On 10/21/19 10:29 AM, Mark Salter wrote:
> A NULL-pointer dereference was reported in fedora bz#1762199 while
> reshaping a raid6 array after adding a fifth drive to an existing
> array.
>
> [ 47.343549] md/raid:md0: raid level 6 active with 3 out of 5 devices,
> algorithm 2
> [ 47.804017] md
Check early whether device registers can be accessed. Some BIOSes have
a broken security policy that prevents access to the device registers,
and return values from ioread() can be misinterpreted. If a read of
a feature register returns a -1, we may not be able to access
any device register, so rep
If an AMD BIOS makes zero CCP queues available to the driver, the
device is unavailable and therefore can't be activated. When this
happens, report the status but don't report a (non-existent)
failure. The CCP will be unactivated.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev-v5.c |
This pair of patches is intended to clarify the messaging produced by
the CCP driver when known, but non-critical, problems arise. The
precipitating conditions can be determined based on simple, unalarming
messages in the system log.
Changes since V1:
- Change hex designation '0X' to '0x' in ccp
If an AMD BIOS makes zero CCP queues available to the driver, the
device is unavailable and therefore can't be activated. When this
happens, report the status but don't report a (non-existent)
failure. The CCP will be unactivated.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev-v5.c |
Check early whether device registers can be accessed. Some BIOSes have
a broken security policy that prevents access to the device registers,
and return values from ioread() can be misinterpreted. If a read of
a feature register returns a -1, we may not be able to access
any device register, so rep
This pair of patches is intended to clarify the messaging produced
by the CCP driver when known, but non-critical, problems arise. The
precipitating conditions can be determined based on simple, unalarming
messages in the system log.
---
Gary R Hook (2):
crypto: ccp - Change a message to re
On 10/14/19 7:18 AM, Ard Biesheuvel wrote:
> Commit 7a7ffe65c8c5 ("crypto: skcipher - Add top-level skcipher interface")
> dated 20 august 2015 introduced the new skcipher API which is supposed to
> replace both blkcipher and ablkcipher. While all consumers of the API have
> been converted long ago
*ping*
Anyone?
-Original Message-
From: linux-crypto-ow...@vger.kernel.org
On Behalf Of Gary R Hook
Sent: Thursday, August 15, 2019 5:32 PM
To: linux-crypto@vger.kernel.org
Subject: Crypto driver callback problem
Context:
We've run into a possible locking issue when using the AMD CCP d
From: Gary R Hook
If a CCP is unconfigured (e.g. there are no available queues) then
there will be no data structures allocated for the device. Thus, we
must check for validity of a pointer before trying to access structure
members.
Fixes: 720419f01832f ("crypto: ccp - Introduce the AMD Secure P
From: Gary R Hook
Return and fail driver initialization if a DMA pool or coherent memory
can't be allocated. Be sure to clean up allocated memory.
Fixes: 4b394a232df7 ("crypto: ccp - Let a v5 CCP provide the same function as
v3")
Signed-off-by: Gary R Hook
---
Changes since v1:
- Switch to
Return and fail driver initialization if a DMA pool can't be
allocated.
Fixes: 4b394a232df7 ("crypto: ccp - Let a v5 CCP provide the same function as
v3")
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev-v5.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/ccp-d
From: Gary R Hook
A plaintext or ciphertext length of 0 is allowed in AES, in which case
no encryption occurs. Ensure that we don't clean up data structures
that were never allocated.
Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Signed-off-by: Gary R Hook
---
d
From: Gary R Hook
AES GCM encryption allows for authsize values of 4, 8, and 12-16 bytes.
Validate the requested authsize, and retain it to save in the request
context.
Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Signed-off-by: Gary R Hook
---
drivers/crypto/c
From: Gary R Hook
AES GCM input buffers for decryption contain AAD+CTEXT+TAG. Only
decrypt the ciphertext, and use the tag for comparison.
Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-ops.c | 3 +--
1 file c
Additional testing features added to the crypto framework (including fuzzy
probing and variations of the lengths of input parameters such as AAD and
authsize) expose some gaps in robustness and function in the CCP driver.
Address these gaps:
Input text is allowed to be zero bytes in length. In thi
From: Gary R Hook
If there are no CCP devices on the system, ccp-crypto will not load.
Write a message to the system log clarifying the reason for the failure
of the modprobe operation
Signed-off-by: Gary R Hook
---
Changes since v1:
- Add missing signed-off-by
drivers/crypto/ccp/ccp-crypto
If there are no CCP devices on the system, ccp-crypto will not load.
Write a message to the system log clarifying the reason for the failure
of the modprobe operation
---
drivers/crypto/ccp/ccp-crypto-main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/
Redefine pr_fmt so that the module name is prefixed to every
log message produced by the ccp-crypto module
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-crypto.h | 4
1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/ccp/ccp-crypto.h b/drivers/crypto/ccp/ccp-crypto.h
inde
From: Gary R Hook
Add a prefix to any messages logged by the ccp-crypto module, and
add a notice if the module fails to load in the case that no CCPs
are defined.
Gary R Hook (2):
crypto: ccp - Include the module name in system log messages
crypto: ccp - Log an error message when ccp-crypto
The AES GCM function reuses an 'op' data structure, which members
contain values that must be cleared for each (re)use.
This fix resolves a crypto self-test failure:
alg: aead: gcm-aes-ccp encryption test failed (wrong result) on test vector 2,
cfg="two even aligned splits"
Fixes: 36cf515b9bbe (
Add a module parameter to limit the number of queues per CCP. The default
value (nqueues=0) is to set up every available queue on each device.
The count of queues starts from the first one found on the device (which
varies based on the device ID).
Signed-off-by: Gary R Hook
---
drivers/crypto/c
The CCP driver is able to act as a DMA engine. Add a module parameter that
allows this feature to be enabled/disabled.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dmaengine.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/ccp-dmaen
Provide the ability to constrain the total number of enabled devices in
the system. Once max_devs devices have been configured, subsequently
probed devices are ignored.
The max_devs parameter may be zero, in which case all CCPs are disabled.
PSPs are always enabled and active.
Disabling the CCPs
Add a config option to exclude DebugFS support in the CCP driver.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/Kconfig |8
drivers/crypto/ccp/Makefile |4 ++--
drivers/crypto/ccp/ccp-dev-v5.c |4
3 files changed, 14 insertions(+), 2 deletions(-)
diff --gi
Firstly, add a switch to allow/disallow debugfs code to be built into
the CCP driver.
This rest of the patch series implements a set of module parameters
that allows control over which CCPs on a system are enabled by the
driver, and how many queues on each device are activated.
A switch to enable
The AES GCM function reuses an 'op' data structure, which members
contain values that must be cleared for each (re)use.
Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-ops.c | 12 +++-
1 file changed, 11
Add an SPDX identifier and remove any specific statements.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-crypto-aes-cmac.c |5 +
drivers/crypto/ccp/ccp-crypto-aes-galois.c |5 +
drivers/crypto/ccp/ccp-crypto-aes-xts.c|5 +
drivers/crypto/ccp/ccp-crypto-aes.c
The error code read from the queue status register is only 6 bits wide,
but we need to verify its value is within range before indexing the error
messages.
Fixes: 81422badb3907 ("crypto: ccp - Make syslog errors human-readable")
Reported-by: Cfir Cohen
Signed-off-by: Gary R Hook
---
Changes si
The error code read from the queue status register is only 6 bits wide,
but we need to verify its value is within range before indexing the error
messages. Also, fill out the array with all possible entries so that any
unexpected error codes are reported as "unknown".
Fixes: 81422badb3907 ("crypt
Tidy up the formatting/grammar in crypto_engine.rst. Use bulleted lists
where appropriate.
Signed-off-by: Gary R Hook
---
Documentation/crypto/crypto_engine.rst | 111 +---
1 file changed, 73 insertions(+), 38 deletions(-)
diff --git a/Documentation/crypto/crypto_en
Tidy up the crypto documentation by filling in some variable
descriptions, make some grammatical corrections, and enhance
formatting.
Changes since v1:
- Remove patch with superfluous change to index (patch 2)
- Remove unnecessary markup on function names in patch 3
- Un-add extraneous white sp
Fill in missing parameter descriptions for the compression algorithm,
then pick them up to document for the compression_alg structure.
Signed-off-by: Gary R Hook
---
Documentation/crypto/api-skcipher.rst |2 +-
include/linux/crypto.h| 11 +++
2 files changed, 12 ins
Add module parameter pcibus as a read-only variable to the CCP's
debugfs info.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-debugfs.c |1 +
drivers/crypto/ccp/ccp-dev.h |1 +
drivers/crypto/ccp/sp-pci.c | 47 --
3 files changed, 47
Add a module parameter that allows specification of one or more CCPs
based on PCI bus identifiers. The value of the parameter is a comma-
separated list of bus numbers, in no particular order.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c | 58 +
Add a read-only variable to report the value of the parameter
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c |1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index 5b0a9c145c5a..c1c1e05a7c0f 100644
--- a/drivers/crypto/c
The CCP driver is able to act as a DMA engine. Add a module parameter that
allows this feature to be enabled/disabled.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev-v5.c | 11 +++
drivers/crypto/ccp/ccp-dev.h|1 +
drivers/crypto/ccp/sp-pci.c |8
3 f
Provide the ability to constrain the total number of enabled devices in
the system. Once maxdev devices have been configured, additional
devices are ignored.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c | 16
1 file changed, 16 insertions(+)
diff --git a/drivers
Add a read-only debugfs entry for the module parameter 'maxdev'.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c |1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index b81493810689..29177d113c90 100644
--- a/drivers/crypt
Some processors contain multiple CCPs with differing device IDs. Enable
the selection of specific devices based on ID. The parameter value is
a single PCI ID.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/drivers/crypto/c
Add pcidev to the CCP's debugfs information
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/sp-pci.c |1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index b024b92fb749..bcd1e233dce7 100644
--- a/drivers/crypto/ccp/sp-pci.c
+++ b/
Add a module parameter to limit the number of queues per CCP. The default
(nqueues=0) is to set up every available queue on each device.
The count of queues starts from the first one found on the device (which
is based on the device ID).
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-dev
Make module parameters readable in DebugFS.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-debugfs.c |2 ++
drivers/crypto/ccp/sp-pci.c | 22 ++
2 files changed, 24 insertions(+)
diff --git a/drivers/crypto/ccp/ccp-debugfs.c b/drivers/crypto/ccp/ccp-debugfs
Add a config option to exclude DebugFS support in the CCP driver.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/Kconfig |9 +
drivers/crypto/ccp/Makefile |4 ++--
drivers/crypto/ccp/ccp-dev-v5.c |4
3 files changed, 15 insertions(+), 2 deletions(-)
diff --g
Firstly, add a switch to allow/disallow debugfs code to be built
into the CCP driver.
This rest of the patch series implements a set of module parameters
that allow fine-tuned control over which CCPs on a system are enabled
by the driver, and how many queues on each device are activated.
Lastly,
Tidy up the formatting/grammar in crypto_engine.rst. Use lists where
appropriate.
Signed-off-by: Gary R Hook
---
Documentation/crypto/crypto_engine.rst | 120 ++--
1 file changed, 82 insertions(+), 38 deletions(-)
diff --git a/Documentation/crypto/crypto_engine.rst
Fill in missing parameter descriptions for the ompression algorithm,
then pick them up to document for the compression_alg structure.
Signed-off-by: Gary R Hook
---
Documentation/crypto/api-skcipher.rst |2 +-
include/linux/crypto.h| 11 +++
2 files changed, 12 inse
Add a reference to the crypto engine documentation to
the index.
Signed-off-by: Gary R Hook
---
Documentation/crypto/index.rst |1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/crypto/index.rst b/Documentation/crypto/index.rst
index c4ff5d791233..37cd7fb0ea82 100644
--- a/Docu
Tidy up the crypto documentation by filling in some variable
descriptions, make some grammatical corrections, and enhance
formatting.
---
Gary R Hook (3):
crypto: doc - Add parameter documentation
crypto: doc - Describe the crypto engine
crypto: doc - Fix formatting of new crypt
Updated testmgr will exhibit this error message when loading the
ccp-crypto module:
alg: skcipher: cfb-aes-ccp encryption failed with err -22 on test vector 3,
cfg="in-place"
Update the CCP crypto driver to correctly treat CFB as a streaming mode
cipher (instead of block mode). Update the config
CFB mode should be treated as a stream cipher, not block.
Fixes: 63b945091a07 ('crypto: ccp - CCP device driver and interface support')
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-ops.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccp/ccp
Crypto self-tests reveal an error:
alg: skcipher: cbc-des3-ccp encryption test failed (wrong output IV) on test
vector 0, cfg="in-place"
The offset value should not be recomputed when retrieving the context.
Also, a code path exists which makes decisions based on older (version 3)
hardware; a v3
On 1/30/19 2:57 PM, Singh, Brijesh wrote:
> A kexec reboot may leave the firmware in INIT or WORKING state.
> Currently, we issue PLATFORM_INIT command during the probe without
> checking the current state. The PLATFORM_INIT command fails if the
> FW is already in INIT state. Lets check the current
Correct copyright dates for files that have had code added
to them in 2018.
Signed-off-by: Gary R Hook
---
drivers/crypto/ccp/ccp-crypto-aes-cmac.c |2 +-
drivers/crypto/ccp/ccp-crypto-sha.c |2 +-
drivers/crypto/ccp/ccp-ops.c |2 +-
drivers/crypto/ccp/psp-dev.c
On 3/2/2018 5:15 PM, Maciej S. Szmigiero wrote:
On 02.03.2018 17:44, Herbert Xu wrote:
On Sat, Feb 24, 2018 at 05:03:21PM +0100, Maciej S. Szmigiero wrote:
rsa-pkcs1pad uses a value returned from a RSA implementation max_size
callback as a size of an input buffer passed to the RSA implementatio
On 2/23/2018 5:33 PM, Sebastian Andrzej Siewior wrote:
I don't why we need take a single write lock and disable interrupts
while setting up debugfs. This is what what happens when we try anyway:
There is more than one CCP on some processors. The lock is intended to
serialize attempts to initial
On 2/15/2018 2:34 PM, Brijesh Singh wrote:
Fix sparse warning: Using plain integer as NULL pointer. Replaces
assignment of 0 to pointer with NULL assignment.
Fixes: 200664d5237f (Add Secure Encrypted Virtualization ...)
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Signed
On 2/15/2018 2:34 PM, Brijesh Singh wrote:
Commit 1d57b17c60ff ("crypto: ccp: Define SEV userspace ioctl and command
id") added the invalid length enum but we missed capitalizing it.
Fixes: 1d57b17c60ff (crypto: ccp: Define SEV userspace ioctl ...)
Cc: Herbert Xu
Cc: Borislav Petkov
Cc: Tom Le
On 10/17/2016 10:08 AM, Wei Yongjun wrote:
> From: Wei Yongjun
>
> Fixes the following sparse warning:
>
> drivers/crypto/ccp/ccp-dev.c:44:6: warning:
> symbol 'ccp_error_codes' was not declared. Should it be static?
>
> Signed-off-by: Wei Yongjun
> ---
> drivers/crypto/ccp/ccp-dev.c | 2 +-
>
59 matches
Mail list logo
