Chenghai Huang [Mon, 30 Mar 2026 06:25:31 +0000 (14:25 +0800)]
crypto: hisilicon - remove unused and non-public APIs for qm and sec
- sec_register_to_crypto() and sec_unregister_from_crypto()
have been removed, the function declarations have not been
removed. Remove them.
- hisi_qm_start_qp and hisi_qm_stop_qp are called internally by the
QM. Therefore, the EXPORT_SYMBOL_GPL declaration of these
non-public interfaces is deleted.
Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Zhushuai Yin [Mon, 30 Mar 2026 06:25:27 +0000 (14:25 +0800)]
crypto: hisilicon - fix the format string type error
1. The return value val of sec_debugfs_atomic64_get is of the
u64 type, but %lld instead of %llu is used in DEFINE_DEBUGFS_ATTRIBUTE.
Fix it.
2. In debugfs.c, since the types of q_depth and xeq_depth are u16,
the results of q_depth - 1 and xeq_depth - 1 are int rather than
u16. Use %d for int.
Giovanni Cabiddu [Sat, 28 Mar 2026 22:29:47 +0000 (22:29 +0000)]
crypto: qat - add support for zstd
Add support for the ZSTD algorithm for QAT GEN4, GEN5 and GEN6 via the
acomp API.
For GEN4 and GEN5, compression is performed in hardware using LZ4s, a
QAT-specific variant of LZ4. The compressed output is post-processed to
generate ZSTD sequences, and the ZSTD library is then used to produce
the final ZSTD stream via zstd_compress_sequences_and_literals(). Only
inputs between 8 KB and 512 KB are offloaded to the device. The minimum
size restriction will be relaxed once polling support is added. The
maximum size is limited by the use of pre-allocated per-CPU scratch
buffers. On these generations, only compression is offloaded to hardware;
decompression always falls back to software.
For GEN6, both compression and decompression are offloaded to the
accelerator, which natively supports the ZSTD algorithm. There is no
limit on the input buffer size supported. However, since GEN6 is limited
to a history size of 64 KB, decompression of frames compressed with a
larger history falls back to software.
Since GEN2 devices do not support ZSTD or LZ4s, add a mechanism that
prevents selecting GEN2 compression instances for ZSTD or LZ4s when a
GEN2 plug-in card is present on a system with an embedded GEN4, GEN5 or
GEN6 device.
In addition, modify the algorithm registration logic to allow
registering the correct implementation, i.e. LZ4s based for GEN4 and
GEN5 or native ZSTD for GEN6.
Co-developed-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> Signed-off-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Laurent M Coquerel <laurent.m.coquerel@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Sat, 28 Mar 2026 22:29:46 +0000 (22:29 +0000)]
crypto: qat - use swab32 macro
Replace __builtin_bswap32() with swab32 in icp_qat_hw_20_comp.h to fix
the following build errors on architectures without native byte-swap
support:
alpha-linux-ld: drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.o: in function `adf_gen4_build_decomp_block':
drivers/crypto/intel/qat/qat_common/icp_qat_hw_20_comp.h:141:(.text+0xeec): undefined reference to `__bswapsi2'
alpha-linux-ld: drivers/crypto/intel/qat/qat_common/icp_qat_hw_20_comp.h:141:(.text+0xef8): undefined reference to `__bswapsi2'
alpha-linux-ld: drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.o: in function `adf_gen4_build_comp_block':
drivers/crypto/intel/qat/qat_common/icp_qat_hw_20_comp.h:57:(.text+0xf64): undefined reference to `__bswapsi2'
alpha-linux-ld: drivers/crypto/intel/qat/qat_common/icp_qat_hw_20_comp.h:57:(.text+0xf7c): undefined reference to `__bswapsi2'
Fixes: 5b14b2b307e4 ("crypto: qat - enable deflate for QAT GEN4") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202603290259.Ig9kDOmI-lkp@intel.com/ Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Sat, 28 Mar 2026 10:20:44 +0000 (11:20 +0100)]
crypto: img-hash - use list_first_entry_or_null to simplify digest
Use list_first_entry_or_null() to simplify img_hash_digest() and remove
the now-unused local 'struct img_hash_dev *' variables. Use 'ctx->hdev'
when calling img_hash_handle_queue() instead of 'tctx->hdev'.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Fri, 27 Mar 2026 23:08:18 +0000 (16:08 -0700)]
crypto: cryptomgr - Select algorithm types only when CRYPTO_SELFTESTS
Enabling any template selects CRYPTO_MANAGER, which causes
CRYPTO_MANAGER2 to enable itself, which selects every algorithm type
option. However, pulling in all algorithm types is needed only when the
self-tests are enabled. So condition the selections accordingly.
