lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f1ca1f95-c85c-48a3-beb0-78fff09a5bb2@kernel.org>
Date: Tue, 12 Aug 2025 11:45:11 +0200
From: Matthieu Baerts <matttbe@...nel.org>
To: Florian Westphal <fw@...len.de>, Paolo Abeni <pabeni@...hat.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
 Jozsef Kadlecsik <kadlec@...filter.org>,
 "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
 netfilter-devel@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
 Eric Biggers <ebiggers@...nel.org>
Subject: Re: nft_flowtable.sh selftest failures

Hi Florian,

(+ Eric in Cc)

On 12/08/2025 11:22, Florian Westphal wrote:
> Paolo Abeni <pabeni@...hat.com> wrote:
>>> I don't see relevant patches landing in the relevant builds, I suspect
>>> the relevant kernel config knob (CONFIG_CRYPTO_SHA1 ?) was always
>>> missing in the ST config, pulled in by NIPA due to some CI setup tweak
>>> possibly changed recently (Jakub could possibly have a better idea/view
>>> about the latter). Could you please have a look?
> 
> Can't reproduce this here.
> 
> Latest net tree:

I don't know if it can help, but did you try to reproduce it on top of
the branch used by the CI?

 https://github.com/linux-netdev/testing/tree/net-next-2025-08-12--06-00

This branch is on top of net-next, where 'net' has been merged, all
pending patches listed on Patchwork have been applied, plus a few
additional patches are there to either fix some temp issues or improve
the CI somehow. Maybe one of these patches caused the removal of
CONFIG_CRYPTO_SHA1.

I guess that's the case, because when looking at the diff [1] when the
issue got introduced, I see some patches [2] from Eric Biggers modifying
some sctp's Kconfig file. They probably cause the issue, but the fix
should be to add CONFIG_CRYPTO_SHA1 in the ST config as mentioned by Paolo.

[1]
https://netdev.bots.linux.dev/static/nipa/branch_deltas/net-next-2025-08-12--03-00.html
[2] https://patchwork.kernel.org/project/netdevbpf/list/?series=990201

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