Re: [PATCH v2] net: fec: make driver endian-safe
On Mon, 2016-01-25 at 10:52 +1000, Greg Ungerer wrote: > > I tested this on a ColdFire (5208) target that uses this driver. > Simple testing showed it working with no problems. The ColdFire > SoC processors use a version of the FEC hardware module, and they > always run big-endian. > Great, thanks! FWIW, I failed to mention this - I did test the new version also on little-endian ARM. johannes
[PATCH v2] defxx: fix build warning
We are getting many build warnings about:
'bar_start' may be used uninitialized
and
'bar_len' may be used uninitialized
They are not actually uninitialized as dfx_get_bars() will initialize
them properly. But still lets have them initialized just to satisfy the
compiler (gcc 4.8.2).
Signed-off-by: Sudip Mukherjee
---
v2: only the first element is zeroed.
drivers/net/fddi/defxx.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/fddi/defxx.c b/drivers/net/fddi/defxx.c
index 7f975a2..de5eaa6 100644
--- a/drivers/net/fddi/defxx.c
+++ b/drivers/net/fddi/defxx.c
@@ -533,8 +533,8 @@ static int dfx_register(struct device *bdev)
const char *print_name = dev_name(bdev);
struct net_device *dev;
DFX_board_t *bp; /* board pointer */
- resource_size_t bar_start[3]; /* pointers to ports */
- resource_size_t bar_len[3]; /* resource length */
+ resource_size_t bar_start[3] = {0}; /* pointers to ports */
+ resource_size_t bar_len[3] = {0}; /* resource length */
int alloc_size; /* total buffer size used */
struct resource *region;
int err = 0;
@@ -3697,8 +3697,8 @@ static void dfx_unregister(struct device *bdev)
int dfx_bus_pci = dev_is_pci(bdev);
int dfx_bus_tc = DFX_BUS_TC(bdev);
int dfx_use_mmio = DFX_MMIO || dfx_bus_tc;
- resource_size_t bar_start[3]; /* pointers to ports */
- resource_size_t bar_len[3]; /* resource lengths */
+ resource_size_t bar_start[3] = {0}; /* pointers to ports */
+ resource_size_t bar_len[3] = {0}; /* resource lengths */
int alloc_size; /* total buffer size used */
unregister_netdev(dev);
--
1.9.1
Re: [PATCH 3/3] defxx: fix build warning
On Mon, 25 Jan 2016, Sudip Mukherjee wrote:
> We are getting many build warning about:
> 'bar_start' may be used uninitialized
> and
> 'bar_len' may be used uninitialized
>
> They are not actually uninitialized as dfx_get_bars() will initialize
> them properly. But still lets have them initialized just to satisfy the
> compiler.
Which compiler/version is that?
> diff --git a/drivers/net/fddi/defxx.c b/drivers/net/fddi/defxx.c
> index 7f975a2..4113535 100644
> --- a/drivers/net/fddi/defxx.c
> +++ b/drivers/net/fddi/defxx.c
> @@ -533,8 +533,8 @@ static int dfx_register(struct device *bdev)
> const char *print_name = dev_name(bdev);
> struct net_device *dev;
> DFX_board_t *bp; /* board pointer */
> - resource_size_t bar_start[3]; /* pointers to ports */
> - resource_size_t bar_len[3]; /* resource length */
> + resource_size_t bar_start[3] = {0, 0, 0}; /* pointers to ports */
> + resource_size_t bar_len[3] = {0, 0, 0}; /* resource length */
> int alloc_size; /* total buffer size used */
> struct resource *region;
> int err = 0;
Just setting the first element will do, the rest will then be implicitly
zeroed, following the semantics of initialisers in C. So just do:
resource_size_t bar_start[3] = {0}; /* pointers to ports */
resource_size_t bar_len[3] = {0}; /* resource length */
for brevity and to save formatting.
> @@ -3697,8 +3697,8 @@ static void dfx_unregister(struct device *bdev)
> int dfx_bus_pci = dev_is_pci(bdev);
> int dfx_bus_tc = DFX_BUS_TC(bdev);
> int dfx_use_mmio = DFX_MMIO || dfx_bus_tc;
> - resource_size_t bar_start[3]; /* pointers to ports */
> - resource_size_t bar_len[3]; /* resource lengths */
> + resource_size_t bar_start[3] = {0, 0, 0}; /* pointers to ports */
> + resource_size_t bar_len[3] = {0, 0, 0}; /* resource lengths */
> int alloc_size; /* total buffer size used */
>
> unregister_netdev(dev);
Likewise here. Please resend with the update requested and I'll ack it.
Thanks for your submission!
Maciej
Re: [PATCH 15/26] Bluetooth: Use skcipher and hash
Hi Herbert, > This patch replaces uses of blkcipher with skcipher and the long > obsolete hash interface with shash. > > Signed-off-by: Herbert Xu Acked-by: Marcel Holtmann > --- > > net/bluetooth/smp.c | 135 > > 1 file changed, 63 insertions(+), 72 deletions(-) Regards Marcel
Re: [PATCH net] sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
From: Marcelo Ricardo Leitner
Date: Fri, 22 Jan 2016 18:29:49 -0200
> This patch extends commit b93d6471748d ("sctp: implement the sender side
> for SACK-IMMEDIATELY extension") as it didn't white list
> SCTP_SACK_IMMEDIATELY on sctp_msghdr_parse(), causing it to be
> understood as an invalid flag and returning -EINVAL to the application.
>
> Note that the actual handling of the flag is already there in
> sctp_datamsg_from_user().
>
> https://tools.ietf.org/html/rfc7053#section-7
>
> Fixes: b93d6471748d ("sctp: implement the sender side for SACK-IMMEDIATELY
> extension")
> Signed-off-by: Marcelo Ricardo Leitner
Applied and queued up for -stable, thanks.
Re: [RFC PATCH net] net/core: don't increment rx_dropped on inactive slaves
From: Jarod Wilson
Date: Fri, 22 Jan 2016 14:11:22 -0500
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 8cba3d8..1354c7b 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -4153,8 +4153,11 @@ ncls:
> else
> ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
> } else {
> + if (deliver_exact)
> + goto inactive; /* bond or team inactive slave */
> drop:
> atomic_long_inc(&skb->dev->rx_dropped);
> +inactive:
> kfree_skb(skb);
> /* Jamal, now you will not able to escape explaining
>* me how you were going to use this. :-)
> --
> 1.8.3.1
>
I agree that rx_dropped is not the correct stat to bump here, but
I'm totally against the event disappearing completely into thin
air.
You have to replace the rx_dropped bump with _something_.
The only reason this hasn't been "fixed" yet is that everyone is
too damn lazy to implement that "something".
Re: [PATCH] net: simplify napi_synchronize() to avoid warnings
From: Arnd Bergmann
Date: Fri, 22 Jan 2016 11:43:44 +0100
> The napi_synchronize() function is defined twice: The definition
> for SMP builds waits for other CPUs to be done, while the uniprocessor
> variant just contains a barrier and ignores its argument.
>
> In the mvneta driver, this leads to a warning about an unused variable
> when we lookup the NAPI struct of another CPU and then don't use it:
>
> ethernet/marvell/mvneta.c: In function 'mvneta_percpu_notifier':
> ethernet/marvell/mvneta.c:2910:30: error: unused variable 'other_port'
> [-Werror=unused-variable]
>
> There are no other CPUs on a UP build, so that code never runs, but
> gcc does not know this.
>
> The nicest solution seems to be to turn the napi_synchronize() helper
> into an inline function for the UP case as well, as that leads gcc to
> not complain about the argument being unused. Once we do that, we can
> also combine the two cases into a single function definition and use
> if(IS_ENABLED()) rather than #ifdef to make it look a bit nicer.
>
> The warning first came up in linux-4.4, but I failed to catch it
> earlier.
>
> Signed-off-by: Arnd Bergmann
> Fixes: f86428854480 ("net: mvneta: Statically assign queues to CPUs")
I guess this is fine, applied, thanks Arnd.
Re: [PATCH net] pptp: fix illegal memory access caused by multiple bind()s
From: Hannes Frederic Sowa
Date: Fri, 22 Jan 2016 01:39:43 +0100
> Several times already this has been reported as kasan reports caused by
> syzkaller and trinity and people always looked at RCU races, but it is
> much more simple. :)
>
> In case we bind a pptp socket multiple times, we simply add it to
> the callid_sock list but don't remove the old binding. Thus the old
> socket stays in the bucket with unused call_id indexes and doesn't get
> cleaned up. This causes various forms of kasan reports which were hard
> to pinpoint.
>
> Simply don't allow multiple binds and correct error handling in
> pptp_bind. Also keep sk_state bits in place in pptp_connect.
>
> Fixes: 00959ade36acad ("PPTP: PPP over IPv4 (Point-to-Point Tunneling
> Protocol)")
> Cc: Dmitry Kozlov
> Cc: Sasha Levin
> Cc: Dmitry Vyukov
> Reported-by: Dmitry Vyukov
> Cc: Dave Jones
> Reported-by: Dave Jones
> Signed-off-by: Hannes Frederic Sowa
Applied and queued up for -stable, thanks Hannes.
Re: [PATCH] drivers: net: xgene: fix extra IRQ issue
From: Iyappan Subramanian
Date: Thu, 21 Jan 2016 16:07:41 -0800
> For interrupt controller that doesn't support irq_disable and hardware
> with level interrupt, an extra interrupt may be pending. This patch fixes
> the issue by setting IRQ_DISABLE_UNLAZY flag for the interrupt line,
> as suggested by,
>
> 'commit e9849777d0e2 ("genirq: Add flag to force mask in
> disable_irq[_nosync]()")'
>
> Signed-off-by: Iyappan Subramanian
> Tested-by: Toan Le
Applied, thanks.
[PATCH 3/3] defxx: fix build warning
We are getting many build warning about:
'bar_start' may be used uninitialized
and
'bar_len' may be used uninitialized
They are not actually uninitialized as dfx_get_bars() will initialize
them properly. But still lets have them initialized just to satisfy the
compiler.
Signed-off-by: Sudip Mukherjee
---
drivers/net/fddi/defxx.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/fddi/defxx.c b/drivers/net/fddi/defxx.c
index 7f975a2..4113535 100644
--- a/drivers/net/fddi/defxx.c
+++ b/drivers/net/fddi/defxx.c
@@ -533,8 +533,8 @@ static int dfx_register(struct device *bdev)
const char *print_name = dev_name(bdev);
struct net_device *dev;
DFX_board_t *bp; /* board pointer */
- resource_size_t bar_start[3]; /* pointers to ports */
- resource_size_t bar_len[3]; /* resource length */
+ resource_size_t bar_start[3] = {0, 0, 0}; /* pointers to ports */
+ resource_size_t bar_len[3] = {0, 0, 0}; /* resource length */
int alloc_size; /* total buffer size used */
struct resource *region;
int err = 0;
@@ -3697,8 +3697,8 @@ static void dfx_unregister(struct device *bdev)
int dfx_bus_pci = dev_is_pci(bdev);
int dfx_bus_tc = DFX_BUS_TC(bdev);
int dfx_use_mmio = DFX_MMIO || dfx_bus_tc;
- resource_size_t bar_start[3]; /* pointers to ports */
- resource_size_t bar_len[3]; /* resource lengths */
+ resource_size_t bar_start[3] = {0, 0, 0}; /* pointers to ports */
+ resource_size_t bar_len[3] = {0, 0, 0}; /* resource lengths */
int alloc_size; /* total buffer size used */
unregister_netdev(dev);
--
1.9.1
[PATCH 2/3] net: macb: fix build warning
We are getting build warning about: macb.c:2889:13: warning: 'tx_clk' may be used uninitialized in this function macb.c:2888:11: warning: 'hclk' may be used uninitialized in this function In reality they are not used uninitialized as clk_init() will initialize them, this patch will just silence the warning. Signed-off-by: Sudip Mukherjee --- drivers/net/ethernet/cadence/macb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb.c b/drivers/net/ethernet/cadence/macb.c index 9d9984a..50c9410 100644 --- a/drivers/net/ethernet/cadence/macb.c +++ b/drivers/net/ethernet/cadence/macb.c @@ -2823,7 +2823,7 @@ static int macb_probe(struct platform_device *pdev) struct device_node *np = pdev->dev.of_node; struct device_node *phy_node; const struct macb_config *macb_config = NULL; - struct clk *pclk, *hclk, *tx_clk; + struct clk *pclk, *hclk = NULL, *tx_clk = NULL; unsigned int queue_mask, num_queues; struct macb_platform_data *pdata; bool native_io; -- 1.9.1
[PATCH 1/3] i40e: fix build warning
While building we are getting warning about:
i40e_main.c:8604:13: warning: 'i40e_add_geneve_port' defined but not used
and
i40e_main.c:8651:13: warning: 'i40e_del_geneve_port' defined but not used
The contents of these functions are defined under CONFIG_GENEVE, so if
CONFIG_GENEVE is not defined then we are having unused empty functions.
Lets have these functions under CONFIG_GENEVE as the callback is already
defined under CONFIG_GENEVE there is no chance of any failure.
Signed-off-by: Sudip Mukherjee
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c
b/drivers/net/ethernet/intel/i40e/i40e_main.c
index bb4612c..c258697 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -8595,6 +8595,7 @@ static void i40e_del_vxlan_port(struct net_device *netdev,
#endif
}
+#if IS_ENABLED(CONFIG_GENEVE)
/**
* i40e_add_geneve_port - Get notifications about GENEVE ports that come up
* @netdev: This physical port's netdev
@@ -8604,7 +8605,6 @@ static void i40e_del_vxlan_port(struct net_device *netdev,
static void i40e_add_geneve_port(struct net_device *netdev,
sa_family_t sa_family, __be16 port)
{
-#if IS_ENABLED(CONFIG_GENEVE)
struct i40e_netdev_priv *np = netdev_priv(netdev);
struct i40e_vsi *vsi = np->vsi;
struct i40e_pf *pf = vsi->back;
@@ -8639,7 +8639,6 @@ static void i40e_add_geneve_port(struct net_device
*netdev,
pf->flags |= I40E_FLAG_UDP_FILTER_SYNC;
dev_info(&pf->pdev->dev, "adding geneve port %d\n", ntohs(port));
-#endif
}
/**
@@ -8651,7 +8650,6 @@ static void i40e_add_geneve_port(struct net_device
*netdev,
static void i40e_del_geneve_port(struct net_device *netdev,
sa_family_t sa_family, __be16 port)
{
-#if IS_ENABLED(CONFIG_GENEVE)
struct i40e_netdev_priv *np = netdev_priv(netdev);
struct i40e_vsi *vsi = np->vsi;
struct i40e_pf *pf = vsi->back;
@@ -8677,8 +8675,8 @@ static void i40e_del_geneve_port(struct net_device
*netdev,
netdev_warn(netdev, "geneve port %d was not found, not
deleting\n",
ntohs(port));
}
-#endif
}
+#endif
static int i40e_get_phys_port_id(struct net_device *netdev,
struct netdev_phys_item_id *ppid)
--
1.9.1
Re: [PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms
From: Herbert Xu Date: Sun, 24 Jan 2016 21:19:11 +0800 > This patch removes the last reference to hash and ablkcipher from > IPsec and replaces them with ahash and skcipher respectively. For > skcipher there is currently no difference at all, while for ahash > the current code is actually buggy and would prevent asynchronous > algorithms from being discovered. > > Signed-off-by: Herbert Xu Acked-by: David S. Miller
Re: [PATCH 25/26] sctp: Use shash
From: Herbert Xu Date: Sun, 24 Jan 2016 21:20:12 +0800 > This patch replaces uses of the long obsolete hash interface with > shash. > > Signed-off-by: Herbert Xu Acked-by: David S. Miller
Re: [PATCH 26/26] tcp: Use ahash
From: Herbert Xu Date: Sun, 24 Jan 2016 21:20:23 +0800 > This patch replaces uses of the long obsolete hash interface with > ahash. > > Signed-off-by: Herbert Xu Acked-by: David S. Miller
Re: tbl->lock not taken in neigh_lookup() ?
From: Ani Sinha Date: Mon, 25 Jan 2016 10:11:15 +0530 > Can I get some insights into this? I am sure I am missing something. The whole point of RCU locking is that read accesses in the fast paths (lookups) do not need to take the spinlock. Proper RCU barriers, RCU deferred freeing of objects, and other things make it safe.
Re: tbl->lock not taken in neigh_lookup() ?
On Mon, 2016-01-25 at 10:11 +0530, Ani Sinha wrote: > Hi All: > > Can I get some insights into this? I am sure I am missing something. > > thanks > ani > > > On Thu, Jan 21, 2016 at 9:05 PM, Ani Sinha wrote: > > hi guys > > > > As per the comment at the top of net/core/neighbor.c we should be > > taking this lock even for scanning the hash buckets. I do see that > > this lock is taken in pneigh_lookup() but not in neigh_lookup(). Am i > > missing something? > > > > For the context I am investigating the following crash which happened > > on one of our boxes. This is in 3.18.19 kernel where the following > > code in neigh_lookup() returns a corrupt value of neighbour* : > > > > for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); > > neigh_lookup() encloses its loop in rcu_read_lock_bh() .. rcu_read_unlock_bh(); So it uses RCU BH locking. > > > > > > [ 4918.117044] BUG: unable to handle kernel paging request at > > 14000270 > > [ 4918.200203] IP: [] neigh_lookup+0x64/0xdf > > [ 4918.266790] PGD 7e383067 PUD 7e202067 PMD 0 > > [ 4918.266795] Oops: [#1] PREEMPT SMP > > [ 4918.266798] Modules linked in: macvlan l2mod_dma(PO) > > arptable_filter arp_tables nf_log_ipv6 nf_conntrack_ipv6 > > nf_defrag_ipv6 ip6t_REJECT nf_reject_ipv6 ip6table_mangle nf_log_ipv4 > > nf_log_common nf_conntrack_ipv4 nf_defrag_ipv4 xt_LOG xt_limit xt_hl > > xt_conntrack ipt_REJECT nf_reject_ipv4 xt_multiport xt_tcpudp > > iptable_mangle sch_prio strata_dma(PO) arista_strata_bde(PO) msr > > kbfd(O) 8021q garp stp llc tun scd_em_driver(O) plxnt_nl(O) > > plxnt_ll(O) nf_conntrack_tftp iptable_raw iptable_filter ip_tables > > xt_CT nf_conntrack xt_mark ip6table_raw ip6table_filter ip6_tables > > x_tables coretemp microcode intel_ips scd(O) sb_e3_edac kvm_intel kvm > > [last unloaded: plxnt_ll] > > [ 4918.266837] CPU: 5 PID: 3315 Comm: Arp Tainted: P O 3.18.19 > > #1 > > [ 4918.266840] task: 8803c6dd3720 ti: 88007b98c000 task.ti: > > 88007b98c000 > > [ 4918.266841] RIP: 0010:[] [] > > neigh_lookup+0x64/0xdf > > [ 4918.266847] RSP: 0018:88007b98faa8 EFLAGS: 00210206 > > [ 4918.266849] RAX: 8803203bf278 RBX: 81866990 RCX: > > 0014 > > [ 4918.266851] RDX: 88032a46624c RSI: 88005ff82000 RDI: > > 880319ee6020 > > [ 4918.266852] RBP: 88007b98fad8 R08: 0a00 R09: > > 880319ee6000 > > [ 4918.266854] R10: 88007b98faf8 R11: 88043d001900 R12: > > 14000100 > > [ 4918.266855] R13: 880319ee6020 R14: 88005ff82000 R15: > > 0010 > > [ 4918.266857] FS: () GS:88044f54(0063) > > knlGS:f73cb8e0 > > [ 4918.266859] CS: 0010 DS: 002b ES: 002b CR0: 80050033 > > [ 4918.266860] CR2: 14000270 CR3: 7e371000 CR4: > > 07e0 > > [ 4918.266862] Stack: > > [ 4918.266863] 0180 8185cd00 81866990 > > 880319ee6010 > > [ 4918.266866] 880319ee601c 88005ff82000 88007b98fb28 > > 813b97c2 > > [ 4918.266869] 88007b98faf8 818282c0 88007b98fb18 > > 880377411600 > > [ 4918.266872] Call Trace: > > [ 4918.266875] [] neigh_delete+0x113/0x17f > > [ 4918.266878] [] rtnetlink_rcv_msg+0x18a/0x1a0 > > [ 4918.266882] [] ? get_parent_ip+0x11/0x42 > > [ 4918.266885] [] ? rhashtable_lookup_compare+0x4b/0x71 > > [ 4918.266887] [] ? rtnetlink_rcv_msg+0x0/0x1a0 > > [ 4918.266890] [] netlink_rcv_skb+0x3e/0x94 > > [ 4918.266891] [] rtnetlink_rcv+0x21/0x28 > > [ 4918.266893] [] netlink_unicast+0x10b/0x1ad > > [ 4918.266895] [] netlink_sendmsg+0x2e6/0x327 > > [ 4918.266898] [] sock_sendmsg+0x6d/0x86 > > [ 4918.266901] [] ? sock_poll+0x10e/0x11c > > [ 4918.266903] [] ? sockfd_lookup_light+0x12/0x5d > > [ 4918.266906] [] SyS_sendto+0xf3/0x11b > > [ 4918.266909] [] ? __mutex_lock_slowpath+0x2de/0x2fe > > [ 4918.266911] [] ? get_parent_ip+0x11/0x42 > > [ 4918.266914] [] SyS_send+0xf/0x11 > > [ 4918.266916] [] compat_SyS_socketcall+0x122/0x1e3 > > [ 4918.266919] [] sysenter_dispatch+0x7/0x1e > > [ 4918.266920] Code: 00 00 4c 89 f6 4c 89 ef 49 8d 54 24 0c ff 53 18 > > b9 20 00 00 00 41 2b 4c 24 08 d3 e8 89 c0 48 c1 e0 03 49 03 04 24 4c > > 8b 20 eb 55 <4d> 3b b4 24 70 01 00 00 75 47 49 8d bc 24 78 01 00 00 4c > > 89 fa > > [ 4918.266947] RIP [] neigh_lookup+0x64/0xdf > > [ 4918.334502] RSP > > [ 4918.334505] Kernel version: 3.18.19 #1 SMP PREEMPT Mon Jan 4 > > 12:34:37 PST 2016 > > > > [ 4918.455186] CR2: 14000270 You might try to reproduce the bug on linux-4.4. 3.18.19 is rather old.
Re: tbl->lock not taken in neigh_lookup() ?
Hi All: Can I get some insights into this? I am sure I am missing something. thanks ani On Thu, Jan 21, 2016 at 9:05 PM, Ani Sinha wrote: > hi guys > > As per the comment at the top of net/core/neighbor.c we should be > taking this lock even for scanning the hash buckets. I do see that > this lock is taken in pneigh_lookup() but not in neigh_lookup(). Am i > missing something? > > For the context I am investigating the following crash which happened > on one of our boxes. This is in 3.18.19 kernel where the following > code in neigh_lookup() returns a corrupt value of neighbour* : > > for (n = rcu_dereference_bh(nht->hash_buckets[hash_val]); > > > > [ 4918.117044] BUG: unable to handle kernel paging request at 14000270 > [ 4918.200203] IP: [] neigh_lookup+0x64/0xdf > [ 4918.266790] PGD 7e383067 PUD 7e202067 PMD 0 > [ 4918.266795] Oops: [#1] PREEMPT SMP > [ 4918.266798] Modules linked in: macvlan l2mod_dma(PO) > arptable_filter arp_tables nf_log_ipv6 nf_conntrack_ipv6 > nf_defrag_ipv6 ip6t_REJECT nf_reject_ipv6 ip6table_mangle nf_log_ipv4 > nf_log_common nf_conntrack_ipv4 nf_defrag_ipv4 xt_LOG xt_limit xt_hl > xt_conntrack ipt_REJECT nf_reject_ipv4 xt_multiport xt_tcpudp > iptable_mangle sch_prio strata_dma(PO) arista_strata_bde(PO) msr > kbfd(O) 8021q garp stp llc tun scd_em_driver(O) plxnt_nl(O) > plxnt_ll(O) nf_conntrack_tftp iptable_raw iptable_filter ip_tables > xt_CT nf_conntrack xt_mark ip6table_raw ip6table_filter ip6_tables > x_tables coretemp microcode intel_ips scd(O) sb_e3_edac kvm_intel kvm > [last unloaded: plxnt_ll] > [ 4918.266837] CPU: 5 PID: 3315 Comm: Arp Tainted: P O 3.18.19 #1 > [ 4918.266840] task: 8803c6dd3720 ti: 88007b98c000 task.ti: > 88007b98c000 > [ 4918.266841] RIP: 0010:[] [] > neigh_lookup+0x64/0xdf > [ 4918.266847] RSP: 0018:88007b98faa8 EFLAGS: 00210206 > [ 4918.266849] RAX: 8803203bf278 RBX: 81866990 RCX: > 0014 > [ 4918.266851] RDX: 88032a46624c RSI: 88005ff82000 RDI: > 880319ee6020 > [ 4918.266852] RBP: 88007b98fad8 R08: 0a00 R09: > 880319ee6000 > [ 4918.266854] R10: 88007b98faf8 R11: 88043d001900 R12: > 14000100 > [ 4918.266855] R13: 880319ee6020 R14: 88005ff82000 R15: > 0010 > [ 4918.266857] FS: () GS:88044f54(0063) > knlGS:f73cb8e0 > [ 4918.266859] CS: 0010 DS: 002b ES: 002b CR0: 80050033 > [ 4918.266860] CR2: 14000270 CR3: 7e371000 CR4: > 07e0 > [ 4918.266862] Stack: > [ 4918.266863] 0180 8185cd00 81866990 > 880319ee6010 > [ 4918.266866] 880319ee601c 88005ff82000 88007b98fb28 > 813b97c2 > [ 4918.266869] 88007b98faf8 818282c0 88007b98fb18 > 880377411600 > [ 4918.266872] Call Trace: > [ 4918.266875] [] neigh_delete+0x113/0x17f > [ 4918.266878] [] rtnetlink_rcv_msg+0x18a/0x1a0 > [ 4918.266882] [] ? get_parent_ip+0x11/0x42 > [ 4918.266885] [] ? rhashtable_lookup_compare+0x4b/0x71 > [ 4918.266887] [] ? rtnetlink_rcv_msg+0x0/0x1a0 > [ 4918.266890] [] netlink_rcv_skb+0x3e/0x94 > [ 4918.266891] [] rtnetlink_rcv+0x21/0x28 > [ 4918.266893] [] netlink_unicast+0x10b/0x1ad > [ 4918.266895] [] netlink_sendmsg+0x2e6/0x327 > [ 4918.266898] [] sock_sendmsg+0x6d/0x86 > [ 4918.266901] [] ? sock_poll+0x10e/0x11c > [ 4918.266903] [] ? sockfd_lookup_light+0x12/0x5d > [ 4918.266906] [] SyS_sendto+0xf3/0x11b > [ 4918.266909] [] ? __mutex_lock_slowpath+0x2de/0x2fe > [ 4918.266911] [] ? get_parent_ip+0x11/0x42 > [ 4918.266914] [] SyS_send+0xf/0x11 > [ 4918.266916] [] compat_SyS_socketcall+0x122/0x1e3 > [ 4918.266919] [] sysenter_dispatch+0x7/0x1e > [ 4918.266920] Code: 00 00 4c 89 f6 4c 89 ef 49 8d 54 24 0c ff 53 18 > b9 20 00 00 00 41 2b 4c 24 08 d3 e8 89 c0 48 c1 e0 03 49 03 04 24 4c > 8b 20 eb 55 <4d> 3b b4 24 70 01 00 00 75 47 49 8d bc 24 78 01 00 00 4c > 89 fa > [ 4918.266947] RIP [] neigh_lookup+0x64/0xdf > [ 4918.334502] RSP > [ 4918.334505] Kernel version: 3.18.19 #1 SMP PREEMPT Mon Jan 4 > 12:34:37 PST 2016 > > [ 4918.455186] CR2: 14000270
Re: [RFC PATCH v2] ethtool: add IPv6 to the NFC API
On Fri, 2016-01-22 at 10:54 -0800, Alexander Duyck wrote:
> On Fri, Jan 22, 2016 at 10:04 AM, Edward Cree wrote:
[...]
> > +/**
> > + * struct ethtool_usrip6_spec - general flow specification for IPv6
> > + * @ip6src: Source host
> > + * @ip6dst: Destination host
> > + * @l4_4_bytes: First 4 bytes of transport (layer 4) header
> > + * @tos: Type-of-service
> > + * @proto: Transport protocol number (nexthdr after any Extension Headers)
> > + */
> > +struct ethtool_usrip6_spec {
> > + __be32 ip6src[4];
> > + __be32 ip6dst[4];
> > + __be32 l4_4_bytes;
> > + __u8tos;
> > + __u8proto;
> > +};
> > +
>
> It might be better to refer to this as l4_proto so that it is clear
> that this is specifying the protocol of the l4 header that the
> l4_4_bytes will be pulled from.
The comment seems to make it fairly clear.
> It still might even be useful to add a nexthdr field since it is
> possible that there may be NICs out there that don't support parsing
> the extension headers. In such a case they could block setting
> protocol and use nexthdr instead. It provides an indirect way of
> communicating if the NIC supports parsing extension headers or not as
> the NIC can block adding a filter on one mask being set or the other.
I don't think a NIC can do any useful flow steering for IPv6 without
being able to parse and skip over the extension headers. It would be
like trying to match flows by looking at IPv4 header options.
Ben.
--
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
A fail-safe circuit will destroy others.
signature.asc
Description: This is a digitally signed message part
Re: [PATCH net] sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
On Fri, Jan 22, 2016 at 3:29 PM, Marcelo Ricardo Leitner
wrote:
> This patch extends commit b93d6471748d ("sctp: implement the sender side
> for SACK-IMMEDIATELY extension") as it didn't white list
> SCTP_SACK_IMMEDIATELY on sctp_msghdr_parse(), causing it to be
> understood as an invalid flag and returning -EINVAL to the application.
>
> Note that the actual handling of the flag is already there in
> sctp_datamsg_from_user().
>
> https://tools.ietf.org/html/rfc7053#section-7
>
> Fixes: b93d6471748d ("sctp: implement the sender side for SACK-IMMEDIATELY
> extension")
> Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Vlad Yasevich
-vlad
> ---
> net/sctp/socket.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index
> 2657b51f627625a4d674041da1f6dd913932b1d7..594ba9db9c2660b6b0803a2a3955ea7e8b3a7a44
> 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -6638,6 +6638,7 @@ static int sctp_msghdr_parse(const struct msghdr *msg,
> sctp_cmsgs_t *cmsgs)
>
> if (cmsgs->srinfo->sinfo_flags &
> ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
> + SCTP_SACK_IMMEDIATELY |
> SCTP_ABORT | SCTP_EOF))
> return -EINVAL;
> break;
> @@ -6661,6 +6662,7 @@ static int sctp_msghdr_parse(const struct msghdr *msg,
> sctp_cmsgs_t *cmsgs)
>
> if (cmsgs->sinfo->snd_flags &
> ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
> + SCTP_SACK_IMMEDIATELY |
> SCTP_ABORT | SCTP_EOF))
> return -EINVAL;
> break;
> --
> 2.5.0
>
Re: [RFC PATCH v2] ethtool: add IPv6 to the NFC API
On Fri, 2016-01-22 at 18:04 +, Edward Cree wrote: [...] > #define IP_USER_FLOW0x0d/* spec only (usr_ip4_spec) */ > +#define IP6_USER_FLOW 0x0e/* spec only (usr_ip6_spec; nfc only) */ [...] This should be named IPV6_USER_FLOW for consistency with the other NFC type names. It might also be worth adding IPV4_USER_FLOW as an alias for IP_USER_FLOW. Otherwise this looks fine. Ben. -- Ben Hutchings Klipstein's 4th Law of Prototyping and Production: A fail-safe circuit will destroy others. signature.asc Description: This is a digitally signed message part
[v2 PATCH 9/26] eCryptfs: Use skcipher and shash
On Sun, Jan 24, 2016 at 07:10:50PM +0100, Julia Lawall wrote:
> Maybe the goto on line 1726 needs a preceding mutex_unlock?
Good catch! Thanks.
---8<---
This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.
Signed-off-by: Herbert Xu
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901..11255cb 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
* 02111-1307, USA.
*/
+#include
+#include
#include
#include
#include
@@ -30,7 +32,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
}
}
+static int ecryptfs_hash_digest(struct crypto_shash *tfm,
+ char *src, int len, char *dst)
+{
+ SHASH_DESC_ON_STACK(desc, tfm);
+ int err;
+
+ desc->tfm = tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = crypto_shash_digest(desc, src, len, dst);
+ shash_desc_zero(desc);
+ return err;
+}
+
/**
* ecryptfs_calculate_md5 - calculates the md5 of @src
* @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
struct ecryptfs_crypt_stat *crypt_stat,
char *src, int len)
{
- struct scatterlist sg;
- struct hash_desc desc = {
- .tfm = crypt_stat->hash_tfm,
- .flags = CRYPTO_TFM_REQ_MAY_SLEEP
- };
+ struct crypto_shash *tfm;
int rc = 0;
mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
- sg_init_one(&sg, (u8 *)src, len);
- if (!desc.tfm) {
- desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
-CRYPTO_ALG_ASYNC);
- if (IS_ERR(desc.tfm)) {
- rc = PTR_ERR(desc.tfm);
+ tfm = crypt_stat->hash_tfm;
+ if (!tfm) {
+ tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
+ if (IS_ERR(tfm)) {
+ rc = PTR_ERR(tfm);
ecryptfs_printk(KERN_ERR, "Error attempting to "
"allocate crypto context; rc = [%d]\n",
rc);
goto out;
}
- crypt_stat->hash_tfm = desc.tfm;
- }
- rc = crypto_hash_init(&desc);
- if (rc) {
- printk(KERN_ERR
- "%s: Error initializing crypto hash; rc = [%d]\n",
- __func__, rc);
- goto out;
+ crypt_stat->hash_tfm = tfm;
}
- rc = crypto_hash_update(&desc, &sg, len);
+ rc = ecryptfs_hash_digest(tfm, src, len, dst);
if (rc) {
printk(KERN_ERR
- "%s: Error updating crypto hash; rc = [%d]\n",
- __func__, rc);
- goto out;
- }
- rc = crypto_hash_final(&desc, dst);
- if (rc) {
- printk(KERN_ERR
- "%s: Error finalizing crypto hash; rc = [%d]\n",
+ "%s: Error computing crypto hash; rc = [%d]\n",
__func__, rc);
goto out;
}
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct
ecryptfs_crypt_stat *crypt_stat)
{
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
- if (crypt_stat->tfm)
- crypto_free_ablkcipher(crypt_stat->tfm);
- if (crypt_stat->hash_tfm)
- crypto_free_hash(crypt_stat->hash_tfm);
+ crypto_free_skcipher(crypt_stat->tfm);
+ crypto_free_shash(crypt_stat->hash_tfm);
list_for_each_entry_safe(key_sig, key_sig_tmp,
&crypt_stat->keysig_list, crypt_stat_list) {
list_del(&key_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat
*crypt_stat,
struct scatterlist *src_sg, int size,
unsigned char *iv, int op)
{
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
struct extent_crypt_result ecr;
int rc = 0;
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat
*crypt_stat,
init_completion(&ecr.completion);
mutex_lock(&crypt_stat->cs_tfm_mutex);
- req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
+ req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
if (!req) {
mutex_unlock(&crypt_stat->cs_tfm_mutex);
rc = -ENOMEM;
goto out;
}
- ablkcipher_request_set_callback(req,
+ skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
Re: [PATCH net] af_unix: fix struct pid memory leak
Hi Eric,
On Sun, Jan 24, 2016 at 01:53:50PM -0800, Eric Dumazet wrote:
> From: Eric Dumazet
>
> Dmitry reported a struct pid leak detected by a syzkaller program.
>
> Bug happens in unix_stream_recvmsg() when we break the loop when a
> signal is pending, without properly releasing scm.
>
> Fixes: b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv
> routines")
> Reported-by: Dmitry Vyukov
> Signed-off-by: Eric Dumazet
> Cc: Rainer Weikusat
> ---
> net/unix/af_unix.c |1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index c5bf5ef2bf89..49d5093eb055 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -2339,6 +2339,7 @@ again:
>
> if (signal_pending(current)) {
> err = sock_intr_errno(timeo);
> + scm_destroy(&scm);
> goto out;
> }
Good job on this one! FWIW, I managed to test it on 3.14 and I confirm it
completely fixes the leak there as well. I had to modify it a little bit
however since there's no scm local variable there :
- scm_destroy(&scm);
+ scm_destroy(siocb->scm);
Cheers,
Willy
Re: [PATCH v2] net: fec: make driver endian-safe
Hi Johannes, On 25/01/16 01:52, Johannes Berg wrote: > The driver treats the device descriptors as CPU-endian, which appears > to be correct with the default endianness on both ARM (typically LE) > and PowerPC (typically BE) SoCs, indicating that the hardware block > is generated differently. Add endianness annotations and byteswaps as > necessary. > > It's not clear that the ifdef there really is correct and shouldn't > just be #ifdef CONFIG_ARM, but I also can't test on anything but the > i.MX6 HummingBoard where this gets it working with a BE kernel. > > Signed-off-by: Johannes Berg I tested this on a ColdFire (5208) target that uses this driver. Simple testing showed it working with no problems. The ColdFire SoC processors use a version of the FEC hardware module, and they always run big-endian. Regards Greg > --- > drivers/net/ethernet/freescale/Makefile | 3 + > drivers/net/ethernet/freescale/fec.h | 40 ++--- > drivers/net/ethernet/freescale/fec_main.c | 130 > -- > 3 files changed, 101 insertions(+), 72 deletions(-)
Re: Optimizing instruction-cache, more packets at each stage
Hi Jesper On 18/01/2016 03:54, Jesper Dangaard Brouer wrote: > > On Fri, 15 Jan 2016 15:38:43 +0100 Felix Fietkau wrote: >> On 2016-01-15 15:00, Jesper Dangaard Brouer wrote: > [...] >>> >>> The icache is still quite small 32Kb on modern server processors. I >>> don't know if smaller embedded processors also have icache and how >>> large they are. I speculate this approach would also be a benefit for >>> them (if they have icache). >> >> All of the router devices that I work with have icache. Typical sizes >> are 32 or 64 KiB. FWIW, I'm really looking forward to having such >> optimizations in the network stack ;) > > That is very interesting. These kind of icache optimization will then > likely benefit lower-end devices more than high end Intel CPUs :-) Typical embedded routers have small I and D cache, but they also have fairly small cache line sizes (16, 32 or 64 bytes), and not necessarily a L2 cache to help them, the memory bandwidth is also very limited (DDR/DDR2 speeds are not uncommon) so the less I/D cache lines you trash, the better obviously. One thing that some HW vendors have done, before they started introducing a HW capable of offloading routing/NAT workloads to specialized hardware is to hack the heck of the Linux network stack to allow a lightweight SKB structure to be used for forwarding and allocate these "meta" bookeekping SKBs from a dedicated kmem cache pool to get relatively predictable latencies. There is also a notion of a dirty pointer within the skbuff itself, such that instead of e.g: having your Ethernet NIC driver do a DMA-API call which can potentially invalidate the D-cache for an entire 1500-ish bytes Ethernet frame, the packet contents are "valid" up until the dirty pointer, which is a nice trick if you are just forwarding, but requires both SKB accessors/manipulation functions to check that, and your Ethernet driver to be cooperative as well, so may not scale well. Broadcom's implementation of such a thing can be found here among these files, code is not kernel style compliant, but there might be some re-usable ideas for you: NBUFF/FKBUFF/SKBUFF are the actual packet book keeping data structures that replace and/or extend the use of SKBs: https://code.google.com/p/gfiber-gflt100/source/browse/kernel/linux/include/linux/nbuff.h https://code.google.com/p/gfiber-gflt100/source/browse/kernel/linux/net/core/nbuff.c # Check for CONFIG_MIPS_BRCM changes here: https://code.google.com/p/gfiber-gflt100/source/browse/kernel/linux/net/core/skbuff.c https://code.google.com/p/gfiber-gflt100/source/browse/kernel/linux/include/linux/skbuff.h -- Florian
Re: Optimizing instruction-cache, more packets at each stage
On Sun, Jan 24, 2016 at 1:41 PM, John Fastabend
wrote:
> On 16-01-24 12:09 PM, Tom Herbert wrote:
>> On Sun, Jan 24, 2016 at 6:28 AM, Jesper Dangaard Brouer
>> wrote:
>>> On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
>>> David Miller wrote:
>>>
From: Jesper Dangaard Brouer
Date: Thu, 21 Jan 2016 12:27:30 +0100
> eth_type_trans() does two things:
>
> 1) determine skb->protocol
> 2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
>
> Could the HW descriptor deliver the "proto", or perhaps just some bits
> on the most common proto's?
>
> The skb->pkt_type don't need many bits. And I bet the HW already have
> the information. The BROADCAST and MULTICAST indication are easy. The
> PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
> indication, if the eth->h_dest match the devices dev->dev_addr (else a
> SW compare is required).
>
> Is that doable in hardware?
I feel like we've had this discussion before several years ago.
I think having just the protocol value would be enough.
skb->pkt_type we could deal with by using always an accessor and
evaluating it lazily. Nothing needs it until we hit ip_rcv() or
similar.
>>>
>>> First I thought, I liked the idea delaying the eval of skb->pkt_type.
>>>
>>> BUT then I realized, what if we take this even further. What if we
>>> actually use this information, for something useful, at this very
>>> early RX stage.
>>>
>>> The information I'm interested in, from the HW descriptor, is if this
>>> packet is NOT for local delivery. If so, we can send the packet on a
>>> "fast-forward" code path.
>>>
>>> Think about bridging packets to a guest OS. Because we know very
>>> early at RX (from packet HW descriptor) we might even avoid allocating
>>> a SKB. We could just "forward" the packet-page to the guest OS.
>>>
>>> Taking Eric's idea, of remote CPUs, we could even send these
>>> packet-pages to a remote CPU (e.g. where the guest OS is running),
>>> without having touched a single cache-line in the packet-data. I
>>> would still bundle them up first, to amortize the (100-133ns) cost of
>>> transferring something to another CPU.
>>>
>> You mean like RPS/RFS/aRFS/flow_director already does (except for the
>> zero-touch part)?
>>
>
> You could also look at ATR in the ixgbe/i40e drivers which on xmit
> uses a tuple to try and force the hardware to recv on the same queue
> pair as the sending side. The idea being you can bind tx/rx queue
> pairs to a core and send/recv on the same core which tends to be an
> OK strategy although not always. It is sometimes better to tx and rx
> on separate cores.
>
Right, we have seen cases where HW attempting to autonomously bind
tx/rx to the same CPU does nothing more than create a whole bunch of
OOO packets and a big mess otherwise. The better approach is to allow
the stack to indicate to HW where *it* wants received packets for each
flow to go. If it wants to bind tx/rx it can do that, if it wants to
split that's fine to. This is possible with aRFS, and in fact I don't
see any reason why virtual drivers shouldn't support also aRFS to
allow guests control over steering within their CPUs.
>>> The data-cache trick, would be to instruct prefetcher only to start
>>> prefetching to L3 or L2, when these packet are destined for a remote
>>> CPU. At-least Intel CPUs have prefetch operations that specify only
>>> L2/L3 cache.
>>>
>>>
>>> Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
>>> local delivery, but set the information if avail from HW desc. And
>>> fast page-forward don't even need a SKB.
>>>
>>> --
>>> Best regards,
>>> Jesper Dangaard Brouer
>>> MSc.CS, Principal Kernel Engineer at Red Hat
>>> Author of http://www.iptv-analyzer.org
>>> LinkedIn: http://www.linkedin.com/in/brouer
>
[net] igbvf: remove "link is Up" message when registering mcast address
A similar issue was addressed a few years ago in the following thread: http://www.spinics.net/lists/netdev/msg245877.html At that time there were concerns that removing this statement may cause other side effects. However the submitter addressed those concerns. But the dialogue went cold. We have a new case where a customers application is registering and un-registering multicast addresses every few seconds. This is leading to many "Link is Up" messages in the logs as a result of the "netif_carrier_off(netdev)" statement called by igbvf_msix_other(). Also on some kernels it is interfering with the bonding driver causing it to failover and subsequently affecting connectivity. The Sourgeforge driver does not make this call and is therefore not affected. If there were any side effects I would expect that driver to also be affected. I have tested re-loading the igbvf driver and downing the adapter with the PF entity on the host where the VM has this patch. When I bring it back up again connectivity is restored as expected. Therefore I request that this patch gets submitted. Signed-off-by: Jon Maxwell --- drivers/net/ethernet/intel/igbvf/netdev.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c index 297af80..c2dfc22 100644 --- a/drivers/net/ethernet/intel/igbvf/netdev.c +++ b/drivers/net/ethernet/intel/igbvf/netdev.c @@ -876,7 +876,6 @@ static irqreturn_t igbvf_msix_other(int irq, void *data) adapter->int_counter1++; - netif_carrier_off(netdev); hw->mac.get_link_status = 1; if (!test_bit(__IGBVF_DOWN, &adapter->state)) mod_timer(&adapter->watchdog_timer, jiffies + 1); -- 1.8.3.1
[PATCH net] af_unix: fix struct pid memory leak
From: Eric Dumazet
Dmitry reported a struct pid leak detected by a syzkaller program.
Bug happens in unix_stream_recvmsg() when we break the loop when a
signal is pending, without properly releasing scm.
Fixes: b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv
routines")
Reported-by: Dmitry Vyukov
Signed-off-by: Eric Dumazet
Cc: Rainer Weikusat
---
net/unix/af_unix.c |1 +
1 file changed, 1 insertion(+)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c5bf5ef2bf89..49d5093eb055 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2339,6 +2339,7 @@ again:
if (signal_pending(current)) {
err = sock_intr_errno(timeo);
+ scm_destroy(&scm);
goto out;
}
Re: Optimizing instruction-cache, more packets at each stage
On 16-01-24 12:09 PM, Tom Herbert wrote:
> On Sun, Jan 24, 2016 at 6:28 AM, Jesper Dangaard Brouer
> wrote:
>> On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
>> David Miller wrote:
>>
>>> From: Jesper Dangaard Brouer
>>> Date: Thu, 21 Jan 2016 12:27:30 +0100
>>>
eth_type_trans() does two things:
1) determine skb->protocol
2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
Could the HW descriptor deliver the "proto", or perhaps just some bits
on the most common proto's?
The skb->pkt_type don't need many bits. And I bet the HW already have
the information. The BROADCAST and MULTICAST indication are easy. The
PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
indication, if the eth->h_dest match the devices dev->dev_addr (else a
SW compare is required).
Is that doable in hardware?
>>>
>>> I feel like we've had this discussion before several years ago.
>>>
>>> I think having just the protocol value would be enough.
>>>
>>> skb->pkt_type we could deal with by using always an accessor and
>>> evaluating it lazily. Nothing needs it until we hit ip_rcv() or
>>> similar.
>>
>> First I thought, I liked the idea delaying the eval of skb->pkt_type.
>>
>> BUT then I realized, what if we take this even further. What if we
>> actually use this information, for something useful, at this very
>> early RX stage.
>>
>> The information I'm interested in, from the HW descriptor, is if this
>> packet is NOT for local delivery. If so, we can send the packet on a
>> "fast-forward" code path.
>>
>> Think about bridging packets to a guest OS. Because we know very
>> early at RX (from packet HW descriptor) we might even avoid allocating
>> a SKB. We could just "forward" the packet-page to the guest OS.
>>
>> Taking Eric's idea, of remote CPUs, we could even send these
>> packet-pages to a remote CPU (e.g. where the guest OS is running),
>> without having touched a single cache-line in the packet-data. I
>> would still bundle them up first, to amortize the (100-133ns) cost of
>> transferring something to another CPU.
>>
> You mean like RPS/RFS/aRFS/flow_director already does (except for the
> zero-touch part)?
>
You could also look at ATR in the ixgbe/i40e drivers which on xmit
uses a tuple to try and force the hardware to recv on the same queue
pair as the sending side. The idea being you can bind tx/rx queue
pairs to a core and send/recv on the same core which tends to be an
OK strategy although not always. It is sometimes better to tx and rx
on separate cores.
>> The data-cache trick, would be to instruct prefetcher only to start
>> prefetching to L3 or L2, when these packet are destined for a remote
>> CPU. At-least Intel CPUs have prefetch operations that specify only
>> L2/L3 cache.
>>
>>
>> Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
>> local delivery, but set the information if avail from HW desc. And
>> fast page-forward don't even need a SKB.
>>
>> --
>> Best regards,
>> Jesper Dangaard Brouer
>> MSc.CS, Principal Kernel Engineer at Red Hat
>> Author of http://www.iptv-analyzer.org
>> LinkedIn: http://www.linkedin.com/in/brouer
Re: Mis-backport in af_unix patch for Linux 3.10.95
On Sun, Jan 24, 2016 at 11:16:25AM -0500, Sultan Qasim wrote: > Hello, > > Thank you very much for the warm welcome :-) > > You're right, the noblock variable is used elsewhere in the stream > receive function, so nothing is needed there after the interruptible > logic is restored for the dgram function. > > Your patch looks good to me. I had picked the Linux 3.12.52 version of > the patch (where the interruptible locking was removed from the right > place in the stream receive function) onto my 3.10 kernel branch a > couple weeks ago and it has been working fine for me. Great, thanks for reviewing and letting us know about this, I've queued Willy's patch up now for inclusion in the next 3.10-stable release. greg k-h
Re: struct pid memory leak
On Sat, Jan 23, 2016 at 7:04 PM, Willy Tarreau wrote: > On Sat, Jan 23, 2016 at 06:50:11PM -0800, Eric Dumazet wrote: >> On Sat, Jan 23, 2016 at 6:38 PM, Willy Tarreau wrote: >> > On Sun, Jan 24, 2016 at 03:11:45AM +0100, Willy Tarreau wrote: >> >> It doesn't report this on 3.10. >> > >> > To be more precise, kmemleak reports the issue on 3.13 and not on 3.12. >> > I'm not sure if it's reliable enough to run a bisect though. >> > >> > Willy >> > >> >> I have the leak on linux-3.11. >> >> I believe even linux-3.3 gets the leak, although I had to wait about >> one hour to be confident the leak was there. > > OK so I'm stopping my bisect. It's possible it's affected with some option > which changed along the various "make oldconfig" at each step. Thanks for > letting me know. Bug was added in 2.6.38 . I am testing a fix and will send it today.
Re: Optimizing instruction-cache, more packets at each stage
On Sun, Jan 24, 2016 at 6:28 AM, Jesper Dangaard Brouer
wrote:
> On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
> David Miller wrote:
>
>> From: Jesper Dangaard Brouer
>> Date: Thu, 21 Jan 2016 12:27:30 +0100
>>
>> > eth_type_trans() does two things:
>> >
>> > 1) determine skb->protocol
>> > 2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
>> >
>> > Could the HW descriptor deliver the "proto", or perhaps just some bits
>> > on the most common proto's?
>> >
>> > The skb->pkt_type don't need many bits. And I bet the HW already have
>> > the information. The BROADCAST and MULTICAST indication are easy. The
>> > PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
>> > indication, if the eth->h_dest match the devices dev->dev_addr (else a
>> > SW compare is required).
>> >
>> > Is that doable in hardware?
>>
>> I feel like we've had this discussion before several years ago.
>>
>> I think having just the protocol value would be enough.
>>
>> skb->pkt_type we could deal with by using always an accessor and
>> evaluating it lazily. Nothing needs it until we hit ip_rcv() or
>> similar.
>
> First I thought, I liked the idea delaying the eval of skb->pkt_type.
>
> BUT then I realized, what if we take this even further. What if we
> actually use this information, for something useful, at this very
> early RX stage.
>
> The information I'm interested in, from the HW descriptor, is if this
> packet is NOT for local delivery. If so, we can send the packet on a
> "fast-forward" code path.
>
> Think about bridging packets to a guest OS. Because we know very
> early at RX (from packet HW descriptor) we might even avoid allocating
> a SKB. We could just "forward" the packet-page to the guest OS.
>
> Taking Eric's idea, of remote CPUs, we could even send these
> packet-pages to a remote CPU (e.g. where the guest OS is running),
> without having touched a single cache-line in the packet-data. I
> would still bundle them up first, to amortize the (100-133ns) cost of
> transferring something to another CPU.
>
You mean like RPS/RFS/aRFS/flow_director already does (except for the
zero-touch part)?
> The data-cache trick, would be to instruct prefetcher only to start
> prefetching to L3 or L2, when these packet are destined for a remote
> CPU. At-least Intel CPUs have prefetch operations that specify only
> L2/L3 cache.
>
>
> Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
> local delivery, but set the information if avail from HW desc. And
> fast page-forward don't even need a SKB.
