* [PATCH 00/12] crypto: qat - re-enable algorithms
@ 2022-05-06 8:23 Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
` (11 more replies)
0 siblings, 12 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert; +Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu
This set is an extension of a previous set called `crypto: qat - fix dm-crypt
related issues` which aims to re-enable the algorithms in the QAT driver
after [1].
This fixes a number of issues with the implementation of the QAT algs,
both symmetric and asymmetric.
In particular this set enables the QAT driver to handle correctly the
flags CRYPTO_TFM_REQ_MAY_BACKLOG and CRYPTO_TFM_REQ_MAY_SLEEP,
fixes an hidden issue in RSA and DH which appeared after commit f5ff79fddf0e,
related to the usage of dma_free_coherent() from a tasklet, and includes
important fixes in the akcipher algorithms.
One item to mention is that, differently from the previous set, this
one does not removes the flag CRYPTO_ALG_ALLOCATES_MEMORY which will
be removed after the conversation in [2] is closed.
[1] https://lore.kernel.org/linux-crypto/YiEyGoHacN80FcOL@silpixa00400314/
[2] https://lore.kernel.org/linux-crypto/Yl6PlqyucVLCzwF5@silpixa00400314/
Giovanni Cabiddu (12):
crypto: qat - use pre-allocated buffers in datapath
crypto: qat - refactor submission logic
crypto: qat - add backlog mechanism
crypto: qat - fix memory leak in RSA
crypto: qat - remove dma_free_coherent() for RSA
crypto: qat - remove dma_free_coherent() for DH
crypto: qat - set to zero DH parameters before free
crypto: qat - add param check for RSA
crypto: qat - add param check for DH
crypto: qat - use memzero_explicit() for algs
crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag
crypto: qat - re-enable registration of algorithms
drivers/crypto/qat/qat_4xxx/adf_drv.c | 7 -
drivers/crypto/qat/qat_common/Makefile | 1 +
drivers/crypto/qat/qat_common/adf_transport.c | 11 +
drivers/crypto/qat/qat_common/adf_transport.h | 1 +
.../qat/qat_common/adf_transport_internal.h | 1 +
drivers/crypto/qat/qat_common/qat_algs.c | 173 ++++-----
drivers/crypto/qat/qat_common/qat_algs_send.c | 86 +++++
drivers/crypto/qat/qat_common/qat_algs_send.h | 11 +
drivers/crypto/qat/qat_common/qat_asym_algs.c | 327 +++++++++---------
drivers/crypto/qat/qat_common/qat_crypto.c | 10 +-
drivers/crypto/qat/qat_common/qat_crypto.h | 44 +++
11 files changed, 415 insertions(+), 257 deletions(-)
create mode 100644 drivers/crypto/qat/qat_common/qat_algs_send.c
create mode 100644 drivers/crypto/qat/qat_common/qat_algs_send.h
--
2.35.1
^ permalink raw reply [flat|nested] 26+ messages in thread
* [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
` (10 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Mikulas Patocka, Marco Chiappero, Wojciech Ziemba
In order to do DMAs, the QAT device requires that the scatterlist
structures are mapped and translated into a format that the firmware can
understand. This is defined as the composition of a scatter gather list
(SGL) descriptor header, the struct qat_alg_buf_list, plus a variable
number of flat buffer descriptors, the struct qat_alg_buf.
The allocation and mapping of these data structures is done each time a
request is received from the skcipher and aead APIs.
In an OOM situation, this behaviour might lead to a dead-lock if an
allocation fails.
Based on the conversation in [1], increase the size of the aead and
skcipher request contexts to include an SGL descriptor that can handle
a maximum of 4 flat buffers.
If requests exceed 4 entries buffers, memory is allocated dynamically.
[1] https://lore.kernel.org/linux-crypto/20200722072932.GA27544@gondor.apana.org.au/
Cc: stable@vger.kernel.org
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_algs.c | 64 +++++++++++++---------
drivers/crypto/qat/qat_common/qat_crypto.h | 24 ++++++++
2 files changed, 61 insertions(+), 27 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index f998ed58457c..ec635fe44c1f 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -46,19 +46,6 @@
static DEFINE_MUTEX(algs_lock);
static unsigned int active_devs;
-struct qat_alg_buf {
- u32 len;
- u32 resrvd;
- u64 addr;
-} __packed;
-
-struct qat_alg_buf_list {
- u64 resrvd;
- u32 num_bufs;
- u32 num_mapped_bufs;
- struct qat_alg_buf bufers[];
-} __packed __aligned(64);
-
/* Common content descriptor */
struct qat_alg_cd {
union {
@@ -693,7 +680,10 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
bl->bufers[i].len, DMA_BIDIRECTIONAL);
dma_unmap_single(dev, blp, sz, DMA_TO_DEVICE);
- kfree(bl);
+
+ if (!qat_req->buf.sgl_src_valid)
+ kfree(bl);
+
if (blp != blpout) {
/* If out of place operation dma unmap only data */
int bufless = blout->num_bufs - blout->num_mapped_bufs;
@@ -704,7 +694,9 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
DMA_BIDIRECTIONAL);
}
dma_unmap_single(dev, blpout, sz_out, DMA_TO_DEVICE);
- kfree(blout);
+
+ if (!qat_req->buf.sgl_dst_valid)
+ kfree(blout);
}
}
@@ -721,15 +713,24 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
dma_addr_t blp = DMA_MAPPING_ERROR;
dma_addr_t bloutp = DMA_MAPPING_ERROR;
struct scatterlist *sg;
- size_t sz_out, sz = struct_size(bufl, bufers, n + 1);
+ size_t sz_out, sz = struct_size(bufl, bufers, n);
+ int node = dev_to_node(&GET_DEV(inst->accel_dev));
if (unlikely(!n))
return -EINVAL;
- bufl = kzalloc_node(sz, GFP_ATOMIC,
- dev_to_node(&GET_DEV(inst->accel_dev)));
- if (unlikely(!bufl))
- return -ENOMEM;
+ qat_req->buf.sgl_src_valid = false;
+ qat_req->buf.sgl_dst_valid = false;
+
+ if (n > QAT_MAX_BUFF_DESC) {
+ bufl = kzalloc_node(sz, GFP_ATOMIC, node);
+ if (unlikely(!bufl))
+ return -ENOMEM;
+ } else {
+ bufl = &qat_req->buf.sgl_src.sgl_hdr;
+ memset(bufl, 0, sizeof(struct qat_alg_buf_list));
+ qat_req->buf.sgl_src_valid = true;
+ }
for_each_sg(sgl, sg, n, i)
bufl->bufers[i].addr = DMA_MAPPING_ERROR;
@@ -760,12 +761,18 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
struct qat_alg_buf *bufers;
n = sg_nents(sglout);
- sz_out = struct_size(buflout, bufers, n + 1);
+ sz_out = struct_size(buflout, bufers, n);
sg_nctr = 0;
- buflout = kzalloc_node(sz_out, GFP_ATOMIC,
- dev_to_node(&GET_DEV(inst->accel_dev)));
- if (unlikely(!buflout))
- goto err_in;
+
+ if (n > QAT_MAX_BUFF_DESC) {
+ buflout = kzalloc_node(sz_out, GFP_ATOMIC, node);
+ if (unlikely(!buflout))
+ goto err_in;
+ } else {
+ buflout = &qat_req->buf.sgl_dst.sgl_hdr;
+ memset(buflout, 0, sizeof(struct qat_alg_buf_list));
+ qat_req->buf.sgl_dst_valid = true;
+ }
bufers = buflout->bufers;
for_each_sg(sglout, sg, n, i)
@@ -810,7 +817,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
dma_unmap_single(dev, buflout->bufers[i].addr,
buflout->bufers[i].len,
DMA_BIDIRECTIONAL);
- kfree(buflout);
+
+ if (!qat_req->buf.sgl_dst_valid)
+ kfree(buflout);
err_in:
if (!dma_mapping_error(dev, blp))
@@ -823,7 +832,8 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
bufl->bufers[i].len,
DMA_BIDIRECTIONAL);
- kfree(bufl);
+ if (!qat_req->buf.sgl_src_valid)
+ kfree(bufl);
dev_err(dev, "Failed to map buf for dma\n");
return -ENOMEM;
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h
index b6a4c95ae003..0928f159ea99 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.h
+++ b/drivers/crypto/qat/qat_common/qat_crypto.h
@@ -21,6 +21,26 @@ struct qat_crypto_instance {
atomic_t refctr;
};
+#define QAT_MAX_BUFF_DESC 4
+
+struct qat_alg_buf {
+ u32 len;
+ u32 resrvd;
+ u64 addr;
+} __packed;
+
+struct qat_alg_buf_list {
+ u64 resrvd;
+ u32 num_bufs;
+ u32 num_mapped_bufs;
+ struct qat_alg_buf bufers[];
+} __packed;
+
+struct qat_alg_fixed_buf_list {
+ struct qat_alg_buf_list sgl_hdr;
+ struct qat_alg_buf descriptors[QAT_MAX_BUFF_DESC];
+} __packed __aligned(64);
+
struct qat_crypto_request_buffs {
struct qat_alg_buf_list *bl;
dma_addr_t blp;
@@ -28,6 +48,10 @@ struct qat_crypto_request_buffs {
dma_addr_t bloutp;
size_t sz;
size_t sz_out;
+ bool sgl_src_valid;
+ bool sgl_dst_valid;
+ struct qat_alg_fixed_buf_list sgl_src;
+ struct qat_alg_fixed_buf_list sgl_dst;
};
struct qat_crypto_request;
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 02/12] crypto: qat - refactor submission logic
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 9:24 ` Greg KH
2022-05-06 8:23 ` [PATCH 03/12] crypto: qat - add backlog mechanism Giovanni Cabiddu
` (9 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Marco Chiappero
Move the submission loop to a new function, qat_alg_send_message(), and
share it between the symmetric and the asymmetric algorithms.
If the HW queues are full return -ENOSPC instead of -EBUSY.
For both symmetric and asymmetric services set the number of retries
before returning an error to a value that works for both, 20 (was 10 for
symmetric and 100 for asymmetric).
