Re: CI: Another strange crypto message in syslog

[Harald Freudenberger <freude@xxxxxxxxxxxxx>]

On 2025-06-05 16:26, Eric Biggers wrote:
> On Thu, Jun 05, 2025 at 01:26:34PM +0200, Ingo Franzki wrote:
> > Hi Herbert,
> >
> > we see the following error messages in syslog on the current next 
> > kernel:
> >
> > Jun 05 13:15:20 a35lp62.lnxne.boe kernel: basic hdkf 
> > test(hmac(sha256)): failed to allocate transform: -2
> > Jun 05 13:15:20 a35lp62.lnxne.boe kernel: alg: full crypto tests 
> > enabled.  This is intended for developer use only.
> >
> > The first one seem to be failure, but I can't tell where..... I don't 
> > see any other typical selftest failure messages.
> > -1 is ENOENT. It might be related to the recent changes with sha256 
> > being now in a library...
>
> No, it's from the following commit:
>
>     commit ef93f1562803cd7bb8159e3abedaf7f47dce4e35
>     Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>     Date:   Wed Apr 30 16:17:02 2025 +0800
>
>         Revert "crypto: run initcalls for generic implementations 
> earlier"
>
> That moved the crypto_shash support for hmac and sha256 from 
> subsys_initcall to
> module_init, which put at the same level as crypto_hkdf_module_init 
> which
> depends on it.
>
> I guess we just move crypto_hkdf_module_init to late_initcall for now.
>
> > The second one is probably because the full selftests are now enabled 
> > by
> > default. Does it make sense to output this message now anymore at all?
>
> The crypto self-tests remain disabled by default; there's just no 
> longer a
> difference between the "regular tests" and the "full tests".  The 
> warning makes
> sense to me.  There should be an indication that the tests are running 
> since
> they take a long time and should not be enabled in production kernels.
>
> If this is s390, arch/s390/configs/defconfig has 
> CONFIG_CRYPTO_SELFTESTS=y.  Is
> that really what you want?  I tried to remove it as part of
> https://lore.kernel.org/linux-crypto/20250419161543.139344-4-ebiggers@xxxxxxxxxx/,
> but someone complained about that patch so I ended up dropping it.  But 
> maybe
> you still want to remove it from arch/s390/configs/defconfig.  There's 
> already
> arch/s390/configs/debug_defconfig that has it enabled too, and maybe 
> you only
> want tests enabled in the "debug" one?
>
> - Eric

Looks like we have no other options than disabling the selftests in 
defconfig.
We have debug_defconfig - with all the now huge set of test running in 
CI.
But for my feeling it was making total sense to have a subset of the 
tests
run with registration of each crypto algorithm even in production 
kernels.
However, as wrote ... there is no choice anymore.