[PATCH] staging: ccree: Convert to platform_{get,set}_drvdata()
From: Suniel Mahesh <suni...@techveda.org> Platform devices are expected to use wrapper functions, platform_{get,set}_drvdata() with platform_device as argument, for getting and setting the driver data. dev_{get,set}_drvdata() are using _dev->dev. For wrapper functions we can directly pass a struct platform_device. dev_set_drvdata() is redundant and therefore removed. The driver core clears the driver data to NULL after device_release or on probe failure. Signed-off-by: Suniel Mahesh <suni...@techveda.org> --- Note: - Patch was tested and built(ARCH=arm) on next-20170921. No build issues reported, however it was not tested on real hardware. --- drivers/staging/ccree/ssi_driver.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/ccree/ssi_driver.c b/drivers/staging/ccree/ssi_driver.c index 6d16220..53b4a8c 100644 --- a/drivers/staging/ccree/ssi_driver.c +++ b/drivers/staging/ccree/ssi_driver.c @@ -236,7 +236,7 @@ static int init_cc_resources(struct platform_device *plat_dev) rc = -ENOMEM; goto post_drvdata_err; } - dev_set_drvdata(_dev->dev, new_drvdata); + platform_set_drvdata(plat_dev, new_drvdata); new_drvdata->plat_dev = plat_dev; new_drvdata->clk = of_clk_get(np, 0); @@ -415,7 +415,6 @@ static int init_cc_resources(struct platform_device *plat_dev) cc_clk_off(new_drvdata); post_drvdata_err: SSI_LOG_ERR("ccree init error occurred!\n"); - dev_set_drvdata(_dev->dev, NULL); return rc; } @@ -429,7 +428,7 @@ void fini_cc_regs(struct ssi_drvdata *drvdata) static void cleanup_cc_resources(struct platform_device *plat_dev) { struct ssi_drvdata *drvdata = - (struct ssi_drvdata *)dev_get_drvdata(_dev->dev); + (struct ssi_drvdata *)platform_get_drvdata(plat_dev); ssi_aead_free(drvdata); ssi_hash_free(drvdata); @@ -445,7 +444,6 @@ static void cleanup_cc_resources(struct platform_device *plat_dev) #endif fini_cc_regs(drvdata); cc_clk_off(drvdata); - dev_set_drvdata(_dev->dev, NULL); } int cc_clk_on(struct ssi_drvdata *drvdata) -- 1.9.1
[PATCH v2] staging: ccree: Convert to platform_{get,set}_drvdata()
From: Suniel Mahesh <suni...@techveda.org> Platform devices are expected to use wrapper functions, platform_{get,set}_drvdata() with platform_device as argument, for getting and setting the driver data. dev_{get,set}_drvdata() are using _dev->dev. For wrapper functions we can directly pass a struct platform_device. dev_set_drvdata() is redundant and therefore removed. The driver core clears the driver data to NULL after device_release or on probe failure. Signed-off-by: Suniel Mahesh <suni...@techveda.org> --- Changes for v2: - Rebased on top of staging-testing. --- Note: - Patch was tested and built(ARCH=arm) on next-20170921. No build issues reported, however it was not tested on real hardware. --- drivers/staging/ccree/ssi_driver.c | 6 ++ 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/drivers/staging/ccree/ssi_driver.c b/drivers/staging/ccree/ssi_driver.c index 6d16220..53b4a8c 100644 --- a/drivers/staging/ccree/ssi_driver.c +++ b/drivers/staging/ccree/ssi_driver.c @@ -236,7 +236,7 @@ static int init_cc_resources(struct platform_device *plat_dev) rc = -ENOMEM; goto post_drvdata_err; } - dev_set_drvdata(_dev->dev, new_drvdata); + platform_set_drvdata(plat_dev, new_drvdata); new_drvdata->plat_dev = plat_dev; new_drvdata->clk = of_clk_get(np, 0); @@ -415,7 +415,6 @@ static int init_cc_resources(struct platform_device *plat_dev) cc_clk_off(new_drvdata); post_drvdata_err: SSI_LOG_ERR("ccree init error occurred!\n"); - dev_set_drvdata(_dev->dev, NULL); return rc; } @@ -429,7 +428,7 @@ void fini_cc_regs(struct ssi_drvdata *drvdata) static void cleanup_cc_resources(struct platform_device *plat_dev) { struct ssi_drvdata *drvdata = - (struct ssi_drvdata *)dev_get_drvdata(_dev->dev); + (struct ssi_drvdata *)platform_get_drvdata(plat_dev); ssi_aead_free(drvdata); ssi_hash_free(drvdata); @@ -445,7 +444,6 @@ static void cleanup_cc_resources(struct platform_device *plat_dev) #endif fini_cc_regs(drvdata); cc_clk_off(drvdata); - dev_set_drvdata(_dev->dev, NULL); } int cc_clk_on(struct ssi_drvdata *drvdata) -- 1.9.1
