1. 16 Jul, 2020 32 commits
  2. 09 Jul, 2020 8 commits
    • Ard Biesheuvel's avatar
      crypto: arm/ghash - use variably sized key struct · 3d2df845
      Ard Biesheuvel authored
      Of the two versions of GHASH that the ARM driver implements, only one
      performs aggregation, and so the other one has no use for the powers
      of H to be precomputed, or space to be allocated for them in the key
      struct. So make the context size dependent on which version is being
      selected, and while at it, use a static key to carry this decision,
      and get rid of the function pointer.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3d2df845
    • Ard Biesheuvel's avatar
      crypto: arm64/gcm - use inline helper to suppress indirect calls · e4f87485
      Ard Biesheuvel authored
      Introduce an inline wrapper for ghash_do_update() that incorporates
      the indirect call to the asm routine that is passed as an argument,
      and keep the non-SIMD fallback code out of line. This ensures that
      all references to the function pointer are inlined where the address
      is taken, removing the need for any indirect calls to begin with.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      e4f87485
    • Ard Biesheuvel's avatar
      crypto: arm64/gcm - use variably sized key struct · 17d0fb1f
      Ard Biesheuvel authored
      Now that the ghash and gcm drivers are split, we no longer need to allocate
      a key struct for the former that carries powers of H that are only used by
      the latter. Also, take this opportunity to clean up the code a little bit.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      17d0fb1f
    • Ard Biesheuvel's avatar
      crypto: arm64/gcm - disentangle ghash and gcm setkey() routines · 94fe4501
      Ard Biesheuvel authored
      The remaining ghash implementation does not support aggregation, and so
      there is no point in including the precomputed powers of H in the key
      struct. So move that into the GCM setkey routine, and get rid of the
      shared sub-routine entirely.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      94fe4501
    • Ard Biesheuvel's avatar
      crypto: arm64/ghash - drop PMULL based shash · 37b6aab6
      Ard Biesheuvel authored
      There are two ways to implement SIMD accelerated GCM on arm64:
      - using the PMULL instructions for carryless 64x64->128 multiplication,
        in which case the architecture guarantees that the AES instructions are
        available as well, and so we can use the AEAD implementation that combines
        both,
      - using the PMULL instructions for carryless 8x8->16 bit multiplication,
        which is implemented as a shash, and can be combined with any ctr(aes)
        implementation by the generic GCM AEAD template driver.
      
      So let's drop the 64x64->128 shash driver, which is never needed for GCM,
      and not suitable for use anywhere else.
      Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      37b6aab6
    • Barry Song's avatar
      crypto: hisilicon/zip - permit users to specify NUMA node · 813ec3f1
      Barry Song authored
      If users don't specify NUMA node, the driver will use the ZIP module near
      the CPU allocating acomp. Otherwise, it uses the ZIP module according to
      the requirement of users.
      
      Cc: Zhou Wang <wangzhou1@hisilicon.com>
      Signed-off-by: default avatarBarry Song <song.bao.hua@hisilicon.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      813ec3f1
    • Barry Song's avatar
      crypto: api - permit users to specify numa node of acomp hardware · 7bc13b5b
      Barry Song authored
      For a Linux server with NUMA, there are possibly multiple (de)compressors
      which are either local or remote to some NUMA node. Some drivers will
      automatically use the (de)compressor near the CPU calling acomp_alloc().
      However, it is not necessarily correct because users who send acomp_req
      could be from different NUMA node with the CPU which allocates acomp.
      
      Just like kernel has kmalloc() and kmalloc_node(), here crypto can have
      same support.
      
      Cc: Seth Jennings <sjenning@redhat.com>
      Cc: Dan Streetman <ddstreet@ieee.org>
      Cc: Vitaly Wool <vitaly.wool@konsulko.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: default avatarBarry Song <song.bao.hua@hisilicon.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      7bc13b5b
    • Sedat Dilek's avatar
      crypto: aesni - Fix build with LLVM_IAS=1 · 3347c8a0
      Sedat Dilek authored
      When building with LLVM_IAS=1 means using Clang's Integrated Assembly (IAS)
      from LLVM/Clang >= v10.0.1-rc1+ instead of GNU/as from GNU/binutils
      I see the following breakage in Debian/testing AMD64:
      
      <instantiation>:15:74: error: too many positional arguments
       PRECOMPUTE 8*3+8(%rsp), %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
                                                                               ^
       arch/x86/crypto/aesni-intel_asm.S:1598:2: note: while in macro instantiation
       GCM_INIT %r9, 8*3 +8(%rsp), 8*3 +16(%rsp), 8*3 +24(%rsp)
       ^
      <instantiation>:47:2: error: unknown use of instruction mnemonic without a size suffix
       GHASH_4_ENCRYPT_4_PARALLEL_dec %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, enc
       ^
      arch/x86/crypto/aesni-intel_asm.S:1599:2: note: while in macro instantiation
       GCM_ENC_DEC dec
       ^
      <instantiation>:15:74: error: too many positional arguments
       PRECOMPUTE 8*3+8(%rsp), %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
                                                                               ^
      arch/x86/crypto/aesni-intel_asm.S:1686:2: note: while in macro instantiation
       GCM_INIT %r9, 8*3 +8(%rsp), 8*3 +16(%rsp), 8*3 +24(%rsp)
       ^
      <instantiation>:47:2: error: unknown use of instruction mnemonic without a size suffix
       GHASH_4_ENCRYPT_4_PARALLEL_enc %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, %xmm8, enc
       ^
      arch/x86/crypto/aesni-intel_asm.S:1687:2: note: while in macro instantiation
       GCM_ENC_DEC enc
      
      Craig Topper suggested me in ClangBuiltLinux issue #1050:
      
      > I think the "too many positional arguments" is because the parser isn't able
      > to handle the trailing commas.
      >
      > The "unknown use of instruction mnemonic" is because the macro was named
      > GHASH_4_ENCRYPT_4_PARALLEL_DEC but its being instantiated with
      > GHASH_4_ENCRYPT_4_PARALLEL_dec I guess gas ignores case on the
      > macro instantiation, but llvm doesn't.
      
      First, I removed the trailing comma in the PRECOMPUTE line.
      
      Second, I substituted:
      1. GHASH_4_ENCRYPT_4_PARALLEL_DEC -> GHASH_4_ENCRYPT_4_PARALLEL_dec
      2. GHASH_4_ENCRYPT_4_PARALLEL_ENC -> GHASH_4_ENCRYPT_4_PARALLEL_enc
      
      With these changes I was able to build with LLVM_IAS=1 and boot on bare metal.
      
      I confirmed that this works with Linux-kernel v5.7.5 final.
      
      NOTE: This patch is on top of Linux v5.7 final.
      
      Thanks to Craig and especially Nick for double-checking and his comments.
      Suggested-by: default avatarCraig Topper <craig.topper@intel.com>
      Suggested-by: default avatarCraig Topper <craig.topper@gmail.com>
      Suggested-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Cc: "ClangBuiltLinux" <clang-built-linux@googlegroups.com>
      Link: https://github.com/ClangBuiltLinux/linux/issues/1050
      Link: https://bugs.llvm.org/show_bug.cgi?id=24494Signed-off-by: default avatarSedat Dilek <sedat.dilek@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      3347c8a0