Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-03-26T09:10:58+00:00 2026-03-26T09:10:58+00:00 Eric Biggers ebiggers@kernel.org 2026-03-16T20:21:19+00:00 urn:sha1:4b56770d345524fc2acc143a2b85539cf7d74bc1 The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at least). Fix this by adding the flag like what the other drivers do. Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just get ignored and overridden by the registration function anyway. Reported-by: Zorro Lang <zlang@redhat.com> Closes: https://lore.kernel.org/r/20260314080937.pghb4aa7d4je3mhh@dell-per750-06-vm-08.rhts.eng.pek2.redhat.com Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Cc: stable@vger.kernel.org Cc: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-01-13T11:25:38+00:00 Uwe Kleine-König u.kleine-koenig@baylibre.com 2025-12-10T08:31:37+00:00 urn:sha1:ba3588410cedb1696cfe56ebefcc4401c6d0bb36 The return value of struct device_driver::remove is ignored by the core (see device_remove() in drivers/base/dd.c). So it doesn't make sense to let the host1x remove callback return an int just to ignore it later. So make the callback return void. All current implementors return 0, so they are easily converted. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com> Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com> # tegra20 tegra-video Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Thierry Reding <treding@nvidia.com> Link: https://patch.msgid.link/d364fd4ec043d36ee12e46eaef98c57658884f63.1765355236.git.u.kleine-koenig@baylibre.com 2025-09-13T04:11:06+00:00 Qianfeng Rong rongqianfeng@vivo.com 2025-09-03T13:25:37+00:00 urn:sha1:a710a71cd8ad294937e03b352cd71deb7ad08700 Change the 'ret' variable in tegra_sha_do_update() from unsigned int to int, as it needs to store either negative error codes or zero returned by tegra_se_host1x_submit(). No effect on runtime. Signed-off-by: Qianfeng Rong <rongqianfeng@vivo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-08-30T07:43:26+00:00 Liao Yuanhong liaoyuanhong@vivo.com 2025-08-20T12:37:52+00:00 urn:sha1:8595bcb09b05a6c712c35f03ef701e7785895b51 Logging messages that show some type of "out of memory" error are generally unnecessary as there is a generic message and a stack dump done by the memory subsystem. These messages generally increase kernel size without much added value[1]. The dev_err_probe() doesn't do anything when error is '-ENOMEM'. Therefore, remove the useless call to dev_err_probe(), and just return the value instead. [1]: https://lore.kernel.org/lkml/1402419340.30479.18.camel@joe-AO725/ Signed-off-by: Liao Yuanhong <liaoyuanhong@vivo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-04-16T07:16:21+00:00 Ovidiu Panait ovidiu.panait.oss@gmail.com 2025-04-07T12:36:04+00:00 urn:sha1:c1024581ff2c34db4fdfe857b29f606e5117eb12 Rather than setting up the fallback request by hand, use ahash_request_set_callback() and ahash_request_set_crypt() API helpers to properly setup the new request. Signed-off-by: Ovidiu Panait <ovidiu.panait.oss@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-04-07T05:22:25+00:00 Akhil R akhilrajeev@nvidia.com 2025-03-26T14:51:10+00:00 urn:sha1:1ddaff40c08abb926be5ba713c5efc412d0836c5 Modifying the crypto_request turns out to be not the right way to handle the stale value issue with the IV. Though the IV is not used for AES ECB, it eventually get used in algorithms like LRW in the next step after AES ECB encryption/decryption. Setting req->iv to NULL breaks the implementation of such algorithms. Hence modify only the local reqctx to check for IV. Fixes: bde558220866 ("crypto: tegra - Set IV to NULL explicitly for AES ECB") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-03-21T09:33:38+00:00 Nathan Chancellor nathan@kernel.org 2025-03-13T15:29:31+00:00 urn:sha1:795e5bdb0ada2c77ea28611d88f1d5d7ca9b2f4d When building for 32-bit targets, for which ssize_t is 'int' instead of 'long', there is a warning due to an incorrect format specifier: In file included from include/linux/printk.h:610, from include/linux/kernel.h:31, from include/linux/clk.h:13, from drivers/crypto/tegra/tegra-se-hash.c:7: drivers/crypto/tegra/tegra-se-hash.c: In function 'tegra_sha_prep_cmd': drivers/crypto/tegra/tegra-se-hash.c:343:26: error: format '%lu' expects argument of type 'long unsigned int', but argument 6 has type 'ssize_t' {aka 'int'} [-Werror=format=] 343 | dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... drivers/crypto/tegra/tegra-se-hash.c:343:59: note: format string is defined here 343 | dev_dbg(se->dev, "msg len %llu msg left %llu sz %lu cfg %#x", | ~~^ | | | long unsigned int | %u cc1: all warnings being treated as errors Use '%zd', the proper specifier for ssize_t, to resolve the warning. Fixes: ff4b7df0b511 ("crypto: tegra - Fix HASH intermediate result handling") Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-03-08T08:23:22+00:00 Akhil R akhilrajeev@nvidia.com 2025-02-24T09:16:10+00:00 urn:sha1:f80a2e2e77bedd0aa645a60f89b4f581c70accda The intermediate results for HMAC is stored in the allocated keyslot by the hardware. Dynamic allocation of keyslot during an operation is hence not possible. As the number of keyslots are limited in the hardware, fallback to the HMAC software implementation if keyslots are not available Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") Signed-off-by: Akhil R <akhilrajeev@nvidia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>