* [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver
@ 2026-05-05 17:53 Paul Louvel
2026-05-05 17:53 ` [PATCH v2 01/12] crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header Paul Louvel
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
This series fixes several issues in the Freescale talitos crypto driver.
Patch 1 fixes a missing dma_sync_single_for_cpu() before reading a
descriptor header.
Patches 2-5 add support for chaining an arbitrary number of descriptors
in the driver for the SEC1 hardware.
Patches 6-9 rework the SEC1 hash implementation to build descriptor
chains instead of submitting one descriptor at a time via a workqueue.
Patch 10 fixes the same ahash request size limitation on SEC2 (64k - 1
bytes), by splitting ahash_done() into SEC1 and SEC2 paths so that SEC2
iterates through descriptors sequentially.
Patch 11 fixes an off-by-one in the submit_count initialisation that
wastes one FIFO slot.
Tested on an MPC885 SoC (SEC1 Lite), and on an MPC8321EMP SoC (SEC2)
with CRYPTO_SELFTESTS_FULL=y.
For the SEC1 Lite, some tests are failing due to a timeout waiting for
request completion. These failed tests existed prior to this series.
On SEC2, there is no failed tests.
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
Changes in v2:
- Split the first patch into smaller, logically separated patches for
easier review.
- Added more context on testing on the cover letter.
- Introduce a fix to correctly read hardware descriptor header. This fix
was motivated by a remark of Sashiko on the v1:
https://sashiko.dev/#/patchset/20260504-bootlin_test-7-1-rc1_sec_bugfix-v1-0-c97c641976f5%40bootlin.com
- Separate SEC2 64k-1 ahash limitation fix into its own patch.
- Link to v1: https://patch.msgid.link/20260504-bootlin_test-7-1-rc1_sec_bugfix-v1-0-c97c641976f5@bootlin.com
---
Paul Louvel (12):
crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header
crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1
crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function
crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function
crypto: talitos - move code in current_desc_hdr() into a standalone function
crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor
crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue
crypto: talitos/hash - drop workqueue mechanism for SEC1
crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request
crypto: talitos/hash - remove useless wrapper
crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation
crypto: talitos - fix invalid submit_count initial value
drivers/crypto/talitos.c | 578 ++++++++++++++++++++++++-----------------------
drivers/crypto/talitos.h | 14 ++
2 files changed, 315 insertions(+), 277 deletions(-)
---
base-commit: db8b9f227833e729faf44a512aa1e88a625b5ad8
change-id: 20260504-bootlin_test-7-1-rc1_sec_bugfix-13169ed07ddc
Best regards,
--
Paul Louvel <paul.louvel@bootlin.com>
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v2 01/12] crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 02/12] crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1 Paul Louvel
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
In order to know if a descriptor has been processed by the device,
the driver polls the FIFO to see if DESC_HDR_DONE is set on a descriptor
header to confirm completion.
The current code does not make sure that the CPU gets up to date data
before reading the descriptor.
Fix this by calling dma_sync_single_for_cpu() before reading memory
written by the device.
Cc: stable@vger.kernel.org
Fixes: 58cdbc6d2263 ("crypto: talitos - fix hash on SEC1.")
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index bc61d0fe3514..303640e64717 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -322,15 +322,25 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
return -EINPROGRESS;
}
-static __be32 get_request_hdr(struct talitos_request *request, bool is_sec1)
+static __be32 get_request_hdr(struct device *dev, struct talitos_request *request, bool is_sec1)
{
struct talitos_edesc *edesc;
+ dma_addr_t dma_desc;
+
+ if (!is_sec1) {
+ dma_sync_single_for_cpu(dev, request->dma_desc,
+ TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
- if (!is_sec1)
return request->desc->hdr;
+ }
if (!request->desc->next_desc)
- return request->desc->hdr1;
+ dma_desc = request->dma_desc;
+ else
+ dma_desc = be32_to_cpu(request->desc->next_desc);
+
+ dma_sync_single_for_cpu(dev, dma_desc, TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
edesc = container_of(request->desc, struct talitos_edesc, desc);
@@ -358,7 +368,7 @@ static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
/* descriptors with their done bits set don't get the error */
rmb();
- hdr = get_request_hdr(request, is_sec1);
+ hdr = get_request_hdr(dev, request, is_sec1);
if ((hdr & DESC_HDR_DONE) == DESC_HDR_DONE)
status = 0;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 02/12] crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
2026-05-05 17:53 ` [PATCH v2 01/12] crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 03/12] crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function Paul Louvel
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
The SEC1 hardware can process a chain of descriptors without host
intervention. Only the hash implementation currently use this feature,
but with a chain of at most 2 descriptors added in commit 37b5e8897eb5
("crypto: talitos - chain in buffered data for ahash on SEC1").
Add supports for chaining an arbitrary number of descriptors in a chain.
Adapt the ahash implementation to make it compatible.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 171 ++++++++++++++++++++++++++++++++++-------------
drivers/crypto/talitos.h | 4 ++
2 files changed, 127 insertions(+), 48 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 303640e64717..d68d307c54f7 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -14,6 +14,7 @@
#include <linux/workqueue.h>
#include <linux/kernel.h>
+#include <linux/list.h>
#include <linux/module.h>
#include <linux/mod_devicetable.h>
#include <linux/device.h>
@@ -273,7 +274,10 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
void *context, int error),
void *context)
{
+ struct talitos_edesc *edesc = container_of(desc, struct talitos_edesc, desc);
struct talitos_private *priv = dev_get_drvdata(dev);
+ dma_addr_t dma_desc, prev_dma_desc;
+ struct talitos_edesc *prev_edesc = NULL;
struct talitos_request *request;
unsigned long flags;
int head;
@@ -292,14 +296,37 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
/* map descriptor and save caller data */
if (is_sec1) {
- desc->hdr1 = desc->hdr;
- request->dma_desc = dma_map_single(dev, &desc->hdr1,
+ request->desc_chain = edesc->node.prev;
+
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ edesc->desc.hdr1 = edesc->desc.hdr;
+
+ dma_desc = dma_map_single(dev, &edesc->desc.hdr1,
+ TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+
+ if (!prev_edesc) {
+ request->dma_desc = dma_desc;
+ goto next;
+ }
+
+ /* Chain in any previous descriptors. */
+
+ prev_edesc->desc.next_desc = cpu_to_be32(dma_desc);
+
+ dma_sync_single_for_device(dev, prev_dma_desc,
TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
+ DMA_TO_DEVICE);
+
+next:
+ prev_edesc = edesc;
+ prev_dma_desc = dma_desc;
+ }
} else {
request->dma_desc = dma_map_single(dev, desc,
TALITOS_DESC_SIZE,
DMA_BIDIRECTIONAL);
+ request->desc_chain = NULL;
}
request->callback = callback;
request->context = context;
@@ -324,7 +351,8 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
static __be32 get_request_hdr(struct device *dev, struct talitos_request *request, bool is_sec1)
{
- struct talitos_edesc *edesc;
+ struct talitos_edesc *prev_last, *last;
+ struct talitos_desc *desc;
dma_addr_t dma_desc;
if (!is_sec1) {
@@ -334,17 +362,22 @@ static __be32 get_request_hdr(struct device *dev, struct talitos_request *reques
return request->desc->hdr;
}
- if (!request->desc->next_desc)
+ if (list_is_singular(request->desc_chain)) {
+ desc = request->desc;
dma_desc = request->dma_desc;
- else
- dma_desc = be32_to_cpu(request->desc->next_desc);
+ } else {
+ last = list_last_entry(request->desc_chain,
+ struct talitos_edesc, node);
+ prev_last = list_prev_entry(last, node);
+
+ desc = &last->desc;
+ dma_desc = be32_to_cpu(prev_last->desc.next_desc);
+ }
dma_sync_single_for_cpu(dev, dma_desc, TALITOS_DESC_SIZE,
DMA_BIDIRECTIONAL);
