06 Feb, 2016
3 commits
-
The async path cannot use MAY_BACKLOG because it is not meant to
block, which is what MAY_BACKLOG does. On the other hand, both
the sync and async paths can make use of MAY_SLEEP.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
Any access to non-constant bits of the private context must be
done under the socket lock, in particular, this includes ctx->req.This patch moves such accesses under the lock, and fetches the
tfm from the parent socket which is guaranteed to be constant,
rather than from ctx->req.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
The async path in algif_skcipher assumes that the crypto completion
function will be called with the original request. This is not
necessarily the case. In fact there is no need for this anyway
since we already embed information into the request with struct
skcipher_async_req.This patch adds a pointer to that struct and then passes it as
the data to the callback function.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
Tested-by: Tadeusz Struk
23 Jan, 2016
1 commit
-
Pull crypto fixes from Herbert Xu:
"This fixes the following issues:API:
- A large number of bug fixes for the af_alg interface, credit goes
to Dmitry Vyukov for discovering and reporting these issues.Algorithms:
- sw842 needs to select crc32.
- The soft dependency on crc32c is now in the correct spot.Drivers:
- The atmel AES driver needs HAS_DMA.
- The atmel AES driver was a missing break statement, fortunately
it's only a debug function.
- A number of bug fixes for the Intel qat driver"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (24 commits)
crypto: algif_skcipher - sendmsg SG marking is off by one
crypto: crc32c - Fix crc32c soft dependency
crypto: algif_skcipher - Load TX SG list after waiting
crypto: atmel-aes - Add missing break to atmel_aes_reg_name
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_hash - Fix race condition in hash_check_key
crypto: CRYPTO_DEV_ATMEL_AES should depend on HAS_DMA
lib: sw842: select crc32
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_skcipher - Remove custom release parent function
crypto: algif_hash - Remove custom release parent function
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
crypto: qat - update init_esram for C3xxx dev type
crypto: qat - fix timeout issues
crypto: qat - remove to call get_sram_bar_id for qat_c3xxx
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_hash - Require setkey before accept(2)
crypto: hash - Add crypto_ahash_has_setkey
crypto: algif_skcipher - Add nokey compatibility path
...
20 Jan, 2016
1 commit
-
We mark the end of the SG list in sendmsg and sendpage and unmark
it on the next send call. Unfortunately the unmarking in sendmsg
is off-by-one, leading to an SG list that is too short.Fixes: 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
19 Jan, 2016
1 commit
-
We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov
18 Jan, 2016
5 commits
-
We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu -
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov
Signed-off-by: Herbert Xu
Tested-by: Dmitry Vyukov
13 Jan, 2016
2 commits
-
Pull networking updates from Davic Miller:
1) Support busy polling generically, for all NAPI drivers. From Eric
Dumazet.2) Add byte/packet counter support to nft_ct, from Floriani Westphal.
3) Add RSS/XPS support to mvneta driver, from Gregory Clement.
4) Implement IPV6_HDRINCL socket option for raw sockets, from Hannes
Frederic Sowa.5) Add support for T6 adapter to cxgb4 driver, from Hariprasad Shenai.
6) Add support for VLAN device bridging to mlxsw switch driver, from
Ido Schimmel.7) Add driver for Netronome NFP4000/NFP6000, from Jakub Kicinski.
8) Provide hwmon interface to mlxsw switch driver, from Jiri Pirko.
9) Reorganize wireless drivers into per-vendor directories just like we
do for ethernet drivers. From Kalle Valo.10) Provide a way for administrators "destroy" connected sockets via the
SOCK_DESTROY socket netlink diag operation. From Lorenzo Colitti.11) Add support to add/remove multicast routes via netlink, from Nikolay
Aleksandrov.12) Make TCP keepalive settings per-namespace, from Nikolay Borisov.
13) Add forwarding and packet duplication facilities to nf_tables, from
Pablo Neira Ayuso.14) Dead route support in MPLS, from Roopa Prabhu.
15) TSO support for thunderx chips, from Sunil Goutham.
16) Add driver for IBM's System i/p VNIC protocol, from Thomas Falcon.
17) Rationalize, consolidate, and more completely document the checksum
offloading facilities in the networking stack. From Tom Herbert.18) Support aborting an ongoing scan in mac80211/cfg80211, from
Vidyullatha Kanchanapally.19) Use per-bucket spinlock for bpf hash facility, from Tom Leiming.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1375 commits)
net: bnxt: always return values from _bnxt_get_max_rings
net: bpf: reject invalid shifts
phonet: properly unshare skbs in phonet_rcv()
dwc_eth_qos: Fix dma address for multi-fragment skbs
phy: remove an unneeded condition
mdio: remove an unneed condition
mdio_bus: NULL dereference on allocation error
net: Fix typo in netdev_intersect_features
net: freescale: mac-fec: Fix build error from phy_device API change
net: freescale: ucc_geth: Fix build error from phy_device API change
bonding: Prevent IPv6 link local address on enslaved devices
IB/mlx5: Add flow steering support
net/mlx5_core: Export flow steering API
net/mlx5_core: Make ipv4/ipv6 location more clear
net/mlx5_core: Enable flow steering support for the IB driver
net/mlx5_core: Initialize namespaces only when supported by device
net/mlx5_core: Set priority attributes
net/mlx5_core: Connect flow tables
net/mlx5_core: Introduce modify flow table command
net/mlx5_core: Managing root flow table
... -
Pull crypto update from Herbert Xu:
"Algorithms:
- Add RSA padding algorithmDrivers:
- Add GCM mode support to atmel
- Add atmel support for SAMA5D2 devices
- Add cipher modes to talitos
- Add rockchip driver for rk3288
- Add qat support for C3XXX and C62X"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (103 commits)
crypto: hifn_795x, picoxcell - use ablkcipher_request_cast
crypto: qat - fix SKU definiftion for c3xxx dev
crypto: qat - Fix random config build issue
crypto: ccp - use to_pci_dev and to_platform_device
crypto: qat - Rename dh895xcc mmp firmware
crypto: 842 - remove WARN inside printk
crypto: atmel-aes - add debug facilities to monitor register accesses.
crypto: atmel-aes - add support to GCM mode
crypto: atmel-aes - change the DMA threshold
crypto: atmel-aes - fix the counter overflow in CTR mode
crypto: atmel-aes - fix atmel-ctr-aes driver for RFC 3686
crypto: atmel-aes - create sections to regroup functions by usage
crypto: atmel-aes - fix typo and indentation
crypto: atmel-aes - use SIZE_IN_WORDS() helper macro
crypto: atmel-aes - improve performances of data transfer
crypto: atmel-aes - fix atmel_aes_remove()
crypto: atmel-aes - remove useless AES_FLAGS_DMA flag
crypto: atmel-aes - reduce latency of DMA completion
crypto: atmel-aes - remove unused 'err' member of struct atmel_aes_dev
crypto: atmel-aes - rework crypto request completion
...
01 Jan, 2016
1 commit
29 Dec, 2015
1 commit
-
Pull crypto fix from Herbert Xu:
"This fixes a bug in the algif_skcipher interface that can trigger a
kernel WARN_ON from user-space. It does so by using the new skcipher
interface which unlike the previous ablkcipher does not need to create
extra geniv objects which is what was used to trigger the WARN_ON"* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_skcipher - Use new skcipher interface
22 Dec, 2015
1 commit
-
This patch replaces uses of ablkcipher with the new skcipher
interface.Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu
Tested-by:
04 Dec, 2015
1 commit
-
Conflicts:
drivers/net/ethernet/renesas/ravb_main.c
kernel/bpf/syscall.c
net/ipv4/ipmr.cAll three conflicts were cases of overlapping changes.
Signed-off-by: David S. Miller
02 Dec, 2015
1 commit
-
This patch is a cleanup to make following patch easier to
review.Goal is to move SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA
from (struct socket)->flags to a (struct socket_wq)->flags
to benefit from RCU protection in sock_wake_async()To ease backports, we rename both constants.
Two new helpers, sk_set_bit(int nr, struct sock *sk)
and sk_clear_bit(int net, struct sock *sk) are added so that
following patch can change their implementation.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
01 Dec, 2015
1 commit
-
The memory barrier in the helper wq_has_sleeper is needed by just
about every user of waitqueue_active. This patch generalises it
by making it take a wait_queue_head_t directly. The existing
helper is renamed to skwq_has_sleeper.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
17 Nov, 2015
1 commit
-
Some variable are set as int but store only positive values.
Furthermore there are used in operation/function that wait for unsigned
value.
