Skip to content

chacha20-s390 broken in 8.2.0 in TCG on s390x

Host environment

  • Operating system: linux
  • OS/kernel version: Linux zelenka 5.10.0-26-s390x #1 SMP Debian 5.10.197-1 (2023-09-29) s390x GNU/Linux
  • Architecture: s390x
  • QEMU flavor: qemu-system-s390x
  • QEMU version: 8.2.0
  • QEMU command line: qemu-system-s390x -nographic -smp 2 -no-user-config -kernel vmlinuz -initrd initrd

Emulated/Virtualized environment

  • Operating system: linux
  • Architecture: s390x

Description of problem

When running linux guest in qemu-system-s390x in TCG mode, it fails at selftests of crypto algorithms, namely at chacha20:

[   10.546690] alg: skcipher: chacha20-s390 encryption test failed (wrong result) on test vector 1, cfg="in-place (one sglist)"
[   10.546914] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22)
[   10.546969] ------------[ cut here ]------------
[   10.546998] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22)
[   10.547182] WARNING: CPU: 1 PID: 109 at crypto/testmgr.c:5936 alg_test+0x55a/0x5b8
[   10.547510] Modules linked in: net_failover chacha_s390(+) libchacha virtio_blk(+) failover
[   10.547854] CPU: 1 PID: 109 Comm: cryptomgr_test Not tainted 6.5.0-5-s390x #1  Debian 6.5.13-1
[   10.548002] Hardware name: QEMU 8561 QEMU (KVM/Linux)
[   10.548101] Krnl PSW : 0704c00180000000 00000000005df8fe (alg_test+0x55e/0x5b8)
[   10.548207]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
[   10.548291] Krnl GPRS: 0000000000000000 0000000001286408 00000000005df8fa 0000000001286408
[   10.548337]            000000000014bf14 00000000001c6ba8 0000000001838b3c 0000000000000005
[   10.548475]            00000000025a4880 00000000025a4800 ffffffffffffffea 00000000ffffffea
[   10.548521]            000000003e649200 00000000ffffffff 00000000005df8fa 000003800016bcf8
[   10.549504] Krnl Code: 00000000005df8ee: c020003b5828    larl    %r2,0000000000d4a93e
[   10.549504]            00000000005df8f4: c0e5ffdb62d2    brasl    %r14,000000000014be98
[   10.549504]           #00000000005df8fa: af000000        mc    0,0
[   10.549504]           >00000000005df8fe: a7f4fee6        brc    15,00000000005df6ca
[   10.549504]            00000000005df902: b9040042        lgr    %r4,%r2
[   10.549504]            00000000005df906: b9040039        lgr    %r3,%r9
[   10.549504]            00000000005df90a: c020003b57df    larl    %r2,0000000000d4a8c8
[   10.549504]            00000000005df910: 18bd        lr    %r11,%r13
[   10.550004] Call Trace:
[   10.550375]  [<00000000005df8fe>] alg_test+0x55e/0x5b8
[   10.550467] ([<00000000005df8fa>] alg_test+0x55a/0x5b8)
[   10.550489]  [<00000000005d9fbc>] cryptomgr_test+0x34/0x60
[   10.550514]  [<000000000017d004>] kthread+0x124/0x130
[   10.550539]  [<0000000000103124>] __ret_from_fork+0x3c/0x50
[   10.550562]  [<0000000000b1dfca>] ret_from_fork+0xa/0x30
[   10.550611] Last Breaking-Event-Address:
[   10.550626]  [<000000000014bf20>] __warn_printk+0x88/0x110
[   10.550723] ---[ end trace 0000000000000000 ]---

An interesting issue here - it does not happen on, say, amd64 host running qemu-system-s390x, but happens on s390x host. I haven't tried other hosts though.

Bisection points at v8.1.0-2627-gab84dc39 commit, "tcg/optimize: Optimize env memory operations".

https://lore.kernel.org/qemu-devel/d5e8f88b-1d19-4e00-8dc2-b20e0cd34931@tls.msk.ru/T/#u is the original report on qemu-devel.

Edited by Michael Tokarev
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information