Bug 439874
Summary: | IPV6DOD: 2.6.18-87.el5 kernel crashes when using ipsec with aes-xcbc-mac and UDP on ppc64. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | IBM Bug Proxy <bugproxy> | ||||
Component: | kernel | Assignee: | Thomas Graf <tgraf> | ||||
Status: | CLOSED ERRATA | QA Contact: | Martin Jenner <mjenner> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 5.2 | CC: | dzickus, herbert.xu, lwang, rkhan, tgraf | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | ppc64 | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | RHBA-2008-0314 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-05-21 15:13:48 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 253764 | ||||||
Attachments: |
|
Description
IBM Bug Proxy
2008-03-31 20:32:21 UTC
------- Comment From latten.com 2008-03-31 17:23 EDT------- I think I know why xcbc crashes. esp6_output gives it data such that nbytes=1496 and slen=1440 first time in do loop in crypto_xcbc_digest_update2(). The first 1440 bytes are in first sg enrty. The last 56 bits are in next sg entry, only thing is we do not check to see if its length is zero and if so go look it up. I noticed in hmac.c, we do a scatterwalk_sg_next() which does this for us. Thus I changed xcbc to use scatterwalk_sg_next() like hmac.c I think this may be broken upstream too. Checking upstream right now. Will run an ipsec stress test overnight using aes-xcbc-mac with fix and also include aes-ctr, since these are both new algorithms. Created attachment 299788 [details]
Patch for xcbc.
OK, this is a problem in upstream kernel too.
I have patched an upstream kernel and RHEL5.2 87 kernel with following patch
and will run a stress tests a couple of hours and see what happens.
Red Hat guys, please let me know if patch looks ok.
Will also post upstream once stress test completes successfully.
Looks good to me. ------- Comment From latten.com 2008-04-01 11:23 EDT------- The stress test has run for 15 hours with no problems! The test ran between an upstream kernel with patch and a RHEL5.2 kernel (87 from dzickus) with patch sending streams of tcp and udp packets. Will also submit this patch upstream. in kernel-2.6.18-89.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 ------- Comment From latten.com 2008-04-23 17:20 EDT------- This verified successfully in the 90 kernel. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0314.html |