Re: Cannot load wireguard module
Herbert Xu writes: > On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: >> >> This diff fixes it for me: > > Yes I think this is the correct fix. Thanks, I'll send a proper patch next week. cheers
Re: Cannot load wireguard module
On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: > > This diff fixes it for me: Yes I think this is the correct fix. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Cannot load wireguard module
Michal Suchánek writes: > On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: >> Michal Suchánek writes: >> > On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote: >> >> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote: >> >> > Michael Ellerman writes: >> >> > > Michal Suchánek writes: >> >> > >> Hello, >> >> > >> >> >> > >> I cannot load the wireguard module. >> >> > >> >> >> > >> Loading the module provides no diagnostic other than 'No such >> >> > >> device'. >> >> > >> >> >> > >> Please provide maningful diagnostics for loading software-only >> >> > >> driver, >> >> > >> clearly there is no particular device needed. >> >> > > >> >> > > Presumably it's just bubbling up an -ENODEV from somewhere. >> >> > > >> >> > > Can you get a trace of it? >> >> > > >> >> > > Something like: >> >> > > >> >> > > # trace-cmd record -p function_graph -F modprobe wireguard >> > >> > Attached. >> >> Sorry :/, you need to also trace children of modprobe, with -c. >> >> But, I was able to reproduce the same issue here. >> >> On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works: >> >> $ modprobe -v wireguard >> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko >> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko >> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko >> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko >> insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko >> [ 19.180564][ T692] wireguard: allowedips self-tests: pass >> [ 19.185080][ T692] wireguard: nonce counter self-tests: pass >> [ 19.310438][ T692] wireguard: ratelimiter self-tests: pass >> [ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See >> www.wireguard.com for information. >> [ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A. >> Donenfeld . All Rights Reserved. >> >> >> If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks: >> >> $ modprobe -v wireguard >> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko >> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko >> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko >> insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko >> modprobe: ERROR: could not insert 'wireguard': No such device >> >> >> The ENODEV is coming from module_cpu_feature_match(), which blocks the >> driver from loading on non-p10. >> >> Looking at other arches (arm64 at least) it seems like the driver should >> instead be loading but disabling the p10 path. Which then allows >> chacha_crypt_arch() to exist, and it has a fallback to use >> chacha_crypt_generic(). >> >> I don't see how module_cpu_feature_match() can co-exist with the driver >> also providing a fallback. Hopefully someone who knows crypto better >> than me can explain it. > > Maybe it doesn't. ppc64le is the only platform that needs the fallback, > on other platforms that have hardware-specific chacha implementation it > seems to be using pretty common feature so the fallback is rarely if > ever needed in practice. Yeah you are probably right. The arm64 NEON code was changed by Ard to behave like a library in b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function"). Which included this change: @@ -179,14 +207,17 @@ static struct skcipher_alg algs[] = { static int __init chacha_simd_mod_init(void) { if (!cpu_have_named_feature(ASIMD)) - return -ENODEV; + return 0; + + static_branch_enable(_neon); return crypto_register_skciphers(algs, ARRAY_SIZE(algs)); } It didn't use module_cpu_feature_match(), but the above is basically the same pattern. I don't actually see the point of using module_cpu_feature_match() for this code. There's no point loading it unless someone wants to use chacha, and that should be handled by MODULE_ALIAS_CRYPTO("chacha20") etc. cheers
Re: Cannot load wireguard module
On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: > Michal Suchánek writes: > > On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote: > >> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote: > >> > Michael Ellerman writes: > >> > > Michal Suchánek writes: > >> > >> Hello, > >> > >> > >> > >> I cannot load the wireguard module. > >> > >> > >> > >> Loading the module provides no diagnostic other than 'No such device'. > >> > >> > >> > >> Please provide maningful diagnostics for loading software-only driver, > >> > >> clearly there is no particular device needed. > >> > > > >> > > Presumably it's just bubbling up an -ENODEV from somewhere. > >> > > > >> > > Can you get a trace of it? > >> > > > >> > > Something like: > >> > > > >> > > # trace-cmd record -p function_graph -F modprobe wireguard > > > > Attached. > > Sorry :/, you need to also trace children of modprobe, with -c. > > But, I was able to reproduce the same issue here. > > On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works: > > $ modprobe -v wireguard > insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko > insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko > insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko > insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko > insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko > [ 19.180564][ T692] wireguard: allowedips self-tests: pass > [ 19.185080][ T692] wireguard: nonce counter self-tests: pass > [ 19.310438][ T692] wireguard: ratelimiter self-tests: pass > [ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See > www.wireguard.com for information. > [ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A. > Donenfeld . All Rights Reserved. > > > If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks: > > $ modprobe -v wireguard > insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko > insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko > insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko > insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko > modprobe: ERROR: could not insert 'wireguard': No such device > > > The ENODEV is coming from module_cpu_feature_match(), which blocks the > driver from loading on non-p10. > > Looking at other arches (arm64 at least) it seems like the driver should > instead be loading but disabling the p10 path. Which then allows > chacha_crypt_arch() to exist, and it has a fallback to use > chacha_crypt_generic(). > > I don't see how module_cpu_feature_match() can co-exist with the driver > also providing a fallback. Hopefully someone who knows crypto better > than me can explain it. Maybe it doesn't. ppc64le is the only platform that needs the fallback, on other platforms that have hardware-specific chacha implementation it seems to be using pretty common feature so the fallback is rarely if ever needed in practice. Thanks Michal > > This diff fixes it for me: > > diff --git a/arch/powerpc/crypto/chacha-p10-glue.c > b/arch/powerpc/crypto/chacha-p10-glue.c > index 74fb86b0d209..9d2c30b0904c 100644 > --- a/arch/powerpc/crypto/chacha-p10-glue.c > +++ b/arch/powerpc/crypto/chacha-p10-glue.c > @@ -197,6 +197,9 @@ static struct skcipher_alg algs[] = { > > static int __init chacha_p10_init(void) > { > + if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1)) > + return 0; > + > static_branch_enable(_p10); > > return crypto_register_skciphers(algs, ARRAY_SIZE(algs)); > @@ -207,7 +210,7 @@ static void __exit chacha_p10_exit(void) > crypto_unregister_skciphers(algs, ARRAY_SIZE(algs)); > } > > -module_cpu_feature_match(PPC_MODULE_FEATURE_P10, chacha_p10_init); > +module_init(chacha_p10_init); > module_exit(chacha_p10_exit); > > MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (P10 accelerated)"); > > > Giving me: > > $ modprobe -v wireguard > insmod /lib/modules/6.8.0-dirty/kernel/net/ipv4/udp_tunnel.ko > insmod /lib/modules/6.8.0-dirty/kernel/net/ipv6/ip6_udp_tunnel.ko > insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha.ko > insmod > /lib/modules/6.8.0-dirty/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko > insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha20poly1305.ko > insmod /lib/modules/6.8.0-dirty/kernel/drivers/net/wireguard/wireguard.ko > [ 19.657941][ T718] wireguard: allowedips self-tests: pass > [ 19.662501][ T718] wireguard: nonce counter self-tests: pass > [ 19.782933][ T718] wireguard: ratelimiter self-tests: pass > [ 19.783114][ T718] wireguard: WireGuard 1.0.0 loaded. See > www.wireguard.com for information. > [ 19.783223][ T718] wireguard: Copyright (C) 2015-2019 Jason A. > Donenfeld . All Rights Reserved. > > > cheers
Re: Cannot load wireguard module
Michal Suchánek writes: > On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote: >> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote: >> > Michael Ellerman writes: >> > > Michal Suchánek writes: >> > >> Hello, >> > >> >> > >> I cannot load the wireguard module. >> > >> >> > >> Loading the module provides no diagnostic other than 'No such device'. >> > >> >> > >> Please provide maningful diagnostics for loading software-only driver, >> > >> clearly there is no particular device needed. >> > > >> > > Presumably it's just bubbling up an -ENODEV from somewhere. >> > > >> > > Can you get a trace of it? >> > > >> > > Something like: >> > > >> > > # trace-cmd record -p function_graph -F modprobe wireguard > > Attached. Sorry :/, you need to also trace children of modprobe, with -c. But, I was able to reproduce the same issue here. On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works: $ modprobe -v wireguard insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko [ 19.180564][ T692] wireguard: allowedips self-tests: pass [ 19.185080][ T692] wireguard: nonce counter self-tests: pass [ 19.310438][ T692] wireguard: ratelimiter self-tests: pass [ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information. [ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks: $ modprobe -v wireguard insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko modprobe: ERROR: could not insert 'wireguard': No such device The ENODEV is coming from module_cpu_feature_match(), which blocks the driver from loading on non-p10. Looking at other arches (arm64 at least) it seems like the driver should instead be loading but disabling the p10 path. Which then allows chacha_crypt_arch() to exist, and it has a fallback to use chacha_crypt_generic(). I don't see how module_cpu_feature_match() can co-exist with the driver also providing a fallback. Hopefully someone who knows crypto better than me can explain it. This diff fixes it for me: diff --git a/arch/powerpc/crypto/chacha-p10-glue.c b/arch/powerpc/crypto/chacha-p10-glue.c index 74fb86b0d209..9d2c30b0904c 100644 --- a/arch/powerpc/crypto/chacha-p10-glue.c +++ b/arch/powerpc/crypto/chacha-p10-glue.c @@ -197,6 +197,9 @@ static struct skcipher_alg algs[] = { static int __init chacha_p10_init(void) { + if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1)) + return 0; + static_branch_enable(_p10); return crypto_register_skciphers(algs, ARRAY_SIZE(algs)); @@ -207,7 +210,7 @@ static void __exit chacha_p10_exit(void) crypto_unregister_skciphers(algs, ARRAY_SIZE(algs)); } -module_cpu_feature_match(PPC_MODULE_FEATURE_P10, chacha_p10_init); +module_init(chacha_p10_init); module_exit(chacha_p10_exit); MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (P10 accelerated)"); Giving me: $ modprobe -v wireguard insmod /lib/modules/6.8.0-dirty/kernel/net/ipv4/udp_tunnel.ko insmod /lib/modules/6.8.0-dirty/kernel/net/ipv6/ip6_udp_tunnel.ko insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha.ko insmod /lib/modules/6.8.0-dirty/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha20poly1305.ko insmod /lib/modules/6.8.0-dirty/kernel/drivers/net/wireguard/wireguard.ko [ 19.657941][ T718] wireguard: allowedips self-tests: pass [ 19.662501][ T718] wireguard: nonce counter self-tests: pass [ 19.782933][ T718] wireguard: ratelimiter self-tests: pass [ 19.783114][ T718] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information. [ 19.783223][ T718] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. cheers
Re: Cannot load wireguard module
On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote: > Michael Ellerman writes: > > Michal Suchánek writes: > >> Hello, > >> > >> I cannot load the wireguard module. > >> > >> Loading the module provides no diagnostic other than 'No such device'. > >> > >> Please provide maningful diagnostics for loading software-only driver, > >> clearly there is no particular device needed. > > > > Presumably it's just bubbling up an -ENODEV from somewhere. > > > > Can you get a trace of it? > > > > Something like: > > > > # trace-cmd record -p function_graph -F modprobe wireguard > > > > That should probably show where it's bailing out. > > > >> jostaberry-1:~ # uname -a > >> Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 > >> 09:02:21 UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > >> jostaberry-1:~ # modprobe wireguard > >> modprobe: ERROR: could not insert 'wireguard': No such device > >> jostaberry-1:~ # modprobe -v wireguard > >> insmod > >> /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > >> > >> modprobe: ERROR: could not insert 'wireguard': No such device > > > > What machine is this? A Power10? > > I am able to load the module successfully on a P10 running v6.8.0. Of course, it's not a Power10. Otherwise the Power10-specific chacha implementation would load. Thanks Michal
Re: Cannot load wireguard module
Michael Ellerman writes: > Michal Suchánek writes: >> Hello, >> >> I cannot load the wireguard module. >> >> Loading the module provides no diagnostic other than 'No such device'. >> >> Please provide maningful diagnostics for loading software-only driver, >> clearly there is no particular device needed. > > Presumably it's just bubbling up an -ENODEV from somewhere. > > Can you get a trace of it? > > Something like: > > # trace-cmd record -p function_graph -F modprobe wireguard > > That should probably show where it's bailing out. > >> jostaberry-1:~ # uname -a >> Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 >> UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux >> jostaberry-1:~ # modprobe wireguard >> modprobe: ERROR: could not insert 'wireguard': No such device >> jostaberry-1:~ # modprobe -v wireguard >> insmod >> /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst >> >> modprobe: ERROR: could not insert 'wireguard': No such device > > What machine is this? A Power10? I am able to load the module successfully on a P10 running v6.8.0. I tried running the demo (client-quick.sh) to check it actually works, but that hangs sending the public key, I suspect because my development machine is behind multiple firewalls. cheers
Re: Cannot load wireguard module
Michal Suchánek writes: > Hello, > > I cannot load the wireguard module. > > Loading the module provides no diagnostic other than 'No such device'. > > Please provide maningful diagnostics for loading software-only driver, > clearly there is no particular device needed. Presumably it's just bubbling up an -ENODEV from somewhere. Can you get a trace of it? Something like: # trace-cmd record -p function_graph -F modprobe wireguard That should probably show where it's bailing out. > jostaberry-1:~ # uname -a > Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 > UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > jostaberry-1:~ # modprobe wireguard > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > > modprobe: ERROR: could not insert 'wireguard': No such device What machine is this? A Power10? cheers
Re: Cannot load wireguard module
Hi, Le 15/03/2024 à 13:20, Michal Suchánek a écrit : > Hello, > > I cannot load the wireguard module. > > Loading the module provides no diagnostic other than 'No such device'. > > Please provide maningful diagnostics for loading software-only driver, > clearly there is no particular device needed. Can you tell us more ? Were you able to load it before ? Can you provide your .config ? I just gave it a try on my powerpc 8xx (ppc32) as built-in (I don't use modules) and it seems to probe properly: [7.547390] wireguard: allowedips self-tests: pass [7.607224] wireguard: nonce counter self-tests: pass [7.776594] wireguard: ratelimiter self-tests: pass [7.781723] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for info rmation. [7.789570] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. Christophe > > Thanks > > Michal > > jostaberry-1:~ # uname -a > Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 > UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > jostaberry-1:~ # modprobe wireguard > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe chacha-generic > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # >
Cannot load wireguard module
Hello, I cannot load the wireguard module. Loading the module provides no diagnostic other than 'No such device'. Please provide maningful diagnostics for loading software-only driver, clearly there is no particular device needed. Thanks Michal jostaberry-1:~ # uname -a Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux jostaberry-1:~ # modprobe wireguard modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ # modprobe -v wireguard insmod /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ # modprobe chacha-generic jostaberry-1:~ # modprobe -v wireguard insmod /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ #