Commit Graph

533 Commits

Author SHA1 Message Date
Greg Kroah-Hartman db596bb60e Merge 6.12.26 into android16-6.12-lts
GKI (arm64) relevant 69 out of 278 changes, affecting 88 files +585/-290
  0b603e7759 tracing: Add __print_dynamic_array() helper [3 files, +15/-1]
  0312735402 tracing: Verify event formats that have "%*p.." [2 files, +13/-2]
  1c9798bf81 mm/vmscan: don't try to reclaim hwpoison folio [1 file, +7/-0]
  db3b3964af PM: EM: use kfree_rcu() to simplify the code [1 file, +1/-9]
  9d5752b853 PM: EM: Address RCU-related sparse warnings [2 files, +26/-25]
  3e12e8c273 block: remove the write_hint field from struct request [4 files, +13/-12]
  ed7535b141 block: remove the ioprio field from struct request [4 files, +11/-15]
  2afa5ea7c4 block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone [1 file, +1/-0]
  46d3575209 PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends [1 file, +6/-12]
  35ba7b2d4d PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads [2 files, +5/-0]
  16c8aa5de1 dma/contiguous: avoid warning about unused size_bytes [1 file, +1/-2]
  7ccfadfb25 cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() [1 file, +8/-2]
  28fbd7b13b cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() [1 file, +10/-3]
  7d002f5914 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() [1 file, +5/-7]
  5d92e582d1 cgroup/cpuset-v1: Add missing support for cpuset_v2_mode [1 file, +29/-0]
  29daa63f2c scsi: core: Clear flags for scsi_cmnd that did not complete [1 file, +5/-1]
  eeab661803 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() [1 file, +2/-0]
  41143e7105 net: phy: leds: fix memory leak [1 file, +13/-10]
  0ceef62a32 tipc: fix NULL pointer dereference in tipc_mon_reinit_self() [1 file, +2/-1]
  a61afd5482 fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() [1 file, +36/-33]
  7f24ea6a46 block: never reduce ra_pages in blk_apply_bdi_limits [1 file, +7/-1]
  3decda1a3c splice: remove duplicate noinline from pipe_clear_nowait [1 file, +1/-1]
  30c0d6e778 virtio_console: fix missing byte order handling for cols and rows [1 file, +4/-3]
  c2a6b4d78c net: selftests: initialize TCP header and skb payload with zero [1 file, +13/-5]
  3939d6f29d irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() [1 file, +1/-1]
  7a8a6b627f io_uring: fix 'sync' handling of io_fallback_tw() [1 file, +7/-6]
  1f439fe4d8 scsi: Improve CDL control [1 file, +24/-12]
  3670dee376 char: misc: register chrdev region with all possible minors [1 file, +1/-1]
  ea0d806b94 USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe [2 files, +7/-0]
  1777714865 xhci: Limit time spent with xHC interrupts disabled during bus resume [3 files, +20/-16]
  bce3055b08 usb: xhci: Fix invalid pointer dereference in Etron workaround [1 file, +1/-1]
  52a7c9d930 usb: dwc3: gadget: check that event count does not exceed event buffer length [1 file, +6/-0]
  9924ee1bcd usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive [1 file, +3/-0]
  d85b7af3bd usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive [1 file, +3/-0]
  3e52ae347e USB: VLI disk crashes if LPM is used [1 file, +3/-0]
  0486de3c1b crypto: null - Use spin lock instead of mutex [1 file, +26/-13]
  7758e308ae bpf: Fix kmemleak warning for percpu hashmap [1 file, +3/-3]
  c5c833f637 bpf: Fix deadlock between rcu_tasks_trace and event_mutex. [1 file, +4/-3]
  4139072087 clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() [1 file, +4/-0]
  4131411f42 bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage [1 file, +6/-5]
  b817d2bfd6 bpf: Reject attaching fexit/fmod_ret to __noreturn functions [1 file, +32/-0]
  2ecae00138 usb: dwc3: gadget: Refactor loop to avoid NULL endpoints [1 file, +18/-4]
  cbfa55bda1 usb: xhci: Complete 'error mid TD' transfers when handling Missed Service [1 file, +5/-1]
  16a7a8e6c4 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling [1 file, +14/-6]
  635be13606 xhci: Handle spurious events on Etron host isoc enpoints [2 files, +27/-13]
  9ff59cb815 usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running [1 file, +7/-4]
  0485bdf88f objtool, panic: Disable SMAP in __stack_chk_fail() [2 files, +10/-1]
  c548f95688 9p/net: fix improper handling of bogus negative read/write replies [1 file, +16/-14]
  18296b5951 9p/trans_fd: mark concurrent read and writes to p9_conn->err [1 file, +10/-7]
  3568fd9e44 io_uring: always do atomic put from iowq [2 files, +8/-1]
  90dc6c1e3b perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init [1 file, +3/-3]
  24ede35eb2 nvme: requeue namespace scan on missed AENs [1 file, +4/-0]
  b9c89c97d7 nvme: re-read ANA log page after ns scan completes [1 file, +5/-0]
  ee5521176a nvme: multipath: fix return value of nvme_available_path [1 file, +1/-1]
  5e58b93a12 gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment [1 file, +3/-3]
  9f8eeac3a6 timekeeping: Add a lockdep override in tick_freeze() [1 file, +22/-0]
  b14d986413 iommu: Clear iommu-dma ops on cleanup [1 file, +3/-0]
  b626bc3c1d ext4: make block validity check resistent to sb bh corruption [2 files, +6/-6]
  2ef6eea2ef netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS [1 file, +4/-0]
  d53b2d49a8 iomap: skip unnecessary ifs_block_is_uptodate check [1 file, +1/-1]
  bfc66c4c28 Revert "drivers: core: synchronize really_probe() and dev_uevent()" [1 file, +0/-3]
  de7c24febd usb: typec: class: Fix NULL pointer access [2 files, +14/-2]
  45314999f9 ext4: goto right label 'out_mmap_sem' in ext4_setattr() [1 file, +1/-1]
  40966fc993 usb: typec: class: Invalidate USB device pointers on partner unregistration [1 file, +6/-2]
  4833d0a92b iommu: Handle race with default domain setup [1 file, +5/-0]
  1042d22942 nvme: fixup scan failure for non-ANA multipath controllers [1 file, +1/-1]
  1b7647efad usb: xhci: Fix Short Packet handling rework ignoring errors [1 file, +1/-1]
  ab5281d21e usb: typec: class: Unlocked on error in typec_register_partner() [1 file, +1/-0]
  6b9ebcbd31 mq-deadline: don't call req_get_ioprio from the I/O completion handler [1 file, +4/-9]

Changes in 6.12.26
	module: sign with sha512 instead of sha1 by default
	tracing: Add __print_dynamic_array() helper
	tracing: Verify event formats that have "%*p.."
	mm/vmscan: don't try to reclaim hwpoison folio
	soc: qcom: ice: introduce devm_of_qcom_ice_get
	mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get
	PM: EM: use kfree_rcu() to simplify the code
	PM: EM: Address RCU-related sparse warnings
	media: i2c: imx214: Use subdev active state
	media: i2c: imx214: Simplify with dev_err_probe()
	media: i2c: imx214: Convert to CCI register access helpers
	media: i2c: imx214: Replace register addresses with macros
	media: i2c: imx214: Check number of lanes from device tree
	media: i2c: imx214: Fix link frequency validation
	media: ov08x40: Move ov08x40_identify_module() function up
	media: ov08x40: Add missing ov08x40_identify_module() call on stream-start
	block: remove the write_hint field from struct request
	block: remove the ioprio field from struct request
	block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
	net: dsa: mv88e6xxx: fix VTU methods for 6320 family
	iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check
	iio: adc: ad7768-1: Fix conversion result sign
	arm64: dts: ti: Refactor J784s4 SoC files to a common file
	arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks
	of: resolver: Simplify of_resolve_phandles() using __free()
	of: resolver: Fix device node refcount leakage in of_resolve_phandles()
	scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get
	PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag
	PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends
	PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
	accel/ivpu: Add auto selection logic for job scheduler
	accel/ivpu: Fix the NPU's DPU frequency calculation
	ksmbd: use __GFP_RETRY_MAYFAIL
	ksmbd: add netdev-up/down event debug print
	ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
	ksmbd: fix use-after-free in __smb2_lease_break_noti()
	scsi: ufs: exynos: Remove empty drv_init method
	scsi: ufs: exynos: Remove superfluous function parameter
	scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster
	scsi: ufs: exynos: Move UFS shareability value to drvdata
	scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
	net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
	drm/xe/bmg: Add one additional PCI ID
	drm/amd/display: Fix unnecessary cast warnings from checkpatch
	drm/amd/display/dml2: use vzalloc rather than kzalloc
	lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP
	ceph: Fix incorrect flush end position calculation
	cpufreq: sun50i: prevent out-of-bounds access
	dma/contiguous: avoid warning about unused size_bytes
	cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
	cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
	cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
	scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
	cpufreq: cppc: Fix invalid return value in .get() callback
	cpufreq: Do not enable by default during compile testing
	cpufreq: fix compile-test defaults
	btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
	btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
	cgroup/cpuset-v1: Add missing support for cpuset_v2_mode
	vhost-scsi: Add better resource allocation failure handling
	vhost-scsi: Fix vhost_scsi_send_bad_target()
	vhost-scsi: Fix vhost_scsi_send_status()
	net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
	net/mlx5: Move ttc allocation after switch case to prevent leaks
	scsi: core: Clear flags for scsi_cmnd that did not complete
	scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
	net: lwtunnel: disable BHs when required
	net: phy: leds: fix memory leak
	tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
	net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration
	fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
	net_sched: hfsc: Fix a UAF vulnerability in class handling
	net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
	net: dsa: mt7530: sync driver-specific behavior of MT7531 variants
	pds_core: Prevent possible adminq overflow/stuck condition
	pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
	pds_core: Remove unnecessary check in pds_client_adminq_cmd()
	pds_core: make wait_context part of q_info
	block: never reduce ra_pages in blk_apply_bdi_limits
	iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
	riscv: Replace function-like macro by static inline function
	riscv: uprobes: Add missing fence.i after building the XOL buffer
	splice: remove duplicate noinline from pipe_clear_nowait
	bpf: Add namespace to BPF internal symbols
	perf/x86: Fix non-sampling (counting) events on certain x86 platforms
	LoongArch: Select ARCH_USE_MEMTEST
	LoongArch: Make regs_irqs_disabled() more clear
	LoongArch: Make do_xyz() exception handlers more robust
	KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature
	netfilter: fib: avoid lookup if socket is available
	virtio_console: fix missing byte order handling for cols and rows
	sched_ext: Use kvzalloc for large exit_dump allocation
	crypto: atmel-sha204a - Set hwrng quality to lowest possible
	xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
	net: selftests: initialize TCP header and skb payload with zero
	net: phy: microchip: force IRQ polling mode for lan88xx
	scsi: mpi3mr: Fix pending I/O counter
	rust: firmware: Use `ffi::c_char` type in `FwFunc`
	drm: panel: jd9365da: fix reset signal polarity in unprepare
	drm/amd/display: Fix gpu reset in multidisplay config
	drm/amd/display: Force full update in gpu reset
	x86/insn: Fix CTEST instruction decoding
	irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
	LoongArch: Handle fp, lsx, lasx and lbt assembly symbols
	LoongArch: Return NULL from huge_pte_offset() for invalid PMD
	LoongArch: Remove a bogus reference to ZONE_DMA
	LoongArch: KVM: Fully clear some CSRs when VM reboot
	LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally
	io_uring: fix 'sync' handling of io_fallback_tw()
	KVM: SVM: Allocate IR data using atomic allocation
	cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports
	mcb: fix a double free bug in chameleon_parse_gdd()
	ata: libata-scsi: Improve CDL control
	ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type
	ata: libata-scsi: Fix ata_msense_control_ata_feature()
	USB: storage: quirk for ADATA Portable HDD CH94
	scsi: Improve CDL control
	mei: me: add panther lake H DID
	mei: vsc: Fix fortify-panic caused by invalid counted_by() use
	KVM: x86: Explicitly treat routing entry type changes as changes
	KVM: x86: Reset IRTE to host control if *new* route isn't postable
	KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
	char: misc: register chrdev region with all possible minors
	misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration
	misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack
	firmware: stratix10-svc: Add of_platform_default_populate()
	tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
	serial: msm: Configure correct working mode before starting earlycon
	serial: sifive: lock port in startup()/shutdown() callbacks
	USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
	USB: serial: option: add Sierra Wireless EM9291
	USB: serial: simple: add OWON HDS200 series oscilloscope support
	xhci: Limit time spent with xHC interrupts disabled during bus resume
	usb: xhci: Fix invalid pointer dereference in Etron workaround
	usb: cdns3: Fix deadlock when using NCM gadget
	usb: chipidea: ci_hdrc_imx: fix usbmisc handling
	usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
	usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
	USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
	usb: dwc3: gadget: check that event count does not exceed event buffer length
	usb: dwc3: xilinx: Prevent spike in reset signal
	usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
	usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
	USB: VLI disk crashes if LPM is used
	USB: wdm: handle IO errors in wdm_wwan_port_start
	USB: wdm: close race between wdm_open and wdm_wwan_port_stop
	USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
	USB: wdm: add annotation
	selftests/bpf: Fix stdout race condition in traffic monitor
	pinctrl: renesas: rza2: Fix potential NULL pointer dereference
	pinctrl: mcp23s08: Get rid of spurious level interrupts
	MIPS: cm: Detect CM quirks from device tree
	crypto: ccp - Add support for PCI device 0x1134
	crypto: lib/Kconfig - Fix lib built-in failure when arch is modular
	crypto: null - Use spin lock instead of mutex
	bpf: Fix kmemleak warning for percpu hashmap
	bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
	clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
	parisc: PDT: Fix missing prototype warning
	s390/sclp: Add check for get_zeroed_page()
	s390/tty: Fix a potential memory leak bug
	bpf: bpftool: Setting error code in do_loader()
	bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage
	bpf: Reject attaching fexit/fmod_ret to __noreturn functions
	mailbox: pcc: Fix the possible race in updation of chan_in_use flag
	mailbox: pcc: Always clear the platform ack interrupt first
	usb: host: max3421-hcd: Add missing spi_device_id table
	fs/ntfs3: Keep write operations atomic
	fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
	usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
	usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
	sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
	usb: xhci: Complete 'error mid TD' transfers when handling Missed Service
	usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
	xhci: Handle spurious events on Etron host isoc enpoints
	i3c: master: svc: Add support for Nuvoton npcm845 i3c
	dmaengine: dmatest: Fix dmatest waiting less when interrupted
	usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
	phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init
	usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
	usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func
	thunderbolt: Scan retimers after device router has been enumerated
	um: work around sched_yield not yielding in time-travel mode
	objtool: Silence more KCOV warnings
	objtool, panic: Disable SMAP in __stack_chk_fail()
	objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler()
	objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc()
	objtool, lkdtm: Obfuscate the do_nothing() pointer
	qibfs: fix _another_ leak
	ntb: reduce stack usage in idt_scan_mws
	ntb_hw_amd: Add NTB PCI ID for new gen CPU
	9p/net: fix improper handling of bogus negative read/write replies
	9p/trans_fd: mark concurrent read and writes to p9_conn->err
	rtc: pcf85063: do a SW reset if POR failed
	io_uring: always do atomic put from iowq
	kbuild: add dependency from vmlinux to sorttable
	sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
	KVM: s390: Don't use %pK through tracepoints
	KVM: s390: Don't use %pK through debug printing
	cgroup/cpuset: Don't allow creation of local partition over a remote one
	selftests: ublk: fix test_stripe_04
	perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
	xen: Change xen-acpi-processor dom0 dependency
	nvme: requeue namespace scan on missed AENs
	ACPI: EC: Set ec_no_wakeup for Lenovo Go S
	ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
	drm/amdgpu: Increase KIQ invalidate_tlbs timeout
	drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406
	nvme: re-read ANA log page after ns scan completes
	nvme: multipath: fix return value of nvme_available_path
	objtool: Stop UNRET validation on UD2
	gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment
	x86/xen: disable CPU idle and frequency drivers for PVH dom0
	selftests/mincore: Allow read-ahead pages to reach the end of the file
	x86/bugs: Use SBPB in write_ibpb() if applicable
	x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
	x86/bugs: Don't fill RSB on context switch with eIBRS
	nvmet-fc: take tgtport reference only once
	nvmet-fc: put ref when assoc->del_work is already scheduled
	cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode
	timekeeping: Add a lockdep override in tick_freeze()
	cifs: Fix querying of WSL CHR and BLK reparse points over SMB1
	iommu: Clear iommu-dma ops on cleanup
	ext4: make block validity check resistent to sb bh corruption
	scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
	scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init()
	scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO
	scsi: ufs: exynos: Move phy calls to .exit() callback
	scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend()
	scsi: pm80xx: Set phy_attached to zero when device is gone
	ASoC: fsl_asrc_dma: get codec or cpu dai from backend
	x86/i8253: Call clockevent_i8253_disable() with interrupts disabled
	netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
	iomap: skip unnecessary ifs_block_is_uptodate check
	riscv: Provide all alternative macros all the time
	ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
	spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts
	spi: tegra210-quad: add rate limiting and simplify timeout error message
	ubsan: Fix panic from test_ubsan_out_of_bounds
	x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores
	md/raid1: Add check for missing source disk in process_checks()
	drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4
	drm/amdgpu: Use the right function for hdp flush
	spi: spi-imx: Add check for spi_imx_setupxfer()
	Revert "drivers: core: synchronize really_probe() and dev_uevent()"
	driver core: introduce device_set_driver() helper
	driver core: fix potential NULL pointer dereference in dev_uevent()
	xfs: do not check NEEDSREPAIR if ro,norecovery mount.
	xfs: Do not allow norecovery mount with quotacheck
	xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate
	xfs: flush inodegc before swapon
	selftests/bpf: fix bpf_map_redirect call for cpu map test
	selftests/bpf: make xdp_cpumap_attach keep redirect prog attached
	selftests/bpf: check program redirect in xdp_cpumap_attach
	selftests/bpf: Adjust data size to have ETH_HLEN
	usb: typec: class: Fix NULL pointer access
	vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
	comedi: jr3_pci: Fix synchronous deletion of timer
	ext4: goto right label 'out_mmap_sem' in ext4_setattr()
	usb: typec: class: Invalidate USB device pointers on partner unregistration
	Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"
	net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
	net: dsa: mv88e6xxx: enable PVT for 6321 switch
	net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
	net: dsa: mv88e6xxx: enable STU methods for 6320 family
	iommu: Handle race with default domain setup
	crypto: lib/Kconfig - Hide arch options from user
	media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl()
	MIPS: cm: Fix warning if MIPS_CM is disabled
	nvme: fixup scan failure for non-ANA multipath controllers
	usb: xhci: Fix Short Packet handling rework ignoring errors
	objtool: Ignore end-of-section jumps for KCOV/GCOV
	objtool: Silence more KCOV warnings, part 2
	usb: typec: class: Unlocked on error in typec_register_partner()
	crypto: Kconfig - Select LIB generic option
	arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size
	mq-deadline: don't call req_get_ioprio from the I/O completion handler
	Linux 6.12.26

Change-Id: Iff5be8c388b8b915652fafb787156a4653f060aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2025-05-20 16:37:12 +00:00
Herbert Xu 4b814a1c0c crypto: Kconfig - Select LIB generic option
commit 98330b9a61506de7df0d1725122111909c157864 upstream.

Select the generic LIB options if the Crypto API algorithm is
enabled.  Otherwise this may lead to a build failure as the Crypto
API algorithm always uses the generic implementation.

Fixes: 17ec3e71ba79 ("crypto: lib/Kconfig - Hide arch options from user")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202503022113.79uEtUuy-lkp@intel.com/
Closes: https://lore.kernel.org/oe-kbuild-all/202503022115.9OOyDR5A-lkp@intel.com/
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-02 07:59:33 +02:00
Herbert Xu 67727c5764 crypto: lib/Kconfig - Hide arch options from user
commit 17ec3e71ba797cdb62164fea9532c81b60f47167 upstream.

The ARCH_MAY_HAVE patch missed arm64, mips and s390.  But it may
also lead to arch options being enabled but ineffective because
of modular/built-in conflicts.

As the primary user of all these options wireguard is selecting
the arch options anyway, make the same selections at the lib/crypto
option level and hide the arch options from the user.

Instead of selecting them centrally from lib/crypto, simply set
the default of each arch option as suggested by Eric Biggers.

Change the Crypto API generic algorithms to select the top-level
lib/crypto options instead of the generic one as otherwise there
is no way to enable the arch options (Eric Biggers).  Introduce a
set of INTERNAL options to work around dependency cycles on the
CONFIG_CRYPTO symbol.

Fixes: 1047e21aecdf ("crypto: lib/Kconfig - Fix lib built-in failure when arch is modular")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Arnd Bergmann <arnd@kernel.org>
Closes: https://lore.kernel.org/oe-kbuild-all/202502232152.JC84YDLp-lkp@intel.com/
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-02 07:59:32 +02:00
Ard Biesheuvel 4084529fba ANDROID: fips140: add kernel crypto module
To meet FIPS 140 requirements, add support for building a kernel module
"fips140.ko" that contains various cryptographic algorithms built from
existing kernel source files.  At load time, the module checks its own
integrity and self-tests its algorithms, then registers the algorithms
with the crypto API to supersede the original algorithms provided by the
kernel itself.

[ebiggers: this commit originated from "ANDROID: crypto: fips140 -
 perform load time integrity check", but I've folded many later commits
 into it to make forward porting easier.  See below]

Original commits:
  android12-5.10:
    6be141eb36fe ("ANDROID: crypto: fips140 - perform load time integrity check")
    868be244bbed ("ANDROID: inject correct HMAC digest into fips140.ko at build time")
    091338cb398e ("ANDROID: fips140: add missing static keyword to fips140_init()")
    c799c6644b52 ("ANDROID: fips140: adjust some log messages")
    92de53472e68 ("ANDROID: fips140: log already-live algorithms")
    0af06624eadc ("ANDROID: fips140: check for errors from initcalls")
    634445a640a4 ("ANDROID: fips140: fix deadlock in unregister_existing_fips140_algos()")
    e886dd4c339e ("ANDROID: fips140: unregister existing DRBG algorithms")
    b7397e89db29 ("ANDROID: fips140: add power-up cryptographic self-tests")
    50661975be74 ("ANDROID: fips140: add/update module help text")
    b397a0387cb2 ("ANDROID: fips140: test all implementations")
    17ccefe14021 ("ANDROID: fips140: use full 16-byte IV")
    1be58af0776a ("ANDROID: fips140: remove non-prediction-resistant DRBG test")
    2b5843ae2d90 ("ANDROID: fips140: add AES-CBC-CTS")
    2ee56aad318c ("ANDROID: fips140: add AES-CMAC")
    960ebb2b565b ("ANDROID: fips140: add jitterentropy to fips140 module")
    e5b14396f9d2 ("ANDROID: fips140: take into account AES-GCM not being approvable")
    52b70d491bd4 ("ANDROID: fips140: use FIPS140_CFLAGS when compiling fips140-selftests.c")
    6b995f5a5403 ("ANDROID: fips140: preserve RELA sections without relying on the module loader")
    e45108ecff64 ("ANDROID: fips140: block crypto operations until tests complete")
    ecf9341134d1 ("ANDROID: fips140: remove in-place updating of live algorithms")
    482b0323cf29 ("ANDROID: fips140: zeroize temporary values from integrity check")
    64d769e53f20 ("ANDROID: fips140: add service indicators")
    8d7f609cdaa4 ("ANDROID: fips140: add name and version, and a function to retrieve them")
    6b7c37f6c449 ("ANDROID: fips140: use UTS_RELEASE as FIPS version")
    903e97a0ca6d ("ANDROID: fips140: refactor evaluation testing support")
    97fb2104fe22 ("ANDROID: fips140: add support for injecting integrity error")
    109f31ac23f5 ("ANDROID: fips140: add userspace interface for evaluation testing")
  android14-5.15:
    84572a0c7981 ("ANDROID: fips140: split dump-section+add-section into 2 ops")
    b0f8873811d4 ("ANDROID: kleaf: convert fips140 to kleaf")
    2535deae8069 ("ANDROID: GKI: Source GKI_BUILD_CONFIG_FRAGMENT after setting all variables")
    685a2ade28bb ("ANDROID: fips140: add crypto_memneq() back to the module")
    320dfca58a3d ("ANDROID: fips140: fix in-tree builds")
    d4966a820397 ("ANDROID: fips140: remove CONFIG_CRYPTO_FIPS140 option")
    6da26b8750f5 ("ANDROID: fips140: require 'm' to enable CRYPTO_FIPS140_MOD")
    bfcfcce3803b ("ANDROID: fips140: unapply ABS32 relocations generated by KCFI")
    63f46b45dda2 ("ANDROID: fips140: eliminate crypto-fips.a build step")
    ae4ca7a09bb6 ("ANDROID: fips140: allow building without LTO")
    e8b59bcd783b ("ANDROID: fips140: fix the error injection module parameters")
    9cef46f39ee9 ("ANDROID: remove LTO check from build.config.gki.aarch64.fips140")
    b1f8c250264b ("ANDROID: fips140 - add option for debugging the integrity check")
    7b301c70795e ("ANDROID: fips140 - fix integrity check by unapplying dynamic SCS")
  android14-6.1:
    3f5807c586a6 ("ANDROID: fips140: change linker script guard")
  android15-6.6:
    cb9ca9b4f2f4 ("ANDROID: fips140: avoid crypto driver name collisions")
    8b1881ad162a ("ANDROID: fips140: add SHA-3 as an approved algorithm")
    145f51aca09e ("ANDROID: fips140: remove unnecessary no_sanitize(cfi)")
    eb1f7db04a47 ("ANDROID: fix kernelci GCC builds of fips140.ko")

Bug: 153614920
Bug: 188620248
Test: Tested that the module builds and can be loaded on a device.
Change-Id: I3fde49dbc3d16b149b072a27ba5b4c6219015c94
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
2024-12-06 12:32:52 +00:00
Stephan Mueller 95a798d200 crypto: jitter - set default OSR to 3
The user space Jitter RNG library uses the oversampling rate of 3 which
implies that each time stamp is credited with 1/3 bit of entropy. To
obtain 256 bits of entropy, 768 time stamps need to be sampled. The
increase in OSR is applied based on a report where the Jitter RNG is
used on a system exhibiting a challenging environment to collect
entropy.

This OSR default value is now applied to the Linux kernel version of
the Jitter RNG as well.

The increase in the OSR from 1 to 3 also implies that the Jitter RNG is
now slower by default.

Reported-by: Jeff Barnes <jeffbarnes@microsoft.com>
Signed-off-by: Stephan Mueller <smueller@chronox.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-08-24 21:36:07 +08:00
Herbert Xu 46b3ff73af crypto: sm2 - Remove sm2 algorithm
The SM2 algorithm has a single user in the kernel.  However, it's
never been integrated properly with that user: asymmetric_keys.

The crux of the issue is that the way it computes its digest with
sm3 does not fit into the architecture of asymmetric_keys.  As no
solution has been proposed, remove this algorithm.

It can be resubmitted when it is integrated properly into the
asymmetric_keys subsystem.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-06-07 19:46:39 +08:00
Eric Biggers 29ce50e078 crypto: remove CONFIG_CRYPTO_STATS
Remove support for the "Crypto usage statistics" feature
(CONFIG_CRYPTO_STATS).  This feature does not appear to have ever been
used, and it is harmful because it significantly reduces performance and
is a large maintenance burden.

Covering each of these points in detail:

1. Feature is not being used

Since these generic crypto statistics are only readable using netlink,
it's fairly straightforward to look for programs that use them.  I'm
unable to find any evidence that any such programs exist.  For example,
Debian Code Search returns no hits except the kernel header and kernel
code itself and translations of the kernel header:
https://codesearch.debian.net/search?q=CRYPTOCFGA_STAT&literal=1&perpkg=1

The patch series that added this feature in 2018
(https://lore.kernel.org/linux-crypto/1537351855-16618-1-git-send-email-clabbe@baylibre.com/)
said "The goal is to have an ifconfig for crypto device."  This doesn't
appear to have happened.

It's not clear that there is real demand for crypto statistics.  Just
because the kernel provides other types of statistics such as I/O and
networking statistics and some people find those useful does not mean
that crypto statistics are useful too.

Further evidence that programs are not using CONFIG_CRYPTO_STATS is that
it was able to be disabled in RHEL and Fedora as a bug fix
(https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2947).

Even further evidence comes from the fact that there are and have been
bugs in how the stats work, but they were never reported.  For example,
before Linux v6.7 hash stats were double-counted in most cases.

There has also never been any documentation for this feature, so it
might be hard to use even if someone wanted to.

2. CONFIG_CRYPTO_STATS significantly reduces performance

Enabling CONFIG_CRYPTO_STATS significantly reduces the performance of
the crypto API, even if no program ever retrieves the statistics.  This
primarily affects systems with a large number of CPUs.  For example,
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039576 reported
that Lustre client encryption performance improved from 21.7GB/s to
48.2GB/s by disabling CONFIG_CRYPTO_STATS.

It can be argued that this means that CONFIG_CRYPTO_STATS should be
optimized with per-cpu counters similar to many of the networking
counters.  But no one has done this in 5+ years.  This is consistent
with the fact that the feature appears to be unused, so there seems to
be little interest in improving it as opposed to just disabling it.

It can be argued that because CONFIG_CRYPTO_STATS is off by default,
performance doesn't matter.  But Linux distros tend to error on the side
of enabling options.  The option is enabled in Ubuntu and Arch Linux,
and until recently was enabled in RHEL and Fedora (see above).  So, even
just having the option available is harmful to users.

3. CONFIG_CRYPTO_STATS is a large maintenance burden

There are over 1000 lines of code associated with CONFIG_CRYPTO_STATS,
spread among 32 files.  It significantly complicates much of the
implementation of the crypto API.  After the initial submission, many
fixes and refactorings have consumed effort of multiple people to keep
this feature "working".  We should be spending this effort elsewhere.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-04-02 10:49:38 +08:00
Linus Torvalds c150b809f7 Merge tag 'riscv-for-linus-6.9-mw2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V updates from Palmer Dabbelt:

 - Support for various vector-accelerated crypto routines

 - Hibernation is now enabled for portable kernel builds

 - mmap_rnd_bits_max is larger on systems with larger VAs

 - Support for fast GUP

 - Support for membarrier-based instruction cache synchronization

 - Support for the Andes hart-level interrupt controller and PMU

 - Some cleanups around unaligned access speed probing and Kconfig
   settings

 - Support for ACPI LPI and CPPC

 - Various cleanus related to barriers

 - A handful of fixes

* tag 'riscv-for-linus-6.9-mw2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: (66 commits)
  riscv: Fix syscall wrapper for >word-size arguments
  crypto: riscv - add vector crypto accelerated AES-CBC-CTS
  crypto: riscv - parallelize AES-CBC decryption
  riscv: Only flush the mm icache when setting an exec pte
  riscv: Use kcalloc() instead of kzalloc()
  riscv/barrier: Add missing space after ','
  riscv/barrier: Consolidate fence definitions
  riscv/barrier: Define RISCV_FULL_BARRIER
  riscv/barrier: Define __{mb,rmb,wmb}
  RISC-V: defconfig: Enable CONFIG_ACPI_CPPC_CPUFREQ
  cpufreq: Move CPPC configs to common Kconfig and add RISC-V
  ACPI: RISC-V: Add CPPC driver
  ACPI: Enable ACPI_PROCESSOR for RISC-V
  ACPI: RISC-V: Add LPI driver
  cpuidle: RISC-V: Move few functions to arch/riscv
  riscv: Introduce set_compat_task() in asm/compat.h
  riscv: Introduce is_compat_thread() into compat.h
  riscv: add compile-time test into is_compat_task()
  riscv: Replace direct thread flag check with is_compat_task()
  riscv: Improve arch_get_mmap_end() macro
  ...
2024-03-22 10:41:13 -07:00
Herbert Xu 6a8dbd71a7 Revert "crypto: remove CONFIG_CRYPTO_STATS"
This reverts commit 2beb81fbf0.

While removing CONFIG_CRYPTO_STATS is a worthy goal, this also
removed unrelated infrastructure such as crypto_comp_alg_common.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-03-13 09:49:37 +08:00
Eric Biggers 2beb81fbf0 crypto: remove CONFIG_CRYPTO_STATS
Remove support for the "Crypto usage statistics" feature
(CONFIG_CRYPTO_STATS).  This feature does not appear to have ever been
used, and it is harmful because it significantly reduces performance and
is a large maintenance burden.

Covering each of these points in detail:

1. Feature is not being used

Since these generic crypto statistics are only readable using netlink,
it's fairly straightforward to look for programs that use them.  I'm
unable to find any evidence that any such programs exist.  For example,
Debian Code Search returns no hits except the kernel header and kernel
code itself and translations of the kernel header:
https://codesearch.debian.net/search?q=CRYPTOCFGA_STAT&literal=1&perpkg=1

The patch series that added this feature in 2018
(https://lore.kernel.org/linux-crypto/1537351855-16618-1-git-send-email-clabbe@baylibre.com/)
said "The goal is to have an ifconfig for crypto device."  This doesn't
appear to have happened.

It's not clear that there is real demand for crypto statistics.  Just
because the kernel provides other types of statistics such as I/O and
networking statistics and some people find those useful does not mean
that crypto statistics are useful too.

Further evidence that programs are not using CONFIG_CRYPTO_STATS is that
it was able to be disabled in RHEL and Fedora as a bug fix
(https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2947).

Even further evidence comes from the fact that there are and have been
bugs in how the stats work, but they were never reported.  For example,
before Linux v6.7 hash stats were double-counted in most cases.

There has also never been any documentation for this feature, so it
might be hard to use even if someone wanted to.

2. CONFIG_CRYPTO_STATS significantly reduces performance

Enabling CONFIG_CRYPTO_STATS significantly reduces the performance of
the crypto API, even if no program ever retrieves the statistics.  This
primarily affects systems with large number of CPUs.  For example,
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039576 reported
that Lustre client encryption performance improved from 21.7GB/s to
48.2GB/s by disabling CONFIG_CRYPTO_STATS.

It can be argued that this means that CONFIG_CRYPTO_STATS should be
optimized with per-cpu counters similar to many of the networking
counters.  But no one has done this in 5+ years.  This is consistent
with the fact that the feature appears to be unused, so there seems to
be little interest in improving it as opposed to just disabling it.

It can be argued that because CONFIG_CRYPTO_STATS is off by default,
performance doesn't matter.  But Linux distros tend to error on the side
of enabling options.  The option is enabled in Ubuntu and Arch Linux,
and until recently was enabled in RHEL and Fedora (see above).  So, even
just having the option available is harmful to users.

3. CONFIG_CRYPTO_STATS is a large maintenance burden

There are over 1000 lines of code associated with CONFIG_CRYPTO_STATS,
spread among 32 files.  It significantly complicates much of the
implementation of the crypto API.  After the initial submission, many
fixes and refactorings have consumed effort of multiple people to keep
this feature "working".  We should be spending this effort elsewhere.

Cc: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-03-01 18:35:40 +08:00
Randy Dunlap e63df1ec9a crypto: jitter - fix CRYPTO_JITTERENTROPY help text
Correct various small problems in the help text:
a. change 2 spaces to ", "
b. finish an incomplete sentence
c. change non-working URL to working URL

Fixes: a9a98d49da ("crypto: Kconfig - simplify compression/RNG entries")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218458
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Bagas Sanjaya <bagasdotme@gmail.com>
Cc: Robert Elliott <elliott@hpe.com>
Cc: Christoph Biedl <bugzilla.kernel.bpeb@manchmal.in-ulm.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Acked-by: Bagas Sanjaya <bagasdotme@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2024-02-24 08:41:20 +08:00
Heiko Stuebner 178f385643 RISC-V: hook new crypto subdir into build-system
Create a crypto subdirectory for added accelerated cryptography routines
and hook it into the riscv Kbuild and the main crypto Kconfig.

Signed-off-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Link: https://lore.kernel.org/r/20240122002024.27477-4-ebiggers@kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
2024-01-22 17:55:17 -08:00
Herbert Xu 412ac51ce0 crypto: cfb,ofb - Remove cfb and ofb
Remove the unused algorithms CFB/OFB.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-12-08 11:59:46 +08:00
Herbert Xu e7ed6473c2 crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT
As JITTERENTROPY is selected by default if you enable the CRYPTO
API, any Kconfig options added there will show up for every single
user.  Hide the esoteric options under EXPERT as well as FIPS so
that only distro makers will see them.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-11-07 16:44:35 +08:00
Herbert Xu 845346841b crypto: skcipher - Add dependency on ecb
As lskcipher requires the ecb wrapper for the transition add an
explicit dependency on it so that it is always present.  This can
be removed once all simple ciphers have been converted to lskcipher.

Reported-by: Nathan Chancellor <nathan@kernel.org>
Fixes: 705b52fef3 ("crypto: cbc - Convert from skcipher to lskcipher")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-13 18:27:26 +08:00
Stephan Müller 0baa8fab33 crypto: jitter - Allow configuration of oversampling rate
The oversampling rate used by the Jitter RNG allows the configuration of
the heuristically implied entropy in one timing measurement. This
entropy rate is (1 / OSR) bits of entropy per time stamp.

Considering that the Jitter RNG now support APT/RCT health tests for
different OSRs, allow this value to be configured at compile time to
support systems with limited amount of entropy in their timer.

The allowed range of OSR values complies with the APT/RCT cutoff health
test values which range from 1 through 15.

The default value of the OSR selection support is left at 1 which is the
current default. Thus, the addition of the configuration support does
not alter the default Jitter RNG behavior.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-01 16:28:15 +08:00
Stephan Müller 59bcfd7885 crypto: jitter - Allow configuration of memory size
The memory size consumed by the Jitter RNG is one contributing factor in
the amount of entropy that is gathered. As the amount of entropy
directly correlates with the distance of the memory from the CPU, the
caches that are possibly present on a given system have an impact on the
collected entropy.

Thus, the kernel compile time should offer a means to configure the
amount of memory used by the Jitter RNG. Although this option could be
turned into a runtime option (e.g. a kernel command line option), it
should remain a compile time option as otherwise adminsitrators who may
not have performed an entropy assessment may select a value that is
inappropriate.

The default value selected by the configuration is identical to the
current Jitter RNG value. Thus, the patch should not lead to any change
in the Jitter RNG behavior.

To accommodate larger memory buffers, kvzalloc / kvfree is used.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-01 16:28:15 +08:00
Herbert Xu 6cb8815f41 crypto: sig - Add interface for sign/verify
Split out the sign/verify functionality from the existing akcipher
interface.  Most algorithms in akcipher either support encryption
and decryption, or signing and verify.  Only one supports both.

As a signature algorithm may not support encryption at all, these
two should be spearated.

For now sig is simply a wrapper around akcipher as all algorithms
remain unchanged.  This is a first step and allows users to start
allocating sig instead of akcipher.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-06-23 16:15:36 +08:00
Herbert Xu ba51738fa7 crypto: geniv - Split geniv out of AEAD Kconfig option
Give geniv its own Kconfig option so that its dependencies are
distinct from that of the AEAD API code.  This also allows it
to be disabled if no IV generators (seqiv/echainiv) are enabled.

Remove the obsolete select on RNG2 by SKCIPHER2 as skcipher IV
generators disappeared long ago.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-06-23 16:15:36 +08:00
Herbert Xu fb28fabfad crypto: algboss - Add missing dependency on RNG2
The testmgr code uses crypto_rng without depending on it.  Add
an explicit dependency to Kconfig.

Also sort the MANAGER2 dependencies alphabetically.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-06-23 16:15:36 +08:00
Eric Biggers 66dd59b7aa crypto: Kconfig - warn about performance overhead of CRYPTO_STATS
Make the help text for CRYPTO_STATS explicitly mention that it reduces
the performance of the crypto API.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-05-24 18:12:33 +08:00
Stephan Müller 69f1c387ba crypto: jitter - add interface for gathering of raw entropy
The test interface allows a privileged process to capture the raw
unconditioned noise that is collected by the Jitter RNG for statistical
analysis. Such testing allows the analysis how much entropy
the Jitter RNG noise source provides on a given platform. The obtained
data is the time stamp sampled by the Jitter RNG. Considering that
the Jitter RNG inserts the delta of this time stamp compared to the
immediately preceding time stamp, the obtained data needs to be
post-processed accordingly to obtain the data the Jitter RNG inserts
into its entropy pool.

The raw entropy collection is provided to obtain the raw unmodified
time stamps that are about to be added to the Jitter RNG entropy pool
and are credited with entropy. Thus, this patch adds an interface
which renders the Jitter RNG insecure. This patch is NOT INTENDED
FOR PRODUCTION SYSTEMS, but solely for development/test systems to
verify the available entropy rate.

Access to the data is given through the jent_raw_hires debugfs file.
The data buffer should be multiples of sizeof(u32) to fill the entire
buffer. Using the option jitterentropy_testing.boot_raw_hires_test=1
the raw noise of the first 1000 entropy events since boot can be
sampled.

This test interface allows generating the data required for
analysis whether the Jitter RNG is in compliance with SP800-90B
sections 3.1.3 and 3.1.4.

If the test interface is not compiled, its code is a noop which has no
impact on the performance.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-05-12 18:48:01 +08:00
Stephan Müller bb897c5504 crypto: jitter - replace LFSR with SHA3-256
Using the kernel crypto API, the SHA3-256 algorithm is used as
conditioning element to replace the LFSR in the Jitter RNG. All other
parts of the Jitter RNG are unchanged.

The application and use of the SHA-3 conditioning operation is identical
to the user space Jitter RNG 3.4.0 by applying the following concept:

- the Jitter RNG initializes a SHA-3 state which acts as the "entropy
  pool" when the Jitter RNG is allocated.

- When a new time delta is obtained, it is inserted into the "entropy
  pool" with a SHA-3 update operation. Note, this operation in most of
  the cases is a simple memcpy() onto the SHA-3 stack.

- To cause a true SHA-3 operation for each time delta operation, a
  second SHA-3 operation is performed hashing Jitter RNG status
  information. The final message digest is also inserted into the
  "entropy pool" with a SHA-3 update operation. Yet, this data is not
  considered to provide any entropy, but it shall stir the entropy pool.

- To generate a random number, a SHA-3 final operation is performed to
  calculate a message digest followed by an immediate SHA-3 init to
  re-initialize the "entropy pool". The obtained message digest is one
  block of the Jitter RNG that is returned to the caller.

Mathematically speaking, the random number generated by the Jitter RNG
is:

aux_t = SHA-3(Jitter RNG state data)

Jitter RNG block = SHA-3(time_i || aux_i || time_(i-1) || aux_(i-1) ||
                         ... || time_(i-255) || aux_(i-255))

when assuming that the OSR = 1, i.e. the default value.

This operation implies that the Jitter RNG has an output-blocksize of
256 bits instead of the 64 bits of the LFSR-based Jitter RNG that is
replaced with this patch.

The patch also replaces the varying number of invocations of the
conditioning function with one fixed number of invocations. The use
of the conditioning function consistent with the userspace Jitter RNG
library version 3.4.0.

The code is tested with a system that exhibited the least amount of
entropy generated by the Jitter RNG: the SiFive Unmatched RISC-V
system. The measured entropy rate is well above the heuristically
implied entropy value of 1 bit of entropy per time delta. On all other
tested systems, the measured entropy rate is even higher by orders
of magnitude. The measurement was performed using updated tooling
provided with the user space Jitter RNG library test framework.

The performance of the Jitter RNG with this patch is about en par
with the performance of the Jitter RNG without the patch.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-05-12 18:48:01 +08:00
Min Zhou 2f16482202 LoongArch: crypto: Add crc32 and crc32c hw acceleration
With a blatant copy of some MIPS bits we introduce the crc32 and crc32c
hw accelerated module to LoongArch.

LoongArch has provided these instructions to calculate crc32 and crc32c:
        * crc.w.b.w    crcc.w.b.w
        * crc.w.h.w    crcc.w.h.w
        * crc.w.w.w    crcc.w.w.w
        * crc.w.d.w    crcc.w.d.w

So we can make use of these instructions to improve the performance of
calculation for crc32(c) checksums.

As can be seen from the following test results, crc32(c) instructions
can improve the performance by 58%.

                  Software implemention    Hardware acceleration
  Buffer size     time cost (seconds)      time cost (seconds)    Accel.
   100 KB                0.000845                 0.000534        59.1%
     1 MB                0.007758                 0.004836        59.4%
    10 MB                0.076593                 0.047682        59.4%
   100 MB                0.756734                 0.479126        58.5%
  1000 MB                7.563841                 4.778266        58.5%

Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2023-05-01 17:19:43 +08:00
Ard Biesheuvel 61c581a46a crypto: move gf128mul library into lib/crypto
The gf128mul library does not depend on the crypto API at all, so it can
be moved into lib/crypto. This will allow us to use it in other library
code in a subsequent patch without having to depend on CONFIG_CRYPTO.

While at it, change the Kconfig symbol name to align with other crypto
library implementations. However, the source file name is retained, as
it is reflected in the module .ko filename, and changing this might
break things for users.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-11-11 18:14:59 +08:00
Linus Torvalds 27bc50fc90 Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull MM updates from Andrew Morton:

 - Yu Zhao's Multi-Gen LRU patches are here. They've been under test in
   linux-next for a couple of months without, to my knowledge, any
   negative reports (or any positive ones, come to that).

 - Also the Maple Tree from Liam Howlett. An overlapping range-based
   tree for vmas. It it apparently slightly more efficient in its own
   right, but is mainly targeted at enabling work to reduce mmap_lock
   contention.

   Liam has identified a number of other tree users in the kernel which
   could be beneficially onverted to mapletrees.

   Yu Zhao has identified a hard-to-hit but "easy to fix" lockdep splat
   at [1]. This has yet to be addressed due to Liam's unfortunately
   timed vacation. He is now back and we'll get this fixed up.

 - Dmitry Vyukov introduces KMSAN: the Kernel Memory Sanitizer. It uses
   clang-generated instrumentation to detect used-unintialized bugs down
   to the single bit level.

   KMSAN keeps finding bugs. New ones, as well as the legacy ones.

 - Yang Shi adds a userspace mechanism (madvise) to induce a collapse of
   memory into THPs.

 - Zach O'Keefe has expanded Yang Shi's madvise(MADV_COLLAPSE) to
   support file/shmem-backed pages.

 - userfaultfd updates from Axel Rasmussen

 - zsmalloc cleanups from Alexey Romanov

 - cleanups from Miaohe Lin: vmscan, hugetlb_cgroup, hugetlb and
   memory-failure

 - Huang Ying adds enhancements to NUMA balancing memory tiering mode's
   page promotion, with a new way of detecting hot pages.

 - memcg updates from Shakeel Butt: charging optimizations and reduced
   memory consumption.

 - memcg cleanups from Kairui Song.

 - memcg fixes and cleanups from Johannes Weiner.

 - Vishal Moola provides more folio conversions

 - Zhang Yi removed ll_rw_block() :(

 - migration enhancements from Peter Xu

 - migration error-path bugfixes from Huang Ying

 - Aneesh Kumar added ability for a device driver to alter the memory
   tiering promotion paths. For optimizations by PMEM drivers, DRM
   drivers, etc.

 - vma merging improvements from Jakub Matěn.

 - NUMA hinting cleanups from David Hildenbrand.

 - xu xin added aditional userspace visibility into KSM merging
   activity.

 - THP & KSM code consolidation from Qi Zheng.

 - more folio work from Matthew Wilcox.

 - KASAN updates from Andrey Konovalov.

 - DAMON cleanups from Kaixu Xia.

 - DAMON work from SeongJae Park: fixes, cleanups.

 - hugetlb sysfs cleanups from Muchun Song.

 - Mike Kravetz fixes locking issues in hugetlbfs and in hugetlb core.

Link: https://lkml.kernel.org/r/CAOUHufZabH85CeUN-MEMgL8gJGzJEWUrkiM58JkTbBhh-jew0Q@mail.gmail.com [1]

* tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (555 commits)
  hugetlb: allocate vma lock for all sharable vmas
  hugetlb: take hugetlb vma_lock when clearing vma_lock->vma pointer
  hugetlb: fix vma lock handling during split vma and range unmapping
  mglru: mm/vmscan.c: fix imprecise comments
  mm/mglru: don't sync disk for each aging cycle
  mm: memcontrol: drop dead CONFIG_MEMCG_SWAP config symbol
  mm: memcontrol: use do_memsw_account() in a few more places
  mm: memcontrol: deprecate swapaccounting=0 mode
  mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
  mm/secretmem: remove reduntant return value
  mm/hugetlb: add available_huge_pages() func
  mm: remove unused inline functions from include/linux/mm_inline.h
  selftests/vm: add selftest for MADV_COLLAPSE of uffd-minor memory
  selftests/vm: add file/shmem MADV_COLLAPSE selftest for cleared pmd
  selftests/vm: add thp collapse shmem testing
  selftests/vm: add thp collapse file and tmpfs testing
  selftests/vm: modularize thp collapse memory operations
  selftests/vm: dedup THP helpers
  mm/khugepaged: add tracepoint to hpage_collapse_scan_file()
  mm/madvise: add file and shmem support to MADV_COLLAPSE
  ...
2022-10-10 17:53:04 -07:00
Alexander Potapenko 440fed95eb crypto: kmsan: disable accelerated configs under KMSAN
KMSAN is unable to understand when initialized values come from assembly. 
Disable accelerated configs in KMSAN builds to prevent false positive
reports.

Link: https://lkml.kernel.org/r/20220915150417.722975-27-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Marco Elver <elver@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2022-10-03 14:03:22 -07:00
Lukas Bulwahn 1b79573de7 crypto: blake2s - revert unintended config addition of CRYPTO_BLAKE2S
Commit 2d16803c56 ("crypto: blake2s - remove shash module") removes the
config CRYPTO_BLAKE2S.

Commit 3f342a2325 ("crypto: Kconfig - simplify hash entries") makes
various changes to the config descriptions as part of some consolidation
and clean-up, but among all those changes, it also accidently adds back
CRYPTO_BLAKE2S after its removal due to the original patch being based on
a state before the CRYPTO_BLAKE2S removal.

See Link for the author's confirmation of this happening accidently.

Fixes: 3f342a2325 ("crypto: Kconfig - simplify hash entries")
Link: https://lore.kernel.org/all/MW5PR84MB18424AB8C095BFC041AE33FDAB479@MW5PR84MB1842.NAMPRD84.PROD.OUTLOOK.COM/
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-09-24 16:14:43 +08:00
Robert Elliott a9a98d49da crypto: Kconfig - simplify compression/RNG entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:43 +08:00
Robert Elliott cf514b2a59 crypto: Kconfig - simplify cipher entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:43 +08:00
Robert Elliott 9bc517155f crypto: Kconfig - simplify userspace entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:43 +08:00
Robert Elliott 3f342a2325 crypto: Kconfig - simplify hash entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:43 +08:00
Robert Elliott e3d2eadd06 crypto: Kconfig - simplify aead entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:42 +08:00
Robert Elliott ec84348da4 crypto: Kconfig - simplify CRC entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:42 +08:00
Robert Elliott 05b3746527 crypto: Kconfig - simplify public-key entries
Shorten menu titles and make them consistent:
- acronym
- name
- architecture features in parenthesis
- no suffixes like "<something> algorithm", "support", or
  "hardware acceleration", or "optimized"

Simplify help text descriptions, update references, and ensure that
https references are still valid.

Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:42 +08:00
Robert Elliott f1f142ad43 crypto: Kconfig - add submenus
Convert each comment section into a submenu:
  Cryptographic API
    Crypto core or helper
    Public-key cryptography
    Block ciphers
    Length-preserving ciphers and modes
    AEAD (authenticated encryption with associated data) ciphers
    Hashes, digests, and MACs
    CRCs (cyclic redundancy checks)
    Compression
    Random number generation
    Userspace interface

That helps find entries (e.g., searching for a name like SHA512 doesn't
just report the location is Main menu -> Cryptography API, leaving you
to wade through 153 entries; it points you to the Digests page).

Move entries so they fall into the correct submenus and are
better sorted.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:42 +08:00
Robert Elliott 4a329fecc9 crypto: Kconfig - submenus for arm and arm64
Move ARM- and ARM64-accelerated menus into a submenu under
the Crypto API menu (paralleling all the architectures).

Make each submenu always appear if the corresponding architecture
is supported. Get rid of the ARM_CRYPTO and ARM64_CRYPTO symbols.

The "ARM Accelerated" or "ARM64 Accelerated" entry disappears from:
    General setup  --->
    Platform selection  --->
    Kernel Features  --->
    Boot options  --->
    Power management options  --->
    CPU Power Management  --->
[*] ACPI (Advanced Configuration and Power Interface) Support  --->
[*] Virtualization  --->
[*] ARM Accelerated Cryptographic Algorithms  --->
     (or)
[*] ARM64 Accelerated Cryptographic Algorithms  --->
    ...
-*- Cryptographic API  --->
    Library routines  --->
    Kernel hacking  --->

and moves into the Cryptographic API menu, which now contains:
      ...
      Accelerated Cryptographic Algorithms for CPU (arm) --->
      (or)
      Accelerated Cryptographic Algorithms for CPU (arm64) --->
[*]   Hardware crypto devices  --->
      ...

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:41 +08:00
Robert Elliott 28a936ef44 crypto: Kconfig - move x86 entries to a submenu
Move CPU-specific crypto/Kconfig entries to arch/xxx/crypto/Kconfig
and create a submenu for them under the Crypto API menu.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:41 +08:00
Robert Elliott 0e9f9ea6e2 crypto: Kconfig - move sparc entries to a submenu
Move CPU-specific crypto/Kconfig entries to arch/xxx/crypto/Kconfig
and create a submenu for them under the Crypto API menu.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:41 +08:00
Robert Elliott c9d24c97c8 crypto: Kconfig - move s390 entries to a submenu
Move CPU-specific crypto/Kconfig entries to arch/xxx/crypto/Kconfig
and create a submenu for them under the Crypto API menu.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:41 +08:00
Robert Elliott 6a490a4e8b crypto: Kconfig - move powerpc entries to a submenu
Move CPU-specific crypto/Kconfig entries to arch/xxx/crypto/Kconfig
and create a submenu for them under the Crypto API menu.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:41 +08:00
Robert Elliott e45f710b42 crypto: Kconfig - move mips entries to a submenu
Move CPU-specific crypto/Kconfig entries to arch/xxx/crypto/Kconfig
and create a submenu for them under the Crypto API menu.

Suggested-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Robert Elliott <elliott@hpe.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-26 18:50:40 +08:00
Eric Biggers 7033b937e2 crypto: lib - create utils module and move __crypto_memneq into it
As requested at
https://lore.kernel.org/r/YtEgzHuuMts0YBCz@gondor.apana.org.au, move
__crypto_memneq into lib/crypto/ and put it under a new tristate.  The
tristate is CRYPTO_LIB_UTILS, and it builds a module libcryptoutils.  As
more crypto library utilities are being added, this creates a single
place for them to go without cluttering up the main lib directory.

The module's main file will be lib/crypto/utils.c.  However, leave
memneq.c as its own file because of its nonstandard license.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-08-19 18:39:33 +08:00
Linus Torvalds c2a24a7a03 Merge tag 'v5.20-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu:
"API:

   - Make proc files report fips module name and version

  Algorithms:

   - Move generic SHA1 code into lib/crypto

   - Implement Chinese Remainder Theorem for RSA

   - Remove blake2s

   - Add XCTR with x86/arm64 acceleration

   - Add POLYVAL with x86/arm64 acceleration

   - Add HCTR2

   - Add ARIA

  Drivers:

   - Add support for new CCP/PSP device ID in ccp"

* tag 'v5.20-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (89 commits)
  crypto: tcrypt - Remove the static variable initialisations to NULL
  crypto: arm64/poly1305 - fix a read out-of-bound
  crypto: hisilicon/zip - Use the bitmap API to allocate bitmaps
  crypto: hisilicon/sec - fix auth key size error
  crypto: ccree - Remove a useless dma_supported() call
  crypto: ccp - Add support for new CCP/PSP device ID
  crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
  crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem during softirq
  crypto: testmgr - some more fixes to RSA test vectors
  cyrpto: powerpc/aes - delete the rebundant word "block" in comments
  hwrng: via - Fix comment typo
  crypto: twofish - Fix comment typo
  crypto: rmd160 - fix Kconfig "its" grammar
  crypto: keembay-ocs-ecc - Drop if with an always false condition
  Documentation: qat: rewrite description
  Documentation: qat: Use code block for qat sysfs example
  crypto: lib - add module license to libsha1
  crypto: lib - make the sha1 library optional
  crypto: lib - move lib/sha1.c into lib/crypto/
  crypto: fips - make proc files report fips module name and version
  ...
2022-08-02 17:45:14 -07:00
Randy Dunlap 4cbdecd02f crypto: rmd160 - fix Kconfig "its" grammar
Use the possessive "its" instead of the contraction "it's"
where appropriate.

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-07-22 16:22:04 +08:00
Eric Biggers ec8f7f4821 crypto: lib - make the sha1 library optional
Since the Linux RNG no longer uses sha1_transform(), the SHA-1 library
is no longer needed unconditionally.  Make it possible to build the
Linux kernel without the SHA-1 library by putting it behind a kconfig
option, and selecting this new option from the kconfig options that gate
the remaining users: CRYPTO_SHA1 for crypto/sha1_generic.c, BPF for
kernel/bpf/core.c, and IPV6 for net/ipv6/addrconf.c.

Unfortunately, since BPF is selected by NET, for now this can only make
a difference for kernels built without networking support.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-07-15 16:43:59 +08:00
Vladis Dronov 5a44749f65 crypto: fips - make proc files report fips module name and version
FIPS 140-3 introduced a requirement for the FIPS module to return
information about itself, specifically a name and a version. These
values must match the values reported on FIPS certificates.

This patch adds two files to read a name and a version from:

/proc/sys/crypto/fips_name
/proc/sys/crypto/fips_version

v2: removed redundant parentheses in config entries.
v3: move FIPS_MODULE_* defines to fips.c where they are used.
v4: return utsrelease.h inclusion

Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-07-15 16:43:22 +08:00
Taehee Yoo e4e712bbbd crypto: aria - Implement ARIA symmetric cipher algorithm
ARIA(RFC 5794) is a symmetric block cipher algorithm.
This algorithm is being used widely in South Korea as a standard cipher
algorithm.
This code is written based on the ARIA implementation of OpenSSL.
The OpenSSL code is based on the distributed source code[1] by KISA.

ARIA has three key sizes and corresponding rounds.
ARIA128: 12 rounds.
ARIA192: 14 rounds.
ARIA245: 16 rounds.

[1] https://seed.kisa.or.kr/kisa/Board/19/detailView.do (Korean)

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-07-15 16:38:19 +08:00
Jason A. Donenfeld b7133757da crypto: s390 - do not depend on CRYPTO_HW for SIMD implementations
Various accelerated software implementation Kconfig values for S390 were
mistakenly placed into drivers/crypto/Kconfig, even though they're
mainly just SIMD code and live in arch/s390/crypto/ like usual. This
gives them the very unusual dependency on CRYPTO_HW, which leads to
problems elsewhere.

This patch fixes the issue by moving the Kconfig values for non-hardware
drivers into the usual place in crypto/Kconfig.

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-07-06 20:04:06 -07:00
Jason A. Donenfeld abfed87e2a crypto: memneq - move into lib/
This is used by code that doesn't need CONFIG_CRYPTO, so move this into
lib/ with a Kconfig option so that it can be selected by whatever needs
it.

This fixes a linker error Zheng pointed out when
CRYPTO_MANAGER_DISABLE_TESTS!=y and CRYPTO=m:

  lib/crypto/curve25519-selftest.o: In function `curve25519_selftest':
  curve25519-selftest.c:(.init.text+0x60): undefined reference to `__crypto_memneq'
  curve25519-selftest.c:(.init.text+0xec): undefined reference to `__crypto_memneq'
  curve25519-selftest.c:(.init.text+0x114): undefined reference to `__crypto_memneq'
  curve25519-selftest.c:(.init.text+0x154): undefined reference to `__crypto_memneq'

Reported-by: Zheng Bin <zhengbin13@huawei.com>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: stable@vger.kernel.org
Fixes: aa127963f1 ("crypto: lib/curve25519 - re-add selftests")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-06-12 14:51:51 +08:00