To make this possible, also add the missing selections to various
symbols that were relying on transitive selections via CRYPTO_MANAGER.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Paul Louvel [Fri, 27 Mar 2026 09:24:18 +0000 (10:24 +0100)]
crypto: aspeed - Use memcpy_from_sglist() in aspeed_ahash_dma_prepare()
Replace scatterwalk_map_and_copy() with memcpy_from_sglist() in
aspeed_ahash_dma_prepare(). The latter provides a simpler interface
without requiring a direction parameter, making the code easier to
read and less error-prone.
No functional change intended.
Signed-off-by: Paul Louvel <paul.louvel@bootlin.com> Reviewed-by: Neal Liu <neal_liu@aspeedtech.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:07 +0000 (17:15 -0700)]
crypto: rng - Don't pull in DRBG when CRYPTO_FIPS=n
crypto_stdrng_get_bytes() is now always available:
- When CRYPTO_FIPS=n it is an inline function that always calls into
the always-built-in drivers/char/random.c.
- When CRYPTO_FIPS=y it is an inline function that calls into either
random.c or crypto/rng.c, depending on the value of fips_enabled.
The former is again always built-in. The latter is built-in as
well in this case, due to CRYPTO_FIPS=y.
Thus, the CRYPTO_RNG_DEFAULT symbol is no longer needed. Remove it.
This makes it so that CRYPTO_DRBG_MENU (and hence also CRYPTO_DRBG,
CRYPTO_JITTERENTROPY, and CRYPTO_LIB_SHA3) no longer gets unnecessarily
pulled into CRYPTO_FIPS=n kernels. I.e. CRYPTO_FIPS=n kernels are no
longer bloated with code that is relevant only to FIPS certifications.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:06 +0000 (17:15 -0700)]
crypto: fips - Depend on CRYPTO_DRBG=y
Currently, the callers of crypto_stdrng_get_bytes() do 'select
CRYPTO_RNG_DEFAULT', which does 'select CRYPTO_DRBG_MENU'.
However, due to the change in how crypto_stdrng_get_bytes() is
implemented, CRYPTO_DRBG_MENU is now needed only when CRYPTO_FIPS.
But, 'select CRYPTO_DRBG_MENU if CRYPTO_FIPS' would cause a recursive
dependency, since CRYPTO_FIPS 'depends on CRYPTO_DRBG'.
Solve this by just making CRYPTO_FIPS depend on CRYPTO_DRBG=y (rather
than CRYPTO_DRBG i.e. CRYPTO_DRBG=y || CRYPTO_DRBG=m). The distros that
use CRYPTO_FIPS=y already set CRYPTO_DRBG=y anyway, which makes sense.
This makes the CRYPTO_RNG_DEFAULT symbol (and its corresponding
selection of CRYPTO_DRBG_MENU) unnecessary. A later commit removes it.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:05 +0000 (17:15 -0700)]
crypto: rng - Make crypto_stdrng_get_bytes() use normal RNG in non-FIPS mode
"stdrng" is needed only in "FIPS mode". Therefore, make
crypto_stdrng_get_bytes() delegate to either the normal Linux RNG or to
"stdrng", depending on the current mode.
This will eliminate the need to built the SP800-90A DRBG and its
dependencies into CRYPTO_FIPS=n kernels.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:04 +0000 (17:15 -0700)]
crypto: rng - Unexport "default RNG" symbols
Now that crypto_default_rng, crypto_get_default_rng(), and
crypto_put_default_rng() have no users outside crypto/rng.c itself,
unexport them and make them static.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:03 +0000 (17:15 -0700)]
net: tipc: Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:02 +0000 (17:15 -0700)]
crypto: intel/keembay-ocs-ecc - Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:01 +0000 (17:15 -0700)]
crypto: hisilicon/hpre - Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:15:00 +0000 (17:15 -0700)]
crypto: geniv - Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:14:59 +0000 (17:14 -0700)]
crypto: ecc - Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Thu, 26 Mar 2026 00:14:58 +0000 (17:14 -0700)]
crypto: dh - Use crypto_stdrng_get_bytes()
Replace the sequence of crypto_get_default_rng(),
crypto_rng_get_bytes(), and crypto_put_default_rng() with the equivalent
helper function crypto_stdrng_get_bytes().
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
While it may have been intended that callers amortize the cost of
getting and putting the "default RNG" (i.e. "stdrng") over multiple
calls, in practice that optimization is never used. The callers just
want a function that gets random bytes from the "stdrng".
Therefore, add such a function: crypto_stdrng_get_bytes().
Importantly, this decouples the callers from the crypto_rng API. That
allows a later commit to make this function simply call
get_random_bytes_wait() unless the kernel is in "FIPS mode".
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Tue, 24 Mar 2026 18:29:05 +0000 (18:29 +0000)]
crypto: iaa - fix per-node CPU counter reset in rebalance_wq_table()
The cpu counter used to compute the IAA device index is reset to zero
at the start of each NUMA node iteration. This causes CPUs on every
node to map starting from IAA index 0 instead of continuing from the
previous node's last index. On multi-node systems, this results in all
nodes mapping their CPUs to the same initial set of IAA devices,
leaving higher-indexed devices unused.
Move the cpu counter initialization before the for_each_node_with_cpus()
loop so that the IAA index computation accumulates correctly across all
nodes.
Fixes: 714ca27e9bf4 ("crypto: iaa - Optimize rebalance_wq_table()") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Atharv Dubey [Tue, 24 Mar 2026 18:17:24 +0000 (18:17 +0000)]
crypto: qat - replace scnprintf() with sysfs_emit()
Replace scnprintf() with sysfs_emit() in the three RAS error counter
sysfs show callbacks. sysfs_emit() is the recommended API for sysfs show
functions as per Documentation/filesystems/sysfs.rst; it enforces the
PAGE_SIZE limit implicitly, removing the need to pass it explicitly.
Signed-off-by: Atharv Dubey <atharvd440@gmail.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Ahsan Atta <ahsan.atta@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Tue, 24 Mar 2026 18:17:23 +0000 (18:17 +0000)]
crypto: qat - fix type mismatch in RAS sysfs show functions
ADF_RAS_ERR_CTR_READ() expands to atomic_read(), which returns int.
The local variable 'counter' was declared as 'unsigned long', causing
a type mismatch on the assignment. The format specifier '%ld' was
consequently wrong in two ways: wrong length modifier and wrong
signedness.
Use int to match the return type of atomic_read() and update the
format specifier to '%d' accordingly.
Fixes: 532d7f6bc458 ("crypto: qat - add error counters") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Ahsan Atta <ahsan.atta@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Tue, 24 Mar 2026 17:59:40 +0000 (17:59 +0000)]
crypto: qat - fix compression instance leak
qat_comp_alg_init_tfm() acquires a compression instance via
qat_compression_get_instance_node() before calling qat_comp_build_ctx()
to initialize the compression context. If qat_comp_build_ctx() fails, the
function returns an error without releasing the compression instance,
causing a resource leak.
When qat_comp_build_ctx() fails, release the compression instance with
qat_compression_put_instance() and clear the context to avoid leaving a
stale reference to the released instance.
The issue was introduced when build_deflate_ctx() (which always returned
void) was replaced by qat_comp_build_ctx() (which can return an error)
without adding error handling for the failure path.
Fixes: cd0e7160f80f ("crypto: qat - refactor compression template logic") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Laurent M Coquerel <laurent.m.coquerel@intel.com> Reviewed-by: Ahsan Atta <ahsan.atta@intel.com> Reviewed-by: Wojciech Drewek <wojciech.drewek@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Giovanni Cabiddu [Tue, 24 Mar 2026 16:52:11 +0000 (16:52 +0000)]
crypto: qat - use acomp_tfm_ctx()
Replace the usage of crypto_acomp_tfm() followed by crypto_tfm_ctx()
with a single call to the equivalent acomp_tfm_ctx().
This does not introduce any functional changes.
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Laurent M Coquerel <laurent.m.coquerel@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ahsan Atta [Tue, 24 Mar 2026 11:12:34 +0000 (11:12 +0000)]
crypto: qat - disable 420xx AE cluster when lead engine is fused off
The get_ae_mask() function only disables individual engines based on
the fuse register, but engines are organized in clusters of 4. If the
lead engine of a cluster is fused off, the entire cluster must be
disabled.
Replace the single bitmask inversion with explicit test_bit() checks
on the lead engine of each group, disabling the full ADF_AE_GROUP
when the lead bit is set.
Signed-off-by: Ahsan Atta <ahsan.atta@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Fixes: fcf60f4bcf54 ("crypto: qat - add support for 420xx devices") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Ahsan Atta [Tue, 24 Mar 2026 11:11:12 +0000 (11:11 +0000)]
crypto: qat - disable 4xxx AE cluster when lead engine is fused off
The get_ae_mask() function only disables individual engines based on
the fuse register, but engines are organized in clusters of 4. If the
lead engine of a cluster is fused off, the entire cluster must be
disabled.
Replace the single bitmask inversion with explicit test_bit() checks
on the lead engine of each group, disabling the full ADF_AE_GROUP
when the lead bit is set.
Signed-off-by: Ahsan Atta <ahsan.atta@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Fixes: 8c8268166e834 ("crypto: qat - add qat_4xxx driver") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(md5),cbc(aes))
Test vectors were generated starting from existing CBC(AES) test vectors
(RFC3602, NIST SP800-38A) and adding HMAC(MD5) computed with Python
script. Then, the results were double-checked on Mediatek MT7981 (safexcel)
and NXP P2020 (talitos). Both platforms pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wenkai Lin [Sat, 21 Mar 2026 07:00:38 +0000 (15:00 +0800)]
crypto: hisilicon/sec2 - prevent req used-after-free for sec
During packet transmission, if the system is under heavy load,
the hardware might complete processing the packet and free the
request memory (req) before the transmission function finishes.
If the software subsequently accesses this req, a use-after-free
error will occur. The qp_ctx memory exists throughout the packet
sending process, so replace the req with the qp_ctx.
Fixes: f0ae287c5045 ("crypto: hisilicon/sec2 - implement full backlog mode for sec") Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure/eip93 - make it selectable for ECONET
Econet SoCs feature an integrated EIP93 in revision 3.0p1. It is identical
to the one used by the Airoha AN7581 and the MediaTek MT7621. Ahmed reports
that the EN7528 passes testmgr's self-tests. This driver should also work
on other little endian Econet SoCs.
CC: Ahmed Naseef <naseefkm@gmail.com> Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: Antoine Tenart <atenart@kernel.org> Tested-by: Ahmed Naseef <naseefkm@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
T Pratham [Fri, 20 Mar 2026 10:50:52 +0000 (16:20 +0530)]
crypto: ti - Add support for AES-CCM in DTHEv2 driver
AES-CCM is an AEAD algorithm supporting both encryption and
authentication of data. This patch introduces support for AES-CCM AEAD
algorithm in the DTHEv2 driver.
Signed-off-by: T Pratham <t-pratham@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
T Pratham [Fri, 20 Mar 2026 10:50:51 +0000 (16:20 +0530)]
crypto: ti - Add support for AES-GCM in DTHEv2 driver
AES-GCM is an AEAD algorithm supporting both encryption and
authentication of data. This patch introduces support for AES-GCM as the
first AEAD algorithm supported by the DTHEv2 driver.
Signed-off-by: T Pratham <t-pratham@ti.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(md5),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(MD5) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: qat - add anti-rollback support for GEN6 devices
Anti-Rollback (ARB) is a QAT GEN6 hardware feature that prevents loading
firmware with a Security Version Number (SVN) lower than an authorized
minimum. This protects against downgrade attacks by ensuring that only
firmware at or above a committed SVN can run on the acceleration device.
During firmware loading, the driver checks the SVN validation status via
a hardware CSR. If the check reports a failure, firmware authentication
is aborted. If it reports a retry status, the driver reissues the
authentication command up to a maximum number of retries.
Extend the firmware admin interface with two new messages,
ICP_QAT_FW_SVN_READ and ICP_QAT_FW_SVN_COMMIT, to query and commit the
SVN, respectively. Integrate the SVN check into the firmware
authentication path in qat_uclo.c so the driver can react to
anti-rollback status during device bring-up.
Expose SVN information to userspace via a new sysfs attribute group,
qat_svn, under the PCI device directory. The group provides read-only
attributes for the active, enforced minimum, and permanent minimum SVN
values, as well as a write-only commit attribute that allows a system
administrator to commit the currently active SVN as the new authorized
minimum.
This is based on earlier work by Ciunas Bennett.
Signed-off-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Thu, 19 Mar 2026 09:29:33 +0000 (10:29 +0100)]
crypto: caam - guard HMAC key hex dumps in hash_digest_key
Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in
hash_digest_key() to avoid leaking secrets at runtime when
CONFIG_DYNAMIC_DEBUG is enabled.
Fixes: 045e36780f11 ("crypto: caam - ahash hmac support") Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms") Cc: stable@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Thu, 19 Mar 2026 09:29:32 +0000 (10:29 +0100)]
printk: add print_hex_dump_devel()
Add print_hex_dump_devel() as the hex dump equivalent of pr_devel(),
which emits output only when DEBUG is enabled, but keeps call sites
compiled otherwise.
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: John Ogness <john.ogness@linutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: nx - Fix packed layout in struct nx842_crypto_header
struct nx842_crypto_header is declared with the __packed attribute,
however the fields grouped with struct_group_tagged() were not packed.
This caused the grouped header portion of the structure to lose the
packed layout guarantees of the containing structure.
Fix this by replacing struct_group_tagged() with __struct_group(...,
..., __packed, ...) so the grouped fields are packed, and the original
layout is preserved, restoring the intended packed layout of the
structure.
Thorsten Blum [Tue, 17 Mar 2026 20:18:06 +0000 (21:18 +0100)]
crypto: nx - annotate struct nx842_crypto_header with __counted_by
Add the __counted_by() compiler attribute to the flexible array member
'group' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Tue, 17 Mar 2026 08:04:52 +0000 (09:04 +0100)]
crypto: s5p-sss - use unregister_{ahashes,skciphers} in probe/remove
Replace multiple for loops with calls to crypto_unregister_ahashes() and
crypto_unregister_skciphers().
