1. 16 Aug, 2016 1 commit
  2. 20 Jul, 2016 1 commit
    • Paul Gortmaker's avatar
      x86, crypto: Restore MODULE_LICENSE() to glue_helper.c so it loads · a47177d3
      Paul Gortmaker authored
      In commit:
      
        eb008eb6
      
       ("x86: Audit and remove any remaining unnecessary uses of module.h")
      
      ... we looked for instances of module.h that were not supporting anything
      more than exported symbols.
      
      To facilitate the exchange of module.h to the much smaller export.h
      we occasionally remove tags like MODULE_AUTHOR() etc. which in the case
      of built in files, are no-ops and hence that is fine, assuming the
      info is already in the comments at the top of the file..
      
      However the error here is that I overlooked that this file was used
      not as a driver, but as a library of functions, and hence has no
      explicit modular linkage functions or similar, making it _appear_
      non-modular.  We can see that in retrospect with:
      
        arch/x86/crypto/Makefile:obj-$(CONFIG_CRYPTO_GLUE_HELPER_X86) += glue_helper.o
      
        crypto/Kconfig:config CRYPTO_GLUE_HELPER_X86
        crypto/Kconfig: tristate
      
      Since we removed what was an active MODULE_LICENSE(), the module failed
      to load and then automated testing showed the missing glue helpers as:
      
        glue_helper: Unknown symbol blkcipher_walk_done (err 0)
        glue_helper: Unknown symbol blkcipher_walk_virt (err 0)
        glue_helper: Unknown symbol kernel_fpu_end (err 0)
        glue_helper: Unknown symbol kernel_fpu_begin (err 0)
        glue_helper: Unknown symbol blkcipher_walk_virt_block (err 0)
      
      So we do a partial revert of that change to just this one file, and
      watch for similar MODULE_LICENSE() only cases in future audits.
      Reported-by: default avatarkernel test robot <xiaolong.ye@intel.com>
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-crypto@vger.kernel.org
      Cc: lkp@01.org
      Fixes: eb008eb6 ("x86: Audit and remove any remaining unnecessary uses of module.h")
      Link: http://lkml.kernel.org/r/20160719144243.GK21225@windriver.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a47177d3
  3. 14 Jul, 2016 1 commit
    • Paul Gortmaker's avatar
      x86: Audit and remove any remaining unnecessary uses of module.h · eb008eb6
      Paul Gortmaker authored
      
      
      Historically a lot of these existed because we did not have
      a distinction between what was modular code and what was providing
      support to modules via EXPORT_SYMBOL and friends.  That changed
      when we forked out support for the latter into the export.h file.
      
      This means we should be able to reduce the usage of module.h
      in code that is obj-y Makefile or bool Kconfig.  In the case of
      some of these which are modular, we can extend that to also include
      files that are building basic support functionality but not related
      to loading or registering the final module; such files also have
      no need whatsoever for module.h
      
      The advantage in removing such instances is that module.h itself
      sources about 15 other headers; adding significantly to what we feed
      cpp, and it can obscure what headers we are effectively using.
      
      Since module.h was the source for init.h (for __init) and for
      export.h (for EXPORT_SYMBOL) we consider each instance for the
      presence of either and replace as needed.
      
      In the case of crypto/glue_helper.c we delete a redundant instance
      of MODULE_LICENSE in order to delete module.h -- the license info
      is already present at the top of the file.
      
      The uncore change warrants a mention too; it is uncore.c that uses
      module.h and not uncore.h; hence the relocation done there.
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/20160714001901.31603-9-paul.gortmaker@windriver.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      eb008eb6
  4. 12 Jul, 2016 1 commit
  5. 01 Jul, 2016 1 commit
    • Herbert Xu's avatar
      crypto: aesni - Use crypto_cipher to derive rfc4106 subkey · 02fa472a
      Herbert Xu authored
      
      
      Currently aesni uses an async ctr(aes) to derive the rfc4106
      subkey, which was presumably copied over from the generic rfc4106
      code.  Over there it's done that way because we already have a
      ctr(aes) spawn.  But it is simply overkill for aesni since we
      have to go get a ctr(aes) from scratch anyway.
      
      This patch simplifies the subkey derivation by using a straight
      aes cipher instead.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      02fa472a
  6. 28 Jun, 2016 4 commits
  7. 27 Jun, 2016 5 commits
  8. 23 Jun, 2016 4 commits
  9. 02 Jun, 2016 1 commit
  10. 31 May, 2016 1 commit
  11. 17 May, 2016 1 commit
    • Josh Poimboeuf's avatar
      crypto: sha1-mb - make sha1_x8_avx2() conform to C function ABI · 4a6b27b7
      Josh Poimboeuf authored
      Megha Dey reported a kernel panic in crypto code.  The problem is that
      sha1_x8_avx2() clobbers registers r12-r15 without saving and restoring
      them.
      
      Before commit aec4d0e3 ("x86/asm/crypto: Simplify stack usage in
      sha-mb functions"), those registers were saved and restored by the
      callers of the function.  I removed them with that commit because I
      didn't realize sha1_x8_avx2() clobbered them.
      
      Fix the potential undefined behavior associated with clobbering the
      registers and make the behavior less surprising by changing the
      registers to be callee saved/restored to conform with the C function
      call ABI.
      
      Also, rdx (aka RSP_SAVE) doesn't need to be saved: I verified that none
      of the callers rely on it being saved, and it's not a callee-saved
      register in the C ABI.
      
      Fixes: aec4d0e3
      
       ("x86/asm/crypto: Simplify stack usage in sha-mb functions")
      Cc: stable@vger.kernel.org # 4.6
      Reported-by: default avatarMegha Dey <megha.dey@linux.intel.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      4a6b27b7
  12. 16 Apr, 2016 1 commit
    • Denys Vlasenko's avatar
      x86: Fix non-static inlines · a3819e3e
      Denys Vlasenko authored
      
      
      Four instances of incorrect usage of non-static "inline" crept up
      in arch/x86, all trivial; cleaning them up:
      
      EVT_TO_HPET_DEV() - made static, it is only used in kernel/hpet.c
      
      Debug version of check_iommu_entries() is an __init function.
      Non-debug dummy empty version of it is declared "inline" instead -
      which doesn't help to eliminate it (the caller is in a different unit,
      inlining doesn't happen).
      Switch to non-inlined __init function, which does eliminate it
      (by discarding it as part of __init section).
      
      crypto/sha-mb/sha1_mb.c: looks like they just forgot to add "static"
      to their two internal inlines, which emitted two unused functions into
      vmlinux.
      
            text     data      bss       dec     hex filename
        95903394 20860288 35991552 152755234 91adc22 vmlinux_before
        95903266 20860288 35991552 152755106 91adba2 vmlinux
      Signed-off-by: default avatarDenys Vlasenko <dvlasenk@redhat.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kernel@vger.kernel.org
      Link: http://lkml.kernel.org/r/1460739626-12179-1-git-send-email-dvlasenk@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a3819e3e
  13. 15 Apr, 2016 1 commit
  14. 13 Apr, 2016 3 commits
  15. 31 Mar, 2016 2 commits
  16. 24 Feb, 2016 5 commits
    • Josh Poimboeuf's avatar
      x86/asm/crypto: Create stack frames in crypto functions · 8691ccd7
      Josh Poimboeuf authored
      
      
      The crypto code has several callable non-leaf functions which don't
      honor CONFIG_FRAME_POINTER, which can result in bad stack traces.
      
      Create stack frames for them when CONFIG_FRAME_POINTER is enabled.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/6c20192bcf1102ae18ae5a242cabf30ce9b29895.1453405861.git.jpoimboe@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      8691ccd7
    • Josh Poimboeuf's avatar
      x86/asm/crypto: Don't use RBP as a scratch register · 68874ac3
      Josh Poimboeuf authored
      
      
      The frame pointer (RBP) is getting clobbered in
      sha1_mb_mgr_submit_avx2() before a function call, which can mess up
      stack traces.  Use R12 instead.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/15a3eb7ebe68e37755927915f45e4f0bde4d18c5.1453405861.git.jpoimboe@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      68874ac3
    • Josh Poimboeuf's avatar
      x86/asm/crypto: Simplify stack usage in sha-mb functions · aec4d0e3
      Josh Poimboeuf authored
      
      
      sha1_mb_mgr_flush_avx2() and sha1_mb_mgr_submit_avx2() both allocate a
      lot of stack space which is never used.  Also, many of the registers
      being saved aren't being clobbered so there's no need to save them.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/9402e4d87580d6b2376ed95f67b84bdcce3c830e.1453405861.git.jpoimboe@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      aec4d0e3
    • Josh Poimboeuf's avatar
      x86/asm/crypto: Move jump_table to .rodata section · f66f6191
      Josh Poimboeuf authored
      
      
      stacktool reports the following warning:
      
        stacktool: arch/x86/crypto/crc32c-pcl-intel-asm_64.o: crc_pcl()+0x11dd: can't decode instruction
      
      It gets confused when trying to decode jump_table data.  Move jump_table
      to the .rodata section which is a more appropriate home for read-only
      data.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/1dbf80c097bb9d89c0cbddc01a815ada690e3b32.1453405861.git.jpoimboe@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      f66f6191
    • Josh Poimboeuf's avatar
      x86/asm/crypto: Move .Lbswap_mask data to .rodata section · 1253cab8
      Josh Poimboeuf authored
      
      
      stacktool reports the following warning:
      
        stacktool: arch/x86/crypto/aesni-intel_asm.o: _aesni_inc_init(): can't find starting instruction
      
      stacktool gets confused when it tries to disassemble the following data
      in the .text section:
      
        .Lbswap_mask:
                .byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
      
      Move it to .rodata which is a more appropriate section for read-only
      data.
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris J Arges <chris.j.arges@canonical.com>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Namhyung Kim <namhyung@gmail.com>
      Cc: Pedro Alves <palves@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: live-patching@vger.kernel.org
      Link: http://lkml.kernel.org/r/b6a2f3f8bda705143e127c025edb2b53c86e6eb4.1453405861.git.jpoimboe@redhat.com
      
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1253cab8
  17. 16 Feb, 2016 1 commit
    • Stephan Mueller's avatar
      crypto: xts - consolidate sanity check for keys · 28856a9e
      Stephan Mueller authored
      
      
      The patch centralizes the XTS key check logic into the service function
      xts_check_key which is invoked from the different XTS implementations.
      With this, the XTS implementations in ARM, ARM64, PPC and S390 have now
      a sanity check for the XTS keys similar to the other arches.
      
      In addition, this service function received a check to ensure that the
      key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the
      check is not present in the standards defining XTS, it is only enforced
      in FIPS mode of the kernel.
      Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      28856a9e
  18. 06 Feb, 2016 1 commit
    • Wang, Rui Y's avatar
      crypto: sha-mb - Fix load failure · fd09967b
      Wang, Rui Y authored
      
      
      On  Monday, February 1, 2016 4:18 PM, Herbert Xu wrote:
      >
      > On Wed, Jan 27, 2016 at 05:08:35PM +0800, Rui Wang wrote:
      >>
      >> +static int sha1_mb_async_import(struct ahash_request *req, const void
      >> +*in) {
      >> +	struct ahash_request *mcryptd_req = ahash_request_ctx(req);
      >> +	struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
      >> +	struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
      >> +	struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
      >> +	struct crypto_shash *child = mcryptd_ahash_child(mcryptd_tfm);
      >> +	struct mcryptd_hash_request_ctx *rctx;
      >> +	struct shash_desc *desc;
      >> +	int err;
      >> +
      >> +	memcpy(mcryptd_req, req, sizeof(*req));
      >> +	ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
      >> +	rctx = ahash_request_ctx(mcryptd_req);
      >> +	desc = &rctx->desc;
      >> +	desc->tfm = child;
      >> +	desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
      >> +
      >> +	err = crypto_shash_init(desc);
      >> +	if (err)
      >> +		return err;
      >
      > What is this desc for?
      
      Hi Herbert,
      
      Yeah I just realized that the call to crypto_shash_init() isn't necessary
      here. What it does is overwritten by crypto_ahash_import(). But this desc
      still needs to be initialized here because it's newly allocated by
      ahash_request_alloc(). We eventually calls the shash version of import()
      which needs desc as an argument. The real context to be imported is then
      derived from shash_desc_ctx(desc).
      
      desc is a sub-field of struct mcryptd_hash_request_ctx, which is again a
      sub-field of the bigger blob allocated by ahash_request_alloc(). The entire
      blob's size is set in sha1_mb_async_init_tfm(). So a better version is as
      follows:
      
      (just removed the call to crypto_shash_init())
      
      >From 4bcb73adbef99aada94c49f352063619aa24d43d Mon Sep 17 00:00:00 2001
      From: Rui Wang <rui.y.wang@intel.com>
      Date: Mon, 14 Dec 2015 17:22:13 +0800
      Subject: [PATCH v2 1/4] crypto x86/sha1_mb: Fix load failure
      
      modprobe sha1_mb fails with the following message:
      
      modprobe: ERROR: could not insert 'sha1_mb': No such device
      
      It is because it needs to set its statesize and implement its
      import() and export() interface.
      
      v2: remove redundant call to crypto_shash_init()
      Signed-off-by: default avatarRui Wang <rui.y.wang@intel.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      fd09967b
  19. 30 Jan, 2016 1 commit
  20. 27 Jan, 2016 1 commit
  21. 25 Jan, 2016 1 commit
  22. 19 Dec, 2015 1 commit
  23. 04 Dec, 2015 1 commit
    • Wang, Rui Y's avatar
      crypto: ghash-clmulni - Fix load failure · 3a020a72
      Wang, Rui Y authored
      ghash_clmulni_intel fails to load on Linux 4.3+ with the following message:
      "modprobe: ERROR: could not insert 'ghash_clmulni_intel': Invalid argument"
      
      After 8996eafd
      
       ("crypto: ahash - ensure statesize is non-zero") all ahash
      drivers are required to implement import()/export(), and must have a non-
      zero statesize.
      
      This patch has been tested with the algif_hash interface. The calculated
      digest values, after several rounds of import()s and export()s, match those
      calculated by tcrypt.
      Signed-off-by: default avatarRui Wang <rui.y.wang@intel.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3a020a72