Recreate RHEL 5.14.0-687.20.1 from CS9/upstream backports

SOURCES/1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch

@@ -0,0 +1,150 @@
+From 1c8bda3df028d5e54134077dcd09f46ca8cfceb5 Mon Sep 17 00:00:00 2001
+From: Jiayuan Chen <jiayuan.chen@shopee.com>
+Date: Thu, 5 Feb 2026 17:54:51 +0800
+Subject: [PATCH] net: atm: fix crash due to unvalidated vcc pointer in
+ sigd_send()
+
+[ Upstream commit ae88a5d2f29b69819dc7b04086734439d074a643 ]
+
+Reproducer available at [1].
+
+The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc
+pointer from msg->vcc and uses it directly without any validation. This
+pointer comes from userspace via sendmsg() and can be arbitrarily forged:
+
+    int fd = socket(AF_ATMSVC, SOCK_DGRAM, 0);
+    ioctl(fd, ATMSIGD_CTRL);  // become ATM signaling daemon
+    struct msghdr msg = { .msg_iov = &iov, ... };
+    *(unsigned long *)(buf + 4) = 0xdeadbeef;  // fake vcc pointer
+    sendmsg(fd, &msg, 0);  // kernel dereferences 0xdeadbeef
+
+In normal operation, the kernel sends the vcc pointer to the signaling
+daemon via sigd_enq() when processing operations like connect(), bind(),
+or listen(). The daemon is expected to return the same pointer when
+responding. However, a malicious daemon can send arbitrary pointer values.
+
+Fix this by introducing find_get_vcc() which validates the pointer by
+searching through vcc_hash (similar to how sigd_close() iterates over
+all VCCs), and acquires a reference via sock_hold() if found.
+
+Since struct atm_vcc embeds struct sock as its first member, they share
+the same lifetime. Therefore using sock_hold/sock_put is sufficient to
+keep the vcc alive while it is being used.
+
+Note that there may be a race with sigd_close() which could mark the vcc
+with various flags (e.g., ATM_VF_RELEASED) after find_get_vcc() returns.
+However, sock_hold() guarantees the memory remains valid, so this race
+only affects the logical state, not memory safety.
+
+[1]: https://gist.github.com/mrpre/1ba5949c45529c511152e2f4c755b0f3
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: syzbot+1f22cb1769f249df9fa0@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/all/69039850.a70a0220.5b2ed.005d.GAE@google.com/T/
+Signed-off-by: Jiayuan Chen <jiayuan.chen@shopee.com>
+Link: https://patch.msgid.link/20260205095501.131890-1-jiayuan.chen@linux.dev
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+
+diff --git a/net/atm/signaling.c b/net/atm/signaling.c
+index 5de06ab8ed75..5a5d8b1fa8be 100644
+--- a/net/atm/signaling.c
++++ b/net/atm/signaling.c
+@@ -22,6 +22,36 @@
+ 
+ struct atm_vcc *sigd = NULL;
+ 
++/*
++ * find_get_vcc - validate and get a reference to a vcc pointer
++ * @vcc: the vcc pointer to validate
++ *
++ * This function validates that @vcc points to a registered VCC in vcc_hash.
++ * If found, it increments the socket reference count and returns the vcc.
++ * The caller must call sock_put(sk_atm(vcc)) when done.
++ *
++ * Returns the vcc pointer if valid, NULL otherwise.
++ */
++static struct atm_vcc *find_get_vcc(struct atm_vcc *vcc)
++{
++	int i;
++
++	read_lock(&vcc_sklist_lock);
++	for (i = 0; i < VCC_HTABLE_SIZE; i++) {
++		struct sock *s;
++
++		sk_for_each(s, &vcc_hash[i]) {
++			if (atm_sk(s) == vcc) {
++				sock_hold(s);
++				read_unlock(&vcc_sklist_lock);
++				return vcc;
++			}
++		}
++	}
++	read_unlock(&vcc_sklist_lock);
++	return NULL;
++}
++
+ static void sigd_put_skb(struct sk_buff *skb)
+ {
+ 	if (!sigd) {
+@@ -69,7 +99,14 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb)
+ 
+ 	msg = (struct atmsvc_msg *) skb->data;
+ 	WARN_ON(refcount_sub_and_test(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc));
+-	vcc = *(struct atm_vcc **) &msg->vcc;
++
++	vcc = find_get_vcc(*(struct atm_vcc **)&msg->vcc);
++	if (!vcc) {
++		pr_debug("invalid vcc pointer in msg\n");
++		dev_kfree_skb(skb);
++		return -EINVAL;
++	}
++
+ 	pr_debug("%d (0x%lx)\n", (int)msg->type, (unsigned long)vcc);
+ 	sk = sk_atm(vcc);
+ 
+@@ -100,7 +137,16 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb)
+ 		clear_bit(ATM_VF_WAITING, &vcc->flags);
+ 		break;
+ 	case as_indicate:
+-		vcc = *(struct atm_vcc **)&msg->listen_vcc;
++		/* Release the reference from msg->vcc, we'll use msg->listen_vcc instead */
++		sock_put(sk);
++
++		vcc = find_get_vcc(*(struct atm_vcc **)&msg->listen_vcc);
++		if (!vcc) {
++			pr_debug("invalid listen_vcc pointer in msg\n");
++			dev_kfree_skb(skb);
++			return -EINVAL;
++		}
++
+ 		sk = sk_atm(vcc);
+ 		pr_debug("as_indicate!!!\n");
+ 		lock_sock(sk);
+@@ -115,6 +161,8 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb)
+ 		sk->sk_state_change(sk);
+ as_indicate_complete:
+ 		release_sock(sk);
++		/* Paired with find_get_vcc(msg->listen_vcc) above */
++		sock_put(sk);
+ 		return 0;
+ 	case as_close:
+ 		set_bit(ATM_VF_RELEASED, &vcc->flags);
+@@ -131,11 +179,15 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb)
+ 		break;
+ 	default:
+ 		pr_alert("bad message type %d\n", (int)msg->type);
++		/* Paired with find_get_vcc(msg->vcc) above */
++		sock_put(sk);
+ 		return -EINVAL;
+ 	}
+ 	sk->sk_state_change(sk);
+ out:
+ 	dev_kfree_skb(skb);
++	/* Paired with find_get_vcc(msg->vcc) above */
++	sock_put(sk);
+ 	return 0;
+ }
+ 
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch

@@ -0,0 +1,168 @@
+From b0a090e60d8e8e0fade225dfc62b43e2ac9912cc Mon Sep 17 00:00:00 2001
+From: Nilesh Javali <njavali@redhat.com>
+Date: Thu, 19 Mar 2026 14:52:28 +0530
+Subject: [PATCH] scsi: qla2xxx: Add support to report MPI FW state
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-157284
+
+Upstream Status: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git
+
+Note: Resolve conflict due to divergence in code base from upstream
+
+commit 0e124af675ebabddacfeb0958abd443265dddf13
+Author: Nilesh Javali <njavali@marvell.com>
+Date:   Thu Mar 5 15:03:37 2026 +0530
+
+    scsi: qla2xxx: Add support to report MPI FW state
+
+    MPI firmware state was returned as 0.  Get MPI FW state to proceed with
+    flash image validation.
+
+    A new sysfs node 'mpi_fw_state' is added to report MPI firmware state:
+
+        /sys/class/scsi_host/hostXX/mpi_fw_state
+
+    Fixes: d74181ca110e ("scsi: qla2xxx: Add bsg interface to support firmware img validation")
+    Signed-off-by: Nilesh Javali <njavali@marvell.com>
+    Link: https://patch.msgid.link/20260305093337.2007205-1-njavali@marvell.com
+    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+
+Signed-off-by: Nilesh Javali <njavali@redhat.com>
+
+diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
+index aa1525008500..9a506d6be335 100644
+--- a/drivers/scsi/qla2xxx/qla_attr.c
++++ b/drivers/scsi/qla2xxx/qla_attr.c
+@@ -1645,7 +1645,7 @@ qla2x00_fw_state_show(struct device *dev, struct device_attribute *attr,
+ {
+ 	scsi_qla_host_t *vha = shost_priv(class_to_shost(dev));
+ 	int rval = QLA_FUNCTION_FAILED;
+-	uint16_t state[6];
++	uint16_t state[16];
+ 	uint32_t pstate;
+ 
+ 	if (IS_QLAFX00(vha->hw)) {
+@@ -2409,6 +2409,63 @@ qla2x00_dport_diagnostics_show(struct device *dev,
+ 	    vha->dport_data[0], vha->dport_data[1],
+ 	    vha->dport_data[2], vha->dport_data[3]);
+ }
++
++static ssize_t
++qla2x00_mpi_fw_state_show(struct device *dev, struct device_attribute *attr,
++			  char *buf)
++{
++	scsi_qla_host_t *vha = shost_priv(class_to_shost(dev));
++	int rval = QLA_FUNCTION_FAILED;
++	u16 state[16];
++	u16 mpi_state;
++	struct qla_hw_data *ha = vha->hw;
++
++	if (!(IS_QLA27XX(ha) || IS_QLA28XX(ha)))
++		return scnprintf(buf, PAGE_SIZE,
++				"MPI state reporting is not supported for this HBA.\n");
++
++	memset(state, 0, sizeof(state));
++
++	mutex_lock(&vha->hw->optrom_mutex);
++	if (qla2x00_chip_is_down(vha)) {
++		mutex_unlock(&vha->hw->optrom_mutex);
++		ql_dbg(ql_dbg_user, vha, 0x70df,
++		       "ISP reset is in progress, failing mpi_fw_state.\n");
++		return -EBUSY;
++	} else if (vha->hw->flags.eeh_busy) {
++		mutex_unlock(&vha->hw->optrom_mutex);
++		ql_dbg(ql_dbg_user, vha, 0x70ea,
++		       "HBA in PCI error state, failing mpi_fw_state.\n");
++		return -EBUSY;
++	}
++
++	rval = qla2x00_get_firmware_state(vha, state);
++	mutex_unlock(&vha->hw->optrom_mutex);
++	if (rval != QLA_SUCCESS) {
++		ql_dbg(ql_dbg_user, vha, 0x70eb,
++		       "MB Command to retrieve MPI state failed (%d), failing mpi_fw_state.\n",
++				rval);
++		return -EIO;
++	}
++
++	mpi_state = state[11];
++
++	if (!(mpi_state & BIT_15))
++		return scnprintf(buf, PAGE_SIZE,
++				 "MPI firmware state reporting is not supported by this firmware. (0x%02x)\n",
++				mpi_state);
++
++	if (!(mpi_state & BIT_8))
++		return scnprintf(buf, PAGE_SIZE,
++				 "MPI firmware is disabled. (0x%02x)\n",
++				mpi_state);
++
++	return scnprintf(buf, PAGE_SIZE,
++			 "MPI firmware is enabled, state is %s. (0x%02x)\n",
++			 mpi_state & BIT_9 ? "active" : "inactive",
++			 mpi_state);
++}
++
+ static DEVICE_ATTR(dport_diagnostics, 0444,
+ 	   qla2x00_dport_diagnostics_show, NULL);
+ 
+@@ -2476,6 +2533,8 @@ static DEVICE_ATTR(port_speed, 0644, qla2x00_port_speed_show,
+     qla2x00_port_speed_store);
+ static DEVICE_ATTR(port_no, 0444, qla2x00_port_no_show, NULL);
+ static DEVICE_ATTR(fw_attr, 0444, qla2x00_fw_attr_show, NULL);
++static DEVICE_ATTR(mpi_fw_state, 0444, qla2x00_mpi_fw_state_show, NULL);
++
+ 
+ 
+ struct device_attribute *qla2x00_host_attrs[] = {
+@@ -2525,6 +2584,7 @@ struct device_attribute *qla2x00_host_attrs[] = {
+ 	NULL, /* reserve for qlini_mode */
+ 	NULL, /* reserve for ql2xiniexchg */
+ 	NULL, /* reserve for ql2xexchoffld */
++	&dev_attr_mpi_fw_state,
+ 	NULL,
+ };
+ 
+diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
+index 081f5d5c63af..5fa28b10bbb7 100644
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -4916,7 +4916,7 @@ qla2x00_fw_ready(scsi_qla_host_t *vha)
+ 	unsigned long	wtime, mtime, cs84xx_time;
+ 	uint16_t	min_wait;	/* Minimum wait time if loop is down */
+ 	uint16_t	wait_time;	/* Wait time if loop is coming ready */
+-	uint16_t	state[6];
++	uint16_t	state[16];
+ 	struct qla_hw_data *ha = vha->hw;
+ 
+ 	if (IS_QLAFX00(vha->hw))
+diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
+index d0f09f0a2459..e3ee26058901 100644
+--- a/drivers/scsi/qla2xxx/qla_mbx.c
++++ b/drivers/scsi/qla2xxx/qla_mbx.c
+@@ -2266,6 +2266,13 @@ qla2x00_get_firmware_state(scsi_qla_host_t *vha, uint16_t *states)
+ 		mcp->in_mb = MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|MBX_0;
+ 	else
+ 		mcp->in_mb = MBX_1|MBX_0;
++
++	if (IS_QLA27XX(ha) || IS_QLA28XX(ha)) {
++		mcp->mb[12] = 0;
++		mcp->out_mb |= MBX_12;
++		mcp->in_mb |= MBX_12;
++	}
++
+ 	mcp->tov = MBX_TOV_SECONDS;
+ 	mcp->flags = 0;
+ 	rval = qla2x00_mailbox_command(vha, mcp);
+@@ -2278,6 +2285,8 @@ qla2x00_get_firmware_state(scsi_qla_host_t *vha, uint16_t *states)
+ 		states[3] = mcp->mb[4];
+ 		states[4] = mcp->mb[5];
+ 		states[5] = mcp->mb[6];  /* DPORT status */
++		if (IS_QLA27XX(ha) || IS_QLA28XX(ha))
++			states[11] = mcp->mb[12]; /* MPI state. */
+ 	}
+ 
+ 	if (rval != QLA_SUCCESS) {
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch

@@ -0,0 +1,131 @@
+From 84ffde44e62f1991a6908f9bb5aba06aad2d7dda Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - use API helpers to setup fallback request
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into the upstream linux.git
+
+commit c1024581ff2c34db4fdfe857b29f606e5117eb12
+Author: Ovidiu Panait <ovidiu.panait.oss@gmail.com>
+Date:   Mon Apr 7 15:36:04 2025 +0300
+
+    crypto: tegra - use API helpers to setup fallback request
+
+    Rather than setting up the fallback request by hand, use
+    ahash_request_set_callback() and ahash_request_set_crypt() API helpers
+    to properly setup the new request.
+
+    Signed-off-by: Ovidiu Panait <ovidiu.panait.oss@gmail.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c
+index 90bf34eb3578..e3fe5911a324 100644
+--- a/drivers/crypto/tegra/tegra-se-hash.c
++++ b/drivers/crypto/tegra/tegra-se-hash.c
+@@ -118,8 +118,9 @@ static int tegra_sha_fallback_init(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
+ 
+ 	return crypto_ahash_init(&rctx->fallback_req);
+ }
+@@ -131,10 +132,10 @@ static int tegra_sha_fallback_update(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
+-	rctx->fallback_req.nbytes = req->nbytes;
+-	rctx->fallback_req.src = req->src;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
++	ahash_request_set_crypt(&rctx->fallback_req, req->src, NULL, req->nbytes);
+ 
+ 	return crypto_ahash_update(&rctx->fallback_req);
+ }
+@@ -146,9 +147,10 @@ static int tegra_sha_fallback_final(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
+-	rctx->fallback_req.result = req->result;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
++	ahash_request_set_crypt(&rctx->fallback_req, NULL, req->result, 0);
+ 
+ 	return crypto_ahash_final(&rctx->fallback_req);
+ }
+@@ -160,12 +162,11 @@ static int tegra_sha_fallback_finup(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
+-
+-	rctx->fallback_req.nbytes = req->nbytes;
+-	rctx->fallback_req.src = req->src;
+-	rctx->fallback_req.result = req->result;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
++	ahash_request_set_crypt(&rctx->fallback_req, req->src, req->result,
++				req->nbytes);
+ 
+ 	return crypto_ahash_finup(&rctx->fallback_req);
+ }
+@@ -177,12 +178,11 @@ static int tegra_sha_fallback_digest(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
+-
+-	rctx->fallback_req.nbytes = req->nbytes;
+-	rctx->fallback_req.src = req->src;
+-	rctx->fallback_req.result = req->result;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
++	ahash_request_set_crypt(&rctx->fallback_req, req->src, req->result,
++				req->nbytes);
+ 
+ 	return crypto_ahash_digest(&rctx->fallback_req);
+ }
+@@ -194,8 +194,9 @@ static int tegra_sha_fallback_import(struct ahash_request *req, const void *in)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
+ 
+ 	return crypto_ahash_import(&rctx->fallback_req, in);
+ }
+@@ -207,8 +208,9 @@ static int tegra_sha_fallback_export(struct ahash_request *req, void *out)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm);
+ 
+ 	ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm);
+-	rctx->fallback_req.base.flags = req->base.flags &
+-					CRYPTO_TFM_REQ_MAY_SLEEP;
++	ahash_request_set_callback(&rctx->fallback_req,
++				   req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP,
++				   req->base.complete, req->base.data);
+ 
+ 	return crypto_ahash_export(&rctx->fallback_req, out);
+ }
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch

@@ -0,0 +1,46 @@
+From 4a06bd56527fed781c5cffff4d0f0203841fbc80 Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Remove the use of dev_err_probe()
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into the upstream linux.git
+
+commit 8595bcb09b05a6c712c35f03ef701e7785895b51
+Author: Liao Yuanhong <liaoyuanhong@vivo.com>
+Date:   Wed Aug 20 20:37:52 2025 +0800
+
+    crypto: tegra - Remove the use of dev_err_probe()
+
+    Logging messages that show some type of "out of memory" error are generally
+    unnecessary as there is a generic message and a stack dump done by the
+    memory subsystem. These messages generally increase kernel size without
+    much added value[1].
+
+    The dev_err_probe() doesn't do anything when error is '-ENOMEM'. Therefore,
+    remove the useless call to dev_err_probe(), and just return the value
+    instead.
+
+    [1]: https://lore.kernel.org/lkml/1402419340.30479.18.camel@joe-AO725/
+
+    Signed-off-by: Liao Yuanhong <liaoyuanhong@vivo.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-main.c b/drivers/crypto/tegra/tegra-se-main.c
+index 63afb0556acf..81facb649ec6 100644
+--- a/drivers/crypto/tegra/tegra-se-main.c
++++ b/drivers/crypto/tegra/tegra-se-main.c
+@@ -310,7 +310,7 @@ static int tegra_se_probe(struct platform_device *pdev)
+ 
+ 	se->engine = crypto_engine_alloc_init(dev, 0);
+ 	if (!se->engine)
+-		return dev_err_probe(dev, -ENOMEM, "failed to init crypto engine\n");
++		return -ENOMEM;
+ 
+ 	ret = crypto_engine_start(se->engine);
+ 	if (ret) {
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch

@@ -0,0 +1,43 @@
+From e27f636604e6817fe00db4b37af61ac76a14c1ee Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Use int type to store negative error codes
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into the upstream linux.git
+
+commit a710a71cd8ad294937e03b352cd71deb7ad08700
+Author: Qianfeng Rong <rongqianfeng@vivo.com>
+Date:   Wed Sep 3 21:25:37 2025 +0800
+
+    crypto: tegra - Use int type to store negative error codes
+
+    Change the 'ret' variable in tegra_sha_do_update() from unsigned int to
+    int, as it needs to store either negative error codes or zero returned
+    by tegra_se_host1x_submit().
+
+    No effect on runtime.
+
+    Signed-off-by: Qianfeng Rong <rongqianfeng@vivo.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c
+index e3fe5911a324..79f1e5c9b729 100644
+--- a/drivers/crypto/tegra/tegra-se-hash.c
++++ b/drivers/crypto/tegra/tegra-se-hash.c
+@@ -401,8 +401,9 @@ static int tegra_sha_do_update(struct ahash_request *req)
+ 	struct tegra_sha_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+ 	struct tegra_sha_reqctx *rctx = ahash_request_ctx(req);
+ 	struct tegra_se *se = ctx->se;
+-	unsigned int nblks, nresidue, size, ret;
++	unsigned int nblks, nresidue, size;
+ 	u32 *cpuvaddr = se->cmdbuf->addr;
++	int ret;
+ 
+ 	nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size;
+ 	nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size;
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1701-crypto-tegra-add-missing-crypto-alg-async.patch