If crypto_register_skcipher() fails in s5p_aes_probe(), log the error
directly instead of checking 'i < ARRAY_SIZE(algs)' later. Also drop
now-unused local index variables. No functional changes.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Reviewed-by: Vladimir Zapolskiy <vz@mleia.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Kit Dallege [Sun, 15 Mar 2026 14:57:22 +0000 (15:57 +0100)]
crypto: add missing kernel-doc for anonymous union members
Document the anonymous SKCIPHER_ALG_COMMON and COMP_ALG_COMMON struct
members in skcipher_alg, scomp_alg, and acomp_alg, following the
existing pattern used by HASH_ALG_COMMON in shash_alg.
This fixes the following kernel-doc warnings:
include/crypto/skcipher.h:166: struct member 'SKCIPHER_ALG_COMMON' not described in 'skcipher_alg'
include/crypto/internal/scompress.h:39: struct member 'COMP_ALG_COMMON' not described in 'scomp_alg'
include/crypto/internal/acompress.h:55: struct member 'COMP_ALG_COMMON' not described in 'acomp_alg'
Signed-off-by: Kit Dallege <xaum.io@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Sat, 14 Mar 2026 21:37:20 +0000 (14:37 -0700)]
crypto: simd - Remove unused skcipher support
Remove the skcipher algorithm support from crypto/simd.c. It is no
longer used, and it is unlikely to gain any new user in the future,
given the performance issues with this code.
Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Sat, 14 Mar 2026 19:36:29 +0000 (20:36 +0100)]
crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Unregister the hwrng to prevent new ->read() calls and flush the Atmel
I2C workqueue before teardown to prevent a potential UAF if a queued
callback runs while the device is being removed.
Drop the early return to ensure sysfs entries are removed and
->hwrng.priv is freed, preventing a memory leak.
Fixes: da001fb651b0 ("crypto: atmel-i2c - add support for SHA204A random number generator") Cc: stable@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Daniel Jordan [Fri, 13 Mar 2026 15:24:33 +0000 (11:24 -0400)]
padata: Put CPU offline callback in ONLINE section to allow failure
syzbot reported the following warning:
DEAD callback error for CPU1
WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614
at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux")
which tglx traced to padata_cpu_dead() given it's the only
sub-CPUHP_TEARDOWN_CPU callback that returns an error.
Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU
so move the CPU offline callback to the ONLINE section where failure is
possible.
Fixes: 894c9ef9780c ("padata: validate cpumask without removed CPU during offline") Reported-by: syzbot+123e1b70473ce213f3af@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/69af0a05.050a0220.310d8.002f.GAE@google.com/ Debugged-by: Thomas Gleixner <tglx@kernel.org> Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Zongyu Wu [Fri, 13 Mar 2026 09:40:39 +0000 (17:40 +0800)]
crypto: hisilicon - add device load query functionality to debugfs
The accelerator device supports usage statistics. This patch enables
obtaining the accelerator's usage through the "dev_usage" file.
The returned number expressed as a percentage as a percentage.
Signed-off-by: Zongyu Wu <wuzongyu1@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Randy Dunlap [Thu, 12 Mar 2026 05:13:23 +0000 (22:13 -0700)]
hwrng: core - avoid kernel-doc warnings
Mark internal fields as "private:" so that kernel-doc comments
are not needed for them, eliminating kernel-doc warnings:
Warning: include/linux/hw_random.h:54 struct member 'list' not described
in 'hwrng'
Warning: include/linux/hw_random.h:54 struct member 'ref' not described
in 'hwrng'
Warning: include/linux/hw_random.h:54 struct member 'cleanup_work' not
described in 'hwrng'
Warning: include/linux/hw_random.h:54 struct member 'cleanup_done' not
described in 'hwrng'
Warning: include/linux/hw_random.h:54 struct member 'dying' not described
in 'hwrng'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Wed, 11 Mar 2026 15:56:49 +0000 (16:56 +0100)]
crypto: nx - fix context leak in nx842_crypto_free_ctx
Since the scomp conversion, nx842_crypto_alloc_ctx() allocates the
context separately, but nx842_crypto_free_ctx() never releases it. Add
the missing kfree(ctx) to nx842_crypto_free_ctx(), and reuse
nx842_crypto_free_ctx() in the allocation error path.
Thorsten Blum [Wed, 11 Mar 2026 15:56:47 +0000 (16:56 +0100)]
crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
The bounce buffers are allocated with __get_free_pages() using
BOUNCE_BUFFER_ORDER (order 2 = 4 pages), but both the allocation error
path and nx842_crypto_free_ctx() release the buffers with free_page().
Use free_pages() with the matching order instead.
Thorsten Blum [Wed, 11 Mar 2026 11:39:28 +0000 (12:39 +0100)]
crypto: atmel-aes - guard unregister on error in atmel_aes_register_algs
Ensure the device supports XTS and GCM with 'has_xts' and 'has_gcm'
before unregistering algorithms when XTS or authenc registration fails,
which would trigger a WARN in crypto_unregister_alg().
Currently, with the capabilities defined in atmel_aes_get_cap(), this
bug cannot happen because all devices that support XTS and authenc also
support GCM, but the error handling should still be correct regardless
of hardware capabilities.
Fixes: d52db5188a87 ("crypto: atmel-aes - add support to the XTS mode") Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
George Abraham P [Wed, 11 Mar 2026 08:22:45 +0000 (13:52 +0530)]
crypto: qat - add wireless mode support for QAT GEN6
Add wireless mode support for QAT GEN6 devices.
When the WCP_WAT fuse bit is clear, the device operates in wireless
cipher mode (wcy_mode). In this mode all accelerator engines load the
wireless firmware and service configuration via 'cfg_services' sysfs
attribute is restricted to 'sym' only.
The get_accel_cap() function is extended to report wireless-specific
capabilities (ZUC, ZUC-256, 5G, extended algorithm chaining) gated by
their respective slice-disable fuse bits. The set_ssm_wdtimer() function
is updated to configure WCP (wireless cipher) and WAT (wireless
authentication) watchdog timers. The adf_gen6_cfg_dev_init() function is
updated to use adf_6xxx_is_wcy() to enforce sym-only service selection
for WCY devices during initialization.
Co-developed-by: Aviraj Cj <aviraj.cj@intel.com> Signed-off-by: Aviraj Cj <aviraj.cj@intel.com> Signed-off-by: George Abraham P <george.abraham.p@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Wed, 11 Mar 2026 02:07:35 +0000 (03:07 +0100)]
crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with
ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the
first page using free_page(), leaking the remaining 3 pages. Use
free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.
Fixes: bbe628ed897d ("crypto: atmel-aes - improve performances of data transfer") Cc: stable@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wesley Atwell [Mon, 9 Mar 2026 06:26:24 +0000 (00:26 -0600)]
crypto: krb5enc - fix sleepable flag handling in encrypt dispatch
krb5enc_encrypt_ahash_done() continues encryption from an ahash
completion callback by calling krb5enc_dispatch_encrypt().
That helper takes a flags argument for this continuation path, but it
ignored that argument and reused aead_request_flags(req) when setting
up the skcipher subrequest callback. This can incorrectly preserve
CRYPTO_TFM_REQ_MAY_SLEEP when the encrypt step is started from callback
context.
Preserve the original request flags but clear
CRYPTO_TFM_REQ_MAY_SLEEP for the callback continuation path, and use
the caller-supplied flags when setting up the skcipher subrequest.
Fixes: d1775a177f7f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm") Assisted-by: Codex:GPT-5 Signed-off-by: Wesley Atwell <atwellwea@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Wesley Atwell [Mon, 9 Mar 2026 04:31:43 +0000 (22:31 -0600)]
crypto: simd - reject compat registrations without __ prefixes
simd_register_skciphers_compat() and simd_register_aeads_compat()
derive the wrapper algorithm names by stripping the __ prefix from the
internal algorithm names.
Currently they only WARN if cra_name or cra_driver_name lacks that prefix,
but they still continue and unconditionally add 2 to both strings. That
registers wrapper algorithms with incorrectly truncated names after a
violated precondition.
Reject such inputs with -EINVAL before registering anything, while keeping
the warning so invalid internal API usage is still visible.
Fixes: d14f0a1fc488 ("crypto: simd - allow registering multiple algorithms at once") Fixes: 1661131a0479 ("crypto: simd - support wrapping AEAD algorithms") Assisted-by: Codex:GPT-5 Signed-off-by: Wesley Atwell <atwellwea@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Sat, 7 Mar 2026 15:31:10 +0000 (16:31 +0100)]
crypto: atmel-tdes - fix DMA sync direction
Before DMA output is consumed by the CPU, ->dma_addr_out must be synced
with dma_sync_single_for_cpu() instead of dma_sync_single_for_device().
Using the wrong direction can return stale cache data on non-coherent
platforms.
Fixes: 13802005d8f2 ("crypto: atmel - add Atmel DES/TDES driver") Fixes: 1f858040c2f7 ("crypto: atmel-tdes - add support for latest release of the IP (0x700)") Cc: stable@vger.kernel.org Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: inside-secure/eip93 - register hash before authenc algorithms
Register hash before hmac and authenc algorithms. This will ensure
selftests pass at startup. Previously, selftests failed on the
crypto_alloc_ahash() function since the associated algorithm was
not yet registered.
Fixes following error:
...