- edesc = container_of(request->desc, struct talitos_edesc, desc);
-
- return ((struct talitos_desc *)(edesc->buf + edesc->dma_len))->hdr1;
+ return desc->hdr1;
}
/*
@@ -354,6 +387,7 @@ static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
{
struct talitos_private *priv = dev_get_drvdata(dev);
struct talitos_request *request, saved_req;
+ struct talitos_edesc *edesc;
unsigned long flags;
int tail, status;
bool is_sec1 = has_ftr_sec1(priv);
@@ -378,9 +412,23 @@ static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
else
status = error;
- dma_unmap_single(dev, request->dma_desc,
- TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
+ if (is_sec1) {
+ dma_unmap_single(dev, request->dma_desc,
+ TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
+
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ if (!edesc->desc.next_desc)
+ break;
+
+ dma_unmap_single(
+ dev, be32_to_cpu(edesc->desc.next_desc),
+ TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
+ }
+ } else {
+ dma_unmap_single(dev, request->dma_desc,
+ TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+ }
/* copy entries so we can call callback outside lock */
saved_req.desc = request->desc;
@@ -475,8 +523,12 @@ DEF_TALITOS2_DONE(ch1_3, TALITOS2_ISR_CH_1_3_DONE)
static __be32 current_desc_hdr(struct device *dev, int ch)
{
struct talitos_private *priv = dev_get_drvdata(dev);
+ bool is_sec1 = has_ftr_sec1(priv);
+ struct talitos_request *request;
+ struct talitos_edesc *edesc;
int tail, iter;
dma_addr_t cur_desc;
+ __be32 hdr = 0;
cur_desc = ((u64)in_be32(priv->chan[ch].reg + TALITOS_CDPR)) << 32;
cur_desc |= in_be32(priv->chan[ch].reg + TALITOS_CDPR_LO);
@@ -487,27 +539,31 @@ static __be32 current_desc_hdr(struct device *dev, int ch)
}
tail = priv->chan[ch].tail;
-
iter = tail;
- while (priv->chan[ch].fifo[iter].dma_desc != cur_desc &&
- priv->chan[ch].fifo[iter].desc->next_desc != cpu_to_be32(cur_desc)) {
- iter = (iter + 1) & (priv->fifo_len - 1);
- if (iter == tail) {
- dev_err(dev, "couldn't locate current descriptor\n");
- return 0;
+ do {
+ request = &priv->chan[ch].fifo[iter];
+
+ if (request->dma_desc == cur_desc) {
+ hdr = request->desc->hdr;
+ } else if (is_sec1) {
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ if (edesc->desc.next_desc ==
+ cpu_to_be32(cur_desc))
+ hdr = list_next_entry(edesc, node)
+ ->desc.hdr;
+ }
}
- }
- if (priv->chan[ch].fifo[iter].desc->next_desc == cpu_to_be32(cur_desc)) {
- struct talitos_edesc *edesc;
+ if (hdr)
+ break;
- edesc = container_of(priv->chan[ch].fifo[iter].desc,
- struct talitos_edesc, desc);
- return ((struct talitos_desc *)
- (edesc->buf + edesc->dma_len))->hdr;
- }
+ iter = (iter + 1) & (priv->fifo_len - 1);
+ } while (iter != tail);
+
+ if (!hdr)
+ dev_err(dev, "couldn't locate current descriptor\n");
- return priv->chan[ch].fifo[iter].desc->hdr;
+ return hdr;
}
/*
@@ -886,6 +942,7 @@ struct talitos_ahash_req_ctx {
unsigned int nbuf;
struct scatterlist bufsl[2];
struct scatterlist *psrc;
+ struct list_head desc_list;
struct scatterlist request_bufsl[2];
struct ahash_request *areq;
@@ -1406,10 +1463,6 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
dma_len = 0;
}
alloc_len += icv_stashing ? authsize : 0;
-
- /* if its a ahash, add space for a second desc next to the first one */
- if (is_sec1 && !dst)
- alloc_len += sizeof(struct talitos_desc);
alloc_len += ivsize;
edesc = kmalloc(ALIGN(alloc_len, dma_get_cache_alignment()), flags);
@@ -1421,6 +1474,9 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
}
memset(&edesc->desc, 0, sizeof(edesc->desc));
+ if (is_sec1)
+ INIT_LIST_HEAD(&edesc->node);
+
edesc->src_nents = src_nents;
edesc->dst_nents = dst_nents;
edesc->iv_dma = iv_dma;
@@ -1725,8 +1781,10 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
struct talitos_private *priv = dev_get_drvdata(dev);
bool is_sec1 = has_ftr_sec1(priv);
struct talitos_desc *desc = &edesc->desc;
- struct talitos_desc *desc2 = (struct talitos_desc *)
- (edesc->buf + edesc->dma_len);
+ struct talitos_desc *desc2;
+
+ if (desc->next_desc)
+ desc2 = &list_next_entry(edesc, node)->desc;
unmap_single_talitos_ptr(dev, &desc->ptr[5], DMA_FROM_DEVICE);
if (desc->next_desc &&
@@ -1754,10 +1812,18 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
if (edesc->dma_len)
dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
DMA_BIDIRECTIONAL);
+}
- if (desc->next_desc)
- dma_unmap_single(dev, be32_to_cpu(desc->next_desc),
- TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
+static void ahash_free_desc_list_from(struct ahash_request *areq,
+ struct talitos_edesc *edesc)
+{
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+ struct talitos_edesc *tmp;
+
+ list_for_each_entry_safe_from(edesc, tmp, &req_ctx->desc_list, node) {
+ list_del(&edesc->node);
+ kfree(edesc);
+ }
}
static void ahash_done(struct device *dev,
@@ -1776,7 +1842,9 @@ static void ahash_done(struct device *dev,
}
common_nonsnoop_hash_unmap(dev, edesc, areq);
- kfree(edesc);
+ ahash_free_desc_list_from(areq,
+ list_first_entry(&req_ctx->desc_list,
+ struct talitos_edesc, node));
if (err) {
ahash_request_complete(areq, err);
@@ -1892,14 +1960,22 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
talitos_handle_buggy_hash(ctx, edesc, &desc->ptr[3]);
if (is_sec1 && req_ctx->nbuf && length) {
- struct talitos_desc *desc2 = (struct talitos_desc *)
- (edesc->buf + edesc->dma_len);
- dma_addr_t next_desc;
+ struct talitos_edesc *edesc2;
+ struct talitos_desc *desc2;
+
+ edesc2 = kzalloc(sizeof(*edesc2),
+ areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
+ GFP_KERNEL :
+ GFP_ATOMIC);
+ if (!edesc2)
+ return -ENOMEM;
+
+ list_add_tail(&edesc2->node, &req_ctx->desc_list);
+
+ desc2 = &edesc2->desc;
- memset(desc2, 0, sizeof(*desc2));
desc2->hdr = desc->hdr;
desc2->hdr &= ~DESC_HDR_MODE0_MDEU_INIT;
- desc2->hdr1 = desc2->hdr;
desc->hdr &= ~DESC_HDR_MODE0_MDEU_PAD;
desc->hdr |= DESC_HDR_MODE0_MDEU_CONT;
desc->hdr &= ~DESC_HDR_DONE_NOTIFY;
@@ -1923,10 +1999,6 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
req_ctx->hw_context_size,
req_ctx->hw_context,
DMA_FROM_DEVICE);
-
- next_desc = dma_map_single(dev, &desc2->hdr1, TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
- desc->next_desc = cpu_to_be32(next_desc);
}
if (sync_needed)
@@ -2048,6 +2120,9 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
if (IS_ERR(edesc))
return PTR_ERR(edesc);
+ INIT_LIST_HEAD(&req_ctx->desc_list);
+ list_add_tail(&edesc->node, &req_ctx->desc_list);
+
edesc->desc.hdr = ctx->desc_hdr_template;
/* On last one, request SEC to pad; otherwise continue */
diff --git a/drivers/crypto/talitos.h b/drivers/crypto/talitos.h
index 1a93ee355929..ac75c2ddecb9 100644
--- a/drivers/crypto/talitos.h
+++ b/drivers/crypto/talitos.h
@@ -49,6 +49,7 @@ struct talitos_desc {
* @iv_dma: dma address of iv for checking continuity and link table
* @dma_len: length of dma mapped link_tbl space
* @dma_link_tbl: bus physical address of link_tbl/buf
+ * @node: node for descriptor chain (SEC1)
* @desc: h/w descriptor
* @link_tbl: input and output h/w link tables (if {src,dst}_nents > 1) (SEC2)
* @buf: input and output buffeur (if {src,dst}_nents > 1) (SEC1)
@@ -63,6 +64,7 @@ struct talitos_edesc {
dma_addr_t iv_dma;
int dma_len;
dma_addr_t dma_link_tbl;
+ struct list_head node;
struct talitos_desc desc;
union {
DECLARE_FLEX_ARRAY(struct talitos_ptr, link_tbl);
@@ -72,12 +74,14 @@ struct talitos_edesc {
/**
* talitos_request - descriptor submission request
+ * @desc_chain: descriptor chain list (SEC1)
* @desc: descriptor pointer (kernel virtual)
* @dma_desc: descriptor's physical bus address
* @callback: whom to call when descriptor processing is done
* @context: caller context (optional)
*/
struct talitos_request {
+ struct list_head *desc_chain;
struct talitos_desc *desc;
dma_addr_t dma_desc;
void (*callback) (struct device *dev, struct talitos_desc *desc,
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 03/12] crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
2026-05-05 17:53 ` [PATCH v2 01/12] crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header Paul Louvel
2026-05-05 17:53 ` [PATCH v2 02/12] crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1 Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 04/12] crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function Paul Louvel
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Previously added code to flush_channel() in order to unmap an entire
descriptor.
Move that code into a standalone function to improve readability.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 42 ++++++++++++++++++++++++------------------
1 file changed, 24 insertions(+), 18 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index d68d307c54f7..e26689bf7c9d 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -380,6 +380,29 @@ static __be32 get_request_hdr(struct device *dev, struct talitos_request *reques
return desc->hdr1;
}
+static void dma_unmap_request(struct device *dev,
+ struct talitos_request *request, bool is_sec1)
+{
+ struct talitos_edesc *edesc;
+
+ if (is_sec1) {
+ dma_unmap_single(dev, request->dma_desc, TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ if (!edesc->desc.next_desc)
+ break;
+
+ dma_unmap_single(dev,
+ be32_to_cpu(edesc->desc.next_desc),
+ TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
+ }
+ } else {
+ dma_unmap_single(dev, request->dma_desc, TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+ }
+}
+
/*
* process what was done, notify callback of error if not
*/
@@ -387,7 +410,6 @@ static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
{
struct talitos_private *priv = dev_get_drvdata(dev);
struct talitos_request *request, saved_req;
- struct talitos_edesc *edesc;
unsigned long flags;
int tail, status;
bool is_sec1 = has_ftr_sec1(priv);
@@ -412,23 +434,7 @@ static void flush_channel(struct device *dev, int ch, int error, int reset_ch)
else
status = error;
- if (is_sec1) {
- dma_unmap_single(dev, request->dma_desc,
- TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
-
- list_for_each_entry(edesc, request->desc_chain, node) {
- if (!edesc->desc.next_desc)
- break;
-
- dma_unmap_single(
- dev, be32_to_cpu(edesc->desc.next_desc),
- TALITOS_DESC_SIZE, DMA_BIDIRECTIONAL);
- }
- } else {
- dma_unmap_single(dev, request->dma_desc,
- TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
- }
+ dma_unmap_request(dev, request, is_sec1);
/* copy entries so we can call callback outside lock */
saved_req.desc = request->desc;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 04/12] crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (2 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 03/12] crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 05/12] crypto: talitos - move code in current_desc_hdr() into a standalone function Paul Louvel
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Previously added code to talitos_submit() in order to map an entire
descriptor chain.
Move that code into a standalone function to improve readability.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 79 ++++++++++++++++++++++++++----------------------
1 file changed, 43 insertions(+), 36 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index e26689bf7c9d..3b1d8e34e86e 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -256,6 +256,48 @@ static int init_device(struct device *dev)
return 0;
}
+static void dma_map_request(struct device *dev, struct talitos_request *request,
+ struct talitos_desc *desc, bool is_sec1)
+{
+ struct talitos_edesc *edesc =
+ container_of(desc, struct talitos_edesc, desc);
+ dma_addr_t dma_desc, prev_dma_desc;
+ struct talitos_edesc *prev_edesc = NULL;
+
+ if (is_sec1) {
+ request->desc_chain = edesc->node.prev;
+
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ edesc->desc.hdr1 = edesc->desc.hdr;
+
+ dma_desc = dma_map_single(dev, &edesc->desc.hdr1,
+ TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+
+ if (!prev_edesc) {
+ request->dma_desc = dma_desc;
+ goto next;
+ }
+
+ /* Chain in any previous descriptors. */
+
+ prev_edesc->desc.next_desc = cpu_to_be32(dma_desc);
+
+ dma_sync_single_for_device(dev, prev_dma_desc,
+ TALITOS_DESC_SIZE,
+ DMA_TO_DEVICE);
+
+next:
+ prev_edesc = edesc;
+ prev_dma_desc = dma_desc;
+ }
+ } else {
+ request->dma_desc = dma_map_single(dev, desc, TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+ request->desc_chain = NULL;
+ }
+}
+
/**
* talitos_submit - submits a descriptor to the device for processing
* @dev: the SEC device to be used
@@ -274,10 +316,7 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
void *context, int error),
void *context)
{
- struct talitos_edesc *edesc = container_of(desc, struct talitos_edesc, desc);
struct talitos_private *priv = dev_get_drvdata(dev);
- dma_addr_t dma_desc, prev_dma_desc;
- struct talitos_edesc *prev_edesc = NULL;
struct talitos_request *request;
unsigned long flags;
int head;
@@ -295,39 +334,7 @@ static int talitos_submit(struct device *dev, int ch, struct talitos_desc *desc,
request = &priv->chan[ch].fifo[head];
/* map descriptor and save caller data */
- if (is_sec1) {
- request->desc_chain = edesc->node.prev;
-
- list_for_each_entry(edesc, request->desc_chain, node) {
- edesc->desc.hdr1 = edesc->desc.hdr;
-
- dma_desc = dma_map_single(dev, &edesc->desc.hdr1,
- TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
-
- if (!prev_edesc) {
- request->dma_desc = dma_desc;
- goto next;
- }
-
- /* Chain in any previous descriptors. */
-
- prev_edesc->desc.next_desc = cpu_to_be32(dma_desc);
-
- dma_sync_single_for_device(dev, prev_dma_desc,
- TALITOS_DESC_SIZE,
- DMA_TO_DEVICE);
-
-next:
- prev_edesc = edesc;
- prev_dma_desc = dma_desc;
- }
- } else {
- request->dma_desc = dma_map_single(dev, desc,
- TALITOS_DESC_SIZE,
- DMA_BIDIRECTIONAL);
- request->desc_chain = NULL;
- }
+ dma_map_request(dev, request, desc, is_sec1);
request->callback = callback;
request->context = context;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 05/12] crypto: talitos - move code in current_desc_hdr() into a standalone function
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (3 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 04/12] crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 06/12] crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor Paul Louvel
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Previously added code in current_desc_hdr() in order to add support for
searching an offending descriptor inside a descriptor chain.
Move that code into a standalone function to improve readability.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 3b1d8e34e86e..376e21e06056 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -530,6 +530,23 @@ DEF_TALITOS2_DONE(ch0, TALITOS2_ISR_CH_0_DONE)
DEF_TALITOS2_DONE(ch0_2, TALITOS2_ISR_CH_0_2_DONE)
DEF_TALITOS2_DONE(ch1_3, TALITOS2_ISR_CH_1_3_DONE)
+static __be32 search_desc_hdr_in_request(struct talitos_request *request,
+ dma_addr_t cur_desc, bool is_sec1)
+{
+ struct talitos_edesc *edesc;
+
+ if (request->dma_desc == cur_desc) {
+ return request->desc->hdr;
+ } else if (is_sec1) {
+ list_for_each_entry(edesc, request->desc_chain, node) {
+ if (edesc->desc.next_desc == cpu_to_be32(cur_desc))
+ return list_next_entry(edesc, node)->desc.hdr;
+ }
+ }
+
+ return 0;
+}
+
/*
* locate current (offending) descriptor
*/
@@ -538,7 +555,6 @@ static __be32 current_desc_hdr(struct device *dev, int ch)
struct talitos_private *priv = dev_get_drvdata(dev);
bool is_sec1 = has_ftr_sec1(priv);
struct talitos_request *request;
- struct talitos_edesc *edesc;
int tail, iter;
dma_addr_t cur_desc;
__be32 hdr = 0;
@@ -556,17 +572,7 @@ static __be32 current_desc_hdr(struct device *dev, int ch)
do {
request = &priv->chan[ch].fifo[iter];
- if (request->dma_desc == cur_desc) {
- hdr = request->desc->hdr;
- } else if (is_sec1) {
- list_for_each_entry(edesc, request->desc_chain, node) {
- if (edesc->desc.next_desc ==
- cpu_to_be32(cur_desc))
- hdr = list_next_entry(edesc, node)
- ->desc.hdr;
- }
- }
-
+ hdr = search_desc_hdr_in_request(request, cur_desc, is_sec1);
if (hdr)
break;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 06/12] crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (4 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 05/12] crypto: talitos - move code in current_desc_hdr() into a standalone function Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 07/12] crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue Paul Louvel
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Currently, when SEC1 has buffered data (nbuf != 0), the ahash code
creates an additional descriptor on the fly inside
common_nonsnoop_hash() to handle the remainder of the data. This
approach is incompatible with the arbitrary-length descriptor chaining
that follows.
