1. 13 6月, 2018 1 次提交
    • K
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook 提交于
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6396bb22
  2. 28 4月, 2018 7 次提交
  3. 12 1月, 2018 1 次提交
  4. 05 1月, 2018 5 次提交
  5. 12 10月, 2017 13 次提交
    • C
      crypto: crypto4xx - add aes-gcm support · 59231368
      Christian Lamparter 提交于
      This patch adds aes-gcm support to crypto4xx.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      59231368
    • C
      crypto: crypto4xx - add aes-ccm support · 65ea8b67
      Christian Lamparter 提交于
      This patch adds aes-ccm support.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      65ea8b67
    • C
      crypto: crypto4xx - prepare for AEAD support · a0aae821
      Christian Lamparter 提交于
      This patch enhances existing interfaces and
      functions to support AEAD ciphers in the next
      patches.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      a0aae821
    • C
      crypto: crypto4xx - simplify sa and state context acquisition · 2f77690d
      Christian Lamparter 提交于
      Thanks to the big overhaul of crypto4xx_build_pd(), the request-local
      sa_in, sa_out and state_record allocation can be simplified.
      
      There's no need to setup any dma coherent memory anymore and
      much of the support code can be removed.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      2f77690d
    • C
      crypto: crypto4xx - fix stalls under heavy load · 4b5b7999
      Christian Lamparter 提交于
      If the crypto4xx device is continuously loaded by dm-crypt
      and ipsec work, it will start to work intermittent after a
      few (between 20-30) seconds, hurting throughput and latency.
      
      This patch contains various stability improvements in order
      to fix this issue. So far, the hardware has survived more
      than a day without suffering any stalls under the continuous
      load.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4b5b7999
    • C
      crypto: crypto4xx - fix various warnings · 64e1062b
      Christian Lamparter 提交于
      crypto4xx_core.c:179:6: warning: symbol 'crypto4xx_free_state_record'
      	was not declared. Should it be static?
      crypto4xx_core.c:331:5: warning: symbol 'crypto4xx_get_n_gd'
      	was not declared. Should it be static?
      crypto4xx_core.c:652:6: warning: symbol 'crypto4xx_return_pd'
      	was not declared. Should it be static?
      
      crypto4xx_return_pd() is not used by anything. Therefore it is removed.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      64e1062b
    • C
      crypto: crypto4xx - overhaul crypto4xx_build_pd() · cd4dcd6d
      Christian Lamparter 提交于
      This patch overhauls and fixes code related to crypto4xx_build_pd()
      
       * crypto4xx_build_pd() did not handle chained source scatterlist.
         This is fixed by replacing the buggy indexed-access of &src[idx]
         with sg_next() in the gather array setup loop.
      
       * The redundant is_hash, direction, save_iv and pd_ctl members
         in the crypto4xx_ctx struct have been removed.
          - is_hash can be derived from the crypto_async_request parameter.
          - direction is already part of the security association's
            bf.dir bitfield.
          - save_iv is unused.
          - pd_ctl always had the host_ready bit enabled anyway.
            (the hash_final case is rather pointless, since the ahash
             code has been deactivated).
      
       * make crypto4xx_build_pd()'s caller responsible for converting
         the IV to the LE32 format.
      
       * change crypto4xx_ahash_update() and crypto4xx_ahash_digest() to
         initialize a temporary destination scatterlist. This allows the
         removal of an ugly cast of req->result (which is a pointer to an
         u8-array) to a scatterlist pointer.
      
       * change crypto4xx_build_pd() return type to int. After all
         it returns -EINPROGRESS/-EBUSY.
      
       * fix crypto4xx_build_pd() thread-unsafe sa handling.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      cd4dcd6d
    • C
      crypto: crypto4xx - use the correct LE32 format for IV and key defs · 4865b122
      Christian Lamparter 提交于
      The hardware expects that the keys, IVs (and inner/outer hashes)
      are in the le32 format.
      
      This patch changes all hardware interface declarations to use
      the correct LE32 data format for each field.
      
      In order to pass __CHECK_ENDIAN__ checks, crypto4xx_memcpy_le
      has to be honest about the endianness of its parameters.
      The function was split and moved to the common crypto4xx_core.h
      header. This allows the compiler to generate better code if the
      sizes/len is a constant (various *_IV_LEN).
      
