linux-stable.git/drivers/crypto, branch v5.4.211 Linux kernel stable tree crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of 2022-08-25T09:17:48+00:00 Pali Rohár pali@kernel.org 2022-07-19T07:54:03+00:00 50a7949fd9ead5761f1b9064b55adf1d0a5fe2a1 [ Upstream commit fa4d57b85786ec0e16565c75a51c208834b0c24d ] Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically loaded on platforms where inside-secure crypto HW is specified in device tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of. Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Signed-off-by: Pali Rohár <pali@kernel.org> Acked-by: Marek Behún <kabel@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit fa4d57b85786ec0e16565c75a51c208834b0c24d ]

Without MODULE_DEVICE_TABLE, crypto_safexcel.ko module is not automatically
loaded on platforms where inside-secure crypto HW is specified in device
tree (e.g. Armada 3720). So add missing MODULE_DEVICE_TABLE for of.

Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Pali Rohár <pali@kernel.org>
Acked-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq 2022-08-25T09:17:42+00:00 Zhengchao Shao shaozhengchao@huawei.com 2022-07-01T01:59:54+00:00 cf411bcc657b5f754406d41ffcb4311efef77cb4 [ Upstream commit 68740ab505431f268dc1ee26a54b871e75f0ddaa ] When kunpeng916 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver") Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 68740ab505431f268dc1ee26a54b871e75f0ddaa ]

When kunpeng916 encryption driver is used to deencrypt and decrypt
packets during the softirq, it is not allowed to use mutex lock.

Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
tcp: Fix data-races around sysctl knobs related to SYN option. 2022-07-29T15:14:14+00:00 Kuniyuki Iwashima kuniyu@amazon.com 2022-07-18T17:26:44+00:00 795aee11fda4d73615bc56b9111052f32da64830 [ Upstream commit 3666f666e99600518ab20982af04a078bbdad277 ] While reading these knobs, they can be changed concurrently. Thus, we need to add READ_ONCE() to their readers. - tcp_sack - tcp_window_scaling - tcp_timestamps Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 3666f666e99600518ab20982af04a078bbdad277 ]

While reading these knobs, they can be changed concurrently.
Thus, we need to add READ_ONCE() to their readers.

  - tcp_sack
  - tcp_window_scaling
  - tcp_timestamps

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: marvell/cesa - ECB does not IV 2022-06-14T16:11:40+00:00 Corentin Labbe clabbe@baylibre.com 2022-04-13T19:11:54+00:00 e7a0d0c2802f80c0b158d423470ff893dc968809 [ Upstream commit 4ffa1763622ae5752961499588f3f8874315f974 ] The DES3 ECB has an IV size set but ECB does not need one. Fixes: 4ada483978237 ("crypto: marvell/cesa - add Triple-DES support") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 4ffa1763622ae5752961499588f3f8874315f974 ]

The DES3 ECB has an IV size set but ECB does not need one.

Fixes: 4ada483978237 ("crypto: marvell/cesa - add Triple-DES support")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ 2022-05-25T07:14:34+00:00 Ondrej Mosnacek omosnace@redhat.com 2022-05-03T11:50:10+00:00 8be06f62b426801dba43ddf8893952a0e62ab6ae commit 16287397ec5c08aa58db6acf7dbc55470d78087d upstream. The commit referenced in the Fixes tag removed the 'break' from the else branch in qcom_rng_read(), causing an infinite loop whenever 'max' is not a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/null There are many ways to fix this without adding back the 'break', but they all seem more awkward than simply adding it back, so do just that. Tested on a machine with Qualcomm Amberwing processor. Fixes: a680b1832ced ("crypto: qcom-rng - ensure buffer for generate is completely filled") Cc: stable@vger.kernel.org Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Brian Masney <bmasney@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 16287397ec5c08aa58db6acf7dbc55470d78087d upstream.

The commit referenced in the Fixes tag removed the 'break' from the else
branch in qcom_rng_read(), causing an infinite loop whenever 'max' is
not a multiple of WORD_SZ. This can be reproduced e.g. by running:

    kcapi-rng -b 67 >/dev/null

There are many ways to fix this without adding back the 'break', but
they all seem more awkward than simply adding it back, so do just that.

