* [syzbot] [crypto?] KMSAN: uninit-value in sw842_compress (2)
From: syzbot @ 2026-06-06 16:43 UTC (permalink / raw)
To: davem, haren, herbert, linux-crypto, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 6f3ed7fec72f Merge tag 'for-7.1/dm-fixes-3' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17311750580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a0ca3b8cb3875012
dashboard link: https://syzkaller.appspot.com/bug?extid=bf5586280a66e9ccdfa9
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/74be992d336f/disk-6f3ed7fe.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d51c3e8d59b5/vmlinux-6f3ed7fe.xz
kernel image: https://storage.googleapis.com/syzbot-assets/34df0814d707/bzImage-6f3ed7fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bf5586280a66e9ccdfa9@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in sw842_compress+0xd09/0x5060 lib/842/842_compress.c:528
sw842_compress+0xd09/0x5060 lib/842/842_compress.c:528
crypto842_scompress+0x4e/0x70 crypto/842.c:46
scomp_acomp_comp_decomp+0xa49/0x1120 include/crypto/internal/scompress.h:-1
scomp_acomp_compress+0x33/0x40 crypto/scompress.c:280
crypto_acomp_compress+0x5c4/0xe50 crypto/acompress.c:287
zswap_compress mm/zswap.c:874 [inline]
zswap_store_page mm/zswap.c:1415 [inline]
zswap_store+0x1a1d/0x48b0 mm/zswap.c:1526
swap_writeout+0x7a1/0x1120 mm/page_io.c:275
shmem_writeout+0x1db1/0x2210 mm/shmem.c:1705
writeout mm/vmscan.c:630 [inline]
pageout mm/vmscan.c:679 [inline]
shrink_folio_list+0x5ade/0x8000 mm/vmscan.c:1400
evict_folios+0x9704/0xbb70 mm/vmscan.c:4854
try_to_shrink_lruvec+0x1734/0x24b0 mm/vmscan.c:5009
lru_gen_shrink_lruvec mm/vmscan.c:5173 [inline]
shrink_lruvec+0x4f8/0x4e20 mm/vmscan.c:5932
shrink_node_memcgs mm/vmscan.c:6171 [inline]
shrink_node+0xf19/0x5a30 mm/vmscan.c:6215
shrink_zones mm/vmscan.c:6454 [inline]
do_try_to_free_pages+0x956/0x2640 mm/vmscan.c:6516
try_to_free_mem_cgroup_pages+0x352/0x920 mm/vmscan.c:6838
try_charge_memcg+0x815/0x1c20 mm/memcontrol.c:2627
charge_memcg+0x113/0x410 mm/memcontrol.c:5021
__mem_cgroup_charge+0x71/0x2e0 mm/memcontrol.c:5038
mem_cgroup_charge include/linux/memcontrol.h:644 [inline]
shmem_alloc_and_add_folio+0xe4d/0x1bd0 mm/shmem.c:1985
shmem_get_folio_gfp+0xad3/0x1fc0 mm/shmem.c:2564
shmem_get_folio mm/shmem.c:2670 [inline]
shmem_write_begin+0x230/0x560 mm/shmem.c:3303
generic_perform_write+0x364/0x1050 mm/filemap.c:4325
shmem_file_write_iter+0x2b7/0x2f0 mm/shmem.c:3478
__kernel_write_iter+0x6f9/0xdd0 fs/read_write.c:621
dump_emit_page fs/coredump.c:1304 [inline]
dump_user_range+0x1936/0x2070 fs/coredump.c:1378
elf_core_dump+0x697e/0x6c30 fs/binfmt_elf.c:2109
coredump_write+0x20c9/0x2ce0 fs/coredump.c:1053
do_coredump fs/coredump.c:1132 [inline]
vfs_coredump+0x7ae1/0x8f00 fs/coredump.c:1206
get_signal+0x2075/0x29f0 kernel/signal.c:3022
arch_do_signal_or_restart+0x53/0xc70 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
irqentry_exit+0x16f/0xa00 kernel/entry/common.c:162
exc_page_fault+0x7e/0xb0 arch/x86/mm/fault.c:1530
asm_exc_page_fault+0x2b/0x30 arch/x86/include/asm/idtentry.h:618
Uninit was stored to memory at:
memcpy_from_iter lib/iov_iter.c:85 [inline]
iterate_bvec include/linux/iov_iter.h:123 [inline]
iterate_and_advance2 include/linux/iov_iter.h:306 [inline]
iterate_and_advance include/linux/iov_iter.h:330 [inline]
__copy_from_iter lib/iov_iter.c:261 [inline]
copy_folio_from_iter_atomic+0xe91/0x3810 lib/iov_iter.c:491
generic_perform_write+0x8b7/0x1050 mm/filemap.c:4343
shmem_file_write_iter+0x2b7/0x2f0 mm/shmem.c:3478
lo_rw_aio+0x1164/0x14a0 drivers/block/loop.c:-1
do_req_filebacked drivers/block/loop.c:-1 [inline]
loop_handle_cmd drivers/block/loop.c:1925 [inline]
loop_process_work+0xf05/0x1ff0 drivers/block/loop.c:1960
loop_workfn+0x3e/0x60 drivers/block/loop.c:1984
process_one_work kernel/workqueue.c:3314 [inline]
process_scheduled_works+0xb65/0x1e40 kernel/workqueue.c:3397
worker_thread+0xee4/0x1590 kernel/workqueue.c:3478
kthread+0x53a/0x5f0 kernel/kthread.c:436
ret_from_fork+0x20f/0x8d0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Uninit was created at:
__alloc_frozen_pages_noprof+0x6fa/0x1000 mm/page_alloc.c:5244
__alloc_pages_noprof mm/page_alloc.c:5255 [inline]
alloc_pages_bulk_noprof+0x1664/0x1aa0 mm/page_alloc.c:5175
btrfs_alloc_page_array fs/btrfs/extent_io.c:675 [inline]
alloc_eb_folio_array fs/btrfs/extent_io.c:699 [inline]
alloc_extent_buffer+0xa85/0x4670 fs/btrfs/extent_io.c:3495
btrfs_find_create_tree_block+0x44/0x60 fs/btrfs/disk-io.c:574
btrfs_init_new_buffer fs/btrfs/extent-tree.c:5260 [inline]
btrfs_alloc_tree_block+0x3fe/0x1bc0 fs/btrfs/extent-tree.c:5373
btrfs_alloc_log_tree_node fs/btrfs/disk-io.c:890 [inline]
btrfs_add_log_tree+0x243/0x7a0 fs/btrfs/disk-io.c:938
start_log_trans fs/btrfs/tree-log.c:349 [inline]
btrfs_log_inode_parent+0x9cf/0x1e00 fs/btrfs/tree-log.c:7562
btrfs_log_dentry_safe+0x96/0x130 fs/btrfs/tree-log.c:7668
btrfs_sync_file+0x16bc/0x21c0 fs/btrfs/file.c:1736
vfs_fsync_range+0x135/0x1c0 fs/sync.c:186
generic_write_sync include/linux/fs.h:2654 [inline]
btrfs_do_write_iter+0xb20/0xd70 fs/btrfs/file.c:1473
btrfs_file_write_iter+0x38/0x50 fs/btrfs/file.c:1483
do_iter_readv_writev+0x9e0/0xc10 fs/read_write.c:-1
vfs_writev+0x52a/0x1500 fs/read_write.c:1059
do_pwritev fs/read_write.c:1155 [inline]
__do_sys_pwritev2 fs/read_write.c:1213 [inline]
__se_sys_pwritev2+0x22f/0x470 fs/read_write.c:1204
__x64_sys_pwritev2+0xe4/0x150 fs/read_write.c:1204
x64_sys_call+0x10a2/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:329