      Please note that the hardware isn't consistent with the endiannes
      of the save_digest field in the state record struct though.
      The hashes produced by GHASH and CBC (for CCM) will be in LE32.
      Whereas md5 and sha{1/,256,...} do not need any conversion.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      4865b122
    • C
      crypto: crypto4xx - add backlog queue support · 8ef8d195
      Christian Lamparter 提交于
      Previously, If the crypto4xx driver used all available
      security contexts, it would simply refuse new requests
      with -EAGAIN. CRYPTO_TFM_REQ_MAY_BACKLOG was ignored.
      
      in case of dm-crypt.c's crypt_convert() function this was
      causing the following errors to manifest, if the system was
      pushed hard enough:
      
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | EXT4-fs warning (dm-1): ext4_end_bio:314: I/O error -5 writing to ino ..
      | JBD2: Detected IO errors while flushing file data on dm-1-8
      | Aborting journal on device dm-1-8.
      | EXT4-fs error : ext4_journal_check_start:56: Detected aborted journal
      | EXT4-fs (dm-1): Remounting filesystem read-only
      | EXT4-fs : ext4_writepages: jbd2_start: 2048 pages, inode 498...; err -30
      
      (This did cause corruptions due to failed writes)
      
      To fix this mess, the crypto4xx driver needs to notifiy the
      user to slow down. This can be achieved by returning -EBUSY
      on requests, once the crypto hardware was falling behind.
      
      Note: -EBUSY has two different meanings. Setting the flag
      CRYPTO_TFM_REQ_MAY_BACKLOG implies that the request was
      successfully queued, by the crypto driver. To achieve this
      requirement, the implementation introduces a threshold check and
      adds logic to the completion routines in much the same way as
      AMD's Cryptographic Coprocessor (CCP) driver do.
      
      Note2: Tests showed that dm-crypt starved ipsec traffic.
      Under load, ipsec links dropped to 0 Kbits/s. This is because
      dm-crypt's callback would instantly queue the next request.
      In order to not starve ipsec, the driver reserves a small
      portion of the available crypto contexts for this purpose.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8ef8d195
    • C
      crypto: crypto4xx - increase context and scatter ring buffer elements · 778f81d6
      Christian Lamparter 提交于
      If crypto4xx is used in conjunction with dm-crypt, the available
      ring buffer elements are not enough to handle the load properly.
      
      On an aes-cbc-essiv:sha256 encrypted swap partition the read
      performance is abyssal: (tested with hdparm -t)
      
      /dev/mapper/swap_crypt:
       Timing buffered disk reads:  14 MB in  3.68 seconds =   3.81 MB/sec
      
      The patch increases both PPC4XX_NUM_SD and PPC4XX_NUM_PD to 256.
      This improves the performance considerably:
      
      /dev/mapper/swap_crypt:
       Timing buffered disk reads: 104 MB in  3.03 seconds =  34.31 MB/sec
      
      Furthermore, PPC4XX_LAST_SD, PPC4XX_LAST_GD and PPC4XX_LAST_PD
      can be easily calculated from their respective PPC4XX_NUM_*
      constant.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      778f81d6
    • C
      crypto: crypto4xx - fix type mismatch compiler error · 333eb3ed
      Christian Lamparter 提交于
      This patch fixes a type mismatch error that I accidentally
      introduced when I moved and refactored the dynamic_contents
      helpers.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      333eb3ed
    • C
      crypto: crypto4xx - fix off-by-one AES-OFB · e9b8e4e1
      Christian Lamparter 提交于
      I used aes-cbc as a template for ofb. But sadly I forgot
      to update set_key method to crypto4xx_setkey_aes_ofb().
      
      this was caught by the testmgr:
      alg: skcipher: Test 1 failed (invalid result) on encr. for ofb-aes-ppc4xx
      00000000: 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
      00000010: 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
      00000020: 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
      00000030: 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
      
      With the correct set_key method, the aes-ofb cipher passes the test.
      
      name         : ofb(aes)
      driver       : ofb-aes-ppc4xx
      module       : crypto4xx
      priority     : 300
      refcnt       : 1
      selftest     : passed
      internal     : no
      type         : ablkcipher
      async        : yes
      blocksize    : 16
      min keysize  : 16
      max keysize  : 32
      ivsize       : 16
      geniv        : <default>
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      e9b8e4e1
    • C
      crypto: crypto4xx - wire up hmac_mc to hmac_muting · 5a4326d3
      Christian Lamparter 提交于
      The hmac_mc parameter of set_dynamic_sa_command_1()
      was defined but not used. On closer inspection it
      turns out, it was never wired up.
      Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      5a4326d3
  6. 22 9月, 2017 12 次提交
  7. 20 6月, 2017 1 次提交