Minghao Chi [Thu, 5 May 2022 02:20:24 +0000 (02:20 +0000)]
crypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey()
Simplify the return expression.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Sebastian Andrzej Siewior [Wed, 4 May 2022 15:07:36 +0000 (17:07 +0200)]
crypto: cryptd - Protect per-CPU resource by disabling BH.
The access to cryptd_queue::cpu_queue is synchronized by disabling
preemption in cryptd_enqueue_request() and disabling BH in
cryptd_queue_worker(). This implies that access is allowed from BH.
If cryptd_enqueue_request() is invoked from preemptible context _and_
soft interrupt then this can lead to list corruption since
cryptd_enqueue_request() is not protected against access from
soft interrupt.
Replace get_cpu() in cryptd_enqueue_request() with local_bh_disable()
to ensure BH is always disabled.
Remove preempt_disable() from cryptd_queue_worker() since it is not
needed because local_bh_disable() ensures synchronisation.
Fixes:
254eff771441 ("crypto: cryptd - Per-CPU thread implementation...")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:29 +0000 (20:19 +0000)]
crypto: sun8i-ce - do not fallback if cryptlen is less than sg length
The sg length could be more than remaining data on it.
So check the length requirement against the minimum between those two
values.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:28 +0000 (20:19 +0000)]
crypto: sun8i-ce - rework debugging
The "Fallback for xxx" message is annoying, remove it and store the
information in the debugfs.
Let's add more precise fallback stats and display it better.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:27 +0000 (20:19 +0000)]
crypto: sun8i-ce - use sg_nents_for_len
When testing with some large SG list, the sun8i-ce drivers always
fallback even if it can handle it.
So use sg_nents_for_len() which permits to see less SGs than needed.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:26 +0000 (20:19 +0000)]
crypto: sun8i-ce - Add function for handling hash padding
Move all padding work to a dedicated function.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:25 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not fallback if cryptlen is less than sg length
The sg length could be more than remaining data on it.
So check the length requirement against the minimum between those two
values.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:24 +0000 (20:19 +0000)]
crypto: sun8i-ss - add hmac(sha1)
Even if sun8i-ss does not handle hmac(sha1) directly, we can provide one
which use the already supported acceleration of sha1.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:23 +0000 (20:19 +0000)]
crypto: sun8i-ss - Add function for handling hash padding
Move all padding work to a dedicated function.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:22 +0000 (20:19 +0000)]
crypto: sun8i-ss - rework debugging
The "Fallback for xxx" message is annoying, remove it and store the
information in the debugfs.
In the same time, reports more fallback statistics.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:21 +0000 (20:19 +0000)]
crypto: sun8i-ss - handle requests if last block is not modulo 64
The current sun8i-ss handle only requests with all SG length being
modulo 64.
But the last SG could be always handled by copying it on the pad buffer.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:20 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not zeroize all pad
Instead of memset all pad buffer, it is faster to only put 0 where
needed.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:19 +0000 (20:19 +0000)]
crypto: sun8i-ss - do not allocate memory when handling hash requests
Instead of allocate memory on each requests, it is easier to
pre-allocate buffers.
This made error path easier.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:18 +0000 (20:19 +0000)]
crypto: sun8i-ss - use sg_nents_for_len
When testing with some large SG list, the sun8i-ss drivers always
fallback even if it can handle it.
So use sg_nents_for_len() which permits to see less SGs than needed.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:17 +0000 (20:19 +0000)]
crypto: sun8i-ss - test error before assigning
The first thing we should do after dma_map_single() is to test the
result.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:16 +0000 (20:19 +0000)]
crypto: sun8i-ss - remove redundant test
Some fallback tests were redundant with what sun8i_ss_hash_need_fallback() already do.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:15 +0000 (20:19 +0000)]
crypto: sun8i-ss - handle zero sized sg
sun8i-ss does not handle well the possible zero sized sg.
Fixes:
d9b45418a917 ("crypto: sun8i-ss - support hash algorithms")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:14 +0000 (20:19 +0000)]
crypto: sun8i-ss - rework handling of IV
sun8i-ss fail handling IVs when doing decryption of multiple SGs in-place.
It should backup the last block of each SG source for using it later as
IVs.
In the same time remove allocation on requests path for storing all
IVs.
Fixes:
f08fcced6d00 ("crypto: allwinner - Add sun8i-ss cryptographic offloader")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:13 +0000 (20:19 +0000)]
crypto: sun4i-ss - do not allocate backup IV on requests
Instead of allocate memory on each requests, it is easier to
pre-allocate buffer for backup IV.
This made error path easier.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:12 +0000 (20:19 +0000)]
crypto: sun8i-ce - do not allocate memory when handling requests
Instead of allocate memory on each requests, it is easier to
pre-allocate buffer for IV.
This made error path easier.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Mon, 2 May 2022 20:19:11 +0000 (20:19 +0000)]
crypto: sun8i-ce - Fix minor style issue
This patch remove a double blank line.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Masahiro Yamada [Sat, 7 May 2022 05:22:43 +0000 (14:22 +0900)]
crypto: vmx - Fix build error
When I refactored this Makefile, I accidentally changed the CONFIG
option.