Remove the "additional descriptor" logic from common_nonsnoop_hash()
and common_nonsnoop_hash_unmap().
Also remove the nbytes adjustment for SEC1 in ahash_edesc_alloc()
that subtracted nbuf.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 100 +++--------------------------------------------
1 file changed, 6 insertions(+), 94 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 376e21e06056..1f47424b93c7 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1800,15 +1800,9 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
struct talitos_private *priv = dev_get_drvdata(dev);
bool is_sec1 = has_ftr_sec1(priv);
struct talitos_desc *desc = &edesc->desc;
- struct talitos_desc *desc2;
-
- if (desc->next_desc)
- desc2 = &list_next_entry(edesc, node)->desc;
unmap_single_talitos_ptr(dev, &desc->ptr[5], DMA_FROM_DEVICE);
- if (desc->next_desc &&
- desc->ptr[5].ptr != desc2->ptr[5].ptr)
- unmap_single_talitos_ptr(dev, &desc2->ptr[5], DMA_FROM_DEVICE);
+
if (req_ctx->last_desc)
memcpy(areq->result, req_ctx->hw_context,
crypto_ahash_digestsize(tfm));
@@ -1820,13 +1814,6 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
if (from_talitos_ptr_len(&desc->ptr[1], is_sec1))
unmap_single_talitos_ptr(dev, &desc->ptr[1],
DMA_TO_DEVICE);
- else if (desc->next_desc)
- unmap_single_talitos_ptr(dev, &desc2->ptr[1],
- DMA_TO_DEVICE);
-
- if (is_sec1 && req_ctx->nbuf)
- unmap_single_talitos_ptr(dev, &desc->ptr[3],
- DMA_TO_DEVICE);
if (edesc->dma_len)
dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
@@ -1937,9 +1924,6 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
to_talitos_ptr(&desc->ptr[2], ctx->dma_key, ctx->keylen,
is_sec1);
- if (is_sec1 && req_ctx->nbuf)
- length -= req_ctx->nbuf;
-
sg_count = edesc->src_nents ?: 1;
if (is_sec1 && sg_count > 1)
sg_copy_to_buffer(req_ctx->psrc, sg_count, edesc->buf, length);
@@ -1949,16 +1933,10 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
/*
* data in
*/
- if (is_sec1 && req_ctx->nbuf) {
- map_single_talitos_ptr(dev, &desc->ptr[3], req_ctx->nbuf,
- req_ctx->buf[req_ctx->buf_idx],
- DMA_TO_DEVICE);
- } else {
- sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
- &desc->ptr[3], sg_count, 0, 0);
- if (sg_count > 1)
- sync_needed = true;
- }
+ sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
+ &desc->ptr[3], sg_count, 0, 0);
+ if (sg_count > 1)
+ sync_needed = true;
/* fifth DWORD empty */
@@ -1978,48 +1956,6 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
if (is_sec1 && from_talitos_ptr_len(&desc->ptr[3], true) == 0)
talitos_handle_buggy_hash(ctx, edesc, &desc->ptr[3]);
- if (is_sec1 && req_ctx->nbuf && length) {
- struct talitos_edesc *edesc2;
- struct talitos_desc *desc2;
-
- edesc2 = kzalloc(sizeof(*edesc2),
- areq->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
- GFP_KERNEL :
- GFP_ATOMIC);
- if (!edesc2)
- return -ENOMEM;
-
- list_add_tail(&edesc2->node, &req_ctx->desc_list);
-
- desc2 = &edesc2->desc;
-
- desc2->hdr = desc->hdr;
- desc2->hdr &= ~DESC_HDR_MODE0_MDEU_INIT;
- desc->hdr &= ~DESC_HDR_MODE0_MDEU_PAD;
- desc->hdr |= DESC_HDR_MODE0_MDEU_CONT;
- desc->hdr &= ~DESC_HDR_DONE_NOTIFY;
-
- if (desc->ptr[1].ptr)
- copy_talitos_ptr(&desc2->ptr[1], &desc->ptr[1],
- is_sec1);
- else
- map_single_talitos_ptr_nosync(dev, &desc2->ptr[1],
- req_ctx->hw_context_size,
- req_ctx->hw_context,
- DMA_TO_DEVICE);
- copy_talitos_ptr(&desc2->ptr[2], &desc->ptr[2], is_sec1);
- sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
- &desc2->ptr[3], sg_count, 0, 0);
- if (sg_count > 1)
- sync_needed = true;
- copy_talitos_ptr(&desc2->ptr[5], &desc->ptr[5], is_sec1);
- if (req_ctx->last_desc)
- map_single_talitos_ptr_nosync(dev, &desc->ptr[5],
- req_ctx->hw_context_size,
- req_ctx->hw_context,
- DMA_FROM_DEVICE);
- }
-
if (sync_needed)
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
edesc->dma_len, DMA_BIDIRECTIONAL);
@@ -2038,11 +1974,6 @@ static struct talitos_edesc *ahash_edesc_alloc(struct ahash_request *areq,
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
- struct talitos_private *priv = dev_get_drvdata(ctx->dev);
- bool is_sec1 = has_ftr_sec1(priv);
-
- if (is_sec1)
- nbytes -= req_ctx->nbuf;
return talitos_edesc_alloc(ctx->dev, req_ctx->psrc, NULL, NULL, 0,
nbytes, 0, 0, 0, areq->base.flags, false);
@@ -2061,8 +1992,6 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
unsigned int nsg;
int nents;
struct device *dev = ctx->dev;
- struct talitos_private *priv = dev_get_drvdata(dev);
- bool is_sec1 = has_ftr_sec1(priv);
u8 *ctx_buf = req_ctx->buf[req_ctx->buf_idx];
if (!req_ctx->last_desc && (nbytes + req_ctx->nbuf <= blocksize)) {
@@ -2094,30 +2023,13 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
}
/* Chain in any previously buffered data */
- if (!is_sec1 && req_ctx->nbuf) {
+ if (req_ctx->nbuf) {
nsg = (req_ctx->nbuf < nbytes_to_hash) ? 2 : 1;
sg_init_table(req_ctx->bufsl, nsg);
sg_set_buf(req_ctx->bufsl, ctx_buf, req_ctx->nbuf);
if (nsg > 1)
sg_chain(req_ctx->bufsl, 2, req_ctx->request_sl);
req_ctx->psrc = req_ctx->bufsl;
- } else if (is_sec1 && req_ctx->nbuf && req_ctx->nbuf < blocksize) {
- int offset;
-
- if (nbytes_to_hash > blocksize)
- offset = blocksize - req_ctx->nbuf;
- else
- offset = nbytes_to_hash - req_ctx->nbuf;
- nents = sg_nents_for_len(req_ctx->request_sl, offset);
- if (nents < 0) {
- dev_err(dev, "Invalid number of src SG.\n");
- return nents;
- }
- sg_copy_to_buffer(req_ctx->request_sl, nents,
- ctx_buf + req_ctx->nbuf, offset);
- req_ctx->nbuf += offset;
- req_ctx->psrc = scatterwalk_ffwd(req_ctx->bufsl, req_ctx->request_sl,
- offset);
} else
req_ctx->psrc = req_ctx->request_sl;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 07/12] crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (5 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 06/12] crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 08/12] crypto: talitos/hash - drop workqueue mechanism for SEC1 Paul Louvel
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Rework the SEC1 ahash implementation to build a chain of hardware
descriptors, replacing the previous approach of submitting one
descriptor at a time via a workqueue, introduced by commit 655ef638a2bc
("crypto: talitos - fix SEC1 32k ahash request limitation").
Introduce ahash_process_req_prepare() which iterates over the request
data, allocating enough descriptors to cover the entire ahash request.
The new fields (bufsl, src, first, last) are added to talitos_edesc for
this purpose.
common_nonsnoop_hash() no longer calls talitos_submit(); it only
maps and sets up the descriptor. Submission is now done by the caller
after the chain is built.
ahash_free_desc_list_from() takes over calling
common_nonsnoop_hash_unmap() for each descriptor during cleanup.
Compared to the workqueue based solution, request are slightly faster
since there is no more scheduling latency induced by the workqueue, and
only one interrupt is generated by the device at the end of a chain.
Commit 655ef638a2bc ("crypto: talitos - fix SEC1 32k ahash request
limitation") :
$ /usr/libexec/libkcapi/sha256sum ./test_5M.bin
013c5609d63c... ./test_5M.bin
real 0m 0.41s
user 0m 0.01s
sys 0m 0.07s
Now :
$ /usr/libexec/libkcapi/sha256sum ./test_5M.bin
013c5609d63c... ./test_5M.bin
real 0m 0.37s
user 0m 0.00s
sys 0m 0.20s
Tested on a system with an MPC885 SoC featuring the SEC1 Lite.
The increase in sys time is due to the fact that commit 37b5e8897eb5
("crypto: talitos - chain in buffered data for ahash on SEC1") can no
longer be applied.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 168 ++++++++++++++++++++++++++++++-----------------
drivers/crypto/talitos.h | 10 +++
2 files changed, 118 insertions(+), 60 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 1f47424b93c7..450f81fc0137 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1803,12 +1803,13 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
unmap_single_talitos_ptr(dev, &desc->ptr[5], DMA_FROM_DEVICE);
- if (req_ctx->last_desc)
+ if (edesc->last && req_ctx->last_request)
memcpy(areq->result, req_ctx->hw_context,
crypto_ahash_digestsize(tfm));
- if (req_ctx->psrc)
- talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0);
+ if (edesc->src)
+ talitos_sg_unmap(dev, edesc, edesc->src, NULL, 0, 0);
+
/* When using hashctx-in, must unmap it. */
if (from_talitos_ptr_len(&desc->ptr[1], is_sec1))
@@ -1823,11 +1824,13 @@ static void common_nonsnoop_hash_unmap(struct device *dev,
static void ahash_free_desc_list_from(struct ahash_request *areq,
struct talitos_edesc *edesc)
{
+ struct talitos_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
struct talitos_edesc *tmp;
list_for_each_entry_safe_from(edesc, tmp, &req_ctx->desc_list, node) {
list_del(&edesc->node);
+ common_nonsnoop_hash_unmap(ctx->dev, edesc, areq);
kfree(edesc);
}
}
@@ -1837,8 +1840,6 @@ static void ahash_done(struct device *dev,
int err)
{
struct ahash_request *areq = context;
- struct talitos_edesc *edesc =
- container_of(desc, struct talitos_edesc, desc);
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
if (!req_ctx->last_desc && req_ctx->to_hash_later) {
@@ -1846,16 +1847,14 @@ static void ahash_done(struct device *dev,
req_ctx->buf_idx = (req_ctx->buf_idx + 1) & 1;
req_ctx->nbuf = req_ctx->to_hash_later;
}
- common_nonsnoop_hash_unmap(dev, edesc, areq);
ahash_free_desc_list_from(areq,
list_first_entry(&req_ctx->desc_list,
struct talitos_edesc, node));
- if (err) {
- ahash_request_complete(areq, err);
- return;
- }
+ ahash_request_complete(areq, err);
+
+ return;
req_ctx->remaining_ahash_request_bytes -=
req_ctx->current_ahash_request_bytes;
@@ -1889,18 +1888,15 @@ static void talitos_handle_buggy_hash(struct talitos_ctx *ctx,
(char *)padded_hash, DMA_TO_DEVICE);
}
-static int common_nonsnoop_hash(struct talitos_edesc *edesc,
- struct ahash_request *areq, unsigned int length,
- void (*callback) (struct device *dev,
- struct talitos_desc *desc,
- void *context, int error))
+static void common_nonsnoop_hash(struct talitos_edesc *edesc,
+ struct ahash_request *areq,
+ unsigned int length)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
struct device *dev = ctx->dev;
struct talitos_desc *desc = &edesc->desc;
- int ret;
bool sync_needed = false;
struct talitos_private *priv = dev_get_drvdata(dev);
bool is_sec1 = has_ftr_sec1(priv);
@@ -1909,7 +1905,7 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
/* first DWORD empty */
/* hash context in */
- if (!req_ctx->first_desc || req_ctx->swinit) {
+ if (!edesc->first || !req_ctx->first_desc || req_ctx->swinit) {
map_single_talitos_ptr_nosync(dev, &desc->ptr[1],
req_ctx->hw_context_size,
req_ctx->hw_context,
@@ -1926,22 +1922,22 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
sg_count = edesc->src_nents ?: 1;
if (is_sec1 && sg_count > 1)
- sg_copy_to_buffer(req_ctx->psrc, sg_count, edesc->buf, length);
+ sg_copy_to_buffer(edesc->src, sg_count, edesc->buf, length);
else if (length)
- sg_count = dma_map_sg(dev, req_ctx->psrc, sg_count,
- DMA_TO_DEVICE);
+ sg_count = dma_map_sg(dev, edesc->src, sg_count, DMA_TO_DEVICE);
+
/*
* data in
*/
- sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
- &desc->ptr[3], sg_count, 0, 0);
+ sg_count = talitos_sg_map(dev, edesc->src, length, edesc, &desc->ptr[3],
+ sg_count, 0, 0);
if (sg_count > 1)
sync_needed = true;
/* fifth DWORD empty */
/* hash/HMAC out -or- hash context out */
- if (req_ctx->last_desc)
+ if (edesc->last && req_ctx->last_request)
map_single_talitos_ptr(dev, &desc->ptr[5],
crypto_ahash_digestsize(tfm),
req_ctx->hw_context, DMA_FROM_DEVICE);
@@ -1959,26 +1955,91 @@ static int common_nonsnoop_hash(struct talitos_edesc *edesc,
if (sync_needed)
dma_sync_single_for_device(dev, edesc->dma_link_tbl,
edesc->dma_len, DMA_BIDIRECTIONAL);
-
- ret = talitos_submit(dev, ctx->ch, desc, callback, areq);
- if (ret != -EINPROGRESS) {
- common_nonsnoop_hash_unmap(dev, edesc, areq);
- kfree(edesc);
- }
- return ret;
}
static struct talitos_edesc *ahash_edesc_alloc(struct ahash_request *areq,
+ struct scatterlist *src,
unsigned int nbytes)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
- struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
- return talitos_edesc_alloc(ctx->dev, req_ctx->psrc, NULL, NULL, 0,
+ return talitos_edesc_alloc(ctx->dev, src, NULL, NULL, 0,
nbytes, 0, 0, 0, areq->base.flags, false);
}
+static int ahash_process_req_prepare(struct ahash_request *areq,
+ unsigned int nbytes,
+ unsigned int blocksize, bool is_sec1)
+{
+ struct talitos_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+ size_t desc_max = is_sec1 ? TALITOS1_MAX_DATA_LEN : SIZE_MAX;
+ struct talitos_edesc *edesc;
+ struct scatterlist tmp[2];
+ size_t to_hash_this_desc;
+ struct scatterlist *src;
+ size_t offset = 0;
+
+ INIT_LIST_HEAD(&req_ctx->desc_list);
+ do {
+ src = scatterwalk_ffwd(tmp, req_ctx->psrc, offset);
+
+ to_hash_this_desc =
+ min(nbytes, ALIGN_DOWN(desc_max, blocksize));
+
+ /* Allocate extended descriptor */
+ edesc = ahash_edesc_alloc(areq, src, to_hash_this_desc);
+ if (IS_ERR(edesc)) {
+ if (!list_empty(&req_ctx->desc_list)) {
+ edesc = list_first_entry(&req_ctx->desc_list,
+ struct talitos_edesc,
+ node);
+ ahash_free_desc_list_from(areq, edesc);
+ }
+
+ return PTR_ERR(edesc);
+ }
+
+ edesc->src =
+ scatterwalk_ffwd(edesc->bufsl, req_ctx->psrc, offset);
+ edesc->desc.hdr = ctx->desc_hdr_template;
+ edesc->first = offset == 0;
+ edesc->last = nbytes - to_hash_this_desc == 0;
+
+ /* On last one, request SEC to pad; otherwise continue */
+ if (req_ctx->last_request && edesc->last)
+ edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_PAD;
+ else
+ edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_CONT;
+
+ /* request SEC to INIT hash. */
+ if (req_ctx->first_desc && edesc->first && !req_ctx->swinit)
+ edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT;
+
+ /*
+ * When the tfm context has a keylen, it's an HMAC.
+ * A first or last (ie. not middle) descriptor must request HMAC.
