Initialize sha_dd with platform_get_drvdata() when declaring it.
Signed-off-by: NClaudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

caam has its own special NAPI weights. It's also a crypto device
so presumably it can't be used for packet Rx. Switch to the (new)
correct API.
Signed-off-by: NJakub Kicinski <kuba@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so pdata is never NULL.

This is a preparation for making platform remove callbacks return void.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: NVladimir Zapolskiy <vz@mleia.com>
Reviewed-by: NKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so dd is never NULL.

This is a preparation for making platform remove callbacks return void.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so dd is never NULL.

This is a preparation for making platform remove callbacks return void.

While touching this driver remove an assignment without effect.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so dd is never NULL.

This is a preparation for making platform remove callbacks return void.

While touching this driver remove a stray empty line.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so tdes_dd is never NULL.

This is a preparation for making platform remove callbacks return void.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: NClaudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so sha_dd is never NULL.

This is a preparation for making platform remove callbacks return void.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: NClaudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The remove callback is only called after probe completed successfully.
In this case platform_set_drvdata() was called with a non-NULL argument
and so aes_dd is never NULL.

This is a preparation for making platform remove callbacks return void.
Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Add clk_disable_unprepare() on error path in cc_pm_resume().
Reported-by: NHulk Robot <hulkci@huawei.com>
Signed-off-by: NYuan Can <yuancan@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

It contains ARIA ecb(aria), cbc(aria), cfb(aria), ctr(aria), and gcm(aria).
ecb testvector is from RFC standard.
cbc, cfb, and ctr testvectors are from KISA[1], who developed ARIA
algorithm.
gcm(aria) is from openssl test vector.

[1] https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do (Korean)
Signed-off-by: NTaehee Yoo <ap420073@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

ARIA(RFC 5794) is a symmetric block cipher algorithm.
This algorithm is being used widely in South Korea as a standard cipher
algorithm.
This code is written based on the ARIA implementation of OpenSSL.
The OpenSSL code is based on the distributed source code[1] by KISA.

ARIA has three key sizes and corresponding rounds.
ARIA128: 12 rounds.
ARIA192: 14 rounds.
ARIA245: 16 rounds.

[1] https://seed.kisa.or.kr/kisa/Board/19/detailView.do (Korean)
Signed-off-by: NTaehee Yoo <ap420073@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Changes from v1:
  * replace some accidental spaces with tabs

In commit f145d411 ("crypto: rsa - implement Chinese Remainder Theorem
for faster private key operations") we have started to use the additional
primes and coefficients for RSA private key operations. However, these
additional parameters are not present (defined as 0 integers) in the RSA
test vectors.

Some parameters were borrowed from OpenSSL, so I was able to find the
source. I could not find the public source for 1 vector though, so had to
recover the parameters by implementing Appendix C from [1].

[1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf

Fixes: f145d411 ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations")
Reported-by: NTasmiya Nalatwad <tasmiya@linux.vnet.ibm.com>
Signed-off-by: NIgnat Korchagin <ignat@cloudflare.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When mixing bit-field and none bit-filed in packed struct the
none bit-field starts at a distinct memory location, thus adding
an additional byte to the overall structure which is used in
memory zero-ing and other configuration calculations.

Fix this by removing the none bit-field that has a following
bit-field.
Signed-off-by: NOfer Heifetz <oferh@marvell.com>
Acked-by: NAntoine Tenart <atenart@kernel.org>
Acked-by: NAntoine Tenart <atenart@kernel.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When kunpeng916 encryption driver is used to deencrypt and decrypt
packets during the softirq, it is not allowed to use mutex lock.

Fixes: 915e4e84 ("crypto: hisilicon - SEC security accelerator driver")
Signed-off-by: NZhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

When kunpeng920 encryption driver is used to deencrypt and decrypt
packets during the softirq, it is not allowed to use mutex lock. The
kernel will report the following error:

BUG: scheduling while atomic: swapper/57/0/0x00000300
Call trace:
dump_backtrace+0x0/0x1e4
show_stack+0x20/0x2c
dump_stack+0xd8/0x140
__schedule_bug+0x68/0x80
__schedule+0x728/0x840
schedule+0x50/0xe0
schedule_preempt_disabled+0x18/0x24
__mutex_lock.constprop.0+0x594/0x5dc
__mutex_lock_slowpath+0x1c/0x30
mutex_lock+0x50/0x60
sec_request_init+0x8c/0x1a0 [hisi_sec2]
sec_process+0x28/0x1ac [hisi_sec2]
sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2]
sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2]
crypto_skcipher_encrypt+0x2c/0x40
crypto_authenc_encrypt+0xc8/0xfc [authenc]
crypto_aead_encrypt+0x2c/0x40
echainiv_encrypt+0x144/0x1a0 [echainiv]
crypto_aead_encrypt+0x2c/0x40
esp_output_tail+0x348/0x5c0 [esp4]
esp_output+0x120/0x19c [esp4]
xfrm_output_one+0x25c/0x4d4
xfrm_output_resume+0x6c/0x1fc
xfrm_output+0xac/0x3c0
xfrm4_output+0x64/0x130
ip_build_and_send_pkt+0x158/0x20c
tcp_v4_send_synack+0xdc/0x1f0
tcp_conn_request+0x7d0/0x994
tcp_v4_conn_request+0x58/0x6c
tcp_v6_conn_request+0xf0/0x100
tcp_rcv_state_process+0x1cc/0xd60
tcp_v4_do_rcv+0x10c/0x250
tcp_v4_rcv+0xfc4/0x10a4
ip_protocol_deliver_rcu+0xf4/0x200
ip_local_deliver_finish+0x58/0x70
ip_local_deliver+0x68/0x120
ip_sublist_rcv_finish+0x70/0x94
ip_list_rcv_finish.constprop.0+0x17c/0x1d0
ip_sublist_rcv+0x40/0xb0
ip_list_rcv+0x140/0x1dc
__netif_receive_skb_list_core+0x154/0x28c
__netif_receive_skb_list+0x120/0x1a0
netif_receive_skb_list_internal+0xe4/0x1f0
napi_complete_done+0x70/0x1f0
gro_cell_poll+0x9c/0xb0
napi_poll+0xcc/0x264
net_rx_action+0xd4/0x21c
__do_softirq+0x130/0x358
irq_exit+0x11c/0x13c
__handle_domain_irq+0x88/0xf0
gic_handle_irq+0x78/0x2c0
el1_irq+0xb8/0x140
arch_cpu_idle+0x18/0x40
default_idle_call+0x5c/0x1c0
cpuidle_idle_call+0x174/0x1b0
do_idle+0xc8/0x160
cpu_startup_entry+0x30/0x11c
secondary_start_kernel+0x158/0x1e4
softirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with
preempt_count 00000100, exited with fffffe00?

Fixes: 416d8220 ("crypto: hisilicon - add HiSilicon SEC V2 driver")
Signed-off-by: NZhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The argument passed to sec_queue_aw_alloc() should be
SEC_QUEUE_AW_FROCE_NOALLOC instead of SEC_QUEUE_AR_FROCE_NOALLOC.
Signed-off-by: NJianglei Nie <niejianglei2021@163.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In nx842_pseries_init(), we should hold the reference returned by
of_find_compatible_node() and use it to call of_node_put to keep
refcount balance.
Signed-off-by: NLiang He <windhl@126.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

In crypto4xx_probe(), we should hold the reference returned by
of_find_compatible_node() and use it to call of_node_put to keep
 refcount balance.
Signed-off-by: NLiang He <windhl@126.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The compiler complains that p8_ghash_alg isn't declared which is
because the header file aesp8-ppc.h isn't included in ghash.c.
This patch fixes the warning.
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: NBreno Leitao <leitao@debian.org>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

qat_4xxx devices can be configured to allow either crypto or compression
operations. At the moment, devices are configured statically according to
the following rule:
- odd numbered devices assigned to compression services
- even numbered devices assigned to crypto services

Expose the sysfs attribute /sys/bus/pci/devices/<BDF>/qat/cfg_services
to allow to detect the configuration of a device and to change it.

The `cfg_service` attribute is only exposed for qat_4xxx devices and it
is limited to two configurations: (1) "sym;asym" for crypto services and
"dc" for compression services.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Co-developed-by: NTomasz Kowallik <tomaszx.kowalik@intel.com>
Signed-off-by: NTomasz Kowallik <tomaszx.kowalik@intel.com>
Reviewed-by: NAdam Guerin <adam.guerin@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NVladis Dronov <vdronov@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The function adf_sriov_prepare_restart() is used in adf_sriov.c to stop
and shutdown a device preserving its configuration.

Since this function will be re-used by the logic that allows to
reconfigure the device through sysfs, move it to adf_init.c and rename
it as adf_dev_shutdown_cache_cfg();
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NAdam Guerin <adam.guerin@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NVladis Dronov <vdronov@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The function adf_cfg_add_key_value_param() allows to insert duplicates
entries in the key value store of the driver.

Change the behaviour of that function to the following policy:
- if the key doesn't exist, add it;
- if the key already exists with a different value, then delete it and
  replace it with a new one containing the new value;
- if the key exists with the same value, then return without doing
  anything.

The behaviour of this function has been changed in order to easily
update key-values in the driver database. In particular this is required
to update the value of the ServiceEnables key used to change the service
loaded on a device.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: NAdam Guerin <adam.guerin@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NVladis Dronov <vdronov@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Expose the device state through an attribute in sysfs and allow to
change it. This is to stop and shutdown a QAT device in order to change
its configuration.

The state attribute has been added to a newly created `qat` attribute
group which will contain all _QAT specific_ attributes.

The logic that implements the sysfs entries is part of a new file,
adf_sysfs.c. This exposes an entry point to allow the driver to create
attributes.

The function that creates the sysfs attributes is called from the probe
function of the driver and not in the state machine init function to
allow the change of states even if the device is in the down state.

In order to restore the device configuration between a transition from
down to up, the function that configures the devices has been abstracted
into the HW data structure.

The `state` attribute is only exposed for qat_4xxx devices.
Signed-off-by: NGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Co-developed-by: NTomasz Kowallik <tomaszx.kowalik@intel.com>
Signed-off-by: NTomasz Kowallik <tomaszx.kowalik@intel.com>
Reviewed-by: NAdam Guerin <adam.guerin@intel.com>
Reviewed-by: NFiona Trahe <fiona.trahe@intel.com>
Reviewed-by: NWojciech Ziemba <wojciech.ziemba@intel.com>
Reviewed-by: NVladis Dronov <vdronov@redhat.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Otherwise, we could fail to compile.

ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_exit':
ghash-ce-glue.c:(.exit.text+0x24): undefined reference to 'crypto_unregister_aead'
ld: arch/arm64/crypto/ghash-ce-glue.o: in function 'ghash_ce_mod_init':
ghash-ce-glue.c:(.init.text+0x34): undefined reference to 'crypto_register_aead'

Fixes: 537c1445 ("crypto: arm64/gcm - implement native driver using v8 Crypto Extensions")
Signed-off-by: NQian Cai <quic_qiancai@quicinc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

According to PKCS#1 standard, the 'otherPrimeInfos' field contains
the information for the additional primes r_3, ..., r_u, in order.
It shall be omitted if the version is 0 and shall contain at least
one instance of OtherPrimeInfo if the version is 1, see:
	https://www.rfc-editor.org/rfc/rfc3447#page-44

