<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-rng/drivers/net/wireguard, branch master</title>
<subtitle>Development tree for the kernel CSPRNG</subtitle>
<id>https://git.zx2c4.com/linux-rng/atom/drivers/net/wireguard?h=master</id>
<link rel='self' href='https://git.zx2c4.com/linux-rng/atom/drivers/net/wireguard?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/'/>
<updated>2025-10-30T05:04:24Z</updated>
<entry>
<title>lib/crypto: blake2s: Rename blake2s_state to blake2s_ctx</title>
<updated>2025-10-30T05:04:24Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-10-18T04:30:58Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=5e0ec8e46d4d6488242bb39a4ce5c0276afa5f32'/>
<id>urn:sha1:5e0ec8e46d4d6488242bb39a4ce5c0276afa5f32</id>
<content type='text'>
For consistency with the SHA-1, SHA-2, SHA-3 (in development), and MD5
library APIs, rename blake2s_state to blake2s_ctx.

As a refresher, the ctx name:

- Is a bit shorter.
- Avoids confusion with the compression function state, which is also
  often called the state (but is just part of the full context).
- Is consistent with OpenSSL.

Not a big deal, of course.  But consistency is nice.  With a BLAKE2b
library API about to be added, this is a convenient time to update this.

Reviewed-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Link: https://lore.kernel.org/r/20251018043106.375964-3-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>lib/crypto: blake2s: Adjust parameter order of blake2s()</title>
<updated>2025-10-30T05:04:24Z</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@kernel.org</email>
</author>
<published>2025-10-18T04:30:57Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=50b8e36994a042103ea92b6d9f6d7de725f9ac5f'/>
<id>urn:sha1:50b8e36994a042103ea92b6d9f6d7de725f9ac5f</id>
<content type='text'>
Reorder the parameters of blake2s() from (out, in, key, outlen, inlen,
keylen) to (key, keylen, in, inlen, out, outlen).

This aligns BLAKE2s with the common conventions of pairing buffers and
their lengths, and having outputs follow inputs.  This is widely used
elsewhere in lib/crypto/ and crypto/, and even elsewhere in the BLAKE2s
code itself such as blake2s_init_key() and blake2s_final().  So
blake2s() was a bit of an exception.

Notably, this results in the same order as hmac_*_usingrawkey().

Note that since the type signature changed, it's not possible for a
blake2s() call site to be silently missed.

Reviewed-by: Ard Biesheuvel &lt;ardb@kernel.org&gt;
Link: https://lore.kernel.org/r/20251018043106.375964-2-ebiggers@kernel.org
Signed-off-by: Eric Biggers &lt;ebiggers@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: WQ_PERCPU added to alloc_workqueue users</title>
<updated>2025-09-23T00:40:30Z</updated>
<author>
<name>Marco Crivellari</name>
<email>marco.crivellari@suse.com</email>
</author>
<published>2025-09-18T14:24:27Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=27ce71e1ce81875df72f7698ba27988392bef602'/>
<id>urn:sha1:27ce71e1ce81875df72f7698ba27988392bef602</id>
<content type='text'>
Currently if a user enqueue a work item using schedule_delayed_work() the
used wq is "system_wq" (per-cpu wq) while queue_delayed_work() use
WORK_CPU_UNBOUND (used when a cpu is not specified). The same applies to
schedule_work() that is using system_wq and queue_work(), that makes use
again of WORK_CPU_UNBOUND.
This lack of consistentcy cannot be addressed without refactoring the API.

alloc_workqueue() treats all queues as per-CPU by default, while unbound
workqueues must opt-in via WQ_UNBOUND.

This default is suboptimal: most workloads benefit from unbound queues,
allowing the scheduler to place worker threads where they’re needed and
reducing noise when CPUs are isolated.

This change adds a new WQ_PERCPU flag at the network subsystem, to explicitly
request the use of the per-CPU behavior. Both flags coexist for one release
cycle to allow callers to transition their calls.

Once migration is complete, WQ_UNBOUND can be removed and unbound will
become the implicit default.

With the introduction of the WQ_PERCPU flag (equivalent to !WQ_UNBOUND),
any alloc_workqueue() caller that doesn’t explicitly specify WQ_UNBOUND
must now use WQ_PERCPU.

All existing users have been updated accordingly.

Suggested-by: Tejun Heo &lt;tj@kernel.org&gt;
Signed-off-by: Marco Crivellari &lt;marco.crivellari@suse.com&gt;
Link: https://patch.msgid.link/20250918142427.309519-4-marco.crivellari@suse.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>wireguard: queueing: always return valid online CPU in wg_cpumask_choose_online()</title>
<updated>2025-09-12T01:52:21Z</updated>
<author>
<name>Yury Norov (NVIDIA)</name>
<email>yury.norov@gmail.com</email>
</author>
<published>2025-09-10T01:36:42Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=5bd8de20770ca001621bb1aa5eb9a0977d0bd2d9'/>
<id>urn:sha1:5bd8de20770ca001621bb1aa5eb9a0977d0bd2d9</id>
<content type='text'>
The function gets number of online CPUS, and uses it to search for
Nth cpu in cpu_online_mask.

If id == num_online_cpus() - 1, and one CPU gets offlined between
calling num_online_cpus() -&gt; cpumask_nth(), there's a chance for
cpumask_nth() to find nothing and return &gt;= nr_cpu_ids.

The caller code in __queue_work() tries to avoid that by checking the
returned CPU against WORK_CPU_UNBOUND, which is NR_CPUS. It's not the
same as '&gt;= nr_cpu_ids'. On a typical Ubuntu desktop, NR_CPUS is 8192,
while nr_cpu_ids is the actual number of possible CPUs, say 8.

The non-existing cpu may later be passed to rcu_dereference() and
corrupt the logic. Fix it by switching from 'if' to 'while'.

Suggested-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
Signed-off-by: Yury Norov (NVIDIA) &lt;yury.norov@gmail.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
Link: https://patch.msgid.link/20250910013644.4153708-3-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>wireguard: queueing: simplify wg_cpumask_next_online()</title>
<updated>2025-09-12T01:52:20Z</updated>
<author>
<name>Yury Norov [NVIDIA]</name>
<email>yury.norov@gmail.com</email>
</author>
<published>2025-09-10T01:36:41Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=5551d21284702a5f36791aecc7735870d0423996'/>
<id>urn:sha1:5551d21284702a5f36791aecc7735870d0423996</id>
<content type='text'>
wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the
function significantly simpler. While there, fix opencoded cpu_online()
too.

Signed-off-by: Yury Norov &lt;yury.norov@gmail.com&gt;
Reviewed-by: Simon Horman &lt;horms@kernel.org&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
Link: https://patch.msgid.link/20250910013644.4153708-2-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>wireguard: peer: Replace sockaddr with sockaddr_inet</title>
<updated>2025-07-25T22:29:58Z</updated>
<author>
<name>Kees Cook</name>
<email>kees@kernel.org</email>
</author>
<published>2025-07-22T17:18:32Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=9203e0a82c0b0c4b12d96d6f6f9ef9afbb6ca9c6'/>
<id>urn:sha1:9203e0a82c0b0c4b12d96d6f6f9ef9afbb6ca9c6</id>
<content type='text'>
As part of the removal of the variably-sized sockaddr for kernel
internals, replace struct sockaddr with sockaddr_inet in the endpoint
union.

No binary changes; the union size remains unchanged due to sockaddr_inet
matching the size of sockaddr_in6.

Signed-off-by: Kees Cook &lt;kees@kernel.org&gt;
Link: https://patch.msgid.link/20250722171836.1078436-2-kees@kernel.org
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: Use netif_threaded_enable instead of netif_set_threaded in drivers</title>
<updated>2025-07-25T01:34:55Z</updated>
<author>
<name>Samiullah Khawaja</name>
<email>skhawaja@google.com</email>
</author>
<published>2025-07-23T01:30:30Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=78afdadafe6fe0c74c08fda156e7be0a0b402b90'/>
<id>urn:sha1:78afdadafe6fe0c74c08fda156e7be0a0b402b90</id>
<content type='text'>
Prepare for adding an enum type for NAPI threaded states by adding
netif_threaded_enable API. De-export the existing netif_set_threaded API
and only use it internally. Update existing drivers to use
netif_threaded_enable instead of the de-exported netif_set_threaded.

