]> www.infradead.org Git - users/willy/linux.git/log
users/willy/linux.git
3 years agocrypto: qat - add param check for RSA
Giovanni Cabiddu [Mon, 9 May 2022 13:34:14 +0000 (14:34 +0100)]
crypto: qat - add param check for RSA

Reject requests with a source buffer that is bigger than the size of the
key. This is to prevent a possible integer underflow that might happen
when copying the source scatterlist into a linear buffer.

Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove dma_free_coherent() for DH
Giovanni Cabiddu [Mon, 9 May 2022 13:34:13 +0000 (14:34 +0100)]
crypto: qat - remove dma_free_coherent() for DH

The functions qat_dh_compute_value() allocates memory with
dma_alloc_coherent() if the source or the destination buffers are made
of multiple flat buffers or of a size that is not compatible with the
hardware.
This memory is then freed with dma_free_coherent() in the context of a
tasklet invoked to handle the response for the corresponding request.

According to Documentation/core-api/dma-api-howto.rst, the function
dma_free_coherent() cannot be called in an interrupt context.

Replace allocations with dma_alloc_coherent() in the function
qat_dh_compute_value() with kmalloc() + dma_map_single().

Cc: stable@vger.kernel.org
Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove dma_free_coherent() for RSA
Giovanni Cabiddu [Mon, 9 May 2022 13:34:12 +0000 (14:34 +0100)]
crypto: qat - remove dma_free_coherent() for RSA

After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP"), if
the algorithms are enabled, the driver crashes with a BUG_ON while
executing vunmap() in the context of a tasklet. This is due to the fact
that the function dma_free_coherent() cannot be called in an interrupt
context (see Documentation/core-api/dma-api-howto.rst).

The functions qat_rsa_enc() and qat_rsa_dec() allocate memory with
dma_alloc_coherent() if the source or the destination buffers are made
of multiple flat buffers or of a size that is not compatible with the
hardware.
This memory is then freed with dma_free_coherent() in the context of a
tasklet invoked to handle the response for the corresponding request.

Replace allocations with dma_alloc_coherent() in the functions
qat_rsa_enc() and qat_rsa_dec() with kmalloc() + dma_map_single().

Cc: stable@vger.kernel.org
Fixes: a990532023b9 ("crypto: qat - Add support for RSA algorithm")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - fix memory leak in RSA
Giovanni Cabiddu [Mon, 9 May 2022 13:34:11 +0000 (14:34 +0100)]
crypto: qat - fix memory leak in RSA

When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is
used, some components of the private key persist even after the TFM is
released.
Replace the explicit calls to free the buffers in qat_rsa_exit_tfm()
with a call to qat_rsa_clear_ctx() which frees all buffers referenced in
the TFM context.

Cc: stable@vger.kernel.org
Fixes: 879f77e9071f ("crypto: qat - Add RSA CRT mode")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - add backlog mechanism
Giovanni Cabiddu [Mon, 9 May 2022 13:34:10 +0000 (14:34 +0100)]
crypto: qat - add backlog mechanism

The implementations of the crypto algorithms (aead, skcipher, etc) in
the QAT driver do not properly support requests with the
CRYPTO_TFM_REQ_MAY_BACKLOG flag set. If the HW queue is full, the driver
returns -EBUSY but does not enqueue the request. This can result in
applications like dm-crypt waiting indefinitely for the completion of a
request that was never submitted to the hardware.

Fix this by adding a software backlog queue: if the ring buffer is more
than eighty percent full, then the request is enqueued to a backlog
list and the error code -EBUSY is returned back to the caller.
Requests in the backlog queue are resubmitted at a later time, in the
context of the callback of a previously submitted request.
The request for which -EBUSY is returned is then marked as -EINPROGRESS
once submitted to the HW queues.

The submission loop inside the function qat_alg_send_message() has been
modified to decide which submission policy to use based on the request
flags. If the request does not have the CRYPTO_TFM_REQ_MAY_BACKLOG set,
the previous behaviour has been preserved.

Based on a patch by
Vishnu Das Ramachandran <vishnu.dasx.ramachandran@intel.com>

Cc: stable@vger.kernel.org
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Kyle Sanderson <kyle.leet@gmail.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - refactor submission logic
Giovanni Cabiddu [Mon, 9 May 2022 13:34:09 +0000 (14:34 +0100)]
crypto: qat - refactor submission logic

All the algorithms in qat_algs.c and qat_asym_algs.c use the same
pattern to submit messages to the HW queues. Move the submission loop
to a new function, qat_alg_send_message(), and share it between the
symmetric and the asymmetric algorithms.

As part of this rework, since the number of retries before returning an
error is inconsistent between the symmetric and asymmetric
implementations, set it to a value that works for both (i.e. 20, was 10
in qat_algs.c and 100 in qat_asym_algs.c)

In addition fix the return code reported when the HW queues are full.
In that case return -ENOSPC instead of -EBUSY.

Including stable in CC since (1) the error code returned if the HW queues
are full is incorrect and (2) to facilitate the backport of the next fix
"crypto: qat - add backlog mechanism".

Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - use pre-allocated buffers in datapath
Giovanni Cabiddu [Mon, 9 May 2022 13:34:08 +0000 (14:34 +0100)]
crypto: qat - use pre-allocated buffers in datapath

In order to do DMAs, the QAT device requires that the scatterlist
structures are mapped and translated into a format that the firmware can
understand. This is defined as the composition of a scatter gather list
(SGL) descriptor header, the struct qat_alg_buf_list, plus a variable
number of flat buffer descriptors, the struct qat_alg_buf.

The allocation and mapping of these data structures is done each time a
request is received from the skcipher and aead APIs.
In an OOM situation, this behaviour might lead to a dead-lock if an
allocation fails.

