Commit dd4542d2 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:

 - Fix missed wake-up race in padata

 - Use crypto_memneq in ccp

 - Fix version check in ccp

 - Fix fuzz test failure in ccp

 - Fix potential double free in crypto4xx

 - Fix compile warning in stm32

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
  crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL
  crypto: ccp/gcm - use const time tag comparison.
  crypto: ccp - memset structure fields to zero before reuse
  crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
  crypto: stm32/hash - Fix incorrect printk modifier for size_t
parents 40ef768a cf144f81
...@@ -108,7 +108,6 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev) ...@@ -108,7 +108,6 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev)
return; return;
err_out: err_out:
of_node_put(trng);
iounmap(dev->trng_base); iounmap(dev->trng_base);
kfree(rng); kfree(rng);
dev->trng_base = NULL; dev->trng_base = NULL;
......
...@@ -622,6 +622,7 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, ...@@ -622,6 +622,7 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q,
unsigned long long *final; unsigned long long *final;
unsigned int dm_offset; unsigned int dm_offset;
unsigned int jobid;
unsigned int ilen; unsigned int ilen;
bool in_place = true; /* Default value */ bool in_place = true; /* Default value */
int ret; int ret;
...@@ -660,9 +661,11 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, ...@@ -660,9 +661,11 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q,
p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen); p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen);
} }
jobid = CCP_NEW_JOBID(cmd_q->ccp);
memset(&op, 0, sizeof(op)); memset(&op, 0, sizeof(op));
op.cmd_q = cmd_q; op.cmd_q = cmd_q;
op.jobid = CCP_NEW_JOBID(cmd_q->ccp); op.jobid = jobid;
op.sb_key = cmd_q->sb_key; /* Pre-allocated */ op.sb_key = cmd_q->sb_key; /* Pre-allocated */
op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */ op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
op.init = 1; op.init = 1;
...@@ -813,6 +816,13 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, ...@@ -813,6 +816,13 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q,
final[0] = cpu_to_be64(aes->aad_len * 8); final[0] = cpu_to_be64(aes->aad_len * 8);
final[1] = cpu_to_be64(ilen * 8); final[1] = cpu_to_be64(ilen * 8);
memset(&op, 0, sizeof(op));
op.cmd_q = cmd_q;
op.jobid = jobid;
op.sb_key = cmd_q->sb_key; /* Pre-allocated */
op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
op.init = 1;
op.u.aes.type = aes->type;
op.u.aes.mode = CCP_AES_MODE_GHASH; op.u.aes.mode = CCP_AES_MODE_GHASH;
op.u.aes.action = CCP_AES_GHASHFINAL; op.u.aes.action = CCP_AES_GHASHFINAL;
op.src.type = CCP_MEMTYPE_SYSTEM; op.src.type = CCP_MEMTYPE_SYSTEM;
...@@ -840,7 +850,8 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q, ...@@ -840,7 +850,8 @@ static int ccp_run_aes_gcm_cmd(struct ccp_cmd_queue *cmd_q,
if (ret) if (ret)
goto e_tag; goto e_tag;
ret = memcmp(tag.address, final_wa.address, AES_BLOCK_SIZE); ret = crypto_memneq(tag.address, final_wa.address,
AES_BLOCK_SIZE) ? -EBADMSG : 0;
ccp_dm_free(&tag); ccp_dm_free(&tag);
} }
......
...@@ -24,10 +24,6 @@ ...@@ -24,10 +24,6 @@
#include "sp-dev.h" #include "sp-dev.h"
#include "psp-dev.h" #include "psp-dev.h"
#define SEV_VERSION_GREATER_OR_EQUAL(_maj, _min) \
((psp_master->api_major) >= _maj && \
(psp_master->api_minor) >= _min)
#define DEVICE_NAME "sev" #define DEVICE_NAME "sev"
#define SEV_FW_FILE "amd/sev.fw" #define SEV_FW_FILE "amd/sev.fw"
#define SEV_FW_NAME_SIZE 64 #define SEV_FW_NAME_SIZE 64
...@@ -47,6 +43,15 @@ MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during ...@@ -47,6 +43,15 @@ MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during
static bool psp_dead; static bool psp_dead;
static int psp_timeout; static int psp_timeout;
static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
{
if (psp_master->api_major > maj)
return true;
if (psp_master->api_major == maj && psp_master->api_minor >= min)
return true;
return false;
}
static struct psp_device *psp_alloc_struct(struct sp_device *sp) static struct psp_device *psp_alloc_struct(struct sp_device *sp)
{ {
struct device *dev = sp->dev; struct device *dev = sp->dev;
...@@ -588,7 +593,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp) ...@@ -588,7 +593,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
int ret; int ret;
/* SEV GET_ID is available from SEV API v0.16 and up */ /* SEV GET_ID is available from SEV API v0.16 and up */
if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) if (!sev_version_greater_or_equal(0, 16))
return -ENOTSUPP; return -ENOTSUPP;
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
...@@ -651,7 +656,7 @@ static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp) ...@@ -651,7 +656,7 @@ static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
int ret; int ret;
/* SEV GET_ID available from SEV API v0.16 and up */ /* SEV GET_ID available from SEV API v0.16 and up */
if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) if (!sev_version_greater_or_equal(0, 16))
return -ENOTSUPP; return -ENOTSUPP;
/* SEV FW expects the buffer it fills with the ID to be /* SEV FW expects the buffer it fills with the ID to be
...@@ -1053,7 +1058,7 @@ void psp_pci_init(void) ...@@ -1053,7 +1058,7 @@ void psp_pci_init(void)
psp_master->sev_state = SEV_STATE_UNINIT; psp_master->sev_state = SEV_STATE_UNINIT;
} }
if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) && if (sev_version_greater_or_equal(0, 15) &&
sev_update_firmware(psp_master->dev) == 0) sev_update_firmware(psp_master->dev) == 0)
sev_get_api_version(); sev_get_api_version();
......
...@@ -338,7 +338,7 @@ static int stm32_hash_xmit_cpu(struct stm32_hash_dev *hdev, ...@@ -338,7 +338,7 @@ static int stm32_hash_xmit_cpu(struct stm32_hash_dev *hdev,
len32 = DIV_ROUND_UP(length, sizeof(u32)); len32 = DIV_ROUND_UP(length, sizeof(u32));
dev_dbg(hdev->dev, "%s: length: %d, final: %x len32 %i\n", dev_dbg(hdev->dev, "%s: length: %zd, final: %x len32 %i\n",
__func__, length, final, len32); __func__, length, final, len32);
hdev->flags |= HASH_FLAGS_CPU; hdev->flags |= HASH_FLAGS_CPU;
......
...@@ -267,7 +267,12 @@ static void padata_reorder(struct parallel_data *pd) ...@@ -267,7 +267,12 @@ static void padata_reorder(struct parallel_data *pd)
* The next object that needs serialization might have arrived to * The next object that needs serialization might have arrived to
* the reorder queues in the meantime, we will be called again * the reorder queues in the meantime, we will be called again
* from the timer function if no one else cares for it. * from the timer function if no one else cares for it.
*
* Ensure reorder_objects is read after pd->lock is dropped so we see
* an increment from another task in padata_do_serial. Pairs with
* smp_mb__after_atomic in padata_do_serial.
*/ */
smp_mb();
if (atomic_read(&pd->reorder_objects) if (atomic_read(&pd->reorder_objects)
&& !(pinst->flags & PADATA_RESET)) && !(pinst->flags & PADATA_RESET))
mod_timer(&pd->timer, jiffies + HZ); mod_timer(&pd->timer, jiffies + HZ);
...@@ -387,6 +392,13 @@ void padata_do_serial(struct padata_priv *padata) ...@@ -387,6 +392,13 @@ void padata_do_serial(struct padata_priv *padata)
list_add_tail(&padata->list, &pqueue->reorder.list); list_add_tail(&padata->list, &pqueue->reorder.list);
spin_unlock(&pqueue->reorder.lock); spin_unlock(&pqueue->reorder.lock);
/*
* Ensure the atomic_inc of reorder_objects above is ordered correctly
* with the trylock of pd->lock in padata_reorder. Pairs with smp_mb
* in padata_reorder.
*/
smp_mb__after_atomic();
put_cpu(); put_cpu();
/* If we're running on the wrong CPU, call padata_reorder() via a /* If we're running on the wrong CPU, call padata_reorder() via a
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment