chacha20-s390 broken in 8.2.0 in TCG on s390x Description of problem: When running linux guest in qemu-system-s390x in TCG mode, it fails at selftests of crypto algorithms, namely at chacha20: ``` [ 10.546690] alg: skcipher: chacha20-s390 encryption test failed (wrong result) on test vector 1, cfg="in-place (one sglist)" [ 10.546914] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22) [ 10.546969] ------------[ cut here ]------------ [ 10.546998] alg: self-tests for chacha20 using chacha20-s390 failed (rc=-22) [ 10.547182] WARNING: CPU: 1 PID: 109 at crypto/testmgr.c:5936 alg_test+0x55a/0x5b8 [ 10.547510] Modules linked in: net_failover chacha_s390(+) libchacha virtio_blk(+) failover [ 10.547854] CPU: 1 PID: 109 Comm: cryptomgr_test Not tainted 6.5.0-5-s390x #1 Debian 6.5.13-1 [ 10.548002] Hardware name: QEMU 8561 QEMU (KVM/Linux) [ 10.548101] Krnl PSW : 0704c00180000000 00000000005df8fe (alg_test+0x55e/0x5b8) [ 10.548207] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 10.548291] Krnl GPRS: 0000000000000000 0000000001286408 00000000005df8fa 0000000001286408 [ 10.548337] 000000000014bf14 00000000001c6ba8 0000000001838b3c 0000000000000005 [ 10.548475] 00000000025a4880 00000000025a4800 ffffffffffffffea 00000000ffffffea [ 10.548521] 000000003e649200 00000000ffffffff 00000000005df8fa 000003800016bcf8 [ 10.549504] Krnl Code: 00000000005df8ee: c020003b5828 larl %r2,0000000000d4a93e [ 10.549504] 00000000005df8f4: c0e5ffdb62d2 brasl %r14,000000000014be98 [ 10.549504] #00000000005df8fa: af000000 mc 0,0 [ 10.549504] >00000000005df8fe: a7f4fee6 brc 15,00000000005df6ca [ 10.549504] 00000000005df902: b9040042 lgr %r4,%r2 [ 10.549504] 00000000005df906: b9040039 lgr %r3,%r9 [ 10.549504] 00000000005df90a: c020003b57df larl %r2,0000000000d4a8c8 [ 10.549504] 00000000005df910: 18bd lr %r11,%r13 [ 10.550004] Call Trace: [ 10.550375] [<00000000005df8fe>] alg_test+0x55e/0x5b8 [ 10.550467] ([<00000000005df8fa>] alg_test+0x55a/0x5b8) [ 10.550489] [<00000000005d9fbc>] cryptomgr_test+0x34/0x60 [ 10.550514] [<000000000017d004>] kthread+0x124/0x130 [ 10.550539] [<0000000000103124>] __ret_from_fork+0x3c/0x50 [ 10.550562] [<0000000000b1dfca>] ret_from_fork+0xa/0x30 [ 10.550611] Last Breaking-Event-Address: [ 10.550626] [<000000000014bf20>] __warn_printk+0x88/0x110 [ 10.550723] ---[ end trace 0000000000000000 ]--- ``` An interesting issue here - it does not happen on, say, amd64 host running qemu-system-s390x, but happens on s390x host. I haven't tried other hosts though. Bisection points at v8.1.0-2627-gab84dc398b commit, "tcg/optimize: Optimize env memory operations". https://lore.kernel.org/qemu-devel/d5e8f88b-1d19-4e00-8dc2-b20e0cd34931@tls.msk.ru/T/#u is the original report on qemu-devel.