Development tree for the kernel CSPRNG https://git.zx2c4.com/linux-rng/atom/drivers/crypto?h=master 2025-12-01T21:45:41Z 2025-12-01T21:45:41Z Linus Torvalds torvalds@linux-foundation.org 2025-12-01T21:45:41Z urn:sha1:1d18101a644e6ece450d5b0a93f21a71a21b6222 Pull cred guard updates from Christian Brauner: "This contains substantial credential infrastructure improvements adding guard-based credential management that simplifies code and eliminates manual reference counting in many subsystems. Features: - Kernel Credential Guards Add with_kernel_creds() and scoped_with_kernel_creds() guards that allow using the kernel credentials without allocating and copying them. This was requested by Linus after seeing repeated prepare_kernel_creds() calls that duplicate the kernel credentials only to drop them again later. The new guards completely avoid the allocation and never expose the temporary variable to hold the kernel credentials anywhere in callers. - Generic Credential Guards Add scoped_with_creds() guards for the common override_creds() and revert_creds() pattern. This builds on earlier work that made override_creds()/revert_creds() completely reference count free. - Prepare Credential Guards Add prepare credential guards for the more complex pattern of preparing a new set of credentials and overriding the current credentials with them: - prepare_creds() - modify new creds - override_creds() - revert_creds() - put_cred() Cleanups: - Make init_cred static since it should not be directly accessed - Add kernel_cred() helper to properly access the kernel credentials - Fix scoped_class() macro that was introduced two cycles ago - coredump: split out do_coredump() from vfs_coredump() for cleaner credential handling - coredump: move revert_cred() before coredump_cleanup() - coredump: mark struct mm_struct as const - coredump: pass struct linux_binfmt as const - sev-dev: use guard for path" * tag 'kernel-6.19-rc1.cred' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (36 commits) trace: use override credential guard trace: use prepare credential guard coredump: use override credential guard coredump: use prepare credential guard coredump: split out do_coredump() from vfs_coredump() coredump: mark struct mm_struct as const coredump: pass struct linux_binfmt as const coredump: move revert_cred() before coredump_cleanup() sev-dev: use override credential guards sev-dev: use prepare credential guard sev-dev: use guard for path cred: add prepare credential guard net/dns_resolver: use credential guards in dns_query() cgroup: use credential guards in cgroup_attach_permissions() act: use credential guards in acct_write_process() smb: use credential guards in cifs_get_spnego_key() nfs: use credential guards in nfs_idmap_get_key() nfs: use credential guards in nfs_local_call_write() nfs: use credential guards in nfs_local_call_read() erofs: use credential guards ... 2025-11-06T06:29:49Z Miaoqian Lin linmq006@gmail.com 2025-10-27T15:09:34Z urn:sha1:59b0afd01b2ce353ab422ea9c8375b03db313a21 The qm_get_qos_value() function calls bus_find_device_by_name() which increases the device reference count, but fails to call put_device() to balance the reference count and lead to a device reference leak. Add put_device() calls in both the error path and success path to properly balance the reference count. Found via static analysis. Fixes: 22d7a6c39cab ("crypto: hisilicon/qm - add pci bdf number check") Cc: stable@vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Longfang Liu <liulongfang@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-11-05T22:11:42Z Christian Brauner brauner@kernel.org 2025-11-03T14:57:30Z urn:sha1:b7b4f7554bcc6b9ee0ec0404999bf080adad1f3c Use override credential guards for scoped credential override with automatic restoration on scope exit. Link: https://patch.msgid.link/20251103-work-creds-guards-prepare_creds-v1-4-b447b82f2c9b@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-04T11:37:01Z Christian Brauner brauner@kernel.org 2025-11-03T14:57:29Z urn:sha1:89c545e29ecd6252968611b3ee2599034b911dd8 Use the prepare credential guard for allocating a new set of credentials. Link: https://patch.msgid.link/20251103-work-creds-guards-prepare_creds-v1-3-b447b82f2c9b@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-11-04T11:37:00Z Christian Brauner brauner@kernel.org 2025-11-03T14:57:28Z urn:sha1:4c5941ca1104d58a94e59100ebde97a162e72de4 Just use a guard and also move the path_put() out of the credential change's scope. There's no need to do this with the overridden credentials. Link: https://patch.msgid.link/20251103-work-creds-guards-prepare_creds-v1-2-b447b82f2c9b@kernel.org Signed-off-by: Christian Brauner <brauner@kernel.org> 2025-10-23T04:53:23Z Haotian Zhang vulab@iscas.ac.cn 2025-10-20T10:11:09Z urn:sha1:3c9bf72cc1ced1297b235f9422d62b613a3fdae9 The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the manual clock cleanup in both aspeed_acry_probe()'s error path and aspeed_acry_remove(). Fixes: 2f1cf4e50c95 ("crypto: aspeed - Add ACRY RSA driver") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-08T16:38:31Z Linus Torvalds torvalds@linux-foundation.org 2025-10-08T16:38:31Z urn:sha1:7c8dcac8d72da94328f4de7bf98320b75710da1f Pull crypto fixes from Herbert Xu: - Fix zstd regression - Ensure ti driver algorithm are set as async - Revert patch disabling SHA1 in FIPS mode - Fix RNG set_ent null-pointer dereference * tag 'v6.18-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: rng - Ensure set_ent is always present Revert "crypto: testmgr - desupport SHA-1 for FIPS 140" crypto: ti - Add CRYPTO_ALG_ASYNC flag to DTHEv2 AES algos crypto: zstd - Fix compression bug caused by truncation 2025-10-04T21:59:29Z Linus Torvalds torvalds@linux-foundation.org 2025-10-04T21:59:29Z urn:sha1:908057d185a41560a55890afa69c9676fc63e55c Pull crypto updates from Herbert Xu: "Drivers: - Add ciphertext hiding support to ccp - Add hashjoin, gather and UDMA data move features to hisilicon - Add lz4 and lz77_only to hisilicon - Add xilinx hwrng driver - Add ti driver with ecb/cbc aes support - Add ring buffer idle and command queue telemetry for GEN6 in qat Others: - Use rcu_dereference_all to stop false alarms in rhashtable - Fix CPU number wraparound in padata" * tag 'v6.18-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (78 commits) dt-bindings: rng: hisi-rng: convert to DT schema crypto: doc - Add explicit title heading to API docs hwrng: ks-sa - fix division by zero in ks_sa_rng_init KEYS: X.509: Fix Basic Constraints CA flag parsing crypto: anubis - simplify return statement in anubis_mod_init crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs crypto: hisilicon/qm - clear all VF configurations in the hardware crypto: hisilicon - enable error reporting again crypto: hisilicon/qm - mask axi error before memory init crypto: hisilicon/qm - invalidate queues in use crypto: qat - Return pointer directly in adf_ctl_alloc_resources crypto: aspeed - Fix dma_unmap_sg() direction rhashtable: Use rcu_dereference_all and rcu_dereference_all_check crypto: comp - Use same definition of context alloc and free ops crypto: omap - convert from tasklet to BH workqueue crypto: qat - Replace kzalloc() + copy_from_user() with memdup_user() crypto: caam - double the entropy delay interval for retry padata: WQ_PERCPU added to alloc_workqueue users padata: replace use of system_unbound_wq with system_dfl_wq crypto: cryptd - WQ_PERCPU added to alloc_workqueue users ... 2025-10-04T01:00:11Z Linus Torvalds torvalds@linux-foundation.org 2025-10-04T01:00:11Z urn:sha1:bed0653fe2aacb0ca8196075cffc9e7062e74927 Pull iommu updates from Joerg Roedel: - Inte VT-d: - IOMMU driver updated to the latest VT-d specification - Don't enable PRS if PDS isn't supported - Replace snprintf with scnprintf - Fix legacy mode page table dump through debugfs - Miscellaneous cleanups - AMD-Vi: - Support kdump boot when SNP is enabled - Apple-DART: - 4-level page-table support - RISC-V IOMMU: - ACPI support - Small number of miscellaneous cleanups and fixes * tag 'iommu-updates-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux: (22 commits) iommu/vt-d: Disallow dirty tracking if incoherent page walk iommu/vt-d: debugfs: Avoid dumping context command register iommu/vt-d: Removal of Advanced Fault Logging iommu/vt-d: PRS isn't usable if PDS isn't supported iommu/vt-d: Remove LPIG from page group response descriptor iommu/vt-d: Drop unused cap_super_offset() iommu/vt-d: debugfs: Fix legacy mode page table dump logic iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() iommu/io-pgtable-dart: Fix off by one error in table index check iommu/riscv: Add ACPI support ACPI: scan: Add support for RISC-V in acpi_iommu_configure_id() ACPI: RISC-V: Add support for RIMT iommu/omap: Use int type to store negative error codes iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs iommu/amd: Skip enabling command/event buffers for kdump crypto: ccp: Skip SEV and SNP INIT for kdump boot iommu/amd: Reuse device table for kdump iommu/amd: Add support to remap/unmap IOMMU buffers for kdump iommu/apple-dart: Add 4-level page table support iommu/io-pgtable-dart: Add 4-level page table support ... 2025-10-02T09:48:50Z T Pratham t-pratham@ti.com 2025-09-30T10:10:26Z urn:sha1:ef2b6e0317d82731b4d083e53839d966059c5ddd Add CRYPTO_ALG_ASYNC flag to DTHEv2 AES-ECB and AES-CBC algorithms so as to properly indicate driver capabilities. Suggested-by: Herbert Xu <herbert@gondor.apana.org.au> Fixes: 52f641bc63a4 ("crypto: ti - Add driver for DTHE V2 AES Engine (ECB, CBC)") Signed-off-by: T Pratham <t-pratham@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>