yes, these cards have issues. The only advice I can give is to set kern.usercrypto=0. I tried to debug this several times, but I did not find a test case that produces this issue reliably.
On Mon, Jan 30, 2006 at 04:46:49PM -0600, Sean Cody wrote: > I have been having issues lately with the HiFn based crypto cards > locking up in 3.7 and 3.8. > They are usually fine but under some undefined load they lock up and > it seems rather random as to when it happens and how much load causes > it. > > The cards are used to help out with a VPN between a few far flung > machines but they are all i386. > I've encountered this on two Soekris NET4501's and on a single Athlon > machine. > > The only real clue is in the authlog where sshd reports: > sshd [####]: fatal: evp_crypt: EVP_Cipher failed > > SSHD and isakmpd are both seeminly locked up but I can get into the > machine if I use the blowfish protocol which isn't supported on the > HiFn card thereby leading me to think there is a bug in the driver or > the card itself where it's not servicing an interrupt or is stuck > waiting for an interrupt which will never come. > > The dmesg on the machines have the following line: > hifn0 at pci0 dev 13 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES > ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 9 > > As well the cards in question are the VPN1401 (PCI) and VPN1411 > (MiniPCI). > Since there is no kernel panic I'm sort of at a loss as to how to > track this down better. > > As far as the kernels go, I am using 3.8_GENERIC on the Athlon and a > stripped (via flashdist) version of 3.8 on the NET4501's. > > Again these lockups are always under some sort of load over the VPN > (VNC, file transfers ....) and are for the most part random. > > Does anyone have any suggestions on how to track this down? > My current solution is just 'ssh somehost -c blowfish reboot' though > that is obviously far from optimal. > > -- > Sean
