Changes in Kconfig

b85966adbf5de0668a815c6e3527f87e0c387fb4 - Merge tag 'net-next-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

Wed, 17 Jun 2026 09:17:00 +0200

Merge tag 'net-next-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-nextPull networking updates from Jakub Kicinski: "Core & protocols: - Work on removing rtnl_lock protection throughout the stack continues. In this chapter: - don't use rtnl_lock for IPv6 multicast routing configuration - don't take rtnl_lock in ethtool for modern drivers - prepare Qdisc dump callbacks for rtnl_lock removal - Support dumping just ifindex + name of all interfaces, under RCU. It's a common operation for Netlink CLI tools (when translating names to ifindexes) and previously required full rtnl_lock. - Support dumping qdiscs and page pools for a specific netdev. Even tho user space wants a dump of all netdevs, most of the time, the OOO programming model results in repeating the dump for each netdev. Which, in absence of a cache, leads to a O(n^2) behavior. - Flush nexthops once on multi-nexthop removal (e.g. when device goes down), another O(n^2) -> O(n) improvement. - Rehash locally generated traffic to a different nexthop on retransmit timeout. - Honor oif when choosing nexthop for locally generated IPv6 traffic. - Convert TCP Auth Option to crypto library, and drop non-RFC algos. - Increase subflow limits in MPTCP to 64 and endpoint limit to 256. - Support MPTCP signaling of IPv6 address + port (ADD_ADDR). We need to selectively skip reporting of the standard TCP Timestamp option, because they won't fit into the header space together (12 + 30 > 40). - Support using bridge neighbor suppression, Duplicate Address Detection, Gratuitous ARP and unsolicited NA forwarding - in EVPN deployments, e.g. VXLAN fabrics (IPv4 and IPv6). - Improve link state reporting for upper netdevs (e.g. macvlan) over tunnel devices (again, mostly for EVPN deployments). - Support binding GENEVE tunnels to a local address. - Speed up UDP tunnel destruction (remove one synchronize_rcu()). - Support exponential field encoding in multicast (IGMPv3 and MLDv2). - Support attaching PSP crypto offload to containers (veth, netkit). - Add a new IPSec Netlink message XFRM_MSG_MIGRATE_STATE that allows migrating individual IPsec SAs independently of their policies. The existing XFRM_MSG_MIGRATE is tightly coupled to policy+SA migration, lacks SPI for unique SA identification, and cannot express reqid changes or migrate Transport mode selectors. The new interface identifies the SA via SPI and mark, supports reqid changes, address family changes, encap removal, and uses an atomic create+install flow under x->lock to prevent SN/IV reuse during AEAD SA migration. - Implement GRO/GSO support for PPPoE. - Convert sockopt callbacks in a number of protocols to iov_iter. Cross-tree stuff: - Remove support for Crypto TFM cloning (unblocked after the TCP Auth Option rework). This feature regressed performance for all crypto API users, since it changed crypto transformation objects into reference-counted objects. - Add FCrypt-PCBC implementation to rxrpc and remove it from the global crypto API as obsolete and insecure. Wireless: - Major rework of station bandwidth handling, fixing issues with lower capability than AP. - Cleanups for EMLSR spec issues (drafts differed). - More Neighbor Awareness Networking (Wi-Fi Aware) work (multicast, schedule improvements, multi-station etc.) - Some Ultra High Reliability (UHR) / IEEE 802.11bn (D1.4) work (e.g. non-primary channel access, UHR DBE support). - Fine Timing Measurement ranging (i.e. distance measurement) APIs. Netfilter: - Use per-rule hash initval in nf_conncount. This avoids unnecessary lock contention with short keys (e.g. conntrack zones) in different namespaces. - Various safety improvements, both in packet parsing and object lifetimes. Notably add refcounts to conntrack timeout policy. Deletions: - Remove TLS + sockmap integration. TLS wants to pin user pages to avoid a copy, and sockmap wants to write to the input stream. More work on this integration is clearly needed, and we can't find any users (original author admitted that they never deployed it). - Remove support for TLS offload with TCP Offload Engine (the far more common opportunistic offload is retained). The locking looks unfixable (driver sleeps under TCP spin locks) and people from the vendor that added this are AWOL. - Remove more ATM code, trying to leave behind only what PPPoATM needs, AAL5 and br2684 with permanent circuits. - Remove AppleTalk. Let it join hamradio in our out of tree protocol graveyard, I mean, repository. - Disable 32-bit x_tables compatibility (32bit binaries on 64bit kernel) interface in user namespaces. To be deleted completely, soon. - Remove 5/10 MHz support from cfg80211/mac80211. Drivers: - Software: - Support DEVMEM/DMABUF Tx over NETMEM_TX_NO_DMA devices (netkit) - bonding: add knob to strictly follow 802.3ad for link state - New drivers: - Alibaba Elastic Ethernet Adaptor (cloud vNIC). - NXP NETC switch within i.MX94. - DPLL: - Add operational state to pins (implement in zl3073x). - Add generic DPLL type, for daisy-chaining DPLLs (implement in ice). - Ethernet high-speed NICs: - Huawei (hinic3): - enhance tc flow offload support with queue selection, tunnels - nVidia/Mellanox: - avoid over-copying payload to the skb's linear part (up to 60% win for LRO on slow CPUs like ARM64 V2) - expose more per-queue stats over the standard API - support additional, unprivileged PFs in the DPU configuration - support Socket Direct (multi-PF) with switchdev offloads - add a pool / frag allocator for DMA mapped buffers for control objects, save memory on systems with 64kB page size - take advantage of the ability to dynamically change RSS table size, even when table is configured by the user - increase the max RSS table size for even traffic distribution - Ethernet NICs: - Marvell/Aquantia: - AQC113 PTP support - Realtek USB (r8152): - support 10Gbit Link Speeds and Energy-Efficient Ethernet (EEE) - support firmware loaded (for RTL8157/RTL8159) - support for the RTL8159 - Intel (ixgbe): - support Energy-Efficient Ethernet (EEE) on E610 devices - Ethernet switches: - Airoha: - support multiple netdevs on a single GDM block / port - Marvell (mv88e6xxx): - support SERDES of mv88e6321 - Microchip (ksz8/9): - rework the driver callbacks to remove one indirection layer - Motorcomm (yt921x): - support port rate policing - support TBF qdisc offload - support ACL/flower offload - nVidia/Mellanox: - expose per-PG rx_discards - Realtek: - rtl8365mb: bridge offloading and VLAN support - Ethernet PHYs: - Airoha: - support Airoha AN8801R Gigabit PHYs. - Micrel: - implement 3 low-loss cable tunables - Realtek: - support MDI swapping for RTL8226-CG - support MDIO for RTL931x - Qualcomm: - at803x: Rx and Tx clock management for IPQ5018 PHY - Motorcomm: - support YT8522 100M RMII PHY - set drive strength in YT8531s RGMII - TI: - dp83822: add optional external PHY clock - Bluetooth: - hci_sync: add support for HCI_LE_Set_Host_Feature [v2] - SMP: use AES-CMAC library API - Intel: - support Product level reset - support smart trigger dump - Mediatek: - add event filter to filter specific event - Realtek: - fix RTL8761B/BU broken LE extended scan - WiFi: - Broadcom (b43): - new support for a 11n device - MediaTek (mt76): - support mt7927 - mt792x: broken usb transport detection - mt7921: regulatory improvements - Qualcomm (ath9k): - GPIO interface improvements - Qualcomm (ath12k): - WDS support - replace dynamic memory allocation in WMI Rx path - thermal throttling/cooling device support - 6 GHz incumbent interference detection - channel 177 in 5 GHz - Realtek (rt89): - RTL8922AU support - USB 3 mode switch for performance - better monitor radiotap support - RTL8922DE preparations"* tag 'net-next-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (1778 commits) ipv4: fib_rule: Move fib4_rules_exit() to ->exit(). net: serialize netif_running() check in enqueue_to_backlog() net: skmsg: preserve sg.copy across SG transforms appletalk: move the protocol out of tree appletalk: stop storing per-interface state in struct net_device selftests/bpf: test that TLS crypto is rejected on a sockmap socket selftests/bpf: drop the unused kTLS program from test_sockmap selftests/bpf: remove sockmap + ktls tests tls: remove dead sockmap (psock) handling from the SW path tls: reject the combination of TLS and sockmap atm: remove orphaned uAPI for deleted drivers, protocols and SVCs atm: remove unused ATM PHY operations atm: remove the unused pre_send and send_bh device operations atm: remove the unused change_qos device operation atm: remove SVC socket support and the signaling daemon interface atm: remove the local ATM (NSAP) address registry atm: remove dead SONET PHY ioctls atm: remove the unused send_oam / push_oam callbacks atm: remove AAL3/4 transport support net: dsa: sja1105: fix lastused timestamp in flower stats ... List of files: /linux/crypto/Kconfig

