linux/drivers/crypto/axis, branch v5.1

crypto: axis - move request unmap outside of the queue lock

2019-02-01T06:42:04Z

The request unmap and bounce buffer copying is currently unnecessarily done while holding the queue spin lock. Signed-off-by: Lars Persson Signed-off-by: Vincent Whitchurch Signed-off-by: Herbert Xu

crypto: axis - use a constant time tag compare

2019-02-01T06:42:04Z

Avoid plain memcmp() on the AEAD tag value as this could leak information through a timing side channel. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - support variable AEAD tag length

2019-02-01T06:42:04Z

The implementation assumed that the client always wants the whole 16 byte AES-GCM tag. Now we respect the requested authentication tag size fetched using crypto_aead_authsize(). Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - give DMA the start of the status buffer

2019-02-01T06:42:04Z

The driver was optimized to only do cache maintenance for the last word of the dma descriptor status array. Unfortunately an omission also passed the last word as the address of the array start to the DMA engine. In most cases this goes unnoticed since the hardware aligns the address to a 64 byte boundary. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - fix for recursive locking from bottom half

2019-02-01T06:42:04Z

Clients may submit a new requests from the completion callback context. The driver was not prepared to receive a request in this state because it already held the request queue lock and a recursive lock error is triggered. Now all completions are queued up until we are ready to drop the queue lock and then delivered. The fault was triggered by TCP over an IPsec connection in the LTP test suite: LTP: starting tcp4_ipsec02 (tcp_ipsec.sh -p ah -m transport -s "100 1000 65535") BUG: spinlock recursion on CPU#1, genload/943 lock: 0xbf3c3094, .magic: dead4ead, .owner: genload/943, .owner_cpu: 1 CPU: 1 PID: 943 Comm: genload Tainted: G O 4.9.62-axis5-devel #6 Hardware name: Axis ARTPEC-6 Platform (unwind_backtrace) from [<8010d134>] (show_stack+0x18/0x1c) (show_stack) from [<803a289c>] (dump_stack+0x84/0x98) (dump_stack) from [<8016e164>] (do_raw_spin_lock+0x124/0x128) (do_raw_spin_lock) from [<804de1a4>] (artpec6_crypto_submit+0x2c/0xa0) (artpec6_crypto_submit) from [<804def38>] (artpec6_crypto_prepare_submit_hash+0xd0/0x54c) (artpec6_crypto_prepare_submit_hash) from [<7f3165f0>] (ah_output+0x2a4/0x3dc [ah4]) (ah_output [ah4]) from [<805df9bc>] (xfrm_output_resume+0x178/0x4a4) (xfrm_output_resume) from [<805d283c>] (xfrm4_output+0xac/0xbc) (xfrm4_output) from [<80587928>] (ip_queue_xmit+0x140/0x3b4) (ip_queue_xmit) from [<805a13b4>] (tcp_transmit_skb+0x4c4/0x95c) (tcp_transmit_skb) from [<8059f218>] (tcp_rcv_state_process+0xdf4/0xdfc) (tcp_rcv_state_process) from [<805a7530>] (tcp_v4_do_rcv+0x64/0x1ac) (tcp_v4_do_rcv) from [<805a9724>] (tcp_v4_rcv+0xa34/0xb74) (tcp_v4_rcv) from [<80581d34>] (ip_local_deliver_finish+0x78/0x2b0) (ip_local_deliver_finish) from [<8058259c>] (ip_local_deliver+0xe4/0x104) (ip_local_deliver) from [<805d23ec>] (xfrm4_transport_finish+0xf4/0x144) (xfrm4_transport_finish) from [<805df564>] (xfrm_input+0x4f4/0x74c) (xfrm_input) from [<804de420>] (artpec6_crypto_task+0x208/0x38c) (artpec6_crypto_task) from [<801271b0>] (tasklet_action+0x60/0xec) (tasklet_action) from [<801266d4>] (__do_softirq+0xcc/0x3a4) (__do_softirq) from [<80126d20>] (irq_exit+0xf4/0x15c) (irq_exit) from [<801741e8>] (__handle_domain_irq+0x68/0xbc) (__handle_domain_irq) from [<801014f0>] (gic_handle_irq+0x50/0x94) (gic_handle_irq) from [<80657370>] (__irq_usr+0x50/0x80) Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - remove sha512 support for artpec7

2019-02-01T06:42:04Z

The hardware cannot restore the context correctly when it operates in SHA512 mode. This is too restrictive when operating in a framework that can interleave multiple hash sessions. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - remove sha384 support for artpec7

2019-02-01T06:42:04Z

The hardware implementation of SHA384 was not correct and it cannot be used in any situation. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - no need to check return value of debugfs_create functions

2019-02-01T06:42:03Z

When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Jesper Nilsson Cc: Lars Persson Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-arm-kernel@axis.com Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Acked-by: Lars Persson Signed-off-by: Herbert Xu

crypto: axis - fix platform_no_drv_owner.cocci warnings

2018-10-12T06:20:44Z

Remove .owner field if calls are used which set it automatically Generated by: scripts/coccinelle/api/platform_no_drv_owner.cocci Signed-off-by: YueHaibing Signed-off-by: Herbert Xu

crypto: artpec6 - Remove VLA usage of skcipher

2018-09-28T04:46:08Z

In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Jesper Nilsson Cc: Lars Persson Cc: linux-arm-kernel@axis.com Signed-off-by: Kees Cook Acked-by: Lars Persson Signed-off-by: Herbert Xu