| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Clean up the check for irq. dev_err() is superfluous as
platform_get_irq() already prints an error. Check for zero
would indicate a bug. Remove curly braces to conform to
styling requirements.
Signed-off-by: Nigel Christian <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Loading the module deadlocks since:
-local cbc(aes) implementation needs a fallback and
-crypto API tries to find one but the request_module() resolves back to
the same module
Fix this by changing the module alias for cbc(aes) and
using the NEED_FALLBACK flag when requesting for a fallback algorithm.
Fixes: 00b99ad2bac2 ("crypto: arm/aes-neonbs - Use generic cbc encryption path")
Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
A semicolon is not needed after a switch statement.
Signed-off-by: Tom Rix <[email protected]>
Signed-off-by: Tom Rix <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
A semicolon is not needed after a switch statement.
Signed-off-by: Tom Rix <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
PAC pointer authentication signs the return address against the value
of the stack pointer, to prevent stack overrun exploits from corrupting
the control flow. However, this requires that the AUTIASP is issued with
SP holding the same value as it held when the PAC value was generated.
The Poly1305 NEON code got this wrong, resulting in crashes on PAC
capable hardware.
Fixes: f569ca164751 ("crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS ...")
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Commit 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm
names") made the kernel start accepting arbitrarily long algorithm names
in sockaddr_alg. However, the actual length of the salg_name field
stayed at the original 64 bytes.
This is broken because the kernel can access indices >= 64 in salg_name,
which is undefined behavior -- even though the memory that is accessed
is still located within the sockaddr structure. It would only be
defined behavior if the array were properly marked as arbitrary-length
(either by making it a flexible array, which is the recommended way
these days, or by making it an array of length 0 or 1).
We can't simply change salg_name into a flexible array, since that would
break source compatibility with userspace programs that embed
sockaddr_alg into another struct, or (more commonly) declare a
sockaddr_alg like 'struct sockaddr_alg sa = { .salg_name = "foo" };'.
One solution would be to change salg_name into a flexible array only
when '#ifdef __KERNEL__'. However, that would keep userspace without an
easy way to actually use the longer algorithm names.
Instead, add a new structure 'sockaddr_alg_new' that has the flexible
array field, and expose it to both userspace and the kernel.
Make the kernel use it correctly in alg_bind().
This addresses the syzbot report
"UBSAN: array-index-out-of-bounds in alg_bind"
(https://syzkaller.appspot.com/bug?extid=92ead4eb8e26a26d465e).
Reported-by: [email protected]
Fixes: 3f69cc60768b ("crypto: af_alg - Allow arbitrarily long algorithm names")
Cc: <[email protected]> # v4.12+
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Use the new crypto_engine_alloc_init_and_set() function to
initialize crypto-engine and enable retry mechanism.
Set the maximum size for crypto-engine software queue based on
Job Ring size (JOBR_DEPTH) and a threshold (reserved for the
non-crypto-API requests that are not passed through crypto-engine).
The callback for do_batch_requests is NULL, since CAAM
doesn't support linked requests.
Signed-off-by: Iuliana Prodan <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Currently, by default crypto self-test failures only result in a
pr_warn() message and an "unknown" status in /proc/crypto. Both of
these are easy to miss. There is also an option to panic the kernel
when a test fails, but that can't be the default behavior.
A crypto self-test failure always indicates a kernel bug, however, and
there's already a standard way to report (recoverable) kernel bugs --
the WARN() family of macros. WARNs are noisier and harder to miss, and
existing test systems already know to look for them in dmesg or via
/proc/sys/kernel/tainted.
Therefore, call WARN() when an algorithm fails its self-tests.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
When alg_test() is called from tcrypt.ko rather than from the algorithm
registration code, "driver" is actually the algorithm name, not the
driver name. So it shouldn't be used in places where a driver name is
wanted, e.g. when reporting a test failure or when checking whether the
driver is the generic driver or not.
Fix this for the skcipher algorithm tests by getting the driver name
from the crypto_skcipher that actually got allocated.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
When alg_test() is called from tcrypt.ko rather than from the algorithm
registration code, "driver" is actually the algorithm name, not the
driver name. So it shouldn't be used in places where a driver name is
wanted, e.g. when reporting a test failure or when checking whether the
driver is the generic driver or not.
Fix this for the AEAD algorithm tests by getting the driver name from
the crypto_aead that actually got allocated.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
When alg_test() is called from tcrypt.ko rather than from the algorithm
registration code, "driver" is actually the algorithm name, not the
driver name. So it shouldn't be used in places where a driver name is
wanted, e.g. when reporting a test failure or when checking whether the
driver is the generic driver or not.
Fix this for the hash algorithm tests by getting the driver name from
the crypto_ahash or crypto_shash that actually got allocated.
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add crypto_aead_driver_name(), which is analogous to
crypto_skcipher_driver_name().
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
A break is not needed if it is preceded by a return
Signed-off-by: Tom Rix <[email protected]>
Reviewed-by: Alexandre Belloni <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Unrolling the LOAD and BLEND loops improves performance by ~8% on x86_64
(tested on Broadwell Xeon) while not increasing code size too much.
Signed-off-by: Arvind Sankar <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This reduces code size substantially (on x86_64 with gcc-10 the size of
sha256_update() goes from 7593 bytes to 1952 bytes including the new
SHA256_K array), and on x86 is slightly faster than the full unroll
(tested on Broadwell Xeon).
Signed-off-by: Arvind Sankar <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The temporary W[] array is currently zeroed out once every call to
sha256_transform(), i.e. once every 64 bytes of input data. Moving it to
sha256_update() instead so that it is cleared only once per update can
save about 2-3% of the total time taken to compute the digest, with a
reasonable memset() implementation, and considerably more (~20%) with a
bad one (eg the x86 purgatory currently uses a memset() coded in C).
Signed-off-by: Arvind Sankar <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The assignments to clear a through h and t1/t2 are optimized out by the
compiler because they are unused after the assignments.
Clearing individual scalar variables is unlikely to be useful, as they
may have been assigned to registers, and even if stack spilling was
required, there may be compiler-generated temporaries that are
impossible to clear in any case.
So drop the clearing of a through h and t1/t2.
Signed-off-by: Arvind Sankar <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Without the barrier_data() inside memzero_explicit(), the compiler may
optimize away the state-clearing if it can tell that the state is not
used afterwards.
Signed-off-by: Arvind Sankar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Without the barrier_data() inside memzero_explicit(), the compiler may
optimize away the state-clearing if it can tell that the state is not
used afterwards. At least in lib/crypto/sha256.c:__sha256_final(), the
function can get inlined into sha256(), in which case the memset is
optimized away.
Signed-off-by: Arvind Sankar <[email protected]>
Reviewed-by: Eric Biggers <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
pm_runtime_get_sync() will increment pm usage counter even
when it returns an error code. We should call put operation
in error handling paths of omap_aes_hw_init.
Signed-off-by: Zhang Qilong <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This is an algorithm optimization. The reset operation when
setting the public key is repeated and redundant, so remove it.
At the same time, `sm2_ecc_os2ec()` is optimized to make the
function more simpler and more in line with the Linux code style.
Signed-off-by: Tianjia Zhang <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
This patch reduces the stack usage in sa2ul:
1. Move the exported sha state into sa_prepare_iopads so that it
can occupy the same space as the k_pad buffer.
2. Use one buffer for ipad/opad in sa_prepare_iopads.
3. Remove ipad/opad buffer from sa_set_sc_auth.
4. Use async skcipher fallback and remove on-stack request from
sa_cipher_run.
Reported-by: kernel test robot <[email protected]>
Fixes: d2c8ac187fc9 ("crypto: sa2ul - Add AEAD algorithm support")
Signed-off-by: Herbert Xu <[email protected]>
|
|
Clean up extra blank lines
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
1. Remove unused member‘pending_reqs' in‘sec_qp_ctx' structure.
2. Remove unused member‘status' in‘sec_dev' structure.
Signed-off-by: Longfang Liu <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Commit 1d2c3279311e ("crypto: x86/aes - drop scalar assembler
implementations") was meant to remove aes_glue.c, but it actually left
it as an unused one-line file. Remove this unused file.
Cc: Ard Biesheuvel <[email protected]>
Signed-off-by: Eric Biggers <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Change type of ae_mask in adf_hw_device_data to allow for devices with
more than 16 Acceleration Engines (AEs).
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Allow for crypto instances to be configured with symmetric crypto rings
that belong to a bank that is different from the one where asymmetric
crypto rings are located.
This is to allow for devices with banks made of a single ring pair.
In these, crypto instances will be composed of two separate banks.
Changed string literals are not exposed to the user space.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Refactor function qat_crypto_dev_config() to propagate errors to
the caller.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Refactor function qat_crypto_create_instances() to propagate errors to
the caller.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
If a key is not found in the internal key value storage, return -ENODATA
instead of -1 that is treated as -EPERM and may confuse.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
If the parameter type provided to adf_cfg_add_key_value_param()
is invalid, return -EINVAL instead of -1 that is treated as -EPERM and
may confuse.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove superfluous casts to void* in function qat_crypto_dev_config().
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Call the function configure_iov_threads(), adf_enable_vf2pf_interrupts()
and adf_pf2vf_notify_restarting() only if present in the struct
adf_hw_device_data of the device.
This is to allow for QAT drivers that do not implement those functions.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Maksim Lukoshkov <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Replace hardcoded value of the bank interrupt clear flag mask with a
value calculated on the fly which is based on the number of rings
present in a bank. This is to support devices that have a number of
rings per bank different than 16.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Abstract writes to the service arbiter enable register.
This is in preparation for the introduction of the qat_4xxx driver since
the arbitration enable register differes between QAT GEN2 and QAT GEN4
devices.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Maksim Lukoshkov <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Replace occurrences of the pattern GENMASK_ULL(var - 1, 0)) with
BIT_ULL(var) - 1 since it produces better code and it is easier to read.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Replace constant 0xFFFFFFFFFFFFFFFFULL with GENMASK_ULL(63, 0) and
0xFFFFFFFF with GENMASK(31, 0) as they are masks.
This makes code less error prone.
Suggested-by: Andy Shevchenko <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Abstract the implementation of BUILD_RING_BASE_ADDR.
This is in preparation for the introduction of the qat_4xxx driver since
the value of the ring base differs between QAT GEN2 and QAT GEN4
devices.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Maksim Lukoshkov <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Enable arbitration on the TX ring only after the RX ring is programmed.
Before this change, arbitration was enabled on the TX ring before the RX
ring was programmed allowing the HW to process a request before having
the ring pair configured.
With this change, the arbitration logic is programmed only if the TX
half of the ring mask matches the RX half.
This change does not affect QAT GEN2 devices (c62x, c3xxx and dh895xcc),
but it is a must for QAT GEN4 devices since the CSRs of the ring pair
are locked after arbitration is enabled on the TX ring.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Maksim Lukoshkov <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Introduce the function adf_hw_dev_has_crypto() that returns true if a
device supports symmetric crypto, asymmetric crypto and authentication
services.
If a device has crypto capabilities, add crypto instances to the
configuration.
This is done since the function that allows to retrieve crypto
instances, qat_crypto_get_instance_node(), return instances that support
all crypto services.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add logic to detect device capabilities for c62x, c3xxx and dh895xcc.
Read fuses, straps and legfuses CSRs and build the device capabilities
mask. This will be used to understand if a certain service is supported
by a device.
This patch is based on earlier work done by Conor McLoughlin.
Signed-off-by: Marco Chiappero <[email protected]>
Co-developed-by: Giovanni Cabiddu <[email protected]>
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
The arbiter configuration, the offset to the arbiter config CSR and the
offset to the worker thread to service arbiter CSR are going to be
different in QAT GEN4 devices although the logic that uses them is the
same across all QAT generations.
This patch reworks the gen-specific parts of the arbiter access code by
introducing the arb_info structure, that contains the values that are
generation specific, and a function in the structure adf_hw_device_data,
get_arb_info(), that allows to get them.
Since the arbiter values for QAT GEN2 devices (c62x, c3xxx and
dh895xcc) are the same, a single function, adf_gen2_get_arb_info() is
provided in adf_gen2_hw_data.c and referenced by each QAT GEN2 driver.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Remove the unused macros ADF_ARB_WTR_SIZE, ADF_ARB_WTR_OFFSET
and ADF_ARB_RO_EN_OFFSET.
These macros were left in commit 34074205bb9f ("crypto: qat - remove
redundant arbiter configuration") that removed the logic that used those
defines.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
WQCFG registers contain the correct values after reset in all
generations of QAT. No need to write into them.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Extend admin contansts table to support QAT GEN4 devices.
This change does not affect QAT GEN2 devices (c62x, c3xxx and dh895xcc)
as the table was extended in an unused area which is not referenced by
any of those drivers and devices.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Introduce admin AE mask. If this mask set, the fw constant message is
sent only to engines that belong to that set, otherwise it is sent to
all engines.
This is in preparation for the qat_4xxx driver where the constant message
should be sent only to admin engines.
In GEN2 devices (c62x, c3xxx and dh895xcc), the admin AE mask is 0 and
the fw constants message is sent to all AEs.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Call adf_set_fw_constants() before adf_init_ae().
This is required by QAT GEN4 devices, which expect that the
FW_CONSTANTS_CFG command is sent to the admin AEs before the FW_INIT_AE
command.
Swapping the order of the two commands (FW_INIT_AE and FW_CONSTANTS_CFG)
is allowed in QAT GEN2 devices as the firmware can handle those in any
order.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Rename occurrences of ME in the admin module with the acronym AE
(Acceleration Engine) as the two are equivalent.
This is to keep a single acronym for engined in the codebase and
follow the documentation in https://01.org/intel-quickassist-technology.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Add packed attribute to the structures icp_qat_fw_init_admin_req and
icp_qat_fw_init_admin_resp as they are accessed by firmware.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|
|
Abstract access to admin interface and move generation specific code into
adf_gen2_hw_data.c in preparation for the introduction of the qat_4xxx
driver.
Signed-off-by: Giovanni Cabiddu <[email protected]>
Reviewed-by: Fiona Trahe <[email protected]>
Reviewed-by: Wojciech Ziemba <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
|