Date: Sat, 15 Nov 2014 22:15:25 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-security@freebsd.org, current@freebsd.org Subject: Re: CFR: AES-GCM and OpenCrypto work review Message-ID: <20141116061525.GG24601@funkthat.com> In-Reply-To: <546744B6.8040504@yandex.ru> References: <20141108042300.GA24601@funkthat.com> <54655257.8080705@yandex.ru> <54660389.9060409@yandex.ru> <20141114193911.GR24601@funkthat.com> <20141115024201.GW24601@funkthat.com> <546744B6.8040504@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey V. Elsukov wrote this message on Sat, Nov 15, 2014 at 15:19 +0300:
> On 15.11.2014 05:42, John-Mark Gurney wrote:
> > I just verified that this happens on a clean HEAD @ r274534:
> > FreeBSD 11.0-CURRENT #0 r274534: Fri Nov 14 17:17:10 PST 2014
> > jmg@carbon.funkthat.com:/scratch/jmg/clean/sys/amd64/compile/IPSEC amd64
> >
> > No modifications, nothing, and I got the same panic:
> > panic: System call sendto returing with kernel FPU ctx leaked
> > cpuid = 0
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe001de7a800
> > kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe001de7a8b0
> > vpanic() at vpanic+0x189/frame 0xfffffe001de7a930
> > kassert_panic() at kassert_panic+0x139/frame 0xfffffe001de7a9a0
> > amd64_syscall() at amd64_syscall+0x616/frame 0xfffffe001de7aab0
> > Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe001de7aab0
> > --- syscall (64, FreeBSD ELF64, nosys), rip = 0x8011975aa, rsp = 0x7ffffffee588, rbp = 0x7ffffffee5c0 ---
> > KDB: enter: panic
> >
> > So, it's clearly not my patch that is causing the issue...
> >
> > Andrey, can you verify that you do not receive the same panic w/o my
> > patches?
>
> I tried 11.0-CURRENT r274549 with and without patches.
> Without patches all works as expected. System encrypts and forwards
> traffic with and without aesni module.
>
> With patches software rijndaelEncrypt also works. But when I load
> aesni.ko and restart setkey -f /etc/ipsec.conf forwarding stops, errors
> counter starts grow. And I see messages about wrong source route
> attempts from random addresses.
Ok, I was able to reproduce the bug, and found that my optimization
for single mbuf packets was broken... I've attached a new patch
that has the fix...
This patch also has added a lock around the aesni fpu context setting
to deal w/ the issue that I had...
Let me know how things are w/ this new patch.
Thanks.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141116061525.GG24601>