+ */
+ if (ctx->keylen && ((req_ctx->first_desc && edesc->first) ||
+ (req_ctx->last_request && edesc->last)))
+ edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_HMAC;
+
+ /* clear the DN bit */
+ if (is_sec1 && !edesc->last)
+ edesc->desc.hdr &= ~DESC_HDR_DONE_NOTIFY;
+
+ list_add_tail(&edesc->node, &req_ctx->desc_list);
+
+ common_nonsnoop_hash(edesc, areq, to_hash_this_desc);
+
+ offset += to_hash_this_desc;
+ nbytes -= to_hash_this_desc;
+ } while (nbytes);
+
+ return 0;
+}
+
static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
@@ -1987,14 +2048,16 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
struct talitos_edesc *edesc;
unsigned int blocksize =
crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
+ bool is_sec1 = has_ftr_sec1(dev_get_drvdata(ctx->dev));
unsigned int nbytes_to_hash;
unsigned int to_hash_later;
unsigned int nsg;
int nents;
struct device *dev = ctx->dev;
u8 *ctx_buf = req_ctx->buf[req_ctx->buf_idx];
+ int ret;
- if (!req_ctx->last_desc && (nbytes + req_ctx->nbuf <= blocksize)) {
+ if (!req_ctx->last_request && (nbytes + req_ctx->nbuf <= blocksize)) {
/* Buffer up to one whole block */
nents = sg_nents_for_len(req_ctx->request_sl, nbytes);
if (nents < 0) {
@@ -2011,7 +2074,7 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
nbytes_to_hash = nbytes + req_ctx->nbuf;
to_hash_later = nbytes_to_hash & (blocksize - 1);
- if (req_ctx->last_desc)
+ if (req_ctx->last_request)
to_hash_later = 0;
else if (to_hash_later)
/* There is a partial block. Hash the full block(s) now */
@@ -2046,33 +2109,19 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
}
req_ctx->to_hash_later = to_hash_later;
- /* Allocate extended descriptor */
- edesc = ahash_edesc_alloc(req_ctx->areq, nbytes_to_hash);
- if (IS_ERR(edesc))
- return PTR_ERR(edesc);
-
- INIT_LIST_HEAD(&req_ctx->desc_list);
- list_add_tail(&edesc->node, &req_ctx->desc_list);
-
- edesc->desc.hdr = ctx->desc_hdr_template;
-
- /* On last one, request SEC to pad; otherwise continue */
- if (req_ctx->last_desc)
- edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_PAD;
- else
- edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_CONT;
+ ret = ahash_process_req_prepare(areq, nbytes_to_hash, blocksize,
+ is_sec1);
+ if (ret)
+ return ret;
- /* request SEC to INIT hash. */
- if (req_ctx->first_desc && !req_ctx->swinit)
- edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT;
+ edesc = list_first_entry(&req_ctx->desc_list, struct talitos_edesc,
+ node);
- /* When the tfm context has a keylen, it's an HMAC.
- * A first or last (ie. not middle) descriptor must request HMAC.
- */
- if (ctx->keylen && (req_ctx->first_desc || req_ctx->last_desc))
- edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_HMAC;
+ ret = talitos_submit(dev, ctx->ch, &edesc->desc, ahash_done, areq);
+ if (ret != -EINPROGRESS)
+ ahash_free_desc_list_from(areq, edesc);
- return common_nonsnoop_hash(edesc, req_ctx->areq, nbytes_to_hash, ahash_done);
+ return ret;
}
static void sec1_ahash_process_remaining(struct work_struct *work)
@@ -2124,8 +2173,7 @@ static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
req_ctx->current_ahash_request_bytes = nbytes;
- return ahash_process_req_one(req_ctx->areq,
- req_ctx->current_ahash_request_bytes);
+ return ahash_process_req_one(req_ctx->areq, areq->nbytes);
}
static int ahash_init(struct ahash_request *areq)
diff --git a/drivers/crypto/talitos.h b/drivers/crypto/talitos.h
index ac75c2ddecb9..efba34458b12 100644
--- a/drivers/crypto/talitos.h
+++ b/drivers/crypto/talitos.h
@@ -44,6 +44,11 @@ struct talitos_desc {
/*
* talitos_edesc - s/w-extended descriptor
+ * @bufsl: scatterlist buffer
+ * @src: pointer to input scatterlist
+ * @first: first descriptor of a chain
+ * @last: last descriptor of a chain
+ *
* @src_nents: number of segments in input scatterlist
* @dst_nents: number of segments in output scatterlist
* @iv_dma: dma address of iv for checking continuity and link table
@@ -59,6 +64,11 @@ struct talitos_desc {
* of link_tbl data
*/
struct talitos_edesc {
+ struct scatterlist bufsl[2];
+ struct scatterlist *src;
+ int first;
+ int last;
+
int src_nents;
int dst_nents;
dma_addr_t iv_dma;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 08/12] crypto: talitos/hash - drop workqueue mechanism for SEC1
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (6 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 07/12] crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 09/12] crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request Paul Louvel
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
Now that SEC1 hash uses hardware descriptor chaining instead of a
workqueue to process requests exceeding TALITOS1_MAX_DATA_LEN, the
workqueue code is no longer needed.
Remove sec1_ahash_process_remaining(), the related fields from
talitos_ahash_req_ctx (request_bufsl, areq, request_sl,
remaining_ahash_request_bytes, current_ahash_request_bytes,
sec1_ahash_process_remaining), the dead code in ahash_done(), and
simplify ahash_process_req() to call ahash_process_req_one() directly
with the original areq->src and areq->nbytes.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 81 +++++-------------------------------------------
1 file changed, 7 insertions(+), 74 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 450f81fc0137..43c07d86f84c 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -962,13 +962,6 @@ struct talitos_ahash_req_ctx {
struct scatterlist bufsl[2];
struct scatterlist *psrc;
struct list_head desc_list;
-
- struct scatterlist request_bufsl[2];
- struct ahash_request *areq;
- struct scatterlist *request_sl;
- unsigned int remaining_ahash_request_bytes;
- unsigned int current_ahash_request_bytes;
- struct work_struct sec1_ahash_process_remaining;
};
struct talitos_export_state {
@@ -1853,18 +1846,6 @@ static void ahash_done(struct device *dev,
struct talitos_edesc, node));
ahash_request_complete(areq, err);
-
- return;
-
- req_ctx->remaining_ahash_request_bytes -=
- req_ctx->current_ahash_request_bytes;
-
- if (!req_ctx->remaining_ahash_request_bytes) {
- ahash_request_complete(areq, 0);
- return;
- }
-
- schedule_work(&req_ctx->sec1_ahash_process_remaining);
}
/*
@@ -2059,12 +2040,12 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
if (!req_ctx->last_request && (nbytes + req_ctx->nbuf <= blocksize)) {
/* Buffer up to one whole block */
- nents = sg_nents_for_len(req_ctx->request_sl, nbytes);
+ nents = sg_nents_for_len(areq->src, nbytes);
if (nents < 0) {
dev_err(dev, "Invalid number of src SG.\n");
return nents;
}
- sg_copy_to_buffer(req_ctx->request_sl, nents,
+ sg_copy_to_buffer(areq->src, nents,
ctx_buf + req_ctx->nbuf, nbytes);
req_ctx->nbuf += nbytes;
return 0;
@@ -2091,18 +2072,18 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
sg_init_table(req_ctx->bufsl, nsg);
sg_set_buf(req_ctx->bufsl, ctx_buf, req_ctx->nbuf);
if (nsg > 1)
- sg_chain(req_ctx->bufsl, 2, req_ctx->request_sl);
+ sg_chain(req_ctx->bufsl, 2, areq->src);
req_ctx->psrc = req_ctx->bufsl;
} else
- req_ctx->psrc = req_ctx->request_sl;
+ req_ctx->psrc = areq->src;
if (to_hash_later) {
- nents = sg_nents_for_len(req_ctx->request_sl, nbytes);
+ nents = sg_nents_for_len(areq->src, nbytes);
if (nents < 0) {
dev_err(dev, "Invalid number of src SG.\n");
return nents;
}
- sg_pcopy_to_buffer(req_ctx->request_sl, nents,
+ sg_pcopy_to_buffer(areq->src, nents,
req_ctx->buf[(req_ctx->buf_idx + 1) & 1],
to_hash_later,
nbytes - to_hash_later);
@@ -2124,56 +2105,9 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
return ret;
}
-static void sec1_ahash_process_remaining(struct work_struct *work)
-{
- struct talitos_ahash_req_ctx *req_ctx =
- container_of(work, struct talitos_ahash_req_ctx,
- sec1_ahash_process_remaining);
- int err = 0;
-
- req_ctx->request_sl = scatterwalk_ffwd(req_ctx->request_bufsl,
- req_ctx->request_sl, TALITOS1_MAX_DATA_LEN);
-
- if (req_ctx->remaining_ahash_request_bytes > TALITOS1_MAX_DATA_LEN)
- req_ctx->current_ahash_request_bytes = TALITOS1_MAX_DATA_LEN;
- else {
- req_ctx->current_ahash_request_bytes =
- req_ctx->remaining_ahash_request_bytes;
-
- if (req_ctx->last_request)
- req_ctx->last_desc = 1;
- }
-
- err = ahash_process_req_one(req_ctx->areq,
- req_ctx->current_ahash_request_bytes);
-
- if (err != -EINPROGRESS)
- ahash_request_complete(req_ctx->areq, err);
-}
-
static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
{
- struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
- struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
- struct device *dev = ctx->dev;
- struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
- struct talitos_private *priv = dev_get_drvdata(dev);
- bool is_sec1 = has_ftr_sec1(priv);
-
- req_ctx->areq = areq;
- req_ctx->request_sl = areq->src;
- req_ctx->remaining_ahash_request_bytes = nbytes;
-
- if (is_sec1) {
- if (nbytes > TALITOS1_MAX_DATA_LEN)
- nbytes = TALITOS1_MAX_DATA_LEN;
- else if (req_ctx->last_request)
- req_ctx->last_desc = 1;
- }
-
- req_ctx->current_ahash_request_bytes = nbytes;
-
- return ahash_process_req_one(req_ctx->areq, areq->nbytes);
+ return ahash_process_req_one(areq, nbytes);
}
static int ahash_init(struct ahash_request *areq)
@@ -2196,7 +2130,6 @@ static int ahash_init(struct ahash_request *areq)
req_ctx->hw_context_size = size;
req_ctx->last_request = 0;
req_ctx->last_desc = 0;
- INIT_WORK(&req_ctx->sec1_ahash_process_remaining, sec1_ahash_process_remaining);
dma = dma_map_single(dev, req_ctx->hw_context, req_ctx->hw_context_size,
DMA_TO_DEVICE);
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 09/12] crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (7 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 08/12] crypto: talitos/hash - drop workqueue mechanism for SEC1 Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 10/12] crypto: talitos/hash - remove useless wrapper Paul Louvel
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
In talitos_ahash_req_ctx and talitos_export_state, the fields
first_desc and last_desc describe request-level (not descriptor-level)
state. Rename them to first_request and last_request for clarity.
