Skip to content

Commit

Permalink
crypto: caam - use len instead of nents for bulding HW S/G table
Browse files Browse the repository at this point in the history 
Currently, conversion of SW S/G table into HW S/G layout relies on
nents returned by sg_nents_for_len(sg, len).
However this leaves the possibility of HW S/G referencing more data
then needed: since buffer length in HW S/G entries is filled using
sg_dma_len(sg), the last entry in HW S/G table might have a length
that is bigger than needed for the crypto request.

This way of S/G table conversion is fine, unless after converting a table
more entries have to be appended to the HW S/G table.
In this case, crypto engine would access data from the S/G entry having
the incorrect length, instead of advancing in the S/G table.
This situation doesn't exist, but the upcoming implementation of
IV update for skcipher algorithms needs to add a S/G entry after
req->dst S/G (corresponding to output IV).

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
@horiag @herbertx
horiag authored and herbertx committed Jun 20, 2019
1 parent 1fa6d05 commit 059d73e
Show file tree
Hide file tree
Showing 8 changed files with 105 additions and 99 deletions.
35 changes: 17 additions & 18 deletions drivers/crypto/caam/caamalg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1284,37 +1284,36 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
GFP_KERNEL : GFP_ATOMIC;
int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
int src_len, dst_len = 0;
struct aead_edesc *edesc;
int sec4_sg_index, sec4_sg_len, sec4_sg_bytes;
unsigned int authsize = ctx->authsize;

if (unlikely(req->dst != req->src)) {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen);
src_len = req->assoclen + req->cryptlen;
dst_len = src_len + (encrypt ? authsize : (-authsize));

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen);
src_len);
return ERR_PTR(src_nents);
}

dst_nents = sg_nents_for_len(req->dst, req->assoclen +
req->cryptlen +
(encrypt ? authsize :
(-authsize)));
dst_nents = sg_nents_for_len(req->dst, dst_len);
if (unlikely(dst_nents < 0)) {
dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : (-authsize)));
dst_len);
return ERR_PTR(dst_nents);
}
} else {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen +
(encrypt ? authsize : 0));
src_len = req->assoclen + req->cryptlen +
(encrypt ? authsize : 0);

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : 0));
src_len);
return ERR_PTR(src_nents);
}
}
Expand Down Expand Up @@ -1386,12 +1385,12 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,

sec4_sg_index = 0;
if (mapped_src_nents > 1) {
sg_to_sec4_sg_last(req->src, mapped_src_nents,
sg_to_sec4_sg_last(req->src, src_len,
edesc->sec4_sg + sec4_sg_index, 0);
sec4_sg_index += mapped_src_nents;
}
if (mapped_dst_nents > 1) {
sg_to_sec4_sg_last(req->dst, mapped_dst_nents,
sg_to_sec4_sg_last(req->dst, dst_len,
edesc->sec4_sg + sec4_sg_index, 0);
}

Expand Down Expand Up @@ -1756,11 +1755,11 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,
dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0);
}
if (dst_sg_idx)
sg_to_sec4_sg_last(req->src, mapped_src_nents, edesc->sec4_sg +
sg_to_sec4_sg_last(req->src, req->cryptlen, edesc->sec4_sg +
!!ivsize, 0);

if (mapped_dst_nents > 1) {
sg_to_sec4_sg_last(req->dst, mapped_dst_nents,
sg_to_sec4_sg_last(req->dst, req->cryptlen,
edesc->sec4_sg + dst_sg_idx, 0);
}

Expand Down
36 changes: 17 additions & 19 deletions drivers/crypto/caam/caamalg_qi.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -917,6 +917,7 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
GFP_KERNEL : GFP_ATOMIC;
int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
int src_len, dst_len = 0;
struct aead_edesc *edesc;
dma_addr_t qm_sg_dma, iv_dma = 0;
int ivsize = 0;
Expand All @@ -938,13 +939,13 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
}

if (likely(req->src == req->dst)) {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen +
(encrypt ? authsize : 0));
src_len = req->assoclen + req->cryptlen +
(encrypt ? authsize : 0);

