* [PATCH 1/6] crypto: eip93: return IRQ request errors from probe
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
2026-05-24 21:09 ` Aleksander Jan Bajkowski
2026-05-24 19:45 ` [PATCH 2/6] crypto: eip93: guard DMA cleanup on uninitialized mappings Jihong Min
` (4 subsequent siblings)
5 siblings, 1 reply; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
devm_request_threaded_irq() can fail, but eip93_crypto_probe()
continues as if the interrupt handler was installed. Return the error
immediately so the driver does not register algorithms for a device that
cannot signal completions.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Originally-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
drivers/crypto/inside-secure/eip93/eip93-main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.c b/drivers/crypto/inside-secure/eip93/eip93-main.c
index 7dccfdeb7b11..276839e1a515 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-main.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
@@ -433,6 +433,8 @@ static int eip93_crypto_probe(struct platform_device *pdev)
ret = devm_request_threaded_irq(eip93->dev, eip93->irq, eip93_irq_handler,
NULL, IRQF_ONESHOT,
dev_name(eip93->dev), eip93);
+ if (ret)
+ return ret;
eip93->ring = devm_kcalloc(eip93->dev, 1, sizeof(*eip93->ring), GFP_KERNEL);
if (!eip93->ring)
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* Re: [PATCH 1/6] crypto: eip93: return IRQ request errors from probe
2026-05-24 19:45 ` [PATCH 1/6] crypto: eip93: return IRQ request errors from probe Jihong Min
@ 2026-05-24 21:09 ` Aleksander Jan Bajkowski
2026-05-24 21:49 ` Jihong Min
0 siblings, 1 reply; 10+ messages in thread
From: Aleksander Jan Bajkowski @ 2026-05-24 21:09 UTC (permalink / raw)
To: Jihong Min, Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj
Hi Jihjong,
I sent same patch a few days ago. You can find it on Patchwork[1].
1.
https://patchwork.kernel.org/project/linux-crypto/patch/20260518212506.292170-1-olek2@wp.pl/
Best regards,
Aleksander
On 24/05/2026 21:45, Jihong Min wrote:
> devm_request_threaded_irq() can fail, but eip93_crypto_probe()
> continues as if the interrupt handler was installed. Return the error
> immediately so the driver does not register algorithms for a device that
> cannot signal completions.
>
> Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
> Originally-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
> Assisted-by: Codex:gpt-5.5
> Signed-off-by: Jihong Min <hurryman2212@gmail.com>
> ---
> drivers/crypto/inside-secure/eip93/eip93-main.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.c b/drivers/crypto/inside-secure/eip93/eip93-main.c
> index 7dccfdeb7b11..276839e1a515 100644
> --- a/drivers/crypto/inside-secure/eip93/eip93-main.c
> +++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
> @@ -433,6 +433,8 @@ static int eip93_crypto_probe(struct platform_device *pdev)
> ret = devm_request_threaded_irq(eip93->dev, eip93->irq, eip93_irq_handler,
> NULL, IRQF_ONESHOT,
> dev_name(eip93->dev), eip93);
> + if (ret)
> + return ret;
>
> eip93->ring = devm_kcalloc(eip93->dev, 1, sizeof(*eip93->ring), GFP_KERNEL);
> if (!eip93->ring)
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: [PATCH 1/6] crypto: eip93: return IRQ request errors from probe
2026-05-24 21:09 ` Aleksander Jan Bajkowski
@ 2026-05-24 21:49 ` Jihong Min
0 siblings, 0 replies; 10+ messages in thread
From: Jihong Min @ 2026-05-24 21:49 UTC (permalink / raw)
To: Aleksander Jan Bajkowski, Jihong Min, Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj
On 5/25/26 06:09, Aleksander Jan Bajkowski wrote:
> Hi Jihjong,
> I sent same patch a few days ago. You can find it on Patchwork[1].
>
> 1. https://patchwork.kernel.org/project/linux-crypto/
> patch/20260518212506.292170-1-olek2@wp.pl/
> Best regards,
> Aleksander
>
Hi Aleksander,
I missed that patch. Thanks for pointing it out.
I will drop this one from my next submission.
Sincerely,
Jihong Min
> On 24/05/2026 21:45, Jihong Min wrote:
>> devm_request_threaded_irq() can fail, but eip93_crypto_probe()
>> continues as if the interrupt handler was installed. Return the error
>> immediately so the driver does not register algorithms for a device that
>> cannot signal completions.
