Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/4] crypto: ccree - fixes
@ 2020-01-29 14:37 Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists Gilad Ben-Yossef
                   ` (4 more replies)
  0 siblings, 5 replies; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-29 14:37 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller; +Cc: Ofir Drang, linux-crypto, linux-kernel

Fixes in AEAD DMA mapping code and blocksize reporting

Gilad Ben-Yossef (4):
  crypto: ccree - protect against empty or NULL scatterlists
  crypto: ccree - only try to map auth tag if needed
  crypto: ccree - fix some reported cipher block sizes
  crypto: ccree - fix AEAD blocksize registration

 drivers/crypto/ccree/cc_aead.c       |  1 +
 drivers/crypto/ccree/cc_buffer_mgr.c | 68 +++++++++++++---------------
 drivers/crypto/ccree/cc_buffer_mgr.h |  1 +
 drivers/crypto/ccree/cc_cipher.c     |  8 +++-
 4 files changed, 39 insertions(+), 39 deletions(-)

-- 
2.25.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists
  2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
@ 2020-01-29 14:37 ` Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 2/4] crypto: ccree - only try to map auth tag if needed Gilad Ben-Yossef
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-29 14:37 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller
  Cc: Ofir Drang, stable, Geert Uytterhoeven, linux-crypto, linux-kernel

Deal gracefully with a NULL or empty scatterlist which can happen
if both cryptlen and assoclen are zero and we're doing in-place
AEAD encryption.

This fixes a crash when this causes us to try and map a NULL page,
at least with some platforms / DMA mapping configs.

Cc: stable@vger.kernel.org # v4.19+
Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
 drivers/crypto/ccree/cc_buffer_mgr.c | 62 ++++++++++++----------------
 drivers/crypto/ccree/cc_buffer_mgr.h |  1 +
 2 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index a72586eccd81..b938ceae7ae7 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -87,6 +87,8 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
 {
 	unsigned int nents = 0;
 
+	*lbytes = 0;
+
 	while (nbytes && sg_list) {
 		nents++;
 		/* get the number of bytes in the last entry */
@@ -95,6 +97,7 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
 				nbytes : sg_list->length;
 		sg_list = sg_next(sg_list);
 	}
+
 	dev_dbg(dev, "nents %d last bytes %d\n", nents, *lbytes);
 	return nents;
 }
@@ -290,37 +293,25 @@ static int cc_map_sg(struct device *dev, struct scatterlist *sg,
 		     unsigned int nbytes, int direction, u32 *nents,
 		     u32 max_sg_nents, u32 *lbytes, u32 *mapped_nents)
 {
-	if (sg_is_last(sg)) {
-		/* One entry only case -set to DLLI */
-		if (dma_map_sg(dev, sg, 1, direction) != 1) {
-			dev_err(dev, "dma_map_sg() single buffer failed\n");
-			return -ENOMEM;
-		}
-		dev_dbg(dev, "Mapped sg: dma_address=%pad page=%p addr=%pK offset=%u length=%u\n",
-			&sg_dma_address(sg), sg_page(sg), sg_virt(sg),
-			sg->offset, sg->length);
-		*lbytes = nbytes;
-		*nents = 1;
-		*mapped_nents = 1;
-	} else {  /*sg_is_last*/
-		*nents = cc_get_sgl_nents(dev, sg, nbytes, lbytes);
-		if (*nents > max_sg_nents) {
-			*nents = 0;
-			dev_err(dev, "Too many fragments. current %d max %d\n",
-				*nents, max_sg_nents);
-			return -ENOMEM;
-		}
-		/* In case of mmu the number of mapped nents might
-		 * be changed from the original sgl nents
-		 */
-		*mapped_nents = dma_map_sg(dev, sg, *nents, direction);
-		if (*mapped_nents == 0) {
-			*nents = 0;
-			dev_err(dev, "dma_map_sg() sg buffer failed\n");
-			return -ENOMEM;
-		}
+	int ret = 0;
+
+	*nents = cc_get_sgl_nents(dev, sg, nbytes, lbytes);
+	if (*nents > max_sg_nents) {
+		*nents = 0;
+		dev_err(dev, "Too many fragments. current %d max %d\n",
+			*nents, max_sg_nents);
+		return -ENOMEM;
 	}
 
+	ret = dma_map_sg(dev, sg, *nents, direction);
+	if (dma_mapping_error(dev, ret)) {
+		*nents = 0;
+		dev_err(dev, "dma_map_sg() sg buffer failed %d\n", ret);
+		return -ENOMEM;
+	}
+
+	*mapped_nents = ret;
+
 	return 0;
 }
 
@@ -555,11 +546,12 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
 		sg_virt(req->src), areq_ctx->src.nents, areq_ctx->assoc.nents,
 		areq_ctx->assoclen, req->cryptlen);
 
-	dma_unmap_sg(dev, req->src, sg_nents(req->src), DMA_BIDIRECTIONAL);
+	dma_unmap_sg(dev, req->src, areq_ctx->src.mapped_nents,
+		     DMA_BIDIRECTIONAL);
 	if (req->src != req->dst) {
 		dev_dbg(dev, "Unmapping dst sgl: req->dst=%pK\n",
 			sg_virt(req->dst));
-		dma_unmap_sg(dev, req->dst, sg_nents(req->dst),
+		dma_unmap_sg(dev, req->dst, areq_ctx->dst.mapped_nents,
 			     DMA_BIDIRECTIONAL);
 	}
 	if (drvdata->coherent &&
@@ -881,7 +873,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
 					    &src_last_bytes);
 	sg_index = areq_ctx->src_sgl->length;
 	//check where the data starts
-	while (sg_index <= size_to_skip) {
+	while (src_mapped_nents && (sg_index <= size_to_skip)) {
 		src_mapped_nents--;
 		offset -= areq_ctx->src_sgl->length;
 		sgl = sg_next(areq_ctx->src_sgl);
@@ -908,7 +900,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
 			size_for_map += crypto_aead_ivsize(tfm);
 
 		rc = cc_map_sg(dev, req->dst, size_for_map, DMA_BIDIRECTIONAL,
-			       &areq_ctx->dst.nents,
+			       &areq_ctx->dst.mapped_nents,
 			       LLI_MAX_NUM_OF_DATA_ENTRIES, &dst_last_bytes,
 			       &dst_mapped_nents);
 		if (rc)
@@ -921,7 +913,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
 	offset = size_to_skip;
 
 	//check where the data starts
-	while (sg_index <= size_to_skip) {
+	while (dst_mapped_nents && sg_index <= size_to_skip) {
 		dst_mapped_nents--;
 		offset -= areq_ctx->dst_sgl->length;
 		sgl = sg_next(areq_ctx->dst_sgl);
@@ -1123,7 +1115,7 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req)
 	if (is_gcm4543)
 		size_to_map += crypto_aead_ivsize(tfm);
 	rc = cc_map_sg(dev, req->src, size_to_map, DMA_BIDIRECTIONAL,
-		       &areq_ctx->src.nents,
+		       &areq_ctx->src.mapped_nents,
 		       (LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES +
 			LLI_MAX_NUM_OF_DATA_ENTRIES),
 		       &dummy, &mapped_nents);
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.h b/drivers/crypto/ccree/cc_buffer_mgr.h
index af434872c6ff..827b6cb1236e 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.h
+++ b/drivers/crypto/ccree/cc_buffer_mgr.h
@@ -25,6 +25,7 @@ enum cc_sg_cpy_direct {
 
 struct cc_mlli {
 	cc_sram_addr_t sram_addr;
+	unsigned int mapped_nents;
 	unsigned int nents; //sg nents
 	unsigned int mlli_nents; //mlli nents might be different than the above
 };
-- 
2.25.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 2/4] crypto: ccree - only try to map auth tag if needed
  2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists Gilad Ben-Yossef
@ 2020-01-29 14:37 ` Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes Gilad Ben-Yossef
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-29 14:37 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller
  Cc: Ofir Drang, Geert Uytterhoeven, stable, linux-crypto, linux-kernel

Make sure to only add the size of the auth tag to the source mapping
for encryption if it is an in-place operation. Failing to do this
previously caused us to try and map auth size len bytes from a NULL
mapping and crashing if both the cryptlen and assoclen are zero.

Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
---
 drivers/crypto/ccree/cc_buffer_mgr.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index b938ceae7ae7..885347b5b372 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -1109,9 +1109,11 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req)
 	}
 
 	size_to_map = req->cryptlen + areq_ctx->assoclen;
-	if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_ENCRYPT)
+	/* If we do in-place encryption, we also need the auth tag */
+	if ((areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_ENCRYPT) &&
+	   (req->src == req->dst)) {
 		size_to_map += authsize;
-
+	}
 	if (is_gcm4543)
 		size_to_map += crypto_aead_ivsize(tfm);
 	rc = cc_map_sg(dev, req->src, size_to_map, DMA_BIDIRECTIONAL,
-- 
2.25.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes
  2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists Gilad Ben-Yossef
  2020-01-29 14:37 ` [PATCH 2/4] crypto: ccree - only try to map auth tag if needed Gilad Ben-Yossef
@ 2020-01-29 14:37 ` Gilad Ben-Yossef
  2020-01-29 14:57   ` Geert Uytterhoeven
  2020-01-29 14:37 ` [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration Gilad Ben-Yossef
  2020-02-13  9:19 ` [PATCH 0/4] crypto: ccree - fixes Herbert Xu
  4 siblings, 1 reply; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-29 14:37 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller; +Cc: Ofir Drang, linux-crypto, linux-kernel

OFB and CTR modes block sizes were wrongfully reported as
the underlying block sizes. Fix it to 1 bytes as they
turn the block ciphers into stream ciphers.

Also document why our XTS differes from the generic
implementation.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
 drivers/crypto/ccree/cc_cipher.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index c08dee04941b..73457548ee92 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -1236,6 +1236,10 @@ static const struct cc_alg_template skcipher_algs[] = {
 		.sec_func = true,
 	},
 	{
+		/* See https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg40576.html
+		 * for the reason why this differs from the generic
+		 * implementation.
+		 */
 		.name = "xts(aes)",
 		.driver_name = "xts-aes-ccree",
 		.blocksize = 1,
@@ -1431,7 +1435,7 @@ static const struct cc_alg_template skcipher_algs[] = {
 	{
 		.name = "ofb(aes)",
 		.driver_name = "ofb-aes-ccree",
-		.blocksize = AES_BLOCK_SIZE,
+		.blocksize = 1,
 		.template_skcipher = {
 			.setkey = cc_cipher_setkey,
 			.encrypt = cc_cipher_encrypt,
@@ -1584,7 +1588,7 @@ static const struct cc_alg_template skcipher_algs[] = {
 	{
 		.name = "ctr(sm4)",
 		.driver_name = "ctr-sm4-ccree",
-		.blocksize = SM4_BLOCK_SIZE,
+		.blocksize = 1,
 		.template_skcipher = {
 			.setkey = cc_cipher_setkey,
 			.encrypt = cc_cipher_encrypt,
-- 
2.25.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
                   ` (2 preceding siblings ...)
  2020-01-29 14:37 ` [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes Gilad Ben-Yossef
@ 2020-01-29 14:37 ` Gilad Ben-Yossef
  2020-01-29 15:17   ` Geert Uytterhoeven
  2020-02-13  9:19 ` [PATCH 0/4] crypto: ccree - fixes Herbert Xu
  4 siblings, 1 reply; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-29 14:37 UTC (permalink / raw)
  To: Herbert Xu, David S. Miller; +Cc: Ofir Drang, linux-crypto, linux-kernel

Fix an error causing no block sizes to be reported during
all AEAD registrations.

Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
---
 drivers/crypto/ccree/cc_aead.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index edab44cbd353..b69cfbebc59a 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -2642,6 +2642,7 @@ static struct cc_crypto_alg *cc_create_aead_alg(struct cc_alg_template *tmpl,
 
 	alg->base.cra_ctxsize = sizeof(struct cc_aead_ctx);
 	alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
+	alg->base.cra_blocksize = tmpl->blocksize;
 	alg->init = cc_aead_init;
 	alg->exit = cc_aead_exit;
 
-- 
2.25.0


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes
  2020-01-29 14:37 ` [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes Gilad Ben-Yossef
@ 2020-01-29 14:57   ` Geert Uytterhoeven
  0 siblings, 0 replies; 12+ messages in thread
From: Geert Uytterhoeven @ 2020-01-29 14:57 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

Hi Gilad,

On Wed, Jan 29, 2020 at 3:38 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> OFB and CTR modes block sizes were wrongfully reported as
> the underlying block sizes. Fix it to 1 bytes as they
> turn the block ciphers into stream ciphers.
>
> Also document why our XTS differes from the generic
> implementation.
>
> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
> ---
>  drivers/crypto/ccree/cc_cipher.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
> index c08dee04941b..73457548ee92 100644
> --- a/drivers/crypto/ccree/cc_cipher.c
> +++ b/drivers/crypto/ccree/cc_cipher.c
> @@ -1236,6 +1236,10 @@ static const struct cc_alg_template skcipher_algs[] = {
>                 .sec_func = true,
>         },
>         {
> +               /* See https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg40576.html

You may want to refer to
https://lore.kernel.org/linux-crypto/20190910012134.GA24413@gondor.apana.org.au/
instead, as mail-archive is maintained externally.


> +                * for the reason why this differs from the generic
> +                * implementation.
> +                */
>                 .name = "xts(aes)",
>                 .driver_name = "xts-aes-ccree",
>                 .blocksize = 1,
> @@ -1431,7 +1435,7 @@ static const struct cc_alg_template skcipher_algs[] = {
>         {
>                 .name = "ofb(aes)",
>                 .driver_name = "ofb-aes-ccree",
> -               .blocksize = AES_BLOCK_SIZE,
> +               .blocksize = 1,
>                 .template_skcipher = {
>                         .setkey = cc_cipher_setkey,
>                         .encrypt = cc_cipher_encrypt,
> @@ -1584,7 +1588,7 @@ static const struct cc_alg_template skcipher_algs[] = {
>         {
>                 .name = "ctr(sm4)",
>                 .driver_name = "ctr-sm4-ccree",
> -               .blocksize = SM4_BLOCK_SIZE,
> +               .blocksize = 1,
>                 .template_skcipher = {
>                         .setkey = cc_cipher_setkey,
>                         .encrypt = cc_cipher_encrypt,
> --
> 2.25.0
>


--
Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-01-29 14:37 ` [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration Gilad Ben-Yossef
@ 2020-01-29 15:17   ` Geert Uytterhoeven
  2020-01-30 11:33     ` Gilad Ben-Yossef
  0 siblings, 1 reply; 12+ messages in thread
From: Geert Uytterhoeven @ 2020-01-29 15:17 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

Hi Gilad,

On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> Fix an error causing no block sizes to be reported during
> all AEAD registrations.
>
> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>

Thanks, this fixes:

    alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
doesn't match generic impl (16)
    alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
doesn't match generic impl (16)

which you may want to mention in the commit description, so
people who search for the error message will find the fix.

Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>

Note that even after applying this series, the kernel still crashes with

kernel BUG at kernel/dma/swiotlb.c:497!
....
Call trace:
 swiotlb_tbl_map_single+0x30c/0x380
 swiotlb_map+0xb0/0x300
 dma_direct_map_page+0xb8/0x140
 dma_direct_map_sg+0x78/0xe0
 cc_map_sg+0xa0/0xd0
 cc_aead_chain_data.constprop.25+0x17c/0x6a0
 cc_map_aead_request+0x61c/0x990
 cc_proc_aead+0x140/0xeb0
 cc_aead_decrypt+0x48/0x68
 crypto_aead_decrypt+0x30/0x48
 test_aead_vec_cfg+0x5a0/0x8d0

but you may be aware of that.

CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-01-29 15:17   ` Geert Uytterhoeven
@ 2020-01-30 11:33     ` Gilad Ben-Yossef
  2020-01-30 13:19       ` Geert Uytterhoeven
  0 siblings, 1 reply; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-01-30 11:33 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> Hi Gilad,
>
> On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > Fix an error causing no block sizes to be reported during
> > all AEAD registrations.
> >
> > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
>
> Thanks, this fixes:
>
>     alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> doesn't match generic impl (16)
>     alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> doesn't match generic impl (16)
>
> which you may want to mention in the commit description, so
> people who search for the error message will find the fix.
>
> Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
>
> Note that even after applying this series, the kernel still crashes with
>
> kernel BUG at kernel/dma/swiotlb.c:497!
> ....
> Call trace:
>  swiotlb_tbl_map_single+0x30c/0x380
>  swiotlb_map+0xb0/0x300
>  dma_direct_map_page+0xb8/0x140
>  dma_direct_map_sg+0x78/0xe0
>  cc_map_sg+0xa0/0xd0
>  cc_aead_chain_data.constprop.25+0x17c/0x6a0
>  cc_map_aead_request+0x61c/0x990
>  cc_proc_aead+0x140/0xeb0
>  cc_aead_decrypt+0x48/0x68
>  crypto_aead_decrypt+0x30/0x48
>  test_aead_vec_cfg+0x5a0/0x8d0
>
> but you may be aware of that.
>
> CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
> CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y


OK, this is a new one yet - we are now crashing in out-of-place decryption.
And again, I am not seeing this in the different test board, even with
DMA debug turned on.

Can you help me out and print the cryptlen and assoclen (I'm guessing
both are zero), authlen and which AEAD/mode this is?

Thanks alot,
Gilad

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-01-30 11:33     ` Gilad Ben-Yossef
@ 2020-01-30 13:19       ` Geert Uytterhoeven
  2020-02-02 15:32         ` Gilad Ben-Yossef
  0 siblings, 1 reply; 12+ messages in thread
From: Geert Uytterhoeven @ 2020-01-30 13:19 UTC (permalink / raw)
  To: Gilad Ben-Yossef
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

Hi Gilad,

On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > > Fix an error causing no block sizes to be reported during
> > > all AEAD registrations.
> > >
> > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
> >
> > Thanks, this fixes:
> >
> >     alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > doesn't match generic impl (16)
> >     alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > doesn't match generic impl (16)
> >
> > which you may want to mention in the commit description, so
> > people who search for the error message will find the fix.
> >
> > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
> >
> > Note that even after applying this series, the kernel still crashes with
> >
> > kernel BUG at kernel/dma/swiotlb.c:497!
> > ....
> > Call trace:
> >  swiotlb_tbl_map_single+0x30c/0x380
> >  swiotlb_map+0xb0/0x300
> >  dma_direct_map_page+0xb8/0x140
> >  dma_direct_map_sg+0x78/0xe0
> >  cc_map_sg+0xa0/0xd0
> >  cc_aead_chain_data.constprop.25+0x17c/0x6a0
> >  cc_map_aead_request+0x61c/0x990
> >  cc_proc_aead+0x140/0xeb0
> >  cc_aead_decrypt+0x48/0x68
> >  crypto_aead_decrypt+0x30/0x48
> >  test_aead_vec_cfg+0x5a0/0x8d0
> >
> > but you may be aware of that.
> >
> > CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
> > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
>
> OK, this is a new one yet - we are now crashing in out-of-place decryption.
> And again, I am not seeing this in the different test board, even with
> DMA debug turned on.

I'm using a tree based on renesas-drivers[*], with renesas_defconfig
(also from [*]), and the two config changes above.

> Can you help me out and print the cryptlen and assoclen (I'm guessing
> both are zero), authlen and which AEAD/mode this is?

The crashing test is "ccm(aes)" from alg_test_descs[].

With DEBUG=y, and a few extra debug prints, the last few lines
leading to the crash were:

ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=40
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type MLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=00000000ae78472c keylen=32
ccree e6601000.crypto: enc_keylen=32  authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=00000000b9e80940
src_ofs=24 dst=00000000b9e80940 dst_ofs=24 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=00000000ae78472c keylen=32
ccree e6601000.crypto: enc_keylen=32  authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d39b1 src = ffff0006f8a28040 dst
= ffff0006f8a28290
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000e16df7d7 src=00000000b07b5b54
src_ofs=23 dst=00000000b3abbd9e dst_ofs=23 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=0000000061847879 keylen=32
ccree e6601000.crypto: enc_keylen=32  authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=0000000026c45683
src_ofs=8 dst=0000000026c45683 dst_ofs=8 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=000000002490788f keylen=16
ccree e6601000.crypto: enc_keylen=16  authkeylen=0
ccree e6601000.crypto: authlen=8
cc_aead_decrypt:2086: assoclen = 0 cryptlen = 8
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=000000006ab00be2
src_ofs=0 dst=000000006ab00be2 dst_ofs=0 cryptolen=8
ccree e6601000.crypto: Payload authentication failure, (auth-size=8, cipher=8)
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=000000002490788f keylen=16
ccree e6601000.crypto: enc_keylen=16  authkeylen=0
ccree e6601000.crypto: authlen=8
cc_aead_decrypt:2086: assoclen = 0 cryptlen = 8
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28290
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=000000006ab00be2
src_ofs=0 dst=00000000c4bfb383 dst_ofs=0 cryptolen=8

[*] https://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-drivers.git/tag/?h=renesas-drivers-2020-01-28-v5.5

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-01-30 13:19       ` Geert Uytterhoeven
@ 2020-02-02 15:32         ` Gilad Ben-Yossef
  2020-02-02 16:21           ` Gilad Ben-Yossef
  0 siblings, 1 reply; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-02-02 15:32 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

On Thu, Jan 30, 2020 at 3:19 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
>
> Hi Gilad,
>
> On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > > > Fix an error causing no block sizes to be reported during
> > > > all AEAD registrations.
> > > >
> > > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
> > >
> > > Thanks, this fixes:
> > >
> > >     alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > > doesn't match generic impl (16)
> > >     alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > > doesn't match generic impl (16)
> > >
> > > which you may want to mention in the commit description, so
> > > people who search for the error message will find the fix.
> > >
> > > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
> > >
> > > Note that even after applying this series, the kernel still crashes with
> > >
> > > kernel BUG at kernel/dma/swiotlb.c:497!
> > > ....

Thank you!

I've managed to reproduce this here.
Looking into it now...

Gilad

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration
  2020-02-02 15:32         ` Gilad Ben-Yossef
@ 2020-02-02 16:21           ` Gilad Ben-Yossef
  0 siblings, 0 replies; 12+ messages in thread
From: Gilad Ben-Yossef @ 2020-02-02 16:21 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Herbert Xu, David S. Miller, Ofir Drang,
	Linux Crypto Mailing List, Linux Kernel Mailing List

On Sun, Feb 2, 2020 at 5:32 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
>
> On Thu, Jan 30, 2020 at 3:19 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> >
> > Hi Gilad,
> >
> > On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > > On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> > > > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <gilad@benyossef.com> wrote:
> > > > > Fix an error causing no block sizes to be reported during
> > > > > all AEAD registrations.
> > > > >
> > > > > Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
> > > >
> > > > Thanks, this fixes:
> > > >
> > > >     alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > > > doesn't match generic impl (16)
> > > >     alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > > > doesn't match generic impl (16)
> > > >
> > > > which you may want to mention in the commit description, so
> > > > people who search for the error message will find the fix.
> > > >
> > > > Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
> > > >
> > > > Note that even after applying this series, the kernel still crashes with
> > > >
> > > > kernel BUG at kernel/dma/swiotlb.c:497!
> > > > ....
>
> Thank you!
>
> I've managed to reproduce this here.
> Looking into it now...


OK, found it (I think!). Patch sent.

I don't understand why this and the previous bugs is not causing
problems with other configs (e.g. 32 bit ) but now I have an
environment that triggers them I will add it to the usual tests cycle.

Thanks again!

Gilad

-- 
Gilad Ben-Yossef
Chief Coffee Drinker

values of β will give rise to dom!

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH 0/4] crypto: ccree - fixes
  2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
                   ` (3 preceding siblings ...)
  2020-01-29 14:37 ` [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration Gilad Ben-Yossef
@ 2020-02-13  9:19 ` Herbert Xu
  4 siblings, 0 replies; 12+ messages in thread
From: Herbert Xu @ 2020-02-13  9:19 UTC (permalink / raw)
  To: Gilad Ben-Yossef; +Cc: David S. Miller, Ofir Drang, linux-crypto, linux-kernel

On Wed, Jan 29, 2020 at 04:37:53PM +0200, Gilad Ben-Yossef wrote:
> Fixes in AEAD DMA mapping code and blocksize reporting
> 
> Gilad Ben-Yossef (4):
>   crypto: ccree - protect against empty or NULL scatterlists
>   crypto: ccree - only try to map auth tag if needed
>   crypto: ccree - fix some reported cipher block sizes
>   crypto: ccree - fix AEAD blocksize registration
> 
>  drivers/crypto/ccree/cc_aead.c       |  1 +
>  drivers/crypto/ccree/cc_buffer_mgr.c | 68 +++++++++++++---------------
>  drivers/crypto/ccree/cc_buffer_mgr.h |  1 +
>  drivers/crypto/ccree/cc_cipher.c     |  8 +++-
>  4 files changed, 39 insertions(+), 39 deletions(-)

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-29 14:37 [PATCH 0/4] crypto: ccree - fixes Gilad Ben-Yossef
2020-01-29 14:37 ` [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists Gilad Ben-Yossef
2020-01-29 14:37 ` [PATCH 2/4] crypto: ccree - only try to map auth tag if needed Gilad Ben-Yossef
2020-01-29 14:37 ` [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes Gilad Ben-Yossef
2020-01-29 14:57   ` Geert Uytterhoeven
2020-01-29 14:37 ` [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration Gilad Ben-Yossef
2020-01-29 15:17   ` Geert Uytterhoeven
2020-01-30 11:33     ` Gilad Ben-Yossef
2020-01-30 13:19       ` Geert Uytterhoeven
2020-02-02 15:32         ` Gilad Ben-Yossef
2020-02-02 16:21           ` Gilad Ben-Yossef
2020-02-13  9:19 ` [PATCH 0/4] crypto: ccree - fixes Herbert Xu

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git