* [PATCH v4 1/2] crypto: padlock-sha - Disable for Zhaoxin processor
[not found] <20260313080150.9393-1-AlanSong-oc@zhaoxin.com>
@ 2026-03-13 8:01 ` AlanSong-oc
2026-03-14 18:40 ` Eric Biggers
0 siblings, 1 reply; 2+ messages in thread
From: AlanSong-oc @ 2026-03-13 8:01 UTC (permalink / raw)
To: herbert, davem, ebiggers, Jason, ardb, linux-crypto, linux-kernel,
x86
Cc: CobeChen, TonyWWang-oc, YunShen, GeorgeXue, LeoLiu, HansHu,
AlanSong-oc, stable
For Zhaoxin processors, the XSHA1 instruction requires the total memory
allocated at %rdi register must be 32 bytes, while the XSHA1 and
XSHA256 instruction doesn't perform any operation when %ecx is zero.
Due to these requirements, the current padlock-sha driver does not work
correctly with Zhaoxin processors. It cannot pass the self-tests and
therefore does not activate the driver on Zhaoxin processors. This issue
has been reported in Debian [1]. The self-tests fail with the
following messages [2]:
alg: shash: sha1-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
alg: self-tests for sha1 using sha1-padlock-nano failed (rc=-22)
------------[ cut here ]------------
alg: shash: sha256-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
alg: self-tests for sha256 using sha256-padlock-nano failed (rc=-22)
------------[ cut here ]------------
Disable the padlock-sha driver on Zhaoxin processors with the CPU family
0x07 and newer. Following the suggestion in [3], add support for the PHE
extensions to lib/crypto. Only XSHA256 support for SHA-256 is included,
since SHA-1 has been cryptographically broken, as recommended in [4].
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103397
[2] https://linux-hardware.org/?probe=271fabb7a4&log=dmesg
[3] https://lore.kernel.org/linux-crypto/aUI4CGp6kK7mxgEr@gondor.apana.org.au/
[4] https://lore.kernel.org/linux-crypto/20260116071513.12134-1-AlanSong-oc@zhaoxin.com/T/#m49436c4849dd64454b3554c105197ef9c61db23e
Fixes: 63dc06cd12f9 ("crypto: padlock-sha - Use API partial block handling")
Cc: stable@vger.kernel.org
Signed-off-by: AlanSong-oc <AlanSong-oc@zhaoxin.com>
---
drivers/crypto/padlock-sha.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/crypto/padlock-sha.c b/drivers/crypto/padlock-sha.c
index 329f60ad4..9214bbfc8 100644
--- a/drivers/crypto/padlock-sha.c
+++ b/drivers/crypto/padlock-sha.c
@@ -332,6 +332,13 @@ static int __init padlock_init(void)
if (!x86_match_cpu(padlock_sha_ids) || !boot_cpu_has(X86_FEATURE_PHE_EN))
return -ENODEV;
+ /*
+ * Skip family 0x07 and newer used by Zhaoxin processors,
+ * as the driver's self-tests fail on these CPUs.
+ */
+ if (c->x86 >= 0x07)
+ return -ENODEV;
+
/* Register the newly added algorithm module if on *
* VIA Nano processor, or else just do as before */
if (c->x86_model < 0x0f) {
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4 1/2] crypto: padlock-sha - Disable for Zhaoxin processor
2026-03-13 8:01 ` [PATCH v4 1/2] crypto: padlock-sha - Disable for Zhaoxin processor AlanSong-oc
@ 2026-03-14 18:40 ` Eric Biggers
0 siblings, 0 replies; 2+ messages in thread
From: Eric Biggers @ 2026-03-14 18:40 UTC (permalink / raw)
To: AlanSong-oc
Cc: herbert, davem, Jason, ardb, linux-crypto, linux-kernel, x86,
CobeChen, TonyWWang-oc, YunShen, GeorgeXue, LeoLiu, HansHu,
stable
On Fri, Mar 13, 2026 at 04:01:49PM +0800, AlanSong-oc wrote:
> For Zhaoxin processors, the XSHA1 instruction requires the total memory
> allocated at %rdi register must be 32 bytes, while the XSHA1 and
> XSHA256 instruction doesn't perform any operation when %ecx is zero.
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-fixes
I made a few tweaks to your commit message, as noted below:
> ------------[ cut here ]------------
>
> alg: shash: sha256-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
> alg: self-tests for sha256 using sha256-padlock-nano failed (rc=-22)
> ------------[ cut here ]------------
Removed the "cut here" lines because they caused checkpatch errors
> Disable the padlock-sha driver on Zhaoxin processors with the CPU family
> 0x07 and newer. Following the suggestion in [3], add support for the PHE
> extensions to lib/crypto. Only XSHA256 support for SHA-256 is included,
> since SHA-1 has been cryptographically broken, as recommended in [4].
Changed to clarify that the lib/crypto/ support is in a different patch:
Disable the padlock-sha driver on Zhaoxin processors with the CPU
family 0x07 and newer. Following the suggestion in [3], support for
PHE will be added to lib/crypto/ instead.
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103397
Changed to correct link https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113996
- Eric
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-14 18:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260313080150.9393-1-AlanSong-oc@zhaoxin.com>
2026-03-13 8:01 ` [PATCH v4 1/2] crypto: padlock-sha - Disable for Zhaoxin processor AlanSong-oc
2026-03-14 18:40 ` Eric Biggers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox