14 years ago[NetLabel]: documentation
Paul Moore [Thu, 3 Aug 2006 23:45:49 +0000]
[NetLabel]: documentation

Documentation for the NetLabel system, this includes a basic overview
of how NetLabel works, how LSM developers can integrate it into their
favorite LSM, as well as documentation on the CIPSO related sysctl
variables.  Also, due to the difficulty of finding expired IETF
drafts, I am including the IETF CIPSO draft that is the basis of the
NetLabel CIPSO implementation.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.
Venkat Yekkirala [Fri, 28 Jul 2006 05:01:34 +0000]
[MLSXFRM]: Fix build with SECURITY_NETWORK_XFRM disabled.

The following patch will fix the build problem (encountered by Andrew
Morton) when SECURITY_NETWORK_XFRM is not enabled.

As compared to git-net-selinux_xfrm_decode_session-build-fix.patch in
-mm, this patch sets the return parameter sid to SECSID_NULL in
selinux_xfrm_decode_session() and handles this value in the caller
selinux_inet_conn_request() appropriately.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Auto-labeling of child sockets
Venkat Yekkirala [Tue, 25 Jul 2006 06:32:50 +0000]
[MLSXFRM]: Auto-labeling of child sockets

This automatically labels the TCP, Unix stream, and dccp child sockets
as well as openreqs to be at the same MLS level as the peer. This will
result in the selection of appropriately labeled IPSec Security
Associations.

This also uses the sock's sid (as opposed to the isec sid) in SELinux
enforcement of secmark in rcv_skb and postroute_last hooks.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Default labeling of socket specific IPSec policies
Venkat Yekkirala [Tue, 25 Jul 2006 06:32:20 +0000]
[MLSXFRM]: Default labeling of socket specific IPSec policies

This defaults the label of socket-specific IPSec policies to be the
same as the socket they are set on.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Add flow labeling
Venkat Yekkirala [Sat, 5 Aug 2006 06:12:42 +0000]
[MLSXFRM]: Add flow labeling

This labels the flows that could utilize IPSec xfrms at the points the
flows are defined so that IPSec policy and SAs at the right label can
be used.

The following protos are currently not handled, but they should
continue to be able to use single-labeled IPSec like they currently
do.

ipmr
ip_gre
ipip
igmp
sit
sctp
ip6_tunnel (IPv6 over IPv6 tunnel device)
decnet

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Add security context to acquire messages using PF_KEY
Venkat Yekkirala [Tue, 25 Jul 2006 06:31:14 +0000]
[MLSXFRM]: Add security context to acquire messages using PF_KEY

This includes the security context of a security association created
for use by IKE in the acquire messages sent to IKE daemons using
PF_KEY. This would allow the daemons to include the security context
in the negotiation, so that the resultant association is unique to
that security context.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Add security context to acquire messages using netlink
Serge Hallyn [Tue, 25 Jul 2006 06:30:44 +0000]
[MLSXFRM]: Add security context to acquire messages using netlink

This includes the security context of a security association created
for use by IKE in the acquire messages sent to IKE daemons using
netlink/xfrm_user. This would allow the daemons to include the
security context in the negotiation, so that the resultant association
is unique to that security context.

Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Flow based matching of xfrm policy and state
Venkat Yekkirala [Tue, 25 Jul 2006 06:29:07 +0000]
[MLSXFRM]: Flow based matching of xfrm policy and state

This implements a seemless mechanism for xfrm policy selection and
state matching based on the flow sid. This also includes the necessary
SELinux enforcement pieces.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Add security sid to flowi
Venkat Yekkirala [Tue, 25 Jul 2006 06:28:37 +0000]
[MLSXFRM]: Add security sid to flowi

This adds security to flow key for labeling of flows as also to allow
for making flow cache lookups based on the security label seemless.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Add security sid to sock
Venkat Yekkirala [Sat, 5 Aug 2006 06:08:56 +0000]
[MLSXFRM]: Add security sid to sock

This adds security for IP sockets at the sock level. Security at the
sock level is needed to enforce the SELinux security policy for
security associations even when a sock is orphaned (such as in the TCP
LAST_ACK state).

This will also be used to enforce SELinux controls over data arriving
at or leaving a child socket while it's still waiting to be accepted.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Define new SELinux service routine
Venkat Yekkirala [Tue, 25 Jul 2006 06:27:16 +0000]
[MLSXFRM]: Define new SELinux service routine

This defines a routine that combines the Type Enforcement portion of
one sid with the MLS portion from the other sid to arrive at a new
sid. This would be used to define a sid for a security association
that is to be negotiated by IKE as well as for determing the sid for
open requests and connection-oriented child sockets.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[MLSXFRM]: Granular IPSec associations for use in MLS environments
Venkat Yekkirala [Tue, 25 Jul 2006 06:26:30 +0000]
[MLSXFRM]: Granular IPSec associations for use in MLS environments

The current approach to labeling Security Associations for SELinux
purposes uses a one-to-one mapping between xfrm policy rules and
security associations.

This doesn't address the needs of real world MLS (Multi-level System,
traditional Bell-LaPadula) environments where a single xfrm policy
rule (pertaining to a range, classified to secret for example) might
need to map to multiple Security Associations (one each for
classified, secret, top secret and all the compartments applicable to
these security levels).

This patch set addresses the above problem by allowing for the mapping
of a single xfrm policy rule to multiple security associations, with
each association used in the security context it is defined for. It
also includes the security context to be used in IKE negotiation in
the acquire messages sent to the IKE daemon so that a unique SA can be
negotiated for each unique security context. A couple of bug fixes are
also included; checks to make sure the SAs used by a packet match
policy (security context-wise) on the inbound and also that the bundle
used for the outbound matches the security context of the flow. This
patch set also makes the use of the SELinux sid in flow cache lookups
seemless by including the sid in the flow key itself. Also, open
requests as well as connection-oriented child sockets are labeled
automatically to be at the same level as the peer to allow for use of
appropriately labeled IPSec associations.

Description of changes:

A "sid" member has been added to the flow cache key resulting in the
sid being available at all needed locations and the flow cache lookups
automatically using the sid. The flow sid is derived from the socket
on the outbound and the SAs (unlabeled where an SA was not used) on
the inbound.

Outbound case:
1. Find policy for the socket.

2. OLD: Find an SA that matches the policy.
 NEW: Find an SA that matches BOTH the policy and the flow/socket.
   This is necessary since not every SA that matches the policy
   can be used for the flow/socket. Consider policy range Secret-TS,
   and SAs each for Secret and TS. We don't want a TS socket to
   use the Secret SA. Hence the additional check for the SA Vs. flow/socket.

3. NEW: When looking thru bundles for a policy, make sure the
        flow/socket can use the bundle. If a bundle is not found,
        create one, calling for IKE if necessary. If using IKE,
        include the security context in the acquire message to the IKE
        daemon.

Inbound case:
1. OLD: Find policy for the socket.
 NEW: Find policy for the incoming packet based on the sid of the
      SA(s) it used or the unlabeled sid if no SAs were
      used. (Consider a case where a socket is "authorized" for two
      policies (unclassified-confidential, secret-top_secret). If the
      packet has come in using a secret SA, we really ought to be
      using the latter policy (secret-top_secret).)

2. OLD: BUG: No check to see if the SAs used by the packet agree with
             the policy sec_ctx-wise.

             (It was indicated in selinux_xfrm_sock_rcv_skb() that
              this was being accomplished by
              (x->id.spi == tmpl->id.spi || !tmpl->id.spi) in xfrm_state_ok,
      but it turns out tmpl->id.spi
              would normally be zero (unless xfrm policy rules specify one
              at the template level, which they usually don't).
 NEW: The socket is checked for access to the SAs used (based on the
      sid of the SAs) in selinux_xfrm_sock_rcv_skb().

Forward case:
 This would be Step 1 from the Inbound case, followed by Steps 2 and 3
from the Outbound case.

Outstanding items/issues:

- Timewait acknowledgements and such are generated in the
  current/upstream implementation using a NULL socket resulting in the
  any_socket sid (SYSTEM_HIGH) to be used. This problem is not addressed
  by this patch set.

This patch: Add new flask definitions to SELinux

Adds a new avperm "polmatch" to arbitrate flow/state access to a xfrm
policy rule.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years agoMerge git://git.infradead.org/~dwmw2/hdroneline
Linus Torvalds [Fri, 22 Sep 2006 19:56:22 +0000]
Merge git://git.infradead.org/~dwmw2/hdroneline

* git://git.infradead.org/~dwmw2/hdroneline:
  [HEADERS] One line per header in Kbuild files to reduce conflicts

Manual (trivial) conflict resolution in include/asm-s390/Kbuild

14 years agoMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfashe...
Linus Torvalds [Fri, 22 Sep 2006 19:52:16 +0000]
Merge branch 'upstream-linus' of git://git./linux/kernel/git/mfasheh/ocfs2

* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
  ocfs2: Remove overzealous BUG_ON()
  ocfs2: Don't print on unknown remote blocking call
  ocfs2: Remove EXPERIMENTAL dependency
  ocfs2: implement directory read-ahead
  ocfs2: properly update i_mtime on buffered write
  ocfs2: Fix directory link count checks in ocfs2_link()
  ocfs2: move nlink check in ocfs2_mknod()
  ocfs2: Fix heartbeat sector calculation
  [PATCH] fs/ocfs2/ioctl.c should #include "ioctl.h"
  ocfs2: add ext2 attributes
  configfs: Prevent duplicate subsystem names.

14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Linus Torvalds [Fri, 22 Sep 2006 19:51:33 +0000]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (64 commits)
  [BLOCK] dm-crypt: trivial comment improvements
  [CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available
  [CRYPTO] padlock: Convert padlock-sha to use crypto_hash
  [CRYPTO] users: Use crypto_comp and crypto_has_*
  [CRYPTO] api: Add crypto_comp and crypto_has_*
  [CRYPTO] users: Use crypto_hash interface instead of crypto_digest
  [SCSI] iscsi: Use crypto_hash interface instead of crypto_digest
  [CRYPTO] digest: Remove old HMAC implementation
  [CRYPTO] doc: Update documentation for hash and me
  [SCTP]: Use HMAC template and hash interface
  [IPSEC]: Use HMAC template and hash interface
  [CRYPTO] tcrypt: Use HMAC template and hash interface
  [CRYPTO] hmac: Add crypto template implementation
  [CRYPTO] digest: Added user API for new hash type
  [CRYPTO] api: Mark parts of cipher interface as deprecated
  [PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument
  [CRYPTO] drivers: Remove obsolete block cipher operations
  [CRYPTO] users: Use block ciphers where applicable
  [SUNRPC] GSS: Use block ciphers where applicable
  [IPSEC] ESP: Use block ciphers where applicable
  ...

14 years agoMerge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
Linus Torvalds [Fri, 22 Sep 2006 19:50:35 +0000]
Merge branch 'for-linus' of git://git390.osdl.marist.edu/linux-2.6

* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits)
  [S390] hypfs crashes with invalid mount option.
  [S390] cio: subchannel evaluation function operates without lock
  [S390] cio: always query all paths on path verification.
  [S390] cio: update path groups on logical CHPID changes.
  [S390] cio: subchannels in no-path state.
  [S390] Replace nopav-message on VM.
  [S390] set modalias for ccw bus uevents.
  [S390] Get rid of DBG macro.
  [S390] Use alternative user-copy operations for new hardware.
  [S390] Make user-copy operations run-time configurable.
  [S390] Cleanup in signal handling code.
  [S390] Cleanup in page table related code.
  [S390] Linux API for writing z/VM APPLDATA Monitor records.
  [S390] xpram off by one error.
  [S390] Remove kexec experimental flag.
  [S390] cleanup appldata.
  [S390] fix typo in vmcp.
  [S390] Kernel stack overflow handling.
  [S390] qdio slsb processing state.
  [S390] Missing initialization in common i/o layer.
  ...

14 years agoMerge git://git.infradead.org/mtd-2.6
Linus Torvalds [Fri, 22 Sep 2006 19:49:18 +0000]
Merge git://git.infradead.org/mtd-2.6

* git://git.infradead.org/mtd-2.6:
  Remove accidentally-added include/linux/utsrelease.h
  Revert "[MTD] blkdev helper code: fix printk format warning"
  [MTD] Add SSFDC (SmartMedia) read-only translation layer
  [MTD] pmc551 pci cleanup
  [MTD] pmc551 use kzalloc
  [MTD] pmc551 whitespace cleanup
  [MTD] Remove iq80310 map driver
  [MTD NAND] Fix in typo ndfc.c causing wrong ECC layout
  [MTD] physmap: add power management support
  ioremap balanced with iounmap for drivers/mtd subsystem
  [MTD] Switch to pci_get_device and do ref counting
  [MTD] blkdev helper code: fix printk format warning
  [MTD] Fix ixp4xx partition parsing.
  [JFFS2] Remove unneeded ifdefs from jffs2_fs_i.h
  [MTD NAND] Remove old code in au1550nd.c
  [MTD] Unlock NOR flash automatically where necessary

14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
Linus Torvalds [Fri, 22 Sep 2006 19:48:03 +0000]
Merge git://git./linux/kernel/git/paulus/powerpc

* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (114 commits)
  [POWERPC] Fix ohare IDE irq workaround on old powermacs
  [POWERPC] EEH: Power4 systems sometimes need multiple resets.
  [POWERPC] Include <asm/mmu.h> in arch/powerpc/sysdev/fsl_soc.h for phys_addr_t.
  [POWERPC] Demacrofy arch/powerpc/platforms/maple/pci.c
  [POWERPC] Maple U3 HT - reject inappropriate config space access
  [POWERPC] Fix IPIC pending register assignments
  [POWERPC] powerpc: fix building gdb against asm/ptrace.h
  [POWERPC] Remove DISCONTIGMEM cruft from page.h
  [POWERPC] Merge iSeries i/o operations with the rest
  [POWERPC] 40x: Fix debug status register defines
  [POWERPC] Fix compile error in sbc8560
  [POWERPC] EEH: support MMIO enable recovery step
  [POWERPC] EEH: enable MMIO/DMA on frozen slot
  [POWERPC] EEH: code comment cleanup
  [POWERPC] EEH: balance pcidev_get/put calls
  [POWERPC] PPC: Fix xmon stack frame address in backtrace
  [POWERPC] Add AT_PLATFORM value for Xilinx Virtex-4 FX
  [POWERPC] Start arch/powerpc/boot code reorganization
  [POWERPC] Define of_read_ulong helper
  [POWERPC] iseries: eliminate a couple of warnings
  ...

14 years agoRemove accidentally-added include/linux/utsrelease.h
David Woodhouse [Fri, 22 Sep 2006 17:41:20 +0000]
Remove accidentally-added include/linux/utsrelease.h

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years agoRevert "[MTD] blkdev helper code: fix printk format warning"
David Woodhouse [Fri, 22 Sep 2006 10:05:42 +0000]
Revert "[MTD] blkdev helper code: fix printk format warning"

This reverts commit 668040fcd1e06fc3e68a92708cbdfa5a52c37d3c.

The 'flags' field of the struct request is 'unsigned long'. Quite
how Randy came to see 'long int format, different type arg' I don't
know, but it doesn't seem to be the case any more.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] Add SSFDC (SmartMedia) read-only translation layer
Claudio Lanconelli [Fri, 22 Sep 2006 10:01:37 +0000]
[MTD] Add SSFDC (SmartMedia) read-only translation layer

Signed-off-by: Claudio Lanconelli <lanconelli.claudio@eptar.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] pmc551 pci cleanup
Jiri Slaby [Tue, 19 Sep 2006 19:55:28 +0000]
[MTD] pmc551 pci cleanup

Use pci_resource_start for getting start of regions and pci_iomap to not
doing this directly by using dev->resource... (Thanks to Rolf Eike Beer)

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] pmc551 use kzalloc
Jiri Slaby [Tue, 19 Sep 2006 19:55:18 +0000]
[MTD] pmc551 use kzalloc

Use kzalloc instad of kmalloc+memset(0).

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] pmc551 whitespace cleanup
Jiri Slaby [Tue, 19 Sep 2006 19:55:06 +0000]
[MTD] pmc551 whitespace cleanup

Spaces were used for indent, there was more than 80 columns per line. Get
rid of that stuff.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] Remove iq80310 map driver
Lennert Buytenhek [Thu, 21 Sep 2006 01:47:48 +0000]
[MTD] Remove iq80310 map driver

The iq80310 mtd map driver depends on ARCH_IQ80310, which isn't
defined anywhere in the tree (as we don't have 80310 support), and
furthermore, everything the driver does can be done with physmap
instead.

Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD NAND] Fix in typo ndfc.c causing wrong ECC layout
Frank Haverkamp [Wed, 20 Sep 2006 15:24:52 +0000]
[MTD NAND] Fix in typo ndfc.c causing wrong ECC layout

Due to this typo, a wrong ECC layout table is chosen.

Signed-off-by: Frank Haverkamp <haver@vnet.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] physmap: add power management support
Lennert Buytenhek [Thu, 21 Sep 2006 21:16:48 +0000]
[MTD] physmap: add power management support

Implement PM handling for physmap.  Idea from Steven Scholz, patch
by David Anders.

Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years agoioremap balanced with iounmap for drivers/mtd subsystem
Amol Lad [Thu, 21 Sep 2006 12:42:43 +0000]
ioremap balanced with iounmap for drivers/mtd subsystem

ioremap must be balanced by an iounmap and failing to do so can result
in a memory leak.

Tested (compilation only) with:
- allmodconfig
- Modifying drivers/mtd/maps/Kconfig and drivers/mtd/nand/Kconfig to
make sure that the changed file is compiling without warning

Signed-off-by: Amol Lad <amol@verismonetworks.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] Switch to pci_get_device and do ref counting
Alan Cox [Fri, 22 Sep 2006 09:19:20 +0000]
[MTD] Switch to pci_get_device and do ref counting

Signed-off-by: Alan Cox <alan@redhat.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] blkdev helper code: fix printk format warning
Randy Dunlap [Fri, 22 Sep 2006 09:17:28 +0000]
[MTD] blkdev helper code: fix printk format warning

Fix printk format warning(s):
drivers/mtd/mtd_blkdevs.c:72: warning: long int format, different type arg (arg 2)

Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] Fix ixp4xx partition parsing.
Brian Walsh [Fri, 22 Sep 2006 09:16:16 +0000]
[MTD] Fix ixp4xx partition parsing.

If the amount of flash is not divisible by 2 then the mask in
parse_mtd_partitions would fail to work as designed.  Passing in the base
address corrects this problem.

Signed-off-by: Brian Walsh <brian@walsh.ws>
Cc: Deepak Sanexa <dsanexa@mvista.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[JFFS2] Remove unneeded ifdefs from jffs2_fs_i.h
Michal Piotrowski [Fri, 22 Sep 2006 09:13:46 +0000]
[JFFS2] Remove unneeded ifdefs from jffs2_fs_i.h

We certainly don't need the check for Linux version > 2.5.2, and in fact
we can also live without the __ECOS check, since we can just add it back
in the eCos git tree which is automatically derived from the Linux fs/jffs2
subdirectory in the upstream git tree.

Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD NAND] Remove old code in au1550nd.c
Michal Piotrowski [Fri, 22 Sep 2006 09:09:44 +0000]
[MTD NAND] Remove old code in au1550nd.c

Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[MTD] Unlock NOR flash automatically where necessary
Håvard Skinnemoen [Fri, 22 Sep 2006 09:07:08 +0000]
[MTD] Unlock NOR flash automatically where necessary

Introduce the MTD_STUPID_LOCK flag which indicates that the flash chip is
always locked after power-up, so all sectors need to be unlocked before it
is usable.

If this flag is set, and the chip provides an unlock() operation,
mtd_add_device will unlock the whole MTD device if it's writeable.  This
means that non-writeable partitions will stay locked.

Set MTD_STUPID_LOCK in fixup_use_atmel_lock() so that these chips will work
as expected.

Signed-off-by: Håvard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

14 years ago[POWERPC] Fix ohare IDE irq workaround on old powermacs
Benjamin Herrenschmidt [Fri, 22 Sep 2006 02:56:30 +0000]
[POWERPC] Fix ohare IDE irq workaround on old powermacs

Looks like a workaround for old bogus OF bitrot...  This fixes it and
hence fixes boot on some performa machines.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] EEH: Power4 systems sometimes need multiple resets.
Linas Vepstas [Thu, 21 Sep 2006 23:25:56 +0000]
[POWERPC] EEH: Power4 systems sometimes need multiple resets.

On detection of an EEH error, some Power4 systems seem to occasionally
want to be reset twice before they report themselves as fully recovered.
This patch re-arranges the code to attempt additional resets if the first
one doesn't take.

Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Include <asm/mmu.h> in arch/powerpc/sysdev/fsl_soc.h for phys_addr_t.
Scott Wood [Thu, 21 Sep 2006 18:11:52 +0000]
[POWERPC] Include <asm/mmu.h> in arch/powerpc/sysdev/fsl_soc.h for phys_addr_t.

This patch causes fsl_soc.h to import the definition of phys_addr_t
itself, rather than relying on its includer to do so.

Signed-off-by: Scott Wood <scott@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Demacrofy arch/powerpc/platforms/maple/pci.c
Nathan Lynch [Thu, 21 Sep 2006 19:31:13 +0000]
[POWERPC] Demacrofy arch/powerpc/platforms/maple/pci.c

Noticed that the U3_*CFA macros have some typos:

#define U3_HT_CFA0(devfn, off) \
((((unsigned long)devfn) << 8) | offset)

(refers to offset rather than off)

#define U3_AGP_CFA0(devfn, off) \
((1 << (unsigned long)PCI_SLOT(dev_fn)) \
| (((unsigned long)PCI_FUNC(dev_fn)) << 8) \

(refers to dev_fn rather than devfn)

Things happen to work, but there doesn't seem to be any reason these
shouldn't be functions.  Overall behavior should be unchanged.

Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Maple U3 HT - reject inappropriate config space access
Nathan Lynch [Thu, 21 Sep 2006 19:25:34 +0000]
[POWERPC] Maple U3 HT - reject inappropriate config space access

When there is a PCI-X mode 2 capable device behind the HT<->PCI-X
bridge, the pci core decides that the device has the extended 4K
config space, even though the bus is not operating in mode 2.  This is
because the u3_ht pci ops silently accept offsets greater than 255 but
use only the 8 least significant bits, which means reading at offset
0x100 gets the data at offset 0x0, and causes confusion for lspci.

Reject accesses to configuration space offsets greater than 255.

Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Fix IPIC pending register assignments
Scott Wood [Thu, 21 Sep 2006 18:10:51 +0000]
[POWERPC] Fix IPIC pending register assignments

This patch fixes the assignment of pending registers to IRQ numbers for
the IPIC; the code previously assigned all IRQs to the high pending word
regardless of which word the interrupt belonged to.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] powerpc: fix building gdb against asm/ptrace.h
Arnd Bergmann [Thu, 21 Sep 2006 10:29:51 +0000]
[POWERPC] powerpc: fix building gdb against asm/ptrace.h

Ulrich Weigand found a bug with the current version of the
asm-powerpc/ptrace.h that prevents building at least the
SPU target version of gdb, since some ptrace opcodes are
not defined.

The problem seems to have originated in the merging of 32 and
64 bit versions of that file, the problem is that some opcodes
are only valid on 64 bit kernels, but are also used by 32 bit
programs, so they can't depends on the __powerpc64__ symbol.

Signed-off-by: Arnd Bergmann <arnd.bergmann@de.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Remove DISCONTIGMEM cruft from page.h
Michael Ellerman [Thu, 21 Sep 2006 08:21:35 +0000]
[POWERPC] Remove DISCONTIGMEM cruft from page.h

This looks like cruft to me, these functions don't exist AFAICT,
and I can't see that it's possible to even enable DISCONTIGMEM on
powerpc anymore. CC'ing some folks who might know better, based on
the who-touched-it-last principle.

Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Merge iSeries i/o operations with the rest
Stephen Rothwell [Thu, 21 Sep 2006 08:00:00 +0000]
[POWERPC] Merge iSeries i/o operations with the rest

This patch changes the io operations so that they are out of line if
CONFIG_PPC_ISERIES is set and includes a firmware feature check in
that case.

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] 40x: Fix debug status register defines
Josh Boyer [Wed, 20 Sep 2006 14:11:59 +0000]
[POWERPC] 40x: Fix debug status register defines

This fixes some debug register defines on PPC 40x that were incorrect.

Signed-off-by: Josh Boyer <jdub@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Fix compile error in sbc8560
Amy Fong [Tue, 19 Sep 2006 03:07:24 +0000]
[POWERPC] Fix compile error in sbc8560

The following fixes compile errors in sbc8560.

Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] EEH: support MMIO enable recovery step
Linas Vepstas [Fri, 15 Sep 2006 23:58:59 +0000]
[POWERPC] EEH: support MMIO enable recovery step

Update to the PowerPC PCI error recovery code.

Add code to enable MMIO if a device driver reports that it is capable
of recovering on its own.  One anticipated use of this having a device
driver enable MMIO so that it can take a register dump, which might
then be followed by the device driver requesting a full reset.

Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] EEH: enable MMIO/DMA on frozen slot
Linas Vepstas [Fri, 15 Sep 2006 23:57:42 +0000]
[POWERPC] EEH: enable MMIO/DMA on frozen slot

Add wrapper around the rtas call to enable MMIO or DMA on a frozen pci
slot.

Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] EEH: code comment cleanup
Linas Vepstas [Fri, 15 Sep 2006 23:56:35 +0000]
[POWERPC] EEH: code comment cleanup

Clean up subroutine documentation; mostly formatting changes, with
some new content.

Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] EEH: balance pcidev_get/put calls
Linas Vepstas [Fri, 15 Sep 2006 23:55:34 +0000]
[POWERPC] EEH: balance pcidev_get/put calls

This corrects a pci_dev get/put imbalance that can occur only in
highly unlikely situations (kmalloc failures, pci devices with
overlapping resource addresses).  No actual failures seen, this was
spotted during code review.

Signed-off-by: Linas Vepstas <linas@austin.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] PPC: Fix xmon stack frame address in backtrace
Josh Boyer [Fri, 15 Sep 2006 19:53:10 +0000]
[POWERPC] PPC: Fix xmon stack frame address in backtrace

The stack frame address was being printed incorrectly in the backtrace
option of XMON on PPC.  This patch fixes it to print the actual stack
address instead of the address of the local variable that contains it.

Signed-off-by: Josh Boyer <jdub@us.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[POWERPC] Add AT_PLATFORM value for Xilinx Virtex-4 FX
Peter Bergner [Thu, 14 Sep 2006 19:18:38 +0000]
[POWERPC] Add AT_PLATFORM value for Xilinx Virtex-4 FX

Jakub noticed the cputable.c entry for Xilinx Virtex-4 FX was missing
a .platform value, so the AT_PLATFORM value wouldn't be set correctly.
This adds it.

Signed-off-by: Peter Bergner <bergner@vnet.ibm.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

14 years ago[BLOCK] dm-crypt: trivial comment improvements
Rik Snel [Sat, 2 Sep 2006 08:17:33 +0000]
[BLOCK] dm-crypt: trivial comment improvements

Just some minor comment nits.