>>
>> Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel
>> EIP-93 crypto engine support")
>> Originally-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
>> Assisted-by: Codex:gpt-5.5
>> Signed-off-by: Jihong Min <hurryman2212@gmail.com>
>> ---
>> drivers/crypto/inside-secure/eip93/eip93-main.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.c b/
>> drivers/crypto/inside-secure/eip93/eip93-main.c
>> index 7dccfdeb7b11..276839e1a515 100644
>> --- a/drivers/crypto/inside-secure/eip93/eip93-main.c
>> +++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
>> @@ -433,6 +433,8 @@ static int eip93_crypto_probe(struct
>> platform_device *pdev)
>> ret = devm_request_threaded_irq(eip93->dev, eip93->irq,
>> eip93_irq_handler,
>> NULL, IRQF_ONESHOT,
>> dev_name(eip93->dev), eip93);
>> + if (ret)
>> + return ret;
>> eip93->ring = devm_kcalloc(eip93->dev, 1, sizeof(*eip93-
>> >ring), GFP_KERNEL);
>> if (!eip93->ring)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 2/6] crypto: eip93: guard DMA cleanup on uninitialized mappings
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
2026-05-24 19:45 ` [PATCH 1/6] crypto: eip93: return IRQ request errors from probe Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
2026-05-24 19:45 ` [PATCH 3/6] crypto: eip93: reject HMAC requests before setkey Jihong Min
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
Several error paths can reach cleanup before all DMA addresses have been
initialized or mapped. Initialize request DMA handles and check them before
cleanup so the driver does not unmap zero or stale addresses.
If mapping the temporary HMAC SA record fails, also release the block data
DMA mapping that was already active.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Reported-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Originally-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Suggested-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
.../crypto/inside-secure/eip93/eip93-common.c | 8 ++-
.../crypto/inside-secure/eip93/eip93-hash.c | 54 ++++++++++++-------
2 files changed, 41 insertions(+), 21 deletions(-)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-common.c b/drivers/crypto/inside-secure/eip93/eip93-common.c
index 4c163d7281b3..ed46730c36bc 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-common.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-common.c
@@ -527,6 +527,8 @@ int eip93_send_req(struct crypto_async_request *async,
rctx->sa_state_ctr = NULL;
rctx->sa_state = NULL;
+ rctx->sa_state_ctr_base = 0;
+ rctx->sa_state_base = 0;
if (IS_ECB(flags))
goto skip_iv;
@@ -534,8 +536,10 @@ int eip93_send_req(struct crypto_async_request *async,
memcpy(iv, reqiv, rctx->ivsize);
rctx->sa_state = kzalloc(sizeof(*rctx->sa_state), GFP_KERNEL);
- if (!rctx->sa_state)
- return -ENOMEM;
+ if (!rctx->sa_state) {
+ err = -ENOMEM;
+ goto free_sa_state;
+ }
sa_state = rctx->sa_state;
diff --git a/drivers/crypto/inside-secure/eip93/eip93-hash.c b/drivers/crypto/inside-secure/eip93/eip93-hash.c
index 84d3ff2d3836..63bb6c4670cb 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-hash.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-hash.c
@@ -34,7 +34,7 @@ static void eip93_hash_free_data_blocks(struct ahash_request *req)
if (!list_empty(&rctx->blocks))
INIT_LIST_HEAD(&rctx->blocks);
- if (rctx->finalize)
+ if (rctx->finalize && rctx->data_dma)
dma_unmap_single(eip93->dev, rctx->data_dma,
rctx->data_used,
DMA_TO_DEVICE);
@@ -47,12 +47,13 @@ static void eip93_hash_free_sa_record(struct ahash_request *req)
struct eip93_hash_ctx *ctx = crypto_ahash_ctx(ahash);
struct eip93_device *eip93 = ctx->eip93;
- if (IS_HMAC(ctx->flags))
+ if (IS_HMAC(ctx->flags) && rctx->sa_record_hmac_base)
dma_unmap_single(eip93->dev, rctx->sa_record_hmac_base,
sizeof(rctx->sa_record_hmac), DMA_TO_DEVICE);
- dma_unmap_single(eip93->dev, rctx->sa_record_base,
- sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
}
void eip93_hash_handle_result(struct crypto_async_request *async, int err)
@@ -66,8 +67,9 @@ void eip93_hash_handle_result(struct crypto_async_request *async, int err)
struct eip93_device *eip93 = ctx->eip93;
int i;
- dma_unmap_single(eip93->dev, rctx->sa_state_base,
- sizeof(*sa_state), DMA_FROM_DEVICE);
+ if (rctx->sa_state_base)
+ dma_unmap_single(eip93->dev, rctx->sa_state_base,
+ sizeof(*sa_state), DMA_FROM_DEVICE);
/*
* With partial_hash assume SHA256_DIGEST_SIZE buffer is passed.
@@ -200,6 +202,10 @@ static void __eip93_hash_init(struct ahash_request *req)
rctx->len = 0;
rctx->data_used = 0;
+ rctx->sa_record_base = 0;
+ rctx->sa_state_base = 0;
+ rctx->sa_record_hmac_base = 0;
+ rctx->data_dma = 0;
rctx->partial_hash = false;
rctx->finalize = false;
INIT_LIST_HEAD(&rctx->blocks);
@@ -250,8 +256,12 @@ static int eip93_send_hash_req(struct crypto_async_request *async, u8 *data,
sizeof(*sa_record_hmac),
DMA_TO_DEVICE);
ret = dma_mapping_error(eip93->dev, rctx->sa_record_hmac_base);
- if (ret)
+ if (ret) {
+ rctx->sa_record_hmac_base = 0;
+ dma_unmap_single(eip93->dev, src_addr, len,
+ DMA_TO_DEVICE);
return ret;
+ }
cdesc.sa_addr = rctx->sa_record_hmac_base;
}
@@ -420,12 +430,14 @@ static int eip93_hash_update(struct ahash_request *req)
return ret;
free_sa_record:
- dma_unmap_single(eip93->dev, rctx->sa_record_base,
- sizeof(*sa_record), DMA_TO_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(*sa_record), DMA_TO_DEVICE);
free_sa_state:
- dma_unmap_single(eip93->dev, rctx->sa_state_base,
- sizeof(*sa_state), DMA_TO_DEVICE);
+ if (rctx->sa_state_base)
+ dma_unmap_single(eip93->dev, rctx->sa_state_base,
+ sizeof(*sa_state), DMA_TO_DEVICE);
return ret;
}
@@ -501,12 +513,14 @@ static int __eip93_hash_final(struct ahash_request *req, bool map_dma)
free_blocks:
eip93_hash_free_data_blocks(req);
- dma_unmap_single(eip93->dev, rctx->sa_record_base,
- sizeof(*sa_record), DMA_TO_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(*sa_record), DMA_TO_DEVICE);
free_sa_state:
- dma_unmap_single(eip93->dev, rctx->sa_state_base,
- sizeof(*sa_state), DMA_TO_DEVICE);
+ if (rctx->sa_state_base)
+ dma_unmap_single(eip93->dev, rctx->sa_state_base,
+ sizeof(*sa_state), DMA_TO_DEVICE);
return ret;
}
@@ -549,11 +563,13 @@ static int eip93_hash_finup(struct ahash_request *req)
return __eip93_hash_final(req, false);
free_sa_record:
- dma_unmap_single(eip93->dev, rctx->sa_record_base,
- sizeof(*sa_record), DMA_TO_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(*sa_record), DMA_TO_DEVICE);
free_sa_state:
- dma_unmap_single(eip93->dev, rctx->sa_state_base,
- sizeof(*sa_state), DMA_TO_DEVICE);
+ if (rctx->sa_state_base)
+ dma_unmap_single(eip93->dev, rctx->sa_state_base,
+ sizeof(*sa_state), DMA_TO_DEVICE);
return ret;
}
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 3/6] crypto: eip93: reject HMAC requests before setkey
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
2026-05-24 19:45 ` [PATCH 1/6] crypto: eip93: return IRQ request errors from probe Jihong Min
2026-05-24 19:45 ` [PATCH 2/6] crypto: eip93: guard DMA cleanup on uninitialized mappings Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
2026-05-24 19:45 ` [PATCH 4/6] crypto: eip93: use request-local SA records for cipher requests Jihong Min
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
HMAC requests need the precomputed ipad/opad state installed by setkey().
Using an HMAC tfm before setkey() initializes the request with an all-zero
ipad and produces invalid hardware input.
Reject those requests during hash init so the failure is explicit.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Originally-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
drivers/crypto/inside-secure/eip93/eip93-hash.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-hash.c b/drivers/crypto/inside-secure/eip93/eip93-hash.c
index 63bb6c4670cb..060e90c5eaa7 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-hash.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-hash.c
@@ -300,6 +300,9 @@ static int eip93_hash_init(struct ahash_request *req)
struct eip93_hash_ctx *ctx = crypto_ahash_ctx(ahash);
struct sa_state *sa_state = &rctx->sa_state;
+ if (IS_HMAC(ctx->flags) && !memchr_inv(ctx->ipad, 0, SHA256_BLOCK_SIZE))
+ return -EINVAL;
+
memset(sa_state->state_byte_cnt, 0, sizeof(u32) * 2);
eip93_hash_init_sa_state_digest(ctx->flags & EIP93_HASH_MASK,
sa_state->state_i_digest);
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 4/6] crypto: eip93: use request-local SA records for cipher requests
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
` (2 preceding siblings ...)
2026-05-24 19:45 ` [PATCH 3/6] crypto: eip93: reject HMAC requests before setkey Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
2026-05-24 19:45 ` [PATCH 5/6] crypto: eip93: order result descriptor reads after PE_READY Jihong Min
2026-05-24 19:45 ` [PATCH 6/6] crypto: eip93: handle request ID exhaustion Jihong Min
5 siblings, 0 replies; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
Cipher and AEAD requests keep mutable direction and copy flags in the SA
record. Updating the tfm-level SA record for decrypt requests can leak
those settings into concurrent requests using the same transform.
Copy the prepared SA record into the request context and apply the
request-specific flags there. Map that request-local record for DMA, then
unmap it on normal completion and validation failures.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Reported-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Suggested-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
.../crypto/inside-secure/eip93/eip93-aead.c | 34 +++++++++++++------
.../crypto/inside-secure/eip93/eip93-cipher.c | 34 ++++++++++++-------
.../crypto/inside-secure/eip93/eip93-cipher.h | 3 +-
.../crypto/inside-secure/eip93/eip93-common.c | 9 +++++
4 files changed, 55 insertions(+), 25 deletions(-)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-aead.c b/drivers/crypto/inside-secure/eip93/eip93-aead.c
index 2bbd0af7b0e0..3b2edb012048 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-aead.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-aead.c
@@ -42,12 +42,18 @@ void eip93_aead_handle_result(struct crypto_async_request *async, int err)
static int eip93_aead_send_req(struct crypto_async_request *async)
{
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(async->tfm);
struct aead_request *req = aead_request_cast(async);
struct eip93_cipher_reqctx *rctx = aead_request_ctx(req);
int err;
err = check_valid_request(rctx);
if (err) {
+ if (rctx->sa_record_base) {
+ dma_unmap_single(ctx->eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+ }
aead_request_complete(req, err);
return err;
}
@@ -81,8 +87,6 @@ static void eip93_aead_cra_exit(struct crypto_tfm *tfm)
{
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
- dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
kfree(ctx->sa_record);
}
@@ -191,11 +195,24 @@ static int eip93_aead_crypt(struct aead_request *req)
struct crypto_aead *aead = crypto_aead_reqtfm(req);
int ret;
- ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
- ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
- if (ret)
+ memcpy(&rctx->sa_record, ctx->sa_record, sizeof(rctx->sa_record));
+ if (IS_DECRYPT(rctx->flags)) {
+ rctx->sa_record.sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
+ rctx->sa_record.sa_cmd1_word &= ~(EIP93_SA_CMD_COPY_PAD |
+ EIP93_SA_CMD_COPY_DIGEST);
+ } else {
+ rctx->sa_record.sa_cmd0_word &= ~EIP93_SA_CMD_DIRECTION_IN;
+ rctx->sa_record.sa_cmd1_word |= EIP93_SA_CMD_COPY_PAD |
+ EIP93_SA_CMD_COPY_DIGEST;
+ }
+
+ rctx->sa_record_base = dma_map_single(ctx->eip93->dev, &rctx->sa_record,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ ret = dma_mapping_error(ctx->eip93->dev, rctx->sa_record_base);
+ if (ret) {
+ rctx->sa_record_base = 0;
return ret;
+ }
rctx->textsize = req->cryptlen;
rctx->blksize = ctx->blksize;
@@ -205,7 +222,6 @@ static int eip93_aead_crypt(struct aead_request *req)
rctx->sg_dst = req->dst;
rctx->ivsize = crypto_aead_ivsize(aead);
rctx->desc_flags = EIP93_DESC_AEAD;
- rctx->sa_record_base = ctx->sa_record_base;
if (IS_DECRYPT(rctx->flags))
rctx->textsize -= rctx->authsize;
@@ -238,10 +254,6 @@ static int eip93_aead_decrypt(struct aead_request *req)
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct eip93_cipher_reqctx *rctx = aead_request_ctx(req);
- ctx->sa_record->sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
- ctx->sa_record->sa_cmd1_word &= ~(EIP93_SA_CMD_COPY_PAD |
- EIP93_SA_CMD_COPY_DIGEST);
-
rctx->flags = ctx->flags;