Tested on a machine with Qualcomm Amberwing processor.

Fixes: a680b1832ced ("crypto: qcom-rng - ensure buffer for generate is completely filled")
Cc: stable@vger.kernel.org
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Brian Masney <bmasney@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto: stm32 - fix reference leak in stm32_crc_remove 2022-05-25T07:14:32+00:00 Zheng Yongjun zhengyongjun3@huawei.com 2022-03-17T13:16:13+00:00 f0213894337afa0b5367ea11c6879c27ece556c7 [ Upstream commit e9a36feecee0ee5845f2e0656f50f9942dd0bed3 ] pm_runtime_get_sync() will increment pm usage counter even it failed. Forgetting to call pm_runtime_put_noidle will result in reference leak in stm32_crc_remove, so we should fix it. Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit e9a36feecee0ee5845f2e0656f50f9942dd0bed3 ]

pm_runtime_get_sync() will increment pm usage counter even it
failed. Forgetting to call pm_runtime_put_noidle will result
in reference leak in stm32_crc_remove, so we should fix it.

Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: ccp - ccp_dmaengine_unregister release dma channels 2022-04-15T12:18:05+00:00 Dāvis Mosāns davispuh@gmail.com 2022-02-28T03:15:45+00:00 acba286182032f30a61c82c24e423fa3a28948e2 [ Upstream commit 54cce8ecb9254f971b40a72911c6da403720a2d2 ] ccp_dmaengine_register adds dma_chan->device_node to dma_dev->channels list but ccp_dmaengine_unregister didn't remove them. That can cause crashes in various dmaengine methods that tries to use dma_dev->channels Fixes: 58ea8abf4904 ("crypto: ccp - Register the CCP as a DMA...") Signed-off-by: Dāvis Mosāns <davispuh@gmail.com> Acked-by: John Allen <john.allen@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 54cce8ecb9254f971b40a72911c6da403720a2d2 ]

ccp_dmaengine_register adds dma_chan->device_node to dma_dev->channels list
but ccp_dmaengine_unregister didn't remove them.
That can cause crashes in various dmaengine methods that tries to use dma_dev->channels

Fixes: 58ea8abf4904 ("crypto: ccp - Register the CCP as a DMA...")
Signed-off-by: Dāvis Mosāns <davispuh@gmail.com>
Acked-by: John Allen <john.allen@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: vmx - add missing dependencies 2022-04-15T12:18:05+00:00 Petr Vorel pvorel@suse.cz 2022-02-23T15:11:15+00:00 b305975a66250d2bb53c45c8e215850c09295170 [ Upstream commit 647d41d3952d726d4ae49e853a9eff68ebad3b3f ] vmx-crypto module depends on CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or CRYPTO_XTS, thus add them. These dependencies are likely to be enabled, but if CRYPTO_DEV_VMX=y && !CRYPTO_MANAGER_DISABLE_TESTS and either of CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or CRYPTO_XTS is built as module or disabled, alg_test() from crypto/testmgr.c complains during boot about failing to allocate the generic fallback implementations (2 == ENOENT): [ 0.540953] Failed to allocate xts(aes) fallback: -2 [ 0.541014] alg: skcipher: failed to allocate transform for p8_aes_xts: -2 [ 0.541120] alg: self-tests for p8_aes_xts (xts(aes)) failed (rc=-2) [ 0.544440] Failed to allocate ctr(aes) fallback: -2 [ 0.544497] alg: skcipher: failed to allocate transform for p8_aes_ctr: -2 [ 0.544603] alg: self-tests for p8_aes_ctr (ctr(aes)) failed (rc=-2) [ 0.547992] Failed to allocate cbc(aes) fallback: -2 [ 0.548052] alg: skcipher: failed to allocate transform for p8_aes_cbc: -2 [ 0.548156] alg: self-tests for p8_aes_cbc (cbc(aes)) failed (rc=-2) [ 0.550745] Failed to allocate transformation for 'aes': -2 [ 0.550801] alg: cipher: Failed to load transform for p8_aes: -2 [ 0.550892] alg: self-tests for p8_aes (aes) failed (rc=-2) Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS") Fixes: d2e3ae6f3aba ("crypto: vmx - Enabling VMX module for PPC64") Suggested-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 647d41d3952d726d4ae49e853a9eff68ebad3b3f ]

vmx-crypto module depends on CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or
CRYPTO_XTS, thus add them.

These dependencies are likely to be enabled, but if
CRYPTO_DEV_VMX=y && !CRYPTO_MANAGER_DISABLE_TESTS
and either of CRYPTO_AES, CRYPTO_CBC, CRYPTO_CTR or CRYPTO_XTS is built
as module or disabled, alg_test() from crypto/testmgr.c complains during
boot about failing to allocate the generic fallback implementations
(2 == ENOENT):

[    0.540953] Failed to allocate xts(aes) fallback: -2
[    0.541014] alg: skcipher: failed to allocate transform for p8_aes_xts: -2
[    0.541120] alg: self-tests for p8_aes_xts (xts(aes)) failed (rc=-2)
[    0.544440] Failed to allocate ctr(aes) fallback: -2
[    0.544497] alg: skcipher: failed to allocate transform for p8_aes_ctr: -2
[    0.544603] alg: self-tests for p8_aes_ctr (ctr(aes)) failed (rc=-2)
[    0.547992] Failed to allocate cbc(aes) fallback: -2
[    0.548052] alg: skcipher: failed to allocate transform for p8_aes_cbc: -2
[    0.548156] alg: self-tests for p8_aes_cbc (cbc(aes)) failed (rc=-2)
[    0.550745] Failed to allocate transformation for 'aes': -2
[    0.550801] alg: cipher: Failed to load transform for p8_aes: -2
[    0.550892] alg: self-tests for p8_aes (aes) failed (rc=-2)

Fixes: c07f5d3da643 ("crypto: vmx - Adding support for XTS")
Fixes: d2e3ae6f3aba ("crypto: vmx - Enabling VMX module for PPC64")

Suggested-by: Nicolai Stange <nstange@suse.de>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: ccree - don't attempt 0 len DMA mappings 2022-04-15T12:18:04+00:00 Gilad Ben-Yossef gilad@benyossef.com 2022-02-17T19:27:26+00:00 40e6d5d1de0614d6c687ace4e72d8d50cd78c3e8 [ Upstream commit 1fb37b5692c915edcc2448a6b37255738c7c77e0 ] Refuse to try mapping zero bytes as this may cause a fault on some configurations / platforms and it seems the prev. attempt is not enough and we need to be more explicit. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com> Fixes: ce0fc6db38de ("crypto: ccree - protect against empty or NULL scatterlists") Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 1fb37b5692c915edcc2448a6b37255738c7c77e0 ]

Refuse to try mapping zero bytes as this may cause a fault
on some configurations / platforms and it seems the prev.
attempt is not enough and we need to be more explicit.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Fixes: ce0fc6db38de ("crypto: ccree - protect against empty or NULL
scatterlists")
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
crypto: mxs-dcp - Fix scatterlist processing 2022-04-15T12:18:04+00:00 Tomas Paukrt tomaspaukrt@email.cz 2022-01-22T17:07:53+00:00 e5e748a6ff11f8c0fe3d10c4d5ff7e0997f312bd [ Upstream commit 28e9b6d8199a3f124682b143800c2dacdc3d70dd ] This patch fixes a bug in scatterlist processing that may cause incorrect AES block encryption/decryption. Fixes: 2e6d793e1bf0 ("crypto: mxs-dcp - Use sg_mapping_iter to copy data") Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 
[ Upstream commit 28e9b6d8199a3f124682b143800c2dacdc3d70dd ]

This patch fixes a bug in scatterlist processing that may cause incorrect AES block encryption/decryption.

Fixes: 2e6d793e1bf0 ("crypto: mxs-dcp - Use sg_mapping_iter to copy data")
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>