Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=master 2026-02-22T01:09:51Z 2026-02-22T01:09:51Z Linus Torvalds torvalds@linux-foundation.org 2026-02-22T00:37:42Z urn:sha1:bf4afc53b77aeaa48b5409da5c8da6bb4eff7f43 This was done entirely with mindless brute force, using git grep -l '\<k[vmz]*alloc_objs*(.*, GFP_KERNEL)' | xargs sed -i 's/\(alloc_objs*(.*\), GFP_KERNEL)/\1)/' to convert the new alloc_obj() users that had a simple GFP_KERNEL argument to just drop that argument. Note that due to the extreme simplicity of the scripting, any slightly more complex cases spread over multiple lines would not be triggered: they definitely exist, but this covers the vast bulk of the cases, and the resulting diff is also then easier to check automatically. For the same reason the 'flex' versions will be done as a separate conversion. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2026-02-21T09:02:28Z Kees Cook kees@kernel.org 2026-02-21T07:49:23Z urn:sha1:69050f8d6d075dc01af7a5f2f550a8067510366f This is the result of running the Coccinelle script from scripts/coccinelle/api/kmalloc_objs.cocci. The script is designed to avoid scalar types (which need careful case-by-case checking), and instead replace kmalloc-family calls that allocate struct or union object instances: Single allocations: kmalloc(sizeof(TYPE), ...) are replaced with: kmalloc_obj(TYPE, ...) Array allocations: kmalloc_array(COUNT, sizeof(TYPE), ...) are replaced with: kmalloc_objs(TYPE, COUNT, ...) Flex array allocations: kmalloc(struct_size(PTR, FAM, COUNT), ...) are replaced with: kmalloc_flex(*PTR, FAM, COUNT, ...) (where TYPE may also be *VAR) The resulting allocations no longer return "void *", instead returning "TYPE *". Signed-off-by: Kees Cook <kees@kernel.org> 2026-01-31T02:52:31Z Jianpeng Chang jianpeng.chang.cn@windriver.com 2026-01-20T01:55:24Z urn:sha1:7d43252b3060b0ba4a192dce5dba85a3f39ffe39 When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") converted embedded net_device to dynamically allocated pointers, it added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in dpaa2_dpseci_free() for error paths. This causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe due to DPIO devices not being ready yet. The kernel's deferred probe mechanism handles the retry successfully, but the netdevs allocated during the failed probe attempt are never freed, resulting in kmemleak reports showing multiple leaked netdev-related allocations all traced back to dpaa2_caam_probe(). Fix this by preserving the CPU mask of allocated netdevs during setup and using it for cleanup in dpaa2_dpseci_free(). This approach ensures that only the CPUs that actually had netdevs allocated will be cleaned up, avoiding potential issues with CPU hotplug scenarios. Fixes: 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") Signed-off-by: Jianpeng Chang <jianpeng.chang.cn@windriver.com> Reviewed-by: Breno Leitao <leitao@debian.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-20T04:10:28Z Meenakshi Aggarwal meenakshi.aggarwal@nxp.com 2025-10-06T07:17:53Z urn:sha1:66b9a095f7f9e1031e5333661be513e89e40ee08 PAES algorithm uses protected key for encryption/decryption operations. Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-20T04:10:28Z Meenakshi Aggarwal meenakshi.aggarwal@nxp.com 2025-10-06T07:17:52Z urn:sha1:a703a4c2a3280835003d4d0eb8845bac0f1a6ef1 - CAAM supports two types of protected keys: -- Plain key encrypted with ECB -- Plain key encrypted with CCM Due to robustness, default encryption used for protected key is CCM. - Generate protected key blob and add it to trusted key payload. This is done as part of sealing operation, which is triggered when below two operations are requested: -- new key generation -- load key, Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com> Signed-off-by: Meenakshi Aggarwal <meenakshi.aggarwal@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-10-17T08:03:57Z Guangshuo Li lgs201920130244@gmail.com 2025-09-23T12:44:18Z urn:sha1:7cf6e0b69b0d90ab042163e5bbddda0dfcf8b6a7 As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing the buffer to rng->read(). On allocation failure, log the error and return since test_len() returns void. Fixes: 2be0d806e25e ("crypto: caam - add a test for the RNG") Cc: stable@vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-09-13T04:11:06Z Gaurav Jain gaurav.jain@nxp.com 2025-09-05T10:11:48Z urn:sha1:9048beca9c5614d486e2b492c0a7867164bf56a8 during entropy evaluation, if the generated samples fail any statistical test, then, all of the bits will be discarded, and a second set of samples will be generated and tested. the entropy delay interval should be doubled before performing the retry. also, ctrlpriv->rng4_sh_init and inst_handles both reads RNG DRNG status register, but only inst_handles is updated before every retry. so only check inst_handles and removing ctrlpriv->rng4_sh_init Signed-off-by: Gaurav Jain <gaurav.jain@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-09-06T07:57:23Z Zhang Enpei zhang.enpei@zte.com.cn 2025-08-27T07:52:36Z urn:sha1:ab315f7288b75c289cf4a81d18d6b21e13022364 Use devm_kmemdup_array() to avoid multiplication or possible overflows. Signed-off-by: Zhang Enpei <zhang.enpei@zte.com.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-07-18T10:52:00Z Ovidiu Panait ovidiu.panait.oss@gmail.com 2025-07-11T18:29:31Z urn:sha1:c470ffa6f48619e8ea2442206b31b7965f8826a5 Remove request batching support from crypto_engine, as there are no drivers using this feature and it doesn't really work that well. Instead of doing batching based on backlog, a more optimal approach would be for the user to handle the batching (similar to how IPsec can hook into GSO to get 64K of data each time or how block encryption can use unit sizes much greater than 4K). Suggested-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Ovidiu Panait <ovidiu.panait.oss@gmail.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-07-18T10:51:59Z Lukas Bulwahn lukas.bulwahn@redhat.com 2025-07-01T11:20:45Z urn:sha1:75e2d4b1eddcfafd3b3961490f7da0bae4ecb451 In the Makefile, the new build option CONFIG_CAAM_QI is defined conditioned on the existence of the CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI, which is properly defined in the Kconfig file. So, CONFIG_CAAM_QI is just a local alias for CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI. There is little benefit in the source code of having this slightly shorter alias for this configuration, but it complicates further maintenance, as searching for the impact of CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI requires to grep once, and then identify the option introduced and continue searching for that. Further, tools, such as cross referencers, and scripts to check Kconfig definitions and their use simply do not handle this situation. Given that this is the only incidence of such a config alias in the whole kernel tree, just prefer to avoid this pattern of aliasing here. Use CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_QI throughout the Freescale CAAM-Multicore platform driver backend source code. No functional change. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@redhat.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>