Re: Cannot load wireguard module
Herbert Xu writes: > On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: >> >> This diff fixes it for me: > > Yes I think this is the correct fix. Thanks, I'll send a proper patch next week. cheers
Re: Cannot load wireguard module
On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote: > > This diff fixes it for me: Yes I think this is the correct fix. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Cannot load wireguard module
Michal Suchánek writes:
> On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote:
>> Michal Suchánek writes:
>> > On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote:
>> >> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote:
>> >> > Michael Ellerman writes:
>> >> > > Michal Suchánek writes:
>> >> > >> Hello,
>> >> > >>
>> >> > >> I cannot load the wireguard module.
>> >> > >>
>> >> > >> Loading the module provides no diagnostic other than 'No such
>> >> > >> device'.
>> >> > >>
>> >> > >> Please provide maningful diagnostics for loading software-only
>> >> > >> driver,
>> >> > >> clearly there is no particular device needed.
>> >> > >
>> >> > > Presumably it's just bubbling up an -ENODEV from somewhere.
>> >> > >
>> >> > > Can you get a trace of it?
>> >> > >
>> >> > > Something like:
>> >> > >
>> >> > > # trace-cmd record -p function_graph -F modprobe wireguard
>> >
>> > Attached.
>>
>> Sorry :/, you need to also trace children of modprobe, with -c.
>>
>> But, I was able to reproduce the same issue here.
>>
>> On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works:
>>
>> $ modprobe -v wireguard
>> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
>> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
>> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
>> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko
>> insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko
>> [ 19.180564][ T692] wireguard: allowedips self-tests: pass
>> [ 19.185080][ T692] wireguard: nonce counter self-tests: pass
>> [ 19.310438][ T692] wireguard: ratelimiter self-tests: pass
>> [ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See
>> www.wireguard.com for information.
>> [ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A.
>> Donenfeld . All Rights Reserved.
>>
>>
>> If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks:
>>
>> $ modprobe -v wireguard
>> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
>> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
>> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
>> insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko
>> modprobe: ERROR: could not insert 'wireguard': No such device
>>
>>
>> The ENODEV is coming from module_cpu_feature_match(), which blocks the
>> driver from loading on non-p10.
>>
>> Looking at other arches (arm64 at least) it seems like the driver should
>> instead be loading but disabling the p10 path. Which then allows
>> chacha_crypt_arch() to exist, and it has a fallback to use
>> chacha_crypt_generic().
>>
>> I don't see how module_cpu_feature_match() can co-exist with the driver
>> also providing a fallback. Hopefully someone who knows crypto better
>> than me can explain it.
>
> Maybe it doesn't. ppc64le is the only platform that needs the fallback,
> on other platforms that have hardware-specific chacha implementation it
> seems to be using pretty common feature so the fallback is rarely if
> ever needed in practice.
Yeah you are probably right.
The arm64 NEON code was changed by Ard to behave like a library in
b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as
library function").
Which included this change:
@@ -179,14 +207,17 @@ static struct skcipher_alg algs[] = {
static int __init chacha_simd_mod_init(void)
{
if (!cpu_have_named_feature(ASIMD))
- return -ENODEV;
+ return 0;
+
+ static_branch_enable(_neon);
return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
}
It didn't use module_cpu_feature_match(), but the above is basically the
same pattern.
I don't actually see the point of using module_cpu_feature_match() for
this code.
There's no point loading it unless someone wants to use chacha, and that
should be handled by MODULE_ALIAS_CRYPTO("chacha20") etc.
cheers
Re: Cannot load wireguard module
On Wed, Mar 20, 2024 at 11:41:32PM +1100, Michael Ellerman wrote:
> Michal Suchánek writes:
> > On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote:
> >> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote:
> >> > Michael Ellerman writes:
> >> > > Michal Suchánek writes:
> >> > >> Hello,
> >> > >>
> >> > >> I cannot load the wireguard module.
> >> > >>
> >> > >> Loading the module provides no diagnostic other than 'No such device'.
> >> > >>
> >> > >> Please provide maningful diagnostics for loading software-only driver,
> >> > >> clearly there is no particular device needed.
> >> > >
> >> > > Presumably it's just bubbling up an -ENODEV from somewhere.
> >> > >
> >> > > Can you get a trace of it?
> >> > >
> >> > > Something like:
> >> > >
> >> > > # trace-cmd record -p function_graph -F modprobe wireguard
> >
> > Attached.
