12 Aug, 2020

2 commits

  • …l.org/pub/scm/linux/kernel/git/chrome-platform/linux") into android-mainline

    Steps along the way to 5.9-rc1

    Fixes conflicts in:
    drivers/iommu/Kconfig

    Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
    Change-Id: I18e6789f4d31ebe065aeacd47411b31fa928f6b4

    Greg Kroah-Hartman
     
  • Pull virtio updates from Michael Tsirkin:

    - IRQ bypass support for vdpa and IFC

    - MLX5 vdpa driver

    - Endianness fixes for virtio drivers

    - Misc other fixes

    * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (71 commits)
    vdpa/mlx5: fix up endian-ness for mtu
    vdpa: Fix pointer math bug in vdpasim_get_config()
    vdpa/mlx5: Fix pointer math in mlx5_vdpa_get_config()
    vdpa/mlx5: fix memory allocation failure checks
    vdpa/mlx5: Fix uninitialised variable in core/mr.c
    vdpa_sim: init iommu lock
    virtio_config: fix up warnings on parisc
    vdpa/mlx5: Add VDPA driver for supported mlx5 devices
    vdpa/mlx5: Add shared memory registration code
    vdpa/mlx5: Add support library for mlx5 VDPA implementation
    vdpa/mlx5: Add hardware descriptive header file
    vdpa: Modify get_vq_state() to return error code
    net/vdpa: Use struct for set/get vq state
    vdpa: remove hard coded virtq num
    vdpasim: support batch updating
    vhost-vdpa: support IOTLB batching hints
    vhost-vdpa: support get/set backend features
    vhost: generialize backend features setting/getting
    vhost-vdpa: refine ioctl pre-processing
    vDPA: dont change vq irq after DRIVER_OK
    ...

    Linus Torvalds
     

08 Aug, 2020

2 commits

  • …kernel/git/sre/linux-power-supply") into android-mainline

    Merges along the way to 5.9-rc1

    resolves conflicts in:
    Documentation/ABI/testing/sysfs-class-power
    drivers/power/supply/power_supply_sysfs.c
    fs/crypto/inline_crypt.c

    Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
    Change-Id: Ia087834f54fb4e5269d68c3c404747ceed240701

    Greg Kroah-Hartman
     
  • As said by Linus:

    A symmetric naming is only helpful if it implies symmetries in use.
    Otherwise it's actively misleading.

    In "kzalloc()", the z is meaningful and an important part of what the
    caller wants.

    In "kzfree()", the z is actively detrimental, because maybe in the
    future we really _might_ want to use that "memfill(0xdeadbeef)" or
    something. The "zero" part of the interface isn't even _relevant_.

    The main reason that kzfree() exists is to clear sensitive information
    that should not be leaked to other future users of the same memory
    objects.

    Rename kzfree() to kfree_sensitive() to follow the example of the recently
    added kvfree_sensitive() and make the intention of the API more explicit.
    In addition, memzero_explicit() is used to clear the memory to make sure
    that it won't get optimized away by the compiler.

    The renaming is done by using the command sequence:

    git grep -w --name-only kzfree |\
    xargs sed -i 's/kzfree/kfree_sensitive/'

    followed by some editing of the kfree_sensitive() kerneldoc and adding
    a kzfree backward compatibility macro in slab.h.

    [akpm@linux-foundation.org: fs/crypto/inline_crypt.c needs linux/slab.h]
    [akpm@linux-foundation.org: fix fs/crypto/inline_crypt.c some more]

    Suggested-by: Joe Perches
    Signed-off-by: Waiman Long
    Signed-off-by: Andrew Morton
    Acked-by: David Howells
    Acked-by: Michal Hocko
    Acked-by: Johannes Weiner
    Cc: Jarkko Sakkinen
    Cc: James Morris
    Cc: "Serge E. Hallyn"
    Cc: Joe Perches
    Cc: Matthew Wilcox
    Cc: David Rientjes
    Cc: Dan Carpenter
    Cc: "Jason A . Donenfeld"
    Link: http://lkml.kernel.org/r/20200616154311.12314-3-longman@redhat.com
    Signed-off-by: Linus Torvalds

    Waiman Long
     

05 Aug, 2020

2 commits

  • Virtio crypto is modern-only. Use LE accessors for config space.

    Signed-off-by: Michael S. Tsirkin

    Michael S. Tsirkin
     
  • …pub/scm/linux/kernel/git/jlayton/linux") into android-mainline

    Resolve merge conflicts in fs/crypto/ caused by the non-upstream changes
    for metadata encryption support [1] and wrapped key support [2].

