Commit 987fd1a4 authored by Jack Xu's avatar Jack Xu Committed by Herbert Xu
Browse files

crypto: qat - optimize allocations for fw authentication 



The memory requested to hold the image data for authentication will
never exceed `ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN`. Therefore, we can
simplify the allocation by always requesting the maximum size needed for
any image.

Also introduce the following checks:
 * Ensure the allocated memory is 8-byte aligned to meet the
   requirements of the authentication firmware.
 * Prevent overflow when constructing the authentication descriptor.

Signed-off-by: default avatarJack Xu <jack.xu@intel.com>
Reviewed-by: default avatarAhsan Atta <ahsan.atta@intel.com>
Reviewed-by: default avatarGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: default avatarGiovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 0d5cb730

drivers/crypto/intel/qat/qat_common/icp_qat_uclo.h

+0 −8
Original line number Diff line number Diff line
@@ -43,7 +43,6 @@ 
#define ICP_QAT_SUOF_OBJS "SUF_OBJS"

#define ICP_QAT_SUOF_IMAG "SUF_IMAG"

#define ICP_QAT_SIMG_AE_INIT_SEQ_LEN    (50 * sizeof(unsigned long long))

#define ICP_QAT_SIMG_AE_INSTS_LEN       (0x4000 * sizeof(unsigned long long))



#define DSS_FWSK_MODULUS_LEN    384 /* RSA3K */

#define DSS_FWSK_EXPONENT_LEN   4
@@ -75,13 +74,6 @@ 
						DSS_SIGNATURE_LEN : \

						CSS_SIGNATURE_LEN)



#define ICP_QAT_CSS_AE_IMG_LEN     (sizeof(struct icp_qat_simg_ae_mode) + \

				    ICP_QAT_SIMG_AE_INIT_SEQ_LEN +         \

				    ICP_QAT_SIMG_AE_INSTS_LEN)

#define ICP_QAT_CSS_AE_SIMG_LEN(handle) (sizeof(struct icp_qat_css_hdr) + \

					ICP_QAT_CSS_FWSK_PUB_LEN(handle) + \

					ICP_QAT_CSS_SIGNATURE_LEN(handle) + \

					ICP_QAT_CSS_AE_IMG_LEN)

#define ICP_QAT_AE_IMG_OFFSET(handle) (sizeof(struct icp_qat_css_hdr) + \

					ICP_QAT_CSS_FWSK_MODULUS_LEN(handle) + \

					ICP_QAT_CSS_FWSK_EXPONENT_LEN(handle) + \

drivers/crypto/intel/qat/qat_common/qat_uclo.c

+19 −6
Original line number Diff line number Diff line 
// SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only)

/* Copyright(c) 2014 - 2020 Intel Corporation */

#include <linux/align.h>

#include <linux/slab.h>

#include <linux/ctype.h>

#include <linux/kernel.h>
@@ -1414,16 +1415,21 @@ static int qat_uclo_map_auth_fw(struct icp_qat_fw_loader_handle *handle, 
	struct icp_qat_fw_auth_desc *auth_desc;

	struct icp_qat_auth_chunk *auth_chunk;

	u64 virt_addr,  bus_addr, virt_base;

	unsigned int length, simg_offset = sizeof(*auth_chunk);

	unsigned int simg_offset = sizeof(*auth_chunk);

	struct icp_qat_simg_ae_mode *simg_ae_mode;

	struct icp_firml_dram_desc img_desc;

	int ret;



	length = (css_hdr->fw_type == CSS_AE_FIRMWARE) ?

		 ICP_QAT_CSS_AE_SIMG_LEN(handle) + simg_offset :

		 size + ICP_QAT_CSS_FWSK_PAD_LEN(handle) + simg_offset;

	if (qat_uclo_simg_alloc(handle, &img_desc, length)) {

	ret = qat_uclo_simg_alloc(handle, &img_desc, ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN);

	if (ret) {

		pr_err("QAT: error, allocate continuous dram fail\n");

		return -ENOMEM;

		return ret;

	}



	if (!IS_ALIGNED(img_desc.dram_size, 8) || !img_desc.dram_bus_addr) {

		pr_debug("QAT: invalid address\n");

		qat_uclo_simg_free(handle, &img_desc);

		return -EINVAL;

	}



	auth_chunk = img_desc.dram_base_addr_v;
@@ -1481,6 +1487,13 @@ static int qat_uclo_map_auth_fw(struct icp_qat_fw_loader_handle *handle, 
	auth_desc->img_high = (unsigned int)(bus_addr >> BITS_IN_DWORD);

	auth_desc->img_low = (unsigned int)bus_addr;

	auth_desc->img_len = size - ICP_QAT_AE_IMG_OFFSET(handle);

	if (bus_addr + auth_desc->img_len > img_desc.dram_bus_addr +

					    ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN) {

		pr_err("QAT: insufficient memory size for authentication data\n");

		qat_uclo_simg_free(handle, &img_desc);

		return -ENOMEM;

	}



	memcpy((void *)(uintptr_t)virt_addr,

	       (void *)(image + ICP_QAT_AE_IMG_OFFSET(handle)),

	       auth_desc->img_len);