crypto: caam - add more RNG hw error codes

In some cases, e.g. when TRNG is not properly configured,
the RNG module could issue a "Hardware error" at runtime.

"Continuos check" error is emitted whe

crypto: caam - add more RNG hw error codes

In some cases, e.g. when TRNG is not properly configured,
the RNG module could issue a "Hardware error" at runtime.

"Continuos check" error is emitted when some of the BISTs fail.

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - make CAAM_PTR_SZ dynamic

In order to be able to configure CAAM pointer size at run-time, which
needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer
size, convert CAAM_PT

crypto: caam - make CAAM_PTR_SZ dynamic

In order to be able to configure CAAM pointer size at run-time, which
needed to support i.MX8MQ, which is 64-bit SoC with 32-bit pointer
size, convert CAAM_PTR_SZ to refer to a global variable of the same
name ("caam_ptr_sz") and adjust the rest of the code accordingly. No
functional change intended.

Signed-off-by: Andrey Smirnov <[email protected]>
Cc: Chris Spencer <[email protected]>
Cc: Cory Tusar <[email protected]>
Cc: Chris Healy <[email protected]>
Cc: Lucas Stach <[email protected]>
Cc: Horia Geantă <[email protected]>
Cc: Aymen Sghaier <[email protected]>
Cc: Leonard Crestez <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - fix return code in completion callbacks

Modify drive to provide a valid errno (and not the HW error ID)
to the user, via completion callbacks.

A "valid errno" is currently not explic

crypto: caam - fix return code in completion callbacks

Modify drive to provide a valid errno (and not the HW error ID)
to the user, via completion callbacks.

A "valid errno" is currently not explicitly mentioned in the docs,
however the error code is expected to match the one returned by the
generic SW implementation.

Note: in most error cases caam/qi and caam/qi2 returned -EIO; align all
caam drivers to return -EINVAL.

While here, ratelimit prints triggered by fuzz testing, such that
console is not flooded.

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Iuliana Prodan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam/qi - fix error handling in ERN handler

ERN handler calls the caam/qi frontend "done" callback with a status
of -EIO. This is incorrect, since the callback expects a status value
meaning

crypto: caam/qi - fix error handling in ERN handler

ERN handler calls the caam/qi frontend "done" callback with a status
of -EIO. This is incorrect, since the callback expects a status value
meaningful for the crypto engine - hence the cryptic messages
like the one below:
platform caam_qi: 15: unknown error source

Fix this by providing the callback with:
-the status returned by the crypto engine (fd[status]) in case
it contains an error, OR
-a QI "No error" code otherwise; this will trigger the message:
platform caam_qi: 50000000: Queue Manager Interface: No error
which is fine, since QMan driver provides details about the cause of
failure

Cc: <[email protected]> # v5.1+
Fixes: 67c2315def06 ("crypto: caam - add Queue Interface (QI) backend support")
Signed-off-by: Horia Geantă <[email protected]>
Reviewed-by: Iuliana Prodan <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - print messages in caam_dump_sg at debug level

caam_dump_sg() is only compiled in when DEBUG is defined, hence the
messages are debug messages. Remove the @level argument from
caam_dum

crypto: caam - print messages in caam_dump_sg at debug level

caam_dump_sg() is only compiled in when DEBUG is defined, hence the
messages are debug messages. Remove the @level argument from
caam_dump_sg() and print all messages at debug level.

Signed-off-by: Sascha Hauer <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - fix caam_dump_sg that iterates through scatterlist

Fix caam_dump_sg by correctly determining the next scatterlist
entry in the list.

Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump"

crypto: caam - fix caam_dump_sg that iterates through scatterlist

Fix caam_dump_sg by correctly determining the next scatterlist
entry in the list.

Fixes: 5ecf8ef9103c ("crypto: caam - fix sg dump")
Signed-off-by: Iuliana Prodan <[email protected]>
Reviewed-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - fix spelling mistake "cannote" -> "cannot"

There is a spelling mistake in an error message in the qi_error_list
array. Fix this.

Signed-off-by: Colin Ian King <[email protected]

crypto: caam - fix spelling mistake "cannote" -> "cannot"

There is a spelling mistake in an error message in the qi_error_list
array. Fix this.

Signed-off-by: Colin Ian King <[email protected]>
Reviewed-by: Mukesh Ojha <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - move shared symbols in a common location

There are several issues with symbols shared b/w:
-caam/jr and caam/qi drivers on one hand
-caam/qi2 driver on the other hand

Commit 52813ab2

crypto: caam - move shared symbols in a common location

There are several issues with symbols shared b/w:
-caam/jr and caam/qi drivers on one hand
-caam/qi2 driver on the other hand

Commit 52813ab24959 ("crypto: caam/qi2 - avoid double export") fixed
some of them, however compilation still fails for CRYPTO_DEV_FSL_CAAM=m
and CRYPTO_DEV_FSL_DPAA2_CAAM=y.