Based on the conversation in [1], increase the size of the aead and
skcipher request contexts to include an SGL descriptor that can handle
a maximum of 4 flat buffers.
If requests exceed 4 entries buffers, memory is allocated dynamically.

[1] https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.org.au/

Cc: stable@vger.kernel.org
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - set to zero DH parameters before free
Giovanni Cabiddu [Mon, 9 May 2022 13:19:27 +0000 (14:19 +0100)]
crypto: qat - set to zero DH parameters before free

Set to zero the context buffers containing the DH key before they are
freed.
This is a defense in depth measure that avoids keys to be recovered from
memory in case the system is compromised between the free of the buffer
and when that area of memory (containing keys) gets overwritten.

Cc: stable@vger.kernel.org
Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: s390 - add crypto library interface for ChaCha20
Vladis Dronov [Sun, 8 May 2022 13:09:44 +0000 (15:09 +0200)]
crypto: s390 - add crypto library interface for ChaCha20

Implement a crypto library interface for the s390-native ChaCha20 cipher
algorithm. This allows us to stop to select CRYPTO_CHACHA20 and instead
select CRYPTO_ARCH_HAVE_LIB_CHACHA. This allows BIG_KEYS=y not to build
a whole ChaCha20 crypto infrastructure as a built-in, but build a smaller
CRYPTO_LIB_CHACHA instead.

Make CRYPTO_CHACHA_S390 config entry to look like similar ones on other
architectures. Remove CRYPTO_ALGAPI select as anyway it is selected by
CRYPTO_SKCIPHER.

Add a new test module and a test script for ChaCha20 cipher and its
interfaces. Here are test results on an idle z15 machine:

Data | Generic crypto TFM |  s390 crypto TFM |    s390 lib
size |      enc      dec  |     enc     dec  |     enc     dec
-----+--------------------+------------------+----------------
512b |   1545ns   1295ns  |   604ns   446ns  |   430ns  407ns
4k   |   9536ns   9463ns  |  2329ns  2174ns  |  2170ns  2154ns
64k  |  149.6us  149.3us  |  34.4us  34.5us  |  33.9us  33.1us
6M   |  23.61ms  23.11ms  |  4223us  4160us  |  3951us  4008us
60M  |  143.9ms  143.9ms  |  33.5ms  33.2ms  |  32.2ms  32.1ms

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: talitos - Uniform coding style with defined variable
jianchunfu [Sun, 8 May 2022 05:22:50 +0000 (13:22 +0800)]
crypto: talitos - Uniform coding style with defined variable

Use the defined variable "desc" to uniform coding style.

Signed-off-by: jianchunfu <jianchunfu@cmss.chinamobile.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey()
Minghao Chi [Thu, 5 May 2022 02:20:24 +0000 (02:20 +0000)]
crypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey()

Simplify the return expression.

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: cryptd - Protect per-CPU resource by disabling BH.
Sebastian Andrzej Siewior [Wed, 4 May 2022 15:07:36 +0000 (17:07 +0200)]
crypto: cryptd - Protect per-CPU resource by disabling BH.

The access to cryptd_queue::cpu_queue is synchronized by disabling
preemption in cryptd_enqueue_request() and disabling BH in
cryptd_queue_worker(). This implies that access is allowed from BH.

If cryptd_enqueue_request() is invoked from preemptible context _and_
soft interrupt then this can lead to list corruption since
cryptd_enqueue_request() is not protected against access from
soft interrupt.

Replace get_cpu() in cryptd_enqueue_request() with local_bh_disable()
to ensure BH is always disabled.
Remove preempt_disable() from cryptd_queue_worker() since it is not
needed because local_bh_disable() ensures synchronisation.

Fixes: 254eff771441 ("crypto: cryptd - Per-CPU thread implementation...")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - do not fallback if cryptlen is less than sg length
Corentin Labbe [Mon, 2 May 2022 20:19:29 +0000 (20:19 +0000)]
crypto: sun8i-ce - do not fallback if cryptlen is less than sg length

The sg length could be more than remaining data on it.
So check the length requirement against the minimum between those two
values.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - rework debugging
Corentin Labbe [Mon, 2 May 2022 20:19:28 +0000 (20:19 +0000)]
crypto: sun8i-ce - rework debugging

The "Fallback for xxx" message is annoying, remove it and store the
information in the debugfs.
Let's add more precise fallback stats and display it better.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - use sg_nents_for_len
Corentin Labbe [Mon, 2 May 2022 20:19:27 +0000 (20:19 +0000)]
crypto: sun8i-ce - use sg_nents_for_len

When testing with some large SG list, the sun8i-ce drivers always
fallback even if it can handle it.
So use sg_nents_for_len() which permits to see less SGs than needed.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - Add function for handling hash padding
Corentin Labbe [Mon, 2 May 2022 20:19:26 +0000 (20:19 +0000)]
crypto: sun8i-ce - Add function for handling hash padding

Move all padding work to a dedicated function.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - do not fallback if cryptlen is less than sg length
Corentin Labbe [Mon, 2 May 2022 20:19:25 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not fallback if cryptlen is less than sg length

The sg length could be more than remaining data on it.
So check the length requirement against the minimum between those two
values.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - add hmac(sha1)
Corentin Labbe [Mon, 2 May 2022 20:19:24 +0000 (20:19 +0000)]
crypto: sun8i-ss - add hmac(sha1)

Even if sun8i-ss does not handle hmac(sha1) directly, we can provide one
which use the already supported acceleration of sha1.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - Add function for handling hash padding
Corentin Labbe [Mon, 2 May 2022 20:19:23 +0000 (20:19 +0000)]
crypto: sun8i-ss - Add function for handling hash padding

