Commit graph

34357 commits

Author SHA1 Message Date
Herbert Xu
e853c3cfa8 [CRYPTO] api: Added crypto_type support
This patch adds the crypto_type structure which will be used for all new
crypto algorithm types, beginning with block ciphers.

The primary purpose of this abstraction is to allow different crypto_type
objects for crypto algorithms of the same type, in particular, there will
be a different crypto_type objects for asynchronous algorithms.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:51 +10:00
Herbert Xu
8f21cf0d2b [CRYPTO] api: Feed flag directly to crypto_yield
The sleeping flag used to determine whether crypto_yield can actually
yield is really a per-operation flag rather than a per-tfm flag.  This
patch changes crypto_yield to take a flag directly so that we can start
using a per-operation flag instead the tfm flag.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:50 +10:00
Herbert Xu
6d7d684d63 [CRYPTO] api: Added crypto_alloc_base
Up until now all crypto transforms have been of the same type, struct
crypto_tfm, regardless of whether they are ciphers, digests, or other
types.  As a result of that, we check the types at run-time before
each crypto operation.

This is rather cumbersome.  We could instead use different C types for
each crypto type to ensure that the correct types are used at compile
time.  That is, we would have crypto_cipher/crypto_digest instead of
just crypto_tfm.  The appropriate type would then be required for the
actual operations such as crypto_digest_digest.

Now that we have the type/mask fields when looking up algorithms, it
is easy to request for an algorithm of the precise type that the user
wants.  However, crypto_alloc_tfm currently does not expose these new
attributes.

This patch introduces the function crypto_alloc_base which will carry
these new parameters.  It will be renamed to crypto_alloc_tfm once
all existing users have been converted.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:50 +10:00
Herbert Xu
65b75c36f4 [CRYPTO] s390: Added missing driver name and priority
Accelerated versions of crypto algorithms must carry a distinct driver name
and priority in order to distinguish themselves from their generic counter-
part.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:50 +10:00
Herbert Xu
f3f632d61a [CRYPTO] api: Added asynchronous flag
This patch adds the asynchronous flag and changes all existing users to
only look up algorithms that are synchronous.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:49 +10:00
Herbert Xu
7fed0bf271 [CRYPTO] api: Add common instance initialisation code
This patch adds the helpers crypto_get_attr_alg and crypto_alloc_instance
which can be used by simple one-argument templates like hmac to process
input parameters and allocate instances.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:04 +10:00
Herbert Xu
df89820ebd [CRYPTO] cipher: Removed special IV checks for ECB
This patch makes IV operations on ECB fail through nocrypt_iv rather than
calling BUG().  This is needed to generalise CBC/ECB using the template
mechanism.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:03 +10:00
Herbert Xu
c907ee76d8 [CRYPTO] tcrypt: Use test_hash for crc32c
Now that crc32c has been fixed to conform with standard digest semantics,
we can use test_hash for it.  I've turned the last test into a chunky
test.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:03 +10:00
Herbert Xu
ee7564166d [CRYPTO] digest: Store temporary digest in tfm
When the final result location is unaligned, we store the digest in a
temporary buffer before copying it to the final location.  Currently
that buffer sits on the stack.  This patch moves it to an area in the
tfm, just like the CBC IV buffer.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:02 +10:00
Herbert Xu
560c06ae1a [CRYPTO] api: Get rid of flags argument to setkey
Now that the tfm is passed directly to setkey instead of the ctx, we no
longer need to pass the &tfm->crt_flags pointer.

This patch also gets rid of a few unnecessary checks on the key length
for ciphers as the cipher layer guarantees that the key length is within
the bounds specified by the algorithm.

Rather than testing dia_setkey every time, this patch does it only once
during crypto_alloc_tfm.  The redundant check from crypto_digest_setkey
is also removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:02 +10:00
Herbert Xu
25cdbcd9e5 [CRYPTO] crc32c: Fix unconventional setkey usage
The convention for setkey is that once it is set it should not change,
in particular, init must not wipe out the key set by it.  In fact, init
should always be used after setkey before any digestion is performed.

The only user of crc32c that sets the key is tcrypt.  This patch adds
the necessary init calls there.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:01 +10:00
Michal Ludvig
58ec415289 [CRYPTO] padlock-sha: TFMs don't need to be static
TFMs are local variables. No need to declare them 
static. After all one is enough.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:00 +10:00
Michal Ludvig
5644bda5d6 [CRYPTO] padlock: Helper module padlock.ko
Compile a helper module padlock.ko that will try
to autoload all configured padlock algorithms.

This also provides backward compatibility with 
the ancient times before padlock.ko was renamed 
to padlock-aes.ko

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:00 +10:00
Adrian Bunk
cb17530b0a [CRYPTO] padlock-sha: Make 2 functions static
This patch makes two needlessly global functions static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:41:00 +10:00
Michal Ludvig
6c83327515 [CRYPTO] padlock: Driver for SHA1 / SHA256 algorithms
Support for SHA1 / SHA256 algorithms in VIA C7 processors.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:59 +10:00
Michal Ludvig
ccc17c34d6 [CRYPTO] padlock: Update private header file
PADLOCK_CRA_PRIORITY is shared between padlock-aes and padlock-sha
so it should be in the header.

On the other hand "struct cword" is only used in padlock-aes.c
so it's unnecessary to have it in padlock.h

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:22 +10:00
Herbert Xu
db5e9a4237 [CRYPTO] padlock: Add compatibility alias after rename
Whenever we rename modules we should add an alias to ensure that existing
users can still locate the new module.

This patch also gets rid of the now unused module function prototypes from
padlock.h.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:22 +10:00
Michal Ludvig
1191f0a493 [CRYPTO] padlock: Get rid of padlock-generic.c
Merge padlock-generic.c into padlock-aes.c and compile
AES as a standalone module. We won't make a monolithic
padlock.ko with all supported algorithms, instead we'll
compile each driver into its own module.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:21 +10:00
Michal Ludvig
b14cdd6704 [CRYPTO] api: Add missing accessors for new crypto_alg fields
Add missing accessors for cra_driver_name and cra_priority.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:21 +10:00
Michal Ludvig
b3be9a6d9a [CRYPTO] sha: Add module aliases for sha1 / sha256
Crypto modules should be loadable by their .cra_driver_name, so
we should make MODULE_ALIAS()es with these names. This patch adds
aliases for SHA1 and SHA256 only as that's what we need for
PadLock-SHA driver.

Signed-off-by: Michal Ludvig <michal@logix.cz>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:40:20 +10:00
Herbert Xu
6bfd48096f [CRYPTO] api: Added spawns
Spawns lock a specific crypto algorithm in place.  They can then be used
with crypto_spawn_tfm to allocate a tfm for that algorithm.  When the base
algorithm of a spawn is deregistered, all its spawns will be automatically
removed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:39:29 +10:00
Herbert Xu
492e2b63eb [CRYPTO] api: Allow algorithm lookup by type
This patch also adds the infrastructure to pick an algorithm based on
their type.  For example, this allows you to select the encryption
algorithm "aes", instead of any algorithm registered under the name
"aes".  For now this is only accessible internally.  Eventually it
will be made available through crypto_alloc_tfm.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:35:17 +10:00
Herbert Xu
2b8c19dbdc [CRYPTO] api: Add cryptomgr
The cryptomgr module is a simple manager of crypto algorithm instances.
It ensures that parameterised algorithms of the type tmpl(alg) (e.g.,
cbc(aes)) are always created.

This is meant to satisfy the needs for most users.  For more complex
cases such as deeper combinations or multiple parameters, a netlink
module will be created which allows arbitrary expressions to be parsed
in user-space.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:31:44 +10:00
Herbert Xu
2825982d9d [CRYPTO] api: Added event notification
This patch adds a notifier chain for algorithm/template registration events.
This will be used to register compound algorithms such as cbc(aes).  In
future this will also be passed onto user-space through netlink.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:17:13 +10:00
Herbert Xu
4cc7720cd1 [CRYPTO] api: Add template registration
A crypto_template generates a crypto_alg object when given a set of
parameters.  this patch adds the basic data structure fo templates
and code to handle their registration/deregistration.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:17:12 +10:00
Herbert Xu
cce9e06d10 [CRYPTO] api: Split out low-level API
The crypto API is made up of the part facing users such as IPsec and the
low-level part which is used by cryptographic entities such as algorithms.
This patch splits out the latter so that the two APIs are more clearly
delineated.  As a bonus the low-level API can now be modularised if all
algorithms are built as modules.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:30 +10:00
Herbert Xu
9409f38a0c [IPSEC]: Move linux/crypto.h inclusion out of net/xfrm.h
The header file linux/crypto.h is only needed by a few files so including
it in net/xfrm.h (which is included by half of the networking stack) is a
waste.  This patch moves it out of net/xfrm.h and into the specific header
files that actually need it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:30 +10:00
Herbert Xu
6521f30273 [CRYPTO] api: Add crypto_alg reference counting
Up until now we've relied on module reference counting to ensure that the
crypto_alg structures don't disappear from under us.  This was good enough
as long as each crypto_alg came from exactly one module.

