platform/kernel/linux-rpi.git
8 years agocrypto: atmel-aes - add support to GCM mode
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:07 +0000 (18:13 +0100)]
crypto: atmel-aes - add support to GCM mode

This patch adds support to the GCM mode.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - change the DMA threshold
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:06 +0000 (18:13 +0100)]
crypto: atmel-aes - change the DMA threshold

Increase the DMA threshold to 256: PIO accesses offer better performances
than the DMA when processing small amounts of data.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - fix the counter overflow in CTR mode
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:05 +0000 (18:13 +0100)]
crypto: atmel-aes - fix the counter overflow in CTR mode

Depending on its hardware version, the AES IP provides either a 16 or a
32 bit counter. However the CTR mode expects the size of the counter to be
the same as the size of the cipher block, ie 128 bits for AES.
This patch detects and handles counter overflows.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - fix atmel-ctr-aes driver for RFC 3686
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:04 +0000 (18:13 +0100)]
crypto: atmel-aes - fix atmel-ctr-aes driver for RFC 3686

crypto_rfc3686_alloc() in crypto/ctr.c expects to be used with a stream
cipher (alg->cra_blocksize == 1).

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - create sections to regroup functions by usage
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:03 +0000 (18:13 +0100)]
crypto: atmel-aes - create sections to regroup functions by usage

This patch only creates sections to regroup functions by usage.
This will help to integrate the GCM support patch later by making the
difference between shared/common and specific code. Hence current
sections are:

- Shared functions: common code which will be reused by the GCM support.
- CPU transfer: handles transfers monitored by the CPU (PIO accesses).
- DMA transfer: handles transfers monitored by the DMA controller.
- AES async block ciphers: dedicated to the already supported block ciphers
- Probe functions: used to register all crypto algorithms.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - fix typo and indentation
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:02 +0000 (18:13 +0100)]
crypto: atmel-aes - fix typo and indentation

Dummy patch to fix typo and indentation.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - use SIZE_IN_WORDS() helper macro
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:01 +0000 (18:13 +0100)]
crypto: atmel-aes - use SIZE_IN_WORDS() helper macro

This is a dummy cosmetic patch.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - improve performances of data transfer
Cyrille Pitchen [Thu, 17 Dec 2015 17:13:00 +0000 (18:13 +0100)]
crypto: atmel-aes - improve performances of data transfer

This patch totally reworks data transfer.

1 - DMA

The new code now fully supports scatter-gather lists hence reducing the
number of interrupts in some cases. Also buffer alignments are better
managed to avoid useless copies.

2 - CPU

The new code allows to use PIO accesses even when transferring more than
one AES block, so futher patches could tune the DMA threshold
(ATMEL_AES_DMA_THRESHOLD).
Moreover, CPU transfers now have a chance to be processed synchronously,
hence reducing the latency by avoiding context switches when possible
(less interrupts to process, less scheduling of the 'done' task).
Indeed the 'DATA READY' bit is polled only one time in the Interrupt
Status Register before enabling then waiting for the associated interrupt.
In some condition, this single poll is enough as the data have already
been processed by the AES hardware and so are ready.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - fix atmel_aes_remove()
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:46 +0000 (17:48 +0100)]
crypto: atmel-aes - fix atmel_aes_remove()

Add missing call to atmel_aes_buff_cleanup().

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - remove useless AES_FLAGS_DMA flag
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:45 +0000 (17:48 +0100)]
crypto: atmel-aes - remove useless AES_FLAGS_DMA flag

Since the 'done' task code was split into atmel_aes_cpu_complete() and
atmel_aes_dma_complete(), the AES_FLAGS_DMA flag has become useless.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - reduce latency of DMA completion
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:44 +0000 (17:48 +0100)]
crypto: atmel-aes - reduce latency of DMA completion

atmel_aes_dma_callback() now directly calls the 'resume' callback instead
of scheduling the done task, which in turn only calls the very same
'resume' callback.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - remove unused 'err' member of struct atmel_aes_dev
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:43 +0000 (17:48 +0100)]
crypto: atmel-aes - remove unused 'err' member of struct atmel_aes_dev

This 'err' member was initialized to 0 but its value never changed.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - rework crypto request completion
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:42 +0000 (17:48 +0100)]
crypto: atmel-aes - rework crypto request completion

This patch introduces a new callback 'resume' in the struct atmel_aes_dev.
This callback is run to resume/complete the processing of the crypto
request when woken up by I/O events such as AES interrupts or DMA
completion.

This callback will help implementing the GCM mode support in further
patches.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - simplify the configuration of the AES IP
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:41 +0000 (17:48 +0100)]
crypto: atmel-aes - simplify the configuration of the AES IP

This patch reworks the AES_FLAGS_* to simplify the configuration of the
AES IP.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - remove useless write in the Control Register
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:40 +0000 (17:48 +0100)]
crypto: atmel-aes - remove useless write in the Control Register

As claimed by the datasheet, writing 0 into the Control Register has no
effet. So we remove this useless register access.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - make crypto request queue management more generic
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:39 +0000 (17:48 +0100)]
crypto: atmel-aes - make crypto request queue management more generic

This patch changes atmel_aes_handle_queue() to make it more generic.
The function argument is now a pointer to struct crypto_async_request,
which is the common base of struct ablkcipher_request and
struct aead_request.

Also this patch introduces struct atmel_aes_base_ctx which will be the
common base of all the transformation contexts.

Hence the very same queue will be used to manage both block cipher and
AEAD requests (such as gcm and authenc implemented in further patches).