Note that dev_set_threaded used by mt76 debugfs file is unchanged.

Signed-off-by: Samiullah Khawaja &lt;skhawaja@google.com&gt;
Link: https://patch.msgid.link/20250723013031.2911384-3-skhawaja@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: s/dev_set_threaded/netif_set_threaded/</title>
<updated>2025-07-19T00:27:47Z</updated>
<author>
<name>Stanislav Fomichev</name>
<email>sdf@fomichev.me</email>
</author>
<published>2025-07-17T17:23:32Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=5d4d84618e1aa2c9531afa3a6323f56e1db4dcf7'/>
<id>urn:sha1:5d4d84618e1aa2c9531afa3a6323f56e1db4dcf7</id>
<content type='text'>
Commit cc34acd577f1 ("docs: net: document new locking reality")
introduced netif_ vs dev_ function semantics: the former expects locked
netdev, the latter takes care of the locking. We don't strictly
follow this semantics on either side, but there are more dev_xxx handlers
now that don't fit. Rename them to netif_xxx where appropriate.

Note that one dev_set_threaded call still remains in mt76 for debugfs file.

Signed-off-by: Stanislav Fomichev &lt;sdf@fomichev.me&gt;
Link: https://patch.msgid.link/20250717172333.1288349-7-sdf@fomichev.me
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: ipv6: Add a flags argument to ip6tunnel_xmit(), udp_tunnel6_xmit_skb()</title>
<updated>2025-06-18T01:18:45Z</updated>
<author>
<name>Petr Machata</name>
<email>petrm@nvidia.com</email>
</author>
<published>2025-06-16T22:44:14Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=f78c75d84fe83898f0a00658f593d4f17b38cbc6'/>
<id>urn:sha1:f78c75d84fe83898f0a00658f593d4f17b38cbc6</id>
<content type='text'>
ip6tunnel_xmit() erases the contents of the SKB control block. In order to
be able to set particular IP6CB flags on the SKB, add a corresponding
parameter, and propagate it to udp_tunnel6_xmit_skb() as well.

In one of the following patches, VXLAN driver will use this facility to
mark packets as subject to IPv6 multicast routing.

Signed-off-by: Petr Machata &lt;petrm@nvidia.com&gt;
Reviewed-by: Ido Schimmel &lt;idosch@nvidia.com&gt;
Reviewed-by: Nikolay Aleksandrov &lt;razor@blackwall.org&gt;
Link: https://patch.msgid.link/acb4f9f3e40c3a931236c3af08a720b017fbfbfb.1750113335.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb()</title>
<updated>2025-06-18T01:18:44Z</updated>
<author>
<name>Petr Machata</name>
<email>petrm@nvidia.com</email>
</author>
<published>2025-06-16T22:44:09Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/linux-rng/commit/?id=e3411e326fa48c9be09ba449330352ba698db698'/>
<id>urn:sha1:e3411e326fa48c9be09ba449330352ba698db698</id>
<content type='text'>
iptunnel_xmit() erases the contents of the SKB control block. In order to
be able to set particular IPCB flags on the SKB, add a corresponding
parameter, and propagate it to udp_tunnel_xmit_skb() as well.

In one of the following patches, VXLAN driver will use this facility to
mark packets as subject to IP multicast routing.

Signed-off-by: Petr Machata &lt;petrm@nvidia.com&gt;
Reviewed-by: Ido Schimmel &lt;idosch@nvidia.com&gt;
Reviewed-by: Nikolay Aleksandrov &lt;razor@blackwall.org&gt;
Acked-by: Antonio Quartulli &lt;antonio@openvpn.net&gt;
Link: https://patch.msgid.link/89c9daf9f2dc088b6b92ccebcc929f51742de91f.1750113335.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
</feed>