Move all padding work to a dedicated function.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - rework debugging
Corentin Labbe [Mon, 2 May 2022 20:19:22 +0000 (20:19 +0000)]
crypto: sun8i-ss - rework debugging

The "Fallback for xxx" message is annoying, remove it and store the
information in the debugfs.
In the same time, reports more fallback statistics.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - handle requests if last block is not modulo 64
Corentin Labbe [Mon, 2 May 2022 20:19:21 +0000 (20:19 +0000)]
crypto: sun8i-ss - handle requests if last block is not modulo 64

The current sun8i-ss handle only requests with all SG length being
modulo 64.
But the last SG could be always handled by copying it on the pad buffer.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - do not zeroize all pad
Corentin Labbe [Mon, 2 May 2022 20:19:20 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not zeroize all pad

Instead of memset all pad buffer, it is faster to only put 0 where
needed.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - do not allocate memory when handling hash requests
Corentin Labbe [Mon, 2 May 2022 20:19:19 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not allocate memory when handling hash requests

Instead of allocate memory on each requests, it is easier to
pre-allocate buffers.
This made error path easier.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - use sg_nents_for_len
Corentin Labbe [Mon, 2 May 2022 20:19:18 +0000 (20:19 +0000)]
crypto: sun8i-ss - use sg_nents_for_len

When testing with some large SG list, the sun8i-ss drivers always
fallback even if it can handle it.
So use sg_nents_for_len() which permits to see less SGs than needed.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - test error before assigning
Corentin Labbe [Mon, 2 May 2022 20:19:17 +0000 (20:19 +0000)]
crypto: sun8i-ss - test error before assigning

The first thing we should do after dma_map_single() is to test the
result.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - remove redundant test
Corentin Labbe [Mon, 2 May 2022 20:19:16 +0000 (20:19 +0000)]
crypto: sun8i-ss - remove redundant test

Some fallback tests were redundant with what sun8i_ss_hash_need_fallback() already do.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - handle zero sized sg
Corentin Labbe [Mon, 2 May 2022 20:19:15 +0000 (20:19 +0000)]
crypto: sun8i-ss - handle zero sized sg

sun8i-ss does not handle well the possible zero sized sg.

Fixes: d9b45418a917 ("crypto: sun8i-ss - support hash algorithms")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - rework handling of IV
Corentin Labbe [Mon, 2 May 2022 20:19:14 +0000 (20:19 +0000)]
crypto: sun8i-ss - rework handling of IV

sun8i-ss fail handling IVs when doing decryption of multiple SGs in-place.
It should backup the last block of each SG source for using it later as
IVs.
In the same time remove allocation on requests path for storing all
IVs.

Fixes: f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun4i-ss - do not allocate backup IV on requests
Corentin Labbe [Mon, 2 May 2022 20:19:13 +0000 (20:19 +0000)]
crypto: sun4i-ss - do not allocate backup IV on requests

Instead of allocate memory on each requests, it is easier to
pre-allocate buffer for backup IV.
This made error path easier.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - do not allocate memory when handling requests
Corentin Labbe [Mon, 2 May 2022 20:19:12 +0000 (20:19 +0000)]
crypto: sun8i-ce - do not allocate memory when handling requests

Instead of allocate memory on each requests, it is easier to
pre-allocate buffer for IV.
This made error path easier.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - Fix minor style issue
Corentin Labbe [Mon, 2 May 2022 20:19:11 +0000 (20:19 +0000)]
crypto: sun8i-ce - Fix minor style issue

This patch remove a double blank line.

Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: vmx - Fix build error
Masahiro Yamada [Sat, 7 May 2022 05:22:43 +0000 (14:22 +0900)]
crypto: vmx - Fix build error

When I refactored this Makefile, I accidentally changed the CONFIG
option.

Fixes: b52455a73db9 ("crypto: vmx - Align the short log with Makefile cleanups")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: vmx - Align the short log with Makefile cleanups
Masahiro Yamada [Sun, 1 May 2022 13:07:49 +0000 (22:07 +0900)]
crypto: vmx - Align the short log with Makefile cleanups

I notieced the log is not properly aligned:

  PERL drivers/crypto/vmx/aesp8-ppc.S
  CC [M]  fs/xfs/xfs_reflink.o
  PERL drivers/crypto/vmx/ghashp8-ppc.S
  CC [M]  drivers/crypto/vmx/aes.o

Add some spaces after 'PERL'.

While I was here, I cleaned up the Makefile:

 - Merge the two similar rules

 - Remove redundant 'clean-files' (Having 'targets' is enough)

 - Move the flavour into the build command

This still avoids the build failures fixed by commit 4ee812f6143d
("crypto: vmx - Avoid weird build failures").

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: atmel - Avoid flush_scheduled_work() usage
Tetsuo Handa [Sat, 30 Apr 2022 07:01:46 +0000 (16:01 +0900)]
crypto: atmel - Avoid flush_scheduled_work() usage

Flushing system-wide workqueues is dangerous and will be forbidden.
Replace system_wq with local atmel_wq.

If CONFIG_CRYPTO_DEV_ATMEL_{I2C,ECC,SHA204A}=y, the ordering in Makefile
guarantees that module_init() for atmel-i2c runs before module_init()
for atmel-ecc and atmel-sha204a runs.

Link: https://lkml.kernel.org/r/49925af7-78a8-a3dd-bce6-cfc02e1a9236@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: atmel-i2c - Simplify return code in probe function
Uwe Kleine-König [Fri, 29 Apr 2022 14:03:49 +0000 (16:03 +0200)]
crypto: atmel-i2c - Simplify return code in probe function

There is no semantical change introduced by this change.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: caam/rng - Add support for PRNG
Meenakshi Aggarwal [Fri, 29 Apr 2022 11:48:08 +0000 (13:48 +0200)]
crypto: caam/rng - Add support for PRNG

Add support for random number generation using PRNG
mode of CAAM and expose the interface through crypto API.

According to the RM, the HW implementation of the DRBG follows
NIST SP 800-90A specification for DRBG_Hash SHA-256 function

Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Horia Geant <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: cn10k - Enable compile testing
Herbert Xu [Fri, 29 Apr 2022 05:37:20 +0000 (13:37 +0800)]
hwrng: cn10k - Enable compile testing

This patch enables COMPILE_TEST for cn10k.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: atmel-sha204a - Suppress duplicate error message
Uwe Kleine-König [Thu, 28 Apr 2022 17:11:46 +0000 (19:11 +0200)]
crypto: atmel-sha204a - Suppress duplicate error message

Returning an error value in an i2c remove callback results in an error
message being emitted by the i2c core, but otherwise it doesn't make a
difference. The device goes away anyhow and the devm cleanups are
called.

As atmel_sha204a_remove already emits an error message ant the additional
error message by the i2c core doesn't add any useful information, change
the return value to zero to suppress this error message.

Note that after atmel_sha204a_remove() returns *i2c_priv is freed, so there
is trouble ahead because atmel_sha204a_rng_done() might be called after
that freeing. So make the error message a bit more frightening.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: atmel-sha204a - Remove useless check
Uwe Kleine-König [Thu, 28 Apr 2022 17:11:45 +0000 (19:11 +0200)]
crypto: atmel-sha204a - Remove useless check

kfree(NULL) is a noop, so there is no win in checking a pointer before
kfreeing it.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: inside-secure - Add MODULE_FIRMWARE macros
Juerg Haefliger [Wed, 27 Apr 2022 07:43:51 +0000 (09:43 +0200)]
crypto: inside-secure - Add MODULE_FIRMWARE macros

The safexcel module loads firmware so add MODULE_FIRMWARE macros to
provide that information via modinfo.

Signed-off-by: Juerg Haefliger <juergh@protonmail.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/sec - add sm4 generic selection
Kai Ye [Tue, 26 Apr 2022 11:53:58 +0000 (19:53 +0800)]
crypto: hisilicon/sec - add sm4 generic selection

Add sm4 generic selection for fallback tfm in the Kconfig.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: atmel-sha204a - Add support for ATSHA204 cryptochip
Pali Rohár [Thu, 21 Apr 2022 13:44:57 +0000 (15:44 +0200)]
crypto: atmel-sha204a - Add support for ATSHA204 cryptochip

ATSHA204 is predecessor of ATSHA204A which supports less features and some
of them are slightly different.

Introduce a new compatible string for ATSHA204 cryptochip "atmel,atsha204".

Current version of Linux kernel driver atmel-sha204a.c implements only hw
random number generator which is same in both ATSHA204 and ATSHA204A
cryptochips. So driver already supports also ATSHA204 hw generator, so just
simply extends list of compatible strings.

Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: optee - remove redundant initialization to variable rng_size
Colin Ian King [Sun, 24 Apr 2022 18:11:56 +0000 (19:11 +0100)]
hwrng: optee - remove redundant initialization to variable rng_size

Variable rng_size is being initialized with a value that is never read,
the variable is being re-assigned later on. The initialization is
redundant and can be removed.

Cleans up cppcheck warning:
Variable 'rng_size' is assigned a value that is never used.

Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - Fix unsigned function returning negative constant
Haowen Bai [Sun, 24 Apr 2022 08:50:31 +0000 (16:50 +0800)]
crypto: qat - Fix unsigned function returning negative constant

The function qat_uclo_check_image_compat has an unsigned return type, but
returns a negative constant to indicate an error condition. So we change
unsigned to int.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ecrdsa - Fix incorrect use of vli_cmp
Vitaly Chikunov [Thu, 21 Apr 2022 17:25:10 +0000 (20:25 +0300)]
crypto: ecrdsa - Fix incorrect use of vli_cmp

Correctly compare values that shall be greater-or-equal and not just
greater.

Fixes: 0d7a78643f69 ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm")
Cc: <stable@vger.kernel.org>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: caam - fix i.MX6SX entropy delay value
Fabio Estevam [Wed, 20 Apr 2022 12:06:01 +0000 (09:06 -0300)]
crypto: caam - fix i.MX6SX entropy delay value

Since commit 358ba762d9f1 ("crypto: caam - enable prediction resistance
in HRWNG") the following CAAM errors can be seen on i.MX6SX:

caam_jr 2101000.jr: 20003c5b: CCB: desc idx 60: RNG: Hardware error
hwrng: no data available

This error is due to an incorrect entropy delay for i.MX6SX.

Fix it by increasing the minimum entropy delay for i.MX6SX
as done in U-Boot:
https://patchwork.ozlabs.org/project/uboot/patch/20220415111049.2565744-1-gaurav.jain@nxp.com/

As explained in the U-Boot patch:

"RNG self tests are run to determine the correct entropy delay.
Such tests are executed with different voltages and temperatures to identify
the worst case value for the entropy delay. For i.MX6SX, it was determined
that after adding a margin value of 1000 the minimum entropy delay should be
at least 12000."

Cc: <stable@vger.kernel.org>
Fixes: 358ba762d9f1 ("crypto: caam - enable prediction resistance in HRWNG")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Vabhav Sharma <vabhav.sharma@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ce - using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Minghao Chi [Wed, 20 Apr 2022 03:02:18 +0000 (03:02 +0000)]
crypto: sun8i-ce - using pm_runtime_resume_and_get instead of pm_runtime_get_sync

Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync and
pm_runtime_put_noidle. This change is just to simplify the code, no
actual functional changes.

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sun8i-ss - using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Minghao Chi [Mon, 18 Apr 2022 11:05:37 +0000 (11:05 +0000)]
crypto: sun8i-ss - using pm_runtime_resume_and_get instead of pm_runtime_get_sync

Using pm_runtime_resume_and_get is more appropriate
for simplifing code

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: keembay - Make use of devm helper function devm_platform_ioremap_resource()
Lv Ruyi [Mon, 18 Apr 2022 01:57:00 +0000 (01:57 +0000)]
crypto: keembay - Make use of devm helper function devm_platform_ioremap_resource()

Use the devm_platform_ioremap_resource() helper instead of calling
platform_get_resource() and devm_ioremap_resource() separately.Make the
code simpler without functional changes.

Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccp - Fix the INIT_EX data file open failure
Jacky Li [Thu, 14 Apr 2022 16:23:25 +0000 (16:23 +0000)]
crypto: ccp - Fix the INIT_EX data file open failure

There are 2 common cases when INIT_EX data file might not be
opened successfully and fail the sev initialization:

1. In user namespaces, normal user tasks (e.g. VMM) can change their
   current->fs->root to point to arbitrary directories. While
   init_ex_path is provided as a module param related to root file
   system. Solution: use the root directory of init_task to avoid
   accessing the wrong file.

2. Normal user tasks (e.g. VMM) don't have the privilege to access
   the INIT_EX data file. Solution: open the file as root and
   restore permissions immediately.

Fixes: 3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support")
Signed-off-by: Jacky Li <jackyli@google.com>
Reviewed-by: Peter Gonda <pgonda@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agoRevert "hwrng: mpfs - Enable COMPILE_TEST"
Herbert Xu [Tue, 26 Apr 2022 09:42:36 +0000 (17:42 +0800)]
Revert "hwrng: mpfs - Enable COMPILE_TEST"

This reverts commit 6a71277ce91e4766ebe9a5f6725089c80d043ba2.

The underlying option POLARFIRE_SOC_SYS_CTRL already supports
COMPILE_TEST so there is no need for this.  What's more, if
we force this option on without the underlying option it fails
to build.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - remove hisi_qm_get_free_qp_num()
Weili Qian [Sat, 16 Apr 2022 10:45:59 +0000 (18:45 +0800)]
crypto: hisilicon/qm - remove hisi_qm_get_free_qp_num()

hisi_qm_get_free_qp_num() is to get the free queue number on the function.
It is a simple function and is only called by
hisi_qm_get_available_instances().

This patch modifies to get the free queue directly in
hisi_qm_get_available_instances(), and remove hisi_qm_get_free_qp_num().

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - replace hisi_qm_release_qp() with hisi_qm_free_qps()
Weili Qian [Sat, 16 Apr 2022 10:45:58 +0000 (18:45 +0800)]
crypto: hisilicon/qm - replace hisi_qm_release_qp() with hisi_qm_free_qps()

hisi_qm_free_qps() can release multiple queues in one call, and it is
already exported. So, replace hisi_qm_release_qp() with hisi_qm_free_qps()
in zip_crypto.c, and do not export hisi_qm_release_qp() outside qm.c.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - set function with static
Weili Qian [Sat, 16 Apr 2022 10:45:57 +0000 (18:45 +0800)]
crypto: hisilicon/qm - set function with static

These functions 'hisi_qm_create_qp' and 'hisi_qm_set_vft' are not
used outside qm.c, so they are marked as static.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - remove unused function declaration
Weili Qian [Sat, 16 Apr 2022 10:45:56 +0000 (18:45 +0800)]
crypto: hisilicon/qm - remove unused function declaration

The 'hisi_qm_get_hw_version' function is unused, so remove the function
declaration.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: mpfs - Enable COMPILE_TEST
Herbert Xu [Fri, 15 Apr 2022 08:37:47 +0000 (16:37 +0800)]
hwrng: mpfs - Enable COMPILE_TEST

The dependency on HW_RANDOM is redundant so this patch removes it.
As this driver seems to cross-compile just fine we could also enable
COMPILE_TEST.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: marvell/cesa - ECB does not IV
Corentin Labbe [Wed, 13 Apr 2022 19:11:54 +0000 (19:11 +0000)]
crypto: marvell/cesa - ECB does not IV

The DES3 ECB has an IV size set but ECB does not need one.

Fixes: 4ada483978237 ("crypto: marvell/cesa - add Triple-DES support")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccp - Log when resetting PSP SEV state
Peter Gonda [Wed, 13 Apr 2022 15:58:35 +0000 (08:58 -0700)]
crypto: ccp - Log when resetting PSP SEV state

Currently when the PSP returns a SECURE_DATA_INVALID error on INIT or
INIT_EX the driver retries the command once which should reset the PSP's
state SEV related state, meaning the PSP will regenerate its keying
material. This is logged with a dbg log but given this will change
system state this should be logged at a higher priority and with more
information.

Signed-off-by: Peter Gonda <pgonda@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: John Allen <john.allen@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: cn10k - Make check_rng_health() return an error code
Vladis Dronov [Wed, 13 Apr 2022 14:16:06 +0000 (16:16 +0200)]
hwrng: cn10k - Make check_rng_health() return an error code

Currently check_rng_health() returns zero unconditionally.
Make it to output an error code and return it.

Fixes: 38e9791a0209 ("hwrng: cn10k - Add random number generator support")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: cn10k - Optimize cn10k_rng_read()
Vladis Dronov [Wed, 13 Apr 2022 14:16:05 +0000 (16:16 +0200)]
hwrng: cn10k - Optimize cn10k_rng_read()

This function assumes that sizeof(void) is 1 and arithmetic works for
void pointers. This is a GNU C extention and may not work with other
compilers. Change this by using an u8 pointer.

Also move cn10k_read_trng() out of a loop thus saving some cycles.

Fixes: 38e9791a0209 ("hwrng: cn10k - Add random number generator support")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: sa2ul - Add the new compatible for AM62
Jayesh Choudhary [Tue, 12 Apr 2022 07:30:16 +0000 (13:00 +0530)]
crypto: sa2ul - Add the new compatible for AM62

Add the new compatible for am62x in of_match_table.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agodt-bindings: crypto: ti,sa2ul: Add a new compatible for AM62
Jayesh Choudhary [Tue, 12 Apr 2022 07:30:15 +0000 (13:00 +0530)]
dt-bindings: crypto: ti,sa2ul: Add a new compatible for AM62

Add the AM62 version of sa3ul to the compatible list.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: arm64/sm4 - Fix wrong dependency of NEON/CE implementation
Tianjia Zhang [Mon, 11 Apr 2022 03:13:13 +0000 (11:13 +0800)]
crypto: arm64/sm4 - Fix wrong dependency of NEON/CE implementation

Commit d2825fa9365d ("crypto: sm3,sm4 - move into crypto directory")
moved the sm4 library implementation from the lib/crypto directory to
the crypto directory and configured the name as CRYPTO_SM4. The arm64
SM4 NEON/CE implementation depends on this and needs to be modified
uniformly.

Fixes: 4f1aef9b806f ("crypto: arm64/sm4 - add ARMv8 NEON implementation")
Fixes: 5b33e0ec881c ("crypto: arm64/sm4 - add ARMv8 Crypto Extensions implementation")
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/sgl - align the hardware sgl dma address
Yang Shen [Sat, 9 Apr 2022 09:33:09 +0000 (17:33 +0800)]
crypto: hisilicon/sgl - align the hardware sgl dma address

The hardware needs aligned sgl dma address. So expend the sgl_size to
align 64 bytes.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/zip - support last word dumping
Kai Ye [Sat, 9 Apr 2022 08:03:28 +0000 (16:03 +0800)]
crypto: hisilicon/zip - support last word dumping

1. Add some debugging registers.
2. Add last word dumping function during zip engine controller reset.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/hpre - support last word dumping
Kai Ye [Sat, 9 Apr 2022 08:03:27 +0000 (16:03 +0800)]
crypto: hisilicon/hpre - support last word dumping

1. Add some debugging registers.
2. Add last word dumping function during hpre engine controller reset.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/sec - support last word dumping
Kai Ye [Sat, 9 Apr 2022 08:03:26 +0000 (16:03 +0800)]
crypto: hisilicon/sec - support last word dumping

Add last word dumping function during sec engine controller reset.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - add last word dumping for ACC
Kai Ye [Sat, 9 Apr 2022 08:03:25 +0000 (16:03 +0800)]
crypto: hisilicon/qm - add last word dumping for ACC

Add last word dumping function during acc engines controller reset.
The last words are reported to the printed information during the
reset. The dmesg information included qm debugging registers and
engine debugging registers. It can help to improve debugging
capability.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agoDocumentation: update debugfs doc for Hisilicon ZIP
Kai Ye [Sat, 9 Apr 2022 08:03:24 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon ZIP

Update documentation describing DebugFS that could help
to check the change of register values.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agoDocumentation: update debugfs doc for Hisilicon SEC
Kai Ye [Sat, 9 Apr 2022 08:03:23 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon SEC

Update documentation describing DebugFS that could help
to check the change of register values.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agoDocumentation: update debugfs doc for Hisilicon HPRE
Kai Ye [Sat, 9 Apr 2022 08:03:22 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon HPRE

Update documentation describing DebugFS that could help
to check the change of register values.

Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/zip - support register checking
Kai Ye [Sat, 9 Apr 2022 08:03:21 +0000 (16:03 +0800)]
crypto: hisilicon/zip - support register checking

The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.

Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/sec - support register checking
Kai Ye [Sat, 9 Apr 2022 08:03:20 +0000 (16:03 +0800)]
crypto: hisilicon/sec - support register checking

The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.

Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/hpre - support register checking
Kai Ye [Sat, 9 Apr 2022 08:03:19 +0000 (16:03 +0800)]
crypto: hisilicon/hpre - support register checking

The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.

Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: hisilicon/qm - add register checking for ACC
Kai Ye [Sat, 9 Apr 2022 08:03:18 +0000 (16:03 +0800)]
crypto: hisilicon/qm - add register checking for ACC

Add register detection function to accelerator. Provided a tool that
user can checking differential register through Debugfs.
e.g.
    cd /sys/kernel/debug/hisi_zip/<bdf>/zip_dfx
    cat diff_regs

Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ux500/hash - simplify if-if to if-else
Yihao Han [Fri, 8 Apr 2022 14:23:49 +0000 (07:23 -0700)]
crypto: ux500/hash - simplify if-if to if-else

Replace `if (!req_ctx->updated)` with `else` for simplification
and add curly brackets according to the kernel coding style:

"Do not unnecessarily use braces where a single statement will do."

...

"This does not apply if only one branch of a conditional statement is
a single statement; in the latter case use braces in both branches"

Please refer to:
https://www.kernel.org/doc/html/v5.17-rc8/process/coding-style.html

Signed-off-by: Yihao Han <hanyihao@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agohwrng: mpfs - add polarfire soc hwrng support
Conor Dooley [Fri, 8 Apr 2022 10:09:12 +0000 (10:09 +0000)]
hwrng: mpfs - add polarfire soc hwrng support

Add a driver to access the hardware random number generator on the
Polarfire SoC. The hwrng can only be accessed via the system controller,
so use the mailbox interface the system controller exposes to access the
hwrng.

Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove line wrapping for pfvf_ops functions
Marco Chiappero [Thu, 7 Apr 2022 16:54:55 +0000 (17:54 +0100)]
crypto: qat - remove line wrapping for pfvf_ops functions

Remove unnecessary line wrapping for the
adf_enable_vf2pf_interrupts() function, and harmonize pfvf_ops text.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - use u32 variables in all GEN4 pfvf_ops
Marco Chiappero [Thu, 7 Apr 2022 16:54:54 +0000 (17:54 +0100)]
crypto: qat - use u32 variables in all GEN4 pfvf_ops

Change adf_gen4_enable_vf2pf_interrupts() to use a u32 variable,
consistently with both other GEN4 pfvf_ops and pfvf_ops of other
generations.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - replace disable_vf2pf_interrupts()
Marco Chiappero [Thu, 7 Apr 2022 16:54:53 +0000 (17:54 +0100)]
crypto: qat - replace disable_vf2pf_interrupts()

As a consequence of the refactored VF2PF interrupt handling logic, a
function that disables specific VF2PF interrupts is no longer needed.
Instead, a simpler function that disables all the interrupts, also
hiding the device specific amount of VFs to be disabled from the
pfvf_ops users, would be sufficient.

This patch replaces disable_vf2pf_interrupts() with the new
disable_all_vf2pf_interrupts(), which doesn't need any argument and
disables all the VF2PF interrupts.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - leverage the GEN2 VF mask definiton
Marco Chiappero [Thu, 7 Apr 2022 16:54:52 +0000 (17:54 +0100)]
crypto: qat - leverage the GEN2 VF mask definiton

Replace hard coded VF masks in adf_gen2_pfvf.c with the recently
introduced ADF_GEN2_VF_MSK.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - rework the VF2PF interrupt handling logic
Marco Chiappero [Thu, 7 Apr 2022 16:54:51 +0000 (17:54 +0100)]
crypto: qat - rework the VF2PF interrupt handling logic

Change the VF2PF interrupt handler in the PF ISR and the definition of
the internal PFVF API to correct the current implementation, which can
result in missed interrupts.

More specifically, current HW generations consider a write to the mask
register, regardless of the value, as an acknowledge of any pending
VF2PF interrupt. Therefore, if there is an interrupt between the source
register read and the mask register write, such interrupt will not be
delivered and silently acknowledged, resulting in a lost VF2PF message.

To work around the problem, rather than disabling specific interrupts,
disable all the interrupts and re-enable only the ones that we are not
serving (excluding the already disabled ones too). This will force any
other pending interrupt to be triggered and be serviced by a subsequent
ISR.

This new approach requires, however, changes to the interrupt related
pfvf_ops functions. In particular, get_vf2pf_sources() has now been
removed in favor of disable_pending_vf2pf_interrupts(), which not only
retrieves and returns the pending (and enabled) sources, but also
disables them.
As a consequence, introduce the adf_disable_pending_vf2pf_interrupts()
utility in place of adf_disable_vf2pf_interrupts_irq(), which is no
longer needed.

Cc: stable@vger.kernel.org
Fixes: 993161d ("crypto: qat - fix handling of VF to PF interrupts")
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - fix off-by-one error in PFVF debug print
Marco Chiappero [Thu, 7 Apr 2022 16:54:50 +0000 (17:54 +0100)]
crypto: qat - fix off-by-one error in PFVF debug print

PFVF Block Message requests for CRC use 0-based values to indicate
amounts, which have to be remapped to 1-based values on the receiving
side.

This patch fixes one debug print which was however using the wire value.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - fix wording and formatting in code comment
Marco Chiappero [Thu, 7 Apr 2022 16:54:49 +0000 (17:54 +0100)]
crypto: qat - fix wording and formatting in code comment

Remove an unintentional extra space and improve the readability of a
PFVF related code comment.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - test PFVF registers for spurious interrupts on GEN4
Marco Chiappero [Thu, 7 Apr 2022 16:54:48 +0000 (17:54 +0100)]
crypto: qat - test PFVF registers for spurious interrupts on GEN4

Spurious PFVF interrupts can happen when either the ISR is invoked
without a valid source being set or, otherwise, when no interrupt bit
is set in the PFVF register containing the message.

The latter test was present for GEN2 devices but missing for GEN4, this
patch fills the gap.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - add check for invalid PFVF protocol version 0
Wojciech Ziemba [Thu, 7 Apr 2022 16:54:47 +0000 (17:54 +0100)]
crypto: qat - add check for invalid PFVF protocol version 0

PFVF protocol version 0 is not a valid version, but PF drivers
currently would report any such version from VFs as compatible.
This patch adds an extra check for the invalid PFVF protocol
version 0.

Signed-off-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - add missing restarting event notification in VFs
Marco Chiappero [Thu, 7 Apr 2022 16:54:46 +0000 (17:54 +0100)]
crypto: qat - add missing restarting event notification in VFs

VF drivers are notified via PFVF of the VFs being disabled, but
such notification was not propagated within the VF driver.
Dispatch the ADF_EVENT_RESTARTING event by adding a missing call
to adf_dev_restarting_notify().

