Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-22T01:09:51+00:00 2026-02-22T01:09:51+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42+00:00 urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28+00:00 Kees Cook kees@kernel.org 2026-02-21T07:49:23+00:00 urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-01-14T09:20:51+00:00 Thorsten Blum thorsten.blum@linux.dev 2026-01-05T12:49:41+00:00 urn:sha1:a0db08f47c836251fbaccf711e12fe8428235465 In tee_params_to_amd_params() and amd_params_to_tee_params(), return 0 directly and remove the unused return variables. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2025-04-29T08:57:57+00:00 Mario Limonciello mario.limonciello@amd.com 2025-04-21T15:22:23+00:00 urn:sha1:136deca59b1613c22aebfb0c8508dd02363c7142 Various headers have been added over time that are not added alphabetically and a private header is used before one of the linux/ headers. Resort the list. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2025-04-29T08:57:40+00:00 Mario Limonciello mario.limonciello@amd.com 2025-04-21T15:22:22+00:00 urn:sha1:7b0323666b260faef6db1a9fbe9bcce0c9bd750f amd-tee inconsistently uses the word amd-tee in error messages. Add a `pr_fmt()` define and remove the hardcoded use of amd-tee. Also, remove the unnecessary driver init successful message because there will be a message if failed and a user can assume it was successful otherwise. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2024-04-03T07:19:31+00:00 Sumit Garg sumit.garg@linaro.org 2024-03-25T15:11:01+00:00 urn:sha1:0439fcff304acdedfc493dbf900dce86922fd31f Since commit 25559c22cef8 ("tee: add kernel internal client interface"), it has been a common include/linux/tee_drv.h header file which is shared to hold TEE subsystem internal bits along with the APIs exposed to the TEE client drivers. However, this practice is prone to TEE subsystem internal APIs abuse and especially so with the new TEE implementation drivers being added to reuse existing functionality. In order to address this split TEE subsystem internal bits as a separate header file: include/linux/tee_core.h which should be the one used by TEE implementation drivers. With that include/linux/tee_drv.h lists only APIs exposed by TEE subsystem to the TEE client drivers. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2023-10-03T17:13:53+00:00 Rijo Thomas Rijo-john.Thomas@amd.com 2023-09-29T07:00:24+00:00 urn:sha1:f4384b3e54ea813868bb81a861bf5b2406e15d8f There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in another thread, amdtee_open_session() is called before destroy_session() has completed execution, alloc_session() may return 'sess' that will be freed up later in destroy_session() leading to use-after-free in amdtee_open_session. To fix this issue, treat decrement of sess->refcount and removal of 'sess' from session list in destroy_session() as a critical section, so that it is executed atomically. Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Cc: stable@vger.kernel.org Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2023-05-15T06:29:52+00:00 Rijo Thomas Rijo-john.Thomas@amd.com 2023-05-09T07:32:40+00:00 urn:sha1:436eeae0411acdfc54521ddea80ee76d4ae8a7ea After TEE has completed processing of TEE_CMD_ID_LOAD_TA, set proper value in 'return_origin' argument passed by open_session() call. To do so, add 'return_origin' field to the structure tee_cmd_load_ta. The Trusted OS shall update return_origin as part of TEE processing. This change to 'struct tee_cmd_load_ta' interface requires a similar update in AMD-TEE Trusted OS's TEE_CMD_ID_LOAD_TA interface. This patch has been verified on Phoenix Birman setup. On older APUs, return_origin value will be 0. Cc: stable@vger.kernel.org Fixes: 757cc3e9ff1d ("tee: add AMD-TEE driver") Tested-by: Sourabh Das <sourabh.das@amd.com> Signed-off-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> 2023-04-26T15:32:52+00:00 Linus Torvalds torvalds@linux-foundation.org 2023-04-26T15:32:52+00:00 urn:sha1:733f7e9c18c5e377025c1bfdce6bc9a7d55649be Pull crypto updates from Herbert Xu: "API: - Total usage stats now include all that returned errors (instead of just some) - Remove maximum hash statesize limit - Add cloning support for hmac and unkeyed hashes - Demote BUG_ON in crypto_unregister_alg to a WARN_ON Algorithms: - Use RIP-relative addressing on x86 to prepare for PIE build - Add accelerated AES/GCM stitched implementation on powerpc P10 - Add some test vectors for cmac(camellia) - Remove failure case where jent is unavailable outside of FIPS mode in drbg - Add permanent and intermittent health error checks in jitter RNG Drivers: - Add support for 402xx devices in qat - Add support for HiSTB TRNG - Fix hash concurrency issues in stm32 - Add OP-TEE firmware support in caam" * tag 'v6.4-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (139 commits) i2c: designware: Add doorbell support for Mendocino i2c: designware: Use PCI PSP driver for communication powerpc: Move Power10 feature PPC_MODULE_FEATURE_P10 crypto: p10-aes-gcm - Remove POWER10_CPU dependency crypto: testmgr - Add some test vectors for cmac(camellia) crypto: cryptd - Add support for cloning hashes crypto: cryptd - Convert hash to use modern init_tfm/exit_tfm crypto: hmac - Add support for cloning crypto: hash - Add crypto_clone_ahash/shash crypto: api - Add crypto_clone_tfm crypto: api - Add crypto_tfm_get crypto: x86/sha - Use local .L symbols for code crypto: x86/crc32 - Use local .L symbols for code crypto: x86/aesni - Use local .L symbols for code crypto: x86/sha256 - Use RIP-relative addressing crypto: x86/ghash - Use RIP-relative addressing crypto: x86/des3 - Use RIP-relative addressing crypto: x86/crc32c - Use RIP-relative addressing crypto: x86/cast6 - Use RIP-relative addressing crypto: x86/cast5 - Use RIP-relative addressing ... 2023-03-17T03:16:43+00:00 Mario Limonciello mario.limonciello@amd.com 2023-03-10T21:19:45+00:00 urn:sha1:ae7d45fb7ca75e94b478e2404709ba3024774334 The TEE subdriver for CCP, the amdtee driver and the i2c-designware-amdpsp drivers all include `psp-sev.h` even though they don't use SEV functionality. Move the definition of `__psp_pa` into a common header to be included by all of these drivers. Reviewed-by: Jan Dabros <jsd@semihalf.com> Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> # For the drivers/i2c/busses/i2c-designware-amdpsp.c Acked-by: Sumit Garg <sumit.garg@linaro.org> # For TEE subsystem bits Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Sean Christopherson <seanjc@google.com> # KVM Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>