Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-22T01:09:51+00:00 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2025-11-06T06:31:08+00:00 Gaurav Kashyap gaurav.kashyap@oss.qualcomm.com 2025-10-29T08:25:31+00:00 urn:sha1:457be301fc6f8731c825b19b9be55a8d72c624b8 The previous version check made it difficult to support newer major versions (e.g., v6.0) without adding extra checks/macros. Update the logic to only reject v5.0 and allow future versions without additional changes. Signed-off-by: Gaurav Kashyap <gaurav.kashyap@oss.qualcomm.com> Signed-off-by: Jingyi Wang <jingyi.wang@oss.qualcomm.com> Reviewed-by: Bjorn Andersson <andersson@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-31T09:50:42+00:00 Bjorn Andersson bjorn.andersson@oss.qualcomm.com 2025-10-24T21:35:07+00:00 urn:sha1:f5e297a112fa0dd31e09246709c859bb38dfba0b On multiple occasions the qce device have shown up in devices_deferred, without the explanation that this came from the failure to acquire the DMA channels from the associated BAM. Use dev_err_probe() to associate this context with the failure to faster pinpoint the culprit when this happens in the future. Signed-off-by: Bjorn Andersson <bjorn.andersson@oss.qualcomm.com> Reviewed-by: Abel Vesa <abel.vesa@linaro.org> Reviewed-by: David Heidelberg <david@ixit.cz> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-21T14:46:24+00:00 Nathan Chancellor nathan@kernel.org 2024-12-18T20:11:17+00:00 urn:sha1:7b6092ee7a4ce2d03dc65b87537889e8e1e0ab95 Commit ce8fd0500b74 ("crypto: qce - use __free() for a buffer that's always freed") introduced a buggy use of __free(), which clang rightfully points out: drivers/crypto/qce/sha.c:365:3: error: cannot jump from this goto statement to its label 365 | goto err_free_ahash; | ^ drivers/crypto/qce/sha.c:373:6: note: jump bypasses initialization of variable with __attribute__((cleanup)) 373 | u8 *buf __free(kfree) = kzalloc(keylen + QCE_MAX_ALIGN_SIZE, | ^ Jumping over a variable declared with the cleanup attribute does not prevent the cleanup function from running; instead, the cleanup function is called with an uninitialized value. Moving the declaration back to the top function with __free() and a NULL initialization would resolve the bug but that is really not much different from the original code. Since the function is so simple and there is no functional reason to use __free() here, just revert the original change to resolve the issue. Fixes: ce8fd0500b74 ("crypto: qce - use __free() for a buffer that's always freed") Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Closes: https://lore.kernel.org/CA+G9fYtpAwXa5mUQ5O7vDLK2xN4t-kJoxgUe1ZFRT=AGqmLSRA@mail.gmail.com/ Signed-off-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-14T09:21:43+00:00 Eric Biggers ebiggers@google.com 2024-12-03T18:05:53+00:00 urn:sha1:49b9258b05b97c6464e1964b6a2fddb3ddb65d17 As QCE is an order of magnitude slower than the ARMv8 Crypto Extensions on the CPU, and is also less well tested, give it a lower priority. Previously the QCE SHA algorithms had higher priority than the ARMv8 CE equivalents, and the ciphers such as AES-XTS had the same priority which meant the QCE versions were chosen if they happened to be loaded later. Fixes: ec8f5d8f6f76 ("crypto: qce - Qualcomm crypto engine driver") Cc: stable@vger.kernel.org Cc: Bartosz Golaszewski <brgl@bgdev.pl> Cc: Neil Armstrong <neil.armstrong@linaro.org> Cc: Thara Gopinath <thara.gopinath@gmail.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-14T09:21:43+00:00 Bartosz Golaszewski bartosz.golaszewski@linaro.org 2024-12-03T09:19:37+00:00 urn:sha1:3382c44f0c6fb26469b1df75575643c68c421291 Having switched to workqueue from tasklet, we are no longer limited to atomic APIs and can now convert the spinlock to a mutex. This, along with the conversion from tasklet to workqueue grants us ~15% improvement in cryptsetup benchmarks for AES encryption. While at it: use guards to simplify locking code. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-14T09:21:43+00:00 Bartosz Golaszewski bartosz.golaszewski@linaro.org 2024-12-03T09:19:36+00:00 urn:sha1:eb7986e5e14d3db69e387da2c8bcef92b4c1a625 There's nothing about the qce driver that requires running from a tasklet. Switch to using the system workqueue. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-14T09:21:43+00:00 Bartosz Golaszewski bartosz.golaszewski@linaro.org 2024-12-03T09:19:35+00:00 urn:sha1:ce8fd0500b741b3669c246cc604f1f2343cdd6fd The buffer allocated in qce_ahash_hmac_setkey is always freed before returning to use __free() to automate it. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-12-14T09:21:43+00:00 Bartosz Golaszewski bartosz.golaszewski@linaro.org 2024-12-03T09:19:34+00:00 urn:sha1:c151535cf46fd0b6cc34884762dd1610c628bac1 Make qce_register_algs() a managed interface. This allows us to further simplify the remove() callback. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>