Re: KPP questions and confusion
Hi, Marcel, On 08/03/2017 11:40 AM, Marcel Holtmann wrote: Essentially we do what all other key exchange procedure do. Generate a private/public key pair, give the public key to the other side, run DH with the value from the other side. That Bluetooth SMP knows about the private key is really pointless. Since the detection of debug key usage is actually via the public key portion. I'm working on letting the bluetooth smp benefit of the ecc private key generation from the crypto subsystem. I will send some patches soon. Cheers, ta
[RFC PATCH 0/2] let the crypto subsystem generate the ecc privkey
That Bluetooth SMP knows about the private key is pointless, since the detection of debug key usage is actually via the public key portion. With this patch set, the Bluetooth SMP will stop keeping a copy of the ecdh private key, except when using debug keys. This way we let the crypto subsystem to generate and handle the ecdh private key, potentially benefiting of hardware ecc private key generation and retention. Tested with selftest and with btmon and smp-tester on top of hci_vhci, with ecdh done in both software and hardware (through atmel-ecc driver). All tests passed. Tudor Ambarus (2): Bluetooth: move ecdh allocation outside of ecdh_helper Bluetooth: let the crypto subsystem generate the ecc privkey net/bluetooth/ecdh_helper.c | 138 ++-- net/bluetooth/ecdh_helper.h | 8 ++- net/bluetooth/selftest.c| 29 +++--- net/bluetooth/smp.c | 120 -- 4 files changed, 159 insertions(+), 136 deletions(-) -- 2.9.4
[PATCH] staging:ccree Fix char * array declaration
This patch solves the following warning shown by the checkpatch script Warning: char * array declaration might be better as static const Signed-off-by: Janani Sankara Babu--- drivers/staging/ccree/ssi_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/ccree/ssi_sysfs.c b/drivers/staging/ccree/ssi_sysfs.c index dbcd163..87cef46 100644 --- a/drivers/staging/ccree/ssi_sysfs.c +++ b/drivers/staging/ccree/ssi_sysfs.c @@ -300,7 +300,7 @@ static ssize_t ssi_sys_regdump_show(struct kobject *kobj, static ssize_t ssi_sys_help_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - char *help_str[] = { + static const char *help_str[] = { "cat reg_dump ", "Print several of CC register values", #if defined CC_CYCLE_COUNT "cat stats_host", "Print host statistics", -- 1.9.1
[PATCH] staging:ccree Fix dont use assignment in if condition
This patch solves the following error shown by checkpatch script ERROR: do not use assignment in if condition Signed-off-by: Janani Sankara Babu--- drivers/staging/ccree/ssi_hash.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c index ae8f36a..08eaa56 100644 --- a/drivers/staging/ccree/ssi_hash.c +++ b/drivers/staging/ccree/ssi_hash.c @@ -601,8 +601,8 @@ static int ssi_hash_update(struct ahash_req_ctx *state, /* no real updates required */ return 0; } - - if (unlikely(rc = ssi_buffer_mgr_map_hash_request_update(ctx->drvdata, state, src, nbytes, block_size))) { + rc = ssi_buffer_mgr_map_hash_request_update(ctx->drvdata, state, src, nbytes, block_size); + if (unlikely(rc)) { if (rc == 1) { SSI_LOG_DEBUG(" data size not require HW update %x\n", nbytes); @@ -1403,8 +1403,8 @@ static int ssi_mac_update(struct ahash_request *req) } state->xcbc_count++; - - if (unlikely(rc = ssi_buffer_mgr_map_hash_request_update(ctx->drvdata, state, req->src, req->nbytes, block_size))) { + rc = ssi_buffer_mgr_map_hash_request_update(ctx->drvdata, state, req->src, req->nbytes, block_size); + if (unlikely(rc)) { if (rc == 1) { SSI_LOG_DEBUG(" data size not require HW update %x\n", req->nbytes); -- 1.9.1
[PATCH] staging:ccree Fix use BIT macro
