]> www.infradead.org Git - users/hch/uuid.git/log
users/hch/uuid.git
2 years agocrypto: amlogic - Remove prepare/unprepare request
Herbert Xu [Sun, 13 Aug 2023 06:54:11 +0000 (14:54 +0800)]
crypto: amlogic - Remove prepare/unprepare request

The callbacks for prepare and unprepare request in crypto_engine
is superfluous.  They can be done directly from do_one_request.

Move the code into do_one_request and remove the unused callbacks.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sun8i-ss - Remove prepare/unprepare request
Herbert Xu [Sun, 13 Aug 2023 06:54:09 +0000 (14:54 +0800)]
crypto: sun8i-ss - Remove prepare/unprepare request

The callbacks for prepare and unprepare request in crypto_engine
is superfluous.  They can be done directly from do_one_request.

Move the code into do_one_request and remove the unused callbacks.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sun8i-ce - Remove prepare/unprepare request
Herbert Xu [Sun, 13 Aug 2023 06:54:07 +0000 (14:54 +0800)]
crypto: sun8i-ce - Remove prepare/unprepare request

The callbacks for prepare and unprepare request in crypto_engine
is superfluous.  They can be done directly from do_one_request.

Move the code into do_one_request and remove the unused callbacks.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qcom-rng: Make the core clock optional regardless of ACPI presence
Konrad Dybcio [Fri, 11 Aug 2023 20:50:57 +0000 (22:50 +0200)]
crypto: qcom-rng: Make the core clock optional regardless of ACPI presence

Some newer SoCs (like SM8450) do not require a clock vote for the PRNG
to function. Make it entirely optional and rely on the bindings checker
to ensure platforms that need it, consume one.

Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: qcom,prng: Add SM8450
Konrad Dybcio [Fri, 11 Aug 2023 20:50:56 +0000 (22:50 +0200)]
dt-bindings: crypto: qcom,prng: Add SM8450

SM8450's PRNG does not require a core clock reference. Add a new
compatible with a qcom,prng-ee fallback and handle that.

Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: drivers - avoid memcpy size warning
Arnd Bergmann [Fri, 11 Aug 2023 13:46:33 +0000 (15:46 +0200)]
crypto: drivers - avoid memcpy size warning

Some configurations with gcc-12 or gcc-13 produce a warning for the source
and destination of a memcpy() in atmel_sha_hmac_compute_ipad_hash() potentially
overlapping:

In file included from include/linux/string.h:254,
                 from drivers/crypto/atmel-sha.c:15:
drivers/crypto/atmel-sha.c: In function 'atmel_sha_hmac_compute_ipad_hash':
include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing 129 or more bytes at offsets 408 and 280 overlaps 1 or more bytes at offset 408 [-Werror=restrict]
   57 | #define __underlying_memcpy     __builtin_memcpy
      |                                 ^
include/linux/fortify-string.h:648:9: note: in expansion of macro '__underlying_memcpy'
  648 |         __underlying_##op(p, q, __fortify_size);                        \
      |         ^~~~~~~~~~~~~
include/linux/fortify-string.h:693:26: note: in expansion of macro '__fortify_memcpy_chk'
  693 | #define memcpy(p, q, s)  __fortify_memcpy_chk(p, q, s,                  \
      |                          ^~~~~~~~~~~~~~~~~~~~
drivers/crypto/atmel-sha.c:1773:9: note: in expansion of macro 'memcpy'
 1773 |         memcpy(hmac->opad, hmac->ipad, bs);
      |         ^~~~~~

The same thing happens in two more drivers that have the same logic:

drivers/crypto/chelsio/chcr_algo.c: In function 'chcr_ahash_setkey':
include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing 129 or more bytes at offsets 260 and 132 overlaps 1 or more bytes at offset 260 [-Werror=restrict]
drivers/crypto/bcm/cipher.c: In function 'ahash_hmac_setkey':
include/linux/fortify-string.h:57:33: error: '__builtin_memcpy' accessing between 129 and 4294967295 bytes at offsets 840 and 712 overlaps between 1 and 4294967167 bytes at offset 840 [-Werror=restrict]

I don't think it can actually happen because the size is strictly bounded
to the available block sizes, at most 128 bytes, though inlining decisions
could lead gcc to not see that.

Use the unsafe_memcpy() helper instead of memcpy(), with the only difference
being that this skips the hardening checks that produce the warning.

Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: iproc-rng200 - Implement suspend and resume calls
Florian Fainelli [Thu, 10 Aug 2023 19:22:08 +0000 (12:22 -0700)]
hwrng: iproc-rng200 - Implement suspend and resume calls

Chips such as BCM7278 support system wide suspend/resume which will
cause the HWRNG block to lose its state and reset to its power on reset
register values. We need to cleanup and re-initialize the HWRNG for it
to be functional coming out of a system suspend cycle.

Fixes: c3577f6100ca ("hwrng: iproc-rng200 - Add support for BCM7278")
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: core - Remove duplicated include
GUO Zihua [Thu, 10 Aug 2023 13:00:43 +0000 (21:00 +0800)]
hwrng: core - Remove duplicated include

Remove duplicated include of linux/random.h. Resolves checkincludes
message. And adjust includes in alphabetical order.

Signed-off-by: GUO Zihua <guozihua@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: exynos - fix Wvoid-pointer-to-enum-cast warning
Krzysztof Kozlowski [Thu, 10 Aug 2023 10:00:23 +0000 (12:00 +0200)]
crypto: exynos - fix Wvoid-pointer-to-enum-cast warning

'type' is an enum, thus cast of pointer on 64-bit compile test with W=1
causes:

  exynos-rng.c:280:14: error: cast to smaller integer type 'enum exynos_prng_type' from 'const void *' [-Werror,-Wvoid-pointer-to-enum-cast]

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - Remove unused function declarations
Yue Haibing [Wed, 9 Aug 2023 03:16:14 +0000 (11:16 +0800)]
crypto: qat - Remove unused function declarations

Commit d8cba25d2c68 ("crypto: qat - Intel(R) QAT driver framework")
declared but never implemented these functions.

Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: allwinner - Remove unused function declarations
Yue Haibing [Wed, 9 Aug 2023 03:14:43 +0000 (11:14 +0800)]
crypto: allwinner - Remove unused function declarations

Commit 06f751b61329 ("crypto: allwinner - Add sun8i-ce Crypto Engine")
declared but never implemented sun8i_ce_enqueue().
Commit 56f6d5aee88d ("crypto: sun8i-ce - support hash algorithms")
declared but never implemented sun8i_ce_hash().
Commit f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
declared but never implemented sun8i_ss_enqueue().

Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam/jr - fix shared IRQ line handling
Horia Geantă [Tue, 8 Aug 2023 10:55:27 +0000 (12:55 +0200)]
crypto: caam/jr - fix shared IRQ line handling

There are cases when the interrupt status register (JRINTR) is non-zero,
even though:
1. An interrupt was generated, but it was masked OR
2. There was no interrupt generated at all
for the corresponding job ring.

1. The case when interrupt is masked (JRCFGR_LS[IMSK]=1b'1)
while other events have happened and are being accounted for, e.g.
-JRINTR[HALT]=2b'10 - input job ring underwent a flush of all on-going
jobs and processing of still-existing jobs (sitting in the ring) has been
halted
-JRINTR[HALT]=2b'01 - input job ring is currently undergoing a flush
-JRINTR[ENTER_FAIL]=1b'1 - SecMon / SNVS transitioned to FAIL MODE
It doesn't matter whether these events would assert the interrupt signal
or not, interrupt is anyhow masked.

2. The case when interrupt is not masked (JRCFGR_LS[IMSK]=1b'0), however
the events accounted for in JRINTR do not generate interrupts, e.g.:
-JRINTR[HALT]=2b'01
-JRINTR[ENTER_FAIL]=1b'1 and JRCFGR_MS[FAIL_MODE]=1b'0

Currently in these cases, when the JR interrupt handler is invoked (as a
consequence of JR sharing the interrupt line with other devices - e.g.
the two JRs on i.MX7ULP) it continues execution instead of returning
IRQ_NONE.
This could lead to situations like interrupt handler clearing JRINTR (and
thus also the JRINTR[HALT] field) while corresponding job ring is
suspended and then that job ring failing on resume path, due to expecting
JRINTR[HALT]=b'10 and reading instead JRINTR[HALT]=b'00.

Fix this by checking status of JRINTR[JRI] in the JR interrupt handler.
If JRINTR[JRI]=1b'0, there was no interrupt generated for this JR and
handler must return IRQ_NONE.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - increase the domain of write memory barrier to full system
Iuliana Prodan [Tue, 8 Aug 2023 10:55:26 +0000 (12:55 +0200)]
crypto: caam - increase the domain of write memory barrier to full system

In caam_jr_enqueue, under heavy DDR load, smp_wmb() or dma_wmb()
fail to make the input ring be updated before the CAAM starts
reading it. So, CAAM will process, again, an old descriptor address
and will put it in the output ring. This will make caam_jr_dequeue()
to fail, since this old descriptor is not in the software ring.
To fix this, use wmb() which works on the full system instead of
inner/outer shareable domains.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - fix unchecked return value error
Gaurav Jain [Tue, 8 Aug 2023 10:55:25 +0000 (12:55 +0200)]
crypto: caam - fix unchecked return value error

error:
Unchecked return value (CHECKED_RETURN)
check_return: Calling sg_miter_next without checking return value

fix:
added check if(!sg_miter_next)

Fixes: 8a2a0dd35f2e ("crypto: caam - strip input zeros from RSA input buffer")
Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - fix PM operations definition
Arnd Bergmann [Mon, 7 Aug 2023 11:16:43 +0000 (13:16 +0200)]
crypto: caam - fix PM operations definition

The newly added PM operations use the deprecated SIMPLE_DEV_PM_OPS() macro,
causing a warning in some configurations:

drivers/crypto/caam/ctrl.c:828:12: error: 'caam_ctrl_resume' defined but not used [-Werror=unused-function]
  828 | static int caam_ctrl_resume(struct device *dev)
      |            ^~~~~~~~~~~~~~~~
drivers/crypto/caam/ctrl.c:818:12: error: 'caam_ctrl_suspend' defined but not used [-Werror=unused-function]
  818 | static int caam_ctrl_suspend(struct device *dev)
      |            ^~~~~~~~~~~~~~~~~
drivers/crypto/caam/jr.c:732:12: error: 'caam_jr_resume' defined but not used [-Werror=unused-function]
  732 | static int caam_jr_resume(struct device *dev)
      |            ^~~~~~~~~~~~~~
drivers/crypto/caam/jr.c:687:12: error: 'caam_jr_suspend' defined but not used [-Werror=unused-function]
  687 | static int caam_jr_suspend(struct device *dev)
      |            ^~~~~~~~~~~~~~~

Use the normal DEFINE_SIMPLE_DEV_PM_OPS() variant now, and use pm_ptr() to
completely eliminate the structure in configs without CONFIG_PM.

Fixes: 322d74752c28a ("crypto: caam - add power management support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: jitter - Add clarifying comments to Jitter Entropy RCT cutoff values
Joachim Vandersmissen [Sun, 6 Aug 2023 19:19:03 +0000 (14:19 -0500)]
crypto: jitter - Add clarifying comments to Jitter Entropy RCT cutoff values

The RCT cutoff values are correct, but they don't exactly match the ones
one would expect when computing them using the formula in SP800-90B. This
discrepancy is due to the fact that the Jitter Entropy RCT starts at 1. To
avoid any confusion by future reviewers, add some comments and explicitly
subtract 1 from the "correct" cutoff values in the definitions.

Signed-off-by: Joachim Vandersmissen <git@jvdsn.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
Mark O'Donovan [Fri, 4 Aug 2023 09:32:18 +0000 (09:32 +0000)]
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()

During NVMeTCP Authentication a controller can trigger a kernel
oops by specifying the 8192 bit Diffie Hellman group and passing
a correctly sized, but zeroed Diffie Hellamn value.
mpi_cmp_ui() was detecting this if the second parameter was 0,
but 1 is passed from dh_is_pubkey_valid(). This causes the null
pointer u->d to be dereferenced towards the end of mpi_cmp_ui()

Signed-off-by: Mark O'Donovan <shiftee@posteo.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: lib - Move mpi into lib/crypto
Herbert Xu [Fri, 4 Aug 2023 09:24:34 +0000 (17:24 +0800)]
crypto: lib - Move mpi into lib/crypto

As lib/mpi is mostly used by crypto code, move it under lib/crypto
so that patches touching it get directed to the right mailing list.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: api - Use work queue in crypto_destroy_instance
Herbert Xu [Thu, 3 Aug 2023 09:59:28 +0000 (17:59 +0800)]
crypto: api - Use work queue in crypto_destroy_instance

The function crypto_drop_spawn expects to be called in process
context.  However, when an instance is unregistered while it still
has active users, the last user may cause the instance to be freed
in atomic context.

Fix this by delaying the freeing to a work queue.

Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns")
Reported-by: Florent Revest <revest@chromium.org>
Reported-by: syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com
Reported-by: syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Florent Revest <revest@chromium.org>
Acked-by: Florent Revest <revest@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/sec - Do not check for 0 return after calling platform_get_irq()
Ruan Jinjie [Thu, 3 Aug 2023 09:29:33 +0000 (17:29 +0800)]
crypto: hisilicon/sec - Do not check for 0 return after calling platform_get_irq()

Since commit ce753ad1549c ("platform: finally disallow IRQ0 in
platform_get_irq() and its ilk"), there is no possible for
platform_get_irq() to return 0. Use the return value
from platform_get_irq().

Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - use kfree_sensitive instead of memset/kfree()
Yang Yingliang [Wed, 2 Aug 2023 09:14:27 +0000 (17:14 +0800)]
crypto: qat - use kfree_sensitive instead of memset/kfree()

Use kfree_sensitive() instead of memset() and kfree().

Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: af_alg - Decrement struct key.usage in alg_set_by_key_serial()
Frederick Lawler [Tue, 1 Aug 2023 13:57:09 +0000 (08:57 -0500)]
crypto: af_alg - Decrement struct key.usage in alg_set_by_key_serial()

Calls to lookup_user_key() require a corresponding key_put() to
decrement the usage counter. Once it reaches zero, we schedule key GC.
Therefore decrement struct key.usage in alg_set_by_key_serial().

Fixes: 7984ceb134bf ("crypto: af_alg - Support symmetric encryption via keyring keys")
Cc: <stable@vger.kernel.org>
Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: arm64/aes - remove Makefile hack
Masahiro Yamada [Tue, 1 Aug 2023 10:11:46 +0000 (19:11 +0900)]
crypto: arm64/aes - remove Makefile hack

Do it more simiply. This also fixes single target builds.

[before]

  $ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- arch/arm64/crypto/aes-glue-ce.i
    [snip]
  make[4]: *** No rule to make target 'arch/arm64/crypto/aes-glue-ce.i'.  Stop.

[after]

  $ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- arch/arm64/crypto/aes-glue-ce.i
    [snip]
    CPP     arch/arm64/crypto/aes-glue-ce.i

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - Convert to platform remove callback returning void
Uwe Kleine-König [Mon, 31 Jul 2023 16:54:56 +0000 (18:54 +0200)]
crypto: stm32 - Convert to platform remove callback returning void

The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new() which already returns void. Eventually after all drivers
are converted, .remove_new() is renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - Drop if block with always false condition
Uwe Kleine-König [Mon, 31 Jul 2023 16:54:55 +0000 (18:54 +0200)]
crypto: stm32 - Drop if block with always false condition

stm32_hash_remove() is only called after stm32_hash_probe() succeeded. In
this case platform_set_drvdata() was called with a non-NULL data patameter.

The check for hdev being non-NULL can be dropped because hdev is never NULL
(or something bad like memory corruption happened and then the check
doesn't help any more either).

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - Properly handle pm_runtime_get failing
Uwe Kleine-König [Mon, 31 Jul 2023 16:54:54 +0000 (18:54 +0200)]
crypto: stm32 - Properly handle pm_runtime_get failing

If pm_runtime_get() (disguised as pm_runtime_resume_and_get()) fails, this
means the clk wasn't prepared and enabled. Returning early in this case
however is wrong as then the following resource frees are skipped and this
is never catched up. So do all the cleanups but clk_disable_unprepare().

Also don't emit a warning, as stm32_hash_runtime_resume() already emitted
one.

Note that the return value of stm32_hash_remove() is mostly ignored by
the device core. The only effect of returning zero instead of an error
value is to suppress another warning in platform_remove(). So return 0
even if pm_runtime_resume_and_get() failed.

Fixes: 8b4d566de6a5 ("crypto: stm32/hash - Add power management support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: starfive - fix return value check in starfive_aes_prepare_req()
Yang Yingliang [Mon, 31 Jul 2023 14:02:49 +0000 (22:02 +0800)]
crypto: starfive - fix return value check in starfive_aes_prepare_req()

kzalloc() returns NULL pointer not PTR_ERR() when it fails,
so replace the IS_ERR() check with NULL pointer check.

Fixes: e22471c2331c ("crypto: starfive - Add AES skcipher and aead support")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: xgene: Add explicit io.h include
Rob Herring [Fri, 4 Aug 2023 14:48:44 +0000 (08:48 -0600)]
hwrng: xgene: Add explicit io.h include

Commit 0788257aeebe ("hwrng: Explicitly include correct DT includes")
removed an implicit include of io.h. On most architectures, there's
still an implicit include of it, but not on s390. Enabling COMPILE_TEST
in commit 1ce1cd8208ad ("hwrng: Enable COMPILE_TEST for more drivers")
exposed this.

Fixes: 0788257aeebe ("hwrng: Explicitly include correct DT includes")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202308042049.8R2tNRoo-lkp@intel.com/
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: Enable COMPILE_TEST for more drivers
Rob Herring [Fri, 28 Jul 2023 19:50:15 +0000 (13:50 -0600)]
hwrng: Enable COMPILE_TEST for more drivers

There's quite a few hwrng drivers which are easily enabled for
COMPILE_TEST, so let's enable them.

The dependency on HW_RANDOM is redundant, so drop that while we're here.

Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: Explicitly include correct DT includes
Rob Herring [Fri, 28 Jul 2023 13:48:27 +0000 (07:48 -0600)]
hwrng: Explicitly include correct DT includes

The DT of_device.h and of_platform.h date back to the separate
of_platform_bus_type before it was merged into the regular platform bus.
As part of that merge prepping Arm DT support 13 years ago, they
"temporarily" include each other. They also include platform_device.h
and of.h. As a result, there's a pretty much random mix of those include
files used throughout the tree. In order to detangle these headers and
replace the implicit includes with struct declarations, users need to
explicitly include the correct includes.

Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390
David Howells [Wed, 26 Jul 2023 21:53:19 +0000 (22:53 +0100)]
crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390

Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point
to the scatterlist array in areq->first_rsgl.sgl.sgl.

Without this, the gcm-aes-s390 driver will oops when it tries to do
gcm_walk_start() on req->dst because req->dst is set to the value of
areq->first_rsgl.sgl.sgl by _aead_recvmsg() calling
aead_request_set_crypt().

The problem comes if an empty ciphertext is passed: the loop in
af_alg_get_rsgl() just passes straight out and doesn't set areq->first_rsgl
up.

This isn't a problem on x86_64 using gcmaes_crypt_by_sg() because, as far
as I can tell, that ignores req->dst and only uses req->src[*].

[*] Is this a bug in aesni-intel_glue.c?

The s390x oops looks something like:

 Unable to handle kernel pointer dereference in virtual kernel address space
 Failing address: 0000000a00000000 TEID: 0000000a00000803
 Fault in home space mode while using kernel ASCE.
 AS:00000000a43a0007 R3:0000000000000024
 Oops: 003b ilc:2 [#1] SMP
 ...
 Call Trace:
  [<000003ff7fc3d47e>] gcm_walk_start+0x16/0x28 [aes_s390]
  [<00000000a2a342f2>] crypto_aead_decrypt+0x9a/0xb8
  [<00000000a2a60888>] aead_recvmsg+0x478/0x698
  [<00000000a2e519a0>] sock_recvmsg+0x70/0xb0
  [<00000000a2e51a56>] sock_read_iter+0x76/0xa0
  [<00000000a273e066>] vfs_read+0x26e/0x2a8
  [<00000000a273e8c4>] ksys_read+0xbc/0x100
  [<00000000a311d808>] __do_syscall+0x1d0/0x1f8
  [<00000000a312ff30>] system_call+0x70/0x98
 Last Breaking-Event-Address:
  [<000003ff7fc3e6b4>] gcm_aes_crypt+0x104/0xa68 [aes_s390]

Fixes: c1abe6f570af ("crypto: af_alg: Use extract_iter_to_sg() to create scatterlists")
Reported-by: Ondrej Mosnáček <omosnacek@gmail.com>
Link: https://lore.kernel.org/r/CAAUqJDuRkHE8fPgZJGaKjUjd3QfGwzfumuJBmStPqBhubxyk_A@mail.gmail.com/
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Herbert Xu <herbert@gondor.apana.org.au>
cc: Sven Schnelle <svens@linux.ibm.com>
cc: Harald Freudenberger <freude@linux.vnet.ibm.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-crypto@vger.kernel.org
cc: linux-s390@vger.kernel.org
cc: regressions@lists.linux.dev
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Ondrej Mosnáček <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: atmel - Use dev_err_probe instead of dev_err
Wang Ming [Wed, 26 Jul 2023 12:04:41 +0000 (20:04 +0800)]
crypto: atmel - Use dev_err_probe instead of dev_err

It is possible that dma_request_chan will return EPROBE_DEFER,
which means that dd->dev is not ready yet. In this case,
dev_err(dd->dev), there will be no output. This patch fixes the bug.

Signed-off-by: Wang Ming <machel@vivo.com>
Reviewed-by: Ryan Wanner <Ryan.Wanner@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - add power management support
Horia Geanta [Mon, 24 Jul 2023 06:52:30 +0000 (08:52 +0200)]
crypto: caam - add power management support

Add support for suspend and resume operation for PM in CAAM driver.

When the CAAM goes in suspend, the hardware is considered to do nothing.

On some platforms, the power of the CAAM is not turned off so it keeps
its configuration.
On other platforms, it doesn't so it is necessary to save the state of
the CAAM:
 - JRs MID
 - Address of input and output rings

Signed-off-by: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com>
Signed-off-by: Dan Douglass <dan.douglass@nxp.com>
Signed-off-by: Vipul Kumar <vipul_kumar@mentor.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - Change structure type representing DECO MID
Franck LENORMAND [Mon, 24 Jul 2023 06:52:29 +0000 (08:52 +0200)]
crypto: caam - Change structure type representing DECO MID

The structure partid is not suitable to represent the DECO MID register.

This patch replace partid by masterid which is more appropriate.

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - Remove messages related to memory allocation failure
Christophe JAILLET [Sat, 22 Jul 2023 14:53:59 +0000 (16:53 +0200)]
crypto: caam - Remove messages related to memory allocation failure

On memory allocation failure, the function calling stack is already logged.
So there is no need to explicitly log an extra message.

Remove them, ans simplify some code accordingly.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: caam - Use struct_size()
Christophe JAILLET [Sat, 22 Jul 2023 14:53:58 +0000 (16:53 +0200)]
crypto: caam - Use struct_size()

Use struct_size() instead of hand-writing it, when allocating a structure
with a flex array.

This is less verbose, more robust and more informative.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cn10k - use dev_err_probe
Martin Kaiser [Fri, 21 Jul 2023 08:54:44 +0000 (10:54 +0200)]
hwrng: cn10k - use dev_err_probe

Use dev_err_probe in error paths of the probe function, making the code a
tiny bit simpler.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cn10k - delete empty remove function
Martin Kaiser [Fri, 21 Jul 2023 08:54:43 +0000 (10:54 +0200)]
hwrng: cn10k - delete empty remove function

The remove function is empty, we can delete it. It's ok for a PCI driver
to have no remove function.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cctrng - use dev_err_probe in error paths
Martin Kaiser [Wed, 19 Jul 2023 07:18:06 +0000 (09:18 +0200)]
hwrng: cctrng - use dev_err_probe in error paths

Use dev_err_probe in error paths to make the code a bit shorter.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cctrng - merge cc_trng_clk_init into its only caller
Martin Kaiser [Wed, 19 Jul 2023 07:18:05 +0000 (09:18 +0200)]
hwrng: cctrng - merge cc_trng_clk_init into its only caller

cc_trng_clk_init is called only from the probe function. Merge the two
functions, this saves some lines of code.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cctrng - let devres enable the clock
Martin Kaiser [Wed, 19 Jul 2023 07:18:04 +0000 (09:18 +0200)]
hwrng: cctrng - let devres enable the clock

Call devm_clk_get_optional_enabled in the cctrng driver. We don't have to
disable and unprepare the clock any more in error paths or in the remove
function.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: cctrng - don't open code init and exit functions
Martin Kaiser [Wed, 19 Jul 2023 07:18:03 +0000 (09:18 +0200)]
hwrng: cctrng - don't open code init and exit functions

Do not open code the init and exit functions of the cctrng driver.

If we move the BUILD_BUG_ON checks into the probe function, we can use
module_platform_driver and make the code shorter.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agoKEYS: use kfree_sensitive with key
Mahmoud Adam [Mon, 17 Jul 2023 12:55:09 +0000 (12:55 +0000)]
KEYS: use kfree_sensitive with key

key might contain private part of the key, so better use
kfree_sensitive to free it

Signed-off-by: Mahmoud Adam <mngyadam@amazon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: starfive - Add AES skcipher and aead support
Jia Jie Ho [Mon, 17 Jul 2023 04:03:02 +0000 (12:03 +0800)]
crypto: starfive - Add AES skcipher and aead support

Adding AES skcipher and aead support to Starfive crypto module.
Skcipher modes of operation include ecb, cbc, ctr, ofb, cfb. Aead modes
include ccm and gcm.

v1->v2:
- Add include interrupt.h to fix compile error. (Herbert)

Co-developed-by: Huan Feng <huan.feng@starfivetech.com>
Signed-off-by: Huan Feng <huan.feng@starfivetech.com>
Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: arm-smccc-trng - don't set drvdata
Martin Kaiser [Sun, 16 Jul 2023 14:11:12 +0000 (16:11 +0200)]
hwrng: arm-smccc-trng - don't set drvdata

Don't set drvdata, there's nobody who reads it.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: x86/aesni - remove unused parameter to aes_set_key_common()
Eric Biggers [Sat, 15 Jul 2023 05:01:04 +0000 (22:01 -0700)]
crypto: x86/aesni - remove unused parameter to aes_set_key_common()

The 'tfm' parameter to aes_set_key_common() is never used, so remove it.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/hpre - enable sva error interrupt event
Weili Qian [Fri, 14 Jul 2023 11:41:38 +0000 (19:41 +0800)]
crypto: hisilicon/hpre - enable sva error interrupt event

Enable sva error interrupt event. When an error occurs on
the sva module, the device reports an abnormal interrupt to
the driver.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - increase device doorbell timeout
Weili Qian [Fri, 14 Jul 2023 11:41:37 +0000 (19:41 +0800)]
crypto: hisilicon/qm - increase device doorbell timeout

When both the accelerator device and SMMU are busy,
the processing time of the doorbell may be prolonged.
As a result, the doorbell may timeout, especially in the sva
scenario. Therefore, the doorbell timeout is increased.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - stop function and write data to memory
Weili Qian [Fri, 14 Jul 2023 11:41:36 +0000 (19:41 +0800)]
crypto: hisilicon/qm - stop function and write data to memory

When the system is shut down, the process is killed, but the
accelerator device does not stop executing the tasks. If the
accelerator device still accesses the memory and writes back data
to the memory after the memory is reclaimed by the system,
an NFE error may occur. Therefore, before the system is shut
down, the driver needs to stop the device and write data back
to the memory.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/qm - flush all work before driver removed
Weili Qian [Fri, 14 Jul 2023 11:41:35 +0000 (19:41 +0800)]
crypto: hisilicon/qm - flush all work before driver removed

Before removing the driver, flush inter-function communication
work, and subsequent communication work is not processed.
This prevents communication threads from accessing released memory.

Fixes: ("crypto: hisilicon/qm - enable PF and VFs communication")
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - remove flag HASH_FLAGS_DMA_READY
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:18 +0000 (17:15 +0200)]
crypto: stm32 - remove flag HASH_FLAGS_DMA_READY

Remove flag HASH_FLAGS_DMA_READY as it can put the driver in a deadlock
state.
If the DMA automatically set the DCAL bit, the interrupt indicating the
end of a computation can be raised before the DMA complete sequence.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - fix MDMAT condition
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:17 +0000 (17:15 +0200)]
crypto: stm32 - fix MDMAT condition

If IP has MDMAT support, set or reset the bit MDMAT in Control Register.

Fixes: b56403a25af7 ("crypto: stm32/hash - Support Ux500 hash")
Cc: stable@vger.kernel.org
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - check request size and scatterlist size when using DMA.
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:16 +0000 (17:15 +0200)]
crypto: stm32 - check request size and scatterlist size when using DMA.

When we are sending the data to HASH with the DMA, we send all the data
provided in the scatterlists of the request.
But in some cases (ex : tcrypt performances tests), we should only send
req->nbytes
When iterating through the scatterlist we verify if it is the last
scatterlist or if the number of bytes sent plus the data of the current
scatterlist is superior of the total number of bytes to hash.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - fix loop iterating through scatterlist for DMA
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:15 +0000 (17:15 +0200)]
crypto: stm32 - fix loop iterating through scatterlist for DMA

We were reading the length of the scatterlist sg after copying value of
tsg inside.
So we are using the size of the previous scatterlist and for the first
one we are using an unitialised value.
Fix this by copying tsg in sg[0] before reading the size.

Fixes : 8a1012d3f2ab ("crypto: stm32 - Support for STM32 HASH module")
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - remove bufcnt in stm32_hash_write_ctrl.
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:14 +0000 (17:15 +0200)]
crypto: stm32 - remove bufcnt in stm32_hash_write_ctrl.

Commit "crypto: stm32 - Fix empty message processing" remove the use of
the argument bufcnt in stm32_hash_write_ctrl.
Hence, we can remove it from the function prototype and simplify the
function declaration.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: stm32 - add new algorithms support
Thomas Bourgoin [Thu, 13 Jul 2023 15:15:13 +0000 (17:15 +0200)]
crypto: stm32 - add new algorithms support

Add the all SHA-2 (up to 512) and SHA-3 algorithm support.
Update compatible table to add stm32mp13.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agodt-bindings: crypto: add new compatible for stm32-hash
Lionel Debieve [Thu, 13 Jul 2023 15:15:12 +0000 (17:15 +0200)]
dt-bindings: crypto: add new compatible for stm32-hash

Add a new compatible for stm32mp13 support.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ba431 - use dev_err_probe after failed registration
Martin Kaiser [Thu, 13 Jul 2023 07:04:46 +0000 (09:04 +0200)]
hwrng: ba431 - use dev_err_probe after failed registration

Use dev_err_probe to print the error message after a failed hwrng
registration.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ba431 - don't init of_device_id's data
Martin Kaiser [Thu, 13 Jul 2023 07:04:45 +0000 (09:04 +0200)]
hwrng: ba431 - don't init of_device_id's data

We have no device-specific data for silex-insight,ba431-rng. There's no
need to set .data = NULL, this is the default.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ba431 - do not set drvdata
Martin Kaiser [Thu, 13 Jul 2023 07:04:44 +0000 (09:04 +0200)]
hwrng: ba431 - do not set drvdata

Do not set drvdata in the ba431 driver. Nobody is using it.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - switch to device managed registration
Martin Kaiser [Mon, 10 Jul 2023 20:27:33 +0000 (22:27 +0200)]
hwrng: ingenic - switch to device managed registration

Call devm_hwrng_register for device managed registration of the
ingenic-trng driver. ingenic_trng_remove can then be deleted.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - don't disable the rng in ingenic_trng_remove
Martin Kaiser [Mon, 10 Jul 2023 20:27:32 +0000 (22:27 +0200)]
hwrng: ingenic - don't disable the rng in ingenic_trng_remove

There's no need to disable the rng in ingenic_trng_remove.

The driver's init function sets the CFG_GEN_EN bit to enable the
rng. The cleanup function clears CFG_GEN_EN to revert this.

The remove function calls hwrng_unregister. If the ingenic-trng is not
the current rng at this point, CFG_GEN_EN has already been cleared. If
the ingenic-trng is the current rng, drop_current_rng will call the
cleanup function.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - use dev_err_probe in error paths
Martin Kaiser [Mon, 10 Jul 2023 20:27:31 +0000 (22:27 +0200)]
hwrng: ingenic - use dev_err_probe in error paths

Use dev_err_probe in error paths to make the code a bit shorter.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - use devm_clk_get_enabled
Martin Kaiser [Mon, 10 Jul 2023 20:27:30 +0000 (22:27 +0200)]
hwrng: ingenic - use devm_clk_get_enabled

Use devm_clk_get_enabled in the ingenic-trng driver. We don't have to
disable and unprepare the clock any more in error paths or in the remove
function.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - remove dead assignments
Martin Kaiser [Mon, 10 Jul 2023 20:27:29 +0000 (22:27 +0200)]
hwrng: ingenic - remove dead assignments

Don't assign a value to ret if we're about to return from the probe
function and ret's value is not used.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - remove two unused defines
Martin Kaiser [Mon, 10 Jul 2023 20:27:28 +0000 (22:27 +0200)]
hwrng: ingenic - remove two unused defines

Remove two defines which are not used in the ingenic-trng driver's code.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: ingenic - enable compile testing
Martin Kaiser [Mon, 10 Jul 2023 20:27:27 +0000 (22:27 +0200)]
hwrng: ingenic - enable compile testing

Enable compile testing for the ingenic-trng driver.

Remove the dependency on HW_RANDOM. The ingenic-trng config section is
under "if HW_RANDOM".

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: hisilicon/hpre - ensure private key less than n
Weili Qian [Fri, 7 Jul 2023 13:18:19 +0000 (21:18 +0800)]
crypto: hisilicon/hpre - ensure private key less than n

The private key of the curve key size generated by stdrng, which maybe
not less than n. Therefore, the private key with the curve key size
minus 1 is generated to ensure that the private key is less than n.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: starfive - Convert to platform remove callback returning void
Uwe Kleine-König [Fri, 7 Jul 2023 07:07:53 +0000 (09:07 +0200)]
crypto: starfive - Convert to platform remove callback returning void

The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new() which already returns void. Eventually after all drivers
are converted, .remove_new() is renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: timeriomem - Use devm_platform_get_and_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 11:52:42 +0000 (19:52 +0800)]
hwrng: timeriomem - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Reviewed-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: atmel-tdes - Use devm_platform_get_and_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 07:21:58 +0000 (15:21 +0800)]
crypto: atmel-tdes - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: atmel-sha - Use devm_platform_get_and_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 07:21:57 +0000 (15:21 +0800)]
crypto: atmel-sha - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: atmel-aes - Use devm_platform_get_and_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 07:21:56 +0000 (15:21 +0800)]
crypto: atmel-aes - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: keembay - Convert to devm_platform_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 07:21:55 +0000 (15:21 +0800)]
crypto: keembay - Convert to devm_platform_ioremap_resource()

Use devm_platform_ioremap_resource() to simplify code.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: omap-des - Use devm_platform_get_and_ioremap_resource()
Yangtao Li [Wed, 5 Jul 2023 07:21:54 +0000 (15:21 +0800)]
crypto: omap-des - Use devm_platform_get_and_ioremap_resource()

Convert platform_get_resource(), devm_ioremap_resource() to a single
call to devm_platform_get_and_ioremap_resource(), as this is exactly
what this function does.

Signed-off-by: Yangtao Li <frank.li@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: pic32 - enable TRNG only while it's used
Martin Kaiser [Tue, 4 Jul 2023 17:32:03 +0000 (19:32 +0200)]
hwrng: pic32 - enable TRNG only while it's used

The probe function enables the TRNG hardware before registering the
driver. If registration fails, probe returns an error, but the TRNG
remains enabled.

Define init and cleanup functions, enable and disable the hardware there.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: pic32 - remove unused defines
Martin Kaiser [Tue, 4 Jul 2023 17:32:02 +0000 (19:32 +0200)]
hwrng: pic32 - remove unused defines

Remove some unused defines and fix the indentation.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: pic32 - use devm_clk_get_enabled
Martin Kaiser [Tue, 4 Jul 2023 17:32:01 +0000 (19:32 +0200)]
hwrng: pic32 - use devm_clk_get_enabled

Use devm_clk_get_enabled in the pic32 driver. Ensure that the clock is
enabled as long as the driver is registered with the hwrng core.

Fixes: 7ea39973d1e5 ("hwrng: pic32 - Use device-managed registration API")
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: pic32 - enable compile-testing
Martin Kaiser [Tue, 4 Jul 2023 17:32:00 +0000 (19:32 +0200)]
hwrng: pic32 - enable compile-testing

Enable compile testing for the pic32 driver.

Remove the dependency on HW_RANDOM. The pic32 config section is under
"if HW_RANDOM".

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: exynos - switch to DEFINE_SIMPLE_DEV_PM_OPS
Martin Kaiser [Tue, 4 Jul 2023 17:10:51 +0000 (19:10 +0200)]
hwrng: exynos - switch to DEFINE_SIMPLE_DEV_PM_OPS

SIMPLE_DEV_PM_OPS is deprecated, replace it with DEFINE_SIMPLE_DEV_PM_OPS
and use pm_sleep_ptr for setting the driver's pm routines. We can now
remove the __maybe_unused qualifier in the suspend and resume functions.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: imx-rngc - use dev_err_probe
Martin Kaiser [Tue, 4 Jul 2023 17:06:44 +0000 (19:06 +0200)]
hwrng: imx-rngc - use dev_err_probe

Simplify the code by calling dev_err_probe instead of dev_err and return.

While at it, use the same device for all error messages.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Reviewed-by: Rouven Czerwinski <r.czerwinskis@pengutronix.de>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - replace the if statement with min()
You Kangren [Tue, 4 Jul 2023 12:45:32 +0000 (20:45 +0800)]
crypto: qat - replace the if statement with min()

Mark UWORD_CPYBUF_SIZE with U suffix to make its type the same
with words_num. Then replace the if statement with min() in
qat_uclo_wr_uimage_raw_page() to make code shorter.

Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: You Kangren <youkangren@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: nomadik - use dev_err_probe
Martin Kaiser [Sun, 2 Jul 2023 17:35:03 +0000 (19:35 +0200)]
hwrng: nomadik - use dev_err_probe

Use dev_err_probe to print a message and return an error. This makes the
code a tiny bit shorter.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agohwrng: nomadik - keep clock enabled while hwrng is registered
Martin Kaiser [Sun, 2 Jul 2023 17:35:02 +0000 (19:35 +0200)]
hwrng: nomadik - keep clock enabled while hwrng is registered

The nomadik driver uses devres to register itself with the hwrng core,
the driver will be unregistered from hwrng when its device goes out of
scope. This happens after the driver's remove function is called.

However, nomadik's clock is disabled in the remove function. There's a
short timeframe where nomadik is still registered with the hwrng core
although its clock is disabled. I suppose the clock must be active to
access the hardware and serve requests from the hwrng core.

Switch to devm_clk_get_enabled and let devres disable the clock and
unregister the hwrng. This avoids the race condition.

Fixes: 3e75241be808 ("hwrng: drivers - Use device-managed registration API")
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add heartbeat counters check
Damian Muszynski [Fri, 30 Jun 2023 17:03:58 +0000 (19:03 +0200)]
crypto: qat - add heartbeat counters check

A firmware update for QAT GEN2 changed the format of a data
structure used to report the heartbeat counters.

To support all firmware versions, extend the heartbeat logic
with an algorithm that detects the number of counters returned
by firmware. The algorithm detects the number of counters to
be used (and size of the corresponding data structure) by the
comparison the expected size of the data in memory, with the data
which was written by the firmware.

Firmware detection is done one time during the first read of heartbeat
debugfs file to avoid increasing the time needed to load the module.

Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add heartbeat feature
Damian Muszynski [Fri, 30 Jun 2023 17:03:57 +0000 (19:03 +0200)]
crypto: qat - add heartbeat feature

Under some circumstances, firmware in the QAT devices could become
unresponsive. The Heartbeat feature provides a mechanism to detect
unresponsive devices.

The QAT FW periodically writes to memory a set of counters that allow
to detect the liveness of a device. This patch adds logic to enable
the reporting of those counters, analyze them and report if a device
is alive or not.

In particular this adds
  (1) heartbeat enabling, reading and detection logic
  (2) reporting of heartbeat status and configuration via debugfs
  (3) documentation for the newly created sysfs entries
  (4) configuration of FW settings related to heartbeat, e.g. tick period
  (5) logic to convert time in ms (provided by the user) to clock ticks

This patch introduces a new folder in debugfs called heartbeat with the
following attributes:
 - status
 - queries_sent
 - queries_failed
 - config

All attributes except config are reading only. In particular:
 - `status` file returns 0 when device is operational and -1 otherwise.
 - `queries_sent` returns the total number of heartbeat queries sent.
 - `queries_failed` returns the total number of heartbeat queries failed.
 - `config` allows to adjust the frequency at which the firmware writes
   counters to memory. This period is given in milliseconds and it is
   fixed for GEN4 devices.

Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add measure clock frequency
Damian Muszynski [Fri, 30 Jun 2023 17:03:56 +0000 (19:03 +0200)]
crypto: qat - add measure clock frequency

The QAT hardware does not expose a mechanism to report its clock
frequency. This is required to implement the Heartbeat feature.

Add a clock measuring algorithm that estimates the frequency by
comparing the internal timestamp counter incremented by the firmware
with the time measured by the kernel.
The frequency value is only used internally and not exposed to
the user.

Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - drop obsolete heartbeat interface
Damian Muszynski [Fri, 30 Jun 2023 17:03:55 +0000 (19:03 +0200)]
crypto: qat - drop obsolete heartbeat interface

Drop legacy heartbeat interface from FW API as it is no longer used.

Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add internal timer for qat 4xxx
Damian Muszynski [Fri, 30 Jun 2023 17:03:54 +0000 (19:03 +0200)]
crypto: qat - add internal timer for qat 4xxx

The power management feature in QAT 4xxx devices can disable clock
sources used to implement timers. Because of that, the firmware needs to
get an external reliable source of time.

Add a kernel delayed work that periodically sends an event to the
firmware. This is triggered every 200ms. At each execution, the driver
sends a sync request to the firmware reporting the current timestamp
counter value.

This is a pre-requisite for enabling the heartbeat, telemetry and
rate limiting features.

Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: qat - add fw_counters debugfs file
Lucas Segarra Fernandez [Fri, 30 Jun 2023 15:32:07 +0000 (17:32 +0200)]
crypto: qat - add fw_counters debugfs file

Expose FW counters statistics by providing the "fw_counters" file
under debugfs. Currently the statistics include the number of
requests sent to the FW and the number of responses received
from the FW for each Acceleration Engine, for all the QAT product
line.

This patch is based on earlier work done by Marco Chiappero.

Co-developed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: sig - Remove some unused functions
Jiapeng Chong [Fri, 30 Jun 2023 07:54:24 +0000 (15:54 +0800)]
crypto: sig - Remove some unused functions

These functions are defined in the sig.c file, but not called elsewhere,
so delete these unused functions.

crypto/sig.c:24:34: warning: unused function '__crypto_sig_tfm'.

Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Closes: https://bugzilla.openanolis.cn/show_bug.cgi?id=5701
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add Mario to MAINTAINERS
Mario Limonciello [Fri, 23 Jun 2023 13:50:01 +0000 (08:50 -0500)]
crypto: ccp - Add Mario to MAINTAINERS

I will maintain the platform access interface and dynamic boost
control support.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add unit tests for dynamic boost control
Mario Limonciello [Fri, 23 Jun 2023 13:50:00 +0000 (08:50 -0500)]
crypto: ccp - Add unit tests for dynamic boost control

Interacting with dynamic boost control messages requires the caller
to supply a signature. To allow validation of individual dynamic
boost control components, introduce a set of tests that can be run.

The tests can be run in 3 distinct different environments, and so
certain tests will be skipped depending on the environment.

1. Systems that do not support DBC.
2. Production systems that support DBC but are secured silicon.
3. Pre-production systems that support DBC but are unsecured silicon.

Unsecured silicon does not validate the signature, and so this allows
testing more of the state machine and functionality.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add a sample python script for Dynamic Boost Control
Mario Limonciello [Fri, 23 Jun 2023 13:49:59 +0000 (08:49 -0500)]
crypto: ccp - Add a sample python script for Dynamic Boost Control

Dynamic Boost Control commands are triggered by userspace with
an IOCTL interface that userspace will prepare proper buffers
for a request.

To allow prototyping and testing this interface, add a python3
command line script that loads the dbc_library.so for utilizing
the IOCTLs.

The signature to use and UID are passed as arguments to this script.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add a sample library for ioctl use
Mario Limonciello [Fri, 23 Jun 2023 13:49:58 +0000 (08:49 -0500)]
crypto: ccp - Add a sample library for ioctl use

Add a small shared library that demonstrates the usage of the
IOCTL interface.  This library can be linked to but, is
intended to be loaded and used by higher level languages

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add support for getting and setting DBC parameters
Mario Limonciello [Fri, 23 Jun 2023 13:49:57 +0000 (08:49 -0500)]
crypto: ccp - Add support for getting and setting DBC parameters

After software has authenticated a dynamic boost control request,
it can fetch and set supported parameters using a selection of messages.

Add support for these messages and export the ability to do this to
userspace.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add support for setting user ID for dynamic boost control
Mario Limonciello [Fri, 23 Jun 2023 13:49:56 +0000 (08:49 -0500)]
crypto: ccp - Add support for setting user ID for dynamic boost control

As part of the authentication flow for Dynamic Boost Control, the calling
software will need to send a uid used in all of its future
communications.

Add support for another IOCTL call to let userspace software set this up.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add support for fetching a nonce for dynamic boost control
Mario Limonciello [Fri, 23 Jun 2023 13:49:55 +0000 (08:49 -0500)]
crypto: ccp - Add support for fetching a nonce for dynamic boost control

Dynamic Boost Control is a feature offered on AMD client platforms that
allows software to request and set power or frequency limits.

Only software that has authenticated with the PSP can retrieve or set
these limits.

Create a character device and ioctl for fetching the nonce. This ioctl
supports optionally passing authentication information which will influence
how many calls the nonce is valid for.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - move setting PSP master to earlier in the init
Mario Limonciello [Fri, 23 Jun 2023 13:49:54 +0000 (08:49 -0500)]
crypto: ccp - move setting PSP master to earlier in the init

Dynamic boost control needs to use platform access symbols
that look for the PSP master as part of initialization.

So move the PSP master before psp_init() so that dynamic boost
control can be initialized properly.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 years agocrypto: ccp - Add bootloader and TEE version offsets
Mario Limonciello [Fri, 23 Jun 2023 13:49:53 +0000 (08:49 -0500)]
crypto: ccp - Add bootloader and TEE version offsets

The bootloader and TEE versions are stored in registers that can be
accessed from sysfs.  This exports the information for recent client
and datacenter parts.

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>