On Thu, Apr 24, 2025 at 02:09:34PM +0200, Corentin Labbe wrote:
>
> Example on x86_64:
> [ 4.637589] BUG: kernel NULL pointer dereference, address: 0000000000000000
> [ 4.637822] #PF: supervisor instruction fetch in kernel mode
> [ 4.637931] #PF: error_code(0x0010) - not-present page
> [ 4.638166] PGD 0 P4D 0
> [ 4.638359] Oops: Oops: 0010 [#1] SMP NOPTI
> [ 4.638808] CPU: 0 UID: 0 PID: 64 Comm: virtio1-engine Not tainted 6.15.0-rc1-g63dc06cd12f9 #1 PREEMPT(voluntary)
This patch should fix the crypto_engine failures:
---8<---
Remove the private and obsolete CRYPTO_ALG_ENGINE bit which is
conflicting with the new CRYPTO_ALG_DUP_FIRST bit.
Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index c7c16da5e649..445d3c113ee1 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -23,9 +23,6 @@
#define CRYPTO_ENGINE_MAX_QLEN 10
-/* Temporary algorithm flag used to indicate an updated driver. */
-#define CRYPTO_ALG_ENGINE 0x200
-
struct crypto_engine_alg {
struct crypto_alg base;
struct crypto_engine_op op;
@@ -148,16 +145,9 @@ static void crypto_pump_requests(struct crypto_engine *engine,
}
}
- if (async_req->tfm->__crt_alg->cra_flags & CRYPTO_ALG_ENGINE) {
- alg = container_of(async_req->tfm->__crt_alg,
- struct crypto_engine_alg, base);
- op = &alg->op;
- } else {
- dev_err(engine->dev, "failed to do request\n");
- ret = -EINVAL;
- goto req_err_1;
- }
-
+ alg = container_of(async_req->tfm->__crt_alg,
+ struct crypto_engine_alg, base);
+ op = &alg->op;
ret = op->do_one_request(engine, async_req);
/* Request unsuccessfully executed by hardware */
@@ -569,9 +559,6 @@ int crypto_engine_register_aead(struct aead_engine_alg *alg)
{
if (!alg->op.do_one_request)
return -EINVAL;
-
- alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
return crypto_register_aead(&alg->base);
}
EXPORT_SYMBOL_GPL(crypto_engine_register_aead);
@@ -614,9 +601,6 @@ int crypto_engine_register_ahash(struct ahash_engine_alg *alg)
{
if (!alg->op.do_one_request)
return -EINVAL;
-
- alg->base.halg.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
return crypto_register_ahash(&alg->base);
}
EXPORT_SYMBOL_GPL(crypto_engine_register_ahash);
@@ -660,9 +644,6 @@ int crypto_engine_register_akcipher(struct akcipher_engine_alg *alg)
{
if (!alg->op.do_one_request)
return -EINVAL;
-
- alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
return crypto_register_akcipher(&alg->base);
}
EXPORT_SYMBOL_GPL(crypto_engine_register_akcipher);
@@ -677,9 +658,6 @@ int crypto_engine_register_kpp(struct kpp_engine_alg *alg)
{
if (!alg->op.do_one_request)
return -EINVAL;
-
- alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
return crypto_register_kpp(&alg->base);
}
EXPORT_SYMBOL_GPL(crypto_engine_register_kpp);
@@ -694,9 +672,6 @@ int crypto_engine_register_skcipher(struct skcipher_engine_alg *alg)
{
if (!alg->op.do_one_request)
return -EINVAL;
-
- alg->base.base.cra_flags |= CRYPTO_ALG_ENGINE;
-
return crypto_register_skcipher(&alg->base);
}
EXPORT_SYMBOL_GPL(crypto_engine_register_skcipher);
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txtLe Thu, Apr 24, 2025 at 10:42:51PM +0800, Herbert Xu a écrit :
> On Thu, Apr 24, 2025 at 02:09:34PM +0200, Corentin Labbe wrote:
> >
> > Example on x86_64:
> > [ 4.637589] BUG: kernel NULL pointer dereference, address: 0000000000000000
> > [ 4.637822] #PF: supervisor instruction fetch in kernel mode
> > [ 4.637931] #PF: error_code(0x0010) - not-present page
> > [ 4.638166] PGD 0 P4D 0
> > [ 4.638359] Oops: Oops: 0010 [#1] SMP NOPTI
> > [ 4.638808] CPU: 0 UID: 0 PID: 64 Comm: virtio1-engine Not tainted 6.15.0-rc1-g63dc06cd12f9 #1 PREEMPT(voluntary)
>
> This patch should fix the crypto_engine failures:
>
> ---8<---
> Remove the private and obsolete CRYPTO_ALG_ENGINE bit which is
> conflicting with the new CRYPTO_ALG_DUP_FIRST bit.