This patch set them as size_t.Signed-off-by: LABBE Corentin
Signed-off-by: Herbert Xu
17 Aug, 2015
1 commit
-
Signed-off-by: Dan Williams
[hch: split from a larger patch by Dan]
Signed-off-by: Christoph Hellwig
Acked-by: Herbert Xu
Signed-off-by: Jens Axboe
12 Apr, 2015
1 commit
-
convert open-coded instances
Signed-off-by: Al Viro
09 Apr, 2015
1 commit
-
trivial conflict in net/socket.c and non-trivial one in crypto -
that one had evaded aio_complete() removal.Signed-off-by: Al Viro
02 Apr, 2015
2 commits
-
After the TX sgl is expanded we need to explicitly mark end of data
at the last buffer that contains data.Changes in v2
- use type 'bool' and true/false for 'mark'.Signed-off-by: Tadeusz Struk
Signed-off-by: David S. Miller -
No need to use kzalloc to allocate sgls as the structure is initialized anyway.
Signed-off-by: Tadeusz Struk
Signed-off-by: David S. Miller
25 Mar, 2015
1 commit
-
Change type from unsigned long to int to fix an issue reported by kbuild robot:
crypto/algif_skcipher.c:596 skcipher_recvmsg_async() warn: unsigned 'used' is
never less than zero.Signed-off-by: Tadeusz Struk
Signed-off-by: David S. Miller
24 Mar, 2015
1 commit
-
The way the algif_skcipher works currently is that on sendmsg/sendpage it
builds an sgl for the input data and then on read/recvmsg it sends the job
for encryption putting the user to sleep till the data is processed.
This way it can only handle one job at a given time.
This patch changes it to be asynchronous by adding AIO support.Signed-off-by: Tadeusz Struk
Signed-off-by: David S. Miller
03 Mar, 2015
1 commit
-
After TIPC doesn't depend on iocb argument in its internal
implementations of sendmsg() and recvmsg() hooks defined in proto
structure, no any user is using iocb argument in them at all now.
Then we can drop the redundant iocb argument completely from kinds of
implementations of both sendmsg() and recvmsg() in the entire
networking stack.Cc: Christoph Hellwig
Suggested-by: Al Viro
Signed-off-by: Ying Xue
Signed-off-by: David S. Miller
15 Feb, 2015
1 commit
-
Pull crypto update from Herbert Xu:
"Here is the crypto update for 3.20:- Added 192/256-bit key support to aesni GCM.
- Added MIPS OCTEON MD5 support.
- Fixed hwrng starvation and race conditions.
- Added note that memzero_explicit is not a subsitute for memset.
- Added user-space interface for crypto_rng.
- Misc fixes"* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits)
crypto: tcrypt - do not allocate iv on stack for aead speed tests
crypto: testmgr - limit IV copy length in aead tests
crypto: tcrypt - fix buflen reminder calculation
crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed
crypto: caam - fix resource clean-up on error path for caam_jr_init
crypto: caam - pair irq map and dispose in the same function
crypto: ccp - terminate ccp_support array with empty element
crypto: caam - remove unused local variable
crypto: caam - remove dead code
crypto: caam - don't emit ICV check failures to dmesg
hwrng: virtio - drop extra empty line
crypto: replace scatterwalk_sg_next with sg_next
crypto: atmel - Free memory in error path
crypto: doc - remove colons in comments
crypto: seqiv - Ensure that IV size is at least 8 bytes
crypto: cts - Weed out non-CBC algorithms
MAINTAINERS: add linux-crypto to hw random
crypto: cts - Remove bogus use of seqiv
crypto: qat - don't need qat_auth_state struct
crypto: algif_rng - fix sparse non static symbol warning
...
11 Feb, 2015
1 commit
-
Commit 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter")
broke af_alg_make_sg() and skcipher_recvmsg() in the process of moving
them to the iov_iter interfaces. The 'npages' calculation in the formar
calculated the number of *bytes* in the pages, and in the latter case
the conversion didn't re-read the value of 'ctx->used' after waiting for
it to become non-zero.This reverts to the original code for both these cases.
Cc: Al Viro
Cc: David Miller
Signed-off-by: Linus Torvalds
04 Feb, 2015
1 commit
-
With that, all ->sendmsg() instances are converted to iov_iter primitives
and are agnostic wrt the kind of iov_iter they are working with.
So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet.
All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually
copied and none of them modifies the underlying iovec, etc.Cc: linux-crypto@vger.kernel.org
Signed-off-by: Al Viro
22 Dec, 2014
1 commit
-
algif_skcipher sends 127 sgl buffers for encryption regardless of how
many buffers acctually have data to process, where the few first with
valid len and the rest with zero len. This is not very eficient.