- little-endian is better than low-endian
- and since it is called essiv everywere it should also be essiv
  in the comments (and not ess_iv)

Signed-off-by: Rik Snel <rsnel@cube.dyndns.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available
Herbert Xu [Sat, 26 Aug 2006 08:44:31 +0000]
[CRYPTO] api: Deprecate crypto_digest_* and crypto_alg_available

This patch marks the crypto_digest_* functions and crypto_alg_available
as deprecated.  They've been replaced by crypto_hash_* and crypto_has_*
respectively.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Convert padlock-sha to use crypto_hash
Herbert Xu [Sat, 26 Aug 2006 08:34:10 +0000]
[CRYPTO] padlock: Convert padlock-sha to use crypto_hash

This patch converts padlock-sha to use crypto_hash for its fallback.
It also changes the fallback selection to use selection by type instead
of name.  This is done through the new CRYPTO_ALG_NEED_FALLBACK bit,
which is set if and only if an algorithm needs a fallback of the same
type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] users: Use crypto_comp and crypto_has_*
Herbert Xu [Sat, 26 Aug 2006 08:12:40 +0000]
[CRYPTO] users: Use crypto_comp and crypto_has_*

This patch converts all users to use the new crypto_comp type and the
crypto_has_* functions.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Add crypto_comp and crypto_has_*
Herbert Xu [Sat, 26 Aug 2006 07:35:45 +0000]
[CRYPTO] api: Add crypto_comp and crypto_has_*

This patch adds the crypto_comp type to complete the compile-time checking
conversion.  The functions crypto_has_alg and crypto_has_cipher, etc. are
also added to replace crypto_alg_available.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] users: Use crypto_hash interface instead of crypto_digest
Herbert Xu [Thu, 24 Aug 2006 09:10:20 +0000]
[CRYPTO] users: Use crypto_hash interface instead of crypto_digest

This patch converts all remaining crypto_digest users to use the new
crypto_hash interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[SCSI] iscsi: Use crypto_hash interface instead of crypto_digest
Herbert Xu [Thu, 24 Aug 2006 08:45:50 +0000]
[SCSI] iscsi: Use crypto_hash interface instead of crypto_digest

This patch converts ISCSI to use the new crypto_hash interface instead
of crypto_digest.  It's a fairly straightforward substitution.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] digest: Remove old HMAC implementation
Herbert Xu [Sun, 20 Aug 2006 05:25:22 +0000]
[CRYPTO] digest: Remove old HMAC implementation

This patch removes the old HMAC implementation now that nobody uses it
anymore.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[CRYPTO] doc: Update documentation for hash and me
Herbert Xu [Sun, 20 Aug 2006 05:17:04 +0000]
[CRYPTO] doc: Update documentation for hash and me

This patch updates the documentation to reflect the switch from digest
to hash.  It also replaces notes about emailing James Morris to refer
to me instead.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[SCTP]: Use HMAC template and hash interface
Herbert Xu [Sun, 20 Aug 2006 05:07:14 +0000]
[SCTP]: Use HMAC template and hash interface

This patch converts SCTP to use the new HMAC template and hash interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[IPSEC]: Use HMAC template and hash interface
Herbert Xu [Sun, 20 Aug 2006 04:24:50 +0000]
[IPSEC]: Use HMAC template and hash interface

This patch converts IPsec to use the new HMAC template.  The names of
existing simple digest algorithms may still be used to refer to their
HMAC composites.

The same structure can be used by other MACs such as AES-XCBC-MAC.

This patch also switches from the digest interface to hash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[CRYPTO] tcrypt: Use HMAC template and hash interface
Herbert Xu [Sat, 19 Aug 2006 11:38:49 +0000]
[CRYPTO] tcrypt: Use HMAC template and hash interface

This patch converts tcrypt to use the new HMAC template rather than the
hard-coded version of HMAC.  It also converts all digest users to use
the new cipher interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[CRYPTO] hmac: Add crypto template implementation
Herbert Xu [Mon, 21 Aug 2006 10:50:52 +0000]
[CRYPTO] hmac: Add crypto template implementation

This patch rewrites HMAC as a crypto template.  This means that HMAC is no
longer a hard-coded part of the API.  It's now a template that generates
standard digest algorithms like any other.

The old HMAC is preserved until all current users are converted.

The same structure can be used by other MACs such as AES-XCBC-MAC.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

14 years ago[CRYPTO] digest: Added user API for new hash type
Herbert Xu [Sat, 19 Aug 2006 12:24:23 +0000]
[CRYPTO] digest: Added user API for new hash type

The existing digest user interface is inadequate for support asynchronous
operations.  For one it doesn't return a value to indicate success or
failure, nor does it take a per-operation descriptor which is essential
for the issuing of requests while other requests are still outstanding.

This patch is the first in a series of steps to remodel the interface
for asynchronous operations.

For the ease of transition the new interface will be known as "hash"
while the old one will remain as "digest".

This patch also changes sg_next to allow chaining.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Mark parts of cipher interface as deprecated
Herbert Xu [Mon, 21 Aug 2006 11:40:49 +0000]
[CRYPTO] api: Mark parts of cipher interface as deprecated

Mark the parts of the cipher interface that have been replaced by
block ciphers as deprecated.  Thanks to Andrew Morton for suggesting
doing this before removing them completely.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument
Herbert Xu [Mon, 14 Aug 2006 13:11:53 +0000]
[PATCH] scatterlist: Add const to sg_set_buf/sg_init_one pointer argument

This patch adds a const modifier to the buf argument of sg_set_buf and
sg_init_one.  This lets people call it with pointers that are const.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] drivers: Remove obsolete block cipher operations
Herbert Xu [Sat, 5 Aug 2006 06:28:19 +0000]
[CRYPTO] drivers: Remove obsolete block cipher operations

This patch removes obsolete block operations of the simple cipher type
from drivers.  These were preserved so that existing users can make a
smooth transition.  Now that the transition is complete, they are no
longer needed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] users: Use block ciphers where applicable
Herbert Xu [Tue, 22 Aug 2006 10:36:13 +0000]
[CRYPTO] users: Use block ciphers where applicable

