Commit Graph

1215181 Commits

Author SHA1 Message Date
Roxana Nicolescu
1c43c0f1f8 crypto: x86/sha - load modules based on CPU features
x86 optimized crypto modules are built as modules rather than build-in and
they are not loaded when the crypto API is initialized, resulting in the
generic builtin module (sha1-generic) being used instead.

It was discovered when creating a sha1/sha256 checksum of a 2Gb file by
using kcapi-tools because it would take significantly longer than creating
a sha512 checksum of the same file. trace-cmd showed that for sha1/256 the
generic module was used, whereas for sha512 the optimized module was used
instead.

Add module aliases() for these x86 optimized crypto modules based on CPU
feature bits so udev gets a chance to load them later in the boot
process. This resulted in ~3x decrease in the real-time execution of
kcapi-dsg.

Fix is inspired from commit
aa031b8f70 ("crypto: x86/sha512 - load based on CPU features")
where a similar fix was done for sha512.

Cc: stable@vger.kernel.org # 5.15+
Suggested-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Suggested-by: Julian Andres Klode <julian.klode@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:54 +08:00
Wenkai Lin
ce2cb2e1b8 crypto: hisilicon/sec - fix for sgl unmmap problem
When sec_aead_mac_init returns an error code, sec_cipher_map
will exit abnormally, the hardware sgl should be unmmaped.

Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:54 +08:00
Adam Guerin
37b14f2dfa crypto: qat - enable dc chaining service
QAT GEN4 devices support chained compression operations. These
allow, with a single request to firmware, to hash then compress
data.

Extend the configuration to enable such mode. The cfg_services
operations in sysfs are extended to allow the string "dcc". When
selected, the driver downloads to the device both the symmetric
crypto and the compression firmware images and sends an admin message
to firmware which enables `chained` operations.
In addition, it sets the device's capabilities as the combination
of compression and symmetric crypto capabilities, while excluding
the ICP_ACCEL_CAPABILITIES_CRYPTO_SYMMETRIC bit to indicate
that in this mode, symmetric crypto instances are not supported.

When "dcc" is enabled, the device will handle compression requests
as if the "dc" configuration is loaded ("dcc" is a variation of "dc")
and the driver will register the acomp algorithms.

As for the other extended configurations, "dcc" is only available for
qat_4xxx devices and the chaining service will be only accessible from
user space.

Signed-off-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:54 +08:00
Giovanni Cabiddu
7171376638 crypto: qat - consolidate services structure
The data structure that associates a service id with its name is
replicated across the driver.
Remove duplication by moving this data structure to a new include file,
adf_cfg_services.h in order to have consistency across the drivers.

Note that the data structure is re-instantiated every time the new
include is added to a compilation unit.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Giovanni Cabiddu
11af152f78 crypto: qat - fix unregistration of compression algorithms
The function adf_dev_init(), through the subsystem qat_compression,
populates the list of list of compression instances
accel_dev->compression_list. If the list of instances is not empty,
the function adf_dev_start() will then call qat_compression_registers()
register the compression algorithms into the crypto framework.

If any of the functions in adf_dev_start() fail, the caller of such
function, in the error path calls adf_dev_down() which in turn call
adf_dev_stop() and adf_dev_shutdown(), see for example the function
state_store in adf_sriov.c.
However, if the registration of compression algorithms is not done,
adf_dev_stop() will try to unregister the algorithms regardless.
This might cause the counter active_devs in qat_compression.c to get
to a negative value.

Add a new state, ADF_STATUS_COMPRESSION_ALGS_REGISTERED, which tracks
if the compression algorithms are registered into the crypto framework.
Then use this to unregister the algorithms if such flag is set. This
ensures that the compression algorithms are only unregistered if
previously registered.

Fixes: 1198ae56c9 ("crypto: qat - expose deflate through acomp api for QAT GEN2")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Giovanni Cabiddu
9b2f33a1bf crypto: qat - fix unregistration of crypto algorithms
The function adf_dev_init(), through the subsystem qat_crypto, populates
the list of list of crypto instances accel_dev->crypto_list.
If the list of instances is not empty, the function adf_dev_start() will
then call qat_algs_registers() and qat_asym_algs_register() to register
the crypto algorithms into the crypto framework.

If any of the functions in adf_dev_start() fail, the caller of such
function, in the error path calls adf_dev_down() which in turn call
adf_dev_stop() and adf_dev_shutdown(), see for example the function
state_store in adf_sriov.c.
However, if the registration of crypto algorithms is not done,
adf_dev_stop() will try to unregister the algorithms regardless.
This might cause the counter active_devs in qat_algs.c and
qat_asym_algs.c to get to a negative value.

Add a new state, ADF_STATUS_CRYPTO_ALGS_REGISTERED, which tracks if the
crypto algorithms are registered into the crypto framework. Then use
this to unregister the algorithms if such flag is set. This ensures that
the crypto algorithms are only unregistered if previously registered.

Fixes: d8cba25d2c ("crypto: qat - Intel(R) QAT driver framework")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Giovanni Cabiddu
9c20cb8b18 crypto: qat - ignore subsequent state up commands
If the device is already in the up state, a subsequent write of `up` to
the sysfs attribute /sys/bus/pci/devices/<BDF>/qat/state brings the
device down.
Fix this behaviour by ignoring subsequent `up` commands if the device is
already in the up state.

Fixes: 1bdc85550a ("crypto: qat - fix concurrency issue when device state changes")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Giovanni Cabiddu
c362a58e8d crypto: qat - do not shadow error code
Do not shadow the return code from adf_dev_down() in the error path of
the DEV_DOWN command.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Giovanni Cabiddu
c9ca9756f3 crypto: qat - fix state machines cleanup paths
Commit 1bdc85550a ("crypto: qat - fix concurrency issue when device
state changes") introduced the function adf_dev_down() which wraps the
functions adf_dev_stop() and adf_dev_shutdown().
In a subsequent change, the sequence adf_dev_stop() followed by
adf_dev_shutdown() was then replaced across the driver with just a call
to the function adf_dev_down().

The functions adf_dev_stop() and adf_dev_shutdown() are called in error
paths to stop the accelerator and free up resources and can be called
even if the counterparts adf_dev_init() and adf_dev_start() did not
complete successfully.
However, the implementation of adf_dev_down() prevents the stop/shutdown
sequence if the device is found already down.
For example, if adf_dev_init() fails, the device status is not set as
started and therefore a call to adf_dev_down() won't be calling
adf_dev_shutdown() to undo what adf_dev_init() did.

Do not check if a device is started in adf_dev_down() but do the
equivalent check in adf_sysfs.c when handling a DEV_DOWN command from
the user.

Fixes: 2b60f79c7b ("crypto: qat - replace state machine calls")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:30 +08:00
Yang Shen
1a9e6f59ca crypto: hisilicon/zip - remove zlib and gzip
Remove the support of zlib-deflate and gzip.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Reviewed-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Yang Shen
aa3f805003 crypto: hisilicon/zip - support deflate algorithm
Add the deflate algorithm support for hisilicon zip hardware.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
705b52fef3 crypto: cbc - Convert from skcipher to lskcipher
Replace the existing skcipher CBC template with an lskcipher version.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
32a8dc4afc crypto: ecb - Convert from skcipher to lskcipher
This patch adds two different implementations of ECB.  First of
all an lskcipher wrapper around existing ciphers is introduced as
a temporary transition aid.

Secondly a permanent lskcipher template is also added.  It's simply
a wrapper around the underlying lskcipher algorithm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
3dfe8786b1 crypto: testmgr - Add support for lskcipher algorithms
Test lskcipher algorithms using the same logic as cipher algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
8aee5d4ebd crypto: lskcipher - Add compatibility wrapper around ECB
As an aid to the transition from cipher algorithm implementations
to lskcipher, add a temporary wrapper when creating simple lskcipher
templates by using ecb(X) instead of X if an lskcipher implementation
of X cannot be found.

This can be reverted once all cipher implementations have switched
over to lskcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
31865c4c4d crypto: skcipher - Add lskcipher
Add a new API type lskcipher designed for taking straight kernel
pointers instead of SG lists.  Its relationship to skcipher will
be analogous to that between shash and ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
b64d143b75 crypto: hash - Hide CRYPTO_ALG_TYPE_AHASH_MASK
Move the macro CRYPTO_ALG_TYPE_AHASH_MASK out of linux/crypto.h
and into crypto/ahash.c so that it's not visible to users of the
Crypto API.

Also remove the unused CRYPTO_ALG_TYPE_HASH_MASK macro.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
a1383e2ab1 ipsec: Stop using crypto_has_alg
Stop using the obsolete crypto_has_alg helper that is type-agnostic.
Instead use the type-specific helpers such as the newly added
crypto_has_aead.

This means that changes in the underlying type/mask values won't
affect IPsec.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
534562e59f crypto: aead - Add crypto_has_aead
Add the helper crypto_has_aead.  This is meant to replace the
existing use of crypto_has_alg to locate AEAD algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Bo Liu
02968703e8 crypto: aesni - Fix double word in comments
Remove the repeated word "if" in comments.

Signed-off-by: Bo Liu <liubo03@inspur.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Li zeming
17f7b9835a crypto: api - Remove unnecessary NULL initialisation
tfm is assigned first, so it does not need to initialize
the assignment.

Signed-off-by: Li zeming <zeming@nfschina.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Justin Stitt
3102bbcdcd crypto: qat - refactor deprecated strncpy
`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We should prefer more robust and less ambiguous string interfaces.

`buf` is expected to be NUL-terminated for its eventual use in
`kstrtoul()` and NUL-padding is not required.

Due to the above, a suitable replacement is `strscpy` [2] due to the
fact that it guarantees NUL-termination on the destination buffer.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Justin Stitt
0da05a040d crypto: cavium/nitrox - refactor deprecated strncpy
`strncpy` is deprecated for use on NUL-terminated destination strings [1].

We know `hw.partname` is supposed to be NUL-terminated by its later use with seq_printf:
| nitrox_debugfs.c +25
|      seq_printf(s, "  Part Name: %s\n", ndev->hw.partname);

Let's prefer a more robust and less ambiguous string interface.

A suitable replacement is `strscpy` [2] due to the fact that it guarantees
NUL-termination on the destination buffer.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt <justinstitt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Martin Kaiser
50fb6d5c58 hwrng: imx-rngc - reasonable timeout for initial seed
Set a more reasonable timeout for calculating the initial seed.

The reference manuals says that "The initial seed takes approximately
2,000,000 clock cycles." The rngc peripheral clock runs at >= 33.25MHz,
so seeding takes at most 60ms.

A timeout of 200ms is more appropriate than the current value of 3
seconds.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Martin Kaiser
b6c6044b4b hwrng: imx-rngc - reasonable timeout for selftest
Set a more reasonable timeout for the rngc selftest.

According to the reference manual, "The self test takes approximately
29,000 cycles to complete." The lowest possible frequency of the rngc
peripheral clock is 33.25MHz, the selftest would then take about 872us.

2.5ms should be enough for the selftest timeout.

Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-20 13:15:29 +08:00
Herbert Xu
dda5b055e4 chelsio: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
fb3bc06ad8 KEYS: encrypted: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
aa7c98b124 evm: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
7b5fad7cff SUNRPC: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
bd5af65465 mptcp: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
c66218ccf0 ah: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
2defbea39d Bluetooth: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
8622bd190a ubifs: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Herbert Xu
82d1c16c8f fscrypt: Do not include crypto/algapi.h
The header file crypto/algapi.h is for internal use only.  Use the
header file crypto/utils.h instead.

Acked-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:30:43 +08:00
Jonas Gorski
464bd8ec2f hwrng: geode - fix accessing registers
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.

To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.

Fixes: 9f6ec8dc57 ("hwrng: geode - Fix PCI device refcount leak")
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217882
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:46 +08:00
Herbert Xu
453b3d0278 hwrng: octeon - Fix warnings on 32-bit platforms
Use unsigned long instead of u64 to silence compile warnings on
32-bit platforms.  Also remove the __force bit which seems no
longer needed with a current sparse.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:46 +08:00
Mario Limonciello
0470bb1b71 crypto: ccp - Add support for DBC over PSP mailbox
On some SOCs DBC is supported through the PSP mailbox instead of
the platform mailbox. This capability is advertised in the PSP
capabilities register. Allow using this communication path if
supported.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:46 +08:00
Mario Limonciello
3d5845e180 crypto: ccp - Add a macro to check capabilities register
Offsets are checked by the capabilities register in multiple places.
To make the code more readable add a macro.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:46 +08:00
Mario Limonciello
2ac85e22e1 crypto: ccp - Add a communication path abstraction for DBC
DBC is currently accessed only from the platform access mailbox and
a lot of that implementation's communication path is intertwined
with DBC. Add an abstraction layer for pointers into the mailbox.

No intended functional changes.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Mario Limonciello
6e17375c47 crypto: ccp - Add support for extended PSP mailbox commands
The PSP mailbox supports a number of extended sub-commands.  These
subcommands are placed in the header of the buffer sent to the mailbox.

Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Tom Lendacky
949a0c8dd3 crypto: ccp - Move direct access to some PSP registers out of TEE
With the PSP mailbox registers supporting more than just TEE, access to
them must be maintained and serialized by the PSP device support. Remove
TEE support direct access and create an interface in the PSP support
where the register access can be controlled/serialized.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Tested-by: Rijo Thomas <Rijo-john.Thomas@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Stefan Wahren
b58a36008b hwrng: bcm2835 - Fix hwrng throughput regression
The last RCU stall fix caused a massive throughput regression of the
hwrng on Raspberry Pi 0 - 3. hwrng_msleep doesn't sleep precisely enough
and usleep_range doesn't allow scheduling. So try to restore the
best possible throughput by introducing hwrng_yield which interruptable
sleeps for one jiffy.