    [1] https://android.googlesource.com/kernel/common-patches/+/refs/heads/master/android-mainline/ANDROID-dm-add-dm-default-key-target-for-metadata-encryption.patch
    [2] https://android.googlesource.com/kernel/common-patches/+/refs/heads/master/android-mainline/ANDROID-fscrypt-add-support-for-hardware-wrapped-keys.patch

    Conflicts:
    fs/crypto/fscrypt_private.h
    fs/crypto/inline_crypt.c
    fs/crypto/keysetup.c
    fs/crypto/keysetup_v1.c
    fs/f2fs/data.c
    include/linux/fscrypt.h

    Bug: 160885805
    Bug: 160883801
    Test: kvm-xfstests -c ext4,f2fs -g encrypt
    Change-Id: Icdc9e61b2286c78ba04cec1c9dca421bff545716
    Signed-off-by: Eric Biggers <ebiggers@google.com>

    Eric Biggers
     

16 Jul, 2020

1 commit

  • Set the flag CRYPTO_ALG_ALLOCATES_MEMORY in the crypto drivers that
    allocate memory.

    drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c: sun8i_ce_cipher
    drivers/crypto/allwinner/sun8i-ss/sun8i-ss-core.c: sun8i_ss_cipher
    drivers/crypto/amlogic/amlogic-gxl-core.c: meson_cipher
    drivers/crypto/axis/artpec6_crypto.c: artpec6_crypto_common_init
    drivers/crypto/bcm/cipher.c: spu_skcipher_rx_sg_create
    drivers/crypto/caam/caamalg.c: aead_edesc_alloc
    drivers/crypto/caam/caamalg_qi.c: aead_edesc_alloc
    drivers/crypto/caam/caamalg_qi2.c: aead_edesc_alloc
    drivers/crypto/caam/caamhash.c: hash_digest_key
    drivers/crypto/cavium/cpt/cptvf_algs.c: process_request
    drivers/crypto/cavium/nitrox/nitrox_aead.c: nitrox_process_se_request
    drivers/crypto/cavium/nitrox/nitrox_skcipher.c: nitrox_process_se_request
    drivers/crypto/ccp/ccp-crypto-aes-cmac.c: ccp_do_cmac_update
    drivers/crypto/ccp/ccp-crypto-aes-galois.c: ccp_crypto_enqueue_request
    drivers/crypto/ccp/ccp-crypto-aes-xts.c: ccp_crypto_enqueue_request
    drivers/crypto/ccp/ccp-crypto-aes.c: ccp_crypto_enqueue_request
    drivers/crypto/ccp/ccp-crypto-des3.c: ccp_crypto_enqueue_request
    drivers/crypto/ccp/ccp-crypto-sha.c: ccp_crypto_enqueue_request
    drivers/crypto/chelsio/chcr_algo.c: create_cipher_wr
    drivers/crypto/hisilicon/sec/sec_algs.c: sec_alloc_and_fill_hw_sgl
    drivers/crypto/hisilicon/sec2/sec_crypto.c: sec_alloc_req_id
    drivers/crypto/inside-secure/safexcel_cipher.c: safexcel_queue_req
    drivers/crypto/inside-secure/safexcel_hash.c: safexcel_ahash_enqueue
    drivers/crypto/ixp4xx_crypto.c: ablk_perform
    drivers/crypto/marvell/cesa/cipher.c: mv_cesa_skcipher_dma_req_init
    drivers/crypto/marvell/cesa/hash.c: mv_cesa_ahash_dma_req_init
    drivers/crypto/marvell/octeontx/otx_cptvf_algs.c: create_ctx_hdr
    drivers/crypto/n2_core.c: n2_compute_chunks
    drivers/crypto/picoxcell_crypto.c: spacc_sg_to_ddt
    drivers/crypto/qat/qat_common/qat_algs.c: qat_alg_skcipher_encrypt
    drivers/crypto/qce/skcipher.c: qce_skcipher_async_req_handle
    drivers/crypto/talitos.c : talitos_edesc_alloc
    drivers/crypto/virtio/virtio_crypto_algs.c: __virtio_crypto_skcipher_do_req
    drivers/crypto/xilinx/zynqmp-aes-gcm.c: zynqmp_aes_aead_cipher

    Signed-off-by: Mikulas Patocka
    [EB: avoid overly-long lines]
    Signed-off-by: Eric Biggers
    Signed-off-by: Herbert Xu

    Mikulas Patocka
     

09 Jul, 2020

1 commit

  • features[] and id_table[] are not modified and can be made const to
    allow the compiler to put them in read-only memory.

    Before:
    text data bss dec hex filename
    11534 2056 160 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o

    After:
    text data bss dec hex filename
    11630 1992 128 13750 35b6 drivers/crypto/virtio/virtio_crypto_core.o

    Signed-off-by: Rikard Falkeborn
    Signed-off-by: Herbert Xu

    Rikard Falkeborn
     

25 Jun, 2020

1 commit


05 Jun, 2020

3 commits

  • The src/dst length is not aligned with AES_BLOCK_SIZE(which is 16) in some
    testcases in tcrypto.ko.

    For example, the src/dst length of one of cts(cbc(aes))'s testcase is 17, the
    crypto_virtio driver will set @src_data_len=16 but @dst_data_len=17 in this
    case and get a wrong at then end.

    SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes)
    EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes)
    DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes)
    (pp: plaintext cc:ciphertext)

    Fix this issue by limit the length of dest buffer.

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Cc: Gonglei
    Cc: Herbert Xu
    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: "David S. Miller"
    Cc: virtualization@lists.linux-foundation.org
    Cc: linux-kernel@vger.kernel.org
    Cc: stable@vger.kernel.org
    Signed-off-by: Longpeng(Mike)
    Link: https://lore.kernel.org/r/20200602070501.2023-4-longpeng2@huawei.com
    Signed-off-by: Michael S. Tsirkin

    Longpeng(Mike)
     
  • The system'll crash when the users insmod crypto/tcrypto.ko with mode=155
    ( testing "authenc(hmac(sha1),cbc(aes))" ). It's caused by reuse the memory
    of request structure.

    In crypto_authenc_init_tfm(), the reqsize is set to:
    [PART 1] sizeof(authenc_request_ctx) +
    [PART 2] ictx->reqoff +
    [PART 3] MAX(ahash part, skcipher part)
    and the 'PART 3' is used by both ahash and skcipher in turn.

    When the virtio_crypto driver finish skcipher req, it'll call ->complete
    callback(in crypto_finalize_skcipher_request) and then free its
    resources whose pointers are recorded in 'skcipher parts'.

    However, the ->complete is 'crypto_authenc_encrypt_done' in this case,
    it will use the 'ahash part' of the request and change its content,
    so virtio_crypto driver will get the wrong pointer after ->complete
    finish and mistakenly free some other's memory. So the system will crash
    when these memory will be used again.

    The resources which need to be cleaned up are not used any more. But the
    pointers of these resources may be changed in the function
    "crypto_finalize_skcipher_request". Thus release specific resources before
    calling this function.

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Reported-by: LABBE Corentin
    Cc: Gonglei
    Cc: Herbert Xu
    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: "David S. Miller"
    Cc: virtualization@lists.linux-foundation.org
    Cc: linux-kernel@vger.kernel.org
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20200123101000.GB24255@Red
    Acked-by: Gonglei
    Signed-off-by: Longpeng(Mike)
    Link: https://lore.kernel.org/r/20200602070501.2023-3-longpeng2@huawei.com
    Signed-off-by: Michael S. Tsirkin

    Longpeng(Mike)
     
  • The system will crash when the users insmod crypto/tcrypt.ko with mode=38
    ( testing "cts(cbc(aes))" ).

    Usually the next entry of one sg will be @sg@ + 1, but if this sg element
    is part of a chained scatterlist, it could jump to the start of a new
    scatterlist array. Fix it by sg_next() on calculation of src/dst
    scatterlist.

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Reported-by: LABBE Corentin
    Cc: Herbert Xu
    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: "David S. Miller"
    Cc: virtualization@lists.linux-foundation.org
    Cc: linux-kernel@vger.kernel.org
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20200123101000.GB24255@Red
    Signed-off-by: Gonglei
    Signed-off-by: Longpeng(Mike)
    Link: https://lore.kernel.org/r/20200602070501.2023-2-longpeng2@huawei.com
    Signed-off-by: Michael S. Tsirkin

    Longpeng(Mike)
     

04 Mar, 2020

1 commit


09 Jan, 2020

1 commit

  • The CRYPTO_TFM_RES_BAD_KEY_LEN flag was apparently meant as a way to
    make the ->setkey() functions provide more information about errors.

    However, no one actually checks for this flag, which makes it pointless.

    Also, many algorithms fail to set this flag when given a bad length key.
    Reviewing just the generic implementations, this is the case for
    aes-fixed-time, cbcmac, echainiv, nhpoly1305, pcrypt, rfc3686, rfc4309,
    rfc7539, rfc7539esp, salsa20, seqiv, and xcbc. But there are probably
    many more in arch/*/crypto/ and drivers/crypto/.

    Some algorithms can even set this flag when the key is the correct
    length. For example, authenc and authencesn set it when the key payload
    is malformed in any way (not just a bad length), the atmel-sha and ccree
    drivers can set it if a memory allocation fails, and the chelsio driver
    sets it for bad auth tag lengths, not just bad key lengths.

    So even if someone actually wanted to start checking this flag (which
    seems unlikely, since it's been unused for a long time), there would be
    a lot of work needed to get it working correctly. But it would probably
    be much better to go back to the drawing board and just define different
    return values, like -EINVAL if the key is invalid for the algorithm vs.
    -EKEYREJECTED if the key was rejected by a policy like "no weak keys".
    That would be much simpler, less error-prone, and easier to test.

    So just remove this flag.

    Signed-off-by: Eric Biggers
    Reviewed-by: Horia Geantă
    Signed-off-by: Herbert Xu

    Eric Biggers
     

17 Nov, 2019

3 commits

  • Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface")
    dated 20 august 2015 introduced the new skcipher API which is supposed to
    replace both blkcipher and ablkcipher. While all consumers of the API have
    been converted long ago, some producers of the ablkcipher remain, forcing
    us to keep the ablkcipher support routines alive, along with the matching
    code to expose [a]blkciphers via the skcipher API.

    So switch this driver to the skcipher API, allowing us to finally drop the
    ablkcipher code in the near future.

    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: Gonglei
    Cc: virtualization@lists.linux-foundation.org
    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     
  • Return -EINVAL for input sizes that are not a multiple of the AES
    block size, since they are not supported by our CBC chaining mode.

    While at it, remove the pr_err() that reports unsupported key sizes
    being used: we shouldn't spam the kernel log with that.

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: Gonglei
    Cc: virtualization@lists.linux-foundation.org
    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     
  • In order to allow for CBC to be chained, which is something that the
    CTS template relies upon, implementations of CBC need to pass the
    IV to be used for subsequent invocations via the IV buffer. This was
    not implemented yet for virtio-crypto so implement it now.

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Cc: "Michael S. Tsirkin"
    Cc: Jason Wang
    Cc: Gonglei
    Cc: virtualization@lists.linux-foundation.org
    Signed-off-by: Ard Biesheuvel
    Signed-off-by: Herbert Xu

    Ard Biesheuvel
     

01 Nov, 2019

1 commit


26 Jul, 2019

1 commit

  • kmemdup is introduced to duplicate a region of memory in a neat way.
    Rather than kmalloc/kzalloc + memcpy, which the programmer needs to
    write the size twice (sometimes lead to mistakes), kmemdup improves
    readability, leads to smaller code and also reduce the chances of mistakes.
    Suggestion to use kmemdup rather than using kmalloc/kzalloc + memcpy.

    Signed-off-by: Fuqian Huang
    Reviewed-by: Horia Geantă
    Acked-by: Michael S. Tsirkin
    Signed-off-by: Herbert Xu

    Fuqian Huang
     

21 May, 2019

2 commits

  • Based on 2 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version this program is distributed in the
    hope that it will be useful but without any warranty without even
    the implied warranty of merchantability or fitness for a particular
    purpose see the gnu general public license for more details you
    should have received a copy of the gnu general public license along
    with this program if not see http www gnu org licenses

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version this program is distributed in the
    hope that it will be useful but without any warranty without even
    the implied warranty of merchantability or fitness for a particular
    purpose see the gnu general public license for more details [based]
    [from] [clk] [highbank] [c] you should have received a copy of the
    gnu general public license along with this program if not see http
    www gnu org licenses

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 355 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Kate Stewart
    Reviewed-by: Jilayne Lovejoy
    Reviewed-by: Steve Winslow
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190519154041.837383322@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     
  • Add SPDX license identifiers to all Make/Kconfig files which:

    - Have no license information of any form

    These files fall under the project license, GPL v2 only. The resulting SPDX
    license identifier is:

    GPL-2.0-only

    Signed-off-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

11 Jan, 2019

1 commit


16 Aug, 2018

1 commit

  • Pull crypto updates from Herbert Xu:
    "API:
    - Fix dcache flushing crash in skcipher.
    - Add hash finup self-tests.
    - Reschedule during speed tests.

    Algorithms:
    - Remove insecure vmac and replace it with vmac64.
    - Add public key verification for DH/ECDH.

    Drivers:
    - Decrease priority of sha-mb on x86.
    - Improve NEON latency/throughput on ARM64.
    - Add md5/sha384/sha512/des/3des to inside-secure.
    - Support eip197d in inside-secure.
    - Only register algorithms supported by the host in virtio.
    - Add cts and remove incompatible cts1 from ccree.
    - Add hisilicon SEC security accelerator driver.
    - Replace msm hwrng driver with qcom pseudo rng driver.

    Misc:
    - Centralize CRC polynomials"

    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (121 commits)
    crypto: arm64/ghash-ce - implement 4-way aggregation
    crypto: arm64/ghash-ce - replace NEON yield check with block limit
    crypto: hisilicon - sec_send_request() can be static
    lib/mpi: remove redundant variable esign
    crypto: arm64/aes-ce-gcm - don't reload key schedule if avoidable
    crypto: arm64/aes-ce-gcm - implement 2-way aggregation
    crypto: arm64/aes-ce-gcm - operate on two input blocks at a time
    crypto: dh - make crypto_dh_encode_key() make robust
    crypto: dh - fix calculating encoded key size
    crypto: ccp - Check for NULL PSP pointer at module unload
    crypto: arm/chacha20 - always use vrev for 16-bit rotates
    crypto: ccree - allow bigger than sector XTS op
    crypto: ccree - zero all of request ctx before use
    crypto: ccree - remove cipher ivgen left overs
    crypto: ccree - drop useless type flag during reg
    crypto: ablkcipher - fix crash flushing dcache in error path
    crypto: blkcipher - fix crash flushing dcache in error path
    crypto: skcipher - fix crash flushing dcache in error path
    crypto: skcipher - remove unnecessary setting of walk->nbytes
    crypto: scatterwalk - remove scatterwalk_samebuf()
    ...

    Linus Torvalds
     

12 Aug, 2018

1 commit

  • Make vp_set_vq_affinity() take a cpumask instead of taking a single CPU.

    If there are fewer queues than cores, queue affinity should be able to
    map to multiple cores.

    Link: https://patchwork.ozlabs.org/patch/948149/
    Suggested-by: Willem de Bruijn
    Signed-off-by: Caleb Raitto
    Acked-by: Gonglei
    Signed-off-by: David S. Miller

    Caleb Raitto
     

03 Aug, 2018

1 commit

  • __virtio_crypto_ablkcipher_do_req() is never called in atomic context.

    __virtio_crypto_ablkcipher_do_req() is only called by
    virtio_crypto_ablkcipher_crypt_req(), which is only called by
    virtcrypto_find_vqs() that is never called in atomic context.

    __virtio_crypto_ablkcipher_do_req() calls kzalloc_node() with GFP_ATOMIC,
    which is not necessary.
    GFP_ATOMIC can be replaced with GFP_KERNEL.

    This is found by a static analysis tool named DCNS written by myself.
    I also manually check the kernel code before reporting it.

    Signed-off-by: Jia-Ju Bai
    Signed-off-by: Herbert Xu

    Jia-Ju Bai
     

01 Jul, 2018

2 commits


13 Jun, 2018

1 commit

  • The kzalloc_node() function has a 2-factor argument form, kcalloc_node(). This
    patch replaces cases of:

    kzalloc_node(a * b, gfp, node)

    with:
    kcalloc_node(a * b, gfp, node)

    as well as handling cases of:

    kzalloc_node(a * b * c, gfp, node)

    with:

    kzalloc_node(array3_size(a, b, c), gfp, node)

    as it's slightly less ugly than:

    kcalloc_node(array_size(a, b), c, gfp, node)

    This does, however, attempt to ignore constant size factors like:

    kzalloc_node(4 * 1024, gfp, node)

    though any constants defined via macros get caught up in the conversion.

    Any factors with a sizeof() of "unsigned char", "char", and "u8" were
    dropped, since they're redundant.

    The Coccinelle script used for this was:

    // Fix redundant parens around sizeof().
    @@
    type TYPE;
    expression THING, E;
    @@

    (
    kzalloc_node(
    - (sizeof(TYPE)) * E
    + sizeof(TYPE) * E
    , ...)
    |
    kzalloc_node(
    - (sizeof(THING)) * E
    + sizeof(THING) * E
    , ...)
    )

    // Drop single-byte sizes and redundant parens.
    @@
    expression COUNT;
    typedef u8;
    typedef __u8;
    @@

    (
    kzalloc_node(
    - sizeof(u8) * (COUNT)
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(__u8) * (COUNT)
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(char) * (COUNT)
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(unsigned char) * (COUNT)
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(u8) * COUNT
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(__u8) * COUNT
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(char) * COUNT
    + COUNT
    , ...)
    |
    kzalloc_node(
    - sizeof(unsigned char) * COUNT
    + COUNT
    , ...)
    )

    // 2-factor product with sizeof(type/expression) and identifier or constant.
    @@
    type TYPE;
    expression THING;
    identifier COUNT_ID;
    constant COUNT_CONST;
    @@

    (
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * (COUNT_ID)
    + COUNT_ID, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * COUNT_ID
    + COUNT_ID, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * (COUNT_CONST)
    + COUNT_CONST, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * COUNT_CONST
    + COUNT_CONST, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * (COUNT_ID)
    + COUNT_ID, sizeof(THING)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * COUNT_ID
    + COUNT_ID, sizeof(THING)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * (COUNT_CONST)
    + COUNT_CONST, sizeof(THING)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * COUNT_CONST
    + COUNT_CONST, sizeof(THING)
    , ...)
    )

    // 2-factor product, only identifiers.
    @@
    identifier SIZE, COUNT;
    @@

    - kzalloc_node
    + kcalloc_node
    (
    - SIZE * COUNT
    + COUNT, SIZE
    , ...)

    // 3-factor product with 1 sizeof(type) or sizeof(expression), with
    // redundant parens removed.
    @@
    expression THING;
    identifier STRIDE, COUNT;
    type TYPE;
    @@

    (
    kzalloc_node(
    - sizeof(TYPE) * (COUNT) * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE) * (COUNT) * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE) * COUNT * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE) * COUNT * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(TYPE))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING) * (COUNT) * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(THING))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING) * (COUNT) * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(THING))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING) * COUNT * (STRIDE)
    + array3_size(COUNT, STRIDE, sizeof(THING))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING) * COUNT * STRIDE
    + array3_size(COUNT, STRIDE, sizeof(THING))
    , ...)
    )

    // 3-factor product with 2 sizeof(variable), with redundant parens removed.
    @@
    expression THING1, THING2;
    identifier COUNT;
    type TYPE1, TYPE2;
    @@

    (
    kzalloc_node(
    - sizeof(TYPE1) * sizeof(TYPE2) * COUNT
    + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING1) * sizeof(THING2) * COUNT
    + array3_size(COUNT, sizeof(THING1), sizeof(THING2))
    , ...)
    |
    kzalloc_node(
    - sizeof(THING1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(THING1), sizeof(THING2))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE1) * sizeof(THING2) * COUNT
    + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
    , ...)
    |
    kzalloc_node(
    - sizeof(TYPE1) * sizeof(THING2) * (COUNT)
    + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
    , ...)
    )

    // 3-factor product, only identifiers, with redundant parens removed.
    @@
    identifier STRIDE, SIZE, COUNT;
    @@

    (
    kzalloc_node(
    - (COUNT) * STRIDE * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - COUNT * (STRIDE) * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - COUNT * STRIDE * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - (COUNT) * (STRIDE) * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - COUNT * (STRIDE) * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - (COUNT) * STRIDE * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - (COUNT) * (STRIDE) * (SIZE)
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    |
    kzalloc_node(
    - COUNT * STRIDE * SIZE
    + array3_size(COUNT, STRIDE, SIZE)
    , ...)
    )

    // Any remaining multi-factor products, first at least 3-factor products,
    // when they're not all constants...
    @@
    expression E1, E2, E3;
    constant C1, C2, C3;
    @@

    (
    kzalloc_node(C1 * C2 * C3, ...)
    |
    kzalloc_node(
    - (E1) * E2 * E3
    + array3_size(E1, E2, E3)
    , ...)
    |
    kzalloc_node(
    - (E1) * (E2) * E3
    + array3_size(E1, E2, E3)
    , ...)
    |
    kzalloc_node(
    - (E1) * (E2) * (E3)
    + array3_size(E1, E2, E3)
    , ...)
    |
    kzalloc_node(
    - E1 * E2 * E3
    + array3_size(E1, E2, E3)
    , ...)
    )

    // And then all remaining 2 factors products when they're not all constants,
    // keeping sizeof() as the second factor argument.
    @@
    expression THING, E1, E2;
    type TYPE;
    constant C1, C2, C3;
    @@

    (
    kzalloc_node(sizeof(THING) * C2, ...)
    |
    kzalloc_node(sizeof(TYPE) * C2, ...)
    |
    kzalloc_node(C1 * C2 * C3, ...)
    |
    kzalloc_node(C1 * C2, ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * (E2)
    + E2, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(TYPE) * E2
    + E2, sizeof(TYPE)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * (E2)
    + E2, sizeof(THING)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - sizeof(THING) * E2
    + E2, sizeof(THING)
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - (E1) * E2
    + E1, E2
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - (E1) * (E2)
    + E1, E2
    , ...)
    |
    - kzalloc_node
    + kcalloc_node
    (
    - E1 * E2
    + E1, E2
    , ...)
    )

