--- /dev/null
+From 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:10 +0000
+Subject: crypto: talitos - check AES key size
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 1ba34e71e9e56ac29a52e0d42b6290f3dc5bfd90 upstream.
+
+Although the HW accepts any size and silently truncates
+it to the correct length, the extra tests expects EINVAL
+to be returned when the key size is not valid.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1591,6 +1591,18 @@ static int ablkcipher_des3_setkey(struct
+ return ablkcipher_setkey(cipher, key, keylen);
+ }
+
++static int ablkcipher_aes_setkey(struct crypto_ablkcipher *cipher,
++ const u8 *key, unsigned int keylen)
++{
++ if (keylen == AES_KEYSIZE_128 || keylen == AES_KEYSIZE_192 ||
++ keylen == AES_KEYSIZE_256)
++ return ablkcipher_setkey(cipher, key, keylen);
++
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
++
++ return -EINVAL;
++}
++
+ static void common_nonsnoop_unmap(struct device *dev,
+ struct talitos_edesc *edesc,
+ struct ablkcipher_request *areq)
+@@ -2752,6 +2764,7 @@ static struct talitos_alg_template drive
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
++ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
+@@ -2768,6 +2781,7 @@ static struct talitos_alg_template drive
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
++ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
+@@ -2785,6 +2799,7 @@ static struct talitos_alg_template drive
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+ .ivsize = AES_BLOCK_SIZE,
++ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+ .desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP |
--- /dev/null
+From ee483d32ee1a1a7f7d7e918fbc350c790a5af64a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:12 +0000
+Subject: crypto: talitos - check data blocksize in ablkcipher.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit ee483d32ee1a1a7f7d7e918fbc350c790a5af64a upstream.
+
+When data size is not a multiple of the alg's block size,
+the SEC generates an error interrupt and dumps the registers.
+And for NULL size, the SEC does just nothing and the interrupt
+is awaited forever.
+
+This patch ensures the data size is correct before submitting
+the request to the SEC engine.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 4de9d0b547b9 ("crypto: talitos - Add ablkcipher algorithms")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1725,6 +1725,14 @@ static int ablkcipher_encrypt(struct abl
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+ struct talitos_edesc *edesc;
++ unsigned int blocksize =
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++ if (!areq->nbytes)
++ return 0;
++
++ if (areq->nbytes % blocksize)
++ return -EINVAL;
+
+ /* allocate extended descriptor */
+ edesc = ablkcipher_edesc_alloc(areq, true);
+@@ -1742,6 +1750,14 @@ static int ablkcipher_decrypt(struct abl
+ struct crypto_ablkcipher *cipher = crypto_ablkcipher_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+ struct talitos_edesc *edesc;
++ unsigned int blocksize =
++ crypto_tfm_alg_blocksize(crypto_ablkcipher_tfm(cipher));
++
++ if (!areq->nbytes)
++ return 0;
++
++ if (areq->nbytes % blocksize)
++ return -EINVAL;
+
+ /* allocate extended descriptor */
+ edesc = ablkcipher_edesc_alloc(areq, false);
--- /dev/null
+From 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:14 +0000
+Subject: crypto: talitos - Do not modify req->cryptlen on decryption.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 7ede4c36cf7c6516986ee9d75b197c8bf73ea96f upstream.
+
+For decrypt, req->cryptlen includes the size of the authentication
+part while all functions of the driver expect cryptlen to be
+the size of the encrypted data.
+
+As it is not expected to change req->cryptlen, this patch
+implements local calculation of cryptlen.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 9c4a79653b35 ("crypto: talitos - Freescale integrated security engine (SEC) driver")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -994,11 +994,13 @@ static void talitos_sg_unmap(struct devi
+
+ static void ipsec_esp_unmap(struct device *dev,
+ struct talitos_edesc *edesc,
+- struct aead_request *areq)
++ struct aead_request *areq, bool encrypt)
+ {
+ struct crypto_aead *aead = crypto_aead_reqtfm(areq);
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead);
+ unsigned int ivsize = crypto_aead_ivsize(aead);
++ unsigned int authsize = crypto_aead_authsize(aead);
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+ bool is_ipsec_esp = edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP;
+ struct talitos_ptr *civ_ptr = &edesc->desc.ptr[is_ipsec_esp ? 2 : 3];
+
+@@ -1007,7 +1009,7 @@ static void ipsec_esp_unmap(struct devic
+ DMA_FROM_DEVICE);
+ unmap_single_talitos_ptr(dev, civ_ptr, DMA_TO_DEVICE);
+
+- talitos_sg_unmap(dev, edesc, areq->src, areq->dst, areq->cryptlen,
++ talitos_sg_unmap(dev, edesc, areq->src, areq->dst, cryptlen,
+ areq->assoclen);
+
+ if (edesc->dma_len)
+@@ -1018,7 +1020,7 @@ static void ipsec_esp_unmap(struct devic
+ unsigned int dst_nents = edesc->dst_nents ? : 1;
+
+ sg_pcopy_to_buffer(areq->dst, dst_nents, ctx->iv, ivsize,
+- areq->assoclen + areq->cryptlen - ivsize);
++ areq->assoclen + cryptlen - ivsize);
+ }
+ }
+
+@@ -1040,7 +1042,7 @@ static void ipsec_esp_encrypt_done(struc
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, areq);
++ ipsec_esp_unmap(dev, edesc, areq, true);
+
+ /* copy the generated ICV to dst */
+ if (edesc->icv_ool) {
+@@ -1074,7 +1076,7 @@ static void ipsec_esp_decrypt_swauth_don
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, req);
++ ipsec_esp_unmap(dev, edesc, req, false);
+
+ if (!err) {
+ char icvdata[SHA512_DIGEST_SIZE];
+@@ -1120,7 +1122,7 @@ static void ipsec_esp_decrypt_hwauth_don
+
+ edesc = container_of(desc, struct talitos_edesc, desc);
+
+- ipsec_esp_unmap(dev, edesc, req);
++ ipsec_esp_unmap(dev, edesc, req, false);
+
+ /* check ICV auth status */
+ if (!err && ((desc->hdr_lo & DESC_HDR_LO_ICCR1_MASK) !=
+@@ -1223,6 +1225,7 @@ static int talitos_sg_map(struct device
+ * fill in and submit ipsec_esp descriptor
+ */
+ static int ipsec_esp(struct talitos_edesc *edesc, struct aead_request *areq,
++ bool encrypt,
+ void (*callback)(struct device *dev,
+ struct talitos_desc *desc,
+ void *context, int error))
+@@ -1232,7 +1235,7 @@ static int ipsec_esp(struct talitos_edes
+ struct talitos_ctx *ctx = crypto_aead_ctx(aead);
+ struct device *dev = ctx->dev;
+ struct talitos_desc *desc = &edesc->desc;
+- unsigned int cryptlen = areq->cryptlen;
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+ unsigned int ivsize = crypto_aead_ivsize(aead);
+ int tbl_off = 0;
+ int sg_count, ret;
+@@ -1359,7 +1362,7 @@ static int ipsec_esp(struct talitos_edes
+
+ ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
+ if (ret != -EINPROGRESS) {
+- ipsec_esp_unmap(dev, edesc, areq);
++ ipsec_esp_unmap(dev, edesc, areq, encrypt);
+ kfree(edesc);
+ }
+ return ret;
+@@ -1473,9 +1476,10 @@ static struct talitos_edesc *aead_edesc_
+ unsigned int authsize = crypto_aead_authsize(authenc);
+ struct talitos_ctx *ctx = crypto_aead_ctx(authenc);
+ unsigned int ivsize = crypto_aead_ivsize(authenc);
++ unsigned int cryptlen = areq->cryptlen - (encrypt ? 0 : authsize);
+
+ return talitos_edesc_alloc(ctx->dev, areq->src, areq->dst,
+- iv, areq->assoclen, areq->cryptlen,
++ iv, areq->assoclen, cryptlen,
+ authsize, ivsize, icv_stashing,
+ areq->base.flags, encrypt);
+ }
+@@ -1494,7 +1498,7 @@ static int aead_encrypt(struct aead_requ
+ /* set encrypt */
+ edesc->desc.hdr = ctx->desc_hdr_template | DESC_HDR_MODE0_ENCRYPT;
+
+- return ipsec_esp(edesc, req, ipsec_esp_encrypt_done);
++ return ipsec_esp(edesc, req, true, ipsec_esp_encrypt_done);
+ }
+
+ static int aead_decrypt(struct aead_request *req)
+@@ -1506,8 +1510,6 @@ static int aead_decrypt(struct aead_requ
+ struct talitos_edesc *edesc;
+ void *icvdata;
+
+- req->cryptlen -= authsize;
+-
+ /* allocate extended descriptor */
+ edesc = aead_edesc_alloc(req, req->iv, 1, false);
+ if (IS_ERR(edesc))
+@@ -1524,7 +1526,8 @@ static int aead_decrypt(struct aead_requ
+
+ /* reset integrity check result bits */
+
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_hwauth_done);
++ return ipsec_esp(edesc, req, false,
++ ipsec_esp_decrypt_hwauth_done);
+ }
+
+ /* Have to check the ICV with software */
+@@ -1540,7 +1543,7 @@ static int aead_decrypt(struct aead_requ
+ sg_pcopy_to_buffer(req->src, edesc->src_nents ? : 1, icvdata, authsize,
+ req->assoclen + req->cryptlen - authsize);
+
+- return ipsec_esp(edesc, req, ipsec_esp_decrypt_swauth_done);
++ return ipsec_esp(edesc, req, false, ipsec_esp_decrypt_swauth_done);
+ }
+
+ static int ablkcipher_setkey(struct crypto_ablkcipher *cipher,
--- /dev/null
+From b9a05b6041cb9810a291315569b2af0d63c3680a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:11 +0000
+Subject: crypto: talitos - fix CTR alg blocksize
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit b9a05b6041cb9810a291315569b2af0d63c3680a upstream.
+
+CTR has a blocksize of 1.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -2792,7 +2792,7 @@ static struct talitos_alg_template drive
+ .alg.crypto = {
+ .cra_name = "ctr(aes)",
+ .cra_driver_name = "ctr-aes-talitos",
+- .cra_blocksize = AES_BLOCK_SIZE,
++ .cra_blocksize = 1,
+ .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER |
+ CRYPTO_ALG_ASYNC,
+ .cra_ablkcipher = {
--- /dev/null
+From d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:13 +0000
+Subject: crypto: talitos - fix ECB algs ivsize
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit d84cc9c9524ec5973a337533e6d8ccd3e5f05f2b upstream.
+
+ECB's ivsize must be 0.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 5e75ae1b3cef ("crypto: talitos - add new crypto modes")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -2814,7 +2814,6 @@ static struct talitos_alg_template drive
+ .cra_ablkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
+- .ivsize = AES_BLOCK_SIZE,
+ .setkey = ablkcipher_aes_setkey,
+ }
+ },
+@@ -2849,7 +2848,6 @@ static struct talitos_alg_template drive
+ .cra_ablkcipher = {
+ .min_keysize = DES_KEY_SIZE,
+ .max_keysize = DES_KEY_SIZE,
+- .ivsize = DES_BLOCK_SIZE,
+ .setkey = ablkcipher_des_setkey,
+ }
+ },
+@@ -2885,7 +2883,6 @@ static struct talitos_alg_template drive
+ .cra_ablkcipher = {
+ .min_keysize = DES3_EDE_KEY_SIZE,
+ .max_keysize = DES3_EDE_KEY_SIZE,
+- .ivsize = DES3_EDE_BLOCK_SIZE,
+ .setkey = ablkcipher_des3_setkey,
+ }
+ },
--- /dev/null
+From 4bbfb839259a9c96a0be872e16f7471b7136aee5 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:15 +0000
+Subject: crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 4bbfb839259a9c96a0be872e16f7471b7136aee5 upstream.
+
+In that mode, hardware ICV verification is not supported.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 7405c8d7ff97 ("crypto: talitos - templates for AEAD using HMAC_SNOOP_NO_AFEU")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1515,7 +1515,8 @@ static int aead_decrypt(struct aead_requ
+ if (IS_ERR(edesc))
+ return PTR_ERR(edesc);
+
+- if ((priv->features & TALITOS_FTR_HW_AUTH_CHECK) &&
++ if ((edesc->desc.hdr & DESC_HDR_TYPE_IPSEC_ESP) &&
++ (priv->features & TALITOS_FTR_HW_AUTH_CHECK) &&
+ ((!edesc->src_nents && !edesc->dst_nents) ||
+ priv->features & TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT)) {
+
--- /dev/null
+From 66f030eac257a572fbedab3d9646d87d647351fd Mon Sep 17 00:00:00 2001
+From: "Andrew F. Davis" <afd@ti.com>
+Date: Tue, 28 May 2019 11:55:10 -0400
+Subject: firmware: ti_sci: Always request response from firmware
+
+From: Andrew F. Davis <afd@ti.com>
+
+commit 66f030eac257a572fbedab3d9646d87d647351fd upstream.
+
+TI-SCI firmware will only respond to messages when the
+TI_SCI_FLAG_REQ_ACK_ON_PROCESSED flag is set. Most messages already do
+this, set this for the ones that do not.
+
+This will be enforced in future firmware that better match the TI-SCI
+specifications, this patch will not break users of existing firmware.
+
+Fixes: aa276781a64a ("firmware: Add basic support for TI System Control Interface (TI-SCI) protocol")
+Signed-off-by: Andrew F. Davis <afd@ti.com>
+Acked-by: Nishanth Menon <nm@ti.com>
+Tested-by: Alejandro Hernandez <ajhernandez@ti.com>
+Signed-off-by: Tero Kristo <t-kristo@ti.com>
+Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/ti_sci.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/firmware/ti_sci.c
++++ b/drivers/firmware/ti_sci.c
+@@ -466,9 +466,9 @@ static int ti_sci_cmd_get_revision(struc
+ struct ti_sci_xfer *xfer;
+ int ret;
+
+- /* No need to setup flags since it is expected to respond */
+ xfer = ti_sci_get_one_xfer(info, TI_SCI_MSG_VERSION,
+- 0x0, sizeof(struct ti_sci_msg_hdr),
++ TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
++ sizeof(struct ti_sci_msg_hdr),
+ sizeof(*rev_info));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+@@ -596,9 +596,9 @@ static int ti_sci_get_device_state(const
+ info = handle_to_ti_sci_info(handle);
+ dev = info->dev;
+
+- /* Response is expected, so need of any flags */
+ xfer = ti_sci_get_one_xfer(info, TI_SCI_MSG_GET_DEVICE_STATE,
+- 0, sizeof(*req), sizeof(*resp));
++ TI_SCI_FLAG_REQ_ACK_ON_PROCESSED,
++ sizeof(*req), sizeof(*resp));
+ if (IS_ERR(xfer)) {
+ ret = PTR_ERR(xfer);
+ dev_err(dev, "Message alloc failed(%d)\n", ret);
pci-always-allow-probing-with-driver_override.patch
ubifs-correctly-use-tnc_next-in-search_dh_cookie.patch
driver-core-fix-use-after-free-and-double-free-on-glue-directory.patch
+crypto-talitos-check-aes-key-size.patch
+crypto-talitos-fix-ctr-alg-blocksize.patch
+crypto-talitos-check-data-blocksize-in-ablkcipher.patch
+crypto-talitos-fix-ecb-algs-ivsize.patch
+crypto-talitos-do-not-modify-req-cryptlen-on-decryption.patch
+crypto-talitos-hmac-snoop-no-afeu-mode-requires-sw-icv-checking.patch
+firmware-ti_sci-always-request-response-from-firmware.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
