Date: Sat, 11 Dec 2010 18:01:21 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Mike Tancsa <mike@sentex.net> Cc: Jan Henrik Sylvester <me@janh.de>, stable-list freebsd <freebsd-stable@freebsd.org> Subject: Re: aesni(?) corrupts data on 8.2-BETA1 Message-ID: <20101211160121.GL33073@deviant.kiev.zoral.com.ua> In-Reply-To: <4D02D736.7000103@sentex.net> References: <4D02CA9E.1030704@janh.de> <4D02D736.7000103@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--EecmvZxDifkbrwfl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 10, 2010 at 08:43:18PM -0500, Mike Tancsa wrote: > Actually, I just noticed something like this as well with ssh via > cryptodev and rsync as well. It was erroring out. eg. >=20 >=20 > Dec 10 16:50:01 backup3 sshd[13120]: Corrupted MAC on input. > Dec 10 16:50:01 backup3 sshd[13120]: Finished discarding for 64.x.x.x >=20 > I had a few ssh sessions die as well. It was working ok with a kernel / > world from last week. I was going to try and see if I can narrow it > down, but it seemed to had been working fine with world from last week. > Not sure if its the openssl update ? But if you are seeing issues with > geli, then I doubt its openssl. >=20 > ---Mike >=20 > On 12/10/2010 7:49 PM, Jan Henrik Sylvester wrote: > > I just upgraded my main laptop from 8.1-RELEASE (GENERIC, amd64) to > > 8.2-BETA1 and added aesni_load=3D"YES" to my /boot/loader.conf. > >=20 > > (If my interpretation is correct:) With aesni loaded, I see many files > > corrupted on my geli encrypted volume. Without aesni loaded, they are o= k. > >=20 > > I have got a journaling UFS2 on gjournal on geli on a FreeBSD partition > > on a MBR slice on a disk with ahci loaded. > >=20 > > Story: First I noticed some weirdness of Thunderbird not showing the > > "upgraded" message properly and reloading IMAP messages that have > > already been read, but did not think of anything. Only during my usual > > rsyncing of the encrypted volume, I saw that some files could not be > > read (invalid file descriptor?). I rebooted without aesni and got a > > different error message. > >=20 > > I created checksums of all files on that encrypted volume with and > > without aesni loaded (rebooting in between): 150 Differences (one files > > could not be read in both cases). > >=20 > > Just to make sure, I tried to rsync with "--checksum" and "--dry-run" to > > the other machine that is supposed to have the same files: With aesni, > > many files were scheduled to be synced and one could not be read, but > > without aesni, only that one file was scheduled to be synced -- it > > probably got corrupted for good with aesni loaded. It is especially > > weird that I did not attempt to write to the file that got corrupted on > > disk with aesni loaded. > >=20 > > Is there anything I am doing wrong or is it really aesni or the > > processor failing? > >=20 > > The processor is a Core i7-M620 (with AESNI of course). > >=20 > > Before I investigate any further, I have to make a real backup... > > rsyncing does not prevent silent corruption. I am lucky that it was not > > so silent after all. I have no access to AESNI hardware. For start, you may use src/tools/tools/crypto/cryptotest to somewhat verify the sanity of the driver. --EecmvZxDifkbrwfl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk0DoFEACgkQC3+MBN1Mb4iLRwCfWpRmZ55wg5xUXcqK03wRF5D+ 1VoAniaPBmLTwbfgEr+Msp8V2Z+NnGIA =Nvll -----END PGP SIGNATURE----- --EecmvZxDifkbrwfl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101211160121.GL33073>