However, with parameterised crypto algorithms a crypto_alg object may need
two or more modules to operate.  This means that we need to count the
references to the crypto_alg object directly.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:16:29 +10:00
Herbert Xu
72fa491912 [CRYPTO] api: Rename crypto_alg_get to crypto_mod_get
The functions crypto_alg_get and crypto_alg_put operates on the crypto
modules rather than the algorithms.  Therefore it makes sense to call
them crypto_mod_get and crypto_alg_put respectively.

This is needed because we need to have real algorithm reference counters
for parameterised algorithms as they can be unregistered from below by
when their parameter algorithms are themselves unregistered.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-21 11:16:29 +10:00
Joachim Fritschi
eaf44088ff [CRYPTO] twofish: x86-64 assembly version
The patch passed the trycpt tests and automated filesystem tests.
This rewrite resulted in some nice perfomance increase over my last patch.

Short summary of the tcrypt benchmarks:

Twofish Assembler vs. Twofish C (256bit 8kb block CBC)
encrypt: -27% Cycles
decrypt: -23% Cycles

Twofish Assembler vs. AES Assembler (128bit 8kb block CBC)
encrypt: +18%  Cycles
decrypt: +15% Cycles

Twofish Assembler vs. AES Assembler (256bit 8kb block CBC)
encrypt: -9% Cycles
decrypt: -8% Cycles

Full Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-x86_64.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-x86_64.txt


Here is another bonnie++ benchmark with encrypted filesystems. Most runs maxed
out the hd. It should give some idea what the module can do for encrypted filesystem
performance even though you can't see the full numbers.

http://homepages.tu-darmstadt.de/~fritschi/twofish/output_20060610_130806_x86_64.html

Signed-off-by: Joachim Fritschi <jfritschi@freenet.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:29 +10:00
Joachim Fritschi
b9f535ffe3 [CRYPTO] twofish: i586 assembly version
The patch passed the trycpt tests and automated filesystem tests.
This rewrite resulted in some nice perfomance increase over my last patch.

Short summary of the tcrypt benchmarks:

Twofish Assembler vs. Twofish C (256bit 8kb block CBC)
encrypt: -33% Cycles
decrypt: -45% Cycles

Twofish Assembler vs. AES Assembler (128bit 8kb block CBC)
encrypt: +3%  Cycles
decrypt: -22% Cycles

Twofish Assembler vs. AES Assembler (256bit 8kb block CBC)
encrypt: -20% Cycles
decrypt: -36% Cycles

Full Output:
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-asm-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-twofish-c-i586.txt
http://homepages.tu-darmstadt.de/~fritschi/twofish/tcrypt-speed-aes-asm-i586.txt


Here is another bonnie++ benchmark with encrypted filesystems. All runs with
the twofish assembler modules max out the drivespeed. It should give some
idea what the module can do for encrypted filesystem performance even though
you can't see the full numbers.

http://homepages.tu-darmstadt.de/~fritschi/twofish/output_20060611_205432_x86.html

Signed-off-by: Joachim Fritschi <jfritschi@freenet.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:28 +10:00
Joachim Fritschi
758f570ea7 [CRYPTO] twofish: Fix the priority
This patch adds a proper driver name and priority to the generic c
implemtation to allow coexistance of c and assembler modules.

Signed-off-by: Joachim Fritschi <jfritschi@freenet.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:28 +10:00
Joachim Fritschi
2729bb427f [CRYPTO] twofish: Split out common c code
This patch splits up the twofish crypto routine into a common part ( key
setup  ) which will be uses by all twofish crypto modules ( generic-c , i586
assembler and x86_64 assembler ) and generic-c part. It also creates a new
header file which will be used by all 3 modules.

This eliminates all code duplication.

Correctness was verified with the tcrypt module and automated test scripts.

Signed-off-by: Joachim Fritschi <jfritschi@freenet.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:27 +10:00
Herbert Xu
799111020c [CRYPTO] api: Fixed crypto_tfm context alignment
Previously the __aligned__ attribute was added to the crypto_tfm context
member to ensure it is alinged correctly on architectures such as arm.
Unfortunately kmalloc does not use the same minimum alignment rules as
gcc so this is useless.

This patch changes it to use kmalloc's minimum alignment.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2006-09-21 11:16:27 +10:00
Mark Fasheh
eb35746ca5 ocfs2: Remove overzealous BUG_ON()
The truncate code was never supposed to BUG() on an allocator it doesn't
know about, but rather to ignore it. Right now, this does nothing, but when
we change our allocation paths to use all suballocator files, this will
allow current versions of the fs module to work fine.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 16:00:54 -07:00
Mark Fasheh
f12033d206 ocfs2: Don't print on unknown remote blocking call
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 16:00:36 -07:00
Mark Fasheh
02ed8416fe ocfs2: Remove EXPERIMENTAL dependency
Things have been working pretty well for a while now.

We should've probably done this at least one kernel
revision ago, but it doesn't hurt to be paranoid.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 16:00:06 -07:00
Mark Fasheh
aa9588741d ocfs2: implement directory read-ahead
Uptodate.c now knows about read-ahead buffers. Use some more aggressive
logic in ocfs2_readdir().

The two functions which currently use directory read-ahead are
ocfs2_find_entry() and ocfs2_readdir().

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:53:40 -07:00
Mark Fasheh
e0b4096d34 ocfs2: properly update i_mtime on buffered write
We weren't always updating i_mtime on writes, so fix ocfs2_commit_write() to
handle this.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Acked-by: Zach Brown <zach.brown@oracle.com>
2006-09-20 15:53:05 -07:00
Tiger Yang
0f62de2c9c ocfs2: Fix directory link count checks in ocfs2_link()
Remove the redundant "i_nlink >= OCFS2_LINK_MAX" check and adds an unlinked
directory check in ocfs2_link().

Signed-off-by: Tiger Yang <tiger.yang@oracle.com>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:52:27 -07:00
Mark Fasheh
a663e30513 ocfs2: move nlink check in ocfs2_mknod()
The dir nlink check in ocfs2_mknod() was being done outside of the cluster
lock, which means we could have been checking against a stale version of the
inode. Fix this by doing the check after the cluster lock instead.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:52:08 -07:00
Mathieu Avila
471e3f5728 ocfs2: Fix heartbeat sector calculation
This fixes things for devices which set max_sectors to 8.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:50:53 -07:00
Adrian Bunk
2d5625181f [PATCH] fs/ocfs2/ioctl.c should #include "ioctl.h"
Every file should #include the headers containing the prototypes for its
global functions.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:49:33 -07:00
Herbert Poetzl
ca4d147e62 ocfs2: add ext2 attributes
Support immutable, and other attributes.

Some renaming and other minor fixes done by myself.

Signed-off-by: Herbert Poetzl <herbert@13thfloor.at>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:48:39 -07:00
Joel Becker
b4c98f625f configfs: Prevent duplicate subsystem names.
For all child objects, creation comes through mkdir(2), so duplicate names
are prevented.

Subsystems, though, are registered by client drivers at init_module()/__init
time.  This patch prevents duplicate subsystem names.

Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
2006-09-20 15:46:14 -07:00
Michael Holzheu
388c571cff [S390] hypfs crashes with invalid mount option.
When an invalid mount option is specified, no root inode is created
for hypfs, hypfs_fill_super() returns with -EINVAL and then
hypfs_kill_super() is called. hypfs_kill_super() does not check if
the root inode has been initialized. This patch adds this check.

Signed-off-by: Michael Holzheu <holzheu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-09-20 16:00:04 +02:00
Peter Oberparleiter
564337f34c [S390] cio: subchannel evaluation function operates without lock
css_evaluate_subchannel() operates subchannel without lock which can
lead to erratic behavior caused by concurrent device access. Also
split evaluation function to make it more readable.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-09-20 16:00:01 +02:00
Peter Oberparleiter
28bdc6f623 [S390] cio: always query all paths on path verification.
Reappearing channel paths are sometimes not utilized by CCW devices
because path verification incorrectly relies on path-operational-mask
information which is not updated until a channel path has been used
again.
Modify path verification procedure to always query all available paths
to a device.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-09-20 15:59:59 +02:00
Peter Oberparleiter
e0e32c8eba [S390] cio: update path groups on logical CHPID changes.
CHPIDs that are logically varied off will not be removed from
a CCW device's path group because resign-from-pathgroup command is
issued with invalid path mask of 0 because internal CCW operations
are masked by the logical path mask after the relevant bits are
cleared by the vary operation.
Do not apply logical path mask to internal operations.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-09-20 15:59:57 +02:00
Peter Oberparleiter
dd9963f9dd [S390] cio: subchannels in no-path state.
Subchannel may incorrectly remain in state no-path after channel paths
have reappeared. Currently the scan for subchannels which are using a
channel path ends at the first occurrence if a full link address was
provided by the channel subsystem. The scan needs to continue over
all subchannels.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-09-20 15:59:54 +02:00