* [PATCH] crypto: testmgr - WARN on test failure
@ 2020-10-26 16:31 Eric Biggers
2020-11-06 7:00 ` Herbert Xu
0 siblings, 1 reply; 2+ messages in thread
From: Eric Biggers @ 2020-10-26 16:31 UTC (permalink / raw)
To: linux-crypto
From: Eric Biggers <ebiggers@google.com>
Currently, by default crypto self-test failures only result in a
pr_warn() message and an "unknown" status in /proc/crypto. Both of
these are easy to miss. There is also an option to panic the kernel
when a test fails, but that can't be the default behavior.
A crypto self-test failure always indicates a kernel bug, however, and
there's already a standard way to report (recoverable) kernel bugs --
the WARN() family of macros. WARNs are noisier and harder to miss, and
existing test systems already know to look for them in dmesg or via
/proc/sys/kernel/tainted.
Therefore, call WARN() when an algorithm fails its self-tests.
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
crypto/testmgr.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a64a639eddfa4..403d27c3e5165 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5677,15 +5677,21 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
type, mask);
test_done:
- if (rc && (fips_enabled || panic_on_fail)) {
- fips_fail_notify();
- panic("alg: self-tests for %s (%s) failed in %s mode!\n",
- driver, alg, fips_enabled ? "fips" : "panic_on_fail");
+ if (rc) {
+ if (fips_enabled || panic_on_fail) {
+ fips_fail_notify();
+ panic("alg: self-tests for %s (%s) failed in %s mode!\n",
+ driver, alg,
+ fips_enabled ? "fips" : "panic_on_fail");
+ }
+ WARN(1, "alg: self-tests for %s (%s) failed (rc=%d)",
+ driver, alg, rc);
+ } else {
+ if (fips_enabled)
+ pr_info("alg: self-tests for %s (%s) passed\n",
+ driver, alg);
}
- if (fips_enabled && !rc)
- pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
-
return rc;
notest:
base-commit: 3650b228f83adda7e5ee532e2b90429c03f7b9ec
--
2.29.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: testmgr - WARN on test failure
2020-10-26 16:31 [PATCH] crypto: testmgr - WARN on test failure Eric Biggers
@ 2020-11-06 7:00 ` Herbert Xu
0 siblings, 0 replies; 2+ messages in thread
From: Herbert Xu @ 2020-11-06 7:00 UTC (permalink / raw)
To: Eric Biggers; +Cc: linux-crypto
Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> Currently, by default crypto self-test failures only result in a
> pr_warn() message and an "unknown" status in /proc/crypto. Both of
> these are easy to miss. There is also an option to panic the kernel
> when a test fails, but that can't be the default behavior.
>
> A crypto self-test failure always indicates a kernel bug, however, and
> there's already a standard way to report (recoverable) kernel bugs --
> the WARN() family of macros. WARNs are noisier and harder to miss, and
> existing test systems already know to look for them in dmesg or via
> /proc/sys/kernel/tainted.
>
> Therefore, call WARN() when an algorithm fails its self-tests.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
> crypto/testmgr.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-06 7:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-26 16:31 [PATCH] crypto: testmgr - WARN on test failure Eric Biggers
2020-11-06 7:00 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).