tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

crypto: testmgr - WARN on test failure

Currently, by default crypto self-test failures only result in a
pr_warn() message and an "unknown" status in /proc/crypto. Both of
these are easy to miss. There is also an option to panic the kernel
when a test fails, but that can't be the default behavior.

A crypto self-test failure always indicates a kernel bug, however, and
there's already a standard way to report (recoverable) kernel bugs --
the WARN() family of macros. WARNs are noisier and harder to miss, and
existing test systems already know to look for them in dmesg or via
/proc/sys/kernel/tainted.

Therefore, call WARN() when an algorithm fails its self-tests.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Eric Biggers and committed by
Herbert Xu 09a5ef96 6e5972fa

+13 -7
+13 -7
crypto/testmgr.c
··· 5664 5664 type, mask); 5665 5665 5666 5666 test_done: 5667 - if (rc && (fips_enabled || panic_on_fail)) { 5668 - fips_fail_notify(); 5669 - panic("alg: self-tests for %s (%s) failed in %s mode!\n", 5670 - driver, alg, fips_enabled ? "fips" : "panic_on_fail"); 5667 + if (rc) { 5668 + if (fips_enabled || panic_on_fail) { 5669 + fips_fail_notify(); 5670 + panic("alg: self-tests for %s (%s) failed in %s mode!\n", 5671 + driver, alg, 5672 + fips_enabled ? "fips" : "panic_on_fail"); 5673 + } 5674 + WARN(1, "alg: self-tests for %s (%s) failed (rc=%d)", 5675 + driver, alg, rc); 5676 + } else { 5677 + if (fips_enabled) 5678 + pr_info("alg: self-tests for %s (%s) passed\n", 5679 + driver, alg); 5671 5680 } 5672 - 5673 - if (fips_enabled && !rc) 5674 - pr_info("alg: self-tests for %s (%s) passed\n", driver, alg); 5675 5681 5676 5682 return rc; 5677 5683