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x15d/0x3c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 15366 Comm: syz.6.2383 Not tainted syzkaller #0 PREEMPT(lazy)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply
* [PATCH] hwrng: atmel - drop __maybe_unused from atmel_trng_pm_ops
From: Thorsten Blum @ 2026-06-06 13:17 UTC (permalink / raw)
To: Olivia Mackall, Herbert Xu, Nicolas Ferre, Alexandre Belloni,
Claudiu Beznea, Sakari Ailus, AngeloGioacchino Del Regno
Cc: Thorsten Blum, linux-crypto, linux-arm-kernel, linux-kernel
Since atmel_trng_driver keeps atmel_trng_pm_ops referenced and pm_ptr()
uses IS_ENABLED(), which allows the compiler to optimize away unused
variables, drop the redundant __maybe_unused annotation.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/char/hw_random/atmel-rng.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/atmel-rng.c b/drivers/char/hw_random/atmel-rng.c
index 6ed24be3481d..10082add0886 100644
--- a/drivers/char/hw_random/atmel-rng.c
+++ b/drivers/char/hw_random/atmel-rng.c
@@ -186,7 +186,7 @@ static int __maybe_unused atmel_trng_runtime_resume(struct device *dev)
return atmel_trng_init(trng);
}
-static const struct dev_pm_ops __maybe_unused atmel_trng_pm_ops = {
+static const struct dev_pm_ops atmel_trng_pm_ops = {
SET_RUNTIME_PM_OPS(atmel_trng_runtime_suspend,
atmel_trng_runtime_resume, NULL)
SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend,
base-commit: 79bbe453e5bfa6e1c6aa2e8329bfc8f152b81c9b
^ permalink raw reply related
* [PATCH v2 6/6] crypto: octeontx - use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:11 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 4 ++--
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
index 205579a6ba2b..58dd996c7f3a 100644
--- a/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c
@@ -99,7 +99,7 @@ static int dev_supports_eng_type(struct otx_cpt_eng_grps *eng_grps,
static void set_ucode_filename(struct otx_cpt_ucode *ucode,
const char *filename)
{
- strscpy(ucode->filename, filename, OTX_CPT_UCODE_NAME_LENGTH);
+ strscpy(ucode->filename, filename);
}
static char *get_eng_type_str(int eng_type)
@@ -140,7 +140,7 @@ static int get_ucode_type(struct otx_cpt_ucode_hdr *ucode_hdr, int *ucode_type)
u32 i, val = 0;
u8 nn;
- strscpy(tmp_ver_str, ucode_hdr->ver_str, OTX_CPT_UCODE_VER_STR_SZ);
+ strscpy(tmp_ver_str, ucode_hdr->ver_str);
for (i = 0; i < strlen(tmp_ver_str); i++)
tmp_ver_str[i] = tolower(tmp_ver_str[i]);
diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
index 9b0887d7e62c..465f00e74623 100644
--- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
+++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c
@@ -74,7 +74,7 @@ static int is_2nd_ucode_used(struct otx2_cpt_eng_grp_info *eng_grp)
static void set_ucode_filename(struct otx2_cpt_ucode *ucode,
const char *filename)
{
- strscpy(ucode->filename, filename, OTX2_CPT_NAME_LENGTH);
+ strscpy(ucode->filename, filename);
}
static char *get_eng_type_str(int eng_type)
@@ -130,7 +130,7 @@ static int get_ucode_type(struct device *dev,
int i, val = 0;
u8 nn;
- strscpy(tmp_ver_str, ucode_hdr->ver_str, OTX2_CPT_UCODE_VER_STR_SZ);
+ strscpy(tmp_ver_str, ucode_hdr->ver_str);
for (i = 0; i < strlen(tmp_ver_str); i++)
tmp_ver_str[i] = tolower(tmp_ver_str[i]);
^ permalink raw reply related
* [PATCH v2 5/6] crypto: qat - use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:11 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Acked-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
drivers/crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
5 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/intel/qat/qat_common/adf_cfg.c b/drivers/crypto/intel/qat/qat_common/adf_cfg.c
index ea5d72d5090c..d97ee1000045 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_cfg.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_cfg.c
@@ -2,6 +2,7 @@
/* Copyright(c) 2014 - 2020 Intel Corporation */
#include <linux/mutex.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <linux/list.h>
#include <linux/seq_file.h>
#include "adf_accel_devices.h"
@@ -284,13 +285,13 @@ int adf_cfg_add_key_value_param(struct adf_accel_dev *accel_dev,
return -ENOMEM;
INIT_LIST_HEAD(&key_val->list);
- strscpy(key_val->key, key, sizeof(key_val->key));
+ strscpy(key_val->key, key);
if (type == ADF_DEC) {
snprintf(key_val->val, ADF_CFG_MAX_VAL_LEN_IN_BYTES,
"%ld", (*((long *)val)));
} else if (type == ADF_STR) {
- strscpy(key_val->val, (char *)val, sizeof(key_val->val));
+ strscpy(key_val->val, (char *)val);
} else if (type == ADF_HEX) {
snprintf(key_val->val, ADF_CFG_MAX_VAL_LEN_IN_BYTES,
"0x%lx", (unsigned long)val);
@@ -350,7 +351,7 @@ int adf_cfg_section_add(struct adf_accel_dev *accel_dev, const char *name)
if (!sec)
return -ENOMEM;
- strscpy(sec->name, name, sizeof(sec->name));
+ strscpy(sec->name, name);
INIT_LIST_HEAD(&sec->param_head);
down_write(&cfg->lock);
list_add_tail(&sec->list, &cfg->sec_list);
diff --git a/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c b/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
index 7d00bcb41ce7..11cba347d12d 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_cfg_services.c
@@ -60,7 +60,7 @@ static int adf_service_string_to_mask(struct adf_accel_dev *accel_dev, const cha
if (len > ADF_CFG_MAX_VAL_LEN_IN_BYTES - 1)
return -EINVAL;
- strscpy(services, buf, ADF_CFG_MAX_VAL_LEN_IN_BYTES);
+ strscpy(services, buf);
substr = services;
while ((token = strsep(&substr, ADF_SERVICES_DELIMITER))) {
diff --git a/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c b/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
