Created attachment 282609 [details] dmesg (5.1.0-rc7, Talos II) Seems like some POWER8/9 specific encrytion test fails in 5.1.0-rc7. This did not happen in 5.0.x and before. [...] [ 5.246612] crypto_register_alg 'cbc(aes)' = 0 [ 5.254268] alg: skcipher: p8_aes_ctr encryption test failed (wrong result) on test vector 3, cfg="uneven misaligned splits, may sleep" [ 5.255266] xhci_hcd 0003:01:00.0: xHCI Host Controller [ 5.255346] xhci_hcd 0003:01:00.0: new USB bus registered, assigned bus number 1 [ 5.255522] xhci_hcd 0003:01:00.0: hcc params 0x0270f06d hci version 0x96 quirks 0x0000000004000000 [ 5.256008] crypto_register_alg 'ctr(aes)' = 0 [...]
Created attachment 282611 [details] kernel .config (5.1.0-rc7, Talos II)
Did some testing, -rc1 is already is affected.
Created attachment 282623 [details] bisect.log git-bisect found 4e7babba30d820c4195b1d58cf51dce3c22ecf2b as the 1st bad commit: # git bisect good | tee -a ~/bisect01.log 4e7babba30d820c4195b1d58cf51dce3c22ecf2b is the first bad commit commit 4e7babba30d820c4195b1d58cf51dce3c22ecf2b Author: Eric Biggers <ebiggers@google.com> Date: Thu Jan 31 23:51:46 2019 -0800 crypto: testmgr - convert skcipher testing to use testvec_configs Convert alg_test_skcipher() to use the new test framework, adding a list of testvec_configs to test by default. When the extra self-tests are enabled, randomly generated testvec_configs are tested as well. This improves skcipher test coverage mainly because now all algorithms have a variety of data layouts tested, whereas before each algorithm was responsible for declaring its own chunked test cases which were often missing or provided poor test coverage. The new code also tests both the MAY_SLEEP and !MAY_SLEEP cases, different IV alignments, and buffers that cross pages. This has already found a bug in the arm64 ctr-aes-neonbs algorithm. It would have easily found many past bugs. I removed the skcipher chunked test vectors that were the same as non-chunked ones, but left the ones that were unique. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> :040000 040000 c533a4dce0d9954923cd56a69e0d26eeee5324a3 c199b3af7a05160aede1522c4860abae5fbe2716 M crypto
Created attachment 282625 [details] kernel .config of the final bisect (5.0.0-rc1+, Talos II)
This is an existing bug in the VMX implementation of AES-CTR which the improved crypto self-tests are detecting. Apparently someone is planning to fix it: https://marc.info/?l=linux-crypto&m=155502414423504&w=2. That was almost a month ago though; I'm not sure whether anyone has actually done anything yet. I'll send a reminder.
(In reply to Eric Biggers from comment #5) > [...] That was almost a month ago though; I'm not sure whether anyone has > actually done anything yet. I'll send a reminder. Thanks! Apparently not, the newly released 5.1.0 is still affected.
The fix trickled down from mainline to stable. 5.1.7 passes tests now: $ dmesg | grep -i aes [ 4.902294] crypto_register_alg 'aes' = 0 [ 4.928003] crypto_register_alg 'cbc(aes)' = 0 [ 4.944002] crypto_register_alg 'ctr(aes)' = 0 [ 5.011290] crypto_register_alg 'xts(aes)' = 0 Thanks!