    Signed-off-by: Kees Cook

    Kees Cook
     

16 Mar, 2018

1 commit

  • virtio_crypto does not use function crypto_authenc_extractkeys, remove
    this unnecessary dependency. Compiles fine and passes cryptodev-linux
    cipher and speed tests from https://wiki.qemu.org/Features/VirtioCrypto

    Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver")
    Signed-off-by: Peter Wu
    Signed-off-by: Herbert Xu

    Peter Wu
     

15 Feb, 2018

1 commit


15 Nov, 2017

1 commit

  • Pull crypto updates from Herbert Xu:
    "Here is the crypto update for 4.15:

    API:

    - Disambiguate EBUSY when queueing crypto request by adding ENOSPC.
    This change touches code outside the crypto API.
    - Reset settings when empty string is written to rng_current.

    Algorithms:

    - Add OSCCA SM3 secure hash.

    Drivers:

    - Remove old mv_cesa driver (replaced by marvell/cesa).
    - Enable rfc3686/ecb/cfb/ofb AES in crypto4xx.
    - Add ccm/gcm AES in crypto4xx.
    - Add support for BCM7278 in iproc-rng200.
    - Add hash support on Exynos in s5p-sss.
    - Fix fallback-induced error in vmx.
    - Fix output IV in atmel-aes.
    - Fix empty GCM hash in mediatek.

    Others:

    - Fix DoS potential in lib/mpi.
    - Fix potential out-of-order issues with padata"

    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (162 commits)
    lib/mpi: call cond_resched() from mpi_powm() loop
    crypto: stm32/hash - Fix return issue on update
    crypto: dh - Remove pointless checks for NULL 'p' and 'g'
    crypto: qat - Clean up error handling in qat_dh_set_secret()
    crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
    crypto: dh - Don't permit 'p' to be 0
    crypto: dh - Fix double free of ctx->p
    hwrng: iproc-rng200 - Add support for BCM7278
    dt-bindings: rng: Document BCM7278 RNG200 compatible
    crypto: chcr - Replace _manual_ swap with swap macro
    crypto: marvell - Add a NULL entry at the end of mv_cesa_plat_id_table[]
    hwrng: virtio - Virtio RNG devices need to be re-registered after suspend/resume
    crypto: atmel - remove empty functions
    crypto: ecdh - remove empty exit()
    MAINTAINERS: update maintainer for qat
    crypto: caam - remove unused param of ctx_map_to_sec4_sg()
    crypto: caam - remove unneeded edesc zeroization
    crypto: atmel-aes - Reset the controller before each use
    crypto: atmel-aes - properly set IV after {en,de}crypt
    hwrng: core - Reset user selected rng by writing "" to rng_current
    ...

    Linus Torvalds
     

02 Nov, 2017

1 commit

  • Many source files in the tree are missing licensing information, which
    makes it harder for compliance tools to determine the correct license.

    By default all files without license information are under the default
    license of the kernel, which is GPL version 2.

    Update the files which contain no license information with the 'GPL-2.0'
    SPDX license identifier. The SPDX identifier is a legally binding
    shorthand, which can be used instead of the full boiler plate text.

    This patch is based on work done by Thomas Gleixner and Kate Stewart and
    Philippe Ombredanne.

    How this work was done:

    Patches were generated and checked against linux-4.14-rc6 for a subset of
    the use cases:
    - file had no licensing information it it.
    - file was a */uapi/* one with no licensing information in it,
    - file was a */uapi/* one with existing licensing information,

    Further patches will be generated in subsequent months to fix up cases
    where non-standard license headers were used, and references to license
    had to be inferred by heuristics based on keywords.

    The analysis to determine which SPDX License Identifier to be applied to
    a file was done in a spreadsheet of side by side results from of the
    output of two independent scanners (ScanCode & Windriver) producing SPDX
    tag:value files created by Philippe Ombredanne. Philippe prepared the
    base worksheet, and did an initial spot review of a few 1000 files.

    The 4.13 kernel was the starting point of the analysis with 60,537 files
    assessed. Kate Stewart did a file by file comparison of the scanner
    results in the spreadsheet to determine which SPDX license identifier(s)
    to be applied to the file. She confirmed any determination that was not
    immediately clear with lawyers working with the Linux Foundation.

    Criteria used to select files for SPDX license identifier tagging was:
    - Files considered eligible had to be source code files.
    - Make and config files were included as candidates if they contained >5
    lines of source
    - File already had some variant of a license header in it (even if
    Reviewed-by: Philippe Ombredanne
    Reviewed-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Greg Kroah-Hartman
     

12 Oct, 2017

1 commit


18 Jul, 2017

1 commit

  • In current virtio crypto device driver, some common data structures and
    implementations that should be used by other virtio crypto algorithms
    (e.g. asymmetric crypto algorithms) introduce symmetric crypto algorithms
    specific implementations.
    This patch refactors these pieces of code so that they can be reused by
    other virtio crypto algorithms.

    Acked-by: Gonglei
    Signed-off-by: Xin Zeng
    Signed-off-by: Herbert Xu

    Zeng, Xin
     

03 May, 2017

1 commit


03 Mar, 2017

1 commit

  • Pull vhost updates from Michael Tsirkin:
    "virtio, vhost: optimizations, fixes

    Looks like a quiet cycle for vhost/virtio, just a couple of minor
    tweaks. Most notable is automatic interrupt affinity for blk and scsi.
    Hopefully other devices are not far behind"

    * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
    virtio-console: avoid DMA from stack
    vhost: introduce O(1) vq metadata cache
    virtio_scsi: use virtio IRQ affinity
    virtio_blk: use virtio IRQ affinity
    blk-mq: provide a default queue mapping for virtio device
    virtio: provide a method to get the IRQ affinity mask for a virtqueue
    virtio: allow drivers to request IRQ affinity when creating VQs
    virtio_pci: simplify MSI-X setup
    virtio_pci: don't duplicate the msix_enable flag in struct pci_dev
    virtio_pci: use shared interrupts for virtqueues
    virtio_pci: remove struct virtio_pci_vq_info
    vhost: try avoiding avail index access when getting descriptor
    virtio_mmio: expose header to userspace

    Linus Torvalds
     

28 Feb, 2017

1 commit

  • Add a struct irq_affinity pointer to the find_vqs methods, which if set
    is used to tell the PCI layer to create the MSI-X vectors for our I/O
    virtqueues with the proper affinity from the start. Compared to after
    the fact affinity hints this gives us an instantly working setup and
    allows to allocate the irq descritors node-local and avoid interconnect
    traffic. Last but not least this will allow blk-mq queues are created
    based on the interrupt affinity for storage drivers.

    Signed-off-by: Christoph Hellwig
    Reviewed-by: Jason Wang
    Signed-off-by: Michael S. Tsirkin

    Christoph Hellwig
     

13 Jan, 2017

1 commit

  • Some hardware accelerators (like intel aesni or the s390
    cpacf functions) have lower priorities than virtio
    crypto, and those drivers are faster than the same in
    the host via virtio. So let's lower the priority of
    virtio-crypto's algorithm, make it's higher than software
    implementations but lower than the hardware ones.

    Suggested-by: Christian Borntraeger
    Signed-off-by: Gonglei
    Acked-by: Christian Borntraeger
    Signed-off-by: Herbert Xu

    Gonglei \(Arei\)
     

30 Dec, 2016

1 commit

  • crypto engine was introduced since 'commit 735d37b5424b ("crypto: engine
    - Introduce the block request crypto engine framework")' which uses work
    queue to realize the asynchronous processing for ablk_cipher and ahash.

    For virtio-crypto device, I register an engine for each
    data virtqueue so that we can use the capability of
    multiple data queues in future.

    Cc: Baolin Wang
    Cc: Herbert Xu
    Cc: Michael S. Tsirkin
    Signed-off-by: Gonglei
    Signed-off-by: Herbert Xu

    Gonglei \(Arei\)
     

16 Dec, 2016

1 commit

  • This patch introduces virtio-crypto driver for Linux Kernel.

    The virtio crypto device is a virtual cryptography device
    as well as a kind of virtual hardware accelerator for
    virtual machines. The encryption anddecryption requests
    are placed in the data queue and are ultimately handled by
    thebackend crypto accelerators. The second queue is the
    control queue used to create or destroy sessions for
    symmetric algorithms and will control some advanced features
    in the future. The virtio crypto device provides the following
    cryptoservices: CIPHER, MAC, HASH, and AEAD.

    For more information about virtio-crypto device, please see:
    http://qemu-project.org/Features/VirtioCrypto

    CC: Michael S. Tsirkin
    CC: Cornelia Huck
    CC: Stefan Hajnoczi
    CC: Herbert Xu
    CC: Halil Pasic
    CC: David S. Miller
    CC: Zeng Xin
    Signed-off-by: Gonglei
    Signed-off-by: Michael S. Tsirkin

    Gonglei