There is a missing backport in the stables 6.1.x and 5.15.x that combined with a backported patch as a dependency in the QAT driver causes a kernel crash at boot under certain conditions.

In 6.1/5.15, the function pkcs1pad_create() in rsa-pkcs1pad.c [1] sets the reqsize of its akcipher_instance using the value in the akcipher_alg of the selected akcipher implementation. This assumes that the reqsize field has been set for the akcipher implementation when the akcipher_alg has been instantiated. The reqsize field is then used to allocate to allocate memory for pkcs1pad requests.

In commit 80e62ad58db0 ("crypto: qat - Use helper to set reqsize"), the reqsize for the rsa implementation in the QAT driver is moved from being set in the akcipher_alg to being set when the tfm is initialized. This means that the implementation of rsa-pkcs1pad won’t allocate any space for the akcipher request when using the QAT driver.

This issue occurs only when CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set. When the crypto self-test is run, the correct value of the reqsize is stored in the akcipher_alg in the qat driver by the first call to akcipher_set_reqsize() and then when pkcs1pad_create() is executed, it finds the correct value.

Options: 1. Cherry-pick 5b11d1a360ea ("crypto: rsa-pkcs1pad - Use helper to set reqsize") to both 6.1.x and 5.15.x trees. 2. Revert upstream commit 80e62ad58db0 ("crypto: qat - Use helper to set reqsize"). In 6.1 revert da1729e6619c414f34ce679247721603ebb957dc In 5.15 revert 3894f5880f968f81c6f3ed37d96bdea01441a8b7

Option #1 is preferred as the same problem might be impacting other akcipher implementations besides QAT. Option #2 is just specific to the QAT driver.

@Herbert, can you have a quick look in case I missed something? I tried both options in 6.1.51 and they appear to resolve the problem.

Thanks,

[1] https://elixir.bootlin.com/linux/v6.1.51/source/crypto/rsa-pkcs1pad.c#L673