>
> Reported-by: Corentin Labbe <clabbe.montjoie@gmail.com>
> Fixes: f1440a90465b ("crypto: api - Add support for duplicating algorithms before registration")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
Thanks it fixes my crypto hw devices.
So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
But I still got some crash with blake2b:
+[ 54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer"
+[ 54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
+[ 54.348536] ------------[ cut here ]------------
+[ 54.348545] WARNING: CPU: 1 PID: 909 at crypto/testmgr.c:5871 alg_test+0x644/0x654
+[ 54.348575] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
+[ 54.348583] Modules linked in: blake2b_neon(+) blake2b_generic rmd160 xxhash_generic ccm gcm crypto_null ghash_generic ghash_arm_ce camellia_generic fcrypt pcbc anubis wp512 khazad tea michael_mic arc4 libarc4 cast6_generic cast5_generic cast_common xctr serpent_generic lrw gf128mul twofish_generic twofish_common blowfish_generic blowfish_common md4 md5 tcrypt(+) cfg80211 bluetooth ecdh_generic ecc ctr sun8i_drm_hdmi uas des_generic libdes sun4i_codec snd_soc_core ac97_bus snd_pcm_dmaengine snd_pcm snd_timer snd lima drm_shmem_helper dw_hdmi gpu_sched aes_arm_bs aes_arm soundcore sunxi musb_hdrc sun4i_drm sun4i_frontend sun4i_tcon sun8i_mixer sun8i_ce sun8i_tcon_top drm_dma_helper display_connector
+[ 54.348927] CPU: 1 UID: 0 PID: 909 Comm: cryptomgr_test Not tainted 6.15.0-rc1-g0ba1b8bdf183 #22 NONE
+[ 54.348941] Hardware name: Allwinner sun8i Family
+[ 54.348947] Call trace:
+[ 54.348961] unwind_backtrace from show_stack+0x10/0x14
+[ 54.348989] show_stack from dump_stack_lvl+0x54/0x68
+[ 54.349010] dump_stack_lvl from __warn+0x7c/0x128
+[ 54.349035] __warn from warn_slowpath_fmt+0x124/0x18c
+[ 54.349059] warn_slowpath_fmt from alg_test+0x644/0x654
+[ 54.349081] alg_test from cryptomgr_test+0x18/0x38
+[ 54.349097] cryptomgr_test from kthread+0x10c/0x238
+[ 54.349121] kthread from ret_from_fork+0x14/0x28
+[ 54.349140] Exception stack(0xf0aa9fb0 to 0xf0aa9ff8)
+[ 54.349151] 9fa0: 00000000 00000000 00000000 00000000
+[ 54.349162] 9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[ 54.349171] 9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
+[ 54.349177] ---[ end trace 0000000000000000 ]---
Regards
On Thu, Apr 24, 2025 at 10:39:09PM +0200, Corentin Labbe wrote:
>
> Thanks it fixes my crypto hw devices.
> So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
What about the sha1-ce failure on arm64? Did that go away too?
That didn't seem related to crypto_engine.
> But I still got some crash with blake2b:
> +[ 54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer"
> +[ 54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22)
> +[ 54.348536] ------------[ cut here ]------------
OK this is easy, I left out the FINAL_NONZERO bit in the arm patch:
---8<---
Set FINAL_NONZERO as blake2b expects to have at least one byte for
finalisation.
Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: cc28260ab4fb ("crypto: arm/blake2b - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/arch/arm/crypto/blake2b-neon-glue.c b/arch/arm/crypto/blake2b-neon-glue.c
index 7ae4ba0afe06..2ff443a91724 100644
--- a/arch/arm/crypto/blake2b-neon-glue.c
+++ b/arch/arm/crypto/blake2b-neon-glue.c
@@ -52,7 +52,8 @@ static int crypto_blake2b_finup_neon(struct shash_desc *desc, const u8 *in,
.base.cra_driver_name = driver_name, \
.base.cra_priority = 200, \
.base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY | \
- CRYPTO_AHASH_ALG_BLOCK_ONLY, \
+ CRYPTO_AHASH_ALG_BLOCK_ONLY | \
+ CRYPTO_AHASH_ALG_FINAL_NONZERO, \
.base.cra_blocksize = BLAKE2B_BLOCK_SIZE, \
.base.cra_ctxsize = sizeof(struct blake2b_tfm_ctx), \
.base.cra_module = THIS_MODULE, \
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txtLe Fri, Apr 25, 2025 at 11:33:39AM +0800, Herbert Xu a écrit : > On Thu, Apr 24, 2025 at 10:39:09PM +0200, Corentin Labbe wrote: > > > > Thanks it fixes my crypto hw devices. > > So Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com> > > What about the sha1-ce failure on arm64? Did that go away too? No they are still there: [ 2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer" [ 2.022950] alg: self-tests for sha1 using sha1-ce failed (rc=-22) [ 2.022957] ------------[ cut here ]------------ [ 2.022960] alg: self-tests for sha1 using sha1-ce failed (rc=-22) [ 2.023009] WARNING: CPU: 3 PID: 110 at crypto/testmgr.c:5871 alg_test+0x5e8/0x60c [ 2.023033] Modules linked in: [ 2.023046] CPU: 3 UID: 0 PID: 110 Comm: cryptomgr_test Not tainted 6.15.0-rc1-g583d02477052 #2 PREEMPT Setting prompt string to ['-+\\[ end trace \\w* \\]-+[^\\n]*\\r', '/ #', '~ #', 'sh-5.1#', 'Login timed out', 'Login incorrect'] [ 2.023057] Hardware name: Pine64 PINE H64 Model A (DT) [ 2.023062] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.023071] pc : alg_test+0x5e8/0x60c [ 2.023081] lr : alg_test+0x5e8/0x60c [ 2.023090] sp : ffff80008180bd40 [ 2.023093] x29: ffff80008180bde0 x28: 00000000000000bc x27: 0000000000000000 [ 2.023106] x26: 00000000ffffffff x25: 00000000ffffffea x24: 0000000000000177 [ 2.023118] x23: ffff800081014208 x22: ffff00000152ae80 x21: 000000000500000e [ 2.023130] x20: ffff00000152ae00 x19: ffff800080a26238 x18: 00000000fffffffe [ 2.023142] x17: 2c3020726f746365 x16: 762074736574206e x15: ffff800080fdc47b [ 2.023154] x14: 0000000000000000 x13: ffff800080fdc47f x12: 65742d666c657320 [ 2.023165] x11: 0000000000000058 x10: 0000000000000029 x9 : 0000000000000001 [ 2.023177] x8 : ffff800080ec3308 x7 : ffff80008180bae0 x6 : 000000000000000c [ 2.023188] x5 : 0000000000000000 x4 : 00000000fffff0b5 x3 : 0000000000000000 [ 2.023199] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000099a7000 [ 2.023211] Call trace: [ 2.023216] alg_test+0x5e8/0x60c (P) [ 2.023229] cryptomgr_test+0x24/0x44 [ 2.023240] kthread+0x12c/0x204 [ 2.023253] ret_from_fork+0x10/0x20 [ 2.023267] ---[ end trace 0000000000000000 ]--- > > That didn't seem related to crypto_engine. > > > But I still got some crash with blake2b: > > +[ 54.348477] alg: shash: blake2b-256-neon test failed (wrong result) on test vector 1, cfg="init+update+final aligned buffer" > > +[ 54.348525] alg: self-tests for blake2b-256 using blake2b-256-neon failed (rc=-22) > > +[ 54.348536] ------------[ cut here ]------------ > > OK this is easy, I left out the FINAL_NONZERO bit in the arm patch: > blake2b crash disappear, so Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com> Thanks
On Fri, Apr 25, 2025 at 12:42:17PM +0200, Corentin Labbe wrote:
>
> No they are still there:
> [ 2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
Thanks, I see the problem now. The zero-length hash doesn't
set sctx->finalize correctly:
---8<---
Always set sctx->finalize before calling finup as it may not have
been set previously on a short final.
Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Fixes: b97d31100e36 ("crypto: arm64/sha1 - Use API partial block handling")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c
index 1f8c93fe1e64..65b6980817e5 100644
--- a/arch/arm64/crypto/sha1-ce-glue.c
+++ b/arch/arm64/crypto/sha1-ce-glue.c
@@ -79,8 +79,10 @@ static int sha1_ce_finup(struct shash_desc *desc, const u8 *data,
data += len - remain;
len = remain;
}
- if (!finalized)
+ if (!finalized) {
+ sctx->finalize = 0;
sha1_base_do_finup(desc, data, len, sha1_ce_transform);
+ }
return sha1_base_finish(desc, out);
}
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txtLe Fri, Apr 25, 2025 at 06:58:13PM +0800, Herbert Xu a écrit :
> On Fri, Apr 25, 2025 at 12:42:17PM +0200, Corentin Labbe wrote:
> >
> > No they are still there:
> > [ 2.022921] alg: shash: sha1-ce test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
>
> Thanks, I see the problem now. The zero-length hash doesn't
> set sctx->finalize correctly:
>
> ---8<---
> Always set sctx->finalize before calling finup as it may not have
> been set previously on a short final.
>
> Reported-by: Corentin LABBE <clabbe.montjoie@gmail.com>
> Fixes: b97d31100e36 ("crypto: arm64/sha1 - Use API partial block handling")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
Tested-by: Corentin LABBE <clabbe.montjoie@gmail.com>
Thanks
© 2016 - 2026 Red Hat, Inc.