Project

General

Profile

Issue #3507

Unable to load parallel crypto modules with tcrypt and pcrypt

Added by Rakesh Patil 4 months ago. Updated 28 days ago.

Status:
Closed
Priority:
Normal
Category:
kernel
Affected version:
5.7.2
Resolution:
No feedback

Description

Running strongswan 5.7.2 on RHEL7.7, I m unable to load specific algorithmic modules using pcrypt, tcrypt or crconf. The documentation I referred is : https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt

[root@rhelvm1 ~]# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
modprobe: ERROR: could not insert 'tcrypt': Unknown symbol in module, or unknown parameter (see dmesg)

[ 226.666281] alg: No test for fips(ansi_cprng) (fips_ansi_cprng)

[root@rhelvm1 ~]# lsmod |grep -i crypt
pcrypt 13389 2
cryptd 20359 5 ghash_clmulni_intel,aesni_intel,ablk_helper

OR

[root@rhelvm1 ~]# crconf add driver "pcrypt(rfc4106(gcm(aes)))" type=3
Cannot open netlink socket: Protocol not supported

[ 7538.660350] tcrypt: one or more tests failed!
[ 7560.771335] INFO: task cryptomgr_test:18215 blocked for more than 120 seconds.
[ 7560.779102] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7560.785812] cryptomgr_test D ffff88102b309fa0 0 18215 2 0x00000080
[ 7560.792453] Call Trace:
[ 7560.794906] [<ffffffff816bb8d9>] schedule+0x29/0x70
[ 7560.799597] [<ffffffff816b9299>] schedule_timeout+0x239/0x2c0
[ 7560.804581] [<ffffffff810ad3dc>] ? __queue_work+0x13c/0x3e0
[ 7560.809047] [<ffffffff816bbc8d>] wait_for_completion+0xfd/0x140
[ 7560.814421] [<ffffffff810cb100>] ? wake_up_state+0x20/0x20
[ 7560.819243] [<ffffffff812efc06>] __test_aead+0x8b6/0x1080
[ 7560.826382] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.831477] [<ffffffff812e48d5>] ? crypto_spawn_tfm+0x45/0x80
[ 7560.836905] [<ffffffff812ea0ee>] ? seqiv_aead_init+0x3e/0x50
[ 7560.841746] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.846774] [<ffffffff812e48d5>] ? crypto_spawn_tfm+0x45/0x80
[ 7560.852189] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.857222] [<ffffffff812f03f4>] test_aead+0x24/0x50
[ 7560.889973] [<ffffffff812f046d>] alg_test_aead+0x4d/0xb0
[ 7560.899837] [<ffffffff812ed89c>] alg_test+0xec/0x300
[ 7560.904954] [<ffffffff812ec330>] ? crypto_unregister_kpp+0x20/0x20
[ 7560.910547] [<ffffffff812ec371>] cryptomgr_test+0x41/0x50
[ 7560.915573] [<ffffffff810b74d1>] kthread+0xd1/0xe0
[ 7560.921037] [<ffffffff810b7400>] ? insert_kthread_work+0x40/0x40
[ 7560.926281] [<ffffffff816c8537>] ret_from_fork+0x77/0xb0
[ 7560.930822] [<ffffffff810b7400>] ? insert_kthread_work+0x40/0x40

History

#1 Updated by Tobias Brunner 4 months ago

  • Category set to kernel
  • Status changed from New to Feedback

[root@rhelvm1 ~]# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
modprobe: ERROR: could not insert 'tcrypt': Unknown symbol in module, or unknown parameter (see dmesg)

It's possible that this is an "OK" error, but I really don't know. You'd have to check what /proc/crypto eventually shows.

[root@rhelvm1 ~]# crconf add driver "pcrypt(rfc4106(gcm(aes)))" type=3
Cannot open netlink socket: Protocol not supported

As described on pcrypt, this requires the crypto_user module, which is not available (or not loaded) here apparently.

[ 7538.660350] tcrypt: one or more tests failed!
[ 7560.771335] INFO: task cryptomgr_test:18215 blocked for more than 120 seconds.

That doesn't sound good. But you'd have to check with the kernel devs what exactly it means. It seems to happen while testing some AEAD implementation.

I'm not sure if pcrypt actually works properly on current kernels (or what the expected gain would be) and even if it does it only increases performance if you have many flows and may require network devices with multiple queues, stuff like RSS/RPS, IRQ pinning/management, etc.

#2 Updated by Tobias Brunner 28 days ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF