Re: [PATCH] crypto: x86 - remove SHA multibuffer routines and mcryptd
From: Tim Chen
Date: Mon Aug 27 2018 - 18:28:28 EST
On 08/22/2018 01:51 AM, Ard Biesheuvel wrote:
> As it turns out, the AVX2 multibuffer SHA routines are currently
> broken [0], in a way that would have likely been noticed if this
> code were in wide use. Since the code is too complicated to be
> maintained by anyone except the original authors, and since the
> performance benefits for real-world use cases are debatable to
> begin with, it is better to drop it entirely for the moment.
>
> [0] https://marc.info/?l=linux-crypto-vger&m=153476243825350&w=2
Sorry I was out of the loop for a while and haven't been following
the code too closely.
Megha is maintaining the code now. Before we pull the code,
please give us a chance to fix it first.
Thanks.
Tim
>
> Suggested-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Cc: Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> Cc: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> Cc: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>
> Cc: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
> Cc: Heiko Carstens <heiko.carstens@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
> MAINTAINERS | 8 -
> arch/m68k/configs/amiga_defconfig | 1 -
> arch/m68k/configs/apollo_defconfig | 1 -
> arch/m68k/configs/atari_defconfig | 1 -
> arch/m68k/configs/bvme6000_defconfig | 1 -
> arch/m68k/configs/hp300_defconfig | 1 -
> arch/m68k/configs/mac_defconfig | 1 -
> arch/m68k/configs/multi_defconfig | 1 -
> arch/m68k/configs/mvme147_defconfig | 1 -
> arch/m68k/configs/mvme16x_defconfig | 1 -
> arch/m68k/configs/q40_defconfig | 1 -
> arch/m68k/configs/sun3_defconfig | 1 -
> arch/m68k/configs/sun3x_defconfig | 1 -
> arch/s390/configs/debug_defconfig | 1 -
> arch/s390/configs/performance_defconfig | 1 -
> arch/x86/crypto/Makefile | 3 -
> arch/x86/crypto/sha1-mb/Makefile | 14 -
> arch/x86/crypto/sha1-mb/sha1_mb.c | 1011 ----------------
> arch/x86/crypto/sha1-mb/sha1_mb_ctx.h | 134 ---
> arch/x86/crypto/sha1-mb/sha1_mb_mgr.h | 110 --
> .../crypto/sha1-mb/sha1_mb_mgr_datastruct.S | 287 -----
> .../crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S | 304 -----
> .../crypto/sha1-mb/sha1_mb_mgr_init_avx2.c | 64 -
> .../crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S | 209 ----
> arch/x86/crypto/sha1-mb/sha1_x8_avx2.S | 492 --------
> arch/x86/crypto/sha256-mb/Makefile | 14 -
> arch/x86/crypto/sha256-mb/sha256_mb.c | 1013 ----------------
> arch/x86/crypto/sha256-mb/sha256_mb_ctx.h | 134 ---
> arch/x86/crypto/sha256-mb/sha256_mb_mgr.h | 108 --
> .../sha256-mb/sha256_mb_mgr_datastruct.S | 304 -----
> .../sha256-mb/sha256_mb_mgr_flush_avx2.S | 307 -----
> .../sha256-mb/sha256_mb_mgr_init_avx2.c | 65 -
> .../sha256-mb/sha256_mb_mgr_submit_avx2.S | 214 ----
> arch/x86/crypto/sha256-mb/sha256_x8_avx2.S | 598 ----------
> arch/x86/crypto/sha512-mb/Makefile | 12 -
> arch/x86/crypto/sha512-mb/sha512_mb.c | 1047 -----------------
> arch/x86/crypto/sha512-mb/sha512_mb_ctx.h | 128 --
> arch/x86/crypto/sha512-mb/sha512_mb_mgr.h | 104 --
> .../sha512-mb/sha512_mb_mgr_datastruct.S | 281 -----
> .../sha512-mb/sha512_mb_mgr_flush_avx2.S | 297 -----
> .../sha512-mb/sha512_mb_mgr_init_avx2.c | 69 --
> .../sha512-mb/sha512_mb_mgr_submit_avx2.S | 224 ----
> arch/x86/crypto/sha512-mb/sha512_x4_avx2.S | 531 ---------
> crypto/Kconfig | 62 -
> crypto/Makefile | 1 -
> crypto/mcryptd.c | 675 -----------
> include/crypto/mcryptd.h | 114 --
> 47 files changed, 8952 deletions(-)
> delete mode 100644 arch/x86/crypto/sha1-mb/Makefile
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb.c
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_ctx.h
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_mgr.h
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_mgr_datastruct.S
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_mgr_init_avx2.c
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
> delete mode 100644 arch/x86/crypto/sha1-mb/sha1_x8_avx2.S
> delete mode 100644 arch/x86/crypto/sha256-mb/Makefile
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb.c
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_ctx.h
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_mgr.h
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_mgr_datastruct.S
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_mgr_init_avx2.c
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
> delete mode 100644 arch/x86/crypto/sha256-mb/sha256_x8_avx2.S
> delete mode 100644 arch/x86/crypto/sha512-mb/Makefile
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb.c
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_ctx.h
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_mgr.h
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_mgr_datastruct.S
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_mgr_init_avx2.c
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
> delete mode 100644 arch/x86/crypto/sha512-mb/sha512_x4_avx2.S
> delete mode 100644 crypto/mcryptd.c
> delete mode 100644 include/crypto/mcryptd.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 24b200d91b30..05747b8ac88e 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -7487,14 +7487,6 @@ S: Supported
> F: drivers/infiniband/hw/i40iw/
> F: include/uapi/rdma/i40iw-abi.h
>
> -INTEL SHA MULTIBUFFER DRIVER
> -M: Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> -R: Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> -L: linux-crypto@xxxxxxxxxxxxxxx
> -S: Supported
> -F: arch/x86/crypto/sha*-mb/
> -F: crypto/mcryptd.c
> -
> INTEL TELEMETRY DRIVER
> M: Souvik Kumar Chakravarty <souvik.k.chakravarty@xxxxxxxxx>
> L: platform-driver-x86@xxxxxxxxxxxxxxx
> diff --git a/arch/m68k/configs/amiga_defconfig b/arch/m68k/configs/amiga_defconfig
> index 1d5483f6e457..70b10d712624 100644
> --- a/arch/m68k/configs/amiga_defconfig
> +++ b/arch/m68k/configs/amiga_defconfig
> @@ -621,7 +621,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/apollo_defconfig b/arch/m68k/configs/apollo_defconfig
> index 52a0af127951..211eec5859e8 100644
> --- a/arch/m68k/configs/apollo_defconfig
> +++ b/arch/m68k/configs/apollo_defconfig
> @@ -578,7 +578,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/atari_defconfig b/arch/m68k/configs/atari_defconfig
> index b3103e51268a..0da45c6084f7 100644
> --- a/arch/m68k/configs/atari_defconfig
> +++ b/arch/m68k/configs/atari_defconfig
> @@ -599,7 +599,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/bvme6000_defconfig b/arch/m68k/configs/bvme6000_defconfig
> index fb7d651a4cab..c09ae7219416 100644
> --- a/arch/m68k/configs/bvme6000_defconfig
> +++ b/arch/m68k/configs/bvme6000_defconfig
> @@ -570,7 +570,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/hp300_defconfig b/arch/m68k/configs/hp300_defconfig
> index 6b37f5537c39..8c4775b30748 100644
> --- a/arch/m68k/configs/hp300_defconfig
> +++ b/arch/m68k/configs/hp300_defconfig
> @@ -580,7 +580,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/mac_defconfig b/arch/m68k/configs/mac_defconfig
> index c717bf879449..48ad520e2f2d 100644
> --- a/arch/m68k/configs/mac_defconfig
> +++ b/arch/m68k/configs/mac_defconfig
> @@ -602,7 +602,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/multi_defconfig b/arch/m68k/configs/multi_defconfig
> index 226c994ce794..3a3cccb9f625 100644
> --- a/arch/m68k/configs/multi_defconfig
> +++ b/arch/m68k/configs/multi_defconfig
> @@ -684,7 +684,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/mvme147_defconfig b/arch/m68k/configs/mvme147_defconfig
> index b383327fd77a..63dc311f94ff 100644
> --- a/arch/m68k/configs/mvme147_defconfig
> +++ b/arch/m68k/configs/mvme147_defconfig
> @@ -570,7 +570,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/mvme16x_defconfig b/arch/m68k/configs/mvme16x_defconfig
> index 9783d3deb9e9..1ae39d1f9bb5 100644
> --- a/arch/m68k/configs/mvme16x_defconfig
> +++ b/arch/m68k/configs/mvme16x_defconfig
> @@ -570,7 +570,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/q40_defconfig b/arch/m68k/configs/q40_defconfig
> index a35d10ee10cb..ba2f351811da 100644
> --- a/arch/m68k/configs/q40_defconfig
> +++ b/arch/m68k/configs/q40_defconfig
> @@ -593,7 +593,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/sun3_defconfig b/arch/m68k/configs/sun3_defconfig
> index 573bf922d448..544b7475ff6a 100644
> --- a/arch/m68k/configs/sun3_defconfig
> +++ b/arch/m68k/configs/sun3_defconfig
> @@ -571,7 +571,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/m68k/configs/sun3x_defconfig b/arch/m68k/configs/sun3x_defconfig
> index efb27a7fcc55..149edafbb9f9 100644
> --- a/arch/m68k/configs/sun3x_defconfig
> +++ b/arch/m68k/configs/sun3x_defconfig
> @@ -572,7 +572,6 @@ CONFIG_CRYPTO_ECDH=m
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_USER=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_AEGIS128=m
> diff --git a/arch/s390/configs/debug_defconfig b/arch/s390/configs/debug_defconfig
> index 941d8cc6c9f5..259d1698ac50 100644
> --- a/arch/s390/configs/debug_defconfig
> +++ b/arch/s390/configs/debug_defconfig
> @@ -668,7 +668,6 @@ CONFIG_CRYPTO_USER=m
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> CONFIG_CRYPTO_PCRYPT=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_LRW=m
> diff --git a/arch/s390/configs/performance_defconfig b/arch/s390/configs/performance_defconfig
> index eb6f75f24208..37fd60c20e22 100644
> --- a/arch/s390/configs/performance_defconfig
> +++ b/arch/s390/configs/performance_defconfig
> @@ -610,7 +610,6 @@ CONFIG_CRYPTO_USER=m
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> CONFIG_CRYPTO_PCRYPT=m
> CONFIG_CRYPTO_CRYPTD=m
> -CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_CHACHA20POLY1305=m
> CONFIG_CRYPTO_LRW=m
> diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
> index a450ad573dcb..9edfa5469f9f 100644
> --- a/arch/x86/crypto/Makefile
> +++ b/arch/x86/crypto/Makefile
> @@ -60,9 +60,6 @@ endif
> ifeq ($(avx2_supported),yes)
> obj-$(CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64) += camellia-aesni-avx2.o
> obj-$(CONFIG_CRYPTO_SERPENT_AVX2_X86_64) += serpent-avx2.o
> - obj-$(CONFIG_CRYPTO_SHA1_MB) += sha1-mb/
> - obj-$(CONFIG_CRYPTO_SHA256_MB) += sha256-mb/
> - obj-$(CONFIG_CRYPTO_SHA512_MB) += sha512-mb/
>
> obj-$(CONFIG_CRYPTO_MORUS1280_AVX2) += morus1280-avx2.o
> endif
> diff --git a/arch/x86/crypto/sha1-mb/Makefile b/arch/x86/crypto/sha1-mb/Makefile
> deleted file mode 100644
> index 815ded3ba90e..000000000000
> --- a/arch/x86/crypto/sha1-mb/Makefile
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -# SPDX-License-Identifier: GPL-2.0
> -#
> -# Arch-specific CryptoAPI modules.
> -#
> -
> -OBJECT_FILES_NON_STANDARD := y
> -
> -avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
> - $(comma)4)$(comma)%ymm2,yes,no)
> -ifeq ($(avx2_supported),yes)
> - obj-$(CONFIG_CRYPTO_SHA1_MB) += sha1-mb.o
> - sha1-mb-y := sha1_mb.o sha1_mb_mgr_flush_avx2.o \
> - sha1_mb_mgr_init_avx2.o sha1_mb_mgr_submit_avx2.o sha1_x8_avx2.o
> -endif
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb.c b/arch/x86/crypto/sha1-mb/sha1_mb.c
> deleted file mode 100644
> index b93805664c1d..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb.c
> +++ /dev/null
> @@ -1,1011 +0,0 @@
> -/*
> - * Multi buffer SHA1 algorithm Glue Code
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
> -#include <crypto/internal/hash.h>
> -#include <linux/init.h>
> -#include <linux/module.h>
> -#include <linux/mm.h>
> -#include <linux/cryptohash.h>
> -#include <linux/types.h>
> -#include <linux/list.h>
> -#include <crypto/scatterwalk.h>
> -#include <crypto/sha.h>
> -#include <crypto/mcryptd.h>
> -#include <crypto/crypto_wq.h>
> -#include <asm/byteorder.h>
> -#include <linux/hardirq.h>
> -#include <asm/fpu/api.h>
> -#include "sha1_mb_ctx.h"
> -
> -#define FLUSH_INTERVAL 1000 /* in usec */
> -
> -static struct mcryptd_alg_state sha1_mb_alg_state;
> -
> -struct sha1_mb_ctx {
> - struct mcryptd_ahash *mcryptd_tfm;
> -};
> -
> -static inline struct mcryptd_hash_request_ctx
> - *cast_hash_to_mcryptd_ctx(struct sha1_hash_ctx *hash_ctx)
> -{
> - struct ahash_request *areq;
> -
> - areq = container_of((void *) hash_ctx, struct ahash_request, __ctx);
> - return container_of(areq, struct mcryptd_hash_request_ctx, areq);
> -}
> -
> -static inline struct ahash_request
> - *cast_mcryptd_ctx_to_req(struct mcryptd_hash_request_ctx *ctx)
> -{
> - return container_of((void *) ctx, struct ahash_request, __ctx);
> -}
> -
> -static void req_ctx_init(struct mcryptd_hash_request_ctx *rctx,
> - struct ahash_request *areq)
> -{
> - rctx->flag = HASH_UPDATE;
> -}
> -
> -static asmlinkage void (*sha1_job_mgr_init)(struct sha1_mb_mgr *state);
> -static asmlinkage struct job_sha1* (*sha1_job_mgr_submit)
> - (struct sha1_mb_mgr *state, struct job_sha1 *job);
> -static asmlinkage struct job_sha1* (*sha1_job_mgr_flush)
> - (struct sha1_mb_mgr *state);
> -static asmlinkage struct job_sha1* (*sha1_job_mgr_get_comp_job)
> - (struct sha1_mb_mgr *state);
> -
> -static inline uint32_t sha1_pad(uint8_t padblock[SHA1_BLOCK_SIZE * 2],
> - uint64_t total_len)
> -{
> - uint32_t i = total_len & (SHA1_BLOCK_SIZE - 1);
> -
> - memset(&padblock[i], 0, SHA1_BLOCK_SIZE);
> - padblock[i] = 0x80;
> -
> - i += ((SHA1_BLOCK_SIZE - 1) &
> - (0 - (total_len + SHA1_PADLENGTHFIELD_SIZE + 1)))
> - + 1 + SHA1_PADLENGTHFIELD_SIZE;
> -
> -#if SHA1_PADLENGTHFIELD_SIZE == 16
> - *((uint64_t *) &padblock[i - 16]) = 0;
> -#endif
> -
> - *((uint64_t *) &padblock[i - 8]) = cpu_to_be64(total_len << 3);
> -
> - /* Number of extra blocks to hash */
> - return i >> SHA1_LOG2_BLOCK_SIZE;
> -}
> -
> -static struct sha1_hash_ctx *sha1_ctx_mgr_resubmit(struct sha1_ctx_mgr *mgr,
> - struct sha1_hash_ctx *ctx)
> -{
> - while (ctx) {
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Clear PROCESSING bit */
> - ctx->status = HASH_CTX_STS_COMPLETE;
> - return ctx;
> - }
> -
> - /*
> - * If the extra blocks are empty, begin hashing what remains
> - * in the user's buffer.
> - */
> - if (ctx->partial_block_buffer_length == 0 &&
> - ctx->incoming_buffer_length) {
> -
> - const void *buffer = ctx->incoming_buffer;
> - uint32_t len = ctx->incoming_buffer_length;
> - uint32_t copy_len;
> -
> - /*
> - * Only entire blocks can be hashed.
> - * Copy remainder to extra blocks buffer.
> - */
> - copy_len = len & (SHA1_BLOCK_SIZE-1);
> -
> - if (copy_len) {
> - len -= copy_len;
> - memcpy(ctx->partial_block_buffer,
> - ((const char *) buffer + len),
> - copy_len);
> - ctx->partial_block_buffer_length = copy_len;
> - }
> -
> - ctx->incoming_buffer_length = 0;
> -
> - /* len should be a multiple of the block size now */
> - assert((len % SHA1_BLOCK_SIZE) == 0);
> -
> - /* Set len to the number of blocks to be hashed */
> - len >>= SHA1_LOG2_BLOCK_SIZE;
> -
> - if (len) {
> -
> - ctx->job.buffer = (uint8_t *) buffer;
> - ctx->job.len = len;
> - ctx = (struct sha1_hash_ctx *)sha1_job_mgr_submit(&mgr->mgr,
> - &ctx->job);
> - continue;
> - }
> - }
> -
> - /*
> - * If the extra blocks are not empty, then we are
> - * either on the last block(s) or we need more
> - * user input before continuing.
> - */
> - if (ctx->status & HASH_CTX_STS_LAST) {
> -
> - uint8_t *buf = ctx->partial_block_buffer;
> - uint32_t n_extra_blocks =
> - sha1_pad(buf, ctx->total_length);
> -
> - ctx->status = (HASH_CTX_STS_PROCESSING |
> - HASH_CTX_STS_COMPLETE);
> - ctx->job.buffer = buf;
> - ctx->job.len = (uint32_t) n_extra_blocks;
> - ctx = (struct sha1_hash_ctx *)
> - sha1_job_mgr_submit(&mgr->mgr, &ctx->job);
> - continue;
> - }
> -
> - ctx->status = HASH_CTX_STS_IDLE;
> - return ctx;
> - }
> -
> - return NULL;
> -}
> -
> -static struct sha1_hash_ctx
> - *sha1_ctx_mgr_get_comp_ctx(struct sha1_ctx_mgr *mgr)
> -{
> - /*
> - * If get_comp_job returns NULL, there are no jobs complete.
> - * If get_comp_job returns a job, verify that it is safe to return to
> - * the user.
> - * If it is not ready, resubmit the job to finish processing.
> - * If sha1_ctx_mgr_resubmit returned a job, it is ready to be returned.
> - * Otherwise, all jobs currently being managed by the hash_ctx_mgr
> - * still need processing.
> - */
> - struct sha1_hash_ctx *ctx;
> -
> - ctx = (struct sha1_hash_ctx *) sha1_job_mgr_get_comp_job(&mgr->mgr);
> - return sha1_ctx_mgr_resubmit(mgr, ctx);
> -}
> -
> -static void sha1_ctx_mgr_init(struct sha1_ctx_mgr *mgr)
> -{
> - sha1_job_mgr_init(&mgr->mgr);
> -}
> -
> -static struct sha1_hash_ctx *sha1_ctx_mgr_submit(struct sha1_ctx_mgr *mgr,
> - struct sha1_hash_ctx *ctx,
> - const void *buffer,
> - uint32_t len,
> - int flags)
> -{
> - if (flags & ~(HASH_UPDATE | HASH_LAST)) {
> - /* User should not pass anything other than UPDATE or LAST */
> - ctx->error = HASH_CTX_ERROR_INVALID_FLAGS;
> - return ctx;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_PROCESSING) {
> - /* Cannot submit to a currently processing job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_PROCESSING;
> - return ctx;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Cannot update a finished job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_COMPLETED;
> - return ctx;
> - }
> -
> - /*
> - * If we made it here, there were no errors during this call to
> - * submit
> - */
> - ctx->error = HASH_CTX_ERROR_NONE;
> -
> - /* Store buffer ptr info from user */
> - ctx->incoming_buffer = buffer;
> - ctx->incoming_buffer_length = len;
> -
> - /*
> - * Store the user's request flags and mark this ctx as currently
> - * being processed.
> - */
> - ctx->status = (flags & HASH_LAST) ?
> - (HASH_CTX_STS_PROCESSING | HASH_CTX_STS_LAST) :
> - HASH_CTX_STS_PROCESSING;
> -
> - /* Advance byte counter */
> - ctx->total_length += len;
> -
> - /*
> - * If there is anything currently buffered in the extra blocks,
> - * append to it until it contains a whole block.
> - * Or if the user's buffer contains less than a whole block,
> - * append as much as possible to the extra block.
> - */
> - if (ctx->partial_block_buffer_length || len < SHA1_BLOCK_SIZE) {
> - /*
> - * Compute how many bytes to copy from user buffer into
> - * extra block
> - */
> - uint32_t copy_len = SHA1_BLOCK_SIZE -
> - ctx->partial_block_buffer_length;
> - if (len < copy_len)
> - copy_len = len;
> -
> - if (copy_len) {
> - /* Copy and update relevant pointers and counters */
> - memcpy(&ctx->partial_block_buffer[ctx->partial_block_buffer_length],
> - buffer, copy_len);
> -
> - ctx->partial_block_buffer_length += copy_len;
> - ctx->incoming_buffer = (const void *)
> - ((const char *)buffer + copy_len);
> - ctx->incoming_buffer_length = len - copy_len;
> - }
> -
> - /*
> - * The extra block should never contain more than 1 block
> - * here
> - */
> - assert(ctx->partial_block_buffer_length <= SHA1_BLOCK_SIZE);
> -
> - /*
> - * If the extra block buffer contains exactly 1 block, it can
> - * be hashed.
> - */
> - if (ctx->partial_block_buffer_length >= SHA1_BLOCK_SIZE) {
> - ctx->partial_block_buffer_length = 0;
> -
> - ctx->job.buffer = ctx->partial_block_buffer;
> - ctx->job.len = 1;
> - ctx = (struct sha1_hash_ctx *)
> - sha1_job_mgr_submit(&mgr->mgr, &ctx->job);
> - }
> - }
> -
> - return sha1_ctx_mgr_resubmit(mgr, ctx);
> -}
> -
> -static struct sha1_hash_ctx *sha1_ctx_mgr_flush(struct sha1_ctx_mgr *mgr)
> -{
> - struct sha1_hash_ctx *ctx;
> -
> - while (1) {
> - ctx = (struct sha1_hash_ctx *) sha1_job_mgr_flush(&mgr->mgr);
> -
> - /* If flush returned 0, there are no more jobs in flight. */
> - if (!ctx)
> - return NULL;
> -
> - /*
> - * If flush returned a job, resubmit the job to finish
> - * processing.
> - */
> - ctx = sha1_ctx_mgr_resubmit(mgr, ctx);
> -
> - /*
> - * If sha1_ctx_mgr_resubmit returned a job, it is ready to be
> - * returned. Otherwise, all jobs currently being managed by the
> - * sha1_ctx_mgr still need processing. Loop.
> - */
> - if (ctx)
> - return ctx;
> - }
> -}
> -
> -static int sha1_mb_init(struct ahash_request *areq)
> -{
> - struct sha1_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - hash_ctx_init(sctx);
> - sctx->job.result_digest[0] = SHA1_H0;
> - sctx->job.result_digest[1] = SHA1_H1;
> - sctx->job.result_digest[2] = SHA1_H2;
> - sctx->job.result_digest[3] = SHA1_H3;
> - sctx->job.result_digest[4] = SHA1_H4;
> - sctx->total_length = 0;
> - sctx->partial_block_buffer_length = 0;
> - sctx->status = HASH_CTX_STS_IDLE;
> -
> - return 0;
> -}
> -
> -static int sha1_mb_set_results(struct mcryptd_hash_request_ctx *rctx)
> -{
> - int i;
> - struct sha1_hash_ctx *sctx = ahash_request_ctx(&rctx->areq);
> - __be32 *dst = (__be32 *) rctx->out;
> -
> - for (i = 0; i < 5; ++i)
> - dst[i] = cpu_to_be32(sctx->job.result_digest[i]);
> -
> - return 0;
> -}
> -
> -static int sha_finish_walk(struct mcryptd_hash_request_ctx **ret_rctx,
> - struct mcryptd_alg_cstate *cstate, bool flush)
> -{
> - int flag = HASH_UPDATE;
> - int nbytes, err = 0;
> - struct mcryptd_hash_request_ctx *rctx = *ret_rctx;
> - struct sha1_hash_ctx *sha_ctx;
> -
> - /* more work ? */
> - while (!(rctx->flag & HASH_DONE)) {
> - nbytes = crypto_ahash_walk_done(&rctx->walk, 0);
> - if (nbytes < 0) {
> - err = nbytes;
> - goto out;
> - }
> - /* check if the walk is done */
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - if (rctx->flag & HASH_FINAL)
> - flag |= HASH_LAST;
> -
> - }
> - sha_ctx = (struct sha1_hash_ctx *)
> - ahash_request_ctx(&rctx->areq);
> - kernel_fpu_begin();
> - sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx,
> - rctx->walk.data, nbytes, flag);
> - if (!sha_ctx) {
> - if (flush)
> - sha_ctx = sha1_ctx_mgr_flush(cstate->mgr);
> - }
> - kernel_fpu_end();
> - if (sha_ctx)
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - else {
> - rctx = NULL;
> - goto out;
> - }
> - }
> -
> - /* copy the results */
> - if (rctx->flag & HASH_FINAL)
> - sha1_mb_set_results(rctx);
> -
> -out:
> - *ret_rctx = rctx;
> - return err;
> -}
> -
> -static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate,
> - int err)
> -{
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha1_hash_ctx *sha_ctx;
> - struct mcryptd_hash_request_ctx *req_ctx;
> - int ret;
> -
> - /* remove from work list */
> - spin_lock(&cstate->work_lock);
> - list_del(&rctx->waiter);
> - spin_unlock(&cstate->work_lock);
> -
> - if (irqs_disabled())
> - rctx->complete(&req->base, err);
> - else {
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> - }
> -
> - /* check to see if there are other jobs that are done */
> - sha_ctx = sha1_ctx_mgr_get_comp_ctx(cstate->mgr);
> - while (sha_ctx) {
> - req_ctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&req_ctx, cstate, false);
> - if (req_ctx) {
> - spin_lock(&cstate->work_lock);
> - list_del(&req_ctx->waiter);
> - spin_unlock(&cstate->work_lock);
> -
> - req = cast_mcryptd_ctx_to_req(req_ctx);
> - if (irqs_disabled())
> - req_ctx->complete(&req->base, ret);
> - else {
> - local_bh_disable();
> - req_ctx->complete(&req->base, ret);
> - local_bh_enable();
> - }
> - }
> - sha_ctx = sha1_ctx_mgr_get_comp_ctx(cstate->mgr);
> - }
> -
> - return 0;
> -}
> -
> -static void sha1_mb_add_list(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate)
> -{
> - unsigned long next_flush;
> - unsigned long delay = usecs_to_jiffies(FLUSH_INTERVAL);
> -
> - /* initialize tag */
> - rctx->tag.arrival = jiffies; /* tag the arrival time */
> - rctx->tag.seq_num = cstate->next_seq_num++;
> - next_flush = rctx->tag.arrival + delay;
> - rctx->tag.expire = next_flush;
> -
> - spin_lock(&cstate->work_lock);
> - list_add_tail(&rctx->waiter, &cstate->work_list);
> - spin_unlock(&cstate->work_lock);
> -
> - mcryptd_arm_flusher(cstate, delay);
> -}
> -
> -static int sha1_mb_update(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx, areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha1_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha1_hash_ctx *sha_ctx;
> - int ret = 0, nbytes;
> -
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk))
> - rctx->flag |= HASH_DONE;
> -
> - /* submit */
> - sha_ctx = (struct sha1_hash_ctx *) ahash_request_ctx(areq);
> - sha1_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
> - nbytes, HASH_UPDATE);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> -
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha1_mb_finup(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx, areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha1_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha1_hash_ctx *sha_ctx;
> - int ret = 0, flag = HASH_UPDATE, nbytes;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - flag = HASH_LAST;
> - }
> -
> - /* submit */
> - rctx->flag |= HASH_FINAL;
> - sha_ctx = (struct sha1_hash_ctx *) ahash_request_ctx(areq);
> - sha1_mb_add_list(rctx, cstate);
> -
> - kernel_fpu_begin();
> - sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
> - nbytes, flag);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha1_mb_final(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx, areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha1_mb_alg_state.alg_cstate);
> -
> - struct sha1_hash_ctx *sha_ctx;
> - int ret = 0;
> - u8 data;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - rctx->flag |= HASH_DONE | HASH_FINAL;
> -
> - sha_ctx = (struct sha1_hash_ctx *) ahash_request_ctx(areq);
> - /* flag HASH_FINAL and 0 data size */
> - sha1_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha1_ctx_mgr_submit(cstate->mgr, sha_ctx, &data, 0,
> - HASH_LAST);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha1_mb_export(struct ahash_request *areq, void *out)
> -{
> - struct sha1_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(out, sctx, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha1_mb_import(struct ahash_request *areq, const void *in)
> -{
> - struct sha1_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(sctx, in, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha1_mb_async_init_tfm(struct crypto_tfm *tfm)
> -{
> - struct mcryptd_ahash *mcryptd_tfm;
> - struct sha1_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> - struct mcryptd_hash_ctx *mctx;
> -
> - mcryptd_tfm = mcryptd_alloc_ahash("__intel_sha1-mb",
> - CRYPTO_ALG_INTERNAL,
> - CRYPTO_ALG_INTERNAL);
> - if (IS_ERR(mcryptd_tfm))
> - return PTR_ERR(mcryptd_tfm);
> - mctx = crypto_ahash_ctx(&mcryptd_tfm->base);
> - mctx->alg_state = &sha1_mb_alg_state;
> - ctx->mcryptd_tfm = mcryptd_tfm;
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - crypto_ahash_reqsize(&mcryptd_tfm->base));
> -
> - return 0;
> -}
> -
> -static void sha1_mb_async_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha1_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static int sha1_mb_areq_init_tfm(struct crypto_tfm *tfm)
> -{
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - sizeof(struct sha1_hash_ctx));
> -
> - return 0;
> -}
> -
> -static void sha1_mb_areq_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha1_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static struct ahash_alg sha1_mb_areq_alg = {
> - .init = sha1_mb_init,
> - .update = sha1_mb_update,
> - .final = sha1_mb_final,
> - .finup = sha1_mb_finup,
> - .export = sha1_mb_export,
> - .import = sha1_mb_import,
> - .halg = {
> - .digestsize = SHA1_DIGEST_SIZE,
> - .statesize = sizeof(struct sha1_hash_ctx),
> - .base = {
> - .cra_name = "__sha1-mb",
> - .cra_driver_name = "__intel_sha1-mb",
> - .cra_priority = 100,
> - /*
> - * use ASYNC flag as some buffers in multi-buffer
> - * algo may not have completed before hashing thread
> - * sleep
> - */
> - .cra_flags = CRYPTO_ALG_ASYNC |
> - CRYPTO_ALG_INTERNAL,
> - .cra_blocksize = SHA1_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT
> - (sha1_mb_areq_alg.halg.base.cra_list),
> - .cra_init = sha1_mb_areq_init_tfm,
> - .cra_exit = sha1_mb_areq_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha1_hash_ctx),
> - }
> - }
> -};
> -
> -static int sha1_mb_async_init(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_init(mcryptd_req);
> -}
> -
> -static int sha1_mb_async_update(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_update(mcryptd_req);
> -}
> -
> -static int sha1_mb_async_finup(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_finup(mcryptd_req);
> -}
> -
> -static int sha1_mb_async_final(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_final(mcryptd_req);
> -}
> -
> -static int sha1_mb_async_digest(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_digest(mcryptd_req);
> -}
> -
> -static int sha1_mb_async_export(struct ahash_request *req, void *out)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_export(mcryptd_req, out);
> -}
> -
> -static int sha1_mb_async_import(struct ahash_request *req, const void *in)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha1_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> - struct crypto_ahash *child = mcryptd_ahash_child(mcryptd_tfm);
> - struct mcryptd_hash_request_ctx *rctx;
> - struct ahash_request *areq;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - rctx = ahash_request_ctx(mcryptd_req);
> - areq = &rctx->areq;
> -
> - ahash_request_set_tfm(areq, child);
> - ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_SLEEP,
> - rctx->complete, req);
> -
> - return crypto_ahash_import(mcryptd_req, in);
> -}
> -
> -static struct ahash_alg sha1_mb_async_alg = {
> - .init = sha1_mb_async_init,
> - .update = sha1_mb_async_update,
> - .final = sha1_mb_async_final,
> - .finup = sha1_mb_async_finup,
> - .digest = sha1_mb_async_digest,
> - .export = sha1_mb_async_export,
> - .import = sha1_mb_async_import,
> - .halg = {
> - .digestsize = SHA1_DIGEST_SIZE,
> - .statesize = sizeof(struct sha1_hash_ctx),
> - .base = {
> - .cra_name = "sha1",
> - .cra_driver_name = "sha1_mb",
> - /*
> - * Low priority, since with few concurrent hash requests
> - * this is extremely slow due to the flush delay. Users
> - * whose workloads would benefit from this can request
> - * it explicitly by driver name, or can increase its
> - * priority at runtime using NETLINK_CRYPTO.
> - */
> - .cra_priority = 50,
> - .cra_flags = CRYPTO_ALG_ASYNC,
> - .cra_blocksize = SHA1_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT(sha1_mb_async_alg.halg.base.cra_list),
> - .cra_init = sha1_mb_async_init_tfm,
> - .cra_exit = sha1_mb_async_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha1_mb_ctx),
> - .cra_alignmask = 0,
> - },
> - },
> -};
> -
> -static unsigned long sha1_mb_flusher(struct mcryptd_alg_cstate *cstate)
> -{
> - struct mcryptd_hash_request_ctx *rctx;
> - unsigned long cur_time;
> - unsigned long next_flush = 0;
> - struct sha1_hash_ctx *sha_ctx;
> -
> -
> - cur_time = jiffies;
> -
> - while (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - if (time_before(cur_time, rctx->tag.expire))
> - break;
> - kernel_fpu_begin();
> - sha_ctx = (struct sha1_hash_ctx *)
> - sha1_ctx_mgr_flush(cstate->mgr);
> - kernel_fpu_end();
> - if (!sha_ctx) {
> - pr_err("sha1_mb error: nothing got flushed for non-empty list\n");
> - break;
> - }
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - sha_finish_walk(&rctx, cstate, true);
> - sha_complete_job(rctx, cstate, 0);
> - }
> -
> - if (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - /* get the hash context and then flush time */
> - next_flush = rctx->tag.expire;
> - mcryptd_arm_flusher(cstate, get_delay(next_flush));
> - }
> - return next_flush;
> -}
> -
> -static int __init sha1_mb_mod_init(void)
> -{
> -
> - int cpu;
> - int err;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - /* check for dependent cpu features */
> - if (!boot_cpu_has(X86_FEATURE_AVX2) ||
> - !boot_cpu_has(X86_FEATURE_BMI2))
> - return -ENODEV;
> -
> - /* initialize multibuffer structures */
> - sha1_mb_alg_state.alg_cstate = alloc_percpu(struct mcryptd_alg_cstate);
> -
> - sha1_job_mgr_init = sha1_mb_mgr_init_avx2;
> - sha1_job_mgr_submit = sha1_mb_mgr_submit_avx2;
> - sha1_job_mgr_flush = sha1_mb_mgr_flush_avx2;
> - sha1_job_mgr_get_comp_job = sha1_mb_mgr_get_comp_job_avx2;
> -
> - if (!sha1_mb_alg_state.alg_cstate)
> - return -ENOMEM;
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha1_mb_alg_state.alg_cstate, cpu);
> - cpu_state->next_flush = 0;
> - cpu_state->next_seq_num = 0;
> - cpu_state->flusher_engaged = false;
> - INIT_DELAYED_WORK(&cpu_state->flush, mcryptd_flusher);
> - cpu_state->cpu = cpu;
> - cpu_state->alg_state = &sha1_mb_alg_state;
> - cpu_state->mgr = kzalloc(sizeof(struct sha1_ctx_mgr),
> - GFP_KERNEL);
> - if (!cpu_state->mgr)
> - goto err2;
> - sha1_ctx_mgr_init(cpu_state->mgr);
> - INIT_LIST_HEAD(&cpu_state->work_list);
> - spin_lock_init(&cpu_state->work_lock);
> - }
> - sha1_mb_alg_state.flusher = &sha1_mb_flusher;
> -
> - err = crypto_register_ahash(&sha1_mb_areq_alg);
> - if (err)
> - goto err2;
> - err = crypto_register_ahash(&sha1_mb_async_alg);
> - if (err)
> - goto err1;
> -
> -
> - return 0;
> -err1:
> - crypto_unregister_ahash(&sha1_mb_areq_alg);
> -err2:
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha1_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha1_mb_alg_state.alg_cstate);
> - return -ENODEV;
> -}
> -
> -static void __exit sha1_mb_mod_fini(void)
> -{
> - int cpu;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - crypto_unregister_ahash(&sha1_mb_async_alg);
> - crypto_unregister_ahash(&sha1_mb_areq_alg);
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha1_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha1_mb_alg_state.alg_cstate);
> -}
> -
> -module_init(sha1_mb_mod_init);
> -module_exit(sha1_mb_mod_fini);
> -
> -MODULE_LICENSE("GPL");
> -MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, multi buffer accelerated");
> -
> -MODULE_ALIAS_CRYPTO("sha1");
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_ctx.h b/arch/x86/crypto/sha1-mb/sha1_mb_ctx.h
> deleted file mode 100644
> index 9454bd16f9f8..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_ctx.h
> +++ /dev/null
> @@ -1,134 +0,0 @@
> -/*
> - * Header file for multi buffer SHA context
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#ifndef _SHA_MB_CTX_INTERNAL_H
> -#define _SHA_MB_CTX_INTERNAL_H
> -
> -#include "sha1_mb_mgr.h"
> -
> -#define HASH_UPDATE 0x00
> -#define HASH_LAST 0x01
> -#define HASH_DONE 0x02
> -#define HASH_FINAL 0x04
> -
> -#define HASH_CTX_STS_IDLE 0x00
> -#define HASH_CTX_STS_PROCESSING 0x01
> -#define HASH_CTX_STS_LAST 0x02
> -#define HASH_CTX_STS_COMPLETE 0x04
> -
> -enum hash_ctx_error {
> - HASH_CTX_ERROR_NONE = 0,
> - HASH_CTX_ERROR_INVALID_FLAGS = -1,
> - HASH_CTX_ERROR_ALREADY_PROCESSING = -2,
> - HASH_CTX_ERROR_ALREADY_COMPLETED = -3,
> -
> -#ifdef HASH_CTX_DEBUG
> - HASH_CTX_ERROR_DEBUG_DIGEST_MISMATCH = -4,
> -#endif
> -};
> -
> -
> -#define hash_ctx_user_data(ctx) ((ctx)->user_data)
> -#define hash_ctx_digest(ctx) ((ctx)->job.result_digest)
> -#define hash_ctx_processing(ctx) ((ctx)->status & HASH_CTX_STS_PROCESSING)
> -#define hash_ctx_complete(ctx) ((ctx)->status == HASH_CTX_STS_COMPLETE)
> -#define hash_ctx_status(ctx) ((ctx)->status)
> -#define hash_ctx_error(ctx) ((ctx)->error)
> -#define hash_ctx_init(ctx) \
> - do { \
> - (ctx)->error = HASH_CTX_ERROR_NONE; \
> - (ctx)->status = HASH_CTX_STS_COMPLETE; \
> - } while (0)
> -
> -
> -/* Hash Constants and Typedefs */
> -#define SHA1_DIGEST_LENGTH 5
> -#define SHA1_LOG2_BLOCK_SIZE 6
> -
> -#define SHA1_PADLENGTHFIELD_SIZE 8
> -
> -#ifdef SHA_MB_DEBUG
> -#define assert(expr) \
> -do { \
> - if (unlikely(!(expr))) { \
> - printk(KERN_ERR "Assertion failed! %s,%s,%s,line=%d\n", \
> - #expr, __FILE__, __func__, __LINE__); \
> - } \
> -} while (0)
> -#else
> -#define assert(expr) do {} while (0)
> -#endif
> -
> -struct sha1_ctx_mgr {
> - struct sha1_mb_mgr mgr;
> -};
> -
> -/* typedef struct sha1_ctx_mgr sha1_ctx_mgr; */
> -
> -struct sha1_hash_ctx {
> - /* Must be at struct offset 0 */
> - struct job_sha1 job;
> - /* status flag */
> - int status;
> - /* error flag */
> - int error;
> -
> - uint64_t total_length;
> - const void *incoming_buffer;
> - uint32_t incoming_buffer_length;
> - uint8_t partial_block_buffer[SHA1_BLOCK_SIZE * 2];
> - uint32_t partial_block_buffer_length;
> - void *user_data;
> -};
> -
> -#endif
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr.h b/arch/x86/crypto/sha1-mb/sha1_mb_mgr.h
> deleted file mode 100644
> index 08ad1a9acfd7..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr.h
> +++ /dev/null
> @@ -1,110 +0,0 @@
> -/*
> - * Header file for multi buffer SHA1 algorithm manager
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * James Guilford <james.guilford@xxxxxxxxx>
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -#ifndef __SHA_MB_MGR_H
> -#define __SHA_MB_MGR_H
> -
> -
> -#include <linux/types.h>
> -
> -#define NUM_SHA1_DIGEST_WORDS 5
> -
> -enum job_sts { STS_UNKNOWN = 0,
> - STS_BEING_PROCESSED = 1,
> - STS_COMPLETED = 2,
> - STS_INTERNAL_ERROR = 3,
> - STS_ERROR = 4
> -};
> -
> -struct job_sha1 {
> - u8 *buffer;
> - u32 len;
> - u32 result_digest[NUM_SHA1_DIGEST_WORDS] __aligned(32);
> - enum job_sts status;
> - void *user_data;
> -};
> -
> -/* SHA1 out-of-order scheduler */
> -
> -/* typedef uint32_t sha1_digest_array[5][8]; */
> -
> -struct sha1_args_x8 {
> - uint32_t digest[5][8];
> - uint8_t *data_ptr[8];
> -};
> -
> -struct sha1_lane_data {
> - struct job_sha1 *job_in_lane;
> -};
> -
> -struct sha1_mb_mgr {
> - struct sha1_args_x8 args;
> -
> - uint32_t lens[8];
> -
> - /* each byte is index (0...7) of unused lanes */
> - uint64_t unused_lanes;
> - /* byte 4 is set to FF as a flag */
> - struct sha1_lane_data ldata[8];
> -};
> -
> -
> -#define SHA1_MB_MGR_NUM_LANES_AVX2 8
> -
> -void sha1_mb_mgr_init_avx2(struct sha1_mb_mgr *state);
> -struct job_sha1 *sha1_mb_mgr_submit_avx2(struct sha1_mb_mgr *state,
> - struct job_sha1 *job);
> -struct job_sha1 *sha1_mb_mgr_flush_avx2(struct sha1_mb_mgr *state);
> -struct job_sha1 *sha1_mb_mgr_get_comp_job_avx2(struct sha1_mb_mgr *state);
> -
> -#endif
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_datastruct.S b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_datastruct.S
> deleted file mode 100644
> index 86688c6e7a25..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_datastruct.S
> +++ /dev/null
> @@ -1,287 +0,0 @@
> -/*
> - * Header file for multi buffer SHA1 algorithm data structure
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * James Guilford <james.guilford@xxxxxxxxx>
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -# Macros for defining data structures
> -
> -# Usage example
> -
> -#START_FIELDS # JOB_AES
> -### name size align
> -#FIELD _plaintext, 8, 8 # pointer to plaintext
> -#FIELD _ciphertext, 8, 8 # pointer to ciphertext
> -#FIELD _IV, 16, 8 # IV
> -#FIELD _keys, 8, 8 # pointer to keys
> -#FIELD _len, 4, 4 # length in bytes
> -#FIELD _status, 4, 4 # status enumeration
> -#FIELD _user_data, 8, 8 # pointer to user data
> -#UNION _union, size1, align1, \
> -# size2, align2, \
> -# size3, align3, \
> -# ...
> -#END_FIELDS
> -#%assign _JOB_AES_size _FIELD_OFFSET
> -#%assign _JOB_AES_align _STRUCT_ALIGN
> -
> -#########################################################################
> -
> -# Alternate "struc-like" syntax:
> -# STRUCT job_aes2
> -# RES_Q .plaintext, 1
> -# RES_Q .ciphertext, 1
> -# RES_DQ .IV, 1
> -# RES_B .nested, _JOB_AES_SIZE, _JOB_AES_ALIGN
> -# RES_U .union, size1, align1, \
> -# size2, align2, \
> -# ...
> -# ENDSTRUCT
> -# # Following only needed if nesting
> -# %assign job_aes2_size _FIELD_OFFSET
> -# %assign job_aes2_align _STRUCT_ALIGN
> -#
> -# RES_* macros take a name, a count and an optional alignment.
> -# The count in in terms of the base size of the macro, and the
> -# default alignment is the base size.
> -# The macros are:
> -# Macro Base size
> -# RES_B 1
> -# RES_W 2
> -# RES_D 4
> -# RES_Q 8
> -# RES_DQ 16
> -# RES_Y 32
> -# RES_Z 64
> -#
> -# RES_U defines a union. It's arguments are a name and two or more
> -# pairs of "size, alignment"
> -#
> -# The two assigns are only needed if this structure is being nested
> -# within another. Even if the assigns are not done, one can still use
> -# STRUCT_NAME_size as the size of the structure.
> -#
> -# Note that for nesting, you still need to assign to STRUCT_NAME_size.
> -#
> -# The differences between this and using "struc" directly are that each
> -# type is implicitly aligned to its natural length (although this can be
> -# over-ridden with an explicit third parameter), and that the structure
> -# is padded at the end to its overall alignment.
> -#
> -
> -#########################################################################
> -
> -#ifndef _SHA1_MB_MGR_DATASTRUCT_ASM_
> -#define _SHA1_MB_MGR_DATASTRUCT_ASM_
> -
> -## START_FIELDS
> -.macro START_FIELDS
> - _FIELD_OFFSET = 0
> - _STRUCT_ALIGN = 0
> -.endm
> -
> -## FIELD name size align
> -.macro FIELD name size align
> - _FIELD_OFFSET = (_FIELD_OFFSET + (\align) - 1) & (~ ((\align)-1))
> - \name = _FIELD_OFFSET
> - _FIELD_OFFSET = _FIELD_OFFSET + (\size)
> -.if (\align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = \align
> -.endif
> -.endm
> -
> -## END_FIELDS
> -.macro END_FIELDS
> - _FIELD_OFFSET = (_FIELD_OFFSET + _STRUCT_ALIGN-1) & (~ (_STRUCT_ALIGN-1))
> -.endm
> -
> -########################################################################
> -
> -.macro STRUCT p1
> -START_FIELDS
> -.struc \p1
> -.endm
> -
> -.macro ENDSTRUCT
> - tmp = _FIELD_OFFSET
> - END_FIELDS
> - tmp = (_FIELD_OFFSET - %%tmp)
> -.if (tmp > 0)
> - .lcomm tmp
> -.endif
> -.endstruc
> -.endm
> -
> -## RES_int name size align
> -.macro RES_int p1 p2 p3
> - name = \p1
> - size = \p2
> - align = .\p3
> -
> - _FIELD_OFFSET = (_FIELD_OFFSET + (align) - 1) & (~ ((align)-1))
> -.align align
> -.lcomm name size
> - _FIELD_OFFSET = _FIELD_OFFSET + (size)
> -.if (align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = align
> -.endif
> -.endm
> -
> -
> -
> -# macro RES_B name, size [, align]
> -.macro RES_B _name, _size, _align=1
> -RES_int _name _size _align
> -.endm
> -
> -# macro RES_W name, size [, align]
> -.macro RES_W _name, _size, _align=2
> -RES_int _name 2*(_size) _align
> -.endm
> -
> -# macro RES_D name, size [, align]
> -.macro RES_D _name, _size, _align=4
> -RES_int _name 4*(_size) _align
> -.endm
> -
> -# macro RES_Q name, size [, align]
> -.macro RES_Q _name, _size, _align=8
> -RES_int _name 8*(_size) _align
> -.endm
> -
> -# macro RES_DQ name, size [, align]
> -.macro RES_DQ _name, _size, _align=16
> -RES_int _name 16*(_size) _align
> -.endm
> -
> -# macro RES_Y name, size [, align]
> -.macro RES_Y _name, _size, _align=32
> -RES_int _name 32*(_size) _align
> -.endm
> -
> -# macro RES_Z name, size [, align]
> -.macro RES_Z _name, _size, _align=64
> -RES_int _name 64*(_size) _align
> -.endm
> -
> -
> -#endif
> -
> -########################################################################
> -#### Define constants
> -########################################################################
> -
> -########################################################################
> -#### Define SHA1 Out Of Order Data Structures
> -########################################################################
> -
> -START_FIELDS # LANE_DATA
> -### name size align
> -FIELD _job_in_lane, 8, 8 # pointer to job object
> -END_FIELDS
> -
> -_LANE_DATA_size = _FIELD_OFFSET
> -_LANE_DATA_align = _STRUCT_ALIGN
> -
> -########################################################################
> -
> -START_FIELDS # SHA1_ARGS_X8
> -### name size align
> -FIELD _digest, 4*5*8, 16 # transposed digest
> -FIELD _data_ptr, 8*8, 8 # array of pointers to data
> -END_FIELDS
> -
> -_SHA1_ARGS_X4_size = _FIELD_OFFSET
> -_SHA1_ARGS_X4_align = _STRUCT_ALIGN
> -_SHA1_ARGS_X8_size = _FIELD_OFFSET
> -_SHA1_ARGS_X8_align = _STRUCT_ALIGN
> -
> -########################################################################
> -
> -START_FIELDS # MB_MGR
> -### name size align
> -FIELD _args, _SHA1_ARGS_X4_size, _SHA1_ARGS_X4_align
> -FIELD _lens, 4*8, 8
> -FIELD _unused_lanes, 8, 8
> -FIELD _ldata, _LANE_DATA_size*8, _LANE_DATA_align
> -END_FIELDS
> -
> -_MB_MGR_size = _FIELD_OFFSET
> -_MB_MGR_align = _STRUCT_ALIGN
> -
> -_args_digest = _args + _digest
> -_args_data_ptr = _args + _data_ptr
> -
> -
> -########################################################################
> -#### Define constants
> -########################################################################
> -
> -#define STS_UNKNOWN 0
> -#define STS_BEING_PROCESSED 1
> -#define STS_COMPLETED 2
> -
> -########################################################################
> -#### Define JOB_SHA1 structure
> -########################################################################
> -
> -START_FIELDS # JOB_SHA1
> -
> -### name size align
> -FIELD _buffer, 8, 8 # pointer to buffer
> -FIELD _len, 4, 4 # length in bytes
> -FIELD _result_digest, 5*4, 32 # Digest (output)
> -FIELD _status, 4, 4
> -FIELD _user_data, 8, 8
> -END_FIELDS
> -
> -_JOB_SHA1_size = _FIELD_OFFSET
> -_JOB_SHA1_align = _STRUCT_ALIGN
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
> deleted file mode 100644
> index 7cfba738f104..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_flush_avx2.S
> +++ /dev/null
> @@ -1,304 +0,0 @@
> -/*
> - * Flush routine for SHA1 multibuffer
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * James Guilford <james.guilford@xxxxxxxxx>
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha1_mb_mgr_datastruct.S"
> -
> -
> -.extern sha1_x8_avx2
> -
> -# LINUX register definitions
> -#define arg1 %rdi
> -#define arg2 %rsi
> -
> -# Common definitions
> -#define state arg1
> -#define job arg2
> -#define len2 arg2
> -
> -# idx must be a register not clobbered by sha1_x8_avx2
> -#define idx %r8
> -#define DWORD_idx %r8d
> -
> -#define unused_lanes %rbx
> -#define lane_data %rbx
> -#define tmp2 %rbx
> -#define tmp2_w %ebx
> -
> -#define job_rax %rax
> -#define tmp1 %rax
> -#define size_offset %rax
> -#define tmp %rax
> -#define start_offset %rax
> -
> -#define tmp3 %arg1
> -
> -#define extra_blocks %arg2
> -#define p %arg2
> -
> -.macro LABEL prefix n
> -\prefix\n\():
> -.endm
> -
> -.macro JNE_SKIP i
> -jne skip_\i
> -.endm
> -
> -.altmacro
> -.macro SET_OFFSET _offset
> -offset = \_offset
> -.endm
> -.noaltmacro
> -
> -# JOB* sha1_mb_mgr_flush_avx2(MB_MGR *state)
> -# arg 1 : rcx : state
> -ENTRY(sha1_mb_mgr_flush_avx2)
> - FRAME_BEGIN
> - push %rbx
> -
> - # If bit (32+3) is set, then all lanes are empty
> - mov _unused_lanes(state), unused_lanes
> - bt $32+3, unused_lanes
> - jc return_null
> -
> - # find a lane with a non-null job
> - xor idx, idx
> - offset = (_ldata + 1 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne one(%rip), idx
> - offset = (_ldata + 2 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne two(%rip), idx
> - offset = (_ldata + 3 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne three(%rip), idx
> - offset = (_ldata + 4 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne four(%rip), idx
> - offset = (_ldata + 5 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne five(%rip), idx
> - offset = (_ldata + 6 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne six(%rip), idx
> - offset = (_ldata + 7 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne seven(%rip), idx
> -
> - # copy idx to empty lanes
> -copy_lane_data:
> - offset = (_args + _data_ptr)
> - mov offset(state,idx,8), tmp
> -
> - I = 0
> -.rep 8
> - offset = (_ldata + I * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> -.altmacro
> - JNE_SKIP %I
> - offset = (_args + _data_ptr + 8*I)
> - mov tmp, offset(state)
> - offset = (_lens + 4*I)
> - movl $0xFFFFFFFF, offset(state)
> -LABEL skip_ %I
> - I = (I+1)
> -.noaltmacro
> -.endr
> -
> - # Find min length
> - vmovdqu _lens+0*16(state), %xmm0
> - vmovdqu _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min value in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - mov idx, len2
> - and $0xF, idx
> - shr $4, len2
> - jz len_is_0
> -
> - vpand clear_low_nibble(%rip), %xmm2, %xmm2
> - vpshufd $0, %xmm2, %xmm2
> -
> - vpsubd %xmm2, %xmm0, %xmm0
> - vpsubd %xmm2, %xmm1, %xmm1
> -
> - vmovdqu %xmm0, _lens+0*16(state)
> - vmovdqu %xmm1, _lens+1*16(state)
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha1_x8_avx2
> - # state and idx are intact
> -
> -
> -len_is_0:
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $4, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens(state, idx, 4)
> -
> - vmovd _args_digest(state , idx, 4) , %xmm0
> - vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
> - movl _args_digest+4*32(state, idx, 4), tmp2_w
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - offset = (_result_digest + 1*16)
> - mov tmp2_w, offset(job_rax)
> -
> -return:
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -ENDPROC(sha1_mb_mgr_flush_avx2)
> -
> -
> -#################################################################
> -
> -.align 16
> -ENTRY(sha1_mb_mgr_get_comp_job_avx2)
> - push %rbx
> -
> - ## if bit 32+3 is set, then all lanes are empty
> - mov _unused_lanes(state), unused_lanes
> - bt $(32+3), unused_lanes
> - jc .return_null
> -
> - # Find min length
> - vmovdqu _lens(state), %xmm0
> - vmovdqu _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min value in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - test $~0xF, idx
> - jnz .return_null
> -
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $4, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens(state, idx, 4)
> -
> - vmovd _args_digest(state, idx, 4), %xmm0
> - vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
> - movl _args_digest+4*32(state, idx, 4), tmp2_w
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - movl tmp2_w, _result_digest+1*16(job_rax)
> -
> - pop %rbx
> -
> - ret
> -
> -.return_null:
> - xor job_rax, job_rax
> - pop %rbx
> - ret
> -ENDPROC(sha1_mb_mgr_get_comp_job_avx2)
> -
> -.section .rodata.cst16.clear_low_nibble, "aM", @progbits, 16
> -.align 16
> -clear_low_nibble:
> -.octa 0x000000000000000000000000FFFFFFF0
> -
> -.section .rodata.cst8, "aM", @progbits, 8
> -.align 8
> -one:
> -.quad 1
> -two:
> -.quad 2
> -three:
> -.quad 3
> -four:
> -.quad 4
> -five:
> -.quad 5
> -six:
> -.quad 6
> -seven:
> -.quad 7
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_init_avx2.c b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_init_avx2.c
> deleted file mode 100644
> index d2add0d35f43..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_init_avx2.c
> +++ /dev/null
> @@ -1,64 +0,0 @@
> -/*
> - * Initialization code for multi buffer SHA1 algorithm for AVX2
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include "sha1_mb_mgr.h"
> -
> -void sha1_mb_mgr_init_avx2(struct sha1_mb_mgr *state)
> -{
> - unsigned int j;
> - state->unused_lanes = 0xF76543210ULL;
> - for (j = 0; j < 8; j++) {
> - state->lens[j] = 0xFFFFFFFF;
> - state->ldata[j].job_in_lane = NULL;
> - }
> -}
> diff --git a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
> deleted file mode 100644
> index 7a93b1c0d69a..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_mb_mgr_submit_avx2.S
> +++ /dev/null
> @@ -1,209 +0,0 @@
> -/*
> - * Buffer submit code for multi buffer SHA1 algorithm
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * James Guilford <james.guilford@xxxxxxxxx>
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha1_mb_mgr_datastruct.S"
> -
> -
> -.extern sha1_x8_avx
> -
> -# LINUX register definitions
> -arg1 = %rdi
> -arg2 = %rsi
> -size_offset = %rcx
> -tmp2 = %rcx
> -extra_blocks = %rdx
> -
> -# Common definitions
> -#define state arg1
> -#define job %rsi
> -#define len2 arg2
> -#define p2 arg2
> -
> -# idx must be a register not clobberred by sha1_x8_avx2
> -idx = %r8
> -DWORD_idx = %r8d
> -last_len = %r8
> -
> -p = %r11
> -start_offset = %r11
> -
> -unused_lanes = %rbx
> -BYTE_unused_lanes = %bl
> -
> -job_rax = %rax
> -len = %rax
> -DWORD_len = %eax
> -
> -lane = %r12
> -tmp3 = %r12
> -
> -tmp = %r9
> -DWORD_tmp = %r9d
> -
> -lane_data = %r10
> -
> -# JOB* submit_mb_mgr_submit_avx2(MB_MGR *state, job_sha1 *job)
> -# arg 1 : rcx : state
> -# arg 2 : rdx : job
> -ENTRY(sha1_mb_mgr_submit_avx2)
> - FRAME_BEGIN
> - push %rbx
> - push %r12
> -
> - mov _unused_lanes(state), unused_lanes
> - mov unused_lanes, lane
> - and $0xF, lane
> - shr $4, unused_lanes
> - imul $_LANE_DATA_size, lane, lane_data
> - movl $STS_BEING_PROCESSED, _status(job)
> - lea _ldata(state, lane_data), lane_data
> - mov unused_lanes, _unused_lanes(state)
> - movl _len(job), DWORD_len
> -
> - mov job, _job_in_lane(lane_data)
> - shl $4, len
> - or lane, len
> -
> - movl DWORD_len, _lens(state , lane, 4)
> -
> - # Load digest words from result_digest
> - vmovdqu _result_digest(job), %xmm0
> - mov _result_digest+1*16(job), DWORD_tmp
> - vmovd %xmm0, _args_digest(state, lane, 4)
> - vpextrd $1, %xmm0, _args_digest+1*32(state , lane, 4)
> - vpextrd $2, %xmm0, _args_digest+2*32(state , lane, 4)
> - vpextrd $3, %xmm0, _args_digest+3*32(state , lane, 4)
> - movl DWORD_tmp, _args_digest+4*32(state , lane, 4)
> -
> - mov _buffer(job), p
> - mov p, _args_data_ptr(state, lane, 8)
> -
> - cmp $0xF, unused_lanes
> - jne return_null
> -
> -start_loop:
> - # Find min length
> - vmovdqa _lens(state), %xmm0
> - vmovdqa _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min value in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - mov idx, len2
> - and $0xF, idx
> - shr $4, len2
> - jz len_is_0
> -
> - vpand clear_low_nibble(%rip), %xmm2, %xmm2
> - vpshufd $0, %xmm2, %xmm2
> -
> - vpsubd %xmm2, %xmm0, %xmm0
> - vpsubd %xmm2, %xmm1, %xmm1
> -
> - vmovdqa %xmm0, _lens + 0*16(state)
> - vmovdqa %xmm1, _lens + 1*16(state)
> -
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha1_x8_avx2
> -
> - # state and idx are intact
> -
> -len_is_0:
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - mov _unused_lanes(state), unused_lanes
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - shl $4, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens(state, idx, 4)
> -
> - vmovd _args_digest(state, idx, 4), %xmm0
> - vpinsrd $1, _args_digest+1*32(state , idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state , idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state , idx, 4), %xmm0, %xmm0
> - movl _args_digest+4*32(state, idx, 4), DWORD_tmp
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - movl DWORD_tmp, _result_digest+1*16(job_rax)
> -
> -return:
> - pop %r12
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -
> -ENDPROC(sha1_mb_mgr_submit_avx2)
> -
> -.section .rodata.cst16.clear_low_nibble, "aM", @progbits, 16
> -.align 16
> -clear_low_nibble:
> - .octa 0x000000000000000000000000FFFFFFF0
> diff --git a/arch/x86/crypto/sha1-mb/sha1_x8_avx2.S b/arch/x86/crypto/sha1-mb/sha1_x8_avx2.S
> deleted file mode 100644
> index 20f77aa633de..000000000000
> --- a/arch/x86/crypto/sha1-mb/sha1_x8_avx2.S
> +++ /dev/null
> @@ -1,492 +0,0 @@
> -/*
> - * Multi-buffer SHA1 algorithm hash compute routine
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * James Guilford <james.guilford@xxxxxxxxx>
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2014 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include "sha1_mb_mgr_datastruct.S"
> -
> -## code to compute oct SHA1 using SSE-256
> -## outer calling routine takes care of save and restore of XMM registers
> -
> -## Function clobbers: rax, rcx, rdx, rbx, rsi, rdi, r9-r15# ymm0-15
> -##
> -## Linux clobbers: rax rbx rcx rdx rsi r9 r10 r11 r12 r13 r14 r15
> -## Linux preserves: rdi rbp r8
> -##
> -## clobbers ymm0-15
> -
> -
> -# TRANSPOSE8 r0, r1, r2, r3, r4, r5, r6, r7, t0, t1
> -# "transpose" data in {r0...r7} using temps {t0...t1}
> -# Input looks like: {r0 r1 r2 r3 r4 r5 r6 r7}
> -# r0 = {a7 a6 a5 a4 a3 a2 a1 a0}
> -# r1 = {b7 b6 b5 b4 b3 b2 b1 b0}
> -# r2 = {c7 c6 c5 c4 c3 c2 c1 c0}
> -# r3 = {d7 d6 d5 d4 d3 d2 d1 d0}
> -# r4 = {e7 e6 e5 e4 e3 e2 e1 e0}
> -# r5 = {f7 f6 f5 f4 f3 f2 f1 f0}
> -# r6 = {g7 g6 g5 g4 g3 g2 g1 g0}
> -# r7 = {h7 h6 h5 h4 h3 h2 h1 h0}
> -#
> -# Output looks like: {r0 r1 r2 r3 r4 r5 r6 r7}
> -# r0 = {h0 g0 f0 e0 d0 c0 b0 a0}
> -# r1 = {h1 g1 f1 e1 d1 c1 b1 a1}
> -# r2 = {h2 g2 f2 e2 d2 c2 b2 a2}
> -# r3 = {h3 g3 f3 e3 d3 c3 b3 a3}
> -# r4 = {h4 g4 f4 e4 d4 c4 b4 a4}
> -# r5 = {h5 g5 f5 e5 d5 c5 b5 a5}
> -# r6 = {h6 g6 f6 e6 d6 c6 b6 a6}
> -# r7 = {h7 g7 f7 e7 d7 c7 b7 a7}
> -#
> -
> -.macro TRANSPOSE8 r0 r1 r2 r3 r4 r5 r6 r7 t0 t1
> - # process top half (r0..r3) {a...d}
> - vshufps $0x44, \r1, \r0, \t0 # t0 = {b5 b4 a5 a4 b1 b0 a1 a0}
> - vshufps $0xEE, \r1, \r0, \r0 # r0 = {b7 b6 a7 a6 b3 b2 a3 a2}
> - vshufps $0x44, \r3, \r2, \t1 # t1 = {d5 d4 c5 c4 d1 d0 c1 c0}
> - vshufps $0xEE, \r3, \r2, \r2 # r2 = {d7 d6 c7 c6 d3 d2 c3 c2}
> - vshufps $0xDD, \t1, \t0, \r3 # r3 = {d5 c5 b5 a5 d1 c1 b1 a1}
> - vshufps $0x88, \r2, \r0, \r1 # r1 = {d6 c6 b6 a6 d2 c2 b2 a2}
> - vshufps $0xDD, \r2, \r0, \r0 # r0 = {d7 c7 b7 a7 d3 c3 b3 a3}
> - vshufps $0x88, \t1, \t0, \t0 # t0 = {d4 c4 b4 a4 d0 c0 b0 a0}
> -
> - # use r2 in place of t0
> - # process bottom half (r4..r7) {e...h}
> - vshufps $0x44, \r5, \r4, \r2 # r2 = {f5 f4 e5 e4 f1 f0 e1 e0}
> - vshufps $0xEE, \r5, \r4, \r4 # r4 = {f7 f6 e7 e6 f3 f2 e3 e2}
> - vshufps $0x44, \r7, \r6, \t1 # t1 = {h5 h4 g5 g4 h1 h0 g1 g0}
> - vshufps $0xEE, \r7, \r6, \r6 # r6 = {h7 h6 g7 g6 h3 h2 g3 g2}
> - vshufps $0xDD, \t1, \r2, \r7 # r7 = {h5 g5 f5 e5 h1 g1 f1 e1}
> - vshufps $0x88, \r6, \r4, \r5 # r5 = {h6 g6 f6 e6 h2 g2 f2 e2}
> - vshufps $0xDD, \r6, \r4, \r4 # r4 = {h7 g7 f7 e7 h3 g3 f3 e3}
> - vshufps $0x88, \t1, \r2, \t1 # t1 = {h4 g4 f4 e4 h0 g0 f0 e0}
> -
> - vperm2f128 $0x13, \r1, \r5, \r6 # h6...a6
> - vperm2f128 $0x02, \r1, \r5, \r2 # h2...a2
> - vperm2f128 $0x13, \r3, \r7, \r5 # h5...a5
> - vperm2f128 $0x02, \r3, \r7, \r1 # h1...a1
> - vperm2f128 $0x13, \r0, \r4, \r7 # h7...a7
> - vperm2f128 $0x02, \r0, \r4, \r3 # h3...a3
> - vperm2f128 $0x13, \t0, \t1, \r4 # h4...a4
> - vperm2f128 $0x02, \t0, \t1, \r0 # h0...a0
> -
> -.endm
> -##
> -## Magic functions defined in FIPS 180-1
> -##
> -# macro MAGIC_F0 F,B,C,D,T ## F = (D ^ (B & (C ^ D)))
> -.macro MAGIC_F0 regF regB regC regD regT
> - vpxor \regD, \regC, \regF
> - vpand \regB, \regF, \regF
> - vpxor \regD, \regF, \regF
> -.endm
> -
> -# macro MAGIC_F1 F,B,C,D,T ## F = (B ^ C ^ D)
> -.macro MAGIC_F1 regF regB regC regD regT
> - vpxor \regC, \regD, \regF
> - vpxor \regB, \regF, \regF
> -.endm
> -
> -# macro MAGIC_F2 F,B,C,D,T ## F = ((B & C) | (B & D) | (C & D))
> -.macro MAGIC_F2 regF regB regC regD regT
> - vpor \regC, \regB, \regF
> - vpand \regC, \regB, \regT
> - vpand \regD, \regF, \regF
> - vpor \regT, \regF, \regF
> -.endm
> -
> -# macro MAGIC_F3 F,B,C,D,T ## F = (B ^ C ^ D)
> -.macro MAGIC_F3 regF regB regC regD regT
> - MAGIC_F1 \regF,\regB,\regC,\regD,\regT
> -.endm
> -
> -# PROLD reg, imm, tmp
> -.macro PROLD reg imm tmp
> - vpsrld $(32-\imm), \reg, \tmp
> - vpslld $\imm, \reg, \reg
> - vpor \tmp, \reg, \reg
> -.endm
> -
> -.macro PROLD_nd reg imm tmp src
> - vpsrld $(32-\imm), \src, \tmp
> - vpslld $\imm, \src, \reg
> - vpor \tmp, \reg, \reg
> -.endm
> -
> -.macro SHA1_STEP_00_15 regA regB regC regD regE regT regF memW immCNT MAGIC
> - vpaddd \immCNT, \regE, \regE
> - vpaddd \memW*32(%rsp), \regE, \regE
> - PROLD_nd \regT, 5, \regF, \regA
> - vpaddd \regT, \regE, \regE
> - \MAGIC \regF, \regB, \regC, \regD, \regT
> - PROLD \regB, 30, \regT
> - vpaddd \regF, \regE, \regE
> -.endm
> -
> -.macro SHA1_STEP_16_79 regA regB regC regD regE regT regF memW immCNT MAGIC
> - vpaddd \immCNT, \regE, \regE
> - offset = ((\memW - 14) & 15) * 32
> - vmovdqu offset(%rsp), W14
> - vpxor W14, W16, W16
> - offset = ((\memW - 8) & 15) * 32
> - vpxor offset(%rsp), W16, W16
> - offset = ((\memW - 3) & 15) * 32
> - vpxor offset(%rsp), W16, W16
> - vpsrld $(32-1), W16, \regF
> - vpslld $1, W16, W16
> - vpor W16, \regF, \regF
> -
> - ROTATE_W
> -
> - offset = ((\memW - 0) & 15) * 32
> - vmovdqu \regF, offset(%rsp)
> - vpaddd \regF, \regE, \regE
> - PROLD_nd \regT, 5, \regF, \regA
> - vpaddd \regT, \regE, \regE
> - \MAGIC \regF,\regB,\regC,\regD,\regT ## FUN = MAGIC_Fi(B,C,D)
> - PROLD \regB,30, \regT
> - vpaddd \regF, \regE, \regE
> -.endm
> -
> -########################################################################
> -########################################################################
> -########################################################################
> -
> -## FRAMESZ plus pushes must be an odd multiple of 8
> -YMM_SAVE = (15-15)*32
> -FRAMESZ = 32*16 + YMM_SAVE
> -_YMM = FRAMESZ - YMM_SAVE
> -
> -#define VMOVPS vmovups
> -
> -IDX = %rax
> -inp0 = %r9
> -inp1 = %r10
> -inp2 = %r11
> -inp3 = %r12
> -inp4 = %r13
> -inp5 = %r14
> -inp6 = %r15
> -inp7 = %rcx
> -arg1 = %rdi
> -arg2 = %rsi
> -RSP_SAVE = %rdx
> -
> -# ymm0 A
> -# ymm1 B
> -# ymm2 C
> -# ymm3 D
> -# ymm4 E
> -# ymm5 F AA
> -# ymm6 T0 BB
> -# ymm7 T1 CC
> -# ymm8 T2 DD
> -# ymm9 T3 EE
> -# ymm10 T4 TMP
> -# ymm11 T5 FUN
> -# ymm12 T6 K
> -# ymm13 T7 W14
> -# ymm14 T8 W15
> -# ymm15 T9 W16
> -
> -
> -A = %ymm0
> -B = %ymm1
> -C = %ymm2
> -D = %ymm3
> -E = %ymm4
> -F = %ymm5
> -T0 = %ymm6
> -T1 = %ymm7
> -T2 = %ymm8
> -T3 = %ymm9
> -T4 = %ymm10
> -T5 = %ymm11
> -T6 = %ymm12
> -T7 = %ymm13
> -T8 = %ymm14
> -T9 = %ymm15
> -
> -AA = %ymm5
> -BB = %ymm6
> -CC = %ymm7
> -DD = %ymm8
> -EE = %ymm9
> -TMP = %ymm10
> -FUN = %ymm11
> -K = %ymm12
> -W14 = %ymm13
> -W15 = %ymm14
> -W16 = %ymm15
> -
> -.macro ROTATE_ARGS
> - TMP_ = E
> - E = D
> - D = C
> - C = B
> - B = A
> - A = TMP_
> -.endm
> -
> -.macro ROTATE_W
> -TMP_ = W16
> -W16 = W15
> -W15 = W14
> -W14 = TMP_
> -.endm
> -
> -# 8 streams x 5 32bit words per digest x 4 bytes per word
> -#define DIGEST_SIZE (8*5*4)
> -
> -.align 32
> -
> -# void sha1_x8_avx2(void **input_data, UINT128 *digest, UINT32 size)
> -# arg 1 : pointer to array[4] of pointer to input data
> -# arg 2 : size (in blocks) ;; assumed to be >= 1
> -#
> -ENTRY(sha1_x8_avx2)
> -
> - # save callee-saved clobbered registers to comply with C function ABI
> - push %r12
> - push %r13
> - push %r14
> - push %r15
> -
> - #save rsp
> - mov %rsp, RSP_SAVE
> - sub $FRAMESZ, %rsp
> -
> - #align rsp to 32 Bytes
> - and $~0x1F, %rsp
> -
> - ## Initialize digests
> - vmovdqu 0*32(arg1), A
> - vmovdqu 1*32(arg1), B
> - vmovdqu 2*32(arg1), C
> - vmovdqu 3*32(arg1), D
> - vmovdqu 4*32(arg1), E
> -
> - ## transpose input onto stack
> - mov _data_ptr+0*8(arg1),inp0
> - mov _data_ptr+1*8(arg1),inp1
> - mov _data_ptr+2*8(arg1),inp2
> - mov _data_ptr+3*8(arg1),inp3
> - mov _data_ptr+4*8(arg1),inp4
> - mov _data_ptr+5*8(arg1),inp5
> - mov _data_ptr+6*8(arg1),inp6
> - mov _data_ptr+7*8(arg1),inp7
> -
> - xor IDX, IDX
> -lloop:
> - vmovdqu PSHUFFLE_BYTE_FLIP_MASK(%rip), F
> - I=0
> -.rep 2
> - VMOVPS (inp0, IDX), T0
> - VMOVPS (inp1, IDX), T1
> - VMOVPS (inp2, IDX), T2
> - VMOVPS (inp3, IDX), T3
> - VMOVPS (inp4, IDX), T4
> - VMOVPS (inp5, IDX), T5
> - VMOVPS (inp6, IDX), T6
> - VMOVPS (inp7, IDX), T7
> -
> - TRANSPOSE8 T0, T1, T2, T3, T4, T5, T6, T7, T8, T9
> - vpshufb F, T0, T0
> - vmovdqu T0, (I*8)*32(%rsp)
> - vpshufb F, T1, T1
> - vmovdqu T1, (I*8+1)*32(%rsp)
> - vpshufb F, T2, T2
> - vmovdqu T2, (I*8+2)*32(%rsp)
> - vpshufb F, T3, T3
> - vmovdqu T3, (I*8+3)*32(%rsp)
> - vpshufb F, T4, T4
> - vmovdqu T4, (I*8+4)*32(%rsp)
> - vpshufb F, T5, T5
> - vmovdqu T5, (I*8+5)*32(%rsp)
> - vpshufb F, T6, T6
> - vmovdqu T6, (I*8+6)*32(%rsp)
> - vpshufb F, T7, T7
> - vmovdqu T7, (I*8+7)*32(%rsp)
> - add $32, IDX
> - I = (I+1)
> -.endr
> - # save old digests
> - vmovdqu A,AA
> - vmovdqu B,BB
> - vmovdqu C,CC
> - vmovdqu D,DD
> - vmovdqu E,EE
> -
> -##
> -## perform 0-79 steps
> -##
> - vmovdqu K00_19(%rip), K
> -## do rounds 0...15
> - I = 0
> -.rep 16
> - SHA1_STEP_00_15 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F0
> - ROTATE_ARGS
> - I = (I+1)
> -.endr
> -
> -## do rounds 16...19
> - vmovdqu ((16 - 16) & 15) * 32 (%rsp), W16
> - vmovdqu ((16 - 15) & 15) * 32 (%rsp), W15
> -.rep 4
> - SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F0
> - ROTATE_ARGS
> - I = (I+1)
> -.endr
> -
> -## do rounds 20...39
> - vmovdqu K20_39(%rip), K
> -.rep 20
> - SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F1
> - ROTATE_ARGS
> - I = (I+1)
> -.endr
> -
> -## do rounds 40...59
> - vmovdqu K40_59(%rip), K
> -.rep 20
> - SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F2
> - ROTATE_ARGS
> - I = (I+1)
> -.endr
> -
> -## do rounds 60...79
> - vmovdqu K60_79(%rip), K
> -.rep 20
> - SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F3
> - ROTATE_ARGS
> - I = (I+1)
> -.endr
> -
> - vpaddd AA,A,A
> - vpaddd BB,B,B
> - vpaddd CC,C,C
> - vpaddd DD,D,D
> - vpaddd EE,E,E
> -
> - sub $1, arg2
> - jne lloop
> -
> - # write out digests
> - vmovdqu A, 0*32(arg1)
> - vmovdqu B, 1*32(arg1)
> - vmovdqu C, 2*32(arg1)
> - vmovdqu D, 3*32(arg1)
> - vmovdqu E, 4*32(arg1)
> -
> - # update input pointers
> - add IDX, inp0
> - add IDX, inp1
> - add IDX, inp2
> - add IDX, inp3
> - add IDX, inp4
> - add IDX, inp5
> - add IDX, inp6
> - add IDX, inp7
> - mov inp0, _data_ptr (arg1)
> - mov inp1, _data_ptr + 1*8(arg1)
> - mov inp2, _data_ptr + 2*8(arg1)
> - mov inp3, _data_ptr + 3*8(arg1)
> - mov inp4, _data_ptr + 4*8(arg1)
> - mov inp5, _data_ptr + 5*8(arg1)
> - mov inp6, _data_ptr + 6*8(arg1)
> - mov inp7, _data_ptr + 7*8(arg1)
> -
> - ################
> - ## Postamble
> -
> - mov RSP_SAVE, %rsp
> -
> - # restore callee-saved clobbered registers
> - pop %r15
> - pop %r14
> - pop %r13
> - pop %r12
> -
> - ret
> -ENDPROC(sha1_x8_avx2)
> -
> -
> -.section .rodata.cst32.K00_19, "aM", @progbits, 32
> -.align 32
> -K00_19:
> -.octa 0x5A8279995A8279995A8279995A827999
> -.octa 0x5A8279995A8279995A8279995A827999
> -
> -.section .rodata.cst32.K20_39, "aM", @progbits, 32
> -.align 32
> -K20_39:
> -.octa 0x6ED9EBA16ED9EBA16ED9EBA16ED9EBA1
> -.octa 0x6ED9EBA16ED9EBA16ED9EBA16ED9EBA1
> -
> -.section .rodata.cst32.K40_59, "aM", @progbits, 32
> -.align 32
> -K40_59:
> -.octa 0x8F1BBCDC8F1BBCDC8F1BBCDC8F1BBCDC
> -.octa 0x8F1BBCDC8F1BBCDC8F1BBCDC8F1BBCDC
> -
> -.section .rodata.cst32.K60_79, "aM", @progbits, 32
> -.align 32
> -K60_79:
> -.octa 0xCA62C1D6CA62C1D6CA62C1D6CA62C1D6
> -.octa 0xCA62C1D6CA62C1D6CA62C1D6CA62C1D6
> -
> -.section .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 32
> -.align 32
> -PSHUFFLE_BYTE_FLIP_MASK:
> -.octa 0x0c0d0e0f08090a0b0405060700010203
> -.octa 0x0c0d0e0f08090a0b0405060700010203
> diff --git a/arch/x86/crypto/sha256-mb/Makefile b/arch/x86/crypto/sha256-mb/Makefile
> deleted file mode 100644
> index 53ad6e7db747..000000000000
> --- a/arch/x86/crypto/sha256-mb/Makefile
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -# SPDX-License-Identifier: GPL-2.0
> -#
> -# Arch-specific CryptoAPI modules.
> -#
> -
> -OBJECT_FILES_NON_STANDARD := y
> -
> -avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
> - $(comma)4)$(comma)%ymm2,yes,no)
> -ifeq ($(avx2_supported),yes)
> - obj-$(CONFIG_CRYPTO_SHA256_MB) += sha256-mb.o
> - sha256-mb-y := sha256_mb.o sha256_mb_mgr_flush_avx2.o \
> - sha256_mb_mgr_init_avx2.o sha256_mb_mgr_submit_avx2.o sha256_x8_avx2.o
> -endif
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c
> deleted file mode 100644
> index 97c5fc43e115..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb.c
> +++ /dev/null
> @@ -1,1013 +0,0 @@
> -/*
> - * Multi buffer SHA256 algorithm Glue Code
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
> -#include <crypto/internal/hash.h>
> -#include <linux/init.h>
> -#include <linux/module.h>
> -#include <linux/mm.h>
> -#include <linux/cryptohash.h>
> -#include <linux/types.h>
> -#include <linux/list.h>
> -#include <crypto/scatterwalk.h>
> -#include <crypto/sha.h>
> -#include <crypto/mcryptd.h>
> -#include <crypto/crypto_wq.h>
> -#include <asm/byteorder.h>
> -#include <linux/hardirq.h>
> -#include <asm/fpu/api.h>
> -#include "sha256_mb_ctx.h"
> -
> -#define FLUSH_INTERVAL 1000 /* in usec */
> -
> -static struct mcryptd_alg_state sha256_mb_alg_state;
> -
> -struct sha256_mb_ctx {
> - struct mcryptd_ahash *mcryptd_tfm;
> -};
> -
> -static inline struct mcryptd_hash_request_ctx
> - *cast_hash_to_mcryptd_ctx(struct sha256_hash_ctx *hash_ctx)
> -{
> - struct ahash_request *areq;
> -
> - areq = container_of((void *) hash_ctx, struct ahash_request, __ctx);
> - return container_of(areq, struct mcryptd_hash_request_ctx, areq);
> -}
> -
> -static inline struct ahash_request
> - *cast_mcryptd_ctx_to_req(struct mcryptd_hash_request_ctx *ctx)
> -{
> - return container_of((void *) ctx, struct ahash_request, __ctx);
> -}
> -
> -static void req_ctx_init(struct mcryptd_hash_request_ctx *rctx,
> - struct ahash_request *areq)
> -{
> - rctx->flag = HASH_UPDATE;
> -}
> -
> -static asmlinkage void (*sha256_job_mgr_init)(struct sha256_mb_mgr *state);
> -static asmlinkage struct job_sha256* (*sha256_job_mgr_submit)
> - (struct sha256_mb_mgr *state, struct job_sha256 *job);
> -static asmlinkage struct job_sha256* (*sha256_job_mgr_flush)
> - (struct sha256_mb_mgr *state);
> -static asmlinkage struct job_sha256* (*sha256_job_mgr_get_comp_job)
> - (struct sha256_mb_mgr *state);
> -
> -inline uint32_t sha256_pad(uint8_t padblock[SHA256_BLOCK_SIZE * 2],
> - uint64_t total_len)
> -{
> - uint32_t i = total_len & (SHA256_BLOCK_SIZE - 1);
> -
> - memset(&padblock[i], 0, SHA256_BLOCK_SIZE);
> - padblock[i] = 0x80;
> -
> - i += ((SHA256_BLOCK_SIZE - 1) &
> - (0 - (total_len + SHA256_PADLENGTHFIELD_SIZE + 1)))
> - + 1 + SHA256_PADLENGTHFIELD_SIZE;
> -
> -#if SHA256_PADLENGTHFIELD_SIZE == 16
> - *((uint64_t *) &padblock[i - 16]) = 0;
> -#endif
> -
> - *((uint64_t *) &padblock[i - 8]) = cpu_to_be64(total_len << 3);
> -
> - /* Number of extra blocks to hash */
> - return i >> SHA256_LOG2_BLOCK_SIZE;
> -}
> -
> -static struct sha256_hash_ctx
> - *sha256_ctx_mgr_resubmit(struct sha256_ctx_mgr *mgr,
> - struct sha256_hash_ctx *ctx)
> -{
> - while (ctx) {
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Clear PROCESSING bit */
> - ctx->status = HASH_CTX_STS_COMPLETE;
> - return ctx;
> - }
> -
> - /*
> - * If the extra blocks are empty, begin hashing what remains
> - * in the user's buffer.
> - */
> - if (ctx->partial_block_buffer_length == 0 &&
> - ctx->incoming_buffer_length) {
> -
> - const void *buffer = ctx->incoming_buffer;
> - uint32_t len = ctx->incoming_buffer_length;
> - uint32_t copy_len;
> -
> - /*
> - * Only entire blocks can be hashed.
> - * Copy remainder to extra blocks buffer.
> - */
> - copy_len = len & (SHA256_BLOCK_SIZE-1);
> -
> - if (copy_len) {
> - len -= copy_len;
> - memcpy(ctx->partial_block_buffer,
> - ((const char *) buffer + len),
> - copy_len);
> - ctx->partial_block_buffer_length = copy_len;
> - }
> -
> - ctx->incoming_buffer_length = 0;
> -
> - /* len should be a multiple of the block size now */
> - assert((len % SHA256_BLOCK_SIZE) == 0);
> -
> - /* Set len to the number of blocks to be hashed */
> - len >>= SHA256_LOG2_BLOCK_SIZE;
> -
> - if (len) {
> -
> - ctx->job.buffer = (uint8_t *) buffer;
> - ctx->job.len = len;
> - ctx = (struct sha256_hash_ctx *)
> - sha256_job_mgr_submit(&mgr->mgr, &ctx->job);
> - continue;
> - }
> - }
> -
> - /*
> - * If the extra blocks are not empty, then we are
> - * either on the last block(s) or we need more
> - * user input before continuing.
> - */
> - if (ctx->status & HASH_CTX_STS_LAST) {
> -
> - uint8_t *buf = ctx->partial_block_buffer;
> - uint32_t n_extra_blocks =
> - sha256_pad(buf, ctx->total_length);
> -
> - ctx->status = (HASH_CTX_STS_PROCESSING |
> - HASH_CTX_STS_COMPLETE);
> - ctx->job.buffer = buf;
> - ctx->job.len = (uint32_t) n_extra_blocks;
> - ctx = (struct sha256_hash_ctx *)
> - sha256_job_mgr_submit(&mgr->mgr, &ctx->job);
> - continue;
> - }
> -
> - ctx->status = HASH_CTX_STS_IDLE;
> - return ctx;
> - }
> -
> - return NULL;
> -}
> -
> -static struct sha256_hash_ctx
> - *sha256_ctx_mgr_get_comp_ctx(struct sha256_ctx_mgr *mgr)
> -{
> - /*
> - * If get_comp_job returns NULL, there are no jobs complete.
> - * If get_comp_job returns a job, verify that it is safe to return to
> - * the user. If it is not ready, resubmit the job to finish processing.
> - * If sha256_ctx_mgr_resubmit returned a job, it is ready to be
> - * returned. Otherwise, all jobs currently being managed by the
> - * hash_ctx_mgr still need processing.
> - */
> - struct sha256_hash_ctx *ctx;
> -
> - ctx = (struct sha256_hash_ctx *) sha256_job_mgr_get_comp_job(&mgr->mgr);
> - return sha256_ctx_mgr_resubmit(mgr, ctx);
> -}
> -
> -static void sha256_ctx_mgr_init(struct sha256_ctx_mgr *mgr)
> -{
> - sha256_job_mgr_init(&mgr->mgr);
> -}
> -
> -static struct sha256_hash_ctx *sha256_ctx_mgr_submit(struct sha256_ctx_mgr *mgr,
> - struct sha256_hash_ctx *ctx,
> - const void *buffer,
> - uint32_t len,
> - int flags)
> -{
> - if (flags & ~(HASH_UPDATE | HASH_LAST)) {
> - /* User should not pass anything other than UPDATE or LAST */
> - ctx->error = HASH_CTX_ERROR_INVALID_FLAGS;
> - return ctx;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_PROCESSING) {
> - /* Cannot submit to a currently processing job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_PROCESSING;
> - return ctx;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Cannot update a finished job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_COMPLETED;
> - return ctx;
> - }
> -
> - /* If we made it here, there was no error during this call to submit */
> - ctx->error = HASH_CTX_ERROR_NONE;
> -
> - /* Store buffer ptr info from user */
> - ctx->incoming_buffer = buffer;
> - ctx->incoming_buffer_length = len;
> -
> - /*
> - * Store the user's request flags and mark this ctx as currently
> - * being processed.
> - */
> - ctx->status = (flags & HASH_LAST) ?
> - (HASH_CTX_STS_PROCESSING | HASH_CTX_STS_LAST) :
> - HASH_CTX_STS_PROCESSING;
> -
> - /* Advance byte counter */
> - ctx->total_length += len;
> -
> - /*
> - * If there is anything currently buffered in the extra blocks,
> - * append to it until it contains a whole block.
> - * Or if the user's buffer contains less than a whole block,
> - * append as much as possible to the extra block.
> - */
> - if (ctx->partial_block_buffer_length || len < SHA256_BLOCK_SIZE) {
> - /*
> - * Compute how many bytes to copy from user buffer into
> - * extra block
> - */
> - uint32_t copy_len = SHA256_BLOCK_SIZE -
> - ctx->partial_block_buffer_length;
> - if (len < copy_len)
> - copy_len = len;
> -
> - if (copy_len) {
> - /* Copy and update relevant pointers and counters */
> - memcpy(
> - &ctx->partial_block_buffer[ctx->partial_block_buffer_length],
> - buffer, copy_len);
> -
> - ctx->partial_block_buffer_length += copy_len;
> - ctx->incoming_buffer = (const void *)
> - ((const char *)buffer + copy_len);
> - ctx->incoming_buffer_length = len - copy_len;
> - }
> -
> - /* The extra block should never contain more than 1 block */
> - assert(ctx->partial_block_buffer_length <= SHA256_BLOCK_SIZE);
> -
> - /*
> - * If the extra block buffer contains exactly 1 block,
> - * it can be hashed.
> - */
> - if (ctx->partial_block_buffer_length >= SHA256_BLOCK_SIZE) {
> - ctx->partial_block_buffer_length = 0;
> -
> - ctx->job.buffer = ctx->partial_block_buffer;
> - ctx->job.len = 1;
> - ctx = (struct sha256_hash_ctx *)
> - sha256_job_mgr_submit(&mgr->mgr, &ctx->job);
> - }
> - }
> -
> - return sha256_ctx_mgr_resubmit(mgr, ctx);
> -}
> -
> -static struct sha256_hash_ctx *sha256_ctx_mgr_flush(struct sha256_ctx_mgr *mgr)
> -{
> - struct sha256_hash_ctx *ctx;
> -
> - while (1) {
> - ctx = (struct sha256_hash_ctx *)
> - sha256_job_mgr_flush(&mgr->mgr);
> -
> - /* If flush returned 0, there are no more jobs in flight. */
> - if (!ctx)
> - return NULL;
> -
> - /*
> - * If flush returned a job, resubmit the job to finish
> - * processing.
> - */
> - ctx = sha256_ctx_mgr_resubmit(mgr, ctx);
> -
> - /*
> - * If sha256_ctx_mgr_resubmit returned a job, it is ready to
> - * be returned. Otherwise, all jobs currently being managed by
> - * the sha256_ctx_mgr still need processing. Loop.
> - */
> - if (ctx)
> - return ctx;
> - }
> -}
> -
> -static int sha256_mb_init(struct ahash_request *areq)
> -{
> - struct sha256_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - hash_ctx_init(sctx);
> - sctx->job.result_digest[0] = SHA256_H0;
> - sctx->job.result_digest[1] = SHA256_H1;
> - sctx->job.result_digest[2] = SHA256_H2;
> - sctx->job.result_digest[3] = SHA256_H3;
> - sctx->job.result_digest[4] = SHA256_H4;
> - sctx->job.result_digest[5] = SHA256_H5;
> - sctx->job.result_digest[6] = SHA256_H6;
> - sctx->job.result_digest[7] = SHA256_H7;
> - sctx->total_length = 0;
> - sctx->partial_block_buffer_length = 0;
> - sctx->status = HASH_CTX_STS_IDLE;
> -
> - return 0;
> -}
> -
> -static int sha256_mb_set_results(struct mcryptd_hash_request_ctx *rctx)
> -{
> - int i;
> - struct sha256_hash_ctx *sctx = ahash_request_ctx(&rctx->areq);
> - __be32 *dst = (__be32 *) rctx->out;
> -
> - for (i = 0; i < 8; ++i)
> - dst[i] = cpu_to_be32(sctx->job.result_digest[i]);
> -
> - return 0;
> -}
> -
> -static int sha_finish_walk(struct mcryptd_hash_request_ctx **ret_rctx,
> - struct mcryptd_alg_cstate *cstate, bool flush)
> -{
> - int flag = HASH_UPDATE;
> - int nbytes, err = 0;
> - struct mcryptd_hash_request_ctx *rctx = *ret_rctx;
> - struct sha256_hash_ctx *sha_ctx;
> -
> - /* more work ? */
> - while (!(rctx->flag & HASH_DONE)) {
> - nbytes = crypto_ahash_walk_done(&rctx->walk, 0);
> - if (nbytes < 0) {
> - err = nbytes;
> - goto out;
> - }
> - /* check if the walk is done */
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - if (rctx->flag & HASH_FINAL)
> - flag |= HASH_LAST;
> -
> - }
> - sha_ctx = (struct sha256_hash_ctx *)
> - ahash_request_ctx(&rctx->areq);
> - kernel_fpu_begin();
> - sha_ctx = sha256_ctx_mgr_submit(cstate->mgr, sha_ctx,
> - rctx->walk.data, nbytes, flag);
> - if (!sha_ctx) {
> - if (flush)
> - sha_ctx = sha256_ctx_mgr_flush(cstate->mgr);
> - }
> - kernel_fpu_end();
> - if (sha_ctx)
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - else {
> - rctx = NULL;
> - goto out;
> - }
> - }
> -
> - /* copy the results */
> - if (rctx->flag & HASH_FINAL)
> - sha256_mb_set_results(rctx);
> -
> -out:
> - *ret_rctx = rctx;
> - return err;
> -}
> -
> -static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate,
> - int err)
> -{
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha256_hash_ctx *sha_ctx;
> - struct mcryptd_hash_request_ctx *req_ctx;
> - int ret;
> -
> - /* remove from work list */
> - spin_lock(&cstate->work_lock);
> - list_del(&rctx->waiter);
> - spin_unlock(&cstate->work_lock);
> -
> - if (irqs_disabled())
> - rctx->complete(&req->base, err);
> - else {
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> - }
> -
> - /* check to see if there are other jobs that are done */
> - sha_ctx = sha256_ctx_mgr_get_comp_ctx(cstate->mgr);
> - while (sha_ctx) {
> - req_ctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&req_ctx, cstate, false);
> - if (req_ctx) {
> - spin_lock(&cstate->work_lock);
> - list_del(&req_ctx->waiter);
> - spin_unlock(&cstate->work_lock);
> -
> - req = cast_mcryptd_ctx_to_req(req_ctx);
> - if (irqs_disabled())
> - req_ctx->complete(&req->base, ret);
> - else {
> - local_bh_disable();
> - req_ctx->complete(&req->base, ret);
> - local_bh_enable();
> - }
> - }
> - sha_ctx = sha256_ctx_mgr_get_comp_ctx(cstate->mgr);
> - }
> -
> - return 0;
> -}
> -
> -static void sha256_mb_add_list(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate)
> -{
> - unsigned long next_flush;
> - unsigned long delay = usecs_to_jiffies(FLUSH_INTERVAL);
> -
> - /* initialize tag */
> - rctx->tag.arrival = jiffies; /* tag the arrival time */
> - rctx->tag.seq_num = cstate->next_seq_num++;
> - next_flush = rctx->tag.arrival + delay;
> - rctx->tag.expire = next_flush;
> -
> - spin_lock(&cstate->work_lock);
> - list_add_tail(&rctx->waiter, &cstate->work_list);
> - spin_unlock(&cstate->work_lock);
> -
> - mcryptd_arm_flusher(cstate, delay);
> -}
> -
> -static int sha256_mb_update(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx, areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha256_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha256_hash_ctx *sha_ctx;
> - int ret = 0, nbytes;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk))
> - rctx->flag |= HASH_DONE;
> -
> - /* submit */
> - sha_ctx = (struct sha256_hash_ctx *) ahash_request_ctx(areq);
> - sha256_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha256_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
> - nbytes, HASH_UPDATE);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> -
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha256_mb_finup(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx, areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha256_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha256_hash_ctx *sha_ctx;
> - int ret = 0, flag = HASH_UPDATE, nbytes;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - flag = HASH_LAST;
> - }
> -
> - /* submit */
> - rctx->flag |= HASH_FINAL;
> - sha_ctx = (struct sha256_hash_ctx *) ahash_request_ctx(areq);
> - sha256_mb_add_list(rctx, cstate);
> -
> - kernel_fpu_begin();
> - sha_ctx = sha256_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
> - nbytes, flag);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha256_mb_final(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx,
> - areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha256_mb_alg_state.alg_cstate);
> -
> - struct sha256_hash_ctx *sha_ctx;
> - int ret = 0;
> - u8 data;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - rctx->flag |= HASH_DONE | HASH_FINAL;
> -
> - sha_ctx = (struct sha256_hash_ctx *) ahash_request_ctx(areq);
> - /* flag HASH_FINAL and 0 data size */
> - sha256_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha256_ctx_mgr_submit(cstate->mgr, sha_ctx, &data, 0,
> - HASH_LAST);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha256_mb_export(struct ahash_request *areq, void *out)
> -{
> - struct sha256_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(out, sctx, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha256_mb_import(struct ahash_request *areq, const void *in)
> -{
> - struct sha256_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(sctx, in, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha256_mb_async_init_tfm(struct crypto_tfm *tfm)
> -{
> - struct mcryptd_ahash *mcryptd_tfm;
> - struct sha256_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> - struct mcryptd_hash_ctx *mctx;
> -
> - mcryptd_tfm = mcryptd_alloc_ahash("__intel_sha256-mb",
> - CRYPTO_ALG_INTERNAL,
> - CRYPTO_ALG_INTERNAL);
> - if (IS_ERR(mcryptd_tfm))
> - return PTR_ERR(mcryptd_tfm);
> - mctx = crypto_ahash_ctx(&mcryptd_tfm->base);
> - mctx->alg_state = &sha256_mb_alg_state;
> - ctx->mcryptd_tfm = mcryptd_tfm;
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - crypto_ahash_reqsize(&mcryptd_tfm->base));
> -
> - return 0;
> -}
> -
> -static void sha256_mb_async_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha256_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static int sha256_mb_areq_init_tfm(struct crypto_tfm *tfm)
> -{
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - sizeof(struct sha256_hash_ctx));
> -
> - return 0;
> -}
> -
> -static void sha256_mb_areq_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha256_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static struct ahash_alg sha256_mb_areq_alg = {
> - .init = sha256_mb_init,
> - .update = sha256_mb_update,
> - .final = sha256_mb_final,
> - .finup = sha256_mb_finup,
> - .export = sha256_mb_export,
> - .import = sha256_mb_import,
> - .halg = {
> - .digestsize = SHA256_DIGEST_SIZE,
> - .statesize = sizeof(struct sha256_hash_ctx),
> - .base = {
> - .cra_name = "__sha256-mb",
> - .cra_driver_name = "__intel_sha256-mb",
> - .cra_priority = 100,
> - /*
> - * use ASYNC flag as some buffers in multi-buffer
> - * algo may not have completed before hashing thread
> - * sleep
> - */
> - .cra_flags = CRYPTO_ALG_ASYNC |
> - CRYPTO_ALG_INTERNAL,
> - .cra_blocksize = SHA256_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT
> - (sha256_mb_areq_alg.halg.base.cra_list),
> - .cra_init = sha256_mb_areq_init_tfm,
> - .cra_exit = sha256_mb_areq_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha256_hash_ctx),
> - }
> - }
> -};
> -
> -static int sha256_mb_async_init(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_init(mcryptd_req);
> -}
> -
> -static int sha256_mb_async_update(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_update(mcryptd_req);
> -}
> -
> -static int sha256_mb_async_finup(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_finup(mcryptd_req);
> -}
> -
> -static int sha256_mb_async_final(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_final(mcryptd_req);
> -}
> -
> -static int sha256_mb_async_digest(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_digest(mcryptd_req);
> -}
> -
> -static int sha256_mb_async_export(struct ahash_request *req, void *out)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_export(mcryptd_req, out);
> -}
> -
> -static int sha256_mb_async_import(struct ahash_request *req, const void *in)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha256_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> - struct crypto_ahash *child = mcryptd_ahash_child(mcryptd_tfm);
> - struct mcryptd_hash_request_ctx *rctx;
> - struct ahash_request *areq;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - rctx = ahash_request_ctx(mcryptd_req);
> - areq = &rctx->areq;
> -
> - ahash_request_set_tfm(areq, child);
> - ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_SLEEP,
> - rctx->complete, req);
> -
> - return crypto_ahash_import(mcryptd_req, in);
> -}
> -
> -static struct ahash_alg sha256_mb_async_alg = {
> - .init = sha256_mb_async_init,
> - .update = sha256_mb_async_update,
> - .final = sha256_mb_async_final,
> - .finup = sha256_mb_async_finup,
> - .export = sha256_mb_async_export,
> - .import = sha256_mb_async_import,
> - .digest = sha256_mb_async_digest,
> - .halg = {
> - .digestsize = SHA256_DIGEST_SIZE,
> - .statesize = sizeof(struct sha256_hash_ctx),
> - .base = {
> - .cra_name = "sha256",
> - .cra_driver_name = "sha256_mb",
> - /*
> - * Low priority, since with few concurrent hash requests
> - * this is extremely slow due to the flush delay. Users
> - * whose workloads would benefit from this can request
> - * it explicitly by driver name, or can increase its
> - * priority at runtime using NETLINK_CRYPTO.
> - */
> - .cra_priority = 50,
> - .cra_flags = CRYPTO_ALG_ASYNC,
> - .cra_blocksize = SHA256_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT
> - (sha256_mb_async_alg.halg.base.cra_list),
> - .cra_init = sha256_mb_async_init_tfm,
> - .cra_exit = sha256_mb_async_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha256_mb_ctx),
> - .cra_alignmask = 0,
> - },
> - },
> -};
> -
> -static unsigned long sha256_mb_flusher(struct mcryptd_alg_cstate *cstate)
> -{
> - struct mcryptd_hash_request_ctx *rctx;
> - unsigned long cur_time;
> - unsigned long next_flush = 0;
> - struct sha256_hash_ctx *sha_ctx;
> -
> -
> - cur_time = jiffies;
> -
> - while (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - if (time_before(cur_time, rctx->tag.expire))
> - break;
> - kernel_fpu_begin();
> - sha_ctx = (struct sha256_hash_ctx *)
> - sha256_ctx_mgr_flush(cstate->mgr);
> - kernel_fpu_end();
> - if (!sha_ctx) {
> - pr_err("sha256_mb error: nothing got"
> - " flushed for non-empty list\n");
> - break;
> - }
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - sha_finish_walk(&rctx, cstate, true);
> - sha_complete_job(rctx, cstate, 0);
> - }
> -
> - if (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - /* get the hash context and then flush time */
> - next_flush = rctx->tag.expire;
> - mcryptd_arm_flusher(cstate, get_delay(next_flush));
> - }
> - return next_flush;
> -}
> -
> -static int __init sha256_mb_mod_init(void)
> -{
> -
> - int cpu;
> - int err;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - /* check for dependent cpu features */
> - if (!boot_cpu_has(X86_FEATURE_AVX2) ||
> - !boot_cpu_has(X86_FEATURE_BMI2))
> - return -ENODEV;
> -
> - /* initialize multibuffer structures */
> - sha256_mb_alg_state.alg_cstate = alloc_percpu
> - (struct mcryptd_alg_cstate);
> -
> - sha256_job_mgr_init = sha256_mb_mgr_init_avx2;
> - sha256_job_mgr_submit = sha256_mb_mgr_submit_avx2;
> - sha256_job_mgr_flush = sha256_mb_mgr_flush_avx2;
> - sha256_job_mgr_get_comp_job = sha256_mb_mgr_get_comp_job_avx2;
> -
> - if (!sha256_mb_alg_state.alg_cstate)
> - return -ENOMEM;
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha256_mb_alg_state.alg_cstate, cpu);
> - cpu_state->next_flush = 0;
> - cpu_state->next_seq_num = 0;
> - cpu_state->flusher_engaged = false;
> - INIT_DELAYED_WORK(&cpu_state->flush, mcryptd_flusher);
> - cpu_state->cpu = cpu;
> - cpu_state->alg_state = &sha256_mb_alg_state;
> - cpu_state->mgr = kzalloc(sizeof(struct sha256_ctx_mgr),
> - GFP_KERNEL);
> - if (!cpu_state->mgr)
> - goto err2;
> - sha256_ctx_mgr_init(cpu_state->mgr);
> - INIT_LIST_HEAD(&cpu_state->work_list);
> - spin_lock_init(&cpu_state->work_lock);
> - }
> - sha256_mb_alg_state.flusher = &sha256_mb_flusher;
> -
> - err = crypto_register_ahash(&sha256_mb_areq_alg);
> - if (err)
> - goto err2;
> - err = crypto_register_ahash(&sha256_mb_async_alg);
> - if (err)
> - goto err1;
> -
> -
> - return 0;
> -err1:
> - crypto_unregister_ahash(&sha256_mb_areq_alg);
> -err2:
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha256_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha256_mb_alg_state.alg_cstate);
> - return -ENODEV;
> -}
> -
> -static void __exit sha256_mb_mod_fini(void)
> -{
> - int cpu;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - crypto_unregister_ahash(&sha256_mb_async_alg);
> - crypto_unregister_ahash(&sha256_mb_areq_alg);
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha256_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha256_mb_alg_state.alg_cstate);
> -}
> -
> -module_init(sha256_mb_mod_init);
> -module_exit(sha256_mb_mod_fini);
> -
> -MODULE_LICENSE("GPL");
> -MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm, multi buffer accelerated");
> -
> -MODULE_ALIAS_CRYPTO("sha256");
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_ctx.h b/arch/x86/crypto/sha256-mb/sha256_mb_ctx.h
> deleted file mode 100644
> index 7c432543dc7f..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_ctx.h
> +++ /dev/null
> @@ -1,134 +0,0 @@
> -/*
> - * Header file for multi buffer SHA256 context
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#ifndef _SHA_MB_CTX_INTERNAL_H
> -#define _SHA_MB_CTX_INTERNAL_H
> -
> -#include "sha256_mb_mgr.h"
> -
> -#define HASH_UPDATE 0x00
> -#define HASH_LAST 0x01
> -#define HASH_DONE 0x02
> -#define HASH_FINAL 0x04
> -
> -#define HASH_CTX_STS_IDLE 0x00
> -#define HASH_CTX_STS_PROCESSING 0x01
> -#define HASH_CTX_STS_LAST 0x02
> -#define HASH_CTX_STS_COMPLETE 0x04
> -
> -enum hash_ctx_error {
> - HASH_CTX_ERROR_NONE = 0,
> - HASH_CTX_ERROR_INVALID_FLAGS = -1,
> - HASH_CTX_ERROR_ALREADY_PROCESSING = -2,
> - HASH_CTX_ERROR_ALREADY_COMPLETED = -3,
> -
> -#ifdef HASH_CTX_DEBUG
> - HASH_CTX_ERROR_DEBUG_DIGEST_MISMATCH = -4,
> -#endif
> -};
> -
> -
> -#define hash_ctx_user_data(ctx) ((ctx)->user_data)
> -#define hash_ctx_digest(ctx) ((ctx)->job.result_digest)
> -#define hash_ctx_processing(ctx) ((ctx)->status & HASH_CTX_STS_PROCESSING)
> -#define hash_ctx_complete(ctx) ((ctx)->status == HASH_CTX_STS_COMPLETE)
> -#define hash_ctx_status(ctx) ((ctx)->status)
> -#define hash_ctx_error(ctx) ((ctx)->error)
> -#define hash_ctx_init(ctx) \
> - do { \
> - (ctx)->error = HASH_CTX_ERROR_NONE; \
> - (ctx)->status = HASH_CTX_STS_COMPLETE; \
> - } while (0)
> -
> -
> -/* Hash Constants and Typedefs */
> -#define SHA256_DIGEST_LENGTH 8
> -#define SHA256_LOG2_BLOCK_SIZE 6
> -
> -#define SHA256_PADLENGTHFIELD_SIZE 8
> -
> -#ifdef SHA_MB_DEBUG
> -#define assert(expr) \
> -do { \
> - if (unlikely(!(expr))) { \
> - printk(KERN_ERR "Assertion failed! %s,%s,%s,line=%d\n", \
> - #expr, __FILE__, __func__, __LINE__); \
> - } \
> -} while (0)
> -#else
> -#define assert(expr) do {} while (0)
> -#endif
> -
> -struct sha256_ctx_mgr {
> - struct sha256_mb_mgr mgr;
> -};
> -
> -/* typedef struct sha256_ctx_mgr sha256_ctx_mgr; */
> -
> -struct sha256_hash_ctx {
> - /* Must be at struct offset 0 */
> - struct job_sha256 job;
> - /* status flag */
> - int status;
> - /* error flag */
> - int error;
> -
> - uint64_t total_length;
> - const void *incoming_buffer;
> - uint32_t incoming_buffer_length;
> - uint8_t partial_block_buffer[SHA256_BLOCK_SIZE * 2];
> - uint32_t partial_block_buffer_length;
> - void *user_data;
> -};
> -
> -#endif
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr.h b/arch/x86/crypto/sha256-mb/sha256_mb_mgr.h
> deleted file mode 100644
> index b01ae408c56d..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr.h
> +++ /dev/null
> @@ -1,108 +0,0 @@
> -/*
> - * Header file for multi buffer SHA256 algorithm manager
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -#ifndef __SHA_MB_MGR_H
> -#define __SHA_MB_MGR_H
> -
> -#include <linux/types.h>
> -
> -#define NUM_SHA256_DIGEST_WORDS 8
> -
> -enum job_sts { STS_UNKNOWN = 0,
> - STS_BEING_PROCESSED = 1,
> - STS_COMPLETED = 2,
> - STS_INTERNAL_ERROR = 3,
> - STS_ERROR = 4
> -};
> -
> -struct job_sha256 {
> - u8 *buffer;
> - u32 len;
> - u32 result_digest[NUM_SHA256_DIGEST_WORDS] __aligned(32);
> - enum job_sts status;
> - void *user_data;
> -};
> -
> -/* SHA256 out-of-order scheduler */
> -
> -/* typedef uint32_t sha8_digest_array[8][8]; */
> -
> -struct sha256_args_x8 {
> - uint32_t digest[8][8];
> - uint8_t *data_ptr[8];
> -};
> -
> -struct sha256_lane_data {
> - struct job_sha256 *job_in_lane;
> -};
> -
> -struct sha256_mb_mgr {
> - struct sha256_args_x8 args;
> -
> - uint32_t lens[8];
> -
> - /* each byte is index (0...7) of unused lanes */
> - uint64_t unused_lanes;
> - /* byte 4 is set to FF as a flag */
> - struct sha256_lane_data ldata[8];
> -};
> -
> -
> -#define SHA256_MB_MGR_NUM_LANES_AVX2 8
> -
> -void sha256_mb_mgr_init_avx2(struct sha256_mb_mgr *state);
> -struct job_sha256 *sha256_mb_mgr_submit_avx2(struct sha256_mb_mgr *state,
> - struct job_sha256 *job);
> -struct job_sha256 *sha256_mb_mgr_flush_avx2(struct sha256_mb_mgr *state);
> -struct job_sha256 *sha256_mb_mgr_get_comp_job_avx2(struct sha256_mb_mgr *state);
> -
> -#endif
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_datastruct.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_datastruct.S
> deleted file mode 100644
> index 5c377bac21d0..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_datastruct.S
> +++ /dev/null
> @@ -1,304 +0,0 @@
> -/*
> - * Header file for multi buffer SHA256 algorithm data structure
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -# Macros for defining data structures
> -
> -# Usage example
> -
> -#START_FIELDS # JOB_AES
> -### name size align
> -#FIELD _plaintext, 8, 8 # pointer to plaintext
> -#FIELD _ciphertext, 8, 8 # pointer to ciphertext
> -#FIELD _IV, 16, 8 # IV
> -#FIELD _keys, 8, 8 # pointer to keys
> -#FIELD _len, 4, 4 # length in bytes
> -#FIELD _status, 4, 4 # status enumeration
> -#FIELD _user_data, 8, 8 # pointer to user data
> -#UNION _union, size1, align1, \
> -# size2, align2, \
> -# size3, align3, \
> -# ...
> -#END_FIELDS
> -#%assign _JOB_AES_size _FIELD_OFFSET
> -#%assign _JOB_AES_align _STRUCT_ALIGN
> -
> -#########################################################################
> -
> -# Alternate "struc-like" syntax:
> -# STRUCT job_aes2
> -# RES_Q .plaintext, 1
> -# RES_Q .ciphertext, 1
> -# RES_DQ .IV, 1
> -# RES_B .nested, _JOB_AES_SIZE, _JOB_AES_ALIGN
> -# RES_U .union, size1, align1, \
> -# size2, align2, \
> -# ...
> -# ENDSTRUCT
> -# # Following only needed if nesting
> -# %assign job_aes2_size _FIELD_OFFSET
> -# %assign job_aes2_align _STRUCT_ALIGN
> -#
> -# RES_* macros take a name, a count and an optional alignment.
> -# The count in in terms of the base size of the macro, and the
> -# default alignment is the base size.
> -# The macros are:
> -# Macro Base size
> -# RES_B 1
> -# RES_W 2
> -# RES_D 4
> -# RES_Q 8
> -# RES_DQ 16
> -# RES_Y 32
> -# RES_Z 64
> -#
> -# RES_U defines a union. It's arguments are a name and two or more
> -# pairs of "size, alignment"
> -#
> -# The two assigns are only needed if this structure is being nested
> -# within another. Even if the assigns are not done, one can still use
> -# STRUCT_NAME_size as the size of the structure.
> -#
> -# Note that for nesting, you still need to assign to STRUCT_NAME_size.
> -#
> -# The differences between this and using "struc" directly are that each
> -# type is implicitly aligned to its natural length (although this can be
> -# over-ridden with an explicit third parameter), and that the structure
> -# is padded at the end to its overall alignment.
> -#
> -
> -#########################################################################
> -
> -#ifndef _DATASTRUCT_ASM_
> -#define _DATASTRUCT_ASM_
> -
> -#define SZ8 8*SHA256_DIGEST_WORD_SIZE
> -#define ROUNDS 64*SZ8
> -#define PTR_SZ 8
> -#define SHA256_DIGEST_WORD_SIZE 4
> -#define MAX_SHA256_LANES 8
> -#define SHA256_DIGEST_WORDS 8
> -#define SHA256_DIGEST_ROW_SIZE (MAX_SHA256_LANES * SHA256_DIGEST_WORD_SIZE)
> -#define SHA256_DIGEST_SIZE (SHA256_DIGEST_ROW_SIZE * SHA256_DIGEST_WORDS)
> -#define SHA256_BLK_SZ 64
> -
> -# START_FIELDS
> -.macro START_FIELDS
> - _FIELD_OFFSET = 0
> - _STRUCT_ALIGN = 0
> -.endm
> -
> -# FIELD name size align
> -.macro FIELD name size align
> - _FIELD_OFFSET = (_FIELD_OFFSET + (\align) - 1) & (~ ((\align)-1))
> - \name = _FIELD_OFFSET
> - _FIELD_OFFSET = _FIELD_OFFSET + (\size)
> -.if (\align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = \align
> -.endif
> -.endm
> -
> -# END_FIELDS
> -.macro END_FIELDS
> - _FIELD_OFFSET = (_FIELD_OFFSET + _STRUCT_ALIGN-1) & (~ (_STRUCT_ALIGN-1))
> -.endm
> -
> -########################################################################
> -
> -.macro STRUCT p1
> -START_FIELDS
> -.struc \p1
> -.endm
> -
> -.macro ENDSTRUCT
> - tmp = _FIELD_OFFSET
> - END_FIELDS
> - tmp = (_FIELD_OFFSET - %%tmp)
> -.if (tmp > 0)
> - .lcomm tmp
> -.endif
> -.endstruc
> -.endm
> -
> -## RES_int name size align
> -.macro RES_int p1 p2 p3
> - name = \p1
> - size = \p2
> - align = .\p3
> -
> - _FIELD_OFFSET = (_FIELD_OFFSET + (align) - 1) & (~ ((align)-1))
> -.align align
> -.lcomm name size
> - _FIELD_OFFSET = _FIELD_OFFSET + (size)
> -.if (align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = align
> -.endif
> -.endm
> -
> -# macro RES_B name, size [, align]
> -.macro RES_B _name, _size, _align=1
> -RES_int _name _size _align
> -.endm
> -
> -# macro RES_W name, size [, align]
> -.macro RES_W _name, _size, _align=2
> -RES_int _name 2*(_size) _align
> -.endm
> -
> -# macro RES_D name, size [, align]
> -.macro RES_D _name, _size, _align=4
> -RES_int _name 4*(_size) _align
> -.endm
> -
> -# macro RES_Q name, size [, align]
> -.macro RES_Q _name, _size, _align=8
> -RES_int _name 8*(_size) _align
> -.endm
> -
> -# macro RES_DQ name, size [, align]
> -.macro RES_DQ _name, _size, _align=16
> -RES_int _name 16*(_size) _align
> -.endm
> -
> -# macro RES_Y name, size [, align]
> -.macro RES_Y _name, _size, _align=32
> -RES_int _name 32*(_size) _align
> -.endm
> -
> -# macro RES_Z name, size [, align]
> -.macro RES_Z _name, _size, _align=64
> -RES_int _name 64*(_size) _align
> -.endm
> -
> -#endif
> -
> -
> -########################################################################
> -#### Define SHA256 Out Of Order Data Structures
> -########################################################################
> -
> -START_FIELDS # LANE_DATA
> -### name size align
> -FIELD _job_in_lane, 8, 8 # pointer to job object
> -END_FIELDS
> -
> - _LANE_DATA_size = _FIELD_OFFSET
> - _LANE_DATA_align = _STRUCT_ALIGN
> -
> -########################################################################
> -
> -START_FIELDS # SHA256_ARGS_X4
> -### name size align
> -FIELD _digest, 4*8*8, 4 # transposed digest
> -FIELD _data_ptr, 8*8, 8 # array of pointers to data
> -END_FIELDS
> -
> - _SHA256_ARGS_X4_size = _FIELD_OFFSET
> - _SHA256_ARGS_X4_align = _STRUCT_ALIGN
> - _SHA256_ARGS_X8_size = _FIELD_OFFSET
> - _SHA256_ARGS_X8_align = _STRUCT_ALIGN
> -
> -#######################################################################
> -
> -START_FIELDS # MB_MGR
> -### name size align
> -FIELD _args, _SHA256_ARGS_X4_size, _SHA256_ARGS_X4_align
> -FIELD _lens, 4*8, 8
> -FIELD _unused_lanes, 8, 8
> -FIELD _ldata, _LANE_DATA_size*8, _LANE_DATA_align
> -END_FIELDS
> -
> - _MB_MGR_size = _FIELD_OFFSET
> - _MB_MGR_align = _STRUCT_ALIGN
> -
> -_args_digest = _args + _digest
> -_args_data_ptr = _args + _data_ptr
> -
> -#######################################################################
> -
> -START_FIELDS #STACK_FRAME
> -### name size align
> -FIELD _data, 16*SZ8, 1 # transposed digest
> -FIELD _digest, 8*SZ8, 1 # array of pointers to data
> -FIELD _ytmp, 4*SZ8, 1
> -FIELD _rsp, 8, 1
> -END_FIELDS
> -
> - _STACK_FRAME_size = _FIELD_OFFSET
> - _STACK_FRAME_align = _STRUCT_ALIGN
> -
> -#######################################################################
> -
> -########################################################################
> -#### Define constants
> -########################################################################
> -
> -#define STS_UNKNOWN 0
> -#define STS_BEING_PROCESSED 1
> -#define STS_COMPLETED 2
> -
> -########################################################################
> -#### Define JOB_SHA256 structure
> -########################################################################
> -
> -START_FIELDS # JOB_SHA256
> -
> -### name size align
> -FIELD _buffer, 8, 8 # pointer to buffer
> -FIELD _len, 8, 8 # length in bytes
> -FIELD _result_digest, 8*4, 32 # Digest (output)
> -FIELD _status, 4, 4
> -FIELD _user_data, 8, 8
> -END_FIELDS
> -
> - _JOB_SHA256_size = _FIELD_OFFSET
> - _JOB_SHA256_align = _STRUCT_ALIGN
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
> deleted file mode 100644
> index d2364c55bbde..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
> +++ /dev/null
> @@ -1,307 +0,0 @@
> -/*
> - * Flush routine for SHA256 multibuffer
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha256_mb_mgr_datastruct.S"
> -
> -.extern sha256_x8_avx2
> -
> -#LINUX register definitions
> -#define arg1 %rdi
> -#define arg2 %rsi
> -
> -# Common register definitions
> -#define state arg1
> -#define job arg2
> -#define len2 arg2
> -
> -# idx must be a register not clobberred by sha1_mult
> -#define idx %r8
> -#define DWORD_idx %r8d
> -
> -#define unused_lanes %rbx
> -#define lane_data %rbx
> -#define tmp2 %rbx
> -#define tmp2_w %ebx
> -
> -#define job_rax %rax
> -#define tmp1 %rax
> -#define size_offset %rax
> -#define tmp %rax
> -#define start_offset %rax
> -
> -#define tmp3 %arg1
> -
> -#define extra_blocks %arg2
> -#define p %arg2
> -
> -.macro LABEL prefix n
> -\prefix\n\():
> -.endm
> -
> -.macro JNE_SKIP i
> -jne skip_\i
> -.endm
> -
> -.altmacro
> -.macro SET_OFFSET _offset
> -offset = \_offset
> -.endm
> -.noaltmacro
> -
> -# JOB_SHA256* sha256_mb_mgr_flush_avx2(MB_MGR *state)
> -# arg 1 : rcx : state
> -ENTRY(sha256_mb_mgr_flush_avx2)
> - FRAME_BEGIN
> - push %rbx
> -
> - # If bit (32+3) is set, then all lanes are empty
> - mov _unused_lanes(state), unused_lanes
> - bt $32+3, unused_lanes
> - jc return_null
> -
> - # find a lane with a non-null job
> - xor idx, idx
> - offset = (_ldata + 1 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne one(%rip), idx
> - offset = (_ldata + 2 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne two(%rip), idx
> - offset = (_ldata + 3 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne three(%rip), idx
> - offset = (_ldata + 4 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne four(%rip), idx
> - offset = (_ldata + 5 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne five(%rip), idx
> - offset = (_ldata + 6 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne six(%rip), idx
> - offset = (_ldata + 7 * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne seven(%rip), idx
> -
> - # copy idx to empty lanes
> -copy_lane_data:
> - offset = (_args + _data_ptr)
> - mov offset(state,idx,8), tmp
> -
> - I = 0
> -.rep 8
> - offset = (_ldata + I * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> -.altmacro
> - JNE_SKIP %I
> - offset = (_args + _data_ptr + 8*I)
> - mov tmp, offset(state)
> - offset = (_lens + 4*I)
> - movl $0xFFFFFFFF, offset(state)
> -LABEL skip_ %I
> - I = (I+1)
> -.noaltmacro
> -.endr
> -
> - # Find min length
> - vmovdqu _lens+0*16(state), %xmm0
> - vmovdqu _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min val in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - mov idx, len2
> - and $0xF, idx
> - shr $4, len2
> - jz len_is_0
> -
> - vpand clear_low_nibble(%rip), %xmm2, %xmm2
> - vpshufd $0, %xmm2, %xmm2
> -
> - vpsubd %xmm2, %xmm0, %xmm0
> - vpsubd %xmm2, %xmm1, %xmm1
> -
> - vmovdqu %xmm0, _lens+0*16(state)
> - vmovdqu %xmm1, _lens+1*16(state)
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha256_x8_avx2
> - # state and idx are intact
> -
> -len_is_0:
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $4, unused_lanes
> - or idx, unused_lanes
> -
> - mov unused_lanes, _unused_lanes(state)
> - movl $0xFFFFFFFF, _lens(state,idx,4)
> -
> - vmovd _args_digest(state , idx, 4) , %xmm0
> - vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
> - vmovd _args_digest+4*32(state, idx, 4), %xmm1
> - vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1
> - vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1
> - vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - offset = (_result_digest + 1*16)
> - vmovdqu %xmm1, offset(job_rax)
> -
> -return:
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -ENDPROC(sha256_mb_mgr_flush_avx2)
> -
> -##############################################################################
> -
> -.align 16
> -ENTRY(sha256_mb_mgr_get_comp_job_avx2)
> - push %rbx
> -
> - ## if bit 32+3 is set, then all lanes are empty
> - mov _unused_lanes(state), unused_lanes
> - bt $(32+3), unused_lanes
> - jc .return_null
> -
> - # Find min length
> - vmovdqu _lens(state), %xmm0
> - vmovdqu _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min val in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - test $~0xF, idx
> - jnz .return_null
> -
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $4, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens(state, idx, 4)
> -
> - vmovd _args_digest(state, idx, 4), %xmm0
> - vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
> - vmovd _args_digest+4*32(state, idx, 4), %xmm1
> - vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1
> - vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1
> - vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - offset = (_result_digest + 1*16)
> - vmovdqu %xmm1, offset(job_rax)
> -
> - pop %rbx
> -
> - ret
> -
> -.return_null:
> - xor job_rax, job_rax
> - pop %rbx
> - ret
> -ENDPROC(sha256_mb_mgr_get_comp_job_avx2)
> -
> -.section .rodata.cst16.clear_low_nibble, "aM", @progbits, 16
> -.align 16
> -clear_low_nibble:
> -.octa 0x000000000000000000000000FFFFFFF0
> -
> -.section .rodata.cst8, "aM", @progbits, 8
> -.align 8
> -one:
> -.quad 1
> -two:
> -.quad 2
> -three:
> -.quad 3
> -four:
> -.quad 4
> -five:
> -.quad 5
> -six:
> -.quad 6
> -seven:
> -.quad 7
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_init_avx2.c b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_init_avx2.c
> deleted file mode 100644
> index b0c498371e67..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_init_avx2.c
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -/*
> - * Initialization code for multi buffer SHA256 algorithm for AVX2
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include "sha256_mb_mgr.h"
> -
> -void sha256_mb_mgr_init_avx2(struct sha256_mb_mgr *state)
> -{
> - unsigned int j;
> -
> - state->unused_lanes = 0xF76543210ULL;
> - for (j = 0; j < 8; j++) {
> - state->lens[j] = 0xFFFFFFFF;
> - state->ldata[j].job_in_lane = NULL;
> - }
> -}
> diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
> deleted file mode 100644
> index b36ae7454084..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_submit_avx2.S
> +++ /dev/null
> @@ -1,214 +0,0 @@
> -/*
> - * Buffer submit code for multi buffer SHA256 algorithm
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha256_mb_mgr_datastruct.S"
> -
> -.extern sha256_x8_avx2
> -
> -# LINUX register definitions
> -arg1 = %rdi
> -arg2 = %rsi
> -size_offset = %rcx
> -tmp2 = %rcx
> -extra_blocks = %rdx
> -
> -# Common definitions
> -#define state arg1
> -#define job %rsi
> -#define len2 arg2
> -#define p2 arg2
> -
> -# idx must be a register not clobberred by sha1_x8_avx2
> -idx = %r8
> -DWORD_idx = %r8d
> -last_len = %r8
> -
> -p = %r11
> -start_offset = %r11
> -
> -unused_lanes = %rbx
> -BYTE_unused_lanes = %bl
> -
> -job_rax = %rax
> -len = %rax
> -DWORD_len = %eax
> -
> -lane = %r12
> -tmp3 = %r12
> -
> -tmp = %r9
> -DWORD_tmp = %r9d
> -
> -lane_data = %r10
> -
> -# JOB* sha256_mb_mgr_submit_avx2(MB_MGR *state, JOB_SHA256 *job)
> -# arg 1 : rcx : state
> -# arg 2 : rdx : job
> -ENTRY(sha256_mb_mgr_submit_avx2)
> - FRAME_BEGIN
> - push %rbx
> - push %r12
> -
> - mov _unused_lanes(state), unused_lanes
> - mov unused_lanes, lane
> - and $0xF, lane
> - shr $4, unused_lanes
> - imul $_LANE_DATA_size, lane, lane_data
> - movl $STS_BEING_PROCESSED, _status(job)
> - lea _ldata(state, lane_data), lane_data
> - mov unused_lanes, _unused_lanes(state)
> - movl _len(job), DWORD_len
> -
> - mov job, _job_in_lane(lane_data)
> - shl $4, len
> - or lane, len
> -
> - movl DWORD_len, _lens(state , lane, 4)
> -
> - # Load digest words from result_digest
> - vmovdqu _result_digest(job), %xmm0
> - vmovdqu _result_digest+1*16(job), %xmm1
> - vmovd %xmm0, _args_digest(state, lane, 4)
> - vpextrd $1, %xmm0, _args_digest+1*32(state , lane, 4)
> - vpextrd $2, %xmm0, _args_digest+2*32(state , lane, 4)
> - vpextrd $3, %xmm0, _args_digest+3*32(state , lane, 4)
> - vmovd %xmm1, _args_digest+4*32(state , lane, 4)
> -
> - vpextrd $1, %xmm1, _args_digest+5*32(state , lane, 4)
> - vpextrd $2, %xmm1, _args_digest+6*32(state , lane, 4)
> - vpextrd $3, %xmm1, _args_digest+7*32(state , lane, 4)
> -
> - mov _buffer(job), p
> - mov p, _args_data_ptr(state, lane, 8)
> -
> - cmp $0xF, unused_lanes
> - jne return_null
> -
> -start_loop:
> - # Find min length
> - vmovdqa _lens(state), %xmm0
> - vmovdqa _lens+1*16(state), %xmm1
> -
> - vpminud %xmm1, %xmm0, %xmm2 # xmm2 has {D,C,B,A}
> - vpalignr $8, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,D,C}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has {x,x,E,F}
> - vpalignr $4, %xmm2, %xmm3, %xmm3 # xmm3 has {x,x,x,E}
> - vpminud %xmm3, %xmm2, %xmm2 # xmm2 has min val in low dword
> -
> - vmovd %xmm2, DWORD_idx
> - mov idx, len2
> - and $0xF, idx
> - shr $4, len2
> - jz len_is_0
> -
> - vpand clear_low_nibble(%rip), %xmm2, %xmm2
> - vpshufd $0, %xmm2, %xmm2
> -
> - vpsubd %xmm2, %xmm0, %xmm0
> - vpsubd %xmm2, %xmm1, %xmm1
> -
> - vmovdqa %xmm0, _lens + 0*16(state)
> - vmovdqa %xmm1, _lens + 1*16(state)
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha256_x8_avx2
> -
> - # state and idx are intact
> -
> -len_is_0:
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - mov _unused_lanes(state), unused_lanes
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - shl $4, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens(state,idx,4)
> -
> - vmovd _args_digest(state, idx, 4), %xmm0
> - vpinsrd $1, _args_digest+1*32(state , idx, 4), %xmm0, %xmm0
> - vpinsrd $2, _args_digest+2*32(state , idx, 4), %xmm0, %xmm0
> - vpinsrd $3, _args_digest+3*32(state , idx, 4), %xmm0, %xmm0
> - vmovd _args_digest+4*32(state, idx, 4), %xmm1
> -
> - vpinsrd $1, _args_digest+5*32(state , idx, 4), %xmm1, %xmm1
> - vpinsrd $2, _args_digest+6*32(state , idx, 4), %xmm1, %xmm1
> - vpinsrd $3, _args_digest+7*32(state , idx, 4), %xmm1, %xmm1
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - vmovdqu %xmm1, _result_digest+1*16(job_rax)
> -
> -return:
> - pop %r12
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -
> -ENDPROC(sha256_mb_mgr_submit_avx2)
> -
> -.section .rodata.cst16.clear_low_nibble, "aM", @progbits, 16
> -.align 16
> -clear_low_nibble:
> - .octa 0x000000000000000000000000FFFFFFF0
> diff --git a/arch/x86/crypto/sha256-mb/sha256_x8_avx2.S b/arch/x86/crypto/sha256-mb/sha256_x8_avx2.S
> deleted file mode 100644
> index 1687c80c5995..000000000000
> --- a/arch/x86/crypto/sha256-mb/sha256_x8_avx2.S
> +++ /dev/null
> @@ -1,598 +0,0 @@
> -/*
> - * Multi-buffer SHA256 algorithm hash compute routine
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include "sha256_mb_mgr_datastruct.S"
> -
> -## code to compute oct SHA256 using SSE-256
> -## outer calling routine takes care of save and restore of XMM registers
> -## Logic designed/laid out by JDG
> -
> -## Function clobbers: rax, rcx, rdx, rbx, rsi, rdi, r9-r15; %ymm0-15
> -## Linux clobbers: rax rbx rcx rdx rsi r9 r10 r11 r12 r13 r14 r15
> -## Linux preserves: rdi rbp r8
> -##
> -## clobbers %ymm0-15
> -
> -arg1 = %rdi
> -arg2 = %rsi
> -reg3 = %rcx
> -reg4 = %rdx
> -
> -# Common definitions
> -STATE = arg1
> -INP_SIZE = arg2
> -
> -IDX = %rax
> -ROUND = %rbx
> -TBL = reg3
> -
> -inp0 = %r9
> -inp1 = %r10
> -inp2 = %r11
> -inp3 = %r12
> -inp4 = %r13
> -inp5 = %r14
> -inp6 = %r15
> -inp7 = reg4
> -
> -a = %ymm0
> -b = %ymm1
> -c = %ymm2
> -d = %ymm3
> -e = %ymm4
> -f = %ymm5
> -g = %ymm6
> -h = %ymm7
> -
> -T1 = %ymm8
> -
> -a0 = %ymm12
> -a1 = %ymm13
> -a2 = %ymm14
> -TMP = %ymm15
> -TMP0 = %ymm6
> -TMP1 = %ymm7
> -
> -TT0 = %ymm8
> -TT1 = %ymm9
> -TT2 = %ymm10
> -TT3 = %ymm11
> -TT4 = %ymm12
> -TT5 = %ymm13
> -TT6 = %ymm14
> -TT7 = %ymm15
> -
> -# Define stack usage
> -
> -# Assume stack aligned to 32 bytes before call
> -# Therefore FRAMESZ mod 32 must be 32-8 = 24
> -
> -#define FRAMESZ 0x388
> -
> -#define VMOVPS vmovups
> -
> -# TRANSPOSE8 r0, r1, r2, r3, r4, r5, r6, r7, t0, t1
> -# "transpose" data in {r0...r7} using temps {t0...t1}
> -# Input looks like: {r0 r1 r2 r3 r4 r5 r6 r7}
> -# r0 = {a7 a6 a5 a4 a3 a2 a1 a0}
> -# r1 = {b7 b6 b5 b4 b3 b2 b1 b0}
> -# r2 = {c7 c6 c5 c4 c3 c2 c1 c0}
> -# r3 = {d7 d6 d5 d4 d3 d2 d1 d0}
> -# r4 = {e7 e6 e5 e4 e3 e2 e1 e0}
> -# r5 = {f7 f6 f5 f4 f3 f2 f1 f0}
> -# r6 = {g7 g6 g5 g4 g3 g2 g1 g0}
> -# r7 = {h7 h6 h5 h4 h3 h2 h1 h0}
> -#
> -# Output looks like: {r0 r1 r2 r3 r4 r5 r6 r7}
> -# r0 = {h0 g0 f0 e0 d0 c0 b0 a0}
> -# r1 = {h1 g1 f1 e1 d1 c1 b1 a1}
> -# r2 = {h2 g2 f2 e2 d2 c2 b2 a2}
> -# r3 = {h3 g3 f3 e3 d3 c3 b3 a3}
> -# r4 = {h4 g4 f4 e4 d4 c4 b4 a4}
> -# r5 = {h5 g5 f5 e5 d5 c5 b5 a5}
> -# r6 = {h6 g6 f6 e6 d6 c6 b6 a6}
> -# r7 = {h7 g7 f7 e7 d7 c7 b7 a7}
> -#
> -
> -.macro TRANSPOSE8 r0 r1 r2 r3 r4 r5 r6 r7 t0 t1
> - # process top half (r0..r3) {a...d}
> - vshufps $0x44, \r1, \r0, \t0 # t0 = {b5 b4 a5 a4 b1 b0 a1 a0}
> - vshufps $0xEE, \r1, \r0, \r0 # r0 = {b7 b6 a7 a6 b3 b2 a3 a2}
> - vshufps $0x44, \r3, \r2, \t1 # t1 = {d5 d4 c5 c4 d1 d0 c1 c0}
> - vshufps $0xEE, \r3, \r2, \r2 # r2 = {d7 d6 c7 c6 d3 d2 c3 c2}
> - vshufps $0xDD, \t1, \t0, \r3 # r3 = {d5 c5 b5 a5 d1 c1 b1 a1}
> - vshufps $0x88, \r2, \r0, \r1 # r1 = {d6 c6 b6 a6 d2 c2 b2 a2}
> - vshufps $0xDD, \r2, \r0, \r0 # r0 = {d7 c7 b7 a7 d3 c3 b3 a3}
> - vshufps $0x88, \t1, \t0, \t0 # t0 = {d4 c4 b4 a4 d0 c0 b0 a0}
> -
> - # use r2 in place of t0
> - # process bottom half (r4..r7) {e...h}
> - vshufps $0x44, \r5, \r4, \r2 # r2 = {f5 f4 e5 e4 f1 f0 e1 e0}
> - vshufps $0xEE, \r5, \r4, \r4 # r4 = {f7 f6 e7 e6 f3 f2 e3 e2}
> - vshufps $0x44, \r7, \r6, \t1 # t1 = {h5 h4 g5 g4 h1 h0 g1 g0}
> - vshufps $0xEE, \r7, \r6, \r6 # r6 = {h7 h6 g7 g6 h3 h2 g3 g2}
> - vshufps $0xDD, \t1, \r2, \r7 # r7 = {h5 g5 f5 e5 h1 g1 f1 e1}
> - vshufps $0x88, \r6, \r4, \r5 # r5 = {h6 g6 f6 e6 h2 g2 f2 e2}
> - vshufps $0xDD, \r6, \r4, \r4 # r4 = {h7 g7 f7 e7 h3 g3 f3 e3}
> - vshufps $0x88, \t1, \r2, \t1 # t1 = {h4 g4 f4 e4 h0 g0 f0 e0}
> -
> - vperm2f128 $0x13, \r1, \r5, \r6 # h6...a6
> - vperm2f128 $0x02, \r1, \r5, \r2 # h2...a2
> - vperm2f128 $0x13, \r3, \r7, \r5 # h5...a5
> - vperm2f128 $0x02, \r3, \r7, \r1 # h1...a1
> - vperm2f128 $0x13, \r0, \r4, \r7 # h7...a7
> - vperm2f128 $0x02, \r0, \r4, \r3 # h3...a3
> - vperm2f128 $0x13, \t0, \t1, \r4 # h4...a4
> - vperm2f128 $0x02, \t0, \t1, \r0 # h0...a0
> -
> -.endm
> -
> -.macro ROTATE_ARGS
> -TMP_ = h
> -h = g
> -g = f
> -f = e
> -e = d
> -d = c
> -c = b
> -b = a
> -a = TMP_
> -.endm
> -
> -.macro _PRORD reg imm tmp
> - vpslld $(32-\imm),\reg,\tmp
> - vpsrld $\imm,\reg, \reg
> - vpor \tmp,\reg, \reg
> -.endm
> -
> -# PRORD_nd reg, imm, tmp, src
> -.macro _PRORD_nd reg imm tmp src
> - vpslld $(32-\imm), \src, \tmp
> - vpsrld $\imm, \src, \reg
> - vpor \tmp, \reg, \reg
> -.endm
> -
> -# PRORD dst/src, amt
> -.macro PRORD reg imm
> - _PRORD \reg,\imm,TMP
> -.endm
> -
> -# PRORD_nd dst, src, amt
> -.macro PRORD_nd reg tmp imm
> - _PRORD_nd \reg, \imm, TMP, \tmp
> -.endm
> -
> -# arguments passed implicitly in preprocessor symbols i, a...h
> -.macro ROUND_00_15 _T1 i
> - PRORD_nd a0,e,5 # sig1: a0 = (e >> 5)
> -
> - vpxor g, f, a2 # ch: a2 = f^g
> - vpand e,a2, a2 # ch: a2 = (f^g)&e
> - vpxor g, a2, a2 # a2 = ch
> -
> - PRORD_nd a1,e,25 # sig1: a1 = (e >> 25)
> -
> - vmovdqu \_T1,(SZ8*(\i & 0xf))(%rsp)
> - vpaddd (TBL,ROUND,1), \_T1, \_T1 # T1 = W + K
> - vpxor e,a0, a0 # sig1: a0 = e ^ (e >> 5)
> - PRORD a0, 6 # sig1: a0 = (e >> 6) ^ (e >> 11)
> - vpaddd a2, h, h # h = h + ch
> - PRORD_nd a2,a,11 # sig0: a2 = (a >> 11)
> - vpaddd \_T1,h, h # h = h + ch + W + K
> - vpxor a1, a0, a0 # a0 = sigma1
> - PRORD_nd a1,a,22 # sig0: a1 = (a >> 22)
> - vpxor c, a, \_T1 # maj: T1 = a^c
> - add $SZ8, ROUND # ROUND++
> - vpand b, \_T1, \_T1 # maj: T1 = (a^c)&b
> - vpaddd a0, h, h
> - vpaddd h, d, d
> - vpxor a, a2, a2 # sig0: a2 = a ^ (a >> 11)
> - PRORD a2,2 # sig0: a2 = (a >> 2) ^ (a >> 13)
> - vpxor a1, a2, a2 # a2 = sig0
> - vpand c, a, a1 # maj: a1 = a&c
> - vpor \_T1, a1, a1 # a1 = maj
> - vpaddd a1, h, h # h = h + ch + W + K + maj
> - vpaddd a2, h, h # h = h + ch + W + K + maj + sigma0
> - ROTATE_ARGS
> -.endm
> -
> -# arguments passed implicitly in preprocessor symbols i, a...h
> -.macro ROUND_16_XX _T1 i
> - vmovdqu (SZ8*((\i-15)&0xf))(%rsp), \_T1
> - vmovdqu (SZ8*((\i-2)&0xf))(%rsp), a1
> - vmovdqu \_T1, a0
> - PRORD \_T1,11
> - vmovdqu a1, a2
> - PRORD a1,2
> - vpxor a0, \_T1, \_T1
> - PRORD \_T1, 7
> - vpxor a2, a1, a1
> - PRORD a1, 17
> - vpsrld $3, a0, a0
> - vpxor a0, \_T1, \_T1
> - vpsrld $10, a2, a2
> - vpxor a2, a1, a1
> - vpaddd (SZ8*((\i-16)&0xf))(%rsp), \_T1, \_T1
> - vpaddd (SZ8*((\i-7)&0xf))(%rsp), a1, a1
> - vpaddd a1, \_T1, \_T1
> -
> - ROUND_00_15 \_T1,\i
> -.endm
> -
> -# SHA256_ARGS:
> -# UINT128 digest[8]; // transposed digests
> -# UINT8 *data_ptr[4];
> -
> -# void sha256_x8_avx2(SHA256_ARGS *args, UINT64 bytes);
> -# arg 1 : STATE : pointer to array of pointers to input data
> -# arg 2 : INP_SIZE : size of input in blocks
> - # general registers preserved in outer calling routine
> - # outer calling routine saves all the XMM registers
> - # save rsp, allocate 32-byte aligned for local variables
> -ENTRY(sha256_x8_avx2)
> -
> - # save callee-saved clobbered registers to comply with C function ABI
> - push %r12
> - push %r13
> - push %r14
> - push %r15
> -
> - mov %rsp, IDX
> - sub $FRAMESZ, %rsp
> - and $~0x1F, %rsp
> - mov IDX, _rsp(%rsp)
> -
> - # Load the pre-transposed incoming digest.
> - vmovdqu 0*SHA256_DIGEST_ROW_SIZE(STATE),a
> - vmovdqu 1*SHA256_DIGEST_ROW_SIZE(STATE),b
> - vmovdqu 2*SHA256_DIGEST_ROW_SIZE(STATE),c
> - vmovdqu 3*SHA256_DIGEST_ROW_SIZE(STATE),d
> - vmovdqu 4*SHA256_DIGEST_ROW_SIZE(STATE),e
> - vmovdqu 5*SHA256_DIGEST_ROW_SIZE(STATE),f
> - vmovdqu 6*SHA256_DIGEST_ROW_SIZE(STATE),g
> - vmovdqu 7*SHA256_DIGEST_ROW_SIZE(STATE),h
> -
> - lea K256_8(%rip),TBL
> -
> - # load the address of each of the 4 message lanes
> - # getting ready to transpose input onto stack
> - mov _args_data_ptr+0*PTR_SZ(STATE),inp0
> - mov _args_data_ptr+1*PTR_SZ(STATE),inp1
> - mov _args_data_ptr+2*PTR_SZ(STATE),inp2
> - mov _args_data_ptr+3*PTR_SZ(STATE),inp3
> - mov _args_data_ptr+4*PTR_SZ(STATE),inp4
> - mov _args_data_ptr+5*PTR_SZ(STATE),inp5
> - mov _args_data_ptr+6*PTR_SZ(STATE),inp6
> - mov _args_data_ptr+7*PTR_SZ(STATE),inp7
> -
> - xor IDX, IDX
> -lloop:
> - xor ROUND, ROUND
> -
> - # save old digest
> - vmovdqu a, _digest(%rsp)
> - vmovdqu b, _digest+1*SZ8(%rsp)
> - vmovdqu c, _digest+2*SZ8(%rsp)
> - vmovdqu d, _digest+3*SZ8(%rsp)
> - vmovdqu e, _digest+4*SZ8(%rsp)
> - vmovdqu f, _digest+5*SZ8(%rsp)
> - vmovdqu g, _digest+6*SZ8(%rsp)
> - vmovdqu h, _digest+7*SZ8(%rsp)
> - i = 0
> -.rep 2
> - VMOVPS i*32(inp0, IDX), TT0
> - VMOVPS i*32(inp1, IDX), TT1
> - VMOVPS i*32(inp2, IDX), TT2
> - VMOVPS i*32(inp3, IDX), TT3
> - VMOVPS i*32(inp4, IDX), TT4
> - VMOVPS i*32(inp5, IDX), TT5
> - VMOVPS i*32(inp6, IDX), TT6
> - VMOVPS i*32(inp7, IDX), TT7
> - vmovdqu g, _ytmp(%rsp)
> - vmovdqu h, _ytmp+1*SZ8(%rsp)
> - TRANSPOSE8 TT0, TT1, TT2, TT3, TT4, TT5, TT6, TT7, TMP0, TMP1
> - vmovdqu PSHUFFLE_BYTE_FLIP_MASK(%rip), TMP1
> - vmovdqu _ytmp(%rsp), g
> - vpshufb TMP1, TT0, TT0
> - vpshufb TMP1, TT1, TT1
> - vpshufb TMP1, TT2, TT2
> - vpshufb TMP1, TT3, TT3
> - vpshufb TMP1, TT4, TT4
> - vpshufb TMP1, TT5, TT5
> - vpshufb TMP1, TT6, TT6
> - vpshufb TMP1, TT7, TT7
> - vmovdqu _ytmp+1*SZ8(%rsp), h
> - vmovdqu TT4, _ytmp(%rsp)
> - vmovdqu TT5, _ytmp+1*SZ8(%rsp)
> - vmovdqu TT6, _ytmp+2*SZ8(%rsp)
> - vmovdqu TT7, _ytmp+3*SZ8(%rsp)
> - ROUND_00_15 TT0,(i*8+0)
> - vmovdqu _ytmp(%rsp), TT0
> - ROUND_00_15 TT1,(i*8+1)
> - vmovdqu _ytmp+1*SZ8(%rsp), TT1
> - ROUND_00_15 TT2,(i*8+2)
> - vmovdqu _ytmp+2*SZ8(%rsp), TT2
> - ROUND_00_15 TT3,(i*8+3)
> - vmovdqu _ytmp+3*SZ8(%rsp), TT3
> - ROUND_00_15 TT0,(i*8+4)
> - ROUND_00_15 TT1,(i*8+5)
> - ROUND_00_15 TT2,(i*8+6)
> - ROUND_00_15 TT3,(i*8+7)
> - i = (i+1)
> -.endr
> - add $64, IDX
> - i = (i*8)
> -
> - jmp Lrounds_16_xx
> -.align 16
> -Lrounds_16_xx:
> -.rep 16
> - ROUND_16_XX T1, i
> - i = (i+1)
> -.endr
> -
> - cmp $ROUNDS,ROUND
> - jb Lrounds_16_xx
> -
> - # add old digest
> - vpaddd _digest+0*SZ8(%rsp), a, a
> - vpaddd _digest+1*SZ8(%rsp), b, b
> - vpaddd _digest+2*SZ8(%rsp), c, c
> - vpaddd _digest+3*SZ8(%rsp), d, d
> - vpaddd _digest+4*SZ8(%rsp), e, e
> - vpaddd _digest+5*SZ8(%rsp), f, f
> - vpaddd _digest+6*SZ8(%rsp), g, g
> - vpaddd _digest+7*SZ8(%rsp), h, h
> -
> - sub $1, INP_SIZE # unit is blocks
> - jne lloop
> -
> - # write back to memory (state object) the transposed digest
> - vmovdqu a, 0*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu b, 1*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu c, 2*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu d, 3*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu e, 4*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu f, 5*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu g, 6*SHA256_DIGEST_ROW_SIZE(STATE)
> - vmovdqu h, 7*SHA256_DIGEST_ROW_SIZE(STATE)
> -
> - # update input pointers
> - add IDX, inp0
> - mov inp0, _args_data_ptr+0*8(STATE)
> - add IDX, inp1
> - mov inp1, _args_data_ptr+1*8(STATE)
> - add IDX, inp2
> - mov inp2, _args_data_ptr+2*8(STATE)
> - add IDX, inp3
> - mov inp3, _args_data_ptr+3*8(STATE)
> - add IDX, inp4
> - mov inp4, _args_data_ptr+4*8(STATE)
> - add IDX, inp5
> - mov inp5, _args_data_ptr+5*8(STATE)
> - add IDX, inp6
> - mov inp6, _args_data_ptr+6*8(STATE)
> - add IDX, inp7
> - mov inp7, _args_data_ptr+7*8(STATE)
> -
> - # Postamble
> - mov _rsp(%rsp), %rsp
> -
> - # restore callee-saved clobbered registers
> - pop %r15
> - pop %r14
> - pop %r13
> - pop %r12
> -
> - ret
> -ENDPROC(sha256_x8_avx2)
> -
> -.section .rodata.K256_8, "a", @progbits
> -.align 64
> -K256_8:
> - .octa 0x428a2f98428a2f98428a2f98428a2f98
> - .octa 0x428a2f98428a2f98428a2f98428a2f98
> - .octa 0x71374491713744917137449171374491
> - .octa 0x71374491713744917137449171374491
> - .octa 0xb5c0fbcfb5c0fbcfb5c0fbcfb5c0fbcf
> - .octa 0xb5c0fbcfb5c0fbcfb5c0fbcfb5c0fbcf
> - .octa 0xe9b5dba5e9b5dba5e9b5dba5e9b5dba5
> - .octa 0xe9b5dba5e9b5dba5e9b5dba5e9b5dba5
> - .octa 0x3956c25b3956c25b3956c25b3956c25b
> - .octa 0x3956c25b3956c25b3956c25b3956c25b
> - .octa 0x59f111f159f111f159f111f159f111f1
> - .octa 0x59f111f159f111f159f111f159f111f1
> - .octa 0x923f82a4923f82a4923f82a4923f82a4
> - .octa 0x923f82a4923f82a4923f82a4923f82a4
> - .octa 0xab1c5ed5ab1c5ed5ab1c5ed5ab1c5ed5
> - .octa 0xab1c5ed5ab1c5ed5ab1c5ed5ab1c5ed5
> - .octa 0xd807aa98d807aa98d807aa98d807aa98
> - .octa 0xd807aa98d807aa98d807aa98d807aa98
> - .octa 0x12835b0112835b0112835b0112835b01
> - .octa 0x12835b0112835b0112835b0112835b01
> - .octa 0x243185be243185be243185be243185be
> - .octa 0x243185be243185be243185be243185be
> - .octa 0x550c7dc3550c7dc3550c7dc3550c7dc3
> - .octa 0x550c7dc3550c7dc3550c7dc3550c7dc3
> - .octa 0x72be5d7472be5d7472be5d7472be5d74
> - .octa 0x72be5d7472be5d7472be5d7472be5d74
> - .octa 0x80deb1fe80deb1fe80deb1fe80deb1fe
> - .octa 0x80deb1fe80deb1fe80deb1fe80deb1fe
> - .octa 0x9bdc06a79bdc06a79bdc06a79bdc06a7
> - .octa 0x9bdc06a79bdc06a79bdc06a79bdc06a7
> - .octa 0xc19bf174c19bf174c19bf174c19bf174
> - .octa 0xc19bf174c19bf174c19bf174c19bf174
> - .octa 0xe49b69c1e49b69c1e49b69c1e49b69c1
> - .octa 0xe49b69c1e49b69c1e49b69c1e49b69c1
> - .octa 0xefbe4786efbe4786efbe4786efbe4786
> - .octa 0xefbe4786efbe4786efbe4786efbe4786
> - .octa 0x0fc19dc60fc19dc60fc19dc60fc19dc6
> - .octa 0x0fc19dc60fc19dc60fc19dc60fc19dc6
> - .octa 0x240ca1cc240ca1cc240ca1cc240ca1cc
> - .octa 0x240ca1cc240ca1cc240ca1cc240ca1cc
> - .octa 0x2de92c6f2de92c6f2de92c6f2de92c6f
> - .octa 0x2de92c6f2de92c6f2de92c6f2de92c6f
> - .octa 0x4a7484aa4a7484aa4a7484aa4a7484aa
> - .octa 0x4a7484aa4a7484aa4a7484aa4a7484aa
> - .octa 0x5cb0a9dc5cb0a9dc5cb0a9dc5cb0a9dc
> - .octa 0x5cb0a9dc5cb0a9dc5cb0a9dc5cb0a9dc
> - .octa 0x76f988da76f988da76f988da76f988da
> - .octa 0x76f988da76f988da76f988da76f988da
> - .octa 0x983e5152983e5152983e5152983e5152
> - .octa 0x983e5152983e5152983e5152983e5152
> - .octa 0xa831c66da831c66da831c66da831c66d
> - .octa 0xa831c66da831c66da831c66da831c66d
> - .octa 0xb00327c8b00327c8b00327c8b00327c8
> - .octa 0xb00327c8b00327c8b00327c8b00327c8
> - .octa 0xbf597fc7bf597fc7bf597fc7bf597fc7
> - .octa 0xbf597fc7bf597fc7bf597fc7bf597fc7
> - .octa 0xc6e00bf3c6e00bf3c6e00bf3c6e00bf3
> - .octa 0xc6e00bf3c6e00bf3c6e00bf3c6e00bf3
> - .octa 0xd5a79147d5a79147d5a79147d5a79147
> - .octa 0xd5a79147d5a79147d5a79147d5a79147
> - .octa 0x06ca635106ca635106ca635106ca6351
> - .octa 0x06ca635106ca635106ca635106ca6351
> - .octa 0x14292967142929671429296714292967
> - .octa 0x14292967142929671429296714292967
> - .octa 0x27b70a8527b70a8527b70a8527b70a85
> - .octa 0x27b70a8527b70a8527b70a8527b70a85
> - .octa 0x2e1b21382e1b21382e1b21382e1b2138
> - .octa 0x2e1b21382e1b21382e1b21382e1b2138
> - .octa 0x4d2c6dfc4d2c6dfc4d2c6dfc4d2c6dfc
> - .octa 0x4d2c6dfc4d2c6dfc4d2c6dfc4d2c6dfc
> - .octa 0x53380d1353380d1353380d1353380d13
> - .octa 0x53380d1353380d1353380d1353380d13
> - .octa 0x650a7354650a7354650a7354650a7354
> - .octa 0x650a7354650a7354650a7354650a7354
> - .octa 0x766a0abb766a0abb766a0abb766a0abb
> - .octa 0x766a0abb766a0abb766a0abb766a0abb
> - .octa 0x81c2c92e81c2c92e81c2c92e81c2c92e
> - .octa 0x81c2c92e81c2c92e81c2c92e81c2c92e
> - .octa 0x92722c8592722c8592722c8592722c85
> - .octa 0x92722c8592722c8592722c8592722c85
> - .octa 0xa2bfe8a1a2bfe8a1a2bfe8a1a2bfe8a1
> - .octa 0xa2bfe8a1a2bfe8a1a2bfe8a1a2bfe8a1
> - .octa 0xa81a664ba81a664ba81a664ba81a664b
> - .octa 0xa81a664ba81a664ba81a664ba81a664b
> - .octa 0xc24b8b70c24b8b70c24b8b70c24b8b70
> - .octa 0xc24b8b70c24b8b70c24b8b70c24b8b70
> - .octa 0xc76c51a3c76c51a3c76c51a3c76c51a3
> - .octa 0xc76c51a3c76c51a3c76c51a3c76c51a3
> - .octa 0xd192e819d192e819d192e819d192e819
> - .octa 0xd192e819d192e819d192e819d192e819
> - .octa 0xd6990624d6990624d6990624d6990624
> - .octa 0xd6990624d6990624d6990624d6990624
> - .octa 0xf40e3585f40e3585f40e3585f40e3585
> - .octa 0xf40e3585f40e3585f40e3585f40e3585
> - .octa 0x106aa070106aa070106aa070106aa070
> - .octa 0x106aa070106aa070106aa070106aa070
> - .octa 0x19a4c11619a4c11619a4c11619a4c116
> - .octa 0x19a4c11619a4c11619a4c11619a4c116
> - .octa 0x1e376c081e376c081e376c081e376c08
> - .octa 0x1e376c081e376c081e376c081e376c08
> - .octa 0x2748774c2748774c2748774c2748774c
> - .octa 0x2748774c2748774c2748774c2748774c
> - .octa 0x34b0bcb534b0bcb534b0bcb534b0bcb5
> - .octa 0x34b0bcb534b0bcb534b0bcb534b0bcb5
> - .octa 0x391c0cb3391c0cb3391c0cb3391c0cb3
> - .octa 0x391c0cb3391c0cb3391c0cb3391c0cb3
> - .octa 0x4ed8aa4a4ed8aa4a4ed8aa4a4ed8aa4a
> - .octa 0x4ed8aa4a4ed8aa4a4ed8aa4a4ed8aa4a
> - .octa 0x5b9cca4f5b9cca4f5b9cca4f5b9cca4f
> - .octa 0x5b9cca4f5b9cca4f5b9cca4f5b9cca4f
> - .octa 0x682e6ff3682e6ff3682e6ff3682e6ff3
> - .octa 0x682e6ff3682e6ff3682e6ff3682e6ff3
> - .octa 0x748f82ee748f82ee748f82ee748f82ee
> - .octa 0x748f82ee748f82ee748f82ee748f82ee
> - .octa 0x78a5636f78a5636f78a5636f78a5636f
> - .octa 0x78a5636f78a5636f78a5636f78a5636f
> - .octa 0x84c8781484c8781484c8781484c87814
> - .octa 0x84c8781484c8781484c8781484c87814
> - .octa 0x8cc702088cc702088cc702088cc70208
> - .octa 0x8cc702088cc702088cc702088cc70208
> - .octa 0x90befffa90befffa90befffa90befffa
> - .octa 0x90befffa90befffa90befffa90befffa
> - .octa 0xa4506ceba4506ceba4506ceba4506ceb
> - .octa 0xa4506ceba4506ceba4506ceba4506ceb
> - .octa 0xbef9a3f7bef9a3f7bef9a3f7bef9a3f7
> - .octa 0xbef9a3f7bef9a3f7bef9a3f7bef9a3f7
> - .octa 0xc67178f2c67178f2c67178f2c67178f2
> - .octa 0xc67178f2c67178f2c67178f2c67178f2
> -
> -.section .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 32
> -.align 32
> -PSHUFFLE_BYTE_FLIP_MASK:
> -.octa 0x0c0d0e0f08090a0b0405060700010203
> -.octa 0x0c0d0e0f08090a0b0405060700010203
> -
> -.section .rodata.cst256.K256, "aM", @progbits, 256
> -.align 64
> -.global K256
> -K256:
> - .int 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
> - .int 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
> - .int 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
> - .int 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
> - .int 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
> - .int 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
> - .int 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
> - .int 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
> - .int 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
> - .int 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
> - .int 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
> - .int 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
> - .int 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
> - .int 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
> - .int 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
> - .int 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
> diff --git a/arch/x86/crypto/sha512-mb/Makefile b/arch/x86/crypto/sha512-mb/Makefile
> deleted file mode 100644
> index 90f1ef69152e..000000000000
> --- a/arch/x86/crypto/sha512-mb/Makefile
> +++ /dev/null
> @@ -1,12 +0,0 @@
> -# SPDX-License-Identifier: GPL-2.0
> -#
> -# Arch-specific CryptoAPI modules.
> -#
> -
> -avx2_supported := $(call as-instr,vpgatherdd %ymm0$(comma)(%eax$(comma)%ymm1\
> - $(comma)4)$(comma)%ymm2,yes,no)
> -ifeq ($(avx2_supported),yes)
> - obj-$(CONFIG_CRYPTO_SHA512_MB) += sha512-mb.o
> - sha512-mb-y := sha512_mb.o sha512_mb_mgr_flush_avx2.o \
> - sha512_mb_mgr_init_avx2.o sha512_mb_mgr_submit_avx2.o sha512_x4_avx2.o
> -endif
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb.c b/arch/x86/crypto/sha512-mb/sha512_mb.c
> deleted file mode 100644
> index 26b85678012d..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb.c
> +++ /dev/null
> @@ -1,1047 +0,0 @@
> -/*
> - * Multi buffer SHA512 algorithm Glue Code
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> -
> -#include <crypto/internal/hash.h>
> -#include <linux/init.h>
> -#include <linux/module.h>
> -#include <linux/mm.h>
> -#include <linux/cryptohash.h>
> -#include <linux/types.h>
> -#include <linux/list.h>
> -#include <crypto/scatterwalk.h>
> -#include <crypto/sha.h>
> -#include <crypto/mcryptd.h>
> -#include <crypto/crypto_wq.h>
> -#include <asm/byteorder.h>
> -#include <linux/hardirq.h>
> -#include <asm/fpu/api.h>
> -#include "sha512_mb_ctx.h"
> -
> -#define FLUSH_INTERVAL 1000 /* in usec */
> -
> -static struct mcryptd_alg_state sha512_mb_alg_state;
> -
> -struct sha512_mb_ctx {
> - struct mcryptd_ahash *mcryptd_tfm;
> -};
> -
> -static inline struct mcryptd_hash_request_ctx
> - *cast_hash_to_mcryptd_ctx(struct sha512_hash_ctx *hash_ctx)
> -{
> - struct ahash_request *areq;
> -
> - areq = container_of((void *) hash_ctx, struct ahash_request, __ctx);
> - return container_of(areq, struct mcryptd_hash_request_ctx, areq);
> -}
> -
> -static inline struct ahash_request
> - *cast_mcryptd_ctx_to_req(struct mcryptd_hash_request_ctx *ctx)
> -{
> - return container_of((void *) ctx, struct ahash_request, __ctx);
> -}
> -
> -static void req_ctx_init(struct mcryptd_hash_request_ctx *rctx,
> - struct ahash_request *areq)
> -{
> - rctx->flag = HASH_UPDATE;
> -}
> -
> -static asmlinkage void (*sha512_job_mgr_init)(struct sha512_mb_mgr *state);
> -static asmlinkage struct job_sha512* (*sha512_job_mgr_submit)
> - (struct sha512_mb_mgr *state,
> - struct job_sha512 *job);
> -static asmlinkage struct job_sha512* (*sha512_job_mgr_flush)
> - (struct sha512_mb_mgr *state);
> -static asmlinkage struct job_sha512* (*sha512_job_mgr_get_comp_job)
> - (struct sha512_mb_mgr *state);
> -
> -inline uint32_t sha512_pad(uint8_t padblock[SHA512_BLOCK_SIZE * 2],
> - uint64_t total_len)
> -{
> - uint32_t i = total_len & (SHA512_BLOCK_SIZE - 1);
> -
> - memset(&padblock[i], 0, SHA512_BLOCK_SIZE);
> - padblock[i] = 0x80;
> -
> - i += ((SHA512_BLOCK_SIZE - 1) &
> - (0 - (total_len + SHA512_PADLENGTHFIELD_SIZE + 1)))
> - + 1 + SHA512_PADLENGTHFIELD_SIZE;
> -
> -#if SHA512_PADLENGTHFIELD_SIZE == 16
> - *((uint64_t *) &padblock[i - 16]) = 0;
> -#endif
> -
> - *((uint64_t *) &padblock[i - 8]) = cpu_to_be64(total_len << 3);
> -
> - /* Number of extra blocks to hash */
> - return i >> SHA512_LOG2_BLOCK_SIZE;
> -}
> -
> -static struct sha512_hash_ctx *sha512_ctx_mgr_resubmit
> - (struct sha512_ctx_mgr *mgr, struct sha512_hash_ctx *ctx)
> -{
> - while (ctx) {
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Clear PROCESSING bit */
> - ctx->status = HASH_CTX_STS_COMPLETE;
> - return ctx;
> - }
> -
> - /*
> - * If the extra blocks are empty, begin hashing what remains
> - * in the user's buffer.
> - */
> - if (ctx->partial_block_buffer_length == 0 &&
> - ctx->incoming_buffer_length) {
> -
> - const void *buffer = ctx->incoming_buffer;
> - uint32_t len = ctx->incoming_buffer_length;
> - uint32_t copy_len;
> -
> - /*
> - * Only entire blocks can be hashed.
> - * Copy remainder to extra blocks buffer.
> - */
> - copy_len = len & (SHA512_BLOCK_SIZE-1);
> -
> - if (copy_len) {
> - len -= copy_len;
> - memcpy(ctx->partial_block_buffer,
> - ((const char *) buffer + len),
> - copy_len);
> - ctx->partial_block_buffer_length = copy_len;
> - }
> -
> - ctx->incoming_buffer_length = 0;
> -
> - /* len should be a multiple of the block size now */
> - assert((len % SHA512_BLOCK_SIZE) == 0);
> -
> - /* Set len to the number of blocks to be hashed */
> - len >>= SHA512_LOG2_BLOCK_SIZE;
> -
> - if (len) {
> -
> - ctx->job.buffer = (uint8_t *) buffer;
> - ctx->job.len = len;
> - ctx = (struct sha512_hash_ctx *)
> - sha512_job_mgr_submit(&mgr->mgr,
> - &ctx->job);
> - continue;
> - }
> - }
> -
> - /*
> - * If the extra blocks are not empty, then we are
> - * either on the last block(s) or we need more
> - * user input before continuing.
> - */
> - if (ctx->status & HASH_CTX_STS_LAST) {
> -
> - uint8_t *buf = ctx->partial_block_buffer;
> - uint32_t n_extra_blocks =
> - sha512_pad(buf, ctx->total_length);
> -
> - ctx->status = (HASH_CTX_STS_PROCESSING |
> - HASH_CTX_STS_COMPLETE);
> - ctx->job.buffer = buf;
> - ctx->job.len = (uint32_t) n_extra_blocks;
> - ctx = (struct sha512_hash_ctx *)
> - sha512_job_mgr_submit(&mgr->mgr, &ctx->job);
> - continue;
> - }
> -
> - if (ctx)
> - ctx->status = HASH_CTX_STS_IDLE;
> - return ctx;
> - }
> -
> - return NULL;
> -}
> -
> -static struct sha512_hash_ctx
> - *sha512_ctx_mgr_get_comp_ctx(struct mcryptd_alg_cstate *cstate)
> -{
> - /*
> - * If get_comp_job returns NULL, there are no jobs complete.
> - * If get_comp_job returns a job, verify that it is safe to return to
> - * the user.
> - * If it is not ready, resubmit the job to finish processing.
> - * If sha512_ctx_mgr_resubmit returned a job, it is ready to be
> - * returned.
> - * Otherwise, all jobs currently being managed by the hash_ctx_mgr
> - * still need processing.
> - */
> - struct sha512_ctx_mgr *mgr;
> - struct sha512_hash_ctx *ctx;
> - unsigned long flags;
> -
> - mgr = cstate->mgr;
> - spin_lock_irqsave(&cstate->work_lock, flags);
> - ctx = (struct sha512_hash_ctx *)
> - sha512_job_mgr_get_comp_job(&mgr->mgr);
> - ctx = sha512_ctx_mgr_resubmit(mgr, ctx);
> - spin_unlock_irqrestore(&cstate->work_lock, flags);
> - return ctx;
> -}
> -
> -static void sha512_ctx_mgr_init(struct sha512_ctx_mgr *mgr)
> -{
> - sha512_job_mgr_init(&mgr->mgr);
> -}
> -
> -static struct sha512_hash_ctx
> - *sha512_ctx_mgr_submit(struct mcryptd_alg_cstate *cstate,
> - struct sha512_hash_ctx *ctx,
> - const void *buffer,
> - uint32_t len,
> - int flags)
> -{
> - struct sha512_ctx_mgr *mgr;
> - unsigned long irqflags;
> -
> - mgr = cstate->mgr;
> - spin_lock_irqsave(&cstate->work_lock, irqflags);
> - if (flags & ~(HASH_UPDATE | HASH_LAST)) {
> - /* User should not pass anything other than UPDATE or LAST */
> - ctx->error = HASH_CTX_ERROR_INVALID_FLAGS;
> - goto unlock;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_PROCESSING) {
> - /* Cannot submit to a currently processing job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_PROCESSING;
> - goto unlock;
> - }
> -
> - if (ctx->status & HASH_CTX_STS_COMPLETE) {
> - /* Cannot update a finished job. */
> - ctx->error = HASH_CTX_ERROR_ALREADY_COMPLETED;
> - goto unlock;
> - }
> -
> - /*
> - * If we made it here, there were no errors during this call to
> - * submit
> - */
> - ctx->error = HASH_CTX_ERROR_NONE;
> -
> - /* Store buffer ptr info from user */
> - ctx->incoming_buffer = buffer;
> - ctx->incoming_buffer_length = len;
> -
> - /*
> - * Store the user's request flags and mark this ctx as currently being
> - * processed.
> - */
> - ctx->status = (flags & HASH_LAST) ?
> - (HASH_CTX_STS_PROCESSING | HASH_CTX_STS_LAST) :
> - HASH_CTX_STS_PROCESSING;
> -
> - /* Advance byte counter */
> - ctx->total_length += len;
> -
> - /*
> - * If there is anything currently buffered in the extra blocks,
> - * append to it until it contains a whole block.
> - * Or if the user's buffer contains less than a whole block,
> - * append as much as possible to the extra block.
> - */
> - if (ctx->partial_block_buffer_length || len < SHA512_BLOCK_SIZE) {
> - /* Compute how many bytes to copy from user buffer into extra
> - * block
> - */
> - uint32_t copy_len = SHA512_BLOCK_SIZE -
> - ctx->partial_block_buffer_length;
> - if (len < copy_len)
> - copy_len = len;
> -
> - if (copy_len) {
> - /* Copy and update relevant pointers and counters */
> - memcpy
> - (&ctx->partial_block_buffer[ctx->partial_block_buffer_length],
> - buffer, copy_len);
> -
> - ctx->partial_block_buffer_length += copy_len;
> - ctx->incoming_buffer = (const void *)
> - ((const char *)buffer + copy_len);
> - ctx->incoming_buffer_length = len - copy_len;
> - }
> -
> - /* The extra block should never contain more than 1 block
> - * here
> - */
> - assert(ctx->partial_block_buffer_length <= SHA512_BLOCK_SIZE);
> -
> - /* If the extra block buffer contains exactly 1 block, it can
> - * be hashed.
> - */
> - if (ctx->partial_block_buffer_length >= SHA512_BLOCK_SIZE) {
> - ctx->partial_block_buffer_length = 0;
> -
> - ctx->job.buffer = ctx->partial_block_buffer;
> - ctx->job.len = 1;
> - ctx = (struct sha512_hash_ctx *)
> - sha512_job_mgr_submit(&mgr->mgr, &ctx->job);
> - }
> - }
> -
> - ctx = sha512_ctx_mgr_resubmit(mgr, ctx);
> -unlock:
> - spin_unlock_irqrestore(&cstate->work_lock, irqflags);
> - return ctx;
> -}
> -
> -static struct sha512_hash_ctx *sha512_ctx_mgr_flush(struct mcryptd_alg_cstate *cstate)
> -{
> - struct sha512_ctx_mgr *mgr;
> - struct sha512_hash_ctx *ctx;
> - unsigned long flags;
> -
> - mgr = cstate->mgr;
> - spin_lock_irqsave(&cstate->work_lock, flags);
> - while (1) {
> - ctx = (struct sha512_hash_ctx *)
> - sha512_job_mgr_flush(&mgr->mgr);
> -
> - /* If flush returned 0, there are no more jobs in flight. */
> - if (!ctx)
> - break;
> -
> - /*
> - * If flush returned a job, resubmit the job to finish
> - * processing.
> - */
> - ctx = sha512_ctx_mgr_resubmit(mgr, ctx);
> -
> - /*
> - * If sha512_ctx_mgr_resubmit returned a job, it is ready to
> - * be returned. Otherwise, all jobs currently being managed by
> - * the sha512_ctx_mgr still need processing. Loop.
> - */
> - if (ctx)
> - break;
> - }
> - spin_unlock_irqrestore(&cstate->work_lock, flags);
> - return ctx;
> -}
> -
> -static int sha512_mb_init(struct ahash_request *areq)
> -{
> - struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - hash_ctx_init(sctx);
> - sctx->job.result_digest[0] = SHA512_H0;
> - sctx->job.result_digest[1] = SHA512_H1;
> - sctx->job.result_digest[2] = SHA512_H2;
> - sctx->job.result_digest[3] = SHA512_H3;
> - sctx->job.result_digest[4] = SHA512_H4;
> - sctx->job.result_digest[5] = SHA512_H5;
> - sctx->job.result_digest[6] = SHA512_H6;
> - sctx->job.result_digest[7] = SHA512_H7;
> - sctx->total_length = 0;
> - sctx->partial_block_buffer_length = 0;
> - sctx->status = HASH_CTX_STS_IDLE;
> -
> - return 0;
> -}
> -
> -static int sha512_mb_set_results(struct mcryptd_hash_request_ctx *rctx)
> -{
> - int i;
> - struct sha512_hash_ctx *sctx = ahash_request_ctx(&rctx->areq);
> - __be64 *dst = (__be64 *) rctx->out;
> -
> - for (i = 0; i < 8; ++i)
> - dst[i] = cpu_to_be64(sctx->job.result_digest[i]);
> -
> - return 0;
> -}
> -
> -static int sha_finish_walk(struct mcryptd_hash_request_ctx **ret_rctx,
> - struct mcryptd_alg_cstate *cstate, bool flush)
> -{
> - int flag = HASH_UPDATE;
> - int nbytes, err = 0;
> - struct mcryptd_hash_request_ctx *rctx = *ret_rctx;
> - struct sha512_hash_ctx *sha_ctx;
> -
> - /* more work ? */
> - while (!(rctx->flag & HASH_DONE)) {
> - nbytes = crypto_ahash_walk_done(&rctx->walk, 0);
> - if (nbytes < 0) {
> - err = nbytes;
> - goto out;
> - }
> - /* check if the walk is done */
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - if (rctx->flag & HASH_FINAL)
> - flag |= HASH_LAST;
> -
> - }
> - sha_ctx = (struct sha512_hash_ctx *)
> - ahash_request_ctx(&rctx->areq);
> - kernel_fpu_begin();
> - sha_ctx = sha512_ctx_mgr_submit(cstate, sha_ctx,
> - rctx->walk.data, nbytes, flag);
> - if (!sha_ctx) {
> - if (flush)
> - sha_ctx = sha512_ctx_mgr_flush(cstate);
> - }
> - kernel_fpu_end();
> - if (sha_ctx)
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - else {
> - rctx = NULL;
> - goto out;
> - }
> - }
> -
> - /* copy the results */
> - if (rctx->flag & HASH_FINAL)
> - sha512_mb_set_results(rctx);
> -
> -out:
> - *ret_rctx = rctx;
> - return err;
> -}
> -
> -static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate,
> - int err)
> -{
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha512_hash_ctx *sha_ctx;
> - struct mcryptd_hash_request_ctx *req_ctx;
> - int ret;
> - unsigned long flags;
> -
> - /* remove from work list */
> - spin_lock_irqsave(&cstate->work_lock, flags);
> - list_del(&rctx->waiter);
> - spin_unlock_irqrestore(&cstate->work_lock, flags);
> -
> - if (irqs_disabled())
> - rctx->complete(&req->base, err);
> - else {
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> - }
> -
> - /* check to see if there are other jobs that are done */
> - sha_ctx = sha512_ctx_mgr_get_comp_ctx(cstate);
> - while (sha_ctx) {
> - req_ctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&req_ctx, cstate, false);
> - if (req_ctx) {
> - spin_lock_irqsave(&cstate->work_lock, flags);
> - list_del(&req_ctx->waiter);
> - spin_unlock_irqrestore(&cstate->work_lock, flags);
> -
> - req = cast_mcryptd_ctx_to_req(req_ctx);
> - if (irqs_disabled())
> - req_ctx->complete(&req->base, ret);
> - else {
> - local_bh_disable();
> - req_ctx->complete(&req->base, ret);
> - local_bh_enable();
> - }
> - }
> - sha_ctx = sha512_ctx_mgr_get_comp_ctx(cstate);
> - }
> -
> - return 0;
> -}
> -
> -static void sha512_mb_add_list(struct mcryptd_hash_request_ctx *rctx,
> - struct mcryptd_alg_cstate *cstate)
> -{
> - unsigned long next_flush;
> - unsigned long delay = usecs_to_jiffies(FLUSH_INTERVAL);
> - unsigned long flags;
> -
> - /* initialize tag */
> - rctx->tag.arrival = jiffies; /* tag the arrival time */
> - rctx->tag.seq_num = cstate->next_seq_num++;
> - next_flush = rctx->tag.arrival + delay;
> - rctx->tag.expire = next_flush;
> -
> - spin_lock_irqsave(&cstate->work_lock, flags);
> - list_add_tail(&rctx->waiter, &cstate->work_list);
> - spin_unlock_irqrestore(&cstate->work_lock, flags);
> -
> - mcryptd_arm_flusher(cstate, delay);
> -}
> -
> -static int sha512_mb_update(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx,
> - areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha512_hash_ctx *sha_ctx;
> - int ret = 0, nbytes;
> -
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk))
> - rctx->flag |= HASH_DONE;
> -
> - /* submit */
> - sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
> - sha512_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha512_ctx_mgr_submit(cstate, sha_ctx, rctx->walk.data,
> - nbytes, HASH_UPDATE);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> -
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha512_mb_finup(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx,
> - areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
> -
> - struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
> - struct sha512_hash_ctx *sha_ctx;
> - int ret = 0, flag = HASH_UPDATE, nbytes;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - nbytes = crypto_ahash_walk_first(req, &rctx->walk);
> -
> - if (nbytes < 0) {
> - ret = nbytes;
> - goto done;
> - }
> -
> - if (crypto_ahash_walk_last(&rctx->walk)) {
> - rctx->flag |= HASH_DONE;
> - flag = HASH_LAST;
> - }
> -
> - /* submit */
> - rctx->flag |= HASH_FINAL;
> - sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
> - sha512_mb_add_list(rctx, cstate);
> -
> - kernel_fpu_begin();
> - sha_ctx = sha512_ctx_mgr_submit(cstate, sha_ctx, rctx->walk.data,
> - nbytes, flag);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha512_mb_final(struct ahash_request *areq)
> -{
> - struct mcryptd_hash_request_ctx *rctx =
> - container_of(areq, struct mcryptd_hash_request_ctx,
> - areq);
> - struct mcryptd_alg_cstate *cstate =
> - this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
> -
> - struct sha512_hash_ctx *sha_ctx;
> - int ret = 0;
> - u8 data;
> -
> - /* sanity check */
> - if (rctx->tag.cpu != smp_processor_id()) {
> - pr_err("mcryptd error: cpu clash\n");
> - goto done;
> - }
> -
> - /* need to init context */
> - req_ctx_init(rctx, areq);
> -
> - rctx->flag |= HASH_DONE | HASH_FINAL;
> -
> - sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
> - /* flag HASH_FINAL and 0 data size */
> - sha512_mb_add_list(rctx, cstate);
> - kernel_fpu_begin();
> - sha_ctx = sha512_ctx_mgr_submit(cstate, sha_ctx, &data, 0, HASH_LAST);
> - kernel_fpu_end();
> -
> - /* check if anything is returned */
> - if (!sha_ctx)
> - return -EINPROGRESS;
> -
> - if (sha_ctx->error) {
> - ret = sha_ctx->error;
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - goto done;
> - }
> -
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - ret = sha_finish_walk(&rctx, cstate, false);
> - if (!rctx)
> - return -EINPROGRESS;
> -done:
> - sha_complete_job(rctx, cstate, ret);
> - return ret;
> -}
> -
> -static int sha512_mb_export(struct ahash_request *areq, void *out)
> -{
> - struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(out, sctx, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha512_mb_import(struct ahash_request *areq, const void *in)
> -{
> - struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
> -
> - memcpy(sctx, in, sizeof(*sctx));
> -
> - return 0;
> -}
> -
> -static int sha512_mb_async_init_tfm(struct crypto_tfm *tfm)
> -{
> - struct mcryptd_ahash *mcryptd_tfm;
> - struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> - struct mcryptd_hash_ctx *mctx;
> -
> - mcryptd_tfm = mcryptd_alloc_ahash("__intel_sha512-mb",
> - CRYPTO_ALG_INTERNAL,
> - CRYPTO_ALG_INTERNAL);
> - if (IS_ERR(mcryptd_tfm))
> - return PTR_ERR(mcryptd_tfm);
> - mctx = crypto_ahash_ctx(&mcryptd_tfm->base);
> - mctx->alg_state = &sha512_mb_alg_state;
> - ctx->mcryptd_tfm = mcryptd_tfm;
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - crypto_ahash_reqsize(&mcryptd_tfm->base));
> -
> - return 0;
> -}
> -
> -static void sha512_mb_async_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static int sha512_mb_areq_init_tfm(struct crypto_tfm *tfm)
> -{
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct ahash_request) +
> - sizeof(struct sha512_hash_ctx));
> -
> - return 0;
> -}
> -
> -static void sha512_mb_areq_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - mcryptd_free_ahash(ctx->mcryptd_tfm);
> -}
> -
> -static struct ahash_alg sha512_mb_areq_alg = {
> - .init = sha512_mb_init,
> - .update = sha512_mb_update,
> - .final = sha512_mb_final,
> - .finup = sha512_mb_finup,
> - .export = sha512_mb_export,
> - .import = sha512_mb_import,
> - .halg = {
> - .digestsize = SHA512_DIGEST_SIZE,
> - .statesize = sizeof(struct sha512_hash_ctx),
> - .base = {
> - .cra_name = "__sha512-mb",
> - .cra_driver_name = "__intel_sha512-mb",
> - .cra_priority = 100,
> - /*
> - * use ASYNC flag as some buffers in multi-buffer
> - * algo may not have completed before hashing thread
> - * sleep
> - */
> - .cra_flags = CRYPTO_ALG_ASYNC |
> - CRYPTO_ALG_INTERNAL,
> - .cra_blocksize = SHA512_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT
> - (sha512_mb_areq_alg.halg.base.cra_list),
> - .cra_init = sha512_mb_areq_init_tfm,
> - .cra_exit = sha512_mb_areq_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha512_hash_ctx),
> - }
> - }
> -};
> -
> -static int sha512_mb_async_init(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_init(mcryptd_req);
> -}
> -
> -static int sha512_mb_async_update(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_update(mcryptd_req);
> -}
> -
> -static int sha512_mb_async_finup(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_finup(mcryptd_req);
> -}
> -
> -static int sha512_mb_async_final(struct ahash_request *req)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> -
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_final(mcryptd_req);
> -}
> -
> -static int sha512_mb_async_digest(struct ahash_request *req)
> -{
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_digest(mcryptd_req);
> -}
> -
> -static int sha512_mb_async_export(struct ahash_request *req, void *out)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - return crypto_ahash_export(mcryptd_req, out);
> -}
> -
> -static int sha512_mb_async_import(struct ahash_request *req, const void *in)
> -{
> - struct ahash_request *mcryptd_req = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
> - struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
> - struct crypto_ahash *child = mcryptd_ahash_child(mcryptd_tfm);
> - struct mcryptd_hash_request_ctx *rctx;
> - struct ahash_request *areq;
> -
> - memcpy(mcryptd_req, req, sizeof(*req));
> - ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
> - rctx = ahash_request_ctx(mcryptd_req);
> -
> - areq = &rctx->areq;
> -
> - ahash_request_set_tfm(areq, child);
> - ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_SLEEP,
> - rctx->complete, req);
> -
> - return crypto_ahash_import(mcryptd_req, in);
> -}
> -
> -static struct ahash_alg sha512_mb_async_alg = {
> - .init = sha512_mb_async_init,
> - .update = sha512_mb_async_update,
> - .final = sha512_mb_async_final,
> - .finup = sha512_mb_async_finup,
> - .digest = sha512_mb_async_digest,
> - .export = sha512_mb_async_export,
> - .import = sha512_mb_async_import,
> - .halg = {
> - .digestsize = SHA512_DIGEST_SIZE,
> - .statesize = sizeof(struct sha512_hash_ctx),
> - .base = {
> - .cra_name = "sha512",
> - .cra_driver_name = "sha512_mb",
> - /*
> - * Low priority, since with few concurrent hash requests
> - * this is extremely slow due to the flush delay. Users
> - * whose workloads would benefit from this can request
> - * it explicitly by driver name, or can increase its
> - * priority at runtime using NETLINK_CRYPTO.
> - */
> - .cra_priority = 50,
> - .cra_flags = CRYPTO_ALG_ASYNC,
> - .cra_blocksize = SHA512_BLOCK_SIZE,
> - .cra_module = THIS_MODULE,
> - .cra_list = LIST_HEAD_INIT
> - (sha512_mb_async_alg.halg.base.cra_list),
> - .cra_init = sha512_mb_async_init_tfm,
> - .cra_exit = sha512_mb_async_exit_tfm,
> - .cra_ctxsize = sizeof(struct sha512_mb_ctx),
> - .cra_alignmask = 0,
> - },
> - },
> -};
> -
> -static unsigned long sha512_mb_flusher(struct mcryptd_alg_cstate *cstate)
> -{
> - struct mcryptd_hash_request_ctx *rctx;
> - unsigned long cur_time;
> - unsigned long next_flush = 0;
> - struct sha512_hash_ctx *sha_ctx;
> -
> -
> - cur_time = jiffies;
> -
> - while (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - if time_before(cur_time, rctx->tag.expire)
> - break;
> - kernel_fpu_begin();
> - sha_ctx = (struct sha512_hash_ctx *)
> - sha512_ctx_mgr_flush(cstate);
> - kernel_fpu_end();
> - if (!sha_ctx) {
> - pr_err("sha512_mb error: nothing got flushed for"
> - " non-empty list\n");
> - break;
> - }
> - rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
> - sha_finish_walk(&rctx, cstate, true);
> - sha_complete_job(rctx, cstate, 0);
> - }
> -
> - if (!list_empty(&cstate->work_list)) {
> - rctx = list_entry(cstate->work_list.next,
> - struct mcryptd_hash_request_ctx, waiter);
> - /* get the hash context and then flush time */
> - next_flush = rctx->tag.expire;
> - mcryptd_arm_flusher(cstate, get_delay(next_flush));
> - }
> - return next_flush;
> -}
> -
> -static int __init sha512_mb_mod_init(void)
> -{
> -
> - int cpu;
> - int err;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - /* check for dependent cpu features */
> - if (!boot_cpu_has(X86_FEATURE_AVX2) ||
> - !boot_cpu_has(X86_FEATURE_BMI2))
> - return -ENODEV;
> -
> - /* initialize multibuffer structures */
> - sha512_mb_alg_state.alg_cstate =
> - alloc_percpu(struct mcryptd_alg_cstate);
> -
> - sha512_job_mgr_init = sha512_mb_mgr_init_avx2;
> - sha512_job_mgr_submit = sha512_mb_mgr_submit_avx2;
> - sha512_job_mgr_flush = sha512_mb_mgr_flush_avx2;
> - sha512_job_mgr_get_comp_job = sha512_mb_mgr_get_comp_job_avx2;
> -
> - if (!sha512_mb_alg_state.alg_cstate)
> - return -ENOMEM;
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
> - cpu_state->next_flush = 0;
> - cpu_state->next_seq_num = 0;
> - cpu_state->flusher_engaged = false;
> - INIT_DELAYED_WORK(&cpu_state->flush, mcryptd_flusher);
> - cpu_state->cpu = cpu;
> - cpu_state->alg_state = &sha512_mb_alg_state;
> - cpu_state->mgr = kzalloc(sizeof(struct sha512_ctx_mgr),
> - GFP_KERNEL);
> - if (!cpu_state->mgr)
> - goto err2;
> - sha512_ctx_mgr_init(cpu_state->mgr);
> - INIT_LIST_HEAD(&cpu_state->work_list);
> - spin_lock_init(&cpu_state->work_lock);
> - }
> - sha512_mb_alg_state.flusher = &sha512_mb_flusher;
> -
> - err = crypto_register_ahash(&sha512_mb_areq_alg);
> - if (err)
> - goto err2;
> - err = crypto_register_ahash(&sha512_mb_async_alg);
> - if (err)
> - goto err1;
> -
> -
> - return 0;
> -err1:
> - crypto_unregister_ahash(&sha512_mb_areq_alg);
> -err2:
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha512_mb_alg_state.alg_cstate);
> - return -ENODEV;
> -}
> -
> -static void __exit sha512_mb_mod_fini(void)
> -{
> - int cpu;
> - struct mcryptd_alg_cstate *cpu_state;
> -
> - crypto_unregister_ahash(&sha512_mb_async_alg);
> - crypto_unregister_ahash(&sha512_mb_areq_alg);
> - for_each_possible_cpu(cpu) {
> - cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
> - kfree(cpu_state->mgr);
> - }
> - free_percpu(sha512_mb_alg_state.alg_cstate);
> -}
> -
> -module_init(sha512_mb_mod_init);
> -module_exit(sha512_mb_mod_fini);
> -
> -MODULE_LICENSE("GPL");
> -MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm, multi buffer accelerated");
> -
> -MODULE_ALIAS("sha512");
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_ctx.h b/arch/x86/crypto/sha512-mb/sha512_mb_ctx.h
> deleted file mode 100644
> index e5c465bd821e..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_ctx.h
> +++ /dev/null
> @@ -1,128 +0,0 @@
> -/*
> - * Header file for multi buffer SHA512 context
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#ifndef _SHA_MB_CTX_INTERNAL_H
> -#define _SHA_MB_CTX_INTERNAL_H
> -
> -#include "sha512_mb_mgr.h"
> -
> -#define HASH_UPDATE 0x00
> -#define HASH_LAST 0x01
> -#define HASH_DONE 0x02
> -#define HASH_FINAL 0x04
> -
> -#define HASH_CTX_STS_IDLE 0x00
> -#define HASH_CTX_STS_PROCESSING 0x01
> -#define HASH_CTX_STS_LAST 0x02
> -#define HASH_CTX_STS_COMPLETE 0x04
> -
> -enum hash_ctx_error {
> - HASH_CTX_ERROR_NONE = 0,
> - HASH_CTX_ERROR_INVALID_FLAGS = -1,
> - HASH_CTX_ERROR_ALREADY_PROCESSING = -2,
> - HASH_CTX_ERROR_ALREADY_COMPLETED = -3,
> -};
> -
> -#define hash_ctx_user_data(ctx) ((ctx)->user_data)
> -#define hash_ctx_digest(ctx) ((ctx)->job.result_digest)
> -#define hash_ctx_processing(ctx) ((ctx)->status & HASH_CTX_STS_PROCESSING)
> -#define hash_ctx_complete(ctx) ((ctx)->status == HASH_CTX_STS_COMPLETE)
> -#define hash_ctx_status(ctx) ((ctx)->status)
> -#define hash_ctx_error(ctx) ((ctx)->error)
> -#define hash_ctx_init(ctx) \
> - do { \
> - (ctx)->error = HASH_CTX_ERROR_NONE; \
> - (ctx)->status = HASH_CTX_STS_COMPLETE; \
> - } while (0)
> -
> -/* Hash Constants and Typedefs */
> -#define SHA512_DIGEST_LENGTH 8
> -#define SHA512_LOG2_BLOCK_SIZE 7
> -
> -#define SHA512_PADLENGTHFIELD_SIZE 16
> -
> -#ifdef SHA_MB_DEBUG
> -#define assert(expr) \
> -do { \
> - if (unlikely(!(expr))) { \
> - printk(KERN_ERR "Assertion failed! %s,%s,%s,line=%d\n", \
> - #expr, __FILE__, __func__, __LINE__); \
> - } \
> -} while (0)
> -#else
> -#define assert(expr) do {} while (0)
> -#endif
> -
> -struct sha512_ctx_mgr {
> - struct sha512_mb_mgr mgr;
> -};
> -
> -/* typedef struct sha512_ctx_mgr sha512_ctx_mgr; */
> -
> -struct sha512_hash_ctx {
> - /* Must be at struct offset 0 */
> - struct job_sha512 job;
> - /* status flag */
> - int status;
> - /* error flag */
> - int error;
> -
> - uint64_t total_length;
> - const void *incoming_buffer;
> - uint32_t incoming_buffer_length;
> - uint8_t partial_block_buffer[SHA512_BLOCK_SIZE * 2];
> - uint32_t partial_block_buffer_length;
> - void *user_data;
> -};
> -
> -#endif
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr.h b/arch/x86/crypto/sha512-mb/sha512_mb_mgr.h
> deleted file mode 100644
> index 178f17eef382..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr.h
> +++ /dev/null
> @@ -1,104 +0,0 @@
> -/*
> - * Header file for multi buffer SHA512 algorithm manager
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#ifndef __SHA_MB_MGR_H
> -#define __SHA_MB_MGR_H
> -
> -#include <linux/types.h>
> -
> -#define NUM_SHA512_DIGEST_WORDS 8
> -
> -enum job_sts {STS_UNKNOWN = 0,
> - STS_BEING_PROCESSED = 1,
> - STS_COMPLETED = 2,
> - STS_INTERNAL_ERROR = 3,
> - STS_ERROR = 4
> -};
> -
> -struct job_sha512 {
> - u8 *buffer;
> - u64 len;
> - u64 result_digest[NUM_SHA512_DIGEST_WORDS] __aligned(32);
> - enum job_sts status;
> - void *user_data;
> -};
> -
> -struct sha512_args_x4 {
> - uint64_t digest[8][4];
> - uint8_t *data_ptr[4];
> -};
> -
> -struct sha512_lane_data {
> - struct job_sha512 *job_in_lane;
> -};
> -
> -struct sha512_mb_mgr {
> - struct sha512_args_x4 args;
> -
> - uint64_t lens[4];
> -
> - /* each byte is index (0...7) of unused lanes */
> - uint64_t unused_lanes;
> - /* byte 4 is set to FF as a flag */
> - struct sha512_lane_data ldata[4];
> -};
> -
> -#define SHA512_MB_MGR_NUM_LANES_AVX2 4
> -
> -void sha512_mb_mgr_init_avx2(struct sha512_mb_mgr *state);
> -struct job_sha512 *sha512_mb_mgr_submit_avx2(struct sha512_mb_mgr *state,
> - struct job_sha512 *job);
> -struct job_sha512 *sha512_mb_mgr_flush_avx2(struct sha512_mb_mgr *state);
> -struct job_sha512 *sha512_mb_mgr_get_comp_job_avx2(struct sha512_mb_mgr *state);
> -
> -#endif
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_datastruct.S b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_datastruct.S
> deleted file mode 100644
> index cf2636d4c9ba..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_datastruct.S
> +++ /dev/null
> @@ -1,281 +0,0 @@
> -/*
> - * Header file for multi buffer SHA256 algorithm data structure
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -# Macros for defining data structures
> -
> -# Usage example
> -
> -#START_FIELDS # JOB_AES
> -### name size align
> -#FIELD _plaintext, 8, 8 # pointer to plaintext
> -#FIELD _ciphertext, 8, 8 # pointer to ciphertext
> -#FIELD _IV, 16, 8 # IV
> -#FIELD _keys, 8, 8 # pointer to keys
> -#FIELD _len, 4, 4 # length in bytes
> -#FIELD _status, 4, 4 # status enumeration
> -#FIELD _user_data, 8, 8 # pointer to user data
> -#UNION _union, size1, align1, \
> -# size2, align2, \
> -# size3, align3, \
> -# ...
> -#END_FIELDS
> -#%assign _JOB_AES_size _FIELD_OFFSET
> -#%assign _JOB_AES_align _STRUCT_ALIGN
> -
> -#########################################################################
> -
> -# Alternate "struc-like" syntax:
> -# STRUCT job_aes2
> -# RES_Q .plaintext, 1
> -# RES_Q .ciphertext, 1
> -# RES_DQ .IV, 1
> -# RES_B .nested, _JOB_AES_SIZE, _JOB_AES_ALIGN
> -# RES_U .union, size1, align1, \
> -# size2, align2, \
> -# ...
> -# ENDSTRUCT
> -# # Following only needed if nesting
> -# %assign job_aes2_size _FIELD_OFFSET
> -# %assign job_aes2_align _STRUCT_ALIGN
> -#
> -# RES_* macros take a name, a count and an optional alignment.
> -# The count in in terms of the base size of the macro, and the
> -# default alignment is the base size.
> -# The macros are:
> -# Macro Base size
> -# RES_B 1
> -# RES_W 2
> -# RES_D 4
> -# RES_Q 8
> -# RES_DQ 16
> -# RES_Y 32
> -# RES_Z 64
> -#
> -# RES_U defines a union. It's arguments are a name and two or more
> -# pairs of "size, alignment"
> -#
> -# The two assigns are only needed if this structure is being nested
> -# within another. Even if the assigns are not done, one can still use
> -# STRUCT_NAME_size as the size of the structure.
> -#
> -# Note that for nesting, you still need to assign to STRUCT_NAME_size.
> -#
> -# The differences between this and using "struc" directly are that each
> -# type is implicitly aligned to its natural length (although this can be
> -# over-ridden with an explicit third parameter), and that the structure
> -# is padded at the end to its overall alignment.
> -#
> -
> -#########################################################################
> -
> -#ifndef _DATASTRUCT_ASM_
> -#define _DATASTRUCT_ASM_
> -
> -#define PTR_SZ 8
> -#define SHA512_DIGEST_WORD_SIZE 8
> -#define SHA512_MB_MGR_NUM_LANES_AVX2 4
> -#define NUM_SHA512_DIGEST_WORDS 8
> -#define SZ4 4*SHA512_DIGEST_WORD_SIZE
> -#define ROUNDS 80*SZ4
> -#define SHA512_DIGEST_ROW_SIZE (SHA512_MB_MGR_NUM_LANES_AVX2 * 8)
> -
> -# START_FIELDS
> -.macro START_FIELDS
> - _FIELD_OFFSET = 0
> - _STRUCT_ALIGN = 0
> -.endm
> -
> -# FIELD name size align
> -.macro FIELD name size align
> - _FIELD_OFFSET = (_FIELD_OFFSET + (\align) - 1) & (~ ((\align)-1))
> - \name = _FIELD_OFFSET
> - _FIELD_OFFSET = _FIELD_OFFSET + (\size)
> -.if (\align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = \align
> -.endif
> -.endm
> -
> -# END_FIELDS
> -.macro END_FIELDS
> - _FIELD_OFFSET = (_FIELD_OFFSET + _STRUCT_ALIGN-1) & (~ (_STRUCT_ALIGN-1))
> -.endm
> -
> -.macro STRUCT p1
> -START_FIELDS
> -.struc \p1
> -.endm
> -
> -.macro ENDSTRUCT
> - tmp = _FIELD_OFFSET
> - END_FIELDS
> - tmp = (_FIELD_OFFSET - ##tmp)
> -.if (tmp > 0)
> - .lcomm tmp
> -.endm
> -
> -## RES_int name size align
> -.macro RES_int p1 p2 p3
> - name = \p1
> - size = \p2
> - align = .\p3
> -
> - _FIELD_OFFSET = (_FIELD_OFFSET + (align) - 1) & (~ ((align)-1))
> -.align align
> -.lcomm name size
> - _FIELD_OFFSET = _FIELD_OFFSET + (size)
> -.if (align > _STRUCT_ALIGN)
> - _STRUCT_ALIGN = align
> -.endif
> -.endm
> -
> -# macro RES_B name, size [, align]
> -.macro RES_B _name, _size, _align=1
> -RES_int _name _size _align
> -.endm
> -
> -# macro RES_W name, size [, align]
> -.macro RES_W _name, _size, _align=2
> -RES_int _name 2*(_size) _align
> -.endm
> -
> -# macro RES_D name, size [, align]
> -.macro RES_D _name, _size, _align=4
> -RES_int _name 4*(_size) _align
> -.endm
> -
> -# macro RES_Q name, size [, align]
> -.macro RES_Q _name, _size, _align=8
> -RES_int _name 8*(_size) _align
> -.endm
> -
> -# macro RES_DQ name, size [, align]
> -.macro RES_DQ _name, _size, _align=16
> -RES_int _name 16*(_size) _align
> -.endm
> -
> -# macro RES_Y name, size [, align]
> -.macro RES_Y _name, _size, _align=32
> -RES_int _name 32*(_size) _align
> -.endm
> -
> -# macro RES_Z name, size [, align]
> -.macro RES_Z _name, _size, _align=64
> -RES_int _name 64*(_size) _align
> -.endm
> -
> -#endif
> -
> -###################################################################
> -### Define SHA512 Out Of Order Data Structures
> -###################################################################
> -
> -START_FIELDS # LANE_DATA
> -### name size align
> -FIELD _job_in_lane, 8, 8 # pointer to job object
> -END_FIELDS
> -
> - _LANE_DATA_size = _FIELD_OFFSET
> - _LANE_DATA_align = _STRUCT_ALIGN
> -
> -####################################################################
> -
> -START_FIELDS # SHA512_ARGS_X4
> -### name size align
> -FIELD _digest, 8*8*4, 4 # transposed digest
> -FIELD _data_ptr, 8*4, 8 # array of pointers to data
> -END_FIELDS
> -
> - _SHA512_ARGS_X4_size = _FIELD_OFFSET
> - _SHA512_ARGS_X4_align = _STRUCT_ALIGN
> -
> -#####################################################################
> -
> -START_FIELDS # MB_MGR
> -### name size align
> -FIELD _args, _SHA512_ARGS_X4_size, _SHA512_ARGS_X4_align
> -FIELD _lens, 8*4, 8
> -FIELD _unused_lanes, 8, 8
> -FIELD _ldata, _LANE_DATA_size*4, _LANE_DATA_align
> -END_FIELDS
> -
> - _MB_MGR_size = _FIELD_OFFSET
> - _MB_MGR_align = _STRUCT_ALIGN
> -
> -_args_digest = _args + _digest
> -_args_data_ptr = _args + _data_ptr
> -
> -#######################################################################
> -
> -#######################################################################
> -#### Define constants
> -#######################################################################
> -
> -#define STS_UNKNOWN 0
> -#define STS_BEING_PROCESSED 1
> -#define STS_COMPLETED 2
> -
> -#######################################################################
> -#### Define JOB_SHA512 structure
> -#######################################################################
> -
> -START_FIELDS # JOB_SHA512
> -### name size align
> -FIELD _buffer, 8, 8 # pointer to buffer
> -FIELD _len, 8, 8 # length in bytes
> -FIELD _result_digest, 8*8, 32 # Digest (output)
> -FIELD _status, 4, 4
> -FIELD _user_data, 8, 8
> -END_FIELDS
> -
> - _JOB_SHA512_size = _FIELD_OFFSET
> - _JOB_SHA512_align = _STRUCT_ALIGN
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
> deleted file mode 100644
> index 7c629caebc05..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_flush_avx2.S
> +++ /dev/null
> @@ -1,297 +0,0 @@
> -/*
> - * Flush routine for SHA512 multibuffer
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha512_mb_mgr_datastruct.S"
> -
> -.extern sha512_x4_avx2
> -
> -# LINUX register definitions
> -#define arg1 %rdi
> -#define arg2 %rsi
> -
> -# idx needs to be other than arg1, arg2, rbx, r12
> -#define idx %rdx
> -
> -# Common definitions
> -#define state arg1
> -#define job arg2
> -#define len2 arg2
> -
> -#define unused_lanes %rbx
> -#define lane_data %rbx
> -#define tmp2 %rbx
> -
> -#define job_rax %rax
> -#define tmp1 %rax
> -#define size_offset %rax
> -#define tmp %rax
> -#define start_offset %rax
> -
> -#define tmp3 arg1
> -
> -#define extra_blocks arg2
> -#define p arg2
> -
> -#define tmp4 %r8
> -#define lens0 %r8
> -
> -#define lens1 %r9
> -#define lens2 %r10
> -#define lens3 %r11
> -
> -.macro LABEL prefix n
> -\prefix\n\():
> -.endm
> -
> -.macro JNE_SKIP i
> -jne skip_\i
> -.endm
> -
> -.altmacro
> -.macro SET_OFFSET _offset
> -offset = \_offset
> -.endm
> -.noaltmacro
> -
> -# JOB* sha512_mb_mgr_flush_avx2(MB_MGR *state)
> -# arg 1 : rcx : state
> -ENTRY(sha512_mb_mgr_flush_avx2)
> - FRAME_BEGIN
> - push %rbx
> -
> - # If bit (32+3) is set, then all lanes are empty
> - mov _unused_lanes(state), unused_lanes
> - bt $32+7, unused_lanes
> - jc return_null
> -
> - # find a lane with a non-null job
> - xor idx, idx
> - offset = (_ldata + 1*_LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne one(%rip), idx
> - offset = (_ldata + 2*_LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne two(%rip), idx
> - offset = (_ldata + 3*_LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> - cmovne three(%rip), idx
> -
> - # copy idx to empty lanes
> -copy_lane_data:
> - offset = (_args + _data_ptr)
> - mov offset(state,idx,8), tmp
> -
> - I = 0
> -.rep 4
> - offset = (_ldata + I * _LANE_DATA_size + _job_in_lane)
> - cmpq $0, offset(state)
> -.altmacro
> - JNE_SKIP %I
> - offset = (_args + _data_ptr + 8*I)
> - mov tmp, offset(state)
> - offset = (_lens + 8*I +4)
> - movl $0xFFFFFFFF, offset(state)
> -LABEL skip_ %I
> - I = (I+1)
> -.noaltmacro
> -.endr
> -
> - # Find min length
> - mov _lens + 0*8(state),lens0
> - mov lens0,idx
> - mov _lens + 1*8(state),lens1
> - cmp idx,lens1
> - cmovb lens1,idx
> - mov _lens + 2*8(state),lens2
> - cmp idx,lens2
> - cmovb lens2,idx
> - mov _lens + 3*8(state),lens3
> - cmp idx,lens3
> - cmovb lens3,idx
> - mov idx,len2
> - and $0xF,idx
> - and $~0xFF,len2
> - jz len_is_0
> -
> - sub len2, lens0
> - sub len2, lens1
> - sub len2, lens2
> - sub len2, lens3
> - shr $32,len2
> - mov lens0, _lens + 0*8(state)
> - mov lens1, _lens + 1*8(state)
> - mov lens2, _lens + 2*8(state)
> - mov lens3, _lens + 3*8(state)
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha512_x4_avx2
> - # state and idx are intact
> -
> -len_is_0:
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $8, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens+4(state, idx, 8)
> -
> - vmovq _args_digest+0*32(state, idx, 8), %xmm0
> - vpinsrq $1, _args_digest+1*32(state, idx, 8), %xmm0, %xmm0
> - vmovq _args_digest+2*32(state, idx, 8), %xmm1
> - vpinsrq $1, _args_digest+3*32(state, idx, 8), %xmm1, %xmm1
> - vmovq _args_digest+4*32(state, idx, 8), %xmm2
> - vpinsrq $1, _args_digest+5*32(state, idx, 8), %xmm2, %xmm2
> - vmovq _args_digest+6*32(state, idx, 8), %xmm3
> - vpinsrq $1, _args_digest+7*32(state, idx, 8), %xmm3, %xmm3
> -
> - vmovdqu %xmm0, _result_digest(job_rax)
> - vmovdqu %xmm1, _result_digest+1*16(job_rax)
> - vmovdqu %xmm2, _result_digest+2*16(job_rax)
> - vmovdqu %xmm3, _result_digest+3*16(job_rax)
> -
> -return:
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -ENDPROC(sha512_mb_mgr_flush_avx2)
> -.align 16
> -
> -ENTRY(sha512_mb_mgr_get_comp_job_avx2)
> - push %rbx
> -
> - mov _unused_lanes(state), unused_lanes
> - bt $(32+7), unused_lanes
> - jc .return_null
> -
> - # Find min length
> - mov _lens(state),lens0
> - mov lens0,idx
> - mov _lens+1*8(state),lens1
> - cmp idx,lens1
> - cmovb lens1,idx
> - mov _lens+2*8(state),lens2
> - cmp idx,lens2
> - cmovb lens2,idx
> - mov _lens+3*8(state),lens3
> - cmp idx,lens3
> - cmovb lens3,idx
> - test $~0xF,idx
> - jnz .return_null
> - and $0xF,idx
> -
> - #process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - mov _unused_lanes(state), unused_lanes
> - shl $8, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF, _lens+4(state, idx, 8)
> -
> - vmovq _args_digest(state, idx, 8), %xmm0
> - vpinsrq $1, _args_digest+1*32(state, idx, 8), %xmm0, %xmm0
> - vmovq _args_digest+2*32(state, idx, 8), %xmm1
> - vpinsrq $1, _args_digest+3*32(state, idx, 8), %xmm1, %xmm1
> - vmovq _args_digest+4*32(state, idx, 8), %xmm2
> - vpinsrq $1, _args_digest+5*32(state, idx, 8), %xmm2, %xmm2
> - vmovq _args_digest+6*32(state, idx, 8), %xmm3
> - vpinsrq $1, _args_digest+7*32(state, idx, 8), %xmm3, %xmm3
> -
> - vmovdqu %xmm0, _result_digest+0*16(job_rax)
> - vmovdqu %xmm1, _result_digest+1*16(job_rax)
> - vmovdqu %xmm2, _result_digest+2*16(job_rax)
> - vmovdqu %xmm3, _result_digest+3*16(job_rax)
> -
> - pop %rbx
> -
> - ret
> -
> -.return_null:
> - xor job_rax, job_rax
> - pop %rbx
> - ret
> -ENDPROC(sha512_mb_mgr_get_comp_job_avx2)
> -
> -.section .rodata.cst8.one, "aM", @progbits, 8
> -.align 8
> -one:
> -.quad 1
> -
> -.section .rodata.cst8.two, "aM", @progbits, 8
> -.align 8
> -two:
> -.quad 2
> -
> -.section .rodata.cst8.three, "aM", @progbits, 8
> -.align 8
> -three:
> -.quad 3
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_init_avx2.c b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_init_avx2.c
> deleted file mode 100644
> index d08805032f01..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_init_avx2.c
> +++ /dev/null
> @@ -1,69 +0,0 @@
> -/*
> - * Initialization code for multi buffer SHA256 algorithm for AVX2
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include "sha512_mb_mgr.h"
> -
> -void sha512_mb_mgr_init_avx2(struct sha512_mb_mgr *state)
> -{
> - unsigned int j;
> -
> - /* initially all lanes are unused */
> - state->lens[0] = 0xFFFFFFFF00000000;
> - state->lens[1] = 0xFFFFFFFF00000001;
> - state->lens[2] = 0xFFFFFFFF00000002;
> - state->lens[3] = 0xFFFFFFFF00000003;
> -
> - state->unused_lanes = 0xFF03020100;
> - for (j = 0; j < 4; j++)
> - state->ldata[j].job_in_lane = NULL;
> -}
> diff --git a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
> deleted file mode 100644
> index 4ba709ba78e5..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_mb_mgr_submit_avx2.S
> +++ /dev/null
> @@ -1,224 +0,0 @@
> -/*
> - * Buffer submit code for multi buffer SHA512 algorithm
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -#include <linux/linkage.h>
> -#include <asm/frame.h>
> -#include "sha512_mb_mgr_datastruct.S"
> -
> -.extern sha512_x4_avx2
> -
> -#define arg1 %rdi
> -#define arg2 %rsi
> -
> -#define idx %rdx
> -#define last_len %rdx
> -
> -#define size_offset %rcx
> -#define tmp2 %rcx
> -
> -# Common definitions
> -#define state arg1
> -#define job arg2
> -#define len2 arg2
> -#define p2 arg2
> -
> -#define p %r11
> -#define start_offset %r11
> -
> -#define unused_lanes %rbx
> -
> -#define job_rax %rax
> -#define len %rax
> -
> -#define lane %r12
> -#define tmp3 %r12
> -#define lens3 %r12
> -
> -#define extra_blocks %r8
> -#define lens0 %r8
> -
> -#define tmp %r9
> -#define lens1 %r9
> -
> -#define lane_data %r10
> -#define lens2 %r10
> -
> -#define DWORD_len %eax
> -
> -# JOB* sha512_mb_mgr_submit_avx2(MB_MGR *state, JOB *job)
> -# arg 1 : rcx : state
> -# arg 2 : rdx : job
> -ENTRY(sha512_mb_mgr_submit_avx2)
> - FRAME_BEGIN
> - push %rbx
> - push %r12
> -
> - mov _unused_lanes(state), unused_lanes
> - movzb %bl,lane
> - shr $8, unused_lanes
> - imul $_LANE_DATA_size, lane,lane_data
> - movl $STS_BEING_PROCESSED, _status(job)
> - lea _ldata(state, lane_data), lane_data
> - mov unused_lanes, _unused_lanes(state)
> - movl _len(job), DWORD_len
> -
> - mov job, _job_in_lane(lane_data)
> - movl DWORD_len,_lens+4(state , lane, 8)
> -
> - # Load digest words from result_digest
> - vmovdqu _result_digest+0*16(job), %xmm0
> - vmovdqu _result_digest+1*16(job), %xmm1
> - vmovdqu _result_digest+2*16(job), %xmm2
> - vmovdqu _result_digest+3*16(job), %xmm3
> -
> - vmovq %xmm0, _args_digest(state, lane, 8)
> - vpextrq $1, %xmm0, _args_digest+1*32(state , lane, 8)
> - vmovq %xmm1, _args_digest+2*32(state , lane, 8)
> - vpextrq $1, %xmm1, _args_digest+3*32(state , lane, 8)
> - vmovq %xmm2, _args_digest+4*32(state , lane, 8)
> - vpextrq $1, %xmm2, _args_digest+5*32(state , lane, 8)
> - vmovq %xmm3, _args_digest+6*32(state , lane, 8)
> - vpextrq $1, %xmm3, _args_digest+7*32(state , lane, 8)
> -
> - mov _buffer(job), p
> - mov p, _args_data_ptr(state, lane, 8)
> -
> - cmp $0xFF, unused_lanes
> - jne return_null
> -
> -start_loop:
> -
> - # Find min length
> - mov _lens+0*8(state),lens0
> - mov lens0,idx
> - mov _lens+1*8(state),lens1
> - cmp idx,lens1
> - cmovb lens1, idx
> - mov _lens+2*8(state),lens2
> - cmp idx,lens2
> - cmovb lens2,idx
> - mov _lens+3*8(state),lens3
> - cmp idx,lens3
> - cmovb lens3,idx
> - mov idx,len2
> - and $0xF,idx
> - and $~0xFF,len2
> - jz len_is_0
> -
> - sub len2,lens0
> - sub len2,lens1
> - sub len2,lens2
> - sub len2,lens3
> - shr $32,len2
> - mov lens0, _lens + 0*8(state)
> - mov lens1, _lens + 1*8(state)
> - mov lens2, _lens + 2*8(state)
> - mov lens3, _lens + 3*8(state)
> -
> - # "state" and "args" are the same address, arg1
> - # len is arg2
> - call sha512_x4_avx2
> - # state and idx are intact
> -
> -len_is_0:
> -
> - # process completed job "idx"
> - imul $_LANE_DATA_size, idx, lane_data
> - lea _ldata(state, lane_data), lane_data
> -
> - mov _job_in_lane(lane_data), job_rax
> - mov _unused_lanes(state), unused_lanes
> - movq $0, _job_in_lane(lane_data)
> - movl $STS_COMPLETED, _status(job_rax)
> - shl $8, unused_lanes
> - or idx, unused_lanes
> - mov unused_lanes, _unused_lanes(state)
> -
> - movl $0xFFFFFFFF,_lens+4(state,idx,8)
> - vmovq _args_digest+0*32(state , idx, 8), %xmm0
> - vpinsrq $1, _args_digest+1*32(state , idx, 8), %xmm0, %xmm0
> - vmovq _args_digest+2*32(state , idx, 8), %xmm1
> - vpinsrq $1, _args_digest+3*32(state , idx, 8), %xmm1, %xmm1
> - vmovq _args_digest+4*32(state , idx, 8), %xmm2
> - vpinsrq $1, _args_digest+5*32(state , idx, 8), %xmm2, %xmm2
> - vmovq _args_digest+6*32(state , idx, 8), %xmm3
> - vpinsrq $1, _args_digest+7*32(state , idx, 8), %xmm3, %xmm3
> -
> - vmovdqu %xmm0, _result_digest + 0*16(job_rax)
> - vmovdqu %xmm1, _result_digest + 1*16(job_rax)
> - vmovdqu %xmm2, _result_digest + 2*16(job_rax)
> - vmovdqu %xmm3, _result_digest + 3*16(job_rax)
> -
> -return:
> - pop %r12
> - pop %rbx
> - FRAME_END
> - ret
> -
> -return_null:
> - xor job_rax, job_rax
> - jmp return
> -ENDPROC(sha512_mb_mgr_submit_avx2)
> -
> -/* UNUSED?
> -.section .rodata.cst16, "aM", @progbits, 16
> -.align 16
> -H0: .int 0x6a09e667
> -H1: .int 0xbb67ae85
> -H2: .int 0x3c6ef372
> -H3: .int 0xa54ff53a
> -H4: .int 0x510e527f
> -H5: .int 0x9b05688c
> -H6: .int 0x1f83d9ab
> -H7: .int 0x5be0cd19
> -*/
> diff --git a/arch/x86/crypto/sha512-mb/sha512_x4_avx2.S b/arch/x86/crypto/sha512-mb/sha512_x4_avx2.S
> deleted file mode 100644
> index e22e907643a6..000000000000
> --- a/arch/x86/crypto/sha512-mb/sha512_x4_avx2.S
> +++ /dev/null
> @@ -1,531 +0,0 @@
> -/*
> - * Multi-buffer SHA512 algorithm hash compute routine
> - *
> - * This file is provided under a dual BSD/GPLv2 license. When using or
> - * redistributing this file, you may do so under either license.
> - *
> - * GPL LICENSE SUMMARY
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of version 2 of the GNU General Public License as
> - * published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful, but
> - * WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> - * General Public License for more details.
> - *
> - * Contact Information:
> - * Megha Dey <megha.dey@xxxxxxxxxxxxxxx>
> - *
> - * BSD LICENSE
> - *
> - * Copyright(c) 2016 Intel Corporation.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - *
> - * * Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * * Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in
> - * the documentation and/or other materials provided with the
> - * distribution.
> - * * Neither the name of Intel Corporation nor the names of its
> - * contributors may be used to endorse or promote products derived
> - * from this software without specific prior written permission.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -# code to compute quad SHA512 using AVX2
> -# use YMMs to tackle the larger digest size
> -# outer calling routine takes care of save and restore of XMM registers
> -# Logic designed/laid out by JDG
> -
> -# Function clobbers: rax, rcx, rdx, rbx, rsi, rdi, r9-r15; ymm0-15
> -# Stack must be aligned to 32 bytes before call
> -# Linux clobbers: rax rbx rcx rsi r8 r9 r10 r11 r12
> -# Linux preserves: rcx rdx rdi rbp r13 r14 r15
> -# clobbers ymm0-15
> -
> -#include <linux/linkage.h>
> -#include "sha512_mb_mgr_datastruct.S"
> -
> -arg1 = %rdi
> -arg2 = %rsi
> -
> -# Common definitions
> -STATE = arg1
> -INP_SIZE = arg2
> -
> -IDX = %rax
> -ROUND = %rbx
> -TBL = %r8
> -
> -inp0 = %r9
> -inp1 = %r10
> -inp2 = %r11
> -inp3 = %r12
> -
> -a = %ymm0
> -b = %ymm1
> -c = %ymm2
> -d = %ymm3
> -e = %ymm4
> -f = %ymm5
> -g = %ymm6
> -h = %ymm7
> -
> -a0 = %ymm8
> -a1 = %ymm9
> -a2 = %ymm10
> -
> -TT0 = %ymm14
> -TT1 = %ymm13
> -TT2 = %ymm12
> -TT3 = %ymm11
> -TT4 = %ymm10
> -TT5 = %ymm9
> -
> -T1 = %ymm14
> -TMP = %ymm15
> -
> -# Define stack usage
> -STACK_SPACE1 = SZ4*16 + NUM_SHA512_DIGEST_WORDS*SZ4 + 24
> -
> -#define VMOVPD vmovupd
> -_digest = SZ4*16
> -
> -# transpose r0, r1, r2, r3, t0, t1
> -# "transpose" data in {r0..r3} using temps {t0..t3}
> -# Input looks like: {r0 r1 r2 r3}
> -# r0 = {a7 a6 a5 a4 a3 a2 a1 a0}
> -# r1 = {b7 b6 b5 b4 b3 b2 b1 b0}
> -# r2 = {c7 c6 c5 c4 c3 c2 c1 c0}
> -# r3 = {d7 d6 d5 d4 d3 d2 d1 d0}
> -#
> -# output looks like: {t0 r1 r0 r3}
> -# t0 = {d1 d0 c1 c0 b1 b0 a1 a0}
> -# r1 = {d3 d2 c3 c2 b3 b2 a3 a2}
> -# r0 = {d5 d4 c5 c4 b5 b4 a5 a4}
> -# r3 = {d7 d6 c7 c6 b7 b6 a7 a6}
> -
> -.macro TRANSPOSE r0 r1 r2 r3 t0 t1
> - vshufps $0x44, \r1, \r0, \t0 # t0 = {b5 b4 a5 a4 b1 b0 a1 a0}
> - vshufps $0xEE, \r1, \r0, \r0 # r0 = {b7 b6 a7 a6 b3 b2 a3 a2}
> - vshufps $0x44, \r3, \r2, \t1 # t1 = {d5 d4 c5 c4 d1 d0 c1 c0}
> - vshufps $0xEE, \r3, \r2, \r2 # r2 = {d7 d6 c7 c6 d3 d2 c3 c2}
> -
> - vperm2f128 $0x20, \r2, \r0, \r1 # h6...a6
> - vperm2f128 $0x31, \r2, \r0, \r3 # h2...a2
> - vperm2f128 $0x31, \t1, \t0, \r0 # h5...a5
> - vperm2f128 $0x20, \t1, \t0, \t0 # h1...a1
> -.endm
> -
> -.macro ROTATE_ARGS
> -TMP_ = h
> -h = g
> -g = f
> -f = e
> -e = d
> -d = c
> -c = b
> -b = a
> -a = TMP_
> -.endm
> -
> -# PRORQ reg, imm, tmp
> -# packed-rotate-right-double
> -# does a rotate by doing two shifts and an or
> -.macro _PRORQ reg imm tmp
> - vpsllq $(64-\imm),\reg,\tmp
> - vpsrlq $\imm,\reg, \reg
> - vpor \tmp,\reg, \reg
> -.endm
> -
> -# non-destructive
> -# PRORQ_nd reg, imm, tmp, src
> -.macro _PRORQ_nd reg imm tmp src
> - vpsllq $(64-\imm), \src, \tmp
> - vpsrlq $\imm, \src, \reg
> - vpor \tmp, \reg, \reg
> -.endm
> -
> -# PRORQ dst/src, amt
> -.macro PRORQ reg imm
> - _PRORQ \reg, \imm, TMP
> -.endm
> -
> -# PRORQ_nd dst, src, amt
> -.macro PRORQ_nd reg tmp imm
> - _PRORQ_nd \reg, \imm, TMP, \tmp
> -.endm
> -
> -#; arguments passed implicitly in preprocessor symbols i, a...h
> -.macro ROUND_00_15 _T1 i
> - PRORQ_nd a0, e, (18-14) # sig1: a0 = (e >> 4)
> -
> - vpxor g, f, a2 # ch: a2 = f^g
> - vpand e,a2, a2 # ch: a2 = (f^g)&e
> - vpxor g, a2, a2 # a2 = ch
> -
> - PRORQ_nd a1,e,41 # sig1: a1 = (e >> 25)
> -
> - offset = SZ4*(\i & 0xf)
> - vmovdqu \_T1,offset(%rsp)
> - vpaddq (TBL,ROUND,1), \_T1, \_T1 # T1 = W + K
> - vpxor e,a0, a0 # sig1: a0 = e ^ (e >> 5)
> - PRORQ a0, 14 # sig1: a0 = (e >> 6) ^ (e >> 11)
> - vpaddq a2, h, h # h = h + ch
> - PRORQ_nd a2,a,6 # sig0: a2 = (a >> 11)
> - vpaddq \_T1,h, h # h = h + ch + W + K
> - vpxor a1, a0, a0 # a0 = sigma1
> - vmovdqu a,\_T1
> - PRORQ_nd a1,a,39 # sig0: a1 = (a >> 22)
> - vpxor c, \_T1, \_T1 # maj: T1 = a^c
> - add $SZ4, ROUND # ROUND++
> - vpand b, \_T1, \_T1 # maj: T1 = (a^c)&b
> - vpaddq a0, h, h
> - vpaddq h, d, d
> - vpxor a, a2, a2 # sig0: a2 = a ^ (a >> 11)
> - PRORQ a2,28 # sig0: a2 = (a >> 2) ^ (a >> 13)
> - vpxor a1, a2, a2 # a2 = sig0
> - vpand c, a, a1 # maj: a1 = a&c
> - vpor \_T1, a1, a1 # a1 = maj
> - vpaddq a1, h, h # h = h + ch + W + K + maj
> - vpaddq a2, h, h # h = h + ch + W + K + maj + sigma0
> - ROTATE_ARGS
> -.endm
> -
> -
> -#; arguments passed implicitly in preprocessor symbols i, a...h
> -.macro ROUND_16_XX _T1 i
> - vmovdqu SZ4*((\i-15)&0xf)(%rsp), \_T1
> - vmovdqu SZ4*((\i-2)&0xf)(%rsp), a1
> - vmovdqu \_T1, a0
> - PRORQ \_T1,7
> - vmovdqu a1, a2
> - PRORQ a1,42
> - vpxor a0, \_T1, \_T1
> - PRORQ \_T1, 1
> - vpxor a2, a1, a1
> - PRORQ a1, 19
> - vpsrlq $7, a0, a0
> - vpxor a0, \_T1, \_T1
> - vpsrlq $6, a2, a2
> - vpxor a2, a1, a1
> - vpaddq SZ4*((\i-16)&0xf)(%rsp), \_T1, \_T1
> - vpaddq SZ4*((\i-7)&0xf)(%rsp), a1, a1
> - vpaddq a1, \_T1, \_T1
> -
> - ROUND_00_15 \_T1,\i
> -.endm
> -
> -
> -# void sha512_x4_avx2(void *STATE, const int INP_SIZE)
> -# arg 1 : STATE : pointer to input data
> -# arg 2 : INP_SIZE : size of data in blocks (assumed >= 1)
> -ENTRY(sha512_x4_avx2)
> - # general registers preserved in outer calling routine
> - # outer calling routine saves all the XMM registers
> - # save callee-saved clobbered registers to comply with C function ABI
> - push %r12
> - push %r13
> - push %r14
> - push %r15
> -
> - sub $STACK_SPACE1, %rsp
> -
> - # Load the pre-transposed incoming digest.
> - vmovdqu 0*SHA512_DIGEST_ROW_SIZE(STATE),a
> - vmovdqu 1*SHA512_DIGEST_ROW_SIZE(STATE),b
> - vmovdqu 2*SHA512_DIGEST_ROW_SIZE(STATE),c
> - vmovdqu 3*SHA512_DIGEST_ROW_SIZE(STATE),d
> - vmovdqu 4*SHA512_DIGEST_ROW_SIZE(STATE),e
> - vmovdqu 5*SHA512_DIGEST_ROW_SIZE(STATE),f
> - vmovdqu 6*SHA512_DIGEST_ROW_SIZE(STATE),g
> - vmovdqu 7*SHA512_DIGEST_ROW_SIZE(STATE),h
> -
> - lea K512_4(%rip),TBL
> -
> - # load the address of each of the 4 message lanes
> - # getting ready to transpose input onto stack
> - mov _data_ptr+0*PTR_SZ(STATE),inp0
> - mov _data_ptr+1*PTR_SZ(STATE),inp1
> - mov _data_ptr+2*PTR_SZ(STATE),inp2
> - mov _data_ptr+3*PTR_SZ(STATE),inp3
> -
> - xor IDX, IDX
> -lloop:
> - xor ROUND, ROUND
> -
> - # save old digest
> - vmovdqu a, _digest(%rsp)
> - vmovdqu b, _digest+1*SZ4(%rsp)
> - vmovdqu c, _digest+2*SZ4(%rsp)
> - vmovdqu d, _digest+3*SZ4(%rsp)
> - vmovdqu e, _digest+4*SZ4(%rsp)
> - vmovdqu f, _digest+5*SZ4(%rsp)
> - vmovdqu g, _digest+6*SZ4(%rsp)
> - vmovdqu h, _digest+7*SZ4(%rsp)
> - i = 0
> -.rep 4
> - vmovdqu PSHUFFLE_BYTE_FLIP_MASK(%rip), TMP
> - VMOVPD i*32(inp0, IDX), TT2
> - VMOVPD i*32(inp1, IDX), TT1
> - VMOVPD i*32(inp2, IDX), TT4
> - VMOVPD i*32(inp3, IDX), TT3
> - TRANSPOSE TT2, TT1, TT4, TT3, TT0, TT5
> - vpshufb TMP, TT0, TT0
> - vpshufb TMP, TT1, TT1
> - vpshufb TMP, TT2, TT2
> - vpshufb TMP, TT3, TT3
> - ROUND_00_15 TT0,(i*4+0)
> - ROUND_00_15 TT1,(i*4+1)
> - ROUND_00_15 TT2,(i*4+2)
> - ROUND_00_15 TT3,(i*4+3)
> - i = (i+1)
> -.endr
> - add $128, IDX
> -
> - i = (i*4)
> -
> - jmp Lrounds_16_xx
> -.align 16
> -Lrounds_16_xx:
> -.rep 16
> - ROUND_16_XX T1, i
> - i = (i+1)
> -.endr
> - cmp $0xa00,ROUND
> - jb Lrounds_16_xx
> -
> - # add old digest
> - vpaddq _digest(%rsp), a, a
> - vpaddq _digest+1*SZ4(%rsp), b, b
> - vpaddq _digest+2*SZ4(%rsp), c, c
> - vpaddq _digest+3*SZ4(%rsp), d, d
> - vpaddq _digest+4*SZ4(%rsp), e, e
> - vpaddq _digest+5*SZ4(%rsp), f, f
> - vpaddq _digest+6*SZ4(%rsp), g, g
> - vpaddq _digest+7*SZ4(%rsp), h, h
> -
> - sub $1, INP_SIZE # unit is blocks
> - jne lloop
> -
> - # write back to memory (state object) the transposed digest
> - vmovdqu a, 0*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu b, 1*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu c, 2*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu d, 3*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu e, 4*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu f, 5*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu g, 6*SHA512_DIGEST_ROW_SIZE(STATE)
> - vmovdqu h, 7*SHA512_DIGEST_ROW_SIZE(STATE)
> -
> - # update input data pointers
> - add IDX, inp0
> - mov inp0, _data_ptr+0*PTR_SZ(STATE)
> - add IDX, inp1
> - mov inp1, _data_ptr+1*PTR_SZ(STATE)
> - add IDX, inp2
> - mov inp2, _data_ptr+2*PTR_SZ(STATE)
> - add IDX, inp3
> - mov inp3, _data_ptr+3*PTR_SZ(STATE)
> -
> - #;;;;;;;;;;;;;;;
> - #; Postamble
> - add $STACK_SPACE1, %rsp
> - # restore callee-saved clobbered registers
> -
> - pop %r15
> - pop %r14
> - pop %r13
> - pop %r12
> -
> - # outer calling routine restores XMM and other GP registers
> - ret
> -ENDPROC(sha512_x4_avx2)
> -
> -.section .rodata.K512_4, "a", @progbits
> -.align 64
> -K512_4:
> - .octa 0x428a2f98d728ae22428a2f98d728ae22,\
> - 0x428a2f98d728ae22428a2f98d728ae22
> - .octa 0x7137449123ef65cd7137449123ef65cd,\
> - 0x7137449123ef65cd7137449123ef65cd
> - .octa 0xb5c0fbcfec4d3b2fb5c0fbcfec4d3b2f,\
> - 0xb5c0fbcfec4d3b2fb5c0fbcfec4d3b2f
> - .octa 0xe9b5dba58189dbbce9b5dba58189dbbc,\
> - 0xe9b5dba58189dbbce9b5dba58189dbbc
> - .octa 0x3956c25bf348b5383956c25bf348b538,\
> - 0x3956c25bf348b5383956c25bf348b538
> - .octa 0x59f111f1b605d01959f111f1b605d019,\
> - 0x59f111f1b605d01959f111f1b605d019
> - .octa 0x923f82a4af194f9b923f82a4af194f9b,\
> - 0x923f82a4af194f9b923f82a4af194f9b
> - .octa 0xab1c5ed5da6d8118ab1c5ed5da6d8118,\
> - 0xab1c5ed5da6d8118ab1c5ed5da6d8118
> - .octa 0xd807aa98a3030242d807aa98a3030242,\
> - 0xd807aa98a3030242d807aa98a3030242
> - .octa 0x12835b0145706fbe12835b0145706fbe,\
> - 0x12835b0145706fbe12835b0145706fbe
> - .octa 0x243185be4ee4b28c243185be4ee4b28c,\
> - 0x243185be4ee4b28c243185be4ee4b28c
> - .octa 0x550c7dc3d5ffb4e2550c7dc3d5ffb4e2,\
> - 0x550c7dc3d5ffb4e2550c7dc3d5ffb4e2
> - .octa 0x72be5d74f27b896f72be5d74f27b896f,\
> - 0x72be5d74f27b896f72be5d74f27b896f
> - .octa 0x80deb1fe3b1696b180deb1fe3b1696b1,\
> - 0x80deb1fe3b1696b180deb1fe3b1696b1
> - .octa 0x9bdc06a725c712359bdc06a725c71235,\
> - 0x9bdc06a725c712359bdc06a725c71235
> - .octa 0xc19bf174cf692694c19bf174cf692694,\
> - 0xc19bf174cf692694c19bf174cf692694
> - .octa 0xe49b69c19ef14ad2e49b69c19ef14ad2,\
> - 0xe49b69c19ef14ad2e49b69c19ef14ad2
> - .octa 0xefbe4786384f25e3efbe4786384f25e3,\
> - 0xefbe4786384f25e3efbe4786384f25e3
> - .octa 0x0fc19dc68b8cd5b50fc19dc68b8cd5b5,\
> - 0x0fc19dc68b8cd5b50fc19dc68b8cd5b5
> - .octa 0x240ca1cc77ac9c65240ca1cc77ac9c65,\
> - 0x240ca1cc77ac9c65240ca1cc77ac9c65
> - .octa 0x2de92c6f592b02752de92c6f592b0275,\
> - 0x2de92c6f592b02752de92c6f592b0275
> - .octa 0x4a7484aa6ea6e4834a7484aa6ea6e483,\
> - 0x4a7484aa6ea6e4834a7484aa6ea6e483
> - .octa 0x5cb0a9dcbd41fbd45cb0a9dcbd41fbd4,\
> - 0x5cb0a9dcbd41fbd45cb0a9dcbd41fbd4
> - .octa 0x76f988da831153b576f988da831153b5,\
> - 0x76f988da831153b576f988da831153b5
> - .octa 0x983e5152ee66dfab983e5152ee66dfab,\
> - 0x983e5152ee66dfab983e5152ee66dfab
> - .octa 0xa831c66d2db43210a831c66d2db43210,\
> - 0xa831c66d2db43210a831c66d2db43210
> - .octa 0xb00327c898fb213fb00327c898fb213f,\
> - 0xb00327c898fb213fb00327c898fb213f
> - .octa 0xbf597fc7beef0ee4bf597fc7beef0ee4,\
> - 0xbf597fc7beef0ee4bf597fc7beef0ee4
> - .octa 0xc6e00bf33da88fc2c6e00bf33da88fc2,\
> - 0xc6e00bf33da88fc2c6e00bf33da88fc2
> - .octa 0xd5a79147930aa725d5a79147930aa725,\
> - 0xd5a79147930aa725d5a79147930aa725
> - .octa 0x06ca6351e003826f06ca6351e003826f,\
> - 0x06ca6351e003826f06ca6351e003826f
> - .octa 0x142929670a0e6e70142929670a0e6e70,\
> - 0x142929670a0e6e70142929670a0e6e70
> - .octa 0x27b70a8546d22ffc27b70a8546d22ffc,\
> - 0x27b70a8546d22ffc27b70a8546d22ffc
> - .octa 0x2e1b21385c26c9262e1b21385c26c926,\
> - 0x2e1b21385c26c9262e1b21385c26c926
> - .octa 0x4d2c6dfc5ac42aed4d2c6dfc5ac42aed,\
> - 0x4d2c6dfc5ac42aed4d2c6dfc5ac42aed
> - .octa 0x53380d139d95b3df53380d139d95b3df,\
> - 0x53380d139d95b3df53380d139d95b3df
> - .octa 0x650a73548baf63de650a73548baf63de,\
> - 0x650a73548baf63de650a73548baf63de
> - .octa 0x766a0abb3c77b2a8766a0abb3c77b2a8,\
> - 0x766a0abb3c77b2a8766a0abb3c77b2a8
> - .octa 0x81c2c92e47edaee681c2c92e47edaee6,\
> - 0x81c2c92e47edaee681c2c92e47edaee6
> - .octa 0x92722c851482353b92722c851482353b,\
> - 0x92722c851482353b92722c851482353b
> - .octa 0xa2bfe8a14cf10364a2bfe8a14cf10364,\
> - 0xa2bfe8a14cf10364a2bfe8a14cf10364
> - .octa 0xa81a664bbc423001a81a664bbc423001,\
> - 0xa81a664bbc423001a81a664bbc423001
> - .octa 0xc24b8b70d0f89791c24b8b70d0f89791,\
> - 0xc24b8b70d0f89791c24b8b70d0f89791
> - .octa 0xc76c51a30654be30c76c51a30654be30,\
> - 0xc76c51a30654be30c76c51a30654be30
> - .octa 0xd192e819d6ef5218d192e819d6ef5218,\
> - 0xd192e819d6ef5218d192e819d6ef5218
> - .octa 0xd69906245565a910d69906245565a910,\
> - 0xd69906245565a910d69906245565a910
> - .octa 0xf40e35855771202af40e35855771202a,\
> - 0xf40e35855771202af40e35855771202a
> - .octa 0x106aa07032bbd1b8106aa07032bbd1b8,\
> - 0x106aa07032bbd1b8106aa07032bbd1b8
> - .octa 0x19a4c116b8d2d0c819a4c116b8d2d0c8,\
> - 0x19a4c116b8d2d0c819a4c116b8d2d0c8
> - .octa 0x1e376c085141ab531e376c085141ab53,\
> - 0x1e376c085141ab531e376c085141ab53
> - .octa 0x2748774cdf8eeb992748774cdf8eeb99,\
> - 0x2748774cdf8eeb992748774cdf8eeb99
> - .octa 0x34b0bcb5e19b48a834b0bcb5e19b48a8,\
> - 0x34b0bcb5e19b48a834b0bcb5e19b48a8
> - .octa 0x391c0cb3c5c95a63391c0cb3c5c95a63,\
> - 0x391c0cb3c5c95a63391c0cb3c5c95a63
> - .octa 0x4ed8aa4ae3418acb4ed8aa4ae3418acb,\
> - 0x4ed8aa4ae3418acb4ed8aa4ae3418acb
> - .octa 0x5b9cca4f7763e3735b9cca4f7763e373,\
> - 0x5b9cca4f7763e3735b9cca4f7763e373
> - .octa 0x682e6ff3d6b2b8a3682e6ff3d6b2b8a3,\
> - 0x682e6ff3d6b2b8a3682e6ff3d6b2b8a3
> - .octa 0x748f82ee5defb2fc748f82ee5defb2fc,\
> - 0x748f82ee5defb2fc748f82ee5defb2fc
> - .octa 0x78a5636f43172f6078a5636f43172f60,\
> - 0x78a5636f43172f6078a5636f43172f60
> - .octa 0x84c87814a1f0ab7284c87814a1f0ab72,\
> - 0x84c87814a1f0ab7284c87814a1f0ab72
> - .octa 0x8cc702081a6439ec8cc702081a6439ec,\
> - 0x8cc702081a6439ec8cc702081a6439ec
> - .octa 0x90befffa23631e2890befffa23631e28,\
> - 0x90befffa23631e2890befffa23631e28
> - .octa 0xa4506cebde82bde9a4506cebde82bde9,\
> - 0xa4506cebde82bde9a4506cebde82bde9
> - .octa 0xbef9a3f7b2c67915bef9a3f7b2c67915,\
> - 0xbef9a3f7b2c67915bef9a3f7b2c67915
> - .octa 0xc67178f2e372532bc67178f2e372532b,\
> - 0xc67178f2e372532bc67178f2e372532b
> - .octa 0xca273eceea26619cca273eceea26619c,\
> - 0xca273eceea26619cca273eceea26619c
> - .octa 0xd186b8c721c0c207d186b8c721c0c207,\
> - 0xd186b8c721c0c207d186b8c721c0c207
> - .octa 0xeada7dd6cde0eb1eeada7dd6cde0eb1e,\
> - 0xeada7dd6cde0eb1eeada7dd6cde0eb1e
> - .octa 0xf57d4f7fee6ed178f57d4f7fee6ed178,\
> - 0xf57d4f7fee6ed178f57d4f7fee6ed178
> - .octa 0x06f067aa72176fba06f067aa72176fba,\
> - 0x06f067aa72176fba06f067aa72176fba
> - .octa 0x0a637dc5a2c898a60a637dc5a2c898a6,\
> - 0x0a637dc5a2c898a60a637dc5a2c898a6
> - .octa 0x113f9804bef90dae113f9804bef90dae,\
> - 0x113f9804bef90dae113f9804bef90dae
> - .octa 0x1b710b35131c471b1b710b35131c471b,\
> - 0x1b710b35131c471b1b710b35131c471b
> - .octa 0x28db77f523047d8428db77f523047d84,\
> - 0x28db77f523047d8428db77f523047d84
> - .octa 0x32caab7b40c7249332caab7b40c72493,\
> - 0x32caab7b40c7249332caab7b40c72493
> - .octa 0x3c9ebe0a15c9bebc3c9ebe0a15c9bebc,\
> - 0x3c9ebe0a15c9bebc3c9ebe0a15c9bebc
> - .octa 0x431d67c49c100d4c431d67c49c100d4c,\
> - 0x431d67c49c100d4c431d67c49c100d4c
> - .octa 0x4cc5d4becb3e42b64cc5d4becb3e42b6,\
> - 0x4cc5d4becb3e42b64cc5d4becb3e42b6
> - .octa 0x597f299cfc657e2a597f299cfc657e2a,\
> - 0x597f299cfc657e2a597f299cfc657e2a
> - .octa 0x5fcb6fab3ad6faec5fcb6fab3ad6faec,\
> - 0x5fcb6fab3ad6faec5fcb6fab3ad6faec
> - .octa 0x6c44198c4a4758176c44198c4a475817,\
> - 0x6c44198c4a4758176c44198c4a475817
> -
> -.section .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 32
> -.align 32
> -PSHUFFLE_BYTE_FLIP_MASK: .octa 0x08090a0b0c0d0e0f0001020304050607
> - .octa 0x18191a1b1c1d1e1f1011121314151617
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index f3e40ac56d93..4ee600bdefdb 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -213,20 +213,6 @@ config CRYPTO_CRYPTD
> converts an arbitrary synchronous software crypto algorithm
> into an asynchronous algorithm that executes in a kernel thread.
>
> -config CRYPTO_MCRYPTD
> - tristate "Software async multi-buffer crypto daemon"
> - select CRYPTO_BLKCIPHER
> - select CRYPTO_HASH
> - select CRYPTO_MANAGER
> - select CRYPTO_WORKQUEUE
> - help
> - This is a generic software asynchronous crypto daemon that
> - provides the kernel thread to assist multi-buffer crypto
> - algorithms for submitting jobs and flushing jobs in multi-buffer
> - crypto algorithms. Multi-buffer crypto algorithms are executed
> - in the context of this kernel thread and drivers can post
> - their crypto request asynchronously to be processed by this daemon.
> -
> config CRYPTO_AUTHENC
> tristate "Authenc support"
> select CRYPTO_AEAD
> @@ -848,54 +834,6 @@ config CRYPTO_SHA1_PPC_SPE
> SHA-1 secure hash standard (DFIPS 180-4) implemented
> using powerpc SPE SIMD instruction set.
>
> -config CRYPTO_SHA1_MB
> - tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
> - depends on X86 && 64BIT
> - select CRYPTO_SHA1
> - select CRYPTO_HASH
> - select CRYPTO_MCRYPTD
> - help
> - SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
> - using multi-buffer technique. This algorithm computes on
> - multiple data lanes concurrently with SIMD instructions for
> - better throughput. It should not be enabled by default but
> - used when there is significant amount of work to keep the keep
> - the data lanes filled to get performance benefit. If the data
> - lanes remain unfilled, a flush operation will be initiated to
> - process the crypto jobs, adding a slight latency.
> -
> -config CRYPTO_SHA256_MB
> - tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
> - depends on X86 && 64BIT
> - select CRYPTO_SHA256
> - select CRYPTO_HASH
> - select CRYPTO_MCRYPTD
> - help
> - SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
> - using multi-buffer technique. This algorithm computes on
> - multiple data lanes concurrently with SIMD instructions for
> - better throughput. It should not be enabled by default but
> - used when there is significant amount of work to keep the keep
> - the data lanes filled to get performance benefit. If the data
> - lanes remain unfilled, a flush operation will be initiated to
> - process the crypto jobs, adding a slight latency.
> -
> -config CRYPTO_SHA512_MB
> - tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
> - depends on X86 && 64BIT
> - select CRYPTO_SHA512
> - select CRYPTO_HASH
> - select CRYPTO_MCRYPTD
> - help
> - SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
> - using multi-buffer technique. This algorithm computes on
> - multiple data lanes concurrently with SIMD instructions for
> - better throughput. It should not be enabled by default but
> - used when there is significant amount of work to keep the keep
> - the data lanes filled to get performance benefit. If the data
> - lanes remain unfilled, a flush operation will be initiated to
> - process the crypto jobs, adding a slight latency.
> -
> config CRYPTO_SHA256
> tristate "SHA224 and SHA256 digest algorithm"
> select CRYPTO_HASH
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 6d1d40eeb964..80e3da755cbf 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -93,7 +93,6 @@ obj-$(CONFIG_CRYPTO_MORUS640) += morus640.o
> obj-$(CONFIG_CRYPTO_MORUS1280) += morus1280.o
> obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
> obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
> -obj-$(CONFIG_CRYPTO_MCRYPTD) += mcryptd.o
> obj-$(CONFIG_CRYPTO_DES) += des_generic.o
> obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
> obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish_generic.o
> diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c
> deleted file mode 100644
> index f14152147ce8..000000000000
> --- a/crypto/mcryptd.c
> +++ /dev/null
> @@ -1,675 +0,0 @@
> -/*
> - * Software multibuffer async crypto daemon.
> - *
> - * Copyright (c) 2014 Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * Adapted from crypto daemon.
> - *
> - * This program is free software; you can redistribute it and/or modify it
> - * under the terms of the GNU General Public License as published by the Free
> - * Software Foundation; either version 2 of the License, or (at your option)
> - * any later version.
> - *
> - */
> -
> -#include <crypto/algapi.h>
> -#include <crypto/internal/hash.h>
> -#include <crypto/internal/aead.h>
> -#include <crypto/mcryptd.h>
> -#include <crypto/crypto_wq.h>
> -#include <linux/err.h>
> -#include <linux/init.h>
> -#include <linux/kernel.h>
> -#include <linux/list.h>
> -#include <linux/module.h>
> -#include <linux/scatterlist.h>
> -#include <linux/sched.h>
> -#include <linux/sched/stat.h>
> -#include <linux/slab.h>
> -
> -#define MCRYPTD_MAX_CPU_QLEN 100
> -#define MCRYPTD_BATCH 9
> -
> -static void *mcryptd_alloc_instance(struct crypto_alg *alg, unsigned int head,
> - unsigned int tail);
> -
> -struct mcryptd_flush_list {
> - struct list_head list;
> - struct mutex lock;
> -};
> -
> -static struct mcryptd_flush_list __percpu *mcryptd_flist;
> -
> -struct hashd_instance_ctx {
> - struct crypto_ahash_spawn spawn;
> - struct mcryptd_queue *queue;
> -};
> -
> -static void mcryptd_queue_worker(struct work_struct *work);
> -
> -void mcryptd_arm_flusher(struct mcryptd_alg_cstate *cstate, unsigned long delay)
> -{
> - struct mcryptd_flush_list *flist;
> -
> - if (!cstate->flusher_engaged) {
> - /* put the flusher on the flush list */
> - flist = per_cpu_ptr(mcryptd_flist, smp_processor_id());
> - mutex_lock(&flist->lock);
> - list_add_tail(&cstate->flush_list, &flist->list);
> - cstate->flusher_engaged = true;
> - cstate->next_flush = jiffies + delay;
> - queue_delayed_work_on(smp_processor_id(), kcrypto_wq,
> - &cstate->flush, delay);
> - mutex_unlock(&flist->lock);
> - }
> -}
> -EXPORT_SYMBOL(mcryptd_arm_flusher);
> -
> -static int mcryptd_init_queue(struct mcryptd_queue *queue,
> - unsigned int max_cpu_qlen)
> -{
> - int cpu;
> - struct mcryptd_cpu_queue *cpu_queue;
> -
> - queue->cpu_queue = alloc_percpu(struct mcryptd_cpu_queue);
> - pr_debug("mqueue:%p mcryptd_cpu_queue %p\n", queue, queue->cpu_queue);
> - if (!queue->cpu_queue)
> - return -ENOMEM;
> - for_each_possible_cpu(cpu) {
> - cpu_queue = per_cpu_ptr(queue->cpu_queue, cpu);
> - pr_debug("cpu_queue #%d %p\n", cpu, queue->cpu_queue);
> - crypto_init_queue(&cpu_queue->queue, max_cpu_qlen);
> - INIT_WORK(&cpu_queue->work, mcryptd_queue_worker);
> - spin_lock_init(&cpu_queue->q_lock);
> - }
> - return 0;
> -}
> -
> -static void mcryptd_fini_queue(struct mcryptd_queue *queue)
> -{
> - int cpu;
> - struct mcryptd_cpu_queue *cpu_queue;
> -
> - for_each_possible_cpu(cpu) {
> - cpu_queue = per_cpu_ptr(queue->cpu_queue, cpu);
> - BUG_ON(cpu_queue->queue.qlen);
> - }
> - free_percpu(queue->cpu_queue);
> -}
> -
> -static int mcryptd_enqueue_request(struct mcryptd_queue *queue,
> - struct crypto_async_request *request,
> - struct mcryptd_hash_request_ctx *rctx)
> -{
> - int cpu, err;
> - struct mcryptd_cpu_queue *cpu_queue;
> -
> - cpu_queue = raw_cpu_ptr(queue->cpu_queue);
> - spin_lock(&cpu_queue->q_lock);
> - cpu = smp_processor_id();
> - rctx->tag.cpu = smp_processor_id();
> -
> - err = crypto_enqueue_request(&cpu_queue->queue, request);
> - pr_debug("enqueue request: cpu %d cpu_queue %p request %p\n",
> - cpu, cpu_queue, request);
> - spin_unlock(&cpu_queue->q_lock);
> - queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
> -
> - return err;
> -}
> -
> -/*
> - * Try to opportunisticlly flush the partially completed jobs if
> - * crypto daemon is the only task running.
> - */
> -static void mcryptd_opportunistic_flush(void)
> -{
> - struct mcryptd_flush_list *flist;
> - struct mcryptd_alg_cstate *cstate;
> -
> - flist = per_cpu_ptr(mcryptd_flist, smp_processor_id());
> - while (single_task_running()) {
> - mutex_lock(&flist->lock);
> - cstate = list_first_entry_or_null(&flist->list,
> - struct mcryptd_alg_cstate, flush_list);
> - if (!cstate || !cstate->flusher_engaged) {
> - mutex_unlock(&flist->lock);
> - return;
> - }
> - list_del(&cstate->flush_list);
> - cstate->flusher_engaged = false;
> - mutex_unlock(&flist->lock);
> - cstate->alg_state->flusher(cstate);
> - }
> -}
> -
> -/*
> - * Called in workqueue context, do one real cryption work (via
> - * req->complete) and reschedule itself if there are more work to
> - * do.
> - */
> -static void mcryptd_queue_worker(struct work_struct *work)
> -{
> - struct mcryptd_cpu_queue *cpu_queue;
> - struct crypto_async_request *req, *backlog;
> - int i;
> -
> - /*
> - * Need to loop through more than once for multi-buffer to
> - * be effective.
> - */
> -
> - cpu_queue = container_of(work, struct mcryptd_cpu_queue, work);
> - i = 0;
> - while (i < MCRYPTD_BATCH || single_task_running()) {
> -
> - spin_lock_bh(&cpu_queue->q_lock);
> - backlog = crypto_get_backlog(&cpu_queue->queue);
> - req = crypto_dequeue_request(&cpu_queue->queue);
> - spin_unlock_bh(&cpu_queue->q_lock);
> -
> - if (!req) {
> - mcryptd_opportunistic_flush();
> - return;
> - }
> -
> - if (backlog)
> - backlog->complete(backlog, -EINPROGRESS);
> - req->complete(req, 0);
> - if (!cpu_queue->queue.qlen)
> - return;
> - ++i;
> - }
> - if (cpu_queue->queue.qlen)
> - queue_work_on(smp_processor_id(), kcrypto_wq, &cpu_queue->work);
> -}
> -
> -void mcryptd_flusher(struct work_struct *__work)
> -{
> - struct mcryptd_alg_cstate *alg_cpu_state;
> - struct mcryptd_alg_state *alg_state;
> - struct mcryptd_flush_list *flist;
> - int cpu;
> -
> - cpu = smp_processor_id();
> - alg_cpu_state = container_of(to_delayed_work(__work),
> - struct mcryptd_alg_cstate, flush);
> - alg_state = alg_cpu_state->alg_state;
> - if (alg_cpu_state->cpu != cpu)
> - pr_debug("mcryptd error: work on cpu %d, should be cpu %d\n",
> - cpu, alg_cpu_state->cpu);
> -
> - if (alg_cpu_state->flusher_engaged) {
> - flist = per_cpu_ptr(mcryptd_flist, cpu);
> - mutex_lock(&flist->lock);
> - list_del(&alg_cpu_state->flush_list);
> - alg_cpu_state->flusher_engaged = false;
> - mutex_unlock(&flist->lock);
> - alg_state->flusher(alg_cpu_state);
> - }
> -}
> -EXPORT_SYMBOL_GPL(mcryptd_flusher);
> -
> -static inline struct mcryptd_queue *mcryptd_get_queue(struct crypto_tfm *tfm)
> -{
> - struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
> - struct mcryptd_instance_ctx *ictx = crypto_instance_ctx(inst);
> -
> - return ictx->queue;
> -}
> -
> -static void *mcryptd_alloc_instance(struct crypto_alg *alg, unsigned int head,
> - unsigned int tail)
> -{
> - char *p;
> - struct crypto_instance *inst;
> - int err;
> -
> - p = kzalloc(head + sizeof(*inst) + tail, GFP_KERNEL);
> - if (!p)
> - return ERR_PTR(-ENOMEM);
> -
> - inst = (void *)(p + head);
> -
> - err = -ENAMETOOLONG;
> - if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
> - "mcryptd(%s)", alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
> - goto out_free_inst;
> -
> - memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
> -
> - inst->alg.cra_priority = alg->cra_priority + 50;
> - inst->alg.cra_blocksize = alg->cra_blocksize;
> - inst->alg.cra_alignmask = alg->cra_alignmask;
> -
> -out:
> - return p;
> -
> -out_free_inst:
> - kfree(p);
> - p = ERR_PTR(err);
> - goto out;
> -}
> -
> -static inline bool mcryptd_check_internal(struct rtattr **tb, u32 *type,
> - u32 *mask)
> -{
> - struct crypto_attr_type *algt;
> -
> - algt = crypto_get_attr_type(tb);
> - if (IS_ERR(algt))
> - return false;
> -
> - *type |= algt->type & CRYPTO_ALG_INTERNAL;
> - *mask |= algt->mask & CRYPTO_ALG_INTERNAL;
> -
> - if (*type & *mask & CRYPTO_ALG_INTERNAL)
> - return true;
> - else
> - return false;
> -}
> -
> -static int mcryptd_hash_init_tfm(struct crypto_tfm *tfm)
> -{
> - struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
> - struct hashd_instance_ctx *ictx = crypto_instance_ctx(inst);
> - struct crypto_ahash_spawn *spawn = &ictx->spawn;
> - struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
> - struct crypto_ahash *hash;
> -
> - hash = crypto_spawn_ahash(spawn);
> - if (IS_ERR(hash))
> - return PTR_ERR(hash);
> -
> - ctx->child = hash;
> - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
> - sizeof(struct mcryptd_hash_request_ctx) +
> - crypto_ahash_reqsize(hash));
> - return 0;
> -}
> -
> -static void mcryptd_hash_exit_tfm(struct crypto_tfm *tfm)
> -{
> - struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
> -
> - crypto_free_ahash(ctx->child);
> -}
> -
> -static int mcryptd_hash_setkey(struct crypto_ahash *parent,
> - const u8 *key, unsigned int keylen)
> -{
> - struct mcryptd_hash_ctx *ctx = crypto_ahash_ctx(parent);
> - struct crypto_ahash *child = ctx->child;
> - int err;
> -
> - crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
> - crypto_ahash_set_flags(child, crypto_ahash_get_flags(parent) &
> - CRYPTO_TFM_REQ_MASK);
> - err = crypto_ahash_setkey(child, key, keylen);
> - crypto_ahash_set_flags(parent, crypto_ahash_get_flags(child) &
> - CRYPTO_TFM_RES_MASK);
> - return err;
> -}
> -
> -static int mcryptd_hash_enqueue(struct ahash_request *req,
> - crypto_completion_t complete)
> -{
> - int ret;
> -
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> - struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> - struct mcryptd_queue *queue =
> - mcryptd_get_queue(crypto_ahash_tfm(tfm));
> -
> - rctx->complete = req->base.complete;
> - req->base.complete = complete;
> -
> - ret = mcryptd_enqueue_request(queue, &req->base, rctx);
> -
> - return ret;
> -}
> -
> -static void mcryptd_hash_init(struct crypto_async_request *req_async, int err)
> -{
> - struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
> - struct crypto_ahash *child = ctx->child;
> - struct ahash_request *req = ahash_request_cast(req_async);
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> - struct ahash_request *desc = &rctx->areq;
> -
> - if (unlikely(err == -EINPROGRESS))
> - goto out;
> -
> - ahash_request_set_tfm(desc, child);
> - ahash_request_set_callback(desc, CRYPTO_TFM_REQ_MAY_SLEEP,
> - rctx->complete, req_async);
> -
> - rctx->out = req->result;
> - err = crypto_ahash_init(desc);
> -
> -out:
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> -}
> -
> -static int mcryptd_hash_init_enqueue(struct ahash_request *req)
> -{
> - return mcryptd_hash_enqueue(req, mcryptd_hash_init);
> -}
> -
> -static void mcryptd_hash_update(struct crypto_async_request *req_async, int err)
> -{
> - struct ahash_request *req = ahash_request_cast(req_async);
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> -
> - if (unlikely(err == -EINPROGRESS))
> - goto out;
> -
> - rctx->out = req->result;
> - err = crypto_ahash_update(&rctx->areq);
> - if (err) {
> - req->base.complete = rctx->complete;
> - goto out;
> - }
> -
> - return;
> -out:
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> -}
> -
> -static int mcryptd_hash_update_enqueue(struct ahash_request *req)
> -{
> - return mcryptd_hash_enqueue(req, mcryptd_hash_update);
> -}
> -
> -static void mcryptd_hash_final(struct crypto_async_request *req_async, int err)
> -{
> - struct ahash_request *req = ahash_request_cast(req_async);
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> -
> - if (unlikely(err == -EINPROGRESS))
> - goto out;
> -
> - rctx->out = req->result;
> - err = crypto_ahash_final(&rctx->areq);
> - if (err) {
> - req->base.complete = rctx->complete;
> - goto out;
> - }
> -
> - return;
> -out:
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> -}
> -
> -static int mcryptd_hash_final_enqueue(struct ahash_request *req)
> -{
> - return mcryptd_hash_enqueue(req, mcryptd_hash_final);
> -}
> -
> -static void mcryptd_hash_finup(struct crypto_async_request *req_async, int err)
> -{
> - struct ahash_request *req = ahash_request_cast(req_async);
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> -
> - if (unlikely(err == -EINPROGRESS))
> - goto out;
> - rctx->out = req->result;
> - err = crypto_ahash_finup(&rctx->areq);
> -
> - if (err) {
> - req->base.complete = rctx->complete;
> - goto out;
> - }
> -
> - return;
> -out:
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> -}
> -
> -static int mcryptd_hash_finup_enqueue(struct ahash_request *req)
> -{
> - return mcryptd_hash_enqueue(req, mcryptd_hash_finup);
> -}
> -
> -static void mcryptd_hash_digest(struct crypto_async_request *req_async, int err)
> -{
> - struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
> - struct crypto_ahash *child = ctx->child;
> - struct ahash_request *req = ahash_request_cast(req_async);
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> - struct ahash_request *desc = &rctx->areq;
> -
> - if (unlikely(err == -EINPROGRESS))
> - goto out;
> -
> - ahash_request_set_tfm(desc, child);
> - ahash_request_set_callback(desc, CRYPTO_TFM_REQ_MAY_SLEEP,
> - rctx->complete, req_async);
> -
> - rctx->out = req->result;
> - err = crypto_ahash_init(desc) ?: crypto_ahash_finup(desc);
> -
> -out:
> - local_bh_disable();
> - rctx->complete(&req->base, err);
> - local_bh_enable();
> -}
> -
> -static int mcryptd_hash_digest_enqueue(struct ahash_request *req)
> -{
> - return mcryptd_hash_enqueue(req, mcryptd_hash_digest);
> -}
> -
> -static int mcryptd_hash_export(struct ahash_request *req, void *out)
> -{
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> -
> - return crypto_ahash_export(&rctx->areq, out);
> -}
> -
> -static int mcryptd_hash_import(struct ahash_request *req, const void *in)
> -{
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> -
> - return crypto_ahash_import(&rctx->areq, in);
> -}
> -
> -static int mcryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
> - struct mcryptd_queue *queue)
> -{
> - struct hashd_instance_ctx *ctx;
> - struct ahash_instance *inst;
> - struct hash_alg_common *halg;
> - struct crypto_alg *alg;
> - u32 type = 0;
> - u32 mask = 0;
> - int err;
> -
> - if (!mcryptd_check_internal(tb, &type, &mask))
> - return -EINVAL;
> -
> - halg = ahash_attr_alg(tb[1], type, mask);
> - if (IS_ERR(halg))
> - return PTR_ERR(halg);
> -
> - alg = &halg->base;
> - pr_debug("crypto: mcryptd hash alg: %s\n", alg->cra_name);
> - inst = mcryptd_alloc_instance(alg, ahash_instance_headroom(),
> - sizeof(*ctx));
> - err = PTR_ERR(inst);
> - if (IS_ERR(inst))
> - goto out_put_alg;
> -
> - ctx = ahash_instance_ctx(inst);
> - ctx->queue = queue;
> -
> - err = crypto_init_ahash_spawn(&ctx->spawn, halg,
> - ahash_crypto_instance(inst));
> - if (err)
> - goto out_free_inst;
> -
> - inst->alg.halg.base.cra_flags = CRYPTO_ALG_ASYNC |
> - (alg->cra_flags & (CRYPTO_ALG_INTERNAL |
> - CRYPTO_ALG_OPTIONAL_KEY));
> -
> - inst->alg.halg.digestsize = halg->digestsize;
> - inst->alg.halg.statesize = halg->statesize;
> - inst->alg.halg.base.cra_ctxsize = sizeof(struct mcryptd_hash_ctx);
> -
> - inst->alg.halg.base.cra_init = mcryptd_hash_init_tfm;
> - inst->alg.halg.base.cra_exit = mcryptd_hash_exit_tfm;
> -
> - inst->alg.init = mcryptd_hash_init_enqueue;
> - inst->alg.update = mcryptd_hash_update_enqueue;
> - inst->alg.final = mcryptd_hash_final_enqueue;
> - inst->alg.finup = mcryptd_hash_finup_enqueue;
> - inst->alg.export = mcryptd_hash_export;
> - inst->alg.import = mcryptd_hash_import;
> - if (crypto_hash_alg_has_setkey(halg))
> - inst->alg.setkey = mcryptd_hash_setkey;
> - inst->alg.digest = mcryptd_hash_digest_enqueue;
> -
> - err = ahash_register_instance(tmpl, inst);
> - if (err) {
> - crypto_drop_ahash(&ctx->spawn);
> -out_free_inst:
> - kfree(inst);
> - }
> -
> -out_put_alg:
> - crypto_mod_put(alg);
> - return err;
> -}
> -
> -static struct mcryptd_queue mqueue;
> -
> -static int mcryptd_create(struct crypto_template *tmpl, struct rtattr **tb)
> -{
> - struct crypto_attr_type *algt;
> -
> - algt = crypto_get_attr_type(tb);
> - if (IS_ERR(algt))
> - return PTR_ERR(algt);
> -
> - switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) {
> - case CRYPTO_ALG_TYPE_DIGEST:
> - return mcryptd_create_hash(tmpl, tb, &mqueue);
> - break;
> - }
> -
> - return -EINVAL;
> -}
> -
> -static void mcryptd_free(struct crypto_instance *inst)
> -{
> - struct mcryptd_instance_ctx *ctx = crypto_instance_ctx(inst);
> - struct hashd_instance_ctx *hctx = crypto_instance_ctx(inst);
> -
> - switch (inst->alg.cra_flags & CRYPTO_ALG_TYPE_MASK) {
> - case CRYPTO_ALG_TYPE_AHASH:
> - crypto_drop_ahash(&hctx->spawn);
> - kfree(ahash_instance(inst));
> - return;
> - default:
> - crypto_drop_spawn(&ctx->spawn);
> - kfree(inst);
> - }
> -}
> -
> -static struct crypto_template mcryptd_tmpl = {
> - .name = "mcryptd",
> - .create = mcryptd_create,
> - .free = mcryptd_free,
> - .module = THIS_MODULE,
> -};
> -
> -struct mcryptd_ahash *mcryptd_alloc_ahash(const char *alg_name,
> - u32 type, u32 mask)
> -{
> - char mcryptd_alg_name[CRYPTO_MAX_ALG_NAME];
> - struct crypto_ahash *tfm;
> -
> - if (snprintf(mcryptd_alg_name, CRYPTO_MAX_ALG_NAME,
> - "mcryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
> - return ERR_PTR(-EINVAL);
> - tfm = crypto_alloc_ahash(mcryptd_alg_name, type, mask);
> - if (IS_ERR(tfm))
> - return ERR_CAST(tfm);
> - if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
> - crypto_free_ahash(tfm);
> - return ERR_PTR(-EINVAL);
> - }
> -
> - return __mcryptd_ahash_cast(tfm);
> -}
> -EXPORT_SYMBOL_GPL(mcryptd_alloc_ahash);
> -
> -struct crypto_ahash *mcryptd_ahash_child(struct mcryptd_ahash *tfm)
> -{
> - struct mcryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
> -
> - return ctx->child;
> -}
> -EXPORT_SYMBOL_GPL(mcryptd_ahash_child);
> -
> -struct ahash_request *mcryptd_ahash_desc(struct ahash_request *req)
> -{
> - struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
> - return &rctx->areq;
> -}
> -EXPORT_SYMBOL_GPL(mcryptd_ahash_desc);
> -
> -void mcryptd_free_ahash(struct mcryptd_ahash *tfm)
> -{
> - crypto_free_ahash(&tfm->base);
> -}
> -EXPORT_SYMBOL_GPL(mcryptd_free_ahash);
> -
> -static int __init mcryptd_init(void)
> -{
> - int err, cpu;
> - struct mcryptd_flush_list *flist;
> -
> - mcryptd_flist = alloc_percpu(struct mcryptd_flush_list);
> - for_each_possible_cpu(cpu) {
> - flist = per_cpu_ptr(mcryptd_flist, cpu);
> - INIT_LIST_HEAD(&flist->list);
> - mutex_init(&flist->lock);
> - }
> -
> - err = mcryptd_init_queue(&mqueue, MCRYPTD_MAX_CPU_QLEN);
> - if (err) {
> - free_percpu(mcryptd_flist);
> - return err;
> - }
> -
> - err = crypto_register_template(&mcryptd_tmpl);
> - if (err) {
> - mcryptd_fini_queue(&mqueue);
> - free_percpu(mcryptd_flist);
> - }
> -
> - return err;
> -}
> -
> -static void __exit mcryptd_exit(void)
> -{
> - mcryptd_fini_queue(&mqueue);
> - crypto_unregister_template(&mcryptd_tmpl);
> - free_percpu(mcryptd_flist);
> -}
> -
> -subsys_initcall(mcryptd_init);
> -module_exit(mcryptd_exit);
> -
> -MODULE_LICENSE("GPL");
> -MODULE_DESCRIPTION("Software async multibuffer crypto daemon");
> -MODULE_ALIAS_CRYPTO("mcryptd");
> diff --git a/include/crypto/mcryptd.h b/include/crypto/mcryptd.h
> deleted file mode 100644
> index b67404fc4b34..000000000000
> --- a/include/crypto/mcryptd.h
> +++ /dev/null
> @@ -1,114 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0 */
> -/*
> - * Software async multibuffer crypto daemon headers
> - *
> - * Author:
> - * Tim Chen <tim.c.chen@xxxxxxxxxxxxxxx>
> - *
> - * Copyright (c) 2014, Intel Corporation.
> - */
> -
> -#ifndef _CRYPTO_MCRYPT_H
> -#define _CRYPTO_MCRYPT_H
> -
> -#include <linux/crypto.h>
> -#include <linux/kernel.h>
> -#include <crypto/hash.h>
> -
> -struct mcryptd_ahash {
> - struct crypto_ahash base;
> -};
> -
> -static inline struct mcryptd_ahash *__mcryptd_ahash_cast(
> - struct crypto_ahash *tfm)
> -{
> - return (struct mcryptd_ahash *)tfm;
> -}
> -
> -struct mcryptd_cpu_queue {
> - struct crypto_queue queue;
> - spinlock_t q_lock;
> - struct work_struct work;
> -};
> -
> -struct mcryptd_queue {
> - struct mcryptd_cpu_queue __percpu *cpu_queue;
> -};
> -
> -struct mcryptd_instance_ctx {
> - struct crypto_spawn spawn;
> - struct mcryptd_queue *queue;
> -};
> -
> -struct mcryptd_hash_ctx {
> - struct crypto_ahash *child;
> - struct mcryptd_alg_state *alg_state;
> -};
> -
> -struct mcryptd_tag {
> - /* seq number of request */
> - unsigned seq_num;
> - /* arrival time of request */
> - unsigned long arrival;
> - unsigned long expire;
> - int cpu;
> -};
> -
> -struct mcryptd_hash_request_ctx {
> - struct list_head waiter;
> - crypto_completion_t complete;
> - struct mcryptd_tag tag;
> - struct crypto_hash_walk walk;
> - u8 *out;
> - int flag;
> - struct ahash_request areq;
> -};
> -
> -struct mcryptd_ahash *mcryptd_alloc_ahash(const char *alg_name,
> - u32 type, u32 mask);
> -struct crypto_ahash *mcryptd_ahash_child(struct mcryptd_ahash *tfm);
> -struct ahash_request *mcryptd_ahash_desc(struct ahash_request *req);
> -void mcryptd_free_ahash(struct mcryptd_ahash *tfm);
> -void mcryptd_flusher(struct work_struct *work);
> -
> -enum mcryptd_req_type {
> - MCRYPTD_NONE,
> - MCRYPTD_UPDATE,
> - MCRYPTD_FINUP,
> - MCRYPTD_DIGEST,
> - MCRYPTD_FINAL
> -};
> -
> -struct mcryptd_alg_cstate {
> - unsigned long next_flush;
> - unsigned next_seq_num;
> - bool flusher_engaged;
> - struct delayed_work flush;
> - int cpu;
> - struct mcryptd_alg_state *alg_state;
> - void *mgr;
> - spinlock_t work_lock;
> - struct list_head work_list;
> - struct list_head flush_list;
> -};
> -
> -struct mcryptd_alg_state {
> - struct mcryptd_alg_cstate __percpu *alg_cstate;
> - unsigned long (*flusher)(struct mcryptd_alg_cstate *cstate);
> -};
> -
> -/* return delay in jiffies from current time */
> -static inline unsigned long get_delay(unsigned long t)
> -{
> - long delay;
> -
> - delay = (long) t - (long) jiffies;
> - if (delay <= 0)
> - return 0;
> - else
> - return (unsigned long) delay;
> -}
> -
> -void mcryptd_arm_flusher(struct mcryptd_alg_cstate *cstate, unsigned long delay);
> -
> -#endif
>