all crypto selftests failed on linux-next-20250424

all crypto selftests failed on linux-next-20250424

[Corentin Labbe]

Hello

All crypto selftests failed on top of linux-next-20250424

Example on x86_64:
[    4.637589] BUG: kernel NULL pointer dereference, address: 0000000000000000
[    4.637822] #PF: supervisor instruction fetch in kernel mode
[    4.637931] #PF: error_code(0x0010) - not-present page
[    4.638166] PGD 0 P4D 0 
[    4.638359] Oops: Oops: 0010 [#1] SMP NOPTI
[    4.638808] CPU: 0 UID: 0 PID: 64 Comm: virtio1-engine Not tainted 6.15.0-rc1-g63dc06cd12f9 #1 PREEMPT(voluntary) 
[    4.639068] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-20240910_120124-localhost 04/01/2014
[    4.639338] RIP: 0010:0x0
[    4.640112] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[    4.640253] RSP: 0018:ffffb2d8c025fe68 EFLAGS: 00010202
[    4.640451] RAX: 0000000000000000 RBX: ffffa1d009a937b0 RCX: ffffa1d009a93768
[    4.640579] RDX: ffffa1d009a93768 RSI: ffffa1d009b10920 RDI: ffffa1d009a93728
[    4.640706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000055
[    4.640829] R10: 0000000000000000 R11: 000000000000004b R12: ffffa1d009a93760
[    4.640952] R13: ffffa1d009b10920 R14: ffffa1d009a93768 R15: 0000000000000282
[    4.641126] FS:  0000000000000000(0000) GS:ffffa1d0c0efe000(0000) knlGS:0000000000000000
[    4.641272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    4.641379] CR2: ffffffffffffffd6 CR3: 0000000017e32000 CR4: 00000000000006f0
[    4.641592] Call Trace:
[    4.642112]  <TASK>
[    4.642234]  crypto_pump_work+0x151/0x290
[    4.642693]  ? __pfx_crypto_pump_work+0x10/0x10
[    4.642780]  kthread_worker_fn+0x94/0x250
[    4.642860]  ? __pfx_kthread_worker_fn+0x10/0x10
[    4.642942]  kthread+0xf6/0x1f0
[    4.643003]  ? __pfx_kthread+0x10/0x10
[    4.643086]  ret_from_fork+0x2f/0x50
[    4.643163]  ? __pfx_kthread+0x10/0x10
[    4.643234]  ret_from_fork_asm+0x1a/0x30
[    4.643345]  </TASK>
[    4.643434] Modules linked in:
[    4.643615] CR2: 0000000000000000
[    4.643899] ---[ end trace 0000000000000000 ]---
[    4.644059] RIP: 0010:0x0
[    4.644128] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[    4.644240] RSP: 0018:ffffb2d8c025fe68 EFLAGS: 00010202
[    4.644330] RAX: 0000000000000000 RBX: ffffa1d009a937b0 RCX: ffffa1d009a93768
[    4.644449] RDX: ffffa1d009a93768 RSI: ffffa1d009b10920 RDI: ffffa1d009a93728
[    4.644561] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000055
[    4.644672] R10: 0000000000000000 R11: 000000000000004b R12: ffffa1d009a93760
[    4.644783] R13: ffffa1d009b10920 R14: ffffa1d009a93768 R15: 0000000000000282
[    4.644894] FS:  0000000000000000(0000) GS:ffffa1d0c0efe000(0000) knlGS:0000000000000000
[    4.645019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    4.645142] CR2: ffffffffffffffd6 CR3: 0000000017e32000 CR4: 00000000000006f0
[    4.645326] note: virtio1-engine[64] exited with irqs disabled

Example for arm
[    0.293756] alg: self-tests for sha1 using sha1-ce failed (rc=-22)
[    0.293762] ------------[ cut here ]------------
[    0.293766] alg: self-tests for sha1 using sha1-ce failed (rc=-22)
[    0.293809] WARNING: CPU: 7 PID: 104 at crypto/testmgr.c:5871 alg_test+0x5e4/0x608
[    0.293833] Modules linked in:
[    0.293844] CPU: 7 UID: 0 PID: 104 Comm: cryptomgr_test Not tainted 6.15.0-rc3-next-20250424-00005-g954547706c5d #8 PREEMPT
[    0.293856] Hardware name: Radxa A5E (DT)
[    0.293861] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[    0.293871] pc : alg_test+0x5e4/0x608
[    0.293882] lr : alg_test+0x5e4/0x608
[    0.293893] sp : ffff80008175bd40
[    0.293896] x29: ffff80008175bde0 x28: 00000000000000bc x27: 0000000000000000
[    0.293911] x26: 00000000ffffffff x25: ffff800080fe1f58 x24: 00000000ffffffea
[    0.293925] x23: 0000000000000177 x22: ffff0000c202de80 x21: 000000000500000e
[    0.293939] x20: ffff0000c202de00 x19: ffff800080a05710 x18: 00000000fffffffe
[    0.294032] Call trace:
[    0.294036]  alg_test+0x5e4/0x608 (P)
[    0.294051]  cryptomgr_test+0x24/0x44
[    0.294063]  kthread+0x12c/0x204                                  
Regards

Re: all crypto selftests failed on linux-next-20250424

[Herbert Xu]

On Thu, Apr 24, 2025 at 02:09:34PM +0200, Corentin Labbe wrote:
>
> Example for arm
> [    0.293756] alg: self-tests for sha1 using sha1-ce failed (rc=-22)
> [    0.293762] ------------[ cut here ]------------
> [    0.293766] alg: self-tests for sha1 using sha1-ce failed (rc=-22)

Please attach the complete dmesg.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH] crypto: Remove CRYPTO_ALG_ENGINE bit

[Herbert Xu]

On Thu, Apr 24, 2025 at 02:09:34PM +0200, Corentin Labbe wrote:
> 
> Example on x86_64:
> [    4.637589] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [    4.637822] #PF: supervisor instruction fetch in kernel mode
> [    4.637931] #PF: error_code(0x0010) - not-present page
> [    4.638166] PGD 0 P4D 0 
> [    4.638359] Oops: Oops: 0010 [#1] SMP NOPTI
> [    4.638808] CPU: 0 UID: 0 PID: 64 Comm: virtio1-engine Not tainted 6.15.0-rc1-g63dc06cd12f9 #1 PREEMPT(voluntary) 

This patch should fix the crypto_engine failures:

---8<---
Remove the private and obsolete CRYPTO_ALG_ENGINE bit which is
conflicting with the new CRYPTO_ALG_DUP_FIRST bit.

Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index c7c16da5e649..445d3c113ee1 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -23,9 +23,6 @@
 
 #define CRYPTO_ENGINE_MAX_QLEN 10
 
-/* Temporary algorithm flag used to indicate an updated driver. */
-#define CRYPTO_ALG_ENGINE 0x200
-
 struct crypto_engine_alg {
 	struct crypto_alg base;
 	struct crypto_engine_op op;
@@ -148,16 +145,9 @@ static void crypto_pump_requests(struct crypto_engine *engine,
 		}
 	}
 
-	if (async_req->tfm->__crt_alg->cra_flags & CRYPTO_ALG_ENGINE) {
-		alg = container_of(async_req->tfm->__crt_alg,
-				   struct crypto_engine_alg, base);
-		op = &alg->op;
-	} else {
-		dev_err(engine->dev, "failed to do request\n");
-		ret = -EINVAL;
-		goto req_err_1;
-	}
-
+	alg = container_of(async_req->tfm->__crt_alg,
+			   struct crypto_engine_alg, base);
+	op = &alg->op;
 	ret = op->do_one_request(engine, async_req);
 
 	/* Request unsuccessfully executed by hardware */
@@ -569,9 +559,6 @@ int crypto_engine_register_aead(struct aead_engine_alg *alg)
 {
 	if (!alg->op.do_one_request)
 		return -EINVAL;
-
-	alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
 	return crypto_register_aead(&alg->base);
 }
 EXPORT_SYMBOL_GPL(crypto_engine_register_aead);
@@ -614,9 +601,6 @@ int crypto_engine_register_ahash(struct ahash_engine_alg *alg)
 {
 	if (!alg->op.do_one_request)
 		return -EINVAL;
-
-	alg->base.halg.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
 	return crypto_register_ahash(&alg->base);
 }
 EXPORT_SYMBOL_GPL(crypto_engine_register_ahash);
@@ -660,9 +644,6 @@ int crypto_engine_register_akcipher(struct akcipher_engine_alg *alg)
 {
 	if (!alg->op.do_one_request)
 		return -EINVAL;
-
-	alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
 	return crypto_register_akcipher(&alg->base);
 }
 EXPORT_SYMBOL_GPL(crypto_engine_register_akcipher);
@@ -677,9 +658,6 @@ int crypto_engine_register_kpp(struct kpp_engine_alg *alg)
 {
 	if (!alg->op.do_one_request)
 		return -EINVAL;
-
-	alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
 	return crypto_register_kpp(&alg->base);
 }
 EXPORT_SYMBOL_GPL(crypto_engine_register_kpp);
@@ -694,9 +672,6 @@ int crypto_engine_register_skcipher(struct skcipher_engine_alg *alg)
 {
 	if (!alg->op.do_one_request)
 		return -EINVAL;
-
-	alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
 	return crypto_register_skcipher(&alg->base);
 }
 EXPORT_SYMBOL_GPL(crypto_engine_register_skcipher);
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: Remove CRYPTO_ALG_ENGINE bit

[Corentin Labbe]

Le Thu, Apr 24, 2025 at 10:42:51PM +0800, Herbert Xu a écrit :
> On Thu, Apr 24, 2025 at 02:09:34PM +0200, Corentin Labbe wrote:
> > 
> > Example on x86_64:
> > [    4.637589] BUG: kernel NULL pointer dereference, address: 0000000000000000
> > [    4.637822] #PF: supervisor instruction fetch in kernel mode
> > [    4.637931] #PF: error_code(0x0010) - not-present page
> > [    4.638166] PGD 0 P4D 0 
> > [    4.638359] Oops: Oops: 0010 [#1] SMP NOPTI
> > [    4.638808] CPU: 0 UID: 0 PID: 64 Comm: virtio1-engine Not tainted 6.15.0-rc1-g63dc06cd12f9 #1 PREEMPT(voluntary) 
> 
> This patch should fix the crypto_engine failures:
> 
> ---8<---
> Remove the private and obsolete CRYPTO_ALG_ENGINE bit which is
> conflicting with the new CRYPTO_ALG_DUP_FIRST bit.
> 
> Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
> Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 

Thanks it fixes my crypto hw devices.
So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>

But I still got some crash with blake2b:
+[   54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer"
+[   54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
+[   54.348536] ------------[ cut here ]------------
+[   54.348545] WARNING: CPU: 1 PID: 909 at crypto/testmgr.c:5871 alg_test+0x644/0x654
+[   54.348575] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
+[   54.348583] Modules linked in: blake2b_neon(+) blake2b_generic rmd160 xxhash_generic ccm gcm crypto_null ghash_generic ghash_arm_ce camellia_generic fcrypt pcbc anubis wp512 khazad tea michael_mic arc4 libarc4 cast6_generic cast5_generic cast_common xctr serpent_generic lrw gf128mul twofish_generic twofish_common blowfish_generic blowfish_common md4 md5 tcrypt(+) cfg80211 bluetooth ecdh_generic ecc ctr sun8i_drm_hdmi uas des_generic libdes sun4i_codec snd_soc_core ac97_bus snd_pcm_dmaengine snd_pcm snd_timer snd lima drm_shmem_helper dw_hdmi gpu_sched aes_arm_bs aes_arm soundcore sunxi musb_hdrc sun4i_drm sun4i_frontend sun4i_tcon sun8i_mixer sun8i_ce sun8i_tcon_top drm_dma_helper display_connector
+[   54.348927] CPU: 1 UID: 0 PID: 909 Comm: cryptomgr_test Not tainted 6.15.0-rc1-g0ba1b8bdf183 #22 NONE 
+[   54.348941] Hardware name: Allwinner sun8i Family
+[   54.348947] Call trace: 
+[   54.348961]  unwind_backtrace from show_stack+0x10/0x14
+[   54.348989]  show_stack from dump_stack_lvl+0x54/0x68
+[   54.349010]  dump_stack_lvl from __warn+0x7c/0x128
+[   54.349035]  __warn from warn_slowpath_fmt+0x124/0x18c
+[   54.349059]  warn_slowpath_fmt from alg_test+0x644/0x654
+[   54.349081]  alg_test from cryptomgr_test+0x18/0x38
+[   54.349097]  cryptomgr_test from kthread+0x10c/0x238
+[   54.349121]  kthread from ret_from_fork+0x14/0x28
+[   54.349140] Exception stack(0xf0aa9fb0 to 0xf0aa9ff8)
+[   54.349151] 9fa0:                                     00000000 00000000 00000000 00000000
+[   54.349162] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[   54.349171] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
+[   54.349177] ---[ end trace 0000000000000000 ]---

Regards

[PATCH] crypto: arm/blake2b - Set FINAL_NONZERO

[Herbert Xu]

On Thu, Apr 24, 2025 at 10:39:09PM +0200, Corentin Labbe wrote:
>
> Thanks it fixes my crypto hw devices.
> So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>

What about the sha1-ce failure on arm64? Did that go away too?

That didn't seem related to crypto_engine.

> But I still got some crash with blake2b:
> +[   54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer"
> +[   54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
> +[   54.348536] ------------[ cut here ]------------

OK this is easy, I left out the FINAL_NONZERO bit in the arm patch:

---8<---
Set FINAL_NONZERO as blake2b expects to have at least one byte for
finalisation.

Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: cc28260ab4fb ("crypto: arm/blake2b - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/arm/crypto/blake2b-neon-glue.c b/arch/arm/crypto/blake2b-neon-glue.c
index 7ae4ba0afe06..2ff443a91724 100644
--- a/arch/arm/crypto/blake2b-neon-glue.c
+++ b/arch/arm/crypto/blake2b-neon-glue.c
@@ -52,7 +52,8 @@ static int crypto_blake2b_finup_neon(struct shash_desc *desc, const u8 *in,
 		.base.cra_driver_name	= driver_name,			\
 		.base.cra_priority	= 200,				\
 		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY |	\
-					  CRYPTO_AHASH_ALG_BLOCK_ONLY,	\
+					  CRYPTO_AHASH_ALG_BLOCK_ONLY |	\
+					  CRYPTO_AHASH_ALG_FINAL_NONZERO, \
 		.base.cra_blocksize	= BLAKE2B_BLOCK_SIZE,		\
 		.base.cra_ctxsize	= sizeof(struct blake2b_tfm_ctx), \
 		.base.cra_module	= THIS_MODULE,			\
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: arm/blake2b - Set FINAL_NONZERO

[Corentin Labbe]

Le Fri, Apr 25, 2025 at 11:33:39AM +0800, Herbert Xu a écrit :
> On Thu, Apr 24, 2025 at 10:39:09PM +0200, Corentin Labbe wrote:
> >
> > Thanks it fixes my crypto hw devices.
> > So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
> 
> What about the sha1-ce failure on arm64? Did that go away too?

No they are still there:
[    2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
[    2.022950] alg: self-tests for sha1 using sha1-ce failed (rc=-22)
[    2.022957] ------------[ cut here ]------------
[    2.022960] alg: self-tests for sha1 using sha1-ce failed (rc=-22)
[    2.023009] WARNING: CPU: 3 PID: 110 at crypto/testmgr.c:5871 alg_test+0x5e8/0x60c
[    2.023033] Modules linked in:
[    2.023046] CPU: 3 UID: 0 PID: 110 Comm: cryptomgr_test Not tainted 6.15.0-rc1-g583d02477052 #2 PREEMPT 
Setting prompt string to ['-+\\[ end trace \\w* \\]-+[^\\n]*\\r', '/ #', '~ #', 'sh-5.1#', 'Login timed out', 'Login incorrect']
[    2.023057] Hardware name: Pine64 PINE H64 Model A (DT)
[    2.023062] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[    2.023071] pc : alg_test+0x5e8/0x60c
[    2.023081] lr : alg_test+0x5e8/0x60c
[    2.023090] sp : ffff80008180bd40
[    2.023093] x29: ffff80008180bde0 x28: 00000000000000bc x27: 0000000000000000
[    2.023106] x26: 00000000ffffffff x25: 00000000ffffffea x24: 0000000000000177
[    2.023118] x23: ffff800081014208 x22: ffff00000152ae80 x21: 000000000500000e
[    2.023130] x20: ffff00000152ae00 x19: ffff800080a26238 x18: 00000000fffffffe
[    2.023142] x17: 2c3020726f746365 x16: 762074736574206e x15: ffff800080fdc47b
[    2.023154] x14: 0000000000000000 x13: ffff800080fdc47f x12: 65742d666c657320
[    2.023165] x11: 0000000000000058 x10: 0000000000000029 x9 : 0000000000000001
[    2.023177] x8 : ffff800080ec3308 x7 : ffff80008180bae0 x6 : 000000000000000c
[    2.023188] x5 : 0000000000000000 x4 : 00000000fffff0b5 x3 : 0000000000000000
[    2.023199] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000099a7000
[    2.023211] Call trace:
[    2.023216]  alg_test+0x5e8/0x60c (P)
[    2.023229]  cryptomgr_test+0x24/0x44
[    2.023240]  kthread+0x12c/0x204
[    2.023253]  ret_from_fork+0x10/0x20
[    2.023267] ---[ end trace 0000000000000000 ]---


> 
> That didn't seem related to crypto_engine.
> 
> > But I still got some crash with blake2b:
> > +[   54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer"
> > +[   54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
> > +[   54.348536] ------------[ cut here ]------------
> 
> OK this is easy, I left out the FINAL_NONZERO bit in the arm patch:
> 

blake2b crash disappear, so
Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>

Thanks

[PATCH] crypto: arm64/sha1 - Set finalize for short finup

[Herbert Xu]

On Fri, Apr 25, 2025 at 12:42:17PM +0200, Corentin Labbe wrote:
>
> No they are still there:
> [    2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"

Thanks, I see the problem now.  The zero-length hash doesn't
set sctx->finalize correctly:

---8<---
Always set sctx->finalize before calling finup as it may not have
been set previously on a short final.

Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: b97d31100e36 ("crypto: arm64/sha1 - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c
index 1f8c93fe1e64..65b6980817e5 100644
--- a/arch/arm64/crypto/sha1-ce-glue.c
+++ b/arch/arm64/crypto/sha1-ce-glue.c
@@ -79,8 +79,10 @@ static int sha1_ce_finup(struct shash_desc *desc, const u8 *data,
 		data += len - remain;
 		len = remain;
 	}
-	if (!finalized)
+	if (!finalized) {
+		sctx->finalize = 0;
 		sha1_base_do_finup(desc, data, len, sha1_ce_transform);
+	}
 	return sha1_base_finish(desc, out);
 }
 
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: arm64/sha1 - Set finalize for short finup

[Corentin Labbe]

Le Fri, Apr 25, 2025 at 06:58:13PM +0800, Herbert Xu a écrit :
> On Fri, Apr 25, 2025 at 12:42:17PM +0200, Corentin Labbe wrote:
> >
> > No they are still there:
> > [    2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
> 
> Thanks, I see the problem now.  The zero-length hash doesn't
> set sctx->finalize correctly:
> 
> ---8<---
> Always set sctx->finalize before calling finup as it may not have
> been set previously on a short final.
> 
> Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
> Fixes: b97d31100e36 ("crypto: arm64/sha1 - Use API partial block handling")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 

Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>

Thanks