chacha20-s390 broken in 8.2.0 in TCG on s390x
Host environment
- Operating system: linux
- OS/kernel version: Linux zelenka 5.10.0-26-s390x #1 SMP Debian 5.10.197-1 (2023-09-29) s390x GNU/Linux
- Architecture: s390x
- QEMU flavor: qemu-system-s390x
- QEMU version: 8.2.0
- QEMU command line: qemu-system-s390x -nographic -smp 2 -no-user-config -kernel vmlinuz -initrd initrd
Emulated/Virtualized environment
- Operating system: linux
- Architecture: s390x
Description of problem
When running linux guest in qemu-system-s390x in TCG mode, it fails at selftests of crypto algorithms, namely at chacha20:
[ 10.546690] alg: skcipher: chacha20-s390 encryption test failed (wrong result) on test vector 1, cfg="in-place (one sglist)"
[ 10.546914] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22)
[ 10.546969] ------------[ cut here ]------------
[ 10.546998] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22)
[ 10.547182] WARNING: CPU: 1 PID: 109 at crypto/testmgr.c:5936 alg_test+0x55a/0x5b8
[ 10.547510] Modules linked in: net_failover chacha_s390(+) libchacha virtio_blk(+) failover
[ 10.547854] CPU: 1 PID: 109 Comm: cryptomgr_test Not tainted 6.5.0-5-s390x #1 Debian 6.5.13-1
[ 10.548002] Hardware name: QEMU 8561 QEMU (KVM/Linux)
[ 10.548101] Krnl PSW : 0704c00180000000 00000000005df8fe (alg_test+0x55e/0x5b8)
[ 10.548207] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[ 10.548291] Krnl GPRS: 0000000000000000 0000000001286408 00000000005df8fa 0000000001286408
[ 10.548337] 000000000014bf14 00000000001c6ba8 0000000001838b3c 0000000000000005
[ 10.548475] 00000000025a4880 00000000025a4800 ffffffffffffffea 00000000ffffffea
[ 10.548521] 000000003e649200 00000000ffffffff 00000000005df8fa 000003800016bcf8
[ 10.549504] Krnl Code: 00000000005df8ee: c020003b5828 larl %r2,0000000000d4a93e
[ 10.549504] 00000000005df8f4: c0e5ffdb62d2 brasl %r14,000000000014be98
[ 10.549504] #00000000005df8fa: af000000 mc 0,0
[ 10.549504] >00000000005df8fe: a7f4fee6 brc 15,00000000005df6ca
[ 10.549504] 00000000005df902: b9040042 lgr %r4,%r2
[ 10.549504] 00000000005df906: b9040039 lgr %r3,%r9
[ 10.549504] 00000000005df90a: c020003b57df larl %r2,0000000000d4a8c8
[ 10.549504] 00000000005df910: 18bd lr %r11,%r13
[ 10.550004] Call Trace:
[ 10.550375] [<00000000005df8fe>] alg_test+0x55e/0x5b8
[ 10.550467] ([<00000000005df8fa>] alg_test+0x55a/0x5b8)
[ 10.550489] [<00000000005d9fbc>] cryptomgr_test+0x34/0x60
[ 10.550514] [<000000000017d004>] kthread+0x124/0x130
[ 10.550539] [<0000000000103124>] __ret_from_fork+0x3c/0x50
[ 10.550562] [<0000000000b1dfca>] ret_from_fork+0xa/0x30
[ 10.550611] Last Breaking-Event-Address:
[ 10.550626] [<000000000014bf20>] __warn_printk+0x88/0x110
[ 10.550723] ---[ end trace 0000000000000000 ]---
An interesting issue here - it does not happen on, say, amd64 host running qemu-system-s390x, but happens on s390x host. I haven't tried other hosts though.
Bisection points at v8.1.0-2627-gab84dc39 commit, "tcg/optimize: Optimize env memory operations".
https://lore.kernel.org/qemu-devel/d5e8f88b-1d19-4e00-8dc2-b20e0cd34931@tls.msk.ru/T/#u is the original report on qemu-devel.
Edited by Michael Tokarev