Fixes:
b52455a73db9 ("crypto: vmx - Align the short log with Makefile cleanups")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Masahiro Yamada [Sun, 1 May 2022 13:07:49 +0000 (22:07 +0900)]
crypto: vmx - Align the short log with Makefile cleanups
I notieced the log is not properly aligned:
PERL drivers/crypto/vmx/aesp8-ppc.S
CC [M] fs/xfs/xfs_reflink.o
PERL drivers/crypto/vmx/ghashp8-ppc.S
CC [M] drivers/crypto/vmx/aes.o
Add some spaces after 'PERL'.
While I was here, I cleaned up the Makefile:
- Merge the two similar rules
- Remove redundant 'clean-files' (Having 'targets' is enough)
- Move the flavour into the build command
This still avoids the build failures fixed by commit
4ee812f6143d
("crypto: vmx - Avoid weird build failures").
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tetsuo Handa [Sat, 30 Apr 2022 07:01:46 +0000 (16:01 +0900)]
crypto: atmel - Avoid flush_scheduled_work() usage
Flushing system-wide workqueues is dangerous and will be forbidden.
Replace system_wq with local atmel_wq.
If CONFIG_CRYPTO_DEV_ATMEL_{I2C,ECC,SHA204A}=y, the ordering in Makefile
guarantees that module_init() for atmel-i2c runs before module_init()
for atmel-ecc and atmel-sha204a runs.
Link: https://lkml.kernel.org/r/49925af7-78a8-a3dd-bce6-cfc02e1a9236@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Uwe Kleine-König [Fri, 29 Apr 2022 14:03:49 +0000 (16:03 +0200)]
crypto: atmel-i2c - Simplify return code in probe function
There is no semantical change introduced by this change.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Meenakshi Aggarwal [Fri, 29 Apr 2022 11:48:08 +0000 (13:48 +0200)]
crypto: caam/rng - Add support for PRNG
Add support for random number generation using PRNG
mode of CAAM and expose the interface through crypto API.
According to the RM, the HW implementation of the DRBG follows
NIST SP 800-90A specification for DRBG_Hash SHA-256 function
Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com>
Reviewed-by: Horia Geant <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 29 Apr 2022 05:37:20 +0000 (13:37 +0800)]
hwrng: cn10k - Enable compile testing
This patch enables COMPILE_TEST for cn10k.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Uwe Kleine-König [Thu, 28 Apr 2022 17:11:46 +0000 (19:11 +0200)]
crypto: atmel-sha204a - Suppress duplicate error message
Returning an error value in an i2c remove callback results in an error
message being emitted by the i2c core, but otherwise it doesn't make a
difference. The device goes away anyhow and the devm cleanups are
called.
As atmel_sha204a_remove already emits an error message ant the additional
error message by the i2c core doesn't add any useful information, change
the return value to zero to suppress this error message.
Note that after atmel_sha204a_remove() returns *i2c_priv is freed, so there
is trouble ahead because atmel_sha204a_rng_done() might be called after
that freeing. So make the error message a bit more frightening.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Uwe Kleine-König [Thu, 28 Apr 2022 17:11:45 +0000 (19:11 +0200)]
crypto: atmel-sha204a - Remove useless check
kfree(NULL) is a noop, so there is no win in checking a pointer before
kfreeing it.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Juerg Haefliger [Wed, 27 Apr 2022 07:43:51 +0000 (09:43 +0200)]
crypto: inside-secure - Add MODULE_FIRMWARE macros
The safexcel module loads firmware so add MODULE_FIRMWARE macros to
provide that information via modinfo.
Signed-off-by: Juerg Haefliger <juergh@protonmail.com>
Acked-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Tue, 26 Apr 2022 11:53:58 +0000 (19:53 +0800)]
crypto: hisilicon/sec - add sm4 generic selection
Add sm4 generic selection for fallback tfm in the Kconfig.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Pali Rohár [Thu, 21 Apr 2022 13:44:57 +0000 (15:44 +0200)]
crypto: atmel-sha204a - Add support for ATSHA204 cryptochip
ATSHA204 is predecessor of ATSHA204A which supports less features and some
of them are slightly different.
Introduce a new compatible string for ATSHA204 cryptochip "atmel,atsha204".
Current version of Linux kernel driver atmel-sha204a.c implements only hw
random number generator which is same in both ATSHA204 and ATSHA204A
cryptochips. So driver already supports also ATSHA204 hw generator, so just
simply extends list of compatible strings.
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Colin Ian King [Sun, 24 Apr 2022 18:11:56 +0000 (19:11 +0100)]
hwrng: optee - remove redundant initialization to variable rng_size
Variable rng_size is being initialized with a value that is never read,
the variable is being re-assigned later on. The initialization is
redundant and can be removed.
Cleans up cppcheck warning:
Variable 'rng_size' is assigned a value that is never used.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Haowen Bai [Sun, 24 Apr 2022 08:50:31 +0000 (16:50 +0800)]
crypto: qat - Fix unsigned function returning negative constant
The function qat_uclo_check_image_compat has an unsigned return type, but
returns a negative constant to indicate an error condition. So we change
unsigned to int.
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Vitaly Chikunov [Thu, 21 Apr 2022 17:25:10 +0000 (20:25 +0300)]
crypto: ecrdsa - Fix incorrect use of vli_cmp
Correctly compare values that shall be greater-or-equal and not just
greater.