rctx->flags |= EIP93_DECRYPT;
if (ctx->set_assoc) {
diff --git a/drivers/crypto/inside-secure/eip93/eip93-cipher.c b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
index 4dd7ab7503e8..66b85781ef93 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
@@ -32,6 +32,7 @@ void eip93_skcipher_handle_result(struct crypto_async_request *async, int err)
static int eip93_skcipher_send_req(struct crypto_async_request *async)
{
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(async->tfm);
struct skcipher_request *req = skcipher_request_cast(async);
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
int err;
@@ -39,6 +40,11 @@ static int eip93_skcipher_send_req(struct crypto_async_request *async)
err = check_valid_request(rctx);
if (err) {
+ if (rctx->sa_record_base) {
+ dma_unmap_single(ctx->eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+ }
skcipher_request_complete(req, err);
return err;
}
@@ -72,8 +78,6 @@ static void eip93_skcipher_cra_exit(struct crypto_tfm *tfm)
{
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
- dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
kfree(ctx->sa_record);
}
@@ -133,7 +137,7 @@ static int eip93_skcipher_setkey(struct crypto_skcipher *ctfm, const u8 *key,
return 0;
}
-static int eip93_skcipher_crypt(struct skcipher_request *req)
+static int eip93_skcipher_crypt(struct skcipher_request *req, bool encrypt)
{
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
struct crypto_async_request *async = &req->base;
@@ -153,11 +157,19 @@ static int eip93_skcipher_crypt(struct skcipher_request *req)
crypto_skcipher_blocksize(skcipher)))
return -EINVAL;
- ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
- ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
- if (ret)
+ memcpy(&rctx->sa_record, ctx->sa_record, sizeof(rctx->sa_record));
+ if (encrypt)
+ rctx->sa_record.sa_cmd0_word &= ~EIP93_SA_CMD_DIRECTION_IN;
+ else
+ rctx->sa_record.sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
+
+ rctx->sa_record_base = dma_map_single(ctx->eip93->dev, &rctx->sa_record,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ ret = dma_mapping_error(ctx->eip93->dev, rctx->sa_record_base);
+ if (ret) {
+ rctx->sa_record_base = 0;
return ret;
+ }
rctx->assoclen = 0;
rctx->textsize = req->cryptlen;
@@ -167,7 +179,6 @@ static int eip93_skcipher_crypt(struct skcipher_request *req)
rctx->ivsize = crypto_skcipher_ivsize(skcipher);
rctx->blksize = ctx->blksize;
rctx->desc_flags = EIP93_DESC_SKCIPHER;
- rctx->sa_record_base = ctx->sa_record_base;
return eip93_skcipher_send_req(async);
}
@@ -181,22 +192,19 @@ static int eip93_skcipher_encrypt(struct skcipher_request *req)
rctx->flags = tmpl->flags;
rctx->flags |= EIP93_ENCRYPT;
- return eip93_skcipher_crypt(req);
+ return eip93_skcipher_crypt(req, true);
}
static int eip93_skcipher_decrypt(struct skcipher_request *req)
{
- struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
struct eip93_alg_template *tmpl = container_of(req->base.tfm->__crt_alg,
struct eip93_alg_template, alg.skcipher.base);
- ctx->sa_record->sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
-
rctx->flags = tmpl->flags;
rctx->flags |= EIP93_DECRYPT;
- return eip93_skcipher_crypt(req);
+ return eip93_skcipher_crypt(req, false);
}
/* Available algorithms in this module */
diff --git a/drivers/crypto/inside-secure/eip93/eip93-cipher.h b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
index 47e4e84ff14e..e9612696c388 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.h
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
@@ -9,6 +9,7 @@
#define _EIP93_CIPHER_H_
#include "eip93-main.h"
+#include "eip93-regs.h"
struct eip93_crypto_ctx {
struct eip93_device *eip93;
@@ -16,7 +17,6 @@ struct eip93_crypto_ctx {
struct sa_record *sa_record;
u32 sa_nonce;
int blksize;
- dma_addr_t sa_record_base;
/* AEAD specific */
unsigned int authsize;
unsigned int assoclen;
@@ -32,6 +32,7 @@ struct eip93_cipher_reqctx {
unsigned int textsize;
unsigned int assoclen;
unsigned int authsize;
+ struct sa_record sa_record __aligned(CRYPTO_DMA_ALIGN);
dma_addr_t sa_record_base;
struct sa_state *sa_state;
dma_addr_t sa_state_base;
diff --git a/drivers/crypto/inside-secure/eip93/eip93-common.c b/drivers/crypto/inside-secure/eip93/eip93-common.c
index ed46730c36bc..f422c93748c9 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-common.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-common.c
@@ -637,6 +637,10 @@ int eip93_send_req(struct crypto_async_request *async,
DMA_TO_DEVICE);
free_sa_state:
kfree(rctx->sa_state);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
return err;
}
@@ -693,6 +697,11 @@ void eip93_handle_result(struct eip93_device *eip93, struct eip93_cipher_reqctx
sizeof(*rctx->sa_state_ctr),
DMA_FROM_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+
if (rctx->sa_state)
dma_unmap_single(eip93->dev, rctx->sa_state_base,
sizeof(*rctx->sa_state),
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 5/6] crypto: eip93: order result descriptor reads after PE_READY
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
` (3 preceding siblings ...)
2026-05-24 19:45 ` [PATCH 4/6] crypto: eip93: use request-local SA records for cipher requests Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
2026-05-24 19:45 ` [PATCH 6/6] crypto: eip93: handle request ID exhaustion Jihong Min
5 siblings, 0 replies; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
The result handler polls ownership bits until the packet engine reports the
descriptor as ready. Ensure later descriptor reads observe the DMA writes
that completed before PE_READY became visible.
Use the value already read from the descriptor for error parsing.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Reported-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Suggested-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
drivers/crypto/inside-secure/eip93/eip93-main.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.c b/drivers/crypto/inside-secure/eip93/eip93-main.c
index 276839e1a515..e3bd28cc0c67 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-main.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
@@ -224,11 +224,14 @@ static void eip93_handle_result_descriptor(struct eip93_device *eip93)
FIELD_GET(EIP93_PE_LENGTH_HOST_PE_READY, pe_length) !=
EIP93_PE_LENGTH_PE_READY);
- err = rdesc->pe_ctrl_stat_word & (EIP93_PE_CTRL_PE_EXT_ERR_CODE |
- EIP93_PE_CTRL_PE_EXT_ERR |
- EIP93_PE_CTRL_PE_SEQNUM_ERR |
- EIP93_PE_CTRL_PE_PAD_ERR |
- EIP93_PE_CTRL_PE_AUTH_ERR);
+ /* Order descriptor reads after device ownership is returned. */
+ dma_rmb();
+
+ err = pe_ctrl_stat & (EIP93_PE_CTRL_PE_EXT_ERR_CODE |
+ EIP93_PE_CTRL_PE_EXT_ERR |
+ EIP93_PE_CTRL_PE_SEQNUM_ERR |
+ EIP93_PE_CTRL_PE_PAD_ERR |
+ EIP93_PE_CTRL_PE_AUTH_ERR);
desc_flags = FIELD_GET(EIP93_PE_USER_ID_DESC_FLAGS, rdesc->user_id);
crypto_idr = FIELD_GET(EIP93_PE_USER_ID_CRYPTO_IDR, rdesc->user_id);
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread* [PATCH 6/6] crypto: eip93: handle request ID exhaustion
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
` (4 preceding siblings ...)
2026-05-24 19:45 ` [PATCH 5/6] crypto: eip93: order result descriptor reads after PE_READY Jihong Min
@ 2026-05-24 19:45 ` Jihong Min
[not found] ` <e2242046-f08c-4903-a2ea-f21d3bb241cd@wp.pl>
5 siblings, 1 reply; 10+ messages in thread
From: Jihong Min @ 2026-05-24 19:45 UTC (permalink / raw)
To: Herbert Xu, linux-crypto
Cc: Christian Marangi, Antoine Tenart, David S . Miller,
Richard van Schagen, linux-kernel, Benjamin Larsson,
Mieczyslaw Nalewaj, Aleksander Jan Bajkowski, Jihong Min
The driver stores the async request pointer in an IDR and places the ID in
the hardware descriptor. The old allocation used the ring depth as the IDR
limit. It also did not check allocation failure, so request pressure could
encode a negative error value as a descriptor user ID.
