1. 01 7月, 2018 1 次提交
    • E
      crypto: arm/speck - fix building in Thumb2 mode · a068b94d
      Eric Biggers 提交于
      Building the kernel with CONFIG_THUMB2_KERNEL=y and
      CONFIG_CRYPTO_SPECK_NEON set fails with the following errors:
      
          arch/arm/crypto/speck-neon-core.S: Assembler messages:
      
          arch/arm/crypto/speck-neon-core.S:419: Error: r13 not allowed here -- `bic sp,#0xf'
          arch/arm/crypto/speck-neon-core.S:423: Error: r13 not allowed here -- `bic sp,#0xf'
          arch/arm/crypto/speck-neon-core.S:427: Error: r13 not allowed here -- `bic sp,#0xf'
          arch/arm/crypto/speck-neon-core.S:431: Error: r13 not allowed here -- `bic sp,#0xf'
      
      The problem is that the 'bic' instruction can't operate on the 'sp'
      register in Thumb2 mode.  Fix it by using a temporary register.  This
      isn't in the main loop, so the performance difference is negligible.
      This also matches what aes-neonbs-core.S does.
      Reported-by: NStefan Agner <stefan@agner.ch>
      Fixes: ede96221 ("crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS")
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: NStefan Agner <stefan@agner.ch>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      a068b94d
  2. 15 6月, 2018 5 次提交
    • M
      hwrng: core - Always drop the RNG in hwrng_unregister() · 837bf7cc
      Michael Büsch 提交于
      enable_best_rng() is used in hwrng_unregister() to switch away from the
      currently active RNG, if that is the one currently being removed.
      However enable_best_rng() might fail, if the next RNG's init routine
      fails. In that case enable_best_rng() will return an error code and
      the currently active RNG will remain active.
      After unregistering this might lead to crashes due to use-after-free.
      
      Fix this by dropping the currently active RNG, if enable_best_rng()
      failed. This will result in no RNG to be active, if the next-best
      one failed to initialize.
      
      This problem was introduced by 142a27f0
      
      Fixes: 142a27f0 ("hwrng: core - Reset user selected rng by...")
      Reported-by: NWirz <spam@lukas-wirz.de>
      Tested-by: NWirz <spam@lukas-wirz.de>
      Signed-off-by: NMichael Büsch <m@bues.ch>
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      837bf7cc
    • O
      crypto: morus640 - Fix out-of-bounds access · a81ae809
      Ondrej Mosnáček 提交于
      We must load the block from the temporary variable here, not directly
      from the input.
      
      Also add forgotten zeroing-out of the uninitialized part of the
      temporary block (as is done correctly in morus1280.c).
      
      Fixes: 396be41f ("crypto: morus - Add generic MORUS AEAD implementations")
      Reported-by: syzbot+1fafa9c4cf42df33f716@syzkaller.appspotmail.com
      Reported-by: syzbot+d82643ba80bf6937cd44@syzkaller.appspotmail.com
      Signed-off-by: NOndrej Mosnacek <omosnace@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      a81ae809
    • D
      crypto: don't optimize keccakf() · f044a84e
      Dmitry Vyukov 提交于
      keccakf() is the only function in kernel that uses __optimize() macro.
      __optimize() breaks frame pointer unwinder as optimized code uses RBP,
      and amusingly this always lead to degraded performance as gcc does not
      inline across different optimizations levels, so keccakf() wasn't inlined
      into its callers and keccakf_round() wasn't inlined into keccakf().
      
      Drop __optimize() to resolve both problems.
      Signed-off-by: NDmitry Vyukov <dvyukov@google.com>
      Fixes: 83dee2ce ("crypto: sha3-generic - rewrite KECCAK transform to help the compiler optimize")
      Reported-by: syzbot+37035ccfa9a0a017ffcf@syzkaller.appspotmail.com
      Reported-by: syzbot+e073e4740cfbb3ae200b@syzkaller.appspotmail.com
      Cc: linux-crypto@vger.kernel.org
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      f044a84e
    • J
      crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end · 6e88f012
      Jia He 提交于
      In a arm64 server(QDF2400),I met a similar might-sleep warning as [1]:
      [    7.019116] BUG: sleeping function called from invalid context at
      ./include/crypto/algapi.h:416
      [    7.027863] in_atomic(): 1, irqs_disabled(): 0, pid: 410, name:
      cryptomgr_test
      [    7.035106] 1 lock held by cryptomgr_test/410:
      [    7.039549]  #0:         (ptrval) (&drbg->drbg_mutex){+.+.}, at:
      drbg_instantiate+0x34/0x398
      [    7.048038] CPU: 9 PID: 410 Comm: cryptomgr_test Not tainted
      4.17.0-rc6+ #27
      [    7.068228]  dump_backtrace+0x0/0x1c0
      [    7.071890]  show_stack+0x24/0x30
      [    7.075208]  dump_stack+0xb0/0xec
      [    7.078523]  ___might_sleep+0x160/0x238
      [    7.082360]  skcipher_walk_done+0x118/0x2c8
      [    7.086545]  ctr_encrypt+0x98/0x130
      [    7.090035]  simd_skcipher_encrypt+0x68/0xc0
      [    7.094304]  drbg_kcapi_sym_ctr+0xd4/0x1f8
      [    7.098400]  drbg_ctr_update+0x98/0x330
      [    7.102236]  drbg_seed+0x1b8/0x2f0
      [    7.105637]  drbg_instantiate+0x2ac/0x398
      [    7.109646]  drbg_kcapi_seed+0xbc/0x188
      [    7.113482]  crypto_rng_reset+0x4c/0xb0
      [    7.117319]  alg_test_drbg+0xec/0x330
      [    7.120981]  alg_test.part.6+0x1c8/0x3c8
      [    7.124903]  alg_test+0x58/0xa0
      [    7.128044]  cryptomgr_test+0x50/0x58
      [    7.131708]  kthread+0x134/0x138
      [    7.134936]  ret_from_fork+0x10/0x1c
      
      Seems there is a bug in Ard Biesheuvel's commit.
      Fixes: 68338174 ("crypto: arm64/aes-blk - move kernel mode neon
      en/disable into loop")
      
      [1] https://www.spinics.net/lists/linux-crypto/msg33103.html
      
      Signed-off-by: jia.he@hxt-semitech.com
      Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: <stable@vger.kernel.org> # 4.17
      Acked-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      6e88f012
    • D
      crypto: chtls - use after free in chtls_pt_recvmsg() · f70b359b
      Dan Carpenter 提交于
      We call chtls_free_skb() but then we dereference it on the next lines.
      Also "skb" can't be NULL, we just dereferenced it on the line before.
      
      I have moved the free down a couple lines to fix this issue.
      
      Fixes: 17a7d24a ("crypto: chtls - generic handling of data and hdr")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      f70b359b
  3. 31 5月, 2018 26 次提交
  4. 27 5月, 2018 8 次提交