Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull crypto fixes from Herbert Xu:

- Fix missed wake-up race in padata

- Use crypto_memneq in ccp

- Fix version check in ccp

- Fix fuzz test failure in ccp

- Fix potential double free in crypto4xx

- Fix compile warning in stm32

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
crypto: ccp - Fix SEV_VERSION_GREATER_OR_EQUAL
crypto: ccp/gcm - use const time tag comparison.
crypto: ccp - memset structure fields to zero before reuse
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
crypto: stm32/hash - Fix incorrect printk modifier for size_t

Linus Torvalds 6 years ago dd4542d2 40ef768a

+38 -11

5 changed files

expand all

drivers

crypto

amcc

crypto4xx_trng.c

ccp

ccp-ops.c

psp-dev.c

stm32

stm32-hash.c

kernel

padata.c

-1

drivers/crypto/amcc/crypto4xx_trng.c

··· 108 108 return; 109 109 110 110 err_out: 111 - of_node_put(trng); 112 111 iounmap(dev->trng_base); 113 112 kfree(rng); 114 113 dev->trng_base = NULL;

+13 -2

drivers/crypto/ccp/ccp-ops.c

··· 622 622 623 623 unsigned long long *final; 624 624 unsigned int dm_offset; 625 + unsigned int jobid; 625 626 unsigned int ilen; 626 627 bool in_place = true; /* Default value */ 627 628 int ret; ··· 661 660 p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen); 662 661 } 663 662 663 + jobid = CCP_NEW_JOBID(cmd_q->ccp); 664 + 664 665 memset(&op, 0, sizeof(op)); 665 666 op.cmd_q = cmd_q; 666 - op.jobid = CCP_NEW_JOBID(cmd_q->ccp); 667 + op.jobid = jobid; 667 668 op.sb_key = cmd_q->sb_key; /* Pre-allocated */ 668 669 op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */ 669 670 op.init = 1; ··· 816 813 final[0] = cpu_to_be64(aes->aad_len * 8); 817 814 final[1] = cpu_to_be64(ilen * 8); 818 815 816 + memset(&op, 0, sizeof(op)); 817 + op.cmd_q = cmd_q; 818 + op.jobid = jobid; 819 + op.sb_key = cmd_q->sb_key; /* Pre-allocated */ 820 + op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */ 821 + op.init = 1; 822 + op.u.aes.type = aes->type; 819 823 op.u.aes.mode = CCP_AES_MODE_GHASH; 820 824 op.u.aes.action = CCP_AES_GHASHFINAL; 821 825 op.src.type = CCP_MEMTYPE_SYSTEM; ··· 850 840 if (ret) 851 841 goto e_tag; 852 842 853 - ret = memcmp(tag.address, final_wa.address, AES_BLOCK_SIZE); 843 + ret = crypto_memneq(tag.address, final_wa.address, 844 + AES_BLOCK_SIZE) ? -EBADMSG : 0; 854 845 ccp_dm_free(&tag); 855 846 } 856 847

+12 -7

drivers/crypto/ccp/psp-dev.c

··· 24 24 #include "sp-dev.h" 25 25 #include "psp-dev.h" 26 26 27 - #define SEV_VERSION_GREATER_OR_EQUAL(_maj, _min) \ 28 - ((psp_master->api_major) >= _maj && \ 29 - (psp_master->api_minor) >= _min) 30 - 31 27 #define DEVICE_NAME "sev" 32 28 #define SEV_FW_FILE "amd/sev.fw" 33 29 #define SEV_FW_NAME_SIZE 64 ··· 42 46 43 47 static bool psp_dead; 44 48 static int psp_timeout; 49 + 50 + static inline bool sev_version_greater_or_equal(u8 maj, u8 min) 51 + { 52 + if (psp_master->api_major > maj) 53 + return true; 54 + if (psp_master->api_major == maj && psp_master->api_minor >= min) 55 + return true; 56 + return false; 57 + } 45 58 46 59 static struct psp_device *psp_alloc_struct(struct sp_device *sp) 47 60 { ··· 593 588 int ret; 594 589 595 590 /* SEV GET_ID is available from SEV API v0.16 and up */ 596 - if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) 591 + if (!sev_version_greater_or_equal(0, 16)) 597 592 return -ENOTSUPP; 598 593 599 594 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) ··· 656 651 int ret; 657 652 658 653 /* SEV GET_ID available from SEV API v0.16 and up */ 659 - if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) 654 + if (!sev_version_greater_or_equal(0, 16)) 660 655 return -ENOTSUPP; 661 656 662 657 /* SEV FW expects the buffer it fills with the ID to be ··· 1058 1053 psp_master->sev_state = SEV_STATE_UNINIT; 1059 1054 } 1060 1055 1061 - if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) && 1056 + if (sev_version_greater_or_equal(0, 15) && 1062 1057 sev_update_firmware(psp_master->dev) == 0) 1063 1058 sev_get_api_version(); 1064 1059

+1 -1

drivers/crypto/stm32/stm32-hash.c

··· 338 338 339 339 len32 = DIV_ROUND_UP(length, sizeof(u32)); 340 340 341 - dev_dbg(hdev->dev, "%s: length: %d, final: %x len32 %i\n", 341 + dev_dbg(hdev->dev, "%s: length: %zd, final: %x len32 %i\n", 342 342 __func__, length, final, len32); 343 343 344 344 hdev->flags |= HASH_FLAGS_CPU;

+12

kernel/padata.c

··· 267 267 * The next object that needs serialization might have arrived to 268 268 * the reorder queues in the meantime, we will be called again 269 269 * from the timer function if no one else cares for it. 270 + * 271 + * Ensure reorder_objects is read after pd->lock is dropped so we see 272 + * an increment from another task in padata_do_serial. Pairs with 273 + * smp_mb__after_atomic in padata_do_serial. 270 274 */ 275 + smp_mb(); 271 276 if (atomic_read(&pd->reorder_objects) 272 277 && !(pinst->flags & PADATA_RESET)) 273 278 mod_timer(&pd->timer, jiffies + HZ); ··· 391 386 atomic_inc(&pd->reorder_objects); 392 387 list_add_tail(&padata->list, &pqueue->reorder.list); 393 388 spin_unlock(&pqueue->reorder.lock); 389 + 390 + /* 391 + * Ensure the atomic_inc of reorder_objects above is ordered correctly 392 + * with the trylock of pd->lock in padata_reorder. Pairs with smp_mb 393 + * in padata_reorder. 394 + */ 395 + smp_mb__after_atomic(); 394 396 395 397 put_cpu(); 396 398