_aead_request(dev, areq);
 
/* Restore ordinary iv pointer */
areq->iv = areq_ctx->backup_iv;
 
+   if (err)
+   goto done;
+
if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
if (memcmp(areq_ctx->mac_buf, areq_ctx->icv_virt_addr,
   ctx->authsize) != 0) {
@@ -258,7 +260,7 @@ static void cc_aead_complete(struct device *dev, void 
*cc_req)
   CCM_BLOCK_IV_OFFSET, CCM_BLOCK_IV_SIZE);
}
}
-
+done:
aead_request_complete(areq, err);
 }
 
@@ -2041,7 +2043,7 @@ static int cc_proc_aead(struct aead_request *req,
 
rc = cc_send_request(ctx->drvdata, &cc_req, desc, seq_len, &req->base);
 
-   if (rc != -EINPROGRESS) {
+   if (rc != -EINPROGRESS && rc != -EBUSY) {
dev_err(dev, "send_request() failed (rc=%d)\n", rc);
cc_unmap_aead_request(dev, req);
}
@@ -2063,7 +2065,7 @@ static int cc_aead_encrypt(struct aead_request *req)
areq_ctx->plaintext_authenticate_only = false;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 
return rc;
@@ -2092,7 +2094,7 @@ static int cc_rfc4309_ccm_encrypt(struct aead_request 
*req)
cc_proc_rfc4309_ccm(req);
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 out:
return rc;
@@ -2111,7 +2113,7 @@ static int cc_aead_decrypt(struct aead_request *req)
areq_ctx->plaintext_authenticate_only = false;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 
return rc;
@@ -2138,7 +2140,7 @@ static int cc_rfc4309_ccm_decrypt(struct aead_request 
*req)
cc_proc_rfc4309_ccm(req);
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 
 out:
@@ -2257,7 +2259,7 @@ static int cc_rfc4106_gcm_encrypt(struct aead_request 
*req)
areq_ctx->is_gcm4543 = true;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 out:
return rc;
@@ -2281,7 +2283,7 @@ static int cc_rfc4543_gcm_encrypt(struct aead_request 
*req)
areq_ctx->is_gcm4543 = true;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_ENCRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 
return rc;
@@ -2312,7 +2314,7 @@ static int cc_rfc4106_gcm_decrypt(struct aead_request 
*req)
areq_ctx->is_gcm4543 = true;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 out:
return rc;
@@ -2336,7 +2338,7 @@ static int cc_rfc4543_gcm_decrypt(struct aead_request 
*req)
areq_ctx->is_gcm4543 = true;
 
rc = cc_proc_aead(req, DRV_CRYPTO_DIRECTION_DECRYPT);
-   if (rc != -EINPROGRESS)
+   if (rc != -EINPROGRESS && rc != -EBUSY)
req->iv = areq_ctx->backup_iv;
 
return rc;
diff --git a/drivers/stagin

[PATCH v2 15/27] staging: ccree: use Makefile to include PM code

[Gilad Ben-Yossef]

Replace ugly ifdefs with some inline macros and Makefile magic
for optionally including power management related code for
better readability.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Makefile  |  3 ++-
 drivers/staging/ccree/ssi_pm.c  |  9 +---
 drivers/staging/ccree/ssi_pm.h  | 39 +++--
 drivers/staging/ccree/ssi_request_mgr.c | 18 ++-
 4 files changed, 37 insertions(+), 32 deletions(-)

diff --git a/drivers/staging/ccree/Makefile b/drivers/staging/ccree/Makefile
index bb47144..c107e25 100644
--- a/drivers/staging/ccree/Makefile
+++ b/drivers/staging/ccree/Makefile
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 
 obj-$(CONFIG_CRYPTO_DEV_CCREE) := ccree.o
-ccree-y := ssi_driver.o ssi_buffer_mgr.o ssi_request_mgr.o ssi_cipher.o 
ssi_hash.o ssi_aead.o ssi_ivgen.o ssi_sram_mgr.o ssi_pm.o
+ccree-y := ssi_driver.o ssi_buffer_mgr.o ssi_request_mgr.o ssi_cipher.o 
ssi_hash.o ssi_aead.o ssi_ivgen.o ssi_sram_mgr.o
 ccree-$(CONFIG_CRYPTO_FIPS) += ssi_fips.o
 ccree-$(CONFIG_DEBUG_FS) += cc_debugfs.o
+ccree-$(CONFIG_PM) += ssi_pm.o
diff --git a/drivers/staging/ccree/ssi_pm.c b/drivers/staging/ccree/ssi_pm.c
index 4031881..b0ace75 100644
--- a/drivers/staging/ccree/ssi_pm.c
+++ b/drivers/staging/ccree/ssi_pm.c
@@ -14,8 +14,6 @@
 #include "ssi_hash.h"
 #include "ssi_pm.h"
 
-#if defined(CONFIG_PM)
-
 #define POWER_DOWN_ENABLE 0x01
 #define POWER_DOWN_DISABLE 0x00
 
@@ -103,12 +101,9 @@ int cc_pm_put_suspend(struct device *dev)
return rc;
 }
 
-#endif
-
 int cc_pm_init(struct cc_drvdata *drvdata)
 {
int rc = 0;
-#if defined(CONFIG_PM)
struct device *dev = drvdata_to_dev(drvdata);
 
/* must be before the enabling to avoid resdundent suspending */
@@ -120,13 +115,11 @@ int cc_pm_init(struct cc_drvdata *drvdata)
return rc;
/* enable the PM module*/
pm_runtime_enable(dev);
-#endif
+
return rc;
 }
 
 void cc_pm_fini(struct cc_drvdata *drvdata)
 {
-#if defined(CONFIG_PM)
pm_runtime_disable(drvdata_to_dev(drvdata));
-#endif
 }
diff --git a/drivers/staging/ccree/ssi_pm.h b/drivers/staging/ccree/ssi_pm.h
index 138de71..c28f3aa 100644
--- a/drivers/staging/ccree/ssi_pm.h
+++ b/drivers/staging/ccree/ssi_pm.h
@@ -11,21 +11,46 @@
 
 #define CC_SUSPEND_TIMEOUT 3000
 
-int cc_pm_init(struct cc_drvdata *drvdata);
-
-void cc_pm_fini(struct cc_drvdata *drvdata);
-
 #if defined(CONFIG_PM)
 
 extern const struct dev_pm_ops ccree_pm;
 
+int cc_pm_init(struct cc_drvdata *drvdata);
+void cc_pm_fini(struct cc_drvdata *drvdata);
 int cc_pm_suspend(struct device *dev);
-
 int cc_pm_resume(struct device *dev);
-
 int cc_pm_get(struct device *dev);
-
 int cc_pm_put_suspend(struct device *dev);
+
+#else
+
+static inline int cc_pm_init(struct cc_drvdata *drvdata)
+{
+   return 0;
+}
+
+static inline void cc_pm_fini(struct cc_drvdata *drvdata) {}
+
+static inline int cc_pm_suspend(struct device *dev)
+{
+   return 0;
+}
+
+static inline int cc_pm_resume(struct device *dev)
+{
+   return 0;
+}
+
+static inline int cc_pm_get(struct device *dev)
+{
+   return 0;
+}
+
+static inline int cc_pm_put_suspend(struct device *dev)
+{
+   return 0;
+}
+
 #endif
 
 #endif /*__POWER_MGR_H__*/
diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index e99c148..01f4756 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -46,9 +46,7 @@ struct cc_req_mgr_handle {
 #else
struct tasklet_struct comptask;
 #endif
-#if defined(CONFIG_PM)
bool is_runtime_suspended;
-#endif
 };
 
 struct cc_bl_item {
@@ -404,9 +402,7 @@ static void cc_proc_backlog(struct cc_drvdata *drvdata)
spin_unlock(&mgr->hw_lock);
 
if (rc != -EINPROGRESS) {
-#if defined(CONFIG_PM)
cc_pm_put_suspend(dev);
-#endif
creq->user_cb(dev, req, rc);
}
 
@@ -432,13 +428,12 @@ int cc_send_request(struct cc_drvdata *drvdata, struct 
cc_crypto_req *cc_req,
gfp_t flags = cc_gfp_flags(req);
struct cc_bl_item *bli;
 
-#if defined(CONFIG_PM)
rc = cc_pm_get(dev);
if (rc) {
dev_err(dev, "ssi_power_mgr_runtime_get returned %x\n", rc);
return rc;
}
-#endif
+
spin_lock_bh(&mgr->hw_lock);
rc = cc_queues_status(drvdata, mgr, total_len);
 
@@ -452,9 +447,7 @@ int cc_send_request(struct cc_drvdata *drvdata, struct 
cc_crypto_req *cc_req,
 
bli = kmalloc(sizeof(*bli), flags);
if (!bli) {
-#if defined(CONFIG_PM)
cc_pm_put_suspend(dev);
-#endif
return -ENOMEM;
}
 
@@ -486,13 +479,12 @@ int cc_send_sync_request(struct cc_drvdata *drvdata,
cc_req->user_cb = request_mgr_complete;
cc_req->user_arg = &cc_req->seq_compl;
 
-#if defined(CONFIG_PM)
   

[PATCH v2 14/27] staging: ccree: handle end of sg list gracefully

[Gilad Ben-Yossef]

If we are asked for number of entries of an offset bigger than the
sg list we should not crash.

Cc: sta...@vger.kernel.org
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 13cb062..9e3f557 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -94,7 +94,7 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
 {
unsigned int nents = 0;
 
-   while (nbytes) {
+   while (nbytes && sg_list) {
if (sg_list->length) {
nents++;
/* get the number of bytes in the last entry */
-- 
2.7.4

[PATCH v2 12/27] staging: ccree: failing the suspend is not an error

[Gilad Ben-Yossef]

PM suspend returning a none zero value is not an error. It simply
indicates a suspend is not advised right now so don't treat it as
an error.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_request_mgr.c | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index db3b29f..e99c148 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -598,9 +598,6 @@ static void proc_completions(struct cc_drvdata *drvdata)
drvdata->request_mgr_handle;
unsigned int *tail = &request_mgr_handle->req_queue_tail;
unsigned int *head = &request_mgr_handle->req_queue_head;
-#if defined(CONFIG_PM)
-   int rc = 0;
-#endif
 
while (request_mgr_handle->axi_completed) {
request_mgr_handle->axi_completed--;
@@ -625,10 +622,7 @@ static void proc_completions(struct cc_drvdata *drvdata)
dev_dbg(dev, "Request completed. axi_completed=%d\n",
request_mgr_handle->axi_completed);
 #if defined(CONFIG_PM)
-   rc = cc_pm_put_suspend(dev);
-   if (rc)
-   dev_err(dev, "Failed to set runtime suspension %d\n",
-   rc);
+   cc_pm_put_suspend(dev);
 #endif
}
 }
-- 
2.7.4

[PATCH v2 16/27] staging: ccree: remove unused field

[Gilad Ben-Yossef]

Remove unused struct field.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index e05c87d..4e11b5d 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -23,7 +23,6 @@ struct cc_hash_handle {
cc_sram_addr_t digest_len_sram_addr; /* const value in SRAM*/
cc_sram_addr_t larval_digest_sram_addr;   /* const value in SRAM */
struct list_head hash_list;
-   struct completion init_comp;
 };
 
 static const u32 digest_len_init[] = {
-- 
2.7.4

[PATCH v2 18/27] staging: ccree: allocate hash bufs inside req ctx

[Gilad Ben-Yossef]

Move to allocating the buffers needed for requests as part of
the request structure instead of malloc'ing each one on it's
own, making for simpler (and more efficient) code.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 68 
 drivers/staging/ccree/ssi_hash.h | 12 +++
 2 files changed, 12 insertions(+), 68 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index a8ea6a2..69fc2fcf3 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -108,7 +108,7 @@ static int cc_map_result(struct device *dev, struct 
ahash_req_ctx *state,
 unsigned int digestsize)
 {
state->digest_result_dma_addr =
-   dma_map_single(dev, (void *)state->digest_result_buff,
+   dma_map_single(dev, state->digest_result_buff,
   digestsize,
   DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, state->digest_result_dma_addr)) {
@@ -129,49 +129,15 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
bool is_hmac = ctx->is_hmac;
int rc = -ENOMEM;
 
-   state->buffers[0] = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
-   if (!state->buffers[0])
-   goto fail0;
-
-   state->buffers[1] = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
-   if (!state->buffers[1])
-   goto fail_buff0;
-
-   state->digest_result_buff = kzalloc(CC_MAX_HASH_DIGEST_SIZE, flags);
-   if (!state->digest_result_buff)
-   goto fail_buff1;
-
-   state->digest_buff = kzalloc(ctx->inter_digestsize, flags);
-   if (!state->digest_buff)
-   goto fail_digest_result_buff;
-
-   dev_dbg(dev, "Allocated digest-buffer in context 
ctx->digest_buff=@%p\n",
-   state->digest_buff);
-   if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC) {
-   state->digest_bytes_len = kzalloc(HASH_LEN_SIZE, flags);
-   if (!state->digest_bytes_len)
-   goto fail1;
-
-   dev_dbg(dev, "Allocated digest-bytes-len in context 
state->>digest_bytes_len=@%p\n",
-   state->digest_bytes_len);
-   } else {
-   state->digest_bytes_len = NULL;
-   }
-
-   state->opad_digest_buff = kzalloc(ctx->inter_digestsize, flags);
-   if (!state->opad_digest_buff)
-   goto fail2;
-
-   dev_dbg(dev, "Allocated opad-digest-buffer in context 
state->digest_bytes_len=@%p\n",
-   state->opad_digest_buff);
+   memset(state, 0, sizeof(*state));
 
state->digest_buff_dma_addr =
-   dma_map_single(dev, (void *)state->digest_buff,
+   dma_map_single(dev, state->digest_buff,
   ctx->inter_digestsize, DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, state->digest_buff_dma_addr)) {
dev_err(dev, "Mapping digest len %d B at va=%pK for DMA 
failed\n",
ctx->inter_digestsize, state->digest_buff);
-   goto fail3;
+   goto fail0;
}
dev_dbg(dev, "Mapped digest %d B at va=%pK to dma=%pad\n",
ctx->inter_digestsize, state->digest_buff,
@@ -221,7 +187,7 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
 
if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC) {
state->digest_bytes_len_dma_addr =
-   dma_map_single(dev, (void *)state->digest_bytes_len,
+   dma_map_single(dev, state->digest_bytes_len,
   HASH_LEN_SIZE, DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, state->digest_bytes_len_dma_addr)) {
dev_err(dev, "Mapping digest len %u B at va=%pK for DMA 
failed\n",
@@ -237,7 +203,7 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
 
if (is_hmac && ctx->hash_mode != DRV_HASH_NULL) {
state->opad_digest_dma_addr =
-   dma_map_single(dev, (void *)state->opad_digest_buff,
+   dma_map_single(dev, state->opad_digest_buff,
   ctx->inter_digestsize,
   DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, state->opad_digest_dma_addr)) {
@@ -271,21 +237,6 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
 ctx->inter_digestsize, DMA_BIDIRECTIONAL);
state->digest_buff_dma_addr = 0;
}
-fail3:
-   kfree(state->opad_digest_buff);
-fail2:
-   kfree(state->digest_bytes_len);
-fail1:
-kfree(state->digest_buff);
-fail_digest_result_buff:
-   kfree(state->digest_result_buff);
-   state->digest_result_buff = NULL;
-fail_buff1:
-   kfree(state->buffers[1]);
-   state->buffers[1] = NULL;

[PATCH v2 17/27] staging: ccree: use array for double buffer

[Gilad Ben-Yossef]

The ccree hash code is using a double buffer to hold data
for processing but manages the buffers and their associated
data count in two separate fields and uses a predicate to
chose which to use.

Move to using a proper 2 members array for a much cleaner code.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 21 +++-
 drivers/staging/ccree/ssi_hash.c   | 36 --
 drivers/staging/ccree/ssi_hash.h   | 26 
 3 files changed, 46 insertions(+), 37 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 9e3f557..9f67bb7 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -1391,10 +1391,8 @@ int cc_map_hash_request_final(struct cc_drvdata 
*drvdata, void *ctx,
 {
struct ahash_req_ctx *areq_ctx = (struct ahash_req_ctx *)ctx;
struct device *dev = drvdata_to_dev(drvdata);
-   u8 *curr_buff = areq_ctx->buff_index ? areq_ctx->buff1 :
-   areq_ctx->buff0;
-   u32 *curr_buff_cnt = areq_ctx->buff_index ? &areq_ctx->buff1_cnt :
-   &areq_ctx->buff0_cnt;
+   u8 *curr_buff = cc_hash_buf(areq_ctx);
+   u32 *curr_buff_cnt = cc_hash_buf_cnt(areq_ctx);
struct mlli_params *mlli_params = &areq_ctx->mlli_params;
struct buffer_array sg_data;
struct buff_mgr_handle *buff_mgr = drvdata->buff_mgr_handle;
@@ -1472,14 +1470,10 @@ int cc_map_hash_request_update(struct cc_drvdata 
*drvdata, void *ctx,
 {
struct ahash_req_ctx *areq_ctx = (struct ahash_req_ctx *)ctx;
struct device *dev = drvdata_to_dev(drvdata);
-   u8 *curr_buff = areq_ctx->buff_index ? areq_ctx->buff1 :
-   areq_ctx->buff0;
-   u32 *curr_buff_cnt = areq_ctx->buff_index ? &areq_ctx->buff1_cnt :
-   &areq_ctx->buff0_cnt;
-   u8 *next_buff = areq_ctx->buff_index ? areq_ctx->buff0 :
-   areq_ctx->buff1;
-   u32 *next_buff_cnt = areq_ctx->buff_index ? &areq_ctx->buff0_cnt :
-   &areq_ctx->buff1_cnt;
+   u8 *curr_buff = cc_hash_buf(areq_ctx);
+   u32 *curr_buff_cnt = cc_hash_buf_cnt(areq_ctx);
+   u8 *next_buff = cc_next_buf(areq_ctx);
+   u32 *next_buff_cnt = cc_next_buf_cnt(areq_ctx);
struct mlli_params *mlli_params = &areq_ctx->mlli_params;
unsigned int update_data_len;
u32 total_in_len = nbytes + *curr_buff_cnt;
@@ -1585,8 +1579,7 @@ void cc_unmap_hash_request(struct device *dev, void *ctx,
   struct scatterlist *src, bool do_revert)
 {
struct ahash_req_ctx *areq_ctx = (struct ahash_req_ctx *)ctx;
-   u32 *prev_len = areq_ctx->buff_index ?  &areq_ctx->buff0_cnt :
-   &areq_ctx->buff1_cnt;
+   u32 *prev_len = cc_next_buf_cnt(areq_ctx);
 
/*In case a pool was set, a table was
 *allocated and should be released
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 4e11b5d..a8ea6a2 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -129,12 +129,12 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
bool is_hmac = ctx->is_hmac;
int rc = -ENOMEM;
 
-   state->buff0 = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
-   if (!state->buff0)
+   state->buffers[0] = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
+   if (!state->buffers[0])
goto fail0;
 
-   state->buff1 = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
-   if (!state->buff1)
+   state->buffers[1] = kzalloc(CC_MAX_HASH_BLCK_SIZE, flags);
+   if (!state->buffers[1])
goto fail_buff0;
 
state->digest_result_buff = kzalloc(CC_MAX_HASH_DIGEST_SIZE, flags);
@@ -252,8 +252,8 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
} else {
state->opad_digest_dma_addr = 0;
}
-   state->buff0_cnt = 0;
-   state->buff1_cnt = 0;
+   state->buf_cnt[0] = 0;
+   state->buf_cnt[1] = 0;
state->buff_index = 0;
state->mlli_params.curr_pool = NULL;
 
@@ -281,11 +281,11 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
kfree(state->digest_result_buff);
state->digest_result_buff = NULL;
 fail_buff1:
-   kfree(state->buff1);
-   state->buff1 = NULL;
+   kfree(state->buffers[1]);
+   state->buffers[1] = NULL;
 fail_buff0:
-   kfree(state->buff0);
-   state->buff0 = NULL;
+   kfree(state->buffers[0]);
+   state->buffers[0] = NULL;
 fail0:
return rc;
 }
@@ -319,8 +319,8 @@ static void cc_unmap_req(struct device *dev, struct 
ahash_req_ctx *state,
kfree(state->digest_bytes_len);
kfree(state->digest_buff);
kfree(state->digest_result_buff);
-   kfree(state->

[PATCH v2 19/27] staging: ccree: do not map bufs in ahash_init

[Gilad Ben-Yossef]

hash_init was mapping DMA memory that were then being unmap in
hash_digest/final/finup callbacks, which is against the Crypto API
usage rules (see discussion at
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30077.html)

Fix it by moving all buffer mapping/unmapping or each Crypto API op.

This also properly deals with hash_import() not knowing if
hash_init was called or not as it now no longer matters.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 192 +--
 1 file changed, 103 insertions(+), 89 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 69fc2fcf3..11d83c2 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -123,34 +123,20 @@ static int cc_map_result(struct device *dev, struct 
ahash_req_ctx *state,
return 0;
 }
 
-static int cc_map_req(struct device *dev, struct ahash_req_ctx *state,
- struct cc_hash_ctx *ctx, gfp_t flags)
+static void cc_init_req(struct device *dev, struct ahash_req_ctx *state,
+   struct cc_hash_ctx *ctx)
 {
bool is_hmac = ctx->is_hmac;
-   int rc = -ENOMEM;
 
memset(state, 0, sizeof(*state));
 
-   state->digest_buff_dma_addr =
-   dma_map_single(dev, state->digest_buff,
-  ctx->inter_digestsize, DMA_BIDIRECTIONAL);
-   if (dma_mapping_error(dev, state->digest_buff_dma_addr)) {
-   dev_err(dev, "Mapping digest len %d B at va=%pK for DMA 
failed\n",
-   ctx->inter_digestsize, state->digest_buff);
-   goto fail0;
-   }
-   dev_dbg(dev, "Mapped digest %d B at va=%pK to dma=%pad\n",
-   ctx->inter_digestsize, state->digest_buff,
-   &state->digest_buff_dma_addr);
-
if (is_hmac) {
-   dma_sync_single_for_cpu(dev, ctx->digest_buff_dma_addr,
-   ctx->inter_digestsize,
-   DMA_BIDIRECTIONAL);
-   if (ctx->hw_mode == DRV_CIPHER_XCBC_MAC ||
-   ctx->hw_mode == DRV_CIPHER_CMAC) {
-   memset(state->digest_buff, 0, ctx->inter_digestsize);
-   } else { /*sha*/
+   if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC &&
+   ctx->hw_mode != DRV_CIPHER_CMAC) {
+   dma_sync_single_for_cpu(dev, ctx->digest_buff_dma_addr,
+   ctx->inter_digestsize,
+   DMA_BIDIRECTIONAL);
+
memcpy(state->digest_buff, ctx->digest_buff,
   ctx->inter_digestsize);
 #if (CC_DEV_SHA_MAX > 256)
@@ -181,9 +167,24 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
 
memcpy(state->digest_buff, larval, ctx->inter_digestsize);
}
+}
 
-   dma_sync_single_for_device(dev, state->digest_buff_dma_addr,
-  ctx->inter_digestsize, DMA_BIDIRECTIONAL);
+static int cc_map_req(struct device *dev, struct ahash_req_ctx *state,
+ struct cc_hash_ctx *ctx)
+{
+   bool is_hmac = ctx->is_hmac;
+
+   state->digest_buff_dma_addr =
+   dma_map_single(dev, state->digest_buff,
+  ctx->inter_digestsize, DMA_BIDIRECTIONAL);
+   if (dma_mapping_error(dev, state->digest_buff_dma_addr)) {
+   dev_err(dev, "Mapping digest len %d B at va=%pK for DMA 
failed\n",
+   ctx->inter_digestsize, state->digest_buff);
+   return -EINVAL;
+   }
+   dev_dbg(dev, "Mapped digest %d B at va=%pK to dma=%pad\n",
+   ctx->inter_digestsize, state->digest_buff,
+   &state->digest_buff_dma_addr);
 
if (ctx->hw_mode != DRV_CIPHER_XCBC_MAC) {
state->digest_bytes_len_dma_addr =
@@ -192,13 +193,11 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
if (dma_mapping_error(dev, state->digest_bytes_len_dma_addr)) {
dev_err(dev, "Mapping digest len %u B at va=%pK for DMA 
failed\n",
HASH_LEN_SIZE, state->digest_bytes_len);
-   goto fail4;
+   goto unmap_digest_buf;
}
dev_dbg(dev, "Mapped digest len %u B at va=%pK to dma=%pad\n",
HASH_LEN_SIZE, state->digest_bytes_len,
&state->digest_bytes_len_dma_addr);
-   } else {
-   state->digest_bytes_len_dma_addr = 0;
}
 
if (is_hmac && ctx->hash_mode != DRV_HASH_NULL) {
@@ -210,35 +209,29 @@ static int cc_map_req(struct device *dev, struct 
ahash_req_ctx *state,
dev_err(dev, "Mapping opad digest %d B at va=%pK for 
DMA failed\n",
 

[PATCH v2 20/27] staging: ccree: fix indentation of func params

[Gilad Ben-Yossef]

Fix indentation of some function params in hash code for
better readability.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 46 +---
 1 file changed, 20 insertions(+), 26 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 11d83c2..6e696ff 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -109,8 +109,7 @@ static int cc_map_result(struct device *dev, struct 
ahash_req_ctx *state,
 {
state->digest_result_dma_addr =
dma_map_single(dev, state->digest_result_buff,
-  digestsize,
-  DMA_BIDIRECTIONAL);
+  digestsize, DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, state->digest_result_dma_addr)) {
dev_err(dev, "Mapping digest result buffer %u B for DMA 
failed\n",
digestsize);
@@ -264,16 +263,12 @@ static void cc_unmap_result(struct device *dev, struct 
ahash_req_ctx *state,
unsigned int digestsize, u8 *result)
 {
if (state->digest_result_dma_addr) {
-   dma_unmap_single(dev,
-state->digest_result_dma_addr,
-digestsize,
- DMA_BIDIRECTIONAL);
+   dma_unmap_single(dev, state->digest_result_dma_addr, digestsize,
+DMA_BIDIRECTIONAL);
dev_dbg(dev, "unmpa digest result buffer va (%pK) pa (%pad) len 
%u\n",
state->digest_result_buff,
&state->digest_result_dma_addr, digestsize);
-   memcpy(result,
-  state->digest_result_buff,
-  digestsize);
+   memcpy(result, state->digest_result_buff, digestsize);
}
state->digest_result_dma_addr = 0;
 }
@@ -1100,25 +1095,25 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash,
hw_desc_init(&desc[idx]);
set_din_const(&desc[idx], 0x01010101, CC_AES_128_BIT_KEY_SIZE);
set_flow_mode(&desc[idx], DIN_AES_DOUT);
-   set_dout_dlli(&desc[idx], (ctx->opad_tmp_keys_dma_addr +
-  XCBC_MAC_K1_OFFSET),
- CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
+   set_dout_dlli(&desc[idx],
+ (ctx->opad_tmp_keys_dma_addr + XCBC_MAC_K1_OFFSET),
+ CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
idx++;
 
hw_desc_init(&desc[idx]);
set_din_const(&desc[idx], 0x02020202, CC_AES_128_BIT_KEY_SIZE);
set_flow_mode(&desc[idx], DIN_AES_DOUT);
-   set_dout_dlli(&desc[idx], (ctx->opad_tmp_keys_dma_addr +
-  XCBC_MAC_K2_OFFSET),
- CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
+   set_dout_dlli(&desc[idx],
+ (ctx->opad_tmp_keys_dma_addr + XCBC_MAC_K2_OFFSET),
+ CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
idx++;
 
hw_desc_init(&desc[idx]);
set_din_const(&desc[idx], 0x03030303, CC_AES_128_BIT_KEY_SIZE);
set_flow_mode(&desc[idx], DIN_AES_DOUT);
-   set_dout_dlli(&desc[idx], (ctx->opad_tmp_keys_dma_addr +
-  XCBC_MAC_K3_OFFSET),
-  CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
+   set_dout_dlli(&desc[idx],
+ (ctx->opad_tmp_keys_dma_addr + XCBC_MAC_K3_OFFSET),
+ CC_AES_128_BIT_KEY_SIZE, NS_BIT, 0);
idx++;
 
rc = cc_send_sync_request(ctx->drvdata, &cc_req, desc, idx);
@@ -1245,8 +1240,7 @@ static int cc_cra_init(struct crypto_tfm *tfm)
struct ahash_alg *ahash_alg =
container_of(hash_alg_common, struct ahash_alg, halg);
struct cc_hash_alg *cc_alg =
-   container_of(ahash_alg, struct cc_hash_alg,
-ahash_alg);
+   container_of(ahash_alg, struct cc_hash_alg, ahash_alg);
 
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
 sizeof(struct ahash_req_ctx));
@@ -1391,8 +1385,8 @@ static int cc_mac_final(struct ahash_request *req)
set_cipher_mode(&desc[idx], DRV_CIPHER_ECB);
set_cipher_config0(&desc[idx], DRV_CRYPTO_DIRECTION_DECRYPT);
set_din_type(&desc[idx], DMA_DLLI,
-(ctx->opad_tmp_keys_dma_addr +
- XCBC_MAC_K1_OFFSET), key_size, NS_BIT);
+(ctx->opad_tmp_keys_dma_addr + XCBC_MAC_K1_OFFSET),
+key_size, NS_BIT);
set_key_size_aes(&desc[idx], key_len);
set_flow_mode(&desc[idx], S_DIN_to_AES);
set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
@@ -2197,8 +2191,8 @@ static v

[PATCH v2 25/27] staging: ccree: remove unneeded includes

[Gilad Ben-Yossef]

Remove include files not needed for compilation.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_aead.c|  7 ---
 drivers/staging/ccree/cc_buffer_mgr.c  |  6 --
 drivers/staging/ccree/cc_cipher.c  |  4 
 drivers/staging/ccree/cc_driver.c  | 31 ---
 drivers/staging/ccree/cc_hash.c|  2 --
 drivers/staging/ccree/cc_ivgen.c   |  1 -
 drivers/staging/ccree/cc_pm.c  |  2 --
 drivers/staging/ccree/cc_request_mgr.c |  5 -
 8 files changed, 58 deletions(-)

diff --git a/drivers/staging/ccree/cc_aead.c b/drivers/staging/ccree/cc_aead.c
index 0560cc9..494f973 100644
--- a/drivers/staging/ccree/cc_aead.c
+++ b/drivers/staging/ccree/cc_aead.c
@@ -3,18 +3,11 @@
 
 #include 
 #include 
-#include 
 #include 
-#include 
-#include 
 #include 
-#include 
-#include 
 #include 
-#include 
 #include 
 #include 
-#include 
 #include "cc_driver.h"
 #include "cc_buffer_mgr.h"
 #include "cc_aead.h"
diff --git a/drivers/staging/ccree/cc_buffer_mgr.c 
b/drivers/staging/ccree/cc_buffer_mgr.c
index 13275eb..85408ca 100644
--- a/drivers/staging/ccree/cc_buffer_mgr.c
+++ b/drivers/staging/ccree/cc_buffer_mgr.c
@@ -1,17 +1,11 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
 
-#include 
-#include 
-#include 
 #include 
-#include 
 #include 
 #include 
 #include 
 #include 
-#include 
-#include 
 
 #include "cc_buffer_mgr.h"
 #include "cc_lli_defs.h"
diff --git a/drivers/staging/ccree/cc_cipher.c 
b/drivers/staging/ccree/cc_cipher.c
index 37635aa..a768710 100644
--- a/drivers/staging/ccree/cc_cipher.c
+++ b/drivers/staging/ccree/cc_cipher.c
@@ -3,12 +3,8 @@
 
 #include 
 #include 
-#include 
-#include 
 #include 
 #include 
-#include 
-#include 
 #include 
 #include 
 #include 
diff --git a/drivers/staging/ccree/cc_driver.c 
b/drivers/staging/ccree/cc_driver.c
index ddf0cb8..0197aa2 100644
--- a/drivers/staging/ccree/cc_driver.c
+++ b/drivers/staging/ccree/cc_driver.c
@@ -5,43 +5,12 @@
 #include 
 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include 
 #include 
 #include 
-#include 
-#include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
 #include 
-#include 
-
-/* cache.h required for L1_CACHE_ALIGN() and cache_line_size() */
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
 #include 
 #include 
diff --git a/drivers/staging/ccree/cc_hash.c b/drivers/staging/ccree/cc_hash.c
index c47084b..de49314 100644
--- a/drivers/staging/ccree/cc_hash.c
+++ b/drivers/staging/ccree/cc_hash.c
@@ -3,10 +3,8 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
diff --git a/drivers/staging/ccree/cc_ivgen.c b/drivers/staging/ccree/cc_ivgen.c
index 892cd78..5defe1f 100644
--- a/drivers/staging/ccree/cc_ivgen.c
+++ b/drivers/staging/ccree/cc_ivgen.c
@@ -1,7 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
 
-#include 
 #include 
 #include "cc_driver.h"
 #include "cc_ivgen.h"
diff --git a/drivers/staging/ccree/cc_pm.c b/drivers/staging/ccree/cc_pm.c
index 8a28cfd..273216d 100644
--- a/drivers/staging/ccree/cc_pm.c
+++ b/drivers/staging/ccree/cc_pm.c
@@ -2,9 +2,7 @@
 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
 
 #include 
-#include 
 #include 
-#include 
 #include 
 #include "cc_driver.h"
 #include "cc_buffer_mgr.h"
diff --git a/drivers/staging/ccree/cc_request_mgr.c 
b/drivers/staging/ccree/cc_request_mgr.c
index eacf944..fe62dd8 100644
--- a/drivers/staging/ccree/cc_request_mgr.c
+++ b/drivers/staging/ccree/cc_request_mgr.c
@@ -2,11 +2,6 @@
 /* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include "cc_driver.h"
 #include "cc_buffer_mgr.h"
 #include "cc_request_mgr.h"
-- 
2.7.4

[PATCH v2 26/27] staging: ccree: update TODO

[Gilad Ben-Yossef]

Update TODO to reflect work done

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/TODO | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/TODO b/drivers/staging/ccree/TODO
index 6d8702b..b8e163d 100644
--- a/drivers/staging/ccree/TODO
+++ b/drivers/staging/ccree/TODO
@@ -6,5 +6,5 @@
 *  *
 *
 
-1. Handle HW FIFO fullness more cleanly.
+1. ???
 
-- 
2.7.4

[PATCH v2 27/27] staging: ccree: add missing include

[Gilad Ben-Yossef]

Add the missing include of include file with function declarations.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_debugfs.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/staging/ccree/cc_debugfs.c 
b/drivers/staging/ccree/cc_debugfs.c
index 363a0ef..e07cbb1 100644
--- a/drivers/staging/ccree/cc_debugfs.c
+++ b/drivers/staging/ccree/cc_debugfs.c
@@ -6,6 +6,7 @@
 #include 
 #include "cc_driver.h"
 #include "cc_crypto_ctx.h"
+#include "cc_debugfs.h"
 
 struct cc_debugfs_ctx {
struct dentry *dir;
-- 
2.7.4

[PATCH v2 21/27] staging: ccree: fold common code into service func

[Gilad Ben-Yossef]

Fold common code in hash call into service functions.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 339 ++-
 1 file changed, 116 insertions(+), 223 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 6e696ff..731c0d6 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -319,6 +319,84 @@ static void cc_hash_complete(struct device *dev, void 
*cc_req, int err)
req->base.complete(&req->base, err);
 }
 
+static int cc_fin_result(struct cc_hw_desc *desc, struct ahash_request *req,
+int idx)
+{
+   struct ahash_req_ctx *state = ahash_request_ctx(req);
+   struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+   struct cc_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+   u32 digestsize = crypto_ahash_digestsize(tfm);
+
+   /* Get final MAC result */
+   hw_desc_init(&desc[idx]);
+   set_cipher_mode(&desc[idx], ctx->hw_mode);
+   /* TODO */
+   set_dout_dlli(&desc[idx], state->digest_result_dma_addr, digestsize,
+ NS_BIT, 1);
+   set_queue_last_ind(&desc[idx]);
+   set_flow_mode(&desc[idx], S_HASH_to_DOUT);
+   set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
+   set_cipher_config1(&desc[idx], HASH_PADDING_DISABLED);
+   cc_set_endianity(ctx->hash_mode, &desc[idx]);
+   idx++;
+
+   return idx;
+}
+
+static int cc_fin_hmac(struct cc_hw_desc *desc, struct ahash_request *req,
+  int idx)
+{
+   struct ahash_req_ctx *state = ahash_request_ctx(req);
+   struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+   struct cc_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+   u32 digestsize = crypto_ahash_digestsize(tfm);
+
+   /* store the hash digest result in the context */
+   hw_desc_init(&desc[idx]);
+   set_cipher_mode(&desc[idx], ctx->hw_mode);
+   set_dout_dlli(&desc[idx], state->digest_buff_dma_addr, digestsize,
+ NS_BIT, 0);
+   set_flow_mode(&desc[idx], S_HASH_to_DOUT);
+   cc_set_endianity(ctx->hash_mode, &desc[idx]);
+   set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
+   idx++;
+
+   /* Loading hash opad xor key state */
+   hw_desc_init(&desc[idx]);
+   set_cipher_mode(&desc[idx], ctx->hw_mode);
+   set_din_type(&desc[idx], DMA_DLLI, state->opad_digest_dma_addr,
+ctx->inter_digestsize, NS_BIT);
+   set_flow_mode(&desc[idx], S_DIN_to_HASH);
+   set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
+   idx++;
+
+   /* Load the hash current length */
+   hw_desc_init(&desc[idx]);
+   set_cipher_mode(&desc[idx], ctx->hw_mode);
+   set_din_sram(&desc[idx],
+cc_digest_len_addr(ctx->drvdata, ctx->hash_mode),
+HASH_LEN_SIZE);
+   set_cipher_config1(&desc[idx], HASH_PADDING_ENABLED);
+   set_flow_mode(&desc[idx], S_DIN_to_HASH);
+   set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
+   idx++;
+
+   /* Memory Barrier: wait for IPAD/OPAD axi write to complete */
+   hw_desc_init(&desc[idx]);
+   set_din_no_dma(&desc[idx], 0, 0xf0);
+   set_dout_no_dma(&desc[idx], 0, 0, 1);
+   idx++;
+
+   /* Perform HASH update */
+   hw_desc_init(&desc[idx]);
+   set_din_type(&desc[idx], DMA_DLLI, state->digest_buff_dma_addr,
+digestsize, NS_BIT);
+   set_flow_mode(&desc[idx], DIN_HASH);
+   idx++;
+
+   return idx;
+}
+
 static int cc_hash_digest(struct ahash_request *req)
 {
struct ahash_req_ctx *state = ahash_request_ctx(req);
@@ -414,62 +492,10 @@ static int cc_hash_digest(struct ahash_request *req)
set_cipher_do(&desc[idx], DO_PAD);
idx++;
 
-   /* store the hash digest result in the context */
-   hw_desc_init(&desc[idx]);
-   set_cipher_mode(&desc[idx], ctx->hw_mode);
-   set_dout_dlli(&desc[idx], state->digest_buff_dma_addr,
- digestsize, NS_BIT, 0);
-   set_flow_mode(&desc[idx], S_HASH_to_DOUT);
-   cc_set_endianity(ctx->hash_mode, &desc[idx]);
-   set_setup_mode(&desc[idx], SETUP_WRITE_STATE0);
-   idx++;
-
-   /* Loading hash opad xor key state */
-   hw_desc_init(&desc[idx]);
-   set_cipher_mode(&desc[idx], ctx->hw_mode);
-   set_din_type(&desc[idx], DMA_DLLI, state->opad_digest_dma_addr,
-ctx->inter_digestsize, NS_BIT);
-   set_flow_mode(&desc[idx], S_DIN_to_HASH);
-   set_setup_mode(&desc[idx], SETUP_LOAD_STATE0);
-   idx++;
-
-   /* Load the hash current length */
-   hw_desc_init(&desc[idx]);
-   set_cipher_mode(&desc[idx], ctx->hw_mode);
-   set_din_sram(&desc[idx],
-cc_

[PATCH v2 23/27] stating: ccree: fix allocation of void sized buf

[Gilad Ben-Yossef]

We were allocating buffers using sizeof(*struct->field) where field was
type void.  Fix it by having a local variable with the real type.

Cc: sta...@vger.kernel.org
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_ivgen.c| 9 -
 drivers/staging/ccree/ssi_sram_mgr.c | 9 ++---
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/staging/ccree/ssi_ivgen.c 
b/drivers/staging/ccree/ssi_ivgen.c
index 94a0502..9d8d307 100644
--- a/drivers/staging/ccree/ssi_ivgen.c
+++ b/drivers/staging/ccree/ssi_ivgen.c
@@ -175,13 +175,10 @@ int cc_ivgen_init(struct cc_drvdata *drvdata)
int rc;
 
/* Allocate "this" context */
-   drvdata->ivgen_handle = kzalloc(sizeof(*drvdata->ivgen_handle),
-   GFP_KERNEL);
-   if (!drvdata->ivgen_handle)
+   ivgen_ctx = kzalloc(sizeof(*ivgen_ctx), GFP_KERNEL);
+   if (!ivgen_ctx)
return -ENOMEM;
 
-   ivgen_ctx = drvdata->ivgen_handle;
-
/* Allocate pool's header for initial enc. key/IV */
ivgen_ctx->pool_meta = dma_alloc_coherent(device, CC_IVPOOL_META_SIZE,
  &ivgen_ctx->pool_meta_dma,
@@ -200,6 +197,8 @@ int cc_ivgen_init(struct cc_drvdata *drvdata)
goto out;
}
 
+   drvdata->ivgen_handle = ivgen_ctx;
+
return cc_init_iv_sram(drvdata);
 
 out:
diff --git a/drivers/staging/ccree/ssi_sram_mgr.c 
b/drivers/staging/ccree/ssi_sram_mgr.c
index e178385..3a93299 100644
--- a/drivers/staging/ccree/ssi_sram_mgr.c
+++ b/drivers/staging/ccree/ssi_sram_mgr.c
@@ -32,13 +32,16 @@ void cc_sram_mgr_fini(struct cc_drvdata *drvdata)
  */
 int cc_sram_mgr_init(struct cc_drvdata *drvdata)
 {
+   struct cc_sram_ctx *ctx;
+
/* Allocate "this" context */
-   drvdata->sram_mgr_handle = kzalloc(sizeof(*drvdata->sram_mgr_handle),
-  GFP_KERNEL);
+   ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
 
-   if (!drvdata->sram_mgr_handle)
+   if (!ctx)
return -ENOMEM;
 
+   drvdata->sram_mgr_handle = ctx;
+
return 0;
 }
 
-- 
2.7.4

[PATCH v2 22/27] staging: ccree: put pointer next to var name

[Gilad Ben-Yossef]

Put pointer next to var name as per coding style.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_request_mgr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index 01f4756..82377d2 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -166,7 +166,7 @@ static void enqueue_seq(struct cc_drvdata *drvdata, struct 
cc_hw_desc seq[],
unsigned int seq_len)
 {
int i, w;
-   void * __iomem reg = drvdata->cc_base + CC_REG(DSCRPTR_QUEUE_WORD0);
+   void __iomem *reg = drvdata->cc_base + CC_REG(DSCRPTR_QUEUE_WORD0);
struct device *dev = drvdata_to_dev(drvdata);
 
/*
-- 
2.7.4

[PATCH v2 13/27] staging: ccree: check DMA pool buf !NULL before free

[Gilad Ben-Yossef]

If we ran out of DMA pool buffers, we get into the unmap
code path with a NULL before. Deal with this by checking
the virtual mapping is not NULL.

Cc: sta...@vger.kernel.org
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 5e3cff3..13cb062 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -465,7 +465,8 @@ void cc_unmap_blkcipher_request(struct device *dev, void 
*ctx,
 DMA_TO_DEVICE);
}
/* Release pool */
-   if (req_ctx->dma_buf_type == CC_DMA_BUF_MLLI) {
+   if (req_ctx->dma_buf_type == CC_DMA_BUF_MLLI &&
+   req_ctx->mlli_params.mlli_virt_addr) {
dma_pool_free(req_ctx->mlli_params.curr_pool,
  req_ctx->mlli_params.mlli_virt_addr,
  req_ctx->mlli_params.mlli_dma_addr);
-- 
2.7.4

[PATCH v2 11/27] stating: ccree: revert "staging: ccree: fix leak of import() after init()"

[Gilad Ben-Yossef]

This reverts commit c5f39d07860c ("staging: ccree: fix leak of import()
after init()") and commit aece09024414 ("staging: ccree: Uninitialized
return in ssi_ahash_import()").

This is the wrong solution and ends up relying on uninitialized memory,
although it was not obvious to me at the time.

Cc: sta...@vger.kernel.org
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index ffcd1f0..e05c87d 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -1673,7 +1673,7 @@ static int cc_hash_import(struct ahash_request *req, 
const void *in)
struct device *dev = drvdata_to_dev(ctx->drvdata);
struct ahash_req_ctx *state = ahash_request_ctx(req);
u32 tmp;
-   int rc = 0;
+   int rc;
 
memcpy(&tmp, in, sizeof(u32));
if (tmp != CC_EXPORT_MAGIC) {
@@ -1682,12 +1682,9 @@ static int cc_hash_import(struct ahash_request *req, 
const void *in)
}
in += sizeof(u32);
 
-   /* call init() to allocate bufs if the user hasn't */
-   if (!state->digest_buff) {
-   rc = cc_hash_init(req);
-   if (rc)
-   goto out;
-   }
+   rc = cc_hash_init(req);
+   if (rc)
+   goto out;
 
dma_sync_single_for_cpu(dev, state->digest_buff_dma_addr,
ctx->inter_digestsize, DMA_BIDIRECTIONAL);
-- 
2.7.4

[PATCH v2 08/27] staging: ccree: remove unused leftover field

[Gilad Ben-Yossef]

Remove the unused monitor_desc field.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_request_mgr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index ac6846f..18e2e1d 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -32,7 +32,6 @@ struct cc_req_mgr_handle {
struct cc_hw_desc compl_desc;
u8 *dummy_comp_buff;
dma_addr_t dummy_comp_buff_dma;
-   struct cc_hw_desc monitor_desc;
 
 #ifdef COMP_IN_WQ
struct workqueue_struct *workq;
-- 
2.7.4

[PATCH v2 07/27] staging: ccree: tag debugfs init/exit func properly

[Gilad Ben-Yossef]

The debugfs global init and exit functions were missing
__init and __exit tags, potentially wasting memory.
Fix it by properly tagging them.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_debugfs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/ccree/cc_debugfs.c 
b/drivers/staging/ccree/cc_debugfs.c
index 518cefd..128c994 100644
--- a/drivers/staging/ccree/cc_debugfs.c
+++ b/drivers/staging/ccree/cc_debugfs.c
@@ -38,14 +38,14 @@ static struct debugfs_reg32 debug_regs[] = {
CC_DEBUG_REG(AXIM_MON_COMP),
 };
 
-int cc_debugfs_global_init(void)
+int __init cc_debugfs_global_init(void)
 {
cc_debugfs_dir = debugfs_create_dir("ccree", NULL);
 
return !cc_debugfs_dir;
 }
 
-void cc_debugfs_global_fini(void)
+void __exit cc_debugfs_global_fini(void)
 {
debugfs_remove(cc_debugfs_dir);
 }
-- 
2.7.4

[PATCH v2 02/27] staging: ccree: fold hash defs into queue defs

[Gilad Ben-Yossef]

Fold the two remaining enum in hash defs into the queue defs
that are using them and delete the hash defs include file.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/cc_hw_queue_defs.h | 13 +
 drivers/staging/ccree/hash_defs.h| 23 ---
 drivers/staging/ccree/ssi_driver.h   |  1 -
 3 files changed, 13 insertions(+), 24 deletions(-)
 delete mode 100644 drivers/staging/ccree/hash_defs.h

diff --git a/drivers/staging/ccree/cc_hw_queue_defs.h 
b/drivers/staging/ccree/cc_hw_queue_defs.h
index c06c791..79782976 100644
--- a/drivers/staging/ccree/cc_hw_queue_defs.h
+++ b/drivers/staging/ccree/cc_hw_queue_defs.h
@@ -186,6 +186,19 @@ enum cc_hw_des_key_size {
END_OF_DES_KEYS = S32_MAX,
 };
 
+enum cc_hash_conf_pad {
+   HASH_PADDING_DISABLED = 0,
+   HASH_PADDING_ENABLED = 1,
+   HASH_DIGEST_RESULT_LITTLE_ENDIAN = 2,
+   HASH_CONFIG1_PADDING_RESERVE32 = S32_MAX,
+};
+
+enum cc_hash_cipher_pad {
+   DO_NOT_PAD = 0,
+   DO_PAD = 1,
+   HASH_CIPHER_DO_PADDING_RESERVE32 = S32_MAX,
+};
+
 /*/
 /* Descriptor packing macros */
 /*/
diff --git a/drivers/staging/ccree/hash_defs.h 
b/drivers/staging/ccree/hash_defs.h
deleted file mode 100644
index efe403c..000
--- a/drivers/staging/ccree/hash_defs.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-/* Copyright (C) 2012-2018 ARM Limited or its affiliates. */
-
-#ifndef _HASH_DEFS_H_
-#define _HASH_DEFS_H_
-
-#include "cc_crypto_ctx.h"
-
-enum cc_hash_conf_pad {
-   HASH_PADDING_DISABLED = 0,
-   HASH_PADDING_ENABLED = 1,
-   HASH_DIGEST_RESULT_LITTLE_ENDIAN = 2,
-   HASH_CONFIG1_PADDING_RESERVE32 = S32_MAX,
-};
-
-enum cc_hash_cipher_pad {
-   DO_NOT_PAD = 0,
-   DO_PAD = 1,
-   HASH_CIPHER_DO_PADDING_RESERVE32 = S32_MAX,
-};
-
-#endif /*_HASH_DEFS_H_*/
-
diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index e0cd7b4..b978862 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -30,7 +30,6 @@
 #include "dx_reg_common.h"
 #define CC_SUPPORT_SHA CC_DEV_SHA_MAX
 #include "cc_crypto_ctx.h"
-#include "hash_defs.h"
 #include "cc_hw_queue_defs.h"
 #include "ssi_sram_mgr.h"
 
-- 
2.7.4

[PATCH v2 00/27] staging: ccree: fixes and cleanups

[Gilad Ben-Yossef]

The usual combo of code cleanups and fixes.

The highlights are:
- Use SPDX for all driver copyright/license
- Make ccree compliant with crypto API handling of backlog requests
- Make ccree compliant with Crypto API rules of resource alloc/release
- Settle on a single coherent file naming convention (which is why
  the diff looks so big)

Note that there are some fixes in the set that I currently consider
out of scope for stable. I will consider if I can/should roll
separate minimal fix patches for stable after these are taken.

With this set of changes, I've handled anything that I know about
that keeps it from moving out of staging to the best of my understanding
and would like to ask for a review before moving out of staging.

Thanks and happy new year ;-)

Signed-off-by: Gilad Ben-Yossef 

Changes from v1:
- Fixed wrong use of CPP style comments in SPDX include file
  headers as pointed out by Philippe Ombredanne.
- Moved to using SPDX-3.0 style GPL-2.0-only tags
- Rephrased one commit message to better clarify it is a fix
  and not just a cleanup
- Separated two commits which got squashed together unintentionally 
- Rebased on top of latest staging-next

Gilad Ben-Yossef (27):
  staging: ccree: SPDXify driver
  staging: ccree: fold hash defs into queue defs
  staging: ccree: fold reg common defines into driver
  staging: ccree: remove GFP_DMA flag from mem allocs
  staging: ccree: pick alloc mem flags based on req flags
  staging: ccree: copy larval digest from RAM
  staging: ccree: tag debugfs init/exit func properly
  staging: ccree: remove unused leftover field
  staging: ccree: break send_request and fix ret val
  staging: ccree: add backlog processing
  stating: ccree: revert "staging: ccree: fix leak of import() after
init()"
  staging: ccree: failing the suspend is not an error
  staging: ccree: check DMA pool buf !NULL  before free
  staging: ccree: handle end of sg list gracefully
  staging: ccree: use Makefile to include PM code
  staging: ccree: remove unused field
  staging: ccree: use array for double buffer
  staging: ccree: allocate hash bufs inside req ctx
  staging: ccree: do not map bufs in ahash_init
  staging: ccree: fix indentation of func params
  staging: ccree: fold common code into service func
  staging: ccree: put pointer next to var name
  stating: ccree: fix allocation of void sized buf
  staging: ccree: use a consistent file naming convention
  staging: ccree: remove unneeded includes
  staging: ccree: update TODO
  staging: ccree: add missing include

 drivers/staging/ccree/Kconfig|2 +
 drivers/staging/ccree/Makefile   |7 +-
 drivers/staging/ccree/TODO   |2 +-
 drivers/staging/ccree/cc_aead.c  | 2702 +
 drivers/staging/ccree/cc_aead.h  |  109 ++
 drivers/staging/ccree/cc_buffer_mgr.c| 1651 ++
 drivers/staging/ccree/cc_buffer_mgr.h|   74 +
 drivers/staging/ccree/cc_cipher.c| 1167 +
 drivers/staging/ccree/cc_cipher.h|   74 +
 drivers/staging/ccree/cc_crypto_ctx.h|   21 +-
 drivers/staging/ccree/cc_debugfs.c   |   24 +-
 drivers/staging/ccree/cc_debugfs.h   |   17 +-
 drivers/staging/ccree/cc_driver.c|  477 ++
 drivers/staging/ccree/cc_driver.h|  194 +++
 drivers/staging/ccree/cc_fips.c  |  112 ++
 drivers/staging/ccree/cc_fips.h  |   37 +
 drivers/staging/ccree/cc_hash.c  | 2297 +
 drivers/staging/ccree/cc_hash.h  |  114 ++
 drivers/staging/ccree/cc_host_regs.h |  142 ++
 drivers/staging/ccree/cc_hw_queue_defs.h |   32 +-
 drivers/staging/ccree/cc_ivgen.c |  280 +++
 drivers/staging/ccree/cc_ivgen.h |   55 +
 drivers/staging/ccree/cc_kernel_regs.h   |  167 ++
 drivers/staging/ccree/cc_lli_defs.h  |   17 +-
 drivers/staging/ccree/cc_pm.c|  123 ++
 drivers/staging/ccree/cc_pm.h|   57 +
 drivers/staging/ccree/cc_request_mgr.c   |  714 
 drivers/staging/ccree/cc_request_mgr.h   |   51 +
 drivers/staging/ccree/cc_sram_mgr.c  |  107 ++
 drivers/staging/ccree/cc_sram_mgr.h  |   65 +
 drivers/staging/ccree/dx_crys_kernel.h   |  180 --
 drivers/staging/ccree/dx_host.h  |  155 --
 drivers/staging/ccree/dx_reg_common.h|   26 -
 drivers/staging/ccree/hash_defs.h|   36 -
 drivers/staging/ccree/ssi_aead.c | 2720 --
 drivers/staging/ccree/ssi_aead.h |  122 --
 drivers/staging/ccree/ssi_buffer_mgr.c   | 1675 --
 drivers/staging/ccree/ssi_buffer_mgr.h   |   87 -
 drivers/staging/ccree/ssi_cipher.c   | 1182 -
 drivers/staging/ccree/ssi_cipher.h   |   87 -
 drivers/staging/ccree/ssi_driver.c   |  519 --
 drivers/staging/ccree/ssi_driver.h   |  201 ---
 drivers/staging/ccree/ssi_fips.c |  125 --
 drivers/staging/ccree/ssi_fips.h |   50 -
 drivers/staging/ccree/ssi_hash.c  

Re: [PATCH] staging: ccree: mark debug_regs[] as static

[Gilad Ben-Yossef]

Hi

On Wed, Jan 3, 2018 at 11:26 AM, Arnd Bergmann  wrote:
> The global array clashes with an existing symbol of the same name:
>
> drivers/staging/ccree/cc_debugfs.o:(.data+0x0): multiple definition of 
> `debug_regs'
> drivers/mmc/host/s3cmci.o:(.data+0x70): first defined here
>
> We should fix both, this one addresses the ccree driver by removing
> the symbol from the global namespace.
>
> Fixes: 9bdd203b4dc8 ("s3cmci: add debugfs support for examining driver and 
> hardware state")
> Fixes: b3ec9a6736f2 ("staging: ccree: staging: ccree: replace sysfs by 
> debugfs interface")
> Signed-off-by: Arnd Bergmann 
> ---
>  drivers/staging/ccree/cc_debugfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/staging/ccree/cc_debugfs.c 
> b/drivers/staging/ccree/cc_debugfs.c
> index 7cd33957fdc6..662fa07af832 100644
> --- a/drivers/staging/ccree/cc_debugfs.c
> +++ b/drivers/staging/ccree/cc_debugfs.c
> @@ -37,7 +37,7 @@ struct cc_debugfs_ctx {
>   */
>  static struct dentry *cc_debugfs_dir;
>
> -struct debugfs_reg32 debug_regs[] = {
> +static struct debugfs_reg32 debug_regs[] = {
> CC_DEBUG_REG(HOST_SIGNATURE),
> CC_DEBUG_REG(HOST_IRR),
> CC_DEBUG_REG(HOST_POWER_DOWN_EN),
> --
> 2.9.0
>

Thank you Arnd.

I ran into this issue myself via a sparse check (I did not have s3cmci
compiled in) and was sure I sent a fix for it but now I see I did not.

Acked-by: Gilad Ben-Yossef 

Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

[PATCH] staging: ccree: mark debug_regs[] as static

[Arnd Bergmann]

The global array clashes with an existing symbol of the same name:

drivers/staging/ccree/cc_debugfs.o:(.data+0x0): multiple definition of 
`debug_regs'
drivers/mmc/host/s3cmci.o:(.data+0x70): first defined here

We should fix both, this one addresses the ccree driver by removing
the symbol from the global namespace.

Fixes: 9bdd203b4dc8 ("s3cmci: add debugfs support for examining driver and 
hardware state")
Fixes: b3ec9a6736f2 ("staging: ccree: staging: ccree: replace sysfs by debugfs 
interface")
Signed-off-by: Arnd Bergmann 
---
 drivers/staging/ccree/cc_debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/cc_debugfs.c 
b/drivers/staging/ccree/cc_debugfs.c
index 7cd33957fdc6..662fa07af832 100644
--- a/drivers/staging/ccree/cc_debugfs.c
+++ b/drivers/staging/ccree/cc_debugfs.c
@@ -37,7 +37,7 @@ struct cc_debugfs_ctx {
  */
 static struct dentry *cc_debugfs_dir;
 
-struct debugfs_reg32 debug_regs[] = {
+static struct debugfs_reg32 debug_regs[] = {
CC_DEBUG_REG(HOST_SIGNATURE),
CC_DEBUG_REG(HOST_IRR),
CC_DEBUG_REG(HOST_POWER_DOWN_EN),
-- 
2.9.0

Re: [PATCH][crypto-next] crypto: inside-secure - make function safexcel_try_push_requests static

[Antoine Tenart]

Hi Colin,

On Tue, Jan 02, 2018 at 02:34:10PM +, Colin King wrote:
>  
>  /* Called with ring's lock taken */
> -int safexcel_try_push_requests(struct safexcel_crypto_priv *priv, int ring,
> -int reqs)
> +static int safexcel_try_push_requests(struct safexcel_crypto_priv *priv,
> +  int ring, int reqs)

Alignment should match open parenthesis, one space is missing. Otherwise,
looks good to me.

Thanks!
Antoine

-- 
Antoine Ténart, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com