index f9017e03ec0f..32aeb795cc03 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c
@@ -2,6 +2,7 @@
/* Copyright(c) 2024 Intel Corporation */
#include <linux/slab.h>
+#include <linux/string.h>
#include <linux/types.h>
#include "adf_mstate_mgr.h"
@@ -158,7 +159,7 @@ static struct adf_mstate_sect_h *adf_mstate_sect_add_header(struct adf_mstate_mg
return NULL;
}
- strscpy(sect->id, id, sizeof(sect->id));
+ strscpy(sect->id, id);
sect->size = 0;
sect->sub_sects = 0;
mgr->state += sizeof(*sect);
diff --git a/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c b/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
index a8f853516a3f..fc5d88a2bb17 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_transport_debug.c
@@ -2,6 +2,7 @@
/* Copyright(c) 2014 - 2020 Intel Corporation */
#include <linux/mutex.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <linux/seq_file.h>
#include "adf_accel_devices.h"
#include "adf_transport_internal.h"
@@ -103,7 +104,7 @@ int adf_ring_debugfs_add(struct adf_etr_ring_data *ring, const char *name)
if (!ring_debug)
return -ENOMEM;
- strscpy(ring_debug->ring_name, name, sizeof(ring_debug->ring_name));
+ strscpy(ring_debug->ring_name, name);
snprintf(entry_name, sizeof(entry_name), "ring_%02d",
ring->ring_number);
diff --git a/drivers/crypto/intel/qat/qat_common/qat_compression.c b/drivers/crypto/intel/qat/qat_common/qat_compression.c
index 1424d7a9bcd3..8129ad0c32d8 100644
--- a/drivers/crypto/intel/qat/qat_common/qat_compression.c
+++ b/drivers/crypto/intel/qat/qat_common/qat_compression.c
@@ -2,6 +2,7 @@
/* Copyright(c) 2022 Intel Corporation */
#include <linux/module.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include "adf_accel_devices.h"
#include "adf_common_drv.h"
#include "adf_transport.h"
@@ -144,7 +145,7 @@ static int qat_compression_create_instances(struct adf_accel_dev *accel_dev)
int i;
INIT_LIST_HEAD(&accel_dev->compression_list);
- strscpy(key, ADF_NUM_DC, sizeof(key));
+ strscpy(key, ADF_NUM_DC);
ret = adf_cfg_get_param_value(accel_dev, SEC, key, val);
if (ret)
return ret;
^ permalink raw reply related
* [PATCH v2 4/6] crypto: hisilicon - use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:11 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum,
Longfang Liu
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Reviewed-by: Longfang Liu <liulongfang@huawei.com>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/hisilicon/qm.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c
index a951d2ef7833..c01966a4a33f 100644
--- a/drivers/crypto/hisilicon/qm.c
+++ b/drivers/crypto/hisilicon/qm.c
@@ -2944,11 +2944,8 @@ static int qm_alloc_uacce(struct hisi_qm *qm)
.flags = UACCE_DEV_SVA,
.ops = &uacce_qm_ops,
};
- int ret;
- ret = strscpy(interface.name, dev_driver_string(&pdev->dev),
- sizeof(interface.name));
- if (ret < 0)
+ if (strscpy(interface.name, dev_driver_string(&pdev->dev)) < 0)
return -ENAMETOOLONG;
uacce = uacce_alloc(&pdev->dev, &interface);
^ permalink raw reply related
* [PATCH v2 3/6] crypto: ccp - use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:11 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c
index 85058a89f35b..ff9bb253dbb2 100644
--- a/drivers/crypto/ccp/ccp-crypto-sha.c
+++ b/drivers/crypto/ccp/ccp-crypto-sha.c
@@ -426,7 +426,7 @@ static int ccp_register_hmac_alg(struct list_head *head,
*ccp_alg = *base_alg;
INIT_LIST_HEAD(&ccp_alg->entry);
- strscpy(ccp_alg->child_alg, def->name, CRYPTO_MAX_ALG_NAME);
+ strscpy(ccp_alg->child_alg, def->name);
alg = &ccp_alg->alg;
alg->setkey = ccp_sha_setkey;
^ permalink raw reply related
* [PATCH v2 2/6] crypto: cavium - use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:10 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/cavium/nitrox/nitrox_hal.c b/drivers/crypto/cavium/nitrox/nitrox_hal.c
index 1b5abdb6cc5e..e36c1741bb78 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_hal.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_hal.c
@@ -1,5 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/delay.h>
+#include <linux/string.h>
#include "nitrox_dev.h"
#include "nitrox_csr.h"
@@ -647,7 +648,7 @@ void nitrox_get_hwinfo(struct nitrox_device *ndev)
ndev->hw.revision_id);
/* copy partname */
- strscpy(ndev->hw.partname, name, sizeof(ndev->hw.partname));
+ strscpy(ndev->hw.partname, name);
}
void enable_pf2vf_mbox_interrupts(struct nitrox_device *ndev)
^ permalink raw reply related
* [PATCH v2 1/6] crypto: use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:10 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
In-Reply-To: <20260605231056.1622060-8-thorsten.blum@linux.dev>
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
crypto/api.c | 2 +-
crypto/crypto_user.c | 9 ++++-----
crypto/hctr2.c | 3 +--
crypto/lrw.c | 2 +-
crypto/lskcipher.c | 3 +--
crypto/xts.c | 3 ++-
6 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/crypto/api.c b/crypto/api.c
index 74e17d5049c9..040b7a965c2f 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -116,7 +116,7 @@ struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask)
larval->alg.cra_priority = -1;
larval->alg.cra_destroy = crypto_larval_destroy;
- strscpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME);
+ strscpy(larval->alg.cra_name, name);
init_completion(&larval->completion);
return larval;
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index e8b6ae75f31f..d3ccb507153b 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -11,6 +11,7 @@
#include <linux/cryptouser.h>
#include <linux/sched.h>
#include <linux/security.h>
