| 7b3aaaa | Boris BREZILLON | 18 June 2015, 13:46:22 UTC | crypto: marvell/cesa - add DES support Add support for DES operations. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:18:04 UTC |
| db509a4 | Boris BREZILLON | 18 June 2015, 13:46:21 UTC | crypto: marvell/cesa - add TDMA support The CESA IP supports CPU offload through a dedicated DMA engine (TDMA) which can control the crypto block. When you use this mode, all the required data (operation metadata and payload data) are transferred using DMA, and the results are retrieved through DMA when possible (hash results are not retrieved through DMA yet), thus reducing the involvement of the CPU and providing better performances in most cases (for small requests, the cost of DMA preparation might exceed the performance gain). Note that some CESA IPs do not embed this dedicated DMA, hence the activation of this feature on a per platform basis. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:18:03 UTC |
| f63601f | Boris BREZILLON | 18 June 2015, 13:46:20 UTC | crypto: marvell/cesa - add a new driver for Marvell's CESA The existing mv_cesa driver supports some features of the CESA IP but is quite limited, and reworking it to support new features (like involving the TDMA engine to offload the CPU) is almost impossible. This driver has been rewritten from scratch to take those new features into account. This commit introduce the base infrastructure allowing us to add support for DMA optimization. It also includes support for one hash (SHA1) and one cipher (AES) algorithm, and enable those features on the Armada 370 SoC. Other algorithms and platforms will be added later on. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:18:03 UTC |
| 1fa2e9a | Boris BREZILLON | 18 June 2015, 13:46:19 UTC | crypto: mv_cesa - explicitly define kirkwood and dove compatible strings We are about to add a new driver to support new features like using the TDMA engine to offload the CPU. Orion, Dove and Kirkwood platforms are already using the mv_cesa driver, but Orion SoCs do not embed the TDMA engine, which means we will have to differentiate them if we want to get TDMA support on Dove and Kirkwood. In the other hand, the migration from the old driver to the new one is not something all people are willing to do without first auditing the new driver. Hence we have to support the new compatible in the mv_cesa driver so that new platforms with updated DTs can still attach their crypto engine device to this driver. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:18:02 UTC |
| 51b44fc | Boris BREZILLON | 18 June 2015, 13:46:18 UTC | crypto: mv_cesa - use gen_pool to reserve the SRAM memory region The mv_cesa driver currently expects the SRAM memory region to be passed as a platform device resource. This approach implies two drawbacks: - the DT representation is wrong - the only one that can access the SRAM is the crypto engine The last point is particularly annoying in some cases: for example on armada 370, a small region of the crypto SRAM is used to implement the cpuidle, which means you would not be able to enable both cpuidle and the CESA driver. To address that problem, we explicitly define the SRAM device in the DT and then reference the sram node from the crypto engine node. Also note that the old way of retrieving the SRAM memory region is still supported, or in other words, backward compatibility is preserved. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:18:02 UTC |
| 1c07548 | Boris BREZILLON | 18 June 2015, 13:46:17 UTC | crypto: mv_cesa - document the clocks property On Dove platforms, the crypto engine requires a clock. Document this clocks property in the mv_cesa bindings doc. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 14:17:27 UTC |
| c0b59fa | Herbert Xu | 19 June 2015, 14:07:07 UTC | Merge branch 'mvebu/drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Merge the mvebu/drivers branch of the arm-soc tree which contains just a single patch bfa1ce5f38938cc9e6c7f2d1011f88eba2b9e2b2 ("bus: mvebu-mbus: add mv_mbus_dram_info_nooverlap()") that happens to be a prerequisite of the new marvell/cesa crypto driver. | 19 June 2015, 14:07:07 UTC |
| 28bceea | Dan Streetman | 18 June 2015, 16:28:32 UTC | MAINTAINERS: clarify drivers/crypto/nx/ file ownership Update the "IBM Power in-Nest Crypto Acceleration" and "IBM Power 842 compression accelerator" sections to specify the correct files. The "IBM Power in-Nest Crypto Acceleration" was originally the only NX driver, and so its section listed all drivers/crypto/nx/ files, but now there is also the 842 driver which has its own section. This lists explicitly what files are owned by the Crypto driver and which files are owned by the 842 compression driver. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:49:19 UTC |
| c47d630 | Dan Streetman | 18 June 2015, 16:05:30 UTC | crypto: nx - add LE support to pSeries platform driver Add support to the nx-842-pseries.c driver for running in little endian mode. The pSeries platform NX 842 driver currently only works as big endian. This adds cpu_to_be*() and be*_to_cpu() in the appropriate places to work in LE mode also. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:49:18 UTC |
| 7793bda | Herbert Xu | 18 June 2015, 06:25:56 UTC | crypto: caam - Set last bit on src SG list The new aead_edesc_alloc left out the bit indicating the last entry on the source SG list. This patch fixes it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:16:32 UTC |
| 87e51b0 | Herbert Xu | 18 June 2015, 06:25:55 UTC | crypto: caam - Reintroduce DESC_MAX_USED_BYTES I incorrectly removed DESC_MAX_USED_BYTES when enlarging the size of the shared descriptor buffers, thus making it four times larger than what is necessary. This patch restores the division by four calculation. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:16:31 UTC |
