Date: Tue, 09 Jun 2026 19:28:27 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 295942] SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE data corruption on files > 128KB Message-ID: <bug-295942-227-8zmH3BHRou@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-295942-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295942 --- Comment #4 from Andrew Gallatin <gallatin@FreeBSD.org> --- Your VM was not using ktls, based on those counters. I switched my VM from vtnet to e1000 and still didn't hit an issue. I don't think igb vs vtnet should matter. vtnet does not handle EXTPG mbufs, but that just means the mbuf chain is re-written in ip_output, that does not impact the crypto. So far I've tried: - current, UFS, no repro, vtnet - 15R, UFS, no repro, vtnet - 15R, ZFS, no repro, em0 I'd really like to figure out the issue here. The big thing that stands out in the ktls stats is ocf.inplace vs ocf.separate_output. Our (Netflix) workload is nginx, with sendfile, and shows ~99% separate output, which is the path taken by sendfile without hdr/trl. I recently fixed a bug in main (which I need to MFC to 15) that fixes a problem with mixing sendfile headers with normal sendfile file data (https://cgit.freebsd.org/src/commit/?id=fd9af1e7084c550358d9598407f9ee7583e6a53f), but the failure mode there is very different. But I'm concerned there is some similar bug someplace that has gone undiscovered because we don't use that code path. The other thing you should be aware of is that the benefits of software ktls are mostly limited to the sendfile path, because it avoids having to copy the data into userspace, encrypt it, and copy it back into the kernel. If the data is warm in cache because its not static, then there is not much benefit to SW ktls (it may even cost more). So if I was you, I'd either disable ktls or try to figure out why your static content is not using sendfile. Please don't take this as me trying to sweep this bug under the rug; I really want to figure it out. If you could replicate it in a VM, that would be amazing. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295942-227-8zmH3BHRou>