last_desc is also removed from talitos_ahash_req_ctx as it is no
longer used.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 28 +++++++++++++---------------
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 43c07d86f84c..4fad4e862405 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -954,8 +954,7 @@ struct talitos_ahash_req_ctx {
u8 buf[2][HASH_MAX_BLOCK_SIZE];
int buf_idx;
unsigned int swinit;
- unsigned int first_desc;
- unsigned int last_desc;
+ unsigned int first_request;
unsigned int last_request;
unsigned int to_hash_later;
unsigned int nbuf;
@@ -968,8 +967,8 @@ struct talitos_export_state {
u32 hw_context[TALITOS_MDEU_MAX_CONTEXT_SIZE / sizeof(u32)];
u8 buf[HASH_MAX_BLOCK_SIZE];
unsigned int swinit;
- unsigned int first_desc;
- unsigned int last_desc;
+ unsigned int first_request;
+ unsigned int last_request;
unsigned int to_hash_later;
unsigned int nbuf;
};
@@ -1835,7 +1834,7 @@ static void ahash_done(struct device *dev,
struct ahash_request *areq = context;
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
- if (!req_ctx->last_desc && req_ctx->to_hash_later) {
+ if (!req_ctx->last_request && req_ctx->to_hash_later) {
/* Position any partial block for next update/final/finup */
req_ctx->buf_idx = (req_ctx->buf_idx + 1) & 1;
req_ctx->nbuf = req_ctx->to_hash_later;
@@ -1886,7 +1885,7 @@ static void common_nonsnoop_hash(struct talitos_edesc *edesc,
/* first DWORD empty */
/* hash context in */
- if (!edesc->first || !req_ctx->first_desc || req_ctx->swinit) {
+ if (!edesc->first || !req_ctx->first_request || req_ctx->swinit) {
map_single_talitos_ptr_nosync(dev, &desc->ptr[1],
req_ctx->hw_context_size,
req_ctx->hw_context,
@@ -1894,7 +1893,7 @@ static void common_nonsnoop_hash(struct talitos_edesc *edesc,
req_ctx->swinit = 0;
}
/* Indicate next op is not the first. */
- req_ctx->first_desc = 0;
+ req_ctx->first_request = 0;
/* HMAC key */
if (ctx->keylen)
@@ -1995,14 +1994,14 @@ static int ahash_process_req_prepare(struct ahash_request *areq,
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_CONT;
/* request SEC to INIT hash. */
- if (req_ctx->first_desc && edesc->first && !req_ctx->swinit)
+ if (req_ctx->first_request && edesc->first && !req_ctx->swinit)
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT;
/*
* When the tfm context has a keylen, it's an HMAC.
* A first or last (ie. not middle) descriptor must request HMAC.
*/
- if (ctx->keylen && ((req_ctx->first_desc && edesc->first) ||
+ if (ctx->keylen && ((req_ctx->first_request && edesc->first) ||
(req_ctx->last_request && edesc->last)))
edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_HMAC;
@@ -2122,14 +2121,13 @@ static int ahash_init(struct ahash_request *areq)
/* Initialize the context */
req_ctx->buf_idx = 0;
req_ctx->nbuf = 0;
- req_ctx->first_desc = 1; /* first_desc indicates h/w must init its context */
+ req_ctx->first_request = 1;
req_ctx->swinit = 0; /* assume h/w init of context */
size = (crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE)
? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
: TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
req_ctx->hw_context_size = size;
req_ctx->last_request = 0;
- req_ctx->last_desc = 0;
dma = dma_map_single(dev, req_ctx->hw_context, req_ctx->hw_context_size,
DMA_TO_DEVICE);
@@ -2221,8 +2219,8 @@ static int ahash_export(struct ahash_request *areq, void *out)
req_ctx->hw_context_size);
memcpy(export->buf, req_ctx->buf[req_ctx->buf_idx], req_ctx->nbuf);
export->swinit = req_ctx->swinit;
- export->first_desc = req_ctx->first_desc;
- export->last_desc = req_ctx->last_desc;
+ export->first_request = req_ctx->first_request;
+ export->last_request = req_ctx->last_request;
export->to_hash_later = req_ctx->to_hash_later;
export->nbuf = req_ctx->nbuf;
@@ -2247,8 +2245,8 @@ static int ahash_import(struct ahash_request *areq, const void *in)
memcpy(req_ctx->hw_context, export->hw_context, size);
memcpy(req_ctx->buf[0], export->buf, export->nbuf);
req_ctx->swinit = export->swinit;
- req_ctx->first_desc = export->first_desc;
- req_ctx->last_desc = export->last_desc;
+ req_ctx->first_request = export->first_request;
+ req_ctx->last_request = export->last_request;
req_ctx->to_hash_later = export->to_hash_later;
req_ctx->nbuf = export->nbuf;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 10/12] crypto: talitos/hash - remove useless wrapper
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (8 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 09/12] crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 11/12] crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation Paul Louvel
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
ahash_process_req() was a wrapper used in commit 655ef638a2bc ("crypto:
talitos - fix SEC1 32k ahash request limitation"). Rename
Cc: stable@vger.kernel.org
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 4fad4e862405..10181f5ee0ec 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -2020,7 +2020,7 @@ static int ahash_process_req_prepare(struct ahash_request *areq,
return 0;
}
-static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes)
+static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
@@ -2104,11 +2104,6 @@ static int ahash_process_req_one(struct ahash_request *areq, unsigned int nbytes
return ret;
}
-static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
-{
- return ahash_process_req_one(areq, nbytes);
-}
-
static int ahash_init(struct ahash_request *areq)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 11/12] crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (9 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 10/12] crypto: talitos/hash - remove useless wrapper Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-05 17:53 ` [PATCH v2 12/12] crypto: talitos - fix invalid submit_count initial value Paul Louvel
2026-05-07 14:40 ` [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
The problem described in commit 655ef638a2bc ("crypto: talitos - fix
SEC1 32k ahash request limitation") also apply for the SEC2 hardware,
but with a limitation of 64k - 1 bytes.
Split ahash_done() into SEC1 and SEC2 paths: SEC1 continues to free the
whole descriptor list at once, while SEC2 now iterates through
descriptors one by one, submitting the next only after the previous
completes, which is required since SEC2 cannot chain descriptors in
hardware.
Cc: stable@vger.kernel.org
Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES")
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 50 ++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 42 insertions(+), 8 deletions(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index 10181f5ee0ec..cdb6823d7038 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1833,18 +1833,51 @@ static void ahash_done(struct device *dev,
{
struct ahash_request *areq = context;
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
+ bool is_sec1 = has_ftr_sec1(dev_get_drvdata(dev));
+ struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
+ struct talitos_edesc *edesc, *next;
+ bool is_last;
+
+ if (is_sec1) {
+ is_last = true;
+ ahash_free_desc_list_from(areq,
+ list_first_entry(&req_ctx->desc_list,
+ struct talitos_edesc, node));
+
+ ahash_request_complete(areq, err);
+ } else {
+ edesc = container_of(desc, struct talitos_edesc, desc);
+ is_last = edesc->last;
+ if (!is_last)
+ next = list_next_entry(edesc, node);
- if (!req_ctx->last_request && req_ctx->to_hash_later) {
+ list_del(&edesc->node);
+ common_nonsnoop_hash_unmap(dev, edesc, areq);
+ kfree(edesc);
+
+ if (err)
+ goto out;
+
+ if (!is_last) {
+ err = talitos_submit(dev, ctx->ch, &next->desc,
+ ahash_done, areq);
+ if (err != -EINPROGRESS)
+ goto out;
+ return;
+ }
+
+out:
+ if (err && !is_last)
+ ahash_free_desc_list_from(areq, next);
+ ahash_request_complete(areq, err);
+ }
+
+ if (!req_ctx->last_request && is_last && req_ctx->to_hash_later) {
/* Position any partial block for next update/final/finup */
req_ctx->buf_idx = (req_ctx->buf_idx + 1) & 1;
req_ctx->nbuf = req_ctx->to_hash_later;
}
-
- ahash_free_desc_list_from(areq,
- list_first_entry(&req_ctx->desc_list,
- struct talitos_edesc, node));
-
- ahash_request_complete(areq, err);
}
/*
@@ -1954,7 +1987,8 @@ static int ahash_process_req_prepare(struct ahash_request *areq,
{
struct talitos_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(areq));
struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
- size_t desc_max = is_sec1 ? TALITOS1_MAX_DATA_LEN : SIZE_MAX;
+ size_t desc_max = is_sec1 ? TALITOS1_MAX_DATA_LEN :
+ TALITOS2_MAX_DATA_LEN;
struct talitos_edesc *edesc;
struct scatterlist tmp[2];
size_t to_hash_this_desc;
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v2 12/12] crypto: talitos - fix invalid submit_count initial value
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (10 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 11/12] crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation Paul Louvel
@ 2026-05-05 17:53 ` Paul Louvel
2026-05-07 14:40 ` [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-05 17:53 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
Paul Louvel, stable
The submit_count atomic counter is initialized to -(chfifo_len - 1), but
since atomic_inc_not_zero() rejects increments when the value is zero,
one FIFO slot is always wasted. With chfifo_len = 24, only 23
descriptors can be submitted before getting -EAGAIN in talitos_submit().
Fix by initializing submit_count to -chfifo_len so that the counter
reaches zero only after all chfifo_len slots are occupied.
Cc: stable@vger.kernel.org
Fixes: 4b99262881213 ("crypto: talitos - align locks on cache lines")
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
---
drivers/crypto/talitos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index cdb6823d7038..6a5b0b053479 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -3566,7 +3566,7 @@ static int talitos_probe(struct platform_device *ofdev)
}
atomic_set(&priv->chan[i].submit_count,
- -(priv->chfifo_len - 1));
+ -priv->chfifo_len);
}
dma_set_mask(dev, DMA_BIT_MASK(36));
--
2.53.0
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
` (11 preceding siblings ...)
2026-05-05 17:53 ` [PATCH v2 12/12] crypto: talitos - fix invalid submit_count initial value Paul Louvel
@ 2026-05-07 14:40 ` Paul Louvel
12 siblings, 0 replies; 14+ messages in thread
From: Paul Louvel @ 2026-05-07 14:40 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Paolo Abeni, David Howells,
Kim Phillips, Christophe Leroy
Cc: linux-crypto, linux-kernel, Thomas Petazzoni, Herve Codina,
stable
Again, some issues breaking existing crypto implementation in the driver have
been found upon Sashiko's review.
Please discard this v2.
Many thanks,
On 5/5/26 7:53 PM, Paul Louvel wrote:
> This series fixes several issues in the Freescale talitos crypto driver.
>
> Patch 1 fixes a missing dma_sync_single_for_cpu() before reading a
> descriptor header.
>
> Patches 2-5 add support for chaining an arbitrary number of descriptors
> in the driver for the SEC1 hardware.
>
> Patches 6-9 rework the SEC1 hash implementation to build descriptor
> chains instead of submitting one descriptor at a time via a workqueue.
>
> Patch 10 fixes the same ahash request size limitation on SEC2 (64k - 1
> bytes), by splitting ahash_done() into SEC1 and SEC2 paths so that SEC2
> iterates through descriptors sequentially.
>
> Patch 11 fixes an off-by-one in the submit_count initialisation that
> wastes one FIFO slot.
>
> Tested on an MPC885 SoC (SEC1 Lite), and on an MPC8321EMP SoC (SEC2)
> with CRYPTO_SELFTESTS_FULL=y.
> For the SEC1 Lite, some tests are failing due to a timeout waiting for
> request completion. These failed tests existed prior to this series.
> On SEC2, there is no failed tests.
>
> Signed-off-by: Paul Louvel <paul.louvel@bootlin.com>
> ---
> Changes in v2:
> - Split the first patch into smaller, logically separated patches for
> easier review.
> - Added more context on testing on the cover letter.
> - Introduce a fix to correctly read hardware descriptor header. This fix
> was motivated by a remark of Sashiko on the v1:
> https://sashiko.dev/#/patchset/20260504-bootlin_test-7-1-rc1_sec_bugfix-v1-0-c97c641976f5%40bootlin.com
> - Separate SEC2 64k-1 ahash limitation fix into its own patch.
> - Link to v1: https://patch.msgid.link/20260504-bootlin_test-7-1-rc1_sec_bugfix-v1-0-c97c641976f5@bootlin.com
>
> ---
> Paul Louvel (12):
> crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header
> crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1
> crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function
> crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function
> crypto: talitos - move code in current_desc_hdr() into a standalone function
> crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor
> crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue
> crypto: talitos/hash - drop workqueue mechanism for SEC1
> crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request
> crypto: talitos/hash - remove useless wrapper
> crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation
> crypto: talitos - fix invalid submit_count initial value
>
> drivers/crypto/talitos.c | 578 ++++++++++++++++++++++++-----------------------
> drivers/crypto/talitos.h | 14 ++
> 2 files changed, 315 insertions(+), 277 deletions(-)
> ---
> base-commit: db8b9f227833e729faf44a512aa1e88a625b5ad8
> change-id: 20260504-bootlin_test-7-1-rc1_sec_bugfix-13169ed07ddc
>
> Best regards,
> --
> Paul Louvel <paul.louvel@bootlin.com>
>
--
Paul Louvel, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2026-05-07 14:40 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-05 17:53 [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
2026-05-05 17:53 ` [PATCH v2 01/12] crypto: talitos - use dma_sync_single_for_cpu() before reading descriptor header Paul Louvel
2026-05-05 17:53 ` [PATCH v2 02/12] crypto: talitos - add chaining of arbitrary number of descriptor for the SEC1 Paul Louvel
2026-05-05 17:53 ` [PATCH v2 03/12] crypto: talitos - move dma unmapping code in flush_channel() into a standalone dma_unmap_request() function Paul Louvel
2026-05-05 17:53 ` [PATCH v2 04/12] crypto: talitos - move dma mapping code in talitos_submit() into a standalone dma_map_request() function Paul Louvel
2026-05-05 17:53 ` [PATCH v2 05/12] crypto: talitos - move code in current_desc_hdr() into a standalone function Paul Louvel
2026-05-05 17:53 ` [PATCH v2 06/12] crypto: talitos/hash - prepare SEC1 descriptor chaining, remove additional descriptor Paul Louvel
2026-05-05 17:53 ` [PATCH v2 07/12] crypto: talitos/hash - use descriptor chaining for SEC1 instead of workqueue Paul Louvel
2026-05-05 17:53 ` [PATCH v2 08/12] crypto: talitos/hash - drop workqueue mechanism for SEC1 Paul Louvel
2026-05-05 17:53 ` [PATCH v2 09/12] crypto: talitos/hash - rename first_desc/last_desc to first_request/last_request Paul Louvel
2026-05-05 17:53 ` [PATCH v2 10/12] crypto: talitos/hash - remove useless wrapper Paul Louvel
2026-05-05 17:53 ` [PATCH v2 11/12] crypto: talitos/hash - fix SEC2 64k - 1 ahash request limitation Paul Louvel
2026-05-05 17:53 ` [PATCH v2 12/12] crypto: talitos - fix invalid submit_count initial value Paul Louvel
2026-05-07 14:40 ` [PATCH v2 00/12] crypto: talitos - fix several issues in the Freescale talitos crypto driver Paul Louvel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox