On 07/04/21 00:49, Sean Christopherson wrote:
For commands with small input/output buffers, use the local stack to
"allocate" the structures used to communicate with the PSP. Now that
__sev_do_cmd_locked() gracefully handles vmalloc'd buffers, there's no
reason to avoid using the stack, e.g. CO
On 07/04/21 07:20, Christophe Leroy wrote:
+ struct sev_data_init data;
struct sev_data_init data = {0, 0, 0, 0};
Having to count the number of items is suboptimal. The alternative
could be {} (which however is technically not standard C), {0} (a bit
mysterious, but it works) and memse
On 07/04/21 19:34, Borislav Petkov wrote:
On Wed, Apr 07, 2021 at 05:05:07PM +, Sean Christopherson wrote:
I used memset() to defer initialization until after the various sanity
checks,
I'd actually vote for that too - I don't like doing stuff which is not
going to be used. I.e., don't cha
On 07/04/21 00:49, Sean Christopherson wrote:
This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
command buffers by copying _all_ incoming data pointers to an internal
buffer before sending the command to the PSP. The SEV driver and KVM are
then converted to use the stack f
Enable support for AEAD algorithms in Qualcomm CE driver. The first three
patches in this series are cleanups and add a few missing pieces required
to add support for AEAD algorithms. Patch 4 introduces supported AEAD
transformations on Qualcomm CE. Patches 5 and 6 implements the h/w
infrastruct
MAC_FAILED gets set in the status register if authenthication fails
for ccm algorithms(during decryption). Add support to catch and flag
this error.
Signed-off-by: Thara Gopinath
---
v1->v2:
- Split the error checking for -ENXIO and -EBADMSG into if-else clause
so that the code
Qualcomm crypto engine allows for IV registers and status register
to be concatenated to the output. This option is enabled by setting the
RESULTS_DUMP field in GOPROC register. This is useful for most of the
algorithms to either retrieve status of operation or in case of
authentication algorithms
Remove various redundant checks in qce_auth_cfg. Also allow qce_auth_cfg
to take auth_size as a parameter which is a required setting for ccm(aes)
algorithms
Signed-off-by: Thara Gopinath
---
drivers/crypto/qce/common.c | 21 +
1 file changed, 9 insertions(+), 12 deletions(-)
Introduce support to enable following algorithms in Qualcomm Crypto Engine.
- authenc(hmac(sha1),cbc(des))
- authenc(hmac(sha1),cbc(des3_ede))
- authenc(hmac(sha256),cbc(des))
- authenc(hmac(sha256),cbc(des3_ede))
- authenc(hmac(sha256),cbc(aes))
- ccm(aes)
- rfc4309(ccm(aes))
Signed-off-by: Thar
Add register programming sequence for enabling AEAD
algorithms on the Qualcomm crypto engine.
Signed-off-by: Thara Gopinath
---
v1->v2:
- Minor fixes like removing not needed initializing of variables
and using bool values in lieu of 0 and 1 as pointed out by Bjorn.
- I
Qualcomm crypto engine does not handle the following scenarios and
will issue an abort. In such cases, pass on the transformation to
a fallback algorithm.
- DES3 algorithms with all three keys same.
- AES192 algorithms.
- 0 length messages.
Signed-off-by: Thara Gopinath
---
v1->v2:
- Up
rf4309 is the specification that uses aes ccm algorithms with IPsec
security packets. Add a submode to identify rfc4309 ccm(aes) algorithm
in the crypto driver.
Signed-off-by: Thara Gopinath
---
v1->v2:
- Moved up the QCE_ENCRYPT AND QCE_DECRYPT bit positions so that
addition o
On 4/13/21 7:09 PM, Bjorn Andersson wrote:
On Tue 13 Apr 17:44 CDT 2021, Thara Gopinath wrote:
[..]
Yes, given that you just typecast things as you do it should just work
to move the typecast to the qce_cpu_to_be32p_array().
But as I said, this would indicate that what is cpu_to_be32() s
submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url:
https://github.com/0day-ci/linux/commits/Thara-Gopinath/Add-support-for-AEAD-algorithms-in-Qualcomm-Crypto-Engine-driver/20210417-212646
base:
https://git.kernel.org/pub
This patch series enables VAS / NX-GZIP on powerVM which allows
the user space to do copy/paste with the same existing interface
that is available on powerNV.
VAS Enablement:
- Get all VAS capabilities using H_QUERY_VAS_CAPABILITIES that are
available in the hypervisor. These capabilities tell
powerNV and pseries drivers register / unregister to the corresponding
VAS code separately. So rename powerNV VAS API register/unregister
functions.
Signed-off-by: Haren Myneni
---
arch/powerpc/include/asm/vas.h | 6 +++---
arch/powerpc/platforms/powernv/vas-api.c | 10 +-
d
Using the same /dev/crypto/nx-gzip interface for both powerNV and
pseries. So this patch creates platforms/book3s/ and moves VAS API
to that directory. The actual functionality is not changed.
Common interface functions such as open, window open ioctl, mmap
and close are moved to arch/powerpc/pl
NX issues an interrupt when sees fault on user space buffer. The
kernel processes the fault by updating CSB. This functionality is
same for both powerNV and pseries. So this patch moves these
functions to common vas-api.c and the actual functionality is not
changed.
Signed-off-by: Haren Myneni
Take task reference when each window opens and drops during close.
This functionality is needed for powerNV and pseries. So this patch
defines the existing code as functions in common book3s platform
vas-api.c
Signed-off-by: Haren Myneni
---
arch/powerpc/include/asm/vas.h | 20 +++
This patch adds HCALLs and other definitions. Also define structs
that are used in VAS implementation on powerVM.
Signed-off-by: Haren Myneni
---
arch/powerpc/include/asm/hvcall.h| 7 ++
arch/powerpc/include/asm/vas.h | 28
arch/powerpc/platforms/pseries/vas.h | 96
pHyp introduces two different type of credits: Default and Quality
of service (QoS).
The total number of default credits available on each LPAR depends
on CPU resources configured. But these credits can be shared or
over-committed across LPARs in shared mode which can result in
paste command fai
This patch adds the following HCALLs which are used to allocate,
modify and deallocate VAS windows.
H_ALLOCATE_VAS_WINDOW: Allocate VAS window
H_DEALLOCATE_VAS_WINDOW: Close VAS window
H_MODIFY_VAS_WINDOW: Setup window before using
Also adds phyp call (H_QUERY_VAS_CAPABILITIES) to get all VAS
c
pHyp provides various VAS capabilities such as GZIP default and QoS
capabilities which are used to determine total number of credits
available in LPAR, maximum window credits, maximum LPAR credits,
whether usermode copy/paste is supported, and etc.
So first retrieve overall vas capabilities usin
This patch adds VAS window allocatioa/close with the corresponding
HCALLs. Also changes to integrate with the existing user space VAS
API and provide register/unregister functions to NX pseries driver.
The driver register function is used to create the user space
interface (/dev/crypto/nx-gzip)
When NX sees a fault on the user space buffer, generates a fault
interrupt and pHyp forwards that interrupt to OS. Then the kernel
makes H_GET_NX_FAULT HCALL to retrieve the fault CRB information.
This patch adds changes to setup IRQ per each window and handles
fault by updating CSB.
Signed-off
pHyp provides GZIP default and GZIP QoS capabilities which gives
the total number of credits are available in LPAR. This patch
creates sysfs entries and exports LPAR credits, the currently used
and the available credits for each feature.
/sys/kernel/vas/VasCaps/VDefGzip: (default GZIP capabiliti
Rename nx-842-pseries.c to nx-common-pseries.c to add code for new
GZIP compression type. The actual functionality is not changed in
this patch.
Signed-off-by: Haren Myneni
---
drivers/crypto/nx/Makefile | 2 +-
drivers/crypto/nx/{nx-842-pseries.c => nx-common-
Changes to create /dev/crypto/nx-gzip interface with VAS register
and to remove this interface with VAS unregister.
Signed-off-by: Haren Myneni
---
drivers/crypto/nx/Kconfig | 1 +
drivers/crypto/nx/nx-common-pseries.c | 9 +
2 files changed, 10 insertions(+)
diff --git a/
phyp provides NX capabilities which gives recommended minimum
compression / decompression length and maximum request buffer size
in bytes.
Changes to get NX overall capabilities which points to the specific
features phyp supports. Then retrieve NXGZIP specific capabilities.
Signed-off-by: Haren
Changes to export the following NXGZIP capabilities through sysfs:
/sys/devices/vio/ibm,compression-v1/NxGzCaps:
min_compress_len /*Recommended minimum compress length in bytes*/
min_decompress_len /*Recommended minimum decompress length in bytes*/
req_max_processed_len /* Maximum number of byt
All 5 CAMELLIA crypto driver Kconfig symbols have a duplicate
"depends on CRYPTO" line but they are inside an
"if CRYPTO"/"endif # if CRYPTO" block, so drop the duplicate "depends"
lines.
These 5 symbols still depend on CRYPTO.
Fixes: 584fffc8b196 ("[CRYPTO] kconfig: Ordering cleanup")
Fixes: 0b9
32 matches
Mail list logo
