Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.21 2026-02-26T22:59:04+00:00 2026-02-26T22:59:04+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2026-01-11T13:20:32+00:00 urn:sha1:243d642ff5809811208fa1707b7ab8a6ab4b1d68 [ Upstream commit 0ceeadc7b53a041d89d5843f6bf0ccb7c98b0b4f ] EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis. Unregister algorithms on the same basis. Currently, all algorithms are unregistered, even those not supported by HW. This results in panic on platforms that don't have all options implemented in silicon. Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Acked-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-02-26T22:59:03+00:00 Aleksander Jan Bajkowski olek2@wp.pl 2025-12-30T21:17:17+00:00 urn:sha1:7530c3595d1e23bc5938cbd44b7e8f33457fc71f [ Upstream commit b6e32ba6d32503440a3e3e16c8d0521cbb7e0c5d ] During driver detach, the same hash algorithm is unregistered multiple times due to a wrong iterator. Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Reviewed-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-07-31T16:45:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-07-31T16:45:28+00:00 urn:sha1:44a8c96edd0ee9320a1ad87afc7b10f38e55d5ec Pull crypto update from Herbert Xu: "API: - Allow hash drivers without fallbacks (e.g., hardware key) Algorithms: - Add hmac hardware key support (phmac) on s390 - Re-enable sha384 in FIPS mode - Disable sha1 in FIPS mode - Convert zstd to acomp Drivers: - Lower priority of qat skcipher and aead - Convert aspeed to partial block API - Add iMX8QXP support in caam - Add rate limiting support for GEN6 devices in qat - Enable telemetry for GEN6 devices in qat - Implement full backlog mode for hisilicon/sec2" * tag 'v6.17-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (116 commits) crypto: keembay - Use min() to simplify ocs_create_linked_list_from_sg() crypto: hisilicon/hpre - fix dma unmap sequence crypto: qat - make adf_dev_autoreset() static crypto: ccp - reduce stack usage in ccp_run_aes_gcm_cmd crypto: qat - refactor ring-related debug functions crypto: qat - fix seq_file position update in adf_ring_next() crypto: qat - fix DMA direction for compression on GEN2 devices crypto: jitter - replace ARRAY_SIZE definition with header include crypto: engine - remove {prepare,unprepare}_crypt_hardware callbacks crypto: engine - remove request batching support crypto: qat - flush misc workqueue during device shutdown crypto: qat - enable rate limiting feature for GEN6 devices crypto: qat - add compression slice count for rate limiting crypto: qat - add get_svc_slice_cnt() in device data structure crypto: qat - add adf_rl_get_num_svc_aes() in rate limiting crypto: qat - relocate service related functions crypto: qat - consolidate service enums crypto: qat - add decompression service for rate limiting crypto: qat - validate service in rate limiting sysfs api crypto: hisilicon/sec2 - implement full backlog mode for sec ... 2025-07-07T03:27:04+00:00 Thomas Fourier fourier.thomas@gmail.com 2025-06-20T07:29:26+00:00 urn:sha1:cb7fa6b6fc71e0c801e271aa498e2f19e6df2931 The `dma_unmap_sg()` functions should be called with the same nents as the `dma_map_sg()`, not the value the map function returned. Fixes: c957f8b3e2e5 ("crypto: inside-secure - avoid unmapping DMA memory that was not mapped") Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com> Reviewed-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-06-30T16:31:56+00:00 Eric Biggers ebiggers@kernel.org 2025-05-31T20:42:44+00:00 urn:sha1:4be6cc8222a44e3165cd41731535c8e96b5e8104 The crc32 acceleration in the inside-secure driver is accessible only as an asynchronous hash. However, there seems to be no corresponding user of crc32 in the kernel that supports asynchronous hashes. Therefore, this code seems to be unused. The patch that added this code provided no justification for its inclusion. All devicetree bindings for this accelerator are for arm64; arm64 CPUs often have CRC or PMULL instructions, which already accelerate crc32 very well. And these actually work with the crc32 users in the kernel, unlike this driver which doesn't. Remove this unnecessary code. Cc: Antoine Tenart <atenart@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20250531204244.24648-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org> 2025-04-16T07:36:24+00:00 Herbert Xu herbert@gondor.apana.org.au 2025-04-12T10:57:36+00:00 urn:sha1:0a1376744caa553eaf073b9f71d3afd1733c0b12 The block size of a hash algorithm is meant to be the number of bytes its block function can handle. For cbcmac that should be the block size of the underlying block cipher instead of one. Set the block size of all cbcmac implementations accordingly. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-04-07T05:22:27+00:00 Colin Ian King colin.i.king@gmail.com 2025-04-02T11:13:47+00:00 urn:sha1:83366bcc7cb9bb6570363bef7cf05948cb00fe4e Don't populate the read-only arrays sha256_init, sha224_init, sha1_init and md5_init on the stack at run time, instead make them static. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Reviewed-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-04-03T11:04:33+00:00 Christian Marangi ansuelsmth@gmail.com 2025-04-01T11:57:30+00:00 urn:sha1:12e0b15b1986736af8c64b920efad00c655a3c79 In the EIP93 HASH functions, the eip93_put_descriptor is called without acquiring lock. This is problematic when multiple thread execute hash operations. Correctly acquire ring write lock on calling eip93_put_descriptor to prevent concurrent access and mess with the ring pointers. Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Reported-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-02-22T07:56:03+00:00 Christian Marangi ansuelsmth@gmail.com 2025-02-15T23:36:18+00:00 urn:sha1:217460544a1b9741874dab826eb614e8c006f8a8 Fix smatch warning for sg_nents_for_len return value in Inside Secure EIP93 driver. The return value of sg_nents_for_len was assigned to an u32 and the error was ignored and converted to a positive integer. Rework the code to correctly handle the error from sg_nents_for_len to mute smatch warning. Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support") Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2025-02-22T07:56:02+00:00 Herbert Xu herbert@gondor.apana.org.au 2025-02-09T10:17:30+00:00 urn:sha1:ea6f861a3c459abd0fe19a5eaf746afc0aca7530 Instead of having two entries for inside-secure in the top-level Makefile, make it just a single one. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>