From owner-freebsd-current@freebsd.org Sat Jul 11 19:27:45 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72D87999515; Sat, 11 Jul 2015 19:27:45 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2BBED1F9F; Sat, 11 Jul 2015 19:27:44 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtp (envelope-from ) id <1ZE0Qx-002XcX-HC>; Sat, 11 Jul 2015 21:27:35 +0200 Received: from f052136117.adsl.alicedsl.de ([78.52.136.117] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (envelope-from ) id <1ZE0Qx-0017BH-9L>; Sat, 11 Jul 2015 21:27:35 +0200 Date: Sat, 11 Jul 2015 21:27:29 +0200 From: "O. Hartmann" To: Fabian Keil Cc: freebsd-current@freebsd.org, "Matthew D. Fuller" , "George V. Neville-Neil" , svn-src-head@freebsd.org Subject: Re: geli AES-XTS provider attachment broken after r285336 (was: svn commit: r285336 - in head/sys: netipsec opencrypto) Message-ID: <20150711212729.55815877.ohartman@zedat.fu-berlin.de> In-Reply-To: <4308d5d9.790ffd96@fabiankeil.de> References: <201507091816.t69IGawf097288@repo.freebsd.org> <20150711044843.GG96394@over-yonder.net> <4308d5d9.790ffd96@fabiankeil.de> Organization: FU Berlin X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/mGWogvp=CsGmDt_tb2v.eSj"; protocol="application/pgp-signature" X-Originating-IP: 78.52.136.117 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 19:27:45 -0000 --Sig_/mGWogvp=CsGmDt_tb2v.eSj Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Sat, 11 Jul 2015 19:04:07 +0200 Fabian Keil schrieb: > "Matthew D. Fuller" wrote: >=20 > > On Thu, Jul 09, 2015 at 06:16:36PM +0000 I heard the voice of > > George V. Neville-Neil, and lo! it spake thus: > > > New Revision: 285336 > > > URL: https://svnweb.freebsd.org/changeset/base/285336 > > >=20 > > > Log: > > > Add support for AES modes to IPSec. These modes work both in softw= are only > > > mode and with hardware support on systems that have AESNI instructi= ons. > >=20 > > With (apparently) this change, I can trigger a panic at will by > > running > >=20 > > % geli onetime -e AES-XTS -d /dev/ada0s1 >=20 > Thanks for the heads-up. >=20 > As it wasn't obvious to me: the commit broke attachment > of AES-XTS providers in general. >=20 > Reverting it lets my test system boot again. >=20 > Fabian Running CURRENT on several Intel platforms, using swap.eli on all systems i= s usual to my setups. On modern hardware, say >=3D Intel i7 architectures (with or withou= t AES-NI), I didn't recognize a panic at all but in one case a core i3 starts swapping d= ies immediately. Another box, a dual core XEON Core2 Duo based architecture wit= hout AES-NI fails booting immediately after I see the mounting and initialising of swap= .eli. Maybe this observation is of use.=20 --Sig_/mGWogvp=CsGmDt_tb2v.eSj Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVoW4hAAoJEOgBcD7A/5N8+8EIAMQh7/RWGveNcpdC8PH1NOAe US8z85ThGU7U3/sN9r3Ea/xXMvEjAwJObiTrhPP6DYTwYrsPTtHpfBWQ3tlWq6My lOk1ISCE9fNNgcQtkvHI+fGH6yGZ1nOANc2E210pW2O4cp5jRhywQQ5BD/d0z3tl 7wDXKNjeD2Cfs+tN5+UitZQEeCZeIM6PsUZMb/Bseh+sWtwbHxkGonNBzAlfzWzb WFuEuRUXIb08QXnGuM3slMuBYcehUgubS78dYpkCWPRpUAwakBL8J1V472G0cDag DyOIFNSY/w3v0V4aOspG0PubP0Sm17IoZymgc/o5ESK2yMC6TRdwHsgmSdX+FWM= =flhx -----END PGP SIGNATURE----- --Sig_/mGWogvp=CsGmDt_tb2v.eSj--