1. 11 Aug, 2015 1 commit
    • Jan Stancek's avatar
      crypto: nx - respect sg limit bounds when building sg lists for SHA · d3392f41
      Jan Stancek authored
      Commit 00085111 changed sha256/512 update functions to
      pass more data to nx_build_sg_list(), which ends with
      sg list overflows and usually with update functions failing
      for data larger than max_sg_len * NX_PAGE_SIZE.
      
      This happens because:
      - both "total" and "to_process" are updated, which leads to
        "to_process" getting overflowed for some data lengths
        For example:
          In first iteration "total" is 50, and let's assume "to_process"
          is 30 due to sg limits. At the end of first iteration "total" is
          set to 20. At start of 2nd iteration "to_process" overflows on:
            to_process = total - to_process;
      - "in_sg" is not reset to nx_ctx->in_sg after each iteration
      - nx_build_sg_list() is hitting overflow because the amount of data
        passed to it would require more than sgmax elements
      - as consequence of previous item, data stored in overflowed sg list
        may no longer be aligned to SHA*_BLOCK_SIZE
      
      This patch changes sha256/512 update functions so that "to_process"
      respects sg limits and never tries to pass more data to
      nx_build_sg_list() to avoid overflows. "to_process" is calculated
      as minimum of "total" and sg limits at start of every iteration.
      
      Fixes: 00085111 ("crypto: nx - Fix SHA concurrence issue and sg
      		      limit bounds")
      Signed-off-by: default avatarJan Stancek <jstancek@redhat.com>
      Cc: stable@vger.kernel.org
      Cc: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
      Cc: Marcelo Henrique Cerri <mhcerri@linux.vnet.ibm.com>
      Cc: Fionnuala Gunter <fin@linux.vnet.ibm.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d3392f41
  2. 10 Aug, 2015 1 commit
    • Herbert Xu's avatar
      crypto: authencesn - Fix breakage with new ESP code · 443c0d7e
      Herbert Xu authored
      The ESP code has been updated to generate a completely linear
      AD SG list.  This unfortunately broke authencesn which expects
      the AD to be divided into at least three parts.
      
      This patch fixes it to cope with the new format.  Later we will
      fix it properly to accept arbitrary input and not rely on the
      input being linear as part of the AEAD conversion.
      
      Fixes: 7021b2e1 ("esp4: Switch to new AEAD interface")
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      443c0d7e
  3. 28 Jul, 2015 1 commit
  4. 23 Jul, 2015 2 commits
  5. 08 Jul, 2015 1 commit
    • Herbert Xu's avatar
      crypto: nx - Fix reentrancy bugs · 030f4e96
      Herbert Xu authored
      This patch fixes a host of reentrancy bugs in the nx driver.  The
      following algorithms are affected:
      
      * CCM
      * GCM
      * CTR
      * XCBC
      * SHA256
      * SHA512
      
      The crypto API allows a single transform to be used by multiple
      threads simultaneously.  For example, IPsec will use a single tfm
      to process packets for a given SA.  As packets may arrive on
      multiple CPUs that tfm must be reentrant.
      
      The nx driver does try to deal with this by using a spin lock.
      Unfortunately only the basic AES/CBC/ECB algorithms do this in
      the correct way.
      
      The symptom of these bugs may range from the generation of incorrect
      output to memory corruption.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      030f4e96
  6. 06 Jul, 2015 1 commit
    • Vutla, Lokesh's avatar
      crypto: omap-des - Fix unmapping of dma channels · acb33cc5
      Vutla, Lokesh authored
      dma_unmap_sg() is being called twice after completing the
      task. Looks like this is a copy paste error when creating
      des driver.
      With this the following warn appears during boot:
      
      [    4.210457] ------------[ cut here ]------------
      [    4.215114] WARNING: CPU: 0 PID: 0 at lib/dma-debug.c:1080 check_unmap+0x710/0x9a0()
      [    4.222899] omap-des 480a5000.des: DMA-API: device driver tries to free DMA memory it has not allocated [device address=0x00000000ab2ce000] [size=8 bytes]
      [    4.236785] Modules linked in:
      [    4.239860] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.39-02999-g1bc045a-dirty #182
      [    4.247918] [<c001678c>] (unwind_backtrace) from [<c0012574>] (show_stack+0x10/0x14)
      [    4.255710] [<c0012574>] (show_stack) from [<c05a37e8>] (dump_stack+0x84/0xb8)
      [    4.262977] [<c05a37e8>] (dump_stack) from [<c0046464>] (warn_slowpath_common+0x68/0x8c)
      [    4.271107] [<c0046464>] (warn_slowpath_common) from [<c004651c>] (warn_slowpath_fmt+0x30/0x40)
      [    4.279854] [<c004651c>] (warn_slowpath_fmt) from [<c02d50a4>] (check_unmap+0x710/0x9a0)
      [    4.287991] [<c02d50a4>] (check_unmap) from [<c02d5478>] (debug_dma_unmap_sg+0x90/0x19c)
      [    4.296128] [<c02d5478>] (debug_dma_unmap_sg) from [<c04a77d8>] (omap_des_done_task+0x1cc/0x3e4)
      [    4.304963] [<c04a77d8>] (omap_des_done_task) from [<c004a090>] (tasklet_action+0x84/0x124)
      [    4.313370] [<c004a090>] (tasklet_action) from [<c004a4ac>] (__do_softirq+0xf0/0x20c)
      [    4.321235] [<c004a4ac>] (__do_softirq) from [<c004a840>] (irq_exit+0x98/0xec)
      [    4.328500] [<c004a840>] (irq_exit) from [<c000f9ac>] (handle_IRQ+0x50/0xb0)
      [    4.335589] [<c000f9ac>] (handle_IRQ) from [<c0008688>] (gic_handle_irq+0x28/0x5c)
      
      Removing the duplicate call to dma_unmap_sg().
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      Signed-off-by: default avatarLokesh Vutla <lokeshvutla@ti.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      acb33cc5
  7. 05 Jul, 2015 4 commits
    • Linus Torvalds's avatar
      Linux 4.2-rc1 · d770e558
      Linus Torvalds authored
      d770e558
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v4.2-2' of... · a585d2b7
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v4.2-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
      
      Pull late x86 platform driver updates from Darren Hart:
       "The following came in a bit later and I wanted them to bake in next a
        few more days before submitting, thus the second pull.
      
        A new intel_pmc_ipc driver, a symmetrical allocation and free fix in
        dell-laptop, a couple minor fixes, and some updated documentation in
        the dell-laptop comments.
      
        intel_pmc_ipc:
         - Add Intel Apollo Lake PMC IPC driver
      
        tc1100-wmi:
         - Delete an unnecessary check before the function call "kfree"
      
        dell-laptop:
         - Fix allocating & freeing SMI buffer page
         - Show info about WiGig and UWB in debugfs
         - Update information about wireless control"
      
      * tag 'platform-drivers-x86-v4.2-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
        intel_pmc_ipc: Add Intel Apollo Lake PMC IPC driver
        tc1100-wmi: Delete an unnecessary check before the function call "kfree"
        dell-laptop: Fix allocating & freeing SMI buffer page
        dell-laptop: Show info about WiGig and UWB in debugfs
        dell-laptop: Update information about wireless control
      a585d2b7
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 1dc51b82
      Linus Torvalds authored
      Pull more vfs updates from Al Viro:
       "Assorted VFS fixes and related cleanups (IMO the most interesting in
        that part are f_path-related things and Eric's descriptor-related
        stuff).  UFS regression fixes (it got broken last cycle).  9P fixes.
        fs-cache series, DAX patches, Jan's file_remove_suid() work"
      
      [ I'd say this is much more than "fixes and related cleanups".  The
        file_table locking rule change by Eric Dumazet is a rather big and
        fundamental update even if the patch isn't huge.   - Linus ]
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (49 commits)
        9p: cope with bogus responses from server in p9_client_{read,write}
        p9_client_write(): avoid double p9_free_req()
        9p: forgetting to cancel request on interrupted zero-copy RPC
        dax: bdev_direct_access() may sleep
        block: Add support for DAX reads/writes to block devices
        dax: Use copy_from_iter_nocache
        dax: Add block size note to documentation
        fs/file.c: __fget() and dup2() atomicity rules
        fs/file.c: don't acquire files->file_lock in fd_install()
        fs:super:get_anon_bdev: fix race condition could cause dev exceed its upper limitation
        vfs: avoid creation of inode number 0 in get_next_ino
        namei: make set_root_rcu() return void
        make simple_positive() public
        ufs: use dir_pages instead of ufs_dir_pages()
        pagemap.h: move dir_pages() over there
        remove the pointless include of lglock.h
        fs: cleanup slight list_entry abuse
        xfs: Correctly lock inode when removing suid and file capabilities
        fs: Call security_ops->inode_killpriv on truncate
        fs: Provide function telling whether file_remove_privs() will do anything
        ...
      1dc51b82
    • Linus Torvalds's avatar
      bluetooth: fix list handling · 9b284cbd
      Linus Torvalds authored
      Commit 835a6a2f ("Bluetooth: Stop sabotaging list poisoning")
      thought that the code was sabotaging the list poisoning when NULL'ing
      out the list pointers and removed it.
      
      But what was going on was that the bluetooth code was using NULL
      pointers for the list as a way to mark it empty, and that commit just
      broke it (and replaced the test with NULL with a "list_empty()" test on
      a uninitialized list instead, breaking things even further).
      
      So fix it all up to use the regular and real list_empty() handling
      (which does not use NULL, but a pointer to itself), also making sure to
      initialize the list properly (the previous NULL case was initialized
      implicitly by the session being allocated with kzalloc())
      
      This is a combination of patches by Marcel Holtmann and Tedd Ho-Jeong
      An.
      
      [ I would normally expect to get this through the bt tree, but I'm going
        to release -rc1, so I'm just committing this directly   - Linus ]
      Reported-and-tested-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Original-by: default avatarTedd Ho-Jeong An <tedd.an@intel.com>
      Original-by: Marcel Holtmann <marcel@holtmann.org>:
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9b284cbd
  8. 04 Jul, 2015 29 commits