user/sven/linux.git/drivers/crypto, branch v5.4.128 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.4.128 2021-05-14T07:44:20Z crypto: qat - Fix a double free in adf_create_ring 2021-05-14T07:44:20Z Lv Yunlong lyl2019@mail.ustc.edu.cn 2021-04-02T17:13:48Z urn:sha1:19d16a6897931b0dc61c1d2ab7c6cefbf809c186 [ Upstream commit f7cae626cabb3350b23722b78fe34dd7a615ca04 ] In adf_create_ring, if the callee adf_init_ring() failed, the callee will free the ring->base_addr by dma_free_coherent() and return -EFAULT. Then adf_create_ring will goto err and the ring->base_addr will be freed again in adf_cleanup_ring(). My patch sets ring->base_addr to NULL after the first freed to avoid the double free. Fixes: a672a9dc872ec ("crypto: qat - Intel(R) QAT transport code") Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - fix error path in adf_isr_resource_alloc() 2021-05-14T07:44:19Z Giovanni Cabiddu giovanni.cabiddu@intel.com 2021-03-25T08:34:18Z urn:sha1:c675ead206b758285555409e934b70bdc48750f0 [ Upstream commit 83dc1173d73f80cbce2fee4d308f51f87b2f26ae ] The function adf_isr_resource_alloc() is not unwinding correctly in case of error. This patch fixes the error paths and propagate the errors to the caller. Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Marco Chiappero <marco.chiappero@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init 2021-05-14T07:44:18Z Tong Zhang ztong0001@gmail.com 2021-03-19T03:40:00Z urn:sha1:05ec8192ee4bfdf2a8894a68350dac9f1a155fa6 [ Upstream commit 8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446 ] ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the vf2pf_lock is initialized in adf_dev_init(), which can fail and when it fail, the vf2pf_lock is either not initialized or destroyed, a subsequent use of vf2pf_lock will cause issue. To fix this issue, only set this flag if adf_dev_init() returns 0. [ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0 [ 7.180345] Call Trace: [ 7.182576] mutex_lock+0xc9/0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf] Signed-off-by: Tong Zhang <ztong0001@gmail.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Fixes: 25c6ffb249f6 ("crypto: qat - check if PF is running") Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - don't release uninitialized resources 2021-05-14T07:44:18Z Tong Zhang ztong0001@gmail.com 2021-03-19T03:39:59Z urn:sha1:2a41049a0e2124ad306395ea5c9c3629faa0a701 [ Upstream commit b66accaab3791e15ac99c92f236d0d3a6d5bd64e ] adf_vf_isr_resource_alloc() is not unwinding correctly when error happens and it want to release uninitialized resources. To fix this, only release initialized resources. [ 1.792845] Trying to free already-free IRQ 11 [ 1.793091] WARNING: CPU: 0 PID: 182 at kernel/irq/manage.c:1821 free_irq+0x202/0x380 [ 1.801340] Call Trace: [ 1.801477] adf_vf_isr_resource_free+0x32/0xb0 [intel_qat] [ 1.801785] adf_vf_isr_resource_alloc+0x14d/0x150 [intel_qat] [ 1.802105] adf_dev_init+0xba/0x140 [intel_qat] Signed-off-by: Tong Zhang <ztong0001@gmail.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Fixes: dd0f368398ea ("crypto: qat - Add qat dh895xcc VF driver") Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: omap-aes - Fix PM reference leak on omap-aes.c 2021-05-11T12:04:07Z Shixin Liu liushixin2@huawei.com 2021-04-08T07:18:39Z urn:sha1:229d2c12f1eb4492df87988214d373fe001a378c [ Upstream commit 1f34cc4a8da34fbb250efb928f9b8c6fe7ee0642 ] pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. Signed-off-by: Shixin Liu <liushixin2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c 2021-05-11T12:04:07Z Shixin Liu liushixin2@huawei.com 2021-04-08T07:18:36Z urn:sha1:5c411b92439da8447147b657bf4de48b9d517f43 [ Upstream commit 747bf30fd944f02f341b5f3bc7d97a13f2ae2fbe ] pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. Signed-off-by: Shixin Liu <liushixin2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: stm32/hash - Fix PM reference leak on stm32-hash.c 2021-05-11T12:04:07Z Shixin Liu liushixin2@huawei.com 2021-04-08T07:18:35Z urn:sha1:e6d5c66737a9269bb28ee7efb1d186fe7d5bf336 [ Upstream commit 1cb3ad701970e68f18a9e5d090baf2b1b703d729 ] pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. Signed-off-by: Shixin Liu <liushixin2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - fix unmap invalid dma address 2021-05-11T12:04:05Z Hui Tang tanghui20@huawei.com 2021-03-05T06:35:01Z urn:sha1:28da0edb56aea4531df86cddab5537ca94d803c8 [ Upstream commit 792b32fad548281e1b7fe14df9063a96c54b32a2 ] 'dma_mapping_error' return a negative value if 'dma_addr' is equal to 'DMA_MAPPING_ERROR' not zero, so fix initialization of 'dma_addr'. Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: sun4i-ss - initialize need_fallback 2021-03-04T09:26:45Z Corentin Labbe clabbe@baylibre.com 2020-12-14T20:02:29Z urn:sha1:0d95bdee02ad96ca53435bdcfb06059e6f997fcb commit 4ec8977b921fd9d512701e009ce8082cb94b5c1c upstream. The need_fallback is never initialized and seem to be always true at runtime. So all hardware operations are always bypassed. Fixes: 0ae1f46c55f87 ("crypto: sun4i-ss - fallback when length is not multiple of blocksize") Cc: <stable@vger.kernel.org> Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> crypto: sun4i-ss - handle BigEndian for cipher 2021-03-04T09:26:45Z Corentin Labbe clabbe@baylibre.com 2020-12-14T20:02:28Z urn:sha1:903f576f4e66089600d69704e2a68f817c390ac6 commit 5ab6177fa02df15cd8a02a1f1fb361d2d5d8b946 upstream. Ciphers produce invalid results on BE. Key and IV need to be written in LE. Fixes: 6298e948215f2 ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator") Cc: <stable@vger.kernel.org> Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>