This patch is created to solve the following warning shown by the checkpatch script Warning: Replace all occurences of (1<--- drivers/staging/ccree/ssi_cipher.h | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/staging/ccree/ssi_cipher.h b/drivers/staging/ccree/ssi_cipher.h index 296b375..6fbcf9d 100644 --- a/drivers/staging/ccree/ssi_cipher.h +++ b/drivers/staging/ccree/ssi_cipher.h @@ -27,11 +27,11 @@ #include "ssi_buffer_mgr.h" /* Crypto cipher flags */ -#define CC_CRYPTO_CIPHER_KEY_KFDE0(1 << 0) -#define CC_CRYPTO_CIPHER_KEY_KFDE1(1 << 1) -#define CC_CRYPTO_CIPHER_KEY_KFDE2(1 << 2) -#define CC_CRYPTO_CIPHER_KEY_KFDE3(1 << 3) -#define CC_CRYPTO_CIPHER_DU_SIZE_512B (1 << 4) +#define CC_CRYPTO_CIPHER_KEY_KFDE0BIT(0) +#define CC_CRYPTO_CIPHER_KEY_KFDE1BIT(1) +#define CC_CRYPTO_CIPHER_KEY_KFDE2BIT(2) +#define CC_CRYPTO_CIPHER_KEY_KFDE3BIT(3) +#define CC_CRYPTO_CIPHER_DU_SIZE_512B BIT(4) #define CC_CRYPTO_CIPHER_KEY_KFDE_MASK (CC_CRYPTO_CIPHER_KEY_KFDE0 | CC_CRYPTO_CIPHER_KEY_KFDE1 | CC_CRYPTO_CIPHER_KEY_KFDE2 | CC_CRYPTO_CIPHER_KEY_KFDE3) -- 1.9.1
[PATCH 2/6] crypto: talitos - fix hashing
md5sum on some files gives wrong result Exemple: With the md5sum from libkcapi: c15115c05bad51113f81bdaee735dd09 test With the original md5sum: bbdf41d80ba7e8b2b7be3a0772be76cb test This patch fixes this issue Signed-off-by: Christophe Leroy--- drivers/crypto/talitos.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 5cc160078286..49f1561fa694 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1769,7 +1769,7 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc, sg_count = edesc->src_nents ?: 1; if (is_sec1 && sg_count > 1) - sg_copy_to_buffer(areq->src, sg_count, edesc->buf, length); + sg_copy_to_buffer(req_ctx->psrc, sg_count, edesc->buf, length); else sg_count = dma_map_sg(dev, req_ctx->psrc, sg_count, DMA_TO_DEVICE); -- 2.13.3
[PATCH 0/6] crypto: talitos - various fixes
This serie provide various fixes on the talitos driver. Christophe Leroy (6): crypto: talitos - Don't provide setkey for non hmac hashing algs. crypto: talitos - fix hashing crypto: talitos - fix sha224 crypto: talitos - fix AEAD test failures crypto: talitos - use kzalloc instead of kmalloc crypto: talitos - fix memory corruption on SEC2 drivers/crypto/talitos.c | 81 +--- drivers/crypto/talitos.h | 2 -- 2 files changed, 36 insertions(+), 47 deletions(-) -- 2.13.3
[PATCH 1/6] crypto: talitos - Don't provide setkey for non hmac hashing algs.
Today, md5sum fails with error -ENOKEY because a setkey function is set for non hmac hashing algs, see strace output below: mmap(NULL, 378880, PROT_READ, MAP_SHARED, 6, 0) = 0x77f5 accept(3, 0, NULL) = 7 vmsplice(5, [{"bin/\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 378880}], 1, SPLICE_F_MORE|SPLICE_F_GIFT) = 262144 splice(4, NULL, 7, NULL, 262144, SPLICE_F_MORE) = -1 ENOKEY (Required key not available) write(2, "Generation of hash for file kcap"..., 50) = 50 munmap(0x77f5, 378880) = 0 This patch ensures that setkey() function is set only for hmac hashing. Signed-off-by: Christophe Leroy--- drivers/crypto/talitos.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 79791c690858..5cc160078286 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -3057,7 +3057,8 @@ static struct talitos_crypto_alg *talitos_alg_alloc(struct device *dev, t_alg->algt.alg.hash.final = ahash_final; t_alg->algt.alg.hash.finup = ahash_finup; t_alg->algt.alg.hash.digest = ahash_digest; - t_alg->algt.alg.hash.setkey = ahash_setkey; + if (!strncmp(alg->cra_name, "hmac", 4)) + t_alg->algt.alg.hash.setkey = ahash_setkey; t_alg->algt.alg.hash.import = ahash_import; t_alg->algt.alg.hash.export = ahash_export; -- 2.13.3
[PATCH 3/6] crypto: talitos - fix sha224
Kernel crypto tests report the following error at startup [2.752626] alg: hash: Test 4 failed for sha224-talitos [2.757907] : 30 e2 86 e2 e7 8a dd 0d d7 eb 9f d5 83 fe f1 b0 0010: 2d 5a 6c a5 f9 55 ea fd 0e 72 05 22 This patch fixes it Signed-off-by: Christophe Leroy--- drivers/crypto/talitos.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 49f1561fa694..dff88838dce7 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1756,9 +1756,9 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc, req_ctx->swinit = 0; } else { desc->ptr[1] = zero_entry; - /* Indicate next op is not the first. */ - req_ctx->first = 0; } + /* Indicate next op is not the first. */ + req_ctx->first = 0; /* HMAC key */ if (ctx->keylen) -- 2.13.3
[PATCH 5/6] crypto: talitos - use kzalloc instead of kmalloc
Use kzalloc() to zeroize the extended descriptor at allocation and further zeorising Signed-off-by: Christophe Leroy--- drivers/crypto/talitos.c | 23 +-- drivers/crypto/talitos.h | 2 -- 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index cd8a37e60259..a5b608b54c74 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -75,7 +75,6 @@ static void to_talitos_ptr_len(struct talitos_ptr *ptr, unsigned int len, bool is_sec1) { if (is_sec1) { - ptr->res = 0; ptr->len1 = cpu_to_be16(len); } else { ptr->len = cpu_to_be16(len); @@ -118,7 +117,6 @@ static void map_single_talitos_ptr(struct device *dev, to_talitos_ptr_len(ptr, len, is_sec1); to_talitos_ptr(ptr, dma_addr, is_sec1); - to_talitos_ptr_ext_set(ptr, 0, is_sec1); } /* @@ -287,7 +285,6 @@ int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc, /* map descriptor and save caller data */ if (is_sec1) { desc->hdr1 = desc->hdr; - desc->next_desc = 0; request->dma_desc = dma_map_single(dev, >hdr1, TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL); @@ -1099,7 +1096,6 @@ static int sg_to_link_tbl_offset(struct scatterlist *sg, int sg_count, to_talitos_ptr(link_tbl_ptr + count, sg_dma_address(sg) + offset, 0); to_talitos_ptr_len(link_tbl_ptr + count, len, 0); - to_talitos_ptr_ext_set(link_tbl_ptr + count, 0, 0); count++; cryptlen -= len; offset = 0; @@ -1125,7 +1121,6 @@ int talitos_sg_map(struct device *dev, struct scatterlist *src, bool is_sec1 = has_ftr_sec1(priv); to_talitos_ptr_len(ptr, len, is_sec1); - to_talitos_ptr_ext_set(ptr, 0, is_sec1); if (sg_count == 1) { to_talitos_ptr(ptr, sg_dma_address(src) + offset, is_sec1); @@ -1197,11 +1192,9 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) { to_talitos_ptr(>ptr[2], edesc->iv_dma, is_sec1); to_talitos_ptr_len(>ptr[2], ivsize, is_sec1); - to_talitos_ptr_ext_set(>ptr[2], 0, is_sec1); } else { to_talitos_ptr(>ptr[3], edesc->iv_dma, is_sec1); to_talitos_ptr_len(>ptr[3], ivsize, is_sec1); - to_talitos_ptr_ext_set(>ptr[3], 0, is_sec1); } /* cipher key */ @@ -1221,7 +1214,6 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, * typically 12 for ipsec */ to_talitos_ptr_len(>ptr[4], cryptlen, is_sec1); - to_talitos_ptr_ext_set(>ptr[4], 0, is_sec1); sg_link_tbl_len = cryptlen; @@ -1275,8 +1267,6 @@ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq, to_talitos_ptr(tbl_ptr, edesc->dma_link_tbl + offset, is_sec1); } - } else { - edesc->icv_ool = false; } /* ICV data */ @@ -1386,7 +1376,7 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev, alloc_len += icv_stashing ? authsize : 0; } - edesc = kmalloc(alloc_len, GFP_DMA | flags); + edesc = kzalloc(alloc_len, GFP_DMA | flags); if (!edesc) { dev_err(dev, "could not allocate edescriptor\n"); err = ERR_PTR(-ENOMEM); @@ -1467,7 +1457,6 @@ static int aead_decrypt(struct aead_request *req) DESC_HDR_MODE1_MDEU_CICV; /* reset integrity check result bits */ - edesc->desc.hdr_lo = 0; return ipsec_esp(edesc, req, ipsec_esp_decrypt_hwauth_done); } @@ -1554,12 +1543,10 @@ static int common_nonsnoop(struct talitos_edesc *edesc, bool is_sec1 = has_ftr_sec1(priv); /* first DWORD empty */ - desc->ptr[0] = zero_entry; /* cipher iv */ to_talitos_ptr(>ptr[1], edesc->iv_dma, is_sec1); to_talitos_ptr_len(>ptr[1], ivsize, is_sec1); - to_talitos_ptr_ext_set(>ptr[1], 0, is_sec1); /* cipher key */ map_single_talitos_ptr(dev, >ptr[2], ctx->keylen, @@ -1598,7 +1585,6 @@ static int common_nonsnoop(struct talitos_edesc *edesc, DMA_FROM_DEVICE); /* last DWORD empty */ - desc->ptr[6] = zero_entry; if (sync_needed) dma_sync_single_for_device(dev, edesc->dma_link_tbl, @@ -1744,7 +1730,6 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc, int sg_count;
Re: [PATCH] crypto: AF_ALG - remove SGL end indicator when chaining