Allocate request IDs from the full user ID field range and wait while the
IDR is full. Publish the descriptor only after DMA mappings and ID
allocation have succeeded. Add unwind paths for mappings that are active
when ID allocation fails, and tolerate stale or missing result IDs in the
interrupt handler.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Reported-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Suggested-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
.../crypto/inside-secure/eip93/eip93-common.c | 48 +++++++++++++++----
.../crypto/inside-secure/eip93/eip93-common.h | 3 ++
.../crypto/inside-secure/eip93/eip93-hash.c | 26 +++++++---
.../crypto/inside-secure/eip93/eip93-main.c | 6 +++
.../crypto/inside-secure/eip93/eip93-main.h | 2 +
5 files changed, 69 insertions(+), 16 deletions(-)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-common.c b/drivers/crypto/inside-secure/eip93/eip93-common.c
index f422c93748c9..88b89d05d510 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-common.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-common.c
@@ -65,6 +65,31 @@ int eip93_parse_ctrl_stat_err(struct eip93_device *eip93, int err)
}
}
+int eip93_alloc_request_id(struct eip93_device *eip93, void *request)
+{
+ int id;
+
+ scoped_guard(spinlock_bh, &eip93->ring->idr_lock)
+ id = idr_alloc(&eip93->ring->crypto_async_idr, request, 0,
+ EIP93_REQUEST_IDR_LIMIT, GFP_ATOMIC);
+
+ return id;
+}
+
+int eip93_alloc_request_id_wait(struct eip93_device *eip93, void *request)
+{
+ int id;
+
+ for (;;) {
+ id = eip93_alloc_request_id(eip93, request);
+ if (id != -ENOSPC)
+ return id;
+
+ usleep_range(EIP93_RING_BUSY_DELAY,
+ EIP93_RING_BUSY_DELAY * 2);
+ }
+}
+
static void *eip93_ring_next_wptr(struct eip93_device *eip93,
struct eip93_desc_ring *ring)
{
@@ -597,15 +622,6 @@ int eip93_send_req(struct crypto_async_request *async,
cdesc.sa_addr = rctx->sa_record_base;
cdesc.arc4_addr = 0;
- scoped_guard(spinlock_bh, &eip93->ring->idr_lock)
- crypto_async_idr = idr_alloc(&eip93->ring->crypto_async_idr, async, 0,
- EIP93_RING_NUM - 1, GFP_ATOMIC);
-
- cdesc.user_id = FIELD_PREP(EIP93_PE_USER_ID_CRYPTO_IDR, (u16)crypto_async_idr) |
- FIELD_PREP(EIP93_PE_USER_ID_DESC_FLAGS, rctx->desc_flags);
-
- rctx->cdesc = &cdesc;
-
/* map DMA_BIDIRECTIONAL to invalidate cache on destination
* implies __dma_cache_wback_inv
*/
@@ -620,8 +636,22 @@ int eip93_send_req(struct crypto_async_request *async,
goto free_sg_dma;
}
+ crypto_async_idr = eip93_alloc_request_id_wait(eip93, async);
+ if (crypto_async_idr < 0) {
+ err = crypto_async_idr;
+ goto free_src_sg_dma;
+ }
+
+ cdesc.user_id = FIELD_PREP(EIP93_PE_USER_ID_CRYPTO_IDR, crypto_async_idr) |
+ FIELD_PREP(EIP93_PE_USER_ID_DESC_FLAGS, rctx->desc_flags);
+
+ rctx->cdesc = &cdesc;
+
return eip93_scatter_combine(eip93, rctx, datalen, split, offsetin);
+free_src_sg_dma:
+ if (src != dst)
+ dma_unmap_sg(eip93->dev, src, rctx->src_nents, DMA_TO_DEVICE);
free_sg_dma:
dma_unmap_sg(eip93->dev, dst, rctx->dst_nents, DMA_BIDIRECTIONAL);
free_sa_state_ctr_dma:
diff --git a/drivers/crypto/inside-secure/eip93/eip93-common.h b/drivers/crypto/inside-secure/eip93/eip93-common.h
index 41c43782eb5c..3898962d0abf 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-common.h
+++ b/drivers/crypto/inside-secure/eip93/eip93-common.h
@@ -17,6 +17,9 @@ void eip93_set_sa_record(struct sa_record *sa_record, const unsigned int keylen,
int eip93_parse_ctrl_stat_err(struct eip93_device *eip93, int err);
+int eip93_alloc_request_id(struct eip93_device *eip93, void *request);
+int eip93_alloc_request_id_wait(struct eip93_device *eip93, void *request);
+
int eip93_hmac_setkey(u32 ctx_flags, const u8 *key, unsigned int keylen,
unsigned int hashlen, u8 *ipad, u8 *opad,
bool skip_ipad);
diff --git a/drivers/crypto/inside-secure/eip93/eip93-hash.c b/drivers/crypto/inside-secure/eip93/eip93-hash.c
index 060e90c5eaa7..512e0e2ce25e 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-hash.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-hash.c
@@ -221,6 +221,7 @@ static int eip93_send_hash_req(struct crypto_async_request *async, u8 *data,
struct eip93_device *eip93 = ctx->eip93;
struct eip93_descriptor cdesc = { };
dma_addr_t src_addr;
+ bool hmac_sa_mapped = false;
int ret;
/* Map block data to DMA */
@@ -258,22 +259,23 @@ static int eip93_send_hash_req(struct crypto_async_request *async, u8 *data,
ret = dma_mapping_error(eip93->dev, rctx->sa_record_hmac_base);
if (ret) {
rctx->sa_record_hmac_base = 0;
- dma_unmap_single(eip93->dev, src_addr, len,
- DMA_TO_DEVICE);
- return ret;
+ goto unmap_src;
}
cdesc.sa_addr = rctx->sa_record_hmac_base;
+ hmac_sa_mapped = true;
}
cdesc.pe_ctrl_stat_word |= EIP93_PE_CTRL_PE_HASH_FINAL;
}
- scoped_guard(spinlock_bh, &eip93->ring->idr_lock)
- crypto_async_idr = idr_alloc(&eip93->ring->crypto_async_idr, async, 0,
- EIP93_RING_NUM - 1, GFP_ATOMIC);
+ crypto_async_idr = eip93_alloc_request_id_wait(eip93, async);
+ if (crypto_async_idr < 0) {
+ ret = crypto_async_idr;
+ goto unmap_hmac_sa;
+ }
- cdesc.user_id |= FIELD_PREP(EIP93_PE_USER_ID_CRYPTO_IDR, (u16)crypto_async_idr) |
+ cdesc.user_id |= FIELD_PREP(EIP93_PE_USER_ID_CRYPTO_IDR, crypto_async_idr) |
FIELD_PREP(EIP93_PE_USER_ID_DESC_FLAGS, EIP93_DESC_LAST);
}
@@ -291,6 +293,16 @@ static int eip93_send_hash_req(struct crypto_async_request *async, u8 *data,
*data_dma = src_addr;
return 0;
+
+unmap_hmac_sa:
+ if (hmac_sa_mapped) {
+ dma_unmap_single(eip93->dev, rctx->sa_record_hmac_base,
+ sizeof(rctx->sa_record_hmac), DMA_TO_DEVICE);
+ rctx->sa_record_hmac_base = 0;
+ }
+unmap_src:
+ dma_unmap_single(eip93->dev, src_addr, len, DMA_TO_DEVICE);
+ return ret;
}
static int eip93_hash_init(struct ahash_request *req)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.c b/drivers/crypto/inside-secure/eip93/eip93-main.c
index e3bd28cc0c67..0de18a0cbe33 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-main.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-main.c
@@ -257,6 +257,12 @@ static void eip93_handle_result_descriptor(struct eip93_device *eip93)
idr_remove(&eip93->ring->crypto_async_idr, crypto_idr);
}
+ if (!async) {
+ dev_warn_ratelimited(eip93->dev, "missing request id %u\n",
+ crypto_idr);
+ goto get_more;
+ }
+
/* Parse error in ctrl stat word */
err = eip93_parse_ctrl_stat_err(eip93, err);
diff --git a/drivers/crypto/inside-secure/eip93/eip93-main.h b/drivers/crypto/inside-secure/eip93/eip93-main.h
index 990c2401b7ce..5237b75bba62 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-main.h
+++ b/drivers/crypto/inside-secure/eip93/eip93-main.h
@@ -13,11 +13,13 @@
#include <crypto/internal/skcipher.h>
#include <linux/bitfield.h>
#include <linux/interrupt.h>
+#include <linux/limits.h>
#define EIP93_RING_BUSY_DELAY 500
#define EIP93_RING_NUM 512
#define EIP93_RING_BUSY 32
+#define EIP93_REQUEST_IDR_LIMIT (U16_MAX + 1)
#define EIP93_CRA_PRIORITY 1500
#define EIP93_RING_SA_STATE_ADDR(base, idx) ((base) + (idx))
--
2.53.0
^ permalink raw reply related [flat|nested] 10+ messages in thread