* [PATCH v2 1/6] crypto: use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:10 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
crypto/api.c | 2 +-
crypto/crypto_user.c | 9 ++++-----
crypto/hctr2.c | 3 +--
crypto/lrw.c | 2 +-
crypto/lskcipher.c | 3 +--
crypto/xts.c | 3 ++-
6 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 74e17d5049c9..040b7a965c2f 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -116,7 +116,7 @@ struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
larval->alg.cra_priority = -1;
larval->alg.cra_destroy = crypto_larval_destroy;
- strscpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME);
+ strscpy(larval->alg.cra_name, name);
init_completion(&larval->completion);
return larval;
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index e8b6ae75f31f..d3ccb507153b 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -11,6 +11,7 @@
#include <linux/cryptouser.h>
#include <linux/sched.h>
#include <linux/security.h>
+#include <linux/string.h>
#include <net/netlink.h>
#include <net/net_namespace.h>
#include <net/sock.h>
@@ -87,11 +88,9 @@ static int crypto_report_one(struct crypto_alg *alg,
{
memset(ualg, 0, sizeof(*ualg));
- strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
- strscpy(ualg->cru_driver_name, alg->cra_driver_name,
- sizeof(ualg->cru_driver_name));
- strscpy(ualg->cru_module_name, module_name(alg->cra_module),
- sizeof(ualg->cru_module_name));
+ strscpy(ualg->cru_name, alg->cra_name);
+ strscpy(ualg->cru_driver_name, alg->cra_driver_name);
+ strscpy(ualg->cru_module_name, module_name(alg->cra_module));
ualg->cru_type = 0;
ualg->cru_mask = 0;
diff --git a/crypto/hctr2.c b/crypto/hctr2.c
index ad5edf9366ac..cfc2343bcc1c 100644
--- a/crypto/hctr2.c
+++ b/crypto/hctr2.c
@@ -354,8 +354,7 @@ static int hctr2_create_common(struct crypto_template *tmpl, struct rtattr **tb,
err = -EINVAL;
if (strncmp(xctr_alg->base.cra_name, "xctr(", 5))
goto err_free_inst;
- len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5,
- sizeof(blockcipher_name));
+ len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5);
if (len < 1)
goto err_free_inst;
if (blockcipher_name[len - 1] != ')')
diff --git a/crypto/lrw.c b/crypto/lrw.c
index aa31ab03a597..e306e85d7ced 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -359,7 +359,7 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb)
if (!memcmp(cipher_name, "ecb(", 4)) {
int len;
- len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name));
+ len = strscpy(ecb_name, cipher_name + 4);
if (len < 2)
goto err_free_inst;
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index e4328df6e26c..d7ec215e2b3a 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -528,8 +528,7 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
int len;
err = -EINVAL;
- len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4],
- sizeof(ecb_name));
+ len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4]);
if (len < 2)
goto err_free_inst;
diff --git a/crypto/xts.c b/crypto/xts.c
index ad97c8091582..1dc948745444 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -16,6 +16,7 @@
#include <linux/module.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <crypto/xts.h>
#include <crypto/b128ops.h>
@@ -400,7 +401,7 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
if (!memcmp(cipher_name, "ecb(", 4)) {
int len;
- len = strscpy(name, cipher_name + 4, sizeof(name));
+ len = strscpy(name, cipher_name + 4);
if (len < 2)
goto err_free_inst;
^ permalink raw reply related
* [PATCH v2 0/6] crypto: use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:10 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Changes in v2:
- Rebase and split up
- v1: https://lore.kernel.org/r/20260525103038.825690-4-thorsten.blum@linux.dev/
Thorsten Blum (6):
crypto: use 2-arg strscpy where destination size is known
crypto: cavium - use 2-arg strscpy where destination size is known
crypto: ccp - use 2-arg strscpy where destination size is known
crypto: hisilicon - use 2-arg strscpy where destination size is known
crypto: qat - use 2-arg strscpy where destination size is known
crypto: octeontx - use 2-arg strscpy where destination size is known
crypto/api.c | 2 +-
crypto/crypto_user.c | 9 ++++-----
crypto/hctr2.c | 3 +--
crypto/lrw.c | 2 +-
crypto/lskcipher.c | 3 +--
crypto/xts.c | 3 ++-
drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
drivers/crypto/hisilicon/qm.c | 5 +----
drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
.../crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 4 ++--
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
16 files changed, 29 insertions(+), 29 deletions(-)
base-commit: 5624ea54f3ba5c83d2e5503411a31a8be0278c1e
^ permalink raw reply
* [PATCH] hwrng: omap - balance runtime PM and clocks on probe-defer paths
From: William Theesfeld @ 2026-06-05 19:28 UTC (permalink / raw)
To: Deepak Saxena; +Cc: Olivia Mackall, Herbert Xu, linux-crypto, linux-kernel
omap_rng_probe() calls pm_runtime_enable() and pm_runtime_resume_and_get()
to bring the device up. If either devm_clk_get() call subsequently
returns -EPROBE_DEFER, the function returns -EPROBE_DEFER directly,
leaking the runtime PM usage counter taken by resume_and_get() and
leaving pm_runtime enabled.
Convert both early returns to set ret and jump to err_register, which
already performs the matching pm_runtime_put_sync() + pm_runtime_disable()
unwind. Because devm_clk_get() returns ERR_PTR on failure (not NULL)
and err_register calls clk_disable_unprepare() unconditionally, also
NULL out the failed clk pointers before the goto so that
clk_disable_unprepare() (which only handles NULL safely, not ERR_PTR)
does not deref an error pointer.
While here, NULL out priv->clk and priv->clk_reg in the existing
"optional clock not present" else branches. In that pre-existing case
the pointer was left as ERR_PTR, and the unconditional
clk_disable_unprepare() in omap_rng_remove() would have dereferenced
it on driver unbind. No functional change for systems where both
clocks are present.
Found by smatch ("missing unwind goto?").
Signed-off-by: William Theesfeld <william@theesfeld.net>
---
drivers/char/hw_random/omap-rng.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
index 5e8b50f15..1902865a9 100644
--- a/drivers/char/hw_random/omap-rng.c
+++ b/drivers/char/hw_random/omap-rng.c
@@ -459,8 +459,11 @@ static int omap_rng_probe(struct platform_device *pdev)
}
priv->clk = devm_clk_get(&pdev->dev, NULL);
- if (PTR_ERR(priv->clk) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (PTR_ERR(priv->clk) == -EPROBE_DEFER) {
+ priv->clk = NULL;
+ ret = -EPROBE_DEFER;
+ goto err_register;
+ }
if (!IS_ERR(priv->clk)) {
ret = clk_prepare_enable(priv->clk);
if (ret) {
@@ -468,11 +471,21 @@ static int omap_rng_probe(struct platform_device *pdev)
"Unable to enable the clk: %d\n", ret);
goto err_register;
}
+ } else {
+ /*
+ * No optional clock present; make priv->clk safe for the
+ * unconditional clk_disable_unprepare() in err_register and
+ * in omap_rng_remove().
+ */
+ priv->clk = NULL;
}
priv->clk_reg = devm_clk_get(&pdev->dev, "reg");
- if (PTR_ERR(priv->clk_reg) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (PTR_ERR(priv->clk_reg) == -EPROBE_DEFER) {
+ priv->clk_reg = NULL;
+ ret = -EPROBE_DEFER;
+ goto err_register;
+ }
if (!IS_ERR(priv->clk_reg)) {
ret = clk_prepare_enable(priv->clk_reg);
if (ret) {
@@ -481,6 +494,9 @@ static int omap_rng_probe(struct platform_device *pdev)
ret);
goto err_register;
}
+ } else {
+ /* Same rationale as for priv->clk above. */
+ priv->clk_reg = NULL;
}
ret = (dev->of_node) ? of_get_omap_rng_device_details(priv, pdev) :
--
2.54.0
^ permalink raw reply related
* Re: [PATCH] rhashtable: Use irq work for shrinking
From: patchwork-bot+netdevbpf @ 2026-06-05 15:10 UTC (permalink / raw)
To: Herbert Xu
Cc: mykyta.yatsenko5, bot+bpf-ci, bpf, ast, andrii, daniel, kafai,
kernel-team, eddyz87, memxor, yatsenko, martin.lau, yonghong.song,
clm, ihor.solodrai, tj, linux-crypto
In-Reply-To: <aiDgUPXZUi-jnTdo@gondor.apana.org.au>
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Thu, 4 Jun 2026 10:17:52 +0800 you wrote:
> On Wed, Jun 03, 2026 at 02:08:25PM +0100, Mykyta Yatsenko wrote:
> >
> > For v7 I'm dropping automatic_shrinking, because it adds a risk of
> > calling schedule_work() on element deletion path (__rhashtable_remove_fast_one())
> > when hashtable size drops below 30% of the capacity.
>
> Now that expansion uses irq work I think shrinking should switch
> to that as well.
>
> [...]
Here is the summary with links:
- rhashtable: Use irq work for shrinking
https://git.kernel.org/bpf/bpf-next/c/46730ee6e884
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH v2 1/5] crypto: hisilicon/zip - add backlog support for zip
From: Herbert Xu @ 2026-06-05 11:48 UTC (permalink / raw)
To: ZongYu Wu
Cc: davem, linux-kernel, linux-crypto, fanghao11, liulongfang,
qianweili, wangzhou1, huangchenghai2, linwenkai6
In-Reply-To: <20260528115531.174593-2-wuzongyu1@huawei.com>
On Thu, May 28, 2026 at 07:55:27PM +0800, ZongYu Wu wrote:
> From: Chenghai Huang <huangchenghai2@huawei.com>
>
> When the hardware queue is busy, requests are now queued instead of
> being failed immediately. Queued requests are retried when earlier
> requests complete, which prevents transient failures under heavy load.
>
> The backlog path also provides a fallback mechanism while the hardware
> is temporarily unavailable, such as during device reset.
>
> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
> Signed-off-by: Zongyu Wu <wuzongyu1@huawei.com>
> ---
> drivers/crypto/hisilicon/zip/zip_crypto.c | 286 ++++++++++++++--------
> 1 file changed, 183 insertions(+), 103 deletions(-)
We already have a generic queueing mechanism in the form of
crypto_engine.
Please add support for acomp to it instead of rolling your own
queueing mechanism.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: qat - simplify adf_service_mask_to_string helper
From: Herbert Xu @ 2026-06-05 11:42 UTC (permalink / raw)
To: Thorsten Blum
Cc: Giovanni Cabiddu, David S. Miller, Suman Kumar Chakraborty,
Karthikeyan Gopal, qat-linux, linux-crypto, linux-kernel
In-Reply-To: <20260527174655.1390543-3-thorsten.blum@linux.dev>
On Wed, May 27, 2026 at 07:46:55PM +0200, Thorsten Blum wrote:
> Use a single scnprintf() for each set bit and drop the offset in the
> else branch to simplify adf_service_mask_to_string().
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: powerpc/aes - use min in ppc_{ecb,cbc,ctr,xts}_crypt
From: Herbert Xu @ 2026-06-05 11:42 UTC (permalink / raw)
To: Thorsten Blum
Cc: David S. Miller, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Christophe Leroy (CS GROUP), linux-crypto,
linuxppc-dev, linux-kernel
In-Reply-To: <20260527141146.1230672-3-thorsten.blum@linux.dev>
On Wed, May 27, 2026 at 04:11:47PM +0200, Thorsten Blum wrote:
> Replace min_t() with the simpler min() macro since the values are
> unsigned and compatible.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> arch/powerpc/crypto/aes-spe-glue.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH crypto 1/1] crypto: chacha20poly1305: validate poly1305 template argument
From: Herbert Xu @ 2026-06-05 11:41 UTC (permalink / raw)
To: Ren Wei
Cc: linux-crypto, davem, yuantan098, zcliangcn, bird, tr0jan,
ngochuongbui67
In-Reply-To: <e7a116d3474cd00e421393e0512ad11b151ca2f1.1779777598.git.ngochuongbui67@gmail.com>
On Tue, May 26, 2026 at 06:11:43PM +0800, Ren Wei wrote:
> From: Xiaonan Zhao <ngochuongbui67@gmail.com>
>
> chachapoly_create() still accepts the compatibility poly1305 parameter
> in the template name, but it assumes the second template argument is
> always present and immediately passes it to strcmp().
>
> When the argument is missing, crypto_attr_alg_name() returns an error
> pointer. Check for that before comparing the name so malformed template
> instantiations fail with an error instead of dereferencing the error
> pointer in strcmp().
>
> This matches the surrounding Crypto API template pattern where
> crypto_attr_alg_name() results are validated before string-specific use.
>
> Fixes: a298765e28ad ("crypto: chacha20poly1305 - Use lib/crypto poly1305")
> Cc: stable@kernel.org
> Reported-by: Yuan Tan <yuantan098@gmail.com>
> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>
> Reported-by: Xin Liu <bird@lzu.edu.cn>
> Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
> Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
> Signed-off-by: Xiaonan Zhao <ngochuongbui67@gmail.com>
> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
> ---
> crypto/chacha20poly1305.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: qat - add KPT support for GEN6 devices
From: Herbert Xu @ 2026-06-05 11:41 UTC (permalink / raw)
To: nitesh.venkatesh
Cc: linux-crypto, qat-linux, Junyuan Wang, Giovanni Cabiddu,
Ahsan Atta
In-Reply-To: <20260526092839.432243-1-nitesh.venkatesh@intel.com>
On Tue, May 26, 2026 at 09:28:39AM +0000, nitesh.venkatesh@intel.com wrote:
> From: Junyuan Wang <junyuan.wang@intel.com>
>
> Add support for Intel Key Protection Technology (KPT) on QAT GEN6
> devices.
>
> KPT protects private keys from exposure by keeping them wrapped
> (encrypted) while in use, in-flight, and at rest. Keys remain in wrapped
> form and are not exposed in plaintext in host memory. This feature
> operates outside of the Linux crypto framework and kernel keyring.
>
> Extend the firmware admin interface to enable and configure KPT. During
> device initialisation, if KPT is enabled, the driver sends an admin
> message to firmware to enable KPT mode and configure parameters such as
> the maximum number of SWK (Symmetric Wrapping Key) slots and the SWK
> time-to-live (TTL).
>
> Expose KPT configuration via a new sysfs attribute group, "qat_kpt", and
> add ABI documentation.
>
> Co-developed-by: Nitesh Venkatesh <nitesh.venkatesh@intel.com>
> Signed-off-by: Nitesh Venkatesh <nitesh.venkatesh@intel.com>
> Signed-off-by: Junyuan Wang <junyuan.wang@intel.com>
> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> Reviewed-by: Ahsan Atta <ahsan.atta@intel.com>
> ---
> .../ABI/testing/sysfs-driver-qat_kpt | 97 ++++++
> .../intel/qat/qat_6xxx/adf_6xxx_hw_data.c | 21 +-
> .../intel/qat/qat_6xxx/adf_6xxx_hw_data.h | 9 +
> drivers/crypto/intel/qat/qat_6xxx/adf_drv.c | 6 +
> drivers/crypto/intel/qat/qat_common/Makefile | 2 +
> .../intel/qat/qat_common/adf_accel_devices.h | 2 +
> .../crypto/intel/qat/qat_common/adf_admin.c | 39 +++
> .../crypto/intel/qat/qat_common/adf_admin.h | 2 +
> .../crypto/intel/qat/qat_common/adf_init.c | 8 +
> drivers/crypto/intel/qat/qat_common/adf_kpt.c | 56 ++++
> drivers/crypto/intel/qat/qat_common/adf_kpt.h | 29 ++
> .../intel/qat/qat_common/adf_sysfs_kpt.c | 296 ++++++++++++++++++
> .../intel/qat/qat_common/adf_sysfs_kpt.h | 10 +
> .../qat/qat_common/icp_qat_fw_init_admin.h | 8 +
> .../crypto/intel/qat/qat_common/icp_qat_hw.h | 3 +-
> 15 files changed, 586 insertions(+), 2 deletions(-)
> create mode 100644 Documentation/ABI/testing/sysfs-driver-qat_kpt
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_kpt.c
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_kpt.h
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_sysfs_kpt.c
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_sysfs_kpt.h
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v3] crypto: nx: fix nx_crypto_ctx_exit argument
From: Herbert Xu @ 2026-06-05 11:40 UTC (permalink / raw)
To: Sam James
Cc: Breno Leitão, Nayna Jain, Paulo Flabiano Smorigo,
Madhavan Srinivasan, Michael Ellerman, Nicholas Piggin,
Christophe Leroy (CS GROUP), David S. Miller, Ard Biesheuvel,
Eric Biggers, Eric Biggers, stable, Calvin Buckley, Brad Spengler,
linux-crypto, linuxppc-dev, linux-kernel
In-Reply-To: <844faa8a75585e4088c95c052dd0ecd189bc3a64.1779695779.git.sam@gentoo.org>
On Mon, May 25, 2026 at 08:56:19AM +0100, Sam James wrote:
> nx_crypto_ctx_shash_exit calls nx_crypto_ctx_exit with crypto_shash_ctx(...)
> but crypto_shash_ctx gives a nx_crypto_ctx *, not a crypto_tfm *.
>
> Fix the type in nx_crypto_ctx_exit and drop the bogus crypto_tfm_ctx
> call.
>
> This fixes the following oops:
>
> BUG: Unable to handle kernel data access at 0xc0403effffffffc8
> Faulting instruction address: 0xc000000000396cb4
> Oops: Kernel access of bad area, sig: 11 [#15]
> Call Trace:
> nx_crypto_ctx_shash_exit+0x24/0x60
> crypto_shash_exit_tfm+0x28/0x40
> crypto_destroy_tfm+0x98/0x140
> crypto_exit_ahash_using_shash+0x20/0x40
> crypto_destroy_tfm+0x98/0x140
> hash_release+0x1c/0x30
> alg_sock_destruct+0x38/0x60
> __sk_destruct+0x48/0x2b0
> af_alg_release+0x58/0xb0
> __sock_release+0x68/0x150
> sock_close+0x20/0x40
> __fput+0x110/0x3a0
> sys_close+0x48/0xa0
> system_call_exception+0x140/0x2d0
> system_call_common+0xf4/0x258
>
> .. which came from hardlink(1) opportunistically using AF_ALG.
>
> The same problem exists with nx_crypto_ctx_skcipher_exit getting a context
> it wasn't expecting, but apparently nobody hit that for years.
>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: stable@vger.kernel.org
> Fixes: bfd9efddf990 ("crypto: nx - convert AES-ECB to skcipher API")
> Fixes: 9420e628e7d8 ("crypto: nx - Use API partial block handling")
> Acked-by: Breno Leitao <leitao@debian.org>
> Reviewed-by: Eric Biggers <ebiggers@kernel.org>
> Reported-by: Calvin Buckley <calvin@cmpct.info>
> Tested-by: Calvin Buckley <calvin@cmpct.info>
> Suggested-by: Brad Spengler <brad.spengler@opensrcsec.com>
> Signed-off-by: Sam James <sam@gentoo.org>
> ---
> v3: Fix doc tag.
> v2: Add stable cc, fix doc for tfm param.
>
> v1: https://lore.kernel.org/all/a3e89c1e8342ffa415b0d29725a0571a4f355d34.1779472902.git.sam@gentoo.org/
> v2: https://lore.kernel.org/all/b8b1b6fe740187c70349cd04a820d57324e0f70c.1779509289.git.sam@gentoo.org/
>
> drivers/crypto/nx/nx.c | 6 ++----
> drivers/crypto/nx/nx.h | 2 +-
> 2 files changed, 3 insertions(+), 5 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH crypto 1/1] crypto: pcrypt: restore callback for non-parallel fallback
From: Herbert Xu @ 2026-06-05 11:40 UTC (permalink / raw)
To: Ren Wei
Cc: linux-crypto, steffen.klassert, davem, yiyang13, yuantan098,
yifanwucs, tomapufckgml, zcliangcn, bird, ruijieli51
In-Reply-To: <9baedde966f3bcc64b5cde86c2b9c95943572406.1779697691.git.ruijieli51@gmail.com>
On Mon, May 25, 2026 at 07:45:21PM +0800, Ren Wei wrote:
> From: Ruijie Li <ruijieli51@gmail.com>
>
> pcrypt installs pcrypt_aead_done() on the child AEAD request before
> trying to submit it through padata. If padata_do_parallel() returns
> -EBUSY, pcrypt falls back to calling the child AEAD directly.
>
> That fallback must not keep the padata completion callback. Otherwise
> an asynchronous completion runs pcrypt_aead_done() even though the
> request was never enrolled in padata.
>
> Restore the original request callback and callback data before calling
> the child AEAD directly. This keeps the fallback path aligned with a
> direct AEAD request while leaving the parallel path unchanged.
>
> Fixes: 662f2f13e66d ("crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY")
> Cc: stable@kernel.org
> Reported-by: Yuan Tan <yuantan098@gmail.com>
> Reported-by: Yifan Wu <yifanwucs@gmail.com>
> Reported-by: Juefei Pu <tomapufckgml@gmail.com>
> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>
> Reported-by: Xin Liu <bird@lzu.edu.cn>
> Assisted-by: Codex:gpt-5.4
> Signed-off-by: Ruijie Li <ruijieli51@gmail.com>
> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
> ---
> crypto/pcrypt.c | 4 ++++
> 1 file changed, 4 insertions(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 0/2] dt-bindings: crypto: Add Qualcomm Hawi crypto support
From: Herbert Xu @ 2026-06-05 11:39 UTC (permalink / raw)
To: Manivannan Sadhasivam
Cc: David S. Miller, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Vinod Koul, Bjorn Andersson, linux-arm-msm, linux-crypto,
devicetree, linux-kernel, Manivannan Sadhasivam
In-Reply-To: <20260521-hawi-crypto-v1-0-9176a3b51bc0@kernel.org>
On Thu, May 21, 2026 at 12:36:19PM +0000, Manivannan Sadhasivam wrote:
> Hi,
>
> This series adds the crypto (ICE, TRNG) dt-binding support for Qualcomm's
> upcoming Hawi SoC.
>
> Signed-off-by: Manivannan Sadhasivam <mani@kernel.org>
> ---
> Manivannan Sadhasivam (2):
> dt-bindings: crypto: qcom,prng: Document Hawi TRNG
> dt-bindings: crypto: qcom,inline-crypto-engine: Document Hawi ICE
>
> Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml | 1 +
> Documentation/devicetree/bindings/crypto/qcom,prng.yaml | 1 +
> 2 files changed, 2 insertions(+)
> ---
> base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
> change-id: 20260521-hawi-crypto-138bfd2a6ec5
All applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: use two-argument strscpy where destination size is known
From: Herbert Xu @ 2026-06-05 11:35 UTC (permalink / raw)
To: Thorsten Blum
Cc: David S. Miller, Tom Lendacky, John Allen, Weili Qian, Zhou Wang,
Giovanni Cabiddu, Srujana Challa, Bharat Bhushan, linux-crypto,
linux-kernel, qat-linux
In-Reply-To: <20260525103038.825690-4-thorsten.blum@linux.dev>
On Mon, May 25, 2026 at 12:30:41PM +0200, Thorsten Blum wrote:
> To simplify the code, drop explicit and hard-coded size arguments from
> strscpy() where the destination buffer has a fixed size and strscpy()
> can automatically determine it using sizeof().
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> crypto/api.c | 2 +-
> crypto/crypto_user.c | 9 ++++-----
> crypto/hctr2.c | 3 +--
> crypto/lrw.c | 2 +-
> crypto/lskcipher.c | 3 +--
> crypto/xts.c | 3 ++-
> drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
> drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
> drivers/crypto/hisilicon/qm.c | 5 +----
> drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
> drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
> drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
> .../crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 6 +++---
> drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
> 17 files changed, 32 insertions(+), 31 deletions(-)
This patch doesn't apply. Please split it up.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* [PATCH v2] hw_random/core: fix rng list on registration error
From: Manos Pitsidianakis @ 2026-06-05 11:23 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto, linux-kernel, Manos Pitsidianakis
hwrng_register(rng) does the following:
1. Checks if rng has name and read methods set
2. Checks if the name already exists
3. Adds rng to global rng_list
4. May try to set rng to current_rng
If step 4 fails, it returns an error. However, it does not remove the
rng from rng_list, causing a dangling reference which can result in
use-after-free if the caller frees rng, since registration failed.
Add a list_del_init() cleanup step.
Fixes: 2bbb6983887f ("hwrng: use rng source with best quality")
Signed-off-by: Manos Pitsidianakis <manos@pitsidianak.is>
---
Changes in v2:
- Add Fixes: trailer
- Link to v1: https://lore.kernel.org/r/20260525-hw_random_registration_rng_list-v1-1-ee1c215d544d@pitsidianak.is
---
drivers/char/hw_random/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index aba92d777f72604861b644469032c8f443f1ed50..3015b863412ee17c734eb4ce2feebe78f5049d89 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -604,11 +604,13 @@ int hwrng_register(struct hwrng *rng)
*/
err = set_current_rng(rng);
if (err)
- goto out_unlock;
+ goto out_list_del;
}
}
mutex_unlock(&rng_mutex);
return 0;
+out_list_del:
+ list_del_init(&rng->list);
out_unlock:
mutex_unlock(&rng_mutex);
out:
---
base-commit: 8bc67e4db64aa72732c474b44ea8622062c903f0
change-id: 20260525-hw_random_registration_rng_list-7651b27b76c8
Best regards,
--
Manos Pitsidianakis <manos@pitsidianak.is>
^ permalink raw reply related
* Re: [PATCH v4 1/3] crypto: ti - Add support for SHA224/256/384/512 in DTHEv2 driver
From: Herbert Xu @ 2026-06-05 10:59 UTC (permalink / raw)
To: T Pratham
Cc: David S. Miller, Manorit Chawdhry, Kamlesh Gurudasani,
Shiva Tripathi, Kavitha Malarvizhi, Vishal Mahaveer,
Praneeth Bajjuri, linux-kernel, linux-crypto
In-Reply-To: <e0aec964-3303-4ca2-8d96-6a5d8f5ec9e5@ti.com>
On Fri, Jun 05, 2026 at 04:11:49PM +0530, T Pratham wrote:
>
> .cra_flags sets CRYPTO_AHASH_ALG_BLOCK_ONLY and
> CRYPTO_AHASH_ALG_FINAL_NONZERO flags. An update of 64 bytes will do an
> update of block size and carry over at least one byte to final. We
> always go into this if block when there is non-zero data coming into update.
For AHASH_BLOCK_ONLY algorithms, the export format must be identical
between different implementations.
Therefore FINAL_NONZERO cannot be used for only one implementation
since the user can import the partial state from a different
implementation which does not have FINAL_NONZERO set.
For sha you cannot use FINAL_NONZERO since the generic implementation
doesn't use it.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v4 1/3] crypto: ti - Add support for SHA224/256/384/512 in DTHEv2 driver
From: T Pratham @ 2026-06-05 10:41 UTC (permalink / raw)
To: Herbert Xu
Cc: David S. Miller, Manorit Chawdhry, Kamlesh Gurudasani,
Shiva Tripathi, Kavitha Malarvizhi, Vishal Mahaveer,
Praneeth Bajjuri, linux-kernel, linux-crypto
In-Reply-To: <aiKgs8ipDLPlz6c4@gondor.apana.org.au>
On 6/5/26 15:40, Herbert Xu wrote:
> On Tue, May 26, 2026 at 03:13:51PM +0530, T Pratham wrote:
>>
>> +static int dthe_hash_final(struct ahash_request *req)
>> +{
>> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
>> + struct dthe_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
>> + struct dthe_hash_req_ctx *rctx = ahash_request_ctx(req);
>> + struct dthe_data *dev_data = dthe_get_dev(ctx);
>> + struct crypto_engine *engine = dev_data->hash_engine;
>> +
>> + /**
>> + * We are always buffering data in update, except when nbytes = 0.
>> + * So, either we get the buffered data here (nbytes > 0) or
>> + * it is the case that we got zero message to begin with
>> + */
>> + if (req->nbytes > 0) {
>> + rctx->flags = DTHE_HASH_OP_FINUP;
>> +
>> + return crypto_transfer_hash_request_to_engine(engine, req);
>> + }
>> +
>> + dthe_hash_write_zero_message(ctx->hash_mode, req->result);
>
> This doesn't look right. If I do an update of 64 bytes, and then
> call final with req->nbytes == 0, this will give me a zero-length
> hash.
>
> Cheers,
.cra_flags sets CRYPTO_AHASH_ALG_BLOCK_ONLY and
CRYPTO_AHASH_ALG_FINAL_NONZERO flags. An update of 64 bytes will do an
update of block size and carry over at least one byte to final. We
always go into this if block when there is non-zero data coming into update.
--
Regards
T Pratham <t-pratham@ti.com>
^ permalink raw reply
* Re: [PATCH] crypto: chelsio: fix inflight counter leak in chcr_aes_encrypt()
From: Herbert Xu @ 2026-06-05 10:33 UTC (permalink / raw)
To: Wentao Liang
Cc: Ayush Sawal, David S . Miller, linux-crypto, linux-kernel, stable
In-Reply-To: <20260526155736.2297383-1-vulab@iscas.ac.cn>
On Tue, May 26, 2026 at 03:57:36PM +0000, Wentao Liang wrote:
> chcr_aes_encrypt() increments dev->inflight via atomic_inc() before
> submitting the cipher operation. If chcr_start_cipher() subsequently
> fails, the function returns an error without decrementing dev->inflight,
> causing the counter to drift and potentially stalling future operations
> that rely on the counter reaching zero.
>
> Add atomic_dec(&dev->inflight) on the chcr_start_cipher() failure path
> to restore the counter.
>
> Fixes: b8fd1f4170e7 ("crypto: chcr - Add ctr mode and process large sg entries for cipher")
I think it should be
fef4912b66d6 ("crypto: chelsio - Handle PCI shutdown event")
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: chelsio: fix inflight counter leak in chcr_aead_op()
From: Herbert Xu @ 2026-06-05 10:32 UTC (permalink / raw)
To: Wentao Liang
Cc: Ayush Sawal, David S . Miller, linux-crypto, linux-kernel, stable
In-Reply-To: <20260526160655.2298525-1-vulab@iscas.ac.cn>
On Tue, May 26, 2026 at 04:06:55PM +0000, Wentao Liang wrote:
> chcr_aead_op() increments cdev->inflight via atomic_inc() before
> submitting the AEAD operation. If the operation fails after the
> increment (e.g., chcr_start_aead() returns an error), the function
> returns without decrementing cdev->inflight. This leaks a reference
> on the inflight counter, preventing proper teardown sequencing.
>
> Add atomic_dec(&cdev->inflight) on the error path to balance the
> counter.
>
> Fixes: d91a3159e8d9 ("Crypto/chcr: fix gcm-aes and rfc4106-gcm failed tests")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
> drivers/crypto/chelsio/chcr_algo.c | 1 +
> 1 file changed, 1 insertion(+)
Please merge these patches into one. There is no need to send
one patch per function.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: chelsio: fix inflight counter leak in chcr_aes_encrypt()
From: Herbert Xu @ 2026-06-05 10:32 UTC (permalink / raw)
To: Wentao Liang
Cc: Ayush Sawal, David S . Miller, linux-crypto, linux-kernel, stable
In-Reply-To: <20260526155736.2297383-1-vulab@iscas.ac.cn>
On Tue, May 26, 2026 at 03:57:36PM +0000, Wentao Liang wrote:
> chcr_aes_encrypt() increments dev->inflight via atomic_inc() before
> submitting the cipher operation. If chcr_start_cipher() subsequently
> fails, the function returns an error without decrementing dev->inflight,
> causing the counter to drift and potentially stalling future operations
> that rely on the counter reaching zero.
>
> Add atomic_dec(&dev->inflight) on the chcr_start_cipher() failure path
> to restore the counter.
>
> Fixes: b8fd1f4170e7 ("crypto: chcr - Add ctr mode and process large sg entries for cipher")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
> drivers/crypto/chelsio/chcr_algo.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c
> index 6dec42282768..eece1ac1085a 100644
> --- a/drivers/crypto/chelsio/chcr_algo.c
> +++ b/drivers/crypto/chelsio/chcr_algo.c
> @@ -1359,7 +1359,7 @@ static int chcr_aes_encrypt(struct skcipher_request *req)
> err = process_cipher(req, u_ctx->lldi.rxq_ids[reqctx->rxqidx],
> &skb, CHCR_ENCRYPT_OP);
> if (err || !skb)
> - return err;
> + goto error;
> skb->dev = u_ctx->lldi.ports[0];
> set_wr_txq(skb, CPL_PRIORITY_DATA, reqctx->txqidx);
> chcr_send_wr(skb);
Doesn't the same problem exist in chcr_aes_decrypt?
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v4 1/3] crypto: ti - Add support for SHA224/256/384/512 in DTHEv2 driver
From: Herbert Xu @ 2026-06-05 10:10 UTC (permalink / raw)
To: T Pratham
Cc: David S. Miller, Manorit Chawdhry, Kamlesh Gurudasani,
Shiva Tripathi, Kavitha Malarvizhi, Vishal Mahaveer,
Praneeth Bajjuri, linux-kernel, linux-crypto
In-Reply-To: <20260526094355.555712-2-t-pratham@ti.com>
On Tue, May 26, 2026 at 03:13:51PM +0530, T Pratham wrote:
>
> +static int dthe_hash_final(struct ahash_request *req)
> +{
> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
> + struct dthe_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
> + struct dthe_hash_req_ctx *rctx = ahash_request_ctx(req);
> + struct dthe_data *dev_data = dthe_get_dev(ctx);
> + struct crypto_engine *engine = dev_data->hash_engine;
> +
> + /**
> + * We are always buffering data in update, except when nbytes = 0.
> + * So, either we get the buffered data here (nbytes > 0) or
> + * it is the case that we got zero message to begin with
> + */
> + if (req->nbytes > 0) {
> + rctx->flags = DTHE_HASH_OP_FINUP;
> +
> + return crypto_transfer_hash_request_to_engine(engine, req);
> + }
> +
> + dthe_hash_write_zero_message(ctx->hash_mode, req->result);
This doesn't look right. If I do an update of 64 bytes, and then
call final with req->nbytes == 0, this will give me a zero-length
hash.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] hw_random/core: fix rng list on registration error
From: Herbert Xu @ 2026-06-05 10:04 UTC (permalink / raw)
To: Manos Pitsidianakis
Cc: Olivia Mackall, linux-crypto, linux-kernel, Harald Freudenberger,
PrasannaKumar Muralidharan
In-Reply-To: <tg5j9x.z6yluqyl72so@pitsidianak.is>
On Fri, Jun 05, 2026 at 12:18:29PM +0300, Manos Pitsidianakis wrote:
>
> If yes, you could add it along with your r-b directly, otherwise I can send
> a new revision when it gets a review.
It will go through my tree but please resend.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] hw_random/core: fix rng list on registration error
From: Manos Pitsidianakis @ 2026-06-05 9:18 UTC (permalink / raw)
To: Herbert Xu
Cc: Olivia Mackall, linux-crypto, linux-kernel, Harald Freudenberger,
PrasannaKumar Muralidharan
In-Reply-To: <aiKKIdPQzFdH0m9t@gondor.apana.org.au>
Hi Herbert,
On Fri, 05 Jun 2026 11:34, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>On Mon, May 25, 2026 at 10:25:39AM +0300, Manos Pitsidianakis wrote:
>> hwrng_register(rng) does the following:
>>
>> 1. Checks if rng has name and read methods set
>> 2. Checks if the name already exists
>> 3. Adds rng to global rng_list
>> 4. May try to set rng to current_rng
>>
>> If step 4 fails, it returns an error. However, it does not remove the
>> rng from rng_list, causing a dangling reference which can result in
>> use-after-free if the caller frees rng, since registration failed.
>>
>> Add a list_del_init() cleanup step.
>>
>> Signed-off-by: Manos Pitsidianakis <manos@pitsidianak.is>
>> ---
>> drivers/char/hw_random/core.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>
>Good catch!
>
>Please add a Fixes header for this:
>
>Fixes: 2bbb6983887f ("hwrng: use rng source with best quality")
Would this patch go through your maintainer tree?
If yes, you could add it along with your r-b directly, otherwise I can
send a new revision when it gets a review.
Thanks,
Manos
^ permalink raw reply
* Re: [PATCH] hw_random/core: fix rng list on registration error
From: Herbert Xu @ 2026-06-05 8:34 UTC (permalink / raw)
To: Manos Pitsidianakis
Cc: Olivia Mackall, linux-crypto, linux-kernel, Harald Freudenberger,
PrasannaKumar Muralidharan
In-Reply-To: <20260525-hw_random_registration_rng_list-v1-1-ee1c215d544d@pitsidianak.is>
On Mon, May 25, 2026 at 10:25:39AM +0300, Manos Pitsidianakis wrote:
> hwrng_register(rng) does the following:
>
> 1. Checks if rng has name and read methods set
> 2. Checks if the name already exists
> 3. Adds rng to global rng_list
> 4. May try to set rng to current_rng
>
> If step 4 fails, it returns an error. However, it does not remove the
> rng from rng_list, causing a dangling reference which can result in
> use-after-free if the caller frees rng, since registration failed.
>
> Add a list_del_init() cleanup step.
>
> Signed-off-by: Manos Pitsidianakis <manos@pitsidianak.is>
> ---
> drivers/char/hw_random/core.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Good catch!
Please add a Fixes header for this:
Fixes: 2bbb6983887f ("hwrng: use rng source with best quality")
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: tegra: fix refcount leak in tegra_se_host1x_submit()
From: Akhil R @ 2026-06-05 5:34 UTC (permalink / raw)
To: vulab
Cc: akhilrajeev, davem, herbert, jonathanh, linux-crypto,
linux-kernel, linux-tegra, stable, thierry.reding
In-Reply-To: <20260604102706.3787771-1-vulab@iscas.ac.cn>
On Thu, 4 Jun 2026 10:27:06 +0000, Wentao Liang wrote:
> The timeout error path in tegra_se_host1x_submit() returns without
> calling host1x_job_put(), while all other paths (success, submit
> error, pin error) properly release the job reference through the
> job_put label. Since host1x_job_alloc() initializes the reference
> count and host1x_job_put() is required to drop it, omitting it on
> timeout causes a permanent refcount leak.
>
> Fix this by redirecting the timeout return to the existing job_put
> label, ensuring the job reference and any associated syncpt
> references are consistently released.
>
> Cc: stable@vger.kernel.org
> Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Thanks for the patch.
Reviewed-by: Akhil R <akhilrajeev@nvidia.com>
Best Regards,
Akhil
^ permalink raw reply
* Re: [PATCH] crypto: use two-argument strscpy where destination size is known
From: liulongfang @ 2026-06-05 2:40 UTC (permalink / raw)
To: Thorsten Blum, Herbert Xu, David S. Miller, Tom Lendacky,
John Allen, Weili Qian, Zhou Wang, Giovanni Cabiddu,
Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux
In-Reply-To: <20260525103038.825690-4-thorsten.blum@linux.dev>
On 2026/5/25 18:30, Thorsten Blum wrote:
> To simplify the code, drop explicit and hard-coded size arguments from
> strscpy() where the destination buffer has a fixed size and strscpy()
> can automatically determine it using sizeof().
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> crypto/api.c | 2 +-
> crypto/crypto_user.c | 9 ++++-----
> crypto/hctr2.c | 3 +--
> crypto/lrw.c | 2 +-
> crypto/lskcipher.c | 3 +--
> crypto/xts.c | 3 ++-
> drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
> drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
> drivers/crypto/hisilicon/qm.c | 5 +----
> drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
> drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
> drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
> .../crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 6 +++---
> drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
> 17 files changed, 32 insertions(+), 31 deletions(-)
>
> diff --git a/crypto/api.c b/crypto/api.c
> index 74e17d5049c9..040b7a965c2f 100644
> --- a/crypto/api.c
> +++ b/crypto/api.c
> @@ -116,7 +116,7 @@ struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
> larval->alg.cra_priority = -1;
> larval->alg.cra_destroy = crypto_larval_destroy;
>
> - strscpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME);
> + strscpy(larval->alg.cra_name, name);
> init_completion(&larval->completion);
>
> return larval;
> diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
> index e8b6ae75f31f..d3ccb507153b 100644
> --- a/crypto/crypto_user.c
> +++ b/crypto/crypto_user.c
> @@ -11,6 +11,7 @@
> #include <linux/cryptouser.h>
> #include <linux/sched.h>
> #include <linux/security.h>
> +#include <linux/string.h>
> #include <net/netlink.h>
> #include <net/net_namespace.h>
> #include <net/sock.h>
> @@ -87,11 +88,9 @@ static int crypto_report_one(struct crypto_alg *alg,
> {
> memset(ualg, 0, sizeof(*ualg));
>
> - strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
> - strscpy(ualg->cru_driver_name, alg->cra_driver_name,
> - sizeof(ualg->cru_driver_name));
> - strscpy(ualg->cru_module_name, module_name(alg->cra_module),
> - sizeof(ualg->cru_module_name));
> + strscpy(ualg->cru_name, alg->cra_name);
> + strscpy(ualg->cru_driver_name, alg->cra_driver_name);
> + strscpy(ualg->cru_module_name, module_name(alg->cra_module));
>
> ualg->cru_type = 0;
> ualg->cru_mask = 0;
> diff --git a/crypto/hctr2.c b/crypto/hctr2.c
> index ad5edf9366ac..cfc2343bcc1c 100644
> --- a/crypto/hctr2.c
> +++ b/crypto/hctr2.c
> @@ -354,8 +354,7 @@ static int hctr2_create_common(struct crypto_template *tmpl, struct rtattr **tb,
> err = -EINVAL;
> if (strncmp(xctr_alg->base.cra_name, "xctr(", 5))
> goto err_free_inst;
> - len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5,
> - sizeof(blockcipher_name));
> + len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5);
> if (len < 1)
> goto err_free_inst;
> if (blockcipher_name[len - 1] != ')')
> diff --git a/crypto/lrw.c b/crypto/lrw.c
> index aa31ab03a597..e306e85d7ced 100644
> --- a/crypto/lrw.c
> +++ b/crypto/lrw.c
> @@ -359,7 +359,7 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb)
> if (!memcmp(cipher_name, "ecb(", 4)) {
> int len;
>
> - len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name));
> + len = strscpy(ecb_name, cipher_name + 4);
> if (len < 2)
> goto err_free_inst;
>
> diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
> index e4328df6e26c..d7ec215e2b3a 100644
> --- a/crypto/lskcipher.c
> +++ b/crypto/lskcipher.c
> @@ -528,8 +528,7 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
> int len;
>
> err = -EINVAL;
> - len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4],
> - sizeof(ecb_name));
> + len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4]);
> if (len < 2)
> goto err_free_inst;
>
> diff --git a/crypto/xts.c b/crypto/xts.c
> index ad97c8091582..1dc948745444 100644
> --- a/crypto/xts.c
> +++ b/crypto/xts.c
> @@ -16,6 +16,7 @@
> #include <linux/module.h>
> #include <linux/scatterlist.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
>
> #include <crypto/xts.h>
> #include <crypto/b128ops.h>
> @@ -400,7 +401,7 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
> if (!memcmp(cipher_name, "ecb(", 4)) {
> int len;
>
> - len = strscpy(name, cipher_name + 4, sizeof(name));
> + len = strscpy(name, cipher_name + 4);
> if (len < 2)
> goto err_free_inst;
>
> diff --git a/drivers/crypto/cavium/nitrox/nitrox_hal.c b/drivers/crypto/cavium/nitrox/nitrox_hal.c
> index 1b5abdb6cc5e..e36c1741bb78 100644
> --- a/drivers/crypto/cavium/nitrox/nitrox_hal.c
> +++ b/drivers/crypto/cavium/nitrox/nitrox_hal.c
> @@ -1,5 +1,6 @@
> // SPDX-License-Identifier: GPL-2.0
> #include <linux/delay.h>
> +#include <linux/string.h>
>
> #include "nitrox_dev.h"
> #include "nitrox_csr.h"
> @@ -647,7 +648,7 @@ void nitrox_get_hwinfo(struct nitrox_device *ndev)
> ndev->hw.revision_id);
>
> /* copy partname */
> - strscpy(ndev->hw.partname, name, sizeof(ndev->hw.partname));
> + strscpy(ndev->hw.partname, name);
> }
>
> void enable_pf2vf_mbox_interrupts(struct nitrox_device *ndev)
> diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
> index 85058a89f35b..ff9bb253dbb2 100644
> --- a/drivers/crypto/ccp/ccp-crypto-sha.c
> +++ b/drivers/crypto/ccp/ccp-crypto-sha.c
> @@ -426,7 +426,7 @@ static int ccp_register_hmac_alg(struct list_head *head,
> *ccp_alg = *base_alg;
> INIT_LIST_HEAD(&ccp_alg->entry);
>
> - strscpy(ccp_alg->child_alg, def->name, CRYPTO_MAX_ALG_NAME);
> + strscpy(ccp_alg->child_alg, def->name);
>
> alg = &ccp_alg->alg;
> alg->setkey = ccp_sha_setkey;
> diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
> index 3ca47e2a9719..0c8cc0d7a82a 100644
> --- a/drivers/crypto/hisilicon/qm.c
> +++ b/drivers/crypto/hisilicon/qm.c
> @@ -2870,11 +2870,8 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
> .flags = UACCE_DEV_SVA,
> .ops = &uacce_qm_ops,
> };
> - int ret;
>
> - ret = strscpy(interface.name, dev_driver_string(&pdev->dev),
> - sizeof(interface.name));
> - if (ret < 0)
> + if (strscpy(interface.name, dev_driver_string(&pdev->dev)) < 0)
> return -ENAMETOOLONG;
>
Reviewed-by: Longfang Liu <liulongfang@huawei.com>
Thanks.
> uacce = uacce_alloc(&pdev->dev, &interface);
> diff --git a/drivers/crypto/intel/qat/qat_common/adf_cfg.c b/drivers/crypto/intel/qat/qat_common/adf_cfg.c
> index c202209f17d5..24c2618af68d 100644
> --- a/drivers/crypto/intel/qat/qat_common/adf_cfg.c
> +++ b/drivers/crypto/intel/qat/qat_common/adf_cfg.c
> @@ -2,6 +2,7 @@
> /* Copyright(c) 2014 - 2020 Intel Corporation */
> #include <linux/mutex.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <linux/list.h>
> #include <linux/seq_file.h>
> #include "adf_accel_devices.h"
> @@ -294,13 +295,13 @@ int adf_cfg_add_key_value_param(struct adf_accel_dev *accel_dev,
> return -ENOMEM;
>
> INIT_LIST_HEAD(&key_val->list);
> - strscpy(key_val->key, key, sizeof(key_val->key));
> + strscpy(key_val->key, key);
>
> if (type == ADF_DEC) {
> snprintf(key_val->val, ADF_CFG_MAX_VAL_LEN_IN_BYTES,
> "%ld", (*((long *)val)));
> } else if (type == ADF_STR) {
> - strscpy(key_val->val, (char *)val, sizeof(key_val->val));
> + strscpy(key_val->val, (char *)val);
> } else if (type == ADF_HEX) {
> snprintf(key_val->val, ADF_CFG_MAX_VAL_LEN_IN_BYTES,
> "0x%lx", (unsigned long)val);
> @@ -360,7 +361,7 @@ int adf_cfg_section_add(struct adf_accel_dev *accel_dev, const char *name)
> if (!sec)
> return -ENOMEM;
>
> - strscpy(sec->name, name, sizeof(sec->name));
> + strscpy(sec->name, name);
> INIT_LIST_HEAD(&sec->param_head);
> down_write(&cfg->lock);
> list_add_tail(&sec->list, &cfg->sec_list);
> diff --git a/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c b/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
> index 7d00bcb41ce7..11cba347d12d 100644
> --- a/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
> +++ b/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
> @@ -60,7 +60,7 @@ static int adf_service_string_to_mask(struct adf_accel_dev *accel_dev, const cha
> if (len > ADF_CFG_MAX_VAL_LEN_IN_BYTES - 1)
> return -EINVAL;
>
> - strscpy(services, buf, ADF_CFG_MAX_VAL_LEN_IN_BYTES);
> + strscpy(services, buf);
> substr = services;
>
> while ((token = strsep(&substr, ADF_SERVICES_DELIMITER))) {
> diff --git a/drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c
> index c2e6f0cb7480..ae10b91da5ba 100644
> --- a/drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c
> +++ b/drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c
> @@ -5,6 +5,7 @@
> #include <linux/module.h>
> #include <linux/mutex.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <linux/fs.h>
> #include <linux/bitops.h>
> #include <linux/pci.h>
> @@ -350,7 +351,7 @@ static int adf_ctl_ioctl_get_status(struct file *fp, unsigned int cmd,
> dev_info.num_logical_accel = hw_data->num_logical_accel;
> dev_info.banks_per_accel = hw_data->num_banks
> / hw_data->num_logical_accel;
> - strscpy(dev_info.name, hw_data->dev_class->name, sizeof(dev_info.name));
> + strscpy(dev_info.name, hw_data->dev_class->name);
> dev_info.instance_id = hw_data->instance_id;
> dev_info.type = hw_data->dev_class->type;
> dev_info.bus = accel_to_pci_dev(accel_dev)->bus->number;
> diff --git a/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c b/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
> index f9017e03ec0f..32aeb795cc03 100644
> --- a/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
> +++ b/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
> @@ -2,6 +2,7 @@
> /* Copyright(c) 2024 Intel Corporation */
>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <linux/types.h>
> #include "adf_mstate_mgr.h"
>
> @@ -158,7 +159,7 @@ static struct adf_mstate_sect_h *adf_mstate_sect_add_header(struct adf_mstate_mg
> return NULL;
> }
>
> - strscpy(sect->id, id, sizeof(sect->id));
> + strscpy(sect->id, id);
> sect->size = 0;
> sect->sub_sects = 0;
> mgr->state += sizeof(*sect);
> diff --git a/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c b/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
> index a8f853516a3f..fc5d88a2bb17 100644
> --- a/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
> +++ b/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
> @@ -2,6 +2,7 @@
> /* Copyright(c) 2014 - 2020 Intel Corporation */
> #include <linux/mutex.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include <linux/seq_file.h>
> #include "adf_accel_devices.h"
> #include "adf_transport_internal.h"
> @@ -103,7 +104,7 @@ int adf_ring_debugfs_add(struct adf_etr_ring_data *ring, const char *name)
> if (!ring_debug)
> return -ENOMEM;
>
> - strscpy(ring_debug->ring_name, name, sizeof(ring_debug->ring_name));
> + strscpy(ring_debug->ring_name, name);
> snprintf(entry_name, sizeof(entry_name), "ring_%02d",
> ring->ring_number);
>
> diff --git a/drivers/crypto/intel/qat/qat_common/qat_compression.c b/drivers/crypto/intel/qat/qat_common/qat_compression.c
> index 1424d7a9bcd3..8129ad0c32d8 100644
> --- a/drivers/crypto/intel/qat/qat_common/qat_compression.c
> +++ b/drivers/crypto/intel/qat/qat_common/qat_compression.c
> @@ -2,6 +2,7 @@
> /* Copyright(c) 2022 Intel Corporation */
> #include <linux/module.h>
> #include <linux/slab.h>
> +#include <linux/string.h>
> #include "adf_accel_devices.h"
> #include "adf_common_drv.h"
> #include "adf_transport.h"
> @@ -144,7 +145,7 @@ static int qat_compression_create_instances(struct adf_accel_dev *accel_dev)
> int i;
>
> INIT_LIST_HEAD(&accel_dev->compression_list);
> - strscpy(key, ADF_NUM_DC, sizeof(key));
> + strscpy(key, ADF_NUM_DC);
> ret = adf_cfg_get_param_value(accel_dev, SEC, key, val);
> if (ret)
> return ret;
> diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
> index e0f38d32bc93..5c3636080757 100644
> --- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
> +++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
> @@ -99,7 +99,7 @@ static int dev_supports_eng_type(struct otx_cpt_eng_grps *eng_grps,
> static void set_ucode_filename(struct otx_cpt_ucode *ucode,
> const char *filename)
> {
> - strscpy(ucode->filename, filename, OTX_CPT_UCODE_NAME_LENGTH);
> + strscpy(ucode->filename, filename);
> }
>
> static char *get_eng_type_str(int eng_type)
> @@ -140,7 +140,7 @@ static int get_ucode_type(struct otx_cpt_ucode_hdr *ucode_hdr, int *ucode_type)
> u32 i, val = 0;
> u8 nn;
>
> - strscpy(tmp_ver_str, ucode_hdr->ver_str, OTX_CPT_UCODE_VER_STR_SZ);
> + strscpy(tmp_ver_str, ucode_hdr->ver_str);
> for (i = 0; i < strlen(tmp_ver_str); i++)
> tmp_ver_str[i] = tolower(tmp_ver_str[i]);
>
> @@ -1331,7 +1331,7 @@ static ssize_t ucode_load_store(struct device *dev,
>
> eng_grps = container_of(attr, struct otx_cpt_eng_grps, ucode_load_attr);
> err_msg = "Invalid engine group format";
> - strscpy(tmp_buf, buf, OTX_CPT_UCODE_NAME_LENGTH);
> + strscpy(tmp_buf, buf);
> start = tmp_buf;
>
> has_se = has_ie = has_ae = false;
> diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
> index 9b0887d7e62c..465f00e74623 100644
> --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
> +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
> @@ -74,7 +74,7 @@ static int is_2nd_ucode_used(struct otx2_cpt_eng_grp_info *eng_grp)
> static void set_ucode_filename(struct otx2_cpt_ucode *ucode,
> const char *filename)
> {
> - strscpy(ucode->filename, filename, OTX2_CPT_NAME_LENGTH);
> + strscpy(ucode->filename, filename);
> }
>
> static char *get_eng_type_str(int eng_type)
> @@ -130,7 +130,7 @@ static int get_ucode_type(struct device *dev,
> int i, val = 0;
> u8 nn;
>
> - strscpy(tmp_ver_str, ucode_hdr->ver_str, OTX2_CPT_UCODE_VER_STR_SZ);
> + strscpy(tmp_ver_str, ucode_hdr->ver_str);
> for (i = 0; i < strlen(tmp_ver_str); i++)
> tmp_ver_str[i] = tolower(tmp_ver_str[i]);
>
>
>
> .
>
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox