linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 5.16 073/217] crypto: jitter - consider 32 LSB for APT
       [not found] <20220118021940.1942199-1-sashal@kernel.org>
@ 2022-01-18  2:17 ` Sasha Levin
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 146/217] crypto: ccp - Move SEV_INIT retry for corrupted data Sasha Levin
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-01-18  2:17 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Stephan Müller, Herbert Xu, Sasha Levin, davem, linux-crypto

From: Stephan Müller <smueller@chronox.de>

[ Upstream commit 552d03a223eda3df84526ab2c1f4d82e15eaee7a ]

The APT compares the current time stamp with a pre-set value. The
current code only considered the 4 LSB only. Yet, after reviews by
mathematicians of the user space Jitter RNG version >= 3.1.0, it was
concluded that the APT can be calculated on the 32 LSB of the time
delta. Thi change is applied to the kernel.

This fixes a bug where an AMD EPYC fails this test as its RDTSC value
contains zeros in the LSB. The most appropriate fix would have been to
apply a GCD calculation and divide the time stamp by the GCD. Yet, this
is a significant code change that will be considered for a future
update. Note, tests showed that constantly the GCD always was 32 on
these systems, i.e. the 5 LSB were always zero (thus failing the APT
since it only considered the 4 LSB for its calculation).

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 crypto/jitterentropy.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index 4dc2261cdeefb..788d90749715a 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -265,7 +265,6 @@ static int jent_stuck(struct rand_data *ec, __u64 current_delta)
 {
 	__u64 delta2 = jent_delta(ec->last_delta, current_delta);
 	__u64 delta3 = jent_delta(ec->last_delta2, delta2);
-	unsigned int delta_masked = current_delta & JENT_APT_WORD_MASK;
 
 	ec->last_delta = current_delta;
 	ec->last_delta2 = delta2;
@@ -274,7 +273,7 @@ static int jent_stuck(struct rand_data *ec, __u64 current_delta)
 	 * Insert the result of the comparison of two back-to-back time
 	 * deltas.
 	 */
-	jent_apt_insert(ec, delta_masked);
+	jent_apt_insert(ec, current_delta);
 
 	if (!current_delta || !delta2 || !delta3) {
 		/* RCT with a stuck bit */
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.16 146/217] crypto: ccp - Move SEV_INIT retry for corrupted data
       [not found] <20220118021940.1942199-1-sashal@kernel.org>
  2022-01-18  2:17 ` [PATCH AUTOSEL 5.16 073/217] crypto: jitter - consider 32 LSB for APT Sasha Levin
@ 2022-01-18  2:18 ` Sasha Levin
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 147/217] crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init() Sasha Levin
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 148/217] crypto: hisilicon/qm - fix deadlock for remove driver Sasha Levin
  3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-01-18  2:18 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Peter Gonda, Marc Orr, David Rientjes, Tom Lendacky,
	Brijesh Singh, Joerg Roedel, Herbert Xu, John Allen,
	David S. Miller, Paolo Bonzini, linux-crypto, Sasha Levin

From: Peter Gonda <pgonda@google.com>

[ Upstream commit e423b9d75e779d921e6adf5ac3d0b59400d6ba7e ]

Move the data corrupted retry of SEV_INIT into the
__sev_platform_init_locked() function. This is for upcoming INIT_EX
support as well as helping direct callers of
__sev_platform_init_locked() which currently do not support the
retry.

Signed-off-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/ccp/sev-dev.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index e09925d86bf36..581a1b13d5c3d 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -241,7 +241,7 @@ static int __sev_platform_init_locked(int *error)
 	struct psp_device *psp = psp_master;
 	struct sev_data_init data;
 	struct sev_device *sev;
-	int rc = 0;
+	int psp_ret, rc = 0;
 
 	if (!psp || !psp->sev_data)
 		return -ENODEV;
@@ -266,7 +266,21 @@ static int __sev_platform_init_locked(int *error)
 		data.tmr_len = SEV_ES_TMR_SIZE;
 	}
 
-	rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
+	rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, &psp_ret);
+	if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) {
+		/*
+		 * Initialization command returned an integrity check failure
+		 * status code, meaning that firmware load and validation of SEV
+		 * related persistent data has failed. Retrying the
+		 * initialization function should succeed by replacing the state
+		 * with a reset state.
+		 */
+		dev_dbg(sev->dev, "SEV: retrying INIT command");
+		rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, &psp_ret);
+	}
+	if (error)
+		*error = psp_ret;
+
 	if (rc)
 		return rc;
 
@@ -1091,18 +1105,6 @@ void sev_pci_init(void)
 
 	/* Initialize the platform */
 	rc = sev_platform_init(&error);
-	if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
-		/*
-		 * INIT command returned an integrity check failure
-		 * status code, meaning that firmware load and
-		 * validation of SEV related persistent data has
-		 * failed and persistent state has been erased.
-		 * Retrying INIT command here should succeed.
-		 */
-		dev_dbg(sev->dev, "SEV: retrying INIT command");
-		rc = sev_platform_init(&error);
-	}
-
 	if (rc) {
 		dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
 		return;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.16 147/217] crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init()
       [not found] <20220118021940.1942199-1-sashal@kernel.org>
  2022-01-18  2:17 ` [PATCH AUTOSEL 5.16 073/217] crypto: jitter - consider 32 LSB for APT Sasha Levin
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 146/217] crypto: ccp - Move SEV_INIT retry for corrupted data Sasha Levin
@ 2022-01-18  2:18 ` Sasha Levin
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 148/217] crypto: hisilicon/qm - fix deadlock for remove driver Sasha Levin
  3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-01-18  2:18 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Weili Qian, Herbert Xu, Sasha Levin, xuzaibo, davem, linux-crypto

From: Weili Qian <qianweili@huawei.com>

[ Upstream commit 51fa916b81e5f406a74f14a31a3a228c3cc060ad ]

hpre_curve25519_src_init() allocates memory for 'ptr' before calling
memcmp(). If memcmp() returns 0, the function will return '-EINVAL'
without freeing memory.

Signed-off-by: Weili Qian <qianweili@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
index a032c192ef1d6..7ba7641723a0b 100644
--- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
@@ -1865,7 +1865,7 @@ static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req,
 	 */
 	if (memcmp(ptr, p, ctx->key_sz) == 0) {
 		dev_err(dev, "gx is p!\n");
-		return -EINVAL;
+		goto err;
 	} else if (memcmp(ptr, p, ctx->key_sz) > 0) {
 		hpre_curve25519_src_modulo_p(ptr);
 	}
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH AUTOSEL 5.16 148/217] crypto: hisilicon/qm - fix deadlock for remove driver
       [not found] <20220118021940.1942199-1-sashal@kernel.org>
                   ` (2 preceding siblings ...)
  2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 147/217] crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init() Sasha Levin
@ 2022-01-18  2:18 ` Sasha Levin
  3 siblings, 0 replies; 4+ messages in thread
From: Sasha Levin @ 2022-01-18  2:18 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Yang Shen, Herbert Xu, Sasha Levin, wangzhou1, davem, linux-crypto

From: Yang Shen <shenyang39@huawei.com>

[ Upstream commit fc6c01f0cd10b89c4b01dd2940e0b0cda1bd82fb ]

When remove the driver and executing the task occur at the same time,
the following deadlock will be triggered:

Chain exists of:
    sva_lock --> uacce_mutex --> &qm->qps_lock
    Possible unsafe locking scenario:
		CPU0                    CPU1
		----                    ----
	lock(&qm->qps_lock);
					lock(uacce_mutex);
					lock(&qm->qps_lock);
	lock(sva_lock);

And the lock 'qps_lock' is used to protect qp. Therefore, it's reasonable
cycle is to continue until the qp memory is released. So move the release
lock infront of 'uacce_remove'.

Signed-off-by: Yang Shen <shenyang39@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/hisilicon/qm.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index 52d6cca6262e2..39517aa9630bb 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -3399,6 +3399,7 @@ void hisi_qm_uninit(struct hisi_qm *qm)
 		dma_free_coherent(dev, qm->qdma.size,
 				  qm->qdma.va, qm->qdma.dma);
 	}
+	up_write(&qm->qps_lock);
 
 	qm_irq_unregister(qm);
 	hisi_qm_pci_uninit(qm);
@@ -3406,8 +3407,6 @@ void hisi_qm_uninit(struct hisi_qm *qm)
 		uacce_remove(qm->uacce);
 		qm->uacce = NULL;
 	}
-
-	up_write(&qm->qps_lock);
 }
 EXPORT_SYMBOL_GPL(hisi_qm_uninit);
 
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-01-18  2:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20220118021940.1942199-1-sashal@kernel.org>
2022-01-18  2:17 ` [PATCH AUTOSEL 5.16 073/217] crypto: jitter - consider 32 LSB for APT Sasha Levin
2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 146/217] crypto: ccp - Move SEV_INIT retry for corrupted data Sasha Levin
2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 147/217] crypto: hisilicon/hpre - fix memory leak in hpre_curve25519_src_init() Sasha Levin
2022-01-18  2:18 ` [PATCH AUTOSEL 5.16 148/217] crypto: hisilicon/qm - fix deadlock for remove driver Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).