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
---
drivers/crypto/qat/qat_common/Makefile | 1 +
drivers/crypto/qat/qat_common/qat_algs.c | 68 +++++++++----------
drivers/crypto/qat/qat_common/qat_algs_send.c | 21 ++++++
drivers/crypto/qat/qat_common/qat_algs_send.h | 10 +++
drivers/crypto/qat/qat_common/qat_asym_algs.c | 50 +++++++++-----
drivers/crypto/qat/qat_common/qat_crypto.h | 5 ++
6 files changed, 101 insertions(+), 54 deletions(-)
create mode 100644 drivers/crypto/qat/qat_common/qat_algs_send.c
create mode 100644 drivers/crypto/qat/qat_common/qat_algs_send.h
diff --git a/drivers/crypto/qat/qat_common/Makefile b/drivers/crypto/qat/qat_common/Makefile
index f25a6c8edfc7..04f058acc4d3 100644
--- a/drivers/crypto/qat/qat_common/Makefile
+++ b/drivers/crypto/qat/qat_common/Makefile
@@ -16,6 +16,7 @@ intel_qat-objs := adf_cfg.o \
qat_crypto.o \
qat_algs.o \
qat_asym_algs.o \
+ qat_algs_send.o \
qat_uclo.o \
qat_hal.o
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index ec635fe44c1f..6017ae82c713 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -17,7 +17,7 @@
#include <crypto/xts.h>
#include <linux/dma-mapping.h>
#include "adf_accel_devices.h"
-#include "adf_transport.h"
+#include "qat_algs_send.h"
#include "adf_common_drv.h"
#include "qat_crypto.h"
#include "icp_qat_hw.h"
@@ -939,6 +939,17 @@ void qat_alg_callback(void *resp)
qat_req->cb(qat_resp, qat_req);
}
+static int qat_alg_send_sym_message(struct qat_crypto_request *qat_req,
+ struct qat_crypto_instance *inst)
+{
+ struct qat_alg_req req;
+
+ req.fw_req = (u32 *)&qat_req->req;
+ req.tx_ring = inst->sym_tx;
+
+ return qat_alg_send_message(&req);
+}
+
static int qat_alg_aead_dec(struct aead_request *areq)
{
struct crypto_aead *aead_tfm = crypto_aead_reqtfm(areq);
@@ -949,7 +960,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
struct icp_qat_fw_la_auth_req_params *auth_param;
struct icp_qat_fw_la_bulk_req *msg;
int digst_size = crypto_aead_authsize(aead_tfm);
- int ret, ctr = 0;
+ int ret;
u32 cipher_len;
cipher_len = areq->cryptlen - digst_size;
@@ -975,15 +986,12 @@ static int qat_alg_aead_dec(struct aead_request *areq)
auth_param = (void *)((u8 *)cipher_param + sizeof(*cipher_param));
auth_param->auth_off = 0;
auth_param->auth_len = areq->assoclen + cipher_param->cipher_length;
- do {
- ret = adf_send_message(ctx->inst->sym_tx, (u32 *)msg);
- } while (ret == -EAGAIN && ctr++ < 10);
- if (ret == -EAGAIN) {
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
- return -EBUSY;
- }
- return -EINPROGRESS;
+
+ return ret;
}
static int qat_alg_aead_enc(struct aead_request *areq)
@@ -996,7 +1004,7 @@ static int qat_alg_aead_enc(struct aead_request *areq)
struct icp_qat_fw_la_auth_req_params *auth_param;
struct icp_qat_fw_la_bulk_req *msg;
u8 *iv = areq->iv;
- int ret, ctr = 0;
+ int ret;
if (areq->cryptlen % AES_BLOCK_SIZE != 0)
return -EINVAL;
@@ -1023,15 +1031,11 @@ static int qat_alg_aead_enc(struct aead_request *areq)
auth_param->auth_off = 0;
auth_param->auth_len = areq->assoclen + areq->cryptlen;
- do {
- ret = adf_send_message(ctx->inst->sym_tx, (u32 *)msg);
- } while (ret == -EAGAIN && ctr++ < 10);
-
- if (ret == -EAGAIN) {
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
- return -EBUSY;
- }
- return -EINPROGRESS;
+
+ return ret;
}
static int qat_alg_skcipher_rekey(struct qat_alg_skcipher_ctx *ctx,
@@ -1184,7 +1188,7 @@ static int qat_alg_skcipher_encrypt(struct skcipher_request *req)
struct qat_crypto_request *qat_req = skcipher_request_ctx(req);
struct icp_qat_fw_la_cipher_req_params *cipher_param;
struct icp_qat_fw_la_bulk_req *msg;
- int ret, ctr = 0;
+ int ret;
if (req->cryptlen == 0)
return 0;
@@ -1208,15 +1212,11 @@ static int qat_alg_skcipher_encrypt(struct skcipher_request *req)
qat_alg_set_req_iv(qat_req);
- do {
- ret = adf_send_message(ctx->inst->sym_tx, (u32 *)msg);
- } while (ret == -EAGAIN && ctr++ < 10);
-
- if (ret == -EAGAIN) {
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
- return -EBUSY;
- }
- return -EINPROGRESS;
+
+ return ret;
}
static int qat_alg_skcipher_blk_encrypt(struct skcipher_request *req)
@@ -1253,7 +1253,7 @@ static int qat_alg_skcipher_decrypt(struct skcipher_request *req)
struct qat_crypto_request *qat_req = skcipher_request_ctx(req);
struct icp_qat_fw_la_cipher_req_params *cipher_param;
struct icp_qat_fw_la_bulk_req *msg;
- int ret, ctr = 0;
+ int ret;
if (req->cryptlen == 0)
return 0;
@@ -1278,15 +1278,11 @@ static int qat_alg_skcipher_decrypt(struct skcipher_request *req)
qat_alg_set_req_iv(qat_req);
qat_alg_update_iv(qat_req);
- do {
- ret = adf_send_message(ctx->inst->sym_tx, (u32 *)msg);
- } while (ret == -EAGAIN && ctr++ < 10);
-
- if (ret == -EAGAIN) {
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
- return -EBUSY;
- }
- return -EINPROGRESS;
+
+ return ret;
}
static int qat_alg_skcipher_blk_decrypt(struct skcipher_request *req)
diff --git a/drivers/crypto/qat/qat_common/qat_algs_send.c b/drivers/crypto/qat/qat_common/qat_algs_send.c
new file mode 100644
index 000000000000..78f1bb8c26c0
--- /dev/null
+++ b/drivers/crypto/qat/qat_common/qat_algs_send.c
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only)
+/* Copyright(c) 2022 Intel Corporation */
+#include "adf_transport.h"
+#include "qat_algs_send.h"
+#include "qat_crypto.h"
+
+#define ADF_MAX_RETRIES 20
+
+int qat_alg_send_message(struct qat_alg_req *req)
+{
+ int ret = 0, ctr = 0;
+
+ do {
+ ret = adf_send_message(req->tx_ring, req->fw_req);
+ } while (ret == -EAGAIN && ctr++ < ADF_MAX_RETRIES);
+
+ if (ret == -EAGAIN)
+ return -ENOSPC;
+
+ return -EINPROGRESS;
+}
diff --git a/drivers/crypto/qat/qat_common/qat_algs_send.h b/drivers/crypto/qat/qat_common/qat_algs_send.h
new file mode 100644
index 000000000000..3fa685d0c293
--- /dev/null
+++ b/drivers/crypto/qat/qat_common/qat_algs_send.h
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only) */
+/* Copyright(c) 2022 Intel Corporation */
+#ifndef QAT_ALGS_SEND_H
+#define QAT_ALGS_SEND_H
+
+#include "qat_crypto.h"
+
+int qat_alg_send_message(struct qat_alg_req *req);
+
+#endif
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index b0b78445418b..a3fdbcc08772 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -12,6 +12,7 @@
#include <crypto/scatterwalk.h>
#include "icp_qat_fw_pke.h"
#include "adf_accel_devices.h"
+#include "qat_algs_send.h"
#include "adf_transport.h"
#include "adf_common_drv.h"
#include "qat_crypto.h"
@@ -137,6 +138,17 @@ struct qat_asym_request {
void (*cb)(struct icp_qat_fw_pke_resp *resp);
} __aligned(64);
+static int qat_alg_send_asym_message(struct qat_asym_request *qat_req,
+ struct qat_crypto_instance *inst)
+{
+ struct qat_alg_req req;
+
+ req.fw_req = (u32 *)&qat_req->req;
+ req.tx_ring = inst->pke_tx;
+
+ return qat_alg_send_message(&req);
+}
+
static void qat_dh_cb(struct icp_qat_fw_pke_resp *resp)
{
struct qat_asym_request *req = (void *)(__force long)resp->opaque;
@@ -213,7 +225,7 @@ static int qat_dh_compute_value(struct kpp_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(kpp_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
- int ret, ctr = 0;
+ int ret;
int n_input_params = 0;
if (unlikely(!ctx->xa))
@@ -338,13 +350,13 @@ static int qat_dh_compute_value(struct kpp_request *req)
msg->input_param_count = n_input_params;
msg->output_param_count = 1;
- do {
- ret = adf_send_message(ctx->inst->pke_tx, (u32 *)msg);
- } while (ret == -EBUSY && ctr++ < 100);
+ ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
+ goto unmap_all;
- if (!ret)
- return -EINPROGRESS;
+ return ret;
+unmap_all:
if (!dma_mapping_error(dev, qat_req->phy_out))
dma_unmap_single(dev, qat_req->phy_out,
sizeof(struct qat_dh_output_params),
@@ -642,7 +654,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
- int ret, ctr = 0;
+ int ret;
if (unlikely(!ctx->n || !ctx->e))
return -EINVAL;
@@ -732,13 +744,14 @@ static int qat_rsa_enc(struct akcipher_request *req)
msg->pke_mid.opaque = (u64)(__force long)qat_req;
msg->input_param_count = 3;
msg->output_param_count = 1;
- do {
- ret = adf_send_message(ctx->inst->pke_tx, (u32 *)msg);
- } while (ret == -EBUSY && ctr++ < 100);
- if (!ret)
- return -EINPROGRESS;
+ ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
+ goto unmap_all;
+
+ return ret;
+unmap_all:
if (!dma_mapping_error(dev, qat_req->phy_out))
dma_unmap_single(dev, qat_req->phy_out,
sizeof(struct qat_rsa_output_params),
@@ -776,7 +789,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
- int ret, ctr = 0;
+ int ret;
if (unlikely(!ctx->n || !ctx->d))
return -EINVAL;
@@ -884,13 +897,14 @@ static int qat_rsa_dec(struct akcipher_request *req)
msg->input_param_count = 3;
msg->output_param_count = 1;
- do {
- ret = adf_send_message(ctx->inst->pke_tx, (u32 *)msg);
- } while (ret == -EBUSY && ctr++ < 100);
- if (!ret)
- return -EINPROGRESS;
+ ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ if (ret == -ENOSPC)
+ goto unmap_all;
+
+ return ret;
+unmap_all:
if (!dma_mapping_error(dev, qat_req->phy_out))
dma_unmap_single(dev, qat_req->phy_out,
sizeof(struct qat_rsa_output_params),
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h
index 0928f159ea99..0dcba6fc358c 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.h
+++ b/drivers/crypto/qat/qat_common/qat_crypto.h
@@ -9,6 +9,11 @@
#include "adf_accel_devices.h"
#include "icp_qat_fw_la.h"
+struct qat_alg_req {
+ u32 *fw_req;
+ struct adf_etr_ring_data *tx_ring;
+};
+
struct qat_crypto_instance {
struct adf_etr_ring_data *sym_tx;
struct adf_etr_ring_data *sym_rx;
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 03/12] crypto: qat - add backlog mechanism
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 04/12] crypto: qat - fix memory leak in RSA Giovanni Cabiddu
` (8 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Mikulas Patocka, Kyle Sanderson, Marco Chiappero
The implementations of the crypto algorithms (aead, skcipher, etc) in
the QAT driver do not properly support requests with the
CRYPTO_TFM_REQ_MAY_BACKLOG flag set. If the HW queue is full, the driver
returns -EBUSY but does not enqueue the request. This can result in
applications like dm-crypt waiting indefinitely for the completion of a
request that was never submitted to the hardware.
Fix this by adding a software backlog queue: if the ring buffer is more
than eighty percent full, then the request is enqueued to a backlog
list and the error code -EBUSY is returned back to the caller.
Requests in the backlog queue are resubmitted at a later time, in the
context of the callback of a previously submitted request.
The request for which -EBUSY is returned is then marked as -EINPROGRESS
once submitted to the HW queues.
The submission loop inside the function qat_alg_send_message() has been
modified to decide which submission policy to use based on the request
flags. If the request does not have the CRYPTO_TFM_REQ_MAY_BACKLOG set,
the previous behaviour has been preserved.
