On Fri, Dec 10, 2010 at 08:43:18PM -0500, Mike Tancsa wrote: > Actually, I just noticed something like this as well with ssh via > cryptodev and rsync as well. It was erroring out. eg. > > > Dec 10 16:50:01 backup3 sshd[13120]: Corrupted MAC on input. > Dec 10 16:50:01 backup3 sshd[13120]: Finished discarding for 64.x.x.x > > I had a few ssh sessions die as well. It was working ok with a kernel / > world from last week. I was going to try and see if I can narrow it > down, but it seemed to had been working fine with world from last week. > Not sure if its the openssl update ? But if you are seeing issues with > geli, then I doubt its openssl. > > ---Mike > > On 12/10/2010 7:49 PM, Jan Henrik Sylvester wrote: > > I just upgraded my main laptop from 8.1-RELEASE (GENERIC, amd64) to > > 8.2-BETA1 and added aesni_load="YES" to my /boot/loader.conf. > > > > (If my interpretation is correct:) With aesni loaded, I see many files > > corrupted on my geli encrypted volume. Without aesni loaded, they are ok. > > > > I have got a journaling UFS2 on gjournal on geli on a FreeBSD partition > > on a MBR slice on a disk with ahci loaded. > > > > Story: First I noticed some weirdness of Thunderbird not showing the > > "upgraded" message properly and reloading IMAP messages that have > > already been read, but did not think of anything. Only during my usual > > rsyncing of the encrypted volume, I saw that some files could not be > > read (invalid file descriptor?). I rebooted without aesni and got a > > different error message. > > > > I created checksums of all files on that encrypted volume with and > > without aesni loaded (rebooting in between): 150 Differences (one files > > could not be read in both cases). > > > > Just to make sure, I tried to rsync with "--checksum" and "--dry-run" to > > the other machine that is supposed to have the same files: With aesni, > > many files were scheduled to be synced and one could not be read, but > > without aesni, only that one file was scheduled to be synced -- it > > probably got corrupted for good with aesni loaded. It is especially > > weird that I did not attempt to write to the file that got corrupted on > > disk with aesni loaded. > > > > Is there anything I am doing wrong or is it really aesni or the > > processor failing? > > > > The processor is a Core i7-M620 (with AESNI of course). > > > > Before I investigate any further, I have to make a real backup... > > rsyncing does not prevent silent corruption. I am lucky that it was not > > so silent after all.
I have no access to AESNI hardware. For start, you may use src/tools/tools/crypto/cryptotest to somewhat verify the sanity of the driver.
pgpAfHZnB2pXv.pgp
Description: PGP signature
