Hi Stephan, On 12/5/2021 6:21 PM, Stephan Müller wrote: > Am Dienstag, 30. November 2021, 09:04:19 CET schrieb kernel test robot: > > Hi, > > ... >> >> >> +------------------------------------------------------+------------+------- >> -----+ >> | | d792134423 | >> | | d3b04a4398 | >> >> +------------------------------------------------------+------------+------- >> -----+ >> | boot_successes | 14 | 0 >> | | boot_failures | 0 | >> | 16 | WARNING:at_crypto/kdf_sp800108.c:#crypto_kdf108_init | 0 >> | | 16 | EIP:crypto_kdf108_init >> | | 0 | 16 | >> +------------------------------------------------------+------------+------- >> -----+ >> >> >> If you fix the issue, kindly add following tag >> Reported-by: kernel test robot >> >> >> [ 18.648980][ T1] WARNING: CPU: 0 PID: 1 at crypto/kdf_sp800108.c:138 >> crypto_kdf108_init (crypto/kdf_sp800108.c:136) [ 18.649900][ T1] >> Modules linked in: > > The issue is that the self-test fails for 16 out of 30 times, i.e. it is kind > of random when it happens or not. +------------------------------------------------------+------------+------------+ | | d792134423 | d3b04a4398 | +------------------------------------------------------+------------+------------+ | boot_successes | 14 | 0 | | boot_failures | 0 | 16 | | WARNING:at_crypto/kdf_sp800108.c:#crypto_kdf108_init | 0 | 16 | | EIP:crypto_kdf108_init | 0 | 16 | +------------------------------------------------------+------------+------------+ This table shows that we have tested commit d3b04a4398("security: DH - use KDF implementation from crypto API") for several runs of boot test in qemu but got 100% bad result. We have also tested its parent commit (i.e. commit d792134423 "security: DH - remove dead code for zero padding") and all the runs got 100% good result. So this is not a random issue. > > I am unable to reproduce it with i386 and clang-13. I can also not reproduce > it with GCC. We have tested the i386 kernel built by gcc-9 or clang-14, and confirmed both of them can reproduce this issue reliably. Please be sure to follow the reproduce steps in original report mail. The full reproduce log is attached. > > Nor do I see an obvious issue in the code that points to either uninitizlized > memory or otherwise could affect the test result. the dmesg warning introduced by commit d3b04a4398 is: [ 11.061347][ T1] alg: kdf: could not allocate hash handle for hmac(sha256) [ 11.061744][ T1] ------------[ cut here ]------------ [ 11.062032][ T1] alg: self-tests for CTR-KDF (hmac(sha256)) failed (rc=-12) [ 11.062454][ T1] WARNING: CPU: 0 PID: 1 at crypto/kdf_sp800108.c:136 crypto_kdf108_init+0xec/0x107 [ 11.062959][ T1] Modules linked in: [ 11.063164][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc1-13186-gd3b04a4398fe #1 [ 11.063624][ T1] EIP: crypto_kdf108_init+0xec/0x107 ... We noticed that commit d3b04a4398 added "select CONFIG_CRYPTO_KDF800108_CTR" in security/keys/Kconfig, so we speculate that this issue may have connection with other code controlled by this config, not limited to the code introduced in this commit. In other words, this is more likely a "For your reference" report. Regards, Yujie