user/sven/linux.git/drivers/crypto, branch v6.17.3

crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs

2025-10-15T10:04:04Z

[ Upstream commit f0cafb02de883b3b413d34eb079c9680782a9cc1 ] When the initialization of qm->debug.acc_diff_reg fails, the probe process does not exit. However, after qm->debug.qm_diff_regs is freed, it is not set to NULL. This can lead to a double free when the remove process attempts to free it again. Therefore, qm->debug.qm_diff_regs should be set to NULL after it is freed. Fixes: 8be091338971 ("crypto: hisilicon/debugfs - Fix debugfs uninit process issue") Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: comp - Use same definition of context alloc and free ops

2025-10-15T10:04:04Z

[ Upstream commit f75f66683ded09f7135aef2e763c245a07c8271a ] In commit 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp"), the crypto_acomp_streams struct was made to rely on having the alloc_ctx and free_ctx operations defined in the same order as the scomp_alg struct. But in that same commit, the alloc_ctx and free_ctx members of scomp_alg may be randomized by structure layout randomization, since they are contained in a pure ops structure (containing only function pointers). If the pointers within scomp_alg are randomized, but those in crypto_acomp_streams are not, then the order may no longer match. This fixes the problem by removing the union from scomp_alg so that both crypto_acomp_streams and scomp_alg will share the same definition of alloc_ctx and free_ctx, ensuring they will always have the same layout. Signed-off-by: Dan Moulding Suggested-by: Herbert Xu Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp") Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: hisilicon/qm - request reserved interrupt for virtual function

2025-10-15T10:03:50Z

[ Upstream commit 9228facb308157ac0bdd264b873187896f7a9c7a ] The device interrupt vector 3 is an error interrupt for physical function and a reserved interrupt for virtual function. However, the driver has not registered the reserved interrupt for virtual function. When allocating interrupts, the number of interrupts is allocated based on powers of two, which includes this interrupt. When the system enables GICv4 and the virtual function passthrough to the virtual machine, releasing the interrupt in the driver triggers a warning. The WARNING report is: WARNING: CPU: 62 PID: 14889 at arch/arm64/kvm/vgic/vgic-its.c:852 its_free_ite+0x94/0xb4 Therefore, register a reserved interrupt for VF and set the IRQF_NO_AUTOEN flag to avoid that warning. Fixes: 3536cc55cada ("crypto: hisilicon/qm - support get device irq information from hardware registers") Signed-off-by: Weili Qian Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: hisilicon/qm - check whether the input function and PF are on the same device

2025-10-15T10:03:50Z

[ Upstream commit 6a2c9164b52e6bc134127fd543461fdef95cc8ec ] Function rate limiting is set through physical function driver. Users configure by providing function information and rate limit values. Before configuration, it is necessary to check whether the provided function and PF belong to the same device. Fixes: 22d7a6c39cab ("crypto: hisilicon/qm - add pci bdf number check") Signed-off-by: Zhushuai Yin Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: hisilicon - check the sva module status while enabling or disabling address prefetch

2025-10-15T10:03:49Z

[ Upstream commit 1f9128f121a872f27251be60ccccfd98c136d72e ] After enabling address prefetch, check the sva module status. If all previous prefetch requests from the sva module are not completed, then disable the address prefetch to ensure normal execution of new task operations. After disabling address prefetch, check if all requests from the sva module have been completed. Fixes: a5c164b195a8 ("crypto: hisilicon/qm - support address prefetching") Signed-off-by: Weili Qian Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: hisilicon - re-enable address prefetch after device resuming

2025-10-15T10:03:49Z

[ Upstream commit 0dcd21443d9308ed88909d35aa0490c3fc680a47 ] When the device resumes from a suspended state, it will revert to its initial state and requires re-enabling. Currently, the address prefetch function is not re-enabled after device resuming. Move the address prefetch enable to the initialization process. In this way, the address prefetch can be enabled when the device resumes by calling the initialization process. Fixes: 607c191b371d ("crypto: hisilicon - support runtime PM for accelerator device") Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations

2025-10-15T10:03:49Z

[ Upstream commit d4e081510471e79171c4e0a11f6cb608e49bc082 ] When configuring the high-performance mode register, there is no need to verify whether the register has been successfully enabled, as there is no possibility of a write failure for this register. Fixes: a9864bae1806 ("crypto: hisilicon/zip - add zip comp high perf mode configuration") Signed-off-by: Chenghai Huang Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: octeontx2 - Call strscpy() with correct size argument

2025-10-15T10:03:45Z

[ Upstream commit 361fa7f813e7056cecdb24f3582ab0ad4a088e4e ] In otx2_cpt_dl_custom_egrp_create(), strscpy() is called with the length of the source string rather than the size of the destination buffer. This is fine as long as the destination buffer is larger than the source string, but we should still use the destination buffer size instead to call strscpy() as intended. And since 'tmp_buf' is a fixed-size buffer, we can safely omit the size argument and let strscpy() infer it using sizeof(). Fixes: d9d7749773e8 ("crypto: octeontx2 - add apis for custom engine groups") Signed-off-by: Thorsten Blum Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: keembay - Add missing check after sg_nents_for_len()

2025-10-15T10:03:43Z

[ Upstream commit 4e53be21dd0315c00eaf40cc8f8c0facd4d9a6b2 ] sg_nents_for_len() returns an int which is negative in case of error. Fixes: 472b04444cd3 ("crypto: keembay - Add Keem Bay OCS HCU driver") Signed-off-by: Thomas Fourier Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin

crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked()

2025-09-13T04:07:44Z

When 9770b428b1a2 ("crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown") moved the error messages dumping so that they don't need to be issued by the callers, it missed the case where __sev_firmware_shutdown() calls __sev_platform_shutdown_locked() with a NULL argument which leads to a NULL ptr deref on the shutdown path, during suspend to disk: #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 983 Comm: hib.sh Not tainted 6.17.0-rc4+ #1 PREEMPT(voluntary) Hardware name: Supermicro Super Server/H12SSL-i, BIOS 2.5 09/08/2022 RIP: 0010:__sev_platform_shutdown_locked.cold+0x0/0x21 [ccp] That rIP is: 00000000000006fd <__sev_platform_shutdown_locked.cold>: 6fd: 8b 13 mov (%rbx),%edx 6ff: 48 8b 7d 00 mov 0x0(%rbp),%rdi 703: 89 c1 mov %eax,%ecx Code: 74 05 31 ff 41 89 3f 49 8b 3e 89 ea 48 c7 c6 a0 8e 54 a0 41 bf 92 ff ff ff e8 e5 2e 09 e1 c6 05 2a d4 38 00 01 e9 26 af ff ff <8b> 13 48 8b 7d 00 89 c1 48 c7 c6 18 90 54 a0 89 44 24 04 e8 c1 2e RSP: 0018:ffffc90005467d00 EFLAGS: 00010282 RAX: 00000000ffffff92 RBX: 0000000000000000 RCX: 0000000000000000 ^^^^^^^^^^^^^^^^ and %rbx is nice and clean. Call Trace: __sev_firmware_shutdown.isra.0 sev_dev_destroy psp_dev_destroy sp_destroy pci_device_shutdown device_shutdown kernel_power_off hibernate.cold state_store kernfs_fop_write_iter vfs_write ksys_write do_syscall_64 entry_SYSCALL_64_after_hwframe Pass in a pointer to the function-local error var in the caller. With that addressed, suspending the ccp shows the error properly at least: ccp 0000:47:00.1: sev command 0x2 timed out, disabling PSP ccp 0000:47:00.1: SEV: failed to SHUTDOWN error 0x0, rc -110 SEV-SNP: Leaking PFN range 0x146800-0x146a00 SEV-SNP: PFN 0x146800 unassigned, dumping non-zero entries in 2M PFN region: [0x146800 - 0x146a00] ... ccp 0000:47:00.1: SEV-SNP firmware shutdown failed, rc -16, error 0x0 ACPI: PM: Preparing to enter system sleep state S5 kvm: exiting hardware virtualization reboot: Power down Btw, this driver is crying to be cleaned up to pass in a proper I/O struct which can be used to store information between the different functions, otherwise stuff like that will happen in the future again. Fixes: 9770b428b1a2 ("crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown") Signed-off-by: Borislav Petkov (AMD) Cc: Reviewed-by: Ashish Kalra Acked-by: Tom Lendacky Signed-off-by: Herbert Xu