Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.1.y 2019-07-26T07:12:53Z 2019-07-26T07:12:53Z Ard Biesheuvel ard.biesheuvel@linaro.org 2019-05-31T08:13:06Z urn:sha1:f976273ae5ba05640893560901464cbfa08dfaa0 commit ed527b13d800dd515a9e6c582f0a73eca65b2e1b upstream. The CAAM driver currently violates an undocumented and slightly controversial requirement imposed by the crypto stack that a buffer referred to by the request structure via its virtual address may not be modified while any scatterlists passed via the same request structure are mapped for inbound DMA. This may result in errors like alg: aead: decryption failed on test 1 for gcm_base(ctr-aes-caam,ghash-generic): ret=74 alg: aead: Failed to load transform for gcm(aes): -2 on non-cache coherent systems, due to the fact that the GCM driver passes an IV buffer by virtual address which shares a cacheline with the auth_tag buffer passed via a scatterlist, resulting in corruption of the auth_tag when the IV is updated while the DMA mapping is live. Since the IV that is returned to the caller is only valid for CBC mode, and given that the in-kernel users of CBC (such as CTS) don't trigger the same issue as the GCM driver, let's just disable the output IV generation for all modes except CBC for the time being. Fixes: 854b06f76879 ("crypto: caam - properly set IV after {en,de}crypt") Cc: Horia Geanta <horia.geanta@nxp.com> Cc: Iuliana Prodan <iuliana.prodan@nxp.com> Reported-by: Sascha Hauer <s.hauer@pengutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-07-26T07:12:25Z Horia Geantă horia.geanta@nxp.com 2019-05-03T14:17:37Z urn:sha1:e941cdbde8fa8bb6fdd6b52dce4e4d7bafb7aeef [ Upstream commit dcd9c76e5a183af4f793beb5141efcd260b8d09f ] When enabling IOMMU support, the following issue becomes visible in the AEAD zero-length case. Even though the output sequence length is set to zero, the crypto engine tries to prefetch 4 S/G table entries (since SGF bit is set in SEQ OUT PTR command - which is either generated in SW in case of caam/jr or in HW in case of caam/qi, caam/qi2). The DMA read operation will trigger an IOMMU fault since the address in the SEQ OUT PTR is "dummy" (set to zero / not obtained via DMA API mapping). 1. In case of caam/jr, avoid the IOMMU fault by clearing the SGF bit in SEQ OUT PTR command. 2. In case of caam/qi - setting address, bpid, length to zero for output entry in the compound frame has a special meaning (cf. CAAM RM): "Output frame = Unspecified, Input address = Y. A unspecified frame is indicated by an unused SGT entry (an entry in which the Address, Length, and BPID fields are all zero). SEC obtains output buffers from BMan as prescribed by the preheader." Since no output buffers are needed, modify the preheader by setting (ABS = 1, ADDBUF = 0): -"ABS = 1 means obtain the number of buffers in ADDBUF (0 or 1) from the pool POOL ID" -ADDBUF: "If ABS is set, ADD BUF specifies whether to allocate a buffer or not" 3. In case of caam/qi2, since engine: -does not support FLE[FMT]=2'b11 ("unused" entry) mentioned in DPAA2 RM -requires output entry to be present, even if not used the solution chosen is to leave output frame list entry zeroized. Fixes: 763069ba49d3 ("crypto: caam - handle zero-length AEAD output") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-05-22T05:39:45Z Horia Geantă horia.geanta@nxp.com 2019-04-25T14:52:23Z urn:sha1:47062877643437a00804d15c5ecf227c9db261a5 commit 418cd20e4dcdca97e6f6d59e6336228dacf2e45d upstream. Commit 307244452d3d ("crypto: caam - generate hash keys in-place") fixed ahash implementation in caam/jr driver such that user-provided key buffer is not DMA mapped, since it's not guaranteed to be DMAable. Apply a similar fix for caam/qi2 driver. Cc: <stable@vger.kernel.org> # v4.20+ Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-22T05:39:45Z Horia Geantă horia.geanta@nxp.com 2019-04-25T14:52:22Z urn:sha1:89d8cab74ce0b1d23f770245055d8e739c39533a commit 5965dc745287bebf7a2eba91a66f017537fa4c54 upstream. Commits c19650d6ea99 ("crypto: caam - fix DMA mapping of stack memory") and 65055e210884 ("crypto: caam - fix hash context DMA unmap size") fixed the ahash implementation in caam/jr driver such that req->result is not DMA-mapped (since it's not guaranteed to be DMA-able). Apply a similar fix for ahash implementation in caam/qi2 driver. Cc: <stable@vger.kernel.org> # v4.20+ Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-22T05:39:45Z Horia Geantă horia.geanta@nxp.com 2019-04-25T14:52:21Z urn:sha1:9ee4c5f2fd50a3ff2fea6bfaf9b741585db0d13b commit 07586d3ddf284dd7a1a6579579d8efa7296fe60f upstream. Commit 04e6d25c5bb2 ("crypto: caam - fix zero-length buffer DMA mapping") fixed an issue in caam/jr driver where ahash implementation was DMA mapping a zero-length buffer. Current commit applies a similar fix for caam/qi2 driver. Cc: <stable@vger.kernel.org> # v4.20+ Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-03-28T05:54:32Z Iuliana Prodan iuliana.prodan@nxp.com 2019-03-22T12:12:30Z urn:sha1:b4e9e931e9bb2f5b302ce66640832f5a3e57e8c4 Fix a side effect of adding xcbc support, when the next_buffer is not copied. The issue occurs, when there is stored from previous state a blocksize buffer and received, a less than blocksize, from user. In this case, the nents for req->src is 0, and the next_buffer is not copied. An example is: { .tap = { 17, 15, 8 }, .psize = 40, .np = 3, .ksize = 16, } Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-03-07T08:24:52Z Wen Yang yellowriver2010@hotmail.com 2019-03-01T17:19:25Z urn:sha1:00e87449430dc130b43d84bdee71ef94524d9c39 The of_find_device_by_node() takes a reference to the underlying device structure, we should release that reference. Fixes: 35af64038623 ("crypto: caam - Check for CAAM block presence before registering with crypto layer") Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms") Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Wen Yang <yellowriver2010@hotmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-02-28T06:17:59Z Chengguang Xu cgxu519@gmx.com 2019-02-20T10:49:18Z urn:sha1:867659c63762b8e2b77102aa1c9b5d31e32b0690 unlikely has already included in IS_ERR(), so just remove redundant likely/unlikely annotation. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-02-28T06:17:58Z Horia Geantă horia.geanta@nxp.com 2019-02-19T14:56:57Z urn:sha1:307244452d3de657744712f1208ae89a75707cbc When generating a split key or hashing the key, DMA mapping the key buffers coming directly from user is incorrect, since they are not guaranteed to be DMAable. Update driver to first copy user-provided key in the output buffer ("key_out") and then use this buffer for in-place computation (split key generation, respectively key hashing). Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2019-02-28T06:17:58Z Horia Geantă horia.geanta@nxp.com 2019-02-19T14:56:56Z urn:sha1:8e731ee5e2a5aa37b736c05ee2562e1169af866e Fix a side effect of adding xcbc support, which leads to DMA mapping the key twice. Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>