From: Greg Kroah-Hartman Date: Wed, 10 Jul 2019 15:59:50 +0000 (+0200) Subject: 5.2-stable patches X-Git-Tag: v5.2.1~49 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b4c577f035071bd0a3523e186602d54fdcaf80ef;p=thirdparty%2Fkernel%2Fstable-queue.git 5.2-stable patches added patches: crypto-lrw-use-correct-alignmask.patch crypto-talitos-fix-hash-on-sec1.patch crypto-talitos-rename-alternative-aead-algos.patch --- diff --git a/queue-5.2/crypto-lrw-use-correct-alignmask.patch b/queue-5.2/crypto-lrw-use-correct-alignmask.patch new file mode 100644 index 00000000000..1477ecb0f09 --- /dev/null +++ b/queue-5.2/crypto-lrw-use-correct-alignmask.patch @@ -0,0 +1,40 @@ +From 20a0f9761343fba9b25ea46bd3a3e5e533d974f8 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 30 May 2019 10:53:08 -0700 +Subject: crypto: lrw - use correct alignmask + +From: Eric Biggers + +commit 20a0f9761343fba9b25ea46bd3a3e5e533d974f8 upstream. + +Commit c778f96bf347 ("crypto: lrw - Optimize tweak computation") +incorrectly reduced the alignmask of LRW instances from +'__alignof__(u64) - 1' to '__alignof__(__be32) - 1'. + +However, xor_tweak() and setkey() assume that the data and key, +respectively, are aligned to 'be128', which has u64 alignment. + +Fix the alignmask to be at least '__alignof__(be128) - 1'. + +Fixes: c778f96bf347 ("crypto: lrw - Optimize tweak computation") +Cc: # v4.20+ +Cc: Ondrej Mosnacek +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/lrw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/crypto/lrw.c ++++ b/crypto/lrw.c +@@ -384,7 +384,7 @@ static int create(struct crypto_template + inst->alg.base.cra_priority = alg->base.cra_priority; + inst->alg.base.cra_blocksize = LRW_BLOCK_SIZE; + inst->alg.base.cra_alignmask = alg->base.cra_alignmask | +- (__alignof__(__be32) - 1); ++ (__alignof__(be128) - 1); + + inst->alg.ivsize = LRW_BLOCK_SIZE; + inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(alg) + diff --git a/queue-5.2/crypto-talitos-fix-hash-on-sec1.patch b/queue-5.2/crypto-talitos-fix-hash-on-sec1.patch new file mode 100644 index 00000000000..5c283ce1f00 --- /dev/null +++ b/queue-5.2/crypto-talitos-fix-hash-on-sec1.patch @@ -0,0 +1,219 @@ +From 58cdbc6d2263beb36954408522762bbe73169306 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Mon, 24 Jun 2019 07:20:16 +0000 +Subject: crypto: talitos - fix hash on SEC1. + +From: Christophe Leroy + +commit 58cdbc6d2263beb36954408522762bbe73169306 upstream. + +On SEC1, hash provides wrong result when performing hashing in several +steps with input data SG list has more than one element. This was +detected with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS: + +[ 44.185947] alg: hash: md5-talitos test failed (wrong result) on test vector 6, cfg="random: may_sleep use_finup src_divs=[25.88%@+8063, 24.19%@+9588, 28.63%@+16333, 4.60%@+6756, 16.70%@+16281] dst_divs=[71.61%@alignmask+16361, 14.36%@+7756, 14.3%@+" +[ 44.325122] alg: hash: sha1-talitos test failed (wrong result) on test vector 3, cfg="random: inplace use_final src_divs=[16.56%@+16378, 52.0%@+16329, 21.42%@alignmask+16380, 10.2%@alignmask+16380] iv_offset=39" +[ 44.493500] alg: hash: sha224-talitos test failed (wrong result) on test vector 4, cfg="random: use_final nosimd src_divs=[52.27%@+7401, 17.34%@+16285, 17.71%@+26, 12.68%@+10644] iv_offset=43" +[ 44.673262] alg: hash: sha256-talitos test failed (wrong result) on test vector 4, cfg="random: may_sleep use_finup src_divs=[60.6%@+12790, 17.86%@+1329, 12.64%@alignmask+16300, 8.29%@+15, 0.40%@+13506, 0.51%@+16322, 0.24%@+16339] dst_divs" + +This is due to two issues: +- We have an overlap between the buffer used for copying the input +data (SEC1 doesn't do scatter/gather) and the chained descriptor. +- Data copy is wrong when the previous hash left less than one +blocksize of data to hash, implying a complement of the previous +block with a few bytes from the new request. + +Fix it by: +- Moving the second descriptor after the buffer, as moving the buffer +after the descriptor would make it more complex for other cipher +operations (AEAD, ABLKCIPHER) +- Skip the bytes taken from the new request to complete the previous +one by moving the SG list forward. + +Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/talitos.c | 69 +++++++++++++++++++++++++++-------------------- + 1 file changed, 41 insertions(+), 28 deletions(-) + +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -321,6 +321,21 @@ int talitos_submit(struct device *dev, i + } + EXPORT_SYMBOL(talitos_submit); + ++static __be32 get_request_hdr(struct talitos_request *request, bool is_sec1) ++{ ++ struct talitos_edesc *edesc; ++ ++ if (!is_sec1) ++ return request->desc->hdr; ++ ++ if (!request->desc->next_desc) ++ return request->desc->hdr1; ++ ++ edesc = container_of(request->desc, struct talitos_edesc, desc); ++ ++ return ((struct talitos_desc *)(edesc->buf + edesc->dma_len))->hdr1; ++} ++ + /* + * process what was done, notify callback of error if not + */ +@@ -342,12 +357,7 @@ static void flush_channel(struct device + + /* descriptors with their done bits set don't get the error */ + rmb(); +- if (!is_sec1) +- hdr = request->desc->hdr; +- else if (request->desc->next_desc) +- hdr = (request->desc + 1)->hdr1; +- else +- hdr = request->desc->hdr1; ++ hdr = get_request_hdr(request, is_sec1); + + if ((hdr & DESC_HDR_DONE) == DESC_HDR_DONE) + status = 0; +@@ -477,8 +487,14 @@ static u32 current_desc_hdr(struct devic + } + } + +- if (priv->chan[ch].fifo[iter].desc->next_desc == cur_desc) +- return (priv->chan[ch].fifo[iter].desc + 1)->hdr; ++ if (priv->chan[ch].fifo[iter].desc->next_desc == cur_desc) { ++ struct talitos_edesc *edesc; ++ ++ edesc = container_of(priv->chan[ch].fifo[iter].desc, ++ struct talitos_edesc, desc); ++ return ((struct talitos_desc *) ++ (edesc->buf + edesc->dma_len))->hdr; ++ } + + return priv->chan[ch].fifo[iter].desc->hdr; + } +@@ -1466,15 +1482,11 @@ static struct talitos_edesc *talitos_ede + edesc->dst_nents = dst_nents; + edesc->iv_dma = iv_dma; + edesc->dma_len = dma_len; +- if (dma_len) { +- void *addr = &edesc->link_tbl[0]; +- +- if (is_sec1 && !dst) +- addr += sizeof(struct talitos_desc); +- edesc->dma_link_tbl = dma_map_single(dev, addr, ++ if (dma_len) ++ edesc->dma_link_tbl = dma_map_single(dev, &edesc->link_tbl[0], + edesc->dma_len, + DMA_BIDIRECTIONAL); +- } ++ + return edesc; + } + +@@ -1759,14 +1771,16 @@ static void common_nonsnoop_hash_unmap(s + struct talitos_private *priv = dev_get_drvdata(dev); + bool is_sec1 = has_ftr_sec1(priv); + struct talitos_desc *desc = &edesc->desc; +- struct talitos_desc *desc2 = desc + 1; ++ struct talitos_desc *desc2 = (struct talitos_desc *) ++ (edesc->buf + edesc->dma_len); + + unmap_single_talitos_ptr(dev, &edesc->desc.ptr[5], DMA_FROM_DEVICE); + if (desc->next_desc && + desc->ptr[5].ptr != desc2->ptr[5].ptr) + unmap_single_talitos_ptr(dev, &desc2->ptr[5], DMA_FROM_DEVICE); + +- talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0); ++ if (req_ctx->psrc) ++ talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0); + + /* When using hashctx-in, must unmap it. */ + if (from_talitos_ptr_len(&edesc->desc.ptr[1], is_sec1)) +@@ -1833,7 +1847,6 @@ static void talitos_handle_buggy_hash(st + + static int common_nonsnoop_hash(struct talitos_edesc *edesc, + struct ahash_request *areq, unsigned int length, +- unsigned int offset, + void (*callback) (struct device *dev, + struct talitos_desc *desc, + void *context, int error)) +@@ -1872,9 +1885,7 @@ static int common_nonsnoop_hash(struct t + + sg_count = edesc->src_nents ?: 1; + if (is_sec1 && sg_count > 1) +- sg_pcopy_to_buffer(req_ctx->psrc, sg_count, +- edesc->buf + sizeof(struct talitos_desc), +- length, req_ctx->nbuf); ++ sg_copy_to_buffer(req_ctx->psrc, sg_count, edesc->buf, length); + else if (length) + sg_count = dma_map_sg(dev, req_ctx->psrc, sg_count, + DMA_TO_DEVICE); +@@ -1887,7 +1898,7 @@ static int common_nonsnoop_hash(struct t + DMA_TO_DEVICE); + } else { + sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc, +- &desc->ptr[3], sg_count, offset, 0); ++ &desc->ptr[3], sg_count, 0, 0); + if (sg_count > 1) + sync_needed = true; + } +@@ -1911,7 +1922,8 @@ static int common_nonsnoop_hash(struct t + talitos_handle_buggy_hash(ctx, edesc, &desc->ptr[3]); + + if (is_sec1 && req_ctx->nbuf && length) { +- struct talitos_desc *desc2 = desc + 1; ++ struct talitos_desc *desc2 = (struct talitos_desc *) ++ (edesc->buf + edesc->dma_len); + dma_addr_t next_desc; + + memset(desc2, 0, sizeof(*desc2)); +@@ -1932,7 +1944,7 @@ static int common_nonsnoop_hash(struct t + DMA_TO_DEVICE); + copy_talitos_ptr(&desc2->ptr[2], &desc->ptr[2], is_sec1); + sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc, +- &desc2->ptr[3], sg_count, offset, 0); ++ &desc2->ptr[3], sg_count, 0, 0); + if (sg_count > 1) + sync_needed = true; + copy_talitos_ptr(&desc2->ptr[5], &desc->ptr[5], is_sec1); +@@ -2043,7 +2055,6 @@ static int ahash_process_req(struct ahas + struct device *dev = ctx->dev; + struct talitos_private *priv = dev_get_drvdata(dev); + bool is_sec1 = has_ftr_sec1(priv); +- int offset = 0; + u8 *ctx_buf = req_ctx->buf[req_ctx->buf_idx]; + + if (!req_ctx->last && (nbytes + req_ctx->nbuf <= blocksize)) { +@@ -2083,6 +2094,8 @@ static int ahash_process_req(struct ahas + sg_chain(req_ctx->bufsl, 2, areq->src); + req_ctx->psrc = req_ctx->bufsl; + } else if (is_sec1 && req_ctx->nbuf && req_ctx->nbuf < blocksize) { ++ int offset; ++ + if (nbytes_to_hash > blocksize) + offset = blocksize - req_ctx->nbuf; + else +@@ -2095,7 +2108,8 @@ static int ahash_process_req(struct ahas + sg_copy_to_buffer(areq->src, nents, + ctx_buf + req_ctx->nbuf, offset); + req_ctx->nbuf += offset; +- req_ctx->psrc = areq->src; ++ req_ctx->psrc = scatterwalk_ffwd(req_ctx->bufsl, areq->src, ++ offset); + } else + req_ctx->psrc = areq->src; + +@@ -2135,8 +2149,7 @@ static int ahash_process_req(struct ahas + if (ctx->keylen && (req_ctx->first || req_ctx->last)) + edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_HMAC; + +- return common_nonsnoop_hash(edesc, areq, nbytes_to_hash, offset, +- ahash_done); ++ return common_nonsnoop_hash(edesc, areq, nbytes_to_hash, ahash_done); + } + + static int ahash_update(struct ahash_request *areq) diff --git a/queue-5.2/crypto-talitos-rename-alternative-aead-algos.patch b/queue-5.2/crypto-talitos-rename-alternative-aead-algos.patch new file mode 100644 index 00000000000..fa8e1f0795c --- /dev/null +++ b/queue-5.2/crypto-talitos-rename-alternative-aead-algos.patch @@ -0,0 +1,98 @@ +From a1a42f84011fae6ff08441a91aefeb7febc984fc Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 21 May 2019 13:34:08 +0000 +Subject: crypto: talitos - rename alternative AEAD algos. + +From: Christophe Leroy + +commit a1a42f84011fae6ff08441a91aefeb7febc984fc upstream. + +The talitos driver has two ways to perform AEAD depending on the +HW capability. Some HW support both. It is needed to give them +different names to distingish which one it is for instance when +a test fails. + +Signed-off-by: Christophe Leroy +Fixes: 7405c8d7ff97 ("crypto: talitos - templates for AEAD using HMAC_SNOOP_NO_AFEU") +Cc: stable@vger.kernel.org +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/talitos.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -2352,7 +2352,7 @@ static struct talitos_alg_template drive + .base = { + .cra_name = "authenc(hmac(sha1),cbc(aes))", + .cra_driver_name = "authenc-hmac-sha1-" +- "cbc-aes-talitos", ++ "cbc-aes-talitos-hsna", + .cra_blocksize = AES_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2397,7 +2397,7 @@ static struct talitos_alg_template drive + .cra_name = "authenc(hmac(sha1)," + "cbc(des3_ede))", + .cra_driver_name = "authenc-hmac-sha1-" +- "cbc-3des-talitos", ++ "cbc-3des-talitos-hsna", + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2440,7 +2440,7 @@ static struct talitos_alg_template drive + .base = { + .cra_name = "authenc(hmac(sha224),cbc(aes))", + .cra_driver_name = "authenc-hmac-sha224-" +- "cbc-aes-talitos", ++ "cbc-aes-talitos-hsna", + .cra_blocksize = AES_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2485,7 +2485,7 @@ static struct talitos_alg_template drive + .cra_name = "authenc(hmac(sha224)," + "cbc(des3_ede))", + .cra_driver_name = "authenc-hmac-sha224-" +- "cbc-3des-talitos", ++ "cbc-3des-talitos-hsna", + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2528,7 +2528,7 @@ static struct talitos_alg_template drive + .base = { + .cra_name = "authenc(hmac(sha256),cbc(aes))", + .cra_driver_name = "authenc-hmac-sha256-" +- "cbc-aes-talitos", ++ "cbc-aes-talitos-hsna", + .cra_blocksize = AES_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2573,7 +2573,7 @@ static struct talitos_alg_template drive + .cra_name = "authenc(hmac(sha256)," + "cbc(des3_ede))", + .cra_driver_name = "authenc-hmac-sha256-" +- "cbc-3des-talitos", ++ "cbc-3des-talitos-hsna", + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2702,7 +2702,7 @@ static struct talitos_alg_template drive + .base = { + .cra_name = "authenc(hmac(md5),cbc(aes))", + .cra_driver_name = "authenc-hmac-md5-" +- "cbc-aes-talitos", ++ "cbc-aes-talitos-hsna", + .cra_blocksize = AES_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + }, +@@ -2745,7 +2745,7 @@ static struct talitos_alg_template drive + .base = { + .cra_name = "authenc(hmac(md5),cbc(des3_ede))", + .cra_driver_name = "authenc-hmac-md5-" +- "cbc-3des-talitos", ++ "cbc-3des-talitos-hsna", + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + .cra_flags = CRYPTO_ALG_ASYNC, + },