Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.19.11 2026-03-04T12:20:54+00:00 2026-03-04T12:20:54+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-23T19:18:48+00:00 urn:sha1:a02cc485d2c7b64d5f643696faa262c1747034ef [ Upstream commit 7dff99b354601dd01829e1511711846e04340a69 ] This config option goes way back - it used to be an internal debug option to random.c (at that point called DEBUG_RANDOM_BOOT), then was renamed and exposed as a config option as CONFIG_WARN_UNSEEDED_RANDOM, and then further renamed to the current CONFIG_WARN_ALL_UNSEEDED_RANDOM. It was all done with the best of intentions: the more limited rate-limited reports were reporting some cases, but if you wanted to see all the gory details, you'd enable this "ALL" option. However, it turns out - perhaps not surprisingly - that when people don't care about and fix the first rate-limited cases, they most certainly don't care about any others either, and so warning about all of them isn't actually helping anything. And the non-ratelimited reporting causes problems, where well-meaning people enable debug options, but the excessive flood of messages that nobody cares about will hide actual real information when things go wrong. I just got a kernel bug report (which had nothing to do with randomness) where two thirds of the the truncated dmesg was just variations of random: get_random_u32 called from __get_random_u32_below+0x10/0x70 with crng_init=0 and in the process early boot messages had been lost (in addition to making the messages that _hadn't_ been lost harder to read). The proper way to find these things for the hypothetical developer that cares - if such a person exists - is almost certainly with boot time tracing. That gives you the option to get call graphs etc too, which is likely a requirement for fixing any problems anyway. See Documentation/trace/boottime-trace.rst for that option. And if we for some reason do want to re-introduce actual printing of these things, it will need to have some uniqueness filtering rather than this "just print it all" model. Fixes: cc1e127bfa95 ("random: remove ratelimiting for in-kernel unseeded randomness") Acked-by: Jason Donenfeld <Jason@zx2c4.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-12-03T03:00:26+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-03T03:00:26+00:00 urn:sha1:3f9f0252130e7dd60d41be0802bf58f6471c691d Pull random number generator updates from Jason Donenfeld: - Dynamically allocate cpumasks off of the stack if the kernel is configured for a lot of CPUs, to handle a -Wframe-larger-than case - The removal of next_pseudo_random32() after the last user was switched over to the prandom interface - The removal of get_random_u{8,16,32,64}_wait() functions, as there were no users of those at all - Some house keeping changes - a few grammar cleanups in the comments, system_unbound_wq was renamed to system_dfl_wq, and static_key_initialized no longer needs to be checked * tag 'random-6.19-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random: random: complete sentence of comment random: drop check for static_key_initialized random: remove unused get_random_var_wait functions random: replace use of system_unbound_wq with system_dfl_wq random: use offstack cpumask when necessary prandom: remove next_pseudo_random32 media: vivid: use prandom random: add missing words in function comments 2025-11-25T01:54:37+00:00 Jason A. Donenfeld Jason@zx2c4.com 2025-11-25T01:54:37+00:00 urn:sha1:90fb9b98fcf5e668a13676d6e8cd546b6990d002 Complete the sentence by adding "is set", rather than having it dangle as a sentence fragment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-11-11T00:25:31+00:00 Thomas Weißschuh thomas.weissschuh@linutronix.de 2025-11-11T00:13:06+00:00 urn:sha1:2db833312d7e6ae22111a6fd3e733b2a14986a29 Commit e871abcda3b6 ("random: handle creditable entropy from atomic process context") added the use of workqueues, which meant testing whether the workqueue is valid, but it did not remove the existing check of whether static keys have been initialized. This static key check is unnecessary because workqueues are initialized long after it. And semantically it doesn't make much sense either, because it's not really directly calling a static key function in the condition. Remove the now unnecessary check. Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> [Jason: rewrite commit message with different explanation, rebase on random.git, and update code comment.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:40:12+00:00 Marco Crivellari marco.crivellari@suse.com 2025-10-30T15:57:28+00:00 urn:sha1:aba5f969f886d298c7fc777538a12b52095203ab system_unbound_wq has been renamed to system_dfl_wq in 128ea9f6ccfb ("workqueue: Add system_percpu_wq and system_dfl_wq"), so update random.c's usage of it system_unbound_wq to reflect the new change. The old system_unbound_wq is slated for removal in the next few cycles. Suggested-by: Tejun Heo <tj@kernel.org> Signed-off-by: Marco Crivellari <marco.crivellari@suse.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:35:26+00:00 Arnd Bergmann arnd@arndb.de 2025-06-10T09:27:08+00:00 urn:sha1:5d49f1a5bd358d24e5f88b23b46da833de1dbec8 The entropy generation function keeps a local cpu mask on the stack, which can trigger warnings in configurations with a large number of CPUs: drivers/char/random.c:1292:20: error: stack frame size (1288) exceeds limit (1280) in 'try_to_generate_entropy' [-Werror,-Wframe-larger-than] Use the cpumask interface to dynamically allocate it in those configurations. Fixes: 1c21fe00eda7 ("random: spread out jitter callback to different CPUs") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:35:26+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-02-19T21:00:31+00:00 urn:sha1:a6a4d97f0d7686f94a11193d82286e25d53266bb s/good as/as good as/ Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T05:04:24+00:00 Eric Biggers ebiggers@kernel.org 2025-10-18T04:30:58+00:00 urn:sha1:5e0ec8e46d4d6488242bb39a4ce5c0276afa5f32 For consistency with the SHA-1, SHA-2, SHA-3 (in development), and MD5 library APIs, rename blake2s_state to blake2s_ctx. As a refresher, the ctx name: - Is a bit shorter. - Avoids confusion with the compression function state, which is also often called the state (but is just part of the full context). - Is consistent with OpenSSL. Not a big deal, of course. But consistency is nice. With a BLAKE2b library API about to be added, this is a convenient time to update this. Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20251018043106.375964-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2025-10-30T05:04:24+00:00 Eric Biggers ebiggers@kernel.org 2025-10-18T04:30:57+00:00 urn:sha1:50b8e36994a042103ea92b6d9f6d7de725f9ac5f Reorder the parameters of blake2s() from (out, in, key, outlen, inlen, keylen) to (key, keylen, in, inlen, out, outlen). This aligns BLAKE2s with the common conventions of pairing buffers and their lengths, and having outputs follow inputs. This is widely used elsewhere in lib/crypto/ and crypto/, and even elsewhere in the BLAKE2s code itself such as blake2s_init_key() and blake2s_final(). So blake2s() was a bit of an exception. Notably, this results in the same order as hmac_*_usingrawkey(). Note that since the type signature changed, it's not possible for a blake2s() call site to be silently missed. Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20251018043106.375964-2-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2025-05-27T17:48:36+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-05-27T17:48:36+00:00 urn:sha1:97851c601636a0e40f8237b83a6b70fc5e231e0c Pull rate-limit updates from Paul McKenney: "lib/ratelimit: Reduce false-positive and silent misses: - Reduce open-coded use of ratelimit_state structure fields. - Convert the ->missed field to atomic_t. - Count misses that are due to lock contention. - Eliminate jiffies=0 special case. - Reduce ___ratelimit() false-positive rate limiting (Petr Mladek). - Allow zero ->burst to hard-disable rate limiting. - Optimize away atomic operations when a miss is guaranteed. - Warn if ->interval or ->burst are negative (Petr Mladek). - Simplify the resulting code. A smoke test and stress test have been created, but they are not yet ready for mainline. With luck, we will offer them for the v6.17 merge window" * tag 'ratelimit.2025.05.25a' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu: ratelimit: Drop redundant accesses to burst ratelimit: Use nolock_ret restructuring to collapse common case code ratelimit: Use nolock_ret label to collapse lock-failure code ratelimit: Use nolock_ret label to save a couple of lines of code ratelimit: Simplify common-case exit path ratelimit: Warn if ->interval or ->burst are negative ratelimit: Avoid atomic decrement under lock if already rate-limited ratelimit: Avoid atomic decrement if already rate-limited ratelimit: Don't flush misses counter if RATELIMIT_MSG_ON_RELEASE ratelimit: Force re-initialization when rate-limiting re-enabled ratelimit: Allow zero ->burst to disable ratelimiting ratelimit: Reduce ___ratelimit() false-positive rate limiting ratelimit: Avoid jiffies=0 special case ratelimit: Count misses due to lock contention ratelimit: Convert the ->missed field to atomic_t drm/amd/pm: Avoid open-coded use of ratelimit_state structure's internals drm/i915: Avoid open-coded use of ratelimit_state structure's ->missed field random: Avoid open-coded use of ratelimit_state structure's ->missed field ratelimit: Create functions to handle ratelimit_state internals