kernel/drivers/crypto, branch linux-6.9.y Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.9.y 2024-07-11T10:51:03Z crypto: hisilicon/sec2 - fix for register offset 2024-07-11T10:51:03Z Wenkai Lin linwenkai6@hisilicon.com 2024-04-23T01:19:22Z urn:sha1:7c2fe78573915c924b9dfee686c3ced760c12924 [ Upstream commit 6117af86365916e4202b5a709c155f7e6e5df810 ] The offset of SEC_CORE_ENABLE_BITMAP should be 0 instead of 32, it cause a kasan shift-out-bounds warning, fix it. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: hisilicon/debugfs - Fix debugfs uninit process issue 2024-07-11T10:50:56Z Chenghai Huang huangchenghai2@huawei.com 2024-04-07T07:59:53Z urn:sha1:e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3 [ Upstream commit 8be0913389718e8d27c4f1d4537b5e1b99ed7739 ] During the zip probe process, the debugfs failure does not stop the probe. When debugfs initialization fails, jumping to the error branch will also release regs, in addition to its own rollback operation. As a result, it may be released repeatedly during the regs uninit process. Therefore, the null check needs to be added to the regs uninit process. Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: hisilicon/qm - Add the err memory release process to qm uninit 2024-06-27T11:52:11Z Chenghai Huang huangchenghai2@huawei.com 2024-04-07T08:00:00Z urn:sha1:7e3e43ff533f7eb69faae6ec58d2b7543920954e [ Upstream commit c9ccfd5e0ff0dd929ce86d1b5f3c6a414110947a ] When the qm uninit command is executed, the err data needs to be released to prevent memory leakage. The error information release operation and uacce_remove are integrated in qm_remove_uacce. So add the qm_remove_uacce to qm uninit to avoid err memory leakage. Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: hisilicon/sec - Fix memory leak for sec resource release 2024-06-27T11:52:11Z Chenghai Huang huangchenghai2@huawei.com 2024-04-07T07:59:58Z urn:sha1:36810d2db3496bb8b4db7ccda666674a5efc7b47 [ Upstream commit bba4250757b4ae1680fea435a358d8093f254094 ] The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function. Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-06-16T11:51:04Z Herbert Xu herbert@gondor.apana.org.au 2024-05-08T08:39:51Z urn:sha1:d0fd124972724cce0d48b9865ce3e273ef69e246 commit d3b17c6d9dddc2db3670bc9be628b122416a3d26 upstream. Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely. Fixes: 7d42e097607c ("crypto: qat - resolve race condition during AER recovery") Cc: <stable@vger.kernel.org> #6.8+ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> crypto: starfive - Do not free stack buffer 2024-06-16T11:50:55Z Jia Jie Ho jiajie.ho@starfivetech.com 2024-04-29T06:06:39Z urn:sha1:5944de192663f272033501dcd322b008fca72006 commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c upstream. RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations. Cc: <stable@vger.kernel.org> #6.7+ Signed-off-by: Jia Jie Ho <jiajie.ho@starfivetech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> crypto: qat - specify firmware files for 402xx 2024-05-30T07:44:10Z Giovanni Cabiddu giovanni.cabiddu@intel.com 2024-04-22T14:13:17Z urn:sha1:1fe1a8d627fa98eb72a920e5f26f03a2feccdbf4 [ Upstream commit a3dc1f2b6b932a13f139d3be3c765155542c1070 ] The 4xxx driver can probe 4xxx and 402xx devices. However, the driver only specifies the firmware images required for 4xxx. This might result in external tools missing these binaries, if required, in the initramfs. Specify the firmware image used by 402xx with the MODULE_FIRMWARE() macros in the 4xxx driver. Fixes: a3e8c919b993 ("crypto: qat - add support for 402xx devices") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Damian Muszynski <damian.muszynski@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - validate slices count returned by FW 2024-05-30T07:44:08Z Lucas Segarra Fernandez lucas.segarra.fernandez@intel.com 2024-04-16T10:33:37Z urn:sha1:9b284b915e2a5e63ca133353f8c456eff4446f82 [ Upstream commit 483fd65ce29317044d1d00757e3fd23503b6b04c ] The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start writing TL data to a DMA buffer in memory and returns an array containing the number of accelerators of each type (slices) supported by this HW. The pointer to this array is stored in the adf_tl_hw_data data structure called slice_cnt. The array slice_cnt is then used in the function tl_print_dev_data() to report in debugfs only statistics about the supported accelerators. An incorrect value of the elements in slice_cnt might lead to an out of bounds memory read. At the moment, there isn't an implementation of FW that returns a wrong value, but for robustness validate the slice count array returned by FW. Fixes: 69e7649f7cc2 ("crypto: qat - add support for device telemetry") Signed-off-by: Lucas Segarra Fernandez <lucas.segarra.fernandez@intel.com> Reviewed-by: Damian Muszynski <damian.muszynski@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - improve error logging to be consistent across features 2024-05-30T07:44:07Z Adam Guerin adam.guerin@intel.com 2024-04-12T12:24:03Z urn:sha1:268e10ca748732fca24eff07061e8c3908df8617 [ Upstream commit d281a28bd2a94d72c440457e05a2f04a52f15947 ] Improve error logging in rate limiting feature. Staying consistent with the error logging found in the telemetry feature. Fixes: d9fb8408376e ("crypto: qat - add rate limiting feature to qat_4xxx") Signed-off-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: qat - improve error message in adf_get_arbiter_mapping() 2024-05-30T07:44:07Z Adam Guerin adam.guerin@intel.com 2024-04-12T12:24:02Z urn:sha1:7e07141d6453f6e2a1674c7c04a2d10314824090 [ Upstream commit 4a4fc6c0c7fe29f2538013a57ebd7813ec6c12a8 ] Improve error message to be more readable. Fixes: 5da6a2d5353e ("crypto: qat - generate dynamically arbiter mappings") Signed-off-by: Adam Guerin <adam.guerin@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>