2020-01-29 14:38:28

by Gilad Ben-Yossef

[permalink] [raw]
Subject: [PATCH 0/4] crypto: ccree - fixes

Fixes in AEAD DMA mapping code and blocksize reporting

Gilad Ben-Yossef (4):
crypto: ccree - protect against empty or NULL scatterlists
crypto: ccree - only try to map auth tag if needed
crypto: ccree - fix some reported cipher block sizes
crypto: ccree - fix AEAD blocksize registration

drivers/crypto/ccree/cc_aead.c | 1 +
drivers/crypto/ccree/cc_buffer_mgr.c | 68 +++++++++++++---------------
drivers/crypto/ccree/cc_buffer_mgr.h | 1 +
drivers/crypto/ccree/cc_cipher.c | 8 +++-
4 files changed, 39 insertions(+), 39 deletions(-)

--
2.25.0


2020-01-29 14:38:44

by Gilad Ben-Yossef

[permalink] [raw]
Subject: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

Fix an error causing no block sizes to be reported during
all AEAD registrations.

Signed-off-by: Gilad Ben-Yossef <[email protected]>
---
drivers/crypto/ccree/cc_aead.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index edab44cbd353..b69cfbebc59a 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -2642,6 +2642,7 @@ static struct cc_crypto_alg *cc_create_aead_alg(struct cc_alg_template *tmpl,

alg->base.cra_ctxsize = sizeof(struct cc_aead_ctx);
alg->base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_KERN_DRIVER_ONLY;
+ alg->base.cra_blocksize = tmpl->blocksize;
alg->init = cc_aead_init;
alg->exit = cc_aead_exit;

--
2.25.0

2020-01-29 14:38:47

by Gilad Ben-Yossef

[permalink] [raw]
Subject: [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes

OFB and CTR modes block sizes were wrongfully reported as
the underlying block sizes. Fix it to 1 bytes as they
turn the block ciphers into stream ciphers.

Also document why our XTS differes from the generic
implementation.

Signed-off-by: Gilad Ben-Yossef <[email protected]>
---
drivers/crypto/ccree/cc_cipher.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
index c08dee04941b..73457548ee92 100644
--- a/drivers/crypto/ccree/cc_cipher.c
+++ b/drivers/crypto/ccree/cc_cipher.c
@@ -1236,6 +1236,10 @@ static const struct cc_alg_template skcipher_algs[] = {
.sec_func = true,
},
{
+ /* See https://www.mail-archive.com/[email protected]/msg40576.html
+ * for the reason why this differs from the generic
+ * implementation.
+ */
.name = "xts(aes)",
.driver_name = "xts-aes-ccree",
.blocksize = 1,
@@ -1431,7 +1435,7 @@ static const struct cc_alg_template skcipher_algs[] = {
{
.name = "ofb(aes)",
.driver_name = "ofb-aes-ccree",
- .blocksize = AES_BLOCK_SIZE,
+ .blocksize = 1,
.template_skcipher = {
.setkey = cc_cipher_setkey,
.encrypt = cc_cipher_encrypt,
@@ -1584,7 +1588,7 @@ static const struct cc_alg_template skcipher_algs[] = {
{
.name = "ctr(sm4)",
.driver_name = "ctr-sm4-ccree",
- .blocksize = SM4_BLOCK_SIZE,
+ .blocksize = 1,
.template_skcipher = {
.setkey = cc_cipher_setkey,
.encrypt = cc_cipher_encrypt,
--
2.25.0

2020-01-29 14:38:50

by Gilad Ben-Yossef

[permalink] [raw]
Subject: [PATCH 1/4] crypto: ccree - protect against empty or NULL scatterlists

Deal gracefully with a NULL or empty scatterlist which can happen
if both cryptlen and assoclen are zero and we're doing in-place
AEAD encryption.

This fixes a crash when this causes us to try and map a NULL page,
at least with some platforms / DMA mapping configs.