Replace the version number '1' with 0, otherwise, some drivers may
not pass the run-time tests.
Signed-off-by: Nlei he <helei.sig11@bytedance.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

there is an unexpected word 'for' in the comments that need to be dropped

file - drivers/crypto/vmx/ghashp8-ppc.pl
line - 19

"# GHASH for for PowerISA v2.07."

changed to:

"# GHASH for PowerISA v2.07."
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

there is an unexpected word 'for' in the comments that need to be dropped

file - drivers/crypto/caam/caamhash_desc.c
line - 25

*              must be false for for ahash first and digest

changed to:

*              must be false for ahash first and digest
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Reviewed-by: NGaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Drop the unexpected word 'a' in the comments that need to be dropped

* This is a a cache of buffers, from which the users of CAAM QI driver
-->
* This is a cache of buffers, from which the users of CAAM QI driver
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Reviewed-by: NGaurav Jain <gaurav.jain@nxp.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Replace 'is' with 'it'

file: drivers/crypto/cavium/cpt/cpt_hw_types.h
line: 268

*	which if the line hits and is is dirty will cause the line to be

changed to:
*	which if the line hits and it is dirty will cause the line to be
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Delete the redundant word 'the'.
Signed-off-by: NJilin Yuan <yuanjilin@cdjrlc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

there is an unexpected word "the" in the comments that need to be dropped

>-  * specified in the the hw design spec. Either due to incorrect info in the
>+  * specified in the hw design spec. Either due to incorrect info in the
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

there is an unexpected word "the" in the comments that need to be dropped

>- * The DDE is setup with the the DDE count, byte count, and address of
>+ * The DDE is setup with the DDE count, byte count, and address of
Signed-off-by: NJiang Jian <jiangjian@cdjrlc.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Using 3 blocks here doesn't give us much more than using 2, and it
causes a stack frame size warning on certain compiler/config/arch
combinations:

   lib/crypto/blake2s-selftest.c: In function 'blake2s_selftest':
>> lib/crypto/blake2s-selftest.c:632:1: warning: the frame size of 1088 bytes is larger than 1024 bytes [-Wframe-larger-than=]
     632 | }
         | ^

So this patch just reduces the block from 3 to 2, which makes the
warning go away.
Reported-by: Nkernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-crypto/202206200851.gE3MHCgd-lkp@intel.com
Fixes: 2d16803c ("crypto: blake2s - remove shash module")
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

This dependency looks outdated. After the previous patch, we have been able
to use this driver to encrypt some data and to create working VF on arm64.
We have not tested it yet on any big endian machine, hence the new dependency
Signed-off-by: NYoan Picchi <yoan.picchi@arm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Currently the QAT driver code uses a self-defined wrapper function
called get_current_node() when it wants to learn the current NUMA node.
This implementation references the topology_physical_package_id[] array,
which more or less coincidentally contains the NUMA node id, at least
on x86.

Because this is not universal, and Linux offers a direct function to
learn the NUMA node ID, replace that function with a call to
numa_node_id(), which would work everywhere.

This fixes the QAT driver operation on arm64 machines.
Reported-by: NYoan Picchi <Yoan.Picchi@arm.com>
Signed-off-by: NAndre Przywara <andre.przywara@arm.com>
Signed-off-by: NYoan Picchi <yoan.picchi@arm.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

Changes from v1:
  * exported mpi_sub and mpi_mul, otherwise the build fails when RSA is a module

The kernel RSA ASN.1 private key parser already supports only private keys with
additional values to be used with the Chinese Remainder Theorem [1], but these
values are currently not used.

This rudimentary CRT implementation speeds up RSA private key operations for the
following Go benchmark up to ~3x.

This implementation also tries to minimise the allocation of additional MPIs,
so existing MPIs are reused as much as possible (hence the variable names are a
bit weird).

The benchmark used:

```
package keyring_test

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"io"
	"syscall"
	"testing"
	"unsafe"
)

type KeySerial int32
type Keyring int32

const (
	KEY_SPEC_PROCESS_KEYRING Keyring = -2
	KEYCTL_PKEY_SIGN                 = 27
)

var (
	keyTypeAsym = []byte("asymmetric\x00")
	sha256pkcs1 = []byte("enc=pkcs1 hash=sha256\x00")
)

func (keyring Keyring) LoadAsym(desc string, payload []byte) (KeySerial, error) {
	cdesc := []byte(desc + "\x00")
	serial, _, errno := syscall.Syscall6(syscall.SYS_ADD_KEY, uintptr(unsafe.Pointer(&keyTypeAsym[0])), uintptr(unsafe.Pointer(&cdesc[0])), uintptr(unsafe.Pointer(&payload[0])), uintptr(len(payload)), uintptr(keyring), uintptr(0))
	if errno == 0 {
		return KeySerial(serial), nil
	}

	return KeySerial(serial), errno
}

type pkeyParams struct {
	key_id         KeySerial
	in_len         uint32
	out_or_in2_len uint32
	__spare        [7]uint32
}

// the output signature buffer is an input parameter here, because we want to
// avoid Go buffer allocation leaking into our benchmarks
func (key KeySerial) Sign(info, digest, out []byte) error {
	var params pkeyParams
	params.key_id = key
	params.in_len = uint32(len(digest))
	params.out_or_in2_len = uint32(len(out))

	_, _, errno := syscall.Syscall6(syscall.SYS_KEYCTL, KEYCTL_PKEY_SIGN, uintptr(unsafe.Pointer(&params)), uintptr(unsafe.Pointer(&info[0])), uintptr(unsafe.Pointer(&digest[0])), uintptr(unsafe.Pointer(&out[0])), uintptr(0))
	if errno == 0 {
		return nil
	}

	return errno
}

func BenchmarkSign(b *testing.B) {
	priv, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		b.Fatalf("failed to generate private key: %v", err)
	}

	pkcs8, err := x509.MarshalPKCS8PrivateKey(priv)
	if err != nil {
		b.Fatalf("failed to serialize the private key to PKCS8 blob: %v", err)
	}

	serial, err := KEY_SPEC_PROCESS_KEYRING.LoadAsym("test rsa key", pkcs8)
	if err != nil {
		b.Fatalf("failed to load the private key into the keyring: %v", err)
	}

	b.Logf("loaded test rsa key: %v", serial)

	digest := make([]byte, 32)
	_, err = io.ReadFull(rand.Reader, digest)
	if err != nil {
		b.Fatalf("failed to generate a random digest: %v", err)
	}

	sig := make([]byte, 256)
	for n := 0; n < b.N; n++ {
		err = serial.Sign(sha256pkcs1, digest, sig)
		if err != nil {
			b.Fatalf("failed to sign the digest: %v", err)
		}
	}

	err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, digest, sig)
	if err != nil {
		b.Fatalf("failed to verify the signature: %v", err)
	}
}
```

[1]: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Using_the_Chinese_remainder_algorithmSigned-off-by: NIgnat Korchagin <ignat@cloudflare.com>
Reported-by: Nkernel test robot <lkp@intel.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

On shutdown, each CCP device instance performs shutdown processing.
However, __sev_platform_shutdown_locked() uses the controlling psp
structure to obtain the pointer to the sev_device structure. However,
during driver initialization, it is possible that an error can be received
from the firmware that results in the sev_data pointer being cleared from
the controlling psp structure. The __sev_platform_shutdown_locked()
function does not check for this situation and will segfault.

While not common, this scenario should be accounted for. Add a check for a
NULL sev_device structure before attempting to use it.

Fixes: 5441a07a ("crypto: ccp - shutdown SEV firmware on kexec")
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

The base register address of V2 and V3 are different. HW V3 not needs
to change the BD err detection.
Signed-off-by: NKai Ye <yekai13@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>

There is no i decrement in while (i >= 0) loop.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 359e893e ("crypto: sun8i-ss - rework handling of IV")
Acked-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Tested-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>