| f5d8660 | Herbert Xu | 18 June 2015, 06:00:49 UTC | crypto: aead - Fix aead_instance struct size The struct aead_instance is meant to extend struct crypto_instance by incorporating the extra members of struct aead_alg. However, the current layout which is copied from shash/ahash does not specify the struct fully. In particular only aead_alg is present. For shash/ahash this works because users there add extra headroom to sizeof(struct crypto_instance) when allocating the instance. Unfortunately for aead, this bit was lost when the new aead_instance was added. Rather than fixing it like shash/ahash, this patch simply expands struct aead_instance to contain what is supposed to be there, i.e., adding struct crypto_instance. In order to not break existing AEAD users, this is done through an anonymous union. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:16:30 UTC |
| edf18b9 | Herbert Xu | 18 June 2015, 06:00:48 UTC | crypto: api - Add CRYPTO_MINALIGN_ATTR to struct crypto_alg The struct crypto_alg is embedded into various type-specific structs such as aead_alg. This is then used as part of instances such as struct aead_instance. It is also embedded into the generic struct crypto_instance. In order to ensure that struct aead_instance can be converted to struct crypto_instance when necessary, we need to ensure that crypto_alg is aligned properly. This patch adds an alignment attribute to struct crypto_alg to ensure this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 19 June 2015, 06:16:28 UTC |
| 596103c | Herbert Xu | 17 June 2015, 06:58:24 UTC | crypto: drivers - Fix Kconfig selects This patch fixes a number of problems in crypto driver Kconfig entries: 1. Select BLKCIPHER instead of BLKCIPHER2. The latter is internal and should not be used outside of the crypto API itself. 2. Do not select ALGAPI unless you use a legacy type like CRYPTO_ALG_TYPE_CIPHER. 3. Select the algorithm type that you are implementing, e.g., AEAD. 4. Do not select generic C code such as CBC/ECB unless you use them as a fallback. 5. Remove default n since that is the default default. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 18 June 2015, 06:45:36 UTC |
| 3126727 | Herbert Xu | 17 June 2015, 06:05:26 UTC | crypto: tcrypt - Fixed AEAD speed test setup The AEAD speed test SG list setup did not correctly mark the AD, potentially causing a crash. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 18 June 2015, 06:45:33 UTC |
| 4e4aab6 | Herbert Xu | 17 June 2015, 06:04:21 UTC | crypto: tcrypt - Add rfc4309(ccm(aes)) speed test This patch adds a speed test for rfc4309(ccm(aes)) as mode 212. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 18 June 2015, 06:45:32 UTC |
| f657f82 | Steffen Trumtrar | 16 June 2015, 10:59:07 UTC | crypto: caam - fix non-64-bit write/read access The patch crypto: caam - Add definition of rd/wr_reg64 for little endian platform added support for little endian platforms to the CAAM driver. Namely a write and read function for 64 bit registers. The only user of this functions is the Job Ring driver (drivers/crypto/caam/jr.c). It uses the functions to set the DMA addresses for the input/output rings. However, at least in the default configuration, the least significant 32 bits are always in the base+0x0004 address; independent of the endianness of the bytes itself. That means the addresses do not change with the system endianness. DMA addresses are only 32 bits wide on non-64-bit systems, writing the upper 32 bits of this value to the register for the least significant bits results in the DMA address being set to 0. Fix this by always writing the registers in the same way. Suggested-by: Russell King <linux@arm.linux.org.uk> Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 18 June 2015, 06:45:28 UTC |
| 946cc46 | Tadeusz Struk | 16 June 2015, 17:31:06 UTC | crypto: testmgr - add tests vectors for RSA New test vectors for RSA algorithm. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 09:03:54 UTC |
| cfc2bb3 | Tadeusz Struk | 16 June 2015, 17:31:01 UTC | crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 09:03:53 UTC |
| 3c339ab | Tadeusz Struk | 16 June 2015, 17:30:55 UTC | crypto: akcipher - add PKE API Add Public Key Encryption API. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Made CRYPTO_AKCIPHER invisible like other type config options. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 09:03:14 UTC |
| c2b7b20 | Martin Willi | 16 June 2015, 09:34:16 UTC | crypto: poly1305 - Pass key as first two message blocks to each desc_ctx The Poly1305 authenticator requires a unique key for each generated tag. This implies that we can't set the key per tfm, as multiple users set individual keys. Instead we pass a desc specific key as the first two blocks of the message to authenticate in update(). Signed-off-by: Martin Willi <martin@strongswan.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:11 UTC |
| 8f69b76 | Herbert Xu | 16 June 2015, 05:54:26 UTC | crypto: testmgr - Add mcgrew test vectors for rfc4106 This patch adds rfc4106 test vectors sourced from draft-mcgrew-gcm-test-01. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:10 UTC |
| bb68745 | Herbert Xu | 16 June 2015, 05:54:24 UTC | Revert "crypto: testmgr - Disable rfc4543 test" This reverts commit 9b9f9296a7b73fbafe0a0a6f2494eaadd97f9f73 as all in-kernel implementations of GCM have been converted to the new AEAD interface, meaning that they should now pass the updated rfc4543 test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:09 UTC |
| f2147b8 | Herbert Xu | 16 June 2015, 05:54:23 UTC | crypto: caam - Convert GCM to new AEAD interface This patch converts the caam GCM implementations to the new AEAD interface. This is compile-tested only. Note that all IV generation for GCM algorithms have been removed. The reason is that the current generation uses purely random IVs which is not appropriate for counter-based algorithms where we first and foremost require uniqueness. Of course there is no reason why you couldn't implement seqiv or seqniv within caam since all they do is xor the sequence number with a salt, but since I can't test this on actual hardware I'll leave it alone for now. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:08 UTC |
| 6c94711 | Herbert Xu | 16 June 2015, 05:54:22 UTC | crypto: caam - Handle errors in dma_map_sg_chained Currently dma_map_sg_chained does not handle errors from the underlying dma_map_sg calls. This patch adds rollback in case of an error by simply calling dma_unmap_sg_chained for the ones that we've already mapped. All current callers ignore the return value so this should have no impact on them. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:08 UTC |
| 201f28f | Herbert Xu | 16 June 2015, 05:54:21 UTC | crypto: nx - Convert GCM to new AEAD interface This patch converts the nx GCM implementations to the new AEAD interface. This is compile-tested only. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:07 UTC |
| 0af8fbc | Herbert Xu | 16 June 2015, 05:54:19 UTC | crypto: testmgr - Update rfc4543 test vectors This patch updates the rfc4543 test vectors to the new format where the IV is part of the AD. For now these vectors are still unused. They will be reactivated once all rfc4543 implementations have migrated. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:06 UTC |
| adcbc68 | Herbert Xu | 16 June 2015, 05:54:18 UTC | crypto: gcm - Convert to new AEAD interface This patch converts generic gcm and its associated transforms to the new AEAD interface. The biggest reward is in code reduction for rfc4543 where it used to do IV stitching which is no longer needed as the IV is already part of the AD on input. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:05 UTC |
| 14f3406 | Herbert Xu | 16 June 2015, 05:54:16 UTC | crypto: testmgr - Disable rfc4543 test Because the old rfc4543 implementation always injected an IV into the AD, while the new one does not, we have to disable the test while it is converted over to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 17 June 2015, 07:35:04 UTC |
| f4ec6aa | Victoria Milhoan | 15 June 2015, 23:52:58 UTC | crypto: caam - Provide correct value to iounmap() in controller driver Fix a "Trying to vfree() nonexistent vm area" error when unloading the CAAM controller module by providing the correct pointer value to iounmap(). Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 16 June 2015, 06:35:42 UTC |
| 8af7b0f | Victoria Milhoan | 15 June 2015, 23:52:57 UTC | crypto: caam - Fix incorrect size when DMA unmapping buffer The CAAM driver uses two data buffers to store data for a hashing operation, with one buffer defined as active. This change forces switching of the active buffer when executing a hashing operation to avoid a later DMA unmap using the length of the opposite buffer. Signed-off-by: Victoria Milhoan <vicki.milhoan@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 16 June 2015, 06:35:07 UTC |
| d37e296 | Tadeusz Struk | 15 June 2015, 20:18:36 UTC | MPILIB: add mpi_read_buf() and mpi_get_size() helpers Added a mpi_read_buf() helper function to export MPI to a buf provided by the user, and a mpi_get_size() helper, that tells the user how big the buf is. Changed mpi_free to use kzfree instead of kfree because it is used to free crypto keys. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 16 June 2015, 06:35:06 UTC |
| 4beb106 | Herbert Xu | 15 June 2015, 08:55:46 UTC | crypto: vmx - Reindent to kernel style This patch reidents the vmx code-base to the kernel coding style. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 16 June 2015, 06:35:02 UTC |
| 0903e43 | Herbert Xu | 15 June 2015, 08:55:07 UTC | crypto: vmx - Remove duplicate PPC64 dependency The top-level CRYPTO_DEV_VMX option already depends on PPC64 so there is no need to depend on it again at CRYPTO_DEV_VMX_ENCRYPT. This patch also removes a redundant "default n". Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 16 June 2015, 06:35:01 UTC |
| de1e008 | Jeremiah Mahler | 13 June 2015, 04:56:40 UTC | crypto: aesni - fix crypto_fpu_exit() section mismatch The '__init aesni_init()' function calls the '__exit crypto_fpu_exit()' function directly. Since they are in different sections, this generates a warning. make CONFIG_DEBUG_SECTION_MISMATCH=y ... WARNING: arch/x86/crypto/aesni-intel.o(.init.text+0x12b): Section mismatch in reference from the function init_module() to the function .exit.text:crypto_fpu_exit() The function __init init_module() references a function __exit crypto_fpu_exit(). This is often seen when error handling in the init function uses functionality in the exit path. The fix is often to remove the __exit annotation of crypto_fpu_exit() so it may be used outside an exit section. Fix the warning by removing the __exit annotation. Signed-off-by: Jeremiah Mahler <jmmahler@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 15 June 2015, 10:15:58 UTC |
| 2c6f6ea | Dan Streetman | 12 June 2015, 14:58:47 UTC | crypto: nx - replace NX842_MEM_COMPRESS with function Replace the NX842_MEM_COMPRESS define with a function that returns the specific platform driver's required working memory size. The common nx-842.c driver refuses to load if there is no platform driver present, so instead of defining an approximate working memory size that's the maximum approximate size of both platform driver's size requirements, the platform driver can directly provide its specific, i.e. sizeof(struct nx842_workmem), size requirements which the 842-nx crypto compression driver will use. This saves memory by both reducing the required size of each driver to the specific sizeof() amount, as well as using the specific loaded platform driver's required amount, instead of the maximum of both. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 15 June 2015, 10:15:57 UTC |
| 32be6d3 | Dan Streetman | 12 June 2015, 14:58:46 UTC | crypto: nx - move include/linux/nx842.h into drivers/crypto/nx/nx-842.h Move the contents of the include/linux/nx842.h header file into the drivers/crypto/nx/nx-842.h header file. Remove the nx842.h header file and its entry in the MAINTAINERS file. The include/linux/nx842.h header originally was there because the crypto/842.c driver needed it to communicate with the nx-842 hw driver. However, that crypto compression driver was moved into the drivers/crypto/nx/ directory, and now can directly include the nx-842.h header. Nothing else needs the public include/linux/nx842.h header file, as all use of the nx-842 hardware driver will be through the "842-nx" crypto compression driver, since the direct nx-842 api is very limited in the buffer alignments and sizes that it will accept, and the crypto compression interface handles those limitations and allows any alignment and size buffers. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 15 June 2015, 10:15:56 UTC |
| 81781e6 | Herbert Xu | 11 June 2015, 03:28:34 UTC | crypto: picoxcell - Clamp AEAD SG list by input length Currently the driver assumes that the SG list contains exactly the number of bytes required. This assumption is incorrect. Up until now this has been harmless. However with the new AEAD interface this now breaks as the AD SG list contains more bytes than just the AD. This patch fixes this by always clamping the AD SG list by the specified AD length. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 12 June 2015, 14:45:09 UTC |
| 1a5b951 | Herbert Xu | 11 June 2015, 03:28:33 UTC | crypto: picoxcell - Make use of sg_nents_for_len This patch makes use of the new sg_nents_for_len helper to replace the custom sg_count function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 12 June 2015, 14:45:08 UTC |
| 72071fe | Herbert Xu | 11 June 2015, 03:28:32 UTC | crypto: picoxcell - Include linux/sizes.h This driver uses SZ_64K so it should include linux/sizes.h rather than relying on others to pull it in for it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 12 June 2015, 14:45:07 UTC |
| 826775b | Herbert Xu | 11 June 2015, 00:55:10 UTC | crypto: drbg - Add select on sha256 The hash-based DRBG variants all use sha256 so we need to add a select on it. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 11 June 2015, 13:55:28 UTC |
| 593dfbd | Sergey Senozhatsky | 10 June 2015, 13:27:48 UTC | crypto: drbg - report backend_cra_name when allocation fails Be more verbose and also report ->backend_cra_name when crypto_alloc_shash() or crypto_alloc_cipher() fail in drbg_init_hash_kernel() or drbg_init_sym_kernel() correspondingly. Example DRBG: could not allocate digest TFM handle: hmac(sha256) Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 11 June 2015, 13:55:28 UTC |
| 42ea507 | Stephan Mueller | 10 June 2015, 01:33:37 UTC | crypto: drbg - reseed often if seedsource is degraded As required by SP800-90A, the DRBG implements are reseeding threshold. This threshold is at 2**48 (64 bit) and 2**32 bit (32 bit) as implemented in drbg_max_requests. With the recently introduced changes, the DRBG is now always used as a stdrng which is initialized very early in the boot cycle. To ensure that sufficient entropy is present, the Jitter RNG is added to even provide entropy at early boot time. However, the 2nd seed source, the nonblocking pool, is usually degraded at that time. Therefore, the DRBG is seeded with the Jitter RNG (which I believe contains good entropy, which however is questioned by others) and is seeded with a degradded nonblocking pool. This seed is now used for quasi the lifetime of the system (2**48 requests is a lot). The patch now changes the reseed threshold as follows: up until the time the DRBG obtains a seed from a fully iniitialized nonblocking pool, the reseeding threshold is lowered such that the DRBG is forced to reseed itself resonably often. Once it obtains the seed from a fully initialized nonblocking pool, the reseed threshold is set to the value required by SP800-90A. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 10 June 2015, 11:14:05 UTC |
| c271950 | Herbert Xu | 09 June 2015, 10:19:42 UTC | random: Remove kernel blocking API This patch removes the kernel blocking API as it has been completely replaced by the callback API. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 10 June 2015, 11:14:04 UTC |
| 57225e6 | Stephan Mueller | 09 June 2015, 13:55:38 UTC | crypto: drbg - Use callback API for random readiness The get_blocking_random_bytes API is broken because the wait can be arbitrarily long (potentially forever) so there is no safe way of calling it from within the kernel. This patch replaces it with the new callback API which does not have this problem. The patch also removes the entropy buffer registered with the DRBG handle in favor of stack variables to hold the seed data. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 10 June 2015, 11:14:01 UTC |
| 205a525 | Herbert Xu | 09 June 2015, 10:19:39 UTC | random: Add callback API for random pool readiness The get_blocking_random_bytes API is broken because the wait can be arbitrarily long (potentially forever) so there is no safe way of calling it from within the kernel. This patch replaces it with a callback API instead. The callback is invoked potentially from interrupt context so the user needs to schedule their own work thread if necessary. In addition to adding callbacks, they can also be removed as otherwise this opens up a way for user-space to allocate kernel memory with no bound (by opening algif_rng descriptors and then closing them). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 10 June 2015, 11:13:56 UTC |
| 05dee9c | Herbert Xu | 09 June 2015, 04:46:46 UTC | nios2: Export get_cycles nios2 is the only architecture that does not inline get_cycles and does not export it. This breaks crypto as it uses get_cycles in a number of modules. Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:26:00 UTC |
| fbb145b | Stephan Mueller | 09 June 2015, 02:08:49 UTC | crypto: drbg - use pragmas for disabling optimization Replace the global -O0 compiler flag from the Makefile with GCC pragmas to mark only the functions required to be compiled without optimizations. This patch also adds a comment describing the rationale for the functions chosen to be compiled without optimizations. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:26:00 UTC |
| 70c3c8a | Herbert Xu | 08 June 2015, 08:38:24 UTC | crypto: caam - Clamp AEAD SG list by input length Currently caam assumes that the SG list contains exactly the number of bytes required. This assumption is incorrect. Up until now this has been harmless. However with the new AEAD interface this now breaks as the AD SG list contains more bytes than just the AD. This patch fixes this by always clamping the AD SG list by the specified AD length. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:25:58 UTC |
| ecb479d | Tadeusz Struk | 05 June 2015, 22:52:13 UTC | crypto: qat: fix issue when mapping assoc to internal AD struct This patch fixes an issue when building an internal AD representation. We need to check assoclen and not only blindly loop over assoc sgl. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:22:06 UTC |
| e4fa146 | Tadeusz Struk | 05 June 2015, 22:51:18 UTC | crypto: qat - Set max request size The device doensn't support the default value and will change it to 256, which will cause performace degradation for biger packets. Add an explicit write to set it to 1024. Reported-by: Tianliang Wang <tianliang.wang@intel.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:22:04 UTC |
| a7eed15 | LABBE Corentin | 05 June 2015, 09:39:22 UTC | crypto: testmgr - Document struct cipher_testvec Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 09 June 2015, 14:22:00 UTC |
| 12f7c14 | Masanari Iida | 03 June 2015, 15:01:21 UTC | crypto: doc - Fix typo in crypto-API.xml This patch fix some typos found in crypto-API.xml. It is because the file is generated from comments in sources, so I had to fix typo in sources. Signed-off-by: Masanari Iida <standby24x7@gmail.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:08 UTC |
| 6b212f0 | Masanari Iida | 03 June 2015, 15:01:20 UTC | crypto: doc - Fix typo in crypto-API.tmpl This patch fix some spelling typo found in crypto-API.tmpl Signed-off-by: Masanari Iida <standby24x7@gmail.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:05 UTC |
| a5b151d | Herbert Xu | 03 June 2015, 06:49:32 UTC | crypto: rng - Remove krng This patch removes krng so that DRBG can take its place. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:02 UTC |
| 401e423 | Herbert Xu | 03 June 2015, 06:49:31 UTC | crypto: rng - Make DRBG the default RNG This patch creates a new invisible Kconfig option CRYPTO_RNG_DEFAULT that simply selects the DRBG. This new option is then selected by the IV generators. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:02 UTC |
| 3491244 | Herbert Xu | 03 June 2015, 06:49:29 UTC | crypto: echainiv - Set Kconfig default to m As this is required by many IPsec algorithms, let's set the default to m. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:02 UTC |
| 51ee142 | Herbert Xu | 03 June 2015, 06:49:28 UTC | crypto: drbg - Add stdrng alias and increase priority This patch adds the stdrng module alias and increases the priority to ensure that it is loaded in preference to other RNGs. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:01 UTC |
| b7dcfab | Herbert Xu | 03 June 2015, 06:49:27 UTC | crypto: seqiv - Move IV seeding into init function We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:01 UTC |
| 4ce43ce | Herbert Xu | 03 June 2015, 06:49:25 UTC | crypto: eseqiv - Move IV seeding into init function We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:00 UTC |
| f261c5f | Herbert Xu | 03 June 2015, 06:49:24 UTC | crypto: echainiv - Move IV seeding into init function We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:05:00 UTC |
| 65fe674 | Herbert Xu | 03 June 2015, 06:49:23 UTC | crypto: chainiv - Move IV seeding into init function We currently do the IV seeding on the first givencrypt call in order to conserve entropy. However, this does not work with DRBG which cannot be called from interrupt context. In fact, with DRBG we don't need to conserve entropy anyway. So this patch moves the seeding into the init function. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:59 UTC |
| 3154de7 | Dan Streetman | 02 June 2015, 19:22:10 UTC | crypto: nx - fix nx-842 pSeries driver minimum buffer size Reduce the nx-842 pSeries driver minimum buffer size from 128 to 8. Also replace the single use of IO_BUFFER_ALIGN macro with the standard and correct DDE_BUFFER_ALIGN. The hw sometimes rejects buffers that contain padding past the end of the 8-byte aligned section where it sees the "end" marker. With the minimum buffer size set too high, some highly compressed buffers were being padded and the hw was incorrectly rejecting them; this sets the minimum correctly so there will be no incorrect padding. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:59 UTC |
| b08b6b7 | Martin Willi | 01 June 2015, 11:44:04 UTC | xfrm: Define ChaCha20-Poly1305 AEAD XFRM algo for IPsec users Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:55 UTC |
| 5900758 | Martin Willi | 01 June 2015, 11:44:03 UTC | crypto: testmgr - Add draft-ietf-ipsecme-chacha20-poly1305 test vector Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:54 UTC |
| 4db4ad2 | Martin Willi | 01 June 2015, 11:44:02 UTC | crypto: chacha20poly1305 - Add an IPsec variant for RFC7539 AEAD draft-ietf-ipsecme-chacha20-poly1305 defines the use of ChaCha20/Poly1305 in ESP. It uses additional four byte key material as a salt, which is then used with an 8 byte IV to form the ChaCha20 nonce as defined in the RFC7539. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:53 UTC |
| af2b76b | Martin Willi | 01 June 2015, 11:44:01 UTC | crypto: testmgr - Add ChaCha20-Poly1305 test vectors from RFC7539 Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:53 UTC |
| 71ebc4d | Martin Willi | 01 June 2015, 11:44:00 UTC | crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539 This AEAD uses a chacha20 ablkcipher and a poly1305 ahash to construct the ChaCha20-Poly1305 AEAD as defined in RFC7539. It supports both synchronous and asynchronous operations, even if we currently have no async chacha20 or poly1305 drivers. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:52 UTC |
| eee9dc6 | Martin Willi | 01 June 2015, 11:43:59 UTC | crypto: testmgr - Add Poly1305 test vectors from RFC7539 Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:51 UTC |
| f979e01 | Martin Willi | 01 June 2015, 11:43:58 UTC | crypto: poly1305 - Add a generic Poly1305 authenticator implementation Poly1305 is a fast message authenticator designed by Daniel J. Bernstein. It is further defined in RFC7539 as a building block for the ChaCha20-Poly1305 AEAD for use in IETF protocols. This is a portable C implementation of the algorithm without architecture specific optimizations, based on public domain code by Daniel J. Bernstein and Andrew Moon. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:50 UTC |
| 3590ebf | Martin Willi | 01 June 2015, 11:43:57 UTC | crypto: testmgr - Add ChaCha20 test vectors from RFC7539 We explicitly set the Initial block Counter by prepending it to the nonce in Little Endian. The same test vector is used for both encryption and decryption, ChaCha20 is a cipher XORing a keystream. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:50 UTC |
| c08d0e6 | Martin Willi | 01 June 2015, 11:43:56 UTC | crypto: chacha20 - Add a generic ChaCha20 stream cipher implementation ChaCha20 is a high speed 256-bit key size stream cipher algorithm designed by Daniel J. Bernstein. It is further specified in RFC7539 for use in IETF protocols as a building block for the ChaCha20-Poly1305 AEAD. This is a portable C implementation without any architecture specific optimizations. It uses a 16-byte IV, which includes the 12-byte ChaCha20 nonce prepended by the initial block counter. Some algorithms require an explicit counter value, for example the mentioned AEAD construction. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 04 June 2015, 07:04:49 UTC |
| fb43f69 | Tom Lendacky | 01 June 2015, 16:15:53 UTC | crypto: ccp - Protect against poorly marked end of sg list Scatter gather lists can be created with more available entries than are actually used (e.g. using sg_init_table() to reserve a specific number of sg entries, but in actuality using something less than that based on the data length). The caller sometimes fails to mark the last entry with sg_mark_end(). In these cases, sg_nents() will return the original size of the sg list as opposed to the actual number of sg entries that contain valid data. On arm64, if the sg_nents() value is used in a call to dma_map_sg() in this situation, then it causes a BUG_ON in lib/swiotlb.c because an "empty" sg list entry results in dma_capable() returning false and swiotlb trying to create a bounce buffer of size 0. This occurred in the userspace crypto interface before being fixed by 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data") Protect against this by using the new sg_nents_for_len() function which returns only the number of sg entries required to meet the desired length and supplying that value to dma_map_sg(). Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:51:28 UTC |
| cfaed10 | Tom Lendacky | 01 June 2015, 16:15:25 UTC | scatterlist: introduce sg_nents_for_len When performing a dma_map_sg() call, the number of sg entries to map is required. Using sg_nents to retrieve the number of sg entries will return the total number of entries in the sg list up to the entry marked as the end. If there happen to be unused entries in the list, these will still be counted. Some dma_map_sg() implementations will not handle the unused entries correctly (lib/swiotlb.c) and execute a BUG_ON. The sg_nents_for_len() function will traverse the sg list and return the number of entries required to satisfy the supplied length argument. This can then be supplied to the dma_map_sg() call to successfully map the sg. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:51:27 UTC |
| 1605440 | Herbert Xu | 01 June 2015, 08:22:03 UTC | crypto: scatterwalk - Hide PageSlab call to optimise away flush_dcache_page On architectures where flush_dcache_page is not needed, we will end up generating all the code up to the PageSlab call. This is because PageSlab operates on a volatile pointer and thus cannot be optimised away. This patch works around this by checking whether flush_dcache_page is needed before we call PageSlab which then allows PageSlab to be compiled awy. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:51:25 UTC |
| b7c89d9 | Herbert Xu | 01 June 2015, 07:53:06 UTC | crypto: aesni - Convert rfc4106 to new AEAD interface This patch converts the low-level __gcm-aes-aesni algorithm to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:51:24 UTC |
| 3e648cb | Dan Streetman | 28 May 2015, 20:21:31 UTC | crypto: nx - prevent nx 842 load if no hw driver Change the nx-842 common driver to wait for loading of both platform drivers, and fail loading if the platform driver pointer is not set. Add an independent platform driver pointer, that the platform drivers set if they find they are able to load (i.e. if they find their platform devicetree node(s)). The problem is currently, the main nx-842 driver will stay loaded even if there is no platform driver and thus no possible way it can do any compression or decompression. This allows the crypto 842-nx driver to load even if it won't actually work. For crypto compression users (e.g. zswap) that expect an available crypto compression driver to actually work, this is bad. This patch fixes that, so the 842-nx crypto compression driver won't load if it doesn't have the driver and hardware available to perform the compression. Signed-off-by: Dan Streetman <ddstreet@ieee.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:51:23 UTC |
| f614e54 | Herbert Xu | 28 May 2015, 14:08:04 UTC | crypto: cryptd - Convert to new AEAD interface This patch converts cryptd to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:37 UTC |
| af05b30 | Herbert Xu | 28 May 2015, 14:08:03 UTC | crypto: aesni - Convert top-level rfc4106 algorithm to new interface This patch converts rfc4106-gcm-aesni to the new AEAD interface. The low-level interface remains as is for now because we can't touch it until cryptd itself is upgraded. In the conversion I've also removed the duplicate copy of the context in the top-level algorithm. Now all processing is carried out in the low-level __driver-gcm-aes-aesni algorithm. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:36 UTC |
| 92b9876 | Herbert Xu | 28 May 2015, 14:08:01 UTC | crypto: cryptd - Add setkey/setauthsize functions for AEAD This patch adds setkey and setauthsize for cryptd AEAD. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:35 UTC |
| 0496f56 | Herbert Xu | 28 May 2015, 14:08:00 UTC | crypto: pcrypt - Add support for new AEAD interface This patch converts pcrypt over to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:35 UTC |
| caab946 | Herbert Xu | 28 May 2015, 14:07:59 UTC | crypto: aead - Add multiple algorithm registration interface This patch adds the helpers that allow the registration and removal of multiple algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:35 UTC |
| 4361536 | Herbert Xu | 28 May 2015, 14:07:57 UTC | crypto: aead - Ignore return value from crypto_unregister_alg No new code should be using the return value of crypto_unregister_alg as it will become void soon. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:34 UTC |
| c2110f2 | Herbert Xu | 28 May 2015, 14:07:56 UTC | crypto: api - Include alignment in crypto_alg_extsize This patch ensures that the tfm context always has enough extra memory to ensure that it is aligned according to cra_alignment. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:34 UTC |
| 5c98d62 | Herbert Xu | 28 May 2015, 14:07:55 UTC | crypto: aead - Add aead_alg_instance Now that type-safe init/exit functions exist, they often need to access the underlying aead_instance. So this patch adds the helper aead_alg_instance to access aead_instance from a crypto_aead object. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:33 UTC |
| 5eb8ec6 | Herbert Xu | 28 May 2015, 14:07:53 UTC | crypto: aead - Add type-safe init/exit functions As it stands the only non-type safe functions left in the new AEAD interface are the cra_init/cra_exit functions. It means exposing the ugly __crypto_aead_cast to every AEAD implementor. This patch adds type-safe init/exit functions to AEAD. Existing algorithms are unaffected while new implementations can simply fill in these two instead of cra_init/cra_exit. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:33 UTC |
| addfda2 | Stephan Mueller | 28 May 2015, 06:52:42 UTC | crypto: doc - cover new AEAD interface The patch updates the DocBook to cover the new AEAD interface implementation. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:32 UTC |
| b64a2d9 | Herbert Xu | 28 May 2015, 03:30:35 UTC | Revert "crypto: algif_aead - Disable AEAD user-space for now" This reverts commit f858c7bcca8c20761a20593439fe998b4b67e86b as the algif_aead interface has been switched over to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 03 June 2015, 02:48:31 UTC |
| bfa1ce5 | Thomas Petazzoni | 28 May 2015, 09:40:54 UTC | bus: mvebu-mbus: add mv_mbus_dram_info_nooverlap() This commit introduces a variant of the mv_mbus_dram_info() function called mv_mbus_dram_info_nooverlap(). Both functions are used by Marvell drivers supporting devices doing DMA, and provide them a description the DRAM ranges that they need to configure their DRAM windows. The ranges provided by the mv_mbus_dram_info() function may overlap with the I/O windows if there is a lot (>= 4 GB) of RAM installed. This is not a problem for most of the DMA masters, except for the upcoming new CESA crypto driver because it does DMA to the SRAM, which is mapped through an I/O window. For this unit, we need to have DRAM ranges that do not overlap with the I/O windows. A first implementation done in commit 1737cac69369 ("bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window"), changed the information returned by mv_mbus_dram_info() to match this requirement. However, it broke the requirement of the other DMA masters than the DRAM ranges should have power of two sizes. To solve this situation, this commit introduces a new mv_mbus_dram_info_nooverlap() function, which returns the same information as mv_mbus_dram_info(), but guaranteed to not overlap with the I/O windows. In the end, it gives us two variants of the mv_mbus_dram_info*() functions: - The normal one, mv_mbus_dram_info(), which has been around for many years. This function returns the raw DRAM ranges, which are guaranteed to use power of two sizes, but will overlap with I/O windows. This function will therefore be used by all DMA masters (SATA, XOR, Ethernet, etc.) except the CESA crypto driver. - The new 'nooverlap' variant, mv_mbus_dram_info_nooverlap(). This function returns DRAM ranges after they have been "tweaked" to make sure they don't overlap with I/O windows. By doing this tweaking, we remove the power of two size guarantee. This variant will be used by the new CESA crypto driver. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> | 28 May 2015, 10:21:08 UTC |
| 885dbd1 | Thomas Petazzoni | 28 May 2015, 08:40:13 UTC | Revert "bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window" This reverts commit 1737cac69369 ("bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window"), because it breaks DMA on platforms having more than 2 GB of RAM. This commit changed the information reported to DMA masters device drivers through the mv_mbus_dram_info() function so that the returned DRAM ranges do not overlap with I/O windows. This was necessary as a preparation to support the new CESA Crypto Engine driver, which will use DMA for cryptographic operations. But since it does DMA with the SRAM which is mapped as an I/O window, having DRAM ranges overlapping with I/O windows was problematic. To solve this, the above mentioned commit changed the mvebu-mbus to adjust the DRAM ranges so that they don't overlap with the I/O windows. However, by doing this, we re-adjust the DRAM ranges in a way that makes them have a size that is no longer a power of two. While this is perfectly fine for the Crypto Engine, which supports DRAM ranges with a granularity of 64 KB, it breaks basically all other DMA masters, which expect power of two sizes for the DRAM ranges. Due to this, if the installed system memory is 4 GB, in two chip-selects of 2 GB, the second DRAM range will be reduced from 2 GB to a little bit less than 2 GB to not overlap with the I/O windows, in a way that results in a DRAM range that doesn't have a power of two size. This means that whenever you do a DMA transfer with an address located in the [ 2 GB ; 4 GB ] area, it will freeze the system. Any serious DMA activity like simply running: for i in $(seq 1 64) ; do dd if=/dev/urandom of=file$i bs=1M count=16 ; done in an ext3 partition mounted over a SATA drive will freeze the system. Since the new CESA crypto driver that uses DMA has not been merged yet, the easiest fix is to simply revert this commit. A follow-up commit will introduce a different solution for the CESA crypto driver. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Fixes: 1737cac69369 ("bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window") Cc: <stable@vger.kernel.org> # v4.0+ Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> | 28 May 2015, 09:14:31 UTC |
| 8c9e06e | Nicolas Schichan | 28 May 2015, 08:40:12 UTC | bus: mvebu-mbus: do not set WIN_CTRL_SYNCBARRIER on non io-coherent platforms. Commit a0b5cd4ac2d6 ("bus: mvebu-mbus: use automatic I/O synchronization barriers") enabled the usage of automatic I/O synchronization barriers by enabling bit WIN_CTRL_SYNCBARRIER in the control registers of MBus windows, but on non io-coherent platforms (orion5x, kirkwood and dove) the WIN_CTRL_SYNCBARRIER bit in the window control register is either reserved (all windows except 6 and 7) or enables read-only protection (windows 6 and 7). Signed-off-by: Nicolas Schichan <nschichan@freebox.fr> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: <stable@vger.kernel.org> # v4.0+ Fixes: a0b5cd4ac2d6 ("bus: mvebu-mbus: use automatic I/O synchronization barriers") Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> | 28 May 2015, 09:14:19 UTC |
| 2ff9ab4 | Imre Kaloz | 20 May 2015, 21:22:04 UTC | ARM: mvebu: armada-xp-linksys-mamba: Disable internal RTC The Mamba (like the OpenBlocks AX3) doesn't have a crystal connected to the internal RTC - let's prevent the kernel from probing it. Signed-off-by: Imre Kaloz <kaloz@openwrt.org> Cc: <stable@vger.kernel.org> # v4.0 + Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com> | 28 May 2015, 09:13:44 UTC |
| cf58fcb | Stephan Mueller | 27 May 2015, 11:50:12 UTC | crypto: jitterentropy - remove timekeeping_valid_for_hres The patch removes the use of timekeeping_valid_for_hres which is now marked as internal for the time keeping subsystem. The jitterentropy does not really require this verification as a coarse timer (when random_get_entropy is absent) is discovered by the initialization test of jent_entropy_init, which would cause the jitter rng to not load in that case. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:21 UTC |
| 19fa775 | Herbert Xu | 27 May 2015, 09:24:41 UTC | crypto: algif_aead - Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Note that the user-space interface now requires both input and output to be of the same length, and both must include space for the AD as well as the authentication tag. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:21 UTC |
| a3f2185 | Herbert Xu | 27 May 2015, 08:03:51 UTC | crypto: tcrypt - Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:21 UTC |
| 957e0fe | Herbert Xu | 27 May 2015, 08:03:50 UTC | mac80211: Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Tested-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:20 UTC |
| 25528fd | Herbert Xu | 27 May 2015, 08:03:48 UTC | mac802154: Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:20 UTC |
| 000ae7b | Herbert Xu | 27 May 2015, 08:03:47 UTC | esp6: Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:20 UTC |
| 7021b2e | Herbert Xu | 27 May 2015, 08:03:46 UTC | esp4: Switch to new AEAD interface This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. The IV generation is also now carried out through normal AEAD methods. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:20 UTC |
| 69b0137 | Herbert Xu | 27 May 2015, 08:03:45 UTC | ipsec: Add IV generator information to xfrm_state This patch adds IV generator information to xfrm_state. This is currently obtained from our own list of algorithm descriptions. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> | 28 May 2015, 03:23:20 UTC |
