Re: CFR: AES-GCM and OpenCrypto work review

From: John-Mark Gurney <jmg_at_funkthat.com>
Date: Fri, 14 Nov 2014 11:39:11 -0800
Andrey V. Elsukov wrote this message on Fri, Nov 14, 2014 at 16:28 +0300:
> On 14.11.2014 03:52, Andrey V. Elsukov wrote:
> > I tried your patch with my IPv4 forwarding test. When aesni module is
> > loaded and aes-cbc is used I see growing of `invalid outbound packets`
> > counter in `netstat -sp ipsec` output. And no packets are forwarded.
> > Also while testing I got a panic in aesni_encrypt_cbc().
> > 
> > atal trap 9: general protection fault while in kernel mode
> > cpuid = 4; apic id = 04
> > instruction pointer	= 0x20:0xffffffff80d05c43
> > stack pointer	        = 0x28:0xfffffe00003f7e70
> > frame pointer	        = 0x28:0xfffffe00003f7eb0
> > code segment		= base 0x0, limit 0xfffff, type 0x1b
> > 			= DPL 0, pres 1, long 1, def32 0, gran 1
> > processor eflags	= interrupt enabled, resume, IOPL = 0
> > current process		= 12 (irq286: ix0:que 4)
> > 
> 
> The full backtrace is here: http://paste.org.ru/?a3f8pw
> Screenshot from ddb: http://i.imgur.com/H5mbVi8.png?1
> Also I noticed that on higher packet rate sometimes kernel reports about
> wrong source route attempts:
> 
> kernel: attempted source route from 244.116.138.102 to 225.51.107.139
> kernel: attempted source route from 19.120.181.94 to 238.17.74.139
> kernel: attempted source route from 186.217.142.184 to 233.165.4.102
> kernel: attempted source route from 134.41.78.248 to 231.122.242.144
> 
> probably there is mbuf's memory corruption somewhere.

Well.. It looks like IPSEC is still broken in head...  I can get
pings to pass, but now on IPv4 transport mode, I can't get syn's to
be sent out...  I see the output packet in the protocol stats, but
no packets go out the interface...

If you could provide me w/ a simple set of spdadd commands, or the
dumps from the machine, that'd be good...

Hmm....  I just ran ping -f so I could generate some traffic, and
managed to get a:
panic: System call sendto returing with kernel FPU ctx leaked

I'll look into this...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."
Received on Fri Nov 14 2014 - 18:39:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:54 UTC