summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-05-05crypto: tcrypt - Remove VLA usageKees Cook
In the quest to remove all stack VLA usage from the kernel[1], this allocates the return code buffers before starting jiffie timers, rather than using stack space for the array. Additionally cleans up some exit paths and make sure that the num_mb module_param() is used only once per execution to avoid possible races in the value changing. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05crypto: arm64 - add support for SM4 encryption using special instructionsArd Biesheuvel
Add support for the SM4 symmetric cipher implemented using the special SM4 instructions introduced in ARM architecture revision 8.2. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05crypto: sm4 - export encrypt/decrypt routines to other driversArd Biesheuvel
In preparation of adding support for the SIMD based arm64 implementation of arm64, which requires a fallback to non-SIMD code when invoked in certain contexts, expose the generic SM4 encrypt and decrypt routines to other drivers. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05hwrng: stm32 - fix pm_suspend issuelionel.debieve@st.com
When suspend is called after pm_runtime_suspend, same callback is used and access to rng register is freezing system. By calling the pm_runtime_force_suspend, it first checks that runtime has been already done. Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05hwrng: stm32 - define default state for rng driverlionel.debieve@st.com
Define default state for stm32_rng driver. It will be default selected with multi_v7_defconfig Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05crypto: ccree - use proper printk formatGilad Ben-Yossef
Fix incorrect use of %pad as a printk format string for none dma_addr_t variable. Discovered via smatch. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-05crypto: ccree - enable support for hardware keysGilad Ben-Yossef
Enable CryptoCell support for hardware keys. Hardware keys are regular AES keys loaded into CryptoCell internal memory via firmware, often from secure boot ROM or hardware fuses at boot time. As such, they can be used for enc/dec purposes like any other key but cannot (read: extremely hard to) be extracted since since they are not available anywhere in RAM during runtime. The mechanism has some similarities to s390 secure keys although the keys are not wrapped or sealed, but simply loaded offline. The interface was therefore modeled based on the s390 secure keys support. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - put temporary dst sg into request ctxChristian Lamparter
This patch fixes a crash that happens when testing rfc4543(gcm(aes)) Unable to handle kernel paging request for data at address 0xf59b3420 Faulting instruction address: 0xc0012994 Oops: Kernel access of bad area, sig: 11 [#1] BE PowerPC 44x Platform Modules linked in: tcrypt(+) crypto4xx [...] CPU: 0 PID: 0 Comm: swapper Tainted: G O 4.17.0-rc1+ #23 NIP: c0012994 LR: d3077934 CTR: 06026d49 REGS: cfff7e30 TRAP: 0300 Tainted: G O (4.17.0-rc1+) MSR: 00029000 <CE,EE,ME> CR: 44744822 XER: 00000000 DEAR: f59b3420 ESR: 00000000 NIP [c0012994] __dma_sync+0x58/0x10c LR [d3077934] crypto4xx_bh_tasklet_cb+0x188/0x3c8 [crypto4xx] __dma_sync was fed the temporary _dst that crypto4xx_build_pd() had in it's function stack. This clearly never worked. This patch therefore overhauls the code from the original driver and puts the temporary dst sg list into aead's request context. Fixes: a0aae821ba3d3 ("crypto: crypto4xx - prepare for AEAD support") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - extend aead fallback checksChristian Lamparter
1020 bytes is the limit for associated data. Any more and it will no longer fit into hash_crypto_offset anymore. The hardware will not process aead requests with plaintext that have less than AES_BLOCK_SIZE bytes. When decrypting aead requests the authsize has to be taken in account as well, as it is part of the cryptlen. Otherwise the hardware will think it has been misconfigured and will return: aead return err status = 0x98 For rtc4543(gcm(aes)), the hardware has a dedicated GMAC mode as part of the hash function set. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - properly set IV after de- and encryptChristian Lamparter
This patch fixes cts(cbc(aes)) test when cbc-aes-ppc4xx is used. alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-ppc4xx) 00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05 00000010: 97 alg: skcipher: Failed to load transform for cts(cbc(aes)): -2 The CTS cipher mode expect the IV (req->iv) of skcipher_request to contain the last ciphertext block after the {en,de}crypt operation is complete. Fix this issue for the AMCC Crypto4xx hardware engine. The tcrypt test case for cts(cbc(aes)) is now correctly passed. name : cts(cbc(aes)) driver : cts(cbc-aes-ppc4xx) module : cts priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - add aes-ctr supportChristian Lamparter
This patch adds support for the aes-ctr skcipher. name : ctr(aes) driver : ctr-aes-ppc4xx module : crypto4xx priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 The hardware uses only the last 32-bits as the counter while the kernel tests (aes_ctr_enc_tv_template[4] for example) expect that the whole IV is a counter. To make this work, the driver will fallback if the counter is going to overlow. The aead's crypto4xx_setup_fallback() function is renamed to crypto4xx_aead_setup_fallback. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - avoid VLA useChristian Lamparter
This patch fixes some of the -Wvla warnings. crypto4xx_alg.c:83:19: warning: Variable length array is used. crypto4xx_alg.c:273:56: warning: Variable length array is used. crypto4xx_alg.c:380:32: warning: Variable length array is used. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - convert to skcipherChristian Lamparter
The ablkcipher APIs have been effectively deprecated since [1]. This patch converts the crypto4xx driver to the new skcipher APIs. [1] <https://www.spinics.net/lists/linux-crypto/msg18133.html> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: crypto4xx - performance optimizationsChristian Lamparter
This patch provides a cheap 2MiB/s+ (~ 6%) performance improvement over the current code. This is because the compiler can now optimize several endian swap memcpy. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: cavium - Remove unnecessary parenthesesVarsha Rao
This patch fixes the clang warning of extraneous parentheses, with the following coccinelle script. @@ identifier i; constant c; expression e; @@ ( !((e)) | -(( \(i == c\|i != c\|i <= c\|i < c\|i >= c\|i > c\) -)) ) Signed-off-by: Varsha Rao <rvarsha016@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: drivers - simplify getting .drvdataWolfram Sang
We should get drvdata from struct device directly. Going via platform_device is an unneeded step back and forth. Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: omap-sham - fix memleakBin Liu
Fixes: 8043bb1ae03cb ("crypto: omap-sham - convert driver logic to use sgs for data xmit") The memory pages freed in omap_sham_finish_req() were less than those allocated in omap_sham_copy_sgs(). Cc: stable@vger.kernel.org Signed-off-by: Bin Liu <b-liu@ti.com> Acked-by: Tero Kristo <t-kristo@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-28crypto: drivers - Remove depends on HAS_DMA in case of platform dependencyGeert Uytterhoeven
Remove dependencies on HAS_DMA where a Kconfig symbol depends on another symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST". In most cases this other symbol is an architecture or platform specific symbol, or PCI. Generic symbols and drivers without platform dependencies keep their dependencies on HAS_DMA, to prevent compiling subsystems or drivers that cannot work anyway. This simplifies the dependencies, and allows to improve compile-testing. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Reviewed-by: Mark Brown <broonie@kernel.org> Acked-by: Robin Murphy <robin.murphy@arm.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam: - Use kmemdup() functionFabio Estevam
Use kmemdup() rather than duplicating its implementation. By usign kmemdup() we can also get rid of the 'val' variable. Detected with Coccinelle script. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam - strip input zeros from RSA input bufferHoria Geantă
Sometimes the provided RSA input buffer provided is not stripped of leading zeros. This could cause its size to be bigger than that of the modulus, making the HW complain: caam_jr 2142000.jr1: 40000789: DECO: desc idx 7: Protocol Size Error - A protocol has seen an error in size. When running RSA, pdb size N < (size of F) when no formatting is used; or pdb size N < (F + 11) when formatting is used. Fix the problem by stripping off the leading zero from input data before feeding it to the CAAM accelerator. Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm") Cc: <stable@vger.kernel.org> # 4.8+ Reported-by: Martin Townsend <mtownsend1973@gmail.com> Link: https://lkml.kernel.org/r/CABatt_ytYORYKtApcB4izhNanEKkGFi9XAQMjHi_n-8YWoCRiw@mail.gmail.com Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Tested-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21hwrng: via - support new Centaur CPUdavidwang
New Centaur CPU(Family > 6) supprt Random Number Generator, but can't support MSR_VIA_RNG. Just like VIA Nano. Signed-off-by: David Wang <davidwang@zhaoxin.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: rsa - Remove unneeded error assignmentFabio Estevam