>
> --
> Best regards,
> Jesper Dangaard Brouer
> MSc.CS, Principal Kernel Engineer at Red Hat
> Author of http://www.iptv-analyzer.org
> LinkedIn: http://www.linkedin.com/in/brouer
Re: [PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash
On Sun, Jan 24, 2016 at 09:16:26PM +0800, Herbert Xu wrote: > The interfaces blkcipher and hash are obsolete. This patch replaces > them with skcipher and ahash respectively. > > Signed-off-by: Herbert Xu > --- > > drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 99 > ++- > drivers/staging/rtl8192e/rtllib_crypt_wep.c | 48 +++-- > 2 files changed, 82 insertions(+), 65 deletions(-) Acked-by: Greg Kroah-Hartman
Re: [PATCH 6/26] staging: rtl8192u: Use skcipher and ahash
On Sun, Jan 24, 2016 at 09:16:57PM +0800, Herbert Xu wrote: > This patch replaces uses of blkcipher with skcipher, and the long > obsolete hash interface with ahash. > > Signed-off-by: Herbert Xu > --- > > drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c | 92 > +++--- > drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c | 46 --- > 2 files changed, 81 insertions(+), 57 deletions(-) Acked-by: Greg Kroah-Hartman
Re: [PATCH v2] net: fec: make driver endian-safe
On Sun, 2016-01-24 at 17:49 +0100, Arnd Bergmann wrote: > I'd argue that the "(CONFIG_ARCH_MXC) || defined(CONFIG_SOC_IMX28)" > is definitely wrong, because if we ever get another ARM platform > that uses this driver, it may or may not work depending on whether > the ARCH_MXC is also set, and that is not a helpful behavior. > > Better make it simply CONFIG_ARM to keep the behavior independent > of config options. It won't change anything for now but any future > platform will probably work independent of configuration or would > require a bugfix at all. > I agree, but I'm not really sure it's in the scope of this particular patch? Might be better to just have a separate patch with an appropriate commit message changing this ifdef. johannes
Re: [PATCH 9/26] eCryptfs: Use skcipher and shash
Maybe the goto on line 1726 needs a preceding mutex_unlock?
julia
On Mon, 25 Jan 2016, kbuild test robot wrote:
> Hi Herbert,
>
> [auto build test WARNING on net/master]
> [also build test WARNING on v4.4 next-20160122]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improving the system]
>
> url:
> https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323
> :: branch date: 5 hours ago
> :: commit date: 5 hours ago
>
> >> fs/ecryptfs/keystore.c:1761:1-7: preceding lock on line 1719
>
> git remote add linux-review https://github.com/0day-ci/linux
> git remote update linux-review
> git checkout 0186bf144c1f96606f491be0e7ed47b79ea0d285
> vim +1761 fs/ecryptfs/keystore.c
>
> ac97b9f9 Michael Halcrow 2008-11-19 1713 if (rc < 1 || rc > 2) {
> f4aad16a Michael Halcrow 2007-10-16 1714 printk(KERN_ERR
> "Internal error whilst attempting to convert "
> f4aad16a Michael Halcrow 2007-10-16 1715
> "auth_tok->session_key.decrypted_key to scatterlist; "
> f4aad16a Michael Halcrow 2007-10-16 1716 "expected rc =
> 1; got rc = [%d]\n", rc);
> f4aad16a Michael Halcrow 2007-10-16 1717 goto out;
> 237fead6 Michael Halcrow 2006-10-04 1718 }
> 237fead6 Michael Halcrow 2006-10-04 @1719 mutex_lock(tfm_mutex);
> 0186bf14 Herbert Xu 2016-01-24 1720 req =
> skcipher_request_alloc(tfm, GFP_KERNEL);
> 0186bf14 Herbert Xu 2016-01-24 1721 if (!req) {
> 0186bf14 Herbert Xu 2016-01-24 1722 printk(KERN_ERR "%s:
> Out of kernel memory whilst attempting to "
> 0186bf14 Herbert Xu 2016-01-24 1723
> "skcipher_request_alloc for %s\n", __func__,
> 0186bf14 Herbert Xu 2016-01-24 1724
> crypto_skcipher_driver_name(tfm));
> 0186bf14 Herbert Xu 2016-01-24 1725 rc = -ENOMEM;
> 0186bf14 Herbert Xu 2016-01-24 1726 goto out;
> 0186bf14 Herbert Xu 2016-01-24 1727 }
> 0186bf14 Herbert Xu 2016-01-24 1728
> 0186bf14 Herbert Xu 2016-01-24 1729
> skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
> 0186bf14 Herbert Xu 2016-01-24 1730
> NULL, NULL);
> 0186bf14 Herbert Xu 2016-01-24 1731 rc = crypto_skcipher_setkey(
> 0186bf14 Herbert Xu 2016-01-24 1732 tfm,
> auth_tok->token.password.session_key_encryption_key,
> 237fead6 Michael Halcrow 2006-10-04 1733 crypt_stat->key_size);
> f4aad16a Michael Halcrow 2007-10-16 1734 if (unlikely(rc < 0)) {
> f4aad16a Michael Halcrow 2007-10-16 1735 mutex_unlock(tfm_mutex);
> e5d9cbde Michael Halcrow 2006-10-30 1736 printk(KERN_ERR "Error
> setting key for crypto context\n");
> e5d9cbde Michael Halcrow 2006-10-30 1737 rc = -EINVAL;
> f4aad16a Michael Halcrow 2007-10-16 1738 goto out;
> 237fead6 Michael Halcrow 2006-10-04 1739 }
> 0186bf14 Herbert Xu 2016-01-24 1740 skcipher_request_set_crypt(req,
> src_sg, dst_sg,
> 0186bf14 Herbert Xu 2016-01-24 1741
> auth_tok->session_key.encrypted_key_size,
> 0186bf14 Herbert Xu 2016-01-24 1742
> NULL);
> 0186bf14 Herbert Xu 2016-01-24 1743 rc =
> crypto_skcipher_decrypt(req);
> f4aad16a Michael Halcrow 2007-10-16 1744 mutex_unlock(tfm_mutex);
> f4aad16a Michael Halcrow 2007-10-16 1745 if (unlikely(rc)) {
> 8bba066f Michael Halcrow 2006-10-30 1746 printk(KERN_ERR "Error
> decrypting; rc = [%d]\n", rc);
> f4aad16a Michael Halcrow 2007-10-16 1747 goto out;
> 8bba066f Michael Halcrow 2006-10-30 1748 }
> 237fead6 Michael Halcrow 2006-10-04 1749 auth_tok->session_key.flags |=
> ECRYPTFS_CONTAINS_DECRYPTED_KEY;
> 237fead6 Michael Halcrow 2006-10-04 1750 memcpy(crypt_stat->key,
> auth_tok->session_key.decrypted_key,
> 237fead6 Michael Halcrow 2006-10-04 1751
> auth_tok->session_key.decrypted_key_size);
> e2bd99ec Michael Halcrow 2007-02-12 1752 crypt_stat->flags |=
> ECRYPTFS_KEY_VALID;
> f4aad16a Michael Halcrow 2007-10-16 1753 if (unlikely(ecryptfs_verbosity
> > 0)) {
> f24b3887 Tyler Hicks 2010-11-15 1754
> ecryptfs_printk(KERN_DEBUG, "FEK of size [%zd]:\n",
> f4aad16a Michael Halcrow 2007-10-16 1755
> crypt_stat->key_size);
> 237fead6 Michael Halcrow 2006-10-04 1756
> ecryptf
Re: Optimizing instruction-cache, more packets at each stage
On 16-01-24 06:44 AM, Michael S. Tsirkin wrote:
> On Sun, Jan 24, 2016 at 03:28:14PM +0100, Jesper Dangaard Brouer wrote:
>> On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
>> David Miller wrote:
>>
>>> From: Jesper Dangaard Brouer
>>> Date: Thu, 21 Jan 2016 12:27:30 +0100
>>>
eth_type_trans() does two things:
1) determine skb->protocol
2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
Could the HW descriptor deliver the "proto", or perhaps just some bits
on the most common proto's?
The skb->pkt_type don't need many bits. And I bet the HW already have
the information. The BROADCAST and MULTICAST indication are easy. The
PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
indication, if the eth->h_dest match the devices dev->dev_addr (else a
SW compare is required).
Is that doable in hardware?
>>>
>>> I feel like we've had this discussion before several years ago.
>>>
>>> I think having just the protocol value would be enough.
>>>
>>> skb->pkt_type we could deal with by using always an accessor and
>>> evaluating it lazily. Nothing needs it until we hit ip_rcv() or
>>> similar.
>>
>> First I thought, I liked the idea delaying the eval of skb->pkt_type.
>>
>> BUT then I realized, what if we take this even further. What if we
>> actually use this information, for something useful, at this very
>> early RX stage.
>>
>> The information I'm interested in, from the HW descriptor, is if this
>> packet is NOT for local delivery. If so, we can send the packet on a
>> "fast-forward" code path.
>>
>> Think about bridging packets to a guest OS. Because we know very
>> early at RX (from packet HW descriptor) we might even avoid allocating
>> a SKB. We could just "forward" the packet-page to the guest OS.
>
> OK, so you would build a new kind of rx handler, and then
> e.g. macvtap could maybe get packets this way?
> Sure - e.g. vhost expects an skb at the moment
> but it won't be too hard to teach it that there's
> some other option.
+ Daniel, Vlad
If you use the macvtap device with the offload features you can "know"
via mac address that all packets on a specific hardware queue set belong
to a specific guest. (the queues are bound to a new netdev) This works
well with the passthru mode of macvlan. So you can do hardware bridging
this way. Supporting similar L3 modes probably not via macvlan has been
on my todo list for awhile but I haven't got there yet. ixgbe and fm10k
intel drivers support this now maybe others but those are the two I've
worked with recently.
The idea here is you remove any overhead from running bridge code, etc.
but still allowing users to stick netfilter, qos, etc hooks in the
datapath.
Also Daniel and I started working on a zero-copy RX mode which would
further help this by letting vhost-net pass down a set of dma buffers
we should probably get this working and submit it. iirc Vlad also
had the same sort of idea. The initial data for this looked good but
not as good as the solution below. However it had a similar issue as
below in that you just jumped over netfilter, qos, etc. Our initial
implementation used af_packet.
>
> Or maybe some kind of stub skb that just has
> the correct length but no data is easier,
> I'm not sure.
>
Another option is to use perfect filters to push traffic to a VF and
then map the VF into user space and use the vhost dpdk bits. This
works fairly well and gets pkts into the guest with little hypervisor
overhead and no(?) kernel network stack overhead. But the trade-off is
you cut out netfilter, qos, etc. This is really slick if you "trust"
your guest or have enough ACLs/etc in your hardware to "trust' the
guest.
A compromise is to use a VF and do not unbind it from the OS then
you can use macvtap again and map the netdev 1:1 to a guest. With
this mode you can still use your netfilter, qos, etc. but do l2,l3,l4
hardware forwarding with perfect filters.
As an aside if you don't like ethtool perfect filters I have a set of
patches to control this via 'tc' that I'll submit when net-next opens
up again which would let you support filtering on more field options
using offset:mask:value notation.
>> Taking Eric's idea, of remote CPUs, we could even send these
>> packet-pages to a remote CPU (e.g. where the guest OS is running),
>> without having touched a single cache-line in the packet-data. I
>> would still bundle them up first, to amortize the (100-133ns) cost of
>> transferring something to another CPU.
>
> This bundling would have to happen in a guest
> specific way then, so in vhost.
> I'd be curious to see what you come up with.
>
>> The data-cache trick, would be to instruct prefetcher only to start
>> prefetching to L3 or L2, when these packet are destined for a remote
>> CPU. At-least Intel CPUs have prefetch operations that specify only
>> L2/L3 cache.
>>
>>
>> Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
>> local delivery
Re: [PATCH v2] net: fec: make driver endian-safe
On Sunday 24 January 2016 16:52:37 Johannes Berg wrote: > It's not clear that the ifdef there really is correct and shouldn't > just be #ifdef CONFIG_ARM, but I also can't test on anything but the > i.MX6 HummingBoard where this gets it working with a BE kernel. > > Signed-off-by: Johannes Berg I'd argue that the "(CONFIG_ARCH_MXC) || defined(CONFIG_SOC_IMX28)" is definitely wrong, because if we ever get another ARM platform that uses this driver, it may or may not work depending on whether the ARCH_MXC is also set, and that is not a helpful behavior. Better make it simply CONFIG_ARM to keep the behavior independent of config options. It won't change anything for now but any future platform will probably work independent of configuration or would require a bugfix at all. Arnd
[BUG] Adding vlan to DSA port causes lockdep splat
Adding a vlan to a DSA switch port netdev causes the following lockdep
splat on v4.4. This was caused by:
# vconfig add lan5 2048
# ip link set lan5.2048 up
=
[ INFO: possible recursive locking detected ]
4.4.0+ #41 Not tainted
-
ip/1437 is trying to acquire lock:
(_xmit_ETHER/1){+.}, at: [] dev_mc_sync+0x4c/0x88
but task is already holding lock:
(_xmit_ETHER/1){+.}, at: [] dev_mc_sync+0x4c/0x88
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(_xmit_ETHER/1);
lock(_xmit_ETHER/1);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by ip/1437:
#0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x1c/0x20
#1: (&vlan_netdev_addr_lock_key){+.}, at: []
dev_set_rx_mode+0x1c/0x30
#2: (_xmit_ETHER/1){+.}, at: [] dev_mc_sync+0x4c/0x88
stack backtrace:
CPU: 1 PID: 1437 Comm: ip Not tainted 4.4.0+ #41
Hardware name: Marvell Armada 380/385 (Device Tree)
Backtrace:
[] (dump_backtrace) from [] (show_stack+0x18/0x1c)
r6:c1126954 r5:c0a23e10 r4: r3:dc8ba600
[] (show_stack) from [] (dump_stack+0x7c/0x98)
[] (dump_stack) from [] (__lock_acquire+0x138c/0x1b98)
r4:c0a68580 r3:ef352280
[] (__lock_acquire) from [] (lock_acquire+0x74/0x94)
r10:ee9a3f10 r9:ee9b7d80 r8: r7:0001 r6:0001 r5:600f0013
r4:
[] (lock_acquire) from [] (_raw_spin_lock_nested+0x30/0x40)
r7:ec017030 r6:ef01d178 r5:ee8a2800 r4:ef01d178
[] (_raw_spin_lock_nested) from [] (dev_mc_sync+0x4c/0x88)
r4:ef01d000
[] (dev_mc_sync) from [] (dsa_slave_set_rx_mode+0x28/0x38)
r6: r5:ef01d000 r4:ee8a2800 r3:ef3e0b50
[] (dsa_slave_set_rx_mode) from []
(__dev_set_rx_mode+0x64/0x9c)
r5:c06b2768 r4:ee8a2800
[] (__dev_set_rx_mode) from [] (dev_mc_sync+0x7c/0x88)
r6:ee8a2978 r5: r4:ee8a2800 r3:0002
[] (dev_mc_sync) from [] (vlan_dev_set_rx_mode+0x1c/0x2c
[8021q])
r6: r5:bf1366d4 r4:ec017000 r3:bf134c40
[] (vlan_dev_set_rx_mode [8021q]) from []
(__dev_set_rx_mode+0x64/0x9c)
r4:ec017000 r3:bf134c40
[] (__dev_set_rx_mode) from [] (dev_set_rx_mode+0x24/0x30)
r6:bf1366d4 r5:ec017000 r4:ec017178 r3:ef352280
[] (dev_set_rx_mode) from [] (__dev_open+0xc4/0x108)
r5: r4:ec017000
[] (__dev_open) from [] (__dev_change_flags+0x94/0x150)
r7:1002 r6:0001 r5:1003 r4:ec017000
[] (__dev_change_flags) from [] (dev_change_flags+0x20/0x50)
r8: r7:bf1366d4 r6:1002 r5:013c r4:ec017000 r3:0001
[] (dev_change_flags) from [] (do_setlink+0x2c8/0x76c)
r8: r7:bf1366d4 r6:eeac3be0 r5: r4:ec017000 r3:0001
[] (do_setlink) from [] (rtnl_newlink+0x464/0x700)
r10: r9: r8: r7:eeac3ba0 r6:ee9a3f00 r5:ec017000
r4:
[] (rtnl_newlink) from [] (rtnetlink_rcv_msg+0x158/0x1f4)
r10: r9: r8:eeac3d84 r7: r6:ee9b7d80 r5:
r4:ee9a3f00
[] (rtnetlink_rcv_msg) from [] (netlink_rcv_skb+0xb4/0xc8)
r8:eeac3d84 r7:ee9b7d80 r6:c051e0b0 r5:ee9b7d80 r4:ee9a3f00
[] (netlink_rcv_skb) from [] (rtnetlink_rcv+0x24/0x2c)
r6:eda45c00 r5:0020 r4:ee9b7d80 r3:26fb
[] (rtnetlink_rcv) from [] (netlink_unicast+0x198/0x1fc)
r4:ef10c000 r3:c051c640
[] (netlink_unicast) from [] (netlink_sendmsg+0x348/0x368)
r10:ee9b7d80 r8: r7: r6:0020 r5:eda45c00 r4:eeac3f4c
[] (netlink_sendmsg) from [] (sock_sendmsg+0x1c/0x2c)
r10: r9: r8:ec8af8c0 r7: r6:c08b74c8 r5:
r4:eeac3f4c
[] (sock_sendmsg) from [] (___sys_sendmsg+0x240/0x254)
[] (___sys_sendmsg) from [] (__sys_sendmsg+0x44/0x70)
r10: r9:eeac2000 r8:c000ff04 r7:0128 r6: r5:ec8af8c0
r4:bedad654
[] (__sys_sendmsg) from [] (SyS_sendmsg+0x10/0x14)
r6:bedad640 r5:0010 r4:000c
[] (SyS_sendmsg) from [] (ret_fast_syscall+0x0/0x1c)
The problem seems to be centered around:
dev_set_rx_mode ->
__dev_set_rx_mode -> vlan_dev_set_rx_mode -> dev_mc_sync ->
__dev_set_rx_mode -> dsa_slave_set_rx_mode -> dev_mc_sync
and the lock taken in dev_mc_sync(). On the face of it, it appears
that the vlan 'nest_level' was set to 1.
SINGLE_DEPTH_NESTING is set to 1, and netif_addr_lock_nested() does:
int subclass = SINGLE_DEPTH_NESTING;
if (dev->netdev_ops->ndo_get_lock_subclass)
subclass = dev->netdev_ops->ndo_get_lock_subclass(dev);
spin_lock_nested(&dev->addr_list_lock, subclass);
This has the effect that DSA (which does not provide
ndo_get_lock_subclass) uses a subclass of '1'. However, when vlan
calculates its nesting:
vlan->nest_level = dev_get_nest_level(real_dev, is_vlan_dev) + 1;
is_vlan_dev() will be false for "real_dev" (that being the DSA device).
However, dev_get_nest_level() returns zero if real_dev (or any of its
parents) are not a vlan device. Hence, the vlan device is also taken
at a subclass of '1'.
As both locks are taken with the same class/subclass, l
Re: Mis-backport in af_unix patch for Linux 3.10.95
Hello, Thank you very much for the warm welcome :-) You're right, the noblock variable is used elsewhere in the stream receive function, so nothing is needed there after the interruptible logic is restored for the dgram function. Your patch looks good to me. I had picked the Linux 3.12.52 version of the patch (where the interruptible locking was removed from the right place in the stream receive function) onto my 3.10 kernel branch a couple weeks ago and it has been working fine for me. Thanks, Sultan On Sun, Jan 24, 2016 at 3:31 AM, Willy Tarreau wrote: > Hello, > > On Sun, Jan 24, 2016 at 12:10:35AM -0500, Sultan Qasim wrote: >> Hello all, >> >> I'm an outsider to the Linux kernel community, so I apologize if this >> is not the right channel to mention this. > > The simple fact that you participate, inspect the code and report bugs > makes you part of this community :-) It's indeed the right place. > Usually when reporting an issue with a commit, we also CC the whole > signed-off-by / CC chain of that commit (which I'm doing now). For > bugs related to networking, we usually CC the netdev list as well. > >> I noticed that the >> backported version of the patch "af_unix: Revert 'lock_interruptible' >> in stream receive code" in Linux 3.10.95 seems to have removed the >> mutex_lock_interruptible from the wrong function. >> >> Here is the backported patch: >> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=3a57e783016bf43ab9326172217f564941b85b17 >> >> Here is the original: >> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/unix/af_unix.c?id=3822b5c2fc62e3de8a0f33806ff279fb7df92432 >> >> Was it not meant to be removed from unix_stream_recvmsg instead of >> unix_dgram_recvmsg? > > You're absolutely right, good catch! Similar controls were added to > both functions resulting in the same code appearing there, which > confused the patch process, causing the change to be applied to the > wrong location. This happens from time to time in such circumstances > when backporting to older kernels. > >> Also, the variable called "noblock" needs to be >> removed from the function being changed to prevent unused variable >> warnings. > > If you mean this variable in function unix_dgram_recvmsg(), it would > indeed report a warning but only due to the patch being mis-applied. > In unix_stream_recvmsg(), it's still used as well. > > Does the attached patch seem better to you (not compile-tested) ? > > Greg/Ben, both 3.2.76 and 3.14.59 are OK regarding this, it seems > like only 3.10.95 was affected. > > Thanks, > Willy >
[PATCH/RFC v4 net-next] ravb: Add dma queue interrupt support
From: Kazuya Mizuguchi
This patch supports the following interrupts.
- One interrupt for multiple (descriptor, error, management)
- One interrupt for emac
- Four interrupts for dma queue (best effort rx/tx, network control rx/tx)
This patch improve efficiency of the interrupt handler by adding the
interrupt handler corresponding to each interrupt source described
above. Additionally, it reduces the number of times of the access to
EthernetAVB IF.
Signed-off-by: Kazuya Mizuguchi
Signed-off-by: Yoshihiro Kaneko
---
This patch is based on the master branch of David Miller's next networking
tree.
v4 [Yoshihiro Kaneko]
* compile tested only
* As suggested by Sergei Shtylyov
drivers/net/ethernet/renesas/ravb.h:
- make two lines of comment into one line.
- remove unused definition of xxx_ALL.
drivers/net/ethernet/renesas/ravb_main.c:
- remove unrelated change (fix indentation).
- output warning messages when napi_schedule_prep() fails in ravb_dmaq_
interrupt() like ravb_interrupt().
- change the function name from req_irq to hook_irq.
- fix programming error in hook_irq().
- do free_irq() for rx_irqs[] and tx_irqs[] for only gen3 in out_free_
irq label in ravb_open().
v3 [Yoshihiro Kaneko]
* compile tested only
* As suggested by Sergei Shtylyov
- update changelog
drivers/net/ethernet/renesas/ravb.h:
- add comments to the additional registers like CIE
drivers/net/ethernet/renesas/ravb_main.c:
- fix the initialization of the interrupt in ravb_dmac_init()
- revert ravb_error_interrupt() because gen3 code is wrong
- change the comment "Management" in ravb_multi_interrupt()
- add a helper function for request_irq() in ravb_open()
- revert ravb_close() because atomicity is not necessary here
drivers/net/ethernet/renesas/ravb_ptp.c:
- revert ravb_ptp_stop() because atomicity is not necessary here
v2 [Yoshihiro Kaneko]
* compile tested only
* As suggested by Sergei Shtylyov
- add comment to CIE
- remove comments from CIE bits
- fix value of TIx_ALL
- define each bits for CIE, GIE, GID, RIE0, RID0, RIE2, RID2, TIE, TID
- reversed Christmas tree declaration ordered
- rename _ravb_emac_interrupt() to ravb_emac_interrupt_unlocked()
- remove unnecessary clearing of CIE
- use a bit name corresponding to the target register, RIE0, RIE2, TIE,
TID, RID2, GID, GIE
drivers/net/ethernet/renesas/ravb.h | 204 ++
drivers/net/ethernet/renesas/ravb_main.c | 207 ---
drivers/net/ethernet/renesas/ravb_ptp.c | 37 --
3 files changed, 421 insertions(+), 27 deletions(-)
diff --git a/drivers/net/ethernet/renesas/ravb.h
b/drivers/net/ethernet/renesas/ravb.h
index 9fbe92a..28314ea 100644
--- a/drivers/net/ethernet/renesas/ravb.h
+++ b/drivers/net/ethernet/renesas/ravb.h
@@ -157,6 +157,7 @@ enum ravb_reg {
TIC = 0x0378,
TIS = 0x037C,
ISS = 0x0380,
+ CIE = 0x0384, /* R-Car Gen3 only */
GCCR= 0x0390,
GMTT= 0x0394,
GPTC= 0x0398,
@@ -170,6 +171,15 @@ enum ravb_reg {
GCT0= 0x03B8,
GCT1= 0x03BC,
GCT2= 0x03C0,
+ GIE = 0x03CC, /* R-Car Gen3 only */
+ GID = 0x03D0, /* R-Car Gen3 only */
+ DIL = 0x0440, /* R-Car Gen3 only */
+ RIE0= 0x0460, /* R-Car Gen3 only */
+ RID0= 0x0464, /* R-Car Gen3 only */
+ RIE2= 0x0470, /* R-Car Gen3 only */
+ RID2= 0x0474, /* R-Car Gen3 only */
+ TIE = 0x0478, /* R-Car Gen3 only */
+ TID = 0x047c, /* R-Car Gen3 only */
/* E-MAC registers */
ECMR= 0x0500,
@@ -556,6 +566,16 @@ enum ISS_BIT {
ISS_DPS15 = 0x8000,
};
+/* CIE (R-Car Gen3 only) */
+enum CIE_BIT {
+ CIE_CRIE= 0x0001,
+ CIE_CTIE= 0x0100,
+ CIE_RQFM= 0x0001,
+ CIE_CL0M= 0x0002,
+ CIE_RFWL= 0x0004,
+ CIE_RFFL= 0x0008,
+};
+
/* GCCR */
enum GCCR_BIT {
GCCR_TCR= 0x0003,
@@ -592,6 +612,188 @@ enum GIS_BIT {
GIS_PTMF= 0x0004,
};
+/* GIE (R-Car Gen3 only) */
+enum GIE_BIT {
+ GIE_PTCS= 0x0001,
+ GIE_PTOS= 0x0002,
+ GIE_PTMS0 = 0x0004,
+ GIE_PTMS1 = 0x0008,
+ GIE_PTMS2 = 0x0010,
+ GIE_PTMS3 = 0x0020,
+ GIE_PTMS4 = 0x0040,
+ GIE_PTMS5 = 0x0080,
+ GIE_PTMS6 = 0x0100,
+ GIE_PTMS7 = 0x0200,
+ GIE_ATCS0 = 0x0001,
+ GIE_ATCS1 = 0x0002,
+ GIE_ATCS2 = 0x0004,
+ GIE_ATCS3 = 0x0008,
+ GIE_ATCS4 = 0x0010,
+ GIE_ATCS5 = 0x0020,
+ GIE_ATCS6 = 0x0040,
+ GIE_ATCS7 = 0x008
[PATCH v2] net: fec: make driver endian-safe
The driver treats the device descriptors as CPU-endian, which appears
to be correct with the default endianness on both ARM (typically LE)
and PowerPC (typically BE) SoCs, indicating that the hardware block
is generated differently. Add endianness annotations and byteswaps as
necessary.
It's not clear that the ifdef there really is correct and shouldn't
just be #ifdef CONFIG_ARM, but I also can't test on anything but the
i.MX6 HummingBoard where this gets it working with a BE kernel.
Signed-off-by: Johannes Berg
---
drivers/net/ethernet/freescale/Makefile | 3 +
drivers/net/ethernet/freescale/fec.h | 40 ++---
drivers/net/ethernet/freescale/fec_main.c | 130 --
3 files changed, 101 insertions(+), 72 deletions(-)
diff --git a/drivers/net/ethernet/freescale/Makefile
b/drivers/net/ethernet/freescale/Makefile
index 71debd1c18c9..632adc2d7562 100644
--- a/drivers/net/ethernet/freescale/Makefile
+++ b/drivers/net/ethernet/freescale/Makefile
@@ -4,6 +4,9 @@
obj-$(CONFIG_FEC) += fec.o
fec-objs :=fec_main.o fec_ptp.o
+CFLAGS_fec_main.o := -D__CHECK_ENDIAN__
+CFLAGS_fec_ptp.o := -D__CHECK_ENDIAN__
+
obj-$(CONFIG_FEC_MPC52xx) += fec_mpc52xx.o
ifeq ($(CONFIG_FEC_MPC52xx_MDIO),y)
obj-$(CONFIG_FEC_MPC52xx) += fec_mpc52xx_phy.o
diff --git a/drivers/net/ethernet/freescale/fec.h
b/drivers/net/ethernet/freescale/fec.h
index 99d33e2d35e6..7dd47a0b8cfb 100644
--- a/drivers/net/ethernet/freescale/fec.h
+++ b/drivers/net/ethernet/freescale/fec.h
@@ -190,28 +190,46 @@
/*
* Define the buffer descriptor structure.
+ *
+ * Evidently, ARM SoCs have the FEC block generated in a
+ * little endian mode; or at least ARCH_MXC/SOC_IMX28 do,
+ * so adjust endianness accordingly.
*/
#if defined(CONFIG_ARCH_MXC) || defined(CONFIG_SOC_IMX28)
+#define fec32_to_cpu le32_to_cpu
+#define fec16_to_cpu le16_to_cpu
+#define cpu_to_fec32 cpu_to_le32
+#define cpu_to_fec16 cpu_to_le16
+#define __fec32 __le32
+#define __fec16 __le16
+
struct bufdesc {
- unsigned short cbd_datlen; /* Data length */
- unsigned short cbd_sc; /* Control and status info */
- unsigned long cbd_bufaddr; /* Buffer address */
+ __fec16 cbd_datlen; /* Data length */
+ __fec16 cbd_sc; /* Control and status info */
+ __fec32 cbd_bufaddr;/* Buffer address */
};
#else
+#define fec32_to_cpu be32_to_cpu
+#define fec16_to_cpu be16_to_cpu
+#define cpu_to_fec32 cpu_to_be32
+#define cpu_to_fec16 cpu_to_be16
+#define __fec32 __be32
+#define __fec16 __be16
+
struct bufdesc {
- unsigned short cbd_sc; /* Control and status info */
- unsigned short cbd_datlen; /* Data length */
- unsigned long cbd_bufaddr;/* Buffer address */
+ __fec16 cbd_sc; /* Control and status info */
+ __fec16 cbd_datlen; /* Data length */
+ __fec32 cbd_bufaddr;/* Buffer address */
};
#endif
struct bufdesc_ex {
struct bufdesc desc;
- unsigned long cbd_esc;
- unsigned long cbd_prot;
- unsigned long cbd_bdu;
- unsigned long ts;
- unsigned short res0[4];
+ __fec32 cbd_esc;
+ __fec32 cbd_prot;
+ __fec32 cbd_bdu;
+ __fec32 ts;
+ __fec16 res0[4];
};
/*
diff --git a/drivers/net/ethernet/freescale/fec_main.c
b/drivers/net/ethernet/freescale/fec_main.c
index b2a32209ffbf..a055fbad1253 100644
--- a/drivers/net/ethernet/freescale/fec_main.c
+++ b/drivers/net/ethernet/freescale/fec_main.c
@@ -331,11 +331,13 @@ static void fec_dump(struct net_device *ndev)
bdp = txq->tx_bd_base;
do {
- pr_info("%3u %c%c 0x%04x 0x%08lx %4u %p\n",
+ pr_info("%3u %c%c 0x%04x 0x%08x %4u %p\n",
index,
bdp == txq->cur_tx ? 'S' : ' ',
bdp == txq->dirty_tx ? 'H' : ' ',
- bdp->cbd_sc, bdp->cbd_bufaddr, bdp->cbd_datlen,
+ fec16_to_cpu(bdp->cbd_sc),
+ fec32_to_cpu(bdp->cbd_bufaddr),
+ fec16_to_cpu(bdp->cbd_datlen),
txq->tx_skbuff[index]);
bdp = fec_enet_get_nextdesc(bdp, fep, 0);
index++;
@@ -388,7 +390,7 @@ fec_enet_txq_submit_frag_skb(struct fec_enet_priv_tx_q *txq,
bdp = fec_enet_get_nextdesc(bdp, fep, queue);
ebdp = (struct bufdesc_ex *)bdp;
- status = bdp->cbd_sc;
+ status = fec16_to_cpu(bdp->cbd_sc);
status &= ~BD_ENET_TX_STATS;
status |= (BD_ENET_TX_TC | BD_ENET_TX_READY);
frag_len = skb_shinfo(skb)->frags[frag].size;
@@ -410,7 +412,7 @@ fec_enet_txq_submit_frag_skb(struct fec_enet_priv_tx_q *txq,
if (skb->ip_summed == CHECKSUM_PARTIAL)
estatus |= BD_ENET_TX_PINS | BD_ENET_TX_IINS;
ebdp->cb
Re: Optimizing instruction-cache, more packets at each stage
On Sun, Jan 24, 2016 at 03:28:14PM +0100, Jesper Dangaard Brouer wrote:
> On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
> David Miller wrote:
>
> > From: Jesper Dangaard Brouer
> > Date: Thu, 21 Jan 2016 12:27:30 +0100
> >
> > > eth_type_trans() does two things:
> > >
> > > 1) determine skb->protocol
> > > 2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
> > >
> > > Could the HW descriptor deliver the "proto", or perhaps just some bits
> > > on the most common proto's?