[ 18.375811] alg: self-tests for authenc(hmac(sha1),cbc(aes)) using authenc(hmac(sha1-eip93),cbc(aes-eip93)) failed (rc=-2)
[ 18.382140] alg: self-tests for authenc(hmac(sha224),rfc3686(ctr(aes))) using authenc(hmac(sha224-eip93),rfc3686(ctr(aes-eip93))) failed (rc=-2)
[ 18.395029] alg: aead: authenc(hmac(sha256-eip93),cbc(des-eip93)) setkey failed on test vector 0; expected_error=0, actual_error=-2, flags=0x1
[ 18.409734] alg: aead: authenc(hmac(md5-eip93),cbc(des3_ede-eip93)) setkey failed on test vector 0; expected_error=0, actual_error=-2, flags=0x1
...
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers [Fri, 6 Mar 2026 04:19:15 +0000 (20:19 -0800)]
MAINTAINERS: remove outdated entry for crypto/rng.c
Lore shows no emails from Neil on linux-crypto since 2020. Without the
listed person being active, this MAINTAINERS entry provides no value,
and actually is a bit confusing because while it is called the
"CRYPTOGRAPHIC RANDOM NUMBER GENERATOR", it is not the CRNG that is
normally used (drivers/char/random.c) which has a separate entry.
Remove this entry, so crypto/rng.c will just be covered by "CRYPTO API".
Cc: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(sha512),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(SHA512) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(sha384),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(SHA384) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(sha256),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(SHA256) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(sha224),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(SHA224) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: testmgr - Add test vectors for authenc(hmac(sha1),rfc3686(ctr(aes)))
Test vectors were generated starting from existing RFC3686(CTR(AES)) test
vectors and adding HMAC(SHA1) computed with software implementation.
Then, the results were double-checked on Mediatek MT7986 (safexcel).
Platform pass self-tests.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Dave Hansen [Thu, 5 Mar 2026 17:21:33 +0000 (09:21 -0800)]
MAINTAINERS: Remove bouncing maintaner for IAA driver
This maintainer's email is now bouncing. Remove them.
Cc: Kristen Accardi <kristen.c.accardi@intel.com> Cc: Vinicius Costa Gomes <vinicius.gomes@intel.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: qat - fix firmware loading failure for GEN6 devices
QAT GEN6 hardware requires a minimum 3 us delay during the acceleration
engine reset sequence to ensure the hardware fully settles.
Without this delay, the firmware load may fail intermittently.
Add a delay after placing the AE into reset and before clearing the reset,
matching the hardware requirements and ensuring stable firmware loading.
Earlier generations remain unaffected.
Fixes: 17fd7514ae68 ("crypto: qat - add qat_6xxx driver") Signed-off-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> Cc: stable@vger.kernel.org Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: qat - fix indentation of macros in qat_hal.c
The macros in qat_hal.c were using a mixture of tabs and spaces.
Update all macro indentation to use tabs consistently, matching the
predominant style.
This does not introduce any functional change.
Signed-off-by: Suman Kumar Chakraborty <suman.kumar.chakraborty@intel.com> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
dt-bindings: crypto: inside-secure,safexcel: add compatible for MT7981
The MT7981 as well as the MT7986 have a built-in EIP-97 crypto accelerator.
This commit adds a compatible string for MT7981.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: tcrypt - stop ahash speed tests when setkey fails
The async hash speed path ignores the return code from
crypto_ahash_setkey(). If the caller picks an unsupported key length,
the transform keeps whatever key state it already has and the speed test
still runs, producing misleading numbers, hence bail out of the loop when
setkey fails.
Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crypto: tcrypt - clamp num_mb to avoid divide-by-zero
Passing num_mb=0 to the multibuffer speed tests leaves test_mb_aead_cycles()
and test_mb_acipher_cycles() dividing by (8 * num_mb). With sec=0 (the
default), the module prints "1 operation in ..." and hits a divide-by-zero
fault.
Force num_mb to at least 1 during module init and warn the caller so the
warm-up loop and the final report stay well-defined.
To reproduce:
sudo modprobe tcrypt mode=600 num_mb=0
Signed-off-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
sev_do_cmd() has its own command buffer (sev->cmd_buf) with the correct
alignment, perms, etc. that it copies the command into, so prepending it to
the firmware data is unnecessary.
Switch sev_update_firmware() to using a stack allocated command in light of
this copy, and drop all of the resulting pointer math.
Signed-off-by: Tycho Andersen (AMD) <tycho@kernel.org> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thorsten Blum [Mon, 2 Mar 2026 11:34:53 +0000 (12:34 +0100)]
crypto: qce - Remove return variable and unused assignments
In qce_aead_done(), the return variable 'ret' is no longer used - remove
it. And qce_aead_prepare_dst_buf() jumps directly to 'dst_tbl_free:' on
error and returns 'sg' - drop the useless 'ret' assignments.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Alexander Dahl [Thu, 26 Feb 2026 15:56:27 +0000 (16:56 +0100)]
crypto: docs/userspace-if - Fix outdated links
According to archive.org the site threw HTTP errors 404 since early 2024.
The last snapshot in the archive having actual content was from late 2023.