This patch marks the last one with data as the last one to process.Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
14 Dec, 2014
1 commit
-
Pull crypto update from Herbert Xu:
- The crypto API is now documented :)
- Disallow arbitrary module loading through crypto API.
- Allow get request with empty driver name through crypto_user.
- Allow speed testing of arbitrary hash functions.
- Add caam support for ctr(aes), gcm(aes) and their derivatives.
- nx now supports concurrent hashing properly.
- Add sahara support for SHA1/256.
- Add ARM64 version of CRC32.
- Misc fixes.* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
crypto: tcrypt - Allow speed testing of arbitrary hash functions
crypto: af_alg - add user space interface for AEAD
crypto: qat - fix problem with coalescing enable logic
crypto: sahara - add support for SHA1/256
crypto: sahara - replace tasklets with kthread
crypto: sahara - add support for i.MX53
crypto: sahara - fix spinlock initialization
crypto: arm - replace memset by memzero_explicit
crypto: powerpc - replace memset by memzero_explicit
crypto: sha - replace memset by memzero_explicit
crypto: sparc - replace memset by memzero_explicit
crypto: algif_skcipher - initialize upon init request
crypto: algif_skcipher - removed unneeded code
crypto: algif_skcipher - Fixed blocking recvmsg
crypto: drbg - use memzero_explicit() for clearing sensitive data
crypto: drbg - use MODULE_ALIAS_CRYPTO
crypto: include crypto- module prefix in template
crypto: user - add MODULE_ALIAS
crypto: sha-mb - remove a bogus NULL check
crytpo: qat - Fix 64 bytes requests
...
10 Dec, 2014
1 commit
-
Note that the code _using_ ->msg_iter at that point will be very
unhappy with anything other than unshifted iovec-backed iov_iter.
We still need to convert users to proper primitives.Signed-off-by: Al Viro
02 Dec, 2014
1 commit
-
When using the algif_skcipher, the following call sequence causess a
re-initialization:1. sendmsg with ALG_SET_OP and iov == NULL, iovlen == 0 (i.e
initializing the cipher, but not sending data)2. sendmsg with msg->msg-controllen == 0 and iov != NULL (using the initalized
cipher handle by sending data)In step 2, the cipher operation type (encryption or decryption) is reset
to always decryption, because the local variable of enc is put into
ctx->enc as ctx->user is still zero.The same applies when all send data is processed and ctx->used falls to
zero followed by user space to send new data.This patch changes the behavior to only reset the cipher operation type
(and the IV) if such configuration request is received.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
01 Dec, 2014
1 commit
-
Remover unneeded code.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
28 Nov, 2014
1 commit
-
As most (all?) users of algif_skcipher are single-threaded and
therefore always write before reading from an algif_skcipher
socket, they never block and exercise that code-path.It turns out that code path doesn't even work because we never
reload ctx->used after waking up so we never even see the new
data and immediately return an error (and a loud WARN_ON).This patch fixes this by always reloading ctx->used.
Reported-by: Stephan Mueller
Signed-off-by: Herbert Xu
Acked-by: Stephan Mueller
25 Nov, 2014
1 commit
-
Commit e1bd95bf7c25 ("crypto: algif - zeroize IV buffer") and
2a6af25befd0 ("crypto: algif - zeroize message digest buffer")
added memzero_explicit() calls on buffers that are later on
passed back to sock_kfree_s().This is a discussed follow-up that, instead, extends the sock
API and adds sock_kzfree_s(), which internally uses kzfree()
instead of kfree() for passing the buffers back to slab.Having sock_kzfree_s() allows to keep the changes more minimal
by just having a drop-in replacement instead of adding
memzero_explicit() calls everywhere before sock_kfree_s().In kzfree(), the compiler is not allowed to optimize the memset()
away and thus there's no need for memzero_explicit(). Both,
sock_kfree_s() and sock_kzfree_s() are wrappers for
__sock_kfree_s() and call into kfree() resp. kzfree(); here,
__sock_kfree_s() needs to be explicitly inlined as we want the
compiler to optimize the call and condition away and thus it
produces e.g. on x86_64 the _same_ assembler output for
sock_kfree_s() before and after, and thus also allows for
avoiding code duplication.Cc: David S. Miller
Signed-off-by: Daniel Borkmann
Signed-off-by: Herbert Xu
24 Nov, 2014
1 commit
-
Signed-off-by: Al Viro
12 Nov, 2014
1 commit
-
Zeroize the buffer holding the IV used for the completed
cipher operation before the buffer is released by the
skcipher AF_ALG interface handler.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu