--- /dev/null
+From 73669cc556462f4e50376538d77ee312142e8a8a Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Sat, 7 Dec 2019 22:15:15 +0800
+Subject: crypto: api - Fix race condition in crypto_spawn_alg
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 73669cc556462f4e50376538d77ee312142e8a8a upstream.
+
+The function crypto_spawn_alg is racy because it drops the lock
+before shooting the dying algorithm. The algorithm could disappear
+altogether before we shoot it.
+
+This patch fixes it by moving the shooting into the locked section.
+
+Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algapi.c | 16 +++++-----------
+ crypto/api.c | 3 +--
+ crypto/internal.h | 1 -
+ 3 files changed, 6 insertions(+), 14 deletions(-)
+
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -662,22 +662,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn);
+ static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn)
+ {
+ struct crypto_alg *alg;
+- struct crypto_alg *alg2;
+
+ down_read(&crypto_alg_sem);
+ alg = spawn->alg;
+- alg2 = alg;
+- if (alg2)
+- alg2 = crypto_mod_get(alg2);
+- up_read(&crypto_alg_sem);
+-
+- if (!alg2) {
+- if (alg)
+- crypto_shoot_alg(alg);
+- return ERR_PTR(-EAGAIN);
++ if (alg && !crypto_mod_get(alg)) {
++ alg->cra_flags |= CRYPTO_ALG_DYING;
++ alg = NULL;
+ }
++ up_read(&crypto_alg_sem);
+
+- return alg;
++ return alg ?: ERR_PTR(-EAGAIN);
+ }
+
+ struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type,
+--- a/crypto/api.c
++++ b/crypto/api.c
+@@ -355,13 +355,12 @@ static unsigned int crypto_ctxsize(struc
+ return len;
+ }
+
+-void crypto_shoot_alg(struct crypto_alg *alg)
++static void crypto_shoot_alg(struct crypto_alg *alg)
+ {
+ down_write(&crypto_alg_sem);
+ alg->cra_flags |= CRYPTO_ALG_DYING;
+ up_write(&crypto_alg_sem);
+ }
+-EXPORT_SYMBOL_GPL(crypto_shoot_alg);
+
+ struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
+ u32 mask)
+--- a/crypto/internal.h
++++ b/crypto/internal.h
+@@ -87,7 +87,6 @@ void crypto_alg_tested(const char *name,
+ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
+ struct crypto_alg *nalg);
+ void crypto_remove_final(struct list_head *list);
+-void crypto_shoot_alg(struct crypto_alg *alg);
+ struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type,
+ u32 mask);
+ void *crypto_create_tfm(struct crypto_alg *alg,
--- /dev/null
+From 781a08d9740afa73357f1a60d45d7c93d7cca2dd Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus@microchip.com>
+Date: Thu, 5 Dec 2019 09:54:01 +0000
+Subject: crypto: atmel-aes - Fix counter overflow in CTR mode
+
+From: Tudor Ambarus <tudor.ambarus@microchip.com>
+
+commit 781a08d9740afa73357f1a60d45d7c93d7cca2dd upstream.
+
+32 bit counter is not supported by neither of our AES IPs, all implement
+a 16 bit block counter. Drop the 32 bit block counter logic.
+
+Fixes: fcac83656a3e ("crypto: atmel-aes - fix the counter overflow in CTR mode")
+Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/atmel-aes.c | 37 ++++++++++++-------------------------
+ 1 file changed, 12 insertions(+), 25 deletions(-)
+
+--- a/drivers/crypto/atmel-aes.c
++++ b/drivers/crypto/atmel-aes.c
+@@ -87,7 +87,6 @@
+ struct atmel_aes_caps {
+ bool has_dualbuff;
+ bool has_cfb64;
+- bool has_ctr32;
+ bool has_gcm;
+ u32 max_burst_size;
+ };
+@@ -923,8 +922,9 @@ static int atmel_aes_ctr_transfer(struct
+ struct atmel_aes_ctr_ctx *ctx = atmel_aes_ctr_ctx_cast(dd->ctx);
+ struct ablkcipher_request *req = ablkcipher_request_cast(dd->areq);
+ struct scatterlist *src, *dst;
+- u32 ctr, blocks;
+ size_t datalen;
++ u32 ctr;
++ u16 blocks, start, end;
+ bool use_dma, fragmented = false;
+
+ /* Check for transfer completion. */
+@@ -936,27 +936,17 @@ static int atmel_aes_ctr_transfer(struct
+ datalen = req->nbytes - ctx->offset;
+ blocks = DIV_ROUND_UP(datalen, AES_BLOCK_SIZE);
+ ctr = be32_to_cpu(ctx->iv[3]);
+- if (dd->caps.has_ctr32) {
+- /* Check 32bit counter overflow. */
+- u32 start = ctr;
+- u32 end = start + blocks - 1;
+-
+- if (end < start) {
+- ctr |= 0xffffffff;
+- datalen = AES_BLOCK_SIZE * -start;
+- fragmented = true;
+- }
+- } else {
+- /* Check 16bit counter overflow. */
+- u16 start = ctr & 0xffff;
+- u16 end = start + (u16)blocks - 1;
+-
+- if (blocks >> 16 || end < start) {
+- ctr |= 0xffff;
+- datalen = AES_BLOCK_SIZE * (0x10000-start);
+- fragmented = true;
+- }
++
++ /* Check 16bit counter overflow. */
++ start = ctr & 0xffff;
++ end = start + blocks - 1;
++
++ if (blocks >> 16 || end < start) {
++ ctr |= 0xffff;
++ datalen = AES_BLOCK_SIZE * (0x10000 - start);
++ fragmented = true;
+ }
++
+ use_dma = (datalen >= ATMEL_AES_DMA_THRESHOLD);
+
+ /* Jump to offset. */
+@@ -1926,7 +1916,6 @@ static void atmel_aes_get_cap(struct atm
+ {
+ dd->caps.has_dualbuff = 0;
+ dd->caps.has_cfb64 = 0;
+- dd->caps.has_ctr32 = 0;
+ dd->caps.has_gcm = 0;
+ dd->caps.max_burst_size = 1;
+
+@@ -1935,14 +1924,12 @@ static void atmel_aes_get_cap(struct atm
+ case 0x500:
+ dd->caps.has_dualbuff = 1;
+ dd->caps.has_cfb64 = 1;
+- dd->caps.has_ctr32 = 1;
+ dd->caps.has_gcm = 1;
+ dd->caps.max_burst_size = 4;
+ break;
+ case 0x200:
+ dd->caps.has_dualbuff = 1;
+ dd->caps.has_cfb64 = 1;
+- dd->caps.has_ctr32 = 1;
+ dd->caps.has_gcm = 1;
+ dd->caps.max_burst_size = 4;
+ break;
--- /dev/null
+From e8d998264bffade3cfe0536559f712ab9058d654 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Fri, 29 Nov 2019 16:40:24 +0800
+Subject: crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit e8d998264bffade3cfe0536559f712ab9058d654 upstream.
+
+We should not be modifying the original request's MAY_SLEEP flag
+upon completion. It makes no sense to do so anyway.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto...")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Tested-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/pcrypt.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -130,7 +130,6 @@ static void pcrypt_aead_done(struct cryp
+ struct padata_priv *padata = pcrypt_request_padata(preq);
+
+ padata->info = err;
+- req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+
+ padata_do_serial(padata);
+ }
--- /dev/null
+From 7f8c36fe9be46862c4f3c5302f769378028a34fa Mon Sep 17 00:00:00 2001
+From: Chuhong Yuan <hslester96@gmail.com>
+Date: Tue, 10 Dec 2019 00:21:44 +0800
+Subject: crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
+
+From: Chuhong Yuan <hslester96@gmail.com>
+
+commit 7f8c36fe9be46862c4f3c5302f769378028a34fa upstream.
+
+Since tasklet is needed to be initialized before registering IRQ
+handler, adjust the position of tasklet_init to fix the wrong order.
+
+Besides, to fix the missed tasklet_kill, this patch adds a helper
+function and uses devm_add_action to kill the tasklet automatically.
+
+Fixes: ce92136843cb ("crypto: picoxcell - add support for the picoxcell crypto engines")
+Signed-off-by: Chuhong Yuan <hslester96@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/picoxcell_crypto.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/picoxcell_crypto.c
++++ b/drivers/crypto/picoxcell_crypto.c
+@@ -1632,6 +1632,11 @@ static bool spacc_is_compatible(struct p
+ return false;
+ }
+
++static void spacc_tasklet_kill(void *data)
++{
++ tasklet_kill(data);
++}
++
+ static int spacc_probe(struct platform_device *pdev)
+ {
+ int i, err, ret = -EINVAL;
+@@ -1674,6 +1679,14 @@ static int spacc_probe(struct platform_d
+ return -ENXIO;
+ }
+
++ tasklet_init(&engine->complete, spacc_spacc_complete,
++ (unsigned long)engine);
++
++ ret = devm_add_action(&pdev->dev, spacc_tasklet_kill,
++ &engine->complete);
++ if (ret)
++ return ret;
++
+ if (devm_request_irq(&pdev->dev, irq->start, spacc_spacc_irq, 0,
+ engine->name, engine)) {
+ dev_err(engine->dev, "failed to request IRQ\n");
+@@ -1736,8 +1749,6 @@ static int spacc_probe(struct platform_d
+ INIT_LIST_HEAD(&engine->completed);
+ INIT_LIST_HEAD(&engine->in_progress);
+ engine->in_flight = 0;
+- tasklet_init(&engine->complete, spacc_spacc_complete,
+- (unsigned long)engine);
+
+ platform_set_drvdata(pdev, engine);
+
of-add-of_dma_default_coherent-select-it-on-powerpc.patch
dm-space-map-common-fix-to-ensure-new-block-isn-t-already-in-use.patch
padata-remove-broken-queue-flushing.patch
+crypto-pcrypt-do-not-clear-may_sleep-flag-in-original-request.patch
+crypto-atmel-aes-fix-counter-overflow-in-ctr-mode.patch
+crypto-api-fix-race-condition-in-crypto_spawn_alg.patch
+crypto-picoxcell-adjust-the-position-of-tasklet_init-and-fix-missed-tasklet_kill.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