The page behind the new URL has more or less the same content as the
archived page from 2023, so it probably was just moved without setting
up a redirect.
Signed-off-by: Alexander Dahl <ada@thorsis.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Chuyi Zhou [Thu, 26 Feb 2026 08:07:03 +0000 (16:07 +0800)]
padata: Remove cpu online check from cpu add and removal
During the CPU offline process, the dying CPU is cleared from the
cpu_online_mask in takedown_cpu(). After this step, various CPUHP_*_DEAD
callbacks are executed to perform cleanup jobs for the dead CPU, so this
cpu online check in padata_cpu_dead() is unnecessary.
Similarly, when executing padata_cpu_online() during the
CPUHP_AP_ONLINE_DYN phase, the CPU has already been set in the
cpu_online_mask, the action even occurs earlier than the
CPUHP_AP_ONLINE_IDLE stage.
Remove this unnecessary cpu online check in __padata_add_cpu() and
__padata_remove_cpu().
Signed-off-by: Chuyi Zhou <zhouchuyi@bytedance.com> Acked-by: Daniel Jordan <daniel.m.jordan@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Randy Dunlap [Wed, 25 Feb 2026 01:45:28 +0000 (17:45 -0800)]
crypto: ecc - correct kernel-doc format
Fix all kernel-doc warnings in ecc.h:
- use correct kernel-doc format
- add some Returns: sections
- fix spelling and parameter names
Fixes these warnings:
Warning: include/crypto/internal/ecc.h:82 function parameter 'nbytes' not
described in 'ecc_digits_from_bytes'
Warning: include/crypto/internal/ecc.h:82 function parameter 'out' not
described in 'ecc_digits_from_bytes'
Warning: include/crypto/internal/ecc.h:95 No description found for return
value of 'ecc_is_key_valid'
Warning: include/crypto/internal/ecc.h:110 No description found for return
value of 'ecc_gen_privkey'
Warning: include/crypto/internal/ecc.h:124 No description found for return
value of 'ecc_make_pub_key'
Warning: include/crypto/internal/ecc.h:143 No description found for return
value of 'crypto_ecdh_shared_secret'
Warning: include/crypto/internal/ecc.h:182 No description found for return
value of 'vli_is_zero'
Warning: include/crypto/internal/ecc.h:194 No description found for return
value of 'vli_cmp'
Warning: include/crypto/internal/ecc.h:209 function parameter 'right' not
described in 'vli_sub'
Warning: include/crypto/internal/ecc.h:271 expecting prototype for
ecc_aloc_point(). Prototype was for ecc_alloc_point() instead
Warning: include/crypto/internal/ecc.h:287 function parameter 'point' not
described in 'ecc_point_is_zero'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Randy Dunlap [Wed, 25 Feb 2026 01:45:18 +0000 (17:45 -0800)]
crypto: des - fix all kernel-doc warnings
Use correct function parameter names and add Returns: sections to
eliminate all kernel-doc warnings in des.h:
Warning: include/crypto/des.h:41 function parameter 'keylen' not
described in 'des_expand_key'
Warning: include/crypto/des.h:41 No description found for return value
of 'des_expand_key'
Warning: include/crypto/des.h:54 function parameter 'keylen' not
described in 'des3_ede_expand_key'
Warning: include/crypto/des.h:54 No description found for return value
of 'des3_ede_expand_key'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Randy Dunlap [Wed, 25 Feb 2026 01:45:00 +0000 (17:45 -0800)]
crypto: acomp - repair kernel-doc warnings
Correct kernel-doc:
- add the @extra function parameter
- add "_extra" to the mismatched function name
- spell the "cmpl" parameter correctly
to avoid these warnings:
Warning: include/crypto/acompress.h:251 function parameter 'extra' not
described in 'acomp_request_alloc_extra'
Warning: include/crypto/acompress.h:251 expecting prototype for
acomp_request_alloc(). Prototype was for acomp_request_alloc_extra()
instead
Warning: include/crypto/acompress.h:327 function parameter 'cmpl' not
described in 'acomp_request_set_callback'
Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mykyta Yatsenko [Tue, 24 Feb 2026 19:29:54 +0000 (19:29 +0000)]
rhashtable: consolidate hash computation in rht_key_get_hash()
The else-if and else branches in rht_key_get_hash() both compute a hash
using either params.hashfn or jhash, differing only in the source of
key_len (params.key_len vs ht->p.key_len). Merge the two branches into
one by using the ternary `params.key_len ?: ht->p.key_len` to select
the key length, removing the duplicated logic.
This also improves the performance of the else branch which previously
always used jhash and never fell through to jhash2. This branch is going
to be used by BPF resizable hashmap, which wraps rhashtable:
https://lore.kernel.org/bpf/20260205-rhash-v1-0-30dd6d63c462@meta.com/
Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
projects / thirdparty / kernel / linux.git / log