There is no need to assign an error value to 'ret' prior to calling mpi_read_raw_from_sgl() because in the case of error the 'ret' variable will be assigned to the error code inside the if block. In the case of non failure, 'ret' will be overwritten immediately after, so remove the unneeded assignment. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: testmgr - Allow different compression resultsMahipal Challa
The following error is triggered by the ThunderX ZIP driver if the testmanager is enabled: [ 199.069437] ThunderX-ZIP 0000:03:00.0: Found ZIP device 0 177d:a01a on Node 0 [ 199.073573] alg: comp: Compression test 1 failed for deflate-generic: output len = 37 The reason for this error is the verification of the compression results. Verifying the compression result only works if all algorithm parameters are identical, in this case to the software implementation. Different compression engines like the ThunderX ZIP coprocessor might yield different compression results by tuning the algorithm parameters. In our case the compressed result is shorter than the test vector. We should not forbid different compression results but only check that compression -> decompression yields the same result. This is done already in the acomp test. Do something similar for test_comp(). Signed-off-by: Mahipal Challa <mchalla@cavium.com> Signed-off-by: Balakrishna Bhamidipati <bbhamidipati@cavium.com> [jglauber@cavium.com: removed unrelated printk changes, rewrote commit msg, fixed whitespace and unneeded initialization] Signed-off-by: Jan Glauber <jglauber@cavium.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam - allow retrieving 'era' from registerFabio Estevam
The 'era' information can be retrieved from CAAM registers, so introduce a caam_get_era_from_hw() function that gets it via register reads in case the 'fsl,sec-era' property is not passed in the device tree. This function is based on the U-Boot implementation from drivers/crypto/fsl/sec.c Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Tested-by: Breno Lima <breno.lima@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam - staticize caam_get_era()Fabio Estevam
caam_get_era() is only used locally, so do not export this function and make it static instead. Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: cavium - Fix smp_processor_id() warningsJan Glauber
Switch to raw_smp_processor_id() to prevent a number of warnings from kernel debugging. We do not care about preemption here, as the CPU number is only used as a poor mans load balancing or device selection. If preemption happens during a compress/decompress operation a small performance hit will occur but everything will continue to work, so just ignore it. Signed-off-by: Jan Glauber <jglauber@cavium.com> Reviewed-by: Robert Richter <rrichter@cavium.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: cavium - Fix statistics pending request valueJan Glauber
The pending request counter was read from the wrong register. While at it, there is no need to use an atomic for it as it is only read localy in a loop. Signed-off-by: Jan Glauber <jglauber@cavium.com> Reviewed-by: Robert Richter <rrichter@cavium.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: cavium - Prevent division by zeroJan Glauber
Avoid two potential divisions by zero when calculating average values for the zip statistics. Signed-off-by: Jan Glauber <jglauber@cavium.com> Reviewed-by: Robert Richter <rrichter@cavium.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: cavium - Limit result reading attemptsJan Glauber
After issuing a request an endless loop was used to read the completion state from memory which is asynchronously updated by the ZIP coprocessor. Add an upper bound to the retry attempts to prevent a CPU getting stuck forever in case of an error. Additionally, add a read memory barrier and a small delay between the reading attempts. Signed-off-by: Jan Glauber <jglauber@cavium.com> Reviewed-by: Robert Richter <rrichter@cavium.com> Cc: stable <stable@vger.kernel.org> # 4.14 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: cavium - Fix fallout from CONFIG_VMAP_STACKJan Glauber
Enabling virtual mapped kernel stacks breaks the thunderx_zip driver. On compression or decompression the executing CPU hangs in an endless loop. The reason for this is the usage of __pa by the driver which does no longer work for an address that is not part of the 1:1 mapping. The zip driver allocates a result struct on the stack and needs to tell the hardware the physical address within this struct that is used to signal the completion of the request. As the hardware gets the wrong address after the broken __pa conversion it writes to an arbitrary address. The zip driver then waits forever for the completion byte to contain a non-zero value. Allocating the result struct from 1:1 mapped memory resolves this bug. Signed-off-by: Jan Glauber <jglauber@cavium.com> Reviewed-by: Robert Richter <rrichter@cavium.com> Cc: stable <stable@vger.kernel.org> # 4.14 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: remove several VLAsSalvatore Mesoraca
