http://blog.gmane.org/gmane.linux.kernel.cryptoapi hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8916 <pre>With the recent patches added to kernel crypto for improving AES support, adding aesni etc, it seems like it is time to add AES CMAC to the cifs kernel module (for the popular SMB3 signing and per-share encryption) but needed for an implementation for SP800-138 in kernel crypto codebase. Was specifically interested using the way defined in 3.1.4.2 of MS-SMB2 document, in particular KDF in Counter mode (section 5.1 of NIST SP 800-108) or a way to specify a mode PRF as HMAC-SHA256 (or a way to specify a PRF) cifs client would use this algorithm for SMB3.0 MAC generation (network packet signing on network file system mounts to newer generation NAS, and Windows 2012) and also for per-share encryption (which is also available on the most recent generation of NAS via SMB3). Apparently with current Intel processors having hardware for this kind of encryption offload - full packet encryption is faster than packet signing used to be (with the older standard algorithms) and just doing packet signing is really fast. Are their APIs in crypto kernel code to use for this purpose? Regards, Shirish </pre> Shirish Pargaonkar 2013-05-20T02:49:58 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8915 <pre>This patch enables the DCP crypto functionality on imx28. Currently, only aes-128-cbc is supported. Moreover, the dcpboot misc-device, which is used by Freescale's SDK tools and uses a non-software-readable OTP-key, is added. Changes of v2: - ring buffer for hardware-descriptors - use of ablkcipher walk - OTP key encryption/decryption via misc-device (compatible to Freescale-SDK) - overall cleanup The DCP is also capable of sha1/sha256 but I won't be able to add that anytime soon. Tested with built-in runtime-self-test, tcrypt and openssl via cryptodev 1.6 on imx28-evk and a custom built imx28-board. Signed-off-by: Tobias Rauter &lt;tobias.rauter&lt; at &gt;gmail.com&gt; --- arch/arm/boot/dts/imx28.dtsi | 2 +- drivers/crypto/Kconfig | 10 + drivers/crypto/Makefile | 1 + drivers/crypto/dcp.c | 925 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 937 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/dcp.c diff --git a/arch/arm/boot/dts/imx28.dtsi b/arch/arm/boot/dts/imx28.dtsi index 600f7cb..077d0eb 100644 --- a/arch/arm/boot/dts/imx28.dtsi +++ b/arch/arm/boot/dts/imx28.dtsi &lt; at &gt;&lt; at &gt; -699,7 +699,7 &lt; at &gt;&lt; at &gt; dcp&lt; at &gt;80028000 { reg = &lt;0x80028000 0x2000&gt;; interrupts = &lt;52 53 54&gt;; -status = "disabled"; +compatible = "fsl-dcp"; }; pxp&lt; at &gt;8002a000 { diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index dffb855..3e11215 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig &lt; at &gt;&lt; at &gt; -286,6 +286,16 &lt; at &gt;&lt; at &gt; config CRYPTO_DEV_SAHARA This option enables support for the SAHARA HW crypto accelerator found in some Freescale i.MX chips. +config CRYPTO_DEV_DCP +tristate "Support for the DCP engine" +depends on ARCH_MXS &amp;&amp; OF +select CRYPTO_BLKCIPHER +select CRYPTO_AES +select CRYPTO_CBC +help + This options enables support for the hardware crypto-acceleration + capabilities of the DCP co-processor + config CRYPTO_DEV_S5P tristate "Support for Samsung S5PV210 crypto accelerator" depends on ARCH_S5PV210 diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile index 38ce13d..b4946dd 100644 --- a/drivers/crypto/Makefile +++ b/drivers/crypto/Makefile &lt; at &gt;&lt; at &gt; -13,6 +13,7 &lt; at &gt;&lt; at &gt; obj-$(CONFIG_CRYPTO_DEV_OMAP_SHAM) += omap-sham.o obj-$(CONFIG_CRYPTO_DEV_OMAP_AES) += omap-aes.o obj-$(CONFIG_CRYPTO_DEV_PICOXCELL) += picoxcell_crypto.o obj-$(CONFIG_CRYPTO_DEV_SAHARA) += sahara.o +obj-$(CONFIG_CRYPTO_DEV_DCP) += dcp.o obj-$(CONFIG_CRYPTO_DEV_S5P) += s5p-sss.o obj-$(CONFIG_CRYPTO_DEV_TEGRA_AES) += tegra-aes.o obj-$(CONFIG_CRYPTO_DEV_UX500) += ux500/ diff --git a/drivers/crypto/dcp.c b/drivers/crypto/dcp.c new file mode 100644 index 0000000..eea194c --- /dev/null +++ b/drivers/crypto/dcp.c &lt; at &gt;&lt; at &gt; -0,0 +1,925 &lt; at &gt;&lt; at &gt; +/* + * Cryptographic API. + * + * Support for DCP cryptographic accelerator. + * + * Copyright (c) 2013 + * Author: Tobias Rauter &lt;tobias.rauter&lt; at &gt;gmail.com&gt; + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as published + * by the Free Software Foundation. + * + * Based on tegra-aes.c, dcp.c (from freescale SDK) and sahara.c + */ +#include &lt;linux/module.h&gt; +#include &lt;linux/init.h&gt; +#include &lt;linux/errno.h&gt; +#include &lt;linux/kernel.h&gt; +#include &lt;linux/platform_device.h&gt; +#include &lt;linux/dma-mapping.h&gt; +#include &lt;linux/io.h&gt; +#include &lt;linux/mutex.h&gt; +#include &lt;linux/interrupt.h&gt; +#include &lt;linux/completion.h&gt; +#include &lt;linux/workqueue.h&gt; +#include &lt;linux/delay.h&gt; +#include &lt;linux/crypto.h&gt; +#include &lt;linux/miscdevice.h&gt; + +#include &lt;crypto/scatterwalk.h&gt; +#include &lt;crypto/aes.h&gt; + + +/* IOCTL for DCP OTP Key AES - taken from Freescale's SDK*/ +#define DBS_IOCTL_BASE 'd' +#define DBS_ENC_IOW(DBS_IOCTL_BASE, 0x00, uint8_t[16]) +#define DBS_DEC _IOW(DBS_IOCTL_BASE, 0x01, uint8_t[16]) + +/* DCP channel used for AES */ +#define USED_CHANNEL 1 +/* Ring Buffers' maximum size */ +#define DCP_MAX_PKG 20 + +/* Control Register */ +#define DCP_REG_CTRL 0x000 +#define DCP_CTRL_SFRST (1&lt;&lt;31) +#define DCP_CTRL_CLKGATE (1&lt;&lt;30) +#define DCP_CTRL_CRYPTO_PRESENT (1&lt;&lt;29) +#define DCP_CTRL_SHA_PRESENT (1&lt;&lt;28) +#define DCP_CTRL_GATHER_RES_WRITE (1&lt;&lt;23) +#define DCP_CTRL_ENABLE_CONTEXT_CACHE (1&lt;&lt;22) +#define DCP_CTRL_ENABLE_CONTEXT_SWITCH (1&lt;&lt;21) +#define DCP_CTRL_CH_IRQ_E_0 0x01 +#define DCP_CTRL_CH_IRQ_E_1 0x02 +#define DCP_CTRL_CH_IRQ_E_2 0x04 +#define DCP_CTRL_CH_IRQ_E_3 0x08 + +/* Status register */ +#define DCP_REG_STAT 0x010 +#define DCP_STAT_OTP_KEY_READY (1&lt;&lt;28) +#define DCP_STAT_CUR_CHANNEL(stat) ((stat&gt;&gt;24)&amp;0x0F) +#define DCP_STAT_READY_CHANNEL(stat) ((stat&gt;&gt;16)&amp;0x0F) +#define DCP_STAT_IRQ(stat) (stat&amp;0x0F) +#define DCP_STAT_CHAN_0 (0x01) +#define DCP_STAT_CHAN_1 (0x02) +#define DCP_STAT_CHAN_2 (0x04) +#define DCP_STAT_CHAN_3 (0x08) + +/* Channel Control Register */ +#define DCP_REG_CHAN_CTRL 0x020 +#define DCP_CHAN_CTRL_CH0_IRQ_MERGED (1&lt;&lt;16) +#define DCP_CHAN_CTRL_HIGH_PRIO_0 (0x0100) +#define DCP_CHAN_CTRL_HIGH_PRIO_1 (0x0200) +#define DCP_CHAN_CTRL_HIGH_PRIO_2 (0x0400) +#define DCP_CHAN_CTRL_HIGH_PRIO_3 (0x0800) +#define DCP_CHAN_CTRL_ENABLE_0 (0x01) +#define DCP_CHAN_CTRL_ENABLE_1 (0x02) +#define DCP_CHAN_CTRL_ENABLE_2 (0x04) +#define DCP_CHAN_CTRL_ENABLE_3 (0x08) + +/* + * Channel Registers: + * The DCP has 4 channels. Each of this channels + * has 4 registers (command pointer, semaphore, status and options). + * The address of register REG of channel CHAN is obtained by + * dcp_chan_reg(REG, CHAN) + */ +#define DCP_REG_CHAN_PTR0x00000100 +#define DCP_REG_CHAN_SEMA0x00000110 +#define DCP_REG_CHAN_STAT0x00000120 +#define DCP_REG_CHAN_OPT0x00000130 + +#define DCP_CHAN_STAT_NEXT_CHAIN_IS_00x010000 +#define DCP_CHAN_STAT_NO_CHAIN0x020000 +#define DCP_CHAN_STAT_CONTEXT_ERROR0x030000 +#define DCP_CHAN_STAT_PAYLOAD_ERROR0x040000 +#define DCP_CHAN_STAT_INVALID_MODE0x050000 +#define DCP_CHAN_STAT_PAGEFAULT0x40 +#define DCP_CHAN_STAT_DST0x20 +#define DCP_CHAN_STAT_SRC0x10 +#define DCP_CHAN_STAT_PACKET0x08 +#define DCP_CHAN_STAT_SETUP0x04 +#define DCP_CHAN_STAT_MISMATCH0x02 + +/* hw packet control*/ + +#define DCP_PKT_PAYLOAD_KEY(1&lt;&lt;11) +#define DCP_PKT_OTP_KEY(1&lt;&lt;10) +#define DCP_PKT_CIPHER_INIT(1&lt;&lt;9) +#define DCP_PKG_CIPHER_ENCRYPT(1&lt;&lt;8) +#define DCP_PKT_CIPHER_ENABLE(1&lt;&lt;5) +#define DCP_PKT_DECR_SEM(1&lt;&lt;1) +#define DCP_PKT_CHAIN(1&lt;&lt;2) +#define DCP_PKT_IRQ1 + +#define DCP_PKT_MODE_CBC(1&lt;&lt;4) +#define DCP_PKT_KEYSELECT_OTP(0xFF&lt;&lt;8) + +/* cipher flags */ +#define DCP_ENC0x0001 +#define DCP_DEC0x0002 +#define DCP_ECB0x0004 +#define DCP_CBC0x0008 +#define DCP_CBC_INIT0x0010 +#define DCP_NEW_KEY0x0040 +#define DCP_OTP_KEY0x0080 +#define DCP_AES0x1000 + +/* DCP Flags */ +#define DCP_FLAG_BUSY0x01 +#define DCP_FLAG_PRODUCING0x02 + +/* clock defines */ +#define CLOCK_ON1 +#define CLOCK_OFF0 + +struct dcp_dev_req_ctx { +int mode; +}; + +struct dcp_op { +unsigned intflags; +u8key[AES_KEYSIZE_128]; +intkeylen; + +struct ablkcipher_request*req; +struct crypto_ablkcipher*fallback; + +uint32_t stat; +uint32_t pkt1; +uint32_t pkt2; +struct ablkcipher_walk walk; +}; + +struct dcp_dev { +struct device *dev; +void __iomem *dcp_regs_base; + +int dcp_vmi_irq; +int dcp_irq; + +spinlock_t queue_lock; +struct crypto_queue queue; + +uint32_t pkt_produced; +uint32_t pkt_consumed; + +struct dcp_hw_packet *hw_pkg[DCP_MAX_PKG]; +dma_addr_t hw_phys_pkg; + +/* [KEY][IV] Both with 16 Bytes */ +u8 *payload_base; +dma_addr_t payload_base_dma; + + +struct tasklet_structdone_task; +struct tasklet_structqueue_task; +struct timer_listwatchdog; + +unsigned longflags; + +struct dcp_op *ctx; + +struct miscdevice dcp_bootstream_misc; +}; + +struct dcp_hw_packet { +uint32_t next; +uint32_t pkt1; +uint32_t pkt2; +uint32_t src; +uint32_t dst; +uint32_t size; +uint32_t payload; +uint32_t stat; +}; + +struct dcp_dev *global_dev; + +static inline u32 dcp_chan_reg(u32 reg, int chan) +{ +return reg + (chan) * 0x40; +} + +static inline void dcp_write(struct dcp_dev *dev, u32 data, u32 reg) +{ +writel(data, dev-&gt;dcp_regs_base + reg); +} + +static inline void dcp_set(struct dcp_dev *dev, u32 data, u32 reg) +{ +writel(data, dev-&gt;dcp_regs_base + (reg | 0x04)); +} + +static inline void dcp_clear(struct dcp_dev *dev, u32 data, u32 reg) +{ +writel(data, dev-&gt;dcp_regs_base + (reg | 0x08)); +} + +static inline void dcp_toggle(struct dcp_dev *dev, u32 data, u32 reg) +{ +writel(data, dev-&gt;dcp_regs_base + (reg | 0x0C)); +} + +static inline unsigned int dcp_read(struct dcp_dev *dev, u32 reg) +{ +return readl(dev-&gt;dcp_regs_base + reg); +} + +void dcp_dma_unmap(struct dcp_dev *dev, struct dcp_hw_packet *pkt) +{ +dma_unmap_page(dev-&gt;dev, pkt-&gt;src, pkt-&gt;size, DMA_TO_DEVICE); +dma_unmap_page(dev-&gt;dev, pkt-&gt;dst, pkt-&gt;size, DMA_FROM_DEVICE); +dev_dbg(dev-&gt;dev, "unmap packet %x", (unsigned int) pkt); +} + +int dcp_dma_map(struct dcp_dev *dev, +struct ablkcipher_walk *walk, struct dcp_hw_packet *pkt) +{ +dev_dbg(dev-&gt;dev, "map packet %x", (unsigned int) pkt); +/* align to length = 16 */ +pkt-&gt;size = walk-&gt;nbytes - (walk-&gt;nbytes % 16); + +pkt-&gt;src = dma_map_page(dev-&gt;dev, walk-&gt;src.page, walk-&gt;src.offset, +pkt-&gt;size, DMA_TO_DEVICE); + +if (pkt-&gt;src == 0) { +dev_err(dev-&gt;dev, "Unable to map src"); +return -ENOMEM; +} + +pkt-&gt;dst = dma_map_page(dev-&gt;dev, walk-&gt;dst.page, walk-&gt;dst.offset, +pkt-&gt;size, DMA_FROM_DEVICE); + +if (pkt-&gt;dst == 0) { +dev_err(dev-&gt;dev, "Unable to map dst"); +dma_unmap_page(dev-&gt;dev, pkt-&gt;src, pkt-&gt;size, DMA_TO_DEVICE); +return -ENOMEM; +} + +return 0; +} + +static void dcp_op_one(struct dcp_dev *dev, struct dcp_hw_packet *pkt, +uint8_t last) +{ +struct dcp_op *ctx = dev-&gt;ctx; +pkt-&gt;pkt1 = ctx-&gt;pkt1; +pkt-&gt;pkt2 = ctx-&gt;pkt2; + +pkt-&gt;payload = (u32) dev-&gt;payload_base_dma; +pkt-&gt;stat = 0; + +if (ctx-&gt;flags &amp; DCP_CBC_INIT) { +pkt-&gt;pkt1 |= DCP_PKT_CIPHER_INIT; +ctx-&gt;flags &amp;= ~DCP_CBC_INIT; +} + +mod_timer(&amp;dev-&gt;watchdog, jiffies + msecs_to_jiffies(500)); +pkt-&gt;pkt1 |= DCP_PKT_IRQ; +if (!last) +pkt-&gt;pkt1 |= DCP_PKT_CHAIN; + +dev-&gt;pkt_produced++; + +dcp_write(dev, 1, +dcp_chan_reg(DCP_REG_CHAN_SEMA, USED_CHANNEL)); +} + +static void dcp_op_proceed(struct dcp_dev *dev) +{ +struct dcp_op *ctx = dev-&gt;ctx; +struct dcp_hw_packet *pkt; + +while (ctx-&gt;walk.nbytes) { +int err = 0; + +pkt = dev-&gt;hw_pkg[dev-&gt;pkt_produced % DCP_MAX_PKG]; +err = dcp_dma_map(dev, &amp;ctx-&gt;walk, pkt); +if (err) { +dev-&gt;ctx-&gt;stat |= err; +/* start timer to wait for already set up calls */ +mod_timer(&amp;dev-&gt;watchdog, +jiffies + msecs_to_jiffies(500)); +break; +} + + +err = ctx-&gt;walk.nbytes - pkt-&gt;size; +ablkcipher_walk_done(dev-&gt;ctx-&gt;req, &amp;dev-&gt;ctx-&gt;walk, err); + +dcp_op_one(dev, pkt, ctx-&gt;walk.nbytes == 0); +/* we have to wait if no space is left in buffer */ +if (dev-&gt;pkt_produced - dev-&gt;pkt_consumed == DCP_MAX_PKG) +break; +} +clear_bit(DCP_FLAG_PRODUCING, &amp;dev-&gt;flags); +} + +static void dcp_op_start(struct dcp_dev *dev, uint8_t use_walk) +{ +struct dcp_op *ctx = dev-&gt;ctx; + +if (ctx-&gt;flags &amp; DCP_NEW_KEY) { +memcpy(dev-&gt;payload_base, ctx-&gt;key, ctx-&gt;keylen); +ctx-&gt;flags &amp;= ~DCP_NEW_KEY; +} + +ctx-&gt;pkt1 = 0; +ctx-&gt;pkt1 |= DCP_PKT_CIPHER_ENABLE; +ctx-&gt;pkt1 |= DCP_PKT_DECR_SEM; + +if (ctx-&gt;flags &amp; DCP_OTP_KEY) +ctx-&gt;pkt1 |= DCP_PKT_OTP_KEY; +else +ctx-&gt;pkt1 |= DCP_PKT_PAYLOAD_KEY; + +if (ctx-&gt;flags &amp; DCP_ENC) +ctx-&gt;pkt1 |= DCP_PKG_CIPHER_ENCRYPT; + +ctx-&gt;pkt2 = 0; +if (ctx-&gt;flags &amp; DCP_CBC) +ctx-&gt;pkt2 |= DCP_PKT_MODE_CBC; + +dev-&gt;pkt_produced = 0; +dev-&gt;pkt_consumed = 0; + +ctx-&gt;stat = 0; +dcp_clear(dev, -1, dcp_chan_reg(DCP_REG_CHAN_STAT, USED_CHANNEL)); +dcp_write(dev, (u32) dev-&gt;hw_phys_pkg, +dcp_chan_reg(DCP_REG_CHAN_PTR, USED_CHANNEL)); + +set_bit(DCP_FLAG_PRODUCING, &amp;dev-&gt;flags); + +if (use_walk) { +ablkcipher_walk_init(&amp;ctx-&gt;walk, ctx-&gt;req-&gt;dst, +ctx-&gt;req-&gt;src, ctx-&gt;req-&gt;nbytes); +ablkcipher_walk_phys(ctx-&gt;req, &amp;ctx-&gt;walk); +dcp_op_proceed(dev); +} else { +dcp_op_one(dev, dev-&gt;hw_pkg[0], 1); +clear_bit(DCP_FLAG_PRODUCING, &amp;dev-&gt;flags); +} +} + +static void dcp_done_task(unsigned long data) +{ +struct dcp_dev *dev = (struct dcp_dev *)data; +struct dcp_hw_packet *last_packet; +int fin; +fin = 0; + +for (last_packet = dev-&gt;hw_pkg[(dev-&gt;pkt_consumed) % DCP_MAX_PKG]; +last_packet-&gt;stat == 1; +last_packet = +dev-&gt;hw_pkg[++(dev-&gt;pkt_consumed) % DCP_MAX_PKG]) { + +dcp_dma_unmap(dev, last_packet); +last_packet-&gt;stat = 0; +fin++; +} +/* the last call of this function already consumed this IRQ's packet */ +if (fin == 0) +return; + +dev_dbg(dev-&gt;dev, +"Packet(s) done with status %x; finished: %d, produced:%d, complete consumed: %d", +dev-&gt;ctx-&gt;stat, fin, dev-&gt;pkt_produced, dev-&gt;pkt_consumed); + +last_packet = dev-&gt;hw_pkg[(dev-&gt;pkt_consumed - 1) % DCP_MAX_PKG]; +if (!dev-&gt;ctx-&gt;stat &amp;&amp; last_packet-&gt;pkt1 &amp; DCP_PKT_CHAIN) { +if (!test_and_set_bit(DCP_FLAG_PRODUCING, &amp;dev-&gt;flags)) +dcp_op_proceed(dev); +return; +} + +while (unlikely(dev-&gt;pkt_consumed &lt; dev-&gt;pkt_produced)) { +dcp_dma_unmap(dev, +dev-&gt;hw_pkg[dev-&gt;pkt_consumed++ % DCP_MAX_PKG]); +} + +if (dev-&gt;ctx-&gt;flags &amp; DCP_OTP_KEY) { +/* we used the miscdevice, no walk to finish */ +clear_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags); +return; +} + +ablkcipher_walk_complete(&amp;dev-&gt;ctx-&gt;walk); +dev-&gt;ctx-&gt;req-&gt;base.complete(&amp;dev-&gt;ctx-&gt;req-&gt;base, +dev-&gt;ctx-&gt;stat); +dev-&gt;ctx-&gt;req = 0; +/* in case there are other requests in the queue */ +tasklet_schedule(&amp;dev-&gt;queue_task); +} + +void dcp_watchdog(unsigned long data) +{ +struct dcp_dev *dev = (struct dcp_dev *)data; +dev-&gt;ctx-&gt;stat |= dcp_read(dev, +dcp_chan_reg(DCP_REG_CHAN_STAT, USED_CHANNEL)); + +dev_err(dev-&gt;dev, "Timeout, Channel status: %x", dev-&gt;ctx-&gt;stat); + +if (!dev-&gt;ctx-&gt;stat) +dev-&gt;ctx-&gt;stat = -ETIMEDOUT; + +dcp_done_task(data); +} + + +static irqreturn_t dcp_common_irq(int irq, void *context) +{ +u32 msk; +struct dcp_dev *dev = (struct dcp_dev *) context; + +del_timer(&amp;dev-&gt;watchdog); + +msk = DCP_STAT_IRQ(dcp_read(dev, DCP_REG_STAT)); +dcp_clear(dev, msk, DCP_REG_STAT); +if (msk == 0) +return IRQ_NONE; + +dev-&gt;ctx-&gt;stat |= dcp_read(dev, +dcp_chan_reg(DCP_REG_CHAN_STAT, USED_CHANNEL)); + +if (msk &amp; DCP_STAT_CHAN_1) +tasklet_schedule(&amp;dev-&gt;done_task); + +return IRQ_HANDLED; +} + +static irqreturn_t dcp_vmi_irq(int irq, void *context) +{ +return dcp_common_irq(irq, context); +} + +static irqreturn_t dcp_irq(int irq, void *context) +{ +return dcp_common_irq(irq, context); +} + +static void dcp_crypt(struct dcp_dev *dev, struct dcp_op *ctx) +{ +dev-&gt;ctx = ctx; + +if ((ctx-&gt;flags &amp; DCP_CBC) &amp;&amp; ctx-&gt;req-&gt;info) { +ctx-&gt;flags |= DCP_CBC_INIT; +memcpy(dev-&gt;payload_base + AES_KEYSIZE_128, +ctx-&gt;req-&gt;info, AES_KEYSIZE_128); +} + +dcp_op_start(dev, 1); +} + +static void dcp_queue_task(unsigned long data) +{ +struct dcp_dev *dev = (struct dcp_dev *) data; +struct crypto_async_request *async_req, *backlog; +struct crypto_ablkcipher *tfm; +struct dcp_op *ctx; +struct dcp_dev_req_ctx *rctx; +struct ablkcipher_request *req; +unsigned long flags; + +spin_lock_irqsave(&amp;dev-&gt;queue_lock, flags); + +backlog = crypto_get_backlog(&amp;dev-&gt;queue); +async_req = crypto_dequeue_request(&amp;dev-&gt;queue); + +spin_unlock_irqrestore(&amp;dev-&gt;queue_lock, flags); + +if (!async_req) +goto ret_nothing_done; + +if (backlog) +backlog-&gt;complete(backlog, -EINPROGRESS); + +req = ablkcipher_request_cast(async_req); +tfm = crypto_ablkcipher_reqtfm(req); +rctx = ablkcipher_request_ctx(req); +ctx = crypto_ablkcipher_ctx(tfm); + +if (!req-&gt;src || !req-&gt;dst) +goto ret_nothing_done; + +ctx-&gt;flags |= rctx-&gt;mode; +ctx-&gt;req = req; + +dcp_crypt(dev, ctx); + +return; + +ret_nothing_done: +clear_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags); +} + + +static int dcp_cra_init(struct crypto_tfm *tfm) +{ +const char *name = tfm-&gt;__crt_alg-&gt;cra_name; +struct dcp_op *ctx = crypto_tfm_ctx(tfm); + +tfm-&gt;crt_ablkcipher.reqsize = sizeof(struct dcp_dev_req_ctx); + +ctx-&gt;fallback = crypto_alloc_ablkcipher(name, 0, +CRYPTO_ALG_ASYNC | CRYPTO_ALG_NEED_FALLBACK); + +if (IS_ERR(ctx-&gt;fallback)) { +dev_err(global_dev-&gt;dev, "Error allocating fallback algo %s\n", +name); +return PTR_ERR(ctx-&gt;fallback); +} + +return 0; +} + +static void dcp_cra_exit(struct crypto_tfm *tfm) +{ +struct dcp_op *ctx = crypto_tfm_ctx(tfm); + +if (ctx-&gt;fallback) +crypto_free_ablkcipher(ctx-&gt;fallback); + +ctx-&gt;fallback = NULL; +} + +/* async interface */ +static int dcp_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key, +unsigned int len) +{ +struct dcp_op *ctx = crypto_ablkcipher_ctx(tfm); +unsigned int ret = 0; +ctx-&gt;keylen = len; +ctx-&gt;flags = 0; +if (len == AES_KEYSIZE_128) { +if (memcmp(ctx-&gt;key, key, AES_KEYSIZE_128)) { +memcpy(ctx-&gt;key, key, len); +ctx-&gt;flags |= DCP_NEW_KEY; +} +return 0; +} + +ctx-&gt;fallback-&gt;base.crt_flags &amp;= ~CRYPTO_TFM_REQ_MASK; +ctx-&gt;fallback-&gt;base.crt_flags |= +(tfm-&gt;base.crt_flags &amp; CRYPTO_TFM_REQ_MASK); + +ret = crypto_ablkcipher_setkey(ctx-&gt;fallback, key, len); +if (ret) { +struct crypto_tfm *tfm_aux = crypto_ablkcipher_tfm(tfm); + +tfm_aux-&gt;crt_flags &amp;= ~CRYPTO_TFM_RES_MASK; +tfm_aux-&gt;crt_flags |= +(ctx-&gt;fallback-&gt;base.crt_flags &amp; CRYPTO_TFM_RES_MASK); +} +return ret; +} + +static int dcp_aes_cbc_crypt(struct ablkcipher_request *req, int mode) +{ +struct dcp_dev_req_ctx *rctx = ablkcipher_request_ctx(req); +struct dcp_dev *dev = global_dev; +unsigned long flags; +int err = 0; + +if (!IS_ALIGNED(req-&gt;nbytes, AES_BLOCK_SIZE)) +return -EINVAL; + +rctx-&gt;mode = mode; + +spin_lock_irqsave(&amp;dev-&gt;queue_lock, flags); +err = ablkcipher_enqueue_request(&amp;dev-&gt;queue, req); +spin_unlock_irqrestore(&amp;dev-&gt;queue_lock, flags); + +flags = test_and_set_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags); + +if (!(flags &amp; DCP_FLAG_BUSY)) +tasklet_schedule(&amp;dev-&gt;queue_task); + +return err; +} + +static int dcp_aes_cbc_encrypt(struct ablkcipher_request *req) +{ +struct crypto_tfm *tfm = +crypto_ablkcipher_tfm(crypto_ablkcipher_reqtfm(req)); +struct dcp_op *ctx = crypto_ablkcipher_ctx( +crypto_ablkcipher_reqtfm(req)); + +if (unlikely(ctx-&gt;keylen != AES_KEYSIZE_128)) { +int err = 0; +ablkcipher_request_set_tfm(req, ctx-&gt;fallback); +err = crypto_ablkcipher_encrypt(req); +ablkcipher_request_set_tfm(req, __crypto_ablkcipher_cast(tfm)); +return err; +} + +return dcp_aes_cbc_crypt(req, DCP_AES | DCP_ENC | DCP_CBC); +} + +static int dcp_aes_cbc_decrypt(struct ablkcipher_request *req) +{ +struct crypto_tfm *tfm = +crypto_ablkcipher_tfm(crypto_ablkcipher_reqtfm(req)); +struct dcp_op *ctx = crypto_ablkcipher_ctx( +crypto_ablkcipher_reqtfm(req)); + +if (unlikely(ctx-&gt;keylen != AES_KEYSIZE_128)) { +int err = 0; +ablkcipher_request_set_tfm(req, ctx-&gt;fallback); +err = crypto_ablkcipher_decrypt(req); +ablkcipher_request_set_tfm(req, __crypto_ablkcipher_cast(tfm)); +return err; +} +return dcp_aes_cbc_crypt(req, DCP_AES | DCP_DEC | DCP_CBC); +} + +static struct crypto_alg algs[] = { +{ +.cra_name = "cbc(aes)", +.cra_driver_name = "dcp-cbc-aes", +.cra_alignmask = 3, +.cra_flags = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC | + CRYPTO_ALG_NEED_FALLBACK, +.cra_blocksize = AES_KEYSIZE_128, +.cra_type = &amp;crypto_ablkcipher_type, +.cra_priority = 300, +.cra_u.ablkcipher = { +.min_keysize =AES_KEYSIZE_128, +.max_keysize = AES_KEYSIZE_128, +.setkey = dcp_aes_setkey, +.encrypt = dcp_aes_cbc_encrypt, +.decrypt = dcp_aes_cbc_decrypt, +.ivsize = AES_KEYSIZE_128, +} + +}, +}; + +/* DCP bootstream verification interface: uses OTP key for crypto */ +static int dcp_bootstream_open(struct inode *inode, struct file *file) +{ +file-&gt;private_data = container_of((file-&gt;private_data), +struct dcp_dev, dcp_bootstream_misc); +return 0; +} + +static long dcp_bootstream_ioctl(struct file *file, + unsigned int cmd, unsigned long arg) +{ +struct dcp_dev *dev = (struct dcp_dev *) file-&gt;private_data; +void __user *argp = (void __user *)arg; +int ret; + +if (dev == NULL) +return -EBADF; + +if (cmd != DBS_ENC &amp;&amp; cmd != DBS_DEC) +return -EINVAL; + +if (copy_from_user(dev-&gt;payload_base, argp, 16)) +return -EFAULT; + +if (test_and_set_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags)) +return -EAGAIN; + +dev-&gt;ctx = kzalloc(sizeof(struct dcp_op), GFP_KERNEL); +if (!dev-&gt;ctx) { +dev_err(dev-&gt;dev, +"cannot allocate context for OTP crypto"); +clear_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags); +return -ENOMEM; +} + +dev-&gt;ctx-&gt;flags = DCP_AES | DCP_ECB | DCP_OTP_KEY | DCP_CBC_INIT; +dev-&gt;ctx-&gt;flags |= (cmd == DBS_ENC) ? DCP_ENC : DCP_DEC; +dev-&gt;hw_pkg[0]-&gt;src = dev-&gt;payload_base_dma; +dev-&gt;hw_pkg[0]-&gt;dst = dev-&gt;payload_base_dma; +dev-&gt;hw_pkg[0]-&gt;size = 16; + +dcp_op_start(dev, 0); + +while (test_bit(DCP_FLAG_BUSY, &amp;dev-&gt;flags)) +cpu_relax(); + +ret = dev-&gt;ctx-&gt;stat; +if (!ret &amp;&amp; copy_to_user(argp, dev-&gt;payload_base, 16)) +ret = -EFAULT; + +kfree(dev-&gt;ctx); + +return ret; +} + +static const struct file_operations dcp_bootstream_fops = { +.owner =THIS_MODULE, +.unlocked_ioctl =dcp_bootstream_ioctl, +.open =dcp_bootstream_open, +}; + +static int dcp_probe(struct platform_device *pdev) +{ +struct dcp_dev *dev = NULL; +struct resource *r; +int i, ret, j; + +dev = kzalloc(sizeof(*dev), GFP_KERNEL); +if (dev == NULL) { +dev_err(&amp;pdev-&gt;dev, "Failed to allocate structure\n"); +ret = -ENOMEM; +goto err; +} +global_dev = dev; +dev-&gt;dev = &amp;pdev-&gt;dev; + +platform_set_drvdata(pdev, dev); + +r = platform_get_resource(pdev, IORESOURCE_MEM, 0); +if (!r) { +dev_err(&amp;pdev-&gt;dev, "failed to get IORESOURCE_MEM\n"); +ret = -ENXIO; +goto err_dev; +} +dev-&gt;dcp_regs_base = ioremap(r-&gt;start, resource_size(r)); + + +dcp_set(dev, DCP_CTRL_SFRST, DCP_REG_CTRL); +udelay(10); +dcp_clear(dev, DCP_CTRL_SFRST | DCP_CTRL_CLKGATE, DCP_REG_CTRL); + +dcp_write(dev, DCP_CTRL_GATHER_RES_WRITE | +DCP_CTRL_ENABLE_CONTEXT_CACHE | DCP_CTRL_CH_IRQ_E_1, +DCP_REG_CTRL); + +dcp_write(dev, DCP_CHAN_CTRL_ENABLE_1, DCP_REG_CHAN_CTRL); + +for (i = 0; i &lt; 4; i++) +dcp_clear(dev, -1, dcp_chan_reg(DCP_REG_CHAN_STAT, i)); + +dcp_clear(dev, -1, DCP_REG_STAT); + + +r = platform_get_resource(pdev, IORESOURCE_IRQ, 0); +if (!r) { +dev_err(&amp;pdev-&gt;dev, "can't get IRQ resource (0)\n"); +ret = -EIO; +goto err_unmap_mem; +} +dev-&gt;dcp_vmi_irq = r-&gt;start; +ret = request_irq(dev-&gt;dcp_vmi_irq, dcp_vmi_irq, 0, "dcp", dev); +if (ret != 0) { +dev_err(&amp;pdev-&gt;dev, "can't request_irq (0)\n"); +ret = -EIO; +goto err_unmap_mem; +} + +r = platform_get_resource(pdev, IORESOURCE_IRQ, 1); +if (!r) { +dev_err(&amp;pdev-&gt;dev, "can't get IRQ resource (1)\n"); +ret = -EIO; +goto err_free_irq0; +} +dev-&gt;dcp_irq = r-&gt;start; +ret = request_irq(dev-&gt;dcp_irq, dcp_irq, 0, "dcp", dev); +if (ret != 0) { +dev_err(&amp;pdev-&gt;dev, "can't request_irq (1)\n"); +ret = -EIO; +goto err_free_irq0; +} + +dev-&gt;hw_pkg[0] = dma_alloc_coherent(&amp;pdev-&gt;dev, +DCP_MAX_PKG * sizeof(struct dcp_hw_packet), +&amp;dev-&gt;hw_phys_pkg, +GFP_KERNEL); +if (!dev-&gt;hw_pkg[0]) { +dev_err(&amp;pdev-&gt;dev, "Could not allocate hw descriptors\n"); +ret = -ENOMEM; +goto err_free_irq1; +} + +for (i = 1; i &lt; DCP_MAX_PKG; i++) { +dev-&gt;hw_pkg[i - 1]-&gt;next = dev-&gt;hw_phys_pkg ++ i * sizeof(struct dcp_hw_packet); +dev-&gt;hw_pkg[i] = dev-&gt;hw_pkg[i - 1] + 1; +} +dev-&gt;hw_pkg[i - 1]-&gt;next = dev-&gt;hw_phys_pkg; + + +dev-&gt;payload_base = dma_alloc_coherent(&amp;pdev-&gt;dev, 2 * AES_KEYSIZE_128, +&amp;dev-&gt;payload_base_dma, GFP_KERNEL); +if (!dev-&gt;payload_base) { +dev_err(&amp;pdev-&gt;dev, "Could not allocate memory for key\n"); +ret = -ENOMEM; +goto err_free_hw_packet; +} +tasklet_init(&amp;dev-&gt;queue_task, dcp_queue_task, +(unsigned long) dev); +tasklet_init(&amp;dev-&gt;done_task, dcp_done_task, +(unsigned long) dev); +spin_lock_init(&amp;dev-&gt;queue_lock); + +crypto_init_queue(&amp;dev-&gt;queue, 10); + +init_timer(&amp;dev-&gt;watchdog); +dev-&gt;watchdog.function = &amp;dcp_watchdog; +dev-&gt;watchdog.data = (unsigned long)dev; + +dev-&gt;dcp_bootstream_misc.minor = MISC_DYNAMIC_MINOR, +dev-&gt;dcp_bootstream_misc.name = "dcpboot", +dev-&gt;dcp_bootstream_misc.fops = &amp;dcp_bootstream_fops, +ret = misc_register(&amp;dev-&gt;dcp_bootstream_misc); +if (ret != 0) { +dev_err(dev-&gt;dev, "Unable to register misc device\n"); +goto err_free_key_iv; +} + +for (i = 0; i &lt; ARRAY_SIZE(algs); i++) { +algs[i].cra_priority = 300; +algs[i].cra_ctxsize = sizeof(struct dcp_op); +algs[i].cra_module = THIS_MODULE; +algs[i].cra_init = dcp_cra_init; +algs[i].cra_exit = dcp_cra_exit; +if (crypto_register_alg(&amp;algs[i])) { +dev_err(&amp;pdev-&gt;dev, "register algorithm failed\n"); +ret = -ENOMEM; +goto err_unregister; +} +} +dev_notice(&amp;pdev-&gt;dev, "DCP crypto enabled.!