>
> Sorry :/, you need to also trace children of modprobe, with -c.
>
> But, I was able to reproduce the same issue here.
>
> On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works:
>
> $ modprobe -v wireguard
> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko
> insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko
> [ 19.180564][ T692] wireguard: allowedips self-tests: pass
> [ 19.185080][ T692] wireguard: nonce counter self-tests: pass
> [ 19.310438][ T692] wireguard: ratelimiter self-tests: pass
> [ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See
> www.wireguard.com for information.
> [ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A.
> Donenfeld . All Rights Reserved.
>
>
> If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks:
>
> $ modprobe -v wireguard
> insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
> insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
> insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
> insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko
> modprobe: ERROR: could not insert 'wireguard': No such device
>
>
> The ENODEV is coming from module_cpu_feature_match(), which blocks the
> driver from loading on non-p10.
>
> Looking at other arches (arm64 at least) it seems like the driver should
> instead be loading but disabling the p10 path. Which then allows
> chacha_crypt_arch() to exist, and it has a fallback to use
> chacha_crypt_generic().
>
> I don't see how module_cpu_feature_match() can co-exist with the driver
> also providing a fallback. Hopefully someone who knows crypto better
> than me can explain it.
Maybe it doesn't. ppc64le is the only platform that needs the fallback,
on other platforms that have hardware-specific chacha implementation it
seems to be using pretty common feature so the fallback is rarely if
ever needed in practice.
Thanks
Michal
>
> This diff fixes it for me:
>
> diff --git a/arch/powerpc/crypto/chacha-p10-glue.c
> b/arch/powerpc/crypto/chacha-p10-glue.c
> index 74fb86b0d209..9d2c30b0904c 100644
> --- a/arch/powerpc/crypto/chacha-p10-glue.c
> +++ b/arch/powerpc/crypto/chacha-p10-glue.c
> @@ -197,6 +197,9 @@ static struct skcipher_alg algs[] = {
>
> static int __init chacha_p10_init(void)
> {
> + if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1))
> + return 0;
> +
> static_branch_enable(_p10);
>
> return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
> @@ -207,7 +210,7 @@ static void __exit chacha_p10_exit(void)
> crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
> }
>
> -module_cpu_feature_match(PPC_MODULE_FEATURE_P10, chacha_p10_init);
> +module_init(chacha_p10_init);
> module_exit(chacha_p10_exit);
>
> MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (P10 accelerated)");
>
>
> Giving me:
>
> $ modprobe -v wireguard
> insmod /lib/modules/6.8.0-dirty/kernel/net/ipv4/udp_tunnel.ko
> insmod /lib/modules/6.8.0-dirty/kernel/net/ipv6/ip6_udp_tunnel.ko
> insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha.ko
> insmod
> /lib/modules/6.8.0-dirty/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko
> insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha20poly1305.ko
> insmod /lib/modules/6.8.0-dirty/kernel/drivers/net/wireguard/wireguard.ko
> [ 19.657941][ T718] wireguard: allowedips self-tests: pass
> [ 19.662501][ T718] wireguard: nonce counter self-tests: pass
> [ 19.782933][ T718] wireguard: ratelimiter self-tests: pass
> [ 19.783114][ T718] wireguard: WireGuard 1.0.0 loaded. See
> www.wireguard.com for information.
> [ 19.783223][ T718] wireguard: Copyright (C) 2015-2019 Jason A.
> Donenfeld . All Rights Reserved.
>
>
> cheers
Re: Cannot load wireguard module
Michal Suchánek writes:
> On Mon, Mar 18, 2024 at 06:08:55PM +0100, Michal Suchánek wrote:
>> On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote:
>> > Michael Ellerman writes:
>> > > Michal Suchánek writes:
>> > >> Hello,
>> > >>
>> > >> I cannot load the wireguard module.
>> > >>
>> > >> Loading the module provides no diagnostic other than 'No such device'.
>> > >>
>> > >> Please provide maningful diagnostics for loading software-only driver,
>> > >> clearly there is no particular device needed.
>> > >
>> > > Presumably it's just bubbling up an -ENODEV from somewhere.
>> > >
>> > > Can you get a trace of it?
>> > >
>> > > Something like:
>> > >
>> > > # trace-cmd record -p function_graph -F modprobe wireguard
>
> Attached.
Sorry :/, you need to also trace children of modprobe, with -c.
But, I was able to reproduce the same issue here.
On a P9, a kernel with CONFIG_CRYPTO_CHACHA20_P10=n everything works:
$ modprobe -v wireguard
insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha20poly1305.ko
insmod /lib/modules/6.8.0/kernel/drivers/net/wireguard/wireguard.ko
[ 19.180564][ T692] wireguard: allowedips self-tests: pass
[ 19.185080][ T692] wireguard: nonce counter self-tests: pass
[ 19.310438][ T692] wireguard: ratelimiter self-tests: pass
[ 19.310639][ T692] wireguard: WireGuard 1.0.0 loaded. See
www.wireguard.com for information.
[ 19.310746][ T692] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld
. All Rights Reserved.
If I build CONFIG_CRYPTO_CHACHA20_P10 as a module then it breaks:
$ modprobe -v wireguard
insmod /lib/modules/6.8.0/kernel/net/ipv4/udp_tunnel.ko
insmod /lib/modules/6.8.0/kernel/net/ipv6/ip6_udp_tunnel.ko
insmod /lib/modules/6.8.0/kernel/lib/crypto/libchacha.ko
insmod /lib/modules/6.8.0/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko
modprobe: ERROR: could not insert 'wireguard': No such device
The ENODEV is coming from module_cpu_feature_match(), which blocks the
driver from loading on non-p10.
Looking at other arches (arm64 at least) it seems like the driver should
instead be loading but disabling the p10 path. Which then allows
chacha_crypt_arch() to exist, and it has a fallback to use
chacha_crypt_generic().
I don't see how module_cpu_feature_match() can co-exist with the driver
also providing a fallback. Hopefully someone who knows crypto better
than me can explain it.
This diff fixes it for me:
diff --git a/arch/powerpc/crypto/chacha-p10-glue.c
b/arch/powerpc/crypto/chacha-p10-glue.c
index 74fb86b0d209..9d2c30b0904c 100644
--- a/arch/powerpc/crypto/chacha-p10-glue.c
+++ b/arch/powerpc/crypto/chacha-p10-glue.c
@@ -197,6 +197,9 @@ static struct skcipher_alg algs[] = {
static int __init chacha_p10_init(void)
{
+ if (!cpu_has_feature(PPC_FEATURE2_ARCH_3_1))
+ return 0;
+
static_branch_enable(_p10);
return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
@@ -207,7 +210,7 @@ static void __exit chacha_p10_exit(void)
crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
}
-module_cpu_feature_match(PPC_MODULE_FEATURE_P10, chacha_p10_init);
+module_init(chacha_p10_init);
module_exit(chacha_p10_exit);
MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (P10 accelerated)");
Giving me:
$ modprobe -v wireguard
insmod /lib/modules/6.8.0-dirty/kernel/net/ipv4/udp_tunnel.ko
insmod /lib/modules/6.8.0-dirty/kernel/net/ipv6/ip6_udp_tunnel.ko
insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha.ko
insmod
/lib/modules/6.8.0-dirty/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko
insmod /lib/modules/6.8.0-dirty/kernel/lib/crypto/libchacha20poly1305.ko
insmod /lib/modules/6.8.0-dirty/kernel/drivers/net/wireguard/wireguard.ko
[ 19.657941][ T718] wireguard: allowedips self-tests: pass
[ 19.662501][ T718] wireguard: nonce counter self-tests: pass
[ 19.782933][ T718] wireguard: ratelimiter self-tests: pass
[ 19.783114][ T718] wireguard: WireGuard 1.0.0 loaded. See
www.wireguard.com for information.
[ 19.783223][ T718] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld
. All Rights Reserved.
cheers
Re: Cannot load wireguard module
On Mon, Mar 18, 2024 at 10:50:49PM +1100, Michael Ellerman wrote: > Michael Ellerman writes: > > Michal Suchánek writes: > >> Hello, > >> > >> I cannot load the wireguard module. > >> > >> Loading the module provides no diagnostic other than 'No such device'. > >> > >> Please provide maningful diagnostics for loading software-only driver, > >> clearly there is no particular device needed. > > > > Presumably it's just bubbling up an -ENODEV from somewhere. > > > > Can you get a trace of it? > > > > Something like: > > > > # trace-cmd record -p function_graph -F modprobe wireguard > > > > That should probably show where it's bailing out. > > > >> jostaberry-1:~ # uname -a > >> Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 > >> 09:02:21 UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > >> jostaberry-1:~ # modprobe wireguard > >> modprobe: ERROR: could not insert 'wireguard': No such device > >> jostaberry-1:~ # modprobe -v wireguard > >> insmod > >> /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > >> > >> modprobe: ERROR: could not insert 'wireguard': No such device > > > > What machine is this? A Power10? > > I am able to load the module successfully on a P10 running v6.8.0. Of course, it's not a Power10. Otherwise the Power10-specific chacha implementation would load. Thanks Michal
Re: Cannot load wireguard module
Michael Ellerman writes: > Michal Suchánek writes: >> Hello, >> >> I cannot load the wireguard module. >> >> Loading the module provides no diagnostic other than 'No such device'. >> >> Please provide maningful diagnostics for loading software-only driver, >> clearly there is no particular device needed. > > Presumably it's just bubbling up an -ENODEV from somewhere. > > Can you get a trace of it? > > Something like: > > # trace-cmd record -p function_graph -F modprobe wireguard > > That should probably show where it's bailing out. > >> jostaberry-1:~ # uname -a >> Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 >> UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux >> jostaberry-1:~ # modprobe wireguard >> modprobe: ERROR: could not insert 'wireguard': No such device >> jostaberry-1:~ # modprobe -v wireguard >> insmod >> /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst >> >> modprobe: ERROR: could not insert 'wireguard': No such device > > What machine is this? A Power10? I am able to load the module successfully on a P10 running v6.8.0. I tried running the demo (client-quick.sh) to check it actually works, but that hangs sending the public key, I suspect because my development machine is behind multiple firewalls. cheers
Re: Cannot load wireguard module
Michal Suchánek writes: > Hello, > > I cannot load the wireguard module. > > Loading the module provides no diagnostic other than 'No such device'. > > Please provide maningful diagnostics for loading software-only driver, > clearly there is no particular device needed. Presumably it's just bubbling up an -ENODEV from somewhere. Can you get a trace of it? Something like: # trace-cmd record -p function_graph -F modprobe wireguard That should probably show where it's bailing out. > jostaberry-1:~ # uname -a > Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 > UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > jostaberry-1:~ # modprobe wireguard > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > > modprobe: ERROR: could not insert 'wireguard': No such device What machine is this? A Power10? cheers
Re: Cannot load wireguard module
Hi, Le 15/03/2024 à 13:20, Michal Suchánek a écrit : > Hello, > > I cannot load the wireguard module. > > Loading the module provides no diagnostic other than 'No such device'. > > Please provide maningful diagnostics for loading software-only driver, > clearly there is no particular device needed. Can you tell us more ? Were you able to load it before ? Can you provide your .config ? I just gave it a try on my powerpc 8xx (ppc32) as built-in (I don't use modules) and it seems to probe properly: [7.547390] wireguard: allowedips self-tests: pass [7.607224] wireguard: nonce counter self-tests: pass [7.776594] wireguard: ratelimiter self-tests: pass [7.781723] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for info rmation. [7.789570] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. Christophe > > Thanks > > Michal > > jostaberry-1:~ # uname -a > Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 > UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux > jostaberry-1:~ # modprobe wireguard > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # modprobe chacha-generic > jostaberry-1:~ # modprobe -v wireguard > insmod > /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst > modprobe: ERROR: could not insert 'wireguard': No such device > jostaberry-1:~ # >
Cannot load wireguard module
Hello, I cannot load the wireguard module. Loading the module provides no diagnostic other than 'No such device'. Please provide maningful diagnostics for loading software-only driver, clearly there is no particular device needed. Thanks Michal jostaberry-1:~ # uname -a Linux jostaberry-1 6.8.0-lp155.8.g7e0e887-default #1 SMP Wed Mar 13 09:02:21 UTC 2024 (7e0e887) ppc64le ppc64le ppc64le GNU/Linux jostaberry-1:~ # modprobe wireguard modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ # modprobe -v wireguard insmod /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ # modprobe chacha-generic jostaberry-1:~ # modprobe -v wireguard insmod /lib/modules/6.8.0-lp155.8.g7e0e887-default/kernel/arch/powerpc/crypto/chacha-p10-crypto.ko.zst modprobe: ERROR: could not insert 'wireguard': No such device jostaberry-1:~ #