Fixes:
0d7a78643f69 ("crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm")
Cc: <stable@vger.kernel.org>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fabio Estevam [Wed, 20 Apr 2022 12:06:01 +0000 (09:06 -0300)]
crypto: caam - fix i.MX6SX entropy delay value
Since commit
358ba762d9f1 ("crypto: caam - enable prediction resistance
in HRWNG") the following CAAM errors can be seen on i.MX6SX:
caam_jr 2101000.jr:
20003c5b: CCB: desc idx 60: RNG: Hardware error
hwrng: no data available
This error is due to an incorrect entropy delay for i.MX6SX.
Fix it by increasing the minimum entropy delay for i.MX6SX
as done in U-Boot:
https://patchwork.ozlabs.org/project/uboot/patch/
20220415111049.2565744-1-gaurav.jain@nxp.com/
As explained in the U-Boot patch:
"RNG self tests are run to determine the correct entropy delay.
Such tests are executed with different voltages and temperatures to identify
the worst case value for the entropy delay. For i.MX6SX, it was determined
that after adding a margin value of 1000 the minimum entropy delay should be
at least 12000."
Cc: <stable@vger.kernel.org>
Fixes:
358ba762d9f1 ("crypto: caam - enable prediction resistance in HRWNG")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-by: Vabhav Sharma <vabhav.sharma@nxp.com>
Reviewed-by: Gaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Minghao Chi [Wed, 20 Apr 2022 03:02:18 +0000 (03:02 +0000)]
crypto: sun8i-ce - using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync and
pm_runtime_put_noidle. This change is just to simplify the code, no
actual functional changes.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Acked-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Minghao Chi [Mon, 18 Apr 2022 11:05:37 +0000 (11:05 +0000)]
crypto: sun8i-ss - using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Using pm_runtime_resume_and_get is more appropriate
for simplifing code
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Minghao Chi <chi.minghao@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Lv Ruyi [Mon, 18 Apr 2022 01:57:00 +0000 (01:57 +0000)]
crypto: keembay - Make use of devm helper function devm_platform_ioremap_resource()
Use the devm_platform_ioremap_resource() helper instead of calling
platform_get_resource() and devm_ioremap_resource() separately.Make the
code simpler without functional changes.
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jacky Li [Thu, 14 Apr 2022 16:23:25 +0000 (16:23 +0000)]
crypto: ccp - Fix the INIT_EX data file open failure
There are 2 common cases when INIT_EX data file might not be
opened successfully and fail the sev initialization:
1. In user namespaces, normal user tasks (e.g. VMM) can change their
current->fs->root to point to arbitrary directories. While
init_ex_path is provided as a module param related to root file
system. Solution: use the root directory of init_task to avoid
accessing the wrong file.
2. Normal user tasks (e.g. VMM) don't have the privilege to access
the INIT_EX data file. Solution: open the file as root and
restore permissions immediately.
Fixes:
3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support")
Signed-off-by: Jacky Li <jackyli@google.com>
Reviewed-by: Peter Gonda <pgonda@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Tue, 26 Apr 2022 09:42:36 +0000 (17:42 +0800)]
Revert "hwrng: mpfs - Enable COMPILE_TEST"
This reverts commit
6a71277ce91e4766ebe9a5f6725089c80d043ba2.
The underlying option POLARFIRE_SOC_SYS_CTRL already supports
COMPILE_TEST so there is no need for this. What's more, if
we force this option on without the underlying option it fails
to build.
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Sat, 16 Apr 2022 10:45:59 +0000 (18:45 +0800)]
crypto: hisilicon/qm - remove hisi_qm_get_free_qp_num()
hisi_qm_get_free_qp_num() is to get the free queue number on the function.
It is a simple function and is only called by
hisi_qm_get_available_instances().
This patch modifies to get the free queue directly in
hisi_qm_get_available_instances(), and remove hisi_qm_get_free_qp_num().
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Sat, 16 Apr 2022 10:45:58 +0000 (18:45 +0800)]
crypto: hisilicon/qm - replace hisi_qm_release_qp() with hisi_qm_free_qps()
hisi_qm_free_qps() can release multiple queues in one call, and it is
already exported. So, replace hisi_qm_release_qp() with hisi_qm_free_qps()
in zip_crypto.c, and do not export hisi_qm_release_qp() outside qm.c.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Sat, 16 Apr 2022 10:45:57 +0000 (18:45 +0800)]
crypto: hisilicon/qm - set function with static
These functions 'hisi_qm_create_qp' and 'hisi_qm_set_vft' are not
used outside qm.c, so they are marked as static.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Weili Qian [Sat, 16 Apr 2022 10:45:56 +0000 (18:45 +0800)]
crypto: hisilicon/qm - remove unused function declaration
The 'hisi_qm_get_hw_version' function is unused, so remove the function
declaration.
Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Herbert Xu [Fri, 15 Apr 2022 08:37:47 +0000 (16:37 +0800)]
hwrng: mpfs - Enable COMPILE_TEST
The dependency on HW_RANDOM is redundant so this patch removes it.
As this driver seems to cross-compile just fine we could also enable
COMPILE_TEST.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Corentin Labbe [Wed, 13 Apr 2022 19:11:54 +0000 (19:11 +0000)]
crypto: marvell/cesa - ECB does not IV
The DES3 ECB has an IV size set but ECB does not need one.
