Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.2.16 2019-07-26T07:10:49+00:00 2019-07-26T07:10:49+00:00 Ard Biesheuvel ard.biesheuvel@linaro.org 2019-05-31T08:13:06+00:00 urn:sha1:629e1cb02b042ba5840d4f744a322ddfc55ac0c4 commit ed527b13d800dd515a9e6c582f0a73eca65b2e1b upstream. The CAAM driver currently violates an undocumented and slightly controversial requirement imposed by the crypto stack that a buffer referred to by the request structure via its virtual address may not be modified while any scatterlists passed via the same request structure are mapped for inbound DMA. This may result in errors like alg: aead: decryption failed on test 1 for gcm_base(ctr-aes-caam,ghash-generic): ret=74 alg: aead: Failed to load transform for gcm(aes): -2 on non-cache coherent systems, due to the fact that the GCM driver passes an IV buffer by virtual address which shares a cacheline with the auth_tag buffer passed via a scatterlist, resulting in corruption of the auth_tag when the IV is updated while the DMA mapping is live. Since the IV that is returned to the caller is only valid for CBC mode, and given that the in-kernel users of CBC (such as CTS) don't trigger the same issue as the GCM driver, let's just disable the output IV generation for all modes except CBC for the time being. Fixes: 854b06f76879 ("crypto: caam - properly set IV after {en,de}crypt") Cc: Horia Geanta <horia.geanta@nxp.com> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Reported-by: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-07-26T07:10:14+00:00 Horia Geantă horia.geanta@nxp.com 2019-05-03T14:17:37+00:00 urn:sha1:cb7da2ba5384c411438f715c872c8b9f76fe28bf [ Upstream commit dcd9c76e5a183af4f793beb5141efcd260b8d09f ] When enabling IOMMU support, the following issue becomes visible in the AEAD zero-length case. Even though the output sequence length is set to zero, the crypto engine tries to prefetch 4 S/G table entries (since SGF bit is set in SEQ OUT PTR command - which is either generated in SW in case of caam/jr or in HW in case of caam/qi, caam/qi2). The DMA read operation will trigger an IOMMU fault since the address in the SEQ OUT PTR is "dummy" (set to zero / not obtained via DMA API mapping). 1. In case of caam/jr, avoid the IOMMU fault by clearing the SGF bit in SEQ OUT PTR command. 2. In case of caam/qi - setting address, bpid, length to zero for output entry in the compound frame has a special meaning (cf. CAAM RM): "Output frame = Unspecified, Input address = Y. A unspecified frame is indicated by an unused SGT entry (an entry in which the Address, Length, and BPID fields are all zero). SEC obtains output buffers from BMan as prescribed by the preheader." Since no output buffers are needed, modify the preheader by setting (ABS = 1, ADDBUF = 0): -"ABS = 1 means obtain the number of buffers in ADDBUF (0 or 1) from the pool POOL ID" -ADDBUF: "If ABS is set, ADD BUF specifies whether to allocate a buffer or not" 3. In case of caam/qi2, since engine: -does not support FLE[FMT]=2'b11 ("unused" entry) mentioned in DPAA2 RM -requires output entry to be present, even if not used the solution chosen is to leave output frame list entry zeroized. Fixes: 763069ba49d3 ("crypto: caam - handle zero-length AEAD output") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-05-21T19:24:24+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-05-21T19:24:24+00:00 urn:sha1:d53e860fd46f3d95c437bb67518f7374500de467 Pull crypto fixes from Herbert Xu: - Two long-standing bugs in the powerpc assembly of vmx - Stack overrun caused by HASH_MAX_DESCSIZE being too small - Regression in caam * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: vmx - ghash: do nosimd fallback manually crypto: vmx - CTR: always increment IV as quadword crypto: hash - fix incorrect HASH_MAX_DESCSIZE crypto: caam - fix typo in i.MX6 devices list for errata 2019-05-17T05:36:54+00:00 Iuliana Prodan iuliana.prodan@nxp.com 2019-05-14T17:13:09+00:00 urn:sha1:4fa0b1f971fc0a3af08f2041b7feeeb024c08101 Fix a typo in the list of i.MX6 devices affected by an issue wherein AXI bus transactions may not occur in the correct order. Fixes: 33d69455e402 ("crypto: caam - limit AXI pipeline to a depth of 1") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-05-15T15:31:21+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-05-15T15:31:21+00:00 urn:sha1:88f76bc31b93cc228f5a43d5b565dc53615970ae Pull crypto fixes from Herbert Xu: "This fixes a number of issues in the chelsio and caam drivers" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: Revert "crypto: caam/jr - Remove extra memory barrier during job ring dequeue" crypto: caam - fix caam_dump_sg that iterates through scatterlist crypto: caam - fix DKP detection logic MAINTAINERS: Maintainer for Chelsio crypto driver crypto: chelsio - count incomplete block in IV crypto: chelsio - Fix softlockup with heavy I/O crypto: chelsio - Fix NULL pointer dereference 2019-05-09T05:20:48+00:00 Herbert Xu herbert@gondor.apana.org.au 2019-05-09T05:20:48+00:00 urn:sha1:cbc22b062106993980df43a7ffa93351d3218844 This reverts commit bbfcac5ff5f26aafa51935a62eb86b6eacfe8a49. It caused a crash regression on powerpc: https://lore.kernel.org/linux-crypto/87pnp2aflz.fsf@concordia.ellerman.id.au/ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-05-09T05:17:56+00:00 Iuliana Prodan iuliana.prodan@nxp.com 2019-05-07T13:37:03+00:00 urn:sha1:8c65d35435e8cbfdf953cafe5ebe3648ee9276a2 Fix caam_dump_sg by correctly determining the next scatterlist entry in the list. Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-05-09T05:17:56+00:00 Herbert Xu herbert@gondor.apana.org.au 2019-05-06T06:39:44+00:00 urn:sha1:24586b5feaf17ecf85ae6259fe3ea7815dee432d The detection for DKP (Derived Key Protocol) relied on the value of the setkey function. This was broken by the recent change which added des3_aead_setkey. This patch fixes this by introducing a new flag for DKP and setting that where needed. Fixes: 1b52c40919e6 ("crypto: caam - Forbid 2-key 3DES in FIPS mode") Reported-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-05-07T03:15:06+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-05-07T03:15:06+00:00 urn:sha1:81ff5d2cba4f86cd850b9ee4a530cd221ee45aa3 Pull crypto update from Herbert Xu: "API: - Add support for AEAD in simd - Add fuzz testing to testmgr - Add panic_on_fail module parameter to testmgr - Use per-CPU struct instead multiple variables in scompress - Change verify API for akcipher Algorithms: - Convert x86 AEAD algorithms over to simd - Forbid 2-key 3DES in FIPS mode - Add EC-RDSA (GOST 34.10) algorithm Drivers: - Set output IV with ctr-aes in crypto4xx - Set output IV in rockchip - Fix potential length overflow with hashing in sun4i-ss - Fix computation error with ctr in vmx - Add SM4 protected keys support in ccree - Remove long-broken mxc-scc driver - Add rfc4106(gcm(aes)) cipher support in cavium/nitrox" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (179 commits) crypto: ccree - use a proper le32 type for le32 val crypto: ccree - remove set but not used variable 'du_size' crypto: ccree - Make cc_sec_disable static crypto: ccree - fix spelling mistake "protedcted" -> "protected" crypto: caam/qi2 - generate hash keys in-place crypto: caam/qi2 - fix DMA mapping of stack memory crypto: caam/qi2 - fix zero-length buffer DMA mapping crypto: stm32/cryp - update to return iv_out crypto: stm32/cryp - remove request mutex protection crypto: stm32/cryp - add weak key check for DES crypto: atmel - remove set but not used variable 'alg_name' crypto: picoxcell - Use dev_get_drvdata() crypto: crypto4xx - get rid of redundant using_sd variable crypto: crypto4xx - use sync skcipher for fallback crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues crypto: crypto4xx - fix ctr-aes missing output IV crypto: ecrdsa - select ASN1 and OID_REGISTRY for EC-RDSA crypto: ux500 - use ccflags-y instead of CFLAGS_<basename>.o crypto: ccree - handle tee fips error during power management resume crypto: ccree - add function to handle cryptocell tee fips error ... 2019-05-03T06:03:30+00:00 Horia Geantă horia.geanta@nxp.com 2019-04-25T14:52:23+00:00 urn:sha1:418cd20e4dcdca97e6f6d59e6336228dacf2e45d Commit 307244452d3d ("crypto: caam - generate hash keys in-place") fixed ahash implementation in caam/jr driver such that user-provided key buffer is not DMA mapped, since it's not guaranteed to be DMAable. Apply a similar fix for caam/qi2 driver. Cc: <stable@vger.kernel.org> # v4.20+ Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>