5f1d444e084ce3e4619e38c45a8cc29e6fffb2bf - crypto: xilinx-trng - Replace crypto_drbg_ctr_df() with HMAC-SHA512

Sun, 31 May 2026 21:17:37 +0200

crypto: xilinx-trng - Replace crypto_drbg_ctr_df() with HMAC-SHA512This code is just trying to condition 48 bytes of random data. This canbe done easily using HKDF-SHA512-Extract, saving 300 lines of code.This commit also fixes forward security (in this particular case) byclearing the entropy from memory after it's used.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

1967bfaf7ba15dc179a7e3325e880736efbcdf62 - crypto: pcbc - Remove support for PCBC mode

Fri, 22 May 2026 07:07:36 +0200

crypto: pcbc - Remove support for PCBC modeThe only user of PCBC mode (Propagating Cipher Block Chaining mode) wasnet/rxrpc/rxkad.c, which now uses local code instead.While PCBC was an interesting cryptographic experiment, it has largelybeen relegated to the history books and academic exercises. It isnon-parallelizable (i.e., very slow) and doesn't actually achieve theintegrity properties it was apparently intended to achieve.Remove support for it from the crypto API.Acked-by: Geert Uytterhoeven # m68kAcked-by: David Howells Signed-off-by: Eric Biggers Tested-by: Marc Dionne Link: https://patch.msgid.link/20260522050740.84561-6-ebiggers@kernel.orgSigned-off-by: Jakub Kicinski List of files: /linux/crypto/Kconfig

374efbdc85d027814f6b26a8d641dc062f9017c0 - crypto: fcrypt - Remove support for FCrypt block cipher

Fri, 22 May 2026 07:07:35 +0200

crypto: fcrypt - Remove support for FCrypt block cipherRemove the insecure FCrypt block cipher from the crypto API. Its onlyuser was net/rxrpc/, but now net/rxrpc/ implements it locally. Thecrypto API implementation is no longer needed.For some additional context: FCrypt was designed in 1988 and isessentially a weakened version of DES. It has the same 56-bit key sizeas DES, which is easily brute forced. Moreover, it's cryptographicallyweak and doesn't even provide the intended 56-bit security level. Itsauthor considers it to be a mistake, as well(https://lists.openafs.org/pipermail/openafs-devel/2000-December/005320.html).But fortunately this 1980s-era homebrew block cipher was never adoptedoutside of net/rxrpc/. So its code can just be kept there.Acked-by: Geert Uytterhoeven # m68kAcked-by: David Howells Signed-off-by: Eric Biggers Tested-by: Marc Dionne Link: https://patch.msgid.link/20260522050740.84561-5-ebiggers@kernel.orgSigned-off-by: Jakub Kicinski List of files: /linux/crypto/Kconfig

2f07f4192687a4fd7352c30bb01160f02f10e9d6 - MIPS: Remove unused arch/mips/crypto directory

Sun, 17 May 2026 05:20:56 +0200

MIPS: Remove unused arch/mips/crypto directoryThe last MIPS crypto code was moved to lib/crypto/mips incommit c9e5ac0ab9d1 ("lib/crypto: mips/md5: Migrate optimized code intolibrary"). However, arch/mips/crypto still contains stub Kconfig,Makefile, and .gitignore files. Remove these unnecessary files.Signed-off-by: Ethan Nelson-Moore Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

42e4579846d58ec790c4cde4094a1b5f80b13703 - LoongArch: Remove unused arch/loongarch/crypto directory

Sun, 17 May 2026 05:14:26 +0200

LoongArch: Remove unused arch/loongarch/crypto directoryAll LoongArch crypto code was moved to arch/loongarch/lib incommit 72f51a4f4b07 ("loongarch/crc32: expose CRC32 functions throughlib"). However, arch/loongarch/crypto still contains stub Kconfig andMakefile files. Remove these unnecessary files.Signed-off-by: Ethan Nelson-Moore Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

a67afb1884ba815079bd43d5c998e155e03b08b6 - crypto: af_alg - Document the deprecation of AF_ALG

Thu, 30 Apr 2026 03:15:44 +0200

crypto: af_alg - Document the deprecation of AF_ALGAF_ALG is almost completely unnecessary, and it exposes a massive attacksurface that hasn't been standing up to modern vulnerability discoverytools. The latest one even has its own website, providing a smallPython script that reliably roots most Linux distros: https://copy.fail/This isn't sustainable, especially as LLMs have accelerated the rate thevulnerabilities are coming in. The effort that is being put into thisthing is vastly disproportional to the few programs that actually useit, and those programs would be better served by userspace code anyway.These issues have been noted in many mailing list discussions already.But until now they haven't been reflected in the documentation orkconfig menu itself, and the vulnerabilities are still coming in.Let's go ahead and document the deprecation.This isn't intended to change anything overnight. After all, most Linuxdistros won't be able to disable the kconfig options quite yet, mainlybecause of iwd. But this should create a bit more impetus for theseuserspace programs to be fixed, and the documentation update should alsohelp prevent more users from appearing.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

245c8d0d177f129d105f84331272494e2cd31f2a - crypto: drbg - Use HMAC-SHA512 library API

Mon, 20 Apr 2026 08:34:06 +0200

crypto: drbg - Use HMAC-SHA512 library APISince the HMAC algorithm is now fixed at HMAC-SHA512, just use theHMAC-SHA512 library API. This is simpler and more efficient.Remove error-handling code that is no longer needed.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

5dd76c87e47879ca2ef70479962bca01263a5428 - crypto: drbg - Flatten the DRBG menu

Mon, 20 Apr 2026 08:33:58 +0200

crypto: drbg - Flatten the DRBG menuNow that the menuconfig CRYPTO_DRBG_MENU has no options in it other thanthe hidden symbol CRYPTO_DRBG, remove it and move CRYPTO_DRBG to itsparent menu. Give CRYPTO_DRBG an appropriate prompt and help text.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

e227be3ffde0ec8063c9967062a43237a5545581 - crypto: drbg - Remove support for HASH_DRBG