Another issue is related to dependency cycles reported by depmod when
CRYPTO_DEV_FSL_CAAM=n and CRYPTO_DEV_FSL_DPAA2_CAAM=m, as mentioned in
82c7b351be3f ("Revert "arm64: defconfig: Enable FSL_MC_BUS and FSL_MC_DPIO"")

To fix all these, move the symbols shared by these drivers in a common
location. The only existing possibility is error.c file (note that naming
doesn't help and should probably change).

Fixes: 52813ab24959 ("crypto: caam/qi2 - avoid double export")
Reported-by: Arnd Bergmann <[email protected]>
Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam/qi2 - add DPAA2-CAAM driver

Add CAAM driver that works using the DPSECI backend, i.e. manages
DPSECI DPAA2 objects sitting on the Management Complex (MC) fsl-mc bus.

Data transfers (cr

crypto: caam/qi2 - add DPAA2-CAAM driver

Add CAAM driver that works using the DPSECI backend, i.e. manages
DPSECI DPAA2 objects sitting on the Management Complex (MC) fsl-mc bus.

Data transfers (crypto requests) are sent/received to/from CAAM crypto
engine via Queue Interface (v2), this being similar to existing caam/qi.
OTOH, configuration/setup (obtaining virtual queue IDs, authorization
etc.) is done by sending commands to the MC f/w.

Note that the CAAM accelerator included in DPAA2 platforms still has
Job Rings. However, the driver being added does not handle access
via this backend. Kconfig & Makefile are updated such that DPAA2-CAAM
(a.k.a. "caam/qi2") driver does not depend on caam/jr or caam/qi
backends - which rely on platform bus support (ctrl.c).

Support for the following aead and authenc algorithms is also added
in this patch:
-aead:
gcm(aes)
rfc4106(gcm(aes))
rfc4543(gcm(aes))
-authenc:
authenc(hmac({md5,sha*}),cbc({aes,des,des3_ede}))
echainiv(authenc(hmac({md5,sha*}),cbc({aes,des,des3_ede})))
authenc(hmac({md5,sha*}),rfc3686(ctr(aes))
seqiv(authenc(hmac({md5,sha*}),rfc3686(ctr(aes)))

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - add Queue Interface v2 error codes

Add support to translate error codes returned by QI v2, i.e.
Queue Interface present on DataPath Acceleration Architecture
v2 (DPAA2).

Signed-off-b

crypto: caam - add Queue Interface v2 error codes

Add support to translate error codes returned by QI v2, i.e.
Queue Interface present on DataPath Acceleration Architecture
v2 (DPAA2).

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine

License cleanup: add SPDX GPL-2.0 license identifier to files with no license

Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.

By default all files without license information are under the default
license of the kernel, which is GPL version 2.

Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.

This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.

How this work was done:

Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,

Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.

The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.

The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.

Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).

All documentation files were explicitly excluded.

The following heuristics were used to determine which SPDX license
identifiers to apply.

- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.

For non */uapi/* files that summary was:

SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139

and resulted in the first patch in this series.

If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:

SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930

and resulted in the second patch in this series.

- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:

SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1

and that resulted in the third patch in this series.

- when the two scanners agreed on the detected license(s), that became
the concluded license(s).

- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.

- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).

- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.

- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.

In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.

Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.

Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.

In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.

Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct

This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.

These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.

Reviewed-by: Kate Stewart <[email protected]>
Reviewed-by: Philippe Ombredanne <[email protected]>
Reviewed-by: Thomas Gleixner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

show more ...

crypto: caam/qi - fix compilation with DEBUG enabled

caam/qi driver does not compile when DEBUG is enabled
(CRYPTO_DEV_FSL_CAAM_DEBUG=y):

drivers/crypto/caam/caamalg_qi.c: In function 'ablkcipher_d

crypto: caam/qi - fix compilation with DEBUG enabled

caam/qi driver does not compile when DEBUG is enabled
(CRYPTO_DEV_FSL_CAAM_DEBUG=y):

drivers/crypto/caam/caamalg_qi.c: In function 'ablkcipher_done':
drivers/crypto/caam/caamalg_qi.c:794:2: error: implicit declaration of function 'dbg_dump_sg' [-Werror=implicit-function-declaration]
dbg_dump_sg(KERN_ERR, "dst @" __stringify(__LINE__)": ",

Since dbg_dump_sg() is shared between caam/jr and caam/qi, move it
in a shared location and export it.

At the same time:
-reduce ifdeferry by providing a no-op implementation for !DEBUG case
-rename it to caam_dump_sg() to be consistent in terms of
exported symbols namespace (caam_*)

Cc: <[email protected]>
Fixes: b189817cf789 ("crypto: caam/qi - add ablkcipher and authenc algorithms")
Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - don't include unneeded headers

intern.h, jr.h are not needed in error.c
error.h is not needed in ctrl.c

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <

crypto: caam - don't include unneeded headers

intern.h, jr.h are not needed in error.c
error.h is not needed in ctrl.c

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - remove unreachable code in report_ccb_status()

ERRID is a 4-bit field.
Since err_id values are in [0..15] and err_id_list array size is 16,
the condition "err_id < ARRAY_SIZE(err_id_l

crypto: caam - remove unreachable code in report_ccb_status()

ERRID is a 4-bit field.
Since err_id values are in [0..15] and err_id_list array size is 16,
the condition "err_id < ARRAY_SIZE(err_id_list)" is always true.

Signed-off-by: Horia Geantă <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - don't emit ICV check failures to dmesg

ICV check failures are part of normal operation;
leave user notification up to the higher levels,
as is done in s/w algorithm implementations.

crypto: caam - don't emit ICV check failures to dmesg

ICV check failures are part of normal operation;
leave user notification up to the higher levels,
as is done in s/w algorithm implementations.

Signed-off-by: Kim Phillips <[email protected]>
Tested-by: Cristian Stoica <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - fix error reporting

The error code returned by hardware is four bits wide with an expected
zero MSB. A hardware error condition where the error code can get between
0x8 and 0xf will t

crypto: caam - fix error reporting

The error code returned by hardware is four bits wide with an expected
zero MSB. A hardware error condition where the error code can get between
0x8 and 0xf will trigger an out of bound array access on the error
message table.
This patch fixes the invalid array access following such an error and
reports the condition.

Signed-off-by: Cristian Stoica <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Fix the 'quoted string split across lines'

Fix the checkpatch warnings that the strings were split across
multiple lines. Checkpatch now complains about lines over 80,
but this is bet

crypto: caam - Fix the 'quoted string split across lines'

Fix the checkpatch warnings that the strings were split across
multiple lines. Checkpatch now complains about lines over 80,
but this is better, since we can actually grep the source code
for these strings now.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Sweep the remnants

Clean up the remnants from the rework. Constify function arguments.

Note that checkpatch again complains about this space before newline,
but this is the original

crypto: caam - Sweep the remnants

Clean up the remnants from the rework. Constify function arguments.

Note that checkpatch again complains about this space before newline,
but this is the original code behavior, so I'm keeping it.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Kill SPRINTFCAT() with fire

This macro is just like an encyclopedia of string handling done wrong.
This must die. This is so wrong on so many levels.

Signed-off-by: Marek Vasut <mare

crypto: caam - Kill SPRINTFCAT() with fire

This macro is just like an encyclopedia of string handling done wrong.
This must die. This is so wrong on so many levels.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Clean up report_deco_status()

Clean this function up and rework it into sensible shape. This function
now contains one single dev_err() instead of the previous insanity full
of memory

crypto: caam - Clean up report_deco_status()

Clean this function up and rework it into sensible shape. This function
now contains one single dev_err() instead of the previous insanity full
of memory allocation, chaotic string handling and use of SPRINTFCAT().

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Clean up report_ccb_status()

Clean this function up and rework it into sensible shape. This function
now contains one single dev_err() instead of the previous insanity full
of memory

crypto: caam - Clean up report_ccb_status()

Clean this function up and rework it into sensible shape. This function
now contains one single dev_err() instead of the previous insanity full
of memory allocation, possible stack overwriting, chaotic string handling
and use of SPRINTFCAT().

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Dissolve report_jump_idx()

Just dissolve this function so it's not in the way of applying
further white magic cleanup down the line.

Signed-off-by: Marek Vasut <[email protected]>
Cc: He

crypto: caam - Dissolve report_jump_idx()

Just dissolve this function so it's not in the way of applying
further white magic cleanup down the line.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Kill the easy targets

Fix the functions which can be obviously done right with a simple
dev_err() now. While at it, further press the on-stack allocation
of buffer for sprintf() voodo

crypto: caam - Kill the easy targets

Fix the functions which can be obviously done right with a simple
dev_err() now. While at it, further press the on-stack allocation
of buffer for sprintf() voodoo down into the abominated functions.

This patch cleans up most of the functions and leaves just two
remaining functions, report_ccb_status() and report_deco_status()
ugly and unhappy.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Pass error type into the functions

Pass the error type string into the functions, so they can handle
the printing of the string. This is now still using the very unsafe
sprintf(), but

crypto: caam - Pass error type into the functions

Pass the error type string into the functions, so they can handle
the printing of the string. This is now still using the very unsafe
sprintf(), but we will fix that.

While at this, pass the device pointer too, so we can dev_err()
functions readily when we start fixing this proper.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...

crypto: caam - Implement fast-path for error codes with no handler

Implement fast-path error code printout for errors with no associated
handler function. This reduces calls to this kmalloc() nonsen

crypto: caam - Implement fast-path for error codes with no handler

Implement fast-path error code printout for errors with no associated
handler function. This reduces calls to this kmalloc() nonsense in
SPRINTFCAT() already.

Note that the format of output is compatible with the old code, even
if -- exposed like this -- it looks a bit weird. Checkpatch complains
on this one as well.

Signed-off-by: Marek Vasut <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Horia Geanta <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

show more ...