Re: [PATCH v8 0/4] crypto: add algif_akcipher user space API

[Stephan Mueller]

Am Montag, 14. August 2017, 08:26:22 CEST schrieb Marcel Holtmann:

Hi Marcel,

> > The first part is clearly where AF_ALG fits and keyctl does not. This is
> > provided with the current patch set. As the keyctl API only handles, well,
> > keys, access to the raw ciphers may not be possible through this API. And
> > let us face it, a lot of user space code shall support many different
> > OSes. Thus, if you have a crypto lib in user space who has its own key
> > management (which is a core element of such libraries and thus cannot be
> > put into an architecture-dependent code part), having only the keyctl API
> > on Linux for accelerated asym support may not be helpful.
> 
> That argument is just non-sense.

How interesting. For example, what about NSS with its own key database?

Ciao
Stephan

Re: [PATCH] crypto: caam - properly set IV after {en,de}crypt

[Gilad Ben-Yossef]

Hi,

On Thu, Jun 29, 2017 at 1:19 PM, Horia Geantă  wrote:
> On 6/28/2017 4:42 PM, Horia Geantă wrote:
>> On 6/28/2017 4:27 PM, David Gstir wrote:
>>> Certain cipher modes like CTS expect the IV (req->info) of
>>> ablkcipher_request (or equivalently req->iv of skcipher_request) to
>>> contain the last ciphertext block when the {en,de}crypt operation is done.
>>> This is currently not the case for the CAAM driver which in turn breaks
>>> e.g. cts(cbc(aes)) when the CAAM driver is enabled.
>>>
>>> This patch fixes the CAAM driver to properly set the IV after the
>>> {en,de}crypt operation of ablkcipher finishes.
>>>
>>> This issue was revealed by the changes in the SW CTS mode in commit
>>> 0605c41cc53ca ("crypto: cts - Convert to skcipher")
>>>
>>> Cc:  # 4.8+
>>> Signed-off-by: David Gstir 
>> Reviewed-by: Horia Geantă 
>>
> Btw, instead of updating the IV in SW, CAAM engine could be programmed
> to do it - by saving the Context Register of the AES accelerator.
>
> Unfortunately this would require changes in quite a few places: shared
> descriptor, HW S/G generation logic, IV dma (un)mapping and maybe others.
>
> So it's better to have this fix now (which, considering size, is
> appropriate for -stable) and later, if needed, offload IV updating in HW.
>

My apologies for reviving this thread from the dead, but doesn't the patch fail
for in-place decryption since we are copying from req->dst after
the operation is done, and therefore it no longer contains the ciphertext?

I'm asking since I ran into a similar issue in the ccree driver and thought
to deploy a similar fix but could not convince myself why this works.

Thanks!
Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

random.c: LFSR polynomials are not irreducible/primitive

[Stephan Mueller]

Hi Ted,

drivers/char/random.c contains the following comment:

"""
 * Our mixing functions were analyzed by Lacharme, Roeck, Strubel, and
 * Videau in their paper, "The Linux Pseudorandom Number Generator
 * Revisited" (see: http://eprint.iacr.org/2012/251.pdf).  In their
 * paper, they point out that we are not using a true Twisted GFSR,
 * since Matsumoto & Kurita used a trinomial feedback polynomial (that
 * is, with only three taps, instead of the six that we are using).
 * As a result, the resulting polynomial is neither primitive nor
 * irreducible, and hence does not have a maximal period over
 * GF(2**32).  They suggest a slight change to the generator
 * polynomial which improves the resulting TGFSR polynomial to be
 * irreducible, which we have made here.
"""

This comment leads me to belief that the current polynomial is primitive (and 
irreducible).

Strangely, this is not the case as seen with the following code that can be 
used with the mathematical tool called magma. There is a free online version 
of magma available to recheck it: http://magma.maths.usyd.edu.au/calc/

Note, the polynomials used up till 3.12 were primitive and irreducible.

Could you please help me understanding why the current polynomials are better 
than the old ones?

Thanks a lot.

F:=GF(2);
F;

P:=PolynomialRing(F);
P;

print "Old polynomials:";

P:=x^128 + x^103 + x^76 + x^51 +x^25 + x + 1;
P;
print "is irreducible: "; IsIrreducible(P);
print "is primitive: "; IsPrimitive(P);

P:=x^32 + x^26 + x^20 + x^14 + x^7 + x + 1;
P;
print "is irreducible: "; IsIrreducible(P);
print "is primitive: "; IsPrimitive(P);

print "New polynomials:";

P:=x^128 + x^104 + x^76 + x^51 +x^25 + x + 1;
P;
print "is irreducible: "; IsIrreducible(P);
print "is primitive: "; IsPrimitive(P);

P:=x^32 + x^26 + x^19 + x^14 + x^7 + x + 1;
P;
print "is irreducible: "; IsIrreducible(P);
print "is primitive: "; IsPrimitive(P);

And obtained:

Finite field of size 2
Univariate Polynomial Ring in x over GF(2)
Old polynomials:
x^128 + x^103 + x^76 + x^51 + x^25 + x + 1
is irreducible:
true
is primitive:
true
x^32 + x^26 + x^20 + x^14 + x^7 + x + 1
is irreducible:
true
is primitive:
true
New polynomials:
x^128 + x^104 + x^76 + x^51 + x^25 + x + 1
is irreducible:
false
is primitive:
false
x^32 + x^26 + x^19 + x^14 + x^7 + x + 1
is irreducible:
false
is primitive:
false


Ciao
Stephan

Re: [Freedombox-discuss] Hardware Crypto

[Gilad Ben-Yossef]

Hi,

On Sun, Aug 13, 2017 at 8:21 PM, Sandy Harris  wrote:
> Showing only the key parts of the message:
>
>> From: John Gilmore 
>
> An exceedingly knowledgeable guy, one we should probably take seriously.
> https://en.wikipedia.org/wiki/John_Gilmore_(activist)
>
>> Most hardware crypto accelerators are useless, ...
>> ... you might as well have
>> just computed the answer in userspace using ordinary instructions.
>
> A strong claim, but one I'm inclined to believe. In the cases where it
> applies, it may be a problem for much of the Linux crypto work.

The claim is mostly true if the data to be processed is in user space,
simply because context switches are so expensive.

However, in case of in-kernel producers of data, such as DMcrypt.
Fscrypt and the recent TLS socket frame work, this is not the case.

In that scenario, processing context and the data are already in kernel space
and then it becomes a question of what is more efficient - DMA to/from
a crypto HW or doing it on the core - and the result is often measured not
in pure latency of operation but in performance per watt, since in some cases
you might be better off letting CPU cores idle and perform computation on
HW that is more power conserving.

So it really depends on the specific hardware, work load and operating
conditions.

>
> Some CPUs have special instructions to speed up some crypto
> operations, and not just AES. For example, Intel has them for several
> hashes and for elliptic curve calculations:
> https://software.intel.com/en-us/articles/intel-sha-extensions
> https://en.wikipedia.org/wiki/CLMUL_instruction_set
> https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/polynomial-multiplication-instructions-paper.pdf
>
> These move the goalposts; if doing it "using ordinary instructions" is
> sometimes faster than hardware, then doing it with
> application-specific instructions is even more likely to be faster.
>
>> Even if a /dev/crypto interface existed and was faster for some kinds
>> of operations than just doing the crypto manually, the standard crypto
>> libraries would have to be portably tuned to detect when to use
>> hardware and when to use software.  The libraries generally use
>> hardware if it's available, since they were written with the
>> assumption that nobody would bother with hardware crypto if it was
>> slower than software.
>>
>> "Just make it fast for all cases" is hard when the hardware is poorly
>> designed.  When the hardware is well designed, it *is* faster for all
>> cases.  But that's uncommon.
>>
>> Making this determination in realtime would be a substantial
>> enhancement to each crypto library.  Since it'd have to be written
>> portably (or the maintainers of the portable crypto libraries won't
>> take it back), it couldn't assume any particular timings of any
>> particular driver, either in hardware or software.  So it would have
>> to run some fraction of the calls (perhaps 1%) in more than one
>> driver, and time each one, and then make decisions on which driver to
>> use by default for the other 99% of the calls.  The resulting times
>> differ dramatically, based on many factors, ...
>>
>> One advantage of running some of the calls using both hardware and
>> software is that the library can check that the results match exactly,
>> and abort with a clear message.  That would likely have caught some bugs
>> that snuck through in earlier crypto libraries.
>
> I'm not at all sure I'd want run-time testing of this since, at least
> as a general rule, introducing complications to crypto code is rarely
> a good idea. Such tests at development time seem like a fine idea,
> though; do we have those already?
>
> What about testing when it is time to decide on kernel configuration;
> include a particular module or not? Another issue is whether the
> module choice is all-or-nothing; if there is a hardware RNG can one
> use that without loading the rest of the code for the crypto
> accelerator?

The choice is modular.

Gilad



-- 
Gilad Ben-Yossef
Chief Coffee Drinker

"If you take a class in large-scale robotics, can you end up in a
situation where the homework eats your dog?"
 -- Jean-Baptiste Queru

Re: [PATCH v8 0/4] crypto: add algif_akcipher user space API

[Marcel Holtmann]

Hi Stephan,

>>> The first part is clearly where AF_ALG fits and keyctl does not. This is
>>> provided with the current patch set. As the keyctl API only handles, well,
>>> keys, access to the raw ciphers may not be possible through this API. And
>>> let us face it, a lot of user space code shall support many different
>>> OSes. Thus, if you have a crypto lib in user space who has its own key
>>> management (which is a core element of such libraries and thus cannot be
>>> put into an architecture-dependent code part), having only the keyctl API
>>> on Linux for accelerated asym support may not be helpful.
>> 
>> That argument is just non-sense.
> 
> How interesting. For example, what about NSS with its own key database?

a lot of applications create their own key or certificate database. It also 
means they need to reload and reload them over and over again for each process. 
A lot of things are possible, but why keep doing things more complicated than 
they need to be. As I said before, if you only have a hammer ..

Regards

Marcel

Crypto Fixes for 4.13

[Herbert Xu]

Hi Linus: 

This push fixes an error path bug in ixp4xx as well as a read
overrun in sha1-avx2.


Please pull from

git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6.git linus


Herbert Xu (1):
  crypto: ixp4xx - Fix error handling path in 'aead_perform()'

megha@linux.intel.com (1):
  crypto: x86/sha1 - Fix reads beyond the number of blocks passed

 arch/x86/crypto/sha1_avx2_x86_64_asm.S |   67 +---
 arch/x86/crypto/sha1_ssse3_glue.c  |2 +-
 drivers/crypto/ixp4xx_crypto.c |6 +--
 3 files changed, 40 insertions(+), 35 deletions(-)

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH] crypto: cavium - add release_firmware to all return case

[Corentin Labbe]

Two return case misses to call release_firmware() and so leak some
memory.

This patch create a fw_release label (and so a common error path)
and use it on all return case.

Detected by CoverityScan, CID#1416422 ("Resource Leak")

Signed-off-by: Corentin Labbe 
---
 drivers/crypto/cavium/cpt/cptpf_main.c | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cavium/cpt/cptpf_main.c 
b/drivers/crypto/cavium/cpt/cptpf_main.c
index 4119c40e7c4b..34a6d8bf229e 100644
--- a/drivers/crypto/cavium/cpt/cptpf_main.c
+++ b/drivers/crypto/cavium/cpt/cptpf_main.c
@@ -268,8 +268,10 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const 
u8 *fw, bool is_ae)
mcode = &cpt->mcode[cpt->next_mc_idx];
memcpy(mcode->version, (u8 *)fw_entry->data, CPT_UCODE_VERSION_SZ);
mcode->code_size = ntohl(ucode->code_length) * 2;
-   if (!mcode->code_size)
-   return -EINVAL;
+   if (!mcode->code_size) {
+   ret = -EINVAL;
+   goto fw_release;
+   }
 
mcode->is_ae = is_ae;
mcode->core_mask = 0ULL;
@@ -280,7 +282,8 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, const 
u8 *fw, bool is_ae)
  &mcode->phys_base, GFP_KERNEL);
if (!mcode->code) {
dev_err(dev, "Unable to allocate space for microcode");
-   return -ENOMEM;
+   ret = -ENOMEM;
+   goto fw_release;
}
 
memcpy((void *)mcode->code, (void *)(fw_entry->data + sizeof(*ucode)),
@@ -302,12 +305,14 @@ static int cpt_ucode_load_fw(struct cpt_device *cpt, 
const u8 *fw, bool is_ae)
ret = do_cpt_init(cpt, mcode);
if (ret) {
dev_err(dev, "do_cpt_init failed with ret: %d\n", ret);
-   return ret;
+   goto fw_release;
}
 
dev_info(dev, "Microcode Loaded %s\n", mcode->version);
mcode->is_mc_valid = 1;
cpt->next_mc_idx++;
+
+fw_release:
release_firmware(fw_entry);
 
return ret;
-- 
2.13.0

scatterwalk.c: Nullpointer dereference

[Plauth, Max]

Dear linux-crypto community,

I think I might have run into a bug in crypto/scatterwalk.c:
- at the end of scatterwalk_pagedone, sg_next(walk->sg) is fed as an argument 
to scatterwalk_start(...)
- sg_next (lib/scatterlist.c) returns NULL in the case of sg_is_last(sg)
- In this case, NULL is being fed into scatterwalk_start
- there, a NULL value of *sg leads to a NULL pointer dereference:
walk->sg = sg;
walk->offset = sg->offset;

I stumbled across this issue when I tried to extend the cryptodev-linux Kernel 
module with support for compression algorithms 
(https://github.com/plauth/cryptodev-linux).

Best regards,
Max

---
Test environment:
Ubuntu Linux 16.04.3 LTS
Platform: x86_64 / amd64
Kernel: 4.10.0-28-generic (also tested with a 4.12.7)
Forked version of the cryptodev-linux kernel module 
(https://github.com/plauth/cryptodev-linux)
Test application: examples/lzo.c

The lzo.c example will induce the following Oops stacktrace:
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234888] BUG: unable to handle kernel 
NULL pointer dereference at 0008
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234918] IP: 
scatterwalk_copychunks+0x137/0x1e0
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234930] PGD 1b4559067 
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234931] PUD 223766067 
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234938] PMD 0 
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234945] 
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234956] Oops:  [#1] SMP
Aug 14 14:09:13 plauth-ws kernel: [ 2198.234965] Modules linked in: 
cryptodev(OE) input_leds dcdbas intel_rapl x86_pkg_temp_thermal 
intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd 
intel_cstate intel_rapl_perf snd_hda_codec_realtek snd_hda_codec_generic 
lpc_ich snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hda_core mei_me 
snd_hwdep mei snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq 
snd_seq_device snd_timer snd mac_hid soundcore shpchp parport_pc ppdev lp 
parport autofs4 hid_generic usbhid hid amdgpu amdkfd amd_iommu_v2 radeon i915 
ttm i2c_algo_bit drm_kms_helper syscopyarea ahci sysfillrect sysimgblt e1000e 
libahci fb_sys_fops drm ptp pps_core fjes video
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235117] CPU: 3 PID: 2860 Comm: lzo 
Tainted: G   OE   4.10.0-28-generic #32~16.04.2-Ubuntu
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235118] Hardware name: Dell Inc. 
OptiPlex 9020/06X1TJ, BIOS A09 11/20/2014
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235118] task: 9ceae48e2d00 
task.stack: b25888f28000
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235120] RIP: 
0010:scatterwalk_copychunks+0x137/0x1e0
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235120] RSP: 0018:b25888f2bad0 
EFLAGS: 00010246
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235121] RAX:  RBX: 
0004 RCX: 0ccb
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235121] RDX: 9ceae48e2d00 RSI: 
0ccb RDI: 9ceae2617020
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235121] RBP: b25888f2bb10 R08: 
002b R09: 002b
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235122] R10:  R11: 
b2588111 R12: b25888f2bb28
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235122] R13: b2588119402b R14: 
9ceae48e2d00 R15: 0001
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235123] FS:  7f1317d13700() 
GS:9ceaeeb8() knlGS:
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235123] CS:  0010 DS:  ES:  
CR0: 80050033
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235124] CR2: 0008 CR3: 
00021c985000 CR4: 001406e0
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235124] Call Trace:
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235127]  
scatterwalk_map_and_copy+0x6c/0x80
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235128]  ? lzo_scompress+0x3b/0x70
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235130]  
scomp_acomp_comp_decomp+0xe2/0x230
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235132]  scomp_acomp_compress+0x13/0x20
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235135]  
cryptodev_compr_compress+0x36/0xb0 [cryptodev]
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235136]  
hash_n_crypt.isra.2+0xbe/0x1a0 [cryptodev]
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235137]  crypto_run+0x26c/0x640 
[cryptodev]
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235138]  cryptodev_ioctl+0x290/0x620 
[cryptodev]
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235141]  ? 
tty_insert_flip_string_fixed_flag+0x83/0xe0
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235142]  ? 
tty_flip_buffer_push+0x2b/0x30
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235144]  ? remove_wait_queue+0x4d/0x60
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235145]  ? __wake_up+0x44/0x50
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235146]  ? tty_ldisc_deref+0x16/0x20
Aug 14 14:09:13 plauth-ws kernel: [ 2198.235149]  do_vfs_ioctl+0xa1/0x5f0
Aug 14 14:09:

Re: scatterwalk.c: Nullpointer dereference

[Stephan Mueller]

Am Montag, 14. August 2017, 14:25:49 CEST schrieb Plauth, Max:

Hi Max,

> Dear linux-crypto community,
> 
> I think I might have run into a bug in crypto/scatterwalk.c:
> - at the end of scatterwalk_pagedone, sg_next(walk->sg) is fed as an
> argument to scatterwalk_start(...) - sg_next (lib/scatterlist.c) returns
> NULL in the case of sg_is_last(sg) - In this case, NULL is being fed into
> scatterwalk_start
> - there, a NULL value of *sg leads to a NULL pointer dereference:
> walk->sg = sg;
> walk->offset = sg->offset;
> 
> I stumbled across this issue when I tried to extend the cryptodev-linux
> Kernel module with support for compression algorithms
> (https://github.com/plauth/cryptodev-linux).

You are quite right that this looks like a nullpointer. But you should never 
run into this problem because the scatterwalk length definition should ensure 
that this never happens. I.e. the scatterwalk length should not be longer than 
the underlying SGL.

Thus, the bug you report is rather a bug in the scatterlist / scatterwalk 
length definition.

Ciao
Stephan

[PATCH 0/3 v3] crypto: engine - Permit to enqueue skcipher request

[Corentin Labbe]

Hello

The crypto engine could actually only enqueue hash and ablkcipher request.
This patch serie permit it to enqueue skcipher requests by adding all necessary
functions.

Changes since v2
- added two patch for finding request type according to its cra_type

Changes since v1
- Aligned to column struct *dev in include
- Added missing mutex_unlock in crypto_engine_start()

Corentin Labbe (3):
  crypto: skcipher - export crypto_skcipher_type2
  crypto: engine - find request type with cra_type
  crypto: engine - Permit to enqueue skcipher request

 crypto/crypto_engine.c  | 133 
 crypto/skcipher.c   |   3 +-
 include/crypto/algapi.h |   1 +
 include/crypto/engine.h |  14 +
 4 files changed, 139 insertions(+), 12 deletions(-)

-- 
2.13.0

[PATCH 3/3] crypto: engine - Permit to enqueue skcipher request

[Corentin Labbe]

The crypto engine could actually only enqueue hash and ablkcipher request.
This patch permit it to enqueue skcipher requets by adding all necessary
functions.

Signed-off-by: Corentin Labbe 
---
 crypto/crypto_engine.c  | 114 
 include/crypto/engine.h |  14 ++
 2 files changed, 128 insertions(+)

diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index 74b840749074..8567224d7609 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -36,6 +36,7 @@ static void crypto_pump_requests(struct crypto_engine *engine,
struct crypto_async_request *async_req, *backlog;
struct ahash_request *hreq;
struct ablkcipher_request *breq;
+   struct skcipher_request *skreq;
unsigned long flags;
bool was_busy = false;
int ret;
@@ -139,6 +140,23 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
goto req_err;
}
return;
+   } else if (cratype == &crypto_skcipher_type2) {
+   skreq = skcipher_request_cast(engine->cur_req);
+   if (engine->prepare_skcipher_request) {
+   ret = engine->prepare_skcipher_request(engine, skreq);
+   if (ret) {
+   dev_err(engine->dev, "failed to prepare 
request: %d\n",
+   ret);
+   goto req_err;
+   }
+   engine->cur_req_prepared = true;
+   }
+   ret = engine->skcipher_one_request(engine, skreq);
+   if (ret) {
+   dev_err(engine->dev, "failed to cipher one request from 
queue\n");
+   goto req_err;
+   }
+   return;
} else {
dev_err(engine->dev, "failed to prepare request of unknown 
type\n");
return;
@@ -151,6 +169,9 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
} else if (cratype == &crypto_ablkcipher_type) {
breq = ablkcipher_request_cast(engine->cur_req);
crypto_finalize_cipher_request(engine, breq, ret);
+   } else if (cratype == &crypto_skcipher_type2) {
+   skreq = skcipher_request_cast(engine->cur_req);
+   crypto_finalize_skcipher_request(engine, skreq, ret);
}
return;
 
@@ -210,6 +231,49 @@ int crypto_transfer_cipher_request_to_engine(struct 
crypto_engine *engine,
 EXPORT_SYMBOL_GPL(crypto_transfer_cipher_request_to_engine);
 
 /**
+ * crypto_transfer_skcipher_request - transfer the new request into the
+ * enginequeue
+ * @engine: the hardware engine
+ * @req: the request need to be listed into the engine queue
+ */
+int crypto_transfer_skcipher_request(struct crypto_engine *engine,
+struct skcipher_request *req,
+bool need_pump)
+{
+   unsigned long flags;
+   int ret;
+
+   spin_lock_irqsave(&engine->queue_lock, flags);
+
+   if (!engine->running) {
+   spin_unlock_irqrestore(&engine->queue_lock, flags);
+   return -ESHUTDOWN;
+   }
+
+   ret = crypto_enqueue_request(&engine->queue, &req->base);
+
+   if (!engine->busy && need_pump)
+   kthread_queue_work(engine->kworker, &engine->pump_requests);
+
+   spin_unlock_irqrestore(&engine->queue_lock, flags);
+   return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_transfer_skcipher_request);
+
+/**
+ * crypto_transfer_skcipher_request_to_engine - transfer one request to list
+ * into the engine queue
+ * @engine: the hardware engine
+ * @req: the request need to be listed into the engine queue
+ */
+int crypto_transfer_skcipher_request_to_engine(struct crypto_engine *engine,
+  struct skcipher_request *req)
+{
+   return crypto_transfer_skcipher_request(engine, req, true);
+}
+EXPORT_SYMBOL_GPL(crypto_transfer_skcipher_request_to_engine);
+
+/**
  * crypto_transfer_hash_request - transfer the new request into the
  * enginequeue
  * @engine: the hardware engine
@@ -289,6 +353,43 @@ void crypto_finalize_cipher_request(struct crypto_engine 
*engine,
 EXPORT_SYMBOL_GPL(crypto_finalize_cipher_request);
 
 /**
+ * crypto_finalize_skcipher_request - finalize one request if the request is 
done
+ * @engine: the hardware engine
+ * @req: the request need to be finalized
+ * @err: error number
+ */
+void crypto_finalize_skcipher_request(struct crypto_engine *engine,
+ struct skcipher_request *req, int err)
+{
+   unsigned long flags;
+   bool finalize_cur_req = false;
+   int ret;
+
+   spin_lock_irqsave(&engine->queue_lock, flags);
+   if (engine->cur_req == &req->base)
+   finalize_cur_req = true;
+   spin_unlock_irqrestore(&engine->queue_lock, flags);
+
+   if (f

[PATCH 2/3] crypto: engine - find request type with cra_type

[Corentin Labbe]

The current method for finding request type is based on crypto_tfm_alg_type.

But in case of skcipher, it is the same than ablkcipher.
Using cra_type for this work permits to make the distinction between the two.

Signed-off-by: Corentin Labbe 
---
 crypto/crypto_engine.c | 19 ---
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index 61e7c4e02fd2..74b840749074 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -38,7 +38,8 @@ static void crypto_pump_requests(struct crypto_engine *engine,
struct ablkcipher_request *breq;
unsigned long flags;
bool was_busy = false;
-   int ret, rtype;
+   int ret;
+   const struct crypto_type *cratype;
 
spin_lock_irqsave(&engine->queue_lock, flags);
 
@@ -94,7 +95,7 @@ static void crypto_pump_requests(struct crypto_engine *engine,
 
spin_unlock_irqrestore(&engine->queue_lock, flags);
 
-   rtype = crypto_tfm_alg_type(engine->cur_req->tfm);
+   cratype = engine->cur_req->tfm->__crt_alg->cra_type;
/* Until here we get the request need to be encrypted successfully */
if (!was_busy && engine->prepare_crypt_hardware) {
ret = engine->prepare_crypt_hardware(engine);
@@ -104,8 +105,7 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
}
}
 
-   switch (rtype) {
-   case CRYPTO_ALG_TYPE_AHASH:
+   if (cratype == &crypto_ahash_type) {
hreq = ahash_request_cast(engine->cur_req);
if (engine->prepare_hash_request) {
ret = engine->prepare_hash_request(engine, hreq);
@@ -122,7 +122,7 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
goto req_err;
}
return;
-   case CRYPTO_ALG_TYPE_ABLKCIPHER:
+   } else if (cratype == &crypto_ablkcipher_type) {
breq = ablkcipher_request_cast(engine->cur_req);
if (engine->prepare_cipher_request) {
ret = engine->prepare_cipher_request(engine, breq);
@@ -139,21 +139,18 @@ static void crypto_pump_requests(struct crypto_engine 
*engine,
goto req_err;
}
return;
-   default:
+   } else {
dev_err(engine->dev, "failed to prepare request of unknown 
type\n");
return;
}
 
 req_err:
-   switch (rtype) {
-   case CRYPTO_ALG_TYPE_AHASH:
+   if (cratype == &crypto_ahash_type) {
hreq = ahash_request_cast(engine->cur_req);
crypto_finalize_hash_request(engine, hreq, ret);
-   break;
-   case CRYPTO_ALG_TYPE_ABLKCIPHER:
+   } else if (cratype == &crypto_ablkcipher_type) {
breq = ablkcipher_request_cast(engine->cur_req);
crypto_finalize_cipher_request(engine, breq, ret);
-   break;
}
return;
 
-- 
2.13.0

[PATCH 1/3] crypto: skcipher - export crypto_skcipher_type2

[Corentin Labbe]

This patch export crypto_skcipher_type2 like others cra_type

Signed-off-by: Corentin Labbe 
---
 crypto/skcipher.c   | 3 ++-
 include/crypto/algapi.h | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index 4faa0fd53b0c..c6523826890f 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -893,7 +893,7 @@ static int crypto_skcipher_report(struct sk_buff *skb, 
struct crypto_alg *alg)
 }
 #endif
 
-static const struct crypto_type crypto_skcipher_type2 = {
+const struct crypto_type crypto_skcipher_type2 = {
.extsize = crypto_skcipher_extsize,
.init_tfm = crypto_skcipher_init_tfm,
.free = crypto_skcipher_free_instance,
@@ -906,6 +906,7 @@ static const struct crypto_type crypto_skcipher_type2 = {
.type = CRYPTO_ALG_TYPE_SKCIPHER,
.tfmsize = offsetof(struct crypto_skcipher, base),
 };
+EXPORT_SYMBOL_GPL(crypto_skcipher_type2);
 
 int crypto_grab_skcipher(struct crypto_skcipher_spawn *spawn,
  const char *name, u32 type, u32 mask)
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index e3cebf640c00..c6a4090ed2ed 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -130,6 +130,7 @@ struct ablkcipher_walk {
 
 extern const struct crypto_type crypto_ablkcipher_type;
 extern const struct crypto_type crypto_blkcipher_type;
+extern const struct crypto_type crypto_skcipher_type2;
 
 void crypto_mod_put(struct crypto_alg *alg);
 
-- 
2.13.0

[PATCH 1/2] crypto/chacha20: fix handling of chunked input

[Ard Biesheuvel]

Commit 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 versions
to skcipher") ported the existing chacha20 code to use the new skcipher
API, and introduced a bug along the way. Unfortunately, the tcrypt tests
did not catch the error, and it was only found recently by Tobias.

Stefan kindly diagnosed the error, and proposed a fix which is similar
to the one below, with the exception that 'walk.stride' is used rather
than the hardcoded block size. This does not actually matter in this
case, but it's a better example of how to use the skcipher walk API.

Fixes: 9ae433bc79f9 ("crypto: chacha20 - convert generic and x86 ...")
Cc:  # v4.11+
Cc: Steffen Klassert 
Reported-by: Tobias Brunner 
Signed-off-by: Ard Biesheuvel 
---
 crypto/chacha20_generic.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/chacha20_generic.c b/crypto/chacha20_generic.c
index 8b3c04d625c3..4a45fa4890c0 100644
--- a/crypto/chacha20_generic.c
+++ b/crypto/chacha20_generic.c
@@ -91,9 +91,14 @@ int crypto_chacha20_crypt(struct skcipher_request *req)
crypto_chacha20_init(state, ctx, walk.iv);
 
while (walk.nbytes > 0) {
+   unsigned int nbytes = walk.nbytes;
+
+   if (nbytes < walk.total)
+   nbytes = round_down(nbytes, walk.stride);
+
chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
-walk.nbytes);
-   err = skcipher_walk_done(&walk, 0);
+nbytes);
+   err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
}
 
return err;
-- 
2.11.0

[PATCH 2/2] crypto: testmgr - add chunked test cases for chacha20

[Ard Biesheuvel]

We failed to catch a bug in the chacha20 code after porting it to the
skcipher API. We would have caught it if any chunked tests had been
defined, so define some now so we will catch future regressions.

Signed-off-by: Ard Biesheuvel 
---
 crypto/testmgr.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 6ceb0e2758bb..d54971d2d1c8 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -32675,6 +32675,10 @@ static const struct cipher_testvec 
chacha20_enc_tv_template[] = {
  "\x5b\x86\x2f\x37\x30\xe3\x7c\xfd"
  "\xc4\xfd\x80\x6c\x22\xf2\x21",
.rlen   = 375,
+   .also_non_np = 1,
+   .np = 3,
+   .tap= { 375 - 20, 4, 16 },
+
}, { /* RFC7539 A.2. Test Vector #3 */
.key= "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
  "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
@@ -33049,6 +33053,9 @@ static const struct cipher_testvec 
chacha20_enc_tv_template[] = {
  "\xa1\xed\xad\xd5\x76\xfa\x24\x8f"
  "\x98",
.rlen   = 1281,
+   .also_non_np = 1,
+   .np = 3,
+   .tap= { 1200, 1, 80 },
},
 };
 
-- 
2.11.0

Re: [PATCH v5 2/5] lib: Add zstd modules

[David Sterba]

On Fri, Aug 11, 2017 at 09:20:10AM -0400, Chris Mason wrote:
> 
> 
> On 08/10/2017 03:25 PM, Hugo Mills wrote:
> > On Thu, Aug 10, 2017 at 01:41:21PM -0400, Chris Mason wrote:
> >> On 08/10/2017 04:30 AM, Eric Biggers wrote:
> >>>
> >>> Theses benchmarks are misleading because they compress the whole file as a
> >>> single stream without resetting the dictionary, which isn't how data will
> >>> typically be compressed in kernel mode.  With filesystem compression the 
> >>> data
> >>> has to be divided into small chunks that can each be decompressed 
> >>> independently.
> >>> That eliminates one of the primary advantages of Zstandard (support for 
> >>> large
> >>> dictionary sizes).
> >>
> >> I did btrfs benchmarks of kernel trees and other normal data sets as
> >> well.  The numbers were in line with what Nick is posting here.
> >> zstd is a big win over both lzo and zlib from a btrfs point of view.
> >>
> >> It's true Nick's patches only support a single compression level in
> >> btrfs, but that's because btrfs doesn't have a way to pass in the
> >> compression ratio.  It could easily be a mount option, it was just
> >> outside the scope of Nick's initial work.
> > 
> > Could we please not add more mount options? I get that they're easy
> > to implement, but it's a very blunt instrument. What we tend to see
> > (with both nodatacow and compress) is people using the mount options,
> > then asking for exceptions, discovering that they can't do that, and
> > then falling back to doing it with attributes or btrfs properties.
> > Could we just start with btrfs properties this time round, and cut out
> > the mount option part of this cycle.
> > 
> > In the long run, it'd be great to see most of the btrfs-specific
> > mount options get deprecated and ultimately removed entirely, in
> > favour of attributes/properties, where feasible.
> > 
> 
> It's a good point, and as was commented later down I'd just do mount -o 
> compress=zstd:3 or something.

We've solved that already, here's a proposed patch that extends current
mount options,

https://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg66248.html

and a patch that could be backported to older kernels so the new mount
options do not break mounts on older kernels with the new syntax

https://patchwork.kernel.org/patch/9845697/

[PATCH v5 00/19] simplify crypto wait for async op

[Gilad Ben-Yossef]

Many users of kernel async. crypto services have a pattern of
starting an async. crypto op and than using a completion
to wait for it to end.

This patch set simplifies this common use case in two ways:

First, by separating the return codes of the case where a
request is queued to a backlog due to the provider being
busy (-EBUSY) from the case the request has failed due
to the provider being busy and backlogging is not enabled
(-EAGAIN).

Next, this change is than built on to create a generic API
to wait for a async. crypto operation to complete.

The end result is a smaller code base and an API that is
easier to use and more difficult to get wrong.

The patch set was boot tested on x86_64 and arm64 which
at the very least tests the crypto users via testmgr and
tcrypt but I do note that I do not have access to some
of the HW whose drivers are modified nor do I claim I was
able to test all of the corner cases.

The patch set is based upon linux-next release tagged
next-20170811.

Changes from v4:
- Rebase on top of latest algif changes from Stephan
  Mueller.
- Fix typo in ccp patch title.

Changes from v3:
- Instead of changing the return code to indicate
  backlog queueing, change the return code to indicate
  transient busy state, as suggested by Herbert Xu.

Changes from v2:
- Patch title changed from "introduce crypto wait for
  async op" to better reflect the current state.
- Rebase on top of latest linux-next.
- Add a new return code of -EIOCBQUEUED for backlog
  queueing, as suggested by Herbert Xu.
- Transform more users to the new API.
- Update the drbg change to account for new init as
  indicated by Stephan Muller.

Changes from v1:
- Address review comments from Eric Biggers.
- Separated out bug fixes of existing code and rebase
  on top of that patch set.
- Rename 'ecr' to 'wait' in fscrypto code.
- Split patch introducing the new API from the change
  moving over the algif code which it originated from
  to the new API.
- Inline crypto_wait_req().
- Some code indentation fixes.

Gilad Ben-Yossef (19):
  crypto: change transient busy return code to -EAGAIN
  crypto: ccp: use -EAGAIN for transient busy indication
  crypto: remove redundant backlog checks on EBUSY
  crypto: marvell/cesa: remove redundant backlog checks on EBUSY
  crypto: introduce crypto wait for async op
  crypto: move algif to generic async completion
  crypto: move pub key to generic async completion
  crypto: move drbg to generic async completion
  crypto: move gcm to generic async completion
  crypto: move testmgr to generic async completion
  fscrypt: move to generic async completion
  dm: move dm-verity to generic async completion
  cifs: move to generic async completion
  ima: move to generic async completion
  crypto: tcrypt: move to generic async completion
  crypto: talitos: move to generic async completion
  crypto: qce: move to generic async completion
  crypto: mediatek: move to generic async completion
  crypto: adapt api sample to use async. op wait

 Documentation/crypto/api-samples.rst |  52 ++---
 crypto/af_alg.c  |  27 -
 crypto/ahash.c   |  12 +--
 crypto/algapi.c  |   6 +-
 crypto/algif_aead.c  |   8 +-
 crypto/algif_hash.c  |  50 +
 crypto/algif_skcipher.c  |   9 +-
 crypto/api.c |  13 +++
 crypto/asymmetric_keys/public_key.c  |  28 +
 crypto/cryptd.c  |   4 +-
 crypto/cts.c |   6 +-
 crypto/drbg.c|  36 ++-
 crypto/gcm.c |  32 ++
 crypto/lrw.c |   8 +-
 crypto/rsa-pkcs1pad.c|  16 +--
 crypto/tcrypt.c  |  84 +--
 crypto/testmgr.c | 204 ---
 crypto/xts.c |   8 +-
 drivers/crypto/ccp/ccp-crypto-main.c |   8 +-
 drivers/crypto/ccp/ccp-dev.c |   7 +-
 drivers/crypto/marvell/cesa.c|   3 +-
 drivers/crypto/marvell/cesa.h|   2 +-
 drivers/crypto/mediatek/mtk-aes.c|  31 +-
 drivers/crypto/qce/sha.c |  30 +-
 drivers/crypto/talitos.c |  38 +--
 drivers/md/dm-verity-target.c|  81 --
 drivers/md/dm-verity.h   |   5 -
 fs/cifs/smb2ops.c|  30 +-
 fs/crypto/crypto.c   |  28 +
 fs/crypto/fname.c|  36 ++-
 fs/crypto/fscrypt_private.h  |  10 --
 fs/crypto/keyinfo.c  |  21 +---
 include/crypto/drbg.h|   3 +-
 include/crypto/if_alg.h  |  15 +--
 include/linux/crypto.h   |  41 +++
 security/integrity/ima/ima_crypto.c  |  56 +++---
 36 files changed, 311 insertions(+), 737 deletions(-)

-- 
2.1.4

[PATCH v5 19/19] crypto: adapt api sample to use async. op wait

[Gilad Ben-Yossef]

The code sample is waiting for an async. crypto op completion.
Adapt sample to use the new generic infrastructure to do the same.

This also fixes a possible data coruption bug created by the
use of wait_for_completion_interruptible() without dealing
correctly with an interrupt aborting the wait prior to the
async op finishing.

Signed-off-by: Gilad Ben-Yossef 
---
 Documentation/crypto/api-samples.rst | 52 +++-
 1 file changed, 10 insertions(+), 42 deletions(-)

diff --git a/Documentation/crypto/api-samples.rst 
b/Documentation/crypto/api-samples.rst
index 2531948..006827e 100644
--- a/Documentation/crypto/api-samples.rst
+++ b/Documentation/crypto/api-samples.rst
@@ -7,59 +7,27 @@ Code Example For Symmetric Key Cipher Operation
 ::
 
 
-struct tcrypt_result {
-struct completion completion;
-int err;
-};
-
 /* tie all data structures together */
 struct skcipher_def {
 struct scatterlist sg;
 struct crypto_skcipher *tfm;
 struct skcipher_request *req;
-struct tcrypt_result result;
+struct crypto_wait wait;
 };
 
-/* Callback function */
-static void test_skcipher_cb(struct crypto_async_request *req, int error)
-{
-struct tcrypt_result *result = req->data;
-
-if (error == -EINPROGRESS)
-return;
-result->err = error;
-complete(&result->completion);
-pr_info("Encryption finished successfully\n");
-}
-
 /* Perform cipher operation */
 static unsigned int test_skcipher_encdec(struct skcipher_def *sk,
  int enc)
 {
-int rc = 0;
+int rc;
 
 if (enc)
-rc = crypto_skcipher_encrypt(sk->req);
+rc = crypto_wait_req(crypto_skcipher_encrypt(sk->req), &sk->wait);
 else
-rc = crypto_skcipher_decrypt(sk->req);
-
-switch (rc) {
-case 0:
-break;
-case -EINPROGRESS:
-case -EBUSY:
-rc = wait_for_completion_interruptible(
-&sk->result.completion);
-if (!rc && !sk->result.err) {
-reinit_completion(&sk->result.completion);
-break;
-}
-default:
-pr_info("skcipher encrypt returned with %d result %d\n",
-rc, sk->result.err);
-break;
-}
-init_completion(&sk->result.completion);
+rc = crypto_wait_req(crypto_skcipher_decrypt(sk->req), &sk->wait);
+
+   if (rc)
+   pr_info("skcipher encrypt returned with result %d\n", rc);
 
 return rc;
 }
@@ -89,8 +57,8 @@ Code Example For Symmetric Key Cipher Operation
 }
 
 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-  test_skcipher_cb,
-  &sk.result);
+  crypto_req_done,
+  &sk.wait);
 
 /* AES 256 with random key */
 get_random_bytes(&key, 32);
@@ -122,7 +90,7 @@ Code Example For Symmetric Key Cipher Operation
 /* We encrypt one block */
 sg_init_one(&sk.sg, scratchpad, 16);
 skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata);
-init_completion(&sk.result.completion);
+crypto_init_wait(&sk.wait);
 
 /* encrypt data */
 ret = test_skcipher_encdec(&sk, 1);
-- 
2.1.4

[PATCH v5 18/19] crypto: mediatek: move to generic async completion

[Gilad Ben-Yossef]

The mediatek driver starts several async crypto ops and waits for their
completions. Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/crypto/mediatek/mtk-aes.c | 31 +--
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/drivers/crypto/mediatek/mtk-aes.c 
b/drivers/crypto/mediatek/mtk-aes.c
index 9e845e8..e2c7c95 100644
--- a/drivers/crypto/mediatek/mtk-aes.c
+++ b/drivers/crypto/mediatek/mtk-aes.c
@@ -137,11 +137,6 @@ struct mtk_aes_gcm_ctx {
struct crypto_skcipher *ctr;
 };
 
-struct mtk_aes_gcm_setkey_result {
-   int err;
-   struct completion completion;
-};
-
 struct mtk_aes_drv {
struct list_head dev_list;
/* Device list lock */
@@ -936,17 +931,6 @@ static int mtk_aes_gcm_crypt(struct aead_request *req, u64 
mode)
&req->base);
 }
 
-static void mtk_gcm_setkey_done(struct crypto_async_request *req, int err)
-{
-   struct mtk_aes_gcm_setkey_result *result = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   result->err = err;
-   complete(&result->completion);
-}
-
 /*
  * Because of the hardware limitation, we need to pre-calculate key(H)
  * for the GHASH operation. The result of the encryption operation
@@ -962,7 +946,7 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
u32 hash[4];
u8 iv[8];
 
-   struct mtk_aes_gcm_setkey_result result;
+   struct crypto_wait wait;
 
struct scatterlist sg[1];
struct skcipher_request req;
@@ -1002,22 +986,17 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
if (!data)
return -ENOMEM;
 
-   init_completion(&data->result.completion);
+   crypto_init_wait(&data->wait);
sg_init_one(data->sg, &data->hash, AES_BLOCK_SIZE);
skcipher_request_set_tfm(&data->req, ctr);
skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
  CRYPTO_TFM_REQ_MAY_BACKLOG,
- mtk_gcm_setkey_done, &data->result);
+ crypto_req_done, &data->wait);
skcipher_request_set_crypt(&data->req, data->sg, data->sg,
   AES_BLOCK_SIZE, data->iv);
 
-   err = crypto_skcipher_encrypt(&data->req);
-   if (err == -EINPROGRESS || err == -EBUSY) {
-   err = wait_for_completion_interruptible(
-   &data->result.completion);
-   if (!err)
-   err = data->result.err;
-   }
+   err = crypto_wait_req(crypto_skcipher_encrypt(&data->req),
+ &data->wait);
if (err)
goto out;
 
-- 
2.1.4

[PATCH v5 17/19] crypto: qce: move to generic async completion

[Gilad Ben-Yossef]

The qce driver starts several async crypto ops and  waits for their
completions. Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/crypto/qce/sha.c | 30 --
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/drivers/crypto/qce/sha.c b/drivers/crypto/qce/sha.c
index 47e114a..53227d7 100644
--- a/drivers/crypto/qce/sha.c
+++ b/drivers/crypto/qce/sha.c
@@ -349,28 +349,12 @@ static int qce_ahash_digest(struct ahash_request *req)
return qce->async_req_enqueue(tmpl->qce, &req->base);
 }
 
-struct qce_ahash_result {
-   struct completion completion;
-   int error;
-};
-
-static void qce_digest_complete(struct crypto_async_request *req, int error)
-{
-   struct qce_ahash_result *result = req->data;
-
-   if (error == -EINPROGRESS)
-   return;
-
-   result->error = error;
-   complete(&result->completion);
-}
-
 static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, const u8 *key,
 unsigned int keylen)
 {
unsigned int digestsize = crypto_ahash_digestsize(tfm);
struct qce_sha_ctx *ctx = crypto_tfm_ctx(&tfm->base);
-   struct qce_ahash_result result;
+   struct crypto_wait wait;
struct ahash_request *req;
struct scatterlist sg;
unsigned int blocksize;
@@ -405,9 +389,9 @@ static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, 
const u8 *key,
goto err_free_ahash;
}
 
-   init_completion(&result.completion);
+   crypto_init_wait(&wait);
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-  qce_digest_complete, &result);
+  crypto_req_done, &wait);
crypto_ahash_clear_flags(ahash_tfm, ~0);
 
buf = kzalloc(keylen + QCE_MAX_ALIGN_SIZE, GFP_KERNEL);
@@ -420,13 +404,7 @@ static int qce_ahash_hmac_setkey(struct crypto_ahash *tfm, 
const u8 *key,
sg_init_one(&sg, buf, keylen);
ahash_request_set_crypt(req, &sg, ctx->authkey, keylen);
 
-   ret = crypto_ahash_digest(req);
-   if (ret == -EINPROGRESS || ret == -EBUSY) {
-   ret = wait_for_completion_interruptible(&result.completion);
-   if (!ret)
-   ret = result.error;
-   }
-
+   ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
if (ret)
crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
 
-- 
2.1.4

[PATCH v5 16/19] crypto: talitos: move to generic async completion

[Gilad Ben-Yossef]

The talitos driver starts several async crypto ops and  waits for their
completions. Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/crypto/talitos.c | 38 +-
 1 file changed, 5 insertions(+), 33 deletions(-)

diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 79791c6..194a307 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -2037,22 +2037,6 @@ static int ahash_import(struct ahash_request *areq, 
const void *in)
return 0;
 }
 
-struct keyhash_result {
-   struct completion completion;
-   int err;
-};
-
-static void keyhash_complete(struct crypto_async_request *req, int err)
-{
-   struct keyhash_result *res = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   res->err = err;
-   complete(&res->completion);
-}
-
 static int keyhash(struct crypto_ahash *tfm, const u8 *key, unsigned int 
keylen,
   u8 *hash)
 {
@@ -2060,10 +2044,10 @@ static int keyhash(struct crypto_ahash *tfm, const u8 
*key, unsigned int keylen,
 
struct scatterlist sg[1];
struct ahash_request *req;
-   struct keyhash_result hresult;
+   struct crypto_wait wait;
int ret;
 
-   init_completion(&hresult.completion);
+   crypto_init_wait(&wait);
 
req = ahash_request_alloc(tfm, GFP_KERNEL);
if (!req)
@@ -2072,25 +2056,13 @@ static int keyhash(struct crypto_ahash *tfm, const u8 
*key, unsigned int keylen,
/* Keep tfm keylen == 0 during hash of the long key */
ctx->keylen = 0;
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-  keyhash_complete, &hresult);
+  crypto_req_done, &wait);
 
sg_init_one(&sg[0], key, keylen);
 
ahash_request_set_crypt(req, sg, hash, keylen);
-   ret = crypto_ahash_digest(req);
-   switch (ret) {
-   case 0:
-   break;
-   case -EINPROGRESS:
-   case -EBUSY:
-   ret = wait_for_completion_interruptible(
-   &hresult.completion);
-   if (!ret)
-   ret = hresult.err;
-   break;
-   default:
-   break;
-   }
+   ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
+
ahash_request_free(req);
 
return ret;
-- 
2.1.4

[PATCH v5 15/19] crypto: tcrypt: move to generic async completion

[Gilad Ben-Yossef]

tcrypt starts several async crypto ops and  waits for their completions.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/tcrypt.c | 84 +
 1 file changed, 25 insertions(+), 59 deletions(-)

diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 0022a18..802aa81 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -79,34 +79,11 @@ static char *check[] = {
NULL
 };
 
-struct tcrypt_result {
-   struct completion completion;
-   int err;
-};
-
-static void tcrypt_complete(struct crypto_async_request *req, int err)
-{
-   struct tcrypt_result *res = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   res->err = err;
-   complete(&res->completion);
-}
-
 static inline int do_one_aead_op(struct aead_request *req, int ret)
 {
-   if (ret == -EINPROGRESS || ret == -EBUSY) {
-   struct tcrypt_result *tr = req->base.data;
+   struct crypto_wait *wait = req->base.data;
 
-   ret = wait_for_completion_interruptible(&tr->completion);
-   if (!ret)
-   ret = tr->err;
-   reinit_completion(&tr->completion);
-   }
-
-   return ret;
+   return crypto_wait_req(ret, wait);
 }
 
 static int test_aead_jiffies(struct aead_request *req, int enc,
@@ -248,7 +225,7 @@ static void test_aead_speed(const char *algo, int enc, 
unsigned int secs,
char *axbuf[XBUFSIZE];
unsigned int *b_size;
unsigned int iv_len;
-   struct tcrypt_result result;
+   struct crypto_wait wait;
 
iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
if (!iv)
@@ -284,7 +261,7 @@ static void test_aead_speed(const char *algo, int enc, 
unsigned int secs,
goto out_notfm;
}
 
-   init_completion(&result.completion);
+   crypto_init_wait(&wait);
printk(KERN_INFO "\ntesting speed of %s (%s) %s\n", algo,
get_driver_name(crypto_aead, tfm), e);
 
@@ -296,7 +273,7 @@ static void test_aead_speed(const char *algo, int enc, 
unsigned int secs,
}
 
aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- tcrypt_complete, &result);
+ crypto_req_done, &wait);
 
i = 0;
do {
@@ -397,21 +374,16 @@ static void test_hash_sg_init(struct scatterlist *sg)
 
 static inline int do_one_ahash_op(struct ahash_request *req, int ret)
 {
-   if (ret == -EINPROGRESS || ret == -EBUSY) {
-   struct tcrypt_result *tr = req->base.data;
+   struct crypto_wait *wait = req->base.data;
 
-   wait_for_completion(&tr->completion);
-   reinit_completion(&tr->completion);
-   ret = tr->err;
-   }
-   return ret;
+   return crypto_wait_req(ret, wait);
 }
 
 struct test_mb_ahash_data {
struct scatterlist sg[TVMEMSIZE];
char result[64];
struct ahash_request *req;
-   struct tcrypt_result tresult;
+   struct crypto_wait wait;
char *xbuf[XBUFSIZE];
 };
 
@@ -440,7 +412,7 @@ static void test_mb_ahash_speed(const char *algo, unsigned 
int sec,
if (testmgr_alloc_buf(data[i].xbuf))
goto out;
 
-   init_completion(&data[i].tresult.completion);
+   crypto_init_wait(&data[i].wait);
 
data[i].req = ahash_request_alloc(tfm, GFP_KERNEL);
if (!data[i].req) {
@@ -449,8 +421,8 @@ static void test_mb_ahash_speed(const char *algo, unsigned 
int sec,
goto out;
}
 
-   ahash_request_set_callback(data[i].req, 0,
-  tcrypt_complete, &data[i].tresult);
+   ahash_request_set_callback(data[i].req, 0, crypto_req_done,
+  &data[i].wait);
test_hash_sg_init(data[i].sg);
}
 
@@ -492,16 +464,16 @@ static void test_mb_ahash_speed(const char *algo, 
unsigned int sec,
if (ret)
break;
 
-   complete(&data[k].tresult.completion);
-   data[k].tresult.err = 0;
+   crypto_req_done(&data[k].req->base, 0);
}
 
for (j = 0; j < k; j++) {
-   struct tcrypt_result *tr = &data[j].tresult;
+   struct crypto_wait *wait = &data[j].wait;
+   int wait_ret;
 
-   wait_for_completion(&tr->completion);
-   if (tr->err)
-   ret = tr->err;
+   wait_ret = crypto_wait_req(-EINPROGRESS, wait);
+   if (wait_ret)
+   ret = wait_ret;
}
 
end = get_cycles();
@@ -679,7 +651,7 @@ static void test_ahash_speed_comm

[PATCH v5 14/19] ima: move to generic async completion

[Gilad Ben-Yossef]

ima starts several async crypto ops and  waits for their completions.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
Acked-by: Mimi Zohar 
---
 security/integrity/ima/ima_crypto.c | 56 +++--
 1 file changed, 17 insertions(+), 39 deletions(-)

diff --git a/security/integrity/ima/ima_crypto.c 
b/security/integrity/ima/ima_crypto.c
index 802d5d2..0e4db1fe 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -27,11 +27,6 @@
 
 #include "ima.h"
 
-struct ahash_completion {
-   struct completion completion;
-   int err;
-};
-
 /* minimum file size for ahash use */
 static unsigned long ima_ahash_minsize;
 module_param_named(ahash_minsize, ima_ahash_minsize, ulong, 0644);
@@ -196,30 +191,13 @@ static void ima_free_atfm(struct crypto_ahash *tfm)
crypto_free_ahash(tfm);
 }
 
-static void ahash_complete(struct crypto_async_request *req, int err)
+static inline int ahash_wait(int err, struct crypto_wait *wait)
 {
-   struct ahash_completion *res = req->data;
 
-   if (err == -EINPROGRESS)
-   return;
-   res->err = err;
-   complete(&res->completion);
-}
+   err = crypto_wait_req(err, wait);
 
-static int ahash_wait(int err, struct ahash_completion *res)
-{
-   switch (err) {
-   case 0:
-   break;
-   case -EINPROGRESS:
-   case -EBUSY:
-   wait_for_completion(&res->completion);
-   reinit_completion(&res->completion);
-   err = res->err;
-   /* fall through */
-   default:
+   if (err)
pr_crit_ratelimited("ahash calculation failed: err: %d\n", err);
-   }
 
return err;
 }
@@ -233,7 +211,7 @@ static int ima_calc_file_hash_atfm(struct file *file,
int rc, read = 0, rbuf_len, active = 0, ahash_rc = 0;
struct ahash_request *req;
struct scatterlist sg[1];
-   struct ahash_completion res;
+   struct crypto_wait wait;
size_t rbuf_size[2];
 
hash->length = crypto_ahash_digestsize(tfm);
@@ -242,12 +220,12 @@ static int ima_calc_file_hash_atfm(struct file *file,
if (!req)
return -ENOMEM;
 
-   init_completion(&res.completion);
+   crypto_init_wait(&wait);
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
   CRYPTO_TFM_REQ_MAY_SLEEP,
-  ahash_complete, &res);
+  crypto_req_done, &wait);
 
-   rc = ahash_wait(crypto_ahash_init(req), &res);
+   rc = ahash_wait(crypto_ahash_init(req), &wait);
if (rc)
goto out1;
 
@@ -288,7 +266,7 @@ static int ima_calc_file_hash_atfm(struct file *file,
 * read/request, wait for the completion of the
 * previous ahash_update() request.
 */
-   rc = ahash_wait(ahash_rc, &res);
+   rc = ahash_wait(ahash_rc, &wait);
if (rc)
goto out3;
}
@@ -304,7 +282,7 @@ static int ima_calc_file_hash_atfm(struct file *file,
 * read/request, wait for the completion of the
 * previous ahash_update() request.
 */
-   rc = ahash_wait(ahash_rc, &res);
+   rc = ahash_wait(ahash_rc, &wait);
if (rc)
goto out3;
}
@@ -318,7 +296,7 @@ static int ima_calc_file_hash_atfm(struct file *file,
active = !active; /* swap buffers, if we use two */
}
/* wait for the last update request to complete */
-   rc = ahash_wait(ahash_rc, &res);
+   rc = ahash_wait(ahash_rc, &wait);
 out3:
if (read)
file->f_mode &= ~FMODE_READ;
@@ -327,7 +305,7 @@ static int ima_calc_file_hash_atfm(struct file *file,
 out2:
if (!rc) {
ahash_request_set_crypt(req, NULL, hash->digest, 0);
-   rc = ahash_wait(crypto_ahash_final(req), &res);
+   rc = ahash_wait(crypto_ahash_final(req), &wait);
}
 out1:
ahash_request_free(req);
@@ -527,7 +505,7 @@ static int calc_buffer_ahash_atfm(const void *buf, loff_t 
len,
 {
struct ahash_request *req;
struct scatterlist sg;
-   struct ahash_completion res;
+   struct crypto_wait wait;
int rc, ahash_rc = 0;
 
hash->length = crypto_ahash_digestsize(tfm);
@@ -536,12 +514,12 @@ static int calc_buffer_ahash_atfm(const void *buf, loff_t 
len,
if (!req)
return -ENOMEM;
 
-   init_completion(&res.completion);
+   crypto_init_wait(&wait);
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
   CRYPTO_TFM_REQ_MAY_SLEEP,
-  

[PATCH v5 13/19] cifs: move to generic async completion

[Gilad Ben-Yossef]

cifs starts an async. crypto op and waits for their completion.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
Acked-by: Pavel Shilovsky 
---
 fs/cifs/smb2ops.c | 30 --
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
index cfacf2c..16fb041 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -1878,22 +1878,6 @@ init_sg(struct smb_rqst *rqst, u8 *sign)
return sg;
 }
 
-struct cifs_crypt_result {
-   int err;
-   struct completion completion;
-};
-
-static void cifs_crypt_complete(struct crypto_async_request *req, int err)
-{
-   struct cifs_crypt_result *res = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   res->err = err;
-   complete(&res->completion);
-}
-
 static int
 smb2_get_enc_key(struct TCP_Server_Info *server, __u64 ses_id, int enc, u8 
*key)
 {
@@ -1934,12 +1918,10 @@ crypt_message(struct TCP_Server_Info *server, struct 
smb_rqst *rqst, int enc)
struct aead_request *req;
char *iv;
unsigned int iv_len;
-   struct cifs_crypt_result result = {0, };
+   DECLARE_CRYPTO_WAIT(wait);
struct crypto_aead *tfm;
unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
 
-   init_completion(&result.completion);
-
rc = smb2_get_enc_key(server, tr_hdr->SessionId, enc, key);
if (rc) {
cifs_dbg(VFS, "%s: Could not get %scryption key\n", __func__,
@@ -1999,14 +1981,10 @@ crypt_message(struct TCP_Server_Info *server, struct 
smb_rqst *rqst, int enc)
aead_request_set_ad(req, assoc_data_len);
 
aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- cifs_crypt_complete, &result);
+ crypto_req_done, &wait);
 
-   rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
-
-   if (rc == -EINPROGRESS || rc == -EBUSY) {
-   wait_for_completion(&result.completion);
-   rc = result.err;
-   }
+   rc = crypto_wait_req(enc ? crypto_aead_encrypt(req)
+   : crypto_aead_decrypt(req), &wait);
 
if (!rc && enc)
memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
-- 
2.1.4

[PATCH v5 12/19] dm: move dm-verity to generic async completion

[Gilad Ben-Yossef]

dm-verity is starting async. crypto ops and waiting for them to complete.
Move it over to generic code doing the same.

This also fixes a possible data coruption bug created by the
use of wait_for_completion_interruptible() without dealing
correctly with an interrupt aborting the wait prior to the
async op finishing.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/md/dm-verity-target.c | 81 +++
 drivers/md/dm-verity.h|  5 ---
 2 files changed, 20 insertions(+), 66 deletions(-)

diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 79f18d4..8df08a8 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -92,74 +92,33 @@ static sector_t verity_position_at_level(struct dm_verity 
*v, sector_t block,
return block >> (level * v->hash_per_block_bits);
 }
 
-/*
- * Callback function for asynchrnous crypto API completion notification
- */
-static void verity_op_done(struct crypto_async_request *base, int err)
-{
-   struct verity_result *res = (struct verity_result *)base->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   res->err = err;
-   complete(&res->completion);
-}
-
-/*
- * Wait for async crypto API callback
- */
-static inline int verity_complete_op(struct verity_result *res, int ret)
-{
-   switch (ret) {
-   case 0:
-   break;
-
-   case -EINPROGRESS:
-   case -EBUSY:
-   ret = wait_for_completion_interruptible(&res->completion);
-   if (!ret)
-   ret = res->err;
-   reinit_completion(&res->completion);
-   break;
-
-   default:
-   DMERR("verity_wait_hash: crypto op submission failed: %d", ret);
-   }
-
-   if (unlikely(ret < 0))
-   DMERR("verity_wait_hash: crypto op failed: %d", ret);
-
-   return ret;
-}
-
 static int verity_hash_update(struct dm_verity *v, struct ahash_request *req,
const u8 *data, size_t len,
-   struct verity_result *res)
+   struct crypto_wait *wait)
 {
struct scatterlist sg;
 
sg_init_one(&sg, data, len);
ahash_request_set_crypt(req, &sg, NULL, len);
 
-   return verity_complete_op(res, crypto_ahash_update(req));
+   return crypto_wait_req(crypto_ahash_update(req), wait);
 }
 
 /*
  * Wrapper for crypto_ahash_init, which handles verity salting.
  */
 static int verity_hash_init(struct dm_verity *v, struct ahash_request *req,
-   struct verity_result *res)
+   struct crypto_wait *wait)
 {
int r;
 
ahash_request_set_tfm(req, v->tfm);
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP |
CRYPTO_TFM_REQ_MAY_BACKLOG,
-   verity_op_done, (void *)res);
-   init_completion(&res->completion);
+   crypto_req_done, (void *)wait);
+   crypto_init_wait(wait);
 
-   r = verity_complete_op(res, crypto_ahash_init(req));
+   r = crypto_wait_req(crypto_ahash_init(req), wait);
 
if (unlikely(r < 0)) {
DMERR("crypto_ahash_init failed: %d", r);
@@ -167,18 +126,18 @@ static int verity_hash_init(struct dm_verity *v, struct 
ahash_request *req,
}
 
if (likely(v->salt_size && (v->version >= 1)))
-   r = verity_hash_update(v, req, v->salt, v->salt_size, res);
+   r = verity_hash_update(v, req, v->salt, v->salt_size, wait);
 
return r;
 }
 
 static int verity_hash_final(struct dm_verity *v, struct ahash_request *req,
-u8 *digest, struct verity_result *res)
+u8 *digest, struct crypto_wait *wait)
 {
int r;
 
if (unlikely(v->salt_size && (!v->version))) {
-   r = verity_hash_update(v, req, v->salt, v->salt_size, res);
+   r = verity_hash_update(v, req, v->salt, v->salt_size, wait);
 
if (r < 0) {
DMERR("verity_hash_final failed updating salt: %d", r);
@@ -187,7 +146,7 @@ static int verity_hash_final(struct dm_verity *v, struct 
ahash_request *req,
}
 
ahash_request_set_crypt(req, NULL, digest, 0);
-   r = verity_complete_op(res, crypto_ahash_final(req));
+   r = crypto_wait_req(crypto_ahash_final(req), wait);
 out:
return r;
 }
@@ -196,17 +155,17 @@ int verity_hash(struct dm_verity *v, struct ahash_request 
*req,
const u8 *data, size_t len, u8 *digest)
 {
int r;
-   struct verity_result res;
+   struct crypto_wait wait;
 
-   r = verity_hash_init(v, req, &res);
+   r = verity_hash_init(v, req, &wait);
if (unlikely(r < 0))
goto out;
 
-   r = verity_hash_update(v, req, data, len, &res);
+   r = verity_ha

[PATCH v5 11/19] fscrypt: move to generic async completion

[Gilad Ben-Yossef]

fscrypt starts several async. crypto ops and waiting for them to
complete. Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 fs/crypto/crypto.c  | 28 
 fs/crypto/fname.c   | 36 ++--
 fs/crypto/fscrypt_private.h | 10 --
 fs/crypto/keyinfo.c | 21 +++--
 4 files changed, 13 insertions(+), 82 deletions(-)

diff --git a/fs/crypto/crypto.c b/fs/crypto/crypto.c
index c7835df..80a3cad 100644
--- a/fs/crypto/crypto.c
+++ b/fs/crypto/crypto.c
@@ -126,21 +126,6 @@ struct fscrypt_ctx *fscrypt_get_ctx(const struct inode 
*inode, gfp_t gfp_flags)
 }
 EXPORT_SYMBOL(fscrypt_get_ctx);
 
-/**
- * page_crypt_complete() - completion callback for page crypto
- * @req: The asynchronous cipher request context
- * @res: The result of the cipher operation
- */
-static void page_crypt_complete(struct crypto_async_request *req, int res)
-{
-   struct fscrypt_completion_result *ecr = req->data;
-
-   if (res == -EINPROGRESS)
-   return;
-   ecr->res = res;
-   complete(&ecr->completion);
-}
-
 int fscrypt_do_page_crypto(const struct inode *inode, fscrypt_direction_t rw,
   u64 lblk_num, struct page *src_page,
   struct page *dest_page, unsigned int len,
@@ -151,7 +136,7 @@ int fscrypt_do_page_crypto(const struct inode *inode, 
fscrypt_direction_t rw,
u8 padding[FS_IV_SIZE - sizeof(__le64)];
} iv;
struct skcipher_request *req = NULL;
-   DECLARE_FS_COMPLETION_RESULT(ecr);
+   DECLARE_CRYPTO_WAIT(wait);
struct scatterlist dst, src;
struct fscrypt_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_ctfm;
@@ -179,7 +164,7 @@ int fscrypt_do_page_crypto(const struct inode *inode, 
fscrypt_direction_t rw,
 
skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
-   page_crypt_complete, &ecr);
+   crypto_req_done, &wait);
 
sg_init_table(&dst, 1);
sg_set_page(&dst, dest_page, len, offs);
@@ -187,14 +172,9 @@ int fscrypt_do_page_crypto(const struct inode *inode, 
fscrypt_direction_t rw,
sg_set_page(&src, src_page, len, offs);
skcipher_request_set_crypt(req, &src, &dst, len, &iv);
if (rw == FS_DECRYPT)
-   res = crypto_skcipher_decrypt(req);
+   res = crypto_wait_req(crypto_skcipher_decrypt(req), &wait);
else
-   res = crypto_skcipher_encrypt(req);
-   if (res == -EINPROGRESS || res == -EBUSY) {
-   BUG_ON(req->base.data != &ecr);
-   wait_for_completion(&ecr.completion);
-   res = ecr.res;
-   }
+   res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
skcipher_request_free(req);
if (res) {
printk_ratelimited(KERN_ERR
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index ad9f814..a80a0d3 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -15,21 +15,6 @@
 #include "fscrypt_private.h"
 
 /**
- * fname_crypt_complete() - completion callback for filename crypto
- * @req: The asynchronous cipher request context
- * @res: The result of the cipher operation
- */
-static void fname_crypt_complete(struct crypto_async_request *req, int res)
-{
-   struct fscrypt_completion_result *ecr = req->data;
-
-   if (res == -EINPROGRESS)
-   return;
-   ecr->res = res;
-   complete(&ecr->completion);
-}
-
-/**
  * fname_encrypt() - encrypt a filename
  *
  * The caller must have allocated sufficient memory for the @oname string.
@@ -40,7 +25,7 @@ static int fname_encrypt(struct inode *inode,
const struct qstr *iname, struct fscrypt_str *oname)
 {
struct skcipher_request *req = NULL;
-   DECLARE_FS_COMPLETION_RESULT(ecr);
+   DECLARE_CRYPTO_WAIT(wait);
struct fscrypt_info *ci = inode->i_crypt_info;
struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
@@ -76,17 +61,12 @@ static int fname_encrypt(struct inode *inode,
}
skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
-   fname_crypt_complete, &ecr);
+   crypto_req_done, &wait);
sg_init_one(&sg, oname->name, cryptlen);
skcipher_request_set_crypt(req, &sg, &sg, cryptlen, iv);
 
/* Do the encryption */
-   res = crypto_skcipher_encrypt(req);
-   if (res == -EINPROGRESS || res == -EBUSY) {
-   /* Request is being completed asynchronously; wait for it */
-   wait_for_completion(&ecr.completion);
-   res = ecr.res;
-   }
+   res = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
skcipher_request_free(req);
if (res < 0) {
printk_ratelimite

[PATCH v5 09/19] crypto: move gcm to generic async completion

[Gilad Ben-Yossef]

gcm is starting an async. crypto op and waiting for it complete.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/gcm.c | 32 ++--
 1 file changed, 6 insertions(+), 26 deletions(-)

diff --git a/crypto/gcm.c b/crypto/gcm.c
index 3841b5e..fb923a5 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -16,7 +16,6 @@
 #include 
 #include 
 #include "internal.h"
-#include 
 #include 
 #include 
 #include 
@@ -78,11 +77,6 @@ struct crypto_gcm_req_priv_ctx {
} u;
 };
 
-struct crypto_gcm_setkey_result {
-   int err;
-   struct completion completion;
-};
-
 static struct {
u8 buf[16];
struct scatterlist sg;
@@ -98,17 +92,6 @@ static inline struct crypto_gcm_req_priv_ctx 
*crypto_gcm_reqctx(
return (void *)PTR_ALIGN((u8 *)aead_request_ctx(req), align + 1);
 }
 
-static void crypto_gcm_setkey_done(struct crypto_async_request *req, int err)
-{
-   struct crypto_gcm_setkey_result *result = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   result->err = err;
-   complete(&result->completion);
-}
-
 static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
 unsigned int keylen)
 {
@@ -119,7 +102,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
be128 hash;
u8 iv[16];
 
-   struct crypto_gcm_setkey_result result;
+   struct crypto_wait wait;
 
struct scatterlist sg[1];
struct skcipher_request req;
@@ -140,21 +123,18 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, 
const u8 *key,
if (!data)
return -ENOMEM;
 
-   init_completion(&data->result.completion);
+   crypto_init_wait(&data->wait);
sg_init_one(data->sg, &data->hash, sizeof(data->hash));
skcipher_request_set_tfm(&data->req, ctr);
skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
  CRYPTO_TFM_REQ_MAY_BACKLOG,
- crypto_gcm_setkey_done,
- &data->result);
+ crypto_req_done,
+ &data->wait);
skcipher_request_set_crypt(&data->req, data->sg, data->sg,
   sizeof(data->hash), data->iv);
 
-   err = crypto_skcipher_encrypt(&data->req);
-   if (err == -EINPROGRESS || err == -EBUSY) {
-   wait_for_completion(&data->result.completion);
-   err = data->result.err;
-   }
+   err = crypto_wait_req(crypto_skcipher_encrypt(&data->req),
+   &data->wait);
 
if (err)
goto out;
-- 
2.1.4

[PATCH v5 10/19] crypto: move testmgr to generic async completion

[Gilad Ben-Yossef]

testmgr is starting async. crypto ops and waiting for them to complete.
Move it over to generic code doing the same.

This also provides a test of the generic crypto async. wait code.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/testmgr.c | 204 ++-
 1 file changed, 66 insertions(+), 138 deletions(-)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 7125ba3..a65b4d5 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -76,11 +76,6 @@ int alg_test(const char *driver, const char *alg, u32 type, 
u32 mask)
 #define ENCRYPT 1
 #define DECRYPT 0
 
-struct tcrypt_result {
-   struct completion completion;
-   int err;
-};
-
 struct aead_test_suite {
struct {
const struct aead_testvec *vecs;
@@ -155,17 +150,6 @@ static void hexdump(unsigned char *buf, unsigned int len)
buf, len, false);
 }
 
-static void tcrypt_complete(struct crypto_async_request *req, int err)
-{
-   struct tcrypt_result *res = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   res->err = err;
-   complete(&res->completion);
-}
-
 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
 {
int i;
@@ -193,20 +177,10 @@ static void testmgr_free_buf(char *buf[XBUFSIZE])
free_page((unsigned long)buf[i]);
 }
 
-static int wait_async_op(struct tcrypt_result *tr, int ret)
-{
-   if (ret == -EINPROGRESS || ret == -EBUSY) {
-   wait_for_completion(&tr->completion);
-   reinit_completion(&tr->completion);
-   ret = tr->err;
-   }
-   return ret;
-}
-
 static int ahash_partial_update(struct ahash_request **preq,
struct crypto_ahash *tfm, const struct hash_testvec *template,
void *hash_buff, int k, int temp, struct scatterlist *sg,
-   const char *algo, char *result, struct tcrypt_result *tresult)
+   const char *algo, char *result, struct crypto_wait *wait)
 {
char *state;
struct ahash_request *req;
@@ -236,7 +210,7 @@ static int ahash_partial_update(struct ahash_request **preq,
}
ahash_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG,
-   tcrypt_complete, tresult);
+   crypto_req_done, wait);
 
memcpy(hash_buff, template->plaintext + temp,
template->tap[k]);
@@ -247,7 +221,7 @@ static int ahash_partial_update(struct ahash_request **preq,
pr_err("alg: hash: Failed to import() for %s\n", algo);
goto out;
}
-   ret = wait_async_op(tresult, crypto_ahash_update(req));
+   ret = crypto_wait_req(crypto_ahash_update(req), wait);
if (ret)
goto out;
*preq = req;
@@ -272,7 +246,7 @@ static int __test_hash(struct crypto_ahash *tfm,
char *result;
char *key;
struct ahash_request *req;
-   struct tcrypt_result tresult;
+   struct crypto_wait wait;
void *hash_buff;
char *xbuf[XBUFSIZE];
int ret = -ENOMEM;
@@ -286,7 +260,7 @@ static int __test_hash(struct crypto_ahash *tfm,
if (testmgr_alloc_buf(xbuf))
goto out_nobuf;
 
-   init_completion(&tresult.completion);
+   crypto_init_wait(&wait);
 
req = ahash_request_alloc(tfm, GFP_KERNEL);
if (!req) {
@@ -295,7 +269,7 @@ static int __test_hash(struct crypto_ahash *tfm,
goto out_noreq;
}
ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-  tcrypt_complete, &tresult);
+  crypto_req_done, &wait);
 
j = 0;
for (i = 0; i < tcount; i++) {
@@ -335,26 +309,26 @@ static int __test_hash(struct crypto_ahash *tfm,
 
ahash_request_set_crypt(req, sg, result, template[i].psize);
if (use_digest) {
-   ret = wait_async_op(&tresult, crypto_ahash_digest(req));
+   ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
if (ret) {
pr_err("alg: hash: digest failed on test %d "
   "for %s: ret=%d\n", j, algo, -ret);
goto out;
}
} else {
-   ret = wait_async_op(&tresult, crypto_ahash_init(req));
+   ret = crypto_wait_req(crypto_ahash_init(req), &wait);
if (ret) {
pr_err("alg: hash: init failed on test %d "
   "for %s: ret=%d\n", j, algo, -ret);
goto out;
}
-   ret = wait_async_op(&tresult, crypto_ahash_update(req));
+   ret = crypto_wait_req(crypto_ahash_update(req), &wait);
if (ret) {
pr_err("alg: has

[PATCH v5 07/19] crypto: move pub key to generic async completion

[Gilad Ben-Yossef]

public_key_verify_signature() is starting an async crypto op and
waiting for it to complete. Move it over to generic code doing
the same.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/asymmetric_keys/public_key.c | 28 
 1 file changed, 4 insertions(+), 24 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c 
b/crypto/asymmetric_keys/public_key.c
index 3cd6e12..d916235 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -57,29 +57,13 @@ static void public_key_destroy(void *payload0, void 
*payload3)
public_key_signature_free(payload3);
 }
 
-struct public_key_completion {
-   struct completion completion;
-   int err;
-};
-
-static void public_key_verify_done(struct crypto_async_request *req, int err)
-{
-   struct public_key_completion *compl = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   compl->err = err;
-   complete(&compl->completion);
-}
-
 /*
  * Verify a signature using a public key.
  */
 int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)
 {
-   struct public_key_completion compl;
+   struct crypto_wait cwait;
struct crypto_akcipher *tfm;
struct akcipher_request *req;
struct scatterlist sig_sg, digest_sg;
@@ -131,20 +115,16 @@ int public_key_verify_signature(const struct public_key 
*pkey,
sg_init_one(&digest_sg, output, outlen);
akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
   outlen);
-   init_completion(&compl.completion);
+   crypto_init_wait(&cwait);
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
  CRYPTO_TFM_REQ_MAY_SLEEP,
- public_key_verify_done, &compl);
+ crypto_req_done, &cwait);
 
/* Perform the verification calculation.  This doesn't actually do the
 * verification, but rather calculates the hash expected by the
 * signature and returns that to us.
 */
-   ret = crypto_akcipher_verify(req);
-   if ((ret == -EINPROGRESS) || (ret == -EBUSY)) {
-   wait_for_completion(&compl.completion);
-   ret = compl.err;
-   }
+   ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
if (ret < 0)
goto out_free_output;
 
-- 
2.1.4

[PATCH v5 08/19] crypto: move drbg to generic async completion

[Gilad Ben-Yossef]

DRBG is starting an async. crypto op and waiting for it complete.
Move it over to generic code doing the same.

The code now also passes CRYPTO_TFM_REQ_MAY_SLEEP flag indicating
crypto request memory allocation may use GFP_KERNEL which should
be perfectly fine as the code is obviously sleeping for the
completion of the request any way.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/drbg.c | 36 +---
 include/crypto/drbg.h |  3 +--
 2 files changed, 10 insertions(+), 29 deletions(-)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index 633a88e..c522251 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1651,16 +1651,6 @@ static int drbg_fini_sym_kernel(struct drbg_state *drbg)
return 0;
 }
 
-static void drbg_skcipher_cb(struct crypto_async_request *req, int error)
-{
-   struct drbg_state *drbg = req->data;
-
-   if (error == -EINPROGRESS)
-   return;
-   drbg->ctr_async_err = error;
-   complete(&drbg->ctr_completion);
-}
-
 static int drbg_init_sym_kernel(struct drbg_state *drbg)
 {
struct crypto_cipher *tfm;
@@ -1691,7 +1681,7 @@ static int drbg_init_sym_kernel(struct drbg_state *drbg)
return PTR_ERR(sk_tfm);
}
drbg->ctr_handle = sk_tfm;
-   init_completion(&drbg->ctr_completion);
+   crypto_init_wait(&drbg->ctr_wait);
 
req = skcipher_request_alloc(sk_tfm, GFP_KERNEL);
if (!req) {
@@ -1700,8 +1690,9 @@ static int drbg_init_sym_kernel(struct drbg_state *drbg)
return -ENOMEM;
}
drbg->ctr_req = req;
-   skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
-   drbg_skcipher_cb, drbg);
+   skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+   CRYPTO_TFM_REQ_MAY_SLEEP,
+   crypto_req_done, &drbg->ctr_wait);
 
alignmask = crypto_skcipher_alignmask(sk_tfm);
drbg->ctr_null_value_buf = kzalloc(DRBG_CTR_NULL_LEN + alignmask,
@@ -1762,21 +1753,12 @@ static int drbg_kcapi_sym_ctr(struct drbg_state *drbg,
/* Output buffer may not be valid for SGL, use scratchpad */
skcipher_request_set_crypt(drbg->ctr_req, &sg_in, &sg_out,
   cryptlen, drbg->V);
-   ret = crypto_skcipher_encrypt(drbg->ctr_req);
-   switch (ret) {
-   case 0:
-   break;
-   case -EINPROGRESS:
-   case -EBUSY:
-   wait_for_completion(&drbg->ctr_completion);
-   if (!drbg->ctr_async_err) {
-   reinit_completion(&drbg->ctr_completion);
-   break;
-   }
-   default:
+   ret = crypto_wait_req(crypto_skcipher_encrypt(drbg->ctr_req),
+   &drbg->ctr_wait);
+   if (ret)
goto out;
-   }
-   init_completion(&drbg->ctr_completion);
+
+   crypto_init_wait(&drbg->ctr_wait);
 
memcpy(outbuf, drbg->outscratchpad, cryptlen);
 
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
index 22f884c..8f94110 100644
--- a/include/crypto/drbg.h
+++ b/include/crypto/drbg.h
@@ -126,8 +126,7 @@ struct drbg_state {
__u8 *ctr_null_value;   /* CTR mode aligned zero buf */
__u8 *outscratchpadbuf; /* CTR mode output scratchpad */
 __u8 *outscratchpad;   /* CTR mode aligned outbuf */
-   struct completion ctr_completion;   /* CTR mode async handler */
-   int ctr_async_err;  /* CTR mode async error */
+   struct crypto_wait ctr_wait;/* CTR mode async wait obj */
 
bool seeded;/* DRBG fully seeded? */
bool pr;/* Prediction resistance enabled? */
-- 
2.1.4

[PATCH v5 06/19] crypto: move algif to generic async completion

[Gilad Ben-Yossef]

algif starts several async crypto ops and waits for their completion.
Move it over to generic code doing the same.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/af_alg.c | 27 ---
 crypto/algif_aead.c |  8 
 crypto/algif_hash.c | 30 ++
 crypto/algif_skcipher.c |  9 -
 include/crypto/if_alg.h | 15 +--
 5 files changed, 23 insertions(+), 66 deletions(-)

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index d6936c0..f8917e7 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -481,33 +481,6 @@ int af_alg_cmsg_send(struct msghdr *msg, struct 
af_alg_control *con)
 }
 EXPORT_SYMBOL_GPL(af_alg_cmsg_send);
 
-int af_alg_wait_for_completion(int err, struct af_alg_completion *completion)
-{
-   switch (err) {
-   case -EINPROGRESS:
-   case -EBUSY:
-   wait_for_completion(&completion->completion);
-   reinit_completion(&completion->completion);
-   err = completion->err;
-   break;
-   };
-
-   return err;
-}
-EXPORT_SYMBOL_GPL(af_alg_wait_for_completion);
-
-void af_alg_complete(struct crypto_async_request *req, int err)
-{
-   struct af_alg_completion *completion = req->data;
-
-   if (err == -EINPROGRESS)
-   return;
-
-   completion->err = err;
-   complete(&completion->completion);
-}
-EXPORT_SYMBOL_GPL(af_alg_complete);
-
 /**
  * af_alg_alloc_tsgl - allocate the TX SGL
  *
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 48d46e7..abbac8a 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -278,11 +278,11 @@ static int _aead_recvmsg(struct socket *sock, struct 
msghdr *msg,
/* Synchronous operation */
aead_request_set_callback(&areq->cra_u.aead_req,
  CRYPTO_TFM_REQ_MAY_BACKLOG,
- af_alg_complete, &ctx->completion);
-   err = af_alg_wait_for_completion(ctx->enc ?
+ crypto_req_done, &ctx->wait);
+   err = crypto_wait_req(ctx->enc ?
crypto_aead_encrypt(&areq->cra_u.aead_req) :
crypto_aead_decrypt(&areq->cra_u.aead_req),
-&ctx->completion);
+   &ctx->wait);
}
 
/* AIO operation in progress */
@@ -554,7 +554,7 @@ static int aead_accept_parent_nokey(void *private, struct 
sock *sk)
ctx->merge = 0;
ctx->enc = 0;
ctx->aead_assoclen = 0;
-   af_alg_init_completion(&ctx->completion);
+   crypto_init_wait(&ctx->wait);
 
ask->private = ctx;
 
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 3b3c154..d2ab8de 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -26,7 +26,7 @@ struct hash_ctx {
 
u8 *result;
 
-   struct af_alg_completion completion;
+   struct crypto_wait wait;
 
unsigned int len;
bool more;
@@ -102,8 +102,7 @@ static int hash_sendmsg(struct socket *sock, struct msghdr 
*msg,
if ((msg->msg_flags & MSG_MORE))
hash_free_result(sk, ctx);
 
-   err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req),
-   &ctx->completion);
+   err = crypto_wait_req(crypto_ahash_init(&ctx->req), &ctx->wait);
if (err)
goto unlock;
}
@@ -124,8 +123,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr 
*msg,
 
ahash_request_set_crypt(&ctx->req, ctx->sgl.sg, NULL, len);
 
-   err = af_alg_wait_for_completion(crypto_ahash_update(&ctx->req),
-&ctx->completion);
+   err = crypto_wait_req(crypto_ahash_update(&ctx->req),
+ &ctx->wait);
af_alg_free_sg(&ctx->sgl);
if (err)
goto unlock;
@@ -143,8 +142,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr 
*msg,
goto unlock;
 
ahash_request_set_crypt(&ctx->req, NULL, ctx->result, 0);
-   err = af_alg_wait_for_completion(crypto_ahash_final(&ctx->req),
-&ctx->completion);
+   err = crypto_wait_req(crypto_ahash_final(&ctx->req),
+ &ctx->wait);
}
 
 unlock:
@@ -185,7 +184,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct 
page *page,
} else {
if (!ctx->more) {
err = crypto_ahash_init(&ctx->req);
-   err = af_alg_wait_for_completion(err, &ctx->completion);
+   err = crypto_wait_req(err, &ctx->wait);
if (err)
 

[PATCH v5 04/19] crypto: marvell/cesa: remove redundant backlog checks on EBUSY

[Gilad Ben-Yossef]

Now that -EBUSY return code only indicates backlog queueing
we can safely remove the now redundant check for the
CRYPTO_TFM_REQ_MAY_BACKLOG flag when -EBUSY is returned.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/crypto/marvell/cesa.c | 3 +--
 drivers/crypto/marvell/cesa.h | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c
index 6e7a5c7..269737f 100644
--- a/drivers/crypto/marvell/cesa.c
+++ b/drivers/crypto/marvell/cesa.c
@@ -183,8 +183,7 @@ int mv_cesa_queue_req(struct crypto_async_request *req,
spin_lock_bh(&engine->lock);
ret = crypto_enqueue_request(&engine->queue, req);
if ((mv_cesa_req_get_type(creq) == CESA_DMA_REQ) &&
-   (ret == -EINPROGRESS ||
-   (ret == -EBUSY && req->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   (ret == -EINPROGRESS || ret == -EBUSY)
mv_cesa_tdma_chain(engine, creq);
spin_unlock_bh(&engine->lock);
 
diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h
index b7872f6..63c8457 100644
--- a/drivers/crypto/marvell/cesa.h
+++ b/drivers/crypto/marvell/cesa.h
@@ -763,7 +763,7 @@ static inline int mv_cesa_req_needs_cleanup(struct 
crypto_async_request *req,
 * the backlog and will be processed later. There's no need to
 * clean it up.
 */
-   if (ret == -EBUSY && req->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
+   if (ret == -EBUSY)
return false;
 
/* Request wasn't queued, we need to clean it up */
-- 
2.1.4

[PATCH v5 03/19] crypto: remove redundant backlog checks on EBUSY

[Gilad Ben-Yossef]

Now that -EBUSY return code only indicates backlog queueing
we can safely remove the now redundant check for the
CRYPTO_TFM_REQ_MAY_BACKLOG flag when -EBUSY is returned.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/ahash.c| 12 +++-
 crypto/cts.c  |  6 ++
 crypto/lrw.c  |  8 ++--
 crypto/rsa-pkcs1pad.c | 16 
 crypto/xts.c  |  8 ++--
 5 files changed, 13 insertions(+), 37 deletions(-)

diff --git a/crypto/ahash.c b/crypto/ahash.c
index 826cd7a..d63eeef 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -334,9 +334,7 @@ static int ahash_op_unaligned(struct ahash_request *req,
return err;
 
err = op(req);
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY && (ahash_request_flags(req) &
-  CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   if (err == -EINPROGRESS || err == -EBUSY)
return err;
 
ahash_restore_req(req, err);
@@ -394,9 +392,7 @@ static int ahash_def_finup_finish1(struct ahash_request 
*req, int err)
req->base.complete = ahash_def_finup_done2;
 
err = crypto_ahash_reqtfm(req)->final(req);
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY && (ahash_request_flags(req) &
-  CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   if (err == -EINPROGRESS || err == -EBUSY)
return err;
 
 out:
@@ -432,9 +428,7 @@ static int ahash_def_finup(struct ahash_request *req)
return err;
 
err = tfm->update(req);
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY && (ahash_request_flags(req) &
-  CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   if (err == -EINPROGRESS || err == -EBUSY)
return err;
 
return ahash_def_finup_finish1(req, err);
diff --git a/crypto/cts.c b/crypto/cts.c
index 243f591..4773c18 100644
--- a/crypto/cts.c
+++ b/crypto/cts.c
@@ -136,8 +136,7 @@ static void crypto_cts_encrypt_done(struct 
crypto_async_request *areq, int err)
goto out;
 
err = cts_cbc_encrypt(req);
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY && req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
+   if (err == -EINPROGRESS || err == -EBUSY)
return;
 
 out:
@@ -229,8 +228,7 @@ static void crypto_cts_decrypt_done(struct 
crypto_async_request *areq, int err)
goto out;
 
err = cts_cbc_decrypt(req);
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY && req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
+   if (err == -EINPROGRESS || err == -EBUSY)
return;
 
 out:
diff --git a/crypto/lrw.c b/crypto/lrw.c
index a8bfae4..695cea9 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -328,9 +328,7 @@ static int do_encrypt(struct skcipher_request *req, int err)
  crypto_skcipher_encrypt(subreq) ?:
  post_crypt(req);
 
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY &&
-req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
+   if (err == -EINPROGRESS || err == -EBUSY)
return err;
}
 
@@ -380,9 +378,7 @@ static int do_decrypt(struct skcipher_request *req, int err)
  crypto_skcipher_decrypt(subreq) ?:
  post_crypt(req);
 
-   if (err == -EINPROGRESS ||
-   (err == -EBUSY &&
-req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
+   if (err == -EINPROGRESS || err == -EBUSY)
return err;
}
 
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 407c64b..2908f93 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -279,9 +279,7 @@ static int pkcs1pad_encrypt(struct akcipher_request *req)
   req->dst, ctx->key_size - 1, req->dst_len);
 
err = crypto_akcipher_encrypt(&req_ctx->child_req);
-   if (err != -EINPROGRESS &&
-   (err != -EBUSY ||
-!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_encrypt_sign_complete(req, err);
 
return err;
@@ -383,9 +381,7 @@ static int pkcs1pad_decrypt(struct akcipher_request *req)
   ctx->key_size);
 
err = crypto_akcipher_decrypt(&req_ctx->child_req);
-   if (err != -EINPROGRESS &&
-   (err != -EBUSY ||
-!(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
+   if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_decrypt_complete(req, err);
 
return err;
@@ -440,9 +436,7 @@ static int pkcs1pad_sign(struct akcipher_request *req)
   req->dst, ctx->key_size - 1, req->dst_len);
 
err = crypto_akcipher_sign(&req_ctx->child_req);
-   if (err != -EI

[PATCH v5 05/19] crypto: introduce crypto wait for async op

[Gilad Ben-Yossef]

Invoking a possibly async. crypto op and waiting for completion
while correctly handling backlog processing is a common task
in the crypto API implementation and outside users of it.

This patch adds a generic implementation for doing so in
preparation for using it across the board instead of hand
rolled versions.

Signed-off-by: Gilad Ben-Yossef 
CC: Eric Biggers 
---
 crypto/api.c   | 13 +
 include/linux/crypto.h | 41 +
 2 files changed, 54 insertions(+)

diff --git a/crypto/api.c b/crypto/api.c
index 941cd4c..2a2479d 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 #include "internal.h"
 
 LIST_HEAD(crypto_alg_list);
@@ -595,5 +596,17 @@ int crypto_has_alg(const char *name, u32 type, u32 mask)
 }
 EXPORT_SYMBOL_GPL(crypto_has_alg);
 
+void crypto_req_done(struct crypto_async_request *req, int err)
+{
+   struct crypto_wait *wait = req->data;
+
+   if (err == -EINPROGRESS)
+   return;
+
+   wait->err = err;
+   complete(&wait->completion);
+}
+EXPORT_SYMBOL_GPL(crypto_req_done);
+
 MODULE_DESCRIPTION("Cryptographic core API");
 MODULE_LICENSE("GPL");
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 84da997..bb00186 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 
 /*
  * Autoloaded crypto modules should only use a prefixed name to avoid allowing
@@ -468,6 +469,45 @@ struct crypto_alg {
 } CRYPTO_MINALIGN_ATTR;
 
 /*
+ * A helper struct for waiting for completion of async crypto ops
+ */
+struct crypto_wait {
+   struct completion completion;
+   int err;
+};
+
+/*
+ * Macro for declaring a crypto op async wait object on stack
+ */
+#define DECLARE_CRYPTO_WAIT(_wait) \
+   struct crypto_wait _wait = { \
+   COMPLETION_INITIALIZER_ONSTACK((_wait).completion), 0 }
+
+/*
+ * Async ops completion helper functioons
+ */
+void crypto_req_done(struct crypto_async_request *req, int err);
+
+static inline int crypto_wait_req(int err, struct crypto_wait *wait)
+{
+   switch (err) {
+   case -EINPROGRESS:
+   case -EBUSY:
+   wait_for_completion(&wait->completion);
+   reinit_completion(&wait->completion);
+   err = wait->err;
+   break;
+   };
+
+   return err;
+}
+
+static inline void crypto_init_wait(struct crypto_wait *wait)
+{
+   init_completion(&wait->completion);
+}
+
+/*
  * Algorithm registration interface.
  */
 int crypto_register_alg(struct crypto_alg *alg);
@@ -1604,5 +1644,6 @@ static inline int crypto_comp_decompress(struct 
crypto_comp *tfm,
src, slen, dst, dlen);
 }
 
+
 #endif /* _LINUX_CRYPTO_H */
 
-- 
2.1.4

[PATCH v5 02/19] crypto: ccp: use -EAGAIN for transient busy indication

[Gilad Ben-Yossef]

Replace -EBUSY with -EAGAIN when reporting transient busy
indication in the absence of backlog.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/crypto/ccp/ccp-crypto-main.c | 8 +++-
 drivers/crypto/ccp/ccp-dev.c | 7 +--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-main.c 
b/drivers/crypto/ccp/ccp-crypto-main.c
index 35a9de7..403ff0a 100644
--- a/drivers/crypto/ccp/ccp-crypto-main.c
+++ b/drivers/crypto/ccp/ccp-crypto-main.c
@@ -222,9 +222,10 @@ static int ccp_crypto_enqueue_cmd(struct ccp_crypto_cmd 
*crypto_cmd)
 
/* Check if the cmd can/should be queued */
if (req_queue.cmd_count >= CCP_CRYPTO_MAX_QLEN) {
-   ret = -EBUSY;
-   if (!(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG))
+   if (!(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG)) {
+   ret = -EAGAIN;
goto e_lock;
+   }
}
 
/* Look for an entry with the same tfm.  If there is a cmd
@@ -243,9 +244,6 @@ static int ccp_crypto_enqueue_cmd(struct ccp_crypto_cmd 
*crypto_cmd)
ret = ccp_enqueue_cmd(crypto_cmd->cmd);
if (!ccp_crypto_success(ret))
goto e_lock;/* Error, don't queue it */
-   if ((ret == -EBUSY) &&
-   !(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG))
-   goto e_lock;/* Not backlogging, don't queue it */
}
 
if (req_queue.cmd_count >= CCP_CRYPTO_MAX_QLEN) {
diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c
index 4e029b1..3d637e3 100644
--- a/drivers/crypto/ccp/ccp-dev.c
+++ b/drivers/crypto/ccp/ccp-dev.c
@@ -292,9 +292,12 @@ int ccp_enqueue_cmd(struct ccp_cmd *cmd)
i = ccp->cmd_q_count;
 
if (ccp->cmd_count >= MAX_CMD_QLEN) {
-   ret = -EBUSY;
-   if (cmd->flags & CCP_CMD_MAY_BACKLOG)
+   if (cmd->flags & CCP_CMD_MAY_BACKLOG) {
+   ret = -EBUSY;
list_add_tail(&cmd->entry, &ccp->backlog);
+   } else {
+   ret = -EAGAIN;
+   }
} else {
ret = -EINPROGRESS;
ccp->cmd_count++;
-- 
2.1.4

[PATCH v5 01/19] crypto: change transient busy return code to -EAGAIN

[Gilad Ben-Yossef]

The crypto API was using the -EBUSY return value to indicate
both a hard failure to submit a crypto operation into a
transformation provider when the latter was busy and the backlog
mechanism was not enabled as well as a notification that the
operation was queued into the backlog when the backlog mechanism
was enabled.

Having the same return code indicate two very different conditions
depending on a flag is both error prone and requires extra runtime
check like the following to discern between the cases:

if (err == -EINPROGRESS ||
(err == -EBUSY && (ahash_request_flags(req) &
   CRYPTO_TFM_REQ_MAY_BACKLOG)))

This patch changes the return code used to indicate a crypto op
failed due to the transformation provider being transiently busy
to -EAGAIN.

Signed-off-by: Gilad Ben-Yossef 
---
 crypto/algapi.c |  6 --
 crypto/algif_hash.c | 20 +---
 crypto/cryptd.c |  4 +---
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/crypto/algapi.c b/crypto/algapi.c
index aa699ff..916bee3 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -897,9 +897,11 @@ int crypto_enqueue_request(struct crypto_queue *queue,
int err = -EINPROGRESS;
 
if (unlikely(queue->qlen >= queue->max_qlen)) {
-   err = -EBUSY;
-   if (!(request->flags & CRYPTO_TFM_REQ_MAY_BACKLOG))
+   if (!(request->flags & CRYPTO_TFM_REQ_MAY_BACKLOG)) {
+   err = -EAGAIN;
goto out;
+   }
+   err = -EBUSY;
if (queue->backlog == &queue->list)
queue->backlog = &request->list;
}
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 5e92bd2..3b3c154 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -39,6 +39,20 @@ struct algif_hash_tfm {
bool has_key;
 };
 
+/* Previous versions of crypto_* ops used to return -EBUSY
+ * rather than -EAGAIN to indicate being tied up. The in
+ * kernel API changed but we don't want to break the user
+ * space API. As only the hash user interface exposed this
+ * error ever to the user, do the translation here.
+ */
+static inline int crypto_user_err(int err)
+{
+   if (err == -EAGAIN)
+   return -EBUSY;
+
+   return err;
+}
+
 static int hash_alloc_result(struct sock *sk, struct hash_ctx *ctx)
 {
unsigned ds;
@@ -136,7 +150,7 @@ static int hash_sendmsg(struct socket *sock, struct msghdr 
*msg,
 unlock:
release_sock(sk);
 
-   return err ?: copied;
+   return err ? crypto_user_err(err) : copied;
 }
 
 static ssize_t hash_sendpage(struct socket *sock, struct page *page,
@@ -188,7 +202,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct 
page *page,
 unlock:
release_sock(sk);
 
-   return err ?: size;
+   return err ? crypto_user_err(err) : size;
 }
 
 static int hash_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
@@ -236,7 +250,7 @@ static int hash_recvmsg(struct socket *sock, struct msghdr 
*msg, size_t len,
hash_free_result(sk, ctx);
release_sock(sk);
 
-   return err ?: len;
+   return err ? crypto_user_err(err) : len;
 }
 
 static int hash_accept(struct socket *sock, struct socket *newsock, int flags,
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 0508c48..d1dbdce 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -137,16 +137,14 @@ static int cryptd_enqueue_request(struct cryptd_queue 
*queue,
int cpu, err;
struct cryptd_cpu_queue *cpu_queue;
atomic_t *refcnt;
-   bool may_backlog;
 
cpu = get_cpu();
cpu_queue = this_cpu_ptr(queue->cpu_queue);
err = crypto_enqueue_request(&cpu_queue->queue, request);
 
refcnt = crypto_tfm_ctx(request->tfm);
-   may_backlog = request->flags & CRYPTO_TFM_REQ_MAY_BACKLOG;
 
-   if (err == -EBUSY && !may_backlog)
+   if (err == -EAGAIN)
goto out_put_cpu;
 
queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
-- 
2.1.4

Re: [PATCH v5 02/19] crypto: ccp: use -EAGAIN for transient busy indication

[Gary R Hook]

On 08/14/2017 10:21 AM, Gilad Ben-Yossef wrote:

Replace -EBUSY with -EAGAIN when reporting transient busy
indication in the absence of backlog.

Signed-off-by: Gilad Ben-Yossef 


Reviewed-by: Gary R Hook 


---
 drivers/crypto/ccp/ccp-crypto-main.c | 8 +++-
 drivers/crypto/ccp/ccp-dev.c | 7 +--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/ccp/ccp-crypto-main.c 
b/drivers/crypto/ccp/ccp-crypto-main.c
index 35a9de7..403ff0a 100644
--- a/drivers/crypto/ccp/ccp-crypto-main.c
+++ b/drivers/crypto/ccp/ccp-crypto-main.c
@@ -222,9 +222,10 @@ static int ccp_crypto_enqueue_cmd(struct ccp_crypto_cmd 
*crypto_cmd)

/* Check if the cmd can/should be queued */
if (req_queue.cmd_count >= CCP_CRYPTO_MAX_QLEN) {
-   ret = -EBUSY;
-   if (!(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG))
+   if (!(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG)) {
+   ret = -EAGAIN;
goto e_lock;
+   }
}

/* Look for an entry with the same tfm.  If there is a cmd
@@ -243,9 +244,6 @@ static int ccp_crypto_enqueue_cmd(struct ccp_crypto_cmd 
*crypto_cmd)
ret = ccp_enqueue_cmd(crypto_cmd->cmd);
if (!ccp_crypto_success(ret))
goto e_lock;/* Error, don't queue it */
-   if ((ret == -EBUSY) &&
-   !(crypto_cmd->cmd->flags & CCP_CMD_MAY_BACKLOG))
-   goto e_lock;/* Not backlogging, don't queue it */
}

if (req_queue.cmd_count >= CCP_CRYPTO_MAX_QLEN) {
diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c
index 4e029b1..3d637e3 100644
--- a/drivers/crypto/ccp/ccp-dev.c
+++ b/drivers/crypto/ccp/ccp-dev.c
@@ -292,9 +292,12 @@ int ccp_enqueue_cmd(struct ccp_cmd *cmd)
i = ccp->cmd_q_count;

if (ccp->cmd_count >= MAX_CMD_QLEN) {
-   ret = -EBUSY;
-   if (cmd->flags & CCP_CMD_MAY_BACKLOG)
+   if (cmd->flags & CCP_CMD_MAY_BACKLOG) {
+   ret = -EBUSY;
list_add_tail(&cmd->entry, &ccp->backlog);
+   } else {
+   ret = -EAGAIN;
+   }
} else {
ret = -EINPROGRESS;
ccp->cmd_count++;

Re: random.c: LFSR polynomials are not irreducible/primitive

[Theodore Ts'o]

On Mon, Aug 14, 2017 at 10:20:18AM +0200, Stephan Mueller wrote:
> Hi Ted,
> 
> drivers/char/random.c contains the following comment:
> 
> """
>  * Our mixing functions were analyzed by Lacharme, Roeck, Strubel, and
>  * Videau in their paper, "The Linux Pseudorandom Number Generator
>  * Revisited" (see: http://eprint.iacr.org/2012/251.pdf).  In their
>  * paper, they point out that we are not using a true Twisted GFSR,
>  * since Matsumoto & Kurita used a trinomial feedback polynomial (that
>  * is, with only three taps, instead of the six that we are using).
>  * As a result, the resulting polynomial is neither primitive nor
>  * irreducible, and hence does not have a maximal period over
>  * GF(2**32).  They suggest a slight change to the generator
>  * polynomial which improves the resulting TGFSR polynomial to be
>  * irreducible, which we have made here.
> """
> 
> This comment leads me to belief that the current polynomial is primitive (and 
> irreducible).
> 
> Strangely, this is not the case as seen with the following code that can be 
> used with the mathematical tool called magma. There is a free online version 
> of magma available to recheck it: http://magma.maths.usyd.edu.au/calc/
> 
> Note, the polynomials used up till 3.12 were primitive and irreducible.
> 
> Could you please help me understanding why the current polynomials are better 
> than the old ones?

Have you looked at section 3.1.1 of the above cited paper?

http://eprint.iacr.org/2012/251.pdf

- Ted

Re: [PATCH v5 05/19] crypto: introduce crypto wait for async op

[Jonathan Cameron]

On Mon, 14 Aug 2017 18:21:15 +0300
Gilad Ben-Yossef  wrote:

> Invoking a possibly async. crypto op and waiting for completion
> while correctly handling backlog processing is a common task
> in the crypto API implementation and outside users of it.
> 
> This patch adds a generic implementation for doing so in
> preparation for using it across the board instead of hand
> rolled versions.
> 
> Signed-off-by: Gilad Ben-Yossef 
> CC: Eric Biggers 

One really trivial point inline I happened to notice.

> ---
>  crypto/api.c   | 13 +
>  include/linux/crypto.h | 41 +
>  2 files changed, 54 insertions(+)
> 
> diff --git a/crypto/api.c b/crypto/api.c
> index 941cd4c..2a2479d 100644
> --- a/crypto/api.c
> +++ b/crypto/api.c
> @@ -24,6 +24,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include "internal.h"
>  
>  LIST_HEAD(crypto_alg_list);
> @@ -595,5 +596,17 @@ int crypto_has_alg(const char *name, u32 type, u32 mask)
>  }
>  EXPORT_SYMBOL_GPL(crypto_has_alg);
>  
> +void crypto_req_done(struct crypto_async_request *req, int err)
> +{
> + struct crypto_wait *wait = req->data;
> +
> + if (err == -EINPROGRESS)
> + return;
> +
> + wait->err = err;
> + complete(&wait->completion);
> +}
> +EXPORT_SYMBOL_GPL(crypto_req_done);
> +
>  MODULE_DESCRIPTION("Cryptographic core API");
>  MODULE_LICENSE("GPL");
> diff --git a/include/linux/crypto.h b/include/linux/crypto.h
> index 84da997..bb00186 100644
> --- a/include/linux/crypto.h
> +++ b/include/linux/crypto.h
> @@ -24,6 +24,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  /*
>   * Autoloaded crypto modules should only use a prefixed name to avoid 
> allowing
> @@ -468,6 +469,45 @@ struct crypto_alg {
>  } CRYPTO_MINALIGN_ATTR;
>  
>  /*
> + * A helper struct for waiting for completion of async crypto ops
> + */
> +struct crypto_wait {
> + struct completion completion;
> + int err;
> +};
> +
> +/*
> + * Macro for declaring a crypto op async wait object on stack
> + */
> +#define DECLARE_CRYPTO_WAIT(_wait) \
> + struct crypto_wait _wait = { \
> + COMPLETION_INITIALIZER_ONSTACK((_wait).completion), 0 }
> +
> +/*
> + * Async ops completion helper functioons
> + */
> +void crypto_req_done(struct crypto_async_request *req, int err);
> +
> +static inline int crypto_wait_req(int err, struct crypto_wait *wait)
> +{
> + switch (err) {
> + case -EINPROGRESS:
> + case -EBUSY:
> + wait_for_completion(&wait->completion);
> + reinit_completion(&wait->completion);
> + err = wait->err;
> + break;
> + };
> +
> + return err;
> +}
> +
> +static inline void crypto_init_wait(struct crypto_wait *wait)
> +{
> + init_completion(&wait->completion);
> +}
> +
> +/*
>   * Algorithm registration interface.
>   */
>  int crypto_register_alg(struct crypto_alg *alg);
> @@ -1604,5 +1644,6 @@ static inline int crypto_comp_decompress(struct 
> crypto_comp *tfm,
>   src, slen, dst, dlen);
>  }
>  
> +

Trivial observation.  Shouldn't have this bonus blank line inserted here.

>  #endif   /* _LINUX_CRYPTO_H */
>  

Re: [PATCH v5 18/19] crypto: mediatek: move to generic async completion

[Ryder Lee]

On Mon, 2017-08-14 at 18:21 +0300, Gilad Ben-Yossef wrote:
> The mediatek driver starts several async crypto ops and waits for their
> completions. Move it over to generic code doing the same.
> 
> Signed-off-by: Gilad Ben-Yossef 
> ---

Acked-by: Ryder Lee 

>  drivers/crypto/mediatek/mtk-aes.c | 31 +--
>  1 file changed, 5 insertions(+), 26 deletions(-)
> 
> diff --git a/drivers/crypto/mediatek/mtk-aes.c 
> b/drivers/crypto/mediatek/mtk-aes.c
> index 9e845e8..e2c7c95 100644
> --- a/drivers/crypto/mediatek/mtk-aes.c
> +++ b/drivers/crypto/mediatek/mtk-aes.c
> @@ -137,11 +137,6 @@ struct mtk_aes_gcm_ctx {
>   struct crypto_skcipher *ctr;
>  };
>  
> -struct mtk_aes_gcm_setkey_result {
> - int err;
> - struct completion completion;
> -};
> -
>  struct mtk_aes_drv {
>   struct list_head dev_list;
>   /* Device list lock */
> @@ -936,17 +931,6 @@ static int mtk_aes_gcm_crypt(struct aead_request *req, 
> u64 mode)
>   &req->base);
>  }
>  
> -static void mtk_gcm_setkey_done(struct crypto_async_request *req, int err)
> -{
> - struct mtk_aes_gcm_setkey_result *result = req->data;
> -
> - if (err == -EINPROGRESS)
> - return;
> -
> - result->err = err;
> - complete(&result->completion);
> -}
> -
>  /*
>   * Because of the hardware limitation, we need to pre-calculate key(H)
>   * for the GHASH operation. The result of the encryption operation
> @@ -962,7 +946,7 @@ static int mtk_aes_gcm_setkey(struct crypto_aead *aead, 
> const u8 *key,
>   u32 hash[4];
>   u8 iv[8];
>  
> - struct mtk_aes_gcm_setkey_result result;
> + struct crypto_wait wait;
>  
>   struct scatterlist sg[1];
>   struct skcipher_request req;
> @@ -1002,22 +986,17 @@ static int mtk_aes_gcm_setkey(struct crypto_aead 
> *aead, const u8 *key,
>   if (!data)
>   return -ENOMEM;
>  
> - init_completion(&data->result.completion);
> + crypto_init_wait(&data->wait);
>   sg_init_one(data->sg, &data->hash, AES_BLOCK_SIZE);
>   skcipher_request_set_tfm(&data->req, ctr);
>   skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
> CRYPTO_TFM_REQ_MAY_BACKLOG,
> -   mtk_gcm_setkey_done, &data->result);
> +   crypto_req_done, &data->wait);
>   skcipher_request_set_crypt(&data->req, data->sg, data->sg,
>  AES_BLOCK_SIZE, data->iv);
>  
> - err = crypto_skcipher_encrypt(&data->req);
> - if (err == -EINPROGRESS || err == -EBUSY) {
> - err = wait_for_completion_interruptible(
> - &data->result.completion);
> - if (!err)
> - err = data->result.err;
> - }
> + err = crypto_wait_req(crypto_skcipher_encrypt(&data->req),
> +   &data->wait);
>   if (err)
>   goto out;
>  

[PATCH v3 00/22] staging: ccree: fixes and simplifications

[Gilad Ben-Yossef]

The series includes various bug fixes, code simplification and style
cleanups. 

Changer from v2:
- Drop M32R as supported architecture, which resolve the kbuild bot
  warnings on Joe Perches patch.
- Bug fix that properly saves last bytes of ciphertext for CTS in
  skcipher
- Even more coding style fixes

Changes from v1:

- Rebase on top of current staging-next.
- Added resource release on error simplification patch suggested by
  Dan C. as part of the review.

Based on top of staging-next commit 0116ced91d3a
("staging: fsl-mc: add explicit dependencies for compile-tested arches")

Gilad Ben-Yossef (18):
  staging: ccree: fix split strings
  staging: ccree: kmalloc by sizeof var not type
  staging: ccree: simplify resource release on error
  staging: ccree: remove unused completion
  staging: ccree: remove m32r as supported platform
  staging: ccree: rewrite GET_DMA_BUFFER_TYPE as func
  staging: ccree: fix line indentation and breaks
  staging: ccree: align box comment correctly
  staging: ccree: fix line indentation and breaks
  staging: ccree: fix struct init braces
  staging: ccree: fix line indentation and breaks
  staging: ccree: fix spelling mistakes
  staging: ccree: clean up comments
  staging: ccree: move over to BIT macro for bit defines
  staging: ccree: fix code indent
  staging: ccree: replace noop macro with inline
  staging: ccree: save ciphertext for CTS IV
  staging: ccree: remove BUG macro usage

Joe Perches (1):
  staging: ccree: Fix format/argument mismatches

Suniel Mahesh (3):
  staging: ccree: Replace kzalloc with devm_kzalloc
  staging: ccree: Convert to devm_ioremap_resource for map, unmap
  staging: ccree: Use platform_get_irq and devm_request_irq

 drivers/staging/ccree/Kconfig   |2 +-
 drivers/staging/ccree/ssi_aead.c| 1076 ---
 drivers/staging/ccree/ssi_aead.h|   47 +-
 drivers/staging/ccree/ssi_buffer_mgr.c  |  216 ---
 drivers/staging/ccree/ssi_buffer_mgr.h  |6 +-
 drivers/staging/ccree/ssi_cipher.c  |   88 ++-
 drivers/staging/ccree/ssi_cipher.h  |   10 +-
 drivers/staging/ccree/ssi_config.h  |7 +-
 drivers/staging/ccree/ssi_driver.c  |  306 +
 drivers/staging/ccree/ssi_driver.h  |   26 +-
 drivers/staging/ccree/ssi_hash.c|  598 +
 drivers/staging/ccree/ssi_hash.h|   12 +-
 drivers/staging/ccree/ssi_ivgen.c   |   19 +-
 drivers/staging/ccree/ssi_ivgen.h   |3 +-
 drivers/staging/ccree/ssi_pm.c  |3 +-
 drivers/staging/ccree/ssi_request_mgr.c |   75 ++-
 drivers/staging/ccree/ssi_request_mgr.h |2 +-
 drivers/staging/ccree/ssi_sysfs.c   |   13 +-
 18 files changed, 1364 insertions(+), 1145 deletions(-)

-- 
2.1.4

[PATCH v3 21/22] staging: ccree: save ciphertext for CTS IV

[Gilad Ben-Yossef]

The crypto API requires saving the last blocks of ciphertext
in req->info for use as IV for CTS mode. The ccree driver
was not doing it and so failing tcrypt tests in some
situations. This patch fixes the issue.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_cipher.c | 31 +--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index aa722e1..cc550b5 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "ssi_config.h"
 #include "ssi_driver.h"
@@ -696,6 +697,7 @@ static int ssi_blkcipher_complete(struct device *dev,
 {
int completion_error = 0;
u32 inflight_counter;
+   struct ablkcipher_request *req = (struct ablkcipher_request *)areq;
 
ssi_buffer_mgr_unmap_blkcipher_request(dev, req_ctx, ivsize, src, dst);
 
@@ -706,6 +708,22 @@ static int ssi_blkcipher_complete(struct device *dev,
ctx_p->drvdata->inflight_counter--;
 
if (areq) {
+   /*
+* The crypto API expects us to set the req->info to the last
+* ciphertext block. For encrypt, simply copy from the result.
+* For decrypt, we must copy from a saved buffer since this
+* could be an in-place decryption operation and the src is
+* lost by this point.
+*/
+   if (req_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT)  {
+   memcpy(req->info, req_ctx->backup_info, ivsize);
+   kfree(req_ctx->backup_info);
+   } else {
+   scatterwalk_map_and_copy(req->info, req->dst,
+(req->nbytes - ivsize),
+ivsize, 0);
+   }
+
ablkcipher_request_complete(areq, completion_error);
return 0;
}
@@ -859,7 +877,6 @@ static int ssi_ablkcipher_encrypt(struct ablkcipher_request 
*req)
struct blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm);
 
-   req_ctx->backup_info = req->info;
req_ctx->is_giv = false;
 
return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, 
req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_ENCRYPT);
@@ -872,8 +889,18 @@ static int ssi_ablkcipher_decrypt(struct 
ablkcipher_request *req)
struct blkcipher_req_ctx *req_ctx = ablkcipher_request_ctx(req);
unsigned int ivsize = crypto_ablkcipher_ivsize(ablk_tfm);
 
-   req_ctx->backup_info = req->info;
+   /*
+* Allocate and save the last IV sized bytes of the source, which will
+* be lost in case of in-place decryption and might be needed for CTS.
+*/
+   req_ctx->backup_info = kmalloc(ivsize, GFP_KERNEL);
+   if (!req_ctx->backup_info)
+   return -ENOMEM;
+
+   scatterwalk_map_and_copy(req_ctx->backup_info, req->src,
+(req->nbytes - ivsize), ivsize, 0);
req_ctx->is_giv = false;
+
return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, 
req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_DECRYPT);
 }
 
-- 
2.1.4

[PATCH v3 22/22] staging: ccree: remove BUG macro usage

[Gilad Ben-Yossef]

Replace BUG() macro usage that crash the kernel with alternatives
that signal error and/or try to recover.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c  | 14 ++
 drivers/staging/ccree/ssi_cipher.c  |  1 -
 drivers/staging/ccree/ssi_pm.c  |  3 ++-
 drivers/staging/ccree/ssi_request_mgr.c | 23 +--
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 051d948..6d5af50 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -86,11 +86,6 @@ static unsigned int ssi_buffer_mgr_get_sgl_nents(
unsigned int nents = 0;
 
while (nbytes != 0) {
-   if (sg_is_chain(sg_list)) {
-   SSI_LOG_ERR("Unexpected chained entry in sg (entry 
=0x%X)\n",
-   nents);
-   BUG();
-   }
if (sg_list->length != 0) {
nents++;
/* get the number of bytes in the last entry */
@@ -861,7 +856,8 @@ static inline int ssi_buffer_mgr_aead_chain_assoc(
 * unexpected
 */ if (!current_sg) {
SSI_LOG_ERR("reached end of sg list. 
unexpected\n");
-   BUG();
+   rc = -EINVAL;
+   goto chain_assoc_exit;
}
sg_index += current_sg->length;
mapped_nents++;
@@ -1163,7 +1159,8 @@ static inline int ssi_buffer_mgr_aead_chain_data(
//if have reached the end of the sgl, then this is unexpected
if (!areq_ctx->src_sgl) {
SSI_LOG_ERR("reached end of sg list. unexpected\n");
-   BUG();
+   return -EINVAL;
+   goto chain_data_exit;
}
sg_index += areq_ctx->src_sgl->length;
src_mapped_nents--;
@@ -1207,7 +1204,8 @@ static inline int ssi_buffer_mgr_aead_chain_data(
//if have reached the end of the sgl, then this is unexpected
if (!areq_ctx->dst_sgl) {
SSI_LOG_ERR("reached end of sg list. unexpected\n");
-   BUG();
+   rc = -EINVAL;
+   goto chain_data_exit;
}
sg_index += areq_ctx->dst_sgl->length;
dst_mapped_nents--;
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index cc550b5..73ba4eb 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -543,7 +543,6 @@ ssi_blkcipher_create_setup_desc(
break;
default:
SSI_LOG_ERR("Unsupported cipher mode (%d)\n", cipher_mode);
-   BUG();
}
 }
 
diff --git a/drivers/staging/ccree/ssi_pm.c b/drivers/staging/ccree/ssi_pm.c
index 31325e6..a50671a 100644
--- a/drivers/staging/ccree/ssi_pm.c
+++ b/drivers/staging/ccree/ssi_pm.c
@@ -109,7 +109,8 @@ int ssi_power_mgr_runtime_put_suspend(struct device *dev)
rc = pm_runtime_put_autosuspend(dev);
} else {
/* Something wrong happens*/
-   BUG();
+   SSI_LOG_ERR("request to suspend already suspended queue");
+   rc = -EBUSY;
}
return rc;
 }
diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index b671eff..8bf72e7 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -366,11 +366,16 @@ int send_request(
enqueue_seq(cc_base, &req_mgr_h->compl_desc, (is_dout ? 0 : 1));
 
if (unlikely(req_mgr_h->q_free_slots < total_seq_len)) {
-   /*This means that there was a problem with the resume*/
-   BUG();
+   /* This situation should never occur. Maybe indicating problem
+* with resuming power. Set the free slot count to 0 and hope
+* for the best.
+*/
+   SSI_LOG_ERR("HW free slot count mismatch.");
+   req_mgr_h->q_free_slots = 0;
+   } else {
+   /* Update the free slots in HW queue */
+   req_mgr_h->q_free_slots -= total_seq_len;
}
-   /* Update the free slots in HW queue */
-   req_mgr_h->q_free_slots -= total_seq_len;
 
spin_unlock_bh(&req_mgr_h->hw_lock);
 
@@ -459,8 +464,13 @@ static void proc_completions(struct ssi_drvdata *drvdata)
 
/* Dequeue request */
if (unlikely(request_mgr_handle->req_queue_head == 
request_mgr_handle->req_queue_tail)) {
-   SSI_LOG_ERR("Request queue is empty 
req_queue_head==r

[PATCH v3 19/22] staging: ccree: fix code indent

[Gilad Ben-Yossef]

Fix multiple code indentation issues.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 23 ---
 drivers/staging/ccree/ssi_cipher.c |  2 +-
 drivers/staging/ccree/ssi_sysfs.c  |  4 +++-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 202387b..051d948 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -420,8 +420,8 @@ ssi_aead_handle_config_buf(struct device *dev,
sg_init_one(&areq_ctx->ccm_adata_sg, config_data, AES_BLOCK_SIZE + 
areq_ctx->ccm_hdr_size);
if (unlikely(dma_map_sg(dev, &areq_ctx->ccm_adata_sg, 1,
DMA_TO_DEVICE) != 1)) {
-   SSI_LOG_ERR("dma_map_sg() config buffer failed\n");
-   return -ENOMEM;
+   SSI_LOG_ERR("dma_map_sg() config buffer failed\n");
+   return -ENOMEM;
}
SSI_LOG_DEBUG("Mapped curr_buff: dma_address=%pad page=%p addr=%pK "
 "offset=%u length=%u\n",
@@ -451,8 +451,8 @@ static inline int ssi_ahash_handle_curr_buf(struct device 
*dev,
sg_init_one(areq_ctx->buff_sg, curr_buff, curr_buff_cnt);
if (unlikely(dma_map_sg(dev, areq_ctx->buff_sg, 1,
DMA_TO_DEVICE) != 1)) {
-   SSI_LOG_ERR("dma_map_sg() src buffer failed\n");
-   return -ENOMEM;
+   SSI_LOG_ERR("dma_map_sg() src buffer failed\n");
+   return -ENOMEM;
}
SSI_LOG_DEBUG("Mapped curr_buff: dma_address=%pad page=%p addr=%pK "
 "offset=%u length=%u\n",
@@ -1050,15 +1050,16 @@ static inline int ssi_buffer_mgr_prepare_aead_data_mlli(
 * verification is made by CPU compare in order to
 * simplify MAC verification upon request completion
 */
- u32 size_to_skip = req->assoclen;
+   u32 size_to_skip = req->assoclen;
 
- if (areq_ctx->is_gcm4543)
- size_to_skip += crypto_aead_ivsize(tfm);
+   if (areq_ctx->is_gcm4543)
+   size_to_skip += crypto_aead_ivsize(tfm);
 
- ssi_buffer_mgr_copy_scatterlist_portion(
- areq_ctx->backup_mac, req->src,
- size_to_skip + req->cryptlen - 
areq_ctx->req_authsize,
- size_to_skip + req->cryptlen, SSI_SG_TO_BUF);
+   
ssi_buffer_mgr_copy_scatterlist_portion(areq_ctx->backup_mac,
+   req->src,
+   size_to_skip + 
req->cryptlen - areq_ctx->req_authsize,
+   size_to_skip + 
req->cryptlen,
+   SSI_SG_TO_BUF);
areq_ctx->icv_virt_addr = areq_ctx->backup_mac;
} else { /* Contig. ICV */
/*Should hanlde if the sg is not contig.*/
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 14930ce..aa722e1 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -139,7 +139,7 @@ static int validate_data_size(struct ssi_ablkcipher_ctx 
*ctx_p, unsigned int siz
break;
case S_DIN_to_DES:
if (likely(IS_ALIGNED(size, DES_BLOCK_SIZE)))
-   return 0;
+   return 0;
break;
 #if SSI_CC_HAS_MULTI2
case S_DIN_to_MULTI2:
diff --git a/drivers/staging/ccree/ssi_sysfs.c 
b/drivers/staging/ccree/ssi_sysfs.c
index a0ab3c6..40cd3be2 100644
--- a/drivers/staging/ccree/ssi_sysfs.c
+++ b/drivers/staging/ccree/ssi_sysfs.c
@@ -316,7 +316,9 @@ static ssize_t ssi_sys_help_show(struct kobject *kobj,
 
offset += scnprintf(buf + offset, PAGE_SIZE - offset, "Usage:\n");
for (i = 0; i < ARRAY_SIZE(help_str); i += 2)
-  offset += scnprintf(buf + offset, PAGE_SIZE - offset, "%s\t\t%s\n", 
help_str[i], help_str[i + 1]);
+   offset += scnprintf(buf + offset, PAGE_SIZE - offset,
+   "%s\t\t%s\n", help_str[i],
+   help_str[i + 1]);
 
return offset;
 }
-- 
2.1.4

[PATCH v3 20/22] staging: ccree: replace noop macro with inline

[Gilad Ben-Yossef]

Replace noop macro with a noop inline function

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index 0b9c7e6..063a1cc 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -190,8 +190,8 @@ struct async_gen_req_ctx {
 #ifdef DX_DUMP_BYTES
 void dump_byte_array(const char *name, const u8 *the_array, unsigned long 
size);
 #else
-#define dump_byte_array(name, array, size) do {\
-} while (0);
+static inline void dump_byte_array(const char *name, const u8 *the_array,
+  unsigned long size) {};
 #endif
 
 int init_cc_regs(struct ssi_drvdata *drvdata, bool is_probe);
-- 
2.1.4

[PATCH v3 18/22] staging: ccree: move over to BIT macro for bit defines

[Gilad Ben-Yossef]

Use BIT macro for bit definitions where needed.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_cipher.h | 10 +-
 drivers/staging/ccree/ssi_driver.c |  3 ++-
 drivers/staging/ccree/ssi_driver.h |  6 +++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.h 
b/drivers/staging/ccree/ssi_cipher.h
index 296b375..c9a83df 100644
--- a/drivers/staging/ccree/ssi_cipher.h
+++ b/drivers/staging/ccree/ssi_cipher.h
@@ -27,11 +27,11 @@
 #include "ssi_buffer_mgr.h"
 
 /* Crypto cipher flags */
-#define CC_CRYPTO_CIPHER_KEY_KFDE0(1 << 0)
-#define CC_CRYPTO_CIPHER_KEY_KFDE1(1 << 1)
-#define CC_CRYPTO_CIPHER_KEY_KFDE2(1 << 2)
-#define CC_CRYPTO_CIPHER_KEY_KFDE3(1 << 3)
-#define CC_CRYPTO_CIPHER_DU_SIZE_512B (1 << 4)
+#define CC_CRYPTO_CIPHER_KEY_KFDE0 BIT(0)
+#define CC_CRYPTO_CIPHER_KEY_KFDE1 BIT(1)
+#define CC_CRYPTO_CIPHER_KEY_KFDE2 BIT(2)
+#define CC_CRYPTO_CIPHER_KEY_KFDE3 BIT(3)
+#define CC_CRYPTO_CIPHER_DU_SIZE_512B  BIT(4)
 
 #define CC_CRYPTO_CIPHER_KEY_KFDE_MASK (CC_CRYPTO_CIPHER_KEY_KFDE0 | 
CC_CRYPTO_CIPHER_KEY_KFDE1 | CC_CRYPTO_CIPHER_KEY_KFDE2 | 
CC_CRYPTO_CIPHER_KEY_KFDE3)
 
diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 91c0b71..6ec5287 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -202,7 +202,8 @@ int init_cc_regs(struct ssi_drvdata *drvdata, bool is_probe)
CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_ICR), val);
 
/* Unmask relevant interrupt cause */
-   val = (~(SSI_COMP_IRQ_MASK | SSI_AXI_ERR_IRQ_MASK | SSI_GPR0_IRQ_MASK));
+   val = (unsigned int)(~(SSI_COMP_IRQ_MASK | SSI_AXI_ERR_IRQ_MASK |
+  SSI_GPR0_IRQ_MASK));
CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IMR), val);
 
 #ifdef DX_HOST_IRQ_TIMER_INIT_VAL_REG_OFFSET
diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index e37a55a..0b9c7e6 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -68,12 +68,12 @@
 #define SSI_AXI_IRQ_MASK ((1 << DX_AXIM_CFG_BRESPMASK_BIT_SHIFT) | (1 << 
DX_AXIM_CFG_RRESPMASK_BIT_SHIFT) |\
(1 << DX_AXIM_CFG_INFLTMASK_BIT_SHIFT) | (1 << 
DX_AXIM_CFG_COMPMASK_BIT_SHIFT))
 
-#define SSI_AXI_ERR_IRQ_MASK (1 << DX_HOST_IRR_AXI_ERR_INT_BIT_SHIFT)
+#define SSI_AXI_ERR_IRQ_MASK BIT(DX_HOST_IRR_AXI_ERR_INT_BIT_SHIFT)
 
-#define SSI_COMP_IRQ_MASK (1 << DX_HOST_IRR_AXIM_COMP_INT_BIT_SHIFT)
+#define SSI_COMP_IRQ_MASK BIT(DX_HOST_IRR_AXIM_COMP_INT_BIT_SHIFT)
 
 /* TEE FIPS status interrupt */
-#define SSI_GPR0_IRQ_MASK (1 << DX_HOST_IRR_GPR0_BIT_SHIFT)
+#define SSI_GPR0_IRQ_MASK BIT(DX_HOST_IRR_GPR0_BIT_SHIFT)
 
 #define SSI_CRA_PRIO 3000
 
-- 
2.1.4

[PATCH v3 17/22] staging: ccree: clean up comments

[Gilad Ben-Yossef]

Clean up comments: fix style, trim long lines and remove useless ones.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c| 40 +
 drivers/staging/ccree/ssi_aead.h| 47 ++---
 drivers/staging/ccree/ssi_buffer_mgr.c  | 52 +
 drivers/staging/ccree/ssi_cipher.c  | 10 +--
 drivers/staging/ccree/ssi_config.h  |  7 +++--
 drivers/staging/ccree/ssi_driver.c  |  8 +++--
 drivers/staging/ccree/ssi_driver.h  |  9 --
 drivers/staging/ccree/ssi_hash.c| 16 +++---
 drivers/staging/ccree/ssi_hash.h| 10 +--
 drivers/staging/ccree/ssi_ivgen.c   |  7 +++--
 drivers/staging/ccree/ssi_ivgen.h   |  3 +-
 drivers/staging/ccree/ssi_request_mgr.c | 29 --
 drivers/staging/ccree/ssi_sysfs.c   |  9 +++---
 13 files changed, 167 insertions(+), 80 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index 515a603..88305f0 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -267,7 +267,10 @@ static void ssi_aead_complete(struct device *dev, void 
*ssi_req,
ctx->authsize,

SSI_SG_FROM_BUF);
 
-   /* If an IV was generated, copy it back to the user provided 
buffer. */
+   /*
+* If an IV was generated, copy it back to the user provided
+* buffer.
+*/
if (areq_ctx->backup_giv) {
if (ctx->cipher_mode == DRV_CIPHER_CTR)
memcpy(areq_ctx->backup_giv,
@@ -288,8 +291,9 @@ static int xcbc_setkey(struct cc_hw_desc *desc, struct 
ssi_aead_ctx *ctx)
 {
/* Load the AES key */
hw_desc_init(&desc[0]);
-   /* We are using for the source/user key the same buffer as for the 
output keys,
-* because after this key loading it is not needed anymore
+   /* We are using for the source/user key the same buffer as for the
+* output keys, because after this key loading it is not needed
+* anymore.
 */
set_din_type(&desc[0], DMA_DLLI,
 ctx->auth_state.xcbc.xcbc_keys_dma_addr, ctx->auth_keylen,
@@ -1570,7 +1574,9 @@ static int config_ccm_adata(struct aead_request *req)
struct aead_req_ctx *req_ctx = aead_request_ctx(req);
//unsigned int size_of_a = 0, rem_a_size = 0;
unsigned int lp = req->iv[0];
-   /* Note: The code assume that req->iv[0] already contains the value of 
L' of RFC3610 */
+   /* Note: The code assumes that req->iv[0] already contains the value
+* of L' of RFC3610
+*/
unsigned int l = lp + 1;  /* This is L' of RFC 3610. */
unsigned int m = ctx->authsize;  /* This is M' of RFC 3610. */
u8 *b0 = req_ctx->ccm_config + CCM_B0_OFFSET;
@@ -1624,9 +1630,14 @@ static void ssi_rfc4309_ccm_process(struct aead_request 
*req)
 
/* L' */
memset(areq_ctx->ctr_iv, 0, AES_BLOCK_SIZE);
-   areq_ctx->ctr_iv[0] = 3;  /* For RFC 4309, always use 4 bytes for 
message length (at most 2^32-1 bytes). */
+   /* For RFC 4309, always use 4 bytes for message length
+* (at most 2^32-1 bytes).
+*/
+   areq_ctx->ctr_iv[0] = 3;
 
-   /* In RFC 4309 there is an 11-bytes nonce+IV part, that we build here. 
*/
+   /* In RFC 4309 there is an 11-bytes nonce+IV part, that we build
+* here.
+*/
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
   CCM_BLOCK_NONCE_SIZE);
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
@@ -1701,7 +1712,9 @@ static inline void ssi_aead_gcm_setup_ghash_desc(struct 
aead_request *req,
set_setup_mode(&desc[idx], SETUP_LOAD_KEY0);
idx++;
 
-   /* Load GHASH initial STATE (which is 0). (for any hash there is an 
initial state) */
+   /* Load GHASH initial STATE (which is 0). (for any hash there is an
+* initial state).
+*/
hw_desc_init(&desc[idx]);
set_din_const(&desc[idx], 0x0, AES_BLOCK_SIZE);
set_dout_no_dma(&desc[idx], 0, 0, 1);
@@ -1938,7 +1951,10 @@ static int config_gcm_context(struct aead_request *req)
memcpy(&req_ctx->gcm_len_block.len_a, &temp64, sizeof(temp64));
temp64 = cpu_to_be64(cryptlen * 8);
memcpy(&req_ctx->gcm_len_block.len_c, &temp64, 8);
-   } else { //rfc4543=>  all data(AAD,IV,Plain) are considered additional 
data that is nothing is encrypted.
+   } else {
+   /* rfc4543=> all data(AAD,IV,Plain) are considered additional
+* data that is nothing is encrypted.
+*/
__be64 temp64;
 
temp64 =
@@ -2078,10 +2094,10 @@ static int ssi_aead_process(struct a

[PATCH v3 16/22] staging: ccree: fix spelling mistakes

[Gilad Ben-Yossef]

Fix various spelling mistakes in comments.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_cipher.c  | 2 +-
 drivers/staging/ccree/ssi_hash.c| 2 +-
 drivers/staging/ccree/ssi_hash.h| 2 +-
 drivers/staging/ccree/ssi_ivgen.c   | 2 +-
 drivers/staging/ccree/ssi_request_mgr.c | 2 +-
 drivers/staging/ccree/ssi_request_mgr.h | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 8d65e97..e417bfd 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -697,7 +697,7 @@ static int ssi_blkcipher_complete(struct device *dev,
 
ssi_buffer_mgr_unmap_blkcipher_request(dev, req_ctx, ivsize, src, dst);
 
-   /*Set the inflight couter value to local variable*/
+   /*Set the inflight counter value to local variable*/
inflight_counter =  ctx_p->drvdata->inflight_counter;
/*Decrease the inflight counter*/
if (ctx_p->flow_mode == BYPASS && ctx_p->drvdata->inflight_counter > 0)
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 6baa449..cfd5f5c 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -2575,7 +2575,7 @@ static void ssi_hash_create_data_desc(struct 
ahash_req_ctx *areq_ctx,
  * \param drvdata
  * \param mode The Hash mode. Supported modes: MD5/SHA1/SHA224/SHA256
  *
- * \return u32 The address of the inital digest in SRAM
+ * \return u32 The address of the initial digest in SRAM
  */
 ssi_sram_addr_t ssi_ahash_get_larval_digest_sram_addr(void *drvdata, u32 mode)
 {
diff --git a/drivers/staging/ccree/ssi_hash.h b/drivers/staging/ccree/ssi_hash.h
index 2400e38..c884727 100644
--- a/drivers/staging/ccree/ssi_hash.h
+++ b/drivers/staging/ccree/ssi_hash.h
@@ -95,7 +95,7 @@ ssi_ahash_get_initial_digest_len_sram_addr(void *drvdata, u32 
mode);
  * \param drvdata
  * \param mode The Hash mode. Supported modes: 
MD5/SHA1/SHA224/SHA256/SHA384/SHA512
  *
- * \return u32 The address of the inital digest in SRAM
+ * \return u32 The address of the initial digest in SRAM
  */
 ssi_sram_addr_t ssi_ahash_get_larval_digest_sram_addr(void *drvdata, u32 mode);
 
diff --git a/drivers/staging/ccree/ssi_ivgen.c 
b/drivers/staging/ccree/ssi_ivgen.c
index 93a2a94..ba70237 100644
--- a/drivers/staging/ccree/ssi_ivgen.c
+++ b/drivers/staging/ccree/ssi_ivgen.c
@@ -200,7 +200,7 @@ int ssi_ivgen_init(struct ssi_drvdata *drvdata)
}
ivgen_ctx = drvdata->ivgen_handle;
 
-   /* Allocate pool's header for intial enc. key/IV */
+   /* Allocate pool's header for initial enc. key/IV */
ivgen_ctx->pool_meta = dma_alloc_coherent(device, SSI_IVPOOL_META_SIZE,
  &ivgen_ctx->pool_meta_dma,
  GFP_KERNEL);
diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index 27324bb..9ca2536 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -205,7 +205,7 @@ static inline int request_mgr_queues_status_check(
unsigned long poll_queue;
 
/* SW queue is checked only once as it will not
-* be chaned during the poll becasue the spinlock_bh
+* be chaned during the poll because the spinlock_bh
 * is held by the thread
 */
if (unlikely(((req_mgr_h->req_queue_head + 1) &
diff --git a/drivers/staging/ccree/ssi_request_mgr.h 
b/drivers/staging/ccree/ssi_request_mgr.h
index bdbbf89..b248fb6 100644
--- a/drivers/staging/ccree/ssi_request_mgr.h
+++ b/drivers/staging/ccree/ssi_request_mgr.h
@@ -36,7 +36,7 @@ int request_mgr_init(struct ssi_drvdata *drvdata);
  *   If "false": this function adds a dummy descriptor completion
  *   and waits upon completion signal.
  *
- * \return int Returns -EINPROGRESS if "is_dout=ture"; "0" if "is_dout=false"
+ * \return int Returns -EINPROGRESS if "is_dout=true"; "0" if "is_dout=false"
  */
 int send_request(
struct ssi_drvdata *drvdata, struct ssi_crypto_req *ssi_req,
-- 
2.1.4

[PATCH v3 15/22] staging: ccree: fix line indentation and breaks

[Gilad Ben-Yossef]

Fix source line indentation and breaks in ssi_aead.c

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c | 1024 --
 1 file changed, 532 insertions(+), 492 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index 03533c8..515a603 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -101,7 +101,8 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
dev = &ctx->drvdata->plat_dev->dev;
/* Unmap enckey buffer */
if (ctx->enckey) {
-   dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey, 
ctx->enckey_dma_addr);
+   dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey,
+ ctx->enckey_dma_addr);
SSI_LOG_DEBUG("Freed enckey DMA buffer enckey_dma_addr=%pad\n",
  &ctx->enckey_dma_addr);
ctx->enckey_dma_addr = 0;
@@ -116,8 +117,9 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
  xcbc->xcbc_keys,
  xcbc->xcbc_keys_dma_addr);
}
-   SSI_LOG_DEBUG("Freed xcbc_keys DMA buffer 
xcbc_keys_dma_addr=%pad\n",
- &xcbc->xcbc_keys_dma_addr);
+   SSI_LOG_DEBUG
+   ("Freed xcbc_keys DMA buffer xcbc_keys_dma_addr=%pad\n",
+&xcbc->xcbc_keys_dma_addr);
xcbc->xcbc_keys_dma_addr = 0;
xcbc->xcbc_keys = NULL;
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC auth. */
@@ -127,8 +129,9 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
dma_free_coherent(dev, 2 * MAX_HMAC_DIGEST_SIZE,
  hmac->ipad_opad,
  hmac->ipad_opad_dma_addr);
-   SSI_LOG_DEBUG("Freed ipad_opad DMA buffer 
ipad_opad_dma_addr=%pad\n",
- &hmac->ipad_opad_dma_addr);
+   SSI_LOG_DEBUG
+   ("Freed ipad_opad DMA buffer 
ipad_opad_dma_addr=%pad\n",
+&hmac->ipad_opad_dma_addr);
hmac->ipad_opad_dma_addr = 0;
hmac->ipad_opad = NULL;
}
@@ -136,8 +139,9 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
dma_free_coherent(dev, MAX_HMAC_BLOCK_SIZE,
  hmac->padded_authkey,
  hmac->padded_authkey_dma_addr);
-   SSI_LOG_DEBUG("Freed padded_authkey DMA buffer 
padded_authkey_dma_addr=%pad\n",
- &hmac->padded_authkey_dma_addr);
+   SSI_LOG_DEBUG
+   ("Freed padded_authkey DMA buffer 
padded_authkey_dma_addr=%pad\n",
+&hmac->padded_authkey_dma_addr);
hmac->padded_authkey_dma_addr = 0;
hmac->padded_authkey = NULL;
}
@@ -150,8 +154,9 @@ static int ssi_aead_init(struct crypto_aead *tfm)
struct aead_alg *alg = crypto_aead_alg(tfm);
struct ssi_aead_ctx *ctx = crypto_aead_ctx(tfm);
struct ssi_crypto_alg *ssi_alg =
-   container_of(alg, struct ssi_crypto_alg, aead_alg);
-   SSI_LOG_DEBUG("Initializing context @%p for %s\n", ctx, 
crypto_tfm_alg_name(&tfm->base));
+   container_of(alg, struct ssi_crypto_alg, aead_alg);
+   SSI_LOG_DEBUG("Initializing context @%p for %s\n", ctx,
+ crypto_tfm_alg_name(&tfm->base));
 
/* Initialize modes in instance */
ctx->cipher_mode = ssi_alg->cipher_mode;
@@ -168,7 +173,8 @@ static int ssi_aead_init(struct crypto_aead *tfm)
SSI_LOG_ERR("Failed allocating key buffer\n");
goto init_failed;
}
-   SSI_LOG_DEBUG("Allocated enckey buffer in context ctx->enckey=@%p\n", 
ctx->enckey);
+   SSI_LOG_DEBUG("Allocated enckey buffer in context ctx->enckey=@%p\n",
+ ctx->enckey);
 
/* Set default authlen value */
 
@@ -200,13 +206,13 @@ static int ssi_aead_init(struct crypto_aead *tfm)
goto init_failed;
}
 
-   SSI_LOG_DEBUG("Allocated authkey buffer in context 
ctx->authkey=@%p\n",
- hmac->ipad_opad);
+   SSI_LOG_DEBUG
+   ("Allocated authkey buffer in context ctx->authkey=@%p\n",
+hmac->ipad_opad);
 
hmac->padded_authkey = dma_alloc_coherent(dev,
  MAX_HMAC_BLOCK_SIZE,
- pkey_dma,
- GFP_KERNEL);
+   

[PATCH v3 14/22] staging: ccree: fix struct init braces

[Gilad Ben-Yossef]

Put struct init braces on line of it's own.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 32 
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index e2dc5d8..6baa449 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -41,26 +41,42 @@ struct ssi_hash_handle {
 };
 
 static const u32 digest_len_init[] = {
-   0x0040, 0x, 0x, 0x };
+   0x0040, 0x, 0x, 0x
+};
+
 static const u32 md5_init[] = {
-   SHA1_H3, SHA1_H2, SHA1_H1, SHA1_H0 };
+   SHA1_H3, SHA1_H2, SHA1_H1, SHA1_H0
+};
+
 static const u32 sha1_init[] = {
-   SHA1_H4, SHA1_H3, SHA1_H2, SHA1_H1, SHA1_H0 };
+   SHA1_H4, SHA1_H3, SHA1_H2, SHA1_H1, SHA1_H0
+};
+
 static const u32 sha224_init[] = {
SHA224_H7, SHA224_H6, SHA224_H5, SHA224_H4,
-   SHA224_H3, SHA224_H2, SHA224_H1, SHA224_H0 };
+   SHA224_H3, SHA224_H2, SHA224_H1, SHA224_H0
+};
+
 static const u32 sha256_init[] = {
SHA256_H7, SHA256_H6, SHA256_H5, SHA256_H4,
-   SHA256_H3, SHA256_H2, SHA256_H1, SHA256_H0 };
+   SHA256_H3, SHA256_H2, SHA256_H1, SHA256_H0
+};
+
 #if (DX_DEV_SHA_MAX > 256)
 static const u32 digest_len_sha512_init[] = {
-   0x0080, 0x, 0x, 0x };
+   0x0080, 0x, 0x, 0x
+};
+
 static const u64 sha384_init[] = {
SHA384_H7, SHA384_H6, SHA384_H5, SHA384_H4,
-   SHA384_H3, SHA384_H2, SHA384_H1, SHA384_H0 };
+   SHA384_H3, SHA384_H2, SHA384_H1, SHA384_H0
+};
+
 static const u64 sha512_init[] = {
SHA512_H7, SHA512_H6, SHA512_H5, SHA512_H4,
-   SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0 };
+   SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0
+};
+
 #endif
 
 static void ssi_hash_create_xcbc_setup(struct ahash_request *areq,
-- 
2.1.4

[PATCH v3 13/22] staging: ccree: fix line indentation and breaks

[Gilad Ben-Yossef]

Fix source line indentation and breaks

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 494 ++-
 1 file changed, 284 insertions(+), 210 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index b95c3ce..e2dc5d8 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -33,7 +33,6 @@
 
 #define SSI_MAX_AHASH_SEQ_LEN 12
 #define SSI_MAX_HASH_OPAD_TMP_KEYS_SIZE MAX(SSI_MAX_HASH_BLCK_SIZE, 3 * 
AES_BLOCK_SIZE)
-
 struct ssi_hash_handle {
ssi_sram_addr_t digest_len_sram_addr; /* const value in SRAM*/
ssi_sram_addr_t larval_digest_sram_addr;   /* const value in SRAM */
@@ -64,10 +63,9 @@ static const u64 sha512_init[] = {
SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0 };
 #endif
 