@@ -0,0 +1,224 @@
+From 67d735aa5c6e4d048175700e89cb267d82db8d37 Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Add missing CRYPTO_ALG_ASYNC
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into the upstream linux.git
+CVE: CVE-2026-31739
+
+commit 4b56770d345524fc2acc143a2b85539cf7d74bc1
+Author: Eric Biggers <ebiggers@kernel.org>
+Date:   Mon Mar 16 13:21:19 2026 -0700
+
+    crypto: tegra - Add missing CRYPTO_ALG_ASYNC
+
+    The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its
+    asynchronous algorithms, causing the crypto API to select them for users
+    that request only synchronous algorithms.  This causes crashes (at
+    least).  Fix this by adding the flag like what the other drivers do.
+    Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just
+    get ignored and overridden by the registration function anyway.
+
+    Reported-by: Zorro Lang <zlang@redhat.com>
+    Closes: https://lore.kernel.org/r/20260314080937.pghb4aa7d4je3mhh@dell-per750-06-vm-08.rhts.eng.pek2.redhat.com
+    Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver")
+    Cc: stable@vger.kernel.org
+    Cc: Akhil R <akhilrajeev@nvidia.com>
+    Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c
+index 8b91f00b9c31..30c78afe3dea 100644
+--- a/drivers/crypto/tegra/tegra-se-aes.c
++++ b/drivers/crypto/tegra/tegra-se-aes.c
+@@ -532,7 +532,7 @@ static struct tegra_se_alg tegra_aes_algs[] = {
+ 				.cra_name = "cbc(aes)",
+ 				.cra_driver_name = "cbc-aes-tegra",
+ 				.cra_priority = 500,
+-				.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = AES_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_aes_ctx),
+ 				.cra_alignmask = 0xf,
+@@ -553,7 +553,7 @@ static struct tegra_se_alg tegra_aes_algs[] = {
+ 				.cra_name = "ecb(aes)",
+ 				.cra_driver_name = "ecb-aes-tegra",
+ 				.cra_priority = 500,
+-				.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = AES_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_aes_ctx),
+ 				.cra_alignmask = 0xf,
+@@ -575,7 +575,7 @@ static struct tegra_se_alg tegra_aes_algs[] = {
+ 				.cra_name = "ctr(aes)",
+ 				.cra_driver_name = "ctr-aes-tegra",
+ 				.cra_priority = 500,
+-				.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = 1,
+ 				.cra_ctxsize = sizeof(struct tegra_aes_ctx),
+ 				.cra_alignmask = 0xf,
+@@ -597,6 +597,7 @@ static struct tegra_se_alg tegra_aes_algs[] = {
+ 				.cra_name = "xts(aes)",
+ 				.cra_driver_name = "xts-aes-tegra",
+ 				.cra_priority = 500,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = AES_BLOCK_SIZE,
+ 				.cra_ctxsize	   = sizeof(struct tegra_aes_ctx),
+ 				.cra_alignmask	   = (__alignof__(u64) - 1),
+@@ -1931,6 +1932,7 @@ static struct tegra_se_alg tegra_aead_algs[] = {
+ 				.cra_name = "gcm(aes)",
+ 				.cra_driver_name = "gcm-aes-tegra",
+ 				.cra_priority = 500,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = 1,
+ 				.cra_ctxsize = sizeof(struct tegra_aead_ctx),
+ 				.cra_alignmask = 0xf,
+@@ -1953,6 +1955,7 @@ static struct tegra_se_alg tegra_aead_algs[] = {
+ 				.cra_name = "ccm(aes)",
+ 				.cra_driver_name = "ccm-aes-tegra",
+ 				.cra_priority = 500,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = 1,
+ 				.cra_ctxsize = sizeof(struct tegra_aead_ctx),
+ 				.cra_alignmask = 0xf,
+@@ -1980,7 +1983,7 @@ static struct tegra_se_alg tegra_cmac_algs[] = {
+ 				.cra_name = "cmac(aes)",
+ 				.cra_driver_name = "tegra-se-cmac",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = AES_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_cmac_ctx),
+ 				.cra_alignmask = 0,
+diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c
+index 79f1e5c9b729..23d549801612 100644
+--- a/drivers/crypto/tegra/tegra-se-hash.c
++++ b/drivers/crypto/tegra/tegra-se-hash.c
+@@ -764,7 +764,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha1",
+ 				.cra_driver_name = "tegra-se-sha1",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA1_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -789,7 +789,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha224",
+ 				.cra_driver_name = "tegra-se-sha224",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA224_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -814,7 +814,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha256",
+ 				.cra_driver_name = "tegra-se-sha256",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA256_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -839,7 +839,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha384",
+ 				.cra_driver_name = "tegra-se-sha384",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA384_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -864,7 +864,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha512",
+ 				.cra_driver_name = "tegra-se-sha512",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA512_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -889,7 +889,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha3-224",
+ 				.cra_driver_name = "tegra-se-sha3-224",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA3_224_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -914,7 +914,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha3-256",
+ 				.cra_driver_name = "tegra-se-sha3-256",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA3_256_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -939,7 +939,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha3-384",
+ 				.cra_driver_name = "tegra-se-sha3-384",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA3_384_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -964,7 +964,7 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "sha3-512",
+ 				.cra_driver_name = "tegra-se-sha3-512",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH,
++				.cra_flags = CRYPTO_ALG_ASYNC,
+ 				.cra_blocksize = SHA3_512_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -991,7 +991,8 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "hmac(sha224)",
+ 				.cra_driver_name = "tegra-se-hmac-sha224",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK,
++				.cra_flags = CRYPTO_ALG_ASYNC |
++					     CRYPTO_ALG_NEED_FALLBACK,
+ 				.cra_blocksize = SHA224_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -1018,7 +1019,8 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "hmac(sha256)",
+ 				.cra_driver_name = "tegra-se-hmac-sha256",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK,
++				.cra_flags = CRYPTO_ALG_ASYNC |
++					     CRYPTO_ALG_NEED_FALLBACK,
+ 				.cra_blocksize = SHA256_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -1045,7 +1047,8 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "hmac(sha384)",
+ 				.cra_driver_name = "tegra-se-hmac-sha384",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK,
++				.cra_flags = CRYPTO_ALG_ASYNC |
++					     CRYPTO_ALG_NEED_FALLBACK,
+ 				.cra_blocksize = SHA384_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+@@ -1072,7 +1075,8 @@ static struct tegra_se_alg tegra_hash_algs[] = {
+ 				.cra_name = "hmac(sha512)",
+ 				.cra_driver_name = "tegra-se-hmac-sha512",
+ 				.cra_priority = 300,
+-				.cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK,
++				.cra_flags = CRYPTO_ALG_ASYNC |
++					     CRYPTO_ALG_NEED_FALLBACK,
+ 				.cra_blocksize = SHA512_BLOCK_SIZE,
+ 				.cra_ctxsize = sizeof(struct tegra_sha_ctx),
+ 				.cra_alignmask = 0,
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch

@@ -0,0 +1,48 @@
+From 6c2f9f0720ab7b65156de8b88918766401d70614 Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Don't touch bo refcount in host1x bo
+ pin/unpin
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into the upstream linux.git
+
+commit f8c9c57d750346abd213ffed2ae3cacb0268e9f1
+Author: Mikko Perttunen <mperttunen@nvidia.com>
+Date:   Fri May 15 11:34:52 2026 +0900
+
+    crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin
+
+    Since commit "gpu: host1x: Allow entries in BO caches to be freed",
+    host1x_bo_pin() and host1x_bo_unpin() handle the bo's refcount
+    themselves. .pin/.unpin callbacks should not adjust it.
+
+    Signed-off-by: Mikko Perttunen <mperttunen@nvidia.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-main.c b/drivers/crypto/tegra/tegra-se-main.c
+index 81facb649ec6..35ec98e9569e 100644
+--- a/drivers/crypto/tegra/tegra-se-main.c
++++ b/drivers/crypto/tegra/tegra-se-main.c
+@@ -52,7 +52,7 @@ tegra_se_cmdbuf_pin(struct device *dev, struct host1x_bo *bo, enum dma_data_dire
+ 		return ERR_PTR(-ENOMEM);
+ 
+ 	kref_init(&map->ref);
+-	map->bo = host1x_bo_get(bo);
++	map->bo = bo;
+ 	map->direction = direction;
+ 	map->dev = dev;
+ 
+@@ -93,7 +93,6 @@ static void tegra_se_cmdbuf_unpin(struct host1x_bo_mapping *map)
+ 	dma_unmap_sgtable(map->dev, map->sgt, map->direction, 0);
+ 	sg_free_table(map->sgt);
+ 	kfree(map->sgt);
+-	host1x_bo_put(map->bo);
+ 
+ 	kfree(map);
+ }
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1703-crypto-tegra-fix-dma-free-coherent-size-error.patch

@@ -0,0 +1,127 @@
+From cfbcdc45a8a605bc55aa4dffaca84e8936ef81c1 Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Fix dma_free_coherent size error
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into herbert/crypto-2.6.git
+
+commit 03215b8457784540acc741e6331e355b62c6c8ab
+Author: Herbert Xu <herbert@gondor.apana.org.au>
+Date:   Tue May 19 12:22:18 2026 +0800
+
+    crypto: tegra - Fix dma_free_coherent size error
+
+    When freeing a coherent DMA buffer, the size must match the value
+    that was used during the allocation.
+
+    Unfortunately the size field in the tegra driver gets overwritten
+    by this point so it no longer matches and creates a warning.
+
+    Fix this by saving a copy of the size on the stack.
+
+    Note that the ccm function actually mixes up the inbuf and outbuf
+    sizes, but it doesn't matter because the two sizes are actually
+    equal.
+
+    Fixes: 1cb328da4e8f ("crypto: tegra - Do not use fixed size buffers")
+    Reporeted-by: Patrick Talbert <ptalbert@redhat.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+    Reviewed-by: Vladislav Dronov <vdronov@redhat.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c
+index 30c78afe3dea..5086e7f140c3 100644
+--- a/drivers/crypto/tegra/tegra-se-aes.c
++++ b/drivers/crypto/tegra/tegra-se-aes.c
+@@ -1201,6 +1201,7 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ 	struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ 	struct tegra_se *se = ctx->se;
++	unsigned int bufsize;
+ 	int ret;
+ 
+ 	ret = tegra_ccm_crypt_init(req, se, rctx);
+@@ -1210,14 +1211,15 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	rctx->key_id = ctx->key_id;
+ 
+ 	/* Allocate buffers required */
+-	rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100;
+-	rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size,
++	bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100;
++	rctx->inbuf.size = bufsize;
++	rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					     &rctx->inbuf.addr, GFP_KERNEL);
+ 	if (!rctx->inbuf.buf)
+ 		goto out_finalize;
+ 
+-	rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100;
+-	rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size,
++	rctx->outbuf.size = bufsize;
++	rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					      &rctx->outbuf.addr, GFP_KERNEL);
+ 	if (!rctx->outbuf.buf) {
+ 		ret = -ENOMEM;
+@@ -1254,11 +1256,11 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	}
+ 
+ out:
+-	dma_free_coherent(ctx->se->dev, rctx->inbuf.size,
++	dma_free_coherent(ctx->se->dev, bufsize,
+ 			  rctx->outbuf.buf, rctx->outbuf.addr);
+ 
+ out_free_inbuf:
+-	dma_free_coherent(ctx->se->dev, rctx->outbuf.size,
++	dma_free_coherent(ctx->se->dev, bufsize,
+ 			  rctx->inbuf.buf, rctx->inbuf.addr);
+ 
+ 	if (tegra_key_is_reserved(rctx->key_id))
+@@ -1278,6 +1280,7 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ 	struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ 	struct tegra_aead_reqctx *rctx = aead_request_ctx(req);
++	unsigned int bufsize;
+ 	int ret;
+ 
+ 	rctx->src_sg = req->src;
+@@ -1296,16 +1299,17 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	rctx->key_id = ctx->key_id;
+ 
+ 	/* Allocate buffers required */
+-	rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen;
+-	rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size,
++	bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen;
++	rctx->inbuf.size = bufsize;
++	rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					     &rctx->inbuf.addr, GFP_KERNEL);
+ 	if (!rctx->inbuf.buf) {
+ 		ret = -ENOMEM;
+ 		goto out_finalize;
+ 	}
+ 
+-	rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen;
+-	rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size,
++	rctx->outbuf.size = bufsize;
++	rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					      &rctx->outbuf.addr, GFP_KERNEL);
+ 	if (!rctx->outbuf.buf) {
+ 		ret = -ENOMEM;
+@@ -1342,11 +1346,11 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq)
+ 		ret = tegra_gcm_do_verify(ctx->se, rctx);
+ 
+ out:
+-	dma_free_coherent(ctx->se->dev, rctx->outbuf.size,
++	dma_free_coherent(ctx->se->dev, bufsize,
+ 			  rctx->outbuf.buf, rctx->outbuf.addr);
+ 
+ out_free_inbuf:
+-	dma_free_coherent(ctx->se->dev, rctx->inbuf.size,
++	dma_free_coherent(ctx->se->dev, bufsize,
+ 			  rctx->inbuf.buf, rctx->inbuf.addr);
+ 
+ 	if (tegra_key_is_reserved(rctx->key_id))
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch

@@ -0,0 +1,52 @@
+From 0b918fd4603c0d94c95399e052c4f8a78ecbe44f Mon Sep 17 00:00:00 2001
+From: Vladislav Dronov <vdronov@redhat.com>
+Date: Sun, 7 Jun 2026 23:27:48 +0200
+Subject: [PATCH] crypto: tegra - Return ENOMEM when input buffer allocation
+ fails for ccm
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182565
+Upstream Status: merged into herbert/crypto-2.6.git
+
+commit 690a5f9e5c972a580565ce544ed1627ccf1e84de
+Author: Herbert Xu <herbert@gondor.apana.org.au>
+Date:   Wed May 20 10:51:14 2026 +0800
+
+    crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm
+
+    Ensure the ENOMEM error value is set when the input buffer allocation
+    fails in tegra_ccm_do_one_req.
+
+    Fixes: 1e245948ca0c ("crypto: tegra - finalize crypto req on error")
+    Reported-by: Vladislav Dronov <vdronov@redhat.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+    Reviewed-by: Vladislav Dronov <vdronov@redhat.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Vladislav Dronov <vdronov@redhat.com>
+
+diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c
+index 5086e7f140c3..9094c03e991f 100644
+--- a/drivers/crypto/tegra/tegra-se-aes.c
++++ b/drivers/crypto/tegra/tegra-se-aes.c
+@@ -1215,16 +1215,15 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq)
+ 	rctx->inbuf.size = bufsize;
+ 	rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					     &rctx->inbuf.addr, GFP_KERNEL);
++	ret = -ENOMEM;
+ 	if (!rctx->inbuf.buf)
+ 		goto out_finalize;
+ 
+ 	rctx->outbuf.size = bufsize;
+ 	rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize,
+ 					      &rctx->outbuf.addr, GFP_KERNEL);
+-	if (!rctx->outbuf.buf) {
+-		ret = -ENOMEM;
++	if (!rctx->outbuf.buf)
+ 		goto out_free_inbuf;
+-	}
+ 
+ 	if (!ctx->key_id) {
+ 		ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key,
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch

@@ -0,0 +1,293 @@
+From 858d2a4f67ff69e645a43487ef7ea7f28f06deae Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 17 Feb 2026 16:12:05 +0000
+Subject: [PATCH] tcp: fix potential race in tcp_v6_syn_recv_sock()
+
+Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()
+is done too late.
+
+After tcp_v4_syn_recv_sock(), the child socket is already visible
+from TCP ehash table and other cpus might use it.
+
+Since newinet->pinet6 is still pointing to the listener ipv6_pinfo
+bad things can happen as syzbot found.
+
+Move the problematic code in tcp_v6_mapped_child_init()
+and call this new helper from tcp_v4_syn_recv_sock() before
+the ehash insertion.
+
+This allows the removal of one tcp_sync_mss(), since
+tcp_v4_syn_recv_sock() will call it with the correct
+context.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: syzbot+937b5bbb6a815b3e5d0b@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/netdev/69949275.050a0220.2eeac1.0145.GAE@google.com/
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
+Link: https://patch.msgid.link/20260217161205.2079883-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+
+diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
+index 35bb5af..0cd481d 100644
+--- a/include/net/inet_connection_sock.h
++++ b/include/net/inet_connection_sock.h
+@@ -41,7 +41,9 @@ struct inet_connection_sock_af_ops {
+ 				      struct request_sock *req,
+ 				      struct dst_entry *dst,
+ 				      struct request_sock *req_unhash,
+-				      bool *own_req);
++				      bool *own_req,
++				      void (*opt_child_init)(struct sock *newsk,
++							     const struct sock *sk));
+ 	u16	    net_header_len;
+ 	u16	    net_frag_header_len;
+ 	u16	    sockaddr_len;
+diff --git a/include/net/tcp.h b/include/net/tcp.h
+index d0f76cd..b1a3eb9 100644
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -470,7 +470,9 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
+ 				  struct request_sock *req,
+ 				  struct dst_entry *dst,
+ 				  struct request_sock *req_unhash,
+-				  bool *own_req);
++				  bool *own_req,
++				  void (*opt_child_init)(struct sock *newsk,
++							 const struct sock *sk));
+ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb);
+ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len);
+ int tcp_connect(struct sock *sk);
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 4164926..f243e6a 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -201,7 +201,7 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
+ 	bool own_req;
+ 
+ 	child = icsk->icsk_af_ops->syn_recv_sock(sk, skb, req, dst,
+-						 NULL, &own_req);
++						 NULL, &own_req, NULL);
+ 	if (child) {
+ 		refcount_set(&req->rsk_refcnt, 1);
+ 		tcp_sk(child)->tsoffset = tsoff;
+diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
+index 10aa010..912eaef 100644
+--- a/net/ipv4/tcp_fastopen.c
++++ b/net/ipv4/tcp_fastopen.c
+@@ -262,7 +262,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk,
+ 	bool own_req;
+ 
+ 	child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL,
+-							 NULL, &own_req);
++							 NULL, &own_req, NULL);
+ 	if (!child)
+ 		return NULL;
+ 
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
+index f029f01..e90bf04 100644
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1499,7 +1499,9 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
+ 				  struct request_sock *req,
+ 				  struct dst_entry *dst,
+ 				  struct request_sock *req_unhash,
+-				  bool *own_req)
++				  bool *own_req,
++				  void (*opt_child_init)(struct sock *newsk,
++							 const struct sock *sk))
+ {
+ 	struct inet_request_sock *ireq;
+ 	bool found_dup_sk = false;
+@@ -1555,6 +1557,10 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
+ 	}
+ 	sk_setup_caps(newsk, dst);
+ 
++#if IS_ENABLED(CONFIG_IPV6)
++	if (opt_child_init)
++		opt_child_init(newsk, sk);
++#endif
+ 	tcp_ca_openreq_child(newsk, dst);
+ 
+ 	tcp_sync_mss(newsk, dst_mtu(dst));
+diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
+index 6c6850f..c0f26b0 100644
+--- a/net/ipv4/tcp_minisocks.c
++++ b/net/ipv4/tcp_minisocks.c
+@@ -782,7 +782,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
+ 	 * socket is created, wait for troubles.
+ 	 */
+ 	child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL,
+-							 req, &own_req);
++							 req, &own_req, NULL);
+ 	if (!child)
+ 		goto listen_overflow;
+ 
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index 979e3c8..a00876b 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1188,11 +1188,48 @@ static void tcp_v6_restore_cb(struct sk_buff *skb)
+ 		sizeof(struct inet6_skb_parm));
+ }
+ 
++/* Called from tcp_v4_syn_recv_sock() for v6_mapped children. */
++static void tcp_v6_mapped_child_init(struct sock *newsk, const struct sock *sk)
++{
++	struct inet_sock *newinet = inet_sk(newsk);
++	struct ipv6_pinfo *newnp;
++
++	newinet->pinet6 = newnp = tcp_inet6_sk(newsk);
++
++	memcpy(newnp, tcp_inet6_sk(sk), sizeof(struct ipv6_pinfo));
++
++	newnp->saddr = newsk->sk_v6_rcv_saddr;
++
++	inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
++	if (sk_is_mptcp(newsk))
++		mptcpv6_handle_mapped(newsk, true);
++	newsk->sk_backlog_rcv = tcp_v4_do_rcv;
++#if defined(CONFIG_TCP_MD5SIG)
++	tcp_sk(newsk)->af_specific = &tcp_sock_ipv6_mapped_specific;
++#endif
++
++	newnp->ipv6_mc_list = NULL;
++	newnp->ipv6_ac_list = NULL;
++	newnp->ipv6_fl_list = NULL;
++	newnp->pktoptions  = NULL;
++	newnp->opt	   = NULL;
++
++	/* tcp_v4_syn_recv_sock() has initialized newinet->mc_{index,ttl} */
++	newnp->mcast_oif   = newinet->mc_index;
++	newnp->mcast_hops  = newinet->mc_ttl;
++
++	newnp->rcv_flowinfo = 0;
++	if (tcp_inet6_sk(sk)->repflow)
++		newnp->flow_label = 0;
++}
++
+ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
+ 					 struct request_sock *req,
+ 					 struct dst_entry *dst,
+ 					 struct request_sock *req_unhash,
+-					 bool *own_req)
++					 bool *own_req,
++					 void (*opt_child_init)(struct sock *newsk,
++								const struct sock *sk))
+ {
+ 	struct inet_request_sock *ireq;
+ 	struct ipv6_pinfo *newnp;
+@@ -1208,61 +1245,10 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
+ #endif
+ 	struct flowi6 fl6;
+ 
+-	if (skb->protocol == htons(ETH_P_IP)) {
+-		/*
+-		 *	v6 mapped
+-		 */
+-
+-		newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
+-					     req_unhash, own_req);
+-
+-		if (!newsk)
+-			return NULL;
+-
+-		inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk);
+-
+-		newinet = inet_sk(newsk);
+-		newnp = tcp_inet6_sk(newsk);
+-		newtp = tcp_sk(newsk);
+-
+-		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
+-
+-		newnp->saddr = newsk->sk_v6_rcv_saddr;
+-
+-		inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
+-		if (sk_is_mptcp(newsk))
+-			mptcpv6_handle_mapped(newsk, true);
+-		newsk->sk_backlog_rcv = tcp_v4_do_rcv;
+-#ifdef CONFIG_TCP_MD5SIG
+-		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
+-#endif
+-
+-		newnp->ipv6_mc_list = NULL;
+-		newnp->ipv6_ac_list = NULL;
+-		newnp->ipv6_fl_list = NULL;
+-		newnp->pktoptions  = NULL;
+-		newnp->opt	   = NULL;
+-		newnp->mcast_oif   = inet_iif(skb);
+-		newnp->mcast_hops  = ip_hdr(skb)->ttl;
+-		newnp->rcv_flowinfo = 0;
+-		if (np->repflow)
+-			newnp->flow_label = 0;
+-
+-		/*
+-		 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
+-		 * here, tcp_create_openreq_child now does this for us, see the comment in
+-		 * that function for the gory details. -acme
+-		 */
+-
+-		/* It is tricky place. Until this moment IPv4 tcp
+-		   worked with IPv6 icsk.icsk_af_ops.
+-		   Sync it now.
+-		 */
+-		tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
+-
+-		return newsk;
+-	}
+-
++	if (skb->protocol == htons(ETH_P_IP))
++		return tcp_v4_syn_recv_sock(sk, skb, req, dst,
++					    req_unhash, own_req,
++					    tcp_v6_mapped_child_init);
+ 	ireq = inet_rsk(req);
+ 
+ 	if (sk_acceptq_is_full(sk))
+diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
+index b6cd4d5..3329917 100644
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -805,7 +805,9 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
+ 					  struct request_sock *req,
+ 					  struct dst_entry *dst,
+ 					  struct request_sock *req_unhash,
+-					  bool *own_req)
++					  bool *own_req,
++					  void (*opt_child_init)(struct sock *newsk,
++								 const struct sock *sk))
+ {
+ 	struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk);
+ 	struct mptcp_subflow_request_sock *subflow_req;
+@@ -852,7 +854,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
+ 
+ create_child:
+ 	child = listener->icsk_af_ops->syn_recv_sock(sk, skb, req, dst,
+-						     req_unhash, own_req);
++						     req_unhash, own_req, opt_child_init);
+ 
+ 	if (child && *own_req) {
+ 		struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(child);
+diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
+index 3de4169..2dfa3ec 100644
+--- a/net/smc/af_smc.c
++++ b/net/smc/af_smc.c
+@@ -124,7 +124,9 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
+ 					  struct request_sock *req,
+ 					  struct dst_entry *dst,
+ 					  struct request_sock *req_unhash,
+-					  bool *own_req)
++					  bool *own_req,
++					  void (*opt_child_init)(struct sock *newsk,
++								 const struct sock *sk))
+ {
+ 	struct smc_sock *smc;
+ 	struct sock *child;
+@@ -142,7 +144,7 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk,
+ 
+ 	/* passthrough to original syn recv sock fct */
+ 	child = smc->ori_af_ops->syn_recv_sock(sk, skb, req, dst, req_unhash,
+-					       own_req);
++					       own_req, opt_child_init);
+ 	/* child must not inherit smc or its ops */
+ 	if (child) {
+ 		rcu_assign_sk_user_data(child, NULL);

SOURCES/1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch

@@ -0,0 +1,45 @@
+From aeb0d0a32bda58a858acd0abc31a0b4a9243e271 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@redhat.com>
+Date: Thu, 4 Jun 2026 13:06:53 +0200
+Subject: [PATCH] crypto: testmgr - allow
+ authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182254
+Upstream Status: Posted https://lore.kernel.org/linux-crypto/20260603155008.736872-1-idryomov@gmail.com/
+
+hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been
+marked as FIPS allowed for years.  Mark the respective authenc()
+constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for
+Kerberos 5") as such as well.
+
+SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what
+became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement
+Guidance (item/recommendation 3).
+
+[1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final
+
+Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
+
+diff --git a/crypto/testmgr.c b/crypto/testmgr.c
+index de885bfe4c2b..7c80412e5ff7 100644
+--- a/crypto/testmgr.c
++++ b/crypto/testmgr.c
+@@ -4374,6 +4374,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "authenc(hmac(sha256),cts(cbc(aes)))",
+ 		.test = alg_test_aead,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.aead = __VECS(krb5_test_aes128_cts_hmac_sha256_128)
+ 		}
+@@ -4400,6 +4401,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ 	}, {
+ 		.alg = "authenc(hmac(sha384),cts(cbc(aes)))",
+ 		.test = alg_test_aead,
++		.fips_allowed = 1,
+ 		.suite = {
+ 			.aead = __VECS(krb5_test_aes256_cts_hmac_sha384_192)
+ 		}
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch

@@ -0,0 +1,60 @@
+From 34066fd2a30ffc1a423caa991915b56cfd503d1c Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@redhat.com>
+Date: Thu, 4 Jun 2026 13:24:21 +0200
+Subject: [PATCH] crypto: krb5enc - fix sleepable flag handling in encrypt
+ dispatch
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182254
+
+commit 2ef3bac16fb5e9eee4fb1d722578a79b751ea58a
+Author: Wesley Atwell <atwellwea@gmail.com>
+Date:   Mon Mar 9 00:26:24 2026 -0600
+
+    crypto: krb5enc - fix sleepable flag handling in encrypt dispatch
+
+    krb5enc_encrypt_ahash_done() continues encryption from an ahash
+    completion callback by calling krb5enc_dispatch_encrypt().
+
+    That helper takes a flags argument for this continuation path, but it
+    ignored that argument and reused aead_request_flags(req) when setting
+    up the skcipher subrequest callback. This can incorrectly preserve
+    CRYPTO_TFM_REQ_MAY_SLEEP when the encrypt step is started from callback
+    context.
+
+    Preserve the original request flags but clear
+    CRYPTO_TFM_REQ_MAY_SLEEP for the callback continuation path, and use
+    the caller-supplied flags when setting up the skcipher subrequest.
+
+    Fixes: d1775a177f7f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm")
+    Assisted-by: Codex:GPT-5
+    Signed-off-by: Wesley Atwell <atwellwea@gmail.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
+
+diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c
+index 793eae81aeba..2741ba229995 100644
+--- a/crypto/krb5enc.c
++++ b/crypto/krb5enc.c
+@@ -154,7 +154,7 @@ static int krb5enc_dispatch_encrypt(struct aead_request *req,
+ 		dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen);
+ 
+ 	skcipher_request_set_tfm(skreq, enc);
+-	skcipher_request_set_callback(skreq, aead_request_flags(req),
++	skcipher_request_set_callback(skreq, flags,
+ 				      krb5enc_encrypt_done, req);
+ 	skcipher_request_set_crypt(skreq, src, dst, req->cryptlen, req->iv);
+ 
+@@ -193,7 +193,8 @@ static void krb5enc_encrypt_ahash_done(struct crypto_async_request *areq,
+ 
+ 	krb5enc_insert_checksum(req, ahreq->result);
+ 
+-	err = krb5enc_dispatch_encrypt(req, 0);
++	err = krb5enc_dispatch_encrypt(req,
++				       aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP);
+ 	if (err != -EINPROGRESS)
+ 		aead_request_complete(req, err);
+ }
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch

@@ -0,0 +1,169 @@
+From eebdcc2ddddf6708964baec467161fbffc0de910 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@redhat.com>
+Date: Thu, 4 Jun 2026 13:24:35 +0200
+Subject: [PATCH] crypto: krb5enc - fix async decrypt skipping hash
+ verification
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182254
+Conflicts:
+- crypto_completion_t data can't be accessed directly in RHEL
+
+commit 3bfbf5f0a99c991769ec562721285df7ab69240b
+Author: Dudu Lu <phx0fer@gmail.com>
+Date:   Mon Apr 20 12:40:27 2026 +0800
+
+    crypto: krb5enc - fix async decrypt skipping hash verification
+
+    krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher
+    callback, which is the caller's own completion handler. When the
+    skcipher completes asynchronously, this signals "done" to the caller
+    without executing krb5enc_dispatch_decrypt_hash(), completely bypassing
+    the integrity verification (hash check).
+
+    Compare with the encrypt path which correctly uses
+    krb5enc_encrypt_done as an intermediate callback to chain into the
+    hash computation on async completion.
+
+    Fix by adding krb5enc_decrypt_done as an intermediate callback that
+    chains into krb5enc_dispatch_decrypt_hash() upon async skcipher
+    completion, matching the encrypt path's callback pattern.
+
+    Also fix EBUSY/EINPROGRESS handling throughout: remove
+    krb5enc_request_complete() which incorrectly swallowed EINPROGRESS
+    notifications that must be passed up to callers waiting on backlogged
+    requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done
+    for the dispatch_encrypt return value.
+
+    Fixes: d1775a177f7f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm")
+    Signed-off-by: Dudu Lu <phx0fer@gmail.com>
+
+    Unset MAY_BACKLOG on the async completion path so the user won't
+    see back-to-back EINPROGRESS notifications.
+
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
+
+diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c
+index 2741ba229995..1e7b4fc8ed8c 100644
+--- a/crypto/krb5enc.c
++++ b/crypto/krb5enc.c
+@@ -39,12 +39,6 @@ struct krb5enc_request_ctx {
+ 	char tail[];
+ };
+ 
+-static void krb5enc_request_complete(struct aead_request *req, int err)
+-{
+-	if (err != -EINPROGRESS)
+-		aead_request_complete(req, err);
+-}
+-
+ /**
+  * crypto_krb5enc_extractkeys - Extract Ke and Ki keys from the key blob.
+  * @keys: Where to put the key sizes and pointers
+@@ -127,7 +121,7 @@ static void krb5enc_encrypt_done(struct crypto_async_request *areq, int err)
+ {
+ 	struct aead_request *req = areq->data;
+ 
+-	krb5enc_request_complete(req, err);
++	aead_request_complete(req, err);
+ }
+ 
+ /*
+@@ -189,14 +183,16 @@ static void krb5enc_encrypt_ahash_done(struct crypto_async_request *areq,
+ 	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
+ 
+ 	if (err)
+-		return krb5enc_request_complete(req, err);
++		goto out;
+ 
+ 	krb5enc_insert_checksum(req, ahreq->result);
+ 
+-	err = krb5enc_dispatch_encrypt(req,
+-				       aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP);
+-	if (err != -EINPROGRESS)
+-		aead_request_complete(req, err);
++	err = krb5enc_dispatch_encrypt(req, 0);
++	if (err == -EINPROGRESS)
++		return;
++
++out:
++	aead_request_complete(req, err);
+ }
+ 
+ /*
+@@ -267,17 +263,16 @@ static void krb5enc_decrypt_hash_done(struct crypto_async_request *areq,
+ {
+ 	struct aead_request *req = areq->data;
+ 
+-	if (err)
+-		return krb5enc_request_complete(req, err);
+-
+-	err = krb5enc_verify_hash(req);
+-	krb5enc_request_complete(req, err);
++	if (!err)
++		err = krb5enc_verify_hash(req);
++	aead_request_complete(req, err);
+ }
+ 
+ /*
+  * Dispatch the hashing of the plaintext after we've done the decryption.
+  */
+-static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
++static int krb5enc_dispatch_decrypt_hash(struct aead_request *req,
++					 unsigned int flags)
+ {
+ 	struct crypto_aead *krb5enc = crypto_aead_reqtfm(req);
+ 	struct aead_instance *inst = aead_alg_instance(krb5enc);
+@@ -293,7 +288,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
+ 	ahash_request_set_tfm(ahreq, auth);
+ 	ahash_request_set_crypt(ahreq, req->dst, hash,
+ 				req->assoclen + req->cryptlen - authsize);
+-	ahash_request_set_callback(ahreq, aead_request_flags(req),
++	ahash_request_set_callback(ahreq, flags,
+ 				   krb5enc_decrypt_hash_done, req);
+ 
+ 	err = crypto_ahash_digest(ahreq);
+@@ -303,6 +298,21 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req)
+ 	return krb5enc_verify_hash(req);
+ }
+ 
++static void krb5enc_decrypt_done(struct crypto_async_request *areq, int err)
++{
++	struct aead_request *req = areq->data;
++
++	if (err)
++		goto out;
++
++	err = krb5enc_dispatch_decrypt_hash(req, 0);
++	if (err == -EINPROGRESS)
++		return;
++
++out:
++	aead_request_complete(req, err);
++}
++
+ /*
+  * Dispatch the decryption of the ciphertext.
+  */
+@@ -326,7 +336,7 @@ static int krb5enc_dispatch_decrypt(struct aead_request *req)
+ 
+ 	skcipher_request_set_tfm(skreq, ctx->enc);
+ 	skcipher_request_set_callback(skreq, aead_request_flags(req),
+-				      req->base.complete, req->base.data);
++				      krb5enc_decrypt_done, req);
+ 	skcipher_request_set_crypt(skreq, src, dst,
+ 				   req->cryptlen - authsize, req->iv);
+ 
+@@ -341,7 +351,7 @@ static int krb5enc_decrypt(struct aead_request *req)
+ 	if (err < 0)
+ 		return err;
+ 
+-	return krb5enc_dispatch_decrypt_hash(req);
++	return krb5enc_dispatch_decrypt_hash(req, aead_request_flags(req));
+ }
+ 
+ static int krb5enc_init_tfm(struct crypto_aead *tfm)
+-- 
+2.50.1 (Apple Git-155)
+

SOURCES/1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch

@@ -0,0 +1,62 @@
+From b404b859e714b89a20c22818d2a2606290c68266 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@redhat.com>
+Date: Thu, 4 Jun 2026 13:24:44 +0200
+Subject: [PATCH] crypto: krb5 - filter out async aead implementations at alloc
+
+JIRA: https://redhat.atlassian.net/browse/RHEL-182254
+Upstream Status: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
+
+commit 6c9dddeb582fde005360f4fe02c760d45ca05fb5
+Author: Michael Bommarito <michael.bommarito@gmail.com>
+Date:   Sun May 10 19:24:55 2026 -0400
+
+    crypto: krb5 - filter out async aead implementations at alloc
+
+    krb5_aead_encrypt(), krb5_aead_decrypt() in rfc3961_simplified.c and
+    rfc8009_encrypt(), rfc8009_decrypt() in rfc8009_aes2.c set a NULL
+    completion callback and treat any negative return from
+    crypto_aead_{encrypt,decrypt}() as terminal, falling through to
+    kfree_sensitive(buffer).  When the encrypt_name resolves to an
+    async AEAD instance the request returns -EINPROGRESS, the buffer
+    is freed while the backend's worker still holds a pointer, and the
+    worker dereferences the freed slab on completion.
+
+    KASAN report under UML+SLUB with a synthetic async aead backend
+    bound to krb5->encrypt_name:
+
+      BUG: KASAN: slab-use-after-free in t5_stub_complete+0x7d/0xc7
+
+    The helpers were written synchronously, so filter the async
+    instances out at allocation time instead of plumbing
+    crypto_wait_req() through every call site.
+
+    Reachable via net/rxrpc/rxgk.c, fs/afs/cm_security.c and
+    net/ceph/crypto.c on systems with an async AEAD provider bound to
+    the krb5 enctype name.
+
+    Fixes: 00244da40f78 ("crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions")
+    Fixes: 6c3c0e86c2ac ("crypto/krb5: Implement the AES enctypes from rfc8009")
+    Cc: stable@vger.kernel.org
+    Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
+    Assisted-by: Claude:claude-opus-4-7
+    Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com>
+    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+
+Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
+
+diff --git a/crypto/krb5/krb5_api.c b/crypto/krb5/krb5_api.c
+index 23026d4206c8..2b20284fa0ab 100644
+--- a/crypto/krb5/krb5_api.c
++++ b/crypto/krb5/krb5_api.c
+@@ -165,7 +165,7 @@ struct crypto_aead *krb5_prepare_encryption(const struct krb5_enctype *krb5,
+ 	struct crypto_aead *ci = NULL;
+ 	int ret = -ENOMEM;
+ 
+-	ci = crypto_alloc_aead(krb5->encrypt_name, 0, 0);
++	ci = crypto_alloc_aead(krb5->encrypt_name, 0, CRYPTO_ALG_ASYNC);
+ 	if (IS_ERR(ci)) {
+ 		ret = PTR_ERR(ci);
+ 		if (ret == -ENOENT)
+-- 
+2.50.1 (Apple Git-155)
+

SPECS/kernel.spec

@@ -176,13 +176,13 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 687.19.1
+%define pkgrelease 687.20.1
 %define kversion 5
 %define tarfile_release 5.14.0-687.5.1.el9_8
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 687.19.1%{?buildid}%{?dist}
+%define specrelease 687.20.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
 %define kabiversion 5.14.0-687.5.1.el9_8
 
@@ -1573,6 +1573,20 @@ Patch1692: 1692-init-kconfig-fix-cc-has-asm-goto-tied-output-test-with-dash.patc
 Patch1693: 1693-update-workarounds-for-gcc-asm-goto-issue.patch
 Patch1694: 1694-init-kconfig-remove-config-gcc-asm-goto-output-workaround.patch
 Patch1695: 1695-rdma-mlx5-fix-error-path-fall-through-in-mlx5-ib-dev-res-srq.patch
+Patch1696: 1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch
+Patch1697: 1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch
+Patch1698: 1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch
+Patch1699: 1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch
+Patch1700: 1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch
+Patch1701: 1701-crypto-tegra-add-missing-crypto-alg-async.patch
+Patch1702: 1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch
+Patch1703: 1703-crypto-tegra-fix-dma-free-coherent-size-error.patch
+Patch1704: 1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch
+Patch1705: 1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch
+Patch1706: 1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch
+Patch1707: 1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch
+Patch1708: 1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch
+Patch1709: 1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch
 # END OF PATCH DEFINITIONS
 
 %description
@@ -2913,6 +2927,20 @@ ApplyPatch 1692-init-kconfig-fix-cc-has-asm-goto-tied-output-test-with-dash.patc
 ApplyPatch 1693-update-workarounds-for-gcc-asm-goto-issue.patch
 ApplyPatch 1694-init-kconfig-remove-config-gcc-asm-goto-output-workaround.patch
 ApplyPatch 1695-rdma-mlx5-fix-error-path-fall-through-in-mlx5-ib-dev-res-srq.patch
+ApplyPatch 1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch
+ApplyPatch 1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch
+ApplyPatch 1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch
+ApplyPatch 1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch
+ApplyPatch 1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch
+ApplyPatch 1701-crypto-tegra-add-missing-crypto-alg-async.patch
+ApplyPatch 1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch
+ApplyPatch 1703-crypto-tegra-fix-dma-free-coherent-size-error.patch
+ApplyPatch 1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch
+ApplyPatch 1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch
+ApplyPatch 1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch
+ApplyPatch 1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch
+ApplyPatch 1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch
+ApplyPatch 1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch
 # END OF PATCH APPLICATIONS
 
 # Any further pre-build tree manipulations happen here.
@@ -4987,6 +5015,27 @@ fi
 #
 #
 %changelog
+* Tue Jun 30 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-687.20.1
+- Recreate RHEL 5.14.0-687.20.1 from CentOS Stream 9 and upstream stable backports (1696-1709)
+- Retain AlmaLinux ahead-of-RHEL fix for CVE-2026-46316 (1312)
+- RHEL changelog for 687.19.1..687.20.1 follows:
+
+* Mon Jun 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.20.1.el9_8]
+- crypto: krb5 - filter out async aead implementations at alloc (CKI Backport Bot) [RHEL-182540]
+- crypto: krb5enc - fix async decrypt skipping hash verification (CKI Backport Bot) [RHEL-182540]
+- crypto: krb5enc - fix sleepable flag handling in encrypt dispatch (CKI Backport Bot) [RHEL-182540]
+- crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode (CKI Backport Bot) [RHEL-182540]
+- tcp: fix potential race in tcp_v6_syn_recv_sock() (Paolo Abeni) [RHEL-174243] {CVE-2026-43198}
+- crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm (Vladislav Dronov) [RHEL-182760]
+- crypto: tegra - Fix dma_free_coherent size error (Vladislav Dronov) [RHEL-182760]
+- crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin (Vladislav Dronov) [RHEL-182760]
+- crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Vladislav Dronov) [RHEL-182760] {CVE-2026-31739}
+- crypto: tegra - Use int type to store negative error codes (Vladislav Dronov) [RHEL-182760]
+- crypto: tegra - Remove the use of dev_err_probe() (Vladislav Dronov) [RHEL-182760]
+- crypto: tegra - use API helpers to setup fallback request (Vladislav Dronov) [RHEL-182760]
+- scsi: qla2xxx: Add support to report MPI FW state (Ewan D. Milne) [RHEL-181886]
+- net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CKI Backport Bot) [RHEL-167051] {CVE-2026-31411}
+
 * Mon Jun 29 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-687.19.1
 - Recreate RHEL 5.14.0-687.19.1 from CentOS Stream 9 and upstream stable backports (1313-1695)
 - Retain AlmaLinux ahead-of-RHEL fix for CVE-2026-46316 (1312)