Merge tag 'v6.10-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

+52

Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-aes.yaml

··· 1 + # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/crypto/nvidia,tegra234-se-aes.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: NVIDIA Tegra Security Engine for AES algorithms 8 + 9 + description: 10 + The Tegra Security Engine accelerates the following AES encryption/decryption 11 + algorithms - AES-ECB, AES-CBC, AES-OFB, AES-XTS, AES-CTR, AES-GCM, AES-CCM, 12 + AES-CMAC 13 + 14 + maintainers: 15 + - Akhil R <akhilrajeev@nvidia.com> 16 + 17 + properties: 18 + compatible: 19 + const: nvidia,tegra234-se-aes 20 + 21 + reg: 22 + maxItems: 1 23 + 24 + clocks: 25 + maxItems: 1 26 + 27 + iommus: 28 + maxItems: 1 29 + 30 + dma-coherent: true 31 + 32 + required: 33 + - compatible 34 + - reg 35 + - clocks 36 + - iommus 37 + 38 + additionalProperties: false 39 + 40 + examples: 41 + - | 42 + #include <dt-bindings/memory/tegra234-mc.h> 43 + #include <dt-bindings/clock/tegra234-clock.h> 44 + 45 + crypto@15820000 { 46 + compatible = "nvidia,tegra234-se-aes"; 47 + reg = <0x15820000 0x10000>; 48 + clocks = <&bpmp TEGRA234_CLK_SE>; 49 + iommus = <&smmu TEGRA234_SID_SES_SE1>; 50 + dma-coherent; 51 + }; 52 + ...

+52

Documentation/devicetree/bindings/crypto/nvidia,tegra234-se-hash.yaml

··· 1 + # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/crypto/nvidia,tegra234-se-hash.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: NVIDIA Tegra Security Engine for HASH algorithms 8 + 9 + description: 10 + The Tegra Security HASH Engine accelerates the following HASH functions - 11 + SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 12 + HMAC(SHA224), HMAC(SHA256), HMAC(SHA384), HMAC(SHA512) 13 + 14 + maintainers: 15 + - Akhil R <akhilrajeev@nvidia.com> 16 + 17 + properties: 18 + compatible: 19 + const: nvidia,tegra234-se-hash 20 + 21 + reg: 22 + maxItems: 1 23 + 24 + clocks: 25 + maxItems: 1 26 + 27 + iommus: 28 + maxItems: 1 29 + 30 + dma-coherent: true 31 + 32 + required: 33 + - compatible 34 + - reg 35 + - clocks 36 + - iommus 37 + 38 + additionalProperties: false 39 + 40 + examples: 41 + - | 42 + #include <dt-bindings/memory/tegra234-mc.h> 43 + #include <dt-bindings/clock/tegra234-clock.h> 44 + 45 + crypto@15840000 { 46 + compatible = "nvidia,tegra234-se-hash"; 47 + reg = <0x15840000 0x10000>; 48 + clocks = <&bpmp TEGRA234_CLK_SE>; 49 + iommus = <&smmu TEGRA234_SID_SES_SE2>; 50 + dma-coherent; 51 + }; 52 + ...

-28

Documentation/devicetree/bindings/crypto/omap-sham.txt

··· 1 - OMAP SoC SHA crypto Module 2 - 3 - Required properties: 4 - 5 - - compatible : Should contain entries for this and backward compatible 6 - SHAM versions: 7 - - "ti,omap2-sham" for OMAP2 & OMAP3. 8 - - "ti,omap4-sham" for OMAP4 and AM33XX. 9 - - "ti,omap5-sham" for OMAP5, DRA7 and AM43XX. 10 - - ti,hwmods: Name of the hwmod associated with the SHAM module 11 - - reg : Offset and length of the register set for the module 12 - - interrupts : the interrupt-specifier for the SHAM module. 13 - 14 - Optional properties: 15 - - dmas: DMA specifiers for the rx dma. See the DMA client binding, 16 - Documentation/devicetree/bindings/dma/dma.txt 17 - - dma-names: DMA request name. Should be "rx" if a dma is present. 18 - 19 - Example: 20 - /* AM335x */ 21 - sham: sham@53100000 { 22 - compatible = "ti,omap4-sham"; 23 - ti,hwmods = "sham"; 24 - reg = <0x53100000 0x200>; 25 - interrupts = <109>; 26 - dmas = <&edma 36>; 27 - dma-names = "rx"; 28 - };

+1

Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml

··· 15 15 - enum: 16 16 - qcom,sa8775p-inline-crypto-engine 17 17 - qcom,sc7180-inline-crypto-engine 18 + - qcom,sc7280-inline-crypto-engine 18 19 - qcom,sm8450-inline-crypto-engine 19 20 - qcom,sm8550-inline-crypto-engine 20 21 - qcom,sm8650-inline-crypto-engine

+28 -2

Documentation/devicetree/bindings/crypto/starfive,jh7110-crypto.yaml

··· 12 12 13 13 properties: 14 14 compatible: 15 - const: starfive,jh7110-crypto 15 + enum: 16 + - starfive,jh7110-crypto 17 + - starfive,jh8100-crypto 16 18 17 19 reg: 18 20 maxItems: 1 ··· 30 28 - const: ahb 31 29 32 30 interrupts: 33 - maxItems: 1 31 + minItems: 1 32 + items: 33 + - description: SHA2 module irq 34 + - description: SM3 module irq 34 35 35 36 resets: 36 37 maxItems: 1 ··· 58 53 - dma-names 59 54 60 55 additionalProperties: false 56 + 57 + allOf: 58 + - if: 59 + properties: 60 + compatible: 61 + const: starfive,jh7110-crypto 62 + 63 + then: 64 + properties: 65 + interrupts: 66 + maxItems: 1 67 + 68 + - if: 69 + properties: 70 + compatible: 71 + const: starfive,jh8100-crypto 72 + 73 + then: 74 + properties: 75 + interrupts: 76 + minItems: 2 61 77 62 78 examples: 63 79 - |

+56

Documentation/devicetree/bindings/crypto/ti,omap-sham.yaml

··· 1 + # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/crypto/ti,omap-sham.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: OMAP SoC SHA crypto Module 8 + 9 + maintainers: 10 + - Animesh Agarwal <animeshagarwal28@gmail.com> 11 + 12 + properties: 13 + compatible: 14 + enum: 15 + - ti,omap2-sham 16 + - ti,omap4-sham 17 + - ti,omap5-sham 18 + 19 + reg: 20 + maxItems: 1 21 + 22 + interrupts: 23 + maxItems: 1 24 + 25 + dmas: 26 + maxItems: 1 27 + 28 + dma-names: 29 + const: rx 30 + 31 + ti,hwmods: 32 + description: Name of the hwmod associated with the SHAM module 33 + $ref: /schemas/types.yaml#/definitions/string 34 + enum: [sham] 35 + 36 + dependencies: 37 + dmas: [dma-names] 38 + 39 + additionalProperties: false 40 + 41 + required: 42 + - compatible 43 + - ti,hwmods 44 + - reg 45 + - interrupts 46 + 47 + examples: 48 + - | 49 + sham@53100000 { 50 + compatible = "ti,omap4-sham"; 51 + ti,hwmods = "sham"; 52 + reg = <0x53100000 0x200>; 53 + interrupts = <109>; 54 + dmas = <&edma 36>; 55 + dma-names = "rx"; 56 + };

+59 -37

Documentation/driver-api/crypto/iaa/iaa-crypto.rst

··· 179 179 180 180 # configure wq1.0 181 181 182 - accel-config config-wq --group-id=0 --mode=dedicated --type=kernel --name="iaa_crypto" --device_name="crypto" iax1/wq1.0 182 + accel-config config-wq --group-id=0 --mode=dedicated --type=kernel --priority=10 --name="iaa_crypto" --driver-name="crypto" iax1/wq1.0 183 + 184 + accel-config config-engine iax1/engine1.0 --group-id=0 183 185 184 186 # enable IAA device iax1 185 187 ··· 323 321 324 322 # ls -al /sys/kernel/debug/iaa-crypto/ 325 323 total 0 326 - drwxr-xr-x 2 root root 0 Mar 3 09:35 . 327 - drwx------ 47 root root 0 Mar 3 09:35 .. 328 - -rw-r--r-- 1 root root 0 Mar 3 09:35 max_acomp_delay_ns 329 - -rw-r--r-- 1 root root 0 Mar 3 09:35 max_adecomp_delay_ns 330 - -rw-r--r-- 1 root root 0 Mar 3 09:35 max_comp_delay_ns 331 - -rw-r--r-- 1 root root 0 Mar 3 09:35 max_decomp_delay_ns 332 - -rw-r--r-- 1 root root 0 Mar 3 09:35 stats_reset 333 - -rw-r--r-- 1 root root 0 Mar 3 09:35 total_comp_bytes_out 334 - -rw-r--r-- 1 root root 0 Mar 3 09:35 total_comp_calls 335 - -rw-r--r-- 1 root root 0 Mar 3 09:35 total_decomp_bytes_in 336 - -rw-r--r-- 1 root root 0 Mar 3 09:35 total_decomp_calls 337 - -rw-r--r-- 1 root root 0 Mar 3 09:35 wq_stats 324 + drwxr-xr-x 2 root root 0 Mar 3 07:55 . 325 + drwx------ 53 root root 0 Mar 3 07:55 .. 326 + -rw-r--r-- 1 root root 0 Mar 3 07:55 global_stats 327 + -rw-r--r-- 1 root root 0 Mar 3 07:55 stats_reset 328 + -rw-r--r-- 1 root root 0 Mar 3 07:55 wq_stats 338 329 339 - Most of the above statisticss are self-explanatory. The wq_stats file 340 - shows per-wq stats, a set for each iaa device and wq in addition to 341 - some global stats:: 330 + The global_stats file shows a set of global statistics collected since 331 + the driver has been loaded or reset:: 342 332 343 - # cat wq_stats 333 + # cat global_stats 344 334 global stats: 345 - total_comp_calls: 100 346 - total_decomp_calls: 100 347 - total_comp_bytes_out: 22800 348 - total_decomp_bytes_in: 22800 335 + total_comp_calls: 4300 336 + total_decomp_calls: 4164 337 + total_sw_decomp_calls: 0 338 + total_comp_bytes_out: 5993989 339 + total_decomp_bytes_in: 5993989 349 340 total_completion_einval_errors: 0 350 341 total_completion_timeout_errors: 0 351 - total_completion_comp_buf_overflow_errors: 0 342 + total_completion_comp_buf_overflow_errors: 136 352 343 344 + The wq_stats file shows per-wq stats, a set for each iaa device and wq 345 + in addition to some global stats:: 346 + 347 + # cat wq_stats 353 348 iaa device: 354 349 id: 1 355 350 n_wqs: 1 ··· 378 379 iaa device: 379 380 id: 5 380 381 n_wqs: 1 381 - comp_calls: 100 382 - comp_bytes: 22800 383 - decomp_calls: 100 384 - decomp_bytes: 22800 382 + comp_calls: 1360 383 + comp_bytes: 1999776 384 + decomp_calls: 0 385 + decomp_bytes: 0 385 386 wqs: 386 387 name: iaa_crypto 387 - comp_calls: 100 388 - comp_bytes: 22800 389 - decomp_calls: 100 390 - decomp_bytes: 22800 388 + comp_calls: 1360 389 + comp_bytes: 1999776 390 + decomp_calls: 0 391 + decomp_bytes: 0 391 392 392 - Writing 0 to 'stats_reset' resets all the stats, including the 393 + iaa device: 394 + id: 7 395 + n_wqs: 1 396 + comp_calls: 2940 397 + comp_bytes: 3994213 398 + decomp_calls: 4164 399 + decomp_bytes: 5993989 400 + wqs: 401 + name: iaa_crypto 402 + comp_calls: 2940 403 + comp_bytes: 3994213 404 + decomp_calls: 4164 405 + decomp_bytes: 5993989 406 + ... 407 + 408 + Writing to 'stats_reset' resets all the stats, including the 393 409 per-device and per-wq stats:: 394 410 395 - # echo 0 > stats_reset 411 + # echo 1 > stats_reset 396 412 # cat wq_stats 397 413 global stats: 398 414 total_comp_calls: 0 ··· 550 536 551 537 echo "End Disable IAA" 552 538 539 + echo "Reload iaa_crypto module" 540 + 541 + rmmod iaa_crypto 542 + modprobe iaa_crypto 543 + 544 + echo "End Reload iaa_crypto module" 545 + 553 546 # 554 547 # configure iaa wqs and devices 555 548 # 556 549 echo "Configure IAA" 557 550 for ((i = 1; i < ${num_iaa} * 2; i += 2)); do 558 - accel-config config-wq --group-id=0 --mode=dedicated --size=128 --priority=10 --type=kernel --name="iaa_crypto" --driver_name="crypto" iax${i}/wq${i} 551 + accel-config config-wq --group-id=0 --mode=dedicated --wq-size=128 --priority=10 --type=kernel --name="iaa_crypto" --driver-name="crypto" iax${i}/wq${i}.0 552 + accel-config config-engine iax${i}/engine${i}.0 --group-id=0 559 553 done 560 554 561 555 echo "End Configure IAA" ··· 574 552 echo "Enable IAA" 575 553 576 554 for ((i = 1; i < ${num_iaa} * 2; i += 2)); do 577 - echo enable iaa iaa${i} 578 - accel-config enable-device iaa${i} 579 - echo enable wq iaa${i}/wq${i}.0 580 - accel-config enable-wq iaa${i}/wq${i}.0 555 + echo enable iaa iax${i} 556 + accel-config enable-device iax${i} 557 + echo enable wq iax${i}/wq${i}.0 558 + accel-config enable-wq iax${i}/wq${i}.0 581 559 done 582 560 583 561 echo "End Enable IAA"

+5

MAINTAINERS

··· 21764 21764 S: Supported 21765 21765 F: drivers/clk/tegra/ 21766 21766 21767 + TEGRA CRYPTO DRIVERS 21768 + M: Akhil R <akhilrajeev@nvidia.com> 21769 + S: Supported 21770 + F: drivers/crypto/tegra/* 21771 + 21767 21772 TEGRA DMA DRIVERS 21768 21773 M: Laxman Dewangan <ldewangan@nvidia.com> 21769 21774 M: Jon Hunter <jonathanh@nvidia.com>

+14 -20

arch/arm64/crypto/aes-ce.S

··· 25 25 .endm 26 26 27 27 /* preload all round keys */ 28 - .macro load_round_keys, rounds, rk 29 - cmp \rounds, #12 30 - blo 2222f /* 128 bits */ 31 - beq 1111f /* 192 bits */ 32 - ld1 {v17.4s-v18.4s}, [\rk], #32 33 - 1111: ld1 {v19.4s-v20.4s}, [\rk], #32 34 - 2222: ld1 {v21.4s-v24.4s}, [\rk], #64 35 - ld1 {v25.4s-v28.4s}, [\rk], #64 36 - ld1 {v29.4s-v31.4s}, [\rk] 28 + .macro load_round_keys, rk, nr, tmp 29 + add \tmp, \rk, \nr, sxtw #4 30 + sub \tmp, \tmp, #160 31 + ld1 {v17.4s-v20.4s}, [\rk] 32 + ld1 {v21.4s-v24.4s}, [\tmp], #64 33 + ld1 {v25.4s-v28.4s}, [\tmp], #64 34 + ld1 {v29.4s-v31.4s}, [\tmp] 37 35 .endm 38 36 39 37 /* prepare for encryption with key in rk[] */ 40 38 .macro enc_prepare, rounds, rk, temp 41 - mov \temp, \rk 42 - load_round_keys \rounds, \temp 39 + load_round_keys \rk, \rounds, \temp 43 40 .endm 44 41 45 42 /* prepare for encryption (again) but with new key in rk[] */ 46 43 .macro enc_switch_key, rounds, rk, temp 47 - mov \temp, \rk 48 - load_round_keys \rounds, \temp 44 + load_round_keys \rk, \rounds, \temp 49 45 .endm 50 46 51 47 /* prepare for decryption with key in rk[] */ 52 48 .macro dec_prepare, rounds, rk, temp 53 - mov \temp, \rk 54 - load_round_keys \rounds, \temp 49 + load_round_keys \rk, \rounds, \temp 55 50 .endm 56 51 57 52 .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3, i4 ··· 105 110 106 111 /* up to 5 interleaved blocks */ 107 112 .macro do_block_Nx, enc, rounds, i0, i1, i2, i3, i4 108 - cmp \rounds, #12 109 - blo 2222f /* 128 bits */ 110 - beq 1111f /* 192 bits */ 113 + tbz \rounds, #2, .L\@ /* 128 bits */ 111 114 round_Nx \enc, v17, \i0, \i1, \i2, \i3, \i4 112 115 round_Nx \enc, v18, \i0, \i1, \i2, \i3, \i4 113 - 1111: round_Nx \enc, v19, \i0, \i1, \i2, \i3, \i4 116 + tbz \rounds, #1, .L\@ /* 192 bits */ 117 + round_Nx \enc, v19, \i0, \i1, \i2, \i3, \i4 114 118 round_Nx \enc, v20, \i0, \i1, \i2, \i3, \i4 115 - 2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 119 + .L\@: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 116 120 round_Nx \enc, \key, \i0, \i1, \i2, \i3, \i4 117 121 .endr 118 122 fin_round_Nx \enc, v30, v31, \i0, \i1, \i2, \i3, \i4

+10 -10

arch/arm64/crypto/aes-neon.S

··· 99 99 ld1 {v15.4s}, [\rk] 100 100 add \rkp, \rk, #16 101 101 mov \i, \rounds 102 - 1111: eor \in\().16b, \in\().16b, v15.16b /* ^round key */ 102 + .La\@: eor \in\().16b, \in\().16b, v15.16b /* ^round key */ 103 103 movi v15.16b, #0x40 104 104 tbl \in\().16b, {\in\().16b}, v13.16b /* ShiftRows */ 105 105 sub_bytes \in 106 - subs \i, \i, #1 106 + sub \i, \i, #1 107 107 ld1 {v15.4s}, [\rkp], #16 108 - beq 2222f 108 + cbz \i, .Lb\@ 109 109 mix_columns \in, \enc 110 - b 1111b 111 - 2222: eor \in\().16b, \in\().16b, v15.16b /* ^round key */ 110 + b .La\@ 111 + .Lb\@: eor \in\().16b, \in\().16b, v15.16b /* ^round key */ 112 112 .endm 113 113 114 114 .macro encrypt_block, in, rounds, rk, rkp, i ··· 206 206 ld1 {v15.4s}, [\rk] 207 207 add \rkp, \rk, #16 208 208 mov \i, \rounds 209 - 1111: eor \in0\().16b, \in0\().16b, v15.16b /* ^round key */ 209 + .La\@: eor \in0\().16b, \in0\().16b, v15.16b /* ^round key */ 210 210 eor \in1\().16b, \in1\().16b, v15.16b /* ^round key */ 211 211 eor \in2\().16b, \in2\().16b, v15.16b /* ^round key */ 212 212 eor \in3\().16b, \in3\().16b, v15.16b /* ^round key */ ··· 216 216 tbl \in2\().16b, {\in2\().16b}, v13.16b /* ShiftRows */ 217 217 tbl \in3\().16b, {\in3\().16b}, v13.16b /* ShiftRows */ 218 218 sub_bytes_4x \in0, \in1, \in2, \in3 219 - subs \i, \i, #1 219 + sub \i, \i, #1 220 220 ld1 {v15.4s}, [\rkp], #16 221 - beq 2222f 221 + cbz \i, .Lb\@ 222 222 mix_columns_2x \in0, \in1, \enc 223 223 mix_columns_2x \in2, \in3, \enc 224 - b 1111b 225 - 2222: eor \in0\().16b, \in0\().16b, v15.16b /* ^round key */ 224 + b .La\@ 225 + .Lb\@: eor \in0\().16b, \in0\().16b, v15.16b /* ^round key */ 226 226 eor \in1\().16b, \in1\().16b, v15.16b /* ^round key */ 227 227 eor \in2\().16b, \in2\().16b, v15.16b /* ^round key */ 228 228 eor \in3\().16b, \in3\().16b, v15.16b /* ^round key */

-1

arch/s390/configs/debug_defconfig

··· 760 760 CONFIG_CRYPTO_USER_API_SKCIPHER=m 761 761 CONFIG_CRYPTO_USER_API_RNG=m 762 762 CONFIG_CRYPTO_USER_API_AEAD=m 763 - CONFIG_CRYPTO_STATS=y 764 763 CONFIG_CRYPTO_CRC32_S390=y 765 764 CONFIG_CRYPTO_SHA512_S390=m 766 765 CONFIG_CRYPTO_SHA1_S390=m

-1

arch/s390/configs/defconfig

··· 745 745 CONFIG_CRYPTO_USER_API_SKCIPHER=m 746 746 CONFIG_CRYPTO_USER_API_RNG=m 747 747 CONFIG_CRYPTO_USER_API_AEAD=m 748 - CONFIG_CRYPTO_STATS=y 749 748 CONFIG_CRYPTO_CRC32_S390=y 750 749 CONFIG_CRYPTO_SHA512_S390=m 751 750 CONFIG_CRYPTO_SHA1_S390=m

+10

arch/x86/Kconfig.assembler

··· 25 25 help 26 26 Supported by binutils >= 2.30 and LLVM integrated assembler 27 27 28 + config AS_VAES 29 + def_bool $(as-instr,vaesenc %ymm0$(comma)%ymm1$(comma)%ymm2) 30 + help 31 + Supported by binutils >= 2.30 and LLVM integrated assembler 32 + 33 + config AS_VPCLMULQDQ 34 + def_bool $(as-instr,vpclmulqdq \$0x10$(comma)%ymm0$(comma)%ymm1$(comma)%ymm2) 35 + help 36 + Supported by binutils >= 2.30 and LLVM integrated assembler 37 + 28 38 config AS_WRUSS 29 39 def_bool $(as-instr,wrussq %rax$(comma)(%rbx)) 30 40 help

+2 -1

arch/x86/crypto/Makefile

··· 48 48 49 49 obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o 50 50 aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o 51 - aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o aes_ctrby8_avx-x86_64.o 51 + aesni-intel-$(CONFIG_64BIT) += aesni-intel_avx-x86_64.o \ 52 + aes_ctrby8_avx-x86_64.o aes-xts-avx-x86_64.o 52 53 53 54 obj-$(CONFIG_CRYPTO_SHA1_SSSE3) += sha1-ssse3.o 54 55 sha1-ssse3-y := sha1_avx2_x86_64_asm.o sha1_ssse3_asm.o sha1_ssse3_glue.o

+845

arch/x86/crypto/aes-xts-avx-x86_64.S

··· 1 + /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 + /* 3 + * AES-XTS for modern x86_64 CPUs 4 + * 5 + * Copyright 2024 Google LLC 6 + * 7 + * Author: Eric Biggers <ebiggers@google.com> 8 + */ 9 + 10 + /* 11 + * This file implements AES-XTS for modern x86_64 CPUs. To handle the 12 + * complexities of coding for x86 SIMD, e.g. where every vector length needs 13 + * different code, it uses a macro to generate several implementations that 14 + * share similar source code but are targeted at different CPUs, listed below: 15 + * 16 + * AES-NI + AVX 17 + * - 128-bit vectors (1 AES block per vector) 18 + * - VEX-coded instructions 19 + * - xmm0-xmm15 20 + * - This is for older CPUs that lack VAES but do have AVX. 21 + * 22 + * VAES + VPCLMULQDQ + AVX2 23 + * - 256-bit vectors (2 AES blocks per vector) 24 + * - VEX-coded instructions 25 + * - ymm0-ymm15 26 + * - This is for CPUs that have VAES but lack AVX512 or AVX10, 27 + * e.g. Intel's Alder Lake and AMD's Zen 3. 28 + * 29 + * VAES + VPCLMULQDQ + AVX10/256 + BMI2 30 + * - 256-bit vectors (2 AES blocks per vector) 31 + * - EVEX-coded instructions 32 + * - ymm0-ymm31 33 + * - This is for CPUs that have AVX512 but where using zmm registers causes 34 + * downclocking, and for CPUs that have AVX10/256 but not AVX10/512. 35 + * - By "AVX10/256" we really mean (AVX512BW + AVX512VL) || AVX10/256. 36 + * To avoid confusion with 512-bit, we just write AVX10/256. 37 + * 38 + * VAES + VPCLMULQDQ + AVX10/512 + BMI2 39 + * - Same as the previous one, but upgrades to 512-bit vectors 40 + * (4 AES blocks per vector) in zmm0-zmm31. 41 + * - This is for CPUs that have good AVX512 or AVX10/512 support. 42 + * 43 + * This file doesn't have an implementation for AES-NI alone (without AVX), as 44 + * the lack of VEX would make all the assembly code different. 45 + * 46 + * When we use VAES, we also use VPCLMULQDQ to parallelize the computation of 47 + * the XTS tweaks. This avoids a bottleneck. Currently there don't seem to be 48 + * any CPUs that support VAES but not VPCLMULQDQ. If that changes, we might 49 + * need to start also providing an implementation using VAES alone. 50 + * 51 + * The AES-XTS implementations in this file support everything required by the 52 + * crypto API, including support for arbitrary input lengths and multi-part 53 + * processing. However, they are most heavily optimized for the common case of 54 + * power-of-2 length inputs that are processed in a single part (disk sectors). 55 + */ 56 + 57 + #include <linux/linkage.h> 58 + #include <linux/cfi_types.h> 59 + 60 + .section .rodata 61 + .p2align 4 62 + .Lgf_poly: 63 + // The low 64 bits of this value represent the polynomial x^7 + x^2 + x 64 + // + 1. It is the value that must be XOR'd into the low 64 bits of the 65 + // tweak each time a 1 is carried out of the high 64 bits. 66 + // 67 + // The high 64 bits of this value is just the internal carry bit that 68 + // exists when there's a carry out of the low 64 bits of the tweak. 69 + .quad 0x87, 1 70 + 71 + // This table contains constants for vpshufb and vpblendvb, used to 72 + // handle variable byte shifts and blending during ciphertext stealing 73 + // on CPUs that don't support AVX10-style masking. 74 + .Lcts_permute_table: 75 + .byte 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 76 + .byte 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 77 + .byte 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 78 + .byte 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 79 + .byte 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 80 + .byte 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 81 + .text 82 + 83 + // Function parameters 84 + .set KEY, %rdi // Initially points to crypto_aes_ctx, then is 85 + // advanced to point to 7th-from-last round key 86 + .set SRC, %rsi // Pointer to next source data 87 + .set DST, %rdx // Pointer to next destination data 88 + .set LEN, %ecx // Remaining length in bytes 89 + .set LEN8, %cl 90 + .set LEN64, %rcx 91 + .set TWEAK, %r8 // Pointer to next tweak 92 + 93 + // %rax holds the AES key length in bytes. 94 + .set KEYLEN, %eax 95 + .set KEYLEN64, %rax 96 + 97 + // %r9-r11 are available as temporaries. 98 + 99 + .macro _define_Vi i 100 + .if VL == 16 101 + .set V\i, %xmm\i 102 + .elseif VL == 32 103 + .set V\i, %ymm\i 104 + .elseif VL == 64 105 + .set V\i, %zmm\i 106 + .else 107 + .error "Unsupported Vector Length (VL)" 108 + .endif 109 + .endm 110 + 111 + .macro _define_aliases 112 + // Define register aliases V0-V15, or V0-V31 if all 32 SIMD registers 113 + // are available, that map to the xmm, ymm, or zmm registers according 114 + // to the selected Vector Length (VL). 115 + _define_Vi 0 116 + _define_Vi 1 117 + _define_Vi 2 118 + _define_Vi 3 119 + _define_Vi 4 120 + _define_Vi 5 121 + _define_Vi 6 122 + _define_Vi 7 123 + _define_Vi 8 124 + _define_Vi 9 125 + _define_Vi 10 126 + _define_Vi 11 127 + _define_Vi 12 128 + _define_Vi 13 129 + _define_Vi 14 130 + _define_Vi 15 131 + .if USE_AVX10 132 + _define_Vi 16 133 + _define_Vi 17 134 + _define_Vi 18 135 + _define_Vi 19 136 + _define_Vi 20 137 + _define_Vi 21 138 + _define_Vi 22 139 + _define_Vi 23 140 + _define_Vi 24 141 + _define_Vi 25 142 + _define_Vi 26 143 + _define_Vi 27 144 + _define_Vi 28 145 + _define_Vi 29 146 + _define_Vi 30 147 + _define_Vi 31 148 + .endif 149 + 150 + // V0-V3 hold the data blocks during the main loop, or temporary values 151 + // otherwise. V4-V5 hold temporary values. 152 + 153 + // V6-V9 hold XTS tweaks. Each 128-bit lane holds one tweak. 154 + .set TWEAK0_XMM, %xmm6 155 + .set TWEAK0, V6 156 + .set TWEAK1_XMM, %xmm7 157 + .set TWEAK1, V7 158 + .set TWEAK2, V8 159 + .set TWEAK3, V9 160 + 161 + // V10-V13 are used for computing the next values of TWEAK[0-3]. 162 + .set NEXT_TWEAK0, V10 163 + .set NEXT_TWEAK1, V11 164 + .set NEXT_TWEAK2, V12 165 + .set NEXT_TWEAK3, V13 166 + 167 + // V14 holds the constant from .Lgf_poly, copied to all 128-bit lanes. 168 + .set GF_POLY_XMM, %xmm14 169 + .set GF_POLY, V14 170 + 171 + // V15 holds the key for AES "round 0", copied to all 128-bit lanes. 172 + .set KEY0_XMM, %xmm15 173 + .set KEY0, V15 174 + 175 + // If 32 SIMD registers are available, then V16-V29 hold the remaining 176 + // AES round keys, copied to all 128-bit lanes. 177 + // 178 + // AES-128, AES-192, and AES-256 use different numbers of round keys. 179 + // To allow handling all three variants efficiently, we align the round 180 + // keys to the *end* of this register range. I.e., AES-128 uses 181 + // KEY5-KEY14, AES-192 uses KEY3-KEY14, and AES-256 uses KEY1-KEY14. 182 + // (All also use KEY0 for the XOR-only "round" at the beginning.) 183 + .if USE_AVX10 184 + .set KEY1_XMM, %xmm16 185 + .set KEY1, V16 186 + .set KEY2_XMM, %xmm17 187 + .set KEY2, V17 188 + .set KEY3_XMM, %xmm18 189 + .set KEY3, V18 190 + .set KEY4_XMM, %xmm19 191 + .set KEY4, V19 192 + .set KEY5_XMM, %xmm20 193 + .set KEY5, V20 194 + .set KEY6_XMM, %xmm21 195 + .set KEY6, V21 196 + .set KEY7_XMM, %xmm22 197 + .set KEY7, V22 198 + .set KEY8_XMM, %xmm23 199 + .set KEY8, V23 200 + .set KEY9_XMM, %xmm24 201 + .set KEY9, V24 202 + .set KEY10_XMM, %xmm25 203 + .set KEY10, V25 204 + .set KEY11_XMM, %xmm26 205 + .set KEY11, V26 206 + .set KEY12_XMM, %xmm27 207 + .set KEY12, V27 208 + .set KEY13_XMM, %xmm28 209 + .set KEY13, V28 210 + .set KEY14_XMM, %xmm29 211 + .set KEY14, V29 212 + .endif 213 + // V30-V31 are currently unused. 214 + .endm 215 + 216 + // Move a vector between memory and a register. 217 + .macro _vmovdqu src, dst 218 + .if VL < 64 219 + vmovdqu \src, \dst 220 + .else 221 + vmovdqu8 \src, \dst 222 + .endif 223 + .endm 224 + 225 + // Broadcast a 128-bit value into a vector. 226 + .macro _vbroadcast128 src, dst 227 + .if VL == 16 && !USE_AVX10 228 + vmovdqu \src, \dst 229 + .elseif VL == 32 && !USE_AVX10 230 + vbroadcasti128 \src, \dst 231 + .else 232 + vbroadcasti32x4 \src, \dst 233 + .endif 234 + .endm 235 + 236 + // XOR two vectors together. 237 + .macro _vpxor src1, src2, dst 238 + .if USE_AVX10 239 + vpxord \src1, \src2, \dst 240 + .else 241 + vpxor \src1, \src2, \dst 242 + .endif 243 + .endm 244 + 245 + // XOR three vectors together. 246 + .macro _xor3 src1, src2, src3_and_dst 247 + .if USE_AVX10 248 + // vpternlogd with immediate 0x96 is a three-argument XOR. 249 + vpternlogd $0x96, \src1, \src2, \src3_and_dst 250 + .else 251 + vpxor \src1, \src3_and_dst, \src3_and_dst 252 + vpxor \src2, \src3_and_dst, \src3_and_dst 253 + .endif 254 + .endm 255 + 256 + // Given a 128-bit XTS tweak in the xmm register \src, compute the next tweak 257 + // (by multiplying by the polynomial 'x') and write it to \dst. 258 + .macro _next_tweak src, tmp, dst 259 + vpshufd $0x13, \src, \tmp 260 + vpaddq \src, \src, \dst 261 + vpsrad $31, \tmp, \tmp 262 + vpand GF_POLY_XMM, \tmp, \tmp 263 + vpxor \tmp, \dst, \dst 264 + .endm 265 + 266 + // Given the XTS tweak(s) in the vector \src, compute the next vector of 267 + // tweak(s) (by multiplying by the polynomial 'x^(VL/16)') and write it to \dst. 268 + // 269 + // If VL > 16, then there are multiple tweaks, and we use vpclmulqdq to compute 270 + // all tweaks in the vector in parallel. If VL=16, we just do the regular 271 + // computation without vpclmulqdq, as it's the faster method for a single tweak. 272 + .macro _next_tweakvec src, tmp1, tmp2, dst 273 + .if VL == 16 274 + _next_tweak \src, \tmp1, \dst 275 + .else 276 + vpsrlq $64 - VL/16, \src, \tmp1 277 + vpclmulqdq $0x01, GF_POLY, \tmp1, \tmp2 278 + vpslldq $8, \tmp1, \tmp1 279 + vpsllq $VL/16, \src, \dst 280 + _xor3 \tmp1, \tmp2, \dst 281 + .endif 282 + .endm 283 + 284 + // Given the first XTS tweak at (TWEAK), compute the first set of tweaks and 285 + // store them in the vector registers TWEAK0-TWEAK3. Clobbers V0-V5. 286 + .macro _compute_first_set_of_tweaks 287 + vmovdqu (TWEAK), TWEAK0_XMM 288 + _vbroadcast128 .Lgf_poly(%rip), GF_POLY 289 + .if VL == 16 290 + // With VL=16, multiplying by x serially is fastest. 291 + _next_tweak TWEAK0, %xmm0, TWEAK1 292 + _next_tweak TWEAK1, %xmm0, TWEAK2 293 + _next_tweak TWEAK2, %xmm0, TWEAK3 294 + .else 295 + .if VL == 32 296 + // Compute the second block of TWEAK0. 297 + _next_tweak TWEAK0_XMM, %xmm0, %xmm1 298 + vinserti128 $1, %xmm1, TWEAK0, TWEAK0 299 + .elseif VL == 64 300 + // Compute the remaining blocks of TWEAK0. 301 + _next_tweak TWEAK0_XMM, %xmm0, %xmm1 302 + _next_tweak %xmm1, %xmm0, %xmm2 303 + _next_tweak %xmm2, %xmm0, %xmm3 304 + vinserti32x4 $1, %xmm1, TWEAK0, TWEAK0 305 + vinserti32x4 $2, %xmm2, TWEAK0, TWEAK0 306 + vinserti32x4 $3, %xmm3, TWEAK0, TWEAK0 307 + .endif 308 + // Compute TWEAK[1-3] from TWEAK0. 309 + vpsrlq $64 - 1*VL/16, TWEAK0, V0 310 + vpsrlq $64 - 2*VL/16, TWEAK0, V2 311 + vpsrlq $64 - 3*VL/16, TWEAK0, V4 312 + vpclmulqdq $0x01, GF_POLY, V0, V1 313 + vpclmulqdq $0x01, GF_POLY, V2, V3 314 + vpclmulqdq $0x01, GF_POLY, V4, V5 315 + vpslldq $8, V0, V0 316 + vpslldq $8, V2, V2 317 + vpslldq $8, V4, V4 318 + vpsllq $1*VL/16, TWEAK0, TWEAK1 319 + vpsllq $2*VL/16, TWEAK0, TWEAK2 320 + vpsllq $3*VL/16, TWEAK0, TWEAK3 321 + .if USE_AVX10 322 + vpternlogd $0x96, V0, V1, TWEAK1 323 + vpternlogd $0x96, V2, V3, TWEAK2 324 + vpternlogd $0x96, V4, V5, TWEAK3 325 + .else 326 + vpxor V0, TWEAK1, TWEAK1 327 + vpxor V2, TWEAK2, TWEAK2 328 + vpxor V4, TWEAK3, TWEAK3 329 + vpxor V1, TWEAK1, TWEAK1 330 + vpxor V3, TWEAK2, TWEAK2 331 + vpxor V5, TWEAK3, TWEAK3 332 + .endif 333 + .endif 334 + .endm 335 + 336 + // Do one step in computing the next set of tweaks using the method of just 337 + // multiplying by x repeatedly (the same method _next_tweak uses). 338 + .macro _tweak_step_mulx i 339 + .if \i == 0 340 + .set PREV_TWEAK, TWEAK3 341 + .set NEXT_TWEAK, NEXT_TWEAK0 342 + .elseif \i == 5 343 + .set PREV_TWEAK, NEXT_TWEAK0 344 + .set NEXT_TWEAK, NEXT_TWEAK1 345 + .elseif \i == 10 346 + .set PREV_TWEAK, NEXT_TWEAK1 347 + .set NEXT_TWEAK, NEXT_TWEAK2 348 + .elseif \i == 15 349 + .set PREV_TWEAK, NEXT_TWEAK2 350 + .set NEXT_TWEAK, NEXT_TWEAK3 351 + .endif 352 + .if \i >= 0 && \i < 20 && \i % 5 == 0 353 + vpshufd $0x13, PREV_TWEAK, V5 354 + .elseif \i >= 0 && \i < 20 && \i % 5 == 1 355 + vpaddq PREV_TWEAK, PREV_TWEAK, NEXT_TWEAK 356 + .elseif \i >= 0 && \i < 20 && \i % 5 == 2 357 + vpsrad $31, V5, V5 358 + .elseif \i >= 0 && \i < 20 && \i % 5 == 3 359 + vpand GF_POLY, V5, V5 360 + .elseif \i >= 0 && \i < 20 && \i % 5 == 4 361 + vpxor V5, NEXT_TWEAK, NEXT_TWEAK 362 + .elseif \i == 1000 363 + vmovdqa NEXT_TWEAK0, TWEAK0 364 + vmovdqa NEXT_TWEAK1, TWEAK1 365 + vmovdqa NEXT_TWEAK2, TWEAK2 366 + vmovdqa NEXT_TWEAK3, TWEAK3 367 + .endif 368 + .endm 369 + 370 + // Do one step in computing the next set of tweaks using the VPCLMULQDQ method 371 + // (the same method _next_tweakvec uses for VL > 16). This means multiplying 372 + // each tweak by x^(4*VL/16) independently. Since 4*VL/16 is a multiple of 8 373 + // when VL > 16 (which it is here), the needed shift amounts are byte-aligned, 374 + // which allows the use of vpsrldq and vpslldq to do 128-bit wide shifts. 375 + .macro _tweak_step_pclmul i 376 + .if \i == 0 377 + vpsrldq $(128 - 4*VL/16) / 8, TWEAK0, NEXT_TWEAK0 378 + .elseif \i == 2 379 + vpsrldq $(128 - 4*VL/16) / 8, TWEAK1, NEXT_TWEAK1 380 + .elseif \i == 4 381 + vpsrldq $(128 - 4*VL/16) / 8, TWEAK2, NEXT_TWEAK2 382 + .elseif \i == 6 383 + vpsrldq $(128 - 4*VL/16) / 8, TWEAK3, NEXT_TWEAK3 384 + .elseif \i == 8 385 + vpclmulqdq $0x00, GF_POLY, NEXT_TWEAK0, NEXT_TWEAK0 386 + .elseif \i == 10 387 + vpclmulqdq $0x00, GF_POLY, NEXT_TWEAK1, NEXT_TWEAK1 388 + .elseif \i == 12 389 + vpclmulqdq $0x00, GF_POLY, NEXT_TWEAK2, NEXT_TWEAK2 390 + .elseif \i == 14 391 + vpclmulqdq $0x00, GF_POLY, NEXT_TWEAK3, NEXT_TWEAK3 392 + .elseif \i == 1000 393 + vpslldq $(4*VL/16) / 8, TWEAK0, TWEAK0 394 + vpslldq $(4*VL/16) / 8, TWEAK1, TWEAK1 395 + vpslldq $(4*VL/16) / 8, TWEAK2, TWEAK2 396 + vpslldq $(4*VL/16) / 8, TWEAK3, TWEAK3 397 + _vpxor NEXT_TWEAK0, TWEAK0, TWEAK0 398 + _vpxor NEXT_TWEAK1, TWEAK1, TWEAK1 399 + _vpxor NEXT_TWEAK2, TWEAK2, TWEAK2 400 + _vpxor NEXT_TWEAK3, TWEAK3, TWEAK3 401 + .endif 402 + .endm 403 + 404 + // _tweak_step does one step of the computation of the next set of tweaks from 405 + // TWEAK[0-3]. To complete all steps, this is invoked with increasing values of 406 + // \i that include at least 0 through 19, then 1000 which signals the last step. 407 + // 408 + // This is used to interleave the computation of the next set of tweaks with the 409 + // AES en/decryptions, which increases performance in some cases. 410 + .macro _tweak_step i 411 + .if VL == 16 412 + _tweak_step_mulx \i 413 + .else 414 + _tweak_step_pclmul \i 415 + .endif 416 + .endm 417 + 418 + .macro _setup_round_keys enc 419 + 420 + // Select either the encryption round keys or the decryption round keys. 421 + .if \enc 422 + .set OFFS, 0 423 + .else 424 + .set OFFS, 240 425 + .endif 426 + 427 + // Load the round key for "round 0". 428 + _vbroadcast128 OFFS(KEY), KEY0 429 + 430 + // Increment KEY to make it so that 7*16(KEY) is the last round key. 431 + // For AES-128, increment by 3*16, resulting in the 10 round keys (not 432 + // counting the zero-th round key which was just loaded into KEY0) being 433 + // -2*16(KEY) through 7*16(KEY). For AES-192, increment by 5*16 and use 434 + // 12 round keys -4*16(KEY) through 7*16(KEY). For AES-256, increment 435 + // by 7*16 and use 14 round keys -6*16(KEY) through 7*16(KEY). 436 + // 437 + // This rebasing provides two benefits. First, it makes the offset to 438 + // any round key be in the range [-96, 112], fitting in a signed byte. 439 + // This shortens VEX-encoded instructions that access the later round 440 + // keys which otherwise would need 4-byte offsets. Second, it makes it 441 + // easy to do AES-128 and AES-192 by skipping irrelevant rounds at the 442 + // beginning. Skipping rounds at the end doesn't work as well because 443 + // the last round needs different instructions. 444 + // 445 + // An alternative approach would be to roll up all the round loops. We 446 + // don't do that because it isn't compatible with caching the round keys 447 + // in registers which we do when possible (see below), and also because 448 + // it seems unwise to rely *too* heavily on the CPU's branch predictor. 449 + lea OFFS-16(KEY, KEYLEN64, 4), KEY 450 + 451 + // If all 32 SIMD registers are available, cache all the round keys. 452 + .if USE_AVX10 453 + cmp $24, KEYLEN 454 + jl .Laes128\@ 455 + je .Laes192\@ 456 + _vbroadcast128 -6*16(KEY), KEY1 457 + _vbroadcast128 -5*16(KEY), KEY2 458 + .Laes192\@: 459 + _vbroadcast128 -4*16(KEY), KEY3 460 + _vbroadcast128 -3*16(KEY), KEY4 461 + .Laes128\@: 462 + _vbroadcast128 -2*16(KEY), KEY5 463 + _vbroadcast128 -1*16(KEY), KEY6 464 + _vbroadcast128 0*16(KEY), KEY7 465 + _vbroadcast128 1*16(KEY), KEY8 466 + _vbroadcast128 2*16(KEY), KEY9 467 + _vbroadcast128 3*16(KEY), KEY10 468 + _vbroadcast128 4*16(KEY), KEY11 469 + _vbroadcast128 5*16(KEY), KEY12 470 + _vbroadcast128 6*16(KEY), KEY13 471 + _vbroadcast128 7*16(KEY), KEY14 472 + .endif 473 + .endm 474 + 475 + // Do a single round of AES encryption (if \enc==1) or decryption (if \enc==0) 476 + // on the block(s) in \data using the round key(s) in \key. The register length 477 + // determines the number of AES blocks en/decrypted. 478 + .macro _vaes enc, last, key, data 479 + .if \enc 480 + .if \last 481 + vaesenclast \key, \data, \data 482 + .else 483 + vaesenc \key, \data, \data 484 + .endif 485 + .else 486 + .if \last 487 + vaesdeclast \key, \data, \data 488 + .else 489 + vaesdec \key, \data, \data 490 + .endif 491 + .endif 492 + .endm 493 + 494 + // Do a single round of AES en/decryption on the block(s) in \data, using the 495 + // same key for all block(s). The round key is loaded from the appropriate 496 + // register or memory location for round \i. May clobber V4. 497 + .macro _vaes_1x enc, last, i, xmm_suffix, data 498 + .if USE_AVX10 499 + _vaes \enc, \last, KEY\i\xmm_suffix, \data 500 + .else 501 + .ifnb \xmm_suffix 502 + _vaes \enc, \last, (\i-7)*16(KEY), \data 503 + .else 504 + _vbroadcast128 (\i-7)*16(KEY), V4 505 + _vaes \enc, \last, V4, \data 506 + .endif 507 + .endif 508 + .endm 509 + 510 + // Do a single round of AES en/decryption on the blocks in registers V0-V3, 511 + // using the same key for all blocks. The round key is loaded from the 512 + // appropriate register or memory location for round \i. In addition, does two 513 + // steps of the computation of the next set of tweaks. May clobber V4. 514 + .macro _vaes_4x enc, last, i 515 + .if USE_AVX10 516 + _tweak_step (2*(\i-5)) 517 + _vaes \enc, \last, KEY\i, V0 518 + _vaes \enc, \last, KEY\i, V1 519 + _tweak_step (2*(\i-5) + 1) 520 + _vaes \enc, \last, KEY\i, V2 521 + _vaes \enc, \last, KEY\i, V3 522 + .else 523 + _vbroadcast128 (\i-7)*16(KEY), V4 524 + _tweak_step (2*(\i-5)) 525 + _vaes \enc, \last, V4, V0 526 + _vaes \enc, \last, V4, V1 527 + _tweak_step (2*(\i-5) + 1) 528 + _vaes \enc, \last, V4, V2 529 + _vaes \enc, \last, V4, V3 530 + .endif 531 + .endm 532 + 533 + // Do tweaked AES en/decryption (i.e., XOR with \tweak, then AES en/decrypt, 534 + // then XOR with \tweak again) of the block(s) in \data. To process a single 535 + // block, use xmm registers and set \xmm_suffix=_XMM. To process a vector of 536 + // length VL, use V* registers and leave \xmm_suffix empty. May clobber V4. 537 + .macro _aes_crypt enc, xmm_suffix, tweak, data 538 + _xor3 KEY0\xmm_suffix, \tweak, \data 539 + cmp $24, KEYLEN 540 + jl .Laes128\@ 541 + je .Laes192\@ 542 + _vaes_1x \enc, 0, 1, \xmm_suffix, \data 543 + _vaes_1x \enc, 0, 2, \xmm_suffix, \data 544 + .Laes192\@: 545 + _vaes_1x \enc, 0, 3, \xmm_suffix, \data 546 + _vaes_1x \enc, 0, 4, \xmm_suffix, \data 547 + .Laes128\@: 548 + _vaes_1x \enc, 0, 5, \xmm_suffix, \data 549 + _vaes_1x \enc, 0, 6, \xmm_suffix, \data 550 + _vaes_1x \enc, 0, 7, \xmm_suffix, \data 551 + _vaes_1x \enc, 0, 8, \xmm_suffix, \data 552 + _vaes_1x \enc, 0, 9, \xmm_suffix, \data 553 + _vaes_1x \enc, 0, 10, \xmm_suffix, \data 554 + _vaes_1x \enc, 0, 11, \xmm_suffix, \data 555 + _vaes_1x \enc, 0, 12, \xmm_suffix, \data 556 + _vaes_1x \enc, 0, 13, \xmm_suffix, \data 557 + _vaes_1x \enc, 1, 14, \xmm_suffix, \data 558 + _vpxor \tweak, \data, \data 559 + .endm 560 + 561 + .macro _aes_xts_crypt enc 562 + _define_aliases 563 + 564 + .if !\enc 565 + // When decrypting a message whose length isn't a multiple of the AES 566 + // block length, exclude the last full block from the main loop by 567 + // subtracting 16 from LEN. This is needed because ciphertext stealing 568 + // decryption uses the last two tweaks in reverse order. We'll handle 569 + // the last full block and the partial block specially at the end. 570 + lea -16(LEN), %eax 571 + test $15, LEN8 572 + cmovnz %eax, LEN 573 + .endif 574 + 575 + // Load the AES key length: 16 (AES-128), 24 (AES-192), or 32 (AES-256). 576 + movl 480(KEY), KEYLEN 577 + 578 + // Setup the pointer to the round keys and cache as many as possible. 579 + _setup_round_keys \enc 580 + 581 + // Compute the first set of tweaks TWEAK[0-3]. 582 + _compute_first_set_of_tweaks 583 + 584 + sub $4*VL, LEN 585 + jl .Lhandle_remainder\@ 586 + 587 + .Lmain_loop\@: 588 + // This is the main loop, en/decrypting 4*VL bytes per iteration. 589 + 590 + // XOR each source block with its tweak and the zero-th round key. 591 + .if USE_AVX10 592 + vmovdqu8 0*VL(SRC), V0 593 + vmovdqu8 1*VL(SRC), V1 594 + vmovdqu8 2*VL(SRC), V2 595 + vmovdqu8 3*VL(SRC), V3 596 + vpternlogd $0x96, TWEAK0, KEY0, V0 597 + vpternlogd $0x96, TWEAK1, KEY0, V1 598 + vpternlogd $0x96, TWEAK2, KEY0, V2 599 + vpternlogd $0x96, TWEAK3, KEY0, V3 600 + .else 601 + vpxor 0*VL(SRC), KEY0, V0 602 + vpxor 1*VL(SRC), KEY0, V1 603 + vpxor 2*VL(SRC), KEY0, V2 604 + vpxor 3*VL(SRC), KEY0, V3 605 + vpxor TWEAK0, V0, V0 606 + vpxor TWEAK1, V1, V1 607 + vpxor TWEAK2, V2, V2 608 + vpxor TWEAK3, V3, V3 609 + .endif 610 + cmp $24, KEYLEN 611 + jl .Laes128\@ 612 + je .Laes192\@ 613 + // Do all the AES rounds on the data blocks, interleaved with 614 + // the computation of the next set of tweaks. 615 + _vaes_4x \enc, 0, 1 616 + _vaes_4x \enc, 0, 2 617 + .Laes192\@: 618 + _vaes_4x \enc, 0, 3 619 + _vaes_4x \enc, 0, 4 620 + .Laes128\@: 621 + _vaes_4x \enc, 0, 5 622 + _vaes_4x \enc, 0, 6 623 + _vaes_4x \enc, 0, 7 624 + _vaes_4x \enc, 0, 8 625 + _vaes_4x \enc, 0, 9 626 + _vaes_4x \enc, 0, 10 627 + _vaes_4x \enc, 0, 11 628 + _vaes_4x \enc, 0, 12 629 + _vaes_4x \enc, 0, 13 630 + _vaes_4x \enc, 1, 14 631 + 632 + // XOR in the tweaks again. 633 + _vpxor TWEAK0, V0, V0 634 + _vpxor TWEAK1, V1, V1 635 + _vpxor TWEAK2, V2, V2 636 + _vpxor TWEAK3, V3, V3 637 + 638 + // Store the destination blocks. 639 + _vmovdqu V0, 0*VL(DST) 640 + _vmovdqu V1, 1*VL(DST) 641 + _vmovdqu V2, 2*VL(DST) 642 + _vmovdqu V3, 3*VL(DST) 643 + 644 + // Finish computing the next set of tweaks. 645 + _tweak_step 1000 646 + 647 + add $4*VL, SRC 648 + add $4*VL, DST 649 + sub $4*VL, LEN 650 + jge .Lmain_loop\@ 651 + 652 + // Check for the uncommon case where the data length isn't a multiple of 653 + // 4*VL. Handle it out-of-line in order to optimize for the common 654 + // case. In the common case, just fall through to the ret. 655 + test $4*VL-1, LEN8 656 + jnz .Lhandle_remainder\@ 657 + .Ldone\@: 658 + // Store the next tweak back to *TWEAK to support continuation calls. 659 + vmovdqu TWEAK0_XMM, (TWEAK) 660 + .if VL > 16 661 + vzeroupper 662 + .endif 663 + RET 664 + 665 + .Lhandle_remainder\@: 666 + 667 + // En/decrypt any remaining full blocks, one vector at a time. 668 + .if VL > 16 669 + add $3*VL, LEN // Undo extra sub of 4*VL, then sub VL. 670 + jl .Lvec_at_a_time_done\@ 671 + .Lvec_at_a_time\@: 672 + _vmovdqu (SRC), V0 673 + _aes_crypt \enc, , TWEAK0, V0 674 + _vmovdqu V0, (DST) 675 + _next_tweakvec TWEAK0, V0, V1, TWEAK0 676 + add $VL, SRC 677 + add $VL, DST 678 + sub $VL, LEN 679 + jge .Lvec_at_a_time\@ 680 + .Lvec_at_a_time_done\@: 681 + add $VL-16, LEN // Undo extra sub of VL, then sub 16. 682 + .else 683 + add $4*VL-16, LEN // Undo extra sub of 4*VL, then sub 16. 684 + .endif 685 + 686 + // En/decrypt any remaining full blocks, one at a time. 687 + jl .Lblock_at_a_time_done\@ 688 + .Lblock_at_a_time\@: 689 + vmovdqu (SRC), %xmm0 690 + _aes_crypt \enc, _XMM, TWEAK0_XMM, %xmm0 691 + vmovdqu %xmm0, (DST) 692 + _next_tweak TWEAK0_XMM, %xmm0, TWEAK0_XMM 693 + add $16, SRC 694 + add $16, DST 695 + sub $16, LEN 696 + jge .Lblock_at_a_time\@ 697 + .Lblock_at_a_time_done\@: 698 + add $16, LEN // Undo the extra sub of 16. 699 + // Now 0 <= LEN <= 15. If LEN is zero, we're done. 700 + jz .Ldone\@ 701 + 702 + // Otherwise 1 <= LEN <= 15, but the real remaining length is 16 + LEN. 703 + // Do ciphertext stealing to process the last 16 + LEN bytes. 704 + 705 + .if \enc 706 + // If encrypting, the main loop already encrypted the last full block to 707 + // create the CTS intermediate ciphertext. Prepare for the rest of CTS 708 + // by rewinding the pointers and loading the intermediate ciphertext. 709 + sub $16, SRC 710 + sub $16, DST 711 + vmovdqu (DST), %xmm0 712 + .else 713 + // If decrypting, the main loop didn't decrypt the last full block 714 + // because CTS decryption uses the last two tweaks in reverse order. 715 + // Do it now by advancing the tweak and decrypting the last full block. 716 + _next_tweak TWEAK0_XMM, %xmm0, TWEAK1_XMM 717 + vmovdqu (SRC), %xmm0 718 + _aes_crypt \enc, _XMM, TWEAK1_XMM, %xmm0 719 + .endif 720 + 721 + .if USE_AVX10 722 + // Create a mask that has the first LEN bits set. 723 + mov $-1, %r9d 724 + bzhi LEN, %r9d, %r9d 725 + kmovd %r9d, %k1 726 + 727 + // Swap the first LEN bytes of the en/decryption of the last full block 728 + // with the partial block. Note that to support in-place en/decryption, 729 + // the load from the src partial block must happen before the store to 730 + // the dst partial block. 731 + vmovdqa %xmm0, %xmm1 732 + vmovdqu8 16(SRC), %xmm0{%k1} 733 + vmovdqu8 %xmm1, 16(DST){%k1} 734 + .else 735 + lea .Lcts_permute_table(%rip), %r9 736 + 737 + // Load the src partial block, left-aligned. Note that to support 738 + // in-place en/decryption, this must happen before the store to the dst 739 + // partial block. 740 + vmovdqu (SRC, LEN64, 1), %xmm1 741 + 742 + // Shift the first LEN bytes of the en/decryption of the last full block 743 + // to the end of a register, then store it to DST+LEN. This stores the 744 + // dst partial block. It also writes to the second part of the dst last 745 + // full block, but that part is overwritten later. 746 + vpshufb (%r9, LEN64, 1), %xmm0, %xmm2 747 + vmovdqu %xmm2, (DST, LEN64, 1) 748 + 749 + // Make xmm3 contain [16-LEN,16-LEN+1,...,14,15,0x80,0x80,...]. 750 + sub LEN64, %r9 751 + vmovdqu 32(%r9), %xmm3 752 + 753 + // Shift the src partial block to the beginning of its register. 754 + vpshufb %xmm3, %xmm1, %xmm1 755 + 756 + // Do a blend to generate the src partial block followed by the second 757 + // part of the en/decryption of the last full block. 758 + vpblendvb %xmm3, %xmm0, %xmm1, %xmm0 759 + .endif 760 + // En/decrypt again and store the last full block. 761 + _aes_crypt \enc, _XMM, TWEAK0_XMM, %xmm0 762 + vmovdqu %xmm0, (DST) 763 + jmp .Ldone\@ 764 + .endm 765 + 766 + // void aes_xts_encrypt_iv(const struct crypto_aes_ctx *tweak_key, 767 + // u8 iv[AES_BLOCK_SIZE]); 768 + SYM_TYPED_FUNC_START(aes_xts_encrypt_iv) 769 + vmovdqu (%rsi), %xmm0 770 + vpxor (%rdi), %xmm0, %xmm0 771 + movl 480(%rdi), %eax // AES key length 772 + lea -16(%rdi, %rax, 4), %rdi 773 + cmp $24, %eax 774 + jl .Lencrypt_iv_aes128 775 + je .Lencrypt_iv_aes192 776 + vaesenc -6*16(%rdi), %xmm0, %xmm0 777 + vaesenc -5*16(%rdi), %xmm0, %xmm0 778 + .Lencrypt_iv_aes192: 779 + vaesenc -4*16(%rdi), %xmm0, %xmm0 780 + vaesenc -3*16(%rdi), %xmm0, %xmm0 781 + .Lencrypt_iv_aes128: 782 + vaesenc -2*16(%rdi), %xmm0, %xmm0 783 + vaesenc -1*16(%rdi), %xmm0, %xmm0 784 + vaesenc 0*16(%rdi), %xmm0, %xmm0 785 + vaesenc 1*16(%rdi), %xmm0, %xmm0 786 + vaesenc 2*16(%rdi), %xmm0, %xmm0 787 + vaesenc 3*16(%rdi), %xmm0, %xmm0 788 + vaesenc 4*16(%rdi), %xmm0, %xmm0 789 + vaesenc 5*16(%rdi), %xmm0, %xmm0 790 + vaesenc 6*16(%rdi), %xmm0, %xmm0 791 + vaesenclast 7*16(%rdi), %xmm0, %xmm0 792 + vmovdqu %xmm0, (%rsi) 793 + RET 794 + SYM_FUNC_END(aes_xts_encrypt_iv) 795 + 796 + // Below are the actual AES-XTS encryption and decryption functions, 797 + // instantiated from the above macro. They all have the following prototype: 798 + // 799 + // void (*xts_asm_func)(const struct crypto_aes_ctx *key, 800 + // const u8 *src, u8 *dst, unsigned int len, 801 + // u8 tweak[AES_BLOCK_SIZE]); 802 + // 803 + // |key| is the data key. |tweak| contains the next tweak; the encryption of 804 + // the original IV with the tweak key was already done. This function supports 805 + // incremental computation, but |len| must always be >= 16 (AES_BLOCK_SIZE), and 806 + // |len| must be a multiple of 16 except on the last call. If |len| is a 807 + // multiple of 16, then this function updates |tweak| to contain the next tweak. 808 + 809 + .set VL, 16 810 + .set USE_AVX10, 0 811 + SYM_TYPED_FUNC_START(aes_xts_encrypt_aesni_avx) 812 + _aes_xts_crypt 1 813 + SYM_FUNC_END(aes_xts_encrypt_aesni_avx) 814 + SYM_TYPED_FUNC_START(aes_xts_decrypt_aesni_avx) 815 + _aes_xts_crypt 0 816 + SYM_FUNC_END(aes_xts_decrypt_aesni_avx) 817 + 818 + #if defined(CONFIG_AS_VAES) && defined(CONFIG_AS_VPCLMULQDQ) 819 + .set VL, 32 820 + .set USE_AVX10, 0 821 + SYM_TYPED_FUNC_START(aes_xts_encrypt_vaes_avx2) 822 + _aes_xts_crypt 1 823 + SYM_FUNC_END(aes_xts_encrypt_vaes_avx2) 824 + SYM_TYPED_FUNC_START(aes_xts_decrypt_vaes_avx2) 825 + _aes_xts_crypt 0 826 + SYM_FUNC_END(aes_xts_decrypt_vaes_avx2) 827 + 828 + .set VL, 32 829 + .set USE_AVX10, 1 830 + SYM_TYPED_FUNC_START(aes_xts_encrypt_vaes_avx10_256) 831 + _aes_xts_crypt 1 832 + SYM_FUNC_END(aes_xts_encrypt_vaes_avx10_256) 833 + SYM_TYPED_FUNC_START(aes_xts_decrypt_vaes_avx10_256) 834 + _aes_xts_crypt 0 835 + SYM_FUNC_END(aes_xts_decrypt_vaes_avx10_256) 836 + 837 + .set VL, 64 838 + .set USE_AVX10, 1 839 + SYM_TYPED_FUNC_START(aes_xts_encrypt_vaes_avx10_512) 840 + _aes_xts_crypt 1 841 + SYM_FUNC_END(aes_xts_encrypt_vaes_avx10_512) 842 + SYM_TYPED_FUNC_START(aes_xts_decrypt_vaes_avx10_512) 843 + _aes_xts_crypt 0 844 + SYM_FUNC_END(aes_xts_decrypt_vaes_avx10_512) 845 + #endif /* CONFIG_AS_VAES && CONFIG_AS_VPCLMULQDQ */

+85 -384

arch/x86/crypto/aesni-intel_asm.S

··· 83 83 84 84 .text 85 85 86 - 87 - #define STACK_OFFSET 8*3 88 - 89 86 #define AadHash 16*0 90 87 #define AadLen 16*1 91 88 #define InLen (16*1)+8 ··· 113 116 #define arg4 rcx 114 117 #define arg5 r8 115 118 #define arg6 r9 116 - #define arg7 STACK_OFFSET+8(%rsp) 117 - #define arg8 STACK_OFFSET+16(%rsp) 118 - #define arg9 STACK_OFFSET+24(%rsp) 119 - #define arg10 STACK_OFFSET+32(%rsp) 120 - #define arg11 STACK_OFFSET+40(%rsp) 121 119 #define keysize 2*15*16(%arg1) 122 120 #endif 123 121 ··· 1499 1507 MOVADQ (%r10),\TMP1 1500 1508 aesenclast \TMP1,\XMM0 1501 1509 .endm 1502 - /***************************************************************************** 1503 - * void aesni_gcm_dec(void *aes_ctx, // AES Key schedule. Starts on a 16 byte boundary. 1504 - * struct gcm_context_data *data 1505 - * // Context data 1506 - * u8 *out, // Plaintext output. Encrypt in-place is allowed. 1507 - * const u8 *in, // Ciphertext input 1508 - * u64 plaintext_len, // Length of data in bytes for decryption. 1509 - * u8 *iv, // Pre-counter block j0: 4 byte salt (from Security Association) 1510 - * // concatenated with 8 byte Initialisation Vector (from IPSec ESP Payload) 1511 - * // concatenated with 0x00000001. 16-byte aligned pointer. 1512 - * u8 *hash_subkey, // H, the Hash sub key input. Data starts on a 16-byte boundary. 1513 - * const u8 *aad, // Additional Authentication Data (AAD) 1514 - * u64 aad_len, // Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 bytes 1515 - * u8 *auth_tag, // Authenticated Tag output. The driver will compare this to the 1516 - * // given authentication tag and only return the plaintext if they match. 1517 - * u64 auth_tag_len); // Authenticated Tag Length in bytes. Valid values are 16 1518 - * // (most likely), 12 or 8. 1519 - * 1520 - * Assumptions: 1521 - * 1522 - * keys: 1523 - * keys are pre-expanded and aligned to 16 bytes. we are using the first 1524 - * set of 11 keys in the data structure void *aes_ctx 1525 - * 1526 - * iv: 1527 - * 0 1 2 3 1528 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1529 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1530 - * | Salt (From the SA) | 1531 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1532 - * | Initialization Vector | 1533 - * | (This is the sequence number from IPSec header) | 1534 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1535 - * | 0x1 | 1536 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1537 - * 1538 - * 1539 - * 1540 - * AAD: 1541 - * AAD padded to 128 bits with 0 1542 - * for example, assume AAD is a u32 vector 1543 - * 1544 - * if AAD is 8 bytes: 1545 - * AAD[3] = {A0, A1}; 1546 - * padded AAD in xmm register = {A1 A0 0 0} 1547 - * 1548 - * 0 1 2 3 1549 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1550 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1551 - * | SPI (A1) | 1552 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1553 - * | 32-bit Sequence Number (A0) | 1554 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1555 - * | 0x0 | 1556 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1557 - * 1558 - * AAD Format with 32-bit Sequence Number 1559 - * 1560 - * if AAD is 12 bytes: 1561 - * AAD[3] = {A0, A1, A2}; 1562 - * padded AAD in xmm register = {A2 A1 A0 0} 1563 - * 1564 - * 0 1 2 3 1565 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1566 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1567 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1568 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1569 - * | SPI (A2) | 1570 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1571 - * | 64-bit Extended Sequence Number {A1,A0} | 1572 - * | | 1573 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1574 - * | 0x0 | 1575 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1576 - * 1577 - * AAD Format with 64-bit Extended Sequence Number 1578 - * 1579 - * poly = x^128 + x^127 + x^126 + x^121 + 1 1580 - * 1581 - *****************************************************************************/ 1582 - SYM_FUNC_START(aesni_gcm_dec) 1583 - FUNC_SAVE 1584 - 1585 - GCM_INIT %arg6, arg7, arg8, arg9 1586 - GCM_ENC_DEC dec 1587 - GCM_COMPLETE arg10, arg11 1588 - FUNC_RESTORE 1589 - RET 1590 - SYM_FUNC_END(aesni_gcm_dec) 1591 - 1592 - 1593 - /***************************************************************************** 1594 - * void aesni_gcm_enc(void *aes_ctx, // AES Key schedule. Starts on a 16 byte boundary. 1595 - * struct gcm_context_data *data 1596 - * // Context data 1597 - * u8 *out, // Ciphertext output. Encrypt in-place is allowed. 1598 - * const u8 *in, // Plaintext input 1599 - * u64 plaintext_len, // Length of data in bytes for encryption. 1600 - * u8 *iv, // Pre-counter block j0: 4 byte salt (from Security Association) 1601 - * // concatenated with 8 byte Initialisation Vector (from IPSec ESP Payload) 1602 - * // concatenated with 0x00000001. 16-byte aligned pointer. 1603 - * u8 *hash_subkey, // H, the Hash sub key input. Data starts on a 16-byte boundary. 1604 - * const u8 *aad, // Additional Authentication Data (AAD) 1605 - * u64 aad_len, // Length of AAD in bytes. With RFC4106 this is going to be 8 or 12 bytes 1606 - * u8 *auth_tag, // Authenticated Tag output. 1607 - * u64 auth_tag_len); // Authenticated Tag Length in bytes. Valid values are 16 (most likely), 1608 - * // 12 or 8. 1609 - * 1610 - * Assumptions: 1611 - * 1612 - * keys: 1613 - * keys are pre-expanded and aligned to 16 bytes. we are using the 1614 - * first set of 11 keys in the data structure void *aes_ctx 1615 - * 1616 - * 1617 - * iv: 1618 - * 0 1 2 3 1619 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1620 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1621 - * | Salt (From the SA) | 1622 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1623 - * | Initialization Vector | 1624 - * | (This is the sequence number from IPSec header) | 1625 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1626 - * | 0x1 | 1627 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1628 - * 1629 - * 1630 - * 1631 - * AAD: 1632 - * AAD padded to 128 bits with 0 1633 - * for example, assume AAD is a u32 vector 1634 - * 1635 - * if AAD is 8 bytes: 1636 - * AAD[3] = {A0, A1}; 1637 - * padded AAD in xmm register = {A1 A0 0 0} 1638 - * 1639 - * 0 1 2 3 1640 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1641 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1642 - * | SPI (A1) | 1643 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1644 - * | 32-bit Sequence Number (A0) | 1645 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1646 - * | 0x0 | 1647 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1648 - * 1649 - * AAD Format with 32-bit Sequence Number 1650 - * 1651 - * if AAD is 12 bytes: 1652 - * AAD[3] = {A0, A1, A2}; 1653 - * padded AAD in xmm register = {A2 A1 A0 0} 1654 - * 1655 - * 0 1 2 3 1656 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1657 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1658 - * | SPI (A2) | 1659 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1660 - * | 64-bit Extended Sequence Number {A1,A0} | 1661 - * | | 1662 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1663 - * | 0x0 | 1664 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1665 - * 1666 - * AAD Format with 64-bit Extended Sequence Number 1667 - * 1668 - * poly = x^128 + x^127 + x^126 + x^121 + 1 1669 - ***************************************************************************/ 1670 - SYM_FUNC_START(aesni_gcm_enc) 1671 - FUNC_SAVE 1672 - 1673 - GCM_INIT %arg6, arg7, arg8, arg9 1674 - GCM_ENC_DEC enc 1675 - 1676 - GCM_COMPLETE arg10, arg11 1677 - FUNC_RESTORE 1678 - RET 1679 - SYM_FUNC_END(aesni_gcm_enc) 1680 1510 1681 1511 /***************************************************************************** 1682 1512 * void aesni_gcm_init(void *aes_ctx, // AES Key schedule. Starts on a 16 byte boundary. ··· 1634 1820 SYM_FUNC_END(_key_expansion_256b) 1635 1821 1636 1822 /* 1637 - * int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key, 1638 - * unsigned int key_len) 1823 + * void aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key, 1824 + * unsigned int key_len) 1639 1825 */ 1640 1826 SYM_FUNC_START(aesni_set_key) 1641 1827 FRAME_BEGIN ··· 1740 1926 sub $0x10, UKEYP 1741 1927 cmp TKEYP, KEYP 1742 1928 jb .Ldec_key_loop 1743 - xor AREG, AREG 1744 1929 #ifndef __x86_64__ 1745 1930 popl KEYP 1746 1931 #endif ··· 2639 2826 .previous 2640 2827 2641 2828 /* 2642 - * _aesni_gf128mul_x_ble: internal ABI 2643 - * Multiply in GF(2^128) for XTS IVs 2829 + * _aesni_gf128mul_x_ble: Multiply in GF(2^128) for XTS IVs 2644 2830 * input: 2645 2831 * IV: current IV 2646 2832 * GF128MUL_MASK == mask with 0x87 and 0x01 2647 2833 * output: 2648 2834 * IV: next IV 2649 2835 * changed: 2650 - * CTR: == temporary value 2836 + * KEY: == temporary value 2651 2837 */ 2652 - #define _aesni_gf128mul_x_ble() \ 2653 - pshufd $0x13, IV, KEY; \ 2654 - paddq IV, IV; \ 2655 - psrad $31, KEY; \ 2656 - pand GF128MUL_MASK, KEY; \ 2657 - pxor KEY, IV; 2838 + .macro _aesni_gf128mul_x_ble 2839 + pshufd $0x13, IV, KEY 2840 + paddq IV, IV 2841 + psrad $31, KEY 2842 + pand GF128MUL_MASK, KEY 2843 + pxor KEY, IV 2844 + .endm 2658 2845 2659 - /* 2660 - * void aesni_xts_encrypt(const struct crypto_aes_ctx *ctx, u8 *dst, 2661 - * const u8 *src, unsigned int len, le128 *iv) 2662 - */ 2663 - SYM_FUNC_START(aesni_xts_encrypt) 2846 + .macro _aesni_xts_crypt enc 2664 2847 FRAME_BEGIN 2665 2848 #ifndef __x86_64__ 2666 2849 pushl IVP ··· 2675 2866 movups (IVP), IV 2676 2867 2677 2868 mov 480(KEYP), KLEN 2678 - 2679 - .Lxts_enc_loop4: 2680 - sub $64, LEN 2681 - jl .Lxts_enc_1x 2682 - 2683 - movdqa IV, STATE1 2684 - movdqu 0x00(INP), IN 2685 - pxor IN, STATE1 2686 - movdqu IV, 0x00(OUTP) 2687 - 2688 - _aesni_gf128mul_x_ble() 2689 - movdqa IV, STATE2 2690 - movdqu 0x10(INP), IN 2691 - pxor IN, STATE2 2692 - movdqu IV, 0x10(OUTP) 2693 - 2694 - _aesni_gf128mul_x_ble() 2695 - movdqa IV, STATE3 2696 - movdqu 0x20(INP), IN 2697 - pxor IN, STATE3 2698 - movdqu IV, 0x20(OUTP) 2699 - 2700 - _aesni_gf128mul_x_ble() 2701 - movdqa IV, STATE4 2702 - movdqu 0x30(INP), IN 2703 - pxor IN, STATE4 2704 - movdqu IV, 0x30(OUTP) 2705 - 2706 - call _aesni_enc4 2707 - 2708 - movdqu 0x00(OUTP), IN 2709 - pxor IN, STATE1 2710 - movdqu STATE1, 0x00(OUTP) 2711 - 2712 - movdqu 0x10(OUTP), IN 2713 - pxor IN, STATE2 2714 - movdqu STATE2, 0x10(OUTP) 2715 - 2716 - movdqu 0x20(OUTP), IN 2717 - pxor IN, STATE3 2718 - movdqu STATE3, 0x20(OUTP) 2719 - 2720 - movdqu 0x30(OUTP), IN 2721 - pxor IN, STATE4 2722 - movdqu STATE4, 0x30(OUTP) 2723 - 2724 - _aesni_gf128mul_x_ble() 2725 - 2726 - add $64, INP 2727 - add $64, OUTP 2728 - test LEN, LEN 2729 - jnz .Lxts_enc_loop4 2730 - 2731 - .Lxts_enc_ret_iv: 2732 - movups IV, (IVP) 2733 - 2734 - .Lxts_enc_ret: 2735 - #ifndef __x86_64__ 2736 - popl KLEN 2737 - popl KEYP 2738 - popl LEN 2739 - popl IVP 2740 - #endif 2741 - FRAME_END 2742 - RET 2743 - 2744 - .Lxts_enc_1x: 2745 - add $64, LEN 2746 - jz .Lxts_enc_ret_iv 2747 - sub $16, LEN 2748 - jl .Lxts_enc_cts4 2749 - 2750 - .Lxts_enc_loop1: 2751 - movdqu (INP), STATE 2752 - pxor IV, STATE 2753 - call _aesni_enc1 2754 - pxor IV, STATE 2755 - _aesni_gf128mul_x_ble() 2756 - 2757 - test LEN, LEN 2758 - jz .Lxts_enc_out 2759 - 2760 - add $16, INP 2761 - sub $16, LEN 2762 - jl .Lxts_enc_cts1 2763 - 2764 - movdqu STATE, (OUTP) 2765 - add $16, OUTP 2766 - jmp .Lxts_enc_loop1 2767 - 2768 - .Lxts_enc_out: 2769 - movdqu STATE, (OUTP) 2770 - jmp .Lxts_enc_ret_iv 2771 - 2772 - .Lxts_enc_cts4: 2773 - movdqa STATE4, STATE 2774 - sub $16, OUTP 2775 - 2776 - .Lxts_enc_cts1: 2777 - #ifndef __x86_64__ 2778 - lea .Lcts_permute_table, T1 2779 - #else 2780 - lea .Lcts_permute_table(%rip), T1 2781 - #endif 2782 - add LEN, INP /* rewind input pointer */ 2783 - add $16, LEN /* # bytes in final block */ 2784 - movups (INP), IN1 2785 - 2786 - mov T1, IVP 2787 - add $32, IVP 2788 - add LEN, T1 2789 - sub LEN, IVP 2790 - add OUTP, LEN 2791 - 2792 - movups (T1), %xmm4 2793 - movaps STATE, IN2 2794 - pshufb %xmm4, STATE 2795 - movups STATE, (LEN) 2796 - 2797 - movups (IVP), %xmm0 2798 - pshufb %xmm0, IN1 2799 - pblendvb IN2, IN1 2800 - movaps IN1, STATE 2801 - 2802 - pxor IV, STATE 2803 - call _aesni_enc1 2804 - pxor IV, STATE 2805 - 2806 - movups STATE, (OUTP) 2807 - jmp .Lxts_enc_ret 2808 - SYM_FUNC_END(aesni_xts_encrypt) 2809 - 2810 - /* 2811 - * void aesni_xts_decrypt(const struct crypto_aes_ctx *ctx, u8 *dst, 2812 - * const u8 *src, unsigned int len, le128 *iv) 2813 - */ 2814 - SYM_FUNC_START(aesni_xts_decrypt) 2815 - FRAME_BEGIN 2816 - #ifndef __x86_64__ 2817 - pushl IVP 2818 - pushl LEN 2819 - pushl KEYP 2820 - pushl KLEN 2821 - movl (FRAME_OFFSET+20)(%esp), KEYP # ctx 2822 - movl (FRAME_OFFSET+24)(%esp), OUTP # dst 2823 - movl (FRAME_OFFSET+28)(%esp), INP # src 2824 - movl (FRAME_OFFSET+32)(%esp), LEN # len 2825 - movl (FRAME_OFFSET+36)(%esp), IVP # iv 2826 - movdqa .Lgf128mul_x_ble_mask, GF128MUL_MASK 2827 - #else 2828 - movdqa .Lgf128mul_x_ble_mask(%rip), GF128MUL_MASK 2829 - #endif 2830 - movups (IVP), IV 2831 - 2832 - mov 480(KEYP), KLEN 2869 + .if !\enc 2833 2870 add $240, KEYP 2834 2871 2835 2872 test $15, LEN 2836 - jz .Lxts_dec_loop4 2873 + jz .Lxts_loop4\@ 2837 2874 sub $16, LEN 2875 + .endif 2838 2876 2839 - .Lxts_dec_loop4: 2877 + .Lxts_loop4\@: 2840 2878 sub $64, LEN 2841 - jl .Lxts_dec_1x 2879 + jl .Lxts_1x\@ 2842 2880 2843 2881 movdqa IV, STATE1 2844 2882 movdqu 0x00(INP), IN 2845 2883 pxor IN, STATE1 2846 2884 movdqu IV, 0x00(OUTP) 2847 2885 2848 - _aesni_gf128mul_x_ble() 2886 + _aesni_gf128mul_x_ble 2849 2887 movdqa IV, STATE2 2850 2888 movdqu 0x10(INP), IN 2851 2889 pxor IN, STATE2 2852 2890 movdqu IV, 0x10(OUTP) 2853 2891 2854 - _aesni_gf128mul_x_ble() 2892 + _aesni_gf128mul_x_ble 2855 2893 movdqa IV, STATE3 2856 2894 movdqu 0x20(INP), IN 2857 2895 pxor IN, STATE3 2858 2896 movdqu IV, 0x20(OUTP) 2859 2897 2860 - _aesni_gf128mul_x_ble() 2898 + _aesni_gf128mul_x_ble 2861 2899 movdqa IV, STATE4 2862 2900 movdqu 0x30(INP), IN 2863 2901 pxor IN, STATE4 2864 2902 movdqu IV, 0x30(OUTP) 2865 2903 2904 + .if \enc 2905 + call _aesni_enc4 2906 + .else 2866 2907 call _aesni_dec4 2908 + .endif 2867 2909 2868 2910 movdqu 0x00(OUTP), IN 2869 2911 pxor IN, STATE1 ··· 2732 3072 pxor IN, STATE4 2733 3073 movdqu STATE4, 0x30(OUTP) 2734 3074 2735 - _aesni_gf128mul_x_ble() 3075 + _aesni_gf128mul_x_ble 2736 3076 2737 3077 add $64, INP 2738 3078 add $64, OUTP 2739 3079 test LEN, LEN 2740 - jnz .Lxts_dec_loop4 3080 + jnz .Lxts_loop4\@ 2741 3081 2742 - .Lxts_dec_ret_iv: 3082 + .Lxts_ret_iv\@: 2743 3083 movups IV, (IVP) 2744 3084 2745 - .Lxts_dec_ret: 3085 + .Lxts_ret\@: 2746 3086 #ifndef __x86_64__ 2747 3087 popl KLEN 2748 3088 popl KEYP ··· 2752 3092 FRAME_END 2753 3093 RET 2754 3094 2755 - .Lxts_dec_1x: 3095 + .Lxts_1x\@: 2756 3096 add $64, LEN 2757 - jz .Lxts_dec_ret_iv 3097 + jz .Lxts_ret_iv\@ 3098 + .if \enc 3099 + sub $16, LEN 3100 + jl .Lxts_cts4\@ 3101 + .endif 2758 3102 2759 - .Lxts_dec_loop1: 3103 + .Lxts_loop1\@: 2760 3104 movdqu (INP), STATE 2761 - 3105 + .if \enc 3106 + pxor IV, STATE 3107 + call _aesni_enc1 3108 + .else 2762 3109 add $16, INP 2763 3110 sub $16, LEN 2764 - jl .Lxts_dec_cts1 2765 - 3111 + jl .Lxts_cts1\@ 2766 3112 pxor IV, STATE 2767 3113 call _aesni_dec1 3114 + .endif 2768 3115 pxor IV, STATE 2769 - _aesni_gf128mul_x_ble() 3116 + _aesni_gf128mul_x_ble 2770 3117 2771 3118 test LEN, LEN 2772 - jz .Lxts_dec_out 3119 + jz .Lxts_out\@ 3120 + 3121 + .if \enc 3122 + add $16, INP 3123 + sub $16, LEN 3124 + jl .Lxts_cts1\@ 3125 + .endif 2773 3126 2774 3127 movdqu STATE, (OUTP) 2775 3128 add $16, OUTP 2776 - jmp .Lxts_dec_loop1 3129 + jmp .Lxts_loop1\@ 2777 3130 2778 - .Lxts_dec_out: 3131 + .Lxts_out\@: 2779 3132 movdqu STATE, (OUTP) 2780 - jmp .Lxts_dec_ret_iv 3133 + jmp .Lxts_ret_iv\@ 2781 3134 2782 - .Lxts_dec_cts1: 3135 + .if \enc 3136 + .Lxts_cts4\@: 3137 + movdqa STATE4, STATE 3138 + sub $16, OUTP 3139 + .Lxts_cts1\@: 3140 + .else 3141 + .Lxts_cts1\@: 2783 3142 movdqa IV, STATE4 2784 - _aesni_gf128mul_x_ble() 3143 + _aesni_gf128mul_x_ble 2785 3144 2786 3145 pxor IV, STATE 2787 3146 call _aesni_dec1 2788 3147 pxor IV, STATE 2789 - 3148 + .endif 2790 3149 #ifndef __x86_64__ 2791 3150 lea .Lcts_permute_table, T1 2792 3151 #else ··· 2831 3152 pblendvb IN2, IN1 2832 3153 movaps IN1, STATE 2833 3154 3155 + .if \enc 3156 + pxor IV, STATE 3157 + call _aesni_enc1 3158 + pxor IV, STATE 3159 + .else 2834 3160 pxor STATE4, STATE 2835 3161 call _aesni_dec1 2836 3162 pxor STATE4, STATE 3163 + .endif 2837 3164 2838 3165 movups STATE, (OUTP) 2839 - jmp .Lxts_dec_ret 2840 - SYM_FUNC_END(aesni_xts_decrypt) 3166 + jmp .Lxts_ret\@ 3167 + .endm 3168 + 3169 + /* 3170 + * void aesni_xts_enc(const struct crypto_aes_ctx *ctx, u8 *dst, 3171 + * const u8 *src, unsigned int len, le128 *iv) 3172 + */ 3173 + SYM_FUNC_START(aesni_xts_enc) 3174 + _aesni_xts_crypt 1 3175 + SYM_FUNC_END(aesni_xts_enc) 3176 + 3177 + /* 3178 + * void aesni_xts_dec(const struct crypto_aes_ctx *ctx, u8 *dst, 3179 + * const u8 *src, unsigned int len, le128 *iv) 3180 + */ 3181 + SYM_FUNC_START(aesni_xts_dec) 3182 + _aesni_xts_crypt 0 3183 + SYM_FUNC_END(aesni_xts_dec)

+300 -120

arch/x86/crypto/aesni-intel_glue.c

··· 40 40 #define AESNI_ALIGN 16 41 41 #define AESNI_ALIGN_ATTR __attribute__ ((__aligned__(AESNI_ALIGN))) 42 42 #define AES_BLOCK_MASK (~(AES_BLOCK_SIZE - 1)) 43 - #define RFC4106_HASH_SUBKEY_SIZE 16 44 43 #define AESNI_ALIGN_EXTRA ((AESNI_ALIGN - 1) & ~(CRYPTO_MINALIGN - 1)) 45 44 #define CRYPTO_AES_CTX_SIZE (sizeof(struct crypto_aes_ctx) + AESNI_ALIGN_EXTRA) 46 45 #define XTS_AES_CTX_SIZE (sizeof(struct aesni_xts_ctx) + AESNI_ALIGN_EXTRA) ··· 86 87 return PTR_ALIGN(addr, AESNI_ALIGN); 87 88 } 88 89 89 - asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key, 90 - unsigned int key_len); 90 + asmlinkage void aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key, 91 + unsigned int key_len); 91 92 asmlinkage void aesni_enc(const void *ctx, u8 *out, const u8 *in); 92 93 asmlinkage void aesni_dec(const void *ctx, u8 *out, const u8 *in); 93 94 asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out, ··· 106 107 #define AVX_GEN2_OPTSIZE 640 107 108 #define AVX_GEN4_OPTSIZE 4096 108 109 109 - asmlinkage void aesni_xts_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, 110 - const u8 *in, unsigned int len, u8 *iv); 110 + asmlinkage void aesni_xts_enc(const struct crypto_aes_ctx *ctx, u8 *out, 111 + const u8 *in, unsigned int len, u8 *iv); 111 112 112 - asmlinkage void aesni_xts_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, 113 - const u8 *in, unsigned int len, u8 *iv); 113 + asmlinkage void aesni_xts_dec(const struct crypto_aes_ctx *ctx, u8 *out, 114 + const u8 *in, unsigned int len, u8 *iv); 114 115 115 116 #ifdef CONFIG_X86_64 116 117 ··· 232 233 { 233 234 int err; 234 235 235 - if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 && 236 - key_len != AES_KEYSIZE_256) 237 - return -EINVAL; 238 - 239 236 if (!crypto_simd_usable()) 240 - err = aes_expandkey(ctx, in_key, key_len); 241 - else { 242 - kernel_fpu_begin(); 243 - err = aesni_set_key(ctx, in_key, key_len); 244 - kernel_fpu_end(); 245 - } 237 + return aes_expandkey(ctx, in_key, key_len); 246 238 247 - return err; 239 + err = aes_check_keylen(key_len); 240 + if (err) 241 + return err; 242 + 243 + kernel_fpu_begin(); 244 + aesni_set_key(ctx, in_key, key_len); 245 + kernel_fpu_end(); 246 + return 0; 248 247 } 249 248 250 249 static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, ··· 589 592 return err; 590 593 } 591 594 592 - static int 593 - rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len) 595 + static int aes_gcm_derive_hash_subkey(const struct crypto_aes_ctx *aes_key, 596 + u8 hash_subkey[AES_BLOCK_SIZE]) 594 597 { 595 - struct crypto_aes_ctx ctx; 596 - int ret; 598 + static const u8 zeroes[AES_BLOCK_SIZE]; 597 599 598 - ret = aes_expandkey(&ctx, key, key_len); 599 - if (ret) 600 - return ret; 601 - 602 - /* Clear the data in the hash sub key container to zero.*/ 603 - /* We want to cipher all zeros to create the hash sub key. */ 604 - memset(hash_subkey, 0, RFC4106_HASH_SUBKEY_SIZE); 605 - 606 - aes_encrypt(&ctx, hash_subkey, hash_subkey); 607 - 608 - memzero_explicit(&ctx, sizeof(ctx)); 600 + aes_encrypt(aes_key, hash_subkey, zeroes); 609 601 return 0; 610 602 } 611 603 ··· 612 626 memcpy(ctx->nonce, key + key_len, sizeof(ctx->nonce)); 613 627 614 628 return aes_set_key_common(&ctx->aes_key_expanded, key, key_len) ?: 615 - rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len); 629 + aes_gcm_derive_hash_subkey(&ctx->aes_key_expanded, 630 + ctx->hash_subkey); 616 631 } 617 632 618 633 /* This is the Integrity Check Value (aka the authentication tag) length and can ··· 864 877 } 865 878 #endif 866 879 867 - static int xts_aesni_setkey(struct crypto_skcipher *tfm, const u8 *key, 880 + static int xts_setkey_aesni(struct crypto_skcipher *tfm, const u8 *key, 868 881 unsigned int keylen) 869 882 { 870 883 struct aesni_xts_ctx *ctx = aes_xts_ctx(tfm); ··· 885 898 return aes_set_key_common(&ctx->tweak_ctx, key + keylen, keylen); 886 899 } 887 900 888 - static int xts_crypt(struct skcipher_request *req, bool encrypt) 901 + typedef void (*xts_encrypt_iv_func)(const struct crypto_aes_ctx *tweak_key, 902 + u8 iv[AES_BLOCK_SIZE]); 903 + typedef void (*xts_crypt_func)(const struct crypto_aes_ctx *key, 904 + const u8 *src, u8 *dst, unsigned int len, 905 + u8 tweak[AES_BLOCK_SIZE]); 906 + 907 + /* This handles cases where the source and/or destination span pages. */ 908 + static noinline int 909 + xts_crypt_slowpath(struct skcipher_request *req, xts_crypt_func crypt_func) 889 910 { 890 911 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 891 - struct aesni_xts_ctx *ctx = aes_xts_ctx(tfm); 912 + const struct aesni_xts_ctx *ctx = aes_xts_ctx(tfm); 892 913 int tail = req->cryptlen % AES_BLOCK_SIZE; 914 + struct scatterlist sg_src[2], sg_dst[2]; 893 915 struct skcipher_request subreq; 894 916 struct skcipher_walk walk; 917 + struct scatterlist *src, *dst; 895 918 int err; 896 919 897 - if (req->cryptlen < AES_BLOCK_SIZE) 898 - return -EINVAL; 899 - 900 - err = skcipher_walk_virt(&walk, req, false); 901 - if (!walk.nbytes) 902 - return err; 903 - 904 - if (unlikely(tail > 0 && walk.nbytes < walk.total)) { 905 - int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2; 906 - 907 - skcipher_walk_abort(&walk); 908 - 920 + /* 921 + * If the message length isn't divisible by the AES block size, then 922 + * separate off the last full block and the partial block. This ensures 923 + * that they are processed in the same call to the assembly function, 924 + * which is required for ciphertext stealing. 925 + */ 926 + if (tail) { 909 927 skcipher_request_set_tfm(&subreq, tfm); 910 928 skcipher_request_set_callback(&subreq, 911 929 skcipher_request_flags(req), 912 930 NULL, NULL); 913 931 skcipher_request_set_crypt(&subreq, req->src, req->dst, 914 - blocks * AES_BLOCK_SIZE, req->iv); 932 + req->cryptlen - tail - AES_BLOCK_SIZE, 933 + req->iv); 915 934 req = &subreq; 916 - 917 - err = skcipher_walk_virt(&walk, req, false); 918 - if (!walk.nbytes) 919 - return err; 920 - } else { 921 - tail = 0; 922 935 } 936 + 937 + err = skcipher_walk_virt(&walk, req, false); 938 + 939 + while (walk.nbytes) { 940 + kernel_fpu_begin(); 941 + (*crypt_func)(&ctx->crypt_ctx, 942 + walk.src.virt.addr, walk.dst.virt.addr, 943 + walk.nbytes & ~(AES_BLOCK_SIZE - 1), req->iv); 944 + kernel_fpu_end(); 945 + err = skcipher_walk_done(&walk, 946 + walk.nbytes & (AES_BLOCK_SIZE - 1)); 947 + } 948 + 949 + if (err || !tail) 950 + return err; 951 + 952 + /* Do ciphertext stealing with the last full block and partial block. */ 953 + 954 + dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen); 955 + if (req->dst != req->src) 956 + dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen); 957 + 958 + skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail, 959 + req->iv); 960 + 961 + err = skcipher_walk_virt(&walk, req, false); 962 + if (err) 963 + return err; 923 964 924 965 kernel_fpu_begin(); 966 + (*crypt_func)(&ctx->crypt_ctx, walk.src.virt.addr, walk.dst.virt.addr, 967 + walk.nbytes, req->iv); 968 + kernel_fpu_end(); 925 969 926 - /* calculate first value of T */ 927 - aesni_enc(&ctx->tweak_ctx, walk.iv, walk.iv); 928 - 929 - while (walk.nbytes > 0) { 930 - int nbytes = walk.nbytes; 931 - 932 - if (nbytes < walk.total) 933 - nbytes &= ~(AES_BLOCK_SIZE - 1); 934 - 935 - if (encrypt) 936 - aesni_xts_encrypt(&ctx->crypt_ctx, 937 - walk.dst.virt.addr, walk.src.virt.addr, 938 - nbytes, walk.iv); 939 - else 940 - aesni_xts_decrypt(&ctx->crypt_ctx, 941 - walk.dst.virt.addr, walk.src.virt.addr, 942 - nbytes, walk.iv); 943 - kernel_fpu_end(); 944 - 945 - err = skcipher_walk_done(&walk, walk.nbytes - nbytes); 946 - 947 - if (walk.nbytes > 0) 948 - kernel_fpu_begin(); 949 - } 950 - 951 - if (unlikely(tail > 0 && !err)) { 952 - struct scatterlist sg_src[2], sg_dst[2]; 953 - struct scatterlist *src, *dst; 954 - 955 - dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen); 956 - if (req->dst != req->src) 957 - dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen); 958 - 959 - skcipher_request_set_crypt(req, src, dst, AES_BLOCK_SIZE + tail, 960 - req->iv); 961 - 962 - err = skcipher_walk_virt(&walk, &subreq, false); 963 - if (err) 964 - return err; 965 - 966 - kernel_fpu_begin(); 967 - if (encrypt) 968 - aesni_xts_encrypt(&ctx->crypt_ctx, 969 - walk.dst.virt.addr, walk.src.virt.addr, 970 - walk.nbytes, walk.iv); 971 - else 972 - aesni_xts_decrypt(&ctx->crypt_ctx, 973 - walk.dst.virt.addr, walk.src.virt.addr, 974 - walk.nbytes, walk.iv); 975 - kernel_fpu_end(); 976 - 977 - err = skcipher_walk_done(&walk, 0); 978 - } 979 - return err; 970 + return skcipher_walk_done(&walk, 0); 980 971 } 981 972 982 - static int xts_encrypt(struct skcipher_request *req) 973 + /* __always_inline to avoid indirect call in fastpath */ 974 + static __always_inline int 975 + xts_crypt(struct skcipher_request *req, xts_encrypt_iv_func encrypt_iv, 976 + xts_crypt_func crypt_func) 983 977 { 984 - return xts_crypt(req, true); 978 + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 979 + const struct aesni_xts_ctx *ctx = aes_xts_ctx(tfm); 980 + const unsigned int cryptlen = req->cryptlen; 981 + struct scatterlist *src = req->src; 982 + struct scatterlist *dst = req->dst; 983 + 984 + if (unlikely(cryptlen < AES_BLOCK_SIZE)) 985 + return -EINVAL; 986 + 987 + kernel_fpu_begin(); 988 + (*encrypt_iv)(&ctx->tweak_ctx, req->iv); 989 + 990 + /* 991 + * In practice, virtually all XTS plaintexts and ciphertexts are either 992 + * 512 or 4096 bytes, aligned such that they don't span page boundaries. 993 + * To optimize the performance of these cases, and also any other case 994 + * where no page boundary is spanned, the below fast-path handles 995 + * single-page sources and destinations as efficiently as possible. 996 + */ 997 + if (likely(src->length >= cryptlen && dst->length >= cryptlen && 998 + src->offset + cryptlen <= PAGE_SIZE && 999 + dst->offset + cryptlen <= PAGE_SIZE)) { 1000 + struct page *src_page = sg_page(src); 1001 + struct page *dst_page = sg_page(dst); 1002 + void *src_virt = kmap_local_page(src_page) + src->offset; 1003 + void *dst_virt = kmap_local_page(dst_page) + dst->offset; 1004 + 1005 + (*crypt_func)(&ctx->crypt_ctx, src_virt, dst_virt, cryptlen, 1006 + req->iv); 1007 + kunmap_local(dst_virt); 1008 + kunmap_local(src_virt); 1009 + kernel_fpu_end(); 1010 + return 0; 1011 + } 1012 + kernel_fpu_end(); 1013 + return xts_crypt_slowpath(req, crypt_func); 985 1014 } 986 1015 987 - static int xts_decrypt(struct skcipher_request *req) 1016 + static void aesni_xts_encrypt_iv(const struct crypto_aes_ctx *tweak_key, 1017 + u8 iv[AES_BLOCK_SIZE]) 988 1018 { 989 - return xts_crypt(req, false); 1019 + aesni_enc(tweak_key, iv, iv); 1020 + } 1021 + 1022 + static void aesni_xts_encrypt(const struct crypto_aes_ctx *key, 1023 + const u8 *src, u8 *dst, unsigned int len, 1024 + u8 tweak[AES_BLOCK_SIZE]) 1025 + { 1026 + aesni_xts_enc(key, dst, src, len, tweak); 1027 + } 1028 + 1029 + static void aesni_xts_decrypt(const struct crypto_aes_ctx *key, 1030 + const u8 *src, u8 *dst, unsigned int len, 1031 + u8 tweak[AES_BLOCK_SIZE]) 1032 + { 1033 + aesni_xts_dec(key, dst, src, len, tweak); 1034 + } 1035 + 1036 + static int xts_encrypt_aesni(struct skcipher_request *req) 1037 + { 1038 + return xts_crypt(req, aesni_xts_encrypt_iv, aesni_xts_encrypt); 1039 + } 1040 + 1041 + static int xts_decrypt_aesni(struct skcipher_request *req) 1042 + { 1043 + return xts_crypt(req, aesni_xts_encrypt_iv, aesni_xts_decrypt); 990 1044 } 991 1045 992 1046 static struct crypto_alg aesni_cipher_alg = { ··· 1131 1103 .max_keysize = 2 * AES_MAX_KEY_SIZE, 1132 1104 .ivsize = AES_BLOCK_SIZE, 1133 1105 .walksize = 2 * AES_BLOCK_SIZE, 1134 - .setkey = xts_aesni_setkey, 1135 - .encrypt = xts_encrypt, 1136 - .decrypt = xts_decrypt, 1106 + .setkey = xts_setkey_aesni, 1107 + .encrypt = xts_encrypt_aesni, 1108 + .decrypt = xts_decrypt_aesni, 1137 1109 } 1138 1110 }; 1139 1111 ··· 1165 1137 }; 1166 1138 1167 1139 static struct simd_skcipher_alg *aesni_simd_xctr; 1168 - #endif /* CONFIG_X86_64 */ 1140 + 1141 + asmlinkage void aes_xts_encrypt_iv(const struct crypto_aes_ctx *tweak_key, 1142 + u8 iv[AES_BLOCK_SIZE]); 1143 + 1144 + #define DEFINE_XTS_ALG(suffix, driver_name, priority) \ 1145 + \ 1146 + asmlinkage void \ 1147 + aes_xts_encrypt_##suffix(const struct crypto_aes_ctx *key, const u8 *src, \ 1148 + u8 *dst, unsigned int len, u8 tweak[AES_BLOCK_SIZE]); \ 1149 + asmlinkage void \ 1150 + aes_xts_decrypt_##suffix(const struct crypto_aes_ctx *key, const u8 *src, \ 1151 + u8 *dst, unsigned int len, u8 tweak[AES_BLOCK_SIZE]); \ 1152 + \ 1153 + static int xts_encrypt_##suffix(struct skcipher_request *req) \ 1154 + { \ 1155 + return xts_crypt(req, aes_xts_encrypt_iv, aes_xts_encrypt_##suffix); \ 1156 + } \ 1157 + \ 1158 + static int xts_decrypt_##suffix(struct skcipher_request *req) \ 1159 + { \ 1160 + return xts_crypt(req, aes_xts_encrypt_iv, aes_xts_decrypt_##suffix); \ 1161 + } \ 1162 + \ 1163 + static struct skcipher_alg aes_xts_alg_##suffix = { \ 1164 + .base = { \ 1165 + .cra_name = "__xts(aes)", \ 1166 + .cra_driver_name = "__" driver_name, \ 1167 + .cra_priority = priority, \ 1168 + .cra_flags = CRYPTO_ALG_INTERNAL, \ 1169 + .cra_blocksize = AES_BLOCK_SIZE, \ 1170 + .cra_ctxsize = XTS_AES_CTX_SIZE, \ 1171 + .cra_module = THIS_MODULE, \ 1172 + }, \ 1173 + .min_keysize = 2 * AES_MIN_KEY_SIZE, \ 1174 + .max_keysize = 2 * AES_MAX_KEY_SIZE, \ 1175 + .ivsize = AES_BLOCK_SIZE, \ 1176 + .walksize = 2 * AES_BLOCK_SIZE, \ 1177 + .setkey = xts_setkey_aesni, \ 1178 + .encrypt = xts_encrypt_##suffix, \ 1179 + .decrypt = xts_decrypt_##suffix, \ 1180 + }; \ 1181 + \ 1182 + static struct simd_skcipher_alg *aes_xts_simdalg_##suffix 1183 + 1184 + DEFINE_XTS_ALG(aesni_avx, "xts-aes-aesni-avx", 500); 1185 + #if defined(CONFIG_AS_VAES) && defined(CONFIG_AS_VPCLMULQDQ) 1186 + DEFINE_XTS_ALG(vaes_avx2, "xts-aes-vaes-avx2", 600); 1187 + DEFINE_XTS_ALG(vaes_avx10_256, "xts-aes-vaes-avx10_256", 700); 1188 + DEFINE_XTS_ALG(vaes_avx10_512, "xts-aes-vaes-avx10_512", 800); 1189 + #endif 1190 + 1191 + /* 1192 + * This is a list of CPU models that are known to suffer from downclocking when 1193 + * zmm registers (512-bit vectors) are used. On these CPUs, the AES-XTS 1194 + * implementation with zmm registers won't be used by default. An 1195 + * implementation with ymm registers (256-bit vectors) will be used instead. 1196 + */ 1197 + static const struct x86_cpu_id zmm_exclusion_list[] = { 1198 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_SKYLAKE_X }, 1199 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_ICELAKE_X }, 1200 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_ICELAKE_D }, 1201 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_ICELAKE }, 1202 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_ICELAKE_L }, 1203 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_ICELAKE_NNPI }, 1204 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_TIGERLAKE_L }, 1205 + { .vendor = X86_VENDOR_INTEL, .family = 6, .model = INTEL_FAM6_TIGERLAKE }, 1206 + /* Allow Rocket Lake and later, and Sapphire Rapids and later. */ 1207 + /* Also allow AMD CPUs (starting with Zen 4, the first with AVX-512). */ 1208 + {}, 1209 + }; 1210 + 1211 + static int __init register_xts_algs(void) 1212 + { 1213 + int err; 1214 + 1215 + if (!boot_cpu_has(X86_FEATURE_AVX)) 1216 + return 0; 1217 + err = simd_register_skciphers_compat(&aes_xts_alg_aesni_avx, 1, 1218 + &aes_xts_simdalg_aesni_avx); 1219 + if (err) 1220 + return err; 1221 + #if defined(CONFIG_AS_VAES) && defined(CONFIG_AS_VPCLMULQDQ) 1222 + if (!boot_cpu_has(X86_FEATURE_AVX2) || 1223 + !boot_cpu_has(X86_FEATURE_VAES) || 1224 + !boot_cpu_has(X86_FEATURE_VPCLMULQDQ) || 1225 + !boot_cpu_has(X86_FEATURE_PCLMULQDQ) || 1226 + !cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL)) 1227 + return 0; 1228 + err = simd_register_skciphers_compat(&aes_xts_alg_vaes_avx2, 1, 1229 + &aes_xts_simdalg_vaes_avx2); 1230 + if (err) 1231 + return err; 1232 + 1233 + if (!boot_cpu_has(X86_FEATURE_AVX512BW) || 1234 + !boot_cpu_has(X86_FEATURE_AVX512VL) || 1235 + !boot_cpu_has(X86_FEATURE_BMI2) || 1236 + !cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM | 1237 + XFEATURE_MASK_AVX512, NULL)) 1238 + return 0; 1239 + 1240 + err = simd_register_skciphers_compat(&aes_xts_alg_vaes_avx10_256, 1, 1241 + &aes_xts_simdalg_vaes_avx10_256); 1242 + if (err) 1243 + return err; 1244 + 1245 + if (x86_match_cpu(zmm_exclusion_list)) 1246 + aes_xts_alg_vaes_avx10_512.base.cra_priority = 1; 1247 + 1248 + err = simd_register_skciphers_compat(&aes_xts_alg_vaes_avx10_512, 1, 1249 + &aes_xts_simdalg_vaes_avx10_512); 1250 + if (err) 1251 + return err; 1252 + #endif /* CONFIG_AS_VAES && CONFIG_AS_VPCLMULQDQ */ 1253 + return 0; 1254 + } 1255 + 1256 + static void unregister_xts_algs(void) 1257 + { 1258 + if (aes_xts_simdalg_aesni_avx) 1259 + simd_unregister_skciphers(&aes_xts_alg_aesni_avx, 1, 1260 + &aes_xts_simdalg_aesni_avx); 1261 + #if defined(CONFIG_AS_VAES) && defined(CONFIG_AS_VPCLMULQDQ) 1262 + if (aes_xts_simdalg_vaes_avx2) 1263 + simd_unregister_skciphers(&aes_xts_alg_vaes_avx2, 1, 1264 + &aes_xts_simdalg_vaes_avx2); 1265 + if (aes_xts_simdalg_vaes_avx10_256) 1266 + simd_unregister_skciphers(&aes_xts_alg_vaes_avx10_256, 1, 1267 + &aes_xts_simdalg_vaes_avx10_256); 1268 + if (aes_xts_simdalg_vaes_avx10_512) 1269 + simd_unregister_skciphers(&aes_xts_alg_vaes_avx10_512, 1, 1270 + &aes_xts_simdalg_vaes_avx10_512); 1271 + #endif 1272 + } 1273 + #else /* CONFIG_X86_64 */ 1274 + static int __init register_xts_algs(void) 1275 + { 1276 + return 0; 1277 + } 1278 + 1279 + static void unregister_xts_algs(void) 1280 + { 1281 + } 1282 + #endif /* !CONFIG_X86_64 */ 1169 1283 1170 1284 #ifdef CONFIG_X86_64 1171 1285 static int generic_gcmaes_set_key(struct crypto_aead *aead, const u8 *key, ··· 1316 1146 struct generic_gcmaes_ctx *ctx = generic_gcmaes_ctx_get(aead); 1317 1147 1318 1148 return aes_set_key_common(&ctx->aes_key_expanded, key, key_len) ?: 1319 - rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len); 1149 + aes_gcm_derive_hash_subkey(&ctx->aes_key_expanded, 1150 + ctx->hash_subkey); 1320 1151 } 1321 1152 1322 1153 static int generic_gcmaes_encrypt(struct aead_request *req) ··· 1447 1276 goto unregister_aeads; 1448 1277 #endif /* CONFIG_X86_64 */ 1449 1278 1279 + err = register_xts_algs(); 1280 + if (err) 1281 + goto unregister_xts; 1282 + 1450 1283 return 0; 1451 1284 1285 + unregister_xts: 1286 + unregister_xts_algs(); 1452 1287 #ifdef CONFIG_X86_64 1288 + if (aesni_simd_xctr) 1289 + simd_unregister_skciphers(&aesni_xctr, 1, &aesni_simd_xctr); 1453 1290 unregister_aeads: 1291 + #endif /* CONFIG_X86_64 */ 1454 1292 simd_unregister_aeads(aesni_aeads, ARRAY_SIZE(aesni_aeads), 1455 1293 aesni_simd_aeads); 1456 - #endif /* CONFIG_X86_64 */ 1457 1294 1458 1295 unregister_skciphers: 1459 1296 simd_unregister_skciphers(aesni_skciphers, ARRAY_SIZE(aesni_skciphers), ··· 1482 1303 if (boot_cpu_has(X86_FEATURE_AVX)) 1483 1304 simd_unregister_skciphers(&aesni_xctr, 1, &aesni_simd_xctr); 1484 1305 #endif /* CONFIG_X86_64 */ 1306 + unregister_xts_algs(); 1485 1307 } 1486 1308 1487 1309 late_initcall(aesni_init);

+1

arch/x86/crypto/nh-avx2-x86_64.S

··· 154 154 vpaddq T1, T0, T0 155 155 vpaddq T4, T0, T0 156 156 vmovdqu T0, (HASH) 157 + vzeroupper 157 158 RET 158 159 SYM_FUNC_END(nh_avx2)

+1

arch/x86/crypto/sha256-avx2-asm.S

··· 716 716 popq %r13 717 717 popq %r12 718 718 popq %rbx 719 + vzeroupper 719 720 RET 720 721 SYM_FUNC_END(sha256_transform_rorx) 721 722

+48 -203

arch/x86/crypto/sha256_ni_asm.S

··· 62 62 63 63 #define SHA256CONSTANTS %rax 64 64 65 - #define MSG %xmm0 65 + #define MSG %xmm0 /* sha256rnds2 implicit operand */ 66 66 #define STATE0 %xmm1 67 67 #define STATE1 %xmm2 68 - #define MSGTMP0 %xmm3 69 - #define MSGTMP1 %xmm4 70 - #define MSGTMP2 %xmm5 71 - #define MSGTMP3 %xmm6 72 - #define MSGTMP4 %xmm7 68 + #define MSG0 %xmm3 69 + #define MSG1 %xmm4 70 + #define MSG2 %xmm5 71 + #define MSG3 %xmm6 72 + #define TMP %xmm7 73 73 74 74 #define SHUF_MASK %xmm8 75 75 76 76 #define ABEF_SAVE %xmm9 77 77 #define CDGH_SAVE %xmm10 78 + 79 + .macro do_4rounds i, m0, m1, m2, m3 80 + .if \i < 16 81 + movdqu \i*4(DATA_PTR), \m0 82 + pshufb SHUF_MASK, \m0 83 + .endif 84 + movdqa (\i-32)*4(SHA256CONSTANTS), MSG 85 + paddd \m0, MSG 86 + sha256rnds2 STATE0, STATE1 87 + .if \i >= 12 && \i < 60 88 + movdqa \m0, TMP 89 + palignr $4, \m3, TMP 90 + paddd TMP, \m1 91 + sha256msg2 \m0, \m1 92 + .endif 93 + punpckhqdq MSG, MSG 94 + sha256rnds2 STATE1, STATE0 95 + .if \i >= 4 && \i < 52 96 + sha256msg1 \m0, \m3 97 + .endif 98 + .endm 78 99 79 100 /* 80 101 * Intel SHA Extensions optimized implementation of a SHA-256 update function ··· 106 85 * The function only processes complete blocks, there is no functionality to 107 86 * store partial blocks. All message padding and hash value initialization must 108 87 * be done outside the update function. 109 - * 110 - * The indented lines in the loop are instructions related to rounds processing. 111 - * The non-indented lines are instructions related to the message schedule. 112 88 * 113 89 * void sha256_ni_transform(uint32_t *digest, const void *data, 114 90 uint32_t numBlocks); ··· 126 108 * Need to reorder these appropriately 127 109 * DCBA, HGFE -> ABEF, CDGH 128 110 */ 129 - movdqu 0*16(DIGEST_PTR), STATE0 130 - movdqu 1*16(DIGEST_PTR), STATE1 111 + movdqu 0*16(DIGEST_PTR), STATE0 /* DCBA */ 112 + movdqu 1*16(DIGEST_PTR), STATE1 /* HGFE */ 131 113 132 - pshufd $0xB1, STATE0, STATE0 /* CDAB */ 133 - pshufd $0x1B, STATE1, STATE1 /* EFGH */ 134 - movdqa STATE0, MSGTMP4 135 - palignr $8, STATE1, STATE0 /* ABEF */ 136 - pblendw $0xF0, MSGTMP4, STATE1 /* CDGH */ 114 + movdqa STATE0, TMP 115 + punpcklqdq STATE1, STATE0 /* FEBA */ 116 + punpckhqdq TMP, STATE1 /* DCHG */ 117 + pshufd $0x1B, STATE0, STATE0 /* ABEF */ 118 + pshufd $0xB1, STATE1, STATE1 /* CDGH */ 137 119 138 120 movdqa PSHUFFLE_BYTE_FLIP_MASK(%rip), SHUF_MASK 139 - lea K256(%rip), SHA256CONSTANTS 121 + lea K256+32*4(%rip), SHA256CONSTANTS 140 122 141 123 .Lloop0: 142 124 /* Save hash values for addition after rounds */ 143 125 movdqa STATE0, ABEF_SAVE 144 126 movdqa STATE1, CDGH_SAVE 145 127 146 - /* Rounds 0-3 */ 147 - movdqu 0*16(DATA_PTR), MSG 148 - pshufb SHUF_MASK, MSG 149 - movdqa MSG, MSGTMP0 150 - paddd 0*16(SHA256CONSTANTS), MSG 151 - sha256rnds2 STATE0, STATE1 152 - pshufd $0x0E, MSG, MSG 153 - sha256rnds2 STATE1, STATE0 154 - 155 - /* Rounds 4-7 */ 156 - movdqu 1*16(DATA_PTR), MSG 157 - pshufb SHUF_MASK, MSG 158 - movdqa MSG, MSGTMP1 159 - paddd 1*16(SHA256CONSTANTS), MSG 160 - sha256rnds2 STATE0, STATE1 161 - pshufd $0x0E, MSG, MSG 162 - sha256rnds2 STATE1, STATE0 163 - sha256msg1 MSGTMP1, MSGTMP0 164 - 165 - /* Rounds 8-11 */ 166 - movdqu 2*16(DATA_PTR), MSG 167 - pshufb SHUF_MASK, MSG 168 - movdqa MSG, MSGTMP2 169 - paddd 2*16(SHA256CONSTANTS), MSG 170 - sha256rnds2 STATE0, STATE1 171 - pshufd $0x0E, MSG, MSG 172 - sha256rnds2 STATE1, STATE0 173 - sha256msg1 MSGTMP2, MSGTMP1 174 - 175 - /* Rounds 12-15 */ 176 - movdqu 3*16(DATA_PTR), MSG 177 - pshufb SHUF_MASK, MSG 178 - movdqa MSG, MSGTMP3 179 - paddd 3*16(SHA256CONSTANTS), MSG 180 - sha256rnds2 STATE0, STATE1 181 - movdqa MSGTMP3, MSGTMP4 182 - palignr $4, MSGTMP2, MSGTMP4 183 - paddd MSGTMP4, MSGTMP0 184 - sha256msg2 MSGTMP3, MSGTMP0 185 - pshufd $0x0E, MSG, MSG 186 - sha256rnds2 STATE1, STATE0 187 - sha256msg1 MSGTMP3, MSGTMP2 188 - 189 - /* Rounds 16-19 */ 190 - movdqa MSGTMP0, MSG 191 - paddd 4*16(SHA256CONSTANTS), MSG 192 - sha256rnds2 STATE0, STATE1 193 - movdqa MSGTMP0, MSGTMP4 194 - palignr $4, MSGTMP3, MSGTMP4 195 - paddd MSGTMP4, MSGTMP1 196 - sha256msg2 MSGTMP0, MSGTMP1 197 - pshufd $0x0E, MSG, MSG 198 - sha256rnds2 STATE1, STATE0 199 - sha256msg1 MSGTMP0, MSGTMP3 200 - 201 - /* Rounds 20-23 */ 202 - movdqa MSGTMP1, MSG 203 - paddd 5*16(SHA256CONSTANTS), MSG 204 - sha256rnds2 STATE0, STATE1 205 - movdqa MSGTMP1, MSGTMP4 206 - palignr $4, MSGTMP0, MSGTMP4 207 - paddd MSGTMP4, MSGTMP2 208 - sha256msg2 MSGTMP1, MSGTMP2 209 - pshufd $0x0E, MSG, MSG 210 - sha256rnds2 STATE1, STATE0 211 - sha256msg1 MSGTMP1, MSGTMP0 212 - 213 - /* Rounds 24-27 */ 214 - movdqa MSGTMP2, MSG 215 - paddd 6*16(SHA256CONSTANTS), MSG 216 - sha256rnds2 STATE0, STATE1 217 - movdqa MSGTMP2, MSGTMP4 218 - palignr $4, MSGTMP1, MSGTMP4 219 - paddd MSGTMP4, MSGTMP3 220 - sha256msg2 MSGTMP2, MSGTMP3 221 - pshufd $0x0E, MSG, MSG 222 - sha256rnds2 STATE1, STATE0 223 - sha256msg1 MSGTMP2, MSGTMP1 224 - 225 - /* Rounds 28-31 */ 226 - movdqa MSGTMP3, MSG 227 - paddd 7*16(SHA256CONSTANTS), MSG 228 - sha256rnds2 STATE0, STATE1 229 - movdqa MSGTMP3, MSGTMP4 230 - palignr $4, MSGTMP2, MSGTMP4 231 - paddd MSGTMP4, MSGTMP0 232 - sha256msg2 MSGTMP3, MSGTMP0 233 - pshufd $0x0E, MSG, MSG 234 - sha256rnds2 STATE1, STATE0 235 - sha256msg1 MSGTMP3, MSGTMP2 236 - 237 - /* Rounds 32-35 */ 238 - movdqa MSGTMP0, MSG 239 - paddd 8*16(SHA256CONSTANTS), MSG 240 - sha256rnds2 STATE0, STATE1 241 - movdqa MSGTMP0, MSGTMP4 242 - palignr $4, MSGTMP3, MSGTMP4 243 - paddd MSGTMP4, MSGTMP1 244 - sha256msg2 MSGTMP0, MSGTMP1 245 - pshufd $0x0E, MSG, MSG 246 - sha256rnds2 STATE1, STATE0 247 - sha256msg1 MSGTMP0, MSGTMP3 248 - 249 - /* Rounds 36-39 */ 250 - movdqa MSGTMP1, MSG 251 - paddd 9*16(SHA256CONSTANTS), MSG 252 - sha256rnds2 STATE0, STATE1 253 - movdqa MSGTMP1, MSGTMP4 254 - palignr $4, MSGTMP0, MSGTMP4 255 - paddd MSGTMP4, MSGTMP2 256 - sha256msg2 MSGTMP1, MSGTMP2 257 - pshufd $0x0E, MSG, MSG 258 - sha256rnds2 STATE1, STATE0 259 - sha256msg1 MSGTMP1, MSGTMP0 260 - 261 - /* Rounds 40-43 */ 262 - movdqa MSGTMP2, MSG 263 - paddd 10*16(SHA256CONSTANTS), MSG 264 - sha256rnds2 STATE0, STATE1 265 - movdqa MSGTMP2, MSGTMP4 266 - palignr $4, MSGTMP1, MSGTMP4 267 - paddd MSGTMP4, MSGTMP3 268 - sha256msg2 MSGTMP2, MSGTMP3 269 - pshufd $0x0E, MSG, MSG 270 - sha256rnds2 STATE1, STATE0 271 - sha256msg1 MSGTMP2, MSGTMP1 272 - 273 - /* Rounds 44-47 */ 274 - movdqa MSGTMP3, MSG 275 - paddd 11*16(SHA256CONSTANTS), MSG 276 - sha256rnds2 STATE0, STATE1 277 - movdqa MSGTMP3, MSGTMP4 278 - palignr $4, MSGTMP2, MSGTMP4 279 - paddd MSGTMP4, MSGTMP0 280 - sha256msg2 MSGTMP3, MSGTMP0 281 - pshufd $0x0E, MSG, MSG 282 - sha256rnds2 STATE1, STATE0 283 - sha256msg1 MSGTMP3, MSGTMP2 284 - 285 - /* Rounds 48-51 */ 286 - movdqa MSGTMP0, MSG 287 - paddd 12*16(SHA256CONSTANTS), MSG 288 - sha256rnds2 STATE0, STATE1 289 - movdqa MSGTMP0, MSGTMP4 290 - palignr $4, MSGTMP3, MSGTMP4 291 - paddd MSGTMP4, MSGTMP1 292 - sha256msg2 MSGTMP0, MSGTMP1 293 - pshufd $0x0E, MSG, MSG 294 - sha256rnds2 STATE1, STATE0 295 - sha256msg1 MSGTMP0, MSGTMP3 296 - 297 - /* Rounds 52-55 */ 298 - movdqa MSGTMP1, MSG 299 - paddd 13*16(SHA256CONSTANTS), MSG 300 - sha256rnds2 STATE0, STATE1 301 - movdqa MSGTMP1, MSGTMP4 302 - palignr $4, MSGTMP0, MSGTMP4 303 - paddd MSGTMP4, MSGTMP2 304 - sha256msg2 MSGTMP1, MSGTMP2 305 - pshufd $0x0E, MSG, MSG 306 - sha256rnds2 STATE1, STATE0 307 - 308 - /* Rounds 56-59 */ 309 - movdqa MSGTMP2, MSG 310 - paddd 14*16(SHA256CONSTANTS), MSG 311 - sha256rnds2 STATE0, STATE1 312 - movdqa MSGTMP2, MSGTMP4 313 - palignr $4, MSGTMP1, MSGTMP4 314 - paddd MSGTMP4, MSGTMP3 315 - sha256msg2 MSGTMP2, MSGTMP3 316 - pshufd $0x0E, MSG, MSG 317 - sha256rnds2 STATE1, STATE0 318 - 319 - /* Rounds 60-63 */ 320 - movdqa MSGTMP3, MSG 321 - paddd 15*16(SHA256CONSTANTS), MSG 322 - sha256rnds2 STATE0, STATE1 323 - pshufd $0x0E, MSG, MSG 324 - sha256rnds2 STATE1, STATE0 128 + .irp i, 0, 16, 32, 48 129 + do_4rounds (\i + 0), MSG0, MSG1, MSG2, MSG3 130 + do_4rounds (\i + 4), MSG1, MSG2, MSG3, MSG0 131 + do_4rounds (\i + 8), MSG2, MSG3, MSG0, MSG1 132 + do_4rounds (\i + 12), MSG3, MSG0, MSG1, MSG2 133 + .endr 325 134 326 135 /* Add current hash values with previously saved */ 327 136 paddd ABEF_SAVE, STATE0 ··· 160 315 jne .Lloop0 161 316 162 317 /* Write hash values back in the correct order */ 163 - pshufd $0x1B, STATE0, STATE0 /* FEBA */ 164 - pshufd $0xB1, STATE1, STATE1 /* DCHG */ 165 - movdqa STATE0, MSGTMP4 166 - pblendw $0xF0, STATE1, STATE0 /* DCBA */ 167 - palignr $8, MSGTMP4, STATE1 /* HGFE */ 318 + movdqa STATE0, TMP 319 + punpcklqdq STATE1, STATE0 /* GHEF */ 320 + punpckhqdq TMP, STATE1 /* ABCD */ 321 + pshufd $0xB1, STATE0, STATE0 /* HGFE */ 322 + pshufd $0x1B, STATE1, STATE1 /* DCBA */ 168 323 169 - movdqu STATE0, 0*16(DIGEST_PTR) 170 - movdqu STATE1, 1*16(DIGEST_PTR) 324 + movdqu STATE1, 0*16(DIGEST_PTR) 325 + movdqu STATE0, 1*16(DIGEST_PTR) 171 326 172 327 .Ldone_hash: 173 328

+1

arch/x86/crypto/sha512-avx2-asm.S

··· 680 680 pop %r12 681 681 pop %rbx 682 682 683 + vzeroupper 683 684 RET 684 685 SYM_FUNC_END(sha512_transform_rorx) 685 686

-20

crypto/Kconfig

··· 1456 1456 already been phased out from internal use by the kernel, and are 1457 1457 only useful for userspace clients that still rely on them. 1458 1458 1459 - config CRYPTO_STATS 1460 - bool "Crypto usage statistics" 1461 - depends on CRYPTO_USER 1462 - help 1463 - Enable the gathering of crypto stats. 1464 - 1465 - Enabling this option reduces the performance of the crypto API. It 1466 - should only be enabled when there is actually a use case for it. 1467 - 1468 - This collects data sizes, numbers of requests, and numbers 1469 - of errors processed by: 1470 - - AEAD ciphers (encrypt, decrypt) 1471 - - asymmetric key ciphers (encrypt, decrypt, verify, sign) 1472 - - symmetric key ciphers (encrypt, decrypt) 1473 - - compression algorithms (compress, decompress) 1474 - - hash algorithms (hash) 1475 - - key-agreement protocol primitives (setsecret, generate 1476 - public key, compute shared secret) 1477 - - RNG (generate, seed) 1478 - 1479 1459 endmenu 1480 1460 1481 1461 config CRYPTO_HASH_INFO

-2

crypto/Makefile

··· 69 69 70 70 obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o 71 71 obj-$(CONFIG_CRYPTO_USER) += crypto_user.o 72 - crypto_user-y := crypto_user_base.o 73 - crypto_user-$(CONFIG_CRYPTO_STATS) += crypto_user_stat.o 74 72 obj-$(CONFIG_CRYPTO_CMAC) += cmac.o 75 73 obj-$(CONFIG_CRYPTO_HMAC) += hmac.o 76 74 obj-$(CONFIG_CRYPTO_VMAC) += vmac.o

-33

crypto/acompress.c

··· 93 93 return extsize; 94 94 } 95 95 96 - static inline int __crypto_acomp_report_stat(struct sk_buff *skb, 97 - struct crypto_alg *alg) 98 - { 99 - struct comp_alg_common *calg = __crypto_comp_alg_common(alg); 100 - struct crypto_istat_compress *istat = comp_get_stat(calg); 101 - struct crypto_stat_compress racomp; 102 - 103 - memset(&racomp, 0, sizeof(racomp)); 104 - 105 - strscpy(racomp.type, "acomp", sizeof(racomp.type)); 106 - racomp.stat_compress_cnt = atomic64_read(&istat->compress_cnt); 107 - racomp.stat_compress_tlen = atomic64_read(&istat->compress_tlen); 108 - racomp.stat_decompress_cnt = atomic64_read(&istat->decompress_cnt); 109 - racomp.stat_decompress_tlen = atomic64_read(&istat->decompress_tlen); 110 - racomp.stat_err_cnt = atomic64_read(&istat->err_cnt); 111 - 112 - return nla_put(skb, CRYPTOCFGA_STAT_ACOMP, sizeof(racomp), &racomp); 113 - } 114 - 115 - #ifdef CONFIG_CRYPTO_STATS 116 - int crypto_acomp_report_stat(struct sk_buff *skb, struct crypto_alg *alg) 117 - { 118 - return __crypto_acomp_report_stat(skb, alg); 119 - } 120 - #endif 121 - 122 96 static const struct crypto_type crypto_acomp_type = { 123 97 .extsize = crypto_acomp_extsize, 124 98 .init_tfm = crypto_acomp_init_tfm, ··· 101 127 #endif 102 128 #if IS_ENABLED(CONFIG_CRYPTO_USER) 103 129 .report = crypto_acomp_report, 104 - #endif 105 - #ifdef CONFIG_CRYPTO_STATS 106 - .report_stat = crypto_acomp_report_stat, 107 130 #endif 108 131 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 109 132 .maskset = CRYPTO_ALG_TYPE_ACOMPRESS_MASK, ··· 155 184 156 185 void comp_prepare_alg(struct comp_alg_common *alg) 157 186 { 158 - struct crypto_istat_compress *istat = comp_get_stat(alg); 159 187 struct crypto_alg *base = &alg->base; 160 188 161 189 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 162 - 163 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 164 - memset(istat, 0, sizeof(*istat)); 165 190 } 166 191 167 192 int crypto_register_acomp(struct acomp_alg *alg)

+8 -79

crypto/aead.c

··· 20 20 21 21 #include "internal.h" 22 22 23 - static inline struct crypto_istat_aead *aead_get_stat(struct aead_alg *alg) 24 - { 25 - #ifdef CONFIG_CRYPTO_STATS 26 - return &alg->stat; 27 - #else 28 - return NULL; 29 - #endif 30 - } 31 - 32 23 static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, 33 24 unsigned int keylen) 34 25 { ··· 36 45 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 37 46 memcpy(alignbuffer, key, keylen); 38 47 ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); 39 - memset(alignbuffer, 0, keylen); 40 - kfree(buffer); 48 + kfree_sensitive(buffer); 41 49 return ret; 42 50 } 43 51 ··· 80 90 } 81 91 EXPORT_SYMBOL_GPL(crypto_aead_setauthsize); 82 92 83 - static inline int crypto_aead_errstat(struct crypto_istat_aead *istat, int err) 84 - { 85 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 86 - return err; 87 - 88 - if (err && err != -EINPROGRESS && err != -EBUSY) 89 - atomic64_inc(&istat->err_cnt); 90 - 91 - return err; 92 - } 93 - 94 93 int crypto_aead_encrypt(struct aead_request *req) 95 94 { 96 95 struct crypto_aead *aead = crypto_aead_reqtfm(req); 97 - struct aead_alg *alg = crypto_aead_alg(aead); 98 - struct crypto_istat_aead *istat; 99 - int ret; 100 - 101 - istat = aead_get_stat(alg); 102 - 103 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 104 - atomic64_inc(&istat->encrypt_cnt); 105 - atomic64_add(req->cryptlen, &istat->encrypt_tlen); 106 - } 107 96 108 97 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 109 - ret = -ENOKEY; 110 - else 111 - ret = alg->encrypt(req); 98 + return -ENOKEY; 112 99 113 - return crypto_aead_errstat(istat, ret); 100 + return crypto_aead_alg(aead)->encrypt(req); 114 101 } 115 102 EXPORT_SYMBOL_GPL(crypto_aead_encrypt); 116 103 117 104 int crypto_aead_decrypt(struct aead_request *req) 118 105 { 119 106 struct crypto_aead *aead = crypto_aead_reqtfm(req); 120 - struct aead_alg *alg = crypto_aead_alg(aead); 121 - struct crypto_istat_aead *istat; 122 - int ret; 123 - 124 - istat = aead_get_stat(alg); 125 - 126 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 127 - atomic64_inc(&istat->encrypt_cnt); 128 - atomic64_add(req->cryptlen, &istat->encrypt_tlen); 129 - } 130 107 131 108 if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY) 132 - ret = -ENOKEY; 133 - else if (req->cryptlen < crypto_aead_authsize(aead)) 134 - ret = -EINVAL; 135 - else 136 - ret = alg->decrypt(req); 109 + return -ENOKEY; 137 110 138 - return crypto_aead_errstat(istat, ret); 111 + if (req->cryptlen < crypto_aead_authsize(aead)) 112 + return -EINVAL; 113 + 114 + return crypto_aead_alg(aead)->decrypt(req); 139 115 } 140 116 EXPORT_SYMBOL_GPL(crypto_aead_decrypt); 141 117 ··· 171 215 aead->free(aead); 172 216 } 173 217 174 - static int __maybe_unused crypto_aead_report_stat( 175 - struct sk_buff *skb, struct crypto_alg *alg) 176 - { 177 - struct aead_alg *aead = container_of(alg, struct aead_alg, base); 178 - struct crypto_istat_aead *istat = aead_get_stat(aead); 179 - struct crypto_stat_aead raead; 180 - 181 - memset(&raead, 0, sizeof(raead)); 182 - 183 - strscpy(raead.type, "aead", sizeof(raead.type)); 184 - 185 - raead.stat_encrypt_cnt = atomic64_read(&istat->encrypt_cnt); 186 - raead.stat_encrypt_tlen = atomic64_read(&istat->encrypt_tlen); 187 - raead.stat_decrypt_cnt = atomic64_read(&istat->decrypt_cnt); 188 - raead.stat_decrypt_tlen = atomic64_read(&istat->decrypt_tlen); 189 - raead.stat_err_cnt = atomic64_read(&istat->err_cnt); 190 - 191 - return nla_put(skb, CRYPTOCFGA_STAT_AEAD, sizeof(raead), &raead); 192 - } 193 - 194 218 static const struct crypto_type crypto_aead_type = { 195 219 .extsize = crypto_alg_extsize, 196 220 .init_tfm = crypto_aead_init_tfm, ··· 180 244 #endif 181 245 #if IS_ENABLED(CONFIG_CRYPTO_USER) 182 246 .report = crypto_aead_report, 183 - #endif 184 - #ifdef CONFIG_CRYPTO_STATS 185 - .report_stat = crypto_aead_report_stat, 186 247 #endif 187 248 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 188 249 .maskset = CRYPTO_ALG_TYPE_MASK, ··· 210 277 211 278 static int aead_prepare_alg(struct aead_alg *alg) 212 279 { 213 - struct crypto_istat_aead *istat = aead_get_stat(alg); 214 280 struct crypto_alg *base = &alg->base; 215 281 216 282 if (max3(alg->maxauthsize, alg->ivsize, alg->chunksize) > ··· 222 290 base->cra_type = &crypto_aead_type; 223 291 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 224 292 base->cra_flags |= CRYPTO_ALG_TYPE_AEAD; 225 - 226 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 227 - memset(istat, 0, sizeof(*istat)); 228 293 229 294 return 0; 230 295 }

+5 -58

crypto/ahash.c

··· 27 27 28 28 #define CRYPTO_ALG_TYPE_AHASH_MASK 0x0000000e 29 29 30 - static inline struct crypto_istat_hash *ahash_get_stat(struct ahash_alg *alg) 31 - { 32 - return hash_get_stat(&alg->halg); 33 - } 34 - 35 - static inline int crypto_ahash_errstat(struct ahash_alg *alg, int err) 36 - { 37 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 38 - return err; 39 - 40 - if (err && err != -EINPROGRESS && err != -EBUSY) 41 - atomic64_inc(&ahash_get_stat(alg)->err_cnt); 42 - 43 - return err; 44 - } 45 - 46 30 /* 47 31 * For an ahash tfm that is using an shash algorithm (instead of an ahash 48 32 * algorithm), this returns the underlying shash tfm. ··· 328 344 int crypto_ahash_update(struct ahash_request *req) 329 345 { 330 346 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 331 - struct ahash_alg *alg; 332 347 333 348 if (likely(tfm->using_shash)) 334 349 return shash_ahash_update(req, ahash_request_ctx(req)); 335 350 336 - alg = crypto_ahash_alg(tfm); 337 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 338 - atomic64_add(req->nbytes, &ahash_get_stat(alg)->hash_tlen); 339 - return crypto_ahash_errstat(alg, alg->update(req)); 351 + return crypto_ahash_alg(tfm)->update(req); 340 352 } 341 353 EXPORT_SYMBOL_GPL(crypto_ahash_update); 342 354 343 355 int crypto_ahash_final(struct ahash_request *req) 344 356 { 345 357 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 346 - struct ahash_alg *alg; 347 358 348 359 if (likely(tfm->using_shash)) 349 360 return crypto_shash_final(ahash_request_ctx(req), req->result); 350 361 351 - alg = crypto_ahash_alg(tfm); 352 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 353 - atomic64_inc(&ahash_get_stat(alg)->hash_cnt); 354 - return crypto_ahash_errstat(alg, alg->final(req)); 362 + return crypto_ahash_alg(tfm)->final(req); 355 363 } 356 364 EXPORT_SYMBOL_GPL(crypto_ahash_final); 357 365 358 366 int crypto_ahash_finup(struct ahash_request *req) 359 367 { 360 368 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 361 - struct ahash_alg *alg; 362 369 363 370 if (likely(tfm->using_shash)) 364 371 return shash_ahash_finup(req, ahash_request_ctx(req)); 365 372 366 - alg = crypto_ahash_alg(tfm); 367 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 368 - struct crypto_istat_hash *istat = ahash_get_stat(alg); 369 - 370 - atomic64_inc(&istat->hash_cnt); 371 - atomic64_add(req->nbytes, &istat->hash_tlen); 372 - } 373 - return crypto_ahash_errstat(alg, alg->finup(req)); 373 + return crypto_ahash_alg(tfm)->finup(req); 374 374 } 375 375 EXPORT_SYMBOL_GPL(crypto_ahash_finup); 376 376 377 377 int crypto_ahash_digest(struct ahash_request *req) 378 378 { 379 379 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 380 - struct ahash_alg *alg; 381 - int err; 382 380 383 381 if (likely(tfm->using_shash)) 384 382 return shash_ahash_digest(req, prepare_shash_desc(req, tfm)); 385 383 386 - alg = crypto_ahash_alg(tfm); 387 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 388 - struct crypto_istat_hash *istat = ahash_get_stat(alg); 389 - 390 - atomic64_inc(&istat->hash_cnt); 391 - atomic64_add(req->nbytes, &istat->hash_tlen); 392 - } 393 - 394 384 if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 395 - err = -ENOKEY; 396 - else 397 - err = alg->digest(req); 385 + return -ENOKEY; 398 386 399 - return crypto_ahash_errstat(alg, err); 387 + return crypto_ahash_alg(tfm)->digest(req); 400 388 } 401 389 EXPORT_SYMBOL_GPL(crypto_ahash_digest); 402 390 ··· 527 571 __crypto_hash_alg_common(alg)->digestsize); 528 572 } 529 573 530 - static int __maybe_unused crypto_ahash_report_stat( 531 - struct sk_buff *skb, struct crypto_alg *alg) 532 - { 533 - return crypto_hash_report_stat(skb, alg, "ahash"); 534 - } 535 - 536 574 static const struct crypto_type crypto_ahash_type = { 537 575 .extsize = crypto_ahash_extsize, 538 576 .init_tfm = crypto_ahash_init_tfm, ··· 536 586 #endif 537 587 #if IS_ENABLED(CONFIG_CRYPTO_USER) 538 588 .report = crypto_ahash_report, 539 - #endif 540 - #ifdef CONFIG_CRYPTO_STATS 541 - .report_stat = crypto_ahash_report_stat, 542 589 #endif 543 590 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 544 591 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK,

-31

crypto/akcipher.c

··· 70 70 akcipher->free(akcipher); 71 71 } 72 72 73 - static int __maybe_unused crypto_akcipher_report_stat( 74 - struct sk_buff *skb, struct crypto_alg *alg) 75 - { 76 - struct akcipher_alg *akcipher = __crypto_akcipher_alg(alg); 77 - struct crypto_istat_akcipher *istat; 78 - struct crypto_stat_akcipher rakcipher; 79 - 80 - istat = akcipher_get_stat(akcipher); 81 - 82 - memset(&rakcipher, 0, sizeof(rakcipher)); 83 - 84 - strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type)); 85 - rakcipher.stat_encrypt_cnt = atomic64_read(&istat->encrypt_cnt); 86 - rakcipher.stat_encrypt_tlen = atomic64_read(&istat->encrypt_tlen); 87 - rakcipher.stat_decrypt_cnt = atomic64_read(&istat->decrypt_cnt); 88 - rakcipher.stat_decrypt_tlen = atomic64_read(&istat->decrypt_tlen); 89 - rakcipher.stat_sign_cnt = atomic64_read(&istat->sign_cnt); 90 - rakcipher.stat_verify_cnt = atomic64_read(&istat->verify_cnt); 91 - rakcipher.stat_err_cnt = atomic64_read(&istat->err_cnt); 92 - 93 - return nla_put(skb, CRYPTOCFGA_STAT_AKCIPHER, 94 - sizeof(rakcipher), &rakcipher); 95 - } 96 - 97 73 static const struct crypto_type crypto_akcipher_type = { 98 74 .extsize = crypto_alg_extsize, 99 75 .init_tfm = crypto_akcipher_init_tfm, ··· 79 103 #endif 80 104 #if IS_ENABLED(CONFIG_CRYPTO_USER) 81 105 .report = crypto_akcipher_report, 82 - #endif 83 - #ifdef CONFIG_CRYPTO_STATS 84 - .report_stat = crypto_akcipher_report_stat, 85 106 #endif 86 107 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 87 108 .maskset = CRYPTO_ALG_TYPE_AHASH_MASK, ··· 104 131 105 132 static void akcipher_prepare_alg(struct akcipher_alg *alg) 106 133 { 107 - struct crypto_istat_akcipher *istat = akcipher_get_stat(alg); 108 134 struct crypto_alg *base = &alg->base; 109 135 110 136 base->cra_type = &crypto_akcipher_type; 111 137 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 112 138 base->cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER; 113 - 114 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 115 - memset(istat, 0, sizeof(*istat)); 116 139 } 117 140 118 141 static int akcipher_default_op(struct akcipher_request *req)

-3

crypto/algboss.c

··· 138 138 goto err_free_param; 139 139 } 140 140 141 - if (!i) 142 - goto err_free_param; 143 - 144 141 param->tb[i + 1] = NULL; 145 142 146 143 param->type.attr.rta_len = sizeof(param->type);

+4 -4

crypto/api.c

··· 202 202 static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) 203 203 { 204 204 struct crypto_larval *larval = (void *)alg; 205 - long timeout; 205 + long time_left; 206 206 207 207 if (!crypto_boot_test_finished()) 208 208 crypto_start_test(larval); 209 209 210 - timeout = wait_for_completion_killable_timeout( 210 + time_left = wait_for_completion_killable_timeout( 211 211 &larval->completion, 60 * HZ); 212 212 213 213 alg = larval->adult; 214 - if (timeout < 0) 214 + if (time_left < 0) 215 215 alg = ERR_PTR(-EINTR); 216 - else if (!timeout) 216 + else if (!time_left) 217 217 alg = ERR_PTR(-ETIMEDOUT); 218 218 else if (!alg) 219 219 alg = ERR_PTR(-ENOENT);

+13 -1

crypto/asymmetric_keys/public_key.c

··· 234 234 info->key_size = len * 8; 235 235 236 236 if (strncmp(pkey->pkey_algo, "ecdsa", 5) == 0) { 237 + int slen = len; 237 238 /* 238 239 * ECDSA key sizes are much smaller than RSA, and thus could 239 240 * operate on (hashed) inputs that are larger than key size. ··· 248 247 * Verify takes ECDSA-Sig (described in RFC 5480) as input, 249 248 * which is actually 2 'key_size'-bit integers encoded in 250 249 * ASN.1. Account for the ASN.1 encoding overhead here. 250 + * 251 + * NIST P192/256/384 may prepend a '0' to a coordinate to 252 + * indicate a positive integer. NIST P521 never needs it. 251 253 */ 252 - info->max_sig_size = 2 * (len + 3) + 2; 254 + if (strcmp(pkey->pkey_algo, "ecdsa-nist-p521") != 0) 255 + slen += 1; 256 + /* Length of encoding the x & y coordinates */ 257 + slen = 2 * (slen + 2); 258 + /* 259 + * If coordinate encoding takes at least 128 bytes then an 260 + * additional byte for length encoding is needed. 261 + */ 262 + info->max_sig_size = 1 + (slen >= 128) + 1 + slen; 253 263 } else { 254 264 info->max_data_size = len; 255 265 info->max_sig_size = len;

+18 -27

crypto/asymmetric_keys/x509_cert_parser.c

··· 60 60 */ 61 61 struct x509_certificate *x509_cert_parse(const void *data, size_t datalen) 62 62 { 63 - struct x509_certificate *cert; 64 - struct x509_parse_context *ctx; 63 + struct x509_certificate *cert __free(x509_free_certificate); 64 + struct x509_parse_context *ctx __free(kfree) = NULL; 65 65 struct asymmetric_key_id *kid; 66 66 long ret; 67 67 68 - ret = -ENOMEM; 69 68 cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL); 70 69 if (!cert) 71 - goto error_no_cert; 70 + return ERR_PTR(-ENOMEM); 72 71 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); 73 72 if (!cert->pub) 74 - goto error_no_ctx; 73 + return ERR_PTR(-ENOMEM); 75 74 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); 76 75 if (!cert->sig) 77 - goto error_no_ctx; 76 + return ERR_PTR(-ENOMEM); 78 77 ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL); 79 78 if (!ctx) 80 - goto error_no_ctx; 79 + return ERR_PTR(-ENOMEM); 81 80 82 81 ctx->cert = cert; 83 82 ctx->data = (unsigned long)data; ··· 84 85 /* Attempt to decode the certificate */ 85 86 ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen); 86 87 if (ret < 0) 87 - goto error_decode; 88 + return ERR_PTR(ret); 88 89 89 90 /* Decode the AuthorityKeyIdentifier */ 90 91 if (ctx->raw_akid) { ··· 94 95 ctx->raw_akid, ctx->raw_akid_size); 95 96 if (ret < 0) { 96 97 pr_warn("Couldn't decode AuthKeyIdentifier\n"); 97 - goto error_decode; 98 + return ERR_PTR(ret); 98 99 } 99 100 } 100 101 101 - ret = -ENOMEM; 102 102 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); 103 103 if (!cert->pub->key) 104 - goto error_decode; 104 + return ERR_PTR(-ENOMEM); 105 105 106 106 cert->pub->keylen = ctx->key_size; 107 107 108 108 cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL); 109 109 if (!cert->pub->params) 110 - goto error_decode; 110 + return ERR_PTR(-ENOMEM); 111 111 112 112 cert->pub->paramlen = ctx->params_size; 113 113 cert->pub->algo = ctx->key_algo; ··· 114 116 /* Grab the signature bits */ 115 117 ret = x509_get_sig_params(cert); 116 118 if (ret < 0) 117 - goto error_decode; 119 + return ERR_PTR(ret); 118 120 119 121 /* Generate cert issuer + serial number key ID */ 120 122 kid = asymmetric_key_generate_id(cert->raw_serial, 121 123 cert->raw_serial_size, 122 124 cert->raw_issuer, 123 125 cert->raw_issuer_size); 124 - if (IS_ERR(kid)) { 125 - ret = PTR_ERR(kid); 126 - goto error_decode; 127 - } 126 + if (IS_ERR(kid)) 127 + return ERR_CAST(kid); 128 128 cert->id = kid; 129 129 130 130 /* Detect self-signed certificates */ 131 131 ret = x509_check_for_self_signed(cert); 132 132 if (ret < 0) 133 - goto error_decode; 133 + return ERR_PTR(ret); 134 134 135 - kfree(ctx); 136 - return cert; 137 - 138 - error_decode: 139 - kfree(ctx); 140 - error_no_ctx: 141 - x509_free_certificate(cert); 142 - error_no_cert: 143 - return ERR_PTR(ret); 135 + return_ptr(cert); 144 136 } 145 137 EXPORT_SYMBOL_GPL(x509_cert_parse); 146 138 ··· 533 545 break; 534 546 case OID_id_ansip384r1: 535 547 ctx->cert->pub->pkey_algo = "ecdsa-nist-p384"; 548 + break; 549 + case OID_id_ansip521r1: 550 + ctx->cert->pub->pkey_algo = "ecdsa-nist-p521"; 536 551 break; 537 552 default: 538 553 return -ENOPKG;

+3

crypto/asymmetric_keys/x509_parser.h

··· 5 5 * Written by David Howells (dhowells@redhat.com) 6 6 */ 7 7 8 + #include <linux/cleanup.h> 8 9 #include <linux/time.h> 9 10 #include <crypto/public_key.h> 10 11 #include <keys/asymmetric-type.h> ··· 45 44 * x509_cert_parser.c 46 45 */ 47 46 extern void x509_free_certificate(struct x509_certificate *cert); 47 + DEFINE_FREE(x509_free_certificate, struct x509_certificate *, 48 + if (!IS_ERR(_T)) x509_free_certificate(_T)) 48 49 extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); 49 50 extern int x509_decode_time(time64_t *_t, size_t hdrlen, 50 51 unsigned char tag,

+9 -22

crypto/asymmetric_keys/x509_public_key.c

··· 161 161 */ 162 162 static int x509_key_preparse(struct key_preparsed_payload *prep) 163 163 { 164 - struct asymmetric_key_ids *kids; 165 - struct x509_certificate *cert; 164 + struct x509_certificate *cert __free(x509_free_certificate); 165 + struct asymmetric_key_ids *kids __free(kfree) = NULL; 166 + char *p, *desc __free(kfree) = NULL; 166 167 const char *q; 167 168 size_t srlen, sulen; 168 - char *desc = NULL, *p; 169 - int ret; 170 169 171 170 cert = x509_cert_parse(prep->data, prep->datalen); 172 171 if (IS_ERR(cert)) ··· 187 188 } 188 189 189 190 /* Don't permit addition of blacklisted keys */ 190 - ret = -EKEYREJECTED; 191 191 if (cert->blacklisted) 192 - goto error_free_cert; 192 + return -EKEYREJECTED; 193 193 194 194 /* Propose a description */ 195 195 sulen = strlen(cert->subject); ··· 200 202 q = cert->raw_serial; 201 203 } 202 204 203 - ret = -ENOMEM; 204 205 desc = kmalloc(sulen + 2 + srlen * 2 + 1, GFP_KERNEL); 205 206 if (!desc) 206 - goto error_free_cert; 207 + return -ENOMEM; 207 208 p = memcpy(desc, cert->subject, sulen); 208 209 p += sulen; 209 210 *p++ = ':'; ··· 212 215 213 216 kids = kmalloc(sizeof(struct asymmetric_key_ids), GFP_KERNEL); 214 217 if (!kids) 215 - goto error_free_desc; 218 + return -ENOMEM; 216 219 kids->id[0] = cert->id; 217 220 kids->id[1] = cert->skid; 218 221 kids->id[2] = asymmetric_key_generate_id(cert->raw_subject, 219 222 cert->raw_subject_size, 220 223 "", 0); 221 - if (IS_ERR(kids->id[2])) { 222 - ret = PTR_ERR(kids->id[2]); 223 - goto error_free_kids; 224 - } 224 + if (IS_ERR(kids->id[2])) 225 + return PTR_ERR(kids->id[2]); 225 226 226 227 /* We're pinning the module by being linked against it */ 227 228 __module_get(public_key_subtype.owner); ··· 237 242 cert->sig = NULL; 238 243 desc = NULL; 239 244 kids = NULL; 240 - ret = 0; 241 - 242 - error_free_kids: 243 - kfree(kids); 244 - error_free_desc: 245 - kfree(desc); 246 - error_free_cert: 247 - x509_free_certificate(cert); 248 - return ret; 245 + return 0; 249 246 } 250 247 251 248 static struct asymmetric_key_parser x509_key_parser = {

+1 -2

crypto/cipher.c

··· 34 34 alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); 35 35 memcpy(alignbuffer, key, keylen); 36 36 ret = cia->cia_setkey(crypto_cipher_tfm(tfm), alignbuffer, keylen); 37 - memset(alignbuffer, 0, keylen); 38 - kfree(buffer); 37 + kfree_sensitive(buffer); 39 38 return ret; 40 39 41 40 }

-3

crypto/compress.h

··· 13 13 14 14 struct acomp_req; 15 15 struct comp_alg_common; 16 - struct sk_buff; 17 16 18 17 int crypto_init_scomp_ops_async(struct crypto_tfm *tfm); 19 18 struct acomp_req *crypto_acomp_scomp_alloc_ctx(struct acomp_req *req); 20 19 void crypto_acomp_scomp_free_ctx(struct acomp_req *req); 21 - 22 - int crypto_acomp_report_stat(struct sk_buff *skb, struct crypto_alg *alg); 23 20 24 21 void comp_prepare_alg(struct comp_alg_common *alg); 25 22

+8 -2

crypto/crypto_user_base.c crypto/crypto_user.c

··· 18 18 #include <crypto/internal/rng.h> 19 19 #include <crypto/akcipher.h> 20 20 #include <crypto/kpp.h> 21 - #include <crypto/internal/cryptouser.h> 22 21 23 22 #include "internal.h" 24 23 ··· 32 33 u16 nlmsg_flags; 33 34 }; 34 35 35 - struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact) 36 + static struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact) 36 37 { 37 38 struct crypto_alg *q, *alg = NULL; 38 39 ··· 384 385 if (!netlink_capable(skb, CAP_NET_ADMIN)) 385 386 return -EPERM; 386 387 return crypto_del_default_rng(); 388 + } 389 + 390 + static int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, 391 + struct nlattr **attrs) 392 + { 393 + /* No longer supported */ 394 + return -ENOTSUPP; 387 395 } 388 396 389 397 #define MSGSIZE(type) sizeof(struct type)

-176

crypto/crypto_user_stat.c

··· 1 - // SPDX-License-Identifier: GPL-2.0 2 - /* 3 - * Crypto user configuration API. 4 - * 5 - * Copyright (C) 2017-2018 Corentin Labbe <clabbe@baylibre.com> 6 - * 7 - */ 8 - 9 - #include <crypto/algapi.h> 10 - #include <crypto/internal/cryptouser.h> 11 - #include <linux/errno.h> 12 - #include <linux/kernel.h> 13 - #include <linux/module.h> 14 - #include <linux/string.h> 15 - #include <net/netlink.h> 16 - #include <net/sock.h> 17 - 18 - #define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) 19 - 20 - struct crypto_dump_info { 21 - struct sk_buff *in_skb; 22 - struct sk_buff *out_skb; 23 - u32 nlmsg_seq; 24 - u16 nlmsg_flags; 25 - }; 26 - 27 - static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) 28 - { 29 - struct crypto_stat_cipher rcipher; 30 - 31 - memset(&rcipher, 0, sizeof(rcipher)); 32 - 33 - strscpy(rcipher.type, "cipher", sizeof(rcipher.type)); 34 - 35 - return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher); 36 - } 37 - 38 - static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) 39 - { 40 - struct crypto_stat_compress rcomp; 41 - 42 - memset(&rcomp, 0, sizeof(rcomp)); 43 - 44 - strscpy(rcomp.type, "compression", sizeof(rcomp.type)); 45 - 46 - return nla_put(skb, CRYPTOCFGA_STAT_COMPRESS, sizeof(rcomp), &rcomp); 47 - } 48 - 49 - static int crypto_reportstat_one(struct crypto_alg *alg, 50 - struct crypto_user_alg *ualg, 51 - struct sk_buff *skb) 52 - { 53 - memset(ualg, 0, sizeof(*ualg)); 54 - 55 - strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); 56 - strscpy(ualg->cru_driver_name, alg->cra_driver_name, 57 - sizeof(ualg->cru_driver_name)); 58 - strscpy(ualg->cru_module_name, module_name(alg->cra_module), 59 - sizeof(ualg->cru_module_name)); 60 - 61 - ualg->cru_type = 0; 62 - ualg->cru_mask = 0; 63 - ualg->cru_flags = alg->cra_flags; 64 - ualg->cru_refcnt = refcount_read(&alg->cra_refcnt); 65 - 66 - if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority)) 67 - goto nla_put_failure; 68 - if (alg->cra_flags & CRYPTO_ALG_LARVAL) { 69 - struct crypto_stat_larval rl; 70 - 71 - memset(&rl, 0, sizeof(rl)); 72 - strscpy(rl.type, "larval", sizeof(rl.type)); 73 - if (nla_put(skb, CRYPTOCFGA_STAT_LARVAL, sizeof(rl), &rl)) 74 - goto nla_put_failure; 75 - goto out; 76 - } 77 - 78 - if (alg->cra_type && alg->cra_type->report_stat) { 79 - if (alg->cra_type->report_stat(skb, alg)) 80 - goto nla_put_failure; 81 - goto out; 82 - } 83 - 84 - switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { 85 - case CRYPTO_ALG_TYPE_CIPHER: 86 - if (crypto_report_cipher(skb, alg)) 87 - goto nla_put_failure; 88 - break; 89 - case CRYPTO_ALG_TYPE_COMPRESS: 90 - if (crypto_report_comp(skb, alg)) 91 - goto nla_put_failure; 92 - break; 93 - default: 94 - pr_err("ERROR: Unhandled alg %d in %s\n", 95 - alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL), 96 - __func__); 97 - } 98 - 99 - out: 100 - return 0; 101 - 102 - nla_put_failure: 103 - return -EMSGSIZE; 104 - } 105 - 106 - static int crypto_reportstat_alg(struct crypto_alg *alg, 107 - struct crypto_dump_info *info) 108 - { 109 - struct sk_buff *in_skb = info->in_skb; 110 - struct sk_buff *skb = info->out_skb; 111 - struct nlmsghdr *nlh; 112 - struct crypto_user_alg *ualg; 113 - int err = 0; 114 - 115 - nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, info->nlmsg_seq, 116 - CRYPTO_MSG_GETSTAT, sizeof(*ualg), info->nlmsg_flags); 117 - if (!nlh) { 118 - err = -EMSGSIZE; 119 - goto out; 120 - } 121 - 122 - ualg = nlmsg_data(nlh); 123 - 124 - err = crypto_reportstat_one(alg, ualg, skb); 125 - if (err) { 126 - nlmsg_cancel(skb, nlh); 127 - goto out; 128 - } 129 - 130 - nlmsg_end(skb, nlh); 131 - 132 - out: 133 - return err; 134 - } 135 - 136 - int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, 137 - struct nlattr **attrs) 138 - { 139 - struct net *net = sock_net(in_skb->sk); 140 - struct crypto_user_alg *p = nlmsg_data(in_nlh); 141 - struct crypto_alg *alg; 142 - struct sk_buff *skb; 143 - struct crypto_dump_info info; 144 - int err; 145 - 146 - if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) 147 - return -EINVAL; 148 - 149 - alg = crypto_alg_match(p, 0); 150 - if (!alg) 151 - return -ENOENT; 152 - 153 - err = -ENOMEM; 154 - skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 155 - if (!skb) 156 - goto drop_alg; 157 - 158 - info.in_skb = in_skb; 159 - info.out_skb = skb; 160 - info.nlmsg_seq = in_nlh->nlmsg_seq; 161 - info.nlmsg_flags = 0; 162 - 163 - err = crypto_reportstat_alg(alg, &info); 164 - 165 - drop_alg: 166 - crypto_mod_put(alg); 167 - 168 - if (err) { 169 - kfree_skb(skb); 170 - return err; 171 - } 172 - 173 - return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid); 174 - } 175 - 176 - MODULE_LICENSE("GPL");

+63 -37

crypto/ecc.c

··· 60 60 return &nist_p256; 61 61 case ECC_CURVE_NIST_P384: 62 62 return &nist_p384; 63 + case ECC_CURVE_NIST_P521: 64 + return &nist_p521; 63 65 default: 64 66 return NULL; 65 67 } ··· 691 689 static void vli_mmod_fast_192(u64 *result, const u64 *product, 692 690 const u64 *curve_prime, u64 *tmp) 693 691 { 694 - const unsigned int ndigits = 3; 692 + const unsigned int ndigits = ECC_CURVE_NIST_P192_DIGITS; 695 693 int carry; 696 694 697 695 vli_set(result, product, ndigits); ··· 719 717 const u64 *curve_prime, u64 *tmp) 720 718 { 721 719 int carry; 722 - const unsigned int ndigits = 4; 720 + const unsigned int ndigits = ECC_CURVE_NIST_P256_DIGITS; 723 721 724 722 /* t */ 725 723 vli_set(result, product, ndigits); ··· 802 800 const u64 *curve_prime, u64 *tmp) 803 801 { 804 802 int carry; 805 - const unsigned int ndigits = 6; 803 + const unsigned int ndigits = ECC_CURVE_NIST_P384_DIGITS; 806 804 807 805 /* t */ 808 806 vli_set(result, product, ndigits); ··· 904 902 #undef AND64H 905 903 #undef AND64L 906 904 905 + /* 906 + * Computes result = product % curve_prime 907 + * from "Recommendations for Discrete Logarithm-Based Cryptography: 908 + * Elliptic Curve Domain Parameters" section G.1.4 909 + */ 910 + static void vli_mmod_fast_521(u64 *result, const u64 *product, 911 + const u64 *curve_prime, u64 *tmp) 912 + { 913 + const unsigned int ndigits = ECC_CURVE_NIST_P521_DIGITS; 914 + size_t i; 915 + 916 + /* Initialize result with lowest 521 bits from product */ 917 + vli_set(result, product, ndigits); 918 + result[8] &= 0x1ff; 919 + 920 + for (i = 0; i < ndigits; i++) 921 + tmp[i] = (product[8 + i] >> 9) | (product[9 + i] << 55); 922 + tmp[8] &= 0x1ff; 923 + 924 + vli_mod_add(result, result, tmp, curve_prime, ndigits); 925 + } 926 + 907 927 /* Computes result = product % curve_prime for different curve_primes. 908 928 * 909 929 * Note that curve_primes are distinguished just by heuristic check and ··· 956 932 } 957 933 958 934 switch (ndigits) { 959 - case 3: 935 + case ECC_CURVE_NIST_P192_DIGITS: 960 936 vli_mmod_fast_192(result, product, curve_prime, tmp); 961 937 break; 962 - case 4: 938 + case ECC_CURVE_NIST_P256_DIGITS: 963 939 vli_mmod_fast_256(result, product, curve_prime, tmp); 964 940 break; 965 - case 6: 941 + case ECC_CURVE_NIST_P384_DIGITS: 966 942 vli_mmod_fast_384(result, product, curve_prime, tmp); 943 + break; 944 + case ECC_CURVE_NIST_P521_DIGITS: 945 + vli_mmod_fast_521(result, product, curve_prime, tmp); 967 946 break; 968 947 default: 969 948 pr_err_ratelimited("ecc: unsupported digits size!\n"); ··· 1322 1295 carry = vli_add(sk[0], scalar, curve->n, ndigits); 1323 1296 vli_add(sk[1], sk[0], curve->n, ndigits); 1324 1297 scalar = sk[!carry]; 1325 - num_bits = sizeof(u64) * ndigits * 8 + 1; 1298 + if (curve->nbits == 521) /* NIST P521 */ 1299 + num_bits = curve->nbits + 2; 1300 + else 1301 + num_bits = sizeof(u64) * ndigits * 8 + 1; 1326 1302 1327 1303 vli_set(rx[1], point->x, ndigits); 1328 1304 vli_set(ry[1], point->y, ndigits); ··· 1446 1416 } 1447 1417 EXPORT_SYMBOL(ecc_point_mult_shamir); 1448 1418 1419 + /* 1420 + * This function performs checks equivalent to Appendix A.4.2 of FIPS 186-5. 1421 + * Whereas A.4.2 results in an integer in the interval [1, n-1], this function 1422 + * ensures that the integer is in the range of [2, n-3]. We are slightly 1423 + * stricter because of the currently used scalar multiplication algorithm. 1424 + */ 1449 1425 static int __ecc_is_key_valid(const struct ecc_curve *curve, 1450 1426 const u64 *private_key, unsigned int ndigits) 1451 1427 { ··· 1491 1455 EXPORT_SYMBOL(ecc_is_key_valid); 1492 1456 1493 1457 /* 1494 - * ECC private keys are generated using the method of extra random bits, 1495 - * equivalent to that described in FIPS 186-4, Appendix B.4.1. 1496 - * 1497 - * d = (c mod(n–1)) + 1 where c is a string of random bits, 64 bits longer 1498 - * than requested 1499 - * 0 <= c mod(n-1) <= n-2 and implies that 1500 - * 1 <= d <= n-1 1458 + * ECC private keys are generated using the method of rejection sampling, 1459 + * equivalent to that described in FIPS 186-5, Appendix A.2.2. 1501 1460 * 1502 1461 * This method generates a private key uniformly distributed in the range 1503 - * [1, n-1]. 1462 + * [2, n-3]. 1504 1463 */ 1505 - int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey) 1464 + int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, 1465 + u64 *private_key) 1506 1466 { 1507 1467 const struct ecc_curve *curve = ecc_get_curve(curve_id); 1508 - u64 priv[ECC_MAX_DIGITS]; 1509 1468 unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; 1510 1469 unsigned int nbits = vli_num_bits(curve->n, ndigits); 1511 1470 int err; 1512 1471 1513 - /* Check that N is included in Table 1 of FIPS 186-4, section 6.1.1 */ 1514 - if (nbits < 160 || ndigits > ARRAY_SIZE(priv)) 1472 + /* 1473 + * Step 1 & 2: check that N is included in Table 1 of FIPS 186-5, 1474 + * section 6.1.1. 1475 + */ 1476 + if (nbits < 224) 1515 1477 return -EINVAL; 1516 1478 1517 1479 /* 1518 - * FIPS 186-4 recommends that the private key should be obtained from a 1480 + * FIPS 186-5 recommends that the private key should be obtained from a 1519 1481 * RBG with a security strength equal to or greater than the security 1520 1482 * strength associated with N. 1521 1483 * ··· 1526 1492 if (crypto_get_default_rng()) 1527 1493 return -EFAULT; 1528 1494 1529 - err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes); 1495 + /* Step 3: obtain N returned_bits from the DRBG. */ 1496 + err = crypto_rng_get_bytes(crypto_default_rng, 1497 + (u8 *)private_key, nbytes); 1530 1498 crypto_put_default_rng(); 1531 1499 if (err) 1532 1500 return err; 1533 1501 1534 - /* Make sure the private key is in the valid range. */ 1535 - if (__ecc_is_key_valid(curve, priv, ndigits)) 1502 + /* Step 4: make sure the private key is in the valid range. */ 1503 + if (__ecc_is_key_valid(curve, private_key, ndigits)) 1536 1504 return -EINVAL; 1537 - 1538 - ecc_swap_digits(priv, privkey, ndigits); 1539 1505 1540 1506 return 0; 1541 1507 } ··· 1546 1512 { 1547 1513 int ret = 0; 1548 1514 struct ecc_point *pk; 1549 - u64 priv[ECC_MAX_DIGITS]; 1550 1515 const struct ecc_curve *curve = ecc_get_curve(curve_id); 1551 1516 1552 - if (!private_key || !curve || ndigits > ARRAY_SIZE(priv)) { 1517 + if (!private_key) { 1553 1518 ret = -EINVAL; 1554 1519 goto out; 1555 1520 } 1556 - 1557 - ecc_swap_digits(private_key, priv, ndigits); 1558 1521 1559 1522 pk = ecc_alloc_point(ndigits); 1560 1523 if (!pk) { ··· 1559 1528 goto out; 1560 1529 } 1561 1530 1562 - ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits); 1531 + ecc_point_mult(pk, &curve->g, private_key, NULL, curve, ndigits); 1563 1532 1564 1533 /* SP800-56A rev 3 5.6.2.1.3 key check */ 1565 1534 if (ecc_is_pubkey_valid_full(curve, pk)) { ··· 1643 1612 { 1644 1613 int ret = 0; 1645 1614 struct ecc_point *product, *pk; 1646 - u64 priv[ECC_MAX_DIGITS]; 1647 1615 u64 rand_z[ECC_MAX_DIGITS]; 1648 1616 unsigned int nbytes; 1649 1617 const struct ecc_curve *curve = ecc_get_curve(curve_id); 1650 1618 1651 - if (!private_key || !public_key || !curve || 1652 - ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) { 1619 + if (!private_key || !public_key || ndigits > ARRAY_SIZE(rand_z)) { 1653 1620 ret = -EINVAL; 1654 1621 goto out; 1655 1622 } ··· 1668 1639 if (ret) 1669 1640 goto err_alloc_product; 1670 1641 1671 - ecc_swap_digits(private_key, priv, ndigits); 1672 - 1673 1642 product = ecc_alloc_point(ndigits); 1674 1643 if (!product) { 1675 1644 ret = -ENOMEM; 1676 1645 goto err_alloc_product; 1677 1646 } 1678 1647 1679 - ecc_point_mult(product, pk, priv, rand_z, curve, ndigits); 1648 + ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits); 1680 1649 1681 1650 if (ecc_point_is_zero(product)) { 1682 1651 ret = -EFAULT; ··· 1684 1657 ecc_swap_digits(product->x, secret, ndigits); 1685 1658 1686 1659 err_validity: 1687 - memzero_explicit(priv, sizeof(priv)); 1688 1660 memzero_explicit(rand_z, sizeof(rand_z)); 1689 1661 ecc_free_point(product); 1690 1662 err_alloc_product:

+49

crypto/ecc_curve_defs.h

··· 17 17 0x64210519E59C80E7ull }; 18 18 static struct ecc_curve nist_p192 = { 19 19 .name = "nist_192", 20 + .nbits = 192, 20 21 .g = { 21 22 .x = nist_p192_g_x, 22 23 .y = nist_p192_g_y, ··· 44 43 0xB3EBBD55769886BCull, 0x5AC635D8AA3A93E7ull }; 45 44 static struct ecc_curve nist_p256 = { 46 45 .name = "nist_256", 46 + .nbits = 256, 47 47 .g = { 48 48 .x = nist_p256_g_x, 49 49 .y = nist_p256_g_y, ··· 77 75 0x988e056be3f82d19ull, 0xb3312fa7e23ee7e4ull }; 78 76 static struct ecc_curve nist_p384 = { 79 77 .name = "nist_384", 78 + .nbits = 384, 80 79 .g = { 81 80 .x = nist_p384_g_x, 82 81 .y = nist_p384_g_y, ··· 89 86 .b = nist_p384_b 90 87 }; 91 88 89 + /* NIST P-521 */ 90 + static u64 nist_p521_g_x[] = { 0xf97e7e31c2e5bd66ull, 0x3348b3c1856a429bull, 91 + 0xfe1dc127a2ffa8deull, 0xa14b5e77efe75928ull, 92 + 0xf828af606b4d3dbaull, 0x9c648139053fb521ull, 93 + 0x9e3ecb662395b442ull, 0x858e06b70404e9cdull, 94 + 0xc6ull }; 95 + static u64 nist_p521_g_y[] = { 0x88be94769fd16650ull, 0x353c7086a272c240ull, 96 + 0xc550b9013fad0761ull, 0x97ee72995ef42640ull, 97 + 0x17afbd17273e662cull, 0x98f54449579b4468ull, 98 + 0x5c8a5fb42c7d1bd9ull, 0x39296a789a3bc004ull, 99 + 0x118ull }; 100 + static u64 nist_p521_p[] = { 0xffffffffffffffffull, 0xffffffffffffffffull, 101 + 0xffffffffffffffffull, 0xffffffffffffffffull, 102 + 0xffffffffffffffffull, 0xffffffffffffffffull, 103 + 0xffffffffffffffffull, 0xffffffffffffffffull, 104 + 0x1ffull }; 105 + static u64 nist_p521_n[] = { 0xbb6fb71e91386409ull, 0x3bb5c9b8899c47aeull, 106 + 0x7fcc0148f709a5d0ull, 0x51868783bf2f966bull, 107 + 0xfffffffffffffffaull, 0xffffffffffffffffull, 108 + 0xffffffffffffffffull, 0xffffffffffffffffull, 109 + 0x1ffull }; 110 + static u64 nist_p521_a[] = { 0xfffffffffffffffcull, 0xffffffffffffffffull, 111 + 0xffffffffffffffffull, 0xffffffffffffffffull, 112 + 0xffffffffffffffffull, 0xffffffffffffffffull, 113 + 0xffffffffffffffffull, 0xffffffffffffffffull, 114 + 0x1ffull }; 115 + static u64 nist_p521_b[] = { 0xef451fd46b503f00ull, 0x3573df883d2c34f1ull, 116 + 0x1652c0bd3bb1bf07ull, 0x56193951ec7e937bull, 117 + 0xb8b489918ef109e1ull, 0xa2da725b99b315f3ull, 118 + 0x929a21a0b68540eeull, 0x953eb9618e1c9a1full, 119 + 0x051ull }; 120 + static struct ecc_curve nist_p521 = { 121 + .name = "nist_521", 122 + .nbits = 521, 123 + .g = { 124 + .x = nist_p521_g_x, 125 + .y = nist_p521_g_y, 126 + .ndigits = 9, 127 + }, 128 + .p = nist_p521_p, 129 + .n = nist_p521_n, 130 + .a = nist_p521_a, 131 + .b = nist_p521_b 132 + }; 133 + 92 134 /* curve25519 */ 93 135 static u64 curve25519_g_x[] = { 0x0000000000000009, 0x0000000000000000, 94 136 0x0000000000000000, 0x0000000000000000 }; ··· 143 95 0x0000000000000000, 0x0000000000000000 }; 144 96 static const struct ecc_curve ecc_25519 = { 145 97 .name = "curve25519", 98 + .nbits = 255, 146 99 .g = { 147 100 .x = curve25519_g_x, 148 101 .ndigits = 4,

+8 -3

crypto/ecdh.c

··· 28 28 { 29 29 struct ecdh_ctx *ctx = ecdh_get_ctx(tfm); 30 30 struct ecdh params; 31 + int ret = 0; 31 32 32 33 if (crypto_ecdh_decode_key(buf, len, &params) < 0 || 33 34 params.key_size > sizeof(u64) * ctx->ndigits) 34 35 return -EINVAL; 35 36 37 + memset(ctx->private_key, 0, sizeof(ctx->private_key)); 38 + 36 39 if (!params.key || !params.key_size) 37 40 return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, 38 41 ctx->private_key); 39 42 40 - memcpy(ctx->private_key, params.key, params.key_size); 43 + ecc_digits_from_bytes(params.key, params.key_size, 44 + ctx->private_key, ctx->ndigits); 41 45 42 46 if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, 43 47 ctx->private_key, params.key_size) < 0) { 44 48 memzero_explicit(ctx->private_key, params.key_size); 45 - return -EINVAL; 49 + ret = -EINVAL; 46 50 } 47 - return 0; 51 + 52 + return ret; 48 53 } 49 54 50 55 static int ecdh_compute_value(struct kpp_request *req)

+52 -14

crypto/ecdsa.c

··· 35 35 static int ecdsa_get_signature_rs(u64 *dest, size_t hdrlen, unsigned char tag, 36 36 const void *value, size_t vlen, unsigned int ndigits) 37 37 { 38 - size_t keylen = ndigits * sizeof(u64); 39 - ssize_t diff = vlen - keylen; 38 + size_t bufsize = ndigits * sizeof(u64); 39 + ssize_t diff = vlen - bufsize; 40 40 const char *d = value; 41 41 u8 rs[ECC_MAX_BYTES]; 42 42 ··· 58 58 if (diff) 59 59 return -EINVAL; 60 60 } 61 - if (-diff >= keylen) 61 + if (-diff >= bufsize) 62 62 return -EINVAL; 63 63 64 64 if (diff) { ··· 122 122 123 123 /* res.x = res.x mod n (if res.x > order) */ 124 124 if (unlikely(vli_cmp(res.x, curve->n, ndigits) == 1)) 125 - /* faster alternative for NIST p384, p256 & p192 */ 125 + /* faster alternative for NIST p521, p384, p256 & p192 */ 126 126 vli_sub(res.x, res.x, curve->n, ndigits); 127 127 128 128 if (!vli_cmp(res.x, r, ndigits)) ··· 138 138 { 139 139 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 140 140 struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); 141 - size_t keylen = ctx->curve->g.ndigits * sizeof(u64); 141 + size_t bufsize = ctx->curve->g.ndigits * sizeof(u64); 142 142 struct ecdsa_signature_ctx sig_ctx = { 143 143 .curve = ctx->curve, 144 144 }; ··· 165 165 goto error; 166 166 167 167 /* if the hash is shorter then we will add leading zeros to fit to ndigits */ 168 - diff = keylen - req->dst_len; 168 + diff = bufsize - req->dst_len; 169 169 if (diff >= 0) { 170 170 if (diff) 171 171 memset(rawhash, 0, diff); 172 172 memcpy(&rawhash[diff], buffer + req->src_len, req->dst_len); 173 173 } else if (diff < 0) { 174 174 /* given hash is longer, we take the left-most bytes */ 175 - memcpy(&rawhash, buffer + req->src_len, keylen); 175 + memcpy(&rawhash, buffer + req->src_len, bufsize); 176 176 } 177 177 178 178 ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits); ··· 222 222 static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen) 223 223 { 224 224 struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); 225 + unsigned int digitlen, ndigits; 225 226 const unsigned char *d = key; 226 - const u64 *digits = (const u64 *)&d[1]; 227 - unsigned int ndigits; 228 227 int ret; 229 228 230 229 ret = ecdsa_ecc_ctx_reset(ctx); 231 230 if (ret < 0) 232 231 return ret; 233 232 234 - if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0) 233 + if (keylen < 1 || ((keylen - 1) & 1) != 0) 235 234 return -EINVAL; 236 235 /* we only accept uncompressed format indicated by '4' */ 237 236 if (d[0] != 4) 238 237 return -EINVAL; 239 238 240 239 keylen--; 241 - ndigits = (keylen >> 1) / sizeof(u64); 240 + digitlen = keylen >> 1; 241 + 242 + ndigits = DIV_ROUND_UP(digitlen, sizeof(u64)); 242 243 if (ndigits != ctx->curve->g.ndigits) 243 244 return -EINVAL; 244 245 245 - ecc_swap_digits(digits, ctx->pub_key.x, ndigits); 246 - ecc_swap_digits(&digits[ndigits], ctx->pub_key.y, ndigits); 246 + d++; 247 + 248 + ecc_digits_from_bytes(d, digitlen, ctx->pub_key.x, ndigits); 249 + ecc_digits_from_bytes(&d[digitlen], digitlen, ctx->pub_key.y, ndigits); 250 + 247 251 ret = ecc_is_pubkey_valid_full(ctx->curve, &ctx->pub_key); 248 252 249 253 ctx->pub_key_set = ret == 0; ··· 266 262 { 267 263 struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); 268 264 269 - return ctx->pub_key.ndigits << ECC_DIGITS_TO_BYTES_SHIFT; 265 + return DIV_ROUND_UP(ctx->curve->nbits, 8); 270 266 } 267 + 268 + static int ecdsa_nist_p521_init_tfm(struct crypto_akcipher *tfm) 269 + { 270 + struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm); 271 + 272 + return ecdsa_ecc_ctx_init(ctx, ECC_CURVE_NIST_P521); 273 + } 274 + 275 + static struct akcipher_alg ecdsa_nist_p521 = { 276 + .verify = ecdsa_verify, 277 + .set_pub_key = ecdsa_set_pub_key, 278 + .max_size = ecdsa_max_size, 279 + .init = ecdsa_nist_p521_init_tfm, 280 + .exit = ecdsa_exit_tfm, 281 + .base = { 282 + .cra_name = "ecdsa-nist-p521", 283 + .cra_driver_name = "ecdsa-nist-p521-generic", 284 + .cra_priority = 100, 285 + .cra_module = THIS_MODULE, 286 + .cra_ctxsize = sizeof(struct ecc_ctx), 287 + }, 288 + }; 271 289 272 290 static int ecdsa_nist_p384_init_tfm(struct crypto_akcipher *tfm) 273 291 { ··· 374 348 if (ret) 375 349 goto nist_p384_error; 376 350 351 + ret = crypto_register_akcipher(&ecdsa_nist_p521); 352 + if (ret) 353 + goto nist_p521_error; 354 + 377 355 return 0; 356 + 357 + nist_p521_error: 358 + crypto_unregister_akcipher(&ecdsa_nist_p384); 378 359 379 360 nist_p384_error: 380 361 crypto_unregister_akcipher(&ecdsa_nist_p256); ··· 398 365 crypto_unregister_akcipher(&ecdsa_nist_p192); 399 366 crypto_unregister_akcipher(&ecdsa_nist_p256); 400 367 crypto_unregister_akcipher(&ecdsa_nist_p384); 368 + crypto_unregister_akcipher(&ecdsa_nist_p521); 401 369 } 402 370 403 371 subsys_initcall(ecdsa_init); ··· 407 373 MODULE_LICENSE("GPL"); 408 374 MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>"); 409 375 MODULE_DESCRIPTION("ECDSA generic algorithm"); 376 + MODULE_ALIAS_CRYPTO("ecdsa-nist-p192"); 377 + MODULE_ALIAS_CRYPTO("ecdsa-nist-p256"); 378 + MODULE_ALIAS_CRYPTO("ecdsa-nist-p384"); 379 + MODULE_ALIAS_CRYPTO("ecdsa-nist-p521"); 410 380 MODULE_ALIAS_CRYPTO("ecdsa-generic");

+1

crypto/ecrdsa.c

··· 294 294 MODULE_LICENSE("GPL"); 295 295 MODULE_AUTHOR("Vitaly Chikunov <vt@altlinux.org>"); 296 296 MODULE_DESCRIPTION("EC-RDSA generic algorithm"); 297 + MODULE_ALIAS_CRYPTO("ecrdsa"); 297 298 MODULE_ALIAS_CRYPTO("ecrdsa-generic");

+5

crypto/ecrdsa_defs.h

··· 47 47 48 48 static struct ecc_curve gost_cp256a = { 49 49 .name = "cp256a", 50 + .nbits = 256, 50 51 .g = { 51 52 .x = cp256a_g_x, 52 53 .y = cp256a_g_y, ··· 81 80 82 81 static struct ecc_curve gost_cp256b = { 83 82 .name = "cp256b", 83 + .nbits = 256, 84 84 .g = { 85 85 .x = cp256b_g_x, 86 86 .y = cp256b_g_y, ··· 119 117 120 118 static struct ecc_curve gost_cp256c = { 121 119 .name = "cp256c", 120 + .nbits = 256, 122 121 .g = { 123 122 .x = cp256c_g_x, 124 123 .y = cp256c_g_y, ··· 169 166 170 167 static struct ecc_curve gost_tc512a = { 171 168 .name = "tc512a", 169 + .nbits = 512, 172 170 .g = { 173 171 .x = tc512a_g_x, 174 172 .y = tc512a_g_y, ··· 215 211 216 212 static struct ecc_curve gost_tc512b = { 217 213 .name = "tc512b", 214 + .nbits = 512, 218 215 .g = { 219 216 .x = tc512b_g_x, 220 217 .y = tc512b_g_y,

-1

crypto/fips.c

··· 63 63 .mode = 0444, 64 64 .proc_handler = proc_dostring 65 65 }, 66 - {} 67 66 }; 68 67 69 68 static struct ctl_table_header *crypto_sysctls;

-30

crypto/hash.h

··· 8 8 #define _LOCAL_CRYPTO_HASH_H 9 9 10 10 #include <crypto/internal/hash.h> 11 - #include <linux/cryptouser.h> 12 11 13 12 #include "internal.h" 14 - 15 - static inline struct crypto_istat_hash *hash_get_stat( 16 - struct hash_alg_common *alg) 17 - { 18 - #ifdef CONFIG_CRYPTO_STATS 19 - return &alg->stat; 20 - #else 21 - return NULL; 22 - #endif 23 - } 24 - 25 - static inline int crypto_hash_report_stat(struct sk_buff *skb, 26 - struct crypto_alg *alg, 27 - const char *type) 28 - { 29 - struct hash_alg_common *halg = __crypto_hash_alg_common(alg); 30 - struct crypto_istat_hash *istat = hash_get_stat(halg); 31 - struct crypto_stat_hash rhash; 32 - 33 - memset(&rhash, 0, sizeof(rhash)); 34 - 35 - strscpy(rhash.type, type, sizeof(rhash.type)); 36 - 37 - rhash.stat_hash_cnt = atomic64_read(&istat->hash_cnt); 38 - rhash.stat_hash_tlen = atomic64_read(&istat->hash_tlen); 39 - rhash.stat_err_cnt = atomic64_read(&istat->err_cnt); 40 - 41 - return nla_put(skb, CRYPTOCFGA_STAT_HASH, sizeof(rhash), &rhash); 42 - } 43 13 44 14 extern const struct crypto_type crypto_shash_type; 45 15

+1 -2

crypto/jitterentropy-kcapi.c

··· 61 61 62 62 void jent_kvzfree(void *ptr, unsigned int len) 63 63 { 64 - memzero_explicit(ptr, len); 65 - kvfree(ptr); 64 + kvfree_sensitive(ptr, len); 66 65 } 67 66 68 67 void *jent_zalloc(unsigned int len)

+2 -2

crypto/jitterentropy.c

··· 157 157 /* 158 158 * See the SP 800-90B comment #10b for the corrected cutoff for the SP 800-90B 159 159 * APT. 160 - * http://www.untruth.org/~josh/sp80090b/UL%20SP800-90B-final%20comments%20v1.9%2020191212.pdf 161 - * In in the syntax of R, this is C = 2 + qbinom(1 − 2^(−30), 511, 2^(-1/osr)). 160 + * https://www.untruth.org/~josh/sp80090b/UL%20SP800-90B-final%20comments%20v1.9%2020191212.pdf 161 + * In the syntax of R, this is C = 2 + qbinom(1 − 2^(−30), 511, 2^(-1/osr)). 162 162 * (The original formula wasn't correct because the first symbol must 163 163 * necessarily have been observed, so there is no chance of observing 0 of these 164 164 * symbols.)