This patch converts all remaining users to use the new block cipher type
where applicable.  It also changes all simple cipher operations to use
the new encrypt_one/decrypt_one interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[SUNRPC] GSS: Use block ciphers where applicable
Herbert Xu [Tue, 22 Aug 2006 10:33:54 +0000]
[SUNRPC] GSS: Use block ciphers where applicable

This patch converts SUNRPC/GSS to use the new block cipher type where
applicable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[IPSEC] ESP: Use block ciphers where applicable
Herbert Xu [Sun, 30 Jul 2006 05:41:01 +0000]
[IPSEC] ESP: Use block ciphers where applicable

This patch converts IPSec/ESP to use the new block cipher type where
applicable.  Similar to the HMAC conversion, existing algorithm names
have been kept for compatibility.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[IPSEC]: Add compatibility algorithm name support
Herbert Xu [Sat, 12 Aug 2006 22:50:00 +0000]
[IPSEC]: Add compatibility algorithm name support

This patch adds a compatibility name field for each IPsec algorithm.  This
is needed when parameterised algorithms are used.  For example, "md5" will
become "hmac(md5)", and "aes" will become "cbc(aes)".

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[BLOCK] dm-crypt: Use block ciphers where applicable
Herbert Xu [Tue, 22 Aug 2006 10:29:17 +0000]
[BLOCK] dm-crypt: Use block ciphers where applicable

This patch converts dm-crypt to use the new block cipher type where
applicable.  It also changes simple cipher operations to use the new
encrypt_one/decrypt_one interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[BLOCK] cryptoloop: Use block ciphers where applicable
Herbert Xu [Thu, 21 Sep 2006 01:45:53 +0000]
[BLOCK] cryptoloop: Use block ciphers where applicable

This patch converts cryptoloop to use the new block cipher type where
applicable.  As a result the ECB-specific and CBC-specific transfer
functions have been merged.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] tcrypt: Use block ciphers where applicable
Herbert Xu [Sat, 12 Aug 2006 22:26:09 +0000]
[CRYPTO] tcrypt: Use block ciphers where applicable

This patch converts tcrypt to use the new block cipher type where
applicable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] s390: Added block cipher versions of CBC/ECB
Herbert Xu [Mon, 21 Aug 2006 11:39:24 +0000]
[CRYPTO] s390: Added block cipher versions of CBC/ECB

This patch adds block cipher algorithms for S390.  Once all users of the
old cipher type have been converted the existing CBC/ECB non-block cipher
operations will be removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Added block cipher versions of CBC/ECB
Herbert Xu [Mon, 21 Aug 2006 11:38:42 +0000]
[CRYPTO] padlock: Added block cipher versions of CBC/ECB

This patch adds block cipher algorithms for cbc(aes) and ecb(aes) for
the PadLock device.  Once all users to the old cipher type have been
converted the old cbc/ecb PadLock operations will be removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] cipher: Added block ciphers for CBC/ECB
Herbert Xu [Thu, 21 Sep 2006 01:44:08 +0000]
[CRYPTO] cipher: Added block ciphers for CBC/ECB

This patch adds two block cipher algorithms, CBC and ECB.  These
are implemented as templates on top of existing single-block cipher
algorithms.  They invoke the single-block cipher through the new
encrypt_one/decrypt_one interface.

This also optimises the in-place encryption and decryption to remove
the cost of an IV copy each round.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] cipher: Added block cipher type
Herbert Xu [Mon, 21 Aug 2006 14:07:53 +0000]
[CRYPTO] cipher: Added block cipher type

This patch adds the new type of block ciphers.  Unlike current cipher
algorithms which operate on a single block at a time, block ciphers
operate on an arbitrarily long linear area of data.  As it is block-based,
it will skip any data remaining at the end which cannot form a block.

The block cipher has one major difference when compared to the existing
block cipher implementation.  The sg walking is now performed by the
algorithm rather than the cipher mid-layer.  This is needed for drivers
that directly support sg lists.  It also improves performance for all
algorithms as it reduces the total number of indirect calls by one.

In future the existing cipher algorithm will be converted to only have
a single-block interface.  This will be done after all existing users
have switched over to the new block cipher type.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] scatterwalk: Prepare for block ciphers
Herbert Xu [Sat, 12 Aug 2006 11:56:17 +0000]
[CRYPTO] scatterwalk: Prepare for block ciphers

This patch prepares the scatterwalk code for use by the new block cipher
type.

Firstly it halves the size of scatter_walk on 32-bit platforms.  This
is important as we allocate at least two of these objects on the stack
for each block cipher operation.

It also exports the symbols since the block cipher code can be built as
a module.

Finally there is a hack in scatterwalk_unmap that relies on progress
being made.  Unfortunately, for hardware crypto we can't guarantee
progress to be made since the hardware can fail.

So this also gets rid of the hack by not advancing the address returned
by scatterwalk_map.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] cipher: Added encrypt_one/decrypt_one
Herbert Xu [Sun, 13 Aug 2006 10:58:18 +0000]
[CRYPTO] cipher: Added encrypt_one/decrypt_one

This patch adds two new operations for the simple cipher that encrypts or
decrypts a single block at a time.  This will be the main interface after
the existing block operations have moved over to the new block ciphers.

It also adds the crypto_cipher type which is currently only used on the
new operations but will be extended to setkey as well once existing users
have been converted to use block ciphers where applicable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Added crypto_type support
Herbert Xu [Mon, 21 Aug 2006 14:06:54 +0000]
[CRYPTO] api: Added crypto_type support

This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.

The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Feed flag directly to crypto_yield
Herbert Xu [Sun, 30 Jul 2006 01:53:45 +0000]
[CRYPTO] api: Feed flag directly to crypto_yield

The sleeping flag used to determine whether crypto_yield can actually
yield is really a per-operation flag rather than a per-tfm flag.  This
patch changes crypto_yield to take a flag directly so that we can start
using a per-operation flag instead the tfm flag.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Added crypto_alloc_base
Herbert Xu [Sun, 30 Jul 2006 01:53:01 +0000]
[CRYPTO] api: Added crypto_alloc_base

Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types.  As a result of that, we check the types at run-time before
each crypto operation.

This is rather cumbersome.  We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time.  That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm.  The appropriate type would then be required for the
actual operations such as crypto_digest_digest.

Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants.  However, crypto_alloc_tfm currently does not expose these new
attributes.

This patch introduces the function crypto_alloc_base which will carry
these new parameters.  It will be renamed to crypto_alloc_tfm once
all existing users have been converted.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] s390: Added missing driver name and priority
Herbert Xu [Mon, 21 Aug 2006 11:18:50 +0000]
[CRYPTO] s390: Added missing driver name and priority

Accelerated versions of crypto algorithms must carry a distinct driver name
and priority in order to distinguish themselves from their generic counter-
part.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Added asynchronous flag
Herbert Xu [Sun, 6 Aug 2006 13:12:59 +0000]
[CRYPTO] api: Added asynchronous flag

This patch adds the asynchronous flag and changes all existing users to
only look up algorithms that are synchronous.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Add common instance initialisation code
Herbert Xu [Sun, 6 Aug 2006 13:10:45 +0000]
[CRYPTO] api: Add common instance initialisation code

This patch adds the helpers crypto_get_attr_alg and crypto_alloc_instance
which can be used by simple one-argument templates like hmac to process
input parameters and allocate instances.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] cipher: Removed special IV checks for ECB
Herbert Xu [Fri, 14 Jul 2006 00:42:27 +0000]
[CRYPTO] cipher: Removed special IV checks for ECB

This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG().  This is needed to generalise CBC/ECB using the template
mechanism.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] tcrypt: Use test_hash for crc32c
Herbert Xu [Mon, 21 Aug 2006 12:04:03 +0000]
[CRYPTO] tcrypt: Use test_hash for crc32c

Now that crc32c has been fixed to conform with standard digest semantics,
we can use test_hash for it.  I've turned the last test into a chunky
test.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] digest: Store temporary digest in tfm
Herbert Xu [Sun, 9 Jul 2006 04:49:42 +0000]
[CRYPTO] digest: Store temporary digest in tfm

When the final result location is unaligned, we store the digest in a
temporary buffer before copying it to the final location.  Currently
that buffer sits on the stack.  This patch moves it to an area in the
tfm, just like the CBC IV buffer.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Get rid of flags argument to setkey
Herbert Xu [Sun, 13 Aug 2006 04:16:39 +0000]
[CRYPTO] api: Get rid of flags argument to setkey

Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.

This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.

Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm.  The redundant check from crypto_digest_setkey
is also removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] crc32c: Fix unconventional setkey usage
Herbert Xu [Sun, 6 Aug 2006 13:03:08 +0000]
[CRYPTO] crc32c: Fix unconventional setkey usage

The convention for setkey is that once it is set it should not change,
in particular, init must not wipe out the key set by it.  In fact, init
should always be used after setkey before any digestion is performed.

The only user of crc32c that sets the key is tcrypt.  This patch adds
the necessary init calls there.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock-sha: TFMs don't need to be static
Michal Ludvig [Sun, 16 Jul 2006 22:14:58 +0000]
[CRYPTO] padlock-sha: TFMs don't need to be static

TFMs are local variables. No need to declare them
static. After all one is enough.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Helper module padlock.ko
Michal Ludvig [Sun, 6 Aug 2006 12:50:30 +0000]
[CRYPTO] padlock: Helper module padlock.ko

Compile a helper module padlock.ko that will try
to autoload all configured padlock algorithms.

This also provides backward compatibility with
the ancient times before padlock.ko was renamed
to padlock-aes.ko

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock-sha: Make 2 functions static
Adrian Bunk [Sat, 15 Jul 2006 01:31:25 +0000]
[CRYPTO] padlock-sha: Make 2 functions static

This patch makes two needlessly global functions static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Driver for SHA1 / SHA256 algorithms
Michal Ludvig [Wed, 12 Jul 2006 02:29:38 +0000]
[CRYPTO] padlock: Driver for SHA1 / SHA256 algorithms

Support for SHA1 / SHA256 algorithms in VIA C7 processors.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Update private header file
Michal Ludvig [Sat, 15 Jul 2006 00:23:49 +0000]
[CRYPTO] padlock: Update private header file

PADLOCK_CRA_PRIORITY is shared between padlock-aes and padlock-sha
so it should be in the header.

On the other hand "struct cword" is only used in padlock-aes.c
so it's unnecessary to have it in padlock.h

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Add compatibility alias after rename
Herbert Xu [Sun, 9 Jul 2006 00:35:49 +0000]
[CRYPTO] padlock: Add compatibility alias after rename

Whenever we rename modules we should add an alias to ensure that existing
users can still locate the new module.

This patch also gets rid of the now unused module function prototypes from
padlock.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] padlock: Get rid of padlock-generic.c
Michal Ludvig [Sun, 6 Aug 2006 12:46:20 +0000]
[CRYPTO] padlock: Get rid of padlock-generic.c

Merge padlock-generic.c into padlock-aes.c and compile
AES as a standalone module. We won't make a monolithic
padlock.ko with all supported algorithms, instead we'll
compile each driver into its own module.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

14 years ago[CRYPTO] api: Add missing accessors for new crypto_alg fields
Michal Ludvig [Sat, 8 Jul 2006 23:02:24 +0000]
[CRYPTO] api: Add missing accessors for new crypto_alg fields

Add missing accessors for cra_driver_name and cra_priority.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>