Remove a race condition introduced by error path in functions: s5p_aes_interrupt and s5p_aes_crypt_start. Setting the busy field of struct s5p_aes_dev to false made it possible for s5p_tasklet_cb to change the req field, before s5p_aes_complete was called. Change the first parameter of s5p_aes_complete to struct ablkcipher_request. Before spin_unlock, make a copy of the currently handled request, to ensure s5p_aes_complete function call with the correct request. Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> --- drivers/crypto/s5p-sss.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index faa282074e5a..0cf3f12d8f74 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -475,9 +475,9 @@ static void s5p_sg_done(struct s5p_aes_dev *dev) } /* Calls the completion. Cannot be called with dev->lock hold. */ -static void s5p_aes_complete(struct s5p_aes_dev *dev, int err) +static void s5p_aes_complete(struct ablkcipher_request *req, int err) { - dev->req->base.complete(&dev->req->base, err); + req->base.complete(&req->base, err); } static void s5p_unset_outdata(struct s5p_aes_dev *dev) @@ -655,6 +655,7 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) { struct platform_device *pdev = dev_id; struct s5p_aes_dev *dev = platform_get_drvdata(pdev); + struct ablkcipher_request *req; int err_dma_tx = 0; int err_dma_rx = 0; int err_dma_hx = 0; @@ -725,9 +726,10 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) if (err_dma_hx == 1) s5p_set_dma_hashdata(dev, dev->hash_sg_iter); + req = dev->req; spin_unlock_irqrestore(&dev->lock, flags); - s5p_aes_complete(dev, 0); + s5p_aes_complete(req, 0); /* Device is still busy */ tasklet_schedule(&dev->tasklet); } else { @@ -755,8 +757,9 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) if (err_dma_hx == 1) s5p_set_dma_hashdata(dev, dev->hash_sg_iter); + req = dev->req; spin_unlock_irqrestore(&dev->lock, flags); - s5p_aes_complete(dev, err); + s5p_aes_complete(req, err); hash_irq_end: /* @@ -1983,7 +1986,7 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) s5p_sg_done(dev); dev->busy = false; spin_unlock_irqrestore(&dev->lock, flags); - s5p_aes_complete(dev, err); + s5p_aes_complete(req, err); } static void s5p_tasklet_cb(unsigned long data) -- 2.7.4
Fix two whitespace issues that occurred at line breakup. Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> --- drivers/crypto/s5p-sss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 0cf3f12d8f74..ce9bd13ea166 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -491,7 +491,7 @@ static void s5p_unset_indata(struct s5p_aes_dev *dev) } static int s5p_make_sg_cpy(struct s5p_aes_dev *dev, struct scatterlist *src, - struct scatterlist **dst) + struct scatterlist **dst) { void *pages; int len; @@ -1890,7 +1890,7 @@ static int s5p_set_indata_start(struct s5p_aes_dev *dev, } static int s5p_set_outdata_start(struct s5p_aes_dev *dev, - struct ablkcipher_request *req) + struct ablkcipher_request *req) { struct scatterlist *sg; int err; -- 2.7.4
Modifications in s5p-sss.c: - remove unnecessary 'goto' statements, - change uint_8 and uint_32 to u8 and u32 types, Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> --- drivers/crypto/s5p-sss.c | 54 +++++++++++++++--------------------------------- 1 file changed, 17 insertions(+), 37 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index ce9bd13ea166..817a4b2b71e6 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -249,8 +249,8 @@ struct s5p_aes_reqctx { struct s5p_aes_ctx { struct s5p_aes_dev *dev; - uint8_t aes_key[AES_MAX_KEY_SIZE]; - uint8_t nonce[CTR_RFC3686_NONCE_SIZE]; + u8 aes_key[AES_MAX_KEY_SIZE]; + u8 nonce[CTR_RFC3686_NONCE_SIZE]; int keylen; }; @@ -518,46 +518,28 @@ static int s5p_make_sg_cpy(struct s5p_aes_dev *dev, struct scatterlist *src, static int s5p_set_outdata(struct s5p_aes_dev *dev, struct scatterlist *sg) { - int err; - - if (!sg->length) { - err = -EINVAL; - goto exit; - } + if (!sg->length) + return -EINVAL; - err = dma_map_sg(dev->dev, sg, 1, DMA_FROM_DEVICE); - if (!err) { - err = -ENOMEM; - goto exit; - } + if (!dma_map_sg(dev->dev, sg, 1, DMA_FROM_DEVICE)) + return -ENOMEM; dev->sg_dst = sg; - err = 0; -exit: - return err; + return 0; } static int s5p_set_indata(struct s5p_aes_dev *dev, struct scatterlist *sg) { - int err; - - if (!sg->length) { - err = -EINVAL; - goto exit; - } + if (!sg->length) + return -EINVAL; - err = dma_map_sg(dev->dev, sg, 1, DMA_TO_DEVICE); - if (!err) { - err = -ENOMEM; - goto exit; - } + if (!dma_map_sg(dev->dev, sg, 1, DMA_TO_DEVICE)) + return -ENOMEM; dev->sg_src = sg; - err = 0; -exit: - return err; + return 0; } /* @@ -662,8 +644,7 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) bool tx_end = false; bool hx_end = false; unsigned long flags; - uint32_t status; - u32 st_bits; + u32 status, st_bits; int err; spin_lock_irqsave(&dev->lock, flags); @@ -1833,7 +1814,7 @@ static struct ahash_alg algs_sha1_md5_sha256[] = { }; static void s5p_set_aes(struct s5p_aes_dev *dev, - const uint8_t *key, const uint8_t *iv, + const u8 *key, const u8 *iv, unsigned int keylen) { void __iomem *keystart; @@ -1919,7 +1900,7 @@ static int s5p_set_outdata_start(struct s5p_aes_dev *dev, static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) { struct ablkcipher_request *req = dev->req; - uint32_t aes_control; + u32 aes_control; unsigned long flags; int err; u8 *iv; @@ -2027,7 +2008,7 @@ static int s5p_aes_handle_req(struct s5p_aes_dev *dev, err = ablkcipher_enqueue_request(&dev->queue, req); if (dev->busy) { spin_unlock_irqrestore(&dev->lock, flags); - goto exit; + return err; } dev->busy = true; @@ -2035,7 +2016,6 @@ static int s5p_aes_handle_req(struct s5p_aes_dev *dev, tasklet_schedule(&dev->tasklet); -exit: return err; } @@ -2057,7 +2037,7 @@ static int s5p_aes_crypt(struct ablkcipher_request *req, unsigned long mode) } static int s5p_aes_setkey(struct crypto_ablkcipher *cipher, - const uint8_t *key, unsigned int keylen) + const u8 *key, unsigned int keylen) { struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); struct s5p_aes_ctx *ctx = crypto_tfm_ctx(tfm); -- 2.7.4
Add support for aes counter(ctr) block cipher mode of operation for Exynos Hardware. In contrast to ecb and cbc modes, aes-ctr allows encyption/decryption for request sizes not being a multiple of 16(bytes). Hardware requires block sizes being a multiple of 16(bytes). In order to achieve this, copy request source and destination memory, and align it's size to 16. That way hardware processes additional bytes, that are omitted when copying the result back to its original destination. Tested on Odroid-U3 with Exynos 4412 CPU, kernel 4.19-rc2 with crypto run-time self test testmgr and with tcrypt module: insmod tcrypt.ko sec=1 mode=500. Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> --- drivers/crypto/s5p-sss.c | 45 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 817a4b2b71e6..cfa104f6e468 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -1814,7 +1814,7 @@ static struct ahash_alg algs_sha1_md5_sha256[] = { }; static void s5p_set_aes(struct s5p_aes_dev *dev, - const u8 *key, const u8 *iv, + const u8 *key, const u8 *iv, const u8 *ctr, unsigned int keylen) { void __iomem *keystart; @@ -1822,6 +1822,9 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, if (iv) memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10); + if (ctr) + memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_CNT_DATA(0), ctr, 0x10); + if (keylen == AES_KEYSIZE_256) keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0); else if (keylen == AES_KEYSIZE_192) @@ -1903,8 +1906,9 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) u32 aes_control; unsigned long flags; int err; - u8 *iv; + u8 *iv, *ctr; + /* This sets bit [13:12] to 00, which selects 128-bit counter */ aes_control = SSS_AES_KEY_CHANGE_MODE; if (mode & FLAGS_AES_DECRYPT) aes_control |= SSS_AES_MODE_DECRYPT; @@ -1912,11 +1916,14 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CBC) { aes_control |= SSS_AES_CHAIN_MODE_CBC; iv = req->info; + ctr = NULL; } else if ((mode & FLAGS_AES_MODE_MASK) == FLAGS_AES_CTR) { aes_control |= SSS_AES_CHAIN_MODE_CTR; - iv = req->info; + iv = NULL; + ctr = req->info; } else { iv = NULL; /* AES_ECB */ + ctr = NULL; } if (dev->ctx->keylen == AES_KEYSIZE_192) @@ -1948,7 +1955,7 @@ static void s5p_aes_crypt_start(struct s5p_aes_dev *dev, unsigned long mode) goto outdata_error; SSS_AES_WRITE(dev, AES_CONTROL, aes_control); - s5p_set_aes(dev, dev->ctx->aes_key, iv, dev->ctx->keylen); + s5p_set_aes(dev, dev->ctx->aes_key, iv, ctr, dev->ctx->keylen); s5p_set_dma_indata(dev, dev->sg_src); s5p_set_dma_outdata(dev, dev->sg_dst); @@ -2026,7 +2033,8 @@ static int s5p_aes_crypt(struct ablkcipher_request *req, unsigned long mode) struct s5p_aes_ctx *ctx = crypto_ablkcipher_ctx(tfm); struct s5p_aes_dev *dev = ctx->dev; - if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE)) { + if (!IS_ALIGNED(req->nbytes, AES_BLOCK_SIZE) && + ((mode & FLAGS_AES_MODE_MASK) != FLAGS_AES_CTR)) { dev_err(dev->dev, "request size is not exact amount of AES blocks\n"); return -EINVAL; } @@ -2073,6 +2081,11 @@ static int s5p_aes_cbc_decrypt(struct ablkcipher_request *req) return s5p_aes_crypt(req, FLAGS_AES_DECRYPT | FLAGS_AES_CBC); } +static int s5p_aes_ctr_crypt(struct ablkcipher_request *req) +{ + return s5p_aes_crypt(req, FLAGS_AES_CTR); +} + static int s5p_aes_cra_init(struct crypto_tfm *tfm) { struct s5p_aes_ctx *ctx = crypto_tfm_ctx(tfm); @@ -2127,6 +2140,28 @@ static struct crypto_alg algs[] = { .decrypt = s5p_aes_cbc_decrypt, } }, + { + .cra_name = "ctr(aes)", + .cra_driver_name = "ctr-aes-s5p", + .cra_priority = 100, + .cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | + CRYPTO_ALG_ASYNC | + CRYPTO_ALG_KERN_DRIVER_ONLY, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s5p_aes_ctx), + .cra_alignmask = 0x0f, + .cra_type = &crypto_ablkcipher_type, + .cra_module = THIS_MODULE, + .cra_init = s5p_aes_cra_init, + .cra_u.ablkcipher = { + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + .setkey = s5p_aes_setkey, + .encrypt = s5p_aes_ctr_crypt, + .decrypt = s5p_aes_ctr_crypt, + } + }, }; static int s5p_aes_probe(struct platform_device *pdev) -- 2.7.4
On Thu, 13 Sep 2018 at 09:59, Christoph Manszewski <c.manszewski@samsung.com> wrote: > > Remove a race condition introduced by error path in functions: > s5p_aes_interrupt and s5p_aes_crypt_start. Setting the busy field of > struct s5p_aes_dev to false made it possible for s5p_tasklet_cb to > change the req field, before s5p_aes_complete was called. Nice catch. Indeed the code looks racy. > > Change the first parameter of s5p_aes_complete to struct > ablkcipher_request. Before spin_unlock, make a copy of the currently > handled request, to ensure s5p_aes_complete function call with the > correct request. > > Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> > --- > drivers/crypto/s5p-sss.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c > index faa282074e5a..0cf3f12d8f74 100644 > --- a/drivers/crypto/s5p-sss.c > +++ b/drivers/crypto/s5p-sss.c > @@ -475,9 +475,9 @@ static void s5p_sg_done(struct s5p_aes_dev *dev) > } > > /* Calls the completion. Cannot be called with dev->lock hold. */ > -static void s5p_aes_complete(struct s5p_aes_dev *dev, int err) > +static void s5p_aes_complete(struct ablkcipher_request *req, int err) > { > - dev->req->base.complete(&dev->req->base, err); > + req->base.complete(&req->base, err); > } > > static void s5p_unset_outdata(struct s5p_aes_dev *dev) > @@ -655,6 +655,7 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) > { > struct platform_device *pdev = dev_id; > struct s5p_aes_dev *dev = platform_get_drvdata(pdev); > + struct ablkcipher_request *req; > int err_dma_tx = 0; > int err_dma_rx = 0; > int err_dma_hx = 0; > @@ -725,9 +726,10 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) > if (err_dma_hx == 1) > s5p_set_dma_hashdata(dev, dev->hash_sg_iter); > > + req = dev->req; In this path it should not be needed, so just s5p_aes_complete(dev->req)? At this point dev->busy is true so s5p_aes_handle_req() will exit before starting new tasklet. Also the interrupt is an effect of finishing work by device scheduled in last tasklet... so obviously no tasklet should be running. > spin_unlock_irqrestore(&dev->lock, flags); > > - s5p_aes_complete(dev, 0); > + s5p_aes_complete(req, 0); > /* Device is still busy */ > tasklet_schedule(&dev->tasklet); > } else { > @@ -755,8 +757,9 @@ static irqreturn_t s5p_aes_interrupt(int irq, void *dev_id) > if (err_dma_hx == 1) > s5p_set_dma_hashdata(dev, dev->hash_sg_iter); > > + req = dev->req; Please put it before new line (so there will be new line before unlock). Logically it should not be separated from other commands in error path. Best regards, Krzysztof
On Thu, 13 Sep 2018 at 09:59, Christoph Manszewski <c.manszewski@samsung.com> wrote: > > Fix two whitespace issues that occurred at line breakup. The s5p_set_outdata_start() does not have issue - just new line is not aligned. The other also is not a issue of whitespace (e.g. mixed spaces and tabs) but alignment. So how about: "Fix misalignment of continued argument list."? With commit and subject improvements: Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Best regards, Krzysztof > > Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com> > --- > drivers/crypto/s5p-sss.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c > index 0cf3f12d8f74..ce9bd13ea166 100644 > --- a/drivers/crypto/s5p-sss.c > +++ b/drivers/crypto/s5p-sss.c > @@ -491,7 +491,7 @@ static void s5p_unset_indata(struct s5p_aes_dev *dev) > } > > static int s5p_make_sg_cpy(struct s5p_aes_dev *dev, struct scatterlist *src, > - struct scatterlist **dst) > + struct scatterlist **dst) > { > void *pages; > int len; > @@ -1890,7 +1890,7 @@ static int s5p_set_indata_start(struct s5p_aes_dev *dev, > } > > static int s5p_set_outdata_start(struct s5p_aes_dev *dev, > - struct ablkcipher_request *req) > + struct ablkcipher_request *req) > { > struct scatterlist *sg; > int err; > -- > 2.7.4 >
Thanks Christoph for patches! On Thu, 13 Sep 2018 at 09:59, Christoph Manszewski <c.manszewski@samsung.com> wrote: > > Modifications in s5p-sss.c: > > - remove unnecessary 'goto' statements, > No need of empty lines here. > - change uint_8 and uint_32 to u8 and u32 types, Please add rationale for this, e.g.: "for consistency in the driver and making code shorter". Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org> Best regards, Krzysztof
On Thu, 13 Sep 2018 at 09:59, Christoph Manszewski
<c.manszewski@samsung.com> wrote:
>
> Add support for aes counter(ctr) block cipher mode of operation for
> Exynos Hardware. In contrast to ecb and cbc modes, aes-ctr allows
> encyption/decryption for request sizes not being a multiple of 16(bytes).
>
> Hardware requires block sizes being a multiple of 16(bytes). In order to
> achieve this, copy request source and destination memory, and align it's size
> to 16. That way hardware processes additional bytes, that are omitted
> when copying the result back to its original destination.
>
> Tested on Odroid-U3 with Exynos 4412 CPU, kernel 4.19-rc2 with crypto
> run-time self test testmgr and with tcrypt module:
> insmod tcrypt.ko sec=1 mode=500.
>
> Signed-off-by: Christoph Manszewski <c.manszewski@samsung.com>
> ---
> drivers/crypto/s5p-sss.c | 45 ++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 40 insertions(+), 5 deletions(-)
>
Reviewed-by: Krzysztof Kozlowski <krzk@kernel.org>
Best regards,
Krzysztof