+#include <linux/string.h>
#include <net/netlink.h>
#include <net/net_namespace.h>
#include <net/sock.h>
@@ -87,11 +88,9 @@ static int crypto_report_one(struct crypto_alg *alg,
{
memset(ualg, 0, sizeof(*ualg));
- strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
- strscpy(ualg->cru_driver_name, alg->cra_driver_name,
- sizeof(ualg->cru_driver_name));
- strscpy(ualg->cru_module_name, module_name(alg->cra_module),
- sizeof(ualg->cru_module_name));
+ strscpy(ualg->cru_name, alg->cra_name);
+ strscpy(ualg->cru_driver_name, alg->cra_driver_name);
+ strscpy(ualg->cru_module_name, module_name(alg->cra_module));
ualg->cru_type = 0;
ualg->cru_mask = 0;
diff --git a/crypto/hctr2.c b/crypto/hctr2.c
index ad5edf9366ac..cfc2343bcc1c 100644
--- a/crypto/hctr2.c
+++ b/crypto/hctr2.c
@@ -354,8 +354,7 @@ static int hctr2_create_common(struct crypto_template *tmpl, struct rtattr **tb,
err = -EINVAL;
if (strncmp(xctr_alg->base.cra_name, "xctr(", 5))
goto err_free_inst;
- len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5,
- sizeof(blockcipher_name));
+ len = strscpy(blockcipher_name, xctr_alg->base.cra_name + 5);
if (len < 1)
goto err_free_inst;
if (blockcipher_name[len - 1] != ')')
diff --git a/crypto/lrw.c b/crypto/lrw.c
index aa31ab03a597..e306e85d7ced 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -359,7 +359,7 @@ static int lrw_create(struct crypto_template *tmpl, struct rtattr **tb)
if (!memcmp(cipher_name, "ecb(", 4)) {
int len;
- len = strscpy(ecb_name, cipher_name + 4, sizeof(ecb_name));
+ len = strscpy(ecb_name, cipher_name + 4);
if (len < 2)
goto err_free_inst;
diff --git a/crypto/lskcipher.c b/crypto/lskcipher.c
index e4328df6e26c..d7ec215e2b3a 100644
--- a/crypto/lskcipher.c
+++ b/crypto/lskcipher.c
@@ -528,8 +528,7 @@ struct lskcipher_instance *lskcipher_alloc_instance_simple(
int len;
err = -EINVAL;
- len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4],
- sizeof(ecb_name));
+ len = strscpy(ecb_name, &cipher_alg->co.base.cra_name[4]);
if (len < 2)
goto err_free_inst;
diff --git a/crypto/xts.c b/crypto/xts.c
index ad97c8091582..1dc948745444 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -16,6 +16,7 @@
#include <linux/module.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
+#include <linux/string.h>
#include <crypto/xts.h>
#include <crypto/b128ops.h>
@@ -400,7 +401,7 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
if (!memcmp(cipher_name, "ecb(", 4)) {
int len;
- len = strscpy(name, cipher_name + 4, sizeof(name));
+ len = strscpy(name, cipher_name + 4);
if (len < 2)
goto err_free_inst;
^ permalink raw reply related
* [PATCH v2 0/6] crypto: use 2-arg strscpy where destination size is known
From: Thorsten Blum @ 2026-06-05 23:10 UTC (permalink / raw)
To: Herbert Xu, David S. Miller, Tom Lendacky, John Allen, Weili Qian,
Zhou Wang, Giovanni Cabiddu, Srujana Challa, Bharat Bhushan
Cc: linux-crypto, linux-kernel, qat-linux, Thorsten Blum
To simplify the code, drop explicit and hard-coded size arguments from
strscpy() where the destination buffer has a fixed size and strscpy()
can automatically determine it using sizeof().
Changes in v2:
- Rebase and split up
- v1: https://lore.kernel.org/r/20260525103038.825690-4-thorsten.blum@linux.dev/
Thorsten Blum (6):
crypto: use 2-arg strscpy where destination size is known
crypto: cavium - use 2-arg strscpy where destination size is known
crypto: ccp - use 2-arg strscpy where destination size is known
crypto: hisilicon - use 2-arg strscpy where destination size is known
crypto: qat - use 2-arg strscpy where destination size is known
crypto: octeontx - use 2-arg strscpy where destination size is known
crypto/api.c | 2 +-
crypto/crypto_user.c | 9 ++++-----
crypto/hctr2.c | 3 +--
crypto/lrw.c | 2 +-
crypto/lskcipher.c | 3 +--
crypto/xts.c | 3 ++-
drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
drivers/crypto/hisilicon/qm.c | 5 +----
drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
.../crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 4 ++--
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
16 files changed, 29 insertions(+), 29 deletions(-)
base-commit: 5624ea54f3ba5c83d2e5503411a31a8be0278c1e
^ permalink raw reply
* [PATCH] hwrng: omap - balance runtime PM and clocks on probe-defer paths
From: William Theesfeld @ 2026-06-05 19:28 UTC (permalink / raw)
To: Deepak Saxena; +Cc: Olivia Mackall, Herbert Xu, linux-crypto, linux-kernel
omap_rng_probe() calls pm_runtime_enable() and pm_runtime_resume_and_get()
to bring the device up. If either devm_clk_get() call subsequently
returns -EPROBE_DEFER, the function returns -EPROBE_DEFER directly,
leaking the runtime PM usage counter taken by resume_and_get() and
leaving pm_runtime enabled.
Convert both early returns to set ret and jump to err_register, which
already performs the matching pm_runtime_put_sync() + pm_runtime_disable()
unwind. Because devm_clk_get() returns ERR_PTR on failure (not NULL)
and err_register calls clk_disable_unprepare() unconditionally, also
NULL out the failed clk pointers before the goto so that
clk_disable_unprepare() (which only handles NULL safely, not ERR_PTR)
does not deref an error pointer.
While here, NULL out priv->clk and priv->clk_reg in the existing
"optional clock not present" else branches. In that pre-existing case
the pointer was left as ERR_PTR, and the unconditional
clk_disable_unprepare() in omap_rng_remove() would have dereferenced
it on driver unbind. No functional change for systems where both
clocks are present.
Found by smatch ("missing unwind goto?").
Signed-off-by: William Theesfeld <william@theesfeld.net>
---
drivers/char/hw_random/omap-rng.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/drivers/char/hw_random/omap-rng.c b/drivers/char/hw_random/omap-rng.c
index 5e8b50f15..1902865a9 100644
--- a/drivers/char/hw_random/omap-rng.c
+++ b/drivers/char/hw_random/omap-rng.c
@@ -459,8 +459,11 @@ static int omap_rng_probe(struct platform_device *pdev)
}
priv->clk = devm_clk_get(&pdev->dev, NULL);
- if (PTR_ERR(priv->clk) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (PTR_ERR(priv->clk) == -EPROBE_DEFER) {
+ priv->clk = NULL;
+ ret = -EPROBE_DEFER;
+ goto err_register;
+ }
if (!IS_ERR(priv->clk)) {
ret = clk_prepare_enable(priv->clk);
if (ret) {
@@ -468,11 +471,21 @@ static int omap_rng_probe(struct platform_device *pdev)
"Unable to enable the clk: %d\n", ret);
goto err_register;
}
+ } else {
+ /*
+ * No optional clock present; make priv->clk safe for the
+ * unconditional clk_disable_unprepare() in err_register and
+ * in omap_rng_remove().
+ */
+ priv->clk = NULL;
}
priv->clk_reg = devm_clk_get(&pdev->dev, "reg");
- if (PTR_ERR(priv->clk_reg) == -EPROBE_DEFER)
- return -EPROBE_DEFER;
+ if (PTR_ERR(priv->clk_reg) == -EPROBE_DEFER) {
+ priv->clk_reg = NULL;
+ ret = -EPROBE_DEFER;
+ goto err_register;
+ }
if (!IS_ERR(priv->clk_reg)) {
ret = clk_prepare_enable(priv->clk_reg);
if (ret) {
@@ -481,6 +494,9 @@ static int omap_rng_probe(struct platform_device *pdev)
ret);
goto err_register;
}
+ } else {
+ /* Same rationale as for priv->clk above. */
+ priv->clk_reg = NULL;
}
ret = (dev->of_node) ? of_get_omap_rng_device_details(priv, pdev) :
--
2.54.0
^ permalink raw reply related
* Re: [PATCH] rhashtable: Use irq work for shrinking
From: patchwork-bot+netdevbpf @ 2026-06-05 15:10 UTC (permalink / raw)
To: Herbert Xu
Cc: mykyta.yatsenko5, bot+bpf-ci, bpf, ast, andrii, daniel, kafai,
kernel-team, eddyz87, memxor, yatsenko, martin.lau, yonghong.song,
clm, ihor.solodrai, tj, linux-crypto
In-Reply-To: <aiDgUPXZUi-jnTdo@gondor.apana.org.au>
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Thu, 4 Jun 2026 10:17:52 +0800 you wrote:
> On Wed, Jun 03, 2026 at 02:08:25PM +0100, Mykyta Yatsenko wrote:
> >
> > For v7 I'm dropping automatic_shrinking, because it adds a risk of
> > calling schedule_work() on element deletion path (__rhashtable_remove_fast_one())
> > when hashtable size drops below 30% of the capacity.
>
> Now that expansion uses irq work I think shrinking should switch
> to that as well.
>
> [...]
Here is the summary with links:
- rhashtable: Use irq work for shrinking
https://git.kernel.org/bpf/bpf-next/c/46730ee6e884
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply
* Re: [PATCH v2 1/5] crypto: hisilicon/zip - add backlog support for zip
From: Herbert Xu @ 2026-06-05 11:48 UTC (permalink / raw)
To: ZongYu Wu
Cc: davem, linux-kernel, linux-crypto, fanghao11, liulongfang,
qianweili, wangzhou1, huangchenghai2, linwenkai6
In-Reply-To: <20260528115531.174593-2-wuzongyu1@huawei.com>
On Thu, May 28, 2026 at 07:55:27PM +0800, ZongYu Wu wrote:
> From: Chenghai Huang <huangchenghai2@huawei.com>
>
> When the hardware queue is busy, requests are now queued instead of
> being failed immediately. Queued requests are retried when earlier
> requests complete, which prevents transient failures under heavy load.
>
> The backlog path also provides a fallback mechanism while the hardware
> is temporarily unavailable, such as during device reset.
>
> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
> Signed-off-by: Zongyu Wu <wuzongyu1@huawei.com>
> ---
> drivers/crypto/hisilicon/zip/zip_crypto.c | 286 ++++++++++++++--------
> 1 file changed, 183 insertions(+), 103 deletions(-)
We already have a generic queueing mechanism in the form of
crypto_engine.
Please add support for acomp to it instead of rolling your own
queueing mechanism.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: qat - simplify adf_service_mask_to_string helper
From: Herbert Xu @ 2026-06-05 11:42 UTC (permalink / raw)
To: Thorsten Blum
Cc: Giovanni Cabiddu, David S. Miller, Suman Kumar Chakraborty,
Karthikeyan Gopal, qat-linux, linux-crypto, linux-kernel
In-Reply-To: <20260527174655.1390543-3-thorsten.blum@linux.dev>
On Wed, May 27, 2026 at 07:46:55PM +0200, Thorsten Blum wrote:
> Use a single scnprintf() for each set bit and drop the offset in the
> else branch to simplify adf_service_mask_to_string().
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: powerpc/aes - use min in ppc_{ecb,cbc,ctr,xts}_crypt
From: Herbert Xu @ 2026-06-05 11:42 UTC (permalink / raw)
To: Thorsten Blum
Cc: David S. Miller, Madhavan Srinivasan, Michael Ellerman,
Nicholas Piggin, Christophe Leroy (CS GROUP), linux-crypto,
linuxppc-dev, linux-kernel
In-Reply-To: <20260527141146.1230672-3-thorsten.blum@linux.dev>
On Wed, May 27, 2026 at 04:11:47PM +0200, Thorsten Blum wrote:
> Replace min_t() with the simpler min() macro since the values are
> unsigned and compatible.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> arch/powerpc/crypto/aes-spe-glue.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH crypto 1/1] crypto: chacha20poly1305: validate poly1305 template argument
From: Herbert Xu @ 2026-06-05 11:41 UTC (permalink / raw)
To: Ren Wei
Cc: linux-crypto, davem, yuantan098, zcliangcn, bird, tr0jan,
ngochuongbui67
In-Reply-To: <e7a116d3474cd00e421393e0512ad11b151ca2f1.1779777598.git.ngochuongbui67@gmail.com>
On Tue, May 26, 2026 at 06:11:43PM +0800, Ren Wei wrote:
> From: Xiaonan Zhao <ngochuongbui67@gmail.com>
>
> chachapoly_create() still accepts the compatibility poly1305 parameter
> in the template name, but it assumes the second template argument is
> always present and immediately passes it to strcmp().
>
> When the argument is missing, crypto_attr_alg_name() returns an error
> pointer. Check for that before comparing the name so malformed template
> instantiations fail with an error instead of dereferencing the error
> pointer in strcmp().
>
> This matches the surrounding Crypto API template pattern where
> crypto_attr_alg_name() results are validated before string-specific use.
>
> Fixes: a298765e28ad ("crypto: chacha20poly1305 - Use lib/crypto poly1305")
> Cc: stable@kernel.org
> Reported-by: Yuan Tan <yuantan098@gmail.com>
> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>
> Reported-by: Xin Liu <bird@lzu.edu.cn>
> Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
> Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
> Signed-off-by: Xiaonan Zhao <ngochuongbui67@gmail.com>
> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
> ---
> crypto/chacha20poly1305.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: qat - add KPT support for GEN6 devices
From: Herbert Xu @ 2026-06-05 11:41 UTC (permalink / raw)
To: nitesh.venkatesh
Cc: linux-crypto, qat-linux, Junyuan Wang, Giovanni Cabiddu,
Ahsan Atta
In-Reply-To: <20260526092839.432243-1-nitesh.venkatesh@intel.com>
On Tue, May 26, 2026 at 09:28:39AM +0000, nitesh.venkatesh@intel.com wrote:
> From: Junyuan Wang <junyuan.wang@intel.com>
>
> Add support for Intel Key Protection Technology (KPT) on QAT GEN6
> devices.
>
> KPT protects private keys from exposure by keeping them wrapped
> (encrypted) while in use, in-flight, and at rest. Keys remain in wrapped
> form and are not exposed in plaintext in host memory. This feature
> operates outside of the Linux crypto framework and kernel keyring.
>
> Extend the firmware admin interface to enable and configure KPT. During
> device initialisation, if KPT is enabled, the driver sends an admin
> message to firmware to enable KPT mode and configure parameters such as
> the maximum number of SWK (Symmetric Wrapping Key) slots and the SWK
> time-to-live (TTL).
>
> Expose KPT configuration via a new sysfs attribute group, "qat_kpt", and
> add ABI documentation.
>
> Co-developed-by: Nitesh Venkatesh <nitesh.venkatesh@intel.com>
> Signed-off-by: Nitesh Venkatesh <nitesh.venkatesh@intel.com>
> Signed-off-by: Junyuan Wang <junyuan.wang@intel.com>
> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> Reviewed-by: Ahsan Atta <ahsan.atta@intel.com>
> ---
> .../ABI/testing/sysfs-driver-qat_kpt | 97 ++++++
> .../intel/qat/qat_6xxx/adf_6xxx_hw_data.c | 21 +-
> .../intel/qat/qat_6xxx/adf_6xxx_hw_data.h | 9 +
> drivers/crypto/intel/qat/qat_6xxx/adf_drv.c | 6 +
> drivers/crypto/intel/qat/qat_common/Makefile | 2 +
> .../intel/qat/qat_common/adf_accel_devices.h | 2 +
> .../crypto/intel/qat/qat_common/adf_admin.c | 39 +++
> .../crypto/intel/qat/qat_common/adf_admin.h | 2 +
> .../crypto/intel/qat/qat_common/adf_init.c | 8 +
> drivers/crypto/intel/qat/qat_common/adf_kpt.c | 56 ++++
> drivers/crypto/intel/qat/qat_common/adf_kpt.h | 29 ++
> .../intel/qat/qat_common/adf_sysfs_kpt.c | 296 ++++++++++++++++++
> .../intel/qat/qat_common/adf_sysfs_kpt.h | 10 +
> .../qat/qat_common/icp_qat_fw_init_admin.h | 8 +
> .../crypto/intel/qat/qat_common/icp_qat_hw.h | 3 +-
> 15 files changed, 586 insertions(+), 2 deletions(-)
> create mode 100644 Documentation/ABI/testing/sysfs-driver-qat_kpt
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_kpt.c
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_kpt.h
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_sysfs_kpt.c
> create mode 100644 drivers/crypto/intel/qat/qat_common/adf_sysfs_kpt.h
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v3] crypto: nx: fix nx_crypto_ctx_exit argument
From: Herbert Xu @ 2026-06-05 11:40 UTC (permalink / raw)
To: Sam James
Cc: Breno Leitão, Nayna Jain, Paulo Flabiano Smorigo,
Madhavan Srinivasan, Michael Ellerman, Nicholas Piggin,
Christophe Leroy (CS GROUP), David S. Miller, Ard Biesheuvel,
Eric Biggers, Eric Biggers, stable, Calvin Buckley, Brad Spengler,
linux-crypto, linuxppc-dev, linux-kernel
In-Reply-To: <844faa8a75585e4088c95c052dd0ecd189bc3a64.1779695779.git.sam@gentoo.org>
On Mon, May 25, 2026 at 08:56:19AM +0100, Sam James wrote:
> nx_crypto_ctx_shash_exit calls nx_crypto_ctx_exit with crypto_shash_ctx(...)
> but crypto_shash_ctx gives a nx_crypto_ctx *, not a crypto_tfm *.
>
> Fix the type in nx_crypto_ctx_exit and drop the bogus crypto_tfm_ctx
> call.
>
> This fixes the following oops:
>
> BUG: Unable to handle kernel data access at 0xc0403effffffffc8
> Faulting instruction address: 0xc000000000396cb4
> Oops: Kernel access of bad area, sig: 11 [#15]
> Call Trace:
> nx_crypto_ctx_shash_exit+0x24/0x60
> crypto_shash_exit_tfm+0x28/0x40
> crypto_destroy_tfm+0x98/0x140
> crypto_exit_ahash_using_shash+0x20/0x40
> crypto_destroy_tfm+0x98/0x140
> hash_release+0x1c/0x30
> alg_sock_destruct+0x38/0x60
> __sk_destruct+0x48/0x2b0
> af_alg_release+0x58/0xb0
> __sock_release+0x68/0x150
> sock_close+0x20/0x40
> __fput+0x110/0x3a0
> sys_close+0x48/0xa0
> system_call_exception+0x140/0x2d0
> system_call_common+0xf4/0x258
>
> .. which came from hardlink(1) opportunistically using AF_ALG.
>
> The same problem exists with nx_crypto_ctx_skcipher_exit getting a context
> it wasn't expecting, but apparently nobody hit that for years.
>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: stable@vger.kernel.org
> Fixes: bfd9efddf990 ("crypto: nx - convert AES-ECB to skcipher API")
> Fixes: 9420e628e7d8 ("crypto: nx - Use API partial block handling")
> Acked-by: Breno Leitao <leitao@debian.org>
> Reviewed-by: Eric Biggers <ebiggers@kernel.org>
> Reported-by: Calvin Buckley <calvin@cmpct.info>
> Tested-by: Calvin Buckley <calvin@cmpct.info>
> Suggested-by: Brad Spengler <brad.spengler@opensrcsec.com>
> Signed-off-by: Sam James <sam@gentoo.org>
> ---
> v3: Fix doc tag.
> v2: Add stable cc, fix doc for tfm param.
>
> v1: https://lore.kernel.org/all/a3e89c1e8342ffa415b0d29725a0571a4f355d34.1779472902.git.sam@gentoo.org/
> v2: https://lore.kernel.org/all/b8b1b6fe740187c70349cd04a820d57324e0f70c.1779509289.git.sam@gentoo.org/
>
> drivers/crypto/nx/nx.c | 6 ++----
> drivers/crypto/nx/nx.h | 2 +-
> 2 files changed, 3 insertions(+), 5 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH crypto 1/1] crypto: pcrypt: restore callback for non-parallel fallback
From: Herbert Xu @ 2026-06-05 11:40 UTC (permalink / raw)
To: Ren Wei
Cc: linux-crypto, steffen.klassert, davem, yiyang13, yuantan098,
yifanwucs, tomapufckgml, zcliangcn, bird, ruijieli51
In-Reply-To: <9baedde966f3bcc64b5cde86c2b9c95943572406.1779697691.git.ruijieli51@gmail.com>
On Mon, May 25, 2026 at 07:45:21PM +0800, Ren Wei wrote:
> From: Ruijie Li <ruijieli51@gmail.com>
>
> pcrypt installs pcrypt_aead_done() on the child AEAD request before
> trying to submit it through padata. If padata_do_parallel() returns
> -EBUSY, pcrypt falls back to calling the child AEAD directly.
>
> That fallback must not keep the padata completion callback. Otherwise
> an asynchronous completion runs pcrypt_aead_done() even though the
> request was never enrolled in padata.
>
> Restore the original request callback and callback data before calling
> the child AEAD directly. This keeps the fallback path aligned with a
> direct AEAD request while leaving the parallel path unchanged.
>
> Fixes: 662f2f13e66d ("crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY")
> Cc: stable@kernel.org
> Reported-by: Yuan Tan <yuantan098@gmail.com>
> Reported-by: Yifan Wu <yifanwucs@gmail.com>
> Reported-by: Juefei Pu <tomapufckgml@gmail.com>
> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com>
> Reported-by: Xin Liu <bird@lzu.edu.cn>
> Assisted-by: Codex:gpt-5.4
> Signed-off-by: Ruijie Li <ruijieli51@gmail.com>
> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
> ---
> crypto/pcrypt.c | 4 ++++
> 1 file changed, 4 insertions(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH 0/2] dt-bindings: crypto: Add Qualcomm Hawi crypto support
From: Herbert Xu @ 2026-06-05 11:39 UTC (permalink / raw)
To: Manivannan Sadhasivam
Cc: David S. Miller, Rob Herring, Krzysztof Kozlowski, Conor Dooley,
Vinod Koul, Bjorn Andersson, linux-arm-msm, linux-crypto,
devicetree, linux-kernel, Manivannan Sadhasivam
In-Reply-To: <20260521-hawi-crypto-v1-0-9176a3b51bc0@kernel.org>
On Thu, May 21, 2026 at 12:36:19PM +0000, Manivannan Sadhasivam wrote:
> Hi,
>
> This series adds the crypto (ICE, TRNG) dt-binding support for Qualcomm's
> upcoming Hawi SoC.
>
> Signed-off-by: Manivannan Sadhasivam <mani@kernel.org>
> ---
> Manivannan Sadhasivam (2):
> dt-bindings: crypto: qcom,prng: Document Hawi TRNG
> dt-bindings: crypto: qcom,inline-crypto-engine: Document Hawi ICE
>
> Documentation/devicetree/bindings/crypto/qcom,inline-crypto-engine.yaml | 1 +
> Documentation/devicetree/bindings/crypto/qcom,prng.yaml | 1 +
> 2 files changed, 2 insertions(+)
> ---
> base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
> change-id: 20260521-hawi-crypto-138bfd2a6ec5
All applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: use two-argument strscpy where destination size is known
From: Herbert Xu @ 2026-06-05 11:35 UTC (permalink / raw)
To: Thorsten Blum
Cc: David S. Miller, Tom Lendacky, John Allen, Weili Qian, Zhou Wang,
Giovanni Cabiddu, Srujana Challa, Bharat Bhushan, linux-crypto,
linux-kernel, qat-linux
In-Reply-To: <20260525103038.825690-4-thorsten.blum@linux.dev>
On Mon, May 25, 2026 at 12:30:41PM +0200, Thorsten Blum wrote:
> To simplify the code, drop explicit and hard-coded size arguments from
> strscpy() where the destination buffer has a fixed size and strscpy()
> can automatically determine it using sizeof().
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> crypto/api.c | 2 +-
> crypto/crypto_user.c | 9 ++++-----
> crypto/hctr2.c | 3 +--
> crypto/lrw.c | 2 +-
> crypto/lskcipher.c | 3 +--
> crypto/xts.c | 3 ++-
> drivers/crypto/cavium/nitrox/nitrox_hal.c | 3 ++-
> drivers/crypto/ccp/ccp-crypto-sha.c | 2 +-
> drivers/crypto/hisilicon/qm.c | 5 +----
> drivers/crypto/intel/qat/qat_common/adf_cfg.c | 7 ++++---
> drivers/crypto/intel/qat/qat_common/adf_cfg_services.c | 2 +-
> drivers/crypto/intel/qat/qat_common/adf_ctl_drv.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/adf_mstate_mgr.c | 3 ++-
> .../crypto/intel/qat/qat_common/adf_transport_debug.c | 3 ++-
> drivers/crypto/intel/qat/qat_common/qat_compression.c | 3 ++-
> drivers/crypto/marvell/octeontx/otx_cptpf_ucode.c | 6 +++---
> drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 ++--
> 17 files changed, 32 insertions(+), 31 deletions(-)
This patch doesn't apply. Please split it up.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* [PATCH v2] hw_random/core: fix rng list on registration error
From: Manos Pitsidianakis @ 2026-06-05 11:23 UTC (permalink / raw)
To: Herbert Xu; +Cc: linux-crypto, linux-kernel, Manos Pitsidianakis
hwrng_register(rng) does the following:
1. Checks if rng has name and read methods set
2. Checks if the name already exists
3. Adds rng to global rng_list
4. May try to set rng to current_rng
If step 4 fails, it returns an error. However, it does not remove the
rng from rng_list, causing a dangling reference which can result in
use-after-free if the caller frees rng, since registration failed.
Add a list_del_init() cleanup step.
Fixes: 2bbb6983887f ("hwrng: use rng source with best quality")
Signed-off-by: Manos Pitsidianakis <manos@pitsidianak.is>
---
Changes in v2:
- Add Fixes: trailer
- Link to v1: https://lore.kernel.org/r/20260525-hw_random_registration_rng_list-v1-1-ee1c215d544d@pitsidianak.is
---
drivers/char/hw_random/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index aba92d777f72604861b644469032c8f443f1ed50..3015b863412ee17c734eb4ce2feebe78f5049d89 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -604,11 +604,13 @@ int hwrng_register(struct hwrng *rng)
*/
err = set_current_rng(rng);
if (err)
- goto out_unlock;
+ goto out_list_del;
}
}
mutex_unlock(&rng_mutex);
return 0;
+out_list_del:
+ list_del_init(&rng->list);
out_unlock:
mutex_unlock(&rng_mutex);
out:
---
base-commit: 8bc67e4db64aa72732c474b44ea8622062c903f0
change-id: 20260525-hw_random_registration_rng_list-7651b27b76c8
Best regards,
--
Manos Pitsidianakis <manos@pitsidianak.is>
^ permalink raw reply related
* Re: [PATCH v4 1/3] crypto: ti - Add support for SHA224/256/384/512 in DTHEv2 driver
From: Herbert Xu @ 2026-06-05 10:59 UTC (permalink / raw)
To: T Pratham
Cc: David S. Miller, Manorit Chawdhry, Kamlesh Gurudasani,
Shiva Tripathi, Kavitha Malarvizhi, Vishal Mahaveer,
Praneeth Bajjuri, linux-kernel, linux-crypto
In-Reply-To: <e0aec964-3303-4ca2-8d96-6a5d8f5ec9e5@ti.com>
On Fri, Jun 05, 2026 at 04:11:49PM +0530, T Pratham wrote:
>
> .cra_flags sets CRYPTO_AHASH_ALG_BLOCK_ONLY and
> CRYPTO_AHASH_ALG_FINAL_NONZERO flags. An update of 64 bytes will do an
> update of block size and carry over at least one byte to final. We
> always go into this if block when there is non-zero data coming into update.
For AHASH_BLOCK_ONLY algorithms, the export format must be identical
between different implementations.
Therefore FINAL_NONZERO cannot be used for only one implementation
since the user can import the partial state from a different
implementation which does not have FINAL_NONZERO set.
For sha you cannot use FINAL_NONZERO since the generic implementation
doesn't use it.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH v4 1/3] crypto: ti - Add support for SHA224/256/384/512 in DTHEv2 driver
From: T Pratham @ 2026-06-05 10:41 UTC (permalink / raw)
To: Herbert Xu
Cc: David S. Miller, Manorit Chawdhry, Kamlesh Gurudasani,
Shiva Tripathi, Kavitha Malarvizhi, Vishal Mahaveer,
Praneeth Bajjuri, linux-kernel, linux-crypto
In-Reply-To: <aiKgs8ipDLPlz6c4@gondor.apana.org.au>
On 6/5/26 15:40, Herbert Xu wrote:
> On Tue, May 26, 2026 at 03:13:51PM +0530, T Pratham wrote:
>>
>> +static int dthe_hash_final(struct ahash_request *req)
>> +{
>> + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
>> + struct dthe_tfm_ctx *ctx = crypto_ahash_ctx(tfm);
>> + struct dthe_hash_req_ctx *rctx = ahash_request_ctx(req);
>> + struct dthe_data *dev_data = dthe_get_dev(ctx);
>> + struct crypto_engine *engine = dev_data->hash_engine;
>> +
>> + /**
>> + * We are always buffering data in update, except when nbytes = 0.
>> + * So, either we get the buffered data here (nbytes > 0) or
>> + * it is the case that we got zero message to begin with
>> + */
>> + if (req->nbytes > 0) {
>> + rctx->flags = DTHE_HASH_OP_FINUP;
>> +
>> + return crypto_transfer_hash_request_to_engine(engine, req);
>> + }
>> +
>> + dthe_hash_write_zero_message(ctx->hash_mode, req->result);
>
> This doesn't look right. If I do an update of 64 bytes, and then
> call final with req->nbytes == 0, this will give me a zero-length
> hash.
>
> Cheers,
.cra_flags sets CRYPTO_AHASH_ALG_BLOCK_ONLY and
CRYPTO_AHASH_ALG_FINAL_NONZERO flags. An update of 64 bytes will do an
update of block size and carry over at least one byte to final. We
always go into this if block when there is non-zero data coming into update.
--
Regards
T Pratham <t-pratham@ti.com>
^ permalink raw reply
* Re: [PATCH] crypto: chelsio: fix inflight counter leak in chcr_aes_encrypt()
From: Herbert Xu @ 2026-06-05 10:33 UTC (permalink / raw)
To: Wentao Liang
Cc: Ayush Sawal, David S . Miller, linux-crypto, linux-kernel, stable
In-Reply-To: <20260526155736.2297383-1-vulab@iscas.ac.cn>
On Tue, May 26, 2026 at 03:57:36PM +0000, Wentao Liang wrote:
> chcr_aes_encrypt() increments dev->inflight via atomic_inc() before
> submitting the cipher operation. If chcr_start_cipher() subsequently
> fails, the function returns an error without decrementing dev->inflight,
> causing the counter to drift and potentially stalling future operations
> that rely on the counter reaching zero.
>
> Add atomic_dec(&dev->inflight) on the chcr_start_cipher() failure path
> to restore the counter.
>
> Fixes: b8fd1f4170e7 ("crypto: chcr - Add ctr mode and process large sg entries for cipher")
I think it should be
fef4912b66d6 ("crypto: chelsio - Handle PCI shutdown event")
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [PATCH] crypto: chelsio: fix inflight counter leak in chcr_aead_op()
From: Herbert Xu @ 2026-06-05 10:32 UTC (permalink / raw)
To: Wentao Liang
Cc: Ayush Sawal, David S . Miller, linux-crypto, linux-kernel, stable
In-Reply-To: <20260526160655.2298525-1-vulab@iscas.ac.cn>
On Tue, May 26, 2026 at 04:06:55PM +0000, Wentao Liang wrote:
> chcr_aead_op() increments cdev->inflight via atomic_inc() before
> submitting the AEAD operation. If the operation fails after the
> increment (e.g., chcr_start_aead() returns an error), the function
> returns without decrementing cdev->inflight. This leaks a reference
> on the inflight counter, preventing proper teardown sequencing.
>
> Add atomic_dec(&cdev->inflight) on the error path to balance the
> counter.
>
> Fixes: d91a3159e8d9 ("Crypto/chcr: fix gcm-aes and rfc4106-gcm failed tests")
> Cc: stable@vger.kernel.org
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
> ---
> drivers/crypto/chelsio/chcr_algo.c | 1 +
> 1 file changed, 1 insertion(+)
Please merge these patches into one. There is no need to send
one patch per function.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox