kernel/linux.git/drivers/crypto/inside-secure, branch v4.14.85Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v4.14.852018-05-25T14:17:46+00:00crypto: inside-secure - fix the invalidation step during cra_exit2018-05-25T14:17:46+00:00Antoine Tenartantoine.tenart@bootlin.com2018-02-13T08:26:55+00:00urn:sha1:2b2a92910c1968d2922f07b2a44a6a51d63ef6d7
[ Upstream commit b7007dbccd92f7b8c00e590020bee542a48c6a2c ]
When exiting a transformation, the cra_exit() helper is called in each
driver providing one. The Inside Secure SafeXcel driver has one, which
is responsible of freeing some areas and of sending one invalidation
request to the crypto engine, to invalidate the context that was used
during the transformation.
We could see in some setups (when lots of transformations were being
used with a short lifetime, and hence lots of cra_exit() calls) NULL
pointer dereferences and other weird issues. All these issues were
coming from accessing the tfm context.
The issue is the invalidation request completion is checked using a
wait_for_completion_interruptible() call in both the cipher and hash
cra_exit() helpers. In some cases this was interrupted while the
invalidation request wasn't processed yet. And then cra_exit() returned,
and its caller was freeing the tfm instance. Only then the request was
being handled by the SafeXcel driver, which lead to the said issues.
This patch fixes this by using wait_for_completion() calls in these
specific cases.
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - fix the extra cache computation2018-05-25T14:17:45+00:00Antoine Tenartantoine.tenart@bootlin.com2018-02-13T08:26:52+00:00urn:sha1:d03a0a61dc82f27fcb56561992f564f2ebc1e4b3
[ Upstream commit c1a8fa6e240ed4b99778d48ab790743565cb61c8 ]
This patch fixes the extra cache computation when the queued data is a
multiple of a block size. This fixes the hash support in some cases.
Fixes: 809778e02cd4 ("crypto: inside-secure - fix hash when length is a multiple of a block")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - fix the cache_len computation2018-05-25T14:17:45+00:00Antoine Tenartantoine.tenart@bootlin.com2018-02-13T08:26:53+00:00urn:sha1:6df26587d22d69b3f8310303f11f57199a738872
[ Upstream commit 666a9c70b04fccabde5cea5e680ae1ae92460a62 ]
This patch fixes the cache length computation as cache_len could end up
being a negative value. The check between the queued size and the
block size is updated to reflect the caching mechanism which can cache
up to a full block size (included!).
Fixes: 809778e02cd4 ("crypto: inside-secure - fix hash when length is a multiple of a block")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - do not process request if no command was issued2018-05-25T14:17:45+00:00Antoine Tenartantoine.tenart@bootlin.com2018-02-13T08:26:54+00:00urn:sha1:a04b30fd74a1b00f9d8fa010bee5cde37aaa9803
[ Upstream commit 95831ceafc0de7d94a5fe86ebb1c2042317cc2cd ]
This patch adds a check in the SafeXcel dequeue function, to avoid
processing request further if no hardware command was issued. This can
happen in certain cases where the ->send() function caches all the data
that would have been send.
Fixes: 809778e02cd4 ("crypto: inside-secure - fix hash when length is a multiple of a block")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - wait for the request to complete if in the backlog2018-05-25T14:17:44+00:00Antoine Tenartantoine.tenart@bootlin.com2018-02-26T13:45:12+00:00urn:sha1:173c55493b8184623f415799aac8c62d0c5574b6
[ Upstream commit 4dc5475ae0375ea4f9283dfd9b2ddc91b20d4c4b ]
This patch updates the safexcel_hmac_init_pad() function to also wait
for completion when the digest return code is -EBUSY, as it would mean
the request is in the backlog to be processed later.
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Suggested-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - fix clock management2018-04-08T12:26:31+00:00Gregory CLEMENTgregory.clement@bootlin.com2018-03-13T16:48:40+00:00urn:sha1:41e960b042fcf5e24ad68df669e58c69b5c42d21
commit f962eb46e7a9b98a58d2483f5eb216e738fec732 upstream.
In this driver the clock is got but never put when the driver is removed
or if there is an error in the probe.
Using the managed version of clk_get() allows to let the kernel take care
of it.
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto
engine driver")
cc: stable@vger.kernel.org
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - fix request allocations in invalidation path2018-03-03T09:24:30+00:00Antoine Ténartantoine.tenart@free-electrons.com2017-12-11T11:10:57+00:00urn:sha1:cdbde4c04c5c63ccf7d91122d39ce0dbea71dbfa
[ Upstream commit 7cad2fabd5691dbb17762877d4e7f236fe4bc181 ]
This patch makes use of the SKCIPHER_REQUEST_ON_STACK and
AHASH_REQUEST_ON_STACK helpers to allocate enough memory to contain both
the crypto request structures and their embedded context (__ctx).
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Suggested-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - free requests even if their handling failed2018-03-03T09:24:30+00:00Antoine Ténartantoine.tenart@free-electrons.com2017-12-11T11:10:56+00:00urn:sha1:7cc6e8415d23807c06cf74618e9dc890f1ef21e1
[ Upstream commit 0a02dcca126280595950f3ea809f77c9cb0a235c ]
This patch frees the request private data even if its handling failed,
as it would never be freed otherwise.
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Suggested-by: Ofer Heifetz <oferh@marvell.com>
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - per request invalidation2018-03-03T09:24:30+00:00Ofer Heifetzoferh@marvell.com2017-12-11T11:10:55+00:00urn:sha1:0971f188da94e84d768c37bb10384463aaa003d4
[ Upstream commit 1eb7b40386c97f6c4d1c62931bf306f4535a4bd6 ]
When an invalidation request is needed we currently override the context
.send and .handle_result helpers. This is wrong as under high load other
requests can already be queued and overriding the context helpers will
make them execute the wrong .send and .handle_result functions.
This commit fixes this by adding a needs_inv flag in the request to
choose the action to perform when sending requests or handling their
results. This flag will be set when needed (i.e. when the context flag
will be set).
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
[Antoine: commit message, and removed non related changes from the
original commit]
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: inside-secure - avoid unmapping DMA memory that was not mapped2018-02-03T16:38:50+00:00Antoine Tenartantoine.tenart@free-electrons.com2017-12-26T16:21:16+00:00urn:sha1:199d97815d32acd0f1d20cbd04e39e3dead59a8b
commit c957f8b3e2e54b29f53ef69decc87bbc858c9b58 upstream.
This patch adds a parameter in the SafeXcel ahash request structure to
keep track of the number of SG entries mapped. This allows not to call
dma_unmap_sg() when dma_map_sg() wasn't called in the first place. This
also removes a warning when the debugging of the DMA-API is enabled in
the kernel configuration: "DMA-API: device driver tries to free DMA
memory it has not allocated".
Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>