IPSEC/crypto is broken in FreeBSD/powerpc 7.0-RELEASE!
M. Warner Losh
imp at bsdimp.com
Tue Mar 4 17:52:10 PST 2008
In message: <47CDF0FE.9040405 at FreeBSD.org>
Maxim Sobolev <sobomax at FreeBSD.org> writes:
: M. Warner Losh wrote:
: > In message: <57AF36D8-0F83-4DF8-BEAA-CF3B59EAA361 at rabson.org>
: > Doug Rabson <dfr at rabson.org> writes:
: > :
: > : On 4 Mar 2008, at 15:36, M. Warner Losh wrote:
: > :
: > : > In message: <9299FBBE-F58A-4107-991D-1C851EB8802C at rabson.org>
: > : > Doug Rabson <dfr at rabson.org> writes:
: > : > : I can't see the code which adds this device on a first look. Can you
: > : > : tell me the filename and I'll take a quick look at it.
: > : >
: > : > The problem actually turns out to be in how the powerpc nexus does
: > : > things. It does them in a very un-nexus-like way. The nexus attached
: > : > drivers ask for hardware details, which isn't done elsewhere. This
: > : > means when you mix and match the ones that expect to be explicitly set
: > : > and the ones that don't that you run into trouble.
: > : >
: > : > This needs to be reworked.
: > :
: > : Perhaps the crypto stuff should add itself to root0 instead of nexus.
: >
: > I think that would cause other problems...
:
: OK, since nobody seems to be interested enough to fix the issue in
: question I have spent some time to dig out what's going on. Disclaimer:
: it's my first serious encounter with newbus, so that I might be wrong
: somewhere.
How could you possibly conclude that.... I've been working all day
since i took time out of my day to track it down this morning...
: Apparently the issue in hand is caused by superposition of three facts:
:
: 1. The nexus/powerpc code creates bunch of children devices using
: information from the OF in the probe routine (should be probably attach
: routine), with NULL devclass.
:
: 2. The opencrypto creates fake "cryptosoft" device and adds it as a
: child to the newbus. It doesn't provide any actual probe code in the
: driver to check that the offered device is in fact one that has been
: created earlier.
:
: 3. The newbus code for some not very clear to me reason offers devices
: in the NULL devclass to every driver registered in the system.
:
: As a result of (1), (2) and (3) as well as current phase of the moon,
: the bunch of OF-devices created in (1) are offered to the "cryptosoft"
: driver before powerpc drivers and since there is no probe routine the
: "cryptosoft" driver attaches to all of them.
:
: This could be fixed by either altering probe in the "cryptosoft" to
: check that the device offered is in fact one that has been created
: earlier, or changing nexus/powerpc code to assign non-NULL devclass to
: child devices that it has generated from OF to match devclass of the
: relevant drivers (pcib, unin are the most important ones). The following
: patch uses the second approach. It would be nice if somebody with more
: newbus clue can review/comment. The patch also moves relevant code from
: nexus_probe() into nexus_attach().
:
: http://sobomax.homeunix.org/~sobomax/powerpc_crypto.diff
This patch isn't right at all. Like I said in other mail, the proper
fix is to reparent things the way I suggested.
Warner
More information about the freebsd-current
mailing list