diff mbox series

crypto: testmgr - WARN on test failure

Message ID 20201026163112.45163-1-ebiggers@kernel.org
State New
Headers show
Series crypto: testmgr - WARN on test failure | expand

Commit Message

Eric Biggers Oct. 26, 2020, 4:31 p.m. UTC 
From: Eric Biggers <ebiggers@google.com>

Currently, by default crypto self-test failures only result in a
pr_warn() message and an "unknown" status in /proc/crypto.  Both of
these are easy to miss.  There is also an option to panic the kernel
when a test fails, but that can't be the default behavior.

A crypto self-test failure always indicates a kernel bug, however, and
there's already a standard way to report (recoverable) kernel bugs --
the WARN() family of macros.  WARNs are noisier and harder to miss, and
existing test systems already know to look for them in dmesg or via
/proc/sys/kernel/tainted.

Therefore, call WARN() when an algorithm fails its self-tests.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/testmgr.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)


base-commit: 3650b228f83adda7e5ee532e2b90429c03f7b9ec

Comments

Herbert Xu Nov. 6, 2020, 7 a.m. UTC | #1 
Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>

> 

> Currently, by default crypto self-test failures only result in a

> pr_warn() message and an "unknown" status in /proc/crypto.  Both of

> these are easy to miss.  There is also an option to panic the kernel

> when a test fails, but that can't be the default behavior.

> 

> A crypto self-test failure always indicates a kernel bug, however, and

> there's already a standard way to report (recoverable) kernel bugs --

> the WARN() family of macros.  WARNs are noisier and harder to miss, and

> existing test systems already know to look for them in dmesg or via

> /proc/sys/kernel/tainted.

> 

> Therefore, call WARN() when an algorithm fails its self-tests.

> 

> Signed-off-by: Eric Biggers <ebiggers@google.com>

> ---

> crypto/testmgr.c | 20 +++++++++++++-------

> 1 file changed, 13 insertions(+), 7 deletions(-)


Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff mbox series

Patch

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index a64a639eddfa4..403d27c3e5165 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -5677,15 +5677,21 @@  int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
 					     type, mask);
 
 test_done:
-	if (rc && (fips_enabled || panic_on_fail)) {
-		fips_fail_notify();
-		panic("alg: self-tests for %s (%s) failed in %s mode!\n",
-		      driver, alg, fips_enabled ? "fips" : "panic_on_fail");
+	if (rc) {
+		if (fips_enabled || panic_on_fail) {
+			fips_fail_notify();
+			panic("alg: self-tests for %s (%s) failed in %s mode!\n",
+			      driver, alg,
+			      fips_enabled ? "fips" : "panic_on_fail");
+		}
+		WARN(1, "alg: self-tests for %s (%s) failed (rc=%d)",
+		     driver, alg, rc);
+	} else {
+		if (fips_enabled)
+			pr_info("alg: self-tests for %s (%s) passed\n",
+				driver, alg);
 	}
 
-	if (fips_enabled && !rc)
-		pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
-
 	return rc;
 
 notest: