On Tue, 22 Nov 2005 11:45:21 +1000
David McCullough <[EMAIL PROTECTED]> wrote:
>
> Jivin Kim Phillips lays it down ...
> > Hello all,
> >
> > I'm trying out the latest OCF patch for openswan, and it's generating
> > 'Badness in local_bh_enable' messages when I ping across the tunnel
> > (session details below). It seems irq's are disabled when they shouldn't
> > be?
> >
> > This is a vanilla 2.6.11+ocf-linux-20051110 kernel, with openswan 2.4.3,
> > using the cryptosoft algorithm interface, running on powerpc. Openswan
> > KLIPS alone (without the OCF patch) does not produce this warning. The
> > patch seems to properly match existing spin_lock_* usage. Is the patch
> > adding a new lock that overlays the domain of an existing lock?
> >
>
> Ok, I only tested this with crypto HW on 2.6, and it was working fine,
> I will try out the cryptosoft driver when I get a chance, it may be the
> cause/trigger of the problem.
>
> If you set USE_TASKQ to 1 in ipsec_ocf.c does the problem go away ? We
I get another one before I even try it:
# modprobe ipsec
ipsec: Unknown symbol shedule_work
> cryptosoft it is possible that we call back into ourselves. You could
> also try setting USE_CBIMM to 0 in the same file,
>
setting USE_CBIMM to 0 does indeed do the trick, thanks.
> Cheers,
> Davidm
Kim
> > --
> > # modprobe cryptosoft
> > # modprobe cryptodev
> > cryptodev: module license 'BSD' taints kernel.
> > # modprobe ipsec
> > klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version:
> > 2.4.3
> > NET: Registered protocol family 15
> > klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
> > klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
> > ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
> > ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
> > Debug: sleeping function called from invalid context at
> > include/linux/rwsem.h:43
> > in_atomic():0, irqs_disabled():1
> > Call trace:
> > [c001b740] __might_sleep+0xe4/0xf0
> > [c0115368] crypto_alg_lookup+0x34/0x120
> > [c01154dc] crypto_alloc_tfm+0x1c/0x19c
> > [d102743c] swcr_newsession+0x1f4/0x6d8 [cryptosoft]
> > [c01397c8] crypto_newsession+0x1b4/0x41c
> > [d13f8548] ipsec_ocf_check_alg+0x64/0x108 [ipsec]
> > [d13f862c] ipsec_ocf_init+0x40/0xe4 [ipsec]
> > [d13d711c] ipsec_klips_init+0x118/0x20c [ipsec]
> > [d13d74ac] init_module+0x10/0x20 [ipsec]
> > [c0046ee0] sys_init_module+0x3a8/0x4b4
> > [c0001ec4] ret_from_syscall+0x0/0x48
> > # /etc/rc.d/init.d/ipsec --start
> >
> > ipsec_setup: Starting Openswan IPsec 2.4.3...
> > # pluto[4919]: Starting Pluto (Openswan Version 2.4.3 X.509-1.5.4
> > PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE~yatdI\134sBK)
> > pluto[4919]: Setting NAT-Traversal port-4500 floating to off
> > pluto[4919]: port floating activation criteria nat_t=0/port_fload=1
> > pluto[4919]: including NAT-Traversal patch (Version 0.6c) [disabled]
> > pluto[4919]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
> > pluto[4919]: starting up 1 cryptographic helpers
> > pluto[4919]: started helper pid=4927 (fd:5)
> > pluto[4919]: Using KLIPS IPsec interface code on 2.6.11
> > pluto[4919]: Could not change to directory '/etc/cacerts'
> > pluto[4919]: Could not change to directory '/etc/aacerts'
> > pluto[4919]: Could not change to directory '/etc/ocspcerts'
> > pluto[4919]: Could not change to directory '/etc/crls'
> > pluto[4919]: added connection description "roadwarrior"
> > pluto[4919]: listening for IKE messages
> > pluto[4919]: adding interface ipsec0/eth0 192.168.1.109:500
> > pluto[4919]: loading secrets from "/etc/ipsec.secrets"
> > pluto[4919]: "roadwarrior" #1: initiating Main Mode
> > pluto[4919]: "roadwarrior" #1: received Vendor ID payload [Openswan (this
> > version) 2.4.3 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> > pluto[4919]: "roadwarrior" #1: received Vendor ID payload [Dead Peer
> > Detection]
> > pluto[4919]: "roadwarrior" #1: transition from state STATE_MAIN_I1 to state
> > STATE_MAIN_I2
> > pluto[4919]: "roadwarrior" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> > pluto[4919]: "roadwarrior" #1: I did not send a certificate because I do
> > not have one.
> > pluto[4919]: "roadwarrior" #1: transition from state STATE_MAIN_I2 to state
> > STATE_MAIN_I3
> > pluto[4919]: "roadwarrior" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> > pluto[4919]: "roadwarrior" #1: Main mode peer ID is ID_IPV4_ADDR:
> > '192.168.1.110'
> > pluto[4919]: "roadwarrior" #1: transition from state STATE_MAIN_I3 to state
> > STATE_MAIN_I4
> > pluto[4919]: "roadwarrior" #1: STATE_MAIN_I4: ISAKMP SA established
> > {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
> > group=modp1536}
> > pluto[4919]: "roadwarrior" #2: initiating Quick Mode
> > RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
> > Debug: sleeping function called from invalid context at
> > include/linux/rwsem.h:43
> > in_atomic():0, irqs_disabled():1
> > Call trace:
> > [c001b740] __might_sleep+0xe4/0xf0
> > [c0115368] crypto_alg_lookup+0x34/0x120
> > [c01154dc] crypto_alloc_tfm+0x1c/0x19c
> > [d102743c] swcr_newsession+0x1f4/0x6d8 [cryptosoft]
> > [c01397c8] crypto_newsession+0x1b4/0x41c
> > [d13f7afc] ipsec_ocf_sa_init+0x1f0/0x2a0 [ipsec]
> > [d13d98f0] ipsec_sa_init+0x2f4/0xa18 [ipsec]
> > [d13eae20] pfkey_ipsec_sa_init+0x10/0x20 [ipsec]
> > [d13ec144] pfkey_add_parse+0x1c0/0x62c [ipsec]
> > [d13f07ac] pfkey_msg_interp+0x2d0/0x3d8 [ipsec]
> > [d13e9f2c] pfkey_sendmsg+0x2d8/0x4f8 [ipsec]
> > [c0195f00] sock_aio_write+0x110/0x12c
> > [c00792f8] do_sync_write+0x9c/0x104
> > [c00793fc] vfs_write+0x9c/0x15c
> > [c0079598] sys_write+0x4c/0x90
> > pluto[4919]: "roadwarrior" #2: transition from state STATE_QUICK_I1 to
> > state STATE_QUICK_I2
> > pluto[4919]: "roadwarrior" #2: STATE_QUICK_I2: sent QI2, IPsec SA
> > established {ESP=>0x4a81b637 <0x2cf9fbcf xfrm=3DES_0-HMAC_SHA1 NATD=none
> > DPD=none}
> >
> > # pluto[4919]: packet from 192.168.1.110:500: received Vendor ID payload
> > [Openswan (this version) 2.4.3 X.509-1.5.4 PLUTO_SENDS_VENDORID
> > PLUTO_USES_KEYRR]
> > pluto[4919]: packet from 192.168.1.110:500: received Vendor ID payload
> > [Dead Peer Detection]
> > pluto[4919]: "roadwarrior" #3: responding to Main Mode
> > pluto[4919]: "roadwarrior" #3: transition from state STATE_MAIN_R0 to state
> > STATE_MAIN_R1
> > pluto[4919]: "roadwarrior" #3: STATE_MAIN_R1: sent MR1, expecting MI2
> > pluto[4919]: "roadwarrior" #3: transition from state STATE_MAIN_R1 to state
> > STATE_MAIN_R2
> > pluto[4919]: "roadwarrior" #3: STATE_MAIN_R2: sent MR2, expecting MI3
> > pluto[4919]: "roadwarrior" #3: Main mode peer ID is ID_IPV4_ADDR:
> > '192.168.1.110'
> > pluto[4919]: "roadwarrior" #3: I did not send a certificate because I do
> > not have one.
> > pluto[4919]: "roadwarrior" #3: transition from state STATE_MAIN_R2 to state
> > STATE_MAIN_R3
> > pluto[4919]: "roadwarrior" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA
> > established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
> > group=modp1536}
> > pluto[4919]: "roadwarrior" #4: responding to Quick Mode {msgid:908b01cd}
> > Debug: sleeping function called from invalid context at
> > include/linux/rwsem.h:43
> > in_atomic():0, irqs_disabled():1
> > Call trace:
> > [c001b740] __might_sleep+0xe4/0xf0
> > [c0115368] crypto_alg_lookup+0x34/0x120
> > [c01154dc] crypto_alloc_tfm+0x1c/0x19c
> > [d102743c] swcr_newsession+0x1f4/0x6d8 [cryptosoft]
> > [c01397c8] crypto_newsession+0x1b4/0x41c
> > [d13f7afc] ipsec_ocf_sa_init+0x1f0/0x2a0 [ipsec]
> > [d13d98f0] ipsec_sa_init+0x2f4/0xa18 [ipsec]
> > [d13eae20] pfkey_ipsec_sa_init+0x10/0x20 [ipsec]
> > [d13ec144] pfkey_add_parse+0x1c0/0x62c [ipsec]
> > [d13f07ac] pfkey_msg_interp+0x2d0/0x3d8 [ipsec]
> > [d13e9f2c] pfkey_sendmsg+0x2d8/0x4f8 [ipsec]
> > [c0195f00] sock_aio_write+0x110/0x12c
> > [c00792f8] do_sync_write+0x9c/0x104
> > [c00793fc] vfs_write+0x9c/0x15c
> > [c0079598] sys_write+0x4c/0x90
> > pluto[4919]: "roadwarrior" #4: transition from state STATE_QUICK_R0 to
> > state STATE_QUICK_R1
> > pluto[4919]: "roadwarrior" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA
> > installed, expecting QI2
> > pluto[4919]: "roadwarrior" #4: transition from state STATE_QUICK_R1 to
> > state STATE_QUICK_R2
> > pluto[4919]: "roadwarrior" #4: STATE_QUICK_R2: IPsec SA established
> > {ESP=>0x4a81b638 <0x2cf9fbd0 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
> >
> > # ping 192.168.2.2
> > PING 192.168.2.2Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01b9f50] __ip_route_output_key+0x128/0x980
> > [c01ba7cc] ip_route_output_flow+0x24/0xa4
> > [d13dfab0] ipsec_tunnel_send+0x80/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > [c013b684] crypto_invoke+0xd8/0x1c4
> > [c013c098] crypto_proc+0x19c/0x778
> > [c0004d14] kernel_thread+0x44/0x60
> > Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01a88ac] neigh_lookup+0x98/0xe4
> > [c01e3fcc] arp_bind_neighbour+0x7c/0xc0
> > [c01b7510] rt_intern_hash+0x1e8/0x68c
> > [c01ba2a8] __ip_route_output_key+0x480/0x980
> > [c01ba7cc] ip_route_output_flow+0x24/0xa4
> > [d13dfab0] ipsec_tunnel_send+0x80/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01b78a8] rt_intern_hash+0x580/0x68c
> > [c01ba2a8] __ip_route_output_key+0x480/0x980
> > [c01ba7cc] ip_route_output_flow+0x24/0xa4
> > [d13dfab0] ipsec_tunnel_send+0x80/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > [c013b684] crypto_invoke+0xd8/0x1c4
> > [c013c098] crypto_proc+0x19c/0x778
> > Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01aa4a4] neigh_resolve_output+0x128/0x2e8
> > [c01c0280] ip_finish_output+0x14c/0x2a8
> > [d13dfca4] ipsec_tunnel_send+0x274/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > [c013b684] crypto_invoke+0xd8/0x1c4
> > [c013c098] crypto_proc+0x19c/0x778
> > [c0004d14] kernel_thread+0x44/0x60
> > (192.168.2.2): 56 data bytes
> > 64 bytes from 192.168.2.2: icmp_seq=0 ttl=63 time=264.8 ms
> > Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01b9f40] __ip_route_output_key+0x118/0x980
> > [c01ba7cc] ip_route_output_flow+0x24/0xa4
> > [d13dfab0] ipsec_tunnel_send+0x80/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > [c013b684] crypto_invoke+0xd8/0x1c4
> > [c013c098] crypto_proc+0x19c/0x778
> > [c0004d14] kernel_thread+0x44/0x60
> > Badness in local_bh_enable at kernel/softirq.c:140
> > Call trace:
> > [c0003044] check_bug_trap+0x9c/0xe4
> > [c00031f0] ProgramCheckException+0x164/0x20c
> > [c000254c] ret_from_except_full+0x0/0x4c
> > [c0027e2c] local_bh_enable+0x18/0x6c
> > [c01c0218] ip_finish_output+0xe4/0x2a8
> > [d13dfca4] ipsec_tunnel_send+0x274/0x410 [ipsec]
> > [d13e01cc] ipsec_tunnel_xsm_complete+0x1d0/0x2d4 [ipsec]
> > [d13e55a8] ipsec_xsm+0x164/0x33c [ipsec]
> > [d13f8100] ipsec_ocf_xmit_cb+0x60/0x108 [ipsec]
> > [c013b444] crypto_done+0x1d4/0x2d4
> > [d1027bb0] swcr_process+0x290/0x900 [cryptosoft]
> > [c013b684] crypto_invoke+0xd8/0x1c4
> > [c013c098] crypto_proc+0x19c/0x778
> > [c0004d14] kernel_thread+0x44/0x60
> > 64 bytes from 192.168.2.2: icmp_seq=1 ttl=63 time=127.9 ms
> >
> > --- 192.168.2.2 ping statistics ---
> > 2 packets transmitted, 2 packets received, 0% packet loss
> > round-trip min/avg/max = 127.9/196.3/264.8 ms
> > # /etc/rc.d/init.d/ipsec --stop
> > pluto[4919]: shutting down
> > pluto[4919]: forgetting secrets
> > pluto[4919]: "roadwarrior": deleting connection
> > pluto[4919]: "roadwarrior" #4: deleting state (STATE_QUICK_R2)
> > pluto[4919]: "roadwarrior" #2: deleting state (STATE_QUICK_I2)
> > pluto[4919]: "roadwarrior" #3: deleting state (STATE_MAIN_R3)
> > pluto[4919]: "roadwarrior" #1: deleting state (STATE_MAIN_I4)
> > pluto[4919]: shutting down interface ipsec0/eth0 192.168.1.109:500
> > IPSEC EVENT: KLIPS device ipsec0 shut down.
> >
> > ipsec_setup: Stopping Openswan IPsec...
> > #
> > --
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> > the body of a message to [EMAIL PROTECTED]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> David McCullough, [EMAIL PROTECTED], Custom Embedded Solutions + Security
> Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org
> http://www.cyberguard.com
--
-
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
