1. 09 11月, 2018 11 次提交
    • Y
      crypto: ccree - adjust hash length to suit certain context specifics · f1e52fd0
      Yael Chemla 提交于
      Adjust hash length such that it will not be fixed and general for all algs.
      Instead make it suitable for certain context information.
      This is preparation for SM3 support.
      Signed-off-by: NYael Chemla <yael.chemla@foss.arm.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      f1e52fd0
    • G
      crypto: ccree - add SM4 support · 9b8d51f8
      Gilad Ben-Yossef 提交于
      Add support for SM4 cipher in CryptoCell 713.
      Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      9b8d51f8
    • G
      dt-bindings: crypto: ccree: add ccree 713 · d422912a
      Gilad Ben-Yossef 提交于
      Add device tree bindings associating Arm TrustZone CryptoCell 713 with the
      ccree driver.
      Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
      Reviewed-by: NRob Herring <robh@kernel.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      d422912a
    • G
      crypto: ccree - add support for CryptoCell 713 · e40fdb50
      Gilad Ben-Yossef 提交于
      Add support for Arm TrustZone CryptoCell 713.
      Note that this patch just enables using a 713 in backwards compatible mode
      to 712. Newer 713 specific features will follow.
      Signed-off-by: NGilad Ben-Yossef <gilad@benyossef.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      e40fdb50
    • E
      crypto: arm/aes - add some hardening against cache-timing attacks · 913a3aa0
      Eric Biggers 提交于
      Make the ARM scalar AES implementation closer to constant-time by
      disabling interrupts and prefetching the tables into L1 cache.  This is
      feasible because due to ARM's "free" rotations, the main tables are only
      1024 bytes instead of the usual 4096 used by most AES implementations.
      
      On ARM Cortex-A7, the speed loss is only about 5%.  The resulting code
      is still over twice as fast as aes_ti.c.  Responsiveness is potentially
      a concern, but interrupts are only disabled for a single AES block.
      
      Note that even after these changes, the implementation still isn't
      necessarily guaranteed to be constant-time; see
      https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
      of the many difficulties involved in writing truly constant-time AES
      software.  But it's valuable to make such attacks more difficult.
      
      Much of this patch is based on patches suggested by Ard Biesheuvel.
      Suggested-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      913a3aa0
    • E
      crypto: aes_ti - disable interrupts while accessing S-box · 0a6a40c2
      Eric Biggers 提交于
      In the "aes-fixed-time" AES implementation, disable interrupts while
      accessing the S-box, in order to make cache-timing attacks more
      difficult.  Previously it was possible for the CPU to be interrupted
      while the S-box was loaded into L1 cache, potentially evicting the
      cachelines and causing later table lookups to be time-variant.
      
      In tests I did on x86 and ARM, this doesn't affect performance
      significantly.  Responsiveness is potentially a concern, but interrupts
      are only disabled for a single AES block.
      
      Note that even after this change, the implementation still isn't
      necessarily guaranteed to be constant-time; see
      https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
      of the many difficulties involved in writing truly constant-time AES
      software.  But it's valuable to make such attacks more difficult.
      Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0a6a40c2
    • C
      crypto: user - Zeroize whole structure given to user space · 9f4debe3
      Corentin Labbe 提交于
      For preventing uninitialized data to be given to user-space (and so leak
      potential useful data), the crypto_stat structure must be correctly
      initialized.
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Fixes: cac5818c ("crypto: user - Implement a generic crypto statistics")
      Signed-off-by: NCorentin Labbe <clabbe@baylibre.com>
      [EB: also fix it in crypto_reportstat_one()]
      [EB: use sizeof(var) rather than sizeof(type)]
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      9f4debe3
    • E
      crypto: user - fix leaking uninitialized memory to userspace · f43f3995
      Eric Biggers 提交于
      All bytes of the NETLINK_CRYPTO report structures must be initialized,
      since they are copied to userspace.  The change from strncpy() to
      strlcpy() broke this.  As a minimal fix, change it back.
      
      Fixes: 4473710d ("crypto: user - Prepare for CRYPTO_MAX_ALG_NAME expansion")
      Cc: <stable@vger.kernel.org> # v4.12+
      Signed-off-by: NEric Biggers <ebiggers@google.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      f43f3995
    • A
      crypto: simd - correctly take reqsize of wrapped skcipher into account · 508a1c4d
      Ard Biesheuvel 提交于
      The simd wrapper's skcipher request context structure consists
      of a single subrequest whose size is taken from the subordinate
      skcipher. However, in simd_skcipher_init(), the reqsize that is
      retrieved is not from the subordinate skcipher but from the
      cryptd request structure, whose size is completely unrelated to
      the actual wrapped skcipher.
      Reported-by: NQian Cai <cai@gmx.us>
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Tested-by: NQian Cai <cai@gmx.us>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      508a1c4d
    • J
      crypto: hisilicon - Fix reference after free of memories on error path · 0b0cf6af
      John Garry 提交于
      coccicheck currently warns of the following issues in the driver:
      drivers/crypto/hisilicon/sec/sec_algs.c:864:51-66: ERROR: reference preceded by free on line 812
      drivers/crypto/hisilicon/sec/sec_algs.c:864:40-49: ERROR: reference preceded by free on line 813
      drivers/crypto/hisilicon/sec/sec_algs.c:861:8-24: ERROR: reference preceded by free on line 814
      drivers/crypto/hisilicon/sec/sec_algs.c:860:41-51: ERROR: reference preceded by free on line 815
      drivers/crypto/hisilicon/sec/sec_algs.c:867:7-18: ERROR: reference preceded by free on line 816
      
      It would appear than on certain error paths that we may attempt reference-
      after-free some memories.
      
      This patch fixes those issues. The solution doesn't look perfect, but
      having same memories free'd possibly from separate functions makes it
      tricky.
      
      Fixes: 915e4e84 ("crypto: hisilicon - SEC security accelerator driver")
      Reviewed-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NJohn Garry <john.garry@huawei.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      0b0cf6af
    • J
      crypto: hisilicon - Fix NULL dereference for same dst and src · 68a031d2
      John Garry 提交于
      When the source and destination addresses for the cipher are the same, we
      will get a NULL dereference from accessing the split destination
      scatterlist memories, as shown:
      
      [   56.565719] tcrypt:
      [   56.565719] testing speed of async ecb(aes) (hisi_sec_aes_ecb) encryption
      [   56.574683] tcrypt: test 0 (128 bit key, 16 byte blocks):
      [   56.587585] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
      [   56.596361] Mem abort info:
      [   56.599151]   ESR = 0x96000006
      [   56.602196]   Exception class = DABT (current EL), IL = 32 bits
      [   56.608105]   SET = 0, FnV = 0
      [   56.611149]   EA = 0, S1PTW = 0
      [   56.614280] Data abort info:
      [   56.617151]   ISV = 0, ISS = 0x00000006
      [   56.620976]   CM = 0, WnR = 0
      [   56.623930] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
      [   56.630533] [0000000000000000] pgd=0000041fc7e4d003, pud=0000041fcd9bf003, pmd=0000000000000000
      [   56.639224] Internal error: Oops: 96000006 [#1] PREEMPT SMP
      [   56.644782] Modules linked in: tcrypt(+)
      [   56.648695] CPU: 21 PID: 2326 Comm: insmod Tainted: G        W         4.19.0-rc6-00001-g3fabfb8-dirty #716
      [   56.658420] Hardware name: Huawei Taishan 2280 /D05, BIOS Hisilicon D05 IT17 Nemo 2.0 RC0 10/05/2018
      [   56.667537] pstate: 20000005 (nzCv daif -PAN -UAO)
      [   56.672322] pc : sec_alg_skcipher_crypto+0x318/0x748
      [   56.677274] lr : sec_alg_skcipher_crypto+0x178/0x748
      [   56.682224] sp : ffff0000118e3840
      [   56.685525] x29: ffff0000118e3840 x28: ffff841fbb3f8118
      [   56.690825] x27: 0000000000000000 x26: 0000000000000000
      [   56.696125] x25: ffff841fbb3f8080 x24: ffff841fbadc0018
      [   56.701425] x23: ffff000009119000 x22: ffff841fbb24e280
      [   56.706724] x21: ffff841ff212e780 x20: ffff841ff212e700
      [   56.712023] x19: 0000000000000001 x18: ffffffffffffffff
      [   56.717322] x17: 0000000000000000 x16: 0000000000000000
      [   56.722621] x15: ffff0000091196c8 x14: 72635f7265687069
      [   56.727920] x13: 636b735f676c615f x12: ffff000009119940
      [   56.733219] x11: 0000000000000000 x10: 00000000006080c0
      [   56.738519] x9 : 0000000000000000 x8 : ffff841fbb24e480
      [   56.743818] x7 : ffff841fbb24e500 x6 : ffff841ff00cdcc0
      [   56.749117] x5 : 0000000000000010 x4 : 0000000000000000
      [   56.754416] x3 : ffff841fbb24e380 x2 : ffff841fbb24e480
      [   56.759715] x1 : 0000000000000000 x0 : ffff000008f682c8
      [   56.765016] Process insmod (pid: 2326, stack limit = 0x(____ptrval____))
      [   56.771702] Call trace:
      [   56.774136]  sec_alg_skcipher_crypto+0x318/0x748
      [   56.778740]  sec_alg_skcipher_encrypt+0x10/0x18
      [   56.783259]  test_skcipher_speed+0x2a0/0x700 [tcrypt]
      [   56.788298]  do_test+0x18f8/0x48c8 [tcrypt]
      [   56.792469]  tcrypt_mod_init+0x60/0x1000 [tcrypt]
      [   56.797161]  do_one_initcall+0x5c/0x178
      [   56.800985]  do_init_module+0x58/0x1b4
      [   56.804721]  load_module+0x1da4/0x2150
      [   56.808456]  __se_sys_init_module+0x14c/0x1e8
      [   56.812799]  __arm64_sys_init_module+0x18/0x20
      [   56.817231]  el0_svc_common+0x60/0xe8
      [   56.820880]  el0_svc_handler+0x2c/0x80
      [   56.824615]  el0_svc+0x8/0xc
      [   56.827483] Code: a94c87a3 910b2000 f87b7842 f9004ba2 (b87b7821)
      [   56.833564] ---[ end trace 0f63290590e93d94 ]---
      Segmentation fault
      
      Fix this by only accessing these memories when we have different src and
      dst.
      
      Fixes: 915e4e84 ("crypto: hisilicon - SEC security accelerator driver")
      Reviewed-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NJohn Garry <john.garry@huawei.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      68a031d2
  2. 05 11月, 2018 5 次提交
    • L
      Linux 4.20-rc1 · 65102238
      Linus Torvalds 提交于
      65102238
    • L
      Merge tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs · 42bd06e9
      Linus Torvalds 提交于
      Pull UBIFS updates from Richard Weinberger:
      
       - Full filesystem authentication feature, UBIFS is now able to have the
         whole filesystem structure authenticated plus user data encrypted and
         authenticated.
      
       - Minor cleanups
      
      * tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs: (26 commits)
        ubifs: Remove unneeded semicolon
        Documentation: ubifs: Add authentication whitepaper
        ubifs: Enable authentication support
        ubifs: Do not update inode size in-place in authenticated mode
        ubifs: Add hashes and HMACs to default filesystem
        ubifs: authentication: Authenticate super block node
        ubifs: Create hash for default LPT
        ubfis: authentication: Authenticate master node
        ubifs: authentication: Authenticate LPT
        ubifs: Authenticate replayed journal
        ubifs: Add auth nodes to garbage collector journal head
        ubifs: Add authentication nodes to journal
        ubifs: authentication: Add hashes to index nodes
        ubifs: Add hashes to the tree node cache
        ubifs: Create functions to embed a HMAC in a node
        ubifs: Add helper functions for authentication support
        ubifs: Add separate functions to init/crc a node
        ubifs: Format changes for authentication support
        ubifs: Store read superblock node
        ubifs: Drop write_node
        ...
      42bd06e9
    • L
      Merge tag 'nfs-for-4.20-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 4710e789
      Linus Torvalds 提交于
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
        Bugfix:
         - Fix build issues on architectures that don't provide 64-bit cmpxchg
      
        Cleanups:
         - Fix a spelling mistake"
      
      * tag 'nfs-for-4.20-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFS: fix spelling mistake, EACCESS -> EACCES
        SUNRPC: Use atomic(64)_t for seq_send(64)
      4710e789
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 35e74524
      Linus Torvalds 提交于
      Pull more timer updates from Thomas Gleixner:
       "A set of commits for the new C-SKY architecture timers"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        dt-bindings: timer: gx6605s SOC timer
        clocksource/drivers/c-sky: Add gx6605s SOC system timer
        dt-bindings: timer: C-SKY Multi-processor timer
        clocksource/drivers/c-sky: Add C-SKY SMP timer
      35e74524
    • L
      Merge tag 'ntb-4.20' of git://github.com/jonmason/ntb · 04578e84
      Linus Torvalds 提交于
      Pull NTB updates from Jon Mason:
       "Fairly minor changes and bug fixes:
      
        NTB IDT thermal changes and hook into hwmon, ntb_netdev clean-up of
        private struct, and a few bug fixes"
      
      * tag 'ntb-4.20' of git://github.com/jonmason/ntb:
        ntb: idt: Alter the driver info comments
        ntb: idt: Discard temperature sensor IRQ handler
        ntb: idt: Add basic hwmon sysfs interface
        ntb: idt: Alter temperature read method
        ntb_netdev: Simplify remove with client device drvdata
        NTB: transport: Try harder to alloc an aligned MW buffer
        ntb: ntb_transport: Mark expected switch fall-throughs
        ntb: idt: Set PCIe bus address to BARLIMITx
        NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
        ntb: intel: fix return value for ndev_vec_mask()
        ntb_netdev: fix sleep time mismatch
      04578e84
  3. 04 11月, 2018 24 次提交