kernel/linux.git/drivers/crypto/tegra, branch v6.12.92Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.922026-05-23T11:04:29+00:00crypto: tegra - Disable softirqs before finalizing request2026-05-23T11:04:29+00:00Herbert Xuherbert@gondor.apana.org.au2026-03-10T09:28:29+00:00urn:sha1:49c0266bf556beaa4eb1a91a6e1e09b42eaebac4
[ Upstream commit 2aeec9af775fb53aa086419b953302c6f4ad4984 ]
Softirqs must be disabled when calling the finalization fucntion on
a request.
Reported-by: Guangwu Zhang <guazhang@redhat.com>
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Reserve keyslots to allocate dynamically2026-05-23T11:04:29+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:09+00:00urn:sha1:9a0ed69eea699bbbc8896a6cb96f5021dab8e726
[ Upstream commit b157e7a228aee9b48c2de05129476b822aa7956d ]
The HW supports only storing 15 keys at a time. This limits the number
of tfms that can work without failutes. Reserve keyslots to solve this
and use the reserved ones during the encryption/decryption operation.
This allow users to have the capability of hardware protected keys
and faster operations if there are limited number of tfms while not
halting the operation if there are more tfms.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 2aeec9af775f ("crypto: tegra - Disable softirqs before finalizing request")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Transfer HASH init function to crypto engine2026-05-23T11:04:29+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:05+00:00urn:sha1:ce065c4afee38031cc44a0997f34b7eb7ce4e066
[ Upstream commit 97ee15ea101629d2ffe21d3c5dc03b8d8be43603 ]
Ahash init() function was called asynchronous to the crypto engine queue.
This could corrupt the request context if there is any ongoing operation
for the same request. Queue the init function as well to the crypto
engine queue so that this scenario can be avoided.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 2aeec9af775f ("crypto: tegra - Disable softirqs before finalizing request")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - finalize crypto req on error2026-05-23T11:04:29+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:03+00:00urn:sha1:23f03ebd52f07418a8e3143d944b4a40552645d4
[ Upstream commit 1e245948ca0c252f561792fabb45de5518301d97 ]
Call the crypto finalize function before exiting *do_one_req() functions.
This allows the driver to take up further requests even if the previous
one fails.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 2aeec9af775f ("crypto: tegra - Disable softirqs before finalizing request")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Add missing CRYPTO_ALG_ASYNC2026-04-11T12:24:48+00:00Eric Biggersebiggers@kernel.org2026-03-16T20:21:19+00:00urn:sha1:bdbf027a4504b4a86740de6beb6d18a957331839
commit 4b56770d345524fc2acc143a2b85539cf7d74bc1 upstream.
The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its
asynchronous algorithms, causing the crypto API to select them for users
that request only synchronous algorithms. This causes crashes (at
least). Fix this by adding the flag like what the other drivers do.
Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just
get ignored and overridden by the registration function anyway.
Reported-by: Zorro Lang <zlang@redhat.com>
Closes: https://lore.kernel.org/r/20260314080937.pghb4aa7d4je3mhh@dell-per750-06-vm-08.rhts.eng.pek2.redhat.com
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Cc: stable@vger.kernel.org
Cc: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: tegra - Fix IV usage for AES ECB2025-04-25T08:47:39+00:00Akhil Rakhilrajeev@nvidia.com2025-03-26T14:51:10+00:00urn:sha1:bbad32b836634bc8fac5fac7054af910756493c9
[ Upstream commit 1ddaff40c08abb926be5ba713c5efc412d0836c5 ]
Modifying the crypto_request turns out to be not the right way to handle
the stale value issue with the IV. Though the IV is not used for AES ECB,
it eventually get used in algorithms like LRW in the next step after
AES ECB encryption/decryption. Setting req->iv to NULL breaks the
implementation of such algorithms. Hence modify only the local reqctx
to check for IV.
Fixes: bde558220866 ("crypto: tegra - Set IV to NULL explicitly for AES ECB")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Do not use fixed size buffers2025-04-25T08:47:39+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:02+00:00urn:sha1:9ebc2053b89a5a5401860c25a70635d3391a1172
[ Upstream commit 1cb328da4e8f34350c61a2b6548766c79b4bb64c ]
Allocate the buffer based on the request instead of a fixed buffer
length. In operations which may require larger buffer size, a fixed
buffer may fail.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 1ddaff40c08a ("crypto: tegra - Fix IV usage for AES ECB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - remove redundant error check on ret2025-04-25T08:47:39+00:00Colin Ian Kingcolin.i.king@gmail.com2024-10-15T13:11:22+00:00urn:sha1:28ec10e58d8bb6a02b77ac3fd48074f1362963ee
[ Upstream commit 7b90df78184de90fe5afcc45393c8ad83b5b18a1 ]
Currently there is an unnecessary error check on ret without a proceeding
assignment to ret that needs checking. The check is redundant and can be
removed.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Acked-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Stable-dep-of: 1ddaff40c08a ("crypto: tegra - Fix IV usage for AES ECB")
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Set IV to NULL explicitly for AES ECB2025-04-10T12:39:18+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:08+00:00urn:sha1:4a7e28e3523f2cb9a25a1a3dbafed04dbcafa464
[ Upstream commit bde558220866e74f19450e16d9a2472b488dfedf ]
It may happen that the variable req->iv may have stale values or
zero sized buffer by default and may end up getting used during
encryption/decryption. This inturn may corrupt the results or break the
operation. Set the req->iv variable to NULL explicitly for algorithms
like AES-ECB where IV is not used.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: tegra - Fix CMAC intermediate result handling2025-04-10T12:39:18+00:00Akhil Rakhilrajeev@nvidia.com2025-02-24T09:16:07+00:00urn:sha1:13a2312c53528865288ac1e7badf1d3360b40c45
[ Upstream commit ce390d6c2675d2e24d798169a1a0e3cdbc076907 ]
Saving and restoring of the intermediate results are needed if there is
context switch caused by another ongoing request on the same engine.
This is therefore not only to support import/export functionality.
Hence, save and restore the intermediate result for every non-first task.
Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
Signed-off-by: Akhil R <akhilrajeev@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>