This patchset replaces the 256-bit vector implementation of AES-GCM for
x86_64 with one that requires AVX2 rather than AVX512.  This greatly
improves AES-GCM performance on CPUs that have VAES but not AVX512, for
example by up to 74% on AMD Zen 3.  For more details, see patch 1.

This patchset also renames the 512-bit vector implementation of AES-GCM
for x86_64 to be named after AVX512 rather than AVX10/512, then adds
some additional optimizations to it.

This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
I'd prefer to just apply this myself.  But let me know if you'd prefer
to take it instead (considering that AES-GCM hasn't been librarified
yet).  Either way, there's no hurry, since this is targeting 6.19.

Eric Biggers (8):
  crypto: x86/aes-gcm - add VAES+AVX2 optimized code
  crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
  crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
  crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
  crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
    functions
  crypto: x86/aes-gcm - revise some comments in AVX512 code
  crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
  crypto: x86/aes-gcm - optimize long AAD processing with AVX512

 arch/x86/crypto/Makefile                      |    5 +-
 arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
 arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
 ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
 arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
 5 files changed, 1667 insertions(+), 486 deletions(-)
 create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
 rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)

base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
-- 
2.51.0

Eric Biggers <ebiggers@kernel.org> wrote:
> This patchset replaces the 256-bit vector implementation of AES-GCM for
> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> 
> This patchset also renames the 512-bit vector implementation of AES-GCM
> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> some additional optimizations to it.
> 
> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> I'd prefer to just apply this myself.  But let me know if you'd prefer
> to take it instead (considering that AES-GCM hasn't been librarified
> yet).  Either way, there's no hurry, since this is targeting 6.19.
> 
> Eric Biggers (8):
>  crypto: x86/aes-gcm - add VAES+AVX2 optimized code
>  crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
>  crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
>  crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
>  crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
>    functions
>  crypto: x86/aes-gcm - revise some comments in AVX512 code
>  crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
>  crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> 
> arch/x86/crypto/Makefile                      |    5 +-
> arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
> arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
> ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
> arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
> 5 files changed, 1667 insertions(+), 486 deletions(-)
> create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
> rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> 
> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
> This patchset replaces the 256-bit vector implementation of AES-GCM for
> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> 
> This patchset also renames the 512-bit vector implementation of AES-GCM
> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> some additional optimizations to it.
> 
> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> I'd prefer to just apply this myself.  But let me know if you'd prefer
> to take it instead (considering that AES-GCM hasn't been librarified
> yet).  Either way, there's no hurry, since this is targeting 6.19.
> 
> Eric Biggers (8):
>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
>     functions
>   crypto: x86/aes-gcm - revise some comments in AVX512 code
>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> 
>  arch/x86/crypto/Makefile                      |    5 +-
>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
>  5 files changed, 1667 insertions(+), 486 deletions(-)
>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> 
> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next

- Eric

Eric Biggers <ebiggers@kernel.org> wrote:
> On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
>> This patchset replaces the 256-bit vector implementation of AES-GCM for
>> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
>> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
>> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
>> 
>> This patchset also renames the 512-bit vector implementation of AES-GCM
>> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
>> some additional optimizations to it.
>> 
>> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
>> I'd prefer to just apply this myself.  But let me know if you'd prefer
>> to take it instead (considering that AES-GCM hasn't been librarified
>> yet).  Either way, there's no hurry, since this is targeting 6.19.
>> 
>> Eric Biggers (8):
>>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
>>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
>>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
>>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
>>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
>>     functions
>>   crypto: x86/aes-gcm - revise some comments in AVX512 code
>>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
>>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
>> 
>>  arch/x86/crypto/Makefile                      |    5 +-
>>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
>>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
>>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
>>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
>>  5 files changed, 1667 insertions(+), 486 deletions(-)
>>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
>>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
>> 
>> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
> 
> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next

Oops, I didn't see this email until it was too late.  Since the
patches should be identical I don't think it matters.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On Fri, 17 Oct 2025 at 10:25, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> Eric Biggers <ebiggers@kernel.org> wrote:
> > On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
> >> This patchset replaces the 256-bit vector implementation of AES-GCM for
> >> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> >> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> >> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> >>
> >> This patchset also renames the 512-bit vector implementation of AES-GCM
> >> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> >> some additional optimizations to it.
> >>
> >> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> >> I'd prefer to just apply this myself.  But let me know if you'd prefer
> >> to take it instead (considering that AES-GCM hasn't been librarified
> >> yet).  Either way, there's no hurry, since this is targeting 6.19.
> >>
> >> Eric Biggers (8):
> >>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
> >>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
> >>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
> >>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
> >>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
> >>     functions
> >>   crypto: x86/aes-gcm - revise some comments in AVX512 code
> >>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
> >>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> >>
> >>  arch/x86/crypto/Makefile                      |    5 +-
> >>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
> >>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
> >>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
> >>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
> >>  5 files changed, 1667 insertions(+), 486 deletions(-)
> >>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
> >>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> >>
> >> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
> >
> > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next
>
> Oops, I didn't see this email until it was too late.  Since the
> patches should be identical I don't think it matters.
>

You also failed to apply my acked-by/tested-by so perhaps you should
just drop the patches from your tree again.

On Fri, Oct 17, 2025 at 10:44:37AM +0200, Ard Biesheuvel wrote:
> On Fri, 17 Oct 2025 at 10:25, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> >
> > Eric Biggers <ebiggers@kernel.org> wrote:
> > > On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
> > >> This patchset replaces the 256-bit vector implementation of AES-GCM for
> > >> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> > >> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> > >> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> > >>
> > >> This patchset also renames the 512-bit vector implementation of AES-GCM
> > >> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> > >> some additional optimizations to it.
> > >>
> > >> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> > >> I'd prefer to just apply this myself.  But let me know if you'd prefer
> > >> to take it instead (considering that AES-GCM hasn't been librarified
> > >> yet).  Either way, there's no hurry, since this is targeting 6.19.
> > >>
> > >> Eric Biggers (8):
> > >>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
> > >>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
> > >>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
> > >>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
> > >>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
> > >>     functions
> > >>   crypto: x86/aes-gcm - revise some comments in AVX512 code
> > >>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
> > >>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> > >>
> > >>  arch/x86/crypto/Makefile                      |    5 +-
> > >>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
> > >>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
> > >>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
> > >>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
> > >>  5 files changed, 1667 insertions(+), 486 deletions(-)
> > >>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
> > >>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> > >>
> > >> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
> > >
> > > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next
> >
> > Oops, I didn't see this email until it was too late.  Since the
> > patches should be identical I don't think it matters.

Well, it seems you didn't read the patchset (even the cover letter) or
any of the replies to it.  So maybe I should just take it, as I already
said I preferred, and later did do since you hadn't said you wanted to
take it.  It would have been okay if you had volunteered to take this,
but you need to actually read the patches and replies.

As for the patches being identical, besides correctly applying Ard's
tags, I made a couple very minor changes that weren't worth sending a v2
for: clarifying one of the commit messages, and correcting two comments
and dropping some unused aliases from aes-gcm-vaes-avx2.S.

- Eric

On Fri, Oct 17, 2025 at 09:04:37AM -0700, Eric Biggers wrote:
> 
> Well, it seems you didn't read the patchset (even the cover letter) or
> any of the replies to it.  So maybe I should just take it, as I already
> said I preferred, and later did do since you hadn't said you wanted to
> take it.  It would have been okay if you had volunteered to take this,
> but you need to actually read the patches and replies.

The reason I didn't see your cover-letter is because you didn't send
it to me.  Your To/CC list was:

To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
x86@kernel.org,
Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Eric Biggers <ebiggers@kernel.org>

So all I get is the patches without the cover letter.  Of course
anybody who replies to the cover letter won't be visible to me
either.

Please consider adding my email address to the Cc list next time.

I will drop this patch-set.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On Mon, Oct 20, 2025 at 12:13:48PM +0800, Herbert Xu wrote:
> On Fri, Oct 17, 2025 at 09:04:37AM -0700, Eric Biggers wrote:
> > 
> > Well, it seems you didn't read the patchset (even the cover letter) or
> > any of the replies to it.  So maybe I should just take it, as I already
> > said I preferred, and later did do since you hadn't said you wanted to
> > take it.  It would have been okay if you had volunteered to take this,
> > but you need to actually read the patches and replies.
> 
> The reason I didn't see your cover-letter is because you didn't send
> it to me.  Your To/CC list was:
> 
> To: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org,
> x86@kernel.org,
> Ard Biesheuvel <ardb@kernel.org>,
> "Jason A . Donenfeld" <Jason@zx2c4.com>,
> Eric Biggers <ebiggers@kernel.org>
> 
> So all I get is the patches without the cover letter.  Of course
> anybody who replies to the cover letter won't be visible to me
> either.
> 
> Please consider adding my email address to the Cc list next time.

Well, one would think you would be subscribed to linux-crypto.
But whatever, I'll Cc you explicitly on future patches.

> I will drop this patch-set.

Thanks,

- Eric

On Mon, Oct 20, 2025 at 09:57:58AM -0700, Eric Biggers wrote:
>
> Well, one would think you would be subscribed to linux-crypto.
> But whatever, I'll Cc you explicitly on future patches.

I never said that I'm not subscribed to linux-crypto.  I will eventually
see it, but it could be too late if you wanted me to action on an item
that's only in the cover letter.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

On Fri, Oct 17, 2025 at 09:04:37AM -0700, Eric Biggers wrote:
> On Fri, Oct 17, 2025 at 10:44:37AM +0200, Ard Biesheuvel wrote:
> > On Fri, 17 Oct 2025 at 10:25, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> > >
> > > Eric Biggers <ebiggers@kernel.org> wrote:
> > > > On Wed, Oct 01, 2025 at 07:31:09PM -0700, Eric Biggers wrote:
> > > >> This patchset replaces the 256-bit vector implementation of AES-GCM for
> > > >> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> > > >> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> > > >> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
> > > >>
> > > >> This patchset also renames the 512-bit vector implementation of AES-GCM
> > > >> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> > > >> some additional optimizations to it.
> > > >>
> > > >> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> > > >> I'd prefer to just apply this myself.  But let me know if you'd prefer
> > > >> to take it instead (considering that AES-GCM hasn't been librarified
> > > >> yet).  Either way, there's no hurry, since this is targeting 6.19.
> > > >>
> > > >> Eric Biggers (8):
> > > >>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
> > > >>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
> > > >>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
> > > >>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
> > > >>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
> > > >>     functions
> > > >>   crypto: x86/aes-gcm - revise some comments in AVX512 code
> > > >>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
> > > >>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
> > > >>
> > > >>  arch/x86/crypto/Makefile                      |    5 +-
> > > >>  arch/x86/crypto/aes-gcm-aesni-x86_64.S        |   12 +-
> > > >>  arch/x86/crypto/aes-gcm-vaes-avx2.S           | 1150 +++++++++++++++++
> > > >>  ...m-avx10-x86_64.S => aes-gcm-vaes-avx512.S} |  722 +++++------
> > > >>  arch/x86/crypto/aesni-intel_glue.c            |  264 ++--
> > > >>  5 files changed, 1667 insertions(+), 486 deletions(-)
> > > >>  create mode 100644 arch/x86/crypto/aes-gcm-vaes-avx2.S
> > > >>  rename arch/x86/crypto/{aes-gcm-avx10-x86_64.S => aes-gcm-vaes-avx512.S} (69%)
> > > >>
> > > >> base-commit: 3b9b1f8df454caa453c7fb07689064edb2eda90a
> > > >
> > > > Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next
> > >
> > > Oops, I didn't see this email until it was too late.  Since the
> > > patches should be identical I don't think it matters.
> 
> Well, it seems you didn't read the patchset (even the cover letter) or
> any of the replies to it.  So maybe I should just take it, as I already
> said I preferred, and later did do since you hadn't said you wanted to
> take it.  It would have been okay if you had volunteered to take this,
> but you need to actually read the patches and replies.
> 
> As for the patches being identical, besides correctly applying Ard's
> tags, I made a couple very minor changes that weren't worth sending a v2
> for: clarifying one of the commit messages, and correcting two comments
> and dropping some unused aliases from aes-gcm-vaes-avx2.S.

And to be clear, these aren't going to go through two trees.  That would
be silly.  If you really want to take them after all, then ask me to
drop them first, and make sure to apply them properly with Acked-by and
Tested-by tags.  Otherwise, please drop your duplicate copy.

Thanks,

- Eric

On Wed, 1 Oct 2025 at 19:34, Eric Biggers <ebiggers@kernel.org> wrote:
>
> This patchset replaces the 256-bit vector implementation of AES-GCM for
> x86_64 with one that requires AVX2 rather than AVX512.  This greatly
> improves AES-GCM performance on CPUs that have VAES but not AVX512, for
> example by up to 74% on AMD Zen 3.  For more details, see patch 1.
>
> This patchset also renames the 512-bit vector implementation of AES-GCM
> for x86_64 to be named after AVX512 rather than AVX10/512, then adds
> some additional optimizations to it.
>
> This patchset applies to next-20250929 and is targeting 6.19.  Herbert,
> I'd prefer to just apply this myself.  But let me know if you'd prefer
> to take it instead (considering that AES-GCM hasn't been librarified
> yet).  Either way, there's no hurry, since this is targeting 6.19.
>
> Eric Biggers (8):
>   crypto: x86/aes-gcm - add VAES+AVX2 optimized code
>   crypto: x86/aes-gcm - remove VAES+AVX10/256 optimized code
>   crypto: x86/aes-gcm - rename avx10 and avx10_512 to avx512
>   crypto: x86/aes-gcm - clean up AVX512 code to assume 512-bit vectors
>   crypto: x86/aes-gcm - reorder AVX512 precompute and aad_update
>     functions
>   crypto: x86/aes-gcm - revise some comments in AVX512 code
>   crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1
>   crypto: x86/aes-gcm - optimize long AAD processing with AVX512
>

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Ard Biesheuvel <ardb@kernel.org>