Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4005575pxf; Mon, 29 Mar 2021 18:27:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzNqoXsogyRpBBWGgUmaBIwGXtP7WkSZuJEozE2Xv45aRzslhMguSy18BmuWHkF6x7qjYSp X-Received: by 2002:a17:906:1519:: with SMTP id b25mr30978340ejd.254.1617067652051; Mon, 29 Mar 2021 18:27:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617067652; cv=none; d=google.com; s=arc-20160816; b=TQ1jFdMTr6GN3XoCDqb49tpkICf0u6PIYJNky2M21ucTx1b9DuCsFHWoO9q5gJYdn9 ORzeoOeTYKTtpPX1eng8guKRJSZVJy8uL+qzO5BW1B8ryTxTf1dm1lpHYlA7bXsbjzm1 NDoQ4K8rPDyZbm+LfVThggIebu5uH2l+K93x/glaEJ5f+m+zJA2Z6HDLketam4SMfBq/ d7UjYPbKDRaDHtIpzfin2kOBiQwvCHsg79K6Ht+N6kzqdJsYzMPyKomyvhjgAillGl4a tsR2Q1Hkvvwbr8oee4WhHwaqBqn1hteJpz/0dPg/3d6blyZggcbo7zQvRO16v5zTWiBJ 8lUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=oPcpzpnUGCAssDOIVsKW0Yye1/f8XxyDuatrr9V3FqQ=; b=V54O/+jKsfTivRLulyurFNlBI71RkNLK5/mcZINE7aKL5fBd9thapfOzQhnbNjVCdb AIl7m7XgXplOEuuEVNMSiEX1kUhdXxOz7GsLVGEQ6pmE7XAb40yU9B/trs7/SwzZcu8f M1fIIwtj+P5m4O3M5A+Q9Q2lYInelPHpVRnUXkgpzWCk76sp0QRtHRIh6yia5ri5naEw zNo54DS24QrU0egY67X5bQ3Ndwwm7oZlxQkqSMBjMOupg7sA0/SOIJceIqL6QMwIiPEg She0CIH0vjvMj17wA3ET14Jud9nk16GVb3DdMrIX8MYw/S/HR3FPZA6lBKgIJTcSzsQz eRSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=isj9eWZA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x26si14227821edv.23.2021.03.29.18.27.08; Mon, 29 Mar 2021 18:27:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=isj9eWZA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229483AbhC3B0O (ORCPT + 99 others); Mon, 29 Mar 2021 21:26:14 -0400 Received: from mail.kernel.org ([198.145.29.99]:36656 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbhC3BZo (ORCPT ); Mon, 29 Mar 2021 21:25:44 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id EA698619A9; Tue, 30 Mar 2021 01:25:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617067544; bh=w7ObvpJq/R4KO4NDJ46mZajafTPZzB7iT11D4SOoreY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=isj9eWZA0rzplJp8vDf8D9RqN6Ek217KBPdQjMSgnOHxVKlcR7/XeC+I6hE83lcNM Dl8s7I/P9ajE0YfLnpcCBanZu06FMPHO60hKA6nmiL0ahm53fG308WFNVTAZsgpaWo 7pam3qTALqXNrxif7vJDz4FbBzD5WZ4SWgUXipDhtzZAEzmrUm4NVq2zwVaO/de7sn AEtUJAVEgPjminveogdry0CXJ4Cd6Weg7lBJhYgkrx0G/KOIMi0LCdjh+30Vt734MT ZOB3ZRFM2gfKhC2WEI+OtauTSG53vyRnrDdjfVO8sSEX17fnxDAmluDOAUSqd6cuJq yGyKnrqAoQ0Qw== Date: Mon, 29 Mar 2021 18:25:42 -0700 From: Eric Biggers To: Dexuan Cui Cc: "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: v5.12.0-rc5: the kernel panics if FIPS mode is on Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 29, 2021 at 09:56:18PM +0000, Dexuan Cui wrote: > Hi all, > The v5.12.0-rc5 kernel (1e43c377a79f) panics with fips=1. > > Please refer to the below panic call-trace. The kernel config file and > the full kernel messages are also attached. > > Is this a known issue? > > Thanks, > -- Dexuan > > Starting dracut pre-udev hook... > [ 7.260424] alg: self-tests for sha512-generic (sha512) passed > [ 7.265917] alg: self-tests for sha384-generic (sha384) passed > [ 7.272426] alg: self-tests for sha512-ssse3 (sha512) passed > [ 7.276500] alg: self-tests for sha384-ssse3 (sha384) passed > [ 7.281722] alg: self-tests for sha512-avx (sha512) passed > [ 7.286579] alg: self-tests for sha384-avx (sha384) passed > [ 7.291631] alg: self-tests for sha512-avx2 (sha512) passed > [ 7.296950] alg: self-tests for sha384-avx2 (sha384) passed > [ 7.321040] alg: self-tests for sha3-224-generic (sha3-224) passed > [ 7.330291] alg: self-tests for sha3-256-generic (sha3-256) passed > [ 7.335918] alg: self-tests for sha3-384-generic (sha3-384) passed > [ 7.341508] alg: self-tests for sha3-512-generic (sha3-512) passed > [ 7.381918] alg: self-tests for crc32c-intel (crc32c) passed > [ 7.396694] alg: self-tests for crct10dif-pclmul (crct10dif) passed > [ 7.453515] alg: self-tests for ghash-clmulni (ghash) passed > [ 7.469558] alg: self-tests for des3_ede-asm (des3_ede) passed > [ 7.475355] alg: self-tests for ecb-des3_ede-asm (ecb(des3_ede)) passed > [ 7.481361] alg: self-tests for cbc-des3_ede-asm (cbc(des3_ede)) passed > [ 7.488656] alg: self-tests for des3_ede-generic (des3_ede) passed > [ 7.304930] dracut-pre-udev[502]: modprobe: ERROR: could not insert 'padlock_aes': No such device > [ 7.579580] alg: No test for fips(ansi_cprng) (fips_ansi_cprng) > [ 7.606547] alg: self-tests for sha1 (sha1) passed > [ 7.610624] alg: self-tests for ecb(des3_ede) (ecb(des3_ede)) passed > [ 7.615746] alg: self-tests for cbc(des3_ede) (cbc(des3_ede)) passed > [ 7.638067] alg: self-tests for ctr(des3_ede-asm) (ctr(des3_ede)) passed > [ 7.644781] alg: self-tests for ctr(des3_ede) (ctr(des3_ede)) passed > [ 7.653810] alg: self-tests for sha256 (sha256) passed > [ 7.658945] alg: self-tests for ecb(aes) (ecb(aes)) passed > [ 7.663493] alg: self-tests for cbc(aes) (cbc(aes)) passed > [ 7.668421] alg: self-tests for xts(aes) (xts(aes)) passed > [ 7.672389] alg: self-tests for ctr(aes) (ctr(aes)) passed > [ 7.692973] alg: self-tests for rfc3686(ctr-aes-aesni) (rfc3686(ctr(aes))) passed > [ 7.699446] alg: self-tests for rfc3686(ctr(aes)) (rfc3686(ctr(aes))) passed > [ 7.730149] alg: skcipher: failed to allocate transform for ofb(aes): -2 > [ 7.735959] Kernel panic - not syncing: alg: self-tests for ofb(aes) (ofb(aes)) failed in fips mode! > [ 7.736952] CPU: 13 PID: 560 Comm: modprobe Tainted: G W 5.12.0-rc5+ #3 > [ 7.736952] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 12/07/2018 > [ 7.736952] Call Trace: > [ 7.736952] dump_stack+0x64/0x7c > [ 7.736952] panic+0xfb/0x2d7 > [ 7.736952] alg_test+0x42d/0x460 > [ 7.736952] ? __kernfs_new_node+0x175/0x1d0 > [ 7.736952] do_test+0x3248/0x57ea [tcrypt] > [ 7.736952] do_test+0x1f2c/0x57ea [tcrypt] > [ 7.736952] ? 0xffffffffc031d000 > [ 7.736952] tcrypt_mod_init+0x55/0x1000 [tcrypt] It looks like your userspace is using tcrypt.ko to request that the kernel test "ofb(aes)", but your kernel doesn't have CONFIG_CRYPTO_OFB enabled so the test fails as expected. Are you sure that anything changed on the kernel side besides the kconfig you are using? It looks like this was always the behavior when tcrypt.ko is used to test a non-existing algorithm. Is your userspace code intentionally trying to test "ofb(aes)", or is it accidental? - Eric