We avoid various VLAs[1] by using constant expressions for block size and alignment mask. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: api - laying defines and checks for statically allocated buffersSalvatore Mesoraca
In preparation for the removal of VLAs[1] from crypto code. We create 2 new compile-time constants: all ciphers implemented in Linux have a block size less than or equal to 16 bytes and the most demanding hw require 16 bytes alignment for the block buffer. We also enforce these limits in crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: chelsio - remove redundant assignment to cdev->portsColin Ian King
There is a double assignment to cdev->ports, the first is redundant as it is over-written so remove it. Detected by CoverityScan, CID#1467432 ("Unused value") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: chelsio - don't leak information from the stack to userspaceColin Ian King
The structure crypto_info contains fields that are not initialized and only .version is set. The copy_to_user call is hence leaking information from the stack to userspace which must be avoided. Fix this by zero'ing all the unused fields. Detected by CoverityScan, CID#1467421 ("Uninitialized scalar variable") Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: chelsio - Fix potential NULL pointer dereferencesGustavo A. R. Silva
Add null checks on lookup_tid() return value in order to prevent null pointer dereferences. Addresses-Coverity-ID: 1467422 ("Dereference null return value") Addresses-Coverity-ID: 1467443 ("Dereference null return value") Addresses-Coverity-ID: 1467445 ("Dereference null return value") Addresses-Coverity-ID: 1467449 ("Dereference null return value") Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: authencesn - don't leak pointers to authenc keysTudor-Dan Ambarus
In crypto_authenc_esn_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: authenc - don't leak pointers to authenc keysTudor-Dan Ambarus
In crypto_authenc_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: zstd - Add zstd supportNick Terrell
Adds zstd support to crypto and scompress. Only supports the default level. Previously we held off on this patch, since there weren't any users. Now zram is ready for zstd support, but depends on CONFIG_CRYPTO_ZSTD, which isn't defined until this patch is in. I also see a patch adding zstd to pstore [0], which depends on crypto zstd. [0] lkml.kernel.org/r/9c9416b2dff19f05fb4c35879aaa83d11ff72c92.1521626182.git.geliangtang@gmail.com Signed-off-by: Nick Terrell <terrelln@fb.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: ecc - Actually remove stack VLA usageKees Cook
On the quest to remove all VLAs from the kernel[1], this avoids VLAs by just using the maximum allocation size (4 bytes) for stack arrays. All the VLAs in ecc were either 3 or 4 bytes (or a multiple), so just make it 4 bytes all the time. Initialization routines are adjusted to check that ndigits does not end up larger than the arrays. This includes a removal of the earlier attempt at this fix from commit a963834b4742 ("crypto/ecc: Remove stack VLA usage") [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam/qi - fix IV DMA mapping and updatingHoria Geantă
There are two IV-related issues: (1) crypto API does not guarantee to provide an IV buffer that is DMAable, thus it's incorrect to DMA map it (2) for in-place decryption, since ciphertext is overwritten with plaintext, updated IV (req->info) will contain the last block of plaintext (instead of the last block of ciphertext) While these two issues could be fixed separately, it's straightforward to fix both in the same time - by using the {ablkcipher,aead}_edesc extended descriptor to store the IV that will be fed to the crypto engine; this allows for fixing (2) by saving req->src[last_block] in req->info directly, i.e. without allocating yet another temporary buffer. A side effect of the fix is that it's no longer possible to have the IV contiguous with req->src or req->dst. Code checking for this case is removed. Cc: <stable@vger.kernel.org> # 4.14+ Fixes: a68a19380522 ("crypto: caam/qi - properly set IV after {en,de}crypt") Link: http://lkml.kernel.org/r/20170113084620.GF22022@gondor.apana.org.au Reported-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam - fix IV DMA mapping and updatingHoria Geantă
There are two IV-related issues: (1) crypto API does not guarantee to provide an IV buffer that is DMAable, thus it's incorrect to DMA map it (2) for in-place decryption, since ciphertext is overwritten with plaintext, updated req->info will contain the last block of plaintext (instead of the last block of ciphertext) While these two issues could be fixed separately, it's straightforward to fix both in the same time - by allocating extra space in the ablkcipher_edesc for the IV that will be fed to the crypto engine; this allows for fixing (2) by saving req->src[last_block] in req->info directly, i.e. without allocating another temporary buffer. A side effect of the fix is that it's no longer possible to have the IV and req->src contiguous. Code checking for this case is removed. Cc: <stable@vger.kernel.org> # 4.13+ Fixes: 854b06f76879 ("crypto: caam - properly set IV after {en,de}crypt") Link: http://lkml.kernel.org/r/20170113084620.GF22022@gondor.apana.org.au Reported-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: caam - fix DMA mapping dir for generated IVHoria Geantă
In case of GIVCIPHER, IV is generated by the device. Fix the DMA mapping direction. Cc: <stable@vger.kernel.org> # 3.19+ Fixes: 7222d1a34103 ("crypto: caam - add support for givencrypt cbc(aes) and rfc3686(ctr(aes))") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: drbg - set freed buffers to NULLStephan Mueller
During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-21crypto: api - fix finding algorithm currently being testedEric Biggers
Commit eb02c38f0197 ("crypto: api - Keep failed instances alive") is making allocating crypto transforms sometimes fail with ELIBBAD, when multiple processes try to access encrypted files with fscrypt for the first time since boot. The problem is that the "request larval" for the algorithm is being mistaken for an algorithm which failed its tests. Fix it by only returning ELIBBAD for "non-larval" algorithms. Also don't leak a reference to the algorithm. Fixes: eb02c38f0197 ("crypto: api - Keep failed instances alive") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-04-15Linux 4.17-rc1Linus Torvalds
2018-04-15Merge tag 'for-4.17-part2-tag' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux Pull more btrfs updates from David Sterba: "We have queued a few more fixes (error handling, log replay, softlockup) and the rest is SPDX updates that touche almost all files so the diffstat is long" * tag 'for-4.17-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: Only check first key for committed tree blocks btrfs: add SPDX header to Kconfig btrfs: replace GPL boilerplate by SPDX -- sources btrfs: replace GPL boilerplate by SPDX -- headers Btrfs: fix loss of prealloc extents past i_size after fsync log replay Btrfs: clean up resources during umount after trans is aborted btrfs: Fix possible softlock on single core machines Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items
2018-04-15Merge tag '4.17-rc1SMB3-Fixes' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds
Pull cifs fixes from Steve French: "SMB3 fixes, a few for stable, and some important cleanup work from Ronnie of the smb3 transport code" * tag '4.17-rc1SMB3-Fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: change validate_buf to validate_iov cifs: remove rfc1002 hardcoded constants from cifs_discard_remaining_data() cifs: Change SMB2_open to return an iov for the error parameter cifs: add resp_buf_size to the mid_q_entry structure smb3.11: replace a 4 with server->vals->header_preamble_size cifs: replace a 4 with server->vals->header_preamble_size cifs: add pdu_size to the TCP_Server_Info structure SMB311: Improve checking of negotiate security contexts SMB3: Fix length checking of SMB3.11 negotiate request CIFS: add ONCE flag for cifs_dbg type cifs: Use ULL suffix for 64-bit constant SMB3: Log at least once if tree connect fails during reconnect cifs: smb2pdu: Fix potential NULL pointer dereference
2018-04-15Merge tag 'scsi-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is a set of minor (and safe changes) that didn't make the initial pull request plus some bug fixes. The status handling code is actually a running regression from the previous merge window which had an incomplete fix (now reverted) and most of the remaining bug fixes are for problems older than the current merge window" [ Side note: this merge also takes the base kernel git repository to 6+ million objects for the first time. Technically we hit it a couple of merges ago already if you count all the tag objects, but now it reaches 6M+ objects reachable from HEAD. I was joking around that that's when I should switch to 5.0, because 3.0 happened at the 2M mark, and 4.0 happened at 4M objects. But probably not, even if numerology is about as good a reason as any. - Linus ] * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: devinfo: Add Microsoft iSCSI target to 1024 sector blacklist scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() scsi: dpt_i2o: Use after free in I2ORESETCMD ioctl scsi: core: Make scsi_result_to_blk_status() recognize CONDITION MET scsi: core: Rename __scsi_error_from_host_byte() into scsi_result_to_blk_status() Revert "scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte()" scsi: aacraid: Insure command thread is not recursively stopped scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION scsi: qla2xxx: correctly shift host byte scsi: qla2xxx: Fix race condition between iocb timeout and initialisation scsi: qla2xxx: Avoid double completion of abort command scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure scsi: scsi_dh: Don't look for NULL devices handlers by name scsi: core: remove redundant assignment to shost->use_blk_mq
2018-04-15Merge tag 'kbuild-v4.17-2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull more Kbuild updates from Masahiro Yamada: - pass HOSTLDFLAGS when compiling single .c host programs - build genksyms lexer and parser files instead of using shipped versions - rename *-asn1.[ch] to *.asn1.[ch] for suffix consistency - let the top .gitignore globally ignore artifacts generated by flex, bison, and asn1_compiler - let the top Makefile globally clean artifacts generated by flex, bison, and asn1_compiler - use safer .SECONDARY marker instead of .PRECIOUS to prevent intermediate files from being removed - support -fmacro-prefix-map option to make __FILE__ a relative path - fix # escaping to prepare for the future GNU Make release - clean up deb-pkg by using debian tools instead of handrolled source/changes generation - improve rpm-pkg portability by supporting kernel-install as a fallback of new-kernel-pkg - extend Kconfig listnewconfig target to provide more information * tag 'kbuild-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: extend output of 'listnewconfig' kbuild: rpm-pkg: use kernel-install as a fallback for new-kernel-pkg Kbuild: fix # escaping in .cmd files for future Make kbuild: deb-pkg: split generating packaging and build kbuild: use -fmacro-prefix-map to make __FILE__ a relative path kbuild: mark $(targets) as .SECONDARY and remove .PRECIOUS markers kbuild: rename *-asn1.[ch] to *.asn1.[ch] kbuild: clean up *-asn1.[ch] patterns from top-level Makefile .gitignore: move *-asn1.[ch] patterns to the top-level .gitignore kbuild: add %.dtb.S and %.dtb to 'targets' automatically kbuild: add %.lex.c and %.tab.[ch] to 'targets' automatically genksyms: generate lexer and parser during build instead of shipping kbuild: clean up *.lex.c and *.tab.[ch] patterns from top-level Makefile .gitignore: move *.lex.c *.tab.[ch] patterns to the top-level .gitignore kbuild: use HOSTLDFLAGS for single .c executables
2018-04-15Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "A set of fixes and updates for x86: - Address a swiotlb regression which was caused by the recent DMA rework and made driver fail because dma_direct_supported() returned false - Fix a signedness bug in the APIC ID validation which caused invalid APIC IDs to be detected as valid thereby bloating the CPU possible space. - Fix inconsisten config dependcy/select magic for the MFD_CS5535 driver. - Fix a corruption of the physical address space bits when encryption has reduced the address space and late cpuinfo updates overwrite the reduced bit information with the original value. - Dominiks syscall rework which consolidates the architecture specific syscall functions so all syscalls can be wrapped with the same macros. This allows to switch x86/64 to struct pt_regs based syscalls. Extend the clearing of user space controlled registers in the entry patch to the lower registers" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/apic: Fix signedness bug in APIC ID validity checks x86/cpu: Prevent cpuinfo_x86::x86_phys_bits adjustment corruption x86/olpc: Fix inconsistent MFD_CS5535 configuration swiotlb: Use dma_direct_supported() for swiotlb_ops syscalls/x86: Adapt syscall_wrapper.h to the new syscall stub naming convention syscalls/core, syscalls/x86: Rename struct pt_regs-based sys_*() to __x64_sys_*() syscalls/core, syscalls/x86: Clean up compat syscall stub naming convention syscalls/core, syscalls/x86: Clean up syscall stub naming convention syscalls/x86: Extend register clearing on syscall entry to lower registers syscalls/x86: Unconditionally enable 'struct pt_regs' based syscalls on x86_64 syscalls/x86: Use 'struct pt_regs' based syscall calling for IA32_EMULATION and x32 syscalls/core: Prepare CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y for compat syscalls syscalls/x86: Use 'struct pt_regs' based syscall calling convention for 64-bit syscalls syscalls/core: Introduce CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y x86/syscalls: Don't pointlessly reload the system call number x86/mm: Fix documentation of module mapping range with 4-level paging x86/cpuid: Switch to 'static const' specifier