Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-23T19:18:48+00:00 2026-02-23T19:18:48+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-23T19:18:48+00:00 urn:sha1:7dff99b354601dd01829e1511711846e04340a69 This config option goes way back - it used to be an internal debug option to random.c (at that point called DEBUG_RANDOM_BOOT), then was renamed and exposed as a config option as CONFIG_WARN_UNSEEDED_RANDOM, and then further renamed to the current CONFIG_WARN_ALL_UNSEEDED_RANDOM. It was all done with the best of intentions: the more limited rate-limited reports were reporting some cases, but if you wanted to see all the gory details, you'd enable this "ALL" option. However, it turns out - perhaps not surprisingly - that when people don't care about and fix the first rate-limited cases, they most certainly don't care about any others either, and so warning about all of them isn't actually helping anything. And the non-ratelimited reporting causes problems, where well-meaning people enable debug options, but the excessive flood of messages that nobody cares about will hide actual real information when things go wrong. I just got a kernel bug report (which had nothing to do with randomness) where two thirds of the the truncated dmesg was just variations of random: get_random_u32 called from __get_random_u32_below+0x10/0x70 with crng_init=0 and in the process early boot messages had been lost (in addition to making the messages that _hadn't_ been lost harder to read). The proper way to find these things for the hypothetical developer that cares - if such a person exists - is almost certainly with boot time tracing. That gives you the option to get call graphs etc too, which is likely a requirement for fixing any problems anyway. See Documentation/trace/boottime-trace.rst for that option. And if we for some reason do want to re-introduce actual printing of these things, it will need to have some uniqueness filtering rather than this "just print it all" model. Fixes: cc1e127bfa95 ("random: remove ratelimiting for in-kernel unseeded randomness") Acked-by: Jason Donenfeld <Jason@zx2c4.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2025-12-03T03:00:26+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-12-03T03:00:26+00:00 urn:sha1:3f9f0252130e7dd60d41be0802bf58f6471c691d Pull random number generator updates from Jason Donenfeld: - Dynamically allocate cpumasks off of the stack if the kernel is configured for a lot of CPUs, to handle a -Wframe-larger-than case - The removal of next_pseudo_random32() after the last user was switched over to the prandom interface - The removal of get_random_u{8,16,32,64}_wait() functions, as there were no users of those at all - Some house keeping changes - a few grammar cleanups in the comments, system_unbound_wq was renamed to system_dfl_wq, and static_key_initialized no longer needs to be checked * tag 'random-6.19-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random: random: complete sentence of comment random: drop check for static_key_initialized random: remove unused get_random_var_wait functions random: replace use of system_unbound_wq with system_dfl_wq random: use offstack cpumask when necessary prandom: remove next_pseudo_random32 media: vivid: use prandom random: add missing words in function comments 2025-11-25T01:54:37+00:00 Jason A. Donenfeld Jason@zx2c4.com 2025-11-25T01:54:37+00:00 urn:sha1:90fb9b98fcf5e668a13676d6e8cd546b6990d002 Complete the sentence by adding "is set", rather than having it dangle as a sentence fragment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-11-11T00:25:31+00:00 Thomas Weißschuh thomas.weissschuh@linutronix.de 2025-11-11T00:13:06+00:00 urn:sha1:2db833312d7e6ae22111a6fd3e733b2a14986a29 Commit e871abcda3b6 ("random: handle creditable entropy from atomic process context") added the use of workqueues, which meant testing whether the workqueue is valid, but it did not remove the existing check of whether static keys have been initialized. This static key check is unnecessary because workqueues are initialized long after it. And semantically it doesn't make much sense either, because it's not really directly calling a static key function in the condition. Remove the now unnecessary check. Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> [Jason: rewrite commit message with different explanation, rebase on random.git, and update code comment.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:40:12+00:00 Marco Crivellari marco.crivellari@suse.com 2025-10-30T15:57:28+00:00 urn:sha1:aba5f969f886d298c7fc777538a12b52095203ab system_unbound_wq has been renamed to system_dfl_wq in 128ea9f6ccfb ("workqueue: Add system_percpu_wq and system_dfl_wq"), so update random.c's usage of it system_unbound_wq to reflect the new change. The old system_unbound_wq is slated for removal in the next few cycles. Suggested-by: Tejun Heo <tj@kernel.org> Signed-off-by: Marco Crivellari <marco.crivellari@suse.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:35:26+00:00 Arnd Bergmann arnd@arndb.de 2025-06-10T09:27:08+00:00 urn:sha1:5d49f1a5bd358d24e5f88b23b46da833de1dbec8 The entropy generation function keeps a local cpu mask on the stack, which can trigger warnings in configurations with a large number of CPUs: drivers/char/random.c:1292:20: error: stack frame size (1288) exceeds limit (1280) in 'try_to_generate_entropy' [-Werror,-Wframe-larger-than] Use the cpumask interface to dynamically allocate it in those configurations. Fixes: 1c21fe00eda7 ("random: spread out jitter callback to different CPUs") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T17:35:26+00:00 Thorsten Blum thorsten.blum@linux.dev 2025-02-19T21:00:31+00:00 urn:sha1:a6a4d97f0d7686f94a11193d82286e25d53266bb s/good as/as good as/ Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2025-10-30T05:04:24+00:00 Eric Biggers ebiggers@kernel.org 2025-10-18T04:30:58+00:00 urn:sha1:5e0ec8e46d4d6488242bb39a4ce5c0276afa5f32 For consistency with the SHA-1, SHA-2, SHA-3 (in development), and MD5 library APIs, rename blake2s_state to blake2s_ctx. As a refresher, the ctx name: - Is a bit shorter. - Avoids confusion with the compression function state, which is also often called the state (but is just part of the full context). - Is consistent with OpenSSL. Not a big deal, of course. But consistency is nice. With a BLAKE2b library API about to be added, this is a convenient time to update this. Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20251018043106.375964-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org>