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - change atmel_aes_write_ctrl() signature
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:38 +0000 (17:48 +0100)]
crypto: atmel-aes - change atmel_aes_write_ctrl() signature

This patch changes the signature of atmel_aes_write_ctrl() to make it more
generic. This will be used by future patches when implementing new block
cipher modes such as GCM.

Especially atmel_aes_hw_init() is now called outside
atmel_aes_write_ctrl(): this allows to call atmel_aes_write_ctrl() many
times, still initializing the hardware only once.

Indeed, the support of GCM will require to update the Mode Register and
the IV when processing a single request.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - propagate error from atmel_aes_hw_version_init()
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:37 +0000 (17:48 +0100)]
crypto: atmel-aes - propagate error from atmel_aes_hw_version_init()

Before this patch atmel_aes_hw_version_init() had no returned value.
However it calls atmel_aes_hw_init(), which may fail. So check the
returned code of atmel_aes_hw_init() and propagate error if needed.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - remove unused header includes
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:36 +0000 (17:48 +0100)]
crypto: atmel-aes - remove unused header includes

Hash headers have nothing to do with AES block ciphers.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - fix unregistration order of crypto algorithms
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:35 +0000 (17:48 +0100)]
crypto: atmel-aes - fix unregistration order of crypto algorithms

This dummy patch fixes atmel_aes_unregister_algs() so crypto algorithms
are unregistered in the reverse order they were registered by
atmel_aes_register_algs().

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - change algorithm priorities
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:34 +0000 (17:48 +0100)]
crypto: atmel-aes - change algorithm priorities

Increase the algorithm priorities so the hardware acceleration is now
preferred to the software computation: the "aes-generice" driver uses 100
as priority.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - constify value argument of atmel_aes_write_n()
Cyrille Pitchen [Thu, 17 Dec 2015 16:48:33 +0000 (17:48 +0100)]
crypto: atmel-aes - constify value argument of atmel_aes_write_n()

atmel_aes_write_n() should not modify its value argument.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-aes - add new version
Leilei Zhao [Thu, 17 Dec 2015 16:48:32 +0000 (17:48 +0100)]
crypto: atmel-aes - add new version

Add new version of atmel-aes available with SAMA5D2 devices.

Signed-off-by: Leilei Zhao <leilei.zhao@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - use list_for_each_entry*
Geliang Tang [Sat, 19 Dec 2015 08:22:51 +0000 (16:22 +0800)]
crypto: qat - use list_for_each_entry*

Use list_for_each_entry*() instead of list_for_each*() to simplify
the code.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ux500 - Use precalculated hash from headers
LABBE Corentin [Thu, 17 Dec 2015 12:45:42 +0000 (13:45 +0100)]
crypto: ux500 - Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Use precalculated hash from headers
LABBE Corentin [Thu, 17 Dec 2015 12:45:41 +0000 (13:45 +0100)]
crypto: ccp - Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: n2 - Use precalculated hash from headers
LABBE Corentin [Thu, 17 Dec 2015 12:45:40 +0000 (13:45 +0100)]
crypto: n2 - Use precalculated hash from headers

Precalculated hash for empty message are now present in hash headers.
This patch just use them.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: hash - add zero length message hash for shax and md5
LABBE Corentin [Thu, 17 Dec 2015 12:45:39 +0000 (13:45 +0100)]
crypto: hash - add zero length message hash for shax and md5

Some crypto drivers cannot process empty data message and return a
precalculated hash for md5/sha1/sha224/sha256.

This patch add thoses precalculated hash in include/crypto.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - fix some timeout tests
Pingchao Yang [Wed, 16 Dec 2015 06:09:50 +0000 (14:09 +0800)]
crypto: qat - fix some timeout tests

Change the timeout condition since the times value would be -1 after
running MAX_RETRY_TIMES.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yang Pingchao <pingchao.yang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - fix CTX_ENABLES bits shift direction issue
Pingchao Yang [Wed, 16 Dec 2015 02:39:40 +0000 (10:39 +0800)]
crypto: qat - fix CTX_ENABLES bits shift direction issue

AE CTX bits should be 8-15 in CTX_ENABLES, so the mask
value 0xff should be left shifted 0x8.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Yang Pingchao <pingchao.yang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - don't allocate buffer on stack
Andrzej Zaborowski [Sat, 12 Dec 2015 05:03:51 +0000 (00:03 -0500)]
crypto: rsa-pkcs1pad - don't allocate buffer on stack

Avoid the s390 compile "warning: 'pkcs1pad_encrypt_sign_complete'
uses dynamic stack allocation" reported by kbuild test robot.  Don't
use a flat zero-filled buffer, instead zero the contents of the SGL.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap - Removed unused variable "err"
Rahul Pathak [Mon, 14 Dec 2015 08:45:23 +0000 (08:45 +0000)]
crypto: omap - Removed unused variable "err"

Removed unused variable "err" and directly return "0"

Reported by coccicheck -
./drivers/crypto/omap-aes.c:542:5-8: Unneeded variable: "err". Return "0" on line 551
./drivers/crypto/omap-des.c:530:5-8: Unneeded variable: "err". Return "0" on line 539

Signed-off-by: Rahul Pathak <rpathak@visteon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel-sha - Removed unused variable "err"
Rahul Pathak [Mon, 14 Dec 2015 08:44:19 +0000 (08:44 +0000)]
crypto: atmel-sha - Removed unused variable "err"

Removed unused variable "err" and directly return "0"

Reported by coccicheck -
./drivers/crypto/atmel-sha.c:758:5-8: Unneeded variable: "err". Return "0" on line 766

Signed-off-by: Rahul Pathak <rpathak@visteon.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: nx-842 - Mask XERS0 bit in return value
Haren Myneni [Sun, 13 Dec 2015 11:30:41 +0000 (03:30 -0800)]
crypto: nx-842 - Mask XERS0 bit in return value

NX842 coprocessor sets 3rd bit in CR register with XER[S0] which is
nothing to do with NX request. Since this bit can be set with other
valuable return status, mast this bit.

One of other bits (INITIATED, BUSY or REJECTED) will be returned for
any given NX request.

Signed-off-by: Haren Myneni <haren@us.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - uint8_t is not large enough for accel_id
Tadeusz Struk [Thu, 10 Dec 2015 22:23:03 +0000 (14:23 -0800)]
crypto: qat - uint8_t is not large enough for accel_id

accel_id has to be large enough to hold ADF_MAX_DEVICES + 1
(which is > 1025) so uint8_t is too small.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-des - Fix "schedule while atomic" bug
Sam Protsenko [Thu, 10 Dec 2015 16:06:59 +0000 (18:06 +0200)]
crypto: omap-des - Fix "schedule while atomic" bug

When using DES module the next bug appears:

    BUG: scheduling while atomic: kworker/0:1/63/0x00000102

With backtrace as follows:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[<c0012294>] (dump_backtrace) from [<c00124ac>] (show_stack+0x18/0x1c)
[<c0012494>] (show_stack) from [<c0752554>] (dump_stack+0x84/0xc4)
[<c07524d0>] (dump_stack) from [<c0750218>] (__schedule_bug+0x54/0x64)
[<c07501c4>] (__schedule_bug) from [<c07548a4>] (__schedule+0x4ac/0x53c)
[<c07543f8>] (__schedule) from [<c075496c>] (schedule+0x38/0x88)
[<c0754934>] (schedule) from [<c03c3984>] (rpm_resume+0x158/0x59c)
[<c03c382c>] (rpm_resume) from [<c03c3e1c>] (__pm_runtime_resume+0x54/0x6c)
[<c03c3dc8>] (__pm_runtime_resume) from [<c0568ff8>] (omap_des_handle_queue+0x154/0x7bc)
[<c0568ea4>] (omap_des_handle_queue) from [<c05696b8>] (omap_des_crypt+0x58/0xbc)
[<c0569660>] (omap_des_crypt) from [<c0569730>] (omap_des_cbc_decrypt+0x14/0x18)
[<c056971c>] (omap_des_cbc_decrypt) from [<c0297534>] (authenc_verify_ahash_done+0xe0/0xe8)
[<c0297454>] (authenc_verify_ahash_done) from [<c056a330>] (omap_sham_finish_req+0x58/0xa8)
[<c056a2d8>] (omap_sham_finish_req) from [<c056b714>] (omap_sham_done_task+0x1c0/0x1e0)
[<c056b554>] (omap_sham_done_task) from [<c003e53c>] (tasklet_action+0x80/0x118)
[<c003e4bc>] (tasklet_action) from [<c003e740>] (__do_softirq+0x11c/0x260)
[<c003e624>] (__do_softirq) from [<c003eb64>] (irq_exit+0xc0/0xfc)
[<c003eaa4>] (irq_exit) from [<c000f1c4>] (handle_IRQ+0x4c/0x98)
[<c000f178>] (handle_IRQ) from [<c0008568>] (gic_handle_irq+0x34/0x64)
[<c0008534>] (gic_handle_irq) from [<c0758540>] (__irq_svc+0x40/0x70)

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Insight was seen in drivers/crypto/omap-sham.c driver.
All credits for this patch go to Grygorii Strashko.

Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - enable VF irq after guest exits ungracefully
Zeng Xin [Thu, 10 Dec 2015 05:38:30 +0000 (21:38 -0800)]
crypto: qat - enable VF irq after guest exits ungracefully

The VF bundle interrupt is not triggered any more in
the case when guest is shut down with sample app running.
Need to clear the flag interrupt bit when restarting to fix
this irrecoverable state.

Signed-off-by: Zeng Xin <xin.zeng@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: asymmetric_keys - signature.c does not need <module.h>
Paul Gortmaker [Wed, 9 Dec 2015 20:05:28 +0000 (15:05 -0500)]
crypto: asymmetric_keys - signature.c does not need <module.h>

This file does not contain any modular related function calls.  So get
rid of module.h since it drags in a lot of other headers and adds to
the preprocessing load.  It does export some symbols though, so we'll
need to ensure it has export.h present instead.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - select PCI_IOV when VF are enabled
Tadeusz Struk [Wed, 9 Dec 2015 19:59:47 +0000 (11:59 -0800)]
crypto: qat - select PCI_IOV when VF are enabled

Fix i386-randconfig-x004-12092241.
PCI_IOV needs to be selected when VFs are enabled

Reported-by: <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - ring returning retry even though ring has BW
Harvijay Saini [Wed, 9 Dec 2015 19:59:45 +0000 (11:59 -0800)]
crypto: qat - ring returning retry even though ring has BW

When many threads submit multiple requests they get blocked until all
responses are processed, which prevents them from submitting more requests
even though there is space on the rings.
To fix this we need to decrement the inflight counter early to in the callback.

Signed-off-by: Harvijay Saini <harvijayx.saini@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: akcipher - fix typos in include/crypto/akcipher.h
LABBE Corentin [Tue, 8 Dec 2015 08:00:23 +0000 (09:00 +0100)]
crypto: akcipher - fix typos in include/crypto/akcipher.h

Fix numerous spelling error in include/crypto/akcipher.h

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - fix debug output for 64-bit dma_addr_t
Arnd Bergmann [Tue, 8 Dec 2015 15:24:22 +0000 (16:24 +0100)]
crypto: sahara - fix debug output for 64-bit dma_addr_t

The sahara_dump_descriptors and sahara_dump_links functions attempt
to print a dma_addr_t value with a 0x%08x format string, which
produces a warning when dma_addr_t is 64-bit wide:

drivers/crypto/sahara.c:419:120: warning: format '%x' expects argument of type 'unsigned int', but argument 5 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]

This changes the code to use the %pad format string that is meant
for dma_addr_t, which avoids the warning and gives us the correct
output in all configurations.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - fix 64-bit dma_addr_t compilation
Arnd Bergmann [Tue, 8 Dec 2015 15:23:51 +0000 (16:23 +0100)]
crypto: sahara - fix 64-bit dma_addr_t compilation

The sahara hardware uses DMA descriptors with 32-bit addresses, but
dma_addr_t is variable size depending on whether we want to support
any devices that use 64-bit DMA addresses in hardware.
This means that the definition of the DMA descriptor structure is wrong,
and we helpfully get a compiler warning about them too:

drivers/crypto/sahara.c:423:372: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'dma_addr_t {aka long long unsigned int}' [-Wformat=]

This changes the definition of the sahara_hw_desc and sahara_hw_link
structures to only contain fixed-length members, which is required
to make the driver work on ARM LPAE mode, and avoids most of the
gcc warnings we get.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: drbg - constify drbg_state_ops structures
Julia Lawall [Mon, 7 Dec 2015 20:36:57 +0000 (21:36 +0100)]
crypto: drbg - constify drbg_state_ops structures

The drbg_state_ops structures are never modified, so declare them as const.

Done with the help of Coccinelle.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: chacha20poly1305 - Skip encryption/decryption for 0-len
Jason A. Donenfeld [Sun, 6 Dec 2015 01:51:38 +0000 (02:51 +0100)]
crypto: chacha20poly1305 - Skip encryption/decryption for 0-len

If the length of the plaintext is zero, there's no need to waste cycles
on encryption and decryption. Using the chacha20poly1305 construction
for zero-length plaintexts is a common way of using a shared encryption
key for AAD authentication.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa - RSA padding algorithm
Andrzej Zaborowski [Sat, 5 Dec 2015 16:09:34 +0000 (17:09 +0100)]
crypto: rsa - RSA padding algorithm

This patch adds PKCS#1 v1.5 standard RSA padding as a separate template.
This way an RSA cipher with padding can be obtained by instantiating
"pkcs1pad(rsa)".  The reason for adding this is that RSA is almost
never used without this padding (or OAEP) so it will be needed for
either certificate work in the kernel or the userspace, and I also hear
that it is likely implemented by hardware RSA in which case hardware
implementations of the whole of pkcs1pad(rsa) can be provided.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: akcipher - add akcipher declarations needed by templates.
Andrzej Zaborowski [Sat, 5 Dec 2015 16:09:33 +0000 (17:09 +0100)]
crypto: akcipher - add akcipher declarations needed by templates.

Add a struct akcipher_instance and struct akcipher_spawn similar to
how AEAD declares them and the macros for converting to/from
crypto_instance/crypto_spawn.  Also add register functions to
avoid exposing crypto_akcipher_type.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add support for c62xvf accel type
Tadeusz Struk [Sat, 5 Dec 2015 00:56:51 +0000 (16:56 -0800)]
crypto: qat - add support for c62xvf accel type

Add support for c62x accelerator Virtual Function

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add support for c3xxxvf accel type
Tadeusz Struk [Sat, 5 Dec 2015 00:56:45 +0000 (16:56 -0800)]
crypto: qat - add support for c3xxxvf accel type

Add support for c3xxx accelerator Virtual Function

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add support for c62x accel type
Tadeusz Struk [Sat, 5 Dec 2015 00:56:40 +0000 (16:56 -0800)]
crypto: qat - add support for c62x accel type

Add support for qat c62x accel type

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add support for c3xxx accel type
Tadeusz Struk [Sat, 5 Dec 2015 00:56:34 +0000 (16:56 -0800)]
crypto: qat - add support for c3xxx accel type

Add support for c3xxx accel type.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - move isr files to qat common so that they can be reused
Tadeusz Struk [Sat, 5 Dec 2015 00:56:28 +0000 (16:56 -0800)]
crypto: qat - move isr files to qat common so that they can be reused

Move qat_isr.c and qat_isrvf.c files to qat_common dir
so that they can be reused by all devices.
Remove adf_drv.h files because thay are not longer needed.
Move adf_dev_configure() function to qat_common so it can be reused.
Also some minor updates to common code for multidevice.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add support for new devices to FW loader
Pingchao Yang [Sat, 5 Dec 2015 00:56:23 +0000 (16:56 -0800)]
crypto: qat - add support for new devices to FW loader

FW loader updates for new qat devices

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - add new device definitions
Tadeusz Struk [Sat, 5 Dec 2015 00:56:17 +0000 (16:56 -0800)]
crypto: qat - add new device definitions

Add dev ids and names for the new device types.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: aead - fix kernel-doc warnings in crypto/aead.h
Randy Dunlap [Thu, 3 Dec 2015 20:00:41 +0000 (12:00 -0800)]
crypto: aead - fix kernel-doc warnings in crypto/aead.h

Fix 21 occurrences of this kernel-doc warning in <crypto/aead.h>:

..//include/crypto/aead.h:149: warning: No description found for parameter 'base'

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: n2 - Use platform_register/unregister_drivers()
Thierry Reding [Wed, 2 Dec 2015 16:16:36 +0000 (17:16 +0100)]
crypto: n2 - Use platform_register/unregister_drivers()

These new helpers simplify implementing multi-driver modules and
properly handle failure to register one driver by unregistering all
previously registered drivers.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: talitos - add new crypto modes
LEROY Christophe [Tue, 1 Dec 2015 11:44:15 +0000 (12:44 +0100)]
crypto: talitos - add new crypto modes

This patch adds the following algorithms to the talitos driver:
* ecb(aes)
* ctr(aes)
* ecb(des)
* cbc(des)
* ecb(des3_ede)

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: vmx - IV size failing on skcipher API
Leonidas Da Silva Barbosa [Mon, 30 Nov 2015 18:19:03 +0000 (16:19 -0200)]
crypto: vmx - IV size failing on skcipher API

IV size was zero on CBC and CTR modes,
causing a bug triggered by skcipher.

Fixing this  adding a correct size.

Signed-off-by: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Paulo Smorigo <pfsmorigo@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: caam - pass the correct buffer length
Fabio Estevam [Mon, 30 Nov 2015 13:03:58 +0000 (11:03 -0200)]
crypto: caam - pass the correct buffer length

When buffer 0 is used we should use buflen_0 instead of buflen_1.

Fix it.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: cryptd - Assign statesize properly
Wang, Rui Y [Sun, 29 Nov 2015 14:45:34 +0000 (22:45 +0800)]
crypto: cryptd - Assign statesize properly

cryptd_create_hash() fails by returning -EINVAL.  It is because after
8996eafdc ("crypto: ahash - ensure statesize is non-zero") all ahash
drivers must have a non-zero statesize.

This patch fixes the problem by properly assigning the statesize.

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ghash-clmulni - Fix load failure
Wang, Rui Y [Sun, 29 Nov 2015 14:45:33 +0000 (22:45 +0800)]
crypto: ghash-clmulni - Fix load failure

ghash_clmulni_intel fails to load on Linux 4.3+ with the following message:
"modprobe: ERROR: could not insert 'ghash_clmulni_intel': Invalid argument"

After 8996eafdc ("crypto: ahash - ensure statesize is non-zero") all ahash
drivers are required to implement import()/export(), and must have a non-
zero statesize.

This patch has been tested with the algif_hash interface. The calculated
digest values, after several rounds of import()s and export()s, match those
calculated by tcrypt.

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rockchip - fix possible deadlock
Heiko Stuebner [Sat, 28 Nov 2015 12:27:48 +0000 (13:27 +0100)]
crypto: rockchip - fix possible deadlock

Lockdep warns about a possible deadlock resulting from the use of regular
spin_locks:

=================================
[ INFO: inconsistent lock state ]
4.4.0-rc2+ #2724 Not tainted
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/0/3 [HC0[0]:SC1[1]:HE1:SE0] takes:
(&(&crypto_info->lock)->rlock){+.?...}, at: [<bf14a65c>] rk_crypto_tasklet_cb+0x24/0xb4 [rk_crypto]
{SOFTIRQ-ON-W} state was registered at:
  [<c007f4ac>] lock_acquire+0x178/0x218
  [<c0759bac>] _raw_spin_lock+0x54/0x64
  [<bf14af88>] rk_handle_req+0x7c/0xbc [rk_crypto]
  [<bf14b040>] rk_des_ecb_encrypt+0x2c/0x30 [rk_crypto]
  [<bf14b05c>] rk_aes_ecb_encrypt+0x18/0x1c [rk_crypto]
  [<c028c820>] skcipher_encrypt_ablkcipher+0x64/0x68
  [<c0290770>] __test_skcipher+0x2a8/0x8dc
  [<c0292e94>] test_skcipher+0x38/0xc4
  [<c0292fb0>] alg_test_skcipher+0x90/0xb0
  [<c0292158>] alg_test+0x1e8/0x280
  [<c028f6f4>] cryptomgr_test+0x34/0x54
  [<c004bbe8>] kthread+0xf4/0x10c
  [<c0010010>] ret_from_fork+0x14/0x24
irq event stamp: 10672
hardirqs last  enabled at (10672): [<c002fac8>] tasklet_action+0x48/0x104
hardirqs last disabled at (10671): [<c002faa0>] tasklet_action+0x20/0x104
softirqs last  enabled at (10658): [<c002ef84>] __do_softirq+0x358/0x49c
softirqs last disabled at (10669): [<c002f108>] run_ksoftirqd+0x40/0x80

other info that might help us debug this:
Possible unsafe locking scenario:

    CPU0
    ----
  lock(&(&crypto_info->lock)->rlock);
  <Interrupt>
    lock(&(&crypto_info->lock)->rlock);

 *** DEADLOCK ***

Fix this by moving to irq-disabling spinlocks.

Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: core - sleep interruptible in read
Jiri Slaby [Fri, 27 Nov 2015 15:50:43 +0000 (16:50 +0100)]
hwrng: core - sleep interruptible in read

hwrng kthread can be waiting via hwrng_fillfn for some data from a rng
like virtio-rng:
hwrng           D ffff880093e17798     0   382      2 0x00000000
...
Call Trace:
 [<ffffffff817339c6>] wait_for_completion_killable+0x96/0x210
 [<ffffffffa00aa1b7>] virtio_read+0x57/0xf0 [virtio_rng]
 [<ffffffff814f4a35>] hwrng_fillfn+0x75/0x130
 [<ffffffff810aa243>] kthread+0xf3/0x110

And when some user program tries to read the /dev node in this state,
we get:
rngd            D ffff880093e17798     0   762      1 0x00000004
...
Call Trace:
 [<ffffffff817351ac>] mutex_lock_nested+0x15c/0x3e0
 [<ffffffff814f478e>] rng_dev_read+0x6e/0x240
 [<ffffffff81231958>] __vfs_read+0x28/0xe0
 [<ffffffff81232393>] vfs_read+0x83/0x130

And this is indeed unkillable. So use mutex_lock_interruptible
instead of mutex_lock in rng_dev_read and exit immediatelly when
interrupted. And possibly return already read data, if any (as POSIX
allows).

v2: use ERESTARTSYS instead of EINTR

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: <linux-crypto@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: cryptod - use crypto_skcipher_type() for getting skcipher type
Alexander Kuleshov [Wed, 25 Nov 2015 17:48:28 +0000 (23:48 +0600)]
crypto: cryptod - use crypto_skcipher_type() for getting skcipher type

The <linux/crypto.h> provides inline function - crypto_skcipher_type().
Let's use it in the cryptd_alloc_ablkcipher() instead of direct calculation.

Signed-off-by: Alexander Kuleshov <kuleshovmail@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rockchip - add crypto driver for rk3288
Zain Wang [Wed, 25 Nov 2015 05:43:32 +0000 (13:43 +0800)]
crypto: rockchip - add crypto driver for rk3288

Crypto driver support:
     ecb(aes) cbc(aes) ecb(des) cbc(des) ecb(des3_ede) cbc(des3_ede)
You can alloc tags above in your case.

And other algorithms and platforms will be added later on.

Signed-off-by: Zain Wang <zain.wang@rock-chips.com>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rockchip - add DT bindings documentation
Zain Wang [Wed, 25 Nov 2015 05:43:30 +0000 (13:43 +0800)]
crypto: rockchip - add DT bindings documentation

Add DT bindings documentation for the rk3288 crypto drivers.

Signed-off-by: Zain Wang <zain.wang@rock-chips.com>
Acked-by: Rob Herring <robh@kernel.org>
Tested-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: nx - use of_property_read_u32()
saurabh [Mon, 23 Nov 2015 09:56:54 +0000 (15:26 +0530)]
crypto: nx - use of_property_read_u32()

use of_propert_read_u32() for reading int value,
it can help reducing number of variables used

Signed-off-by: Saurabh Sengar <saurabh.truth@gmail.com>
Acked-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: padlock-aes - use offset_in_page macro
Geliang Tang [Sat, 21 Nov 2015 14:24:11 +0000 (22:24 +0800)]
crypto: padlock-aes - use offset_in_page macro

Use offset_in_page macro instead of (addr & ~PAGE_MASK).

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - fix typo in clean-files
Jim Davis [Fri, 20 Nov 2015 00:06:19 +0000 (17:06 -0700)]
crypto: qat - fix typo in clean-files

A typo in the Makefile leaves qat_rsaprivkey-asn1.h hanging around.

Signed-off-by: Jim Davis <jim.epost@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: picoxcell - set [src|dst]_nents and nents as signed int
LABBE Corentin [Thu, 19 Nov 2015 12:38:18 +0000 (13:38 +0100)]
crypto: picoxcell - set [src|dst]_nents and nents as signed int

The unsigned int variables [src|dst]_nents and nents can be assigned
signed value (-EINVAL) from sg_nents_for_len().
Furthermore they are used only by dma_map_sg and dma_unmap_sg which wait
for an signed int, so they must be set as int.

Fixes: f051f95eb47b ("crypto: picoxcell - check return value of sg_nents_for_len")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sahara - set nb_[in|out]_sg as signed int
LABBE Corentin [Thu, 19 Nov 2015 12:38:17 +0000 (13:38 +0100)]
crypto: sahara - set nb_[in|out]_sg as signed int

The two unsigned int variables nb_in_sg and nb_out_sg can be assigned
signed value (-EINVAL) from sg_nents_for_len().
Furthermore they are used only by dma_map_sg and dma_unmap_sg which wait
for an signed int, so they must be set as int.

Fixes: 6c2b74d4774f ("crypto: sahara - check return value of sg_nents_for_len")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: omap3-rom - convert timer to delayed work
Aaro Koskinen [Wed, 18 Nov 2015 19:59:01 +0000 (21:59 +0200)]
hwrng: omap3-rom - convert timer to delayed work

We cannot put the HW RNG to idle using a timer because we cannot disable
clocks from atomic context. Use a delayed work instead.

Fixes a warning with CONFIG_DEBUG_MUTEXES on Nokia N900 during boot.

Reported-by: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel: fix bogus select
Arnd Bergmann [Tue, 27 Jan 2015 21:34:04 +0000 (22:34 +0100)]
crypto: atmel: fix bogus select

The Atmel at91 crypto driver unconditionally selects AT_HDMAC,
which results in a Kconfig warning if that driver is not enabled:

warning: (CRYPTO_DEV_ATMEL_AES) selects AT_HDMAC which has unmet direct dependencies (DMADEVICES && ARCH_AT91)

The crypto driver itself does not actually have a dependency
on a particular dma engine, other than this being the one that
is used in at91.

Removing the 'select' gets rid of the warning, but can cause
the driver to be unusable if the HDMAC is not enabled at the
same time. To work around that, this patch clarifies the runtime
dependency to be 'AT_HDMAC || AT_XDMAC', but adds an alternative
for COMPILE_TEST, which lets the driver get build on all systems.