Some performance measurements on Raspberry Pi 3B+ (arm64/defconfig):

sudo dd if=/dev/hwrng of=/dev/null count=1 bs=10000

cpu_relax              ~138025 Bytes / sec
hwrng_msleep(1000)         ~13 Bytes / sec
hwrng_yield              ~2510 Bytes / sec

Fixes: 96cb9d0554 ("hwrng: bcm2835 - use hwrng_msleep() instead of cpu_relax()")
Link: https://lore.kernel.org/linux-arm-kernel/bc97ece5-44a3-4c4e-77da-2db3eb66b128@gmx.net/
Signed-off-by: Stefan Wahren <wahrenst@gmx.net>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Christophe JAILLET
c977950146 crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
This error handling looks really strange.
Check if the string has been truncated instead.

Fixes: 02ab994635 ("crypto: hisilicon - Fixed some tiny bugs of HPRE")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Lu Jialin
8f4f68e788 crypto: pcrypt - Fix hungtask for PADATA_RESET
We found a hungtask bug in test_aead_vec_cfg as follows:

INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
 __switch_to+0x98/0xe0
 __schedule+0x6c4/0xf40
 schedule+0xd8/0x1b4
 schedule_timeout+0x474/0x560
 wait_for_common+0x368/0x4e0
 wait_for_completion+0x20/0x30
 wait_for_completion+0x20/0x30
 test_aead_vec_cfg+0xab4/0xd50
 test_aead+0x144/0x1f0
 alg_test_aead+0xd8/0x1e0
 alg_test+0x634/0x890
 cryptomgr_test+0x40/0x70
 kthread+0x1e0/0x220
 ret_from_fork+0x10/0x18
 Kernel panic - not syncing: hung_task: blocked tasks

For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.

The problem comes as following:
(padata_do_parallel)                 |
    rcu_read_lock_bh();              |
    err = -EINVAL;                   |   (padata_replace)
                                     |     pinst->flags |= PADATA_RESET;
    err = -EBUSY                     |
    if (pinst->flags & PADATA_RESET) |
        rcu_read_unlock_bh()         |
        return err

In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.

v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.

Signed-off-by: Lu Jialin <lujialin4@huawei.com>
Signed-off-by: Guo Zihua <guozihua@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Danny Tsen
6b36dafedd crypto: vmx - Improved AES/XTS performance of 6-way unrolling for ppc
Improve AES/XTS performance of 6-way unrolling for PowerPC up
to 17% with tcrypt.  This is done by using one instruction,
vpermxor, to replace xor and vsldoi.

The same changes were applied to OpenSSL code and a pull request was
submitted.

This patch has been tested with the kernel crypto module tcrypt.ko and
has passed the selftest.  The patch is also tested with
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled.

Signed-off-by: Danny Tsen <dtsen@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Jinjie Ruan
65029eec5c crypto: qat - Use list_for_each_entry() helper
Convert list_for_each() to list_for_each_entry() so that the list_itr
list_head pointer and list_entry() call are no longer needed, which
can reduce a few lines of code. No functional changed.

Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Mario Limonciello
7b3c2348d3 crypto: ccp - Fix some unfused tests
Some of the tests for unfused parts referenced a named member parameter,
but when the test suite was switched to call a python ctypes library they
weren't updated.  Adjust them to refer to the first argument of the
process_param() call and set the data type of the signature appropriately.

Fixes: 15f8aa7bb3 ("crypto: ccp - Add unit tests for dynamic boost control")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Mario Limonciello
2ad01eb5fa crypto: ccp - Fix sample application signature passing
When parameters are sent the PSP returns back it's own signature
for the application to verify the authenticity of the result.

Display this signature to the caller instead of the one the caller
sent.

Fixes: f40d42f116 ("crypto: ccp - Add a sample python script for Dynamic Boost Control")
Fixes: febe3ed322 ("crypto: ccp - Add a sample library for ioctl use")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Mario Limonciello
70f242c193 crypto: ccp - Fix DBC sample application error handling
The sample application was taking values from ioctl() and treating
those as the error codes to present to a user.

This is incorrect when ret is non-zero, the error is stored to `errno`.
Use this value instead.

Fixes: f40d42f116 ("crypto: ccp - Add a sample python script for Dynamic Boost Control")
Fixes: febe3ed322 ("crypto: ccp - Add a sample library for ioctl use")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00
Mario Limonciello
7f71c3e033 crypto: ccp - Fix ioctl unit tests
A local environment change was importing ioctl_opt which is required
for ioctl tests to pass.  Add the missing import for it.

Fixes: 15f8aa7bb3 ("crypto: ccp - Add unit tests for dynamic boost control")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-09-15 18:29:45 +08:00