Am Mittwoch, 20. September 2017, 19:31:33 CEST schrieb Greg KH: Hi Herbert, > On Wed, Sep 20, 2017 at 03:47:46PM +0200, Stephan Mueller wrote: > > Am Mittwoch, 20. September 2017, 10:32:09 CEST schrieb Herbert Xu: > > > > Hi Herbert, > > > > > Hmm, this patch does not apply against the current tree. Is this > > > a stable-only patch? > > > > This would be a stable-only patch. With the overhauling of the AF_ALG > > memory handling, this is a no-issue any more. > > If you want this as a stable-only patch, you need to resend it and > justify it a bunch as to why it isn't in Linus's tree as well. Would you push it or shall I send it? Thanks Ciao Stephan
[PATCH] staging:ccree Fix avoid externs in .c files
This patch solves the warning shown by the checkpatch script WARNING: externs should be avoided in .c files Signed-off-by: Janani Sankara Babu--- drivers/staging/ccree/ssi_fips_local.c | 14 -- drivers/staging/ccree/ssi_fips_local.h | 13 + 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/drivers/staging/ccree/ssi_fips_local.c b/drivers/staging/ccree/ssi_fips_local.c index aefb71d..f019041 100644 --- a/drivers/staging/ccree/ssi_fips_local.c +++ b/drivers/staging/ccree/ssi_fips_local.c @@ -48,20 +48,6 @@ struct ssi_fips_handle { #endif }; -extern int ssi_fips_get_state(enum cc_fips_state_t *p_state); -extern int ssi_fips_get_error(enum cc_fips_error *p_err); -extern int ssi_fips_ext_set_state(enum cc_fips_state_t state); -extern int ssi_fips_ext_set_error(enum cc_fips_error err); - -/* FIPS power-up tests */ -extern enum cc_fips_error ssi_cipher_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern enum cc_fips_error ssi_cmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern enum cc_fips_error ssi_hash_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern enum cc_fips_error ssi_hmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern enum cc_fips_error ssi_ccm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern enum cc_fips_error ssi_gcm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); -extern size_t ssi_fips_max_mem_alloc_size(void); - /* The function called once at driver entry point to check whether TEE FIPS error occured.*/ static enum ssi_fips_error ssi_fips_get_tee_error(struct ssi_drvdata *drvdata) { diff --git a/drivers/staging/ccree/ssi_fips_local.h b/drivers/staging/ccree/ssi_fips_local.h index 8c7994f..b906190 100644 --- a/drivers/staging/ccree/ssi_fips_local.h +++ b/drivers/staging/ccree/ssi_fips_local.h @@ -65,3 +65,16 @@ static inline void ssi_fips_fini(struct ssi_drvdata *drvdata) {} #endif /*__SSI_FIPS_LOCAL_H__*/ +extern int ssi_fips_get_state(enum cc_fips_state_t *p_state); +extern int ssi_fips_get_error(enum cc_fips_error *p_err); +extern int ssi_fips_ext_set_state(enum cc_fips_state_t state); +extern int ssi_fips_ext_set_error(enum cc_fips_error err); + +/* FIPS power-up tests */ +extern enum cc_fips_error ssi_cipher_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern enum cc_fips_error ssi_cmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern enum cc_fips_error ssi_hash_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern enum cc_fips_error ssi_hmac_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern enum cc_fips_error ssi_ccm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern enum cc_fips_error ssi_gcm_fips_power_up_tests(struct ssi_drvdata *drvdata, void *cpu_addr_buffer, dma_addr_t dma_coherent_buffer); +extern size_t ssi_fips_max_mem_alloc_size(void); -- 1.9.1
[PATCH 6/6] crypto: talitos - fix memory corruption on SEC2
On SEC2, when using the old descriptors type (hmac snoop no afeu) for doing IPsec, the CICV out pointeur points out of the allocated memory. [2.502554] = [2.510740] BUG dma-kmalloc-256 (Not tainted): Redzone overwritten [2.516907] - [2.516907] [2.526535] Disabling lock debugging due to kernel taint [2.531845] INFO: 0xde858108-0xde85810b. First byte 0xf8 instead of 0xcc [2.538549] INFO: Allocated in 0x806181a9 age=0 cpu=0 pid=58 [2.544229] __kmalloc+0x374/0x564 [2.547649] talitos_edesc_alloc+0x17c/0x48c [2.551929] aead_edesc_alloc+0x80/0x154 [2.555863] aead_encrypt+0x30/0xe0 [2.559368] __test_aead+0x5a0/0x1f3c [2.563042] test_aead+0x2c/0x110 [2.566371] alg_test_aead+0x5c/0xf4 [2.569958] alg_test+0x1dc/0x5a0 [2.573305] cryptomgr_test+0x50/0x70 [2.576984] kthread+0xd8/0x134 [2.580155] ret_from_kernel_thread+0x5c/0x64 [2.584534] INFO: Freed in ipsec_esp_encrypt_done+0x130/0x240 age=6 cpu=0 pid=0 [2.591839] ipsec_esp_encrypt_done+0x130/0x240 [2.596395] flush_channel+0x1dc/0x488 [2.600161] talitos2_done_4ch+0x30/0x200 [2.604185] tasklet_action+0xa0/0x13c [2.607948] __do_softirq+0x148/0x6cc [2.611623] irq_exit+0xc0/0x124 [2.614869] call_do_irq+0x24/0x3c [2.618292] do_IRQ+0x78/0x108 [2.621369] ret_from_except+0x0/0x14 [2.625055] finish_task_switch+0x58/0x350 [2.629165] schedule+0x80/0x134 [2.632409] schedule_preempt_disabled+0x38/0xc8 [2.637042] cpu_startup_entry+0xe4/0x190 [2.641074] start_kernel+0x3f4/0x408 [2.644741] 0x3438 [2.646857] INFO: Slab 0xdffbdb00 objects=9 used=1 fp=0xde8581c0 flags=0x0080 [2.653978] INFO: Object 0xde858008 @offset=8 fp=0xca4395df [2.653978] [2.661032] Redzone de858000: cc cc cc cc cc cc cc cc [2.669029] Object de858008: 00 00 00 02 00 00 00 02 00 6b 6b 6b 1e 83 ea 28 .kkk...( [2.677628] Object de858018: 00 00 00 70 1e 85 80 64 ff 73 1d 21 6b 6b 6b 6b ...p...d.s.! [2.686228] Object de858028: 00 20 00 00 1e 84 17 24 00 10 00 00 1e 85 70 00 . .$..p. [2.694829] Object de858038: 00 18 00 00 1e 84 17 44 00 08 00 00 1e 83 ea 28 ...D...( [2.703430] Object de858048: 00 80 00 00 1e 84 f0 00 00 80 00 00 1e 85 70 10 ..p. [2.712030] Object de858058: 00 20 6b 00 1e 85 80 f4 6b 6b 6b 6b 00 80 02 00 . k. [2.720629] Object de858068: 1e 84 f0 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.729230] Object de858078: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.737830] Object de858088: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.746429] Object de858098: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.755029] Object de8580a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.763628] Object de8580b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.772229] Object de8580c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.780829] Object de8580d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b [2.789430] Object de8580e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 73 b0 ea 9f s... [2.798030] Object de8580f8: e8 18 80 d6 56 38 44 c0 db e3 4f 71 f7 ce d1 d3 V8D...Oq [2.806629] Redzone de858108: f8 bd 3e 4f ..>O [2.814279] Padding de8581b0: 5a 5a 5a 5a 5a 5a 5a 5a [2.822283] CPU: 0 PID: 0 Comm: swapper Tainted: GB 4.9.50-g995be12679 #179 [2.831819] Call Trace: [2.834301] [dffefd20] [c01aa9a8] check_bytes_and_report+0x100/0x194 (unreliable) [2.841801] [dffefd50] [c01aac3c] check_object+0x200/0x530 [2.847306] [dffefd80] [c01ae584] free_debug_processing+0x290/0x690 [2.853585] [dffefde0] [c01aec8c] __slab_free+0x308/0x628 [2.859000] [dffefe80] [c05057f4] ipsec_esp_encrypt_done+0x130/0x240 [2.865378] [dffefeb0] [c05002c4] flush_channel+0x1dc/0x488 [2.870968] [dffeff10] [c05007a8] talitos2_done_4ch+0x30/0x200 [2.876814] [dffeff30] [c002fe38] tasklet_action+0xa0/0x13c [2.882399] [dffeff60] [c002f118] __do_softirq+0x148/0x6cc [2.887896] [dffeffd0] [c002f954] irq_exit+0xc0/0x124 [2.892968] [dffefff0] [c0013adc] call_do_irq+0x24/0x3c [2.898213] [c0d4be00] [c000757c] do_IRQ+0x78/0x108 [2.903113] [c0d4be30] [c0015c08] ret_from_except+0x0/0x14 [2.908634] --- interrupt: 501 at finish_task_switch+0x70/0x350 [2.908634] LR = finish_task_switch+0x58/0x350 [2.919327] [c0d4bf20] [c085e1d4] schedule+0x80/0x134 [2.924398] [c0d4bf50] [c085e2c0] schedule_preempt_disabled+0x38/0xc8 [
[PATCH] staging: ccree: else is not generally useful after a break or return
From: Suniel Mahesh <suni...@techveda.org> Fixes checkpatch warnings: WARNING: else is not generally useful after a break or return Signed-off-by: Suniel Mahesh <suni...@techveda.org> --- Note: - Patch was tested and built(ARCH=arm) on next-20170921. No build issues reported. --- drivers/staging/ccree/ssi_request_mgr.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/staging/ccree/ssi_request_mgr.c b/drivers/staging/ccree/ssi_request_mgr.c index daa5432..25eecbb 100644 --- a/drivers/staging/ccree/ssi_request_mgr.c +++ b/drivers/staging/ccree/ssi_request_mgr.c @@ -387,10 +387,9 @@ int send_request( */ wait_for_completion(_req->seq_compl); return 0; - } else { - /* Operation still in process */ - return -EINPROGRESS; } + /* Operation still in process */ + return -EINPROGRESS; } /*! -- 1.9.1
Re: [PATCH] crypto: talitos - fix hashing
On Wed, Sep 13, 2017 at 12:44:57PM +0200, Christophe Leroy wrote: > md5sum on some files gives wrong result > > Exemple: > > With the md5sum from libkcapi: > c15115c05bad51113f81bdaee735dd09 test > > With the original md5sum: > bbdf41d80ba7e8b2b7be3a0772be76cb test > > This patch fixes this issue > > Signed-off-by: Christophe LeroyPatch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH v2 00/12] x86/crypto: Fix RBP usage in several crypto .S files
On Mon, Sep 18, 2017 at 02:41:59PM -0500, Josh Poimboeuf wrote: > v2: > - fix performance issues in sha256-avx2-asm.S and sha512-avx2-asm.S > (Eric) > > Many of the x86 crypto functions use RBP as a temporary register. This > breaks frame pointer convention, and breaks stack traces when unwinding > from an interrupt in the crypto code. > > Convert most* of them to leave RBP alone. > > These pass the crypto boot tests for me. Any further testing would be > appreciated! > > [*] There are still a few crypto files left that need fixing, but the > fixes weren't trivial and nobody reported unwinder warnings about > them yet, so I'm skipping them for now. > > Josh Poimboeuf (12): All applied. Thanks. -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: talitos - fix sha224
On Wed, Sep 13, 2017 at 12:44:51PM +0200, Christophe Leroy wrote: > Kernel crypto tests report the following error at startup > > [2.752626] alg: hash: Test 4 failed for sha224-talitos > [2.757907] : 30 e2 86 e2 e7 8a dd 0d d7 eb 9f d5 83 fe f1 b0 > 0010: 2d 5a 6c a5 f9 55 ea fd 0e 72 05 22 > > This patch fixes it > > Signed-off-by: Christophe LeroyPatch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: caam - fix LS1021A support on ARMv7 multiplatform kernel
On Fri, Sep 01, 2017 at 05:12:59PM +0300, Horia Geantă wrote: > When built using multi_v7_defconfig, driver does not work on LS1021A: > [...] > caam 170.crypto: can't identify CAAM ipg clk: -2 > caam: probe of 170.crypto failed with error -2 > [...] > > It turns out we have to detect at runtime whether driver is running > on an i.MX platform or not. > > Cc:> Fixes: 6c3af9559352 ("crypto: caam - add support for LS1021A") > Signed-off-by: Horia Geantă Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH - RESEND] crypto: AF_ALG - remove SGL terminator indicator when chaining
On Thu, Sep 21, 2017 at 10:16:53AM +0200, Stephan Mueller wrote: > The SGL is MAX_SGL_ENTS + 1 in size. The last SG entry is used for the > chaining and is properly updated with the sg_chain invocation. During > the filling-in of the initial SG entries, sg_mark_end is called for each > SG entry. This is appropriate as long as no additional SGL is chained > with the current SGL. However, when a new SGL is chained and the last > SG entry is updated with sg_chain, the last but one entry still contains > the end marker from the sg_mark_end. This end marker must be removed as > otherwise a walk of the chained SGLs will cause a NULL pointer > dereference at the last but one SG entry, because sg_next will return > NULL. > > The patch only applies to all kernels up to and including 4.13. The > patch 2d97591ef43d0587be22ad1b0d758d6df4999a0b added to 4.14-rc1 > introduced a complete new code base which addresses this bug in > a different way. Yet, that patch is too invasive for stable kernels > and was therefore not marked for stable. > > Fixes: 8ff590903d5fc ("crypto: algif_skcipher - User-space interface > for skcipher operations") > CC:> CC: Herbert Xu > Signed-off-by: Stephan Mueller Acked-by: Herbert Xu Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: AF_ALG - remove SGL end indicator when chaining
On Thu, Sep 21, 2017 at 08:43:28AM +0200, Stephan Mueller wrote: > Am Mittwoch, 20. September 2017, 19:31:33 CEST schrieb Greg KH: > > Hi Herbert, > > > On Wed, Sep 20, 2017 at 03:47:46PM +0200, Stephan Mueller wrote: > > > Am Mittwoch, 20. September 2017, 10:32:09 CEST schrieb Herbert Xu: > > > > > > Hi Herbert, > > > > > > > Hmm, this patch does not apply against the current tree. Is this > > > > a stable-only patch? > > > > > > This would be a stable-only patch. With the overhauling of the AF_ALG > > > memory handling, this is a no-issue any more. > > > > If you want this as a stable-only patch, you need to resend it and > > justify it a bunch as to why it isn't in Linus's tree as well. > > Would you push it or shall I send it? Please resend it with details as to why this isn't needed on the mainline kernel, i.e., due to the new code-base which has addressed the bug in a different way but is too invasive for stable. Thanks, -- Email: Herbert XuHome Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: DRBG - fix freeing of resources
On Thu, Sep 14, 2017 at 05:10:28PM +0200, Stephan Müller wrote: > During the change to use aligned buffers, the deallocation code path was > not updated correctly. The current code tries to free the aligned buffer > pointer and not the original buffer pointer as it is supposed to. > > Thus, the code is updated to free the original buffer pointer and set > the aligned buffer pointer that is used throughout the code to NULL. > > Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers") > CC:> CC: Herbert Xu > Signed-off-by: Stephan Mueller Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: talitos - Don't provide setkey for non hmac hashing algs.
On Tue, Sep 12, 2017 at 11:03:39AM +0200, Christophe Leroy wrote: > Today, md5sum fails with error -ENOKEY because a setkey > function is set for non hmac hashing algs, see strace output below: > > mmap(NULL, 378880, PROT_READ, MAP_SHARED, 6, 0) = 0x77f5 > accept(3, 0, NULL) = 7 > vmsplice(5, > [{"bin/\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., > 378880}], 1, SPLICE_F_MORE|SPLICE_F_GIFT) = 262144 > splice(4, NULL, 7, NULL, 262144, SPLICE_F_MORE) = -1 ENOKEY (Required key not > available) > write(2, "Generation of hash for file kcap"..., 50) = 50 > munmap(0x77f5, 378880) = 0 > > This patch ensures that setkey() function is set only > for hmac hashing. > > Signed-off-by: Christophe LeroyPatch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[PATCH - RESEND] crypto: AF_ALG - remove SGL terminator indicator when chaining
The SGL is MAX_SGL_ENTS + 1 in size. The last SG entry is used for the chaining and is properly updated with the sg_chain invocation. During the filling-in of the initial SG entries, sg_mark_end is called for each SG entry. This is appropriate as long as no additional SGL is chained with the current SGL. However, when a new SGL is chained and the last SG entry is updated with sg_chain, the last but one entry still contains the end marker from the sg_mark_end. This end marker must be removed as otherwise a walk of the chained SGLs will cause a NULL pointer dereference at the last but one SG entry, because sg_next will return NULL. The patch only applies to all kernels up to and including 4.13. The patch 2d97591ef43d0587be22ad1b0d758d6df4999a0b added to 4.14-rc1 introduced a complete new code base which addresses this bug in a different way. Yet, that patch is too invasive for stable kernels and was therefore not marked for stable. Fixes: 8ff590903d5fc ("crypto: algif_skcipher - User-space interface for skcipher operations") CC:CC: Herbert Xu Signed-off-by: Stephan Mueller --- crypto/algif_skcipher.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 43839b00fe6c..62449a8f14ce 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -139,8 +139,10 @@ static int skcipher_alloc_sgl(struct sock *sk) sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); sgl->cur = 0; - if (sg) + if (sg) { sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); + sg_unmark_end(sg + (MAX_SGL_ENTS - 1)); + } list_add_tail(>list, >tsgl); } -- 2.13.5