Based on a patch by
Vishnu Das Ramachandran <vishnu.dasx.ramachandran@intel.com>
Cc: stable@vger.kernel.org
Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface")
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Reported-by: Kyle Sanderson <kyle.leet@gmail.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
---
drivers/crypto/qat/qat_common/adf_transport.c | 11 +++
drivers/crypto/qat/qat_common/adf_transport.h | 1 +
.../qat/qat_common/adf_transport_internal.h | 1 +
drivers/crypto/qat/qat_common/qat_algs.c | 24 ++++---
drivers/crypto/qat/qat_common/qat_algs_send.c | 67 ++++++++++++++++++-
drivers/crypto/qat/qat_common/qat_algs_send.h | 1 +
drivers/crypto/qat/qat_common/qat_asym_algs.c | 23 ++++---
drivers/crypto/qat/qat_common/qat_crypto.c | 3 +
drivers/crypto/qat/qat_common/qat_crypto.h | 10 +++
9 files changed, 123 insertions(+), 18 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c
index 8ba28409fb74..630d0483c4e0 100644
--- a/drivers/crypto/qat/qat_common/adf_transport.c
+++ b/drivers/crypto/qat/qat_common/adf_transport.c
@@ -8,6 +8,9 @@
#include "adf_cfg.h"
#include "adf_common_drv.h"
+#define ADF_MAX_RING_THRESHOLD 80
+#define ADF_PERCENT(tot, percent) (((tot) * (percent)) / 100)
+
static inline u32 adf_modulo(u32 data, u32 shift)
{
u32 div = data >> shift;
@@ -77,6 +80,11 @@ static void adf_disable_ring_irq(struct adf_etr_bank_data *bank, u32 ring)
bank->irq_mask);
}
+bool adf_ring_nearly_full(struct adf_etr_ring_data *ring)
+{
+ return atomic_read(ring->inflights) > ring->threshold;
+}
+
int adf_send_message(struct adf_etr_ring_data *ring, u32 *msg)
{
struct adf_hw_csr_ops *csr_ops = GET_CSR_OPS(ring->bank->accel_dev);
@@ -217,6 +225,7 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section,
struct adf_etr_bank_data *bank;
struct adf_etr_ring_data *ring;
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
+ int max_inflights;
u32 ring_num;
int ret;
@@ -263,6 +272,8 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section,
ring->ring_size = adf_verify_ring_size(msg_size, num_msgs);
ring->head = 0;
ring->tail = 0;
+ max_inflights = ADF_MAX_INFLIGHTS(ring->ring_size, ring->msg_size);
+ ring->threshold = ADF_PERCENT(max_inflights, ADF_MAX_RING_THRESHOLD);
atomic_set(ring->inflights, 0);
ret = adf_init_ring(ring);
if (ret)
diff --git a/drivers/crypto/qat/qat_common/adf_transport.h b/drivers/crypto/qat/qat_common/adf_transport.h
index 2c95f1697c76..e6ef6f9b7691 100644
--- a/drivers/crypto/qat/qat_common/adf_transport.h
+++ b/drivers/crypto/qat/qat_common/adf_transport.h
@@ -14,6 +14,7 @@ int adf_create_ring(struct adf_accel_dev *accel_dev, const char *section,
const char *ring_name, adf_callback_fn callback,
int poll_mode, struct adf_etr_ring_data **ring_ptr);
+bool adf_ring_nearly_full(struct adf_etr_ring_data *ring);
int adf_send_message(struct adf_etr_ring_data *ring, u32 *msg);
void adf_remove_ring(struct adf_etr_ring_data *ring);
#endif
diff --git a/drivers/crypto/qat/qat_common/adf_transport_internal.h b/drivers/crypto/qat/qat_common/adf_transport_internal.h
index 501bcf0f1809..8b2c92ba7ca1 100644
--- a/drivers/crypto/qat/qat_common/adf_transport_internal.h
+++ b/drivers/crypto/qat/qat_common/adf_transport_internal.h
@@ -22,6 +22,7 @@ struct adf_etr_ring_data {
spinlock_t lock; /* protects ring data struct */
u16 head;
u16 tail;
+ u32 threshold;
u8 ring_number;
u8 ring_size;
u8 msg_size;
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 6017ae82c713..873533dc43a7 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -935,19 +935,25 @@ void qat_alg_callback(void *resp)
struct icp_qat_fw_la_resp *qat_resp = resp;
struct qat_crypto_request *qat_req =
(void *)(__force long)qat_resp->opaque_data;
+ struct qat_instance_backlog *backlog = qat_req->alg_req.backlog;
qat_req->cb(qat_resp, qat_req);
+
+ qat_alg_send_backlog(backlog);
}
static int qat_alg_send_sym_message(struct qat_crypto_request *qat_req,
- struct qat_crypto_instance *inst)
+ struct qat_crypto_instance *inst,
+ struct crypto_async_request *base)
{
- struct qat_alg_req req;
+ struct qat_alg_req *alg_req = &qat_req->alg_req;
- req.fw_req = (u32 *)&qat_req->req;
- req.tx_ring = inst->sym_tx;
+ alg_req->fw_req = (u32 *)&qat_req->req;
+ alg_req->tx_ring = inst->sym_tx;
+ alg_req->base = base;
+ alg_req->backlog = &inst->backlog;
- return qat_alg_send_message(&req);
+ return qat_alg_send_message(alg_req);
}
static int qat_alg_aead_dec(struct aead_request *areq)
@@ -987,7 +993,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
auth_param->auth_off = 0;
auth_param->auth_len = areq->assoclen + cipher_param->cipher_length;
- ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst, &areq->base);
if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
@@ -1031,7 +1037,7 @@ static int qat_alg_aead_enc(struct aead_request *areq)
auth_param->auth_off = 0;
auth_param->auth_len = areq->assoclen + areq->cryptlen;
- ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst, &areq->base);
if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
@@ -1212,7 +1218,7 @@ static int qat_alg_skcipher_encrypt(struct skcipher_request *req)
qat_alg_set_req_iv(qat_req);
- ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst, &req->base);
if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
@@ -1278,7 +1284,7 @@ static int qat_alg_skcipher_decrypt(struct skcipher_request *req)
qat_alg_set_req_iv(qat_req);
qat_alg_update_iv(qat_req);
- ret = qat_alg_send_sym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_sym_message(qat_req, ctx->inst, &req->base);
if (ret == -ENOSPC)
qat_alg_free_bufl(ctx->inst, qat_req);
diff --git a/drivers/crypto/qat/qat_common/qat_algs_send.c b/drivers/crypto/qat/qat_common/qat_algs_send.c
index 78f1bb8c26c0..ff5b4347f783 100644
--- a/drivers/crypto/qat/qat_common/qat_algs_send.c
+++ b/drivers/crypto/qat/qat_common/qat_algs_send.c
@@ -6,7 +6,7 @@
#define ADF_MAX_RETRIES 20
-int qat_alg_send_message(struct qat_alg_req *req)
+static int qat_alg_send_message_retry(struct qat_alg_req *req)
{
int ret = 0, ctr = 0;
@@ -19,3 +19,68 @@ int qat_alg_send_message(struct qat_alg_req *req)
return -EINPROGRESS;
}
+
+void qat_alg_send_backlog(struct qat_instance_backlog *backlog)
+{
+ struct qat_alg_req *req, *tmp;
+
+ spin_lock_bh(&backlog->lock);
+ list_for_each_entry_safe(req, tmp, &backlog->list, list) {
+ if (adf_send_message(req->tx_ring, req->fw_req)) {
+ /* The HW ring is full. Do nothing.
+ * qat_alg_send_backlog() will be invoked again by
+ * another callback.
+ */
+ break;
+ }
+ list_del(&req->list);
+ req->base->complete(req->base, -EINPROGRESS);
+ }
+ spin_unlock_bh(&backlog->lock);
+}
+
+static void qat_alg_backlog_req(struct qat_alg_req *req,
+ struct qat_instance_backlog *backlog)
+{
+ INIT_LIST_HEAD(&req->list);
+
+ spin_lock_bh(&backlog->lock);
+ list_add_tail(&req->list, &backlog->list);
+ spin_unlock_bh(&backlog->lock);
+}
+
+static int qat_alg_send_message_maybacklog(struct qat_alg_req *req)
+{
+ struct qat_instance_backlog *backlog = req->backlog;
+ struct adf_etr_ring_data *tx_ring = req->tx_ring;
+ u32 *fw_req = req->fw_req;
+
+ /* If any request is already backlogged, then add to backlog list */
+ if (!list_empty(&backlog->list))
+ goto enqueue;
+
+ /* If ring is nearly full, then add to backlog list */
+ if (adf_ring_nearly_full(tx_ring))
+ goto enqueue;
+
+ /* If adding request to HW ring fails, then add to backlog list */
+ if (adf_send_message(tx_ring, fw_req))
+ goto enqueue;
+
+ return -EINPROGRESS;
+
+enqueue:
+ qat_alg_backlog_req(req, backlog);
+
+ return -EBUSY;
+}
+
+int qat_alg_send_message(struct qat_alg_req *req)
+{
+ u32 flags = req->base->flags;
+
+ if (flags & CRYPTO_TFM_REQ_MAY_BACKLOG)
+ return qat_alg_send_message_maybacklog(req);
+ else
+ return qat_alg_send_message_retry(req);
+}
diff --git a/drivers/crypto/qat/qat_common/qat_algs_send.h b/drivers/crypto/qat/qat_common/qat_algs_send.h
index 3fa685d0c293..5ce9f4f69d8f 100644
--- a/drivers/crypto/qat/qat_common/qat_algs_send.h
+++ b/drivers/crypto/qat/qat_common/qat_algs_send.h
@@ -6,5 +6,6 @@
#include "qat_crypto.h"
int qat_alg_send_message(struct qat_alg_req *req);
+void qat_alg_send_backlog(struct qat_instance_backlog *backlog);
#endif
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index a3fdbcc08772..306219a4b00e 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -136,17 +136,21 @@ struct qat_asym_request {
} areq;
int err;
void (*cb)(struct icp_qat_fw_pke_resp *resp);
+ struct qat_alg_req alg_req;
} __aligned(64);
static int qat_alg_send_asym_message(struct qat_asym_request *qat_req,
- struct qat_crypto_instance *inst)
+ struct qat_crypto_instance *inst,
+ struct crypto_async_request *base)
{
- struct qat_alg_req req;
+ struct qat_alg_req *alg_req = &qat_req->alg_req;
- req.fw_req = (u32 *)&qat_req->req;
- req.tx_ring = inst->pke_tx;
+ alg_req->fw_req = (u32 *)&qat_req->req;
+ alg_req->tx_ring = inst->pke_tx;
+ alg_req->base = base;
+ alg_req->backlog = &inst->backlog;
- return qat_alg_send_message(&req);
+ return qat_alg_send_message(alg_req);
}
static void qat_dh_cb(struct icp_qat_fw_pke_resp *resp)
@@ -350,7 +354,7 @@ static int qat_dh_compute_value(struct kpp_request *req)
msg->input_param_count = n_input_params;
msg->output_param_count = 1;
- ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_asym_message(qat_req, inst, &req->base);
if (ret == -ENOSPC)
goto unmap_all;
@@ -554,8 +558,11 @@ void qat_alg_asym_callback(void *_resp)
{
struct icp_qat_fw_pke_resp *resp = _resp;
struct qat_asym_request *areq = (void *)(__force long)resp->opaque;
+ struct qat_instance_backlog *backlog = areq->alg_req.backlog;
areq->cb(resp);
+
+ qat_alg_send_backlog(backlog);
}
#define PKE_RSA_EP_512 0x1c161b21
@@ -745,7 +752,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
msg->input_param_count = 3;
msg->output_param_count = 1;
- ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_asym_message(qat_req, inst, &req->base);
if (ret == -ENOSPC)
goto unmap_all;
@@ -898,7 +905,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
msg->output_param_count = 1;
- ret = qat_alg_send_asym_message(qat_req, ctx->inst);
+ ret = qat_alg_send_asym_message(qat_req, inst, &req->base);
if (ret == -ENOSPC)
goto unmap_all;
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.c b/drivers/crypto/qat/qat_common/qat_crypto.c
index 67c9588e89df..80d905ed102e 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.c
+++ b/drivers/crypto/qat/qat_common/qat_crypto.c
@@ -353,6 +353,9 @@ static int qat_crypto_create_instances(struct adf_accel_dev *accel_dev)
&inst->pke_rx);
if (ret)
goto err;
+
+ INIT_LIST_HEAD(&inst->backlog.list);
+ spin_lock_init(&inst->backlog.lock);
}
return 0;
err:
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h
index 0dcba6fc358c..245b6d9a3650 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.h
+++ b/drivers/crypto/qat/qat_common/qat_crypto.h
@@ -9,9 +9,17 @@
#include "adf_accel_devices.h"
#include "icp_qat_fw_la.h"
+struct qat_instance_backlog {
+ struct list_head list;
+ spinlock_t lock; /* protects backlog list */
+};
+
struct qat_alg_req {
u32 *fw_req;
struct adf_etr_ring_data *tx_ring;
+ struct crypto_async_request *base;
+ struct list_head list;
+ struct qat_instance_backlog *backlog;
};
struct qat_crypto_instance {
@@ -24,6 +32,7 @@ struct qat_crypto_instance {
unsigned long state;
int id;
atomic_t refctr;
+ struct qat_instance_backlog backlog;
};
#define QAT_MAX_BUFF_DESC 4
@@ -82,6 +91,7 @@ struct qat_crypto_request {
u8 iv[AES_BLOCK_SIZE];
};
bool encryption;
+ struct qat_alg_req alg_req;
};
static inline bool adf_hw_dev_has_crypto(struct adf_accel_dev *accel_dev)
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 04/12] crypto: qat - fix memory leak in RSA
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (2 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 03/12] crypto: qat - add backlog mechanism Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA Giovanni Cabiddu
` (7 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is
used, some components of the private key persist even after the TFM is
released.
Replace the explicit calls to free the buffers in qat_rsa_exit_tfm()
with a call to qat_rsa_clear_ctx() which frees all buffers referenced in
the TFM context.
Cc: stable@vger.kernel.org
Fixes: 879f77e9071f ("crypto: qat - Add RSA CRT mode")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 306219a4b00e..9be972430f11 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -1254,18 +1254,8 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm)
struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
struct device *dev = &GET_DEV(ctx->inst->accel_dev);
- if (ctx->n)
- dma_free_coherent(dev, ctx->key_sz, ctx->n, ctx->dma_n);
- if (ctx->e)
- dma_free_coherent(dev, ctx->key_sz, ctx->e, ctx->dma_e);
- if (ctx->d) {
- memset(ctx->d, '\0', ctx->key_sz);
- dma_free_coherent(dev, ctx->key_sz, ctx->d, ctx->dma_d);
- }
+ qat_rsa_clear_ctx(dev, ctx);
qat_crypto_put_instance(ctx->inst);
- ctx->n = NULL;
- ctx->e = NULL;
- ctx->d = NULL;
}
static struct akcipher_alg rsa = {
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (3 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 04/12] crypto: qat - fix memory leak in RSA Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH Giovanni Cabiddu
` (6 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP"), if
the algorithms are enabled, the driver crashes with a BUG_ON while
executing vunmap() in the context of a tasklet. This is due to the fact
that the function dma_free_coherent() cannot be called in an interrupt
context (see Documentation/core-api/dma-api-howto.rst).
The functions qat_rsa_enc() and qat_rsa_dec() allocate memory with
dma_alloc_coherent() if the source or the destination buffers are made
of multiple flat buffers or of a size that is not compatible with the
hardware.
This memory is then freed with dma_free_coherent() in the context of a
tasklet invoked to handle the response for the corresponding request.
Replace allocations with dma_alloc_coherent() in the functions
qat_rsa_enc() and qat_rsa_dec() with kmalloc() + dma_map_single().
Cc: stable@vger.kernel.org
Fixes: a990532023b9 ("crypto: qat - Add support for RSA algorithm")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 137 ++++++++----------
1 file changed, 60 insertions(+), 77 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 9be972430f11..bba4b4d99e94 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -526,25 +526,22 @@ static void qat_rsa_cb(struct icp_qat_fw_pke_resp *resp)
err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL;
- if (req->src_align)
- dma_free_coherent(dev, req->ctx.rsa->key_sz, req->src_align,
- req->in.rsa.enc.m);
- else
- dma_unmap_single(dev, req->in.rsa.enc.m, req->ctx.rsa->key_sz,
- DMA_TO_DEVICE);
+ kfree_sensitive(req->src_align);
+
+ dma_unmap_single(dev, req->in.rsa.enc.m, req->ctx.rsa->key_sz,
+ DMA_TO_DEVICE);
areq->dst_len = req->ctx.rsa->key_sz;
if (req->dst_align) {
scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
areq->dst_len, 1);
- dma_free_coherent(dev, req->ctx.rsa->key_sz, req->dst_align,
- req->out.rsa.enc.c);
- } else {
- dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz,
- DMA_FROM_DEVICE);
+ kfree_sensitive(req->dst_align);
}
+ dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz,
+ DMA_FROM_DEVICE);
+
dma_unmap_single(dev, req->phy_in, sizeof(struct qat_rsa_input_params),
DMA_TO_DEVICE);
dma_unmap_single(dev, req->phy_out,
@@ -661,6 +658,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
+ u8 *vaddr;
int ret;
if (unlikely(!ctx->n || !ctx->e))
@@ -698,40 +696,39 @@ static int qat_rsa_enc(struct akcipher_request *req)
*/
if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
qat_req->src_align = NULL;
- qat_req->in.rsa.enc.m = dma_map_single(dev, sg_virt(req->src),
- req->src_len, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.enc.m)))
- return ret;
-
+ vaddr = sg_virt(req->src);
} else {
int shift = ctx->key_sz - req->src_len;
- qat_req->src_align = dma_alloc_coherent(dev, ctx->key_sz,
- &qat_req->in.rsa.enc.m,
- GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL);
if (unlikely(!qat_req->src_align))
return ret;
scatterwalk_map_and_copy(qat_req->src_align + shift, req->src,
0, req->src_len, 0);
+ vaddr = qat_req->src_align;
}
- if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
- qat_req->dst_align = NULL;
- qat_req->out.rsa.enc.c = dma_map_single(dev, sg_virt(req->dst),
- req->dst_len,
- DMA_FROM_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.enc.c)))
- goto unmap_src;
+ qat_req->in.rsa.enc.m = dma_map_single(dev, vaddr, ctx->key_sz,
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.enc.m)))
+ goto unmap_src;
+ if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
+ qat_req->dst_align = NULL;
+ vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = dma_alloc_coherent(dev, ctx->key_sz,
- &qat_req->out.rsa.enc.c,
- GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
-
+ vaddr = qat_req->dst_align;
}
+
+ qat_req->out.rsa.enc.c = dma_map_single(dev, vaddr, ctx->key_sz,
+ DMA_FROM_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.enc.c)))
+ goto unmap_dst;
+
qat_req->in.rsa.in_tab[3] = 0;
qat_req->out.rsa.out_tab[1] = 0;
qat_req->phy_in = dma_map_single(dev, &qat_req->in.rsa.enc.m,
@@ -769,21 +766,15 @@ static int qat_rsa_enc(struct akcipher_request *req)
sizeof(struct qat_rsa_input_params),
DMA_TO_DEVICE);
unmap_dst:
- if (qat_req->dst_align)
- dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
- qat_req->out.rsa.enc.c);
- else
- if (!dma_mapping_error(dev, qat_req->out.rsa.enc.c))
- dma_unmap_single(dev, qat_req->out.rsa.enc.c,
- ctx->key_sz, DMA_FROM_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->out.rsa.enc.c))
+ dma_unmap_single(dev, qat_req->out.rsa.enc.c,
+ ctx->key_sz, DMA_FROM_DEVICE);
+ kfree_sensitive(qat_req->dst_align);
unmap_src:
- if (qat_req->src_align)
- dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
- qat_req->in.rsa.enc.m);
- else
- if (!dma_mapping_error(dev, qat_req->in.rsa.enc.m))
- dma_unmap_single(dev, qat_req->in.rsa.enc.m,
- ctx->key_sz, DMA_TO_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->in.rsa.enc.m))
+ dma_unmap_single(dev, qat_req->in.rsa.enc.m, ctx->key_sz,
+ DMA_TO_DEVICE);
+ kfree_sensitive(qat_req->src_align);
return ret;
}
@@ -796,6 +787,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
+ u8 *vaddr;
int ret;
if (unlikely(!ctx->n || !ctx->d))
@@ -843,40 +835,37 @@ static int qat_rsa_dec(struct akcipher_request *req)
*/
if (sg_is_last(req->src) && req->src_len == ctx->key_sz) {
qat_req->src_align = NULL;
- qat_req->in.rsa.dec.c = dma_map_single(dev, sg_virt(req->src),
- req->dst_len, DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.dec.c)))
- return ret;
-
+ vaddr = sg_virt(req->src);
} else {
int shift = ctx->key_sz - req->src_len;
- qat_req->src_align = dma_alloc_coherent(dev, ctx->key_sz,
- &qat_req->in.rsa.dec.c,
- GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL);
if (unlikely(!qat_req->src_align))
return ret;
scatterwalk_map_and_copy(qat_req->src_align + shift, req->src,
0, req->src_len, 0);
+ vaddr = qat_req->src_align;
}
- if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
- qat_req->dst_align = NULL;
- qat_req->out.rsa.dec.m = dma_map_single(dev, sg_virt(req->dst),
- req->dst_len,
- DMA_FROM_DEVICE);
- if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.dec.m)))
- goto unmap_src;
+ qat_req->in.rsa.dec.c = dma_map_single(dev, vaddr, ctx->key_sz,
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.dec.c)))
+ goto unmap_src;
+ if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) {
+ qat_req->dst_align = NULL;
+ vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = dma_alloc_coherent(dev, ctx->key_sz,
- &qat_req->out.rsa.dec.m,
- GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
-
+ vaddr = qat_req->dst_align;
}
+ qat_req->out.rsa.dec.m = dma_map_single(dev, vaddr, ctx->key_sz,
+ DMA_FROM_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.dec.m)))
+ goto unmap_dst;
if (ctx->crt_mode)
qat_req->in.rsa.in_tab[6] = 0;
@@ -922,21 +911,15 @@ static int qat_rsa_dec(struct akcipher_request *req)
sizeof(struct qat_rsa_input_params),
DMA_TO_DEVICE);
unmap_dst:
- if (qat_req->dst_align)
- dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align,
- qat_req->out.rsa.dec.m);
- else
- if (!dma_mapping_error(dev, qat_req->out.rsa.dec.m))
- dma_unmap_single(dev, qat_req->out.rsa.dec.m,
- ctx->key_sz, DMA_FROM_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->out.rsa.dec.m))
+ dma_unmap_single(dev, qat_req->out.rsa.dec.m,
+ ctx->key_sz, DMA_FROM_DEVICE);
+ kfree_sensitive(qat_req->dst_align);
unmap_src:
- if (qat_req->src_align)
- dma_free_coherent(dev, ctx->key_sz, qat_req->src_align,
- qat_req->in.rsa.dec.c);
- else
- if (!dma_mapping_error(dev, qat_req->in.rsa.dec.c))
- dma_unmap_single(dev, qat_req->in.rsa.dec.c,
- ctx->key_sz, DMA_TO_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->in.rsa.dec.c))
+ dma_unmap_single(dev, qat_req->in.rsa.dec.c, ctx->key_sz,
+ DMA_TO_DEVICE);
+ kfree_sensitive(qat_req->src_align);
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (4 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
` (5 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
The functions qat_dh_compute_value() allocates memory with
dma_alloc_coherent() if the source or the destination buffers are made
of multiple flat buffers or of a size that is not compatible with the
hardware.
This memory is then freed with dma_free_coherent() in the context of a
tasklet invoked to handle the response for the corresponding request.
According to Documentation/core-api/dma-api-howto.rst, the function
dma_free_coherent() cannot be called in an interrupt context.
Replace allocations with dma_alloc_coherent() in the function
qat_dh_compute_value() with kmalloc() + dma_map_single().
Cc: stable@vger.kernel.org
Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 83 ++++++++-----------
1 file changed, 34 insertions(+), 49 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index bba4b4d99e94..d75eb77c9fb9 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -164,26 +164,21 @@ static void qat_dh_cb(struct icp_qat_fw_pke_resp *resp)
err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL;
if (areq->src) {
- if (req->src_align)
- dma_free_coherent(dev, req->ctx.dh->p_size,
- req->src_align, req->in.dh.in.b);
- else
- dma_unmap_single(dev, req->in.dh.in.b,
- req->ctx.dh->p_size, DMA_TO_DEVICE);
+ dma_unmap_single(dev, req->in.dh.in.b, req->ctx.dh->p_size,
+ DMA_TO_DEVICE);
+ kfree_sensitive(req->src_align);
}
areq->dst_len = req->ctx.dh->p_size;
if (req->dst_align) {
scatterwalk_map_and_copy(req->dst_align, areq->dst, 0,
areq->dst_len, 1);
-
- dma_free_coherent(dev, req->ctx.dh->p_size, req->dst_align,
- req->out.dh.r);
- } else {
- dma_unmap_single(dev, req->out.dh.r, req->ctx.dh->p_size,
- DMA_FROM_DEVICE);
+ kfree_sensitive(req->dst_align);
}
+ dma_unmap_single(dev, req->out.dh.r, req->ctx.dh->p_size,
+ DMA_FROM_DEVICE);
+
dma_unmap_single(dev, req->phy_in, sizeof(struct qat_dh_input_params),
DMA_TO_DEVICE);
dma_unmap_single(dev, req->phy_out,
@@ -231,6 +226,7 @@ static int qat_dh_compute_value(struct kpp_request *req)
struct icp_qat_fw_pke_request *msg = &qat_req->req;
int ret;
int n_input_params = 0;
+ u8 *vaddr;
if (unlikely(!ctx->xa))
return -EINVAL;
@@ -287,27 +283,24 @@ static int qat_dh_compute_value(struct kpp_request *req)
*/
if (sg_is_last(req->src) && req->src_len == ctx->p_size) {
qat_req->src_align = NULL;
- qat_req->in.dh.in.b = dma_map_single(dev,
- sg_virt(req->src),
- req->src_len,
- DMA_TO_DEVICE);
- if (unlikely(dma_mapping_error(dev,
- qat_req->in.dh.in.b)))
- return ret;
-
+ vaddr = sg_virt(req->src);
} else {
int shift = ctx->p_size - req->src_len;
- qat_req->src_align = dma_alloc_coherent(dev,
- ctx->p_size,
- &qat_req->in.dh.in.b,
- GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->p_size, GFP_KERNEL);
if (unlikely(!qat_req->src_align))
return ret;
scatterwalk_map_and_copy(qat_req->src_align + shift,
req->src, 0, req->src_len, 0);
+
+ vaddr = qat_req->src_align;
}
+
+ qat_req->in.dh.in.b = dma_map_single(dev, vaddr, ctx->p_size,
+ DMA_TO_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->in.dh.in.b)))
+ goto unmap_src;
}
/*
* dst can be of any size in valid range, but HW expects it to be the
@@ -318,20 +311,18 @@ static int qat_dh_compute_value(struct kpp_request *req)
*/
if (sg_is_last(req->dst) && req->dst_len == ctx->p_size) {
qat_req->dst_align = NULL;
- qat_req->out.dh.r = dma_map_single(dev, sg_virt(req->dst),
- req->dst_len,
- DMA_FROM_DEVICE);
-
- if (unlikely(dma_mapping_error(dev, qat_req->out.dh.r)))
- goto unmap_src;
-
+ vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = dma_alloc_coherent(dev, ctx->p_size,
- &qat_req->out.dh.r,
- GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->p_size, GFP_KERNEL);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
+
+ vaddr = qat_req->dst_align;
}
+ qat_req->out.dh.r = dma_map_single(dev, vaddr, ctx->p_size,
+ DMA_FROM_DEVICE);
+ if (unlikely(dma_mapping_error(dev, qat_req->out.dh.r)))
+ goto unmap_dst;
qat_req->in.dh.in_tab[n_input_params] = 0;
qat_req->out.dh.out_tab[1] = 0;
@@ -371,23 +362,17 @@ static int qat_dh_compute_value(struct kpp_request *req)
sizeof(struct qat_dh_input_params),
DMA_TO_DEVICE);
unmap_dst:
- if (qat_req->dst_align)
- dma_free_coherent(dev, ctx->p_size, qat_req->dst_align,
- qat_req->out.dh.r);
- else
- if (!dma_mapping_error(dev, qat_req->out.dh.r))
- dma_unmap_single(dev, qat_req->out.dh.r, ctx->p_size,
- DMA_FROM_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->out.dh.r))
+ dma_unmap_single(dev, qat_req->out.dh.r, ctx->p_size,
+ DMA_FROM_DEVICE);
+ kfree_sensitive(qat_req->dst_align);
unmap_src:
if (req->src) {
- if (qat_req->src_align)
- dma_free_coherent(dev, ctx->p_size, qat_req->src_align,
- qat_req->in.dh.in.b);
- else
- if (!dma_mapping_error(dev, qat_req->in.dh.in.b))
- dma_unmap_single(dev, qat_req->in.dh.in.b,
- ctx->p_size,
- DMA_TO_DEVICE);
+ if (!dma_mapping_error(dev, qat_req->in.dh.in.b))
+ dma_unmap_single(dev, qat_req->in.dh.in.b,
+ ctx->p_size,
+ DMA_TO_DEVICE);
+ kfree_sensitive(qat_req->src_align);
}
return ret;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (5 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 9:23 ` Greg KH
2022-05-06 8:23 ` [PATCH 08/12] crypto: qat - add param check for RSA Giovanni Cabiddu
` (4 subsequent siblings)
11 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
Set to zero the DH context buffers containing the DH key before they are
freed.
Cc: stable@vger.kernel.org
Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index d75eb77c9fb9..2fec89b8a188 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
{
if (ctx->g) {
+ memzero_explicit(ctx->g, ctx->p_size);
dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
ctx->g = NULL;
}
if (ctx->xa) {
+ memzero_explicit(ctx->xa, ctx->p_size);
dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa);
ctx->xa = NULL;
}
if (ctx->p) {
+ memzero_explicit(ctx->p, ctx->p_size);
dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p);
ctx->p = NULL;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 08/12] crypto: qat - add param check for RSA
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (6 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 09/12] crypto: qat - add param check for DH Giovanni Cabiddu
` (3 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
Reject requests with a source buffer that is bigger than the size of the
key. This is to prevent a possible integer underflow that might happen
when copying the source scatterlist into a linear buffer.
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 2fec89b8a188..2b2adeee5eee 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -656,6 +656,10 @@ static int qat_rsa_enc(struct akcipher_request *req)
req->dst_len = ctx->key_sz;
return -EOVERFLOW;
}
+
+ if (req->src_len > ctx->key_sz)
+ return -EINVAL;
+
memset(msg, '\0', sizeof(*msg));
ICP_QAT_FW_PKE_HDR_VALID_FLAG_SET(msg->pke_hdr,
ICP_QAT_FW_COMN_REQ_FLAG_SET);
@@ -785,6 +789,10 @@ static int qat_rsa_dec(struct akcipher_request *req)
req->dst_len = ctx->key_sz;
return -EOVERFLOW;
}
+
+ if (req->src_len > ctx->key_sz)
+ return -EINVAL;
+
memset(msg, '\0', sizeof(*msg));
ICP_QAT_FW_PKE_HDR_VALID_FLAG_SET(msg->pke_hdr,
ICP_QAT_FW_COMN_REQ_FLAG_SET);
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 09/12] crypto: qat - add param check for DH
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (7 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 08/12] crypto: qat - add param check for RSA Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
` (2 subsequent siblings)
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
Reject requests with a source buffer that is bigger than the size of the
key. This is to prevent a possible integer underflow that might happen
when copying the source scatterlist into a linear buffer.
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_asym_algs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 2b2adeee5eee..b3badc5bd224 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -235,6 +235,10 @@ static int qat_dh_compute_value(struct kpp_request *req)
req->dst_len = ctx->p_size;
return -EOVERFLOW;
}
+
+ if (req->src_len > ctx->p_size)
+ return -EINVAL;
+
memset(msg, '\0', sizeof(*msg));
ICP_QAT_FW_PKE_HDR_VALID_FLAG_SET(msg->pke_hdr,
ICP_QAT_FW_COMN_REQ_FLAG_SET);
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (8 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 09/12] crypto: qat - add param check for DH Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 9:22 ` Greg KH
2022-05-06 8:23 ` [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 12/12] crypto: qat - re-enable registration of algorithms Giovanni Cabiddu
11 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
Use memzero_explicit(), instead of a memset(.., 0, ..) in the
implementation of the algorithms, for buffers containing sensitive
information to ensure they are wiped out before free.
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
2 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 873533dc43a7..c42df18e02b2 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
return 0;
out_free_all:
- memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
+ memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
ctx->dec_cd, ctx->dec_cd_paddr);
ctx->dec_cd = NULL;
out_free_enc:
- memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));
+ memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
ctx->enc_cd, ctx->enc_cd_paddr);
ctx->enc_cd = NULL;
@@ -1092,12 +1092,12 @@ static int qat_alg_skcipher_newkey(struct qat_alg_skcipher_ctx *ctx,
return 0;
out_free_all:
- memset(ctx->dec_cd, 0, sizeof(*ctx->dec_cd));
+ memzero_explicit(ctx->dec_cd, sizeof(*ctx->dec_cd));
dma_free_coherent(dev, sizeof(*ctx->dec_cd),
ctx->dec_cd, ctx->dec_cd_paddr);
ctx->dec_cd = NULL;
out_free_enc:
- memset(ctx->enc_cd, 0, sizeof(*ctx->enc_cd));
+ memzero_explicit(ctx->enc_cd, sizeof(*ctx->enc_cd));
dma_free_coherent(dev, sizeof(*ctx->enc_cd),
ctx->enc_cd, ctx->enc_cd_paddr);
ctx->enc_cd = NULL;
@@ -1359,12 +1359,12 @@ static void qat_alg_aead_exit(struct crypto_aead *tfm)
dev = &GET_DEV(inst->accel_dev);
if (ctx->enc_cd) {
- memset(ctx->enc_cd, 0, sizeof(struct qat_alg_cd));
+ memzero_explicit(ctx->enc_cd, sizeof(struct qat_alg_cd));
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
ctx->enc_cd, ctx->enc_cd_paddr);
}
if (ctx->dec_cd) {
- memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
+ memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
dma_free_coherent(dev, sizeof(struct qat_alg_cd),
ctx->dec_cd, ctx->dec_cd_paddr);
}
@@ -1412,15 +1412,15 @@ static void qat_alg_skcipher_exit_tfm(struct crypto_skcipher *tfm)
dev = &GET_DEV(inst->accel_dev);
if (ctx->enc_cd) {
- memset(ctx->enc_cd, 0,
- sizeof(struct icp_qat_hw_cipher_algo_blk));
+ memzero_explicit(ctx->enc_cd,
+ sizeof(struct icp_qat_hw_cipher_algo_blk));
dma_free_coherent(dev,
sizeof(struct icp_qat_hw_cipher_algo_blk),
ctx->enc_cd, ctx->enc_cd_paddr);
}
if (ctx->dec_cd) {
- memset(ctx->dec_cd, 0,
- sizeof(struct icp_qat_hw_cipher_algo_blk));
+ memzero_explicit(ctx->dec_cd,
+ sizeof(struct icp_qat_hw_cipher_algo_blk));
dma_free_coherent(dev,
sizeof(struct icp_qat_hw_cipher_algo_blk),
ctx->dec_cd, ctx->dec_cd_paddr);
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index b3badc5bd224..86c7d07435c8 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -1087,19 +1087,19 @@ static void qat_rsa_setkey_crt(struct qat_rsa_ctx *ctx, struct rsa_key *rsa_key)
return;
free_dq:
- memset(ctx->dq, '\0', half_key_sz);
+ memzero_explicit(ctx->dq, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->dq, ctx->dma_dq);
ctx->dq = NULL;
free_dp:
- memset(ctx->dp, '\0', half_key_sz);
+ memzero_explicit(ctx->dp, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->dp, ctx->dma_dp);
ctx->dp = NULL;
free_q:
- memset(ctx->q, '\0', half_key_sz);
+ memzero_explicit(ctx->q, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->q, ctx->dma_q);
ctx->q = NULL;
free_p:
- memset(ctx->p, '\0', half_key_sz);
+ memzero_explicit(ctx->p, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->p, ctx->dma_p);
ctx->p = NULL;
err:
@@ -1116,27 +1116,27 @@ static void qat_rsa_clear_ctx(struct device *dev, struct qat_rsa_ctx *ctx)
if (ctx->e)
dma_free_coherent(dev, ctx->key_sz, ctx->e, ctx->dma_e);
if (ctx->d) {
- memset(ctx->d, '\0', ctx->key_sz);
+ memzero_explicit(ctx->d, ctx->key_sz);
dma_free_coherent(dev, ctx->key_sz, ctx->d, ctx->dma_d);
}
if (ctx->p) {
- memset(ctx->p, '\0', half_key_sz);
+ memzero_explicit(ctx->p, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->p, ctx->dma_p);
}
if (ctx->q) {
- memset(ctx->q, '\0', half_key_sz);
+ memzero_explicit(ctx->q, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->q, ctx->dma_q);
}
if (ctx->dp) {
- memset(ctx->dp, '\0', half_key_sz);
+ memzero_explicit(ctx->dp, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->dp, ctx->dma_dp);
}
if (ctx->dq) {
- memset(ctx->dq, '\0', half_key_sz);
+ memzero_explicit(ctx->dq, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->dq, ctx->dma_dq);
}
if (ctx->qinv) {
- memset(ctx->qinv, '\0', half_key_sz);
+ memzero_explicit(ctx->qinv, half_key_sz);
dma_free_coherent(dev, half_key_sz, ctx->qinv, ctx->dma_qinv);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (9 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 12/12] crypto: qat - re-enable registration of algorithms Giovanni Cabiddu
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Adam Guerin, Wojciech Ziemba
If a request has the flag CRYPTO_TFM_REQ_MAY_SLEEP set, allocate memory
using the flag GFP_KERNEL otherwise use GFP_ATOMIC.
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_common/qat_algs.c | 19 ++++++++++++-------
drivers/crypto/qat/qat_common/qat_asym_algs.c | 17 ++++++++++-------
drivers/crypto/qat/qat_common/qat_crypto.h | 5 +++++
3 files changed, 27 insertions(+), 14 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index c42df18e02b2..42b72f1e301b 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -703,7 +703,8 @@ static void qat_alg_free_bufl(struct qat_crypto_instance *inst,
static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
struct scatterlist *sgl,
struct scatterlist *sglout,
- struct qat_crypto_request *qat_req)
+ struct qat_crypto_request *qat_req,
+ gfp_t flags)
{
struct device *dev = &GET_DEV(inst->accel_dev);
int i, sg_nctr = 0;
@@ -723,7 +724,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
qat_req->buf.sgl_dst_valid = false;
if (n > QAT_MAX_BUFF_DESC) {
- bufl = kzalloc_node(sz, GFP_ATOMIC, node);
+ bufl = kzalloc_node(sz, flags, node);
if (unlikely(!bufl))
return -ENOMEM;
} else {
@@ -765,7 +766,7 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
sg_nctr = 0;
if (n > QAT_MAX_BUFF_DESC) {
- buflout = kzalloc_node(sz_out, GFP_ATOMIC, node);
+ buflout = kzalloc_node(sz_out, flags, node);
if (unlikely(!buflout))
goto err_in;
} else {
@@ -966,6 +967,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
struct icp_qat_fw_la_auth_req_params *auth_param;
struct icp_qat_fw_la_bulk_req *msg;
int digst_size = crypto_aead_authsize(aead_tfm);
+ gfp_t f = qat_algs_alloc_flags(&areq->base);
int ret;
u32 cipher_len;
@@ -973,7 +975,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
if (cipher_len % AES_BLOCK_SIZE != 0)
return -EINVAL;
- ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
+ ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req, f);
if (unlikely(ret))
return ret;
@@ -1008,6 +1010,7 @@ static int qat_alg_aead_enc(struct aead_request *areq)
struct qat_crypto_request *qat_req = aead_request_ctx(areq);
struct icp_qat_fw_la_cipher_req_params *cipher_param;
struct icp_qat_fw_la_auth_req_params *auth_param;
+ gfp_t f = qat_algs_alloc_flags(&areq->base);
struct icp_qat_fw_la_bulk_req *msg;
u8 *iv = areq->iv;
int ret;
@@ -1015,7 +1018,7 @@ static int qat_alg_aead_enc(struct aead_request *areq)
if (areq->cryptlen % AES_BLOCK_SIZE != 0)
return -EINVAL;
- ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
+ ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req, f);
if (unlikely(ret))
return ret;
@@ -1193,13 +1196,14 @@ static int qat_alg_skcipher_encrypt(struct skcipher_request *req)
struct qat_alg_skcipher_ctx *ctx = crypto_tfm_ctx(tfm);
struct qat_crypto_request *qat_req = skcipher_request_ctx(req);
struct icp_qat_fw_la_cipher_req_params *cipher_param;
+ gfp_t f = qat_algs_alloc_flags(&req->base);
struct icp_qat_fw_la_bulk_req *msg;
int ret;
if (req->cryptlen == 0)
return 0;
- ret = qat_alg_sgl_to_bufl(ctx->inst, req->src, req->dst, qat_req);
+ ret = qat_alg_sgl_to_bufl(ctx->inst, req->src, req->dst, qat_req, f);
if (unlikely(ret))
return ret;
@@ -1258,13 +1262,14 @@ static int qat_alg_skcipher_decrypt(struct skcipher_request *req)
struct qat_alg_skcipher_ctx *ctx = crypto_tfm_ctx(tfm);
struct qat_crypto_request *qat_req = skcipher_request_ctx(req);
struct icp_qat_fw_la_cipher_req_params *cipher_param;
+ gfp_t f = qat_algs_alloc_flags(&req->base);
struct icp_qat_fw_la_bulk_req *msg;
int ret;
if (req->cryptlen == 0)
return 0;
- ret = qat_alg_sgl_to_bufl(ctx->inst, req->src, req->dst, qat_req);
+ ret = qat_alg_sgl_to_bufl(ctx->inst, req->src, req->dst, qat_req, f);
if (unlikely(ret))
return ret;
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 86c7d07435c8..688cf6bc95f9 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -224,9 +224,10 @@ static int qat_dh_compute_value(struct kpp_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(kpp_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
- int ret;
+ gfp_t flags = qat_algs_alloc_flags(&req->base);
int n_input_params = 0;
u8 *vaddr;
+ int ret;
if (unlikely(!ctx->xa))
return -EINVAL;
@@ -291,7 +292,7 @@ static int qat_dh_compute_value(struct kpp_request *req)
} else {
int shift = ctx->p_size - req->src_len;
- qat_req->src_align = kzalloc(ctx->p_size, GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->p_size, flags);
if (unlikely(!qat_req->src_align))
return ret;
@@ -317,7 +318,7 @@ static int qat_dh_compute_value(struct kpp_request *req)
qat_req->dst_align = NULL;
vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = kzalloc(ctx->p_size, GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->p_size, flags);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
@@ -650,6 +651,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
+ gfp_t flags = qat_algs_alloc_flags(&req->base);
u8 *vaddr;
int ret;
@@ -696,7 +698,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
} else {
int shift = ctx->key_sz - req->src_len;
- qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->key_sz, flags);
if (unlikely(!qat_req->src_align))
return ret;
@@ -714,7 +716,7 @@ static int qat_rsa_enc(struct akcipher_request *req)
qat_req->dst_align = NULL;
vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->key_sz, flags);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
vaddr = qat_req->dst_align;
@@ -783,6 +785,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
struct qat_asym_request *qat_req =
PTR_ALIGN(akcipher_request_ctx(req), 64);
struct icp_qat_fw_pke_request *msg = &qat_req->req;
+ gfp_t flags = qat_algs_alloc_flags(&req->base);
u8 *vaddr;
int ret;
@@ -839,7 +842,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
} else {
int shift = ctx->key_sz - req->src_len;
- qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL);
+ qat_req->src_align = kzalloc(ctx->key_sz, flags);
if (unlikely(!qat_req->src_align))
return ret;
@@ -857,7 +860,7 @@ static int qat_rsa_dec(struct akcipher_request *req)
qat_req->dst_align = NULL;
vaddr = sg_virt(req->dst);
} else {
- qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL);
+ qat_req->dst_align = kzalloc(ctx->key_sz, flags);
if (unlikely(!qat_req->dst_align))
goto unmap_src;
vaddr = qat_req->dst_align;
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.h b/drivers/crypto/qat/qat_common/qat_crypto.h
index 245b6d9a3650..df3c738ce323 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.h
+++ b/drivers/crypto/qat/qat_common/qat_crypto.h
@@ -109,4 +109,9 @@ static inline bool adf_hw_dev_has_crypto(struct adf_accel_dev *accel_dev)
return true;
}
+static inline gfp_t qat_algs_alloc_flags(struct crypto_async_request *req)
+{
+ return req->flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL : GFP_ATOMIC;
+}
+
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [PATCH 12/12] crypto: qat - re-enable registration of algorithms
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
` (10 preceding siblings ...)
2022-05-06 8:23 ` [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Giovanni Cabiddu
@ 2022-05-06 8:23 ` Giovanni Cabiddu
11 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 8:23 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, vdronov, Giovanni Cabiddu, stable,
Marco Chiappero, Adam Guerin, Wojciech Ziemba
Re-enable the registration of algorithms after fixes to (1) use
pre-allocated buffers in the datapath and (2) support the
CRYPTO_TFM_REQ_MAY_BACKLOG flag.
This reverts commit 8893d27ffcaf6ec6267038a177cb87bcde4dd3de.
Cc: stable@vger.kernel.org
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
Reviewed-by: Adam Guerin <adam.guerin@intel.com>
Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
---
drivers/crypto/qat/qat_4xxx/adf_drv.c | 7 -------
drivers/crypto/qat/qat_common/qat_crypto.c | 7 -------
2 files changed, 14 deletions(-)
diff --git a/drivers/crypto/qat/qat_4xxx/adf_drv.c b/drivers/crypto/qat/qat_4xxx/adf_drv.c
index fa4c350c1bf9..a6c78b9c730b 100644
--- a/drivers/crypto/qat/qat_4xxx/adf_drv.c
+++ b/drivers/crypto/qat/qat_4xxx/adf_drv.c
@@ -75,13 +75,6 @@ static int adf_crypto_dev_config(struct adf_accel_dev *accel_dev)
if (ret)
goto err;
- /* Temporarily set the number of crypto instances to zero to avoid
- * registering the crypto algorithms.
- * This will be removed when the algorithms will support the
- * CRYPTO_TFM_REQ_MAY_BACKLOG flag
- */
- instances = 0;
-
for (i = 0; i < instances; i++) {
val = i;
bank = i * 2;
diff --git a/drivers/crypto/qat/qat_common/qat_crypto.c b/drivers/crypto/qat/qat_common/qat_crypto.c
index 80d905ed102e..9341d892533a 100644
--- a/drivers/crypto/qat/qat_common/qat_crypto.c
+++ b/drivers/crypto/qat/qat_common/qat_crypto.c
@@ -161,13 +161,6 @@ int qat_crypto_dev_config(struct adf_accel_dev *accel_dev)
if (ret)
goto err;
- /* Temporarily set the number of crypto instances to zero to avoid
- * registering the crypto algorithms.
- * This will be removed when the algorithms will support the
- * CRYPTO_TFM_REQ_MAY_BACKLOG flag
- */
- instances = 0;
-
for (i = 0; i < instances; i++) {
val = i;
snprintf(key, sizeof(key), ADF_CY "%d" ADF_RING_ASYM_BANK_NUM, i);
--
2.35.1
^ permalink raw reply related [flat|nested] 26+ messages in thread
* Re: [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
@ 2022-05-06 9:22 ` Greg KH
2022-05-06 9:54 ` Giovanni Cabiddu
0 siblings, 1 reply; 26+ messages in thread
From: Greg KH @ 2022-05-06 9:22 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote:
> Use memzero_explicit(), instead of a memset(.., 0, ..) in the
> implementation of the algorithms, for buffers containing sensitive
> information to ensure they are wiped out before free.
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> ---
> drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
> drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
> 2 files changed, 20 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> index 873533dc43a7..c42df18e02b2 100644
> --- a/drivers/crypto/qat/qat_common/qat_algs.c
> +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
> return 0;
>
> out_free_all:
> - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
> + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
This is for structure fields, why does memset() not work properly here?
The compiler should always call this, it doesn't know what
dma_free_coherent() does. You are referencing this pointer after the
memset() call so all should be working as intended here.
Because of this, I don't see why this change is needed. Do you have
reports of compilers not calling memset() for all of this properly?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
@ 2022-05-06 9:23 ` Greg KH
2022-05-06 10:01 ` Giovanni Cabiddu
0 siblings, 1 reply; 26+ messages in thread
From: Greg KH @ 2022-05-06 9:23 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> Set to zero the DH context buffers containing the DH key before they are
> freed.
That says what, but not why.
> Cc: stable@vger.kernel.org
> Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> ---
> drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> index d75eb77c9fb9..2fec89b8a188 100644
> --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> {
> if (ctx->g) {
> + memzero_explicit(ctx->g, ctx->p_size);
> dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
Why is a memset() not sufficient here?
And what is this solving? Who would get this stale data?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 02/12] crypto: qat - refactor submission logic
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
@ 2022-05-06 9:24 ` Greg KH
2022-05-06 9:38 ` Giovanni Cabiddu
0 siblings, 1 reply; 26+ messages in thread
From: Greg KH @ 2022-05-06 9:24 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Marco Chiappero
On Fri, May 06, 2022 at 09:23:17AM +0100, Giovanni Cabiddu wrote:
> Move the submission loop to a new function, qat_alg_send_message(), and
> share it between the symmetric and the asymmetric algorithms.
>
> If the HW queues are full return -ENOSPC instead of -EBUSY.
>
> For both symmetric and asymmetric services set the number of retries
> before returning an error to a value that works for both, 20 (was 10 for
> symmetric and 100 for asymmetric).
>
> Cc: stable@vger.kernel.org
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
What does this "fix" to require it to be backported to stable trees?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 02/12] crypto: qat - refactor submission logic
2022-05-06 9:24 ` Greg KH
@ 2022-05-06 9:38 ` Giovanni Cabiddu
2022-05-06 9:40 ` Greg KH
0 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 9:38 UTC (permalink / raw)
To: Greg KH
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Marco Chiappero
On Fri, May 06, 2022 at 11:24:14AM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 09:23:17AM +0100, Giovanni Cabiddu wrote:
> > Move the submission loop to a new function, qat_alg_send_message(), and
> > share it between the symmetric and the asymmetric algorithms.
> >
> > If the HW queues are full return -ENOSPC instead of -EBUSY.
> >
> > For both symmetric and asymmetric services set the number of retries
> > before returning an error to a value that works for both, 20 (was 10 for
> > symmetric and 100 for asymmetric).
> >
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
>
> What does this "fix" to require it to be backported to stable trees?
For two reasons, (1) the error code returned if the HW queues are full is
incorrect and (2) to facilitate the backport of the next fix "crypto:
qat - add backlog mechanism".
I can be more explicit in the commit message if required.
Thanks,
--
Giovanni
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 02/12] crypto: qat - refactor submission logic
2022-05-06 9:38 ` Giovanni Cabiddu
@ 2022-05-06 9:40 ` Greg KH
0 siblings, 0 replies; 26+ messages in thread
From: Greg KH @ 2022-05-06 9:40 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Marco Chiappero
On Fri, May 06, 2022 at 10:38:18AM +0100, Giovanni Cabiddu wrote:
> On Fri, May 06, 2022 at 11:24:14AM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 09:23:17AM +0100, Giovanni Cabiddu wrote:
> > > Move the submission loop to a new function, qat_alg_send_message(), and
> > > share it between the symmetric and the asymmetric algorithms.
> > >
> > > If the HW queues are full return -ENOSPC instead of -EBUSY.
> > >
> > > For both symmetric and asymmetric services set the number of retries
> > > before returning an error to a value that works for both, 20 (was 10 for
> > > symmetric and 100 for asymmetric).
> > >
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > Reviewed-by: Marco Chiappero <marco.chiappero@intel.com>
> >
> > What does this "fix" to require it to be backported to stable trees?
> For two reasons, (1) the error code returned if the HW queues are full is
> incorrect and (2) to facilitate the backport of the next fix "crypto:
> qat - add backlog mechanism".
> I can be more explicit in the commit message if required.
Please always be explicit in the commit message, it's the only way to
communicate this type of thing.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-06 9:22 ` Greg KH
@ 2022-05-06 9:54 ` Giovanni Cabiddu
2022-05-06 14:38 ` Greg KH
0 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 9:54 UTC (permalink / raw)
To: Greg KH
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 11:22:39AM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote:
> > Use memzero_explicit(), instead of a memset(.., 0, ..) in the
> > implementation of the algorithms, for buffers containing sensitive
> > information to ensure they are wiped out before free.
> >
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > ---
> > drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
> > drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
> > 2 files changed, 20 insertions(+), 20 deletions(-)
> >
> > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> > index 873533dc43a7..c42df18e02b2 100644
> > --- a/drivers/crypto/qat/qat_common/qat_algs.c
> > +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> > @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
> > return 0;
> >
> > out_free_all:
> > - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
> > + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
>
> This is for structure fields, why does memset() not work properly here?
> The compiler should always call this, it doesn't know what
> dma_free_coherent() does. You are referencing this pointer after the
> memset() call so all should be working as intended here.
>
> Because of this, I don't see why this change is needed. Do you have
> reports of compilers not calling memset() for all of this properly?
Apologies, I had a wrong assumption.
Based on a comment in the memzero_explicit() documentation I assumed it
should be always used to zero sensitive data.
* memzero_explicit - Fill a region of memory (e.g. sensitive
* keying data) with 0s.
I'm going to drop this patch.
Thanks,
--
Giovanni
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-06 9:23 ` Greg KH
@ 2022-05-06 10:01 ` Giovanni Cabiddu
2022-05-06 14:41 ` Greg KH
0 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-06 10:01 UTC (permalink / raw)
To: Greg KH
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > Set to zero the DH context buffers containing the DH key before they are
> > freed.
>
> That says what, but not why.
>
> > Cc: stable@vger.kernel.org
> > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > ---
> > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > index d75eb77c9fb9..2fec89b8a188 100644
> > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > {
> > if (ctx->g) {
> > + memzero_explicit(ctx->g, ctx->p_size);
> > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
>
> Why is a memset() not sufficient here?
Based on the previous conversation a memset() should be sufficient.
> And what is this solving? Who would get this stale data?
This is to make sure the buffer containing sensitive data (i.e. a key)
is not leaked out by a subsequent allocation.
I will clarify it in the commit message.
Thanks,
--
Giovanni
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-06 9:54 ` Giovanni Cabiddu
@ 2022-05-06 14:38 ` Greg KH
2022-05-09 8:50 ` Giovanni Cabiddu
0 siblings, 1 reply; 26+ messages in thread
From: Greg KH @ 2022-05-06 14:38 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 10:54:07AM +0100, Giovanni Cabiddu wrote:
> On Fri, May 06, 2022 at 11:22:39AM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote:
> > > Use memzero_explicit(), instead of a memset(.., 0, ..) in the
> > > implementation of the algorithms, for buffers containing sensitive
> > > information to ensure they are wiped out before free.
> > >
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > ---
> > > drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
> > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
> > > 2 files changed, 20 insertions(+), 20 deletions(-)
> > >
> > > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> > > index 873533dc43a7..c42df18e02b2 100644
> > > --- a/drivers/crypto/qat/qat_common/qat_algs.c
> > > +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> > > @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
> > > return 0;
> > >
> > > out_free_all:
> > > - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
> > > + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
> >
> > This is for structure fields, why does memset() not work properly here?
> > The compiler should always call this, it doesn't know what
> > dma_free_coherent() does. You are referencing this pointer after the
> > memset() call so all should be working as intended here.
> >
> > Because of this, I don't see why this change is needed. Do you have
> > reports of compilers not calling memset() for all of this properly?
> Apologies, I had a wrong assumption.
> Based on a comment in the memzero_explicit() documentation I assumed it
> should be always used to zero sensitive data.
>
> * memzero_explicit - Fill a region of memory (e.g. sensitive
> * keying data) with 0s.
Yes, that's what it is for, when the compiler thinks it is "smarter than
you" for stack variables.
It's great for functions like this:
int foo(...)
{
struct key secret_key;
do something and set secret_key...
/* All done, clean up and return */
memset(&secret_key, 0, sizeof(secret_key));
return 0;
}
For that, some compilers now go "hey, they just want to set this to 0
and then never touch it again, that is pointless, let's not call
memset() at all!".
But when you call:
memset(foo->key, 0, sizeof(key));
do_something_with_foo(foo);
the compiler can NOT go and ignore the call to memset() as it does not
know what do_something_with_foo() does. Or at least it better not.
Try out this with a small example and look at the asm output for proof.
You aren't the first to be confused about this, I see this happening at
least once a month with a patch to change code like you did. Don't know
why it keeps coming up, is this a checkpatch() recommentation?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-06 10:01 ` Giovanni Cabiddu
@ 2022-05-06 14:41 ` Greg KH
2022-05-07 18:52 ` Eric Biggers
0 siblings, 1 reply; 26+ messages in thread
From: Greg KH @ 2022-05-06 14:41 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > Set to zero the DH context buffers containing the DH key before they are
> > > freed.
> >
> > That says what, but not why.
> >
> > > Cc: stable@vger.kernel.org
> > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > ---
> > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > index d75eb77c9fb9..2fec89b8a188 100644
> > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > > {
> > > if (ctx->g) {
> > > + memzero_explicit(ctx->g, ctx->p_size);
> > > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> >
> > Why is a memset() not sufficient here?
> Based on the previous conversation a memset() should be sufficient.
>
> > And what is this solving? Who would get this stale data?
> This is to make sure the buffer containing sensitive data (i.e. a key)
> is not leaked out by a subsequent allocation.
But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
right? That should handle any worries you have with secrets being on
the heap. But even then, are you trying to protect yourself against
other kernel modules? Think this through...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-06 14:41 ` Greg KH
@ 2022-05-07 18:52 ` Eric Biggers
2022-05-09 8:58 ` Giovanni Cabiddu
0 siblings, 1 reply; 26+ messages in thread
From: Eric Biggers @ 2022-05-07 18:52 UTC (permalink / raw)
To: Greg KH
Cc: Giovanni Cabiddu, herbert, linux-crypto, qat-linux, vdronov,
stable, Adam Guerin, Wojciech Ziemba
On Fri, May 06, 2022 at 04:41:52PM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> > On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > > Set to zero the DH context buffers containing the DH key before they are
> > > > freed.
> > >
> > > That says what, but not why.
> > >
> > > > Cc: stable@vger.kernel.org
> > > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > ---
> > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > > > 1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > index d75eb77c9fb9..2fec89b8a188 100644
> > > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > > > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > > > {
> > > > if (ctx->g) {
> > > > + memzero_explicit(ctx->g, ctx->p_size);
> > > > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> > >
> > > Why is a memset() not sufficient here?
> > Based on the previous conversation a memset() should be sufficient.
> >
> > > And what is this solving? Who would get this stale data?
> > This is to make sure the buffer containing sensitive data (i.e. a key)
> > is not leaked out by a subsequent allocation.
>
> But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
> right? That should handle any worries you have with secrets being on
> the heap. But even then, are you trying to protect yourself against
> other kernel modules? Think this through...
>
This patch looks fine to me; it's always recommended to zero out crypto keys at
the end of their lifetime so that they can't be recovered from free memory if
system memory is compromised before the memory happens to be allocated and
overwritten again. See the hundreds of existing callers of kfree_sensitive(),
which exist for exactly this reason.
Note that preventing the key from being "leaked out by a subsequent allocation"
is *not* the point, and thus CONFIG_INIT_ON_ALLOC_DEFAULT_ON is irrelevant.
- Eric
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-06 14:38 ` Greg KH
@ 2022-05-09 8:50 ` Giovanni Cabiddu
2022-05-09 9:42 ` Greg KH
0 siblings, 1 reply; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-09 8:50 UTC (permalink / raw)
To: Greg KH
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Fri, May 06, 2022 at 04:38:15PM +0200, Greg KH wrote:
> On Fri, May 06, 2022 at 10:54:07AM +0100, Giovanni Cabiddu wrote:
> > On Fri, May 06, 2022 at 11:22:39AM +0200, Greg KH wrote:
> > > On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote:
> > > > Use memzero_explicit(), instead of a memset(.., 0, ..) in the
> > > > implementation of the algorithms, for buffers containing sensitive
> > > > information to ensure they are wiped out before free.
> > > >
> > > > Cc: stable@vger.kernel.org
> > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > ---
> > > > drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
> > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
> > > > 2 files changed, 20 insertions(+), 20 deletions(-)
> > > >
> > > > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> > > > index 873533dc43a7..c42df18e02b2 100644
> > > > --- a/drivers/crypto/qat/qat_common/qat_algs.c
> > > > +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> > > > @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
> > > > return 0;
> > > >
> > > > out_free_all:
> > > > - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
> > > > + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
> > >
> > > This is for structure fields, why does memset() not work properly here?
> > > The compiler should always call this, it doesn't know what
> > > dma_free_coherent() does. You are referencing this pointer after the
> > > memset() call so all should be working as intended here.
> > >
> > > Because of this, I don't see why this change is needed. Do you have
> > > reports of compilers not calling memset() for all of this properly?
> > Apologies, I had a wrong assumption.
> > Based on a comment in the memzero_explicit() documentation I assumed it
> > should be always used to zero sensitive data.
> >
> > * memzero_explicit - Fill a region of memory (e.g. sensitive
> > * keying data) with 0s.
>
> Yes, that's what it is for, when the compiler thinks it is "smarter than
> you" for stack variables.
>
> It's great for functions like this:
> int foo(...)
> {
> struct key secret_key;
>
> do something and set secret_key...
>
> /* All done, clean up and return */
> memset(&secret_key, 0, sizeof(secret_key));
> return 0;
> }
>
> For that, some compilers now go "hey, they just want to set this to 0
> and then never touch it again, that is pointless, let's not call
> memset() at all!".
>
> But when you call:
> memset(foo->key, 0, sizeof(key));
> do_something_with_foo(foo);
>
> the compiler can NOT go and ignore the call to memset() as it does not
> know what do_something_with_foo() does. Or at least it better not.
>
> Try out this with a small example and look at the asm output for proof.
Thanks for the explanation. It is clear now.
>
> You aren't the first to be confused about this, I see this happening at
> least once a month with a patch to change code like you did. Don't know
> why it keeps coming up, is this a checkpatch() recommentation?
It is not a checkpatch recommendation.
I got that assumption looking at kfree_sensitive() which contains a call
to memzero_explicit(). This was introduced in 2020 by
8982ae527fbe ("mm/slab: use memzero_explicit() in kzfree()" when the
function was still called kzfree().
I assume now that the call to memzero_explicit() in kfree_sensitive() is
also redundant, unless I'm missing something.
Regards,
--
Giovanni
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 07/12] crypto: qat - set to zero DH parameters before free
2022-05-07 18:52 ` Eric Biggers
@ 2022-05-09 8:58 ` Giovanni Cabiddu
0 siblings, 0 replies; 26+ messages in thread
From: Giovanni Cabiddu @ 2022-05-09 8:58 UTC (permalink / raw)
To: Eric Biggers
Cc: Greg KH, herbert, linux-crypto, qat-linux, vdronov, stable,
Adam Guerin, Wojciech Ziemba
On Sat, May 07, 2022 at 11:52:08AM -0700, Eric Biggers wrote:
> On Fri, May 06, 2022 at 04:41:52PM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 11:01:17AM +0100, Giovanni Cabiddu wrote:
> > > On Fri, May 06, 2022 at 11:23:50AM +0200, Greg KH wrote:
> > > > On Fri, May 06, 2022 at 09:23:22AM +0100, Giovanni Cabiddu wrote:
> > > > > Set to zero the DH context buffers containing the DH key before they are
> > > > > freed.
> > > >
> > > > That says what, but not why.
> > > >
> > > > > Cc: stable@vger.kernel.org
> > > > > Fixes: c9839143ebbf ("crypto: qat - Add DH support")
> > > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > > ---
> > > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++
> > > > > 1 file changed, 3 insertions(+)
> > > > >
> > > > > diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > index d75eb77c9fb9..2fec89b8a188 100644
> > > > > --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
> > > > > @@ -421,14 +421,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params)
> > > > > static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx)
> > > > > {
> > > > > if (ctx->g) {
> > > > > + memzero_explicit(ctx->g, ctx->p_size);
> > > > > dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g);
> > > >
> > > > Why is a memset() not sufficient here?
> > > Based on the previous conversation a memset() should be sufficient.
> > >
> > > > And what is this solving? Who would get this stale data?
> > > This is to make sure the buffer containing sensitive data (i.e. a key)
> > > is not leaked out by a subsequent allocation.
> >
> > But as all sane distros have CONFIG_INIT_ON_ALLOC_DEFAULT_ON enabled,
> > right? That should handle any worries you have with secrets being on
> > the heap. But even then, are you trying to protect yourself against
> > other kernel modules? Think this through...
> >
>
> This patch looks fine to me; it's always recommended to zero out crypto keys at
> the end of their lifetime so that they can't be recovered from free memory if
> system memory is compromised before the memory happens to be allocated and
> overwritten again. See the hundreds of existing callers of kfree_sensitive(),
> which exist for exactly this reason.
>
> Note that preventing the key from being "leaked out by a subsequent allocation"
> is *not* the point, and thus CONFIG_INIT_ON_ALLOC_DEFAULT_ON is irrelevant.
I'm going to clarify the commit message and re-send it detached from the
set.
Regards,
--
Giovanni
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: [PATCH 10/12] crypto: qat - use memzero_explicit() for algs
2022-05-09 8:50 ` Giovanni Cabiddu
@ 2022-05-09 9:42 ` Greg KH
0 siblings, 0 replies; 26+ messages in thread
From: Greg KH @ 2022-05-09 9:42 UTC (permalink / raw)
To: Giovanni Cabiddu
Cc: herbert, linux-crypto, qat-linux, vdronov, stable, Adam Guerin,
Wojciech Ziemba
On Mon, May 09, 2022 at 09:50:58AM +0100, Giovanni Cabiddu wrote:
> On Fri, May 06, 2022 at 04:38:15PM +0200, Greg KH wrote:
> > On Fri, May 06, 2022 at 10:54:07AM +0100, Giovanni Cabiddu wrote:
> > > On Fri, May 06, 2022 at 11:22:39AM +0200, Greg KH wrote:
> > > > On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote:
> > > > > Use memzero_explicit(), instead of a memset(.., 0, ..) in the
> > > > > implementation of the algorithms, for buffers containing sensitive
> > > > > information to ensure they are wiped out before free.
> > > > >
> > > > > Cc: stable@vger.kernel.org
> > > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> > > > > Reviewed-by: Adam Guerin <adam.guerin@intel.com>
> > > > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@intel.com>
> > > > > ---
> > > > > drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++----------
> > > > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++----------
> > > > > 2 files changed, 20 insertions(+), 20 deletions(-)
> > > > >
> > > > > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
> > > > > index 873533dc43a7..c42df18e02b2 100644
> > > > > --- a/drivers/crypto/qat/qat_common/qat_algs.c
> > > > > +++ b/drivers/crypto/qat/qat_common/qat_algs.c
> > > > > @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key,
> > > > > return 0;
> > > > >
> > > > > out_free_all:
> > > > > - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd));
> > > > > + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd));
> > > >
> > > > This is for structure fields, why does memset() not work properly here?
> > > > The compiler should always call this, it doesn't know what
> > > > dma_free_coherent() does. You are referencing this pointer after the
> > > > memset() call so all should be working as intended here.
> > > >
> > > > Because of this, I don't see why this change is needed. Do you have
> > > > reports of compilers not calling memset() for all of this properly?
> > > Apologies, I had a wrong assumption.
> > > Based on a comment in the memzero_explicit() documentation I assumed it
> > > should be always used to zero sensitive data.
> > >
> > > * memzero_explicit - Fill a region of memory (e.g. sensitive
> > > * keying data) with 0s.
> >
> > Yes, that's what it is for, when the compiler thinks it is "smarter than
> > you" for stack variables.
> >
> > It's great for functions like this:
> > int foo(...)
> > {
> > struct key secret_key;
> >
> > do something and set secret_key...
> >
> > /* All done, clean up and return */
> > memset(&secret_key, 0, sizeof(secret_key));
> > return 0;
> > }
> >
> > For that, some compilers now go "hey, they just want to set this to 0
> > and then never touch it again, that is pointless, let's not call
> > memset() at all!".
> >
> > But when you call:
> > memset(foo->key, 0, sizeof(key));
> > do_something_with_foo(foo);
> >
> > the compiler can NOT go and ignore the call to memset() as it does not
> > know what do_something_with_foo() does. Or at least it better not.
> >
> > Try out this with a small example and look at the asm output for proof.
> Thanks for the explanation. It is clear now.
>
> >
> > You aren't the first to be confused about this, I see this happening at
> > least once a month with a patch to change code like you did. Don't know
> > why it keeps coming up, is this a checkpatch() recommentation?
> It is not a checkpatch recommendation.
> I got that assumption looking at kfree_sensitive() which contains a call
> to memzero_explicit(). This was introduced in 2020 by
> 8982ae527fbe ("mm/slab: use memzero_explicit() in kzfree()" when the
> function was still called kzfree().
> I assume now that the call to memzero_explicit() in kfree_sensitive() is
> also redundant, unless I'm missing something.
Maybe it is, it's hard to tell without running some build tests on
different compilers. Try it and see!
thanks,
greg k-h
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2022-05-09 9:49 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-06 8:23 [PATCH 00/12] crypto: qat - re-enable algorithms Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 01/12] crypto: qat - use pre-allocated buffers in datapath Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 02/12] crypto: qat - refactor submission logic Giovanni Cabiddu
2022-05-06 9:24 ` Greg KH
2022-05-06 9:38 ` Giovanni Cabiddu
2022-05-06 9:40 ` Greg KH
2022-05-06 8:23 ` [PATCH 03/12] crypto: qat - add backlog mechanism Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 04/12] crypto: qat - fix memory leak in RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 05/12] crypto: qat - remove dma_free_coherent() for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 06/12] crypto: qat - remove dma_free_coherent() for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 07/12] crypto: qat - set to zero DH parameters before free Giovanni Cabiddu
2022-05-06 9:23 ` Greg KH
2022-05-06 10:01 ` Giovanni Cabiddu
2022-05-06 14:41 ` Greg KH
2022-05-07 18:52 ` Eric Biggers
2022-05-09 8:58 ` Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 08/12] crypto: qat - add param check for RSA Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 09/12] crypto: qat - add param check for DH Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 10/12] crypto: qat - use memzero_explicit() for algs Giovanni Cabiddu
2022-05-06 9:22 ` Greg KH
2022-05-06 9:54 ` Giovanni Cabiddu
2022-05-06 14:38 ` Greg KH
2022-05-09 8:50 ` Giovanni Cabiddu
2022-05-09 9:42 ` Greg KH
2022-05-06 8:23 ` [PATCH 11/12] crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag Giovanni Cabiddu
2022-05-06 8:23 ` [PATCH 12/12] crypto: qat - re-enable registration of algorithms Giovanni Cabiddu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.