Re: invalid opcode: 0000 [#1] SMP [aesni_intel]

[Eric Biggers]

On Mon, Oct 23, 2017 at 07:01:32PM +0300, SviMik wrote:
> Hi!
> 
> Got the following kernel panic:
> 
> invalid opcode:  [#1] SMP
> CPU: 0 PID: 1449 Comm: openvpn Not tainted 4.8.13-1.el6.elrepo.x86_64 #1
> cut
> Call Trace:
> 
> [] ? enqueue_entity+0x45e/0x6f0
> [] ? aesni_gcm_enc_avx+0x95/0xd0 [aesni_intel]
> [] helper_rfc4106_encrypt+0x167/0x2f0 [aesni_intel]
> [] rfc4106_encrypt+0x5b/0x90 [aesni_intel]
> cut
> 
> The detailed bug report with full oops dump can be found here:
> https://bugzilla.kernel.org/show_bug.cgi?id=197363
> 
> Could not trigger this bug intentionally, but it happened three times
> already (all three dumps are available).

Well, the program counter was at the 'vmovdqu' instruction, which is the first
AVX instruction in the function.  Is it possible you're running the kernel on a
broken hypervisor that claims AVX instructions are supported but really they
aren't?  Note that AVX is different from AES-NI; the code being executed has
both types of instructions.

(And as a side note, 4.8 is not being maintained as a long term support kernel,
so you really should switch to a different version.)

Eric

[PATCH 02/12] hwrng: bcm2835-rng: Define a driver private context

[Florian Fainelli]

Instead of making hwrng::priv host the base register address, define a
driver private context, make it per platform device instance and pass it
down the different functions.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 55 ++--
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index a818418a7e4c..0d72147ab45b 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -29,6 +29,11 @@
 
 #define RNG_INT_OFF0x1
 
+struct bcm2835_rng_priv {
+   struct hwrng rng;
+   void __iomem *base;
+};
+
 static void __init nsp_rng_init(void __iomem *base)
 {
u32 val;
@@ -39,34 +44,34 @@ static void __init nsp_rng_init(void __iomem *base)
writel(val, base + RNG_INT_MASK);
 }
 
+static inline struct bcm2835_rng_priv *to_rng_priv(struct hwrng *rng)
+{
+   return container_of(rng, struct bcm2835_rng_priv, rng);
+}
+
 static int bcm2835_rng_read(struct hwrng *rng, void *buf, size_t max,
   bool wait)
 {
-   void __iomem *rng_base = (void __iomem *)rng->priv;
+   struct bcm2835_rng_priv *priv = to_rng_priv(rng);
u32 max_words = max / sizeof(u32);
u32 num_words, count;
 
-   while ((__raw_readl(rng_base + RNG_STATUS) >> 24) == 0) {
+   while ((__raw_readl(priv->base + RNG_STATUS) >> 24) == 0) {
if (!wait)
return 0;
cpu_relax();
}
 
-   num_words = readl(rng_base + RNG_STATUS) >> 24;
+   num_words = readl(priv->base + RNG_STATUS) >> 24;
if (num_words > max_words)
num_words = max_words;
 
for (count = 0; count < num_words; count++)
-   ((u32 *)buf)[count] = readl(rng_base + RNG_DATA);
+   ((u32 *)buf)[count] = readl(priv->base + RNG_DATA);
 
return num_words * sizeof(u32);
 }
 
-static struct hwrng bcm2835_rng_ops = {
-   .name   = "bcm2835",
-   .read   = bcm2835_rng_read,
-};
-
 static const struct of_device_id bcm2835_rng_of_match[] = {
{ .compatible = "brcm,bcm2835-rng"},
{ .compatible = "brcm,bcm-nsp-rng", .data = nsp_rng_init},
@@ -80,19 +85,27 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
struct device_node *np = dev->of_node;
void (*rng_setup)(void __iomem *base);
const struct of_device_id *rng_id;
-   void __iomem *rng_base;
+   struct bcm2835_rng_priv *priv;
struct resource *r;
int err;
 
+   priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL);
+   if (!priv)
+   return -ENOMEM;
+
+   platform_set_drvdata(pdev, priv);
+
r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
 
/* map peripheral */
-   rng_base = devm_ioremap_resource(dev, r);
-   if (IS_ERR(rng_base)) {
+   priv->base = devm_ioremap_resource(dev, r);
+   if (IS_ERR(priv->base)) {
dev_err(dev, "failed to remap rng regs");
-   return PTR_ERR(rng_base);
+   return PTR_ERR(priv->base);
}
-   bcm2835_rng_ops.priv = (unsigned long)rng_base;
+
+   priv->rng.name = "bcm2835-rng";
+   priv->rng.read = bcm2835_rng_read;
 
rng_id = of_match_node(bcm2835_rng_of_match, np);
if (!rng_id)
@@ -101,14 +114,14 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
/* Check for rng init function, execute it */
rng_setup = rng_id->data;
if (rng_setup)
-   rng_setup(rng_base);
+   rng_setup(priv->base);
 
/* set warm-up count & enable */
-   __raw_writel(RNG_WARMUP_COUNT, rng_base + RNG_STATUS);
-   __raw_writel(RNG_RBGEN, rng_base + RNG_CTRL);
+   __raw_writel(RNG_WARMUP_COUNT, priv->base + RNG_STATUS);
+   __raw_writel(RNG_RBGEN, priv->base + RNG_CTRL);
 
/* register driver */
-   err = hwrng_register(_rng_ops);
+   err = hwrng_register(>rng);
if (err)
dev_err(dev, "hwrng registration failed\n");
else
@@ -119,13 +132,13 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
 
 static int bcm2835_rng_remove(struct platform_device *pdev)
 {
-   void __iomem *rng_base = (void __iomem *)bcm2835_rng_ops.priv;
+   struct bcm2835_rng_priv *priv = platform_get_drvdata(pdev);
 
/* disable rng hardware */
-   __raw_writel(0, rng_base + RNG_CTRL);
+   __raw_writel(0, priv->base + RNG_CTRL);
 
/* unregister driver */
-   hwrng_unregister(_rng_ops);
+   hwrng_unregister(>rng);
 
return 0;
 }
-- 
2.9.3

[PATCH 00/12] bcm63xx-rng conversion to bcm2835-rng

[Florian Fainelli]

Hi,

As it usually happens when there is a fair amount of HW IP block re-use,
competing implementations show up. In that case the BCM2835 HWRNG driver and
the BCM63xx RNG driver have exactly the same register offsets and this is
indeed the same piece of HW.

This patch series first prepares the bcm2835-rng to be more future proof and
support newer platforms, and the last part brings in what is necessary to
migrate the bcm63xx-rng over to bcm2835-rng. Finally we delete bcm63xx-rng
completely.

The reason why BCM2835 RNG was kept over BCM63xx RNG is because the former
deals correctly with a warm up count and the number of words available in the
FIFO size.

Thanks!

Florian Fainelli (12):
  hwrng: bcm2835-rng: Obtain base register via resource
  hwrng: bcm2835-rng: Define a driver private context
  hwrng: bcm2835-rng: Move enabling to hwrng::init
  hwrng: bcm2835-rng: Implementation cleanup callback
  hwrng: bcm2835-rng: Use device managed helpers
  hwrng: bcm2835-rng: Rework interrupt masking
  hwrng: bcm2835-rng: Manage an optional clock
  hwrng: bcm2835-rng: Abstract I/O accessors
  hwrng: bcm2835-rng: Add Broadcom MIPS I/O accessors
  dt-bindings: rng: Incorporate brcm,bcm6368.txt binding
  hwrng: bcm2835-rng: Enable BCM2835 RNG to work on BCM63xx platforms
  hwrng: bcm63xx-rng: Remove since bcm2835-rng takes over

 .../devicetree/bindings/rng/brcm,bcm2835.txt   |  22 ++-
 .../devicetree/bindings/rng/brcm,bcm6368.txt   |  17 ---
 drivers/char/hw_random/Kconfig |  20 +--
 drivers/char/hw_random/Makefile|   1 -
 drivers/char/hw_random/bcm2835-rng.c   | 166 ++---
 drivers/char/hw_random/bcm63xx-rng.c   | 154 ---
 6 files changed, 139 insertions(+), 241 deletions(-)
 delete mode 100644 Documentation/devicetree/bindings/rng/brcm,bcm6368.txt
 delete mode 100644 drivers/char/hw_random/bcm63xx-rng.c

-- 
2.9.3

[PATCH 05/12] hwrng: bcm2835-rng: Use device managed helpers

[Florian Fainelli]

Now that we have moved the RNG disabling into a hwrng::cleanup callback,
we can use the device managed registration operation and remove our
remove callback since it won't do anything necessary.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 13 +
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 4d0356110b1b..67b9bd3be28d 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -138,7 +138,7 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
rng_setup(priv->base);
 
/* register driver */
-   err = hwrng_register(>rng);
+   err = devm_hwrng_register(dev, >rng);
if (err)
dev_err(dev, "hwrng registration failed\n");
else
@@ -147,16 +147,6 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
return err;
 }
 
-static int bcm2835_rng_remove(struct platform_device *pdev)
-{
-   struct bcm2835_rng_priv *priv = platform_get_drvdata(pdev);
-
-   /* unregister driver */
-   hwrng_unregister(>rng);
-
-   return 0;
-}
-
 MODULE_DEVICE_TABLE(of, bcm2835_rng_of_match);
 
 static struct platform_driver bcm2835_rng_driver = {
@@ -165,7 +155,6 @@ static struct platform_driver bcm2835_rng_driver = {
.of_match_table = bcm2835_rng_of_match,
},
.probe  = bcm2835_rng_probe,
-   .remove = bcm2835_rng_remove,
 };
 module_platform_driver(bcm2835_rng_driver);
 
-- 
2.9.3

[PATCH 01/12] hwrng: bcm2835-rng: Obtain base register via resource

[Florian Fainelli]

In preparation for consolidating bcm63xx-rng into bcm2835-rng, make sure
that we obtain the base register via platform_get_resource() since we
need to support the non-DT enabled MIPS-based BCM63xx DSL SoCs.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 574211a49549..a818418a7e4c 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -81,21 +81,23 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
void (*rng_setup)(void __iomem *base);
const struct of_device_id *rng_id;
void __iomem *rng_base;
+   struct resource *r;
int err;
 
+   r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+
/* map peripheral */
-   rng_base = of_iomap(np, 0);
-   if (!rng_base) {
+   rng_base = devm_ioremap_resource(dev, r);
+   if (IS_ERR(rng_base)) {
dev_err(dev, "failed to remap rng regs");
-   return -ENODEV;
+   return PTR_ERR(rng_base);
}
bcm2835_rng_ops.priv = (unsigned long)rng_base;
 
rng_id = of_match_node(bcm2835_rng_of_match, np);
-   if (!rng_id) {
-   iounmap(rng_base);
+   if (!rng_id)
return -EINVAL;
-   }
+
/* Check for rng init function, execute it */
rng_setup = rng_id->data;
if (rng_setup)
@@ -107,10 +109,9 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
 
/* register driver */
err = hwrng_register(_rng_ops);
-   if (err) {
+   if (err)
dev_err(dev, "hwrng registration failed\n");
-   iounmap(rng_base);
-   } else
+   else
dev_info(dev, "hwrng registered\n");
 
return err;
@@ -125,7 +126,6 @@ static int bcm2835_rng_remove(struct platform_device *pdev)
 
/* unregister driver */
hwrng_unregister(_rng_ops);
-   iounmap(rng_base);
 
return 0;
 }
-- 
2.9.3

[PATCH 03/12] hwrng: bcm2835-rng: Move enabling to hwrng::init

[Florian Fainelli]

We should be moving the enabling of the HWRNG into a hwrng::init
callback since we can be disabled and enabled every time a different
hwrng is selected in the system.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 16 
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 0d72147ab45b..82000a637504 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -72,6 +72,17 @@ static int bcm2835_rng_read(struct hwrng *rng, void *buf, 
size_t max,
return num_words * sizeof(u32);
 }
 
+static int bcm2835_rng_init(struct hwrng *rng)
+{
+   struct bcm2835_rng_priv *priv = to_rng_priv(rng);
+
+   /* set warm-up count & enable */
+   __raw_writel(RNG_WARMUP_COUNT, priv->base + RNG_STATUS);
+   __raw_writel(RNG_RBGEN, priv->base + RNG_CTRL);
+
+   return 0;
+}
+
 static const struct of_device_id bcm2835_rng_of_match[] = {
{ .compatible = "brcm,bcm2835-rng"},
{ .compatible = "brcm,bcm-nsp-rng", .data = nsp_rng_init},
@@ -105,6 +116,7 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
}
 
priv->rng.name = "bcm2835-rng";
+   priv->rng.init = bcm2835_rng_init;
priv->rng.read = bcm2835_rng_read;
 
rng_id = of_match_node(bcm2835_rng_of_match, np);
@@ -116,10 +128,6 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
if (rng_setup)
rng_setup(priv->base);
 
-   /* set warm-up count & enable */
-   __raw_writel(RNG_WARMUP_COUNT, priv->base + RNG_STATUS);
-   __raw_writel(RNG_RBGEN, priv->base + RNG_CTRL);
-
/* register driver */
err = hwrng_register(>rng);
if (err)
-- 
2.9.3

[PATCH 04/12] hwrng: bcm2835-rng: Implementation cleanup callback

[Florian Fainelli]

We should be disabling the RNG in a hwrng::cleanup callback if we are
not longer the system selected RNG, not wait until the device driver is
removed.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 12 +---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 82000a637504..4d0356110b1b 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -83,6 +83,14 @@ static int bcm2835_rng_init(struct hwrng *rng)
return 0;
 }
 
+static void bcm2835_rng_cleanup(struct hwrng *rng)
+{
+   struct bcm2835_rng_priv *priv = to_rng_priv(rng);
+
+   /* disable rng hardware */
+   __raw_writel(0, priv->base + RNG_CTRL);
+}
+
 static const struct of_device_id bcm2835_rng_of_match[] = {
{ .compatible = "brcm,bcm2835-rng"},
{ .compatible = "brcm,bcm-nsp-rng", .data = nsp_rng_init},
@@ -118,6 +126,7 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
priv->rng.name = "bcm2835-rng";
priv->rng.init = bcm2835_rng_init;
priv->rng.read = bcm2835_rng_read;
+   priv->rng.cleanup = bcm2835_rng_cleanup;
 
rng_id = of_match_node(bcm2835_rng_of_match, np);
if (!rng_id)
@@ -142,9 +151,6 @@ static int bcm2835_rng_remove(struct platform_device *pdev)
 {
struct bcm2835_rng_priv *priv = platform_get_drvdata(pdev);
 
-   /* disable rng hardware */
-   __raw_writel(0, priv->base + RNG_CTRL);
-
/* unregister driver */
hwrng_unregister(>rng);
 
-- 
2.9.3

[PATCH 07/12] hwrng: bcm2835-rng: Manage an optional clock

[Florian Fainelli]

One of the last steps before bcm63xx-rng can be eliminated is to manage
a clock during hwrng::init and hwrng::cleanup, so fetch it in the probe
function, and manage it during these two steps when valid.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index ed20e0b6b7ae..35928efb52e7 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -15,6 +15,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define RNG_CTRL   0x0
 #define RNG_STATUS 0x4
@@ -33,6 +34,7 @@ struct bcm2835_rng_priv {
struct hwrng rng;
void __iomem *base;
bool mask_interrupts;
+   struct clk *clk;
 };
 
 static inline struct bcm2835_rng_priv *to_rng_priv(struct hwrng *rng)
@@ -67,6 +69,11 @@ static int bcm2835_rng_init(struct hwrng *rng)
 {
struct bcm2835_rng_priv *priv = to_rng_priv(rng);
u32 val;
+   int ret;
+
+   ret = clk_prepare_enable(priv->clk);
+   if (ret)
+   return ret;
 
if (priv->mask_interrupts) {
/* mask the interrupt */
@@ -88,6 +95,8 @@ static void bcm2835_rng_cleanup(struct hwrng *rng)
 
/* disable rng hardware */
__raw_writel(0, priv->base + RNG_CTRL);
+
+   clk_disable_unprepare(priv->clk);
 }
 
 struct bcm2835_rng_of_data {
@@ -130,6 +139,11 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
return PTR_ERR(priv->base);
}
 
+   /* Clock is optional on most platforms */
+   priv->clk = devm_clk_get(dev, NULL);
+   if (IS_ERR(priv->clk))
+   priv->clk = NULL;
+
priv->rng.name = "bcm2835-rng";
priv->rng.init = bcm2835_rng_init;
priv->rng.read = bcm2835_rng_read;
-- 
2.9.3

[PATCH 06/12] hwrng: bcm2835-rng: Rework interrupt masking

[Florian Fainelli]

The interrupt masking done for Northstart Plus and Northstar (BCM5301X)
is moved from being a function pointer mapped to of_device_id::data into
a proper part of the hwrng::init callback. While at it, we also make the
of_data be a proper structure indicating the platform specifics, since
the day we need to add a second type of platform information, we would
have to do that anyway.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 39 +---
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 67b9bd3be28d..ed20e0b6b7ae 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -32,18 +32,9 @@
 struct bcm2835_rng_priv {
struct hwrng rng;
void __iomem *base;
+   bool mask_interrupts;
 };
 
-static void __init nsp_rng_init(void __iomem *base)
-{
-   u32 val;
-
-   /* mask the interrupt */
-   val = readl(base + RNG_INT_MASK);
-   val |= RNG_INT_OFF;
-   writel(val, base + RNG_INT_MASK);
-}
-
 static inline struct bcm2835_rng_priv *to_rng_priv(struct hwrng *rng)
 {
return container_of(rng, struct bcm2835_rng_priv, rng);
@@ -75,6 +66,14 @@ static int bcm2835_rng_read(struct hwrng *rng, void *buf, 
size_t max,
 static int bcm2835_rng_init(struct hwrng *rng)
 {
struct bcm2835_rng_priv *priv = to_rng_priv(rng);
+   u32 val;
+
+   if (priv->mask_interrupts) {
+   /* mask the interrupt */
+   val = readl(priv->base + RNG_INT_MASK);
+   val |= RNG_INT_OFF;
+   writel(val, priv->base + RNG_INT_MASK);
+   }
 
/* set warm-up count & enable */
__raw_writel(RNG_WARMUP_COUNT, priv->base + RNG_STATUS);
@@ -91,18 +90,26 @@ static void bcm2835_rng_cleanup(struct hwrng *rng)
__raw_writel(0, priv->base + RNG_CTRL);
 }
 
+struct bcm2835_rng_of_data {
+   bool mask_interrupts;
+};
+
+static const struct bcm2835_rng_of_data nsp_rng_of_data = {
+   .mask_interrupts = true,
+};
+
 static const struct of_device_id bcm2835_rng_of_match[] = {
{ .compatible = "brcm,bcm2835-rng"},
-   { .compatible = "brcm,bcm-nsp-rng", .data = nsp_rng_init},
-   { .compatible = "brcm,bcm5301x-rng", .data = nsp_rng_init},
+   { .compatible = "brcm,bcm-nsp-rng", .data = _rng_of_data },
+   { .compatible = "brcm,bcm5301x-rng", .data = _rng_of_data },
{},
 };
 
 static int bcm2835_rng_probe(struct platform_device *pdev)
 {
+   const struct bcm2835_rng_of_data *of_data;
struct device *dev = >dev;
struct device_node *np = dev->of_node;
-   void (*rng_setup)(void __iomem *base);
const struct of_device_id *rng_id;
struct bcm2835_rng_priv *priv;
struct resource *r;
@@ -133,9 +140,9 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
return -EINVAL;
 
/* Check for rng init function, execute it */
-   rng_setup = rng_id->data;
-   if (rng_setup)
-   rng_setup(priv->base);
+   of_data = rng_id->data;
+   if (of_data)
+   priv->mask_interrupts = of_data->mask_interrupts;
 
/* register driver */
err = devm_hwrng_register(dev, >rng);
-- 
2.9.3

[PATCH 09/12] hwrng: bcm2835-rng: Add Broadcom MIPS I/O accessors

[Florian Fainelli]

Broadcom MIPS HW is always strapped to match the system-wide endian such
that all I/O access to this RNG block is done with the native CPU
endian, account for that.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 13 +++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 500275d55044..650e0033c273 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -44,13 +44,22 @@ static inline struct bcm2835_rng_priv *to_rng_priv(struct 
hwrng *rng)
 
 static inline u32 rng_readl(struct bcm2835_rng_priv *priv, u32 offset)
 {
-   return readl(priv->base + offset);
+   /* MIPS chips strapped for BE will automagically configure the
+* peripheral registers for CPU-native byte order.
+*/
+   if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
+   return __raw_readl(priv->base + offset);
+   else
+   return readl(priv->base + offset);
 }
 
 static inline void rng_writel(struct bcm2835_rng_priv *priv, u32 val,
  u32 offset)
 {
-   writel(val, priv->base + offset);
+   if (IS_ENABLED(CONFIG_MIPS) && IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
+   __raw_writel(val, priv->base + offset);
+   else
+   writel(val, priv->base + offset);
 }
 
 static int bcm2835_rng_read(struct hwrng *rng, void *buf, size_t max,
-- 
2.9.3

[PATCH 10/12] dt-bindings: rng: Incorporate brcm,bcm6368.txt binding

[Florian Fainelli]

Since the same block is used on BCM2835 and BCM6368, merge the bindings
and remove the brcm,bcm6368.txt binding document.

Signed-off-by: Florian Fainelli 
---
 .../devicetree/bindings/rng/brcm,bcm2835.txt   | 22 +++---
 .../devicetree/bindings/rng/brcm,bcm6368.txt   | 17 -
 2 files changed, 19 insertions(+), 20 deletions(-)
 delete mode 100644 Documentation/devicetree/bindings/rng/brcm,bcm6368.txt

diff --git a/Documentation/devicetree/bindings/rng/brcm,bcm2835.txt 
b/Documentation/devicetree/bindings/rng/brcm,bcm2835.txt
index 26542690b578..627b29531a32 100644
--- a/Documentation/devicetree/bindings/rng/brcm,bcm2835.txt
+++ b/Documentation/devicetree/bindings/rng/brcm,bcm2835.txt
@@ -1,11 +1,19 @@
-BCM2835 Random number generator
+BCM2835/6368 Random number generator
 
 Required properties:
 
-- compatible : should be "brcm,bcm2835-rng"  or "brcm,bcm-nsp-rng" or
-  "brcm,bcm5301x-rng"
+- compatible : should be one of
+   "brcm,bcm2835-rng"
+   "brcm,bcm-nsp-rng"
+   "brcm,bcm5301x-rng" or
+   "brcm,bcm6368-rng"
 - reg : Specifies base physical address and size of the registers.
 
+Optional properties:
+
+- clocks : phandle to clock-controller plus clock-specifier pair
+- clock-names : "ipsec" as a clock name
+
 Example:
 
 rng {
@@ -17,3 +25,11 @@ rng@18033000 {
compatible = "brcm,bcm-nsp-rng";
reg = <0x18033000 0x14>;
 };
+
+random: rng@10004180 {
+   compatible = "brcm,bcm6368-rng";
+   reg = <0x10004180 0x14>;
+
+   clocks = <_clk 18>;
+   clock-names = "ipsec";
+};
diff --git a/Documentation/devicetree/bindings/rng/brcm,bcm6368.txt 
b/Documentation/devicetree/bindings/rng/brcm,bcm6368.txt
deleted file mode 100644
index 4b5ac600bfbd..
--- a/Documentation/devicetree/bindings/rng/brcm,bcm6368.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-BCM6368 Random number generator
-
-Required properties:
-
-- compatible : should be "brcm,bcm6368-rng"
-- reg : Specifies base physical address and size of the registers
-- clocks : phandle to clock-controller plus clock-specifier pair
-- clock-names : "ipsec" as a clock name
-
-Example:
-   random: rng@10004180 {
-   compatible = "brcm,bcm6368-rng";
-   reg = <0x10004180 0x14>;
-
-   clocks = <_clk 18>;
-   clock-names = "ipsec";
-   };
-- 
2.9.3

[PATCH 11/12] hwrng: bcm2835-rng: Enable BCM2835 RNG to work on BCM63xx platforms

[Florian Fainelli]

We have now incorporated all necessary functionality for the BCM63xx
platforms to successfully migrate over bcm2835-rng, so add the final
bits: Kconfig selection and proper platform_device device type matching
to keep the same platform device name for registration to work.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/Kconfig   |  7 ---
 drivers/char/hw_random/bcm2835-rng.c | 11 ++-
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index 95a031e9eced..d0689cc8c7fc 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -87,12 +87,13 @@ config HW_RANDOM_BCM63XX
  If unusure, say Y.
 
 config HW_RANDOM_BCM2835
-   tristate "Broadcom BCM2835 Random Number Generator support"
-   depends on ARCH_BCM2835 || ARCH_BCM_NSP || ARCH_BCM_5301X
+   tristate "Broadcom BCM2835/BCM63xx Random Number Generator support"
+   depends on ARCH_BCM2835 || ARCH_BCM_NSP || ARCH_BCM_5301X || \
+  ARCH_BCM_63XX || BCM63XX || BMIPS_GENERIC
default HW_RANDOM
---help---
  This driver provides kernel-side support for the Random Number
- Generator hardware found on the Broadcom BCM2835 SoCs.
+ Generator hardware found on the Broadcom BCM2835 and BCM63xx SoCs.
 
  To compile this driver as a module, choose M here: the
  module will be called bcm2835-rng
diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 650e0033c273..d9ffe14f312b 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -131,6 +131,7 @@ static const struct of_device_id bcm2835_rng_of_match[] = {
{ .compatible = "brcm,bcm2835-rng"},
{ .compatible = "brcm,bcm-nsp-rng", .data = _rng_of_data },
{ .compatible = "brcm,bcm5301x-rng", .data = _rng_of_data },
+   { .compatible = "brcm,bcm6368-rng"},
{},
 };
 
@@ -164,7 +165,7 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
if (IS_ERR(priv->clk))
priv->clk = NULL;
 
-   priv->rng.name = "bcm2835-rng";
+   priv->rng.name = pdev->id_entry->name;
priv->rng.init = bcm2835_rng_init;
priv->rng.read = bcm2835_rng_read;
priv->rng.cleanup = bcm2835_rng_cleanup;
@@ -190,12 +191,20 @@ static int bcm2835_rng_probe(struct platform_device *pdev)
 
 MODULE_DEVICE_TABLE(of, bcm2835_rng_of_match);
 
+static struct platform_device_id bcm2835_rng_devtype[] = {
+   { .name = "bcm2835-rng" },
+   { .name = "bcm63xx-rng" },
+   { /* sentinel */ }
+};
+MODULE_DEVICE_TABLE(platform, bcm2835_rng_devtype);
+
 static struct platform_driver bcm2835_rng_driver = {
.driver = {
.name = "bcm2835-rng",
.of_match_table = bcm2835_rng_of_match,
},
.probe  = bcm2835_rng_probe,
+   .id_table   = bcm2835_rng_devtype,
 };
 module_platform_driver(bcm2835_rng_driver);
 
-- 
2.9.3

[PATCH 12/12] hwrng: bcm63xx-rng: Remove since bcm2835-rng takes over

[Florian Fainelli]

bcm2835-rng is now capable of supporting the BCM63xx hardware, so remove
the driver which duplicates the same functionality.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/Kconfig   |  13 ---
 drivers/char/hw_random/Makefile  |   1 -
 drivers/char/hw_random/bcm63xx-rng.c | 154 ---
 3 files changed, 168 deletions(-)
 delete mode 100644 drivers/char/hw_random/bcm63xx-rng.c

diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index d0689cc8c7fc..2d3775b9c0c7 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -73,19 +73,6 @@ config HW_RANDOM_ATMEL
 
  If unsure, say Y.
 
-config HW_RANDOM_BCM63XX
-   tristate "Broadcom BCM63xx Random Number Generator support"
-   depends on BCM63XX || BMIPS_GENERIC
-   default HW_RANDOM
-   ---help---
- This driver provides kernel-side support for the Random Number
- Generator hardware found on the Broadcom BCM63xx SoCs.
-
- To compile this driver as a module, choose M here: the
- module will be called bcm63xx-rng
-
- If unusure, say Y.
-
 config HW_RANDOM_BCM2835
tristate "Broadcom BCM2835/BCM63xx Random Number Generator support"
depends on ARCH_BCM2835 || ARCH_BCM_NSP || ARCH_BCM_5301X || \
diff --git a/drivers/char/hw_random/Makefile b/drivers/char/hw_random/Makefile
index 39a67defac67..470ea14ed6b7 100644
--- a/drivers/char/hw_random/Makefile
+++ b/drivers/char/hw_random/Makefile
@@ -8,7 +8,6 @@ obj-$(CONFIG_HW_RANDOM_TIMERIOMEM) += timeriomem-rng.o
 obj-$(CONFIG_HW_RANDOM_INTEL) += intel-rng.o
 obj-$(CONFIG_HW_RANDOM_AMD) += amd-rng.o
 obj-$(CONFIG_HW_RANDOM_ATMEL) += atmel-rng.o
-obj-$(CONFIG_HW_RANDOM_BCM63XX)+= bcm63xx-rng.o
 obj-$(CONFIG_HW_RANDOM_GEODE) += geode-rng.o
 obj-$(CONFIG_HW_RANDOM_N2RNG) += n2-rng.o
 n2-rng-y := n2-drv.o n2-asm.o
diff --git a/drivers/char/hw_random/bcm63xx-rng.c 
b/drivers/char/hw_random/bcm63xx-rng.c
deleted file mode 100644
index 5132c9cde50d..
--- a/drivers/char/hw_random/bcm63xx-rng.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Broadcom BCM63xx Random Number Generator support
- *
- * Copyright (C) 2011, Florian Fainelli 
- * Copyright (C) 2009, Broadcom Corporation
- *
- */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#define RNG_CTRL   0x00
-#define RNG_EN (1 << 0)
-
-#define RNG_STAT   0x04
-#define RNG_AVAIL_MASK (0xff00)
-
-#define RNG_DATA   0x08
-#define RNG_THRES  0x0c
-#define RNG_MASK   0x10
-
-struct bcm63xx_rng_priv {
-   struct hwrng rng;
-   struct clk *clk;
-   void __iomem *regs;
-};
-
-#define to_rng_priv(rng)   container_of(rng, struct bcm63xx_rng_priv, rng)
-
-static int bcm63xx_rng_init(struct hwrng *rng)
-{
-   struct bcm63xx_rng_priv *priv = to_rng_priv(rng);
-   u32 val;
-   int error;
-
-   error = clk_prepare_enable(priv->clk);
-   if (error)
-   return error;
-
-   val = __raw_readl(priv->regs + RNG_CTRL);
-   val |= RNG_EN;
-   __raw_writel(val, priv->regs + RNG_CTRL);
-
-   return 0;
-}
-
-static void bcm63xx_rng_cleanup(struct hwrng *rng)
-{
-   struct bcm63xx_rng_priv *priv = to_rng_priv(rng);
-   u32 val;
-
-   val = __raw_readl(priv->regs + RNG_CTRL);
-   val &= ~RNG_EN;
-   __raw_writel(val, priv->regs + RNG_CTRL);
-
-   clk_disable_unprepare(priv->clk);
-}
-
-static int bcm63xx_rng_data_present(struct hwrng *rng, int wait)
-{
-   struct bcm63xx_rng_priv *priv = to_rng_priv(rng);
-
-   return __raw_readl(priv->regs + RNG_STAT) & RNG_AVAIL_MASK;
-}
-
-static int bcm63xx_rng_data_read(struct hwrng *rng, u32 *data)
-{
-   struct bcm63xx_rng_priv *priv = to_rng_priv(rng);
-
-   *data = __raw_readl(priv->regs + RNG_DATA);
-
-   return 4;
-}
-
-static int bcm63xx_rng_probe(struct platform_device *pdev)
-{
-   struct resource *r;
-   int ret;
-   struct bcm63xx_rng_priv *priv;
-
-   r = platform_get_resource(pdev, IORESOURCE_MEM, 0);
-   if (!r) {
-   dev_err(>dev, "no iomem resource\n");
-   return -ENXIO;
-   }
-
-   priv = devm_kzalloc(>dev, sizeof(*priv), GFP_KERNEL);
-   if (!priv)
-   return -ENOMEM;
-
-   priv->rng.name = pdev->name;
-   priv->rng.init = bcm63xx_rng_init;
-   priv->rng.cleanup = bcm63xx_rng_cleanup;
-   priv->rng.data_present = bcm63xx_rng_data_present;
-   priv->rng.data_read = bcm63xx_rng_data_read;
-
-   priv->clk = devm_clk_get(>dev, "ipsec");
-   if (IS_ERR(priv->clk)) {
-   ret = PTR_ERR(priv->clk);
-   dev_err(>dev, "no clock for device: %d\n", ret);
-   return ret;
-   }
-
-   if 

[PATCH 08/12] hwrng: bcm2835-rng: Abstract I/O accessors

[Florian Fainelli]

In preparation for allowing BCM63xx to use this driver, we abstract I/O
accessors such that we can easily change those later on.

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/bcm2835-rng.c | 27 +++
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/drivers/char/hw_random/bcm2835-rng.c 
b/drivers/char/hw_random/bcm2835-rng.c
index 35928efb52e7..500275d55044 100644
--- a/drivers/char/hw_random/bcm2835-rng.c
+++ b/drivers/char/hw_random/bcm2835-rng.c
@@ -42,6 +42,17 @@ static inline struct bcm2835_rng_priv *to_rng_priv(struct 
hwrng *rng)
return container_of(rng, struct bcm2835_rng_priv, rng);
 }
 
+static inline u32 rng_readl(struct bcm2835_rng_priv *priv, u32 offset)
+{
+   return readl(priv->base + offset);
+}
+
+static inline void rng_writel(struct bcm2835_rng_priv *priv, u32 val,
+ u32 offset)
+{
+   writel(val, priv->base + offset);
+}
+
 static int bcm2835_rng_read(struct hwrng *rng, void *buf, size_t max,
   bool wait)
 {
@@ -49,18 +60,18 @@ static int bcm2835_rng_read(struct hwrng *rng, void *buf, 
size_t max,
u32 max_words = max / sizeof(u32);
u32 num_words, count;
 
-   while ((__raw_readl(priv->base + RNG_STATUS) >> 24) == 0) {
+   while ((rng_readl(priv, RNG_STATUS) >> 24) == 0) {
if (!wait)
return 0;
cpu_relax();
}
 
-   num_words = readl(priv->base + RNG_STATUS) >> 24;
+   num_words = rng_readl(priv, RNG_STATUS) >> 24;
if (num_words > max_words)
num_words = max_words;
 
for (count = 0; count < num_words; count++)
-   ((u32 *)buf)[count] = readl(priv->base + RNG_DATA);
+   ((u32 *)buf)[count] = rng_readl(priv, RNG_DATA);
 
return num_words * sizeof(u32);
 }
@@ -77,14 +88,14 @@ static int bcm2835_rng_init(struct hwrng *rng)
 
if (priv->mask_interrupts) {
/* mask the interrupt */
-   val = readl(priv->base + RNG_INT_MASK);
+   val = rng_readl(priv, RNG_INT_MASK);
val |= RNG_INT_OFF;
-   writel(val, priv->base + RNG_INT_MASK);
+   rng_writel(priv, val, RNG_INT_MASK);
}
 
/* set warm-up count & enable */
-   __raw_writel(RNG_WARMUP_COUNT, priv->base + RNG_STATUS);
-   __raw_writel(RNG_RBGEN, priv->base + RNG_CTRL);
+   rng_writel(priv, RNG_WARMUP_COUNT, RNG_STATUS);
+   rng_writel(priv, RNG_RBGEN, RNG_CTRL);
 
return 0;
 }
@@ -94,7 +105,7 @@ static void bcm2835_rng_cleanup(struct hwrng *rng)
struct bcm2835_rng_priv *priv = to_rng_priv(rng);
 
/* disable rng hardware */
-   __raw_writel(0, priv->base + RNG_CTRL);
+   rng_writel(priv, 0, RNG_CTRL);
 
clk_disable_unprepare(priv->clk);
 }
-- 
2.9.3

[PATCH 0/2] hwrng: iproc-rng200: Add support for BCM7278

[Florian Fainelli]

Hi,

This patch series adds support for the RNG200 block found on the BCM7278 SoC.
This requires us to update the compatible string (and associated binding
document) as well as the Kconfig option to make that driver selectable with
ARCH_BRCMSTB gating the enabling of such SoCs.

Thank you

Florian Fainelli (2):
  dt-bindings: rng: Document BCM7278 RNG200 compatible
  hwrng: iproc-rng200: Add support for BCM7278

 Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt | 4 +++-
 drivers/char/hw_random/Kconfig  | 6 +++---
 drivers/char/hw_random/iproc-rng200.c   | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)

-- 
2.9.3

[PATCH 1/2] dt-bindings: rng: Document BCM7278 RNG200 compatible

[Florian Fainelli]

BCM7278 includes a RGN200 hardware random number generator, document the
compatible string for that version of the IP.

Signed-off-by: Florian Fainelli 
---
 Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt 
b/Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt
index e25a456664b9..0014da9145af 100644
--- a/Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt
+++ b/Documentation/devicetree/bindings/rng/brcm,iproc-rng200.txt
@@ -1,7 +1,9 @@
 HWRNG support for the iproc-rng200 driver
 
 Required properties:
-- compatible : "brcm,iproc-rng200"
+- compatible : Must be one of:
+  "brcm,bcm7278-rng200"
+  "brcm,iproc-rng200"
 - reg : base address and size of control register block
 
 Example:
-- 
2.9.3

[PATCH 2/2] hwrng: iproc-rng200: Add support for BCM7278

[Florian Fainelli]

BCM7278 features a RNG200 hardware random number generator block, add
support for this chip by matching the chip-specific compatible string
and extending the Kconfig dependencies to allow building on ARCH_BRCMSTB
(base platform for 7278).

Signed-off-by: Florian Fainelli 
---
 drivers/char/hw_random/Kconfig| 6 +++---
 drivers/char/hw_random/iproc-rng200.c | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig
index 95a031e9eced..f6e3e5abc117 100644
--- a/drivers/char/hw_random/Kconfig
+++ b/drivers/char/hw_random/Kconfig
@@ -100,12 +100,12 @@ config HW_RANDOM_BCM2835
  If unsure, say Y.
 
 config HW_RANDOM_IPROC_RNG200
-   tristate "Broadcom iProc RNG200 support"
-   depends on ARCH_BCM_IPROC
+   tristate "Broadcom iProc/STB RNG200 support"
+   depends on ARCH_BCM_IPROC || ARCH_BRCMSTB
default HW_RANDOM
---help---
  This driver provides kernel-side support for the RNG200
- hardware found on the Broadcom iProc SoCs.
+ hardware found on the Broadcom iProc and STB SoCs.
 
  To compile this driver as a module, choose M here: the
  module will be called iproc-rng200
diff --git a/drivers/char/hw_random/iproc-rng200.c 
b/drivers/char/hw_random/iproc-rng200.c
index 3eaf7cb96d36..8b5a20b35293 100644
--- a/drivers/char/hw_random/iproc-rng200.c
+++ b/drivers/char/hw_random/iproc-rng200.c
@@ -220,6 +220,7 @@ static int iproc_rng200_probe(struct platform_device *pdev)
 }
 
 static const struct of_device_id iproc_rng200_of_match[] = {
+   { .compatible = "brcm,bcm7278-rng200", },
{ .compatible = "brcm,iproc-rng200", },
{},
 };
-- 
2.9.3

[PATCH 1/4] crypto: dh - fix double free of ctx->p

[Eric Biggers]

From: Eric Biggers 

When setting the secret with the software Diffie-Hellman implementation,
if allocating 'g' failed (e.g. if it was longer than
MAX_EXTERN_MPI_BITS), then 'p' was freed twice: once immediately, and
once later when the crypto_kpp tfm was destroyed.  Fix it by using
dh_free_ctx() in the error paths, as that sets the pointers to NULL.

KASAN report:

MPI: mpi too large (32760 bits)
==
BUG: KASAN: use-after-free in mpi_free+0x131/0x170
Read of size 4 at addr 88006c7cdf90 by task reproduce_doubl/367

CPU: 1 PID: 367 Comm: reproduce_doubl Not tainted 
4.14.0-rc7-00040-g05298abde6fe #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
 dump_stack+0xb3/0x10b
 ? mpi_free+0x131/0x170
 print_address_description+0x79/0x2a0
 ? mpi_free+0x131/0x170
 kasan_report+0x236/0x340
 ? akcipher_register_instance+0x90/0x90
 __asan_report_load4_noabort+0x14/0x20
 mpi_free+0x131/0x170
 ? akcipher_register_instance+0x90/0x90
 dh_exit_tfm+0x3d/0x140
 crypto_kpp_exit_tfm+0x52/0x70
 crypto_destroy_tfm+0xb3/0x250
 __keyctl_dh_compute+0x640/0xe90
 ? kasan_slab_free+0x12f/0x180
 ? dh_data_from_key+0x240/0x240
 ? key_create_or_update+0x1ee/0xb20
 ? key_instantiate_and_link+0x440/0x440
 ? lock_contended+0xee0/0xee0
 ? kfree+0xcf/0x210
 ? SyS_add_key+0x268/0x340
 keyctl_dh_compute+0xb3/0xf1
 ? __keyctl_dh_compute+0xe90/0xe90
 ? SyS_add_key+0x26d/0x340
 ? entry_SYSCALL_64_fastpath+0x5/0xbe
 ? trace_hardirqs_on_caller+0x3f4/0x560
 SyS_keyctl+0x72/0x2c0
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x43ccf9
RSP: 002b:7ffeeec96158 EFLAGS: 0246 ORIG_RAX: 00fa
RAX: ffda RBX: 0248b9b9 RCX: 0043ccf9
RDX: 7ffeeec96170 RSI: 7ffeeec96160 RDI: 0017
RBP: 0046 R08:  R09: 0248b9b9143dc936
R10: 1000 R11: 0246 R12: 
R13: 00409670 R14: 00409700 R15: 

Allocated by task 367:
 save_stack_trace+0x16/0x20
 kasan_kmalloc+0xeb/0x180
 kmem_cache_alloc_trace+0x114/0x300
 mpi_alloc+0x4b/0x230
 mpi_read_raw_data+0xbe/0x360
 dh_set_secret+0x1dc/0x460
 __keyctl_dh_compute+0x623/0xe90
 keyctl_dh_compute+0xb3/0xf1
 SyS_keyctl+0x72/0x2c0
 entry_SYSCALL_64_fastpath+0x1f/0xbe

Freed by task 367:
 save_stack_trace+0x16/0x20
 kasan_slab_free+0xab/0x180
 kfree+0xb5/0x210
 mpi_free+0xcb/0x170
 dh_set_secret+0x2d7/0x460
 __keyctl_dh_compute+0x623/0xe90
 keyctl_dh_compute+0xb3/0xf1
 SyS_keyctl+0x72/0x2c0
 entry_SYSCALL_64_fastpath+0x1f/0xbe

Fixes: 802c7f1c84e4 ("crypto: dh - Add DH software implementation")
Cc:  # v4.8+
Signed-off-by: Eric Biggers 
---
 crypto/dh.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/crypto/dh.c b/crypto/dh.c
index b1032a5c1bfa..b488f1782ced 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -71,10 +71,8 @@ static int dh_set_params(struct dh_ctx *ctx, struct dh 
*params)
return -EINVAL;
 
ctx->g = mpi_read_raw_data(params->g, params->g_size);
-   if (!ctx->g) {
-   mpi_free(ctx->p);
+   if (!ctx->g)
return -EINVAL;
-   }
 
return 0;
 }
@@ -89,18 +87,20 @@ static int dh_set_secret(struct crypto_kpp *tfm, const void 
*buf,
dh_free_ctx(ctx);
 
if (crypto_dh_decode_key(buf, len, ) < 0)
-   return -EINVAL;
+   goto err_free_ctx;
 
if (dh_set_params(ctx, ) < 0)
-   return -EINVAL;
+   goto err_free_ctx;
 
ctx->xa = mpi_read_raw_data(params.key, params.key_size);
-   if (!ctx->xa) {
-   dh_clear_params(ctx);
-   return -EINVAL;
-   }
+   if (!ctx->xa)
+   goto err_free_ctx;
 
return 0;
+
+err_free_ctx:
+   dh_free_ctx(ctx);
+   return -EINVAL;
 }
 
 static int dh_compute_value(struct kpp_request *req)
-- 
2.15.0.403.gc27cc4dac6-goog

[PATCH 2/4] crypto: dh - don't permit 'p' to be 0

[Eric Biggers]

From: Eric Biggers 

If 'p' is 0 for the software Diffie-Hellman implementation, then
dh_max_size() returns 0.  In the case of KEYCTL_DH_COMPUTE, this causes
ZERO_SIZE_POINTER to be passed to sg_init_one(), which with
CONFIG_DEBUG_SG=y triggers the 'BUG_ON(!virt_addr_valid(buf));' in
sg_set_buf().

Fix this by making crypto_dh_decode_key() reject 0 for 'p'.  p=0 makes
no sense for any DH implementation because 'p' is supposed to be a prime
number.  Moreover, 'mod 0' is not mathematically defined.

Bug report:

kernel BUG at ./include/linux/scatterlist.h:140!
invalid opcode:  [#1] SMP KASAN
CPU: 0 PID: 27112 Comm: syz-executor2 Not tainted 
4.14.0-rc7-00010-gf5dbb5d0ce32-dirty #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.3-20171021_125229-anatol 04/01/2014
task: 88006caac0c0 task.stack: 88006c7c8000
RIP: 0010:sg_set_buf include/linux/scatterlist.h:140 [inline]
RIP: 0010:sg_init_one+0x1b3/0x240 lib/scatterlist.c:156
RSP: 0018:88006c7cfb08 EFLAGS: 00010216
RAX: 0001 RBX: 88006c7cfe30 RCX: 64ee
RDX: 81cf64c3 RSI: c9d72000 RDI: 92e937e0
RBP: 88006c7cfb30 R08: ed000d8f9fab R09: 88006c7cfd30
R10: 0005 R11: ed000d8f9faa R12: 88006c7cfd30
R13:  R14: 0010 R15: 88006c7cfc50
FS:  7fce190fa700() GS:88003ea0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 7fffc6b33db8 CR3: 3cf64000 CR4: 06f0
Call Trace:
 __keyctl_dh_compute+0xa95/0x19b0 security/keys/dh.c:360
 keyctl_dh_compute+0xac/0x100 security/keys/dh.c:434
 SYSC_keyctl security/keys/keyctl.c:1745 [inline]
 SyS_keyctl+0x72/0x2c0 security/keys/keyctl.c:1641
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4585c9
RSP: 002b:7fce190f9bd8 EFLAGS: 0216 ORIG_RAX: 00fa
RAX: ffda RBX: 00738020 RCX: 004585c9
RDX: 2000d000 RSI: 2ff4 RDI: 0017
RBP: 0046 R08: 20008000 R09: 
R10:  R11: 0216 R12: 7fff6e610cde
R13: 7fff6e610cdf R14: 7fce190fa700 R15: 
Code: 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 33 5b 
45 89 6c 24 14 41 5c 41 5d 41 5e 41 5f 5d c3 e8 fd 8f 68 ff <0f> 0b e8 f6 8f 68 
ff 0f 0b e8 ef 8f 68 ff 0f 0b e8 e8 8f 68 ff 20
RIP: sg_set_buf include/linux/scatterlist.h:140 [inline] RSP: 
88006c7cfb08
RIP: sg_init_one+0x1b3/0x240 lib/scatterlist.c:156 RSP: 88006c7cfb08

Fixes: 802c7f1c84e4 ("crypto: dh - Add DH software implementation")
Cc:  # v4.8+
Signed-off-by: Eric Biggers 
---
 crypto/dh_helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 8ba8a3f82620..708ae20d2d3c 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -90,6 +90,14 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, 
struct dh *params)
params->p = (void *)(ptr + params->key_size);
params->g = (void *)(ptr + params->key_size + params->p_size);
 
+   /*
+* Don't permit 'p' to be 0.  It's not a prime number, and it's subject
+* to corner cases such as 'mod 0' being undefined or
+* crypto_kpp_maxsize() returning 0.
+*/
+   if (memchr_inv(params->p, 0, params->p_size) == NULL)
+   return -EINVAL;
+
return 0;
 }
 EXPORT_SYMBOL_GPL(crypto_dh_decode_key);
-- 
2.15.0.403.gc27cc4dac6-goog

[PATCH 0/4] crypto: dh - input validation fixes

[Eric Biggers]

From: Eric Biggers 

This series fixes several corner cases in the Diffie-Hellman key
exchange implementations:

- With CONFIG_DEBUG_SG=y and the software DH implementation, setting 'p'
  to 0 caused a BUG_ON().
- Both the software and QAT DH implementations had a double-free bug in
  the case where 'g' could not be allocated.
- With the QAT DH implementation, setting 'g' or 'key' larger than 'p'
  caused a buffer underflow.

Note that in kernels configured with CONFIG_KEY_DH_OPERATIONS=y, these
bugs are reachable by unprivileged users via KEYCTL_DH_COMPUTE.

Eric Biggers (4):
  crypto: dh - fix double free of ctx->p
  crypto: dh - don't permit 'p' to be 0
  crypto: qat - fix double free of ctx->p
  crypto: dh - don't permit 'key' or 'g' size longer than 'p'

 crypto/dh.c   | 18 +-
 crypto/dh_helper.c| 16 
 drivers/crypto/qat/qat_common/qat_asym_algs.c | 15 ---
 3 files changed, 33 insertions(+), 16 deletions(-)

-- 
2.15.0.403.gc27cc4dac6-goog

[PATCH 3/4] crypto: qat - fix double free of ctx->p

[Eric Biggers]

From: Eric Biggers 

When setting the secret with the "qat-dh" Diffie-Hellman implementation,
if allocating 'g' failed, then 'p' was freed twice: once immediately,
and once later when the crypto_kpp tfm was destroyed.  Fix it by using
qat_dh_clear_ctx() in the error paths, as that sets the pointers to
NULL.

Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Cc:  # v4.8+
Signed-off-by: Eric Biggers 
---
 drivers/crypto/qat/qat_common/qat_asym_algs.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c 
b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index 6f5dd68449c6..7655fdb499de 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -462,11 +462,8 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, 
struct dh *params)
}
 
ctx->g = dma_zalloc_coherent(dev, ctx->p_size, >dma_g, GFP_KERNEL);
-   if (!ctx->g) {
-   dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p);
-   ctx->p = NULL;
+   if (!ctx->g)
return -ENOMEM;
-   }
memcpy(ctx->g + (ctx->p_size - params->g_size), params->g,
   params->g_size);
 
@@ -507,18 +504,22 @@ static int qat_dh_set_secret(struct crypto_kpp *tfm, 
const void *buf,
 
ret = qat_dh_set_params(ctx, );
if (ret < 0)
-   return ret;
+   goto err_clear_ctx;
 
ctx->xa = dma_zalloc_coherent(dev, ctx->p_size, >dma_xa,
  GFP_KERNEL);
if (!ctx->xa) {
-   qat_dh_clear_ctx(dev, ctx);
-   return -ENOMEM;
+   ret = -ENOMEM;
+   goto err_clear_ctx;
}
memcpy(ctx->xa + (ctx->p_size - params.key_size), params.key,
   params.key_size);
 
return 0;
+
+err_clear_ctx:
+   qat_dh_clear_ctx(dev, ctx);
+   return ret;
 }
 
 static unsigned int qat_dh_max_size(struct crypto_kpp *tfm)
-- 
2.15.0.403.gc27cc4dac6-goog

[PATCH 4/4] crypto: dh - don't permit 'key' or 'g' size longer than 'p'

[Eric Biggers]

From: Eric Biggers 

The "qat-dh" DH implementation assumes that 'key' and 'g' can be copied
into a buffer with size 'p_size'.  However it was never checked that
that was actually the case, which allowed users to cause a buffer
underflow via KEYCTL_DH_COMPUTE.

Fix this by updating crypto_dh_decode_key() to verify this precondition
for all DH implementations.

Fixes: c9839143ebbf ("crypto: qat - Add DH support")
Cc:  # v4.8+
Signed-off-by: Eric Biggers 
---
 crypto/dh_helper.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 708ae20d2d3c..7f00c771fe8d 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -83,6 +83,14 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, 
struct dh *params)
if (secret.len != crypto_dh_key_len(params))
return -EINVAL;
 
+   /*
+* Don't permit the buffer for 'key' or 'g' to be larger than 'p', since
+* some drivers assume otherwise.
+*/
+   if (params->key_size > params->p_size ||
+   params->g_size > params->p_size)
+   return -EINVAL;
+
/* Don't allocate memory. Set pointers to data within
 * the given buffer
 */
-- 
2.15.0.403.gc27cc4dac6-goog

[Part2 PATCH v7 00/38] x86: Secure Encrypted Virtualization (AMD)

[Brijesh Singh]

This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.

SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have 
their
pages (code and data) secured such that only the guest itself has access to
unencrypted version. Each encrypted VM is associated with a unique encryption 
key;
if its data is accessed to a different entity using a different key the 
encrypted
guest's data will be incorrectly decrypted, leading to unintelligible data.
This security model ensures that hypervisor will no longer able to inspect or
alter any guest code or data.

The key management of this feature is handled by a separate processor known as
the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key
Management Specification (see below) provides a set of commands which can be
used by hypervisor to load virtual machine keys through the AMD-SP driver.

The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPTION_OP). The
ioctl will be used by qemu to issue SEV guest-specific commands defined in Key
Management Specification.

The following links provide additional details:

AMD Memory Encryption white paper:
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
http://support.amd.com/TechDocs/24593.pdf
SME is section 7.10
SEV is section 15.34

SEV Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf

KVM Forum Presentation:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf


SEV Guest BIOS support:
  SEV support has been add to EDKII/OVMF BIOS
  https://github.com/tianocore/edk2

SEV Part 1 patch series: https://marc.info/?l=linux-kernel=150851036113575=2

--
The series is based on kvm/master commit : cc9085b68753 (Merge branch \
'kvm-ppc-fixes')

Complete tree is available at:
repo: https://github.com/codomania/kvm.git
branch: sev-v7-p2

TODO:
* Add SEV guest migration command support

Cc: Thomas Gleixner 
Cc: Ingo Molnar 
Cc: "H. Peter Anvin" 
Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Joerg Roedel 
Cc: Borislav Petkov 
Cc: Tom Lendacky 
Cc: Herbert Xu 
Cc: David S. Miller 
Cc: Gary Hook 
Cc: x...@kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: linux-crypto@vger.kernel.org

Changes since v6:
 * (ccp): Extend psp_device structure to track the FW INIT and SHUTDOWN states.
 * (ccp): Init and Uninit SEV FW during module load/unload
 * (ccp): Avoid repeated k*alloc() for init and status command buffer
 * (kvm): Rework DBG command to fix the compilation warning seen with gcc7.x
 * (kvm): Convert the SEV doc in rst format

Changes since v5:
 * split the PSP driver support into multiple patches
 * multiple improvements from Boris
 * remove mem_enc_enabled() ops

Changes since v4:
 * Fixes to address kbuild robot errors
 * Add 'sev' module params to allow enable/disable SEV feature
 * Update documentation
 * Multiple fixes to address v4 feedbacks
 * Some coding style changes to address checkpatch reports

Changes since v3:
 * Re-design the PSP interface support patch
 * Rename the ioctls based on the feedbacks
 * Improve documentation
 * Fix i386 build issues
 * Add LAUNCH_SECRET command
 * Add new Kconfig option to enable SEV support
 * Changes to address v3 feedbacks.

Changes since v2:
 * Add KVM_MEMORY_ENCRYPT_REGISTER/UNREGISTER_RAM ioct to register encrypted
   memory ranges (recommend by Paolo)
 * Extend kvm_x86_ops to provide new memory_encryption_enabled ops
 * Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \
(recommended by Paolo)
 * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver
 * Changes to address v2 feedbacks

Borislav Petkov (1):
  crypto: ccp: Build the AMD secure processor driver only with AMD CPU
support

Brijesh Singh (34):
  Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization
(SEV)
  KVM: SVM: Prepare to reserve asid for SEV guest
  KVM: X86: Extend CPUID range to include new leaf
  KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl
  KVM: Introduce KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl
  crypto: ccp: Define SEV userspace ioctl and command id
  crypto: ccp: Define SEV key management command id
  crypto: ccp: Add Platform Security Processor (PSP) device support
  crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support
  crypto: ccp: Implement SEV_FACTORY_RESET ioctl command
  crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command
  crypto: ccp: Implement SEV_PEK_GEN ioctl command
  

[Part2 PATCH v7 09/38] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

[Brijesh Singh]

From: Borislav Petkov 

This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.

Signed-off-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Reviewed-by: Gary R Hook 
Cc: Brijesh Singh 
Cc: Tom Lendacky 
Cc: Gary Hook 
Cc: Herbert Xu 
Cc: "David S. Miller" 
Cc: linux-crypto@vger.kernel.org
---
 drivers/crypto/ccp/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 6d626606b9c5..9c84f9838931 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -1,5 +1,6 @@
 config CRYPTO_DEV_CCP_DD
tristate "Secure Processor device driver"
+   depends on CPU_SUP_AMD || ARM64
default m
help
  Provides AMD Secure Processor device driver.
-- 
2.9.5

[Part2 PATCH v7 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

[Brijesh Singh]

AMD's new Secure Encrypted Virtualization (SEV) feature allows the
memory contents of virtual machines to be transparently encrypted with a
key unique to the VM. The programming and management of the encryption
keys are handled by the AMD Secure Processor (AMD-SP) which exposes the
commands for these tasks. The complete spec is available at:

http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf

Extend the AMD-SP driver to provide the following support:

 - an in-kernel API to communicate with the SEV firmware. The API can be
   used by the hypervisor to create encryption context for a SEV guest.

 - a userspace IOCTL to manage the platform certificates.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
---
 drivers/crypto/ccp/psp-dev.c | 350 +++
 drivers/crypto/ccp/psp-dev.h |  24 +++
 drivers/crypto/ccp/sp-dev.c  |   9 ++
 drivers/crypto/ccp/sp-dev.h  |   4 +
 include/linux/psp-sev.h  | 143 ++
 5 files changed, 530 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index b5789f878560..c61ca16096ca 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -26,6 +26,12 @@
 #include "sp-dev.h"
 #include "psp-dev.h"
 
+#define DEVICE_NAME"sev"
+
+static DEFINE_MUTEX(sev_cmd_mutex);
+static struct sev_misc_dev *misc_dev;
+static struct psp_device *psp_master;
+
 static struct psp_device *psp_alloc_struct(struct sp_device *sp)
 {
struct device *dev = sp->dev;
@@ -45,9 +51,296 @@ static struct psp_device *psp_alloc_struct(struct sp_device 
*sp)
 
 static irqreturn_t psp_irq_handler(int irq, void *data)
 {
+   struct psp_device *psp = data;
+   unsigned int status;
+   int reg;
+
+   /* Read the interrupt status: */
+   status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS);
+
+   /* Check if it is command completion: */
+   if (!(status & BIT(PSP_CMD_COMPLETE_REG)))
+   goto done;
+
+   /* Check if it is SEV command completion: */
+   reg = ioread32(psp->io_regs + PSP_CMDRESP);
+   if (reg & PSP_CMDRESP_RESP) {
+   psp->sev_int_rcvd = 1;
+   wake_up(>sev_int_queue);
+   }
+
+done:
+   /* Clear the interrupt status by writing the same value we read. */
+   iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS);
+
return IRQ_HANDLED;
 }
 
+static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
+{
+   psp->sev_int_rcvd = 0;
+
+   wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
+   *reg = ioread32(psp->io_regs + PSP_CMDRESP);
+}
+
+static int sev_cmd_buffer_len(int cmd)
+{
+   switch (cmd) {
+   case SEV_CMD_INIT:  return sizeof(struct 
sev_data_init);
+   case SEV_CMD_PLATFORM_STATUS:   return sizeof(struct 
sev_user_data_status);
+   case SEV_CMD_PEK_CSR:   return sizeof(struct 
sev_data_pek_csr);
+   case SEV_CMD_PEK_CERT_IMPORT:   return sizeof(struct 
sev_data_pek_cert_import);
+   case SEV_CMD_PDH_CERT_EXPORT:   return sizeof(struct 
sev_data_pdh_cert_export);
+   case SEV_CMD_LAUNCH_START:  return sizeof(struct 
sev_data_launch_start);
+   case SEV_CMD_LAUNCH_UPDATE_DATA:return sizeof(struct 
sev_data_launch_update_data);
+   case SEV_CMD_LAUNCH_UPDATE_VMSA:return sizeof(struct 
sev_data_launch_update_vmsa);
+   case SEV_CMD_LAUNCH_FINISH: return sizeof(struct 
sev_data_launch_finish);
+   case SEV_CMD_LAUNCH_MEASURE:return sizeof(struct 
sev_data_launch_measure);
+   case SEV_CMD_ACTIVATE:  return sizeof(struct 
sev_data_activate);
+   case SEV_CMD_DEACTIVATE:return sizeof(struct 
sev_data_deactivate);
+   case SEV_CMD_DECOMMISSION:  return sizeof(struct 
sev_data_decommission);
+   case SEV_CMD_GUEST_STATUS:  return sizeof(struct 
sev_data_guest_status);
+   case SEV_CMD_DBG_DECRYPT:   return sizeof(struct 
sev_data_dbg);
+   case SEV_CMD_DBG_ENCRYPT:   return sizeof(struct 
sev_data_dbg);
+   case SEV_CMD_SEND_START:return sizeof(struct 
sev_data_send_start);
+   case SEV_CMD_SEND_UPDATE_DATA:  return sizeof(struct 
sev_data_send_update_data);
+   case SEV_CMD_SEND_UPDATE_VMSA:  return sizeof(struct 
sev_data_send_update_vmsa);
+   case SEV_CMD_SEND_FINISH:   return sizeof(struct 
sev_data_send_finish);
+   case SEV_CMD_RECEIVE_START: 

[Part2 PATCH v7 12/38] crypto: ccp: Add Platform Security Processor (PSP) device support

[Brijesh Singh]

The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-based Trusted Execution
Environment (TEE) to enable third-party trusted applications.

Note that the key management functionality provided by the SEV firmware
can be used outside of the kvm-amd driver hence it doesn't need to
depend on CONFIG_KVM_AMD.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Reviewed-by: Borislav Petkov 
---
 drivers/crypto/ccp/Kconfig   |  11 +
 drivers/crypto/ccp/Makefile  |   1 +
 drivers/crypto/ccp/psp-dev.c | 105 +++
 drivers/crypto/ccp/psp-dev.h |  59 
 drivers/crypto/ccp/sp-dev.c  |  26 +++
 drivers/crypto/ccp/sp-dev.h  |  24 +-
 drivers/crypto/ccp/sp-pci.c  |  52 +
 7 files changed, 277 insertions(+), 1 deletion(-)
 create mode 100644 drivers/crypto/ccp/psp-dev.c
 create mode 100644 drivers/crypto/ccp/psp-dev.h

diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig
index 9c84f9838931..b9dfae47aefd 100644
--- a/drivers/crypto/ccp/Kconfig
+++ b/drivers/crypto/ccp/Kconfig
@@ -33,3 +33,14 @@ config CRYPTO_DEV_CCP_CRYPTO
  Support for using the cryptographic API with the AMD Cryptographic
  Coprocessor. This module supports offload of SHA and AES algorithms.
  If you choose 'M' here, this module will be called ccp_crypto.
+
+config CRYPTO_DEV_SP_PSP
+   bool "Platform Security Processor (PSP) device"
+   default y
+   depends on CRYPTO_DEV_CCP_DD && X86_64
+   help
+Provide support for the AMD Platform Security Processor (PSP).
+The PSP is a dedicated processor that provides support for key
+management commands in Secure Encrypted Virtualization (SEV) mode,
+along with software-based Trusted Execution Environment (TEE) to
+enable third-party trusted applications.
diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile
index 57f8debfcfb3..008bae7e26ec 100644
--- a/drivers/crypto/ccp/Makefile
+++ b/drivers/crypto/ccp/Makefile
@@ -7,6 +7,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_CCP) += ccp-dev.o \
ccp-dmaengine.o \
ccp-debugfs.o
 ccp-$(CONFIG_PCI) += sp-pci.o
+ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o
 
 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o
 ccp-crypto-objs := ccp-crypto-main.o \
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
new file mode 100644
index ..b5789f878560
--- /dev/null
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -0,0 +1,105 @@
+/*
+ * AMD Platform Security Processor (PSP) interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "sp-dev.h"
+#include "psp-dev.h"
+
+static struct psp_device *psp_alloc_struct(struct sp_device *sp)
+{
+   struct device *dev = sp->dev;
+   struct psp_device *psp;
+
+   psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
+   if (!psp)
+   return NULL;
+
+   psp->dev = dev;
+   psp->sp = sp;
+
+   snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
+
+   return psp;
+}
+
+static irqreturn_t psp_irq_handler(int irq, void *data)
+{
+   return IRQ_HANDLED;
+}
+
+int psp_dev_init(struct sp_device *sp)
+{
+   struct device *dev = sp->dev;
+   struct psp_device *psp;
+   int ret;
+
+   ret = -ENOMEM;
+   psp = psp_alloc_struct(sp);
+   if (!psp)
+   goto e_err;
+
+   sp->psp_data = psp;
+
+   psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
+   if (!psp->vdata) {
+   ret = -ENODEV;
+   dev_err(dev, "missing driver data\n");
+   goto e_err;
+   }
+
+   psp->io_regs = sp->io_map + psp->vdata->offset;
+
+   /* Disable and clear interrupts until ready */
+   iowrite32(0, psp->io_regs + PSP_P2CMSG_INTEN);
+   iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTSTS);
+
+   /* Request an irq */
+   ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
+   if (ret) {

[Part2 PATCH v7 11/38] crypto: ccp: Define SEV key management command id

[Brijesh Singh]

Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM spec
0.14 (http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf)

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Reviewed-by: Borislav Petkov 
Acked-by: Gary R Hook 
---
 include/linux/psp-sev.h | 494 
 1 file changed, 494 insertions(+)
 create mode 100644 include/linux/psp-sev.h

diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
new file mode 100644
index ..15bda519538e
--- /dev/null
+++ b/include/linux/psp-sev.h
@@ -0,0 +1,494 @@
+/*
+ * AMD Secure Encrypted Virtualization (SEV) driver interface
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh 
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_H__
+#define __PSP_SEV_H__
+
+#include 
+
+#ifdef CONFIG_X86
+#include 
+
+#define __psp_pa(x)__sme_pa(x)
+#else
+#define __psp_pa(x)__pa(x)
+#endif
+
+#define SEV_FW_BLOB_MAX_SIZE   0x4000  /* 16KB */
+
+/**
+ * SEV platform state
+ */
+enum sev_state {
+   SEV_STATE_UNINIT= 0x0,
+   SEV_STATE_INIT  = 0x1,
+   SEV_STATE_WORKING   = 0x2,
+
+   SEV_STATE_MAX
+};
+
+/**
+ * SEV platform and guest management commands
+ */
+enum sev_cmd {
+   /* platform commands */
+   SEV_CMD_INIT= 0x001,
+   SEV_CMD_SHUTDOWN= 0x002,
+   SEV_CMD_FACTORY_RESET   = 0x003,
+   SEV_CMD_PLATFORM_STATUS = 0x004,
+   SEV_CMD_PEK_GEN = 0x005,
+   SEV_CMD_PEK_CSR = 0x006,
+   SEV_CMD_PEK_CERT_IMPORT = 0x007,
+   SEV_CMD_PDH_CERT_EXPORT = 0x008,
+   SEV_CMD_PDH_GEN = 0x009,
+   SEV_CMD_DF_FLUSH= 0x00A,
+
+   /* Guest commands */
+   SEV_CMD_DECOMMISSION= 0x020,
+   SEV_CMD_ACTIVATE= 0x021,
+   SEV_CMD_DEACTIVATE  = 0x022,
+   SEV_CMD_GUEST_STATUS= 0x023,
+
+   /* Guest launch commands */
+   SEV_CMD_LAUNCH_START= 0x030,
+   SEV_CMD_LAUNCH_UPDATE_DATA  = 0x031,
+   SEV_CMD_LAUNCH_UPDATE_VMSA  = 0x032,
+   SEV_CMD_LAUNCH_MEASURE  = 0x033,
+   SEV_CMD_LAUNCH_UPDATE_SECRET= 0x034,
+   SEV_CMD_LAUNCH_FINISH   = 0x035,
+
+   /* Guest migration commands (outgoing) */
+   SEV_CMD_SEND_START  = 0x040,
+   SEV_CMD_SEND_UPDATE_DATA= 0x041,
+   SEV_CMD_SEND_UPDATE_VMSA= 0x042,
+   SEV_CMD_SEND_FINISH = 0x043,
+
+   /* Guest migration commands (incoming) */
+   SEV_CMD_RECEIVE_START   = 0x050,
+   SEV_CMD_RECEIVE_UPDATE_DATA = 0x051,
+   SEV_CMD_RECEIVE_UPDATE_VMSA = 0x052,
+   SEV_CMD_RECEIVE_FINISH  = 0x053,
+
+   /* Guest debug commands */
+   SEV_CMD_DBG_DECRYPT = 0x060,
+   SEV_CMD_DBG_ENCRYPT = 0x061,
+
+   SEV_CMD_MAX,
+};
+
+/**
+ * status code returned by the commands
+ */
+enum psp_ret_code {
+   SEV_RET_SUCCESS = 0,
+   SEV_RET_INVALID_PLATFORM_STATE,
+   SEV_RET_INVALID_GUEST_STATE,
+   SEV_RET_INAVLID_CONFIG,
+   SEV_RET_INVALID_len,
+   SEV_RET_ALREADY_OWNED,
+   SEV_RET_INVALID_CERTIFICATE,
+   SEV_RET_POLICY_FAILURE,
+   SEV_RET_INACTIVE,
+   SEV_RET_INVALID_ADDRESS,
+   SEV_RET_BAD_SIGNATURE,
+   SEV_RET_BAD_MEASUREMENT,
+   SEV_RET_ASID_OWNED,
+   SEV_RET_INVALID_ASID,
+   SEV_RET_WBINVD_REQUIRED,
+   SEV_RET_DFFLUSH_REQUIRED,
+   SEV_RET_INVALID_GUEST,
+   SEV_RET_INVALID_COMMAND,
+   SEV_RET_ACTIVE,
+   SEV_RET_HWSEV_RET_PLATFORM,
+   SEV_RET_HWSEV_RET_UNSAFE,
+   SEV_RET_UNSUPPORTED,
+   SEV_RET_MAX,
+};
+
+/**
+ * struct sev_data_init - INIT command parameters
+ *
+ * @flags: processing flags
+ * @tmr_address: system physical address used for SEV-ES
+ * @tmr_len: len of tmr_address
+ */
+struct sev_data_init {
+   u32 flags;  /* In */
+   u32 reserved;   /* In */
+   u64 tmr_address;/* In */
+   u32 

[Part2 PATCH v7 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

[Brijesh Singh]

The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 70 +++-
 1 file changed, 69 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index c61ca16096ca..a757bd1c34e8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -235,9 +235,77 @@ static int sev_platform_shutdown(int *error)
return rc;
 }
 
+static int sev_platform_state(int *state, int *error)
+{
+   int rc;
+
+   rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
+psp_master->sev_status, error);
+   if (rc)
+   return rc;
+
+   *state = psp_master->sev_status->state;
+   return rc;
+}
+
+static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
+{
+   int state, rc;
+
+   rc = sev_platform_state(, >error);
+   if (rc)
+   return rc;
+
+   if (state == SEV_STATE_WORKING) {
+   argp->error = SEV_RET_INVALID_PLATFORM_STATE;
+   return -EBUSY;
+   }
+
+   if (state == SEV_STATE_INIT) {
+   rc = __sev_platform_shutdown_locked(>error);
+   if (rc)
+   return rc;
+   }
+
+   return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
-   return -ENOTTY;
+   void __user *argp = (void __user *)arg;
+   struct sev_issue_cmd input;
+   int ret = -EFAULT;
+
+   if (!psp_master)
+   return -ENODEV;
+
+   if (ioctl != SEV_ISSUE_CMD)
+   return -EINVAL;
+
+   if (copy_from_user(, argp, sizeof(struct sev_issue_cmd)))
+   return -EFAULT;
+
+   if (input.cmd > SEV_MAX)
+   return -EINVAL;
+
+   mutex_lock(_cmd_mutex);
+
+   switch (input.cmd) {
+
+   case SEV_FACTORY_RESET:
+   ret = sev_ioctl_do_reset();
+   break;
+   default:
+   ret = -EINVAL;
+   goto out;
+   }
+
+   if (copy_to_user(argp, , sizeof(struct sev_issue_cmd)))
+   ret = -EFAULT;
+out:
+   mutex_unlock(_cmd_mutex);
+
+   return ret;
 }
 
 static const struct file_operations sev_fops = {
-- 
2.9.5

[Part2 PATCH v7 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

[Brijesh Singh]

The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 68 
 1 file changed, 68 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 42991c2e9085..4e2f9d037f0a 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -298,6 +298,71 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct 
sev_issue_cmd *argp)
return __sev_do_cmd_locked(cmd, 0, >error);
 }
 
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+   struct sev_user_data_pek_csr input;
+   struct sev_data_pek_csr *data;
+   void *blob = NULL;
+   int ret;
+
+   if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+   return -EFAULT;
+
+   data = kzalloc(sizeof(*data), GFP_KERNEL);
+   if (!data)
+   return -ENOMEM;
+
+   /* userspace wants to query CSR length */
+   if (!input.address || !input.length)
+   goto cmd;
+
+   /* allocate a physically contiguous buffer to store the CSR blob */
+   if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+   input.length > SEV_FW_BLOB_MAX_SIZE) {
+   ret = -EFAULT;
+   goto e_free;
+   }
+
+   blob = kmalloc(input.length, GFP_KERNEL);
+   if (!blob) {
+   ret = -ENOMEM;
+   goto e_free;
+   }
+
+   data->address = __psp_pa(blob);
+   data->len = input.length;
+
+cmd:
+   if (psp_master->sev_state == SEV_STATE_UNINIT) {
+   ret = __sev_platform_init_locked(psp_master->sev_init, 
>error);
+   if (ret)
+   goto e_free_blob;
+   }
+
+   ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, >error);
+
+   /*
+* If we query the CSR length, FW responded with expected data
+*/
+   input.length = data->len;
+
+   if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+   ret = -EFAULT;
+   goto e_free_blob;
+   }
+
+   if (blob) {
+   if (copy_to_user((void __user *)input.address, blob, 
input.length))
+   ret = -EFAULT;
+   }
+
+e_free_blob:
+   kfree(blob);
+e_free:
+   kfree(data);
+   return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
void __user *argp = (void __user *)arg;
@@ -332,6 +397,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_PDH_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
break;
+   case SEV_PEK_CSR:
+   ret = sev_ioctl_do_pek_csr();
+   break;
default:
ret = -EINVAL;
goto out;
-- 
2.9.5

[Part2 PATCH v7 19/38] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

[Brijesh Singh]

The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 81 
 include/linux/psp-sev.h  |  4 +++
 2 files changed, 85 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 4e2f9d037f0a..2648faf33a19 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -363,6 +363,84 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
return ret;
 }
 
+void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+{
+   void *data;
+
+   if (!uaddr || !len)
+   return ERR_PTR(-EINVAL);
+
+   /* verify that blob length does not exceed our limit */
+   if (len > SEV_FW_BLOB_MAX_SIZE)
+   return ERR_PTR(-EINVAL);
+
+   data = kmalloc(len, GFP_KERNEL);
+   if (!data)
+   return ERR_PTR(-ENOMEM);
+
+   if (copy_from_user(data, (void __user *)(uintptr_t)uaddr, len))
+   goto e_free;
+
+   return data;
+
+e_free:
+   kfree(data);
+   return ERR_PTR(-EFAULT);
+}
+EXPORT_SYMBOL_GPL(psp_copy_user_blob);
+
+static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
+{
+   struct sev_user_data_pek_cert_import input;
+   struct sev_data_pek_cert_import *data;
+   void *pek_blob, *oca_blob;
+   int ret;
+
+   if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+   return -EFAULT;
+
+   data = kzalloc(sizeof(*data), GFP_KERNEL);
+   if (!data)
+   return -ENOMEM;
+
+   /* copy PEK certificate blobs from userspace */
+   pek_blob = psp_copy_user_blob(input.pek_cert_address, 
input.pek_cert_len);
+   if (IS_ERR(pek_blob)) {
+   ret = PTR_ERR(pek_blob);
+   goto e_free;
+   }
+
+   data->pek_cert_address = __psp_pa(pek_blob);
+   data->pek_cert_len = input.pek_cert_len;
+
+   /* copy PEK certificate blobs from userspace */
+   oca_blob = psp_copy_user_blob(input.oca_cert_address, 
input.oca_cert_len);
+   if (IS_ERR(oca_blob)) {
+   ret = PTR_ERR(oca_blob);
+   goto e_free_pek;
+   }
+
+   data->oca_cert_address = __psp_pa(oca_blob);
+   data->oca_cert_len = input.oca_cert_len;
+
+   /* If platform is not in INIT state then transition it to INIT */
+   if (psp_master->sev_state != SEV_STATE_INIT) {
+   ret = __sev_platform_init_locked(psp_master->sev_init, 
>error);
+   if (ret)
+   goto e_free_oca;
+   }
+
+   ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, >error);
+
+e_free_oca:
+   kfree(oca_blob);
+e_free_pek:
+   kfree(pek_blob);
+e_free:
+   kfree(data);
+   return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
void __user *argp = (void __user *)arg;
@@ -400,6 +478,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_PEK_CSR:
ret = sev_ioctl_do_pek_csr();
break;
+   case SEV_PEK_CERT_IMPORT:
+   ret = sev_ioctl_do_pek_import();
+   break;
default:
ret = -EINVAL;
goto out;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index fb563248d9a9..a65d96dea77b 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -606,6 +606,8 @@ int sev_guest_df_flush(int *error);
  */
 int sev_guest_decommission(struct sev_data_decommission *data, int *error);
 
+void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+
 #else  /* !CONFIG_CRYPTO_DEV_SP_PSP */
 
 static inline int
@@ -632,6 +634,8 @@ sev_issue_cmd_external_user(struct file *filep,
return -ENODEV;
 }
 
+static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return 
ERR_PTR(-EINVAL); }
+
 #endif /* CONFIG_CRYPTO_DEV_SP_PSP */
 
 #endif /* __PSP_SEV_H__ */
-- 
2.9.5

[Part2 PATCH v7 17/38] crypto: ccp: Implement SEV_PDH_GEN ioctl command

[Brijesh Singh]

The SEV_PDH_GEN command is used to re-generate the Platform
Diffie-Hellman (PDH) key. The command is defined in SEV spec section
5.6.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Signed-off-by: Brijesh Singh 
Reviewed-by: Borislav Petkov 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 2c28c36d7ae8..42991c2e9085 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -329,6 +329,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_PEK_GEN:
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
break;
+   case SEV_PDH_GEN:
+   ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, );
+   break;
default:
ret = -EINVAL;
goto out;
-- 
2.9.5

[Part2 PATCH v7 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

[Brijesh Singh]

The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 98 
 1 file changed, 98 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 2648faf33a19..96739ff105e6 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -441,6 +441,101 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd 
*argp)
return ret;
 }
 
+static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
+{
+   struct sev_user_data_pdh_cert_export input;
+   void *pdh_blob = NULL, *cert_blob = NULL;
+   struct sev_data_pdh_cert_export *data;
+   int ret;
+
+   if (copy_from_user(, (void __user *)argp->data, sizeof(input)))
+   return -EFAULT;
+
+   data = kzalloc(sizeof(*data), GFP_KERNEL);
+   if (!data)
+   return -ENOMEM;
+
+   /* Userspace wants to query the certificate length */
+   if (!input.pdh_cert_address || !input.pdh_cert_len ||
+   !input.cert_chain_address || !input.cert_chain_address)
+   goto cmd;
+
+   /* allocate a physically contiguous buffer to store the PDH blob */
+   if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, 
input.pdh_cert_len) ||
+   (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) {
+   ret = -EFAULT;
+   goto e_free;
+   }
+
+   pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+   if (!pdh_blob) {
+   ret = -ENOMEM;
+   goto e_free;
+   }
+
+   data->pdh_cert_address = __psp_pa(pdh_blob);
+   data->pdh_cert_len = input.pdh_cert_len;
+
+   /* allocate a physically contiguous buffer to store the cert chain blob 
*/
+   if (!access_ok(VERIFY_WRITE, input.cert_chain_address, 
input.cert_chain_len) ||
+   (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) {
+   ret = -EFAULT;
+   goto e_free_pdh;
+   }
+
+   cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+   if (!cert_blob) {
+   ret = -ENOMEM;
+   goto e_free_pdh;
+   }
+
+   data->cert_chain_address = __psp_pa(cert_blob);
+   data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+   /* If platform is not in INIT state then transition it to INIT */
+   if (psp_master->sev_state != SEV_STATE_INIT) {
+   ret = __sev_platform_init_locked(psp_master->sev_init, 
>error);
+   if (ret)
+   goto e_free_cert;
+   }
+
+   ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, >error);
+
+   /*
+* If we query the length, FW responded with expected data
+*/
+   input.cert_chain_len = data->cert_chain_len;
+   input.pdh_cert_len = data->pdh_cert_len;
+
+   if (copy_to_user((void __user *)argp->data, , sizeof(input))) {
+   ret = -EFAULT;
+   goto e_free_cert;
+   }
+
+   if (pdh_blob) {
+   if (copy_to_user((void __user *)input.pdh_cert_address,
+pdh_blob, input.pdh_cert_len)) {
+   ret = -EFAULT;
+   goto e_free_cert;
+   }
+   }
+
+   if (cert_blob) {
+   if (copy_to_user((void __user *)input.cert_chain_address,
+cert_blob, input.cert_chain_len))
+   ret = -EFAULT;
+   }
+
+e_free_cert:
+   kfree(cert_blob);
+e_free_pdh:
+   kfree(pdh_blob);
+e_free:
+   kfree(data);
+   return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
void __user *argp = (void __user *)arg;
@@ -481,6 +576,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_PEK_CERT_IMPORT:
ret = sev_ioctl_do_pek_import();
break;
+   case SEV_PDH_CERT_EXPORT:
+   ret = sev_ioctl_do_pdh_export();
+   break;
default:
ret = -EINVAL;
goto out;
-- 
2.9.5

[Part2 PATCH v7 16/38] crypto: ccp: Implement SEV_PEK_GEN ioctl command

[Brijesh Singh]

The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Reviewed-by: Borislav Petkov 
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index ef473ec4a413..2c28c36d7ae8 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -285,6 +285,19 @@ static int sev_ioctl_do_platform_status(struct 
sev_issue_cmd *argp)
return ret;
 }
 
+static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
+{
+   int rc;
+
+   if (psp_master->sev_state == SEV_STATE_UNINIT) {
+   rc = __sev_platform_init_locked(psp_master->sev_init, 
>error);
+   if (rc)
+   return rc;
+   }
+
+   return __sev_do_cmd_locked(cmd, 0, >error);
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
void __user *argp = (void __user *)arg;
@@ -313,6 +326,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status();
break;
+   case SEV_PEK_GEN:
+   ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, );
+   break;
default:
ret = -EINVAL;
goto out;
-- 
2.9.5

[Part2 PATCH v7 15/38] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

[Brijesh Singh]

The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Reviewed-by: Borislav Petkov 
Acked-by: Gary R Hook 
---
 drivers/crypto/ccp/psp-dev.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index a757bd1c34e8..ef473ec4a413 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -270,6 +270,21 @@ static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, >error);
 }
 
+static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
+{
+   struct sev_user_data_status *data = psp_master->sev_status;
+   int ret;
+
+   ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, >error);
+   if (ret)
+   return ret;
+
+   if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
+   ret = -EFAULT;
+
+   return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
void __user *argp = (void __user *)arg;
@@ -295,6 +310,9 @@ static long sev_ioctl(struct file *file, unsigned int 
ioctl, unsigned long arg)
case SEV_FACTORY_RESET:
ret = sev_ioctl_do_reset();
break;
+   case SEV_PLATFORM_STATUS:
+   ret = sev_ioctl_do_platform_status();
+   break;
default:
ret = -EINVAL;
goto out;
-- 
2.9.5

[Part2 PATCH v7 10/38] crypto: ccp: Define SEV userspace ioctl and command id

[Brijesh Singh]

Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.

Cc: Paolo Bonzini 
Cc: "Radim Krčmář" 
Cc: Borislav Petkov 
Cc: Herbert Xu 
Cc: Gary Hook 
Cc: Tom Lendacky 
Cc: linux-crypto@vger.kernel.org
Cc: k...@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Improvements-by: Borislav Petkov 
Signed-off-by: Brijesh Singh 
Reviewed-by: Borislav Petkov 
Acked-by: Gary R Hook 
---
 include/uapi/linux/psp-sev.h | 113 +++
 1 file changed, 113 insertions(+)
 create mode 100644 include/uapi/linux/psp-sev.h

diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h
new file mode 100644
index ..1dd98ba4ff22
--- /dev/null
+++ b/include/uapi/linux/psp-sev.h
@@ -0,0 +1,113 @@
+/*
+ * Userspace interface for AMD Secure Encrypted Virtualization (SEV)
+ * platform management commands.
+ *
+ * Copyright (C) 2016-2017 Advanced Micro Devices, Inc.
+ *
+ * Author: Brijesh Singh 
+ *
+ * SEV spec 0.14 is available at:
+ * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#ifndef __PSP_SEV_USER_H__
+#define __PSP_SEV_USER_H__
+
+#include 
+
+/**
+ * SEV platform commands
+ */
+enum {
+   SEV_FACTORY_RESET = 0,
+   SEV_PLATFORM_STATUS,
+   SEV_PEK_GEN,
+   SEV_PEK_CSR,
+   SEV_PDH_GEN,
+   SEV_PDH_CERT_EXPORT,
+   SEV_PEK_CERT_IMPORT,
+
+   SEV_MAX,
+};
+
+/**
+ * struct sev_user_data_status - PLATFORM_STATUS command parameters
+ *
+ * @major: major API version
+ * @minor: minor API version
+ * @state: platform state
+ * @flags: platform config flags
+ * @build: firmware build id for API version
+ * @guest_count: number of active guests
+ */
+struct sev_user_data_status {
+   __u8 api_major; /* Out */
+   __u8 api_minor; /* Out */
+   __u8 state; /* Out */
+   __u32 flags;/* Out */
+   __u8 build; /* Out */
+   __u32 guest_count;  /* Out */
+} __packed;
+
+/**
+ * struct sev_user_data_pek_csr - PEK_CSR command parameters
+ *
+ * @address: PEK certificate chain
+ * @length: length of certificate
+ */
+struct sev_user_data_pek_csr {
+   __u64 address;  /* In */
+   __u32 length;   /* In/Out */
+} __packed;
+
+/**
+ * struct sev_user_data_cert_import - PEK_CERT_IMPORT command parameters
+ *
+ * @pek_address: PEK certificate chain
+ * @pek_len: length of PEK certificate
+ * @oca_address: OCA certificate chain
+ * @oca_len: length of OCA certificate
+ */
+struct sev_user_data_pek_cert_import {
+   __u64 pek_cert_address; /* In */
+   __u32 pek_cert_len; /* In */
+   __u64 oca_cert_address; /* In */
+   __u32 oca_cert_len; /* In */
+} __packed;
+
+/**
+ * struct sev_user_data_pdh_cert_export - PDH_CERT_EXPORT command parameters
+ *
+ * @pdh_address: PDH certificate address
+ * @pdh_len: length of PDH certificate
+ * @cert_chain_address: PDH certificate chain
+ * @cert_chain_len: length of PDH certificate chain
+ */
+struct sev_user_data_pdh_cert_export {
+   __u64 pdh_cert_address; /* In */
+   __u32 pdh_cert_len; /* In/Out */
+   __u64 cert_chain_address;   /* In */
+   __u32 cert_chain_len;   /* In/Out */
+} __packed;
+
+/**
+ * struct sev_issue_cmd - SEV ioctl parameters
+ *
+ * @cmd: SEV commands to execute
+ * @opaque: pointer to the command structure
+ * @error: SEV FW return code on failure
+ */
+struct sev_issue_cmd {
+   __u32 cmd;  /* In */
+   __u64 data; /* In */
+   __u32 error;/* Out */
+} __packed;
+
+#define SEV_IOC_TYPE   'S'
+#define SEV_ISSUE_CMD  _IOWR(SEV_IOC_TYPE, 0x0, struct sev_issue_cmd)
+
+#endif /* __PSP_USER_SEV_H */
-- 
2.9.5

Re: [PATCH v2 2/8] crypto: scompress - use sgl_alloc() and sgl_free()

[Ard Biesheuvel]

On 1 November 2017 at 15:45, Bart Van Assche  wrote:
> On Wed, 2017-11-01 at 15:17 +, Ard Biesheuvel wrote:
>> On 1 November 2017 at 14:50, Bart Van Assche  wrote:
>> > On Mon, 2017-10-16 at 15:49 -0700, Bart Van Assche wrote:
>> > > Use the sgl_alloc() and sgl_free() functions instead of open coding
>> > > these functions.
>> > >
>> > > Signed-off-by: Bart Van Assche 
>> > > Cc: Ard Biesheuvel 
>> > > Cc: Herbert Xu 
>> >
>> > Ard and/or Herbert, can you please have a look at this patch and let us 
>> > know
>> > whether or not it looks fine to you?
>>
>> The patch itself does not look unreasonable, but I can't find
>> sgl_alloc() anywhere in the source tree. Given that you have cc'ed me
>> on this patch only, I can only assume that you are adding this as part
>> of the series, but without any context, I can't really review this,
>> sorry.
>
> Hello Ard,
>
> Do you expect to be Cc-ed personally or is Cc-ing the linux-crypto mailing
> list sufficient? The linux-crypto mailing list was Cc-ed for the entire patch
> series as one can see here:
> https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg28485.html.
>

I guess people's opinions may differ regarding what they want to be
cc'ed on, but in general, you should at least cc everyone on the cover
letter if you cc them on individual patches, and in my case, I'd
rather have the whole series even if only a single patch is relevant
to me.

Re: [PATCH v2 2/8] crypto: scompress - use sgl_alloc() and sgl_free()

[Bart Van Assche]

On Wed, 2017-11-01 at 15:17 +, Ard Biesheuvel wrote:
> On 1 November 2017 at 14:50, Bart Van Assche  wrote:
> > On Mon, 2017-10-16 at 15:49 -0700, Bart Van Assche wrote:
> > > Use the sgl_alloc() and sgl_free() functions instead of open coding
> > > these functions.
> > > 
> > > Signed-off-by: Bart Van Assche 
> > > Cc: Ard Biesheuvel 
> > > Cc: Herbert Xu 
> > 
> > Ard and/or Herbert, can you please have a look at this patch and let us know
> > whether or not it looks fine to you?
> 
> The patch itself does not look unreasonable, but I can't find
> sgl_alloc() anywhere in the source tree. Given that you have cc'ed me
> on this patch only, I can only assume that you are adding this as part
> of the series, but without any context, I can't really review this,
> sorry.

Hello Ard,

Do you expect to be Cc-ed personally or is Cc-ing the linux-crypto mailing
list sufficient? The linux-crypto mailing list was Cc-ed for the entire patch
series as one can see here:
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg28485.html.

Thanks,

Bart.

Re: [PATCH v2 2/8] crypto: scompress - use sgl_alloc() and sgl_free()

[Ard Biesheuvel]

On 1 November 2017 at 14:50, Bart Van Assche  wrote:
> On Mon, 2017-10-16 at 15:49 -0700, Bart Van Assche wrote:
>> Use the sgl_alloc() and sgl_free() functions instead of open coding
>> these functions.
>>
>> Signed-off-by: Bart Van Assche 
>> Cc: Ard Biesheuvel 
>> Cc: Herbert Xu 
>
> Ard and/or Herbert, can you please have a look at this patch and let us know
> whether or not it looks fine to you?
>

The patch itself does not look unreasonable, but I can't find
sgl_alloc() anywhere in the source tree. Given that you have cc'ed me
on this patch only, I can only assume that you are adding this as part
of the series, but without any context, I can't really review this,
sorry.

Re: [PATCH v2 2/8] crypto: scompress - use sgl_alloc() and sgl_free()

[Bart Van Assche]

On Mon, 2017-10-16 at 15:49 -0700, Bart Van Assche wrote:
> Use the sgl_alloc() and sgl_free() functions instead of open coding
> these functions.
> 
> Signed-off-by: Bart Van Assche 
> Cc: Ard Biesheuvel 
> Cc: Herbert Xu 

Ard and/or Herbert, can you please have a look at this patch and let us know
whether or not it looks fine to you?

Thanks,

Bart.

Re: [PATCH v2 6/8] scsi/ipr: Use sgl_alloc_order() and sgl_free_order()

[Hannes Reinecke]

On 10/30/2017 10:01 PM, Brian King wrote:
> On 10/30/2017 03:37 PM, Bart Van Assche wrote:
>> On Wed, 2017-10-18 at 15:57 -0500, Brian King wrote:
>>> On 10/17/2017 01:19 AM, Hannes Reinecke wrote:
 On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> [ ... ]

 Not sure if this is a valid conversion.
 Originally the driver would allocate a single buffer; with this buffer
 we have two distinct buffers.
 Given that this is used to download the microcode I'm not sure if this
 isn't a hardware-dependent structure which requires a single buffer
 including the sglist.
 Brian, can you shed some light here?
>>>
>>> The struct ipr_sglist is not a hardware defined data structure, so on 
>>> initial
>>> glance, this should be OK. I'll load it up and give it a try to make sure
>>> it doesn't break code download.
>>
>> Hello Brian,
>>
>> Have you already obtained any test results?
> 
> Bart,
> 
> Yes. I tried this out on an ipr adapter and it looks fine.
> 
> Acked-by: Brian King 
> 
Thanks for the confirmation.

Bart, you can add my

Reviewed-by: Hannes Reinecke 

Cheers,

Hannes
-- 
Dr. Hannes ReineckeTeamlead Storage & Networking
h...@suse.de   +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)

Re: [PATCH 2/3] staging: ccree: handle limiting of DMA masks

[Dan Carpenter]

On Tue, Oct 31, 2017 at 11:56:16AM +, Gilad Ben-Yossef wrote:
>  
> - if (!dev->coherent_dma_mask)
> - dev->coherent_dma_mask = DMA_BIT_MASK(DMA_BIT_MASK_LEN);
> + if (rc) {
> + dev_err(dev, "Error: failed in dma_set_mask, mask=%par\n",
> + _mask);
> + goto post_drvdata_err;


Also this is not the right goto.  We should be turning the clk off.

I don't really care for the naming scheme, and I know you renamed it for
me already once and I feel bad for not liking it more.  It's still
really a come-from label name and doesn't say what the goto does...
Instead of post_clk_err, I wish it had names like "err_clk_off:".

And in this case what it does is print a duplicative error message and
return.  :/  The goto post_drvdata_err: lines should just print their
own error messages if needed and return directly.  If there is no
cleanup then there is no need for a goto.

Anyway, that's not related to this patch.  Just resend it with
goto post_clk_err: in the v2.

regards,
dan carpenter

Re: [PATCH 2/3] staging: ccree: handle limiting of DMA masks

[Dan Carpenter]

On Tue, Oct 31, 2017 at 11:56:16AM +, Gilad Ben-Yossef wrote:
> + dma_mask = (dma_addr_t)(DMA_BIT_MASK(DMA_BIT_MASK_LEN));
> + while (dma_mask > 0x7fffUL) {
> + if (dma_supported(_dev->dev, dma_mask)) {
> + rc = dma_set_coherent_mask(_dev->dev, dma_mask);
> + if (!rc)
> + break;

The indenting is messed up.

> + }
> + dma_mask >>= 1;
> + }

regards,
dan carpenter

Re: [PATCH 1/3] staging: ccree: copy IV to DMAable memory

[Dan Carpenter]

On Tue, Oct 31, 2017 at 11:56:15AM +, Gilad Ben-Yossef wrote:
> +
> + /* The IV we are handed may be allocted from the stack so
> +  * we must copy it to a DMAable buffer before use.
> +  */
> + req_ctx->iv = kmalloc(ivsize, GFP_KERNEL);
> + memcpy(req_ctx->iv, info, ivsize);

We need to check if kmalloc() fails.

regards,
dan carpenter

[PATCH 2/2] crypto: caam - remove unused param of ctx_map_to_sec4_sg()

[Horia Geantă]

ctx_map_to_sec4_sg() function, added in
commit 045e36780f115 ("crypto: caam - ahash hmac support")
has never used the "desc" parameter, so let's drop it.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/caamhash.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 27fe1a07050c..400e788b4f1c 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -211,7 +211,7 @@ static inline int buf_map_to_sec4_sg(struct device *jrdev,
 }
 
 /* Map state->caam_ctx, and add it to link table */
-static inline int ctx_map_to_sec4_sg(u32 *desc, struct device *jrdev,
+static inline int ctx_map_to_sec4_sg(struct device *jrdev,
 struct caam_hash_state *state, int ctx_len,
 struct sec4_sg_entry *sec4_sg, u32 flag)
 {
@@ -722,7 +722,7 @@ static int ahash_update_ctx(struct ahash_request *req)
edesc->src_nents = src_nents;
edesc->sec4_sg_bytes = sec4_sg_bytes;
 
-   ret = ctx_map_to_sec4_sg(desc, jrdev, state, ctx->ctx_len,
+   ret = ctx_map_to_sec4_sg(jrdev, state, ctx->ctx_len,
 edesc->sec4_sg, DMA_BIDIRECTIONAL);
if (ret)
goto unmap_ctx;
@@ -821,7 +821,7 @@ static int ahash_final_ctx(struct ahash_request *req)
 
edesc->sec4_sg_bytes = sec4_sg_bytes;
 
-   ret = ctx_map_to_sec4_sg(desc, jrdev, state, ctx->ctx_len,
+   ret = ctx_map_to_sec4_sg(jrdev, state, ctx->ctx_len,
 edesc->sec4_sg, DMA_TO_DEVICE);
if (ret)
goto unmap_ctx;
@@ -915,7 +915,7 @@ static int ahash_finup_ctx(struct ahash_request *req)
 
edesc->src_nents = src_nents;
 
-   ret = ctx_map_to_sec4_sg(desc, jrdev, state, ctx->ctx_len,
+   ret = ctx_map_to_sec4_sg(jrdev, state, ctx->ctx_len,
 edesc->sec4_sg, DMA_TO_DEVICE);
if (ret)
goto unmap_ctx;
-- 
2.12.0.264.gd6db3f216544

[PATCH 1/2] crypto: caam - remove unneeded edesc zeroization

[Horia Geantă]

Extended descriptor allocation has been changed by
commit dde20ae9d6383 ("crypto: caam - Change kmalloc to kzalloc to avoid 
residual data")
to provide zeroized memory, meaning we no longer have to sanitize
its members - edesc->src_nents and edesc->dst_dma.

Signed-off-by: Horia Geantă 
---
 drivers/crypto/caam/caamhash.c | 4 
 1 file changed, 4 deletions(-)

diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index f1bf563cb85b..27fe1a07050c 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -820,7 +820,6 @@ static int ahash_final_ctx(struct ahash_request *req)
desc = edesc->hw_desc;
 
edesc->sec4_sg_bytes = sec4_sg_bytes;
-   edesc->src_nents = 0;
 
ret = ctx_map_to_sec4_sg(desc, jrdev, state, ctx->ctx_len,
 edesc->sec4_sg, DMA_TO_DEVICE);
@@ -1072,7 +1071,6 @@ static int ahash_final_no_ctx(struct ahash_request *req)
dev_err(jrdev, "unable to map dst\n");
goto unmap;
}
-   edesc->src_nents = 0;
 
 #ifdef DEBUG
print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ",
@@ -1154,7 +1152,6 @@ static int ahash_update_no_ctx(struct ahash_request *req)
 
edesc->src_nents = src_nents;
edesc->sec4_sg_bytes = sec4_sg_bytes;
-   edesc->dst_dma = 0;
 
ret = buf_map_to_sec4_sg(jrdev, edesc->sec4_sg, state);
if (ret)
@@ -1366,7 +1363,6 @@ static int ahash_update_first(struct ahash_request *req)
}
 
edesc->src_nents = src_nents;
-   edesc->dst_dma = 0;
 
ret = ahash_edesc_add_src(ctx, edesc, req, mapped_nents, 0, 0,
  to_hash);
-- 
2.12.0.264.gd6db3f216544