The ARCH_AT91 dependency is implied by AT_XDMAC || AT_HDMAC now
and no longer needs to be listed separately.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: tcrypt - fix keysize argument of test_aead_speed for gcm(aes)
Cyrille Pitchen [Tue, 17 Nov 2015 12:37:10 +0000 (13:37 +0100)]
crypto: tcrypt - fix keysize argument of test_aead_speed for gcm(aes)

The key sizes used by AES in GCM mode should be 128, 192 or 256 bits (16,
24 or 32 bytes).
There is no additional 4byte nonce as for RFC 4106.

Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: atmel - fix 64-bit warnings
Arnd Bergmann [Tue, 17 Nov 2015 09:22:06 +0000 (10:22 +0100)]
crypto: atmel - fix 64-bit warnings

The atmel AES driver assumes that 'int' and 'size_t' are the same
type in multiple locations, which the compiler warns about when
building it for 64-bit systems:

In file included from ../drivers/crypto/atmel-aes.c:17:0:
drivers/crypto/atmel-aes.c: In function 'atmel_aes_sg_copy':
include/linux/kernel.h:724:17: warning: comparison of distinct pointer types lacks a cast
drivers/crypto/atmel-aes.c:448:11: note: in expansion of macro 'min'

drivers/crypto/atmel-aes.c: In function 'atmel_aes_crypt_dma_stop':
include/linux/kern_levels.h:4:18: warning: format '%u' expects argument of type 'unsigned int', but argument 2 has type 'size_t {aka long unsigned int}' [-Wformat=]

This changes the format strings to use the %z modifier when printing
a size_t, and makes sure that we use the correct size_t type where
needed. In case of sg_dma_len(), the type of the result depends
on CONFIG_NEED_SG_DMA_LENGTH, so we have to use min_t to get it to
work in all configurations.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mcryptd - use list_first_entry_or_null()
Geliang Tang [Mon, 16 Nov 2015 14:37:15 +0000 (22:37 +0800)]
crypto: mcryptd - use list_first_entry_or_null()

Simplify mcryptd_opportunistic_flush() with list_first_entry_or_null().

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: api - use list_first_entry_or_null and list_next_entry
Geliang Tang [Mon, 16 Nov 2015 14:37:14 +0000 (22:37 +0800)]
crypto: api - use list_first_entry_or_null and list_next_entry

Simplify crypto_more_spawns() with list_first_entry_or_null()
and list_next_entry().

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sun4i-ss - add missing statesize
LABBE Corentin [Mon, 16 Nov 2015 08:35:54 +0000 (09:35 +0100)]
crypto: sun4i-ss - add missing statesize

sun4i-ss implementaton of md5/sha1 is via ahash algorithms.
Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
made impossible to load them without giving statesize. This patch
specifiy statesize for sha1 and md5.

Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Cc: <stable@vger.kernel.org> # v4.3+
Tested-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: ixp4xx - Delete unnecessary checks before the function call "dma_pool_destroy"
Markus Elfring [Sun, 15 Nov 2015 15:51:21 +0000 (16:51 +0100)]
crypto: ixp4xx - Delete unnecessary checks before the function call "dma_pool_destroy"

The dma_pool_destroy() function tests whether its argument is NULL
and then returns immediately. Thus the test around the calls is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - constify pci_error_handlers structures
Julia Lawall [Sat, 14 Nov 2015 10:06:59 +0000 (11:06 +0100)]
crypto: qat - constify pci_error_handlers structures

This pci_error_handlers structure is never modified, like all the other
pci_error_handlers structures, so declare it as const.

Done with the help of Coccinelle.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: rsa - only require output buffers as big as needed.
Andrzej Zaborowski [Fri, 13 Nov 2015 11:01:33 +0000 (12:01 +0100)]
crypto: rsa - only require output buffers as big as needed.

rhe RSA operations explicitly left-align the integers being written
skipping any leading zero bytes, but still require the output buffers to
include just enough space for the integer + the leading zero bytes.
Since the size of integer + the leading zero bytes (i.e. the key modulus
size) can now be obtained more easily through crypto_akcipher_maxsize
change the operations to only require as big a buffer as actually needed
if the caller has that information.  The semantics for request->dst_len
don't change.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agolib/mpi: only require buffers as big as needed for the integer
Andrzej Zaborowski [Fri, 13 Nov 2015 11:01:32 +0000 (12:01 +0100)]
lib/mpi: only require buffers as big as needed for the integer

Since mpi_write_to_sgl and mpi_read_buffer explicitly left-align the
integers being written it makes no sense to require a buffer big enough for
the number + the leading zero bytes which are not written.  The error
returned also doesn't convey any information.  So instead require only the
size needed and return -EOVERFLOW to signal when buffer too short.

Signed-off-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: amcc - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:39 +0000 (21:13 +0100)]
crypto: amcc - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: caam - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:38 +0000 (21:13 +0100)]
crypto: caam - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.
We do the same for sg_count since it use sg_nents_for_len().

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: picoxcell - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:37 +0000 (21:13 +0100)]
crypto: picoxcell - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.
In the same time, we remove sg_count() as it is used as an alias of
sg_nents_for_len.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Acked-by: Jamie Iles <jamie@jamieiles.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qce - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:36 +0000 (21:13 +0100)]
crypto: qce - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: sahara - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:35 +0000 (21:13 +0100)]
crypto: sahara - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:34 +0000 (21:13 +0100)]
crypto: talitos - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: marvell - check return value of sg_nents_for_len
LABBE Corentin [Wed, 4 Nov 2015 20:13:33 +0000 (21:13 +0100)]
crypto: marvell - check return value of sg_nents_for_len

The sg_nents_for_len() function could fail, this patch add a check for
its return value.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: algif - Change some variable to size_t
LABBE Corentin [Fri, 23 Oct 2015 12:10:36 +0000 (14:10 +0200)]
crypto: algif - Change some variable to size_t

Some variable are set as int but store only positive values.
Furthermore there are used in operation/function that wait for unsigned
value.
This patch set them as size_t.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - remove superfluous check from adf_probe
Salvatore Benedetto [Thu, 22 Oct 2015 14:23:12 +0000 (15:23 +0100)]
crypto: qat - remove superfluous check from adf_probe

- ent->device is already checked at the beginning of the function
   against the same value. This check is a duplicate.

Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - fix get instance function
Tadeusz Struk [Thu, 22 Oct 2015 13:30:36 +0000 (06:30 -0700)]
crypto: qat - fix get instance function

Fix the logic in case we have found a device on a given node.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: hifn_795x - fix coding style
LABBE Corentin [Thu, 22 Oct 2015 06:51:52 +0000 (08:51 +0200)]
crypto: hifn_795x - fix coding style

The hifn_795x driver is old and have lots of style issue.
This patch try to solve easy ones.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: hifn_795x - use dev_xx/pr_xx instead of printk
LABBE Corentin [Thu, 22 Oct 2015 06:51:51 +0000 (08:51 +0200)]
crypto: hifn_795x - use dev_xx/pr_xx instead of printk

This patch replace all printk by their dev_xx/pr_xx counterpart.
The patch remove also all custom dprintk by pr_debug/dev_debug

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: hifn_795x - remove the hifn_test function
LABBE Corentin [Thu, 22 Oct 2015 06:51:50 +0000 (08:51 +0200)]
crypto: hifn_795x - remove the hifn_test function

The hifn_test function is redundant with test done at register time by
the crypto API, so remove it.

Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: qat - when stopping all devices make fure VF are stopped first
Tadeusz Struk [Tue, 20 Oct 2015 19:50:03 +0000 (12:50 -0700)]
crypto: qat - when stopping all devices make fure VF are stopped first

When stopping all devices make sure VFs are stopped before the
corresponding PF.
VFs will always be after PF so just need to loop back.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: talitos - Fix timing leak in ESP ICV verification
David Gstir [Sun, 15 Nov 2015 16:14:42 +0000 (17:14 +0100)]
crypto: talitos - Fix timing leak in ESP ICV verification

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agocrypto: nx - Fix timing leak in GCM and CCM decryption
David Gstir [Sun, 15 Nov 2015 16:14:41 +0000 (17:14 +0100)]
crypto: nx - Fix timing leak in GCM and CCM decryption

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
9 years agoLinux 4.4-rc1
Linus Torvalds [Mon, 16 Nov 2015 01:00:27 +0000 (17:00 -0800)]
Linux 4.4-rc1

9 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 15 Nov 2015 17:36:24 +0000 (09:36 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf updates from Thomas Gleixner:
 "Mostly updates to the perf tool plus two fixes to the kernel core code:

   - Handle tracepoint filters correctly for inherited events (Peter
     Zijlstra)

   - Prevent a deadlock in perf_lock_task_context (Paul McKenney)

   - Add missing newlines to some pr_err() calls (Arnaldo Carvalho de
     Melo)

   - Print full source file paths when using 'perf annotate --print-line
     --full-paths' (Michael Petlan)

   - Fix 'perf probe -d' when just one out of uprobes and kprobes is
     enabled (Wang Nan)

   - Add compiler.h to list.h to fix 'make perf-tar-src-pkg' generated
     tarballs, i.e. out of tree building (Arnaldo Carvalho de Melo)

   - Add the llvm-src-base.c and llvm-src-kbuild.c files, generated by
     the 'perf test' LLVM entries, when running it in-tree, to
     .gitignore (Yunlong Song)

   - libbpf error reporting improvements, using a strerror interface to
     more precisely tell the user about problems with the provided
     scriptlet, be it in C or as a ready made object file (Wang Nan)

   - Do not be case sensitive when searching for matching 'perf test'
     entries (Arnaldo Carvalho de Melo)

   - Inform the user about objdump failures in 'perf annotate' (Andi
     Kleen)

   - Improve the LLVM 'perf test' entry, introduce a new ones for BPF
     and kbuild tests to check the environment used by clang to compile
     .c scriptlets (Wang Nan)"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (32 commits)
  perf/x86/intel/rapl: Remove the unused RAPL_EVENT_DESC() macro
  tools include: Add compiler.h to list.h
  perf probe: Verify parameters in two functions
  perf session: Add missing newlines to some pr_err() calls
  perf annotate: Support full source file paths for srcline fix
  perf test: Add llvm-src-base.c and llvm-src-kbuild.c to .gitignore
  perf: Fix inherited events vs. tracepoint filters
  perf: Disable IRQs across RCU RS CS that acquires scheduler lock
  perf test: Do not be case sensitive when searching for matching tests
  perf test: Add 'perf test BPF'
  perf test: Enhance the LLVM tests: add kbuild test
  perf test: Enhance the LLVM test: update basic BPF test program
  perf bpf: Improve BPF related error messages
  perf tools: Make fetch_kernel_version() publicly available
  bpf tools: Add new API bpf_object__get_kversion()
  bpf tools: Improve libbpf error reporting
  perf probe: Cleanup find_perf_probe_point_from_map to reduce redundancy
  perf annotate: Inform the user about objdump failures in --stdio
  perf stat: Make stat options global
  perf sched latency: Fix thread pid reuse issue
  ...