Cc: [email protected] # v4.19+
Reported-by: Geert Uytterhoeven <[email protected]>
Tested-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Gilad Ben-Yossef <[email protected]>
---
drivers/crypto/ccree/cc_buffer_mgr.c | 62 ++++++++++++----------------
drivers/crypto/ccree/cc_buffer_mgr.h | 1 +
2 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index a72586eccd81..b938ceae7ae7 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -87,6 +87,8 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
{
unsigned int nents = 0;

+ *lbytes = 0;
+
while (nbytes && sg_list) {
nents++;
/* get the number of bytes in the last entry */
@@ -95,6 +97,7 @@ static unsigned int cc_get_sgl_nents(struct device *dev,
nbytes : sg_list->length;
sg_list = sg_next(sg_list);
}
+
dev_dbg(dev, "nents %d last bytes %d\n", nents, *lbytes);
return nents;
}
@@ -290,37 +293,25 @@ static int cc_map_sg(struct device *dev, struct scatterlist *sg,
unsigned int nbytes, int direction, u32 *nents,
u32 max_sg_nents, u32 *lbytes, u32 *mapped_nents)
{
- if (sg_is_last(sg)) {
- /* One entry only case -set to DLLI */
- if (dma_map_sg(dev, sg, 1, direction) != 1) {
- dev_err(dev, "dma_map_sg() single buffer failed\n");
- return -ENOMEM;
- }
- dev_dbg(dev, "Mapped sg: dma_address=%pad page=%p addr=%pK offset=%u length=%u\n",
- &sg_dma_address(sg), sg_page(sg), sg_virt(sg),
- sg->offset, sg->length);
- *lbytes = nbytes;
- *nents = 1;
- *mapped_nents = 1;
- } else { /*sg_is_last*/
- *nents = cc_get_sgl_nents(dev, sg, nbytes, lbytes);
- if (*nents > max_sg_nents) {
- *nents = 0;
- dev_err(dev, "Too many fragments. current %d max %d\n",
- *nents, max_sg_nents);
- return -ENOMEM;
- }
- /* In case of mmu the number of mapped nents might
- * be changed from the original sgl nents
- */
- *mapped_nents = dma_map_sg(dev, sg, *nents, direction);
- if (*mapped_nents == 0) {
- *nents = 0;
- dev_err(dev, "dma_map_sg() sg buffer failed\n");
- return -ENOMEM;
- }
+ int ret = 0;
+
+ *nents = cc_get_sgl_nents(dev, sg, nbytes, lbytes);
+ if (*nents > max_sg_nents) {
+ *nents = 0;
+ dev_err(dev, "Too many fragments. current %d max %d\n",
+ *nents, max_sg_nents);
+ return -ENOMEM;
}

+ ret = dma_map_sg(dev, sg, *nents, direction);
+ if (dma_mapping_error(dev, ret)) {
+ *nents = 0;
+ dev_err(dev, "dma_map_sg() sg buffer failed %d\n", ret);
+ return -ENOMEM;
+ }
+
+ *mapped_nents = ret;
+
return 0;
}

@@ -555,11 +546,12 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
sg_virt(req->src), areq_ctx->src.nents, areq_ctx->assoc.nents,
areq_ctx->assoclen, req->cryptlen);

- dma_unmap_sg(dev, req->src, sg_nents(req->src), DMA_BIDIRECTIONAL);
+ dma_unmap_sg(dev, req->src, areq_ctx->src.mapped_nents,
+ DMA_BIDIRECTIONAL);
if (req->src != req->dst) {
dev_dbg(dev, "Unmapping dst sgl: req->dst=%pK\n",
sg_virt(req->dst));
- dma_unmap_sg(dev, req->dst, sg_nents(req->dst),
+ dma_unmap_sg(dev, req->dst, areq_ctx->dst.mapped_nents,
DMA_BIDIRECTIONAL);
}
if (drvdata->coherent &&
@@ -881,7 +873,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
&src_last_bytes);
sg_index = areq_ctx->src_sgl->length;
//check where the data starts
- while (sg_index <= size_to_skip) {
+ while (src_mapped_nents && (sg_index <= size_to_skip)) {
src_mapped_nents--;
offset -= areq_ctx->src_sgl->length;
sgl = sg_next(areq_ctx->src_sgl);
@@ -908,7 +900,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
size_for_map += crypto_aead_ivsize(tfm);

rc = cc_map_sg(dev, req->dst, size_for_map, DMA_BIDIRECTIONAL,
- &areq_ctx->dst.nents,
+ &areq_ctx->dst.mapped_nents,
LLI_MAX_NUM_OF_DATA_ENTRIES, &dst_last_bytes,
&dst_mapped_nents);
if (rc)
@@ -921,7 +913,7 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata,
offset = size_to_skip;

//check where the data starts
- while (sg_index <= size_to_skip) {
+ while (dst_mapped_nents && sg_index <= size_to_skip) {
dst_mapped_nents--;
offset -= areq_ctx->dst_sgl->length;
sgl = sg_next(areq_ctx->dst_sgl);
@@ -1123,7 +1115,7 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req)
if (is_gcm4543)
size_to_map += crypto_aead_ivsize(tfm);
rc = cc_map_sg(dev, req->src, size_to_map, DMA_BIDIRECTIONAL,
- &areq_ctx->src.nents,
+ &areq_ctx->src.mapped_nents,
(LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES +
LLI_MAX_NUM_OF_DATA_ENTRIES),
&dummy, &mapped_nents);
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.h b/drivers/crypto/ccree/cc_buffer_mgr.h
index af434872c6ff..827b6cb1236e 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.h
+++ b/drivers/crypto/ccree/cc_buffer_mgr.h
@@ -25,6 +25,7 @@ enum cc_sg_cpy_direct {

struct cc_mlli {
cc_sram_addr_t sram_addr;
+ unsigned int mapped_nents;
unsigned int nents; //sg nents
unsigned int mlli_nents; //mlli nents might be different than the above
};
--
2.25.0

2020-01-29 14:38:50

by Gilad Ben-Yossef

[permalink] [raw]
Subject: [PATCH 2/4] crypto: ccree - only try to map auth tag if needed

Make sure to only add the size of the auth tag to the source mapping
for encryption if it is an in-place operation. Failing to do this
previously caused us to try and map auth size len bytes from a NULL
mapping and crashing if both the cryptlen and assoclen are zero.

Reported-by: Geert Uytterhoeven <[email protected]>
Tested-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Gilad Ben-Yossef <[email protected]>
Cc: [email protected] # v4.19+
---
drivers/crypto/ccree/cc_buffer_mgr.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index b938ceae7ae7..885347b5b372 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -1109,9 +1109,11 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req)
}

size_to_map = req->cryptlen + areq_ctx->assoclen;
- if (areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_ENCRYPT)
+ /* If we do in-place encryption, we also need the auth tag */
+ if ((areq_ctx->gen_ctx.op_type == DRV_CRYPTO_DIRECTION_ENCRYPT) &&
+ (req->src == req->dst)) {
size_to_map += authsize;
-
+ }
if (is_gcm4543)
size_to_map += crypto_aead_ivsize(tfm);
rc = cc_map_sg(dev, req->src, size_to_map, DMA_BIDIRECTIONAL,
--
2.25.0

2020-01-29 14:58:24

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [PATCH 3/4] crypto: ccree - fix some reported cipher block sizes

Hi Gilad,

On Wed, Jan 29, 2020 at 3:38 PM Gilad Ben-Yossef <[email protected]> wrote:
> OFB and CTR modes block sizes were wrongfully reported as
> the underlying block sizes. Fix it to 1 bytes as they
> turn the block ciphers into stream ciphers.
>
> Also document why our XTS differes from the generic
> implementation.
>
> Signed-off-by: Gilad Ben-Yossef <[email protected]>
> ---
> drivers/crypto/ccree/cc_cipher.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c
> index c08dee04941b..73457548ee92 100644
> --- a/drivers/crypto/ccree/cc_cipher.c
> +++ b/drivers/crypto/ccree/cc_cipher.c
> @@ -1236,6 +1236,10 @@ static const struct cc_alg_template skcipher_algs[] = {
> .sec_func = true,
> },
> {
> + /* See https://www.mail-archive.com/[email protected]/msg40576.html

You may want to refer to
https://lore.kernel.org/linux-crypto/[email protected]/
instead, as mail-archive is maintained externally.


