tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: ccree - add function to handle cryptocell tee fips error

Adds function that checks if cryptocell tee fips error occurred
and in such case triggers system error through kernel panic.
Change fips function to use this new routine.

Signed-off-by: Ofir Drang <ofir.drang@arm.com>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ofir Drang and committed by
Herbert Xu 897ab231 3499efbe

+17 -8
+15 -8
drivers/crypto/ccree/cc_fips.c
··· 70 70 dev_err(dev, "TEE reported error!\n"); 71 71 } 72 72 73 + /* 74 + * This function check if cryptocell tee fips error occurred 75 + * and in such case triggers system error 76 + */ 77 + void cc_tee_handle_fips_error(struct cc_drvdata *p_drvdata) 78 + { 79 + struct device *dev = drvdata_to_dev(p_drvdata); 80 + 81 + if (!cc_get_tee_fips_status(p_drvdata)) 82 + tee_fips_error(dev); 83 + } 84 + 73 85 /* Deferred service handler, run as interrupt-fired tasklet */ 74 86 static void fips_dsr(unsigned long devarg) 75 87 { 76 88 struct cc_drvdata *drvdata = (struct cc_drvdata *)devarg; 77 - struct device *dev = drvdata_to_dev(drvdata); 78 - u32 irq, state, val; 89 + u32 irq, val; 79 90 80 91 irq = (drvdata->irq & (CC_GPR0_IRQ_MASK)); 81 92 82 93 if (irq) { 83 - state = cc_ioread(drvdata, CC_REG(GPR_HOST)); 84 - 85 - if (state != (CC_FIPS_SYNC_TEE_STATUS | CC_FIPS_SYNC_MODULE_OK)) 86 - tee_fips_error(dev); 94 + cc_tee_handle_fips_error(drvdata); 87 95 } 88 96 89 97 /* after verifing that there is nothing to do, ··· 119 111 dev_dbg(dev, "Initializing fips tasklet\n"); 120 112 tasklet_init(&fips_h->tasklet, fips_dsr, (unsigned long)p_drvdata); 121 113 122 - if (!cc_get_tee_fips_status(p_drvdata)) 123 - tee_fips_error(dev); 114 + cc_tee_handle_fips_error(p_drvdata); 124 115 125 116 return 0; 126 117 }
+2
drivers/crypto/ccree/cc_fips.h
··· 18 18 void cc_fips_fini(struct cc_drvdata *drvdata); 19 19 void fips_handler(struct cc_drvdata *drvdata); 20 20 void cc_set_ree_fips_status(struct cc_drvdata *drvdata, bool ok); 21 + void cc_tee_handle_fips_error(struct cc_drvdata *p_drvdata); 21 22 22 23 #else /* CONFIG_CRYPTO_FIPS */ 23 24 ··· 31 30 static inline void cc_set_ree_fips_status(struct cc_drvdata *drvdata, 32 31 bool ok) {} 33 32 static inline void fips_handler(struct cc_drvdata *drvdata) {} 33 + static inline void cc_tee_handle_fips_error(struct cc_drvdata *p_drvdata) {} 34 34 35 35 #endif /* CONFIG_CRYPTO_FIPS */ 36 36