> > >
> > > The skb->pkt_type don't need many bits. And I bet the HW already have
> > > the information. The BROADCAST and MULTICAST indication are easy. The
> > > PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
> > > indication, if the eth->h_dest match the devices dev->dev_addr (else a
> > > SW compare is required).
> > >
> > > Is that doable in hardware?
> >
> > I feel like we've had this discussion before several years ago.
> >
> > I think having just the protocol value would be enough.
> >
> > skb->pkt_type we could deal with by using always an accessor and
> > evaluating it lazily. Nothing needs it until we hit ip_rcv() or
> > similar.
>
> First I thought, I liked the idea delaying the eval of skb->pkt_type.
>
> BUT then I realized, what if we take this even further. What if we
> actually use this information, for something useful, at this very
> early RX stage.
>
> The information I'm interested in, from the HW descriptor, is if this
> packet is NOT for local delivery. If so, we can send the packet on a
> "fast-forward" code path.
>
> Think about bridging packets to a guest OS. Because we know very
> early at RX (from packet HW descriptor) we might even avoid allocating
> a SKB. We could just "forward" the packet-page to the guest OS.
OK, so you would build a new kind of rx handler, and then
e.g. macvtap could maybe get packets this way?
Sure - e.g. vhost expects an skb at the moment
but it won't be too hard to teach it that there's
some other option.
Or maybe some kind of stub skb that just has
the correct length but no data is easier,
I'm not sure.
> Taking Eric's idea, of remote CPUs, we could even send these
> packet-pages to a remote CPU (e.g. where the guest OS is running),
> without having touched a single cache-line in the packet-data. I
> would still bundle them up first, to amortize the (100-133ns) cost of
> transferring something to another CPU.
This bundling would have to happen in a guest
specific way then, so in vhost.
I'd be curious to see what you come up with.
> The data-cache trick, would be to instruct prefetcher only to start
> prefetching to L3 or L2, when these packet are destined for a remote
> CPU. At-least Intel CPUs have prefetch operations that specify only
> L2/L3 cache.
>
>
> Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
> local delivery, but set the information if avail from HW desc. And
> fast page-forward don't even need a SKB.
>
> --
> Best regards,
> Jesper Dangaard Brouer
> MSc.CS, Principal Kernel Engineer at Red Hat
> Author of http://www.iptv-analyzer.org
> LinkedIn: http://www.linkedin.com/in/brouer
Re: Optimizing instruction-cache, more packets at each stage
On Thu, 21 Jan 2016 10:54:01 -0800 (PST)
David Miller wrote:
> From: Jesper Dangaard Brouer
> Date: Thu, 21 Jan 2016 12:27:30 +0100
>
> > eth_type_trans() does two things:
> >
> > 1) determine skb->protocol
> > 2) setup skb->pkt_type = PACKET_{BROADCAST,MULTICAST,OTHERHOST}
> >
> > Could the HW descriptor deliver the "proto", or perhaps just some bits
> > on the most common proto's?
> >
> > The skb->pkt_type don't need many bits. And I bet the HW already have
> > the information. The BROADCAST and MULTICAST indication are easy. The
> > PACKET_OTHERHOST, can be turned around, by instead set a PACKET_HOST
> > indication, if the eth->h_dest match the devices dev->dev_addr (else a
> > SW compare is required).
> >
> > Is that doable in hardware?
>
> I feel like we've had this discussion before several years ago.
>
> I think having just the protocol value would be enough.
>
> skb->pkt_type we could deal with by using always an accessor and
> evaluating it lazily. Nothing needs it until we hit ip_rcv() or
> similar.
First I thought, I liked the idea delaying the eval of skb->pkt_type.
BUT then I realized, what if we take this even further. What if we
actually use this information, for something useful, at this very
early RX stage.
The information I'm interested in, from the HW descriptor, is if this
packet is NOT for local delivery. If so, we can send the packet on a
"fast-forward" code path.
Think about bridging packets to a guest OS. Because we know very
early at RX (from packet HW descriptor) we might even avoid allocating
a SKB. We could just "forward" the packet-page to the guest OS.
Taking Eric's idea, of remote CPUs, we could even send these
packet-pages to a remote CPU (e.g. where the guest OS is running),
without having touched a single cache-line in the packet-data. I
would still bundle them up first, to amortize the (100-133ns) cost of
transferring something to another CPU.
The data-cache trick, would be to instruct prefetcher only to start
prefetching to L3 or L2, when these packet are destined for a remote
CPU. At-least Intel CPUs have prefetch operations that specify only
L2/L3 cache.
Maybe, we need a combined solution. Lazy eval skb->pkt_type, for
local delivery, but set the information if avail from HW desc. And
fast page-forward don't even need a SKB.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
Re: [PATCH 21/26] nfc: s3fwrn5: Use shash
Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x014-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): drivers/nfc/s3fwrn5/firmware.c: In function 's3fwrn5_fw_download': >> drivers/nfc/s3fwrn5/firmware.c:456:3: error: implicit declaration of >> function 'shash_desc_zero' [-Werror=implicit-function-declaration] shash_desc_zero(desc); ^ cc1: some warnings being treated as errors vim +/shash_desc_zero +456 drivers/nfc/s3fwrn5/firmware.c 450 451 desc->tfm = tfm; 452 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 453 454 ret = crypto_shash_digest(desc, fw->image, image_size, 455hash_data); > 456 shash_desc_zero(desc); 457 } 458 459 crypto_free_shash(tfm); --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
Re: [PATCH 24/26] nfsd: Use shash
Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x009-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): fs/nfsd/nfs4recover.c: In function 'nfs4_make_rec_clidname': >> fs/nfsd/nfs4recover.c:133:3: error: implicit declaration of function >> 'shash_desc_zero' [-Werror=implicit-function-declaration] shash_desc_zero(desc); ^ cc1: some warnings being treated as errors vim +/shash_desc_zero +133 fs/nfsd/nfs4recover.c 127 128 desc->tfm = tfm; 129 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 130 131 status = crypto_shash_digest(desc, clname->data, clname->len, 132 cksum.data); > 133 shash_desc_zero(desc); 134 } 135 136 if (status) --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
Re: [PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms
Hi Herbert,
[auto build test ERROR on net/master]
[also build test ERROR on v4.4 next-20160122]
[if your patch is applied to the wrong git tree, please drop us a note to help
improving the system]
url:
https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323
config: x86_64-randconfig-x014-201604 (attached as .config)
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/xfrm/xfrm_algo.c: In function 'xfrm_probe_algs':
>> net/xfrm/xfrm_algo.c:787:12: error: implicit declaration of function
>> 'crypto_has_ahash' [-Werror=implicit-function-declaration]
status = crypto_has_ahash(aalg_list[i].name, 0, 0);
^
cc1: some warnings being treated as errors
vim +/crypto_has_ahash +787 net/xfrm/xfrm_algo.c
781 {
782 int i, status;
783
784 BUG_ON(in_softirq());
785
786 for (i = 0; i < aalg_entries(); i++) {
> 787 status = crypto_has_ahash(aalg_list[i].name, 0, 0);
788 if (aalg_list[i].available != status)
789 aalg_list[i].available = status;
790 }
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: Binary data
Re: [PATCH 4/26] dm crypt: Use skcipher and ahash
Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x014-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): drivers/md/dm-crypt.c: In function 'crypt_iv_essiv_init': >> drivers/md/dm-crypt.c:278:2: error: implicit declaration of function >> 'ahash_request_zero' [-Werror=implicit-function-declaration] ahash_request_zero(req); ^ cc1: some warnings being treated as errors vim +/ahash_request_zero +278 drivers/md/dm-crypt.c 272 sg_init_one(&sg, cc->key, cc->key_size); 273 ahash_request_set_tfm(req, essiv->hash_tfm); 274 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); 275 ahash_request_set_crypt(req, &sg, essiv->salt, cc->key_size); 276 277 err = crypto_ahash_digest(req); > 278 ahash_request_zero(req); 279 if (err) 280 return err; 281 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
Re: [PATCH 1/26] block: cryptoloop - Use new skcipher interface
On Sun, Jan 24, 2016 at 09:37:33PM +0800, kbuild test robot wrote: > > [auto build test ERROR on net/master] > [also build test ERROR on v4.4 next-20160122] > [if your patch is applied to the wrong git tree, please drop us a note to > help improving the system] These patches depend on the two helpers that I posted yesterday so unfortunately we'll be getting quite a few build errors from the bot. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH 9/26] eCryptfs: Use skcipher and shash
Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x012-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): fs/ecryptfs/crypto.c: In function 'ecryptfs_hash_digest': >> fs/ecryptfs/crypto.c:87:2: error: implicit declaration of function >> 'shash_desc_zero' [-Werror=implicit-function-declaration] shash_desc_zero(desc); ^ fs/ecryptfs/crypto.c: In function 'ecryptfs_process_key_cipher': >> fs/ecryptfs/crypto.c:1614:15: error: implicit declaration of function >> 'crypto_skcipher_default_keysize' [-Werror=implicit-function-declaration] *key_size = crypto_skcipher_default_keysize(*key_tfm); ^ cc1: some warnings being treated as errors -- fs/ecryptfs/keystore.c: In function 'ecryptfs_write_tag_70_packet': >> fs/ecryptfs/keystore.c:700:10: error: implicit declaration of function >> 'crypto_skcipher_driver_name' [-Werror=implicit-function-declaration] crypto_skcipher_driver_name(s->skcipher_tfm)); ^ In file included from include/linux/printk.h:6:0, from include/linux/kernel.h:13, from include/linux/crypto.h:21, from include/crypto/hash.h:16, from fs/ecryptfs/keystore.c:28: >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of >> type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ >> fs/ecryptfs/keystore.c:698:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'ecryptfs_parse_tag_70_packet': >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of >> type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:1031:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'decrypt_passphrase_encrypted_session_key': >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of >> type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:1722:10: note: in expansion of macro 'KERN_ERR' printk(KERN_ERR "%s: Out of kernel memory whilst attempting to " ^ fs/ecryptfs/keystore.c: In function 'write_tag_3_packet': >> fs/ecryptfs/keystore.c:2232:10: error: implicit declaration of function >> 'crypto_skcipher_default_keysize' [-Werror=implicit-function-declaration] crypto_skcipher_default_keysize(tfm)); ^ In file included from fs/ecryptfs/keystore.c:36:0: >> include/linux/kern_levels.h:4:18: warning: format '%s' expects argument of >> type 'char *', but argument 3 has type 'int' [-Wformat=] #define KERN_SOH "\001" /* ASCII Start Of Header */ ^ fs/ecryptfs/ecryptfs_kernel.h:530:27: note: in definition of macro 'ecryptfs_printk' __ecryptfs_printk(type "%s: " fmt, __func__, ## arg); ^ include/linux/kern_levels.h:10:18: note: in expansion of macro 'KERN_SOH' #define KERN_ERR KERN_SOH "3" /* error conditions */ ^ fs/ecryptfs/keystore.c:2316:19: note: in expansion of macro 'KERN_ERR' ecryptfs_printk(KERN_ERR, "Out of kernel memory wh
Re: [PATCH 7/26] wusb: Use skcipher
Hi Herbert,
[auto build test ERROR on net/master]
[also build test ERROR on v4.4 next-20160122]
[if your patch is applied to the wrong git tree, please drop us a note to help
improving the system]
url:
https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323
config: x86_64-randconfig-x016-201604 (attached as .config)
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
drivers/usb/wusbcore/crypto.c: In function 'wusb_ccm_mac':
>> drivers/usb/wusbcore/crypto.c:266:2: error: implicit declaration of function
>> 'skcipher_request_zero' [-Werror=implicit-function-declaration]
skcipher_request_zero(req);
^
cc1: some warnings being treated as errors
vim +/skcipher_request_zero +266 drivers/usb/wusbcore/crypto.c
260 sg_init_one(&sg_dst, dst_buf, dst_size);
261
262 skcipher_request_set_tfm(req, tfm_cbc);
263 skcipher_request_set_callback(req, 0, NULL, NULL);
264 skcipher_request_set_crypt(req, sg, &sg_dst, dst_size, iv);
265 result = crypto_skcipher_encrypt(req);
> 266 skcipher_request_zero(req);
267 if (result < 0) {
268 printk(KERN_ERR "E: can't compute CBC-MAC tag (MIC):
%d\n",
269 result);
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: Binary data
Re: [PATCH 1/26] block: cryptoloop - Use new skcipher interface
Hi Herbert, [auto build test ERROR on net/master] [also build test ERROR on v4.4 next-20160122] [if your patch is applied to the wrong git tree, please drop us a note to help improving the system] url: https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323 config: x86_64-randconfig-x014-201604 (attached as .config) reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): drivers/block/cryptoloop.c: In function 'cryptoloop_transfer': >> drivers/block/cryptoloop.c:167:2: error: implicit declaration of function >> 'skcipher_request_zero' [-Werror=implicit-function-declaration] skcipher_request_zero(req); ^ cc1: some warnings being treated as errors vim +/skcipher_request_zero +167 drivers/block/cryptoloop.c 161 out_offs += sz; 162 } 163 164 err = 0; 165 166 out: > 167 skcipher_request_zero(req); 168 return err; 169 } 170 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
[PATCH 5/26] orinoco: Use ahash
This patch replaces uses the long obsolete hash interface with ahash.
Signed-off-by: Herbert Xu
---
drivers/net/wireless/intersil/orinoco/mic.c | 29 ++--
drivers/net/wireless/intersil/orinoco/mic.h |4 +--
drivers/net/wireless/intersil/orinoco/orinoco.h |4 +--
3 files changed, 21 insertions(+), 16 deletions(-)
diff --git a/drivers/net/wireless/intersil/orinoco/mic.c
b/drivers/net/wireless/intersil/orinoco/mic.c
index fce4a84..bc7397d 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.c
+++ b/drivers/net/wireless/intersil/orinoco/mic.c
@@ -6,7 +6,7 @@
#include
#include
#include
-#include
+#include
#include "orinoco.h"
#include "mic.h"
@@ -16,7 +16,8 @@
//
int orinoco_mic_init(struct orinoco_private *priv)
{
- priv->tx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
+ priv->tx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_mic)) {
printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
"crypto API michael_mic\n");
@@ -24,7 +25,8 @@ int orinoco_mic_init(struct orinoco_private *priv)
return -ENOMEM;
}
- priv->rx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
+ priv->rx_tfm_mic = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_mic)) {
printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
"crypto API michael_mic\n");
@@ -38,18 +40,19 @@ int orinoco_mic_init(struct orinoco_private *priv)
void orinoco_mic_free(struct orinoco_private *priv)
{
if (priv->tx_tfm_mic)
- crypto_free_hash(priv->tx_tfm_mic);
+ crypto_free_ahash(priv->tx_tfm_mic);
if (priv->rx_tfm_mic)
- crypto_free_hash(priv->rx_tfm_mic);
+ crypto_free_ahash(priv->rx_tfm_mic);
}
-int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
u8 *da, u8 *sa, u8 priority,
u8 *data, size_t data_len, u8 *mic)
{
- struct hash_desc desc;
+ AHASH_REQUEST_ON_STACK(req, tfm_michael);
struct scatterlist sg[2];
u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
+ int err;
if (tfm_michael == NULL) {
printk(KERN_WARNING "orinoco_mic: tfm_michael == NULL\n");
@@ -69,11 +72,13 @@ int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
sg_set_buf(&sg[0], hdr, sizeof(hdr));
sg_set_buf(&sg[1], data, data_len);
- if (crypto_hash_setkey(tfm_michael, key, MIC_KEYLEN))
+ if (crypto_ahash_setkey(tfm_michael, key, MIC_KEYLEN))
return -1;
- desc.tfm = tfm_michael;
- desc.flags = 0;
- return crypto_hash_digest(&desc, sg, data_len + sizeof(hdr),
- mic);
+ ahash_request_set_tfm(req, tfm_michael);
+ ahash_request_set_callback(req, 0, NULL, NULL);
+ ahash_request_set_crypt(req, sg, mic, data_len + sizeof(hdr));
+ err = crypto_ahash_digest(req);
+ ahash_request_zero(req);
+ return err;
}
diff --git a/drivers/net/wireless/intersil/orinoco/mic.h
b/drivers/net/wireless/intersil/orinoco/mic.h
index 04d05bc..ce731d0 100644
--- a/drivers/net/wireless/intersil/orinoco/mic.h
+++ b/drivers/net/wireless/intersil/orinoco/mic.h
@@ -11,11 +11,11 @@
/* Forward declarations */
struct orinoco_private;
-struct crypto_hash;
+struct crypto_ahash;
int orinoco_mic_init(struct orinoco_private *priv);
void orinoco_mic_free(struct orinoco_private *priv);
-int orinoco_mic(struct crypto_hash *tfm_michael, u8 *key,
+int orinoco_mic(struct crypto_ahash *tfm_michael, u8 *key,
u8 *da, u8 *sa, u8 priority,
u8 *data, size_t data_len, u8 *mic);
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco.h
b/drivers/net/wireless/intersil/orinoco/orinoco.h
index eebd2be..2f0c84b 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco.h
+++ b/drivers/net/wireless/intersil/orinoco/orinoco.h
@@ -152,8 +152,8 @@ struct orinoco_private {
u8 *wpa_ie;
int wpa_ie_len;
- struct crypto_hash *rx_tfm_mic;
- struct crypto_hash *tx_tfm_mic;
+ struct crypto_ahash *rx_tfm_mic;
+ struct crypto_ahash *tx_tfm_mic;
unsigned int wpa_enabled:1;
unsigned int tkip_cm_active:1;
[PATCH 4/26] dm crypt: Use skcipher and ahash
This patch replaces uses of ablkcipher with skcipher, and the long
obsolete hash interface with ahash.
Signed-off-by: Herbert Xu
---
drivers/md/dm-crypt.c | 93 +-
1 file changed, 48 insertions(+), 45 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 3147c8d..06a4e3c 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -28,6 +28,7 @@
#include
#include
#include
+#include
#include
@@ -44,7 +45,7 @@ struct convert_context {
struct bvec_iter iter_out;
sector_t cc_sector;
atomic_t cc_pending;
- struct ablkcipher_request *req;
+ struct skcipher_request *req;
};
/*
@@ -86,7 +87,7 @@ struct crypt_iv_operations {
};
struct iv_essiv_private {
- struct crypto_hash *hash_tfm;
+ struct crypto_ahash *hash_tfm;
u8 *salt;
};
@@ -153,13 +154,13 @@ struct crypt_config {
/* ESSIV: struct crypto_cipher *essiv_tfm */
void *iv_private;
- struct crypto_ablkcipher **tfms;
+ struct crypto_skcipher **tfms;
unsigned tfms_count;
/*
* Layout of each crypto request:
*
-* struct ablkcipher_request
+* struct skcipher_request
* context
* padding
* struct dm_crypt_request
@@ -189,7 +190,7 @@ static u8 *iv_of_dmreq(struct crypt_config *cc, struct
dm_crypt_request *dmreq);
/*
* Use this to access cipher attributes that are the same for each CPU.
*/
-static struct crypto_ablkcipher *any_tfm(struct crypt_config *cc)
+static struct crypto_skcipher *any_tfm(struct crypt_config *cc)
{
return cc->tfms[0];
}
@@ -263,23 +264,25 @@ static int crypt_iv_plain64_gen(struct crypt_config *cc,
u8 *iv,
static int crypt_iv_essiv_init(struct crypt_config *cc)
{
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
- struct hash_desc desc;
+ AHASH_REQUEST_ON_STACK(req, essiv->hash_tfm);
struct scatterlist sg;
struct crypto_cipher *essiv_tfm;
int err;
sg_init_one(&sg, cc->key, cc->key_size);
- desc.tfm = essiv->hash_tfm;
- desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ ahash_request_set_tfm(req, essiv->hash_tfm);
+ ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ ahash_request_set_crypt(req, &sg, essiv->salt, cc->key_size);
- err = crypto_hash_digest(&desc, &sg, cc->key_size, essiv->salt);
+ err = crypto_ahash_digest(req);
+ ahash_request_zero(req);
if (err)
return err;
essiv_tfm = cc->iv_private;
err = crypto_cipher_setkey(essiv_tfm, essiv->salt,
- crypto_hash_digestsize(essiv->hash_tfm));
+ crypto_ahash_digestsize(essiv->hash_tfm));
if (err)
return err;
@@ -290,7 +293,7 @@ static int crypt_iv_essiv_init(struct crypt_config *cc)
static int crypt_iv_essiv_wipe(struct crypt_config *cc)
{
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
- unsigned salt_size = crypto_hash_digestsize(essiv->hash_tfm);
+ unsigned salt_size = crypto_ahash_digestsize(essiv->hash_tfm);
struct crypto_cipher *essiv_tfm;
int r, err = 0;
@@ -320,7 +323,7 @@ static struct crypto_cipher *setup_essiv_cpu(struct
crypt_config *cc,
}
if (crypto_cipher_blocksize(essiv_tfm) !=
- crypto_ablkcipher_ivsize(any_tfm(cc))) {
+ crypto_skcipher_ivsize(any_tfm(cc))) {
ti->error = "Block size of ESSIV cipher does "
"not match IV size of block cipher";
crypto_free_cipher(essiv_tfm);
@@ -342,7 +345,7 @@ static void crypt_iv_essiv_dtr(struct crypt_config *cc)
struct crypto_cipher *essiv_tfm;
struct iv_essiv_private *essiv = &cc->iv_gen_private.essiv;
- crypto_free_hash(essiv->hash_tfm);
+ crypto_free_ahash(essiv->hash_tfm);
essiv->hash_tfm = NULL;
kzfree(essiv->salt);
@@ -360,7 +363,7 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc,
struct dm_target *ti,
const char *opts)
{
struct crypto_cipher *essiv_tfm = NULL;
- struct crypto_hash *hash_tfm = NULL;
+ struct crypto_ahash *hash_tfm = NULL;
u8 *salt = NULL;
int err;
@@ -370,14 +373,14 @@ static int crypt_iv_essiv_ctr(struct crypt_config *cc,
struct dm_target *ti,
}
/* Allocate hash algorithm */
- hash_tfm = crypto_alloc_hash(opts, 0, CRYPTO_ALG_ASYNC);
+ hash_tfm = crypto_alloc_ahash(opts, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hash_tfm)) {
ti->error = "Error initializing ESSIV hash";
err = PTR_ERR(hash_tfm);
goto bad;
}
- salt = kzalloc(crypto_hash_digestsize(hash_tfm), GFP_KERNEL);
+ salt = kzalloc(crypto_ahash_digestsize(
Re: [PATCH 15/26] Bluetooth: Use skcipher and hash
Hi Herbert,
[auto build test ERROR on net/master]
[also build test ERROR on v4.4 next-20160122]
[if your patch is applied to the wrong git tree, please drop us a note to help
improving the system]
url:
https://github.com/0day-ci/linux/commits/Herbert-Xu/crypto-Use-skcipher-and-ahash-shash-where-possible/20160124-212323
config: x86_64-randconfig-x014-201604 (attached as .config)
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/bluetooth/smp.c: In function 'aes_cmac':
>> net/bluetooth/smp.c:201:2: error: implicit declaration of function
>> 'shash_desc_zero' [-Werror=implicit-function-declaration]
shash_desc_zero(desc);
^
net/bluetooth/smp.c: In function 'smp_e':
>> net/bluetooth/smp.c:397:2: error: implicit declaration of function
>> 'skcipher_request_zero' [-Werror=implicit-function-declaration]
skcipher_request_zero(req);
^
cc1: some warnings being treated as errors
vim +/shash_desc_zero +201 net/bluetooth/smp.c
195 if (err) {
196 BT_ERR("cipher setkey failed: %d", err);
197 return err;
198 }
199
200 err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
> 201 shash_desc_zero(desc);
202 if (err) {
203 BT_ERR("Hash computation error %d", err);
204 return err;
205 }
206
207 swap_buf(mac_msb, mac, 16);
208
209 SMP_DBG("mac %16phN", mac);
210
211 return 0;
212 }
213
214 static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
215const u8 v[32], const u8 x[16], u8 z, u8 res[16])
216 {
217 u8 m[65];
218 int err;
219
220 SMP_DBG("u %32phN", u);
221 SMP_DBG("v %32phN", v);
222 SMP_DBG("x %16phN z %02x", x, z);
223
224 m[0] = z;
225 memcpy(m + 1, v, 32);
226 memcpy(m + 33, u, 32);
227
228 err = aes_cmac(tfm_cmac, x, m, sizeof(m), res);
229 if (err)
230 return err;
231
232 SMP_DBG("res %16phN", res);
233
234 return err;
235 }
236
237 static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
238const u8 n1[16], const u8 n2[16], const u8 a1[7],
239const u8 a2[7], u8 mackey[16], u8 ltk[16])
240 {
241 /* The btle, salt and length "magic" values are as defined in
242 * the SMP section of the Bluetooth core specification. In ASCII
243 * the btle value ends up being 'btle'. The salt is just a
244 * random number whereas length is the value 256 in little
245 * endian format.
246 */
247 const u8 btle[4] = { 0x65, 0x6c, 0x74, 0x62 };
248 const u8 salt[16] = { 0xbe, 0x83, 0x60, 0x5a, 0xdb, 0x0b, 0x37,
0x60,
2490x38, 0xa5, 0xf5, 0xaa, 0x91, 0x83, 0x88,
0x6c };
250 const u8 length[2] = { 0x00, 0x01 };
251 u8 m[53], t[16];
252 int err;
253
254 SMP_DBG("w %32phN", w);
255 SMP_DBG("n1 %16phN n2 %16phN", n1, n2);
256 SMP_DBG("a1 %7phN a2 %7phN", a1, a2);
257
258 err = aes_cmac(tfm_cmac, salt, w, 32, t);
259 if (err)
260 return err;
261
262 SMP_DBG("t %16phN", t);
263
264 memcpy(m, length, 2);
265 memcpy(m + 2, a2, 7);
266 memcpy(m + 9, a1, 7);
267 memcpy(m + 16, n2, 16);
268 memcpy(m + 32, n1, 16);
269 memcpy(m + 48, btle, 4);
270
271 m[52] = 0; /* Counter */
272
273 err = aes_cmac(tfm_cmac, t, m, sizeof(m), mackey);
274 if (err)
275 return err;
276
277 SMP_DBG("mackey %16phN", mackey);
278
279 m[52] = 1; /* Counter */
280
281 err = aes_cmac(tfm_cmac, t, m, sizeof(m), ltk);
282 if (err)
283 return err;
284
285 SMP_DBG("ltk %16phN", ltk);
286
287 return 0;
288 }
289
290 static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
291const u8 n1[16], const u8 n2[16], const u8 r[16],
292const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
293u8 res[16])
294 {
295 u8 m[65];
296 int err;
297
298 SMP_DBG("w %16phN", w)
[PATCH 3/26] staging: rtl8192e: Replace uses of obsolete blkcipher and hash
The interfaces blkcipher and hash are obsolete. This patch replaces
them with skcipher and ahash respectively.