> + * for the reason why this differs from the generic
> + * implementation.
> + */
> .name = "xts(aes)",
> .driver_name = "xts-aes-ccree",
> .blocksize = 1,
> @@ -1431,7 +1435,7 @@ static const struct cc_alg_template skcipher_algs[] = {
> {
> .name = "ofb(aes)",
> .driver_name = "ofb-aes-ccree",
> - .blocksize = AES_BLOCK_SIZE,
> + .blocksize = 1,
> .template_skcipher = {
> .setkey = cc_cipher_setkey,
> .encrypt = cc_cipher_encrypt,
> @@ -1584,7 +1588,7 @@ static const struct cc_alg_template skcipher_algs[] = {
> {
> .name = "ctr(sm4)",
> .driver_name = "ctr-sm4-ccree",
> - .blocksize = SM4_BLOCK_SIZE,
> + .blocksize = 1,
> .template_skcipher = {
> .setkey = cc_cipher_setkey,
> .encrypt = cc_cipher_encrypt,
> --
> 2.25.0
>


--
Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

2020-01-29 15:17:50

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

Hi Gilad,

On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <[email protected]> wrote:
> Fix an error causing no block sizes to be reported during
> all AEAD registrations.
>
> Signed-off-by: Gilad Ben-Yossef <[email protected]>

Thanks, this fixes:

alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
doesn't match generic impl (16)
alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
doesn't match generic impl (16)

which you may want to mention in the commit description, so
people who search for the error message will find the fix.

Tested-by: Geert Uytterhoeven <[email protected]>

Note that even after applying this series, the kernel still crashes with

kernel BUG at kernel/dma/swiotlb.c:497!
....
Call trace:
swiotlb_tbl_map_single+0x30c/0x380
swiotlb_map+0xb0/0x300
dma_direct_map_page+0xb8/0x140
dma_direct_map_sg+0x78/0xe0
cc_map_sg+0xa0/0xd0
cc_aead_chain_data.constprop.25+0x17c/0x6a0
cc_map_aead_request+0x61c/0x990
cc_proc_aead+0x140/0xeb0
cc_aead_decrypt+0x48/0x68
crypto_aead_decrypt+0x30/0x48
test_aead_vec_cfg+0x5a0/0x8d0

but you may be aware of that.

CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

2020-01-30 11:34:15

by Gilad Ben-Yossef

[permalink] [raw]
Subject: Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <[email protected]> wrote:
>
> Hi Gilad,
>
> On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <[email protected]> wrote:
> > Fix an error causing no block sizes to be reported during
> > all AEAD registrations.
> >
> > Signed-off-by: Gilad Ben-Yossef <[email protected]>
>
> Thanks, this fixes:
>
> alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> doesn't match generic impl (16)
> alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> doesn't match generic impl (16)
>
> which you may want to mention in the commit description, so
> people who search for the error message will find the fix.
>
> Tested-by: Geert Uytterhoeven <[email protected]>
>
> Note that even after applying this series, the kernel still crashes with
>
> kernel BUG at kernel/dma/swiotlb.c:497!
> ....
> Call trace:
> swiotlb_tbl_map_single+0x30c/0x380
> swiotlb_map+0xb0/0x300
> dma_direct_map_page+0xb8/0x140
> dma_direct_map_sg+0x78/0xe0
> cc_map_sg+0xa0/0xd0
> cc_aead_chain_data.constprop.25+0x17c/0x6a0
> cc_map_aead_request+0x61c/0x990
> cc_proc_aead+0x140/0xeb0
> cc_aead_decrypt+0x48/0x68
> crypto_aead_decrypt+0x30/0x48
> test_aead_vec_cfg+0x5a0/0x8d0
>
> but you may be aware of that.
>
> CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
> CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y


OK, this is a new one yet - we are now crashing in out-of-place decryption.
And again, I am not seeing this in the different test board, even with
DMA debug turned on.

Can you help me out and print the cryptlen and assoclen (I'm guessing
both are zero), authlen and which AEAD/mode this is?

Thanks alot,
Gilad

2020-01-30 13:20:12

by Geert Uytterhoeven

[permalink] [raw]
Subject: Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

Hi Gilad,

On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <[email protected]> wrote:
> On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <[email protected]> wrote:
> > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <[email protected]> wrote:
> > > Fix an error causing no block sizes to be reported during
> > > all AEAD registrations.
> > >
> > > Signed-off-by: Gilad Ben-Yossef <[email protected]>
> >
> > Thanks, this fixes:
> >
> > alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > doesn't match generic impl (16)
> > alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > doesn't match generic impl (16)
> >
> > which you may want to mention in the commit description, so
> > people who search for the error message will find the fix.
> >
> > Tested-by: Geert Uytterhoeven <[email protected]>
> >
> > Note that even after applying this series, the kernel still crashes with
> >
> > kernel BUG at kernel/dma/swiotlb.c:497!
> > ....
> > Call trace:
> > swiotlb_tbl_map_single+0x30c/0x380
> > swiotlb_map+0xb0/0x300
> > dma_direct_map_page+0xb8/0x140
> > dma_direct_map_sg+0x78/0xe0
> > cc_map_sg+0xa0/0xd0
> > cc_aead_chain_data.constprop.25+0x17c/0x6a0
> > cc_map_aead_request+0x61c/0x990
> > cc_proc_aead+0x140/0xeb0
> > cc_aead_decrypt+0x48/0x68
> > crypto_aead_decrypt+0x30/0x48
> > test_aead_vec_cfg+0x5a0/0x8d0
> >
> > but you may be aware of that.
> >
> > CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=n
> > CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y
>
> OK, this is a new one yet - we are now crashing in out-of-place decryption.
> And again, I am not seeing this in the different test board, even with
> DMA debug turned on.

I'm using a tree based on renesas-drivers[*], with renesas_defconfig
(also from [*]), and the two config changes above.

> Can you help me out and print the cryptlen and assoclen (I'm guessing
> both are zero), authlen and which AEAD/mode this is?

The crashing test is "ccm(aes)" from alg_test_descs[].

With DEBUG=y, and a few extra debug prints, the last few lines
leading to the crash were:

ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=40
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type MLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=00000000ae78472c keylen=32
ccree e6601000.crypto: enc_keylen=32 authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=00000000b9e80940
src_ofs=24 dst=00000000b9e80940 dst_ofs=24 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=00000000ae78472c keylen=32
ccree e6601000.crypto: enc_keylen=32 authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d39b1 src = ffff0006f8a28040 dst
= ffff0006f8a28290
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000e16df7d7 src=00000000b07b5b54
src_ofs=23 dst=00000000b3abbd9e dst_ofs=23 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=0000000061847879 keylen=32
ccree e6601000.crypto: enc_keylen=32 authkeylen=0
ccree e6601000.crypto: authlen=16
cc_aead_decrypt:2086: assoclen = 32 cryptlen = 48
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=0000000026c45683
src_ofs=8 dst=0000000026c45683 dst_ofs=8 cryptolen=48
ccree e6601000.crypto: Copy-to-sram: mlli_dma=00000260, mlli_size=16
ccree e6601000.crypto: ASSOC buffer type MLLI
ccree e6601000.crypto: CIPHER: SRC/DST buffer type DLLI
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=000000002490788f keylen=16
ccree e6601000.crypto: enc_keylen=16 authkeylen=0
ccree e6601000.crypto: authlen=8
cc_aead_decrypt:2086: assoclen = 0 cryptlen = 8
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28040
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=000000006ab00be2
src_ofs=0 dst=000000006ab00be2 dst_ofs=0 cryptolen=8
ccree e6601000.crypto: Payload authentication failure, (auth-size=8, cipher=8)
ccree e6601000.crypto: Setting key in context @00000000ceb78614 for
ccm(aes). key=000000002490788f keylen=16
ccree e6601000.crypto: enc_keylen=16 authkeylen=0
ccree e6601000.crypto: authlen=8
cc_aead_decrypt:2086: assoclen = 0 cryptlen = 8
cc_aead_decrypt:2087: iv = ffff80000a5d3980 src = ffff0006f8a28040 dst
= ffff0006f8a28290
ccree e6601000.crypto: Dec context=00000000ceb78614
req=0000000057b9c395 iv=00000000784a9e35 src=000000006ab00be2
src_ofs=0 dst=00000000c4bfb383 dst_ofs=0 cryptolen=8

[*] https://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-drivers.git/tag/?h=renesas-drivers-2020-01-28-v5.5

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

2020-02-02 15:33:09

by Gilad Ben-Yossef

[permalink] [raw]
Subject: Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

On Thu, Jan 30, 2020 at 3:19 PM Geert Uytterhoeven <[email protected]> wrote:
>
> Hi Gilad,
>
> On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <[email protected]> wrote:
> > On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <[email protected]> wrote:
> > > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <[email protected]> wrote:
> > > > Fix an error causing no block sizes to be reported during
> > > > all AEAD registrations.
> > > >
> > > > Signed-off-by: Gilad Ben-Yossef <[email protected]>
> > >
> > > Thanks, this fixes:
> > >
> > > alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > > doesn't match generic impl (16)
> > > alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > > doesn't match generic impl (16)
> > >
> > > which you may want to mention in the commit description, so
> > > people who search for the error message will find the fix.
> > >
> > > Tested-by: Geert Uytterhoeven <[email protected]>
> > >
> > > Note that even after applying this series, the kernel still crashes with
> > >
> > > kernel BUG at kernel/dma/swiotlb.c:497!
> > > ....

Thank you!

I've managed to reproduce this here.
Looking into it now...

Gilad

2020-02-02 16:22:00

by Gilad Ben-Yossef

[permalink] [raw]
Subject: Re: [PATCH 4/4] crypto: ccree - fix AEAD blocksize registration

On Sun, Feb 2, 2020 at 5:32 PM Gilad Ben-Yossef <[email protected]> wrote:
>
> On Thu, Jan 30, 2020 at 3:19 PM Geert Uytterhoeven <[email protected]> wrote:
> >
> > Hi Gilad,
> >
> > On Thu, Jan 30, 2020 at 12:33 PM Gilad Ben-Yossef <[email protected]> wrote:
> > > On Wed, Jan 29, 2020 at 5:17 PM Geert Uytterhoeven <[email protected]> wrote:
> > > > On Wed, Jan 29, 2020 at 3:39 PM Gilad Ben-Yossef <[email protected]> wrote:
> > > > > Fix an error causing no block sizes to be reported during
> > > > > all AEAD registrations.
> > > > >
> > > > > Signed-off-by: Gilad Ben-Yossef <[email protected]>
> > > >
> > > > Thanks, this fixes:
> > > >
> > > > alg: aead: blocksize for authenc-hmac-sha1-cbc-aes-ccree (0)
> > > > doesn't match generic impl (16)
> > > > alg: aead: blocksize for authenc-hmac-sha256-cbc-aes-ccree (0)
> > > > doesn't match generic impl (16)
> > > >
> > > > which you may want to mention in the commit description, so
> > > > people who search for the error message will find the fix.
> > > >
> > > > Tested-by: Geert Uytterhoeven <[email protected]>
> > > >
> > > > Note that even after applying this series, the kernel still crashes with
> > > >
> > > > kernel BUG at kernel/dma/swiotlb.c:497!
> > > > ....
>
> Thank you!
>
> I've managed to reproduce this here.
> Looking into it now...


OK, found it (I think!). Patch sent.

I don't understand why this and the previous bugs is not causing
problems with other configs (e.g. 32 bit ) but now I have an
environment that triggers them I will add it to the usual tests cycle.

Thanks again!

Gilad

--
Gilad Ben-Yossef
Chief Coffee Drinker

values of β will give rise to dom!

2020-02-13 09:19:33

by Herbert Xu

[permalink] [raw]
Subject: Re: [PATCH 0/4] crypto: ccree - fixes

On Wed, Jan 29, 2020 at 04:37:53PM +0200, Gilad Ben-Yossef wrote:
> Fixes in AEAD DMA mapping code and blocksize reporting
>
> Gilad Ben-Yossef (4):
> crypto: ccree - protect against empty or NULL scatterlists
> crypto: ccree - only try to map auth tag if needed
> crypto: ccree - fix some reported cipher block sizes
> crypto: ccree - fix AEAD blocksize registration
>
> drivers/crypto/ccree/cc_aead.c | 1 +
> drivers/crypto/ccree/cc_buffer_mgr.c | 68 +++++++++++++---------------
> drivers/crypto/ccree/cc_buffer_mgr.h | 1 +
> drivers/crypto/ccree/cc_cipher.c | 8 +++-
> 4 files changed, 39 insertions(+), 39 deletions(-)

All applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt