[strongSwan] Kernel crashes with AES-GCM

Guru Shetty gurushettylists at gmail.com
Wed Oct 24 18:51:21 CEST 2012


On 27 September 2012 09:59, Guru Shetty <gurushettylists at gmail.com> wrote:
> This probably is not a strongswan issue, as it is the Linux kernel
> that crashes. But, I felt the wider community may have seen this and
> have some opinions on how to avoid it.
>
> My ipsec.conf summary is as follows:
>
> esp=aes128gcm12-modp1024
> ike=aes-sha1-modp1024
> type=transport
>
> When I use the hardware acceleration provided by Intel CPUs (by
> loading the aesni-intel kernel module), and run netperf tests in a
> loop on a 10G NIC, I see kernel crashes (I do get a very good
> throughput boost). I have seen this issue in Linux 3.2, 3.3, 3.4 and
> 3.5. It is very easy to reproduce in Linux 3.2 (This is the stock
> kernel that comes with Ubuntu 12.04).
>
> Since Ubuntu 12.04 is a very popular distribution, I was surprised to
> see no prior bug reports on this front. This makes me wonder, whether
> there are other ways the wider community is making use of the hardware
> acceleration.
>
> Any inputs are deeply appreciated.
>
> For those of you interested, here is the actual kernel back traces.
> http://marc.info/?l=linux-crypto-vger&m=134852306202727&w=2

This particular issue seems to be fixed with this patch.
http://marc.info/?l=linux-crypto-vger&m=135108446816170&w=2

I haven't seen any crashes after applying this patch.
Please note that this is only for x86_64. x86_32 has a few other patches
that have went in to prevent kernel crashes.


>
> Thanks,
> Guru




More information about the Users mailing list