Mon, 20 Apr 2026 08:33:57 +0200

crypto: drbg - Remove support for HASH_DRBGRemove the support for HASH_DRBG. It's likely unused code, seeing asHMAC_DRBG is always enabled and prioritized over it unlessNETLINK_CRYPTO is used to change the algorithm priorities.There's also no compelling reason to support more than one of[HMAC_DRBG, HASH_DRBG, CTR_DRBG]. By definition, callers cannot tellany difference in their outputs. And all are FIPS-certifiable, which isthe only point of the kernel's NIST DRBGs anyway.Switching to HASH_DRBG doesn't seem all that compelling, either. Forone, it's more complex than HMAC_DRBG.Thus, let's just drop HASH_DRBG support and focus on HMAC_DRBG.Signed-off-by: Eric Biggers Acked-by: Geert Uytterhoeven # m68kSigned-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

6f88f41eeb7d4ef34e4ddb133d10779a316da67f - crypto: drbg - Remove support for CTR_DRBG

Mon, 20 Apr 2026 08:33:56 +0200

crypto: drbg - Remove support for CTR_DRBGRemove the support for CTR_DRBG. It's likely unused code, seeing asHMAC_DRBG is always enabled and prioritized over it unlessNETLINK_CRYPTO is used to change the algorithm priorities.There's also no compelling reason to support more than one of[HMAC_DRBG, HASH_DRBG, CTR_DRBG]. By definition, callers cannot tellany difference in their outputs. And all are FIPS-certifiable, which isthe only point of the kernel's NIST DRBGs anyway.Switching to CTR_DRBG doesn't seem all that compelling, either. Whileit's often the fastest NIST DRBG, it has several disadvantages:- CTR_DRBG uses AES. Some platforms don't have AES acceleration at all, causing a fallback to the table-based AES code which is very slow and can be vulnerable to cache-timing attacks. In contrast, HMAC_DRBG uses primitives that are consistently constant-time.- CTR_DRBG is usually considered to be somewhat less cryptographically robust than HMAC_DRBG. Granted, HMAC_DRBG isn't all that great either, e.g. given the negative result from Woodage & Shumow (2018) (https://eprint.iacr.org/2018/349.pdf), but that can be worked around.- CTR_DRBG is more complex than HMAC_DRBG, risking bugs. Indeed, while reviewing the CTR_DRBG code, I found two bugs, including one where it can return success while leaving the output buffer uninitialized.- The kernel's implementation of CTR_DRBG uses an "ctr(aes)" crypto_skcipher and relies on it returning the next counter value. That's fragile, and indeed historically many "ctr(aes)" crypto_skcipher implementations haven't done that. E.g. see commit 511306b2d075 ("crypto: arm/aes-ce - update IV after partial final CTR block"), commit fa5fd3afc7e6 ("crypto: arm64/aes-blk - update IV after partial final CTR block"), commit 371731ec2179 ("crypto: atmel-aes - Fix saving of IV for CTR mode"), commit 25baaf8e2c93 ("crypto: crypto4xx - fix ctr-aes missing output IV"), commit 334d37c9e263 ("crypto: caam - update IV using HW support"), commit 0a4491d3febe ("crypto: chelsio - count incomplete block in IV"), commit e8e3c1ca57d4 ("crypto: s5p - update iv after AES-CBC op end"). I.e., there were many years where the kernel's CTR_DRBG code (if it were to have actually been used) repeated outputs on some platforms. AES-CTR also uses a 128-bit counter, which creates overflow edge cases that are sometimes gotten wrong. E.g. see commit 009b30ac7444 ("crypto: vmx - CTR: always increment IV as quadword").So, while switching to CTR_DRBG for performance reasons isn't completelyout of the question (notably BoringSSL uses it), it would take quite abit more work to create a solid implementation of it in the kernel,including a more solid implementation of AES-CTR itself (in lib/crypto/,with a scalar bit-sliced fallback, etc). Since HMAC_DRBG has alwaysbeen the default NIST DRBG variant in the kernel and is in a betterstate, let's just standardize on it for now.Signed-off-by: Eric Biggers Acked-by: Geert Uytterhoeven # m68kSigned-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

f01d721cb809cb47db1afcf629d57e2aa18ae3c6 - crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMAC

Mon, 20 Apr 2026 08:33:50 +0200

crypto: drbg - Remove always-enabled symbol CRYPTO_DRBG_HMACThe kconfig symbol CRYPTO_DRBG_HMAC is always enabled whenCRYPTO_DRBG_MENU is enabled, and all checks for CRYPTO_DRBG_HMAC are incode conditional on CRYPTO_DRBG_MENU. Thus, the only purpose of theCRYPTO_DRBG_HMAC symbol is to select CRYPTO_HMAC and CRYPTO_SHA512.Move those two selections to CRYPTO_DRBG_MENU, remove the checks forCRYPTO_DRBG_HMAC, and remove the CRYPTO_DRBG_HMAC symbol itself.Note that this also fixes an issue where CRYPTO_HMAC and CRYPTO_SHA512were unnecessarily being forced to built-in when CRYPTO_DRBG=m.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

440d6635b20037bc9ad46b20817d7b61cef0fc1b - Merge tag 'mm-nonmm-stable-2026-04-15-04-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Fri, 17 Apr 2026 05:11:56 +0200

Merge tag 'mm-nonmm-stable-2026-04-15-04-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mmPull non-MM updates from Andrew Morton: - "pid: make sub-init creation retryable" (Oleg Nesterov) Make creation of init in a new namespace more robust by clearing away some historical cruft which is no longer needed. Also some documentation fixups - "selftests/fchmodat2: Error handling and general" (Mark Brown) Fix and a cleanup for the fchmodat2() syscall selftest - "lib: polynomial: Move to math/ and clean up" (Andy Shevchenko) - "hung_task: Provide runtime reset interface for hung task detector" (Aaron Tomlin) Give administrators the ability to zero out /proc/sys/kernel/hung_task_detect_count - "tools/getdelays: use the static UAPI headers from tools/include/uapi" (Thomas Weißschuh) Teach getdelays to use the in-kernel UAPI headers rather than the system-provided ones - "watchdog/hardlockup: Improvements to hardlockup" (Mayank Rungta) Several cleanups and fixups to the hardlockup detector code and its documentation - "lib/bch: fix undefined behavior from signed left-shifts" (Josh Law) A couple of small/theoretical fixes in the bch code - "ocfs2/dlm: fix two bugs in dlm_match_regions()" (Junrui Luo) - "cleanup the RAID5 XOR library" (Christoph Hellwig) A quite far-reaching cleanup to this code. I can't do better than to quote Christoph: "The XOR library used for the RAID5 parity is a bit of a mess right now. The main file sits in crypto/ despite not being cryptography and not using the crypto API, with the generic implementations sitting in include/asm-generic and the arch implementations sitting in an asm/ header in theory. The latter doesn't work for many cases, so architectures often build the code directly into the core kernel, or create another module for the architecture code. Change this to a single module in lib/ that also contains the architecture optimizations, similar to the library work Eric Biggers has done for the CRC and crypto libraries later. After that it changes to better calling conventions that allow for smarter architecture implementations (although none is contained here yet), and uses static_call to avoid indirection function call overhead" - "lib/list_sort: Clean up list_sort() scheduling workarounds" (Kuan-Wei Chiu) Clean up this library code by removing a hacky thing which was added for UBIFS, which UBIFS doesn't actually need - "Fix bugs in extract_iter_to_sg()" (Christian Ehrhardt) Fix a few bugs in the scatterlist code, add in-kernel tests for the now-fixed bugs and fix a leak in the test itself - "kdump: Enable LUKS-encrypted dump target support in ARM64 and PowerPC" (Coiby Xu) Enable support of the LUKS-encrypted device dump target on arm64 and powerpc - "ocfs2: consolidate extent list validation into block read callbacks" (Joseph Qi) Cleanup, simplify, and make more robust ocfs2's validation of extent list fields (Kernel test robot loves mounting corrupted fs images!)* tag 'mm-nonmm-stable-2026-04-15-04-20' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (127 commits) ocfs2: validate group add input before caching ocfs2: validate bg_bits during freefrag scan ocfs2: fix listxattr handling when the buffer is full doc: watchdog: fix typos etc update Sean's email address ocfs2: use get_random_u32() where appropriate ocfs2: split transactions in dio completion to avoid credit exhaustion ocfs2: remove redundant l_next_free_rec check in __ocfs2_find_path() ocfs2: validate extent block list fields during block read ocfs2: remove empty extent list check in ocfs2_dx_dir_lookup_rec() ocfs2: validate dx_root extent list fields during block read ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY ocfs2: handle invalid dinode in ocfs2_group_extend .get_maintainer.ignore: add Askar ocfs2: validate bg_list extent bounds in discontig groups checkpatch: exclude forward declarations of const structs tools/accounting: handle truncated taskstats netlink messages taskstats: set version in TGID exit notifications ocfs2/heartbeat: fix slot mapping rollback leaks on error paths arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel ... List of files: /linux/crypto/Kconfig

aec2f682d47c54ef434b2d440992626d80b1ebdc - Merge tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Thu, 16 Apr 2026 00:22:26 +0200

Merge tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Pull crypto update from Herbert Xu: "API: - Replace crypto_get_default_rng with crypto_stdrng_get_bytes - Remove simd skcipher support - Allow algorithm types to be disabled when CRYPTO_SELFTESTS is off Algorithms: - Remove CPU-based des/3des acceleration - Add test vectors for authenc(hmac(md5),cbc({aes,des})) and authenc(hmac({md5,sha1,sha224,sha256,sha384,sha512}),rfc3686(ctr(aes))) - Replace spin lock with mutex in jitterentropy Drivers: - Add authenc algorithms to safexcel - Add support for zstd in qat - Add wireless mode support for QAT GEN6 - Add anti-rollback support for QAT GEN6 - Add support for ctr(aes), gcm(aes), and ccm(aes) in dthev2"* tag 'v7.1-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (129 commits) crypto: af_alg - use sock_kmemdup in alg_setkey_by_key_serial crypto: vmx - remove CRYPTO_DEV_VMX from Kconfig crypto: omap - convert reqctx buffer to fixed-size array crypto: atmel-sha204a - add Thorsten Blum as maintainer crypto: atmel-ecc - add Thorsten Blum as maintainer crypto: qat - fix IRQ cleanup on 6xxx probe failure crypto: geniv - Remove unused spinlock from struct aead_geniv_ctx crypto: qce - simplify qce_xts_swapiv() crypto: hisilicon - Fix dma_unmap_single() direction crypto: talitos - rename first/last to first_desc/last_desc crypto: talitos - fix SEC1 32k ahash request limitation crypto: jitterentropy - replace long-held spinlock with mutex crypto: hisilicon - remove unused and non-public APIs for qm and sec crypto: hisilicon/qm - drop redundant variable initialization crypto: hisilicon/qm - remove else after return crypto: hisilicon/qm - add const qualifier to info_name in struct qm_cmd_dump_item crypto: hisilicon - fix the format string type error crypto: ccree - fix a memory leak in cc_mac_digest() crypto: qat - add support for zstd crypto: qat - use swab32 macro ... List of files: /linux/crypto/Kconfig

91a4855d6c03e770e42f17c798a36a3c46e63de2 - Merge tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

Wed, 15 Apr 2026 03:36:10 +0200

Merge tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-nextPull networking updates from Jakub Kicinski: "Core & protocols: - Support HW queue leasing, allowing containers to be granted access to HW queues for zero-copy operations and AF_XDP - Number of code moves to help the compiler with inlining. Avoid output arguments for returning drop reason where possible - Rework drop handling within qdiscs to include more metadata about the reason and dropping qdisc in the tracepoints - Remove the rtnl_lock use from IP Multicast Routing - Pack size information into the Rx Flow Steering table pointer itself. This allows making the table itself a flat array of u32s, thus making the table allocation size a power of two - Report TCP delayed ack timer information via socket diag - Add ip_local_port_step_width sysctl to allow distributing the randomly selected ports more evenly throughout the allowed space - Add support for per-route tunsrc in IPv6 segment routing - Start work of switching sockopt handling to iov_iter - Improve dynamic recvbuf sizing in MPTCP, limit burstiness and avoid buffer size drifting up - Support MSG_EOR in MPTCP - Add stp_mode attribute to the bridge driver for STP mode selection. This addresses concerns about call_usermodehelper() usage - Remove UDP-Lite support (as announced in 2023) - Remove support for building IPv6 as a module. Remove the now unnecessary function calling indirection Cross-tree stuff: - Move Michael MIC code from generic crypto into wireless, it's considered insecure but some WiFi networks still need it Netfilter: - Switch nft_fib_ipv6 module to no longer need temporary dst_entry object allocations by using fib6_lookup() + RCU. Florian W reports this gets us ~13% higher packet rate - Convert IPVS's global __ip_vs_mutex to per-net service_mutex and switch the service tables to be per-net. Convert some code that walks the service lists to use RCU instead of the service_mutex - Add more opinionated input validation to lower security exposure - Make IPVS hash tables to be per-netns and resizable Wireless: - Finished assoc frame encryption/EPPKE/802.1X-over-auth - Radar detection improvements - Add 6 GHz incumbent signal detection APIs - Multi-link support for FILS, probe response templates and client probing - New APIs and mac80211 support for NAN (Neighbor Aware Networking, aka Wi-Fi Aware) so less work must be in firmware Driver API: - Add numerical ID for devlink instances (to avoid having to create fake bus/device pairs just to have an ID). Support shared devlink instances which span multiple PFs - Add standard counters for reporting pause storm events (implement in mlx5 and fbnic) - Add configuration API for completion writeback buffering (implement in mana) - Support driver-initiated change of RSS context sizes - Support DPLL monitoring input frequency (implement in zl3073x) - Support per-port resources in devlink (implement in mlx5) Misc: - Expand the YAML spec for Netfilter Drivers - Software: - macvlan: support multicast rx for bridge ports with shared source MAC address - team: decouple receive and transmit enablement for IEEE 802.3ad LACP "independent control" - Ethernet high-speed NICs: - nVidia/Mellanox: - support high order pages in zero-copy mode (for payload coalescing) - support multiple packets in a page (for systems with 64kB pages) - Broadcom 25-400GE (bnxt): - implement XDP RSS hash metadata extraction - add software fallback for UDP GSO, lowering the IOMMU cost - Broadcom 800GE (bnge): - add link status and configuration handling - add various HW and SW statistics - Marvell/Cavium: - NPC HW block support for cn20k - Huawei (hinic3): - add mailbox / control queue - add rx VLAN offload - add driver info and link management - Ethernet NICs: - Marvell/Aquantia: - support reading SFP module info on some AQC100 cards - Realtek PCI (r8169): - add support for RTL8125cp - Realtek USB (r8152): - support for the RTL8157 5Gbit chip - add 2500baseT EEE status/configuration support - Ethernet NICs embedded and off-the-shelf IP: - Synopsys (stmmac): - cleanup and reorganize SerDes handling and PCS support - cleanup descriptor handling and per-platform data - cleanup and consolidate MDIO defines and handling - shrink driver memory use for internal structures - improve Tx IRQ coalescing - improve TCP segmentation handling - add support for Spacemit K3 - Cadence (macb): - support PHYs that have inband autoneg disabled with GEM - support IEEE 802.3az EEE - rework usrio capabilities and handling - AMD (xgbe): - improve power management for S0i3 - improve TX resilience for link-down handling - Virtual: - Google cloud vNIC: - support larger ring sizes in DQO-QPL mode - improve HW-GRO handling - support UDP GSO for DQO format - PCIe NTB: - support queue count configuration - Ethernet PHYs: - automatically disable PHY autonomous EEE if MAC is in charge - Broadcom: - add BCM84891/BCM84892 support - Micrel: - support for LAN9645X internal PHY - Realtek: - add RTL8224 pair order support - support PHY LEDs on RTL8211F-VD - support spread spectrum clocking (SSC) - Maxlinear: - add PHY-level statistics via ethtool - Ethernet switches: - Maxlinear (mxl862xx): - support for bridge offloading - support for VLANs - support driver statistics - Bluetooth: - large number of fixes and new device IDs - Mediatek: - support MT6639 (MT7927) - support MT7902 SDIO - WiFi: - Intel (iwlwifi): - UNII-9 and continuing UHR work - MediaTek (mt76): - mt7996/mt7925 MLO fixes/improvements - mt7996 NPU support (HW eth/wifi traffic offload) - Qualcomm (ath12k): - monitor mode support on IPQ5332 - basic hwmon temperature reporting - support IPQ5424 - Realtek: - add USB RX aggregation to improve performance - add USB TX flow control by tracking in-flight URBs - Cellular: - IPA v5.2 support"* tag 'net-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (1561 commits) net: pse-pd: fix kernel-doc function name for pse_control_find_by_id() wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wireguard: allowedips: remove redundant space tools: ynl: add sample for wireguard wireguard: allowedips: Use kfree_rcu() instead of call_rcu() MAINTAINERS: Add netkit selftest files selftests/net: Add additional test coverage in nk_qlease selftests/net: Split netdevsim tests from HW tests in nk_qlease tools/ynl: Make YnlFamily closeable as a context manager net: airoha: Add missing PPE configurations in airoha_ppe_hw_init() net: airoha: Fix VIP configuration for AN7583 SoC net: caif: clear client service pointer on teardown net: strparser: fix skb_head leak in strp_abort_strp() net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() selftests/bpf: add test for xdp_master_redirect with bond not up net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master net: airoha: Remove PCE_MC_EN_MASK bit in REG_FE_PCE_CFG configuration sctp: disable BH before calling udp_tunnel_xmit_skb() sctp: fix missing encap_port propagation for GSO fragments net: airoha: Rely on net_device pointer in ETS callbacks ... List of files: /linux/crypto/Kconfig

370c3883195566ee3e7d79e0146c3d735a406573 - Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux

Tue, 14 Apr 2026 02:31:39 +0200

Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linuxPull crypto library updates from Eric Biggers: - Migrate more hash algorithms from the traditional crypto subsystem to lib/crypto/ Like the algorithms migrated earlier (e.g. SHA-*), this simplifies the implementations, improves performance, enables further simplifications in calling code, and solves various other issues: - AES CBC-based MACs (AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC) - Support these algorithms in lib/crypto/ using the AES library and the existing arm64 assembly code - Reimplement the traditional crypto API's "cmac(aes)", "xcbc(aes)", and "cbcmac(aes)" on top of the library - Convert mac80211 to use the AES-CMAC library. Note: several other subsystems can use it too and will be converted later - Drop the broken, nonstandard, and likely unused support for "xcbc(aes)" with key lengths other than 128 bits - Enable optimizations by default - GHASH - Migrate the standalone GHASH code into lib/crypto/ - Integrate the GHASH code more closely with the very similar POLYVAL code, and improve the generic GHASH implementation to resist cache-timing attacks and use much less memory - Reimplement the AES-GCM library and the "gcm" crypto_aead template on top of the GHASH library. Remove "ghash" from the crypto_shash API, as it's no longer needed - Enable optimizations by default - SM3 - Migrate the kernel's existing SM3 code into lib/crypto/, and reimplement the traditional crypto API's "sm3" on top of it - I don't recommend using SM3, but this cleanup is worthwhile to organize the code the same way as other algorithms - Testing improvements: - Add a KUnit test suite for each of the new library APIs - Migrate the existing ChaCha20Poly1305 test to KUnit - Make the KUnit all_tests.config enable all crypto library tests - Move the test kconfig options to the Runtime Testing menu - Other updates to arch-optimized crypto code: - Optimize SHA-256 for Zhaoxin CPUs using the Padlock Hash Engine - Remove some MD5 implementations that are no longer worth keeping - Drop big endian and voluntary preemption support from the arm64 code, as those configurations are no longer supported on arm64 - Make jitterentropy and samples/tsm-mr use the crypto library APIs* tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: (66 commits) lib/crypto: arm64: Assume a little-endian kernel arm64: fpsimd: Remove obsolete cond_yield macro lib/crypto: arm64/sha3: Remove obsolete chunking logic lib/crypto: arm64/sha512: Remove obsolete chunking logic lib/crypto: arm64/sha256: Remove obsolete chunking logic lib/crypto: arm64/sha1: Remove obsolete chunking logic lib/crypto: arm64/poly1305: Remove obsolete chunking logic lib/crypto: arm64/gf128hash: Remove obsolete chunking logic lib/crypto: arm64/chacha: Remove obsolete chunking logic lib/crypto: arm64/aes: Remove obsolete chunking logic lib/crypto: Include instead of lib/crypto: aesgcm: Don't disable IRQs during AES block encryption lib/crypto: aescfb: Don't disable IRQs during AES block encryption lib/crypto: tests: Migrate ChaCha20Poly1305 self-test to KUnit lib/crypto: sparc: Drop optimized MD5 code lib/crypto: mips: Drop optimized MD5 code lib: Move crypto library tests to Runtime Testing menu crypto: sm3 - Remove 'struct sm3_state' crypto: sm3 - Remove the original "sm3_block_generic()" crypto: sm3 - Remove sm3_base.h ... List of files: /linux/crypto/Kconfig

8c6d03b7a249ffe85ba2bda09a2a7614c0ff03db - crypto: Remove michael_mic from crypto_shash API

Wed, 08 Apr 2026 05:06:51 +0200

crypto: Remove michael_mic from crypto_shash APIRemove the "michael_mic" crypto_shash algorithm, since it's no longerused. Its only users were wireless drivers, which have now beenconverted to use the michael_mic() function instead.It makes sense that no other users ever appeared: Michael MIC is aninsecure algorithm that is specific to WPA TKIP, which itself was aninterim security solution to replace the broken WEP standard.Acked-by: Geert Uytterhoeven Signed-off-by: Eric Biggers Acked-by: Herbert Xu Link: https://patch.msgid.link/20260408030651.80336-7-ebiggers@kernel.orgSigned-off-by: Johannes Berg List of files: /linux/crypto/Kconfig

9e229025e2474115c151f08bdbdd3d8d5f159af3 - xor: move to lib/raid/

Fri, 27 Mar 2026 07:16:37 +0100

xor: move to lib/raid/Move the RAID XOR code to lib/raid/ as it has nothing to do with thecrypto API.Link: https://lkml.kernel.org/r/20260327061704.3707577-6-hch@lst.deSigned-off-by: Christoph Hellwig Reviewed-by: Eric Biggers Tested-by: Eric Biggers Cc: Albert Ou Cc: Alexander Gordeev Cc: Alexandre Ghiti Cc: Andreas Larsson Cc: Anton Ivanov Cc: Ard Biesheuvel Cc: Arnd Bergmann Cc: "Borislav Petkov (AMD)" Cc: Catalin Marinas Cc: Chris Mason Cc: Christian Borntraeger Cc: Dan Williams Cc: David S. Miller Cc: David Sterba Cc: Heiko Carstens Cc: Herbert Xu Cc: "H. Peter Anvin" Cc: Huacai Chen Cc: Ingo Molnar Cc: Jason A. Donenfeld Cc: Johannes Berg Cc: Li Nan Cc: Madhavan Srinivasan Cc: Magnus Lindholm Cc: Matt Turner Cc: Michael Ellerman Cc: Nicholas Piggin Cc: Palmer Dabbelt Cc: Richard Henderson Cc: Richard Weinberger Cc: Russell King Cc: Song Liu Cc: Sven Schnelle Cc: Ted Ts'o Cc: Vasily Gorbik Cc: WANG Xuerui Cc: Will Deacon Signed-off-by: Andrew Morton List of files: /linux/crypto/Kconfig

cdadc14359378c0cf02251c86ffbc606f55bfadd - crypto: cryptomgr - Select algorithm types only when CRYPTO_SELFTESTS

Sat, 28 Mar 2026 00:08:18 +0100

crypto: cryptomgr - Select algorithm types only when CRYPTO_SELFTESTSEnabling any template selects CRYPTO_MANAGER, which causesCRYPTO_MANAGER2 to enable itself, which selects every algorithm typeoption. However, pulling in all algorithm types is needed only when theself-tests are enabled. So condition the selections accordingly.To make this possible, also add the missing selections to varioussymbols that were relying on transitive selections via CRYPTO_MANAGER.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig

4061bc8c03975e6491fbe9e3cd5e53d2c003c812 - crypto: rng - Don't pull in DRBG when CRYPTO_FIPS=n

Thu, 26 Mar 2026 01:15:07 +0100

crypto: rng - Don't pull in DRBG when CRYPTO_FIPS=ncrypto_stdrng_get_bytes() is now always available: - When CRYPTO_FIPS=n it is an inline function that always calls into the always-built-in drivers/char/random.c. - When CRYPTO_FIPS=y it is an inline function that calls into either random.c or crypto/rng.c, depending on the value of fips_enabled. The former is again always built-in. The latter is built-in as well in this case, due to CRYPTO_FIPS=y.Thus, the CRYPTO_RNG_DEFAULT symbol is no longer needed. Remove it.This makes it so that CRYPTO_DRBG_MENU (and hence also CRYPTO_DRBG,CRYPTO_JITTERENTROPY, and CRYPTO_LIB_SHA3) no longer gets unnecessarilypulled into CRYPTO_FIPS=n kernels. I.e. CRYPTO_FIPS=n kernels are nolonger bloated with code that is relevant only to FIPS certifications.Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu List of files: /linux/crypto/Kconfig