[strongSwan] Kernel crashes with AES-GCM

Guru Shetty gurushettylists at gmail.com
Mon Oct 1 22:29:03 CEST 2012 

On 1 October 2012 02:02, Richard Andrews <richard.andrews at symstream.com> wrote:
>
> I hit a similar problem with aes-cbc on core i3 processors (2.6 series
> kernel at the time).
That is unfortunate. My tests for aes-cbc did not fail for a week of
tests. Did you get a chance to see the back trace? There probably is
more than one type of race condition.

Thanks,
Guru

> On Thu, 2012-09-27 at 18:13 +0000, Robert Woodcock wrote:
>> I can replicate this as well  - usually in 2-5 hours with 3.2.23 and 3.4.11,
>> on 82571EB NICs and a E3-1270 CPU. I don't have a full call trace yet (need
>> to set up a serial console first) but the last 25 lines of mine look pretty
>> similar to yours.
>>
>> I'm using tunnel mode, not transport, with aes128gcm16.
>>
>> -----Original Message-----
>> From: users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org [mailto:users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org] On Behalf Of Guru Shetty
>> Sent: Thursday, September 27, 2012 9:59 AM
>> To: users at lists.strongswan.org
>> Subject: [strongSwan] Kernel crashes with AES-GCM
>>
>> This probably is not a strongswan issue, as it is the Linux kernel
>> that crashes. But, I felt the wider community may have seen this and
>> have some opinions on how to avoid it.
>>
>> My ipsec.conf summary is as follows:
>>
>> esp=aes128gcm12-modp1024
>> ike=aes-sha1-modp1024
>> type=transport
>>
>> When I use the hardware acceleration provided by Intel CPUs (by
>> loading the aesni-intel kernel module), and run netperf tests in a
>> loop on a 10G NIC, I see kernel crashes (I do get a very good
>> throughput boost). I have seen this issue in Linux 3.2, 3.3, 3.4 and
>> 3.5. It is very easy to reproduce in Linux 3.2 (This is the stock
>> kernel that comes with Ubuntu 12.04).
>>
>> Since Ubuntu 12.04 is a very popular distribution, I was surprised to
>> see no prior bug reports on this front. This makes me wonder, whether
>> there are other ways the wider community is making use of the hardware
>> acceleration.
>>
>> Any inputs are deeply appreciated.
>>
>> For those of you interested, here is the actual kernel back traces.
>> http://marc.info/?l=linux-crypto-vger&m=134852306202727&w=2
>>
>> Thanks,
>> Guru
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list