On Mon, Nov 25, 2024 at 3:52 PM Jan Stancek <jstancek@xxxxxxxxxx> wrote: > > Hi, > > We are seeing 2 errors with recent Fedora & ELN kernels that may be > related to same issue: > [1] alg: sig: test 1 failed for pkcs1(rsa-generic,sha256): err -38 > [2] Kernel panic - not syncing: Certs RSA selftest: > pkcs7_validate_trust() = -126 > > Last known good kernel was commit 158f238aa69d, commit fcc79e1714e8 is > exhibiting the problem. Builds (and configs) can be found on Fedora > koji: https://koji.fedoraproject.org/koji/packageinfo?packageID=8 > > I did try to run this alg test manually from a dummy module, and while > it worked on older kernels as: > int ret = alg_test("pkcs1pad(rsa-generic,sha256)", > "pkcs1pad(rsa,sha256)", CRYPTO_ALG_INSTANCE|CRYPTO_ALG_TYPE_SIG, > CRYPTO_ALG_TESTED); > > this now doesn't work (HEAD at commit 0393dda270e3): > int ret = alg_test("pkcs1(rsa-generic,sha256)", "pkcs1(rsa,sha256)", > CRYPTO_ALG_INSTANCE|CRYPTO_ALG_TYPE_SIG, CRYPTO_ALG_TESTED); > > I'll continue with bisect, unless someone can spot the problem sooner. Please disregard as this appears to be specific issue to Fedora. Apologies for noise. > > Thanks, > Jan > > [1][2] > [ 2.039909] registered taskstats version 1 > [ 2.041881] Loading compiled-in X.509 certificates > [ 2.044931] Loaded X.509 cert 'Red Hat Enterprise Linux kernel > signing key: d02591e7d874078d39c0a63aa29d0f3481a45682' > [ 2.048828] alg: sig: sign test failed: err -38 > [ 2.050391] alg: sig: test 1 failed for pkcs1(rsa-generic,sha256): err -38 > [ 2.052618] alg: self-tests for pkcs1(rsa,sha256) using > pkcs1(rsa-generic,sha256) failed (rc=-38) > [ 2.052624] ------------[ cut here ]------------ > [ 2.057056] alg: self-tests for pkcs1(rsa,sha256) using > pkcs1(rsa-generic,sha256) failed (rc=-38) > [ 2.057083] WARNING: CPU: 0 PID: 113 at crypto/testmgr.c:6048 > alg_test.cold+0xb7/0xe0 > [ 2.062500] Modules linked in: > [ 2.063598] CPU: 0 UID: 0 PID: 113 Comm: cryptomgr_test Not tainted > 6.12.0-8.test.eln.x86_64 #1 > [ 2.066405] Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014 > [ 2.068579] RIP: 0010:alg_test.cold+0xb7/0xe0 > [ 2.070047] Code: c7 c7 c0 54 89 95 e8 52 b4 fe ff 41 83 fe fe 0f > 84 3d 53 81 ff 44 89 f1 48 89 ea 4c 89 e6 48 c7 c7 f8 54 89 95 e8 93 > 42 2e ff <0f> 0b e9 21 53 81 ff 48 c7 c1 a6 6c 93 95 4c 89 e2 48 89 ee > 48 c7 > [ 2.075865] RSP: 0000:ffffab19004cfdf8 EFLAGS: 00010286 > [ 2.077577] RAX: 0000000000000000 RBX: 00000000000000b5 RCX: 00000000ffff7fff > [ 2.079864] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 > [ 2.082156] RBP: ffff902b417e9800 R08: 0000000000000000 R09: ffffffff963e2aa8 > [ 2.084431] R10: ffffffff96322a68 R11: 0000000000000003 R12: ffff902b417e9880 > [ 2.086694] R13: 00000000000000af R14: 00000000ffffffda R15: 00000000ffffffff > [ 2.088983] FS: 0000000000000000(0000) GS:ffff902e6a800000(0000) > knlGS:0000000000000000 > [ 2.091601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 2.093460] CR2: ffff902d0f401000 CR3: 00000002cde22001 CR4: 0000000000370ef0 > [ 2.095734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 2.098017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 2.100280] Call Trace: > [ 2.101197] <TASK> > [ 2.102026] ? show_trace_log_lvl+0x1b0/0x2f0 > [ 2.103487] ? show_trace_log_lvl+0x1b0/0x2f0 > [ 2.104966] ? cryptomgr_test+0x24/0x40 > [ 2.106282] ? alg_test.cold+0xb7/0xe0 > [ 2.107564] ? __warn.cold+0x93/0xf4 > [ 2.108809] ? alg_test.cold+0xb7/0xe0 > [ 2.110091] ? report_bug+0xff/0x140 > [ 2.111330] ? handle_bug+0x53/0x90 > [ 2.112539] ? exc_invalid_op+0x17/0x70 > [ 2.113844] ? asm_exc_invalid_op+0x1a/0x20 > [ 2.115253] ? alg_test.cold+0xb7/0xe0 > [ 2.116534] ? alg_test.cold+0xb7/0xe0 > [ 2.117824] ? __call_rcu_common.constprop.0+0xa9/0x2f0 > [ 2.119528] ? __schedule+0x265/0x570 > [ 2.120811] ? __pfx_cryptomgr_test+0x10/0x10 > [ 2.122270] cryptomgr_test+0x24/0x40 > [ 2.123532] kthread+0xd2/0x100 > [ 2.124643] ? __pfx_kthread+0x10/0x10 > [ 2.125947] ret_from_fork+0x34/0x50 > [ 2.127174] ? __pfx_kthread+0x10/0x10 > [ 2.128464] ret_from_fork_asm+0x1a/0x30 > [ 2.129813] </TASK> > [ 2.130633] ---[ end trace 0000000000000000 ]--- > [ 2.132283] Problem loading in-kernel X.509 certificate (-80) > [ 2.134310] Problem loading in-kernel X.509 certificate (-80) > [ 2.136231] Loaded X.509 cert 'Nvidia GPU OOT signing 001: > 55e1cef88193e60419f0b0ec379c49f77545acf0' > [ 2.177928] Loaded X.509 cert 'Fedora IMA CA: > a8a00c31663f853f9c6ff2564872e378af026b28' > [ 2.183693] usb 2-1: new high-speed USB device number 2 using ehci-pci > [ 2.185954] Demotion targets for Node 0: null > [ 2.187689] page_owner is disabled > [ 2.189469] Key type .fscrypt registered > [ 2.190849] Key type fscrypt-provisioning registered > [ 2.192642] Key type big_key registered > [ 2.194112] Key type trusted registered > [ 2.217055] Key type encrypted registered > [ 2.218516] Loading compiled-in module X.509 certificates > [ 2.220817] Loaded X.509 cert 'Red Hat Enterprise Linux kernel > signing key: d02591e7d874078d39c0a63aa29d0f3481a45682' > [ 2.224230] ima: Allocated hash algorithm: sha256 > [ 2.284425] ima: No architecture policies found > [ 2.286106] evm: Initialising EVM extended attributes: > [ 2.287807] evm: security.selinux > [ 2.288981] evm: security.SMACK64 (disabled) > [ 2.290418] evm: security.SMACK64EXEC (disabled) > [ 2.291980] evm: security.SMACK64TRANSMUTE (disabled) > [ 2.293646] evm: security.SMACK64MMAP (disabled) > [ 2.295185] evm: security.apparmor (disabled) > [ 2.296657] evm: security.ima > [ 2.297732] evm: security.capability > [ 2.298971] evm: HMAC attrs: 0x1 > [ 2.303465] Running certificate verification RSA selftest > [ 2.312640] Problem loading in-kernel X.509 certificate (-80) > [ 2.318523] usb 2-1: New USB device found, idVendor=0627, > idProduct=0001, bcdDevice= 0.00 > [ 2.321349] usb 2-1: New USB device strings: Mfr=1, Product=3, > SerialNumber=10 > [ 2.323821] usb 2-1: Product: QEMU USB Tablet > [ 2.325327] usb 2-1: Manufacturer: QEMU > [ 2.326665] usb 2-1: SerialNumber: 28754-0000:00:05.7-1 > [ 2.330363] Kernel panic - not syncing: Certs RSA selftest: > pkcs7_validate_trust() = -126 > [ 2.333231] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Tainted: G > W ------- --- 6.12.0-8.test.eln.x86_64 #1 > [ 2.336670] Tainted: [W]=WARN > [ 2.337729] Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014 > [ 2.339918] Call Trace: > [ 2.340826] <TASK> > [ 2.341632] dump_stack_lvl+0x4e/0x70 > [ 2.343196] panic+0x113/0x2dd > [ 2.344290] fips_signature_selftest+0x12a/0x148 > [ 2.345917] ? __pfx_fips_signature_selftest_init+0x10/0x10 > [ 2.347744] fips_signature_selftest_rsa+0x3a/0x40 > [ 2.349321] fips_signature_selftest_init+0xe/0x20 > [ 2.351058] do_one_initcall+0x5b/0x300 > [ 2.352439] do_initcalls+0xdf/0x100 > [ 2.353691] ? __pfx_kernel_init+0x10/0x10 > [ 2.355075] kernel_init_freeable+0x147/0x1a0 > [ 2.356540] kernel_init+0x1a/0x140 > [ 2.357753] ret_from_fork+0x34/0x50 > [ 2.359058] ? __pfx_kernel_init+0x10/0x10 > [ 2.360435] ret_from_fork_asm+0x1a/0x30 > [ 2.361762] </TASK> > [ 2.362730] Kernel Offset: 0x13000000 from 0xffffffff81000000 > (relocation range: 0xffffffff80000000-0xffffffffbfffffff) > [ 2.366169] ---[ end Kernel panic - not syncing: Certs RSA > selftest: pkcs7_validate_trust() = -126 ]---