\n"); + +return 0; + +err_unregister: +for (j = 0; j &lt; i; j++) +crypto_unregister_alg(&amp;algs[j]); +err_free_key_iv: +dma_free_coherent(&amp;pdev-&gt;dev, 2 * AES_KEYSIZE_128, dev-&gt;payload_base, +dev-&gt;payload_base_dma); +err_free_hw_packet: +dma_free_coherent(&amp;pdev-&gt;dev, DCP_MAX_PKG * +sizeof(struct dcp_hw_packet), dev-&gt;hw_pkg[0], +dev-&gt;hw_phys_pkg); +err_free_irq1: +free_irq(dev-&gt;dcp_irq, dev); +err_free_irq0: +free_irq(dev-&gt;dcp_vmi_irq, dev); +err_unmap_mem: +iounmap((void *) dev-&gt;dcp_regs_base); +err_dev: +kfree(dev); +err: +return ret; +} + +static int dcp_remove(struct platform_device *pdev) +{ +struct dcp_dev *dev; +int j; +dev = platform_get_drvdata(pdev); +platform_set_drvdata(pdev, NULL); + +dma_free_coherent(&amp;pdev-&gt;dev, +DCP_MAX_PKG * sizeof(struct dcp_hw_packet), +dev-&gt;hw_pkg[0],dev-&gt;hw_phys_pkg); + +dma_free_coherent(&amp;pdev-&gt;dev, 2 * AES_KEYSIZE_128, dev-&gt;payload_base, +dev-&gt;payload_base_dma); + +free_irq(dev-&gt;dcp_irq, dev); +free_irq(dev-&gt;dcp_vmi_irq, dev); + +tasklet_kill(&amp;dev-&gt;done_task); +tasklet_kill(&amp;dev-&gt;queue_task); + +iounmap((void *) dev-&gt;dcp_regs_base); + +for (j = 0; j &lt; ARRAY_SIZE(algs); j++) +crypto_unregister_alg(&amp;algs[j]); + +misc_deregister(&amp;dev-&gt;dcp_bootstream_misc); + +kfree(dev); +return 0; +} + +static struct of_device_id fs_dcp_of_match[] = { +{.compatible = "fsl-dcp"}, +{}, +}; + +static struct platform_driver fs_dcp_driver = { +.probe = dcp_probe, +.remove = dcp_remove, +.driver = { +.name = "fsl-dcp", +.owner = THIS_MODULE, +.of_match_table = fs_dcp_of_match +} +}; + +module_platform_driver(fs_dcp_driver); + + +MODULE_AUTHOR("Tobias Rauter &lt;tobias.rauter&lt; at &gt;gmail.com&gt;"); +MODULE_DESCRIPTION("Freescale DCP Crypto Driver"); +MODULE_LICENSE("GPL"); </pre> Tobias Rauter 2013-05-19T19:59:38 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8907 <pre>Hello, I have an encrypted disc (dm-crypt, type LUKS1, ssh256 as hash algorithm). I have an Intel Core i5 M450 that supports ssse3. Find below the output from netconsole with the oops. The last warning appeared when I restart the pc using the magic sysrq key combination REISUB. I have the same problem with a different laptop with an AMD E-450 APU. If you need further information, feel free to ask. Best regards, Julian Wollrath [ 3.647071] device-mapper: uevent: version 1.0.3 [ 3.647245] device-mapper: ioctl: 4.24.0-ioctl (2013-01-15) initialised: dm-devel&lt; at &gt;redhat.com [ 11.619603] sha256_ssse3: Using SSSE3 optimized SHA-256 implementation [ 12.131483] BUG: unable to handle kernel paging request at ffff8800bb593000 [ 12.131848] IP: [&lt;ffffffffa016b083&gt;] loop0+0x27/0x44 [sha256_ssse3] [ 12.132032] PGD 1a32067 PUD 1a35067 PMD 1a36067 PTE 0 [ 12.132427] Oops: 0000 [#1] SMP [ 12.132670] Modules linked in: sha256_ssse3(+) sha256_generic twofish_generic twofish_x86_64_3way xts lrw gf128mul glue_helper twofish_x86_64 twofish_common cbc dm_crypt dm_mod netconsole sg sr_mod sd_mod cdrom crc_t10dif crc32c_intel microcode ahci libahci ehci_pci ehci_hcd libata scsi_mod r8169 mii usbcore usb_common thermal thermal_sys [ 12.135396] CPU: 3 PID: 276 Comm: cryptomgr_test Not tainted 3.10.0-rc1+ #2 [ 12.135559] Hardware name: Dell Inc. Vostro 3500/0NVXFV, BIOS A10 10/25/2010 [ 12.135720] task: ffff880037572090 ti: ffff8800b66b6000 task.ti: ffff8800b66b6000 [ 12.135836] RIP: 0010:[&lt;ffffffffa016b083&gt;] [&lt;ffffffffa016b083&gt;] loop0+0x27/0x44 [sha256_ssse3] [ 12.136032] RSP: 0018:ffff8800b66b7af0 EFLAGS: 00010287 [ 12.136130] RAX: 00000000a186fc15 RBX: 00000000704bb939 RCX: 00000000d1b791ec [ 12.136232] RDX: 000000001fd2088a RSI: ffff880037a97ee8 RDI: ffff8800bb592fc8 [ 12.136334] RBP: ffffffffa016f000 R08: 0000000052a5c3c8 R09: 000000005db427ef [ 12.136439] R10: 00000000b80a833e R11: 0000000029c53567 R12: ffff8800b66b7b08 [ 12.136543] R13: 000000003158a213 R14: 00000000c7fc368e R15: 0000000001008012 [ 12.136647] FS: 0000000000000000(0000) GS:ffff8800bb180000(0000) knlGS:0000000000000000 [ 12.136763] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 12.136863] CR2: ffff8800bb593000 CR3: 000000000180b000 CR4: 00000000000007e0 [ 12.136964] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 12.137066] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 12.137167] Stack: [ 12.137257] ffff880108c634c8 ffff8800bb592f88 6033fb357b8c96fd c5e119eaebeb38a3 [ 12.137668] ffff880037a97f08 ffff8800b66b7b80 0000000000000008 0000000000000008 [ 12.138077] ffff880037a97ed0 ffffffffa016dc4e ffff880001496ae5 ffff880037a97ee0 [ 12.138484] Call Trace: [ 12.138580] [&lt;ffffffffa016dc4e&gt;] ? __sha256_ssse3_update+0x5e/0xe0 [sha256_ssse3] [ 12.138701] [&lt;ffffffffa016df15&gt;] ? sha256_ssse3_final+0x145/0x1ec [sha256_ssse3] [ 12.138825] [&lt;ffffffff81214362&gt;] ? shash_ahash_finup+0x32/0x80 [ 12.138931] [&lt;ffffffff81217523&gt;] ? test_hash+0x383/0x6b0 [ 12.139034] [&lt;ffffffff8120c8a0&gt;] ? crypto_mod_get+0x10/0x30 [ 12.139141] [&lt;ffffffff811186d6&gt;] ? __kmalloc+0x1c6/0x1f0 [ 12.139243] [&lt;ffffffff8120cdfc&gt;] ? __crypto_alg_lookup+0xac/0xf0 [ 12.139344] [&lt;ffffffff8120ca48&gt;] ? crypto_create_tfm+0x48/0xd0 [ 12.139445] [&lt;ffffffff812146cd&gt;] ? crypto_init_shash_ops_async+0x2d/0xd0 [ 12.139548] [&lt;ffffffff81217893&gt;] ? alg_test_hash+0x43/0xa0 [ 12.139650] [&lt;ffffffff81215b9b&gt;] ? alg_test+0x9b/0x230 [ 12.139753] [&lt;ffffffff81421351&gt;] ? __schedule+0x271/0x650 [ 12.139856] [&lt;ffffffff81214940&gt;] ? cryptomgr_probe+0xb0/0xb0 [ 12.139954] [&lt;ffffffff81214978&gt;] ? cryptomgr_test+0x38/0x40 [ 12.140058] [&lt;ffffffff8105c53f&gt;] ? kthread+0xaf/0xc0 [ 12.140219] [&lt;ffffffff8105c490&gt;] ? kthread_create_on_node+0x110/0x110 [ 12.140382] [&lt;ffffffff814237ac&gt;] ? ret_from_fork+0x7c/0xb0 [ 12.140482] [&lt;ffffffff8105c490&gt;] ? kthread_create_on_node+0x110/0x110 [ 12.140585] Code: c4 40 00 00 48 8d 2d 9d 3f 00 00 f3 0f 6f 27 66 41 0f 38 00 e4 f3 0f 6f 6f 10 66 41 0f 38 00 ec f3 0f 6f 77 20 66 41 0f 38 00 f4 &lt;f3&gt; 0f 6f 7f 30 66 41 0f 38 00 fc 48 89 7c 24 08 48 c7 c7 03 00 [ 12.145708] RIP [&lt;ffffffffa016b083&gt;] loop0+0x27/0x44 [sha256_ssse3] [ 12.145885] RSP &lt;ffff8800b66b7af0&gt; [ 12.145979] CR2: ffff8800bb593000 [ 12.146075] ---[ end trace 0382cf30f3465fd1 ]--- [ 12.146173] note: cryptomgr_test[276] exited with preempt_count 1 [ 12.146347] BUG: scheduling while atomic: cryptomgr_test/276/0x10000001 [ 12.146485] Modules linked in: sha256_ssse3(+) sha256_generic twofish_generic twofish_x86_64_3way xts lrw gf128mul glue_helper twofish_x86_64 twofish_common cbc dm_crypt dm_mod netconsole sg sr_mod sd_mod cdrom crc_t10dif crc32c_intel microcode ahci libahci ehci_pci ehci_hcd libata scsi_mod r8169 mii usbcore usb_common thermal thermal_sys [ 12.150126] CPU: 3 PID: 276 Comm: cryptomgr_test Tainted: G D 3.10.0-rc1+ #2 [ 12.150282] Hardware name: Dell Inc. Vostro 3500/0NVXFV, BIOS A10 10/25/2010 [ 12.150428] ffffffff8141eaf7 ffffffff8141bca7 ffffffff8142167a 0000000000000035 [ 12.151034] 0000000000000046 ffff8800b66b7fd8 ffff8800b66b7fd8 ffff8800b66b7fd8 [ 12.151610] ffff880037572090 ffff8800b66b6000 ffff8800375725d0 0000000000000046 [ 12.152215] Call Trace: [ 12.152352] [&lt;ffffffff8141eaf7&gt;] ? dump_stack+0xc/0x15 [ 12.152496] [&lt;ffffffff8141bca7&gt;] ? __schedule_bug+0x3f/0x4c [ 12.152637] [&lt;ffffffff8142167a&gt;] ? __schedule+0x59a/0x650 [ 12.152764] [&lt;ffffffff81067ccd&gt;] ? __cond_resched+0x1d/0x30 [ 12.152898] [&lt;ffffffff814217a6&gt;] ? _cond_resched+0x26/0x30 [ 12.153033] [&lt;ffffffff81420405&gt;] ? mutex_lock+0x15/0x40 [ 12.153169] [&lt;ffffffff810cfba0&gt;] ? perf_event_exit_task+0x20/0x1e0 [ 12.153277] [&lt;ffffffff8103e24f&gt;] ? do_exit+0x29f/0xa10 [ 12.153414] [&lt;ffffffff81005ca6&gt;] ? oops_end+0x96/0xe0 [ 12.153550] [&lt;ffffffff8141afd9&gt;] ? no_context+0x24c/0x275 [ 12.153692] [&lt;ffffffff8102d51e&gt;] ? __do_page_fault+0x2ee/0x480 [ 12.153834] [&lt;ffffffff810db066&gt;] ? __alloc_pages_nodemask+0x106/0x8f0 [ 12.153962] [&lt;ffffffff81423332&gt;] ? page_fault+0x22/0x30 [ 12.154102] [&lt;ffffffffa016b083&gt;] ? loop0+0x27/0x44 [sha256_ssse3] [ 12.154232] [&lt;ffffffffa016dc4e&gt;] ? __sha256_ssse3_update+0x5e/0xe0 [sha256_ssse3] [ 12.154380] [&lt;ffffffffa016df15&gt;] ? sha256_ssse3_final+0x145/0x1ec [sha256_ssse3] [ 12.154532] [&lt;ffffffff81214362&gt;] ? shash_ahash_finup+0x32/0x80 [ 12.154660] [&lt;ffffffff81217523&gt;] ? test_hash+0x383/0x6b0 [ 12.154800] [&lt;ffffffff8120c8a0&gt;] ? crypto_mod_get+0x10/0x30 [ 12.154940] [&lt;ffffffff811186d6&gt;] ? __kmalloc+0x1c6/0x1f0 [ 12.155042] [&lt;ffffffff8120cdfc&gt;] ? __crypto_alg_lookup+0xac/0xf0 [ 12.155183] [&lt;ffffffff8120ca48&gt;] ? crypto_create_tfm+0x48/0xd0 [ 12.155327] [&lt;ffffffff812146cd&gt;] ? crypto_init_shash_ops_async+0x2d/0xd0 [ 12.155466] [&lt;ffffffff81217893&gt;] ? alg_test_hash+0x43/0xa0 [ 12.155609] [&lt;ffffffff81215b9b&gt;] ? alg_test+0x9b/0x230 [ 12.155746] [&lt;ffffffff81421351&gt;] ? __schedule+0x271/0x650 [ 12.155886] [&lt;ffffffff81214940&gt;] ? cryptomgr_probe+0xb0/0xb0 [ 12.156018] [&lt;ffffffff81214978&gt;] ? cryptomgr_test+0x38/0x40 [ 12.156150] [&lt;ffffffff8105c53f&gt;] ? kthread+0xaf/0xc0 [ 12.156275] [&lt;ffffffff8105c490&gt;] ? kthread_create_on_node+0x110/0x110 [ 12.156408] [&lt;ffffffff814237ac&gt;] ? ret_from_fork+0x7c/0xb0 [ 12.156542] [&lt;ffffffff8105c490&gt;] ? kthread_create_on_node+0x110/0x110 [ 16.822251] SysRq : Keyboard mode set to system default [ 18.165412] SysRq : Terminate All Tasks [ 18.165722] ------------[ cut here ]------------ [ 18.165825] WARNING: at crypto/algapi.c:329 crypto_wait_for_test+0x55/0x70() [ 18.165846] Modules linked in: sha256_ssse3(+) sha256_generic twofish_generic twofish_x86_64_3way xts lrw gf128mul glue_helper twofish_x86_64 twofish_common cbc dm_crypt dm_mod netconsole sg sr_mod sd_mod cdrom crc_t10dif crc32c_intel microcode ahci libahci ehci_pci ehci_hcd libata scsi_mod r8169 mii usbcore usb_common thermal thermal_sys [ 18.165847] CPU: 3 PID: 273 Comm: modprobe Tainted: G D W 3.10.0-rc1+ #2 [ 18.165849] Hardware name: Dell Inc. Vostro 3500/0NVXFV, BIOS A10 10/25/2010 [ 18.165851] ffffffff8141eaf7 ffffffff810390fa ffff8800b669b400 ffff8800b669b400 [ 18.165853] ffffffffa016f660 ffffffffa016f6b0 0000000000000001 ffffffff8120e4d5 [ 18.165854] 0000000000000000 ffffffff8120e634 ffffffffa0046000 0000000000000000 [ 18.165855] Call Trace: [ 18.165858] [&lt;ffffffff8141eaf7&gt;] ? dump_stack+0xc/0x15 [ 18.165861] [&lt;ffffffff810390fa&gt;] ? warn_slowpath_common+0x6a/0xa0 [ 18.165863] [&lt;ffffffff8120e4d5&gt;] ? crypto_wait_for_test+0x55/0x70 [ 18.165864] [&lt;ffffffff8120e634&gt;] ? crypto_register_alg+0x64/0x80 [ 18.165867] [&lt;ffffffffa0046000&gt;] ? 0xffffffffa0045fff [ 18.165868] [&lt;ffffffff810002fa&gt;] ? do_one_initcall+0x10a/0x160 [ 18.165873] [&lt;ffffffff81090a57&gt;] ? load_module+0x1b37/0x2450 [ 18.165875] [&lt;ffffffff8108ca90&gt;] ? unset_module_init_ro_nx+0x80/0x80 [ 18.165877] [&lt;ffffffff81091430&gt;] ? SyS_init_module+0xc0/0xf0 [ 18.165879] [&lt;ffffffff81423852&gt;] ? system_call_fastpath+0x16/0x1b [ 18.165880] ---[ end trace 0382cf30f3465fd2 ]--- [ 18.166140] bio: create slab &lt;bio-1&gt; at 1 [ 20.123114] SysRq : Kill All Tasks [ 20.882858] SysRq : Emergency Sync [ 20.883148] Emergency Sync complete [ 22.531845] SysRq : Emergency Remount R/O [ 22.532141] Emergency Remount complete [ 23.386434] SysRq : Resetting [ 23.386663] ACPI MEMORY or I/O RESET_REG. </pre> Julian Wollrath 2013-05-16T13:41:35 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8818 <pre>A great deal of these patches have now been applied through various trees. We now need to grab the attention of the outstanding DMA clients (MUSB and Crypto) to progress. Also, Linus could probably do with a hand from Vinod for the remaining dmaengine patches. Thanks in advance. Documentation/devicetree/bindings/dma/ste-dma40.txt | 4 ++ Documentation/devicetree/bindings/usb/ux500-usb.txt | 50 ++++++++++++++++++ arch/arm/mach-ux500/board-mop500-audio.c | 12 ++--- arch/arm/mach-ux500/board-mop500-sdi.c | 16 +++--- arch/arm/mach-ux500/board-mop500.c | 36 +++++-------- arch/arm/mach-ux500/cpu-db8500.c | 34 ++++-------- arch/arm/mach-ux500/devices-db8500.c | 80 ---------------------------- arch/arm/mach-ux500/usb.c | 37 +++---------- drivers/crypto/ux500/cryp/cryp.h | 7 ++- drivers/crypto/ux500/cryp/cryp_core.c | 31 ++++++++++- drivers/crypto/ux500/hash/hash_alg.h | 5 +- drivers/crypto/ux500/hash/hash_core.c | 24 ++++++++- drivers/dma/ste_dma40.c | 292 +++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------- drivers/dma/ste_dma40_ll.c | 189 +++++++++++++++++++++++++++++++++-------------------------------- drivers/dma/ste_dma40_ll.h | 3 +- drivers/usb/musb/ux500.c | 61 ++++++++++++++++++++- drivers/usb/musb/ux500_dma.c | 59 ++++++++++++--------- include/linux/platform_data/dma-ste-dma40.h | 25 ++------- include/linux/platform_data/usb-musb-ux500.h | 5 +- sound/soc/ux500/ux500_pcm.c | 10 ++-- 20 files changed, 506 insertions(+), 474 deletions(-) </pre> Lee Jones 2013-05-15T09:51:23 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8803 <pre>Hi, [1] patch at http://www.chronox.de/jent/jitterentropy-20130508.tar.bz2 A new version of the CPU Jitter random number generator is released at http://www.chronox.de/ . The heart of the RNG is about 30 lines of easy to read code. The readme in the main directory explains the different code files. In a previous attempt (http://lkml.org/lkml/2013/2/8/476), the first iteration received comments for the lack of tests, documentation and entropy assessment. All these concerns have been addressed. The documentation of the CPU Jitter random number generator (http://www.chronox.de/jent/doc/index.html and PDF at http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf -- the graphs and pictures are better in PDF) offers a full analysis of: - the root cause of entropy - a design of the RNG - statistical tests and analyses - entropy assessment and explanation of the flow of entropy The document also explains the core concept to have a fully decentralized entropy collector for every caller in need of entropy. The appendix of the documentation contains example use cases by providing link code to the Linux kernel crypto API, libgcrypt and OpenSSL. Links to other cryptographic libraries should be straight forward to implement. These implementations follow the concept of decentralized entropy collection. The man page provided with the source code explains the use of the API of the CPU Jitter random number generator. The test cases used to compile the documentation are available at the web site as well. Note: for the kernel crypto API, please read the provided Kconfig file for the provided switches and which of them are recommended in regular operation. These switches must currently be set manually in the Makefile. Ciao Stephan Signed-off-by: Stephan Mueller &lt;smueller&lt; at &gt;chronox.de&gt; </pre> Stephan Mueller 2013-05-13T15:32:18 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8801 <pre>SEQ IN PTR command does not require pointer if RTO or PRE bit is set Updated desc_constr.h accordingly. Signed-off-by: Andrei Varvara &lt;andrei.varvara&lt; at &gt;freescale.com&gt; Reviewed-by: Phillips Kim-R1AAHA &lt;Kim.Phillips&lt; at &gt;freescale.com&gt; Reviewed-by: Fleming Andrew-AFLEMING &lt;AFLEMING&lt; at &gt;freescale.com&gt; --- drivers/crypto/caam/desc.h | 4 ++-- drivers/crypto/caam/desc_constr.h | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/caam/desc.h b/drivers/crypto/caam/desc.h index f7f833b..89fa3d0 100644 --- a/drivers/crypto/caam/desc.h +++ b/drivers/crypto/caam/desc.h &lt; at &gt;&lt; at &gt; -1290,18 +1290,18 &lt; at &gt;&lt; at &gt; struct sec4_sg_entry { * SEQ_OUT_PTR Command Constructs */ /* Sequence pointer is a scatter-gather table */ #define SQOUT_SGF0x01000000 /* Appends to a previous pointer */ -#define SQOUT_PRE0x00800000 +#define SQOUT_PRESQIN_PRE /* Restore sequence with pointer/length */ -#define SQOUT_RTO0x00200000 +#define SQOUT_RTO SQIN_RTO /* Use extended length following pointer */ #define SQOUT_EXT0x00400000 #define SQOUT_LEN_SHIFT0 #define SQOUT_LEN_MASK(0xffff &lt;&lt; SQOUT_LEN_SHIFT) diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h index c85c1f0..19501b5 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h &lt; at &gt;&lt; at &gt; -118,15 +118,16 &lt; at &gt;&lt; at &gt; static inline void append_cmd_ptr(u32 *desc, dma_addr_t ptr, int len, } /* Write length after pointer, rather than inside command */ static inline void append_cmd_ptr_extlen(u32 *desc, dma_addr_t ptr, unsigned int len, u32 command) { append_cmd(desc, command); -append_ptr(desc, ptr); +if (!(command &amp; (SQIN_RTO | SQIN_PRE))) +append_ptr(desc, ptr); append_cmd(desc, len); } static inline void append_cmd_data(u32 *desc, void *data, int len, u32 command) { append_cmd(desc, command | IMMEDIATE | len); &lt; at &gt;&lt; at &gt; -182,15 +183,18 &lt; at &gt;&lt; at &gt; APPEND_CMD_PTR(fifo_store, FIFO_STORE) #define APPEND_SEQ_PTR_INTLEN(cmd, op) \ static inline void append_seq_##cmd##_ptr_intlen(u32 *desc, dma_addr_t ptr, \ unsigned int len, \ u32 options) \ { \ PRINT_POS; \ -append_cmd_ptr(desc, ptr, len, CMD_SEQ_##op##_PTR | options); \ +if (options &amp; (SQIN_RTO | SQIN_PRE)) \ +append_cmd(desc, CMD_SEQ_##op##_PTR | len | options); \ +else \ +append_cmd_ptr(desc, ptr, len, CMD_SEQ_##op##_PTR | options); \ } APPEND_SEQ_PTR_INTLEN(in, IN) APPEND_SEQ_PTR_INTLEN(out, OUT) #define APPEND_CMD_PTR_TO_IMM(cmd, op) \ static inline void append_##cmd##_as_imm(u32 *desc, void *data, \ unsigned int len, u32 options) \ </pre> Andrei Varvara 2013-05-13T14:37:57 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8795 <pre>In case Store command is used with overwrite Shared Descriptor feature there is no need for pointer, it is using the address from which the Shared Descriptor was fetched. Signed-off-by: Andrei Varvara &lt;andrei.varvara&lt; at &gt;freescale.com&gt; Reviewed-by: Phillips Kim-R1AAHA &lt;Kim.Phillips&lt; at &gt;freescale.com&gt; Reviewed-by: Fleming Andrew-AFLEMING &lt;AFLEMING&lt; at &gt;freescale.com&gt; --- drivers/crypto/caam/desc_constr.h | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) diff --git a/drivers/crypto/caam/desc_constr.h b/drivers/crypto/caam/desc_constr.h index 19501b5..fc4470a 100644 --- a/drivers/crypto/caam/desc_constr.h +++ b/drivers/crypto/caam/desc_constr.h &lt; at &gt;&lt; at &gt; -173,18 +173,34 &lt; at &gt;&lt; at &gt; static inline void append_##cmd(u32 *desc, dma_addr_t ptr, unsigned int len, \ u32 options) \ { \ PRINT_POS; \ append_cmd_ptr(desc, ptr, len, CMD_##op | options); \ } APPEND_CMD_PTR(key, KEY) APPEND_CMD_PTR(load, LOAD) -APPEND_CMD_PTR(store, STORE) APPEND_CMD_PTR(fifo_load, FIFO_LOAD) APPEND_CMD_PTR(fifo_store, FIFO_STORE) +static inline void append_store(u32 *desc, dma_addr_t ptr, unsigned int len, +u32 options) +{ +u32 cmd_src; + +cmd_src = options &amp; LDST_SRCDST_MASK; + +append_cmd(desc, CMD_STORE | options | len); + +/* The following options do not require pointer */ +if (!(cmd_src == LDST_SRCDST_WORD_DESCBUF_SHARED || + cmd_src == LDST_SRCDST_WORD_DESCBUF_JOB || + cmd_src == LDST_SRCDST_WORD_DESCBUF_JOB_WE || + cmd_src == LDST_SRCDST_WORD_DESCBUF_SHARED_WE)) +append_ptr(desc, ptr); +} + #define APPEND_SEQ_PTR_INTLEN(cmd, op) \ static inline void append_seq_##cmd##_ptr_intlen(u32 *desc, dma_addr_t ptr, \ unsigned int len, \ u32 options) \ { \ PRINT_POS; \ if (options &amp; (SQIN_RTO | SQIN_PRE)) \ </pre> Andrei Varvara 2013-05-13T14:50:51 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8792 <pre>Calling runtime PM API for every block causes serious perf hit to crypto operations that are done on a long buffer. As crypto is performed on a page boundary, encrypting large buffers can cause a series of crypto operations divided by page. The runtime PM API is also called those many times. We call runtime_pm_get_sync only at beginning of the session (cra_init) and runtime_pm_put at the end. This result in upto a 50% speedup as below: Before: root&lt; at &gt;beagleboard:~# time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 13310 aes-128-cbc's in 0.01s Doing aes-128-cbc for 3s on 64 size blocks: 13040 aes-128-cbc's in 0.04s Doing aes-128-cbc for 3s on 256 size blocks: 9134 aes-128-cbc's in 0.03s Doing aes-128-cbc for 3s on 1024 size blocks: 8939 aes-128-cbc's in 0.01s Doing aes-128-cbc for 3s on 8192 size blocks: 4299 aes-128-cbc's in 0.00s After: root&lt; at &gt;beagleboard:~# time -v openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 18911 aes-128-cbc's in 0.02s Doing aes-128-cbc for 3s on 64 size blocks: 18878 aes-128-cbc's in 0.02s Doing aes-128-cbc for 3s on 256 size blocks: 11878 aes-128-cbc's in 0.10s Doing aes-128-cbc for 3s on 1024 size blocks: 11538 aes-128-cbc's in 0.05s Doing aes-128-cbc for 3s on 8192 size blocks: 4857 aes-128-cbc's in 0.03s While at it, also drop enter and exit pr_debugs, in related code. tracers are exactly used for that. Tested on a Beaglebone (AM335x SoC) board. Signed-off-by: Joel A Fernandes &lt;joelagnel&lt; at &gt;ti.com&gt; --- drivers/crypto/omap-aes.c | 23 +++++++++++++++++++---- 1 files changed, 19 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 6aa425f..e6474eb 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c &lt; at &gt;&lt; at &gt; -208,7 +208,6 &lt; at &gt;&lt; at &gt; static int omap_aes_hw_init(struct omap_aes_dev *dd) * It may be long delays between requests. * Device might go to off mode to save power. */ -pm_runtime_get_sync(dd-&gt;dev); if (!(dd-&gt;flags &amp; FLAGS_INIT)) { dd-&gt;flags |= FLAGS_INIT; &lt; at &gt;&lt; at &gt; -636,7 +635,6 &lt; at &gt;&lt; at &gt; static void omap_aes_finish_req(struct omap_aes_dev *dd, int err) pr_debug("err: %d\n", err); -pm_runtime_put(dd-&gt;dev); dd-&gt;flags &amp;= ~FLAGS_BUSY; req-&gt;base.complete(&amp;req-&gt;base, err); &lt; at &gt;&lt; at &gt; -837,8 +835,16 &lt; at &gt;&lt; at &gt; static int omap_aes_ctr_decrypt(struct ablkcipher_request *req) static int omap_aes_cra_init(struct crypto_tfm *tfm) { -pr_debug("enter\n"); +struct omap_aes_dev *dd = NULL; + +/* Find AES device, currently picks the first device */ +spin_lock_bh(&amp;list_lock); +list_for_each_entry(dd, &amp;dev_list, list) { +break; +} +spin_unlock_bh(&amp;list_lock); +pm_runtime_get_sync(dd-&gt;dev); tfm-&gt;crt_ablkcipher.reqsize = sizeof(struct omap_aes_reqctx); return 0; &lt; at &gt;&lt; at &gt; -846,7 +852,16 &lt; at &gt;&lt; at &gt; static int omap_aes_cra_init(struct crypto_tfm *tfm) static void omap_aes_cra_exit(struct crypto_tfm *tfm) { -pr_debug("enter\n"); +struct omap_aes_dev *dd = NULL; + +/* Find AES device, currently picks the first device */ +spin_lock_bh(&amp;list_lock); +list_for_each_entry(dd, &amp;dev_list, list) { +break; +} +spin_unlock_bh(&amp;list_lock); + +pm_runtime_put_sync(dd-&gt;dev); } /* ********************** ALGS ************************************ */ </pre> Joel A Fernandes 2013-05-11T17:23:44 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8786 <pre>Hi! I am working on a driver for the data co processor of freescale's imx28 (should also work on mx23 and mx5). I noticed that Christoph sent a patch for this device some days ago to the crypto mailing list. As far as I see this is basically the Freescale-SDK driver with some modifications for mainline. This was also my first approach. Since this driver has some problems (duplicated code, mutex in atomic context) I decided to get the reference manual and write the driver from scratch. To prevent double work (in case Christoph or someone else does the same thing), I want to share my work here now. This is my first real kernel driver so it would be nice if someone could take some time to find the noob-mistakes and send me feedback. Things I'm working on: - get rid of the global device - at the moment the number of entries of the in/out scatterlist is limited to 20. I am working on a ringbuffer where the CPU fills the co-processors buffer while it iterates through the pages. - overall performance - ATM each scatterlist entry of the request has to be aligned to AES_BLOCK_SIZE. Since I was not able to find a documentation, I want to ask if my idea is the right approach to solve this problem: use a ablkcipher walk ,iterate through this walk and do dma_map_single for each buffer instead of the whole scatterlist. regards, Tobias </pre> Tobias Rauter 2013-05-08T18:41:12 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8781 <pre> Entschuldigungen für kommen in Ihre Privatsphäre! Ich bin Rechtsanwalt Werner Erich Zeller; Ich habe einen meiner einflussreichen und wohlhabenden Kunden zum Tode; und er hatte eine sehr geheime und private Investitionen von €15,000,000.00 bei einer privaten Bank in Großbritannien hier zu Lebzeiten. Diese Investition wurde ohne einen deklarierten nächsten Angehörigen und begünstigte. Jetzt brauche ich Sie arbeiten mit mir als mein Partner zu erholen und zu je 50 % Aktienfonds. Alle Dokumente werden rechtlich beantragt und beschafft, und in 5 Werktage, wird diese Transaktion auftreten. Aber ich brauche einen ernsten, treuen und glaubwürdigen Partner. Bitte senden Sie mir eine vertrauliche Antwort, wenn Sie denken, Sie vertraut werden können und sind von den Qualitäten! Ich warte auf Ihre schnelle Antwort. Werner Erich Zeller (Rechtsanwalt) Rufen Sie + 44-702-409-0820 (Office) </pre> John P. Goldman 2013-05-08T08:46:28 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8774 <pre>The driver core clears the driver data to NULL after device_release or on probe failure, since commit 0998d0631001288a5974afc0b2a5f568bcdecb4d (device-core: Ensure drvdata = NULL when no driver is bound). Thus, it is not needed to manually clear the device driver data to NULL. Signed-off-by: Jingoo Han &lt;jg1.han&lt; at &gt;samsung.com&gt; --- drivers/crypto/s5p-sss.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 4b31432..cf149b1 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c &lt; at &gt;&lt; at &gt; -647,7 +647,6 &lt; at &gt;&lt; at &gt; static int s5p_aes_probe(struct platform_device *pdev) clk_disable(pdata-&gt;clk); s5p_dev = NULL; -platform_set_drvdata(pdev, NULL); return err; } &lt; at &gt;&lt; at &gt; -668,7 +667,6 &lt; at &gt;&lt; at &gt; static int s5p_aes_remove(struct platform_device *pdev) clk_disable(pdata-&gt;clk); s5p_dev = NULL; -platform_set_drvdata(pdev, NULL); return 0; } </pre> Jingoo Han 2013-05-06T03:49:28 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8773 <pre>The driver core clears the driver data to NULL after device_release or on probe failure, since commit 0998d0631001288a5974afc0b2a5f568bcdecb4d (device-core: Ensure drvdata = NULL when no driver is bound). Thus, it is not needed to manually clear the device driver data to NULL. Signed-off-by: Jingoo Han &lt;jg1.han&lt; at &gt;samsung.com&gt; --- drivers/crypto/mv_cesa.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c index ce6290e..3374a3e 100644 --- a/drivers/crypto/mv_cesa.c +++ b/drivers/crypto/mv_cesa.c &lt; at &gt;&lt; at &gt; -1146,7 +1146,6 &lt; at &gt;&lt; at &gt; err_unmap_reg: err: kfree(cp); cpg = NULL; -platform_set_drvdata(pdev, NULL); return ret; } </pre> Jingoo Han 2013-05-06T03:48:41 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8772 <pre></pre> Webmaster Help Desk 2013-05-03T16:12:46 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8765 <pre>Commit 0998d06310 (device-core: Ensure drvdata = NULL when no driver is bound) removes the need to set driver data field to NULL. Signed-off-by: Sachin Kamat &lt;sachin.kamat&lt; at &gt;linaro.org&gt; Cc: Sebastian Andrzej Siewior &lt;sebastian&lt; at &gt;breakpoint.cc&gt; --- drivers/crypto/mv_cesa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/crypto/mv_cesa.c b/drivers/crypto/mv_cesa.c index ce6290e..3374a3e 100644 --- a/drivers/crypto/mv_cesa.c +++ b/drivers/crypto/mv_cesa.c &lt; at &gt;&lt; at &gt; -1146,7 +1146,6 &lt; at &gt;&lt; at &gt; err_unmap_reg: err: kfree(cp); cpg = NULL; -platform_set_drvdata(pdev, NULL); return ret; } </pre> Sachin Kamat 2013-05-03T09:18:14 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8763 <pre>Replace calls to deprecated devm_request_and_ioremap by devm_ioremap_resource. Found with coccicheck and this semantic patch: scripts/coccinelle/api/devm_request_and_ioremap.cocci. Signed-off-by: Laurent Navet &lt;laurent.navet&lt; at &gt;gmail.com&gt; --- drivers/crypto/omap-aes.c | 7 +++---- drivers/crypto/omap-sham.c | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c index 6aa425f..158215c 100644 --- a/drivers/crypto/omap-aes.c +++ b/drivers/crypto/omap-aes.c &lt; at &gt;&lt; at &gt; -1125,10 +1125,9 &lt; at &gt;&lt; at &gt; static int omap_aes_probe(struct platform_device *pdev) if (err) goto err_res; -dd-&gt;io_base = devm_request_and_ioremap(dev, &amp;res); -if (!dd-&gt;io_base) { -dev_err(dev, "can't ioremap\n"); -err = -ENOMEM; +dd-&gt;io_base = devm_ioremap_resource(dev, &amp;res); +if (IS_ERR(dd-&gt;io_base)) { +err = PTR_ERR(dd-&gt;io_base); goto err_res; } dd-&gt;phys_base = res.start; diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c index 3d1611f..4d9cca6 100644 --- a/drivers/crypto/omap-sham.c +++ b/drivers/crypto/omap-sham.c &lt; at &gt;&lt; at &gt; -1686,10 +1686,9 &lt; at &gt;&lt; at &gt; static int omap_sham_probe(struct platform_device *pdev) if (err) goto res_err; -dd-&gt;io_base = devm_request_and_ioremap(dev, &amp;res); -if (!dd-&gt;io_base) { -dev_err(dev, "can't ioremap\n"); -err = -ENOMEM; +dd-&gt;io_base = devm_ioremap_resource(dev, &amp;res); +if (IS_ERR(dd-&gt;io_base)) { +err = PTR_ERR(dd-&gt;io_base); goto res_err; } dd-&gt;phys_base = res.start; </pre> Laurent Navet 2013-05-02T12:00:38 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8752 <pre>Currently the CRC-T10DIF checksum is computed using a generic table lookup algorithm. By switching the checksum to PCLMULQDQ based computation, we can speedup the computation by 8x for checksumming 512 bytes and even more for larger buffer size. This will improve performance of SCSI drivers turning on the CRC-T10IDF checksum. In our SSD based experiments, we have seen increase disk throughput by 3.5x with T10DIF for 512 byte block size. This patch set provides the x86_64 routine using PCLMULQDQ instruction and switches the crc_t10dif library function to use the faster PCLMULQDQ based routine when available. Tim v3 1. Update the crct10dif crypto transform used in the crct10dif library in a safe way. 2. Load the accelerated t10dif transform for the x86_64 cpus that support it. 3. Added generic crct10dif crypto transform. v2 1. Get rid of unnecessary xmm registers save and restore and fix ENDPROC position in PCLMULQDQ version of crc t10dif computation. 2. Fix URL to paper reference of CRC computation with PCLMULQDQ. 3. Add one additional tcrypt test case to exercise more code paths through crc t10dif computation. 4. Fix config dependencies of CRYPTO_CRCT10DIF. Thanks to Herbert Xu, Matthew Wilcox and Jussi Kivilinna who reviewed the patches and Keith Busch for testing version 1 of the patch set. Tim Chen (4): Wrap crc_t10dif function all to use crypto transform framework Accelerated CRC T10 DIF computation with PCLMULQDQ instruction Glue code to cast accelerated CRCT10DIF assembly as a crypto transform Simple correctness and speed test for CRCT10DIF hash arch/x86/crypto/Makefile | 2 + arch/x86/crypto/crct10dif-pcl-asm_64.S | 643 ++++++++++++++++++++++++++++++++ arch/x86/crypto/crct10dif-pclmul_glue.c | 157 ++++++++ crypto/Kconfig | 20 + crypto/Makefile | 1 + crypto/crct10dif.c | 126 +++++++ crypto/tcrypt.c | 8 + crypto/testmgr.c | 10 + crypto/testmgr.h | 33 ++ include/linux/crc-t10dif.h | 5 + lib/crc-t10dif.c | 95 ++++- 11 files changed, 1098 insertions(+), 2 deletions(-) create mode 100644 arch/x86/crypto/crct10dif-pcl-asm_64.S create mode 100644 arch/x86/crypto/crct10dif-pclmul_glue.c create mode 100644 crypto/crct10dif.c </pre> Tim Chen 2013-05-01T19:52:47 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8747 <pre>From: "Christoph G. Baumann" &lt;cb&lt; at &gt;sgoc.de&gt; Following Shawn Guo's (maintainer of the Freescale MXS platform) I post this patch on linux-crypto: This patch is based on the original driver by Freescale. The driver gives access to the DCP crypto core which can accelerate AES and SHA operations. It was ported to the current API and sanitized to please checkpatch.pl. Christoph G. Baumann (2): crypto: added support for fsl-dcp on iMX23,28,50 crypto: added support for fsl-dcp on iMX23,28,50 arch/arm/boot/dts/imx28.dtsi | 2 +- drivers/staging/Kconfig | 2 + drivers/staging/Makefile | 1 + drivers/staging/crypto/Kconfig | 15 + drivers/staging/crypto/Makefile | 1 + drivers/staging/crypto/fsl-dcp.c | 1790 ++++++++++++++++++++++++++ drivers/staging/crypto/fsl-dcp.h | 739 +++++++++++ include/linux/fsl/fsl-dcp_bootstream_ioctl.h | 32 + 8 files changed, 2581 insertions(+), 1 deletion(-) create mode 100644 drivers/staging/crypto/Kconfig create mode 100644 drivers/staging/crypto/Makefile create mode 100644 drivers/staging/crypto/fsl-dcp.c create mode 100644 drivers/staging/crypto/fsl-dcp.h create mode 100644 include/linux/fsl/fsl-dcp_bootstream_ioctl.h </pre> Christoph G. Baumann 2013-04-29T19:58:34 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8738 <pre>For SEC including a RNG block version &gt;= 4, special initialization must occur before any descriptor that uses RNG block can be submitted. This initialization is required not only for SEC with version greater than 5.0, but for SEC with RNG version &gt;=4. There may be a case where RNG has already been instantiated by u-boot or boot ROM code.In such SoCs, if RNG is initialized again SEC would returns "Instantiation error". Hence, the initialization status of RNG4 should be also checked before doing RNG init. Signed-off-by: Ruchika Gupta &lt;ruchika.gupta&lt; at &gt;freescale.com&gt; Signed-off-by: Alex Porosanu &lt;alexandru.porosanu&lt; at &gt;freescale.com&gt; Signed-off-by: Andy Fleming &lt;afleming&lt; at &gt;freescale.com&gt; --- This patch supersedes the patchset submitted earlier http://www.mail-archive.com/linux-crypto&lt; at &gt;vger.kernel.org/msg08348.html crypto: caam - support for RNG version retrieval crypto: caam - fix RNG init for SEC with RNG version greater than 4 drivers/crypto/caam/ctrl.c | 10 +++++++--- drivers/crypto/caam/regs.h | 42 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 19faea2..644d145 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c &lt; at &gt;&lt; at &gt; -202,6 +202,7 &lt; at &gt;&lt; at &gt; static int caam_probe(struct platform_device *pdev) #ifdef CONFIG_DEBUG_FS struct caam_perfmon *perfmon; #endif +u64 cha_vid; ctrlpriv = kzalloc(sizeof(struct caam_drv_private), GFP_KERNEL); if (!ctrlpriv) &lt; at &gt;&lt; at &gt; -293,11 +294,14 &lt; at &gt;&lt; at &gt; static int caam_probe(struct platform_device *pdev) return -ENOMEM; } +cha_vid = rd_reg64(&amp;topregs-&gt;ctrl.perfmon.cha_id); + /* - * RNG4 based SECs (v5+) need special initialization prior - * to executing any descriptors + * If SEC has RNG version &gt;= 4 and RNG state handle has not been + * already instantiated ,do RNG instantiation */ -if (of_device_is_compatible(nprop, "fsl,sec-v5.0")) { +if ((cha_vid &amp; CHA_ID_RNG_MASK) &gt;&gt; CHA_ID_RNG_SHIFT &gt;= 4 &amp;&amp; + !(rd_reg32(&amp;topregs-&gt;ctrl.r4tst[0].rdsta) &amp; RDSTA_IF0)) { kick_trng(pdev); ret = instantiate_rng(ctrlpriv-&gt;jrdev[0]); if (ret) { diff --git a/drivers/crypto/caam/regs.h b/drivers/crypto/caam/regs.h index cd6feda..c09142f 100644 --- a/drivers/crypto/caam/regs.h +++ b/drivers/crypto/caam/regs.h &lt; at &gt;&lt; at &gt; -117,6 +117,43 &lt; at &gt;&lt; at &gt; struct jr_outentry { #define CHA_NUM_DECONUM_SHIFT56 #define CHA_NUM_DECONUM_MASK(0xfull &lt;&lt; CHA_NUM_DECONUM_SHIFT) +/* CHA Version IDs */ +#define CHA_ID_AES_SHIFT0 +#define CHA_ID_AES_MASK(0xfull &lt;&lt; CHA_ID_AES_SHIFT) + +#define CHA_ID_DES_SHIFT4 +#define CHA_ID_DES_MASK(0xfull &lt;&lt; CHA_ID_DES_SHIFT) + +#define CHA_ID_ARC4_SHIFT8 +#define CHA_ID_ARC4_MASK(0xfull &lt;&lt; CHA_ID_ARC4_SHIFT) + +#define CHA_ID_MD_SHIFT12 +#define CHA_ID_MD_MASK(0xfull &lt;&lt; CHA_ID_MD_SHIFT) + +#define CHA_ID_RNG_SHIFT16 +#define CHA_ID_RNG_MASK(0xfull &lt;&lt; CHA_ID_RNG_SHIFT) + +#define CHA_ID_SNW8_SHIFT20 +#define CHA_ID_SNW8_MASK(0xfull &lt;&lt; CHA_ID_SNW8_SHIFT) + +#define CHA_ID_KAS_SHIFT24 +#define CHA_ID_KAS_MASK(0xfull &lt;&lt; CHA_ID_KAS_SHIFT) + +#define CHA_ID_PK_SHIFT28 +#define CHA_ID_PK_MASK(0xfull &lt;&lt; CHA_ID_PK_SHIFT) + +#define CHA_ID_CRC_SHIFT32 +#define CHA_ID_CRC_MASK(0xfull &lt;&lt; CHA_ID_CRC_SHIFT) + +#define CHA_ID_SNW9_SHIFT36 +#define CHA_ID_SNW9_MASK(0xfull &lt;&lt; CHA_ID_SNW9_SHIFT) + +#define CHA_ID_DECO_SHIFT56 +#define CHA_ID_DECO_MASK(0xfull &lt;&lt; CHA_ID_DECO_SHIFT) + +#define CHA_ID_JR_SHIFT60 +#define CHA_ID_JR_MASK(0xfull &lt;&lt; CHA_ID_JR_SHIFT) + struct sec_vid { u16 ip_id; u8 maj_rev; &lt; at &gt;&lt; at &gt; -228,7 +265,10 &lt; at &gt;&lt; at &gt; struct rng4tst { u32 rtfrqmax;/* PRGM=1: freq. count max. limit register */ u32 rtfrqcnt;/* PRGM=0: freq. count register */ }; -u32 rsvd1[56]; +u32 rsvd1[40]; +#define RDSTA_IF0 0x00000001 +u32 rdsta; +u32 rsvd2[15]; }; /* </pre> Ruchika Gupta 2013-04-26T10:14:54 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8716 <pre>The current code increases its stack frame size a couple of times throughout the function, but still performs some writes below the stack pointer. This change applies the fix from the original author so all writes to the stack are above the stack pointer. Taken from origin: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1a9d60d2 Signed-off-by: Ard Biesheuvel &lt;ard.biesheuvel&lt; at &gt;linaro.org&gt; --- arch/arm/crypto/sha1-armv4-large.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/crypto/sha1-armv4-large.S b/arch/arm/crypto/sha1-armv4-large.S index 92c6eed..99207c4 100644 --- a/arch/arm/crypto/sha1-armv4-large.S +++ b/arch/arm/crypto/sha1-armv4-large.S &lt; at &gt;&lt; at &gt; -195,6 +195,7 &lt; at &gt;&lt; at &gt; ENTRY(sha1_block_data_order) addr3,r3,r10&lt; at &gt; E+=F_00_19(B,C,D) cmpr14,sp bne.L_00_15&lt; at &gt; [((11+4)*5+2)*3] +subsp,sp,#25*4 #if __ARM_ARCH__&lt;7 ldrbr10,[r1,#2] ldrbr9,[r1,#3] &lt; at &gt;&lt; at &gt; -290,7 +291,6 &lt; at &gt;&lt; at &gt; ENTRY(sha1_block_data_order) addr3,r3,r10&lt; at &gt; E+=F_00_19(B,C,D) ldrr8,.LK_20_39&lt; at &gt; [+15+16*4] -subsp,sp,#25*4 cmnsp,#0&lt; at &gt; [+3], clear carry to denote 20_39 .L_20_39_or_60_79: ldrr9,[r14,#15*4] </pre> Ard Biesheuvel 2013-04-25T12:51:50 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8676 <pre>The job ring init function creates a platform device for each job ring. While the job ring is shutdown, e.g. while caam module removal, its platform device was not being removed. This leads to failure while reinsertion and then removal of caam module second time. The following kernel crash dump appears when caam module is reinserted and then removed again. This patch fixes it. root&lt; at &gt;p4080ds:~# rmmod caam.ko Unable to handle kernel paging request for data at address 0x00000008 Faulting instruction address: 0xf94aca18 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=8 P4080 DS Modules linked in: caam(-) qoriq_dbg(O) [last unloaded: caam] NIP: f94aca18 LR: f94aca18 CTR: c029f950 REGS: eac47d60 TRAP: 0300 Tainted: G O (3.8.4-rt2) MSR: 00029002 &lt;CE,EE,ME&gt; CR: 22022484 XER: 20000000 DEAR: 00000008, ESR: 00000000 TASK = e49dfaf0[2110] 'rmmod' THREAD: eac46000 CPU: 1 GPR00: f94ad3f4 eac47e10 e49dfaf0 00000000 00000005 ea2ac210 ffffffff 00000000 GPR08: c286de68 e4977ce0 c029b1c0 00000001 c029f950 10029738 00000000 100e0000 GPR16: 00000000 10023d00 1000cbdc 1000cb8c 1000cbb8 00000000 c07dfecc 00000000 GPR24: c07e0000 00000000 1000cbd8 f94e0000 ffffffff 00000000 ea53cd40 00000000 NIP [f94aca18] caam_reset_hw_jr+0x18/0x1c0 [caam] LR [f94aca18] caam_reset_hw_jr+0x18/0x1c0 [caam] Call Trace: [eac47e10] [eac47e30] 0xeac47e30 (unreliable) [eac47e20] [f94ad3f4] caam_jr_shutdown+0x34/0x220 [caam] [eac47e60] [f94ac0e4] caam_remove+0x54/0xb0 [caam] [eac47e80] [c029fb38] __device_release_driver+0x68/0x120 [eac47e90] [c02a05c8] driver_detach+0xd8/0xe0 [eac47eb0] [c029f8e0] bus_remove_driver+0xa0/0x110 [eac47ed0] [c00768e4] sys_delete_module+0x144/0x270 [eac47f40] [c000e2f0] ret_from_syscall+0x0/0x3c Signed-off-by: Vakul Garg &lt;vakul&lt; at &gt;freescale.com&gt; Signed-off-by: Bharat Bhushan &lt;bharat.bhushan&lt; at &gt;freescale.com&gt; --- Changes in v1: Addressed Horia's comments regarding commit log. drivers/crypto/caam/intern.h | 1 + drivers/crypto/caam/jr.c | 4 ++++ 2 files changed, 5 insertions(+), 0 deletions(-) diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index 5cd4c1b..e4a16b7 100644 --- a/drivers/crypto/caam/intern.h +++ b/drivers/crypto/caam/intern.h &lt; at &gt;&lt; at &gt; -41,6 +41,7 &lt; at &gt;&lt; at &gt; struct caam_jrentry_info { /* Private sub-storage for a single JobR */ struct caam_drv_private_jr { struct device *parentdev;/* points back to controller dev */ +struct platform_device *jr_pdev;/* points to platform device for JR */ int ridx; struct caam_job_ring __iomem *rregs;/* JobR's register space */ struct tasklet_struct irqtask; diff --git a/drivers/crypto/caam/jr.c b/drivers/crypto/caam/jr.c index 93d1407..b4aa773e 100644 --- a/drivers/crypto/caam/jr.c +++ b/drivers/crypto/caam/jr.c &lt; at &gt;&lt; at &gt; -407,6 +407,7 &lt; at &gt;&lt; at &gt; int caam_jr_shutdown(struct device *dev) dma_free_coherent(dev, sizeof(struct jr_outentry) * JOBR_DEPTH, jrp-&gt;outring, outbusaddr); kfree(jrp-&gt;entinfo); +of_device_unregister(jrp-&gt;jr_pdev); return ret; } &lt; at &gt;&lt; at &gt; -454,6 +455,8 &lt; at &gt;&lt; at &gt; int caam_jr_probe(struct platform_device *pdev, struct device_node *np, kfree(jrpriv); return -EINVAL; } + +jrpriv-&gt;jr_pdev = jr_pdev; jrdev = &amp;jr_pdev-&gt;dev; dev_set_drvdata(jrdev, jrpriv); ctrlpriv-&gt;jrdev[ring] = jrdev; &lt; at &gt;&lt; at &gt; -472,6 +475,7 &lt; at &gt;&lt; at &gt; int caam_jr_probe(struct platform_device *pdev, struct device_node *np, /* Now do the platform independent part */ error = caam_jr_init(jrdev); /* now turn on hardware */ if (error) { +of_device_unregister(jr_pdev); kfree(jrpriv); return error; } </pre> Vakul Garg 2013-04-15T04:25:51 http://comments.gmane.org/gmane.linux.kernel.cryptoapi/8674 <pre>When user requests encryption (or decryption) of block which is not aligned to cipher block size through userspace crypto interface, an OOps like this can happen: [ 112.738285] BUG: unable to handle kernel paging request at e1c44840 [ 112.738407] IP: [&lt;c121f473&gt;] scatterwalk_done+0x53/0x70 ... [ 112.740515] Call Trace: [ 112.740588] [&lt;c1221d30&gt;] blkcipher_walk_done+0x160/0x1e0 [ 112.740663] [&lt;c12220c8&gt;] blkcipher_walk_next+0x318/0x3c0 [ 112.740737] [&lt;c12221e0&gt;] blkcipher_walk_first+0x70/0x160 [ 112.740811] [&lt;c1222327&gt;] blkcipher_walk_virt+0x17/0x20 [ 112.740886] [&lt;e0ce4249&gt;] cbc_encrypt+0x29/0x100 [aesni_intel] [ 112.740968] [&lt;c1029f73&gt;] ? get_user_pages_fast+0x123/0x150 [ 112.741046] [&lt;c106e7db&gt;] ? trace_hardirqs_on+0xb/0x10 [ 112.741119] [&lt;e081e1c9&gt;] __ablk_encrypt+0x39/0x40 [ablk_helper] [ 112.741198] [&lt;e081e1ea&gt;] ablk_encrypt+0x1a/0x70 [ablk_helper] [ 112.741275] [&lt;e0f715ac&gt;] skcipher_recvmsg+0x20c/0x400 [algif_skcipher] [ 112.741359] [&lt;c1056a1d&gt;] ? sched_clock_cpu+0x11d/0x1a0 [ 112.741435] [&lt;c10a5eb9&gt;] ? find_get_page+0x79/0xc0 [ 112.741509] [&lt;c135e034&gt;] sock_aio_read+0x104/0x140 [ 112.741580] [&lt;c10be638&gt;] ? __do_fault+0x248/0x420 [ 112.741650] [&lt;c10d3d27&gt;] do_sync_read+0x97/0xd0 [ 112.741719] [&lt;c10d45ed&gt;] vfs_read+0x11d/0x140 [ 112.741789] [&lt;c135f683&gt;] ? sys_socketcall+0x2a3/0x320 [ 112.741861] [&lt;c10d4762&gt;] sys_read+0x42/0x90 [ 112.742578] [&lt;c141c27a&gt;] sysenter_do_call+0x12/0x32 Patch fixes it by simply rejecting buffer which is not multiple of cipher block. (Bug is present in all stable kernels as well.) Signed-off-by: Milan Broz &lt;gmazyland&lt; at &gt;gmail.com&gt; --- crypto/algif_skcipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 6a6dfc0..5f7713b 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c &lt; at &gt;&lt; at &gt; -463,7 +463,7 &lt; at &gt;&lt; at &gt; static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, used -= used % bs; err = -EINVAL; -if (!used) +if (!used || used % bs) goto free; ablkcipher_request_set_crypt(&amp;ctx-&gt;req, sg, </pre> Milan Broz 2013-04-14T16:12:32 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.linux.kernel.cryptoapi