Signed-off-by: Herbert Xu
---
drivers/staging/rtl8192e/rtllib_crypt_tkip.c | 99 ++-
drivers/staging/rtl8192e/rtllib_crypt_wep.c | 48 +++--
2 files changed, 82 insertions(+), 65 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
index 2096d78..8eac7cd 100644
--- a/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
+++ b/drivers/staging/rtl8192e/rtllib_crypt_tkip.c
@@ -9,6 +9,8 @@
* more details.
*/
+#include
+#include
#include
#include
#include
@@ -18,7 +20,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -48,10 +49,10 @@ struct rtllib_tkip_data {
u32 dot11RSNAStatsTKIPLocalMICFailures;
int key_idx;
- struct crypto_blkcipher *rx_tfm_arc4;
- struct crypto_hash *rx_tfm_michael;
- struct crypto_blkcipher *tx_tfm_arc4;
- struct crypto_hash *tx_tfm_michael;
+ struct crypto_skcipher *rx_tfm_arc4;
+ struct crypto_ahash *rx_tfm_michael;
+ struct crypto_skcipher *tx_tfm_arc4;
+ struct crypto_ahash *tx_tfm_michael;
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16];
u8 tx_hdr[16];
@@ -65,32 +66,32 @@ static void *rtllib_tkip_init(int key_idx)
if (priv == NULL)
goto fail;
priv->key_idx = key_idx;
- priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
- CRYPTO_ALG_ASYNC);
+ priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
pr_debug("Could not allocate crypto API arc4\n");
priv->tx_tfm_arc4 = NULL;
goto fail;
}
- priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
- CRYPTO_ALG_ASYNC);
+ priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
pr_debug("Could not allocate crypto API michael_mic\n");
priv->tx_tfm_michael = NULL;
goto fail;
}
- priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
- CRYPTO_ALG_ASYNC);
+ priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
pr_debug("Could not allocate crypto API arc4\n");
priv->rx_tfm_arc4 = NULL;
goto fail;
}
- priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
- CRYPTO_ALG_ASYNC);
+ priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
pr_debug("Could not allocate crypto API michael_mic\n");
priv->rx_tfm_michael = NULL;
@@ -100,14 +101,10 @@ static void *rtllib_tkip_init(int key_idx)
fail:
if (priv) {
- if (priv->tx_tfm_michael)
- crypto_free_hash(priv->tx_tfm_michael);
- if (priv->tx_tfm_arc4)
- crypto_free_blkcipher(priv->tx_tfm_arc4);
- if (priv->rx_tfm_michael)
- crypto_free_hash(priv->rx_tfm_michael);
- if (priv->rx_tfm_arc4)
- crypto_free_blkcipher(priv->rx_tfm_arc4);
+ crypto_free_ahash(priv->tx_tfm_michael);
+ crypto_free_skcipher(priv->tx_tfm_arc4);
+ crypto_free_ahash(priv->rx_tfm_michael);
+ crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
@@ -120,14 +117,10 @@ static void rtllib_tkip_deinit(void *priv)
struct rtllib_tkip_data *_priv = priv;
if (_priv) {
- if (_priv->tx_tfm_michael)
- crypto_free_hash(_priv->tx_tfm_michael);
- if (_priv->tx_tfm_arc4)
- crypto_free_blkcipher(_priv->tx_tfm_arc4);
- if (_priv->rx_tfm_michael)
- crypto_free_hash(_priv->rx_tfm_michael);
- if (_priv->rx_tfm_arc4)
- crypto_free_blkcipher(_priv->rx_tfm_arc4);
+ crypto_free_ahash(_priv->tx_tfm_michael);
+ crypto_free_skcipher(_priv->tx_tfm_arc4);
+ crypto_free_ahash(_priv->rx_tfm_michael);
+ crypto_free_skcipher(_priv->rx_tfm_arc4);
}
kfree(priv);
}
@@ -301,7 +294,6 @@ static int rtllib_tkip_encrypt(struct sk_buff *skb, int
hdr_len, void *priv)
struct rtllib_hdr_4addr *hdr;
struct
[PATCH 10/26] ext4: Use skcipher
This patch replaces uses of ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
fs/ext4/crypto.c | 24 +++-
fs/ext4/crypto_fname.c | 32 +++-
fs/ext4/crypto_key.c | 42 --
fs/ext4/ext4_crypto.h |2 +-
4 files changed, 47 insertions(+), 53 deletions(-)
diff --git a/fs/ext4/crypto.c b/fs/ext4/crypto.c
index 1a08350..a052c2a 100644
--- a/fs/ext4/crypto.c
+++ b/fs/ext4/crypto.c
@@ -18,11 +18,9 @@
* Special Publication 800-38E and IEEE P1619/D16.
*/
-#include
-#include
+#include
#include
#include
-#include
#include
#include
#include
@@ -261,21 +259,21 @@ static int ext4_page_crypto(struct inode *inode,
{
u8 xts_tweak[EXT4_XTS_TWEAK_SIZE];
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
DECLARE_EXT4_COMPLETION_RESULT(ecr);
struct scatterlist dst, src;
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
- struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+ struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
- req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
"%s: crypto_request_alloc() failed\n",
__func__);
return -ENOMEM;
}
- ablkcipher_request_set_callback(
+ skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
ext4_crypt_complete, &ecr);
@@ -288,21 +286,21 @@ static int ext4_page_crypto(struct inode *inode,
sg_set_page(&dst, dest_page, PAGE_CACHE_SIZE, 0);
sg_init_table(&src, 1);
sg_set_page(&src, src_page, PAGE_CACHE_SIZE, 0);
- ablkcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
-xts_tweak);
+ skcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
+ xts_tweak);
if (rw == EXT4_DECRYPT)
- res = crypto_ablkcipher_decrypt(req);
+ res = crypto_skcipher_decrypt(req);
else
- res = crypto_ablkcipher_encrypt(req);
+ res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
wait_for_completion(&ecr.completion);
res = ecr.res;
}
- ablkcipher_request_free(req);
+ skcipher_request_free(req);
if (res) {
printk_ratelimited(
KERN_ERR
- "%s: crypto_ablkcipher_encrypt() returned %d\n",
+ "%s: crypto_skcipher_encrypt() returned %d\n",
__func__, res);
return res;
}
diff --git a/fs/ext4/crypto_fname.c b/fs/ext4/crypto_fname.c
index 2fbef8a..1a2f360 100644
--- a/fs/ext4/crypto_fname.c
+++ b/fs/ext4/crypto_fname.c
@@ -11,11 +11,9 @@
*
*/
-#include
-#include
+#include
#include
#include
-#include
#include
#include
#include
@@ -65,10 +63,10 @@ static int ext4_fname_encrypt(struct inode *inode,
struct ext4_str *oname)
{
u32 ciphertext_len;
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
DECLARE_EXT4_COMPLETION_RESULT(ecr);
struct ext4_crypt_info *ci = EXT4_I(inode)->i_crypt_info;
- struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+ struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
char iv[EXT4_CRYPTO_BLOCK_SIZE];
struct scatterlist src_sg, dst_sg;
@@ -95,14 +93,14 @@ static int ext4_fname_encrypt(struct inode *inode,
}
/* Allocate request */
- req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(
KERN_ERR "%s: crypto_request_alloc() failed\n", __func__);
kfree(alloc_buf);
return -ENOMEM;
}
- ablkcipher_request_set_callback(req,
+ skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
ext4_dir_crypt_complete, &ecr);
@@ -117,14 +115,14 @@ static int ext4_fname_encrypt(struct inode *inode,
/* Create encryption request */
sg_init_one(&src_sg, workbuf, ciphertext_len);
sg_init_one(&dst_sg, oname->name, ciphertext_len);
- ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
- res = crypto_ablkcipher_encrypt(req);
+ skcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
+ res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
wait_for_completion(&ecr.comp
[PATCH 15/26] Bluetooth: Use skcipher and hash
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with shash.
Signed-off-by: Herbert Xu
---
net/bluetooth/smp.c | 135
1 file changed, 63 insertions(+), 72 deletions(-)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index ffed8a1..78ad7d6 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -21,9 +21,10 @@
*/
#include
-#include
#include
#include
+#include
+#include
#include
#include
@@ -87,8 +88,8 @@ struct smp_dev {
u8 min_key_size;
u8 max_key_size;
- struct crypto_blkcipher *tfm_aes;
- struct crypto_hash *tfm_cmac;
+ struct crypto_skcipher *tfm_aes;
+ struct crypto_shash *tfm_cmac;
};
struct smp_chan {
@@ -126,8 +127,8 @@ struct smp_chan {
u8 dhkey[32];
u8 mackey[16];
- struct crypto_blkcipher *tfm_aes;
- struct crypto_hash *tfm_cmac;
+ struct crypto_skcipher *tfm_aes;
+ struct crypto_shash *tfm_cmac;
};
/* These debug key values are defined in the SMP section of the core
@@ -165,12 +166,11 @@ static inline void swap_buf(const u8 *src, u8 *dst,
size_t len)
* AES-CMAC, f4, f5, f6, g2 and h6.
*/
-static int aes_cmac(struct crypto_hash *tfm, const u8 k[16], const u8 *m,
+static int aes_cmac(struct crypto_shash *tfm, const u8 k[16], const u8 *m,
size_t len, u8 mac[16])
{
uint8_t tmp[16], mac_msb[16], msg_msb[CMAC_MSG_MAX];
- struct hash_desc desc;
- struct scatterlist sg;
+ SHASH_DESC_ON_STACK(desc, tfm);
int err;
if (len > CMAC_MSG_MAX)
@@ -181,10 +181,8 @@ static int aes_cmac(struct crypto_hash *tfm, const u8
k[16], const u8 *m,
return -EINVAL;
}
- desc.tfm = tfm;
- desc.flags = 0;
-
- crypto_hash_init(&desc);
+ desc->tfm = tfm;
+ desc->flags = 0;
/* Swap key and message from LSB to MSB */
swap_buf(k, tmp, 16);
@@ -193,23 +191,16 @@ static int aes_cmac(struct crypto_hash *tfm, const u8
k[16], const u8 *m,
SMP_DBG("msg (len %zu) %*phN", len, (int) len, m);
SMP_DBG("key %16phN", k);
- err = crypto_hash_setkey(tfm, tmp, 16);
+ err = crypto_shash_setkey(tfm, tmp, 16);
if (err) {
BT_ERR("cipher setkey failed: %d", err);
return err;
}
- sg_init_one(&sg, msg_msb, len);
-
- err = crypto_hash_update(&desc, &sg, len);
+ err = crypto_shash_digest(desc, msg_msb, len, mac_msb);
+ shash_desc_zero(desc);
if (err) {
- BT_ERR("Hash update error %d", err);
- return err;
- }
-
- err = crypto_hash_final(&desc, mac_msb);
- if (err) {
- BT_ERR("Hash final error %d", err);
+ BT_ERR("Hash computation error %d", err);
return err;
}
@@ -220,8 +211,8 @@ static int aes_cmac(struct crypto_hash *tfm, const u8
k[16], const u8 *m,
return 0;
}
-static int smp_f4(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
- const u8 x[16], u8 z, u8 res[16])
+static int smp_f4(struct crypto_shash *tfm_cmac, const u8 u[32],
+ const u8 v[32], const u8 x[16], u8 z, u8 res[16])
{
u8 m[65];
int err;
@@ -243,7 +234,7 @@ static int smp_f4(struct crypto_hash *tfm_cmac, const u8
u[32], const u8 v[32],
return err;
}
-static int smp_f5(struct crypto_hash *tfm_cmac, const u8 w[32],
+static int smp_f5(struct crypto_shash *tfm_cmac, const u8 w[32],
const u8 n1[16], const u8 n2[16], const u8 a1[7],
const u8 a2[7], u8 mackey[16], u8 ltk[16])
{
@@ -296,7 +287,7 @@ static int smp_f5(struct crypto_hash *tfm_cmac, const u8
w[32],
return 0;
}
-static int smp_f6(struct crypto_hash *tfm_cmac, const u8 w[16],
+static int smp_f6(struct crypto_shash *tfm_cmac, const u8 w[16],
const u8 n1[16], const u8 n2[16], const u8 r[16],
const u8 io_cap[3], const u8 a1[7], const u8 a2[7],
u8 res[16])
@@ -324,7 +315,7 @@ static int smp_f6(struct crypto_hash *tfm_cmac, const u8
w[16],
return err;
}
-static int smp_g2(struct crypto_hash *tfm_cmac, const u8 u[32], const u8 v[32],
+static int smp_g2(struct crypto_shash *tfm_cmac, const u8 u[32], const u8
v[32],
const u8 x[16], const u8 y[16], u32 *val)
{
u8 m[80], tmp[16];
@@ -350,7 +341,7 @@ static int smp_g2(struct crypto_hash *tfm_cmac, const u8
u[32], const u8 v[32],
return 0;
}
-static int smp_h6(struct crypto_hash *tfm_cmac, const u8 w[16],
+static int smp_h6(struct crypto_shash *tfm_cmac, const u8 w[16],
const u8 key_id[4], u8 res[16])
{
int err;
@@ -370,9 +361,9 @@ static int smp_h6(struct crypt
[PATCH 25/26] sctp: Use shash
This patch replaces uses of the long obsolete hash interface with
shash.
Signed-off-by: Herbert Xu
---
include/net/sctp/auth.h|4 +--
include/net/sctp/structs.h |6 ++---
net/sctp/auth.c| 36 ---
net/sctp/endpointola.c |1
net/sctp/sm_make_chunk.c | 51 +
net/sctp/socket.c |8 +++
6 files changed, 57 insertions(+), 49 deletions(-)
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index f2d58aa..9b9fb12 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -31,12 +31,12 @@
#define __sctp_auth_h__
#include
-#include
struct sctp_endpoint;
struct sctp_association;
struct sctp_authkey;
struct sctp_hmacalgo;
+struct crypto_shash;
/*
* Define a generic struct that will hold all the info
@@ -90,7 +90,7 @@ int sctp_auth_asoc_copy_shkeys(const struct sctp_endpoint *ep,
struct sctp_association *asoc,
gfp_t gfp);
int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp);
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[]);
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[]);
struct sctp_hmac *sctp_auth_get_hmac(__u16 hmac_id);
struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 20e7212..6b1e383 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -82,7 +82,7 @@ struct sctp_bind_addr;
struct sctp_ulpq;
struct sctp_ep_common;
struct sctp_ssnmap;
-struct crypto_hash;
+struct crypto_shash;
#include
@@ -166,7 +166,7 @@ struct sctp_sock {
struct sctp_pf *pf;
/* Access to HMAC transform. */
- struct crypto_hash *hmac;
+ struct crypto_shash *hmac;
char *sctp_hmac_alg;
/* What is our base endpointer? */
@@ -1235,7 +1235,7 @@ struct sctp_endpoint {
/* SCTP AUTH: array of the HMACs that will be allocated
* we need this per association so that we don't serialize
*/
- struct crypto_hash **auth_hmacs;
+ struct crypto_shash **auth_hmacs;
/* SCTP-AUTH: hmacs for the endpoint encoded into parameter */
struct sctp_hmac_algo_param *auth_hmacs_list;
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 1543e39..912eb16 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -27,9 +27,9 @@
* Vlad Yasevich
*/
+#include
#include
#include
-#include
#include
#include
#include
@@ -448,7 +448,7 @@ struct sctp_shared_key *sctp_auth_get_shkey(
*/
int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t gfp)
{
- struct crypto_hash *tfm = NULL;
+ struct crypto_shash *tfm = NULL;
__u16 id;
/* If AUTH extension is disabled, we are done */
@@ -462,9 +462,8 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t
gfp)
return 0;
/* Allocated the array of pointers to transorms */
- ep->auth_hmacs = kzalloc(
- sizeof(struct crypto_hash *) * SCTP_AUTH_NUM_HMACS,
- gfp);
+ ep->auth_hmacs = kzalloc(sizeof(struct crypto_shash *) *
+SCTP_AUTH_NUM_HMACS, gfp);
if (!ep->auth_hmacs)
return -ENOMEM;
@@ -483,8 +482,7 @@ int sctp_auth_init_hmacs(struct sctp_endpoint *ep, gfp_t
gfp)
continue;
/* Allocate the ID */
- tfm = crypto_alloc_hash(sctp_hmac_list[id].hmac_name, 0,
- CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_shash(sctp_hmac_list[id].hmac_name, 0, 0);
if (IS_ERR(tfm))
goto out_err;
@@ -500,7 +498,7 @@ out_err:
}
/* Destroy the hmac tfm array */
-void sctp_auth_destroy_hmacs(struct crypto_hash *auth_hmacs[])
+void sctp_auth_destroy_hmacs(struct crypto_shash *auth_hmacs[])
{
int i;
@@ -508,8 +506,7 @@ void sctp_auth_destroy_hmacs(struct crypto_hash
*auth_hmacs[])
return;
for (i = 0; i < SCTP_AUTH_NUM_HMACS; i++) {
- if (auth_hmacs[i])
- crypto_free_hash(auth_hmacs[i]);
+ crypto_free_shash(auth_hmacs[i]);
}
kfree(auth_hmacs);
}
@@ -709,8 +706,7 @@ void sctp_auth_calculate_hmac(const struct sctp_association
*asoc,
struct sctp_auth_chunk *auth,
gfp_t gfp)
{
- struct scatterlist sg;
- struct hash_desc desc;
+ struct crypto_shash *tfm;
struct sctp_auth_bytes *asoc_key;
__u16 key_id, hmac_id;
__u8 *digest;
@@ -742,16 +738,22 @@ void sctp_auth_calculate_hmac(const struct
sctp_association *asoc,
/* set up scatter list */
[PATCH 22/26] iscsi_tcp: Use ahash
This patch replaces uses of the long obsolete hash interface with
ahash.
Signed-off-by: Herbert Xu
---
drivers/scsi/iscsi_tcp.c| 54 ++--
drivers/scsi/iscsi_tcp.h|4 +--
drivers/scsi/libiscsi_tcp.c | 29 +--
include/scsi/libiscsi_tcp.h | 13 +-
4 files changed, 58 insertions(+), 42 deletions(-)
diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
index 0b8af18..2e4c82f 100644
--- a/drivers/scsi/iscsi_tcp.c
+++ b/drivers/scsi/iscsi_tcp.c
@@ -26,12 +26,12 @@
* Zhenyu Wang
*/
+#include
#include
#include
#include
#include
#include
-#include
#include
#include
#include
@@ -428,7 +428,7 @@ static void iscsi_sw_tcp_send_hdr_prep(struct iscsi_conn
*conn, void *hdr,
* sufficient room.
*/
if (conn->hdrdgst_en) {
- iscsi_tcp_dgst_header(&tcp_sw_conn->tx_hash, hdr, hdrlen,
+ iscsi_tcp_dgst_header(tcp_sw_conn->tx_hash, hdr, hdrlen,
hdr + hdrlen);
hdrlen += ISCSI_DIGEST_SIZE;
}
@@ -454,7 +454,7 @@ iscsi_sw_tcp_send_data_prep(struct iscsi_conn *conn, struct
scatterlist *sg,
{
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
- struct hash_desc *tx_hash = NULL;
+ struct ahash_request *tx_hash = NULL;
unsigned int hdr_spec_len;
ISCSI_SW_TCP_DBG(conn, "offset=%d, datalen=%d %s\n", offset, len,
@@ -467,7 +467,7 @@ iscsi_sw_tcp_send_data_prep(struct iscsi_conn *conn, struct
scatterlist *sg,
WARN_ON(iscsi_padded(len) != iscsi_padded(hdr_spec_len));
if (conn->datadgst_en)
- tx_hash = &tcp_sw_conn->tx_hash;
+ tx_hash = tcp_sw_conn->tx_hash;
return iscsi_segment_seek_sg(&tcp_sw_conn->out.data_segment,
sg, count, offset, len,
@@ -480,7 +480,7 @@ iscsi_sw_tcp_send_linear_data_prep(struct iscsi_conn *conn,
void *data,
{
struct iscsi_tcp_conn *tcp_conn = conn->dd_data;
struct iscsi_sw_tcp_conn *tcp_sw_conn = tcp_conn->dd_data;
- struct hash_desc *tx_hash = NULL;
+ struct ahash_request *tx_hash = NULL;
unsigned int hdr_spec_len;
ISCSI_SW_TCP_DBG(conn, "datalen=%zd %s\n", len, conn->datadgst_en ?
@@ -492,7 +492,7 @@ iscsi_sw_tcp_send_linear_data_prep(struct iscsi_conn *conn,
void *data,
WARN_ON(iscsi_padded(len) != iscsi_padded(hdr_spec_len));
if (conn->datadgst_en)
- tx_hash = &tcp_sw_conn->tx_hash;
+ tx_hash = tcp_sw_conn->tx_hash;
iscsi_segment_init_linear(&tcp_sw_conn->out.data_segment,
data, len, NULL, tx_hash);
@@ -543,6 +543,7 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session
*cls_session,
struct iscsi_cls_conn *cls_conn;
struct iscsi_tcp_conn *tcp_conn;
struct iscsi_sw_tcp_conn *tcp_sw_conn;
+ struct crypto_ahash *tfm;
cls_conn = iscsi_tcp_conn_setup(cls_session, sizeof(*tcp_sw_conn),
conn_idx);
@@ -552,23 +553,28 @@ iscsi_sw_tcp_conn_create(struct iscsi_cls_session
*cls_session,
tcp_conn = conn->dd_data;
tcp_sw_conn = tcp_conn->dd_data;
- tcp_sw_conn->tx_hash.tfm = crypto_alloc_hash("crc32c", 0,
-CRYPTO_ALG_ASYNC);
- tcp_sw_conn->tx_hash.flags = 0;
- if (IS_ERR(tcp_sw_conn->tx_hash.tfm))
+ tfm = crypto_alloc_ahash("crc32c", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm))
goto free_conn;
- tcp_sw_conn->rx_hash.tfm = crypto_alloc_hash("crc32c", 0,
-CRYPTO_ALG_ASYNC);
- tcp_sw_conn->rx_hash.flags = 0;
- if (IS_ERR(tcp_sw_conn->rx_hash.tfm))
- goto free_tx_tfm;
- tcp_conn->rx_hash = &tcp_sw_conn->rx_hash;
+ tcp_sw_conn->tx_hash = ahash_request_alloc(tfm, GFP_KERNEL);
+ if (!tcp_sw_conn->tx_hash)
+ goto free_tfm;
+ ahash_request_set_callback(tcp_sw_conn->tx_hash, 0, NULL, NULL);
+
+ tcp_sw_conn->rx_hash = ahash_request_alloc(tfm, GFP_KERNEL);
+ if (!tcp_sw_conn->rx_hash)
+ goto free_tx_hash;
+ ahash_request_set_callback(tcp_sw_conn->rx_hash, 0, NULL, NULL);
+
+ tcp_conn->rx_hash = tcp_sw_conn->rx_hash;
return cls_conn;
-free_tx_tfm:
- crypto_free_hash(tcp_sw_conn->tx_hash.tfm);
+free_tx_hash:
+ ahash_request_free(tcp_sw_conn->tx_hash);
+free_tfm:
+ crypto_free_ahash(tfm);
free_conn:
iscsi_conn_printk(KERN_ERR, conn,
"Could not create connection due to crc32c "
@@ -607,10 +613,14 @@ static void iscsi_sw_tcp_conn_destroy(struct
iscsi_cls_conn *cls_conn)
iscsi_sw_tcp_release_conn(conn);
- if (tcp_sw_conn->tx_hash.tfm)
-
[PATCH 17/26] mac802154: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
net/mac802154/llsec.c | 41 +++--
net/mac802154/llsec.h |3 +--
2 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index a13d02b..6a3e1c2 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -17,9 +17,9 @@
#include
#include
#include
-#include
#include
#include
+#include
#include "ieee802154_i.h"
#include "llsec.h"
@@ -144,18 +144,18 @@ llsec_key_alloc(const struct ieee802154_llsec_key
*template)
goto err_tfm;
}
- key->tfm0 = crypto_alloc_blkcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
+ key->tfm0 = crypto_alloc_skcipher("ctr(aes)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(key->tfm0))
goto err_tfm;
- if (crypto_blkcipher_setkey(key->tfm0, template->key,
- IEEE802154_LLSEC_KEY_SIZE))
+ if (crypto_skcipher_setkey(key->tfm0, template->key,
+ IEEE802154_LLSEC_KEY_SIZE))
goto err_tfm0;
return key;
err_tfm0:
- crypto_free_blkcipher(key->tfm0);
+ crypto_free_skcipher(key->tfm0);
err_tfm:
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
if (key->tfm[i])
@@ -175,7 +175,7 @@ static void llsec_key_release(struct kref *ref)
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
crypto_free_aead(key->tfm[i]);
- crypto_free_blkcipher(key->tfm0);
+ crypto_free_skcipher(key->tfm0);
kzfree(key);
}
@@ -620,15 +620,17 @@ llsec_do_encrypt_unauth(struct sk_buff *skb, const struct
mac802154_llsec *sec,
{
u8 iv[16];
struct scatterlist src;
- struct blkcipher_desc req = {
- .tfm = key->tfm0,
- .info = iv,
- .flags = 0,
- };
+ SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
+ int err;
llsec_geniv(iv, sec->params.hwaddr, &hdr->sec);
sg_init_one(&src, skb->data, skb->len);
- return crypto_blkcipher_encrypt_iv(&req, &src, &src, skb->len);
+ skcipher_request_set_tfm(req, key->tfm0);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, &src, &src, skb->len, iv);
+ err = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
+ return err;
}
static struct crypto_aead*
@@ -830,11 +832,8 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct
mac802154_llsec *sec,
unsigned char *data;
int datalen;
struct scatterlist src;
- struct blkcipher_desc req = {
- .tfm = key->tfm0,
- .info = iv,
- .flags = 0,
- };
+ SKCIPHER_REQUEST_ON_STACK(req, key->tfm0);
+ int err;
llsec_geniv(iv, dev_addr, &hdr->sec);
data = skb_mac_header(skb) + skb->mac_len;
@@ -842,7 +841,13 @@ llsec_do_decrypt_unauth(struct sk_buff *skb, const struct
mac802154_llsec *sec,
sg_init_one(&src, data, datalen);
- return crypto_blkcipher_decrypt_iv(&req, &src, &src, datalen);
+ skcipher_request_set_tfm(req, key->tfm0);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, &src, &src, datalen, iv);
+
+ err = crypto_skcipher_decrypt(req);
+ skcipher_request_zero(req);
+ return err;
}
static int
diff --git a/net/mac802154/llsec.h b/net/mac802154/llsec.h
index 950578e..6f3b658 100644
--- a/net/mac802154/llsec.h
+++ b/net/mac802154/llsec.h
@@ -19,7 +19,6 @@
#include
#include
-#include
#include
#include
#include
@@ -30,7 +29,7 @@ struct mac802154_llsec_key {
/* one tfm for each authsize (4/8/16) */
struct crypto_aead *tfm[3];
- struct crypto_blkcipher *tfm0;
+ struct crypto_skcipher *tfm0;
struct kref ref;
};
[PATCH 21/26] nfc: s3fwrn5: Use shash
This patch replaces uses of the long obsolete hash interface with
shash.
Signed-off-by: Herbert Xu
---
drivers/nfc/s3fwrn5/firmware.c | 36 +++-
1 file changed, 27 insertions(+), 9 deletions(-)
diff --git a/drivers/nfc/s3fwrn5/firmware.c b/drivers/nfc/s3fwrn5/firmware.c
index 64a9025..5f97da1 100644
--- a/drivers/nfc/s3fwrn5/firmware.c
+++ b/drivers/nfc/s3fwrn5/firmware.c
@@ -19,7 +19,7 @@
#include
#include
-#include
+#include
#include
#include "s3fwrn5.h"
@@ -429,8 +429,7 @@ int s3fwrn5_fw_download(struct s3fwrn5_fw_info *fw_info)
{
struct s3fwrn5_fw_image *fw = &fw_info->fw;
u8 hash_data[SHA1_DIGEST_SIZE];
- struct scatterlist sg;
- struct hash_desc desc;
+ struct crypto_shash *tfm;
u32 image_size, off;
int ret;
@@ -438,12 +437,31 @@ int s3fwrn5_fw_download(struct s3fwrn5_fw_info *fw_info)
/* Compute SHA of firmware data */
- sg_init_one(&sg, fw->image, image_size);
- desc.tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
- crypto_hash_init(&desc);
- crypto_hash_update(&desc, &sg, image_size);
- crypto_hash_final(&desc, hash_data);
- crypto_free_hash(desc.tfm);
+ tfm = crypto_alloc_shash("sha1", 0, 0);
+ if (IS_ERR(tfm)) {
+ ret = PTR_ERR(tfm);
+ dev_err(&fw_info->ndev->nfc_dev->dev,
+ "Cannot allocate shash (code=%d)\n", ret);
+ goto out;
+ }
+
+ {
+ SHASH_DESC_ON_STACK(desc, tfm);
+
+ desc->tfm = tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+ ret = crypto_shash_digest(desc, fw->image, image_size,
+ hash_data);
+ shash_desc_zero(desc);
+ }
+
+ crypto_free_shash(tfm);
+ if (ret) {
+ dev_err(&fw_info->ndev->nfc_dev->dev,
+ "Cannot compute hash (code=%d)\n", ret);
+ goto out;
+ }
/* Firmware update process */
[PATCH 24/26] nfsd: Use shash
This patch replaces uses of the long obsolete hash interface with
shash.
Signed-off-by: Herbert Xu
---
fs/nfsd/nfs4recover.c | 28 +---
1 file changed, 17 insertions(+), 11 deletions(-)
diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 79f0307..a79c150 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -32,10 +32,10 @@
*
*/
+#include
#include
#include
#include
-#include
#include
#include
#include
@@ -104,29 +104,35 @@ static int
nfs4_make_rec_clidname(char *dname, const struct xdr_netobj *clname)
{
struct xdr_netobj cksum;
- struct hash_desc desc;
- struct scatterlist sg;
+ struct crypto_shash *tfm;
int status;
dprintk("NFSD: nfs4_make_rec_clidname for %.*s\n",
clname->len, clname->data);
- desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
- desc.tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(desc.tfm)) {
- status = PTR_ERR(desc.tfm);
+ tfm = crypto_alloc_shash("md5", 0, 0);
+ if (IS_ERR(tfm)) {
+ status = PTR_ERR(tfm);
goto out_no_tfm;
}
- cksum.len = crypto_hash_digestsize(desc.tfm);
+ cksum.len = crypto_shash_digestsize(tfm);
cksum.data = kmalloc(cksum.len, GFP_KERNEL);
if (cksum.data == NULL) {
status = -ENOMEM;
goto out;
}
- sg_init_one(&sg, clname->data, clname->len);
+ {
+ SHASH_DESC_ON_STACK(desc, tfm);
+
+ desc->tfm = tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+
+ status = crypto_shash_digest(desc, clname->data, clname->len,
+cksum.data);
+ shash_desc_zero(desc);
+ }
- status = crypto_hash_digest(&desc, &sg, sg.length, cksum.data);
if (status)
goto out;
@@ -135,7 +141,7 @@ nfs4_make_rec_clidname(char *dname, const struct xdr_netobj
*clname)
status = 0;
out:
kfree(cksum.data);
- crypto_free_hash(desc.tfm);
+ crypto_free_shash(tfm);
out_no_tfm:
return status;
}
[PATCH 9/26] eCryptfs: Use skcipher and shash
This patch replaces uses of ablkcipher and blkcipher with skcipher,
and the long obsolete hash interface with shash.
Signed-off-by: Herbert Xu
---
fs/ecryptfs/crypto.c | 107 +---
fs/ecryptfs/ecryptfs_kernel.h | 12 +-
fs/ecryptfs/inode.c |1
fs/ecryptfs/keystore.c| 217 --
fs/ecryptfs/main.c|1
fs/ecryptfs/mmap.c|1
fs/ecryptfs/super.c |1
7 files changed, 179 insertions(+), 161 deletions(-)
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index 80d6901..11255cb 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -23,6 +23,8 @@
* 02111-1307, USA.
*/
+#include
+#include
#include
#include
#include
@@ -30,7 +32,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -74,6 +75,19 @@ void ecryptfs_from_hex(char *dst, char *src, int dst_size)
}
}
+static int ecryptfs_hash_digest(struct crypto_shash *tfm,
+ char *src, int len, char *dst)
+{
+ SHASH_DESC_ON_STACK(desc, tfm);
+ int err;
+
+ desc->tfm = tfm;
+ desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = crypto_shash_digest(desc, src, len, dst);
+ shash_desc_zero(desc);
+ return err;
+}
+
/**
* ecryptfs_calculate_md5 - calculates the md5 of @src
* @dst: Pointer to 16 bytes of allocated memory
@@ -88,45 +102,26 @@ static int ecryptfs_calculate_md5(char *dst,
struct ecryptfs_crypt_stat *crypt_stat,
char *src, int len)
{
- struct scatterlist sg;
- struct hash_desc desc = {
- .tfm = crypt_stat->hash_tfm,
- .flags = CRYPTO_TFM_REQ_MAY_SLEEP
- };
+ struct crypto_shash *tfm;
int rc = 0;
mutex_lock(&crypt_stat->cs_hash_tfm_mutex);
- sg_init_one(&sg, (u8 *)src, len);
- if (!desc.tfm) {
- desc.tfm = crypto_alloc_hash(ECRYPTFS_DEFAULT_HASH, 0,
-CRYPTO_ALG_ASYNC);
- if (IS_ERR(desc.tfm)) {
- rc = PTR_ERR(desc.tfm);
+ tfm = crypt_stat->hash_tfm;
+ if (!tfm) {
+ tfm = crypto_alloc_shash(ECRYPTFS_DEFAULT_HASH, 0, 0);
+ if (IS_ERR(tfm)) {
+ rc = PTR_ERR(tfm);
ecryptfs_printk(KERN_ERR, "Error attempting to "
"allocate crypto context; rc = [%d]\n",
rc);
goto out;
}
- crypt_stat->hash_tfm = desc.tfm;
- }
- rc = crypto_hash_init(&desc);
- if (rc) {
- printk(KERN_ERR
- "%s: Error initializing crypto hash; rc = [%d]\n",
- __func__, rc);
- goto out;
+ crypt_stat->hash_tfm = tfm;
}
- rc = crypto_hash_update(&desc, &sg, len);
+ rc = ecryptfs_hash_digest(tfm, src, len, dst);
if (rc) {
printk(KERN_ERR
- "%s: Error updating crypto hash; rc = [%d]\n",
- __func__, rc);
- goto out;
- }
- rc = crypto_hash_final(&desc, dst);
- if (rc) {
- printk(KERN_ERR
- "%s: Error finalizing crypto hash; rc = [%d]\n",
+ "%s: Error computing crypto hash; rc = [%d]\n",
__func__, rc);
goto out;
}
@@ -234,10 +229,8 @@ void ecryptfs_destroy_crypt_stat(struct
ecryptfs_crypt_stat *crypt_stat)
{
struct ecryptfs_key_sig *key_sig, *key_sig_tmp;
- if (crypt_stat->tfm)
- crypto_free_ablkcipher(crypt_stat->tfm);
- if (crypt_stat->hash_tfm)
- crypto_free_hash(crypt_stat->hash_tfm);
+ crypto_free_skcipher(crypt_stat->tfm);
+ crypto_free_shash(crypt_stat->hash_tfm);
list_for_each_entry_safe(key_sig, key_sig_tmp,
&crypt_stat->keysig_list, crypt_stat_list) {
list_del(&key_sig->crypt_stat_list);
@@ -342,7 +335,7 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat
*crypt_stat,
struct scatterlist *src_sg, int size,
unsigned char *iv, int op)
{
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
struct extent_crypt_result ecr;
int rc = 0;
@@ -358,20 +351,20 @@ static int crypt_scatterlist(struct ecryptfs_crypt_stat
*crypt_stat,
init_completion(&ecr.completion);
mutex_lock(&crypt_stat->cs_tfm_mutex);
- req = ablkcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
+ req = skcipher_request_alloc(crypt_stat->tfm, GFP_NOFS);
if (!req) {
mutex_unlock(&crypt_stat->cs_tfm_mutex)
[PATCH 13/26] lib80211: Use skcipher and ahash
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with ahash.
Signed-off-by: Herbert Xu
---
net/wireless/lib80211_crypt_tkip.c | 99 -
net/wireless/lib80211_crypt_wep.c | 46 ++---
2 files changed, 81 insertions(+), 64 deletions(-)
diff --git a/net/wireless/lib80211_crypt_tkip.c
b/net/wireless/lib80211_crypt_tkip.c
index 3cd8195..71447cf 100644
--- a/net/wireless/lib80211_crypt_tkip.c
+++ b/net/wireless/lib80211_crypt_tkip.c
@@ -29,7 +29,8 @@
#include
#include
-#include
+#include
+#include
#include
#include
@@ -63,10 +64,10 @@ struct lib80211_tkip_data {
int key_idx;
- struct crypto_blkcipher *rx_tfm_arc4;
- struct crypto_hash *rx_tfm_michael;
- struct crypto_blkcipher *tx_tfm_arc4;
- struct crypto_hash *tx_tfm_michael;
+ struct crypto_skcipher *rx_tfm_arc4;
+ struct crypto_ahash *rx_tfm_michael;
+ struct crypto_skcipher *tx_tfm_arc4;
+ struct crypto_ahash *tx_tfm_michael;
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16], tx_hdr[16];
@@ -98,29 +99,29 @@ static void *lib80211_tkip_init(int key_idx)
priv->key_idx = key_idx;
- priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
- CRYPTO_ALG_ASYNC);
+ priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
priv->tx_tfm_arc4 = NULL;
goto fail;
}
- priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-CRYPTO_ALG_ASYNC);
+ priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
priv->tx_tfm_michael = NULL;
goto fail;
}
- priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
- CRYPTO_ALG_ASYNC);
+ priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
priv->rx_tfm_arc4 = NULL;
goto fail;
}
- priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
-CRYPTO_ALG_ASYNC);
+ priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
+ CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
priv->rx_tfm_michael = NULL;
goto fail;
@@ -130,14 +131,10 @@ static void *lib80211_tkip_init(int key_idx)
fail:
if (priv) {
- if (priv->tx_tfm_michael)
- crypto_free_hash(priv->tx_tfm_michael);
- if (priv->tx_tfm_arc4)
- crypto_free_blkcipher(priv->tx_tfm_arc4);
- if (priv->rx_tfm_michael)
- crypto_free_hash(priv->rx_tfm_michael);
- if (priv->rx_tfm_arc4)
- crypto_free_blkcipher(priv->rx_tfm_arc4);
+ crypto_free_ahash(priv->tx_tfm_michael);
+ crypto_free_skcipher(priv->tx_tfm_arc4);
+ crypto_free_ahash(priv->rx_tfm_michael);
+ crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
@@ -148,14 +145,10 @@ static void lib80211_tkip_deinit(void *priv)
{
struct lib80211_tkip_data *_priv = priv;
if (_priv) {
- if (_priv->tx_tfm_michael)
- crypto_free_hash(_priv->tx_tfm_michael);
- if (_priv->tx_tfm_arc4)
- crypto_free_blkcipher(_priv->tx_tfm_arc4);
- if (_priv->rx_tfm_michael)
- crypto_free_hash(_priv->rx_tfm_michael);
- if (_priv->rx_tfm_arc4)
- crypto_free_blkcipher(_priv->rx_tfm_arc4);
+ crypto_free_ahash(_priv->tx_tfm_michael);
+ crypto_free_skcipher(_priv->tx_tfm_arc4);
+ crypto_free_ahash(_priv->rx_tfm_michael);
+ crypto_free_skcipher(_priv->rx_tfm_arc4);
}
kfree(priv);
}
@@ -353,11 +346,12 @@ static int lib80211_tkip_hdr(struct sk_buff *skb, int
hdr_len,
static int lib80211_tkip_encrypt(struct sk_buff *skb, int hdr_len, void *priv)
{
struct lib80211_tkip_data *tkey = priv;
- struct blkcipher_desc desc = { .tfm = tkey->tx_tfm_arc4 };
+ SKCIPHER_REQUEST_ON_STACK(req, tkey->tx_tfm_arc4);
int len;
u8 rc4key[16], *pos, *icv;
u32 crc;
struct scatterlist sg;
+ int err;
if (tkey->flags & IEEE80211_CRYPTO_TKIP_COUNTERMEASURES) {
[PATCH 11/26] f2fs: Use skcipher
This patch replaces uses of ablkcipher with skcipher.
Signed-off-by: Herbert Xu
---
fs/f2fs/crypto.c | 24 +++-
fs/f2fs/crypto_fname.c | 32 +++-
fs/f2fs/crypto_key.c | 40 ++--
fs/f2fs/f2fs_crypto.h |2 +-
4 files changed, 45 insertions(+), 53 deletions(-)
diff --git a/fs/f2fs/crypto.c b/fs/f2fs/crypto.c
index 4a62ef1..95c5cf0 100644
--- a/fs/f2fs/crypto.c
+++ b/fs/f2fs/crypto.c
@@ -23,11 +23,9 @@
* The usage of AES-XTS should conform to recommendations in NIST
* Special Publication 800-38E and IEEE P1619/D16.
*/
-#include
-#include
+#include
#include
#include
-#include
#include
#include
#include
@@ -328,21 +326,21 @@ static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
struct page *dest_page)
{
u8 xts_tweak[F2FS_XTS_TWEAK_SIZE];
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
DECLARE_F2FS_COMPLETION_RESULT(ecr);
struct scatterlist dst, src;
struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
- struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+ struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
- req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
"%s: crypto_request_alloc() failed\n",
__func__);
return -ENOMEM;
}
- ablkcipher_request_set_callback(
+ skcipher_request_set_callback(
req, CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
f2fs_crypt_complete, &ecr);
@@ -355,21 +353,21 @@ static int f2fs_page_crypto(struct f2fs_crypto_ctx *ctx,
sg_set_page(&dst, dest_page, PAGE_CACHE_SIZE, 0);
sg_init_table(&src, 1);
sg_set_page(&src, src_page, PAGE_CACHE_SIZE, 0);
- ablkcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
- xts_tweak);
+ skcipher_request_set_crypt(req, &src, &dst, PAGE_CACHE_SIZE,
+ xts_tweak);
if (rw == F2FS_DECRYPT)
- res = crypto_ablkcipher_decrypt(req);
+ res = crypto_skcipher_decrypt(req);
else
- res = crypto_ablkcipher_encrypt(req);
+ res = crypto_skcipher_encrypt(req);
if (res == -EINPROGRESS || res == -EBUSY) {
BUG_ON(req->base.data != &ecr);
wait_for_completion(&ecr.completion);
res = ecr.res;
}
- ablkcipher_request_free(req);
+ skcipher_request_free(req);
if (res) {
printk_ratelimited(KERN_ERR
- "%s: crypto_ablkcipher_encrypt() returned %d\n",
+ "%s: crypto_skcipher_encrypt() returned %d\n",
__func__, res);
return res;
}
diff --git a/fs/f2fs/crypto_fname.c b/fs/f2fs/crypto_fname.c
index ab377d4..16aec66 100644
--- a/fs/f2fs/crypto_fname.c
+++ b/fs/f2fs/crypto_fname.c
@@ -15,11 +15,9 @@
*
* This has not yet undergone a rigorous security audit.
*/
-#include
-#include
+#include
#include
#include
-#include
#include
#include
#include
@@ -70,10 +68,10 @@ static int f2fs_fname_encrypt(struct inode *inode,
const struct qstr *iname, struct f2fs_str *oname)
{
u32 ciphertext_len;
- struct ablkcipher_request *req = NULL;
+ struct skcipher_request *req = NULL;
DECLARE_F2FS_COMPLETION_RESULT(ecr);
struct f2fs_crypt_info *ci = F2FS_I(inode)->i_crypt_info;
- struct crypto_ablkcipher *tfm = ci->ci_ctfm;
+ struct crypto_skcipher *tfm = ci->ci_ctfm;
int res = 0;
char iv[F2FS_CRYPTO_BLOCK_SIZE];
struct scatterlist src_sg, dst_sg;
@@ -99,14 +97,14 @@ static int f2fs_fname_encrypt(struct inode *inode,
}
/* Allocate request */
- req = ablkcipher_request_alloc(tfm, GFP_NOFS);
+ req = skcipher_request_alloc(tfm, GFP_NOFS);
if (!req) {
printk_ratelimited(KERN_ERR
"%s: crypto_request_alloc() failed\n", __func__);
kfree(alloc_buf);
return -ENOMEM;
}
- ablkcipher_request_set_callback(req,
+ skcipher_request_set_callback(req,
CRYPTO_TFM_REQ_MAY_BACKLOG | CRYPTO_TFM_REQ_MAY_SLEEP,
f2fs_dir_crypt_complete, &ecr);
@@ -121,15 +119,15 @@ static int f2fs_fname_encrypt(struct inode *inode,
/* Create encryption request */
sg_init_one(&src_sg, workbuf, ciphertext_len);
sg_init_one(&dst_sg, oname->name, ciphertext_len);
- ablkcipher_request_set_crypt(req, &src_sg, &dst_sg, ciphertext_len, iv);
- res = cryp
[PATCH 19/26] ipsec: Use skcipher and ahash when probing algorithms
This patch removes the last reference to hash and ablkcipher from
IPsec and replaces them with ahash and skcipher respectively. For
skcipher there is currently no difference at all, while for ahash
the current code is actually buggy and would prevent asynchronous
algorithms from being discovered.
Signed-off-by: Herbert Xu
---
net/xfrm/xfrm_algo.c |7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index f07224d..250e567 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -9,6 +9,8 @@
* any later version.
*/
+#include
+#include
#include
#include
#include
@@ -782,14 +784,13 @@ void xfrm_probe_algs(void)
BUG_ON(in_softirq());
for (i = 0; i < aalg_entries(); i++) {
- status = crypto_has_hash(aalg_list[i].name, 0,
-CRYPTO_ALG_ASYNC);
+ status = crypto_has_ahash(aalg_list[i].name, 0, 0);
if (aalg_list[i].available != status)
aalg_list[i].available = status;
}
for (i = 0; i < ealg_entries(); i++) {
- status = crypto_has_ablkcipher(ealg_list[i].name, 0, 0);
+ status = crypto_has_skcipher(ealg_list[i].name, 0, 0);
if (ealg_list[i].available != status)
ealg_list[i].available = status;
}
[PATCH 12/26] sunrpc: Use skcipher and ahash/shash
This patch replaces uses of blkcipher with skcipher and the long
obsolete hash interface with either shash (for non-SG users) and
ahash.
Signed-off-by: Herbert Xu
---
include/linux/sunrpc/gss_krb5.h | 32 +--
net/sunrpc/auth_gss/gss_krb5_crypto.c | 350 --
net/sunrpc/auth_gss/gss_krb5_keys.c | 12 -
net/sunrpc/auth_gss/gss_krb5_mech.c | 89
net/sunrpc/auth_gss/gss_krb5_seqnum.c | 22 +-
net/sunrpc/auth_gss/gss_krb5_wrap.c | 24 +-
6 files changed, 306 insertions(+), 223 deletions(-)
diff --git a/include/linux/sunrpc/gss_krb5.h b/include/linux/sunrpc/gss_krb5.h
index df02a41..7df625d 100644
--- a/include/linux/sunrpc/gss_krb5.h
+++ b/include/linux/sunrpc/gss_krb5.h
@@ -36,7 +36,7 @@
*
*/
-#include
+#include
#include
#include
#include
@@ -71,10 +71,10 @@ struct gss_krb5_enctype {
const u32 keyed_cksum;/* is it a keyed cksum? */
const u32 keybytes; /* raw key len, in bytes */
const u32 keylength; /* final key len, in bytes */
- u32 (*encrypt) (struct crypto_blkcipher *tfm,
+ u32 (*encrypt) (struct crypto_skcipher *tfm,
void *iv, void *in, void *out,
int length);/* encryption function */
- u32 (*decrypt) (struct crypto_blkcipher *tfm,
+ u32 (*decrypt) (struct crypto_skcipher *tfm,
void *iv, void *in, void *out,
int length);/* decryption function */
u32 (*mk_key) (const struct gss_krb5_enctype *gk5e,
@@ -98,12 +98,12 @@ struct krb5_ctx {
u32 enctype;
u32 flags;
const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
- struct crypto_blkcipher *enc;
- struct crypto_blkcipher *seq;
- struct crypto_blkcipher *acceptor_enc;
- struct crypto_blkcipher *initiator_enc;
- struct crypto_blkcipher *acceptor_enc_aux;
- struct crypto_blkcipher *initiator_enc_aux;
+ struct crypto_skcipher *enc;
+ struct crypto_skcipher *seq;
+ struct crypto_skcipher *acceptor_enc;
+ struct crypto_skcipher *initiator_enc;
+ struct crypto_skcipher *acceptor_enc_aux;
+ struct crypto_skcipher *initiator_enc_aux;
u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
u8 cksum[GSS_KRB5_MAX_KEYLEN];
s32 endtime;
@@ -262,24 +262,24 @@ gss_unwrap_kerberos(struct gss_ctx *ctx_id, int offset,
u32
-krb5_encrypt(struct crypto_blkcipher *key,
+krb5_encrypt(struct crypto_skcipher *key,
void *iv, void *in, void *out, int length);
u32
-krb5_decrypt(struct crypto_blkcipher *key,
+krb5_decrypt(struct crypto_skcipher *key,
void *iv, void *in, void *out, int length);
int
-gss_encrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *outbuf,
+gss_encrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *outbuf,
int offset, struct page **pages);
int
-gss_decrypt_xdr_buf(struct crypto_blkcipher *tfm, struct xdr_buf *inbuf,
+gss_decrypt_xdr_buf(struct crypto_skcipher *tfm, struct xdr_buf *inbuf,
int offset);
s32
krb5_make_seq_num(struct krb5_ctx *kctx,
- struct crypto_blkcipher *key,
+ struct crypto_skcipher *key,
int direction,
u32 seqnum, unsigned char *cksum, unsigned char *buf);
@@ -320,12 +320,12 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset,
int
krb5_rc4_setup_seq_key(struct krb5_ctx *kctx,
- struct crypto_blkcipher *cipher,
+ struct crypto_skcipher *cipher,
unsigned char *cksum);
int
krb5_rc4_setup_enc_key(struct krb5_ctx *kctx,
- struct crypto_blkcipher *cipher,
+ struct crypto_skcipher *cipher,
s32 seqnum);
void
gss_krb5_make_confounder(char *p, u32 conflen);
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index fee3c15..d94a8e1 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,11 +34,12 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+#include
+#include
#include
#include
#include
#include
-#include
#include
#include
#include
@@ -51,7 +52,7 @@
u32
krb5_encrypt(
- struct crypto_blkcipher *tfm,
+ struct crypto_skcipher *tfm,
void * iv,
void * in,
void * out,
@@ -60,24 +61,28 @@ krb5_encrypt(
u32 ret = -EINVAL;
struct scatterlist sg[1];
u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0};
- struct blkcipher_desc desc = { .tfm = tfm, .info = local_iv };
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
- if (length % cry
[PATCH 23/26] iscsi-target: Use shash and ahash
This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.
Signed-off-by: Herbert Xu
---
drivers/target/iscsi/iscsi_target.c | 86 ++
drivers/target/iscsi/iscsi_target_auth.c | 98 +++---
drivers/target/iscsi/iscsi_target_login.c | 45 -
include/target/iscsi/iscsi_target_core.h |4 -
4 files changed, 113 insertions(+), 120 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target.c
b/drivers/target/iscsi/iscsi_target.c
index 72204fb..866f3ad 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
@@ -16,9 +16,9 @@
* GNU General Public License for more details.
**/
+#include
#include
#include
-#include
#include
#include
#include
@@ -1190,7 +1190,7 @@ iscsit_handle_scsi_cmd(struct iscsi_conn *conn, struct
iscsi_cmd *cmd,
}
static u32 iscsit_do_crypto_hash_sg(
- struct hash_desc *hash,
+ struct ahash_request *hash,
struct iscsi_cmd *cmd,
u32 data_offset,
u32 data_length,
@@ -1201,7 +1201,7 @@ static u32 iscsit_do_crypto_hash_sg(
struct scatterlist *sg;
unsigned int page_off;
- crypto_hash_init(hash);
+ crypto_ahash_init(hash);
sg = cmd->first_data_sg;
page_off = cmd->first_data_sg_off;
@@ -1209,7 +1209,8 @@ static u32 iscsit_do_crypto_hash_sg(
while (data_length) {
u32 cur_len = min_t(u32, data_length, (sg->length - page_off));
- crypto_hash_update(hash, sg, cur_len);
+ ahash_request_set_crypt(hash, sg, NULL, cur_len);
+ crypto_ahash_update(hash);
data_length -= cur_len;
page_off = 0;
@@ -1221,33 +1222,34 @@ static u32 iscsit_do_crypto_hash_sg(
struct scatterlist pad_sg;
sg_init_one(&pad_sg, pad_bytes, padding);
- crypto_hash_update(hash, &pad_sg, padding);
+ ahash_request_set_crypt(hash, &pad_sg, (u8 *)&data_crc,
+ padding);
+ crypto_ahash_finup(hash);
+ } else {
+ ahash_request_set_crypt(hash, NULL, (u8 *)&data_crc, 0);
+ crypto_ahash_final(hash);
}
- crypto_hash_final(hash, (u8 *) &data_crc);
return data_crc;
}
static void iscsit_do_crypto_hash_buf(
- struct hash_desc *hash,
+ struct ahash_request *hash,
const void *buf,
u32 payload_length,
u32 padding,
u8 *pad_bytes,
u8 *data_crc)
{
- struct scatterlist sg;
+ struct scatterlist sg[2];
- crypto_hash_init(hash);
+ sg_init_table(sg, ARRAY_SIZE(sg));
+ sg_set_buf(sg, buf, payload_length);
+ sg_set_buf(sg + 1, pad_bytes, padding);
- sg_init_one(&sg, buf, payload_length);
- crypto_hash_update(hash, &sg, payload_length);
+ ahash_request_set_crypt(hash, sg, data_crc, payload_length + padding);
- if (padding) {
- sg_init_one(&sg, pad_bytes, padding);
- crypto_hash_update(hash, &sg, padding);
- }
- crypto_hash_final(hash, data_crc);
+ crypto_ahash_digest(hash);
}
int
@@ -1422,7 +1424,7 @@ iscsit_get_dataout(struct iscsi_conn *conn, struct
iscsi_cmd *cmd,
if (conn->conn_ops->DataDigest) {
u32 data_crc;
- data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd,
+ data_crc = iscsit_do_crypto_hash_sg(conn->conn_rx_hash, cmd,
be32_to_cpu(hdr->offset),
payload_length, padding,
cmd->pad_bytes);
@@ -1682,7 +1684,7 @@ static int iscsit_handle_nop_out(struct iscsi_conn *conn,
struct iscsi_cmd *cmd,
}
if (conn->conn_ops->DataDigest) {
- iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
+ iscsit_do_crypto_hash_buf(conn->conn_rx_hash,
ping_data, payload_length,
padding, cmd->pad_bytes,
(u8 *)&data_crc);
@@ -2101,7 +2103,7 @@ iscsit_handle_text_cmd(struct iscsi_conn *conn, struct
iscsi_cmd *cmd,
goto reject;
if (conn->conn_ops->DataDigest) {
- iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
+ iscsit_do_crypto_hash_buf(conn->conn_rx_hash,
text_in, payload_length,
padding, (u8 *)&pad_bytes,
(u8 *)&data_crc);
@@ -2440,7 +2442,7 @@ static int iscsit_handle_immediate_data(
if (conn->c
[PATCH 6/26] staging: rtl8192u: Use skcipher and ahash
This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash.
Signed-off-by: Herbert Xu
---
drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c | 92 +++---
drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_wep.c | 46 ---
2 files changed, 81 insertions(+), 57 deletions(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
index 908bc2e..6fa96d5 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_crypt_tkip.c
@@ -21,7 +21,8 @@
#include "ieee80211.h"
-#include
+#include
+#include
#include
#include
@@ -52,10 +53,10 @@ struct ieee80211_tkip_data {
int key_idx;
- struct crypto_blkcipher *rx_tfm_arc4;
- struct crypto_hash *rx_tfm_michael;
- struct crypto_blkcipher *tx_tfm_arc4;
- struct crypto_hash *tx_tfm_michael;
+ struct crypto_skcipher *rx_tfm_arc4;
+ struct crypto_ahash *rx_tfm_michael;
+ struct crypto_skcipher *tx_tfm_arc4;
+ struct crypto_ahash *tx_tfm_michael;
/* scratch buffers for virt_to_page() (crypto API) */
u8 rx_hdr[16], tx_hdr[16];
@@ -70,7 +71,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
priv->key_idx = key_idx;
- priv->tx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ priv->tx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -79,7 +80,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
- priv->tx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
+ priv->tx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->tx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -88,7 +89,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
- priv->rx_tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0,
+ priv->rx_tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_arc4)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -97,7 +98,7 @@ static void *ieee80211_tkip_init(int key_idx)
goto fail;
}
- priv->rx_tfm_michael = crypto_alloc_hash("michael_mic", 0,
+ priv->rx_tfm_michael = crypto_alloc_ahash("michael_mic", 0,
CRYPTO_ALG_ASYNC);
if (IS_ERR(priv->rx_tfm_michael)) {
printk(KERN_DEBUG "ieee80211_crypt_tkip: could not allocate "
@@ -110,14 +111,10 @@ static void *ieee80211_tkip_init(int key_idx)
fail:
if (priv) {
- if (priv->tx_tfm_michael)
- crypto_free_hash(priv->tx_tfm_michael);
- if (priv->tx_tfm_arc4)
- crypto_free_blkcipher(priv->tx_tfm_arc4);
- if (priv->rx_tfm_michael)
- crypto_free_hash(priv->rx_tfm_michael);
- if (priv->rx_tfm_arc4)
- crypto_free_blkcipher(priv->rx_tfm_arc4);
+ crypto_free_ahash(priv->tx_tfm_michael);
+ crypto_free_skcipher(priv->tx_tfm_arc4);
+ crypto_free_ahash(priv->rx_tfm_michael);
+ crypto_free_skcipher(priv->rx_tfm_arc4);
kfree(priv);
}
@@ -130,14 +127,10 @@ static void ieee80211_tkip_deinit(void *priv)
struct ieee80211_tkip_data *_priv = priv;
if (_priv) {
- if (_priv->tx_tfm_michael)
- crypto_free_hash(_priv->tx_tfm_michael);
- if (_priv->tx_tfm_arc4)
- crypto_free_blkcipher(_priv->tx_tfm_arc4);
- if (_priv->rx_tfm_michael)
- crypto_free_hash(_priv->rx_tfm_michael);
- if (_priv->rx_tfm_arc4)
- crypto_free_blkcipher(_priv->rx_tfm_arc4);
+ crypto_free_ahash(_priv->tx_tfm_michael);
+ crypto_free_skcipher(_priv->tx_tfm_arc4);
+ crypto_free_ahash(_priv->rx_tfm_michael);
+ crypto_free_skcipher(_priv->rx_tfm_arc4);
}
kfree(priv);
}
@@ -312,7 +305,6 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb, int
hdr_len, void *priv)
u8 *pos;
struct rtl_80211_hdr_4addr *hdr;
cb_desc *tcb_desc = (cb_desc *)(skb->cb + MAX_DEV_ADDR_SIZE);
- struct blkcipher_desc desc = {.tfm = tkey->tx_tfm_arc4};
int ret = 0;
u8 rc4key[16], *icv;
u32 crc;
@@ -357,15 +349,21 @@ static int ieee80211_tkip_encrypt(struct sk_buff *skb,
int hdr_len, void *priv)
[PATCH 20/26] drbd: Use shash and ahash
This patch replaces uses of the long obsolete hash interface with
either shash (for non-SG users) or ahash.
Signed-off-by: Herbert Xu
---
drivers/block/drbd/drbd_int.h | 16 +-
drivers/block/drbd/drbd_main.c | 16 +-
drivers/block/drbd/drbd_nl.c | 59 +++--
drivers/block/drbd/drbd_receiver.c | 56 ---
drivers/block/drbd/drbd_worker.c | 43 +++---
5 files changed, 103 insertions(+), 87 deletions(-)
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
index e66d453..686d955 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -26,13 +26,13 @@
#ifndef _DRBD_INT_H
#define _DRBD_INT_H
+#include
#include
#include
#include
#include
#include
#include
-#include
#include
#include
#include
@@ -737,11 +737,11 @@ struct drbd_connection {
struct list_head transfer_log; /* all requests not yet fully processed
*/
- struct crypto_hash *cram_hmac_tfm;
- struct crypto_hash *integrity_tfm; /* checksums we compute, updates
protected by connection->data->mutex */
- struct crypto_hash *peer_integrity_tfm; /* checksums we verify, only
accessed from receiver thread */
- struct crypto_hash *csums_tfm;
- struct crypto_hash *verify_tfm;
+ struct crypto_shash *cram_hmac_tfm;
+ struct crypto_ahash *integrity_tfm; /* checksums we compute, updates
protected by connection->data->mutex */
+ struct crypto_ahash *peer_integrity_tfm; /* checksums we verify, only
accessed from receiver thread */
+ struct crypto_ahash *csums_tfm;
+ struct crypto_ahash *verify_tfm;
void *int_dig_in;
void *int_dig_vv;
@@ -1511,8 +1511,8 @@ static inline void ov_out_of_sync_print(struct
drbd_device *device)
}
-extern void drbd_csum_bio(struct crypto_hash *, struct bio *, void *);
-extern void drbd_csum_ee(struct crypto_hash *, struct drbd_peer_request *,
void *);
+extern void drbd_csum_bio(struct crypto_ahash *, struct bio *, void *);
+extern void drbd_csum_ee(struct crypto_ahash *, struct drbd_peer_request *,
void *);
/* worker callbacks */
extern int w_e_end_data_req(struct drbd_work *, int);
extern int w_e_end_rsdata_req(struct drbd_work *, int);
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 74d97f4..69ee808 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1339,7 +1339,7 @@ void drbd_send_ack_dp(struct drbd_peer_device
*peer_device, enum drbd_packet cmd
struct p_data *dp, int data_size)
{
if (peer_device->connection->peer_integrity_tfm)
- data_size -=
crypto_hash_digestsize(peer_device->connection->peer_integrity_tfm);
+ data_size -=
crypto_ahash_digestsize(peer_device->connection->peer_integrity_tfm);
_drbd_send_ack(peer_device, cmd, dp->sector, cpu_to_be32(data_size),
dp->block_id);
}
@@ -1628,7 +1628,7 @@ int drbd_send_dblock(struct drbd_peer_device
*peer_device, struct drbd_request *
sock = &peer_device->connection->data;
p = drbd_prepare_command(peer_device, sock);
digest_size = peer_device->connection->integrity_tfm ?
-
crypto_hash_digestsize(peer_device->connection->integrity_tfm) : 0;
+
crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0;
if (!p)
return -EIO;
@@ -1717,7 +1717,7 @@ int drbd_send_block(struct drbd_peer_device *peer_device,
enum drbd_packet cmd,
p = drbd_prepare_command(peer_device, sock);
digest_size = peer_device->connection->integrity_tfm ?
-
crypto_hash_digestsize(peer_device->connection->integrity_tfm) : 0;
+
crypto_ahash_digestsize(peer_device->connection->integrity_tfm) : 0;
if (!p)
return -EIO;
@@ -2506,11 +2506,11 @@ void conn_free_crypto(struct drbd_connection
*connection)
{
drbd_free_sock(connection);
- crypto_free_hash(connection->csums_tfm);
- crypto_free_hash(connection->verify_tfm);
- crypto_free_hash(connection->cram_hmac_tfm);
- crypto_free_hash(connection->integrity_tfm);
- crypto_free_hash(connection->peer_integrity_tfm);
+ crypto_free_ahash(connection->csums_tfm);
+ crypto_free_ahash(connection->verify_tfm);
+ crypto_free_shash(connection->cram_hmac_tfm);
+ crypto_free_ahash(connection->integrity_tfm);
+ crypto_free_ahash(connection->peer_integrity_tfm);
kfree(connection->int_dig_in);
kfree(connection->int_dig_vv);
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index e80cbef..578f635 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -2065,19 +2065,34 @@ check_net_options(struct drbd_connection *connection,
[PATCH 18/26] rxrpc: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
net/rxrpc/ar-internal.h |2
net/rxrpc/ar-key.c | 12 +--
net/rxrpc/rxkad.c | 172 +---
3 files changed, 114 insertions(+), 72 deletions(-)
diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h
index 2934a73..71598f5 100644
--- a/net/rxrpc/ar-internal.h
+++ b/net/rxrpc/ar-internal.h
@@ -252,7 +252,7 @@ struct rxrpc_connection {
struct rxrpc_security *security; /* applied security module */
struct key *key; /* security for this connection
(client) */
struct key *server_key;/* security for this service */
- struct crypto_blkcipher *cipher;/* encryption handle */
+ struct crypto_skcipher *cipher;/* encryption handle */
struct rxrpc_crypt csum_iv;/* packet checksum base */
unsigned long events;
#define RXRPC_CONN_CHALLENGE 0 /* send challenge packet */
diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c
index 3f65716..3fb492e 100644
--- a/net/rxrpc/ar-key.c
+++ b/net/rxrpc/ar-key.c
@@ -12,11 +12,11 @@
* "a...@cambridge.redhat.com>
*/
+#include
#include
#include
#include
#include
-#include
#include
#include
#include
@@ -824,7 +824,7 @@ static void rxrpc_free_preparse(struct
key_preparsed_payload *prep)
*/
static int rxrpc_preparse_s(struct key_preparsed_payload *prep)
{
- struct crypto_blkcipher *ci;
+ struct crypto_skcipher *ci;
_enter("%zu", prep->datalen);
@@ -833,13 +833,13 @@ static int rxrpc_preparse_s(struct key_preparsed_payload
*prep)
memcpy(&prep->payload.data[2], prep->data, 8);
- ci = crypto_alloc_blkcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
+ ci = crypto_alloc_skcipher("pcbc(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(ci)) {
_leave(" = %ld", PTR_ERR(ci));
return PTR_ERR(ci);
}
- if (crypto_blkcipher_setkey(ci, prep->data, 8) < 0)
+ if (crypto_skcipher_setkey(ci, prep->data, 8) < 0)
BUG();
prep->payload.data[0] = ci;
@@ -853,7 +853,7 @@ static int rxrpc_preparse_s(struct key_preparsed_payload
*prep)
static void rxrpc_free_preparse_s(struct key_preparsed_payload *prep)
{
if (prep->payload.data[0])
- crypto_free_blkcipher(prep->payload.data[0]);
+ crypto_free_skcipher(prep->payload.data[0]);
}
/*
@@ -870,7 +870,7 @@ static void rxrpc_destroy(struct key *key)
static void rxrpc_destroy_s(struct key *key)
{
if (key->payload.data[0]) {
- crypto_free_blkcipher(key->payload.data[0]);
+ crypto_free_skcipher(key->payload.data[0]);
key->payload.data[0] = NULL;
}
}
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index d7a9ab5..0d96b48 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -9,11 +9,11 @@
* 2 of the License, or (at your option) any later version.
*/
+#include
#include
#include
#include
#include
-#include
#include
#include
#include
@@ -53,7 +53,7 @@ MODULE_LICENSE("GPL");
* alloc routine, but since we have it to hand, we use it to decrypt RESPONSE
* packets
*/
-static struct crypto_blkcipher *rxkad_ci;
+static struct crypto_skcipher *rxkad_ci;
static DEFINE_MUTEX(rxkad_ci_mutex);
/*
@@ -61,7 +61,7 @@ static DEFINE_MUTEX(rxkad_ci_mutex);
*/
static int rxkad_init_connection_security(struct rxrpc_connection *conn)
{
- struct crypto_blkcipher *ci;
+ struct crypto_skcipher *ci;
struct rxrpc_key_token *token;
int ret;
@@ -70,15 +70,15 @@ static int rxkad_init_connection_security(struct
rxrpc_connection *conn)
token = conn->key->payload.data[0];
conn->security_ix = token->security_index;
- ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
+ ci = crypto_alloc_skcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(ci)) {
_debug("no cipher");
ret = PTR_ERR(ci);
goto error;
}
- if (crypto_blkcipher_setkey(ci, token->kad->session_key,
- sizeof(token->kad->session_key)) < 0)
+ if (crypto_skcipher_setkey(ci, token->kad->session_key,
+ sizeof(token->kad->session_key)) < 0)
BUG();
switch (conn->security_level) {
@@ -113,7 +113,7 @@ error:
static void rxkad_prime_packet_security(struct rxrpc_connection *conn)
{
struct rxrpc_key_token *token;
- struct blkcipher_desc desc;
+ SKCIPHER_REQUEST_ON_STACK(req, conn->cipher);
struct scatterlist sg[2];
struct rxrpc_crypt iv;
struct {
@@ -128,10 +128,6 @@ static void rxkad_prime_packet_security(struct
rxrpc_connection *conn)
token = conn->key->payload.da
[PATCH 26/26] tcp: Use ahash
This patch replaces uses of the long obsolete hash interface with
ahash.
Signed-off-by: Herbert Xu
---
include/net/tcp.h |6 +-
net/ipv4/tcp.c | 41 ++---
net/ipv4/tcp_fastopen.c |1 +
net/ipv4/tcp_ipv4.c | 23 +--
net/ipv6/tcp_ipv6.c | 23 +--
5 files changed, 54 insertions(+), 40 deletions(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 8ea1997..2a5b3b8 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -27,7 +27,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -1325,9 +1324,6 @@ static inline void tcp_clear_all_retrans_hints(struct
tcp_sock *tp)
tp->retransmit_skb_hint = NULL;
}
-/* MD5 Signature */
-struct crypto_hash;
-
union tcp_md5_addr {
struct in_addr a4;
#if IS_ENABLED(CONFIG_IPV6)
@@ -1376,7 +1372,7 @@ union tcp_md5sum_block {
/* - pool: digest algorithm, hash description and scratch buffer */
struct tcp_md5sig_pool {
- struct hash_descmd5_desc;
+ struct ahash_request*md5_req;
union tcp_md5sum_block md5_blk;
};
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index fd17eec..91ffef3 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -247,6 +247,7 @@
#define pr_fmt(fmt) "TCP: " fmt
+#include
#include
#include
#include
@@ -266,7 +267,6 @@
#include
#include
#include
-#include
#include
#include
@@ -2939,17 +2939,26 @@ static bool tcp_md5sig_pool_populated = false;
static void __tcp_alloc_md5sig_pool(void)
{
+ struct crypto_ahash *hash;
int cpu;
+ hash = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR_OR_NULL(hash))
+ return;
+
for_each_possible_cpu(cpu) {
- if (!per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm) {
- struct crypto_hash *hash;
+ struct ahash_request *req;
- hash = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR_OR_NULL(hash))
- return;
- per_cpu(tcp_md5sig_pool, cpu).md5_desc.tfm = hash;
- }
+ if (per_cpu(tcp_md5sig_pool, cpu).md5_req)
+ continue;
+
+ req = ahash_request_alloc(hash, GFP_KERNEL);
+ if (!req)
+ return;
+
+ ahash_request_set_callback(req, 0, NULL, NULL);
+
+ per_cpu(tcp_md5sig_pool, cpu).md5_req = req;
}
/* before setting tcp_md5sig_pool_populated, we must commit all writes
* to memory. See smp_rmb() in tcp_get_md5sig_pool()
@@ -2999,7 +3008,6 @@ int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
{
struct scatterlist sg;
struct tcphdr hdr;
- int err;
/* We are not allowed to change tcphdr, make a local copy */
memcpy(&hdr, th, sizeof(hdr));
@@ -3007,8 +3015,8 @@ int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
/* options aren't included in the hash */
sg_init_one(&sg, &hdr, sizeof(hdr));
- err = crypto_hash_update(&hp->md5_desc, &sg, sizeof(hdr));
- return err;
+ ahash_request_set_crypt(hp->md5_req, &sg, NULL, sizeof(hdr));
+ return crypto_ahash_update(hp->md5_req);
}
EXPORT_SYMBOL(tcp_md5_hash_header);
@@ -3017,7 +3025,7 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
{
struct scatterlist sg;
const struct tcphdr *tp = tcp_hdr(skb);
- struct hash_desc *desc = &hp->md5_desc;
+ struct ahash_request *req = hp->md5_req;
unsigned int i;
const unsigned int head_data_len = skb_headlen(skb) > header_len ?
skb_headlen(skb) - header_len : 0;
@@ -3027,7 +3035,8 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
sg_init_table(&sg, 1);
sg_set_buf(&sg, ((u8 *) tp) + header_len, head_data_len);
- if (crypto_hash_update(desc, &sg, head_data_len))
+ ahash_request_set_crypt(req, &sg, NULL, head_data_len);
+ if (crypto_ahash_update(req))
return 1;
for (i = 0; i < shi->nr_frags; ++i) {
@@ -3037,7 +3046,8 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
sg_set_page(&sg, page, skb_frag_size(f),
offset_in_page(offset));
- if (crypto_hash_update(desc, &sg, skb_frag_size(f)))
+ ahash_request_set_crypt(req, &sg, NULL, skb_frag_size(f));
+ if (crypto_ahash_update(req))
return 1;
}
@@ -3054,7 +3064,8 @@ int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const
struct tcp_md5sig_key *ke
struct scatterlist sg;
sg_init_one(&sg, key->key, key->keylen);
- return crypto_hash_update(&hp->md5_desc, &sg, key->keylen);
+ ahash_request_set_crypt(hp->md5_req, &sg, NULL, key->keylen)
[PATCH 8/26] cifs: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
fs/cifs/cifsencrypt.c | 32 +---
fs/cifs/smbencrypt.c | 26 +++---
2 files changed, 40 insertions(+), 18 deletions(-)
diff --git a/fs/cifs/cifsencrypt.c b/fs/cifs/cifsencrypt.c
index afa09fc..d411654 100644
--- a/fs/cifs/cifsencrypt.c
+++ b/fs/cifs/cifsencrypt.c
@@ -33,6 +33,7 @@
#include
#include
#include
+#include
static int
cifs_crypto_shash_md5_allocate(struct TCP_Server_Info *server)
@@ -789,38 +790,46 @@ int
calc_seckey(struct cifs_ses *ses)
{
int rc;
- struct crypto_blkcipher *tfm_arc4;
+ struct crypto_skcipher *tfm_arc4;
struct scatterlist sgin, sgout;
- struct blkcipher_desc desc;
+ struct skcipher_request *req;
unsigned char sec_key[CIFS_SESS_KEY_SIZE]; /* a nonce */
get_random_bytes(sec_key, CIFS_SESS_KEY_SIZE);
- tfm_arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+ tfm_arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_arc4)) {
rc = PTR_ERR(tfm_arc4);
cifs_dbg(VFS, "could not allocate crypto API arc4\n");
return rc;
}
- desc.tfm = tfm_arc4;
-
- rc = crypto_blkcipher_setkey(tfm_arc4, ses->auth_key.response,
+ rc = crypto_skcipher_setkey(tfm_arc4, ses->auth_key.response,
CIFS_SESS_KEY_SIZE);
if (rc) {
cifs_dbg(VFS, "%s: Could not set response as a key\n",
__func__);
- return rc;
+ goto out_free_cipher;
+ }
+
+ req = skcipher_request_alloc(tfm_arc4, GFP_KERNEL);
+ if (!req) {
+ rc = -ENOMEM;
+ cifs_dbg(VFS, "could not allocate crypto API arc4 request\n");
+ goto out_free_cipher;
}
sg_init_one(&sgin, sec_key, CIFS_SESS_KEY_SIZE);
sg_init_one(&sgout, ses->ntlmssp->ciphertext, CIFS_CPHTXT_SIZE);
- rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, CIFS_CPHTXT_SIZE);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, &sgin, &sgout, CIFS_CPHTXT_SIZE, NULL);
+
+ rc = crypto_skcipher_encrypt(req);
+ skcipher_request_free(req);
if (rc) {
cifs_dbg(VFS, "could not encrypt session key rc: %d\n", rc);
- crypto_free_blkcipher(tfm_arc4);
- return rc;
+ goto out_free_cipher;
}
/* make secondary_key/nonce as session key */
@@ -828,7 +837,8 @@ calc_seckey(struct cifs_ses *ses)
/* and make len as that of session key only */
ses->auth_key.len = CIFS_SESS_KEY_SIZE;
- crypto_free_blkcipher(tfm_arc4);
+out_free_cipher:
+ crypto_free_skcipher(tfm_arc4);
return rc;
}
diff --git a/fs/cifs/smbencrypt.c b/fs/cifs/smbencrypt.c
index a4232ec..699b786 100644
--- a/fs/cifs/smbencrypt.c
+++ b/fs/cifs/smbencrypt.c
@@ -23,6 +23,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+#include
#include
#include
#include
@@ -70,31 +71,42 @@ smbhash(unsigned char *out, const unsigned char *in,
unsigned char *key)
{
int rc;
unsigned char key2[8];
- struct crypto_blkcipher *tfm_des;
+ struct crypto_skcipher *tfm_des;
struct scatterlist sgin, sgout;
- struct blkcipher_desc desc;
+ struct skcipher_request *req;
str_to_key(key, key2);
- tfm_des = crypto_alloc_blkcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
+ tfm_des = crypto_alloc_skcipher("ecb(des)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_des)) {
rc = PTR_ERR(tfm_des);
cifs_dbg(VFS, "could not allocate des crypto API\n");
goto smbhash_err;
}
- desc.tfm = tfm_des;
+ req = skcipher_request_alloc(tfm_des, GFP_KERNEL);
+ if (!req) {
+ rc = -ENOMEM;
+ cifs_dbg(VFS, "could not allocate des crypto API\n");
+ goto smbhash_free_skcipher;
+ }
- crypto_blkcipher_setkey(tfm_des, key2, 8);
+ crypto_skcipher_setkey(tfm_des, key2, 8);
sg_init_one(&sgin, in, 8);
sg_init_one(&sgout, out, 8);
- rc = crypto_blkcipher_encrypt(&desc, &sgout, &sgin, 8);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, &sgin, &sgout, 8, NULL);
+
+ rc = crypto_skcipher_encrypt(req);
if (rc)
cifs_dbg(VFS, "could not encrypt crypt key rc: %d\n", rc);
- crypto_free_blkcipher(tfm_des);
+ skcipher_request_free(req);
+
+smbhash_free_skcipher:
+ crypto_free_skcipher(tfm_des);
smbhash_err:
return rc;
}
[PATCH 14/26] KEYS: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
security/keys/encrypted-keys/encrypted.c | 82 ++-
1 file changed, 50 insertions(+), 32 deletions(-)
diff --git a/security/keys/encrypted-keys/encrypted.c
b/security/keys/encrypted-keys/encrypted.c
index 696ccfa..5adbfc3 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -28,11 +28,10 @@
#include
#include
#include
-#include
#include
#include
#include
-#include
+#include
#include "encrypted.h"
#include "ecryptfs_format.h"
@@ -85,17 +84,17 @@ static const match_table_t key_tokens = {
static int aes_get_sizes(void)
{
- struct crypto_blkcipher *tfm;
+ struct crypto_skcipher *tfm;
- tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
PTR_ERR(tfm));
return PTR_ERR(tfm);
}
- ivsize = crypto_blkcipher_ivsize(tfm);
- blksize = crypto_blkcipher_blocksize(tfm);
- crypto_free_blkcipher(tfm);
+ ivsize = crypto_skcipher_ivsize(tfm);
+ blksize = crypto_skcipher_blocksize(tfm);
+ crypto_free_skcipher(tfm);
return 0;
}
@@ -401,28 +400,37 @@ static int get_derived_key(u8 *derived_key, enum
derived_key_type key_type,
return ret;
}
-static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,
- unsigned int key_len, const u8 *iv,
- unsigned int ivsize)
+static struct skcipher_request *init_skcipher_req(const u8 *key,
+ unsigned int key_len)
{
+ struct skcipher_request *req;
+ struct crypto_skcipher *tfm;
int ret;
- desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
- if (IS_ERR(desc->tfm)) {
+ tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm)) {
pr_err("encrypted_key: failed to load %s transform (%ld)\n",
- blkcipher_alg, PTR_ERR(desc->tfm));
- return PTR_ERR(desc->tfm);
+ blkcipher_alg, PTR_ERR(tfm));
+ return ERR_CAST(tfm);
}
- desc->flags = 0;
- ret = crypto_blkcipher_setkey(desc->tfm, key, key_len);
+ ret = crypto_skcipher_setkey(tfm, key, key_len);
if (ret < 0) {
pr_err("encrypted_key: failed to setkey (%d)\n", ret);
- crypto_free_blkcipher(desc->tfm);
- return ret;
+ crypto_free_skcipher(tfm);
+ return ERR_PTR(ret);
}
- crypto_blkcipher_set_iv(desc->tfm, iv, ivsize);
- return 0;
+
+ req = skcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req) {
+ pr_err("encrypted_key: failed to allocate request for %s\n",
+ blkcipher_alg);
+ crypto_free_skcipher(tfm);
+ return ERR_PTR(-ENOMEM);
+ }
+
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ return req;
}
static struct key *request_master_key(struct encrypted_key_payload *epayload,
@@ -467,7 +475,8 @@ static int derived_key_encrypt(struct encrypted_key_payload
*epayload,
{
struct scatterlist sg_in[2];
struct scatterlist sg_out[1];
- struct blkcipher_desc desc;
+ struct crypto_skcipher *tfm;
+ struct skcipher_request *req;
unsigned int encrypted_datalen;
unsigned int padlen;
char pad[16];
@@ -476,9 +485,9 @@ static int derived_key_encrypt(struct encrypted_key_payload
*epayload,
encrypted_datalen = roundup(epayload->decrypted_datalen, blksize);
padlen = encrypted_datalen - epayload->decrypted_datalen;
- ret = init_blkcipher_desc(&desc, derived_key, derived_keylen,
- epayload->iv, ivsize);
- if (ret < 0)
+ req = init_skcipher_req(derived_key, derived_keylen);
+ ret = PTR_ERR(req);
+ if (IS_ERR(req))
goto out;
dump_decrypted_data(epayload);
@@ -491,8 +500,12 @@ static int derived_key_encrypt(struct
encrypted_key_payload *epayload,
sg_init_table(sg_out, 1);
sg_set_buf(sg_out, epayload->encrypted_data, encrypted_datalen);
- ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, encrypted_datalen);
- crypto_free_blkcipher(desc.tfm);
+ skcipher_request_set_crypt(req, sg_in, sg_out, encrypted_datalen,
+ epayload->iv);
+ ret = crypto_skcipher_encrypt(req);
+ tfm = crypto_skcipher_reqtfm(req);
+ skcipher_request_free(req);
+ crypto_free_skcipher(tfm);
if (ret < 0)
pr_err("encrypted_key:
[PATCH 7/26] wusb: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
drivers/usb/wusbcore/crypto.c | 30 --
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/drivers/usb/wusbcore/crypto.c b/drivers/usb/wusbcore/crypto.c
index 50ce80d..8ed8e34 100644
--- a/drivers/usb/wusbcore/crypto.c
+++ b/drivers/usb/wusbcore/crypto.c
@@ -45,6 +45,7 @@
* funneled through AES are...16 bytes in size!
*/
+#include
#include
#include
#include
@@ -195,21 +196,22 @@ static void bytewise_xor(void *_bo, const void *_bi1,
const void *_bi2,
* NOTE: blen is not aligned to a block size, we'll pad zeros, that's
* what sg[4] is for. Maybe there is a smarter way to do this.
*/
-static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
+static int wusb_ccm_mac(struct crypto_skcipher *tfm_cbc,
struct crypto_cipher *tfm_aes, void *mic,
const struct aes_ccm_nonce *n,
const struct aes_ccm_label *a, const void *b,
size_t blen)
{
int result = 0;
- struct blkcipher_desc desc;
+ SKCIPHER_REQUEST_ON_STACK(req, tfm_cbc);
struct aes_ccm_b0 b0;
struct aes_ccm_b1 b1;
struct aes_ccm_a ax;
struct scatterlist sg[4], sg_dst;
- void *iv, *dst_buf;
- size_t ivsize, dst_size;
+ void *dst_buf;
+ size_t dst_size;
const u8 bzero[16] = { 0 };
+ u8 iv[crypto_skcipher_ivsize(tfm_cbc)];
size_t zero_padding;
/*
@@ -232,9 +234,7 @@ static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
goto error_dst_buf;
}
- iv = crypto_blkcipher_crt(tfm_cbc)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm_cbc);
- memset(iv, 0, ivsize);
+ memset(iv, 0, sizeof(iv));
/* Setup B0 */
b0.flags = 0x59;/* Format B0 */
@@ -259,9 +259,11 @@ static int wusb_ccm_mac(struct crypto_blkcipher *tfm_cbc,
sg_set_buf(&sg[3], bzero, zero_padding);
sg_init_one(&sg_dst, dst_buf, dst_size);
- desc.tfm = tfm_cbc;
- desc.flags = 0;
- result = crypto_blkcipher_encrypt(&desc, &sg_dst, sg, dst_size);
+ skcipher_request_set_tfm(req, tfm_cbc);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg, &sg_dst, dst_size, iv);
+ result = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
if (result < 0) {
printk(KERN_ERR "E: can't compute CBC-MAC tag (MIC): %d\n",
result);
@@ -301,18 +303,18 @@ ssize_t wusb_prf(void *out, size_t out_size,
{
ssize_t result, bytes = 0, bitr;
struct aes_ccm_nonce n = *_n;
- struct crypto_blkcipher *tfm_cbc;
+ struct crypto_skcipher *tfm_cbc;
struct crypto_cipher *tfm_aes;
u64 sfn = 0;
__le64 sfn_le;
- tfm_cbc = crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+ tfm_cbc = crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm_cbc)) {
result = PTR_ERR(tfm_cbc);
printk(KERN_ERR "E: can't load CBC(AES): %d\n", (int)result);
goto error_alloc_cbc;
}
- result = crypto_blkcipher_setkey(tfm_cbc, key, 16);
+ result = crypto_skcipher_setkey(tfm_cbc, key, 16);
if (result < 0) {
printk(KERN_ERR "E: can't set CBC key: %d\n", (int)result);
goto error_setkey_cbc;
@@ -345,7 +347,7 @@ error_setkey_aes:
crypto_free_cipher(tfm_aes);
error_alloc_aes:
error_setkey_cbc:
- crypto_free_blkcipher(tfm_cbc);
+ crypto_free_skcipher(tfm_cbc);
error_alloc_cbc:
return result;
}
[PATCH 16/26] libceph: Use skcipher
This patch replaces uses of blkcipher with skcipher.
Signed-off-by: Herbert Xu
---
net/ceph/crypto.c | 97 +++---
1 file changed, 56 insertions(+), 41 deletions(-)
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index 42e8649..fb9cb2b 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -4,7 +4,8 @@
#include
#include
#include
-#include
+#include
+#include
#include
#include
@@ -79,9 +80,9 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key,
const char *inkey)
return 0;
}
-static struct crypto_blkcipher *ceph_crypto_alloc_cipher(void)
+static struct crypto_skcipher *ceph_crypto_alloc_cipher(void)
{
- return crypto_alloc_blkcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
+ return crypto_alloc_skcipher("cbc(aes)", 0, CRYPTO_ALG_ASYNC);
}
static const u8 *aes_iv = (u8 *)CEPH_AES_IV;
@@ -162,11 +163,11 @@ static int ceph_aes_encrypt(const void *key, int key_len,
{
struct scatterlist sg_in[2], prealloc_sg;
struct sg_table sg_out;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
- void *iv;
- int ivsize;
+ int ivsize = AES_BLOCK_SIZE;
+ char iv[ivsize];
size_t zero_padding = (0x10 - (src_len & 0x0f));
char pad[16];
@@ -184,11 +185,14 @@ static int ceph_aes_encrypt(const void *key, int key_len,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
memcpy(iv, aes_iv, ivsize);
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+ src_len + zero_padding, iv);
+
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
key, key_len, 1);
@@ -197,8 +201,8 @@ static int ceph_aes_encrypt(const void *key, int key_len,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
- ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
-src_len + zero_padding);
+ ret = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt failed %d\n", ret);
goto out_sg;
@@ -211,7 +215,7 @@ static int ceph_aes_encrypt(const void *key, int key_len,
out_sg:
teardown_sgtable(&sg_out);
out_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
return ret;
}
@@ -222,11 +226,11 @@ static int ceph_aes_encrypt2(const void *key, int
key_len, void *dst,
{
struct scatterlist sg_in[3], prealloc_sg;
struct sg_table sg_out;
- struct crypto_blkcipher *tfm = ceph_crypto_alloc_cipher();
- struct blkcipher_desc desc = { .tfm = tfm, .flags = 0 };
+ struct crypto_skcipher *tfm = ceph_crypto_alloc_cipher();
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
int ret;
- void *iv;
- int ivsize;
+ int ivsize = AES_BLOCK_SIZE;
+ char iv[ivsize];
size_t zero_padding = (0x10 - ((src1_len + src2_len) & 0x0f));
char pad[16];
@@ -245,11 +249,14 @@ static int ceph_aes_encrypt2(const void *key, int
key_len, void *dst,
if (ret)
goto out_tfm;
- crypto_blkcipher_setkey((void *)tfm, key, key_len);
- iv = crypto_blkcipher_crt(tfm)->iv;
- ivsize = crypto_blkcipher_ivsize(tfm);
+ crypto_skcipher_setkey((void *)tfm, key, key_len);
memcpy(iv, aes_iv, ivsize);
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
+ skcipher_request_set_crypt(req, sg_in, sg_out.sgl,
+ src1_len + src2_len + zero_padding, iv);
+
/*
print_hex_dump(KERN_ERR, "enc key: ", DUMP_PREFIX_NONE, 16, 1,
key, key_len, 1);
@@ -260,8 +267,8 @@ static int ceph_aes_encrypt2(const void *key, int key_len,
void *dst,
print_hex_dump(KERN_ERR, "enc pad: ", DUMP_PREFIX_NONE, 16, 1,
pad, zero_padding, 1);
*/
- ret = crypto_blkcipher_encrypt(&desc, sg_out.sgl, sg_in,
-src1_len + src2_len + zero_padding);
+ ret = crypto_skcipher_encrypt(req);
+ skcipher_request_zero(req);
if (ret < 0) {
pr_err("ceph_aes_crypt2 failed %d\n", ret);
goto out_sg;
@@ -274,7 +281,7 @@ static int ceph_aes_encrypt2(const void *key, int key_
[PATCH 2/26] ppp_mppe: Use skcipher and ahash
This patch replaces uses of blkcipher with skcipher, and the long
obsolete hash interface with ahash. This is a bug-for-bug conversion
and no attempt has been made to fix bugs such as the ignored return
values of the crypto operations.
Signed-off-by: Herbert Xu
---
drivers/net/ppp/ppp_mppe.c | 99 ++---
1 file changed, 58 insertions(+), 41 deletions(-)
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
index 05005c6..f60f766 100644
--- a/drivers/net/ppp/ppp_mppe.c
+++ b/drivers/net/ppp/ppp_mppe.c
@@ -42,6 +42,8 @@
*deprecated in 2.6
*/
+#include
+#include
#include
#include
#include
@@ -49,7 +51,6 @@
#include
#include
#include
-#include
#include
#include
#include
@@ -94,8 +95,8 @@ static inline void sha_pad_init(struct sha_pad *shapad)
* State for an MPPE (de)compressor.
*/
struct ppp_mppe_state {
- struct crypto_blkcipher *arc4;
- struct crypto_hash *sha1;
+ struct crypto_skcipher *arc4;
+ struct crypto_ahash *sha1;
unsigned char *sha1_digest;
unsigned char master_key[MPPE_MAX_KEY_LEN];
unsigned char session_key[MPPE_MAX_KEY_LEN];
@@ -135,7 +136,7 @@ struct ppp_mppe_state {
*/
static void get_new_key_from_sha(struct ppp_mppe_state * state)
{
- struct hash_desc desc;
+ AHASH_REQUEST_ON_STACK(req, state->sha1);
struct scatterlist sg[4];
unsigned int nbytes;
@@ -148,10 +149,12 @@ static void get_new_key_from_sha(struct ppp_mppe_state *
state)
nbytes += setup_sg(&sg[3], sha_pad->sha_pad2,
sizeof(sha_pad->sha_pad2));
- desc.tfm = state->sha1;
- desc.flags = 0;
+ ahash_request_set_tfm(req, state->sha1);
+ ahash_request_set_callback(req, 0, NULL, NULL);
+ ahash_request_set_crypt(req, sg, state->sha1_digest, nbytes);
- crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
+ crypto_ahash_digest(req);
+ ahash_request_zero(req);
}
/*
@@ -161,20 +164,23 @@ static void get_new_key_from_sha(struct ppp_mppe_state *
state)
static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
{
struct scatterlist sg_in[1], sg_out[1];
- struct blkcipher_desc desc = { .tfm = state->arc4 };
+ SKCIPHER_REQUEST_ON_STACK(req, state->arc4);
+
+ skcipher_request_set_tfm(req, state->arc4);
+ skcipher_request_set_callback(req, 0, NULL, NULL);
get_new_key_from_sha(state);
if (!initial_key) {
- crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
- state->keylen);
+ crypto_skcipher_setkey(state->arc4, state->sha1_digest,
+ state->keylen);
sg_init_table(sg_in, 1);
sg_init_table(sg_out, 1);
setup_sg(sg_in, state->sha1_digest, state->keylen);
setup_sg(sg_out, state->session_key, state->keylen);
- if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
-state->keylen) != 0) {
+ skcipher_request_set_crypt(req, sg_in, sg_out, state->keylen,
+ NULL);
+ if (crypto_skcipher_encrypt(req))
printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
- }
} else {
memcpy(state->session_key, state->sha1_digest, state->keylen);
}
@@ -184,7 +190,8 @@ static void mppe_rekey(struct ppp_mppe_state * state, int
initial_key)
state->session_key[1] = 0x26;
state->session_key[2] = 0x9e;
}
- crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen);
+ crypto_skcipher_setkey(state->arc4, state->session_key, state->keylen);
+ skcipher_request_zero(req);
}
/*
@@ -204,19 +211,19 @@ static void *mppe_alloc(unsigned char *options, int
optlen)
goto out;
- state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
+ state->arc4 = crypto_alloc_skcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(state->arc4)) {
state->arc4 = NULL;
goto out_free;
}
- state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
+ state->sha1 = crypto_alloc_ahash("sha1", 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(state->sha1)) {
state->sha1 = NULL;
goto out_free;
}
- digestsize = crypto_hash_digestsize(state->sha1);
+ digestsize = crypto_ahash_digestsize(state->sha1);
if (digestsize < MPPE_MAX_KEY_LEN)
goto out_free;
@@ -237,15 +244,12 @@ static void *mppe_alloc(unsigned char *options, int
optlen)
return (void *)state;
- out_free:
- if (state->sha1_digest)
- kfree(state->sha1_digest);
-
[PATCH 1/26] block: cryptoloop - Use new skcipher interface
This patch replaces uses of blkcipher with the new skcipher
interface.
Signed-off-by: Herbert Xu
---
drivers/block/cryptoloop.c | 48 +++--
1 file changed, 25 insertions(+), 23 deletions(-)
diff --git a/drivers/block/cryptoloop.c b/drivers/block/cryptoloop.c
index 99e773c..3d31761 100644
--- a/drivers/block/cryptoloop.c
+++ b/drivers/block/cryptoloop.c
@@ -21,9 +21,9 @@
#include
+#include
#include
#include
-#include
#include
#include
#include
@@ -46,7 +46,7 @@ cryptoloop_init(struct loop_device *lo, const struct
loop_info64 *info)
char *cipher;
char *mode;
char *cmsp = cms; /* c-m string pointer */
- struct crypto_blkcipher *tfm;
+ struct crypto_skcipher *tfm;
/* encryption breaks for non sector aligned offsets */
@@ -82,12 +82,12 @@ cryptoloop_init(struct loop_device *lo, const struct
loop_info64 *info)
*cmsp++ = ')';
*cmsp = 0;
- tfm = crypto_alloc_blkcipher(cms, 0, CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_skcipher(cms, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm))
return PTR_ERR(tfm);
- err = crypto_blkcipher_setkey(tfm, info->lo_encrypt_key,
- info->lo_encrypt_key_size);
+ err = crypto_skcipher_setkey(tfm, info->lo_encrypt_key,
+info->lo_encrypt_key_size);
if (err != 0)
goto out_free_tfm;
@@ -96,17 +96,14 @@ cryptoloop_init(struct loop_device *lo, const struct
loop_info64 *info)
return 0;
out_free_tfm:
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
out:
return err;
}
-typedef int (*encdec_cbc_t)(struct blkcipher_desc *desc,
- struct scatterlist *sg_out,
- struct scatterlist *sg_in,
- unsigned int nsg);
+typedef int (*encdec_cbc_t)(struct skcipher_request *req);
static int
cryptoloop_transfer(struct loop_device *lo, int cmd,
@@ -114,11 +111,8 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
struct page *loop_page, unsigned loop_off,
int size, sector_t IV)
{
- struct crypto_blkcipher *tfm = lo->key_data;
- struct blkcipher_desc desc = {
- .tfm = tfm,
- .flags = CRYPTO_TFM_REQ_MAY_SLEEP,
- };
+ struct crypto_skcipher *tfm = lo->key_data;
+ SKCIPHER_REQUEST_ON_STACK(req, tfm);
struct scatterlist sg_out;
struct scatterlist sg_in;
@@ -127,6 +121,10 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
unsigned in_offs, out_offs;
int err;
+ skcipher_request_set_tfm(req, tfm);
+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
+ NULL, NULL);
+
sg_init_table(&sg_out, 1);
sg_init_table(&sg_in, 1);
@@ -135,13 +133,13 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
in_offs = raw_off;
out_page = loop_page;
out_offs = loop_off;
- encdecfunc = crypto_blkcipher_crt(tfm)->decrypt;
+ encdecfunc = crypto_skcipher_decrypt;
} else {
in_page = loop_page;
in_offs = loop_off;
out_page = raw_page;
out_offs = raw_off;
- encdecfunc = crypto_blkcipher_crt(tfm)->encrypt;
+ encdecfunc = crypto_skcipher_encrypt;
}
while (size > 0) {
@@ -152,10 +150,10 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
sg_set_page(&sg_in, in_page, sz, in_offs);
sg_set_page(&sg_out, out_page, sz, out_offs);
- desc.info = iv;
- err = encdecfunc(&desc, &sg_out, &sg_in, sz);
+ skcipher_request_set_crypt(req, &sg_in, &sg_out, sz, iv);
+ err = encdecfunc(req);
if (err)
- return err;
+ goto out;
IV++;
size -= sz;
@@ -163,7 +161,11 @@ cryptoloop_transfer(struct loop_device *lo, int cmd,
out_offs += sz;
}
- return 0;
+ err = 0;
+
+out:
+ skcipher_request_zero(req);
+ return err;
}
static int
@@ -175,9 +177,9 @@ cryptoloop_ioctl(struct loop_device *lo, int cmd, unsigned
long arg)
static int
cryptoloop_release(struct loop_device *lo)
{
- struct crypto_blkcipher *tfm = lo->key_data;
+ struct crypto_skcipher *tfm = lo->key_data;
if (tfm != NULL) {
- crypto_free_blkcipher(tfm);
+ crypto_free_skcipher(tfm);
lo->key_data = NULL;
return 0;
}
[PATCH 0/26] crypto: Use skcipher and ahash/shash where possible
Hi: The crypto hash interface has been obsolete for many years and this series converts all remaining users to shash and ahash as appropriate. Despite the name ahash can be used synchronously and is the preferred interface for those dealing with SGs. The blkcipher and ablkcipher interfaces are also being phased out and is being replaced with the merged skcipher interface which is essentially the same as ablkcipher but without the implicit IV generators. This series converts all users of blkcipher and ablkcipher over to skcipher. If you have any objections please shout. Otherwise I would like to take these patches through the cryptodev tree so we can proceed with phasing out the obsolete interfaces. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH/RFC v3 net-next] ravb: Add dma queue interrupt support
Hi Sergei,
2016-01-24 7:17 GMT+09:00 Sergei Shtylyov :
> Hello.
>
> On 01/17/2016 01:55 PM, Yoshihiro Kaneko wrote:
>
>> From: Kazuya Mizuguchi
>>
>> This patch supports the following interrupts.
>>
>> - One interrupt for multiple (descriptor, error, management)
>> - One interrupt for emac
>> - Four interrupts for dma queue (best effort rx/tx, network control rx/tx)
>>
>> This patch improve efficiency of the interrupt handler by adding the
>> interrupt handler corresponding to each interrupt source described
>> above. Additionally, it reduces the number of times of the access to
>> EthernetAVB IF.
>
>
>Not sure I got the last sentence right... Did you mean that we save on
> the register reads?
Yes, I meant that.
>Yet another reason could be that we don't want to depend on the boot
> loader's whim any more...
>
>> Signed-off-by: Kazuya Mizuguchi
>> Signed-off-by: Yoshihiro Kaneko
>> ---
>>
>> This patch is based on the master branch of David Miller's next networking
>> tree.
>>
>> v3 [Yoshihiro Kaneko]
>> * compile tested only
>
>
>Doesn't sound very encouraging... couldn't you manage to re-test the
> patch before Dave merges it?
I will talk to Simon Horman.
>
> [...]
>>
>> diff --git a/drivers/net/ethernet/renesas/ravb.h
>> b/drivers/net/ethernet/renesas/ravb.h
>> index 9fbe92a..385f06b 100644
>> --- a/drivers/net/ethernet/renesas/ravb.h
>> +++ b/drivers/net/ethernet/renesas/ravb.h
>
> [...]
>>
>> @@ -556,6 +566,18 @@ enum ISS_BIT {
>> ISS_DPS15 = 0x8000,
>> };
>>
>> +/* CIE
>> + * R-Car Gen3 only
>> + */
>
>
>I'd be more happy with one line comment like:
>
> /* CIE (R-Car Gen3 only) */
Agreed.
>
> [...]
>>
>> @@ -592,6 +614,212 @@ enum GIS_BIT {
>> GIS_PTMF= 0x0004,
>> };
>>
>> +/* GIE
>> + * R-Car Gen3 only
>> + */
>> +enum GIE_BIT {
>
> [...]
>>
>> + GIE_ALL = 0x03ff,
>
>
>GIE_ALL isn't used, no need to define it.
Agreed.
>
>> +};
>> +
>> +/* GID
>> + * R-Car Gen3 only
>> + */
>> +enum GID_BIT {
>
> [...]
>>
>> + GID_ALL = 0x03ff,
>
>
>Not used any more.
>
>> +};
>> +
>> +/* RIE0
>> + * R-Car Gen3 only
>> + */
>> +enum RIE0_BIT {
>
> [...]
>>
>> + RIE0_ALL= 0x0003,
>
>
>Likewise.
>
>> +};
>> +
>> +/* RID0
>> + * R-Car Gen3 only
>> + */
>> +enum RID0_BIT {
>
> [...]
>>
>> + RID0_ALL= 0x0003,
>
>
>Likewise.
>
>> +};
>> +
>> +/* RIE2
>> + * R-Car Gen3 only
>> + */
>> +enum RIE2_BIT {
>
> [...]
>>
>> + RIE2_ALL= 0x8003,
>
>
>Likewise.
>
>> +};
>> +
>> +/* RID2
>> + * R-Car Gen3 only
>> + */
>> +enum RID2_BIT {
>
>
>> + RID2_ALL= 0x8003,
>
>
> Likewise.
>
>> +};
>> +
>> +/* TIE
>> + * R-Car Gen3 only
>> + */
>> +enum TIE_BIT {
>
> [...]
>>
>> + TIE_ALL = 0x000f0f0f,
>
>
>Likewise.
>
>> +};
>> +
>> +/* TID
>> + * R-Car Gen3 only
>> + */
>> +enum TID_BIT {
>
> [...]
>>
>> + TID_ALL = 0x000f0f0f,
>
>
>Likewise.
>
> [...]
>>
>> diff --git a/drivers/net/ethernet/renesas/ravb_main.c
>> b/drivers/net/ethernet/renesas/ravb_main.c
>> index ac43ed9..4c4912e0 100644
>> --- a/drivers/net/ethernet/renesas/ravb_main.c
>> +++ b/drivers/net/ethernet/renesas/ravb_main.c
>> @@ -42,6 +42,16 @@
>> NETIF_MSG_RX_ERR | \
>> NETIF_MSG_TX_ERR)
>>
>> +static const char *ravb_rx_irqs[NUM_RX_QUEUE] = {
>> + "ch0", /* RAVB_BE */
>> + "ch1", /* RAVB_NC */
>> +};
>> +
>> +static const char *ravb_tx_irqs[NUM_TX_QUEUE] = {
>> + "ch18", /* RAVB_BE */
>> + "ch19", /* RAVB_NC */
>> +};
>> +
>
>
>Do what you wish but I don't like these...
I think there is no problem.
>
> [...]
>>
>> @@ -693,7 +722,7 @@ static void ravb_error_interrupt(struct net_device
>> *ndev)
>> if (ris2 & RIS2_QFF0)
>> priv->stats[RAVB_BE].rx_over_errors++;
>>
>> - /* Receive Descriptor Empty int */
>> + /* Receive Descriptor Empty int */
>
>
>It's not even a "drove-by" change, please don't do this here, submit a
> separate patch (or I can do it).
Got it.
I remove this change from the patch.
>
> [...]
>
>> @@ -773,6 +829,55 @@ static irqreturn_t ravb_interrupt(int irq, void
>> *dev_id)
>> return result;
>> }
>>
>> +static irqreturn_t ravb_dmaq_interrupt(int irq, void *dev_id, int
>> ravb_queue)
>> +{
>> + struct net_device *ndev = dev_id;
>> + struct ravb_private *priv = netdev_priv(ndev);
>> + irqreturn_t result = IRQ_NONE;
>> + u32 ris0, ric0, tis, tic;
>> + int q = ravb_queue;
>> +
>> + spin_lock(&priv->lock);
>> +
>> + ris0 = ravb_read(ndev, RIS0);
>> + ric0 = ravb_read(ndev, RIC0);
>> + tis = ravb_read(ndev, TIS);
>> + tic = ravb_read(ndev, TIC);
>> +
>> + /* Timestamp updated */
>> + if (tis & TIS_TFUF) {
>> + ravb_write(ndev, TID_TFUD, TID);
>> + ravb_get_tx_tstamp(ndev);
>> +
[PATCH v2] net: dsa: fix mv88e6xxx switches
Since commit 76e398a62712 ("net: dsa: use switchdev obj for VLAN add/del
ops"), the Marvell 88E6xxx switch has been unable to pass traffic
between ports - any received traffic is discarded by the switch.
Taking a port out of bridge mode and configuring a vlan on it also the
port to start passing traffic.
With the debugfs files re-instated to allow debug of this issue by
comparing the register settings between the working and non-working
case, the reason becomes clear:
GLOBAL GLOBAL2 SERDES 0123456
- 7: 707f2001 2222202
+ 7: 707f2001 1111101
Register 7 for the ports is the default vlan tag register, and in the
non-working setup, it has been set to 2, despite vlan 2 not being
configured. This causes the switch to drop all packets coming in to
these ports. The working setup has the default vlan tag register set
to 1, which is the default vlan when none is configured.
Inspection of the code reveals why. The code prior to this commit
was:
- for (vid = vlan->vid_begin; vid <= vlan->vid_end; ++vid) {
...
- if (!err && vlan->flags & BRIDGE_VLAN_INFO_PVID)
- err = ds->drv->port_pvid_set(ds, p->port, vid);
but the new code is:
+ for (vid = vlan->vid_begin; vid <= vlan->vid_end; ++vid) {
...
+ }
...
+ if (pvid)
+ err = _mv88e6xxx_port_pvid_set(ds, port, vid);
This causes the new code to always set the default vlan to one higher
than the old code.
Fix this.
Fixes: 76e398a62712 ("net: dsa: use switchdev obj for VLAN add/del ops")
Cc:
Signed-off-by: Russell King
---
v2: simpler fix
drivers/net/dsa/mv88e6xxx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/dsa/mv88e6xxx.c b/drivers/net/dsa/mv88e6xxx.c
index b06dba05594a..84b0a93559b2 100644
--- a/drivers/net/dsa/mv88e6xxx.c
+++ b/drivers/net/dsa/mv88e6xxx.c
@@ -1519,7 +1519,7 @@ int mv88e6xxx_port_vlan_add(struct dsa_switch *ds, int
port,
/* no PVID with ranges, otherwise it's a bug */
if (pvid)
- err = _mv88e6xxx_port_pvid_set(ds, port, vid);
+ err = _mv88e6xxx_port_pvid_set(ds, port, vlan->vid_end);
unlock:
mutex_unlock(&ps->smi_mutex);
--
2.1.0
Re: Mis-backport in af_unix patch for Linux 3.10.95
Hello,
On Sun, Jan 24, 2016 at 12:10:35AM -0500, Sultan Qasim wrote:
> Hello all,
>
> I'm an outsider to the Linux kernel community, so I apologize if this
> is not the right channel to mention this.
The simple fact that you participate, inspect the code and report bugs
makes you part of this community :-) It's indeed the right place.
Usually when reporting an issue with a commit, we also CC the whole
signed-off-by / CC chain of that commit (which I'm doing now). For
bugs related to networking, we usually CC the netdev list as well.
> I noticed that the
> backported version of the patch "af_unix: Revert 'lock_interruptible'
> in stream receive code" in Linux 3.10.95 seems to have removed the
> mutex_lock_interruptible from the wrong function.
>
> Here is the backported patch:
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=3a57e783016bf43ab9326172217f564941b85b17
>
> Here is the original:
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/unix/af_unix.c?id=3822b5c2fc62e3de8a0f33806ff279fb7df92432
>
> Was it not meant to be removed from unix_stream_recvmsg instead of
> unix_dgram_recvmsg?
You're absolutely right, good catch! Similar controls were added to
both functions resulting in the same code appearing there, which
confused the patch process, causing the change to be applied to the
wrong location. This happens from time to time in such circumstances
when backporting to older kernels.
> Also, the variable called "noblock" needs to be
> removed from the function being changed to prevent unused variable
> warnings.
If you mean this variable in function unix_dgram_recvmsg(), it would
indeed report a warning but only due to the patch being mis-applied.
In unix_stream_recvmsg(), it's still used as well.
Does the attached patch seem better to you (not compile-tested) ?
Greg/Ben, both 3.2.76 and 3.14.59 are OK regarding this, it seems
like only 3.10.95 was affected.
Thanks,
Willy
>From 77f6e82adf349cbccf7e2ec7601b25c994e0b483 Mon Sep 17 00:00:00 2001
From: Willy Tarreau
Date: Sun, 24 Jan 2016 09:19:57 +0100
Subject: af_unix: fix incorrect revert of 'lock_interruptible' in stream
receive code
As reported by Sultan Qasim, commit 3822b5c ("af_unix: Revert
'lock_interruptible' in stream receive code") was accidently applied
at the wrong place in the backport that appeared in 3.10.95, it
affected unix_dgram_recvmsg() instead of unix_stream_recvmsg() due
to now similar code sections there. The dgram part needs to remain
but the stream part needs to be removed.
Reported-By: Sultan Qasim
Fixes: 3a57e78 (3.10.95)
Signed-off-by: Willy Tarreau
---
net/unix/af_unix.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index f934e7b..0061d00 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1934,7 +1934,14 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct
socket *sock,
if (flags&MSG_OOB)
goto out;
- mutex_lock(&u->readlock);
+ err = mutex_lock_interruptible(&u->readlock);
+ if (unlikely(err)) {
+ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
+* sk_rcvtimeo is not honored by mutex_lock_interruptible()
+*/
+ err = noblock ? -EAGAIN : -ERESTARTSYS;
+ goto out;
+ }
skip = sk_peek_offset(sk, flags);
@@ -2083,14 +2090,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb,
struct socket *sock,
memset(&tmp_scm, 0, sizeof(tmp_scm));
}
- err = mutex_lock_interruptible(&u->readlock);
- if (unlikely(err)) {
- /* recvmsg() in non blocking mode is supposed to return -EAGAIN
-* sk_rcvtimeo is not honored by mutex_lock_interruptible()
-*/
- err = noblock ? -EAGAIN : -ERESTARTSYS;
- goto out;
- }
+ mutex_lock(&u->readlock);
do {
int chunk;
--
1.7.12.2.21.g234cd45.dirty