-30

crypto/kpp.c

··· 66 66 kpp->free(kpp); 67 67 } 68 68 69 - static int __maybe_unused crypto_kpp_report_stat( 70 - struct sk_buff *skb, struct crypto_alg *alg) 71 - { 72 - struct kpp_alg *kpp = __crypto_kpp_alg(alg); 73 - struct crypto_istat_kpp *istat; 74 - struct crypto_stat_kpp rkpp; 75 - 76 - istat = kpp_get_stat(kpp); 77 - 78 - memset(&rkpp, 0, sizeof(rkpp)); 79 - 80 - strscpy(rkpp.type, "kpp", sizeof(rkpp.type)); 81 - 82 - rkpp.stat_setsecret_cnt = atomic64_read(&istat->setsecret_cnt); 83 - rkpp.stat_generate_public_key_cnt = 84 - atomic64_read(&istat->generate_public_key_cnt); 85 - rkpp.stat_compute_shared_secret_cnt = 86 - atomic64_read(&istat->compute_shared_secret_cnt); 87 - rkpp.stat_err_cnt = atomic64_read(&istat->err_cnt); 88 - 89 - return nla_put(skb, CRYPTOCFGA_STAT_KPP, sizeof(rkpp), &rkpp); 90 - } 91 - 92 69 static const struct crypto_type crypto_kpp_type = { 93 70 .extsize = crypto_alg_extsize, 94 71 .init_tfm = crypto_kpp_init_tfm, ··· 75 98 #endif 76 99 #if IS_ENABLED(CONFIG_CRYPTO_USER) 77 100 .report = crypto_kpp_report, 78 - #endif 79 - #ifdef CONFIG_CRYPTO_STATS 80 - .report_stat = crypto_kpp_report_stat, 81 101 #endif 82 102 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 83 103 .maskset = CRYPTO_ALG_TYPE_MASK, ··· 105 131 106 132 static void kpp_prepare_alg(struct kpp_alg *alg) 107 133 { 108 - struct crypto_istat_kpp *istat = kpp_get_stat(alg); 109 134 struct crypto_alg *base = &alg->base; 110 135 111 136 base->cra_type = &crypto_kpp_type; 112 137 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 113 138 base->cra_flags |= CRYPTO_ALG_TYPE_KPP; 114 - 115 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 116 - memset(istat, 0, sizeof(*istat)); 117 139 } 118 140 119 141 int crypto_register_kpp(struct kpp_alg *alg)

+4 -69

crypto/lskcipher.c

··· 29 29 return container_of(alg, struct lskcipher_alg, co.base); 30 30 } 31 31 32 - static inline struct crypto_istat_cipher *lskcipher_get_stat( 33 - struct lskcipher_alg *alg) 34 - { 35 - return skcipher_get_stat_common(&alg->co); 36 - } 37 - 38 - static inline int crypto_lskcipher_errstat(struct lskcipher_alg *alg, int err) 39 - { 40 - struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); 41 - 42 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 43 - return err; 44 - 45 - if (err) 46 - atomic64_inc(&istat->err_cnt); 47 - 48 - return err; 49 - } 50 - 51 32 static int lskcipher_setkey_unaligned(struct crypto_lskcipher *tfm, 52 33 const u8 *key, unsigned int keylen) 53 34 { ··· 128 147 u32 flags)) 129 148 { 130 149 unsigned long alignmask = crypto_lskcipher_alignmask(tfm); 131 - struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); 132 - int ret; 133 150 134 151 if (((unsigned long)src | (unsigned long)dst | (unsigned long)iv) & 135 - alignmask) { 136 - ret = crypto_lskcipher_crypt_unaligned(tfm, src, dst, len, iv, 137 - crypt); 138 - goto out; 139 - } 152 + alignmask) 153 + return crypto_lskcipher_crypt_unaligned(tfm, src, dst, len, iv, 154 + crypt); 140 155 141 - ret = crypt(tfm, src, dst, len, iv, CRYPTO_LSKCIPHER_FLAG_FINAL); 142 - 143 - out: 144 - return crypto_lskcipher_errstat(alg, ret); 156 + return crypt(tfm, src, dst, len, iv, CRYPTO_LSKCIPHER_FLAG_FINAL); 145 157 } 146 158 147 159 int crypto_lskcipher_encrypt(struct crypto_lskcipher *tfm, const u8 *src, 148 160 u8 *dst, unsigned len, u8 *iv) 149 161 { 150 162 struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); 151 - 152 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 153 - struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); 154 - 155 - atomic64_inc(&istat->encrypt_cnt); 156 - atomic64_add(len, &istat->encrypt_tlen); 157 - } 158 163 159 164 return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->encrypt); 160 165 } ··· 150 183 u8 *dst, unsigned len, u8 *iv) 151 184 { 152 185 struct lskcipher_alg *alg = crypto_lskcipher_alg(tfm); 153 - 154 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 155 - struct crypto_istat_cipher *istat = lskcipher_get_stat(alg); 156 - 157 - atomic64_inc(&istat->decrypt_cnt); 158 - atomic64_add(len, &istat->decrypt_tlen); 159 - } 160 186 161 187 return crypto_lskcipher_crypt(tfm, src, dst, len, iv, alg->decrypt); 162 188 } ··· 280 320 sizeof(rblkcipher), &rblkcipher); 281 321 } 282 322 283 - static int __maybe_unused crypto_lskcipher_report_stat( 284 - struct sk_buff *skb, struct crypto_alg *alg) 285 - { 286 - struct lskcipher_alg *skcipher = __crypto_lskcipher_alg(alg); 287 - struct crypto_istat_cipher *istat; 288 - struct crypto_stat_cipher rcipher; 289 - 290 - istat = lskcipher_get_stat(skcipher); 291 - 292 - memset(&rcipher, 0, sizeof(rcipher)); 293 - 294 - strscpy(rcipher.type, "cipher", sizeof(rcipher.type)); 295 - 296 - rcipher.stat_encrypt_cnt = atomic64_read(&istat->encrypt_cnt); 297 - rcipher.stat_encrypt_tlen = atomic64_read(&istat->encrypt_tlen); 298 - rcipher.stat_decrypt_cnt = atomic64_read(&istat->decrypt_cnt); 299 - rcipher.stat_decrypt_tlen = atomic64_read(&istat->decrypt_tlen); 300 - rcipher.stat_err_cnt = atomic64_read(&istat->err_cnt); 301 - 302 - return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher); 303 - } 304 - 305 323 static const struct crypto_type crypto_lskcipher_type = { 306 324 .extsize = crypto_alg_extsize, 307 325 .init_tfm = crypto_lskcipher_init_tfm, ··· 289 351 #endif 290 352 #if IS_ENABLED(CONFIG_CRYPTO_USER) 291 353 .report = crypto_lskcipher_report, 292 - #endif 293 - #ifdef CONFIG_CRYPTO_STATS 294 - .report_stat = crypto_lskcipher_report_stat, 295 354 #endif 296 355 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 297 356 .maskset = CRYPTO_ALG_TYPE_MASK,

+5 -39

crypto/rng.c

··· 30 30 31 31 int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) 32 32 { 33 - struct rng_alg *alg = crypto_rng_alg(tfm); 34 33 u8 *buf = NULL; 35 34 int err; 36 35 37 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 38 - atomic64_inc(&rng_get_stat(alg)->seed_cnt); 39 - 40 36 if (!seed && slen) { 41 37 buf = kmalloc(slen, GFP_KERNEL); 42 - err = -ENOMEM; 43 38 if (!buf) 44 - goto out; 39 + return -ENOMEM; 45 40 46 41 err = get_random_bytes_wait(buf, slen); 47 42 if (err) 48 - goto free_buf; 43 + goto out; 49 44 seed = buf; 50 45 } 51 46 52 - err = alg->seed(tfm, seed, slen); 53 - free_buf: 54 - kfree_sensitive(buf); 47 + err = crypto_rng_alg(tfm)->seed(tfm, seed, slen); 55 48 out: 56 - return crypto_rng_errstat(alg, err); 49 + kfree_sensitive(buf); 50 + return err; 57 51 } 58 52 EXPORT_SYMBOL_GPL(crypto_rng_reset); 59 53 ··· 85 91 seq_printf(m, "seedsize : %u\n", seedsize(alg)); 86 92 } 87 93 88 - static int __maybe_unused crypto_rng_report_stat( 89 - struct sk_buff *skb, struct crypto_alg *alg) 90 - { 91 - struct rng_alg *rng = __crypto_rng_alg(alg); 92 - struct crypto_istat_rng *istat; 93 - struct crypto_stat_rng rrng; 94 - 95 - istat = rng_get_stat(rng); 96 - 97 - memset(&rrng, 0, sizeof(rrng)); 98 - 99 - strscpy(rrng.type, "rng", sizeof(rrng.type)); 100 - 101 - rrng.stat_generate_cnt = atomic64_read(&istat->generate_cnt); 102 - rrng.stat_generate_tlen = atomic64_read(&istat->generate_tlen); 103 - rrng.stat_seed_cnt = atomic64_read(&istat->seed_cnt); 104 - rrng.stat_err_cnt = atomic64_read(&istat->err_cnt); 105 - 106 - return nla_put(skb, CRYPTOCFGA_STAT_RNG, sizeof(rrng), &rrng); 107 - } 108 - 109 94 static const struct crypto_type crypto_rng_type = { 110 95 .extsize = crypto_alg_extsize, 111 96 .init_tfm = crypto_rng_init_tfm, ··· 93 120 #endif 94 121 #if IS_ENABLED(CONFIG_CRYPTO_USER) 95 122 .report = crypto_rng_report, 96 - #endif 97 - #ifdef CONFIG_CRYPTO_STATS 98 - .report_stat = crypto_rng_report_stat, 99 123 #endif 100 124 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 101 125 .maskset = CRYPTO_ALG_TYPE_MASK, ··· 169 199 170 200 int crypto_register_rng(struct rng_alg *alg) 171 201 { 172 - struct crypto_istat_rng *istat = rng_get_stat(alg); 173 202 struct crypto_alg *base = &alg->base; 174 203 175 204 if (alg->seedsize > PAGE_SIZE / 8) ··· 177 208 base->cra_type = &crypto_rng_type; 178 209 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 179 210 base->cra_flags |= CRYPTO_ALG_TYPE_RNG; 180 - 181 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 182 - memset(istat, 0, sizeof(*istat)); 183 211 184 212 return crypto_register_alg(base); 185 213 }

-3

crypto/scompress.c

··· 271 271 #if IS_ENABLED(CONFIG_CRYPTO_USER) 272 272 .report = crypto_scomp_report, 273 273 #endif 274 - #ifdef CONFIG_CRYPTO_STATS 275 - .report_stat = crypto_acomp_report_stat, 276 - #endif 277 274 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 278 275 .maskset = CRYPTO_ALG_TYPE_MASK, 279 276 .type = CRYPTO_ALG_TYPE_SCOMPRESS,

+5 -70

crypto/shash.c

··· 16 16 17 17 #include "hash.h" 18 18 19 - static inline struct crypto_istat_hash *shash_get_stat(struct shash_alg *alg) 20 - { 21 - return hash_get_stat(&alg->halg); 22 - } 23 - 24 - static inline int crypto_shash_errstat(struct shash_alg *alg, int err) 25 - { 26 - if (IS_ENABLED(CONFIG_CRYPTO_STATS) && err) 27 - atomic64_inc(&shash_get_stat(alg)->err_cnt); 28 - return err; 29 - } 30 - 31 19 int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, 32 20 unsigned int keylen) 33 21 { ··· 49 61 int crypto_shash_update(struct shash_desc *desc, const u8 *data, 50 62 unsigned int len) 51 63 { 52 - struct shash_alg *shash = crypto_shash_alg(desc->tfm); 53 - int err; 54 - 55 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 56 - atomic64_add(len, &shash_get_stat(shash)->hash_tlen); 57 - 58 - err = shash->update(desc, data, len); 59 - 60 - return crypto_shash_errstat(shash, err); 64 + return crypto_shash_alg(desc->tfm)->update(desc, data, len); 61 65 } 62 66 EXPORT_SYMBOL_GPL(crypto_shash_update); 63 67 64 68 int crypto_shash_final(struct shash_desc *desc, u8 *out) 65 69 { 66 - struct shash_alg *shash = crypto_shash_alg(desc->tfm); 67 - int err; 68 - 69 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 70 - atomic64_inc(&shash_get_stat(shash)->hash_cnt); 71 - 72 - err = shash->final(desc, out); 73 - 74 - return crypto_shash_errstat(shash, err); 70 + return crypto_shash_alg(desc->tfm)->final(desc, out); 75 71 } 76 72 EXPORT_SYMBOL_GPL(crypto_shash_final); 77 73 ··· 71 99 int crypto_shash_finup(struct shash_desc *desc, const u8 *data, 72 100 unsigned int len, u8 *out) 73 101 { 74 - struct crypto_shash *tfm = desc->tfm; 75 - struct shash_alg *shash = crypto_shash_alg(tfm); 76 - int err; 77 - 78 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 79 - struct crypto_istat_hash *istat = shash_get_stat(shash); 80 - 81 - atomic64_inc(&istat->hash_cnt); 82 - atomic64_add(len, &istat->hash_tlen); 83 - } 84 - 85 - err = shash->finup(desc, data, len, out); 86 - 87 - return crypto_shash_errstat(shash, err); 102 + return crypto_shash_alg(desc->tfm)->finup(desc, data, len, out); 88 103 } 89 104 EXPORT_SYMBOL_GPL(crypto_shash_finup); 90 105 ··· 88 129 unsigned int len, u8 *out) 89 130 { 90 131 struct crypto_shash *tfm = desc->tfm; 91 - struct shash_alg *shash = crypto_shash_alg(tfm); 92 - int err; 93 - 94 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 95 - struct crypto_istat_hash *istat = shash_get_stat(shash); 96 - 97 - atomic64_inc(&istat->hash_cnt); 98 - atomic64_add(len, &istat->hash_tlen); 99 - } 100 132 101 133 if (crypto_shash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 102 - err = -ENOKEY; 103 - else 104 - err = shash->digest(desc, data, len, out); 134 + return -ENOKEY; 105 135 106 - return crypto_shash_errstat(shash, err); 136 + return crypto_shash_alg(tfm)->digest(desc, data, len, out); 107 137 } 108 138 EXPORT_SYMBOL_GPL(crypto_shash_digest); 109 139 ··· 213 265 seq_printf(m, "digestsize : %u\n", salg->digestsize); 214 266 } 215 267 216 - static int __maybe_unused crypto_shash_report_stat( 217 - struct sk_buff *skb, struct crypto_alg *alg) 218 - { 219 - return crypto_hash_report_stat(skb, alg, "shash"); 220 - } 221 - 222 268 const struct crypto_type crypto_shash_type = { 223 269 .extsize = crypto_alg_extsize, 224 270 .init_tfm = crypto_shash_init_tfm, ··· 222 280 #endif 223 281 #if IS_ENABLED(CONFIG_CRYPTO_USER) 224 282 .report = crypto_shash_report, 225 - #endif 226 - #ifdef CONFIG_CRYPTO_STATS 227 - .report_stat = crypto_shash_report_stat, 228 283 #endif 229 284 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 230 285 .maskset = CRYPTO_ALG_TYPE_MASK, ··· 289 350 290 351 int hash_prepare_alg(struct hash_alg_common *alg) 291 352 { 292 - struct crypto_istat_hash *istat = hash_get_stat(alg); 293 353 struct crypto_alg *base = &alg->base; 294 354 295 355 if (alg->digestsize > HASH_MAX_DIGESTSIZE) ··· 299 361 return -EINVAL; 300 362 301 363 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 302 - 303 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 304 - memset(istat, 0, sizeof(*istat)); 305 364 306 365 return 0; 307 366 }

-13

crypto/sig.c

··· 45 45 return nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER, sizeof(rsig), &rsig); 46 46 } 47 47 48 - static int __maybe_unused crypto_sig_report_stat(struct sk_buff *skb, 49 - struct crypto_alg *alg) 50 - { 51 - struct crypto_stat_akcipher rsig = {}; 52 - 53 - strscpy(rsig.type, "sig", sizeof(rsig.type)); 54 - 55 - return nla_put(skb, CRYPTOCFGA_STAT_AKCIPHER, sizeof(rsig), &rsig); 56 - } 57 - 58 48 static const struct crypto_type crypto_sig_type = { 59 49 .extsize = crypto_alg_extsize, 60 50 .init_tfm = crypto_sig_init_tfm, ··· 53 63 #endif 54 64 #if IS_ENABLED(CONFIG_CRYPTO_USER) 55 65 .report = crypto_sig_report, 56 - #endif 57 - #ifdef CONFIG_CRYPTO_STATS 58 - .report_stat = crypto_sig_report_stat, 59 66 #endif 60 67 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 61 68 .maskset = CRYPTO_ALG_TYPE_SIG_MASK,

+8 -78

crypto/skcipher.c

··· 89 89 return container_of(alg, struct skcipher_alg, base); 90 90 } 91 91 92 - static inline struct crypto_istat_cipher *skcipher_get_stat( 93 - struct skcipher_alg *alg) 94 - { 95 - return skcipher_get_stat_common(&alg->co); 96 - } 97 - 98 - static inline int crypto_skcipher_errstat(struct skcipher_alg *alg, int err) 99 - { 100 - struct crypto_istat_cipher *istat = skcipher_get_stat(alg); 101 - 102 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 103 - return err; 104 - 105 - if (err && err != -EINPROGRESS && err != -EBUSY) 106 - atomic64_inc(&istat->err_cnt); 107 - 108 - return err; 109 - } 110 - 111 92 static int skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize) 112 93 { 113 94 u8 *addr; ··· 635 654 { 636 655 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 637 656 struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 638 - int ret; 639 - 640 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 641 - struct crypto_istat_cipher *istat = skcipher_get_stat(alg); 642 - 643 - atomic64_inc(&istat->encrypt_cnt); 644 - atomic64_add(req->cryptlen, &istat->encrypt_tlen); 645 - } 646 657 647 658 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 648 - ret = -ENOKEY; 649 - else if (alg->co.base.cra_type != &crypto_skcipher_type) 650 - ret = crypto_lskcipher_encrypt_sg(req); 651 - else 652 - ret = alg->encrypt(req); 653 - 654 - return crypto_skcipher_errstat(alg, ret); 659 + return -ENOKEY; 660 + if (alg->co.base.cra_type != &crypto_skcipher_type) 661 + return crypto_lskcipher_encrypt_sg(req); 662 + return alg->encrypt(req); 655 663 } 656 664 EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt); 657 665 ··· 648 678 { 649 679 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 650 680 struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 651 - int ret; 652 - 653 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 654 - struct crypto_istat_cipher *istat = skcipher_get_stat(alg); 655 - 656 - atomic64_inc(&istat->decrypt_cnt); 657 - atomic64_add(req->cryptlen, &istat->decrypt_tlen); 658 - } 659 681 660 682 if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY) 661 - ret = -ENOKEY; 662 - else if (alg->co.base.cra_type != &crypto_skcipher_type) 663 - ret = crypto_lskcipher_decrypt_sg(req); 664 - else 665 - ret = alg->decrypt(req); 666 - 667 - return crypto_skcipher_errstat(alg, ret); 683 + return -ENOKEY; 684 + if (alg->co.base.cra_type != &crypto_skcipher_type) 685 + return crypto_lskcipher_decrypt_sg(req); 686 + return alg->decrypt(req); 668 687 } 669 688 EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt); 670 689 ··· 805 846 sizeof(rblkcipher), &rblkcipher); 806 847 } 807 848 808 - static int __maybe_unused crypto_skcipher_report_stat( 809 - struct sk_buff *skb, struct crypto_alg *alg) 810 - { 811 - struct skcipher_alg *skcipher = __crypto_skcipher_alg(alg); 812 - struct crypto_istat_cipher *istat; 813 - struct crypto_stat_cipher rcipher; 814 - 815 - istat = skcipher_get_stat(skcipher); 816 - 817 - memset(&rcipher, 0, sizeof(rcipher)); 818 - 819 - strscpy(rcipher.type, "cipher", sizeof(rcipher.type)); 820 - 821 - rcipher.stat_encrypt_cnt = atomic64_read(&istat->encrypt_cnt); 822 - rcipher.stat_encrypt_tlen = atomic64_read(&istat->encrypt_tlen); 823 - rcipher.stat_decrypt_cnt = atomic64_read(&istat->decrypt_cnt); 824 - rcipher.stat_decrypt_tlen = atomic64_read(&istat->decrypt_tlen); 825 - rcipher.stat_err_cnt = atomic64_read(&istat->err_cnt); 826 - 827 - return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher); 828 - } 829 - 830 849 static const struct crypto_type crypto_skcipher_type = { 831 850 .extsize = crypto_skcipher_extsize, 832 851 .init_tfm = crypto_skcipher_init_tfm, ··· 814 877 #endif 815 878 #if IS_ENABLED(CONFIG_CRYPTO_USER) 816 879 .report = crypto_skcipher_report, 817 - #endif 818 - #ifdef CONFIG_CRYPTO_STATS 819 - .report_stat = crypto_skcipher_report_stat, 820 880 #endif 821 881 .maskclear = ~CRYPTO_ALG_TYPE_MASK, 822 882 .maskset = CRYPTO_ALG_TYPE_SKCIPHER_MASK, ··· 869 935 870 936 int skcipher_prepare_alg_common(struct skcipher_alg_common *alg) 871 937 { 872 - struct crypto_istat_cipher *istat = skcipher_get_stat_common(alg); 873 938 struct crypto_alg *base = &alg->base; 874 939 875 940 if (alg->ivsize > PAGE_SIZE / 8 || alg->chunksize > PAGE_SIZE / 8 || ··· 880 947 alg->chunksize = base->cra_blocksize; 881 948 882 949 base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; 883 - 884 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 885 - memset(istat, 0, sizeof(*istat)); 886 950 887 951 return 0; 888 952 }

-10

crypto/skcipher.h

··· 10 10 #include <crypto/internal/skcipher.h> 11 11 #include "internal.h" 12 12 13 - static inline struct crypto_istat_cipher *skcipher_get_stat_common( 14 - struct skcipher_alg_common *alg) 15 - { 16 - #ifdef CONFIG_CRYPTO_STATS 17 - return &alg->stat; 18 - #else 19 - return NULL; 20 - #endif 21 - } 22 - 23 13 int crypto_lskcipher_encrypt_sg(struct skcipher_request *req); 24 14 int crypto_lskcipher_decrypt_sg(struct skcipher_request *req); 25 15 int crypto_init_lskcipher_ops_sg(struct crypto_tfm *tfm);

+7

crypto/testmgr.c

··· 5098 5098 .akcipher = __VECS(ecdsa_nist_p384_tv_template) 5099 5099 } 5100 5100 }, { 5101 + .alg = "ecdsa-nist-p521", 5102 + .test = alg_test_akcipher, 5103 + .fips_allowed = 1, 5104 + .suite = { 5105 + .akcipher = __VECS(ecdsa_nist_p521_tv_template) 5106 + } 5107 + }, { 5101 5108 .alg = "ecrdsa", 5102 5109 .test = alg_test_akcipher, 5103 5110 .suite = {

+146

crypto/testmgr.h

··· 1071 1071 }, 1072 1072 }; 1073 1073 1074 + static const struct akcipher_testvec ecdsa_nist_p521_tv_template[] = { 1075 + { 1076 + .key = /* secp521r1(sha224) */ 1077 + "\x04\x01\x4f\x43\x18\xb6\xa9\xc9\x5d\x68\xd3\xa9\x42\xf8\x98\xc0" 1078 + "\xd2\xd1\xa9\x50\x3b\xe8\xc4\x40\xe6\x11\x78\x88\x4b\xbd\x76\xa7" 1079 + "\x9a\xe0\xdd\x31\xa4\x67\x78\x45\x33\x9e\x8c\xd1\xc7\x44\xac\x61" 1080 + "\x68\xc8\x04\xe7\x5c\x79\xb1\xf1\x41\x0c\x71\xc0\x53\xa8\xbc\xfb" 1081 + "\xf5\xca\xd4\x01\x40\xfd\xa3\x45\xda\x08\xe0\xb4\xcb\x28\x3b\x0a" 1082 + "\x02\x35\x5f\x02\x9f\x3f\xcd\xef\x08\x22\x40\x97\x74\x65\xb7\x76" 1083 + "\x85\xc7\xc0\x5c\xfb\x81\xe1\xa5\xde\x0c\x4e\x8b\x12\x31\xb6\x47" 1084 + "\xed\x37\x0f\x99\x3f\x26\xba\xa3\x8e\xff\x79\x34\x7c\x3a\xfe\x1f" 1085 + "\x3b\x83\x82\x2f\x14", 1086 + .key_len = 133, 1087 + .params = 1088 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 1089 + "\x00\x23", 1090 + .param_len = 18, 1091 + .m = 1092 + "\xa2\x3a\x6a\x8c\x7b\x3c\xf2\x51\xf8\xbe\x5f\x4f\x3b\x15\x05\xc4" 1093 + "\xb5\xbc\x19\xe7\x21\x85\xe9\x23\x06\x33\x62\xfb", 1094 + .m_size = 28, 1095 + .algo = OID_id_ecdsa_with_sha224, 1096 + .c = 1097 + "\x30\x81\x86\x02\x41\x01\xd6\x43\xe7\xff\x42\xb2\xba\x74\x35\xf6" 1098 + "\xdc\x6d\x02\x7b\x22\xac\xe2\xef\x07\x92\xee\x60\x94\x06\xf8\x3f" 1099 + "\x59\x0f\x74\xf0\x3f\xd8\x18\xc6\x37\x8a\xcb\xa7\xd8\x7d\x98\x85" 1100 + "\x29\x88\xff\x0b\x94\x94\x6c\xa6\x9b\x89\x8b\x1e\xfd\x09\x46\x6b" 1101 + "\xc7\xaf\x7a\xb9\x19\x0a\x02\x41\x3a\x26\x0d\x55\xcd\x23\x1e\x7d" 1102 + "\xa0\x5e\xf9\x88\xf3\xd2\x32\x90\x57\x0f\xf8\x65\x97\x6b\x09\x4d" 1103 + "\x22\x26\x0b\x5f\x49\x32\x6b\x91\x99\x30\x90\x0f\x1c\x8f\x78\xd3" 1104 + "\x9f\x0e\x64\xcc\xc4\xe8\x43\xd9\x0e\x1c\xad\x22\xda\x82\x00\x35" 1105 + "\xa3\x50\xb1\xa5\x98\x92\x2a\xa5\x52", 1106 + .c_size = 137, 1107 + .public_key_vec = true, 1108 + .siggen_sigver_test = true, 1109 + }, 1110 + { 1111 + .key = /* secp521r1(sha256) */ 1112 + "\x04\x01\x05\x3a\x6b\x3b\x5a\x0f\xa7\xb9\xb7\x32\x53\x4e\xe2\xae" 1113 + "\x0a\x52\xc5\xda\xdd\x5a\x79\x1c\x30\x2d\x33\x07\x79\xd5\x70\x14" 1114 + "\x61\x0c\xec\x26\x4d\xd8\x35\x57\x04\x1d\x88\x33\x4d\xce\x05\x36" 1115 + "\xa5\xaf\x56\x84\xfa\x0b\x9e\xff\x7b\x30\x4b\x92\x1d\x06\xf8\x81" 1116 + "\x24\x1e\x51\x00\x09\x21\x51\xf7\x46\x0a\x77\xdb\xb5\x0c\xe7\x9c" 1117 + "\xff\x27\x3c\x02\x71\xd7\x85\x36\xf1\xaa\x11\x59\xd8\xb8\xdc\x09" 1118 + "\xdc\x6d\x5a\x6f\x63\x07\x6c\xe1\xe5\x4d\x6e\x0f\x6e\xfb\x7c\x05" 1119 + "\x8a\xe9\x53\xa8\xcf\xce\x43\x0e\x82\x20\x86\xbc\x88\x9c\xb7\xe3" 1120 + "\xe6\x77\x1e\x1f\x8a", 1121 + .key_len = 133, 1122 + .params = 1123 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 1124 + "\x00\x23", 1125 + .param_len = 18, 1126 + .m = 1127 + "\xcc\x97\x73\x0c\x73\xa2\x53\x2b\xfa\xd7\x83\x1d\x0c\x72\x1b\x39" 1128 + "\x80\x71\x8d\xdd\xc5\x9b\xff\x55\x32\x98\x25\xa2\x58\x2e\xb7\x73", 1129 + .m_size = 32, 1130 + .algo = OID_id_ecdsa_with_sha256, 1131 + .c = 1132 + "\x30\x81\x88\x02\x42\x00\xcd\xa5\x5f\x57\x52\x27\x78\x3a\xb5\x06" 1133 + "\x0f\xfd\x83\xfc\x0e\xd9\xce\x50\x9f\x7d\x1f\xca\x8b\xa8\x2d\x56" 1134 + "\x3c\xf6\xf0\xd8\xe1\xb7\x5d\x95\x35\x6f\x02\x0e\xaf\xe1\x4c\xae" 1135 + "\xce\x54\x76\x9a\xc2\x8f\xb8\x38\x1f\x46\x0b\x04\x64\x34\x79\xde" 1136 + "\x7e\xd7\x59\x10\xe9\xd9\xd5\x02\x42\x01\xcf\x50\x85\x38\xf9\x15" 1137 + "\x83\x18\x04\x6b\x35\xae\x65\xb5\x99\x12\x0a\xa9\x79\x24\xb9\x37" 1138 + "\x35\xdd\xa0\xe0\x87\x2c\x44\x4b\x5a\xee\xaf\xfa\x10\xdd\x9b\xfb" 1139 + "\x36\x1a\x31\x03\x42\x02\x5f\x50\xf0\xa2\x0d\x1c\x57\x56\x8f\x12" 1140 + "\xb7\x1d\x91\x55\x38\xb6\xf6\x34\x65\xc7\xbd", 1141 + .c_size = 139, 1142 + .public_key_vec = true, 1143 + .siggen_sigver_test = true, 1144 + }, 1145 + { 1146 + .key = /* secp521r1(sha384) */ 1147 + "\x04\x00\x2e\xd6\x21\x04\x75\xc3\xdc\x7d\xff\x0e\xf3\x70\x25\x2b" 1148 + "\xad\x72\xfc\x5a\x91\xf1\xd5\x9c\x64\xf3\x1f\x47\x11\x10\x62\x33" 1149 + "\xfd\x2e\xe8\x32\xca\x9e\x6f\x0a\x4c\x5b\x35\x9a\x46\xc5\xe7\xd4" 1150 + "\x38\xda\xb2\xf0\xf4\x87\xf3\x86\xf4\xea\x70\xad\x1e\xd4\x78\x8c" 1151 + "\x36\x18\x17\x00\xa2\xa0\x34\x1b\x2e\x6a\xdf\x06\xd6\x99\x2d\x47" 1152 + "\x50\x92\x1a\x8a\x72\x9c\x23\x44\xfa\xa7\xa9\xed\xa6\xef\x26\x14" 1153 + "\xb3\x9d\xfe\x5e\xa3\x8c\xd8\x29\xf8\xdf\xad\xa6\xab\xfc\xdd\x46" 1154 + "\x22\x6e\xd7\x35\xc7\x23\xb7\x13\xae\xb6\x34\xff\xd7\x80\xe5\x39" 1155 + "\xb3\x3b\x5b\x1b\x94", 1156 + .key_len = 133, 1157 + .params = 1158 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 1159 + "\x00\x23", 1160 + .param_len = 18, 1161 + .m = 1162 + "\x36\x98\xd6\x82\xfa\xad\xed\x3c\xb9\x40\xb6\x4d\x9e\xb7\x04\x26" 1163 + "\xad\x72\x34\x44\xd2\x81\xb4\x9b\xbe\x01\x04\x7a\xd8\x50\xf8\x59" 1164 + "\xba\xad\x23\x85\x6b\x59\xbe\xfb\xf6\x86\xd4\x67\xa8\x43\x28\x76", 1165 + .m_size = 48, 1166 + .algo = OID_id_ecdsa_with_sha384, 1167 + .c = 1168 + "\x30\x81\x88\x02\x42\x00\x93\x96\x76\x3c\x27\xea\xaa\x9c\x26\xec" 1169 + "\x51\xdc\xe8\x35\x5e\xae\x16\xf2\x4b\x64\x98\xf7\xec\xda\xc7\x7e" 1170 + "\x42\x71\x86\x57\x2d\xf1\x7d\xe4\xdf\x9b\x7d\x9e\x47\xca\x33\x32" 1171 + "\x76\x06\xd0\xf9\xc0\xe4\xe6\x84\x59\xfd\x1a\xc4\x40\xdd\x43\xb8" 1172 + "\x6a\xdd\xfb\xe6\x63\x4e\x28\x02\x42\x00\xff\xc3\x6a\x87\x6e\xb5" 1173 + "\x13\x1f\x20\x55\xce\x37\x97\xc9\x05\x51\xe5\xe4\x3c\xbc\x93\x65" 1174 + "\x57\x1c\x30\xda\xa7\xcd\x26\x28\x76\x3b\x52\xdf\xc4\xc0\xdb\x54" 1175 + "\xdb\x8a\x0d\x6a\xc3\xf3\x7a\xd1\xfa\xe7\xa7\xe5\x5a\x94\x56\xcf" 1176 + "\x8f\xb4\x22\xc6\x4f\xab\x2b\x62\xc1\x42\xb1", 1177 + .c_size = 139, 1178 + .public_key_vec = true, 1179 + .siggen_sigver_test = true, 1180 + }, 1181 + { 1182 + .key = /* secp521r1(sha512) */ 1183 + "\x04\x00\xc7\x65\xee\x0b\x86\x7d\x8f\x02\xf1\x74\x5b\xb0\x4c\x3f" 1184 + "\xa6\x35\x60\x9f\x55\x23\x11\xcc\xdf\xb8\x42\x99\xee\x6c\x96\x6a" 1185 + "\x27\xa2\x56\xb2\x2b\x03\xad\x0f\xe7\x97\xde\x09\x5d\xb4\xc5\x5f" 1186 + "\xbd\x87\x37\xbf\x5a\x16\x35\x56\x08\xfd\x6f\x06\x1a\x1c\x84\xee" 1187 + "\xc3\x64\xb3\x00\x9e\xbd\x6e\x60\x76\xee\x69\xfd\x3a\xb8\xcd\x7e" 1188 + "\x91\x68\x53\x57\x44\x13\x2e\x77\x09\x2a\xbe\x48\xbd\x91\xd8\xf6" 1189 + "\x21\x16\x53\x99\xd5\xf0\x40\xad\xa6\xf8\x58\x26\xb6\x9a\xf8\x77" 1190 + "\xfe\x3a\x05\x1a\xdb\xa9\x0f\xc0\x6c\x76\x30\x8c\xd8\xde\x44\xae" 1191 + "\xd0\x17\xdf\x49\x6a", 1192 + .key_len = 133, 1193 + .params = 1194 + "\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04" 1195 + "\x00\x23", 1196 + .param_len = 18, 1197 + .m = 1198 + "\x5c\xa6\xbc\x79\xb8\xa0\x1e\x11\x83\xf7\xe9\x05\xdf\xba\xf7\x69" 1199 + "\x97\x22\x32\xe4\x94\x7c\x65\xbd\x74\xc6\x9a\x8b\xbd\x0d\xdc\xed" 1200 + "\xf5\x9c\xeb\xe1\xc5\x68\x40\xf2\xc7\x04\xde\x9e\x0d\x76\xc5\xa3" 1201 + "\xf9\x3c\x6c\x98\x08\x31\xbd\x39\xe8\x42\x7f\x80\x39\x6f\xfe\x68", 1202 + .m_size = 64, 1203 + .algo = OID_id_ecdsa_with_sha512, 1204 + .c = 1205 + "\x30\x81\x88\x02\x42\x01\x5c\x71\x86\x96\xac\x21\x33\x7e\x4e\xaa" 1206 + "\x86\xec\xa8\x05\x03\x52\x56\x63\x0e\x02\xcc\x94\xa9\x05\xb9\xfb" 1207 + "\x62\x1e\x42\x03\x6c\x74\x8a\x1f\x12\x3e\xb7\x7e\x51\xff\x7f\x27" 1208 + "\x93\xe8\x6c\x49\x7d\x28\xfc\x80\xa6\x13\xfc\xb6\x90\xf7\xbb\x28" 1209 + "\xb5\x04\xb0\xb6\x33\x1c\x7e\x02\x42\x01\x70\x43\x52\x1d\xe3\xc6" 1210 + "\xbd\x5a\x40\x95\x35\x89\x4f\x41\x5f\x9e\x19\x88\x05\x3e\x43\x39" 1211 + "\x01\xbd\xb7\x7a\x76\x37\x51\x47\x49\x98\x12\x71\xd0\xe9\xca\xa7" 1212 + "\xc0\xcb\xaa\x00\x55\xbb\x6a\xb4\x73\x00\xd2\x72\x74\x13\x63\x39" 1213 + "\xa6\xe5\x25\x46\x1e\x77\x44\x78\xe0\xd1\x04", 1214 + .c_size = 139, 1215 + .public_key_vec = true, 1216 + .siggen_sigver_test = true, 1217 + }, 1218 + }; 1219 + 1074 1220 /* 1075 1221 * EC-RDSA test vectors are generated by gost-engine. 1076 1222 */

+1 -1

drivers/char/hw_random/core.c

··· 382 382 if (IS_ERR(rng)) 383 383 return PTR_ERR(rng); 384 384 385 - ret = snprintf(buf, PAGE_SIZE, "%s\n", rng ? rng->name : "none"); 385 + ret = sysfs_emit(buf, "%s\n", rng ? rng->name : "none"); 386 386 put_rng(rng); 387 387 388 388 return ret;

+5 -4

drivers/char/hw_random/mxc-rnga.c

··· 131 131 __raw_writel(ctrl & ~RNGA_CONTROL_GO, mxc_rng->mem + RNGA_CONTROL); 132 132 } 133 133 134 - static int __init mxc_rnga_probe(struct platform_device *pdev) 134 + static int mxc_rnga_probe(struct platform_device *pdev) 135 135 { 136 136 int err; 137 137 struct mxc_rng *mxc_rng; ··· 176 176 return err; 177 177 } 178 178 179 - static void __exit mxc_rnga_remove(struct platform_device *pdev) 179 + static void mxc_rnga_remove(struct platform_device *pdev) 180 180 { 181 181 struct mxc_rng *mxc_rng = platform_get_drvdata(pdev); 182 182 ··· 197 197 .name = "mxc_rnga", 198 198 .of_match_table = mxc_rnga_of_match, 199 199 }, 200 - .remove_new = __exit_p(mxc_rnga_remove), 200 + .probe = mxc_rnga_probe, 201 + .remove_new = mxc_rnga_remove, 201 202 }; 202 203 203 - module_platform_driver_probe(mxc_rnga_driver, mxc_rnga_probe); 204 + module_platform_driver(mxc_rnga_driver); 204 205 205 206 MODULE_AUTHOR("Freescale Semiconductor, Inc."); 206 207 MODULE_DESCRIPTION("H/W RNGA driver for i.MX");

+15 -3

drivers/char/hw_random/stm32-rng.c

··· 220 220 if (err && i > RNG_NB_RECOVER_TRIES) { 221 221 dev_err((struct device *)priv->rng.priv, 222 222 "Couldn't recover from seed error\n"); 223 - return -ENOTRECOVERABLE; 223 + retval = -ENOTRECOVERABLE; 224 + goto exit_rpm; 224 225 } 225 226 226 227 continue; ··· 239 238 if (err && i > RNG_NB_RECOVER_TRIES) { 240 239 dev_err((struct device *)priv->rng.priv, 241 240 "Couldn't recover from seed error"); 242 - return -ENOTRECOVERABLE; 241 + retval = -ENOTRECOVERABLE; 242 + goto exit_rpm; 243 243 } 244 244 245 245 continue; ··· 252 250 max -= sizeof(u32); 253 251 } 254 252 253 + exit_rpm: 255 254 pm_runtime_mark_last_busy((struct device *) priv->rng.priv); 256 255 pm_runtime_put_sync_autosuspend((struct device *) priv->rng.priv); 257 256 ··· 356 353 err = readl_relaxed_poll_timeout_atomic(priv->base + RNG_SR, reg, 357 354 reg & RNG_SR_DRDY, 358 355 10, 100000); 359 - if (err | (reg & ~RNG_SR_DRDY)) { 356 + if (err || (reg & ~RNG_SR_DRDY)) { 360 357 clk_disable_unprepare(priv->clk); 361 358 dev_err((struct device *)priv->rng.priv, 362 359 "%s: timeout:%x SR: %x!\n", __func__, err, reg); 363 360 return -EINVAL; 364 361 } 362 + 363 + clk_disable_unprepare(priv->clk); 365 364 366 365 return 0; 367 366 } ··· 389 384 static int __maybe_unused stm32_rng_suspend(struct device *dev) 390 385 { 391 386 struct stm32_rng_private *priv = dev_get_drvdata(dev); 387 + int err; 388 + 389 + err = clk_prepare_enable(priv->clk); 390 + if (err) 391 + return err; 392 392 393 393 if (priv->data->has_cond_reset) { 394 394 priv->pm_conf.nscr = readl_relaxed(priv->base + RNG_NSCR); ··· 474 464 reg |= RNG_CR_RNGEN; 475 465 writel_relaxed(reg, priv->base + RNG_CR); 476 466 } 467 + 468 + clk_disable_unprepare(priv->clk); 477 469 478 470 return 0; 479 471 }

+8

drivers/crypto/Kconfig

··· 644 644 This will create /sys/kernel/debug/rk3288_crypto/stats for displaying 645 645 the number of requests per algorithm and other internal stats. 646 646 647 + config CRYPTO_DEV_TEGRA 648 + tristate "Enable Tegra Security Engine" 649 + depends on TEGRA_HOST1X 650 + select CRYPTO_ENGINE 651 + 652 + help 653 + Select this to enable Tegra Security Engine which accelerates various 654 + AES encryption/decryption and HASH algorithms. 647 655 648 656 config CRYPTO_DEV_ZYNQMP_AES 649 657 tristate "Support for Xilinx ZynqMP AES hw accelerator"

+1

drivers/crypto/Makefile

··· 41 41 obj-$(CONFIG_CRYPTO_DEV_SL3516) += gemini/ 42 42 obj-y += stm32/ 43 43 obj-$(CONFIG_CRYPTO_DEV_TALITOS) += talitos.o 44 + obj-$(CONFIG_CRYPTO_DEV_TEGRA) += tegra/ 44 45 obj-$(CONFIG_CRYPTO_DEV_VIRTIO) += virtio/ 45 46 #obj-$(CONFIG_CRYPTO_DEV_VMX) += vmx/ 46 47 obj-$(CONFIG_CRYPTO_DEV_BCM_SPU) += bcm/

+27 -3

drivers/crypto/atmel-i2c.c

··· 51 51 *__crc16 = cpu_to_le16(bitrev16(crc16(0, data, len))); 52 52 } 53 53 54 - void atmel_i2c_init_read_cmd(struct atmel_i2c_cmd *cmd) 54 + void atmel_i2c_init_read_config_cmd(struct atmel_i2c_cmd *cmd) 55 55 { 56 56 cmd->word_addr = COMMAND; 57 57 cmd->opcode = OPCODE_READ; ··· 68 68 cmd->msecs = MAX_EXEC_TIME_READ; 69 69 cmd->rxsize = READ_RSP_SIZE; 70 70 } 71 - EXPORT_SYMBOL(atmel_i2c_init_read_cmd); 71 + EXPORT_SYMBOL(atmel_i2c_init_read_config_cmd); 72 + 73 + int atmel_i2c_init_read_otp_cmd(struct atmel_i2c_cmd *cmd, u16 addr) 74 + { 75 + if (addr < 0 || addr > OTP_ZONE_SIZE) 76 + return -1; 77 + 78 + cmd->word_addr = COMMAND; 79 + cmd->opcode = OPCODE_READ; 80 + /* 81 + * Read the word from OTP zone that may contain e.g. serial 82 + * numbers or similar if persistently pre-initialized and locked 83 + */ 84 + cmd->param1 = OTP_ZONE; 85 + cmd->param2 = cpu_to_le16(addr); 86 + cmd->count = READ_COUNT; 87 + 88 + atmel_i2c_checksum(cmd); 89 + 90 + cmd->msecs = MAX_EXEC_TIME_READ; 91 + cmd->rxsize = READ_RSP_SIZE; 92 + 93 + return 0; 94 + } 95 + EXPORT_SYMBOL(atmel_i2c_init_read_otp_cmd); 72 96 73 97 void atmel_i2c_init_random_cmd(struct atmel_i2c_cmd *cmd) 74 98 { ··· 325 301 if (!cmd) 326 302 return -ENOMEM; 327 303 328 - atmel_i2c_init_read_cmd(cmd); 304 + atmel_i2c_init_read_config_cmd(cmd); 329 305 330 306 ret = atmel_i2c_send_receive(client, cmd); 331 307 if (ret)

+7 -1

drivers/crypto/atmel-i2c.h

··· 64 64 65 65 /* Definitions for eeprom organization */ 66 66 #define CONFIGURATION_ZONE 0 67 + #define OTP_ZONE 1 68 + 69 + /* Definitions for eeprom zone sizes */ 70 + #define OTP_ZONE_SIZE 64 67 71 68 72 /* Definitions for Indexes common to all commands */ 69 73 #define RSP_DATA_IDX 1 /* buffer index of data in response */ ··· 128 124 * @wake_token : wake token array of zeros 129 125 * @wake_token_sz : size in bytes of the wake_token 130 126 * @tfm_count : number of active crypto transformations on i2c client 127 + * @hwrng : hold the hardware generated rng 131 128 * 132 129 * Reads and writes from/to the i2c client are sequential. The first byte 133 130 * transmitted to the device is treated as the byte size. Any attempt to send ··· 182 177 183 178 int atmel_i2c_send_receive(struct i2c_client *client, struct atmel_i2c_cmd *cmd); 184 179 185 - void atmel_i2c_init_read_cmd(struct atmel_i2c_cmd *cmd); 180 + void atmel_i2c_init_read_config_cmd(struct atmel_i2c_cmd *cmd); 181 + int atmel_i2c_init_read_otp_cmd(struct atmel_i2c_cmd *cmd, u16 addr); 186 182 void atmel_i2c_init_random_cmd(struct atmel_i2c_cmd *cmd); 187 183 void atmel_i2c_init_genkey_cmd(struct atmel_i2c_cmd *cmd, u16 keyid); 188 184 int atmel_i2c_init_ecdh_cmd(struct atmel_i2c_cmd *cmd,

+68

drivers/crypto/atmel-sha204a.c

··· 91 91 return max; 92 92 } 93 93 94 + static int atmel_sha204a_otp_read(struct i2c_client *client, u16 addr, u8 *otp) 95 + { 96 + struct atmel_i2c_cmd cmd; 97 + int ret = -1; 98 + 99 + if (atmel_i2c_init_read_otp_cmd(&cmd, addr) < 0) { 100 + dev_err(&client->dev, "failed, invalid otp address %04X\n", 101 + addr); 102 + return ret; 103 + } 104 + 105 + ret = atmel_i2c_send_receive(client, &cmd); 106 + 107 + if (cmd.data[0] == 0xff) { 108 + dev_err(&client->dev, "failed, device not ready\n"); 109 + return -ret; 110 + } 111 + 112 + memcpy(otp, cmd.data+1, 4); 113 + 114 + return ret; 115 + } 116 + 117 + static ssize_t otp_show(struct device *dev, 118 + struct device_attribute *attr, char *buf) 119 + { 120 + u16 addr; 121 + u8 otp[OTP_ZONE_SIZE]; 122 + char *str = buf; 123 + struct i2c_client *client = to_i2c_client(dev); 124 + int i; 125 + 126 + for (addr = 0; addr < OTP_ZONE_SIZE/4; addr++) { 127 + if (atmel_sha204a_otp_read(client, addr, otp + addr * 4) < 0) { 128 + dev_err(dev, "failed to read otp zone\n"); 129 + break; 130 + } 131 + } 132 + 133 + for (i = 0; i < addr*2; i++) 134 + str += sprintf(str, "%02X", otp[i]); 135 + str += sprintf(str, "\n"); 136 + return str - buf; 137 + } 138 + static DEVICE_ATTR_RO(otp); 139 + 140 + static struct attribute *atmel_sha204a_attrs[] = { 141 + &dev_attr_otp.attr, 142 + NULL 143 + }; 144 + 145 + static const struct attribute_group atmel_sha204a_groups = { 146 + .name = "atsha204a", 147 + .attrs = atmel_sha204a_attrs, 148 + }; 149 + 94 150 static int atmel_sha204a_probe(struct i2c_client *client) 95 151 { 96 152 struct atmel_i2c_client_priv *i2c_priv; ··· 167 111 if (ret) 168 112 dev_warn(&client->dev, "failed to register RNG (%d)\n", ret); 169 113 114 + /* otp read out */ 115 + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) 116 + return -ENODEV; 117 + 118 + ret = sysfs_create_group(&client->dev.kobj, &atmel_sha204a_groups); 119 + if (ret) { 120 + dev_err(&client->dev, "failed to register sysfs entry\n"); 121 + return ret; 122 + } 123 + 170 124 return ret; 171 125 } 172 126 ··· 188 122 dev_emerg(&client->dev, "Device is busy, will remove it anyhow\n"); 189 123 return; 190 124 } 125 + 126 + sysfs_remove_group(&client->dev.kobj, &atmel_sha204a_groups); 191 127 192 128 kfree((void *)i2c_priv->hwrng.priv); 193 129 }

+1 -1

drivers/crypto/bcm/spu2.c

··· 495 495 if (hash_iv_len) { 496 496 packet_log(" Hash IV Length %u bytes\n", hash_iv_len); 497 497 packet_dump(" hash IV: ", ptr, hash_iv_len); 498 - ptr += ciph_key_len; 498 + ptr += hash_iv_len; 499 499 } 500 500 501 501 if (ciph_iv_len) {

+18 -1

drivers/crypto/caam/ctrl.c

··· 512 512 MODULE_DEVICE_TABLE(of, caam_match); 513 513 514 514 struct caam_imx_data { 515 + bool page0_access; 515 516 const struct clk_bulk_data *clks; 516 517 int num_clks; 517 518 }; ··· 525 524 }; 526 525 527 526 static const struct caam_imx_data caam_imx6_data = { 527 + .page0_access = true, 528 528 .clks = caam_imx6_clks, 529 529 .num_clks = ARRAY_SIZE(caam_imx6_clks), 530 530 }; ··· 536 534 }; 537 535 538 536 static const struct caam_imx_data caam_imx7_data = { 537 + .page0_access = true, 539 538 .clks = caam_imx7_clks, 540 539 .num_clks = ARRAY_SIZE(caam_imx7_clks), 541 540 }; ··· 548 545 }; 549 546 550 547 static const struct caam_imx_data caam_imx6ul_data = { 548 + .page0_access = true, 551 549 .clks = caam_imx6ul_clks, 552 550 .num_clks = ARRAY_SIZE(caam_imx6ul_clks), 553 551 }; ··· 558 554 }; 559 555 560 556 static const struct caam_imx_data caam_vf610_data = { 557 + .page0_access = true, 561 558 .clks = caam_vf610_clks, 562 559 .num_clks = ARRAY_SIZE(caam_vf610_clks), 563 560 }; 561 + 562 + static const struct caam_imx_data caam_imx8ulp_data; 564 563 565 564 static const struct soc_device_attribute caam_imx_soc_table[] = { 566 565 { .soc_id = "i.MX6UL", .data = &caam_imx6ul_data }, 567 566 { .soc_id = "i.MX6*", .data = &caam_imx6_data }, 568 567 { .soc_id = "i.MX7*", .data = &caam_imx7_data }, 569 568 { .soc_id = "i.MX8M*", .data = &caam_imx7_data }, 569 + { .soc_id = "i.MX8ULP", .data = &caam_imx8ulp_data }, 570 570 { .soc_id = "VF*", .data = &caam_vf610_data }, 571 571 { .family = "Freescale i.MX" }, 572 572 { /* sentinel */ } ··· 868 860 int pg_size; 869 861 int BLOCK_OFFSET = 0; 870 862 bool reg_access = true; 863 + const struct caam_imx_data *imx_soc_data; 871 864 872 865 ctrlpriv = devm_kzalloc(&pdev->dev, sizeof(*ctrlpriv), GFP_KERNEL); 873 866 if (!ctrlpriv) ··· 903 894 return -EINVAL; 904 895 } 905 896 897 + imx_soc_data = imx_soc_match->data; 898 + reg_access = reg_access && imx_soc_data->page0_access; 899 + /* 900 + * CAAM clocks cannot be controlled from kernel. 901 + */ 902 + if (!imx_soc_data->num_clks) 903 + goto iomap_ctrl; 904 + 906 905 ret = init_clocks(dev, imx_soc_match->data); 907 906 if (ret) 908 907 return ret; 909 908 } 910 909 911 - 910 + iomap_ctrl: 912 911 /* Get configuration properties from device tree */ 913 912 /* First, get register page */ 914 913 ctrl = devm_of_iomap(dev, nprop, 0, NULL);

+2 -12

drivers/crypto/ccp/sp-platform.c

··· 39 39 }, 40 40 }; 41 41 42 - #ifdef CONFIG_ACPI 43 42 static const struct acpi_device_id sp_acpi_match[] = { 44 43 { "AMDI0C00", (kernel_ulong_t)&dev_vdata[0] }, 45 44 { }, 46 45 }; 47 46 MODULE_DEVICE_TABLE(acpi, sp_acpi_match); 48 - #endif 49 47 50 - #ifdef CONFIG_OF 51 48 static const struct of_device_id sp_of_match[] = { 52 49 { .compatible = "amd,ccp-seattle-v1a", 53 50 .data = (const void *)&dev_vdata[0] }, 54 51 { }, 55 52 }; 56 53 MODULE_DEVICE_TABLE(of, sp_of_match); 57 - #endif 58 54 59 55 static struct sp_dev_vdata *sp_get_of_version(struct platform_device *pdev) 60 56 { 61 - #ifdef CONFIG_OF 62 57 const struct of_device_id *match; 63 58 64 59 match = of_match_node(sp_of_match, pdev->dev.of_node); 65 60 if (match && match->data) 66 61 return (struct sp_dev_vdata *)match->data; 67 - #endif 62 + 68 63 return NULL; 69 64 } 70 65 71 66 static struct sp_dev_vdata *sp_get_acpi_version(struct platform_device *pdev) 72 67 { 73 - #ifdef CONFIG_ACPI 74 68 const struct acpi_device_id *match; 75 69 76 70 match = acpi_match_device(sp_acpi_match, &pdev->dev); 77 71 if (match && match->driver_data) 78 72 return (struct sp_dev_vdata *)match->driver_data; 79 - #endif 73 + 80 74 return NULL; 81 75 } 82 76 ··· 206 212 static struct platform_driver sp_platform_driver = { 207 213 .driver = { 208 214 .name = "ccp", 209 - #ifdef CONFIG_ACPI 210 215 .acpi_match_table = sp_acpi_match, 211 - #endif 212 - #ifdef CONFIG_OF 213 216 .of_match_table = sp_of_match, 214 - #endif 215 217 }, 216 218 .probe = sp_platform_probe, 217 219 .remove_new = sp_platform_remove,

+44 -21

drivers/crypto/hisilicon/debugfs.c

··· 13 13 #define QM_DFX_COMMON_LEN 0xC3 14 14 #define QM_DFX_REGS_LEN 4UL 15 15 #define QM_DBG_TMP_BUF_LEN 22 16 + #define QM_XQC_ADDR_MASK GENMASK(31, 0) 16 17 #define CURRENT_FUN_MASK GENMASK(5, 0) 17 18 #define CURRENT_Q_MASK GENMASK(31, 16) 18 19 #define QM_SQE_ADDR_MASK GENMASK(7, 0) ··· 168 167 static int qm_sqc_dump(struct hisi_qm *qm, char *s, char *name) 169 168 { 170 169 struct device *dev = &qm->pdev->dev; 171 - struct qm_sqc *sqc_curr; 172 170 struct qm_sqc sqc; 173 171 u32 qp_id; 174 172 int ret; ··· 183 183 184 184 ret = qm_set_and_get_xqc(qm, QM_MB_CMD_SQC, &sqc, qp_id, 1); 185 185 if (!ret) { 186 + sqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 187 + sqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 186 188 dump_show(qm, &sqc, sizeof(struct qm_sqc), name); 187 189 188 190 return 0; ··· 192 190 193 191 down_read(&qm->qps_lock); 194 192 if (qm->sqc) { 195 - sqc_curr = qm->sqc + qp_id; 196 - 197 - dump_show(qm, sqc_curr, sizeof(*sqc_curr), "SOFT SQC"); 193 + memcpy(&sqc, qm->sqc + qp_id * sizeof(struct qm_sqc), sizeof(struct qm_sqc)); 194 + sqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 195 + sqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 196 + dump_show(qm, &sqc, sizeof(struct qm_sqc), "SOFT SQC"); 198 197 } 199 198 up_read(&qm->qps_lock); 200 199 ··· 205 202 static int qm_cqc_dump(struct hisi_qm *qm, char *s, char *name) 206 203 { 207 204 struct device *dev = &qm->pdev->dev; 208 - struct qm_cqc *cqc_curr; 209 205 struct qm_cqc cqc; 210 206 u32 qp_id; 211 207 int ret; ··· 220 218 221 219 ret = qm_set_and_get_xqc(qm, QM_MB_CMD_CQC, &cqc, qp_id, 1); 222 220 if (!ret) { 221 + cqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 222 + cqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 223 223 dump_show(qm, &cqc, sizeof(struct qm_cqc), name); 224 224 225 225 return 0; ··· 229 225 230 226 down_read(&qm->qps_lock); 231 227 if (qm->cqc) { 232 - cqc_curr = qm->cqc + qp_id; 233 - 234 - dump_show(qm, cqc_curr, sizeof(*cqc_curr), "SOFT CQC"); 228 + memcpy(&cqc, qm->cqc + qp_id * sizeof(struct qm_cqc), sizeof(struct qm_cqc)); 229 + cqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 230 + cqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 231 + dump_show(qm, &cqc, sizeof(struct qm_cqc), "SOFT CQC"); 235 232 } 236 233 up_read(&qm->qps_lock); 237 234 ··· 268 263 if (ret) 269 264 return ret; 270 265 266 + aeqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 267 + aeqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 268 + eqc.base_h = cpu_to_le32(QM_XQC_ADDR_MASK); 269 + eqc.base_l = cpu_to_le32(QM_XQC_ADDR_MASK); 271 270 dump_show(qm, xeqc, size, name); 272 271 273 272 return ret; ··· 319 310 320 311 static int qm_sq_dump(struct hisi_qm *qm, char *s, char *name) 321 312 { 322 - u16 sq_depth = qm->qp_array->cq_depth; 323 - void *sqe, *sqe_curr; 313 + u16 sq_depth = qm->qp_array->sq_depth; 324 314 struct hisi_qp *qp; 325 315 u32 qp_id, sqe_id; 316 + void *sqe; 326 317 int ret; 327 318 328 319 ret = q_dump_param_parse(qm, s, &sqe_id, &qp_id, sq_depth); 329 320 if (ret) 330 321 return ret; 331 322 332 - sqe = kzalloc(qm->sqe_size * sq_depth, GFP_KERNEL); 323 + sqe = kzalloc(qm->sqe_size, GFP_KERNEL); 333 324 if (!sqe) 334 325 return -ENOMEM; 335 326 336 327 qp = &qm->qp_array[qp_id]; 337 - memcpy(sqe, qp->sqe, qm->sqe_size * sq_depth); 338 - sqe_curr = sqe + (u32)(sqe_id * qm->sqe_size); 339 - memset(sqe_curr + qm->debug.sqe_mask_offset, QM_SQE_ADDR_MASK, 328 + memcpy(sqe, qp->sqe + sqe_id * qm->sqe_size, qm->sqe_size); 329 + memset(sqe + qm->debug.sqe_mask_offset, QM_SQE_ADDR_MASK, 340 330 qm->debug.sqe_mask_len); 341 331 342 - dump_show(qm, sqe_curr, qm->sqe_size, name); 332 + dump_show(qm, sqe, qm->sqe_size, name); 343 333 344 334 kfree(sqe); 345 335 ··· 817 809 { 818 810 int i; 819 811 812 + if (!dregs) 813 + return; 814 + 820 815 /* Setting the pointer is NULL to prevent double free */ 821 816 for (i = 0; i < reg_len; i++) { 817 + if (!dregs[i].regs) 818 + continue; 819 + 822 820 kfree(dregs[i].regs); 823 821 dregs[i].regs = NULL; 824 822 } ··· 874 860 static int qm_diff_regs_init(struct hisi_qm *qm, 875 861 struct dfx_diff_registers *dregs, u32 reg_len) 876 862 { 863 + int ret; 864 + 877 865 qm->debug.qm_diff_regs = dfx_regs_init(qm, qm_diff_regs, ARRAY_SIZE(qm_diff_regs)); 878 - if (IS_ERR(qm->debug.qm_diff_regs)) 879 - return PTR_ERR(qm->debug.qm_diff_regs); 866 + if (IS_ERR(qm->debug.qm_diff_regs)) { 867 + ret = PTR_ERR(qm->debug.qm_diff_regs); 868 + qm->debug.qm_diff_regs = NULL; 869 + return ret; 870 + } 880 871 881 872 qm->debug.acc_diff_regs = dfx_regs_init(qm, dregs, reg_len); 882 873 if (IS_ERR(qm->debug.acc_diff_regs)) { 883 874 dfx_regs_uninit(qm, qm->debug.qm_diff_regs, ARRAY_SIZE(qm_diff_regs)); 884 - return PTR_ERR(qm->debug.acc_diff_regs); 875 + ret = PTR_ERR(qm->debug.acc_diff_regs); 876 + qm->debug.acc_diff_regs = NULL; 877 + return ret; 885 878 } 886 879 887 880 return 0; ··· 929 908 static void qm_diff_regs_uninit(struct hisi_qm *qm, u32 reg_len) 930 909 { 931 910 dfx_regs_uninit(qm, qm->debug.acc_diff_regs, reg_len); 911 + qm->debug.acc_diff_regs = NULL; 932 912 dfx_regs_uninit(qm, qm->debug.qm_diff_regs, ARRAY_SIZE(qm_diff_regs)); 913 + qm->debug.qm_diff_regs = NULL; 933 914 } 934 915 935 916 /** ··· 1098 1075 { 1099 1076 struct debugfs_file *file = qm->debug.files + index; 1100 1077 1101 - debugfs_create_file(qm_debug_file_name[index], 0600, dir, file, 1102 - &qm_debug_fops); 1103 - 1104 1078 file->index = index; 1105 1079 mutex_init(&file->lock); 1106 1080 file->debug = &qm->debug; 1081 + 1082 + debugfs_create_file(qm_debug_file_name[index], 0600, dir, file, 1083 + &qm_debug_fops); 1107 1084 } 1108 1085 1109 1086 static int qm_debugfs_atomic64_set(void *data, u64 val)

+11 -12

drivers/crypto/hisilicon/hpre/hpre_main.c

··· 106 106 #define HPRE_SHAPER_TYPE_RATE 640 107 107 #define HPRE_VIA_MSI_DSM 1 108 108 #define HPRE_SQE_MASK_OFFSET 8 109 - #define HPRE_SQE_MASK_LEN 24 109 + #define HPRE_SQE_MASK_LEN 44 110 110 #define HPRE_CTX_Q_NUM_DEF 1 111 111 112 112 #define HPRE_DFX_BASE 0x301000 ··· 1074 1074 struct device *dev = &qm->pdev->dev; 1075 1075 int ret; 1076 1076 1077 - qm->debug.debug_root = debugfs_create_dir(dev_name(dev), 1078 - hpre_debugfs_root); 1079 - 1080 - qm->debug.sqe_mask_offset = HPRE_SQE_MASK_OFFSET; 1081 - qm->debug.sqe_mask_len = HPRE_SQE_MASK_LEN; 1082 1077 ret = hisi_qm_regs_debugfs_init(qm, hpre_diff_regs, ARRAY_SIZE(hpre_diff_regs)); 1083 1078 if (ret) { 1084 1079 dev_warn(dev, "Failed to init HPRE diff regs!\n"); 1085 - goto debugfs_remove; 1080 + return ret; 1086 1081 } 1082 + 1083 + qm->debug.debug_root = debugfs_create_dir(dev_name(dev), 1084 + hpre_debugfs_root); 1085 + qm->debug.sqe_mask_offset = HPRE_SQE_MASK_OFFSET; 1086 + qm->debug.sqe_mask_len = HPRE_SQE_MASK_LEN; 1087 1087 1088 1088 hisi_qm_debug_init(qm); 1089 1089 1090 1090 if (qm->pdev->device == PCI_DEVICE_ID_HUAWEI_HPRE_PF) { 1091 1091 ret = hpre_ctrl_debug_init(qm); 1092 1092 if (ret) 1093 - goto failed_to_create; 1093 + goto debugfs_remove; 1094 1094 } 1095 1095 1096 1096 hpre_dfx_debug_init(qm); 1097 1097 1098 1098 return 0; 1099 1099 1100 - failed_to_create: 1101 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hpre_diff_regs)); 1102 1100 debugfs_remove: 1103 1101 debugfs_remove_recursive(qm->debug.debug_root); 1102 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hpre_diff_regs)); 1104 1103 return ret; 1105 1104 } 1106 1105 1107 1106 static void hpre_debugfs_exit(struct hisi_qm *qm) 1108 1107 { 1109 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hpre_diff_regs)); 1110 - 1111 1108 debugfs_remove_recursive(qm->debug.debug_root); 1109 + 1110 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hpre_diff_regs)); 1112 1111 } 1113 1112 1114 1113 static int hpre_pre_store_cap_reg(struct hisi_qm *qm)

+4 -4

drivers/crypto/hisilicon/qm.c

··· 645 645 tmp_xqc = qm->xqc_buf.aeqc; 646 646 xqc_dma = qm->xqc_buf.aeqc_dma; 647 647 break; 648 + default: 649 + dev_err(&qm->pdev->dev, "unknown mailbox cmd %u\n", cmd); 650 + return -EINVAL; 648 651 } 649 652 650 653 /* Setting xqc will fail if master OOO is blocked. */ ··· 2896 2893 hisi_qm_set_state(qm, QM_NOT_READY); 2897 2894 up_write(&qm->qps_lock); 2898 2895 2896 + qm_remove_uacce(qm); 2899 2897 qm_irqs_unregister(qm); 2900 2898 hisi_qm_pci_uninit(qm); 2901 - if (qm->use_sva) { 2902 - uacce_remove(qm->uacce); 2903 - qm->uacce = NULL; 2904 - } 2905 2899 } 2906 2900 EXPORT_SYMBOL_GPL(hisi_qm_uninit); 2907 2901

+3 -1

drivers/crypto/hisilicon/sec2/sec_crypto.c

··· 481 481 482 482 if (ctx->pbuf_supported) 483 483 sec_free_pbuf_resource(dev, qp_ctx->res); 484 - if (ctx->alg_type == SEC_AEAD) 484 + if (ctx->alg_type == SEC_AEAD) { 485 485 sec_free_mac_resource(dev, qp_ctx->res); 486 + sec_free_aiv_resource(dev, qp_ctx->res); 487 + } 486 488 } 487 489 488 490 static int sec_alloc_qp_ctx_resource(struct sec_ctx *ctx, struct sec_qp_ctx *qp_ctx)

+16 -16

drivers/crypto/hisilicon/sec2/sec_main.c

··· 99 99 #define SEC_DBGFS_VAL_MAX_LEN 20 100 100 #define SEC_SINGLE_PORT_MAX_TRANS 0x2060 101 101 102 - #define SEC_SQE_MASK_OFFSET 64 103 - #define SEC_SQE_MASK_LEN 48 102 + #define SEC_SQE_MASK_OFFSET 16 103 + #define SEC_SQE_MASK_LEN 108 104 104 #define SEC_SHAPER_TYPE_RATE 400 105 105 106 106 #define SEC_DFX_BASE 0x301000 ··· 152 152 {SEC_CORE_TYPE_NUM_CAP, 0x313c, 16, GENMASK(3, 0), 0x1, 0x1, 0x1}, 153 153 {SEC_CORE_NUM_CAP, 0x313c, 8, GENMASK(7, 0), 0x4, 0x4, 0x4}, 154 154 {SEC_CORES_PER_CLUSTER_NUM_CAP, 0x313c, 0, GENMASK(7, 0), 0x4, 0x4, 0x4}, 155 - {SEC_CORE_ENABLE_BITMAP, 0x3140, 32, GENMASK(31, 0), 0x17F, 0x17F, 0xF}, 155 + {SEC_CORE_ENABLE_BITMAP, 0x3140, 0, GENMASK(31, 0), 0x17F, 0x17F, 0xF}, 156 156 {SEC_DRV_ALG_BITMAP_LOW, 0x3144, 0, GENMASK(31, 0), 0x18050CB, 0x18050CB, 0x18670CF}, 157 157 {SEC_DRV_ALG_BITMAP_HIGH, 0x3148, 0, GENMASK(31, 0), 0x395C, 0x395C, 0x395C}, 158 158 {SEC_DEV_ALG_BITMAP_LOW, 0x314c, 0, GENMASK(31, 0), 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ··· 901 901 struct device *dev = &qm->pdev->dev; 902 902 int ret; 903 903 904 - qm->debug.debug_root = debugfs_create_dir(dev_name(dev), 905 - sec_debugfs_root); 906 - qm->debug.sqe_mask_offset = SEC_SQE_MASK_OFFSET; 907 - qm->debug.sqe_mask_len = SEC_SQE_MASK_LEN; 908 - 909 904 ret = hisi_qm_regs_debugfs_init(qm, sec_diff_regs, ARRAY_SIZE(sec_diff_regs)); 910 905 if (ret) { 911 906 dev_warn(dev, "Failed to init SEC diff regs!\n"); 912 - goto debugfs_remove; 907 + return ret; 913 908 } 909 + 910 + qm->debug.debug_root = debugfs_create_dir(dev_name(dev), 911 + sec_debugfs_root); 912 + qm->debug.sqe_mask_offset = SEC_SQE_MASK_OFFSET; 913 + qm->debug.sqe_mask_len = SEC_SQE_MASK_LEN; 914 914 915 915 hisi_qm_debug_init(qm); 916 916 917 917 ret = sec_debug_init(qm); 918 918 if (ret) 919 - goto failed_to_create; 919 + goto debugfs_remove; 920 920 921 921 return 0; 922 922 923 - failed_to_create: 924 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(sec_diff_regs)); 925 923 debugfs_remove: 926 - debugfs_remove_recursive(sec_debugfs_root); 924 + debugfs_remove_recursive(qm->debug.debug_root); 925 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(sec_diff_regs)); 927 926 return ret; 928 927 } 929 928 930 929 static void sec_debugfs_exit(struct hisi_qm *qm) 931 930 { 932 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(sec_diff_regs)); 933 - 934 931 debugfs_remove_recursive(qm->debug.debug_root); 932 + 933 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(sec_diff_regs)); 935 934 } 936 935 937 936 static int sec_show_last_regs_init(struct hisi_qm *qm) ··· 1323 1324 .probe = sec_probe, 1324 1325 .remove = sec_remove, 1325 1326 .err_handler = &sec_err_handler, 1326 - .sriov_configure = hisi_qm_sriov_configure, 1327 + .sriov_configure = IS_ENABLED(CONFIG_PCI_IOV) ? 1328 + hisi_qm_sriov_configure : NULL, 1327 1329 .shutdown = hisi_qm_dev_shutdown, 1328 1330 .driver.pm = &sec_pm_ops, 1329 1331 };

+1 -4

drivers/crypto/hisilicon/sgl.c

··· 161 161 struct mem_block *block; 162 162 u32 block_index, offset; 163 163 164 - if (!pool || !hw_sgl_dma || index >= pool->count) 165 - return ERR_PTR(-EINVAL); 166 - 167 164 block = pool->mem_block; 168 165 block_index = index / pool->sgl_num_per_block; 169 166 offset = index % pool->sgl_num_per_block; ··· 227 230 struct scatterlist *sg; 228 231 int sg_n; 229 232 230 - if (!dev || !sgl || !pool || !hw_sgl_dma) 233 + if (!dev || !sgl || !pool || !hw_sgl_dma || index >= pool->count) 231 234 return ERR_PTR(-EINVAL); 232 235 233 236 sg_n = sg_nents(sgl);

+11 -13

drivers/crypto/hisilicon/zip/zip_main.c

··· 887 887 static int hisi_zip_debugfs_init(struct hisi_qm *qm) 888 888 { 889 889 struct device *dev = &qm->pdev->dev; 890 - struct dentry *dev_d; 891 890 int ret; 892 891 893 - dev_d = debugfs_create_dir(dev_name(dev), hzip_debugfs_root); 894 - 895 - qm->debug.sqe_mask_offset = HZIP_SQE_MASK_OFFSET; 896 - qm->debug.sqe_mask_len = HZIP_SQE_MASK_LEN; 897 - qm->debug.debug_root = dev_d; 898 892 ret = hisi_qm_regs_debugfs_init(qm, hzip_diff_regs, ARRAY_SIZE(hzip_diff_regs)); 899 893 if (ret) { 900 894 dev_warn(dev, "Failed to init ZIP diff regs!\n"); 901 - goto debugfs_remove; 895 + return ret; 902 896 } 897 + 898 + qm->debug.sqe_mask_offset = HZIP_SQE_MASK_OFFSET; 899 + qm->debug.sqe_mask_len = HZIP_SQE_MASK_LEN; 900 + qm->debug.debug_root = debugfs_create_dir(dev_name(dev), 901 + hzip_debugfs_root); 903 902 904 903 hisi_qm_debug_init(qm); 905 904 906 905 if (qm->fun_type == QM_HW_PF) { 907 906 ret = hisi_zip_ctrl_debug_init(qm); 908 907 if (ret) 909 - goto failed_to_create; 908 + goto debugfs_remove; 910 909 } 911 910 912 911 hisi_zip_dfx_debug_init(qm); 913 912 914 913 return 0; 915 914 916 - failed_to_create: 917 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hzip_diff_regs)); 918 915 debugfs_remove: 919 - debugfs_remove_recursive(hzip_debugfs_root); 916 + debugfs_remove_recursive(qm->debug.debug_root); 917 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hzip_diff_regs)); 920 918 return ret; 921 919 } 922 920 ··· 938 940 939 941 static void hisi_zip_debugfs_exit(struct hisi_qm *qm) 940 942 { 941 - hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hzip_diff_regs)); 942 - 943 943 debugfs_remove_recursive(qm->debug.debug_root); 944 + 945 + hisi_qm_regs_debugfs_uninit(qm, ARRAY_SIZE(hzip_diff_regs)); 944 946 945 947 if (qm->fun_type == QM_HW_PF) { 946 948 hisi_zip_debug_regs_clear(qm);

+8 -8

drivers/crypto/intel/iaa/iaa_crypto.h

··· 49 49 50 50 struct iaa_device *iaa_device; 51 51 52 - u64 comp_calls; 53 - u64 comp_bytes; 54 - u64 decomp_calls; 55 - u64 decomp_bytes; 52 + atomic64_t comp_calls; 53 + atomic64_t comp_bytes; 54 + atomic64_t decomp_calls; 55 + atomic64_t decomp_bytes; 56 56 }; 57 57 58 58 struct iaa_device_compression_mode { ··· 73 73 int n_wq; 74 74 struct list_head wqs; 75 75 76 - u64 comp_calls; 77 - u64 comp_bytes; 78 - u64 decomp_calls; 79 - u64 decomp_bytes; 76 + atomic64_t comp_calls; 77 + atomic64_t comp_bytes; 78 + atomic64_t decomp_calls; 79 + atomic64_t decomp_bytes; 80 80 }; 81 81 82 82 struct wq_table_entry {

+6 -17

drivers/crypto/intel/iaa/iaa_crypto_main.c

··· 347 347 goto free; 348 348 349 349 if (ll_table) { 350 - mode->ll_table = kzalloc(ll_table_size, GFP_KERNEL); 350 + mode->ll_table = kmemdup(ll_table, ll_table_size, GFP_KERNEL); 351 351 if (!mode->ll_table) 352 352 goto free; 353 - memcpy(mode->ll_table, ll_table, ll_table_size); 354 353 mode->ll_table_size = ll_table_size; 355 354 } 356 355 357 356 if (d_table) { 358 - mode->d_table = kzalloc(d_table_size, GFP_KERNEL); 357 + mode->d_table = kmemdup(d_table, d_table_size, GFP_KERNEL); 359 358 if (!mode->d_table) 360 359 goto free; 361 - memcpy(mode->d_table, d_table, d_table_size); 362 360 mode->d_table_size = d_table_size; 363 361 } 364 362 ··· 920 922 for_each_node_with_cpus(node) { 921 923 node_cpus = cpumask_of_node(node); 922 924 923 - for (cpu = 0; cpu < nr_cpus_per_node; cpu++) { 925 + for (cpu = 0; cpu < cpumask_weight(node_cpus); cpu++) { 924 926 int node_cpu = cpumask_nth(cpu, node_cpus); 925 927 926 928 if (WARN_ON(node_cpu >= nr_cpu_ids)) { ··· 1077 1079 update_total_comp_bytes_out(ctx->req->dlen); 1078 1080 update_wq_comp_bytes(iaa_wq->wq, ctx->req->dlen); 1079 1081 } else { 1080 - update_total_decomp_bytes_in(ctx->req->dlen); 1081 - update_wq_decomp_bytes(iaa_wq->wq, ctx->req->dlen); 1082 + update_total_decomp_bytes_in(ctx->req->slen); 1083 + update_wq_decomp_bytes(iaa_wq->wq, ctx->req->slen); 1082 1084 } 1083 1085 1084 1086 if (ctx->compress && compression_ctx->verify_compress) { ··· 1496 1498 u32 compression_crc; 1497 1499 struct idxd_wq *wq; 1498 1500 struct device *dev; 1499 - u64 start_time_ns; 1500 1501 int order = -1; 1501 1502 1502 1503 compression_ctx = crypto_tfm_ctx(tfm); ··· 1569 1572 " req->dlen %d, sg_dma_len(sg) %d\n", dst_addr, nr_sgs, 1570 1573 req->dst, req->dlen, sg_dma_len(req->dst)); 1571 1574 1572 - start_time_ns = iaa_get_ts(); 1573 1575 ret = iaa_compress(tfm, req, wq, src_addr, req->slen, dst_addr, 1574 1576 &req->dlen, &compression_crc, disable_async); 1575 - update_max_comp_delay_ns(start_time_ns); 1576 1577 if (ret == -EINPROGRESS) 1577 1578 return ret; 1578 1579 ··· 1617 1622 struct iaa_wq *iaa_wq; 1618 1623 struct device *dev; 1619 1624 struct idxd_wq *wq; 1620 - u64 start_time_ns; 1621 1625 int order = -1; 1622 1626 1623 1627 cpu = get_cpu(); ··· 1673 1679 dev_dbg(dev, "dma_map_sg, dst_addr %llx, nr_sgs %d, req->dst %p," 1674 1680 " req->dlen %d, sg_dma_len(sg) %d\n", dst_addr, nr_sgs, 1675 1681 req->dst, req->dlen, sg_dma_len(req->dst)); 1676 - start_time_ns = iaa_get_ts(); 1677 1682 ret = iaa_decompress(tfm, req, wq, src_addr, req->slen, 1678 1683 dst_addr, &req->dlen, true); 1679 - update_max_decomp_delay_ns(start_time_ns); 1680 1684 if (ret == -EOVERFLOW) { 1681 1685 dma_unmap_sg(dev, req->dst, sg_nents(req->dst), DMA_FROM_DEVICE); 1682 1686 req->dlen *= 2; ··· 1705 1713 int nr_sgs, cpu, ret = 0; 1706 1714 struct iaa_wq *iaa_wq; 1707 1715 struct device *dev; 1708 - u64 start_time_ns; 1709 1716 struct idxd_wq *wq; 1710 1717 1711 1718 if (!iaa_crypto_enabled) { ··· 1764 1773 " req->dlen %d, sg_dma_len(sg) %d\n", dst_addr, nr_sgs, 1765 1774 req->dst, req->dlen, sg_dma_len(req->dst)); 1766 1775 1767 - start_time_ns = iaa_get_ts(); 1768 1776 ret = iaa_decompress(tfm, req, wq, src_addr, req->slen, 1769 1777 dst_addr, &req->dlen, false); 1770 - update_max_decomp_delay_ns(start_time_ns); 1771 1778 if (ret == -EINPROGRESS) 1772 1779 return ret; 1773 1780 ··· 2003 2014 int ret = 0; 2004 2015 int node; 2005 2016 2006 - nr_cpus = num_online_cpus(); 2017 + nr_cpus = num_possible_cpus(); 2007 2018 for_each_node_with_cpus(node) 2008 2019 nr_nodes++; 2009 2020 if (!nr_nodes) {

+86 -97

drivers/crypto/intel/iaa/iaa_crypto_stats.c

··· 17 17 #include "iaa_crypto.h" 18 18 #include "iaa_crypto_stats.h" 19 19 20 - static u64 total_comp_calls; 21 - static u64 total_decomp_calls; 22 - static u64 total_sw_decomp_calls; 23 - static u64 max_comp_delay_ns; 24 - static u64 max_decomp_delay_ns; 25 - static u64 total_comp_bytes_out; 26 - static u64 total_decomp_bytes_in; 27 - static u64 total_completion_einval_errors; 28 - static u64 total_completion_timeout_errors; 29 - static u64 total_completion_comp_buf_overflow_errors; 20 + static atomic64_t total_comp_calls; 21 + static atomic64_t total_decomp_calls; 22 + static atomic64_t total_sw_decomp_calls; 23 + static atomic64_t total_comp_bytes_out; 24 + static atomic64_t total_decomp_bytes_in; 25 + static atomic64_t total_completion_einval_errors; 26 + static atomic64_t total_completion_timeout_errors; 27 + static atomic64_t total_completion_comp_buf_overflow_errors; 30 28 31 29 static struct dentry *iaa_crypto_debugfs_root; 32 30 33 31 void update_total_comp_calls(void) 34 32 { 35 - total_comp_calls++; 33 + atomic64_inc(&total_comp_calls); 36 34 } 37 35 38 36 void update_total_comp_bytes_out(int n) 39 37 { 40 - total_comp_bytes_out += n; 38 + atomic64_add(n, &total_comp_bytes_out); 41 39 } 42 40 43 41 void update_total_decomp_calls(void) 44 42 { 45 - total_decomp_calls++; 43 + atomic64_inc(&total_decomp_calls); 46 44 } 47 45 48 46 void update_total_sw_decomp_calls(void) 49 47 { 50 - total_sw_decomp_calls++; 48 + atomic64_inc(&total_sw_decomp_calls); 51 49 } 52 50 53 51 void update_total_decomp_bytes_in(int n) 54 52 { 55 - total_decomp_bytes_in += n; 53 + atomic64_add(n, &total_decomp_bytes_in); 56 54 } 57 55 58 56 void update_completion_einval_errs(void) 59 57 { 60 - total_completion_einval_errors++; 58 + atomic64_inc(&total_completion_einval_errors); 61 59 } 62 60 63 61 void update_completion_timeout_errs(void) 64 62 { 65 - total_completion_timeout_errors++; 63 + atomic64_inc(&total_completion_timeout_errors); 66 64 } 67 65 68 66 void update_completion_comp_buf_overflow_errs(void) 69 67 { 70 - total_completion_comp_buf_overflow_errors++; 71 - } 72 - 73 - void update_max_comp_delay_ns(u64 start_time_ns) 74 - { 75 - u64 time_diff; 76 - 77 - time_diff = ktime_get_ns() - start_time_ns; 78 - 79 - if (time_diff > max_comp_delay_ns) 80 - max_comp_delay_ns = time_diff; 81 - } 82 - 83 - void update_max_decomp_delay_ns(u64 start_time_ns) 84 - { 85 - u64 time_diff; 86 - 87 - time_diff = ktime_get_ns() - start_time_ns; 88 - 89 - if (time_diff > max_decomp_delay_ns) 90 - max_decomp_delay_ns = time_diff; 68 + atomic64_inc(&total_completion_comp_buf_overflow_errors); 91 69 } 92 70 93 71 void update_wq_comp_calls(struct idxd_wq *idxd_wq) 94 72 { 95 73 struct iaa_wq *wq = idxd_wq_get_private(idxd_wq); 96 74 97 - wq->comp_calls++; 98 - wq->iaa_device->comp_calls++; 75 + atomic64_inc(&wq->comp_calls); 76 + atomic64_inc(&wq->iaa_device->comp_calls); 99 77 } 100 78 101 79 void update_wq_comp_bytes(struct idxd_wq *idxd_wq, int n) 102 80 { 103 81 struct iaa_wq *wq = idxd_wq_get_private(idxd_wq); 104 82 105 - wq->comp_bytes += n; 106 - wq->iaa_device->comp_bytes += n; 83 + atomic64_add(n, &wq->comp_bytes); 84 + atomic64_add(n, &wq->iaa_device->comp_bytes); 107 85 } 108 86 109 87 void update_wq_decomp_calls(struct idxd_wq *idxd_wq) 110 88 { 111 89 struct iaa_wq *wq = idxd_wq_get_private(idxd_wq); 112 90 113 - wq->decomp_calls++; 114 - wq->iaa_device->decomp_calls++; 91 + atomic64_inc(&wq->decomp_calls); 92 + atomic64_inc(&wq->iaa_device->decomp_calls); 115 93 } 116 94 117 95 void update_wq_decomp_bytes(struct idxd_wq *idxd_wq, int n) 118 96 { 119 97 struct iaa_wq *wq = idxd_wq_get_private(idxd_wq); 120 98 121 - wq->decomp_bytes += n; 122 - wq->iaa_device->decomp_bytes += n; 99 + atomic64_add(n, &wq->decomp_bytes); 100 + atomic64_add(n, &wq->iaa_device->decomp_bytes); 123 101 } 124 102 125 103 static void reset_iaa_crypto_stats(void) 126 104 { 127 - total_comp_calls = 0; 128 - total_decomp_calls = 0; 129 - total_sw_decomp_calls = 0; 130 - max_comp_delay_ns = 0; 131 - max_decomp_delay_ns = 0; 132 - total_comp_bytes_out = 0; 133 - total_decomp_bytes_in = 0; 134 - total_completion_einval_errors = 0; 135 - total_completion_timeout_errors = 0; 136 - total_completion_comp_buf_overflow_errors = 0; 105 + atomic64_set(&total_comp_calls, 0); 106 + atomic64_set(&total_decomp_calls, 0); 107 + atomic64_set(&total_sw_decomp_calls, 0); 108 + atomic64_set(&total_comp_bytes_out, 0); 109 + atomic64_set(&total_decomp_bytes_in, 0); 110 + atomic64_set(&total_completion_einval_errors, 0); 111 + atomic64_set(&total_completion_timeout_errors, 0); 112 + atomic64_set(&total_completion_comp_buf_overflow_errors, 0); 137 113 } 138 114 139 115 static void reset_wq_stats(struct iaa_wq *wq) 140 116 { 141 - wq->comp_calls = 0; 142 - wq->comp_bytes = 0; 143 - wq->decomp_calls = 0; 144 - wq->decomp_bytes = 0; 117 + atomic64_set(&wq->comp_calls, 0); 118 + atomic64_set(&wq->comp_bytes, 0); 119 + atomic64_set(&wq->decomp_calls, 0); 120 + atomic64_set(&wq->decomp_bytes, 0); 145 121 } 146 122 147 123 static void reset_device_stats(struct iaa_device *iaa_device) 148 124 { 149 125 struct iaa_wq *iaa_wq; 150 126 151 - iaa_device->comp_calls = 0; 152 - iaa_device->comp_bytes = 0; 153 - iaa_device->decomp_calls = 0; 154 - iaa_device->decomp_bytes = 0; 127 + atomic64_set(&iaa_device->comp_calls, 0); 128 + atomic64_set(&iaa_device->comp_bytes, 0); 129 + atomic64_set(&iaa_device->decomp_calls, 0); 130 + atomic64_set(&iaa_device->decomp_bytes, 0); 155 131 156 132 list_for_each_entry(iaa_wq, &iaa_device->wqs, list) 157 133 reset_wq_stats(iaa_wq); ··· 136 160 static void wq_show(struct seq_file *m, struct iaa_wq *iaa_wq) 137 161 { 138 162 seq_printf(m, " name: %s\n", iaa_wq->wq->name); 139 - seq_printf(m, " comp_calls: %llu\n", iaa_wq->comp_calls); 140 - seq_printf(m, " comp_bytes: %llu\n", iaa_wq->comp_bytes); 141 - seq_printf(m, " decomp_calls: %llu\n", iaa_wq->decomp_calls); 142 - seq_printf(m, " decomp_bytes: %llu\n\n", iaa_wq->decomp_bytes); 163 + seq_printf(m, " comp_calls: %llu\n", 164 + atomic64_read(&iaa_wq->comp_calls)); 165 + seq_printf(m, " comp_bytes: %llu\n", 166 + atomic64_read(&iaa_wq->comp_bytes)); 167 + seq_printf(m, " decomp_calls: %llu\n", 168 + atomic64_read(&iaa_wq->decomp_calls)); 169 + seq_printf(m, " decomp_bytes: %llu\n\n", 170 + atomic64_read(&iaa_wq->decomp_bytes)); 143 171 } 144 172 145 173 static void device_stats_show(struct seq_file *m, struct iaa_device *iaa_device) ··· 153 173 seq_puts(m, "iaa device:\n"); 154 174 seq_printf(m, " id: %d\n", iaa_device->idxd->id); 155 175 seq_printf(m, " n_wqs: %d\n", iaa_device->n_wq); 156 - seq_printf(m, " comp_calls: %llu\n", iaa_device->comp_calls); 157 - seq_printf(m, " comp_bytes: %llu\n", iaa_device->comp_bytes); 158 - seq_printf(m, " decomp_calls: %llu\n", iaa_device->decomp_calls); 159 - seq_printf(m, " decomp_bytes: %llu\n", iaa_device->decomp_bytes); 176 + seq_printf(m, " comp_calls: %llu\n", 177 + atomic64_read(&iaa_device->comp_calls)); 178 + seq_printf(m, " comp_bytes: %llu\n", 179 + atomic64_read(&iaa_device->comp_bytes)); 180 + seq_printf(m, " decomp_calls: %llu\n", 181 + atomic64_read(&iaa_device->decomp_calls)); 182 + seq_printf(m, " decomp_bytes: %llu\n", 183 + atomic64_read(&iaa_device->decomp_bytes)); 160 184 seq_puts(m, " wqs:\n"); 161 185 162 186 list_for_each_entry(iaa_wq, &iaa_device->wqs, list) 163 187 wq_show(m, iaa_wq); 164 188 } 165 189 166 - static void global_stats_show(struct seq_file *m) 190 + static int global_stats_show(struct seq_file *m, void *v) 167 191 { 168 192 seq_puts(m, "global stats:\n"); 169 - seq_printf(m, " total_comp_calls: %llu\n", total_comp_calls); 170 - seq_printf(m, " total_decomp_calls: %llu\n", total_decomp_calls); 171 - seq_printf(m, " total_sw_decomp_calls: %llu\n", total_sw_decomp_calls); 172 - seq_printf(m, " total_comp_bytes_out: %llu\n", total_comp_bytes_out); 173 - seq_printf(m, " total_decomp_bytes_in: %llu\n", total_decomp_bytes_in); 193 + seq_printf(m, " total_comp_calls: %llu\n", 194 + atomic64_read(&total_comp_calls)); 195 + seq_printf(m, " total_decomp_calls: %llu\n", 196 + atomic64_read(&total_decomp_calls)); 197 + seq_printf(m, " total_sw_decomp_calls: %llu\n", 198 + atomic64_read(&total_sw_decomp_calls)); 199 + seq_printf(m, " total_comp_bytes_out: %llu\n", 200 + atomic64_read(&total_comp_bytes_out)); 201 + seq_printf(m, " total_decomp_bytes_in: %llu\n", 202 + atomic64_read(&total_decomp_bytes_in)); 174 203 seq_printf(m, " total_completion_einval_errors: %llu\n", 175 - total_completion_einval_errors); 204 + atomic64_read(&total_completion_einval_errors)); 176 205 seq_printf(m, " total_completion_timeout_errors: %llu\n", 177 - total_completion_timeout_errors); 206 + atomic64_read(&total_completion_timeout_errors)); 178 207 seq_printf(m, " total_completion_comp_buf_overflow_errors: %llu\n\n", 179 - total_completion_comp_buf_overflow_errors); 208 + atomic64_read(&total_completion_comp_buf_overflow_errors)); 209 + 210 + return 0; 180 211 } 181 212 182 213 static int wq_stats_show(struct seq_file *m, void *v) ··· 195 204 struct iaa_device *iaa_device; 196 205 197 206 mutex_lock(&iaa_devices_lock); 198 - 199 - global_stats_show(m); 200 207 201 208 list_for_each_entry(iaa_device, &iaa_devices, list) 202 209 device_stats_show(m, iaa_device); ··· 232 243 .release = single_release, 233 244 }; 234 245 246 + static int global_stats_open(struct inode *inode, struct file *file) 247 + { 248 + return single_open(file, global_stats_show, file); 249 + } 250 + 251 + static const struct file_operations global_stats_fops = { 252 + .open = global_stats_open, 253 + .read = seq_read, 254 + .llseek = seq_lseek, 255 + .release = single_release, 256 + }; 257 + 235 258 DEFINE_DEBUGFS_ATTRIBUTE(wq_stats_reset_fops, NULL, iaa_crypto_stats_reset, "%llu\n"); 236 259 237 260 int __init iaa_crypto_debugfs_init(void) ··· 253 252 254 253 iaa_crypto_debugfs_root = debugfs_create_dir("iaa_crypto", NULL); 255 254 256 - debugfs_create_u64("max_comp_delay_ns", 0644, 257 - iaa_crypto_debugfs_root, &max_comp_delay_ns); 258 - debugfs_create_u64("max_decomp_delay_ns", 0644, 259 - iaa_crypto_debugfs_root, &max_decomp_delay_ns); 260 - debugfs_create_u64("total_comp_calls", 0644, 261 - iaa_crypto_debugfs_root, &total_comp_calls); 262 - debugfs_create_u64("total_decomp_calls", 0644, 263 - iaa_crypto_debugfs_root, &total_decomp_calls); 264 - debugfs_create_u64("total_sw_decomp_calls", 0644, 265 - iaa_crypto_debugfs_root, &total_sw_decomp_calls); 266 - debugfs_create_u64("total_comp_bytes_out", 0644, 267 - iaa_crypto_debugfs_root, &total_comp_bytes_out); 268 - debugfs_create_u64("total_decomp_bytes_in", 0644, 269 - iaa_crypto_debugfs_root, &total_decomp_bytes_in); 255 + debugfs_create_file("global_stats", 0644, iaa_crypto_debugfs_root, NULL, 256 + &global_stats_fops); 270 257 debugfs_create_file("wq_stats", 0644, iaa_crypto_debugfs_root, NULL, 271 258 &wq_stats_fops); 272 259 debugfs_create_file("stats_reset", 0644, iaa_crypto_debugfs_root, NULL,

-8

drivers/crypto/intel/iaa/iaa_crypto_stats.h

··· 13 13 void update_total_decomp_calls(void); 14 14 void update_total_sw_decomp_calls(void); 15 15 void update_total_decomp_bytes_in(int n); 16 - void update_max_comp_delay_ns(u64 start_time_ns); 17 - void update_max_decomp_delay_ns(u64 start_time_ns); 18 16 void update_completion_einval_errs(void); 19 17 void update_completion_timeout_errs(void); 20 18 void update_completion_comp_buf_overflow_errs(void); ··· 21 23 void update_wq_comp_bytes(struct idxd_wq *idxd_wq, int n); 22 24 void update_wq_decomp_calls(struct idxd_wq *idxd_wq); 23 25 void update_wq_decomp_bytes(struct idxd_wq *idxd_wq, int n); 24 - 25 - static inline u64 iaa_get_ts(void) { return ktime_get_ns(); } 26 26 27 27 #else 28 28 static inline int iaa_crypto_debugfs_init(void) { return 0; } ··· 31 35 static inline void update_total_decomp_calls(void) {} 32 36 static inline void update_total_sw_decomp_calls(void) {} 33 37 static inline void update_total_decomp_bytes_in(int n) {} 34 - static inline void update_max_comp_delay_ns(u64 start_time_ns) {} 35 - static inline void update_max_decomp_delay_ns(u64 start_time_ns) {} 36 38 static inline void update_completion_einval_errs(void) {} 37 39 static inline void update_completion_timeout_errs(void) {} 38 40 static inline void update_completion_comp_buf_overflow_errs(void) {} ··· 39 45 static inline void update_wq_comp_bytes(struct idxd_wq *idxd_wq, int n) {} 40 46 static inline void update_wq_decomp_calls(struct idxd_wq *idxd_wq) {} 41 47 static inline void update_wq_decomp_bytes(struct idxd_wq *idxd_wq, int n) {} 42 - 43 - static inline u64 iaa_get_ts(void) { return 0; } 44 48 45 49 #endif // CONFIG_CRYPTO_DEV_IAA_CRYPTO_STATS 46 50

+4 -1

drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c

··· 10 10 #include <adf_fw_config.h> 11 11 #include <adf_gen4_config.h> 12 12 #include <adf_gen4_dc.h> 13 + #include <adf_gen4_hw_csr_data.h> 13 14 #include <adf_gen4_hw_data.h> 14 15 #include <adf_gen4_pfvf.h> 15 16 #include <adf_gen4_pm.h> 16 17 #include <adf_gen4_ras.h> 17 18 #include <adf_gen4_timer.h> 18 19 #include <adf_gen4_tl.h> 20 + #include <adf_gen4_vf_mig.h> 19 21 #include "adf_420xx_hw_data.h" 20 22 #include "icp_qat_hw.h" 21 23 ··· 298 296 { 299 297 if (adf_gen4_init_thd2arb_map(accel_dev)) 300 298 dev_warn(&GET_DEV(accel_dev), 301 - "Generate of the thread to arbiter map failed"); 299 + "Failed to generate thread to arbiter mapping"); 302 300 303 301 return GET_HW_DATA(accel_dev)->thd_to_arb_map; 304 302 } ··· 489 487 adf_gen4_init_dc_ops(&hw_data->dc_ops); 490 488 adf_gen4_init_ras_ops(&hw_data->ras_ops); 491 489 adf_gen4_init_tl_data(&hw_data->tl_data); 490 + adf_gen4_init_vf_mig_ops(&hw_data->vfmig_ops); 492 491 adf_init_rl_data(&hw_data->rl_data); 493 492 } 494 493

+6 -1

drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c

··· 10 10 #include <adf_fw_config.h> 11 11 #include <adf_gen4_config.h> 12 12 #include <adf_gen4_dc.h> 13 + #include <adf_gen4_hw_csr_data.h> 13 14 #include <adf_gen4_hw_data.h> 14 15 #include <adf_gen4_pfvf.h> 15 16 #include <adf_gen4_pm.h> 16 17 #include "adf_gen4_ras.h" 17 18 #include <adf_gen4_timer.h> 18 19 #include <adf_gen4_tl.h> 20 + #include <adf_gen4_vf_mig.h> 19 21 #include "adf_4xxx_hw_data.h" 20 22 #include "icp_qat_hw.h" 21 23 ··· 210 208 { 211 209 if (adf_gen4_init_thd2arb_map(accel_dev)) 212 210 dev_warn(&GET_DEV(accel_dev), 213 - "Generate of the thread to arbiter map failed"); 211 + "Failed to generate thread to arbiter mapping"); 214 212 215 213 return GET_HW_DATA(accel_dev)->thd_to_arb_map; 216 214 } ··· 456 454 hw_data->get_ring_to_svc_map = adf_gen4_get_ring_to_svc_map; 457 455 hw_data->disable_iov = adf_disable_sriov; 458 456 hw_data->ring_pair_reset = adf_gen4_ring_pair_reset; 457 + hw_data->bank_state_save = adf_gen4_bank_state_save; 458 + hw_data->bank_state_restore = adf_gen4_bank_state_restore; 459 459 hw_data->enable_pm = adf_gen4_enable_pm; 460 460 hw_data->handle_pm_interrupt = adf_gen4_handle_pm_interrupt; 461 461 hw_data->dev_config = adf_gen4_dev_config; ··· 473 469 adf_gen4_init_dc_ops(&hw_data->dc_ops); 474 470 adf_gen4_init_ras_ops(&hw_data->ras_ops); 475 471 adf_gen4_init_tl_data(&hw_data->tl_data); 472 + adf_gen4_init_vf_mig_ops(&hw_data->vfmig_ops); 476 473 adf_init_rl_data(&hw_data->rl_data); 477 474 } 478 475

+2

drivers/crypto/intel/qat/qat_4xxx/adf_drv.c

··· 197 197 MODULE_LICENSE("Dual BSD/GPL"); 198 198 MODULE_AUTHOR("Intel"); 199 199 MODULE_FIRMWARE(ADF_4XXX_FW); 200 + MODULE_FIRMWARE(ADF_402XX_FW); 200 201 MODULE_FIRMWARE(ADF_4XXX_MMP); 202 + MODULE_FIRMWARE(ADF_402XX_MMP); 201 203 MODULE_DESCRIPTION("Intel(R) QuickAssist Technology"); 202 204 MODULE_VERSION(ADF_DRV_VERSION); 203 205 MODULE_SOFTDEP("pre: crypto-intel_qat");

+1

drivers/crypto/intel/qat/qat_c3xxx/adf_c3xxx_hw_data.c

··· 6 6 #include <adf_common_drv.h> 7 7 #include <adf_gen2_config.h> 8 8 #include <adf_gen2_dc.h> 9 + #include <adf_gen2_hw_csr_data.h> 9 10 #include <adf_gen2_hw_data.h> 10 11 #include <adf_gen2_pfvf.h> 11 12 #include "adf_c3xxx_hw_data.h"

+1

drivers/crypto/intel/qat/qat_c3xxxvf/adf_c3xxxvf_hw_data.c

··· 4 4 #include <adf_common_drv.h> 5 5 #include <adf_gen2_config.h> 6 6 #include <adf_gen2_dc.h> 7 + #include <adf_gen2_hw_csr_data.h> 7 8 #include <adf_gen2_hw_data.h> 8 9 #include <adf_gen2_pfvf.h> 9 10 #include <adf_pfvf_vf_msg.h>

+1

drivers/crypto/intel/qat/qat_c62x/adf_c62x_hw_data.c

··· 6 6 #include <adf_common_drv.h> 7 7 #include <adf_gen2_config.h> 8 8 #include <adf_gen2_dc.h> 9 + #include <adf_gen2_hw_csr_data.h> 9 10 #include <adf_gen2_hw_data.h> 10 11 #include <adf_gen2_pfvf.h> 11 12 #include "adf_c62x_hw_data.h"

+1

drivers/crypto/intel/qat/qat_c62xvf/adf_c62xvf_hw_data.c

··· 4 4 #include <adf_common_drv.h> 5 5 #include <adf_gen2_config.h> 6 6 #include <adf_gen2_dc.h> 7 + #include <adf_gen2_hw_csr_data.h> 7 8 #include <adf_gen2_hw_data.h> 8 9 #include <adf_gen2_pfvf.h> 9 10 #include <adf_pfvf_vf_msg.h>

+5 -1

drivers/crypto/intel/qat/qat_common/Makefile

··· 14 14 adf_hw_arbiter.o \ 15 15 adf_sysfs.o \ 16 16 adf_sysfs_ras_counters.o \ 17 + adf_gen2_hw_csr_data.o \ 17 18 adf_gen2_hw_data.o \ 18 19 adf_gen2_config.o \ 19 20 adf_gen4_config.o \ 21 + adf_gen4_hw_csr_data.o \ 20 22 adf_gen4_hw_data.o \ 23 + adf_gen4_vf_mig.o \ 21 24 adf_gen4_pm.o \ 22 25 adf_gen2_dc.o \ 23 26 adf_gen4_dc.o \ 24 27 adf_gen4_ras.o \ 25 28 adf_gen4_timer.o \ 26 29 adf_clock.o \ 30 + adf_mstate_mgr.o \ 27 31 qat_crypto.o \ 28 32 qat_compression.o \ 29 33 qat_comp_algs.o \ ··· 56 52 intel_qat-$(CONFIG_PCI_IOV) += adf_sriov.o adf_vf_isr.o adf_pfvf_utils.o \ 57 53 adf_pfvf_pf_msg.o adf_pfvf_pf_proto.o \ 58 54 adf_pfvf_vf_msg.o adf_pfvf_vf_proto.o \ 59 - adf_gen2_pfvf.o adf_gen4_pfvf.o 55 + adf_gen2_pfvf.o adf_gen4_pfvf.o qat_mig_dev.o 60 56 61 57 intel_qat-$(CONFIG_CRYPTO_DEV_QAT_ERROR_INJECTION) += adf_heartbeat_inject.o

+88

drivers/crypto/intel/qat/qat_common/adf_accel_devices.h

··· 9 9 #include <linux/pci.h> 10 10 #include <linux/ratelimit.h> 11 11 #include <linux/types.h> 12 + #include <linux/qat/qat_mig_dev.h> 12 13 #include "adf_cfg_common.h" 13 14 #include "adf_rl.h" 14 15 #include "adf_telemetry.h" ··· 141 140 u32 mailbox_offset; 142 141 }; 143 142 143 + struct ring_config { 144 + u64 base; 145 + u32 config; 146 + u32 head; 147 + u32 tail; 148 + u32 reserved0; 149 + }; 150 + 151 + struct bank_state { 152 + u32 ringstat0; 153 + u32 ringstat1; 154 + u32 ringuostat; 155 + u32 ringestat; 156 + u32 ringnestat; 157 + u32 ringnfstat; 158 + u32 ringfstat; 159 + u32 ringcstat0; 160 + u32 ringcstat1; 161 + u32 ringcstat2; 162 + u32 ringcstat3; 163 + u32 iaintflagen; 164 + u32 iaintflagreg; 165 + u32 iaintflagsrcsel0; 166 + u32 iaintflagsrcsel1; 167 + u32 iaintcolen; 168 + u32 iaintcolctl; 169 + u32 iaintflagandcolen; 170 + u32 ringexpstat; 171 + u32 ringexpintenable; 172 + u32 ringsrvarben; 173 + u32 reserved0; 174 + struct ring_config rings[ADF_ETR_MAX_RINGS_PER_BANK]; 175 + }; 176 + 144 177 struct adf_hw_csr_ops { 145 178 u64 (*build_csr_ring_base_addr)(dma_addr_t addr, u32 size); 146 179 u32 (*read_csr_ring_head)(void __iomem *csr_base_addr, u32 bank, ··· 185 150 u32 ring); 186 151 void (*write_csr_ring_tail)(void __iomem *csr_base_addr, u32 bank, 187 152 u32 ring, u32 value); 153 + u32 (*read_csr_stat)(void __iomem *csr_base_addr, u32 bank); 154 + u32 (*read_csr_uo_stat)(void __iomem *csr_base_addr, u32 bank); 188 155 u32 (*read_csr_e_stat)(void __iomem *csr_base_addr, u32 bank); 156 + u32 (*read_csr_ne_stat)(void __iomem *csr_base_addr, u32 bank); 157 + u32 (*read_csr_nf_stat)(void __iomem *csr_base_addr, u32 bank); 158 + u32 (*read_csr_f_stat)(void __iomem *csr_base_addr, u32 bank); 159 + u32 (*read_csr_c_stat)(void __iomem *csr_base_addr, u32 bank); 160 + u32 (*read_csr_exp_stat)(void __iomem *csr_base_addr, u32 bank); 161 + u32 (*read_csr_exp_int_en)(void __iomem *csr_base_addr, u32 bank); 162 + void (*write_csr_exp_int_en)(void __iomem *csr_base_addr, u32 bank, 163 + u32 value); 164 + u32 (*read_csr_ring_config)(void __iomem *csr_base_addr, u32 bank, 165 + u32 ring); 189 166 void (*write_csr_ring_config)(void __iomem *csr_base_addr, u32 bank, 190 167 u32 ring, u32 value); 168 + dma_addr_t (*read_csr_ring_base)(void __iomem *csr_base_addr, u32 bank, 169 + u32 ring); 191 170 void (*write_csr_ring_base)(void __iomem *csr_base_addr, u32 bank, 192 171 u32 ring, dma_addr_t addr); 172 + u32 (*read_csr_int_en)(void __iomem *csr_base_addr, u32 bank); 173 + void (*write_csr_int_en)(void __iomem *csr_base_addr, u32 bank, 174 + u32 value); 175 + u32 (*read_csr_int_flag)(void __iomem *csr_base_addr, u32 bank); 193 176 void (*write_csr_int_flag)(void __iomem *csr_base_addr, u32 bank, 194 177 u32 value); 178 + u32 (*read_csr_int_srcsel)(void __iomem *csr_base_addr, u32 bank); 195 179 void (*write_csr_int_srcsel)(void __iomem *csr_base_addr, u32 bank); 180 + void (*write_csr_int_srcsel_w_val)(void __iomem *csr_base_addr, 181 + u32 bank, u32 value); 182 + u32 (*read_csr_int_col_en)(void __iomem *csr_base_addr, u32 bank); 196 183 void (*write_csr_int_col_en)(void __iomem *csr_base_addr, u32 bank, 197 184 u32 value); 185 + u32 (*read_csr_int_col_ctl)(void __iomem *csr_base_addr, u32 bank); 198 186 void (*write_csr_int_col_ctl)(void __iomem *csr_base_addr, u32 bank, 199 187 u32 value); 188 + u32 (*read_csr_int_flag_and_col)(void __iomem *csr_base_addr, 189 + u32 bank); 200 190 void (*write_csr_int_flag_and_col)(void __iomem *csr_base_addr, 201 191 u32 bank, u32 value); 192 + u32 (*read_csr_ring_srv_arb_en)(void __iomem *csr_base_addr, u32 bank); 202 193 void (*write_csr_ring_srv_arb_en)(void __iomem *csr_base_addr, u32 bank, 203 194 u32 value); 195 + u32 (*get_int_col_ctl_enable_mask)(void); 204 196 }; 205 197 206 198 struct adf_cfg_device_data; ··· 257 195 258 196 struct adf_dc_ops { 259 197 void (*build_deflate_ctx)(void *ctx); 198 + }; 199 + 200 + struct qat_migdev_ops { 201 + int (*init)(struct qat_mig_dev *mdev); 202 + void (*cleanup)(struct qat_mig_dev *mdev); 203 + void (*reset)(struct qat_mig_dev *mdev); 204 + int (*open)(struct qat_mig_dev *mdev); 205 + void (*close)(struct qat_mig_dev *mdev); 206 + int (*suspend)(struct qat_mig_dev *mdev); 207 + int (*resume)(struct qat_mig_dev *mdev); 208 + int (*save_state)(struct qat_mig_dev *mdev); 209 + int (*save_setup)(struct qat_mig_dev *mdev); 210 + int (*load_state)(struct qat_mig_dev *mdev); 211 + int (*load_setup)(struct qat_mig_dev *mdev, int size); 260 212 }; 261 213 262 214 struct adf_dev_err_mask { ··· 320 244 void (*enable_ints)(struct adf_accel_dev *accel_dev); 321 245 void (*set_ssm_wdtimer)(struct adf_accel_dev *accel_dev); 322 246 int (*ring_pair_reset)(struct adf_accel_dev *accel_dev, u32 bank_nr); 247 + int (*bank_state_save)(struct adf_accel_dev *accel_dev, u32 bank_number, 248 + struct bank_state *state); 249 + int (*bank_state_restore)(struct adf_accel_dev *accel_dev, 250 + u32 bank_number, struct bank_state *state); 323 251 void (*reset_device)(struct adf_accel_dev *accel_dev); 324 252 void (*set_msix_rttable)(struct adf_accel_dev *accel_dev); 325 253 const char *(*uof_get_name)(struct adf_accel_dev *accel_dev, u32 obj_num); ··· 340 260 struct adf_dev_err_mask dev_err_mask; 341 261 struct adf_rl_hw_data rl_data; 342 262 struct adf_tl_hw_data tl_data; 263 + struct qat_migdev_ops vfmig_ops; 343 264 const char *fw_name; 344 265 const char *fw_mmp_name; 345 266 u32 fuses; ··· 397 316 #define GET_CSR_OPS(accel_dev) (&(accel_dev)->hw_device->csr_ops) 398 317 #define GET_PFVF_OPS(accel_dev) (&(accel_dev)->hw_device->pfvf_ops) 399 318 #define GET_DC_OPS(accel_dev) (&(accel_dev)->hw_device->dc_ops) 319 + #define GET_VFMIG_OPS(accel_dev) (&(accel_dev)->hw_device->vfmig_ops) 400 320 #define GET_TL_DATA(accel_dev) GET_HW_DATA(accel_dev)->tl_data 401 321 #define accel_to_pci_dev(accel_ptr) accel_ptr->accel_pci_dev.pci_dev 402 322 ··· 412 330 struct adf_accel_vf_info { 413 331 struct adf_accel_dev *accel_dev; 414 332 struct mutex pf2vf_lock; /* protect CSR access for PF2VF messages */ 333 + struct mutex pfvf_mig_lock; /* protects PFVF state for migration */ 415 334 struct ratelimit_state vf2pf_ratelimit; 416 335 u32 vf_nr; 417 336 bool init; 418 337 bool restarting; 419 338 u8 vf_compat_ver; 339 + /* 340 + * Private area used for device migration. 341 + * Memory allocation and free is managed by migration driver. 342 + */ 343 + void *mig_priv; 420 344 }; 421 345 422 346 struct adf_dc_data {

+10

drivers/crypto/intel/qat/qat_common/adf_common_drv.h

··· 248 248 return pmisc->virt_addr; 249 249 } 250 250 251 + static inline void __iomem *adf_get_etr_base(struct adf_accel_dev *accel_dev) 252 + { 253 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 254 + struct adf_bar *etr; 255 + 256 + etr = &GET_BARS(accel_dev)[hw_data->get_etr_bar_id(hw_data)]; 257 + 258 + return etr->virt_addr; 259 + } 260 + 251 261 static inline void __iomem *adf_get_aram_base(struct adf_accel_dev *accel_dev) 252 262 { 253 263 struct adf_hw_device_data *hw_data = accel_dev->hw_device;

+101

drivers/crypto/intel/qat/qat_common/adf_gen2_hw_csr_data.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #include <linux/types.h> 4 + #include "adf_gen2_hw_csr_data.h" 5 + 6 + static u64 build_csr_ring_base_addr(dma_addr_t addr, u32 size) 7 + { 8 + return BUILD_RING_BASE_ADDR(addr, size); 9 + } 10 + 11 + static u32 read_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring) 12 + { 13 + return READ_CSR_RING_HEAD(csr_base_addr, bank, ring); 14 + } 15 + 16 + static void write_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring, 17 + u32 value) 18 + { 19 + WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value); 20 + } 21 + 22 + static u32 read_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring) 23 + { 24 + return READ_CSR_RING_TAIL(csr_base_addr, bank, ring); 25 + } 26 + 27 + static void write_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring, 28 + u32 value) 29 + { 30 + WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value); 31 + } 32 + 33 + static u32 read_csr_e_stat(void __iomem *csr_base_addr, u32 bank) 34 + { 35 + return READ_CSR_E_STAT(csr_base_addr, bank); 36 + } 37 + 38 + static void write_csr_ring_config(void __iomem *csr_base_addr, u32 bank, 39 + u32 ring, u32 value) 40 + { 41 + WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value); 42 + } 43 + 44 + static void write_csr_ring_base(void __iomem *csr_base_addr, u32 bank, u32 ring, 45 + dma_addr_t addr) 46 + { 47 + WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, addr); 48 + } 49 + 50 + static void write_csr_int_flag(void __iomem *csr_base_addr, u32 bank, u32 value) 51 + { 52 + WRITE_CSR_INT_FLAG(csr_base_addr, bank, value); 53 + } 54 + 55 + static void write_csr_int_srcsel(void __iomem *csr_base_addr, u32 bank) 56 + { 57 + WRITE_CSR_INT_SRCSEL(csr_base_addr, bank); 58 + } 59 + 60 + static void write_csr_int_col_en(void __iomem *csr_base_addr, u32 bank, 61 + u32 value) 62 + { 63 + WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value); 64 + } 65 + 66 + static void write_csr_int_col_ctl(void __iomem *csr_base_addr, u32 bank, 67 + u32 value) 68 + { 69 + WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value); 70 + } 71 + 72 + static void write_csr_int_flag_and_col(void __iomem *csr_base_addr, u32 bank, 73 + u32 value) 74 + { 75 + WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value); 76 + } 77 + 78 + static void write_csr_ring_srv_arb_en(void __iomem *csr_base_addr, u32 bank, 79 + u32 value) 80 + { 81 + WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value); 82 + } 83 + 84 + void adf_gen2_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops) 85 + { 86 + csr_ops->build_csr_ring_base_addr = build_csr_ring_base_addr; 87 + csr_ops->read_csr_ring_head = read_csr_ring_head; 88 + csr_ops->write_csr_ring_head = write_csr_ring_head; 89 + csr_ops->read_csr_ring_tail = read_csr_ring_tail; 90 + csr_ops->write_csr_ring_tail = write_csr_ring_tail; 91 + csr_ops->read_csr_e_stat = read_csr_e_stat; 92 + csr_ops->write_csr_ring_config = write_csr_ring_config; 93 + csr_ops->write_csr_ring_base = write_csr_ring_base; 94 + csr_ops->write_csr_int_flag = write_csr_int_flag; 95 + csr_ops->write_csr_int_srcsel = write_csr_int_srcsel; 96 + csr_ops->write_csr_int_col_en = write_csr_int_col_en; 97 + csr_ops->write_csr_int_col_ctl = write_csr_int_col_ctl; 98 + csr_ops->write_csr_int_flag_and_col = write_csr_int_flag_and_col; 99 + csr_ops->write_csr_ring_srv_arb_en = write_csr_ring_srv_arb_en; 100 + } 101 + EXPORT_SYMBOL_GPL(adf_gen2_init_hw_csr_ops);

+86

drivers/crypto/intel/qat/qat_common/adf_gen2_hw_csr_data.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #ifndef ADF_GEN2_HW_CSR_DATA_H_ 4 + #define ADF_GEN2_HW_CSR_DATA_H_ 5 + 6 + #include <linux/bitops.h> 7 + #include "adf_accel_devices.h" 8 + 9 + #define ADF_BANK_INT_SRC_SEL_MASK_0 0x4444444CUL 10 + #define ADF_BANK_INT_SRC_SEL_MASK_X 0x44444444UL 11 + #define ADF_RING_CSR_RING_CONFIG 0x000 12 + #define ADF_RING_CSR_RING_LBASE 0x040 13 + #define ADF_RING_CSR_RING_UBASE 0x080 14 + #define ADF_RING_CSR_RING_HEAD 0x0C0 15 + #define ADF_RING_CSR_RING_TAIL 0x100 16 + #define ADF_RING_CSR_E_STAT 0x14C 17 + #define ADF_RING_CSR_INT_FLAG 0x170 18 + #define ADF_RING_CSR_INT_SRCSEL 0x174 19 + #define ADF_RING_CSR_INT_SRCSEL_2 0x178 20 + #define ADF_RING_CSR_INT_COL_EN 0x17C 21 + #define ADF_RING_CSR_INT_COL_CTL 0x180 22 + #define ADF_RING_CSR_INT_FLAG_AND_COL 0x184 23 + #define ADF_RING_CSR_INT_COL_CTL_ENABLE 0x80000000 24 + #define ADF_RING_BUNDLE_SIZE 0x1000 25 + #define ADF_ARB_REG_SLOT 0x1000 26 + #define ADF_ARB_RINGSRVARBEN_OFFSET 0x19C 27 + 28 + #define BUILD_RING_BASE_ADDR(addr, size) \ 29 + (((addr) >> 6) & (GENMASK_ULL(63, 0) << (size))) 30 + #define READ_CSR_RING_HEAD(csr_base_addr, bank, ring) \ 31 + ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 32 + ADF_RING_CSR_RING_HEAD + ((ring) << 2)) 33 + #define READ_CSR_RING_TAIL(csr_base_addr, bank, ring) \ 34 + ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 35 + ADF_RING_CSR_RING_TAIL + ((ring) << 2)) 36 + #define READ_CSR_E_STAT(csr_base_addr, bank) \ 37 + ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 38 + ADF_RING_CSR_E_STAT) 39 + #define WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value) \ 40 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 41 + ADF_RING_CSR_RING_CONFIG + ((ring) << 2), value) 42 + #define WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, value) \ 43 + do { \ 44 + u32 l_base = 0, u_base = 0; \ 45 + l_base = (u32)((value) & 0xFFFFFFFF); \ 46 + u_base = (u32)(((value) & 0xFFFFFFFF00000000ULL) >> 32); \ 47 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 48 + ADF_RING_CSR_RING_LBASE + ((ring) << 2), l_base); \ 49 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 50 + ADF_RING_CSR_RING_UBASE + ((ring) << 2), u_base); \ 51 + } while (0) 52 + 53 + #define WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value) \ 54 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 55 + ADF_RING_CSR_RING_HEAD + ((ring) << 2), value) 56 + #define WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value) \ 57 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 58 + ADF_RING_CSR_RING_TAIL + ((ring) << 2), value) 59 + #define WRITE_CSR_INT_FLAG(csr_base_addr, bank, value) \ 60 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 61 + ADF_RING_CSR_INT_FLAG, value) 62 + #define WRITE_CSR_INT_SRCSEL(csr_base_addr, bank) \ 63 + do { \ 64 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 65 + ADF_RING_CSR_INT_SRCSEL, ADF_BANK_INT_SRC_SEL_MASK_0); \ 66 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 67 + ADF_RING_CSR_INT_SRCSEL_2, ADF_BANK_INT_SRC_SEL_MASK_X); \ 68 + } while (0) 69 + #define WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value) \ 70 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 71 + ADF_RING_CSR_INT_COL_EN, value) 72 + #define WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value) \ 73 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 74 + ADF_RING_CSR_INT_COL_CTL, \ 75 + ADF_RING_CSR_INT_COL_CTL_ENABLE | (value)) 76 + #define WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value) \ 77 + ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 78 + ADF_RING_CSR_INT_FLAG_AND_COL, value) 79 + 80 + #define WRITE_CSR_RING_SRV_ARB_EN(csr_addr, index, value) \ 81 + ADF_CSR_WR(csr_addr, ADF_ARB_RINGSRVARBEN_OFFSET + \ 82 + (ADF_ARB_REG_SLOT * (index)), value) 83 + 84 + void adf_gen2_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops); 85 + 86 + #endif

-97

drivers/crypto/intel/qat/qat_common/adf_gen2_hw_data.c

··· 111 111 } 112 112 EXPORT_SYMBOL_GPL(adf_gen2_enable_ints); 113 113 114 - static u64 build_csr_ring_base_addr(dma_addr_t addr, u32 size) 115 - { 116 - return BUILD_RING_BASE_ADDR(addr, size); 117 - } 118 - 119 - static u32 read_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring) 120 - { 121 - return READ_CSR_RING_HEAD(csr_base_addr, bank, ring); 122 - } 123 - 124 - static void write_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring, 125 - u32 value) 126 - { 127 - WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value); 128 - } 129 - 130 - static u32 read_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring) 131 - { 132 - return READ_CSR_RING_TAIL(csr_base_addr, bank, ring); 133 - } 134 - 135 - static void write_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring, 136 - u32 value) 137 - { 138 - WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value); 139 - } 140 - 141 - static u32 read_csr_e_stat(void __iomem *csr_base_addr, u32 bank) 142 - { 143 - return READ_CSR_E_STAT(csr_base_addr, bank); 144 - } 145 - 146 - static void write_csr_ring_config(void __iomem *csr_base_addr, u32 bank, 147 - u32 ring, u32 value) 148 - { 149 - WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value); 150 - } 151 - 152 - static void write_csr_ring_base(void __iomem *csr_base_addr, u32 bank, u32 ring, 153 - dma_addr_t addr) 154 - { 155 - WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, addr); 156 - } 157 - 158 - static void write_csr_int_flag(void __iomem *csr_base_addr, u32 bank, u32 value) 159 - { 160 - WRITE_CSR_INT_FLAG(csr_base_addr, bank, value); 161 - } 162 - 163 - static void write_csr_int_srcsel(void __iomem *csr_base_addr, u32 bank) 164 - { 165 - WRITE_CSR_INT_SRCSEL(csr_base_addr, bank); 166 - } 167 - 168 - static void write_csr_int_col_en(void __iomem *csr_base_addr, u32 bank, 169 - u32 value) 170 - { 171 - WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value); 172 - } 173 - 174 - static void write_csr_int_col_ctl(void __iomem *csr_base_addr, u32 bank, 175 - u32 value) 176 - { 177 - WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value); 178 - } 179 - 180 - static void write_csr_int_flag_and_col(void __iomem *csr_base_addr, u32 bank, 181 - u32 value) 182 - { 183 - WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value); 184 - } 185 - 186 - static void write_csr_ring_srv_arb_en(void __iomem *csr_base_addr, u32 bank, 187 - u32 value) 188 - { 189 - WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value); 190 - } 191 - 192 - void adf_gen2_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops) 193 - { 194 - csr_ops->build_csr_ring_base_addr = build_csr_ring_base_addr; 195 - csr_ops->read_csr_ring_head = read_csr_ring_head; 196 - csr_ops->write_csr_ring_head = write_csr_ring_head; 197 - csr_ops->read_csr_ring_tail = read_csr_ring_tail; 198 - csr_ops->write_csr_ring_tail = write_csr_ring_tail; 199 - csr_ops->read_csr_e_stat = read_csr_e_stat; 200 - csr_ops->write_csr_ring_config = write_csr_ring_config; 201 - csr_ops->write_csr_ring_base = write_csr_ring_base; 202 - csr_ops->write_csr_int_flag = write_csr_int_flag; 203 - csr_ops->write_csr_int_srcsel = write_csr_int_srcsel; 204 - csr_ops->write_csr_int_col_en = write_csr_int_col_en; 205 - csr_ops->write_csr_int_col_ctl = write_csr_int_col_ctl; 206 - csr_ops->write_csr_int_flag_and_col = write_csr_int_flag_and_col; 207 - csr_ops->write_csr_ring_srv_arb_en = write_csr_ring_srv_arb_en; 208 - } 209 - EXPORT_SYMBOL_GPL(adf_gen2_init_hw_csr_ops); 210 - 211 114 u32 adf_gen2_get_accel_cap(struct adf_accel_dev *accel_dev) 212 115 { 213 116 struct adf_hw_device_data *hw_data = accel_dev->hw_device;

-76

drivers/crypto/intel/qat/qat_common/adf_gen2_hw_data.h

··· 6 6 #include "adf_accel_devices.h" 7 7 #include "adf_cfg_common.h" 8 8 9 - /* Transport access */ 10 - #define ADF_BANK_INT_SRC_SEL_MASK_0 0x4444444CUL 11 - #define ADF_BANK_INT_SRC_SEL_MASK_X 0x44444444UL 12 - #define ADF_RING_CSR_RING_CONFIG 0x000 13 - #define ADF_RING_CSR_RING_LBASE 0x040 14 - #define ADF_RING_CSR_RING_UBASE 0x080 15 - #define ADF_RING_CSR_RING_HEAD 0x0C0 16 - #define ADF_RING_CSR_RING_TAIL 0x100 17 - #define ADF_RING_CSR_E_STAT 0x14C 18 - #define ADF_RING_CSR_INT_FLAG 0x170 19 - #define ADF_RING_CSR_INT_SRCSEL 0x174 20 - #define ADF_RING_CSR_INT_SRCSEL_2 0x178 21 - #define ADF_RING_CSR_INT_COL_EN 0x17C 22 - #define ADF_RING_CSR_INT_COL_CTL 0x180 23 - #define ADF_RING_CSR_INT_FLAG_AND_COL 0x184 24 - #define ADF_RING_CSR_INT_COL_CTL_ENABLE 0x80000000 25 - #define ADF_RING_BUNDLE_SIZE 0x1000 26 9 #define ADF_GEN2_RX_RINGS_OFFSET 8 27 10 #define ADF_GEN2_TX_RINGS_MASK 0xFF 28 - 29 - #define BUILD_RING_BASE_ADDR(addr, size) \ 30 - (((addr) >> 6) & (GENMASK_ULL(63, 0) << (size))) 31 - #define READ_CSR_RING_HEAD(csr_base_addr, bank, ring) \ 32 - ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 33 - ADF_RING_CSR_RING_HEAD + ((ring) << 2)) 34 - #define READ_CSR_RING_TAIL(csr_base_addr, bank, ring) \ 35 - ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 36 - ADF_RING_CSR_RING_TAIL + ((ring) << 2)) 37 - #define READ_CSR_E_STAT(csr_base_addr, bank) \ 38 - ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 39 - ADF_RING_CSR_E_STAT) 40 - #define WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value) \ 41 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 42 - ADF_RING_CSR_RING_CONFIG + ((ring) << 2), value) 43 - #define WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, value) \ 44 - do { \ 45 - u32 l_base = 0, u_base = 0; \ 46 - l_base = (u32)((value) & 0xFFFFFFFF); \ 47 - u_base = (u32)(((value) & 0xFFFFFFFF00000000ULL) >> 32); \ 48 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 49 - ADF_RING_CSR_RING_LBASE + ((ring) << 2), l_base); \ 50 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 51 - ADF_RING_CSR_RING_UBASE + ((ring) << 2), u_base); \ 52 - } while (0) 53 - 54 - #define WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value) \ 55 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 56 - ADF_RING_CSR_RING_HEAD + ((ring) << 2), value) 57 - #define WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value) \ 58 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 59 - ADF_RING_CSR_RING_TAIL + ((ring) << 2), value) 60 - #define WRITE_CSR_INT_FLAG(csr_base_addr, bank, value) \ 61 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 62 - ADF_RING_CSR_INT_FLAG, value) 63 - #define WRITE_CSR_INT_SRCSEL(csr_base_addr, bank) \ 64 - do { \ 65 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 66 - ADF_RING_CSR_INT_SRCSEL, ADF_BANK_INT_SRC_SEL_MASK_0); \ 67 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 68 - ADF_RING_CSR_INT_SRCSEL_2, ADF_BANK_INT_SRC_SEL_MASK_X); \ 69 - } while (0) 70 - #define WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value) \ 71 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 72 - ADF_RING_CSR_INT_COL_EN, value) 73 - #define WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value) \ 74 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 75 - ADF_RING_CSR_INT_COL_CTL, \ 76 - ADF_RING_CSR_INT_COL_CTL_ENABLE | (value)) 77 - #define WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value) \ 78 - ADF_CSR_WR(csr_base_addr, (ADF_RING_BUNDLE_SIZE * (bank)) + \ 79 - ADF_RING_CSR_INT_FLAG_AND_COL, value) 80 11 81 12 /* AE to function map */ 82 13 #define AE2FUNCTION_MAP_A_OFFSET (0x3A400 + 0x190) ··· 37 106 #define ADF_ARB_OFFSET 0x30000 38 107 #define ADF_ARB_WRK_2_SER_MAP_OFFSET 0x180 39 108 #define ADF_ARB_CONFIG (BIT(31) | BIT(6) | BIT(0)) 40 - #define ADF_ARB_REG_SLOT 0x1000 41 - #define ADF_ARB_RINGSRVARBEN_OFFSET 0x19C 42 - 43 - #define WRITE_CSR_RING_SRV_ARB_EN(csr_addr, index, value) \ 44 - ADF_CSR_WR(csr_addr, ADF_ARB_RINGSRVARBEN_OFFSET + \ 45 - (ADF_ARB_REG_SLOT * (index)), value) 46 109 47 110 /* Power gating */ 48 111 #define ADF_POWERGATE_DC BIT(23) ··· 83 158 void adf_gen2_enable_error_correction(struct adf_accel_dev *accel_dev); 84 159 void adf_gen2_cfg_iov_thds(struct adf_accel_dev *accel_dev, bool enable, 85 160 int num_a_regs, int num_b_regs); 86 - void adf_gen2_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops); 87 161 void adf_gen2_get_admin_info(struct admin_info *admin_csrs_info); 88 162 void adf_gen2_get_arb_info(struct arb_info *arb_info); 89 163 void adf_gen2_enable_ints(struct adf_accel_dev *accel_dev);

+231

drivers/crypto/intel/qat/qat_common/adf_gen4_hw_csr_data.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #include <linux/types.h> 4 + #include "adf_gen4_hw_csr_data.h" 5 + 6 + static u64 build_csr_ring_base_addr(dma_addr_t addr, u32 size) 7 + { 8 + return BUILD_RING_BASE_ADDR(addr, size); 9 + } 10 + 11 + static u32 read_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring) 12 + { 13 + return READ_CSR_RING_HEAD(csr_base_addr, bank, ring); 14 + } 15 + 16 + static void write_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring, 17 + u32 value) 18 + { 19 + WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value); 20 + } 21 + 22 + static u32 read_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring) 23 + { 24 + return READ_CSR_RING_TAIL(csr_base_addr, bank, ring); 25 + } 26 + 27 + static void write_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring, 28 + u32 value) 29 + { 30 + WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value); 31 + } 32 + 33 + static u32 read_csr_stat(void __iomem *csr_base_addr, u32 bank) 34 + { 35 + return READ_CSR_STAT(csr_base_addr, bank); 36 + } 37 + 38 + static u32 read_csr_uo_stat(void __iomem *csr_base_addr, u32 bank) 39 + { 40 + return READ_CSR_UO_STAT(csr_base_addr, bank); 41 + } 42 + 43 + static u32 read_csr_e_stat(void __iomem *csr_base_addr, u32 bank) 44 + { 45 + return READ_CSR_E_STAT(csr_base_addr, bank); 46 + } 47 + 48 + static u32 read_csr_ne_stat(void __iomem *csr_base_addr, u32 bank) 49 + { 50 + return READ_CSR_NE_STAT(csr_base_addr, bank); 51 + } 52 + 53 + static u32 read_csr_nf_stat(void __iomem *csr_base_addr, u32 bank) 54 + { 55 + return READ_CSR_NF_STAT(csr_base_addr, bank); 56 + } 57 + 58 + static u32 read_csr_f_stat(void __iomem *csr_base_addr, u32 bank) 59 + { 60 + return READ_CSR_F_STAT(csr_base_addr, bank); 61 + } 62 + 63 + static u32 read_csr_c_stat(void __iomem *csr_base_addr, u32 bank) 64 + { 65 + return READ_CSR_C_STAT(csr_base_addr, bank); 66 + } 67 + 68 + static u32 read_csr_exp_stat(void __iomem *csr_base_addr, u32 bank) 69 + { 70 + return READ_CSR_EXP_STAT(csr_base_addr, bank); 71 + } 72 + 73 + static u32 read_csr_exp_int_en(void __iomem *csr_base_addr, u32 bank) 74 + { 75 + return READ_CSR_EXP_INT_EN(csr_base_addr, bank); 76 + } 77 + 78 + static void write_csr_exp_int_en(void __iomem *csr_base_addr, u32 bank, 79 + u32 value) 80 + { 81 + WRITE_CSR_EXP_INT_EN(csr_base_addr, bank, value); 82 + } 83 + 84 + static u32 read_csr_ring_config(void __iomem *csr_base_addr, u32 bank, 85 + u32 ring) 86 + { 87 + return READ_CSR_RING_CONFIG(csr_base_addr, bank, ring); 88 + } 89 + 90 + static void write_csr_ring_config(void __iomem *csr_base_addr, u32 bank, u32 ring, 91 + u32 value) 92 + { 93 + WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value); 94 + } 95 + 96 + static dma_addr_t read_csr_ring_base(void __iomem *csr_base_addr, u32 bank, 97 + u32 ring) 98 + { 99 + return READ_CSR_RING_BASE(csr_base_addr, bank, ring); 100 + } 101 + 102 + static void write_csr_ring_base(void __iomem *csr_base_addr, u32 bank, u32 ring, 103 + dma_addr_t addr) 104 + { 105 + WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, addr); 106 + } 107 + 108 + static u32 read_csr_int_en(void __iomem *csr_base_addr, u32 bank) 109 + { 110 + return READ_CSR_INT_EN(csr_base_addr, bank); 111 + } 112 + 113 + static void write_csr_int_en(void __iomem *csr_base_addr, u32 bank, u32 value) 114 + { 115 + WRITE_CSR_INT_EN(csr_base_addr, bank, value); 116 + } 117 + 118 + static u32 read_csr_int_flag(void __iomem *csr_base_addr, u32 bank) 119 + { 120 + return READ_CSR_INT_FLAG(csr_base_addr, bank); 121 + } 122 + 123 + static void write_csr_int_flag(void __iomem *csr_base_addr, u32 bank, 124 + u32 value) 125 + { 126 + WRITE_CSR_INT_FLAG(csr_base_addr, bank, value); 127 + } 128 + 129 + static u32 read_csr_int_srcsel(void __iomem *csr_base_addr, u32 bank) 130 + { 131 + return READ_CSR_INT_SRCSEL(csr_base_addr, bank); 132 + } 133 + 134 + static void write_csr_int_srcsel(void __iomem *csr_base_addr, u32 bank) 135 + { 136 + WRITE_CSR_INT_SRCSEL(csr_base_addr, bank); 137 + } 138 + 139 + static void write_csr_int_srcsel_w_val(void __iomem *csr_base_addr, u32 bank, 140 + u32 value) 141 + { 142 + WRITE_CSR_INT_SRCSEL_W_VAL(csr_base_addr, bank, value); 143 + } 144 + 145 + static u32 read_csr_int_col_en(void __iomem *csr_base_addr, u32 bank) 146 + { 147 + return READ_CSR_INT_COL_EN(csr_base_addr, bank); 148 + } 149 + 150 + static void write_csr_int_col_en(void __iomem *csr_base_addr, u32 bank, u32 value) 151 + { 152 + WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value); 153 + } 154 + 155 + static u32 read_csr_int_col_ctl(void __iomem *csr_base_addr, u32 bank) 156 + { 157 + return READ_CSR_INT_COL_CTL(csr_base_addr, bank); 158 + } 159 + 160 + static void write_csr_int_col_ctl(void __iomem *csr_base_addr, u32 bank, 161 + u32 value) 162 + { 163 + WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value); 164 + } 165 + 166 + static u32 read_csr_int_flag_and_col(void __iomem *csr_base_addr, u32 bank) 167 + { 168 + return READ_CSR_INT_FLAG_AND_COL(csr_base_addr, bank); 169 + } 170 + 171 + static void write_csr_int_flag_and_col(void __iomem *csr_base_addr, u32 bank, 172 + u32 value) 173 + { 174 + WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value); 175 + } 176 + 177 + static u32 read_csr_ring_srv_arb_en(void __iomem *csr_base_addr, u32 bank) 178 + { 179 + return READ_CSR_RING_SRV_ARB_EN(csr_base_addr, bank); 180 + } 181 + 182 + static void write_csr_ring_srv_arb_en(void __iomem *csr_base_addr, u32 bank, 183 + u32 value) 184 + { 185 + WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value); 186 + } 187 + 188 + static u32 get_int_col_ctl_enable_mask(void) 189 + { 190 + return ADF_RING_CSR_INT_COL_CTL_ENABLE; 191 + } 192 + 193 + void adf_gen4_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops) 194 + { 195 + csr_ops->build_csr_ring_base_addr = build_csr_ring_base_addr; 196 + csr_ops->read_csr_ring_head = read_csr_ring_head; 197 + csr_ops->write_csr_ring_head = write_csr_ring_head; 198 + csr_ops->read_csr_ring_tail = read_csr_ring_tail; 199 + csr_ops->write_csr_ring_tail = write_csr_ring_tail; 200 + csr_ops->read_csr_stat = read_csr_stat; 201 + csr_ops->read_csr_uo_stat = read_csr_uo_stat; 202 + csr_ops->read_csr_e_stat = read_csr_e_stat; 203 + csr_ops->read_csr_ne_stat = read_csr_ne_stat; 204 + csr_ops->read_csr_nf_stat = read_csr_nf_stat; 205 + csr_ops->read_csr_f_stat = read_csr_f_stat; 206 + csr_ops->read_csr_c_stat = read_csr_c_stat; 207 + csr_ops->read_csr_exp_stat = read_csr_exp_stat; 208 + csr_ops->read_csr_exp_int_en = read_csr_exp_int_en; 209 + csr_ops->write_csr_exp_int_en = write_csr_exp_int_en; 210 + csr_ops->read_csr_ring_config = read_csr_ring_config; 211 + csr_ops->write_csr_ring_config = write_csr_ring_config; 212 + csr_ops->read_csr_ring_base = read_csr_ring_base; 213 + csr_ops->write_csr_ring_base = write_csr_ring_base; 214 + csr_ops->read_csr_int_en = read_csr_int_en; 215 + csr_ops->write_csr_int_en = write_csr_int_en; 216 + csr_ops->read_csr_int_flag = read_csr_int_flag; 217 + csr_ops->write_csr_int_flag = write_csr_int_flag; 218 + csr_ops->read_csr_int_srcsel = read_csr_int_srcsel; 219 + csr_ops->write_csr_int_srcsel = write_csr_int_srcsel; 220 + csr_ops->write_csr_int_srcsel_w_val = write_csr_int_srcsel_w_val; 221 + csr_ops->read_csr_int_col_en = read_csr_int_col_en; 222 + csr_ops->write_csr_int_col_en = write_csr_int_col_en; 223 + csr_ops->read_csr_int_col_ctl = read_csr_int_col_ctl; 224 + csr_ops->write_csr_int_col_ctl = write_csr_int_col_ctl; 225 + csr_ops->read_csr_int_flag_and_col = read_csr_int_flag_and_col; 226 + csr_ops->write_csr_int_flag_and_col = write_csr_int_flag_and_col; 227 + csr_ops->read_csr_ring_srv_arb_en = read_csr_ring_srv_arb_en; 228 + csr_ops->write_csr_ring_srv_arb_en = write_csr_ring_srv_arb_en; 229 + csr_ops->get_int_col_ctl_enable_mask = get_int_col_ctl_enable_mask; 230 + } 231 + EXPORT_SYMBOL_GPL(adf_gen4_init_hw_csr_ops);

+188

drivers/crypto/intel/qat/qat_common/adf_gen4_hw_csr_data.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #ifndef ADF_GEN4_HW_CSR_DATA_H_ 4 + #define ADF_GEN4_HW_CSR_DATA_H_ 5 + 6 + #include <linux/bitops.h> 7 + #include "adf_accel_devices.h" 8 + 9 + #define ADF_BANK_INT_SRC_SEL_MASK 0x44UL 10 + #define ADF_RING_CSR_RING_CONFIG 0x1000 11 + #define ADF_RING_CSR_RING_LBASE 0x1040 12 + #define ADF_RING_CSR_RING_UBASE 0x1080 13 + #define ADF_RING_CSR_RING_HEAD 0x0C0 14 + #define ADF_RING_CSR_RING_TAIL 0x100 15 + #define ADF_RING_CSR_STAT 0x140 16 + #define ADF_RING_CSR_UO_STAT 0x148 17 + #define ADF_RING_CSR_E_STAT 0x14C 18 + #define ADF_RING_CSR_NE_STAT 0x150 19 + #define ADF_RING_CSR_NF_STAT 0x154 20 + #define ADF_RING_CSR_F_STAT 0x158 21 + #define ADF_RING_CSR_C_STAT 0x15C 22 + #define ADF_RING_CSR_INT_FLAG_EN 0x16C 23 + #define ADF_RING_CSR_INT_FLAG 0x170 24 + #define ADF_RING_CSR_INT_SRCSEL 0x174 25 + #define ADF_RING_CSR_INT_COL_EN 0x17C 26 + #define ADF_RING_CSR_INT_COL_CTL 0x180 27 + #define ADF_RING_CSR_INT_FLAG_AND_COL 0x184 28 + #define ADF_RING_CSR_EXP_STAT 0x188 29 + #define ADF_RING_CSR_EXP_INT_EN 0x18C 30 + #define ADF_RING_CSR_INT_COL_CTL_ENABLE 0x80000000 31 + #define ADF_RING_CSR_ADDR_OFFSET 0x100000 32 + #define ADF_RING_BUNDLE_SIZE 0x2000 33 + #define ADF_RING_CSR_RING_SRV_ARB_EN 0x19C 34 + 35 + #define BUILD_RING_BASE_ADDR(addr, size) \ 36 + ((((addr) >> 6) & (GENMASK_ULL(63, 0) << (size))) << 6) 37 + #define READ_CSR_RING_HEAD(csr_base_addr, bank, ring) \ 38 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 39 + ADF_RING_BUNDLE_SIZE * (bank) + \ 40 + ADF_RING_CSR_RING_HEAD + ((ring) << 2)) 41 + #define READ_CSR_RING_TAIL(csr_base_addr, bank, ring) \ 42 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 43 + ADF_RING_BUNDLE_SIZE * (bank) + \ 44 + ADF_RING_CSR_RING_TAIL + ((ring) << 2)) 45 + #define READ_CSR_STAT(csr_base_addr, bank) \ 46 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 47 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_STAT) 48 + #define READ_CSR_UO_STAT(csr_base_addr, bank) \ 49 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 50 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_UO_STAT) 51 + #define READ_CSR_E_STAT(csr_base_addr, bank) \ 52 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 53 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_E_STAT) 54 + #define READ_CSR_NE_STAT(csr_base_addr, bank) \ 55 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 56 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_NE_STAT) 57 + #define READ_CSR_NF_STAT(csr_base_addr, bank) \ 58 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 59 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_NF_STAT) 60 + #define READ_CSR_F_STAT(csr_base_addr, bank) \ 61 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 62 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_F_STAT) 63 + #define READ_CSR_C_STAT(csr_base_addr, bank) \ 64 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 65 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_C_STAT) 66 + #define READ_CSR_EXP_STAT(csr_base_addr, bank) \ 67 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 68 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_EXP_STAT) 69 + #define READ_CSR_EXP_INT_EN(csr_base_addr, bank) \ 70 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 71 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_EXP_INT_EN) 72 + #define WRITE_CSR_EXP_INT_EN(csr_base_addr, bank, value) \ 73 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 74 + ADF_RING_BUNDLE_SIZE * (bank) + \ 75 + ADF_RING_CSR_EXP_INT_EN, value) 76 + #define READ_CSR_RING_CONFIG(csr_base_addr, bank, ring) \ 77 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 78 + ADF_RING_BUNDLE_SIZE * (bank) + \ 79 + ADF_RING_CSR_RING_CONFIG + ((ring) << 2)) 80 + #define WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value) \ 81 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 82 + ADF_RING_BUNDLE_SIZE * (bank) + \ 83 + ADF_RING_CSR_RING_CONFIG + ((ring) << 2), value) 84 + #define WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, value) \ 85 + do { \ 86 + void __iomem *_csr_base_addr = csr_base_addr; \ 87 + u32 _bank = bank; \ 88 + u32 _ring = ring; \ 89 + dma_addr_t _value = value; \ 90 + u32 l_base = 0, u_base = 0; \ 91 + l_base = lower_32_bits(_value); \ 92 + u_base = upper_32_bits(_value); \ 93 + ADF_CSR_WR((_csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 94 + ADF_RING_BUNDLE_SIZE * (_bank) + \ 95 + ADF_RING_CSR_RING_LBASE + ((_ring) << 2), l_base); \ 96 + ADF_CSR_WR((_csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 97 + ADF_RING_BUNDLE_SIZE * (_bank) + \ 98 + ADF_RING_CSR_RING_UBASE + ((_ring) << 2), u_base); \ 99 + } while (0) 100 + 101 + static inline u64 read_base(void __iomem *csr_base_addr, u32 bank, u32 ring) 102 + { 103 + u32 l_base, u_base; 104 + 105 + /* 106 + * Use special IO wrapper for ring base as LBASE and UBASE are 107 + * not physically contigious 108 + */ 109 + l_base = ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * bank) + 110 + ADF_RING_CSR_RING_LBASE + (ring << 2)); 111 + u_base = ADF_CSR_RD(csr_base_addr, (ADF_RING_BUNDLE_SIZE * bank) + 112 + ADF_RING_CSR_RING_UBASE + (ring << 2)); 113 + 114 + return (u64)u_base << 32 | (u64)l_base; 115 + } 116 + 117 + #define READ_CSR_RING_BASE(csr_base_addr, bank, ring) \ 118 + read_base((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, (bank), (ring)) 119 + 120 + #define WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value) \ 121 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 122 + ADF_RING_BUNDLE_SIZE * (bank) + \ 123 + ADF_RING_CSR_RING_HEAD + ((ring) << 2), value) 124 + #define WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value) \ 125 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 126 + ADF_RING_BUNDLE_SIZE * (bank) + \ 127 + ADF_RING_CSR_RING_TAIL + ((ring) << 2), value) 128 + #define READ_CSR_INT_EN(csr_base_addr, bank) \ 129 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 130 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_INT_FLAG_EN) 131 + #define WRITE_CSR_INT_EN(csr_base_addr, bank, value) \ 132 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 133 + ADF_RING_BUNDLE_SIZE * (bank) + \ 134 + ADF_RING_CSR_INT_FLAG_EN, (value)) 135 + #define READ_CSR_INT_FLAG(csr_base_addr, bank) \ 136 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 137 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_INT_FLAG) 138 + #define WRITE_CSR_INT_FLAG(csr_base_addr, bank, value) \ 139 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 140 + ADF_RING_BUNDLE_SIZE * (bank) + \ 141 + ADF_RING_CSR_INT_FLAG, (value)) 142 + #define READ_CSR_INT_SRCSEL(csr_base_addr, bank) \ 143 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 144 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_INT_SRCSEL) 145 + #define WRITE_CSR_INT_SRCSEL(csr_base_addr, bank) \ 146 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 147 + ADF_RING_BUNDLE_SIZE * (bank) + \ 148 + ADF_RING_CSR_INT_SRCSEL, ADF_BANK_INT_SRC_SEL_MASK) 149 + #define WRITE_CSR_INT_SRCSEL_W_VAL(csr_base_addr, bank, value) \ 150 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 151 + ADF_RING_BUNDLE_SIZE * (bank) + \ 152 + ADF_RING_CSR_INT_SRCSEL, (value)) 153 + #define READ_CSR_INT_COL_EN(csr_base_addr, bank) \ 154 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 155 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_INT_COL_EN) 156 + #define WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value) \ 157 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 158 + ADF_RING_BUNDLE_SIZE * (bank) + \ 159 + ADF_RING_CSR_INT_COL_EN, (value)) 160 + #define READ_CSR_INT_COL_CTL(csr_base_addr, bank) \ 161 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 162 + ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_INT_COL_CTL) 163 + #define WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value) \ 164 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 165 + ADF_RING_BUNDLE_SIZE * (bank) + \ 166 + ADF_RING_CSR_INT_COL_CTL, \ 167 + ADF_RING_CSR_INT_COL_CTL_ENABLE | (value)) 168 + #define READ_CSR_INT_FLAG_AND_COL(csr_base_addr, bank) \ 169 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 170 + ADF_RING_BUNDLE_SIZE * (bank) + \ 171 + ADF_RING_CSR_INT_FLAG_AND_COL) 172 + #define WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value) \ 173 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 174 + ADF_RING_BUNDLE_SIZE * (bank) + \ 175 + ADF_RING_CSR_INT_FLAG_AND_COL, (value)) 176 + 177 + #define READ_CSR_RING_SRV_ARB_EN(csr_base_addr, bank) \ 178 + ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 179 + ADF_RING_BUNDLE_SIZE * (bank) + \ 180 + ADF_RING_CSR_RING_SRV_ARB_EN) 181 + #define WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value) \ 182 + ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 183 + ADF_RING_BUNDLE_SIZE * (bank) + \ 184 + ADF_RING_CSR_RING_SRV_ARB_EN, (value)) 185 + 186 + void adf_gen4_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops); 187 + 188 + #endif

+280 -100

drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.c

··· 1 1 // SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only) 2 2 /* Copyright(c) 2020 Intel Corporation */ 3 3 #include <linux/iopoll.h> 4 + #include <asm/div64.h> 4 5 #include "adf_accel_devices.h" 5 6 #include "adf_cfg_services.h" 6 7 #include "adf_common_drv.h" 7 8 #include "adf_fw_config.h" 8 9 #include "adf_gen4_hw_data.h" 9 10 #include "adf_gen4_pm.h" 10 - 11 - static u64 build_csr_ring_base_addr(dma_addr_t addr, u32 size) 12 - { 13 - return BUILD_RING_BASE_ADDR(addr, size); 14 - } 15 - 16 - static u32 read_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring) 17 - { 18 - return READ_CSR_RING_HEAD(csr_base_addr, bank, ring); 19 - } 20 - 21 - static void write_csr_ring_head(void __iomem *csr_base_addr, u32 bank, u32 ring, 22 - u32 value) 23 - { 24 - WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value); 25 - } 26 - 27 - static u32 read_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring) 28 - { 29 - return READ_CSR_RING_TAIL(csr_base_addr, bank, ring); 30 - } 31 - 32 - static void write_csr_ring_tail(void __iomem *csr_base_addr, u32 bank, u32 ring, 33 - u32 value) 34 - { 35 - WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value); 36 - } 37 - 38 - static u32 read_csr_e_stat(void __iomem *csr_base_addr, u32 bank) 39 - { 40 - return READ_CSR_E_STAT(csr_base_addr, bank); 41 - } 42 - 43 - static void write_csr_ring_config(void __iomem *csr_base_addr, u32 bank, u32 ring, 44 - u32 value) 45 - { 46 - WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value); 47 - } 48 - 49 - static void write_csr_ring_base(void __iomem *csr_base_addr, u32 bank, u32 ring, 50 - dma_addr_t addr) 51 - { 52 - WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, addr); 53 - } 54 - 55 - static void write_csr_int_flag(void __iomem *csr_base_addr, u32 bank, 56 - u32 value) 57 - { 58 - WRITE_CSR_INT_FLAG(csr_base_addr, bank, value); 59 - } 60 - 61 - static void write_csr_int_srcsel(void __iomem *csr_base_addr, u32 bank) 62 - { 63 - WRITE_CSR_INT_SRCSEL(csr_base_addr, bank); 64 - } 65 - 66 - static void write_csr_int_col_en(void __iomem *csr_base_addr, u32 bank, u32 value) 67 - { 68 - WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value); 69 - } 70 - 71 - static void write_csr_int_col_ctl(void __iomem *csr_base_addr, u32 bank, 72 - u32 value) 73 - { 74 - WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value); 75 - } 76 - 77 - static void write_csr_int_flag_and_col(void __iomem *csr_base_addr, u32 bank, 78 - u32 value) 79 - { 80 - WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value); 81 - } 82 - 83 - static void write_csr_ring_srv_arb_en(void __iomem *csr_base_addr, u32 bank, 84 - u32 value) 85 - { 86 - WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value); 87 - } 88 - 89 - void adf_gen4_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops) 90 - { 91 - csr_ops->build_csr_ring_base_addr = build_csr_ring_base_addr; 92 - csr_ops->read_csr_ring_head = read_csr_ring_head; 93 - csr_ops->write_csr_ring_head = write_csr_ring_head; 94 - csr_ops->read_csr_ring_tail = read_csr_ring_tail; 95 - csr_ops->write_csr_ring_tail = write_csr_ring_tail; 96 - csr_ops->read_csr_e_stat = read_csr_e_stat; 97 - csr_ops->write_csr_ring_config = write_csr_ring_config; 98 - csr_ops->write_csr_ring_base = write_csr_ring_base; 99 - csr_ops->write_csr_int_flag = write_csr_int_flag; 100 - csr_ops->write_csr_int_srcsel = write_csr_int_srcsel; 101 - csr_ops->write_csr_int_col_en = write_csr_int_col_en; 102 - csr_ops->write_csr_int_col_ctl = write_csr_int_col_ctl; 103 - csr_ops->write_csr_int_flag_and_col = write_csr_int_flag_and_col; 104 - csr_ops->write_csr_ring_srv_arb_en = write_csr_ring_srv_arb_en; 105 - } 106 - EXPORT_SYMBOL_GPL(adf_gen4_init_hw_csr_ops); 107 11 108 12 u32 adf_gen4_get_accel_mask(struct adf_hw_device_data *self) 109 13 { ··· 225 321 int adf_gen4_ring_pair_reset(struct adf_accel_dev *accel_dev, u32 bank_number) 226 322 { 227 323 struct adf_hw_device_data *hw_data = accel_dev->hw_device; 228 - u32 etr_bar_id = hw_data->get_etr_bar_id(hw_data); 229 - void __iomem *csr; 324 + void __iomem *csr = adf_get_etr_base(accel_dev); 230 325 int ret; 231 326 232 327 if (bank_number >= hw_data->num_banks) ··· 234 331 dev_dbg(&GET_DEV(accel_dev), 235 332 "ring pair reset for bank:%d\n", bank_number); 236 333 237 - csr = (&GET_BARS(accel_dev)[etr_bar_id])->virt_addr; 238 334 ret = reset_ring_pair(csr, bank_number); 239 335 if (ret) 240 336 dev_err(&GET_DEV(accel_dev), ··· 391 489 return ring_to_svc_map; 392 490 } 393 491 EXPORT_SYMBOL_GPL(adf_gen4_get_ring_to_svc_map); 492 + 493 + /* 494 + * adf_gen4_bank_quiesce_coal_timer() - quiesce bank coalesced interrupt timer 495 + * @accel_dev: Pointer to the device structure 496 + * @bank_idx: Offset to the bank within this device 497 + * @timeout_ms: Timeout in milliseconds for the operation 498 + * 499 + * This function tries to quiesce the coalesced interrupt timer of a bank if 500 + * it has been enabled and triggered. 501 + * 502 + * Returns 0 on success, error code otherwise 503 + * 504 + */ 505 + int adf_gen4_bank_quiesce_coal_timer(struct adf_accel_dev *accel_dev, 506 + u32 bank_idx, int timeout_ms) 507 + { 508 + struct adf_hw_device_data *hw_data = GET_HW_DATA(accel_dev); 509 + struct adf_hw_csr_ops *csr_ops = GET_CSR_OPS(accel_dev); 510 + void __iomem *csr_misc = adf_get_pmisc_base(accel_dev); 511 + void __iomem *csr_etr = adf_get_etr_base(accel_dev); 512 + u32 int_col_ctl, int_col_mask, int_col_en; 513 + u32 e_stat, intsrc; 514 + u64 wait_us; 515 + int ret; 516 + 517 + if (timeout_ms < 0) 518 + return -EINVAL; 519 + 520 + int_col_ctl = csr_ops->read_csr_int_col_ctl(csr_etr, bank_idx); 521 + int_col_mask = csr_ops->get_int_col_ctl_enable_mask(); 522 + if (!(int_col_ctl & int_col_mask)) 523 + return 0; 524 + 525 + int_col_en = csr_ops->read_csr_int_col_en(csr_etr, bank_idx); 526 + int_col_en &= BIT(ADF_WQM_CSR_RP_IDX_RX); 527 + 528 + e_stat = csr_ops->read_csr_e_stat(csr_etr, bank_idx); 529 + if (!(~e_stat & int_col_en)) 530 + return 0; 531 + 532 + wait_us = 2 * ((int_col_ctl & ~int_col_mask) << 8) * USEC_PER_SEC; 533 + do_div(wait_us, hw_data->clock_frequency); 534 + wait_us = min(wait_us, (u64)timeout_ms * USEC_PER_MSEC); 535 + dev_dbg(&GET_DEV(accel_dev), 536 + "wait for bank %d - coalesced timer expires in %llu us (max=%u ms estat=0x%x intcolen=0x%x)\n", 537 + bank_idx, wait_us, timeout_ms, e_stat, int_col_en); 538 + 539 + ret = read_poll_timeout(ADF_CSR_RD, intsrc, intsrc, 540 + ADF_COALESCED_POLL_DELAY_US, wait_us, true, 541 + csr_misc, ADF_WQM_CSR_RPINTSOU(bank_idx)); 542 + if (ret) 543 + dev_warn(&GET_DEV(accel_dev), 544 + "coalesced timer for bank %d expired (%llu us)\n", 545 + bank_idx, wait_us); 546 + 547 + return ret; 548 + } 549 + EXPORT_SYMBOL_GPL(adf_gen4_bank_quiesce_coal_timer); 550 + 551 + static int drain_bank(void __iomem *csr, u32 bank_number, int timeout_us) 552 + { 553 + u32 status; 554 + 555 + ADF_CSR_WR(csr, ADF_WQM_CSR_RPRESETCTL(bank_number), 556 + ADF_WQM_CSR_RPRESETCTL_DRAIN); 557 + 558 + return read_poll_timeout(ADF_CSR_RD, status, 559 + status & ADF_WQM_CSR_RPRESETSTS_STATUS, 560 + ADF_RPRESET_POLL_DELAY_US, timeout_us, true, 561 + csr, ADF_WQM_CSR_RPRESETSTS(bank_number)); 562 + } 563 + 564 + void adf_gen4_bank_drain_finish(struct adf_accel_dev *accel_dev, 565 + u32 bank_number) 566 + { 567 + void __iomem *csr = adf_get_etr_base(accel_dev); 568 + 569 + ADF_CSR_WR(csr, ADF_WQM_CSR_RPRESETSTS(bank_number), 570 + ADF_WQM_CSR_RPRESETSTS_STATUS); 571 + } 572 + 573 + int adf_gen4_bank_drain_start(struct adf_accel_dev *accel_dev, 574 + u32 bank_number, int timeout_us) 575 + { 576 + void __iomem *csr = adf_get_etr_base(accel_dev); 577 + int ret; 578 + 579 + dev_dbg(&GET_DEV(accel_dev), "Drain bank %d\n", bank_number); 580 + 581 + ret = drain_bank(csr, bank_number, timeout_us); 582 + if (ret) 583 + dev_err(&GET_DEV(accel_dev), "Bank drain failed (timeout)\n"); 584 + else 585 + dev_dbg(&GET_DEV(accel_dev), "Bank drain successful\n"); 586 + 587 + return ret; 588 + } 589 + 590 + static void bank_state_save(struct adf_hw_csr_ops *ops, void __iomem *base, 591 + u32 bank, struct bank_state *state, u32 num_rings) 592 + { 593 + u32 i; 594 + 595 + state->ringstat0 = ops->read_csr_stat(base, bank); 596 + state->ringuostat = ops->read_csr_uo_stat(base, bank); 597 + state->ringestat = ops->read_csr_e_stat(base, bank); 598 + state->ringnestat = ops->read_csr_ne_stat(base, bank); 599 + state->ringnfstat = ops->read_csr_nf_stat(base, bank); 600 + state->ringfstat = ops->read_csr_f_stat(base, bank); 601 + state->ringcstat0 = ops->read_csr_c_stat(base, bank); 602 + state->iaintflagen = ops->read_csr_int_en(base, bank); 603 + state->iaintflagreg = ops->read_csr_int_flag(base, bank); 604 + state->iaintflagsrcsel0 = ops->read_csr_int_srcsel(base, bank); 605 + state->iaintcolen = ops->read_csr_int_col_en(base, bank); 606 + state->iaintcolctl = ops->read_csr_int_col_ctl(base, bank); 607 + state->iaintflagandcolen = ops->read_csr_int_flag_and_col(base, bank); 608 + state->ringexpstat = ops->read_csr_exp_stat(base, bank); 609 + state->ringexpintenable = ops->read_csr_exp_int_en(base, bank); 610 + state->ringsrvarben = ops->read_csr_ring_srv_arb_en(base, bank); 611 + 612 + for (i = 0; i < num_rings; i++) { 613 + state->rings[i].head = ops->read_csr_ring_head(base, bank, i); 614 + state->rings[i].tail = ops->read_csr_ring_tail(base, bank, i); 615 + state->rings[i].config = ops->read_csr_ring_config(base, bank, i); 616 + state->rings[i].base = ops->read_csr_ring_base(base, bank, i); 617 + } 618 + } 619 + 620 + #define CHECK_STAT(op, expect_val, name, args...) \ 621 + ({ \ 622 + u32 __expect_val = (expect_val); \ 623 + u32 actual_val = op(args); \ 624 + (__expect_val == actual_val) ? 0 : \ 625 + (pr_err("QAT: Fail to restore %s register. Expected 0x%x, actual 0x%x\n", \ 626 + name, __expect_val, actual_val), -EINVAL); \ 627 + }) 628 + 629 + static int bank_state_restore(struct adf_hw_csr_ops *ops, void __iomem *base, 630 + u32 bank, struct bank_state *state, u32 num_rings, 631 + int tx_rx_gap) 632 + { 633 + u32 val, tmp_val, i; 634 + int ret; 635 + 636 + for (i = 0; i < num_rings; i++) 637 + ops->write_csr_ring_base(base, bank, i, state->rings[i].base); 638 + 639 + for (i = 0; i < num_rings; i++) 640 + ops->write_csr_ring_config(base, bank, i, state->rings[i].config); 641 + 642 + for (i = 0; i < num_rings / 2; i++) { 643 + int tx = i * (tx_rx_gap + 1); 644 + int rx = tx + tx_rx_gap; 645 + 646 + ops->write_csr_ring_head(base, bank, tx, state->rings[tx].head); 647 + ops->write_csr_ring_tail(base, bank, tx, state->rings[tx].tail); 648 + 649 + /* 650 + * The TX ring head needs to be updated again to make sure that 651 + * the HW will not consider the ring as full when it is empty 652 + * and the correct state flags are set to match the recovered state. 653 + */ 654 + if (state->ringestat & BIT(tx)) { 655 + val = ops->read_csr_int_srcsel(base, bank); 656 + val |= ADF_RP_INT_SRC_SEL_F_RISE_MASK; 657 + ops->write_csr_int_srcsel_w_val(base, bank, val); 658 + ops->write_csr_ring_head(base, bank, tx, state->rings[tx].head); 659 + } 660 + 661 + ops->write_csr_ring_tail(base, bank, rx, state->rings[rx].tail); 662 + val = ops->read_csr_int_srcsel(base, bank); 663 + val |= ADF_RP_INT_SRC_SEL_F_RISE_MASK << ADF_RP_INT_SRC_SEL_RANGE_WIDTH; 664 + ops->write_csr_int_srcsel_w_val(base, bank, val); 665 + 666 + ops->write_csr_ring_head(base, bank, rx, state->rings[rx].head); 667 + val = ops->read_csr_int_srcsel(base, bank); 668 + val |= ADF_RP_INT_SRC_SEL_F_FALL_MASK << ADF_RP_INT_SRC_SEL_RANGE_WIDTH; 669 + ops->write_csr_int_srcsel_w_val(base, bank, val); 670 + 671 + /* 672 + * The RX ring tail needs to be updated again to make sure that 673 + * the HW will not consider the ring as empty when it is full 674 + * and the correct state flags are set to match the recovered state. 675 + */ 676 + if (state->ringfstat & BIT(rx)) 677 + ops->write_csr_ring_tail(base, bank, rx, state->rings[rx].tail); 678 + } 679 + 680 + ops->write_csr_int_flag_and_col(base, bank, state->iaintflagandcolen); 681 + ops->write_csr_int_en(base, bank, state->iaintflagen); 682 + ops->write_csr_int_col_en(base, bank, state->iaintcolen); 683 + ops->write_csr_int_srcsel_w_val(base, bank, state->iaintflagsrcsel0); 684 + ops->write_csr_exp_int_en(base, bank, state->ringexpintenable); 685 + ops->write_csr_int_col_ctl(base, bank, state->iaintcolctl); 686 + ops->write_csr_ring_srv_arb_en(base, bank, state->ringsrvarben); 687 + 688 + /* Check that all ring statuses match the saved state. */ 689 + ret = CHECK_STAT(ops->read_csr_stat, state->ringstat0, "ringstat", 690 + base, bank); 691 + if (ret) 692 + return ret; 693 + 694 + ret = CHECK_STAT(ops->read_csr_e_stat, state->ringestat, "ringestat", 695 + base, bank); 696 + if (ret) 697 + return ret; 698 + 699 + ret = CHECK_STAT(ops->read_csr_ne_stat, state->ringnestat, "ringnestat", 700 + base, bank); 701 + if (ret) 702 + return ret; 703 + 704 + ret = CHECK_STAT(ops->read_csr_nf_stat, state->ringnfstat, "ringnfstat", 705 + base, bank); 706 + if (ret) 707 + return ret; 708 + 709 + ret = CHECK_STAT(ops->read_csr_f_stat, state->ringfstat, "ringfstat", 710 + base, bank); 711 + if (ret) 712 + return ret; 713 + 714 + ret = CHECK_STAT(ops->read_csr_c_stat, state->ringcstat0, "ringcstat", 715 + base, bank); 716 + if (ret) 717 + return ret; 718 + 719 + tmp_val = ops->read_csr_exp_stat(base, bank); 720 + val = state->ringexpstat; 721 + if (tmp_val && !val) { 722 + pr_err("QAT: Bank was restored with exception: 0x%x\n", val); 723 + return -EINVAL; 724 + } 725 + 726 + return 0; 727 + } 728 + 729 + int adf_gen4_bank_state_save(struct adf_accel_dev *accel_dev, u32 bank_number, 730 + struct bank_state *state) 731 + { 732 + struct adf_hw_device_data *hw_data = GET_HW_DATA(accel_dev); 733 + struct adf_hw_csr_ops *csr_ops = GET_CSR_OPS(accel_dev); 734 + void __iomem *csr_base = adf_get_etr_base(accel_dev); 735 + 736 + if (bank_number >= hw_data->num_banks || !state) 737 + return -EINVAL; 738 + 739 + dev_dbg(&GET_DEV(accel_dev), "Saving state of bank %d\n", bank_number); 740 + 741 + bank_state_save(csr_ops, csr_base, bank_number, state, 742 + hw_data->num_rings_per_bank); 743 + 744 + return 0; 745 + } 746 + EXPORT_SYMBOL_GPL(adf_gen4_bank_state_save); 747 + 748 + int adf_gen4_bank_state_restore(struct adf_accel_dev *accel_dev, u32 bank_number, 749 + struct bank_state *state) 750 + { 751 + struct adf_hw_device_data *hw_data = GET_HW_DATA(accel_dev); 752 + struct adf_hw_csr_ops *csr_ops = GET_CSR_OPS(accel_dev); 753 + void __iomem *csr_base = adf_get_etr_base(accel_dev); 754 + int ret; 755 + 756 + if (bank_number >= hw_data->num_banks || !state) 757 + return -EINVAL; 758 + 759 + dev_dbg(&GET_DEV(accel_dev), "Restoring state of bank %d\n", bank_number); 760 + 761 + ret = bank_state_restore(csr_ops, csr_base, bank_number, state, 762 + hw_data->num_rings_per_bank, hw_data->tx_rx_gap); 763 + if (ret) 764 + dev_err(&GET_DEV(accel_dev), 765 + "Unable to restore state of bank %d\n", bank_number); 766 + 767 + return ret; 768 + } 769 + EXPORT_SYMBOL_GPL(adf_gen4_bank_state_restore);

+35 -92

drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.h

··· 1 1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only) */ 2 2 /* Copyright(c) 2020 Intel Corporation */ 3 - #ifndef ADF_GEN4_HW_CSR_DATA_H_ 4 - #define ADF_GEN4_HW_CSR_DATA_H_ 3 + #ifndef ADF_GEN4_HW_DATA_H_ 4 + #define ADF_GEN4_HW_DATA_H_ 5 5 6 6 #include <linux/units.h> 7 7 ··· 54 54 #define ADF_GEN4_ADMINMSGLR_OFFSET 0x500578 55 55 #define ADF_GEN4_MAILBOX_BASE_OFFSET 0x600970 56 56 57 - /* Transport access */ 58 - #define ADF_BANK_INT_SRC_SEL_MASK 0x44UL 59 - #define ADF_RING_CSR_RING_CONFIG 0x1000 60 - #define ADF_RING_CSR_RING_LBASE 0x1040 61 - #define ADF_RING_CSR_RING_UBASE 0x1080 62 - #define ADF_RING_CSR_RING_HEAD 0x0C0 63 - #define ADF_RING_CSR_RING_TAIL 0x100 64 - #define ADF_RING_CSR_E_STAT 0x14C 65 - #define ADF_RING_CSR_INT_FLAG 0x170 66 - #define ADF_RING_CSR_INT_SRCSEL 0x174 67 - #define ADF_RING_CSR_INT_COL_CTL 0x180 68 - #define ADF_RING_CSR_INT_FLAG_AND_COL 0x184 69 - #define ADF_RING_CSR_INT_COL_CTL_ENABLE 0x80000000 70 - #define ADF_RING_CSR_INT_COL_EN 0x17C 71 - #define ADF_RING_CSR_ADDR_OFFSET 0x100000 72 - #define ADF_RING_BUNDLE_SIZE 0x2000 73 - 74 - #define BUILD_RING_BASE_ADDR(addr, size) \ 75 - ((((addr) >> 6) & (GENMASK_ULL(63, 0) << (size))) << 6) 76 - #define READ_CSR_RING_HEAD(csr_base_addr, bank, ring) \ 77 - ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 78 - ADF_RING_BUNDLE_SIZE * (bank) + \ 79 - ADF_RING_CSR_RING_HEAD + ((ring) << 2)) 80 - #define READ_CSR_RING_TAIL(csr_base_addr, bank, ring) \ 81 - ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 82 - ADF_RING_BUNDLE_SIZE * (bank) + \ 83 - ADF_RING_CSR_RING_TAIL + ((ring) << 2)) 84 - #define READ_CSR_E_STAT(csr_base_addr, bank) \ 85 - ADF_CSR_RD((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 86 - ADF_RING_BUNDLE_SIZE * (bank) + ADF_RING_CSR_E_STAT) 87 - #define WRITE_CSR_RING_CONFIG(csr_base_addr, bank, ring, value) \ 88 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 89 - ADF_RING_BUNDLE_SIZE * (bank) + \ 90 - ADF_RING_CSR_RING_CONFIG + ((ring) << 2), value) 91 - #define WRITE_CSR_RING_BASE(csr_base_addr, bank, ring, value) \ 92 - do { \ 93 - void __iomem *_csr_base_addr = csr_base_addr; \ 94 - u32 _bank = bank; \ 95 - u32 _ring = ring; \ 96 - dma_addr_t _value = value; \ 97 - u32 l_base = 0, u_base = 0; \ 98 - l_base = lower_32_bits(_value); \ 99 - u_base = upper_32_bits(_value); \ 100 - ADF_CSR_WR((_csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 101 - ADF_RING_BUNDLE_SIZE * (_bank) + \ 102 - ADF_RING_CSR_RING_LBASE + ((_ring) << 2), l_base); \ 103 - ADF_CSR_WR((_csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 104 - ADF_RING_BUNDLE_SIZE * (_bank) + \ 105 - ADF_RING_CSR_RING_UBASE + ((_ring) << 2), u_base); \ 106 - } while (0) 107 - 108 - #define WRITE_CSR_RING_HEAD(csr_base_addr, bank, ring, value) \ 109 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 110 - ADF_RING_BUNDLE_SIZE * (bank) + \ 111 - ADF_RING_CSR_RING_HEAD + ((ring) << 2), value) 112 - #define WRITE_CSR_RING_TAIL(csr_base_addr, bank, ring, value) \ 113 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 114 - ADF_RING_BUNDLE_SIZE * (bank) + \ 115 - ADF_RING_CSR_RING_TAIL + ((ring) << 2), value) 116 - #define WRITE_CSR_INT_FLAG(csr_base_addr, bank, value) \ 117 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 118 - ADF_RING_BUNDLE_SIZE * (bank) + \ 119 - ADF_RING_CSR_INT_FLAG, (value)) 120 - #define WRITE_CSR_INT_SRCSEL(csr_base_addr, bank) \ 121 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 122 - ADF_RING_BUNDLE_SIZE * (bank) + \ 123 - ADF_RING_CSR_INT_SRCSEL, ADF_BANK_INT_SRC_SEL_MASK) 124 - #define WRITE_CSR_INT_COL_EN(csr_base_addr, bank, value) \ 125 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 126 - ADF_RING_BUNDLE_SIZE * (bank) + \ 127 - ADF_RING_CSR_INT_COL_EN, (value)) 128 - #define WRITE_CSR_INT_COL_CTL(csr_base_addr, bank, value) \ 129 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 130 - ADF_RING_BUNDLE_SIZE * (bank) + \ 131 - ADF_RING_CSR_INT_COL_CTL, \ 132 - ADF_RING_CSR_INT_COL_CTL_ENABLE | (value)) 133 - #define WRITE_CSR_INT_FLAG_AND_COL(csr_base_addr, bank, value) \ 134 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 135 - ADF_RING_BUNDLE_SIZE * (bank) + \ 136 - ADF_RING_CSR_INT_FLAG_AND_COL, (value)) 137 - 138 - /* Arbiter configuration */ 139 - #define ADF_RING_CSR_RING_SRV_ARB_EN 0x19C 140 - 141 - #define WRITE_CSR_RING_SRV_ARB_EN(csr_base_addr, bank, value) \ 142 - ADF_CSR_WR((csr_base_addr) + ADF_RING_CSR_ADDR_OFFSET, \ 143 - ADF_RING_BUNDLE_SIZE * (bank) + \ 144 - ADF_RING_CSR_RING_SRV_ARB_EN, (value)) 145 - 146 57 /* Default ring mapping */ 147 58 #define ADF_GEN4_DEFAULT_RING_TO_SRV_MAP \ 148 59 (ASYM << ADF_CFG_SERV_RING_PAIR_0_SHIFT | \ ··· 77 166 #define ADF_RPRESET_POLL_TIMEOUT_US (5 * USEC_PER_SEC) 78 167 #define ADF_RPRESET_POLL_DELAY_US 20 79 168 #define ADF_WQM_CSR_RPRESETCTL_RESET BIT(0) 169 + #define ADF_WQM_CSR_RPRESETCTL_DRAIN BIT(2) 80 170 #define ADF_WQM_CSR_RPRESETCTL(bank) (0x6000 + ((bank) << 3)) 81 171 #define ADF_WQM_CSR_RPRESETSTS_STATUS BIT(0) 82 172 #define ADF_WQM_CSR_RPRESETSTS(bank) (ADF_WQM_CSR_RPRESETCTL(bank) + 4) 173 + 174 + /* Ring interrupt */ 175 + #define ADF_RP_INT_SRC_SEL_F_RISE_MASK BIT(2) 176 + #define ADF_RP_INT_SRC_SEL_F_FALL_MASK GENMASK(2, 0) 177 + #define ADF_RP_INT_SRC_SEL_RANGE_WIDTH 4 178 + #define ADF_COALESCED_POLL_TIMEOUT_US (1 * USEC_PER_SEC) 179 + #define ADF_COALESCED_POLL_DELAY_US 1000 180 + #define ADF_WQM_CSR_RPINTSOU(bank) (0x200000 + ((bank) << 12)) 181 + #define ADF_WQM_CSR_RP_IDX_RX 1 83 182 84 183 /* Error source registers */ 85 184 #define ADF_GEN4_ERRSOU0 (0x41A200) ··· 117 196 118 197 /* Arbiter threads mask with error value */ 119 198 #define ADF_GEN4_ENA_THD_MASK_ERROR GENMASK(ADF_NUM_THREADS_PER_AE, 0) 199 + 200 + /* PF2VM communication channel */ 201 + #define ADF_GEN4_PF2VM_OFFSET(i) (0x40B010 + (i) * 0x20) 202 + #define ADF_GEN4_VM2PF_OFFSET(i) (0x40B014 + (i) * 0x20) 203 + #define ADF_GEN4_VINTMSKPF2VM_OFFSET(i) (0x40B00C + (i) * 0x20) 204 + #define ADF_GEN4_VINTSOUPF2VM_OFFSET(i) (0x40B008 + (i) * 0x20) 205 + #define ADF_GEN4_VINTMSK_OFFSET(i) (0x40B004 + (i) * 0x20) 206 + #define ADF_GEN4_VINTSOU_OFFSET(i) (0x40B000 + (i) * 0x20) 207 + 208 + struct adf_gen4_vfmig { 209 + struct adf_mstate_mgr *mstate_mgr; 210 + bool bank_stopped[ADF_GEN4_NUM_BANKS_PER_VF]; 211 + }; 120 212 121 213 void adf_gen4_set_ssm_wdtimer(struct adf_accel_dev *accel_dev); 122 214 ··· 164 230 enum dev_sku_info adf_gen4_get_sku(struct adf_hw_device_data *self); 165 231 u32 adf_gen4_get_sram_bar_id(struct adf_hw_device_data *self); 166 232 int adf_gen4_init_device(struct adf_accel_dev *accel_dev); 167 - void adf_gen4_init_hw_csr_ops(struct adf_hw_csr_ops *csr_ops); 168 233 int adf_gen4_ring_pair_reset(struct adf_accel_dev *accel_dev, u32 bank_number); 169 234 void adf_gen4_set_msix_default_rttable(struct adf_accel_dev *accel_dev); 170 235 void adf_gen4_set_ssm_wdtimer(struct adf_accel_dev *accel_dev); 171 236 int adf_gen4_init_thd2arb_map(struct adf_accel_dev *accel_dev); 172 237 u16 adf_gen4_get_ring_to_svc_map(struct adf_accel_dev *accel_dev); 238 + int adf_gen4_bank_quiesce_coal_timer(struct adf_accel_dev *accel_dev, 239 + u32 bank_idx, int timeout_ms); 240 + int adf_gen4_bank_drain_start(struct adf_accel_dev *accel_dev, 241 + u32 bank_number, int timeout_us); 242 + void adf_gen4_bank_drain_finish(struct adf_accel_dev *accel_dev, 243 + u32 bank_number); 244 + int adf_gen4_bank_state_save(struct adf_accel_dev *accel_dev, u32 bank_number, 245 + struct bank_state *state); 246 + int adf_gen4_bank_state_restore(struct adf_accel_dev *accel_dev, 247 + u32 bank_number, struct bank_state *state); 173 248 174 249 #endif

+3 -5

drivers/crypto/intel/qat/qat_common/adf_gen4_pfvf.c

··· 6 6 #include "adf_accel_devices.h" 7 7 #include "adf_common_drv.h" 8 8 #include "adf_gen4_pfvf.h" 9 + #include "adf_gen4_hw_data.h" 9 10 #include "adf_pfvf_pf_proto.h" 10 11 #include "adf_pfvf_utils.h" 11 - 12 - #define ADF_4XXX_PF2VM_OFFSET(i) (0x40B010 + ((i) * 0x20)) 13 - #define ADF_4XXX_VM2PF_OFFSET(i) (0x40B014 + ((i) * 0x20)) 14 12 15 13 /* VF2PF interrupt source registers */ 16 14 #define ADF_4XXX_VM2PF_SOU 0x41A180 ··· 27 29 28 30 static u32 adf_gen4_pf_get_pf2vf_offset(u32 i) 29 31 { 30 - return ADF_4XXX_PF2VM_OFFSET(i); 32 + return ADF_GEN4_PF2VM_OFFSET(i); 31 33 } 32 34 33 35 static u32 adf_gen4_pf_get_vf2pf_offset(u32 i) 34 36 { 35 - return ADF_4XXX_VM2PF_OFFSET(i); 37 + return ADF_GEN4_VM2PF_OFFSET(i); 36 38 } 37 39 38 40 static void adf_gen4_enable_vf2pf_interrupts(void __iomem *pmisc_addr, u32 vf_mask)

+1

drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c

··· 149 149 tl_data->sl_exec_counters = sl_exec_counters; 150 150 tl_data->rp_counters = rp_counters; 151 151 tl_data->num_rp_counters = ARRAY_SIZE(rp_counters); 152 + tl_data->max_sl_cnt = ADF_GEN4_TL_MAX_SLICES_PER_TYPE; 152 153 } 153 154 EXPORT_SYMBOL_GPL(adf_gen4_init_tl_data);

+1010

drivers/crypto/intel/qat/qat_common/adf_gen4_vf_mig.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #include <linux/delay.h> 4 + #include <linux/dev_printk.h> 5 + #include <linux/kernel.h> 6 + #include <linux/slab.h> 7 + #include <linux/string.h> 8 + #include <linux/types.h> 9 + #include <asm/errno.h> 10 + 11 + #include "adf_accel_devices.h" 12 + #include "adf_common_drv.h" 13 + #include "adf_gen4_hw_data.h" 14 + #include "adf_gen4_pfvf.h" 15 + #include "adf_pfvf_utils.h" 16 + #include "adf_mstate_mgr.h" 17 + #include "adf_gen4_vf_mig.h" 18 + 19 + #define ADF_GEN4_VF_MSTATE_SIZE 4096 20 + #define ADF_GEN4_PFVF_RSP_TIMEOUT_US 5000 21 + 22 + static int adf_gen4_vfmig_save_setup(struct qat_mig_dev *mdev); 23 + static int adf_gen4_vfmig_load_setup(struct qat_mig_dev *mdev, int len); 24 + 25 + static int adf_gen4_vfmig_init_device(struct qat_mig_dev *mdev) 26 + { 27 + u8 *state; 28 + 29 + state = kmalloc(ADF_GEN4_VF_MSTATE_SIZE, GFP_KERNEL); 30 + if (!state) 31 + return -ENOMEM; 32 + 33 + mdev->state = state; 34 + mdev->state_size = ADF_GEN4_VF_MSTATE_SIZE; 35 + mdev->setup_size = 0; 36 + mdev->remote_setup_size = 0; 37 + 38 + return 0; 39 + } 40 + 41 + static void adf_gen4_vfmig_cleanup_device(struct qat_mig_dev *mdev) 42 + { 43 + kfree(mdev->state); 44 + mdev->state = NULL; 45 + } 46 + 47 + static void adf_gen4_vfmig_reset_device(struct qat_mig_dev *mdev) 48 + { 49 + mdev->setup_size = 0; 50 + mdev->remote_setup_size = 0; 51 + } 52 + 53 + static int adf_gen4_vfmig_open_device(struct qat_mig_dev *mdev) 54 + { 55 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 56 + struct adf_accel_vf_info *vf_info; 57 + struct adf_gen4_vfmig *vfmig; 58 + 59 + vf_info = &accel_dev->pf.vf_info[mdev->vf_id]; 60 + 61 + vfmig = kzalloc(sizeof(*vfmig), GFP_KERNEL); 62 + if (!vfmig) 63 + return -ENOMEM; 64 + 65 + vfmig->mstate_mgr = adf_mstate_mgr_new(mdev->state, mdev->state_size); 66 + if (!vfmig->mstate_mgr) { 67 + kfree(vfmig); 68 + return -ENOMEM; 69 + } 70 + vf_info->mig_priv = vfmig; 71 + mdev->setup_size = 0; 72 + mdev->remote_setup_size = 0; 73 + 74 + return 0; 75 + } 76 + 77 + static void adf_gen4_vfmig_close_device(struct qat_mig_dev *mdev) 78 + { 79 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 80 + struct adf_accel_vf_info *vf_info; 81 + struct adf_gen4_vfmig *vfmig; 82 + 83 + vf_info = &accel_dev->pf.vf_info[mdev->vf_id]; 84 + if (vf_info->mig_priv) { 85 + vfmig = vf_info->mig_priv; 86 + adf_mstate_mgr_destroy(vfmig->mstate_mgr); 87 + kfree(vfmig); 88 + vf_info->mig_priv = NULL; 89 + } 90 + } 91 + 92 + static int adf_gen4_vfmig_suspend_device(struct qat_mig_dev *mdev) 93 + { 94 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 95 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 96 + struct adf_accel_vf_info *vf_info; 97 + struct adf_gen4_vfmig *vf_mig; 98 + u32 vf_nr = mdev->vf_id; 99 + int ret, i; 100 + 101 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 102 + vf_mig = vf_info->mig_priv; 103 + 104 + /* Stop all inflight jobs */ 105 + for (i = 0; i < hw_data->num_banks_per_vf; i++) { 106 + u32 pf_bank_nr = i + vf_nr * hw_data->num_banks_per_vf; 107 + 108 + ret = adf_gen4_bank_drain_start(accel_dev, pf_bank_nr, 109 + ADF_RPRESET_POLL_TIMEOUT_US); 110 + if (ret) { 111 + dev_err(&GET_DEV(accel_dev), 112 + "Failed to drain bank %d for vf_nr %d\n", i, 113 + vf_nr); 114 + return ret; 115 + } 116 + vf_mig->bank_stopped[i] = true; 117 + 118 + adf_gen4_bank_quiesce_coal_timer(accel_dev, pf_bank_nr, 119 + ADF_COALESCED_POLL_TIMEOUT_US); 120 + } 121 + 122 + return 0; 123 + } 124 + 125 + static int adf_gen4_vfmig_resume_device(struct qat_mig_dev *mdev) 126 + { 127 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 128 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 129 + struct adf_accel_vf_info *vf_info; 130 + struct adf_gen4_vfmig *vf_mig; 131 + u32 vf_nr = mdev->vf_id; 132 + int i; 133 + 134 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 135 + vf_mig = vf_info->mig_priv; 136 + 137 + for (i = 0; i < hw_data->num_banks_per_vf; i++) { 138 + u32 pf_bank_nr = i + vf_nr * hw_data->num_banks_per_vf; 139 + 140 + if (vf_mig->bank_stopped[i]) { 141 + adf_gen4_bank_drain_finish(accel_dev, pf_bank_nr); 142 + vf_mig->bank_stopped[i] = false; 143 + } 144 + } 145 + 146 + return 0; 147 + } 148 + 149 + struct adf_vf_bank_info { 150 + struct adf_accel_dev *accel_dev; 151 + u32 vf_nr; 152 + u32 bank_nr; 153 + }; 154 + 155 + struct mig_user_sla { 156 + enum adf_base_services srv; 157 + u64 rp_mask; 158 + u32 cir; 159 + u32 pir; 160 + }; 161 + 162 + static int adf_mstate_sla_check(struct adf_mstate_mgr *sub_mgr, u8 *src_buf, 163 + u32 src_size, void *opaque) 164 + { 165 + struct adf_mstate_vreginfo _sinfo = { src_buf, src_size }; 166 + struct adf_mstate_vreginfo *sinfo = &_sinfo, *dinfo = opaque; 167 + u32 src_sla_cnt = sinfo->size / sizeof(struct mig_user_sla); 168 + u32 dst_sla_cnt = dinfo->size / sizeof(struct mig_user_sla); 169 + struct mig_user_sla *src_slas = sinfo->addr; 170 + struct mig_user_sla *dst_slas = dinfo->addr; 171 + int i, j; 172 + 173 + for (i = 0; i < src_sla_cnt; i++) { 174 + for (j = 0; j < dst_sla_cnt; j++) { 175 + if (src_slas[i].srv != dst_slas[j].srv || 176 + src_slas[i].rp_mask != dst_slas[j].rp_mask) 177 + continue; 178 + 179 + if (src_slas[i].cir > dst_slas[j].cir || 180 + src_slas[i].pir > dst_slas[j].pir) { 181 + pr_err("QAT: DST VF rate limiting mismatch.\n"); 182 + return -EINVAL; 183 + } 184 + break; 185 + } 186 + 187 + if (j == dst_sla_cnt) { 188 + pr_err("QAT: SRC VF rate limiting mismatch - SRC srv %d and rp_mask 0x%llx.\n", 189 + src_slas[i].srv, src_slas[i].rp_mask); 190 + return -EINVAL; 191 + } 192 + } 193 + 194 + return 0; 195 + } 196 + 197 + static inline int adf_mstate_check_cap_size(u32 src_sz, u32 dst_sz, u32 max_sz) 198 + { 199 + if (src_sz > max_sz || dst_sz > max_sz) 200 + return -EINVAL; 201 + else 202 + return 0; 203 + } 204 + 205 + static int adf_mstate_compatver_check(struct adf_mstate_mgr *sub_mgr, 206 + u8 *src_buf, u32 src_sz, void *opaque) 207 + { 208 + struct adf_mstate_vreginfo *info = opaque; 209 + u8 compat = 0; 210 + u8 *pcompat; 211 + 212 + if (src_sz != info->size) { 213 + pr_debug("QAT: State mismatch (compat version size), current %u, expected %u\n", 214 + src_sz, info->size); 215 + return -EINVAL; 216 + } 217 + 218 + memcpy(info->addr, src_buf, info->size); 219 + pcompat = info->addr; 220 + if (*pcompat == 0) { 221 + pr_warn("QAT: Unable to determine the version of VF\n"); 222 + return 0; 223 + } 224 + 225 + compat = adf_vf_compat_checker(*pcompat); 226 + if (compat == ADF_PF2VF_VF_INCOMPATIBLE) { 227 + pr_debug("QAT: SRC VF driver (ver=%u) is incompatible with DST PF driver (ver=%u)\n", 228 + *pcompat, ADF_PFVF_COMPAT_THIS_VERSION); 229 + return -EINVAL; 230 + } 231 + 232 + if (compat == ADF_PF2VF_VF_COMPAT_UNKNOWN) 233 + pr_debug("QAT: SRC VF driver (ver=%u) is newer than DST PF driver (ver=%u)\n", 234 + *pcompat, ADF_PFVF_COMPAT_THIS_VERSION); 235 + 236 + return 0; 237 + } 238 + 239 + /* 240 + * adf_mstate_capmask_compare() - compare QAT device capability mask 241 + * @sinfo: Pointer to source capability info 242 + * @dinfo: Pointer to target capability info 243 + * 244 + * This function compares the capability mask between source VF and target VF 245 + * 246 + * Returns: 0 if target capability mask is identical to source capability mask, 247 + * 1 if target mask can represent all the capabilities represented by source mask, 248 + * -1 if target mask can't represent all the capabilities represented by source 249 + * mask. 250 + */ 251 + static int adf_mstate_capmask_compare(struct adf_mstate_vreginfo *sinfo, 252 + struct adf_mstate_vreginfo *dinfo) 253 + { 254 + u64 src = 0, dst = 0; 255 + 256 + if (adf_mstate_check_cap_size(sinfo->size, dinfo->size, sizeof(u64))) { 257 + pr_debug("QAT: Unexpected capability size %u %u %zu\n", 258 + sinfo->size, dinfo->size, sizeof(u64)); 259 + return -1; 260 + } 261 + 262 + memcpy(&src, sinfo->addr, sinfo->size); 263 + memcpy(&dst, dinfo->addr, dinfo->size); 264 + 265 + pr_debug("QAT: Check cap compatibility of cap %llu %llu\n", src, dst); 266 + 267 + if (src == dst) 268 + return 0; 269 + 270 + if ((src | dst) == dst) 271 + return 1; 272 + 273 + return -1; 274 + } 275 + 276 + static int adf_mstate_capmask_superset(struct adf_mstate_mgr *sub_mgr, u8 *buf, 277 + u32 size, void *opa) 278 + { 279 + struct adf_mstate_vreginfo sinfo = { buf, size }; 280 + 281 + if (adf_mstate_capmask_compare(&sinfo, opa) >= 0) 282 + return 0; 283 + 284 + return -EINVAL; 285 + } 286 + 287 + static int adf_mstate_capmask_equal(struct adf_mstate_mgr *sub_mgr, u8 *buf, 288 + u32 size, void *opa) 289 + { 290 + struct adf_mstate_vreginfo sinfo = { buf, size }; 291 + 292 + if (adf_mstate_capmask_compare(&sinfo, opa) == 0) 293 + return 0; 294 + 295 + return -EINVAL; 296 + } 297 + 298 + static int adf_mstate_set_vreg(struct adf_mstate_mgr *sub_mgr, u8 *buf, 299 + u32 size, void *opa) 300 + { 301 + struct adf_mstate_vreginfo *info = opa; 302 + 303 + if (size != info->size) { 304 + pr_debug("QAT: Unexpected cap size %u %u\n", size, info->size); 305 + return -EINVAL; 306 + } 307 + memcpy(info->addr, buf, info->size); 308 + 309 + return 0; 310 + } 311 + 312 + static u32 adf_gen4_vfmig_get_slas(struct adf_accel_dev *accel_dev, u32 vf_nr, 313 + struct mig_user_sla *pmig_slas) 314 + { 315 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 316 + struct adf_rl *rl_data = accel_dev->rate_limiting; 317 + struct rl_sla **sla_type_arr = NULL; 318 + u64 rp_mask, rp_index; 319 + u32 max_num_sla; 320 + u32 sla_cnt = 0; 321 + int i, j; 322 + 323 + if (!accel_dev->rate_limiting) 324 + return 0; 325 + 326 + rp_index = vf_nr * hw_data->num_banks_per_vf; 327 + max_num_sla = adf_rl_get_sla_arr_of_type(rl_data, RL_LEAF, &sla_type_arr); 328 + 329 + for (i = 0; i < max_num_sla; i++) { 330 + if (!sla_type_arr[i]) 331 + continue; 332 + 333 + rp_mask = 0; 334 + for (j = 0; j < sla_type_arr[i]->ring_pairs_cnt; j++) 335 + rp_mask |= BIT(sla_type_arr[i]->ring_pairs_ids[j]); 336 + 337 + if (rp_mask & GENMASK_ULL(rp_index + 3, rp_index)) { 338 + pmig_slas->rp_mask = rp_mask; 339 + pmig_slas->cir = sla_type_arr[i]->cir; 340 + pmig_slas->pir = sla_type_arr[i]->pir; 341 + pmig_slas->srv = sla_type_arr[i]->srv; 342 + pmig_slas++; 343 + sla_cnt++; 344 + } 345 + } 346 + 347 + return sla_cnt; 348 + } 349 + 350 + static int adf_gen4_vfmig_load_etr_regs(struct adf_mstate_mgr *sub_mgr, 351 + u8 *state, u32 size, void *opa) 352 + { 353 + struct adf_vf_bank_info *vf_bank_info = opa; 354 + struct adf_accel_dev *accel_dev = vf_bank_info->accel_dev; 355 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 356 + u32 pf_bank_nr; 357 + int ret; 358 + 359 + pf_bank_nr = vf_bank_info->bank_nr + vf_bank_info->vf_nr * hw_data->num_banks_per_vf; 360 + ret = hw_data->bank_state_restore(accel_dev, pf_bank_nr, 361 + (struct bank_state *)state); 362 + if (ret) { 363 + dev_err(&GET_DEV(accel_dev), 364 + "Failed to load regs for vf%d bank%d\n", 365 + vf_bank_info->vf_nr, vf_bank_info->bank_nr); 366 + return ret; 367 + } 368 + 369 + return 0; 370 + } 371 + 372 + static int adf_gen4_vfmig_load_etr_bank(struct adf_accel_dev *accel_dev, 373 + u32 vf_nr, u32 bank_nr, 374 + struct adf_mstate_mgr *mstate_mgr) 375 + { 376 + struct adf_vf_bank_info vf_bank_info = {accel_dev, vf_nr, bank_nr}; 377 + struct adf_mstate_sect_h *subsec, *l2_subsec; 378 + struct adf_mstate_mgr sub_sects_mgr; 379 + char bank_ids[ADF_MSTATE_ID_LEN]; 380 + 381 + snprintf(bank_ids, sizeof(bank_ids), ADF_MSTATE_BANK_IDX_IDS "%x", bank_nr); 382 + subsec = adf_mstate_sect_lookup(mstate_mgr, bank_ids, NULL, NULL); 383 + if (!subsec) { 384 + dev_err(&GET_DEV(accel_dev), 385 + "Failed to lookup sec %s for vf%d bank%d\n", 386 + ADF_MSTATE_BANK_IDX_IDS, vf_nr, bank_nr); 387 + return -EINVAL; 388 + } 389 + 390 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, subsec); 391 + l2_subsec = adf_mstate_sect_lookup(&sub_sects_mgr, ADF_MSTATE_ETR_REGS_IDS, 392 + adf_gen4_vfmig_load_etr_regs, 393 + &vf_bank_info); 394 + if (!l2_subsec) { 395 + dev_err(&GET_DEV(accel_dev), 396 + "Failed to add sec %s for vf%d bank%d\n", 397 + ADF_MSTATE_ETR_REGS_IDS, vf_nr, bank_nr); 398 + return -EINVAL; 399 + } 400 + 401 + return 0; 402 + } 403 + 404 + static int adf_gen4_vfmig_load_etr(struct adf_accel_dev *accel_dev, u32 vf_nr) 405 + { 406 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 407 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 408 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 409 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 410 + struct adf_mstate_mgr sub_sects_mgr; 411 + struct adf_mstate_sect_h *subsec; 412 + int ret, i; 413 + 414 + subsec = adf_mstate_sect_lookup(mstate_mgr, ADF_MSTATE_ETRB_IDS, NULL, 415 + NULL); 416 + if (!subsec) { 417 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 418 + ADF_MSTATE_ETRB_IDS); 419 + return -EINVAL; 420 + } 421 + 422 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, subsec); 423 + for (i = 0; i < hw_data->num_banks_per_vf; i++) { 424 + ret = adf_gen4_vfmig_load_etr_bank(accel_dev, vf_nr, i, 425 + &sub_sects_mgr); 426 + if (ret) 427 + return ret; 428 + } 429 + 430 + return 0; 431 + } 432 + 433 + static int adf_gen4_vfmig_load_misc(struct adf_accel_dev *accel_dev, u32 vf_nr) 434 + { 435 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 436 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 437 + void __iomem *csr = adf_get_pmisc_base(accel_dev); 438 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 439 + struct adf_mstate_sect_h *subsec, *l2_subsec; 440 + struct adf_mstate_mgr sub_sects_mgr; 441 + struct { 442 + char *id; 443 + u64 ofs; 444 + } misc_states[] = { 445 + {ADF_MSTATE_VINTMSK_IDS, ADF_GEN4_VINTMSK_OFFSET(vf_nr)}, 446 + {ADF_MSTATE_VINTMSK_PF2VM_IDS, ADF_GEN4_VINTMSKPF2VM_OFFSET(vf_nr)}, 447 + {ADF_MSTATE_PF2VM_IDS, ADF_GEN4_PF2VM_OFFSET(vf_nr)}, 448 + {ADF_MSTATE_VM2PF_IDS, ADF_GEN4_VM2PF_OFFSET(vf_nr)}, 449 + }; 450 + int i; 451 + 452 + subsec = adf_mstate_sect_lookup(mstate_mgr, ADF_MSTATE_MISCB_IDS, NULL, 453 + NULL); 454 + if (!subsec) { 455 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 456 + ADF_MSTATE_MISCB_IDS); 457 + return -EINVAL; 458 + } 459 + 460 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, subsec); 461 + for (i = 0; i < ARRAY_SIZE(misc_states); i++) { 462 + struct adf_mstate_vreginfo info; 463 + u32 regv; 464 + 465 + info.addr = &regv; 466 + info.size = sizeof(regv); 467 + l2_subsec = adf_mstate_sect_lookup(&sub_sects_mgr, 468 + misc_states[i].id, 469 + adf_mstate_set_vreg, 470 + &info); 471 + if (!l2_subsec) { 472 + dev_err(&GET_DEV(accel_dev), 473 + "Failed to load sec %s\n", misc_states[i].id); 474 + return -EINVAL; 475 + } 476 + ADF_CSR_WR(csr, misc_states[i].ofs, regv); 477 + } 478 + 479 + return 0; 480 + } 481 + 482 + static int adf_gen4_vfmig_load_generic(struct adf_accel_dev *accel_dev, u32 vf_nr) 483 + { 484 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 485 + struct mig_user_sla dst_slas[RL_RP_CNT_PER_LEAF_MAX] = { }; 486 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 487 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 488 + struct adf_mstate_sect_h *subsec, *l2_subsec; 489 + struct adf_mstate_mgr sub_sects_mgr; 490 + u32 dst_sla_cnt; 491 + struct { 492 + char *id; 493 + int (*action)(struct adf_mstate_mgr *sub_mgr, u8 *buf, u32 size, void *opa); 494 + struct adf_mstate_vreginfo info; 495 + } gen_states[] = { 496 + {ADF_MSTATE_IOV_INIT_IDS, adf_mstate_set_vreg, 497 + {&vf_info->init, sizeof(vf_info->init)}}, 498 + {ADF_MSTATE_COMPAT_VER_IDS, adf_mstate_compatver_check, 499 + {&vf_info->vf_compat_ver, sizeof(vf_info->vf_compat_ver)}}, 500 + {ADF_MSTATE_SLA_IDS, adf_mstate_sla_check, {dst_slas, 0}}, 501 + }; 502 + int i; 503 + 504 + subsec = adf_mstate_sect_lookup(mstate_mgr, ADF_MSTATE_GEN_IDS, NULL, NULL); 505 + if (!subsec) { 506 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 507 + ADF_MSTATE_GEN_IDS); 508 + return -EINVAL; 509 + } 510 + 511 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, subsec); 512 + for (i = 0; i < ARRAY_SIZE(gen_states); i++) { 513 + if (gen_states[i].info.addr == dst_slas) { 514 + dst_sla_cnt = adf_gen4_vfmig_get_slas(accel_dev, vf_nr, dst_slas); 515 + gen_states[i].info.size = dst_sla_cnt * sizeof(struct mig_user_sla); 516 + } 517 + 518 + l2_subsec = adf_mstate_sect_lookup(&sub_sects_mgr, 519 + gen_states[i].id, 520 + gen_states[i].action, 521 + &gen_states[i].info); 522 + if (!l2_subsec) { 523 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 524 + gen_states[i].id); 525 + return -EINVAL; 526 + } 527 + } 528 + 529 + return 0; 530 + } 531 + 532 + static int adf_gen4_vfmig_load_config(struct adf_accel_dev *accel_dev, u32 vf_nr) 533 + { 534 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 535 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 536 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 537 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 538 + struct adf_mstate_sect_h *subsec, *l2_subsec; 539 + struct adf_mstate_mgr sub_sects_mgr; 540 + struct { 541 + char *id; 542 + int (*action)(struct adf_mstate_mgr *sub_mgr, u8 *buf, u32 size, void *opa); 543 + struct adf_mstate_vreginfo info; 544 + } setups[] = { 545 + {ADF_MSTATE_GEN_CAP_IDS, adf_mstate_capmask_superset, 546 + {&hw_data->accel_capabilities_mask, sizeof(hw_data->accel_capabilities_mask)}}, 547 + {ADF_MSTATE_GEN_SVCMAP_IDS, adf_mstate_capmask_equal, 548 + {&hw_data->ring_to_svc_map, sizeof(hw_data->ring_to_svc_map)}}, 549 + {ADF_MSTATE_GEN_EXTDC_IDS, adf_mstate_capmask_superset, 550 + {&hw_data->extended_dc_capabilities, sizeof(hw_data->extended_dc_capabilities)}}, 551 + }; 552 + int i; 553 + 554 + subsec = adf_mstate_sect_lookup(mstate_mgr, ADF_MSTATE_CONFIG_IDS, NULL, NULL); 555 + if (!subsec) { 556 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 557 + ADF_MSTATE_CONFIG_IDS); 558 + return -EINVAL; 559 + } 560 + 561 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, subsec); 562 + for (i = 0; i < ARRAY_SIZE(setups); i++) { 563 + l2_subsec = adf_mstate_sect_lookup(&sub_sects_mgr, setups[i].id, 564 + setups[i].action, &setups[i].info); 565 + if (!l2_subsec) { 566 + dev_err(&GET_DEV(accel_dev), "Failed to load sec %s\n", 567 + setups[i].id); 568 + return -EINVAL; 569 + } 570 + } 571 + 572 + return 0; 573 + } 574 + 575 + static int adf_gen4_vfmig_save_etr_regs(struct adf_mstate_mgr *subs, u8 *state, 576 + u32 size, void *opa) 577 + { 578 + struct adf_vf_bank_info *vf_bank_info = opa; 579 + struct adf_accel_dev *accel_dev = vf_bank_info->accel_dev; 580 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 581 + u32 pf_bank_nr; 582 + int ret; 583 + 584 + pf_bank_nr = vf_bank_info->bank_nr; 585 + pf_bank_nr += vf_bank_info->vf_nr * hw_data->num_banks_per_vf; 586 + 587 + ret = hw_data->bank_state_save(accel_dev, pf_bank_nr, 588 + (struct bank_state *)state); 589 + if (ret) { 590 + dev_err(&GET_DEV(accel_dev), 591 + "Failed to save regs for vf%d bank%d\n", 592 + vf_bank_info->vf_nr, vf_bank_info->bank_nr); 593 + return ret; 594 + } 595 + 596 + return sizeof(struct bank_state); 597 + } 598 + 599 + static int adf_gen4_vfmig_save_etr_bank(struct adf_accel_dev *accel_dev, 600 + u32 vf_nr, u32 bank_nr, 601 + struct adf_mstate_mgr *mstate_mgr) 602 + { 603 + struct adf_mstate_sect_h *subsec, *l2_subsec; 604 + struct adf_vf_bank_info vf_bank_info; 605 + struct adf_mstate_mgr sub_sects_mgr; 606 + char bank_ids[ADF_MSTATE_ID_LEN]; 607 + 608 + snprintf(bank_ids, sizeof(bank_ids), ADF_MSTATE_BANK_IDX_IDS "%x", bank_nr); 609 + 610 + subsec = adf_mstate_sect_add(mstate_mgr, bank_ids, NULL, NULL); 611 + if (!subsec) { 612 + dev_err(&GET_DEV(accel_dev), 613 + "Failed to add sec %s for vf%d bank%d\n", 614 + ADF_MSTATE_BANK_IDX_IDS, vf_nr, bank_nr); 615 + return -EINVAL; 616 + } 617 + 618 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mstate_mgr); 619 + vf_bank_info.accel_dev = accel_dev; 620 + vf_bank_info.vf_nr = vf_nr; 621 + vf_bank_info.bank_nr = bank_nr; 622 + l2_subsec = adf_mstate_sect_add(&sub_sects_mgr, ADF_MSTATE_ETR_REGS_IDS, 623 + adf_gen4_vfmig_save_etr_regs, 624 + &vf_bank_info); 625 + if (!l2_subsec) { 626 + dev_err(&GET_DEV(accel_dev), 627 + "Failed to add sec %s for vf%d bank%d\n", 628 + ADF_MSTATE_ETR_REGS_IDS, vf_nr, bank_nr); 629 + return -EINVAL; 630 + } 631 + adf_mstate_sect_update(mstate_mgr, &sub_sects_mgr, subsec); 632 + 633 + return 0; 634 + } 635 + 636 + static int adf_gen4_vfmig_save_etr(struct adf_accel_dev *accel_dev, u32 vf_nr) 637 + { 638 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 639 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 640 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 641 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 642 + struct adf_mstate_mgr sub_sects_mgr; 643 + struct adf_mstate_sect_h *subsec; 644 + int ret, i; 645 + 646 + subsec = adf_mstate_sect_add(mstate_mgr, ADF_MSTATE_ETRB_IDS, NULL, NULL); 647 + if (!subsec) { 648 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 649 + ADF_MSTATE_ETRB_IDS); 650 + return -EINVAL; 651 + } 652 + 653 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mstate_mgr); 654 + for (i = 0; i < hw_data->num_banks_per_vf; i++) { 655 + ret = adf_gen4_vfmig_save_etr_bank(accel_dev, vf_nr, i, 656 + &sub_sects_mgr); 657 + if (ret) 658 + return ret; 659 + } 660 + adf_mstate_sect_update(mstate_mgr, &sub_sects_mgr, subsec); 661 + 662 + return 0; 663 + } 664 + 665 + static int adf_gen4_vfmig_save_misc(struct adf_accel_dev *accel_dev, u32 vf_nr) 666 + { 667 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 668 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 669 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 670 + void __iomem *csr = adf_get_pmisc_base(accel_dev); 671 + struct adf_mstate_sect_h *subsec, *l2_subsec; 672 + struct adf_mstate_mgr sub_sects_mgr; 673 + struct { 674 + char *id; 675 + u64 offset; 676 + } misc_states[] = { 677 + {ADF_MSTATE_VINTSRC_IDS, ADF_GEN4_VINTSOU_OFFSET(vf_nr)}, 678 + {ADF_MSTATE_VINTMSK_IDS, ADF_GEN4_VINTMSK_OFFSET(vf_nr)}, 679 + {ADF_MSTATE_VINTSRC_PF2VM_IDS, ADF_GEN4_VINTSOUPF2VM_OFFSET(vf_nr)}, 680 + {ADF_MSTATE_VINTMSK_PF2VM_IDS, ADF_GEN4_VINTMSKPF2VM_OFFSET(vf_nr)}, 681 + {ADF_MSTATE_PF2VM_IDS, ADF_GEN4_PF2VM_OFFSET(vf_nr)}, 682 + {ADF_MSTATE_VM2PF_IDS, ADF_GEN4_VM2PF_OFFSET(vf_nr)}, 683 + }; 684 + ktime_t time_exp; 685 + int i; 686 + 687 + subsec = adf_mstate_sect_add(mstate_mgr, ADF_MSTATE_MISCB_IDS, NULL, NULL); 688 + if (!subsec) { 689 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 690 + ADF_MSTATE_MISCB_IDS); 691 + return -EINVAL; 692 + } 693 + 694 + time_exp = ktime_add_us(ktime_get(), ADF_GEN4_PFVF_RSP_TIMEOUT_US); 695 + while (!mutex_trylock(&vf_info->pfvf_mig_lock)) { 696 + if (ktime_after(ktime_get(), time_exp)) { 697 + dev_err(&GET_DEV(accel_dev), "Failed to get pfvf mig lock\n"); 698 + return -ETIMEDOUT; 699 + } 700 + usleep_range(500, 1000); 701 + } 702 + 703 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mstate_mgr); 704 + for (i = 0; i < ARRAY_SIZE(misc_states); i++) { 705 + struct adf_mstate_vreginfo info; 706 + u32 regv; 707 + 708 + info.addr = &regv; 709 + info.size = sizeof(regv); 710 + regv = ADF_CSR_RD(csr, misc_states[i].offset); 711 + 712 + l2_subsec = adf_mstate_sect_add_vreg(&sub_sects_mgr, 713 + misc_states[i].id, 714 + &info); 715 + if (!l2_subsec) { 716 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 717 + misc_states[i].id); 718 + mutex_unlock(&vf_info->pfvf_mig_lock); 719 + return -EINVAL; 720 + } 721 + } 722 + 723 + mutex_unlock(&vf_info->pfvf_mig_lock); 724 + adf_mstate_sect_update(mstate_mgr, &sub_sects_mgr, subsec); 725 + 726 + return 0; 727 + } 728 + 729 + static int adf_gen4_vfmig_save_generic(struct adf_accel_dev *accel_dev, u32 vf_nr) 730 + { 731 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 732 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 733 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 734 + struct adf_mstate_mgr sub_sects_mgr; 735 + struct adf_mstate_sect_h *subsec, *l2_subsec; 736 + struct mig_user_sla src_slas[RL_RP_CNT_PER_LEAF_MAX] = { }; 737 + u32 src_sla_cnt; 738 + struct { 739 + char *id; 740 + struct adf_mstate_vreginfo info; 741 + } gen_states[] = { 742 + {ADF_MSTATE_IOV_INIT_IDS, 743 + {&vf_info->init, sizeof(vf_info->init)}}, 744 + {ADF_MSTATE_COMPAT_VER_IDS, 745 + {&vf_info->vf_compat_ver, sizeof(vf_info->vf_compat_ver)}}, 746 + {ADF_MSTATE_SLA_IDS, {src_slas, 0}}, 747 + }; 748 + int i; 749 + 750 + subsec = adf_mstate_sect_add(mstate_mgr, ADF_MSTATE_GEN_IDS, NULL, NULL); 751 + if (!subsec) { 752 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 753 + ADF_MSTATE_GEN_IDS); 754 + return -EINVAL; 755 + } 756 + 757 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mstate_mgr); 758 + for (i = 0; i < ARRAY_SIZE(gen_states); i++) { 759 + if (gen_states[i].info.addr == src_slas) { 760 + src_sla_cnt = adf_gen4_vfmig_get_slas(accel_dev, vf_nr, src_slas); 761 + gen_states[i].info.size = src_sla_cnt * sizeof(struct mig_user_sla); 762 + } 763 + 764 + l2_subsec = adf_mstate_sect_add_vreg(&sub_sects_mgr, 765 + gen_states[i].id, 766 + &gen_states[i].info); 767 + if (!l2_subsec) { 768 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 769 + gen_states[i].id); 770 + return -EINVAL; 771 + } 772 + } 773 + adf_mstate_sect_update(mstate_mgr, &sub_sects_mgr, subsec); 774 + 775 + return 0; 776 + } 777 + 778 + static int adf_gen4_vfmig_save_config(struct adf_accel_dev *accel_dev, u32 vf_nr) 779 + { 780 + struct adf_accel_vf_info *vf_info = &accel_dev->pf.vf_info[vf_nr]; 781 + struct adf_hw_device_data *hw_data = accel_dev->hw_device; 782 + struct adf_gen4_vfmig *vfmig = vf_info->mig_priv; 783 + struct adf_mstate_mgr *mstate_mgr = vfmig->mstate_mgr; 784 + struct adf_mstate_mgr sub_sects_mgr; 785 + struct adf_mstate_sect_h *subsec, *l2_subsec; 786 + struct { 787 + char *id; 788 + struct adf_mstate_vreginfo info; 789 + } setups[] = { 790 + {ADF_MSTATE_GEN_CAP_IDS, 791 + {&hw_data->accel_capabilities_mask, sizeof(hw_data->accel_capabilities_mask)}}, 792 + {ADF_MSTATE_GEN_SVCMAP_IDS, 793 + {&hw_data->ring_to_svc_map, sizeof(hw_data->ring_to_svc_map)}}, 794 + {ADF_MSTATE_GEN_EXTDC_IDS, 795 + {&hw_data->extended_dc_capabilities, sizeof(hw_data->extended_dc_capabilities)}}, 796 + }; 797 + int i; 798 + 799 + subsec = adf_mstate_sect_add(mstate_mgr, ADF_MSTATE_CONFIG_IDS, NULL, NULL); 800 + if (!subsec) { 801 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 802 + ADF_MSTATE_CONFIG_IDS); 803 + return -EINVAL; 804 + } 805 + 806 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mstate_mgr); 807 + for (i = 0; i < ARRAY_SIZE(setups); i++) { 808 + l2_subsec = adf_mstate_sect_add_vreg(&sub_sects_mgr, setups[i].id, 809 + &setups[i].info); 810 + if (!l2_subsec) { 811 + dev_err(&GET_DEV(accel_dev), "Failed to add sec %s\n", 812 + setups[i].id); 813 + return -EINVAL; 814 + } 815 + } 816 + adf_mstate_sect_update(mstate_mgr, &sub_sects_mgr, subsec); 817 + 818 + return 0; 819 + } 820 + 821 + static int adf_gen4_vfmig_save_state(struct qat_mig_dev *mdev) 822 + { 823 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 824 + struct adf_accel_vf_info *vf_info; 825 + struct adf_gen4_vfmig *vfmig; 826 + u32 vf_nr = mdev->vf_id; 827 + int ret; 828 + 829 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 830 + vfmig = vf_info->mig_priv; 831 + 832 + ret = adf_gen4_vfmig_save_setup(mdev); 833 + if (ret) { 834 + dev_err(&GET_DEV(accel_dev), 835 + "Failed to save setup for vf_nr %d\n", vf_nr); 836 + return ret; 837 + } 838 + 839 + adf_mstate_mgr_init(vfmig->mstate_mgr, mdev->state + mdev->setup_size, 840 + mdev->state_size - mdev->setup_size); 841 + if (!adf_mstate_preamble_add(vfmig->mstate_mgr)) 842 + return -EINVAL; 843 + 844 + ret = adf_gen4_vfmig_save_generic(accel_dev, vf_nr); 845 + if (ret) { 846 + dev_err(&GET_DEV(accel_dev), 847 + "Failed to save generic state for vf_nr %d\n", vf_nr); 848 + return ret; 849 + } 850 + 851 + ret = adf_gen4_vfmig_save_misc(accel_dev, vf_nr); 852 + if (ret) { 853 + dev_err(&GET_DEV(accel_dev), 854 + "Failed to save misc bar state for vf_nr %d\n", vf_nr); 855 + return ret; 856 + } 857 + 858 + ret = adf_gen4_vfmig_save_etr(accel_dev, vf_nr); 859 + if (ret) { 860 + dev_err(&GET_DEV(accel_dev), 861 + "Failed to save etr bar state for vf_nr %d\n", vf_nr); 862 + return ret; 863 + } 864 + 865 + adf_mstate_preamble_update(vfmig->mstate_mgr); 866 + 867 + return 0; 868 + } 869 + 870 + static int adf_gen4_vfmig_load_state(struct qat_mig_dev *mdev) 871 + { 872 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 873 + struct adf_accel_vf_info *vf_info; 874 + struct adf_gen4_vfmig *vfmig; 875 + u32 vf_nr = mdev->vf_id; 876 + int ret; 877 + 878 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 879 + vfmig = vf_info->mig_priv; 880 + 881 + ret = adf_gen4_vfmig_load_setup(mdev, mdev->state_size); 882 + if (ret) { 883 + dev_err(&GET_DEV(accel_dev), "Failed to load setup for vf_nr %d\n", 884 + vf_nr); 885 + return ret; 886 + } 887 + 888 + ret = adf_mstate_mgr_init_from_remote(vfmig->mstate_mgr, 889 + mdev->state + mdev->remote_setup_size, 890 + mdev->state_size - mdev->remote_setup_size, 891 + NULL, NULL); 892 + if (ret) { 893 + dev_err(&GET_DEV(accel_dev), "Invalid state for vf_nr %d\n", 894 + vf_nr); 895 + return ret; 896 + } 897 + 898 + ret = adf_gen4_vfmig_load_generic(accel_dev, vf_nr); 899 + if (ret) { 900 + dev_err(&GET_DEV(accel_dev), 901 + "Failed to load general state for vf_nr %d\n", vf_nr); 902 + return ret; 903 + } 904 + 905 + ret = adf_gen4_vfmig_load_misc(accel_dev, vf_nr); 906 + if (ret) { 907 + dev_err(&GET_DEV(accel_dev), 908 + "Failed to load misc bar state for vf_nr %d\n", vf_nr); 909 + return ret; 910 + } 911 + 912 + ret = adf_gen4_vfmig_load_etr(accel_dev, vf_nr); 913 + if (ret) { 914 + dev_err(&GET_DEV(accel_dev), 915 + "Failed to load etr bar state for vf_nr %d\n", vf_nr); 916 + return ret; 917 + } 918 + 919 + return 0; 920 + } 921 + 922 + static int adf_gen4_vfmig_save_setup(struct qat_mig_dev *mdev) 923 + { 924 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 925 + struct adf_accel_vf_info *vf_info; 926 + struct adf_gen4_vfmig *vfmig; 927 + u32 vf_nr = mdev->vf_id; 928 + int ret; 929 + 930 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 931 + vfmig = vf_info->mig_priv; 932 + 933 + if (mdev->setup_size) 934 + return 0; 935 + 936 + adf_mstate_mgr_init(vfmig->mstate_mgr, mdev->state, mdev->state_size); 937 + if (!adf_mstate_preamble_add(vfmig->mstate_mgr)) 938 + return -EINVAL; 939 + 940 + ret = adf_gen4_vfmig_save_config(accel_dev, mdev->vf_id); 941 + if (ret) 942 + return ret; 943 + 944 + adf_mstate_preamble_update(vfmig->mstate_mgr); 945 + mdev->setup_size = adf_mstate_state_size(vfmig->mstate_mgr); 946 + 947 + return 0; 948 + } 949 + 950 + static int adf_gen4_vfmig_load_setup(struct qat_mig_dev *mdev, int len) 951 + { 952 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 953 + struct adf_accel_vf_info *vf_info; 954 + struct adf_gen4_vfmig *vfmig; 955 + u32 vf_nr = mdev->vf_id; 956 + u32 setup_size; 957 + int ret; 958 + 959 + vf_info = &accel_dev->pf.vf_info[vf_nr]; 960 + vfmig = vf_info->mig_priv; 961 + 962 + if (mdev->remote_setup_size) 963 + return 0; 964 + 965 + if (len < sizeof(struct adf_mstate_preh)) 966 + return -EAGAIN; 967 + 968 + adf_mstate_mgr_init(vfmig->mstate_mgr, mdev->state, mdev->state_size); 969 + setup_size = adf_mstate_state_size_from_remote(vfmig->mstate_mgr); 970 + if (setup_size > mdev->state_size) 971 + return -EINVAL; 972 + 973 + if (len < setup_size) 974 + return -EAGAIN; 975 + 976 + ret = adf_mstate_mgr_init_from_remote(vfmig->mstate_mgr, mdev->state, 977 + setup_size, NULL, NULL); 978 + if (ret) { 979 + dev_err(&GET_DEV(accel_dev), "Invalid setup for vf_nr %d\n", 980 + vf_nr); 981 + return ret; 982 + } 983 + 984 + mdev->remote_setup_size = setup_size; 985 + 986 + ret = adf_gen4_vfmig_load_config(accel_dev, vf_nr); 987 + if (ret) { 988 + dev_err(&GET_DEV(accel_dev), 989 + "Failed to load config for vf_nr %d\n", vf_nr); 990 + return ret; 991 + } 992 + 993 + return 0; 994 + } 995 + 996 + void adf_gen4_init_vf_mig_ops(struct qat_migdev_ops *vfmig_ops) 997 + { 998 + vfmig_ops->init = adf_gen4_vfmig_init_device; 999 + vfmig_ops->cleanup = adf_gen4_vfmig_cleanup_device; 1000 + vfmig_ops->reset = adf_gen4_vfmig_reset_device; 1001 + vfmig_ops->open = adf_gen4_vfmig_open_device; 1002 + vfmig_ops->close = adf_gen4_vfmig_close_device; 1003 + vfmig_ops->suspend = adf_gen4_vfmig_suspend_device; 1004 + vfmig_ops->resume = adf_gen4_vfmig_resume_device; 1005 + vfmig_ops->save_state = adf_gen4_vfmig_save_state; 1006 + vfmig_ops->load_state = adf_gen4_vfmig_load_state; 1007 + vfmig_ops->load_setup = adf_gen4_vfmig_load_setup; 1008 + vfmig_ops->save_setup = adf_gen4_vfmig_save_setup; 1009 + } 1010 + EXPORT_SYMBOL_GPL(adf_gen4_init_vf_mig_ops);

+10

drivers/crypto/intel/qat/qat_common/adf_gen4_vf_mig.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #ifndef ADF_GEN4_VF_MIG_H_ 4 + #define ADF_GEN4_VF_MIG_H_ 5 + 6 + #include "adf_accel_devices.h" 7 + 8 + void adf_gen4_init_vf_mig_ops(struct qat_migdev_ops *vfmig_ops); 9 + 10 + #endif

+318

drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + 4 + #include <linux/slab.h> 5 + #include <linux/types.h> 6 + #include "adf_mstate_mgr.h" 7 + 8 + #define ADF_MSTATE_MAGIC 0xADF5CAEA 9 + #define ADF_MSTATE_VERSION 0x1 10 + 11 + struct adf_mstate_sect_h { 12 + u8 id[ADF_MSTATE_ID_LEN]; 13 + u32 size; 14 + u32 sub_sects; 15 + u8 state[]; 16 + }; 17 + 18 + u32 adf_mstate_state_size(struct adf_mstate_mgr *mgr) 19 + { 20 + return mgr->state - mgr->buf; 21 + } 22 + 23 + static inline u32 adf_mstate_avail_room(struct adf_mstate_mgr *mgr) 24 + { 25 + return mgr->buf + mgr->size - mgr->state; 26 + } 27 + 28 + void adf_mstate_mgr_init(struct adf_mstate_mgr *mgr, u8 *buf, u32 size) 29 + { 30 + mgr->buf = buf; 31 + mgr->state = buf; 32 + mgr->size = size; 33 + mgr->n_sects = 0; 34 + }; 35 + 36 + struct adf_mstate_mgr *adf_mstate_mgr_new(u8 *buf, u32 size) 37 + { 38 + struct adf_mstate_mgr *mgr; 39 + 40 + mgr = kzalloc(sizeof(*mgr), GFP_KERNEL); 41 + if (!mgr) 42 + return NULL; 43 + 44 + adf_mstate_mgr_init(mgr, buf, size); 45 + 46 + return mgr; 47 + } 48 + 49 + void adf_mstate_mgr_destroy(struct adf_mstate_mgr *mgr) 50 + { 51 + kfree(mgr); 52 + } 53 + 54 + void adf_mstate_mgr_init_from_parent(struct adf_mstate_mgr *mgr, 55 + struct adf_mstate_mgr *p_mgr) 56 + { 57 + adf_mstate_mgr_init(mgr, p_mgr->state, 58 + p_mgr->size - adf_mstate_state_size(p_mgr)); 59 + } 60 + 61 + void adf_mstate_mgr_init_from_psect(struct adf_mstate_mgr *mgr, 62 + struct adf_mstate_sect_h *p_sect) 63 + { 64 + adf_mstate_mgr_init(mgr, p_sect->state, p_sect->size); 65 + mgr->n_sects = p_sect->sub_sects; 66 + } 67 + 68 + static void adf_mstate_preamble_init(struct adf_mstate_preh *preamble) 69 + { 70 + preamble->magic = ADF_MSTATE_MAGIC; 71 + preamble->version = ADF_MSTATE_VERSION; 72 + preamble->preh_len = sizeof(*preamble); 73 + preamble->size = 0; 74 + preamble->n_sects = 0; 75 + } 76 + 77 + /* default preambles checker */ 78 + static int adf_mstate_preamble_def_checker(struct adf_mstate_preh *preamble, 79 + void *opaque) 80 + { 81 + struct adf_mstate_mgr *mgr = opaque; 82 + 83 + if (preamble->magic != ADF_MSTATE_MAGIC || 84 + preamble->version > ADF_MSTATE_VERSION || 85 + preamble->preh_len > mgr->size) { 86 + pr_debug("QAT: LM - Invalid state (magic=%#x, version=%#x, hlen=%u), state_size=%u\n", 87 + preamble->magic, preamble->version, preamble->preh_len, 88 + mgr->size); 89 + return -EINVAL; 90 + } 91 + 92 + return 0; 93 + } 94 + 95 + struct adf_mstate_preh *adf_mstate_preamble_add(struct adf_mstate_mgr *mgr) 96 + { 97 + struct adf_mstate_preh *pre = (struct adf_mstate_preh *)mgr->buf; 98 + 99 + if (adf_mstate_avail_room(mgr) < sizeof(*pre)) { 100 + pr_err("QAT: LM - Not enough space for preamble\n"); 101 + return NULL; 102 + } 103 + 104 + adf_mstate_preamble_init(pre); 105 + mgr->state += pre->preh_len; 106 + 107 + return pre; 108 + } 109 + 110 + int adf_mstate_preamble_update(struct adf_mstate_mgr *mgr) 111 + { 112 + struct adf_mstate_preh *preamble = (struct adf_mstate_preh *)mgr->buf; 113 + 114 + preamble->size = adf_mstate_state_size(mgr) - preamble->preh_len; 115 + preamble->n_sects = mgr->n_sects; 116 + 117 + return 0; 118 + } 119 + 120 + static void adf_mstate_dump_sect(struct adf_mstate_sect_h *sect, 121 + const char *prefix) 122 + { 123 + pr_debug("QAT: LM - %s QAT state section %s\n", prefix, sect->id); 124 + print_hex_dump_debug("h-", DUMP_PREFIX_OFFSET, 16, 2, sect, 125 + sizeof(*sect), true); 126 + print_hex_dump_debug("s-", DUMP_PREFIX_OFFSET, 16, 2, sect->state, 127 + sect->size, true); 128 + } 129 + 130 + static inline void __adf_mstate_sect_update(struct adf_mstate_mgr *mgr, 131 + struct adf_mstate_sect_h *sect, 132 + u32 size, 133 + u32 n_subsects) 134 + { 135 + sect->size += size; 136 + sect->sub_sects += n_subsects; 137 + mgr->n_sects++; 138 + mgr->state += sect->size; 139 + 140 + adf_mstate_dump_sect(sect, "Add"); 141 + } 142 + 143 + void adf_mstate_sect_update(struct adf_mstate_mgr *p_mgr, 144 + struct adf_mstate_mgr *curr_mgr, 145 + struct adf_mstate_sect_h *sect) 146 + { 147 + __adf_mstate_sect_update(p_mgr, sect, adf_mstate_state_size(curr_mgr), 148 + curr_mgr->n_sects); 149 + } 150 + 151 + static struct adf_mstate_sect_h *adf_mstate_sect_add_header(struct adf_mstate_mgr *mgr, 152 + const char *id) 153 + { 154 + struct adf_mstate_sect_h *sect = (struct adf_mstate_sect_h *)(mgr->state); 155 + 156 + if (adf_mstate_avail_room(mgr) < sizeof(*sect)) { 157 + pr_debug("QAT: LM - Not enough space for header of QAT state sect %s\n", id); 158 + return NULL; 159 + } 160 + 161 + strscpy(sect->id, id, sizeof(sect->id)); 162 + sect->size = 0; 163 + sect->sub_sects = 0; 164 + mgr->state += sizeof(*sect); 165 + 166 + return sect; 167 + } 168 + 169 + struct adf_mstate_sect_h *adf_mstate_sect_add_vreg(struct adf_mstate_mgr *mgr, 170 + const char *id, 171 + struct adf_mstate_vreginfo *info) 172 + { 173 + struct adf_mstate_sect_h *sect; 174 + 175 + sect = adf_mstate_sect_add_header(mgr, id); 176 + if (!sect) 177 + return NULL; 178 + 179 + if (adf_mstate_avail_room(mgr) < info->size) { 180 + pr_debug("QAT: LM - Not enough space for QAT state sect %s, requires %u\n", 181 + id, info->size); 182 + return NULL; 183 + } 184 + 185 + memcpy(sect->state, info->addr, info->size); 186 + __adf_mstate_sect_update(mgr, sect, info->size, 0); 187 + 188 + return sect; 189 + } 190 + 191 + struct adf_mstate_sect_h *adf_mstate_sect_add(struct adf_mstate_mgr *mgr, 192 + const char *id, 193 + adf_mstate_populate populate, 194 + void *opaque) 195 + { 196 + struct adf_mstate_mgr sub_sects_mgr; 197 + struct adf_mstate_sect_h *sect; 198 + int avail_room, size; 199 + 200 + sect = adf_mstate_sect_add_header(mgr, id); 201 + if (!sect) 202 + return NULL; 203 + 204 + if (!populate) 205 + return sect; 206 + 207 + avail_room = adf_mstate_avail_room(mgr); 208 + adf_mstate_mgr_init_from_parent(&sub_sects_mgr, mgr); 209 + 210 + size = (*populate)(&sub_sects_mgr, sect->state, avail_room, opaque); 211 + if (size < 0) 212 + return NULL; 213 + 214 + size += adf_mstate_state_size(&sub_sects_mgr); 215 + if (avail_room < size) { 216 + pr_debug("QAT: LM - Not enough space for QAT state sect %s, requires %u\n", 217 + id, size); 218 + return NULL; 219 + } 220 + __adf_mstate_sect_update(mgr, sect, size, sub_sects_mgr.n_sects); 221 + 222 + return sect; 223 + } 224 + 225 + static int adf_mstate_sect_validate(struct adf_mstate_mgr *mgr) 226 + { 227 + struct adf_mstate_sect_h *start = (struct adf_mstate_sect_h *)mgr->state; 228 + struct adf_mstate_sect_h *sect = start; 229 + u64 end; 230 + int i; 231 + 232 + end = (uintptr_t)mgr->buf + mgr->size; 233 + for (i = 0; i < mgr->n_sects; i++) { 234 + uintptr_t s_start = (uintptr_t)sect->state; 235 + uintptr_t s_end = s_start + sect->size; 236 + 237 + if (s_end < s_start || s_end > end) { 238 + pr_debug("QAT: LM - Corrupted state section (index=%u, size=%u) in state_mgr (size=%u, secs=%u)\n", 239 + i, sect->size, mgr->size, mgr->n_sects); 240 + return -EINVAL; 241 + } 242 + sect = (struct adf_mstate_sect_h *)s_end; 243 + } 244 + 245 + pr_debug("QAT: LM - Scanned section (last child=%s, size=%lu) in state_mgr (size=%u, secs=%u)\n", 246 + start->id, sizeof(struct adf_mstate_sect_h) * (ulong)(sect - start), 247 + mgr->size, mgr->n_sects); 248 + 249 + return 0; 250 + } 251 + 252 + u32 adf_mstate_state_size_from_remote(struct adf_mstate_mgr *mgr) 253 + { 254 + struct adf_mstate_preh *preh = (struct adf_mstate_preh *)mgr->buf; 255 + 256 + return preh->preh_len + preh->size; 257 + } 258 + 259 + int adf_mstate_mgr_init_from_remote(struct adf_mstate_mgr *mgr, u8 *buf, u32 size, 260 + adf_mstate_preamble_checker pre_checker, 261 + void *opaque) 262 + { 263 + struct adf_mstate_preh *pre; 264 + int ret; 265 + 266 + adf_mstate_mgr_init(mgr, buf, size); 267 + pre = (struct adf_mstate_preh *)(mgr->buf); 268 + 269 + pr_debug("QAT: LM - Dump state preambles\n"); 270 + print_hex_dump_debug("", DUMP_PREFIX_OFFSET, 16, 2, pre, pre->preh_len, 0); 271 + 272 + if (pre_checker) 273 + ret = (*pre_checker)(pre, opaque); 274 + else 275 + ret = adf_mstate_preamble_def_checker(pre, mgr); 276 + if (ret) 277 + return ret; 278 + 279 + mgr->state = mgr->buf + pre->preh_len; 280 + mgr->n_sects = pre->n_sects; 281 + 282 + return adf_mstate_sect_validate(mgr); 283 + } 284 + 285 + struct adf_mstate_sect_h *adf_mstate_sect_lookup(struct adf_mstate_mgr *mgr, 286 + const char *id, 287 + adf_mstate_action action, 288 + void *opaque) 289 + { 290 + struct adf_mstate_sect_h *sect = (struct adf_mstate_sect_h *)mgr->state; 291 + struct adf_mstate_mgr sub_sects_mgr; 292 + int i, ret; 293 + 294 + for (i = 0; i < mgr->n_sects; i++) { 295 + if (!strncmp(sect->id, id, sizeof(sect->id))) 296 + goto found; 297 + 298 + sect = (struct adf_mstate_sect_h *)(sect->state + sect->size); 299 + } 300 + 301 + return NULL; 302 + 303 + found: 304 + adf_mstate_dump_sect(sect, "Found"); 305 + 306 + adf_mstate_mgr_init_from_psect(&sub_sects_mgr, sect); 307 + if (sect->sub_sects && adf_mstate_sect_validate(&sub_sects_mgr)) 308 + return NULL; 309 + 310 + if (!action) 311 + return sect; 312 + 313 + ret = (*action)(&sub_sects_mgr, sect->state, sect->size, opaque); 314 + if (ret) 315 + return NULL; 316 + 317 + return sect; 318 + }

+89

drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + 4 + #ifndef ADF_MSTATE_MGR_H 5 + #define ADF_MSTATE_MGR_H 6 + 7 + #define ADF_MSTATE_ID_LEN 8 8 + 9 + #define ADF_MSTATE_ETRB_IDS "ETRBAR" 10 + #define ADF_MSTATE_MISCB_IDS "MISCBAR" 11 + #define ADF_MSTATE_EXTB_IDS "EXTBAR" 12 + #define ADF_MSTATE_GEN_IDS "GENER" 13 + #define ADF_MSTATE_CONFIG_IDS "CONFIG" 14 + #define ADF_MSTATE_SECTION_NUM 5 15 + 16 + #define ADF_MSTATE_BANK_IDX_IDS "bnk" 17 + 18 + #define ADF_MSTATE_ETR_REGS_IDS "mregs" 19 + #define ADF_MSTATE_VINTSRC_IDS "visrc" 20 + #define ADF_MSTATE_VINTMSK_IDS "vimsk" 21 + #define ADF_MSTATE_SLA_IDS "sla" 22 + #define ADF_MSTATE_IOV_INIT_IDS "iovinit" 23 + #define ADF_MSTATE_COMPAT_VER_IDS "compver" 24 + #define ADF_MSTATE_GEN_CAP_IDS "gencap" 25 + #define ADF_MSTATE_GEN_SVCMAP_IDS "svcmap" 26 + #define ADF_MSTATE_GEN_EXTDC_IDS "extdc" 27 + #define ADF_MSTATE_VINTSRC_PF2VM_IDS "vispv" 28 + #define ADF_MSTATE_VINTMSK_PF2VM_IDS "vimpv" 29 + #define ADF_MSTATE_VM2PF_IDS "vm2pf" 30 + #define ADF_MSTATE_PF2VM_IDS "pf2vm" 31 + 32 + struct adf_mstate_mgr { 33 + u8 *buf; 34 + u8 *state; 35 + u32 size; 36 + u32 n_sects; 37 + }; 38 + 39 + struct adf_mstate_preh { 40 + u32 magic; 41 + u32 version; 42 + u16 preh_len; 43 + u16 n_sects; 44 + u32 size; 45 + }; 46 + 47 + struct adf_mstate_vreginfo { 48 + void *addr; 49 + u32 size; 50 + }; 51 + 52 + struct adf_mstate_sect_h; 53 + 54 + typedef int (*adf_mstate_preamble_checker)(struct adf_mstate_preh *preamble, void *opa); 55 + typedef int (*adf_mstate_populate)(struct adf_mstate_mgr *sub_mgr, u8 *buf, 56 + u32 size, void *opa); 57 + typedef int (*adf_mstate_action)(struct adf_mstate_mgr *sub_mgr, u8 *buf, u32 size, 58 + void *opa); 59 + 60 + struct adf_mstate_mgr *adf_mstate_mgr_new(u8 *buf, u32 size); 61 + void adf_mstate_mgr_destroy(struct adf_mstate_mgr *mgr); 62 + void adf_mstate_mgr_init(struct adf_mstate_mgr *mgr, u8 *buf, u32 size); 63 + void adf_mstate_mgr_init_from_parent(struct adf_mstate_mgr *mgr, 64 + struct adf_mstate_mgr *p_mgr); 65 + void adf_mstate_mgr_init_from_psect(struct adf_mstate_mgr *mgr, 66 + struct adf_mstate_sect_h *p_sect); 67 + int adf_mstate_mgr_init_from_remote(struct adf_mstate_mgr *mgr, 68 + u8 *buf, u32 size, 69 + adf_mstate_preamble_checker checker, 70 + void *opaque); 71 + struct adf_mstate_preh *adf_mstate_preamble_add(struct adf_mstate_mgr *mgr); 72 + int adf_mstate_preamble_update(struct adf_mstate_mgr *mgr); 73 + u32 adf_mstate_state_size(struct adf_mstate_mgr *mgr); 74 + u32 adf_mstate_state_size_from_remote(struct adf_mstate_mgr *mgr); 75 + void adf_mstate_sect_update(struct adf_mstate_mgr *p_mgr, 76 + struct adf_mstate_mgr *curr_mgr, 77 + struct adf_mstate_sect_h *sect); 78 + struct adf_mstate_sect_h *adf_mstate_sect_add_vreg(struct adf_mstate_mgr *mgr, 79 + const char *id, 80 + struct adf_mstate_vreginfo *info); 81 + struct adf_mstate_sect_h *adf_mstate_sect_add(struct adf_mstate_mgr *mgr, 82 + const char *id, 83 + adf_mstate_populate populate, 84 + void *opaque); 85 + struct adf_mstate_sect_h *adf_mstate_sect_lookup(struct adf_mstate_mgr *mgr, 86 + const char *id, 87 + adf_mstate_action action, 88 + void *opaque); 89 + #endif

+1 -7

drivers/crypto/intel/qat/qat_common/adf_pfvf_pf_proto.c

··· 242 242 "VersionRequest received from VF%d (vers %d) to PF (vers %d)\n", 243 243 vf_nr, vf_compat_ver, ADF_PFVF_COMPAT_THIS_VERSION); 244 244 245 - if (vf_compat_ver == 0) 246 - compat = ADF_PF2VF_VF_INCOMPATIBLE; 247 - else if (vf_compat_ver <= ADF_PFVF_COMPAT_THIS_VERSION) 248 - compat = ADF_PF2VF_VF_COMPATIBLE; 249 - else 250 - compat = ADF_PF2VF_VF_COMPAT_UNKNOWN; 251 - 245 + compat = adf_vf_compat_checker(vf_compat_ver); 252 246 vf_info->vf_compat_ver = vf_compat_ver; 253 247 254 248 resp->type = ADF_PF2VF_MSGTYPE_VERSION_RESP;

+11

drivers/crypto/intel/qat/qat_common/adf_pfvf_utils.h

··· 28 28 struct pfvf_message adf_pfvf_message_of(struct adf_accel_dev *accel_dev, u32 raw_msg, 29 29 const struct pfvf_csr_format *fmt); 30 30 31 + static inline u8 adf_vf_compat_checker(u8 vf_compat_ver) 32 + { 33 + if (vf_compat_ver == 0) 34 + return ADF_PF2VF_VF_INCOMPATIBLE; 35 + 36 + if (vf_compat_ver <= ADF_PFVF_COMPAT_THIS_VERSION) 37 + return ADF_PF2VF_VF_COMPATIBLE; 38 + 39 + return ADF_PF2VF_VF_COMPAT_UNKNOWN; 40 + } 41 + 31 42 #endif /* ADF_PFVF_UTILS_H */

+6 -6

drivers/crypto/intel/qat/qat_common/adf_rl.c

··· 183 183 } 184 184 185 185 /** 186 - * get_sla_arr_of_type() - Returns a pointer to SLA type specific array 186 + * adf_rl_get_sla_arr_of_type() - Returns a pointer to SLA type specific array 187 187 * @rl_data: pointer to ratelimiting data 188 188 * @type: SLA type 189 189 * @sla_arr: pointer to variable where requested pointer will be stored 190 190 * 191 191 * Return: Max number of elements allowed for the returned array 192 192 */ 193 - static u32 get_sla_arr_of_type(struct adf_rl *rl_data, enum rl_node_type type, 193 + u32 adf_rl_get_sla_arr_of_type(struct adf_rl *rl_data, enum rl_node_type type, 194 194 struct rl_sla ***sla_arr) 195 195 { 196 196 switch (type) { ··· 778 778 rp_in_use[sla->ring_pairs_ids[i]] = false; 779 779 780 780 update_budget(sla, old_cir, true); 781 - get_sla_arr_of_type(rl_data, sla->type, &sla_type_arr); 781 + adf_rl_get_sla_arr_of_type(rl_data, sla->type, &sla_type_arr); 782 782 assign_node_to_parent(rl_data->accel_dev, sla, true); 783 783 adf_rl_send_admin_delete_msg(rl_data->accel_dev, node_id, sla->type); 784 784 mark_rps_usage(sla, rl_data->rp_in_use, false); ··· 875 875 876 876 if (!is_update) { 877 877 mark_rps_usage(sla, rl_data->rp_in_use, true); 878 - get_sla_arr_of_type(rl_data, sla->type, &sla_type_arr); 878 + adf_rl_get_sla_arr_of_type(rl_data, sla->type, &sla_type_arr); 879 879 sla_type_arr[sla->node_id] = sla; 880 880 rl_data->sla[sla->sla_id] = sla; 881 881 } ··· 1065 1065 1066 1066 /* Unregister and remove all SLAs */ 1067 1067 for (j = RL_LEAF; j >= end_type; j--) { 1068 - max_id = get_sla_arr_of_type(rl_data, j, &sla_type_arr); 1068 + max_id = adf_rl_get_sla_arr_of_type(rl_data, j, &sla_type_arr); 1069 1069 1070 1070 for (i = 0; i < max_id; i++) { 1071 1071 if (!sla_type_arr[i]) ··· 1125 1125 } 1126 1126 1127 1127 if ((fw_caps & RL_CAPABILITY_MASK) != RL_CAPABILITY_VALUE) { 1128 - dev_info(&GET_DEV(accel_dev), "not supported\n"); 1128 + dev_info(&GET_DEV(accel_dev), "feature not supported by FW\n"); 1129 1129 ret = -EOPNOTSUPP; 1130 1130 goto ret_free; 1131 1131 }

+2

drivers/crypto/intel/qat/qat_common/adf_rl.h

··· 151 151 u16 ring_pairs_cnt; 152 152 }; 153 153 154 + u32 adf_rl_get_sla_arr_of_type(struct adf_rl *rl_data, enum rl_node_type type, 155 + struct rl_sla ***sla_arr); 154 156 int adf_rl_add_sla(struct adf_accel_dev *accel_dev, 155 157 struct adf_rl_sla_input_data *sla_in); 156 158 int adf_rl_update_sla(struct adf_accel_dev *accel_dev,

+6 -1

drivers/crypto/intel/qat/qat_common/adf_sriov.c

··· 26 26 u32 vf_nr = vf_info->vf_nr; 27 27 bool ret; 28 28 29 + mutex_lock(&vf_info->pfvf_mig_lock); 29 30 ret = adf_recv_and_handle_vf2pf_msg(accel_dev, vf_nr); 30 31 if (ret) 31 32 /* re-enable interrupt on PF from this VF */ 32 33 adf_enable_vf2pf_interrupts(accel_dev, 1 << vf_nr); 34 + mutex_unlock(&vf_info->pfvf_mig_lock); 33 35 34 36 kfree(pf2vf_resp); 35 37 } ··· 64 62 vf_info->vf_nr = i; 65 63 66 64 mutex_init(&vf_info->pf2vf_lock); 65 + mutex_init(&vf_info->pfvf_mig_lock); 67 66 ratelimit_state_init(&vf_info->vf2pf_ratelimit, 68 67 ADF_VF2PF_RATELIMIT_INTERVAL, 69 68 ADF_VF2PF_RATELIMIT_BURST); ··· 141 138 if (hw_data->configure_iov_threads) 142 139 hw_data->configure_iov_threads(accel_dev, false); 143 140 144 - for (i = 0, vf = accel_dev->pf.vf_info; i < totalvfs; i++, vf++) 141 + for (i = 0, vf = accel_dev->pf.vf_info; i < totalvfs; i++, vf++) { 145 142 mutex_destroy(&vf->pf2vf_lock); 143 + mutex_destroy(&vf->pfvf_mig_lock); 144 + } 146 145 147 146 if (!test_bit(ADF_STATUS_RESTARTING, &accel_dev->status)) { 148 147 kfree(accel_dev->pf.vf_info);

+21

drivers/crypto/intel/qat/qat_common/adf_telemetry.c

··· 41 41 return 0; 42 42 } 43 43 44 + static int validate_tl_slice_counters(struct icp_qat_fw_init_admin_slice_cnt *slice_count, 45 + u8 max_slices_per_type) 46 + { 47 + u8 *sl_counter = (u8 *)slice_count; 48 + int i; 49 + 50 + for (i = 0; i < ADF_TL_SL_CNT_COUNT; i++) { 51 + if (sl_counter[i] > max_slices_per_type) 52 + return -EINVAL; 53 + } 54 + 55 + return 0; 56 + } 57 + 44 58 static int adf_tl_alloc_mem(struct adf_accel_dev *accel_dev) 45 59 { 46 60 struct adf_tl_hw_data *tl_data = &GET_TL_DATA(accel_dev); ··· 225 211 &telemetry->slice_cnt); 226 212 if (ret) { 227 213 dev_err(dev, "failed to start telemetry\n"); 214 + return ret; 215 + } 216 + 217 + ret = validate_tl_slice_counters(&telemetry->slice_cnt, tl_data->max_sl_cnt); 218 + if (ret) { 219 + dev_err(dev, "invalid value returned by FW\n"); 220 + adf_send_admin_tl_stop(accel_dev); 228 221 return ret; 229 222 } 230 223

+1

drivers/crypto/intel/qat/qat_common/adf_telemetry.h

··· 40 40 u8 num_dev_counters; 41 41 u8 num_rp_counters; 42 42 u8 max_rp; 43 + u8 max_sl_cnt; 43 44 }; 44 45 45 46 struct adf_telemetry {

+1 -3

drivers/crypto/intel/qat/qat_common/adf_transport.c

··· 474 474 int adf_init_etr_data(struct adf_accel_dev *accel_dev) 475 475 { 476 476 struct adf_etr_data *etr_data; 477 - struct adf_hw_device_data *hw_data = accel_dev->hw_device; 478 477 void __iomem *csr_addr; 479 478 u32 size; 480 479 u32 num_banks = 0; ··· 494 495 } 495 496 496 497 accel_dev->transport = etr_data; 497 - i = hw_data->get_etr_bar_id(hw_data); 498 - csr_addr = accel_dev->accel_pci_dev.pci_bars[i].virt_addr; 498 + csr_addr = adf_get_etr_base(accel_dev); 499 499 500 500 /* accel_dev->debugfs_dir should always be non-NULL here */ 501 501 etr_data->debug = debugfs_create_dir("transport",

+60 -6

drivers/crypto/intel/qat/qat_common/qat_asym_algs.c

··· 110 110 unsigned int p_size; 111 111 bool g2; 112 112 struct qat_crypto_instance *inst; 113 + struct crypto_kpp *ftfm; 114 + bool fallback; 113 115 } __packed __aligned(64); 114 116 115 117 struct qat_asym_request { ··· 383 381 return ret; 384 382 } 385 383 384 + static int qat_dh_generate_public_key(struct kpp_request *req) 385 + { 386 + struct kpp_request *nreq = kpp_request_ctx(req); 387 + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 388 + struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm); 389 + 390 + if (ctx->fallback) { 391 + memcpy(nreq, req, sizeof(*req)); 392 + kpp_request_set_tfm(nreq, ctx->ftfm); 393 + return crypto_kpp_generate_public_key(nreq); 394 + } 395 + 396 + return qat_dh_compute_value(req); 397 + } 398 + 399 + static int qat_dh_compute_shared_secret(struct kpp_request *req) 400 + { 401 + struct kpp_request *nreq = kpp_request_ctx(req); 402 + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 403 + struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm); 404 + 405 + if (ctx->fallback) { 406 + memcpy(nreq, req, sizeof(*req)); 407 + kpp_request_set_tfm(nreq, ctx->ftfm); 408 + return crypto_kpp_compute_shared_secret(nreq); 409 + } 410 + 411 + return qat_dh_compute_value(req); 412 + } 413 + 386 414 static int qat_dh_check_params_length(unsigned int p_len) 387 415 { 388 416 switch (p_len) { ··· 429 397 { 430 398 struct qat_crypto_instance *inst = ctx->inst; 431 399 struct device *dev = &GET_DEV(inst->accel_dev); 432 - 433 - if (qat_dh_check_params_length(params->p_size << 3)) 434 - return -EINVAL; 435 400 436 401 ctx->p_size = params->p_size; 437 402 ctx->p = dma_alloc_coherent(dev, ctx->p_size, &ctx->dma_p, GFP_KERNEL); ··· 483 454 if (crypto_dh_decode_key(buf, len, &params) < 0) 484 455 return -EINVAL; 485 456 457 + if (qat_dh_check_params_length(params.p_size << 3)) { 458 + ctx->fallback = true; 459 + return crypto_kpp_set_secret(ctx->ftfm, buf, len); 460 + } 461 + 462 + ctx->fallback = false; 463 + 486 464 /* Free old secret if any */ 487 465 qat_dh_clear_ctx(dev, ctx); 488 466 ··· 517 481 { 518 482 struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm); 519 483 484 + if (ctx->fallback) 485 + return crypto_kpp_maxsize(ctx->ftfm); 486 + 520 487 return ctx->p_size; 521 488 } 522 489 ··· 528 489 struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm); 529 490 struct qat_crypto_instance *inst = 530 491 qat_crypto_get_instance_node(numa_node_id()); 492 + const char *alg = kpp_alg_name(tfm); 493 + unsigned int reqsize; 531 494 532 495 if (!inst) 533 496 return -EINVAL; 534 497 535 - kpp_set_reqsize(tfm, sizeof(struct qat_asym_request) + 64); 498 + ctx->ftfm = crypto_alloc_kpp(alg, 0, CRYPTO_ALG_NEED_FALLBACK); 499 + if (IS_ERR(ctx->ftfm)) 500 + return PTR_ERR(ctx->ftfm); 501 + 502 + crypto_kpp_set_flags(ctx->ftfm, crypto_kpp_get_flags(tfm)); 503 + 504 + reqsize = max(sizeof(struct qat_asym_request) + 64, 505 + sizeof(struct kpp_request) + crypto_kpp_reqsize(ctx->ftfm)); 506 + 507 + kpp_set_reqsize(tfm, reqsize); 536 508 537 509 ctx->p_size = 0; 538 510 ctx->g2 = false; ··· 555 505 { 556 506 struct qat_dh_ctx *ctx = kpp_tfm_ctx(tfm); 557 507 struct device *dev = &GET_DEV(ctx->inst->accel_dev); 508 + 509 + if (ctx->ftfm) 510 + crypto_free_kpp(ctx->ftfm); 558 511 559 512 qat_dh_clear_ctx(dev, ctx); 560 513 qat_crypto_put_instance(ctx->inst); ··· 1318 1265 1319 1266 static struct kpp_alg dh = { 1320 1267 .set_secret = qat_dh_set_secret, 1321 - .generate_public_key = qat_dh_compute_value, 1322 - .compute_shared_secret = qat_dh_compute_value, 1268 + .generate_public_key = qat_dh_generate_public_key, 1269 + .compute_shared_secret = qat_dh_compute_shared_secret, 1323 1270 .max_size = qat_dh_max_size, 1324 1271 .init = qat_dh_init_tfm, 1325 1272 .exit = qat_dh_exit_tfm, ··· 1329 1276 .cra_priority = 1000, 1330 1277 .cra_module = THIS_MODULE, 1331 1278 .cra_ctxsize = sizeof(struct qat_dh_ctx), 1279 + .cra_flags = CRYPTO_ALG_NEED_FALLBACK, 1332 1280 }, 1333 1281 }; 1334 1282

+4 -2

drivers/crypto/intel/qat/qat_common/qat_bl.c

··· 81 81 if (unlikely(!bufl)) 82 82 return -ENOMEM; 83 83 } else { 84 - bufl = &buf->sgl_src.sgl_hdr; 84 + bufl = container_of(&buf->sgl_src.sgl_hdr, 85 + struct qat_alg_buf_list, hdr); 85 86 memset(bufl, 0, sizeof(struct qat_alg_buf_list)); 86 87 buf->sgl_src_valid = true; 87 88 } ··· 140 139 if (unlikely(!buflout)) 141 140 goto err_in; 142 141 } else { 143 - buflout = &buf->sgl_dst.sgl_hdr; 142 + buflout = container_of(&buf->sgl_dst.sgl_hdr, 143 + struct qat_alg_buf_list, hdr); 144 144 memset(buflout, 0, sizeof(struct qat_alg_buf_list)); 145 145 buf->sgl_dst_valid = true; 146 146 }

+7 -4

drivers/crypto/intel/qat/qat_common/qat_bl.h

··· 15 15 } __packed; 16 16 17 17 struct qat_alg_buf_list { 18 - u64 resrvd; 19 - u32 num_bufs; 20 - u32 num_mapped_bufs; 18 + /* New members must be added within the __struct_group() macro below. */ 19 + __struct_group(qat_alg_buf_list_hdr, hdr, __packed, 20 + u64 resrvd; 21 + u32 num_bufs; 22 + u32 num_mapped_bufs; 23 + ); 21 24 struct qat_alg_buf buffers[]; 22 25 } __packed; 23 26 24 27 struct qat_alg_fixed_buf_list { 25 - struct qat_alg_buf_list sgl_hdr; 28 + struct qat_alg_buf_list_hdr sgl_hdr; 26 29 struct qat_alg_buf descriptors[QAT_MAX_BUFF_DESC]; 27 30 } __packed __aligned(64); 28 31

+130

drivers/crypto/intel/qat/qat_common/qat_mig_dev.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #include <linux/dev_printk.h> 4 + #include <linux/export.h> 5 + #include <linux/pci.h> 6 + #include <linux/types.h> 7 + #include <linux/qat/qat_mig_dev.h> 8 + #include "adf_accel_devices.h" 9 + #include "adf_common_drv.h" 10 + 11 + struct qat_mig_dev *qat_vfmig_create(struct pci_dev *pdev, int vf_id) 12 + { 13 + struct adf_accel_dev *accel_dev; 14 + struct qat_migdev_ops *ops; 15 + struct qat_mig_dev *mdev; 16 + 17 + accel_dev = adf_devmgr_pci_to_accel_dev(pdev); 18 + if (!accel_dev) 19 + return ERR_PTR(-ENODEV); 20 + 21 + ops = GET_VFMIG_OPS(accel_dev); 22 + if (!ops || !ops->init || !ops->cleanup || !ops->reset || !ops->open || 23 + !ops->close || !ops->suspend || !ops->resume || !ops->save_state || 24 + !ops->load_state || !ops->save_setup || !ops->load_setup) 25 + return ERR_PTR(-EINVAL); 26 + 27 + mdev = kmalloc(sizeof(*mdev), GFP_KERNEL); 28 + if (!mdev) 29 + return ERR_PTR(-ENOMEM); 30 + 31 + mdev->vf_id = vf_id; 32 + mdev->parent_accel_dev = accel_dev; 33 + 34 + return mdev; 35 + } 36 + EXPORT_SYMBOL_GPL(qat_vfmig_create); 37 + 38 + int qat_vfmig_init(struct qat_mig_dev *mdev) 39 + { 40 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 41 + 42 + return GET_VFMIG_OPS(accel_dev)->init(mdev); 43 + } 44 + EXPORT_SYMBOL_GPL(qat_vfmig_init); 45 + 46 + void qat_vfmig_cleanup(struct qat_mig_dev *mdev) 47 + { 48 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 49 + 50 + return GET_VFMIG_OPS(accel_dev)->cleanup(mdev); 51 + } 52 + EXPORT_SYMBOL_GPL(qat_vfmig_cleanup); 53 + 54 + void qat_vfmig_reset(struct qat_mig_dev *mdev) 55 + { 56 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 57 + 58 + return GET_VFMIG_OPS(accel_dev)->reset(mdev); 59 + } 60 + EXPORT_SYMBOL_GPL(qat_vfmig_reset); 61 + 62 + int qat_vfmig_open(struct qat_mig_dev *mdev) 63 + { 64 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 65 + 66 + return GET_VFMIG_OPS(accel_dev)->open(mdev); 67 + } 68 + EXPORT_SYMBOL_GPL(qat_vfmig_open); 69 + 70 + void qat_vfmig_close(struct qat_mig_dev *mdev) 71 + { 72 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 73 + 74 + GET_VFMIG_OPS(accel_dev)->close(mdev); 75 + } 76 + EXPORT_SYMBOL_GPL(qat_vfmig_close); 77 + 78 + int qat_vfmig_suspend(struct qat_mig_dev *mdev) 79 + { 80 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 81 + 82 + return GET_VFMIG_OPS(accel_dev)->suspend(mdev); 83 + } 84 + EXPORT_SYMBOL_GPL(qat_vfmig_suspend); 85 + 86 + int qat_vfmig_resume(struct qat_mig_dev *mdev) 87 + { 88 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 89 + 90 + return GET_VFMIG_OPS(accel_dev)->resume(mdev); 91 + } 92 + EXPORT_SYMBOL_GPL(qat_vfmig_resume); 93 + 94 + int qat_vfmig_save_state(struct qat_mig_dev *mdev) 95 + { 96 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 97 + 98 + return GET_VFMIG_OPS(accel_dev)->save_state(mdev); 99 + } 100 + EXPORT_SYMBOL_GPL(qat_vfmig_save_state); 101 + 102 + int qat_vfmig_save_setup(struct qat_mig_dev *mdev) 103 + { 104 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 105 + 106 + return GET_VFMIG_OPS(accel_dev)->save_setup(mdev); 107 + } 108 + EXPORT_SYMBOL_GPL(qat_vfmig_save_setup); 109 + 110 + int qat_vfmig_load_state(struct qat_mig_dev *mdev) 111 + { 112 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 113 + 114 + return GET_VFMIG_OPS(accel_dev)->load_state(mdev); 115 + } 116 + EXPORT_SYMBOL_GPL(qat_vfmig_load_state); 117 + 118 + int qat_vfmig_load_setup(struct qat_mig_dev *mdev, int size) 119 + { 120 + struct adf_accel_dev *accel_dev = mdev->parent_accel_dev; 121 + 122 + return GET_VFMIG_OPS(accel_dev)->load_setup(mdev, size); 123 + } 124 + EXPORT_SYMBOL_GPL(qat_vfmig_load_setup); 125 + 126 + void qat_vfmig_destroy(struct qat_mig_dev *mdev) 127 + { 128 + kfree(mdev); 129 + } 130 + EXPORT_SYMBOL_GPL(qat_vfmig_destroy);

+1

drivers/crypto/intel/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c

··· 5 5 #include <adf_common_drv.h> 6 6 #include <adf_gen2_config.h> 7 7 #include <adf_gen2_dc.h> 8 + #include <adf_gen2_hw_csr_data.h> 8 9 #include <adf_gen2_hw_data.h> 9 10 #include <adf_gen2_pfvf.h> 10 11 #include "adf_dh895xcc_hw_data.h"

+1

drivers/crypto/intel/qat/qat_dh895xccvf/adf_dh895xccvf_hw_data.c

··· 4 4 #include <adf_common_drv.h> 5 5 #include <adf_gen2_config.h> 6 6 #include <adf_gen2_dc.h> 7 + #include <adf_gen2_hw_csr_data.h> 7 8 #include <adf_gen2_hw_data.h> 8 9 #include <adf_gen2_pfvf.h> 9 10 #include <adf_pfvf_vf_msg.h>

+4

drivers/crypto/marvell/octeontx2/cn10k_cpt.c

··· 138 138 return -ENOMEM; 139 139 cptr_dma = dma_map_single(&pdev->dev, hctx, CN10K_CPT_HW_CTX_SIZE, 140 140 DMA_BIDIRECTIONAL); 141 + if (dma_mapping_error(&pdev->dev, cptr_dma)) { 142 + kfree(hctx); 143 + return -ENOMEM; 144 + } 141 145 142 146 cn10k_cpt_hw_ctx_set(hctx, 1); 143 147 er_ctx->hw_ctx = hctx;

+4 -2

drivers/crypto/nx/nx-842.c

··· 251 251 u8 *dst, unsigned int *dlen) 252 252 { 253 253 struct nx842_crypto_ctx *ctx = crypto_tfm_ctx(tfm); 254 - struct nx842_crypto_header *hdr = &ctx->header; 254 + struct nx842_crypto_header *hdr = 255 + container_of(&ctx->header, 256 + struct nx842_crypto_header, hdr); 255 257 struct nx842_crypto_param p; 256 258 struct nx842_constraints c = *ctx->driver->constraints; 257 259 unsigned int groups, hdrsize, h; ··· 492 490 } 493 491 494 492 memcpy(&ctx->header, src, hdr_len); 495 - hdr = &ctx->header; 493 + hdr = container_of(&ctx->header, struct nx842_crypto_header, hdr); 496 494 497 495 for (n = 0; n < hdr->groups; n++) { 498 496 /* ignore applies to last group */

+6 -4

drivers/crypto/nx/nx-842.h

··· 157 157 } __packed; 158 158 159 159 struct nx842_crypto_header { 160 - __be16 magic; /* NX842_CRYPTO_MAGIC */ 161 - __be16 ignore; /* decompressed end bytes to ignore */ 162 - u8 groups; /* total groups in this header */ 160 + struct_group_tagged(nx842_crypto_header_hdr, hdr, 161 + __be16 magic; /* NX842_CRYPTO_MAGIC */ 162 + __be16 ignore; /* decompressed end bytes to ignore */ 163 + u8 groups; /* total groups in this header */ 164 + ); 163 165 struct nx842_crypto_header_group group[]; 164 166 } __packed; 165 167 ··· 173 171 u8 *wmem; 174 172 u8 *sbounce, *dbounce; 175 173 176 - struct nx842_crypto_header header; 174 + struct nx842_crypto_header_hdr header; 177 175 struct nx842_crypto_header_group group[NX842_CRYPTO_GROUP_MAX]; 178 176 179 177 struct nx842_driver *driver;

+8 -8

drivers/crypto/sahara.c

··· 559 559 struct sahara_ctx *ctx; 560 560 struct sahara_aes_reqctx *rctx; 561 561 int ret; 562 - unsigned long timeout; 562 + unsigned long time_left; 563 563 564 564 /* Request is ready to be dispatched by the device */ 565 565 dev_dbg(dev->device, ··· 597 597 if (ret) 598 598 return -EINVAL; 599 599 600 - timeout = wait_for_completion_timeout(&dev->dma_completion, 601 - msecs_to_jiffies(SAHARA_TIMEOUT_MS)); 600 + time_left = wait_for_completion_timeout(&dev->dma_completion, 601 + msecs_to_jiffies(SAHARA_TIMEOUT_MS)); 602 602 603 603 dma_unmap_sg(dev->device, dev->out_sg, dev->nb_out_sg, 604 604 DMA_FROM_DEVICE); 605 605 dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 606 606 DMA_TO_DEVICE); 607 607 608 - if (!timeout) { 608 + if (!time_left) { 609 609 dev_err(dev->device, "AES timeout\n"); 610 610 return -ETIMEDOUT; 611 611 } ··· 931 931 struct sahara_dev *dev = dev_ptr; 932 932 struct sahara_sha_reqctx *rctx = ahash_request_ctx(req); 933 933 int ret; 934 - unsigned long timeout; 934 + unsigned long time_left; 935 935 936 936 ret = sahara_sha_prepare_request(req); 937 937 if (!ret) ··· 963 963 964 964 sahara_write(dev, dev->hw_phys_desc[0], SAHARA_REG_DAR); 965 965 966 - timeout = wait_for_completion_timeout(&dev->dma_completion, 967 - msecs_to_jiffies(SAHARA_TIMEOUT_MS)); 966 + time_left = wait_for_completion_timeout(&dev->dma_completion, 967 + msecs_to_jiffies(SAHARA_TIMEOUT_MS)); 968 968 969 969 if (rctx->sg_in_idx) 970 970 dma_unmap_sg(dev->device, dev->in_sg, dev->nb_in_sg, 971 971 DMA_TO_DEVICE); 972 972 973 - if (!timeout) { 973 + if (!time_left) { 974 974 dev_err(dev->device, "SHA timeout\n"); 975 975 return -ETIMEDOUT; 976 976 }

+4

drivers/crypto/starfive/Kconfig

··· 14 14 select CRYPTO_RSA 15 15 select CRYPTO_AES 16 16 select CRYPTO_CCM 17 + select CRYPTO_GCM 18 + select CRYPTO_ECB 19 + select CRYPTO_CBC 20 + select CRYPTO_CTR 17 21 help 18 22 Support for StarFive JH7110 crypto hardware acceleration engine. 19 23 This module provides acceleration for public key algo,

+400 -203

drivers/crypto/starfive/jh7110-aes.c

··· 78 78 return (cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_GCM; 79 79 } 80 80 81 - static inline int is_encrypt(struct starfive_cryp_dev *cryp) 81 + static inline bool is_encrypt(struct starfive_cryp_dev *cryp) 82 82 { 83 83 return cryp->flags & FLG_ENCRYPT; 84 84 } ··· 101 101 writel(value, cryp->base + STARFIVE_AES_CSR); 102 102 break; 103 103 } 104 - } 105 - 106 - static inline void starfive_aes_set_ivlen(struct starfive_cryp_ctx *ctx) 107 - { 108 - struct starfive_cryp_dev *cryp = ctx->cryp; 109 - 110 - if (is_gcm(cryp)) 111 - writel(GCM_AES_IV_SIZE, cryp->base + STARFIVE_AES_IVLEN); 112 - else 113 - writel(AES_BLOCK_SIZE, cryp->base + STARFIVE_AES_IVLEN); 114 104 } 115 105 116 106 static inline void starfive_aes_set_alen(struct starfive_cryp_ctx *ctx) ··· 251 261 252 262 rctx->csr.aes.mode = hw_mode; 253 263 rctx->csr.aes.cmode = !is_encrypt(cryp); 254 - rctx->csr.aes.ie = 1; 255 264 rctx->csr.aes.stmode = STARFIVE_AES_MODE_XFB_1; 256 265 257 266 if (cryp->side_chan) { ··· 268 279 case STARFIVE_AES_MODE_GCM: 269 280 starfive_aes_set_alen(ctx); 270 281 starfive_aes_set_mlen(ctx); 271 - starfive_aes_set_ivlen(ctx); 282 + writel(GCM_AES_IV_SIZE, cryp->base + STARFIVE_AES_IVLEN); 272 283 starfive_aes_aead_hw_start(ctx, hw_mode); 273 284 starfive_aes_write_iv(ctx, (void *)cryp->req.areq->iv); 274 285 break; ··· 289 300 return cryp->err; 290 301 } 291 302 292 - static int starfive_aes_read_authtag(struct starfive_cryp_dev *cryp) 303 + static int starfive_aes_read_authtag(struct starfive_cryp_ctx *ctx) 293 304 { 294 - int i, start_addr; 305 + struct starfive_cryp_dev *cryp = ctx->cryp; 306 + struct starfive_cryp_request_ctx *rctx = ctx->rctx; 307 + int i; 295 308 296 309 if (starfive_aes_wait_busy(cryp)) 297 310 return dev_err_probe(cryp->dev, -ETIMEDOUT, 298 311 "Timeout waiting for tag generation."); 299 312 300 - start_addr = STARFIVE_AES_NONCE0; 301 - 302 - if (is_gcm(cryp)) 303 - for (i = 0; i < AES_BLOCK_32; i++, start_addr += 4) 304 - cryp->tag_out[i] = readl(cryp->base + start_addr); 305 - else 313 + if ((cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_GCM) { 314 + cryp->tag_out[0] = readl(cryp->base + STARFIVE_AES_NONCE0); 315 + cryp->tag_out[1] = readl(cryp->base + STARFIVE_AES_NONCE1); 316 + cryp->tag_out[2] = readl(cryp->base + STARFIVE_AES_NONCE2); 317 + cryp->tag_out[3] = readl(cryp->base + STARFIVE_AES_NONCE3); 318 + } else { 306 319 for (i = 0; i < AES_BLOCK_32; i++) 307 320 cryp->tag_out[i] = readl(cryp->base + STARFIVE_AES_AESDIO0R); 321 + } 308 322 309 323 if (is_encrypt(cryp)) { 310 - scatterwalk_copychunks(cryp->tag_out, &cryp->out_walk, cryp->authsize, 1); 324 + scatterwalk_map_and_copy(cryp->tag_out, rctx->out_sg, 325 + cryp->total_in, cryp->authsize, 1); 311 326 } else { 312 - scatterwalk_copychunks(cryp->tag_in, &cryp->in_walk, cryp->authsize, 0); 313 - 314 327 if (crypto_memneq(cryp->tag_in, cryp->tag_out, cryp->authsize)) 315 - return dev_err_probe(cryp->dev, -EBADMSG, "Failed tag verification\n"); 328 + return -EBADMSG; 316 329 } 317 330 318 331 return 0; 319 332 } 320 333 321 - static void starfive_aes_finish_req(struct starfive_cryp_dev *cryp) 334 + static void starfive_aes_finish_req(struct starfive_cryp_ctx *ctx) 322 335 { 323 - union starfive_aes_csr csr; 336 + struct starfive_cryp_dev *cryp = ctx->cryp; 324 337 int err = cryp->err; 325 338 326 339 if (!err && cryp->authsize) 327 - err = starfive_aes_read_authtag(cryp); 340 + err = starfive_aes_read_authtag(ctx); 328 341 329 342 if (!err && ((cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_CBC || 330 343 (cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_CTR)) 331 344 starfive_aes_get_iv(cryp, (void *)cryp->req.sreq->iv); 332 - 333 - /* reset irq flags*/ 334 - csr.v = 0; 335 - csr.aesrst = 1; 336 - writel(csr.v, cryp->base + STARFIVE_AES_CSR); 337 345 338 346 if (cryp->authsize) 339 347 crypto_finalize_aead_request(cryp->engine, cryp->req.areq, err); 340 348 else 341 349 crypto_finalize_skcipher_request(cryp->engine, cryp->req.sreq, 342 350 err); 343 - } 344 - 345 - void starfive_aes_done_task(unsigned long param) 346 - { 347 - struct starfive_cryp_dev *cryp = (struct starfive_cryp_dev *)param; 348 - u32 block[AES_BLOCK_32]; 349 - u32 stat; 350 - int i; 351 - 352 - for (i = 0; i < AES_BLOCK_32; i++) 353 - block[i] = readl(cryp->base + STARFIVE_AES_AESDIO0R); 354 - 355 - scatterwalk_copychunks(block, &cryp->out_walk, min_t(size_t, AES_BLOCK_SIZE, 356 - cryp->total_out), 1); 357 - 358 - cryp->total_out -= min_t(size_t, AES_BLOCK_SIZE, cryp->total_out); 359 - 360 - if (!cryp->total_out) { 361 - starfive_aes_finish_req(cryp); 362 - return; 363 - } 364 - 365 - memset(block, 0, AES_BLOCK_SIZE); 366 - scatterwalk_copychunks(block, &cryp->in_walk, min_t(size_t, AES_BLOCK_SIZE, 367 - cryp->total_in), 0); 368 - cryp->total_in -= min_t(size_t, AES_BLOCK_SIZE, cryp->total_in); 369 - 370 - for (i = 0; i < AES_BLOCK_32; i++) 371 - writel(block[i], cryp->base + STARFIVE_AES_AESDIO0R); 372 - 373 - stat = readl(cryp->base + STARFIVE_IE_MASK_OFFSET); 374 - stat &= ~STARFIVE_IE_MASK_AES_DONE; 375 - writel(stat, cryp->base + STARFIVE_IE_MASK_OFFSET); 376 351 } 377 352 378 353 static int starfive_aes_gcm_write_adata(struct starfive_cryp_ctx *ctx) ··· 404 451 return 0; 405 452 } 406 453 407 - static int starfive_aes_prepare_req(struct skcipher_request *req, 408 - struct aead_request *areq) 454 + static void starfive_aes_dma_done(void *param) 409 455 { 410 - struct starfive_cryp_ctx *ctx; 411 - struct starfive_cryp_request_ctx *rctx; 412 - struct starfive_cryp_dev *cryp; 456 + struct starfive_cryp_dev *cryp = param; 413 457 414 - if (!req && !areq) 415 - return -EINVAL; 458 + complete(&cryp->dma_done); 459 + } 416 460 417 - ctx = req ? crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)) : 418 - crypto_aead_ctx(crypto_aead_reqtfm(areq)); 461 + static void starfive_aes_dma_init(struct starfive_cryp_dev *cryp) 462 + { 463 + cryp->cfg_in.direction = DMA_MEM_TO_DEV; 464 + cryp->cfg_in.src_addr_width = DMA_SLAVE_BUSWIDTH_16_BYTES; 465 + cryp->cfg_in.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 466 + cryp->cfg_in.src_maxburst = cryp->dma_maxburst; 467 + cryp->cfg_in.dst_maxburst = cryp->dma_maxburst; 468 + cryp->cfg_in.dst_addr = cryp->phys_base + STARFIVE_ALG_FIFO_OFFSET; 419 469 420 - cryp = ctx->cryp; 421 - rctx = req ? skcipher_request_ctx(req) : aead_request_ctx(areq); 470 + dmaengine_slave_config(cryp->tx, &cryp->cfg_in); 422 471 423 - if (req) { 424 - cryp->req.sreq = req; 425 - cryp->total_in = req->cryptlen; 426 - cryp->total_out = req->cryptlen; 427 - cryp->assoclen = 0; 428 - cryp->authsize = 0; 472 + cryp->cfg_out.direction = DMA_DEV_TO_MEM; 473 + cryp->cfg_out.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 474 + cryp->cfg_out.dst_addr_width = DMA_SLAVE_BUSWIDTH_16_BYTES; 475 + cryp->cfg_out.src_maxburst = 4; 476 + cryp->cfg_out.dst_maxburst = 4; 477 + cryp->cfg_out.src_addr = cryp->phys_base + STARFIVE_ALG_FIFO_OFFSET; 478 + 479 + dmaengine_slave_config(cryp->rx, &cryp->cfg_out); 480 + 481 + init_completion(&cryp->dma_done); 482 + } 483 + 484 + static int starfive_aes_dma_xfer(struct starfive_cryp_dev *cryp, 485 + struct scatterlist *src, 486 + struct scatterlist *dst, 487 + int len) 488 + { 489 + struct dma_async_tx_descriptor *in_desc, *out_desc; 490 + union starfive_alg_cr alg_cr; 491 + int ret = 0, in_save, out_save; 492 + 493 + alg_cr.v = 0; 494 + alg_cr.start = 1; 495 + alg_cr.aes_dma_en = 1; 496 + writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 497 + 498 + in_save = sg_dma_len(src); 499 + out_save = sg_dma_len(dst); 500 + 501 + writel(ALIGN(len, AES_BLOCK_SIZE), cryp->base + STARFIVE_DMA_IN_LEN_OFFSET); 502 + writel(ALIGN(len, AES_BLOCK_SIZE), cryp->base + STARFIVE_DMA_OUT_LEN_OFFSET); 503 + 504 + sg_dma_len(src) = ALIGN(len, AES_BLOCK_SIZE); 505 + sg_dma_len(dst) = ALIGN(len, AES_BLOCK_SIZE); 506 + 507 + out_desc = dmaengine_prep_slave_sg(cryp->rx, dst, 1, DMA_DEV_TO_MEM, 508 + DMA_PREP_INTERRUPT | DMA_CTRL_ACK); 509 + if (!out_desc) { 510 + ret = -EINVAL; 511 + goto dma_err; 512 + } 513 + 514 + out_desc->callback = starfive_aes_dma_done; 515 + out_desc->callback_param = cryp; 516 + 517 + reinit_completion(&cryp->dma_done); 518 + dmaengine_submit(out_desc); 519 + dma_async_issue_pending(cryp->rx); 520 + 521 + in_desc = dmaengine_prep_slave_sg(cryp->tx, src, 1, DMA_MEM_TO_DEV, 522 + DMA_PREP_INTERRUPT | DMA_CTRL_ACK); 523 + if (!in_desc) { 524 + ret = -EINVAL; 525 + goto dma_err; 526 + } 527 + 528 + dmaengine_submit(in_desc); 529 + dma_async_issue_pending(cryp->tx); 530 + 531 + if (!wait_for_completion_timeout(&cryp->dma_done, 532 + msecs_to_jiffies(1000))) 533 + ret = -ETIMEDOUT; 534 + 535 + dma_err: 536 + sg_dma_len(src) = in_save; 537 + sg_dma_len(dst) = out_save; 538 + 539 + alg_cr.v = 0; 540 + alg_cr.clear = 1; 541 + writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 542 + 543 + return ret; 544 + } 545 + 546 + static int starfive_aes_map_sg(struct starfive_cryp_dev *cryp, 547 + struct scatterlist *src, 548 + struct scatterlist *dst) 549 + { 550 + struct scatterlist *stsg, *dtsg; 551 + struct scatterlist _src[2], _dst[2]; 552 + unsigned int remain = cryp->total_in; 553 + unsigned int len, src_nents, dst_nents; 554 + int ret; 555 + 556 + if (src == dst) { 557 + for (stsg = src, dtsg = dst; remain > 0; 558 + stsg = sg_next(stsg), dtsg = sg_next(dtsg)) { 559 + src_nents = dma_map_sg(cryp->dev, stsg, 1, DMA_BIDIRECTIONAL); 560 + if (src_nents == 0) 561 + return dev_err_probe(cryp->dev, -ENOMEM, 562 + "dma_map_sg error\n"); 563 + 564 + dst_nents = src_nents; 565 + len = min(sg_dma_len(stsg), remain); 566 + 567 + ret = starfive_aes_dma_xfer(cryp, stsg, dtsg, len); 568 + dma_unmap_sg(cryp->dev, stsg, 1, DMA_BIDIRECTIONAL); 569 + if (ret) 570 + return ret; 571 + 572 + remain -= len; 573 + } 429 574 } else { 430 - cryp->req.areq = areq; 431 - cryp->assoclen = areq->assoclen; 432 - cryp->authsize = crypto_aead_authsize(crypto_aead_reqtfm(areq)); 433 - if (is_encrypt(cryp)) { 434 - cryp->total_in = areq->cryptlen; 435 - cryp->total_out = areq->cryptlen; 436 - } else { 437 - cryp->total_in = areq->cryptlen - cryp->authsize; 438 - cryp->total_out = cryp->total_in; 575 + for (stsg = src, dtsg = dst;;) { 576 + src_nents = dma_map_sg(cryp->dev, stsg, 1, DMA_TO_DEVICE); 577 + if (src_nents == 0) 578 + return dev_err_probe(cryp->dev, -ENOMEM, 579 + "dma_map_sg src error\n"); 580 + 581 + dst_nents = dma_map_sg(cryp->dev, dtsg, 1, DMA_FROM_DEVICE); 582 + if (dst_nents == 0) 583 + return dev_err_probe(cryp->dev, -ENOMEM, 584 + "dma_map_sg dst error\n"); 585 + 586 + len = min(sg_dma_len(stsg), sg_dma_len(dtsg)); 587 + len = min(len, remain); 588 + 589 + ret = starfive_aes_dma_xfer(cryp, stsg, dtsg, len); 590 + dma_unmap_sg(cryp->dev, stsg, 1, DMA_TO_DEVICE); 591 + dma_unmap_sg(cryp->dev, dtsg, 1, DMA_FROM_DEVICE); 592 + if (ret) 593 + return ret; 594 + 595 + remain -= len; 596 + if (remain == 0) 597 + break; 598 + 599 + if (sg_dma_len(stsg) - len) { 600 + stsg = scatterwalk_ffwd(_src, stsg, len); 601 + dtsg = sg_next(dtsg); 602 + } else if (sg_dma_len(dtsg) - len) { 603 + dtsg = scatterwalk_ffwd(_dst, dtsg, len); 604 + stsg = sg_next(stsg); 605 + } else { 606 + stsg = sg_next(stsg); 607 + dtsg = sg_next(dtsg); 608 + } 439 609 } 440 610 } 441 611 442 - rctx->in_sg = req ? req->src : areq->src; 443 - scatterwalk_start(&cryp->in_walk, rctx->in_sg); 444 - 445 - rctx->out_sg = req ? req->dst : areq->dst; 446 - scatterwalk_start(&cryp->out_walk, rctx->out_sg); 447 - 448 - if (cryp->assoclen) { 449 - rctx->adata = kzalloc(cryp->assoclen + AES_BLOCK_SIZE, GFP_KERNEL); 450 - if (!rctx->adata) 451 - return dev_err_probe(cryp->dev, -ENOMEM, 452 - "Failed to alloc memory for adata"); 453 - 454 - scatterwalk_copychunks(rctx->adata, &cryp->in_walk, cryp->assoclen, 0); 455 - scatterwalk_copychunks(NULL, &cryp->out_walk, cryp->assoclen, 2); 456 - } 457 - 458 - ctx->rctx = rctx; 459 - 460 - return starfive_aes_hw_init(ctx); 612 + return 0; 461 613 } 462 614 463 615 static int starfive_aes_do_one_req(struct crypto_engine *engine, void *areq) ··· 571 513 container_of(areq, struct skcipher_request, base); 572 514 struct starfive_cryp_ctx *ctx = 573 515 crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 516 + struct starfive_cryp_request_ctx *rctx = skcipher_request_ctx(req); 574 517 struct starfive_cryp_dev *cryp = ctx->cryp; 575 - u32 block[AES_BLOCK_32]; 576 - u32 stat; 577 - int err; 578 - int i; 518 + int ret; 579 519 580 - err = starfive_aes_prepare_req(req, NULL); 581 - if (err) 582 - return err; 520 + cryp->req.sreq = req; 521 + cryp->total_in = req->cryptlen; 522 + cryp->total_out = req->cryptlen; 523 + cryp->assoclen = 0; 524 + cryp->authsize = 0; 583 525 584 - /* 585 - * Write first plain/ciphertext block to start the module 586 - * then let irq tasklet handle the rest of the data blocks. 587 - */ 588 - scatterwalk_copychunks(block, &cryp->in_walk, min_t(size_t, AES_BLOCK_SIZE, 589 - cryp->total_in), 0); 590 - cryp->total_in -= min_t(size_t, AES_BLOCK_SIZE, cryp->total_in); 526 + rctx->in_sg = req->src; 527 + rctx->out_sg = req->dst; 591 528 592 - for (i = 0; i < AES_BLOCK_32; i++) 593 - writel(block[i], cryp->base + STARFIVE_AES_AESDIO0R); 529 + ctx->rctx = rctx; 594 530 595 - stat = readl(cryp->base + STARFIVE_IE_MASK_OFFSET); 596 - stat &= ~STARFIVE_IE_MASK_AES_DONE; 597 - writel(stat, cryp->base + STARFIVE_IE_MASK_OFFSET); 531 + ret = starfive_aes_hw_init(ctx); 532 + if (ret) 533 + return ret; 534 + 535 + if (!cryp->total_in) 536 + goto finish_req; 537 + 538 + starfive_aes_dma_init(cryp); 539 + 540 + ret = starfive_aes_map_sg(cryp, rctx->in_sg, rctx->out_sg); 541 + if (ret) 542 + return ret; 543 + 544 + finish_req: 545 + starfive_aes_finish_req(ctx); 598 546 599 547 return 0; 600 548 } 601 549 602 - static int starfive_aes_init_tfm(struct crypto_skcipher *tfm) 550 + static int starfive_aes_init_tfm(struct crypto_skcipher *tfm, 551 + const char *alg_name) 603 552 { 604 553 struct starfive_cryp_ctx *ctx = crypto_skcipher_ctx(tfm); 605 554 ··· 614 549 if (!ctx->cryp) 615 550 return -ENODEV; 616 551 552 + ctx->skcipher_fbk = crypto_alloc_skcipher(alg_name, 0, 553 + CRYPTO_ALG_NEED_FALLBACK); 554 + if (IS_ERR(ctx->skcipher_fbk)) 555 + return dev_err_probe(ctx->cryp->dev, PTR_ERR(ctx->skcipher_fbk), 556 + "%s() failed to allocate fallback for %s\n", 557 + __func__, alg_name); 558 + 617 559 crypto_skcipher_set_reqsize(tfm, sizeof(struct starfive_cryp_request_ctx) + 618 - sizeof(struct skcipher_request)); 560 + crypto_skcipher_reqsize(ctx->skcipher_fbk)); 619 561 620 562 return 0; 563 + } 564 + 565 + static void starfive_aes_exit_tfm(struct crypto_skcipher *tfm) 566 + { 567 + struct starfive_cryp_ctx *ctx = crypto_skcipher_ctx(tfm); 568 + 569 + crypto_free_skcipher(ctx->skcipher_fbk); 621 570 } 622 571 623 572 static int starfive_aes_aead_do_one_req(struct crypto_engine *engine, void *areq) ··· 641 562 struct starfive_cryp_ctx *ctx = 642 563 crypto_aead_ctx(crypto_aead_reqtfm(req)); 643 564 struct starfive_cryp_dev *cryp = ctx->cryp; 644 - struct starfive_cryp_request_ctx *rctx; 645 - u32 block[AES_BLOCK_32]; 646 - u32 stat; 647 - int err; 648 - int i; 565 + struct starfive_cryp_request_ctx *rctx = aead_request_ctx(req); 566 + struct scatterlist _src[2], _dst[2]; 567 + int ret; 649 568 650 - err = starfive_aes_prepare_req(NULL, req); 651 - if (err) 652 - return err; 569 + cryp->req.areq = req; 570 + cryp->assoclen = req->assoclen; 571 + cryp->authsize = crypto_aead_authsize(crypto_aead_reqtfm(req)); 653 572 654 - rctx = ctx->rctx; 573 + rctx->in_sg = scatterwalk_ffwd(_src, req->src, cryp->assoclen); 574 + if (req->src == req->dst) 575 + rctx->out_sg = rctx->in_sg; 576 + else 577 + rctx->out_sg = scatterwalk_ffwd(_dst, req->dst, cryp->assoclen); 578 + 579 + if (is_encrypt(cryp)) { 580 + cryp->total_in = req->cryptlen; 581 + cryp->total_out = req->cryptlen; 582 + } else { 583 + cryp->total_in = req->cryptlen - cryp->authsize; 584 + cryp->total_out = cryp->total_in; 585 + scatterwalk_map_and_copy(cryp->tag_in, req->src, 586 + cryp->total_in + cryp->assoclen, 587 + cryp->authsize, 0); 588 + } 589 + 590 + if (cryp->assoclen) { 591 + rctx->adata = kzalloc(cryp->assoclen + AES_BLOCK_SIZE, GFP_KERNEL); 592 + if (!rctx->adata) 593 + return dev_err_probe(cryp->dev, -ENOMEM, 594 + "Failed to alloc memory for adata"); 595 + 596 + if (sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, cryp->assoclen), 597 + rctx->adata, cryp->assoclen) != cryp->assoclen) 598 + return -EINVAL; 599 + } 600 + 601 + if (cryp->total_in) 602 + sg_zero_buffer(rctx->in_sg, sg_nents(rctx->in_sg), 603 + sg_dma_len(rctx->in_sg) - cryp->total_in, 604 + cryp->total_in); 605 + 606 + ctx->rctx = rctx; 607 + 608 + ret = starfive_aes_hw_init(ctx); 609 + if (ret) 610 + return ret; 655 611 656 612 if (!cryp->assoclen) 657 613 goto write_text; 658 614 659 615 if ((cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_CCM) 660 - cryp->err = starfive_aes_ccm_write_adata(ctx); 616 + ret = starfive_aes_ccm_write_adata(ctx); 661 617 else 662 - cryp->err = starfive_aes_gcm_write_adata(ctx); 618 + ret = starfive_aes_gcm_write_adata(ctx); 663 619 664 620 kfree(rctx->adata); 665 621 666 - if (cryp->err) 667 - return cryp->err; 622 + if (ret) 623 + return ret; 668 624 669 625 write_text: 670 626 if (!cryp->total_in) 671 627 goto finish_req; 672 628 673 - /* 674 - * Write first plain/ciphertext block to start the module 675 - * then let irq tasklet handle the rest of the data blocks. 676 - */ 677 - scatterwalk_copychunks(block, &cryp->in_walk, min_t(size_t, AES_BLOCK_SIZE, 678 - cryp->total_in), 0); 679 - cryp->total_in -= min_t(size_t, AES_BLOCK_SIZE, cryp->total_in); 629 + starfive_aes_dma_init(cryp); 680 630 681 - for (i = 0; i < AES_BLOCK_32; i++) 682 - writel(block[i], cryp->base + STARFIVE_AES_AESDIO0R); 683 - 684 - stat = readl(cryp->base + STARFIVE_IE_MASK_OFFSET); 685 - stat &= ~STARFIVE_IE_MASK_AES_DONE; 686 - writel(stat, cryp->base + STARFIVE_IE_MASK_OFFSET); 687 - 688 - return 0; 631 + ret = starfive_aes_map_sg(cryp, rctx->in_sg, rctx->out_sg); 632 + if (ret) 633 + return ret; 689 634 690 635 finish_req: 691 - starfive_aes_finish_req(cryp); 636 + starfive_aes_finish_req(ctx); 692 637 return 0; 693 638 } 694 639 695 - static int starfive_aes_aead_init_tfm(struct crypto_aead *tfm) 640 + static int starfive_aes_aead_init_tfm(struct crypto_aead *tfm, 641 + const char *alg_name) 696 642 { 697 643 struct starfive_cryp_ctx *ctx = crypto_aead_ctx(tfm); 698 - struct starfive_cryp_dev *cryp = ctx->cryp; 699 - struct crypto_tfm *aead = crypto_aead_tfm(tfm); 700 - struct crypto_alg *alg = aead->__crt_alg; 701 644 702 645 ctx->cryp = starfive_cryp_find_dev(ctx); 703 646 if (!ctx->cryp) 704 647 return -ENODEV; 705 648 706 - if (alg->cra_flags & CRYPTO_ALG_NEED_FALLBACK) { 707 - ctx->aead_fbk = crypto_alloc_aead(alg->cra_name, 0, 708 - CRYPTO_ALG_NEED_FALLBACK); 709 - if (IS_ERR(ctx->aead_fbk)) 710 - return dev_err_probe(cryp->dev, PTR_ERR(ctx->aead_fbk), 711 - "%s() failed to allocate fallback for %s\n", 712 - __func__, alg->cra_name); 713 - } 649 + ctx->aead_fbk = crypto_alloc_aead(alg_name, 0, 650 + CRYPTO_ALG_NEED_FALLBACK); 651 + if (IS_ERR(ctx->aead_fbk)) 652 + return dev_err_probe(ctx->cryp->dev, PTR_ERR(ctx->aead_fbk), 653 + "%s() failed to allocate fallback for %s\n", 654 + __func__, alg_name); 714 655 715 - crypto_aead_set_reqsize(tfm, sizeof(struct starfive_cryp_ctx) + 716 - sizeof(struct aead_request)); 656 + crypto_aead_set_reqsize(tfm, sizeof(struct starfive_cryp_request_ctx) + 657 + crypto_aead_reqsize(ctx->aead_fbk)); 717 658 718 659 return 0; 719 660 } ··· 743 644 struct starfive_cryp_ctx *ctx = crypto_aead_ctx(tfm); 744 645 745 646 crypto_free_aead(ctx->aead_fbk); 647 + } 648 + 649 + static bool starfive_aes_check_unaligned(struct starfive_cryp_dev *cryp, 650 + struct scatterlist *src, 651 + struct scatterlist *dst) 652 + { 653 + struct scatterlist *tsg; 654 + int i; 655 + 656 + for_each_sg(src, tsg, sg_nents(src), i) 657 + if (!IS_ALIGNED(tsg->offset, sizeof(u32)) || 658 + (!IS_ALIGNED(tsg->length, AES_BLOCK_SIZE) && 659 + !sg_is_last(tsg))) 660 + return true; 661 + 662 + if (src != dst) 663 + for_each_sg(dst, tsg, sg_nents(dst), i) 664 + if (!IS_ALIGNED(tsg->offset, sizeof(u32)) || 665 + (!IS_ALIGNED(tsg->length, AES_BLOCK_SIZE) && 666 + !sg_is_last(tsg))) 667 + return true; 668 + 669 + return false; 670 + } 671 + 672 + static int starfive_aes_do_fallback(struct skcipher_request *req, bool enc) 673 + { 674 + struct starfive_cryp_ctx *ctx = 675 + crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 676 + struct skcipher_request *subreq = skcipher_request_ctx(req); 677 + 678 + skcipher_request_set_tfm(subreq, ctx->skcipher_fbk); 679 + skcipher_request_set_callback(subreq, req->base.flags, 680 + req->base.complete, 681 + req->base.data); 682 + skcipher_request_set_crypt(subreq, req->src, req->dst, 683 + req->cryptlen, req->iv); 684 + 685 + return enc ? crypto_skcipher_encrypt(subreq) : 686 + crypto_skcipher_decrypt(subreq); 746 687 } 747 688 748 689 static int starfive_aes_crypt(struct skcipher_request *req, unsigned long flags) ··· 799 660 if (req->cryptlen & blocksize_align) 800 661 return -EINVAL; 801 662 663 + if (starfive_aes_check_unaligned(cryp, req->src, req->dst)) 664 + return starfive_aes_do_fallback(req, is_encrypt(cryp)); 665 + 802 666 return crypto_transfer_skcipher_request_to_engine(cryp->engine, req); 667 + } 668 + 669 + static int starfive_aes_aead_do_fallback(struct aead_request *req, bool enc) 670 + { 671 + struct starfive_cryp_ctx *ctx = 672 + crypto_aead_ctx(crypto_aead_reqtfm(req)); 673 + struct aead_request *subreq = aead_request_ctx(req); 674 + 675 + aead_request_set_tfm(subreq, ctx->aead_fbk); 676 + aead_request_set_callback(subreq, req->base.flags, 677 + req->base.complete, 678 + req->base.data); 679 + aead_request_set_crypt(subreq, req->src, req->dst, 680 + req->cryptlen, req->iv); 681 + aead_request_set_ad(subreq, req->assoclen); 682 + 683 + return enc ? crypto_aead_encrypt(subreq) : 684 + crypto_aead_decrypt(subreq); 803 685 } 804 686 805 687 static int starfive_aes_aead_crypt(struct aead_request *req, unsigned long flags) 806 688 { 807 689 struct starfive_cryp_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req)); 808 690 struct starfive_cryp_dev *cryp = ctx->cryp; 691 + struct scatterlist *src, *dst, _src[2], _dst[2]; 809 692 810 693 cryp->flags = flags; 811 694 812 - /* 813 - * HW engine could not perform CCM tag verification on 814 - * non-blocksize aligned text, use fallback algo instead 695 + /* aes-ccm does not support tag verification for non-aligned text, 696 + * use fallback for ccm decryption instead. 815 697 */ 816 - if (ctx->aead_fbk && !is_encrypt(cryp)) { 817 - struct aead_request *subreq = aead_request_ctx(req); 698 + if (((cryp->flags & FLG_MODE_MASK) == STARFIVE_AES_MODE_CCM) && 699 + !is_encrypt(cryp)) 700 + return starfive_aes_aead_do_fallback(req, 0); 818 701 819 - aead_request_set_tfm(subreq, ctx->aead_fbk); 820 - aead_request_set_callback(subreq, req->base.flags, 821 - req->base.complete, req->base.data); 822 - aead_request_set_crypt(subreq, req->src, 823 - req->dst, req->cryptlen, req->iv); 824 - aead_request_set_ad(subreq, req->assoclen); 702 + src = scatterwalk_ffwd(_src, req->src, req->assoclen); 825 703 826 - return crypto_aead_decrypt(subreq); 827 - } 704 + if (req->src == req->dst) 705 + dst = src; 706 + else 707 + dst = scatterwalk_ffwd(_dst, req->dst, req->assoclen); 708 + 709 + if (starfive_aes_check_unaligned(cryp, src, dst)) 710 + return starfive_aes_aead_do_fallback(req, is_encrypt(cryp)); 828 711 829 712 return crypto_transfer_aead_request_to_engine(cryp->engine, req); 830 713 } ··· 867 706 memcpy(ctx->key, key, keylen); 868 707 ctx->keylen = keylen; 869 708 870 - return 0; 709 + return crypto_skcipher_setkey(ctx->skcipher_fbk, key, keylen); 871 710 } 872 711 873 712 static int starfive_aes_aead_setkey(struct crypto_aead *tfm, const u8 *key, ··· 886 725 memcpy(ctx->key, key, keylen); 887 726 ctx->keylen = keylen; 888 727 889 - if (ctx->aead_fbk) 890 - return crypto_aead_setkey(ctx->aead_fbk, key, keylen); 891 - 892 - return 0; 728 + return crypto_aead_setkey(ctx->aead_fbk, key, keylen); 893 729 } 894 730 895 731 static int starfive_aes_gcm_setauthsize(struct crypto_aead *tfm, 896 732 unsigned int authsize) 897 733 { 898 - return crypto_gcm_check_authsize(authsize); 734 + struct starfive_cryp_ctx *ctx = crypto_aead_ctx(tfm); 735 + int ret; 736 + 737 + ret = crypto_gcm_check_authsize(authsize); 738 + if (ret) 739 + return ret; 740 + 741 + return crypto_aead_setauthsize(ctx->aead_fbk, authsize); 899 742 } 900 743 901 744 static int starfive_aes_ccm_setauthsize(struct crypto_aead *tfm, ··· 985 820 return starfive_aes_aead_crypt(req, STARFIVE_AES_MODE_CCM); 986 821 } 987 822 823 + static int starfive_aes_ecb_init_tfm(struct crypto_skcipher *tfm) 824 + { 825 + return starfive_aes_init_tfm(tfm, "ecb(aes-generic)"); 826 + } 827 + 828 + static int starfive_aes_cbc_init_tfm(struct crypto_skcipher *tfm) 829 + { 830 + return starfive_aes_init_tfm(tfm, "cbc(aes-generic)"); 831 + } 832 + 833 + static int starfive_aes_ctr_init_tfm(struct crypto_skcipher *tfm) 834 + { 835 + return starfive_aes_init_tfm(tfm, "ctr(aes-generic)"); 836 + } 837 + 838 + static int starfive_aes_ccm_init_tfm(struct crypto_aead *tfm) 839 + { 840 + return starfive_aes_aead_init_tfm(tfm, "ccm_base(ctr(aes-generic),cbcmac(aes-generic))"); 841 + } 842 + 843 + static int starfive_aes_gcm_init_tfm(struct crypto_aead *tfm) 844 + { 845 + return starfive_aes_aead_init_tfm(tfm, "gcm_base(ctr(aes-generic),ghash-generic)"); 846 + } 847 + 988 848 static struct skcipher_engine_alg skcipher_algs[] = { 989 849 { 990 - .base.init = starfive_aes_init_tfm, 850 + .base.init = starfive_aes_ecb_init_tfm, 851 + .base.exit = starfive_aes_exit_tfm, 991 852 .base.setkey = starfive_aes_setkey, 992 853 .base.encrypt = starfive_aes_ecb_encrypt, 993 854 .base.decrypt = starfive_aes_ecb_decrypt, ··· 1023 832 .cra_name = "ecb(aes)", 1024 833 .cra_driver_name = "starfive-ecb-aes", 1025 834 .cra_priority = 200, 1026 - .cra_flags = CRYPTO_ALG_ASYNC, 835 + .cra_flags = CRYPTO_ALG_ASYNC | 836 + CRYPTO_ALG_NEED_FALLBACK, 1027 837 .cra_blocksize = AES_BLOCK_SIZE, 1028 838 .cra_ctxsize = sizeof(struct starfive_cryp_ctx), 1029 839 .cra_alignmask = 0xf, ··· 1034 842 .do_one_request = starfive_aes_do_one_req, 1035 843 }, 1036 844 }, { 1037 - .base.init = starfive_aes_init_tfm, 845 + .base.init = starfive_aes_cbc_init_tfm, 846 + .base.exit = starfive_aes_exit_tfm, 1038 847 .base.setkey = starfive_aes_setkey, 1039 848 .base.encrypt = starfive_aes_cbc_encrypt, 1040 849 .base.decrypt = starfive_aes_cbc_decrypt, ··· 1046 853 .cra_name = "cbc(aes)", 1047 854 .cra_driver_name = "starfive-cbc-aes", 1048 855 .cra_priority = 200, 1049 - .cra_flags = CRYPTO_ALG_ASYNC, 856 + .cra_flags = CRYPTO_ALG_ASYNC | 857 + CRYPTO_ALG_NEED_FALLBACK, 1050 858 .cra_blocksize = AES_BLOCK_SIZE, 1051 859 .cra_ctxsize = sizeof(struct starfive_cryp_ctx), 1052 860 .cra_alignmask = 0xf, ··· 1057 863 .do_one_request = starfive_aes_do_one_req, 1058 864 }, 1059 865 }, { 1060 - .base.init = starfive_aes_init_tfm, 866 + .base.init = starfive_aes_ctr_init_tfm, 867 + .base.exit = starfive_aes_exit_tfm, 1061 868 .base.setkey = starfive_aes_setkey, 1062 869 .base.encrypt = starfive_aes_ctr_encrypt, 1063 870 .base.decrypt = starfive_aes_ctr_decrypt, ··· 1069 874 .cra_name = "ctr(aes)", 1070 875 .cra_driver_name = "starfive-ctr-aes", 1071 876 .cra_priority = 200, 1072 - .cra_flags = CRYPTO_ALG_ASYNC, 877 + .cra_flags = CRYPTO_ALG_ASYNC | 878 + CRYPTO_ALG_NEED_FALLBACK, 1073 879 .cra_blocksize = 1, 1074 880 .cra_ctxsize = sizeof(struct starfive_cryp_ctx), 1075 881 .cra_alignmask = 0xf, ··· 1088 892 .base.setauthsize = starfive_aes_gcm_setauthsize, 1089 893 .base.encrypt = starfive_aes_gcm_encrypt, 1090 894 .base.decrypt = starfive_aes_gcm_decrypt, 1091 - .base.init = starfive_aes_aead_init_tfm, 895 + .base.init = starfive_aes_gcm_init_tfm, 1092 896 .base.exit = starfive_aes_aead_exit_tfm, 1093 897 .base.ivsize = GCM_AES_IV_SIZE, 1094 898 .base.maxauthsize = AES_BLOCK_SIZE, ··· 1096 900 .cra_name = "gcm(aes)", 1097 901 .cra_driver_name = "starfive-gcm-aes", 1098 902 .cra_priority = 200, 1099 - .cra_flags = CRYPTO_ALG_ASYNC, 903 + .cra_flags = CRYPTO_ALG_ASYNC | 904 + CRYPTO_ALG_NEED_FALLBACK, 1100 905 .cra_blocksize = 1, 1101 906 .cra_ctxsize = sizeof(struct starfive_cryp_ctx), 1102 907 .cra_alignmask = 0xf, ··· 1111 914 .base.setauthsize = starfive_aes_ccm_setauthsize, 1112 915 .base.encrypt = starfive_aes_ccm_encrypt, 1113 916 .base.decrypt = starfive_aes_ccm_decrypt, 1114 - .base.init = starfive_aes_aead_init_tfm, 917 + .base.init = starfive_aes_ccm_init_tfm, 1115 918 .base.exit = starfive_aes_aead_exit_tfm, 1116 919 .base.ivsize = AES_BLOCK_SIZE, 1117 920 .base.maxauthsize = AES_BLOCK_SIZE,

-43

drivers/crypto/starfive/jh7110-cryp.c

··· 89 89 dma_release_channel(cryp->rx); 90 90 } 91 91 92 - static irqreturn_t starfive_cryp_irq(int irq, void *priv) 93 - { 94 - u32 status; 95 - u32 mask; 96 - struct starfive_cryp_dev *cryp = (struct starfive_cryp_dev *)priv; 97 - 98 - mask = readl(cryp->base + STARFIVE_IE_MASK_OFFSET); 99 - status = readl(cryp->base + STARFIVE_IE_FLAG_OFFSET); 100 - if (status & STARFIVE_IE_FLAG_AES_DONE) { 101 - mask |= STARFIVE_IE_MASK_AES_DONE; 102 - writel(mask, cryp->base + STARFIVE_IE_MASK_OFFSET); 103 - tasklet_schedule(&cryp->aes_done); 104 - } 105 - 106 - if (status & STARFIVE_IE_FLAG_HASH_DONE) { 107 - mask |= STARFIVE_IE_MASK_HASH_DONE; 108 - writel(mask, cryp->base + STARFIVE_IE_MASK_OFFSET); 109 - tasklet_schedule(&cryp->hash_done); 110 - } 111 - 112 - return IRQ_HANDLED; 113 - } 114 - 115 92 static int starfive_cryp_probe(struct platform_device *pdev) 116 93 { 117 94 struct starfive_cryp_dev *cryp; 118 95 struct resource *res; 119 - int irq; 120 96 int ret; 121 97 122 98 cryp = devm_kzalloc(&pdev->dev, sizeof(*cryp), GFP_KERNEL); ··· 106 130 if (IS_ERR(cryp->base)) 107 131 return dev_err_probe(&pdev->dev, PTR_ERR(cryp->base), 108 132 "Error remapping memory for platform device\n"); 109 - 110 - tasklet_init(&cryp->aes_done, starfive_aes_done_task, (unsigned long)cryp); 111 - tasklet_init(&cryp->hash_done, starfive_hash_done_task, (unsigned long)cryp); 112 133 113 134 cryp->phys_base = res->start; 114 135 cryp->dma_maxburst = 32; ··· 125 152 if (IS_ERR(cryp->rst)) 126 153 return dev_err_probe(&pdev->dev, PTR_ERR(cryp->rst), 127 154 "Error getting hardware reset line\n"); 128 - 129 - irq = platform_get_irq(pdev, 0); 130 - if (irq < 0) 131 - return irq; 132 - 133 - ret = devm_request_irq(&pdev->dev, irq, starfive_cryp_irq, 0, pdev->name, 134 - (void *)cryp); 135 - if (ret) 136 - return dev_err_probe(&pdev->dev, ret, 137 - "Failed to register interrupt handler\n"); 138 155 139 156 clk_prepare_enable(cryp->hclk); 140 157 clk_prepare_enable(cryp->ahb); ··· 182 219 clk_disable_unprepare(cryp->ahb); 183 220 reset_control_assert(cryp->rst); 184 221 185 - tasklet_kill(&cryp->aes_done); 186 - tasklet_kill(&cryp->hash_done); 187 - 188 222 return ret; 189 223 } 190 224 ··· 192 232 starfive_aes_unregister_algs(); 193 233 starfive_hash_unregister_algs(); 194 234 starfive_rsa_unregister_algs(); 195 - 196 - tasklet_kill(&cryp->aes_done); 197 - tasklet_kill(&cryp->hash_done); 198 235 199 236 crypto_engine_stop(cryp->engine); 200 237 crypto_engine_exit(cryp->engine);

+3 -7

drivers/crypto/starfive/jh7110-cryp.h

··· 91 91 #define STARFIVE_HASH_KEY_DONE BIT(13) 92 92 u32 key_done :1; 93 93 u32 key_flag :1; 94 + #define STARFIVE_HASH_HMAC_DONE BIT(15) 94 95 u32 hmac_done :1; 95 96 #define STARFIVE_HASH_BUSY BIT(16) 96 97 u32 busy :1; ··· 169 168 struct crypto_akcipher *akcipher_fbk; 170 169 struct crypto_ahash *ahash_fbk; 171 170 struct crypto_aead *aead_fbk; 171 + struct crypto_skcipher *skcipher_fbk; 172 172 }; 173 173 174 174 struct starfive_cryp_dev { ··· 187 185 struct dma_chan *rx; 188 186 struct dma_slave_config cfg_in; 189 187 struct dma_slave_config cfg_out; 190 - struct scatter_walk in_walk; 191 - struct scatter_walk out_walk; 192 188 struct crypto_engine *engine; 193 - struct tasklet_struct aes_done; 194 - struct tasklet_struct hash_done; 189 + struct completion dma_done; 195 190 size_t assoclen; 196 191 size_t total_in; 197 192 size_t total_out; ··· 235 236 236 237 int starfive_aes_register_algs(void); 237 238 void starfive_aes_unregister_algs(void); 238 - 239 - void starfive_hash_done_task(unsigned long param); 240 - void starfive_aes_done_task(unsigned long param); 241 239 #endif

+115 -170

drivers/crypto/starfive/jh7110-hash.c

··· 36 36 #define STARFIVE_HASH_BUFLEN SHA512_BLOCK_SIZE 37 37 #define STARFIVE_HASH_RESET 0x2 38 38 39 - static inline int starfive_hash_wait_busy(struct starfive_cryp_ctx *ctx) 39 + static inline int starfive_hash_wait_busy(struct starfive_cryp_dev *cryp) 40 40 { 41 - struct starfive_cryp_dev *cryp = ctx->cryp; 42 41 u32 status; 43 42 44 43 return readl_relaxed_poll_timeout(cryp->base + STARFIVE_HASH_SHACSR, status, 45 44 !(status & STARFIVE_HASH_BUSY), 10, 100000); 45 + } 46 + 47 + static inline int starfive_hash_wait_hmac_done(struct starfive_cryp_dev *cryp) 48 + { 49 + u32 status; 50 + 51 + return readl_relaxed_poll_timeout(cryp->base + STARFIVE_HASH_SHACSR, status, 52 + (status & STARFIVE_HASH_HMAC_DONE), 10, 100000); 46 53 } 47 54 48 55 static inline int starfive_hash_wait_key_done(struct starfive_cryp_ctx *ctx) ··· 91 84 return 0; 92 85 } 93 86 94 - static void starfive_hash_start(void *param) 87 + static void starfive_hash_start(struct starfive_cryp_dev *cryp) 95 88 { 96 - struct starfive_cryp_ctx *ctx = param; 97 - struct starfive_cryp_request_ctx *rctx = ctx->rctx; 98 - struct starfive_cryp_dev *cryp = ctx->cryp; 99 - union starfive_alg_cr alg_cr; 100 89 union starfive_hash_csr csr; 101 - u32 stat; 102 - 103 - dma_unmap_sg(cryp->dev, rctx->in_sg, rctx->in_sg_len, DMA_TO_DEVICE); 104 - 105 - alg_cr.v = 0; 106 - alg_cr.clear = 1; 107 - 108 - writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 109 90 110 91 csr.v = readl(cryp->base + STARFIVE_HASH_SHACSR); 111 92 csr.firstb = 0; 112 93 csr.final = 1; 113 - 114 - stat = readl(cryp->base + STARFIVE_IE_MASK_OFFSET); 115 - stat &= ~STARFIVE_IE_MASK_HASH_DONE; 116 - writel(stat, cryp->base + STARFIVE_IE_MASK_OFFSET); 117 94 writel(csr.v, cryp->base + STARFIVE_HASH_SHACSR); 118 95 } 119 96 120 - static int starfive_hash_xmit_dma(struct starfive_cryp_ctx *ctx) 97 + static void starfive_hash_dma_callback(void *param) 121 98 { 122 - struct starfive_cryp_request_ctx *rctx = ctx->rctx; 123 - struct starfive_cryp_dev *cryp = ctx->cryp; 124 - struct dma_async_tx_descriptor *in_desc; 125 - union starfive_alg_cr alg_cr; 126 - int total_len; 127 - int ret; 99 + struct starfive_cryp_dev *cryp = param; 128 100 129 - if (!rctx->total) { 130 - starfive_hash_start(ctx); 131 - return 0; 132 - } 101 + complete(&cryp->dma_done); 102 + } 133 103 134 - writel(rctx->total, cryp->base + STARFIVE_DMA_IN_LEN_OFFSET); 135 - 136 - total_len = rctx->total; 137 - total_len = (total_len & 0x3) ? (((total_len >> 2) + 1) << 2) : total_len; 138 - sg_dma_len(rctx->in_sg) = total_len; 139 - 140 - alg_cr.v = 0; 141 - alg_cr.start = 1; 142 - alg_cr.hash_dma_en = 1; 143 - 144 - writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 145 - 146 - ret = dma_map_sg(cryp->dev, rctx->in_sg, rctx->in_sg_len, DMA_TO_DEVICE); 147 - if (!ret) 148 - return dev_err_probe(cryp->dev, -EINVAL, "dma_map_sg() error\n"); 149 - 150 - cryp->cfg_in.direction = DMA_MEM_TO_DEV; 151 - cryp->cfg_in.src_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 104 + static void starfive_hash_dma_init(struct starfive_cryp_dev *cryp) 105 + { 106 + cryp->cfg_in.src_addr_width = DMA_SLAVE_BUSWIDTH_16_BYTES; 152 107 cryp->cfg_in.dst_addr_width = DMA_SLAVE_BUSWIDTH_4_BYTES; 153 108 cryp->cfg_in.src_maxburst = cryp->dma_maxburst; 154 109 cryp->cfg_in.dst_maxburst = cryp->dma_maxburst; ··· 118 149 119 150 dmaengine_slave_config(cryp->tx, &cryp->cfg_in); 120 151 121 - in_desc = dmaengine_prep_slave_sg(cryp->tx, rctx->in_sg, 122 - ret, DMA_MEM_TO_DEV, 123 - DMA_PREP_INTERRUPT | DMA_CTRL_ACK); 152 + init_completion(&cryp->dma_done); 153 + } 124 154 125 - if (!in_desc) 126 - return -EINVAL; 155 + static int starfive_hash_dma_xfer(struct starfive_cryp_dev *cryp, 156 + struct scatterlist *sg) 157 + { 158 + struct dma_async_tx_descriptor *in_desc; 159 + union starfive_alg_cr alg_cr; 160 + int ret = 0; 127 161 128 - in_desc->callback = starfive_hash_start; 129 - in_desc->callback_param = ctx; 162 + alg_cr.v = 0; 163 + alg_cr.start = 1; 164 + alg_cr.hash_dma_en = 1; 165 + writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 166 + 167 + writel(sg_dma_len(sg), cryp->base + STARFIVE_DMA_IN_LEN_OFFSET); 168 + sg_dma_len(sg) = ALIGN(sg_dma_len(sg), sizeof(u32)); 169 + 170 + in_desc = dmaengine_prep_slave_sg(cryp->tx, sg, 1, DMA_MEM_TO_DEV, 171 + DMA_PREP_INTERRUPT | DMA_CTRL_ACK); 172 + if (!in_desc) { 173 + ret = -EINVAL; 174 + goto end; 175 + } 176 + 177 + reinit_completion(&cryp->dma_done); 178 + in_desc->callback = starfive_hash_dma_callback; 179 + in_desc->callback_param = cryp; 130 180 131 181 dmaengine_submit(in_desc); 132 182 dma_async_issue_pending(cryp->tx); 133 183 134 - return 0; 135 - } 184 + if (!wait_for_completion_timeout(&cryp->dma_done, 185 + msecs_to_jiffies(1000))) 186 + ret = -ETIMEDOUT; 136 187 137 - static int starfive_hash_xmit(struct starfive_cryp_ctx *ctx) 138 - { 139 - struct starfive_cryp_request_ctx *rctx = ctx->rctx; 140 - struct starfive_cryp_dev *cryp = ctx->cryp; 141 - int ret = 0; 188 + end: 189 + alg_cr.v = 0; 190 + alg_cr.clear = 1; 191 + writel(alg_cr.v, cryp->base + STARFIVE_ALG_CR_OFFSET); 142 192 143 - rctx->csr.hash.v = 0; 144 - rctx->csr.hash.reset = 1; 145 - writel(rctx->csr.hash.v, cryp->base + STARFIVE_HASH_SHACSR); 146 - 147 - if (starfive_hash_wait_busy(ctx)) 148 - return dev_err_probe(cryp->dev, -ETIMEDOUT, "Error resetting engine.\n"); 149 - 150 - rctx->csr.hash.v = 0; 151 - rctx->csr.hash.mode = ctx->hash_mode; 152 - rctx->csr.hash.ie = 1; 153 - 154 - if (ctx->is_hmac) { 155 - ret = starfive_hash_hmac_key(ctx); 156 - if (ret) 157 - return ret; 158 - } else { 159 - rctx->csr.hash.start = 1; 160 - rctx->csr.hash.firstb = 1; 161 - writel(rctx->csr.hash.v, cryp->base + STARFIVE_HASH_SHACSR); 162 - } 163 - 164 - return starfive_hash_xmit_dma(ctx); 193 + return ret; 165 194 } 166 195 167 196 static int starfive_hash_copy_hash(struct ahash_request *req) ··· 182 215 return 0; 183 216 } 184 217 185 - void starfive_hash_done_task(unsigned long param) 218 + static void starfive_hash_done_task(struct starfive_cryp_dev *cryp) 186 219 { 187 - struct starfive_cryp_dev *cryp = (struct starfive_cryp_dev *)param; 188 220 int err = cryp->err; 189 221 190 222 if (!err) 191 223 err = starfive_hash_copy_hash(cryp->req.hreq); 192 224 193 - /* Reset to clear hash_done in irq register*/ 194 - writel(STARFIVE_HASH_RESET, cryp->base + STARFIVE_HASH_SHACSR); 195 - 196 225 crypto_finalize_hash_request(cryp->engine, cryp->req.hreq, err); 197 - } 198 - 199 - static int starfive_hash_check_aligned(struct scatterlist *sg, size_t total, size_t align) 200 - { 201 - int len = 0; 202 - 203 - if (!total) 204 - return 0; 205 - 206 - if (!IS_ALIGNED(total, align)) 207 - return -EINVAL; 208 - 209 - while (sg) { 210 - if (!IS_ALIGNED(sg->offset, sizeof(u32))) 211 - return -EINVAL; 212 - 213 - if (!IS_ALIGNED(sg->length, align)) 214 - return -EINVAL; 215 - 216 - len += sg->length; 217 - sg = sg_next(sg); 218 - } 219 - 220 - if (len != total) 221 - return -EINVAL; 222 - 223 - return 0; 224 226 } 225 227 226 228 static int starfive_hash_one_request(struct crypto_engine *engine, void *areq) ··· 197 261 struct ahash_request *req = container_of(areq, struct ahash_request, 198 262 base); 199 263 struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 264 + struct starfive_cryp_request_ctx *rctx = ctx->rctx; 200 265 struct starfive_cryp_dev *cryp = ctx->cryp; 266 + struct scatterlist *tsg; 267 + int ret, src_nents, i; 201 268 202 - if (!cryp) 203 - return -ENODEV; 269 + writel(STARFIVE_HASH_RESET, cryp->base + STARFIVE_HASH_SHACSR); 204 270 205 - return starfive_hash_xmit(ctx); 271 + if (starfive_hash_wait_busy(cryp)) 272 + return dev_err_probe(cryp->dev, -ETIMEDOUT, "Error resetting hardware\n"); 273 + 274 + rctx->csr.hash.v = 0; 275 + rctx->csr.hash.mode = ctx->hash_mode; 276 + 277 + if (ctx->is_hmac) { 278 + ret = starfive_hash_hmac_key(ctx); 279 + if (ret) 280 + return ret; 281 + } else { 282 + rctx->csr.hash.start = 1; 283 + rctx->csr.hash.firstb = 1; 284 + writel(rctx->csr.hash.v, cryp->base + STARFIVE_HASH_SHACSR); 285 + } 286 + 287 + /* No input message, get digest and end. */ 288 + if (!rctx->total) 289 + goto hash_start; 290 + 291 + starfive_hash_dma_init(cryp); 292 + 293 + for_each_sg(rctx->in_sg, tsg, rctx->in_sg_len, i) { 294 + src_nents = dma_map_sg(cryp->dev, tsg, 1, DMA_TO_DEVICE); 295 + if (src_nents == 0) 296 + return dev_err_probe(cryp->dev, -ENOMEM, 297 + "dma_map_sg error\n"); 298 + 299 + ret = starfive_hash_dma_xfer(cryp, tsg); 300 + dma_unmap_sg(cryp->dev, tsg, 1, DMA_TO_DEVICE); 301 + if (ret) 302 + return ret; 303 + } 304 + 305 + hash_start: 306 + starfive_hash_start(cryp); 307 + 308 + if (starfive_hash_wait_busy(cryp)) 309 + return dev_err_probe(cryp->dev, -ETIMEDOUT, "Error generating digest\n"); 310 + 311 + if (ctx->is_hmac) 312 + cryp->err = starfive_hash_wait_hmac_done(cryp); 313 + 314 + starfive_hash_done_task(cryp); 315 + 316 + return 0; 206 317 } 207 318 208 319 static int starfive_hash_init(struct ahash_request *req) ··· 320 337 return crypto_ahash_finup(&rctx->ahash_fbk_req); 321 338 } 322 339 323 - static int starfive_hash_digest_fb(struct ahash_request *req) 324 - { 325 - struct starfive_cryp_request_ctx *rctx = ahash_request_ctx(req); 326 - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 327 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(tfm); 328 - 329 - ahash_request_set_tfm(&rctx->ahash_fbk_req, ctx->ahash_fbk); 330 - ahash_request_set_callback(&rctx->ahash_fbk_req, req->base.flags, 331 - req->base.complete, req->base.data); 332 - 333 - ahash_request_set_crypt(&rctx->ahash_fbk_req, req->src, 334 - req->result, req->nbytes); 335 - 336 - return crypto_ahash_digest(&rctx->ahash_fbk_req); 337 - } 338 - 339 340 static int starfive_hash_digest(struct ahash_request *req) 340 341 { 341 342 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); ··· 336 369 rctx->digsize = crypto_ahash_digestsize(tfm); 337 370 rctx->in_sg_len = sg_nents_for_len(rctx->in_sg, rctx->total); 338 371 ctx->rctx = rctx; 339 - 340 - if (starfive_hash_check_aligned(rctx->in_sg, rctx->total, rctx->blksize)) 341 - return starfive_hash_digest_fb(req); 342 372 343 373 return crypto_transfer_hash_request_to_engine(cryp->engine, req); 344 374 } ··· 370 406 371 407 static int starfive_hash_init_tfm(struct crypto_ahash *hash, 372 408 const char *alg_name, 373 - unsigned int mode) 409 + unsigned int mode, 410 + bool is_hmac) 374 411 { 375 412 struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 376 413 ··· 391 426 crypto_ahash_set_reqsize(hash, sizeof(struct starfive_cryp_request_ctx) + 392 427 crypto_ahash_reqsize(ctx->ahash_fbk)); 393 428 394 - ctx->keylen = 0; 429 + ctx->is_hmac = is_hmac; 395 430 ctx->hash_mode = mode; 396 431 397 432 return 0; ··· 494 529 static int starfive_sha224_init_tfm(struct crypto_ahash *hash) 495 530 { 496 531 return starfive_hash_init_tfm(hash, "sha224-generic", 497 - STARFIVE_HASH_SHA224); 532 + STARFIVE_HASH_SHA224, 0); 498 533 } 499 534 500 535 static int starfive_sha256_init_tfm(struct crypto_ahash *hash) 501 536 { 502 537 return starfive_hash_init_tfm(hash, "sha256-generic", 503 - STARFIVE_HASH_SHA256); 538 + STARFIVE_HASH_SHA256, 0); 504 539 } 505 540 506 541 static int starfive_sha384_init_tfm(struct crypto_ahash *hash) 507 542 { 508 543 return starfive_hash_init_tfm(hash, "sha384-generic", 509 - STARFIVE_HASH_SHA384); 544 + STARFIVE_HASH_SHA384, 0); 510 545 } 511 546 512 547 static int starfive_sha512_init_tfm(struct crypto_ahash *hash) 513 548 { 514 549 return starfive_hash_init_tfm(hash, "sha512-generic", 515 - STARFIVE_HASH_SHA512); 550 + STARFIVE_HASH_SHA512, 0); 516 551 } 517 552 518 553 static int starfive_sm3_init_tfm(struct crypto_ahash *hash) 519 554 { 520 555 return starfive_hash_init_tfm(hash, "sm3-generic", 521 - STARFIVE_HASH_SM3); 556 + STARFIVE_HASH_SM3, 0); 522 557 } 523 558 524 559 static int starfive_hmac_sha224_init_tfm(struct crypto_ahash *hash) 525 560 { 526 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 527 - 528 - ctx->is_hmac = true; 529 - 530 561 return starfive_hash_init_tfm(hash, "hmac(sha224-generic)", 531 - STARFIVE_HASH_SHA224); 562 + STARFIVE_HASH_SHA224, 1); 532 563 } 533 564 534 565 static int starfive_hmac_sha256_init_tfm(struct crypto_ahash *hash) 535 566 { 536 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 537 - 538 - ctx->is_hmac = true; 539 - 540 567 return starfive_hash_init_tfm(hash, "hmac(sha256-generic)", 541 - STARFIVE_HASH_SHA256); 568 + STARFIVE_HASH_SHA256, 1); 542 569 } 543 570 544 571 static int starfive_hmac_sha384_init_tfm(struct crypto_ahash *hash) 545 572 { 546 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 547 - 548 - ctx->is_hmac = true; 549 - 550 573 return starfive_hash_init_tfm(hash, "hmac(sha384-generic)", 551 - STARFIVE_HASH_SHA384); 574 + STARFIVE_HASH_SHA384, 1); 552 575 } 553 576 554 577 static int starfive_hmac_sha512_init_tfm(struct crypto_ahash *hash) 555 578 { 556 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 557 - 558 - ctx->is_hmac = true; 559 - 560 579 return starfive_hash_init_tfm(hash, "hmac(sha512-generic)", 561 - STARFIVE_HASH_SHA512); 580 + STARFIVE_HASH_SHA512, 1); 562 581 } 563 582 564 583 static int starfive_hmac_sm3_init_tfm(struct crypto_ahash *hash) 565 584 { 566 - struct starfive_cryp_ctx *ctx = crypto_ahash_ctx(hash); 567 - 568 - ctx->is_hmac = true; 569 - 570 585 return starfive_hash_init_tfm(hash, "hmac(sm3-generic)", 571 - STARFIVE_HASH_SM3); 586 + STARFIVE_HASH_SM3, 1); 572 587 } 573 588 574 589 static struct ahash_engine_alg algs_sha2_sm3[] = {

+7 -7

drivers/crypto/starfive/jh7110-rsa.c

··· 45 45 46 46 static void starfive_rsa_free_key(struct starfive_rsa_key *key) 47 47 { 48 + if (!key->key_sz) 49 + return; 50 + 48 51 kfree_sensitive(key->d); 49 52 kfree_sensitive(key->e); 50 53 kfree_sensitive(key->n); ··· 276 273 277 274 err_rsa_crypt: 278 275 writel(STARFIVE_RSA_RESET, cryp->base + STARFIVE_PKA_CACR_OFFSET); 279 - kfree(rctx->rsa_data); 280 276 return ret; 281 277 } 282 278 ··· 536 534 { 537 535 struct starfive_cryp_ctx *ctx = akcipher_tfm_ctx(tfm); 538 536 537 + ctx->cryp = starfive_cryp_find_dev(ctx); 538 + if (!ctx->cryp) 539 + return -ENODEV; 540 + 539 541 ctx->akcipher_fbk = crypto_alloc_akcipher("rsa-generic", 0, 0); 540 542 if (IS_ERR(ctx->akcipher_fbk)) 541 543 return PTR_ERR(ctx->akcipher_fbk); 542 - 543 - ctx->cryp = starfive_cryp_find_dev(ctx); 544 - if (!ctx->cryp) { 545 - crypto_free_akcipher(ctx->akcipher_fbk); 546 - return -ENODEV; 547 - } 548 544 549 545 akcipher_set_reqsize(tfm, sizeof(struct starfive_cryp_request_ctx) + 550 546 sizeof(struct crypto_akcipher) + 32);

+448 -122

drivers/crypto/stm32/stm32-hash.c

··· 94 94 #define HASH_FLAGS_ERRORS BIT(21) 95 95 #define HASH_FLAGS_EMPTY BIT(22) 96 96 #define HASH_FLAGS_HMAC BIT(23) 97 + #define HASH_FLAGS_SGS_COPIED BIT(24) 97 98 98 99 #define HASH_OP_UPDATE 1 99 100 #define HASH_OP_FINAL 2 ··· 146 145 u16 bufcnt; 147 146 u16 blocklen; 148 147 149 - u8 buffer[HASH_BUFLEN] __aligned(4); 148 + u8 buffer[HASH_BUFLEN] __aligned(sizeof(u32)); 150 149 151 150 /* hash state */ 152 151 u32 hw_context[3 + HASH_CSR_NB_MAX]; ··· 159 158 u8 digest[SHA512_DIGEST_SIZE] __aligned(sizeof(u32)); 160 159 size_t digcnt; 161 160 162 - /* DMA */ 163 161 struct scatterlist *sg; 162 + struct scatterlist sgl[2]; /* scatterlist used to realize alignment */ 164 163 unsigned int offset; 165 164 unsigned int total; 166 165 struct scatterlist sg_key; ··· 185 184 size_t algs_info_size; 186 185 bool has_sr; 187 186 bool has_mdmat; 187 + bool context_secured; 188 188 bool broken_emptymsg; 189 189 bool ux500; 190 190 }; ··· 197 195 struct reset_control *rst; 198 196 void __iomem *io_base; 199 197 phys_addr_t phys_base; 198 + u8 xmit_buf[HASH_BUFLEN] __aligned(sizeof(u32)); 200 199 u32 dma_mode; 201 200 bool polled; 202 201 ··· 223 220 }; 224 221 225 222 static void stm32_hash_dma_callback(void *param); 223 + static int stm32_hash_prepare_request(struct ahash_request *req); 224 + static void stm32_hash_unprepare_request(struct ahash_request *req); 226 225 227 226 static inline u32 stm32_hash_read(struct stm32_hash_dev *hdev, u32 offset) 228 227 { ··· 237 232 writel_relaxed(value, hdev->io_base + offset); 238 233 } 239 234 235 + /** 236 + * stm32_hash_wait_busy - wait until hash processor is available. It return an 237 + * error if the hash core is processing a block of data for more than 10 ms. 238 + * @hdev: the stm32_hash_dev device. 239 + */ 240 240 static inline int stm32_hash_wait_busy(struct stm32_hash_dev *hdev) 241 241 { 242 242 u32 status; ··· 255 245 !(status & HASH_SR_BUSY), 10, 10000); 256 246 } 257 247 248 + /** 249 + * stm32_hash_set_nblw - set the number of valid bytes in the last word. 250 + * @hdev: the stm32_hash_dev device. 251 + * @length: the length of the final word. 252 + */ 258 253 static void stm32_hash_set_nblw(struct stm32_hash_dev *hdev, int length) 259 254 { 260 255 u32 reg; ··· 297 282 return 0; 298 283 } 299 284 285 + /** 286 + * stm32_hash_write_ctrl - Initialize the hash processor, only if 287 + * HASH_FLAGS_INIT is set. 288 + * @hdev: the stm32_hash_dev device 289 + */ 300 290 static void stm32_hash_write_ctrl(struct stm32_hash_dev *hdev) 301 291 { 302 292 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); ··· 489 469 { 490 470 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 491 471 struct stm32_hash_state *state = &rctx->state; 492 - u32 *preg = state->hw_context; 493 472 int bufcnt, err = 0, final; 494 - int i, swap_reg; 495 473 496 474 dev_dbg(hdev->dev, "%s flags %x\n", __func__, state->flags); 497 475 ··· 513 495 return stm32_hash_xmit_cpu(hdev, state->buffer, bufcnt, 1); 514 496 } 515 497 516 - if (!(hdev->flags & HASH_FLAGS_INIT)) 517 - return 0; 518 - 519 - if (stm32_hash_wait_busy(hdev)) 520 - return -ETIMEDOUT; 521 - 522 - swap_reg = hash_swap_reg(rctx); 523 - 524 - if (!hdev->pdata->ux500) 525 - *preg++ = stm32_hash_read(hdev, HASH_IMR); 526 - *preg++ = stm32_hash_read(hdev, HASH_STR); 527 - *preg++ = stm32_hash_read(hdev, HASH_CR); 528 - for (i = 0; i < swap_reg; i++) 529 - *preg++ = stm32_hash_read(hdev, HASH_CSR(i)); 530 - 531 - state->flags |= HASH_FLAGS_INIT; 532 - 533 498 return err; 534 499 } 535 500 536 501 static int stm32_hash_xmit_dma(struct stm32_hash_dev *hdev, 537 - struct scatterlist *sg, int length, int mdma) 502 + struct scatterlist *sg, int length, int mdmat) 538 503 { 539 504 struct dma_async_tx_descriptor *in_desc; 540 505 dma_cookie_t cookie; 541 506 u32 reg; 542 507 int err; 508 + 509 + dev_dbg(hdev->dev, "%s mdmat: %x length: %d\n", __func__, mdmat, length); 510 + 511 + /* do not use dma if there is no data to send */ 512 + if (length <= 0) 513 + return 0; 543 514 544 515 in_desc = dmaengine_prep_slave_sg(hdev->dma_lch, sg, 1, 545 516 DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT | ··· 542 535 in_desc->callback = stm32_hash_dma_callback; 543 536 in_desc->callback_param = hdev; 544 537 545 - hdev->flags |= HASH_FLAGS_FINAL; 546 538 hdev->flags |= HASH_FLAGS_DMA_ACTIVE; 547 539 548 540 reg = stm32_hash_read(hdev, HASH_CR); 549 541 550 542 if (hdev->pdata->has_mdmat) { 551 - if (mdma) 543 + if (mdmat) 552 544 reg |= HASH_CR_MDMAT; 553 545 else 554 546 reg &= ~HASH_CR_MDMAT; ··· 556 550 557 551 stm32_hash_write(hdev, HASH_CR, reg); 558 552 559 - stm32_hash_set_nblw(hdev, length); 560 553 561 554 cookie = dmaengine_submit(in_desc); 562 555 err = dma_submit_error(cookie); ··· 595 590 struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 596 591 int err; 597 592 598 - if (ctx->keylen < rctx->state.blocklen || hdev->dma_mode == 1) { 593 + if (ctx->keylen < rctx->state.blocklen || hdev->dma_mode > 0) { 599 594 err = stm32_hash_write_key(hdev); 600 595 if (stm32_hash_wait_busy(hdev)) 601 596 return -ETIMEDOUT; ··· 660 655 struct scatterlist sg[1], *tsg; 661 656 int err = 0, reg, ncp = 0; 662 657 unsigned int i, len = 0, bufcnt = 0; 658 + bool final = hdev->flags & HASH_FLAGS_FINAL; 663 659 bool is_last = false; 660 + u32 last_word; 664 661 665 - rctx->sg = hdev->req->src; 666 - rctx->total = hdev->req->nbytes; 662 + dev_dbg(hdev->dev, "%s total: %d bufcnt: %d final: %d\n", 663 + __func__, rctx->total, rctx->state.bufcnt, final); 667 664 668 - rctx->nents = sg_nents(rctx->sg); 669 665 if (rctx->nents < 0) 670 666 return -EINVAL; 671 667 672 668 stm32_hash_write_ctrl(hdev); 673 669 674 - if (hdev->flags & HASH_FLAGS_HMAC) { 670 + if (hdev->flags & HASH_FLAGS_HMAC && (!(hdev->flags & HASH_FLAGS_HMAC_KEY))) { 671 + hdev->flags |= HASH_FLAGS_HMAC_KEY; 675 672 err = stm32_hash_hmac_dma_send(hdev); 676 673 if (err != -EINPROGRESS) 677 674 return err; ··· 684 677 len = sg->length; 685 678 686 679 if (sg_is_last(sg) || (bufcnt + sg[0].length) >= rctx->total) { 687 - sg->length = rctx->total - bufcnt; 688 - is_last = true; 689 - if (hdev->dma_mode == 1) { 690 - len = (ALIGN(sg->length, 16) - 16); 691 - 692 - ncp = sg_pcopy_to_buffer( 693 - rctx->sg, rctx->nents, 694 - rctx->state.buffer, sg->length - len, 695 - rctx->total - sg->length + len); 696 - 697 - sg->length = len; 680 + if (!final) { 681 + /* Always manually put the last word of a non-final transfer. */ 682 + len -= sizeof(u32); 683 + sg_pcopy_to_buffer(rctx->sg, rctx->nents, &last_word, 4, len); 684 + sg->length -= sizeof(u32); 698 685 } else { 699 - if (!(IS_ALIGNED(sg->length, sizeof(u32)))) { 700 - len = sg->length; 701 - sg->length = ALIGN(sg->length, 702 - sizeof(u32)); 686 + /* 687 + * In Multiple DMA mode, DMA must be aborted before the final 688 + * transfer. 689 + */ 690 + sg->length = rctx->total - bufcnt; 691 + if (hdev->dma_mode > 0) { 692 + len = (ALIGN(sg->length, 16) - 16); 693 + 694 + ncp = sg_pcopy_to_buffer(rctx->sg, rctx->nents, 695 + rctx->state.buffer, 696 + sg->length - len, 697 + rctx->total - sg->length + len); 698 + 699 + if (!len) 700 + break; 701 + 702 + sg->length = len; 703 + } else { 704 + is_last = true; 705 + if (!(IS_ALIGNED(sg->length, sizeof(u32)))) { 706 + len = sg->length; 707 + sg->length = ALIGN(sg->length, 708 + sizeof(u32)); 709 + } 703 710 } 704 711 } 705 712 } ··· 727 706 728 707 err = stm32_hash_xmit_dma(hdev, sg, len, !is_last); 729 708 709 + /* The last word of a non final transfer is sent manually. */ 710 + if (!final) { 711 + stm32_hash_write(hdev, HASH_DIN, last_word); 712 + len += sizeof(u32); 713 + } 714 + 715 + rctx->total -= len; 716 + 730 717 bufcnt += sg[0].length; 731 718 dma_unmap_sg(hdev->dev, sg, 1, DMA_TO_DEVICE); 732 719 733 - if (err == -ENOMEM) 720 + if (err == -ENOMEM || err == -ETIMEDOUT) 734 721 return err; 735 722 if (is_last) 736 723 break; 737 724 } 738 725 739 - if (hdev->dma_mode == 1) { 740 - if (stm32_hash_wait_busy(hdev)) 741 - return -ETIMEDOUT; 742 - reg = stm32_hash_read(hdev, HASH_CR); 743 - reg &= ~HASH_CR_DMAE; 744 - reg |= HASH_CR_DMAA; 745 - stm32_hash_write(hdev, HASH_CR, reg); 726 + /* 727 + * When the second last block transfer of 4 words is performed by the DMA, 728 + * the software must set the DMA Abort bit (DMAA) to 1 before completing the 729 + * last transfer of 4 words or less. 730 + */ 731 + if (final) { 732 + if (hdev->dma_mode > 0) { 733 + if (stm32_hash_wait_busy(hdev)) 734 + return -ETIMEDOUT; 735 + reg = stm32_hash_read(hdev, HASH_CR); 736 + reg &= ~HASH_CR_DMAE; 737 + reg |= HASH_CR_DMAA; 738 + stm32_hash_write(hdev, HASH_CR, reg); 746 739 747 - if (ncp) { 748 - memset(buffer + ncp, 0, 749 - DIV_ROUND_UP(ncp, sizeof(u32)) - ncp); 750 - writesl(hdev->io_base + HASH_DIN, buffer, 751 - DIV_ROUND_UP(ncp, sizeof(u32))); 740 + if (ncp) { 741 + memset(buffer + ncp, 0, 4 - DIV_ROUND_UP(ncp, sizeof(u32))); 742 + writesl(hdev->io_base + HASH_DIN, buffer, 743 + DIV_ROUND_UP(ncp, sizeof(u32))); 744 + } 745 + 746 + stm32_hash_set_nblw(hdev, ncp); 747 + reg = stm32_hash_read(hdev, HASH_STR); 748 + reg |= HASH_STR_DCAL; 749 + stm32_hash_write(hdev, HASH_STR, reg); 750 + err = -EINPROGRESS; 752 751 } 753 - stm32_hash_set_nblw(hdev, ncp); 754 - reg = stm32_hash_read(hdev, HASH_STR); 755 - reg |= HASH_STR_DCAL; 756 - stm32_hash_write(hdev, HASH_STR, reg); 757 - err = -EINPROGRESS; 752 + 753 + /* 754 + * The hash processor needs the key to be loaded a second time in order 755 + * to process the HMAC. 756 + */ 757 + if (hdev->flags & HASH_FLAGS_HMAC) { 758 + if (stm32_hash_wait_busy(hdev)) 759 + return -ETIMEDOUT; 760 + err = stm32_hash_hmac_dma_send(hdev); 761 + } 762 + 763 + return err; 758 764 } 759 765 760 - if (hdev->flags & HASH_FLAGS_HMAC) { 761 - if (stm32_hash_wait_busy(hdev)) 762 - return -ETIMEDOUT; 763 - err = stm32_hash_hmac_dma_send(hdev); 764 - } 766 + if (err != -EINPROGRESS) 767 + return err; 765 768 766 - return err; 769 + return 0; 767 770 } 768 771 769 772 static struct stm32_hash_dev *stm32_hash_find_dev(struct stm32_hash_ctx *ctx) ··· 810 765 return hdev; 811 766 } 812 767 813 - static bool stm32_hash_dma_aligned_data(struct ahash_request *req) 814 - { 815 - struct scatterlist *sg; 816 - struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 817 - struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 818 - struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 819 - int i; 820 - 821 - if (!hdev->dma_lch || req->nbytes <= rctx->state.blocklen) 822 - return false; 823 - 824 - if (sg_nents(req->src) > 1) { 825 - if (hdev->dma_mode == 1) 826 - return false; 827 - for_each_sg(req->src, sg, sg_nents(req->src), i) { 828 - if ((!IS_ALIGNED(sg->length, sizeof(u32))) && 829 - (!sg_is_last(sg))) 830 - return false; 831 - } 832 - } 833 - 834 - if (req->src->offset % 4) 835 - return false; 836 - 837 - return true; 838 - } 839 - 840 768 static int stm32_hash_init(struct ahash_request *req) 841 769 { 842 770 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); ··· 820 802 bool sha3_mode = ctx->flags & HASH_FLAGS_SHA3_MODE; 821 803 822 804 rctx->hdev = hdev; 805 + state->flags = 0; 823 806 824 - state->flags = HASH_FLAGS_CPU; 807 + if (!(hdev->dma_lch && hdev->pdata->has_mdmat)) 808 + state->flags |= HASH_FLAGS_CPU; 825 809 826 810 if (sha3_mode) 827 811 state->flags |= HASH_FLAGS_SHA3_MODE; ··· 877 857 dev_err(hdev->dev, "Error, block too large"); 878 858 return -EINVAL; 879 859 } 860 + rctx->nents = 0; 880 861 rctx->total = 0; 881 862 rctx->offset = 0; 882 863 rctx->data_type = HASH_DATA_8_BITS; ··· 895 874 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(hdev->req); 896 875 struct stm32_hash_state *state = &rctx->state; 897 876 877 + dev_dbg(hdev->dev, "update_req: total: %u, digcnt: %zd, final: 0", 878 + rctx->total, rctx->digcnt); 879 + 898 880 if (!(state->flags & HASH_FLAGS_CPU)) 899 881 return stm32_hash_dma_send(hdev); 900 882 ··· 910 886 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 911 887 struct stm32_hash_state *state = &rctx->state; 912 888 int buflen = state->bufcnt; 889 + 890 + if (!(state->flags & HASH_FLAGS_CPU)) { 891 + hdev->flags |= HASH_FLAGS_FINAL; 892 + return stm32_hash_dma_send(hdev); 893 + } 913 894 914 895 if (state->flags & HASH_FLAGS_FINUP) 915 896 return stm32_hash_update_req(hdev); ··· 997 968 static void stm32_hash_finish_req(struct ahash_request *req, int err) 998 969 { 999 970 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 971 + struct stm32_hash_state *state = &rctx->state; 1000 972 struct stm32_hash_dev *hdev = rctx->hdev; 973 + 974 + if (hdev->flags & HASH_FLAGS_DMA_ACTIVE) 975 + state->flags |= HASH_FLAGS_DMA_ACTIVE; 976 + else 977 + state->flags &= ~HASH_FLAGS_DMA_ACTIVE; 1001 978 1002 979 if (!err && (HASH_FLAGS_FINAL & hdev->flags)) { 1003 980 stm32_hash_copy_hash(req); 1004 981 err = stm32_hash_finish(req); 1005 982 } 1006 983 1007 - pm_runtime_mark_last_busy(hdev->dev); 1008 - pm_runtime_put_autosuspend(hdev->dev); 984 + /* Finalized request mist be unprepared here */ 985 + stm32_hash_unprepare_request(req); 1009 986 1010 987 crypto_finalize_hash_request(hdev->engine, req, err); 1011 988 } ··· 1041 1006 1042 1007 pm_runtime_get_sync(hdev->dev); 1043 1008 1009 + err = stm32_hash_prepare_request(req); 1010 + if (err) 1011 + return err; 1012 + 1044 1013 hdev->req = req; 1045 1014 hdev->flags = 0; 1046 1015 swap_reg = hash_swap_reg(rctx); ··· 1069 1030 if (state->flags & HASH_FLAGS_HMAC) 1070 1031 hdev->flags |= HASH_FLAGS_HMAC | 1071 1032 HASH_FLAGS_HMAC_KEY; 1033 + 1034 + if (state->flags & HASH_FLAGS_CPU) 1035 + hdev->flags |= HASH_FLAGS_CPU; 1036 + 1037 + if (state->flags & HASH_FLAGS_DMA_ACTIVE) 1038 + hdev->flags |= HASH_FLAGS_DMA_ACTIVE; 1072 1039 } 1073 1040 1074 1041 if (rctx->op == HASH_OP_UPDATE) ··· 1099 1054 return 0; 1100 1055 } 1101 1056 1057 + static int stm32_hash_copy_sgs(struct stm32_hash_request_ctx *rctx, 1058 + struct scatterlist *sg, int bs, 1059 + unsigned int new_len) 1060 + { 1061 + struct stm32_hash_state *state = &rctx->state; 1062 + int pages; 1063 + void *buf; 1064 + 1065 + pages = get_order(new_len); 1066 + 1067 + buf = (void *)__get_free_pages(GFP_ATOMIC, pages); 1068 + if (!buf) { 1069 + pr_err("Couldn't allocate pages for unaligned cases.\n"); 1070 + return -ENOMEM; 1071 + } 1072 + 1073 + if (state->bufcnt) 1074 + memcpy(buf, rctx->hdev->xmit_buf, state->bufcnt); 1075 + 1076 + scatterwalk_map_and_copy(buf + state->bufcnt, sg, rctx->offset, 1077 + min(new_len, rctx->total) - state->bufcnt, 0); 1078 + sg_init_table(rctx->sgl, 1); 1079 + sg_set_buf(rctx->sgl, buf, new_len); 1080 + rctx->sg = rctx->sgl; 1081 + state->flags |= HASH_FLAGS_SGS_COPIED; 1082 + rctx->nents = 1; 1083 + rctx->offset += new_len - state->bufcnt; 1084 + state->bufcnt = 0; 1085 + rctx->total = new_len; 1086 + 1087 + return 0; 1088 + } 1089 + 1090 + static int stm32_hash_align_sgs(struct scatterlist *sg, 1091 + int nbytes, int bs, bool init, bool final, 1092 + struct stm32_hash_request_ctx *rctx) 1093 + { 1094 + struct stm32_hash_state *state = &rctx->state; 1095 + struct stm32_hash_dev *hdev = rctx->hdev; 1096 + struct scatterlist *sg_tmp = sg; 1097 + int offset = rctx->offset; 1098 + int new_len; 1099 + int n = 0; 1100 + int bufcnt = state->bufcnt; 1101 + bool secure_ctx = hdev->pdata->context_secured; 1102 + bool aligned = true; 1103 + 1104 + if (!sg || !sg->length || !nbytes) { 1105 + if (bufcnt) { 1106 + bufcnt = DIV_ROUND_UP(bufcnt, bs) * bs; 1107 + sg_init_table(rctx->sgl, 1); 1108 + sg_set_buf(rctx->sgl, rctx->hdev->xmit_buf, bufcnt); 1109 + rctx->sg = rctx->sgl; 1110 + rctx->nents = 1; 1111 + } 1112 + 1113 + return 0; 1114 + } 1115 + 1116 + new_len = nbytes; 1117 + 1118 + if (offset) 1119 + aligned = false; 1120 + 1121 + if (final) { 1122 + new_len = DIV_ROUND_UP(new_len, bs) * bs; 1123 + } else { 1124 + new_len = (new_len - 1) / bs * bs; // return n block - 1 block 1125 + 1126 + /* 1127 + * Context save in some version of HASH IP can only be done when the 1128 + * FIFO is ready to get a new block. This implies to send n block plus a 1129 + * 32 bit word in the first DMA send. 1130 + */ 1131 + if (init && secure_ctx) { 1132 + new_len += sizeof(u32); 1133 + if (unlikely(new_len > nbytes)) 1134 + new_len -= bs; 1135 + } 1136 + } 1137 + 1138 + if (!new_len) 1139 + return 0; 1140 + 1141 + if (nbytes != new_len) 1142 + aligned = false; 1143 + 1144 + while (nbytes > 0 && sg_tmp) { 1145 + n++; 1146 + 1147 + if (bufcnt) { 1148 + if (!IS_ALIGNED(bufcnt, bs)) { 1149 + aligned = false; 1150 + break; 1151 + } 1152 + nbytes -= bufcnt; 1153 + bufcnt = 0; 1154 + if (!nbytes) 1155 + aligned = false; 1156 + 1157 + continue; 1158 + } 1159 + 1160 + if (offset < sg_tmp->length) { 1161 + if (!IS_ALIGNED(offset + sg_tmp->offset, 4)) { 1162 + aligned = false; 1163 + break; 1164 + } 1165 + 1166 + if (!IS_ALIGNED(sg_tmp->length - offset, bs)) { 1167 + aligned = false; 1168 + break; 1169 + } 1170 + } 1171 + 1172 + if (offset) { 1173 + offset -= sg_tmp->length; 1174 + if (offset < 0) { 1175 + nbytes += offset; 1176 + offset = 0; 1177 + } 1178 + } else { 1179 + nbytes -= sg_tmp->length; 1180 + } 1181 + 1182 + sg_tmp = sg_next(sg_tmp); 1183 + 1184 + if (nbytes < 0) { 1185 + aligned = false; 1186 + break; 1187 + } 1188 + } 1189 + 1190 + if (!aligned) 1191 + return stm32_hash_copy_sgs(rctx, sg, bs, new_len); 1192 + 1193 + rctx->total = new_len; 1194 + rctx->offset += new_len; 1195 + rctx->nents = n; 1196 + if (state->bufcnt) { 1197 + sg_init_table(rctx->sgl, 2); 1198 + sg_set_buf(rctx->sgl, rctx->hdev->xmit_buf, state->bufcnt); 1199 + sg_chain(rctx->sgl, 2, sg); 1200 + rctx->sg = rctx->sgl; 1201 + } else { 1202 + rctx->sg = sg; 1203 + } 1204 + 1205 + return 0; 1206 + } 1207 + 1208 + static int stm32_hash_prepare_request(struct ahash_request *req) 1209 + { 1210 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1211 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(tfm); 1212 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 1213 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 1214 + struct stm32_hash_state *state = &rctx->state; 1215 + unsigned int nbytes; 1216 + int ret, hash_later, bs; 1217 + bool update = rctx->op & HASH_OP_UPDATE; 1218 + bool init = !(state->flags & HASH_FLAGS_INIT); 1219 + bool finup = state->flags & HASH_FLAGS_FINUP; 1220 + bool final = state->flags & HASH_FLAGS_FINAL; 1221 + 1222 + if (!hdev->dma_lch || state->flags & HASH_FLAGS_CPU) 1223 + return 0; 1224 + 1225 + bs = crypto_ahash_blocksize(tfm); 1226 + 1227 + nbytes = state->bufcnt; 1228 + 1229 + /* 1230 + * In case of update request nbytes must correspond to the content of the 1231 + * buffer + the offset minus the content of the request already in the 1232 + * buffer. 1233 + */ 1234 + if (update || finup) 1235 + nbytes += req->nbytes - rctx->offset; 1236 + 1237 + dev_dbg(hdev->dev, 1238 + "%s: nbytes=%d, bs=%d, total=%d, offset=%d, bufcnt=%d\n", 1239 + __func__, nbytes, bs, rctx->total, rctx->offset, state->bufcnt); 1240 + 1241 + if (!nbytes) 1242 + return 0; 1243 + 1244 + rctx->total = nbytes; 1245 + 1246 + if (update && req->nbytes && (!IS_ALIGNED(state->bufcnt, bs))) { 1247 + int len = bs - state->bufcnt % bs; 1248 + 1249 + if (len > req->nbytes) 1250 + len = req->nbytes; 1251 + scatterwalk_map_and_copy(state->buffer + state->bufcnt, req->src, 1252 + 0, len, 0); 1253 + state->bufcnt += len; 1254 + rctx->offset = len; 1255 + } 1256 + 1257 + /* copy buffer in a temporary one that is used for sg alignment */ 1258 + if (state->bufcnt) 1259 + memcpy(hdev->xmit_buf, state->buffer, state->bufcnt); 1260 + 1261 + ret = stm32_hash_align_sgs(req->src, nbytes, bs, init, final, rctx); 1262 + if (ret) 1263 + return ret; 1264 + 1265 + hash_later = nbytes - rctx->total; 1266 + if (hash_later < 0) 1267 + hash_later = 0; 1268 + 1269 + if (hash_later && hash_later <= state->blocklen) { 1270 + scatterwalk_map_and_copy(state->buffer, 1271 + req->src, 1272 + req->nbytes - hash_later, 1273 + hash_later, 0); 1274 + 1275 + state->bufcnt = hash_later; 1276 + } else { 1277 + state->bufcnt = 0; 1278 + } 1279 + 1280 + if (hash_later > state->blocklen) { 1281 + /* FIXME: add support of this case */ 1282 + pr_err("Buffer contains more than one block.\n"); 1283 + return -ENOMEM; 1284 + } 1285 + 1286 + rctx->total = min(nbytes, rctx->total); 1287 + 1288 + return 0; 1289 + } 1290 + 1291 + static void stm32_hash_unprepare_request(struct ahash_request *req) 1292 + { 1293 + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 1294 + struct stm32_hash_state *state = &rctx->state; 1295 + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 1296 + struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 1297 + u32 *preg = state->hw_context; 1298 + int swap_reg, i; 1299 + 1300 + if (hdev->dma_lch) 1301 + dmaengine_terminate_sync(hdev->dma_lch); 1302 + 1303 + if (state->flags & HASH_FLAGS_SGS_COPIED) 1304 + free_pages((unsigned long)sg_virt(rctx->sg), get_order(rctx->sg->length)); 1305 + 1306 + rctx->sg = NULL; 1307 + rctx->offset = 0; 1308 + 1309 + state->flags &= ~(HASH_FLAGS_SGS_COPIED); 1310 + 1311 + if (!(hdev->flags & HASH_FLAGS_INIT)) 1312 + goto pm_runtime; 1313 + 1314 + state->flags |= HASH_FLAGS_INIT; 1315 + 1316 + if (stm32_hash_wait_busy(hdev)) { 1317 + dev_warn(hdev->dev, "Wait busy failed."); 1318 + return; 1319 + } 1320 + 1321 + swap_reg = hash_swap_reg(rctx); 1322 + 1323 + if (!hdev->pdata->ux500) 1324 + *preg++ = stm32_hash_read(hdev, HASH_IMR); 1325 + *preg++ = stm32_hash_read(hdev, HASH_STR); 1326 + *preg++ = stm32_hash_read(hdev, HASH_CR); 1327 + for (i = 0; i < swap_reg; i++) 1328 + *preg++ = stm32_hash_read(hdev, HASH_CSR(i)); 1329 + 1330 + pm_runtime: 1331 + pm_runtime_mark_last_busy(hdev->dev); 1332 + pm_runtime_put_autosuspend(hdev->dev); 1333 + } 1334 + 1102 1335 static int stm32_hash_enqueue(struct ahash_request *req, unsigned int op) 1103 1336 { 1104 1337 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); ··· 1393 1070 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 1394 1071 struct stm32_hash_state *state = &rctx->state; 1395 1072 1396 - if (!req->nbytes || !(state->flags & HASH_FLAGS_CPU)) 1073 + if (!req->nbytes) 1397 1074 return 0; 1398 1075 1399 - rctx->total = req->nbytes; 1400 - rctx->sg = req->src; 1401 - rctx->offset = 0; 1402 1076 1403 - if ((state->bufcnt + rctx->total < state->blocklen)) { 1404 - stm32_hash_append_sg(rctx); 1405 - return 0; 1077 + if (state->flags & HASH_FLAGS_CPU) { 1078 + rctx->total = req->nbytes; 1079 + rctx->sg = req->src; 1080 + rctx->offset = 0; 1081 + 1082 + if ((state->bufcnt + rctx->total < state->blocklen)) { 1083 + stm32_hash_append_sg(rctx); 1084 + return 0; 1085 + } 1086 + } else { /* DMA mode */ 1087 + if (state->bufcnt + req->nbytes <= state->blocklen) { 1088 + scatterwalk_map_and_copy(state->buffer + state->bufcnt, req->src, 1089 + 0, req->nbytes, 0); 1090 + state->bufcnt += req->nbytes; 1091 + return 0; 1092 + } 1406 1093 } 1407 1094 1408 1095 return stm32_hash_enqueue(req, HASH_OP_UPDATE); ··· 1431 1098 static int stm32_hash_finup(struct ahash_request *req) 1432 1099 { 1433 1100 struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); 1434 - struct stm32_hash_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 1435 - struct stm32_hash_dev *hdev = stm32_hash_find_dev(ctx); 1436 1101 struct stm32_hash_state *state = &rctx->state; 1437 1102 1438 1103 if (!req->nbytes) 1439 1104 goto out; 1440 1105 1441 1106 state->flags |= HASH_FLAGS_FINUP; 1442 - rctx->total = req->nbytes; 1443 - rctx->sg = req->src; 1444 - rctx->offset = 0; 1445 1107 1446 - if (hdev->dma_lch && stm32_hash_dma_aligned_data(req)) 1447 - state->flags &= ~HASH_FLAGS_CPU; 1108 + if ((state->flags & HASH_FLAGS_CPU)) { 1109 + rctx->total = req->nbytes; 1110 + rctx->sg = req->src; 1111 + rctx->offset = 0; 1112 + } 1448 1113 1449 1114 out: 1450 1115 return stm32_hash_final(req); ··· 1546 1215 HASH_FLAGS_HMAC); 1547 1216 } 1548 1217 1549 - 1550 1218 static void stm32_hash_cra_exit(struct crypto_tfm *tfm) 1551 1219 { 1552 1220 struct stm32_hash_ctx *ctx = crypto_tfm_ctx(tfm); ··· 1558 1228 { 1559 1229 struct stm32_hash_dev *hdev = dev_id; 1560 1230 1561 - if (HASH_FLAGS_CPU & hdev->flags) { 1562 - if (HASH_FLAGS_OUTPUT_READY & hdev->flags) { 1563 - hdev->flags &= ~HASH_FLAGS_OUTPUT_READY; 1564 - goto finish; 1565 - } 1566 - } else if (HASH_FLAGS_DMA_ACTIVE & hdev->flags) { 1567 - hdev->flags &= ~HASH_FLAGS_DMA_ACTIVE; 1568 - goto finish; 1231 + if (HASH_FLAGS_OUTPUT_READY & hdev->flags) { 1232 + hdev->flags &= ~HASH_FLAGS_OUTPUT_READY; 1233 + goto finish; 1569 1234 } 1570 1235 1571 1236 return IRQ_HANDLED; ··· 2309 1984 .algs_info_size = ARRAY_SIZE(stm32_hash_algs_info_stm32mp13), 2310 1985 .has_sr = true, 2311 1986 .has_mdmat = true, 1987 + .context_secured = true, 2312 1988 }; 2313 1989 2314 1990 static const struct of_device_id stm32_hash_of_match[] = {

+9

drivers/crypto/tegra/Makefile

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + 4 + tegra-se-objs := tegra-se-key.o tegra-se-main.o 5 + 6 + tegra-se-y += tegra-se-aes.o 7 + tegra-se-y += tegra-se-hash.o 8 + 9 + obj-$(CONFIG_CRYPTO_DEV_TEGRA) += tegra-se.o

+1933

drivers/crypto/tegra/tegra-se-aes.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + /* 4 + * Crypto driver to handle block cipher algorithms using NVIDIA Security Engine. 5 + */ 6 + 7 + #include <linux/clk.h> 8 + #include <linux/dma-mapping.h> 9 + #include <linux/module.h> 10 + #include <linux/of_device.h> 11 + #include <linux/platform_device.h> 12 + 13 + #include <crypto/aead.h> 14 + #include <crypto/aes.h> 15 + #include <crypto/engine.h> 16 + #include <crypto/gcm.h> 17 + #include <crypto/scatterwalk.h> 18 + #include <crypto/xts.h> 19 + #include <crypto/internal/aead.h> 20 + #include <crypto/internal/hash.h> 21 + #include <crypto/internal/skcipher.h> 22 + 23 + #include "tegra-se.h" 24 + 25 + struct tegra_aes_ctx { 26 + struct tegra_se *se; 27 + u32 alg; 28 + u32 ivsize; 29 + u32 key1_id; 30 + u32 key2_id; 31 + }; 32 + 33 + struct tegra_aes_reqctx { 34 + struct tegra_se_datbuf datbuf; 35 + bool encrypt; 36 + u32 config; 37 + u32 crypto_config; 38 + u32 len; 39 + u32 *iv; 40 + }; 41 + 42 + struct tegra_aead_ctx { 43 + struct tegra_se *se; 44 + unsigned int authsize; 45 + u32 alg; 46 + u32 keylen; 47 + u32 key_id; 48 + }; 49 + 50 + struct tegra_aead_reqctx { 51 + struct tegra_se_datbuf inbuf; 52 + struct tegra_se_datbuf outbuf; 53 + struct scatterlist *src_sg; 54 + struct scatterlist *dst_sg; 55 + unsigned int assoclen; 56 + unsigned int cryptlen; 57 + unsigned int authsize; 58 + bool encrypt; 59 + u32 config; 60 + u32 crypto_config; 61 + u32 key_id; 62 + u32 iv[4]; 63 + u8 authdata[16]; 64 + }; 65 + 66 + struct tegra_cmac_ctx { 67 + struct tegra_se *se; 68 + unsigned int alg; 69 + u32 key_id; 70 + struct crypto_shash *fallback_tfm; 71 + }; 72 + 73 + struct tegra_cmac_reqctx { 74 + struct scatterlist *src_sg; 75 + struct tegra_se_datbuf datbuf; 76 + struct tegra_se_datbuf residue; 77 + unsigned int total_len; 78 + unsigned int blk_size; 79 + unsigned int task; 80 + u32 crypto_config; 81 + u32 config; 82 + u32 key_id; 83 + u32 *iv; 84 + u32 result[CMAC_RESULT_REG_COUNT]; 85 + }; 86 + 87 + /* increment counter (128-bit int) */ 88 + static void ctr_iv_inc(__u8 *counter, __u8 bits, __u32 nums) 89 + { 90 + do { 91 + --bits; 92 + nums += counter[bits]; 93 + counter[bits] = nums & 0xff; 94 + nums >>= 8; 95 + } while (bits && nums); 96 + } 97 + 98 + static void tegra_cbc_iv_copyback(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 99 + { 100 + struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 101 + unsigned int offset; 102 + 103 + offset = req->cryptlen - ctx->ivsize; 104 + 105 + if (rctx->encrypt) 106 + memcpy(req->iv, rctx->datbuf.buf + offset, ctx->ivsize); 107 + else 108 + scatterwalk_map_and_copy(req->iv, req->src, offset, ctx->ivsize, 0); 109 + } 110 + 111 + static void tegra_aes_update_iv(struct skcipher_request *req, struct tegra_aes_ctx *ctx) 112 + { 113 + int num; 114 + 115 + if (ctx->alg == SE_ALG_CBC) { 116 + tegra_cbc_iv_copyback(req, ctx); 117 + } else if (ctx->alg == SE_ALG_CTR) { 118 + num = req->cryptlen / ctx->ivsize; 119 + if (req->cryptlen % ctx->ivsize) 120 + num++; 121 + 122 + ctr_iv_inc(req->iv, ctx->ivsize, num); 123 + } 124 + } 125 + 126 + static int tegra234_aes_crypto_cfg(u32 alg, bool encrypt) 127 + { 128 + switch (alg) { 129 + case SE_ALG_CMAC: 130 + case SE_ALG_GMAC: 131 + case SE_ALG_GCM: 132 + case SE_ALG_GCM_FINAL: 133 + return 0; 134 + case SE_ALG_CBC: 135 + if (encrypt) 136 + return SE_CRYPTO_CFG_CBC_ENCRYPT; 137 + else 138 + return SE_CRYPTO_CFG_CBC_DECRYPT; 139 + case SE_ALG_ECB: 140 + if (encrypt) 141 + return SE_CRYPTO_CFG_ECB_ENCRYPT; 142 + else 143 + return SE_CRYPTO_CFG_ECB_DECRYPT; 144 + case SE_ALG_XTS: 145 + if (encrypt) 146 + return SE_CRYPTO_CFG_XTS_ENCRYPT; 147 + else 148 + return SE_CRYPTO_CFG_XTS_DECRYPT; 149 + 150 + case SE_ALG_CTR: 151 + return SE_CRYPTO_CFG_CTR; 152 + case SE_ALG_CBC_MAC: 153 + return SE_CRYPTO_CFG_CBC_MAC; 154 + 155 + default: 156 + break; 157 + } 158 + 159 + return -EINVAL; 160 + } 161 + 162 + static int tegra234_aes_cfg(u32 alg, bool encrypt) 163 + { 164 + switch (alg) { 165 + case SE_ALG_CBC: 166 + case SE_ALG_ECB: 167 + case SE_ALG_XTS: 168 + case SE_ALG_CTR: 169 + if (encrypt) 170 + return SE_CFG_AES_ENCRYPT; 171 + else 172 + return SE_CFG_AES_DECRYPT; 173 + 174 + case SE_ALG_GMAC: 175 + if (encrypt) 176 + return SE_CFG_GMAC_ENCRYPT; 177 + else 178 + return SE_CFG_GMAC_DECRYPT; 179 + 180 + case SE_ALG_GCM: 181 + if (encrypt) 182 + return SE_CFG_GCM_ENCRYPT; 183 + else 184 + return SE_CFG_GCM_DECRYPT; 185 + 186 + case SE_ALG_GCM_FINAL: 187 + if (encrypt) 188 + return SE_CFG_GCM_FINAL_ENCRYPT; 189 + else 190 + return SE_CFG_GCM_FINAL_DECRYPT; 191 + 192 + case SE_ALG_CMAC: 193 + return SE_CFG_CMAC; 194 + 195 + case SE_ALG_CBC_MAC: 196 + return SE_AES_ENC_ALG_AES_ENC | 197 + SE_AES_DST_HASH_REG; 198 + } 199 + return -EINVAL; 200 + } 201 + 202 + static unsigned int tegra_aes_prep_cmd(struct tegra_aes_ctx *ctx, 203 + struct tegra_aes_reqctx *rctx) 204 + { 205 + unsigned int data_count, res_bits, i = 0, j; 206 + struct tegra_se *se = ctx->se; 207 + u32 *cpuvaddr = se->cmdbuf->addr; 208 + dma_addr_t addr = rctx->datbuf.addr; 209 + 210 + data_count = rctx->len / AES_BLOCK_SIZE; 211 + res_bits = (rctx->len % AES_BLOCK_SIZE) * 8; 212 + 213 + /* 214 + * Hardware processes data_count + 1 blocks. 215 + * Reduce 1 block if there is no residue 216 + */ 217 + if (!res_bits) 218 + data_count--; 219 + 220 + if (rctx->iv) { 221 + cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 222 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 223 + for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 224 + cpuvaddr[i++] = rctx->iv[j]; 225 + } 226 + 227 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 228 + cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 229 + SE_LAST_BLOCK_RES_BITS(res_bits); 230 + 231 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 232 + cpuvaddr[i++] = rctx->config; 233 + cpuvaddr[i++] = rctx->crypto_config; 234 + 235 + /* Source address setting */ 236 + cpuvaddr[i++] = lower_32_bits(addr); 237 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | SE_ADDR_HI_SZ(rctx->len); 238 + 239 + /* Destination address setting */ 240 + cpuvaddr[i++] = lower_32_bits(addr); 241 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(addr)) | 242 + SE_ADDR_HI_SZ(rctx->len); 243 + 244 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 245 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 246 + SE_AES_OP_START; 247 + 248 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 249 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 250 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 251 + 252 + dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 253 + 254 + return i; 255 + } 256 + 257 + static int tegra_aes_do_one_req(struct crypto_engine *engine, void *areq) 258 + { 259 + struct skcipher_request *req = container_of(areq, struct skcipher_request, base); 260 + struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req)); 261 + struct tegra_aes_reqctx *rctx = skcipher_request_ctx(req); 262 + struct tegra_se *se = ctx->se; 263 + unsigned int cmdlen; 264 + int ret; 265 + 266 + rctx->datbuf.buf = dma_alloc_coherent(se->dev, SE_AES_BUFLEN, 267 + &rctx->datbuf.addr, GFP_KERNEL); 268 + if (!rctx->datbuf.buf) 269 + return -ENOMEM; 270 + 271 + rctx->datbuf.size = SE_AES_BUFLEN; 272 + rctx->iv = (u32 *)req->iv; 273 + rctx->len = req->cryptlen; 274 + 275 + /* Pad input to AES Block size */ 276 + if (ctx->alg != SE_ALG_XTS) { 277 + if (rctx->len % AES_BLOCK_SIZE) 278 + rctx->len += AES_BLOCK_SIZE - (rctx->len % AES_BLOCK_SIZE); 279 + } 280 + 281 + scatterwalk_map_and_copy(rctx->datbuf.buf, req->src, 0, req->cryptlen, 0); 282 + 283 + /* Prepare the command and submit for execution */ 284 + cmdlen = tegra_aes_prep_cmd(ctx, rctx); 285 + ret = tegra_se_host1x_submit(se, cmdlen); 286 + 287 + /* Copy the result */ 288 + tegra_aes_update_iv(req, ctx); 289 + scatterwalk_map_and_copy(rctx->datbuf.buf, req->dst, 0, req->cryptlen, 1); 290 + 291 + /* Free the buffer */ 292 + dma_free_coherent(ctx->se->dev, SE_AES_BUFLEN, 293 + rctx->datbuf.buf, rctx->datbuf.addr); 294 + 295 + crypto_finalize_skcipher_request(se->engine, req, ret); 296 + 297 + return 0; 298 + } 299 + 300 + static int tegra_aes_cra_init(struct crypto_skcipher *tfm) 301 + { 302 + struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 303 + struct skcipher_alg *alg = crypto_skcipher_alg(tfm); 304 + struct tegra_se_alg *se_alg; 305 + const char *algname; 306 + int ret; 307 + 308 + se_alg = container_of(alg, struct tegra_se_alg, alg.skcipher.base); 309 + 310 + crypto_skcipher_set_reqsize(tfm, sizeof(struct tegra_aes_reqctx)); 311 + 312 + ctx->ivsize = crypto_skcipher_ivsize(tfm); 313 + ctx->se = se_alg->se_dev; 314 + ctx->key1_id = 0; 315 + ctx->key2_id = 0; 316 + 317 + algname = crypto_tfm_alg_name(&tfm->base); 318 + ret = se_algname_to_algid(algname); 319 + if (ret < 0) { 320 + dev_err(ctx->se->dev, "invalid algorithm\n"); 321 + return ret; 322 + } 323 + 324 + ctx->alg = ret; 325 + 326 + return 0; 327 + } 328 + 329 + static void tegra_aes_cra_exit(struct crypto_skcipher *tfm) 330 + { 331 + struct tegra_aes_ctx *ctx = crypto_tfm_ctx(&tfm->base); 332 + 333 + if (ctx->key1_id) 334 + tegra_key_invalidate(ctx->se, ctx->key1_id, ctx->alg); 335 + 336 + if (ctx->key2_id) 337 + tegra_key_invalidate(ctx->se, ctx->key2_id, ctx->alg); 338 + } 339 + 340 + static int tegra_aes_setkey(struct crypto_skcipher *tfm, 341 + const u8 *key, u32 keylen) 342 + { 343 + struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 344 + 345 + if (aes_check_keylen(keylen)) { 346 + dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 347 + return -EINVAL; 348 + } 349 + 350 + return tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key1_id); 351 + } 352 + 353 + static int tegra_xts_setkey(struct crypto_skcipher *tfm, 354 + const u8 *key, u32 keylen) 355 + { 356 + struct tegra_aes_ctx *ctx = crypto_skcipher_ctx(tfm); 357 + u32 len = keylen / 2; 358 + int ret; 359 + 360 + ret = xts_verify_key(tfm, key, keylen); 361 + if (ret || aes_check_keylen(len)) { 362 + dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 363 + return -EINVAL; 364 + } 365 + 366 + ret = tegra_key_submit(ctx->se, key, len, 367 + ctx->alg, &ctx->key1_id); 368 + if (ret) 369 + return ret; 370 + 371 + return tegra_key_submit(ctx->se, key + len, len, 372 + ctx->alg, &ctx->key2_id); 373 + 374 + return 0; 375 + } 376 + 377 + static int tegra_aes_kac_manifest(u32 user, u32 alg, u32 keylen) 378 + { 379 + int manifest; 380 + 381 + manifest = SE_KAC_USER_NS; 382 + 383 + switch (alg) { 384 + case SE_ALG_CBC: 385 + case SE_ALG_ECB: 386 + case SE_ALG_CTR: 387 + manifest |= SE_KAC_ENC; 388 + break; 389 + case SE_ALG_XTS: 390 + manifest |= SE_KAC_XTS; 391 + break; 392 + case SE_ALG_GCM: 393 + manifest |= SE_KAC_GCM; 394 + break; 395 + case SE_ALG_CMAC: 396 + manifest |= SE_KAC_CMAC; 397 + break; 398 + case SE_ALG_CBC_MAC: 399 + manifest |= SE_KAC_ENC; 400 + break; 401 + default: 402 + return -EINVAL; 403 + } 404 + 405 + switch (keylen) { 406 + case AES_KEYSIZE_128: 407 + manifest |= SE_KAC_SIZE_128; 408 + break; 409 + case AES_KEYSIZE_192: 410 + manifest |= SE_KAC_SIZE_192; 411 + break; 412 + case AES_KEYSIZE_256: 413 + manifest |= SE_KAC_SIZE_256; 414 + break; 415 + default: 416 + return -EINVAL; 417 + } 418 + 419 + return manifest; 420 + } 421 + 422 + static int tegra_aes_crypt(struct skcipher_request *req, bool encrypt) 423 + 424 + { 425 + struct crypto_skcipher *tfm; 426 + struct tegra_aes_ctx *ctx; 427 + struct tegra_aes_reqctx *rctx; 428 + 429 + tfm = crypto_skcipher_reqtfm(req); 430 + ctx = crypto_skcipher_ctx(tfm); 431 + rctx = skcipher_request_ctx(req); 432 + 433 + if (ctx->alg != SE_ALG_XTS) { 434 + if (!IS_ALIGNED(req->cryptlen, crypto_skcipher_blocksize(tfm))) { 435 + dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 436 + return -EINVAL; 437 + } 438 + } else if (req->cryptlen < XTS_BLOCK_SIZE) { 439 + dev_dbg(ctx->se->dev, "invalid length (%d)", req->cryptlen); 440 + return -EINVAL; 441 + } 442 + 443 + if (!req->cryptlen) 444 + return 0; 445 + 446 + rctx->encrypt = encrypt; 447 + rctx->config = tegra234_aes_cfg(ctx->alg, encrypt); 448 + rctx->crypto_config = tegra234_aes_crypto_cfg(ctx->alg, encrypt); 449 + rctx->crypto_config |= SE_AES_KEY_INDEX(ctx->key1_id); 450 + 451 + if (ctx->key2_id) 452 + rctx->crypto_config |= SE_AES_KEY2_INDEX(ctx->key2_id); 453 + 454 + return crypto_transfer_skcipher_request_to_engine(ctx->se->engine, req); 455 + } 456 + 457 + static int tegra_aes_encrypt(struct skcipher_request *req) 458 + { 459 + return tegra_aes_crypt(req, true); 460 + } 461 + 462 + static int tegra_aes_decrypt(struct skcipher_request *req) 463 + { 464 + return tegra_aes_crypt(req, false); 465 + } 466 + 467 + static struct tegra_se_alg tegra_aes_algs[] = { 468 + { 469 + .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 470 + .alg.skcipher.base = { 471 + .init = tegra_aes_cra_init, 472 + .exit = tegra_aes_cra_exit, 473 + .setkey = tegra_aes_setkey, 474 + .encrypt = tegra_aes_encrypt, 475 + .decrypt = tegra_aes_decrypt, 476 + .min_keysize = AES_MIN_KEY_SIZE, 477 + .max_keysize = AES_MAX_KEY_SIZE, 478 + .ivsize = AES_BLOCK_SIZE, 479 + .base = { 480 + .cra_name = "cbc(aes)", 481 + .cra_driver_name = "cbc-aes-tegra", 482 + .cra_priority = 500, 483 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 484 + .cra_blocksize = AES_BLOCK_SIZE, 485 + .cra_ctxsize = sizeof(struct tegra_aes_ctx), 486 + .cra_alignmask = 0xf, 487 + .cra_module = THIS_MODULE, 488 + }, 489 + } 490 + }, { 491 + .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 492 + .alg.skcipher.base = { 493 + .init = tegra_aes_cra_init, 494 + .exit = tegra_aes_cra_exit, 495 + .setkey = tegra_aes_setkey, 496 + .encrypt = tegra_aes_encrypt, 497 + .decrypt = tegra_aes_decrypt, 498 + .min_keysize = AES_MIN_KEY_SIZE, 499 + .max_keysize = AES_MAX_KEY_SIZE, 500 + .base = { 501 + .cra_name = "ecb(aes)", 502 + .cra_driver_name = "ecb-aes-tegra", 503 + .cra_priority = 500, 504 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 505 + .cra_blocksize = AES_BLOCK_SIZE, 506 + .cra_ctxsize = sizeof(struct tegra_aes_ctx), 507 + .cra_alignmask = 0xf, 508 + .cra_module = THIS_MODULE, 509 + }, 510 + } 511 + }, { 512 + .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 513 + .alg.skcipher.base = { 514 + .init = tegra_aes_cra_init, 515 + .exit = tegra_aes_cra_exit, 516 + .setkey = tegra_aes_setkey, 517 + .encrypt = tegra_aes_encrypt, 518 + .decrypt = tegra_aes_decrypt, 519 + .min_keysize = AES_MIN_KEY_SIZE, 520 + .max_keysize = AES_MAX_KEY_SIZE, 521 + .ivsize = AES_BLOCK_SIZE, 522 + .base = { 523 + .cra_name = "ctr(aes)", 524 + .cra_driver_name = "ctr-aes-tegra", 525 + .cra_priority = 500, 526 + .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, 527 + .cra_blocksize = 1, 528 + .cra_ctxsize = sizeof(struct tegra_aes_ctx), 529 + .cra_alignmask = 0xf, 530 + .cra_module = THIS_MODULE, 531 + }, 532 + } 533 + }, { 534 + .alg.skcipher.op.do_one_request = tegra_aes_do_one_req, 535 + .alg.skcipher.base = { 536 + .init = tegra_aes_cra_init, 537 + .exit = tegra_aes_cra_exit, 538 + .setkey = tegra_xts_setkey, 539 + .encrypt = tegra_aes_encrypt, 540 + .decrypt = tegra_aes_decrypt, 541 + .min_keysize = 2 * AES_MIN_KEY_SIZE, 542 + .max_keysize = 2 * AES_MAX_KEY_SIZE, 543 + .ivsize = AES_BLOCK_SIZE, 544 + .base = { 545 + .cra_name = "xts(aes)", 546 + .cra_driver_name = "xts-aes-tegra", 547 + .cra_priority = 500, 548 + .cra_blocksize = AES_BLOCK_SIZE, 549 + .cra_ctxsize = sizeof(struct tegra_aes_ctx), 550 + .cra_alignmask = (__alignof__(u64) - 1), 551 + .cra_module = THIS_MODULE, 552 + }, 553 + } 554 + }, 555 + }; 556 + 557 + static unsigned int tegra_gmac_prep_cmd(struct tegra_aead_ctx *ctx, 558 + struct tegra_aead_reqctx *rctx) 559 + { 560 + unsigned int data_count, res_bits, i = 0; 561 + struct tegra_se *se = ctx->se; 562 + u32 *cpuvaddr = se->cmdbuf->addr; 563 + 564 + data_count = (rctx->assoclen / AES_BLOCK_SIZE); 565 + res_bits = (rctx->assoclen % AES_BLOCK_SIZE) * 8; 566 + 567 + /* 568 + * Hardware processes data_count + 1 blocks. 569 + * Reduce 1 block if there is no residue 570 + */ 571 + if (!res_bits) 572 + data_count--; 573 + 574 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 575 + cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 576 + SE_LAST_BLOCK_RES_BITS(res_bits); 577 + 578 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 4); 579 + cpuvaddr[i++] = rctx->config; 580 + cpuvaddr[i++] = rctx->crypto_config; 581 + cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 582 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 583 + SE_ADDR_HI_SZ(rctx->assoclen); 584 + 585 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 586 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 587 + SE_AES_OP_INIT | SE_AES_OP_LASTBUF | 588 + SE_AES_OP_START; 589 + 590 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 591 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 592 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 593 + 594 + return i; 595 + } 596 + 597 + static unsigned int tegra_gcm_crypt_prep_cmd(struct tegra_aead_ctx *ctx, 598 + struct tegra_aead_reqctx *rctx) 599 + { 600 + unsigned int data_count, res_bits, i = 0, j; 601 + struct tegra_se *se = ctx->se; 602 + u32 *cpuvaddr = se->cmdbuf->addr, op; 603 + 604 + data_count = (rctx->cryptlen / AES_BLOCK_SIZE); 605 + res_bits = (rctx->cryptlen % AES_BLOCK_SIZE) * 8; 606 + op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 607 + SE_AES_OP_LASTBUF | SE_AES_OP_START; 608 + 609 + /* 610 + * If there is no assoc data, 611 + * this will be the init command 612 + */ 613 + if (!rctx->assoclen) 614 + op |= SE_AES_OP_INIT; 615 + 616 + /* 617 + * Hardware processes data_count + 1 blocks. 618 + * Reduce 1 block if there is no residue 619 + */ 620 + if (!res_bits) 621 + data_count--; 622 + 623 + cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 624 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 625 + for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 626 + cpuvaddr[i++] = rctx->iv[j]; 627 + 628 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 629 + cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 630 + SE_LAST_BLOCK_RES_BITS(res_bits); 631 + 632 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 633 + cpuvaddr[i++] = rctx->config; 634 + cpuvaddr[i++] = rctx->crypto_config; 635 + 636 + /* Source Address */ 637 + cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 638 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 639 + SE_ADDR_HI_SZ(rctx->cryptlen); 640 + 641 + /* Destination Address */ 642 + cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 643 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 644 + SE_ADDR_HI_SZ(rctx->cryptlen); 645 + 646 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 647 + cpuvaddr[i++] = op; 648 + 649 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 650 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 651 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 652 + 653 + dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 654 + return i; 655 + } 656 + 657 + static int tegra_gcm_prep_final_cmd(struct tegra_se *se, u32 *cpuvaddr, 658 + struct tegra_aead_reqctx *rctx) 659 + { 660 + unsigned int i = 0, j; 661 + u32 op; 662 + 663 + op = SE_AES_OP_WRSTALL | SE_AES_OP_FINAL | 664 + SE_AES_OP_LASTBUF | SE_AES_OP_START; 665 + 666 + /* 667 + * Set init for zero sized vector 668 + */ 669 + if (!rctx->assoclen && !rctx->cryptlen) 670 + op |= SE_AES_OP_INIT; 671 + 672 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->aad_len, 2); 673 + cpuvaddr[i++] = rctx->assoclen * 8; 674 + cpuvaddr[i++] = 0; 675 + 676 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->cryp_msg_len, 2); 677 + cpuvaddr[i++] = rctx->cryptlen * 8; 678 + cpuvaddr[i++] = 0; 679 + 680 + cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 681 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 682 + for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 683 + cpuvaddr[i++] = rctx->iv[j]; 684 + 685 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 686 + cpuvaddr[i++] = rctx->config; 687 + cpuvaddr[i++] = rctx->crypto_config; 688 + cpuvaddr[i++] = 0; 689 + cpuvaddr[i++] = 0; 690 + 691 + /* Destination Address */ 692 + cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 693 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 694 + SE_ADDR_HI_SZ(0x10); /* HW always generates 128-bit tag */ 695 + 696 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 697 + cpuvaddr[i++] = op; 698 + 699 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 700 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 701 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 702 + 703 + dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", rctx->config, rctx->crypto_config); 704 + 705 + return i; 706 + } 707 + 708 + static int tegra_gcm_do_gmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 709 + { 710 + struct tegra_se *se = ctx->se; 711 + unsigned int cmdlen; 712 + 713 + scatterwalk_map_and_copy(rctx->inbuf.buf, 714 + rctx->src_sg, 0, rctx->assoclen, 0); 715 + 716 + rctx->config = tegra234_aes_cfg(SE_ALG_GMAC, rctx->encrypt); 717 + rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GMAC, rctx->encrypt) | 718 + SE_AES_KEY_INDEX(ctx->key_id); 719 + 720 + cmdlen = tegra_gmac_prep_cmd(ctx, rctx); 721 + 722 + return tegra_se_host1x_submit(se, cmdlen); 723 + } 724 + 725 + static int tegra_gcm_do_crypt(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 726 + { 727 + struct tegra_se *se = ctx->se; 728 + int cmdlen, ret; 729 + 730 + scatterwalk_map_and_copy(rctx->inbuf.buf, rctx->src_sg, 731 + rctx->assoclen, rctx->cryptlen, 0); 732 + 733 + rctx->config = tegra234_aes_cfg(SE_ALG_GCM, rctx->encrypt); 734 + rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM, rctx->encrypt) | 735 + SE_AES_KEY_INDEX(ctx->key_id); 736 + 737 + /* Prepare command and submit */ 738 + cmdlen = tegra_gcm_crypt_prep_cmd(ctx, rctx); 739 + ret = tegra_se_host1x_submit(se, cmdlen); 740 + if (ret) 741 + return ret; 742 + 743 + /* Copy the result */ 744 + scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 745 + rctx->assoclen, rctx->cryptlen, 1); 746 + 747 + return 0; 748 + } 749 + 750 + static int tegra_gcm_do_final(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 751 + { 752 + struct tegra_se *se = ctx->se; 753 + u32 *cpuvaddr = se->cmdbuf->addr; 754 + int cmdlen, ret, offset; 755 + 756 + rctx->config = tegra234_aes_cfg(SE_ALG_GCM_FINAL, rctx->encrypt); 757 + rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_GCM_FINAL, rctx->encrypt) | 758 + SE_AES_KEY_INDEX(ctx->key_id); 759 + 760 + /* Prepare command and submit */ 761 + cmdlen = tegra_gcm_prep_final_cmd(se, cpuvaddr, rctx); 762 + ret = tegra_se_host1x_submit(se, cmdlen); 763 + if (ret) 764 + return ret; 765 + 766 + if (rctx->encrypt) { 767 + /* Copy the result */ 768 + offset = rctx->assoclen + rctx->cryptlen; 769 + scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 770 + offset, rctx->authsize, 1); 771 + } 772 + 773 + return 0; 774 + } 775 + 776 + static int tegra_gcm_do_verify(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 777 + { 778 + unsigned int offset; 779 + u8 mac[16]; 780 + 781 + offset = rctx->assoclen + rctx->cryptlen; 782 + scatterwalk_map_and_copy(mac, rctx->src_sg, offset, rctx->authsize, 0); 783 + 784 + if (crypto_memneq(rctx->outbuf.buf, mac, rctx->authsize)) 785 + return -EBADMSG; 786 + 787 + return 0; 788 + } 789 + 790 + static inline int tegra_ccm_check_iv(const u8 *iv) 791 + { 792 + /* iv[0] gives value of q-1 793 + * 2 <= q <= 8 as per NIST 800-38C notation 794 + * 2 <= L <= 8, so 1 <= L' <= 7. as per rfc 3610 notation 795 + */ 796 + if (iv[0] < 1 || iv[0] > 7) { 797 + pr_debug("ccm_check_iv failed %d\n", iv[0]); 798 + return -EINVAL; 799 + } 800 + 801 + return 0; 802 + } 803 + 804 + static unsigned int tegra_cbcmac_prep_cmd(struct tegra_aead_ctx *ctx, 805 + struct tegra_aead_reqctx *rctx) 806 + { 807 + unsigned int data_count, i = 0; 808 + struct tegra_se *se = ctx->se; 809 + u32 *cpuvaddr = se->cmdbuf->addr; 810 + 811 + data_count = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 812 + 813 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 814 + cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count); 815 + 816 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 817 + cpuvaddr[i++] = rctx->config; 818 + cpuvaddr[i++] = rctx->crypto_config; 819 + 820 + cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 821 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 822 + SE_ADDR_HI_SZ(rctx->inbuf.size); 823 + 824 + cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 825 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 826 + SE_ADDR_HI_SZ(0x10); /* HW always generates 128 bit tag */ 827 + 828 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 829 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | 830 + SE_AES_OP_LASTBUF | SE_AES_OP_START; 831 + 832 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 833 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 834 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 835 + 836 + return i; 837 + } 838 + 839 + static unsigned int tegra_ctr_prep_cmd(struct tegra_aead_ctx *ctx, 840 + struct tegra_aead_reqctx *rctx) 841 + { 842 + unsigned int i = 0, j; 843 + struct tegra_se *se = ctx->se; 844 + u32 *cpuvaddr = se->cmdbuf->addr; 845 + 846 + cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 847 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 848 + for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 849 + cpuvaddr[i++] = rctx->iv[j]; 850 + 851 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 852 + cpuvaddr[i++] = (rctx->inbuf.size / AES_BLOCK_SIZE) - 1; 853 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 854 + cpuvaddr[i++] = rctx->config; 855 + cpuvaddr[i++] = rctx->crypto_config; 856 + 857 + /* Source address setting */ 858 + cpuvaddr[i++] = lower_32_bits(rctx->inbuf.addr); 859 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->inbuf.addr)) | 860 + SE_ADDR_HI_SZ(rctx->inbuf.size); 861 + 862 + /* Destination address setting */ 863 + cpuvaddr[i++] = lower_32_bits(rctx->outbuf.addr); 864 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->outbuf.addr)) | 865 + SE_ADDR_HI_SZ(rctx->inbuf.size); 866 + 867 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 868 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_LASTBUF | 869 + SE_AES_OP_START; 870 + 871 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 872 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 873 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 874 + 875 + dev_dbg(se->dev, "cfg %#x crypto cfg %#x\n", 876 + rctx->config, rctx->crypto_config); 877 + 878 + return i; 879 + } 880 + 881 + static int tegra_ccm_do_cbcmac(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 882 + { 883 + struct tegra_se *se = ctx->se; 884 + int cmdlen; 885 + 886 + rctx->config = tegra234_aes_cfg(SE_ALG_CBC_MAC, rctx->encrypt); 887 + rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CBC_MAC, 888 + rctx->encrypt) | 889 + SE_AES_KEY_INDEX(ctx->key_id); 890 + 891 + /* Prepare command and submit */ 892 + cmdlen = tegra_cbcmac_prep_cmd(ctx, rctx); 893 + 894 + return tegra_se_host1x_submit(se, cmdlen); 895 + } 896 + 897 + static int tegra_ccm_set_msg_len(u8 *block, unsigned int msglen, int csize) 898 + { 899 + __be32 data; 900 + 901 + memset(block, 0, csize); 902 + block += csize; 903 + 904 + if (csize >= 4) 905 + csize = 4; 906 + else if (msglen > (1 << (8 * csize))) 907 + return -EOVERFLOW; 908 + 909 + data = cpu_to_be32(msglen); 910 + memcpy(block - csize, (u8 *)&data + 4 - csize, csize); 911 + 912 + return 0; 913 + } 914 + 915 + static int tegra_ccm_format_nonce(struct tegra_aead_reqctx *rctx, u8 *nonce) 916 + { 917 + unsigned int q, t; 918 + u8 *q_ptr, *iv = (u8 *)rctx->iv; 919 + 920 + memcpy(nonce, rctx->iv, 16); 921 + 922 + /*** 1. Prepare Flags Octet ***/ 923 + 924 + /* Encode t (mac length) */ 925 + t = rctx->authsize; 926 + nonce[0] |= (((t - 2) / 2) << 3); 927 + 928 + /* Adata */ 929 + if (rctx->assoclen) 930 + nonce[0] |= (1 << 6); 931 + 932 + /*** Encode Q - message length ***/ 933 + q = iv[0] + 1; 934 + q_ptr = nonce + 16 - q; 935 + 936 + return tegra_ccm_set_msg_len(q_ptr, rctx->cryptlen, q); 937 + } 938 + 939 + static int tegra_ccm_format_adata(u8 *adata, unsigned int a) 940 + { 941 + int len = 0; 942 + 943 + /* add control info for associated data 944 + * RFC 3610 and NIST Special Publication 800-38C 945 + */ 946 + if (a < 65280) { 947 + *(__be16 *)adata = cpu_to_be16(a); 948 + len = 2; 949 + } else { 950 + *(__be16 *)adata = cpu_to_be16(0xfffe); 951 + *(__be32 *)&adata[2] = cpu_to_be32(a); 952 + len = 6; 953 + } 954 + 955 + return len; 956 + } 957 + 958 + static int tegra_ccm_add_padding(u8 *buf, unsigned int len) 959 + { 960 + unsigned int padlen = 16 - (len % 16); 961 + u8 padding[16] = {0}; 962 + 963 + if (padlen == 16) 964 + return 0; 965 + 966 + memcpy(buf, padding, padlen); 967 + 968 + return padlen; 969 + } 970 + 971 + static int tegra_ccm_format_blocks(struct tegra_aead_reqctx *rctx) 972 + { 973 + unsigned int alen = 0, offset = 0; 974 + u8 nonce[16], adata[16]; 975 + int ret; 976 + 977 + ret = tegra_ccm_format_nonce(rctx, nonce); 978 + if (ret) 979 + return ret; 980 + 981 + memcpy(rctx->inbuf.buf, nonce, 16); 982 + offset = 16; 983 + 984 + if (rctx->assoclen) { 985 + alen = tegra_ccm_format_adata(adata, rctx->assoclen); 986 + memcpy(rctx->inbuf.buf + offset, adata, alen); 987 + offset += alen; 988 + 989 + scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 990 + rctx->src_sg, 0, rctx->assoclen, 0); 991 + 992 + offset += rctx->assoclen; 993 + offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, 994 + rctx->assoclen + alen); 995 + } 996 + 997 + return offset; 998 + } 999 + 1000 + static int tegra_ccm_mac_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1001 + { 1002 + u32 result[16]; 1003 + int i, ret; 1004 + 1005 + /* Read and clear Result */ 1006 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1007 + result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1008 + 1009 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1010 + writel(0, se->base + se->hw->regs->result + (i * 4)); 1011 + 1012 + if (rctx->encrypt) { 1013 + memcpy(rctx->authdata, result, rctx->authsize); 1014 + } else { 1015 + ret = crypto_memneq(rctx->authdata, result, rctx->authsize); 1016 + if (ret) 1017 + return -EBADMSG; 1018 + } 1019 + 1020 + return 0; 1021 + } 1022 + 1023 + static int tegra_ccm_ctr_result(struct tegra_se *se, struct tegra_aead_reqctx *rctx) 1024 + { 1025 + /* Copy result */ 1026 + scatterwalk_map_and_copy(rctx->outbuf.buf + 16, rctx->dst_sg, 1027 + rctx->assoclen, rctx->cryptlen, 1); 1028 + 1029 + if (rctx->encrypt) 1030 + scatterwalk_map_and_copy(rctx->outbuf.buf, rctx->dst_sg, 1031 + rctx->assoclen + rctx->cryptlen, 1032 + rctx->authsize, 1); 1033 + else 1034 + memcpy(rctx->authdata, rctx->outbuf.buf, rctx->authsize); 1035 + 1036 + return 0; 1037 + } 1038 + 1039 + static int tegra_ccm_compute_auth(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1040 + { 1041 + struct tegra_se *se = ctx->se; 1042 + struct scatterlist *sg; 1043 + int offset, ret; 1044 + 1045 + offset = tegra_ccm_format_blocks(rctx); 1046 + if (offset < 0) 1047 + return -EINVAL; 1048 + 1049 + /* Copy plain text to the buffer */ 1050 + sg = rctx->encrypt ? rctx->src_sg : rctx->dst_sg; 1051 + 1052 + scatterwalk_map_and_copy(rctx->inbuf.buf + offset, 1053 + sg, rctx->assoclen, 1054 + rctx->cryptlen, 0); 1055 + offset += rctx->cryptlen; 1056 + offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1057 + 1058 + rctx->inbuf.size = offset; 1059 + 1060 + ret = tegra_ccm_do_cbcmac(ctx, rctx); 1061 + if (ret) 1062 + return ret; 1063 + 1064 + return tegra_ccm_mac_result(se, rctx); 1065 + } 1066 + 1067 + static int tegra_ccm_do_ctr(struct tegra_aead_ctx *ctx, struct tegra_aead_reqctx *rctx) 1068 + { 1069 + struct tegra_se *se = ctx->se; 1070 + unsigned int cmdlen, offset = 0; 1071 + struct scatterlist *sg = rctx->src_sg; 1072 + int ret; 1073 + 1074 + rctx->config = tegra234_aes_cfg(SE_ALG_CTR, rctx->encrypt); 1075 + rctx->crypto_config = tegra234_aes_crypto_cfg(SE_ALG_CTR, rctx->encrypt) | 1076 + SE_AES_KEY_INDEX(ctx->key_id); 1077 + 1078 + /* Copy authdata in the top of buffer for encryption/decryption */ 1079 + if (rctx->encrypt) 1080 + memcpy(rctx->inbuf.buf, rctx->authdata, rctx->authsize); 1081 + else 1082 + scatterwalk_map_and_copy(rctx->inbuf.buf, sg, 1083 + rctx->assoclen + rctx->cryptlen, 1084 + rctx->authsize, 0); 1085 + 1086 + offset += rctx->authsize; 1087 + offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->authsize); 1088 + 1089 + /* If there is no cryptlen, proceed to submit the task */ 1090 + if (rctx->cryptlen) { 1091 + scatterwalk_map_and_copy(rctx->inbuf.buf + offset, sg, 1092 + rctx->assoclen, rctx->cryptlen, 0); 1093 + offset += rctx->cryptlen; 1094 + offset += tegra_ccm_add_padding(rctx->inbuf.buf + offset, rctx->cryptlen); 1095 + } 1096 + 1097 + rctx->inbuf.size = offset; 1098 + 1099 + /* Prepare command and submit */ 1100 + cmdlen = tegra_ctr_prep_cmd(ctx, rctx); 1101 + ret = tegra_se_host1x_submit(se, cmdlen); 1102 + if (ret) 1103 + return ret; 1104 + 1105 + return tegra_ccm_ctr_result(se, rctx); 1106 + } 1107 + 1108 + static int tegra_ccm_crypt_init(struct aead_request *req, struct tegra_se *se, 1109 + struct tegra_aead_reqctx *rctx) 1110 + { 1111 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1112 + u8 *iv = (u8 *)rctx->iv; 1113 + int ret, i; 1114 + 1115 + rctx->src_sg = req->src; 1116 + rctx->dst_sg = req->dst; 1117 + rctx->assoclen = req->assoclen; 1118 + rctx->authsize = crypto_aead_authsize(tfm); 1119 + 1120 + memcpy(iv, req->iv, 16); 1121 + 1122 + ret = tegra_ccm_check_iv(iv); 1123 + if (ret) 1124 + return ret; 1125 + 1126 + /* Note: rfc 3610 and NIST 800-38C require counter (ctr_0) of 1127 + * zero to encrypt auth tag. 1128 + * req->iv has the formatted ctr_0 (i.e. Flags || N || 0). 1129 + */ 1130 + memset(iv + 15 - iv[0], 0, iv[0] + 1); 1131 + 1132 + /* Clear any previous result */ 1133 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1134 + writel(0, se->base + se->hw->regs->result + (i * 4)); 1135 + 1136 + return 0; 1137 + } 1138 + 1139 + static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) 1140 + { 1141 + struct aead_request *req = container_of(areq, struct aead_request, base); 1142 + struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1143 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1144 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1145 + struct tegra_se *se = ctx->se; 1146 + int ret; 1147 + 1148 + /* Allocate buffers required */ 1149 + rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, SE_AES_BUFLEN, 1150 + &rctx->inbuf.addr, GFP_KERNEL); 1151 + if (!rctx->inbuf.buf) 1152 + return -ENOMEM; 1153 + 1154 + rctx->inbuf.size = SE_AES_BUFLEN; 1155 + 1156 + rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, SE_AES_BUFLEN, 1157 + &rctx->outbuf.addr, GFP_KERNEL); 1158 + if (!rctx->outbuf.buf) { 1159 + ret = -ENOMEM; 1160 + goto outbuf_err; 1161 + } 1162 + 1163 + rctx->outbuf.size = SE_AES_BUFLEN; 1164 + 1165 + ret = tegra_ccm_crypt_init(req, se, rctx); 1166 + if (ret) 1167 + goto out; 1168 + 1169 + if (rctx->encrypt) { 1170 + rctx->cryptlen = req->cryptlen; 1171 + 1172 + /* CBC MAC Operation */ 1173 + ret = tegra_ccm_compute_auth(ctx, rctx); 1174 + if (ret) 1175 + goto out; 1176 + 1177 + /* CTR operation */ 1178 + ret = tegra_ccm_do_ctr(ctx, rctx); 1179 + if (ret) 1180 + goto out; 1181 + } else { 1182 + rctx->cryptlen = req->cryptlen - ctx->authsize; 1183 + if (ret) 1184 + goto out; 1185 + 1186 + /* CTR operation */ 1187 + ret = tegra_ccm_do_ctr(ctx, rctx); 1188 + if (ret) 1189 + goto out; 1190 + 1191 + /* CBC MAC Operation */ 1192 + ret = tegra_ccm_compute_auth(ctx, rctx); 1193 + if (ret) 1194 + goto out; 1195 + } 1196 + 1197 + out: 1198 + dma_free_coherent(ctx->se->dev, SE_AES_BUFLEN, 1199 + rctx->outbuf.buf, rctx->outbuf.addr); 1200 + 1201 + outbuf_err: 1202 + dma_free_coherent(ctx->se->dev, SE_AES_BUFLEN, 1203 + rctx->inbuf.buf, rctx->inbuf.addr); 1204 + 1205 + crypto_finalize_aead_request(ctx->se->engine, req, ret); 1206 + 1207 + return 0; 1208 + } 1209 + 1210 + static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) 1211 + { 1212 + struct aead_request *req = container_of(areq, struct aead_request, base); 1213 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1214 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1215 + struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1216 + int ret; 1217 + 1218 + /* Allocate buffers required */ 1219 + rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, SE_AES_BUFLEN, 1220 + &rctx->inbuf.addr, GFP_KERNEL); 1221 + if (!rctx->inbuf.buf) 1222 + return -ENOMEM; 1223 + 1224 + rctx->inbuf.size = SE_AES_BUFLEN; 1225 + 1226 + rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, SE_AES_BUFLEN, 1227 + &rctx->outbuf.addr, GFP_KERNEL); 1228 + if (!rctx->outbuf.buf) { 1229 + ret = -ENOMEM; 1230 + goto outbuf_err; 1231 + } 1232 + 1233 + rctx->outbuf.size = SE_AES_BUFLEN; 1234 + 1235 + rctx->src_sg = req->src; 1236 + rctx->dst_sg = req->dst; 1237 + rctx->assoclen = req->assoclen; 1238 + rctx->authsize = crypto_aead_authsize(tfm); 1239 + 1240 + if (rctx->encrypt) 1241 + rctx->cryptlen = req->cryptlen; 1242 + else 1243 + rctx->cryptlen = req->cryptlen - ctx->authsize; 1244 + 1245 + memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE); 1246 + rctx->iv[3] = (1 << 24); 1247 + 1248 + /* If there is associated data perform GMAC operation */ 1249 + if (rctx->assoclen) { 1250 + ret = tegra_gcm_do_gmac(ctx, rctx); 1251 + if (ret) 1252 + goto out; 1253 + } 1254 + 1255 + /* GCM Encryption/Decryption operation */ 1256 + if (rctx->cryptlen) { 1257 + ret = tegra_gcm_do_crypt(ctx, rctx); 1258 + if (ret) 1259 + goto out; 1260 + } 1261 + 1262 + /* GCM_FINAL operation */ 1263 + ret = tegra_gcm_do_final(ctx, rctx); 1264 + if (ret) 1265 + goto out; 1266 + 1267 + if (!rctx->encrypt) 1268 + ret = tegra_gcm_do_verify(ctx->se, rctx); 1269 + 1270 + out: 1271 + dma_free_coherent(ctx->se->dev, SE_AES_BUFLEN, 1272 + rctx->outbuf.buf, rctx->outbuf.addr); 1273 + 1274 + outbuf_err: 1275 + dma_free_coherent(ctx->se->dev, SE_AES_BUFLEN, 1276 + rctx->inbuf.buf, rctx->inbuf.addr); 1277 + 1278 + /* Finalize the request if there are no errors */ 1279 + crypto_finalize_aead_request(ctx->se->engine, req, ret); 1280 + 1281 + return 0; 1282 + } 1283 + 1284 + static int tegra_aead_cra_init(struct crypto_aead *tfm) 1285 + { 1286 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1287 + struct aead_alg *alg = crypto_aead_alg(tfm); 1288 + struct tegra_se_alg *se_alg; 1289 + const char *algname; 1290 + int ret; 1291 + 1292 + algname = crypto_tfm_alg_name(&tfm->base); 1293 + 1294 + se_alg = container_of(alg, struct tegra_se_alg, alg.aead.base); 1295 + 1296 + crypto_aead_set_reqsize(tfm, sizeof(struct tegra_aead_reqctx)); 1297 + 1298 + ctx->se = se_alg->se_dev; 1299 + ctx->key_id = 0; 1300 + 1301 + ret = se_algname_to_algid(algname); 1302 + if (ret < 0) { 1303 + dev_err(ctx->se->dev, "invalid algorithm\n"); 1304 + return ret; 1305 + } 1306 + 1307 + ctx->alg = ret; 1308 + 1309 + return 0; 1310 + } 1311 + 1312 + static int tegra_ccm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1313 + { 1314 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1315 + 1316 + switch (authsize) { 1317 + case 4: 1318 + case 6: 1319 + case 8: 1320 + case 10: 1321 + case 12: 1322 + case 14: 1323 + case 16: 1324 + break; 1325 + default: 1326 + return -EINVAL; 1327 + } 1328 + 1329 + ctx->authsize = authsize; 1330 + 1331 + return 0; 1332 + } 1333 + 1334 + static int tegra_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) 1335 + { 1336 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1337 + int ret; 1338 + 1339 + ret = crypto_gcm_check_authsize(authsize); 1340 + if (ret) 1341 + return ret; 1342 + 1343 + ctx->authsize = authsize; 1344 + 1345 + return 0; 1346 + } 1347 + 1348 + static void tegra_aead_cra_exit(struct crypto_aead *tfm) 1349 + { 1350 + struct tegra_aead_ctx *ctx = crypto_tfm_ctx(&tfm->base); 1351 + 1352 + if (ctx->key_id) 1353 + tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1354 + } 1355 + 1356 + static int tegra_aead_crypt(struct aead_request *req, bool encrypt) 1357 + { 1358 + struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1359 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1360 + struct tegra_aead_reqctx *rctx = aead_request_ctx(req); 1361 + 1362 + rctx->encrypt = encrypt; 1363 + 1364 + return crypto_transfer_aead_request_to_engine(ctx->se->engine, req); 1365 + } 1366 + 1367 + static int tegra_aead_encrypt(struct aead_request *req) 1368 + { 1369 + return tegra_aead_crypt(req, true); 1370 + } 1371 + 1372 + static int tegra_aead_decrypt(struct aead_request *req) 1373 + { 1374 + return tegra_aead_crypt(req, false); 1375 + } 1376 + 1377 + static int tegra_aead_setkey(struct crypto_aead *tfm, 1378 + const u8 *key, u32 keylen) 1379 + { 1380 + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); 1381 + 1382 + if (aes_check_keylen(keylen)) { 1383 + dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1384 + return -EINVAL; 1385 + } 1386 + 1387 + return tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1388 + } 1389 + 1390 + static unsigned int tegra_cmac_prep_cmd(struct tegra_cmac_ctx *ctx, 1391 + struct tegra_cmac_reqctx *rctx) 1392 + { 1393 + unsigned int data_count, res_bits = 0, i = 0, j; 1394 + struct tegra_se *se = ctx->se; 1395 + u32 *cpuvaddr = se->cmdbuf->addr, op; 1396 + 1397 + data_count = (rctx->datbuf.size / AES_BLOCK_SIZE); 1398 + 1399 + op = SE_AES_OP_WRSTALL | SE_AES_OP_START | SE_AES_OP_LASTBUF; 1400 + 1401 + if (!(rctx->task & SHA_UPDATE)) { 1402 + op |= SE_AES_OP_FINAL; 1403 + res_bits = (rctx->datbuf.size % AES_BLOCK_SIZE) * 8; 1404 + } 1405 + 1406 + if (!res_bits && data_count) 1407 + data_count--; 1408 + 1409 + if (rctx->task & SHA_FIRST) { 1410 + rctx->task &= ~SHA_FIRST; 1411 + 1412 + cpuvaddr[i++] = host1x_opcode_setpayload(SE_CRYPTO_CTR_REG_COUNT); 1413 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->linear_ctr); 1414 + /* Load 0 IV */ 1415 + for (j = 0; j < SE_CRYPTO_CTR_REG_COUNT; j++) 1416 + cpuvaddr[i++] = 0; 1417 + } 1418 + 1419 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->last_blk, 1); 1420 + cpuvaddr[i++] = SE_LAST_BLOCK_VAL(data_count) | 1421 + SE_LAST_BLOCK_RES_BITS(res_bits); 1422 + 1423 + cpuvaddr[i++] = se_host1x_opcode_incr(se->hw->regs->config, 6); 1424 + cpuvaddr[i++] = rctx->config; 1425 + cpuvaddr[i++] = rctx->crypto_config; 1426 + 1427 + /* Source Address */ 1428 + cpuvaddr[i++] = lower_32_bits(rctx->datbuf.addr); 1429 + cpuvaddr[i++] = SE_ADDR_HI_MSB(upper_32_bits(rctx->datbuf.addr)) | 1430 + SE_ADDR_HI_SZ(rctx->datbuf.size); 1431 + cpuvaddr[i++] = 0; 1432 + cpuvaddr[i++] = SE_ADDR_HI_SZ(AES_BLOCK_SIZE); 1433 + 1434 + cpuvaddr[i++] = se_host1x_opcode_nonincr(se->hw->regs->op, 1); 1435 + cpuvaddr[i++] = op; 1436 + 1437 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 1438 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 1439 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 1440 + 1441 + return i; 1442 + } 1443 + 1444 + static void tegra_cmac_copy_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1445 + { 1446 + int i; 1447 + 1448 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1449 + rctx->result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1450 + } 1451 + 1452 + static void tegra_cmac_paste_result(struct tegra_se *se, struct tegra_cmac_reqctx *rctx) 1453 + { 1454 + int i; 1455 + 1456 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1457 + writel(rctx->result[i], 1458 + se->base + se->hw->regs->result + (i * 4)); 1459 + } 1460 + 1461 + static int tegra_cmac_do_update(struct ahash_request *req) 1462 + { 1463 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1464 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1465 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1466 + struct tegra_se *se = ctx->se; 1467 + unsigned int nblks, nresidue, cmdlen; 1468 + int ret; 1469 + 1470 + if (!req->nbytes) 1471 + return 0; 1472 + 1473 + nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size; 1474 + nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size; 1475 + 1476 + /* 1477 + * Reserve the last block as residue during final() to process. 1478 + */ 1479 + if (!nresidue && nblks) { 1480 + nresidue += rctx->blk_size; 1481 + nblks--; 1482 + } 1483 + 1484 + rctx->src_sg = req->src; 1485 + rctx->datbuf.size = (req->nbytes + rctx->residue.size) - nresidue; 1486 + rctx->total_len += rctx->datbuf.size; 1487 + rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1488 + rctx->crypto_config = SE_AES_KEY_INDEX(ctx->key_id); 1489 + 1490 + /* 1491 + * Keep one block and residue bytes in residue and 1492 + * return. The bytes will be processed in final() 1493 + */ 1494 + if (nblks < 1) { 1495 + scatterwalk_map_and_copy(rctx->residue.buf + rctx->residue.size, 1496 + rctx->src_sg, 0, req->nbytes, 0); 1497 + 1498 + rctx->residue.size += req->nbytes; 1499 + return 0; 1500 + } 1501 + 1502 + /* Copy the previous residue first */ 1503 + if (rctx->residue.size) 1504 + memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1505 + 1506 + scatterwalk_map_and_copy(rctx->datbuf.buf + rctx->residue.size, 1507 + rctx->src_sg, 0, req->nbytes - nresidue, 0); 1508 + 1509 + scatterwalk_map_and_copy(rctx->residue.buf, rctx->src_sg, 1510 + req->nbytes - nresidue, nresidue, 0); 1511 + 1512 + /* Update residue value with the residue after current block */ 1513 + rctx->residue.size = nresidue; 1514 + 1515 + /* 1516 + * If this is not the first 'update' call, paste the previous copied 1517 + * intermediate results to the registers so that it gets picked up. 1518 + * This is to support the import/export functionality. 1519 + */ 1520 + if (!(rctx->task & SHA_FIRST)) 1521 + tegra_cmac_paste_result(ctx->se, rctx); 1522 + 1523 + cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1524 + 1525 + ret = tegra_se_host1x_submit(se, cmdlen); 1526 + /* 1527 + * If this is not the final update, copy the intermediate results 1528 + * from the registers so that it can be used in the next 'update' 1529 + * call. This is to support the import/export functionality. 1530 + */ 1531 + if (!(rctx->task & SHA_FINAL)) 1532 + tegra_cmac_copy_result(ctx->se, rctx); 1533 + 1534 + return ret; 1535 + } 1536 + 1537 + static int tegra_cmac_do_final(struct ahash_request *req) 1538 + { 1539 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1540 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1541 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1542 + struct tegra_se *se = ctx->se; 1543 + u32 *result = (u32 *)req->result; 1544 + int ret = 0, i, cmdlen; 1545 + 1546 + if (!req->nbytes && !rctx->total_len && ctx->fallback_tfm) { 1547 + return crypto_shash_tfm_digest(ctx->fallback_tfm, 1548 + rctx->datbuf.buf, 0, req->result); 1549 + } 1550 + 1551 + memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 1552 + rctx->datbuf.size = rctx->residue.size; 1553 + rctx->total_len += rctx->residue.size; 1554 + rctx->config = tegra234_aes_cfg(SE_ALG_CMAC, 0); 1555 + 1556 + /* Prepare command and submit */ 1557 + cmdlen = tegra_cmac_prep_cmd(ctx, rctx); 1558 + ret = tegra_se_host1x_submit(se, cmdlen); 1559 + if (ret) 1560 + goto out; 1561 + 1562 + /* Read and clear Result register */ 1563 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1564 + result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 1565 + 1566 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1567 + writel(0, se->base + se->hw->regs->result + (i * 4)); 1568 + 1569 + out: 1570 + dma_free_coherent(se->dev, SE_SHA_BUFLEN, 1571 + rctx->datbuf.buf, rctx->datbuf.addr); 1572 + dma_free_coherent(se->dev, crypto_ahash_blocksize(tfm) * 2, 1573 + rctx->residue.buf, rctx->residue.addr); 1574 + return ret; 1575 + } 1576 + 1577 + static int tegra_cmac_do_one_req(struct crypto_engine *engine, void *areq) 1578 + { 1579 + struct ahash_request *req = ahash_request_cast(areq); 1580 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1581 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1582 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1583 + struct tegra_se *se = ctx->se; 1584 + int ret; 1585 + 1586 + if (rctx->task & SHA_UPDATE) { 1587 + ret = tegra_cmac_do_update(req); 1588 + rctx->task &= ~SHA_UPDATE; 1589 + } 1590 + 1591 + if (rctx->task & SHA_FINAL) { 1592 + ret = tegra_cmac_do_final(req); 1593 + rctx->task &= ~SHA_FINAL; 1594 + } 1595 + 1596 + crypto_finalize_hash_request(se->engine, req, ret); 1597 + 1598 + return 0; 1599 + } 1600 + 1601 + static void tegra_cmac_init_fallback(struct crypto_ahash *tfm, struct tegra_cmac_ctx *ctx, 1602 + const char *algname) 1603 + { 1604 + unsigned int statesize; 1605 + 1606 + ctx->fallback_tfm = crypto_alloc_shash(algname, 0, CRYPTO_ALG_NEED_FALLBACK); 1607 + 1608 + if (IS_ERR(ctx->fallback_tfm)) { 1609 + dev_warn(ctx->se->dev, "failed to allocate fallback for %s\n", algname); 1610 + ctx->fallback_tfm = NULL; 1611 + return; 1612 + } 1613 + 1614 + statesize = crypto_shash_statesize(ctx->fallback_tfm); 1615 + 1616 + if (statesize > sizeof(struct tegra_cmac_reqctx)) 1617 + crypto_ahash_set_statesize(tfm, statesize); 1618 + } 1619 + 1620 + static int tegra_cmac_cra_init(struct crypto_tfm *tfm) 1621 + { 1622 + struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1623 + struct crypto_ahash *ahash_tfm = __crypto_ahash_cast(tfm); 1624 + struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); 1625 + struct tegra_se_alg *se_alg; 1626 + const char *algname; 1627 + int ret; 1628 + 1629 + algname = crypto_tfm_alg_name(tfm); 1630 + se_alg = container_of(alg, struct tegra_se_alg, alg.ahash.base); 1631 + 1632 + crypto_ahash_set_reqsize(ahash_tfm, sizeof(struct tegra_cmac_reqctx)); 1633 + 1634 + ctx->se = se_alg->se_dev; 1635 + ctx->key_id = 0; 1636 + 1637 + ret = se_algname_to_algid(algname); 1638 + if (ret < 0) { 1639 + dev_err(ctx->se->dev, "invalid algorithm\n"); 1640 + return ret; 1641 + } 1642 + 1643 + ctx->alg = ret; 1644 + 1645 + tegra_cmac_init_fallback(ahash_tfm, ctx, algname); 1646 + 1647 + return 0; 1648 + } 1649 + 1650 + static void tegra_cmac_cra_exit(struct crypto_tfm *tfm) 1651 + { 1652 + struct tegra_cmac_ctx *ctx = crypto_tfm_ctx(tfm); 1653 + 1654 + if (ctx->fallback_tfm) 1655 + crypto_free_shash(ctx->fallback_tfm); 1656 + 1657 + tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 1658 + } 1659 + 1660 + static int tegra_cmac_init(struct ahash_request *req) 1661 + { 1662 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1663 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1664 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1665 + struct tegra_se *se = ctx->se; 1666 + int i; 1667 + 1668 + rctx->total_len = 0; 1669 + rctx->datbuf.size = 0; 1670 + rctx->residue.size = 0; 1671 + rctx->task = SHA_FIRST; 1672 + rctx->blk_size = crypto_ahash_blocksize(tfm); 1673 + 1674 + rctx->residue.buf = dma_alloc_coherent(se->dev, rctx->blk_size * 2, 1675 + &rctx->residue.addr, GFP_KERNEL); 1676 + if (!rctx->residue.buf) 1677 + goto resbuf_fail; 1678 + 1679 + rctx->residue.size = 0; 1680 + 1681 + rctx->datbuf.buf = dma_alloc_coherent(se->dev, SE_SHA_BUFLEN, 1682 + &rctx->datbuf.addr, GFP_KERNEL); 1683 + if (!rctx->datbuf.buf) 1684 + goto datbuf_fail; 1685 + 1686 + rctx->datbuf.size = 0; 1687 + 1688 + /* Clear any previous result */ 1689 + for (i = 0; i < CMAC_RESULT_REG_COUNT; i++) 1690 + writel(0, se->base + se->hw->regs->result + (i * 4)); 1691 + 1692 + return 0; 1693 + 1694 + datbuf_fail: 1695 + dma_free_coherent(se->dev, rctx->blk_size, rctx->residue.buf, 1696 + rctx->residue.addr); 1697 + resbuf_fail: 1698 + return -ENOMEM; 1699 + } 1700 + 1701 + static int tegra_cmac_setkey(struct crypto_ahash *tfm, const u8 *key, 1702 + unsigned int keylen) 1703 + { 1704 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1705 + 1706 + if (aes_check_keylen(keylen)) { 1707 + dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 1708 + return -EINVAL; 1709 + } 1710 + 1711 + if (ctx->fallback_tfm) 1712 + crypto_shash_setkey(ctx->fallback_tfm, key, keylen); 1713 + 1714 + return tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 1715 + } 1716 + 1717 + static int tegra_cmac_update(struct ahash_request *req) 1718 + { 1719 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1720 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1721 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1722 + 1723 + rctx->task |= SHA_UPDATE; 1724 + 1725 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1726 + } 1727 + 1728 + static int tegra_cmac_final(struct ahash_request *req) 1729 + { 1730 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1731 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1732 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1733 + 1734 + rctx->task |= SHA_FINAL; 1735 + 1736 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1737 + } 1738 + 1739 + static int tegra_cmac_finup(struct ahash_request *req) 1740 + { 1741 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1742 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1743 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1744 + 1745 + rctx->task |= SHA_UPDATE | SHA_FINAL; 1746 + 1747 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1748 + } 1749 + 1750 + static int tegra_cmac_digest(struct ahash_request *req) 1751 + { 1752 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 1753 + struct tegra_cmac_ctx *ctx = crypto_ahash_ctx(tfm); 1754 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1755 + 1756 + tegra_cmac_init(req); 1757 + rctx->task |= SHA_UPDATE | SHA_FINAL; 1758 + 1759 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 1760 + } 1761 + 1762 + static int tegra_cmac_export(struct ahash_request *req, void *out) 1763 + { 1764 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1765 + 1766 + memcpy(out, rctx, sizeof(*rctx)); 1767 + 1768 + return 0; 1769 + } 1770 + 1771 + static int tegra_cmac_import(struct ahash_request *req, const void *in) 1772 + { 1773 + struct tegra_cmac_reqctx *rctx = ahash_request_ctx(req); 1774 + 1775 + memcpy(rctx, in, sizeof(*rctx)); 1776 + 1777 + return 0; 1778 + } 1779 + 1780 + static struct tegra_se_alg tegra_aead_algs[] = { 1781 + { 1782 + .alg.aead.op.do_one_request = tegra_gcm_do_one_req, 1783 + .alg.aead.base = { 1784 + .init = tegra_aead_cra_init, 1785 + .exit = tegra_aead_cra_exit, 1786 + .setkey = tegra_aead_setkey, 1787 + .setauthsize = tegra_gcm_setauthsize, 1788 + .encrypt = tegra_aead_encrypt, 1789 + .decrypt = tegra_aead_decrypt, 1790 + .maxauthsize = AES_BLOCK_SIZE, 1791 + .ivsize = GCM_AES_IV_SIZE, 1792 + .base = { 1793 + .cra_name = "gcm(aes)", 1794 + .cra_driver_name = "gcm-aes-tegra", 1795 + .cra_priority = 500, 1796 + .cra_blocksize = 1, 1797 + .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1798 + .cra_alignmask = 0xf, 1799 + .cra_module = THIS_MODULE, 1800 + }, 1801 + } 1802 + }, { 1803 + .alg.aead.op.do_one_request = tegra_ccm_do_one_req, 1804 + .alg.aead.base = { 1805 + .init = tegra_aead_cra_init, 1806 + .exit = tegra_aead_cra_exit, 1807 + .setkey = tegra_aead_setkey, 1808 + .setauthsize = tegra_ccm_setauthsize, 1809 + .encrypt = tegra_aead_encrypt, 1810 + .decrypt = tegra_aead_decrypt, 1811 + .maxauthsize = AES_BLOCK_SIZE, 1812 + .ivsize = AES_BLOCK_SIZE, 1813 + .chunksize = AES_BLOCK_SIZE, 1814 + .base = { 1815 + .cra_name = "ccm(aes)", 1816 + .cra_driver_name = "ccm-aes-tegra", 1817 + .cra_priority = 500, 1818 + .cra_blocksize = 1, 1819 + .cra_ctxsize = sizeof(struct tegra_aead_ctx), 1820 + .cra_alignmask = 0xf, 1821 + .cra_module = THIS_MODULE, 1822 + }, 1823 + } 1824 + } 1825 + }; 1826 + 1827 + static struct tegra_se_alg tegra_cmac_algs[] = { 1828 + { 1829 + .alg.ahash.op.do_one_request = tegra_cmac_do_one_req, 1830 + .alg.ahash.base = { 1831 + .init = tegra_cmac_init, 1832 + .setkey = tegra_cmac_setkey, 1833 + .update = tegra_cmac_update, 1834 + .final = tegra_cmac_final, 1835 + .finup = tegra_cmac_finup, 1836 + .digest = tegra_cmac_digest, 1837 + .export = tegra_cmac_export, 1838 + .import = tegra_cmac_import, 1839 + .halg.digestsize = AES_BLOCK_SIZE, 1840 + .halg.statesize = sizeof(struct tegra_cmac_reqctx), 1841 + .halg.base = { 1842 + .cra_name = "cmac(aes)", 1843 + .cra_driver_name = "tegra-se-cmac", 1844 + .cra_priority = 300, 1845 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 1846 + .cra_blocksize = AES_BLOCK_SIZE, 1847 + .cra_ctxsize = sizeof(struct tegra_cmac_ctx), 1848 + .cra_alignmask = 0, 1849 + .cra_module = THIS_MODULE, 1850 + .cra_init = tegra_cmac_cra_init, 1851 + .cra_exit = tegra_cmac_cra_exit, 1852 + } 1853 + } 1854 + } 1855 + }; 1856 + 1857 + int tegra_init_aes(struct tegra_se *se) 1858 + { 1859 + struct aead_engine_alg *aead_alg; 1860 + struct ahash_engine_alg *ahash_alg; 1861 + struct skcipher_engine_alg *sk_alg; 1862 + int i, ret; 1863 + 1864 + se->manifest = tegra_aes_kac_manifest; 1865 + 1866 + for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) { 1867 + sk_alg = &tegra_aes_algs[i].alg.skcipher; 1868 + tegra_aes_algs[i].se_dev = se; 1869 + 1870 + ret = crypto_engine_register_skcipher(sk_alg); 1871 + if (ret) { 1872 + dev_err(se->dev, "failed to register %s\n", 1873 + sk_alg->base.base.cra_name); 1874 + goto err_aes; 1875 + } 1876 + } 1877 + 1878 + for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) { 1879 + aead_alg = &tegra_aead_algs[i].alg.aead; 1880 + tegra_aead_algs[i].se_dev = se; 1881 + 1882 + ret = crypto_engine_register_aead(aead_alg); 1883 + if (ret) { 1884 + dev_err(se->dev, "failed to register %s\n", 1885 + aead_alg->base.base.cra_name); 1886 + goto err_aead; 1887 + } 1888 + } 1889 + 1890 + for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) { 1891 + ahash_alg = &tegra_cmac_algs[i].alg.ahash; 1892 + tegra_cmac_algs[i].se_dev = se; 1893 + 1894 + ret = crypto_engine_register_ahash(ahash_alg); 1895 + if (ret) { 1896 + dev_err(se->dev, "failed to register %s\n", 1897 + ahash_alg->base.halg.base.cra_name); 1898 + goto err_cmac; 1899 + } 1900 + } 1901 + 1902 + return 0; 1903 + 1904 + err_cmac: 1905 + while (i--) 1906 + crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 1907 + 1908 + i = ARRAY_SIZE(tegra_aead_algs); 1909 + err_aead: 1910 + while (i--) 1911 + crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 1912 + 1913 + i = ARRAY_SIZE(tegra_aes_algs); 1914 + err_aes: 1915 + while (i--) 1916 + crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 1917 + 1918 + return ret; 1919 + } 1920 + 1921 + void tegra_deinit_aes(struct tegra_se *se) 1922 + { 1923 + int i; 1924 + 1925 + for (i = 0; i < ARRAY_SIZE(tegra_aes_algs); i++) 1926 + crypto_engine_unregister_skcipher(&tegra_aes_algs[i].alg.skcipher); 1927 + 1928 + for (i = 0; i < ARRAY_SIZE(tegra_aead_algs); i++) 1929 + crypto_engine_unregister_aead(&tegra_aead_algs[i].alg.aead); 1930 + 1931 + for (i = 0; i < ARRAY_SIZE(tegra_cmac_algs); i++) 1932 + crypto_engine_unregister_ahash(&tegra_cmac_algs[i].alg.ahash); 1933 + }

+1060

drivers/crypto/tegra/tegra-se-hash.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + /* 4 + * Crypto driver to handle HASH algorithms using NVIDIA Security Engine. 5 + */ 6 + 7 + #include <linux/clk.h> 8 + #include <linux/dma-mapping.h> 9 + #include <linux/module.h> 10 + #include <linux/of_device.h> 11 + #include <linux/platform_device.h> 12 + 13 + #include <crypto/aes.h> 14 + #include <crypto/sha1.h> 15 + #include <crypto/sha2.h> 16 + #include <crypto/sha3.h> 17 + #include <crypto/internal/des.h> 18 + #include <crypto/engine.h> 19 + #include <crypto/scatterwalk.h> 20 + #include <crypto/internal/hash.h> 21 + 22 + #include "tegra-se.h" 23 + 24 + struct tegra_sha_ctx { 25 + struct tegra_se *se; 26 + unsigned int alg; 27 + bool fallback; 28 + u32 key_id; 29 + struct crypto_ahash *fallback_tfm; 30 + }; 31 + 32 + struct tegra_sha_reqctx { 33 + struct scatterlist *src_sg; 34 + struct tegra_se_datbuf datbuf; 35 + struct tegra_se_datbuf residue; 36 + struct tegra_se_datbuf digest; 37 + unsigned int alg; 38 + unsigned int config; 39 + unsigned int total_len; 40 + unsigned int blk_size; 41 + unsigned int task; 42 + u32 key_id; 43 + u32 result[HASH_RESULT_REG_COUNT]; 44 + struct ahash_request fallback_req; 45 + }; 46 + 47 + static int tegra_sha_get_config(u32 alg) 48 + { 49 + int cfg = 0; 50 + 51 + switch (alg) { 52 + case SE_ALG_SHA1: 53 + cfg |= SE_SHA_ENC_ALG_SHA; 54 + cfg |= SE_SHA_ENC_MODE_SHA1; 55 + break; 56 + 57 + case SE_ALG_HMAC_SHA224: 58 + cfg |= SE_SHA_ENC_ALG_HMAC; 59 + fallthrough; 60 + case SE_ALG_SHA224: 61 + cfg |= SE_SHA_ENC_ALG_SHA; 62 + cfg |= SE_SHA_ENC_MODE_SHA224; 63 + break; 64 + 65 + case SE_ALG_HMAC_SHA256: 66 + cfg |= SE_SHA_ENC_ALG_HMAC; 67 + fallthrough; 68 + case SE_ALG_SHA256: 69 + cfg |= SE_SHA_ENC_ALG_SHA; 70 + cfg |= SE_SHA_ENC_MODE_SHA256; 71 + break; 72 + 73 + case SE_ALG_HMAC_SHA384: 74 + cfg |= SE_SHA_ENC_ALG_HMAC; 75 + fallthrough; 76 + case SE_ALG_SHA384: 77 + cfg |= SE_SHA_ENC_ALG_SHA; 78 + cfg |= SE_SHA_ENC_MODE_SHA384; 79 + break; 80 + 81 + case SE_ALG_HMAC_SHA512: 82 + cfg |= SE_SHA_ENC_ALG_HMAC; 83 + fallthrough; 84 + case SE_ALG_SHA512: 85 + cfg |= SE_SHA_ENC_ALG_SHA; 86 + cfg |= SE_SHA_ENC_MODE_SHA512; 87 + break; 88 + 89 + case SE_ALG_SHA3_224: 90 + cfg |= SE_SHA_ENC_ALG_SHA; 91 + cfg |= SE_SHA_ENC_MODE_SHA3_224; 92 + break; 93 + case SE_ALG_SHA3_256: 94 + cfg |= SE_SHA_ENC_ALG_SHA; 95 + cfg |= SE_SHA_ENC_MODE_SHA3_256; 96 + break; 97 + case SE_ALG_SHA3_384: 98 + cfg |= SE_SHA_ENC_ALG_SHA; 99 + cfg |= SE_SHA_ENC_MODE_SHA3_384; 100 + break; 101 + case SE_ALG_SHA3_512: 102 + cfg |= SE_SHA_ENC_ALG_SHA; 103 + cfg |= SE_SHA_ENC_MODE_SHA3_512; 104 + break; 105 + default: 106 + return -EINVAL; 107 + } 108 + 109 + return cfg; 110 + } 111 + 112 + static int tegra_sha_fallback_init(struct ahash_request *req) 113 + { 114 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 115 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 116 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 117 + 118 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 119 + rctx->fallback_req.base.flags = req->base.flags & 120 + CRYPTO_TFM_REQ_MAY_SLEEP; 121 + 122 + return crypto_ahash_init(&rctx->fallback_req); 123 + } 124 + 125 + static int tegra_sha_fallback_update(struct ahash_request *req) 126 + { 127 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 128 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 129 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 130 + 131 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 132 + rctx->fallback_req.base.flags = req->base.flags & 133 + CRYPTO_TFM_REQ_MAY_SLEEP; 134 + rctx->fallback_req.nbytes = req->nbytes; 135 + rctx->fallback_req.src = req->src; 136 + 137 + return crypto_ahash_update(&rctx->fallback_req); 138 + } 139 + 140 + static int tegra_sha_fallback_final(struct ahash_request *req) 141 + { 142 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 143 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 144 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 145 + 146 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 147 + rctx->fallback_req.base.flags = req->base.flags & 148 + CRYPTO_TFM_REQ_MAY_SLEEP; 149 + rctx->fallback_req.result = req->result; 150 + 151 + return crypto_ahash_final(&rctx->fallback_req); 152 + } 153 + 154 + static int tegra_sha_fallback_finup(struct ahash_request *req) 155 + { 156 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 157 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 158 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 159 + 160 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 161 + rctx->fallback_req.base.flags = req->base.flags & 162 + CRYPTO_TFM_REQ_MAY_SLEEP; 163 + 164 + rctx->fallback_req.nbytes = req->nbytes; 165 + rctx->fallback_req.src = req->src; 166 + rctx->fallback_req.result = req->result; 167 + 168 + return crypto_ahash_finup(&rctx->fallback_req); 169 + } 170 + 171 + static int tegra_sha_fallback_digest(struct ahash_request *req) 172 + { 173 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 174 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 175 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 176 + 177 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 178 + rctx->fallback_req.base.flags = req->base.flags & 179 + CRYPTO_TFM_REQ_MAY_SLEEP; 180 + 181 + rctx->fallback_req.nbytes = req->nbytes; 182 + rctx->fallback_req.src = req->src; 183 + rctx->fallback_req.result = req->result; 184 + 185 + return crypto_ahash_digest(&rctx->fallback_req); 186 + } 187 + 188 + static int tegra_sha_fallback_import(struct ahash_request *req, const void *in) 189 + { 190 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 191 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 192 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 193 + 194 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 195 + rctx->fallback_req.base.flags = req->base.flags & 196 + CRYPTO_TFM_REQ_MAY_SLEEP; 197 + 198 + return crypto_ahash_import(&rctx->fallback_req, in); 199 + } 200 + 201 + static int tegra_sha_fallback_export(struct ahash_request *req, void *out) 202 + { 203 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 204 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 205 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 206 + 207 + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); 208 + rctx->fallback_req.base.flags = req->base.flags & 209 + CRYPTO_TFM_REQ_MAY_SLEEP; 210 + 211 + return crypto_ahash_export(&rctx->fallback_req, out); 212 + } 213 + 214 + static int tegra_sha_prep_cmd(struct tegra_se *se, u32 *cpuvaddr, 215 + struct tegra_sha_reqctx *rctx) 216 + { 217 + u64 msg_len, msg_left; 218 + int i = 0; 219 + 220 + msg_len = rctx->total_len * 8; 221 + msg_left = rctx->datbuf.size * 8; 222 + 223 + /* 224 + * If IN_ADDR_HI_0.SZ > SHA_MSG_LEFT_[0-3] to the HASH engine, 225 + * HW treats it as the last buffer and process the data. 226 + * Therefore, add an extra byte to msg_left if it is not the 227 + * last buffer. 228 + */ 229 + if (rctx->task & SHA_UPDATE) { 230 + msg_left += 8; 231 + msg_len += 8; 232 + } 233 + 234 + cpuvaddr[i++] = host1x_opcode_setpayload(8); 235 + cpuvaddr[i++] = se_host1x_opcode_incr_w(SE_SHA_MSG_LENGTH); 236 + cpuvaddr[i++] = lower_32_bits(msg_len); 237 + cpuvaddr[i++] = upper_32_bits(msg_len); 238 + cpuvaddr[i++] = 0; 239 + cpuvaddr[i++] = 0; 240 + cpuvaddr[i++] = lower_32_bits(msg_left); 241 + cpuvaddr[i++] = upper_32_bits(msg_left); 242 + cpuvaddr[i++] = 0; 243 + cpuvaddr[i++] = 0; 244 + cpuvaddr[i++] = host1x_opcode_setpayload(6); 245 + cpuvaddr[i++] = se_host1x_opcode_incr_w(SE_SHA_CFG); 246 + cpuvaddr[i++] = rctx->config; 247 + 248 + if (rctx->task & SHA_FIRST) { 249 + cpuvaddr[i++] = SE_SHA_TASK_HASH_INIT; 250 + rctx->task &= ~SHA_FIRST; 251 + } else { 252 + cpuvaddr[i++] = 0; 253 + } 254 + 255 + cpuvaddr[i++] = rctx->datbuf.addr; 256 + cpuvaddr[i++] = (u32)(SE_ADDR_HI_MSB(upper_32_bits(rctx->datbuf.addr)) | 257 + SE_ADDR_HI_SZ(rctx->datbuf.size)); 258 + cpuvaddr[i++] = rctx->digest.addr; 259 + cpuvaddr[i++] = (u32)(SE_ADDR_HI_MSB(upper_32_bits(rctx->digest.addr)) | 260 + SE_ADDR_HI_SZ(rctx->digest.size)); 261 + if (rctx->key_id) { 262 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 263 + cpuvaddr[i++] = se_host1x_opcode_nonincr_w(SE_SHA_CRYPTO_CFG); 264 + cpuvaddr[i++] = SE_AES_KEY_INDEX(rctx->key_id); 265 + } 266 + 267 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 268 + cpuvaddr[i++] = se_host1x_opcode_nonincr_w(SE_SHA_OPERATION); 269 + cpuvaddr[i++] = SE_SHA_OP_WRSTALL | 270 + SE_SHA_OP_START | 271 + SE_SHA_OP_LASTBUF; 272 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 273 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 274 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 275 + 276 + dev_dbg(se->dev, "msg len %llu msg left %llu cfg %#x", 277 + msg_len, msg_left, rctx->config); 278 + 279 + return i; 280 + } 281 + 282 + static void tegra_sha_copy_hash_result(struct tegra_se *se, struct tegra_sha_reqctx *rctx) 283 + { 284 + int i; 285 + 286 + for (i = 0; i < HASH_RESULT_REG_COUNT; i++) 287 + rctx->result[i] = readl(se->base + se->hw->regs->result + (i * 4)); 288 + } 289 + 290 + static void tegra_sha_paste_hash_result(struct tegra_se *se, struct tegra_sha_reqctx *rctx) 291 + { 292 + int i; 293 + 294 + for (i = 0; i < HASH_RESULT_REG_COUNT; i++) 295 + writel(rctx->result[i], 296 + se->base + se->hw->regs->result + (i * 4)); 297 + } 298 + 299 + static int tegra_sha_do_update(struct ahash_request *req) 300 + { 301 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); 302 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 303 + unsigned int nblks, nresidue, size, ret; 304 + u32 *cpuvaddr = ctx->se->cmdbuf->addr; 305 + 306 + nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size; 307 + nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size; 308 + 309 + /* 310 + * If nbytes is a multiple of block size and there is no residue, 311 + * then reserve the last block as residue during final() to process. 312 + */ 313 + if (!nresidue && nblks) { 314 + nresidue = rctx->blk_size; 315 + nblks--; 316 + } 317 + 318 + rctx->src_sg = req->src; 319 + rctx->datbuf.size = (req->nbytes + rctx->residue.size) - nresidue; 320 + rctx->total_len += rctx->datbuf.size; 321 + 322 + /* 323 + * If nbytes are less than a block size, copy it residue and 324 + * return. The bytes will be processed in final() 325 + */ 326 + if (nblks < 1) { 327 + scatterwalk_map_and_copy(rctx->residue.buf + rctx->residue.size, 328 + rctx->src_sg, 0, req->nbytes, 0); 329 + 330 + rctx->residue.size += req->nbytes; 331 + return 0; 332 + } 333 + 334 + /* Copy the previous residue first */ 335 + if (rctx->residue.size) 336 + memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 337 + 338 + scatterwalk_map_and_copy(rctx->datbuf.buf + rctx->residue.size, 339 + rctx->src_sg, 0, req->nbytes - nresidue, 0); 340 + 341 + scatterwalk_map_and_copy(rctx->residue.buf, rctx->src_sg, 342 + req->nbytes - nresidue, nresidue, 0); 343 + 344 + /* Update residue value with the residue after current block */ 345 + rctx->residue.size = nresidue; 346 + 347 + rctx->config = tegra_sha_get_config(rctx->alg) | 348 + SE_SHA_DST_HASH_REG; 349 + 350 + /* 351 + * If this is not the first 'update' call, paste the previous copied 352 + * intermediate results to the registers so that it gets picked up. 353 + * This is to support the import/export functionality. 354 + */ 355 + if (!(rctx->task & SHA_FIRST)) 356 + tegra_sha_paste_hash_result(ctx->se, rctx); 357 + 358 + size = tegra_sha_prep_cmd(ctx->se, cpuvaddr, rctx); 359 + 360 + ret = tegra_se_host1x_submit(ctx->se, size); 361 + 362 + /* 363 + * If this is not the final update, copy the intermediate results 364 + * from the registers so that it can be used in the next 'update' 365 + * call. This is to support the import/export functionality. 366 + */ 367 + if (!(rctx->task & SHA_FINAL)) 368 + tegra_sha_copy_hash_result(ctx->se, rctx); 369 + 370 + return ret; 371 + } 372 + 373 + static int tegra_sha_do_final(struct ahash_request *req) 374 + { 375 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 376 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 377 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 378 + struct tegra_se *se = ctx->se; 379 + u32 *cpuvaddr = se->cmdbuf->addr; 380 + int size, ret = 0; 381 + 382 + memcpy(rctx->datbuf.buf, rctx->residue.buf, rctx->residue.size); 383 + rctx->datbuf.size = rctx->residue.size; 384 + rctx->total_len += rctx->residue.size; 385 + 386 + rctx->config = tegra_sha_get_config(rctx->alg) | 387 + SE_SHA_DST_MEMORY; 388 + 389 + size = tegra_sha_prep_cmd(se, cpuvaddr, rctx); 390 + 391 + ret = tegra_se_host1x_submit(se, size); 392 + if (ret) 393 + goto out; 394 + 395 + /* Copy result */ 396 + memcpy(req->result, rctx->digest.buf, rctx->digest.size); 397 + 398 + out: 399 + dma_free_coherent(se->dev, SE_SHA_BUFLEN, 400 + rctx->datbuf.buf, rctx->datbuf.addr); 401 + dma_free_coherent(se->dev, crypto_ahash_blocksize(tfm), 402 + rctx->residue.buf, rctx->residue.addr); 403 + dma_free_coherent(se->dev, rctx->digest.size, rctx->digest.buf, 404 + rctx->digest.addr); 405 + return ret; 406 + } 407 + 408 + static int tegra_sha_do_one_req(struct crypto_engine *engine, void *areq) 409 + { 410 + struct ahash_request *req = ahash_request_cast(areq); 411 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 412 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 413 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 414 + struct tegra_se *se = ctx->se; 415 + int ret = 0; 416 + 417 + if (rctx->task & SHA_UPDATE) { 418 + ret = tegra_sha_do_update(req); 419 + rctx->task &= ~SHA_UPDATE; 420 + } 421 + 422 + if (rctx->task & SHA_FINAL) { 423 + ret = tegra_sha_do_final(req); 424 + rctx->task &= ~SHA_FINAL; 425 + } 426 + 427 + crypto_finalize_hash_request(se->engine, req, ret); 428 + 429 + return 0; 430 + } 431 + 432 + static void tegra_sha_init_fallback(struct crypto_ahash *tfm, struct tegra_sha_ctx *ctx, 433 + const char *algname) 434 + { 435 + unsigned int statesize; 436 + 437 + ctx->fallback_tfm = crypto_alloc_ahash(algname, 0, CRYPTO_ALG_ASYNC | 438 + CRYPTO_ALG_NEED_FALLBACK); 439 + 440 + if (IS_ERR(ctx->fallback_tfm)) { 441 + dev_warn(ctx->se->dev, 442 + "failed to allocate fallback for %s\n", algname); 443 + ctx->fallback_tfm = NULL; 444 + return; 445 + } 446 + 447 + statesize = crypto_ahash_statesize(ctx->fallback_tfm); 448 + 449 + if (statesize > sizeof(struct tegra_sha_reqctx)) 450 + crypto_ahash_set_statesize(tfm, statesize); 451 + 452 + /* Update reqsize if fallback is added */ 453 + crypto_ahash_set_reqsize(tfm, 454 + sizeof(struct tegra_sha_reqctx) + 455 + crypto_ahash_reqsize(ctx->fallback_tfm)); 456 + } 457 + 458 + static int tegra_sha_cra_init(struct crypto_tfm *tfm) 459 + { 460 + struct tegra_sha_ctx *ctx = crypto_tfm_ctx(tfm); 461 + struct crypto_ahash *ahash_tfm = __crypto_ahash_cast(tfm); 462 + struct ahash_alg *alg = __crypto_ahash_alg(tfm->__crt_alg); 463 + struct tegra_se_alg *se_alg; 464 + const char *algname; 465 + int ret; 466 + 467 + algname = crypto_tfm_alg_name(tfm); 468 + se_alg = container_of(alg, struct tegra_se_alg, alg.ahash.base); 469 + 470 + crypto_ahash_set_reqsize(ahash_tfm, sizeof(struct tegra_sha_reqctx)); 471 + 472 + ctx->se = se_alg->se_dev; 473 + ctx->fallback = false; 474 + ctx->key_id = 0; 475 + 476 + ret = se_algname_to_algid(algname); 477 + if (ret < 0) { 478 + dev_err(ctx->se->dev, "invalid algorithm\n"); 479 + return ret; 480 + } 481 + 482 + if (se_alg->alg_base) 483 + tegra_sha_init_fallback(ahash_tfm, ctx, algname); 484 + 485 + ctx->alg = ret; 486 + 487 + return 0; 488 + } 489 + 490 + static void tegra_sha_cra_exit(struct crypto_tfm *tfm) 491 + { 492 + struct tegra_sha_ctx *ctx = crypto_tfm_ctx(tfm); 493 + 494 + if (ctx->fallback_tfm) 495 + crypto_free_ahash(ctx->fallback_tfm); 496 + 497 + tegra_key_invalidate(ctx->se, ctx->key_id, ctx->alg); 498 + } 499 + 500 + static int tegra_sha_init(struct ahash_request *req) 501 + { 502 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 503 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 504 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 505 + struct tegra_se *se = ctx->se; 506 + 507 + if (ctx->fallback) 508 + return tegra_sha_fallback_init(req); 509 + 510 + rctx->total_len = 0; 511 + rctx->datbuf.size = 0; 512 + rctx->residue.size = 0; 513 + rctx->key_id = ctx->key_id; 514 + rctx->task = SHA_FIRST; 515 + rctx->alg = ctx->alg; 516 + rctx->blk_size = crypto_ahash_blocksize(tfm); 517 + rctx->digest.size = crypto_ahash_digestsize(tfm); 518 + 519 + rctx->digest.buf = dma_alloc_coherent(se->dev, rctx->digest.size, 520 + &rctx->digest.addr, GFP_KERNEL); 521 + if (!rctx->digest.buf) 522 + goto digbuf_fail; 523 + 524 + rctx->residue.buf = dma_alloc_coherent(se->dev, rctx->blk_size, 525 + &rctx->residue.addr, GFP_KERNEL); 526 + if (!rctx->residue.buf) 527 + goto resbuf_fail; 528 + 529 + rctx->datbuf.buf = dma_alloc_coherent(se->dev, SE_SHA_BUFLEN, 530 + &rctx->datbuf.addr, GFP_KERNEL); 531 + if (!rctx->datbuf.buf) 532 + goto datbuf_fail; 533 + 534 + return 0; 535 + 536 + datbuf_fail: 537 + dma_free_coherent(se->dev, rctx->blk_size, rctx->residue.buf, 538 + rctx->residue.addr); 539 + resbuf_fail: 540 + dma_free_coherent(se->dev, SE_SHA_BUFLEN, rctx->datbuf.buf, 541 + rctx->datbuf.addr); 542 + digbuf_fail: 543 + return -ENOMEM; 544 + } 545 + 546 + static int tegra_hmac_fallback_setkey(struct tegra_sha_ctx *ctx, const u8 *key, 547 + unsigned int keylen) 548 + { 549 + if (!ctx->fallback_tfm) { 550 + dev_dbg(ctx->se->dev, "invalid key length (%d)\n", keylen); 551 + return -EINVAL; 552 + } 553 + 554 + ctx->fallback = true; 555 + return crypto_ahash_setkey(ctx->fallback_tfm, key, keylen); 556 + } 557 + 558 + static int tegra_hmac_setkey(struct crypto_ahash *tfm, const u8 *key, 559 + unsigned int keylen) 560 + { 561 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 562 + 563 + if (aes_check_keylen(keylen)) 564 + return tegra_hmac_fallback_setkey(ctx, key, keylen); 565 + 566 + ctx->fallback = false; 567 + 568 + return tegra_key_submit(ctx->se, key, keylen, ctx->alg, &ctx->key_id); 569 + } 570 + 571 + static int tegra_sha_update(struct ahash_request *req) 572 + { 573 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 574 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 575 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 576 + 577 + if (ctx->fallback) 578 + return tegra_sha_fallback_update(req); 579 + 580 + rctx->task |= SHA_UPDATE; 581 + 582 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 583 + } 584 + 585 + static int tegra_sha_final(struct ahash_request *req) 586 + { 587 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 588 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 589 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 590 + 591 + if (ctx->fallback) 592 + return tegra_sha_fallback_final(req); 593 + 594 + rctx->task |= SHA_FINAL; 595 + 596 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 597 + } 598 + 599 + static int tegra_sha_finup(struct ahash_request *req) 600 + { 601 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 602 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 603 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 604 + 605 + if (ctx->fallback) 606 + return tegra_sha_fallback_finup(req); 607 + 608 + rctx->task |= SHA_UPDATE | SHA_FINAL; 609 + 610 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 611 + } 612 + 613 + static int tegra_sha_digest(struct ahash_request *req) 614 + { 615 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 616 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 617 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 618 + 619 + if (ctx->fallback) 620 + return tegra_sha_fallback_digest(req); 621 + 622 + tegra_sha_init(req); 623 + rctx->task |= SHA_UPDATE | SHA_FINAL; 624 + 625 + return crypto_transfer_hash_request_to_engine(ctx->se->engine, req); 626 + } 627 + 628 + static int tegra_sha_export(struct ahash_request *req, void *out) 629 + { 630 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 631 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 632 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 633 + 634 + if (ctx->fallback) 635 + return tegra_sha_fallback_export(req, out); 636 + 637 + memcpy(out, rctx, sizeof(*rctx)); 638 + 639 + return 0; 640 + } 641 + 642 + static int tegra_sha_import(struct ahash_request *req, const void *in) 643 + { 644 + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); 645 + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 646 + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); 647 + 648 + if (ctx->fallback) 649 + return tegra_sha_fallback_import(req, in); 650 + 651 + memcpy(rctx, in, sizeof(*rctx)); 652 + 653 + return 0; 654 + } 655 + 656 + static struct tegra_se_alg tegra_hash_algs[] = { 657 + { 658 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 659 + .alg.ahash.base = { 660 + .init = tegra_sha_init, 661 + .update = tegra_sha_update, 662 + .final = tegra_sha_final, 663 + .finup = tegra_sha_finup, 664 + .digest = tegra_sha_digest, 665 + .export = tegra_sha_export, 666 + .import = tegra_sha_import, 667 + .halg.digestsize = SHA1_DIGEST_SIZE, 668 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 669 + .halg.base = { 670 + .cra_name = "sha1", 671 + .cra_driver_name = "tegra-se-sha1", 672 + .cra_priority = 300, 673 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 674 + .cra_blocksize = SHA1_BLOCK_SIZE, 675 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 676 + .cra_alignmask = 0, 677 + .cra_module = THIS_MODULE, 678 + .cra_init = tegra_sha_cra_init, 679 + .cra_exit = tegra_sha_cra_exit, 680 + } 681 + } 682 + }, { 683 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 684 + .alg.ahash.base = { 685 + .init = tegra_sha_init, 686 + .update = tegra_sha_update, 687 + .final = tegra_sha_final, 688 + .finup = tegra_sha_finup, 689 + .digest = tegra_sha_digest, 690 + .export = tegra_sha_export, 691 + .import = tegra_sha_import, 692 + .halg.digestsize = SHA224_DIGEST_SIZE, 693 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 694 + .halg.base = { 695 + .cra_name = "sha224", 696 + .cra_driver_name = "tegra-se-sha224", 697 + .cra_priority = 300, 698 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 699 + .cra_blocksize = SHA224_BLOCK_SIZE, 700 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 701 + .cra_alignmask = 0, 702 + .cra_module = THIS_MODULE, 703 + .cra_init = tegra_sha_cra_init, 704 + .cra_exit = tegra_sha_cra_exit, 705 + } 706 + } 707 + }, { 708 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 709 + .alg.ahash.base = { 710 + .init = tegra_sha_init, 711 + .update = tegra_sha_update, 712 + .final = tegra_sha_final, 713 + .finup = tegra_sha_finup, 714 + .digest = tegra_sha_digest, 715 + .export = tegra_sha_export, 716 + .import = tegra_sha_import, 717 + .halg.digestsize = SHA256_DIGEST_SIZE, 718 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 719 + .halg.base = { 720 + .cra_name = "sha256", 721 + .cra_driver_name = "tegra-se-sha256", 722 + .cra_priority = 300, 723 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 724 + .cra_blocksize = SHA256_BLOCK_SIZE, 725 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 726 + .cra_alignmask = 0, 727 + .cra_module = THIS_MODULE, 728 + .cra_init = tegra_sha_cra_init, 729 + .cra_exit = tegra_sha_cra_exit, 730 + } 731 + } 732 + }, { 733 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 734 + .alg.ahash.base = { 735 + .init = tegra_sha_init, 736 + .update = tegra_sha_update, 737 + .final = tegra_sha_final, 738 + .finup = tegra_sha_finup, 739 + .digest = tegra_sha_digest, 740 + .export = tegra_sha_export, 741 + .import = tegra_sha_import, 742 + .halg.digestsize = SHA384_DIGEST_SIZE, 743 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 744 + .halg.base = { 745 + .cra_name = "sha384", 746 + .cra_driver_name = "tegra-se-sha384", 747 + .cra_priority = 300, 748 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 749 + .cra_blocksize = SHA384_BLOCK_SIZE, 750 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 751 + .cra_alignmask = 0, 752 + .cra_module = THIS_MODULE, 753 + .cra_init = tegra_sha_cra_init, 754 + .cra_exit = tegra_sha_cra_exit, 755 + } 756 + } 757 + }, { 758 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 759 + .alg.ahash.base = { 760 + .init = tegra_sha_init, 761 + .update = tegra_sha_update, 762 + .final = tegra_sha_final, 763 + .finup = tegra_sha_finup, 764 + .digest = tegra_sha_digest, 765 + .export = tegra_sha_export, 766 + .import = tegra_sha_import, 767 + .halg.digestsize = SHA512_DIGEST_SIZE, 768 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 769 + .halg.base = { 770 + .cra_name = "sha512", 771 + .cra_driver_name = "tegra-se-sha512", 772 + .cra_priority = 300, 773 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 774 + .cra_blocksize = SHA512_BLOCK_SIZE, 775 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 776 + .cra_alignmask = 0, 777 + .cra_module = THIS_MODULE, 778 + .cra_init = tegra_sha_cra_init, 779 + .cra_exit = tegra_sha_cra_exit, 780 + } 781 + } 782 + }, { 783 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 784 + .alg.ahash.base = { 785 + .init = tegra_sha_init, 786 + .update = tegra_sha_update, 787 + .final = tegra_sha_final, 788 + .finup = tegra_sha_finup, 789 + .digest = tegra_sha_digest, 790 + .export = tegra_sha_export, 791 + .import = tegra_sha_import, 792 + .halg.digestsize = SHA3_224_DIGEST_SIZE, 793 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 794 + .halg.base = { 795 + .cra_name = "sha3-224", 796 + .cra_driver_name = "tegra-se-sha3-224", 797 + .cra_priority = 300, 798 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 799 + .cra_blocksize = SHA3_224_BLOCK_SIZE, 800 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 801 + .cra_alignmask = 0, 802 + .cra_module = THIS_MODULE, 803 + .cra_init = tegra_sha_cra_init, 804 + .cra_exit = tegra_sha_cra_exit, 805 + } 806 + } 807 + }, { 808 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 809 + .alg.ahash.base = { 810 + .init = tegra_sha_init, 811 + .update = tegra_sha_update, 812 + .final = tegra_sha_final, 813 + .finup = tegra_sha_finup, 814 + .digest = tegra_sha_digest, 815 + .export = tegra_sha_export, 816 + .import = tegra_sha_import, 817 + .halg.digestsize = SHA3_256_DIGEST_SIZE, 818 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 819 + .halg.base = { 820 + .cra_name = "sha3-256", 821 + .cra_driver_name = "tegra-se-sha3-256", 822 + .cra_priority = 300, 823 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 824 + .cra_blocksize = SHA3_256_BLOCK_SIZE, 825 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 826 + .cra_alignmask = 0, 827 + .cra_module = THIS_MODULE, 828 + .cra_init = tegra_sha_cra_init, 829 + .cra_exit = tegra_sha_cra_exit, 830 + } 831 + } 832 + }, { 833 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 834 + .alg.ahash.base = { 835 + .init = tegra_sha_init, 836 + .update = tegra_sha_update, 837 + .final = tegra_sha_final, 838 + .finup = tegra_sha_finup, 839 + .digest = tegra_sha_digest, 840 + .export = tegra_sha_export, 841 + .import = tegra_sha_import, 842 + .halg.digestsize = SHA3_384_DIGEST_SIZE, 843 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 844 + .halg.base = { 845 + .cra_name = "sha3-384", 846 + .cra_driver_name = "tegra-se-sha3-384", 847 + .cra_priority = 300, 848 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 849 + .cra_blocksize = SHA3_384_BLOCK_SIZE, 850 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 851 + .cra_alignmask = 0, 852 + .cra_module = THIS_MODULE, 853 + .cra_init = tegra_sha_cra_init, 854 + .cra_exit = tegra_sha_cra_exit, 855 + } 856 + } 857 + }, { 858 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 859 + .alg.ahash.base = { 860 + .init = tegra_sha_init, 861 + .update = tegra_sha_update, 862 + .final = tegra_sha_final, 863 + .finup = tegra_sha_finup, 864 + .digest = tegra_sha_digest, 865 + .export = tegra_sha_export, 866 + .import = tegra_sha_import, 867 + .halg.digestsize = SHA3_512_DIGEST_SIZE, 868 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 869 + .halg.base = { 870 + .cra_name = "sha3-512", 871 + .cra_driver_name = "tegra-se-sha3-512", 872 + .cra_priority = 300, 873 + .cra_flags = CRYPTO_ALG_TYPE_AHASH, 874 + .cra_blocksize = SHA3_512_BLOCK_SIZE, 875 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 876 + .cra_alignmask = 0, 877 + .cra_module = THIS_MODULE, 878 + .cra_init = tegra_sha_cra_init, 879 + .cra_exit = tegra_sha_cra_exit, 880 + } 881 + } 882 + }, { 883 + .alg_base = "sha224", 884 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 885 + .alg.ahash.base = { 886 + .init = tegra_sha_init, 887 + .update = tegra_sha_update, 888 + .final = tegra_sha_final, 889 + .finup = tegra_sha_finup, 890 + .digest = tegra_sha_digest, 891 + .export = tegra_sha_export, 892 + .import = tegra_sha_import, 893 + .setkey = tegra_hmac_setkey, 894 + .halg.digestsize = SHA224_DIGEST_SIZE, 895 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 896 + .halg.base = { 897 + .cra_name = "hmac(sha224)", 898 + .cra_driver_name = "tegra-se-hmac-sha224", 899 + .cra_priority = 300, 900 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, 901 + .cra_blocksize = SHA224_BLOCK_SIZE, 902 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 903 + .cra_alignmask = 0, 904 + .cra_module = THIS_MODULE, 905 + .cra_init = tegra_sha_cra_init, 906 + .cra_exit = tegra_sha_cra_exit, 907 + } 908 + } 909 + }, { 910 + .alg_base = "sha256", 911 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 912 + .alg.ahash.base = { 913 + .init = tegra_sha_init, 914 + .update = tegra_sha_update, 915 + .final = tegra_sha_final, 916 + .finup = tegra_sha_finup, 917 + .digest = tegra_sha_digest, 918 + .export = tegra_sha_export, 919 + .import = tegra_sha_import, 920 + .setkey = tegra_hmac_setkey, 921 + .halg.digestsize = SHA256_DIGEST_SIZE, 922 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 923 + .halg.base = { 924 + .cra_name = "hmac(sha256)", 925 + .cra_driver_name = "tegra-se-hmac-sha256", 926 + .cra_priority = 300, 927 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, 928 + .cra_blocksize = SHA256_BLOCK_SIZE, 929 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 930 + .cra_alignmask = 0, 931 + .cra_module = THIS_MODULE, 932 + .cra_init = tegra_sha_cra_init, 933 + .cra_exit = tegra_sha_cra_exit, 934 + } 935 + } 936 + }, { 937 + .alg_base = "sha384", 938 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 939 + .alg.ahash.base = { 940 + .init = tegra_sha_init, 941 + .update = tegra_sha_update, 942 + .final = tegra_sha_final, 943 + .finup = tegra_sha_finup, 944 + .digest = tegra_sha_digest, 945 + .export = tegra_sha_export, 946 + .import = tegra_sha_import, 947 + .setkey = tegra_hmac_setkey, 948 + .halg.digestsize = SHA384_DIGEST_SIZE, 949 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 950 + .halg.base = { 951 + .cra_name = "hmac(sha384)", 952 + .cra_driver_name = "tegra-se-hmac-sha384", 953 + .cra_priority = 300, 954 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, 955 + .cra_blocksize = SHA384_BLOCK_SIZE, 956 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 957 + .cra_alignmask = 0, 958 + .cra_module = THIS_MODULE, 959 + .cra_init = tegra_sha_cra_init, 960 + .cra_exit = tegra_sha_cra_exit, 961 + } 962 + } 963 + }, { 964 + .alg_base = "sha512", 965 + .alg.ahash.op.do_one_request = tegra_sha_do_one_req, 966 + .alg.ahash.base = { 967 + .init = tegra_sha_init, 968 + .update = tegra_sha_update, 969 + .final = tegra_sha_final, 970 + .finup = tegra_sha_finup, 971 + .digest = tegra_sha_digest, 972 + .export = tegra_sha_export, 973 + .import = tegra_sha_import, 974 + .setkey = tegra_hmac_setkey, 975 + .halg.digestsize = SHA512_DIGEST_SIZE, 976 + .halg.statesize = sizeof(struct tegra_sha_reqctx), 977 + .halg.base = { 978 + .cra_name = "hmac(sha512)", 979 + .cra_driver_name = "tegra-se-hmac-sha512", 980 + .cra_priority = 300, 981 + .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, 982 + .cra_blocksize = SHA512_BLOCK_SIZE, 983 + .cra_ctxsize = sizeof(struct tegra_sha_ctx), 984 + .cra_alignmask = 0, 985 + .cra_module = THIS_MODULE, 986 + .cra_init = tegra_sha_cra_init, 987 + .cra_exit = tegra_sha_cra_exit, 988 + } 989 + } 990 + } 991 + }; 992 + 993 + static int tegra_hash_kac_manifest(u32 user, u32 alg, u32 keylen) 994 + { 995 + int manifest; 996 + 997 + manifest = SE_KAC_USER_NS; 998 + 999 + switch (alg) { 1000 + case SE_ALG_HMAC_SHA224: 1001 + case SE_ALG_HMAC_SHA256: 1002 + case SE_ALG_HMAC_SHA384: 1003 + case SE_ALG_HMAC_SHA512: 1004 + manifest |= SE_KAC_HMAC; 1005 + break; 1006 + default: 1007 + return -EINVAL; 1008 + } 1009 + 1010 + switch (keylen) { 1011 + case AES_KEYSIZE_128: 1012 + manifest |= SE_KAC_SIZE_128; 1013 + break; 1014 + case AES_KEYSIZE_192: 1015 + manifest |= SE_KAC_SIZE_192; 1016 + break; 1017 + case AES_KEYSIZE_256: 1018 + default: 1019 + manifest |= SE_KAC_SIZE_256; 1020 + break; 1021 + } 1022 + 1023 + return manifest; 1024 + } 1025 + 1026 + int tegra_init_hash(struct tegra_se *se) 1027 + { 1028 + struct ahash_engine_alg *alg; 1029 + int i, ret; 1030 + 1031 + se->manifest = tegra_hash_kac_manifest; 1032 + 1033 + for (i = 0; i < ARRAY_SIZE(tegra_hash_algs); i++) { 1034 + tegra_hash_algs[i].se_dev = se; 1035 + alg = &tegra_hash_algs[i].alg.ahash; 1036 + 1037 + ret = crypto_engine_register_ahash(alg); 1038 + if (ret) { 1039 + dev_err(se->dev, "failed to register %s\n", 1040 + alg->base.halg.base.cra_name); 1041 + goto sha_err; 1042 + } 1043 + } 1044 + 1045 + return 0; 1046 + 1047 + sha_err: 1048 + while (i--) 1049 + crypto_engine_unregister_ahash(&tegra_hash_algs[i].alg.ahash); 1050 + 1051 + return ret; 1052 + } 1053 + 1054 + void tegra_deinit_hash(struct tegra_se *se) 1055 + { 1056 + int i; 1057 + 1058 + for (i = 0; i < ARRAY_SIZE(tegra_hash_algs); i++) 1059 + crypto_engine_unregister_ahash(&tegra_hash_algs[i].alg.ahash); 1060 + }

+156

drivers/crypto/tegra/tegra-se-key.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + /* 4 + * Crypto driver file to manage keys of NVIDIA Security Engine. 5 + */ 6 + 7 + #include <linux/bitops.h> 8 + #include <linux/module.h> 9 + #include <crypto/aes.h> 10 + 11 + #include "tegra-se.h" 12 + 13 + #define SE_KEY_FULL_MASK GENMASK(SE_MAX_KEYSLOT, 0) 14 + 15 + /* Reserve keyslot 0, 14, 15 */ 16 + #define SE_KEY_RSVD_MASK (BIT(0) | BIT(14) | BIT(15)) 17 + #define SE_KEY_VALID_MASK (SE_KEY_FULL_MASK & ~SE_KEY_RSVD_MASK) 18 + 19 + /* Mutex lock to guard keyslots */ 20 + static DEFINE_MUTEX(kslt_lock); 21 + 22 + /* Keyslot bitmask (0 = available, 1 = in use/not available) */ 23 + static u16 tegra_se_keyslots = SE_KEY_RSVD_MASK; 24 + 25 + static u16 tegra_keyslot_alloc(void) 26 + { 27 + u16 keyid; 28 + 29 + mutex_lock(&kslt_lock); 30 + /* Check if all key slots are full */ 31 + if (tegra_se_keyslots == GENMASK(SE_MAX_KEYSLOT, 0)) { 32 + mutex_unlock(&kslt_lock); 33 + return 0; 34 + } 35 + 36 + keyid = ffz(tegra_se_keyslots); 37 + tegra_se_keyslots |= BIT(keyid); 38 + 39 + mutex_unlock(&kslt_lock); 40 + 41 + return keyid; 42 + } 43 + 44 + static void tegra_keyslot_free(u16 slot) 45 + { 46 + mutex_lock(&kslt_lock); 47 + tegra_se_keyslots &= ~(BIT(slot)); 48 + mutex_unlock(&kslt_lock); 49 + } 50 + 51 + static unsigned int tegra_key_prep_ins_cmd(struct tegra_se *se, u32 *cpuvaddr, 52 + const u32 *key, u32 keylen, u16 slot, u32 alg) 53 + { 54 + int i = 0, j; 55 + 56 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 57 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->op); 58 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_DUMMY; 59 + 60 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 61 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->manifest); 62 + cpuvaddr[i++] = se->manifest(se->owner, alg, keylen); 63 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 64 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->key_dst); 65 + 66 + cpuvaddr[i++] = SE_AES_KEY_DST_INDEX(slot); 67 + 68 + for (j = 0; j < keylen / 4; j++) { 69 + /* Set key address */ 70 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 71 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->key_addr); 72 + cpuvaddr[i++] = j; 73 + 74 + /* Set key data */ 75 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 76 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->key_data); 77 + cpuvaddr[i++] = key[j]; 78 + } 79 + 80 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 81 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->config); 82 + cpuvaddr[i++] = SE_CFG_INS; 83 + 84 + cpuvaddr[i++] = host1x_opcode_setpayload(1); 85 + cpuvaddr[i++] = se_host1x_opcode_incr_w(se->hw->regs->op); 86 + cpuvaddr[i++] = SE_AES_OP_WRSTALL | SE_AES_OP_START | 87 + SE_AES_OP_LASTBUF; 88 + 89 + cpuvaddr[i++] = se_host1x_opcode_nonincr(host1x_uclass_incr_syncpt_r(), 1); 90 + cpuvaddr[i++] = host1x_uclass_incr_syncpt_cond_f(1) | 91 + host1x_uclass_incr_syncpt_indx_f(se->syncpt_id); 92 + 93 + dev_dbg(se->dev, "key-slot %u key-manifest %#x\n", 94 + slot, se->manifest(se->owner, alg, keylen)); 95 + 96 + return i; 97 + } 98 + 99 + static bool tegra_key_in_kslt(u32 keyid) 100 + { 101 + bool ret; 102 + 103 + if (keyid > SE_MAX_KEYSLOT) 104 + return false; 105 + 106 + mutex_lock(&kslt_lock); 107 + ret = ((BIT(keyid) & SE_KEY_VALID_MASK) && 108 + (BIT(keyid) & tegra_se_keyslots)); 109 + mutex_unlock(&kslt_lock); 110 + 111 + return ret; 112 + } 113 + 114 + static int tegra_key_insert(struct tegra_se *se, const u8 *key, 115 + u32 keylen, u16 slot, u32 alg) 116 + { 117 + const u32 *keyval = (u32 *)key; 118 + u32 *addr = se->cmdbuf->addr, size; 119 + 120 + size = tegra_key_prep_ins_cmd(se, addr, keyval, keylen, slot, alg); 121 + 122 + return tegra_se_host1x_submit(se, size); 123 + } 124 + 125 + void tegra_key_invalidate(struct tegra_se *se, u32 keyid, u32 alg) 126 + { 127 + u8 zkey[AES_MAX_KEY_SIZE] = {0}; 128 + 129 + if (!keyid) 130 + return; 131 + 132 + /* Overwrite the key with 0s */ 133 + tegra_key_insert(se, zkey, AES_MAX_KEY_SIZE, keyid, alg); 134 + 135 + tegra_keyslot_free(keyid); 136 + } 137 + 138 + int tegra_key_submit(struct tegra_se *se, const u8 *key, u32 keylen, u32 alg, u32 *keyid) 139 + { 140 + int ret; 141 + 142 + /* Use the existing slot if it is already allocated */ 143 + if (!tegra_key_in_kslt(*keyid)) { 144 + *keyid = tegra_keyslot_alloc(); 145 + if (!(*keyid)) { 146 + dev_err(se->dev, "failed to allocate key slot\n"); 147 + return -ENOMEM; 148 + } 149 + } 150 + 151 + ret = tegra_key_insert(se, key, keylen, *keyid, alg); 152 + if (ret) 153 + return ret; 154 + 155 + return 0; 156 + }

+437

drivers/crypto/tegra/tegra-se-main.c

··· 1 + // SPDX-License-Identifier: GPL-2.0-only 2 + // SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + /* 4 + * Crypto driver for NVIDIA Security Engine in Tegra Chips 5 + */ 6 + 7 + #include <linux/clk.h> 8 + #include <linux/dma-mapping.h> 9 + #include <linux/module.h> 10 + #include <linux/platform_device.h> 11 + #include <linux/mod_devicetable.h> 12 + 13 + #include <crypto/engine.h> 14 + 15 + #include "tegra-se.h" 16 + 17 + static struct host1x_bo *tegra_se_cmdbuf_get(struct host1x_bo *host_bo) 18 + { 19 + struct tegra_se_cmdbuf *cmdbuf = container_of(host_bo, struct tegra_se_cmdbuf, bo); 20 + 21 + kref_get(&cmdbuf->ref); 22 + 23 + return host_bo; 24 + } 25 + 26 + static void tegra_se_cmdbuf_release(struct kref *ref) 27 + { 28 + struct tegra_se_cmdbuf *cmdbuf = container_of(ref, struct tegra_se_cmdbuf, ref); 29 + 30 + dma_free_attrs(cmdbuf->dev, cmdbuf->size, cmdbuf->addr, 31 + cmdbuf->iova, 0); 32 + 33 + kfree(cmdbuf); 34 + } 35 + 36 + static void tegra_se_cmdbuf_put(struct host1x_bo *host_bo) 37 + { 38 + struct tegra_se_cmdbuf *cmdbuf = container_of(host_bo, struct tegra_se_cmdbuf, bo); 39 + 40 + kref_put(&cmdbuf->ref, tegra_se_cmdbuf_release); 41 + } 42 + 43 + static struct host1x_bo_mapping * 44 + tegra_se_cmdbuf_pin(struct device *dev, struct host1x_bo *bo, enum dma_data_direction direction) 45 + { 46 + struct tegra_se_cmdbuf *cmdbuf = container_of(bo, struct tegra_se_cmdbuf, bo); 47 + struct host1x_bo_mapping *map; 48 + int err; 49 + 50 + map = kzalloc(sizeof(*map), GFP_KERNEL); 51 + if (!map) 52 + return ERR_PTR(-ENOMEM); 53 + 54 + kref_init(&map->ref); 55 + map->bo = host1x_bo_get(bo); 56 + map->direction = direction; 57 + map->dev = dev; 58 + 59 + map->sgt = kzalloc(sizeof(*map->sgt), GFP_KERNEL); 60 + if (!map->sgt) { 61 + err = -ENOMEM; 62 + goto free; 63 + } 64 + 65 + err = dma_get_sgtable(dev, map->sgt, cmdbuf->addr, 66 + cmdbuf->iova, cmdbuf->words * 4); 67 + if (err) 68 + goto free_sgt; 69 + 70 + err = dma_map_sgtable(dev, map->sgt, direction, 0); 71 + if (err) 72 + goto free_sgt; 73 + 74 + map->phys = sg_dma_address(map->sgt->sgl); 75 + map->size = cmdbuf->words * 4; 76 + map->chunks = err; 77 + 78 + return map; 79 + 80 + free_sgt: 81 + sg_free_table(map->sgt); 82 + kfree(map->sgt); 83 + free: 84 + kfree(map); 85 + return ERR_PTR(err); 86 + } 87 + 88 + static void tegra_se_cmdbuf_unpin(struct host1x_bo_mapping *map) 89 + { 90 + if (!map) 91 + return; 92 + 93 + dma_unmap_sgtable(map->dev, map->sgt, map->direction, 0); 94 + sg_free_table(map->sgt); 95 + kfree(map->sgt); 96 + host1x_bo_put(map->bo); 97 + 98 + kfree(map); 99 + } 100 + 101 + static void *tegra_se_cmdbuf_mmap(struct host1x_bo *host_bo) 102 + { 103 + struct tegra_se_cmdbuf *cmdbuf = container_of(host_bo, struct tegra_se_cmdbuf, bo); 104 + 105 + return cmdbuf->addr; 106 + } 107 + 108 + static void tegra_se_cmdbuf_munmap(struct host1x_bo *host_bo, void *addr) 109 + { 110 + } 111 + 112 + static const struct host1x_bo_ops tegra_se_cmdbuf_ops = { 113 + .get = tegra_se_cmdbuf_get, 114 + .put = tegra_se_cmdbuf_put, 115 + .pin = tegra_se_cmdbuf_pin, 116 + .unpin = tegra_se_cmdbuf_unpin, 117 + .mmap = tegra_se_cmdbuf_mmap, 118 + .munmap = tegra_se_cmdbuf_munmap, 119 + }; 120 + 121 + static struct tegra_se_cmdbuf *tegra_se_host1x_bo_alloc(struct tegra_se *se, ssize_t size) 122 + { 123 + struct tegra_se_cmdbuf *cmdbuf; 124 + struct device *dev = se->dev->parent; 125 + 126 + cmdbuf = kzalloc(sizeof(*cmdbuf), GFP_KERNEL); 127 + if (!cmdbuf) 128 + return NULL; 129 + 130 + cmdbuf->addr = dma_alloc_attrs(dev, size, &cmdbuf->iova, 131 + GFP_KERNEL, 0); 132 + if (!cmdbuf->addr) 133 + return NULL; 134 + 135 + cmdbuf->size = size; 136 + cmdbuf->dev = dev; 137 + 138 + host1x_bo_init(&cmdbuf->bo, &tegra_se_cmdbuf_ops); 139 + kref_init(&cmdbuf->ref); 140 + 141 + return cmdbuf; 142 + } 143 + 144 + int tegra_se_host1x_submit(struct tegra_se *se, u32 size) 145 + { 146 + struct host1x_job *job; 147 + int ret; 148 + 149 + job = host1x_job_alloc(se->channel, 1, 0, true); 150 + if (!job) { 151 + dev_err(se->dev, "failed to allocate host1x job\n"); 152 + return -ENOMEM; 153 + } 154 + 155 + job->syncpt = host1x_syncpt_get(se->syncpt); 156 + job->syncpt_incrs = 1; 157 + job->client = &se->client; 158 + job->class = se->client.class; 159 + job->serialize = true; 160 + job->engine_fallback_streamid = se->stream_id; 161 + job->engine_streamid_offset = SE_STREAM_ID; 162 + 163 + se->cmdbuf->words = size; 164 + 165 + host1x_job_add_gather(job, &se->cmdbuf->bo, size, 0); 166 + 167 + ret = host1x_job_pin(job, se->dev); 168 + if (ret) { 169 + dev_err(se->dev, "failed to pin host1x job\n"); 170 + goto job_put; 171 + } 172 + 173 + ret = host1x_job_submit(job); 174 + if (ret) { 175 + dev_err(se->dev, "failed to submit host1x job\n"); 176 + goto job_unpin; 177 + } 178 + 179 + ret = host1x_syncpt_wait(job->syncpt, job->syncpt_end, 180 + MAX_SCHEDULE_TIMEOUT, NULL); 181 + if (ret) { 182 + dev_err(se->dev, "host1x job timed out\n"); 183 + return ret; 184 + } 185 + 186 + host1x_job_put(job); 187 + return 0; 188 + 189 + job_unpin: 190 + host1x_job_unpin(job); 191 + job_put: 192 + host1x_job_put(job); 193 + 194 + return ret; 195 + } 196 + 197 + static int tegra_se_client_init(struct host1x_client *client) 198 + { 199 + struct tegra_se *se = container_of(client, struct tegra_se, client); 200 + int ret; 201 + 202 + se->channel = host1x_channel_request(&se->client); 203 + if (!se->channel) { 204 + dev_err(se->dev, "host1x channel map failed\n"); 205 + return -ENODEV; 206 + } 207 + 208 + se->syncpt = host1x_syncpt_request(&se->client, 0); 209 + if (!se->syncpt) { 210 + dev_err(se->dev, "host1x syncpt allocation failed\n"); 211 + ret = -EINVAL; 212 + goto channel_put; 213 + } 214 + 215 + se->syncpt_id = host1x_syncpt_id(se->syncpt); 216 + 217 + se->cmdbuf = tegra_se_host1x_bo_alloc(se, SZ_4K); 218 + if (!se->cmdbuf) { 219 + ret = -ENOMEM; 220 + goto syncpt_put; 221 + } 222 + 223 + ret = se->hw->init_alg(se); 224 + if (ret) { 225 + dev_err(se->dev, "failed to register algorithms\n"); 226 + goto cmdbuf_put; 227 + } 228 + 229 + return 0; 230 + 231 + cmdbuf_put: 232 + tegra_se_cmdbuf_put(&se->cmdbuf->bo); 233 + syncpt_put: 234 + host1x_syncpt_put(se->syncpt); 235 + channel_put: 236 + host1x_channel_put(se->channel); 237 + 238 + return ret; 239 + } 240 + 241 + static int tegra_se_client_deinit(struct host1x_client *client) 242 + { 243 + struct tegra_se *se = container_of(client, struct tegra_se, client); 244 + 245 + se->hw->deinit_alg(se); 246 + tegra_se_cmdbuf_put(&se->cmdbuf->bo); 247 + host1x_syncpt_put(se->syncpt); 248 + host1x_channel_put(se->channel); 249 + 250 + return 0; 251 + } 252 + 253 + static const struct host1x_client_ops tegra_se_client_ops = { 254 + .init = tegra_se_client_init, 255 + .exit = tegra_se_client_deinit, 256 + }; 257 + 258 + static int tegra_se_host1x_register(struct tegra_se *se) 259 + { 260 + INIT_LIST_HEAD(&se->client.list); 261 + se->client.dev = se->dev; 262 + se->client.ops = &tegra_se_client_ops; 263 + se->client.class = se->hw->host1x_class; 264 + se->client.num_syncpts = 1; 265 + 266 + host1x_client_register(&se->client); 267 + 268 + return 0; 269 + } 270 + 271 + static int tegra_se_probe(struct platform_device *pdev) 272 + { 273 + struct device *dev = &pdev->dev; 274 + struct tegra_se *se; 275 + int ret; 276 + 277 + se = devm_kzalloc(dev, sizeof(*se), GFP_KERNEL); 278 + if (!se) 279 + return -ENOMEM; 280 + 281 + se->dev = dev; 282 + se->owner = TEGRA_GPSE_ID; 283 + se->hw = device_get_match_data(&pdev->dev); 284 + 285 + se->base = devm_platform_ioremap_resource(pdev, 0); 286 + if (IS_ERR(se->base)) 287 + return PTR_ERR(se->base); 288 + 289 + dma_set_mask_and_coherent(dev, DMA_BIT_MASK(39)); 290 + platform_set_drvdata(pdev, se); 291 + 292 + se->clk = devm_clk_get_enabled(se->dev, NULL); 293 + if (IS_ERR(se->clk)) 294 + return dev_err_probe(dev, PTR_ERR(se->clk), 295 + "failed to enable clocks\n"); 296 + 297 + if (!tegra_dev_iommu_get_stream_id(dev, &se->stream_id)) 298 + return dev_err_probe(dev, -ENODEV, 299 + "failed to get IOMMU stream ID\n"); 300 + 301 + writel(se->stream_id, se->base + SE_STREAM_ID); 302 + 303 + se->engine = crypto_engine_alloc_init(dev, 0); 304 + if (!se->engine) 305 + return dev_err_probe(dev, -ENOMEM, "failed to init crypto engine\n"); 306 + 307 + ret = crypto_engine_start(se->engine); 308 + if (ret) { 309 + crypto_engine_exit(se->engine); 310 + return dev_err_probe(dev, ret, "failed to start crypto engine\n"); 311 + } 312 + 313 + ret = tegra_se_host1x_register(se); 314 + if (ret) { 315 + crypto_engine_stop(se->engine); 316 + crypto_engine_exit(se->engine); 317 + return dev_err_probe(dev, ret, "failed to init host1x params\n"); 318 + } 319 + 320 + return 0; 321 + } 322 + 323 + static void tegra_se_remove(struct platform_device *pdev) 324 + { 325 + struct tegra_se *se = platform_get_drvdata(pdev); 326 + 327 + crypto_engine_stop(se->engine); 328 + crypto_engine_exit(se->engine); 329 + iommu_fwspec_free(se->dev); 330 + host1x_client_unregister(&se->client); 331 + } 332 + 333 + static const struct tegra_se_regs tegra234_aes1_regs = { 334 + .config = SE_AES1_CFG, 335 + .op = SE_AES1_OPERATION, 336 + .last_blk = SE_AES1_LAST_BLOCK, 337 + .linear_ctr = SE_AES1_LINEAR_CTR, 338 + .aad_len = SE_AES1_AAD_LEN, 339 + .cryp_msg_len = SE_AES1_CRYPTO_MSG_LEN, 340 + .manifest = SE_AES1_KEYMANIFEST, 341 + .key_addr = SE_AES1_KEY_ADDR, 342 + .key_data = SE_AES1_KEY_DATA, 343 + .key_dst = SE_AES1_KEY_DST, 344 + .result = SE_AES1_CMAC_RESULT, 345 + }; 346 + 347 + static const struct tegra_se_regs tegra234_hash_regs = { 348 + .config = SE_SHA_CFG, 349 + .op = SE_SHA_OPERATION, 350 + .manifest = SE_SHA_KEYMANIFEST, 351 + .key_addr = SE_SHA_KEY_ADDR, 352 + .key_data = SE_SHA_KEY_DATA, 353 + .key_dst = SE_SHA_KEY_DST, 354 + .result = SE_SHA_HASH_RESULT, 355 + }; 356 + 357 + static const struct tegra_se_hw tegra234_aes_hw = { 358 + .regs = &tegra234_aes1_regs, 359 + .kac_ver = 1, 360 + .host1x_class = 0x3b, 361 + .init_alg = tegra_init_aes, 362 + .deinit_alg = tegra_deinit_aes, 363 + }; 364 + 365 + static const struct tegra_se_hw tegra234_hash_hw = { 366 + .regs = &tegra234_hash_regs, 367 + .kac_ver = 1, 368 + .host1x_class = 0x3d, 369 + .init_alg = tegra_init_hash, 370 + .deinit_alg = tegra_deinit_hash, 371 + }; 372 + 373 + static const struct of_device_id tegra_se_of_match[] = { 374 + { 375 + .compatible = "nvidia,tegra234-se-aes", 376 + .data = &tegra234_aes_hw 377 + }, { 378 + .compatible = "nvidia,tegra234-se-hash", 379 + .data = &tegra234_hash_hw, 380 + }, 381 + { }, 382 + }; 383 + MODULE_DEVICE_TABLE(of, tegra_se_of_match); 384 + 385 + static struct platform_driver tegra_se_driver = { 386 + .driver = { 387 + .name = "tegra-se", 388 + .of_match_table = tegra_se_of_match, 389 + }, 390 + .probe = tegra_se_probe, 391 + .remove_new = tegra_se_remove, 392 + }; 393 + 394 + static int tegra_se_host1x_probe(struct host1x_device *dev) 395 + { 396 + return host1x_device_init(dev); 397 + } 398 + 399 + static int tegra_se_host1x_remove(struct host1x_device *dev) 400 + { 401 + host1x_device_exit(dev); 402 + 403 + return 0; 404 + } 405 + 406 + static struct host1x_driver tegra_se_host1x_driver = { 407 + .driver = { 408 + .name = "tegra-se-host1x", 409 + }, 410 + .probe = tegra_se_host1x_probe, 411 + .remove = tegra_se_host1x_remove, 412 + .subdevs = tegra_se_of_match, 413 + }; 414 + 415 + static int __init tegra_se_module_init(void) 416 + { 417 + int ret; 418 + 419 + ret = host1x_driver_register(&tegra_se_host1x_driver); 420 + if (ret) 421 + return ret; 422 + 423 + return platform_driver_register(&tegra_se_driver); 424 + } 425 + 426 + static void __exit tegra_se_module_exit(void) 427 + { 428 + host1x_driver_unregister(&tegra_se_host1x_driver); 429 + platform_driver_unregister(&tegra_se_driver); 430 + } 431 + 432 + module_init(tegra_se_module_init); 433 + module_exit(tegra_se_module_exit); 434 + 435 + MODULE_DESCRIPTION("NVIDIA Tegra Security Engine Driver"); 436 + MODULE_AUTHOR("Akhil R <akhilrajeev@nvidia.com>"); 437 + MODULE_LICENSE("GPL");

+560

drivers/crypto/tegra/tegra-se.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only 2 + * SPDX-FileCopyrightText: Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved. 3 + * 4 + * Header file for NVIDIA Security Engine driver. 5 + */ 6 + 7 + #ifndef _TEGRA_SE_H 8 + #define _TEGRA_SE_H 9 + 10 + #include <linux/bitfield.h> 11 + #include <linux/iommu.h> 12 + #include <linux/host1x.h> 13 + #include <crypto/aead.h> 14 + #include <crypto/engine.h> 15 + #include <crypto/hash.h> 16 + #include <crypto/sha1.h> 17 + #include <crypto/sha3.h> 18 + #include <crypto/skcipher.h> 19 + 20 + #define SE_OWNERSHIP 0x14 21 + #define SE_OWNERSHIP_UID(x) FIELD_GET(GENMASK(7, 0), x) 22 + #define TEGRA_GPSE_ID 3 23 + 24 + #define SE_STREAM_ID 0x90 25 + 26 + #define SE_SHA_CFG 0x4004 27 + #define SE_SHA_KEY_ADDR 0x4094 28 + #define SE_SHA_KEY_DATA 0x4098 29 + #define SE_SHA_KEYMANIFEST 0x409c 30 + #define SE_SHA_CRYPTO_CFG 0x40a4 31 + #define SE_SHA_KEY_DST 0x40a8 32 + #define SE_SHA_SRC_KSLT 0x4180 33 + #define SE_SHA_TGT_KSLT 0x4184 34 + #define SE_SHA_MSG_LENGTH 0x401c 35 + #define SE_SHA_OPERATION 0x407c 36 + #define SE_SHA_HASH_RESULT 0x40b0 37 + 38 + #define SE_SHA_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x) 39 + #define SE_SHA_ENC_MODE_SHA1 SE_SHA_ENC_MODE(0) 40 + #define SE_SHA_ENC_MODE_SHA224 SE_SHA_ENC_MODE(4) 41 + #define SE_SHA_ENC_MODE_SHA256 SE_SHA_ENC_MODE(5) 42 + #define SE_SHA_ENC_MODE_SHA384 SE_SHA_ENC_MODE(6) 43 + #define SE_SHA_ENC_MODE_SHA512 SE_SHA_ENC_MODE(7) 44 + #define SE_SHA_ENC_MODE_SHA_CTX_INTEGRITY SE_SHA_ENC_MODE(8) 45 + #define SE_SHA_ENC_MODE_SHA3_224 SE_SHA_ENC_MODE(9) 46 + #define SE_SHA_ENC_MODE_SHA3_256 SE_SHA_ENC_MODE(10) 47 + #define SE_SHA_ENC_MODE_SHA3_384 SE_SHA_ENC_MODE(11) 48 + #define SE_SHA_ENC_MODE_SHA3_512 SE_SHA_ENC_MODE(12) 49 + #define SE_SHA_ENC_MODE_SHAKE128 SE_SHA_ENC_MODE(13) 50 + #define SE_SHA_ENC_MODE_SHAKE256 SE_SHA_ENC_MODE(14) 51 + #define SE_SHA_ENC_MODE_HMAC_SHA256_1KEY SE_SHA_ENC_MODE(0) 52 + #define SE_SHA_ENC_MODE_HMAC_SHA256_2KEY SE_SHA_ENC_MODE(1) 53 + #define SE_SHA_ENC_MODE_SM3_256 SE_SHA_ENC_MODE(0) 54 + 55 + #define SE_SHA_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x) 56 + #define SE_SHA_ENC_ALG_NOP SE_SHA_CFG_ENC_ALG(0) 57 + #define SE_SHA_ENC_ALG_SHA_ENC SE_SHA_CFG_ENC_ALG(1) 58 + #define SE_SHA_ENC_ALG_RNG SE_SHA_CFG_ENC_ALG(2) 59 + #define SE_SHA_ENC_ALG_SHA SE_SHA_CFG_ENC_ALG(3) 60 + #define SE_SHA_ENC_ALG_SM3 SE_SHA_CFG_ENC_ALG(4) 61 + #define SE_SHA_ENC_ALG_HMAC SE_SHA_CFG_ENC_ALG(7) 62 + #define SE_SHA_ENC_ALG_KDF SE_SHA_CFG_ENC_ALG(8) 63 + #define SE_SHA_ENC_ALG_KEY_INVLD SE_SHA_CFG_ENC_ALG(10) 64 + #define SE_SHA_ENC_ALG_KEY_INQUIRE SE_SHA_CFG_ENC_ALG(12) 65 + #define SE_SHA_ENC_ALG_INS SE_SHA_CFG_ENC_ALG(13) 66 + 67 + #define SE_SHA_OP_LASTBUF FIELD_PREP(BIT(16), 1) 68 + #define SE_SHA_OP_WRSTALL FIELD_PREP(BIT(15), 1) 69 + 70 + #define SE_SHA_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x) 71 + #define SE_SHA_OP_START SE_SHA_OP_OP(1) 72 + #define SE_SHA_OP_RESTART_OUT SE_SHA_OP_OP(2) 73 + #define SE_SHA_OP_RESTART_IN SE_SHA_OP_OP(4) 74 + #define SE_SHA_OP_RESTART_INOUT SE_SHA_OP_OP(5) 75 + #define SE_SHA_OP_DUMMY SE_SHA_OP_OP(6) 76 + 77 + #define SE_SHA_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x) 78 + #define SE_SHA_DEC_ALG_NOP SE_SHA_CFG_DEC_ALG(0) 79 + #define SE_SHA_DEC_ALG_AES_DEC SE_SHA_CFG_DEC_ALG(1) 80 + #define SE_SHA_DEC_ALG_HMAC SE_SHA_CFG_DEC_ALG(7) 81 + #define SE_SHA_DEC_ALG_HMAC_VERIFY SE_SHA_CFG_DEC_ALG(9) 82 + 83 + #define SE_SHA_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x) 84 + #define SE_SHA_DST_MEMORY SE_SHA_CFG_DST(0) 85 + #define SE_SHA_DST_HASH_REG SE_SHA_CFG_DST(1) 86 + #define SE_SHA_DST_KEYTABLE SE_SHA_CFG_DST(2) 87 + #define SE_SHA_DST_SRK SE_SHA_CFG_DST(3) 88 + 89 + #define SE_SHA_TASK_HASH_INIT BIT(0) 90 + 91 + /* AES Configuration */ 92 + #define SE_AES0_CFG 0x1004 93 + #define SE_AES0_CRYPTO_CONFIG 0x1008 94 + #define SE_AES0_KEY_DST 0x1030 95 + #define SE_AES0_OPERATION 0x1038 96 + #define SE_AES0_LINEAR_CTR 0x101c 97 + #define SE_AES0_LAST_BLOCK 0x102c 98 + #define SE_AES0_KEY_ADDR 0x10bc 99 + #define SE_AES0_KEY_DATA 0x10c0 100 + #define SE_AES0_CMAC_RESULT 0x10c4 101 + #define SE_AES0_SRC_KSLT 0x1100 102 + #define SE_AES0_TGT_KSLT 0x1104 103 + #define SE_AES0_KEYMANIFEST 0x1114 104 + #define SE_AES0_AAD_LEN 0x112c 105 + #define SE_AES0_CRYPTO_MSG_LEN 0x1134 106 + 107 + #define SE_AES1_CFG 0x2004 108 + #define SE_AES1_CRYPTO_CONFIG 0x2008 109 + #define SE_AES1_KEY_DST 0x2030 110 + #define SE_AES1_OPERATION 0x2038 111 + #define SE_AES1_LINEAR_CTR 0x201c 112 + #define SE_AES1_LAST_BLOCK 0x202c 113 + #define SE_AES1_KEY_ADDR 0x20bc 114 + #define SE_AES1_KEY_DATA 0x20c0 115 + #define SE_AES1_CMAC_RESULT 0x20c4 116 + #define SE_AES1_SRC_KSLT 0x2100 117 + #define SE_AES1_TGT_KSLT 0x2104 118 + #define SE_AES1_KEYMANIFEST 0x2114 119 + #define SE_AES1_AAD_LEN 0x212c 120 + #define SE_AES1_CRYPTO_MSG_LEN 0x2134 121 + 122 + #define SE_AES_CFG_ENC_MODE(x) FIELD_PREP(GENMASK(31, 24), x) 123 + #define SE_AES_ENC_MODE_GMAC SE_AES_CFG_ENC_MODE(3) 124 + #define SE_AES_ENC_MODE_GCM SE_AES_CFG_ENC_MODE(4) 125 + #define SE_AES_ENC_MODE_GCM_FINAL SE_AES_CFG_ENC_MODE(5) 126 + #define SE_AES_ENC_MODE_CMAC SE_AES_CFG_ENC_MODE(7) 127 + #define SE_AES_ENC_MODE_CBC_MAC SE_AES_CFG_ENC_MODE(12) 128 + 129 + #define SE_AES_CFG_DEC_MODE(x) FIELD_PREP(GENMASK(23, 16), x) 130 + #define SE_AES_DEC_MODE_GMAC SE_AES_CFG_DEC_MODE(3) 131 + #define SE_AES_DEC_MODE_GCM SE_AES_CFG_DEC_MODE(4) 132 + #define SE_AES_DEC_MODE_GCM_FINAL SE_AES_CFG_DEC_MODE(5) 133 + #define SE_AES_DEC_MODE_CBC_MAC SE_AES_CFG_DEC_MODE(12) 134 + 135 + #define SE_AES_CFG_ENC_ALG(x) FIELD_PREP(GENMASK(15, 12), x) 136 + #define SE_AES_ENC_ALG_NOP SE_AES_CFG_ENC_ALG(0) 137 + #define SE_AES_ENC_ALG_AES_ENC SE_AES_CFG_ENC_ALG(1) 138 + #define SE_AES_ENC_ALG_RNG SE_AES_CFG_ENC_ALG(2) 139 + #define SE_AES_ENC_ALG_SHA SE_AES_CFG_ENC_ALG(3) 140 + #define SE_AES_ENC_ALG_HMAC SE_AES_CFG_ENC_ALG(7) 141 + #define SE_AES_ENC_ALG_KDF SE_AES_CFG_ENC_ALG(8) 142 + #define SE_AES_ENC_ALG_INS SE_AES_CFG_ENC_ALG(13) 143 + 144 + #define SE_AES_CFG_DEC_ALG(x) FIELD_PREP(GENMASK(11, 8), x) 145 + #define SE_AES_DEC_ALG_NOP SE_AES_CFG_DEC_ALG(0) 146 + #define SE_AES_DEC_ALG_AES_DEC SE_AES_CFG_DEC_ALG(1) 147 + 148 + #define SE_AES_CFG_DST(x) FIELD_PREP(GENMASK(4, 2), x) 149 + #define SE_AES_DST_MEMORY SE_AES_CFG_DST(0) 150 + #define SE_AES_DST_HASH_REG SE_AES_CFG_DST(1) 151 + #define SE_AES_DST_KEYTABLE SE_AES_CFG_DST(2) 152 + #define SE_AES_DST_SRK SE_AES_CFG_DST(3) 153 + 154 + /* AES Crypto Configuration */ 155 + #define SE_AES_KEY2_INDEX(x) FIELD_PREP(GENMASK(31, 28), x) 156 + #define SE_AES_KEY_INDEX(x) FIELD_PREP(GENMASK(27, 24), x) 157 + 158 + #define SE_AES_CRYPTO_CFG_SCC_DIS FIELD_PREP(BIT(20), 1) 159 + 160 + #define SE_AES_CRYPTO_CFG_CTR_CNTN(x) FIELD_PREP(GENMASK(18, 11), x) 161 + 162 + #define SE_AES_CRYPTO_CFG_IV_MODE(x) FIELD_PREP(BIT(10), x) 163 + #define SE_AES_IV_MODE_SWIV SE_AES_CRYPTO_CFG_IV_MODE(0) 164 + #define SE_AES_IV_MODE_HWIV SE_AES_CRYPTO_CFG_IV_MODE(1) 165 + 166 + #define SE_AES_CRYPTO_CFG_CORE_SEL(x) FIELD_PREP(BIT(9), x) 167 + #define SE_AES_CORE_SEL_DECRYPT SE_AES_CRYPTO_CFG_CORE_SEL(0) 168 + #define SE_AES_CORE_SEL_ENCRYPT SE_AES_CRYPTO_CFG_CORE_SEL(1) 169 + 170 + #define SE_AES_CRYPTO_CFG_IV_SEL(x) FIELD_PREP(GENMASK(8, 7), x) 171 + #define SE_AES_IV_SEL_UPDATED SE_AES_CRYPTO_CFG_IV_SEL(1) 172 + #define SE_AES_IV_SEL_REG SE_AES_CRYPTO_CFG_IV_SEL(2) 173 + #define SE_AES_IV_SEL_RANDOM SE_AES_CRYPTO_CFG_IV_SEL(3) 174 + 175 + #define SE_AES_CRYPTO_CFG_VCTRAM_SEL(x) FIELD_PREP(GENMASK(6, 5), x) 176 + #define SE_AES_VCTRAM_SEL_MEMORY SE_AES_CRYPTO_CFG_VCTRAM_SEL(0) 177 + #define SE_AES_VCTRAM_SEL_TWEAK SE_AES_CRYPTO_CFG_VCTRAM_SEL(1) 178 + #define SE_AES_VCTRAM_SEL_AESOUT SE_AES_CRYPTO_CFG_VCTRAM_SEL(2) 179 + #define SE_AES_VCTRAM_SEL_PREV_MEM SE_AES_CRYPTO_CFG_VCTRAM_SEL(3) 180 + 181 + #define SE_AES_CRYPTO_CFG_INPUT_SEL(x) FIELD_PREP(GENMASK(4, 3), x) 182 + #define SE_AES_INPUT_SEL_MEMORY SE_AES_CRYPTO_CFG_INPUT_SEL(0) 183 + #define SE_AES_INPUT_SEL_RANDOM SE_AES_CRYPTO_CFG_INPUT_SEL(1) 184 + #define SE_AES_INPUT_SEL_AESOUT SE_AES_CRYPTO_CFG_INPUT_SEL(2) 185 + #define SE_AES_INPUT_SEL_LINEAR_CTR SE_AES_CRYPTO_CFG_INPUT_SEL(3) 186 + #define SE_AES_INPUT_SEL_REG SE_AES_CRYPTO_CFG_INPUT_SEL(1) 187 + 188 + #define SE_AES_CRYPTO_CFG_XOR_POS(x) FIELD_PREP(GENMASK(2, 1), x) 189 + #define SE_AES_XOR_POS_BYPASS SE_AES_CRYPTO_CFG_XOR_POS(0) 190 + #define SE_AES_XOR_POS_BOTH SE_AES_CRYPTO_CFG_XOR_POS(1) 191 + #define SE_AES_XOR_POS_TOP SE_AES_CRYPTO_CFG_XOR_POS(2) 192 + #define SE_AES_XOR_POS_BOTTOM SE_AES_CRYPTO_CFG_XOR_POS(3) 193 + 194 + #define SE_AES_CRYPTO_CFG_HASH_EN(x) FIELD_PREP(BIT(0), x) 195 + #define SE_AES_HASH_DISABLE SE_AES_CRYPTO_CFG_HASH_EN(0) 196 + #define SE_AES_HASH_ENABLE SE_AES_CRYPTO_CFG_HASH_EN(1) 197 + 198 + #define SE_LAST_BLOCK_VAL(x) FIELD_PREP(GENMASK(19, 0), x) 199 + #define SE_LAST_BLOCK_RES_BITS(x) FIELD_PREP(GENMASK(26, 20), x) 200 + 201 + #define SE_AES_OP_LASTBUF FIELD_PREP(BIT(16), 1) 202 + #define SE_AES_OP_WRSTALL FIELD_PREP(BIT(15), 1) 203 + #define SE_AES_OP_FINAL FIELD_PREP(BIT(5), 1) 204 + #define SE_AES_OP_INIT FIELD_PREP(BIT(4), 1) 205 + 206 + #define SE_AES_OP_OP(x) FIELD_PREP(GENMASK(2, 0), x) 207 + #define SE_AES_OP_START SE_AES_OP_OP(1) 208 + #define SE_AES_OP_RESTART_OUT SE_AES_OP_OP(2) 209 + #define SE_AES_OP_RESTART_IN SE_AES_OP_OP(4) 210 + #define SE_AES_OP_RESTART_INOUT SE_AES_OP_OP(5) 211 + #define SE_AES_OP_DUMMY SE_AES_OP_OP(6) 212 + 213 + #define SE_KAC_SIZE(x) FIELD_PREP(GENMASK(15, 14), x) 214 + #define SE_KAC_SIZE_128 SE_KAC_SIZE(0) 215 + #define SE_KAC_SIZE_192 SE_KAC_SIZE(1) 216 + #define SE_KAC_SIZE_256 SE_KAC_SIZE(2) 217 + 218 + #define SE_KAC_EXPORTABLE FIELD_PREP(BIT(12), 1) 219 + 220 + #define SE_KAC_PURPOSE(x) FIELD_PREP(GENMASK(11, 8), x) 221 + #define SE_KAC_ENC SE_KAC_PURPOSE(0) 222 + #define SE_KAC_CMAC SE_KAC_PURPOSE(1) 223 + #define SE_KAC_HMAC SE_KAC_PURPOSE(2) 224 + #define SE_KAC_GCM_KW SE_KAC_PURPOSE(3) 225 + #define SE_KAC_HMAC_KDK SE_KAC_PURPOSE(6) 226 + #define SE_KAC_HMAC_KDD SE_KAC_PURPOSE(7) 227 + #define SE_KAC_HMAC_KDD_KUW SE_KAC_PURPOSE(8) 228 + #define SE_KAC_XTS SE_KAC_PURPOSE(9) 229 + #define SE_KAC_GCM SE_KAC_PURPOSE(10) 230 + 231 + #define SE_KAC_USER_NS FIELD_PREP(GENMASK(6, 4), 3) 232 + 233 + #define SE_AES_KEY_DST_INDEX(x) FIELD_PREP(GENMASK(11, 8), x) 234 + #define SE_ADDR_HI_MSB(x) FIELD_PREP(GENMASK(31, 24), x) 235 + #define SE_ADDR_HI_SZ(x) FIELD_PREP(GENMASK(23, 0), x) 236 + 237 + #define SE_CFG_AES_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 238 + SE_AES_DEC_ALG_NOP | \ 239 + SE_AES_DST_MEMORY) 240 + 241 + #define SE_CFG_AES_DECRYPT (SE_AES_ENC_ALG_NOP | \ 242 + SE_AES_DEC_ALG_AES_DEC | \ 243 + SE_AES_DST_MEMORY) 244 + 245 + #define SE_CFG_GMAC_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 246 + SE_AES_DEC_ALG_NOP | \ 247 + SE_AES_ENC_MODE_GMAC | \ 248 + SE_AES_DST_MEMORY) 249 + 250 + #define SE_CFG_GMAC_DECRYPT (SE_AES_ENC_ALG_NOP | \ 251 + SE_AES_DEC_ALG_AES_DEC | \ 252 + SE_AES_DEC_MODE_GMAC | \ 253 + SE_AES_DST_MEMORY) 254 + 255 + #define SE_CFG_GCM_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 256 + SE_AES_DEC_ALG_NOP | \ 257 + SE_AES_ENC_MODE_GCM | \ 258 + SE_AES_DST_MEMORY) 259 + 260 + #define SE_CFG_GCM_DECRYPT (SE_AES_ENC_ALG_NOP | \ 261 + SE_AES_DEC_ALG_AES_DEC | \ 262 + SE_AES_DEC_MODE_GCM | \ 263 + SE_AES_DST_MEMORY) 264 + 265 + #define SE_CFG_GCM_FINAL_ENCRYPT (SE_AES_ENC_ALG_AES_ENC | \ 266 + SE_AES_DEC_ALG_NOP | \ 267 + SE_AES_ENC_MODE_GCM_FINAL | \ 268 + SE_AES_DST_MEMORY) 269 + 270 + #define SE_CFG_GCM_FINAL_DECRYPT (SE_AES_ENC_ALG_NOP | \ 271 + SE_AES_DEC_ALG_AES_DEC | \ 272 + SE_AES_DEC_MODE_GCM_FINAL | \ 273 + SE_AES_DST_MEMORY) 274 + 275 + #define SE_CFG_CMAC (SE_AES_ENC_ALG_AES_ENC | \ 276 + SE_AES_ENC_MODE_CMAC | \ 277 + SE_AES_DST_HASH_REG) 278 + 279 + #define SE_CFG_CBC_MAC (SE_AES_ENC_ALG_AES_ENC | \ 280 + SE_AES_ENC_MODE_CBC_MAC) 281 + 282 + #define SE_CFG_INS (SE_AES_ENC_ALG_INS | \ 283 + SE_AES_DEC_ALG_NOP) 284 + 285 + #define SE_CRYPTO_CFG_ECB_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 286 + SE_AES_XOR_POS_BYPASS | \ 287 + SE_AES_CORE_SEL_ENCRYPT) 288 + 289 + #define SE_CRYPTO_CFG_ECB_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 290 + SE_AES_XOR_POS_BYPASS | \ 291 + SE_AES_CORE_SEL_DECRYPT) 292 + 293 + #define SE_CRYPTO_CFG_CBC_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 294 + SE_AES_VCTRAM_SEL_AESOUT | \ 295 + SE_AES_XOR_POS_TOP | \ 296 + SE_AES_CORE_SEL_ENCRYPT | \ 297 + SE_AES_IV_SEL_REG) 298 + 299 + #define SE_CRYPTO_CFG_CBC_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 300 + SE_AES_VCTRAM_SEL_PREV_MEM | \ 301 + SE_AES_XOR_POS_BOTTOM | \ 302 + SE_AES_CORE_SEL_DECRYPT | \ 303 + SE_AES_IV_SEL_REG) 304 + 305 + #define SE_CRYPTO_CFG_CTR (SE_AES_INPUT_SEL_LINEAR_CTR | \ 306 + SE_AES_VCTRAM_SEL_MEMORY | \ 307 + SE_AES_XOR_POS_BOTTOM | \ 308 + SE_AES_CORE_SEL_ENCRYPT | \ 309 + SE_AES_CRYPTO_CFG_CTR_CNTN(1) | \ 310 + SE_AES_IV_SEL_REG) 311 + 312 + #define SE_CRYPTO_CFG_XTS_ENCRYPT (SE_AES_INPUT_SEL_MEMORY | \ 313 + SE_AES_VCTRAM_SEL_TWEAK | \ 314 + SE_AES_XOR_POS_BOTH | \ 315 + SE_AES_CORE_SEL_ENCRYPT | \ 316 + SE_AES_IV_SEL_REG) 317 + 318 + #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 319 + SE_AES_VCTRAM_SEL_TWEAK | \ 320 + SE_AES_XOR_POS_BOTH | \ 321 + SE_AES_CORE_SEL_DECRYPT | \ 322 + SE_AES_IV_SEL_REG) 323 + 324 + #define SE_CRYPTO_CFG_XTS_DECRYPT (SE_AES_INPUT_SEL_MEMORY | \ 325 + SE_AES_VCTRAM_SEL_TWEAK | \ 326 + SE_AES_XOR_POS_BOTH | \ 327 + SE_AES_CORE_SEL_DECRYPT | \ 328 + SE_AES_IV_SEL_REG) 329 + 330 + #define SE_CRYPTO_CFG_CBC_MAC (SE_AES_INPUT_SEL_MEMORY | \ 331 + SE_AES_VCTRAM_SEL_AESOUT | \ 332 + SE_AES_XOR_POS_TOP | \ 333 + SE_AES_CORE_SEL_ENCRYPT | \ 334 + SE_AES_HASH_ENABLE | \ 335 + SE_AES_IV_SEL_REG) 336 + 337 + #define HASH_RESULT_REG_COUNT 50 338 + #define CMAC_RESULT_REG_COUNT 4 339 + 340 + #define SE_CRYPTO_CTR_REG_COUNT 4 341 + #define SE_MAX_KEYSLOT 15 342 + #define SE_MAX_MEM_ALLOC SZ_4M 343 + #define SE_AES_BUFLEN 0x8000 344 + #define SE_SHA_BUFLEN 0x2000 345 + 346 + #define SHA_FIRST BIT(0) 347 + #define SHA_UPDATE BIT(1) 348 + #define SHA_FINAL BIT(2) 349 + 350 + /* Security Engine operation modes */ 351 + enum se_aes_alg { 352 + SE_ALG_CBC, /* Cipher Block Chaining (CBC) mode */ 353 + SE_ALG_ECB, /* Electronic Codebook (ECB) mode */ 354 + SE_ALG_CTR, /* Counter (CTR) mode */ 355 + SE_ALG_XTS, /* XTS mode */ 356 + SE_ALG_GMAC, /* GMAC mode */ 357 + SE_ALG_GCM, /* GCM mode */ 358 + SE_ALG_GCM_FINAL, /* GCM FINAL mode */ 359 + SE_ALG_CMAC, /* Cipher-based MAC (CMAC) mode */ 360 + SE_ALG_CBC_MAC, /* CBC MAC mode */ 361 + }; 362 + 363 + enum se_hash_alg { 364 + SE_ALG_RNG_DRBG, /* Deterministic Random Bit Generator */ 365 + SE_ALG_SHA1, /* Secure Hash Algorithm-1 (SHA1) mode */ 366 + SE_ALG_SHA224, /* Secure Hash Algorithm-224 (SHA224) mode */ 367 + SE_ALG_SHA256, /* Secure Hash Algorithm-256 (SHA256) mode */ 368 + SE_ALG_SHA384, /* Secure Hash Algorithm-384 (SHA384) mode */ 369 + SE_ALG_SHA512, /* Secure Hash Algorithm-512 (SHA512) mode */ 370 + SE_ALG_SHA3_224, /* Secure Hash Algorithm3-224 (SHA3-224) mode */ 371 + SE_ALG_SHA3_256, /* Secure Hash Algorithm3-256 (SHA3-256) mode */ 372 + SE_ALG_SHA3_384, /* Secure Hash Algorithm3-384 (SHA3-384) mode */ 373 + SE_ALG_SHA3_512, /* Secure Hash Algorithm3-512 (SHA3-512) mode */ 374 + SE_ALG_SHAKE128, /* Secure Hash Algorithm3 (SHAKE128) mode */ 375 + SE_ALG_SHAKE256, /* Secure Hash Algorithm3 (SHAKE256) mode */ 376 + SE_ALG_HMAC_SHA224, /* Hash based MAC (HMAC) - 224 */ 377 + SE_ALG_HMAC_SHA256, /* Hash based MAC (HMAC) - 256 */ 378 + SE_ALG_HMAC_SHA384, /* Hash based MAC (HMAC) - 384 */ 379 + SE_ALG_HMAC_SHA512, /* Hash based MAC (HMAC) - 512 */ 380 + }; 381 + 382 + struct tegra_se_alg { 383 + struct tegra_se *se_dev; 384 + const char *alg_base; 385 + 386 + union { 387 + struct skcipher_engine_alg skcipher; 388 + struct aead_engine_alg aead; 389 + struct ahash_engine_alg ahash; 390 + } alg; 391 + }; 392 + 393 + struct tegra_se_regs { 394 + u32 op; 395 + u32 config; 396 + u32 last_blk; 397 + u32 linear_ctr; 398 + u32 out_addr; 399 + u32 aad_len; 400 + u32 cryp_msg_len; 401 + u32 manifest; 402 + u32 key_addr; 403 + u32 key_data; 404 + u32 key_dst; 405 + u32 result; 406 + }; 407 + 408 + struct tegra_se_hw { 409 + const struct tegra_se_regs *regs; 410 + int (*init_alg)(struct tegra_se *se); 411 + void (*deinit_alg)(struct tegra_se *se); 412 + bool support_sm_alg; 413 + u32 host1x_class; 414 + u32 kac_ver; 415 + }; 416 + 417 + struct tegra_se { 418 + int (*manifest)(u32 user, u32 alg, u32 keylen); 419 + const struct tegra_se_hw *hw; 420 + struct host1x_client client; 421 + struct host1x_channel *channel; 422 + struct tegra_se_cmdbuf *cmdbuf; 423 + struct crypto_engine *engine; 424 + struct host1x_syncpt *syncpt; 425 + struct device *dev; 426 + struct clk *clk; 427 + unsigned int opcode_addr; 428 + unsigned int stream_id; 429 + unsigned int syncpt_id; 430 + void __iomem *base; 431 + u32 owner; 432 + }; 433 + 434 + struct tegra_se_cmdbuf { 435 + dma_addr_t iova; 436 + u32 *addr; 437 + struct device *dev; 438 + struct kref ref; 439 + struct host1x_bo bo; 440 + ssize_t size; 441 + u32 words; 442 + }; 443 + 444 + struct tegra_se_datbuf { 445 + u8 *buf; 446 + dma_addr_t addr; 447 + ssize_t size; 448 + }; 449 + 450 + static inline int se_algname_to_algid(const char *name) 451 + { 452 + if (!strcmp(name, "cbc(aes)")) 453 + return SE_ALG_CBC; 454 + else if (!strcmp(name, "ecb(aes)")) 455 + return SE_ALG_ECB; 456 + else if (!strcmp(name, "ctr(aes)")) 457 + return SE_ALG_CTR; 458 + else if (!strcmp(name, "xts(aes)")) 459 + return SE_ALG_XTS; 460 + else if (!strcmp(name, "cmac(aes)")) 461 + return SE_ALG_CMAC; 462 + else if (!strcmp(name, "gcm(aes)")) 463 + return SE_ALG_GCM; 464 + else if (!strcmp(name, "ccm(aes)")) 465 + return SE_ALG_CBC_MAC; 466 + 467 + else if (!strcmp(name, "sha1")) 468 + return SE_ALG_SHA1; 469 + else if (!strcmp(name, "sha224")) 470 + return SE_ALG_SHA224; 471 + else if (!strcmp(name, "sha256")) 472 + return SE_ALG_SHA256; 473 + else if (!strcmp(name, "sha384")) 474 + return SE_ALG_SHA384; 475 + else if (!strcmp(name, "sha512")) 476 + return SE_ALG_SHA512; 477 + else if (!strcmp(name, "sha3-224")) 478 + return SE_ALG_SHA3_224; 479 + else if (!strcmp(name, "sha3-256")) 480 + return SE_ALG_SHA3_256; 481 + else if (!strcmp(name, "sha3-384")) 482 + return SE_ALG_SHA3_384; 483 + else if (!strcmp(name, "sha3-512")) 484 + return SE_ALG_SHA3_512; 485 + else if (!strcmp(name, "hmac(sha224)")) 486 + return SE_ALG_HMAC_SHA224; 487 + else if (!strcmp(name, "hmac(sha256)")) 488 + return SE_ALG_HMAC_SHA256; 489 + else if (!strcmp(name, "hmac(sha384)")) 490 + return SE_ALG_HMAC_SHA384; 491 + else if (!strcmp(name, "hmac(sha512)")) 492 + return SE_ALG_HMAC_SHA512; 493 + else 494 + return -EINVAL; 495 + } 496 + 497 + /* Functions */ 498 + int tegra_init_aes(struct tegra_se *se); 499 + int tegra_init_hash(struct tegra_se *se); 500 + void tegra_deinit_aes(struct tegra_se *se); 501 + void tegra_deinit_hash(struct tegra_se *se); 502 + int tegra_key_submit(struct tegra_se *se, const u8 *key, 503 + u32 keylen, u32 alg, u32 *keyid); 504 + void tegra_key_invalidate(struct tegra_se *se, u32 keyid, u32 alg); 505 + int tegra_se_host1x_submit(struct tegra_se *se, u32 size); 506 + 507 + /* HOST1x OPCODES */ 508 + static inline u32 host1x_opcode_setpayload(unsigned int payload) 509 + { 510 + return (9 << 28) | payload; 511 + } 512 + 513 + static inline u32 host1x_opcode_incr_w(unsigned int offset) 514 + { 515 + /* 22-bit offset supported */ 516 + return (10 << 28) | offset; 517 + } 518 + 519 + static inline u32 host1x_opcode_nonincr_w(unsigned int offset) 520 + { 521 + /* 22-bit offset supported */ 522 + return (11 << 28) | offset; 523 + } 524 + 525 + static inline u32 host1x_opcode_incr(unsigned int offset, unsigned int count) 526 + { 527 + return (1 << 28) | (offset << 16) | count; 528 + } 529 + 530 + static inline u32 host1x_opcode_nonincr(unsigned int offset, unsigned int count) 531 + { 532 + return (2 << 28) | (offset << 16) | count; 533 + } 534 + 535 + static inline u32 host1x_uclass_incr_syncpt_cond_f(u32 v) 536 + { 537 + return (v & 0xff) << 10; 538 + } 539 + 540 + static inline u32 host1x_uclass_incr_syncpt_indx_f(u32 v) 541 + { 542 + return (v & 0x3ff) << 0; 543 + } 544 + 545 + static inline u32 host1x_uclass_wait_syncpt_r(void) 546 + { 547 + return 0x8; 548 + } 549 + 550 + static inline u32 host1x_uclass_incr_syncpt_r(void) 551 + { 552 + return 0x0; 553 + } 554 + 555 + #define se_host1x_opcode_incr_w(x) host1x_opcode_incr_w((x) / 4) 556 + #define se_host1x_opcode_nonincr_w(x) host1x_opcode_nonincr_w((x) / 4) 557 + #define se_host1x_opcode_incr(x, y) host1x_opcode_incr((x) / 4, y) 558 + #define se_host1x_opcode_nonincr(x, y) host1x_opcode_nonincr((x) / 4, y) 559 + 560 + #endif /*_TEGRA_SE_H*/

+24

drivers/gpu/host1x/dev.c

··· 216 216 */ 217 217 static const struct host1x_sid_entry tegra234_sid_table[] = { 218 218 { 219 + /* SE2 MMIO */ 220 + .base = 0x1658, 221 + .offset = 0x90, 222 + .limit = 0x90 223 + }, 224 + { 225 + /* SE4 MMIO */ 226 + .base = 0x1660, 227 + .offset = 0x90, 228 + .limit = 0x90 229 + }, 230 + { 231 + /* SE2 channel */ 232 + .base = 0x1738, 233 + .offset = 0x90, 234 + .limit = 0x90 235 + }, 236 + { 237 + /* SE4 channel */ 238 + .base = 0x1740, 239 + .offset = 0x90, 240 + .limit = 0x90 241 + }, 242 + { 219 243 /* VIC channel */ 220 244 .base = 0x17b8, 221 245 .offset = 0x30,

+2 -71

include/crypto/acompress.h

··· 56 56 struct crypto_tfm base; 57 57 }; 58 58 59 - /* 60 - * struct crypto_istat_compress - statistics for compress algorithm 61 - * @compress_cnt: number of compress requests 62 - * @compress_tlen: total data size handled by compress requests 63 - * @decompress_cnt: number of decompress requests 64 - * @decompress_tlen: total data size handled by decompress requests 65 - * @err_cnt: number of error for compress requests 66 - */ 67 - struct crypto_istat_compress { 68 - atomic64_t compress_cnt; 69 - atomic64_t compress_tlen; 70 - atomic64_t decompress_cnt; 71 - atomic64_t decompress_tlen; 72 - atomic64_t err_cnt; 73 - }; 74 - 75 - #ifdef CONFIG_CRYPTO_STATS 76 - #define COMP_ALG_COMMON_STATS struct crypto_istat_compress stat; 77 - #else 78 - #define COMP_ALG_COMMON_STATS 79 - #endif 80 - 81 59 #define COMP_ALG_COMMON { \ 82 - COMP_ALG_COMMON_STATS \ 83 - \ 84 60 struct crypto_alg base; \ 85 61 } 86 62 struct comp_alg_common COMP_ALG_COMMON; ··· 237 261 req->flags |= CRYPTO_ACOMP_ALLOC_OUTPUT; 238 262 } 239 263 240 - static inline struct crypto_istat_compress *comp_get_stat( 241 - struct comp_alg_common *alg) 242 - { 243 - #ifdef CONFIG_CRYPTO_STATS 244 - return &alg->stat; 245 - #else 246 - return NULL; 247 - #endif 248 - } 249 - 250 - static inline int crypto_comp_errstat(struct comp_alg_common *alg, int err) 251 - { 252 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 253 - return err; 254 - 255 - if (err && err != -EINPROGRESS && err != -EBUSY) 256 - atomic64_inc(&comp_get_stat(alg)->err_cnt); 257 - 258 - return err; 259 - } 260 - 261 264 /** 262 265 * crypto_acomp_compress() -- Invoke asynchronous compress operation 263 266 * ··· 248 293 */ 249 294 static inline int crypto_acomp_compress(struct acomp_req *req) 250 295 { 251 - struct crypto_acomp *tfm = crypto_acomp_reqtfm(req); 252 - struct comp_alg_common *alg; 253 - 254 - alg = crypto_comp_alg_common(tfm); 255 - 256 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 257 - struct crypto_istat_compress *istat = comp_get_stat(alg); 258 - 259 - atomic64_inc(&istat->compress_cnt); 260 - atomic64_add(req->slen, &istat->compress_tlen); 261 - } 262 - 263 - return crypto_comp_errstat(alg, tfm->compress(req)); 296 + return crypto_acomp_reqtfm(req)->compress(req); 264 297 } 265 298 266 299 /** ··· 262 319 */ 263 320 static inline int crypto_acomp_decompress(struct acomp_req *req) 264 321 { 265 - struct crypto_acomp *tfm = crypto_acomp_reqtfm(req); 266 - struct comp_alg_common *alg; 267 - 268 - alg = crypto_comp_alg_common(tfm); 269 - 270 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 271 - struct crypto_istat_compress *istat = comp_get_stat(alg); 272 - 273 - atomic64_inc(&istat->decompress_cnt); 274 - atomic64_add(req->slen, &istat->decompress_tlen); 275 - } 276 - 277 - return crypto_comp_errstat(alg, tfm->decompress(req)); 322 + return crypto_acomp_reqtfm(req)->decompress(req); 278 323 } 279 324 280 325 #endif

-21

include/crypto/aead.h

··· 101 101 void *__ctx[] CRYPTO_MINALIGN_ATTR; 102 102 }; 103 103 104 - /* 105 - * struct crypto_istat_aead - statistics for AEAD algorithm 106 - * @encrypt_cnt: number of encrypt requests 107 - * @encrypt_tlen: total data size handled by encrypt requests 108 - * @decrypt_cnt: number of decrypt requests 109 - * @decrypt_tlen: total data size handled by decrypt requests 110 - * @err_cnt: number of error for AEAD requests 111 - */ 112 - struct crypto_istat_aead { 113 - atomic64_t encrypt_cnt; 114 - atomic64_t encrypt_tlen; 115 - atomic64_t decrypt_cnt; 116 - atomic64_t decrypt_tlen; 117 - atomic64_t err_cnt; 118 - }; 119 - 120 104 /** 121 105 * struct aead_alg - AEAD cipher definition 122 106 * @maxauthsize: Set the maximum authentication tag size supported by the ··· 119 135 * @setkey: see struct skcipher_alg 120 136 * @encrypt: see struct skcipher_alg 121 137 * @decrypt: see struct skcipher_alg 122 - * @stat: statistics for AEAD algorithm 123 138 * @ivsize: see struct skcipher_alg 124 139 * @chunksize: see struct skcipher_alg 125 140 * @init: Initialize the cryptographic transformation object. This function ··· 144 161 int (*decrypt)(struct aead_request *req); 145 162 int (*init)(struct crypto_aead *tfm); 146 163 void (*exit)(struct crypto_aead *tfm); 147 - 148 - #ifdef CONFIG_CRYPTO_STATS 149 - struct crypto_istat_aead stat; 150 - #endif 151 164 152 165 unsigned int ivsize; 153 166 unsigned int maxauthsize;

+4 -74

include/crypto/akcipher.h

··· 54 54 struct crypto_tfm base; 55 55 }; 56 56 57 - /* 58 - * struct crypto_istat_akcipher - statistics for akcipher algorithm 59 - * @encrypt_cnt: number of encrypt requests 60 - * @encrypt_tlen: total data size handled by encrypt requests 61 - * @decrypt_cnt: number of decrypt requests 62 - * @decrypt_tlen: total data size handled by decrypt requests 63 - * @verify_cnt: number of verify operation 64 - * @sign_cnt: number of sign requests 65 - * @err_cnt: number of error for akcipher requests 66 - */ 67 - struct crypto_istat_akcipher { 68 - atomic64_t encrypt_cnt; 69 - atomic64_t encrypt_tlen; 70 - atomic64_t decrypt_cnt; 71 - atomic64_t decrypt_tlen; 72 - atomic64_t verify_cnt; 73 - atomic64_t sign_cnt; 74 - atomic64_t err_cnt; 75 - }; 76 - 77 57 /** 78 58 * struct akcipher_alg - generic public key algorithm 79 59 * ··· 90 110 * @exit: Deinitialize the cryptographic transformation object. This is a 91 111 * counterpart to @init, used to remove various changes set in 92 112 * @init. 93 - * @stat: Statistics for akcipher algorithm 94 113 * 95 114 * @base: Common crypto API algorithm data structure 96 115 */ ··· 105 126 unsigned int (*max_size)(struct crypto_akcipher *tfm); 106 127 int (*init)(struct crypto_akcipher *tfm); 107 128 void (*exit)(struct crypto_akcipher *tfm); 108 - 109 - #ifdef CONFIG_CRYPTO_STATS 110 - struct crypto_istat_akcipher stat; 111 - #endif 112 129 113 130 struct crypto_alg base; 114 131 }; ··· 277 302 return alg->max_size(tfm); 278 303 } 279 304 280 - static inline struct crypto_istat_akcipher *akcipher_get_stat( 281 - struct akcipher_alg *alg) 282 - { 283 - #ifdef CONFIG_CRYPTO_STATS 284 - return &alg->stat; 285 - #else 286 - return NULL; 287 - #endif 288 - } 289 - 290 - static inline int crypto_akcipher_errstat(struct akcipher_alg *alg, int err) 291 - { 292 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 293 - return err; 294 - 295 - if (err && err != -EINPROGRESS && err != -EBUSY) 296 - atomic64_inc(&akcipher_get_stat(alg)->err_cnt); 297 - 298 - return err; 299 - } 300 - 301 305 /** 302 306 * crypto_akcipher_encrypt() - Invoke public key encrypt operation 303 307 * ··· 290 336 static inline int crypto_akcipher_encrypt(struct akcipher_request *req) 291 337 { 292 338 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 293 - struct akcipher_alg *alg = crypto_akcipher_alg(tfm); 294 339 295 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 296 - struct crypto_istat_akcipher *istat = akcipher_get_stat(alg); 297 - 298 - atomic64_inc(&istat->encrypt_cnt); 299 - atomic64_add(req->src_len, &istat->encrypt_tlen); 300 - } 301 - 302 - return crypto_akcipher_errstat(alg, alg->encrypt(req)); 340 + return crypto_akcipher_alg(tfm)->encrypt(req); 303 341 } 304 342 305 343 /** ··· 307 361 static inline int crypto_akcipher_decrypt(struct akcipher_request *req) 308 362 { 309 363 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 310 - struct akcipher_alg *alg = crypto_akcipher_alg(tfm); 311 364 312 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 313 - struct crypto_istat_akcipher *istat = akcipher_get_stat(alg); 314 - 315 - atomic64_inc(&istat->decrypt_cnt); 316 - atomic64_add(req->src_len, &istat->decrypt_tlen); 317 - } 318 - 319 - return crypto_akcipher_errstat(alg, alg->decrypt(req)); 365 + return crypto_akcipher_alg(tfm)->decrypt(req); 320 366 } 321 367 322 368 /** ··· 360 422 static inline int crypto_akcipher_sign(struct akcipher_request *req) 361 423 { 362 424 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 363 - struct akcipher_alg *alg = crypto_akcipher_alg(tfm); 364 425 365 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 366 - atomic64_inc(&akcipher_get_stat(alg)->sign_cnt); 367 - 368 - return crypto_akcipher_errstat(alg, alg->sign(req)); 426 + return crypto_akcipher_alg(tfm)->sign(req); 369 427 } 370 428 371 429 /** ··· 381 447 static inline int crypto_akcipher_verify(struct akcipher_request *req) 382 448 { 383 449 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 384 - struct akcipher_alg *alg = crypto_akcipher_alg(tfm); 385 450 386 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 387 - atomic64_inc(&akcipher_get_stat(alg)->verify_cnt); 388 - 389 - return crypto_akcipher_errstat(alg, alg->verify(req)); 451 + return crypto_akcipher_alg(tfm)->verify(req); 390 452 } 391 453 392 454 /**

-3

include/crypto/algapi.h

··· 61 61 void (*show)(struct seq_file *m, struct crypto_alg *alg); 62 62 int (*report)(struct sk_buff *skb, struct crypto_alg *alg); 63 63 void (*free)(struct crypto_instance *inst); 64 - #ifdef CONFIG_CRYPTO_STATS 65 - int (*report_stat)(struct sk_buff *skb, struct crypto_alg *alg); 66 - #endif 67 64 68 65 unsigned int type; 69 66 unsigned int maskclear;

+2

include/crypto/ecc_curve.h

··· 23 23 * struct ecc_curve - definition of elliptic curve 24 24 * 25 25 * @name: Short name of the curve. 26 + * @nbits: The number of bits of a curve. 26 27 * @g: Generator point of the curve. 27 28 * @p: Prime number, if Barrett's reduction is used for this curve 28 29 * pre-calculated value 'mu' is appended to the @p after ndigits. ··· 35 34 */ 36 35 struct ecc_curve { 37 36 char *name; 37 + u32 nbits; 38 38 struct ecc_point g; 39 39 u64 *p; 40 40 u64 *n;

+1

include/crypto/ecdh.h

··· 26 26 #define ECC_CURVE_NIST_P192 0x0001 27 27 #define ECC_CURVE_NIST_P256 0x0002 28 28 #define ECC_CURVE_NIST_P384 0x0003 29 + #define ECC_CURVE_NIST_P521 0x0004 29 30 30 31 /** 31 32 * struct ecdh - define an ECDH private key

-22

include/crypto/hash.h

··· 24 24 */ 25 25 26 26 /* 27 - * struct crypto_istat_hash - statistics for has algorithm 28 - * @hash_cnt: number of hash requests 29 - * @hash_tlen: total data size hashed 30 - * @err_cnt: number of error for hash requests 31 - */ 32 - struct crypto_istat_hash { 33 - atomic64_t hash_cnt; 34 - atomic64_t hash_tlen; 35 - atomic64_t err_cnt; 36 - }; 37 - 38 - #ifdef CONFIG_CRYPTO_STATS 39 - #define HASH_ALG_COMMON_STAT struct crypto_istat_hash stat; 40 - #else 41 - #define HASH_ALG_COMMON_STAT 42 - #endif 43 - 44 - /* 45 27 * struct hash_alg_common - define properties of message digest 46 - * @stat: Statistics for hash algorithm. 47 28 * @digestsize: Size of the result of the transformation. A buffer of this size 48 29 * must be available to the @final and @finup calls, so they can 49 30 * store the resulting hash into it. For various predefined sizes, ··· 41 60 * information. 42 61 */ 43 62 #define HASH_ALG_COMMON { \ 44 - HASH_ALG_COMMON_STAT \ 45 - \ 46 63 unsigned int digestsize; \ 47 64 unsigned int statesize; \ 48 65 \ ··· 222 243 }; 223 244 }; 224 245 #undef HASH_ALG_COMMON 225 - #undef HASH_ALG_COMMON_STAT 226 246 227 247 struct crypto_ahash { 228 248 bool using_shash; /* Underlying algorithm is shash, not ahash */

-1

include/crypto/internal/acompress.h

··· 31 31 * @init. 32 32 * 33 33 * @reqsize: Context size for (de)compression requests 34 - * @stat: Statistics for compress algorithm 35 34 * @base: Common crypto API algorithm data structure 36 35 * @calg: Cmonn algorithm data structure shared with scomp 37 36 */

-16

include/crypto/internal/cryptouser.h

··· 1 - /* SPDX-License-Identifier: GPL-2.0 */ 2 - #include <linux/cryptouser.h> 3 - #include <net/netlink.h> 4 - 5 - struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact); 6 - 7 - #ifdef CONFIG_CRYPTO_STATS 8 - int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, struct nlattr **attrs); 9 - #else 10 - static inline int crypto_reportstat(struct sk_buff *in_skb, 11 - struct nlmsghdr *in_nlh, 12 - struct nlattr **attrs) 13 - { 14 - return -ENOTSUPP; 15 - } 16 - #endif

+25 -2

include/crypto/internal/ecc.h

··· 33 33 #define ECC_CURVE_NIST_P192_DIGITS 3 34 34 #define ECC_CURVE_NIST_P256_DIGITS 4 35 35 #define ECC_CURVE_NIST_P384_DIGITS 6 36 - #define ECC_MAX_DIGITS (512 / 64) /* due to ecrdsa */ 36 + #define ECC_CURVE_NIST_P521_DIGITS 9 37 + #define ECC_MAX_DIGITS DIV_ROUND_UP(521, 64) /* NIST P521 */ 37 38 38 39 #define ECC_DIGITS_TO_BYTES_SHIFT 3 39 40 ··· 55 54 56 55 for (i = 0; i < ndigits; i++) 57 56 out[i] = get_unaligned_be64(&src[ndigits - 1 - i]); 57 + } 58 + 59 + /** 60 + * ecc_digits_from_bytes() - Create ndigits-sized digits array from byte array 61 + * @in: Input byte array 62 + * @nbytes Size of input byte array 63 + * @out Output digits array 64 + * @ndigits: Number of digits to create from byte array 65 + */ 66 + static inline void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes, 67 + u64 *out, unsigned int ndigits) 68 + { 69 + unsigned int o = nbytes & 7; 70 + __be64 msd = 0; 71 + 72 + if (o) { 73 + memcpy((u8 *)&msd + sizeof(msd) - o, in, o); 74 + out[--ndigits] = be64_to_cpu(msd); 75 + in += o; 76 + } 77 + ecc_swap_digits(in, out, ndigits); 58 78 } 59 79 60 80 /** ··· 103 81 * Returns 0 if the private key was generated successfully, a negative value 104 82 * if an error occurred. 105 83 */ 106 - int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey); 84 + int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, 85 + u64 *private_key); 107 86 108 87 /** 109 88 * ecc_make_pub_key() - Compute an ECC public key

-1

include/crypto/internal/scompress.h

··· 27 27 * @free_ctx: Function frees context allocated with alloc_ctx 28 28 * @compress: Function performs a compress operation 29 29 * @decompress: Function performs a de-compress operation 30 - * @stat: Statistics for compress algorithm 31 30 * @base: Common crypto API algorithm data structure 32 31 * @calg: Cmonn algorithm data structure shared with acomp 33 32 */

+3 -55

include/crypto/kpp.h

··· 51 51 struct crypto_tfm base; 52 52 }; 53 53 54 - /* 55 - * struct crypto_istat_kpp - statistics for KPP algorithm 56 - * @setsecret_cnt: number of setsecrey operation 57 - * @generate_public_key_cnt: number of generate_public_key operation 58 - * @compute_shared_secret_cnt: number of compute_shared_secret operation 59 - * @err_cnt: number of error for KPP requests 60 - */ 61 - struct crypto_istat_kpp { 62 - atomic64_t setsecret_cnt; 63 - atomic64_t generate_public_key_cnt; 64 - atomic64_t compute_shared_secret_cnt; 65 - atomic64_t err_cnt; 66 - }; 67 - 68 54 /** 69 55 * struct kpp_alg - generic key-agreement protocol primitives 70 56 * ··· 73 87 * @exit: Undo everything @init did. 74 88 * 75 89 * @base: Common crypto API algorithm data structure 76 - * @stat: Statistics for KPP algorithm 77 90 */ 78 91 struct kpp_alg { 79 92 int (*set_secret)(struct crypto_kpp *tfm, const void *buffer, ··· 84 99 85 100 int (*init)(struct crypto_kpp *tfm); 86 101 void (*exit)(struct crypto_kpp *tfm); 87 - 88 - #ifdef CONFIG_CRYPTO_STATS 89 - struct crypto_istat_kpp stat; 90 - #endif 91 102 92 103 struct crypto_alg base; 93 104 }; ··· 272 291 unsigned short len; 273 292 }; 274 293 275 - static inline struct crypto_istat_kpp *kpp_get_stat(struct kpp_alg *alg) 276 - { 277 - #ifdef CONFIG_CRYPTO_STATS 278 - return &alg->stat; 279 - #else 280 - return NULL; 281 - #endif 282 - } 283 - 284 - static inline int crypto_kpp_errstat(struct kpp_alg *alg, int err) 285 - { 286 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 287 - return err; 288 - 289 - if (err && err != -EINPROGRESS && err != -EBUSY) 290 - atomic64_inc(&kpp_get_stat(alg)->err_cnt); 291 - 292 - return err; 293 - } 294 - 295 294 /** 296 295 * crypto_kpp_set_secret() - Invoke kpp operation 297 296 * ··· 290 329 static inline int crypto_kpp_set_secret(struct crypto_kpp *tfm, 291 330 const void *buffer, unsigned int len) 292 331 { 293 - struct kpp_alg *alg = crypto_kpp_alg(tfm); 294 - 295 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 296 - atomic64_inc(&kpp_get_stat(alg)->setsecret_cnt); 297 - 298 - return crypto_kpp_errstat(alg, alg->set_secret(tfm, buffer, len)); 332 + return crypto_kpp_alg(tfm)->set_secret(tfm, buffer, len); 299 333 } 300 334 301 335 /** ··· 309 353 static inline int crypto_kpp_generate_public_key(struct kpp_request *req) 310 354 { 311 355 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 312 - struct kpp_alg *alg = crypto_kpp_alg(tfm); 313 356 314 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 315 - atomic64_inc(&kpp_get_stat(alg)->generate_public_key_cnt); 316 - 317 - return crypto_kpp_errstat(alg, alg->generate_public_key(req)); 357 + return crypto_kpp_alg(tfm)->generate_public_key(req); 318 358 } 319 359 320 360 /** ··· 326 374 static inline int crypto_kpp_compute_shared_secret(struct kpp_request *req) 327 375 { 328 376 struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); 329 - struct kpp_alg *alg = crypto_kpp_alg(tfm); 330 377 331 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) 332 - atomic64_inc(&kpp_get_stat(alg)->compute_shared_secret_cnt); 333 - 334 - return crypto_kpp_errstat(alg, alg->compute_shared_secret(req)); 378 + return crypto_kpp_alg(tfm)->compute_shared_secret(req); 335 379 } 336 380 337 381 /**

+1 -50

include/crypto/rng.h

··· 15 15 16 16 struct crypto_rng; 17 17 18 - /* 19 - * struct crypto_istat_rng: statistics for RNG algorithm 20 - * @generate_cnt: number of RNG generate requests 21 - * @generate_tlen: total data size of generated data by the RNG 22 - * @seed_cnt: number of times the RNG was seeded 23 - * @err_cnt: number of error for RNG requests 24 - */ 25 - struct crypto_istat_rng { 26 - atomic64_t generate_cnt; 27 - atomic64_t generate_tlen; 28 - atomic64_t seed_cnt; 29 - atomic64_t err_cnt; 30 - }; 31 - 32 18 /** 33 19 * struct rng_alg - random number generator definition 34 20 * ··· 32 46 * size of the seed is defined with @seedsize . 33 47 * @set_ent: Set entropy that would otherwise be obtained from 34 48 * entropy source. Internal use only. 35 - * @stat: Statistics for rng algorithm 36 49 * @seedsize: The seed size required for a random number generator 37 50 * initialization defined with this variable. Some 38 51 * random number generators does not require a seed ··· 47 62 int (*seed)(struct crypto_rng *tfm, const u8 *seed, unsigned int slen); 48 63 void (*set_ent)(struct crypto_rng *tfm, const u8 *data, 49 64 unsigned int len); 50 - 51 - #ifdef CONFIG_CRYPTO_STATS 52 - struct crypto_istat_rng stat; 53 - #endif 54 65 55 66 unsigned int seedsize; 56 67 ··· 125 144 crypto_destroy_tfm(tfm, crypto_rng_tfm(tfm)); 126 145 } 127 146 128 - static inline struct crypto_istat_rng *rng_get_stat(struct rng_alg *alg) 129 - { 130 - #ifdef CONFIG_CRYPTO_STATS 131 - return &alg->stat; 132 - #else 133 - return NULL; 134 - #endif 135 - } 136 - 137 - static inline int crypto_rng_errstat(struct rng_alg *alg, int err) 138 - { 139 - if (!IS_ENABLED(CONFIG_CRYPTO_STATS)) 140 - return err; 141 - 142 - if (err && err != -EINPROGRESS && err != -EBUSY) 143 - atomic64_inc(&rng_get_stat(alg)->err_cnt); 144 - 145 - return err; 146 - } 147 - 148 147 /** 149 148 * crypto_rng_generate() - get random number 150 149 * @tfm: cipher handle ··· 143 182 const u8 *src, unsigned int slen, 144 183 u8 *dst, unsigned int dlen) 145 184 { 146 - struct rng_alg *alg = crypto_rng_alg(tfm); 147 - 148 - if (IS_ENABLED(CONFIG_CRYPTO_STATS)) { 149 - struct crypto_istat_rng *istat = rng_get_stat(alg); 150 - 151 - atomic64_inc(&istat->generate_cnt); 152 - atomic64_add(dlen, &istat->generate_tlen); 153 - } 154 - 155 - return crypto_rng_errstat(alg, 156 - alg->generate(tfm, src, slen, dst, dlen)); 185 + return crypto_rng_alg(tfm)->generate(tfm, src, slen, dst, dlen); 157 186 } 158 187 159 188 /**

-25

include/crypto/skcipher.h

··· 65 65 }; 66 66 67 67 /* 68 - * struct crypto_istat_cipher - statistics for cipher algorithm 69 - * @encrypt_cnt: number of encrypt requests 70 - * @encrypt_tlen: total data size handled by encrypt requests 71 - * @decrypt_cnt: number of decrypt requests 72 - * @decrypt_tlen: total data size handled by decrypt requests 73 - * @err_cnt: number of error for cipher requests 74 - */ 75 - struct crypto_istat_cipher { 76 - atomic64_t encrypt_cnt; 77 - atomic64_t encrypt_tlen; 78 - atomic64_t decrypt_cnt; 79 - atomic64_t decrypt_tlen; 80 - atomic64_t err_cnt; 81 - }; 82 - 83 - #ifdef CONFIG_CRYPTO_STATS 84 - #define SKCIPHER_ALG_COMMON_STAT struct crypto_istat_cipher stat; 85 - #else 86 - #define SKCIPHER_ALG_COMMON_STAT 87 - #endif 88 - 89 - /* 90 68 * struct skcipher_alg_common - common properties of skcipher_alg 91 69 * @min_keysize: Minimum key size supported by the transformation. This is the 92 70 * smallest key length supported by this transformation algorithm. ··· 81 103 * @chunksize: Equal to the block size except for stream ciphers such as 82 104 * CTR where it is set to the underlying block size. 83 105 * @statesize: Size of the internal state for the algorithm. 84 - * @stat: Statistics for cipher algorithm 85 106 * @base: Definition of a generic crypto algorithm. 86 107 */ 87 108 #define SKCIPHER_ALG_COMMON { \ ··· 89 112 unsigned int ivsize; \ 90 113 unsigned int chunksize; \ 91 114 unsigned int statesize; \ 92 - \ 93 - SKCIPHER_ALG_COMMON_STAT \ 94 115 \ 95 116 struct crypto_alg base; \ 96 117 }

+1

include/linux/oid_registry.h

··· 69 69 OID_certAuthInfoAccess, /* 1.3.6.1.5.5.7.1.1 */ 70 70 OID_sha1, /* 1.3.14.3.2.26 */ 71 71 OID_id_ansip384r1, /* 1.3.132.0.34 */ 72 + OID_id_ansip521r1, /* 1.3.132.0.35 */ 72 73 OID_sha256, /* 2.16.840.1.101.3.4.2.1 */ 73 74 OID_sha384, /* 2.16.840.1.101.3.4.2.2 */ 74 75 OID_sha512, /* 2.16.840.1.101.3.4.2.3 */

+31

include/linux/qat/qat_mig_dev.h

··· 1 + /* SPDX-License-Identifier: GPL-2.0-only */ 2 + /* Copyright(c) 2024 Intel Corporation */ 3 + #ifndef QAT_MIG_DEV_H_ 4 + #define QAT_MIG_DEV_H_ 5 + 6 + struct pci_dev; 7 + 8 + struct qat_mig_dev { 9 + void *parent_accel_dev; 10 + u8 *state; 11 + u32 setup_size; 12 + u32 remote_setup_size; 13 + u32 state_size; 14 + s32 vf_id; 15 + }; 16 + 17 + struct qat_mig_dev *qat_vfmig_create(struct pci_dev *pdev, int vf_id); 18 + int qat_vfmig_init(struct qat_mig_dev *mdev); 19 + void qat_vfmig_cleanup(struct qat_mig_dev *mdev); 20 + void qat_vfmig_reset(struct qat_mig_dev *mdev); 21 + int qat_vfmig_open(struct qat_mig_dev *mdev); 22 + void qat_vfmig_close(struct qat_mig_dev *mdev); 23 + int qat_vfmig_suspend(struct qat_mig_dev *mdev); 24 + int qat_vfmig_resume(struct qat_mig_dev *mdev); 25 + int qat_vfmig_save_state(struct qat_mig_dev *mdev); 26 + int qat_vfmig_save_setup(struct qat_mig_dev *mdev); 27 + int qat_vfmig_load_state(struct qat_mig_dev *mdev); 28 + int qat_vfmig_load_setup(struct qat_mig_dev *mdev, int size); 29 + void qat_vfmig_destroy(struct qat_mig_dev *mdev); 30 + 31 + #endif /*QAT_MIG_DEV_H_*/

+19 -11

include/uapi/linux/cryptouser.h

··· 32 32 CRYPTO_MSG_UPDATEALG, 33 33 CRYPTO_MSG_GETALG, 34 34 CRYPTO_MSG_DELRNG, 35 - CRYPTO_MSG_GETSTAT, 35 + CRYPTO_MSG_GETSTAT, /* No longer supported, do not use. */ 36 36 __CRYPTO_MSG_MAX 37 37 }; 38 38 #define CRYPTO_MSG_MAX (__CRYPTO_MSG_MAX - 1) ··· 54 54 CRYPTOCFGA_REPORT_AKCIPHER, /* struct crypto_report_akcipher */ 55 55 CRYPTOCFGA_REPORT_KPP, /* struct crypto_report_kpp */ 56 56 CRYPTOCFGA_REPORT_ACOMP, /* struct crypto_report_acomp */ 57 - CRYPTOCFGA_STAT_LARVAL, /* struct crypto_stat */ 58 - CRYPTOCFGA_STAT_HASH, /* struct crypto_stat */ 59 - CRYPTOCFGA_STAT_BLKCIPHER, /* struct crypto_stat */ 60 - CRYPTOCFGA_STAT_AEAD, /* struct crypto_stat */ 61 - CRYPTOCFGA_STAT_COMPRESS, /* struct crypto_stat */ 62 - CRYPTOCFGA_STAT_RNG, /* struct crypto_stat */ 63 - CRYPTOCFGA_STAT_CIPHER, /* struct crypto_stat */ 64 - CRYPTOCFGA_STAT_AKCIPHER, /* struct crypto_stat */ 65 - CRYPTOCFGA_STAT_KPP, /* struct crypto_stat */ 66 - CRYPTOCFGA_STAT_ACOMP, /* struct crypto_stat */ 57 + CRYPTOCFGA_STAT_LARVAL, /* No longer supported, do not use. */ 58 + CRYPTOCFGA_STAT_HASH, /* No longer supported, do not use. */ 59 + CRYPTOCFGA_STAT_BLKCIPHER, /* No longer supported, do not use. */ 60 + CRYPTOCFGA_STAT_AEAD, /* No longer supported, do not use. */ 61 + CRYPTOCFGA_STAT_COMPRESS, /* No longer supported, do not use. */ 62 + CRYPTOCFGA_STAT_RNG, /* No longer supported, do not use. */ 63 + CRYPTOCFGA_STAT_CIPHER, /* No longer supported, do not use. */ 64 + CRYPTOCFGA_STAT_AKCIPHER, /* No longer supported, do not use. */ 65 + CRYPTOCFGA_STAT_KPP, /* No longer supported, do not use. */ 66 + CRYPTOCFGA_STAT_ACOMP, /* No longer supported, do not use. */ 67 67 __CRYPTOCFGA_MAX 68 68 69 69 #define CRYPTOCFGA_MAX (__CRYPTOCFGA_MAX - 1) ··· 79 79 __u32 cru_flags; 80 80 }; 81 81 82 + /* No longer supported, do not use. */ 82 83 struct crypto_stat_aead { 83 84 char type[CRYPTO_MAX_NAME]; 84 85 __u64 stat_encrypt_cnt; ··· 89 88 __u64 stat_err_cnt; 90 89 }; 91 90 91 + /* No longer supported, do not use. */ 92 92 struct crypto_stat_akcipher { 93 93 char type[CRYPTO_MAX_NAME]; 94 94 __u64 stat_encrypt_cnt; ··· 101 99 __u64 stat_err_cnt; 102 100 }; 103 101 102 + /* No longer supported, do not use. */ 104 103 struct crypto_stat_cipher { 105 104 char type[CRYPTO_MAX_NAME]; 106 105 __u64 stat_encrypt_cnt; ··· 111 108 __u64 stat_err_cnt; 112 109 }; 113 110 111 + /* No longer supported, do not use. */ 114 112 struct crypto_stat_compress { 115 113 char type[CRYPTO_MAX_NAME]; 116 114 __u64 stat_compress_cnt; ··· 121 117 __u64 stat_err_cnt; 122 118 }; 123 119 120 + /* No longer supported, do not use. */ 124 121 struct crypto_stat_hash { 125 122 char type[CRYPTO_MAX_NAME]; 126 123 __u64 stat_hash_cnt; ··· 129 124 __u64 stat_err_cnt; 130 125 }; 131 126 127 + /* No longer supported, do not use. */ 132 128 struct crypto_stat_kpp { 133 129 char type[CRYPTO_MAX_NAME]; 134 130 __u64 stat_setsecret_cnt; ··· 138 132 __u64 stat_err_cnt; 139 133 }; 140 134 135 + /* No longer supported, do not use. */ 141 136 struct crypto_stat_rng { 142 137 char type[CRYPTO_MAX_NAME]; 143 138 __u64 stat_generate_cnt; ··· 147 140 __u64 stat_err_cnt; 148 141 }; 149 142 143 + /* No longer supported, do not use. */ 150 144 struct crypto_stat_larval { 151 145 char type[CRYPTO_MAX_NAME]; 152 146 };

+4 -4

kernel/padata.c

··· 106 106 { 107 107 int i; 108 108 109 - spin_lock(&padata_works_lock); 109 + spin_lock_bh(&padata_works_lock); 110 110 /* Start at 1 because the current task participates in the job. */ 111 111 for (i = 1; i < nworks; ++i) { 112 112 struct padata_work *pw = padata_work_alloc(); ··· 116 116 padata_work_init(pw, padata_mt_helper, data, 0); 117 117 list_add(&pw->pw_list, head); 118 118 } 119 - spin_unlock(&padata_works_lock); 119 + spin_unlock_bh(&padata_works_lock); 120 120 121 121 return i; 122 122 } ··· 134 134 if (list_empty(works)) 135 135 return; 136 136 137 - spin_lock(&padata_works_lock); 137 + spin_lock_bh(&padata_works_lock); 138 138 list_for_each_entry_safe(cur, next, works, pw_list) { 139 139 list_del(&cur->pw_list); 140 140 padata_work_free(cur); 141 141 } 142 - spin_unlock(&padata_works_lock); 142 + spin_unlock_bh(&padata_works_lock); 143 143 } 144 144 145 145 static void padata_parallel_worker(struct work_struct *parallel_work)