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove unnecessary tests to detect PFVF support
Marco Chiappero [Thu, 7 Apr 2022 16:54:45 +0000 (17:54 +0100)]
crypto: qat - remove unnecessary tests to detect PFVF support

Previously, the GEN4 host driver supported SR-IOV but had no working
implementation of the PFVF protocol to communicate with VF drivers.
Since all the host drivers for QAT devices now support both SR-IOV and
PFVF, remove the old and unnecessary checks to test PFVF support.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove unused PFVF stubs
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:44 +0000 (17:54 +0100)]
crypto: qat - remove unused PFVF stubs

The functions adf_enable_pf2vf_interrupts(), adf_flush_vf_wq() and
adf_disable_pf2vf_interrupts() are not referenced when the driver is
compiled with CONFIG_PCI_IOV=n. This patch removes these unused stubs.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - remove unneeded braces
Marco Chiappero [Thu, 7 Apr 2022 16:54:43 +0000 (17:54 +0100)]
crypto: qat - remove unneeded braces

Remove unnecessary braces around a single statement in a for loop.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - fix ETR sources enabled by default on GEN2 devices
Marco Chiappero [Thu, 7 Apr 2022 16:54:42 +0000 (17:54 +0100)]
crypto: qat - fix ETR sources enabled by default on GEN2 devices

When the driver starts the device, it enables all the necessary
interrupts. However interrupts associated to host rings are enabled by
default on all GEN2 devices (except for dh895x) even when SR-IOV is
active. Fix this behaviour by checking if data structures associated to
VFs have been allocated to determine whether to enable such interrupts
or not.

Since the logic for the fix is the same across GEN2 devices, replace
the function to be fixed (adf_enable_ints()) with a single one
(adf_gen2_enable_ints()) in the common GEN2 code in adf_gen2_hw_data.c.
Likewise, remove the unnecessary duplication of defines too.

Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - set COMPRESSION capability for DH895XCC
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:41 +0000 (17:54 +0100)]
crypto: qat - set COMPRESSION capability for DH895XCC

The capability detection logic clears bits for the features that are
disabled in a certain SKU. For example, if the bit associate to
compression is not present in the LEGFUSE register, the correspondent
bit is cleared in the capability mask.
This change adds the compression capability to the mask as this was
missing in the commit that enhanced the capability detection logic.

Fixes: cfe4894eccdc ("crypto: qat - set COMPRESSION capability for QAT GEN2")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - set CIPHER capability for DH895XCC
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:40 +0000 (17:54 +0100)]
crypto: qat - set CIPHER capability for DH895XCC

Set the CIPHER capability for QAT DH895XCC devices if the hardware supports
it. This is done if both the CIPHER and the AUTHENTICATION engines are
available on the device.

Fixes: ad1332aa67ec ("crypto: qat - add support for capability detection")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccree - use fine grained DMA mapping dir
Gilad Ben-Yossef [Wed, 6 Apr 2022 08:11:39 +0000 (11:11 +0300)]
crypto: ccree - use fine grained DMA mapping dir

Use a fine grained specification of DMA mapping directions
in certain cases, allowing both a more optimized operation
as well as shushing out a harmless, though persky
dma-debug warning.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccree - rearrange init calls to avoid race
Gilad Ben-Yossef [Wed, 6 Apr 2022 08:11:38 +0000 (11:11 +0300)]
crypto: ccree - rearrange init calls to avoid race

Rearrange init calls to avoid the rare race condition of
the cipher algs being registered and used while we still
init the hash code which uses the HW without proper lock.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Dung Nguyen <dung.nguyen.zy@renesas.com>
Tested-by: Jing Dan <jing.dan.nx@renesas.com>
Tested-by: Dung Nguyen <dung.nguyen.zy@renesas.com>
Fixes: 63893811b0fc("crypto: ccree - add ahash support")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: qat - stop using iommu_present()
Robin Murphy [Tue, 5 Apr 2022 12:25:11 +0000 (13:25 +0100)]
crypto: qat - stop using iommu_present()

Even if an IOMMU might be present for some PCI segment in the system,
that doesn't necessarily mean it provides translation for the device
we care about. Replace iommu_present() with a more appropriate check.

Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: cavium/nitrox - remove check of list iterator against head past the loop...
Jakob Koschel [Thu, 31 Mar 2022 21:59:10 +0000 (23:59 +0200)]
crypto: cavium/nitrox - remove check of list iterator against head past the loop body

When list_for_each_entry() completes the iteration over the whole list
without breaking the loop, the iterator value will be a bogus pointer
computed based on the head element.

While it is safe to use the pointer to determine if it was computed
based on the head element, either with list_entry_is_head() or
&pos->member == head, using the iterator variable after the loop should
be avoided.

In preparation to limit the scope of a list iterator to the list
traversal loop, use a dedicated pointer to point to the found element [1].

Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccp - When TSME and SME both detected notify user
Mario Limonciello [Thu, 31 Mar 2022 21:12:13 +0000 (16:12 -0500)]
crypto: ccp - When TSME and SME both detected notify user

CC_ATTR_HOST_MEM_ENCRYPT is used to relay that memory encryption has been
activated by the kernel.

As it's technically possible to enable both SME and TSME at the same time,
detect this scenario and notify the user that enabling TSME and SME at the
same time is unnecessary.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccp - Allow PSP driver to load without SEV/TEE support
Mario Limonciello [Thu, 31 Mar 2022 21:12:12 +0000 (16:12 -0500)]
crypto: ccp - Allow PSP driver to load without SEV/TEE support

Previously the PSP probe routine would fail if both SEV and TEE were
missing.  This is possibly the case for some client parts.

As capabilities can now be accessed from userspace, it may still be
useful to have the PSP driver finish loading so that those capabilities
can be read.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
3 years agocrypto: ccp - Export PSP security bits to userspace
Mario Limonciello [Thu, 31 Mar 2022 21:12:11 +0000 (16:12 -0500)]
crypto: ccp - Export PSP security bits to userspace

The PSP sets several pre-defined bits in the capabilities
register to indicate that security attributes of the platform.

Export these attributes into userspace for administrators to
confirm platform is properly locked down.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>