Fixes:
4ada483978237 ("crypto: marvell/cesa - add Triple-DES support")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Peter Gonda [Wed, 13 Apr 2022 15:58:35 +0000 (08:58 -0700)]
crypto: ccp - Log when resetting PSP SEV state
Currently when the PSP returns a SECURE_DATA_INVALID error on INIT or
INIT_EX the driver retries the command once which should reset the PSP's
state SEV related state, meaning the PSP will regenerate its keying
material. This is logged with a dbg log but given this will change
system state this should be logged at a higher priority and with more
information.
Signed-off-by: Peter Gonda <pgonda@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: John Allen <john.allen@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Vladis Dronov [Wed, 13 Apr 2022 14:16:06 +0000 (16:16 +0200)]
hwrng: cn10k - Make check_rng_health() return an error code
Currently check_rng_health() returns zero unconditionally.
Make it to output an error code and return it.
Fixes:
38e9791a0209 ("hwrng: cn10k - Add random number generator support")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Vladis Dronov [Wed, 13 Apr 2022 14:16:05 +0000 (16:16 +0200)]
hwrng: cn10k - Optimize cn10k_rng_read()
This function assumes that sizeof(void) is 1 and arithmetic works for
void pointers. This is a GNU C extention and may not work with other
compilers. Change this by using an u8 pointer.
Also move cn10k_read_trng() out of a loop thus saving some cycles.
Fixes:
38e9791a0209 ("hwrng: cn10k - Add random number generator support")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jayesh Choudhary [Tue, 12 Apr 2022 07:30:16 +0000 (13:00 +0530)]
crypto: sa2ul - Add the new compatible for AM62
Add the new compatible for am62x in of_match_table.
Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jayesh Choudhary [Tue, 12 Apr 2022 07:30:15 +0000 (13:00 +0530)]
dt-bindings: crypto: ti,sa2ul: Add a new compatible for AM62
Add the AM62 version of sa3ul to the compatible list.
Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Mon, 11 Apr 2022 03:13:13 +0000 (11:13 +0800)]
crypto: arm64/sm4 - Fix wrong dependency of NEON/CE implementation
Commit
d2825fa9365d ("crypto: sm3,sm4 - move into crypto directory")
moved the sm4 library implementation from the lib/crypto directory to
the crypto directory and configured the name as CRYPTO_SM4. The arm64
SM4 NEON/CE implementation depends on this and needs to be modified
uniformly.
Fixes:
4f1aef9b806f ("crypto: arm64/sm4 - add ARMv8 NEON implementation")
Fixes:
5b33e0ec881c ("crypto: arm64/sm4 - add ARMv8 Crypto Extensions implementation")
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Shen [Sat, 9 Apr 2022 09:33:09 +0000 (17:33 +0800)]
crypto: hisilicon/sgl - align the hardware sgl dma address
The hardware needs aligned sgl dma address. So expend the sgl_size to
align 64 bytes.
Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:28 +0000 (16:03 +0800)]
crypto: hisilicon/zip - support last word dumping
1. Add some debugging registers.
2. Add last word dumping function during zip engine controller reset.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:27 +0000 (16:03 +0800)]
crypto: hisilicon/hpre - support last word dumping
1. Add some debugging registers.
2. Add last word dumping function during hpre engine controller reset.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:26 +0000 (16:03 +0800)]
crypto: hisilicon/sec - support last word dumping
Add last word dumping function during sec engine controller reset.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:25 +0000 (16:03 +0800)]
crypto: hisilicon/qm - add last word dumping for ACC
Add last word dumping function during acc engines controller reset.
The last words are reported to the printed information during the
reset. The dmesg information included qm debugging registers and
engine debugging registers. It can help to improve debugging
capability.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:24 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon ZIP
Update documentation describing DebugFS that could help
to check the change of register values.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:23 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon SEC
Update documentation describing DebugFS that could help
to check the change of register values.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:22 +0000 (16:03 +0800)]
Documentation: update debugfs doc for Hisilicon HPRE
Update documentation describing DebugFS that could help
to check the change of register values.
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:21 +0000 (16:03 +0800)]
crypto: hisilicon/zip - support register checking
The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:20 +0000 (16:03 +0800)]
crypto: hisilicon/sec - support register checking
The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:19 +0000 (16:03 +0800)]
crypto: hisilicon/hpre - support register checking
The value of the register is changed after the task running. A debugfs
file node is added to help users to check the change of register values.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kai Ye [Sat, 9 Apr 2022 08:03:18 +0000 (16:03 +0800)]
crypto: hisilicon/qm - add register checking for ACC
Add register detection function to accelerator. Provided a tool that
user can checking differential register through Debugfs.
e.g.
cd /sys/kernel/debug/hisi_zip/<bdf>/zip_dfx
cat diff_regs
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Kai Ye <yekai13@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yihao Han [Fri, 8 Apr 2022 14:23:49 +0000 (07:23 -0700)]
crypto: ux500/hash - simplify if-if to if-else
Replace `if (!req_ctx->updated)` with `else` for simplification
and add curly brackets according to the kernel coding style:
"Do not unnecessarily use braces where a single statement will do."
...
"This does not apply if only one branch of a conditional statement is
a single statement; in the latter case use braces in both branches"
Please refer to:
https://www.kernel.org/doc/html/v5.17-rc8/process/coding-style.html
Signed-off-by: Yihao Han <hanyihao@vivo.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Conor Dooley [Fri, 8 Apr 2022 10:09:12 +0000 (10:09 +0000)]
hwrng: mpfs - add polarfire soc hwrng support
Add a driver to access the hardware random number generator on the
Polarfire SoC. The hwrng can only be accessed via the system controller,
so use the mailbox interface the system controller exposes to access the
hwrng.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:55 +0000 (17:54 +0100)]
crypto: qat - remove line wrapping for pfvf_ops functions
Remove unnecessary line wrapping for the
adf_enable_vf2pf_interrupts() function, and harmonize pfvf_ops text.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:54 +0000 (17:54 +0100)]
crypto: qat - use u32 variables in all GEN4 pfvf_ops
Change adf_gen4_enable_vf2pf_interrupts() to use a u32 variable,
consistently with both other GEN4 pfvf_ops and pfvf_ops of other
generations.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:53 +0000 (17:54 +0100)]
crypto: qat - replace disable_vf2pf_interrupts()
As a consequence of the refactored VF2PF interrupt handling logic, a
function that disables specific VF2PF interrupts is no longer needed.
Instead, a simpler function that disables all the interrupts, also
hiding the device specific amount of VFs to be disabled from the
pfvf_ops users, would be sufficient.
This patch replaces disable_vf2pf_interrupts() with the new
disable_all_vf2pf_interrupts(), which doesn't need any argument and
disables all the VF2PF interrupts.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:52 +0000 (17:54 +0100)]
crypto: qat - leverage the GEN2 VF mask definiton
Replace hard coded VF masks in adf_gen2_pfvf.c with the recently
introduced ADF_GEN2_VF_MSK.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:51 +0000 (17:54 +0100)]
crypto: qat - rework the VF2PF interrupt handling logic
Change the VF2PF interrupt handler in the PF ISR and the definition of
the internal PFVF API to correct the current implementation, which can
result in missed interrupts.
More specifically, current HW generations consider a write to the mask
register, regardless of the value, as an acknowledge of any pending
VF2PF interrupt. Therefore, if there is an interrupt between the source
register read and the mask register write, such interrupt will not be
delivered and silently acknowledged, resulting in a lost VF2PF message.
To work around the problem, rather than disabling specific interrupts,
disable all the interrupts and re-enable only the ones that we are not
serving (excluding the already disabled ones too). This will force any
other pending interrupt to be triggered and be serviced by a subsequent
ISR.
This new approach requires, however, changes to the interrupt related
pfvf_ops functions. In particular, get_vf2pf_sources() has now been
removed in favor of disable_pending_vf2pf_interrupts(), which not only
retrieves and returns the pending (and enabled) sources, but also
disables them.
As a consequence, introduce the adf_disable_pending_vf2pf_interrupts()
utility in place of adf_disable_vf2pf_interrupts_irq(), which is no
longer needed.
Cc: stable@vger.kernel.org
Fixes: 993161d ("crypto: qat - fix handling of VF to PF interrupts")
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Co-developed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:50 +0000 (17:54 +0100)]
crypto: qat - fix off-by-one error in PFVF debug print
PFVF Block Message requests for CRC use 0-based values to indicate
amounts, which have to be remapped to 1-based values on the receiving
side.
This patch fixes one debug print which was however using the wire value.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:49 +0000 (17:54 +0100)]
crypto: qat - fix wording and formatting in code comment
Remove an unintentional extra space and improve the readability of a
PFVF related code comment.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:48 +0000 (17:54 +0100)]
crypto: qat - test PFVF registers for spurious interrupts on GEN4
Spurious PFVF interrupts can happen when either the ISR is invoked
without a valid source being set or, otherwise, when no interrupt bit
is set in the PFVF register containing the message.
The latter test was present for GEN2 devices but missing for GEN4, this
patch fills the gap.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wojciech Ziemba [Thu, 7 Apr 2022 16:54:47 +0000 (17:54 +0100)]
crypto: qat - add check for invalid PFVF protocol version 0
PFVF protocol version 0 is not a valid version, but PF drivers
currently would report any such version from VFs as compatible.
This patch adds an extra check for the invalid PFVF protocol
version 0.
Signed-off-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:46 +0000 (17:54 +0100)]
crypto: qat - add missing restarting event notification in VFs
VF drivers are notified via PFVF of the VFs being disabled, but
such notification was not propagated within the VF driver.
Dispatch the ADF_EVENT_RESTARTING event by adding a missing call
to adf_dev_restarting_notify().
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:45 +0000 (17:54 +0100)]
crypto: qat - remove unnecessary tests to detect PFVF support
Previously, the GEN4 host driver supported SR-IOV but had no working
implementation of the PFVF protocol to communicate with VF drivers.
Since all the host drivers for QAT devices now support both SR-IOV and
PFVF, remove the old and unnecessary checks to test PFVF support.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:44 +0000 (17:54 +0100)]
crypto: qat - remove unused PFVF stubs
The functions adf_enable_pf2vf_interrupts(), adf_flush_vf_wq() and
adf_disable_pf2vf_interrupts() are not referenced when the driver is
compiled with CONFIG_PCI_IOV=n. This patch removes these unused stubs.
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:43 +0000 (17:54 +0100)]
crypto: qat - remove unneeded braces
Remove unnecessary braces around a single statement in a for loop.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Marco Chiappero [Thu, 7 Apr 2022 16:54:42 +0000 (17:54 +0100)]
crypto: qat - fix ETR sources enabled by default on GEN2 devices
When the driver starts the device, it enables all the necessary
interrupts. However interrupts associated to host rings are enabled by
default on all GEN2 devices (except for dh895x) even when SR-IOV is
active. Fix this behaviour by checking if data structures associated to
VFs have been allocated to determine whether to enable such interrupts
or not.
Since the logic for the fix is the same across GEN2 devices, replace
the function to be fixed (adf_enable_ints()) with a single one
(adf_gen2_enable_ints()) in the common GEN2 code in adf_gen2_hw_data.c.
Likewise, remove the unnecessary duplication of defines too.
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:41 +0000 (17:54 +0100)]
crypto: qat - set COMPRESSION capability for DH895XCC
The capability detection logic clears bits for the features that are
disabled in a certain SKU. For example, if the bit associate to
compression is not present in the LEGFUSE register, the correspondent
bit is cleared in the capability mask.
This change adds the compression capability to the mask as this was
missing in the commit that enhanced the capability detection logic.
Fixes:
cfe4894eccdc ("crypto: qat - set COMPRESSION capability for QAT GEN2")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Thu, 7 Apr 2022 16:54:40 +0000 (17:54 +0100)]
crypto: qat - set CIPHER capability for DH895XCC
Set the CIPHER capability for QAT DH895XCC devices if the hardware supports
it. This is done if both the CIPHER and the AUTHENTICATION engines are
available on the device.
Fixes:
ad1332aa67ec ("crypto: qat - add support for capability detection")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gilad Ben-Yossef [Wed, 6 Apr 2022 08:11:39 +0000 (11:11 +0300)]
crypto: ccree - use fine grained DMA mapping dir
Use a fine grained specification of DMA mapping directions
in certain cases, allowing both a more optimized operation
as well as shushing out a harmless, though persky
dma-debug warning.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Gilad Ben-Yossef [Wed, 6 Apr 2022 08:11:38 +0000 (11:11 +0300)]
crypto: ccree - rearrange init calls to avoid race
Rearrange init calls to avoid the rare race condition of
the cipher algs being registered and used while we still
init the hash code which uses the HW without proper lock.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Dung Nguyen <dung.nguyen.zy@renesas.com>
Tested-by: Jing Dan <jing.dan.nx@renesas.com>
Tested-by: Dung Nguyen <dung.nguyen.zy@renesas.com>
Fixes:
63893811b0fc("crypto: ccree - add ahash support")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Robin Murphy [Tue, 5 Apr 2022 12:25:11 +0000 (13:25 +0100)]
crypto: qat - stop using iommu_present()
Even if an IOMMU might be present for some PCI segment in the system,
that doesn't necessarily mean it provides translation for the device
we care about. Replace iommu_present() with a more appropriate check.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jakob Koschel [Thu, 31 Mar 2022 21:59:10 +0000 (23:59 +0200)]
crypto: cavium/nitrox - remove check of list iterator against head past the loop body
When list_for_each_entry() completes the iteration over the whole list
without breaking the loop, the iterator value will be a bogus pointer
computed based on the head element.
While it is safe to use the pointer to determine if it was computed
based on the head element, either with list_entry_is_head() or
&pos->member == head, using the iterator variable after the loop should
be avoided.
In preparation to limit the scope of a list iterator to the list
traversal loop, use a dedicated pointer to point to the found element [1].
Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/
Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mario Limonciello [Thu, 31 Mar 2022 21:12:13 +0000 (16:12 -0500)]
crypto: ccp - When TSME and SME both detected notify user
CC_ATTR_HOST_MEM_ENCRYPT is used to relay that memory encryption has been
activated by the kernel.
As it's technically possible to enable both SME and TSME at the same time,
detect this scenario and notify the user that enabling TSME and SME at the
same time is unnecessary.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mario Limonciello [Thu, 31 Mar 2022 21:12:12 +0000 (16:12 -0500)]
crypto: ccp - Allow PSP driver to load without SEV/TEE support
Previously the PSP probe routine would fail if both SEV and TEE were
missing. This is possibly the case for some client parts.
As capabilities can now be accessed from userspace, it may still be
useful to have the PSP driver finish loading so that those capabilities
can be read.
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mario Limonciello [Thu, 31 Mar 2022 21:12:11 +0000 (16:12 -0500)]
crypto: ccp - Export PSP security bits to userspace
The PSP sets several pre-defined bits in the capabilities
register to indicate that security attributes of the platform.
Export these attributes into userspace for administrators to
confirm platform is properly locked down.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mario Limonciello [Thu, 31 Mar 2022 21:12:10 +0000 (16:12 -0500)]
crypto: ccp - cache capability into psp device
The results of the capability register will be used by future
code at runtime rather than just initialization.
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Sat, 26 Mar 2022 07:11:59 +0000 (00:11 -0700)]
crypto: testmgr - test in-place en/decryption with two sglists
As was established in the thread
https://lore.kernel.org/linux-crypto/
20220223080400.139367-1-gilad@benyossef.com/T/#u,
many crypto API users doing in-place en/decryption don't use the same
scatterlist pointers for the source and destination, but rather use
separate scatterlists that point to the same memory. This case isn't
tested by the self-tests, resulting in bugs.
This is the natural usage of the crypto API in some cases, so requiring
API users to avoid this usage is not reasonable.
Therefore, update the self-tests to start testing this case.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Randy Dunlap [Wed, 16 Mar 2022 19:20:09 +0000 (12:20 -0700)]
crypto: x86 - eliminate anonymous module_init & module_exit
Eliminate anonymous module_init() and module_exit(), which can lead to
confusion or ambiguity when reading System.map, crashes/oops/bugs,
or an initcall_debug log.
Give each of these init and exit functions unique driver-specific
names to eliminate the anonymous names.
Example 1: (System.map)
ffffffff832fc78c t init
ffffffff832fc79e t init
ffffffff832fc8f8 t init
Example 2: (initcall_debug log)
calling init+0x0/0x12 @ 1
initcall init+0x0/0x12 returned 0 after 15 usecs
calling init+0x0/0x60 @ 1
initcall init+0x0/0x60 returned 0 after 2 usecs
calling init+0x0/0x9a @ 1
initcall init+0x0/0x9a returned 0 after 74 usecs
Fixes:
64b94ceae8c1 ("crypto: blowfish - add x86_64 assembly implementation")
Fixes:
676a38046f4f ("crypto: camellia-x86_64 - module init/exit functions should be static")
Fixes:
0b95ec56ae19 ("crypto: camellia - add assembler implementation for x86_64")
Fixes:
56d76c96a9f3 ("crypto: serpent - add AVX2/x86_64 assembler implementation of serpent cipher")
Fixes:
b9f535ffe38f ("[CRYPTO] twofish: i586 assembly version")
Fixes:
ff0a70fe0536 ("crypto: twofish-x86_64-3way - module init/exit functions should be static")
Fixes:
8280daad436e ("crypto: twofish - add 3-way parallel x86_64 assembler implemention")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
Cc: Joachim Fritschi <jfritschi@freenet.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: x86@kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Hui Tang [Wed, 16 Mar 2022 11:26:03 +0000 (19:26 +0800)]
crypto: hisilicon/qm - optimize the barrier operation
A 'dma_wmb' barrier is enough to guarantee previous writes
before accessing by acc device in the outer shareable domain.
A 'smp_wmb' barrier is enough to guarantee previous writes
before accessing by other cpus in the inner shareble domain.
Signed-off-by: Hui Tang <tanghui20@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Yang Li [Wed, 16 Mar 2022 01:03:01 +0000 (09:03 +0800)]
crypto: engine - Add parameter description in crypto_transfer_request() kernel-doc comment
Add the description of @need_pump in crypto_transfer_request() kernel-doc
comment to remove warning found by running scripts/kernel-doc, which is
caused by using 'make W=1'.
crypto/crypto_engine.c:260: warning: Function parameter or member
'need_pump' not described in 'crypto_transfer_request'
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Tue, 15 Mar 2022 09:44:54 +0000 (17:44 +0800)]
crypto: arm64/sm4 - add ARMv8 Crypto Extensions implementation
This adds ARMv8 implementations of SM4 in ECB, CBC, CFB and CTR
modes using Crypto Extensions, also includes key expansion operations
because the Crypto Extensions instruction is much faster than software
implementations.
The Crypto Extensions for SM4 can only run on ARMv8 implementations
that have support for these optional extensions.
Benchmark on T-Head Yitian-710 2.75 GHz, the data comes from the 218
mode of tcrypt. The abscissas are blocks of different lengths. The
data is tabulated and the unit is Mb/s:
sm4-generic | 16 64 128 256 1024 1420 4096
ECB enc | 80.05 91.42 93.66 94.77 95.69 95.77 95.86
ECB dec | 79.98 91.41 93.64 94.76 95.66 95.77 95.85
CBC enc | 78.55 86.50 88.02 88.77 89.36 89.42 89.48
CBC dec | 76.82 89.06 91.52 92.77 93.75 93.83 93.96
CFB enc | 77.64 86.13 87.62 88.42 89.08 88.83 89.18
CFB dec | 77.57 88.34 90.36 91.45 92.34 92.00 92.44
CTR enc | 77.80 88.28 90.23 91.22 92.11 91.81 92.25
CTR dec | 77.83 88.22 90.22 91.22 92.04 91.82 92.28
sm4-neon
ECB enc | 28.31 112.77 203.03 209.89 215.49 202.11 210.59
ECB dec | 28.36 113.45 203.23 210.00 215.52 202.13 210.65
CBC enc | 79.32 87.02 88.51 89.28 89.85 89.89 89.97
CBC dec | 28.29 112.20 203.30 209.82 214.99 201.51 209.95
CFB enc | 79.59 87.16 88.54 89.30 89.83 89.62 89.92
CFB dec | 28.12 111.05 202.47 209.02 214.21 210.90 209.12
CTR enc | 28.04 108.81 200.62 206.65 211.78 208.78 206.74
CTR dec | 28.02 108.82 200.45 206.62 211.78 208.74 206.70
sm4-ce-cipher
ECB enc | 336.79 587.13 682.70 747.37 803.75 811.52 818.06
ECB dec | 339.18 584.52 679.72 743.68 798.82 803.83 811.54
CBC enc | 316.63 521.47 597.00 647.14 690.82 695.21 700.55
CBC dec | 291.80 503.79 585.66 640.82 689.86 695.16 701.72
CFB enc | 294.79 482.31 552.13 594.71 631.60 628.91 638.92
CFB dec | 293.09 466.44 526.56 563.17 594.41 592.26 601.97
CTR enc | 309.61 506.13 576.86 620.47 656.38 654.51 665.10
CTR dec | 306.69 505.57 576.84 620.18 657.09 654.52 665.32
sm4-ce
ECB enc | 366.96 1329.81 2024.29 2755.50 3790.07 3861.91 4051.40
ECB dec | 367.30 1323.93 2018.72 2747.43 3787.39 3862.55 4052.62
CBC enc | 358.09 682.68 807.24 885.35 958.29 963.60 973.73
CBC dec | 366.51 1303.63 1978.64 2667.93 3624.53 3683.41 3856.08
CFB enc | 351.51 681.26 807.81 893.10 968.54 969.17 985.83
CFB dec | 354.98 1266.61 1929.63 2634.81 3614.23 3611.59 3841.68
CTR enc | 324.23 1121.25 1689.44 2256.70 2981.90 3007.79 3060.74
CTR dec | 324.18 1120.44 1694.31 2258.32 2982.01 3010.09 3060.99
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Tue, 15 Mar 2022 09:44:53 +0000 (17:44 +0800)]
crypto: arm64/sm4 - add ARMv8 NEON implementation
This adds ARMv8 NEON implementations of SM4 in ECB, CBC, CFB and CTR
modes. This implementation uses the plain NEON instruction set, All
S-BOX substitutions uses the tbl/tbx instructions of ARMv8, combined
with the out-of-order execution in CPU, this optimization supports
encryption of up to 8 blocks at the same time.
The performance of encrypting one block is not as good as software
implementation, so the encryption operations of CBC and CFB still
use pure software algorithms.
Benchmark on T-Head Yitian-710 2.75 GHz, the data comes from the 218
mode of tcrypt. The abscissas are blocks of different lengths. The
data is tabulated and the unit is Mb/s:
sm4-generic | 16 64 128 256 1024 1420 4096
ECB enc | 80.05 91.42 93.66 94.77 95.69 95.77 95.86
ECB dec | 79.98 91.41 93.64 94.76 95.66 95.77 95.85
CBC enc | 78.55 86.50 88.02 88.77 89.36 89.42 89.48
CBC dec | 76.82 89.06 91.52 92.77 93.75 93.83 93.96
CFB enc | 77.64 86.13 87.62 88.42 89.08 88.83 89.18
CFB dec | 77.57 88.34 90.36 91.45 92.34 92.00 92.44
CTR enc | 77.80 88.28 90.23 91.22 92.11 91.81 92.25
CTR dec | 77.83 88.22 90.22 91.22 92.04 91.82 92.28
sm4-neon
ECB enc | 28.31 112.77 203.03 209.89 215.49 202.11 210.59
ECB dec | 28.36 113.45 203.23 210.00 215.52 202.13 210.65
CBC enc | 79.32 87.02 88.51 89.28 89.85 89.89 89.97
CBC dec | 28.29 112.20 203.30 209.82 214.99 201.51 209.95
CFB enc | 79.59 87.16 88.54 89.30 89.83 89.62 89.92
CFB dec | 28.12 111.05 202.47 209.02 214.21 210.90 209.12
CTR enc | 28.04 108.81 200.62 206.65 211.78 208.78 206.74
CTR dec | 28.02 108.82 200.45 206.62 211.78 208.74 206.70
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Tue, 15 Mar 2022 09:44:52 +0000 (17:44 +0800)]
crypto: arm64/sm4-ce - rename to sm4-ce-cipher
The subsequent patches of the series will have an implementation
of SM4-ECB/CBC/CFB/CTR accelerated by the CE instruction set, which
conflicts with the current module name. In order to keep the naming
rules of the AES algorithm consistent, the sm4-ce algorithm is
renamed to sm4-ce-cipher.
In addition, the speed of sm4-ce-cipher is better than that of SM4
NEON. By the way, the priority of the algorithm is adjusted to 300,
which is also to leave room for the priority of SM4 NEON.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tianjia Zhang [Tue, 15 Mar 2022 09:44:51 +0000 (17:44 +0800)]
crypto: sm4 - export sm4 constant arrays
Export the constant arrays fk, ck, sbox of the SM4 algorithm, and
add the 'crypto_sm4_' prefix, where sbox is used in the SM4 NEON
implementation for the tbl/tbx instruction to replace the S-BOX,
and the fk, ck arrays are used in the SM4 CE implementation. Use
the sm4ekey instruction to speed up key expansion operations.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Jason A. Donenfeld [Mon, 14 Mar 2022 03:11:01 +0000 (21:11 -0600)]
crypto: sm3,sm4 - move into crypto directory
The lib/crypto libraries live in lib because they are used by various
drivers of the kernel. In contrast, the various helper functions in
crypto are there because they're used exclusively by the crypto API. The
SM3 and SM4 helper functions were erroniously moved into lib/crypto/
instead of crypto/, even though there are no in-kernel users outside of
the crypto API of those functions. This commit moves them into crypto/.
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>