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(qidev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : 0));
src_len);
qi_cache_free(edesc);
return ERR_PTR(src_nents);
}
Expand All @@ -957,23 +958,21 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
return ERR_PTR(-ENOMEM);
}
} else {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen);
src_len = req->assoclen + req->cryptlen;
dst_len = src_len + (encrypt ? authsize : (-authsize));

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(qidev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen);
src_len);
qi_cache_free(edesc);
return ERR_PTR(src_nents);
}

dst_nents = sg_nents_for_len(req->dst, req->assoclen +
req->cryptlen +
(encrypt ? authsize :
(-authsize)));
dst_nents = sg_nents_for_len(req->dst, dst_len);
if (unlikely(dst_nents < 0)) {
dev_err(qidev, "Insufficient bytes (%d) in dst S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : (-authsize)));
dst_len);
qi_cache_free(edesc);
return ERR_PTR(dst_nents);
}
Expand Down Expand Up @@ -1082,12 +1081,11 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
dma_to_qm_sg_one(sg_table + qm_sg_index, iv_dma, ivsize, 0);
qm_sg_index++;
}
sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + qm_sg_index, 0);
sg_to_qm_sg_last(req->src, src_len, sg_table + qm_sg_index, 0);
qm_sg_index += mapped_src_nents;

if (mapped_dst_nents > 1)
sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table +
qm_sg_index, 0);
sg_to_qm_sg_last(req->dst, dst_len, sg_table + qm_sg_index, 0);

qm_sg_dma = dma_map_single(qidev, sg_table, qm_sg_bytes, DMA_TO_DEVICE);
if (dma_mapping_error(qidev, qm_sg_dma)) {
Expand Down Expand Up @@ -1340,10 +1338,10 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req,
edesc->drv_req.drv_ctx = drv_ctx;

dma_to_qm_sg_one(sg_table, iv_dma, ivsize, 0);
sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + 1, 0);
sg_to_qm_sg_last(req->src, req->cryptlen, sg_table + 1, 0);

if (mapped_dst_nents > 1)
sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table +
sg_to_qm_sg_last(req->dst, req->cryptlen, sg_table +
dst_sg_idx, 0);

edesc->qm_sg_dma = dma_map_single(qidev, sg_table, edesc->qm_sg_bytes,
Expand Down
60 changes: 29 additions & 31 deletions drivers/crypto/caam/caamalg_qi2.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,7 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
GFP_KERNEL : GFP_ATOMIC;
int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
int src_len, dst_len = 0;
struct aead_edesc *edesc;
dma_addr_t qm_sg_dma, iv_dma = 0;
int ivsize = 0;
Expand All @@ -387,23 +388,21 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
}

if (unlikely(req->dst != req->src)) {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen);
src_len = req->assoclen + req->cryptlen;
dst_len = src_len + (encrypt ? authsize : (-authsize));

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(dev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen);
src_len);
qi_cache_free(edesc);
return ERR_PTR(src_nents);
}

dst_nents = sg_nents_for_len(req->dst, req->assoclen +
req->cryptlen +
(encrypt ? authsize :
(-authsize)));
dst_nents = sg_nents_for_len(req->dst, dst_len);
if (unlikely(dst_nents < 0)) {
dev_err(dev, "Insufficient bytes (%d) in dst S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : (-authsize)));
dst_len);
qi_cache_free(edesc);
return ERR_PTR(dst_nents);
}
Expand Down Expand Up @@ -434,13 +433,13 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
mapped_dst_nents = 0;
}
} else {
src_nents = sg_nents_for_len(req->src, req->assoclen +
req->cryptlen +
(encrypt ? authsize : 0));
src_len = req->assoclen + req->cryptlen +
(encrypt ? authsize : 0);

src_nents = sg_nents_for_len(req->src, src_len);
if (unlikely(src_nents < 0)) {
dev_err(dev, "Insufficient bytes (%d) in src S/G\n",
req->assoclen + req->cryptlen +
(encrypt ? authsize : 0));
src_len);
qi_cache_free(edesc);
return ERR_PTR(src_nents);
}
Expand Down Expand Up @@ -536,12 +535,11 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
dma_to_qm_sg_one(sg_table + qm_sg_index, iv_dma, ivsize, 0);
qm_sg_index++;
}
sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + qm_sg_index, 0);
sg_to_qm_sg_last(req->src, src_len, sg_table + qm_sg_index, 0);
qm_sg_index += mapped_src_nents;

if (mapped_dst_nents > 1)
sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table +
qm_sg_index, 0);
sg_to_qm_sg_last(req->dst, dst_len, sg_table + qm_sg_index, 0);

qm_sg_dma = dma_map_single(dev, sg_table, qm_sg_bytes, DMA_TO_DEVICE);
if (dma_mapping_error(dev, qm_sg_dma)) {
Expand Down Expand Up @@ -1159,10 +1157,10 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req)
edesc->qm_sg_bytes = qm_sg_bytes;

dma_to_qm_sg_one(sg_table, iv_dma, ivsize, 0);
sg_to_qm_sg_last(req->src, mapped_src_nents, sg_table + 1, 0);
sg_to_qm_sg_last(req->src, req->cryptlen, sg_table + 1, 0);

if (mapped_dst_nents > 1)
sg_to_qm_sg_last(req->dst, mapped_dst_nents, sg_table +
sg_to_qm_sg_last(req->dst, req->cryptlen, sg_table +
dst_sg_idx, 0);

edesc->qm_sg_dma = dma_map_single(dev, sg_table, edesc->qm_sg_bytes,
Expand Down Expand Up @@ -3422,9 +3420,9 @@ static int ahash_update_ctx(struct ahash_request *req)

if (to_hash) {
struct dpaa2_sg_entry *sg_table;
int src_len = req->nbytes - *next_buflen;

src_nents = sg_nents_for_len(req->src,
req->nbytes - (*next_buflen));
src_nents = sg_nents_for_len(req->src, src_len);
if (src_nents < 0) {
dev_err(ctx->dev, "Invalid number of src SG.\n");
return src_nents;
Expand Down Expand Up @@ -3465,7 +3463,7 @@ static int ahash_update_ctx(struct ahash_request *req)
goto unmap_ctx;

if (mapped_nents) {
sg_to_qm_sg_last(req->src, mapped_nents,
sg_to_qm_sg_last(req->src, src_len,
sg_table + qm_sg_src_index, 0);
if (*next_buflen)
scatterwalk_map_and_copy(next_buf, req->src,
Expand Down Expand Up @@ -3653,7 +3651,7 @@ static int ahash_finup_ctx(struct ahash_request *req)
if (ret)
goto unmap_ctx;

sg_to_qm_sg_last(req->src, mapped_nents, sg_table + qm_sg_src_index, 0);
sg_to_qm_sg_last(req->src, req->nbytes, sg_table + qm_sg_src_index, 0);

edesc->qm_sg_dma = dma_map_single(ctx->dev, sg_table, qm_sg_bytes,
DMA_TO_DEVICE);
Expand Down Expand Up @@ -3739,7 +3737,7 @@ static int ahash_digest(struct ahash_request *req)
struct dpaa2_sg_entry *sg_table = &edesc->sgt[0];

qm_sg_bytes = pad_sg_nents(mapped_nents) * sizeof(*sg_table);
sg_to_qm_sg_last(req->src, mapped_nents, sg_table, 0);
sg_to_qm_sg_last(req->src, req->nbytes, sg_table, 0);
edesc->qm_sg_dma = dma_map_single(ctx->dev, sg_table,
qm_sg_bytes, DMA_TO_DEVICE);
if (dma_mapping_error(ctx->dev, edesc->qm_sg_dma)) {
Expand Down Expand Up @@ -3882,9 +3880,9 @@ static int ahash_update_no_ctx(struct ahash_request *req)

if (to_hash) {
struct dpaa2_sg_entry *sg_table;
int src_len = req->nbytes - *next_buflen;

src_nents = sg_nents_for_len(req->src,
req->nbytes - *next_buflen);
src_nents = sg_nents_for_len(req->src, src_len);
if (src_nents < 0) {
dev_err(ctx->dev, "Invalid number of src SG.\n");
return src_nents;
Expand Down Expand Up @@ -3918,7 +3916,7 @@ static int ahash_update_no_ctx(struct ahash_request *req)
if (ret)
goto unmap_ctx;

sg_to_qm_sg_last(req->src, mapped_nents, sg_table + 1, 0);
sg_to_qm_sg_last(req->src, src_len, sg_table + 1, 0);

if (*next_buflen)
scatterwalk_map_and_copy(next_buf, req->src,
Expand Down Expand Up @@ -4037,7 +4035,7 @@ static int ahash_finup_no_ctx(struct ahash_request *req)
if (ret)
goto unmap;

sg_to_qm_sg_last(req->src, mapped_nents, sg_table + 1, 0);
sg_to_qm_sg_last(req->src, req->nbytes, sg_table + 1, 0);

edesc->qm_sg_dma = dma_map_single(ctx->dev, sg_table, qm_sg_bytes,
DMA_TO_DEVICE);
Expand Down Expand Up @@ -4107,9 +4105,9 @@ static int ahash_update_first(struct ahash_request *req)

if (to_hash) {
struct dpaa2_sg_entry *sg_table;
int src_len = req->nbytes - *next_buflen;

src_nents = sg_nents_for_len(req->src,
req->nbytes - (*next_buflen));
src_nents = sg_nents_for_len(req->src, src_len);
if (src_nents < 0) {
dev_err(ctx->dev, "Invalid number of src SG.\n");
return src_nents;
Expand Down Expand Up @@ -4144,7 +4142,7 @@ static int ahash_update_first(struct ahash_request *req)
if (mapped_nents > 1) {
int qm_sg_bytes;

sg_to_qm_sg_last(req->src, mapped_nents, sg_table, 0);
sg_to_qm_sg_last(req->src, src_len, sg_table, 0);
qm_sg_bytes = pad_sg_nents(mapped_nents) *
sizeof(*sg_table);
edesc->qm_sg_dma = dma_map_single(ctx->dev, sg_table,
Expand Down
15 changes: 7 additions & 8 deletions drivers/crypto/caam/caamhash.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -729,7 +729,7 @@ static int ahash_edesc_add_src(struct caam_hash_ctx *ctx,
unsigned int sgsize = sizeof(*sg) *
pad_sg_nents(first_sg + nents);

sg_to_sec4_sg_last(req->src, nents, sg + first_sg, 0);
sg_to_sec4_sg_last(req->src, to_hash, sg + first_sg, 0);

src_dma = dma_map_single(ctx->jrdev, sg, sgsize, DMA_TO_DEVICE);
if (dma_mapping_error(ctx->jrdev, src_dma)) {
Expand Down Expand Up @@ -788,9 +788,9 @@ static int ahash_update_ctx(struct ahash_request *req)

if (to_hash) {
int pad_nents;
int src_len = req->nbytes - *next_buflen;

src_nents = sg_nents_for_len(req->src,
req->nbytes - (*next_buflen));
src_nents = sg_nents_for_len(req->src, src_len);
if (src_nents < 0) {
dev_err(jrdev, "Invalid number of src SG.\n");
return src_nents;
Expand Down Expand Up @@ -835,7 +835,7 @@ static int ahash_update_ctx(struct ahash_request *req)
goto unmap_ctx;

if (mapped_nents)
sg_to_sec4_sg_last(req->src, mapped_nents,
sg_to_sec4_sg_last(req->src, src_len,
edesc->sec4_sg + sec4_sg_src_index,
0);
else
Expand Down Expand Up @@ -1208,9 +1208,9 @@ static int ahash_update_no_ctx(struct ahash_request *req)

if (to_hash) {
int pad_nents;
int src_len = req->nbytes - *next_buflen;

src_nents = sg_nents_for_len(req->src,
req->nbytes - *next_buflen);
src_nents = sg_nents_for_len(req->src, src_len);
if (src_nents < 0) {
dev_err(jrdev, "Invalid number of src SG.\n");
return src_nents;
Expand Down Expand Up @@ -1250,8 +1250,7 @@ static int ahash_update_no_ctx(struct ahash_request *req)
if (ret)
goto unmap_ctx;

sg_to_sec4_sg_last(req->src, mapped_nents,
edesc->sec4_sg + 1, 0);
sg_to_sec4_sg_last(req->src, src_len, edesc->sec4_sg + 1, 0);

if (*next_buflen) {
scatterwalk_map_and_copy(next_buf, req->src,
Expand Down
Loading

0 comments on commit 059d73e

Please sign in to comment.