Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=master 2026-04-16T09:29:40+00:00 2026-04-16T09:29:40+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-04-11T21:08:17+00:00 urn:sha1:3ba3b02f897b14e34977e1886d95ffe64d907204 eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra_driver_name (e.g. "sha256-eip93") but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since the EIP93 hash algorithms are the only ones registered under those driver names and they are inherently async, the lookup is self-contradictory and always fails with -ENOENT. When called from the AEAD setkey path, this failure leaves the SA record partially initialized with zeroed digest fields. A subsequent crypto operation then dereferences a NULL pointer in the request context, resulting in a kernel panic: ``` pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93] lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93] sp : ffffffc082feb820 x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000 x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980 x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0 x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000 x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009 x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0 Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740) ``` The reported symbol eip93_aead_handle_result+0xc8c is a resolution artifact from static functions being merged under the nearest exported symbol. Decoding the faulting sequence: ``` 910142b6 ADD X22, X21, #0x50 f94012e0 LDR X0, [X23, #0x20] f9002aa0 STR X0, [X21, #0x50] f90006d3 STR X19, [X22, #0x8] f9400740 LDR X0, [X26, #0x8] ``` The faulting LDR at [X26, #0x8] is loading ctx->flags (offset 8 in eip93_hash_ctx), where ctx has been resolved to NULL from a partially initialized or unreachable transform context following the failed setkey. Fix this by dropping the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call. The code already handles async completion correctly via crypto_wait_req(), so there is no requirement to restrict the lookup to synchronous algorithms. Note that hashing a single 64-byte block through the hardware is likely slower than doing it in software due to the DMA round-trip overhead, but offloading it may still spare CPU cycles on the slower embedded cores where this IP is found. Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> [Detailed investigation report of this bug] Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-03-27T09:52:44+00:00 Mieczyslaw Nalewaj namiltd@yahoo.com 2026-03-21T10:23:06+00:00 urn:sha1:fdacdc8cf897703a5a3e8b521448befbb6620034 Add the missing > characters to the end of the email address Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-03-27T09:52:44+00:00 Mieczyslaw Nalewaj namiltd@yahoo.com 2026-03-21T09:59:37+00:00 urn:sha1:9503ab5a1d0ef4cad2731d88699d7e6bb1a8a85d Correct the typo in the name "ecb(des-eip93)". Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-03-27T09:52:44+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-03-20T21:19:23+00:00 urn:sha1:5c8009f3c1885d5d996acdcd7e884aff25ac26a4 Econet SoCs feature an integrated EIP93 in revision 3.0p1. It is identical to the one used by the Airoha AN7581 and the MediaTek MT7621. Ahmed reports that the EN7528 passes testmgr's self-tests. This driver should also work on other little endian Econet SoCs. CC: Ahmed Naseef <naseefkm@gmail.com> Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: Antoine Tenart <atenart@kernel.org> Tested-by: Ahmed Naseef <naseefkm@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-03-15T04:23:13+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-03-06T22:17:40+00:00 urn:sha1:5377032914b29b4643adece0ff1dfc67e36700f4 Register hash before hmac and authenc algorithms. This will ensure selftests pass at startup. Previously, selftests failed on the crypto_alloc_ahash() function since the associated algorithm was not yet registered. Fixes following error: ... [ 18.375811] alg: self-tests for authenc(hmac(sha1),cbc(aes)) using authenc(hmac(sha1-eip93),cbc(aes-eip93)) failed (rc=-2) [ 18.382140] alg: self-tests for authenc(hmac(sha224),rfc3686(ctr(aes))) using authenc(hmac(sha224-eip93),rfc3686(ctr(aes-eip93))) failed (rc=-2) [ 18.395029] alg: aead: authenc(hmac(sha256-eip93),cbc(des-eip93)) setkey failed on test vector 0; expected_error=0, actual_error=-2, flags=0x1 [ 18.409734] alg: aead: authenc(hmac(md5-eip93),cbc(des3_ede-eip93)) setkey failed on test vector 0; expected_error=0, actual_error=-2, flags=0x1 ... Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-02-28T03:54:14+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-02-08T10:35:53+00:00 urn:sha1:b7abbc8c7acaeb60c114b038f1fa91bbedb3d16a Checked the register definitions with the documentation[1]. Turns out that the PKTE_INBUF_CNT register has a bad offset. It's used in Direct Host Mode (DHM). The driver uses Autonomous Ring Mode (ARM), so it causes no harm. 1. ADSP-SC58x/ADSP-2158x SHARC+ Processor Hardware Reference Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-02-28T03:53:58+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-02-03T18:21:52+00:00 urn:sha1:f050e4209ab0ba3f13bb6272a07ce87cbea922c9 This patch adds support for the following AEAD ciphersuites: - authenc(hmac(md5),cbc(aes)) - authenc(hmac(md5),cbc(des))) - authenc(hmac(md5),cbc(des3_ede)) - authenc(hmac(md5),rfc3686(ctr(aes))) The first three ciphersuites were tested using testmgr and the recently sent test vectors. They passed self-tests. This is enhanced version of the patch found in the mtk-openwrt-feeds repo. Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-02-28T03:53:58+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-02-03T18:21:51+00:00 urn:sha1:c75daa3730132c55dea7cc9c0f8818aea491fe0c Move authenc(sha1,des) and authenc(sha1,3des) ciphersuites to appropriate groups. No functional changes intended. Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org>