-static void ssi_hash_create_xcbc_setup(
-   struct ahash_request *areq,
-   struct cc_hw_desc desc[],
-   unsigned int *seq_size);
+static void ssi_hash_create_xcbc_setup(struct ahash_request *areq,
+  struct cc_hw_desc desc[],
+  unsigned int *seq_size);
 
 static void ssi_hash_create_cmac_setup(struct ahash_request *areq,
   struct cc_hw_desc desc[],
@@ -94,7 +92,8 @@ struct ssi_hash_ctx {
 * the initial digest if HASH.
 */
u8 digest_buff[SSI_MAX_HASH_DIGEST_SIZE]  cacheline_aligned;
-   u8 opad_tmp_keys_buff[SSI_MAX_HASH_OPAD_TMP_KEYS_SIZE]  
cacheline_aligned;
+   u8 opad_tmp_keys_buff[SSI_MAX_HASH_OPAD_TMP_KEYS_SIZE]
+   cacheline_aligned;
 
dma_addr_t opad_tmp_keys_dma_addr  cacheline_aligned;
dma_addr_t digest_buff_dma_addr;
@@ -107,18 +106,17 @@ struct ssi_hash_ctx {
bool is_hmac;
 };
 
-static void ssi_hash_create_data_desc(
-   struct ahash_req_ctx *areq_ctx,
-   struct ssi_hash_ctx *ctx,
-   unsigned int flow_mode, struct cc_hw_desc desc[],
-   bool is_not_last_data,
-   unsigned int *seq_size);
+static void ssi_hash_create_data_desc(struct ahash_req_ctx *areq_ctx,
+ struct ssi_hash_ctx *ctx,
+ unsigned int flow_mode,
+ struct cc_hw_desc desc[],
+ bool is_not_last_data,
+ unsigned int *seq_size);
 
 static inline void ssi_set_hash_endianity(u32 mode, struct cc_hw_desc *desc)
 {
if (unlikely((mode == DRV_HASH_MD5) ||
-(mode == DRV_HASH_SHA384) ||
-(mode == DRV_HASH_SHA512))) {
+(mode == DRV_HASH_SHA384) || (mode == DRV_HASH_SHA512))) {
set_bytes_swap(desc, 1);
} else {
set_cipher_config0(desc, HASH_DIGEST_RESULT_LITTLE_ENDIAN);
@@ -130,17 +128,18 @@ static int ssi_hash_map_result(struct device *dev,
   unsigned int digestsize)
 {
state->digest_result_dma_addr =
-   dma_map_single(dev, (void *)state->digest_result_buff,
-  digestsize,
-  DMA_BIDIRECTIONAL);
+   dma_map_single(dev, (void *)state->digest_result_buff,
+  digestsize, DMA_BIDIRECTIONAL);
if (unlikely(dma_mapping_error(dev, state->digest_result_dma_addr))) {
-   SSI_LOG_ERR("Mapping digest result buffer %u B for DMA 
failed\n",
-   digestsize);
+   SSI_LOG_ERR
+   ("Mapping digest result buffer %u B for DMA failed\n",
+digestsize);
return -ENOMEM;
}
-   SSI_LOG_DEBUG("Mapped digest result buffer %u B at va=%pK to 
dma=%pad\n",
- digestsize, state->digest_result_buff,
- &state->digest_result_dma_addr);
+   SSI_LOG_DEBUG
+   ("Mapped digest result buffer %u B at va=%pK to dma=%pad\n",
+digestsize, state->digest_result_buff,
+&state->digest_result_dma_addr);
 
return 0;
 }
@@ -150,8 +149,8 @@ static int ssi_hash_map_request(struct device *dev,
struct ssi_hash_ctx *ctx)
 {
bool is_hmac = ctx->is_hmac;
-   ssi_sram_addr_t larval_digest_addr = 
ssi_ahash_get_larval_digest_sram_addr(
-   ctx->drvdata, ctx->hash_mode);
+   ssi_sram_addr_t larval_digest_addr =
+   ssi_ahash_get_larval_digest_sram_addr(ctx->drvdata, ctx->hash_mode);
struct ssi_crypto_req ssi_req = {};
struct cc_hw_desc desc;
int rc = -ENOMEM;
@@ -166,40 +165,56 @@ static int ssi_hash_map_request(struct device *dev,
SSI_LOG_ERR("Allocating buff1 in context failed\n");
goto fail_buff0;
}
-   state->digest_result_buff = kzalloc(SSI_MAX_HASH_DIGEST_SIZE, 
GFP_KERNEL | GFP_

[PATCH v3 11/22] staging: ccree: fix line indentation and breaks

[Gilad Ben-Yossef]

Fix wrong indentation and line breaks, including missing tabs,
breaking lines longer then 80 char or wrongly broken.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c | 107 +++--
 1 file changed, 67 insertions(+), 40 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 81cb63d..0ce2f57 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -87,27 +87,31 @@ void dump_byte_array(const char *name, const u8 *the_array, 
unsigned long size)
 
ret = snprintf(line_buf, sizeof(line_buf), "%s[%lu]: ", name, size);
if (ret < 0) {
-   SSI_LOG_ERR("snprintf returned %d . aborting buffer array 
dump\n", ret);
+   SSI_LOG_ERR
+   ("snprintf returned %d . aborting buffer array dump\n",
+ret);
return;
}
line_offset = ret;
for (i = 0, cur_byte = the_array;
 (i < size) && (line_offset < sizeof(line_buf)); i++, cur_byte++) {
-   ret = snprintf(line_buf + line_offset,
-  sizeof(line_buf) - line_offset,
-  "0x%02X ", *cur_byte);
+   ret = snprintf(line_buf + line_offset,
+  sizeof(line_buf) - line_offset,
+  "0x%02X ", *cur_byte);
if (ret < 0) {
-   SSI_LOG_ERR("snprintf returned %d . aborting buffer 
array dump\n", ret);
+   SSI_LOG_ERR
+   ("snprintf returned %d . aborting buffer array 
dump\n",
+ret);
return;
}
line_offset += ret;
-   if (line_offset > 75) { /* Cut before line end */
+   if (line_offset > 75) { /* Cut before line end */
SSI_LOG_DEBUG("%s\n", line_buf);
line_offset = 0;
}
}
 
-   if (line_offset > 0) /* Dump remaining line */
+   if (line_offset > 0)/* Dump remaining line */
SSI_LOG_DEBUG("%s\n", line_buf);
 }
 #endif
@@ -124,7 +128,7 @@ static irqreturn_t cc_isr(int irq, void *dev_id)
/* read the interrupt status */
irr = CC_HAL_READ_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IRR));
SSI_LOG_DEBUG("Got IRR=0x%08X\n", irr);
-   if (unlikely(irr == 0)) { /* Probably shared interrupt line */
+   if (unlikely(irr == 0)) {   /* Probably shared interrupt line */
SSI_LOG_ERR("Got interrupt with empty IRR\n");
return IRQ_NONE;
}
@@ -137,7 +141,8 @@ static irqreturn_t cc_isr(int irq, void *dev_id)
/* Completion interrupt - most probable */
if (likely((irr & SSI_COMP_IRQ_MASK) != 0)) {
/* Mask AXI completion interrupt - will be unmasked in Deferred 
service handler */
-   CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IMR), imr | 
SSI_COMP_IRQ_MASK);
+   CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IMR),
+ imr | SSI_COMP_IRQ_MASK);
irr &= ~SSI_COMP_IRQ_MASK;
complete_request(drvdata);
}
@@ -145,7 +150,8 @@ static irqreturn_t cc_isr(int irq, void *dev_id)
/* TEE FIPS interrupt */
if (likely((irr & SSI_GPR0_IRQ_MASK) != 0)) {
/* Mask interrupt - will be unmasked in Deferred service 
handler */
-   CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IMR), imr | 
SSI_GPR0_IRQ_MASK);
+   CC_HAL_WRITE_REGISTER(CC_REG_OFFSET(HOST_RGF, HOST_IMR),
+ imr | SSI_GPR0_IRQ_MASK);
irr &= ~SSI_GPR0_IRQ_MASK;
fips_handler(drvdata);
}
@@ -155,14 +161,18 @@ static irqreturn_t cc_isr(int irq, void *dev_id)
u32 axi_err;
 
/* Read the AXI error ID */
-   axi_err = CC_HAL_READ_REGISTER(CC_REG_OFFSET(CRY_KERNEL, 
AXIM_MON_ERR));
-   SSI_LOG_DEBUG("AXI completion error: axim_mon_err=0x%08X\n", 
axi_err);
+   axi_err =
+   CC_HAL_READ_REGISTER(CC_REG_OFFSET
+(CRY_KERNEL, AXIM_MON_ERR));
+   SSI_LOG_DEBUG("AXI completion error: axim_mon_err=0x%08X\n",
+ axi_err);
 
irr &= ~SSI_AXI_ERR_IRQ_MASK;
}
 
if (unlikely(irr != 0)) {
-   SSI_LOG_DEBUG("IRR includes unknown cause bits (0x%08X)\n", 
irr);
+   SSI_LOG_DEBUG("IRR includes unknown cause bits (0x%08X)\n",
+ irr);
/* Just warning */
}
 
@@ -176,8 +186,11 @@ int init_cc_regs(struct ssi_drvdata *drvdata, bool 
is_probe)
 
/* Unmask all AXI interrupt sources AXI_CFG1 register *

[PATCH v3 12/22] staging: ccree: align box comment correctly

[Gilad Ben-Yossef]

Fix indentation in first comment.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_hash.c | 28 ++--
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index b7d6586..b95c3ce 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -1,18 +1,18 @@
  /*
- * Copyright (C) 2012-2017 ARM Limited or its affiliates.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
+  * Copyright (C) 2012-2017 ARM Limited or its affiliates.
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License version 2 as
+  * published by the Free Software Foundation.
+  *
+  * This program is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  * GNU General Public License for more details.
+  *
+  * You should have received a copy of the GNU General Public License
+  * along with this program; if not, see .
+  */
 
 #include 
 #include 
-- 
2.1.4

[PATCH v3 10/22] staging: ccree: rewrite GET_DMA_BUFFER_TYPE as func

[Gilad Ben-Yossef]

The GET_DMA_BUFFER_TYPE macro was triggering a macro argument reuse
warning from checkpatch. Rewrite the macro as inline function instead
to avoid risk of unintended side effects.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_buffer_mgr.c | 26 +-
 drivers/staging/ccree/ssi_buffer_mgr.h |  6 --
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 0b81fd5..4be7b51 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -34,11 +34,6 @@
 #include "ssi_hash.h"
 #include "ssi_aead.h"
 
-#define GET_DMA_BUFFER_TYPE(buff_type) ( \
-   ((buff_type) == SSI_DMA_BUF_NULL) ? "BUF_NULL" : \
-   ((buff_type) == SSI_DMA_BUF_DLLI) ? "BUF_DLLI" : \
-   ((buff_type) == SSI_DMA_BUF_MLLI) ? "BUF_MLLI" : "BUF_INVALID")
-
 enum dma_buffer_type {
DMA_NULL_TYPE = -1,
DMA_SGL_TYPE = 1,
@@ -65,6 +60,19 @@ struct buffer_array {
u32 *mlli_nents[MAX_NUM_OF_BUFFERS_IN_MLLI];
 };
 
+static const char *dma_buf_types[SSI_DMA_BUF_TYPE_MAX] = {
+   "BUF_NULL",
+   "BUF_DLLI",
+   "BUF_MLLI"
+   "BUF_INVALID"
+};
+
+static inline const char *dma_buf_type_str(enum ssi_req_dma_buf_type type)
+{
+   type = (type < SSI_DMA_BUF_INVL) ? type : SSI_DMA_BUF_INVL;
+   return dma_buf_types[type];
+}
+
 /**
  * ssi_buffer_mgr_get_sgl_nents() - Get scatterlist number of entries.
  *
@@ -597,7 +605,7 @@ int ssi_buffer_mgr_map_blkcipher_request(
}
 
SSI_LOG_DEBUG("areq_ctx->dma_buf_type = %s\n",
- GET_DMA_BUFFER_TYPE(req_ctx->dma_buf_type));
+ dma_buf_type_str(req_ctx->dma_buf_type));
 
return 0;
 
@@ -827,7 +835,7 @@ static inline int ssi_buffer_mgr_aead_chain_assoc(
areq_ctx->assoc.nents = 0;
areq_ctx->assoc.mlli_nents = 0;
SSI_LOG_DEBUG("Chain assoc of length 0: buff_type=%s 
nents=%u\n",
- GET_DMA_BUFFER_TYPE(areq_ctx->assoc_buff_type),
+ dma_buf_type_str(areq_ctx->assoc_buff_type),
  areq_ctx->assoc.nents);
goto chain_assoc_exit;
}
@@ -879,7 +887,7 @@ static inline int ssi_buffer_mgr_aead_chain_assoc(
if (unlikely((do_chain) ||
 (areq_ctx->assoc_buff_type == SSI_DMA_BUF_MLLI))) {
SSI_LOG_DEBUG("Chain assoc: buff_type=%s nents=%u\n",
- GET_DMA_BUFFER_TYPE(areq_ctx->assoc_buff_type),
+ dma_buf_type_str(areq_ctx->assoc_buff_type),
  areq_ctx->assoc.nents);
ssi_buffer_mgr_add_scatterlist_entry(
sg_data, areq_ctx->assoc.nents,
@@ -1555,7 +1563,7 @@ int ssi_buffer_mgr_map_hash_request_final(
/* change the buffer index for the unmap function */
areq_ctx->buff_index = (areq_ctx->buff_index ^ 1);
SSI_LOG_DEBUG("areq_ctx->data_dma_buf_type = %s\n",
- GET_DMA_BUFFER_TYPE(areq_ctx->data_dma_buf_type));
+ dma_buf_type_str(areq_ctx->data_dma_buf_type));
return 0;
 
 fail_unmap_din:
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.h 
b/drivers/staging/ccree/ssi_buffer_mgr.h
index 41f5223..93972fd 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.h
+++ b/drivers/staging/ccree/ssi_buffer_mgr.h
@@ -28,8 +28,10 @@
 
 enum ssi_req_dma_buf_type {
SSI_DMA_BUF_NULL = 0,
-   SSI_DMA_BUF_DLLI,
-   SSI_DMA_BUF_MLLI
+   SSI_DMA_BUF_DLLI = 1,
+   SSI_DMA_BUF_MLLI = 2,
+   SSI_DMA_BUF_INVL = 3,
+   SSI_DMA_BUF_TYPE_MAX = 4
 };
 
 enum ssi_sg_cpy_direct {
-- 
2.1.4

[PATCH v3 07/22] staging: ccree: remove unused completion

[Gilad Ben-Yossef]

icache_setup_completion is no longer used. Remove it.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c | 2 --
 drivers/staging/ccree/ssi_driver.h | 1 -
 2 files changed, 3 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 1b95f90..928c988 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -279,8 +279,6 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
}
SSI_LOG_DEBUG("Registered to IRQ: %d\n", new_drvdata->irq);
 
-   init_completion(&new_drvdata->icache_setup_completion);
-
rc = cc_clk_on(new_drvdata);
if (rc)
goto post_drvdata_err;
diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index 88ef370..9b6476d 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -138,7 +138,6 @@ struct ssi_drvdata {
u32 monitor_null_cycles;
struct platform_device *plat_dev;
ssi_sram_addr_t mlli_sram_addr;
-   struct completion icache_setup_completion;
void *buff_mgr_handle;
void *hash_handle;
void *aead_handle;
-- 
2.1.4

[PATCH v3 08/22] staging: ccree: remove m32r as supported platform

[Gilad Ben-Yossef]

M32R requires special handling due due to how it has implemented
ioread32. It is also an orphaned arch on Linux and doesn't seem
to be worth the trouble. So until we have a real user, remove
support for it.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/ccree/Kconfig b/drivers/staging/ccree/Kconfig
index 0b3092b..89af1c5 100644
--- a/drivers/staging/ccree/Kconfig
+++ b/drivers/staging/ccree/Kconfig
@@ -1,6 +1,6 @@
 config CRYPTO_DEV_CCREE
tristate "Support for ARM TrustZone CryptoCell C7XX family of Crypto 
accelerators"
-   depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA
+   depends on CRYPTO && CRYPTO_HW && OF && HAS_DMA && !M32R
default n
select CRYPTO_HASH
select CRYPTO_BLKCIPHER
-- 
2.1.4

[PATCH v3 09/22] staging: ccree: Fix format/argument mismatches

[Gilad Ben-Yossef]

From: Joe Perches 

By default, debug logging is disabled by CC_DEBUG not being defined.

Convert SSI_LOG_DEBUG to use no_printk instead of an empty define
to validate formats and arguments.

Fix fallout.

Miscellanea:

o One of the conversions now uses %pR instead of multiple uses of %pad

Signed-off-by: Joe Perches 
[ gby: rebase on top of latest changes ]
Acked-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c|  8 
 drivers/staging/ccree/ssi_buffer_mgr.c  | 29 +---
 drivers/staging/ccree/ssi_cipher.c  | 10 +-
 drivers/staging/ccree/ssi_driver.c  | 10 --
 drivers/staging/ccree/ssi_driver.h  |  2 +-
 drivers/staging/ccree/ssi_hash.c| 34 -
 drivers/staging/ccree/ssi_request_mgr.c |  6 +++---
 7 files changed, 47 insertions(+), 52 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index 66eedbe..03533c8 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -103,7 +103,7 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
if (ctx->enckey) {
dma_free_coherent(dev, AES_MAX_KEY_SIZE, ctx->enckey, 
ctx->enckey_dma_addr);
SSI_LOG_DEBUG("Freed enckey DMA buffer enckey_dma_addr=%pad\n",
- ctx->enckey_dma_addr);
+ &ctx->enckey_dma_addr);
ctx->enckey_dma_addr = 0;
ctx->enckey = NULL;
}
@@ -117,7 +117,7 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
  xcbc->xcbc_keys_dma_addr);
}
SSI_LOG_DEBUG("Freed xcbc_keys DMA buffer 
xcbc_keys_dma_addr=%pad\n",
- xcbc->xcbc_keys_dma_addr);
+ &xcbc->xcbc_keys_dma_addr);
xcbc->xcbc_keys_dma_addr = 0;
xcbc->xcbc_keys = NULL;
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC auth. */
@@ -128,7 +128,7 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
  hmac->ipad_opad,
  hmac->ipad_opad_dma_addr);
SSI_LOG_DEBUG("Freed ipad_opad DMA buffer 
ipad_opad_dma_addr=%pad\n",
- hmac->ipad_opad_dma_addr);
+ &hmac->ipad_opad_dma_addr);
hmac->ipad_opad_dma_addr = 0;
hmac->ipad_opad = NULL;
}
@@ -137,7 +137,7 @@ static void ssi_aead_exit(struct crypto_aead *tfm)
  hmac->padded_authkey,
  hmac->padded_authkey_dma_addr);
SSI_LOG_DEBUG("Freed padded_authkey DMA buffer 
padded_authkey_dma_addr=%pad\n",
- hmac->padded_authkey_dma_addr);
+ &hmac->padded_authkey_dma_addr);
hmac->padded_authkey_dma_addr = 0;
hmac->padded_authkey = NULL;
}
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index d7ce293..0b81fd5 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -14,6 +14,7 @@
  * along with this program; if not, see .
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -33,14 +34,10 @@
 #include "ssi_hash.h"
 #include "ssi_aead.h"
 
-#ifdef CC_DEBUG
 #define GET_DMA_BUFFER_TYPE(buff_type) ( \
((buff_type) == SSI_DMA_BUF_NULL) ? "BUF_NULL" : \
((buff_type) == SSI_DMA_BUF_DLLI) ? "BUF_DLLI" : \
((buff_type) == SSI_DMA_BUF_MLLI) ? "BUF_MLLI" : "BUF_INVALID")
-#else
-#define GET_DMA_BUFFER_TYPE(buff_type)
-#endif
 
 enum dma_buffer_type {
DMA_NULL_TYPE = -1,
@@ -260,7 +257,7 @@ static int ssi_buffer_mgr_generate_mlli(
mlli_params->mlli_len = (total_nents * LLI_ENTRY_BYTE_SIZE);
 
SSI_LOG_DEBUG("MLLI params: virt_addr=%pK dma_addr=%pad 
mlli_len=0x%X\n",
- mlli_params->mlli_virt_addr, mlli_params->mlli_dma_addr,
+ mlli_params->mlli_virt_addr, &mlli_params->mlli_dma_addr,
  mlli_params->mlli_len);
 
 build_mlli_exit:
@@ -275,7 +272,7 @@ static inline void ssi_buffer_mgr_add_buffer_entry(
unsigned int index = sgl_data->num_of_buffers;
 
SSI_LOG_DEBUG("index=%u single_buff=%pad buffer_len=0x%08X 
is_last=%d\n",
- index, buffer_dma, buffer_len, is_last_entry);
+ index, &buffer_dma, buffer_len, is_last_entry);
sgl_data->nents[index] = 1;
sgl_data->entry[index].buffer_dma = buffer_dma;
sgl_data->offset[index] = 0;
@@ -358,7 +355,7 @@ static int ssi_buffer_mgr_map_scatterlist(
}
SSI_LOG_DEBUG("Mapped s

[PATCH v3 06/22] staging: ccree: simplify resource release on error

[Gilad Ben-Yossef]

The resource release on probe/init error was being handled
in an awkward manner and possibly leaking memory on certain
(unlikely) error path.

Fix it by simplifying the error resource release and making
it easier to track.

Reported-by: Dan Carpenter 
Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c   |   3 +-
 drivers/staging/ccree/ssi_cipher.c |   3 +-
 drivers/staging/ccree/ssi_driver.c | 102 -
 drivers/staging/ccree/ssi_hash.c   |   3 +-
 4 files changed, 59 insertions(+), 52 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index a8cb432..66eedbe 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -2719,6 +2719,7 @@ int ssi_aead_alloc(struct ssi_drvdata *drvdata)
goto fail0;
}
 
+   INIT_LIST_HEAD(&aead_handle->aead_list);
drvdata->aead_handle = aead_handle;
 
aead_handle->sram_workspace_addr = ssi_sram_mgr_alloc(
@@ -2729,8 +2730,6 @@ int ssi_aead_alloc(struct ssi_drvdata *drvdata)
goto fail1;
}
 
-   INIT_LIST_HEAD(&aead_handle->aead_list);
-
/* Linux crypto */
for (alg = 0; alg < ARRAY_SIZE(aead_algs); alg++) {
t_alg = ssi_aead_create_alg(&aead_algs[alg]);
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index d98178d..712b21d 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -1281,9 +1281,8 @@ int ssi_ablkcipher_alloc(struct ssi_drvdata *drvdata)
if (!ablkcipher_handle)
return -ENOMEM;
 
-   drvdata->blkcipher_handle = ablkcipher_handle;
-
INIT_LIST_HEAD(&ablkcipher_handle->blkcipher_alg_list);
+   drvdata->blkcipher_handle = ablkcipher_handle;
 
/* Linux crypto */
SSI_LOG_DEBUG("Number of algorithms = %zu\n", 
ARRAY_SIZE(blkcipher_algs));
diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index c18e7e3..1b95f90 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -233,16 +233,14 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
if (!new_drvdata) {
SSI_LOG_ERR("Failed to allocate drvdata");
rc = -ENOMEM;
-   goto init_cc_res_err;
+   goto post_drvdata_err;
}
+   dev_set_drvdata(&plat_dev->dev, new_drvdata);
+   new_drvdata->plat_dev = plat_dev;
 
new_drvdata->clk = of_clk_get(np, 0);
new_drvdata->coherent = of_dma_is_coherent(np);
 
-   /*Initialize inflight counter used in dx_ablkcipher_secure_complete 
used for count of BYSPASS blocks operations*/
-   new_drvdata->inflight_counter = 0;
-
-   dev_set_drvdata(&plat_dev->dev, new_drvdata);
/* Get device resources */
/* First CC registers space */
req_mem_cc_regs = platform_get_resource(plat_dev, IORESOURCE_MEM, 0);
@@ -250,38 +248,42 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
new_drvdata->cc_base = devm_ioremap_resource(&plat_dev->dev,
 req_mem_cc_regs);
if (IS_ERR(new_drvdata->cc_base)) {
+   SSI_LOG_ERR("Failed to ioremap registers");
rc = PTR_ERR(new_drvdata->cc_base);
-   goto init_cc_res_err;
+   goto post_drvdata_err;
}
+
SSI_LOG_DEBUG("Got MEM resource (%s): start=%pad end=%pad\n",
  req_mem_cc_regs->name,
  req_mem_cc_regs->start,
  req_mem_cc_regs->end);
SSI_LOG_DEBUG("CC registers mapped from %pa to 0x%p\n",
  &req_mem_cc_regs->start, new_drvdata->cc_base);
+
cc_base = new_drvdata->cc_base;
+
/* Then IRQ */
new_drvdata->irq = platform_get_irq(plat_dev, 0);
if (new_drvdata->irq < 0) {
SSI_LOG_ERR("Failed getting IRQ resource\n");
rc = new_drvdata->irq;
-   goto init_cc_res_err;
+   goto post_drvdata_err;
}
+
rc = devm_request_irq(&plat_dev->dev, new_drvdata->irq, cc_isr,
  IRQF_SHARED, "arm_cc7x", new_drvdata);
if (rc) {
SSI_LOG_ERR("Could not register to interrupt %d\n",
new_drvdata->irq);
-   goto init_cc_res_err;
+   goto post_drvdata_err;
}
-   init_completion(&new_drvdata->icache_setup_completion);
-
SSI_LOG_DEBUG("Registered to IRQ: %d\n", new_drvdata->irq);
-   new_drvdata->plat_dev = plat_dev;
+
+   init_completion(&new_drvdata->icache_setup_completion);
 
rc = cc_clk_on(new_drvdata);
if (rc)
-   goto init_cc_res_err;
+   goto post_drvdata_err;
 
if (!new_drvdata->plat_dev->dev.dma_mask)
new_drvdata->plat

[PATCH v3 05/22] staging: ccree: Use platform_get_irq and devm_request_irq

[Gilad Ben-Yossef]

From: Suniel Mahesh 

It is recommended to use managed function devm_request_irq(),
which simplifies driver cleanup paths and driver code.
This patch does the following:
(a) replace platform_get_resource(), request_irq() and corresponding
error handling with platform_get_irq() and devm_request_irq().
(b) remove struct resource pointer(res_irq) in struct ssi_drvdata as
it seems redundant.
(c) change type of member irq in struct ssi_drvdata from unsigned int
to int, as return type of platform_get_irq is int and can be used in
error handling.
(d) remove irq_registered variable from driver probe as it seems
redundant.
(e) free_irq is not required any more, devm_request_irq() free's it
on driver detach.
(f) adjust log messages accordingly and remove any blank lines.

Signed-off-by: Suniel Mahesh 
Acked-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c | 30 +-
 drivers/staging/ccree/ssi_driver.h |  3 +--
 2 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 603eb03..c18e7e3 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -222,7 +222,6 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
 {
struct resource *req_mem_cc_regs = NULL;
void __iomem *cc_base = NULL;
-   bool irq_registered = false;
struct ssi_drvdata *new_drvdata;
struct device *dev = &plat_dev->dev;
struct device_node *np = dev->of_node;
@@ -262,26 +261,22 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
  &req_mem_cc_regs->start, new_drvdata->cc_base);
cc_base = new_drvdata->cc_base;
/* Then IRQ */
-   new_drvdata->res_irq = platform_get_resource(plat_dev, IORESOURCE_IRQ, 
0);
-   if (unlikely(!new_drvdata->res_irq)) {
+   new_drvdata->irq = platform_get_irq(plat_dev, 0);
+   if (new_drvdata->irq < 0) {
SSI_LOG_ERR("Failed getting IRQ resource\n");
-   rc = -ENODEV;
+   rc = new_drvdata->irq;
goto init_cc_res_err;
}
-   rc = request_irq(new_drvdata->res_irq->start, cc_isr,
-IRQF_SHARED, "arm_cc7x", new_drvdata);
-   if (unlikely(rc != 0)) {
-   SSI_LOG_ERR("Could not register to interrupt %llu\n",
-   (unsigned long long)new_drvdata->res_irq->start);
+   rc = devm_request_irq(&plat_dev->dev, new_drvdata->irq, cc_isr,
+ IRQF_SHARED, "arm_cc7x", new_drvdata);
+   if (rc) {
+   SSI_LOG_ERR("Could not register to interrupt %d\n",
+   new_drvdata->irq);
goto init_cc_res_err;
}
init_completion(&new_drvdata->icache_setup_completion);
 
-   irq_registered = true;
-   SSI_LOG_DEBUG("Registered to IRQ (%s) %llu\n",
- new_drvdata->res_irq->name,
- (unsigned long long)new_drvdata->res_irq->start);
-
+   SSI_LOG_DEBUG("Registered to IRQ: %d\n", new_drvdata->irq);
new_drvdata->plat_dev = plat_dev;
 
rc = cc_clk_on(new_drvdata);
@@ -410,10 +405,6 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
 #ifdef ENABLE_CC_SYSFS
ssi_sysfs_fini();
 #endif
-   if (irq_registered) {
-   free_irq(new_drvdata->res_irq->start, new_drvdata);
-   new_drvdata->res_irq = NULL;
-   }
dev_set_drvdata(&plat_dev->dev, NULL);
}
return rc;
@@ -443,11 +434,8 @@ static void cleanup_cc_resources(struct platform_device 
*plat_dev)
 #ifdef ENABLE_CC_SYSFS
ssi_sysfs_fini();
 #endif
-
fini_cc_regs(drvdata);
cc_clk_off(drvdata);
-   free_irq(drvdata->res_irq->start, drvdata);
-   drvdata->res_irq = NULL;
dev_set_drvdata(&plat_dev->dev, NULL);
 }
 
diff --git a/drivers/staging/ccree/ssi_driver.h 
b/drivers/staging/ccree/ssi_driver.h
index 518c0bf..88ef370 100644
--- a/drivers/staging/ccree/ssi_driver.h
+++ b/drivers/staging/ccree/ssi_driver.h
@@ -128,9 +128,8 @@ struct ssi_crypto_req {
  * @fw_ver:SeP loaded firmware version
  */
 struct ssi_drvdata {
-   struct resource *res_irq;
void __iomem *cc_base;
-   unsigned int irq;
+   int irq;
u32 irq_mask;
u32 fw_ver;
/* Calibration time of start/stop
-- 
2.1.4

[PATCH v3 04/22] staging: ccree: Convert to devm_ioremap_resource for map, unmap

[Gilad Ben-Yossef]

From: Suniel Mahesh 

It is recommended to use managed function devm_ioremap_resource(),
which simplifies driver cleanup paths and driver code.
This patch does the following:
(a) replace request_mem_region(), ioremap() and corresponding error
handling with devm_ioremap_resource().
(b) remove struct resource pointer(res_mem) in struct ssi_drvdata as it
seems redundant, use struct resource pointer which is defined locally and
adjust return value of platform_get_resource() accordingly.
(c) release_mem_region() and iounmap() are dropped, since devm_ioremap_
resource() releases and unmaps mem region on driver detach.
(d) adjust log messages accordingly and remove any blank lines.

Signed-off-by: Suniel Mahesh 
[gby: rebase on top of latest coding style fixes changes]
Acked-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c | 60 ++
 drivers/staging/ccree/ssi_driver.h |  1 -
 2 files changed, 15 insertions(+), 46 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 97dfc2c..603eb03 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -246,35 +246,21 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
dev_set_drvdata(&plat_dev->dev, new_drvdata);
/* Get device resources */
/* First CC registers space */
-   new_drvdata->res_mem = platform_get_resource(plat_dev, IORESOURCE_MEM, 
0);
-   if (unlikely(!new_drvdata->res_mem)) {
-   SSI_LOG_ERR("Failed getting IO memory resource\n");
-   rc = -ENODEV;
-   goto init_cc_res_err;
-   }
-   SSI_LOG_DEBUG("Got MEM resource (%s): start=%pad end=%pad\n",
- new_drvdata->res_mem->name,
- new_drvdata->res_mem->start,
- new_drvdata->res_mem->end);
+   req_mem_cc_regs = platform_get_resource(plat_dev, IORESOURCE_MEM, 0);
/* Map registers space */
-   req_mem_cc_regs = request_mem_region(new_drvdata->res_mem->start, 
resource_size(new_drvdata->res_mem), "arm_cc7x_regs");
-   if (unlikely(!req_mem_cc_regs)) {
-   SSI_LOG_ERR("Couldn't allocate registers memory region at 
0x%08X\n",
-   (unsigned int)new_drvdata->res_mem->start);
-   rc = -EBUSY;
-   goto init_cc_res_err;
-   }
-   cc_base = ioremap(new_drvdata->res_mem->start, 
resource_size(new_drvdata->res_mem));
-   if (unlikely(!cc_base)) {
-   SSI_LOG_ERR("ioremap[CC](0x%08X,0x%08X) failed\n",
-   (unsigned int)new_drvdata->res_mem->start,
-   (unsigned int)resource_size(new_drvdata->res_mem));
-   rc = -ENOMEM;
+   new_drvdata->cc_base = devm_ioremap_resource(&plat_dev->dev,
+req_mem_cc_regs);
+   if (IS_ERR(new_drvdata->cc_base)) {
+   rc = PTR_ERR(new_drvdata->cc_base);
goto init_cc_res_err;
}
-   SSI_LOG_DEBUG("CC registers mapped from %pa to 0x%p\n", 
&new_drvdata->res_mem->start, cc_base);
-   new_drvdata->cc_base = cc_base;
-
+   SSI_LOG_DEBUG("Got MEM resource (%s): start=%pad end=%pad\n",
+ req_mem_cc_regs->name,
+ req_mem_cc_regs->start,
+ req_mem_cc_regs->end);
+   SSI_LOG_DEBUG("CC registers mapped from %pa to 0x%p\n",
+ &req_mem_cc_regs->start, new_drvdata->cc_base);
+   cc_base = new_drvdata->cc_base;
/* Then IRQ */
new_drvdata->res_irq = platform_get_resource(plat_dev, IORESOURCE_IRQ, 
0);
if (unlikely(!new_drvdata->res_irq)) {
@@ -424,17 +410,9 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
 #ifdef ENABLE_CC_SYSFS
ssi_sysfs_fini();
 #endif
-
-   if (req_mem_cc_regs) {
-   if (irq_registered) {
-   free_irq(new_drvdata->res_irq->start, 
new_drvdata);
-   new_drvdata->res_irq = NULL;
-   iounmap(cc_base);
-   new_drvdata->cc_base = NULL;
-   }
-   release_mem_region(new_drvdata->res_mem->start,
-  resource_size(new_drvdata->res_mem));
-   new_drvdata->res_mem = NULL;
+   if (irq_registered) {
+   free_irq(new_drvdata->res_irq->start, new_drvdata);
+   new_drvdata->res_irq = NULL;
}
dev_set_drvdata(&plat_dev->dev, NULL);
}
@@ -470,14 +448,6 @@ static void cleanup_cc_resources(struct platform_device 
*plat_dev)
cc_clk_off(drvdata);
free_irq(drvdata->res_irq->start, drvdata);
drvdata->res_irq = NULL;
-
-   if (drvdata->cc_base) {
-   iounmap(drvdata->c

[PATCH v3 03/22] staging: ccree: Replace kzalloc with devm_kzalloc

[Gilad Ben-Yossef]

From: Suniel Mahesh 

It is recommended to use managed function devm_kzalloc, which
simplifies driver cleanup paths and driver code.
This patch does the following:
(a) replace kzalloc with devm_kzalloc.
(b) drop kfree(), because memory allocated with devm_kzalloc() is
automatically freed on driver detach, otherwise it leads to a double
free.
(c) remove unnecessary blank lines.

Signed-off-by: Suniel Mahesh 
[gby: rebase on top of latest coding style fixes changes]
Acked-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_driver.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index 1cae2b7..97dfc2c 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -223,13 +223,15 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
struct resource *req_mem_cc_regs = NULL;
void __iomem *cc_base = NULL;
bool irq_registered = false;
-   struct ssi_drvdata *new_drvdata = kzalloc(sizeof(*new_drvdata), 
GFP_KERNEL);
+   struct ssi_drvdata *new_drvdata;
struct device *dev = &plat_dev->dev;
struct device_node *np = dev->of_node;
u32 signature_val;
int rc = 0;
 
-   if (unlikely(!new_drvdata)) {
+   new_drvdata = devm_kzalloc(&plat_dev->dev, sizeof(*new_drvdata),
+  GFP_KERNEL);
+   if (!new_drvdata) {
SSI_LOG_ERR("Failed to allocate drvdata");
rc = -ENOMEM;
goto init_cc_res_err;
@@ -434,10 +436,8 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
   resource_size(new_drvdata->res_mem));
new_drvdata->res_mem = NULL;
}
-   kfree(new_drvdata);
dev_set_drvdata(&plat_dev->dev, NULL);
}
-
return rc;
 }
 
@@ -478,8 +478,6 @@ static void cleanup_cc_resources(struct platform_device 
*plat_dev)
drvdata->cc_base = NULL;
drvdata->res_mem = NULL;
}
-
-   kfree(drvdata);
dev_set_drvdata(&plat_dev->dev, NULL);
 }
 
-- 
2.1.4

[PATCH v3 02/22] staging: ccree: kmalloc by sizeof var not type

[Gilad Ben-Yossef]

Change places where we alloc memory by sizeof type to sizeof var.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c| 4 ++--
 drivers/staging/ccree/ssi_cipher.c  | 4 ++--
 drivers/staging/ccree/ssi_driver.c  | 2 +-
 drivers/staging/ccree/ssi_hash.c| 4 ++--
 drivers/staging/ccree/ssi_ivgen.c   | 2 +-
 drivers/staging/ccree/ssi_request_mgr.c | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index d8f2249..a8cb432 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -2658,7 +2658,7 @@ static struct ssi_crypto_alg *ssi_aead_create_alg(struct 
ssi_alg_template *templ
struct ssi_crypto_alg *t_alg;
struct aead_alg *alg;
 
-   t_alg = kzalloc(sizeof(struct ssi_crypto_alg), GFP_KERNEL);
+   t_alg = kzalloc(sizeof(*t_alg), GFP_KERNEL);
if (!t_alg) {
SSI_LOG_ERR("failed to allocate t_alg\n");
return ERR_PTR(-ENOMEM);
@@ -2713,7 +2713,7 @@ int ssi_aead_alloc(struct ssi_drvdata *drvdata)
int rc = -ENOMEM;
int alg;
 
-   aead_handle = kmalloc(sizeof(struct ssi_aead_handle), GFP_KERNEL);
+   aead_handle = kmalloc(sizeof(*aead_handle), GFP_KERNEL);
if (!aead_handle) {
rc = -ENOMEM;
goto fail0;
diff --git a/drivers/staging/ccree/ssi_cipher.c 
b/drivers/staging/ccree/ssi_cipher.c
index 068b10b..d98178d 100644
--- a/drivers/staging/ccree/ssi_cipher.c
+++ b/drivers/staging/ccree/ssi_cipher.c
@@ -1215,7 +1215,7 @@ struct ssi_crypto_alg *ssi_ablkcipher_create_alg(struct 
ssi_alg_template *templa
struct ssi_crypto_alg *t_alg;
struct crypto_alg *alg;
 
-   t_alg = kzalloc(sizeof(struct ssi_crypto_alg), GFP_KERNEL);
+   t_alg = kzalloc(sizeof(*t_alg), GFP_KERNEL);
if (!t_alg) {
SSI_LOG_ERR("failed to allocate t_alg\n");
return ERR_PTR(-ENOMEM);
@@ -1276,7 +1276,7 @@ int ssi_ablkcipher_alloc(struct ssi_drvdata *drvdata)
int rc = -ENOMEM;
int alg;
 
-   ablkcipher_handle = kmalloc(sizeof(struct ssi_blkcipher_handle),
+   ablkcipher_handle = kmalloc(sizeof(*ablkcipher_handle),
GFP_KERNEL);
if (!ablkcipher_handle)
return -ENOMEM;
diff --git a/drivers/staging/ccree/ssi_driver.c 
b/drivers/staging/ccree/ssi_driver.c
index d104dbd..1cae2b7 100644
--- a/drivers/staging/ccree/ssi_driver.c
+++ b/drivers/staging/ccree/ssi_driver.c
@@ -223,7 +223,7 @@ static int init_cc_resources(struct platform_device 
*plat_dev)
struct resource *req_mem_cc_regs = NULL;
void __iomem *cc_base = NULL;
bool irq_registered = false;
-   struct ssi_drvdata *new_drvdata = kzalloc(sizeof(struct ssi_drvdata), 
GFP_KERNEL);
+   struct ssi_drvdata *new_drvdata = kzalloc(sizeof(*new_drvdata), 
GFP_KERNEL);
struct device *dev = &plat_dev->dev;
struct device_node *np = dev->of_node;
u32 signature_val;
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index 3a734df..6c08b1d 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -2055,7 +2055,7 @@ ssi_hash_create_alg(struct ssi_hash_template *template, 
bool keyed)
struct crypto_alg *alg;
struct ahash_alg *halg;
 
-   t_crypto_alg = kzalloc(sizeof(struct ssi_hash_alg), GFP_KERNEL);
+   t_crypto_alg = kzalloc(sizeof(*t_crypto_alg), GFP_KERNEL);
if (!t_crypto_alg) {
SSI_LOG_ERR("failed to allocate t_alg\n");
return ERR_PTR(-ENOMEM);
@@ -2221,7 +2221,7 @@ int ssi_hash_alloc(struct ssi_drvdata *drvdata)
int rc = 0;
int alg;
 
-   hash_handle = kzalloc(sizeof(struct ssi_hash_handle), GFP_KERNEL);
+   hash_handle = kzalloc(sizeof(*hash_handle), GFP_KERNEL);
if (!hash_handle) {
SSI_LOG_ERR("kzalloc failed to allocate %zu B\n",
sizeof(struct ssi_hash_handle));
diff --git a/drivers/staging/ccree/ssi_ivgen.c 
b/drivers/staging/ccree/ssi_ivgen.c
index bca44af..93a2a94 100644
--- a/drivers/staging/ccree/ssi_ivgen.c
+++ b/drivers/staging/ccree/ssi_ivgen.c
@@ -191,7 +191,7 @@ int ssi_ivgen_init(struct ssi_drvdata *drvdata)
int rc;
 
/* Allocate "this" context */
-   drvdata->ivgen_handle = kzalloc(sizeof(struct ssi_ivgen_ctx), 
GFP_KERNEL);
+   drvdata->ivgen_handle = kzalloc(sizeof(*drvdata->ivgen_handle), 
GFP_KERNEL);
if (!drvdata->ivgen_handle) {
SSI_LOG_ERR("Not enough memory to allocate IVGEN context (%zu 
B)\n",
sizeof(struct ssi_ivgen_ctx));
diff --git a/drivers/staging/ccree/ssi_request_mgr.c 
b/drivers/staging/ccree/ssi_request_mgr.c
index 9a4bb5c..cae9904 100644
--- a/drivers/staging/ccree/ssi_request_mgr.c
+++ b/drivers/staging/ccree/ssi_request_mgr.c
@@ -

[PATCH v3 01/22] staging: ccree: fix split strings

[Gilad Ben-Yossef]

Fix strings in log messages being split across lines and the resulting
alignment issues when being fixed.

Signed-off-by: Gilad Ben-Yossef 
---
 drivers/staging/ccree/ssi_aead.c|  9 ++--
 drivers/staging/ccree/ssi_buffer_mgr.c  | 86 ++---
 drivers/staging/ccree/ssi_cipher.c  | 27 +--
 drivers/staging/ccree/ssi_driver.c  |  4 +-
 drivers/staging/ccree/ssi_hash.c| 43 -
 drivers/staging/ccree/ssi_ivgen.c   |  8 +--
 drivers/staging/ccree/ssi_request_mgr.c | 13 ++---
 7 files changed, 81 insertions(+), 109 deletions(-)

diff --git a/drivers/staging/ccree/ssi_aead.c b/drivers/staging/ccree/ssi_aead.c
index f5ca0e3..d8f2249 100644
--- a/drivers/staging/ccree/ssi_aead.c
+++ b/drivers/staging/ccree/ssi_aead.c
@@ -240,9 +240,8 @@ static void ssi_aead_complete(struct device *dev, void 
*ssi_req, void __iomem *c
if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_DECRYPT) {
if (memcmp(areq_ctx->mac_buf, areq_ctx->icv_virt_addr,
   ctx->authsize) != 0) {
-   SSI_LOG_DEBUG("Payload authentication failure, "
-   "(auth-size=%d, cipher=%d).\n",
-   ctx->authsize, ctx->cipher_mode);
+   SSI_LOG_DEBUG("Payload authentication failure, 
(auth-size=%d, cipher=%d).\n",
+ ctx->authsize, ctx->cipher_mode);
/* In case of payload authentication failure, MUST NOT
 * revealed the decrypted message --> zero its memory.
 */
@@ -455,8 +454,8 @@ ssi_get_plain_hmac_key(struct crypto_aead *tfm, const u8 
*key, unsigned int keyl
if (likely(keylen != 0)) {
key_dma_addr = dma_map_single(dev, (void *)key, keylen, 
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(dev, key_dma_addr))) {
-   SSI_LOG_ERR("Mapping key va=0x%p len=%u for"
-  " DMA failed\n", key, keylen);
+   SSI_LOG_ERR("Mapping key va=0x%p len=%u for DMA 
failed\n",
+   key, keylen);
return -ENOMEM;
}
if (keylen > blocksize) {
diff --git a/drivers/staging/ccree/ssi_buffer_mgr.c 
b/drivers/staging/ccree/ssi_buffer_mgr.c
index 6393609..d7ce293 100644
--- a/drivers/staging/ccree/ssi_buffer_mgr.c
+++ b/drivers/staging/ccree/ssi_buffer_mgr.c
@@ -82,8 +82,8 @@ static unsigned int ssi_buffer_mgr_get_sgl_nents(
 
while (nbytes != 0) {
if (sg_is_chain(sg_list)) {
-   SSI_LOG_ERR("Unexpected chained entry "
-  "in sg (entry =0x%X)\n", nents);
+   SSI_LOG_ERR("Unexpected chained entry in sg (entry 
=0x%X)\n",
+   nents);
BUG();
}
if (sg_list->length != 0) {
@@ -259,11 +259,9 @@ static int ssi_buffer_mgr_generate_mlli(
/* Set MLLI size for the bypass operation */
mlli_params->mlli_len = (total_nents * LLI_ENTRY_BYTE_SIZE);
 
-   SSI_LOG_DEBUG("MLLI params: "
-"virt_addr=%pK dma_addr=%pad mlli_len=0x%X\n",
-  mlli_params->mlli_virt_addr,
-  mlli_params->mlli_dma_addr,
-  mlli_params->mlli_len);
+   SSI_LOG_DEBUG("MLLI params: virt_addr=%pK dma_addr=%pad 
mlli_len=0x%X\n",
+ mlli_params->mlli_virt_addr, mlli_params->mlli_dma_addr,
+ mlli_params->mlli_len);
 
 build_mlli_exit:
return rc;
@@ -276,9 +274,8 @@ static inline void ssi_buffer_mgr_add_buffer_entry(
 {
unsigned int index = sgl_data->num_of_buffers;
 
-   SSI_LOG_DEBUG("index=%u single_buff=%pad "
-"buffer_len=0x%08X is_last=%d\n",
-index, buffer_dma, buffer_len, is_last_entry);
+   SSI_LOG_DEBUG("index=%u single_buff=%pad buffer_len=0x%08X 
is_last=%d\n",
+ index, buffer_dma, buffer_len, is_last_entry);
sgl_data->nents[index] = 1;
sgl_data->entry[index].buffer_dma = buffer_dma;
sgl_data->offset[index] = 0;
@@ -359,8 +356,7 @@ static int ssi_buffer_mgr_map_scatterlist(
SSI_LOG_ERR("dma_map_sg() single buffer failed\n");
return -ENOMEM;
}
-   SSI_LOG_DEBUG("Mapped sg: dma_address=%pad "
-"page=%p addr=%pK offset=%u "
+   SSI_LOG_DEBUG("Mapped sg: dma_address=%pad page=%p addr=%pK 
offset=%u "
 "length=%u\n",
 sg_dma_address(sg),
 sg_page(sg),
@@ -419,12 +415,10 @@ ssi_aead_handle_config_buf(struct device *dev,
sg_init_one(&areq_ctx->ccm_adata_sg, config_data, AES_BLOCK_SIZE + 
areq_ctx->ccm_hdr_s

Re: [PATCH v3 11/22] staging: ccree: fix line indentation and breaks

[Joe Perches]

On Tue, 2017-08-15 at 09:26 +0300, Gilad Ben-Yossef wrote:
> Fix wrong indentation and line breaks, including missing tabs,
> breaking lines longer then 80 char or wrongly broken.
[]
> diff --git a/drivers/staging/ccree/ssi_driver.c 
> b/drivers/staging/ccree/ssi_driver.c
[]
> - SSI_LOG_ERR("snprintf returned %d . aborting buffer 
> array dump\n", ret);
> + SSI_LOG_ERR
> + ("snprintf returned %d . aborting buffer array 
> dump\n",
> +  ret);

This change is quite unpleasant to read.