- 30 Sep, 2022 8 commits
-
-
Adam Guerin authored
adf_copy_key_value_data() copies data from userland to kernel, based on a linked link provided by userland. If userland provides a circular list (or just a very long one) then it would drive a long loop where allocation occurs in every loop. This could lead to low memory conditions. Adding a limit to stop endless loop. Signed-off-by:
Adam Guerin <adam.guerin@intel.com> Co-developed-by:
Ciunas Bennett <ciunas.bennett@intel.com> Signed-off-by:
Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
ye xingchen authored
Return the value otx2_cpt_send_mbox_msg() directly instead of storing it in another redundant variable. Reported-by:
Zeal Robot <zealci@zte.com.cn> Signed-off-by:
ye xingchen <ye.xingchen@zte.com.cn> Signed-off-by:
-
ye xingchen authored
Return the value ccp_crypto_enqueue_request() directly instead of storing it in another redundant variable. Reported-by:
John Allen <john.allen@amd.com> Signed-off-by:
-
YueHaibing authored
The platform_get_irq() function returns negative on error and positive non-zero values on success. It never returns zero, but if it did then treat that as a success. Also remove redundant dev_err() print as platform_get_irq() already prints an error. Fixes: 108713a7 ("crypto: aspeed - Add HACE hash driver") Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Reviewed-by:
Neal Liu <neal_liu@aspeedtech.com> Signed-off-by:
-
lei he authored
Fix memory-leak for virtio-crypto akcipher request, this problem is introduced by 59ca6c93(virtio-crypto: implement RSA algorithm). The leak can be reproduced and tested with the following script inside virtual machine: #!/bin/bash LOOP_TIMES=10000 # required module: pkcs8_key_parser, virtio_crypto modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m modprobe virtio_crypto # if CONFIG_CRYPTO_DEV_VIRTIO=m rm -rf /tmp/data dd if=/dev/random of=/tmp/data count=1 bs=230 # generate private key and self-signed cert openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem \ -outform der -out cert.der \ -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=always.com/emailAddress=yy@always.com" # convert private key from pem to der openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der # add key PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s` echo "priv key id = "$PRIV_KEY_ID PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s` echo "pub key id = "$PUB_KEY_ID # query key keyctl pkey_query $PRIV_KEY_ID 0 keyctl pkey_query $PUB_KEY_ID 0 # here we only run pkey_encrypt becasuse it is the fastest interface function bench_pub() { keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub } # do bench_pub in loop to obtain the memory leak for (( i = 0; i < ${LOOP_TIMES}; ++i )); do bench_pub done Signed-off-by:
lei he <helei.sig11@bytedance.com> Acked-by:
Michael S. Tsirkin <mst@redhat.com> Reviewed-by:
Gonglei <arei.gonglei@huawei.com> Signed-off-by:
-
Dan Carpenter authored
The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can have an integer overflow. Fixes: 9e2c7d99 ("crypto: cavium - Add Support for Octeon-tx CPT Engine") Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Dan Carpenter authored
The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "code_length * 2" can overflow. The round_up(ucode_size, 16) + sizeof() expression can overflow too. Prevent these overflows. Fixes: d9110b0b ("crypto: marvell - add support for OCTEON TX CPT engine") Signed-off-by:
-
Neal Liu authored
Fix build error within the following configs setting: - CONFIG_CRYPTO_DEV_ASPEED=y - CONFIG_CRYPTO_DEV_ASPEED_HACE_HASH is not set - CONFIG_CRYPTO_DEV_ASPEED_HACE_CRYPTO is not set Error messages: make[4]: *** No rule to make target 'drivers/crypto/aspeed/aspeed_crypto.o' , needed by 'drivers/crypto/aspeed/built-in.a'. make[4]: Target '__build' not remade because of errors. Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
-
- 24 Sep, 2022 11 commits
-
-
Kai Ye authored
The default qos value is not initialized when sriov is repeatedly enabled and disabled. So add the vf qos value initialized in the sriov enable process. Signed-off-by:
Kai Ye <yekai13@huawei.com> Signed-off-by:
-
Liu Shixin authored
Use DEFINE_SHOW_ATTRIBUTE helper macro to simplify the code. Signed-off-by:
Liu Shixin <liushixin2@huawei.com> Acked-by:
Corentin Labbe <clabbe.montjoie@gmail.com> Tested-by:
-
Taehee Yoo authored
In order to test for the performance of aria-avx implementation, it needs an async speed test. So, it adds async speed tests to the tcrypt. Signed-off-by:
Taehee Yoo <ap420073@gmail.com> Signed-off-by:
-
Taehee Yoo authored
The implementation is based on the 32-bit implementation of the aria. Also, aria-avx process steps are the similar to the camellia-avx. 1. Byteslice(16way) 2. Add-round-key. 3. Sbox 4. Diffusion layer. Except for s-box, all steps are the same as the aria-generic implementation. s-box step is very similar to camellia and sm4 implementation. There are 2 implementations for s-box step. One is to use AES-NI and affine transformation, which is the same as Camellia, sm4, and others. Another is to use GFNI. GFNI implementation is faster than AES-NI implementation. So, it uses GFNI implementation if the running CPU supports GFNI. There are 4 s-boxes in the ARIA and the 2 s-boxes are the same as AES's s-boxes. To calculate the first sbox, it just uses the aesenclast and then inverts shift_row. No more process is needed for this job because the first s-box is the same as the AES encryption s-box. To calculate the second sbox(invert of s1), it just uses the aesdeclast and then inverts shift_row. No more process is needed for this job because the second s-box is the same as the AES decryption s-box. To calculate the third s-box, it uses the aesenclast, then affine transformation, which is combined AES inverse affine and ARIA S2. To calculate the last s-box, it uses the aesdeclast, then affine transformation, which is combined X2 and AES forward affine. The optimized third and last s-box logic and GFNI s-box logic are implemented by Jussi Kivilinna. The aria-generic implementation is based on a 32-bit implementation, not an 8-bit implementation. the aria-avx Diffusion Layer implementation is based on aria-generic implementation because 8-bit implementation is not fit for parallel implementation but 32-bit is enough to fit for this. Signed-off-by:
-
Taehee Yoo authored
It renames aria to aria_generic and exports some functions such as aria_set_key(), aria_encrypt(), and aria_decrypt() to be able to be used by aria-avx implementation. Signed-off-by:
-
Herbert Xu authored
Switch to %zu instead of %d for printing size_t. Signed-off-by:
Jesper Nilsson <jesper.nilsson@axis.com> Signed-off-by:
-
Xiu Jianfeng authored
Add missing __init/__exit annotations to init/exit funcs. Signed-off-by:
Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by:
-
Lukas Bulwahn authored
Commit 2d16803c ("crypto: blake2s - remove shash module") removes the config CRYPTO_BLAKE2S. Commit 3f342a23 ("crypto: Kconfig - simplify hash entries") makes various changes to the config descriptions as part of some consolidation and clean-up, but among all those changes, it also accidently adds back CRYPTO_BLAKE2S after its removal due to the original patch being based on a state before the CRYPTO_BLAKE2S removal. See Link for the author's confirmation of this happening accidently. Fixes: 3f342a23 ("crypto: Kconfig - simplify hash entries") Link: https://lore.kernel.org/all/MW5PR84MB18424AB8C095BFC041AE33FDAB479@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM/Signed-off-by:
Lukas Bulwahn <lukas.bulwahn@gmail.com> Signed-off-by:
-
Lukas Bulwahn authored
Commit 3f342a23 ("crypto: Kconfig - simplify hash entries") makes various changes to the config descriptions as part of some consolidation and clean-up, but among all those changes, it also accidently renames CRYPTO_SHA1_ARM64_CE to CRYPTO_SHA1_ARM64. Revert this unintended config name change. See Link for the author's confirmation of this happening accidently. Fixes: 3f342a23 ("crypto: Kconfig - simplify hash entries") Link: https://lore.kernel.org/all/MW5PR84MB18424AB8C095BFC041AE33FDAB479@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM/Signed-off-by:
-
Peter Harliman Liem authored
Commit 363a90c2 ("crypto: safexcel/aes - switch to library version of key expansion routine") removed CRYPTO_AES in the config. However, some portions of codes still rely on generic AES cipher (e.g. refer to safexcel_aead_gcm_cra_init(), safexcel_xcbcmac_cra_init()). This causes transform allocation failure for those algos, if CRYPTO_AES is not manually enabled. To resolve that, we replace all existing AES cipher dependent codes with their AES library counterpart. Fixes: 363a90c2 ("crypto: safexcel/aes - switch to library version of key expansion routine") Signed-off-by:
Peter Harliman Liem <pliem@maxlinear.com> Signed-off-by:
-
Peter Harliman Liem authored
From commit d03c5441 ("dma-mapping: disallow .map_sg operations from returning zero on error"), dma_map_sg() produces warning if size is 0. This results in visible warnings if crypto length is zero. To avoid that, we avoid calling dma_map_sg if size is zero. Signed-off-by:
-
- 16 Sep, 2022 15 commits
-
-
Damian Muszynski authored
When mapping the input and output parameters, the implementations of RSA and DH pass to the function dma_map_single() a pointer to the first member of the structure they want to map instead of a pointer to the actual structure. This results in set of warnings reported by the static analyser Smatch: drivers/crypto/qat/qat_common/qat_asym_algs.c:335 qat_dh_compute_value() error: dma_map_single_attrs() '&qat_req->in.dh.in.b' too small (8 vs 64) drivers/crypto/qat/qat_common/qat_asym_algs.c:341 qat_dh_compute_value() error: dma_map_single_attrs() '&qat_req->out.dh.r' too small (8 vs 64) drivers/crypto/qat/qat_common/qat_asym_algs.c:732 qat_rsa_enc() error: dma_map_single_attrs() '&qat_req->in.rsa.enc.m' too small (8 vs 64) drivers/crypto/qat/qat_common/qat_asym_algs.c:738 qat_rsa_enc() error: dma_map_single_attrs() '&qat_req->out.rsa.enc.c' too small (8 vs 64) drivers/crypto/qat/qat_common/qat_asym_algs.c:878 qat_rsa_dec() error: dma_map_single_attrs() '&qat_req->in.rsa.dec.c' too small (8 vs 64) drivers/crypto/qat/qat_common/qat_asym_algs.c:884 qat_rsa_dec() error: dma_map_single_attrs() '&qat_req->out.rsa.dec.m' too small (8 vs 64) Where the address of the first element of a structure is used as an input for the function dma_map_single(), replace it with the address of the structure. This fix does not introduce any functional change as the addresses are the same. Signed-off-by:Damian Muszynski <damian.muszynski@intel.com> Signed-off-by:
-
Giovanni Cabiddu authored
This reverts commit e48767c1. In an attempt to resolve a set of warnings reported by the static analyzer Smatch, the reverted commit improperly reduced the sizes of the DMA mappings used for the input and output parameters for both RSA and DH creating a mismatch (map size=8 bytes, unmap size=64 bytes). This issue is reported when CONFIG_DMA_API_DEBUG is selected, when the crypto self test is run. The function dma_unmap_single() reports a warning similar to the one below, saying that the `device driver frees DMA memory with different size`. DMA-API: 4xxx 0000:06:00.0: device driver frees DMA memory with different size [device address=0x0000000123206c80] [map size=8 bytes] [unmap size=64 bytes] WARNING: CPU: 0 PID: 0 at kernel/dma/debug.c:973 check_unmap+0x3d0/0x8c0\ ... Call Trace: <IRQ> debug_dma_unmap_page+0x5c/0x60 qat_dh_cb+0xd7/0x110 [intel_qat] qat_alg_asym_callback+0x1a/0x30 [intel_qat] adf_response_handler+0xbd/0x1a0 [intel_qat] tasklet_action_common.constprop.0+0xcd/0xe0 __do_softirq+0xf8/0x30c __irq_exit_rcu+0xbf/0x140 common_interrupt+0xb9/0xd0 </IRQ> <TASK> The original commit was correct. Cc: <stable@vger.kernel.org> Reported-by:
-
Damian Muszynski authored
When CONFIG_DMA_API_DEBUG is selected, while running the crypto self test on the QAT crypto algorithms, the function add_dma_entry() reports a warning similar to the one below, saying that overlapping mappings are not supported. This occurs in tests where the input and the output scatter list point to the same buffers (i.e. two different scatter lists which point to the same chunks of memory). The logic that implements the mapping uses the flag DMA_BIDIRECTIONAL for both the input and the output scatter lists which leads to overlapped write mappings. These are not supported by the DMA layer. Fix by specifying the correct DMA transfer directions when mapping buffers. For in-place operations where the input scatter list matches the output scatter list, buffers are mapped once with DMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag DMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE. Overlapping a read mapping with a write mapping is a valid case in dma-coherent devices like QAT. The function that frees and unmaps the buffers, qat_alg_free_bufl() has been changed accordingly to the changes to the mapping function. DMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270 ... Call Trace: dma_map_page_attrs+0x82/0x2d0 ? preempt_count_add+0x6a/0xa0 qat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat] qat_alg_aead_dec+0x71/0x250 [intel_qat] crypto_aead_decrypt+0x3d/0x70 test_aead_vec_cfg+0x649/0x810 ? number+0x310/0x3a0 ? vsnprintf+0x2a3/0x550 ? scnprintf+0x42/0x70 ? valid_sg_divisions.constprop.0+0x86/0xa0 ? test_aead_vec+0xdf/0x120 test_aead_vec+0xdf/0x120 alg_test_aead+0x185/0x400 alg_test+0x3d8/0x500 ? crypto_acomp_scomp_free_ctx+0x30/0x30 ? __schedule+0x32a/0x12a0 ? ttwu_queue_wakelist+0xbf/0x110 ? _raw_spin_unlock_irqrestore+0x23/0x40 ? try_to_wake_up+0x83/0x570 ? _raw_spin_unlock_irqrestore+0x23/0x40 ? __set_cpus_allowed_ptr_locked+0xea/0x1b0 ? crypto_acomp_scomp_free_ctx+0x30/0x30 cryptomgr_test+0x27/0x50 kthread+0xe6/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 Fixes: d370cec3 ("crypto: qat - Intel(R) QAT crypto interface") Link: https://lore.kernel.org/linux-crypto/20220223080400.139367-1-gilad@benyossef.com/Signed-off-by:
-
Zhiqi Song authored
The value of qm algorithm can change dynamically according to the value of the capability register. Add xxx_set_qm_algs() function to obtain the algs that the hardware device supported from the capability register and set them into usr mode attribute files. Signed-off-by:
Zhiqi Song <songzhiqi1@huawei.com> Signed-off-by:
Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by:
Weili Qian <qianweili@huawei.com> Signed-off-by:
-
Wenkai Lin authored
Add function 'sec_get_alg_bitmap' to get hardware algorithm bitmap before register algorithm to crypto, instead of determining whether to register an algorithm based on hardware platform's version. Signed-off-by:
-
Weili Qian authored
Add function 'hisi_zip_alg_support' to get device configuration information from capability registers, instead of determining whether to register an algorithm based on hardware platform's version. Signed-off-by:
-
Zhiqi Song authored
Use table to store the different ecdh curve configuration, making the registration of ecdh clearer and expansion more convenient. Signed-off-by:
-
Zhiqi Song authored
Read some hpre device configuration info from capability register, instead of fixed macros. Signed-off-by:
-
Weili Qian authored
Support get device irq information from hardware registers instead of fixed macros. Signed-off-by:
-
Weili Qian authored
Hardware V3 and later versions support get error type from registers. To be compatible with later hardware versions, get error type from registers instead of fixed marco. Signed-off-by:
-
Weili Qian authored
To be compatible with accelerator devices of different versions, 'UACCE_CMD_QM_SET_QP_INFO' ioctl is added to obtain queue information in userspace, including queue depth and buffer description size. Signed-off-by:
-
Weili Qian authored
Hardware V3 and later versions can obtain qp num and depth supported by the hardware from registers. To be compatible with later hardware versions, get qp num and depth from registers instead of fixed marcos. Signed-off-by:
-
Weili Qian authored
Before hardware V3, hardwares do not provide the feature registers, driver resolves hardware differences based on the hardware version. As a result, the driver does not support the new hardware. Hardware V3 and later versions support to obtain hardware features, such as power-gating management and doorbell isolation, through the hardware registers. To be compatible with later hardware versions, the features of the current device is obtained by reading the hardware registers instead of the hardware version. Signed-off-by:
-
Kai Ye authored
Some coding style fixes in sec crypto file. Signed-off-by:
-
Peter Harliman Liem authored
The use of swab() is causing failures in 64-bit arch, as it translates to __swab64() instead of the intended __swab32(). It eventually causes wrong results in xcbcmac & cmac algo. Fixes: 78cf1c8b ("crypto: inside-secure - Move ipad/opad into safexcel_context") Signed-off-by:
Antoine Tenart <atenart@kernel.org> Signed-off-by:
-
- 09 Sep, 2022 5 commits
-
-
ye xingchen authored
Return the value set_msg_len() directly instead of storing it in another redundant variable. Reported-by:
Breno Leitao <leitao@debian.org> Signed-off-by:
-
Koba Ko authored
A warning is shown during shutdown, __dma_async_device_channel_unregister called while 2 clients hold a reference WARNING: CPU: 15 PID: 1 at drivers/dma/dmaengine.c:1110 __dma_async_device_channel_unregister+0xb7/0xc0 Call dma_release_channel for occupied channles before dma_async_device_unregister. Fixes: 54cce8ec ("crypto: ccp - ccp_dmaengine_unregister release dma channels") Reported-by:
Koba Ko <koba.ko@canonical.com> Acked-by:
Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by:
-
ye xingchen authored
Return the value cptvf_send_msg_to_pf_timeout() directly instead of storing it in another redundant variable. Reported-by:
-
Ignat Korchagin authored
Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined. Commit 78a0324f ("crypto: akcipher - default implementations for request callbacks") introduced default callbacks for sign/verify operations, which just return an error code. However, these are not enough, because before calling sign the caller would likely call set_priv_key first on the instantiated transform (as the in-kernel testmgr does). This function does not have a default stub, so the kernel crashes, when trying to set a private key on an akcipher, which doesn't support signature generation. I've noticed this, when trying to add a KAT vector for ECDSA signature to the testmgr. With this patch the testmgr returns an error in dmesg (as it should) instead of crashing the kernel NULL ptr dereference. Fixes: 78a0324f ("crypto: akcipher - default implementations for request callbacks") Signed-off-by:Ignat Korchagin <ignat@cloudflare.com> Signed-off-by:
-
Sun Ke authored
In case of error, the function devm_ioremap_resource() returns ERR_PTR() not NULL. The NULL test in the return value check must be replaced with IS_ERR(). Fixes: 108713a7 ("crypto: aspeed - Add HACE hash driver") Signed-off-by:
Sun Ke <sunke32@huawei.com> Reviewed-by: Neal Liu<neal_liu@aspeedtech.com> Signed-off-by:
-
- 07 Sep, 2022 1 commit
-
-
Herbert Xu authored
This patch fixes a bunch of bit endianness warnings and two missing static modifiers. Signed-off-by:
-
