1. 26 Apr, 2024 4 commits
    • Lucas Segarra Fernandez's avatar
      crypto: qat - validate slices count returned by FW · 483fd65c
      Lucas Segarra Fernandez authored
      The function adf_send_admin_tl_start() enables the telemetry (TL)
      feature on a QAT device by sending the ICP_QAT_FW_TL_START message to
      the firmware. This triggers the FW to start writing TL data to a DMA
      buffer in memory and returns an array containing the number of
      accelerators of each type (slices) supported by this HW.
      The pointer to this array is stored in the adf_tl_hw_data data
      structure called slice_cnt.
      
      The array slice_cnt is then used in the function tl_print_dev_data()
      to report in debugfs only statistics about the supported accelerators.
      An incorrect value of the elements in slice_cnt might lead to an out
      of bounds memory read.
      At the moment, there isn't an implementation of FW that returns a wrong
      value, but for robustness validate the slice count array returned by FW.
      
      Fixes: 69e7649f ("crypto: qat - add support for device telemetry")
      Signed-off-by: default avatarLucas Segarra Fernandez <lucas.segarra.fernandez@intel.com>
      Reviewed-by: default avatarDamian Muszynski <damian.muszynski@intel.com>
      Reviewed-by: default avatarGiovanni Cabiddu <giovanni.cabiddu@intel.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      483fd65c
    • Hailey Mothershead's avatar
      crypto: aead,cipher - zeroize key buffer after use · 23e4099b
      Hailey Mothershead authored
      I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding
      cryptographic information should be zeroized once they are no longer
      needed. Accomplish this by using kfree_sensitive for buffers that
      previously held the private key.
      Signed-off-by: default avatarHailey Mothershead <hailmo@amazon.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      23e4099b
    • Ard Biesheuvel's avatar
      crypto: arm64/aes-ce - Simplify round key load sequence · 571e557c
      Ard Biesheuvel authored
      Tweak the round key logic so that they can be loaded using a single
      branchless sequence using overlapping loads. This is shorter and
      simpler, and puts the conditional branches based on the key size further
      apart, which might benefit microarchitectures that cannot record taken
      branches at every instruction. For these branches, use test-bit-branch
      instructions that don't clobber the condition flags.
      
      Note that none of this has any impact on performance, positive or
      otherwise (and the branch prediction benefit would only benefit AES-192
      which nobody uses). It does make for nicer code, though.
      
      While at it, use \@ to generate the labels inside the macros, which is
      more robust than using fixed numbers, which could clash inadvertently.
      Also, bring aes-neon.S in line with these changes, including the switch
      to test-and-branch instructions, to avoid surprises in the future when
      we might start relying on the condition flags being preserved in the
      chaining mode wrappers in aes-modes.S
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      571e557c
    • Uwe Kleine-König's avatar
      crypto: tegra - Convert to platform remove callback returning void · 3f4d1482
      Uwe Kleine-König authored
      The .remove() callback for a platform driver returns an int which makes
      many driver authors wrongly assume it's possible to do error handling by
      returning an error code. However the value returned is ignored (apart
      from emitting a warning) and this typically results in resource leaks.
      
      To improve here there is a quest to make the remove callback return
      void. In the first step of this quest all drivers are converted to
      .remove_new(), which already returns void. Eventually after all drivers
      are converted, .remove_new() will be renamed to .remove().
      
      Trivially convert this driver from always returning zero in the remove
      callback to the void returning variant.
      
      Fixes: 0880bb3b ("crypto: tegra - Add Tegra Security Engine driver")
      Signed-off-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Acked-by: default avatarAkhil R <akhilrajeev@nvidia.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3f4d1482
  2. 19 Apr, 2024 15 commits
  3. 12 Apr, 2024 21 commits